From fc6b52574a337fd4f4b7a13155eea488582e1b0d Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Tue, 1 Nov 2016 13:07:10 +0800 Subject: [PATCH] components/openssl: refactor the SSL port function and debug function --- components/openssl/include/internal/ssl_dbg.h | 28 ++++++--- components/openssl/include/platform/ssl_opt.h | 48 ++++++++++++++++ .../openssl/include/platform/ssl_port.h | 16 +++++- components/openssl/library/ssl_cert.c | 8 +-- components/openssl/library/ssl_lib.c | 24 ++++---- components/openssl/library/ssl_pkey.c | 8 +-- components/openssl/library/ssl_stack.c | 14 ++--- components/openssl/library/ssl_x509.c | 8 +-- components/openssl/platform/ssl_pm.c | 57 +++++++++++-------- components/openssl/platform/ssl_port.c | 6 +- 10 files changed, 148 insertions(+), 69 deletions(-) create mode 100644 components/openssl/include/platform/ssl_opt.h diff --git a/components/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h index d6ae47499e..1b0a73f167 100644 --- a/components/openssl/include/internal/ssl_dbg.h +++ b/components/openssl/include/internal/ssl_dbg.h @@ -15,21 +15,33 @@ #ifndef _SSL_DEBUG_H_ #define _SSL_DEBUG_H_ +#include "platform/ssl_opt.h" +#include "platform/ssl_port.h" + #ifdef __cplusplus extern "C" { #endif -#define SSL_DEBUG_ENBALE 1 +#ifndef SSL_DEBUG_ENBALE +#define SSL_DEBUG_ENBALE 0 +#endif + +#ifndef SSL_DEBUG_LEVEL #define SSL_DEBUG_LEVEL 0 -#define SSL_ASSERT_ENABLE 1 -#define SSL_DEBUG_LOCATION_ENABLE 1 +#endif -#if SSL_DEBUG_ENBALE - extern int ets_printf(const char *fmt, ...); +#ifndef SSL_ASSERT_ENABLE +#define SSL_ASSERT_ENABLE 0 +#endif - #define SSL_PRINT ets_printf -#else - #define SSL_PRINT(...) +#ifndef SSL_DEBUG_LOCATION_ENABLE +#define SSL_DEBUG_LOCATION_ENABLE 0 +#endif + +#ifndef SSL_PRINT + #include "stdio.h" + extern int printf(const char *fmt, ...); + #define SSL_PRINT printf #endif #if SSL_DEBUG_LOCATION_ENABLE diff --git a/components/openssl/include/platform/ssl_opt.h b/components/openssl/include/platform/ssl_opt.h new file mode 100644 index 0000000000..01d438eb8a --- /dev/null +++ b/components/openssl/include/platform/ssl_opt.h @@ -0,0 +1,48 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef _SSL_OPT_H_ +#define _SSL_OPT_H_ + +#ifdef __cplusplus + extern "C" { +#endif + +/** + * if not define "ESP32_IDF_PLATFORM", system will use esp8266 platform interface + */ +#define ESP32_IDF_PLATFORM + +/** + * openssl debug print function enable + */ +#define SSL_DEBUG_ENBALE 0 + +/** + * openssl debug print function level. function whose level is lower that "SSL_DEBUG_LEVEL" + * will not print message + */ +#define SSL_DEBUG_LEVEL 0 + +/** + * openssl assert function enable, it will check the input paramter and print the message + */ +#define SSL_ASSERT_ENABLE 0 + +/** + * openssl location function enable, it will print location of the positioning error + */ +#define SSL_DEBUG_LOCATION_ENABLE 0 + +#endif diff --git a/components/openssl/include/platform/ssl_port.h b/components/openssl/include/platform/ssl_port.h index 995d33e0e5..4a319c91ae 100644 --- a/components/openssl/include/platform/ssl_port.h +++ b/components/openssl/include/platform/ssl_port.h @@ -19,11 +19,15 @@ extern "C" { #endif +#include "platform/ssl_opt.h" + +#ifdef ESP32_IDF_PLATFORM + #include "esp_types.h" -void* ssl_zalloc(size_t size); -void *ssl_malloc(size_t size); -void ssl_free(void *p); +void *ssl_mem_zalloc(size_t size); +void *ssl_mem_malloc(size_t size); +void ssl_mem_free(void *p); void* ssl_memcpy(void *to, const void *from, size_t size); size_t ssl_strlen(const char *src); @@ -31,4 +35,10 @@ size_t ssl_strlen(const char *src); void ssl_speed_up_enter(void); void ssl_speed_up_exit(void); +#elif defined(SSL_PLATFORM_USER_INCLUDE) + +SSL_PLATFORM_USER_INCLUDE + +#endif + #endif diff --git a/components/openssl/library/ssl_cert.c b/components/openssl/library/ssl_cert.c index e4fd4d7785..0193a441e0 100644 --- a/components/openssl/library/ssl_cert.c +++ b/components/openssl/library/ssl_cert.c @@ -28,9 +28,9 @@ CERT *__ssl_cert_new(CERT *ic) X509 *ix; EVP_PKEY *ipk; - cert = ssl_zalloc(sizeof(CERT)); + cert = ssl_mem_zalloc(sizeof(CERT)); if (!cert) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); if (ic) { ipk = ic->pkey; @@ -53,7 +53,7 @@ CERT *__ssl_cert_new(CERT *ic) failed3: EVP_PKEY_free(cert->pkey); failed2: - ssl_free(cert); + ssl_mem_free(cert); failed1: return NULL; } @@ -75,5 +75,5 @@ void ssl_cert_free(CERT *cert) EVP_PKEY_free(cert->pkey); - ssl_free(cert); + ssl_mem_free(cert); } diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index 9740282d13..23b8bf4cea 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -124,9 +124,9 @@ SSL_SESSION* SSL_SESSION_new(void) { SSL_SESSION *session; - session = ssl_zalloc(sizeof(SSL_SESSION)); + session = ssl_mem_zalloc(sizeof(SSL_SESSION)); if (!session) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); session->peer = X509_new(); if (!session->peer) @@ -135,7 +135,7 @@ SSL_SESSION* SSL_SESSION_new(void) return session; failed2: - ssl_free(session); + ssl_mem_free(session); failed1: return NULL; } @@ -146,7 +146,7 @@ failed1: void SSL_SESSION_free(SSL_SESSION *session) { X509_free(session->peer); - ssl_free(session); + ssl_mem_free(session); } /** @@ -168,9 +168,9 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method) if (!cert) SSL_RET(go_failed2, "ssl_cert_new\n"); - ctx = (SSL_CTX *)ssl_zalloc(sizeof(SSL_CTX)); + ctx = (SSL_CTX *)ssl_mem_zalloc(sizeof(SSL_CTX)); if (!ctx) - SSL_RET(go_failed3, "ssl_zalloc:ctx\n"); + SSL_RET(go_failed3, "ssl_mem_zalloc:ctx\n"); ctx->method = method; ctx->client_CA = client_ca; @@ -199,7 +199,7 @@ void SSL_CTX_free(SSL_CTX* ctx) X509_free(ctx->client_CA); - ssl_free(ctx); + ssl_mem_free(ctx); } /** @@ -238,9 +238,9 @@ SSL *SSL_new(SSL_CTX *ctx) if (!ctx) SSL_RET(failed1, "ctx:NULL\n"); - ssl = (SSL *)ssl_zalloc(sizeof(SSL)); + ssl = (SSL *)ssl_mem_zalloc(sizeof(SSL)); if (!ssl) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); ssl->session = SSL_SESSION_new(); if (!ssl->session) @@ -277,7 +277,7 @@ failed4: failed3: SSL_SESSION_free(ssl->session); failed2: - ssl_free(ssl); + ssl_mem_free(ssl); failed1: return NULL; } @@ -297,7 +297,7 @@ void SSL_free(SSL *ssl) SSL_SESSION_free(ssl->session); - ssl_free(ssl); + ssl_mem_free(ssl); } /** @@ -343,7 +343,7 @@ int SSL_shutdown(SSL *ssl) SSL_ASSERT(ssl); - if (SSL_get_state(ssl) != TLS_ST_OK) return 0; + if (SSL_get_state(ssl) != TLS_ST_OK) return 1; ret = SSL_METHOD_CALL(shutdown, ssl); diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c index 20debfbcfc..dbd82dc9c2 100644 --- a/components/openssl/library/ssl_pkey.c +++ b/components/openssl/library/ssl_pkey.c @@ -25,9 +25,9 @@ EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk) int ret; EVP_PKEY *pkey; - pkey = ssl_zalloc(sizeof(EVP_PKEY)); + pkey = ssl_mem_zalloc(sizeof(EVP_PKEY)); if (!pkey) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); if (ipk) { pkey->method = ipk->method; @@ -42,7 +42,7 @@ EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk) return pkey; failed2: - ssl_free(pkey); + ssl_mem_free(pkey); failed1: return NULL; } @@ -62,7 +62,7 @@ void EVP_PKEY_free(EVP_PKEY *pkey) { EVP_PKEY_METHOD_CALL(free, pkey); - ssl_free(pkey); + ssl_mem_free(pkey); } /** diff --git a/components/openssl/library/ssl_stack.c b/components/openssl/library/ssl_stack.c index 4ea40e7259..5dbb69af9d 100644 --- a/components/openssl/library/ssl_stack.c +++ b/components/openssl/library/ssl_stack.c @@ -30,13 +30,13 @@ OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c) OPENSSL_STACK *stack; char **data; - stack = ssl_zalloc(sizeof(OPENSSL_STACK)); + stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK)); if (!stack) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); - data = ssl_zalloc(sizeof(*data) * MIN_NODES); + data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES); if (!data) - SSL_RET(failed2, "ssl_zalloc\n"); + SSL_RET(failed2, "ssl_mem_zalloc\n"); stack->data = data; stack->num_alloc = MIN_NODES; @@ -45,7 +45,7 @@ OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c) return stack; failed2: - ssl_free(stack); + ssl_mem_free(stack); failed1: return NULL; } @@ -65,6 +65,6 @@ void OPENSSL_sk_free(OPENSSL_STACK *stack) { SSL_ASSERT(stack); - ssl_free(stack->data); - ssl_free(stack); + ssl_mem_free(stack->data); + ssl_mem_free(stack); } diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 06e6e7b544..d0426db18c 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -33,9 +33,9 @@ X509* __X509_new(X509 *ix) int ret; X509 *x; - x = ssl_zalloc(sizeof(X509)); + x = ssl_mem_zalloc(sizeof(X509)); if (!x) - SSL_RET(failed1, "ssl_malloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); if (ix) x->method = ix->method; @@ -49,7 +49,7 @@ X509* __X509_new(X509 *ix) return x; failed2: - ssl_free(x); + ssl_mem_free(x); failed1: return NULL; } @@ -69,7 +69,7 @@ void X509_free(X509 *x) { X509_METHOD_CALL(free, x); - ssl_free(x); + ssl_mem_free(x); }; /** diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index eadd323e70..21c0ac58c9 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -86,10 +86,16 @@ int ssl_pm_new(SSL *ssl) const SSL_METHOD *method = ssl->method; - ssl_pm = ssl_zalloc(sizeof(struct ssl_pm)); + ssl_pm = ssl_mem_zalloc(sizeof(struct ssl_pm)); if (!ssl_pm) - SSL_ERR(ret, failed1, "ssl_zalloc\n"); + SSL_ERR(ret, failed1, "ssl_mem_zalloc\n"); + if (ssl->ctx->read_buffer_len < 2048 || + ssl->ctx->read_buffer_len > 8192) + return -1; + + max_content_len = ssl->ctx->read_buffer_len; + mbedtls_net_init(&ssl_pm->fd); mbedtls_net_init(&ssl_pm->cl_fd); @@ -144,6 +150,7 @@ failed3: mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg); failed2: mbedtls_entropy_free(&ssl_pm->entropy); + ssl_mem_free(ssl_pm); failed1: return -1; } @@ -160,7 +167,7 @@ void ssl_pm_free(SSL *ssl) mbedtls_ssl_config_free(&ssl_pm->conf); mbedtls_ssl_free(&ssl_pm->ssl); - ssl_free(ssl_pm); + ssl_mem_free(ssl_pm); ssl->ssl_pm = NULL; } @@ -392,7 +399,7 @@ int x509_pm_show_info(X509 *x) if (!x509_crt) return -1; - buf = ssl_malloc(X509_INFO_STRING_LENGTH); + buf = ssl_mem_malloc(X509_INFO_STRING_LENGTH); if (!buf) SSL_RET(failed1, ""); @@ -401,14 +408,14 @@ int x509_pm_show_info(X509 *x) SSL_RET(failed2, ""); buf[ret] = 0; - ssl_free(buf); + ssl_mem_free(buf); SSL_PRINT("%s", buf); return 0; failed2: - ssl_free(buf); + ssl_mem_free(buf); failed1: return -1; } @@ -417,9 +424,9 @@ int x509_pm_new(X509 *x, X509 *m_x) { struct x509_pm *x509_pm; - x509_pm = ssl_zalloc(sizeof(struct x509_pm)); + x509_pm = ssl_mem_zalloc(sizeof(struct x509_pm)); if (!x509_pm) - SSL_RET(failed1, "ssl_zalloc\n"); + SSL_RET(failed1, "ssl_mem_zalloc\n"); x->x509_pm = x509_pm; @@ -442,11 +449,11 @@ void x509_pm_free(X509 *x) if (x509_pm->x509_crt) { mbedtls_x509_crt_free(x509_pm->x509_crt); - ssl_free(x509_pm->x509_crt); + ssl_mem_free(x509_pm->x509_crt); x509_pm->x509_crt = NULL; } - ssl_free(x->x509_pm); + ssl_mem_free(x->x509_pm); x->x509_pm = NULL; } @@ -460,14 +467,14 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) mbedtls_x509_crt_free(x509_pm->x509_crt); if (!x509_pm->x509_crt) { - x509_pm->x509_crt = ssl_malloc(sizeof(mbedtls_x509_crt)); + x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt)); if (!x509_pm->x509_crt) - SSL_RET(failed1, "ssl_malloc\n"); + SSL_RET(failed1, "ssl_mem_malloc\n"); } - load_buf = ssl_malloc(len + 1); + load_buf = ssl_mem_malloc(len + 1); if (!load_buf) - SSL_RET(failed2, "ssl_malloc\n"); + SSL_RET(failed2, "ssl_mem_malloc\n"); ssl_memcpy(load_buf, buffer, len); load_buf[len] = '\0'; @@ -477,7 +484,7 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) mbedtls_x509_crt_init(x509_pm->x509_crt); ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1); - ssl_free(load_buf); + ssl_mem_free(load_buf); if (ret) SSL_RET(failed2, "mbedtls_x509_crt_parse, return [-0x%x]\n", -ret); @@ -485,7 +492,7 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) return 0; failed2: - ssl_free(x509_pm->x509_crt); + ssl_mem_free(x509_pm->x509_crt); x509_pm->x509_crt = NULL; failed1: return -1; @@ -495,7 +502,7 @@ int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey) { struct pkey_pm *pkey_pm; - pkey_pm = ssl_zalloc(sizeof(struct pkey_pm)); + pkey_pm = ssl_mem_zalloc(sizeof(struct pkey_pm)); if (!pkey_pm) return -1; @@ -517,11 +524,11 @@ void pkey_pm_free(EVP_PKEY *pk) if (pkey_pm->pkey) { mbedtls_pk_free(pkey_pm->pkey); - ssl_free(pkey_pm->pkey); + ssl_mem_free(pkey_pm->pkey); pkey_pm->pkey = NULL; } - ssl_free(pk->pkey_pm); + ssl_mem_free(pk->pkey_pm); pk->pkey_pm = NULL; } @@ -535,14 +542,14 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) mbedtls_pk_free(pkey_pm->pkey); if (!pkey_pm->pkey) { - pkey_pm->pkey = ssl_malloc(sizeof(mbedtls_pk_context)); + pkey_pm->pkey = ssl_mem_malloc(sizeof(mbedtls_pk_context)); if (!pkey_pm->pkey) - SSL_RET(failed1, "ssl_malloc\n"); + SSL_RET(failed1, "ssl_mem_malloc\n"); } - load_buf = ssl_malloc(len + 1); + load_buf = ssl_mem_malloc(len + 1); if (!load_buf) - SSL_RET(failed2, "ssl_malloc\n"); + SSL_RET(failed2, "ssl_mem_malloc\n"); ssl_memcpy(load_buf, buffer, len); load_buf[len] = '\0'; @@ -552,7 +559,7 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) mbedtls_pk_init(pkey_pm->pkey); ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len + 1, NULL, 0); - ssl_free(load_buf); + ssl_mem_free(load_buf); if (ret) SSL_RET(failed2, "mbedtls_pk_parse_key, return [-0x%x]\n", -ret); @@ -560,7 +567,7 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) return 0; failed2: - ssl_free(pkey_pm->pkey); + ssl_mem_free(pkey_pm->pkey); pkey_pm->pkey = NULL; failed1: return -1; diff --git a/components/openssl/platform/ssl_port.c b/components/openssl/platform/ssl_port.c index b57e703a17..9fbc44deb6 100644 --- a/components/openssl/platform/ssl_port.c +++ b/components/openssl/platform/ssl_port.c @@ -15,6 +15,7 @@ #include "ssl_port.h" #include "string.h" #include "malloc.h" +#include "esp_system.h" /*********************************************************************************************/ /********************************* SSL general interface *************************************/ @@ -51,10 +52,11 @@ size_t ssl_strlen(const char *src) void ssl_speed_up_enter(void) { - + system_update_cpu_freq(SYS_CPU_160MHZ); } void ssl_speed_up_exit(void) { - + system_update_cpu_freq(SYS_CPU_80MHZ); } + -- 2.40.0