diff --git a/components/openssl/include/internal/ssl_rsa.h b/components/openssl/include/internal/ssl_rsa.h deleted file mode 100644 index d0ce40312c..0000000000 --- a/components/openssl/include/internal/ssl_rsa.h +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_RSA_H_ -#define _SSL_RSA_H_ - -#include "ssl_lib.h" - -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, - const unsigned char *d); - -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); -int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, - const unsigned char *d, long len); - -#endif diff --git a/components/openssl/include/platform/ssl_port.h b/components/openssl/include/platform/ssl_port.h index 48a7c7ca97..23ef5a8757 100644 --- a/components/openssl/include/platform/ssl_port.h +++ b/components/openssl/include/platform/ssl_port.h @@ -20,7 +20,9 @@ void* ssl_zalloc(size_t size); void *ssl_malloc(size_t size); void ssl_free(void *p); + void* ssl_memcpy(void *to, const void *from, size_t size); +size_t ssl_strlen(const char *src); void ssl_speed_up_enter(void); void ssl_speed_up_exit(void); diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 785ebf41db..0c8d9de8fa 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -107,3 +107,58 @@ failed2: failed1: return NULL; } + +/* + * SSL_CTX_use_certificate - set the SSL context private key + * + * @param ctx - SSL context point + * @param x - private key point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(pkey); + + ctx->cert->pkey = pkey; + + return 1; +} + +/* + * SSL_CTX_use_PrivateKey_ASN1 - load private key into the SSL context + * + * @param type - private key type + * @param ctx - SSL context point + * @param d - private key context point + * @param len - private key context bytes + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, + const unsigned char *d, long len) +{ + int ret; + EVP_PKEY *pkey; + + pkey = d2i_PrivateKey(0, &ctx->cert->pkey, &d, len); + if (!pkey) + SSL_RET(failed1, "d2i_PrivateKey\n"); + + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + if (!ret) + SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); + + return 1; + +failed2: + EVP_PKEY_free(pkey); +failed1: + return 0; +} + diff --git a/components/openssl/library/ssl_rsa.c b/components/openssl/library/ssl_rsa.c deleted file mode 100644 index 75a2d3baa7..0000000000 --- a/components/openssl/library/ssl_rsa.c +++ /dev/null @@ -1,146 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_lib.h" -#include "ssl_rsa.h" -#include "ssl_pkey.h" -#include "ssl_x509.h" -#include "ssl_dbg.h" - -/* - * SSL_CTX_use_certificate - set the SSL context certification - * - * @param ctx - SSL context point - * @param x - X509 certification point - * - * @return - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) -{ - SSL_ASSERT(ctx); - SSL_ASSERT(x); - - ctx->cert->x509 = x; - - return 1; -} - -/* - * SSL_CTX_use_certificate_ASN1 - load certification into the SSL context - * - * @param ctx - SSL context point - * @param len - certification context bytes - * @param d - certification context point - * - * @return - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, - const unsigned char *d) -{ - int ret; - X509 *cert; - - cert = d2i_X509(&ctx->cert->x509, d, len); - if (!cert) - SSL_RET(failed1, "d2i_X509\n"); - - ret = SSL_CTX_use_certificate(ctx, cert); - if (!ret) - SSL_RET(failed2, "SSL_CTX_use_certificate\n"); - - return 1; - -failed2: - X509_free(cert); -failed1: - return 0; -} - -/* - * SSL_CTX_use_certificate - set the SSL context private key - * - * @param ctx - SSL context point - * @param x - private key point - * - * @return - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) -{ - SSL_ASSERT(ctx); - SSL_ASSERT(pkey); - - ctx->cert->pkey = pkey; - - return 1; -} - -/* - * SSL_CTX_use_PrivateKey_ASN1 - load private key into the SSL context - * - * @param type - private key type - * @param ctx - SSL context point - * @param d - private key context point - * @param len - private key context bytes - * - * @return - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, - const unsigned char *d, long len) -{ - int ret; - EVP_PKEY *pkey; - - pkey = d2i_PrivateKey(0, &ctx->cert->pkey, &d, len); - if (!pkey) - SSL_RET(failed1, "d2i_PrivateKey\n"); - - ret = SSL_CTX_use_PrivateKey(ctx, pkey); - if (!ret) - SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n"); - - return 1; - -failed2: - EVP_PKEY_free(pkey); -failed1: - return 0; -} - -/* - * SSL_CTX_add_client_CA - set SSL context client CA certification - * - * @param ctx - SSL context point - * @param x - client CA certification point - * - * @return - * 1 : OK - * 0 : failed - */ -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) -{ - SSL_ASSERT(ctx); - SSL_ASSERT(x); - - ctx->client_CA = x; - - return 1; -} diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index fd2643e6b7..219f283991 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -98,3 +98,77 @@ failed2: failed1: return NULL; } + +/* + * SSL_CTX_add_client_CA - set SSL context client CA certification + * + * @param ctx - SSL context point + * @param x - client CA certification point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(x); + + ctx->client_CA = x; + + return 1; +} + +/* + * SSL_CTX_use_certificate - set the SSL context certification + * + * @param ctx - SSL context point + * @param x - X509 certification point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) +{ + SSL_ASSERT(ctx); + SSL_ASSERT(x); + + ctx->cert->x509 = x; + + return 1; +} + +/* + * SSL_CTX_use_certificate_ASN1 - load certification into the SSL context + * + * @param ctx - SSL context point + * @param len - certification context bytes + * @param d - certification context point + * + * @return + * 1 : OK + * 0 : failed + */ +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d) +{ + int ret; + X509 *cert; + + cert = d2i_X509(&ctx->cert->x509, d, len); + if (!cert) + SSL_RET(failed1, "d2i_X509\n"); + + ret = SSL_CTX_use_certificate(ctx, cert); + if (!ret) + SSL_RET(failed2, "SSL_CTX_use_certificate\n"); + + return 1; + +failed2: + X509_free(cert); +failed1: + return 0; +} + diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index b8a046aa1e..948c1bc4ee 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -16,8 +16,6 @@ #include "ssl_port.h" #include "ssl_dbg.h" -#include - /* mbedtls include */ #include "mbedtls/platform.h" #include "mbedtls/net.h" @@ -69,7 +67,9 @@ int ssl_pm_new(SSL *ssl) struct ssl_pm *ssl_pm; int ret; - char *pers; + const unsigned char pers[] = "OpenSSL PM"; + size_t pers_len = sizeof(pers); + int endpoint; int mode; int version; @@ -84,16 +84,6 @@ int ssl_pm_new(SSL *ssl) if (!ssl_pm) SSL_ERR(ret, failed1, "ssl_malloc\n"); - if (method->endpoint) { - pers = "server"; - endpoint = MBEDTLS_SSL_IS_SERVER; - } else { - pers = "client"; - endpoint = MBEDTLS_SSL_IS_CLIENT; - } - - //max_content_len = 4096; - mbedtls_net_init(&ssl_pm->fd); mbedtls_net_init(&ssl_pm->cl_fd); @@ -102,10 +92,15 @@ int ssl_pm_new(SSL *ssl) mbedtls_entropy_init(&ssl_pm->entropy); mbedtls_ssl_init(&ssl_pm->ssl); - ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, (const unsigned char *)pers, strlen(pers)); + ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len); if (ret) SSL_ERR(ret, failed1, "mbedtls_ctr_drbg_seed:[-0x%x]\n", -ret); + if (method->endpoint) { + endpoint = MBEDTLS_SSL_IS_SERVER; + } else { + endpoint = MBEDTLS_SSL_IS_CLIENT; + } ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); if (ret) SSL_ERR(ret, failed2, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret); diff --git a/components/openssl/platform/ssl_port.c b/components/openssl/platform/ssl_port.c index 4045e29116..3e6ada5cc9 100644 --- a/components/openssl/platform/ssl_port.c +++ b/components/openssl/platform/ssl_port.c @@ -12,8 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include #include "ssl_port.h" +#include "string.h" #include "malloc.h" /*********************************************************************************************/ @@ -44,6 +44,11 @@ void* ssl_memcpy(void *to, const void *from, size_t size) return memcpy(to, from, size); } +size_t ssl_strlen(const char *src) +{ + return strlen(src); +} + void ssl_speed_up_enter(void) {