espressif/esp-protocols
1
0
Fork 1
mirror of https://github.com/espressif/esp-protocols.git synced 2025-07-29 18:27:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

asio: Use internal ssl context and engine impl

Browse Source 
Implement asio-ssl layer with three classes in asio::ssl::mbedtls:
* context -- replaces SSL_CTX, used mainly as a container to options,
certs, keys
* engine -- replaces SSL, implements the actual mbedtls operations
* bio -- implements openssl BIO specifically tailered to mbedtls and
its asio usage

Further updates:
* asio: Used shared_ptr<> for bio pairs
* asio: Add error checks to mbedtls-bio
* asio: Address potential ssl-context ownership issue
* asio: Address potential bio-engine ownership issue


* Original commit: espressif/esp-idf@d823106aa6
This commit is contained in:
David Cermak
2021-10-14 10:17:24 +02:00
committed by gabsuren
parent abbc8d9c5a
commit f605fdd632
25 changed files with 1014 additions and 321 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
components/asio/port/include/esp_asio_config.h
View File

@ -18,11 +18,6 @@
# define ASIO_NO_TYPEID
# endif // CONFIG_COMPILER_RTTI
//
// Supress OpenSSL deprecation warning, when building ASIO
//
#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING
//
// LWIP compatibility inet and address macros/functions
//
@ -40,6 +35,9 @@
# ifdef CONFIG_ASIO_USE_ESP_OPENSSL
# define ASIO_USE_ESP_OPENSSL
# define OPENSSL_NO_ENGINE
# define ASIO_SSL_DETAIL_OPENSSL_TYPES_HPP
# include "openssl_stub.hpp"
# elif CONFIG_ASIO_USE_ESP_WOLFSSL
# define ASIO_USE_WOLFSSL
# endif // CONFIG_ASIO_USE_ESP_OPENSSL

1
components/asio/port/include/esp_exception.h
View File

@ -1,4 +1,3 @@
/*
* SPDX-FileCopyrightText: 2018-2021 Espressif Systems (Shanghai) CO LTD
*

18
components/asio/port/include/openssl/conf.h
View File

@ -1,18 +0,0 @@
/*
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _ESP_ASIO_OPENSSL_CONF_H
#define _ESP_ASIO_OPENSSL_CONF_H
#include "esp_asio_config.h"
#include "openssl/esp_asio_openssl_stubs.h"
#if defined(ASIO_USE_WOLFSSL)
// SSLv3 Methods not present in current wolfSSL library
#define OPENSSL_NO_SSL3
#include_next "openssl/conf.h"
#endif // ASIO_USE_WOLFSSL
#endif // _ESP_ASIO_OPENSSL_CONF_H

15
components/asio/port/include/openssl/dh.h
View File

@ -1,15 +0,0 @@
/*
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _ESP_ASIO_OPENSSL_DH_STUB_H
#define _ESP_ASIO_OPENSSL_DH_STUB_H
// Dummy header needed for ASIO compilation with esp-openssl
#if defined(ASIO_USE_WOLFSSL)
#include_next "openssl/dh.h"
#endif // ASIO_USE_WOLFSSL
#endif // _ESP_ASIO_OPENSSL_DH_STUB_H

201
components/asio/port/include/openssl/esp_asio_openssl_stubs.h
View File

@ -1,201 +0,0 @@
/*
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _ESP_ASIO_OPENSSL_STUBS_H
#define _ESP_ASIO_OPENSSL_STUBS_H
/**
* @note This header contains openssl API which are NOT implemented, and are only provided
* as stubs or no-operations to get the ASIO library compiled and working with most
* practical use cases as an embedded application on ESP platform
*/
#if defined(ASIO_USE_WOLFSSL)
#include "wolfssl/ssl.h"
// esp-wolfssl disables filesystem by default, but the ssl filesystem functions are needed for the ASIO to compile
// - so we could either configure wolfSSL to use filesystem
// - or use the default wolfSSL and declare the filesystem functions -- preferred option, as whenever
// the filesystem functions are used from app code (potential security impact if private keys in a filesystem)
// compilation fails with linking errors.
#if defined(NO_FILESYSTEM)
// WolfSSL methods that are not included in standard esp-wolfssl config, must be defined here
// as function stubs, so ASIO compiles, but would get link errors, if these functions were used.
#ifdef __cplusplus
extern "C" {
#endif
typedef struct WOLFSSL_CTX WOLFSSL_CTX;
void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
int SSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*, const char*);
int SSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int);
int SSL_CTX_use_certificate_chain_file(WOLFSSL_CTX*, const char*);
int SSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
int SSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int);
#if defined(__cplusplus)
} /* extern C */
#endif
#endif // NO_FILESYSTEM
#elif defined(ASIO_USE_ESP_OPENSSL)
#include "internal/ssl_x509.h"
#include "internal/ssl_pkey.h"
#include "mbedtls/pem.h"
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
// The most applicable OpenSSL version wrtt ASIO usage
#define OPENSSL_VERSION_NUMBER 0x10100001L
// SSLv2 methods not supported
// OpenSSL port supports: TLS_ANY, TLS_1, TLS_1_1, TLS_1_2, SSL_3
#define OPENSSL_NO_SSL2
#define SSL2_VERSION 0x0002
#define SSL_R_SHORT_READ 219
#define SSL_OP_ALL 0
#define SSL_OP_SINGLE_DH_USE 0
#define SSL_OP_NO_COMPRESSION 0
// Translates mbedTLS PEM parse error, used by ASIO
#define PEM_R_NO_START_LINE -MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
#define SSL_OP_NO_SSLv2 0x01000000L
#define SSL_OP_NO_SSLv3 0x02000000L
#define SSL_OP_NO_TLSv1 0x04000000L
#define X509_FILETYPE_PEM 1
#define X509_FILETYPE_ASN1 2
#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
#define NID_subject_alt_name 85
#define GEN_DNS 2
#define GEN_IPADD 7
#define V_ASN1_OCTET_STRING 4
#define V_ASN1_IA5STRING 22
#define NID_commonName 13
#define SSL_CTX_get_app_data(ctx) ((void*)SSL_CTX_get_ex_data(ctx, 0))
/**
* @brief Frees DH object -- not implemented
*
* Current implementation calls SSL_ASSERT
*
* @param r DH object
*/
void DH_free(DH *r);
/**
* @brief Frees GENERAL_NAMES -- not implemented
*
* Current implementation calls SSL_ASSERT
*
* @param r GENERAL_NAMES object
*/
void GENERAL_NAMES_free(GENERAL_NAMES * gens);
/**
* @brief Returns subject name from X509 -- not implemented
*
* Current implementation calls SSL_ASSERT
*
* @param r X509 object
*/
X509_NAME *X509_get_subject_name(X509 *a);
/**
* @brief API provaded as declaration only
*
*/
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
/**
* @brief API provaded as declaration only
*
*/
int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
/**
* @brief API provaded as declaration only
*
*/
X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
/**
* @brief API provaded as declaration only
*
*/
ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
/**
* @brief API provaded as declaration only
*
*/
void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
/**
* @brief API provaded as declaration only
*
*/
X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
/**
* @brief Reads DH params from a bio object -- not implemented
*
* Current implementation calls SSL_ASSERT
*/
DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
/**
* @brief API provaded as declaration only
*
*/
void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
/**
* @brief Sets DH params to ssl ctx -- not implemented
*
* Current implementation calls SSL_ASSERT
*/
int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh);
/**
* @brief API provaded as declaration only
*
*/
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *data);
/**
* @brief API provaded as declaration only
*
*/
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
/**
* @brief Clears any existing chain associated with the current certificate of ctx.
*
*/
int SSL_CTX_clear_chain_certs(SSL_CTX *ctx);
#if defined(__cplusplus)
} /* extern C */
#endif
#endif /* ASIO_USE_ESP_OPENSSL, ASIO_USE_WOLFSSL */
#endif /* _ESP_ASIO_OPENSSL_STUBS_H */

15
components/asio/port/include/openssl/rsa.h
View File

@ -1,15 +0,0 @@
/*
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _ESP_ASIO_OPENSSL_RSA_STUB_H
#define _ESP_ASIO_OPENSSL_RSA_STUB_H
// Dummy header needed for ASIO compilation with esp-openssl
#if defined(ASIO_USE_WOLFSSL)
#include_next "openssl/rsa.h"
#endif // ASIO_USE_WOLFSSL
#endif // _ESP_ASIO_OPENSSL_RSA_STUB_H

15
components/asio/port/include/openssl/x509v3.h
View File

@ -1,15 +0,0 @@
/*
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _ESP_ASIO_OPENSSL_X509V3_STUB_H
#define _ESP_ASIO_OPENSSL_X509V3_STUB_H
// Dummy header needed for ASIO compilation with esp-openssl
#if defined(ASIO_USE_WOLFSSL)
#include_next "openssl/x509v3.h"
#endif // ASIO_USE_WOLFSSL
#endif // _ESP_ASIO_OPENSSL_X509V3_STUB_H

46
components/asio/port/include/openssl_stub.hpp Normal file
View File

@ -0,0 +1,46 @@
//
// SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
//
// SPDX-License-Identifier: BSL-1.0
//
#pragma once
//
// Supply OpenSSL macros and flags for asio-ssl header files
//
#define OPENSSL_VERSION_NUMBER 0x10100001L
#define SSL_R_SHORT_READ 219
#define SSL_OP_ALL 0
#define SSL_OP_SINGLE_DH_USE 0
#define SSL_OP_NO_COMPRESSION 0
#define SSL_OP_NO_SSLv2 0x01000000L
#define SSL_OP_NO_SSLv3 0x02000000L
#define SSL_OP_NO_TLSv1 0x04000000L
#define SSL_VERIFY_NONE 0x00
#define SSL_VERIFY_PEER 0x01
#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
#define SSL_VERIFY_CLIENT_ONCE 0x04
//
// Implement asio-ssl layer with these three classes in asio::ssl::mbedtls
//
namespace asio {
namespace ssl {
namespace mbedtls {
class engine;
class bio;
class shared_ctx;
} } } // namespace asio::ssl::mbedtls
//
// Supply OpenSSL types as aliases to mbedtls classes
//
using X509_STORE_CTX=void;
using BIO=asio::ssl::mbedtls::bio;
using SSL_CTX=asio::ssl::mbedtls::shared_ctx;
using SSL=asio::ssl::mbedtls::engine;