Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

components/mbedtls: MBEDTLS Handshake result check

Browse source 
modify esp_config.h add some feature for support http2.0 protocol, TLS Handshake OK.
This commit is contained in:
liuhan 2016-08-30 20:40:58 +08:00 committed by Wu Jian Gang
parent 0f83831c74
commit 2d80fada70
11 changed files with 659 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
components/esp32/aes.c
View file

@ -64,7 +64,7 @@ int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key,
unsigned int keybits )
{
enum AES_BITS keybit;
uint16 keybyte = keybits / 8;
uint16_t keybyte = keybits / 8;
switch (keybits){
case 128:
keybit = AES128;
@ -95,7 +95,7 @@ int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key,
unsigned int keybits )
{
enum AES_BITS keybit;
uint16 keybyte = keybits / 8;
uint16_t keybyte = keybits / 8;
switch (keybits){
case 128:
keybit = AES128;

7
components/esp32/bignum.c
View file

@ -1018,9 +1018,9 @@ static void esp_mpi_mul_hlp( size_t i, esp_mpi_uint *s, esp_mpi_uint *d, esp_mpi
static int mul_pram_alloc( mpi *X, const mpi *A, const mpi *B, char **pA, char **pB, char **pX, size_t *bites)
{
char *sa, *sb, *sx;
int algn;
// int algn;
int words, bytes;
int abytes, bbytes, cbytes;
int abytes, bbytes;
if (A->n > B->n)
words = A->n;
@ -2178,6 +2178,3 @@ cleanup:
return( ret );
}
#endif /* ESP_BIGNUM_ALT */

6
components/esp32/include/aes.h
View file

@ -24,7 +24,7 @@
#ifndef ESP_AES_H
#define ESP_AES_H
#include "c_types.h"
#include "esp_types.h"
#include "rom/ets_sys.h"
#include "rom/aes.h"
@ -41,8 +41,8 @@ extern "C" {
typedef struct{
bool flag;
uint16 keybites;
uint8 key[32];
uint16_t keybites;
uint8_t key[32];
}key_context, KEY_CTX;
/**

2
components/esp32/include/bignum.h
View file

@ -23,7 +23,7 @@
#ifndef _ESP_BIGNUM_H
#define _ESP_BIGNUM_H
#include "c_types.h"
#include "esp_types.h"
#include "rom/ets_sys.h"
#include "rom/bigint.h"

2
components/esp32/include/esp_crypto.h
View file

@ -1,7 +1,7 @@
#ifndef _MULTI_CRYPTO_H_
#define _MULTI_CRYPTO_H_
#include "c_types.h"
#include "esp_types.h"
#include "rom/ets_sys.h"
#ifdef __cplusplus

4
components/esp32/include/sha.h
View file

@ -6,7 +6,7 @@
#ifndef _ESP_SHA_H_
#define _ESP_SHA_H_
#include "c_types.h"
#include "esp_types.h"
#include "rom/ets_sys.h"
#include "rom/sha.h"
@ -164,6 +164,8 @@ typedef sha_context SHA512_CTX;
*/
void esp_sha512_init( SHA512_CTX *ctx );
void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] );
/**
* \brief Clear SHA-512 context
*

5
components/esp32/sha.c
View file

@ -205,6 +205,11 @@ void esp_sha512_init( SHA512_CTX *ctx )
SHA_UNLOCK();
}
void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] )
{
}
void esp_sha512_free( SHA512_CTX *ctx )
{
if( ctx == NULL )

147
components/mbedtls/include/mbedtls/esp_config.h
View file

@ -225,7 +225,7 @@
* Uncomment a macro to enable alternate implementation of the corresponding
* module.
*/
#define MBEDTLS_AES_ALT
//#define MBEDTLS_AES_ALT
//#define MBEDTLS_ARC4_ALT
//#define MBEDTLS_BLOWFISH_ALT
//#define MBEDTLS_CAMELLIA_ALT
@ -235,11 +235,11 @@
//#define MBEDTLS_MD4_ALT
//#define MBEDTLS_MD5_ALT
//#define MBEDTLS_RIPEMD160_ALT
#define MBEDTLS_SHA1_ALT
#define MBEDTLS_SHA256_ALT
#define MBEDTLS_SHA512_ALT
//#define MBEDTLS_SHA1_ALT
//#define MBEDTLS_SHA256_ALT
//#define MBEDTLS_SHA512_ALT
#define MBEDTLS_BIGNUM_ALT
//#define MBEDTLS_BIGNUM_ALT
/**
* \def MBEDTLS_MD2_PROCESS_ALT
*
@ -374,10 +374,10 @@
*
* Enable padding modes in the cipher layer.
*/
//#define MBEDTLS_CIPHER_PADDING_PKCS7
//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
//#define MBEDTLS_CIPHER_PADDING_ZEROS
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
#define MBEDTLS_CIPHER_PADDING_ZEROS
/**
* \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
@ -415,18 +415,18 @@
*
* Comment macros to disable the curve and functions for it
*/
//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
//#define MBEDTLS_ECP_DP_BP256R1_ENABLED
//#define MBEDTLS_ECP_DP_BP384R1_ENABLED
//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
/**
* \def MBEDTLS_ECP_NIST_OPTIM
@ -437,7 +437,7 @@
*
* Comment this macro to disable NIST curves optimisation.
*/
//#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_ECP_NIST_OPTIM
/**
* \def MBEDTLS_ECDSA_DETERMINISTIC
@ -451,7 +451,7 @@
*
* Comment this macro to disable deterministic ECDSA.
*/
//#define MBEDTLS_ECDSA_DETERMINISTIC
#define MBEDTLS_ECDSA_DETERMINISTIC
/**
* \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
@ -473,7 +473,7 @@
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
*/
//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
@ -497,7 +497,7 @@
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
*/
//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@ -517,7 +517,7 @@
* MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
*/
//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@ -596,7 +596,7 @@
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*/
//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@ -621,7 +621,7 @@
* MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
*/
//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@ -645,7 +645,7 @@
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
*/
//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@ -669,7 +669,7 @@
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
*/
//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@ -693,7 +693,7 @@
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
*/
//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
@ -946,7 +946,7 @@
*
* Comment this macro to disable support for Encrypt-then-MAC
*/
//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
*
@ -964,7 +964,7 @@
*
* Comment this macro to disable support for Extended Master Secret.
*/
//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
/**
* \def MBEDTLS_SSL_FALLBACK_SCSV
@ -981,7 +981,7 @@
*
* Comment this macro to disable support for FALLBACK_SCSV
*/
//#define MBEDTLS_SSL_FALLBACK_SCSV
#define MBEDTLS_SSL_FALLBACK_SCSV
/**
* \def MBEDTLS_SSL_HW_RECORD_ACCEL
@ -1018,7 +1018,7 @@
*
* Comment this to disable support for renegotiation.
*/
//#define MBEDTLS_SSL_RENEGOTIATION
#define MBEDTLS_SSL_RENEGOTIATION
/**
* \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@ -1047,7 +1047,7 @@
*
* Comment this macro to disable support for the max_fragment_length extension
*/
//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
/**
* \def MBEDTLS_SSL_PROTO_SSL3
@ -1059,7 +1059,7 @@
*
* Comment this macro to disable support for SSL 3.0
*/
//#define MBEDTLS_SSL_PROTO_SSL3
#define MBEDTLS_SSL_PROTO_SSL3
/**
* \def MBEDTLS_SSL_PROTO_TLS1
@ -1110,7 +1110,7 @@
*
* Comment this macro to disable support for DTLS
*/
//#define MBEDTLS_SSL_PROTO_DTLS
#define MBEDTLS_SSL_PROTO_DTLS
/**
* \def MBEDTLS_SSL_ALPN
@ -1119,7 +1119,7 @@
*
* Comment this macro to disable support for ALPN.
*/
//#define MBEDTLS_SSL_ALPN
#define MBEDTLS_SSL_ALPN
/**
* \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
@ -1134,7 +1134,7 @@
*
* Comment this to disable anti-replay in DTLS.
*/
//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
/**
* \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
@ -1152,7 +1152,7 @@
*
* Comment this to disable support for HelloVerifyRequest.
*/
//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
/**
* \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
@ -1168,7 +1168,7 @@
*
* Comment this to disable support for clients reusing the source port.
*/
//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
/**
* \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
@ -1179,7 +1179,7 @@
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*/
//#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
/**
* \def MBEDTLS_SSL_SESSION_TICKETS
@ -1193,7 +1193,7 @@
*
* Comment this macro to disable support for SSL session tickets
*/
//#define MBEDTLS_SSL_SESSION_TICKETS
#define MBEDTLS_SSL_SESSION_TICKETS
/**
* \def MBEDTLS_SSL_EXPORT_KEYS
@ -1203,7 +1203,7 @@
*
* Comment this macro to disable support for key export
*/
//#define MBEDTLS_SSL_EXPORT_KEYS
#define MBEDTLS_SSL_EXPORT_KEYS
/**
* \def MBEDTLS_SSL_SERVER_NAME_INDICATION
@ -1223,7 +1223,7 @@
*
* Comment this macro to disable support for truncated HMAC in SSL
*/
//#define MBEDTLS_SSL_TRUNCATED_HMAC
#define MBEDTLS_SSL_TRUNCATED_HMAC
/**
* \def MBEDTLS_THREADING_ALT
@ -1258,7 +1258,7 @@
*
* Comment this to disable run-time checking and save ROM space
*/
//#define MBEDTLS_VERSION_FEATURES
#define MBEDTLS_VERSION_FEATURES
/**
* \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
@ -1294,7 +1294,7 @@
*
* Comment to skip keyUsage checking for both CA and leaf certificates.
*/
//#define MBEDTLS_X509_CHECK_KEY_USAGE
#define MBEDTLS_X509_CHECK_KEY_USAGE
/**
* \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
@ -1307,7 +1307,7 @@
*
* Comment to skip extendedKeyUsage checking for certificates.
*/
//#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
/**
* \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
@ -1317,7 +1317,7 @@
*
* Comment this macro to disallow using RSASSA-PSS in certificates.
*/
//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
/**
* \def MBEDTLS_ZLIB_SUPPORT
@ -1459,7 +1459,7 @@
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
*/
//#define MBEDTLS_ARC4_C
#define MBEDTLS_ARC4_C
/**
* \def MBEDTLS_ASN1_PARSE_C
@ -1524,7 +1524,7 @@
*
* Module: library/blowfish.c
*/
//#define MBEDTLS_BLOWFISH_C
#define MBEDTLS_BLOWFISH_C
/**
* \def MBEDTLS_CAMELLIA_C
@ -1579,7 +1579,7 @@
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
*/
//#define MBEDTLS_CAMELLIA_C
#define MBEDTLS_CAMELLIA_C
/**
* \def MBEDTLS_CCM_C
@ -1593,7 +1593,7 @@
* This module enables the AES-CCM ciphersuites, if other requisites are
* enabled as well.
*/
//#define MBEDTLS_CCM_C
#define MBEDTLS_CCM_C
/**
* \def MBEDTLS_CERTS_C
@ -1605,7 +1605,7 @@
*
* This module is used for testing (ssl_client/server).
*/
//#define MBEDTLS_CERTS_C
#define MBEDTLS_CERTS_C
/**
* \def MBEDTLS_CIPHER_C
@ -1645,7 +1645,7 @@
*
* This module provides debugging functions.
*/
//#define MBEDTLS_DEBUG_C
#define MBEDTLS_DEBUG_C
/**
* \def MBEDTLS_DES_C
@ -1671,7 +1671,7 @@
*
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
*/
//#define MBEDTLS_DES_C
#define MBEDTLS_DES_C
/**
* \def MBEDTLS_DHM_C
@ -1685,7 +1685,7 @@
* This module is used by the following key exchanges:
* DHE-RSA, DHE-PSK
*/
//#define MBEDTLS_DHM_C
#define MBEDTLS_DHM_C
/**
* \def MBEDTLS_ECDH_C
@ -1701,7 +1701,7 @@
*
* Requires: MBEDTLS_ECP_C
*/
//#define MBEDTLS_ECDH_C
#define MBEDTLS_ECDH_C
/**
* \def MBEDTLS_ECDSA_C
@ -1716,7 +1716,7 @@
*
* Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
*/
//#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECDSA_C
/**
* \def MBEDTLS_ECJPAKE_C
@ -1749,7 +1749,7 @@
*
* Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
*/
//#define MBEDTLS_ECP_C
#define MBEDTLS_ECP_C
/**
* \def MBEDTLS_ENTROPY_C
@ -1775,7 +1775,7 @@
*
* This module enables mbedtls_strerror().
*/
//#define MBEDTLS_ERROR_C
#define MBEDTLS_ERROR_C
/**
* \def MBEDTLS_GCM_C
@ -1789,7 +1789,7 @@
* This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
* requisites are enabled as well.
*/
//#define MBEDTLS_GCM_C //764 Byte
#define MBEDTLS_GCM_C
/**
* \def MBEDTLS_HAVEGE_C
@ -1826,7 +1826,7 @@
*
* Uncomment to enable the HMAC_DRBG random number geerator.
*/
//#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_HMAC_DRBG_C
/**
* \def MBEDTLS_MD_C
@ -1941,7 +1941,7 @@
*
* This modules adds support for the VIA PadLock on x86.
*/
//#define MBEDTLS_PADLOCK_C
#define MBEDTLS_PADLOCK_C
/**
* \def MBEDTLS_PEM_PARSE_C
@ -2033,7 +2033,7 @@
*
* This module adds support for the PKCS#5 functions.
*/
//#define MBEDTLS_PKCS5_C
#define MBEDTLS_PKCS5_C
/**
* \def MBEDTLS_PKCS11_C
@ -2064,7 +2064,7 @@
*
* This module enables PKCS#12 functions.
*/
//#define MBEDTLS_PKCS12_C
#define MBEDTLS_PKCS12_C
/**
* \def MBEDTLS_PLATFORM_C
@ -2084,7 +2084,7 @@
*
* This module enables abstraction of common (libc) functions.
*/
//#define MBEDTLS_PLATFORM_C
#define MBEDTLS_PLATFORM_C
/**
* \def MBEDTLS_RIPEMD160_C
@ -2095,7 +2095,7 @@
* Caller: library/mbedtls_md.c
*
*/
//#define MBEDTLS_RIPEMD160_C
#define MBEDTLS_RIPEMD160_C
/**
* \def MBEDTLS_RSA_C
@ -2173,7 +2173,7 @@
*
* Requires: MBEDTLS_SSL_CACHE_C
*/
//#define MBEDTLS_SSL_CACHE_C
#define MBEDTLS_SSL_CACHE_C
/**
* \def MBEDTLS_SSL_COOKIE_C
@ -2183,7 +2183,7 @@
* Module: library/ssl_cookie.c
* Caller:
*/
//#define MBEDTLS_SSL_COOKIE_C
#define MBEDTLS_SSL_COOKIE_C
/**
* \def MBEDTLS_SSL_TICKET_C
@ -2195,7 +2195,7 @@
*
* Requires: MBEDTLS_CIPHER_C
*/
//#define MBEDTLS_SSL_TICKET_C
#define MBEDTLS_SSL_TICKET_C
/**
* \def MBEDTLS_SSL_CLI_C
@ -2466,7 +2466,8 @@
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
/* SSL options */
#define MBEDTLS_SSL_MAX_CONTENT_LEN 3072 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
#define MBEDTLS_SSL_MAX_CONTENT_LEN 5120 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */

45
components/mbedtls/port/esp_hardware.c Normal file
View file

@ -0,0 +1,45 @@
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <sys/types.h>
#include <stdlib.h>
#include <stdio.h>
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
/**
* \brief Entropy poll callback for a hardware source
*
* \warning This is not provided by mbed TLS!
* See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
*
* \note This must accept NULL as its first argument.
*/
static int os_get_random(unsigned char *buf, size_t len)
{
int i, j;
unsigned long tmp;
for (i = 0; i < ((len + 3) & ~3) / 4; i ++){
tmp = rand();
for (j = 0; j < 4; j ++){
if ((i * 4 + j) < len){
buf[i * 4 + j] = (unsigned char)(tmp >> (j * 8));
}else{
break;
}
}
}
return 0;
}
int mbedtls_hardware_poll( void *data,
unsigned char *output, size_t len, size_t *olen )
{
os_get_random(output, len);
*olen = len;
return 0;
}
#endif

1
components/mbedtls/port/include/sha512_alt.h
View file

@ -17,6 +17,7 @@ extern "C" {
typedef SHA512_CTX mbedtls_sha512_context;
#define mbedtls_sha512_init esp_sha512_init
#define mbedtls_sha512_process esp_sha512_process
#define mbedtls_sha512_clone esp_sha512_clone
#define mbedtls_sha512_starts esp_sha512_starts
#define mbedtls_sha512_update esp_sha512_update

522
components/mbedtls/port/net.c Normal file
View file

@ -0,0 +1,522 @@
/*
* TCP/IP or UDP/IP networking functions
* modified for LWIP support on ESP32
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2015 Angus Gratton
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if !defined(MBEDTLS_NET_C)
#include "mbedtls/net.h"
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
//#include <sys/time.h>
#include <unistd.h>
#include <netdb.h>
//#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include <stdint.h>
/*
* Prepare for using the sockets interface
*/
static int net_prepare( void )
{
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
WSADATA wsaData;
if( wsa_init_done == 0 )
{
if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 )
return( MBEDTLS_ERR_NET_SOCKET_FAILED );
wsa_init_done = 1;
}
#else
#endif
return( 0 );
}
/*
* Initialize a context
*/
void mbedtls_net_init( mbedtls_net_context *ctx )
{
ctx->fd = -1;
}
/*
* Initiate a TCP connection with host:port and the given protocol
*/
int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto )
{
int ret;
struct addrinfo hints, *addr_list, *cur;
if( ( ret = net_prepare() ) != 0 )
return( ret );
/* Do name resolution with both IPv6 and IPv4 */
memset( &hints, 0, sizeof( hints ) );
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
if( getaddrinfo( host, port, &hints, &addr_list ) != 0 )
return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
/* Try the sockaddrs until a connection succeeds */
ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
for( cur = addr_list; cur != NULL; cur = cur->ai_next )
{
ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
cur->ai_protocol );
if( ctx->fd < 0 )
{
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}
if( connect( ctx->fd, cur->ai_addr, cur->ai_addrlen ) == 0 )
{
ret = 0;
break;
}
close( ctx->fd );
ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
}
freeaddrinfo( addr_list );
return( ret );
}
/*
* Create a listening socket on bind_ip:port
*/
int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto )
{
int n, ret;
struct addrinfo hints, *addr_list, *cur;
if( ( ret = net_prepare() ) != 0 )
return( ret );
/* Bind to IPv6 and/or IPv4, but only in the desired protocol */
memset( &hints, 0, sizeof( hints ) );
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
if( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 )
return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
/* Try the sockaddrs until a binding succeeds */
ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
for( cur = addr_list; cur != NULL; cur = cur->ai_next )
{
ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
cur->ai_protocol );
if( ctx->fd < 0 )
{
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}
/*SO_REUSEADDR option dafault is disable in source code(lwip)*/
#if SO_REUSE
n = 1;
if( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR,
(const char *) &n, sizeof( n ) ) != 0 )
{
close( ctx->fd );
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}
#endif
/*bind interface dafault don't process the addr is 0xffffffff for TCP Protocol*/
struct sockaddr_in *serv_addr = NULL;
serv_addr = (struct sockaddr_in *)cur->ai_addr;
serv_addr->sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
if( bind( ctx->fd, (struct sockaddr *)serv_addr, cur->ai_addrlen ) != 0 )
{
close( ctx->fd );
ret = MBEDTLS_ERR_NET_BIND_FAILED;
continue;
}
/* Listen only makes sense for TCP */
if( proto == MBEDTLS_NET_PROTO_TCP )
{
if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 )
{
close( ctx->fd );
ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
continue;
}
}
/* I we ever get there, it's a success */
ret = 0;
break;
}
freeaddrinfo( addr_list );
return( ret );
}
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
/*
* Check if the requested operation would be blocking on a non-blocking socket
* and thus 'failed' with a negative return value.
*/
static int net_would_block( const mbedtls_net_context *ctx )
{
((void) ctx);
return( WSAGetLastError() == WSAEWOULDBLOCK );
}
#else
/*
* Check if the requested operation would be blocking on a non-blocking socket
* and thus 'failed' with a negative return value.
*
* Note: on a blocking socket this function always returns 0!
*/
static int net_would_block( const mbedtls_net_context *ctx )
{
/*
* Never return 'WOULD BLOCK' on a non-blocking socket
*/
if( ( fcntl( ctx->fd, F_GETFL, 0) & O_NONBLOCK ) != O_NONBLOCK )
return( 0 );
int error = 0;
get_errno(ctx->fd, &error);
switch( error )
{
#if defined EAGAIN
case EAGAIN:
#endif
#if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN
case EWOULDBLOCK:
#endif
return( 1 );
}
return( 0 );
}
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
/*
* Accept a connection from a remote client
*/
int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
mbedtls_net_context *client_ctx,
void *client_ip, size_t buf_size, size_t *ip_len )
{
int ret;
int type;
struct sockaddr_in client_addr;
socklen_t n = (socklen_t) sizeof( client_addr );
socklen_t type_len = (socklen_t) sizeof( type );
/* Is this a TCP or UDP socket? */
if( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE,
(void *) &type, (socklen_t *) &type_len ) != 0 ||
( type != SOCK_STREAM && type != SOCK_DGRAM ) )
{
return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
}
if( type == SOCK_STREAM )
{
/* TCP: actual accept() */
ret = client_ctx->fd = (int) accept( bind_ctx->fd,
(struct sockaddr *) &client_addr, &n );
}
else
{
/* UDP: wait for a message, but keep it in the queue */
char buf[1] = { 0 };
ret = recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK,
(struct sockaddr *) &client_addr, &n );
#if defined(_WIN32)
if( ret == SOCKET_ERROR &&
WSAGetLastError() == WSAEMSGSIZE )
{
/* We know buf is too small, thanks, just peeking here */
ret = 0;
}
#endif
}
if( ret < 0 )
{
if( net_would_block( bind_ctx ) != 0 )
return( MBEDTLS_ERR_SSL_WANT_READ );
return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
}
/* UDP: hijack the listening socket to communicate with the client,
* then bind a new socket to accept new connections */
if( type != SOCK_STREAM )
{
struct sockaddr_in local_addr;
int one = 1;
if( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 )
return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
client_ctx->fd = bind_ctx->fd;
bind_ctx->fd = -1; /* In case we exit early */
n = sizeof( struct sockaddr_in );
if( getsockname( client_ctx->fd,
(struct sockaddr *) &local_addr, &n ) != 0 ||
( bind_ctx->fd = (int) socket( AF_INET,
SOCK_DGRAM, IPPROTO_UDP ) ) < 0 ||
setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
(const char *) &one, sizeof( one ) ) != 0 )
{
return( MBEDTLS_ERR_NET_SOCKET_FAILED );
}
if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 )
{
return( MBEDTLS_ERR_NET_BIND_FAILED );
}
}
if( client_ip != NULL )
{
struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
*ip_len = sizeof( addr4->sin_addr.s_addr );
if( buf_size < *ip_len )
return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len );
}
return( 0 );
}
/*
* Set the socket blocking or non-blocking
*/
int mbedtls_net_set_block( mbedtls_net_context *ctx )
{
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
u_long n = 0;
return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
#else
return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) & ~O_NONBLOCK ) );
#endif
}
int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
{
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
u_long n = 1;
return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
#else
return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) | O_NONBLOCK ) );
#endif
}
/*
* Portable usleep helper
*/
void mbedtls_net_usleep( unsigned long usec )
{
#if defined(_WIN32)
Sleep( ( usec + 999 ) / 1000 );
#else
struct timeval tv;
tv.tv_sec = usec / 1000000;
#if defined(__unix__) || defined(__unix) || \
( defined(__APPLE__) && defined(__MACH__) )
tv.tv_usec = (suseconds_t) usec % 1000000;
#else
tv.tv_usec = usec % 1000000;
#endif
select( 0, NULL, NULL, NULL, &tv );
#endif
}
/*
* Read at most 'len' characters
*/
int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
{
int ret;
int fd = ((mbedtls_net_context *) ctx)->fd;
int error = 0;
get_errno(fd, &error);
if( fd < 0 )
return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
ret = (int) read( fd, buf, len );
if( ret < 0 )
{
if( net_would_block( ctx ) != 0 )
return( MBEDTLS_ERR_SSL_WANT_READ );
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
if( WSAGetLastError() == WSAECONNRESET )
return( MBEDTLS_ERR_NET_CONN_RESET );
#else
if( error == EPIPE || error == ECONNRESET )
return( MBEDTLS_ERR_NET_CONN_RESET );
if( error == EINTR )
return( MBEDTLS_ERR_SSL_WANT_READ );
#endif
return( MBEDTLS_ERR_NET_RECV_FAILED );
}
return( ret );
}
/*
* Read at most 'len' characters, blocking for at most 'timeout' ms
*/
int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
uint32_t timeout )
{
int ret;
struct timeval tv;
fd_set read_fds;
int fd = ((mbedtls_net_context *) ctx)->fd;
if( fd < 0 )
return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
FD_ZERO( &read_fds );
FD_SET( fd, &read_fds );
tv.tv_sec = timeout / 1000;
tv.tv_usec = ( timeout % 1000 ) * 1000;
ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv );
/* Zero fds ready means we timed out */
if( ret == 0 )
return( MBEDTLS_ERR_SSL_TIMEOUT );
if( ret < 0 )
{
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
if( WSAGetLastError() == WSAEINTR )
return( MBEDTLS_ERR_SSL_WANT_READ );
#else
if( errno == EINTR )
return( MBEDTLS_ERR_SSL_WANT_READ );
#endif
return( MBEDTLS_ERR_NET_RECV_FAILED );
}
/* This call will not block */
return( mbedtls_net_recv( ctx, buf, len ) );
}
/*
* Write at most 'len' characters
*/
int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
{
int ret;
int fd = ((mbedtls_net_context *) ctx)->fd;
int error = 0;
get_errno(fd, &error);
if( fd < 0 )
return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
ret = (int) write( fd, buf, len );
if( ret < 0 )
{
if( net_would_block( ctx ) != 0 )
return( MBEDTLS_ERR_SSL_WANT_WRITE );
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
if( WSAGetLastError() == WSAECONNRESET )
return( MBEDTLS_ERR_NET_CONN_RESET );
#else
if( error == EPIPE || error == ECONNRESET )
return( MBEDTLS_ERR_NET_CONN_RESET );
if( error == EINTR )
return( MBEDTLS_ERR_SSL_WANT_WRITE );
#endif
return( MBEDTLS_ERR_NET_SEND_FAILED );
}
return( ret );
}
/*
* Gracefully close the connection
*/
void mbedtls_net_free( mbedtls_net_context *ctx )
{
if( ctx->fd == -1 )
return;
shutdown( ctx->fd, 2 );
close( ctx->fd );
ctx->fd = -1;
}
#endif /* MBEDTLS_NET_C */