asio: option to use wolfSSL as TLS stack for ASIO

Plus other minor update, make openssl aware of current modes (SSL_set_mode)
Update coding style in examples and tests, including copyright notices


* Original commit: espressif/esp-idf@1c8171c3e8

components/asio/CMakeLists.txt

@@ -1,5 +1,33 @@
-idf_component_register(SRCS "asio/asio/src/asio.cpp"
-                            "asio/asio/src/asio_ssl.cpp"
-                            "port/src/esp_asio_openssl_stubs.c"
+set(asio_sources "asio/asio/src/asio.cpp")
+
+if (CONFIG_ASIO_SSL_SUPPORT)
+    if(CONFIG_ASIO_USE_ESP_OPENSSL)
+        list(APPEND asio_sources
+                "asio/asio/src/asio_ssl.cpp"
+                "port/src/esp_asio_openssl_stubs.c")
+    endif()
+
+    if(CONFIG_ASIO_USE_ESP_WOLFSSL)
+        list(APPEND asio_sources
+                "asio/asio/src/asio_ssl.cpp")
+    endif()
+endif()
+
+idf_component_register(SRCS ${asio_sources}
                     INCLUDE_DIRS "asio/asio/include" "port/include"
-                    REQUIRES lwip openssl)
+                    REQUIRES lwip)
+
+if (CONFIG_ASIO_SSL_SUPPORT)
+    if(CONFIG_ASIO_USE_ESP_WOLFSSL)
+        idf_component_get_property(wolflib esp-wolfssl COMPONENT_LIB)
+        idf_component_get_property(wolfdir esp-wolfssl COMPONENT_DIR)
+
+        target_link_libraries(${COMPONENT_LIB} PUBLIC ${wolflib})
+        target_include_directories(${COMPONENT_LIB} PUBLIC ${wolfdir}/wolfssl/wolfssl)
+    endif()
+
+    if(CONFIG_ASIO_USE_ESP_OPENSSL)
+        idf_component_get_property(esp_openssl openssl COMPONENT_LIB)
+        target_link_libraries(${COMPONENT_LIB} PUBLIC ${esp_openssl})
+    endif()
+endif()

components/asio/Kconfig

@@ -0,0 +1,25 @@
+menu "ESP-ASIO"
+    config ASIO_SSL_SUPPORT
+        bool "Enable SSL/TLS support of ASIO"
+        default n
+        help
+            Enable support for basic SSL/TLS features, available for mbedTLS/OpenSSL
+            as well as wolfSSL TLS library.
+
+    choice ASIO_SSL_LIBRARY_CHOICE
+        prompt "Choose SSL/TLS library for ESP-TLS (See help for more Info)"
+        default ASIO_USE_ESP_OPENSSL
+        depends on ASIO_SSL_SUPPORT
+        help
+            The ASIO support multiple backend TLS libraries. Currently the mbedTLS with a thin ESP-OpenSSL
+            port layer (default choice) and WolfSSL are supported.
+            Different TLS libraries may support different features and have different resource
+            usage. Consult the ESP-TLS documentation in ESP-IDF Programming guide for more details.
+        config ASIO_USE_ESP_OPENSSL
+            bool "esp-openssl"
+        config ASIO_USE_ESP_WOLFSSL
+            depends on TLS_STACK_WOLFSSL
+            bool "wolfSSL (License info in wolfSSL directory README)"
+    endchoice
+
+endmenu

components/asio/component.mk

@@ -2,4 +2,8 @@ COMPONENT_ADD_INCLUDEDIRS := asio/asio/include port/include
 COMPONENT_PRIV_INCLUDEDIRS := private_include
 COMPONENT_SRCDIRS := asio/asio/src port/src
 
+ifeq ($(CONFIG_ASIO_SSL_SUPPORT), )
+COMPONENT_OBJEXCLUDE := asio/asio/src/asio_ssl.o port/src/esp_asio_openssl_stubs.o
+endif
+
 COMPONENT_SUBMODULES += asio

components/asio/port/include/esp_asio_config.h

@@ -40,4 +40,11 @@
 # define ASIO_STANDALONE
 # define ASIO_HAS_PTHREADS
 
+# ifdef CONFIG_ASIO_USE_ESP_OPENSSL
+#  define ASIO_USE_ESP_OPENSSL
+#  define OPENSSL_NO_ENGINE
+# elif CONFIG_ASIO_USE_ESP_WOLFSSL
+#  define ASIO_USE_WOLFSSL
+# endif   // CONFIG_ASIO_USE_ESP_OPENSSL
+
 #endif // _ESP_ASIO_CONFIG_H_

components/asio/port/include/openssl/conf.h

@@ -14,7 +14,13 @@
 
 #ifndef _ESP_ASIO_OPENSSL_CONF_H
 #define _ESP_ASIO_OPENSSL_CONF_H
-
+#include "esp_asio_config.h"
 #include "openssl/esp_asio_openssl_stubs.h"
 
+#if defined(ASIO_USE_WOLFSSL)
+// SSLv3 Methods not present in current wolfSSL library
+#define OPENSSL_NO_SSL3
+#include_next "openssl/conf.h"
+#endif // ASIO_USE_WOLFSSL
+
 #endif // _ESP_ASIO_OPENSSL_CONF_H

components/asio/port/include/openssl/dh.h

@@ -0,0 +1,23 @@
+// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef _ESP_ASIO_OPENSSL_DH_STUB_H
+#define _ESP_ASIO_OPENSSL_DH_STUB_H
+// Dummy header needed for ASIO compilation with esp-openssl
+
+#if defined(ASIO_USE_WOLFSSL)
+#include_next "openssl/dh.h"
+#endif // ASIO_USE_WOLFSSL
+
+#endif // _ESP_ASIO_OPENSSL_DH_STUB_H

components/asio/port/include/openssl/esp_asio_openssl_stubs.h

@@ -15,21 +15,57 @@
 #ifndef _ESP_ASIO_OPENSSL_STUBS_H
 #define _ESP_ASIO_OPENSSL_STUBS_H
 
-#include "internal/ssl_x509.h"
-#include "internal/ssl_pkey.h"
-#include "mbedtls/pem.h"
-#include <stdint.h>
-
 /**
  * @note This header contains openssl API which are NOT implemented, and are only provided
  * as stubs or no-operations to get the ASIO library compiled and working with most
  * practical use cases as an embedded application on ESP platform
  */
 
+#if defined(ASIO_USE_WOLFSSL)
+
+#include "wolfssl/ssl.h"
+// esp-wolfssl disables filesystem by default, but the ssl filesystem functions are needed for the ASIO to compile
+//  - so we could either configure wolfSSL to use filesystem
+//  - or use the default wolfSSL and declare the filesystem functions -- preferred option, as whenever
+//    the filesystem functions are used from app code (potential security impact if private keys in a filesystem)
+//    compilation fails with linking errors.
+
+#if defined(NO_FILESYSTEM)
+// WolfSSL methods that are not included in standard esp-wolfssl config, must be defined here
+// as function stubs,  so ASIO compiles, but would get link errors, if these functions were used.
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
+typedef struct WOLFSSL_CTX      WOLFSSL_CTX;
+
+void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
+int SSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*, const char*);
+int SSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int);
+int SSL_CTX_use_certificate_chain_file(WOLFSSL_CTX*, const char*);
+int SSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
+int SSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int);
+
+#if defined(__cplusplus)
+} /* extern C */
+#endif
+
+#endif // NO_FILESYSTEM
+
+#elif defined(ASIO_USE_ESP_OPENSSL)
+
+#include "internal/ssl_x509.h"
+#include "internal/ssl_pkey.h"
+#include "mbedtls/pem.h"
+#include <stdint.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
 // The most applicable OpenSSL version wrtt ASIO usage
 #define OPENSSL_VERSION_NUMBER 0x10100001L
 // SSLv2 methods not supported
@@ -40,10 +76,7 @@ extern "C" {
 #define SSL_R_SHORT_READ 219
 #define SSL_OP_ALL 0
 #define SSL_OP_SINGLE_DH_USE 0
-//#define OPENSSL_VERSION_NUMBER 0x10001000L
 #define SSL_OP_NO_COMPRESSION 0
-//#define LIBRESSL_VERSION_NUMBER 1
-//#define PEM_R_NO_START_LINE 110
 // Translates mbedTLS PEM parse error, used by ASIO
 #define PEM_R_NO_START_LINE -MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
 
@@ -58,9 +91,6 @@ extern "C" {
 
 #define NID_subject_alt_name 85
 
-#define SSL_MODE_RELEASE_BUFFERS            0x00000000L
-#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
-#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
 
 #define GEN_DNS		2
 #define GEN_IPADD	7
@@ -153,13 +183,6 @@ void *	X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
  */
 int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh);
 
-/**
- * @brief Sets SSL mode -- not implemented
- *
- * Current implementation is no-op
- */
-uint32_t SSL_set_mode(SSL *ssl, uint32_t mode);
-
 /**
  * @brief API provaded as declaration only
  *
@@ -182,4 +205,5 @@ int SSL_CTX_clear_chain_certs(SSL_CTX *ctx);
 } /* extern C */
 #endif
 
+#endif /* ASIO_USE_ESP_OPENSSL, ASIO_USE_WOLFSSL */
 #endif /* _ESP_ASIO_OPENSSL_STUBS_H */

components/asio/port/include/openssl/rsa.h

@@ -0,0 +1,23 @@
+// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef _ESP_ASIO_OPENSSL_RSA_STUB_H
+#define _ESP_ASIO_OPENSSL_RSA_STUB_H
+// Dummy header needed for ASIO compilation with esp-openssl
+
+#if defined(ASIO_USE_WOLFSSL)
+#include_next "openssl/rsa.h"
+#endif // ASIO_USE_WOLFSSL
+
+#endif // _ESP_ASIO_OPENSSL_RSA_STUB_H

components/asio/port/include/openssl/x509v3.h

@@ -0,0 +1,23 @@
+// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef _ESP_ASIO_OPENSSL_X509V3_STUB_H
+#define _ESP_ASIO_OPENSSL_X509V3_STUB_H
+// Dummy header needed for ASIO compilation with esp-openssl
+
+#if defined(ASIO_USE_WOLFSSL)
+#include_next "openssl/x509v3.h"
+#endif // ASIO_USE_WOLFSSL
+
+#endif // _ESP_ASIO_OPENSSL_X509V3_STUB_H

components/asio/port/src/esp_asio_openssl_stubs.c

@@ -49,11 +49,6 @@ X509_NAME *X509_get_subject_name(X509 *a)
     return NULL;
 }
 
-uint32_t SSL_set_mode(SSL *ssl, uint32_t mode)
-{
-    return 0;
-}
-
 int SSL_CTX_clear_chain_certs(SSL_CTX *ctx)
 {
     return 1;