alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-09-20 00:36:01 -04:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

openssl: Remove deprecated component

Browse Source
This commit is contained in:
David Cermak 2022-02-17 13:54:19 +01:00
parent 9a544c0006
commit 0630834bc3
53 changed files with 2 additions and 10328 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitlab/CODEOWNERS
View File

@ -121,7 +121,6 @@
/components/mqtt/ @esp-idf-codeowners/network /components/mqtt/ @esp-idf-codeowners/network
/components/newlib/ @esp-idf-codeowners/system @esp-idf-codeowners/tools /components/newlib/ @esp-idf-codeowners/system @esp-idf-codeowners/tools
/components/nvs_flash/ @esp-idf-codeowners/storage /components/nvs_flash/ @esp-idf-codeowners/storage
/components/openssl/ @esp-idf-codeowners/network
/components/openthread/ @esp-idf-codeowners/ieee802154 /components/openthread/ @esp-idf-codeowners/ieee802154
/components/partition_table/ @esp-idf-codeowners/system /components/partition_table/ @esp-idf-codeowners/system
/components/perfmon/ @esp-idf-codeowners/tools /components/perfmon/ @esp-idf-codeowners/tools

13
components/openssl/CMakeLists.txt
View File

@ -1,13 +0,0 @@
idf_component_register(SRCS "library/ssl_cert.c"
"library/ssl_lib.c"
"library/ssl_methods.c"
"library/ssl_pkey.c"
"library/ssl_bio.c"
"library/ssl_err.c"
"library/ssl_stack.c"
"library/ssl_x509.c"
"platform/ssl_pm.c"
"platform/ssl_port.c"
REQUIRES mbedtls
INCLUDE_DIRS include
PRIV_INCLUDE_DIRS include/internal include/platform include/openssl)

78
components/openssl/Kconfig
View File

@ -1,78 +0,0 @@
menu "OpenSSL"
config OPENSSL_DEBUG
bool "Enable OpenSSL debugging"
default n
help
Enable OpenSSL debugging function.
If the option is enabled, "SSL_DEBUG" works.
config OPENSSL_ERROR_STACK
bool "Enable OpenSSL error structure"
default y
help
Enable OpenSSL Error reporting
config OPENSSL_DEBUG_LEVEL
int "OpenSSL debugging level"
default 0
range 0 255
depends on OPENSSL_DEBUG
help
OpenSSL debugging level.
Only function whose debugging level is higher than "OPENSSL_DEBUG_LEVEL" works.
For example:
If OPENSSL_DEBUG_LEVEL = 2, you use function "SSL_DEBUG(1, "malloc failed")". Because 1 < 2, it will not
print.
config OPENSSL_LOWLEVEL_DEBUG
bool "Enable OpenSSL low-level module debugging"
default n
depends on OPENSSL_DEBUG
select MBEDTLS_DEBUG
help
If the option is enabled, low-level module debugging function of OpenSSL is enabled, e.g. mbedtls internal
debugging function.
choice OPENSSL_ASSERT
prompt "Select OpenSSL assert function"
default OPENSSL_ASSERT_EXIT
help
OpenSSL function needs "assert" function to check if input parameters are valid.
If you want to use assert debugging function, "OPENSSL_DEBUG" should be enabled.
config OPENSSL_ASSERT_DO_NOTHING
bool "Do nothing"
help
Do nothing and "SSL_ASSERT" does not work.
config OPENSSL_ASSERT_EXIT
bool "Check and exit"
help
Enable assert exiting, it will check and return error code.
config OPENSSL_ASSERT_DEBUG
bool "Show debugging message"
depends on OPENSSL_DEBUG
help
Enable assert debugging, it will check and show debugging message.
config OPENSSL_ASSERT_DEBUG_EXIT
bool "Show debugging message and exit"
depends on OPENSSL_DEBUG
help
Enable assert debugging and exiting, it will check, show debugging message and return error code.
config OPENSSL_ASSERT_DEBUG_BLOCK
bool "Show debugging message and block"
depends on OPENSSL_DEBUG
help
Enable assert debugging and blocking, it will check, show debugging message and block by "while (1);".
endchoice
endmenu

44
components/openssl/include/internal/ssl3.h
View File

@ -1,44 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL3_H_
#define _SSL3_H_
#ifdef __cplusplus
extern "C" {
#endif
# define SSL3_AD_CLOSE_NOTIFY 0
# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */
# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */
# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */
# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */
# define SSL3_AD_NO_CERTIFICATE 41
# define SSL3_AD_BAD_CERTIFICATE 42
# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
# define SSL3_AD_CERTIFICATE_REVOKED 44
# define SSL3_AD_CERTIFICATE_EXPIRED 45
# define SSL3_AD_CERTIFICATE_UNKNOWN 46
# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */
# define SSL3_AL_WARNING 1
# define SSL3_AL_FATAL 2
#define SSL3_VERSION 0x0300
#ifdef __cplusplus
}
#endif
#endif

55
components/openssl/include/internal/ssl_cert.h
View File

@ -1,55 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_CERT_H_
#define _SSL_CERT_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl_types.h"
/**
* @brief create a certification object include private key object according to input certification
*
* @param ic - input certification point
*
* @return certification object point
*/
CERT *__ssl_cert_new(CERT *ic);
/**
* @brief create a certification object include private key object
*
* @param none
*
* @return certification object point
*/
CERT* ssl_cert_new(void);
/**
* @brief free a certification object
*
* @param cert - certification object point
*
* @return none
*/
void ssl_cert_free(CERT *cert);
#ifdef __cplusplus
}
#endif
#endif

128
components/openssl/include/internal/ssl_code.h
View File

@ -1,128 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_CODE_H_
#define _SSL_CODE_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl3.h"
#include "tls1.h"
#include "x509_vfy.h"
/* Used in SSL_set_mode() -- supported mode when using BIO */
#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
# define SSL_SENT_SHUTDOWN 1
# define SSL_RECEIVED_SHUTDOWN 2
# define SSL_VERIFY_NONE 0x00
# define SSL_VERIFY_PEER 0x01
# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
# define SSL_VERIFY_CLIENT_ONCE 0x04
/*
* The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
* should not need these
*/
# define SSL_ST_READ_HEADER 0xF0
# define SSL_ST_READ_BODY 0xF1
# define SSL_ST_READ_DONE 0xF2
# define SSL_NOTHING 1
# define SSL_WRITING 2
# define SSL_READING 3
# define SSL_X509_LOOKUP 4
# define SSL_ASYNC_PAUSED 5
# define SSL_ASYNC_NO_JOBS 6
# define SSL_ERROR_NONE 0
# define SSL_ERROR_SSL 1
# define SSL_ERROR_WANT_READ 2
# define SSL_ERROR_WANT_WRITE 3
# define SSL_ERROR_WANT_X509_LOOKUP 4
# define SSL_ERROR_SYSCALL 5/* look at error stack/return value/errno */
# define SSL_ERROR_ZERO_RETURN 6
# define SSL_ERROR_WANT_CONNECT 7
# define SSL_ERROR_WANT_ACCEPT 8
# define SSL_ERROR_WANT_ASYNC 9
# define SSL_ERROR_WANT_ASYNC_JOB 10
/* Message flow states */
typedef enum {
/* No handshake in progress */
MSG_FLOW_UNINITED,
/* A permanent error with this connection */
MSG_FLOW_ERROR,
/* We are about to renegotiate */
MSG_FLOW_RENEGOTIATE,
/* We are reading messages */
MSG_FLOW_READING,
/* We are writing messages */
MSG_FLOW_WRITING,
/* Handshake has finished */
MSG_FLOW_FINISHED
} MSG_FLOW_STATE;
/* SSL subsystem states */
typedef enum {
TLS_ST_BEFORE,
TLS_ST_OK,
DTLS_ST_CR_HELLO_VERIFY_REQUEST,
TLS_ST_CR_SRVR_HELLO,
TLS_ST_CR_CERT,
TLS_ST_CR_CERT_STATUS,
TLS_ST_CR_KEY_EXCH,
TLS_ST_CR_CERT_REQ,
TLS_ST_CR_SRVR_DONE,
TLS_ST_CR_SESSION_TICKET,
TLS_ST_CR_CHANGE,
TLS_ST_CR_FINISHED,
TLS_ST_CW_CLNT_HELLO,
TLS_ST_CW_CERT,
TLS_ST_CW_KEY_EXCH,
TLS_ST_CW_CERT_VRFY,
TLS_ST_CW_CHANGE,
TLS_ST_CW_NEXT_PROTO,
TLS_ST_CW_FINISHED,
TLS_ST_SW_HELLO_REQ,
TLS_ST_SR_CLNT_HELLO,
DTLS_ST_SW_HELLO_VERIFY_REQUEST,
TLS_ST_SW_SRVR_HELLO,
TLS_ST_SW_CERT,
TLS_ST_SW_KEY_EXCH,
TLS_ST_SW_CERT_REQ,
TLS_ST_SW_SRVR_DONE,
TLS_ST_SR_CERT,
TLS_ST_SR_KEY_EXCH,
TLS_ST_SR_CERT_VRFY,
TLS_ST_SR_NEXT_PROTO,
TLS_ST_SR_CHANGE,
TLS_ST_SR_FINISHED,
TLS_ST_SW_SESSION_TICKET,
TLS_ST_SW_CERT_STATUS,
TLS_ST_SW_CHANGE,
TLS_ST_SW_FINISHED
} OSSL_HANDSHAKE_STATE;
#ifdef __cplusplus
}
#endif
#endif

191
components/openssl/include/internal/ssl_dbg.h
View File

@ -1,191 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_DEBUG_H_
#define _SSL_DEBUG_H_
#include "platform/ssl_opt.h"
#include "platform/ssl_port.h"
#ifdef __cplusplus
extern "C" {
#endif
#ifdef CONFIG_OPENSSL_DEBUG_LEVEL
#define SSL_DEBUG_LEVEL CONFIG_OPENSSL_DEBUG_LEVEL
#else
#define SSL_DEBUG_LEVEL 0
#endif
#define SSL_DEBUG_ON (SSL_DEBUG_LEVEL + 1)
#define SSL_DEBUG_OFF (SSL_DEBUG_LEVEL - 1)
#ifdef CONFIG_OPENSSL_DEBUG
#ifndef SSL_DEBUG_LOG
#error "SSL_DEBUG_LOG is not defined"
#endif
#ifndef SSL_DEBUG_FL
#define SSL_DEBUG_FL "\n"
#endif
#define SSL_SHOW_LOCATION() \
SSL_DEBUG_LOG("SSL assert : %s %d\n", \
__FILE__, __LINE__)
#define SSL_DEBUG(level, fmt, ...) \
{ \
if (level > SSL_DEBUG_LEVEL) { \
SSL_DEBUG_LOG(fmt SSL_DEBUG_FL, ##__VA_ARGS__); \
} \
}
#else /* CONFIG_OPENSSL_DEBUG */
#define SSL_SHOW_LOCATION()
#define SSL_DEBUG(level, fmt, ...)
#endif /* CONFIG_OPENSSL_DEBUG */
/**
* OpenSSL assert function
*
* if select "CONFIG_OPENSSL_ASSERT_DEBUG", SSL_ASSERT* will show error file name and line
* if select "CONFIG_OPENSSL_ASSERT_EXIT", SSL_ASSERT* will just return error code.
* if select "CONFIG_OPENSSL_ASSERT_DEBUG_EXIT" SSL_ASSERT* will show error file name and line,
* then return error code.
* if select "CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK", SSL_ASSERT* will show error file name and line,
* then block here with "while (1)"
*
* SSL_ASSERT1 may will return "-1", so function's return argument is integer.
* SSL_ASSERT2 may will return "NULL", so function's return argument is a point.
* SSL_ASSERT2 may will return nothing, so function's return argument is "void".
*/
#if defined(CONFIG_OPENSSL_ASSERT_DEBUG)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
} \
}
#elif defined(CONFIG_OPENSSL_ASSERT_EXIT)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
return -1; \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
return NULL; \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
return ; \
} \
}
#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_EXIT)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
return -1; \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
return NULL; \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
return ; \
} \
}
#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK)
#define SSL_ASSERT1(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
while (1); \
} \
}
#define SSL_ASSERT2(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
while (1); \
} \
}
#define SSL_ASSERT3(s) \
{ \
if (!(s)) { \
SSL_SHOW_LOCATION(); \
while (1); \
} \
}
#else
#define SSL_ASSERT1(s)
#define SSL_ASSERT2(s)
#define SSL_ASSERT3(s)
#endif
#define SSL_PLATFORM_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_PLATFORM_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_CERT_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_CERT_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_PKEY_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_PKEY_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_X509_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_X509_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_LIB_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_LIB_ERROR_LEVEL SSL_DEBUG_ON
#define SSL_STACK_DEBUG_LEVEL SSL_DEBUG_OFF
#define SSL_STACK_ERROR_LEVEL SSL_DEBUG_ON
#ifdef __cplusplus
}
#endif
#endif

28
components/openssl/include/internal/ssl_lib.h
View File

@ -1,28 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_LIB_H_
#define _SSL_LIB_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl_types.h"
#ifdef __cplusplus
}
#endif
#endif

122
components/openssl/include/internal/ssl_methods.h
View File

@ -1,122 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_METHODS_H_
#define _SSL_METHODS_H_
#include "ssl_types.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* TLS method function implement
*/
#define IMPLEMENT_TLS_METHOD_FUNC(func_name, \
new, free, \
handshake, shutdown, clear, \
read, send, pending, \
set_fd, set_hostname, get_fd, \
set_bufflen, \
get_verify_result, \
get_state) \
static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \
new, \
free, \
handshake, \
shutdown, \
clear, \
read, \
send, \
pending, \
set_fd, \
set_hostname, \
get_fd, \
set_bufflen, \
get_verify_result, \
get_state \
};
#define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \
const SSL_METHOD* func_name(void) { \
static const SSL_METHOD func_name##_data LOCAL_ATRR = { \
ver, \
mode, \
&(fun), \
}; \
return &func_name##_data; \
}
#define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \
const SSL_METHOD* func_name(void) { \
static const SSL_METHOD func_name##_data LOCAL_ATRR = { \
ver, \
mode, \
&(fun), \
}; \
return &func_name##_data; \
}
#define IMPLEMENT_X509_METHOD(func_name, \
new, \
free, \
load, \
show_info) \
const X509_METHOD* func_name(void) { \
static const X509_METHOD func_name##_data LOCAL_ATRR = { \
new, \
free, \
load, \
show_info \
}; \
return &func_name##_data; \
}
#define IMPLEMENT_PKEY_METHOD(func_name, \
new, \
free, \
load) \
const PKEY_METHOD* func_name(void) { \
static const PKEY_METHOD func_name##_data LOCAL_ATRR = { \
new, \
free, \
load \
}; \
return &func_name##_data; \
}
/**
* @brief get X509 object method
*
* @param none
*
* @return X509 object method point
*/
const X509_METHOD* X509_method(void);
/**
* @brief get private key object method
*
* @param none
*
* @return private key object method point
*/
const PKEY_METHOD* EVP_PKEY_method(void);
#ifdef __cplusplus
}
#endif
#endif

132
components/openssl/include/internal/ssl_pkey.h
View File

@ -1,132 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_PKEY_H_
#define _SSL_PKEY_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl_types.h"
/**
* @brief create a private key object according to input private key
*
* @param ipk - input private key point
*
* @return new private key object point
*/
EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk);
/**
* @brief create a private key object
*
* @param none
*
* @return private key object point
*/
EVP_PKEY* EVP_PKEY_new(void);
/**
* @brief load a character key context into system context. If '*a' is pointed to the
* private key, then load key into it. Or create a new private key object
*
* @param type - private key type
* @param a - a point pointed to a private key point
* @param pp - a point pointed to the key context memory point
* @param length - key bytes
*
* @return private key object point
*/
EVP_PKEY* d2i_PrivateKey(int type,
EVP_PKEY **a,
const unsigned char **pp,
long length);
/**
* @brief decodes and load a buffer BIO into a EVP key context. If '*a' is pointed to the
* private key, then load key into it. Or create a new private key object
*
* @param bp BIO object containing the key
* @param a Pointer to an existing EVP_KEY or NULL if a new key shall be created
*
* @return Created or updated EVP_PKEY
*/
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
/**
* @brief Same as d2i_PrivateKey_bio
*
* @param bp BIO object containing the key
* @param a Pointer to an existing EVP_KEY or NULL if a new key shall be created
*
* @return Created or updated EVP_PKEY
*/
RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
/**
* @brief loads a private key in PEM format from BIO object
*
* @param bp BIO object containing the key
* @param x Pointer to an existent PKEY or NULL if a new key shall be created
* @param cb Password callback (not used)
* @param u User context (not used)
*
* @return Created or updated EVP_PKEY
*/
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
/**
* @brief RSA key in PEM format from BIO object
*
* @param bp BIO object containing the key
* @param x Pointer to an existent PKEY or NULL if a new key shall be created
* @param cb Password callback (not used)
* @param u User context (not used)
*
* @return Created or updated EVP_PKEY
*/
RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, void *u);
/**
* @brief free a private key object
*
* @param pkey - private key object point
*
* @return none
*/
void EVP_PKEY_free(EVP_PKEY *x);
/**
* @brief load private key into the SSL
*
* @param type - private key type
* @param ssl - SSL point
* @param len - data bytes
* @param d - data point
*
* @return result
* 0 : failed
* 1 : OK
*/
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len);
#ifdef __cplusplus
}
#endif
#endif

95
components/openssl/include/internal/ssl_stack.h
View File

@ -1,95 +0,0 @@
#ifndef _SSL_STACK_H_
#define _SSL_STACK_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl_types.h"
#define STACK_OF(type) struct stack_st_##type
#define SKM_DEFINE_STACK_OF(t1, t2, t3) \
STACK_OF(t1); \
static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \
{ \
return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \
} \
#define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
typedef struct asn1_string_st ASN1_OCTET_STRING;
struct stack_st_GENERAL_NAME;
typedef struct GENERAL_NAME_st {
int type;
union {
char *ptr;
struct asn1_string_st* dNSName;
ASN1_OCTET_STRING* iPAddress;
} d;
} GENERAL_NAME;
typedef struct asn1_string_st ASN1_OCTET_STRING;
typedef struct X509_name_st X509_NAME;
typedef struct asn1_string_st ASN1_STRING;
typedef struct X509_name_entry_st X509_NAME_ENTRY;
typedef struct asn1_string_st {
int type;
int length;
void *data;
} ASN1_IA5STRING;
typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
/**
* @brief get nr of stack items
*
* @param sk Stack structure pointer
*
* @return number of items in the stack
*/
size_t sk_GENERAL_NAME_num(const struct stack_st_GENERAL_NAME *sk);
/**
* @brief get GENERAL_NAME value from the stack
*
* @param sk Stack structure pointer
* @param i Index to stack item
*
* @return GENERAL_NAME object pointer
*/
GENERAL_NAME *sk_GENERAL_NAME_value(const struct stack_st_GENERAL_NAME *sk, size_t i);
/**
* @brief create a openssl stack object
*
* @param c - stack function
*
* @return openssl stack object point
*/
OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c);
/**
* @brief create a NULL function openssl stack object
*
* @param none
*
* @return openssl stack object point
*/
OPENSSL_STACK *OPENSSL_sk_new_null(void);
/**
* @brief free openssl stack object
*
* @param openssl stack object point
*
* @return none
*/
void OPENSSL_sk_free(OPENSSL_STACK *stack);
#ifdef __cplusplus
}
#endif
#endif

346
components/openssl/include/internal/ssl_types.h
View File

@ -1,346 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_TYPES_H_
#define _SSL_TYPES_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl_code.h"
#include <stddef.h>
#include <stdint.h>
typedef void SSL_CIPHER;
typedef void X509_STORE_CTX;
typedef void X509_STORE;
typedef void RSA;
typedef void STACK;
typedef void DH;
#define ossl_inline inline
#define SSL_METHOD_CALL(f, s, ...) s->method->func->ssl_##f(s, ##__VA_ARGS__)
#define X509_METHOD_CALL(f, x, ...) x->method->x509_##f(x, ##__VA_ARGS__)
#define EVP_PKEY_METHOD_CALL(f, k, ...) k->method->pkey_##f(k, ##__VA_ARGS__)
typedef int (*OPENSSL_sk_compfunc)(const void *, const void *);
typedef int (*openssl_verify_callback)(int, X509_STORE_CTX *);
struct stack_st;
typedef struct stack_st OPENSSL_STACK;
struct ssl_method_st;
typedef struct ssl_method_st SSL_METHOD;
struct ssl_method_func_st;
typedef struct ssl_method_func_st SSL_METHOD_FUNC;
struct record_layer_st;
typedef struct record_layer_st RECORD_LAYER;
struct ossl_statem_st;
typedef struct ossl_statem_st OSSL_STATEM;
struct ssl_session_st;
typedef struct ssl_session_st SSL_SESSION;
struct ssl_ctx_st;
typedef struct ssl_ctx_st SSL_CTX;
struct ssl_st;
typedef struct ssl_st SSL;
struct cert_st;
typedef struct cert_st CERT;
struct x509_st;
typedef struct x509_st X509;
struct X509_VERIFY_PARAM_st;
typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
struct evp_pkey_st;
typedef struct evp_pkey_st EVP_PKEY;
struct x509_method_st;
typedef struct x509_method_st X509_METHOD;
struct pkey_method_st;
typedef struct pkey_method_st PKEY_METHOD;
struct ssl_alpn_st;
typedef struct ssl_alpn_st SSL_ALPN;
struct bio_st;
typedef struct bio_st BIO;
struct stack_st {
char **data;
int num_alloc;
OPENSSL_sk_compfunc c;
};
struct evp_pkey_st {
void *pkey_pm;
const PKEY_METHOD *method;
int ref_counter;
};
struct x509_st {
/* X509 certification platform private point */
void *x509_pm;
const X509_METHOD *method;
int ref_counter;
};
struct cert_st {
int sec_level;
X509 *x509;
EVP_PKEY *pkey;
};
struct ossl_statem_st {
MSG_FLOW_STATE state;
int hand_state;
};
struct record_layer_st {
int rstate;
int read_ahead;
};
struct ssl_session_st {
long timeout;
long time;
X509 *peer;
};
struct X509_VERIFY_PARAM_st {
int depth;
};
struct bio_st {
unsigned char * data;
int dlen;
BIO* peer;
size_t offset;
size_t roffset;
size_t size;
size_t flags;
size_t type;
};
typedef enum { ALPN_INIT, ALPN_ENABLE, ALPN_DISABLE, ALPN_ERROR } ALPN_STATUS;
struct ssl_alpn_st {
ALPN_STATUS alpn_status;
/* This is dynamically allocated */
char *alpn_string;
/* This only points to the members in the string */
#define ALPN_LIST_MAX 10
const char *alpn_list[ALPN_LIST_MAX];
};
typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
struct ssl_ctx_st
{
int version;
int references;
unsigned long options;
SSL_ALPN ssl_alpn;
const SSL_METHOD *method;
CERT *cert;
X509 *client_CA;
int verify_mode;
int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
long session_timeout;
int read_ahead;
int read_buffer_len;
X509_VERIFY_PARAM param;
void *default_passwd_callback_userdata;
pem_password_cb *default_passwd_callback;
struct stack_st_X509 *extra_certs;
int max_version;
int min_version;
};
struct ssl_st
{
/* protocol version(one of SSL3.0, TLS1.0, etc.) */
int version;
unsigned long options;
/* shut things down(0x01 : sent, 0x02 : received) */
int shutdown;
CERT *cert;
X509 *client_CA;
SSL_CTX *ctx;
const SSL_METHOD *method;
RECORD_LAYER rlayer;
/* where we are */
OSSL_STATEM statem;
SSL_SESSION *session;
int verify_mode;
int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
int rwstate;
long verify_result;
X509_VERIFY_PARAM param;
uint32_t mode;
void (*info_callback) (const SSL *ssl, int type, int val);
/* SSL low-level system arch point */
void *ssl_pm;
void *bio;
};
struct ssl_method_st {
/* protocol version(one of SSL3.0, TLS1.0, etc.) */
int version;
/* SSL mode(client(0) , server(1), not known(-1)) */
int endpoint;
const SSL_METHOD_FUNC *func;
};
struct ssl_method_func_st {
int (*ssl_new)(SSL *ssl);
void (*ssl_free)(SSL *ssl);
int (*ssl_handshake)(SSL *ssl);
int (*ssl_shutdown)(SSL *ssl);
int (*ssl_clear)(SSL *ssl);
int (*ssl_read)(SSL *ssl, void *buffer, int len);
int (*ssl_send)(SSL *ssl, const void *buffer, int len);
int (*ssl_pending)(const SSL *ssl);
void (*ssl_set_fd)(SSL *ssl, int fd, int mode);
void (*ssl_set_hostname)(SSL *ssl, const char *hostname);
int (*ssl_get_fd)(const SSL *ssl, int mode);
void (*ssl_set_bufflen)(SSL *ssl, int len);
long (*ssl_get_verify_result)(const SSL *ssl);
OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl);
};
struct x509_method_st {
int (*x509_new)(X509 *x, X509 *m_x);
void (*x509_free)(X509 *x);
int (*x509_load)(X509 *x, const unsigned char *buf, int len);
int (*x509_show_info)(X509 *x);
};
struct pkey_method_st {
int (*pkey_new)(EVP_PKEY *pkey, EVP_PKEY *m_pkey);
void (*pkey_free)(EVP_PKEY *pkey);
int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len);
};
struct bio_method_st {
unsigned type;
unsigned size;
};
typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out,
unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg);
#ifdef __cplusplus
}
#endif
#endif

152
components/openssl/include/internal/ssl_x509.h
View File

@ -1,152 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_X509_H_
#define _SSL_X509_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "ssl_types.h"
#include "ssl_stack.h"
DEFINE_STACK_OF(X509_NAME)
/**
* @brief create a X509 certification object according to input X509 certification
*
* @param ix - input X509 certification point
*
* @return new X509 certification object point
*/
X509* __X509_new(X509 *ix);
/**
* @brief create a X509 certification object
*
* @param none
*
* @return X509 certification object point
*/
X509* X509_new(void);
/**
* @brief load a character certification context into system context. If '*cert' is pointed to the
* certification, then load certification into it. Or create a new X509 certification object
*
* @param cert - a point pointed to X509 certification
* @param buffer - a point pointed to the certification context memory point
* @param length - certification bytes
*
* @return X509 certification object point
*/
X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len);
/**
* @brief free a X509 certification object
*
* @param x - X509 certification object point
*
* @return none
*/
void X509_free(X509 *x);
/**
* @brief set SSL context client CA certification
*
* @param ctx - SSL context point
* @param x - X509 certification point
*
* @return result
* 0 : failed
* 1 : OK
*/
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
/**
* @brief add CA client certification into the SSL
*
* @param ssl - SSL point
* @param x - X509 certification point
*
* @return result
* 0 : failed
* 1 : OK
*/
int SSL_add_client_CA(SSL *ssl, X509 *x);
/**
* @brief load certification into the SSL
*
* @param ssl - SSL point
* @param len - data bytes
* @param d - data point
*
* @return result
* 0 : failed
* 1 : OK
*
*/
int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d);
/**
* @brief set SSL context client CA certification
*
* @param store - pointer to X509_STORE
* @param x - pointer to X509 certification point
*
* @return result
* 0 : failed
* 1 : OK
*/
int X509_STORE_add_cert(X509_STORE *store, X509 *x);
/**
* @brief load a character certification context into system context.
*
* If '*cert' is pointed to the certification, then load certification
* into it, or create a new X509 certification object.
*
* @param bp - pointer to BIO
* @param buffer - pointer to the certification context memory
* @param cb - pointer to a callback which queries pass phrase used
for encrypted PEM structure
* @param u - pointer to arbitary data passed by application to callback
*
* @return X509 certification object point
*/
X509 * PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb cb, void *u);
/**
* @brief load a character certification context into system context.
*
* Current implementation directly calls PEM_read_bio_X509
*
* @param bp - pointer to BIO
* @param buffer - pointer to the certification context memory
* @param cb - pointer to the callback (not implemented)
* @param u - pointer to arbitrary data (not implemented)
*
* @return X509 certification object point
*/
X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **cert, pem_password_cb *cb, void *u);
#ifdef __cplusplus
}
#endif
#endif

55
components/openssl/include/internal/tls1.h
View File

@ -1,55 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _TLS1_H_
#define _TLS1_H_
#ifdef __cplusplus
extern "C" {
#endif
# define TLS1_AD_DECRYPTION_FAILED 21
# define TLS1_AD_RECORD_OVERFLOW 22
# define TLS1_AD_UNKNOWN_CA 48/* fatal */
# define TLS1_AD_ACCESS_DENIED 49/* fatal */
# define TLS1_AD_DECODE_ERROR 50/* fatal */
# define TLS1_AD_DECRYPT_ERROR 51
# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */
# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */
# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */
# define TLS1_AD_INTERNAL_ERROR 80/* fatal */
# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */
# define TLS1_AD_USER_CANCELLED 90
# define TLS1_AD_NO_RENEGOTIATION 100
/* codes 110-114 are from RFC3546 */
# define TLS1_AD_UNSUPPORTED_EXTENSION 110
# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
# define TLS1_AD_UNRECOGNIZED_NAME 112
# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */
# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */
/* Special value for method supporting multiple versions */
#define TLS_ANY_VERSION 0x10000
#define TLS1_VERSION 0x0301
#define TLS1_1_VERSION 0x0302
#define TLS1_2_VERSION 0x0303
#ifdef __cplusplus
}
#endif
#endif

111
components/openssl/include/internal/x509_vfy.h
View File

@ -1,111 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _X509_VFY_H_
#define _X509_VFY_H_
#ifdef __cplusplus
extern "C" {
#endif
#define X509_V_OK 0
#define X509_V_ERR_UNSPECIFIED 1
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
#define X509_V_ERR_UNABLE_TO_GET_CRL 3
#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
#define X509_V_ERR_CERT_NOT_YET_VALID 9
#define X509_V_ERR_CERT_HAS_EXPIRED 10
#define X509_V_ERR_CRL_NOT_YET_VALID 11
#define X509_V_ERR_CRL_HAS_EXPIRED 12
#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
#define X509_V_ERR_OUT_OF_MEM 17
#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
#define X509_V_ERR_CERT_REVOKED 23
#define X509_V_ERR_INVALID_CA 24
#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
#define X509_V_ERR_INVALID_PURPOSE 26
#define X509_V_ERR_CERT_UNTRUSTED 27
#define X509_V_ERR_CERT_REJECTED 28
/* These are 'informational' when looking for issuer cert */
#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
#define X509_V_ERR_AKID_SKID_MISMATCH 30
#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
#define X509_V_ERR_INVALID_NON_CA 37
#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
#define X509_V_ERR_INVALID_EXTENSION 41
#define X509_V_ERR_INVALID_POLICY_EXTENSION 42
#define X509_V_ERR_NO_EXPLICIT_POLICY 43
#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
#define X509_V_ERR_UNNESTED_RESOURCE 46
#define X509_V_ERR_PERMITTED_VIOLATION 47
#define X509_V_ERR_EXCLUDED_VIOLATION 48
#define X509_V_ERR_SUBTREE_MINMAX 49
/* The application is not happy */
#define X509_V_ERR_APPLICATION_VERIFICATION 50
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
/* Another issuer check debug option */
#define X509_V_ERR_PATH_LOOP 55
/* Suite B mode algorithm violation */
#define X509_V_ERR_SUITE_B_INVALID_VERSION 56
#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
#define X509_V_ERR_SUITE_B_INVALID_CURVE 58
#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
/* Host, email and IP check errors */
#define X509_V_ERR_HOSTNAME_MISMATCH 62
#define X509_V_ERR_EMAIL_MISMATCH 63
#define X509_V_ERR_IP_ADDRESS_MISMATCH 64
/* DANE TLSA errors */
#define X509_V_ERR_DANE_NO_MATCH 65
/* security level errors */
#define X509_V_ERR_EE_KEY_TOO_SMALL 66
#define X509_V_ERR_CA_KEY_TOO_SMALL 67
#define X509_V_ERR_CA_MD_TOO_WEAK 68
/* Caller error */
#define X509_V_ERR_INVALID_CALL 69
/* Issuer lookup error */
#define X509_V_ERR_STORE_LOOKUP 70
/* Certificate transparency */
#define X509_V_ERR_NO_VALID_SCTS 71
#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72
#ifdef __cplusplus
}
#endif
#endif

179
components/openssl/include/openssl/bio.h
View File

@ -1,179 +0,0 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _OPENSSL_BIO_H
#define _OPENSSL_BIO_H
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
/* These are the 'types' of BIOs */
#define BIO_TYPE_NONE 0
#define BIO_TYPE_MEM (1 | 0x0400)
#define BIO_TYPE_BIO (19 | 0x0400) /* (half a) BIO pair */
/* Bio object flags */
#define BIO_FLAGS_READ 0x01
#define BIO_FLAGS_WRITE 0x02
#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ)
#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE)
typedef struct bio_st BIO;
typedef struct bio_method_st BIO_METHOD;
/**
* @brief Create a BIO object as a file type
* Current implementation return NULL as file types are discouraged on ESP platform
*
* @param filename Filename
* @param mode Mode
*
* @return BIO object
*/
BIO *BIO_new_file(const char *filename, const char *mode);
/**
* @brief Create a BIO object as a membuf type
* Current implementation takes a shallow copy of the buffer
*
* @param buf Pointer to the buffer
* @param len Length of the buffer
*
* @return BIO object
*/
BIO *BIO_new_mem_buf(void *buf, int len);
/**
* @brief create a BIO object
*
* @param method - pointer to BIO_METHOD
*
* @return pointer to BIO object
*/
BIO *BIO_new(BIO_METHOD * method);
/**
* @brief get the memory BIO method function
*/
void *BIO_s_mem(void);
/**
* @brief free a BIO object
*
* @param x - pointer to BIO object
*/
void BIO_free(BIO *b);
/**
* @brief Create a connected pair of BIOs bio1, bio2 with write buffer sizes writebuf1 and writebuf2
*
* @param out1 pointer to BIO1
* @param writebuf1 write size of BIO1 (0 means default size will be used)
* @param out2 pointer to BIO2
* @param writebuf2 write size of BIO2 (0 means default size will be used)
*
* @return result
* 0 : failed
* 1 : OK
*/
int BIO_new_bio_pair(BIO **out1, size_t writebuf1, BIO **out2, size_t writebuf2);
/**
* @brief Write data to BIO
*
* BIO_TYPE_BIO behaves the same way as OpenSSL bio object, other BIO types mock
* this functionality to avoid excessive allocation/copy, so the 'data' cannot
* be freed after the function is called, it should remain valid until BIO object is in use.
*
* @param b - pointer to BIO
* @param data - pointer to data
* @param dlen - data bytes
*
* @return result
* -1, 0 : failed
* 1 : OK
*/
int BIO_write(BIO *b, const void *data, int dlen);
/**
* @brief Read data from BIO
*
* BIO_TYPE_BIO behaves the same way as OpenSSL bio object.
* Other types just hold pointer
*
* @param b - pointer to BIO
* @param data - pointer to data
* @param dlen - data bytes
*
* @return result
* -1, 0 : failed
* 1 : OK
*/
int BIO_read(BIO *bio, void *data, int len);
/**
* @brief Get number of pending characters in the BIOs write buffers.
*
* @param b Pointer to BIO
*
* @return Amount of pending data
*/
size_t BIO_wpending(const BIO *bio);
/**
* @brief Get number of pending characters in the BIOs read buffers.
*
* @param b Pointer to BIO
*
* @return Amount of pending data
*/
size_t BIO_ctrl_pending(const BIO *bio);
/**
* @brief Get the maximum length of data that can be currently written to the BIO
*
* @param b Pointer to BIO
*
* @return Max length of writable data
*/
size_t BIO_ctrl_get_write_guarantee(BIO *bio);
/**
* @brief Returns the type of a BIO.
*
* @param b Pointer to BIO
*
* @return Type of the BIO object
*/
int BIO_method_type(const BIO *b);
/**
* @brief Test flags of a BIO.
*
* @param b Pointer to BIO
* @param flags Flags
*
* @return BIO object flags masked with the supplied flags
*/
int BIO_test_flags(const BIO *b, int flags);
#ifdef __cplusplus
}
#endif
#endif //_OPENSSL_BIO_H

228
components/openssl/include/openssl/err.h
View File

@ -1,228 +0,0 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _OPENSSL_ERR_H
#define _OPENSSL_ERR_H
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @note This file contains a very simple implementation of error stack
* for ESP APIs stubs to OpenSSL
*/
#define OPENSSL_PUT_SYSTEM_ERROR() \
ERR_put_error(ERR_LIB_SYS, 0, 0, __FILE__, __LINE__);
#define OPENSSL_PUT_LIB_ERROR(lib, code) \
ERR_put_error(lib, 0, code, __FILE__, __LINE__);
#define ERR_GET_LIB(packed_error) ((int)(((packed_error) >> 24) & 0xff))
#define ERR_GET_REASON(packed_error) ((int)((packed_error) & 0xffff))
#define ERR_R_PEM_LIB ERR_LIB_PEM
/* inherent openssl errors */
# define ERR_R_FATAL 64
# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL)
# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL)
# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL)
# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL)
# define ERR_R_DISABLED (5|ERR_R_FATAL)
# define ERR_R_INIT_FAIL (6|ERR_R_FATAL)
# define ERR_R_PASSED_INVALID_ARGUMENT (7)
# define ERR_R_OPERATION_FAIL (8|ERR_R_FATAL)
# define ERR_R_INVALID_PROVIDER_FUNCTIONS (9|ERR_R_FATAL)
# define ERR_R_INTERRUPTED_OR_CANCELLED (10)
enum {
ERR_LIB_NONE = 1,
ERR_LIB_SYS,
ERR_LIB_BN,
ERR_LIB_RSA,
ERR_LIB_DH,
ERR_LIB_EVP,
ERR_LIB_BUF,
ERR_LIB_OBJ,
ERR_LIB_PEM,
ERR_LIB_DSA,
ERR_LIB_X509,
ERR_LIB_ASN1,
ERR_LIB_CONF,
ERR_LIB_CRYPTO,
ERR_LIB_EC,
ERR_LIB_SSL,
ERR_LIB_BIO,
ERR_LIB_PKCS7,
ERR_LIB_PKCS8,
ERR_LIB_X509V3,
ERR_LIB_RAND,
ERR_LIB_ENGINE,
ERR_LIB_OCSP,
ERR_LIB_UI,
ERR_LIB_COMP,
ERR_LIB_ECDSA,
ERR_LIB_ECDH,
ERR_LIB_HMAC,
ERR_LIB_DIGEST,
ERR_LIB_CIPHER,
ERR_LIB_HKDF,
ERR_LIB_USER,
ERR_NUM_LIBS
};
/**
* @brief clear the SSL error code
*
* @param none
*
* @return none
*/
void ERR_clear_error(void);
/**
* @brief get the current SSL error code
*
* @param none
*
* @return current SSL error number
*/
uint32_t ERR_get_error(void);
/**
* @brief peek the current SSL error code, not clearing it
*
* @param none
*
* @return current SSL error number
*/
uint32_t ERR_peek_error(void);
/**
* @brief peek the last SSL error code, not clearing it
*
* @param none
*
* @return current SSL error number
*/
uint32_t ERR_peek_last_error(void);
/**
* @brief register the SSL error strings
*
* @param none
*
* @return none
*/
void ERR_load_SSL_strings(void);
/**
* @brief clear the SSL error code
*
* @param none
*
* @return none
*/
void ERR_clear_error(void);
/**
* @brief peek the current SSL error code, not clearing it
*
* @param none
*
* @return current SSL error number
*/
uint32_t ERR_peek_error(void);
/**
* @brief peek the last SSL error code, not clearing it
*
* @param none
*
* @return current SSL error number
*/
uint32_t ERR_peek_last_error(void);
/**
* @brief capture the current error to the error structure
*
* @param library Related library
* @param unused Not used (used for compliant function prototype)
* @param reason The actual error code
* @param file File name of the error report
* @param line Line number of the error report
*
*/
void ERR_put_error(int library, int unused, int reason, const char *file, unsigned line);
/**
* @brief Peek the current SSL error, not clearing it
*
* @param file file name of the reported error
* @param line line number of the reported error
* @param data Associated data to the reported error
* @param flags Flags associated to the error
*
* @return current SSL error number
*/
uint32_t ERR_peek_error_line_data(const char **file, int *line,
const char **data, int *flags);
/**
* @brief Get the current SSL error
*
* @param file file name of the reported error
* @param line line number of the reported error
* @param data Associated data to the reported error
* @param flags Flags associated to the error
*
* @return current SSL error number
*/
uint32_t ERR_get_error_line_data(const char **file, int *line,
const char **data, int *flags);
/**
* @brief API provided as a declaration only
*
*/
void SSL_load_error_strings(void);
/**
* @brief API provided as a declaration only
*
*/
void ERR_free_strings(void);
/**
* @brief API provided as a declaration only
*
*/
void ERR_remove_state(unsigned long pid);
/**
* @brief Returns error string -- Not implemented
*
* @param packed_error Packed error code
*
* @return NULL
*/
const char *ERR_reason_error_string(uint32_t packed_error);
#ifdef __cplusplus
}
#endif
#endif // _OPENSSL_ERR_H

1901
components/openssl/include/openssl/ssl.h
View File

File diff suppressed because it is too large Load Diff

20
components/openssl/include/platform/ssl_opt.h
View File

@ -1,20 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_OPT_H_
#define _SSL_OPT_H_
#include "sdkconfig.h"
#endif

63
components/openssl/include/platform/ssl_pm.h
View File

@ -1,63 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_PM_H_
#define _SSL_PM_H_
#ifdef __cplusplus
extern "C" {
#endif
#include <string.h>
#include "ssl_types.h"
#include "ssl_port.h"
#define LOCAL_ATRR
int ssl_pm_new(SSL *ssl);
void ssl_pm_free(SSL *ssl);
int ssl_pm_handshake(SSL *ssl);
int ssl_pm_shutdown(SSL *ssl);
int ssl_pm_clear(SSL *ssl);
int ssl_pm_read(SSL *ssl, void *buffer, int len);
int ssl_pm_send(SSL *ssl, const void *buffer, int len);
int ssl_pm_pending(const SSL *ssl);
void ssl_pm_set_fd(SSL *ssl, int fd, int mode);
int ssl_pm_get_fd(const SSL *ssl, int mode);
void ssl_pm_set_hostname(SSL *ssl, const char *hostname);
OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl);
void ssl_pm_set_bufflen(SSL *ssl, int len);
int x509_pm_show_info(X509 *x);
int x509_pm_new(X509 *x, X509 *m_x);
void x509_pm_free(X509 *x);
int x509_pm_load(X509 *x, const unsigned char *buffer, int len);
int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pk);
void pkey_pm_free(EVP_PKEY *pk);
int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len);
long ssl_pm_get_verify_result(const SSL *ssl);
#ifdef __cplusplus
}
#endif
#endif

45
components/openssl/include/platform/ssl_port.h
View File

@ -1,45 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _SSL_PORT_H_
#define _SSL_PORT_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "esp_types.h"
#include "esp_log.h"
#include "string.h"
#include "malloc.h"
void *ssl_mem_zalloc(size_t size);
#define ssl_mem_malloc malloc
#define ssl_mem_free free
#define ssl_memcpy memcpy
#define ssl_strlen strlen
#define ssl_speed_up_enter()
#define ssl_speed_up_exit()
#define SSL_DEBUG_FL
#define SSL_DEBUG_LOG(fmt, ...) ESP_LOGI("openssl", fmt, ##__VA_ARGS__)
#ifdef __cplusplus
}
#endif
#endif

209
components/openssl/library/ssl_bio.c
View File

@ -1,209 +0,0 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_lib.h"
#include "openssl/bio.h"
#include "ssl_dbg.h"
#include "openssl/err.h"
#define DEFAULT_BIO_SIZE 1024
BIO *BIO_new_mem_buf(void *buf, int len)
{
BIO_METHOD m = { .type = BIO_TYPE_MEM, .size = 0 };
BIO *b = BIO_new(&m);
if (b) {
b->dlen = len;
b->data = buf;
}
return b;
}
/**
* @brief create a BIO object
*/
BIO *BIO_new(BIO_METHOD * method)
{
BIO *b = (BIO *)ssl_mem_zalloc(sizeof(BIO));
if (!b) {
OPENSSL_PUT_LIB_ERROR(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
if (method) {
b->size = method->size;
b->type = method->type;
} else {
b->type = BIO_TYPE_NONE;
}
if ((b->type & BIO_TYPE_BIO) && b->size) {
b->data = ssl_mem_zalloc(b->size);
if (!b->data) {
OPENSSL_PUT_LIB_ERROR(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
}
return b;
err:
if (b && (b->type&BIO_TYPE_BIO)) {
ssl_mem_free(b->data);
}
ssl_mem_free(b);
return NULL;
}
/**
* @brief free a BIO object
*/
void BIO_free(BIO *b)
{
if (b && (b->type&BIO_TYPE_BIO)) {
ssl_mem_free(b->data);
}
ssl_mem_free(b);
}
int BIO_new_bio_pair(BIO **out1, size_t writebuf1, BIO **out2, size_t writebuf2)
{
BIO *bio1 = NULL;
BIO *bio2 = NULL;
if (!writebuf1) {
writebuf1 = DEFAULT_BIO_SIZE;
}
if (!writebuf2) {
writebuf2 = DEFAULT_BIO_SIZE;
}
BIO_METHOD m1 = {
.size = writebuf1,
.type = BIO_TYPE_BIO,
};
BIO_METHOD m2 = {
.size = writebuf1,
.type = BIO_TYPE_BIO,
};
bio1 = BIO_new(&m1);
if (!bio1) {
goto err;
}
bio2 = BIO_new(&m2);
if (!bio2) {
goto err;
}
*out1 = bio1;
*out2 = bio2;
bio1->peer = bio2;
bio1->size = writebuf1;
bio2->peer = bio1;
bio2->size = writebuf2;
return 1;
err:
if (bio1)
{
BIO_free(bio1);
*out1 = NULL;
}
if (bio2)
{
BIO_free(bio2);
*out2 = NULL;
}
return 0;
}
/**
* @brief get the memory BIO method function
*/
void *BIO_s_mem(void)
{
return NULL;
}
int BIO_method_type(const BIO *b)
{
SSL_ASSERT1(b);
return b->type;
}
/**
* @brief load data into BIO.
*
*/
int BIO_write(BIO *b, const void * data, int dlen)
{
SSL_ASSERT1(b);
int remaining = b->size - b->offset;
if (remaining <= 0) {
b->flags |= BIO_FLAGS_WRITE;
return -1;
}
int len_to_write = dlen > remaining?remaining:dlen;
memcpy(b->data + b->offset, data, len_to_write);
b->offset += len_to_write;
b->dlen = b->offset;
if (len_to_write == dlen) {
b->flags &= ~BIO_FLAGS_WRITE;
}
return len_to_write;
}
/**
* @brief Read from BIO.
*
*/
int BIO_read(BIO *bio, void *data, int len)
{
SSL_ASSERT1(bio);
BIO *peer = bio->peer;
int remaining = peer->dlen - peer->roffset;
if (remaining <= 0) {
bio->flags |= BIO_FLAGS_READ;
return -1;
}
int len_to_read = remaining > len ? len : remaining;
memcpy(data, peer->data + peer->roffset, len_to_read);
peer->roffset += len_to_read;
if (len_to_read == len) {
bio->flags &= ~BIO_FLAGS_READ;
}
if (peer->offset) {
// shift data back to the beginning of the buffer
memmove(peer->data, peer->data+peer->roffset, peer->offset - peer->roffset);
peer->offset -= peer->roffset;
peer->roffset = 0;
peer->dlen = peer->offset;
}
return len_to_read;
}
size_t BIO_wpending(const BIO *bio)
{
return bio->dlen - bio->roffset;
}
size_t BIO_ctrl_pending(const BIO *bio)
{
return bio->peer->dlen - bio->peer->roffset;
}
size_t BIO_ctrl_get_write_guarantee(BIO *b)
{
return (long)b->size - b->dlen;
}
int BIO_test_flags(const BIO *b, int flags)
{
return (b->flags & flags);
}

87
components/openssl/library/ssl_cert.c
View File

@ -1,87 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_cert.h"
#include "ssl_pkey.h"
#include "ssl_x509.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
/**
* @brief create a certification object according to input certification
*/
CERT *__ssl_cert_new(CERT *ic)
{
CERT *cert;
X509 *ix;
EVP_PKEY *ipk;
cert = ssl_mem_zalloc(sizeof(CERT));
if (!cert) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "no enough memory > (cert)");
goto no_mem;
}
if (ic) {
ipk = ic->pkey;
ix = ic->x509;
} else {
ipk = NULL;
ix = NULL;
}
cert->pkey = __EVP_PKEY_new(ipk);
if (!cert->pkey) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__EVP_PKEY_new() return NULL");
goto pkey_err;
}
cert->x509 = __X509_new(ix);
if (!cert->x509) {
SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__X509_new() return NULL");
goto x509_err;
}
return cert;
x509_err:
EVP_PKEY_free(cert->pkey);
pkey_err:
ssl_mem_free(cert);
no_mem:
return NULL;
}
/**
* @brief create a certification object include private key object
*/
CERT *ssl_cert_new(void)
{
return __ssl_cert_new(NULL);
}
/**
* @brief free a certification object
*/
void ssl_cert_free(CERT *cert)
{
SSL_ASSERT3(cert);
X509_free(cert->x509);
EVP_PKEY_free(cert->pkey);
ssl_mem_free(cert);
}

120
components/openssl/library/ssl_err.c
View File

@ -1,120 +0,0 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_dbg.h"
struct err_error_st {
/* file contains the filename where the error occurred. */
const char *file;
/* packed contains the error library and reason, as packed by ERR_PACK. */
uint32_t packed;
/* line contains the line number where the error occurred. */
uint32_t line;
};
#define ERR_NUM_ERRORS 4
typedef struct err_state_st {
/* errors contains the ERR_NUM_ERRORS most recent errors, organised as a ring
* buffer. */
struct err_error_st errors[ERR_NUM_ERRORS];
/* top contains the index one past the most recent error. If |top| equals
* |bottom| then the queue is empty. */
unsigned top;
/* bottom contains the index of the last error in the queue. */
unsigned bottom;
} ERR_STATE;
#if CONFIG_OPENSSL_ERROR_STACK
static ERR_STATE s_err_state = { 0 };
#endif
void ERR_clear_error(void)
{
#if CONFIG_OPENSSL_ERROR_STACK
memset(&s_err_state.errors[0], 0, sizeof(struct err_state_st));
s_err_state.top = s_err_state.bottom = 0;
#endif
}
static uint32_t ERR_get_peek_error_internal(const char **file, int *line, bool peak)
{
#if CONFIG_OPENSSL_ERROR_STACK
if (s_err_state.top == s_err_state.bottom) {
return 0;
}
unsigned new_bottom = (s_err_state.bottom + 1) % ERR_NUM_ERRORS;
int err = s_err_state.errors[new_bottom].packed;
if (file) {
*file = s_err_state.errors[new_bottom].file;
}
if (line) {
*line = s_err_state.errors[new_bottom].line;
}
if (peak == false) {
memset(&s_err_state.errors[new_bottom], 0, sizeof(struct err_error_st));
s_err_state.bottom = new_bottom;
}
return err;
#else
return 0;
#endif
}
uint32_t ERR_get_error(void)
{
return ERR_get_peek_error_internal(NULL, NULL, false);
}
uint32_t ERR_peek_error(void)
{
return ERR_get_peek_error_internal(NULL, NULL, true);
}
uint32_t ERR_peek_last_error(void)
{
return ERR_get_peek_error_internal(NULL, NULL, true);
}
uint32_t ERR_peek_error_line_data(const char **file, int *line, const char **data, int *flags)
{
return ERR_get_peek_error_internal(file, line, true);
}
uint32_t ERR_get_error_line_data(const char **file, int *line, const char **data, int *flags)
{
return ERR_get_peek_error_internal(file, line, false);
}
const char *ERR_reason_error_string(uint32_t packed_error)
{
return NULL;
}
void ERR_put_error(int library, int unused, int reason, const char *file, unsigned line)
{
#if CONFIG_OPENSSL_ERROR_STACK
s_err_state.top = (s_err_state.top + 1) % ERR_NUM_ERRORS;
if (s_err_state.top == s_err_state.bottom) {
s_err_state.bottom = (s_err_state.bottom + 1) % ERR_NUM_ERRORS;
}
s_err_state.errors[s_err_state.top].packed = (uint32_t)library<<24 | abs(reason);
s_err_state.errors[s_err_state.top].file = file;
s_err_state.errors[s_err_state.top].line = line;
#endif
}

1684
components/openssl/library/ssl_lib.c
View File

File diff suppressed because it is too large Load Diff

111
components/openssl/library/ssl_methods.c
View File

@ -1,111 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_methods.h"
#include "ssl_pm.h"
/**
* TLS method function collection
*/
IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func,
ssl_pm_new, ssl_pm_free,
ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear,
ssl_pm_read, ssl_pm_send, ssl_pm_pending,
ssl_pm_set_fd, ssl_pm_set_hostname, ssl_pm_get_fd,
ssl_pm_set_bufflen,
ssl_pm_get_verify_result,
ssl_pm_get_state);
/**
* TLS or SSL client method collection
*/
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method);
IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method);
IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 0, TLS_method_func, TLSv1_1_client_method);
IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method);
IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method);
/**
* TLS or SSL server method collection
*/
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method);
IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method);
IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 1, TLS_method_func, TLSv1_2_server_method);
IMPLEMENT_TLS_METHOD(TLS1_VERSION, 1, TLS_method_func, TLSv1_server_method);
IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method);
/**
* TLS or SSL method collection
*/
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method);
IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method);
IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method);
IMPLEMENT_TLS_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method);
IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method);
/**
* @brief get X509 object method
*/
IMPLEMENT_X509_METHOD(X509_method,
x509_pm_new, x509_pm_free,
x509_pm_load, x509_pm_show_info);
/**
* @brief get private key object method
*/
IMPLEMENT_PKEY_METHOD(EVP_PKEY_method,
pkey_pm_new, pkey_pm_free,
pkey_pm_load);
/**
* @brief Generic SSL/TLS methods
*/
const SSL_METHOD *SSLv23_method(void)
{
return TLS_method();
}
const SSL_METHOD *SSLv23_server_method(void)
{
return TLS_server_method();
}
const SSL_METHOD *SSLv23_client_method(void)
{
return TLS_client_method();
}
int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version)
{
ctx->min_version = version;
return 1;
}
int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version)
{
ctx->max_version = version;
return 1;
}

311
components/openssl/library/ssl_pkey.c
View File

@ -1,311 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_pkey.h"
#include "ssl_methods.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
#include "openssl/bio.h"
/**
* @brief create a private key object according to input private key
*/
EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
{
int ret;
EVP_PKEY *pkey;
pkey = ssl_mem_zalloc(sizeof(EVP_PKEY));
if (!pkey) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "no enough memory > (pkey)");
goto no_mem;
}
pkey->ref_counter = 1;
if (ipk) {
pkey->method = ipk->method;
} else {
pkey->method = EVP_PKEY_method();
}
ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(new) return %d", ret);
goto failed;
}
return pkey;
failed:
ssl_mem_free(pkey);
no_mem:
return NULL;
}
/**
* @brief create a private key object
*/
EVP_PKEY* EVP_PKEY_new(void)
{
return __EVP_PKEY_new(NULL);
}
/**
* @brief free a private key object
*/
void EVP_PKEY_free(EVP_PKEY *pkey)
{
SSL_ASSERT3(pkey);
if (--pkey->ref_counter > 0) {
return;
}
EVP_PKEY_METHOD_CALL(free, pkey);
ssl_mem_free(pkey);
}
/**
* @brief load a character key context into system context. If '*a' is pointed to the
* private key, then load key into it. Or create a new private key object
*/
EVP_PKEY *d2i_PrivateKey(int type,
EVP_PKEY **a,
const unsigned char **pp,
long length)
{
int m = 0;
int ret;
EVP_PKEY *pkey;
SSL_ASSERT2(pp);
SSL_ASSERT2(*pp);
SSL_ASSERT2(length);
if (a && *a) {
pkey = *a;
} else {
pkey = EVP_PKEY_new();;
if (!pkey) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
goto failed1;
}
m = 1;
}
ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
goto failed2;
}
if (a)
*a = pkey;
return pkey;
failed2:
if (m)
EVP_PKEY_free(pkey);
failed1:
return NULL;
}
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
{
return d2i_PrivateKey(0, a, (const unsigned char **)&bp->data, bp->dlen);
}
RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **a)
{
return d2i_PrivateKey_bio(bp, (EVP_PKEY**)a);
}
RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, pem_password_cb *cb, void *u)
{
return PEM_read_bio_PrivateKey(bp, (EVP_PKEY**)x, cb, u);
}
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **pk, pem_password_cb *cb, void *u)
{
int m = 0;
int ret;
EVP_PKEY *x;
SSL_ASSERT2(BIO_method_type(bp) & BIO_TYPE_MEM);
if (bp->data == NULL || bp->dlen == 0) {
return NULL;
}
if (pk && *pk) {
x = *pk;
} else {
x = EVP_PKEY_new();
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
goto failed;
}
m = 1;
}
ret = EVP_PKEY_METHOD_CALL(load, x, bp->data, bp->dlen);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
goto failed;
}
// If buffer successfully created a EVP_PKEY from the bio, mark the buffer as consumed
bp->data = NULL;
bp->dlen = 0;
return x;
failed:
if (m) {
EVP_PKEY_free(x);
}
return NULL;}
/**
* @brief set the SSL context private key
*/
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
SSL_ASSERT1(ctx);
SSL_ASSERT1(pkey);
if (ctx->cert->pkey == pkey)
return 1;
if (ctx->cert->pkey)
EVP_PKEY_free(ctx->cert->pkey);
pkey->ref_counter++;
ctx->cert->pkey = pkey;
return 1;
}
/**
* @brief set the SSL private key
*/
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
{
SSL_ASSERT1(ssl);
SSL_ASSERT1(pkey);
if (ssl->cert->pkey == pkey)
return 1;
if (ssl->cert->pkey)
EVP_PKEY_free(ssl->cert->pkey);
ssl->cert->pkey = pkey;
return 1;
}
/**
* @brief load private key into the SSL context
*/
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
const unsigned char *d, long len)
{
int ret;
EVP_PKEY *pk;
pk = d2i_PrivateKey(0, NULL, &d, len);
if (!pk) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
goto failed1;
}
ret = SSL_CTX_use_PrivateKey(ctx, pk);
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_PrivateKey() return %d", ret);
goto failed2;
}
return 1;
failed2:
EVP_PKEY_free(pk);
failed1:
return 0;
}
/**
* @brief load private key into the SSL
*/
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
const unsigned char *d, long len)
{
int ret;
EVP_PKEY *pk;
pk = d2i_PrivateKey(0, NULL, &d, len);
if (!pk) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
goto failed1;
}
ret = SSL_use_PrivateKey(ssl, pk);
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_PrivateKey() return %d", ret);
goto failed2;
}
return 1;
failed2:
EVP_PKEY_free(pk);
failed1:
return 0;
}
#define ESP_OPENSSL_FILES_IS_SUPPORTED 0
/**
* @brief load the private key file into SSL context
*/
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
{
// Using file name as private key is discouraged
SSL_ASSERT1(ESP_OPENSSL_FILES_IS_SUPPORTED);
return -1;
}
/**
* @brief load the private key file into SSL
*/
int SSL_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
{
// Using file name as private key is discouraged
SSL_ASSERT1(ESP_OPENSSL_FILES_IS_SUPPORTED);
return -1;
}
/**
* @brief load the RSA ASN1 private key into SSL context
*/
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
{
return SSL_CTX_use_PrivateKey_ASN1(0, ctx, d, len);
}
void RSA_free (RSA *r)
{
EVP_PKEY_free(r);
}

97
components/openssl/library/ssl_stack.c
View File

@ -1,97 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_stack.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
#ifndef CONFIG_MIN_NODES
#define MIN_NODES 4
#else
#define MIN_NODES CONFIG_MIN_NODES
#endif
/**
* @brief create a openssl stack object
*/
typedef struct stack_st_tag {
size_t num;
void **data;
} _STACK;
GENERAL_NAME *sk_GENERAL_NAME_value(const struct stack_st_GENERAL_NAME *sk, size_t i)
{
if (!sk || i >= ((_STACK*)sk)->num) {
return NULL;
}
return ((_STACK*)sk)->data[i];
}
size_t sk_GENERAL_NAME_num(const struct stack_st_GENERAL_NAME *sk)
{
if (sk == NULL) {
return 0;
}
return ((_STACK*)sk)->num;
}
OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c)
{
OPENSSL_STACK *stack;
char **data;
stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK));
if (!stack) {
SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (stack)");
goto no_mem1;
}
data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES);
if (!data) {
SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (data)");
goto no_mem2;
}
stack->data = data;
stack->num_alloc = MIN_NODES;
stack->c = c;
return stack;
no_mem2:
ssl_mem_free(stack);
no_mem1:
return NULL;
}
/**
* @brief create a NULL function openssl stack object
*/
OPENSSL_STACK *OPENSSL_sk_new_null(void)
{
return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL);
}
/**
* @brief free openssl stack object
*/
void OPENSSL_sk_free(OPENSSL_STACK *stack)
{
SSL_ASSERT3(stack);
ssl_mem_free(stack->data);
ssl_mem_free(stack);
}

401
components/openssl/library/ssl_x509.c
View File

@ -1,401 +0,0 @@
/*
* SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include "ssl_x509.h"
#include "ssl_methods.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
#include "bio.h"
/**
* @brief show X509 certification information
*/
int __X509_show_info(X509 *x)
{
return X509_METHOD_CALL(show_info, x);
}
/**
* @brief create a X509 certification object according to input X509 certification
*/
X509* __X509_new(X509 *ix)
{
int ret;
X509 *x;
x = ssl_mem_zalloc(sizeof(X509));
if (!x) {
SSL_DEBUG(SSL_X509_ERROR_LEVEL, "no enough memory > (x)");
goto no_mem;
}
x->ref_counter = 1;
if (ix && ix->method)
x->method = ix->method;
else
x->method = X509_method();
ret = X509_METHOD_CALL(new, x, ix);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(new) return %d", ret);
goto failed;
}
return x;
failed:
ssl_mem_free(x);
no_mem:
return NULL;
}
/**
* @brief create a X509 certification object
*/
X509* X509_new(void)
{
return __X509_new(NULL);
}
/**
* @brief free a X509 certification object
*/
void X509_free(X509 *x)
{
SSL_ASSERT3(x);
if (--x->ref_counter > 0) {
return;
}
X509_METHOD_CALL(free, x);
ssl_mem_free(x);
};
/**
* @brief load a character certification context into system context. If '*cert' is pointed to the
* certification, then load certification into it. Or create a new X509 certification object
*/
X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
{
int m = 0;
int ret;
X509 *x;
SSL_ASSERT2(buffer);
SSL_ASSERT2(len);
if (cert && *cert) {
x = *cert;
} else {
x = X509_new();
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
goto failed1;
}
m = 1;
}
ret = X509_METHOD_CALL(load, x, buffer, len);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
goto failed2;
}
return x;
failed2:
if (m)
X509_free(x);
failed1:
return NULL;
}
/**
* @brief return SSL X509 verify parameters
*/
X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
{
return &ssl->param;
}
/**
* @brief set X509 host verification flags
*/
int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned long flags)
{
/* flags not supported yet */
return 0;
}
/**
* @brief clear X509 host verification flags
*/
int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
unsigned long flags)
{
/* flags not supported yet */
return 0;
}
/**
* @brief set SSL context client CA certification
*/
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
{
SSL_ASSERT1(ctx);
SSL_ASSERT1(x);
if (ctx->client_CA == x)
return 1;
X509_free(ctx->client_CA);
ctx->client_CA = x;
return 1;
}
/**
* @brief add CA client certification into the SSL
*/
int SSL_add_client_CA(SSL *ssl, X509 *x)
{
SSL_ASSERT1(ssl);
SSL_ASSERT1(x);
if (ssl->client_CA == x)
return 1;
X509_free(ssl->client_CA);
ssl->client_CA = x;
return 1;
}
/**
* @brief set the SSL context certification
*/
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
{
SSL_ASSERT1(ctx);
SSL_ASSERT1(x);
if (ctx->cert->x509 == x)
return 1;
X509_free(ctx->cert->x509);
ctx->cert->x509 = x;
x->ref_counter++;
return 1;
}
/**
* @brief set the SSL certification
*/
int SSL_use_certificate(SSL *ssl, X509 *x)
{
SSL_ASSERT1(ssl);
SSL_ASSERT1(x);
if (ssl->cert->x509 == x)
return 1;
X509_free(ssl->cert->x509);
ssl->cert->x509 = x;
return 1;
}
long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x)
{
return SSL_CTX_use_certificate(ctx, x);
}
/**
* @brief get the SSL certification point
*/
X509 *SSL_get_certificate(const SSL *ssl)
{
SSL_ASSERT2(ssl);
return ssl->cert->x509;
}
/**
* @brief load certification into the SSL context
*/
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
const unsigned char *d)
{
int ret;
X509 *x;
x = d2i_X509(NULL, d, len);
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
goto failed1;
}
ret = SSL_CTX_use_certificate(ctx, x); // This uses the "x" so increments ref_count
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_certificate() return %d", ret);
goto failed2;
}
X509_free(x); // decrements ref_count, so in case of happy flow doesn't free the "x"
return 1;
failed2:
X509_free(x);
failed1:
return 0;
}
/**
* @brief load certification into the SSL
*/
int SSL_use_certificate_ASN1(SSL *ssl, int len,
const unsigned char *d)
{
int ret;
X509 *x;
x = d2i_X509(NULL, d, len);
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
goto failed1;
}
ret = SSL_use_certificate(ssl, x);
if (!ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_certificate() return %d", ret);
goto failed2;
}
return 1;
failed2:
X509_free(x);
failed1:
return 0;
}
/**
* @brief load the certification file into SSL context
*/
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
{
return 0;
}
/**
* @brief load the certification file into SSL
*/
int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
{
return 0;
}
/**
* @brief get peer certification
*/
X509 *SSL_get_peer_certificate(const SSL *ssl)
{
SSL_ASSERT2(ssl);
return ssl->session->peer;
}
/**
* @brief set SSL context client CA certification
*/
int X509_STORE_add_cert(X509_STORE *store, X509 *x) {
x->ref_counter++;
SSL_CTX *ctx = (SSL_CTX *)store;
SSL_ASSERT1(ctx);
SSL_ASSERT1(x);
if (ctx->client_CA == x) {
return 1;
}
if (ctx->client_CA!=NULL) {
X509_free(ctx->client_CA);
}
ctx->client_CA = x;
return 1;
}
/**
* @brief load a character certification context into system context.
*
* If '*cert' is pointed to the certification, then load certification
* into it, or create a new X509 certification object.
*/
X509 * PEM_read_bio_X509(BIO *bp, X509 **cert, pem_password_cb cb, void *u) {
int m = 0;
int ret;
X509 *x;
SSL_ASSERT2(BIO_method_type(bp) & BIO_TYPE_MEM);
if (bp->data == NULL || bp->dlen == 0) {
return NULL;
}
if (cert && *cert) {
x = *cert;
} else {
x = X509_new();
if (!x) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
goto failed;
}
m = 1;
}
ret = X509_METHOD_CALL(load, x, bp->data, bp->dlen);
if (ret) {
SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
goto failed;
}
// If buffer successfully created a X509 from the bio, mark the buffer as consumed
bp->data = NULL;
bp->dlen = 0;
return x;
failed:
if (m) {
X509_free(x);
}
return NULL;
}
X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **cert, pem_password_cb *cb, void *u)
{
return PEM_read_bio_X509(bp, cert, cb, u);
}
/**
* @brief get the SSL context object X509 certification storage
*/
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
return (X509_STORE *)ctx;
}

788
components/openssl/platform/ssl_pm.c
View File

@ -1,788 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_pm.h"
#include "ssl_port.h"
#include "ssl_dbg.h"
/* mbedtls include */
#include "mbedtls/platform.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/debug.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
#include "mbedtls/certs.h"
#include "openssl/bio.h"
#include "openssl/err.h"
#define X509_INFO_STRING_LENGTH 8192
struct ssl_pm
{
/* local socket file description */
mbedtls_net_context fd;
/* remote client socket file description */
mbedtls_net_context cl_fd;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_entropy_context entropy;
};
struct x509_pm
{
mbedtls_x509_crt *x509_crt;
mbedtls_x509_crt *ex_crt;
};
struct pkey_pm
{
mbedtls_pk_context *pkey;
mbedtls_pk_context *ex_pkey;
};
unsigned int max_content_len;
/*********************************************************************************************/
/************************************ SSL arch interface *************************************/
#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
/* mbedtls debug level */
#define MBEDTLS_DEBUG_LEVEL 4
/**
* @brief mbedtls debug function
*/
static void ssl_platform_debug(void *ctx, int level,
const char *file, int line,
const char *str)
{
/* Shorten 'file' from the whole file path to just the filename
This is a bit wasteful because the macros are compiled in with
the full _FILE_ path in each case.
*/
char *file_sep = rindex(file, '/');
if(file_sep)
file = file_sep + 1;
SSL_DEBUG(SSL_DEBUG_ON, "%s:%d %s", file, line, str);
}
#endif
static int mbedtls_bio_send(void *ctx, const unsigned char *buf, size_t len )
{
BIO *bio = ctx;
int written = BIO_write(bio, buf, len);
if (written <= 0 && BIO_should_write(bio)) {
return MBEDTLS_ERR_SSL_WANT_WRITE;
}
return written;
}
static int mbedtls_bio_recv(void *ctx, unsigned char *buf, size_t len )
{
BIO *bio = ctx;
int read = BIO_read(bio, buf, len);
if (read <= 0 && BIO_should_read(bio)) {
return MBEDTLS_ERR_SSL_WANT_READ;
}
return read;
}
static int ssl_pm_reload_crt(SSL *ssl);
static int get_mbedtls_minor_ssl_version(int openssl_version_nr)
{
if (TLS1_2_VERSION == openssl_version_nr)
return MBEDTLS_SSL_MINOR_VERSION_3;
if (TLS1_1_VERSION ==openssl_version_nr)
return MBEDTLS_SSL_MINOR_VERSION_2;
if (TLS1_VERSION == openssl_version_nr)
return MBEDTLS_SSL_MINOR_VERSION_1;
// SSLv3.0 otherwise
return MBEDTLS_SSL_MINOR_VERSION_0;
}
/**
* @brief create SSL low-level object
*/
int ssl_pm_new(SSL *ssl)
{
struct ssl_pm *ssl_pm;
int ret;
const unsigned char pers[] = "OpenSSL PM";
size_t pers_len = sizeof(pers);
int endpoint;
const SSL_METHOD *method = ssl->method;
ssl_pm = ssl_mem_zalloc(sizeof(struct ssl_pm));
if (!ssl_pm) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (ssl_pm)");
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
goto no_mem;
}
max_content_len = ssl->ctx->read_buffer_len;
mbedtls_net_init(&ssl_pm->fd);
mbedtls_net_init(&ssl_pm->cl_fd);
mbedtls_ssl_config_init(&ssl_pm->conf);
mbedtls_ctr_drbg_init(&ssl_pm->ctr_drbg);
mbedtls_entropy_init(&ssl_pm->entropy);
mbedtls_ssl_init(&ssl_pm->ssl);
ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ctr_drbg_seed() return -0x%x", -ret);
OPENSSL_PUT_LIB_ERROR(ERR_LIB_RAND, ret);
goto mbedtls_err1;
}
if (method->endpoint) {
endpoint = MBEDTLS_SSL_IS_SERVER;
} else {
endpoint = MBEDTLS_SSL_IS_CLIENT;
}
ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_config_defaults() return -0x%x", -ret);
OPENSSL_PUT_LIB_ERROR(ERR_LIB_CONF, ret);
goto mbedtls_err2;
}
if (TLS_ANY_VERSION != ssl->version) {
int min_version = ssl->ctx->min_version ? ssl->ctx->min_version : ssl->version;
int max_version = ssl->ctx->max_version ? ssl->ctx->max_version : ssl->version;
mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, get_mbedtls_minor_ssl_version(max_version));
mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, get_mbedtls_minor_ssl_version(min_version));
} else {
mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0);
}
if (ssl->ctx->ssl_alpn.alpn_status == ALPN_ENABLE) {
#ifdef MBEDTLS_SSL_ALPN
mbedtls_ssl_conf_alpn_protocols( &ssl_pm->conf, ssl->ctx->ssl_alpn.alpn_list );
#else
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "CONFIG_MBEDTLS_SSL_ALPN must be enabled to use ALPN", -1);
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_FATAL);
#endif // MBEDTLS_SSL_ALPN
}
mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg);
#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
mbedtls_debug_set_threshold(MBEDTLS_DEBUG_LEVEL);
mbedtls_ssl_conf_dbg(&ssl_pm->conf, ssl_platform_debug, NULL);
#else
mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL);
#endif
ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_setup() return -0x%x", -ret);
OPENSSL_PUT_LIB_ERROR(ERR_LIB_CONF, ret);
goto mbedtls_err2;
}
mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL);
ssl->ssl_pm = ssl_pm;
ret = ssl_pm_reload_crt(ssl);
if (ret)
return 0;
return 0;
mbedtls_err2:
mbedtls_ssl_config_free(&ssl_pm->conf);
mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
mbedtls_err1:
mbedtls_entropy_free(&ssl_pm->entropy);
ssl_mem_free(ssl_pm);
no_mem:
return -1;
}
/**
* @brief free SSL low-level object
*/
void ssl_pm_free(SSL *ssl)
{
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
mbedtls_entropy_free(&ssl_pm->entropy);
mbedtls_ssl_config_free(&ssl_pm->conf);
mbedtls_ssl_free(&ssl_pm->ssl);
ssl_mem_free(ssl_pm);
ssl->ssl_pm = NULL;
}
/**
* @brief reload SSL low-level certification object
*/
static int ssl_pm_reload_crt(SSL *ssl)
{
int ret;
int mode = MBEDTLS_SSL_VERIFY_UNSET;
struct ssl_pm *ssl_pm = ssl->ssl_pm;
struct x509_pm *ca_pm = (struct x509_pm *)ssl->client_CA->x509_pm;
struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
/* OpenSSL verification modes outline (see `man SSL_set_verify` for more details)
*
* | openssl mode | Server | Client |
* | SSL_VERIFY_NONE | will not send a client certificate request | server certificate which will be checked |
* handshake will be continued regardless |
* | SSL_VERIFY_PEER | depends on SSL_VERIFY_FAIL_IF_NO_PEER_CERT | handshake is terminated if verify fails |
* (unless anonymous ciphers--not supported |
* | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | handshake is terminated if | ignored |
* client cert verify fails | |
*/
if (ssl->method->endpoint == MBEDTLS_SSL_IS_SERVER) {
if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
mode = MBEDTLS_SSL_VERIFY_REQUIRED;
else if (ssl->verify_mode & SSL_VERIFY_PEER)
mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
else if (ssl->verify_mode == SSL_VERIFY_NONE)
mode = MBEDTLS_SSL_VERIFY_NONE;
} else if (ssl->method->endpoint == MBEDTLS_SSL_IS_CLIENT) {
if (ssl->verify_mode & SSL_VERIFY_PEER)
mode = MBEDTLS_SSL_VERIFY_REQUIRED;
else if (ssl->verify_mode == SSL_VERIFY_NONE)
mode = MBEDTLS_SSL_VERIFY_NONE;
}
mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode);
if (ca_pm->x509_crt) {
mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL);
} else if (ca_pm->ex_crt) {
mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->ex_crt, NULL);
}
if (crt_pm->x509_crt && pkey_pm->pkey) {
ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->x509_crt, pkey_pm->pkey);
} else if (crt_pm->ex_crt && pkey_pm->ex_pkey) {
ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->ex_crt, pkey_pm->ex_pkey);
} else {
ret = 0;
}
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_conf_own_cert() return -0x%x", -ret);
OPENSSL_PUT_LIB_ERROR(ERR_LIB_X509, ret);
ret = -1;
}
return ret;
}
/*
* Perform the mbedtls SSL handshake instead of mbedtls_ssl_handshake.
* We can add debug here.
*/
static int mbedtls_handshake( mbedtls_ssl_context *ssl )
{
int ret = 0;
while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
ret = mbedtls_ssl_handshake_step(ssl);
SSL_DEBUG(SSL_PLATFORM_DEBUG_LEVEL, "ssl ret %d state %d", ret, ssl->state);
if (ret != 0)
break;
}
return ret;
}
int ssl_pm_handshake(SSL *ssl)
{
int ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
if (ssl->bio) {
// if using BIO, make sure the mode is supported
SSL_ASSERT1(ssl->mode & (SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER));
mbedtls_ssl_set_bio(&ssl_pm->ssl, ssl->bio, mbedtls_bio_send, mbedtls_bio_recv, NULL);
} else {
// defaults to SSL_read/write using a file descriptor -- expects default mode
SSL_ASSERT1(ssl->mode == 0);
}
ret = ssl_pm_reload_crt(ssl);
if (ret)
return 0;
ssl_speed_up_enter();
while((ret = mbedtls_handshake(&ssl_pm->ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
// exit handshake in case of any other error
break;
} else if (ssl->bio) {
// exit even if wanted read/write if BIO used
if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
ssl->rwstate = SSL_READING;
} else if (ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
ssl->rwstate = SSL_WRITING;
}
return ret;
}
}
ssl_speed_up_exit();
ssl->rwstate = SSL_NOTHING;
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_handshake() return -0x%x", -ret);
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
ret = 0;
} else {
struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm;
x509_pm->ex_crt = (mbedtls_x509_crt *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl);
ret = 1;
}
return ret;
}
int ssl_pm_shutdown(SSL *ssl)
{
int ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ret = mbedtls_ssl_close_notify(&ssl_pm->ssl);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_close_notify() return -0x%x", -ret);
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
ret = -1;
} else {
struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm;
x509_pm->ex_crt = NULL;
}
return ret;
}
int ssl_pm_clear(SSL *ssl)
{
return ssl_pm_shutdown(ssl);
}
int ssl_pm_read(SSL *ssl, void *buffer, int len)
{
int ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ret = mbedtls_ssl_read(&ssl_pm->ssl, buffer, len);
if (ret < 0) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_read() return -0x%x", -ret);
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
ret = -1;
}
return ret;
}
int ssl_pm_send(SSL *ssl, const void *buffer, int len)
{
int ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ret = mbedtls_ssl_write(&ssl_pm->ssl, buffer, len);
if (ret < 0) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_write() return -0x%x", -ret);
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
ret = -1;
}
return ret;
}
int ssl_pm_pending(const SSL *ssl)
{
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
return mbedtls_ssl_get_bytes_avail(&ssl_pm->ssl);
}
void ssl_pm_set_fd(SSL *ssl, int fd, int mode)
{
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ssl_pm->fd.fd = fd;
}
void ssl_pm_set_hostname(SSL *ssl, const char *hostname)
{
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
mbedtls_ssl_set_hostname(&ssl_pm->ssl, hostname);
}
int ssl_pm_get_fd(const SSL *ssl, int mode)
{
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
return ssl_pm->fd.fd;
}
OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl)
{
OSSL_HANDSHAKE_STATE state;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
switch (ssl_pm->ssl.state)
{
case MBEDTLS_SSL_CLIENT_HELLO:
state = TLS_ST_CW_CLNT_HELLO;
break;
case MBEDTLS_SSL_SERVER_HELLO:
state = TLS_ST_SW_SRVR_HELLO;
break;
case MBEDTLS_SSL_SERVER_CERTIFICATE:
state = TLS_ST_SW_CERT;
break;
case MBEDTLS_SSL_SERVER_HELLO_DONE:
state = TLS_ST_SW_SRVR_DONE;
break;
case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
state = TLS_ST_CW_KEY_EXCH;
break;
case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
state = TLS_ST_CW_CHANGE;
break;
case MBEDTLS_SSL_CLIENT_FINISHED:
state = TLS_ST_CW_FINISHED;
break;
case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
state = TLS_ST_SW_CHANGE;
break;
case MBEDTLS_SSL_SERVER_FINISHED:
state = TLS_ST_SW_FINISHED;
break;
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
state = TLS_ST_CW_CERT;
break;
case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
state = TLS_ST_SR_KEY_EXCH;
break;
case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:
state = TLS_ST_SW_SESSION_TICKET;
break;
case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:
state = TLS_ST_SW_CERT_REQ;
break;
case MBEDTLS_SSL_HANDSHAKE_OVER:
state = TLS_ST_OK;
break;
default :
state = TLS_ST_BEFORE;
break;
}
return state;
}
int x509_pm_show_info(X509 *x)
{
int ret;
char *buf;
mbedtls_x509_crt *x509_crt;
struct x509_pm *x509_pm = x->x509_pm;
if (x509_pm->x509_crt)
x509_crt = x509_pm->x509_crt;
else if (x509_pm->ex_crt)
x509_crt = x509_pm->ex_crt;
else
x509_crt = NULL;
if (!x509_crt)
return -1;
buf = ssl_mem_malloc(X509_INFO_STRING_LENGTH);
if (!buf) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (buf)");
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
goto no_mem;
}
ret = mbedtls_x509_crt_info(buf, X509_INFO_STRING_LENGTH - 1, "", x509_crt);
if (ret <= 0) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_info() return -0x%x", -ret);
OPENSSL_PUT_LIB_ERROR(ERR_LIB_X509, ret);
goto mbedtls_err1;
}
buf[ret] = 0;
ssl_mem_free(buf);
SSL_DEBUG(SSL_DEBUG_ON, "%s", buf);
return 0;
mbedtls_err1:
ssl_mem_free(buf);
no_mem:
return -1;
}
int x509_pm_new(X509 *x, X509 *m_x)
{
struct x509_pm *x509_pm;
x509_pm = ssl_mem_zalloc(sizeof(struct x509_pm));
if (!x509_pm) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm)");
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
goto failed1;
}
x->x509_pm = x509_pm;
if (m_x) {
struct x509_pm *m_x509_pm = (struct x509_pm *)m_x->x509_pm;
x509_pm->ex_crt = m_x509_pm->x509_crt;
}
return 0;
failed1:
return -1;
}
void x509_pm_free(X509 *x)
{
struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm;
if (x509_pm->x509_crt) {
mbedtls_x509_crt_free(x509_pm->x509_crt);
ssl_mem_free(x509_pm->x509_crt);
x509_pm->x509_crt = NULL;
}
ssl_mem_free(x->x509_pm);
x->x509_pm = NULL;
}
int x509_pm_load(X509 *x, const unsigned char *buffer, int len)
{
int ret;
unsigned char *load_buf;
struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm;
if (x509_pm->x509_crt)
mbedtls_x509_crt_free(x509_pm->x509_crt);
if (!x509_pm->x509_crt) {
x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt));
if (!x509_pm->x509_crt) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm->x509_crt)");
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
goto no_mem;
}
}
load_buf = ssl_mem_malloc(len + 1);
if (!load_buf) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
goto failed;
}
ssl_memcpy(load_buf, buffer, len);
load_buf[len] = '\0';
mbedtls_x509_crt_init(x509_pm->x509_crt);
ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1);
ssl_mem_free(load_buf);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_parse return -0x%x", -ret);
OPENSSL_PUT_LIB_ERROR(ERR_LIB_X509, ret);
goto failed;
}
return 0;
failed:
mbedtls_x509_crt_free(x509_pm->x509_crt);
ssl_mem_free(x509_pm->x509_crt);
x509_pm->x509_crt = NULL;
no_mem:
return -1;
}
int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey)
{
struct pkey_pm *pkey_pm;
pkey_pm = ssl_mem_zalloc(sizeof(struct pkey_pm));
if (!pkey_pm)
return -1;
pk->pkey_pm = pkey_pm;
if (m_pkey) {
struct pkey_pm *m_pkey_pm = (struct pkey_pm *)m_pkey->pkey_pm;
pkey_pm->ex_pkey = m_pkey_pm->pkey;
}
return 0;
}
void pkey_pm_free(EVP_PKEY *pk)
{
struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm;
if (pkey_pm->pkey) {
mbedtls_pk_free(pkey_pm->pkey);
ssl_mem_free(pkey_pm->pkey);
pkey_pm->pkey = NULL;
}
ssl_mem_free(pk->pkey_pm);
pk->pkey_pm = NULL;
}
int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len)
{
int ret;
unsigned char *load_buf;
struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm;
if (pkey_pm->pkey)
mbedtls_pk_free(pkey_pm->pkey);
if (!pkey_pm->pkey) {
pkey_pm->pkey = ssl_mem_malloc(sizeof(mbedtls_pk_context));
if (!pkey_pm->pkey) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (pkey_pm->pkey)");
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
goto no_mem;
}
}
load_buf = ssl_mem_malloc(len + 1);
if (!load_buf) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
goto failed;
}
ssl_memcpy(load_buf, buffer, len);
load_buf[len] = '\0';
mbedtls_pk_init(pkey_pm->pkey);
ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len + 1, NULL, 0);
ssl_mem_free(load_buf);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_pk_parse_key return -0x%x", -ret);
OPENSSL_PUT_LIB_ERROR(ERR_LIB_PKCS8, ret);
goto failed;
}
return 0;
failed:
mbedtls_pk_free(pkey_pm->pkey);
ssl_mem_free(pkey_pm->pkey);
pkey_pm->pkey = NULL;
no_mem:
return -1;
}
void ssl_pm_set_bufflen(SSL *ssl, int len)
{
max_content_len = len;
}
long ssl_pm_get_verify_result(const SSL *ssl)
{
uint32_t ret;
long verify_result;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ret = mbedtls_ssl_get_verify_result(&ssl_pm->ssl);
if (ret) {
SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_get_verify_result() return 0x%x", ret);
OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
verify_result = X509_V_ERR_UNSPECIFIED;
} else
verify_result = X509_V_OK;
return verify_result;
}
/**
* @brief set expected hostname on peer cert CN
*/
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const char *name, size_t namelen)
{
SSL *ssl = (SSL *)((char *)param - offsetof(SSL, param));
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
char *name_cstr = NULL;
if (namelen) {
name_cstr = malloc(namelen + 1);
if (!name_cstr) {
return 0;
}
memcpy(name_cstr, name, namelen);
name_cstr[namelen] = '\0';
name = name_cstr;
}
mbedtls_ssl_set_hostname(&ssl_pm->ssl, name);
if (namelen) {
free(name_cstr);
}
return 1;
}

28
components/openssl/platform/ssl_port.c
View File

@ -1,28 +0,0 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ssl_port.h"
/*********************************************************************************************/
/********************************* SSL general interface *************************************/
void *ssl_mem_zalloc(size_t size)
{
void *p = malloc(size);
if (p)
memset(p, 0, size);
return p;
}

2
components/openssl/test/CMakeLists.txt
View File

@ -1,2 +0,0 @@
idf_component_register(SRC_DIRS "."
PRIV_REQUIRES cmock test_utils openssl)

152
components/openssl/test/test_openssl.c
View File

@ -1,152 +0,0 @@
/* Copyright (c) 2014, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING
#include "openssl/ssl.h"
#include "unity.h"
/**
* @brief This simple test suite is taken from OpenSSL err_test.cc and bio_test.cc, the relevant test
* cases were adopted to the supported fraction of OpenSSL port in esp-idf
*/
//
// Basic error stack support and test
//
#define ERR_NUM_ERRORS 4
TEST_CASE("ErrTest, Overflow", "[openssl]")
{
for (unsigned i = 0; i < ERR_NUM_ERRORS*2; i++) {
ERR_put_error(1, 0 /* unused */, i+1, "test", 1);
}
for (unsigned i = 0; i < ERR_NUM_ERRORS - 1; i++) {
uint32_t err = ERR_get_error();
/* Errors are returned in order they were pushed, with the least recent ones
* removed, up to |ERR_NUM_ERRORS - 1| errors. So the errors returned are
* |ERR_NUM_ERRORS + 2| through |ERR_NUM_ERRORS * 2|, inclusive. */
TEST_ASSERT_NOT_EQUAL(0u, err);
TEST_ASSERT_EQUAL(i + ERR_NUM_ERRORS + 2, ERR_GET_REASON(err));
}
TEST_ASSERT_EQUAL(0u, ERR_get_error());
}
TEST_CASE("ErrTest, PutError", "[openssl]")
{
TEST_ASSERT_EQUAL(0u, ERR_get_error()); // ERR_get_error returned value before an error was added.
ERR_put_error(1, 0 /* unused */, 2, "test", 4);
int peeked_line, line, peeked_flags, flags;
const char *peeked_file, *file, *peeked_data, *data;
uint32_t peeked_packed_error =
ERR_peek_error_line_data(&peeked_file, &peeked_line, &peeked_data,
&peeked_flags);
uint32_t packed_error = ERR_get_error_line_data(&file, &line, &data, &flags);
TEST_ASSERT_EQUAL(peeked_packed_error, packed_error);
TEST_ASSERT_EQUAL(peeked_file, file);
TEST_ASSERT_EQUAL_STRING("test", file);
TEST_ASSERT_EQUAL(4, line);
TEST_ASSERT_EQUAL(1, ERR_GET_LIB(packed_error));
TEST_ASSERT_EQUAL(2, ERR_GET_REASON(packed_error));
}
TEST_CASE("ErrTest, ClearError", "[openssl]")
{
TEST_ASSERT_EQUAL(0u, ERR_get_error()); // ERR_get_error returned value before an error was added.
ERR_put_error(1, 0 /* unused */, 2, "test", 4);
ERR_clear_error();
// The error queue should be cleared.
TEST_ASSERT_EQUAL(0u, ERR_get_error());
}
//
// Simplified BIO support and check
//
TEST_CASE("BioTest, TestPair", "[openssl]")
{
BIO *bio1, *bio2;
TEST_ASSERT_NOT_EQUAL(0, BIO_new_bio_pair(&bio1, 10, &bio2, 10));
TEST_ASSERT_EQUAL(BIO_ctrl_get_write_guarantee(bio1), 10);
// Data written in one end may be read out the other.
char buf[20];
TEST_ASSERT_EQUAL(5, BIO_write(bio1, "12345", 5));
TEST_ASSERT_EQUAL(5, BIO_ctrl_get_write_guarantee(bio1));
TEST_ASSERT_EQUAL(5, BIO_read(bio2, buf, sizeof(buf)));
TEST_ASSERT_EQUAL_UINT8_ARRAY("12345", buf, 5);
TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1));
// Attempting to write more than 10 bytes will write partially.
TEST_ASSERT_EQUAL(10, BIO_write(bio1, "1234567890___", 13));
TEST_ASSERT_EQUAL(0, BIO_ctrl_get_write_guarantee(bio1));
TEST_ASSERT_EQUAL(-1, BIO_write(bio1, "z", 1));
TEST_ASSERT_TRUE(BIO_should_write(bio1));
TEST_ASSERT_EQUAL(10, BIO_read(bio2, buf, sizeof(buf)));
TEST_ASSERT_EQUAL_UINT8_ARRAY("1234567890", buf, 10);
TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1));
// Unsuccessful reads update the read request.
TEST_ASSERT_EQUAL(-1, BIO_read(bio2, buf, 5));
TEST_ASSERT_TRUE(BIO_should_read(bio2));
// The read request is clamped to the size of the buffer.
TEST_ASSERT_EQUAL(-1, BIO_read(bio2, buf, 20));
TEST_ASSERT_TRUE(BIO_should_read(bio2));
// Data may be written and read in chunks.
TEST_ASSERT_EQUAL(BIO_write(bio1, "12345", 5), 5);
TEST_ASSERT_EQUAL(5, BIO_ctrl_get_write_guarantee(bio1));
TEST_ASSERT_EQUAL(5, BIO_write(bio1, "67890___", 8));
TEST_ASSERT_EQUAL(0, BIO_ctrl_get_write_guarantee(bio1));
TEST_ASSERT_EQUAL(3, BIO_read(bio2, buf, 3));
TEST_ASSERT_EQUAL_UINT8_ARRAY("123", buf, 3);
TEST_ASSERT_EQUAL(3, BIO_ctrl_get_write_guarantee(bio1));
TEST_ASSERT_EQUAL(7, BIO_read(bio2, buf, sizeof(buf)));
TEST_ASSERT_EQUAL_UINT8_ARRAY("4567890", buf, 7);
TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1));
// Test writes and reads starting in the middle of the ring buffer and
// wrapping to front.
TEST_ASSERT_EQUAL(8, BIO_write(bio1, "abcdefgh", 8));
TEST_ASSERT_EQUAL(2, BIO_ctrl_get_write_guarantee(bio1));
TEST_ASSERT_EQUAL(3, BIO_read(bio2, buf, 3));
TEST_ASSERT_EQUAL_UINT8_ARRAY("abc", buf, 3);
TEST_ASSERT_EQUAL(5, BIO_ctrl_get_write_guarantee(bio1));
TEST_ASSERT_EQUAL(5, BIO_write(bio1, "ijklm___", 8));
TEST_ASSERT_EQUAL(0, BIO_ctrl_get_write_guarantee(bio1));
TEST_ASSERT_EQUAL(10, BIO_read(bio2, buf, sizeof(buf)));
TEST_ASSERT_EQUAL_UINT8_ARRAY("defghijklm", buf, 10);
TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1));
// Data may flow from both ends in parallel.
TEST_ASSERT_EQUAL(5, BIO_write(bio1, "12345", 5));
TEST_ASSERT_EQUAL(5, BIO_write(bio2, "67890", 5));
TEST_ASSERT_EQUAL(5, BIO_read(bio2, buf, sizeof(buf)));
TEST_ASSERT_EQUAL_UINT8_ARRAY("12345", buf, 5);
TEST_ASSERT_EQUAL(5, BIO_read(bio1, buf, sizeof(buf)));
TEST_ASSERT_EQUAL_UINT8_ARRAY("67890", buf, 5);
// Other tests below not imported since BIO_shutdown_wr() not supported
// - Closing the write end causes an EOF on the read half, after draining.
// - A closed write end may not be written to.
// - The other end is still functional.
}

1
docs/en/api-reference/protocols/index.rst
View File

@ -18,7 +18,6 @@ Application Protocols
esp_https_server esp_https_server
icmp_echo icmp_echo
mdns mdns
openssl_apis
Code examples for this API section are provided in the :example:`protocols` directory of ESP-IDF examples. Code examples for this API section are provided in the :example:`protocols` directory of ESP-IDF examples.

1801
docs/en/api-reference/protocols/openssl_apis.rst
View File

File diff suppressed because it is too large Load Diff

2
docs/en/migration-guides/removed-components.rst
View File

@ -21,3 +21,5 @@ For example, to install libsodium component with exact version X.Y, run: ``idf.p
To install libsodium component with the latest version compatible to X.Y according to `semver <https://semver.org/>`_ rules, run: ``idf.py add-dependency libsodium~X.Y``. To install libsodium component with the latest version compatible to X.Y according to `semver <https://semver.org/>`_ rules, run: ``idf.py add-dependency libsodium~X.Y``.
To find out which versions of each component are available, open https://components.espressif.com, search for the component by its name and check the versions listed on the component page. To find out which versions of each component are available, open https://components.espressif.com, search for the component by its name and check the versions listed on the component page.
.. note:: OpenSSL-API component is no longer supported. It is not available in the IDF Component Registry, either. Please use :doc:`ESP-TLS </api-reference/protocols/esp_tls>` or :component:`mbedtls` API directly.

1
docs/zh_CN/api-reference/protocols/index.rst
View File

@ -18,7 +18,6 @@
esp_https_server esp_https_server
icmp_echo icmp_echo
mdns mdns
openssl_apis
此 API 部分的示例代码存放在 ESP-IDF 示例项目的 :example:`protocols` 目录下。 此 API 部分的示例代码存放在 ESP-IDF 示例项目的 :example:`protocols` 目录下。

1
docs/zh_CN/api-reference/protocols/openssl_apis.rst
View File

@ -1 +0,0 @@
.. include:: ../../../en/api-reference/protocols/openssl_apis.rst

33
tools/ci/check_copyright_ignore.txt
View File

@ -1307,33 +1307,6 @@ components/nvs_flash/test_nvs_host/test_nvs_initialization.cpp
components/nvs_flash/test_nvs_host/test_nvs_partition.cpp components/nvs_flash/test_nvs_host/test_nvs_partition.cpp
components/nvs_flash/test_nvs_host/test_nvs_storage.cpp components/nvs_flash/test_nvs_host/test_nvs_storage.cpp
components/nvs_flash/test_nvs_host/test_spi_flash_emulation.cpp components/nvs_flash/test_nvs_host/test_spi_flash_emulation.cpp
components/openssl/include/internal/ssl3.h
components/openssl/include/internal/ssl_cert.h
components/openssl/include/internal/ssl_code.h
components/openssl/include/internal/ssl_dbg.h
components/openssl/include/internal/ssl_lib.h
components/openssl/include/internal/ssl_methods.h
components/openssl/include/internal/ssl_pkey.h
components/openssl/include/internal/ssl_stack.h
components/openssl/include/internal/ssl_types.h
components/openssl/include/internal/ssl_x509.h
components/openssl/include/internal/tls1.h
components/openssl/include/internal/x509_vfy.h
components/openssl/include/openssl/bio.h
components/openssl/include/openssl/err.h
components/openssl/include/platform/ssl_opt.h
components/openssl/include/platform/ssl_pm.h
components/openssl/include/platform/ssl_port.h
components/openssl/library/ssl_bio.c
components/openssl/library/ssl_cert.c
components/openssl/library/ssl_err.c
components/openssl/library/ssl_lib.c
components/openssl/library/ssl_methods.c
components/openssl/library/ssl_pkey.c
components/openssl/library/ssl_stack.c
components/openssl/platform/ssl_pm.c
components/openssl/platform/ssl_port.c
components/openssl/test/test_openssl.c
components/openthread/include/esp_openthread.h components/openthread/include/esp_openthread.h
components/openthread/include/esp_openthread_lock.h components/openthread/include/esp_openthread_lock.h
components/openthread/include/esp_openthread_netif_glue.h components/openthread/include/esp_openthread_netif_glue.h
@ -2491,12 +2464,6 @@ examples/protocols/mqtt/ws/main/app_main.c
examples/protocols/mqtt/ws/mqtt_ws_example_test.py examples/protocols/mqtt/ws/mqtt_ws_example_test.py
examples/protocols/mqtt/wss/main/app_main.c examples/protocols/mqtt/wss/main/app_main.c
examples/protocols/mqtt/wss/mqtt_wss_example_test.py examples/protocols/mqtt/wss/mqtt_wss_example_test.py
examples/protocols/openssl_client/example_test.py
examples/protocols/openssl_client/main/openssl_client_example.h
examples/protocols/openssl_client/main/openssl_client_example_main.c
examples/protocols/openssl_server/example_test.py
examples/protocols/openssl_server/main/openssl_server_example.h
examples/protocols/openssl_server/main/openssl_server_example_main.c
examples/protocols/slip/slip_udp/components/slip_modem/include/slip_modem.h examples/protocols/slip/slip_udp/components/slip_modem/include/slip_modem.h
examples/protocols/slip/slip_udp/main/slip_client_main.c examples/protocols/slip/slip_udp/main/slip_client_main.c
examples/protocols/smtp_client/main/smtp_client_example_main.c examples/protocols/smtp_client/main/smtp_client_example_main.c

14
tools/test_apps/protocols/openssl/CMakeLists.txt
View File

@ -1,14 +0,0 @@
# The following four lines of boilerplate have to be in your project's CMakeLists
# in this exact order for cmake to work correctly
cmake_minimum_required(VERSION 3.5)
# (Not part of the boilerplate)
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(openssl_connect_test)
target_add_binary_data(openssl_connect_test.elf "client_certs/ca.crt" TEXT)
target_add_binary_data(openssl_connect_test.elf "client_certs/ca.key" TEXT)

14
tools/test_apps/protocols/openssl/README.md
View File

@ -1,14 +0,0 @@
| Supported Targets | ESP32 | ESP32-S2 | ESP32-C3 |
| ----------------- | ----- | -------- | -------- |
# ESP-OPENSSL connect test project
Main purpose of this application is to test the ESP-OPENSSL library to correctly connect/refuse connectio with TLS servers.
It is possible to run this example manually without any test to exercise ESP-OPENSSL library.
## Runtime settings
This app waits for user input to provide these parameters:
test-type: "conn" connection test (host, port, test-case)
## Hardware Required
This test-app can be executed on any ESP32 board, the only required interface is WiFi and connection to a local network and tls server.

126
tools/test_apps/protocols/openssl/app_test.py
View File

@ -1,126 +0,0 @@
from __future__ import print_function, unicode_literals
import os
import re
import socket
import ssl
from threading import Event, Thread
import ttfw_idf
SERVER_CERTS_DIR = 'server_certs/'
def _path(f):
return os.path.join(os.path.dirname(os.path.realpath(__file__)),f)
def get_my_ip():
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
try:
# doesn't even have to be reachable
s.connect(('10.255.255.255', 1))
IP = s.getsockname()[0]
except socket.error:
IP = '127.0.0.1'
finally:
s.close()
return IP
# Simple TLS server
class TlsServer:
def __init__(self, port, negotiated_protocol=ssl.PROTOCOL_TLSv1):
self.port = port
self.socket = socket.socket()
self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
self.socket.settimeout(20.0)
self.shutdown = Event()
self.negotiated_protocol = negotiated_protocol
self.conn = None
self.ssl_error = None
self.server_thread = None
def __enter__(self):
try:
self.socket.bind(('', self.port))
except socket.error as e:
print('Bind failed:{}'.format(e))
raise
self.socket.listen(1)
self.server_thread = Thread(target=self.run_server)
self.server_thread.start()
return self
def __exit__(self, exc_type, exc_value, traceback):
self.shutdown.set()
self.server_thread.join()
self.socket.close()
if (self.conn is not None):
self.conn.close()
def run_server(self):
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.load_verify_locations(cafile=_path(SERVER_CERTS_DIR + 'ca.crt'))
context.load_cert_chain(certfile=_path(SERVER_CERTS_DIR + 'server.crt'), keyfile=_path(SERVER_CERTS_DIR + 'server.key'))
context.verify_flags = self.negotiated_protocol
self.socket = context.wrap_socket(self.socket, server_side=True)
try:
print('Listening socket')
self.conn, address = self.socket.accept() # accept new connection
self.socket.settimeout(20.0)
print(' - connection from: {}'.format(address))
except ssl.SSLError as e:
self.conn = None
self.ssl_error = str(e)
print(' - SSLError: {}'.format(str(e)))
@ttfw_idf.idf_custom_test(env_tag='Example_WIFI', group='test-apps')
def test_app_esp_openssl(env, extra_data):
dut1 = env.get_dut('openssl_connect_test', 'tools/test_apps/protocols/openssl', dut_class=ttfw_idf.ESP32DUT)
# check and log bin size
binary_file = os.path.join(dut1.app.binary_path, 'openssl_connect_test.bin')
bin_size = os.path.getsize(binary_file)
ttfw_idf.log_performance('openssl_connect_test_bin_size', '{}KB'.format(bin_size // 1024))
dut1.start_app()
esp_ip = dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30)
print('Got IP={}'.format(esp_ip[0]))
ip = get_my_ip()
server_port = 2222
def start_case(case, desc, negotiated_protocol, result):
with TlsServer(server_port, negotiated_protocol=negotiated_protocol):
print('Starting {}: {}'.format(case, desc))
dut1.write('conn {} {} {}'.format(ip, server_port, case))
dut1.expect(re.compile(result), timeout=10)
return case
# start test cases
start_case(
case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE',
desc='Connect with verify_none mode using wrong certs',
negotiated_protocol=ssl.PROTOCOL_TLSv1_1,
result='SSL Connection Succeed')
start_case(
case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER',
desc='Connect with verify_peer mode using wrong certs',
negotiated_protocol=ssl.PROTOCOL_TLSv1_1,
result='SSL Connection Failed')
start_case(
case='CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE',
desc='Connect with verify_none mode using wrong certs',
negotiated_protocol=ssl.PROTOCOL_TLSv1_2,
result='SSL Connection Succeed')
start_case(
case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER',
desc='Connect with verify_peer mode using wrong certs',
negotiated_protocol=ssl.PROTOCOL_TLSv1_2,
result='SSL Connection Failed')
if __name__ == '__main__':
test_app_esp_openssl()

20
tools/test_apps/protocols/openssl/client_certs/ca.crt
View File

@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDTTCCAjWgAwIBAgIUV+ePqdbRF3ln6vDyuopcmiQjLNcwDQYJKoZIhvcNAQEL
BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
CUVzcHJlc3NpZjAeFw0yMDEwMDQyMTA3MzhaFw0yMDExMDMyMTA3MzhaMDYxCzAJ
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdrEr3ams2MvGm8Xqd
9uMikvx/lQ2S1l5FD8kP7SaMmQJ6I9pLaDTSPzg7ZdiI94B7v1s+DJUPe9t9+Drb
zk1fyI9SFooSkiTKcNcDq0MIKlI/6pBp9B86Bn+wpLL+u8G6616X8ERREltJ/HJh
oR41zCHWYKmkRIEMfXPcRbiqw4dNtos5si26MIbBzouUAaN1odXnXGZxntAn3AmR
jQso9GkW2YlrLhpUFgwLxzJZE8EOZsYXvo4X0/n+LoZIiRAGnX6Zy45zMTWAP5ZL
DEo4RT8a2wOHXw6/as/ec7d7pZHk3lSzsfSONH38OWprieOqqnAK1TqBcjggPXvE
pRq/AgMBAAGjUzBRMB0GA1UdDgQWBBSA0K7lXEuCBvJ5pBixVYLN3lXwDDAfBgNV
HSMEGDAWgBSA0K7lXEuCBvJ5pBixVYLN3lXwDDAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQCaMiRZpBr48Nq4S1xMkPw+ILeyGxwHdHKYMuqrEtKW
ErRy1lij6ShCjKdXGLmjwOAtq8UV5BvtD6Rak88GwiP2D9Jn8Jw4oF7CGxQw/tjQ
+MxRF7ok8XNyp5fYkhGRYph0cMDhfYObku/cE9ser1UxKSq/szS9orTduyUfJZYd
Doe6R7KNTq9uPKs5Gk2Lu7gflqlcv89j+r+r+uWf45uLXGP/8iZ9KEJB7xKuNAR1
z1HovlFW1h08eLYpaLFKRXkSSmUhdEE59mdIYhToE9AHgoyGJqz3tkhzleRn6lmA
JhDVxbm2xFHWCG9SJ6f8OYHpjOrAKXlX45zOLjUVcsN9
-----END CERTIFICATE-----

27
tools/test_apps/protocols/openssl/client_certs/ca.key
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAnaxK92prNjLxpvF6nfbjIpL8f5UNktZeRQ/JD+0mjJkCeiPa
S2g00j84O2XYiPeAe79bPgyVD3vbffg6285NX8iPUhaKEpIkynDXA6tDCCpSP+qQ
afQfOgZ/sKSy/rvBuutel/BEURJbSfxyYaEeNcwh1mCppESBDH1z3EW4qsOHTbaL
ObItujCGwc6LlAGjdaHV51xmcZ7QJ9wJkY0LKPRpFtmJay4aVBYMC8cyWRPBDmbG
F76OF9P5/i6GSIkQBp1+mcuOczE1gD+WSwxKOEU/GtsDh18Ov2rP3nO3e6WR5N5U
s7H0jjR9/Dlqa4njqqpwCtU6gXI4ID17xKUavwIDAQABAoIBAAMEVvLhAGgrFWCi
Yjw/ix0QPvCaA4Z5v5gGs0wwt3odO2Tm5rhmqAwV1ZedXUVRpw23HaHUT83aCtsg
MtAd5HEev09MyxuL3FRbUGHrlv7DAIvkixrb5vUPRsY0gJBLO2u+MTMrD8OVXFXQ
FMg1cwSIgWU+uEBCZ0274MmoM95gk7ZFI3f5TSjFshSBdcaoewdZS0hhKo9GlhmY
Y/zRT0sQfzKZX8zRslqsWjHuJ1um8w+SRZhGX1Pdl8tZpAGoQASzaelJuNAzSQoD
wW+FhpMKAB4VNwgNOD1BDelDdJb1VlK+mt5I/U1tvetynks6NbuEqtMoKFQSXyVH
LLU7V9ECgYEA0U9mtFfmEyZDmvZaPBeiYwC5gYg5NK7QYFvIibkjvIrPvQUIP5jn
kvrZv2Nsyf6iH6oq4xhS8n+JhzteAOJu56YprHbOXcVo7KhxiUcqvUCWyrwL7LiC
zv0nVXW1SGNtSsZ334eI1B27L6wkVLTsz3tKPldn93s7zBE2tsbO2S0CgYEAwNgq
vO60mYrEu/u6Eje59PULuODiFX+cwJoqCmsh1Uc4N3ty5B3pm0eI4aCGPYWpA0aQ
ktxQVVHgXIVHDrqRCY+FqSoBQJ4/QNHtMYA23Uk5CcnrCKrhFtUwdXHbC2Lz1Men
DA8zaxJaaJvqREpQH6w7YLDGyH1Klpe9R4/+3xsCgYBacPKx7mEt2RTROq2W1aeH
G+MMQ25kgzzqxf4K9IKqj1hgFnKP+GPnsJiyCCYTygEHqaHKatI8kjs8wbxGqZC+
a6AKM3PMNOa3i7kzVhrzl5sQktycNsXe5qg+VxQz6TJqYwOdBJVtAkPFv54bM+o3
ZNCZy27TEt6tuKppo9HxKQKBgQCKYNNSHWvknaoMRla/ydMbTldqA5zX1mlx3235
aeSuOVvCnEfWHwzJSuyTEvAg529fFVyatZLDlmwLl+tkS0XV+XHs8GJTrvouljTB
B4LXCTrvpj+MSaoZC0OpktiedBQJhHZ+9c1ssI/FbtQMytJx19IH0PHjXdyO8TV2
S4KVLwKBgQCYEldaRhQhRVD2JiY2qWqdqDSytX+NkSMF7uJQeAtx1xD+mCQQpKPA
UviFoCpd6X2m2rGpEy/hOAlciS4LDuwzBlIR5XZgtIbTap5l0/fwS4cEvoP3ncYs
y8v+dZLTwu81IlShVIN1c0SszX+yNrVyfdvLLV1boOX4YzE75EObiw==
-----END RSA PRIVATE KEY-----

2
tools/test_apps/protocols/openssl/main/CMakeLists.txt
View File

@ -1,2 +0,0 @@
idf_component_register(SRCS "main.c" "connect_test.c"
INCLUDE_DIRS ".")

131
tools/test_apps/protocols/openssl/main/connect_test.c
View File

@ -1,131 +0,0 @@
#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING
#include <sys/socket.h>
#include <unistd.h>
#include <netdb.h>
#include <openssl/ssl.h>
#include "esp_log.h"
static const char *TAG = "OPENSSL_TEST";
static int open_connection(const char *host, const int port)
{
struct sockaddr_in addr;
struct hostent *h;
int sd;
if ((h = gethostbyname(host)) == NULL) {
ESP_LOGI(TAG, "Failed to get host name %s", host);
return -1;
}
sd = socket(AF_INET, SOCK_STREAM, 0);
bzero(&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = *(long*)(h->h_addr);
if (connect(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0) {
return -1;
}
return sd;
}
static SSL_CTX* init_ctx(const char *test_case)
{
extern const unsigned char cacert_pem_start[] asm("_binary_ca_crt_start");
extern const unsigned char cacert_pem_end[] asm("_binary_ca_crt_end");
const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
const SSL_METHOD *method = NULL;
SSL_CTX *ctx = NULL;
if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) {
method = TLSv1_1_client_method();
ctx = SSL_CTX_new(method); /* Create new context */
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
} else if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER") == 0) {
method = TLSv1_1_client_method();
ctx = SSL_CTX_new(method); /* Create new context */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
} else if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) {
method = TLSv1_2_client_method();
ctx = SSL_CTX_new(method); /* Create new context */
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
} else if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_PEER") == 0) {
method = TLSv1_2_client_method();
ctx = SSL_CTX_new(method); /* Create new context */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
}
X509 *x = d2i_X509(NULL, cacert_pem_start, cacert_pem_bytes);
if(!x) {
ESP_LOGI(TAG, "Loading certs failed");
goto failed;
}
SSL_CTX_add_client_CA(ctx, x);
return ctx;
failed:
return NULL;
}
static void start_test(const char *host, const int port, const char *test_case)
{
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
int sockfd;
int ret;
ESP_LOGI(TAG, "Test %s started", test_case);
ctx = init_ctx(test_case);
if (!ctx) {
ESP_LOGI(TAG, "Failed");
goto failed1;
}
ESP_LOGI(TAG, "Trying connect to %s port %d test case %s ...", host, port, test_case);
sockfd = open_connection(host, port);
if(sockfd < 0) {
ESP_LOGI(TAG,"Failed");
goto failed1;
}
ESP_LOGI(TAG, "OK");
ESP_LOGI(TAG, "Create SSL obj");
ssl = SSL_new(ctx);
if (!ssl) {
ESP_LOGI(TAG,"Failed");
goto failed2;
}
ESP_LOGI(TAG, "OK");
SSL_set_fd(ssl, sockfd);
ESP_LOGI(TAG, "SSL verify mode = %d connected to %s port %d ...", SSL_CTX_get_verify_mode(ctx),
host, port);
ret = SSL_connect(ssl);
ESP_LOGI(TAG, "OK");
if (ret <= 0) {
ESP_LOGI(TAG,"SSL Connection Failed");
goto failed3;
}
ESP_LOGI(TAG,"SSL Connection Succeed");
failed3:
SSL_free(ssl);
ssl = NULL;
failed2:
close(sockfd);
sockfd = -1;
failed1:
SSL_CTX_free(ctx);
ctx = NULL;
}
static void scan(char *s, char **test_type, char **host, int *p, char **test_case)
{
const char *delim = " ";
*test_type = strtok(s, delim);
*host = strtok(NULL, delim);
*p = atoi(strtok(NULL, delim));
*test_case = strtok(NULL, delim);
}
void connection_test(char *line)
{
char *test_case;
char *test_type;
char *host;
int port;
scan(line, &test_type, &host, &port, &test_case);
start_test(host, port, test_case);
}

70
tools/test_apps/protocols/openssl/main/main.c
View File

@ -1,70 +0,0 @@
/* OpenSSL client test
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include <stdio.h>
#include <stddef.h>
#include <string.h>
#include "esp_system.h"
#include "nvs_flash.h"
#include "esp_event.h"
#include "esp_netif.h"
#include "esp_log.h"
#include "protocol_examples_common.h"
static const char *TAG = "OPENSSL_TEST";
void connection_test(char *line);
static void get_string(char *line, size_t size)
{
int count = 0;
while (count < size) {
int c = fgetc(stdin);
if (c == '\n') {
line[count] = '\0';
break;
} else if (c > 0 && c < 127) {
line[count] = c;
++count;
}
vTaskDelay(10 / portTICK_PERIOD_MS);
}
}
void app_main(void)
{
char line[256];
ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size());
ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version());
esp_log_level_set("*", ESP_LOG_INFO);
esp_log_level_set("OPENSSL_CLIENT", ESP_LOG_VERBOSE);
esp_log_level_set("TRANSPORT_BASE", ESP_LOG_VERBOSE);
esp_log_level_set("TRANSPORT", ESP_LOG_VERBOSE);
esp_log_level_set("OUTBOX", ESP_LOG_VERBOSE);
ESP_ERROR_CHECK(nvs_flash_init());
ESP_ERROR_CHECK(esp_netif_init());
ESP_ERROR_CHECK(esp_event_loop_create_default());
/* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
* Read "Establishing Wi-Fi or Ethernet Connection" section in
* examples/protocols/README.md for more information about this function.
*/
ESP_ERROR_CHECK(example_connect());
while (1) {
get_string(line, sizeof(line));
if (memcmp(line, "conn", 4) == 0) {
// line starting with "conn" indicate connection tests
connection_test(line);
get_string(line, sizeof(line));
continue;
}
}
}

20
tools/test_apps/protocols/openssl/server_certs/ca.crt
View File

@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL
BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP
yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug
0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+
coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ
tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl
IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx
oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV
HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU
Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY
XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr
8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY
fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF
AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2
-----END CERTIFICATE-----

27
tools/test_apps/protocols/openssl/server_certs/ca.key
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+
trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz
kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp
QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS
HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94
XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0
VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui
khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA
wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd
ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF
qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB
t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/
8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X
BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9
Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU
EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI
pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl
F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA
/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A
zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H
DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW
6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt
Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj
gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f
eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ==
-----END RSA PRIVATE KEY-----

1
tools/test_apps/protocols/openssl/server_certs/ca.srl
View File

@ -1 +0,0 @@
2F41CC40E62F73ACADA631D44C6D40D87504A661

19
tools/test_apps/protocols/openssl/server_certs/server.crt
View File

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDCTCCAfECFC9BzEDmL3OsraYx1ExtQNh1BKZhMA0GCSqGSIb3DQEBCwUAMDYx
CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3By
ZXNzaWYwHhcNMjAwOTIzMDgwMDE5WhcNNDgwMjA5MDgwMDE5WjBMMQswCQYDVQQG
EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UECgwJRXNwcmVzc2lmMRQw
EgYDVQQDDAtDb21tb24gTmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANjphhEwXDfNjysOcPKhLoQQyZa/5ku3bZFHwlNf4XXbkmPOUgjWOq4JMDC6
WZB93Ey+OJHIowuoPkADlUtsWRgSLizttn50hcO9PWLfd4NBoNJGqJmh38UiS1tB
SO7YaFcAuXkv+SoirMw5bYuRTJQD8G/j5juvsMUWhif9WsYLPYurkksZqvdZHhrG
nRqPD76RwXpzPwMa5OOj3N9jIxrt4NI8vizjS4weq3e/VNNZS6L93CZFFDB+O382
ijtavThQ+S9LMyHe+EtoGyF/aSJk58pwo0J+u6t1iblHEBz0O3ZEuUn4vjtNSNnz
f2Mbc/MlPWoibTe2uw7XxbHyaQMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdpNQ
lPHWiXizOxK46pI2EfeggUTtlAFoDvAT+s2SdlwZKNw6Hf80yFJ55nnOgmiMN9aq
x7oXFBPdxhgWStqR+yN0KRyoc+5AS3lz4m61l2jIRYYhg7ItURxujGQPfHPcmQSp
A+gkMXt0DBsdYBz/xxa4Bgw9S/BWUsXMLPG95SAPpAObSZEs/QXagVg0fxzdZTc9
fajmP8S/5sO3MM+krpyh1NcrJZKm9poHYCG8bBOz19SNPl46eQHdoud3dstHPn0Q
+Jmg12w4HZ4Z5CU4zcgCWsGf0D/ezg15NEYU5r3hyskqFtTjOdoXY9cTdmgAtPGn
NiUtKzHKywP+pO5h0Q==
-----END CERTIFICATE-----

16
tools/test_apps/protocols/openssl/server_certs/server.csr
View File

@ -1,16 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICkTCCAXkCAQAwTDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
EjAQBgNVBAoMCUVzcHJlc3NpZjEUMBIGA1UEAwwLQ29tbW9uIE5hbWUwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY6YYRMFw3zY8rDnDyoS6EEMmWv+ZL
t22RR8JTX+F125JjzlII1jquCTAwulmQfdxMvjiRyKMLqD5AA5VLbFkYEi4s7bZ+
dIXDvT1i33eDQaDSRqiZod/FIktbQUju2GhXALl5L/kqIqzMOW2LkUyUA/Bv4+Y7
r7DFFoYn/VrGCz2Lq5JLGar3WR4axp0ajw++kcF6cz8DGuTjo9zfYyMa7eDSPL4s
40uMHqt3v1TTWUui/dwmRRQwfjt/Noo7Wr04UPkvSzMh3vhLaBshf2kiZOfKcKNC
frurdYm5RxAc9Dt2RLlJ+L47TUjZ839jG3PzJT1qIm03trsO18Wx8mkDAgMBAAGg
ADANBgkqhkiG9w0BAQsFAAOCAQEArUWZtrKI9cJEVP2WZXmsSI1vlLhSeqyv+d7z
5nx5Nzmyuhkck75sA6h7cTZ+QPyJbaijDv8cVx7ZWNhwhIjOD0f7LGMK3EYa8skv
SA92liKLL6zFWJKeJ/DhfM3PXp3g2jNKOwOuQkmWXdoqgR+VmlgA58gWS3EeBzNT
C1MwqSd2s/DHOOoEg4FRAjH7DXUSW09vph7zRYr7KzDRSAaE+2S0FK2Uxl7pzpUc
M2hh2GJ/yClP06XYl7OMFiIbp0hhyLBLLbXnZeYz570Cu8kCAhtfTE7CUiV7eAaY
2/Bv8/a5qxaVEI2cbjJsmn0RURkXzo0a3FrXJPBeWqsKlPqlBQ==
-----END CERTIFICATE REQUEST-----

27
tools/test_apps/protocols/openssl/server_certs/server.key
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA2OmGETBcN82PKw5w8qEuhBDJlr/mS7dtkUfCU1/hdduSY85S
CNY6rgkwMLpZkH3cTL44kcijC6g+QAOVS2xZGBIuLO22fnSFw709Yt93g0Gg0kao
maHfxSJLW0FI7thoVwC5eS/5KiKszDlti5FMlAPwb+PmO6+wxRaGJ/1axgs9i6uS
Sxmq91keGsadGo8PvpHBenM/Axrk46Pc32MjGu3g0jy+LONLjB6rd79U01lLov3c
JkUUMH47fzaKO1q9OFD5L0szId74S2gbIX9pImTnynCjQn67q3WJuUcQHPQ7dkS5
Sfi+O01I2fN/Yxtz8yU9aiJtN7a7DtfFsfJpAwIDAQABAoIBAAxoh2/SSWQz0R3Q
bKukhsmtQCrsfVsVeiIWbcphML+SOPSWp+CziJXOFsCi2F7IpGKLeybzyEfxbuYw
jkjLQOl8mMGfM5JWThSdbbaLPAX5Kh79RcXMGcXoKVFmEasAHC/l7bY+BU3gv+vK
2TZjsHLDKuzrp48AhOcxW6lL9/ZeMUcjg1Qr00s1KzYMpnPSQYT+dH5INTX1fxaY
gIOAipe4Xg5nJKB7eqI7B4d6EJaQhp+SIwtb3aZnETqPLRJFlyiqbaUVPDwWQ4qz
HtN+h749OdmhK6xOyfs02fJBrqpfSXT620qNZTsjfq+GoKCPL1VmSSVuzJtDDclH
e6ikPcECgYEA7+GKRCGHrO8QpubcIVr6VoCz9pwdzFxm5DOjVWfR/kJ2i51ne+f5
VTEfLlsLQmoY54sSm7ojqpqN+lM7vZfZ8S4V9M+6zGq1I6GK0CA4vTB39qRyqMcv
O+DahEQ+H7DlUsZUYMTjyeSlYcd70h2uQiKQSkDaWKpMYhL6n2/lWuMCgYEA53zf
GvhlB3QSw98vE07/xWEaZWpFGBgTdjMRl8lv0H7yiLV319ax5HwSJZrI9nCM23Lk
CiubgVSb8qtwnbJGlsKgvYbngtOsJMOhggAovyYY6U414hJBwRJz4jb9RIub7cpX
+9RQTw15I7UrQW/Gp7PtnViszDwLBMQOhg2dc2ECgYEA0jjcDV09I8bW1w3WuLyc
Sxa7oFGso54O5cqDR6OWmrbwYOZu/F2NWqWT5/IN6gRFExYEFsmH3ElaR5iN8FeV
vhFfWI577A1P9YvqtP6n+tTxLQttGJCGynkBx4xuzSMfteztoWirIBHrBcfmsXsl
bfwQa6JuN+n2yrRLQ1Kys3UCgYBR/gPUPLkkK7Pd1vaIo0mq8trzovF4OEbkbfBE
UCAfvGdRjt01ASGfaWbQFQQrbfAmZoppI8r/wyU9jgXkhVnFWoiuuNLVnv3xQ624
KzBDjE30jTQ+r/LEXTHYpVuN5NlFH4+MbkZHyeDniesZUWsOyYdXXSpPaNEKThtK
1hW34QKBgAcqVqoKWSFS2Z44LCE/E9npOxFHZdFsXy0U+EbLBNIoIEMbPex1c5ss
nUzpvQcw8wpEcKn8RKIOMzJtdSat5yzGUIpziRHeSdyYK7pnBHn40SR2yQYDH/YO
C9vrJRcoVFDOHmoQITCW/oOfL/QlKWgL54kmdHNDm8IqTKP2JYp4
-----END RSA PRIVATE KEY-----