components/openssl: refactor the SSL port function and debug function

components/openssl/include/internal/ssl_dbg.h

@@ -15,21 +15,33 @@
 #ifndef _SSL_DEBUG_H_
 #define _SSL_DEBUG_H_
 
+#include "platform/ssl_opt.h"
+#include "platform/ssl_port.h"
+
 #ifdef __cplusplus
  extern "C" {
 #endif
 
-#define SSL_DEBUG_ENBALE 1
+#ifndef SSL_DEBUG_ENBALE
+#define SSL_DEBUG_ENBALE 0
+#endif
+
+#ifndef SSL_DEBUG_LEVEL
 #define SSL_DEBUG_LEVEL 0
-#define SSL_ASSERT_ENABLE 1
+#endif
-#define SSL_DEBUG_LOCATION_ENABLE 1
 
-#if SSL_DEBUG_ENBALE
+#ifndef SSL_ASSERT_ENABLE
-    extern int ets_printf(const char *fmt, ...);
+#define SSL_ASSERT_ENABLE 0
+#endif
 
-    #define SSL_PRINT ets_printf
+#ifndef SSL_DEBUG_LOCATION_ENABLE
-#else
+#define SSL_DEBUG_LOCATION_ENABLE 0
-    #define SSL_PRINT(...)
+#endif
+
+#ifndef SSL_PRINT
+    #include "stdio.h"
+    extern int printf(const char *fmt, ...);
+    #define SSL_PRINT printf
 #endif
 
 #if SSL_DEBUG_LOCATION_ENABLE

components/openssl/include/platform/ssl_opt.h

@@ -0,0 +1,48 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef _SSL_OPT_H_
+#define _SSL_OPT_H_
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/**
+ * if not define "ESP32_IDF_PLATFORM", system will use esp8266 platform interface
+ */
+#define ESP32_IDF_PLATFORM
+
+/**
+ * openssl debug print function enable
+ */
+#define SSL_DEBUG_ENBALE 0
+
+/** 
+ * openssl debug print function level. function whose level is lower that "SSL_DEBUG_LEVEL"
+ * will not print message
+ */
+#define SSL_DEBUG_LEVEL 0
+
+/**
+ * openssl assert function enable, it will check the input paramter and print the message
+ */
+#define SSL_ASSERT_ENABLE 0
+
+/**
+ * openssl location function enable, it will print location of the positioning error
+ */
+#define SSL_DEBUG_LOCATION_ENABLE 0
+
+#endif

components/openssl/include/platform/ssl_port.h

@@ -19,11 +19,15 @@
  extern "C" {
 #endif
 
+#include "platform/ssl_opt.h"
+
+#ifdef ESP32_IDF_PLATFORM
+
 #include "esp_types.h"
 
-void* ssl_zalloc(size_t size);
+void *ssl_mem_zalloc(size_t size);
-void *ssl_malloc(size_t size);
+void *ssl_mem_malloc(size_t size);
-void ssl_free(void *p);
+void ssl_mem_free(void *p);
 
 void* ssl_memcpy(void *to, const void *from, size_t size);
 size_t ssl_strlen(const char *src);
@@ -31,4 +35,10 @@ size_t ssl_strlen(const char *src);
 void ssl_speed_up_enter(void);
 void ssl_speed_up_exit(void);
 
+#elif defined(SSL_PLATFORM_USER_INCLUDE)
+
+SSL_PLATFORM_USER_INCLUDE
+
+#endif
+
 #endif

components/openssl/library/ssl_cert.c

@@ -28,9 +28,9 @@ CERT *__ssl_cert_new(CERT *ic)
     X509 *ix;
     EVP_PKEY *ipk;
 
-    cert = ssl_zalloc(sizeof(CERT));
+    cert = ssl_mem_zalloc(sizeof(CERT));
     if (!cert)
-        SSL_RET(failed1, "ssl_zalloc\n");
+        SSL_RET(failed1, "ssl_mem_zalloc\n");
 
     if (ic) {
         ipk = ic->pkey;
@@ -53,7 +53,7 @@ CERT *__ssl_cert_new(CERT *ic)
 failed3:
     EVP_PKEY_free(cert->pkey);
 failed2:
-    ssl_free(cert);
+    ssl_mem_free(cert);
 failed1:
     return NULL;
 }
@@ -75,5 +75,5 @@ void ssl_cert_free(CERT *cert)
 
     EVP_PKEY_free(cert->pkey);
 
-    ssl_free(cert);
+    ssl_mem_free(cert);
 }

components/openssl/library/ssl_lib.c

@@ -124,9 +124,9 @@ SSL_SESSION* SSL_SESSION_new(void)
 {
     SSL_SESSION *session;
 
-    session = ssl_zalloc(sizeof(SSL_SESSION));
+    session = ssl_mem_zalloc(sizeof(SSL_SESSION));
     if (!session)
-        SSL_RET(failed1, "ssl_zalloc\n");
+        SSL_RET(failed1, "ssl_mem_zalloc\n");
 
     session->peer = X509_new();
     if (!session->peer)
@@ -135,7 +135,7 @@ SSL_SESSION* SSL_SESSION_new(void)
     return session;
 
 failed2:
-    ssl_free(session);
+    ssl_mem_free(session);
 failed1:
     return NULL;
 }
@@ -146,7 +146,7 @@ failed1:
 void SSL_SESSION_free(SSL_SESSION *session)
 {
     X509_free(session->peer);
-    ssl_free(session);
+    ssl_mem_free(session);
 }
 
 /**
@@ -168,9 +168,9 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method)
     if (!cert)
         SSL_RET(go_failed2, "ssl_cert_new\n");
 
-    ctx = (SSL_CTX *)ssl_zalloc(sizeof(SSL_CTX));
+    ctx = (SSL_CTX *)ssl_mem_zalloc(sizeof(SSL_CTX));
     if (!ctx)
-        SSL_RET(go_failed3, "ssl_zalloc:ctx\n");
+        SSL_RET(go_failed3, "ssl_mem_zalloc:ctx\n");
 
     ctx->method = method;
     ctx->client_CA = client_ca;
@@ -199,7 +199,7 @@ void SSL_CTX_free(SSL_CTX* ctx)
 
     X509_free(ctx->client_CA);
 
-    ssl_free(ctx);
+    ssl_mem_free(ctx);
 }
 
 /**
@@ -238,9 +238,9 @@ SSL *SSL_new(SSL_CTX *ctx)
     if (!ctx)
         SSL_RET(failed1, "ctx:NULL\n");
 
-    ssl = (SSL *)ssl_zalloc(sizeof(SSL));
+    ssl = (SSL *)ssl_mem_zalloc(sizeof(SSL));
     if (!ssl)
-        SSL_RET(failed1, "ssl_zalloc\n");
+        SSL_RET(failed1, "ssl_mem_zalloc\n");
 
     ssl->session = SSL_SESSION_new();
     if (!ssl->session)
@@ -277,7 +277,7 @@ failed4:
 failed3:
     SSL_SESSION_free(ssl->session);
 failed2:
-    ssl_free(ssl);
+    ssl_mem_free(ssl);
 failed1:
     return NULL;
 }
@@ -297,7 +297,7 @@ void SSL_free(SSL *ssl)
 
     SSL_SESSION_free(ssl->session);
 
-    ssl_free(ssl);
+    ssl_mem_free(ssl);
 }
 
 /**
@@ -343,7 +343,7 @@ int SSL_shutdown(SSL *ssl)
 
     SSL_ASSERT(ssl);
 
-    if (SSL_get_state(ssl) != TLS_ST_OK) return 0;
+    if (SSL_get_state(ssl) != TLS_ST_OK) return 1;
 
     ret = SSL_METHOD_CALL(shutdown, ssl);
 

components/openssl/library/ssl_pkey.c

@@ -25,9 +25,9 @@ EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
     int ret;
     EVP_PKEY *pkey;
 
-    pkey = ssl_zalloc(sizeof(EVP_PKEY));
+    pkey = ssl_mem_zalloc(sizeof(EVP_PKEY));
     if (!pkey)
-        SSL_RET(failed1, "ssl_zalloc\n");
+        SSL_RET(failed1, "ssl_mem_zalloc\n");
 
     if (ipk) {
         pkey->method = ipk->method;
@@ -42,7 +42,7 @@ EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
     return pkey;
 
 failed2:
-    ssl_free(pkey);
+    ssl_mem_free(pkey);
 failed1:
     return NULL;
 }
@@ -62,7 +62,7 @@ void EVP_PKEY_free(EVP_PKEY *pkey)
 {
     EVP_PKEY_METHOD_CALL(free, pkey);
 
-    ssl_free(pkey);
+    ssl_mem_free(pkey);
 }
 
 /**

components/openssl/library/ssl_stack.c

@@ -30,13 +30,13 @@ OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c)
     OPENSSL_STACK *stack;
     char **data;
 
-    stack = ssl_zalloc(sizeof(OPENSSL_STACK));
+    stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK));
     if (!stack)
-        SSL_RET(failed1, "ssl_zalloc\n");
+        SSL_RET(failed1, "ssl_mem_zalloc\n");
 
-    data = ssl_zalloc(sizeof(*data) * MIN_NODES);
+    data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES);
     if (!data)
-        SSL_RET(failed2, "ssl_zalloc\n");
+        SSL_RET(failed2, "ssl_mem_zalloc\n");
 
     stack->data = data;
     stack->num_alloc = MIN_NODES;
@@ -45,7 +45,7 @@ OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c)
     return stack;
 
 failed2:
-    ssl_free(stack);
+    ssl_mem_free(stack);
 failed1:
     return NULL;
 }
@@ -65,6 +65,6 @@ void OPENSSL_sk_free(OPENSSL_STACK *stack)
 {
     SSL_ASSERT(stack);
 
-    ssl_free(stack->data);
+    ssl_mem_free(stack->data);
-    ssl_free(stack);
+    ssl_mem_free(stack);
 }

components/openssl/library/ssl_x509.c

@@ -33,9 +33,9 @@ X509* __X509_new(X509 *ix)
     int ret;
     X509 *x;
 
-    x = ssl_zalloc(sizeof(X509));
+    x = ssl_mem_zalloc(sizeof(X509));
     if (!x)
-        SSL_RET(failed1, "ssl_malloc\n");
+        SSL_RET(failed1, "ssl_mem_zalloc\n");
 
     if (ix)
         x->method = ix->method;
@@ -49,7 +49,7 @@ X509* __X509_new(X509 *ix)
     return x;
 
 failed2:
-    ssl_free(x);
+    ssl_mem_free(x);
 failed1:
     return NULL;
 }
@@ -69,7 +69,7 @@ void X509_free(X509 *x)
 {
     X509_METHOD_CALL(free, x);
 
-    ssl_free(x);
+    ssl_mem_free(x);
 };
 
 /**

components/openssl/platform/ssl_pm.c

@@ -86,9 +86,15 @@ int ssl_pm_new(SSL *ssl)
 
     const SSL_METHOD *method = ssl->method;
 
-    ssl_pm = ssl_zalloc(sizeof(struct ssl_pm));
+    ssl_pm = ssl_mem_zalloc(sizeof(struct ssl_pm));
     if (!ssl_pm)
-        SSL_ERR(ret, failed1, "ssl_zalloc\n");
+        SSL_ERR(ret, failed1, "ssl_mem_zalloc\n");
+
+    if (ssl->ctx->read_buffer_len < 2048 || 
+        ssl->ctx->read_buffer_len > 8192)
+        return -1;
+
+    max_content_len = ssl->ctx->read_buffer_len;
     
     mbedtls_net_init(&ssl_pm->fd);
     mbedtls_net_init(&ssl_pm->cl_fd);
@@ -144,6 +150,7 @@ failed3:
     mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
 failed2:
     mbedtls_entropy_free(&ssl_pm->entropy);
+    ssl_mem_free(ssl_pm);
 failed1:
     return -1;
 }
@@ -160,7 +167,7 @@ void ssl_pm_free(SSL *ssl)
     mbedtls_ssl_config_free(&ssl_pm->conf);
     mbedtls_ssl_free(&ssl_pm->ssl);
 
-    ssl_free(ssl_pm);
+    ssl_mem_free(ssl_pm);
     ssl->ssl_pm = NULL;
 }
 
@@ -392,7 +399,7 @@ int x509_pm_show_info(X509 *x)
     if (!x509_crt)
         return -1;
 
-    buf = ssl_malloc(X509_INFO_STRING_LENGTH);
+    buf = ssl_mem_malloc(X509_INFO_STRING_LENGTH);
     if (!buf)
         SSL_RET(failed1, "");
 
@@ -401,14 +408,14 @@ int x509_pm_show_info(X509 *x)
         SSL_RET(failed2, "");
     buf[ret] = 0;
 
-    ssl_free(buf);
+    ssl_mem_free(buf);
 
     SSL_PRINT("%s", buf);
 
     return 0;
 
 failed2:
-    ssl_free(buf);
+    ssl_mem_free(buf);
 failed1:
     return -1;
 }
@@ -417,9 +424,9 @@ int x509_pm_new(X509 *x, X509 *m_x)
 {
     struct x509_pm *x509_pm;
 
-    x509_pm = ssl_zalloc(sizeof(struct x509_pm));
+    x509_pm = ssl_mem_zalloc(sizeof(struct x509_pm));
     if (!x509_pm)
-        SSL_RET(failed1, "ssl_zalloc\n");
+        SSL_RET(failed1, "ssl_mem_zalloc\n");
 
     x->x509_pm = x509_pm;
 
@@ -442,11 +449,11 @@ void x509_pm_free(X509 *x)
     if (x509_pm->x509_crt) {
         mbedtls_x509_crt_free(x509_pm->x509_crt);
 
-        ssl_free(x509_pm->x509_crt);
+        ssl_mem_free(x509_pm->x509_crt);
         x509_pm->x509_crt = NULL;
     }
 
-    ssl_free(x->x509_pm);
+    ssl_mem_free(x->x509_pm);
     x->x509_pm = NULL;
 }
 
@@ -460,14 +467,14 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len)
         mbedtls_x509_crt_free(x509_pm->x509_crt);
 
     if (!x509_pm->x509_crt) {
-        x509_pm->x509_crt = ssl_malloc(sizeof(mbedtls_x509_crt));
+        x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt));
         if (!x509_pm->x509_crt)
-            SSL_RET(failed1, "ssl_malloc\n");
+            SSL_RET(failed1, "ssl_mem_malloc\n");
     }
 
-    load_buf = ssl_malloc(len + 1);
+    load_buf = ssl_mem_malloc(len + 1);
     if (!load_buf)
-        SSL_RET(failed2, "ssl_malloc\n");
+        SSL_RET(failed2, "ssl_mem_malloc\n");
 
     ssl_memcpy(load_buf, buffer, len);
     load_buf[len] = '\0';
@@ -477,7 +484,7 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len)
     mbedtls_x509_crt_init(x509_pm->x509_crt);
 
     ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1);
-    ssl_free(load_buf);
+    ssl_mem_free(load_buf);
 
     if (ret)
         SSL_RET(failed2, "mbedtls_x509_crt_parse, return [-0x%x]\n", -ret);
@@ -485,7 +492,7 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len)
     return 0;
 
 failed2:
-    ssl_free(x509_pm->x509_crt);
+    ssl_mem_free(x509_pm->x509_crt);
     x509_pm->x509_crt = NULL;
 failed1:
     return -1;
@@ -495,7 +502,7 @@ int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey)
 {
     struct pkey_pm *pkey_pm;
 
-    pkey_pm = ssl_zalloc(sizeof(struct pkey_pm));
+    pkey_pm = ssl_mem_zalloc(sizeof(struct pkey_pm));
     if (!pkey_pm)
         return -1;
 
@@ -517,11 +524,11 @@ void pkey_pm_free(EVP_PKEY *pk)
     if (pkey_pm->pkey) {
         mbedtls_pk_free(pkey_pm->pkey);
 
-        ssl_free(pkey_pm->pkey);
+        ssl_mem_free(pkey_pm->pkey);
         pkey_pm->pkey = NULL;
     }
 
-    ssl_free(pk->pkey_pm);
+    ssl_mem_free(pk->pkey_pm);
     pk->pkey_pm = NULL;
 }
 
@@ -535,14 +542,14 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len)
         mbedtls_pk_free(pkey_pm->pkey);
 
     if (!pkey_pm->pkey) {
-        pkey_pm->pkey = ssl_malloc(sizeof(mbedtls_pk_context));
+        pkey_pm->pkey = ssl_mem_malloc(sizeof(mbedtls_pk_context));
         if (!pkey_pm->pkey)
-            SSL_RET(failed1, "ssl_malloc\n");
+            SSL_RET(failed1, "ssl_mem_malloc\n");
     }
 
-    load_buf = ssl_malloc(len + 1);
+    load_buf = ssl_mem_malloc(len + 1);
     if (!load_buf)
-        SSL_RET(failed2, "ssl_malloc\n");
+        SSL_RET(failed2, "ssl_mem_malloc\n");
 
     ssl_memcpy(load_buf, buffer, len);
     load_buf[len] = '\0';
@@ -552,7 +559,7 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len)
     mbedtls_pk_init(pkey_pm->pkey);
 
     ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len + 1, NULL, 0);
-    ssl_free(load_buf);
+    ssl_mem_free(load_buf);
 
     if (ret)
         SSL_RET(failed2, "mbedtls_pk_parse_key, return [-0x%x]\n", -ret);
@@ -560,7 +567,7 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len)
     return 0;
 
 failed2:
-    ssl_free(pkey_pm->pkey);
+    ssl_mem_free(pkey_pm->pkey);
     pkey_pm->pkey = NULL;
 failed1:
     return -1;

components/openssl/platform/ssl_port.c

@@ -15,6 +15,7 @@
 #include "ssl_port.h"
 #include "string.h"
 #include "malloc.h"
+#include "esp_system.h"
 
 /*********************************************************************************************/
 /********************************* SSL general interface *************************************/
@@ -51,10 +52,11 @@ size_t ssl_strlen(const char *src)
 
 void ssl_speed_up_enter(void)
 {
-
+    system_update_cpu_freq(SYS_CPU_160MHZ);
 }
 
 void ssl_speed_up_exit(void)
 {
-
+    system_update_cpu_freq(SYS_CPU_80MHZ);
 }
+