--- /dev/null
+menu "OpenSSL"
+
+config OPENSSL_DEBUG
+ bool "Enable OpenSSL debugging"
+ default n
+ help
+ Enable OpenSSL debugging function.
+
+ If the option is enabled, "SSL_DEBUG" works.
+
+config OPENSSL_DEBUG_LEVEL
+ int "OpenSSL debugging level"
+ default 0
+ range 0 255
+ depends on OPENSSL_DEBUG
+ help
+ OpenSSL debugging level.
+
+ Only function whose debugging level is higher than "OPENSSL_DEBUG_LEVEL" works.
+
+ For example:
+ If OPENSSL_DEBUG_LEVEL = 2, you use function "SSL_DEBUG(1, "malloc failed")". Because 1 < 2, it will not print.
+
+config OPENSSL_LOWLEVEL_DEBUG
+ bool "Enable OpenSSL low-level module debugging"
+ default n
+ depends on OPENSSL_DEBUG
+ select MBEDTLS_DEBUG
+ help
+ If the option is enabled, low-level module debugging function of OpenSSL is enabled, e.g. mbedtls internal debugging function.
+
+choice OPENSSL_ASSERT
+ prompt "Select OpenSSL assert function"
+ default CONFIG_OPENSSL_ASSERT_EXIT
+ help
+ OpenSSL function needs "assert" function to check if input parameters are valid.
+
+ If you want to use assert debugging function, "OPENSSL_DEBUG" should be enabled.
+
+config OPENSSL_ASSERT_DO_NOTHING
+ bool "Do nothing"
+ help
+ Do nothing and "SSL_ASSERT" does not work.
+
+config OPENSSL_ASSERT_EXIT
+ bool "Check and exit"
+ help
+ Enable assert exiting, it will check and return error code.
+
+config OPENSSL_ASSERT_DEBUG
+ bool "Show debugging message"
+ depends on OPENSSL_DEBUG
+ help
+ Enable assert debugging, it will check and show debugging message.
+
+config OPENSSL_ASSERT_DEBUG_EXIT
+ bool "Show debugging message and exit"
+ depends on OPENSSL_DEBUG
+ help
+ Enable assert debugging and exiting, it will check, show debugging message and return error code.
+
+config OPENSSL_ASSERT_DEBUG_BLOCK
+ bool "Show debugging message and block"
+ depends on OPENSSL_DEBUG
+ help
+ Enable assert debugging and blocking, it will check, show debugging message and block by "while (1);".
+
+endchoice
+
+endmenu
extern "C" {
#endif
-#ifndef SSL_DEBUG_ENBALE
-#define SSL_DEBUG_ENBALE 0
-#endif
-
-#ifndef SSL_DEBUG_LEVEL
-#define SSL_DEBUG_LEVEL 0
-#endif
-
-#ifndef SSL_ASSERT_ENABLE
-#define SSL_ASSERT_ENABLE 0
+#ifdef CONFIG_OPENSSL_DEBUG_LEVEL
+ #define SSL_DEBUG_LEVEL CONFIG_OPENSSL_DEBUG_LEVEL
+#else
+ #define SSL_DEBUG_LEVEL 0
#endif
-#ifndef SSL_DEBUG_LOCATION_ENABLE
-#define SSL_DEBUG_LOCATION_ENABLE 0
-#endif
+#define SSL_DEBUG_ON (SSL_DEBUG_LEVEL + 1)
+#define SSL_DEBUG_OFF (SSL_DEBUG_LEVEL - 1)
-#if SSL_DEBUG_ENBALE
- #if !defined(SSL_PRINT_LOG) || !defined(SSL_ERROR_LOG) || !defined(SSL_LOCAL_LOG)
- #include "stdio.h"
- extern int printf(const char *fmt, ...);
- #ifndef SSL_PRINT_LOG
- #define SSL_PRINT_LOG printf
- #endif
- #ifndef SSL_ERROR_LOG
- #define SSL_ERROR_LOG printf
- #endif
- #ifndef SSL_LOCAL_LOG
- #define SSL_LOCAL_LOG printf
- #endif
- #endif
-#else
- #ifdef SSL_PRINT_LOG
- #undef SSL_PRINT_LOG
+#ifdef CONFIG_OPENSSL_DEBUG
+ #ifndef SSL_DEBUG_LOG
+ #error "SSL_DEBUG_LOG is not defined"
#endif
- #define SSL_PRINT_LOG(...)
-
- #ifdef SSL_ERROR_LOG
- #undef SSL_ERROR_LOG
- #endif
- #define SSL_ERROR_LOG(...)
- #ifdef SSL_LOCAL_LOG
- #undef SSL_LOCAL_LOG
+
+ #ifndef SSL_DEBUG_FL
+ #define SSL_DEBUG_FL "\n"
#endif
- #define SSL_LOCAL_LOG(...)
-#endif
-#if SSL_DEBUG_LOCATION_ENABLE
- #define SSL_DEBUG_LOCATION() SSL_LOCAL_LOG("%s %s line %d\n", __FILE__, __FUNCTION__, __LINE__)
+ #define SSL_SHOW_LOCATION() \
+ SSL_DEBUG_LOG("SSL assert : %s %d\n", \
+ __FILE__, __LINE__)
+
+ #define SSL_DEBUG(level, fmt, ...) \
+ { \
+ if (level > SSL_DEBUG_LEVEL) { \
+ SSL_DEBUG_LOG(fmt SSL_DEBUG_FL, ##__VA_ARGS__); \
+ } \
+ }
+#else /* CONFIG_OPENSSL_DEBUG */
+ #define SSL_SHOW_LOCATION()
+
+ #define SSL_DEBUG(level, fmt, ...)
+#endif /* CONFIG_OPENSSL_DEBUG */
+
+/**
+ * OpenSSL assert function
+ *
+ * if select "CONFIG_OPENSSL_ASSERT_DEBUG", SSL_ASSERT* will show error file name and line
+ * if select "CONFIG_OPENSSL_ASSERT_EXIT", SSL_ASSERT* will just return error code.
+ * if select "CONFIG_OPENSSL_ASSERT_DEBUG_EXIT" SSL_ASSERT* will show error file name and line,
+ * then return error code.
+ * if select "CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK", SSL_ASSERT* will show error file name and line,
+ * then block here with "while (1)"
+ *
+ * SSL_ASSERT1 may will return "-1", so function's return argument is integer.
+ * SSL_ASSERT2 may will return "NULL", so function's return argument is a point.
+ * SSL_ASSERT2 may will return nothing, so function's return argument is "void".
+ */
+#if defined(CONFIG_OPENSSL_ASSERT_DEBUG)
+ #define SSL_ASSERT1(s) \
+ { \
+ if (!(s)) { \
+ SSL_SHOW_LOCATION(); \
+ } \
+ }
+
+ #define SSL_ASSERT2(s) \
+ { \
+ if (!(s)) { \
+ SSL_SHOW_LOCATION(); \
+ } \
+ }
+
+ #define SSL_ASSERT3(s) \
+ { \
+ if (!(s)) { \
+ SSL_SHOW_LOCATION(); \
+ } \
+ }
+#elif defined(CONFIG_OPENSSL_ASSERT_EXIT)
+ #define SSL_ASSERT1(s) \
+ { \
+ if (!(s)) { \
+ return -1; \
+ } \
+ }
+
+ #define SSL_ASSERT2(s) \
+ { \
+ if (!(s)) { \
+ return NULL; \
+ } \
+ }
+
+ #define SSL_ASSERT3(s) \
+ { \
+ if (!(s)) { \
+ return ; \
+ } \
+ }
+#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_EXIT)
+ #define SSL_ASSERT1(s) \
+ { \
+ if (!(s)) { \
+ SSL_SHOW_LOCATION(); \
+ return -1; \
+ } \
+ }
+
+ #define SSL_ASSERT2(s) \
+ { \
+ if (!(s)) { \
+ SSL_SHOW_LOCATION(); \
+ return NULL; \
+ } \
+ }
+
+ #define SSL_ASSERT3(s) \
+ { \
+ if (!(s)) { \
+ SSL_SHOW_LOCATION(); \
+ return ; \
+ } \
+ }
+#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK)
+ #define SSL_ASSERT1(s) \
+ { \
+ if (!(s)) { \
+ SSL_SHOW_LOCATION(); \
+ while (1); \
+ } \
+ }
+
+ #define SSL_ASSERT2(s) \
+ { \
+ if (!(s)) { \
+ SSL_SHOW_LOCATION(); \
+ while (1); \
+ } \
+ }
+
+ #define SSL_ASSERT3(s) \
+ { \
+ if (!(s)) { \
+ SSL_SHOW_LOCATION(); \
+ while (1); \
+ } \
+ }
#else
- #define SSL_DEBUG_LOCATION()
+ #define SSL_ASSERT1(s)
+ #define SSL_ASSERT2(s)
+ #define SSL_ASSERT3(s)
#endif
-#if SSL_ASSERT_ENABLE
- #define SSL_ASSERT(s) { if (!(s)) { SSL_DEBUG_LOCATION(); } }
-#else
- #define SSL_ASSERT(s)
-#endif
+#define SSL_PLATFORM_DEBUG_LEVEL SSL_DEBUG_OFF
+#define SSL_PLATFORM_ERROR_LEVEL SSL_DEBUG_ON
+
+#define SSL_CERT_DEBUG_LEVEL SSL_DEBUG_OFF
+#define SSL_CERT_ERROR_LEVEL SSL_DEBUG_ON
+
+#define SSL_PKEY_DEBUG_LEVEL SSL_DEBUG_OFF
+#define SSL_PKEY_ERROR_LEVEL SSL_DEBUG_ON
-#define SSL_ERR(err, go, fmt, ...) { SSL_DEBUG_LOCATION(); SSL_ERROR_LOG(fmt, ##__VA_ARGS__); ret = err; goto go; }
+#define SSL_X509_DEBUG_LEVEL SSL_DEBUG_OFF
+#define SSL_X509_ERROR_LEVEL SSL_DEBUG_ON
-#define SSL_RET(go, fmt, ...) { SSL_DEBUG_LOCATION(); SSL_ERROR_LOG(fmt, ##__VA_ARGS__); goto go; }
+#define SSL_LIB_DEBUG_LEVEL SSL_DEBUG_OFF
+#define SSL_LIB_ERROR_LEVEL SSL_DEBUG_ON
-#define SSL_DEBUG(level, fmt, ...) { if (level > SSL_DEBUG_LEVEL) {SSL_PRINT_LOG(fmt, ##__VA_ARGS__);} }
+#define SSL_STACK_DEBUG_LEVEL SSL_DEBUG_OFF
+#define SSL_STACK_ERROR_LEVEL SSL_DEBUG_ON
#ifdef __cplusplus
-}
+ }
#endif
#endif
#ifndef _SSL_OPT_H_
#define _SSL_OPT_H_
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/**
- * if not define "ESP32_IDF_PLATFORM", system will use esp8266 platform interface
- */
-#define ESP32_IDF_PLATFORM
-
-/**
- * openssl debug print function enable
- */
-#define SSL_DEBUG_ENBALE 0
-
-/**
- * openssl debug print function level. function whose level is lower that "SSL_DEBUG_LEVEL"
- * will not print message
- */
-#define SSL_DEBUG_LEVEL 0
-
-/**
- * openssl assert function enable, it will check the input paramter and print the message
- */
-#define SSL_ASSERT_ENABLE 0
-
-/**
- * openssl location function enable, it will print location of the positioning error
- */
-#define SSL_DEBUG_LOCATION_ENABLE 0
+#include "sdkconfig.h"
#endif
extern "C" {
#endif
+#include <string.h>
#include "ssl_types.h"
#include "ssl_port.h"
long ssl_pm_get_verify_result(const SSL *ssl);
+#ifdef __cplusplus
+ }
+#endif
+
#endif
extern "C" {
#endif
-#include "platform/ssl_opt.h"
-
-#ifdef ESP32_IDF_PLATFORM
-
#include "esp_types.h"
#include "esp_log.h"
+#include "string.h"
+#include "malloc.h"
void *ssl_mem_zalloc(size_t size);
-void *ssl_mem_malloc(size_t size);
-void ssl_mem_free(void *p);
-void* ssl_memcpy(void *to, const void *from, size_t size);
-size_t ssl_strlen(const char *src);
+#define ssl_mem_malloc malloc
+#define ssl_mem_free free
-void ssl_speed_up_enter(void);
-void ssl_speed_up_exit(void);
+#define ssl_memcpy memcpy
+#define ssl_strlen strlen
-#define SSL_PRINT_LOG(fmt, ...) ESP_LOGD("openssl", fmt, ##__VA_ARGS__)
-#define SSL_ERROR_LOG(fmt, ...) ESP_LOGE("openssl", fmt, ##__VA_ARGS__)
-#define SSL_LOCAL_LOG(fmt, ...) ESP_LOGD("openssl", fmt, ##__VA_ARGS__)
+#define ssl_speed_up_enter()
+#define ssl_speed_up_exit()
-#elif defined(SSL_PLATFORM_USER_INCLUDE)
-
-SSL_PLATFORM_USER_INCLUDE
+#define SSL_DEBUG_FL
+#define SSL_DEBUG_LOG(fmt, ...) ESP_LOGI("openssl", fmt, ##__VA_ARGS__)
+#ifdef __cplusplus
+ }
#endif
#endif
EVP_PKEY *ipk;
cert = ssl_mem_zalloc(sizeof(CERT));
- if (!cert)
- SSL_RET(failed1, "ssl_mem_zalloc\n");
+ if (!cert) {
+ SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "no enough memory > (cert)");
+ goto no_mem;
+ }
if (ic) {
ipk = ic->pkey;
}
cert->pkey = __EVP_PKEY_new(ipk);
- if (!cert->pkey)
- SSL_RET(failed2, "__EVP_PKEY_new\n");
+ if (!cert->pkey) {
+ SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__EVP_PKEY_new() return NULL");
+ goto pkey_err;
+ }
cert->x509 = __X509_new(ix);
- if (!cert->x509)
- SSL_RET(failed3, "__X509_new\n");
+ if (!cert->x509) {
+ SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__X509_new() return NULL");
+ goto x509_err;
+ }
return cert;
-failed3:
+x509_err:
EVP_PKEY_free(cert->pkey);
-failed2:
+pkey_err:
ssl_mem_free(cert);
-failed1:
+no_mem:
return NULL;
}
*/
void ssl_cert_free(CERT *cert)
{
+ SSL_ASSERT3(cert);
+
X509_free(cert->x509);
EVP_PKEY_free(cert->pkey);
#define SSL_SEND_DATA_MAX_LENGTH 1460
+/**
+ * @brief create a new SSL session object
+ */
+static SSL_SESSION* SSL_SESSION_new(void)
+{
+ SSL_SESSION *session;
+
+ session = ssl_mem_zalloc(sizeof(SSL_SESSION));
+ if (!session) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (session)");
+ goto failed1;
+ }
+
+ session->peer = X509_new();
+ if (!session->peer) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL");
+ goto failed2;
+ }
+
+ return session;
+
+failed2:
+ ssl_mem_free(session);
+failed1:
+ return NULL;
+}
+
+/**
+ * @brief free a new SSL session object
+ */
+static void SSL_SESSION_free(SSL_SESSION *session)
+{
+ X509_free(session->peer);
+ ssl_mem_free(session);
+}
+
/**
* @brief Discover whether the current connection is in the error state
*/
int ossl_statem_in_error(const SSL *ssl)
{
+ SSL_ASSERT1(ssl);
+
if (ssl->statem.state == MSG_FLOW_ERROR)
return 1;
*/
int SSL_want(const SSL *ssl)
{
+ SSL_ASSERT1(ssl);
+
return ssl->rwstate;
}
*/
int SSL_want_nothing(const SSL *ssl)
{
+ SSL_ASSERT1(ssl);
+
return (SSL_want(ssl) == SSL_NOTHING);
}
*/
int SSL_want_read(const SSL *ssl)
{
+ SSL_ASSERT1(ssl);
+
return (SSL_want(ssl) == SSL_READING);
}
*/
int SSL_want_write(const SSL *ssl)
{
+ SSL_ASSERT1(ssl);
+
return (SSL_want(ssl) == SSL_WRITING);
}
*/
int SSL_want_x509_lookup(const SSL *ssl)
{
+ SSL_ASSERT1(ssl);
+
return (SSL_want(ssl) == SSL_WRITING);
}
{
int ret = SSL_ERROR_SYSCALL;
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
if (ret_code > 0)
ret = SSL_ERROR_NONE;
{
OSSL_HANDSHAKE_STATE state;
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
state = SSL_METHOD_CALL(get_state, ssl);
return state;
}
-/**
- * @brief create a new SSL session object
- */
-SSL_SESSION* SSL_SESSION_new(void)
-{
- SSL_SESSION *session;
-
- session = ssl_mem_zalloc(sizeof(SSL_SESSION));
- if (!session)
- SSL_RET(failed1, "ssl_mem_zalloc\n");
-
- session->peer = X509_new();
- if (!session->peer)
- SSL_RET(failed2, "X509_new\n");
-
- return session;
-
-failed2:
- ssl_mem_free(session);
-failed1:
- return NULL;
-}
-
-/**
- * @brief free a new SSL session object
- */
-void SSL_SESSION_free(SSL_SESSION *session)
-{
- X509_free(session->peer);
- ssl_mem_free(session);
-}
-
/**
* @brief create a SSL context
*/
CERT *cert;
X509 *client_ca;
- if (!method) SSL_RET(go_failed1, "method:NULL\n");
+ if (!method) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no no_method");
+ return NULL;
+ }
client_ca = X509_new();
- if (!client_ca)
- SSL_RET(go_failed1, "X509_new\n");
+ if (!client_ca) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL");
+ goto failed1;
+ }
cert = ssl_cert_new();
- if (!cert)
- SSL_RET(go_failed2, "ssl_cert_new\n");
+ if (!cert) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "ssl_cert_new() return NULL");
+ goto failed2;
+ }
ctx = (SSL_CTX *)ssl_mem_zalloc(sizeof(SSL_CTX));
- if (!ctx)
- SSL_RET(go_failed3, "ssl_mem_zalloc:ctx\n");
+ if (!ctx) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ctx)");
+ goto failed3;
+ }
ctx->method = method;
ctx->client_CA = client_ca;
return ctx;
-go_failed3:
+failed3:
ssl_cert_free(cert);
-go_failed2:
+failed2:
X509_free(client_ca);
-go_failed1:
+failed1:
return NULL;
}
*/
void SSL_CTX_free(SSL_CTX* ctx)
{
- SSL_ASSERT(ctx);
+ SSL_ASSERT3(ctx);
ssl_cert_free(ctx->cert);
*/
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
{
- SSL_ASSERT(ctx);
- SSL_ASSERT(meth);
+ SSL_ASSERT1(ctx);
+ SSL_ASSERT1(meth);
ctx->method = meth;
*/
const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
{
- SSL_ASSERT(ctx);
+ SSL_ASSERT2(ctx);
return ctx->method;
}
int ret = 0;
SSL *ssl;
- if (!ctx)
- SSL_RET(failed1, "ctx:NULL\n");
+ if (!ctx) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no ctx");
+ return NULL;
+ }
ssl = (SSL *)ssl_mem_zalloc(sizeof(SSL));
- if (!ssl)
- SSL_RET(failed1, "ssl_mem_zalloc\n");
+ if (!ssl) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ssl)");
+ goto failed1;
+ }
ssl->session = SSL_SESSION_new();
- if (!ssl->session)
- SSL_RET(failed2, "SSL_SESSION_new\n");
+ if (!ssl->session) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_SESSION_new() return NULL");
+ goto failed2;
+ }
ssl->cert = __ssl_cert_new(ctx->cert);
- if (!ssl->cert)
- SSL_RET(failed3, "__ssl_cert_new\n");
+ if (!ssl->cert) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__ssl_cert_new() return NULL");
+ goto failed3;
+ }
ssl->client_CA = __X509_new(ctx->client_CA);
- if (!ssl->client_CA)
- SSL_RET(failed4, "__X509_new\n");
+ if (!ssl->client_CA) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__X509_new() return NULL");
+ goto failed4;
+ }
ssl->ctx = ctx;
ssl->method = ctx->method;
ssl->verify_mode = ctx->verify_mode;
ret = SSL_METHOD_CALL(new, ssl);
- if (ret)
- SSL_RET(failed5, "ssl_new\n");
+ if (ret) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
+ goto failed5;
+ }
ssl->rwstate = SSL_NOTHING;
*/
void SSL_free(SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT3(ssl);
SSL_METHOD_CALL(free, ssl);
{
int ret;
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(handshake, ssl);
*/
int SSL_connect(SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
return SSL_do_handshake(ssl);
}
*/
int SSL_accept(SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
return SSL_do_handshake(ssl);
}
{
int ret;
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
if (SSL_get_state(ssl) != TLS_ST_OK) return 1;
{
int ret;
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
ret = SSL_shutdown(ssl);
- if (1 != ret)
- SSL_ERR(0, go_failed1, "SSL_shutdown\n");
+ if (1 != ret) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret);
+ goto failed1;
+ }
SSL_METHOD_CALL(free, ssl);
ret = SSL_METHOD_CALL(new, ssl);
- if (!ret)
- SSL_ERR(0, go_failed1, "ssl_new\n");
+ if (!ret) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
+ goto failed1;
+ }
return 1;
-go_failed1:
+failed1:
return ret;
}
{
int ret;
- SSL_ASSERT(ssl);
- SSL_ASSERT(buffer);
- SSL_ASSERT(len);
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(buffer);
+ SSL_ASSERT1(len);
ssl->rwstate = SSL_READING;
int send_bytes;
const unsigned char *pbuf;
- SSL_ASSERT(ssl);
- SSL_ASSERT(buffer);
- SSL_ASSERT(len);
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(buffer);
+ SSL_ASSERT1(len);
ssl->rwstate = SSL_WRITING;
*/
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT2(ssl);
return ssl->ctx;
}
*/
const SSL_METHOD *SSL_get_ssl_method(SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT2(ssl);
return ssl->method;
}
{
int ret;
- SSL_ASSERT(ssl);
- SSL_ASSERT(method);
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(method);
if (ssl->version != method->version) {
ret = SSL_shutdown(ssl);
- if (1 != ret)
- SSL_ERR(0, go_failed1, "SSL_shutdown\n");
+ if (1 != ret) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret);
+ goto failed1;
+ }
SSL_METHOD_CALL(free, ssl);
ssl->method = method;
ret = SSL_METHOD_CALL(new, ssl);
- if (!ret)
- SSL_ERR(0, go_failed1, "ssl_new\n");
+ if (!ret) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
+ goto failed1;
+ }
} else {
ssl->method = method;
}
return 1;
-go_failed1:
+failed1:
return ret;
}
*/
int SSL_get_shutdown(const SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
return ssl->shutdown;
}
*/
void SSL_set_shutdown(SSL *ssl, int mode)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT3(ssl);
ssl->shutdown = mode;
}
{
int ret;
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(pending, ssl);
{
int ret;
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
if (SSL_pending(ssl))
ret = 1;
*/
unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
{
+ SSL_ASSERT1(ctx);
+
return ctx->options &= ~op;
}
*/
unsigned long SSL_CTX_get_options(SSL_CTX *ctx)
{
+ SSL_ASSERT1(ctx);
+
return ctx->options;
}
*/
unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt)
{
+ SSL_ASSERT1(ctx);
+
return ctx->options |= opt;
}
*/
unsigned long SSL_clear_options(SSL *ssl, unsigned long op)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
return ssl->options & ~op;
}
*/
unsigned long SSL_get_options(SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
return ssl->options;
}
*/
unsigned long SSL_set_options(SSL *ssl, unsigned long op)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
return ssl->options |= op;
}
{
int ret;
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(get_fd, ssl, 0);
{
int ret;
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(get_fd, ssl, 0);
{
int ret;
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
ret = SSL_METHOD_CALL(get_fd, ssl, 0);
*/
int SSL_set_fd(SSL *ssl, int fd)
{
- SSL_ASSERT(ssl);
- SSL_ASSERT(fd >= 0);
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(fd >= 0);
SSL_METHOD_CALL(set_fd, ssl, fd, 0);
*/
int SSL_set_rfd(SSL *ssl, int fd)
{
- SSL_ASSERT(ssl);
- SSL_ASSERT(fd >= 0);
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(fd >= 0);
SSL_METHOD_CALL(set_fd, ssl, fd, 0);
*/
int SSL_set_wfd(SSL *ssl, int fd)
{
- SSL_ASSERT(ssl);
- SSL_ASSERT(fd >= 0);
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(fd >= 0);
SSL_METHOD_CALL(set_fd, ssl, fd, 0);
*/
int SSL_version(const SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
return ssl->version;
}
*/
const char *SSL_get_version(const SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT2(ssl);
return ssl_protocol_to_string(SSL_version(ssl));
}
{
const char *str;
- SSL_ASSERT(ssl);
+ SSL_ASSERT2(ssl);
switch (ssl->rlayer.rstate)
{
{
const char *str = "unknown";
- SSL_ASSERT(ssl);
+ SSL_ASSERT2(ssl);
switch (ssl->rlayer.rstate)
{
{
char *str = "UNKWN ";
- SSL_ASSERT(ssl);
+ SSL_ASSERT2(ssl);
if (ossl_statem_in_error(ssl))
str = "SSLERR";
{
char *str = "UNKWN ";
- SSL_ASSERT(ssl);
+ SSL_ASSERT2(ssl);
if (ossl_statem_in_error(ssl))
str = "SSLERR";
*/
void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
{
- SSL_ASSERT(ctx);
- SSL_ASSERT(len);
+ SSL_ASSERT3(ctx);
ctx->read_buffer_len = len;
}
*/
void SSL_set_default_read_buffer_len(SSL *ssl, size_t len)
{
- SSL_ASSERT(ssl);
- SSL_ASSERT(len);
+ SSL_ASSERT3(ssl);
+ SSL_ASSERT3(len);
SSL_METHOD_CALL(set_bufflen, ssl, len);
}
*/
void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val))
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT3(ssl);
ssl->info_callback = cb;
}
*/
int SSL_CTX_up_ref(SSL_CTX *ctx)
{
- SSL_ASSERT(ctx);
+ SSL_ASSERT1(ctx);
/**
* no support multi-thread SSL here
*/
void SSL_set_security_level(SSL *ssl, int level)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT3(ssl);
ssl->cert->sec_level = level;
}
*/
int SSL_get_security_level(const SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
return ssl->cert->sec_level;
}
*/
int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
{
- SSL_ASSERT(ctx);
+ SSL_ASSERT1(ctx);
return ctx->verify_mode;
}
{
long l;
- SSL_ASSERT(ctx);
+ SSL_ASSERT1(ctx);
l = ctx->session_timeout;
ctx->session_timeout = t;
*/
long SSL_CTX_get_timeout(const SSL_CTX *ctx)
{
- SSL_ASSERT(ctx);
+ SSL_ASSERT1(ctx);
return ctx->session_timeout;
}
*/
void SSL_set_read_ahead(SSL *ssl, int yes)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT3(ssl);
ssl->rlayer.read_ahead = yes;
}
*/
void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes)
{
- SSL_ASSERT(ctx);
+ SSL_ASSERT3(ctx);
ctx->read_ahead = yes;
}
*/
int SSL_get_read_ahead(const SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
return ssl->rlayer.read_ahead;
}
*/
long SSL_CTX_get_read_ahead(SSL_CTX *ctx)
{
- SSL_ASSERT(ctx);
+ SSL_ASSERT1(ctx);
return ctx->read_ahead;
}
*/
long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx)
{
- SSL_ASSERT(ctx);
+ SSL_ASSERT1(ctx);
return ctx->read_ahead;
}
*/
long SSL_set_time(SSL *ssl, long t)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
ssl->session->time = t;
*/
long SSL_set_timeout(SSL *ssl, long t)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
ssl->session->timeout = t;
*/
long SSL_get_verify_result(const SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
return SSL_METHOD_CALL(get_verify_result, ssl);
}
*/
int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
{
- SSL_ASSERT(ctx);
+ SSL_ASSERT1(ctx);
return ctx->param.depth;
}
*/
void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
{
- SSL_ASSERT(ctx);
+ SSL_ASSERT3(ctx);
ctx->param.depth = depth;
}
*/
int SSL_get_verify_depth(const SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT1(ssl);
return ssl->param.depth;
}
*/
void SSL_set_verify_depth(SSL *ssl, int depth)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT3(ssl);
ssl->param.depth = depth;
}
*/
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *))
{
- SSL_ASSERT(ctx);
+ SSL_ASSERT3(ctx);
ctx->verify_mode = mode;
ctx->default_verify_callback = verify_callback;
*/
void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *))
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT3(ssl);
ssl->verify_mode = mode;
ssl->verify_callback = verify_callback;
EVP_PKEY *pkey;
pkey = ssl_mem_zalloc(sizeof(EVP_PKEY));
- if (!pkey)
- SSL_RET(failed1, "ssl_mem_zalloc\n");
+ if (!pkey) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "no enough memory > (pkey)");
+ goto no_mem;
+ }
if (ipk) {
pkey->method = ipk->method;
}
ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk);
- if (ret)
- SSL_RET(failed2, "EVP_PKEY_METHOD_CALL\n");
+ if (ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(new) return %d", ret);
+ goto failed;
+ }
return pkey;
-failed2:
+failed:
ssl_mem_free(pkey);
-failed1:
+no_mem:
return NULL;
}
*/
void EVP_PKEY_free(EVP_PKEY *pkey)
{
+ SSL_ASSERT3(pkey);
+
EVP_PKEY_METHOD_CALL(free, pkey);
ssl_mem_free(pkey);
int ret;
EVP_PKEY *pkey;
- SSL_ASSERT(pp);
- SSL_ASSERT(*pp);
- SSL_ASSERT(length);
+ SSL_ASSERT2(pp);
+ SSL_ASSERT2(*pp);
+ SSL_ASSERT2(length);
if (a && *a) {
pkey = *a;
} else {
pkey = EVP_PKEY_new();;
- if (!pkey)
- SSL_RET(failed1, "EVP_PKEY_new\n");
+ if (!pkey) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
+ goto failed1;
+ }
+
m = 1;
}
ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length);
- if (ret)
- SSL_RET(failed2, "EVP_PKEY_METHOD_CALL\n");
+ if (ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
+ goto failed2;
+ }
if (a)
*a = pkey;
*/
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
- SSL_ASSERT(ctx);
- SSL_ASSERT(pkey);
+ SSL_ASSERT1(ctx);
+ SSL_ASSERT1(pkey);
if (ctx->cert->pkey == pkey)
return 1;
*/
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
{
- SSL_ASSERT(ssl);
- SSL_ASSERT(pkey);
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(pkey);
if (ssl->cert->pkey == pkey)
return 1;
EVP_PKEY *pk;
pk = d2i_PrivateKey(0, NULL, &d, len);
- if (!pk)
- SSL_RET(failed1, "d2i_PrivateKey\n");
+ if (!pk) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
+ goto failed1;
+ }
ret = SSL_CTX_use_PrivateKey(ctx, pk);
- if (!ret)
- SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n");
+ if (!ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_PrivateKey() return %d", ret);
+ goto failed2;
+ }
return 1;
EVP_PKEY *pk;
pk = d2i_PrivateKey(0, NULL, &d, len);
- if (!pk)
- SSL_RET(failed1, "d2i_PrivateKey\n");
+ if (!pk) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
+ goto failed1;
+ }
ret = SSL_use_PrivateKey(ssl, pk);
- if (!ret)
- SSL_RET(failed2, "SSL_use_PrivateKey\n");
+ if (!ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_PrivateKey() return %d", ret);
+ goto failed2;
+ }
return 1;
char **data;
stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK));
- if (!stack)
- SSL_RET(failed1, "ssl_mem_zalloc\n");
+ if (!stack) {
+ SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (stack)");
+ goto no_mem1;
+ }
data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES);
- if (!data)
- SSL_RET(failed2, "ssl_mem_zalloc\n");
+ if (!data) {
+ SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (data)");
+ goto no_mem2;
+ }
stack->data = data;
stack->num_alloc = MIN_NODES;
return stack;
-failed2:
+no_mem2:
ssl_mem_free(stack);
-failed1:
+no_mem1:
return NULL;
}
*/
void OPENSSL_sk_free(OPENSSL_STACK *stack)
{
- SSL_ASSERT(stack);
+ SSL_ASSERT3(stack);
ssl_mem_free(stack->data);
ssl_mem_free(stack);
X509 *x;
x = ssl_mem_zalloc(sizeof(X509));
- if (!x)
- SSL_RET(failed1, "ssl_mem_zalloc\n");
+ if (!x) {
+ SSL_DEBUG(SSL_X509_ERROR_LEVEL, "no enough memory > (x)");
+ goto no_mem;
+ }
if (ix)
x->method = ix->method;
x->method = X509_method();
ret = X509_METHOD_CALL(new, x, ix);
- if (ret)
- SSL_RET(failed2, "x509_new\n");
+ if (ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(new) return %d", ret);
+ goto failed;
+ }
return x;
-failed2:
+failed:
ssl_mem_free(x);
-failed1:
+no_mem:
return NULL;
}
*/
void X509_free(X509 *x)
{
+ SSL_ASSERT3(x);
+
X509_METHOD_CALL(free, x);
ssl_mem_free(x);
int ret;
X509 *x;
- SSL_ASSERT(buffer);
- SSL_ASSERT(len);
+ SSL_ASSERT2(buffer);
+ SSL_ASSERT2(len);
if (cert && *cert) {
x = *cert;
} else {
x = X509_new();
- if (!x)
- SSL_RET(failed1, "X509_new\n");
+ if (!x) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
+ goto failed1;
+ }
m = 1;
}
ret = X509_METHOD_CALL(load, x, buffer, len);
- if (ret)
- SSL_RET(failed2, "x509_load\n");
+ if (ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
+ goto failed2;
+ }
return x;
*/
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
{
- SSL_ASSERT(ctx);
- SSL_ASSERT(x);
+ SSL_ASSERT1(ctx);
+ SSL_ASSERT1(x);
if (ctx->client_CA == x)
return 1;
*/
int SSL_add_client_CA(SSL *ssl, X509 *x)
{
- SSL_ASSERT(ssl);
- SSL_ASSERT(x);
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(x);
if (ssl->client_CA == x)
return 1;
*/
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
{
- SSL_ASSERT(ctx);
- SSL_ASSERT(x);
+ SSL_ASSERT1(ctx);
+ SSL_ASSERT1(x);
if (ctx->cert->x509 == x)
return 1;
*/
int SSL_use_certificate(SSL *ssl, X509 *x)
{
- SSL_ASSERT(ssl);
- SSL_ASSERT(x);
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(x);
if (ssl->cert->x509 == x)
return 1;
*/
X509 *SSL_get_certificate(const SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT2(ssl);
return ssl->cert->x509;
}
X509 *x;
x = d2i_X509(NULL, d, len);
- if (!x)
- SSL_RET(failed1, "d2i_X509\n");
+ if (!x) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
+ goto failed1;
+ }
ret = SSL_CTX_use_certificate(ctx, x);
- if (!ret)
- SSL_RET(failed2, "SSL_CTX_use_certificate\n");
+ if (!ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_certificate() return %d", ret);
+ goto failed2;
+ }
return 1;
X509 *x;
x = d2i_X509(NULL, d, len);
- if (!x)
- SSL_RET(failed1, "d2i_X509\n");
+ if (!x) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
+ goto failed1;
+ }
ret = SSL_use_certificate(ssl, x);
- if (!ret)
- SSL_RET(failed2, "SSL_use_certificate\n");
+ if (!ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_certificate() return %d", ret);
+ goto failed2;
+ }
return 1;
*/
X509 *SSL_get_peer_certificate(const SSL *ssl)
{
- SSL_ASSERT(ssl);
+ SSL_ASSERT2(ssl);
return ssl->session->peer;
}
#include "mbedtls/error.h"
#include "mbedtls/certs.h"
-#if 0
- #define DEBUG_LOAD_BUF_STRING(str) SSL_DEBUG(1, "%s\n", str)
-#else
- #define DEBUG_LOAD_BUF_STRING(str)
-#endif
-
-#define X509_INFO_STRING_LENGTH 1024
+#define X509_INFO_STRING_LENGTH 8192
struct ssl_pm
{
mbedtls_pk_context *ex_pkey;
};
-
unsigned int max_content_len;
-
/*********************************************************************************************/
/************************************ SSL arch interface *************************************/
+#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
+
+/* mbedtls debug level */
+#define MBEDTLS_DEBUG_LEVEL 4
+
+/**
+ * @brief mbedtls debug function
+ */
+static void ssl_platform_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
+{
+ /* Shorten 'file' from the whole file path to just the filename
+
+ This is a bit wasteful because the macros are compiled in with
+ the full _FILE_ path in each case.
+ */
+ char *file_sep = rindex(file, '/');
+ if(file_sep)
+ file = file_sep + 1;
+
+ SSL_DEBUG(SSL_DEBUG_ON, "%s:%d %s", file, line, str);
+}
+#endif
+
/**
* @brief create SSL low-level object
*/
const SSL_METHOD *method = ssl->method;
ssl_pm = ssl_mem_zalloc(sizeof(struct ssl_pm));
- if (!ssl_pm)
- SSL_ERR(ret, failed1, "ssl_mem_zalloc\n");
+ if (!ssl_pm) {
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (ssl_pm)");
+ goto no_mem;
+ }
max_content_len = ssl->ctx->read_buffer_len;
-
+
mbedtls_net_init(&ssl_pm->fd);
mbedtls_net_init(&ssl_pm->cl_fd);
mbedtls_ssl_init(&ssl_pm->ssl);
ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len);
- if (ret)
- SSL_ERR(ret, failed2, "mbedtls_ctr_drbg_seed:[-0x%x]\n", -ret);
+ if (ret) {
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ctr_drbg_seed() return -0x%x", -ret);
+ goto mbedtls_err1;
+ }
if (method->endpoint) {
endpoint = MBEDTLS_SSL_IS_SERVER;
endpoint = MBEDTLS_SSL_IS_CLIENT;
}
ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
- if (ret)
- SSL_ERR(ret, failed2, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret);
+ if (ret) {
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_config_defaults() return -0x%x", -ret);
+ goto mbedtls_err2;
+ }
if (TLS_ANY_VERSION != ssl->version) {
if (TLS1_2_VERSION == ssl->version)
mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg);
+#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
+ mbedtls_debug_set_threshold(MBEDTLS_DEBUG_LEVEL);
+ mbedtls_ssl_conf_dbg(&ssl_pm->conf, ssl_platform_debug, NULL);
+#else
mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL);
+#endif
ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf);
- if (ret)
- SSL_ERR(ret, failed3, "mbedtls_ssl_setup:[-0x%x]\n", -ret);
+ if (ret) {
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_setup() return -0x%x", -ret);
+ goto mbedtls_err2;
+ }
mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL);
return 0;
-failed3:
+mbedtls_err2:
mbedtls_ssl_config_free(&ssl_pm->conf);
mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
-failed2:
+mbedtls_err1:
mbedtls_entropy_free(&ssl_pm->entropy);
ssl_mem_free(ssl_pm);
-failed1:
+no_mem:
return -1;
}
{
int ret = 0;
- if (ssl == NULL || ssl->conf == NULL)
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
-
while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER)
{
ret = mbedtls_ssl_handshake_step(ssl);
-
- SSL_DEBUG(1, "ssl ret %d state %d heap %d\n",
- ret, ssl->state, system_get_free_heap_size());
-
+
+ SSL_DEBUG(SSL_PLATFORM_DEBUG_LEVEL, "ssl ret %d state %d", ret, ssl->state);
+
if (ret != 0)
break;
}
if (mbed_ret)
return 0;
- SSL_DEBUG(1, "ssl_speed_up_enter ");
ssl_speed_up_enter();
- SSL_DEBUG(1, "OK\n");
-
+
while((mbed_ret = mbedtls_handshake(&ssl_pm->ssl)) != 0) {
if (mbed_ret != MBEDTLS_ERR_SSL_WANT_READ && mbed_ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
break;
}
}
-
- SSL_DEBUG(1, "ssl_speed_up_exit ");
+
ssl_speed_up_exit();
- SSL_DEBUG(1, "OK\n");
if (!mbed_ret) {
struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm;
x509_pm->ex_crt = (mbedtls_x509_crt *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl);
} else {
ret = 0;
- SSL_DEBUG(1, "mbedtls_ssl_handshake [-0x%x]\n", -mbed_ret);
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_handshake() return -0x%x", -mbed_ret);
}
return ret;
return -1;
buf = ssl_mem_malloc(X509_INFO_STRING_LENGTH);
- if (!buf)
- SSL_RET(failed1, "");
+ if (!buf) {
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (buf)");
+ goto no_mem;
+ }
ret = mbedtls_x509_crt_info(buf, X509_INFO_STRING_LENGTH - 1, "", x509_crt);
- if (ret <= 0)
- SSL_RET(failed2, "");
+ if (ret <= 0) {
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_info() return -0x%x", -ret);
+ goto mbedtls_err1;
+ }
+
buf[ret] = 0;
ssl_mem_free(buf);
- SSL_DEBUG(1, "%s", buf);
+ SSL_DEBUG(SSL_DEBUG_ON, "%s", buf);
return 0;
-failed2:
+mbedtls_err1:
ssl_mem_free(buf);
-failed1:
+no_mem:
return -1;
}
struct x509_pm *x509_pm;
x509_pm = ssl_mem_zalloc(sizeof(struct x509_pm));
- if (!x509_pm)
- SSL_RET(failed1, "ssl_mem_zalloc\n");
+ if (!x509_pm) {
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm)");
+ goto failed1;
+ }
x->x509_pm = x509_pm;
if (!x509_pm->x509_crt) {
x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt));
- if (!x509_pm->x509_crt)
- SSL_RET(failed1, "ssl_mem_malloc\n");
+ if (!x509_pm->x509_crt) {
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm->x509_crt)");
+ goto no_mem;
+ }
}
load_buf = ssl_mem_malloc(len + 1);
- if (!load_buf)
- SSL_RET(failed2, "ssl_mem_malloc\n");
+ if (!load_buf) {
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
+ goto failed;
+ }
ssl_memcpy(load_buf, buffer, len);
load_buf[len] = '\0';
- DEBUG_LOAD_BUF_STRING(load_buf);
-
mbedtls_x509_crt_init(x509_pm->x509_crt);
ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1);
ssl_mem_free(load_buf);
- if (ret)
- SSL_RET(failed2, "mbedtls_x509_crt_parse, return [-0x%x]\n", -ret);
+ if (ret) {
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_parse return -0x%x", -ret);
+ goto failed;
+ }
return 0;
-failed2:
+failed:
mbedtls_x509_crt_free(x509_pm->x509_crt);
ssl_mem_free(x509_pm->x509_crt);
x509_pm->x509_crt = NULL;
-failed1:
+no_mem:
return -1;
}
if (!pkey_pm->pkey) {
pkey_pm->pkey = ssl_mem_malloc(sizeof(mbedtls_pk_context));
- if (!pkey_pm->pkey)
- SSL_RET(failed1, "ssl_mem_malloc\n");
+ if (!pkey_pm->pkey) {
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (pkey_pm->pkey)");
+ goto no_mem;
+ }
}
load_buf = ssl_mem_malloc(len + 1);
- if (!load_buf)
- SSL_RET(failed2, "ssl_mem_malloc\n");
+ if (!load_buf) {
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
+ goto failed;
+ }
ssl_memcpy(load_buf, buffer, len);
load_buf[len] = '\0';
- DEBUG_LOAD_BUF_STRING(load_buf);
-
mbedtls_pk_init(pkey_pm->pkey);
ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len + 1, NULL, 0);
ssl_mem_free(load_buf);
- if (ret)
- SSL_RET(failed2, "mbedtls_pk_parse_key, return [-0x%x]\n", -ret);
+ if (ret) {
+ SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_pk_parse_key return -0x%x", -ret);
+ goto failed;
+ }
return 0;
-failed2:
+failed:
mbedtls_pk_free(pkey_pm->pkey);
ssl_mem_free(pkey_pm->pkey);
pkey_pm->pkey = NULL;
-failed1:
+no_mem:
return -1;
}
#include "ssl_port.h"
-#ifdef ESP32_IDF_PLATFORM
-
-#include "string.h"
-#include "malloc.h"
-
/*********************************************************************************************/
/********************************* SSL general interface *************************************/
-void* ssl_mem_zalloc(size_t size)
+void *ssl_mem_zalloc(size_t size)
{
void *p = malloc(size);
return p;
}
-void *ssl_mem_malloc(size_t size)
-{
- return malloc(size);
-}
-
-void ssl_mem_free(void *p)
-{
- free(p);
-}
-
-void* ssl_memcpy(void *to, const void *from, size_t size)
-{
- return memcpy(to, from, size);
-}
-
-size_t ssl_strlen(const char *src)
-{
- return strlen(src);
-}
-
-void ssl_speed_up_enter(void)
-{
-
-}
-
-void ssl_speed_up_exit(void)
-{
-
-}
-
-#endif
-
projects / esp-idf / commitdiff