From: liuhan Date: Tue, 30 Aug 2016 12:40:58 +0000 (+0800) Subject: components/mbedtls: MBEDTLS Handshake result check X-Git-Tag: v0.9~41^2~26 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2d80fada70e2096781e8fd49586841c81a5751a0;p=esp-idf components/mbedtls: MBEDTLS Handshake result check modify esp_config.h add some feature for support http2.0 protocol, TLS Handshake OK. --- diff --git a/components/esp32/aes.c b/components/esp32/aes.c index 0b0a7ce3cc..3767dd7eed 100644 --- a/components/esp32/aes.c +++ b/components/esp32/aes.c @@ -64,7 +64,7 @@ int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ) { enum AES_BITS keybit; - uint16 keybyte = keybits / 8; + uint16_t keybyte = keybits / 8; switch (keybits){ case 128: keybit = AES128; @@ -95,7 +95,7 @@ int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ) { enum AES_BITS keybit; - uint16 keybyte = keybits / 8; + uint16_t keybyte = keybits / 8; switch (keybits){ case 128: keybit = AES128; diff --git a/components/esp32/bignum.c b/components/esp32/bignum.c index 049116206d..dbfa418ec8 100644 --- a/components/esp32/bignum.c +++ b/components/esp32/bignum.c @@ -1018,9 +1018,9 @@ static void esp_mpi_mul_hlp( size_t i, esp_mpi_uint *s, esp_mpi_uint *d, esp_mpi static int mul_pram_alloc( mpi *X, const mpi *A, const mpi *B, char **pA, char **pB, char **pX, size_t *bites) { char *sa, *sb, *sx; - int algn; +// int algn; int words, bytes; - int abytes, bbytes, cbytes; + int abytes, bbytes; if (A->n > B->n) words = A->n; @@ -2178,6 +2178,3 @@ cleanup: return( ret ); } - -#endif /* ESP_BIGNUM_ALT */ - diff --git a/components/esp32/include/aes.h b/components/esp32/include/aes.h index aa81e1b5f6..b1a47eb4ee 100644 --- a/components/esp32/include/aes.h +++ b/components/esp32/include/aes.h @@ -24,7 +24,7 @@ #ifndef ESP_AES_H #define ESP_AES_H -#include "c_types.h" +#include "esp_types.h" #include "rom/ets_sys.h" #include "rom/aes.h" @@ -41,8 +41,8 @@ extern "C" { typedef struct{ bool flag; - uint16 keybites; - uint8 key[32]; + uint16_t keybites; + uint8_t key[32]; }key_context, KEY_CTX; /** diff --git a/components/esp32/include/bignum.h b/components/esp32/include/bignum.h index fc1a5932c5..e077fe2ed6 100644 --- a/components/esp32/include/bignum.h +++ b/components/esp32/include/bignum.h @@ -23,7 +23,7 @@ #ifndef _ESP_BIGNUM_H #define _ESP_BIGNUM_H -#include "c_types.h" +#include "esp_types.h" #include "rom/ets_sys.h" #include "rom/bigint.h" diff --git a/components/esp32/include/esp_crypto.h b/components/esp32/include/esp_crypto.h index ef6d86ac0d..5accfe8382 100644 --- a/components/esp32/include/esp_crypto.h +++ b/components/esp32/include/esp_crypto.h @@ -1,7 +1,7 @@ #ifndef _MULTI_CRYPTO_H_ #define _MULTI_CRYPTO_H_ -#include "c_types.h" +#include "esp_types.h" #include "rom/ets_sys.h" #ifdef __cplusplus diff --git a/components/esp32/include/sha.h b/components/esp32/include/sha.h index 661354c1de..301d893ae6 100644 --- a/components/esp32/include/sha.h +++ b/components/esp32/include/sha.h @@ -6,7 +6,7 @@ #ifndef _ESP_SHA_H_ #define _ESP_SHA_H_ -#include "c_types.h" +#include "esp_types.h" #include "rom/ets_sys.h" #include "rom/sha.h" @@ -164,6 +164,8 @@ typedef sha_context SHA512_CTX; */ void esp_sha512_init( SHA512_CTX *ctx ); +void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] ); + /** * \brief Clear SHA-512 context * diff --git a/components/esp32/sha.c b/components/esp32/sha.c index 2e98de3693..e7d7e0be9a 100644 --- a/components/esp32/sha.c +++ b/components/esp32/sha.c @@ -205,6 +205,11 @@ void esp_sha512_init( SHA512_CTX *ctx ) SHA_UNLOCK(); } +void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] ) +{ + +} + void esp_sha512_free( SHA512_CTX *ctx ) { if( ctx == NULL ) diff --git a/components/mbedtls/include/mbedtls/esp_config.h b/components/mbedtls/include/mbedtls/esp_config.h index 1ea6076813..0bf7e14d17 100644 --- a/components/mbedtls/include/mbedtls/esp_config.h +++ b/components/mbedtls/include/mbedtls/esp_config.h @@ -225,7 +225,7 @@ * Uncomment a macro to enable alternate implementation of the corresponding * module. */ -#define MBEDTLS_AES_ALT +//#define MBEDTLS_AES_ALT //#define MBEDTLS_ARC4_ALT //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT @@ -235,11 +235,11 @@ //#define MBEDTLS_MD4_ALT //#define MBEDTLS_MD5_ALT //#define MBEDTLS_RIPEMD160_ALT -#define MBEDTLS_SHA1_ALT -#define MBEDTLS_SHA256_ALT -#define MBEDTLS_SHA512_ALT +//#define MBEDTLS_SHA1_ALT +//#define MBEDTLS_SHA256_ALT +//#define MBEDTLS_SHA512_ALT -#define MBEDTLS_BIGNUM_ALT +//#define MBEDTLS_BIGNUM_ALT /** * \def MBEDTLS_MD2_PROCESS_ALT * @@ -374,10 +374,10 @@ * * Enable padding modes in the cipher layer. */ -//#define MBEDTLS_CIPHER_PADDING_PKCS7 -//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -//#define MBEDTLS_CIPHER_PADDING_ZEROS +#define MBEDTLS_CIPHER_PADDING_PKCS7 +#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS +#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN +#define MBEDTLS_CIPHER_PADDING_ZEROS /** * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES @@ -415,18 +415,18 @@ * * Comment macros to disable the curve and functions for it */ -//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -//#define MBEDTLS_ECP_DP_BP256R1_ENABLED -//#define MBEDTLS_ECP_DP_BP384R1_ENABLED -//#define MBEDTLS_ECP_DP_BP512R1_ENABLED -//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +#define MBEDTLS_ECP_DP_SECP192R1_ENABLED +#define MBEDTLS_ECP_DP_SECP224R1_ENABLED +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_ECP_DP_SECP521R1_ENABLED +#define MBEDTLS_ECP_DP_SECP192K1_ENABLED +#define MBEDTLS_ECP_DP_SECP224K1_ENABLED +#define MBEDTLS_ECP_DP_SECP256K1_ENABLED +#define MBEDTLS_ECP_DP_BP256R1_ENABLED +#define MBEDTLS_ECP_DP_BP384R1_ENABLED +#define MBEDTLS_ECP_DP_BP512R1_ENABLED +#define MBEDTLS_ECP_DP_CURVE25519_ENABLED /** * \def MBEDTLS_ECP_NIST_OPTIM @@ -437,7 +437,7 @@ * * Comment this macro to disable NIST curves optimisation. */ -//#define MBEDTLS_ECP_NIST_OPTIM +#define MBEDTLS_ECP_NIST_OPTIM /** * \def MBEDTLS_ECDSA_DETERMINISTIC @@ -451,7 +451,7 @@ * * Comment this macro to disable deterministic ECDSA. */ -//#define MBEDTLS_ECDSA_DETERMINISTIC +#define MBEDTLS_ECDSA_DETERMINISTIC /** * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED @@ -473,7 +473,7 @@ * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA */ -//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED @@ -497,7 +497,7 @@ * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA */ -//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED @@ -517,7 +517,7 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA */ -//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED @@ -596,7 +596,7 @@ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ -//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -621,7 +621,7 @@ * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA */ -//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -645,7 +645,7 @@ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ -//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED @@ -669,7 +669,7 @@ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ -//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED @@ -693,7 +693,7 @@ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ -//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED @@ -946,7 +946,7 @@ * * Comment this macro to disable support for Encrypt-then-MAC */ -//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC +#define MBEDTLS_SSL_ENCRYPT_THEN_MAC /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET * @@ -964,7 +964,7 @@ * * Comment this macro to disable support for Extended Master Secret. */ -//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET +#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET /** * \def MBEDTLS_SSL_FALLBACK_SCSV @@ -981,7 +981,7 @@ * * Comment this macro to disable support for FALLBACK_SCSV */ -//#define MBEDTLS_SSL_FALLBACK_SCSV +#define MBEDTLS_SSL_FALLBACK_SCSV /** * \def MBEDTLS_SSL_HW_RECORD_ACCEL @@ -1018,7 +1018,7 @@ * * Comment this to disable support for renegotiation. */ -//#define MBEDTLS_SSL_RENEGOTIATION +#define MBEDTLS_SSL_RENEGOTIATION /** * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO @@ -1047,7 +1047,7 @@ * * Comment this macro to disable support for the max_fragment_length extension */ -//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH /** * \def MBEDTLS_SSL_PROTO_SSL3 @@ -1059,7 +1059,7 @@ * * Comment this macro to disable support for SSL 3.0 */ -//#define MBEDTLS_SSL_PROTO_SSL3 +#define MBEDTLS_SSL_PROTO_SSL3 /** * \def MBEDTLS_SSL_PROTO_TLS1 @@ -1110,7 +1110,7 @@ * * Comment this macro to disable support for DTLS */ -//#define MBEDTLS_SSL_PROTO_DTLS +#define MBEDTLS_SSL_PROTO_DTLS /** * \def MBEDTLS_SSL_ALPN @@ -1119,7 +1119,7 @@ * * Comment this macro to disable support for ALPN. */ -//#define MBEDTLS_SSL_ALPN +#define MBEDTLS_SSL_ALPN /** * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY @@ -1134,7 +1134,7 @@ * * Comment this to disable anti-replay in DTLS. */ -//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY /** * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY @@ -1152,7 +1152,7 @@ * * Comment this to disable support for HelloVerifyRequest. */ -//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY /** * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE @@ -1168,7 +1168,7 @@ * * Comment this to disable support for clients reusing the source port. */ -//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE /** * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT @@ -1179,7 +1179,7 @@ * * Requires: MBEDTLS_SSL_PROTO_DTLS */ -//#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT +#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT /** * \def MBEDTLS_SSL_SESSION_TICKETS @@ -1193,7 +1193,7 @@ * * Comment this macro to disable support for SSL session tickets */ -//#define MBEDTLS_SSL_SESSION_TICKETS +#define MBEDTLS_SSL_SESSION_TICKETS /** * \def MBEDTLS_SSL_EXPORT_KEYS @@ -1203,7 +1203,7 @@ * * Comment this macro to disable support for key export */ -//#define MBEDTLS_SSL_EXPORT_KEYS +#define MBEDTLS_SSL_EXPORT_KEYS /** * \def MBEDTLS_SSL_SERVER_NAME_INDICATION @@ -1223,7 +1223,7 @@ * * Comment this macro to disable support for truncated HMAC in SSL */ -//#define MBEDTLS_SSL_TRUNCATED_HMAC +#define MBEDTLS_SSL_TRUNCATED_HMAC /** * \def MBEDTLS_THREADING_ALT @@ -1258,7 +1258,7 @@ * * Comment this to disable run-time checking and save ROM space */ -//#define MBEDTLS_VERSION_FEATURES +#define MBEDTLS_VERSION_FEATURES /** * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 @@ -1294,7 +1294,7 @@ * * Comment to skip keyUsage checking for both CA and leaf certificates. */ -//#define MBEDTLS_X509_CHECK_KEY_USAGE +#define MBEDTLS_X509_CHECK_KEY_USAGE /** * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE @@ -1307,7 +1307,7 @@ * * Comment to skip extendedKeyUsage checking for certificates. */ -//#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE +#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1317,7 +1317,7 @@ * * Comment this macro to disallow using RSASSA-PSS in certificates. */ -//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT +#define MBEDTLS_X509_RSASSA_PSS_SUPPORT /** * \def MBEDTLS_ZLIB_SUPPORT @@ -1459,7 +1459,7 @@ * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA */ -//#define MBEDTLS_ARC4_C +#define MBEDTLS_ARC4_C /** * \def MBEDTLS_ASN1_PARSE_C @@ -1524,7 +1524,7 @@ * * Module: library/blowfish.c */ -//#define MBEDTLS_BLOWFISH_C +#define MBEDTLS_BLOWFISH_C /** * \def MBEDTLS_CAMELLIA_C @@ -1579,7 +1579,7 @@ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -//#define MBEDTLS_CAMELLIA_C +#define MBEDTLS_CAMELLIA_C /** * \def MBEDTLS_CCM_C @@ -1593,7 +1593,7 @@ * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. */ -//#define MBEDTLS_CCM_C +#define MBEDTLS_CCM_C /** * \def MBEDTLS_CERTS_C @@ -1605,7 +1605,7 @@ * * This module is used for testing (ssl_client/server). */ -//#define MBEDTLS_CERTS_C +#define MBEDTLS_CERTS_C /** * \def MBEDTLS_CIPHER_C @@ -1645,7 +1645,7 @@ * * This module provides debugging functions. */ -//#define MBEDTLS_DEBUG_C +#define MBEDTLS_DEBUG_C /** * \def MBEDTLS_DES_C @@ -1671,7 +1671,7 @@ * * PEM_PARSE uses DES/3DES for decrypting encrypted keys. */ -//#define MBEDTLS_DES_C +#define MBEDTLS_DES_C /** * \def MBEDTLS_DHM_C @@ -1685,7 +1685,7 @@ * This module is used by the following key exchanges: * DHE-RSA, DHE-PSK */ -//#define MBEDTLS_DHM_C +#define MBEDTLS_DHM_C /** * \def MBEDTLS_ECDH_C @@ -1701,7 +1701,7 @@ * * Requires: MBEDTLS_ECP_C */ -//#define MBEDTLS_ECDH_C +#define MBEDTLS_ECDH_C /** * \def MBEDTLS_ECDSA_C @@ -1716,7 +1716,7 @@ * * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C */ -//#define MBEDTLS_ECDSA_C +#define MBEDTLS_ECDSA_C /** * \def MBEDTLS_ECJPAKE_C @@ -1749,7 +1749,7 @@ * * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED */ -//#define MBEDTLS_ECP_C +#define MBEDTLS_ECP_C /** * \def MBEDTLS_ENTROPY_C @@ -1775,7 +1775,7 @@ * * This module enables mbedtls_strerror(). */ -//#define MBEDTLS_ERROR_C +#define MBEDTLS_ERROR_C /** * \def MBEDTLS_GCM_C @@ -1789,7 +1789,7 @@ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other * requisites are enabled as well. */ -//#define MBEDTLS_GCM_C //764 Byte +#define MBEDTLS_GCM_C /** * \def MBEDTLS_HAVEGE_C @@ -1826,7 +1826,7 @@ * * Uncomment to enable the HMAC_DRBG random number geerator. */ -//#define MBEDTLS_HMAC_DRBG_C +#define MBEDTLS_HMAC_DRBG_C /** * \def MBEDTLS_MD_C @@ -1941,7 +1941,7 @@ * * This modules adds support for the VIA PadLock on x86. */ -//#define MBEDTLS_PADLOCK_C +#define MBEDTLS_PADLOCK_C /** * \def MBEDTLS_PEM_PARSE_C @@ -2033,7 +2033,7 @@ * * This module adds support for the PKCS#5 functions. */ -//#define MBEDTLS_PKCS5_C +#define MBEDTLS_PKCS5_C /** * \def MBEDTLS_PKCS11_C @@ -2064,7 +2064,7 @@ * * This module enables PKCS#12 functions. */ -//#define MBEDTLS_PKCS12_C +#define MBEDTLS_PKCS12_C /** * \def MBEDTLS_PLATFORM_C @@ -2084,7 +2084,7 @@ * * This module enables abstraction of common (libc) functions. */ -//#define MBEDTLS_PLATFORM_C +#define MBEDTLS_PLATFORM_C /** * \def MBEDTLS_RIPEMD160_C @@ -2095,7 +2095,7 @@ * Caller: library/mbedtls_md.c * */ -//#define MBEDTLS_RIPEMD160_C +#define MBEDTLS_RIPEMD160_C /** * \def MBEDTLS_RSA_C @@ -2173,7 +2173,7 @@ * * Requires: MBEDTLS_SSL_CACHE_C */ -//#define MBEDTLS_SSL_CACHE_C +#define MBEDTLS_SSL_CACHE_C /** * \def MBEDTLS_SSL_COOKIE_C @@ -2183,7 +2183,7 @@ * Module: library/ssl_cookie.c * Caller: */ -//#define MBEDTLS_SSL_COOKIE_C +#define MBEDTLS_SSL_COOKIE_C /** * \def MBEDTLS_SSL_TICKET_C @@ -2195,7 +2195,7 @@ * * Requires: MBEDTLS_CIPHER_C */ -//#define MBEDTLS_SSL_TICKET_C +#define MBEDTLS_SSL_TICKET_C /** * \def MBEDTLS_SSL_CLI_C @@ -2466,7 +2466,8 @@ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ /* SSL options */ -#define MBEDTLS_SSL_MAX_CONTENT_LEN 3072 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ + +#define MBEDTLS_SSL_MAX_CONTENT_LEN 5120 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ diff --git a/components/mbedtls/port/esp_hardware.c b/components/mbedtls/port/esp_hardware.c new file mode 100644 index 0000000000..c269a0e3f1 --- /dev/null +++ b/components/mbedtls/port/esp_hardware.c @@ -0,0 +1,45 @@ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include +#include +#include +#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) +/** + * \brief Entropy poll callback for a hardware source + * + * \warning This is not provided by mbed TLS! + * See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h. + * + * \note This must accept NULL as its first argument. + */ +static int os_get_random(unsigned char *buf, size_t len) +{ + int i, j; + unsigned long tmp; + for (i = 0; i < ((len + 3) & ~3) / 4; i ++){ + tmp = rand(); + for (j = 0; j < 4; j ++){ + if ((i * 4 + j) < len){ + buf[i * 4 + j] = (unsigned char)(tmp >> (j * 8)); + }else{ + break; + } + } + + } + return 0; +} + +int mbedtls_hardware_poll( void *data, + unsigned char *output, size_t len, size_t *olen ) +{ + os_get_random(output, len); + *olen = len; + return 0; +} +#endif + diff --git a/components/mbedtls/port/include/sha512_alt.h b/components/mbedtls/port/include/sha512_alt.h index b4e17259e4..7814bf19d8 100644 --- a/components/mbedtls/port/include/sha512_alt.h +++ b/components/mbedtls/port/include/sha512_alt.h @@ -17,6 +17,7 @@ extern "C" { typedef SHA512_CTX mbedtls_sha512_context; #define mbedtls_sha512_init esp_sha512_init +#define mbedtls_sha512_process esp_sha512_process #define mbedtls_sha512_clone esp_sha512_clone #define mbedtls_sha512_starts esp_sha512_starts #define mbedtls_sha512_update esp_sha512_update diff --git a/components/mbedtls/port/net.c b/components/mbedtls/port/net.c new file mode 100644 index 0000000000..f712d9a651 --- /dev/null +++ b/components/mbedtls/port/net.c @@ -0,0 +1,522 @@ +/* + * TCP/IP or UDP/IP networking functions + * modified for LWIP support on ESP32 + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Additions Copyright (C) 2015 Angus Gratton + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if !defined(MBEDTLS_NET_C) + +#include "mbedtls/net.h" + +#include + +#include +#include +//#include +#include +#include +//#include + +#include +#include + +#include + +#include + +/* + * Prepare for using the sockets interface + */ +static int net_prepare( void ) +{ +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + WSADATA wsaData; + + if( wsa_init_done == 0 ) + { + if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 ) + return( MBEDTLS_ERR_NET_SOCKET_FAILED ); + + wsa_init_done = 1; + } +#else +#endif + return( 0 ); +} + +/* + * Initialize a context + */ +void mbedtls_net_init( mbedtls_net_context *ctx ) +{ + ctx->fd = -1; +} + +/* + * Initiate a TCP connection with host:port and the given protocol + */ +int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ) +{ + int ret; + struct addrinfo hints, *addr_list, *cur; + + if( ( ret = net_prepare() ) != 0 ) + return( ret ); + + /* Do name resolution with both IPv6 and IPv4 */ + memset( &hints, 0, sizeof( hints ) ); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; + hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; + + if( getaddrinfo( host, port, &hints, &addr_list ) != 0 ) + return( MBEDTLS_ERR_NET_UNKNOWN_HOST ); + + /* Try the sockaddrs until a connection succeeds */ + ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; + for( cur = addr_list; cur != NULL; cur = cur->ai_next ) + { + ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype, + cur->ai_protocol ); + if( ctx->fd < 0 ) + { + ret = MBEDTLS_ERR_NET_SOCKET_FAILED; + continue; + } + + if( connect( ctx->fd, cur->ai_addr, cur->ai_addrlen ) == 0 ) + { + ret = 0; + break; + } + + close( ctx->fd ); + ret = MBEDTLS_ERR_NET_CONNECT_FAILED; + } + + freeaddrinfo( addr_list ); + + return( ret ); +} + +/* + * Create a listening socket on bind_ip:port + */ +int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto ) +{ + int n, ret; + struct addrinfo hints, *addr_list, *cur; + + if( ( ret = net_prepare() ) != 0 ) + return( ret ); + + /* Bind to IPv6 and/or IPv4, but only in the desired protocol */ + memset( &hints, 0, sizeof( hints ) ); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; + hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; + + if( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 ) + return( MBEDTLS_ERR_NET_UNKNOWN_HOST ); + + /* Try the sockaddrs until a binding succeeds */ + ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; + for( cur = addr_list; cur != NULL; cur = cur->ai_next ) + { + ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype, + cur->ai_protocol ); + if( ctx->fd < 0 ) + { + ret = MBEDTLS_ERR_NET_SOCKET_FAILED; + continue; + } + + /*SO_REUSEADDR option dafault is disable in source code(lwip)*/ +#if SO_REUSE + n = 1; + if( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR, + (const char *) &n, sizeof( n ) ) != 0 ) + { + close( ctx->fd ); + ret = MBEDTLS_ERR_NET_SOCKET_FAILED; + continue; + } +#endif + /*bind interface dafault don't process the addr is 0xffffffff for TCP Protocol*/ + struct sockaddr_in *serv_addr = NULL; + serv_addr = (struct sockaddr_in *)cur->ai_addr; + serv_addr->sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */ + if( bind( ctx->fd, (struct sockaddr *)serv_addr, cur->ai_addrlen ) != 0 ) + { + close( ctx->fd ); + ret = MBEDTLS_ERR_NET_BIND_FAILED; + continue; + } + + /* Listen only makes sense for TCP */ + if( proto == MBEDTLS_NET_PROTO_TCP ) + { + if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 ) + { + close( ctx->fd ); + ret = MBEDTLS_ERR_NET_LISTEN_FAILED; + continue; + } + } + + /* I we ever get there, it's a success */ + ret = 0; + break; + } + + freeaddrinfo( addr_list ); + + return( ret ); + +} + +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) +/* + * Check if the requested operation would be blocking on a non-blocking socket + * and thus 'failed' with a negative return value. + */ +static int net_would_block( const mbedtls_net_context *ctx ) +{ + ((void) ctx); + return( WSAGetLastError() == WSAEWOULDBLOCK ); +} +#else +/* + * Check if the requested operation would be blocking on a non-blocking socket + * and thus 'failed' with a negative return value. + * + * Note: on a blocking socket this function always returns 0! + */ +static int net_would_block( const mbedtls_net_context *ctx ) +{ + /* + * Never return 'WOULD BLOCK' on a non-blocking socket + */ + if( ( fcntl( ctx->fd, F_GETFL, 0) & O_NONBLOCK ) != O_NONBLOCK ) + return( 0 ); + + int error = 0; + get_errno(ctx->fd, &error); + switch( error ) + { +#if defined EAGAIN + case EAGAIN: +#endif +#if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN + case EWOULDBLOCK: +#endif + return( 1 ); + } + return( 0 ); +} +#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ + +/* + * Accept a connection from a remote client + */ +int mbedtls_net_accept( mbedtls_net_context *bind_ctx, + mbedtls_net_context *client_ctx, + void *client_ip, size_t buf_size, size_t *ip_len ) +{ + int ret; + int type; + + struct sockaddr_in client_addr; + + socklen_t n = (socklen_t) sizeof( client_addr ); + socklen_t type_len = (socklen_t) sizeof( type ); + + /* Is this a TCP or UDP socket? */ + if( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE, + (void *) &type, (socklen_t *) &type_len ) != 0 || + ( type != SOCK_STREAM && type != SOCK_DGRAM ) ) + { + return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + } + + if( type == SOCK_STREAM ) + { + /* TCP: actual accept() */ + ret = client_ctx->fd = (int) accept( bind_ctx->fd, + (struct sockaddr *) &client_addr, &n ); + } + else + { + /* UDP: wait for a message, but keep it in the queue */ + char buf[1] = { 0 }; + + ret = recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK, + (struct sockaddr *) &client_addr, &n ); + +#if defined(_WIN32) + if( ret == SOCKET_ERROR && + WSAGetLastError() == WSAEMSGSIZE ) + { + /* We know buf is too small, thanks, just peeking here */ + ret = 0; + } +#endif + } + + if( ret < 0 ) + { + if( net_would_block( bind_ctx ) != 0 ) + return( MBEDTLS_ERR_SSL_WANT_READ ); + + return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + } + + /* UDP: hijack the listening socket to communicate with the client, + * then bind a new socket to accept new connections */ + if( type != SOCK_STREAM ) + { + struct sockaddr_in local_addr; + int one = 1; + + if( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 ) + return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + + client_ctx->fd = bind_ctx->fd; + bind_ctx->fd = -1; /* In case we exit early */ + + n = sizeof( struct sockaddr_in ); + if( getsockname( client_ctx->fd, + (struct sockaddr *) &local_addr, &n ) != 0 || + ( bind_ctx->fd = (int) socket( AF_INET, + SOCK_DGRAM, IPPROTO_UDP ) ) < 0 || + setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR, + (const char *) &one, sizeof( one ) ) != 0 ) + { + return( MBEDTLS_ERR_NET_SOCKET_FAILED ); + } + + if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 ) + { + return( MBEDTLS_ERR_NET_BIND_FAILED ); + } + } + + if( client_ip != NULL ) + { + struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr; + *ip_len = sizeof( addr4->sin_addr.s_addr ); + + if( buf_size < *ip_len ) + return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL ); + + memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len ); + } + + return( 0 ); +} + +/* + * Set the socket blocking or non-blocking + */ +int mbedtls_net_set_block( mbedtls_net_context *ctx ) +{ +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + u_long n = 0; + return( ioctlsocket( ctx->fd, FIONBIO, &n ) ); +#else + return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) & ~O_NONBLOCK ) ); +#endif +} + +int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ) +{ +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + u_long n = 1; + return( ioctlsocket( ctx->fd, FIONBIO, &n ) ); +#else + return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) | O_NONBLOCK ) ); +#endif +} + +/* + * Portable usleep helper + */ +void mbedtls_net_usleep( unsigned long usec ) +{ +#if defined(_WIN32) + Sleep( ( usec + 999 ) / 1000 ); +#else + struct timeval tv; + tv.tv_sec = usec / 1000000; +#if defined(__unix__) || defined(__unix) || \ + ( defined(__APPLE__) && defined(__MACH__) ) + tv.tv_usec = (suseconds_t) usec % 1000000; +#else + tv.tv_usec = usec % 1000000; +#endif + select( 0, NULL, NULL, NULL, &tv ); +#endif +} + +/* + * Read at most 'len' characters + */ +int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) +{ + int ret; + int fd = ((mbedtls_net_context *) ctx)->fd; + int error = 0; + get_errno(fd, &error); + if( fd < 0 ) + return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + + ret = (int) read( fd, buf, len ); + + if( ret < 0 ) + { + if( net_would_block( ctx ) != 0 ) + return( MBEDTLS_ERR_SSL_WANT_READ ); + +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + if( WSAGetLastError() == WSAECONNRESET ) + return( MBEDTLS_ERR_NET_CONN_RESET ); +#else + if( error == EPIPE || error == ECONNRESET ) + return( MBEDTLS_ERR_NET_CONN_RESET ); + + if( error == EINTR ) + return( MBEDTLS_ERR_SSL_WANT_READ ); +#endif + + return( MBEDTLS_ERR_NET_RECV_FAILED ); + } + + return( ret ); +} + +/* + * Read at most 'len' characters, blocking for at most 'timeout' ms + */ +int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, + uint32_t timeout ) +{ + int ret; + struct timeval tv; + fd_set read_fds; + int fd = ((mbedtls_net_context *) ctx)->fd; + + if( fd < 0 ) + return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + + FD_ZERO( &read_fds ); + FD_SET( fd, &read_fds ); + + tv.tv_sec = timeout / 1000; + tv.tv_usec = ( timeout % 1000 ) * 1000; + + ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv ); + + /* Zero fds ready means we timed out */ + if( ret == 0 ) + return( MBEDTLS_ERR_SSL_TIMEOUT ); + + if( ret < 0 ) + { +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + if( WSAGetLastError() == WSAEINTR ) + return( MBEDTLS_ERR_SSL_WANT_READ ); +#else + if( errno == EINTR ) + return( MBEDTLS_ERR_SSL_WANT_READ ); +#endif + + return( MBEDTLS_ERR_NET_RECV_FAILED ); + } + + /* This call will not block */ + return( mbedtls_net_recv( ctx, buf, len ) ); +} + +/* + * Write at most 'len' characters + */ +int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) +{ + int ret; + int fd = ((mbedtls_net_context *) ctx)->fd; + + int error = 0; + get_errno(fd, &error); + + if( fd < 0 ) + return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + + ret = (int) write( fd, buf, len ); + + if( ret < 0 ) + { + if( net_would_block( ctx ) != 0 ) + return( MBEDTLS_ERR_SSL_WANT_WRITE ); + +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + if( WSAGetLastError() == WSAECONNRESET ) + return( MBEDTLS_ERR_NET_CONN_RESET ); +#else + if( error == EPIPE || error == ECONNRESET ) + return( MBEDTLS_ERR_NET_CONN_RESET ); + + if( error == EINTR ) + return( MBEDTLS_ERR_SSL_WANT_WRITE ); +#endif + + return( MBEDTLS_ERR_NET_SEND_FAILED ); + } + + return( ret ); +} + +/* + * Gracefully close the connection + */ +void mbedtls_net_free( mbedtls_net_context *ctx ) +{ + if( ctx->fd == -1 ) + return; + + shutdown( ctx->fd, 2 ); + close( ctx->fd ); + + ctx->fd = -1; +} + +#endif /* MBEDTLS_NET_C */