components/openssl: add base function version

components/openssl/include/internal/ssl3.h

@@ -0,0 +1,22 @@
+#ifndef _SSL3_H_
+#define _SSL3_H_
+
+# define SSL3_AD_CLOSE_NOTIFY             0
+# define SSL3_AD_UNEXPECTED_MESSAGE      10/* fatal */
+# define SSL3_AD_BAD_RECORD_MAC          20/* fatal */
+# define SSL3_AD_DECOMPRESSION_FAILURE   30/* fatal */
+# define SSL3_AD_HANDSHAKE_FAILURE       40/* fatal */
+# define SSL3_AD_NO_CERTIFICATE          41
+# define SSL3_AD_BAD_CERTIFICATE         42
+# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
+# define SSL3_AD_CERTIFICATE_REVOKED     44
+# define SSL3_AD_CERTIFICATE_EXPIRED     45
+# define SSL3_AD_CERTIFICATE_UNKNOWN     46
+# define SSL3_AD_ILLEGAL_PARAMETER       47/* fatal */
+
+# define SSL3_AL_WARNING                  1
+# define SSL3_AL_FATAL                    2
+
+#define SSL3_VERSION                 0x0300
+
+#endif

components/openssl/include/internal/ssl_cert.h

@@ -0,0 +1,11 @@
+#ifndef _SSL_CERT_H_
+#define _SSL_CERT_H_
+
+#include "ssl_pkey.h"
+#include "ssl_x509.h"
+
+CERT *ssl_cert_new(void);
+
+void ssl_cert_free(CERT *c);
+
+#endif

components/openssl/include/internal/ssl_code.h

@@ -0,0 +1,95 @@
+#ifndef _SSL_CODE_H_
+#define _SSL_CODE_H_
+
+#include "ssl3.h"
+#include "tls1.h"
+
+/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+# define SSL_SENT_SHUTDOWN       1
+# define SSL_RECEIVED_SHUTDOWN   2
+
+/*
+ * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
+ * should not need these
+ */
+# define SSL_ST_READ_HEADER                      0xF0
+# define SSL_ST_READ_BODY                        0xF1
+# define SSL_ST_READ_DONE                        0xF2
+
+# define SSL_NOTHING            1
+# define SSL_WRITING            2
+# define SSL_READING            3
+# define SSL_X509_LOOKUP        4
+# define SSL_ASYNC_PAUSED       5
+# define SSL_ASYNC_NO_JOBS      6
+
+
+# define SSL_ERROR_NONE                  0
+# define SSL_ERROR_SSL                   1
+# define SSL_ERROR_WANT_READ             2
+# define SSL_ERROR_WANT_WRITE            3
+# define SSL_ERROR_WANT_X509_LOOKUP      4
+# define SSL_ERROR_SYSCALL               5/* look at error stack/return value/errno */
+# define SSL_ERROR_ZERO_RETURN           6
+# define SSL_ERROR_WANT_CONNECT          7
+# define SSL_ERROR_WANT_ACCEPT           8
+# define SSL_ERROR_WANT_ASYNC            9
+# define SSL_ERROR_WANT_ASYNC_JOB       10
+
+/* Message flow states */
+typedef enum {
+    /* No handshake in progress */
+    MSG_FLOW_UNINITED,
+    /* A permanent error with this connection */
+    MSG_FLOW_ERROR,
+    /* We are about to renegotiate */
+    MSG_FLOW_RENEGOTIATE,
+    /* We are reading messages */
+    MSG_FLOW_READING,
+    /* We are writing messages */
+    MSG_FLOW_WRITING,
+    /* Handshake has finished */
+    MSG_FLOW_FINISHED
+} MSG_FLOW_STATE;
+
+typedef enum {
+    TLS_ST_BEFORE,
+    TLS_ST_OK,
+    DTLS_ST_CR_HELLO_VERIFY_REQUEST,
+    TLS_ST_CR_SRVR_HELLO,
+    TLS_ST_CR_CERT,
+    TLS_ST_CR_CERT_STATUS,
+    TLS_ST_CR_KEY_EXCH,
+    TLS_ST_CR_CERT_REQ,
+    TLS_ST_CR_SRVR_DONE,
+    TLS_ST_CR_SESSION_TICKET,
+    TLS_ST_CR_CHANGE,
+    TLS_ST_CR_FINISHED,
+    TLS_ST_CW_CLNT_HELLO,
+    TLS_ST_CW_CERT,
+    TLS_ST_CW_KEY_EXCH,
+    TLS_ST_CW_CERT_VRFY,
+    TLS_ST_CW_CHANGE,
+    TLS_ST_CW_NEXT_PROTO,
+    TLS_ST_CW_FINISHED,
+    TLS_ST_SW_HELLO_REQ,
+    TLS_ST_SR_CLNT_HELLO,
+    DTLS_ST_SW_HELLO_VERIFY_REQUEST,
+    TLS_ST_SW_SRVR_HELLO,
+    TLS_ST_SW_CERT,
+    TLS_ST_SW_KEY_EXCH,
+    TLS_ST_SW_CERT_REQ,
+    TLS_ST_SW_SRVR_DONE,
+    TLS_ST_SR_CERT,
+    TLS_ST_SR_KEY_EXCH,
+    TLS_ST_SR_CERT_VRFY,
+    TLS_ST_SR_NEXT_PROTO,
+    TLS_ST_SR_CHANGE,
+    TLS_ST_SR_FINISHED,
+    TLS_ST_SW_SESSION_TICKET,
+    TLS_ST_SW_CERT_STATUS,
+    TLS_ST_SW_CHANGE,
+    TLS_ST_SW_FINISHED
+} OSSL_HANDSHAKE_STATE;
+
+#endif

components/openssl/include/internal/ssl_dbg.h

@@ -0,0 +1,33 @@
+#ifndef _SSL_DEBUG_H_
+#define _SSL_DEBUG_H_
+
+#define SSL_DEBUG_ENBALE 0
+#define SSL_DEBUG_LEVEL 0
+#define SSL_ASSERT_ENABLE 1
+#define SSL_DEBUG_LOCATION_ENABLE 1
+
+#if SSL_DEBUG_ENBALE
+    #define SSL_PRINT os_printf
+#else
+    #define SSL_PRINT(...)
+#endif
+
+#if SSL_DEBUG_LOCATION_ENABLE
+    #define SSL_DEBUG_LOCATION() SSL_PRINT("%s %s line %d\n", __FILE__, __FUNCTION__, __LINE__)
+#else
+    #define SSL_DEBUG_LOCATION()
+#endif
+
+#if SSL_ASSERT_ENABLE
+    #define SSL_ASSERT(s) { if (!(s)) { SSL_DEBUG_LOCATION(); } }
+#else
+    #define SSL_ASSERT(s)
+#endif
+
+#define SSL_ERR(err, go, ...) { SSL_DEBUG_LOCATION(); SSL_PRINT(__VA_ARGS__); ret = err; goto go; }
+
+#define SSL_RET(go, ...) {  SSL_DEBUG_LOCATION(); SSL_PRINT(__VA_ARGS__); goto go; }
+
+#define SSL_DEBUG(level, ...) { if (level > SSL_DEBUG_LEVEL) {SSL_PRINT(__VA_ARGS__);} }
+
+#endif

components/openssl/include/internal/ssl_lib.h

@@ -0,0 +1,11 @@
+#ifndef _SSL_LIB_H_
+#define _SSL_LIB_H_
+
+#include "ssl_types.h"
+
+#define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
+#define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
+#define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
+#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_WRITING)
+
+#endif

components/openssl/include/internal/ssl_methods.h

@@ -0,0 +1,46 @@
+#ifndef _SSL_METHODS_H_
+#define _SSL_METHODS_H_
+
+#define IMPLEMENT_TLS_METHOD_FUNC(func_name, \
+                    new, free, \
+                    handshake, shutdown, clear, \
+                    read, send, pending, \
+                    set_fd, get_fd, \
+                    set_bufflen, \
+                    get_state) \
+        static const SSL_METHOD_FUNC func_name = { \
+                new, \
+                free, \
+                handshake, \
+                shutdown, \
+                clear, \
+                read, \
+                send, \
+                pending, \
+                set_fd, \
+                get_fd, \
+                set_bufflen, \
+                get_state \
+        };
+
+#define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \
+    const SSL_METHOD* func_name(void) { \
+        static const SSL_METHOD func_name##_data = { \
+                ver, \
+                mode, \
+                &(fun), \
+        }; \
+        return &func_name##_data; \
+    }
+
+#define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \
+    const SSL_METHOD* func_name(void) { \
+        static const SSL_METHOD func_name##_data = { \
+                ver, \
+                mode, \
+                &(fun), \
+        }; \
+        return &func_name##_data; \
+    }
+
+#endif

components/openssl/include/internal/ssl_pkey.h

@@ -0,0 +1,11 @@
+#ifndef _SSL_PKEY_H_
+#define _SSL_PKEY_H_
+
+#include "ssl_types.h"
+
+EVP_PKEY *d2i_PrivateKey(int type,
+                         EVP_PKEY **a,
+                         const unsigned char **pp,
+                         long length);
+
+#endif

components/openssl/include/internal/ssl_rsa.h

@@ -0,0 +1,14 @@
+#ifndef _SSL_RSA_H_
+#define _SSL_RSA_H_
+
+#include "ssl_lib.h"
+
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
+                                 const unsigned char *d);
+
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
+                                const unsigned char *d, long len);
+
+#endif

components/openssl/include/internal/ssl_types.h

@@ -0,0 +1,190 @@
+#ifndef _SSL_TYPES_H_
+#define _SSL_TYPES_H_
+
+#include "ssl_code.h"
+#include <stddef.h>
+
+typedef void SSL_CIPHER;
+
+typedef void X509_STORE_CTX;
+typedef void X509_NAME;
+typedef void X509_STORE;
+
+typedef void RSA;
+
+typedef void STACK;
+typedef void BIO;
+
+#define STACK_OF(x) x
+
+struct ssl_method_st;
+typedef struct ssl_method_st SSL_METHOD;
+
+struct ssl_method_func_st;
+typedef struct ssl_method_func_st SSL_METHOD_FUNC;
+
+struct record_layer_st;
+typedef struct record_layer_st RECORD_LAYER;
+
+struct ossl_statem_st;
+typedef struct ossl_statem_st OSSL_STATEM;
+
+struct ssl_session_st;
+typedef struct ssl_session_st SSL_SESSION;
+
+struct ssl_ctx_st;
+typedef struct ssl_ctx_st SSL_CTX;
+
+struct ssl_st;
+typedef struct ssl_st SSL;
+
+struct cert_st;
+typedef struct cert_st CERT;
+
+struct x509_st;
+typedef struct x509_st X509;
+
+struct evp_pkey_st;
+typedef struct evp_pkey_st EVP_PKEY;
+
+struct evp_pkey_st {
+
+    void *pkey_pm;
+};
+
+struct x509_st {
+
+    /* X509 certification platform private point */
+    void *x509_pm;
+};
+
+struct cert_st {
+
+    int sec_level;
+
+    X509 *x509;
+
+    EVP_PKEY *pkey;
+
+};
+
+struct ossl_statem_st {
+    MSG_FLOW_STATE state;
+
+    int hand_state;
+};
+
+struct record_layer_st {
+
+    int rstate;
+
+    int read_ahead;
+};
+
+struct ssl_session_st {
+
+    long timeout;
+
+    long time;
+};
+
+struct ssl_ctx_st
+{
+    int version;
+
+    int references;
+
+    unsigned long options;
+
+    #if 0
+        struct alpn_protocols alpn_protocol;
+    #endif
+
+    const SSL_METHOD *method;
+
+    CERT *cert;
+
+    X509 *client_CA;
+
+    int verify_mode;
+
+    long session_timeout;
+
+    int read_ahead;
+};
+
+struct ssl_st
+{
+    /* protocol version(one of SSL3.0, TLS1.0, etc.) */
+    int version;
+
+    unsigned long options;
+
+    /* shut things down(0x01 : sent, 0x02 : received) */
+    int shutdown;
+
+    CERT *cert;
+
+    SSL_CTX  *ctx;
+
+    const SSL_METHOD *method;
+
+    RECORD_LAYER rlayer;
+
+    /* where we are */
+    OSSL_STATEM statem;
+
+    SSL_SESSION session;
+
+    int rwstate;
+
+    int err;
+
+    void (*info_callback) (const SSL *ssl, int type, int val);
+
+    /* SSL low-level system arch point */
+    void *ssl_pm;
+};
+
+struct ssl_method_st {
+    /* protocol version(one of SSL3.0, TLS1.0, etc.) */
+    int version;
+
+    /* SSL mode(client(0) , server(1), not known(-1)) */
+    int endpoint;
+
+    const SSL_METHOD_FUNC *func;
+};
+
+struct ssl_method_func_st {
+
+    int (*ssl_new)(SSL *ssl);
+
+    void (*ssl_free)(SSL *ssl);
+
+    int (*ssl_handshake)(SSL *ssl);
+
+    int (*ssl_shutdown)(SSL *ssl);
+
+    int (*ssl_clear)(SSL *ssl);
+
+    int (*ssl_read)(SSL *ssl, void *buffer, int len);
+
+    int (*ssl_send)(SSL *ssl, const void *buffer, int len);
+
+    int (*ssl_pending)(const SSL *ssl);
+
+    void (*ssl_set_fd)(SSL *ssl, int fd, int mode);
+
+    int (*ssl_get_fd)(const SSL *ssl, int mode);
+
+    void (*ssl_set_bufflen)(SSL *ssl, int len);
+
+    OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl);
+};
+
+typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out,
+                             unsigned char *outlen, const unsigned char *in,
+                             unsigned int inlen, void *arg);
+
+#endif

components/openssl/include/internal/ssl_x509.h

@@ -0,0 +1,12 @@
+#ifndef _SSL_X509_H_
+#define _SSL_X509_H_
+
+#include "ssl_types.h"
+
+X509* sk_X509_NAME_new_null(void);
+
+X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len);
+
+void X509_free(X509 *cert);
+
+#endif

components/openssl/include/internal/tls1.h

@@ -0,0 +1,33 @@
+#ifndef _TLS1_H_
+#define _TLS1_H_
+
+# define TLS1_AD_DECRYPTION_FAILED       21
+# define TLS1_AD_RECORD_OVERFLOW         22
+# define TLS1_AD_UNKNOWN_CA              48/* fatal */
+# define TLS1_AD_ACCESS_DENIED           49/* fatal */
+# define TLS1_AD_DECODE_ERROR            50/* fatal */
+# define TLS1_AD_DECRYPT_ERROR           51
+# define TLS1_AD_EXPORT_RESTRICTION      60/* fatal */
+# define TLS1_AD_PROTOCOL_VERSION        70/* fatal */
+# define TLS1_AD_INSUFFICIENT_SECURITY   71/* fatal */
+# define TLS1_AD_INTERNAL_ERROR          80/* fatal */
+# define TLS1_AD_INAPPROPRIATE_FALLBACK  86/* fatal */
+# define TLS1_AD_USER_CANCELLED          90
+# define TLS1_AD_NO_RENEGOTIATION        100
+/* codes 110-114 are from RFC3546 */
+# define TLS1_AD_UNSUPPORTED_EXTENSION   110
+# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
+# define TLS1_AD_UNRECOGNIZED_NAME       112
+# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
+# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
+# define TLS1_AD_UNKNOWN_PSK_IDENTITY    115/* fatal */
+# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */
+
+/* Special value for method supporting multiple versions */
+#define TLS_ANY_VERSION                 0x10000
+
+#define TLS1_VERSION                    0x0301
+#define TLS1_1_VERSION                  0x0302
+#define TLS1_2_VERSION                  0x0303
+
+#endif

components/openssl/include/openssl/ssl.h

@@ -1,7 +1,7 @@
 #ifndef HEADER_SSL_H
 #define HEADER_SSL_H
 
-#include "ssl_types.h"
+#include "internal/ssl_types.h"
 
 /*
 {
@@ -186,6 +186,15 @@ const SSL_METHOD* SSLv3_client_method(void);
  */
 const SSL_METHOD* TLSv1_1_client_method(void);
 
+/*
+ * TLSv1_1_client_method - create the target SSL context client method
+ *
+ * @param none
+ *
+ * @return the TLSV1.2 version SSL context client method
+ */
+const SSL_METHOD* TLSv1_2_client_method(void);
+
 
 /*
  * SSLv23_server_method - create the target SSL context server method
@@ -205,6 +214,15 @@ const SSL_METHOD* SSLv23_server_method(void);
  */
 const SSL_METHOD* TLSv1_1_server_method(void);
 
+/*
+ * TLSv1_1_server_method - create the target SSL context server method
+ *
+ * @param none
+ *
+ * @return the TLSV1.2 version SSL context server method
+ */
+const SSL_METHOD* TLSv1_2_server_method(void);
+
 /*
  * TLSv1_server_method - create the target SSL context server method
  *
@@ -774,7 +792,7 @@ int SSL_get_wfd(const SSL *ssl);
  * SSL_set_read_ahead - set the SSL if we can read as many as data
  *
  * @param ssl - SSL point
- * @param yes - enbale the function
+ * @param yes - enable the function
  *
  * @return none
  */
@@ -813,7 +831,9 @@ long SSL_CTX_get_read_ahead(SSL_CTX *ctx);
  *
  * @param ssl - SSL point
  *
- * @return SSL context ahead signal
+ * @return
+ *         1 : there are bytes to be read
+ *         0 : no data
  */
 int SSL_has_pending(const SSL *ssl);
 
@@ -840,7 +860,7 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);//loads the certificate x int
  *         1 : OK
  *         0 : failed
  */
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
 
 /*
  * SSL_CTX_use_certificate_file - load the certification file into SSL context
@@ -879,7 +899,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
  *         1 : OK
  *         0 : failed
  */
-int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,  long len);//adds the private key of type pk stored at memory location d (length len) to ctx
+int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d,  long len);//adds the private key of type pk stored at memory location d (length len) to ctx
 
 /*
  * SSL_CTX_use_certificate_file - load the private key file into SSL context
@@ -1648,4 +1668,5 @@ const char *SSL_get_psk_identity_hint(SSL *ssl);
  */
 const char *SSL_get_psk_identity(SSL *ssl);
 
+
 #endif

components/openssl/include/platform/ssl_pm.h

@@ -0,0 +1,41 @@
+#ifndef _SSL_PM_H_
+#define _SSL_PM_H_
+
+#include "ssl_types.h"
+#include "esp_common.h"
+
+void* ssl_zalloc(size_t size);
+void *ssl_malloc(size_t size);
+void ssl_free(void *p);
+void* ssl_memcpy(void *to, const void *from, size_t size);
+
+int ssl_pm_new(SSL *ssl);
+void ssl_pm_free(SSL *ssl);
+
+int ssl_pm_handshake(SSL *ssl);
+int ssl_pm_shutdown(SSL *ssl);
+int ssl_pm_clear(SSL *ssl);
+
+int ssl_pm_read(SSL *ssl, void *buffer, int len);
+int ssl_pm_send(SSL *ssl, const void *buffer, int len);
+int ssl_pm_pending(const SSL *ssl);
+
+void ssl_pm_set_fd(SSL *ssl, int fd, int mode);
+int ssl_pm_get_fd(const SSL *ssl, int mode);
+
+OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl);
+
+void ssl_pm_set_bufflen(SSL *ssl, int len);
+
+void* x509_pm_new(void);
+void x509_pm_free(void *pm);
+int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len);
+void x509_pm_unload_crt(void *pm);
+void x509_pm_start_ca(void *ssl, void *pm);
+
+void* pkey_pm_new(void);
+void pkey_pm_free(void *pm);
+int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len);
+void pkey_pm_unload_crt(void *pm);
+
+#endif