Update IDF, tools and toolchains

This commit is contained in:
me-no-dev
2020-08-24 19:10:52 +03:00
parent 86c87aaeee
commit 394c32ddfc
754 changed files with 33157 additions and 23022 deletions

View File

@ -23,6 +23,10 @@
#include "tls1.h"
#include "x509_vfy.h"
/* Used in SSL_set_mode() -- supported mode when using BIO */
#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
# define SSL_SENT_SHUTDOWN 1
# define SSL_RECEIVED_SHUTDOWN 2

View File

@ -55,6 +55,52 @@ EVP_PKEY* d2i_PrivateKey(int type,
const unsigned char **pp,
long length);
/**
* @brief decodes and load a buffer BIO into a EVP key context. If '*a' is pointed to the
* private key, then load key into it. Or create a new private key object
*
* @param bp BIO object containing the key
* @param a Pointer to an existing EVP_KEY or NULL if a new key shall be created
*
* @return Created or updated EVP_PKEY
*/
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
/**
* @brief Same as d2i_PrivateKey_bio
*
* @param bp BIO object containing the key
* @param a Pointer to an existing EVP_KEY or NULL if a new key shall be created
*
* @return Created or updated EVP_PKEY
*/
RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
/**
* @brief loads a private key in PEM format from BIO object
*
* @param bp BIO object containing the key
* @param x Pointer to an existent PKEY or NULL if a new key shall be created
* @param cb Password callback (not used)
* @param u User context (not used)
*
* @return Created or updated EVP_PKEY
*/
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
/**
* @brief RSA key in PEM format from BIO object
*
* @param bp BIO object containing the key
* @param x Pointer to an existent PKEY or NULL if a new key shall be created
* @param cb Password callback (not used)
* @param u User context (not used)
*
* @return Created or updated EVP_PKEY
*/
RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, void *u);
/**
* @brief free a private key object
*

View File

@ -17,6 +17,49 @@
} \
#define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
typedef struct asn1_string_st ASN1_OCTET_STRING;
struct stack_st_GENERAL_NAME;
typedef struct GENERAL_NAME_st {
int type;
union {
char *ptr;
struct asn1_string_st* dNSName;
ASN1_OCTET_STRING* iPAddress;
} d;
} GENERAL_NAME;
typedef struct asn1_string_st ASN1_OCTET_STRING;
typedef struct X509_name_st X509_NAME;
typedef struct asn1_string_st ASN1_STRING;
typedef struct X509_name_entry_st X509_NAME_ENTRY;
typedef struct asn1_string_st {
int type;
int length;
void *data;
} ASN1_IA5STRING;
typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
/**
* @brief get nr of stack items
*
* @param sk Stack structure pointer
*
* @return number of items in the stack
*/
size_t sk_GENERAL_NAME_num(const struct stack_st_GENERAL_NAME *sk);
/**
* @brief get GENERAL_NAME value from the stack
*
* @param sk Stack structure pointer
* @param i Index to stack item
*
* @return GENERAL_NAME object pointer
*/
GENERAL_NAME *sk_GENERAL_NAME_value(const struct stack_st_GENERAL_NAME *sk, size_t i);
/**
* @brief create a openssl stack object

View File

@ -20,6 +20,8 @@
#endif
#include "ssl_code.h"
#include <stddef.h>
#include <stdint.h>
typedef void SSL_CIPHER;
@ -30,6 +32,8 @@ typedef void RSA;
typedef void STACK;
typedef void DH;
#define ossl_inline inline
#define SSL_METHOD_CALL(f, s, ...) s->method->func->ssl_##f(s, ##__VA_ARGS__)
@ -37,7 +41,7 @@ typedef void STACK;
#define EVP_PKEY_METHOD_CALL(f, k, ...) k->method->pkey_##f(k, ##__VA_ARGS__)
typedef int (*OPENSSL_sk_compfunc)(const void *, const void *);
typedef int (*openssl_verify_callback)(int, X509_STORE_CTX *);
struct stack_st;
typedef struct stack_st OPENSSL_STACK;
@ -100,6 +104,8 @@ struct evp_pkey_st {
void *pkey_pm;
const PKEY_METHOD *method;
int ref_counter;
};
struct x509_st {
@ -152,8 +158,16 @@ struct X509_VERIFY_PARAM_st {
};
struct bio_st {
const unsigned char * data;
unsigned char * data;
int dlen;
BIO* peer;
size_t offset;
size_t roffset;
size_t size;
size_t flags;
size_t type;
};
typedef enum { ALPN_INIT, ALPN_ENABLE, ALPN_DISABLE, ALPN_ERROR } ALPN_STATUS;
@ -166,6 +180,9 @@ struct ssl_alpn_st {
const char *alpn_list[ALPN_LIST_MAX];
};
typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
struct ssl_ctx_st
{
int version;
@ -193,6 +210,16 @@ struct ssl_ctx_st
int read_buffer_len;
X509_VERIFY_PARAM param;
void *default_passwd_callback_userdata;
pem_password_cb *default_passwd_callback;
struct stack_st_X509 *extra_certs;
int max_version;
int min_version;
};
struct ssl_st
@ -230,12 +257,13 @@ struct ssl_st
X509_VERIFY_PARAM param;
int err;
uint32_t mode;
void (*info_callback) (const SSL *ssl, int type, int val);
/* SSL low-level system arch point */
void *ssl_pm;
void *bio;
};
struct ssl_method_st {
@ -299,6 +327,13 @@ struct pkey_method_st {
int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len);
};
struct bio_method_st {
unsigned type;
unsigned size;
};
typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out,
unsigned char *outlen, const unsigned char *in,

View File

@ -114,23 +114,6 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d);
*/
int X509_STORE_add_cert(X509_STORE *store, X509 *x);
/**
* @brief load data in BIO
*
* Normally BIO_write should append data but that doesn't happen here, and
* 'data' cannot be freed after the function is called, it should remain valid
* until BIO object is in use.
*
* @param b - pointer to BIO
* @param data - pointer to data
* @param dlen - data bytes
*
* @return result
* 0 : failed
* 1 : OK
*/
int BIO_write(BIO *b, const void *data, int dlen);
/**
* @brief load a character certification context into system context.
*
@ -145,28 +128,22 @@ int BIO_write(BIO *b, const void *data, int dlen);
*
* @return X509 certification object point
*/
X509 * PEM_read_bio_X509(BIO *bp, X509 **x, void *cb, void *u);
X509 * PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb cb, void *u);
/**
* @brief create a BIO object
*
* @param method - pointer to BIO_METHOD
* @brief load a character certification context into system context.
*
* @return pointer to BIO object
*/
BIO *BIO_new(void * method);
/**
* @brief get the memory BIO method function
*/
void *BIO_s_mem(void);
/**
* @brief free a BIO object
* Current implementation directly calls PEM_read_bio_X509
*
* @param x - pointer to BIO object
* @param bp - pointer to BIO
* @param buffer - pointer to the certification context memory
* @param cb - pointer to the callback (not implemented)
* @param u - pointer to arbitrary data (not implemented)
*
* @return X509 certification object point
*/
void BIO_free(BIO *b);
X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **cert, pem_password_cb *cb, void *u);
#ifdef __cplusplus
}

View File

@ -0,0 +1,179 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _OPENSSL_BIO_H
#define _OPENSSL_BIO_H
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
/* These are the 'types' of BIOs */
#define BIO_TYPE_NONE 0
#define BIO_TYPE_MEM (1 | 0x0400)
#define BIO_TYPE_BIO (19 | 0x0400) /* (half a) BIO pair */
/* Bio object flags */
#define BIO_FLAGS_READ 0x01
#define BIO_FLAGS_WRITE 0x02
#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ)
#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE)
typedef struct bio_st BIO;
typedef struct bio_method_st BIO_METHOD;
/**
* @brief Create a BIO object as a file type
* Current implementation return NULL as file types are discouraged on ESP platform
*
* @param filename Filename
* @param mode Mode
*
* @return BIO object
*/
BIO *BIO_new_file(const char *filename, const char *mode);
/**
* @brief Create a BIO object as a membuf type
* Current implementation takes a shallow copy of the buffer
*
* @param buf Pointer to the buffer
* @param len Length of the buffer
*
* @return BIO object
*/
BIO *BIO_new_mem_buf(void *buf, int len);
/**
* @brief create a BIO object
*
* @param method - pointer to BIO_METHOD
*
* @return pointer to BIO object
*/
BIO *BIO_new(BIO_METHOD * method);
/**
* @brief get the memory BIO method function
*/
void *BIO_s_mem(void);
/**
* @brief free a BIO object
*
* @param x - pointer to BIO object
*/
void BIO_free(BIO *b);
/**
* @brief Create a connected pair of BIOs bio1, bio2 with write buffer sizes writebuf1 and writebuf2
*
* @param out1 pointer to BIO1
* @param writebuf1 write size of BIO1 (0 means default size will be used)
* @param out2 pointer to BIO2
* @param writebuf2 write size of BIO2 (0 means default size will be used)
*
* @return result
* 0 : failed
* 1 : OK
*/
int BIO_new_bio_pair(BIO **out1, size_t writebuf1, BIO **out2, size_t writebuf2);
/**
* @brief Write data to BIO
*
* BIO_TYPE_BIO behaves the same way as OpenSSL bio object, other BIO types mock
* this functionality to avoid excessive allocation/copy, so the 'data' cannot
* be freed after the function is called, it should remain valid until BIO object is in use.
*
* @param b - pointer to BIO
* @param data - pointer to data
* @param dlen - data bytes
*
* @return result
* -1, 0 : failed
* 1 : OK
*/
int BIO_write(BIO *b, const void *data, int dlen);
/**
* @brief Read data from BIO
*
* BIO_TYPE_BIO behaves the same way as OpenSSL bio object.
* Other types just hold pointer
*
* @param b - pointer to BIO
* @param data - pointer to data
* @param dlen - data bytes
*
* @return result
* -1, 0 : failed
* 1 : OK
*/
int BIO_read(BIO *bio, void *data, int len);
/**
* @brief Get number of pending characters in the BIOs write buffers.
*
* @param b Pointer to BIO
*
* @return Amount of pending data
*/
size_t BIO_wpending(const BIO *bio);
/**
* @brief Get number of pending characters in the BIOs read buffers.
*
* @param b Pointer to BIO
*
* @return Amount of pending data
*/
size_t BIO_ctrl_pending(const BIO *bio);
/**
* @brief Get the maximum length of data that can be currently written to the BIO
*
* @param b Pointer to BIO
*
* @return Max length of writable data
*/
size_t BIO_ctrl_get_write_guarantee(BIO *bio);
/**
* @brief Returns the type of a BIO.
*
* @param b Pointer to BIO
*
* @return Type of the BIO object
*/
int BIO_method_type(const BIO *b);
/**
* @brief Test flags of a BIO.
*
* @param b Pointer to BIO
* @param flags Flags
*
* @return BIO object flags masked with the supplied flags
*/
int BIO_test_flags(const BIO *b, int flags);
#ifdef __cplusplus
}
#endif
#endif //_OPENSSL_BIO_H

View File

@ -0,0 +1,228 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _OPENSSL_ERR_H
#define _OPENSSL_ERR_H
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @note This file contains a very simple implementation of error stack
* for ESP APIs stubs to OpenSSL
*/
#define OPENSSL_PUT_SYSTEM_ERROR() \
ERR_put_error(ERR_LIB_SYS, 0, 0, __FILE__, __LINE__);
#define OPENSSL_PUT_LIB_ERROR(lib, code) \
ERR_put_error(lib, 0, code, __FILE__, __LINE__);
#define ERR_GET_LIB(packed_error) ((int)(((packed_error) >> 24) & 0xff))
#define ERR_GET_REASON(packed_error) ((int)((packed_error) & 0xffff))
#define ERR_R_PEM_LIB ERR_LIB_PEM
/* inherent openssl errors */
# define ERR_R_FATAL 64
# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL)
# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL)
# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL)
# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL)
# define ERR_R_DISABLED (5|ERR_R_FATAL)
# define ERR_R_INIT_FAIL (6|ERR_R_FATAL)
# define ERR_R_PASSED_INVALID_ARGUMENT (7)
# define ERR_R_OPERATION_FAIL (8|ERR_R_FATAL)
# define ERR_R_INVALID_PROVIDER_FUNCTIONS (9|ERR_R_FATAL)
# define ERR_R_INTERRUPTED_OR_CANCELLED (10)
enum {
ERR_LIB_NONE = 1,
ERR_LIB_SYS,
ERR_LIB_BN,
ERR_LIB_RSA,
ERR_LIB_DH,
ERR_LIB_EVP,
ERR_LIB_BUF,
ERR_LIB_OBJ,
ERR_LIB_PEM,
ERR_LIB_DSA,
ERR_LIB_X509,
ERR_LIB_ASN1,
ERR_LIB_CONF,
ERR_LIB_CRYPTO,
ERR_LIB_EC,
ERR_LIB_SSL,
ERR_LIB_BIO,
ERR_LIB_PKCS7,
ERR_LIB_PKCS8,
ERR_LIB_X509V3,
ERR_LIB_RAND,
ERR_LIB_ENGINE,
ERR_LIB_OCSP,
ERR_LIB_UI,
ERR_LIB_COMP,
ERR_LIB_ECDSA,
ERR_LIB_ECDH,
ERR_LIB_HMAC,
ERR_LIB_DIGEST,
ERR_LIB_CIPHER,
ERR_LIB_HKDF,
ERR_LIB_USER,
ERR_NUM_LIBS
};
/**
* @brief clear the SSL error code
*
* @param none
*
* @return none
*/
void ERR_clear_error(void);
/**
* @brief get the current SSL error code
*
* @param none
*
* @return current SSL error number
*/
uint32_t ERR_get_error(void);
/**
* @brief peek the current SSL error code, not clearing it
*
* @param none
*
* @return current SSL error number
*/
uint32_t ERR_peek_error(void);
/**
* @brief peek the last SSL error code, not clearing it
*
* @param none
*
* @return current SSL error number
*/
uint32_t ERR_peek_last_error(void);
/**
* @brief register the SSL error strings
*
* @param none
*
* @return none
*/
void ERR_load_SSL_strings(void);
/**
* @brief clear the SSL error code
*
* @param none
*
* @return none
*/
void ERR_clear_error(void);
/**
* @brief peek the current SSL error code, not clearing it
*
* @param none
*
* @return current SSL error number
*/
uint32_t ERR_peek_error(void);
/**
* @brief peek the last SSL error code, not clearing it
*
* @param none
*
* @return current SSL error number
*/
uint32_t ERR_peek_last_error(void);
/**
* @brief capture the current error to the error structure
*
* @param library Related library
* @param unused Not used (used for compliant function prototype)
* @param reason The actual error code
* @param file File name of the error report
* @param line Line number of the error report
*
*/
void ERR_put_error(int library, int unused, int reason, const char *file, unsigned line);
/**
* @brief Peek the current SSL error, not clearing it
*
* @param file file name of the reported error
* @param line line number of the reported error
* @param data Associated data to the reported error
* @param flags Flags associated to the error
*
* @return current SSL error number
*/
uint32_t ERR_peek_error_line_data(const char **file, int *line,
const char **data, int *flags);
/**
* @brief Get the current SSL error
*
* @param file file name of the reported error
* @param line line number of the reported error
* @param data Associated data to the reported error
* @param flags Flags associated to the error
*
* @return current SSL error number
*/
uint32_t ERR_get_error_line_data(const char **file, int *line,
const char **data, int *flags);
/**
* @brief API provided as a declaration only
*
*/
void SSL_load_error_strings(void);
/**
* @brief API provided as a declaration only
*
*/
void ERR_free_strings(void);
/**
* @brief API provided as a declaration only
*
*/
void ERR_remove_state(unsigned long pid);
/**
* @brief Returns error string -- Not implemented
*
* @param packed_error Packed error code
*
* @return NULL
*/
const char *ERR_reason_error_string(uint32_t packed_error);
#ifdef __cplusplus
}
#endif
#endif // _OPENSSL_ERR_H

View File

@ -21,6 +21,8 @@
#include "internal/ssl_x509.h"
#include "internal/ssl_pkey.h"
#include "openssl/bio.h"
#include "openssl/err.h"
/*
{
@ -297,6 +299,67 @@ const SSL_METHOD* SSLv3_server_method(void);
*/
const SSL_METHOD* TLS_server_method(void);
/**
* @brief create the target SSL context method
*
* @return the TLS any version SSL context method
*/
const SSL_METHOD* TLS_method(void);
/**
* @brief create the target SSL context method
*
* @return the TLS1.2 version SSL context method
*/
const SSL_METHOD* TLSv1_2_method(void);
/**
* @brief create the target SSL context method
*
* @return the TLS1.1 version SSL context method
*/
const SSL_METHOD* TLSv1_1_method(void);
/**
* @brief create the target SSL context method
*
* @return the TLS1.0 version SSL context method
*/
const SSL_METHOD* TLSv1_method(void);
/**
* @brief create the target SSL context method
*
* @return the SSLV3.0 version SSL context method
*/
const SSL_METHOD* SSLv3_method(void);
/**
* @brief create the target SSL context method
*
* @param none
*
* @return the SSLV2.3 version SSL context method
*/
const SSL_METHOD* SSLv23_method(void);
/**
* @brief Set minimum protocol version for defined context
*
* @param ctx SSL context
*
* @return 1 on success
*/
int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
/**
* @brief Set maximum protocol version for defined context
*
* @param ctx SSL context
*
* @return 1 on success
*/
int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
/**
* @brief set the SSL context ALPN select callback function
@ -348,43 +411,6 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
void *arg),
void *arg);
/**
* @brief get SSL error code
*
* @param ssl - SSL point
* @param ret_code - SSL return code
*
* @return SSL error number
*/
int SSL_get_error(const SSL *ssl, int ret_code);
/**
* @brief clear the SSL error code
*
* @param none
*
* @return none
*/
void ERR_clear_error(void);
/**
* @brief get the current SSL error code
*
* @param none
*
* @return current SSL error number
*/
int ERR_get_error(void);
/**
* @brief register the SSL error strings
*
* @param none
*
* @return none
*/
void ERR_load_SSL_strings(void);
/**
* @brief initialize the SSL library
*
@ -1399,7 +1425,17 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
*
* @return application data
*/
char *SSL_get_app_data(SSL *ssl);
void *SSL_get_app_data(SSL *ssl);
/**
* @brief get SSL error code
*
* @param ssl - SSL point
* @param ret_code - SSL return code
*
* @return SSL error number
*/
int SSL_get_error(const SSL *ssl, int ret_code);
/**
* @brief get SSL cipher bits
@ -1667,7 +1703,7 @@ void SSL_set_accept_state(SSL *ssl);
*
* @return none
*/
void SSL_set_app_data(SSL *ssl, char *arg);
void SSL_set_app_data(SSL *ssl, void *arg);
/**
* @brief set SSL BIO
@ -1756,7 +1792,7 @@ void SSL_set_timeout(SSL *ssl, long t);
*
* @return SSL statement string
*/
char *SSL_state_string(const SSL *ssl);
const char *SSL_state_string(const SSL *ssl);
/**
* @brief get SSL statement long string
@ -1815,6 +1851,52 @@ const char *SSL_get_psk_identity_hint(SSL *ssl);
*/
const char *SSL_get_psk_identity(SSL *ssl);
/**
* @brief set the SSL verify depth of the SSL
*
* @param ssl - SSL context
* @param depth - Depth level to verify
*
*/
void SSL_set_verify_depth(SSL *ssl, int depth);
/**
* @brief Get default verify callback
*
* @param ctx - SSL context
* @return verify_callback - verifying callback function
*
*/
openssl_verify_callback SSL_CTX_get_verify_callback(const SSL_CTX *ctx);
/**
* @brief Get default verify callback
*
* @param ctx - SSL context
* @return verify_callback - verifying callback function
*
*/
openssl_verify_callback SSL_get_verify_callback(const SSL *s);
/**
* @brief Frees RSA object
*
* Current implementation calls directly EVP_PKEY free
*
* @param r RSA object
*
*/
void RSA_free(RSA *r);
/**
* @brief Sets SSL mode, partially implemented
*
* @param ssl SSL context
*
* @return the new mode bitmask after adding mode
*/
uint32_t SSL_set_mode(SSL *ssl, uint32_t mode);
#ifdef __cplusplus
}
#endif