diff --git a/components/openssl/Makefile.projbuild b/components/openssl/Makefile.projbuild index 51300efd11..b1d5641231 100644 --- a/components/openssl/Makefile.projbuild +++ b/components/openssl/Makefile.projbuild @@ -1,4 +1,3 @@ # Anyone compiling mbedTLS code needs the name of the # alternative config file -CFLAGS += -DMBEDTLS_CONFIG_FILE='"mbedtls/esp_config.h"' diff --git a/components/openssl/include/internal/ssl3.h b/components/openssl/include/internal/ssl3.h index d7c254563b..c90d546df0 100644 --- a/components/openssl/include/internal/ssl3.h +++ b/components/openssl/include/internal/ssl3.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL3_H_ #define _SSL3_H_ diff --git a/components/openssl/include/internal/ssl_cert.h b/components/openssl/include/internal/ssl_cert.h index e0b3ea75dc..109012a194 100644 --- a/components/openssl/include/internal/ssl_cert.h +++ b/components/openssl/include/internal/ssl_cert.h @@ -1,11 +1,23 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_CERT_H_ #define _SSL_CERT_H_ -#include "ssl_pkey.h" -#include "ssl_x509.h" - -CERT *ssl_cert_new(void); +#include "ssl_types.h" +CERT* ssl_cert_new(void); void ssl_cert_free(CERT *c); #endif diff --git a/components/openssl/include/internal/ssl_code.h b/components/openssl/include/internal/ssl_code.h index d45abff680..1510ce6ff4 100644 --- a/components/openssl/include/internal/ssl_code.h +++ b/components/openssl/include/internal/ssl_code.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_CODE_H_ #define _SSL_CODE_H_ diff --git a/components/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h index 436d33132f..27a192b28f 100644 --- a/components/openssl/include/internal/ssl_dbg.h +++ b/components/openssl/include/internal/ssl_dbg.h @@ -1,13 +1,29 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_DEBUG_H_ #define _SSL_DEBUG_H_ -#define SSL_DEBUG_ENBALE 0 +#define SSL_DEBUG_ENBALE 1 #define SSL_DEBUG_LEVEL 0 #define SSL_ASSERT_ENABLE 1 #define SSL_DEBUG_LOCATION_ENABLE 1 #if SSL_DEBUG_ENBALE - #define SSL_PRINT os_printf + extern int ets_printf(const char *fmt, ...); + + #define SSL_PRINT ets_printf #else #define SSL_PRINT(...) #endif diff --git a/components/openssl/include/internal/ssl_lib.h b/components/openssl/include/internal/ssl_lib.h index 0881fbbfdb..6ea547a7c5 100644 --- a/components/openssl/include/internal/ssl_lib.h +++ b/components/openssl/include/internal/ssl_lib.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_LIB_H_ #define _SSL_LIB_H_ diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h index e2806f177a..b72b17ad3d 100644 --- a/components/openssl/include/internal/ssl_methods.h +++ b/components/openssl/include/internal/ssl_methods.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_METHODS_H_ #define _SSL_METHODS_H_ @@ -8,7 +22,7 @@ set_fd, get_fd, \ set_bufflen, \ get_state) \ - static const SSL_METHOD_FUNC func_name = { \ + static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \ new, \ free, \ handshake, \ @@ -25,7 +39,7 @@ #define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \ const SSL_METHOD* func_name(void) { \ - static const SSL_METHOD func_name##_data = { \ + static const SSL_METHOD func_name##_data LOCAL_ATRR = { \ ver, \ mode, \ &(fun), \ @@ -35,7 +49,7 @@ #define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \ const SSL_METHOD* func_name(void) { \ - static const SSL_METHOD func_name##_data = { \ + static const SSL_METHOD func_name##_data LOCAL_ATRR = { \ ver, \ mode, \ &(fun), \ @@ -43,4 +57,37 @@ return &func_name##_data; \ } +#define IMPLEMENT_X509_METHOD(func_name, \ + new, \ + free, \ + load, \ + unload) \ + const X509_METHOD* func_name(void) { \ + static const X509_METHOD func_name##_data LOCAL_ATRR = { \ + new, \ + free, \ + load, \ + unload, \ + }; \ + return &func_name##_data; \ + } + +#define IMPLEMENT_PKEY_METHOD(func_name, \ + new, \ + free, \ + load, \ + unload) \ + const PKEY_METHOD* func_name(void) { \ + static const PKEY_METHOD func_name##_data LOCAL_ATRR = { \ + new, \ + free, \ + load, \ + unload, \ + }; \ + return &func_name##_data; \ + } + +const X509_METHOD* X509_method(void); +const PKEY_METHOD* EVP_PKEY_method(void); + #endif diff --git a/components/openssl/include/internal/ssl_pkey.h b/components/openssl/include/internal/ssl_pkey.h index c7170244a6..34be294efe 100644 --- a/components/openssl/include/internal/ssl_pkey.h +++ b/components/openssl/include/internal/ssl_pkey.h @@ -1,9 +1,25 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_PKEY_H_ #define _SSL_PKEY_H_ #include "ssl_types.h" -EVP_PKEY *d2i_PrivateKey(int type, +EVP_PKEY* EVP_PKEY_new(void); + +EVP_PKEY* d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length); diff --git a/components/openssl/include/internal/ssl_rsa.h b/components/openssl/include/internal/ssl_rsa.h index 7530bde734..d0ce40312c 100644 --- a/components/openssl/include/internal/ssl_rsa.h +++ b/components/openssl/include/internal/ssl_rsa.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_RSA_H_ #define _SSL_RSA_H_ diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 19eb6cb165..417350627c 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -1,8 +1,21 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_TYPES_H_ #define _SSL_TYPES_H_ #include "ssl_code.h" -#include typedef void SSL_CIPHER; @@ -47,15 +60,25 @@ typedef struct x509_st X509; struct evp_pkey_st; typedef struct evp_pkey_st EVP_PKEY; +struct x509_method_st; +typedef struct x509_method_st X509_METHOD; + +struct pkey_method_st; +typedef struct pkey_method_st PKEY_METHOD; + struct evp_pkey_st { void *pkey_pm; + + const PKEY_METHOD *method; }; struct x509_st { /* X509 certification platform private point */ void *x509_pm; + + const X509_METHOD *method; }; struct cert_st { @@ -111,6 +134,8 @@ struct ssl_ctx_st long session_timeout; int read_ahead; + + int read_buffer_len; }; struct ssl_st @@ -183,8 +208,34 @@ struct ssl_method_func_st { OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl); }; +struct x509_method_st { + + int (*x509_new)(X509 *x); + + void (*x509_free)(X509 *x); + + int (*x509_load)(X509 *x, const unsigned char *buf, int len); + + void (*x509_unload)(X509 *x); +}; + +struct pkey_method_st { + + int (*pkey_new)(EVP_PKEY *pkey); + + void (*pkey_free)(EVP_PKEY *pkey); + + int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len); + + void (*pkey_unload)(EVP_PKEY *pkey); +}; + typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg); +#define SSL_METHOD_CALL(f, s, ...) s->method->func->ssl_##f(s, ##__VA_ARGS__) +#define X509_METHOD_CALL(f, x, ...) x->method->x509_##f(x, ##__VA_ARGS__) +#define EVP_PKEY_METHOD_CALL(f, k, ...) k->method->pkey_##f(k, ##__VA_ARGS__) + #endif diff --git a/components/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h index 28a7baf513..a169352bac 100644 --- a/components/openssl/include/internal/ssl_x509.h +++ b/components/openssl/include/internal/ssl_x509.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_X509_H_ #define _SSL_X509_H_ diff --git a/components/openssl/include/internal/tls1.h b/components/openssl/include/internal/tls1.h index 70de22bb5b..b2da639194 100644 --- a/components/openssl/include/internal/tls1.h +++ b/components/openssl/include/internal/tls1.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _TLS1_H_ #define _TLS1_H_ diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h index 89cb5bb9f7..0d4c9c2080 100644 --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -1,6 +1,21 @@ -#ifndef HEADER_SSL_H -#define HEADER_SSL_H +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef _SSL_H_ +#define _SSL_H_ + +#include "ssl_port.h" #include "internal/ssl_types.h" /* diff --git a/components/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h index a6731cff7f..783ba5445e 100644 --- a/components/openssl/include/platform/ssl_pm.h +++ b/components/openssl/include/platform/ssl_pm.h @@ -1,14 +1,24 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef _SSL_PM_H_ #define _SSL_PM_H_ #include "ssl_types.h" -#include "esp_types.h" -#include "esp_system.h" +#include "ssl_port.h" -void* ssl_zalloc(size_t size); -void *ssl_malloc(size_t size); -void ssl_free(void *p); -void* ssl_memcpy(void *to, const void *from, size_t size); +#define LOCAL_ATRR int ssl_pm_new(SSL *ssl); void ssl_pm_free(SSL *ssl); @@ -28,15 +38,15 @@ OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl); void ssl_pm_set_bufflen(SSL *ssl, int len); -void* x509_pm_new(void); -void x509_pm_free(void *pm); -int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len); -void x509_pm_unload_crt(void *pm); -void x509_pm_start_ca(void *ssl, void *pm); +int x509_pm_new(X509 *x); +void x509_pm_free(X509 *x); +int x509_pm_load(X509 *x, const unsigned char *buffer, int len); +void x509_pm_unload(X509 *x); +void x509_pm_start_ca(X509 *x); -void* pkey_pm_new(void); -void pkey_pm_free(void *pm); -int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len); -void pkey_pm_unload_crt(void *pm); +int pkey_pm_new(EVP_PKEY *pkey); +void pkey_pm_free(EVP_PKEY *pkey); +int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len); +void pkey_pm_unload(EVP_PKEY *pkey); #endif diff --git a/components/openssl/include/platform/ssl_port.h b/components/openssl/include/platform/ssl_port.h index 252e2566c3..48a7c7ca97 100644 --- a/components/openssl/include/platform/ssl_port.h +++ b/components/openssl/include/platform/ssl_port.h @@ -1,17 +1,16 @@ -/* Copyright 2015-2016 Espressif Systems (Wuxi) PTE LTD - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. #ifndef _SSL_PORT_H_ #define _SSL_PORT_H_ diff --git a/components/openssl/library/ssl_cert.c b/components/openssl/library/ssl_cert.c index 5332592460..0bdba459d3 100644 --- a/components/openssl/library/ssl_cert.c +++ b/components/openssl/library/ssl_cert.c @@ -1,29 +1,68 @@ -#include "ssl_cert.h" -#include "ssl_dbg.h" -#include "ssl_pm.h" +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "ssl_cert.h" +#include "ssl_pkey.h" +#include "ssl_x509.h" +#include "ssl_dbg.h" +#include "ssl_port.h" + +/* + * ssl_cert_new - create a certification object include private key object + * + * @param none + * + * @return certification object point or NULL if failed + */ CERT *ssl_cert_new(void) { - return ssl_zalloc(sizeof(CERT)); + CERT *cert; + + cert = ssl_zalloc(sizeof(CERT)); + if (!cert) + SSL_RET(failed1, "ssl_zalloc\n"); + + cert->pkey = EVP_PKEY_new(); + if (!cert->pkey) + SSL_RET(failed2, "EVP_PKEY_new\n"); + + cert->x509 = sk_X509_NAME_new_null(); + if (!cert->x509) + SSL_RET(failed3, "sk_X509_NAME_new_null\n"); + + return cert; + +failed3: + EVP_PKEY_free(cert->pkey); +failed2: + ssl_free(cert); +failed1: + return NULL; } +/* + * ssl_cert_free - free a certification object + * + * @param c - certification object point + * + * @return none + */ void ssl_cert_free(CERT *c) { - if (c->x509) - X509_free(c->x509); + X509_free(c->x509); - if (c->pkey) - EVP_PKEY_free(c->pkey); + EVP_PKEY_free(c->pkey); ssl_free(c); } - -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) -{ - SSL_ASSERT(ctx); - SSL_ASSERT(x); - - ctx->client_CA = x; - - return 1; -} diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index e1e112cc7b..331ed17bd5 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -1,11 +1,35 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #include "ssl_lib.h" #include "ssl_pkey.h" +#include "ssl_x509.h" #include "ssl_cert.h" #include "ssl_dbg.h" -#include "ssl_pm.h" +#include "ssl_port.h" #define SSL_SEND_DATA_MAX_LENGTH 1460 +/* + * ossl_statem_in_error - Discover whether the current connection is in the error state + * + * @param ssl - SSL point + * + * @return + * 1 : Yes + * 0 : no + */ int ossl_statem_in_error(const SSL *ssl) { if (ssl->statem.state == MSG_FLOW_ERROR) @@ -23,7 +47,7 @@ int ossl_statem_in_error(const SSL *ssl) */ int SSL_want(const SSL *ssl) { - return 0; + return ssl->rwstate; } /* @@ -131,7 +155,7 @@ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) SSL_ASSERT(ssl); - state = ssl->method->func->ssl_get_state(ssl); + state = SSL_METHOD_CALL(get_state, ssl); return state; } @@ -154,15 +178,15 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method) client_ca = sk_X509_NAME_new_null(); if (!client_ca) - SSL_ERR(-2, go_failed1, "ssl_ctx_new:ctx:[%d]\n", ret); + SSL_ERR(-2, go_failed1, "sk_X509_NAME_new_null\n"); cert = ssl_cert_new(); if (!cert) - SSL_ERR(-2, go_failed2, "ssl_ctx_new:ctx:[%d]\n", ret); + SSL_ERR(-2, go_failed2, "ssl_cert_new\n"); ctx = (SSL_CTX *)ssl_zalloc(sizeof(SSL_CTX)); if (!ctx) - SSL_ERR(-2, go_failed3, "ssl_ctx_new:ctx:[%d]\n", ret); + SSL_ERR(-2, go_failed3, "ssl_ctx_new:ctx\n"); ctx->method = method; ctx->cert = cert; @@ -215,6 +239,8 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->method = meth; + ctx->version = meth->version; + return 1; } @@ -258,10 +284,12 @@ SSL *SSL_new(SSL_CTX *ctx) ssl->version = ctx->version; ssl->options = ctx->options; - ret = ssl->method->func->ssl_new(ssl); + ret = SSL_METHOD_CALL(new, ssl); if (ret) SSL_RET(failed2, "ssl_new\n"); + ssl->rwstate = SSL_NOTHING; + return ssl; failed2: @@ -281,7 +309,7 @@ void SSL_free(SSL *ssl) { SSL_ASSERT(ssl); - ssl->method->func->ssl_free(ssl); + SSL_METHOD_CALL(free, ssl); ssl_free(ssl); } @@ -302,7 +330,7 @@ int SSL_do_handshake(SSL *ssl) SSL_ASSERT(ssl); - ret = ssl->method->func->ssl_handshake(ssl); + ret = SSL_METHOD_CALL(handshake, ssl); return ret; } @@ -357,7 +385,7 @@ int SSL_shutdown(SSL *ssl) if (SSL_get_state(ssl) != TLS_ST_OK) return 0; - ret = ssl->method->func->ssl_shutdown(ssl); + ret = SSL_METHOD_CALL(shutdown, ssl); return ret; } @@ -381,9 +409,9 @@ int SSL_clear(SSL *ssl) if (1 != ret) SSL_ERR(0, go_failed1, "SSL_shutdown\n"); - ssl->method->func->ssl_free(ssl); + SSL_METHOD_CALL(free, ssl); - ret = ssl->method->func->ssl_new(ssl); + ret = SSL_METHOD_CALL(new, ssl); if (!ret) SSL_ERR(0, go_failed1, "ssl_new\n"); @@ -413,7 +441,11 @@ int SSL_read(SSL *ssl, void *buffer, int len) SSL_ASSERT(buffer); SSL_ASSERT(len); - ret = ssl->method->func->ssl_read(ssl, buffer, len); + ssl->rwstate = SSL_READING; + + ret = SSL_METHOD_CALL(read, ssl, buffer, len); + + ssl->rwstate = SSL_NOTHING; return ret; } @@ -440,6 +472,8 @@ int SSL_write(SSL *ssl, const void *buffer, int len) SSL_ASSERT(buffer); SSL_ASSERT(len); + ssl->rwstate = SSL_WRITING; + send_bytes = len; pbuf = (const unsigned char *)buffer; @@ -451,13 +485,15 @@ int SSL_write(SSL *ssl, const void *buffer, int len) else bytes = send_bytes; - ret = ssl->method->func->ssl_send(ssl, buffer, len); + ret = SSL_METHOD_CALL(send, ssl, buffer, len); if (ret > 0) { pbuf += ret; send_bytes -= ret; } } while (ret > 0 && send_bytes); + ssl->rwstate = SSL_NOTHING; + send_bytes = len - send_bytes; if (send_bytes >= 0) ret = send_bytes; @@ -518,11 +554,11 @@ int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method) if (1 != ret) SSL_ERR(0, go_failed1, "SSL_shutdown\n"); - ssl->method->func->ssl_free(ssl); + SSL_METHOD_CALL(free, ssl); ssl->method = method; - ret = ssl->method->func->ssl_new(ssl); + ret = SSL_METHOD_CALL(new, ssl); if (!ret) SSL_ERR(0, go_failed1, "ssl_new\n"); } else { @@ -579,7 +615,7 @@ int SSL_pending(const SSL *ssl) SSL_ASSERT(ssl); - ret = ssl->method->func->ssl_pending(ssl); + ret = SSL_METHOD_CALL(pending, ssl); return ret; } @@ -705,7 +741,7 @@ int SSL_get_fd(const SSL *ssl) SSL_ASSERT(ssl); - ret = ssl->method->func->ssl_get_fd(ssl, 0); + ret = SSL_METHOD_CALL(get_fd, ssl, 0); return ret; } @@ -725,7 +761,7 @@ int SSL_get_rfd(const SSL *ssl) SSL_ASSERT(ssl); - ret = ssl->method->func->ssl_get_fd(ssl, 0); + ret = SSL_METHOD_CALL(get_fd, ssl, 0); return ret; } @@ -745,7 +781,7 @@ int SSL_get_wfd(const SSL *ssl) SSL_ASSERT(ssl); - ret = ssl->method->func->ssl_get_fd(ssl, 0); + ret = SSL_METHOD_CALL(get_fd, ssl, 0); return ret; } @@ -767,7 +803,7 @@ int SSL_set_fd(SSL *ssl, int fd) SSL_ASSERT(ssl); SSL_ASSERT(fd >= 0); - ssl->method->func->ssl_set_fd(ssl, fd, 0); + SSL_METHOD_CALL(set_fd, ssl, fd, 0); return 1; } @@ -789,7 +825,7 @@ int SSL_set_rfd(SSL *ssl, int fd) SSL_ASSERT(ssl); SSL_ASSERT(fd >= 0); - ssl->method->func->ssl_set_fd(ssl, fd, 0); + SSL_METHOD_CALL(set_fd, ssl, fd, 0); return 1; } @@ -811,7 +847,7 @@ int SSL_set_wfd(SSL *ssl, int fd) SSL_ASSERT(ssl); SSL_ASSERT(fd >= 0); - ssl->method->func->ssl_set_fd(ssl, fd, 0); + SSL_METHOD_CALL(set_fd, ssl, fd, 0); return 1; } @@ -1451,7 +1487,7 @@ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len) SSL_ASSERT(ctx); SSL_ASSERT(len); - ctx->method->func->ssl_set_bufflen(NULL, len); + ctx->read_buffer_len = len; } /* @@ -1467,7 +1503,7 @@ void SSL_set_default_read_buffer_len(SSL *ssl, size_t len) SSL_ASSERT(ssl); SSL_ASSERT(len); - ssl->method->func->ssl_set_bufflen(ssl, len); + SSL_METHOD_CALL(set_bufflen, ssl, len); } /* @@ -1688,3 +1724,18 @@ long SSL_set_timeout(SSL *ssl, long t) return t; } + +/* + * SSL_set_verify - set the SSL verifying of the SSL context + * + * @param ctx - SSL point + * @param mode - verifying mode + * @param verify_callback - verifying callback function + * + * @return none + */ +void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *)) +{ + SSL_ASSERT(ssl); + SSL_ASSERT(verify_callback); +} diff --git a/components/openssl/library/ssl_methods.c b/components/openssl/library/ssl_methods.c index 502262f7e9..0c5c6e7fa4 100644 --- a/components/openssl/library/ssl_methods.c +++ b/components/openssl/library/ssl_methods.c @@ -1,7 +1,24 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #include "ssl_lib.h" #include "ssl_methods.h" #include "ssl_pm.h" +/* + * TLS method function collection + */ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, ssl_pm_new, ssl_pm_free, ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear, @@ -10,6 +27,9 @@ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, ssl_pm_set_bufflen, ssl_pm_get_state); +/* + * TLS or SSL client method collection + */ IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method); IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method); @@ -20,7 +40,9 @@ IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method); IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method); - +/* + * TLS or SSL server method collection + */ IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method); IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method); @@ -31,7 +53,9 @@ IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_server_method); IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method); - +/* + * TLS or SSL method collection + */ IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method); IMPLEMENT_SSL_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method); @@ -41,3 +65,17 @@ IMPLEMENT_SSL_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method); IMPLEMENT_SSL_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method); IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method); + +/* + * X509 certification method collection + */ +IMPLEMENT_X509_METHOD(X509_method, + x509_pm_new, x509_pm_free, + x509_pm_load, x509_pm_unload); + +/* + * private key method collection + */ +IMPLEMENT_PKEY_METHOD(EVP_PKEY_method, + pkey_pm_new, pkey_pm_free, + pkey_pm_load, pkey_pm_unload); diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 2a170716c0..785ebf41db 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -1,50 +1,109 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #include "ssl_lib.h" #include "ssl_pkey.h" +#include "ssl_methods.h" #include "ssl_dbg.h" -#include "ssl_pm.h" +#include "ssl_port.h" -EVP_PKEY *d2i_PrivateKey(int type, - EVP_PKEY **a, - const unsigned char **pp, - long length) +/* + * EVP_PKEY_new - create a private key object + * + * @param none + * + * @return private key object point or NULL if failed + */ +EVP_PKEY* EVP_PKEY_new(void) { - EVP_PKEY *pkey; - void *pkey_pm; int ret; - - SSL_ASSERT(pp); - SSL_ASSERT(*pp); - SSL_ASSERT(length); + EVP_PKEY *pkey; pkey = ssl_malloc(sizeof(EVP_PKEY)); if (!pkey) SSL_RET(failed1, "ssl_malloc\n"); - pkey_pm = pkey_pm_new(); - if (!pkey_pm) - SSL_RET(failed2, "pkey_pm_new\n"); + pkey->method = EVP_PKEY_method(); - ret = pkey_pm_load_crt(pkey_pm, *pp, length); + ret = EVP_PKEY_METHOD_CALL(new, pkey); if (ret) - SSL_RET(failed3, "pkey_pm_load_crt\n"); - - pkey->pkey_pm = pkey_pm; - if (a) - *a = pkey; + SSL_RET(failed2, "pkey_new\n"); return pkey; -failed3: - pkey_pm_free(pkey_pm); failed2: ssl_free(pkey); failed1: return NULL; } -void EVP_PKEY_free(EVP_PKEY *x) +/* + * EVP_PKEY_free - free a private key object + * + * @param pkey - private key object point + * + * @return none + */ +void EVP_PKEY_free(EVP_PKEY *pkey) { - pkey_pm_unload_crt(x->pkey_pm); - pkey_pm_free(x->pkey_pm); - ssl_free(x); + EVP_PKEY_METHOD_CALL(free, pkey); + + ssl_free(pkey); +} + +/* + * d2i_PrivateKey - load a character key context into system context. If '*a' is pointed to the + * private key, then load key into it. Or create a new private key object + * + * @param type - private key type + * @param a - a point pointed to a private key point + * @param pp - a point pointed to the key context memory point + * @param length - key bytes + * + * @return private key object point or NULL if failed + */ +EVP_PKEY *d2i_PrivateKey(int type, + EVP_PKEY **a, + const unsigned char **pp, + long length) +{ + int ret; + EVP_PKEY *pkey; + + SSL_ASSERT(pp); + SSL_ASSERT(*pp); + SSL_ASSERT(length); + + if (a && *a) { + pkey = *a; + } else { + pkey = EVP_PKEY_new();; + if (!pkey) + SSL_RET(failed1, "ssl_malloc\n"); + } + + ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length); + if (ret) + SSL_RET(failed2, "pkey_pm_load_crt\n"); + + if (a) + *a = pkey; + + return pkey; + +failed2: + EVP_PKEY_free(pkey); +failed1: + return NULL; } diff --git a/components/openssl/library/ssl_rsa.c b/components/openssl/library/ssl_rsa.c index 9088f67f57..75a2d3baa7 100644 --- a/components/openssl/library/ssl_rsa.c +++ b/components/openssl/library/ssl_rsa.c @@ -1,10 +1,33 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #include "ssl_lib.h" #include "ssl_rsa.h" #include "ssl_pkey.h" #include "ssl_x509.h" #include "ssl_dbg.h" -#include "ssl_pm.h" +/* + * SSL_CTX_use_certificate - set the SSL context certification + * + * @param ctx - SSL context point + * @param x - X509 certification point + * + * @return + * 1 : OK + * 0 : failed + */ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) { SSL_ASSERT(ctx); @@ -15,13 +38,24 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) return 1; } +/* + * SSL_CTX_use_certificate_ASN1 - load certification into the SSL context + * + * @param ctx - SSL context point + * @param len - certification context bytes + * @param d - certification context point + * + * @return + * 1 : OK + * 0 : failed + */ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) { int ret; X509 *cert; - cert = d2i_X509(NULL, d, len); + cert = d2i_X509(&ctx->cert->x509, d, len); if (!cert) SSL_RET(failed1, "d2i_X509\n"); @@ -37,6 +71,16 @@ failed1: return 0; } +/* + * SSL_CTX_use_certificate - set the SSL context private key + * + * @param ctx - SSL context point + * @param x - private key point + * + * @return + * 1 : OK + * 0 : failed + */ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { SSL_ASSERT(ctx); @@ -47,13 +91,25 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) return 1; } +/* + * SSL_CTX_use_PrivateKey_ASN1 - load private key into the SSL context + * + * @param type - private key type + * @param ctx - SSL context point + * @param d - private key context point + * @param len - private key context bytes + * + * @return + * 1 : OK + * 0 : failed + */ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, long len) { int ret; EVP_PKEY *pkey; - pkey = d2i_PrivateKey(0, NULL, &d, len); + pkey = d2i_PrivateKey(0, &ctx->cert->pkey, &d, len); if (!pkey) SSL_RET(failed1, "d2i_PrivateKey\n"); @@ -68,3 +124,23 @@ failed2: failed1: return 0; } + +/* + * SSL_CTX_add_client_CA - set SSL context client CA certification + * + * @param ctx - SSL context point + * @param x - client CA certification point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(x); + + ctx->client_CA = x; + + return 1; +} diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 23aa00681e..fd2643e6b7 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -1,54 +1,100 @@ -#include "ssl_x509.h" -#include "ssl_dbg.h" -#include "ssl_pm.h" +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "ssl_x509.h" +#include "ssl_methods.h" +#include "ssl_dbg.h" +#include "ssl_port.h" + +/* + * sk_X509_NAME_new_null - create a X509 certification object + * + * @param none + * + * @return X509 certification object point or NULL if failed + */ X509* sk_X509_NAME_new_null(void) { - return ssl_malloc(sizeof(X509)); -} - -X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) -{ - X509 *x509_crt; - void *x509_pm; int ret; + X509 *x; - SSL_ASSERT(cert); - SSL_ASSERT(buffer); - SSL_ASSERT(len); + x = ssl_malloc(sizeof(X509)); + if (!x) + SSL_RET(failed1, "ssl_malloc\n"); - x509_crt = sk_X509_NAME_new_null(); - if (!x509_crt) - SSL_RET(failed1, ""); + x->method = X509_method(); - x509_pm = x509_pm_new(); - if (!x509_pm) - SSL_RET(failed2, ""); - - ret = x509_pm_load_crt(x509_pm, buffer, len); + ret = x->method->x509_new(x); if (ret) - SSL_RET(failed3, ""); + SSL_RET(failed2, "x509_new\n"); - x509_crt->x509_pm = x509_pm; - if (cert) - *cert = x509_crt; + return x; - return x509_crt; - -failed3: - x509_pm_free(x509_pm); failed2: - ssl_free(x509_crt); + ssl_free(x); failed1: return NULL; } -void X509_free(X509 *cert) +/* + * X509_free - free a X509 certification object + * + * @param x - X509 certification object point + * + * @return none + */ +void X509_free(X509 *x) { - if (cert->x509_pm) { - x509_pm_unload_crt(cert->x509_pm); - x509_pm_free(cert->x509_pm); - } - ssl_free(cert); + X509_METHOD_CALL(free, x); + + ssl_free(x); }; +/* + * d2i_X509 - load a character certification context into system context. If '*cert' is pointed to the + * certification, then load certification into it. Or create a new X509 certification object + * + * @param cert - a point pointed to X509 certification + * @param buffer - a point pointed to the certification context memory point + * @param length - certification bytes + * + * @return X509 certification object point or NULL if failed + */ +X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) +{ + int ret; + X509 *x; + + SSL_ASSERT(buffer); + SSL_ASSERT(len); + + if (cert && *cert) { + x = *cert; + } else { + x = sk_X509_NAME_new_null(); + if (!x) + SSL_RET(failed1, "sk_X509_NAME_new_null\n"); + } + + ret = X509_METHOD_CALL(load, x, buffer, len); + if (ret) + SSL_RET(failed2, "x509_load\n"); + + return x; + +failed2: + X509_free(x); +failed1: + return NULL; +} diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 9d207b3a0e..b8a046aa1e 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -1,4 +1,19 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #include "ssl_pm.h" +#include "ssl_port.h" #include "ssl_dbg.h" #include @@ -30,11 +45,15 @@ struct ssl_pm struct x509_pm { + int load; + mbedtls_x509_crt x509_crt; }; struct pkey_pm { + int load; + mbedtls_pk_context pkey; }; @@ -42,44 +61,6 @@ struct pkey_pm unsigned int max_content_len; -/*********************************************************************************************/ -/********************************* SSL general interface *************************************/ - -void* ssl_zalloc(size_t size) -{ - void *p = malloc(size); - - if (p) - memset(p, 0, size); - - return p; -} - -void *ssl_malloc(size_t size) -{ - return ssl_zalloc(size); -} - -void ssl_free(void *p) -{ - free(p); -} - -void* ssl_memcpy(void *to, const void *from, size_t size) -{ - return memcpy(to, from, size); -} - -void ssl_speed_up_enter(void) -{ - -} - -void ssl_speed_up_exit(void) -{ - -} - /*********************************************************************************************/ /************************************ SSL arch interface *************************************/ @@ -90,13 +71,18 @@ int ssl_pm_new(SSL *ssl) char *pers; int endpoint; + int mode; + int version; SSL_CTX *ctx = ssl->ctx; const SSL_METHOD *method = ssl->method; - ssl_pm = malloc(sizeof(struct ssl_pm)); + struct x509_pm *x509_pm; + struct pkey_pm *pkey_pm; + + ssl_pm = ssl_malloc(sizeof(struct ssl_pm)); if (!ssl_pm) - return -1; + SSL_ERR(ret, failed1, "ssl_malloc\n"); if (method->endpoint) { pers = "server"; @@ -124,21 +110,34 @@ int ssl_pm_new(SSL *ssl) if (ret) SSL_ERR(ret, failed2, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret); + if (TLS1_2_VERSION == ssl->version) + version = MBEDTLS_SSL_MINOR_VERSION_3; + else if (TLS1_1_VERSION == ssl->version) + version = MBEDTLS_SSL_MINOR_VERSION_2; + else if (TLS1_VERSION == ssl->version) + version = MBEDTLS_SSL_MINOR_VERSION_1; + else + version = MBEDTLS_SSL_MINOR_VERSION_0; + + mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version); + mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg); + mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL); - if (ctx->client_CA->x509_pm) { - struct x509_pm *x509_pm = (struct x509_pm *)ctx->client_CA->x509_pm; + x509_pm = (struct x509_pm *)ctx->client_CA->x509_pm; + if (x509_pm->load) { + mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL); - mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL); - mbedtls_ssl_conf_authmode(&ssl_pm->conf, MBEDTLS_SSL_VERIFY_REQUIRED); + mode = MBEDTLS_SSL_VERIFY_REQUIRED; } else { - mbedtls_ssl_conf_authmode(&ssl_pm->conf, MBEDTLS_SSL_VERIFY_NONE); + mode = MBEDTLS_SSL_VERIFY_NONE; } - if (ctx->cert->x509 && - ctx->cert->pkey) { - struct x509_pm *x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm; - struct pkey_pm *pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm; + mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode); + + pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm; + if (pkey_pm->load) { + x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm; ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey); if (ret) @@ -332,21 +331,24 @@ OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl) return state; } -void* x509_pm_new(void) +int x509_pm_new(X509 *x) { - return ssl_malloc(sizeof(struct x509_pm)); + struct x509_pm *x509_pm; + + x509_pm = ssl_malloc(sizeof(struct x509_pm)); + if (!x509_pm) + return -1; + + x->x509_pm = x509_pm; + + return 0; } -void x509_pm_free(void *pm) -{ - ssl_free(pm); -} - -int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len) +int x509_pm_load(X509 *x, const unsigned char *buffer, int len) { int ret; unsigned char *load_buf; - struct x509_pm *x509_pm = (struct x509_pm *)pm; + struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; load_buf = ssl_malloc(len + 1); if (!load_buf) @@ -362,34 +364,48 @@ int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len) if (ret) SSL_RET(failed1, ""); + x509_pm->load = 1; + return 0; failed1: return -1; } -void x509_pm_unload_crt(void *pm) +void x509_pm_unload(X509 *x) { - struct x509_pm *x509_pm = (struct x509_pm *)pm; + struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; mbedtls_x509_crt_free(&x509_pm->x509_crt); + + x509_pm->load = 0; } -void* pkey_pm_new(void) +void x509_pm_free(X509 *x) { - return ssl_malloc(sizeof(struct pkey_pm)); + x509_pm_unload(x); + + ssl_free(x->x509_pm); } -void pkey_pm_free(void *pm) +int pkey_pm_new(EVP_PKEY *pkey) { - ssl_free(pm); + struct pkey_pm *pkey_pm; + + pkey_pm = ssl_malloc(sizeof(struct pkey_pm)); + if (!pkey_pm) + return -1; + + pkey->pkey_pm = pkey_pm; + + return 0; } -int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len) +int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len) { int ret; unsigned char *load_buf; - struct pkey_pm *pkey_pm = (struct pkey_pm *)pm; + struct pkey_pm *pkey_pm = (struct pkey_pm *)pkey->pkey_pm; load_buf = ssl_malloc(len + 1); if (!load_buf) @@ -405,17 +421,28 @@ int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len) if (ret) SSL_RET(failed1, ""); + pkey_pm->load = 1; + return 0; failed1: return -1; } -void pkey_pm_unload_crt(void *pm) +void pkey_pm_unload(EVP_PKEY *pkey) { - struct pkey_pm *pkey_pm = (struct pkey_pm *)pm; + struct pkey_pm *pkey_pm = (struct pkey_pm *)pkey->pkey_pm; mbedtls_pk_free(&pkey_pm->pkey); + + pkey_pm->load = 0; +} + +void pkey_pm_free(EVP_PKEY *pkey) +{ + pkey_pm_unload(pkey); + + ssl_free(pkey->pkey_pm); } void ssl_pm_set_bufflen(SSL *ssl, int len) diff --git a/components/openssl/platform/ssl_port.c b/components/openssl/platform/ssl_port.c index 66aac5f6d9..4045e29116 100644 --- a/components/openssl/platform/ssl_port.c +++ b/components/openssl/platform/ssl_port.c @@ -1,17 +1,16 @@ -/* Copyright 2015-2016 Espressif Systems (Wuxi) PTE LTD - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. #include #include "ssl_port.h"