diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS index 8986617f85..52331c2f88 100644 --- a/.gitlab/CODEOWNERS +++ b/.gitlab/CODEOWNERS @@ -121,7 +121,6 @@ /components/mqtt/ @esp-idf-codeowners/network /components/newlib/ @esp-idf-codeowners/system @esp-idf-codeowners/tools /components/nvs_flash/ @esp-idf-codeowners/storage -/components/openssl/ @esp-idf-codeowners/network /components/openthread/ @esp-idf-codeowners/ieee802154 /components/partition_table/ @esp-idf-codeowners/system /components/perfmon/ @esp-idf-codeowners/tools diff --git a/components/openssl/CMakeLists.txt b/components/openssl/CMakeLists.txt deleted file mode 100644 index bf3d44057d..0000000000 --- a/components/openssl/CMakeLists.txt +++ /dev/null @@ -1,13 +0,0 @@ -idf_component_register(SRCS "library/ssl_cert.c" - "library/ssl_lib.c" - "library/ssl_methods.c" - "library/ssl_pkey.c" - "library/ssl_bio.c" - "library/ssl_err.c" - "library/ssl_stack.c" - "library/ssl_x509.c" - "platform/ssl_pm.c" - "platform/ssl_port.c" - REQUIRES mbedtls - INCLUDE_DIRS include - PRIV_INCLUDE_DIRS include/internal include/platform include/openssl) diff --git a/components/openssl/Kconfig b/components/openssl/Kconfig deleted file mode 100644 index aa60b15603..0000000000 --- a/components/openssl/Kconfig +++ /dev/null @@ -1,78 +0,0 @@ -menu "OpenSSL" - - config OPENSSL_DEBUG - bool "Enable OpenSSL debugging" - default n - help - Enable OpenSSL debugging function. - - If the option is enabled, "SSL_DEBUG" works. - - config OPENSSL_ERROR_STACK - bool "Enable OpenSSL error structure" - default y - help - Enable OpenSSL Error reporting - - config OPENSSL_DEBUG_LEVEL - int "OpenSSL debugging level" - default 0 - range 0 255 - depends on OPENSSL_DEBUG - help - OpenSSL debugging level. - - Only function whose debugging level is higher than "OPENSSL_DEBUG_LEVEL" works. - - For example: - If OPENSSL_DEBUG_LEVEL = 2, you use function "SSL_DEBUG(1, "malloc failed")". Because 1 < 2, it will not - print. - - config OPENSSL_LOWLEVEL_DEBUG - bool "Enable OpenSSL low-level module debugging" - default n - depends on OPENSSL_DEBUG - select MBEDTLS_DEBUG - help - If the option is enabled, low-level module debugging function of OpenSSL is enabled, e.g. mbedtls internal - debugging function. - - choice OPENSSL_ASSERT - prompt "Select OpenSSL assert function" - default OPENSSL_ASSERT_EXIT - help - OpenSSL function needs "assert" function to check if input parameters are valid. - - If you want to use assert debugging function, "OPENSSL_DEBUG" should be enabled. - - config OPENSSL_ASSERT_DO_NOTHING - bool "Do nothing" - help - Do nothing and "SSL_ASSERT" does not work. - - config OPENSSL_ASSERT_EXIT - bool "Check and exit" - help - Enable assert exiting, it will check and return error code. - - config OPENSSL_ASSERT_DEBUG - bool "Show debugging message" - depends on OPENSSL_DEBUG - help - Enable assert debugging, it will check and show debugging message. - - config OPENSSL_ASSERT_DEBUG_EXIT - bool "Show debugging message and exit" - depends on OPENSSL_DEBUG - help - Enable assert debugging and exiting, it will check, show debugging message and return error code. - - config OPENSSL_ASSERT_DEBUG_BLOCK - bool "Show debugging message and block" - depends on OPENSSL_DEBUG - help - Enable assert debugging and blocking, it will check, show debugging message and block by "while (1);". - - endchoice - -endmenu diff --git a/components/openssl/include/internal/ssl3.h b/components/openssl/include/internal/ssl3.h deleted file mode 100644 index 007b392f3e..0000000000 --- a/components/openssl/include/internal/ssl3.h +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL3_H_ -#define _SSL3_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -# define SSL3_AD_CLOSE_NOTIFY 0 -# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ -# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ -# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ -# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ -# define SSL3_AD_NO_CERTIFICATE 41 -# define SSL3_AD_BAD_CERTIFICATE 42 -# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 -# define SSL3_AD_CERTIFICATE_REVOKED 44 -# define SSL3_AD_CERTIFICATE_EXPIRED 45 -# define SSL3_AD_CERTIFICATE_UNKNOWN 46 -# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ - -# define SSL3_AL_WARNING 1 -# define SSL3_AL_FATAL 2 - -#define SSL3_VERSION 0x0300 - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/components/openssl/include/internal/ssl_cert.h b/components/openssl/include/internal/ssl_cert.h deleted file mode 100644 index 86cf31ad51..0000000000 --- a/components/openssl/include/internal/ssl_cert.h +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_CERT_H_ -#define _SSL_CERT_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "ssl_types.h" - -/** - * @brief create a certification object include private key object according to input certification - * - * @param ic - input certification point - * - * @return certification object point - */ -CERT *__ssl_cert_new(CERT *ic); - -/** - * @brief create a certification object include private key object - * - * @param none - * - * @return certification object point - */ -CERT* ssl_cert_new(void); - -/** - * @brief free a certification object - * - * @param cert - certification object point - * - * @return none - */ -void ssl_cert_free(CERT *cert); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/components/openssl/include/internal/ssl_code.h b/components/openssl/include/internal/ssl_code.h deleted file mode 100644 index 18e687e5f9..0000000000 --- a/components/openssl/include/internal/ssl_code.h +++ /dev/null @@ -1,128 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_CODE_H_ -#define _SSL_CODE_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "ssl3.h" -#include "tls1.h" -#include "x509_vfy.h" - -/* Used in SSL_set_mode() -- supported mode when using BIO */ -#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L -#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L - -/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ -# define SSL_SENT_SHUTDOWN 1 -# define SSL_RECEIVED_SHUTDOWN 2 - -# define SSL_VERIFY_NONE 0x00 -# define SSL_VERIFY_PEER 0x01 -# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 -# define SSL_VERIFY_CLIENT_ONCE 0x04 - -/* - * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you - * should not need these - */ -# define SSL_ST_READ_HEADER 0xF0 -# define SSL_ST_READ_BODY 0xF1 -# define SSL_ST_READ_DONE 0xF2 - -# define SSL_NOTHING 1 -# define SSL_WRITING 2 -# define SSL_READING 3 -# define SSL_X509_LOOKUP 4 -# define SSL_ASYNC_PAUSED 5 -# define SSL_ASYNC_NO_JOBS 6 - - -# define SSL_ERROR_NONE 0 -# define SSL_ERROR_SSL 1 -# define SSL_ERROR_WANT_READ 2 -# define SSL_ERROR_WANT_WRITE 3 -# define SSL_ERROR_WANT_X509_LOOKUP 4 -# define SSL_ERROR_SYSCALL 5/* look at error stack/return value/errno */ -# define SSL_ERROR_ZERO_RETURN 6 -# define SSL_ERROR_WANT_CONNECT 7 -# define SSL_ERROR_WANT_ACCEPT 8 -# define SSL_ERROR_WANT_ASYNC 9 -# define SSL_ERROR_WANT_ASYNC_JOB 10 - -/* Message flow states */ -typedef enum { - /* No handshake in progress */ - MSG_FLOW_UNINITED, - /* A permanent error with this connection */ - MSG_FLOW_ERROR, - /* We are about to renegotiate */ - MSG_FLOW_RENEGOTIATE, - /* We are reading messages */ - MSG_FLOW_READING, - /* We are writing messages */ - MSG_FLOW_WRITING, - /* Handshake has finished */ - MSG_FLOW_FINISHED -} MSG_FLOW_STATE; - -/* SSL subsystem states */ -typedef enum { - TLS_ST_BEFORE, - TLS_ST_OK, - DTLS_ST_CR_HELLO_VERIFY_REQUEST, - TLS_ST_CR_SRVR_HELLO, - TLS_ST_CR_CERT, - TLS_ST_CR_CERT_STATUS, - TLS_ST_CR_KEY_EXCH, - TLS_ST_CR_CERT_REQ, - TLS_ST_CR_SRVR_DONE, - TLS_ST_CR_SESSION_TICKET, - TLS_ST_CR_CHANGE, - TLS_ST_CR_FINISHED, - TLS_ST_CW_CLNT_HELLO, - TLS_ST_CW_CERT, - TLS_ST_CW_KEY_EXCH, - TLS_ST_CW_CERT_VRFY, - TLS_ST_CW_CHANGE, - TLS_ST_CW_NEXT_PROTO, - TLS_ST_CW_FINISHED, - TLS_ST_SW_HELLO_REQ, - TLS_ST_SR_CLNT_HELLO, - DTLS_ST_SW_HELLO_VERIFY_REQUEST, - TLS_ST_SW_SRVR_HELLO, - TLS_ST_SW_CERT, - TLS_ST_SW_KEY_EXCH, - TLS_ST_SW_CERT_REQ, - TLS_ST_SW_SRVR_DONE, - TLS_ST_SR_CERT, - TLS_ST_SR_KEY_EXCH, - TLS_ST_SR_CERT_VRFY, - TLS_ST_SR_NEXT_PROTO, - TLS_ST_SR_CHANGE, - TLS_ST_SR_FINISHED, - TLS_ST_SW_SESSION_TICKET, - TLS_ST_SW_CERT_STATUS, - TLS_ST_SW_CHANGE, - TLS_ST_SW_FINISHED -} OSSL_HANDSHAKE_STATE; - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/components/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h deleted file mode 100644 index 12ba25f99d..0000000000 --- a/components/openssl/include/internal/ssl_dbg.h +++ /dev/null @@ -1,191 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_DEBUG_H_ -#define _SSL_DEBUG_H_ - -#include "platform/ssl_opt.h" -#include "platform/ssl_port.h" - -#ifdef __cplusplus - extern "C" { -#endif - -#ifdef CONFIG_OPENSSL_DEBUG_LEVEL - #define SSL_DEBUG_LEVEL CONFIG_OPENSSL_DEBUG_LEVEL -#else - #define SSL_DEBUG_LEVEL 0 -#endif - -#define SSL_DEBUG_ON (SSL_DEBUG_LEVEL + 1) -#define SSL_DEBUG_OFF (SSL_DEBUG_LEVEL - 1) - -#ifdef CONFIG_OPENSSL_DEBUG - #ifndef SSL_DEBUG_LOG - #error "SSL_DEBUG_LOG is not defined" - #endif - - #ifndef SSL_DEBUG_FL - #define SSL_DEBUG_FL "\n" - #endif - - #define SSL_SHOW_LOCATION() \ - SSL_DEBUG_LOG("SSL assert : %s %d\n", \ - __FILE__, __LINE__) - - #define SSL_DEBUG(level, fmt, ...) \ - { \ - if (level > SSL_DEBUG_LEVEL) { \ - SSL_DEBUG_LOG(fmt SSL_DEBUG_FL, ##__VA_ARGS__); \ - } \ - } -#else /* CONFIG_OPENSSL_DEBUG */ - #define SSL_SHOW_LOCATION() - - #define SSL_DEBUG(level, fmt, ...) -#endif /* CONFIG_OPENSSL_DEBUG */ - -/** - * OpenSSL assert function - * - * if select "CONFIG_OPENSSL_ASSERT_DEBUG", SSL_ASSERT* will show error file name and line - * if select "CONFIG_OPENSSL_ASSERT_EXIT", SSL_ASSERT* will just return error code. - * if select "CONFIG_OPENSSL_ASSERT_DEBUG_EXIT" SSL_ASSERT* will show error file name and line, - * then return error code. - * if select "CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK", SSL_ASSERT* will show error file name and line, - * then block here with "while (1)" - * - * SSL_ASSERT1 may will return "-1", so function's return argument is integer. - * SSL_ASSERT2 may will return "NULL", so function's return argument is a point. - * SSL_ASSERT2 may will return nothing, so function's return argument is "void". - */ -#if defined(CONFIG_OPENSSL_ASSERT_DEBUG) - #define SSL_ASSERT1(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - } \ - } - - #define SSL_ASSERT2(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - } \ - } - - #define SSL_ASSERT3(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - } \ - } -#elif defined(CONFIG_OPENSSL_ASSERT_EXIT) - #define SSL_ASSERT1(s) \ - { \ - if (!(s)) { \ - return -1; \ - } \ - } - - #define SSL_ASSERT2(s) \ - { \ - if (!(s)) { \ - return NULL; \ - } \ - } - - #define SSL_ASSERT3(s) \ - { \ - if (!(s)) { \ - return ; \ - } \ - } -#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_EXIT) - #define SSL_ASSERT1(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - return -1; \ - } \ - } - - #define SSL_ASSERT2(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - return NULL; \ - } \ - } - - #define SSL_ASSERT3(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - return ; \ - } \ - } -#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK) - #define SSL_ASSERT1(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - while (1); \ - } \ - } - - #define SSL_ASSERT2(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - while (1); \ - } \ - } - - #define SSL_ASSERT3(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - while (1); \ - } \ - } -#else - #define SSL_ASSERT1(s) - #define SSL_ASSERT2(s) - #define SSL_ASSERT3(s) -#endif - -#define SSL_PLATFORM_DEBUG_LEVEL SSL_DEBUG_OFF -#define SSL_PLATFORM_ERROR_LEVEL SSL_DEBUG_ON - -#define SSL_CERT_DEBUG_LEVEL SSL_DEBUG_OFF -#define SSL_CERT_ERROR_LEVEL SSL_DEBUG_ON - -#define SSL_PKEY_DEBUG_LEVEL SSL_DEBUG_OFF -#define SSL_PKEY_ERROR_LEVEL SSL_DEBUG_ON - -#define SSL_X509_DEBUG_LEVEL SSL_DEBUG_OFF -#define SSL_X509_ERROR_LEVEL SSL_DEBUG_ON - -#define SSL_LIB_DEBUG_LEVEL SSL_DEBUG_OFF -#define SSL_LIB_ERROR_LEVEL SSL_DEBUG_ON - -#define SSL_STACK_DEBUG_LEVEL SSL_DEBUG_OFF -#define SSL_STACK_ERROR_LEVEL SSL_DEBUG_ON - -#ifdef __cplusplus - } -#endif - -#endif diff --git a/components/openssl/include/internal/ssl_lib.h b/components/openssl/include/internal/ssl_lib.h deleted file mode 100644 index bf7de22fdf..0000000000 --- a/components/openssl/include/internal/ssl_lib.h +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_LIB_H_ -#define _SSL_LIB_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "ssl_types.h" - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h deleted file mode 100644 index 17cf9bb697..0000000000 --- a/components/openssl/include/internal/ssl_methods.h +++ /dev/null @@ -1,122 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_METHODS_H_ -#define _SSL_METHODS_H_ - -#include "ssl_types.h" - -#ifdef __cplusplus - extern "C" { -#endif - -/** - * TLS method function implement - */ -#define IMPLEMENT_TLS_METHOD_FUNC(func_name, \ - new, free, \ - handshake, shutdown, clear, \ - read, send, pending, \ - set_fd, set_hostname, get_fd, \ - set_bufflen, \ - get_verify_result, \ - get_state) \ - static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \ - new, \ - free, \ - handshake, \ - shutdown, \ - clear, \ - read, \ - send, \ - pending, \ - set_fd, \ - set_hostname, \ - get_fd, \ - set_bufflen, \ - get_verify_result, \ - get_state \ - }; - -#define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \ - const SSL_METHOD* func_name(void) { \ - static const SSL_METHOD func_name##_data LOCAL_ATRR = { \ - ver, \ - mode, \ - &(fun), \ - }; \ - return &func_name##_data; \ - } - -#define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \ - const SSL_METHOD* func_name(void) { \ - static const SSL_METHOD func_name##_data LOCAL_ATRR = { \ - ver, \ - mode, \ - &(fun), \ - }; \ - return &func_name##_data; \ - } - -#define IMPLEMENT_X509_METHOD(func_name, \ - new, \ - free, \ - load, \ - show_info) \ - const X509_METHOD* func_name(void) { \ - static const X509_METHOD func_name##_data LOCAL_ATRR = { \ - new, \ - free, \ - load, \ - show_info \ - }; \ - return &func_name##_data; \ - } - -#define IMPLEMENT_PKEY_METHOD(func_name, \ - new, \ - free, \ - load) \ - const PKEY_METHOD* func_name(void) { \ - static const PKEY_METHOD func_name##_data LOCAL_ATRR = { \ - new, \ - free, \ - load \ - }; \ - return &func_name##_data; \ - } - -/** - * @brief get X509 object method - * - * @param none - * - * @return X509 object method point - */ -const X509_METHOD* X509_method(void); - -/** - * @brief get private key object method - * - * @param none - * - * @return private key object method point - */ -const PKEY_METHOD* EVP_PKEY_method(void); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/components/openssl/include/internal/ssl_pkey.h b/components/openssl/include/internal/ssl_pkey.h deleted file mode 100644 index a8cfa33df4..0000000000 --- a/components/openssl/include/internal/ssl_pkey.h +++ /dev/null @@ -1,132 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_PKEY_H_ -#define _SSL_PKEY_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "ssl_types.h" - -/** - * @brief create a private key object according to input private key - * - * @param ipk - input private key point - * - * @return new private key object point - */ -EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk); - -/** - * @brief create a private key object - * - * @param none - * - * @return private key object point - */ -EVP_PKEY* EVP_PKEY_new(void); - -/** - * @brief load a character key context into system context. If '*a' is pointed to the - * private key, then load key into it. Or create a new private key object - * - * @param type - private key type - * @param a - a point pointed to a private key point - * @param pp - a point pointed to the key context memory point - * @param length - key bytes - * - * @return private key object point - */ -EVP_PKEY* d2i_PrivateKey(int type, - EVP_PKEY **a, - const unsigned char **pp, - long length); - -/** - * @brief decodes and load a buffer BIO into a EVP key context. If '*a' is pointed to the - * private key, then load key into it. Or create a new private key object - * - * @param bp BIO object containing the key - * @param a Pointer to an existing EVP_KEY or NULL if a new key shall be created - * - * @return Created or updated EVP_PKEY - */ -EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); - -/** - * @brief Same as d2i_PrivateKey_bio - * - * @param bp BIO object containing the key - * @param a Pointer to an existing EVP_KEY or NULL if a new key shall be created - * - * @return Created or updated EVP_PKEY - */ -RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa); - -/** - * @brief loads a private key in PEM format from BIO object - * - * @param bp BIO object containing the key - * @param x Pointer to an existent PKEY or NULL if a new key shall be created - * @param cb Password callback (not used) - * @param u User context (not used) - * - * @return Created or updated EVP_PKEY - */ -EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); - -/** - * @brief RSA key in PEM format from BIO object - * - * @param bp BIO object containing the key - * @param x Pointer to an existent PKEY or NULL if a new key shall be created - * @param cb Password callback (not used) - * @param u User context (not used) - * - * @return Created or updated EVP_PKEY - */ - -RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, void *u); - -/** - * @brief free a private key object - * - * @param pkey - private key object point - * - * @return none - */ -void EVP_PKEY_free(EVP_PKEY *x); - -/** - * @brief load private key into the SSL - * - * @param type - private key type - * @param ssl - SSL point - * @param len - data bytes - * @param d - data point - * - * @return result - * 0 : failed - * 1 : OK - */ - int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len); - - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/components/openssl/include/internal/ssl_stack.h b/components/openssl/include/internal/ssl_stack.h deleted file mode 100644 index f1efa5795f..0000000000 --- a/components/openssl/include/internal/ssl_stack.h +++ /dev/null @@ -1,95 +0,0 @@ -#ifndef _SSL_STACK_H_ -#define _SSL_STACK_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "ssl_types.h" - -#define STACK_OF(type) struct stack_st_##type - -#define SKM_DEFINE_STACK_OF(t1, t2, t3) \ - STACK_OF(t1); \ - static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ - { \ - return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ - } \ - -#define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) -typedef struct asn1_string_st ASN1_OCTET_STRING; - -struct stack_st_GENERAL_NAME; -typedef struct GENERAL_NAME_st { - int type; - union { - char *ptr; - struct asn1_string_st* dNSName; - ASN1_OCTET_STRING* iPAddress; - } d; -} GENERAL_NAME; - -typedef struct asn1_string_st ASN1_OCTET_STRING; -typedef struct X509_name_st X509_NAME; -typedef struct asn1_string_st ASN1_STRING; -typedef struct X509_name_entry_st X509_NAME_ENTRY; - -typedef struct asn1_string_st { - int type; - int length; - void *data; -} ASN1_IA5STRING; - -typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; - -/** - * @brief get nr of stack items - * - * @param sk Stack structure pointer - * - * @return number of items in the stack - */ -size_t sk_GENERAL_NAME_num(const struct stack_st_GENERAL_NAME *sk); - -/** - * @brief get GENERAL_NAME value from the stack - * - * @param sk Stack structure pointer - * @param i Index to stack item - * - * @return GENERAL_NAME object pointer - */ -GENERAL_NAME *sk_GENERAL_NAME_value(const struct stack_st_GENERAL_NAME *sk, size_t i); - -/** - * @brief create a openssl stack object - * - * @param c - stack function - * - * @return openssl stack object point - */ -OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c); - -/** - * @brief create a NULL function openssl stack object - * - * @param none - * - * @return openssl stack object point - */ -OPENSSL_STACK *OPENSSL_sk_new_null(void); - -/** - * @brief free openssl stack object - * - * @param openssl stack object point - * - * @return none - */ -void OPENSSL_sk_free(OPENSSL_STACK *stack); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h deleted file mode 100644 index 2871d3a83a..0000000000 --- a/components/openssl/include/internal/ssl_types.h +++ /dev/null @@ -1,346 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_TYPES_H_ -#define _SSL_TYPES_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "ssl_code.h" -#include -#include - -typedef void SSL_CIPHER; - -typedef void X509_STORE_CTX; -typedef void X509_STORE; - -typedef void RSA; - -typedef void STACK; - -typedef void DH; - -#define ossl_inline inline - -#define SSL_METHOD_CALL(f, s, ...) s->method->func->ssl_##f(s, ##__VA_ARGS__) -#define X509_METHOD_CALL(f, x, ...) x->method->x509_##f(x, ##__VA_ARGS__) -#define EVP_PKEY_METHOD_CALL(f, k, ...) k->method->pkey_##f(k, ##__VA_ARGS__) - -typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); -typedef int (*openssl_verify_callback)(int, X509_STORE_CTX *); -struct stack_st; -typedef struct stack_st OPENSSL_STACK; - -struct ssl_method_st; -typedef struct ssl_method_st SSL_METHOD; - -struct ssl_method_func_st; -typedef struct ssl_method_func_st SSL_METHOD_FUNC; - -struct record_layer_st; -typedef struct record_layer_st RECORD_LAYER; - -struct ossl_statem_st; -typedef struct ossl_statem_st OSSL_STATEM; - -struct ssl_session_st; -typedef struct ssl_session_st SSL_SESSION; - -struct ssl_ctx_st; -typedef struct ssl_ctx_st SSL_CTX; - -struct ssl_st; -typedef struct ssl_st SSL; - -struct cert_st; -typedef struct cert_st CERT; - -struct x509_st; -typedef struct x509_st X509; - -struct X509_VERIFY_PARAM_st; -typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; - -struct evp_pkey_st; -typedef struct evp_pkey_st EVP_PKEY; - -struct x509_method_st; -typedef struct x509_method_st X509_METHOD; - -struct pkey_method_st; -typedef struct pkey_method_st PKEY_METHOD; - -struct ssl_alpn_st; -typedef struct ssl_alpn_st SSL_ALPN; - -struct bio_st; -typedef struct bio_st BIO; - -struct stack_st { - - char **data; - - int num_alloc; - - OPENSSL_sk_compfunc c; -}; - -struct evp_pkey_st { - - void *pkey_pm; - - const PKEY_METHOD *method; - - int ref_counter; -}; - -struct x509_st { - - /* X509 certification platform private point */ - void *x509_pm; - - const X509_METHOD *method; - - int ref_counter; -}; - -struct cert_st { - - int sec_level; - - X509 *x509; - - EVP_PKEY *pkey; - -}; - -struct ossl_statem_st { - - MSG_FLOW_STATE state; - - int hand_state; -}; - -struct record_layer_st { - - int rstate; - - int read_ahead; -}; - -struct ssl_session_st { - - long timeout; - - long time; - - X509 *peer; -}; - -struct X509_VERIFY_PARAM_st { - - int depth; - -}; - -struct bio_st { - - unsigned char * data; - int dlen; - BIO* peer; - size_t offset; - size_t roffset; - size_t size; - size_t flags; - size_t type; - -}; - -typedef enum { ALPN_INIT, ALPN_ENABLE, ALPN_DISABLE, ALPN_ERROR } ALPN_STATUS; -struct ssl_alpn_st { - ALPN_STATUS alpn_status; - /* This is dynamically allocated */ - char *alpn_string; - /* This only points to the members in the string */ -#define ALPN_LIST_MAX 10 - const char *alpn_list[ALPN_LIST_MAX]; -}; - -typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); - - -struct ssl_ctx_st -{ - int version; - - int references; - - unsigned long options; - - SSL_ALPN ssl_alpn; - - const SSL_METHOD *method; - - CERT *cert; - - X509 *client_CA; - - int verify_mode; - - int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); - - long session_timeout; - - int read_ahead; - - int read_buffer_len; - - X509_VERIFY_PARAM param; - - void *default_passwd_callback_userdata; - - pem_password_cb *default_passwd_callback; - - struct stack_st_X509 *extra_certs; - - int max_version; - int min_version; - -}; - -struct ssl_st -{ - /* protocol version(one of SSL3.0, TLS1.0, etc.) */ - int version; - - unsigned long options; - - /* shut things down(0x01 : sent, 0x02 : received) */ - int shutdown; - - CERT *cert; - - X509 *client_CA; - - SSL_CTX *ctx; - - const SSL_METHOD *method; - - RECORD_LAYER rlayer; - - /* where we are */ - OSSL_STATEM statem; - - SSL_SESSION *session; - - int verify_mode; - - int (*verify_callback) (int ok, X509_STORE_CTX *ctx); - - int rwstate; - - long verify_result; - - X509_VERIFY_PARAM param; - - uint32_t mode; - - void (*info_callback) (const SSL *ssl, int type, int val); - - /* SSL low-level system arch point */ - void *ssl_pm; - void *bio; -}; - -struct ssl_method_st { - /* protocol version(one of SSL3.0, TLS1.0, etc.) */ - int version; - - /* SSL mode(client(0) , server(1), not known(-1)) */ - int endpoint; - - const SSL_METHOD_FUNC *func; -}; - -struct ssl_method_func_st { - - int (*ssl_new)(SSL *ssl); - - void (*ssl_free)(SSL *ssl); - - int (*ssl_handshake)(SSL *ssl); - - int (*ssl_shutdown)(SSL *ssl); - - int (*ssl_clear)(SSL *ssl); - - int (*ssl_read)(SSL *ssl, void *buffer, int len); - - int (*ssl_send)(SSL *ssl, const void *buffer, int len); - - int (*ssl_pending)(const SSL *ssl); - - void (*ssl_set_fd)(SSL *ssl, int fd, int mode); - - void (*ssl_set_hostname)(SSL *ssl, const char *hostname); - - int (*ssl_get_fd)(const SSL *ssl, int mode); - - void (*ssl_set_bufflen)(SSL *ssl, int len); - - long (*ssl_get_verify_result)(const SSL *ssl); - - OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl); -}; - -struct x509_method_st { - - int (*x509_new)(X509 *x, X509 *m_x); - - void (*x509_free)(X509 *x); - - int (*x509_load)(X509 *x, const unsigned char *buf, int len); - - int (*x509_show_info)(X509 *x); -}; - -struct pkey_method_st { - - int (*pkey_new)(EVP_PKEY *pkey, EVP_PKEY *m_pkey); - - void (*pkey_free)(EVP_PKEY *pkey); - - int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len); -}; - -struct bio_method_st { - - unsigned type; - - unsigned size; -}; - - -typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out, - unsigned char *outlen, const unsigned char *in, - unsigned int inlen, void *arg); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/components/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h deleted file mode 100644 index 454fbdcb23..0000000000 --- a/components/openssl/include/internal/ssl_x509.h +++ /dev/null @@ -1,152 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_X509_H_ -#define _SSL_X509_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "ssl_types.h" -#include "ssl_stack.h" - -DEFINE_STACK_OF(X509_NAME) - -/** - * @brief create a X509 certification object according to input X509 certification - * - * @param ix - input X509 certification point - * - * @return new X509 certification object point - */ -X509* __X509_new(X509 *ix); - -/** - * @brief create a X509 certification object - * - * @param none - * - * @return X509 certification object point - */ -X509* X509_new(void); - -/** - * @brief load a character certification context into system context. If '*cert' is pointed to the - * certification, then load certification into it. Or create a new X509 certification object - * - * @param cert - a point pointed to X509 certification - * @param buffer - a point pointed to the certification context memory point - * @param length - certification bytes - * - * @return X509 certification object point - */ -X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); - -/** - * @brief free a X509 certification object - * - * @param x - X509 certification object point - * - * @return none - */ -void X509_free(X509 *x); - -/** - * @brief set SSL context client CA certification - * - * @param ctx - SSL context point - * @param x - X509 certification point - * - * @return result - * 0 : failed - * 1 : OK - */ -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); - -/** - * @brief add CA client certification into the SSL - * - * @param ssl - SSL point - * @param x - X509 certification point - * - * @return result - * 0 : failed - * 1 : OK - */ -int SSL_add_client_CA(SSL *ssl, X509 *x); - -/** - * @brief load certification into the SSL - * - * @param ssl - SSL point - * @param len - data bytes - * @param d - data point - * - * @return result - * 0 : failed - * 1 : OK - * - */ -int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d); - - -/** - * @brief set SSL context client CA certification - * - * @param store - pointer to X509_STORE - * @param x - pointer to X509 certification point - * - * @return result - * 0 : failed - * 1 : OK - */ -int X509_STORE_add_cert(X509_STORE *store, X509 *x); - -/** - * @brief load a character certification context into system context. - * - * If '*cert' is pointed to the certification, then load certification - * into it, or create a new X509 certification object. - * - * @param bp - pointer to BIO - * @param buffer - pointer to the certification context memory - * @param cb - pointer to a callback which queries pass phrase used - for encrypted PEM structure - * @param u - pointer to arbitary data passed by application to callback - * - * @return X509 certification object point - */ -X509 * PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb cb, void *u); - -/** - * @brief load a character certification context into system context. - * - * Current implementation directly calls PEM_read_bio_X509 - * - * @param bp - pointer to BIO - * @param buffer - pointer to the certification context memory - * @param cb - pointer to the callback (not implemented) - * @param u - pointer to arbitrary data (not implemented) - * - * @return X509 certification object point - */ -X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **cert, pem_password_cb *cb, void *u); - - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/components/openssl/include/internal/tls1.h b/components/openssl/include/internal/tls1.h deleted file mode 100644 index a9da53e063..0000000000 --- a/components/openssl/include/internal/tls1.h +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _TLS1_H_ -#define _TLS1_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -# define TLS1_AD_DECRYPTION_FAILED 21 -# define TLS1_AD_RECORD_OVERFLOW 22 -# define TLS1_AD_UNKNOWN_CA 48/* fatal */ -# define TLS1_AD_ACCESS_DENIED 49/* fatal */ -# define TLS1_AD_DECODE_ERROR 50/* fatal */ -# define TLS1_AD_DECRYPT_ERROR 51 -# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ -# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ -# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ -# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ -# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ -# define TLS1_AD_USER_CANCELLED 90 -# define TLS1_AD_NO_RENEGOTIATION 100 -/* codes 110-114 are from RFC3546 */ -# define TLS1_AD_UNSUPPORTED_EXTENSION 110 -# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 -# define TLS1_AD_UNRECOGNIZED_NAME 112 -# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 -# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 -# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ -# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ - -/* Special value for method supporting multiple versions */ -#define TLS_ANY_VERSION 0x10000 - -#define TLS1_VERSION 0x0301 -#define TLS1_1_VERSION 0x0302 -#define TLS1_2_VERSION 0x0303 - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/components/openssl/include/internal/x509_vfy.h b/components/openssl/include/internal/x509_vfy.h deleted file mode 100644 index fec367d5fd..0000000000 --- a/components/openssl/include/internal/x509_vfy.h +++ /dev/null @@ -1,111 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _X509_VFY_H_ -#define _X509_VFY_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#define X509_V_OK 0 -#define X509_V_ERR_UNSPECIFIED 1 -#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 -#define X509_V_ERR_UNABLE_TO_GET_CRL 3 -#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 -#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 -#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 -#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 -#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 -#define X509_V_ERR_CERT_NOT_YET_VALID 9 -#define X509_V_ERR_CERT_HAS_EXPIRED 10 -#define X509_V_ERR_CRL_NOT_YET_VALID 11 -#define X509_V_ERR_CRL_HAS_EXPIRED 12 -#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 -#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 -#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 -#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 -#define X509_V_ERR_OUT_OF_MEM 17 -#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 -#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 -#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 -#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 -#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 -#define X509_V_ERR_CERT_REVOKED 23 -#define X509_V_ERR_INVALID_CA 24 -#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 -#define X509_V_ERR_INVALID_PURPOSE 26 -#define X509_V_ERR_CERT_UNTRUSTED 27 -#define X509_V_ERR_CERT_REJECTED 28 -/* These are 'informational' when looking for issuer cert */ -#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 -#define X509_V_ERR_AKID_SKID_MISMATCH 30 -#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 -#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 -#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 -#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 -#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 -#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 -#define X509_V_ERR_INVALID_NON_CA 37 -#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 -#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 -#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 -#define X509_V_ERR_INVALID_EXTENSION 41 -#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 -#define X509_V_ERR_NO_EXPLICIT_POLICY 43 -#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 -#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 -#define X509_V_ERR_UNNESTED_RESOURCE 46 -#define X509_V_ERR_PERMITTED_VIOLATION 47 -#define X509_V_ERR_EXCLUDED_VIOLATION 48 -#define X509_V_ERR_SUBTREE_MINMAX 49 -/* The application is not happy */ -#define X509_V_ERR_APPLICATION_VERIFICATION 50 -#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 -#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 -#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 -#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 -/* Another issuer check debug option */ -#define X509_V_ERR_PATH_LOOP 55 -/* Suite B mode algorithm violation */ -#define X509_V_ERR_SUITE_B_INVALID_VERSION 56 -#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 -#define X509_V_ERR_SUITE_B_INVALID_CURVE 58 -#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 -#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 -#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 -/* Host, email and IP check errors */ -#define X509_V_ERR_HOSTNAME_MISMATCH 62 -#define X509_V_ERR_EMAIL_MISMATCH 63 -#define X509_V_ERR_IP_ADDRESS_MISMATCH 64 -/* DANE TLSA errors */ -#define X509_V_ERR_DANE_NO_MATCH 65 -/* security level errors */ -#define X509_V_ERR_EE_KEY_TOO_SMALL 66 -#define X509_V_ERR_CA_KEY_TOO_SMALL 67 -#define X509_V_ERR_CA_MD_TOO_WEAK 68 -/* Caller error */ -#define X509_V_ERR_INVALID_CALL 69 -/* Issuer lookup error */ -#define X509_V_ERR_STORE_LOOKUP 70 -/* Certificate transparency */ -#define X509_V_ERR_NO_VALID_SCTS 71 - -#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/components/openssl/include/openssl/bio.h b/components/openssl/include/openssl/bio.h deleted file mode 100644 index 1fc049b650..0000000000 --- a/components/openssl/include/openssl/bio.h +++ /dev/null @@ -1,179 +0,0 @@ -// Copyright 2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _OPENSSL_BIO_H -#define _OPENSSL_BIO_H - -#include - -#ifdef __cplusplus - extern "C" { -#endif - -/* These are the 'types' of BIOs */ -#define BIO_TYPE_NONE 0 -#define BIO_TYPE_MEM (1 | 0x0400) -#define BIO_TYPE_BIO (19 | 0x0400) /* (half a) BIO pair */ - -/* Bio object flags */ -#define BIO_FLAGS_READ 0x01 -#define BIO_FLAGS_WRITE 0x02 - -#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) -#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) - -typedef struct bio_st BIO; -typedef struct bio_method_st BIO_METHOD; - -/** - * @brief Create a BIO object as a file type - * Current implementation return NULL as file types are discouraged on ESP platform - * - * @param filename Filename - * @param mode Mode - * - * @return BIO object - */ -BIO *BIO_new_file(const char *filename, const char *mode); - -/** - * @brief Create a BIO object as a membuf type - * Current implementation takes a shallow copy of the buffer - * - * @param buf Pointer to the buffer - * @param len Length of the buffer - * - * @return BIO object - */ -BIO *BIO_new_mem_buf(void *buf, int len); - -/** - * @brief create a BIO object - * - * @param method - pointer to BIO_METHOD - * - * @return pointer to BIO object - */ -BIO *BIO_new(BIO_METHOD * method); - -/** - * @brief get the memory BIO method function - */ -void *BIO_s_mem(void); - -/** - * @brief free a BIO object - * - * @param x - pointer to BIO object - */ -void BIO_free(BIO *b); - -/** - * @brief Create a connected pair of BIOs bio1, bio2 with write buffer sizes writebuf1 and writebuf2 - * - * @param out1 pointer to BIO1 - * @param writebuf1 write size of BIO1 (0 means default size will be used) - * @param out2 pointer to BIO2 - * @param writebuf2 write size of BIO2 (0 means default size will be used) - * - * @return result - * 0 : failed - * 1 : OK - */ -int BIO_new_bio_pair(BIO **out1, size_t writebuf1, BIO **out2, size_t writebuf2); - -/** - * @brief Write data to BIO - * - * BIO_TYPE_BIO behaves the same way as OpenSSL bio object, other BIO types mock - * this functionality to avoid excessive allocation/copy, so the 'data' cannot - * be freed after the function is called, it should remain valid until BIO object is in use. - * - * @param b - pointer to BIO - * @param data - pointer to data - * @param dlen - data bytes - * - * @return result - * -1, 0 : failed - * 1 : OK - */ -int BIO_write(BIO *b, const void *data, int dlen); - -/** - * @brief Read data from BIO - * - * BIO_TYPE_BIO behaves the same way as OpenSSL bio object. - * Other types just hold pointer - * - * @param b - pointer to BIO - * @param data - pointer to data - * @param dlen - data bytes - * - * @return result - * -1, 0 : failed - * 1 : OK - */ -int BIO_read(BIO *bio, void *data, int len); - -/** - * @brief Get number of pending characters in the BIOs write buffers. - * - * @param b Pointer to BIO - * - * @return Amount of pending data - */ -size_t BIO_wpending(const BIO *bio); - -/** - * @brief Get number of pending characters in the BIOs read buffers. - * - * @param b Pointer to BIO - * - * @return Amount of pending data - */ -size_t BIO_ctrl_pending(const BIO *bio); - -/** - * @brief Get the maximum length of data that can be currently written to the BIO - * - * @param b Pointer to BIO - * - * @return Max length of writable data - */ -size_t BIO_ctrl_get_write_guarantee(BIO *bio); - -/** - * @brief Returns the type of a BIO. - * - * @param b Pointer to BIO - * - * @return Type of the BIO object - */ -int BIO_method_type(const BIO *b); - -/** - * @brief Test flags of a BIO. - * - * @param b Pointer to BIO - * @param flags Flags - * - * @return BIO object flags masked with the supplied flags - */ -int BIO_test_flags(const BIO *b, int flags); - -#ifdef __cplusplus -} -#endif - -#endif //_OPENSSL_BIO_H diff --git a/components/openssl/include/openssl/err.h b/components/openssl/include/openssl/err.h deleted file mode 100644 index f4247a4a7c..0000000000 --- a/components/openssl/include/openssl/err.h +++ /dev/null @@ -1,228 +0,0 @@ -// Copyright 2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _OPENSSL_ERR_H -#define _OPENSSL_ERR_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * @note This file contains a very simple implementation of error stack - * for ESP APIs stubs to OpenSSL - */ - -#define OPENSSL_PUT_SYSTEM_ERROR() \ - ERR_put_error(ERR_LIB_SYS, 0, 0, __FILE__, __LINE__); - -#define OPENSSL_PUT_LIB_ERROR(lib, code) \ - ERR_put_error(lib, 0, code, __FILE__, __LINE__); - -#define ERR_GET_LIB(packed_error) ((int)(((packed_error) >> 24) & 0xff)) -#define ERR_GET_REASON(packed_error) ((int)((packed_error) & 0xffff)) -#define ERR_R_PEM_LIB ERR_LIB_PEM -/* inherent openssl errors */ -# define ERR_R_FATAL 64 -# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) -# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) -# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) -# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) -# define ERR_R_DISABLED (5|ERR_R_FATAL) -# define ERR_R_INIT_FAIL (6|ERR_R_FATAL) -# define ERR_R_PASSED_INVALID_ARGUMENT (7) -# define ERR_R_OPERATION_FAIL (8|ERR_R_FATAL) -# define ERR_R_INVALID_PROVIDER_FUNCTIONS (9|ERR_R_FATAL) -# define ERR_R_INTERRUPTED_OR_CANCELLED (10) - -enum { - ERR_LIB_NONE = 1, - ERR_LIB_SYS, - ERR_LIB_BN, - ERR_LIB_RSA, - ERR_LIB_DH, - ERR_LIB_EVP, - ERR_LIB_BUF, - ERR_LIB_OBJ, - ERR_LIB_PEM, - ERR_LIB_DSA, - ERR_LIB_X509, - ERR_LIB_ASN1, - ERR_LIB_CONF, - ERR_LIB_CRYPTO, - ERR_LIB_EC, - ERR_LIB_SSL, - ERR_LIB_BIO, - ERR_LIB_PKCS7, - ERR_LIB_PKCS8, - ERR_LIB_X509V3, - ERR_LIB_RAND, - ERR_LIB_ENGINE, - ERR_LIB_OCSP, - ERR_LIB_UI, - ERR_LIB_COMP, - ERR_LIB_ECDSA, - ERR_LIB_ECDH, - ERR_LIB_HMAC, - ERR_LIB_DIGEST, - ERR_LIB_CIPHER, - ERR_LIB_HKDF, - ERR_LIB_USER, - ERR_NUM_LIBS -}; - -/** - * @brief clear the SSL error code - * - * @param none - * - * @return none - */ -void ERR_clear_error(void); - -/** - * @brief get the current SSL error code - * - * @param none - * - * @return current SSL error number - */ -uint32_t ERR_get_error(void); - -/** - * @brief peek the current SSL error code, not clearing it - * - * @param none - * - * @return current SSL error number - */ -uint32_t ERR_peek_error(void); - -/** - * @brief peek the last SSL error code, not clearing it - * - * @param none - * - * @return current SSL error number - */ -uint32_t ERR_peek_last_error(void); - -/** - * @brief register the SSL error strings - * - * @param none - * - * @return none - */ -void ERR_load_SSL_strings(void); - -/** - * @brief clear the SSL error code - * - * @param none - * - * @return none - */ -void ERR_clear_error(void); - -/** - * @brief peek the current SSL error code, not clearing it - * - * @param none - * - * @return current SSL error number - */ -uint32_t ERR_peek_error(void); - -/** - * @brief peek the last SSL error code, not clearing it - * - * @param none - * - * @return current SSL error number - */ -uint32_t ERR_peek_last_error(void); - -/** - * @brief capture the current error to the error structure - * - * @param library Related library - * @param unused Not used (used for compliant function prototype) - * @param reason The actual error code - * @param file File name of the error report - * @param line Line number of the error report - * - */ -void ERR_put_error(int library, int unused, int reason, const char *file, unsigned line); - -/** - * @brief Peek the current SSL error, not clearing it - * - * @param file file name of the reported error - * @param line line number of the reported error - * @param data Associated data to the reported error - * @param flags Flags associated to the error - * - * @return current SSL error number - */ -uint32_t ERR_peek_error_line_data(const char **file, int *line, - const char **data, int *flags); - -/** - * @brief Get the current SSL error - * - * @param file file name of the reported error - * @param line line number of the reported error - * @param data Associated data to the reported error - * @param flags Flags associated to the error - * - * @return current SSL error number - */ -uint32_t ERR_get_error_line_data(const char **file, int *line, - const char **data, int *flags); - -/** - * @brief API provided as a declaration only - * - */ -void SSL_load_error_strings(void); - -/** - * @brief API provided as a declaration only - * - */ -void ERR_free_strings(void); - -/** - * @brief API provided as a declaration only - * - */ -void ERR_remove_state(unsigned long pid); - -/** - * @brief Returns error string -- Not implemented - * - * @param packed_error Packed error code - * - * @return NULL - */ -const char *ERR_reason_error_string(uint32_t packed_error); - -#ifdef __cplusplus -} -#endif - -#endif // _OPENSSL_ERR_H diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h deleted file mode 100644 index 9a33e0d33b..0000000000 --- a/components/openssl/include/openssl/ssl.h +++ /dev/null @@ -1,1901 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD - * - * SPDX-License-Identifier: Apache-2.0 - */ - -// Allow for this warning suppression only in IDF_CI_BUILD -#if !defined(ESP_OPENSSL_SUPPRESS_LEGACY_WARNING) || !defined(IDF_CI_BUILD) -#warning "OpenSSL component will be removed from ESP-IDF in v5.0, please use esp_tls instead" -#endif - -#ifndef _SSL_H_ -#define _SSL_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "internal/ssl_x509.h" -#include "internal/ssl_pkey.h" -#include "openssl/bio.h" -#include "openssl/err.h" - -/* -{ -*/ - -#define SSL_CB_ALERT 0x4000 - -#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT (1 << 0) -#define X509_CHECK_FLAG_NO_WILDCARDS (1 << 1) -#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS (1 << 2) -#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS (1 << 3) -#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS (1 << 4) - -/** - * @brief create a SSL context - * - * @param method - the SSL context method point - * - * @return the context point - */ -SSL_CTX* SSL_CTX_new(const SSL_METHOD *method); - -/** - * @brief free a SSL context - * - * @param method - the SSL context point - * - * @return none - */ -void SSL_CTX_free(SSL_CTX *ctx); - -/** - * @brief create a SSL - * - * @param ctx - the SSL context point - * - * @return the SSL point - */ -SSL* SSL_new(SSL_CTX *ctx); - -/** - * @brief free the SSL - * - * @param ssl - the SSL point - * - * @return none - */ -void SSL_free(SSL *ssl); - -/** - * @brief connect to the remote SSL server - * - * @param ssl - the SSL point - * - * @return result - * 1 : OK - * -1 : failed - */ -int SSL_connect(SSL *ssl); - -/** - * @brief accept the remote connection - * - * @param ssl - the SSL point - * - * @return result - * 1 : OK - * -1 : failed - */ -int SSL_accept(SSL *ssl); - -/** - * @brief read data from to remote - * - * @param ssl - the SSL point which has been connected - * @param buffer - the received data buffer point - * @param len - the received data length - * - * @return result - * > 0 : OK, and return received data bytes - * = 0 : connection is closed - * < 0 : an error catch - */ -int SSL_read(SSL *ssl, void *buffer, int len); - -/** - * @brief send the data to remote - * - * @param ssl - the SSL point which has been connected - * @param buffer - the send data buffer point - * @param len - the send data length - * - * @return result - * > 0 : OK, and return sent data bytes - * = 0 : connection is closed - * < 0 : an error catch - */ -int SSL_write(SSL *ssl, const void *buffer, int len); - -/** - * @brief get the verifying result of the SSL certification - * - * @param ssl - the SSL point - * - * @return the result of verifying - */ -long SSL_get_verify_result(const SSL *ssl); - -/** - * @brief shutdown the connection - * - * @param ssl - the SSL point - * - * @return result - * 1 : OK - * 0 : shutdown is not finished - * -1 : an error catch - */ -int SSL_shutdown(SSL *ssl); - -/** - * @brief bind the socket file description into the SSL - * - * @param ssl - the SSL point - * @param fd - socket handle - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_set_fd(SSL *ssl, int fd); - -/** - * @brief Set the hostname for SNI - * - * @param ssl - the SSL context point - * @param hostname - pointer to the hostname - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_set_tlsext_host_name(SSL* ssl, const char *hostname); - -/** - * @brief These functions load the private key into the SSL_CTX or SSL object - * - * @param ctx - the SSL context point - * @param pkey - private key object point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); - -/** - * @brief These functions load the certification into the SSL_CTX or SSL object - * - * @param ctx - the SSL context point - * @param pkey - certification object point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the SSLV2.3 version SSL context client method - */ -const SSL_METHOD* SSLv23_client_method(void); - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the TLSV1.0 version SSL context client method - */ -const SSL_METHOD* TLSv1_client_method(void); - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the SSLV1.0 version SSL context client method - */ -const SSL_METHOD* SSLv3_client_method(void); - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the TLSV1.1 version SSL context client method - */ -const SSL_METHOD* TLSv1_1_client_method(void); - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the TLSV1.2 version SSL context client method - */ -const SSL_METHOD* TLSv1_2_client_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the TLS any version SSL context client method - */ -const SSL_METHOD* TLS_client_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the SSLV2.3 version SSL context server method - */ -const SSL_METHOD* SSLv23_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the TLSV1.1 version SSL context server method - */ -const SSL_METHOD* TLSv1_1_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the TLSV1.2 version SSL context server method - */ -const SSL_METHOD* TLSv1_2_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the TLSV1.0 version SSL context server method - */ -const SSL_METHOD* TLSv1_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the SSLV3.0 version SSL context server method - */ -const SSL_METHOD* SSLv3_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the TLS any version SSL context server method - */ -const SSL_METHOD* TLS_server_method(void); - -/** - * @brief create the target SSL context method - * - * @return the TLS any version SSL context method - */ -const SSL_METHOD* TLS_method(void); - -/** - * @brief create the target SSL context method - * - * @return the TLS1.2 version SSL context method - */ -const SSL_METHOD* TLSv1_2_method(void); - -/** - * @brief create the target SSL context method - * - * @return the TLS1.1 version SSL context method - */ -const SSL_METHOD* TLSv1_1_method(void); - -/** - * @brief create the target SSL context method - * - * @return the TLS1.0 version SSL context method - */ -const SSL_METHOD* TLSv1_method(void); - -/** - * @brief create the target SSL context method - * - * @return the SSLV3.0 version SSL context method - */ -const SSL_METHOD* SSLv3_method(void); - -/** - * @brief create the target SSL context method - * - * @param none - * - * @return the SSLV2.3 version SSL context method - */ -const SSL_METHOD* SSLv23_method(void); - -/** - * @brief Set minimum protocol version for defined context - * - * @param ctx SSL context - * - * @return 1 on success - */ -int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); - -/** - * @brief Set maximum protocol version for defined context - * - * @param ctx SSL context - * - * @return 1 on success - */ -int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); - -/** - * @brief set the SSL context ALPN select callback function - * - * @param ctx - SSL context point - * @param cb - ALPN select callback function - * @param arg - ALPN select callback function entry private data point - * - * @return none - */ -void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), - void *arg); - - -/** - * @brief set the SSL context ALPN select protocol - * - * @param ctx - SSL context point - * @param protos - ALPN protocol name - * @param protos_len - ALPN protocol name bytes - * - * @return result - * 0 : OK - * 1 : failed - */ -int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len); - -/** - * @brief set the SSL context next ALPN select callback function - * - * @param ctx - SSL context point - * @param cb - ALPN select callback function - * @param arg - ALPN select callback function entry private data point - * - * @return none - */ -void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), - void *arg); - -/** - * @brief initialize the SSL library - * - * @param none - * - * @return none - */ -void SSL_library_init(void); - -/** - * @brief generates a human-readable string representing the error code e - * and store it into the "ret" point memory - * - * @param e - error code - * @param ret - memory point to store the string - * - * @return the result string point - */ -char *ERR_error_string(unsigned long e, char *ret); - -/** - * @brief add the SSL context option - * - * @param ctx - SSL context point - * @param opt - new SSL context option - * - * @return the SSL context option - */ -unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt); - -/** - * @brief add the SSL context mode - * - * @param ctx - SSL context point - * @param mod - new SSL context mod - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_mode(SSL_CTX *ctx, int mod); - -/* -} -*/ - -/** - * @brief perform the SSL handshake - * - * @param ssl - SSL point - * - * @return result - * 1 : OK - * 0 : failed - * -1 : a error catch - */ -int SSL_do_handshake(SSL *ssl); - -/** - * @brief get the SSL current version - * - * @param ssl - SSL point - * - * @return the version string - */ -const char *SSL_get_version(const SSL *ssl); - -/** - * @brief set the SSL context version - * - * @param ctx - SSL context point - * @param meth - SSL method point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); - -/** - * @brief get the bytes numbers which are to be read - * - * @param ssl - SSL point - * - * @return bytes number - */ -int SSL_pending(const SSL *ssl); - -/** - * @brief check if SSL want nothing - * - * @param ssl - SSL point - * - * @return result - * 0 : false - * 1 : true - */ -int SSL_want_nothing(const SSL *ssl); - -/** - * @brief check if SSL want to read - * - * @param ssl - SSL point - * - * @return result - * 0 : false - * 1 : true - */ -int SSL_want_read(const SSL *ssl); - -/** - * @brief check if SSL want to write - * - * @param ssl - SSL point - * - * @return result - * 0 : false - * 1 : true - */ -int SSL_want_write(const SSL *ssl); - -/** - * @brief get the SSL context current method - * - * @param ctx - SSL context point - * - * @return the SSL context current method - */ -const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); - -/** - * @brief get the SSL current method - * - * @param ssl - SSL point - * - * @return the SSL current method - */ -const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); - -/** - * @brief set the SSL method - * - * @param ssl - SSL point - * @param meth - SSL method point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method); - -/** - * @brief add CA client certification into the SSL - * - * @param ssl - SSL point - * @param x - CA certification point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_add_client_CA(SSL *ssl, X509 *x); - -/** - * @brief add CA client certification into the SSL context - * - * @param ctx - SSL context point - * @param x - CA certification point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); - -/** - * @brief set the SSL CA certification list - * - * @param ssl - SSL point - * @param name_list - CA certification list - * - * @return none - */ -void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list); - -/** - * @brief set the SSL context CA certification list - * - * @param ctx - SSL context point - * @param name_list - CA certification list - * - * @return none - */ -void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); - -/** - * @briefget the SSL CA certification list - * - * @param ssl - SSL point - * - * @return CA certification list - */ -STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl); - -/** - * @brief get the SSL context CA certification list - * - * @param ctx - SSL context point - * - * @return CA certification list - */ -STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); - -/** - * @brief get the SSL certification point - * - * @param ssl - SSL point - * - * @return SSL certification point - */ -X509 *SSL_get_certificate(const SSL *ssl); - -/** - * @brief get the SSL private key point - * - * @param ssl - SSL point - * - * @return SSL private key point - */ -EVP_PKEY *SSL_get_privatekey(const SSL *ssl); - -/** - * @brief set the SSL information callback function - * - * @param ssl - SSL point - * @param cb - information callback function - * - * @return none - */ -void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)); - -/** - * @brief get the SSL state - * - * @param ssl - SSL point - * - * @return SSL state - */ -OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); - -/** - * @brief set the SSL context read buffer length - * - * @param ctx - SSL context point - * @param len - read buffer length - * - * @return none - */ -void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); - -/** - * @brief set the SSL read buffer length - * - * @param ssl - SSL point - * @param len - read buffer length - * - * @return none - */ -void SSL_set_default_read_buffer_len(SSL *ssl, size_t len); - -/** - * @brief set the SSL security level - * - * @param ssl - SSL point - * @param level - security level - * - * @return none - */ -void SSL_set_security_level(SSL *ssl, int level); - -/** - * @brief get the SSL security level - * - * @param ssl - SSL point - * - * @return security level - */ -int SSL_get_security_level(const SSL *ssl); - -/** - * @brief get the SSL verifying mode of the SSL context - * - * @param ctx - SSL context point - * - * @return verifying mode - */ -int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); - -/** - * @brief get the SSL verifying depth of the SSL context - * - * @param ctx - SSL context point - * - * @return verifying depth - */ -int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); - -/** - * @brief set the SSL context verifying of the SSL context - * - * @param ctx - SSL context point - * @param mode - verifying mode - * @param verify_callback - verifying callback function - * - * @return none - */ -void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *)); - -/** - * @brief set the SSL verifying of the SSL context - * - * @param ctx - SSL point - * @param mode - verifying mode - * @param verify_callback - verifying callback function - * - * @return none - */ -void SSL_set_verify(SSL *s, int mode, int (*verify_callback)(int, X509_STORE_CTX *)); - -/** - * @brief set the SSL verify depth of the SSL context - * - * @param ctx - SSL context point - * @param depth - verifying depth - * - * @return none - */ -void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); - -/** - * @brief certification verifying callback function - * - * @param preverify_ok - verifying result - * @param x509_ctx - X509 certification point - * - * @return verifying result - */ -int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx); - -/** - * @brief set the session timeout time - * - * @param ctx - SSL context point - * @param t - new session timeout time - * - * @return old session timeout time - */ -long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); - -/** - * @brief get the session timeout time - * - * @param ctx - SSL context point - * - * @return current session timeout time - */ -long SSL_CTX_get_timeout(const SSL_CTX *ctx); - -/** - * @brief set the SSL context cipher through the list string - * - * @param ctx - SSL context point - * @param str - cipher controller list string - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); - -/** - * @brief set the SSL cipher through the list string - * - * @param ssl - SSL point - * @param str - cipher controller list string - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_set_cipher_list(SSL *ssl, const char *str); - -/** - * @brief get the SSL cipher list string - * - * @param ssl - SSL point - * - * @return cipher controller list string - */ -const char *SSL_get_cipher_list(const SSL *ssl, int n); - -/** - * @brief get the SSL cipher - * - * @param ssl - SSL point - * - * @return current cipher - */ -const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); - -/** - * @brief get the SSL cipher string - * - * @param ssl - SSL point - * - * @return cipher string - */ -const char *SSL_get_cipher(const SSL *ssl); - -/** - * @brief get the SSL context object X509 certification storage - * - * @param ctx - SSL context point - * - * @return x509 certification storage - */ -X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); - -/** - * @brief set the SSL context object X509 certification store - * - * @param ctx - SSL context point - * @param store - X509 certification store - * - * @return none - */ -void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); - -/** - * @brief get the SSL specifical statement - * - * @param ssl - SSL point - * - * @return specifical statement - */ -int SSL_want(const SSL *ssl); - -/** - * @brief check if the SSL is SSL_X509_LOOKUP state - * - * @param ssl - SSL point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_want_x509_lookup(const SSL *ssl); - -/** - * @brief reset the SSL - * - * @param ssl - SSL point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_clear(SSL *ssl); - -/** - * @brief get the socket handle of the SSL - * - * @param ssl - SSL point - * - * @return result - * >= 0 : yes, and return socket handle - * < 0 : a error catch - */ -int SSL_get_fd(const SSL *ssl); - -/** - * @brief get the read only socket handle of the SSL - * - * @param ssl - SSL point - * - * @return result - * >= 0 : yes, and return socket handle - * < 0 : a error catch - */ -int SSL_get_rfd(const SSL *ssl); - -/** - * @brief get the write only socket handle of the SSL - * - * @param ssl - SSL point - * - * @return result - * >= 0 : yes, and return socket handle - * < 0 : a error catch - */ -int SSL_get_wfd(const SSL *ssl); - -/** - * @brief set the SSL if we can read as many as data - * - * @param ssl - SSL point - * @param yes - enable the function - * - * @return none - */ -void SSL_set_read_ahead(SSL *s, int yes); - -/** - * @brief set the SSL context if we can read as many as data - * - * @param ctx - SSL context point - * @param yes - enbale the function - * - * @return none - */ -void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); - -/** - * @brief get the SSL ahead signal if we can read as many as data - * - * @param ssl - SSL point - * - * @return SSL context ahead signal - */ -int SSL_get_read_ahead(const SSL *ssl); - -/** - * @brief get the SSL context ahead signal if we can read as many as data - * - * @param ctx - SSL context point - * - * @return SSL context ahead signal - */ -long SSL_CTX_get_read_ahead(SSL_CTX *ctx); - -/** - * @brief check if some data can be read - * - * @param ssl - SSL point - * - * @return - * 1 : there are bytes to be read - * 0 : no data - */ -int SSL_has_pending(const SSL *ssl); - -/** - * @brief load the X509 certification into SSL context - * - * @param ctx - SSL context point - * @param x - X509 certification point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);//loads the certificate x into ctx - -/** - * @brief load the ASN1 certification into SSL context - * - * @param ctx - SSL context point - * @param len - certification length - * @param d - data point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); - -/** - * @brief load the certification file into SSL context - * - * @param ctx - SSL context point - * @param file - certification file name - * @param type - certification encoding type - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); - -/** - * @brief load the certification chain file into SSL context - * - * @param ctx - SSL context point - * @param file - certification chain file name - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); - - -/** - * @brief load the ASN1 private key into SSL context - * - * @param ctx - SSL context point - * @param d - data point - * @param len - private key length - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);//adds the private key of type pk stored at memory location d (length len) to ctx - -/** - * @brief load the private key file into SSL context - * - * @param ctx - SSL context point - * @param file - private key file name - * @param type - private key encoding type - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); - -/** - * @brief load the RSA private key into SSL context - * - * @param ctx - SSL context point - * @param x - RSA private key point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); - -/** - * @brief load the RSA ASN1 private key into SSL context - * - * @param ctx - SSL context point - * @param d - data point - * @param len - RSA private key length - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); - -/** - * @brief load the RSA private key file into SSL context - * - * @param ctx - SSL context point - * @param file - RSA private key file name - * @param type - private key encoding type - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); - - -/** - * @brief check if the private key and certification is matched - * - * @param ctx - SSL context point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_check_private_key(const SSL_CTX *ctx); - -/** - * @brief set the SSL context server information - * - * @param ctx - SSL context point - * @param serverinfo - server information string - * @param serverinfo_length - server information length - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, size_t serverinfo_length); - -/** - * @brief load the SSL context server infomation file into SSL context - * - * @param ctx - SSL context point - * @param file - server information file - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); - -/** - * @brief SSL select next function - * - * @param out - point of output data point - * @param outlen - output data length - * @param in - input data - * @param inlen - input data length - * @param client - client data point - * @param client_len -client data length - * - * @return NPN state - * OPENSSL_NPN_UNSUPPORTED : not support - * OPENSSL_NPN_NEGOTIATED : negotiated - * OPENSSL_NPN_NO_OVERLAP : no overlap - */ -int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - const unsigned char *client, unsigned int client_len); - -/** - * @brief load the extra certification chain into the SSL context - * - * @param ctx - SSL context point - * @param x509 - X509 certification - * - * @return result - * 1 : OK - * 0 : failed - */ -long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *); - -/** - * @brief control the SSL context - * - * @param ctx - SSL context point - * @param cmd - command - * @param larg - parameter length - * @param parg - parameter point - * - * @return result - * 1 : OK - * 0 : failed - */ -long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); - -/** - * @brief get the SSL context cipher - * - * @param ctx - SSL context point - * - * @return SSL context cipher - */ -STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx); - -/** - * @brief check if the SSL context can read as many as data - * - * @param ctx - SSL context point - * - * @return result - * 1 : OK - * 0 : failed - */ -long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); - -/** - * @brief get the SSL context extra data - * - * @param ctx - SSL context point - * @param idx - index - * - * @return data point - */ -char *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); - -/** - * @brief get the SSL context quiet shutdown option - * - * @param ctx - SSL context point - * - * @return quiet shutdown option - */ -int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); - -/** - * @brief load the SSL context CA file - * - * @param ctx - SSL context point - * @param CAfile - CA certification file - * @param CApath - CA certification file path - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); - -/** - * @brief add SSL context reference count by '1' - * - * @param ctx - SSL context point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_up_ref(SSL_CTX *ctx); - -/** - * @brief set SSL context application private data - * - * @param ctx - SSL context point - * @param arg - private data - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg); - -/** - * @brief set SSL context client certification callback function - * - * @param ctx - SSL context point - * @param cb - callback function - * - * @return none - */ -void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); - -/** - * @brief set the SSL context if we can read as many as data - * - * @param ctx - SSL context point - * @param m - enable the fuction - * - * @return none - */ -void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m); - -/** - * @brief set SSL context default verifying path - * - * @param ctx - SSL context point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); - -/** - * @brief set SSL context default verifying directory - * - * @param ctx - SSL context point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); - -/** - * @brief set SSL context default verifying file - * - * @param ctx - SSL context point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); - -/** - * @brief set SSL context extra data - * - * @param ctx - SSL context point - * @param idx - data index - * @param arg - data point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg); - -/** - * @brief clear the SSL context option bit of "op" - * - * @param ctx - SSL context point - * @param op - option - * - * @return SSL context option - */ -unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); - -/** - * @brief get the SSL context option - * - * @param ctx - SSL context point - * @param op - option - * - * @return SSL context option - */ -unsigned long SSL_CTX_get_options(SSL_CTX *ctx); - -/** - * @brief set the SSL context quiet shutdown mode - * - * @param ctx - SSL context point - * @param mode - mode - * - * @return none - */ -void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); - -/** - * @brief get the SSL context X509 certification - * - * @param ctx - SSL context point - * - * @return X509 certification - */ -X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); - -/** - * @brief get the SSL context private key - * - * @param ctx - SSL context point - * - * @return private key - */ -EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); - -/** - * @brief set SSL context PSK identity hint - * - * @param ctx - SSL context point - * @param hint - PSK identity hint - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); - -/** - * @brief set SSL context PSK server callback function - * - * @param ctx - SSL context point - * @param callback - callback function - * - * @return none - */ -void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, - unsigned int (*callback)(SSL *ssl, - const char *identity, - unsigned char *psk, - int max_psk_len)); -/** - * @brief get alert description string - * - * @param value - alert value - * - * @return alert description string - */ -const char *SSL_alert_desc_string(int value); - -/** - * @brief get alert description long string - * - * @param value - alert value - * - * @return alert description long string - */ -const char *SSL_alert_desc_string_long(int value); - -/** - * @brief get alert type string - * - * @param value - alert value - * - * @return alert type string - */ -const char *SSL_alert_type_string(int value); - -/** - * @brief get alert type long string - * - * @param value - alert value - * - * @return alert type long string - */ -const char *SSL_alert_type_string_long(int value); - -/** - * @brief get SSL context of the SSL - * - * @param ssl - SSL point - * - * @return SSL context - */ -SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); - -/** - * @brief get SSL application data - * - * @param ssl - SSL point - * - * @return application data - */ -void *SSL_get_app_data(SSL *ssl); - -/** - * @brief get SSL error code - * - * @param ssl - SSL point - * @param ret_code - SSL return code - * - * @return SSL error number - */ -int SSL_get_error(const SSL *ssl, int ret_code); - -/** - * @brief get SSL cipher bits - * - * @param ssl - SSL point - * @param alg_bits - algorithm bits - * - * @return strength bits - */ -int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits); - -/** - * @brief get SSL cipher name - * - * @param ssl - SSL point - * - * @return SSL cipher name - */ -char *SSL_get_cipher_name(const SSL *ssl); - -/** - * @brief get SSL cipher version - * - * @param ssl - SSL point - * - * @return SSL cipher version - */ -char *SSL_get_cipher_version(const SSL *ssl); - -/** - * @brief get SSL extra data - * - * @param ssl - SSL point - * @param idx - data index - * - * @return extra data - */ -char *SSL_get_ex_data(const SSL *ssl, int idx); - -/** - * @brief get index of the SSL extra data X509 storage context - * - * @param none - * - * @return data index - */ -int SSL_get_ex_data_X509_STORE_CTX_idx(void); - -/** - * @brief get peer certification chain - * - * @param ssl - SSL point - * - * @return certification chain - */ -STACK *SSL_get_peer_cert_chain(const SSL *ssl); - -/** - * @brief get peer certification - * - * @param ssl - SSL point - * - * @return certification - */ -X509 *SSL_get_peer_certificate(const SSL *ssl); - -/** - * @brief get SSL quiet shutdown mode - * - * @param ssl - SSL point - * - * @return quiet shutdown mode - */ -int SSL_get_quiet_shutdown(const SSL *ssl); - -/** - * @brief get SSL read only IO handle - * - * @param ssl - SSL point - * - * @return IO handle - */ -BIO *SSL_get_rbio(const SSL *ssl); - -/** - * @brief get SSL shared ciphers - * - * @param ssl - SSL point - * @param buf - buffer to store the ciphers - * @param len - buffer len - * - * @return shared ciphers - */ -char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len); - -/** - * @brief get SSL shutdown mode - * - * @param ssl - SSL point - * - * @return shutdown mode - */ -int SSL_get_shutdown(const SSL *ssl); - -/** - * @brief get SSL session time - * - * @param ssl - SSL point - * - * @return session time - */ -long SSL_get_time(const SSL *ssl); - -/** - * @brief get SSL session timeout time - * - * @param ssl - SSL point - * - * @return session timeout time - */ -long SSL_get_timeout(const SSL *ssl); - -/** - * @brief get SSL verifying mode - * - * @param ssl - SSL point - * - * @return verifying mode - */ -int SSL_get_verify_mode(const SSL *ssl); - -/** - * @brief get SSL verify parameters - * - * @param ssl - SSL point - * - * @return verify parameters - */ -X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); - -/** - * @brief set expected hostname the peer cert CN should have - * - * @param param - verify parameters from SSL_get0_param() - * - * @param name - the expected hostname - * - * @param namelen - the length of the hostname, or 0 if NUL terminated - * - * @return verify parameters - */ -int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen); - -/** - * @brief set parameters for X509 host verify action - * - * @param param -verify parameters from SSL_get0_param() - * - * @param flags - bitfield of X509_CHECK_FLAG_... parameters to set - * - * @return 1 for success, 0 for failure - */ -int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, - unsigned long flags); - -/** - * @brief clear parameters for X509 host verify action - * - * @param param -verify parameters from SSL_get0_param() - * - * @param flags - bitfield of X509_CHECK_FLAG_... parameters to clear - * - * @return 1 for success, 0 for failure - */ -int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param, - unsigned long flags); - -/** - * @brief get SSL write only IO handle - * - * @param ssl - SSL point - * - * @return IO handle - */ -BIO *SSL_get_wbio(const SSL *ssl); - -/** - * @brief load SSL client CA certification file - * - * @param file - file name - * - * @return certification loading object - */ -STACK *SSL_load_client_CA_file(const char *file); - -/** - * @brief add SSL reference by '1' - * - * @param ssl - SSL point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_up_ref(SSL *ssl); - -/** - * @brief read and put data into buf, but not clear the SSL low-level storage - * - * @param ssl - SSL point - * @param buf - storage buffer point - * @param num - data bytes - * - * @return result - * > 0 : OK, and return read bytes - * = 0 : connect is closed - * < 0 : a error catch - */ -int SSL_peek(SSL *ssl, void *buf, int num); - -/** - * @brief make SSL renegotiate - * - * @param ssl - SSL point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_renegotiate(SSL *ssl); - -/** - * @brief get the state string where SSL is reading - * - * @param ssl - SSL point - * - * @return state string - */ -const char *SSL_rstate_string(SSL *ssl); - -/** - * @brief get the statement long string where SSL is reading - * - * @param ssl - SSL point - * - * @return statement long string - */ -const char *SSL_rstate_string_long(SSL *ssl); - -/** - * @brief set SSL accept statement - * - * @param ssl - SSL point - * - * @return none - */ -void SSL_set_accept_state(SSL *ssl); - -/** - * @brief set SSL application data - * - * @param ssl - SSL point - * @param arg - SSL application data point - * - * @return none - */ -void SSL_set_app_data(SSL *ssl, void *arg); - -/** - * @brief set SSL BIO - * - * @param ssl - SSL point - * @param rbio - read only IO - * @param wbio - write only IO - * - * @return none - */ -void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); - -/** - * @brief clear SSL option - * - * @param ssl - SSL point - * @param op - clear option - * - * @return SSL option - */ -unsigned long SSL_clear_options(SSL *ssl, unsigned long op); - -/** - * @brief get SSL option - * - * @param ssl - SSL point - * - * @return SSL option - */ -unsigned long SSL_get_options(SSL *ssl); - -/** - * @brief clear SSL option - * - * @param ssl - SSL point - * @param op - setting option - * - * @return SSL option - */ -unsigned long SSL_set_options(SSL *ssl, unsigned long op); - -/** - * @brief set SSL quiet shutdown mode - * - * @param ssl - SSL point - * @param mode - quiet shutdown mode - * - * @return none - */ -void SSL_set_quiet_shutdown(SSL *ssl, int mode); - -/** - * @brief set SSL shutdown mode - * - * @param ssl - SSL point - * @param mode - shutdown mode - * - * @return none - */ -void SSL_set_shutdown(SSL *ssl, int mode); - -/** - * @brief set SSL session time - * - * @param ssl - SSL point - * @param t - session time - * - * @return session time - */ -void SSL_set_time(SSL *ssl, long t); - -/** - * @brief set SSL session timeout time - * - * @param ssl - SSL point - * @param t - session timeout time - * - * @return session timeout time - */ -void SSL_set_timeout(SSL *ssl, long t); - -/** - * @brief get SSL statement string - * - * @param ssl - SSL point - * - * @return SSL statement string - */ -const char *SSL_state_string(const SSL *ssl); - -/** - * @brief get SSL statement long string - * - * @param ssl - SSL point - * - * @return SSL statement long string - */ -char *SSL_state_string_long(const SSL *ssl); - -/** - * @brief get SSL renegotiation count - * - * @param ssl - SSL point - * - * @return renegotiation count - */ -long SSL_total_renegotiations(SSL *ssl); - -/** - * @brief get SSL version - * - * @param ssl - SSL point - * - * @return SSL version - */ -int SSL_version(const SSL *ssl); - -/** - * @brief set SSL PSK identity hint - * - * @param ssl - SSL point - * @param hint - identity hint - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); - -/** - * @brief get SSL PSK identity hint - * - * @param ssl - SSL point - * - * @return identity hint - */ -const char *SSL_get_psk_identity_hint(SSL *ssl); - -/** - * @brief get SSL PSK identity - * - * @param ssl - SSL point - * - * @return identity - */ -const char *SSL_get_psk_identity(SSL *ssl); - -/** - * @brief set the SSL verify depth of the SSL - * - * @param ssl - SSL context - * @param depth - Depth level to verify - * - */ -void SSL_set_verify_depth(SSL *ssl, int depth); - -/** - * @brief Get default verify callback - * - * @param ctx - SSL context - * @return verify_callback - verifying callback function - * - */ -openssl_verify_callback SSL_CTX_get_verify_callback(const SSL_CTX *ctx); - -/** - * @brief Get default verify callback - * - * @param ctx - SSL context - * @return verify_callback - verifying callback function - * - */ -openssl_verify_callback SSL_get_verify_callback(const SSL *s); - -/** - * @brief Frees RSA object - * - * Current implementation calls directly EVP_PKEY free - * - * @param r RSA object - * - */ -void RSA_free(RSA *r); - -/** - * @brief Sets SSL mode, partially implemented - * - * @param ssl SSL context - * - * @return the new mode bitmask after adding mode - */ -uint32_t SSL_set_mode(SSL *ssl, uint32_t mode); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/components/openssl/include/platform/ssl_opt.h b/components/openssl/include/platform/ssl_opt.h deleted file mode 100644 index a9c55e8c46..0000000000 --- a/components/openssl/include/platform/ssl_opt.h +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_OPT_H_ -#define _SSL_OPT_H_ - -#include "sdkconfig.h" - -#endif diff --git a/components/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h deleted file mode 100644 index f028a0cee8..0000000000 --- a/components/openssl/include/platform/ssl_pm.h +++ /dev/null @@ -1,63 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_PM_H_ -#define _SSL_PM_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include -#include "ssl_types.h" -#include "ssl_port.h" - -#define LOCAL_ATRR - -int ssl_pm_new(SSL *ssl); -void ssl_pm_free(SSL *ssl); - -int ssl_pm_handshake(SSL *ssl); -int ssl_pm_shutdown(SSL *ssl); -int ssl_pm_clear(SSL *ssl); - -int ssl_pm_read(SSL *ssl, void *buffer, int len); -int ssl_pm_send(SSL *ssl, const void *buffer, int len); -int ssl_pm_pending(const SSL *ssl); - -void ssl_pm_set_fd(SSL *ssl, int fd, int mode); -int ssl_pm_get_fd(const SSL *ssl, int mode); - -void ssl_pm_set_hostname(SSL *ssl, const char *hostname); - -OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl); - -void ssl_pm_set_bufflen(SSL *ssl, int len); - -int x509_pm_show_info(X509 *x); -int x509_pm_new(X509 *x, X509 *m_x); -void x509_pm_free(X509 *x); -int x509_pm_load(X509 *x, const unsigned char *buffer, int len); - -int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pk); -void pkey_pm_free(EVP_PKEY *pk); -int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len); - -long ssl_pm_get_verify_result(const SSL *ssl); - -#ifdef __cplusplus - } -#endif - -#endif diff --git a/components/openssl/include/platform/ssl_port.h b/components/openssl/include/platform/ssl_port.h deleted file mode 100644 index 492ea405b2..0000000000 --- a/components/openssl/include/platform/ssl_port.h +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_PORT_H_ -#define _SSL_PORT_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "esp_types.h" -#include "esp_log.h" -#include "string.h" -#include "malloc.h" - -void *ssl_mem_zalloc(size_t size); - -#define ssl_mem_malloc malloc -#define ssl_mem_free free - -#define ssl_memcpy memcpy -#define ssl_strlen strlen - -#define ssl_speed_up_enter() -#define ssl_speed_up_exit() - -#define SSL_DEBUG_FL -#define SSL_DEBUG_LOG(fmt, ...) ESP_LOGI("openssl", fmt, ##__VA_ARGS__) - -#ifdef __cplusplus - } -#endif - -#endif diff --git a/components/openssl/library/ssl_bio.c b/components/openssl/library/ssl_bio.c deleted file mode 100644 index 51d9d51d01..0000000000 --- a/components/openssl/library/ssl_bio.c +++ /dev/null @@ -1,209 +0,0 @@ -// Copyright 2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_lib.h" -#include "openssl/bio.h" -#include "ssl_dbg.h" -#include "openssl/err.h" - -#define DEFAULT_BIO_SIZE 1024 - -BIO *BIO_new_mem_buf(void *buf, int len) -{ - BIO_METHOD m = { .type = BIO_TYPE_MEM, .size = 0 }; - BIO *b = BIO_new(&m); - if (b) { - b->dlen = len; - b->data = buf; - } - return b; -} - -/** - * @brief create a BIO object - */ -BIO *BIO_new(BIO_METHOD * method) -{ - BIO *b = (BIO *)ssl_mem_zalloc(sizeof(BIO)); - if (!b) { - OPENSSL_PUT_LIB_ERROR(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - goto err; - } - if (method) { - b->size = method->size; - b->type = method->type; - } else { - b->type = BIO_TYPE_NONE; - } - if ((b->type & BIO_TYPE_BIO) && b->size) { - b->data = ssl_mem_zalloc(b->size); - if (!b->data) { - OPENSSL_PUT_LIB_ERROR(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - goto err; - } - } - return b; - -err: - if (b && (b->type&BIO_TYPE_BIO)) { - ssl_mem_free(b->data); - } - ssl_mem_free(b); - return NULL; -} - -/** - * @brief free a BIO object - */ -void BIO_free(BIO *b) -{ - if (b && (b->type&BIO_TYPE_BIO)) { - ssl_mem_free(b->data); - } - ssl_mem_free(b); -} - -int BIO_new_bio_pair(BIO **out1, size_t writebuf1, BIO **out2, size_t writebuf2) -{ - BIO *bio1 = NULL; - BIO *bio2 = NULL; - if (!writebuf1) { - writebuf1 = DEFAULT_BIO_SIZE; - } - if (!writebuf2) { - writebuf2 = DEFAULT_BIO_SIZE; - } - BIO_METHOD m1 = { - .size = writebuf1, - .type = BIO_TYPE_BIO, - }; - BIO_METHOD m2 = { - .size = writebuf1, - .type = BIO_TYPE_BIO, - }; - bio1 = BIO_new(&m1); - if (!bio1) { - goto err; - } - bio2 = BIO_new(&m2); - if (!bio2) { - goto err; - } - *out1 = bio1; - *out2 = bio2; - bio1->peer = bio2; - bio1->size = writebuf1; - bio2->peer = bio1; - bio2->size = writebuf2; - return 1; - -err: - if (bio1) - { - BIO_free(bio1); - *out1 = NULL; - } - if (bio2) - { - BIO_free(bio2); - *out2 = NULL; - } - return 0; - -} - -/** - * @brief get the memory BIO method function - */ -void *BIO_s_mem(void) -{ - return NULL; -} - -int BIO_method_type(const BIO *b) -{ - SSL_ASSERT1(b); - return b->type; -} - -/** - * @brief load data into BIO. - * - */ -int BIO_write(BIO *b, const void * data, int dlen) -{ - SSL_ASSERT1(b); - int remaining = b->size - b->offset; - if (remaining <= 0) { - b->flags |= BIO_FLAGS_WRITE; - return -1; - } - int len_to_write = dlen > remaining?remaining:dlen; - memcpy(b->data + b->offset, data, len_to_write); - b->offset += len_to_write; - b->dlen = b->offset; - if (len_to_write == dlen) { - b->flags &= ~BIO_FLAGS_WRITE; - } - return len_to_write; -} - -/** - * @brief Read from BIO. - * - */ -int BIO_read(BIO *bio, void *data, int len) -{ - SSL_ASSERT1(bio); - BIO *peer = bio->peer; - int remaining = peer->dlen - peer->roffset; - if (remaining <= 0) { - bio->flags |= BIO_FLAGS_READ; - return -1; - } - int len_to_read = remaining > len ? len : remaining; - memcpy(data, peer->data + peer->roffset, len_to_read); - peer->roffset += len_to_read; - if (len_to_read == len) { - bio->flags &= ~BIO_FLAGS_READ; - } - if (peer->offset) { - // shift data back to the beginning of the buffer - memmove(peer->data, peer->data+peer->roffset, peer->offset - peer->roffset); - peer->offset -= peer->roffset; - peer->roffset = 0; - peer->dlen = peer->offset; - } - return len_to_read; -} - -size_t BIO_wpending(const BIO *bio) -{ - return bio->dlen - bio->roffset; -} - -size_t BIO_ctrl_pending(const BIO *bio) -{ - return bio->peer->dlen - bio->peer->roffset; -} - -size_t BIO_ctrl_get_write_guarantee(BIO *b) -{ - return (long)b->size - b->dlen; -} - -int BIO_test_flags(const BIO *b, int flags) -{ - return (b->flags & flags); -} diff --git a/components/openssl/library/ssl_cert.c b/components/openssl/library/ssl_cert.c deleted file mode 100644 index 5c608125ac..0000000000 --- a/components/openssl/library/ssl_cert.c +++ /dev/null @@ -1,87 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_cert.h" -#include "ssl_pkey.h" -#include "ssl_x509.h" -#include "ssl_dbg.h" -#include "ssl_port.h" - -/** - * @brief create a certification object according to input certification - */ -CERT *__ssl_cert_new(CERT *ic) -{ - CERT *cert; - - X509 *ix; - EVP_PKEY *ipk; - - cert = ssl_mem_zalloc(sizeof(CERT)); - if (!cert) { - SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "no enough memory > (cert)"); - goto no_mem; - } - - if (ic) { - ipk = ic->pkey; - ix = ic->x509; - } else { - ipk = NULL; - ix = NULL; - } - - cert->pkey = __EVP_PKEY_new(ipk); - if (!cert->pkey) { - SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__EVP_PKEY_new() return NULL"); - goto pkey_err; - } - - cert->x509 = __X509_new(ix); - if (!cert->x509) { - SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__X509_new() return NULL"); - goto x509_err; - } - - return cert; - -x509_err: - EVP_PKEY_free(cert->pkey); -pkey_err: - ssl_mem_free(cert); -no_mem: - return NULL; -} - -/** - * @brief create a certification object include private key object - */ -CERT *ssl_cert_new(void) -{ - return __ssl_cert_new(NULL); -} - -/** - * @brief free a certification object - */ -void ssl_cert_free(CERT *cert) -{ - SSL_ASSERT3(cert); - - X509_free(cert->x509); - - EVP_PKEY_free(cert->pkey); - - ssl_mem_free(cert); -} diff --git a/components/openssl/library/ssl_err.c b/components/openssl/library/ssl_err.c deleted file mode 100644 index a4b2c04026..0000000000 --- a/components/openssl/library/ssl_err.c +++ /dev/null @@ -1,120 +0,0 @@ -// Copyright 2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_dbg.h" - -struct err_error_st { - /* file contains the filename where the error occurred. */ - const char *file; - /* packed contains the error library and reason, as packed by ERR_PACK. */ - uint32_t packed; - /* line contains the line number where the error occurred. */ - uint32_t line; -}; - -#define ERR_NUM_ERRORS 4 - -typedef struct err_state_st { - /* errors contains the ERR_NUM_ERRORS most recent errors, organised as a ring - * buffer. */ - struct err_error_st errors[ERR_NUM_ERRORS]; - /* top contains the index one past the most recent error. If |top| equals - * |bottom| then the queue is empty. */ - unsigned top; - /* bottom contains the index of the last error in the queue. */ - unsigned bottom; -} ERR_STATE; - -#if CONFIG_OPENSSL_ERROR_STACK -static ERR_STATE s_err_state = { 0 }; -#endif - -void ERR_clear_error(void) -{ -#if CONFIG_OPENSSL_ERROR_STACK - memset(&s_err_state.errors[0], 0, sizeof(struct err_state_st)); - s_err_state.top = s_err_state.bottom = 0; -#endif -} - -static uint32_t ERR_get_peek_error_internal(const char **file, int *line, bool peak) -{ -#if CONFIG_OPENSSL_ERROR_STACK - if (s_err_state.top == s_err_state.bottom) { - return 0; - } - unsigned new_bottom = (s_err_state.bottom + 1) % ERR_NUM_ERRORS; - int err = s_err_state.errors[new_bottom].packed; - - if (file) { - *file = s_err_state.errors[new_bottom].file; - } - if (line) { - *line = s_err_state.errors[new_bottom].line; - } - - if (peak == false) { - memset(&s_err_state.errors[new_bottom], 0, sizeof(struct err_error_st)); - s_err_state.bottom = new_bottom; - } - - return err; -#else - return 0; -#endif -} - -uint32_t ERR_get_error(void) -{ - return ERR_get_peek_error_internal(NULL, NULL, false); -} - -uint32_t ERR_peek_error(void) -{ - return ERR_get_peek_error_internal(NULL, NULL, true); -} - -uint32_t ERR_peek_last_error(void) -{ - return ERR_get_peek_error_internal(NULL, NULL, true); -} - -uint32_t ERR_peek_error_line_data(const char **file, int *line, const char **data, int *flags) -{ - return ERR_get_peek_error_internal(file, line, true); -} - -uint32_t ERR_get_error_line_data(const char **file, int *line, const char **data, int *flags) -{ - return ERR_get_peek_error_internal(file, line, false); -} - -const char *ERR_reason_error_string(uint32_t packed_error) -{ - return NULL; -} - -void ERR_put_error(int library, int unused, int reason, const char *file, unsigned line) -{ -#if CONFIG_OPENSSL_ERROR_STACK - s_err_state.top = (s_err_state.top + 1) % ERR_NUM_ERRORS; - if (s_err_state.top == s_err_state.bottom) { - s_err_state.bottom = (s_err_state.bottom + 1) % ERR_NUM_ERRORS; - } - - s_err_state.errors[s_err_state.top].packed = (uint32_t)library<<24 | abs(reason); - s_err_state.errors[s_err_state.top].file = file; - s_err_state.errors[s_err_state.top].line = line; -#endif -} diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c deleted file mode 100644 index 01374a214c..0000000000 --- a/components/openssl/library/ssl_lib.c +++ /dev/null @@ -1,1684 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_lib.h" -#include "ssl_pkey.h" -#include "ssl_x509.h" -#include "ssl_cert.h" -#include "ssl_dbg.h" -#include "ssl_port.h" - -#define SSL_SEND_DATA_MAX_LENGTH 1460 - -/** - * @brief create a new SSL session object - */ -static SSL_SESSION* SSL_SESSION_new(void) -{ - SSL_SESSION *session; - - session = ssl_mem_zalloc(sizeof(SSL_SESSION)); - if (!session) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (session)"); - goto failed1; - } - - session->peer = X509_new(); - if (!session->peer) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL"); - goto failed2; - } - - return session; - -failed2: - ssl_mem_free(session); -failed1: - return NULL; -} - -/** - * @brief free a new SSL session object - */ -static void SSL_SESSION_free(SSL_SESSION *session) -{ - X509_free(session->peer); - ssl_mem_free(session); -} - -/** - * @brief Discover whether the current connection is in the error state - */ -int ossl_statem_in_error(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - if (ssl->statem.state == MSG_FLOW_ERROR) - return 1; - - return 0; -} - -/** - * @brief get the SSL specifical statement - */ -int SSL_want(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->rwstate; -} - -/** - * @brief check if SSL want nothing - */ -int SSL_want_nothing(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return (SSL_want(ssl) == SSL_NOTHING); -} - -/** - * @brief check if SSL want to read - */ -int SSL_want_read(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return (SSL_want(ssl) == SSL_READING); -} - -/** - * @brief check if SSL want to write - */ -int SSL_want_write(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return (SSL_want(ssl) == SSL_WRITING); -} - -/** - * @brief check if SSL want to lookup X509 certification - */ -int SSL_want_x509_lookup(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return (SSL_want(ssl) == SSL_WRITING); -} - -/** - * @brief get SSL error code - */ -int SSL_get_error(const SSL *ssl, int ret_code) -{ - int ret = SSL_ERROR_SYSCALL; - - SSL_ASSERT1(ssl); - - if (ret_code > 0) - ret = SSL_ERROR_NONE; - else if (ret_code < 0) - { - if (SSL_want_read(ssl)) - ret = SSL_ERROR_WANT_READ; - else if (SSL_want_write(ssl)) - ret = SSL_ERROR_WANT_WRITE; - else - ret = SSL_ERROR_SYSCALL; //unknown - } - else // ret_code == 0 - { - if (ssl->shutdown & SSL_RECEIVED_SHUTDOWN) - ret = SSL_ERROR_ZERO_RETURN; - else - ret = SSL_ERROR_SYSCALL; - } - - return ret; -} - -/** - * @brief get the SSL state - */ -OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) -{ - OSSL_HANDSHAKE_STATE state; - - SSL_ASSERT1(ssl); - - state = SSL_METHOD_CALL(get_state, ssl); - - return state; -} - -/** - * @brief create a SSL context - */ -SSL_CTX* SSL_CTX_new(const SSL_METHOD *method) -{ - SSL_CTX *ctx; - CERT *cert; - X509 *client_ca; - - if (!method) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no no_method"); - return NULL; - } - - client_ca = X509_new(); - if (!client_ca) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL"); - goto failed1; - } - - cert = ssl_cert_new(); - if (!cert) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "ssl_cert_new() return NULL"); - goto failed2; - } - - ctx = (SSL_CTX *)ssl_mem_zalloc(sizeof(SSL_CTX)); - if (!ctx) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ctx)"); - goto failed3; - } - - ctx->method = method; - ctx->client_CA = client_ca; - ctx->cert = cert; - - ctx->version = method->version; - - return ctx; - -failed3: - ssl_cert_free(cert); -failed2: - X509_free(client_ca); -failed1: - return NULL; -} - -/** - * @brief free a SSL context - */ -void SSL_CTX_free(SSL_CTX* ctx) -{ - SSL_ASSERT3(ctx); - - ssl_cert_free(ctx->cert); - - X509_free(ctx->client_CA); - - if (ctx->ssl_alpn.alpn_string) { - ssl_mem_free((void *)ctx->ssl_alpn.alpn_string); - } - - ssl_mem_free(ctx); -} - -/** - * @brief set the SSL context version - */ -int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) -{ - SSL_ASSERT1(ctx); - SSL_ASSERT1(meth); - - ctx->method = meth; - - ctx->version = meth->version; - - return 1; -} - -/** - * @brief get the SSL context current method - */ -const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) -{ - SSL_ASSERT2(ctx); - - return ctx->method; -} - -/** - * @brief create a SSL - */ -SSL *SSL_new(SSL_CTX *ctx) -{ - int ret = 0; - SSL *ssl; - - if (!ctx) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no ctx"); - return NULL; - } - - ssl = (SSL *)ssl_mem_zalloc(sizeof(SSL)); - if (!ssl) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ssl)"); - goto failed1; - } - - ssl->session = SSL_SESSION_new(); - if (!ssl->session) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_SESSION_new() return NULL"); - goto failed2; - } - - ssl->cert = __ssl_cert_new(ctx->cert); - if (!ssl->cert) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__ssl_cert_new() return NULL"); - goto failed3; - } - - ssl->client_CA = __X509_new(ctx->client_CA); - if (!ssl->client_CA) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__X509_new() return NULL"); - goto failed4; - } - - ssl->ctx = ctx; - ssl->method = ctx->method; - - ssl->version = ctx->version; - ssl->options = ctx->options; - - ssl->verify_mode = ctx->verify_mode; - - ret = SSL_METHOD_CALL(new, ssl); - if (ret) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret); - goto failed5; - } - - ssl->rwstate = SSL_NOTHING; - - return ssl; - -failed5: - X509_free(ssl->client_CA); -failed4: - ssl_cert_free(ssl->cert); -failed3: - SSL_SESSION_free(ssl->session); -failed2: - ssl_mem_free(ssl); -failed1: - return NULL; -} - -/** - * @brief free the SSL - */ -void SSL_free(SSL *ssl) -{ - SSL_ASSERT3(ssl); - - SSL_METHOD_CALL(free, ssl); - - X509_free(ssl->client_CA); - - ssl_cert_free(ssl->cert); - - SSL_SESSION_free(ssl->session); - - ssl_mem_free(ssl); -} - -/** - * @brief perform the SSL handshake - */ -int SSL_do_handshake(SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - ret = SSL_METHOD_CALL(handshake, ssl); - - return ret; -} - -/** - * @brief connect to the remote SSL server - */ -int SSL_connect(SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return SSL_do_handshake(ssl); -} - -/** - * @brief accept the remote connection - */ -int SSL_accept(SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return SSL_do_handshake(ssl); -} - -/** - * @brief shutdown the connection - */ -int SSL_shutdown(SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - if (SSL_get_state(ssl) != TLS_ST_OK) return 1; - - ret = SSL_METHOD_CALL(shutdown, ssl); - - return ret; -} - -/** - * @brief reset the SSL - */ -int SSL_clear(SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - ret = SSL_shutdown(ssl); - if (1 != ret) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret); - goto failed1; - } - - SSL_METHOD_CALL(free, ssl); - - ret = SSL_METHOD_CALL(new, ssl); - if (!ret) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret); - goto failed1; - } - - return 1; - -failed1: - return ret; -} - -/** - * @brief read data from to remote - */ -int SSL_read(SSL *ssl, void *buffer, int len) -{ - int ret; - - SSL_ASSERT1(ssl); - SSL_ASSERT1(buffer); - SSL_ASSERT1(len); - - ssl->rwstate = SSL_READING; - - ret = SSL_METHOD_CALL(read, ssl, buffer, len); - - if (ret == len) - ssl->rwstate = SSL_NOTHING; - - return ret; -} - -/** - * @brief send the data to remote - */ -int SSL_write(SSL *ssl, const void *buffer, int len) -{ - int ret; - int send_bytes; - const unsigned char *pbuf; - - SSL_ASSERT1(ssl); - SSL_ASSERT1(buffer); - SSL_ASSERT1(len); - - ssl->rwstate = SSL_WRITING; - - send_bytes = len; - pbuf = (const unsigned char *)buffer; - - do { - int bytes; - - if (send_bytes > SSL_SEND_DATA_MAX_LENGTH) - bytes = SSL_SEND_DATA_MAX_LENGTH; - else - bytes = send_bytes; - - ret = SSL_METHOD_CALL(send, ssl, pbuf, bytes); - if (ret > 0) { - pbuf += ret; - send_bytes -= ret; - } - } while (ret > 0 && send_bytes); - - if (ret >= 0) { - ret = len - send_bytes; - ssl->rwstate = SSL_NOTHING; - } else - ret = -1; - - return ret; -} - -/** - * @brief get SSL context of the SSL - */ -SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) -{ - SSL_ASSERT2(ssl); - - return ssl->ctx; -} - -/** - * @brief get the SSL current method - */ -const SSL_METHOD *SSL_get_ssl_method(SSL *ssl) -{ - SSL_ASSERT2(ssl); - - return ssl->method; -} - -/** - * @brief set the SSL method - */ -int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method) -{ - int ret; - - SSL_ASSERT1(ssl); - SSL_ASSERT1(method); - - if (ssl->version != method->version) { - - ret = SSL_shutdown(ssl); - if (1 != ret) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret); - goto failed1; - } - - SSL_METHOD_CALL(free, ssl); - - ssl->method = method; - - ret = SSL_METHOD_CALL(new, ssl); - if (!ret) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret); - goto failed1; - } - } else { - ssl->method = method; - } - - - return 1; - -failed1: - return ret; -} - -/** - * @brief get SSL shutdown mode - */ -int SSL_get_shutdown(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->shutdown; -} - -/** - * @brief set SSL shutdown mode - */ -void SSL_set_shutdown(SSL *ssl, int mode) -{ - SSL_ASSERT3(ssl); - - ssl->shutdown = mode; -} - - -/** - * @brief get the number of the bytes to be read - */ -int SSL_pending(const SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - ret = SSL_METHOD_CALL(pending, ssl); - - return ret; -} - -/** - * @brief check if some data can be read - */ -int SSL_has_pending(const SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - if (SSL_pending(ssl)) - ret = 1; - else - ret = 0; - - return ret; -} - -/** - * @brief clear the SSL context option bit of "op" - */ -unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op) -{ - SSL_ASSERT1(ctx); - - return ctx->options &= ~op; -} - -/** - * @brief get the SSL context option - */ -unsigned long SSL_CTX_get_options(SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - return ctx->options; -} - -/** - * @brief set the option of the SSL context - */ -unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt) -{ - SSL_ASSERT1(ctx); - - return ctx->options |= opt; -} - -/** - * @brief clear SSL option - */ -unsigned long SSL_clear_options(SSL *ssl, unsigned long op) -{ - SSL_ASSERT1(ssl); - - return ssl->options & ~op; -} - -/** - * @brief get SSL option - */ -unsigned long SSL_get_options(SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->options; -} - -/** - * @brief clear SSL option - */ -unsigned long SSL_set_options(SSL *ssl, unsigned long op) -{ - SSL_ASSERT1(ssl); - - return ssl->options |= op; -} - -/** - * @brief get the socket handle of the SSL - */ -int SSL_get_fd(const SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - ret = SSL_METHOD_CALL(get_fd, ssl, 0); - - return ret; -} - -/** - * @brief get the read only socket handle of the SSL - */ -int SSL_get_rfd(const SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - ret = SSL_METHOD_CALL(get_fd, ssl, 0); - - return ret; -} - -/** - * @brief get the write only socket handle of the SSL - */ -int SSL_get_wfd(const SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - ret = SSL_METHOD_CALL(get_fd, ssl, 0); - - return ret; -} - -/** - * @brief bind the socket file description into the SSL - */ -int SSL_set_fd(SSL *ssl, int fd) -{ - SSL_ASSERT1(ssl); - SSL_ASSERT1(fd >= 0); - - SSL_METHOD_CALL(set_fd, ssl, fd, 0); - - return 1; -} - -/** - * @brief bind the read only socket file description into the SSL - */ -int SSL_set_rfd(SSL *ssl, int fd) -{ - SSL_ASSERT1(ssl); - SSL_ASSERT1(fd >= 0); - - SSL_METHOD_CALL(set_fd, ssl, fd, 0); - - return 1; -} - -/** - * @brief bind the write only socket file description into the SSL - */ -int SSL_set_wfd(SSL *ssl, int fd) -{ - SSL_ASSERT1(ssl); - SSL_ASSERT1(fd >= 0); - - SSL_METHOD_CALL(set_fd, ssl, fd, 0); - - return 1; -} - -/** - * @brief SET TLS Hostname - */ -int SSL_set_tlsext_host_name(SSL* ssl, const char *hostname) -{ - SSL_ASSERT1(ssl); - SSL_ASSERT1(hostname); - - SSL_METHOD_CALL(set_hostname, ssl, hostname); - - return 1; -} - -/** - * @brief get SSL version - */ -int SSL_version(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->version; -} - -/** - * @brief get the SSL version string - */ -static const char* ssl_protocol_to_string(int version) -{ - const char *str; - - if (version == TLS1_2_VERSION) - str = "TLSv1.2"; - else if (version == TLS1_1_VERSION) - str = "TLSv1.1"; - else if (version == TLS1_VERSION) - str = "TLSv1"; - else if (version == SSL3_VERSION) - str = "SSLv3"; - else - str = "unknown"; - - return str; -} - -/** - * @brief get the SSL current version - */ -const char *SSL_get_version(const SSL *ssl) -{ - SSL_ASSERT2(ssl); - - return ssl_protocol_to_string(SSL_version(ssl)); -} - -/** - * @brief get alert description string - */ -const char* SSL_alert_desc_string(int value) -{ - const char *str; - - switch (value & 0xff) - { - case SSL3_AD_CLOSE_NOTIFY: - str = "CN"; - break; - case SSL3_AD_UNEXPECTED_MESSAGE: - str = "UM"; - break; - case SSL3_AD_BAD_RECORD_MAC: - str = "BM"; - break; - case SSL3_AD_DECOMPRESSION_FAILURE: - str = "DF"; - break; - case SSL3_AD_HANDSHAKE_FAILURE: - str = "HF"; - break; - case SSL3_AD_NO_CERTIFICATE: - str = "NC"; - break; - case SSL3_AD_BAD_CERTIFICATE: - str = "BC"; - break; - case SSL3_AD_UNSUPPORTED_CERTIFICATE: - str = "UC"; - break; - case SSL3_AD_CERTIFICATE_REVOKED: - str = "CR"; - break; - case SSL3_AD_CERTIFICATE_EXPIRED: - str = "CE"; - break; - case SSL3_AD_CERTIFICATE_UNKNOWN: - str = "CU"; - break; - case SSL3_AD_ILLEGAL_PARAMETER: - str = "IP"; - break; - case TLS1_AD_DECRYPTION_FAILED: - str = "DC"; - break; - case TLS1_AD_RECORD_OVERFLOW: - str = "RO"; - break; - case TLS1_AD_UNKNOWN_CA: - str = "CA"; - break; - case TLS1_AD_ACCESS_DENIED: - str = "AD"; - break; - case TLS1_AD_DECODE_ERROR: - str = "DE"; - break; - case TLS1_AD_DECRYPT_ERROR: - str = "CY"; - break; - case TLS1_AD_EXPORT_RESTRICTION: - str = "ER"; - break; - case TLS1_AD_PROTOCOL_VERSION: - str = "PV"; - break; - case TLS1_AD_INSUFFICIENT_SECURITY: - str = "IS"; - break; - case TLS1_AD_INTERNAL_ERROR: - str = "IE"; - break; - case TLS1_AD_USER_CANCELLED: - str = "US"; - break; - case TLS1_AD_NO_RENEGOTIATION: - str = "NR"; - break; - case TLS1_AD_UNSUPPORTED_EXTENSION: - str = "UE"; - break; - case TLS1_AD_CERTIFICATE_UNOBTAINABLE: - str = "CO"; - break; - case TLS1_AD_UNRECOGNIZED_NAME: - str = "UN"; - break; - case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - str = "BR"; - break; - case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: - str = "BH"; - break; - case TLS1_AD_UNKNOWN_PSK_IDENTITY: - str = "UP"; - break; - default: - str = "UK"; - break; - } - - return str; -} - -/** - * @brief get alert description long string - */ -const char* SSL_alert_desc_string_long(int value) -{ - const char *str; - - switch (value & 0xff) - { - case SSL3_AD_CLOSE_NOTIFY: - str = "close notify"; - break; - case SSL3_AD_UNEXPECTED_MESSAGE: - str = "unexpected_message"; - break; - case SSL3_AD_BAD_RECORD_MAC: - str = "bad record mac"; - break; - case SSL3_AD_DECOMPRESSION_FAILURE: - str = "decompression failure"; - break; - case SSL3_AD_HANDSHAKE_FAILURE: - str = "handshake failure"; - break; - case SSL3_AD_NO_CERTIFICATE: - str = "no certificate"; - break; - case SSL3_AD_BAD_CERTIFICATE: - str = "bad certificate"; - break; - case SSL3_AD_UNSUPPORTED_CERTIFICATE: - str = "unsupported certificate"; - break; - case SSL3_AD_CERTIFICATE_REVOKED: - str = "certificate revoked"; - break; - case SSL3_AD_CERTIFICATE_EXPIRED: - str = "certificate expired"; - break; - case SSL3_AD_CERTIFICATE_UNKNOWN: - str = "certificate unknown"; - break; - case SSL3_AD_ILLEGAL_PARAMETER: - str = "illegal parameter"; - break; - case TLS1_AD_DECRYPTION_FAILED: - str = "decryption failed"; - break; - case TLS1_AD_RECORD_OVERFLOW: - str = "record overflow"; - break; - case TLS1_AD_UNKNOWN_CA: - str = "unknown CA"; - break; - case TLS1_AD_ACCESS_DENIED: - str = "access denied"; - break; - case TLS1_AD_DECODE_ERROR: - str = "decode error"; - break; - case TLS1_AD_DECRYPT_ERROR: - str = "decrypt error"; - break; - case TLS1_AD_EXPORT_RESTRICTION: - str = "export restriction"; - break; - case TLS1_AD_PROTOCOL_VERSION: - str = "protocol version"; - break; - case TLS1_AD_INSUFFICIENT_SECURITY: - str = "insufficient security"; - break; - case TLS1_AD_INTERNAL_ERROR: - str = "internal error"; - break; - case TLS1_AD_USER_CANCELLED: - str = "user canceled"; - break; - case TLS1_AD_NO_RENEGOTIATION: - str = "no renegotiation"; - break; - case TLS1_AD_UNSUPPORTED_EXTENSION: - str = "unsupported extension"; - break; - case TLS1_AD_CERTIFICATE_UNOBTAINABLE: - str = "certificate unobtainable"; - break; - case TLS1_AD_UNRECOGNIZED_NAME: - str = "unrecognized name"; - break; - case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - str = "bad certificate status response"; - break; - case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: - str = "bad certificate hash value"; - break; - case TLS1_AD_UNKNOWN_PSK_IDENTITY: - str = "unknown PSK identity"; - break; - default: - str = "unknown"; - break; - } - - return str; -} - -/** - * @brief get alert type string - */ -const char *SSL_alert_type_string(int value) -{ - const char *str; - - switch (value >> 8) - { - case SSL3_AL_WARNING: - str = "W"; - break; - case SSL3_AL_FATAL: - str = "F"; - break; - default: - str = "U"; - break; - } - - return str; -} - -/** - * @brief get alert type long string - */ -const char *SSL_alert_type_string_long(int value) -{ - const char *str; - - switch (value >> 8) - { - case SSL3_AL_WARNING: - str = "warning"; - break; - case SSL3_AL_FATAL: - str = "fatal"; - break; - default: - str = "unknown"; - break; - } - - return str; -} - -/** - * @brief get the state string where SSL is reading - */ -const char *SSL_rstate_string(SSL *ssl) -{ - const char *str; - - SSL_ASSERT2(ssl); - - switch (ssl->rlayer.rstate) - { - case SSL_ST_READ_HEADER: - str = "RH"; - break; - case SSL_ST_READ_BODY: - str = "RB"; - break; - case SSL_ST_READ_DONE: - str = "RD"; - break; - default: - str = "unknown"; - break; - } - - return str; -} - -/** - * @brief get the statement long string where SSL is reading - */ -const char *SSL_rstate_string_long(SSL *ssl) -{ - const char *str = "unknown"; - - SSL_ASSERT2(ssl); - - switch (ssl->rlayer.rstate) - { - case SSL_ST_READ_HEADER: - str = "read header"; - break; - case SSL_ST_READ_BODY: - str = "read body"; - break; - case SSL_ST_READ_DONE: - str = "read done"; - break; - default: - break; - } - - return str; -} - -/** - * @brief get SSL statement string - */ -const char *SSL_state_string(const SSL *ssl) -{ - const char *str = "UNKWN "; - - SSL_ASSERT2(ssl); - - if (ossl_statem_in_error(ssl)) - str = "SSLERR"; - else - { - switch (SSL_get_state(ssl)) - { - case TLS_ST_BEFORE: - str = "PINIT "; - break; - case TLS_ST_OK: - str = "SSLOK "; - break; - case TLS_ST_CW_CLNT_HELLO: - str = "TWCH"; - break; - case TLS_ST_CR_SRVR_HELLO: - str = "TRSH"; - break; - case TLS_ST_CR_CERT: - str = "TRSC"; - break; - case TLS_ST_CR_KEY_EXCH: - str = "TRSKE"; - break; - case TLS_ST_CR_CERT_REQ: - str = "TRCR"; - break; - case TLS_ST_CR_SRVR_DONE: - str = "TRSD"; - break; - case TLS_ST_CW_CERT: - str = "TWCC"; - break; - case TLS_ST_CW_KEY_EXCH: - str = "TWCKE"; - break; - case TLS_ST_CW_CERT_VRFY: - str = "TWCV"; - break; - case TLS_ST_SW_CHANGE: - case TLS_ST_CW_CHANGE: - str = "TWCCS"; - break; - case TLS_ST_SW_FINISHED: - case TLS_ST_CW_FINISHED: - str = "TWFIN"; - break; - case TLS_ST_SR_CHANGE: - case TLS_ST_CR_CHANGE: - str = "TRCCS"; - break; - case TLS_ST_SR_FINISHED: - case TLS_ST_CR_FINISHED: - str = "TRFIN"; - break; - case TLS_ST_SW_HELLO_REQ: - str = "TWHR"; - break; - case TLS_ST_SR_CLNT_HELLO: - str = "TRCH"; - break; - case TLS_ST_SW_SRVR_HELLO: - str = "TWSH"; - break; - case TLS_ST_SW_CERT: - str = "TWSC"; - break; - case TLS_ST_SW_KEY_EXCH: - str = "TWSKE"; - break; - case TLS_ST_SW_CERT_REQ: - str = "TWCR"; - break; - case TLS_ST_SW_SRVR_DONE: - str = "TWSD"; - break; - case TLS_ST_SR_CERT: - str = "TRCC"; - break; - case TLS_ST_SR_KEY_EXCH: - str = "TRCKE"; - break; - case TLS_ST_SR_CERT_VRFY: - str = "TRCV"; - break; - case DTLS_ST_CR_HELLO_VERIFY_REQUEST: - str = "DRCHV"; - break; - case DTLS_ST_SW_HELLO_VERIFY_REQUEST: - str = "DWCHV"; - break; - default: - break; - } - } - - return str; -} - -/** - * @brief get SSL statement long string - */ -const char *SSL_state_string_long(const SSL *ssl) -{ - const char *str = "UNKWN "; - - SSL_ASSERT2(ssl); - - if (ossl_statem_in_error(ssl)) - str = "SSLERR"; - else - { - switch (SSL_get_state(ssl)) - { - case TLS_ST_BEFORE: - str = "before SSL initialization"; - break; - case TLS_ST_OK: - str = "SSL negotiation finished successfully"; - break; - case TLS_ST_CW_CLNT_HELLO: - str = "SSLv3/TLS write client hello"; - break; - case TLS_ST_CR_SRVR_HELLO: - str = "SSLv3/TLS read server hello"; - break; - case TLS_ST_CR_CERT: - str = "SSLv3/TLS read server certificate"; - break; - case TLS_ST_CR_KEY_EXCH: - str = "SSLv3/TLS read server key exchange"; - break; - case TLS_ST_CR_CERT_REQ: - str = "SSLv3/TLS read server certificate request"; - break; - case TLS_ST_CR_SESSION_TICKET: - str = "SSLv3/TLS read server session ticket"; - break; - case TLS_ST_CR_SRVR_DONE: - str = "SSLv3/TLS read server done"; - break; - case TLS_ST_CW_CERT: - str = "SSLv3/TLS write client certificate"; - break; - case TLS_ST_CW_KEY_EXCH: - str = "SSLv3/TLS write client key exchange"; - break; - case TLS_ST_CW_CERT_VRFY: - str = "SSLv3/TLS write certificate verify"; - break; - case TLS_ST_CW_CHANGE: - case TLS_ST_SW_CHANGE: - str = "SSLv3/TLS write change cipher spec"; - break; - case TLS_ST_CW_FINISHED: - case TLS_ST_SW_FINISHED: - str = "SSLv3/TLS write finished"; - break; - case TLS_ST_CR_CHANGE: - case TLS_ST_SR_CHANGE: - str = "SSLv3/TLS read change cipher spec"; - break; - case TLS_ST_CR_FINISHED: - case TLS_ST_SR_FINISHED: - str = "SSLv3/TLS read finished"; - break; - case TLS_ST_SR_CLNT_HELLO: - str = "SSLv3/TLS read client hello"; - break; - case TLS_ST_SW_HELLO_REQ: - str = "SSLv3/TLS write hello request"; - break; - case TLS_ST_SW_SRVR_HELLO: - str = "SSLv3/TLS write server hello"; - break; - case TLS_ST_SW_CERT: - str = "SSLv3/TLS write certificate"; - break; - case TLS_ST_SW_KEY_EXCH: - str = "SSLv3/TLS write key exchange"; - break; - case TLS_ST_SW_CERT_REQ: - str = "SSLv3/TLS write certificate request"; - break; - case TLS_ST_SW_SESSION_TICKET: - str = "SSLv3/TLS write session ticket"; - break; - case TLS_ST_SW_SRVR_DONE: - str = "SSLv3/TLS write server done"; - break; - case TLS_ST_SR_CERT: - str = "SSLv3/TLS read client certificate"; - break; - case TLS_ST_SR_KEY_EXCH: - str = "SSLv3/TLS read client key exchange"; - break; - case TLS_ST_SR_CERT_VRFY: - str = "SSLv3/TLS read certificate verify"; - break; - case DTLS_ST_CR_HELLO_VERIFY_REQUEST: - str = "DTLS1 read hello verify request"; - break; - case DTLS_ST_SW_HELLO_VERIFY_REQUEST: - str = "DTLS1 write hello verify request"; - break; - default: - break; - } - } - - return str; -} - -/** - * @brief set the SSL context read buffer length - */ -void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len) -{ - SSL_ASSERT3(ctx); - - ctx->read_buffer_len = len; -} - -/** - * @brief set the SSL read buffer length - */ -void SSL_set_default_read_buffer_len(SSL *ssl, size_t len) -{ - SSL_ASSERT3(ssl); - SSL_ASSERT3(len); - - SSL_METHOD_CALL(set_bufflen, ssl, len); -} - -/** - * @brief set the SSL information callback function - */ -void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)) -{ - SSL_ASSERT3(ssl); - - ssl->info_callback = cb; -} - -/** - * @brief add SSL context reference count by '1' - */ -int SSL_CTX_up_ref(SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - /** - * no support multi-thread SSL here - */ - ctx->references++; - - return 1; -} - -/** - * @brief set the SSL security level - */ -void SSL_set_security_level(SSL *ssl, int level) -{ - SSL_ASSERT3(ssl); - - ssl->cert->sec_level = level; -} - -/** - * @brief get the SSL security level - */ -int SSL_get_security_level(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->cert->sec_level; -} - -/** - * @brief get the SSL verifying mode of the SSL context - */ -int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - return ctx->verify_mode; -} - -/** - * @brief set the session timeout time - */ -long SSL_CTX_set_timeout(SSL_CTX *ctx, long t) -{ - long l; - - SSL_ASSERT1(ctx); - - l = ctx->session_timeout; - ctx->session_timeout = t; - - return l; -} - -/** - * @brief get the session timeout time - */ -long SSL_CTX_get_timeout(const SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - return ctx->session_timeout; -} - -/** - * @brief set the SSL if we can read as many as data - */ -void SSL_set_read_ahead(SSL *ssl, int yes) -{ - SSL_ASSERT3(ssl); - - ssl->rlayer.read_ahead = yes; -} - -/** - * @brief set the SSL context if we can read as many as data - */ -void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) -{ - SSL_ASSERT3(ctx); - - ctx->read_ahead = yes; -} - -/** - * @brief get the SSL ahead signal if we can read as many as data - */ -int SSL_get_read_ahead(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->rlayer.read_ahead; -} - -/** - * @brief get the SSL context ahead signal if we can read as many as data - */ -long SSL_CTX_get_read_ahead(SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - return ctx->read_ahead; -} - -/** - * @brief check if the SSL context can read as many as data - */ -long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - return ctx->read_ahead; -} - -char *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx) -{ - SSL_ASSERT2(ctx); - - return NULL; -} - -int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg) -{ - SSL_ASSERT1(ctx); - - return 0; -} - -void *SSL_get_app_data(SSL *ssl) -{ - SSL_ASSERT2(ssl); - - return NULL; -} - -void SSL_set_app_data(SSL *ssl, void *arg) -{ - SSL_ASSERT3(ssl); -} - -void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) -{ - SSL_ASSERT3(ssl); - - ssl->bio = rbio; -} - -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) -{ - SSL_ASSERT1(1) - - return -1; -} - -/** - * @brief set SSL session time - */ -long SSL_set_time(SSL *ssl, long t) -{ - SSL_ASSERT1(ssl); - - ssl->session->time = t; - - return t; -} - -/** - * @brief set SSL session timeout time - */ -long SSL_set_timeout(SSL *ssl, long t) -{ - SSL_ASSERT1(ssl); - - ssl->session->timeout = t; - - return t; -} - -/** - * @brief get the verifying result of the SSL certification - */ -long SSL_get_verify_result(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return SSL_METHOD_CALL(get_verify_result, ssl); -} - -/** - * @brief get the SSL verifying depth of the SSL context - */ -int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - return ctx->param.depth; -} - -/** - * @brief set the SSL verify depth of the SSL context - */ -void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) -{ - SSL_ASSERT3(ctx); - - ctx->param.depth = depth; -} - -/** - * @brief get the SSL verifying depth of the SSL - */ -int SSL_get_verify_depth(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->param.depth; -} - -/** - * @brief set the SSL verify depth of the SSL - */ -void SSL_set_verify_depth(SSL *ssl, int depth) -{ - SSL_ASSERT3(ssl); - - ssl->param.depth = depth; -} - -#define ESP_OPENSSL_VERIFYCB_IS_SUPPORTED 0 -/** - * @brief set the SSL context verifying of the SSL context - */ -void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *)) -{ - SSL_ASSERT3(ctx); - if (verify_callback) { - SSL_ASSERT3(ESP_OPENSSL_VERIFYCB_IS_SUPPORTED); - } - - ctx->verify_mode = mode; - ctx->default_verify_callback = verify_callback; -} - -/** - * @brief set the SSL verifying of the SSL context - */ -void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *)) -{ - SSL_ASSERT3(ssl); - if (verify_callback) { - SSL_ASSERT3(ESP_OPENSSL_VERIFYCB_IS_SUPPORTED); - } - - ssl->verify_mode = mode; - ssl->verify_callback = verify_callback; -} - -/** - * @brief get the SSL verify callback from the context - */ -openssl_verify_callback SSL_CTX_get_verify_callback(const SSL_CTX *ctx) -{ - SSL_ASSERT2(ctx); - - return ctx->default_verify_callback; -} - -/** - * @brief get the SSL verify callback from ssl pointer - */ -openssl_verify_callback SSL_get_verify_callback(const SSL *ssl) -{ - SSL_ASSERT2(ssl); - - return ssl->verify_callback; -} - -/** - * @brief set the ALPN protocols in the preferred order. SSL APIs require the - * protocols in a format. mbedtls doesn't need - * that though. We sanitize that here itself. So convert from: - * "\x02h2\x06spdy/1" to { {"h2"}, {"spdy/1}, {NULL}} - */ -int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned protos_len) -{ - ctx->ssl_alpn.alpn_string = ssl_mem_zalloc(protos_len + 1); - if (! ctx->ssl_alpn.alpn_string) { - return 1; - } - ctx->ssl_alpn.alpn_status = ALPN_ENABLE; - memcpy(ctx->ssl_alpn.alpn_string, protos, protos_len); - - char *ptr = ctx->ssl_alpn.alpn_string; - int i; - /* Only running to 1 less than the actual size */ - for (i = 0; i < ALPN_LIST_MAX - 1; i++) { - char len = *ptr; - *ptr = '\0'; // Overwrite the length to act as previous element's string terminator - ptr++; - protos_len--; - ctx->ssl_alpn.alpn_list[i] = ptr; - ptr += len; - protos_len -= len; - if (! protos_len) { - i++; - break; - } - } - ctx->ssl_alpn.alpn_list[i] = NULL; - return 0; -} - -/** - * @brief Set the mode, but might assert if the related mode is not supported once session starts - */ -uint32_t SSL_set_mode(SSL *ssl, uint32_t mode) -{ - ssl->mode |= mode; - return ssl->mode; -} diff --git a/components/openssl/library/ssl_methods.c b/components/openssl/library/ssl_methods.c deleted file mode 100644 index 2eaf90e4db..0000000000 --- a/components/openssl/library/ssl_methods.c +++ /dev/null @@ -1,111 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_methods.h" -#include "ssl_pm.h" - -/** - * TLS method function collection - */ -IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, - ssl_pm_new, ssl_pm_free, - ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear, - ssl_pm_read, ssl_pm_send, ssl_pm_pending, - ssl_pm_set_fd, ssl_pm_set_hostname, ssl_pm_get_fd, - ssl_pm_set_bufflen, - ssl_pm_get_verify_result, - ssl_pm_get_state); - -/** - * TLS or SSL client method collection - */ -IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method); - -IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method); - -IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 0, TLS_method_func, TLSv1_1_client_method); - -IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method); - -IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method); - -/** - * TLS or SSL server method collection - */ -IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method); - -IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method); - -IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 1, TLS_method_func, TLSv1_2_server_method); - -IMPLEMENT_TLS_METHOD(TLS1_VERSION, 1, TLS_method_func, TLSv1_server_method); - -IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method); - -/** - * TLS or SSL method collection - */ -IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method); - -IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method); - -IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method); - -IMPLEMENT_TLS_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method); - -IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method); - -/** - * @brief get X509 object method - */ -IMPLEMENT_X509_METHOD(X509_method, - x509_pm_new, x509_pm_free, - x509_pm_load, x509_pm_show_info); - -/** - * @brief get private key object method - */ -IMPLEMENT_PKEY_METHOD(EVP_PKEY_method, - pkey_pm_new, pkey_pm_free, - pkey_pm_load); - -/** - * @brief Generic SSL/TLS methods - */ -const SSL_METHOD *SSLv23_method(void) -{ - return TLS_method(); -} - -const SSL_METHOD *SSLv23_server_method(void) -{ - return TLS_server_method(); -} - -const SSL_METHOD *SSLv23_client_method(void) -{ - return TLS_client_method(); -} - -int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version) -{ - ctx->min_version = version; - return 1; -} - -int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version) -{ - ctx->max_version = version; - return 1; -} diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c deleted file mode 100644 index 3a65293786..0000000000 --- a/components/openssl/library/ssl_pkey.c +++ /dev/null @@ -1,311 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_pkey.h" -#include "ssl_methods.h" -#include "ssl_dbg.h" -#include "ssl_port.h" -#include "openssl/bio.h" - -/** - * @brief create a private key object according to input private key - */ -EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk) -{ - int ret; - EVP_PKEY *pkey; - - pkey = ssl_mem_zalloc(sizeof(EVP_PKEY)); - if (!pkey) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "no enough memory > (pkey)"); - goto no_mem; - } - - pkey->ref_counter = 1; - - if (ipk) { - pkey->method = ipk->method; - } else { - pkey->method = EVP_PKEY_method(); - } - - ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk); - if (ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(new) return %d", ret); - goto failed; - } - - return pkey; - -failed: - ssl_mem_free(pkey); -no_mem: - return NULL; -} - -/** - * @brief create a private key object - */ -EVP_PKEY* EVP_PKEY_new(void) -{ - return __EVP_PKEY_new(NULL); -} - -/** - * @brief free a private key object - */ -void EVP_PKEY_free(EVP_PKEY *pkey) -{ - SSL_ASSERT3(pkey); - - if (--pkey->ref_counter > 0) { - return; - } - - EVP_PKEY_METHOD_CALL(free, pkey); - - ssl_mem_free(pkey); -} - -/** - * @brief load a character key context into system context. If '*a' is pointed to the - * private key, then load key into it. Or create a new private key object - */ -EVP_PKEY *d2i_PrivateKey(int type, - EVP_PKEY **a, - const unsigned char **pp, - long length) -{ - int m = 0; - int ret; - EVP_PKEY *pkey; - - SSL_ASSERT2(pp); - SSL_ASSERT2(*pp); - SSL_ASSERT2(length); - - if (a && *a) { - pkey = *a; - } else { - pkey = EVP_PKEY_new();; - if (!pkey) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL"); - goto failed1; - } - - m = 1; - } - - ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length); - if (ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret); - goto failed2; - } - - if (a) - *a = pkey; - - return pkey; - -failed2: - if (m) - EVP_PKEY_free(pkey); -failed1: - return NULL; -} - -EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) -{ - return d2i_PrivateKey(0, a, (const unsigned char **)&bp->data, bp->dlen); -} - -RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **a) -{ - return d2i_PrivateKey_bio(bp, (EVP_PKEY**)a); -} - -RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, pem_password_cb *cb, void *u) -{ - return PEM_read_bio_PrivateKey(bp, (EVP_PKEY**)x, cb, u); -} - -EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **pk, pem_password_cb *cb, void *u) -{ - - int m = 0; - int ret; - EVP_PKEY *x; - - SSL_ASSERT2(BIO_method_type(bp) & BIO_TYPE_MEM); - if (bp->data == NULL || bp->dlen == 0) { - return NULL; - } - if (pk && *pk) { - x = *pk; - } else { - x = EVP_PKEY_new(); - if (!x) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL"); - goto failed; - } - m = 1; - } - - ret = EVP_PKEY_METHOD_CALL(load, x, bp->data, bp->dlen); - if (ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret); - goto failed; - } - - // If buffer successfully created a EVP_PKEY from the bio, mark the buffer as consumed - bp->data = NULL; - bp->dlen = 0; - return x; - - failed: - if (m) { - EVP_PKEY_free(x); - } - - return NULL;} -/** - * @brief set the SSL context private key - */ -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) -{ - SSL_ASSERT1(ctx); - SSL_ASSERT1(pkey); - - if (ctx->cert->pkey == pkey) - return 1; - - if (ctx->cert->pkey) - EVP_PKEY_free(ctx->cert->pkey); - - pkey->ref_counter++; - ctx->cert->pkey = pkey; - - return 1; -} - -/** - * @brief set the SSL private key - */ -int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) -{ - SSL_ASSERT1(ssl); - SSL_ASSERT1(pkey); - - if (ssl->cert->pkey == pkey) - return 1; - - if (ssl->cert->pkey) - EVP_PKEY_free(ssl->cert->pkey); - - ssl->cert->pkey = pkey; - - return 1; -} - -/** - * @brief load private key into the SSL context - */ -int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, - const unsigned char *d, long len) -{ - int ret; - EVP_PKEY *pk; - - pk = d2i_PrivateKey(0, NULL, &d, len); - if (!pk) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL"); - goto failed1; - } - - ret = SSL_CTX_use_PrivateKey(ctx, pk); - if (!ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_PrivateKey() return %d", ret); - goto failed2; - } - - return 1; - -failed2: - EVP_PKEY_free(pk); -failed1: - return 0; -} - -/** - * @brief load private key into the SSL - */ -int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, - const unsigned char *d, long len) -{ - int ret; - EVP_PKEY *pk; - - pk = d2i_PrivateKey(0, NULL, &d, len); - if (!pk) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL"); - goto failed1; - } - - ret = SSL_use_PrivateKey(ssl, pk); - if (!ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_PrivateKey() return %d", ret); - goto failed2; - } - - return 1; - -failed2: - EVP_PKEY_free(pk); -failed1: - return 0; -} - -#define ESP_OPENSSL_FILES_IS_SUPPORTED 0 -/** - * @brief load the private key file into SSL context - */ -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) -{ - // Using file name as private key is discouraged - SSL_ASSERT1(ESP_OPENSSL_FILES_IS_SUPPORTED); - return -1; -} - -/** - * @brief load the private key file into SSL - */ -int SSL_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) -{ - // Using file name as private key is discouraged - SSL_ASSERT1(ESP_OPENSSL_FILES_IS_SUPPORTED); - return -1; -} - -/** - * @brief load the RSA ASN1 private key into SSL context - */ -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) -{ - return SSL_CTX_use_PrivateKey_ASN1(0, ctx, d, len); -} - -void RSA_free (RSA *r) -{ - EVP_PKEY_free(r); -} diff --git a/components/openssl/library/ssl_stack.c b/components/openssl/library/ssl_stack.c deleted file mode 100644 index 4f80a871c7..0000000000 --- a/components/openssl/library/ssl_stack.c +++ /dev/null @@ -1,97 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_stack.h" -#include "ssl_dbg.h" -#include "ssl_port.h" - -#ifndef CONFIG_MIN_NODES - #define MIN_NODES 4 -#else - #define MIN_NODES CONFIG_MIN_NODES -#endif - -/** - * @brief create a openssl stack object - */ -typedef struct stack_st_tag { - size_t num; - void **data; -} _STACK; - - -GENERAL_NAME *sk_GENERAL_NAME_value(const struct stack_st_GENERAL_NAME *sk, size_t i) -{ - if (!sk || i >= ((_STACK*)sk)->num) { - return NULL; - } - return ((_STACK*)sk)->data[i]; -} - - -size_t sk_GENERAL_NAME_num(const struct stack_st_GENERAL_NAME *sk) -{ - if (sk == NULL) { - return 0; - } - return ((_STACK*)sk)->num; -} - -OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c) -{ - OPENSSL_STACK *stack; - char **data; - - stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK)); - if (!stack) { - SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (stack)"); - goto no_mem1; - } - - data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES); - if (!data) { - SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (data)"); - goto no_mem2; - } - - stack->data = data; - stack->num_alloc = MIN_NODES; - stack->c = c; - - return stack; - -no_mem2: - ssl_mem_free(stack); -no_mem1: - return NULL; -} - -/** - * @brief create a NULL function openssl stack object - */ -OPENSSL_STACK *OPENSSL_sk_new_null(void) -{ - return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL); -} - -/** - * @brief free openssl stack object - */ -void OPENSSL_sk_free(OPENSSL_STACK *stack) -{ - SSL_ASSERT3(stack); - - ssl_mem_free(stack->data); - ssl_mem_free(stack); -} diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c deleted file mode 100644 index 150f2a1978..0000000000 --- a/components/openssl/library/ssl_x509.c +++ /dev/null @@ -1,401 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD - * - * SPDX-License-Identifier: Apache-2.0 - */ - -#include "ssl_x509.h" -#include "ssl_methods.h" -#include "ssl_dbg.h" -#include "ssl_port.h" -#include "bio.h" - -/** - * @brief show X509 certification information - */ -int __X509_show_info(X509 *x) -{ - return X509_METHOD_CALL(show_info, x); -} - -/** - * @brief create a X509 certification object according to input X509 certification - */ -X509* __X509_new(X509 *ix) -{ - int ret; - X509 *x; - - x = ssl_mem_zalloc(sizeof(X509)); - if (!x) { - SSL_DEBUG(SSL_X509_ERROR_LEVEL, "no enough memory > (x)"); - goto no_mem; - } - - x->ref_counter = 1; - - if (ix && ix->method) - x->method = ix->method; - else - x->method = X509_method(); - - ret = X509_METHOD_CALL(new, x, ix); - if (ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(new) return %d", ret); - goto failed; - } - - return x; - -failed: - ssl_mem_free(x); -no_mem: - return NULL; -} - -/** - * @brief create a X509 certification object - */ -X509* X509_new(void) -{ - return __X509_new(NULL); -} - -/** - * @brief free a X509 certification object - */ -void X509_free(X509 *x) -{ - SSL_ASSERT3(x); - - if (--x->ref_counter > 0) { - return; - } - - X509_METHOD_CALL(free, x); - - ssl_mem_free(x); -}; - -/** - * @brief load a character certification context into system context. If '*cert' is pointed to the - * certification, then load certification into it. Or create a new X509 certification object - */ -X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) -{ - int m = 0; - int ret; - X509 *x; - - SSL_ASSERT2(buffer); - SSL_ASSERT2(len); - - if (cert && *cert) { - x = *cert; - } else { - x = X509_new(); - if (!x) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL"); - goto failed1; - } - m = 1; - } - - ret = X509_METHOD_CALL(load, x, buffer, len); - if (ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret); - goto failed2; - } - - return x; - -failed2: - if (m) - X509_free(x); -failed1: - return NULL; -} - -/** - * @brief return SSL X509 verify parameters - */ - -X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) -{ - return &ssl->param; -} - -/** - * @brief set X509 host verification flags - */ - -int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, - unsigned long flags) -{ - /* flags not supported yet */ - return 0; -} - -/** - * @brief clear X509 host verification flags - */ - -int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param, - unsigned long flags) -{ - /* flags not supported yet */ - return 0; -} - -/** - * @brief set SSL context client CA certification - */ -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) -{ - SSL_ASSERT1(ctx); - SSL_ASSERT1(x); - - if (ctx->client_CA == x) - return 1; - - X509_free(ctx->client_CA); - - ctx->client_CA = x; - - return 1; -} - -/** - * @brief add CA client certification into the SSL - */ -int SSL_add_client_CA(SSL *ssl, X509 *x) -{ - SSL_ASSERT1(ssl); - SSL_ASSERT1(x); - - if (ssl->client_CA == x) - return 1; - - X509_free(ssl->client_CA); - - ssl->client_CA = x; - - return 1; -} - -/** - * @brief set the SSL context certification - */ -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) -{ - SSL_ASSERT1(ctx); - SSL_ASSERT1(x); - - if (ctx->cert->x509 == x) - return 1; - - X509_free(ctx->cert->x509); - - ctx->cert->x509 = x; - x->ref_counter++; - - return 1; -} - -/** - * @brief set the SSL certification - */ -int SSL_use_certificate(SSL *ssl, X509 *x) -{ - SSL_ASSERT1(ssl); - SSL_ASSERT1(x); - - if (ssl->cert->x509 == x) - return 1; - - X509_free(ssl->cert->x509); - - ssl->cert->x509 = x; - - return 1; -} - -long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x) -{ - return SSL_CTX_use_certificate(ctx, x); -} - -/** - * @brief get the SSL certification point - */ -X509 *SSL_get_certificate(const SSL *ssl) -{ - SSL_ASSERT2(ssl); - - return ssl->cert->x509; -} - -/** - * @brief load certification into the SSL context - */ -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, - const unsigned char *d) -{ - int ret; - X509 *x; - - x = d2i_X509(NULL, d, len); - if (!x) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL"); - goto failed1; - } - - ret = SSL_CTX_use_certificate(ctx, x); // This uses the "x" so increments ref_count - if (!ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_certificate() return %d", ret); - goto failed2; - } - - X509_free(x); // decrements ref_count, so in case of happy flow doesn't free the "x" - return 1; - -failed2: - X509_free(x); -failed1: - return 0; -} - -/** - * @brief load certification into the SSL - */ -int SSL_use_certificate_ASN1(SSL *ssl, int len, - const unsigned char *d) -{ - int ret; - X509 *x; - - x = d2i_X509(NULL, d, len); - if (!x) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL"); - goto failed1; - } - - ret = SSL_use_certificate(ssl, x); - if (!ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_certificate() return %d", ret); - goto failed2; - } - - return 1; - -failed2: - X509_free(x); -failed1: - return 0; -} - -/** - * @brief load the certification file into SSL context - */ -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) -{ - return 0; -} - -/** - * @brief load the certification file into SSL - */ -int SSL_use_certificate_file(SSL *ssl, const char *file, int type) -{ - return 0; -} - -/** - * @brief get peer certification - */ -X509 *SSL_get_peer_certificate(const SSL *ssl) -{ - SSL_ASSERT2(ssl); - - return ssl->session->peer; -} - -/** - * @brief set SSL context client CA certification - */ -int X509_STORE_add_cert(X509_STORE *store, X509 *x) { - - x->ref_counter++; - - SSL_CTX *ctx = (SSL_CTX *)store; - SSL_ASSERT1(ctx); - SSL_ASSERT1(x); - - if (ctx->client_CA == x) { - return 1; - } - - if (ctx->client_CA!=NULL) { - X509_free(ctx->client_CA); - } - - ctx->client_CA = x; - return 1; -} - -/** - * @brief load a character certification context into system context. - * - * If '*cert' is pointed to the certification, then load certification - * into it, or create a new X509 certification object. - */ -X509 * PEM_read_bio_X509(BIO *bp, X509 **cert, pem_password_cb cb, void *u) { - int m = 0; - int ret; - X509 *x; - - SSL_ASSERT2(BIO_method_type(bp) & BIO_TYPE_MEM); - if (bp->data == NULL || bp->dlen == 0) { - return NULL; - } - if (cert && *cert) { - x = *cert; - } else { - x = X509_new(); - if (!x) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL"); - goto failed; - } - m = 1; - } - - ret = X509_METHOD_CALL(load, x, bp->data, bp->dlen); - if (ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret); - goto failed; - } - - // If buffer successfully created a X509 from the bio, mark the buffer as consumed - bp->data = NULL; - bp->dlen = 0; - return x; - -failed: - if (m) { - X509_free(x); - } - - return NULL; -} - -X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **cert, pem_password_cb *cb, void *u) -{ - return PEM_read_bio_X509(bp, cert, cb, u); -} - -/** - * @brief get the SSL context object X509 certification storage - */ -X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) { - return (X509_STORE *)ctx; -} diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c deleted file mode 100644 index 7bb27b89f2..0000000000 --- a/components/openssl/platform/ssl_pm.c +++ /dev/null @@ -1,788 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_pm.h" -#include "ssl_port.h" -#include "ssl_dbg.h" - -/* mbedtls include */ -#include "mbedtls/platform.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/debug.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/error.h" -#include "mbedtls/certs.h" -#include "openssl/bio.h" -#include "openssl/err.h" - -#define X509_INFO_STRING_LENGTH 8192 - -struct ssl_pm -{ - /* local socket file description */ - mbedtls_net_context fd; - /* remote client socket file description */ - mbedtls_net_context cl_fd; - - mbedtls_ssl_config conf; - - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_ssl_context ssl; - - mbedtls_entropy_context entropy; -}; - -struct x509_pm -{ - mbedtls_x509_crt *x509_crt; - - mbedtls_x509_crt *ex_crt; -}; - -struct pkey_pm -{ - mbedtls_pk_context *pkey; - - mbedtls_pk_context *ex_pkey; -}; - -unsigned int max_content_len; - -/*********************************************************************************************/ -/************************************ SSL arch interface *************************************/ - -#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG - -/* mbedtls debug level */ -#define MBEDTLS_DEBUG_LEVEL 4 - -/** - * @brief mbedtls debug function - */ -static void ssl_platform_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - /* Shorten 'file' from the whole file path to just the filename - - This is a bit wasteful because the macros are compiled in with - the full _FILE_ path in each case. - */ - char *file_sep = rindex(file, '/'); - if(file_sep) - file = file_sep + 1; - - SSL_DEBUG(SSL_DEBUG_ON, "%s:%d %s", file, line, str); -} -#endif - -static int mbedtls_bio_send(void *ctx, const unsigned char *buf, size_t len ) -{ - BIO *bio = ctx; - int written = BIO_write(bio, buf, len); - if (written <= 0 && BIO_should_write(bio)) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - return written; -} - -static int mbedtls_bio_recv(void *ctx, unsigned char *buf, size_t len ) -{ - BIO *bio = ctx; - int read = BIO_read(bio, buf, len); - if (read <= 0 && BIO_should_read(bio)) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - return read; -} - -static int ssl_pm_reload_crt(SSL *ssl); - -static int get_mbedtls_minor_ssl_version(int openssl_version_nr) -{ - if (TLS1_2_VERSION == openssl_version_nr) - return MBEDTLS_SSL_MINOR_VERSION_3; - if (TLS1_1_VERSION ==openssl_version_nr) - return MBEDTLS_SSL_MINOR_VERSION_2; - if (TLS1_VERSION == openssl_version_nr) - return MBEDTLS_SSL_MINOR_VERSION_1; - // SSLv3.0 otherwise - return MBEDTLS_SSL_MINOR_VERSION_0; -} -/** - * @brief create SSL low-level object - */ -int ssl_pm_new(SSL *ssl) -{ - struct ssl_pm *ssl_pm; - int ret; - - const unsigned char pers[] = "OpenSSL PM"; - size_t pers_len = sizeof(pers); - - int endpoint; - - const SSL_METHOD *method = ssl->method; - - ssl_pm = ssl_mem_zalloc(sizeof(struct ssl_pm)); - if (!ssl_pm) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (ssl_pm)"); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE); - goto no_mem; - } - - max_content_len = ssl->ctx->read_buffer_len; - - mbedtls_net_init(&ssl_pm->fd); - mbedtls_net_init(&ssl_pm->cl_fd); - - mbedtls_ssl_config_init(&ssl_pm->conf); - mbedtls_ctr_drbg_init(&ssl_pm->ctr_drbg); - mbedtls_entropy_init(&ssl_pm->entropy); - mbedtls_ssl_init(&ssl_pm->ssl); - - ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len); - if (ret) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ctr_drbg_seed() return -0x%x", -ret); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_RAND, ret); - goto mbedtls_err1; - } - - if (method->endpoint) { - endpoint = MBEDTLS_SSL_IS_SERVER; - } else { - endpoint = MBEDTLS_SSL_IS_CLIENT; - } - ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); - if (ret) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_config_defaults() return -0x%x", -ret); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_CONF, ret); - goto mbedtls_err2; - } - - if (TLS_ANY_VERSION != ssl->version) { - int min_version = ssl->ctx->min_version ? ssl->ctx->min_version : ssl->version; - int max_version = ssl->ctx->max_version ? ssl->ctx->max_version : ssl->version; - - mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, get_mbedtls_minor_ssl_version(max_version)); - mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, get_mbedtls_minor_ssl_version(min_version)); - } else { - mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3); - mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0); - } - - if (ssl->ctx->ssl_alpn.alpn_status == ALPN_ENABLE) { -#ifdef MBEDTLS_SSL_ALPN - mbedtls_ssl_conf_alpn_protocols( &ssl_pm->conf, ssl->ctx->ssl_alpn.alpn_list ); -#else - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "CONFIG_MBEDTLS_SSL_ALPN must be enabled to use ALPN", -1); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_FATAL); -#endif // MBEDTLS_SSL_ALPN - } - mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg); - -#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG - mbedtls_debug_set_threshold(MBEDTLS_DEBUG_LEVEL); - mbedtls_ssl_conf_dbg(&ssl_pm->conf, ssl_platform_debug, NULL); -#else - mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL); -#endif - - ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf); - if (ret) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_setup() return -0x%x", -ret); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_CONF, ret); - goto mbedtls_err2; - } - - mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - ssl->ssl_pm = ssl_pm; - ret = ssl_pm_reload_crt(ssl); - if (ret) - return 0; - - return 0; - -mbedtls_err2: - mbedtls_ssl_config_free(&ssl_pm->conf); - mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg); -mbedtls_err1: - mbedtls_entropy_free(&ssl_pm->entropy); - ssl_mem_free(ssl_pm); -no_mem: - return -1; -} - -/** - * @brief free SSL low-level object - */ -void ssl_pm_free(SSL *ssl) -{ - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg); - mbedtls_entropy_free(&ssl_pm->entropy); - mbedtls_ssl_config_free(&ssl_pm->conf); - mbedtls_ssl_free(&ssl_pm->ssl); - - ssl_mem_free(ssl_pm); - ssl->ssl_pm = NULL; -} - -/** - * @brief reload SSL low-level certification object - */ -static int ssl_pm_reload_crt(SSL *ssl) -{ - int ret; - int mode = MBEDTLS_SSL_VERIFY_UNSET; - struct ssl_pm *ssl_pm = ssl->ssl_pm; - struct x509_pm *ca_pm = (struct x509_pm *)ssl->client_CA->x509_pm; - - struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm; - struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm; - -/* OpenSSL verification modes outline (see `man SSL_set_verify` for more details) - * - * | openssl mode | Server | Client | - * | SSL_VERIFY_NONE | will not send a client certificate request | server certificate which will be checked | - * handshake will be continued regardless | - * | SSL_VERIFY_PEER | depends on SSL_VERIFY_FAIL_IF_NO_PEER_CERT | handshake is terminated if verify fails | - * (unless anonymous ciphers--not supported | - * | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | handshake is terminated if | ignored | - * client cert verify fails | | - */ - if (ssl->method->endpoint == MBEDTLS_SSL_IS_SERVER) { - if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) - mode = MBEDTLS_SSL_VERIFY_REQUIRED; - else if (ssl->verify_mode & SSL_VERIFY_PEER) - mode = MBEDTLS_SSL_VERIFY_OPTIONAL; - else if (ssl->verify_mode == SSL_VERIFY_NONE) - mode = MBEDTLS_SSL_VERIFY_NONE; - } else if (ssl->method->endpoint == MBEDTLS_SSL_IS_CLIENT) { - if (ssl->verify_mode & SSL_VERIFY_PEER) - mode = MBEDTLS_SSL_VERIFY_REQUIRED; - else if (ssl->verify_mode == SSL_VERIFY_NONE) - mode = MBEDTLS_SSL_VERIFY_NONE; - } - - mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode); - - if (ca_pm->x509_crt) { - mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL); - } else if (ca_pm->ex_crt) { - mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->ex_crt, NULL); - } - - if (crt_pm->x509_crt && pkey_pm->pkey) { - ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->x509_crt, pkey_pm->pkey); - } else if (crt_pm->ex_crt && pkey_pm->ex_pkey) { - ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->ex_crt, pkey_pm->ex_pkey); - } else { - ret = 0; - } - - if (ret) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_conf_own_cert() return -0x%x", -ret); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_X509, ret); - ret = -1; - } - - return ret; -} - -/* - * Perform the mbedtls SSL handshake instead of mbedtls_ssl_handshake. - * We can add debug here. - */ -static int mbedtls_handshake( mbedtls_ssl_context *ssl ) -{ - int ret = 0; - - while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { - ret = mbedtls_ssl_handshake_step(ssl); - - SSL_DEBUG(SSL_PLATFORM_DEBUG_LEVEL, "ssl ret %d state %d", ret, ssl->state); - - if (ret != 0) - break; - } - - return ret; -} - -int ssl_pm_handshake(SSL *ssl) -{ - int ret; - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - if (ssl->bio) { - // if using BIO, make sure the mode is supported - SSL_ASSERT1(ssl->mode & (SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)); - mbedtls_ssl_set_bio(&ssl_pm->ssl, ssl->bio, mbedtls_bio_send, mbedtls_bio_recv, NULL); - } else { - // defaults to SSL_read/write using a file descriptor -- expects default mode - SSL_ASSERT1(ssl->mode == 0); - } - - ret = ssl_pm_reload_crt(ssl); - if (ret) - return 0; - - ssl_speed_up_enter(); - - while((ret = mbedtls_handshake(&ssl_pm->ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - // exit handshake in case of any other error - break; - } else if (ssl->bio) { - // exit even if wanted read/write if BIO used - if (ret == MBEDTLS_ERR_SSL_WANT_READ) { - ssl->rwstate = SSL_READING; - } else if (ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - ssl->rwstate = SSL_WRITING; - } - return ret; - } - } - - ssl_speed_up_exit(); - ssl->rwstate = SSL_NOTHING; - if (ret) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_handshake() return -0x%x", -ret); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret); - ret = 0; - } else { - struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm; - - x509_pm->ex_crt = (mbedtls_x509_crt *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl); - ret = 1; - } - - return ret; -} - -int ssl_pm_shutdown(SSL *ssl) -{ - int ret; - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - ret = mbedtls_ssl_close_notify(&ssl_pm->ssl); - if (ret) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_close_notify() return -0x%x", -ret); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret); - ret = -1; - } else { - struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm; - - x509_pm->ex_crt = NULL; - } - - return ret; -} - -int ssl_pm_clear(SSL *ssl) -{ - return ssl_pm_shutdown(ssl); -} - - -int ssl_pm_read(SSL *ssl, void *buffer, int len) -{ - int ret; - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - ret = mbedtls_ssl_read(&ssl_pm->ssl, buffer, len); - if (ret < 0) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_read() return -0x%x", -ret); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret); - ret = -1; - } - - return ret; -} - -int ssl_pm_send(SSL *ssl, const void *buffer, int len) -{ - int ret; - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - ret = mbedtls_ssl_write(&ssl_pm->ssl, buffer, len); - if (ret < 0) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_write() return -0x%x", -ret); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret); - ret = -1; - } - - return ret; -} - -int ssl_pm_pending(const SSL *ssl) -{ - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - return mbedtls_ssl_get_bytes_avail(&ssl_pm->ssl); -} - -void ssl_pm_set_fd(SSL *ssl, int fd, int mode) -{ - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - ssl_pm->fd.fd = fd; -} - -void ssl_pm_set_hostname(SSL *ssl, const char *hostname) -{ - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - mbedtls_ssl_set_hostname(&ssl_pm->ssl, hostname); -} - -int ssl_pm_get_fd(const SSL *ssl, int mode) -{ - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - return ssl_pm->fd.fd; -} - -OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl) -{ - OSSL_HANDSHAKE_STATE state; - - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - switch (ssl_pm->ssl.state) - { - case MBEDTLS_SSL_CLIENT_HELLO: - state = TLS_ST_CW_CLNT_HELLO; - break; - case MBEDTLS_SSL_SERVER_HELLO: - state = TLS_ST_SW_SRVR_HELLO; - break; - case MBEDTLS_SSL_SERVER_CERTIFICATE: - state = TLS_ST_SW_CERT; - break; - case MBEDTLS_SSL_SERVER_HELLO_DONE: - state = TLS_ST_SW_SRVR_DONE; - break; - case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: - state = TLS_ST_CW_KEY_EXCH; - break; - case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: - state = TLS_ST_CW_CHANGE; - break; - case MBEDTLS_SSL_CLIENT_FINISHED: - state = TLS_ST_CW_FINISHED; - break; - case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: - state = TLS_ST_SW_CHANGE; - break; - case MBEDTLS_SSL_SERVER_FINISHED: - state = TLS_ST_SW_FINISHED; - break; - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - state = TLS_ST_CW_CERT; - break; - case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: - state = TLS_ST_SR_KEY_EXCH; - break; - case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: - state = TLS_ST_SW_SESSION_TICKET; - break; - case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: - state = TLS_ST_SW_CERT_REQ; - break; - case MBEDTLS_SSL_HANDSHAKE_OVER: - state = TLS_ST_OK; - break; - default : - state = TLS_ST_BEFORE; - break; - } - - return state; -} - -int x509_pm_show_info(X509 *x) -{ - int ret; - char *buf; - mbedtls_x509_crt *x509_crt; - struct x509_pm *x509_pm = x->x509_pm; - - if (x509_pm->x509_crt) - x509_crt = x509_pm->x509_crt; - else if (x509_pm->ex_crt) - x509_crt = x509_pm->ex_crt; - else - x509_crt = NULL; - - if (!x509_crt) - return -1; - - buf = ssl_mem_malloc(X509_INFO_STRING_LENGTH); - if (!buf) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (buf)"); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE); - goto no_mem; - } - - ret = mbedtls_x509_crt_info(buf, X509_INFO_STRING_LENGTH - 1, "", x509_crt); - if (ret <= 0) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_info() return -0x%x", -ret); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_X509, ret); - goto mbedtls_err1; - } - - buf[ret] = 0; - - ssl_mem_free(buf); - - SSL_DEBUG(SSL_DEBUG_ON, "%s", buf); - - return 0; - -mbedtls_err1: - ssl_mem_free(buf); -no_mem: - return -1; -} - -int x509_pm_new(X509 *x, X509 *m_x) -{ - struct x509_pm *x509_pm; - - x509_pm = ssl_mem_zalloc(sizeof(struct x509_pm)); - if (!x509_pm) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm)"); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE); - goto failed1; - } - - x->x509_pm = x509_pm; - - if (m_x) { - struct x509_pm *m_x509_pm = (struct x509_pm *)m_x->x509_pm; - - x509_pm->ex_crt = m_x509_pm->x509_crt; - } - - return 0; - -failed1: - return -1; -} - -void x509_pm_free(X509 *x) -{ - struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; - - if (x509_pm->x509_crt) { - mbedtls_x509_crt_free(x509_pm->x509_crt); - - ssl_mem_free(x509_pm->x509_crt); - x509_pm->x509_crt = NULL; - } - - ssl_mem_free(x->x509_pm); - x->x509_pm = NULL; -} - -int x509_pm_load(X509 *x, const unsigned char *buffer, int len) -{ - int ret; - unsigned char *load_buf; - struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; - - if (x509_pm->x509_crt) - mbedtls_x509_crt_free(x509_pm->x509_crt); - - if (!x509_pm->x509_crt) { - x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt)); - if (!x509_pm->x509_crt) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm->x509_crt)"); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE); - goto no_mem; - } - } - - load_buf = ssl_mem_malloc(len + 1); - if (!load_buf) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)"); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE); - goto failed; - } - - ssl_memcpy(load_buf, buffer, len); - load_buf[len] = '\0'; - - mbedtls_x509_crt_init(x509_pm->x509_crt); - - ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1); - ssl_mem_free(load_buf); - - if (ret) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_parse return -0x%x", -ret); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_X509, ret); - goto failed; - } - - return 0; - -failed: - mbedtls_x509_crt_free(x509_pm->x509_crt); - ssl_mem_free(x509_pm->x509_crt); - x509_pm->x509_crt = NULL; -no_mem: - return -1; -} - -int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey) -{ - struct pkey_pm *pkey_pm; - - pkey_pm = ssl_mem_zalloc(sizeof(struct pkey_pm)); - if (!pkey_pm) - return -1; - - pk->pkey_pm = pkey_pm; - - if (m_pkey) { - struct pkey_pm *m_pkey_pm = (struct pkey_pm *)m_pkey->pkey_pm; - - pkey_pm->ex_pkey = m_pkey_pm->pkey; - } - - return 0; -} - -void pkey_pm_free(EVP_PKEY *pk) -{ - struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm; - - if (pkey_pm->pkey) { - mbedtls_pk_free(pkey_pm->pkey); - - ssl_mem_free(pkey_pm->pkey); - pkey_pm->pkey = NULL; - } - - ssl_mem_free(pk->pkey_pm); - pk->pkey_pm = NULL; -} - -int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) -{ - int ret; - unsigned char *load_buf; - struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm; - - if (pkey_pm->pkey) - mbedtls_pk_free(pkey_pm->pkey); - - if (!pkey_pm->pkey) { - pkey_pm->pkey = ssl_mem_malloc(sizeof(mbedtls_pk_context)); - if (!pkey_pm->pkey) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (pkey_pm->pkey)"); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE); - goto no_mem; - } - } - - load_buf = ssl_mem_malloc(len + 1); - if (!load_buf) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)"); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE); - goto failed; - } - - ssl_memcpy(load_buf, buffer, len); - load_buf[len] = '\0'; - - mbedtls_pk_init(pkey_pm->pkey); - - ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len + 1, NULL, 0); - ssl_mem_free(load_buf); - - if (ret) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_pk_parse_key return -0x%x", -ret); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_PKCS8, ret); - goto failed; - } - - return 0; - -failed: - mbedtls_pk_free(pkey_pm->pkey); - ssl_mem_free(pkey_pm->pkey); - pkey_pm->pkey = NULL; -no_mem: - return -1; -} - - - -void ssl_pm_set_bufflen(SSL *ssl, int len) -{ - max_content_len = len; -} - -long ssl_pm_get_verify_result(const SSL *ssl) -{ - uint32_t ret; - long verify_result; - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - ret = mbedtls_ssl_get_verify_result(&ssl_pm->ssl); - if (ret) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_get_verify_result() return 0x%x", ret); - OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret); - verify_result = X509_V_ERR_UNSPECIFIED; - } else - verify_result = X509_V_OK; - - return verify_result; -} - -/** - * @brief set expected hostname on peer cert CN - */ -int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen) -{ - SSL *ssl = (SSL *)((char *)param - offsetof(SSL, param)); - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - char *name_cstr = NULL; - - if (namelen) { - name_cstr = malloc(namelen + 1); - if (!name_cstr) { - return 0; - } - memcpy(name_cstr, name, namelen); - name_cstr[namelen] = '\0'; - name = name_cstr; - } - - mbedtls_ssl_set_hostname(&ssl_pm->ssl, name); - - if (namelen) { - free(name_cstr); - } - - return 1; -} diff --git a/components/openssl/platform/ssl_port.c b/components/openssl/platform/ssl_port.c deleted file mode 100644 index 850584bb55..0000000000 --- a/components/openssl/platform/ssl_port.c +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_port.h" - -/*********************************************************************************************/ -/********************************* SSL general interface *************************************/ - -void *ssl_mem_zalloc(size_t size) -{ - void *p = malloc(size); - - if (p) - memset(p, 0, size); - - return p; -} diff --git a/components/openssl/test/CMakeLists.txt b/components/openssl/test/CMakeLists.txt deleted file mode 100644 index 0fb5bac2c2..0000000000 --- a/components/openssl/test/CMakeLists.txt +++ /dev/null @@ -1,2 +0,0 @@ -idf_component_register(SRC_DIRS "." - PRIV_REQUIRES cmock test_utils openssl) diff --git a/components/openssl/test/test_openssl.c b/components/openssl/test/test_openssl.c deleted file mode 100644 index e6a4d78629..0000000000 --- a/components/openssl/test/test_openssl.c +++ /dev/null @@ -1,152 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING -#include "openssl/ssl.h" -#include "unity.h" - -/** - * @brief This simple test suite is taken from OpenSSL err_test.cc and bio_test.cc, the relevant test - * cases were adopted to the supported fraction of OpenSSL port in esp-idf - */ - -// -// Basic error stack support and test -// -#define ERR_NUM_ERRORS 4 - -TEST_CASE("ErrTest, Overflow", "[openssl]") -{ - - for (unsigned i = 0; i < ERR_NUM_ERRORS*2; i++) { - ERR_put_error(1, 0 /* unused */, i+1, "test", 1); - } - - for (unsigned i = 0; i < ERR_NUM_ERRORS - 1; i++) { - uint32_t err = ERR_get_error(); - /* Errors are returned in order they were pushed, with the least recent ones - * removed, up to |ERR_NUM_ERRORS - 1| errors. So the errors returned are - * |ERR_NUM_ERRORS + 2| through |ERR_NUM_ERRORS * 2|, inclusive. */ - TEST_ASSERT_NOT_EQUAL(0u, err); - TEST_ASSERT_EQUAL(i + ERR_NUM_ERRORS + 2, ERR_GET_REASON(err)); - } - - TEST_ASSERT_EQUAL(0u, ERR_get_error()); -} - -TEST_CASE("ErrTest, PutError", "[openssl]") -{ - TEST_ASSERT_EQUAL(0u, ERR_get_error()); // ERR_get_error returned value before an error was added. - - ERR_put_error(1, 0 /* unused */, 2, "test", 4); - - int peeked_line, line, peeked_flags, flags; - const char *peeked_file, *file, *peeked_data, *data; - uint32_t peeked_packed_error = - ERR_peek_error_line_data(&peeked_file, &peeked_line, &peeked_data, - &peeked_flags); - uint32_t packed_error = ERR_get_error_line_data(&file, &line, &data, &flags); - - TEST_ASSERT_EQUAL(peeked_packed_error, packed_error); - TEST_ASSERT_EQUAL(peeked_file, file); - - TEST_ASSERT_EQUAL_STRING("test", file); - TEST_ASSERT_EQUAL(4, line); - TEST_ASSERT_EQUAL(1, ERR_GET_LIB(packed_error)); - TEST_ASSERT_EQUAL(2, ERR_GET_REASON(packed_error)); -} - -TEST_CASE("ErrTest, ClearError", "[openssl]") -{ - TEST_ASSERT_EQUAL(0u, ERR_get_error()); // ERR_get_error returned value before an error was added. - - ERR_put_error(1, 0 /* unused */, 2, "test", 4); - ERR_clear_error(); - - // The error queue should be cleared. - TEST_ASSERT_EQUAL(0u, ERR_get_error()); -} - -// -// Simplified BIO support and check -// -TEST_CASE("BioTest, TestPair", "[openssl]") -{ - BIO *bio1, *bio2; - TEST_ASSERT_NOT_EQUAL(0, BIO_new_bio_pair(&bio1, 10, &bio2, 10)); - TEST_ASSERT_EQUAL(BIO_ctrl_get_write_guarantee(bio1), 10); - - // Data written in one end may be read out the other. - char buf[20]; - TEST_ASSERT_EQUAL(5, BIO_write(bio1, "12345", 5)); - TEST_ASSERT_EQUAL(5, BIO_ctrl_get_write_guarantee(bio1)); - TEST_ASSERT_EQUAL(5, BIO_read(bio2, buf, sizeof(buf))); - TEST_ASSERT_EQUAL_UINT8_ARRAY("12345", buf, 5); - TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1)); - - // Attempting to write more than 10 bytes will write partially. - TEST_ASSERT_EQUAL(10, BIO_write(bio1, "1234567890___", 13)); - TEST_ASSERT_EQUAL(0, BIO_ctrl_get_write_guarantee(bio1)); - TEST_ASSERT_EQUAL(-1, BIO_write(bio1, "z", 1)); - TEST_ASSERT_TRUE(BIO_should_write(bio1)); - TEST_ASSERT_EQUAL(10, BIO_read(bio2, buf, sizeof(buf))); - TEST_ASSERT_EQUAL_UINT8_ARRAY("1234567890", buf, 10); - TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1)); - - // Unsuccessful reads update the read request. - TEST_ASSERT_EQUAL(-1, BIO_read(bio2, buf, 5)); - TEST_ASSERT_TRUE(BIO_should_read(bio2)); - - // The read request is clamped to the size of the buffer. - TEST_ASSERT_EQUAL(-1, BIO_read(bio2, buf, 20)); - TEST_ASSERT_TRUE(BIO_should_read(bio2)); - - // Data may be written and read in chunks. - TEST_ASSERT_EQUAL(BIO_write(bio1, "12345", 5), 5); - TEST_ASSERT_EQUAL(5, BIO_ctrl_get_write_guarantee(bio1)); - TEST_ASSERT_EQUAL(5, BIO_write(bio1, "67890___", 8)); - TEST_ASSERT_EQUAL(0, BIO_ctrl_get_write_guarantee(bio1)); - TEST_ASSERT_EQUAL(3, BIO_read(bio2, buf, 3)); - TEST_ASSERT_EQUAL_UINT8_ARRAY("123", buf, 3); - TEST_ASSERT_EQUAL(3, BIO_ctrl_get_write_guarantee(bio1)); - TEST_ASSERT_EQUAL(7, BIO_read(bio2, buf, sizeof(buf))); - TEST_ASSERT_EQUAL_UINT8_ARRAY("4567890", buf, 7); - TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1)); - - // Test writes and reads starting in the middle of the ring buffer and - // wrapping to front. - TEST_ASSERT_EQUAL(8, BIO_write(bio1, "abcdefgh", 8)); - TEST_ASSERT_EQUAL(2, BIO_ctrl_get_write_guarantee(bio1)); - TEST_ASSERT_EQUAL(3, BIO_read(bio2, buf, 3)); - TEST_ASSERT_EQUAL_UINT8_ARRAY("abc", buf, 3); - TEST_ASSERT_EQUAL(5, BIO_ctrl_get_write_guarantee(bio1)); - TEST_ASSERT_EQUAL(5, BIO_write(bio1, "ijklm___", 8)); - TEST_ASSERT_EQUAL(0, BIO_ctrl_get_write_guarantee(bio1)); - TEST_ASSERT_EQUAL(10, BIO_read(bio2, buf, sizeof(buf))); - TEST_ASSERT_EQUAL_UINT8_ARRAY("defghijklm", buf, 10); - TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1)); - - // Data may flow from both ends in parallel. - TEST_ASSERT_EQUAL(5, BIO_write(bio1, "12345", 5)); - TEST_ASSERT_EQUAL(5, BIO_write(bio2, "67890", 5)); - TEST_ASSERT_EQUAL(5, BIO_read(bio2, buf, sizeof(buf))); - TEST_ASSERT_EQUAL_UINT8_ARRAY("12345", buf, 5); - TEST_ASSERT_EQUAL(5, BIO_read(bio1, buf, sizeof(buf))); - TEST_ASSERT_EQUAL_UINT8_ARRAY("67890", buf, 5); - - // Other tests below not imported since BIO_shutdown_wr() not supported - // - Closing the write end causes an EOF on the read half, after draining. - // - A closed write end may not be written to. - // - The other end is still functional. -} diff --git a/docs/en/api-reference/protocols/index.rst b/docs/en/api-reference/protocols/index.rst index d9560d1b1d..6ee591c2b0 100644 --- a/docs/en/api-reference/protocols/index.rst +++ b/docs/en/api-reference/protocols/index.rst @@ -18,7 +18,6 @@ Application Protocols esp_https_server icmp_echo mdns - openssl_apis Code examples for this API section are provided in the :example:`protocols` directory of ESP-IDF examples. diff --git a/docs/en/api-reference/protocols/openssl_apis.rst b/docs/en/api-reference/protocols/openssl_apis.rst deleted file mode 100644 index aa348b9f2c..0000000000 --- a/docs/en/api-reference/protocols/openssl_apis.rst +++ /dev/null @@ -1,1801 +0,0 @@ -OpenSSL-APIs ------------- - -.. note:: The OpenSSL-API will be discontinued in ESP-IDF from v5.0. Please use ESP-TLS instead. - -The code of this API (located in :component:`openssl` directory), does not contain OpenSSL itself but is intended as a wrapper for applications using the OpenSSL API. -It uses mbedTLS to do the actual work, so anyone compiling openssl code needs the mbedtls library and header file. - -OpenSSL APIs not mentioned in this article are not open to public for the time, -also do not have the corresponding function. -If user calls it directly, it will always return an error or may show cannot link at compiling time. - -Chapter Introduction -==================== - -- Chapter 1. SSL Context Method Create -- Chapter 2. SSL Context Function -- Chapter 3. SSL Function -- Chapter 4. SSL X509 Certification and Private Key Function - - -Chapter 1. SSL Context Method Create -==================================== - -.. highlight:: none - -1.1 const SSL_METHOD* ``SSLv3_client_method`` (void) - - Arguments:: - - none - - Return:: - - SSLV3.0 version SSL context client method point - - Description:: - - create the target SSL context method - - Example:: - - void example(void) - { - const SSL_METHOD *method = SSLv3_client_method(); - - ... - } - -1.2 const SSL_METHOD* ``TLSv1_client_method`` (void) - - Arguments:: - - none - - Return:: - - TLSV1.0 version SSL context client method point - - Description:: - - create the target SSL context method - - Example:: - - void example(void) - { - const SSL_METHOD *method = TLSv1_client_method(); - - ... - } - -1.3 const SSL_METHOD* ``TLSv1_1_client_method`` (void) - - Arguments:: - - none - - Return:: - - TLSV1.1 version SSL context client method point - - Description:: - - create the target SSL context method - - Example:: - - void example(void) - { - const SSL_METHOD *method = TLSv1_1_client_method(); - - ... - } - -1.4 const SSL_METHOD* ``TLSv1_2_client_method`` (void) - - Arguments:: - - none - - Return:: - - TLSV1.2 version SSL context client method point - - Description:: - - create the target SSL context method - - Example:: - - void example(void) - { - const SSL_METHOD *method = TLSv1_2_client_method(); - - ... - } - -1.5 const SSL_METHOD* ``TLS_client_method`` (void) - - Arguments:: - - none - - Return:: - - TLSV1.2 version SSL context client method point - - Description:: - - create the default SSL context method, it's always to be TLSV1.2 - - Example:: - - void example(void) - { - const SSL_METHOD *method = TLSv1_2_client_method(); - - ... - } - -1.6 const SSL_METHOD* ``SSLv3_server_method`` (void) - - Arguments:: - - none - - Return:: - - SSLV3.0 version SSL context server method point - - Description:: - - create the target SSL context method - - Example:: - - void example(void) - { - const SSL_METHOD *method = SSLv3_server_method(); - - ... - } - -1.7 const SSL_METHOD* ``TLSv1_server_method`` (void) - - Arguments:: - - none - - Return:: - - TLSV1.0 version SSL context server method point - - Description:: - - create the target SSL context method - - Example:: - - void example(void) - { - const SSL_METHOD *method = TLSv1_server_method(); - - ... - } - -1.8 const SSL_METHOD* ``TLSv1_1_server_method`` (void) - - Arguments:: - - none - - Return:: - - TLSV1.1 version SSL context server method point - - Description:: - - create the target SSL context method - - Example:: - - void example(void) - { - const SSL_METHOD *method = TLSv1_1_server_method(); - - ... - } - - -1.9 const SSL_METHOD* ``TLSv1_2_server_method`` (void) - - Arguments:: - - none - - Return:: - - TLSV1.2 version SSL context server method point - - Description:: - - create the target SSL context method - - Example:: - - void example(void) - { - const SSL_METHOD *method = TLSv1_2_server_method(); - - ... - } - -1.10 const SSL_METHOD* ``TLS_server_method`` (void) - - Arguments:: - - none - - Return:: - - TLSV1.2 version SSL context server method point - - Description:: - - create the default SSL context method, it's always to be TLSV1.2 - - Example:: - - void example(void) - { - const SSL_METHOD *method = TLSv1_2_server_method(); - - ... - } - - -Chapter 2. SSL Context Function -=============================== - - -2.1 SSL_CTX* ``SSL_CTX_new`` (const SSL_METHOD * method) - - Arguments:: - - method - the SSL context method point - - Return:: - - context point - - Description:: - - create a SSL context - - Example:: - - void example(void) - { - SSL_CTX *ctx = SSL_CTX_new(SSLv3_server_method()); - - ... - } - - -2.2 ``void SSL_CTX_free`` (SSL_CTX * ctx) - - Arguments:: - - ctx - the SSL context point - - Return:: - - none - - Description:: - - free a SSL context - - Example:: - - void example(void) - { - SSL_CTX *ctx; - - ... ... - - SSL_CTX_free(ctx); - } - - -2.3 ``int SSL_CTX_set_ssl_version`` (SSL_CTX * ctx, const SSL_METHOD * meth) - - Arguments:: - - ctx - SSL context point - meth - SSL method point - - Return:: - - 1 : OK - 0 : failed - - Description:: - - set the SSL context version - - Example:: - - void example(void) - { - SSL_CTX *ctx; - const SSL_METHOD *meth; - - ... ... - - SSL_CTX_set_ssl_version(ctx, meth); - } - - -2.4 const SSL_METHOD* ``SSL_CTX_get_ssl_method`` (SSL_CTX * ctx) - - Arguments:: - - ctx - SSL context point - - Return:: - - SSL context method - - Description:: - - get the SSL context method - - Example:: - - void example(void) - { - const SSL_METHOD *method; - SSL_CTX *ctx; - - ... ... - - method = SSL_CTX_get_ssl_method(ctx); - } - - - -Chapter 3. SSL Function -======================= - - -3.1 SSL* ``SSL_new`` (SSL_CTX * ctx) - - Arguments:: - - ctx - SSL context point - - Return:: - - SSL method - - Description:: - - create a SSL - - Example:: - - void example(void) - { - SSL *ssl; - SSL_CTX *ctx; - - ... ... - - ssl = SSL_new(ctx); - } - - -3.2 void ``SSL_free`` (SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - none - - Description:: - - free SSL - - Example:: - - void example(void) - { - SSL *ssl; - - ... ... - - SSL_free(ssl); - } - - -3.3 int ``SSL_do_handshake`` (SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - 1 : OK - 0 : failed, connect is close by remote - -1 : a error catch - - Description:: - - perform the SSL handshake - - Example:: - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_do_handshake(ssl); - } - - -3.4 int ``SSL_connect`` (SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - 1 : OK - 0 : failed, connect is close by remote - -1 : a error catch - - Description:: - - connect to the remote SSL server - - Example:: - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_connect(ssl); - } - - -3.5 int ``SSL_accept`` (SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - 1 : OK - 0 : failed, connect is close by remote - -1 : a error catch - - Description:: - - accept the remote connection - - Example:: - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_accept(ssl); - } - - -3.6 int ``SSL_shutdown`` (SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - 1 : OK - 0 : failed, connect is close by remote - -1 : a error catch - - Description:: - - shutdown the connection - - Example:: - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_shutdown(ssl); - } - - -3.7 int ``SSL_clear`` (SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - 1 : OK - 0 : failed - - Description:: - - shutdown the connection - - Example:: - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_clear(ssl); - } - - -3.8 int ``SSL_read`` (SSL * ssl, void * buffer, int len) - - Arguments:: - - ssl - point - buffer - data buffer point - len - data length - - Return:: - - > 0 : OK, and return received data bytes - = 0 : no data received or connection is closed - < 0 : an error catch - - Description:: - - read data from remote - - Example:: - - void example(void) - { - SSL *ssl; - char *buf; - int len; - int ret; - - ... ... - - ret = SSL_read(ssl, buf, len); - } - -3.9 int ``SSL_write`` (SSL * ssl, const void * buffer, int len) - - Arguments:: - - ssl - SSL point - buffer - data buffer point - len - data length - - Return:: - - > 0 : OK, and return received data bytes - = 0 : no data sent or connection is closed - < 0 : an error catch - - Description:: - - send the data to remote - - Example:: - - void example(void) - { - SSL *ssl; - char *buf; - int len; - int ret; - - ... ... - - ret = SSL_write(ssl, buf, len); - } - - -3.10 ``SSL_CTX *SSL_get_SSL_CTX`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - SSL context - - Description:: - - get SSL context of the SSL - - Example:: - - void example(void) - { - SSL *ssl; - SSL_CTX *ctx; - - ... ... - - ctx = SSL_get_SSL_CTX(ssl); - } - - -3.11 int ``SSL_get_shutdown`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - shutdown mode - - Description:: - - get SSL shutdown mode - - Example:: - - void example(void) - { - SSL *ssl; - int mode; - - ... ... - - mode = SSL_get_SSL_CTX(ssl); - } - - -3.12 void ``SSL_set_shutdown`` (SSL * ssl, int mode) - - Arguments:: - - ssl - SSL point - - Return:: - - shutdown mode - - Description:: - - set SSL shutdown mode - - Example:: - - void example(void) - { - SSL *ssl; - int mode = 0; - - ... ... - - SSL_set_shutdown(ssl, mode); - } - - -3.13 const SSL_METHOD* ``SSL_get_ssl_method`` (SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - SSL method - - Description:: - - set SSL shutdown mode - - Example:: - - void example(void) - { - SSL *ssl; - const SSL_METHOD *method; - - ... ... - - method = SSL_get_ssl_method(ssl); - } - - -3.14 int ``SSL_set_ssl_method`` (SSL * ssl, const SSL_METHOD * method) - - Arguments:: - - ssl - SSL point - meth - SSL method point - - Return:: - - 1 : OK - 0 : failed - - Description:: - - set the SSL method - - Example:: - - void example(void) - { - int ret; - SSL *ssl; - const SSL_METHOD *method; - - ... ... - - ret = SSL_set_ssl_method(ssl, method); - } - - -3.15 int ``SSL_pending`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - data bytes - - Description:: - - get received data bytes - - Example:: - - void example(void) - { - int ret; - SSL *ssl; - - ... ... - - ret = SSL_pending(ssl); - } - - -3.16 int ``SSL_has_pending`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - 1 : Yes - 0 : No - - Description:: - - check if data is received - - Example:: - - void example(void) - { - int ret; - SSL *ssl; - - ... ... - - ret = SSL_has_pending(ssl); - } - - -3.17 int ``SSL_get_fd`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - >= 0 : socket id - < 0 : a error catch - - Description:: - - get the socket of the SSL - - Example:: - - void example(void) - { - int ret; - SSL *ssl; - - ... ... - - ret = SSL_get_fd(ssl); - } - - -3.18 int ``SSL_get_rfd`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - >= 0 : socket id - < 0 : a error catch - - Description:: - - get the read only socket of the SSL - - Example:: - - void example(void) - { - int ret; - SSL *ssl; - - ... ... - - ret = SSL_get_rfd(ssl); - } - - -3.19 int ``SSL_get_wfd`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - >= 0 : socket id - < 0 : a error catch - - Description:: - - get the write only socket of the SSL - - Example:: - - void example(void) - { - int ret; - SSL *ssl; - - ... ... - - ret = SSL_get_wfd(ssl); - } - - -3.20 int ``SSL_set_fd`` (SSL * ssl, int fd) - - Arguments:: - - ssl - SSL point - fd - socket id - - Return:: - - 1 : OK - 0 : failed - - Description:: - - set socket to SSL - - Example:: - - void example(void) - { - int ret; - SSL *ssl; - int socket; - - ... ... - - ret = SSL_set_fd(ssl, socket); - } - - -3.21 int ``SSL_set_rfd`` (SSL * ssl, int fd) - - Arguments:: - - ssl - SSL point - fd - socket id - - Return:: - - 1 : OK - 0 : failed - - Description:: - - set read only socket to SSL - - Example:: - - void example(void) - { - int ret; - SSL *ssl; - int socket; - - ... ... - - ret = SSL_set_rfd(ssl, socket); - } - - -3.22 int ``SSL_set_wfd`` (SSL * ssl, int fd) - - Arguments:: - - ssl - SSL point - fd - socket id - - Return:: - - 1 : OK - 0 : failed - - Description:: - - set write only socket to SSL - - Example:: - - void example(void) - { - int ret; - SSL *ssl; - int socket; - - ... ... - - ret = SSL_set_wfd(ssl, socket); - } - - -3.23 int ``SSL_version`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - SSL version - - Description:: - - get SSL version - - Example:: - - void example(void) - { - int version; - SSL *ssl; - - ... ... - - version = SSL_version(ssl); - } - - -3.24 const char* ``SSL_get_version`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - SSL version string - - Description:: - - get the SSL current version string - - Example:: - - void example(void) - { - char *version; - SSL *ssl; - - ... ... - - version = SSL_get_version(ssl); - } - - -3.25 OSSL_HANDSHAKE_STATE ``SSL_get_state`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - SSL state - - Description:: - - get the SSL state - - Example:: - - void example(void) - { - OSSL_HANDSHAKE_STATE state; - SSL *ssl; - - ... ... - - state = SSL_get_state(ssl); - } - - -3.26 const char* ``SSL_alert_desc_string`` (int value) - - Arguments:: - - value - SSL description - - Return:: - - alert value string - - Description:: - - get alert description string - - Example:: - - void example(void) - { - int val; - char *str; - - ... ... - - str = SSL_alert_desc_string(val); - } - - -3.27 const char* ``SSL_alert_desc_string_long`` (int value) - - Arguments:: - - value - SSL description - - Return:: - - alert value long string - - Description:: - - get alert description long string - - Example:: - - void example(void) - { - int val; - char *str; - - ... ... - - str = SSL_alert_desc_string_long(val); - } - - -3.28 const char* ``SSL_alert_type_string`` (int value) - - Arguments:: - - value - SSL type description - - Return:: - - alert type string - - Description:: - - get alert type string - - Example:: - - void example(void) - { - int val; - char *str; - - ... ... - - str = SSL_alert_type_string(val); - } - - -3.29 const char* ``SSL_alert_type_string_long`` (int value) - - Arguments:: - - value - SSL type description - - Return:: - - alert type long string - - Description:: - - get alert type long string - - Example:: - - void example(void) - { - int val; - char *str; - - ... ... - - str = SSL_alert_type_string_long(val); - } - -3.30 const char* ``SSL_rstate_string`` (SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - state string - - Description:: - - get the state string where SSL is reading - - Example:: - - void example(void) - { - SSL *ssl; - char *str; - - ... ... - - str = SSL_rstate_string(ssl); - } - - -3.31 const char* ``SSL_rstate_string_long`` (SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - state long string - - Description:: - - get the state long string where SSL is reading - - Example:: - - void example(void) - { - SSL *ssl; - char *str; - - ... ... - - str = SSL_rstate_string_long(ssl); - } - - -3.32 const char* ``SSL_state_string`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - state string - - Description:: - - get the state string - - Example:: - - void example(void) - { - SSL *ssl; - const char *str; - - ... ... - - str = SSL_state_string(ssl); - } - - -3.33 char* ``SSL_state_string_long`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - state long string - - Description:: - - get the state long string - - Example:: - - void example(void) - { - SSL *ssl; - char *str; - - ... ... - - str = SSL_state_string(ssl); - } - - -3.34 int ``SSL_get_error`` (const SSL * ssl, int ret_code) - - Arguments:: - - ssl - SSL point - ret_code - SSL return code - - Return:: - - SSL error number - - Description:: - - get SSL error code - - Example:: - - void example(void) - { - SSL *ssl; - int ret; - int err; - - ... ... - - err = SSL_get_error(ssl, ret); - } - -3.35 int ``SSL_want`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - specifical statement - - Description:: - - get the SSL specifical statement - - Example:: - - void example(void) - { - SSL *ssl; - int state; - - ... ... - - state = SSL_want(ssl); - } - - -3.36 int ``SSL_want_nothing`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - 0 : false - 1 : true - - Description:: - - check if SSL want nothing - - Example:: - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_want(ssl); - } - - -3.37 int ``SSL_want_read`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - 0 : false - 1 : true - - Description:: - - check if SSL want to read - - Example:: - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_want_read(ssl); - } - - -3.38 int ``SSL_want_write`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - 0 : false - 1 : true - - Description:: - - check if SSL want to write - - Example:: - - void example(void) - { - SSL *ssl; - int ret; - - ... ... - - ret = SSL_want_write(ssl); - } - - -Chapter 4. SSL X509 Certification and Private Key Function -========================================================== - - -4.1 X509 * ``d2i_X509`` (X509 ** cert, const unsigned char * buffer, long len) - - Arguments:: - - cert - a point pointed to X509 certification - buffer - a point pointed to the certification context memory point - length - certification bytes - - Return:: - - X509 certification object point - - Description:: - - load a character certification context into system context. If '*cert' is pointed to the - certification, then load certification into it. Or create a new X509 certification object - - Example:: - - void example(void) - { - X509 *new; - X509 *cert; - unsigned char *buffer; - long len; - ... ... - - new = d2i_X509(&cert, buffer, len); - } - - -4.2 int ``SSL_add_client_CA`` (SSL * ssl, X509 * x) - - Arguments:: - - ssl - SSL point - x - CA certification point - - Return:: - - 1 : OK - 0 : failed - - Description:: - - add CA client certification into the SSL - - Example:: - - void example(void) - { - int ret; - SSL *ssl; - X509 *new; - - ... ... - - ret = SSL_add_client_CA(ssl, new); - } - - -4.3 int ``SSL_CTX_add_client_CA`` (SSL_CTX * ctx, X509 * x) - - Arguments:: - - ctx - SSL context point - x - CA certification point - - Return:: - - 1 : OK - 0 : failed - - Description:: - - add CA client certification into the SSL context - - Example:: - - void example(void) - { - int ret; - SSL_CTX *ctx; - X509 *new; - - ... ... - - ret = SSL_add_clSSL_CTX_add_client_CAient_CA(ctx, new); - } - - -4.4 X509* ``SSL_get_certificate`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - SSL certification point - - Description:: - - get the SSL certification point - - Example:: - - void example(void) - { - SSL *ssl; - X509 *cert; - - ... ... - - cert = SSL_get_certificate(ssl); - } - - -4.5 long ``SSL_get_verify_result`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - the result of verifying - - Description:: - - get the verifying result of the SSL certification - - Example:: - - void example(void) - { - SSL *ssl; - long ret; - - ... ... - - ret = SSL_get_verify_result(ssl); - } - - -4.6 int ``SSL_CTX_use_certificate`` (SSL_CTX * ctx, X509 * x) - - Arguments:: - - ctx - the SSL context point - pkey - certification object point - - Return:: - - 1 : OK - 0 : failed - - Description:: - - load the certification into the SSL_CTX or SSL object - - Example:: - - void example(void) - { - int ret; - SSL_CTX *ctx - X509 *new; - - ... ... - - ret = SSL_CTX_use_certificate(ctx, new); - } - - -4.7 int ``SSL_CTX_use_certificate_ASN1`` (SSL_CTX * ctx, int len, const unsigned char * d) - - Arguments:: - - ctx - SSL context point - len - certification length - d - data point - - Return:: - - 1 : OK - 0 : failed - - Description:: - - load the ASN1 certification into SSL context - - Example:: - - void example(void) - { - int ret; - SSL_CTX *ctx; - const unsigned char *buf; - int len; - - ... ... - - ret = SSL_CTX_use_certificate_ASN1(ctx, len, buf); - } - - -4.8 int ``SSL_CTX_use_PrivateKey`` (SSL_CTX * ctx, EVP_PKEY * pkey) - - Arguments:: - - ctx - SSL context point - pkey - private key object point - - Return:: - - 1 : OK - 0 : failed - - Description:: - - load the private key into the context object - - Example:: - - void example(void) - { - int ret; - SSL_CTX *ctx; - EVP_PKEY *pkey; - - ... ... - - ret = SSL_CTX_use_PrivateKey(ctx, pkey); - } - - -4.9 int ``SSL_CTX_use_PrivateKey_ASN1`` (int pk, SSL_CTX * ctx, const unsigned char * d, long len) - - Arguments:: - - ctx - SSL context point - d - data point - len - private key length - - Return:: - - 1 : OK - 0 : failed - - Description:: - - load the ASN1 private key into SSL context - - Example:: - - void example(void) - { - int ret; - int pk; - SSL_CTX *ctx; - const unsigned char *buf; - long len; - - ... ... - - ret = SSL_CTX_use_PrivateKey_ASN1(pk, ctx, buf, len); - } - - -4.10 int ``SSL_CTX_use_RSAPrivateKey_ASN1`` (SSL_CTX * ctx, const unsigned char * d, long len) - - Arguments:: - - ctx - SSL context point - d - data point - len - private key length - - Return:: - - 1 : OK - 0 : failed - - Description:: - - load the RSA ASN1 private key into SSL context - - Example:: - - void example(void) - { - int ret; - SSL_CTX *ctx; - const unsigned char *buf; - long len; - - ... ... - - ret = SSL_CTX_use_RSAPrivateKey_ASN1(ctx, buf, len); - } - - -4.11 int ``SSL_use_certificate_ASN1`` (SSL * ssl, int len, const unsigned char * d) - - Arguments:: - - ssl - SSL point - len - data bytes - d - data point - - Return:: - - 1 : OK - 0 : failed - - Description:: - - load certification into the SSL - - Example:: - - void example(void) - { - int ret; - SSL *ssl; - const unsigned char *buf; - long len; - - ... ... - - ret = SSL_use_certificate_ASN1(ssl, len, buf); - } - - -4.12 X509* ``SSL_get_peer_certificate`` (const SSL * ssl) - - Arguments:: - - ssl - SSL point - - Return:: - - peer certification - - Description:: - - get peer certification - - Example:: - - void example(void) - { - SSL *ssl; - X509 *peer; - - ... ... - - peer = SSL_get_peer_certificate(ssl); - } - diff --git a/docs/en/migration-guides/removed-components.rst b/docs/en/migration-guides/removed-components.rst index d4915aec05..cce534f2f5 100644 --- a/docs/en/migration-guides/removed-components.rst +++ b/docs/en/migration-guides/removed-components.rst @@ -21,3 +21,5 @@ For example, to install libsodium component with exact version X.Y, run: ``idf.p To install libsodium component with the latest version compatible to X.Y according to `semver `_ rules, run: ``idf.py add-dependency libsodium~X.Y``. To find out which versions of each component are available, open https://components.espressif.com, search for the component by its name and check the versions listed on the component page. + +.. note:: OpenSSL-API component is no longer supported. It is not available in the IDF Component Registry, either. Please use :doc:`ESP-TLS ` or :component:`mbedtls` API directly. diff --git a/docs/zh_CN/api-reference/protocols/index.rst b/docs/zh_CN/api-reference/protocols/index.rst index d6ab991d9c..1e8dbe9078 100644 --- a/docs/zh_CN/api-reference/protocols/index.rst +++ b/docs/zh_CN/api-reference/protocols/index.rst @@ -18,7 +18,6 @@ esp_https_server icmp_echo mdns - openssl_apis 此 API 部分的示例代码存放在 ESP-IDF 示例项目的 :example:`protocols` 目录下。 diff --git a/docs/zh_CN/api-reference/protocols/openssl_apis.rst b/docs/zh_CN/api-reference/protocols/openssl_apis.rst deleted file mode 100644 index 5e6e4a8fb4..0000000000 --- a/docs/zh_CN/api-reference/protocols/openssl_apis.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../../en/api-reference/protocols/openssl_apis.rst diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index 432bea84f9..1370273d4d 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -1307,33 +1307,6 @@ components/nvs_flash/test_nvs_host/test_nvs_initialization.cpp components/nvs_flash/test_nvs_host/test_nvs_partition.cpp components/nvs_flash/test_nvs_host/test_nvs_storage.cpp components/nvs_flash/test_nvs_host/test_spi_flash_emulation.cpp -components/openssl/include/internal/ssl3.h -components/openssl/include/internal/ssl_cert.h -components/openssl/include/internal/ssl_code.h -components/openssl/include/internal/ssl_dbg.h -components/openssl/include/internal/ssl_lib.h -components/openssl/include/internal/ssl_methods.h -components/openssl/include/internal/ssl_pkey.h -components/openssl/include/internal/ssl_stack.h -components/openssl/include/internal/ssl_types.h -components/openssl/include/internal/ssl_x509.h -components/openssl/include/internal/tls1.h -components/openssl/include/internal/x509_vfy.h -components/openssl/include/openssl/bio.h -components/openssl/include/openssl/err.h -components/openssl/include/platform/ssl_opt.h -components/openssl/include/platform/ssl_pm.h -components/openssl/include/platform/ssl_port.h -components/openssl/library/ssl_bio.c -components/openssl/library/ssl_cert.c -components/openssl/library/ssl_err.c -components/openssl/library/ssl_lib.c -components/openssl/library/ssl_methods.c -components/openssl/library/ssl_pkey.c -components/openssl/library/ssl_stack.c -components/openssl/platform/ssl_pm.c -components/openssl/platform/ssl_port.c -components/openssl/test/test_openssl.c components/openthread/include/esp_openthread.h components/openthread/include/esp_openthread_lock.h components/openthread/include/esp_openthread_netif_glue.h @@ -2491,12 +2464,6 @@ examples/protocols/mqtt/ws/main/app_main.c examples/protocols/mqtt/ws/mqtt_ws_example_test.py examples/protocols/mqtt/wss/main/app_main.c examples/protocols/mqtt/wss/mqtt_wss_example_test.py -examples/protocols/openssl_client/example_test.py -examples/protocols/openssl_client/main/openssl_client_example.h -examples/protocols/openssl_client/main/openssl_client_example_main.c -examples/protocols/openssl_server/example_test.py -examples/protocols/openssl_server/main/openssl_server_example.h -examples/protocols/openssl_server/main/openssl_server_example_main.c examples/protocols/slip/slip_udp/components/slip_modem/include/slip_modem.h examples/protocols/slip/slip_udp/main/slip_client_main.c examples/protocols/smtp_client/main/smtp_client_example_main.c diff --git a/tools/test_apps/protocols/openssl/CMakeLists.txt b/tools/test_apps/protocols/openssl/CMakeLists.txt deleted file mode 100644 index 90a9a8dc37..0000000000 --- a/tools/test_apps/protocols/openssl/CMakeLists.txt +++ /dev/null @@ -1,14 +0,0 @@ -# The following four lines of boilerplate have to be in your project's CMakeLists -# in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.5) - -# (Not part of the boilerplate) -# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) - -include($ENV{IDF_PATH}/tools/cmake/project.cmake) - -project(openssl_connect_test) - -target_add_binary_data(openssl_connect_test.elf "client_certs/ca.crt" TEXT) -target_add_binary_data(openssl_connect_test.elf "client_certs/ca.key" TEXT) diff --git a/tools/test_apps/protocols/openssl/README.md b/tools/test_apps/protocols/openssl/README.md deleted file mode 100644 index 01dce33e8c..0000000000 --- a/tools/test_apps/protocols/openssl/README.md +++ /dev/null @@ -1,14 +0,0 @@ -| Supported Targets | ESP32 | ESP32-S2 | ESP32-C3 | -| ----------------- | ----- | -------- | -------- | - -# ESP-OPENSSL connect test project - -Main purpose of this application is to test the ESP-OPENSSL library to correctly connect/refuse connectio with TLS servers. -It is possible to run this example manually without any test to exercise ESP-OPENSSL library. - -## Runtime settings -This app waits for user input to provide these parameters: - test-type: "conn" connection test (host, port, test-case) - -## Hardware Required -This test-app can be executed on any ESP32 board, the only required interface is WiFi and connection to a local network and tls server. diff --git a/tools/test_apps/protocols/openssl/app_test.py b/tools/test_apps/protocols/openssl/app_test.py deleted file mode 100644 index 1e71e52d31..0000000000 --- a/tools/test_apps/protocols/openssl/app_test.py +++ /dev/null @@ -1,126 +0,0 @@ -from __future__ import print_function, unicode_literals - -import os -import re -import socket -import ssl -from threading import Event, Thread - -import ttfw_idf - -SERVER_CERTS_DIR = 'server_certs/' - - -def _path(f): - return os.path.join(os.path.dirname(os.path.realpath(__file__)),f) - - -def get_my_ip(): - s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - try: - # doesn't even have to be reachable - s.connect(('10.255.255.255', 1)) - IP = s.getsockname()[0] - except socket.error: - IP = '127.0.0.1' - finally: - s.close() - return IP - - -# Simple TLS server -class TlsServer: - - def __init__(self, port, negotiated_protocol=ssl.PROTOCOL_TLSv1): - self.port = port - self.socket = socket.socket() - self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - self.socket.settimeout(20.0) - self.shutdown = Event() - self.negotiated_protocol = negotiated_protocol - self.conn = None - self.ssl_error = None - self.server_thread = None - - def __enter__(self): - try: - self.socket.bind(('', self.port)) - except socket.error as e: - print('Bind failed:{}'.format(e)) - raise - - self.socket.listen(1) - self.server_thread = Thread(target=self.run_server) - self.server_thread.start() - - return self - - def __exit__(self, exc_type, exc_value, traceback): - self.shutdown.set() - self.server_thread.join() - self.socket.close() - if (self.conn is not None): - self.conn.close() - - def run_server(self): - context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) - context.load_verify_locations(cafile=_path(SERVER_CERTS_DIR + 'ca.crt')) - context.load_cert_chain(certfile=_path(SERVER_CERTS_DIR + 'server.crt'), keyfile=_path(SERVER_CERTS_DIR + 'server.key')) - context.verify_flags = self.negotiated_protocol - self.socket = context.wrap_socket(self.socket, server_side=True) - try: - print('Listening socket') - self.conn, address = self.socket.accept() # accept new connection - self.socket.settimeout(20.0) - print(' - connection from: {}'.format(address)) - except ssl.SSLError as e: - self.conn = None - self.ssl_error = str(e) - print(' - SSLError: {}'.format(str(e))) - - -@ttfw_idf.idf_custom_test(env_tag='Example_WIFI', group='test-apps') -def test_app_esp_openssl(env, extra_data): - dut1 = env.get_dut('openssl_connect_test', 'tools/test_apps/protocols/openssl', dut_class=ttfw_idf.ESP32DUT) - # check and log bin size - binary_file = os.path.join(dut1.app.binary_path, 'openssl_connect_test.bin') - bin_size = os.path.getsize(binary_file) - ttfw_idf.log_performance('openssl_connect_test_bin_size', '{}KB'.format(bin_size // 1024)) - dut1.start_app() - esp_ip = dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30) - print('Got IP={}'.format(esp_ip[0])) - ip = get_my_ip() - server_port = 2222 - - def start_case(case, desc, negotiated_protocol, result): - with TlsServer(server_port, negotiated_protocol=negotiated_protocol): - print('Starting {}: {}'.format(case, desc)) - dut1.write('conn {} {} {}'.format(ip, server_port, case)) - dut1.expect(re.compile(result), timeout=10) - return case - - # start test cases - start_case( - case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE', - desc='Connect with verify_none mode using wrong certs', - negotiated_protocol=ssl.PROTOCOL_TLSv1_1, - result='SSL Connection Succeed') - start_case( - case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER', - desc='Connect with verify_peer mode using wrong certs', - negotiated_protocol=ssl.PROTOCOL_TLSv1_1, - result='SSL Connection Failed') - start_case( - case='CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE', - desc='Connect with verify_none mode using wrong certs', - negotiated_protocol=ssl.PROTOCOL_TLSv1_2, - result='SSL Connection Succeed') - start_case( - case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER', - desc='Connect with verify_peer mode using wrong certs', - negotiated_protocol=ssl.PROTOCOL_TLSv1_2, - result='SSL Connection Failed') - - -if __name__ == '__main__': - test_app_esp_openssl() diff --git a/tools/test_apps/protocols/openssl/client_certs/ca.crt b/tools/test_apps/protocols/openssl/client_certs/ca.crt deleted file mode 100644 index 85cc2d48da..0000000000 --- a/tools/test_apps/protocols/openssl/client_certs/ca.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDTTCCAjWgAwIBAgIUV+ePqdbRF3ln6vDyuopcmiQjLNcwDQYJKoZIhvcNAQEL -BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM -CUVzcHJlc3NpZjAeFw0yMDEwMDQyMTA3MzhaFw0yMDExMDMyMTA3MzhaMDYxCzAJ -BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz -aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdrEr3ams2MvGm8Xqd -9uMikvx/lQ2S1l5FD8kP7SaMmQJ6I9pLaDTSPzg7ZdiI94B7v1s+DJUPe9t9+Drb -zk1fyI9SFooSkiTKcNcDq0MIKlI/6pBp9B86Bn+wpLL+u8G6616X8ERREltJ/HJh -oR41zCHWYKmkRIEMfXPcRbiqw4dNtos5si26MIbBzouUAaN1odXnXGZxntAn3AmR -jQso9GkW2YlrLhpUFgwLxzJZE8EOZsYXvo4X0/n+LoZIiRAGnX6Zy45zMTWAP5ZL -DEo4RT8a2wOHXw6/as/ec7d7pZHk3lSzsfSONH38OWprieOqqnAK1TqBcjggPXvE -pRq/AgMBAAGjUzBRMB0GA1UdDgQWBBSA0K7lXEuCBvJ5pBixVYLN3lXwDDAfBgNV -HSMEGDAWgBSA0K7lXEuCBvJ5pBixVYLN3lXwDDAPBgNVHRMBAf8EBTADAQH/MA0G -CSqGSIb3DQEBCwUAA4IBAQCaMiRZpBr48Nq4S1xMkPw+ILeyGxwHdHKYMuqrEtKW -ErRy1lij6ShCjKdXGLmjwOAtq8UV5BvtD6Rak88GwiP2D9Jn8Jw4oF7CGxQw/tjQ -+MxRF7ok8XNyp5fYkhGRYph0cMDhfYObku/cE9ser1UxKSq/szS9orTduyUfJZYd -Doe6R7KNTq9uPKs5Gk2Lu7gflqlcv89j+r+r+uWf45uLXGP/8iZ9KEJB7xKuNAR1 -z1HovlFW1h08eLYpaLFKRXkSSmUhdEE59mdIYhToE9AHgoyGJqz3tkhzleRn6lmA -JhDVxbm2xFHWCG9SJ6f8OYHpjOrAKXlX45zOLjUVcsN9 ------END CERTIFICATE----- diff --git a/tools/test_apps/protocols/openssl/client_certs/ca.key b/tools/test_apps/protocols/openssl/client_certs/ca.key deleted file mode 100644 index 1ff1ca1fd0..0000000000 --- a/tools/test_apps/protocols/openssl/client_certs/ca.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAnaxK92prNjLxpvF6nfbjIpL8f5UNktZeRQ/JD+0mjJkCeiPa -S2g00j84O2XYiPeAe79bPgyVD3vbffg6285NX8iPUhaKEpIkynDXA6tDCCpSP+qQ -afQfOgZ/sKSy/rvBuutel/BEURJbSfxyYaEeNcwh1mCppESBDH1z3EW4qsOHTbaL -ObItujCGwc6LlAGjdaHV51xmcZ7QJ9wJkY0LKPRpFtmJay4aVBYMC8cyWRPBDmbG -F76OF9P5/i6GSIkQBp1+mcuOczE1gD+WSwxKOEU/GtsDh18Ov2rP3nO3e6WR5N5U -s7H0jjR9/Dlqa4njqqpwCtU6gXI4ID17xKUavwIDAQABAoIBAAMEVvLhAGgrFWCi -Yjw/ix0QPvCaA4Z5v5gGs0wwt3odO2Tm5rhmqAwV1ZedXUVRpw23HaHUT83aCtsg -MtAd5HEev09MyxuL3FRbUGHrlv7DAIvkixrb5vUPRsY0gJBLO2u+MTMrD8OVXFXQ -FMg1cwSIgWU+uEBCZ0274MmoM95gk7ZFI3f5TSjFshSBdcaoewdZS0hhKo9GlhmY -Y/zRT0sQfzKZX8zRslqsWjHuJ1um8w+SRZhGX1Pdl8tZpAGoQASzaelJuNAzSQoD -wW+FhpMKAB4VNwgNOD1BDelDdJb1VlK+mt5I/U1tvetynks6NbuEqtMoKFQSXyVH -LLU7V9ECgYEA0U9mtFfmEyZDmvZaPBeiYwC5gYg5NK7QYFvIibkjvIrPvQUIP5jn -kvrZv2Nsyf6iH6oq4xhS8n+JhzteAOJu56YprHbOXcVo7KhxiUcqvUCWyrwL7LiC -zv0nVXW1SGNtSsZ334eI1B27L6wkVLTsz3tKPldn93s7zBE2tsbO2S0CgYEAwNgq -vO60mYrEu/u6Eje59PULuODiFX+cwJoqCmsh1Uc4N3ty5B3pm0eI4aCGPYWpA0aQ -ktxQVVHgXIVHDrqRCY+FqSoBQJ4/QNHtMYA23Uk5CcnrCKrhFtUwdXHbC2Lz1Men -DA8zaxJaaJvqREpQH6w7YLDGyH1Klpe9R4/+3xsCgYBacPKx7mEt2RTROq2W1aeH -G+MMQ25kgzzqxf4K9IKqj1hgFnKP+GPnsJiyCCYTygEHqaHKatI8kjs8wbxGqZC+ -a6AKM3PMNOa3i7kzVhrzl5sQktycNsXe5qg+VxQz6TJqYwOdBJVtAkPFv54bM+o3 -ZNCZy27TEt6tuKppo9HxKQKBgQCKYNNSHWvknaoMRla/ydMbTldqA5zX1mlx3235 -aeSuOVvCnEfWHwzJSuyTEvAg529fFVyatZLDlmwLl+tkS0XV+XHs8GJTrvouljTB -B4LXCTrvpj+MSaoZC0OpktiedBQJhHZ+9c1ssI/FbtQMytJx19IH0PHjXdyO8TV2 -S4KVLwKBgQCYEldaRhQhRVD2JiY2qWqdqDSytX+NkSMF7uJQeAtx1xD+mCQQpKPA -UviFoCpd6X2m2rGpEy/hOAlciS4LDuwzBlIR5XZgtIbTap5l0/fwS4cEvoP3ncYs -y8v+dZLTwu81IlShVIN1c0SszX+yNrVyfdvLLV1boOX4YzE75EObiw== ------END RSA PRIVATE KEY----- diff --git a/tools/test_apps/protocols/openssl/main/CMakeLists.txt b/tools/test_apps/protocols/openssl/main/CMakeLists.txt deleted file mode 100644 index 303a13fe4b..0000000000 --- a/tools/test_apps/protocols/openssl/main/CMakeLists.txt +++ /dev/null @@ -1,2 +0,0 @@ -idf_component_register(SRCS "main.c" "connect_test.c" - INCLUDE_DIRS ".") diff --git a/tools/test_apps/protocols/openssl/main/connect_test.c b/tools/test_apps/protocols/openssl/main/connect_test.c deleted file mode 100644 index 8ba6cf0be8..0000000000 --- a/tools/test_apps/protocols/openssl/main/connect_test.c +++ /dev/null @@ -1,131 +0,0 @@ -#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING - -#include -#include -#include -#include -#include "esp_log.h" - -static const char *TAG = "OPENSSL_TEST"; - -static int open_connection(const char *host, const int port) -{ - struct sockaddr_in addr; - struct hostent *h; - int sd; - if ((h = gethostbyname(host)) == NULL) { - ESP_LOGI(TAG, "Failed to get host name %s", host); - return -1; - } - sd = socket(AF_INET, SOCK_STREAM, 0); - bzero(&addr, sizeof(addr)); - addr.sin_family = AF_INET; - addr.sin_port = htons(port); - addr.sin_addr.s_addr = *(long*)(h->h_addr); - if (connect(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0) { - return -1; - } - return sd; -} - -static SSL_CTX* init_ctx(const char *test_case) -{ - extern const unsigned char cacert_pem_start[] asm("_binary_ca_crt_start"); - extern const unsigned char cacert_pem_end[] asm("_binary_ca_crt_end"); - const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start; - const SSL_METHOD *method = NULL; - SSL_CTX *ctx = NULL; - if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) { - method = TLSv1_1_client_method(); - ctx = SSL_CTX_new(method); /* Create new context */ - SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); - } else if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER") == 0) { - method = TLSv1_1_client_method(); - ctx = SSL_CTX_new(method); /* Create new context */ - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); - } else if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) { - method = TLSv1_2_client_method(); - ctx = SSL_CTX_new(method); /* Create new context */ - SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); - } else if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_PEER") == 0) { - method = TLSv1_2_client_method(); - ctx = SSL_CTX_new(method); /* Create new context */ - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); - } - X509 *x = d2i_X509(NULL, cacert_pem_start, cacert_pem_bytes); - if(!x) { - ESP_LOGI(TAG, "Loading certs failed"); - goto failed; - } - SSL_CTX_add_client_CA(ctx, x); - return ctx; -failed: - return NULL; -} - -static void start_test(const char *host, const int port, const char *test_case) -{ - SSL_CTX *ctx = NULL; - SSL *ssl = NULL; - int sockfd; - int ret; - - ESP_LOGI(TAG, "Test %s started", test_case); - ctx = init_ctx(test_case); - if (!ctx) { - ESP_LOGI(TAG, "Failed"); - goto failed1; - } - ESP_LOGI(TAG, "Trying connect to %s port %d test case %s ...", host, port, test_case); - sockfd = open_connection(host, port); - if(sockfd < 0) { - ESP_LOGI(TAG,"Failed"); - goto failed1; - } - ESP_LOGI(TAG, "OK"); - ESP_LOGI(TAG, "Create SSL obj"); - ssl = SSL_new(ctx); - if (!ssl) { - ESP_LOGI(TAG,"Failed"); - goto failed2; - } - ESP_LOGI(TAG, "OK"); - SSL_set_fd(ssl, sockfd); - ESP_LOGI(TAG, "SSL verify mode = %d connected to %s port %d ...", SSL_CTX_get_verify_mode(ctx), - host, port); - ret = SSL_connect(ssl); - ESP_LOGI(TAG, "OK"); - if (ret <= 0) { - ESP_LOGI(TAG,"SSL Connection Failed"); - goto failed3; - } - ESP_LOGI(TAG,"SSL Connection Succeed"); -failed3: - SSL_free(ssl); - ssl = NULL; -failed2: - close(sockfd); - sockfd = -1; -failed1: - SSL_CTX_free(ctx); - ctx = NULL; -} - -static void scan(char *s, char **test_type, char **host, int *p, char **test_case) -{ - const char *delim = " "; - *test_type = strtok(s, delim); - *host = strtok(NULL, delim); - *p = atoi(strtok(NULL, delim)); - *test_case = strtok(NULL, delim); -} - -void connection_test(char *line) -{ - char *test_case; - char *test_type; - char *host; - int port; - scan(line, &test_type, &host, &port, &test_case); - start_test(host, port, test_case); -} diff --git a/tools/test_apps/protocols/openssl/main/main.c b/tools/test_apps/protocols/openssl/main/main.c deleted file mode 100644 index c7d7218dae..0000000000 --- a/tools/test_apps/protocols/openssl/main/main.c +++ /dev/null @@ -1,70 +0,0 @@ -/* OpenSSL client test - - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ -#include -#include -#include -#include "esp_system.h" -#include "nvs_flash.h" -#include "esp_event.h" -#include "esp_netif.h" -#include "esp_log.h" -#include "protocol_examples_common.h" - -static const char *TAG = "OPENSSL_TEST"; -void connection_test(char *line); - -static void get_string(char *line, size_t size) -{ - int count = 0; - while (count < size) { - int c = fgetc(stdin); - if (c == '\n') { - line[count] = '\0'; - break; - } else if (c > 0 && c < 127) { - line[count] = c; - ++count; - } - vTaskDelay(10 / portTICK_PERIOD_MS); - } -} - -void app_main(void) -{ - char line[256]; - - ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size()); - ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version()); - - esp_log_level_set("*", ESP_LOG_INFO); - esp_log_level_set("OPENSSL_CLIENT", ESP_LOG_VERBOSE); - esp_log_level_set("TRANSPORT_BASE", ESP_LOG_VERBOSE); - esp_log_level_set("TRANSPORT", ESP_LOG_VERBOSE); - esp_log_level_set("OUTBOX", ESP_LOG_VERBOSE); - - ESP_ERROR_CHECK(nvs_flash_init()); - ESP_ERROR_CHECK(esp_netif_init()); - ESP_ERROR_CHECK(esp_event_loop_create_default()); - - /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig. - * Read "Establishing Wi-Fi or Ethernet Connection" section in - * examples/protocols/README.md for more information about this function. - */ - ESP_ERROR_CHECK(example_connect()); - - while (1) { - get_string(line, sizeof(line)); - if (memcmp(line, "conn", 4) == 0) { - // line starting with "conn" indicate connection tests - connection_test(line); - get_string(line, sizeof(line)); - continue; - } - } -} diff --git a/tools/test_apps/protocols/openssl/server_certs/ca.crt b/tools/test_apps/protocols/openssl/server_certs/ca.crt deleted file mode 100644 index 541d527602..0000000000 --- a/tools/test_apps/protocols/openssl/server_certs/ca.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL -BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM -CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ -BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz -aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP -yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug -0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+ -coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ -tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl -IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx -oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV -HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G -CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU -Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY -XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr -8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY -fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF -AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2 ------END CERTIFICATE----- diff --git a/tools/test_apps/protocols/openssl/server_certs/ca.key b/tools/test_apps/protocols/openssl/server_certs/ca.key deleted file mode 100644 index 99f0a0aea1..0000000000 --- a/tools/test_apps/protocols/openssl/server_certs/ca.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+ -trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz -kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp -QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS -HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94 -XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0 -VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui -khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA -wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd -ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF -qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB -t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/ -8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X -BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9 -Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU -EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI -pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl -F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA -/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A -zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H -DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW -6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt -Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj -gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f -eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ== ------END RSA PRIVATE KEY----- diff --git a/tools/test_apps/protocols/openssl/server_certs/ca.srl b/tools/test_apps/protocols/openssl/server_certs/ca.srl deleted file mode 100644 index 7736761026..0000000000 --- a/tools/test_apps/protocols/openssl/server_certs/ca.srl +++ /dev/null @@ -1 +0,0 @@ -2F41CC40E62F73ACADA631D44C6D40D87504A661 diff --git a/tools/test_apps/protocols/openssl/server_certs/server.crt b/tools/test_apps/protocols/openssl/server_certs/server.crt deleted file mode 100644 index 3b594d990c..0000000000 --- a/tools/test_apps/protocols/openssl/server_certs/server.crt +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDCTCCAfECFC9BzEDmL3OsraYx1ExtQNh1BKZhMA0GCSqGSIb3DQEBCwUAMDYx -CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3By -ZXNzaWYwHhcNMjAwOTIzMDgwMDE5WhcNNDgwMjA5MDgwMDE5WjBMMQswCQYDVQQG -EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UECgwJRXNwcmVzc2lmMRQw -EgYDVQQDDAtDb21tb24gTmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBANjphhEwXDfNjysOcPKhLoQQyZa/5ku3bZFHwlNf4XXbkmPOUgjWOq4JMDC6 -WZB93Ey+OJHIowuoPkADlUtsWRgSLizttn50hcO9PWLfd4NBoNJGqJmh38UiS1tB -SO7YaFcAuXkv+SoirMw5bYuRTJQD8G/j5juvsMUWhif9WsYLPYurkksZqvdZHhrG -nRqPD76RwXpzPwMa5OOj3N9jIxrt4NI8vizjS4weq3e/VNNZS6L93CZFFDB+O382 -ijtavThQ+S9LMyHe+EtoGyF/aSJk58pwo0J+u6t1iblHEBz0O3ZEuUn4vjtNSNnz -f2Mbc/MlPWoibTe2uw7XxbHyaQMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdpNQ -lPHWiXizOxK46pI2EfeggUTtlAFoDvAT+s2SdlwZKNw6Hf80yFJ55nnOgmiMN9aq -x7oXFBPdxhgWStqR+yN0KRyoc+5AS3lz4m61l2jIRYYhg7ItURxujGQPfHPcmQSp -A+gkMXt0DBsdYBz/xxa4Bgw9S/BWUsXMLPG95SAPpAObSZEs/QXagVg0fxzdZTc9 -fajmP8S/5sO3MM+krpyh1NcrJZKm9poHYCG8bBOz19SNPl46eQHdoud3dstHPn0Q -+Jmg12w4HZ4Z5CU4zcgCWsGf0D/ezg15NEYU5r3hyskqFtTjOdoXY9cTdmgAtPGn -NiUtKzHKywP+pO5h0Q== ------END CERTIFICATE----- diff --git a/tools/test_apps/protocols/openssl/server_certs/server.csr b/tools/test_apps/protocols/openssl/server_certs/server.csr deleted file mode 100644 index 3fee563f26..0000000000 --- a/tools/test_apps/protocols/openssl/server_certs/server.csr +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICkTCCAXkCAQAwTDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx -EjAQBgNVBAoMCUVzcHJlc3NpZjEUMBIGA1UEAwwLQ29tbW9uIE5hbWUwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY6YYRMFw3zY8rDnDyoS6EEMmWv+ZL -t22RR8JTX+F125JjzlII1jquCTAwulmQfdxMvjiRyKMLqD5AA5VLbFkYEi4s7bZ+ -dIXDvT1i33eDQaDSRqiZod/FIktbQUju2GhXALl5L/kqIqzMOW2LkUyUA/Bv4+Y7 -r7DFFoYn/VrGCz2Lq5JLGar3WR4axp0ajw++kcF6cz8DGuTjo9zfYyMa7eDSPL4s -40uMHqt3v1TTWUui/dwmRRQwfjt/Noo7Wr04UPkvSzMh3vhLaBshf2kiZOfKcKNC -frurdYm5RxAc9Dt2RLlJ+L47TUjZ839jG3PzJT1qIm03trsO18Wx8mkDAgMBAAGg -ADANBgkqhkiG9w0BAQsFAAOCAQEArUWZtrKI9cJEVP2WZXmsSI1vlLhSeqyv+d7z -5nx5Nzmyuhkck75sA6h7cTZ+QPyJbaijDv8cVx7ZWNhwhIjOD0f7LGMK3EYa8skv -SA92liKLL6zFWJKeJ/DhfM3PXp3g2jNKOwOuQkmWXdoqgR+VmlgA58gWS3EeBzNT -C1MwqSd2s/DHOOoEg4FRAjH7DXUSW09vph7zRYr7KzDRSAaE+2S0FK2Uxl7pzpUc -M2hh2GJ/yClP06XYl7OMFiIbp0hhyLBLLbXnZeYz570Cu8kCAhtfTE7CUiV7eAaY -2/Bv8/a5qxaVEI2cbjJsmn0RURkXzo0a3FrXJPBeWqsKlPqlBQ== ------END CERTIFICATE REQUEST----- diff --git a/tools/test_apps/protocols/openssl/server_certs/server.key b/tools/test_apps/protocols/openssl/server_certs/server.key deleted file mode 100644 index 08b49a1a1e..0000000000 --- a/tools/test_apps/protocols/openssl/server_certs/server.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA2OmGETBcN82PKw5w8qEuhBDJlr/mS7dtkUfCU1/hdduSY85S -CNY6rgkwMLpZkH3cTL44kcijC6g+QAOVS2xZGBIuLO22fnSFw709Yt93g0Gg0kao -maHfxSJLW0FI7thoVwC5eS/5KiKszDlti5FMlAPwb+PmO6+wxRaGJ/1axgs9i6uS -Sxmq91keGsadGo8PvpHBenM/Axrk46Pc32MjGu3g0jy+LONLjB6rd79U01lLov3c -JkUUMH47fzaKO1q9OFD5L0szId74S2gbIX9pImTnynCjQn67q3WJuUcQHPQ7dkS5 -Sfi+O01I2fN/Yxtz8yU9aiJtN7a7DtfFsfJpAwIDAQABAoIBAAxoh2/SSWQz0R3Q -bKukhsmtQCrsfVsVeiIWbcphML+SOPSWp+CziJXOFsCi2F7IpGKLeybzyEfxbuYw -jkjLQOl8mMGfM5JWThSdbbaLPAX5Kh79RcXMGcXoKVFmEasAHC/l7bY+BU3gv+vK -2TZjsHLDKuzrp48AhOcxW6lL9/ZeMUcjg1Qr00s1KzYMpnPSQYT+dH5INTX1fxaY -gIOAipe4Xg5nJKB7eqI7B4d6EJaQhp+SIwtb3aZnETqPLRJFlyiqbaUVPDwWQ4qz -HtN+h749OdmhK6xOyfs02fJBrqpfSXT620qNZTsjfq+GoKCPL1VmSSVuzJtDDclH -e6ikPcECgYEA7+GKRCGHrO8QpubcIVr6VoCz9pwdzFxm5DOjVWfR/kJ2i51ne+f5 -VTEfLlsLQmoY54sSm7ojqpqN+lM7vZfZ8S4V9M+6zGq1I6GK0CA4vTB39qRyqMcv -O+DahEQ+H7DlUsZUYMTjyeSlYcd70h2uQiKQSkDaWKpMYhL6n2/lWuMCgYEA53zf -GvhlB3QSw98vE07/xWEaZWpFGBgTdjMRl8lv0H7yiLV319ax5HwSJZrI9nCM23Lk -CiubgVSb8qtwnbJGlsKgvYbngtOsJMOhggAovyYY6U414hJBwRJz4jb9RIub7cpX -+9RQTw15I7UrQW/Gp7PtnViszDwLBMQOhg2dc2ECgYEA0jjcDV09I8bW1w3WuLyc -Sxa7oFGso54O5cqDR6OWmrbwYOZu/F2NWqWT5/IN6gRFExYEFsmH3ElaR5iN8FeV -vhFfWI577A1P9YvqtP6n+tTxLQttGJCGynkBx4xuzSMfteztoWirIBHrBcfmsXsl -bfwQa6JuN+n2yrRLQ1Kys3UCgYBR/gPUPLkkK7Pd1vaIo0mq8trzovF4OEbkbfBE -UCAfvGdRjt01ASGfaWbQFQQrbfAmZoppI8r/wyU9jgXkhVnFWoiuuNLVnv3xQ624 -KzBDjE30jTQ+r/LEXTHYpVuN5NlFH4+MbkZHyeDniesZUWsOyYdXXSpPaNEKThtK -1hW34QKBgAcqVqoKWSFS2Z44LCE/E9npOxFHZdFsXy0U+EbLBNIoIEMbPex1c5ss -nUzpvQcw8wpEcKn8RKIOMzJtdSat5yzGUIpziRHeSdyYK7pnBHn40SR2yQYDH/YO -C9vrJRcoVFDOHmoQITCW/oOfL/QlKWgL54kmdHNDm8IqTKP2JYp4 ------END RSA PRIVATE KEY-----