alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

components/openssl: add base function version

Browse Source
This commit is contained in:
dongheng 2016-09-20 16:58:46 +08:00
parent db2da43fc1
commit 44c466c0ea
23 changed files with 2976 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
components/openssl/Makefile Normal file
View File

@ -0,0 +1,50 @@
#############################################################
# Required variables for each makefile
# Discard this section from all parent makefiles
# Expected variables (with automatic defaults):
# CSRCS (all "C" files in the dir)
# SUBDIRS (all subdirs with a Makefile)
# GEN_LIBS - list of libs to be generated ()
# GEN_IMAGES - list of images to be generated ()
# COMPONENTS_xxx - a list of libs/objs in the form
# subdir/lib to be extracted and rolled up into
# a generated lib/image xxx.a ()
#
ifndef PDIR
UP_EXTRACT_DIR = ..
GEN_LIBS = libopenssl.a
COMPONENTS_libopenssl = library/liblibrary.a platform/libplatform.a
endif
#############################################################
# Configuration i.e. compile options etc.
# Target specific stuff (defines etc.) goes in here!
# Generally values applying to a tree are captured in the
# makefile at its root level - these are then overridden
# for a subtree within the makefile rooted therein
#
#DEFINES +=
#############################################################
# Recursion Magic - Don't touch this!!
#
# Each subtree potentially has an include directory
# corresponding to the common APIs applicable to modules
# rooted at that subtree. Accordingly, the INCLUDE PATH
# of a module can only contain the include directories up
# its parent path, and not its siblings
#
# Required for each makefile to inherit from the parent
#
INCLUDES := $(INCLUDES) -I $(PDIR)include -I $(PDIR)include/platform -I $(PDIR)include/internal
INCLUDES += -I ./inlcude
INCLUDES += -I $(SDK_PATH)/include/openssl/internal
INCLUDES += -I ./
PDIR := ../$(PDIR)
sinclude $(PDIR)Makefile

22
components/openssl/include/internal/ssl3.h Normal file
View File

@ -0,0 +1,22 @@
#ifndef _SSL3_H_
#define _SSL3_H_
# define SSL3_AD_CLOSE_NOTIFY 0
# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */
# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */
# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */
# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */
# define SSL3_AD_NO_CERTIFICATE 41
# define SSL3_AD_BAD_CERTIFICATE 42
# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
# define SSL3_AD_CERTIFICATE_REVOKED 44
# define SSL3_AD_CERTIFICATE_EXPIRED 45
# define SSL3_AD_CERTIFICATE_UNKNOWN 46
# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */
# define SSL3_AL_WARNING 1
# define SSL3_AL_FATAL 2
#define SSL3_VERSION 0x0300
#endif

11
components/openssl/include/internal/ssl_cert.h Normal file
View File

@ -0,0 +1,11 @@
#ifndef _SSL_CERT_H_
#define _SSL_CERT_H_
#include "ssl_pkey.h"
#include "ssl_x509.h"
CERT *ssl_cert_new(void);
void ssl_cert_free(CERT *c);
#endif

95
components/openssl/include/internal/ssl_code.h Normal file
View File

@ -0,0 +1,95 @@
#ifndef _SSL_CODE_H_
#define _SSL_CODE_H_
#include "ssl3.h"
#include "tls1.h"
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
# define SSL_SENT_SHUTDOWN 1
# define SSL_RECEIVED_SHUTDOWN 2
/*
* The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
* should not need these
*/
# define SSL_ST_READ_HEADER 0xF0
# define SSL_ST_READ_BODY 0xF1
# define SSL_ST_READ_DONE 0xF2
# define SSL_NOTHING 1
# define SSL_WRITING 2
# define SSL_READING 3
# define SSL_X509_LOOKUP 4
# define SSL_ASYNC_PAUSED 5
# define SSL_ASYNC_NO_JOBS 6
# define SSL_ERROR_NONE 0
# define SSL_ERROR_SSL 1
# define SSL_ERROR_WANT_READ 2
# define SSL_ERROR_WANT_WRITE 3
# define SSL_ERROR_WANT_X509_LOOKUP 4
# define SSL_ERROR_SYSCALL 5/* look at error stack/return value/errno */
# define SSL_ERROR_ZERO_RETURN 6
# define SSL_ERROR_WANT_CONNECT 7
# define SSL_ERROR_WANT_ACCEPT 8
# define SSL_ERROR_WANT_ASYNC 9
# define SSL_ERROR_WANT_ASYNC_JOB 10
/* Message flow states */
typedef enum {
/* No handshake in progress */
MSG_FLOW_UNINITED,
/* A permanent error with this connection */
MSG_FLOW_ERROR,
/* We are about to renegotiate */
MSG_FLOW_RENEGOTIATE,
/* We are reading messages */
MSG_FLOW_READING,
/* We are writing messages */
MSG_FLOW_WRITING,
/* Handshake has finished */
MSG_FLOW_FINISHED
} MSG_FLOW_STATE;
typedef enum {
TLS_ST_BEFORE,
TLS_ST_OK,
DTLS_ST_CR_HELLO_VERIFY_REQUEST,
TLS_ST_CR_SRVR_HELLO,
TLS_ST_CR_CERT,
TLS_ST_CR_CERT_STATUS,
TLS_ST_CR_KEY_EXCH,
TLS_ST_CR_CERT_REQ,
TLS_ST_CR_SRVR_DONE,
TLS_ST_CR_SESSION_TICKET,
TLS_ST_CR_CHANGE,
TLS_ST_CR_FINISHED,
TLS_ST_CW_CLNT_HELLO,
TLS_ST_CW_CERT,
TLS_ST_CW_KEY_EXCH,
TLS_ST_CW_CERT_VRFY,
TLS_ST_CW_CHANGE,
TLS_ST_CW_NEXT_PROTO,
TLS_ST_CW_FINISHED,
TLS_ST_SW_HELLO_REQ,
TLS_ST_SR_CLNT_HELLO,
DTLS_ST_SW_HELLO_VERIFY_REQUEST,
TLS_ST_SW_SRVR_HELLO,
TLS_ST_SW_CERT,
TLS_ST_SW_KEY_EXCH,
TLS_ST_SW_CERT_REQ,
TLS_ST_SW_SRVR_DONE,
TLS_ST_SR_CERT,
TLS_ST_SR_KEY_EXCH,
TLS_ST_SR_CERT_VRFY,
TLS_ST_SR_NEXT_PROTO,
TLS_ST_SR_CHANGE,
TLS_ST_SR_FINISHED,
TLS_ST_SW_SESSION_TICKET,
TLS_ST_SW_CERT_STATUS,
TLS_ST_SW_CHANGE,
TLS_ST_SW_FINISHED
} OSSL_HANDSHAKE_STATE;
#endif

33
components/openssl/include/internal/ssl_dbg.h Normal file
View File

@ -0,0 +1,33 @@
#ifndef _SSL_DEBUG_H_
#define _SSL_DEBUG_H_
#define SSL_DEBUG_ENBALE 0
#define SSL_DEBUG_LEVEL 0
#define SSL_ASSERT_ENABLE 1
#define SSL_DEBUG_LOCATION_ENABLE 1
#if SSL_DEBUG_ENBALE
#define SSL_PRINT os_printf
#else
#define SSL_PRINT(...)
#endif
#if SSL_DEBUG_LOCATION_ENABLE
#define SSL_DEBUG_LOCATION() SSL_PRINT("%s %s line %d\n", __FILE__, __FUNCTION__, __LINE__)
#else
#define SSL_DEBUG_LOCATION()
#endif
#if SSL_ASSERT_ENABLE
#define SSL_ASSERT(s) { if (!(s)) { SSL_DEBUG_LOCATION(); } }
#else
#define SSL_ASSERT(s)
#endif
#define SSL_ERR(err, go, ...) { SSL_DEBUG_LOCATION(); SSL_PRINT(__VA_ARGS__); ret = err; goto go; }
#define SSL_RET(go, ...) { SSL_DEBUG_LOCATION(); SSL_PRINT(__VA_ARGS__); goto go; }
#define SSL_DEBUG(level, ...) { if (level > SSL_DEBUG_LEVEL) {SSL_PRINT(__VA_ARGS__);} }
#endif

11
components/openssl/include/internal/ssl_lib.h Normal file
View File

@ -0,0 +1,11 @@
#ifndef _SSL_LIB_H_
#define _SSL_LIB_H_
#include "ssl_types.h"
#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_WRITING)
#endif

46
components/openssl/include/internal/ssl_methods.h Normal file
View File

@ -0,0 +1,46 @@
#ifndef _SSL_METHODS_H_
#define _SSL_METHODS_H_
#define IMPLEMENT_TLS_METHOD_FUNC(func_name, \
new, free, \
handshake, shutdown, clear, \
read, send, pending, \
set_fd, get_fd, \
set_bufflen, \
get_state) \
static const SSL_METHOD_FUNC func_name = { \
new, \
free, \
handshake, \
shutdown, \
clear, \
read, \
send, \
pending, \
set_fd, \
get_fd, \
set_bufflen, \
get_state \
};
#define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \
const SSL_METHOD* func_name(void) { \
static const SSL_METHOD func_name##_data = { \
ver, \
mode, \
&(fun), \
}; \
return &func_name##_data; \
}
#define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \
const SSL_METHOD* func_name(void) { \
static const SSL_METHOD func_name##_data = { \
ver, \
mode, \
&(fun), \
}; \
return &func_name##_data; \
}
#endif

11
components/openssl/include/internal/ssl_pkey.h Normal file
View File

@ -0,0 +1,11 @@
#ifndef _SSL_PKEY_H_
#define _SSL_PKEY_H_
#include "ssl_types.h"
EVP_PKEY *d2i_PrivateKey(int type,
EVP_PKEY **a,
const unsigned char **pp,
long length);
#endif

14
components/openssl/include/internal/ssl_rsa.h Normal file
View File

@ -0,0 +1,14 @@
#ifndef _SSL_RSA_H_
#define _SSL_RSA_H_
#include "ssl_lib.h"
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
const unsigned char *d);
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
const unsigned char *d, long len);
#endif

190
components/openssl/include/internal/ssl_types.h Normal file
View File

@ -0,0 +1,190 @@
#ifndef _SSL_TYPES_H_
#define _SSL_TYPES_H_
#include "ssl_code.h"
#include <stddef.h>
typedef void SSL_CIPHER;
typedef void X509_STORE_CTX;
typedef void X509_NAME;
typedef void X509_STORE;
typedef void RSA;
typedef void STACK;
typedef void BIO;
#define STACK_OF(x) x
struct ssl_method_st;
typedef struct ssl_method_st SSL_METHOD;
struct ssl_method_func_st;
typedef struct ssl_method_func_st SSL_METHOD_FUNC;
struct record_layer_st;
typedef struct record_layer_st RECORD_LAYER;
struct ossl_statem_st;
typedef struct ossl_statem_st OSSL_STATEM;
struct ssl_session_st;
typedef struct ssl_session_st SSL_SESSION;
struct ssl_ctx_st;
typedef struct ssl_ctx_st SSL_CTX;
struct ssl_st;
typedef struct ssl_st SSL;
struct cert_st;
typedef struct cert_st CERT;
struct x509_st;
typedef struct x509_st X509;
struct evp_pkey_st;
typedef struct evp_pkey_st EVP_PKEY;
struct evp_pkey_st {
void *pkey_pm;
};
struct x509_st {
/* X509 certification platform private point */
void *x509_pm;
};
struct cert_st {
int sec_level;
X509 *x509;
EVP_PKEY *pkey;
};
struct ossl_statem_st {
MSG_FLOW_STATE state;
int hand_state;
};
struct record_layer_st {
int rstate;
int read_ahead;
};
struct ssl_session_st {
long timeout;
long time;
};
struct ssl_ctx_st
{
int version;
int references;
unsigned long options;
#if 0
struct alpn_protocols alpn_protocol;
#endif
const SSL_METHOD *method;
CERT *cert;
X509 *client_CA;
int verify_mode;
long session_timeout;
int read_ahead;
};
struct ssl_st
{
/* protocol version(one of SSL3.0, TLS1.0, etc.) */
int version;
unsigned long options;
/* shut things down(0x01 : sent, 0x02 : received) */
int shutdown;
CERT *cert;
SSL_CTX *ctx;
const SSL_METHOD *method;
RECORD_LAYER rlayer;
/* where we are */
OSSL_STATEM statem;
SSL_SESSION session;
int rwstate;
int err;
void (*info_callback) (const SSL *ssl, int type, int val);
/* SSL low-level system arch point */
void *ssl_pm;
};
struct ssl_method_st {
/* protocol version(one of SSL3.0, TLS1.0, etc.) */
int version;
/* SSL mode(client(0) , server(1), not known(-1)) */
int endpoint;
const SSL_METHOD_FUNC *func;
};
struct ssl_method_func_st {
int (*ssl_new)(SSL *ssl);
void (*ssl_free)(SSL *ssl);
int (*ssl_handshake)(SSL *ssl);
int (*ssl_shutdown)(SSL *ssl);
int (*ssl_clear)(SSL *ssl);
int (*ssl_read)(SSL *ssl, void *buffer, int len);
int (*ssl_send)(SSL *ssl, const void *buffer, int len);
int (*ssl_pending)(const SSL *ssl);
void (*ssl_set_fd)(SSL *ssl, int fd, int mode);
int (*ssl_get_fd)(const SSL *ssl, int mode);
void (*ssl_set_bufflen)(SSL *ssl, int len);
OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl);
};
typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out,
unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg);
#endif

12
components/openssl/include/internal/ssl_x509.h Normal file
View File

@ -0,0 +1,12 @@
#ifndef _SSL_X509_H_
#define _SSL_X509_H_
#include "ssl_types.h"
X509* sk_X509_NAME_new_null(void);
X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len);
void X509_free(X509 *cert);
#endif

33
components/openssl/include/internal/tls1.h Normal file
View File

@ -0,0 +1,33 @@
#ifndef _TLS1_H_
#define _TLS1_H_
# define TLS1_AD_DECRYPTION_FAILED 21
# define TLS1_AD_RECORD_OVERFLOW 22
# define TLS1_AD_UNKNOWN_CA 48/* fatal */
# define TLS1_AD_ACCESS_DENIED 49/* fatal */
# define TLS1_AD_DECODE_ERROR 50/* fatal */
# define TLS1_AD_DECRYPT_ERROR 51
# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */
# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */
# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */
# define TLS1_AD_INTERNAL_ERROR 80/* fatal */
# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */
# define TLS1_AD_USER_CANCELLED 90
# define TLS1_AD_NO_RENEGOTIATION 100
/* codes 110-114 are from RFC3546 */
# define TLS1_AD_UNSUPPORTED_EXTENSION 110
# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
# define TLS1_AD_UNRECOGNIZED_NAME 112
# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */
# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */
/* Special value for method supporting multiple versions */
#define TLS_ANY_VERSION 0x10000
#define TLS1_VERSION 0x0301
#define TLS1_1_VERSION 0x0302
#define TLS1_2_VERSION 0x0303
#endif

31
components/openssl/include/openssl/ssl.h
View File

@ -1,7 +1,7 @@
#ifndef HEADER_SSL_H #ifndef HEADER_SSL_H
#define HEADER_SSL_H #define HEADER_SSL_H
#include "ssl_types.h" #include "internal/ssl_types.h"
/* /*
{ {
@ -186,6 +186,15 @@ const SSL_METHOD* SSLv3_client_method(void);
*/ */
const SSL_METHOD* TLSv1_1_client_method(void); const SSL_METHOD* TLSv1_1_client_method(void);
/*
* TLSv1_1_client_method - create the target SSL context client method
*
* @param none
*
* @return the TLSV1.2 version SSL context client method
*/
const SSL_METHOD* TLSv1_2_client_method(void);
/* /*
* SSLv23_server_method - create the target SSL context server method * SSLv23_server_method - create the target SSL context server method
@ -205,6 +214,15 @@ const SSL_METHOD* SSLv23_server_method(void);
*/ */
const SSL_METHOD* TLSv1_1_server_method(void); const SSL_METHOD* TLSv1_1_server_method(void);
/*
* TLSv1_1_server_method - create the target SSL context server method
*
* @param none
*
* @return the TLSV1.2 version SSL context server method
*/
const SSL_METHOD* TLSv1_2_server_method(void);
/* /*
* TLSv1_server_method - create the target SSL context server method * TLSv1_server_method - create the target SSL context server method
* *
@ -774,7 +792,7 @@ int SSL_get_wfd(const SSL *ssl);
* SSL_set_read_ahead - set the SSL if we can read as many as data * SSL_set_read_ahead - set the SSL if we can read as many as data
* *
* @param ssl - SSL point * @param ssl - SSL point
* @param yes - enbale the function * @param yes - enable the function
* *
* @return none * @return none
*/ */
@ -813,7 +831,9 @@ long SSL_CTX_get_read_ahead(SSL_CTX *ctx);
* *
* @param ssl - SSL point * @param ssl - SSL point
* *
* @return SSL context ahead signal * @return
* 1 : there are bytes to be read
* 0 : no data
*/ */
int SSL_has_pending(const SSL *ssl); int SSL_has_pending(const SSL *ssl);
@ -840,7 +860,7 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);//loads the certificate x int
* 1 : OK * 1 : OK
* 0 : failed * 0 : failed
*/ */
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
/* /*
* SSL_CTX_use_certificate_file - load the certification file into SSL context * SSL_CTX_use_certificate_file - load the certification file into SSL context
@ -879,7 +899,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
* 1 : OK * 1 : OK
* 0 : failed * 0 : failed
*/ */
int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, long len);//adds the private key of type pk stored at memory location d (length len) to ctx int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);//adds the private key of type pk stored at memory location d (length len) to ctx
/* /*
* SSL_CTX_use_certificate_file - load the private key file into SSL context * SSL_CTX_use_certificate_file - load the private key file into SSL context
@ -1648,4 +1668,5 @@ const char *SSL_get_psk_identity_hint(SSL *ssl);
*/ */
const char *SSL_get_psk_identity(SSL *ssl); const char *SSL_get_psk_identity(SSL *ssl);
#endif #endif

41
components/openssl/include/platform/ssl_pm.h Normal file
View File

@ -0,0 +1,41 @@
#ifndef _SSL_PM_H_
#define _SSL_PM_H_
#include "ssl_types.h"
#include "esp_common.h"
void* ssl_zalloc(size_t size);
void *ssl_malloc(size_t size);
void ssl_free(void *p);
void* ssl_memcpy(void *to, const void *from, size_t size);
int ssl_pm_new(SSL *ssl);
void ssl_pm_free(SSL *ssl);
int ssl_pm_handshake(SSL *ssl);
int ssl_pm_shutdown(SSL *ssl);
int ssl_pm_clear(SSL *ssl);
int ssl_pm_read(SSL *ssl, void *buffer, int len);
int ssl_pm_send(SSL *ssl, const void *buffer, int len);
int ssl_pm_pending(const SSL *ssl);
void ssl_pm_set_fd(SSL *ssl, int fd, int mode);
int ssl_pm_get_fd(const SSL *ssl, int mode);
OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl);
void ssl_pm_set_bufflen(SSL *ssl, int len);
void* x509_pm_new(void);
void x509_pm_free(void *pm);
int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len);
void x509_pm_unload_crt(void *pm);
void x509_pm_start_ca(void *ssl, void *pm);
void* pkey_pm_new(void);
void pkey_pm_free(void *pm);
int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len);
void pkey_pm_unload_crt(void *pm);
#endif

46
components/openssl/library/Makefile Normal file
View File

@ -0,0 +1,46 @@
#############################################################
# Required variables for each makefile
# Discard this section from all parent makefiles
# Expected variables (with automatic defaults):
# CSRCS (all "C" files in the dir)
# SUBDIRS (all subdirs with a Makefile)
# GEN_LIBS - list of libs to be generated ()
# GEN_IMAGES - list of images to be generated ()
# COMPONENTS_xxx - a list of libs/objs in the form
# subdir/lib to be extracted and rolled up into
# a generated lib/image xxx.a ()
#
ifndef PDIR
GEN_LIBS = liblibrary.a
endif
#############################################################
# Configuration i.e. compile options etc.
# Target specific stuff (defines etc.) goes in here!
# Generally values applying to a tree are captured in the
# makefile at its root level - these are then overridden
# for a subtree within the makefile rooted therein
#
#DEFINES +=
#############################################################
# Recursion Magic - Don't touch this!!
#
# Each subtree potentially has an include directory
# corresponding to the common APIs applicable to modules
# rooted at that subtree. Accordingly, the INCLUDE PATH
# of a module can only contain the include directories up
# its parent path, and not its siblings
#
# Required for each makefile to inherit from the parent
#
INCLUDES := $(INCLUDES) -I $(PDIR)include
INCLUDES += -I ./
PDIR := ../$(PDIR)
sinclude $(PDIR)Makefile

28
components/openssl/library/ssl_cert.c Normal file
View File

@ -0,0 +1,28 @@
#include "ssl_cert.h"
#include "ssl_pm.h"
CERT *ssl_cert_new(void)
{
return ssl_zalloc(sizeof(CERT));
}
void ssl_cert_free(CERT *c)
{
if (c->x509)
X509_free(c->x509);
if (c->pkey)
EVP_PKEY_free(c->pkey);
ssl_free(c);
}
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
{
SSL_ASSERT(ctx);
SSL_ASSERT(x);
ctx->client_CA = x;
return 1;
}

1622
components/openssl/library/ssl_lib.c Normal file
View File

File diff suppressed because it is too large Load Diff

43
components/openssl/library/ssl_methods.c Normal file
View File

@ -0,0 +1,43 @@
#include "ssl_lib.h"
#include "ssl_methods.h"
#include "ssl_pm.h"
IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func,
ssl_pm_new, ssl_pm_free,
ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear,
ssl_pm_read, ssl_pm_send, ssl_pm_pending,
ssl_pm_set_fd, ssl_pm_get_fd,
ssl_pm_set_bufflen,
ssl_pm_get_state);
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method);
IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method);
IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 0, TLS_method_func, TLSv1_1_client_method);
IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method);
IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method);
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method);
IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method);
IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 1, TLS_method_func, TLSv1_2_server_method);
IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_server_method);
IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method);
IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method);
IMPLEMENT_SSL_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method);
IMPLEMENT_SSL_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method);
IMPLEMENT_SSL_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method);
IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method);

50
components/openssl/library/ssl_pkey.c Normal file
View File

@ -0,0 +1,50 @@
#include "ssl_lib.h"
#include "ssl_pkey.h"
#include "ssl_dbg.h"
#include "ssl_pm.h"
EVP_PKEY *d2i_PrivateKey(int type,
EVP_PKEY **a,
const unsigned char **pp,
long length)
{
EVP_PKEY *pkey;
void *pkey_pm;
int ret;
SSL_ASSERT(pp);
SSL_ASSERT(*pp);
SSL_ASSERT(length);
pkey = ssl_malloc(sizeof(EVP_PKEY));
if (!pkey)
SSL_RET(failed1, "ssl_malloc\n");
pkey_pm = pkey_pm_new();
if (!pkey_pm)
SSL_RET(failed2, "pkey_pm_new\n");
ret = pkey_pm_load_crt(pkey_pm, *pp, length);
if (ret)
SSL_RET(failed3, "pkey_pm_load_crt\n");
pkey->pkey_pm = pkey_pm;
if (a)
*a = pkey;
return pkey;
failed3:
pkey_pm_free(pkey_pm);
failed2:
ssl_free(pkey);
failed1:
return NULL;
}
void EVP_PKEY_free(EVP_PKEY *x)
{
pkey_pm_unload_crt(x->pkey_pm);
pkey_pm_free(x->pkey_pm);
ssl_free(x);
}

70
components/openssl/library/ssl_rsa.c Normal file
View File

@ -0,0 +1,70 @@
#include "ssl_lib.h"
#include "ssl_rsa.h"
#include "ssl_pkey.h"
#include "ssl_x509.h"
#include "ssl_dbg.h"
#include "ssl_pm.h"
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
{
SSL_ASSERT(ctx);
SSL_ASSERT(x);
ctx->cert->x509 = x;
return 1;
}
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
const unsigned char *d)
{
int ret;
X509 *cert;
cert = d2i_X509(NULL, d, len);
if (!cert)
SSL_RET(failed1, "d2i_X509\n");
ret = SSL_CTX_use_certificate(ctx, cert);
if (!ret)
SSL_RET(failed2, "SSL_CTX_use_certificate\n");
return 1;
failed2:
X509_free(cert);
failed1:
return 0;
}
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
SSL_ASSERT(ctx);
SSL_ASSERT(pkey);
ctx->cert->pkey = pkey;
return 1;
}
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
const unsigned char *d, long len)
{
int ret;
EVP_PKEY *pkey;
pkey = d2i_PrivateKey(0, NULL, &d, len);
if (!pkey)
SSL_RET(failed1, "d2i_PrivateKey\n");
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
if (!ret)
SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n");
return 1;
failed2:
EVP_PKEY_free(pkey);
failed1:
return 0;
}

54
components/openssl/library/ssl_x509.c Normal file
View File

@ -0,0 +1,54 @@
#include "ssl_x509.h"
#include "ssl_dbg.h"
#include "ssl_pm.h"
X509* sk_X509_NAME_new_null(void)
{
return ssl_malloc(sizeof(X509));
}
X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
{
X509 *x509_crt;
void *x509_pm;
int ret;
SSL_ASSERT(cert);
SSL_ASSERT(buffer);
SSL_ASSERT(len);
x509_crt = sk_X509_NAME_new_null();
if (!x509_crt)
SSL_RET(failed1, "");
x509_pm = x509_pm_new();
if (!x509_pm)
SSL_RET(failed2, "");
ret = x509_pm_load_crt(x509_pm, buffer, len);
if (ret)
SSL_RET(failed3, "");
x509_crt->x509_pm = x509_pm;
if (cert)
*cert = x509_crt;
return x509_crt;
failed3:
x509_pm_free(x509_pm);
failed2:
ssl_free(x509_crt);
failed1:
return NULL;
}
void X509_free(X509 *cert)
{
if (cert->x509_pm) {
x509_pm_unload_crt(cert->x509_pm);
x509_pm_free(cert->x509_pm);
}
ssl_free(cert);
};

46
components/openssl/platform/Makefile Normal file
View File

@ -0,0 +1,46 @@
#############################################################
# Required variables for each makefile
# Discard this section from all parent makefiles
# Expected variables (with automatic defaults):
# CSRCS (all "C" files in the dir)
# SUBDIRS (all subdirs with a Makefile)
# GEN_LIBS - list of libs to be generated ()
# GEN_IMAGES - list of images to be generated ()
# COMPONENTS_xxx - a list of libs/objs in the form
# subdir/lib to be extracted and rolled up into
# a generated lib/image xxx.a ()
#
ifndef PDIR
GEN_LIBS = libplatform.a
endif
#############################################################
# Configuration i.e. compile options etc.
# Target specific stuff (defines etc.) goes in here!
# Generally values applying to a tree are captured in the
# makefile at its root level - these are then overridden
# for a subtree within the makefile rooted therein
#
#DEFINES +=
#############################################################
# Recursion Magic - Don't touch this!!
#
# Each subtree potentially has an include directory
# corresponding to the common APIs applicable to modules
# rooted at that subtree. Accordingly, the INCLUDE PATH
# of a module can only contain the include directories up
# its parent path, and not its siblings
#
# Required for each makefile to inherit from the parent
#
INCLUDES := $(INCLUDES) -I $(PDIR)include
INCLUDES += -I ./
PDIR := ../$(PDIR)
sinclude $(PDIR)Makefile

422
components/openssl/platform/ssl_pm.c Normal file
View File

@ -0,0 +1,422 @@
#include "ssl_pm.h"
#include "ssl_dbg.h"
/* mbedtls include */
#include "mbedtls/platform.h"
#include "mbedtls/net.h"
#include "mbedtls/debug.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
#include "mbedtls/certs.h"
struct ssl_pm
{
/* local socket file description */
mbedtls_net_context fd;
/* remote client socket file description */
mbedtls_net_context cl_fd;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_entropy_context entropy;
};
struct x509_pm
{
mbedtls_x509_crt x509_crt;
};
struct pkey_pm
{
mbedtls_pk_context pkey;
};
unsigned int max_content_len;
/*********************************************************************************************/
/********************************* SSL general interface *************************************/
void* ssl_zalloc(size_t size)
{
void *p = malloc(size);
if (p)
memset(p, 0, size);
return p;
}
void *ssl_malloc(size_t size)
{
return zalloc(size);
}
void ssl_free(void *p)
{
free(p);
}
void* ssl_memcpy(void *to, const void *from, size_t size)
{
return memcpy(to, from, size);
}
void ssl_speed_up_enter(void)
{
}
void ssl_speed_up_exit(void)
{
}
/*********************************************************************************************/
/************************************ SSL arch interface *************************************/
int ssl_pm_new(SSL *ssl)
{
struct ssl_pm *ssl_pm;
int ret;
char *pers;
int endpoint;
SSL_CTX *ctx = ssl->ctx;
const SSL_METHOD *method = ssl->method;
ssl_pm = malloc(sizeof(struct ssl_pm));
if (!ssl_pm)
return -1;
if (method->endpoint) {
pers = "server";
endpoint = MBEDTLS_SSL_IS_SERVER;
} else {
pers = "client";
endpoint = MBEDTLS_SSL_IS_CLIENT;
}
//max_content_len = 4096;
mbedtls_net_init(&ssl_pm->fd);
mbedtls_net_init(&ssl_pm->cl_fd);
mbedtls_ssl_config_init(&ssl_pm->conf);
mbedtls_ctr_drbg_init(&ssl_pm->ctr_drbg);
mbedtls_entropy_init(&ssl_pm->entropy);
mbedtls_ssl_init(&ssl_pm->ssl);
ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, (const unsigned char *)pers, strlen(pers));
if (ret)
SSL_ERR(ret, failed1, "mbedtls_ctr_drbg_seed:[-0x%x]\n", -ret);
ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
if (ret)
SSL_ERR(ret, failed2, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret);
mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg);
mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL);
if (ctx->client_CA->x509_pm) {
struct x509_pm *x509_pm = (struct x509_pm *)ctx->client_CA->x509_pm;
mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL);
mbedtls_ssl_conf_authmode(&ssl_pm->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
} else {
mbedtls_ssl_conf_authmode(&ssl_pm->conf, MBEDTLS_SSL_VERIFY_NONE);
}
if (ctx->cert->x509 &&
ctx->cert->pkey) {
struct x509_pm *x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm;
struct pkey_pm *pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm;
ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey);
if (ret)
SSL_ERR(ret, failed4, "mbedtls_ssl_conf_own_cert:[%d]\n", ret);
}
ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf);
if (ret)
SSL_ERR(ret, failed4, "mbedtls_ssl_setup:[-0x%x]\n", -ret);
mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL);
ssl->ssl_pm = ssl_pm;
return 0;
failed4:
mbedtls_ssl_config_free(&ssl_pm->conf);
failed3:
mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
failed2:
mbedtls_entropy_free(&ssl_pm->entropy);
failed1:
return -1;
}
void ssl_pm_free(SSL *ssl)
{
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
mbedtls_ssl_config_free(&ssl_pm->conf);
mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
mbedtls_entropy_free(&ssl_pm->entropy);
mbedtls_ssl_free(&ssl_pm->ssl);
mbedtls_net_free(&ssl_pm->fd);
mbedtls_net_free(&ssl_pm->cl_fd);
}
int ssl_pm_handshake(SSL *ssl)
{
int ret, mbed_ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ssl_speed_up_enter();
while((mbed_ret = mbedtls_ssl_handshake(&ssl_pm->ssl)) != 0) {
if (mbed_ret != MBEDTLS_ERR_SSL_WANT_READ && mbed_ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
break;
}
}
ssl_speed_up_exit();
if (!mbed_ret)
ret = 1;
else {
ret = 0;
SSL_DEBUG(1, "mbedtls_ssl_handshake [-0x%x]\n", -mbed_ret);
}
return ret;
}
int ssl_pm_shutdown(SSL *ssl)
{
int ret, mbed_ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
mbed_ret = mbedtls_ssl_close_notify(&ssl_pm->ssl);
if (!mbed_ret)
ret = 0;
else
ret = -1;
return ret;
}
int ssl_pm_clear(SSL *ssl)
{
return ssl_pm_shutdown(ssl);
}
int ssl_pm_read(SSL *ssl, void *buffer, int len)
{
int ret, mbed_ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
mbed_ret = mbedtls_ssl_read(&ssl_pm->ssl, buffer, len);
if (mbed_ret < 0)
ret = -1;
else if (mbed_ret == 0)
ret = 0;
else
ret = mbed_ret;
return ret;
}
int ssl_pm_send(SSL *ssl, const void *buffer, int len)
{
int ret, mbed_ret;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
mbed_ret = mbedtls_ssl_write(&ssl_pm->ssl, buffer, len);
if (mbed_ret < 0)
ret = -1;
else if (mbed_ret == 0)
ret = 0;
else
ret = mbed_ret;
return ret;
}
int ssl_pm_pending(const SSL *ssl)
{
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
return mbedtls_ssl_get_bytes_avail(&ssl_pm->ssl);
}
void ssl_pm_set_fd(SSL *ssl, int fd, int mode)
{
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
ssl_pm->fd.fd = fd;
}
int ssl_pm_get_fd(const SSL *ssl, int mode)
{
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
return ssl_pm->fd.fd;
}
OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl)
{
OSSL_HANDSHAKE_STATE state;
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
switch (ssl_pm->ssl.state)
{
case MBEDTLS_SSL_CLIENT_HELLO:
state = TLS_ST_CW_CLNT_HELLO;
break;
case MBEDTLS_SSL_SERVER_HELLO:
state = TLS_ST_SW_SRVR_HELLO;
break;
case MBEDTLS_SSL_SERVER_CERTIFICATE:
state = TLS_ST_SW_CERT;
break;
case MBEDTLS_SSL_SERVER_HELLO_DONE:
state = TLS_ST_SW_SRVR_DONE;
break;
case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
state = TLS_ST_CW_KEY_EXCH;
break;
case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
state = TLS_ST_CW_CHANGE;
break;
case MBEDTLS_SSL_CLIENT_FINISHED:
state = TLS_ST_CW_FINISHED;
break;
case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
state = TLS_ST_SW_CHANGE;
break;
case MBEDTLS_SSL_SERVER_FINISHED:
state = TLS_ST_SW_FINISHED;
break;
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
state = TLS_ST_CW_CERT;
break;
case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
state = TLS_ST_SR_KEY_EXCH;
break;
case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:
state = TLS_ST_SW_SESSION_TICKET;
break;
case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:
state = TLS_ST_SW_CERT_REQ;
break;
case MBEDTLS_SSL_HANDSHAKE_OVER:
state = TLS_ST_OK;
break;
default :
state = TLS_ST_BEFORE;
break;
}
return state;
}
void* x509_pm_new(void)
{
return ssl_malloc(sizeof(struct x509_pm));
}
void x509_pm_free(void *pm)
{
ssl_free(pm);
}
int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len)
{
int ret;
unsigned char *load_buf;
struct x509_pm *x509_pm = (struct x509_pm *)pm;
load_buf = ssl_malloc(len + 1);
if (!load_buf)
SSL_RET(failed1, "");
ssl_memcpy(load_buf, buffer, len);
load_buf[len] = '\0';
mbedtls_x509_crt_init(&x509_pm->x509_crt);
ret = mbedtls_x509_crt_parse(&x509_pm->x509_crt, load_buf, len);
ssl_free(load_buf);
if (ret)
SSL_RET(failed1, "");
return 0;
failed1:
return -1;
}
void x509_pm_unload_crt(void *pm)
{
struct x509_pm *x509_pm = (struct x509_pm *)pm;
mbedtls_x509_crt_free(&x509_pm->x509_crt);
}
void* pkey_pm_new(void)
{
return ssl_malloc(sizeof(struct pkey_pm));
}
void pkey_pm_free(void *pm)
{
ssl_free(pm);
}
int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len)
{
int ret;
unsigned char *load_buf;
struct pkey_pm *pkey_pm = (struct pkey_pm *)pm;
load_buf = ssl_malloc(len + 1);
if (!load_buf)
SSL_RET(failed1, "");
ssl_memcpy(load_buf, buffer, len);
load_buf[len] = '\0';
mbedtls_pk_init(&pkey_pm->pkey);
ret = mbedtls_pk_parse_key(&pkey_pm->pkey, load_buf, len, NULL, 0);
ssl_free(load_buf);
if (ret)
SSL_RET(failed1, "");
return 0;
failed1:
return -1;
}
void pkey_pm_unload_crt(void *pm)
{
struct pkey_pm *pkey_pm = (struct pkey_pm *)pm;
mbedtls_pk_free(&pkey_pm->pkey);
}
void ssl_pm_set_bufflen(SSL *ssl, int len)
{
max_content_len = len;
}