Merge branch 'update/remove_openssl' into 'master'

openssl: Remove deprecated component

Closes IDF-3925 and IDFCI-1102

See merge request espressif/esp-idf!17200

.gitlab/CODEOWNERS

@@ -120,7 +120,6 @@
 /components/mqtt/                     @esp-idf-codeowners/network
 /components/newlib/                   @esp-idf-codeowners/system @esp-idf-codeowners/tools
 /components/nvs_flash/                @esp-idf-codeowners/storage
-/components/openssl/                  @esp-idf-codeowners/network
 /components/openthread/               @esp-idf-codeowners/ieee802154
 /components/partition_table/          @esp-idf-codeowners/system
 /components/perfmon/                  @esp-idf-codeowners/tools

components/openssl/CMakeLists.txt

@@ -1,13 +0,0 @@
-idf_component_register(SRCS "library/ssl_cert.c"
-                            "library/ssl_lib.c"
-                            "library/ssl_methods.c"
-                            "library/ssl_pkey.c"
-                            "library/ssl_bio.c"
-                            "library/ssl_err.c"
-                            "library/ssl_stack.c"
-                            "library/ssl_x509.c"
-                            "platform/ssl_pm.c"
-                            "platform/ssl_port.c"
-                    REQUIRES mbedtls
-                    INCLUDE_DIRS include
-                    PRIV_INCLUDE_DIRS include/internal include/platform include/openssl)

components/openssl/Kconfig

@@ -1,78 +0,0 @@
-menu "OpenSSL"
-
-    config OPENSSL_DEBUG
-        bool "Enable OpenSSL debugging"
-        default n
-        help
-            Enable OpenSSL debugging function.
-
-            If the option is enabled, "SSL_DEBUG" works.
-
-    config OPENSSL_ERROR_STACK
-        bool "Enable OpenSSL error structure"
-        default y
-        help
-            Enable OpenSSL Error reporting
-
-    config OPENSSL_DEBUG_LEVEL
-        int "OpenSSL debugging level"
-        default 0
-        range 0 255
-        depends on OPENSSL_DEBUG
-        help
-            OpenSSL debugging level.
-
-            Only function whose debugging level is higher than "OPENSSL_DEBUG_LEVEL" works.
-
-            For example:
-            If OPENSSL_DEBUG_LEVEL = 2, you use function "SSL_DEBUG(1, "malloc failed")". Because 1 < 2, it will not
-            print.
-
-    config OPENSSL_LOWLEVEL_DEBUG
-        bool "Enable OpenSSL low-level module debugging"
-        default n
-        depends on OPENSSL_DEBUG
-        select MBEDTLS_DEBUG
-        help
-            If the option is enabled, low-level module debugging function of OpenSSL is enabled, e.g. mbedtls internal
-            debugging function.
-
-    choice OPENSSL_ASSERT
-        prompt "Select OpenSSL assert function"
-        default OPENSSL_ASSERT_EXIT
-        help
-            OpenSSL function needs "assert" function to check if input parameters are valid.
-
-            If you want to use assert debugging function, "OPENSSL_DEBUG" should be enabled.
-
-        config OPENSSL_ASSERT_DO_NOTHING
-            bool "Do nothing"
-            help
-                Do nothing and "SSL_ASSERT" does not work.
-
-        config OPENSSL_ASSERT_EXIT
-            bool "Check and exit"
-            help
-                Enable assert exiting, it will check and return error code.
-
-        config OPENSSL_ASSERT_DEBUG
-            bool "Show debugging message"
-            depends on OPENSSL_DEBUG
-            help
-                Enable assert debugging, it will check and show debugging message.
-
-        config OPENSSL_ASSERT_DEBUG_EXIT
-            bool "Show debugging message and exit"
-            depends on OPENSSL_DEBUG
-            help
-                Enable assert debugging and exiting, it will check, show debugging message and return error code.
-
-        config OPENSSL_ASSERT_DEBUG_BLOCK
-            bool "Show debugging message and block"
-            depends on OPENSSL_DEBUG
-            help
-                Enable assert debugging and blocking, it will check, show debugging message and block by "while (1);".
-
-    endchoice
-
-endmenu

components/openssl/include/internal/ssl3.h

@@ -1,44 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _SSL3_H_
-#define _SSL3_H_
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-# define SSL3_AD_CLOSE_NOTIFY             0
-# define SSL3_AD_UNEXPECTED_MESSAGE      10/* fatal */
-# define SSL3_AD_BAD_RECORD_MAC          20/* fatal */
-# define SSL3_AD_DECOMPRESSION_FAILURE   30/* fatal */
-# define SSL3_AD_HANDSHAKE_FAILURE       40/* fatal */
-# define SSL3_AD_NO_CERTIFICATE          41
-# define SSL3_AD_BAD_CERTIFICATE         42
-# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
-# define SSL3_AD_CERTIFICATE_REVOKED     44
-# define SSL3_AD_CERTIFICATE_EXPIRED     45
-# define SSL3_AD_CERTIFICATE_UNKNOWN     46
-# define SSL3_AD_ILLEGAL_PARAMETER       47/* fatal */
-
-# define SSL3_AL_WARNING                  1
-# define SSL3_AL_FATAL                    2
-
-#define SSL3_VERSION                 0x0300
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

components/openssl/include/internal/ssl_cert.h

@@ -1,55 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _SSL_CERT_H_
-#define _SSL_CERT_H_
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#include "ssl_types.h"
-
-/**
- * @brief create a certification object include private key object according to input certification
- *
- * @param ic - input certification point
- *
- * @return certification object point
- */
-CERT *__ssl_cert_new(CERT *ic);
-
-/**
- * @brief create a certification object include private key object
- *
- * @param none
- *
- * @return certification object point
- */
-CERT* ssl_cert_new(void);
-
-/**
- * @brief free a certification object
- *
- * @param cert - certification object point
- *
- * @return none
- */
-void ssl_cert_free(CERT *cert);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

components/openssl/include/internal/ssl_code.h

@@ -1,128 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _SSL_CODE_H_
-#define _SSL_CODE_H_
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#include "ssl3.h"
-#include "tls1.h"
-#include "x509_vfy.h"
-
-/* Used in SSL_set_mode() -- supported mode when using BIO */
-#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
-#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
-
-/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
-# define SSL_SENT_SHUTDOWN       1
-# define SSL_RECEIVED_SHUTDOWN   2
-
-# define SSL_VERIFY_NONE                 0x00
-# define SSL_VERIFY_PEER                 0x01
-# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
-# define SSL_VERIFY_CLIENT_ONCE          0x04
-
-/*
- * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
- * should not need these
- */
-# define SSL_ST_READ_HEADER                      0xF0
-# define SSL_ST_READ_BODY                        0xF1
-# define SSL_ST_READ_DONE                        0xF2
-
-# define SSL_NOTHING            1
-# define SSL_WRITING            2
-# define SSL_READING            3
-# define SSL_X509_LOOKUP        4
-# define SSL_ASYNC_PAUSED       5
-# define SSL_ASYNC_NO_JOBS      6
-
-
-# define SSL_ERROR_NONE                  0
-# define SSL_ERROR_SSL                   1
-# define SSL_ERROR_WANT_READ             2
-# define SSL_ERROR_WANT_WRITE            3
-# define SSL_ERROR_WANT_X509_LOOKUP      4
-# define SSL_ERROR_SYSCALL               5/* look at error stack/return value/errno */
-# define SSL_ERROR_ZERO_RETURN           6
-# define SSL_ERROR_WANT_CONNECT          7
-# define SSL_ERROR_WANT_ACCEPT           8
-# define SSL_ERROR_WANT_ASYNC            9
-# define SSL_ERROR_WANT_ASYNC_JOB       10
-
-/* Message flow states */
-typedef enum {
-    /* No handshake in progress */
-    MSG_FLOW_UNINITED,
-    /* A permanent error with this connection */
-    MSG_FLOW_ERROR,
-    /* We are about to renegotiate */
-    MSG_FLOW_RENEGOTIATE,
-    /* We are reading messages */
-    MSG_FLOW_READING,
-    /* We are writing messages */
-    MSG_FLOW_WRITING,
-    /* Handshake has finished */
-    MSG_FLOW_FINISHED
-} MSG_FLOW_STATE;
-
-/* SSL subsystem states */
-typedef enum {
-    TLS_ST_BEFORE,
-    TLS_ST_OK,
-    DTLS_ST_CR_HELLO_VERIFY_REQUEST,
-    TLS_ST_CR_SRVR_HELLO,
-    TLS_ST_CR_CERT,
-    TLS_ST_CR_CERT_STATUS,
-    TLS_ST_CR_KEY_EXCH,
-    TLS_ST_CR_CERT_REQ,
-    TLS_ST_CR_SRVR_DONE,
-    TLS_ST_CR_SESSION_TICKET,
-    TLS_ST_CR_CHANGE,
-    TLS_ST_CR_FINISHED,
-    TLS_ST_CW_CLNT_HELLO,
-    TLS_ST_CW_CERT,
-    TLS_ST_CW_KEY_EXCH,
-    TLS_ST_CW_CERT_VRFY,
-    TLS_ST_CW_CHANGE,
-    TLS_ST_CW_NEXT_PROTO,
-    TLS_ST_CW_FINISHED,
-    TLS_ST_SW_HELLO_REQ,
-    TLS_ST_SR_CLNT_HELLO,
-    DTLS_ST_SW_HELLO_VERIFY_REQUEST,
-    TLS_ST_SW_SRVR_HELLO,
-    TLS_ST_SW_CERT,
-    TLS_ST_SW_KEY_EXCH,
-    TLS_ST_SW_CERT_REQ,
-    TLS_ST_SW_SRVR_DONE,
-    TLS_ST_SR_CERT,
-    TLS_ST_SR_KEY_EXCH,
-    TLS_ST_SR_CERT_VRFY,
-    TLS_ST_SR_NEXT_PROTO,
-    TLS_ST_SR_CHANGE,
-    TLS_ST_SR_FINISHED,
-    TLS_ST_SW_SESSION_TICKET,
-    TLS_ST_SW_CERT_STATUS,
-    TLS_ST_SW_CHANGE,
-    TLS_ST_SW_FINISHED
-} OSSL_HANDSHAKE_STATE;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

components/openssl/include/internal/ssl_dbg.h

@@ -1,191 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _SSL_DEBUG_H_
-#define _SSL_DEBUG_H_
-
-#include "platform/ssl_opt.h"
-#include "platform/ssl_port.h"
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#ifdef CONFIG_OPENSSL_DEBUG_LEVEL
-    #define SSL_DEBUG_LEVEL CONFIG_OPENSSL_DEBUG_LEVEL
-#else
-    #define SSL_DEBUG_LEVEL 0
-#endif
-
-#define SSL_DEBUG_ON  (SSL_DEBUG_LEVEL + 1)
-#define SSL_DEBUG_OFF (SSL_DEBUG_LEVEL - 1)
-
-#ifdef CONFIG_OPENSSL_DEBUG
-    #ifndef SSL_DEBUG_LOG
-        #error "SSL_DEBUG_LOG is not defined"
-    #endif
-
-    #ifndef SSL_DEBUG_FL
-        #define SSL_DEBUG_FL "\n"
-    #endif
-
-    #define SSL_SHOW_LOCATION()                         \
-        SSL_DEBUG_LOG("SSL assert : %s %d\n",           \
-            __FILE__, __LINE__)
-
-    #define SSL_DEBUG(level, fmt, ...)                  \
-    {                                                   \
-        if (level > SSL_DEBUG_LEVEL) {                  \
-            SSL_DEBUG_LOG(fmt SSL_DEBUG_FL, ##__VA_ARGS__); \
-        }                                               \
-    }
-#else /* CONFIG_OPENSSL_DEBUG */
-    #define SSL_SHOW_LOCATION()
-
-    #define SSL_DEBUG(level, fmt, ...)
-#endif /* CONFIG_OPENSSL_DEBUG */
-
-/**
- * OpenSSL assert function
- *
- * if select "CONFIG_OPENSSL_ASSERT_DEBUG", SSL_ASSERT* will show error file name and line
- * if select "CONFIG_OPENSSL_ASSERT_EXIT", SSL_ASSERT* will just return error code.
- * if select "CONFIG_OPENSSL_ASSERT_DEBUG_EXIT" SSL_ASSERT* will show error file name and line,
- * then return error code.
- * if select "CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK", SSL_ASSERT* will show error file name and line,
- * then block here with "while (1)"
- *
- * SSL_ASSERT1 may will return "-1", so function's return argument is integer.
- * SSL_ASSERT2 may will return "NULL", so function's return argument is a point.
- * SSL_ASSERT2 may will return nothing, so function's return argument is "void".
- */
-#if defined(CONFIG_OPENSSL_ASSERT_DEBUG)
-    #define SSL_ASSERT1(s)                              \
-    {                                                   \
-        if (!(s)) {                                     \
-            SSL_SHOW_LOCATION();                        \
-        }                                               \
-    }
-
-    #define SSL_ASSERT2(s)                              \
-    {                                                   \
-        if (!(s)) {                                     \
-            SSL_SHOW_LOCATION();                        \
-        }                                               \
-    }
-
-    #define SSL_ASSERT3(s)                              \
-    {                                                   \
-        if (!(s)) {                                     \
-            SSL_SHOW_LOCATION();                        \
-        }                                               \
-    }
-#elif defined(CONFIG_OPENSSL_ASSERT_EXIT)
-    #define SSL_ASSERT1(s)                              \
-    {                                                   \
-        if (!(s)) {                                     \
-            return -1;                                  \
-        }                                               \
-    }
-
-    #define SSL_ASSERT2(s)                              \
-    {                                                   \
-        if (!(s)) {                                     \
-            return NULL;                                \
-        }                                               \
-    }
-
-    #define SSL_ASSERT3(s)                              \
-    {                                                   \
-        if (!(s)) {                                     \
-            return ;                                    \
-        }                                               \
-    }
-#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_EXIT)
-    #define SSL_ASSERT1(s)                              \
-    {                                                   \
-        if (!(s)) {                                     \
-            SSL_SHOW_LOCATION();                        \
-            return -1;                                  \
-        }                                               \
-    }
-
-    #define SSL_ASSERT2(s)                              \
-    {                                                   \
-        if (!(s)) {                                     \
-            SSL_SHOW_LOCATION();                        \
-            return NULL;                                \
-        }                                               \
-    }
-
-    #define SSL_ASSERT3(s)                              \
-    {                                                   \
-        if (!(s)) {                                     \
-            SSL_SHOW_LOCATION();                        \
-            return ;                                    \
-        }                                               \
-    }
-#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK)
-    #define SSL_ASSERT1(s)                              \
-    {                                                   \
-        if (!(s)) {                                     \
-            SSL_SHOW_LOCATION();                        \
-            while (1);                                  \
-        }                                               \
-    }
-
-    #define SSL_ASSERT2(s)                              \
-    {                                                   \
-        if (!(s)) {                                     \
-            SSL_SHOW_LOCATION();                        \
-            while (1);                                  \
-        }                                               \
-    }
-
-    #define SSL_ASSERT3(s)                              \
-    {                                                   \
-        if (!(s)) {                                     \
-            SSL_SHOW_LOCATION();                        \
-            while (1);                                  \
-        }                                               \
-    }
-#else
-    #define SSL_ASSERT1(s)
-    #define SSL_ASSERT2(s)
-    #define SSL_ASSERT3(s)
-#endif
-
-#define SSL_PLATFORM_DEBUG_LEVEL SSL_DEBUG_OFF
-#define SSL_PLATFORM_ERROR_LEVEL SSL_DEBUG_ON
-
-#define SSL_CERT_DEBUG_LEVEL     SSL_DEBUG_OFF
-#define SSL_CERT_ERROR_LEVEL     SSL_DEBUG_ON
-
-#define SSL_PKEY_DEBUG_LEVEL     SSL_DEBUG_OFF
-#define SSL_PKEY_ERROR_LEVEL     SSL_DEBUG_ON
-
-#define SSL_X509_DEBUG_LEVEL     SSL_DEBUG_OFF
-#define SSL_X509_ERROR_LEVEL     SSL_DEBUG_ON
-
-#define SSL_LIB_DEBUG_LEVEL      SSL_DEBUG_OFF
-#define SSL_LIB_ERROR_LEVEL      SSL_DEBUG_ON
-
-#define SSL_STACK_DEBUG_LEVEL    SSL_DEBUG_OFF
-#define SSL_STACK_ERROR_LEVEL    SSL_DEBUG_ON
-
-#ifdef __cplusplus
- }
-#endif
-
-#endif

components/openssl/include/internal/ssl_lib.h

@@ -1,28 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _SSL_LIB_H_
-#define _SSL_LIB_H_
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#include "ssl_types.h"
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

components/openssl/include/internal/ssl_methods.h

@@ -1,122 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _SSL_METHODS_H_
-#define _SSL_METHODS_H_
-
-#include "ssl_types.h"
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/**
- * TLS method function implement
- */
-#define IMPLEMENT_TLS_METHOD_FUNC(func_name, \
-                    new, free, \
-                    handshake, shutdown, clear, \
-                    read, send, pending, \
-                    set_fd, set_hostname, get_fd,	\
-                    set_bufflen, \
-                    get_verify_result, \
-                    get_state) \
-        static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \
-                new, \
-                free, \
-                handshake, \
-                shutdown, \
-                clear, \
-                read, \
-                send, \
-                pending, \
-                set_fd, \
-		set_hostname, \
-                get_fd, \
-                set_bufflen, \
-                get_verify_result, \
-                get_state \
-        };
-
-#define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \
-    const SSL_METHOD* func_name(void) { \
-        static const SSL_METHOD func_name##_data LOCAL_ATRR = { \
-                ver, \
-                mode, \
-                &(fun), \
-        }; \
-        return &func_name##_data; \
-    }
-
-#define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \
-    const SSL_METHOD* func_name(void) { \
-        static const SSL_METHOD func_name##_data LOCAL_ATRR = { \
-                ver, \
-                mode, \
-                &(fun), \
-        }; \
-        return &func_name##_data; \
-    }
-
-#define IMPLEMENT_X509_METHOD(func_name, \
-                new, \
-                free, \
-                load, \
-                show_info) \
-    const X509_METHOD* func_name(void) { \
-        static const X509_METHOD func_name##_data LOCAL_ATRR = { \
-                new, \
-                free, \
-                load, \
-                show_info \
-        }; \
-        return &func_name##_data; \
-    }
-
-#define IMPLEMENT_PKEY_METHOD(func_name, \
-                new, \
-                free, \
-                load) \
-    const PKEY_METHOD* func_name(void) { \
-        static const PKEY_METHOD func_name##_data LOCAL_ATRR = { \
-                new, \
-                free, \
-                load \
-        }; \
-        return &func_name##_data; \
-    }
-
-/**
- * @brief get X509 object method
- *
- * @param none
- *
- * @return X509 object method point
- */
-const X509_METHOD* X509_method(void);
-
-/**
- * @brief get private key object method
- *
- * @param none
- *
- * @return private key object method point
- */
-const PKEY_METHOD* EVP_PKEY_method(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

components/openssl/include/internal/ssl_pkey.h

@@ -1,132 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _SSL_PKEY_H_
-#define _SSL_PKEY_H_
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#include "ssl_types.h"
-
-/**
- * @brief create a private key object according to input private key
- *
- * @param ipk - input private key point
- *
- * @return new private key object point
- */
-EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk);
-
-/**
- * @brief create a private key object
- *
- * @param none
- *
- * @return private key object point
- */
-EVP_PKEY* EVP_PKEY_new(void);
-
-/**
- * @brief load a character key context into system context. If '*a' is pointed to the
- *        private key, then load key into it. Or create a new private key object
- *
- * @param type   - private key type
- * @param a      - a point pointed to a private key point
- * @param pp     - a point pointed to the key context memory point
- * @param length - key bytes
- *
- * @return private key object point
- */
-EVP_PKEY* d2i_PrivateKey(int type,
-                         EVP_PKEY **a,
-                         const unsigned char **pp,
-                         long length);
-
-/**
- * @brief decodes and load a buffer BIO into a EVP key context. If '*a' is pointed to the
- *        private key, then load key into it. Or create a new private key object
- *
- * @param bp BIO object containing the key
- * @param a Pointer to an existing EVP_KEY or NULL if a new key shall be created
- *
- * @return Created or updated EVP_PKEY
- */
-EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
-
-/**
- * @brief Same as d2i_PrivateKey_bio
- *
- * @param bp BIO object containing the key
- * @param a Pointer to an existing EVP_KEY or NULL if a new key shall be created
- *
- * @return Created or updated EVP_PKEY
- */
-RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
-
-/**
- * @brief loads a private key in PEM format from BIO object
- *
- * @param bp BIO object containing the key
- * @param x  Pointer to an existent PKEY or NULL if a new key shall be created
- * @param cb Password callback (not used)
- * @param u User context (not used)
- *
- * @return Created or updated EVP_PKEY
- */
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
-
-/**
- * @brief RSA key in PEM format from BIO object
- *
- * @param bp BIO object containing the key
- * @param x  Pointer to an existent PKEY or NULL if a new key shall be created
- * @param cb Password callback (not used)
- * @param u User context (not used)
- *
- * @return Created or updated EVP_PKEY
- */
-
-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, void *u);
-
-/**
- * @brief free a private key object
- *
- * @param pkey - private key object point
- *
- * @return none
- */
-void EVP_PKEY_free(EVP_PKEY *x);
-
-/**
- * @brief load private key into the SSL
- *
- * @param type - private key type
- * @param ssl  - SSL point
- * @param len  - data bytes
- * @param d    - data point
- *
- * @return result
- *     0 : failed
- *     1 : OK
- */
- int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

components/openssl/include/internal/ssl_stack.h

@@ -1,95 +0,0 @@
-#ifndef _SSL_STACK_H_
-#define _SSL_STACK_H_
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#include "ssl_types.h"
-
-#define STACK_OF(type)  struct stack_st_##type
-
-#define SKM_DEFINE_STACK_OF(t1, t2, t3) \
-    STACK_OF(t1); \
-    static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \
-    { \
-        return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \
-    } \
-
-#define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
-typedef struct asn1_string_st ASN1_OCTET_STRING;
-
-struct stack_st_GENERAL_NAME;
-typedef struct GENERAL_NAME_st {
-    int type;
-    union {
-        char *ptr;
-        struct asn1_string_st* dNSName;
-        ASN1_OCTET_STRING* iPAddress;
-    } d;
-} GENERAL_NAME;
-
-typedef struct asn1_string_st ASN1_OCTET_STRING;
-typedef struct X509_name_st X509_NAME;
-typedef struct asn1_string_st ASN1_STRING;
-typedef struct X509_name_entry_st X509_NAME_ENTRY;
-
-typedef struct asn1_string_st {
-    int type;
-    int length;
-    void *data;
-} ASN1_IA5STRING;
-
-typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
-
-/**
- * @brief get nr of stack items
- *
- * @param sk Stack structure pointer
- *
- * @return number of items in the stack
- */
-size_t sk_GENERAL_NAME_num(const struct stack_st_GENERAL_NAME *sk);
-
-/**
- * @brief get GENERAL_NAME value from the stack
- *
- * @param sk Stack structure pointer
- * @param i Index to stack item
- *
- * @return GENERAL_NAME object pointer
- */
-GENERAL_NAME *sk_GENERAL_NAME_value(const struct stack_st_GENERAL_NAME *sk, size_t i);
-
-/**
- * @brief create a openssl stack object
- *
- * @param c - stack function
- *
- * @return openssl stack object point
- */
-OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c);
-
-/**
- * @brief create a NULL function openssl stack object
- *
- * @param none
- *
- * @return openssl stack object point
- */
-OPENSSL_STACK *OPENSSL_sk_new_null(void);
-
-/**
- * @brief free openssl stack object
- *
- * @param openssl stack object point
- *
- * @return none
- */
-void OPENSSL_sk_free(OPENSSL_STACK *stack);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

components/openssl/include/internal/ssl_types.h

@@ -1,346 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _SSL_TYPES_H_
-#define _SSL_TYPES_H_
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#include "ssl_code.h"
-#include <stddef.h>
-#include <stdint.h>
-
-typedef void SSL_CIPHER;
-
-typedef void X509_STORE_CTX;
-typedef void X509_STORE;
-
-typedef void RSA;
-
-typedef void STACK;
-
-typedef void DH;
-
-#define ossl_inline inline
-
-#define SSL_METHOD_CALL(f, s, ...)        s->method->func->ssl_##f(s, ##__VA_ARGS__)
-#define X509_METHOD_CALL(f, x, ...)       x->method->x509_##f(x, ##__VA_ARGS__)
-#define EVP_PKEY_METHOD_CALL(f, k, ...)   k->method->pkey_##f(k, ##__VA_ARGS__)
-
-typedef int (*OPENSSL_sk_compfunc)(const void *, const void *);
-typedef int (*openssl_verify_callback)(int, X509_STORE_CTX *);
-struct stack_st;
-typedef struct stack_st OPENSSL_STACK;
-
-struct ssl_method_st;
-typedef struct ssl_method_st SSL_METHOD;
-
-struct ssl_method_func_st;
-typedef struct ssl_method_func_st SSL_METHOD_FUNC;
-
-struct record_layer_st;
-typedef struct record_layer_st RECORD_LAYER;
-
-struct ossl_statem_st;
-typedef struct ossl_statem_st OSSL_STATEM;
-
-struct ssl_session_st;
-typedef struct ssl_session_st SSL_SESSION;
-
-struct ssl_ctx_st;
-typedef struct ssl_ctx_st SSL_CTX;
-
-struct ssl_st;
-typedef struct ssl_st SSL;
-
-struct cert_st;
-typedef struct cert_st CERT;
-
-struct x509_st;
-typedef struct x509_st X509;
-
-struct X509_VERIFY_PARAM_st;
-typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
-
-struct evp_pkey_st;
-typedef struct evp_pkey_st EVP_PKEY;
-
-struct x509_method_st;
-typedef struct x509_method_st X509_METHOD;
-
-struct pkey_method_st;
-typedef struct pkey_method_st PKEY_METHOD;
-
-struct ssl_alpn_st;
-typedef struct ssl_alpn_st SSL_ALPN;
-
-struct bio_st;
-typedef struct bio_st BIO;
-
-struct stack_st {
-
-    char **data;
-
-    int num_alloc;
-
-    OPENSSL_sk_compfunc c;
-};
-
-struct evp_pkey_st {
-
-    void *pkey_pm;
-
-    const PKEY_METHOD *method;
-
-    int ref_counter;
-};
-
-struct x509_st {
-
-    /* X509 certification platform private point */
-    void *x509_pm;
-
-    const X509_METHOD *method;
-
-    int ref_counter;
-};
-
-struct cert_st {
-
-    int sec_level;
-
-    X509 *x509;
-
-    EVP_PKEY *pkey;
-
-};
-
-struct ossl_statem_st {
-
-    MSG_FLOW_STATE state;
-
-    int hand_state;
-};
-
-struct record_layer_st {
-
-    int rstate;
-
-    int read_ahead;
-};
-
-struct ssl_session_st {
-
-    long timeout;
-
-    long time;
-
-    X509 *peer;
-};
-
-struct X509_VERIFY_PARAM_st {
-
-    int depth;
-
-};
-
-struct bio_st {
-
-    unsigned char * data;
-    int dlen;
-    BIO* peer;
-    size_t offset;
-    size_t roffset;
-    size_t size;
-    size_t flags;
-    size_t type;
-
-};
-
-typedef enum { ALPN_INIT, ALPN_ENABLE, ALPN_DISABLE, ALPN_ERROR } ALPN_STATUS;
-struct ssl_alpn_st {
-     ALPN_STATUS alpn_status;
-     /* This is dynamically allocated */
-     char *alpn_string;
-     /* This only points to the members in the string */
-#define ALPN_LIST_MAX 10
-     const char *alpn_list[ALPN_LIST_MAX];
-};
-
-typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
-
-
-struct ssl_ctx_st
-{
-    int version;
-
-    int references;
-
-    unsigned long options;
-
-    SSL_ALPN ssl_alpn;
-
-    const SSL_METHOD *method;
-
-    CERT *cert;
-
-    X509 *client_CA;
-
-    int verify_mode;
-
-    int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
-
-    long session_timeout;
-
-    int read_ahead;
-
-    int read_buffer_len;
-
-    X509_VERIFY_PARAM param;
-
-    void *default_passwd_callback_userdata;
-
-    pem_password_cb *default_passwd_callback;
-
-    struct stack_st_X509 *extra_certs;
-
-    int max_version;
-    int min_version;
-
-};
-
-struct ssl_st
-{
-    /* protocol version(one of SSL3.0, TLS1.0, etc.) */
-    int version;
-
-    unsigned long options;
-
-    /* shut things down(0x01 : sent, 0x02 : received) */
-    int shutdown;
-
-    CERT *cert;
-
-    X509 *client_CA;
-
-    SSL_CTX  *ctx;
-
-    const SSL_METHOD *method;
-
-    RECORD_LAYER rlayer;
-
-    /* where we are */
-    OSSL_STATEM statem;
-
-    SSL_SESSION *session;
-
-    int verify_mode;
-
-    int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
-
-    int rwstate;
-
-    long verify_result;
-
-    X509_VERIFY_PARAM param;
-
-    uint32_t mode;
-
-    void (*info_callback) (const SSL *ssl, int type, int val);
-
-    /* SSL low-level system arch point */
-    void *ssl_pm;
-    void *bio;
-};
-
-struct ssl_method_st {
-    /* protocol version(one of SSL3.0, TLS1.0, etc.) */
-    int version;
-
-    /* SSL mode(client(0) , server(1), not known(-1)) */
-    int endpoint;
-
-    const SSL_METHOD_FUNC *func;
-};
-
-struct ssl_method_func_st {
-
-    int (*ssl_new)(SSL *ssl);
-
-    void (*ssl_free)(SSL *ssl);
-
-    int (*ssl_handshake)(SSL *ssl);
-
-    int (*ssl_shutdown)(SSL *ssl);
-
-    int (*ssl_clear)(SSL *ssl);
-
-    int (*ssl_read)(SSL *ssl, void *buffer, int len);
-
-    int (*ssl_send)(SSL *ssl, const void *buffer, int len);
-
-    int (*ssl_pending)(const SSL *ssl);
-
-    void (*ssl_set_fd)(SSL *ssl, int fd, int mode);
-
-    void (*ssl_set_hostname)(SSL *ssl, const char *hostname);
-
-    int (*ssl_get_fd)(const SSL *ssl, int mode);
-
-    void (*ssl_set_bufflen)(SSL *ssl, int len);
-
-    long (*ssl_get_verify_result)(const SSL *ssl);
-
-    OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl);
-};
-
-struct x509_method_st {
-
-    int (*x509_new)(X509 *x, X509 *m_x);
-
-    void (*x509_free)(X509 *x);
-
-    int (*x509_load)(X509 *x, const unsigned char *buf, int len);
-
-    int (*x509_show_info)(X509 *x);
-};
-
-struct pkey_method_st {
-
-    int (*pkey_new)(EVP_PKEY *pkey, EVP_PKEY *m_pkey);
-
-    void (*pkey_free)(EVP_PKEY *pkey);
-
-    int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len);
-};
-
-struct bio_method_st {
-
-    unsigned type;
-
-    unsigned size;
-};
-
-
-typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out,
-                             unsigned char *outlen, const unsigned char *in,
-                             unsigned int inlen, void *arg);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

components/openssl/include/internal/ssl_x509.h

@@ -1,152 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _SSL_X509_H_
-#define _SSL_X509_H_
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#include "ssl_types.h"
-#include "ssl_stack.h"
-
-DEFINE_STACK_OF(X509_NAME)
-
-/**
- * @brief create a X509 certification object according to input X509 certification
- *
- * @param ix - input X509 certification point
- *
- * @return new X509 certification object point
- */
-X509* __X509_new(X509 *ix);
-
-/**
- * @brief create a X509 certification object
- *
- * @param none
- *
- * @return X509 certification object point
- */
-X509* X509_new(void);
-
-/**
- * @brief load a character certification context into system context. If '*cert' is pointed to the
- *        certification, then load certification into it. Or create a new X509 certification object
- *
- * @param cert   - a point pointed to X509 certification
- * @param buffer - a point pointed to the certification context memory point
- * @param length - certification bytes
- *
- * @return X509 certification object point
- */
-X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len);
-
-/**
- * @brief free a X509 certification object
- *
- * @param x - X509 certification object point
- *
- * @return none
- */
-void X509_free(X509 *x);
-
-/**
- * @brief set SSL context client CA certification
- *
- * @param ctx - SSL context point
- * @param x   - X509 certification point
- *
- * @return result
- *     0 : failed
- *     1 : OK
- */
-int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
-
-/**
- * @brief add CA client certification into the SSL
- *
- * @param ssl - SSL point
- * @param x   - X509 certification point
- *
- * @return result
- *     0 : failed
- *     1 : OK
- */
-int SSL_add_client_CA(SSL *ssl, X509 *x);
-
-/**
- * @brief load certification into the SSL
- *
- * @param ssl - SSL point
- * @param len - data bytes
- * @param d   - data point
- *
- * @return result
- *     0 : failed
- *     1 : OK
- *
- */
-int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d);
-
-
-/**
- * @brief set SSL context client CA certification
- *
- * @param store - pointer to X509_STORE
- * @param x     -  pointer to X509 certification point
- *
- * @return result
- *     0 : failed
- *     1 : OK
- */
-int X509_STORE_add_cert(X509_STORE *store, X509 *x);
-
-/**
- * @brief load a character certification context into system context.
- *
- * If '*cert' is pointed to the certification, then load certification
- * into it, or create a new X509 certification object.
- *
- * @param bp     - pointer to  BIO
- * @param buffer - pointer to the certification context memory
- * @param cb     - pointer to a callback which queries pass phrase used
-                   for encrypted PEM structure
- * @param u      - pointer to arbitary data passed by application to callback
- *
- * @return X509 certification object point
- */
-X509 * PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb cb, void *u);
-
-/**
- * @brief load a character certification context into system context.
- *
- * Current implementation directly calls PEM_read_bio_X509
- *
- * @param bp     - pointer to  BIO
- * @param buffer - pointer to the certification context memory
- * @param cb     - pointer to the callback (not implemented)
- * @param u      - pointer to arbitrary data (not implemented)
- *
- * @return X509 certification object point
- */
-X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **cert, pem_password_cb *cb, void *u);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

components/openssl/include/internal/tls1.h

@@ -1,55 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _TLS1_H_
-#define _TLS1_H_
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-# define TLS1_AD_DECRYPTION_FAILED       21
-# define TLS1_AD_RECORD_OVERFLOW         22
-# define TLS1_AD_UNKNOWN_CA              48/* fatal */
-# define TLS1_AD_ACCESS_DENIED           49/* fatal */
-# define TLS1_AD_DECODE_ERROR            50/* fatal */
-# define TLS1_AD_DECRYPT_ERROR           51
-# define TLS1_AD_EXPORT_RESTRICTION      60/* fatal */
-# define TLS1_AD_PROTOCOL_VERSION        70/* fatal */
-# define TLS1_AD_INSUFFICIENT_SECURITY   71/* fatal */
-# define TLS1_AD_INTERNAL_ERROR          80/* fatal */
-# define TLS1_AD_INAPPROPRIATE_FALLBACK  86/* fatal */
-# define TLS1_AD_USER_CANCELLED          90
-# define TLS1_AD_NO_RENEGOTIATION        100
-/* codes 110-114 are from RFC3546 */
-# define TLS1_AD_UNSUPPORTED_EXTENSION   110
-# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
-# define TLS1_AD_UNRECOGNIZED_NAME       112
-# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
-# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
-# define TLS1_AD_UNKNOWN_PSK_IDENTITY    115/* fatal */
-# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */
-
-/* Special value for method supporting multiple versions */
-#define TLS_ANY_VERSION                 0x10000
-
-#define TLS1_VERSION                    0x0301
-#define TLS1_1_VERSION                  0x0302
-#define TLS1_2_VERSION                  0x0303
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

components/openssl/include/internal/x509_vfy.h

@@ -1,111 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _X509_VFY_H_
-#define _X509_VFY_H_
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#define         X509_V_OK                                       0
-#define         X509_V_ERR_UNSPECIFIED                          1
-#define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
-#define         X509_V_ERR_UNABLE_TO_GET_CRL                    3
-#define         X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
-#define         X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
-#define         X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
-#define         X509_V_ERR_CERT_SIGNATURE_FAILURE               7
-#define         X509_V_ERR_CRL_SIGNATURE_FAILURE                8
-#define         X509_V_ERR_CERT_NOT_YET_VALID                   9
-#define         X509_V_ERR_CERT_HAS_EXPIRED                     10
-#define         X509_V_ERR_CRL_NOT_YET_VALID                    11
-#define         X509_V_ERR_CRL_HAS_EXPIRED                      12
-#define         X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
-#define         X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
-#define         X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
-#define         X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD       16
-#define         X509_V_ERR_OUT_OF_MEM                           17
-#define         X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT          18
-#define         X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN            19
-#define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY    20
-#define         X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE      21
-#define         X509_V_ERR_CERT_CHAIN_TOO_LONG                  22
-#define         X509_V_ERR_CERT_REVOKED                         23
-#define         X509_V_ERR_INVALID_CA                           24
-#define         X509_V_ERR_PATH_LENGTH_EXCEEDED                 25
-#define         X509_V_ERR_INVALID_PURPOSE                      26
-#define         X509_V_ERR_CERT_UNTRUSTED                       27
-#define         X509_V_ERR_CERT_REJECTED                        28
-/* These are 'informational' when looking for issuer cert */
-#define         X509_V_ERR_SUBJECT_ISSUER_MISMATCH              29
-#define         X509_V_ERR_AKID_SKID_MISMATCH                   30
-#define         X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
-#define         X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
-#define         X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
-#define         X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
-#define         X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
-#define         X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
-#define         X509_V_ERR_INVALID_NON_CA                       37
-#define         X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
-#define         X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
-#define         X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
-#define         X509_V_ERR_INVALID_EXTENSION                    41
-#define         X509_V_ERR_INVALID_POLICY_EXTENSION             42
-#define         X509_V_ERR_NO_EXPLICIT_POLICY                   43
-#define         X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
-#define         X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
-#define         X509_V_ERR_UNNESTED_RESOURCE                    46
-#define         X509_V_ERR_PERMITTED_VIOLATION                  47
-#define         X509_V_ERR_EXCLUDED_VIOLATION                   48
-#define         X509_V_ERR_SUBTREE_MINMAX                       49
-/* The application is not happy */
-#define         X509_V_ERR_APPLICATION_VERIFICATION             50
-#define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
-#define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
-#define         X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
-#define         X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
-/* Another issuer check debug option */
-#define         X509_V_ERR_PATH_LOOP                            55
-/* Suite B mode algorithm violation */
-#define         X509_V_ERR_SUITE_B_INVALID_VERSION              56
-#define         X509_V_ERR_SUITE_B_INVALID_ALGORITHM            57
-#define         X509_V_ERR_SUITE_B_INVALID_CURVE                58
-#define         X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM  59
-#define         X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED              60
-#define         X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
-/* Host, email and IP check errors */
-#define         X509_V_ERR_HOSTNAME_MISMATCH                    62
-#define         X509_V_ERR_EMAIL_MISMATCH                       63
-#define         X509_V_ERR_IP_ADDRESS_MISMATCH                  64
-/* DANE TLSA errors */
-#define         X509_V_ERR_DANE_NO_MATCH                        65
-/* security level errors */
-#define         X509_V_ERR_EE_KEY_TOO_SMALL                     66
-#define         X509_V_ERR_CA_KEY_TOO_SMALL                     67
-#define         X509_V_ERR_CA_MD_TOO_WEAK                       68
-/* Caller error */
-#define         X509_V_ERR_INVALID_CALL                         69
-/* Issuer lookup error */
-#define         X509_V_ERR_STORE_LOOKUP                         70
-/* Certificate transparency */
-#define         X509_V_ERR_NO_VALID_SCTS                        71
-
-#define         X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION         72
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

components/openssl/include/openssl/bio.h

@@ -1,179 +0,0 @@
-// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _OPENSSL_BIO_H
-#define _OPENSSL_BIO_H
-
-#include <stddef.h>
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/* These are the 'types' of BIOs */
-#define BIO_TYPE_NONE 0
-#define BIO_TYPE_MEM (1 | 0x0400)
-#define BIO_TYPE_BIO (19 | 0x0400)        /* (half a) BIO pair */
-
-/* Bio object flags */
-#define BIO_FLAGS_READ		0x01
-#define BIO_FLAGS_WRITE		0x02
-
-#define BIO_should_read(a)		BIO_test_flags(a, BIO_FLAGS_READ)
-#define BIO_should_write(a)		BIO_test_flags(a, BIO_FLAGS_WRITE)
-
-typedef struct bio_st BIO;
-typedef struct bio_method_st BIO_METHOD;
-
-/**
- * @brief Create a BIO object as a file type
- * Current implementation return NULL as file types are discouraged on ESP platform
- *
- * @param filename Filename
- * @param mode Mode
- *
- * @return BIO object
- */
-BIO *BIO_new_file(const char *filename, const char *mode);
-
-/**
- * @brief Create a BIO object as a membuf type
- * Current implementation takes a shallow copy of the buffer
- *
- * @param buf Pointer to the buffer
- * @param len Length of the buffer
- *
- * @return BIO object
- */
-BIO *BIO_new_mem_buf(void *buf, int len);
-
-/**
- * @brief create a BIO object
- *
- * @param method - pointer to BIO_METHOD
- *
- * @return pointer to BIO object
- */
-BIO *BIO_new(BIO_METHOD * method);
-
-/**
- * @brief get the memory BIO method function
- */
-void *BIO_s_mem(void);
-
-/**
- * @brief free a BIO  object
- *
- * @param x - pointer to BIO object
- */
-void BIO_free(BIO *b);
-
-/**
- * @brief Create a connected pair of BIOs bio1, bio2 with write buffer sizes writebuf1 and writebuf2
- *
- * @param out1    pointer to BIO1
- * @param writebuf1    write size of BIO1 (0 means default size will be used)
- * @param out2    pointer to BIO2
- * @param writebuf2    write size of BIO2 (0 means default size will be used)
- *
- * @return result
- *      0 : failed
- *      1 : OK
- */
-int BIO_new_bio_pair(BIO **out1, size_t writebuf1, BIO **out2, size_t writebuf2);
-
-/**
- * @brief Write data to BIO
- *
- * BIO_TYPE_BIO behaves the same way as OpenSSL bio object, other BIO types mock
- * this functionality to avoid excessive allocation/copy, so the 'data' cannot
- * be freed after the function is called, it should remain valid until BIO object is in use.
- *
- * @param b    - pointer to BIO
- * @param data - pointer to data
- * @param dlen - data bytes
- *
- * @return result
- *      -1, 0 : failed
- *      1 : OK
- */
-int BIO_write(BIO *b, const void *data, int dlen);
-
-/**
- * @brief Read data from BIO
- *
- * BIO_TYPE_BIO behaves the same way as OpenSSL bio object.
- * Other types just hold pointer
- *
- * @param b    - pointer to BIO
- * @param data - pointer to data
- * @param dlen - data bytes
- *
- * @return result
- *      -1, 0 : failed
- *      1 : OK
- */
-int BIO_read(BIO *bio, void *data, int len);
-
-/**
- * @brief Get number of pending characters in the BIOs write buffers.
- *
- * @param b Pointer to BIO
- *
- * @return Amount of pending data
- */
-size_t BIO_wpending(const BIO *bio);
-
-/**
- * @brief Get number of pending characters in the BIOs read buffers.
- *
- * @param b Pointer to BIO
- *
- * @return Amount of pending data
- */
-size_t BIO_ctrl_pending(const BIO *bio);
-
-/**
- * @brief Get the maximum length of data that can be currently written to the BIO
- *
- * @param b Pointer to BIO
- *
- * @return Max length of writable data
- */
-size_t BIO_ctrl_get_write_guarantee(BIO *bio);
-
-/**
- * @brief Returns the type of a BIO.
- *
- * @param b Pointer to BIO
- *
- * @return Type of the BIO object
- */
-int BIO_method_type(const BIO *b);
-
-/**
- * @brief Test flags of a BIO.
- *
- * @param b Pointer to BIO
- * @param flags Flags
- *
- * @return BIO object flags masked with the supplied flags
- */
-int  BIO_test_flags(const BIO *b, int flags);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif //_OPENSSL_BIO_H

components/openssl/include/openssl/err.h

@@ -1,228 +0,0 @@
-// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _OPENSSL_ERR_H
-#define _OPENSSL_ERR_H
-
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * @note This file contains a very simple implementation of error stack
- * for ESP APIs stubs to OpenSSL
- */
-
-#define OPENSSL_PUT_SYSTEM_ERROR() \
-  ERR_put_error(ERR_LIB_SYS, 0, 0, __FILE__, __LINE__);
-
-#define OPENSSL_PUT_LIB_ERROR(lib, code) \
-  ERR_put_error(lib, 0, code, __FILE__, __LINE__);
-
-#define ERR_GET_LIB(packed_error) ((int)(((packed_error) >> 24) & 0xff))
-#define ERR_GET_REASON(packed_error) ((int)((packed_error) & 0xffff))
-#define ERR_R_PEM_LIB ERR_LIB_PEM
-/* inherent openssl errors */
-# define ERR_R_FATAL                             64
-# define ERR_R_MALLOC_FAILURE                    (1|ERR_R_FATAL)
-# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED       (2|ERR_R_FATAL)
-# define ERR_R_PASSED_NULL_PARAMETER             (3|ERR_R_FATAL)
-# define ERR_R_INTERNAL_ERROR                    (4|ERR_R_FATAL)
-# define ERR_R_DISABLED                          (5|ERR_R_FATAL)
-# define ERR_R_INIT_FAIL                         (6|ERR_R_FATAL)
-# define ERR_R_PASSED_INVALID_ARGUMENT           (7)
-# define ERR_R_OPERATION_FAIL                    (8|ERR_R_FATAL)
-# define ERR_R_INVALID_PROVIDER_FUNCTIONS        (9|ERR_R_FATAL)
-# define ERR_R_INTERRUPTED_OR_CANCELLED          (10)
-
-enum {
-    ERR_LIB_NONE = 1,
-    ERR_LIB_SYS,
-    ERR_LIB_BN,
-    ERR_LIB_RSA,
-    ERR_LIB_DH,
-    ERR_LIB_EVP,
-    ERR_LIB_BUF,
-    ERR_LIB_OBJ,
-    ERR_LIB_PEM,
-    ERR_LIB_DSA,
-    ERR_LIB_X509,
-    ERR_LIB_ASN1,
-    ERR_LIB_CONF,
-    ERR_LIB_CRYPTO,
-    ERR_LIB_EC,
-    ERR_LIB_SSL,
-    ERR_LIB_BIO,
-    ERR_LIB_PKCS7,
-    ERR_LIB_PKCS8,
-    ERR_LIB_X509V3,
-    ERR_LIB_RAND,
-    ERR_LIB_ENGINE,
-    ERR_LIB_OCSP,
-    ERR_LIB_UI,
-    ERR_LIB_COMP,
-    ERR_LIB_ECDSA,
-    ERR_LIB_ECDH,
-    ERR_LIB_HMAC,
-    ERR_LIB_DIGEST,
-    ERR_LIB_CIPHER,
-    ERR_LIB_HKDF,
-    ERR_LIB_USER,
-    ERR_NUM_LIBS
-};
-
-/**
- * @brief clear the SSL error code
- *
- * @param none
- *
- * @return none
- */
-void ERR_clear_error(void);
-
-/**
- * @brief get the current SSL error code
- *
- * @param none
- *
- * @return current SSL error number
- */
-uint32_t ERR_get_error(void);
-
-/**
- * @brief peek the current SSL error code, not clearing it
- *
- * @param none
- *
- * @return current SSL error number
- */
-uint32_t ERR_peek_error(void);
-
-/**
- * @brief peek the last SSL error code, not clearing it
- *
- * @param none
- *
- * @return current SSL error number
- */
-uint32_t ERR_peek_last_error(void);
-
-/**
- * @brief register the SSL error strings
- *
- * @param none
- *
- * @return none
- */
-void ERR_load_SSL_strings(void);
-
-/**
- * @brief clear the SSL error code
- *
- * @param none
- *
- * @return none
- */
-void ERR_clear_error(void);
-
-/**
- * @brief peek the current SSL error code, not clearing it
- *
- * @param none
- *
- * @return current SSL error number
- */
-uint32_t ERR_peek_error(void);
-
-/**
- * @brief peek the last SSL error code, not clearing it
- *
- * @param none
- *
- * @return current SSL error number
- */
-uint32_t ERR_peek_last_error(void);
-
-/**
- * @brief capture the current error to the error structure
- *
- * @param library Related library
- * @param unused Not used (used for compliant function prototype)
- * @param reason The actual error code
- * @param file File name of the error report
- * @param line Line number of the error report
- *
- */
-void ERR_put_error(int library, int unused, int reason, const char *file, unsigned line);
-
-/**
- * @brief Peek the current SSL error, not clearing it
- *
- * @param file file name of the reported error
- * @param line line number of the reported error
- * @param data Associated data to the reported error
- * @param flags Flags associated to the error
- *
- * @return current SSL error number
- */
-uint32_t ERR_peek_error_line_data(const char **file, int *line,
-                                  const char **data, int *flags);
-
-/**
- * @brief Get the current SSL error
- *
- * @param file file name of the reported error
- * @param line line number of the reported error
- * @param data Associated data to the reported error
- * @param flags Flags associated to the error
- *
- * @return current SSL error number
- */
-uint32_t ERR_get_error_line_data(const char **file, int *line,
-                                  const char **data, int *flags);
-
-/**
- * @brief API provided as a declaration only
- *
- */
-void SSL_load_error_strings(void);
-
-/**
- * @brief API provided as a declaration only
- *
- */
-void ERR_free_strings(void);
-
-/**
- * @brief API provided as a declaration only
- *
- */
-void ERR_remove_state(unsigned long pid);
-
-/**
- * @brief Returns error string -- Not implemented
- *
- * @param packed_error Packed error code
- *
- * @return NULL
- */
-const char *ERR_reason_error_string(uint32_t packed_error);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // _OPENSSL_ERR_H

components/openssl/include/openssl/ssl.h

@@ -1,1901 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-// Allow for this warning suppression only in IDF_CI_BUILD
-#if !defined(ESP_OPENSSL_SUPPRESS_LEGACY_WARNING) || !defined(IDF_CI_BUILD)
-#warning "OpenSSL component will be removed from ESP-IDF in v5.0, please use esp_tls instead"
-#endif
-
-#ifndef _SSL_H_
-#define _SSL_H_
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#include "internal/ssl_x509.h"
-#include "internal/ssl_pkey.h"
-#include "openssl/bio.h"
-#include "openssl/err.h"
-
-/*
-{
-*/
-
-#define SSL_CB_ALERT 0x4000
-
-#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT		(1 << 0)
-#define X509_CHECK_FLAG_NO_WILDCARDS			(1 << 1)
-#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS		(1 << 2)
-#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS		(1 << 3)
-#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS		(1 << 4)
-
-/**
- * @brief create a SSL context
- *
- * @param method - the SSL context method point
- *
- * @return the context point
- */
-SSL_CTX* SSL_CTX_new(const SSL_METHOD *method);
-
-/**
- * @brief free a SSL context
- *
- * @param method - the SSL context point
- *
- * @return none
- */
-void SSL_CTX_free(SSL_CTX *ctx);
-
-/**
- * @brief create a SSL
- *
- * @param ctx - the SSL context point
- *
- * @return the SSL point
- */
-SSL* SSL_new(SSL_CTX *ctx);
-
-/**
- * @brief free the SSL
- *
- * @param ssl - the SSL point
- *
- * @return none
- */
-void SSL_free(SSL *ssl);
-
-/**
- * @brief connect to the remote SSL server
- *
- * @param ssl - the SSL point
- *
- * @return result
- *     1 : OK
- *    -1 : failed
- */
-int SSL_connect(SSL *ssl);
-
-/**
- * @brief accept the remote connection
- *
- * @param ssl - the SSL point
- *
- * @return result
- *     1 : OK
- *    -1 : failed
- */
-int SSL_accept(SSL *ssl);
-
-/**
- * @brief read data from to remote
- *
- * @param ssl    - the SSL point which has been connected
- * @param buffer - the received data buffer point
- * @param len    - the received data length
- *
- * @return result
- *     > 0 : OK, and return received data bytes
- *     = 0 : connection is closed
- *     < 0 : an error catch
- */
-int SSL_read(SSL *ssl, void *buffer, int len);
-
-/**
- * @brief send the data to remote
- *
- * @param ssl    - the SSL point which has been connected
- * @param buffer - the send data buffer point
- * @param len    - the send data length
- *
- * @return result
- *     > 0 : OK, and return sent data bytes
- *     = 0 : connection is closed
- *     < 0 : an error catch
- */
-int SSL_write(SSL *ssl, const void *buffer, int len);
-
-/**
- * @brief get the verifying result of the SSL certification
- *
- * @param ssl - the SSL point
- *
- * @return the result of verifying
- */
-long SSL_get_verify_result(const SSL *ssl);
-
-/**
- * @brief shutdown the connection
- *
- * @param ssl - the SSL point
- *
- * @return result
- *     1 : OK
- *     0 : shutdown is not finished
- *    -1 : an error catch
- */
-int SSL_shutdown(SSL *ssl);
-
-/**
- * @brief bind the socket file description into the SSL
- *
- * @param ssl - the SSL point
- * @param fd  - socket handle
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_set_fd(SSL *ssl, int fd);
-
-/**
- * @brief Set the hostname for SNI
- *
- * @param ssl - the SSL context point
- * @param hostname  - pointer to the hostname
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_set_tlsext_host_name(SSL* ssl, const char *hostname);
-
-/**
- * @brief These functions load the private key into the SSL_CTX or SSL object
- *
- * @param ctx  - the SSL context point
- * @param pkey - private key object point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-
-/**
- * @brief These functions load the certification into the SSL_CTX or SSL object
- *
- * @param ctx  - the SSL context point
- * @param pkey - certification object point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
-
-/**
- * @brief create the target SSL context client method
- *
- * @param none
- *
- * @return the SSLV2.3 version SSL context client method
- */
-const SSL_METHOD* SSLv23_client_method(void);
-
-/**
- * @brief create the target SSL context client method
- *
- * @param none
- *
- * @return the TLSV1.0 version SSL context client method
- */
-const SSL_METHOD* TLSv1_client_method(void);
-
-/**
- * @brief create the target SSL context client method
- *
- * @param none
- *
- * @return the SSLV1.0 version SSL context client method
- */
-const SSL_METHOD* SSLv3_client_method(void);
-
-/**
- * @brief create the target SSL context client method
- *
- * @param none
- *
- * @return the TLSV1.1 version SSL context client method
- */
-const SSL_METHOD* TLSv1_1_client_method(void);
-
-/**
- * @brief create the target SSL context client method
- *
- * @param none
- *
- * @return the TLSV1.2 version SSL context client method
- */
-const SSL_METHOD* TLSv1_2_client_method(void);
-
-/**
- * @brief create the target SSL context server method
- *
- * @param none
- *
- * @return the TLS any version SSL context client method
- */
-const SSL_METHOD* TLS_client_method(void);
-
-/**
- * @brief create the target SSL context server method
- *
- * @param none
- *
- * @return the SSLV2.3 version SSL context server method
- */
-const SSL_METHOD* SSLv23_server_method(void);
-
-/**
- * @brief create the target SSL context server method
- *
- * @param none
- *
- * @return the TLSV1.1 version SSL context server method
- */
-const SSL_METHOD* TLSv1_1_server_method(void);
-
-/**
- * @brief create the target SSL context server method
- *
- * @param none
- *
- * @return the TLSV1.2 version SSL context server method
- */
-const SSL_METHOD* TLSv1_2_server_method(void);
-
-/**
- * @brief create the target SSL context server method
- *
- * @param none
- *
- * @return the TLSV1.0 version SSL context server method
- */
-const SSL_METHOD* TLSv1_server_method(void);
-
-/**
- * @brief create the target SSL context server method
- *
- * @param none
- *
- * @return the SSLV3.0 version SSL context server method
- */
-const SSL_METHOD* SSLv3_server_method(void);
-
-/**
- * @brief create the target SSL context server method
- *
- * @param none
- *
- * @return the TLS any version SSL context server method
- */
-const SSL_METHOD* TLS_server_method(void);
-
-/**
- * @brief create the target SSL context method
- *
- * @return the TLS any version SSL context method
- */
-const SSL_METHOD* TLS_method(void);
-
-/**
- * @brief create the target SSL context method
- *
- * @return the TLS1.2 version SSL context method
- */
-const SSL_METHOD* TLSv1_2_method(void);
-
-/**
- * @brief create the target SSL context method
- *
- * @return the TLS1.1 version SSL context method
- */
-const SSL_METHOD* TLSv1_1_method(void);
-
-/**
- * @brief create the target SSL context method
- *
- * @return the TLS1.0 version SSL context method
- */
-const SSL_METHOD* TLSv1_method(void);
-
-/**
- * @brief create the target SSL context method
- *
- * @return the SSLV3.0 version SSL context method
- */
-const SSL_METHOD* SSLv3_method(void);
-
-/**
- * @brief create the target SSL context method
- *
- * @param none
- *
- * @return the SSLV2.3 version SSL context method
- */
-const SSL_METHOD* SSLv23_method(void);
-
-/**
- * @brief Set minimum protocol version for defined context
- *
- * @param ctx SSL context
- *
- * @return 1 on success
- */
-int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
-
-/**
- * @brief Set maximum protocol version for defined context
- *
- * @param ctx SSL context
- *
- * @return 1 on success
- */
-int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
-
-/**
- * @brief set the SSL context ALPN select callback function
- *
- * @param ctx - SSL context point
- * @param cb  - ALPN select callback function
- * @param arg - ALPN select callback function entry private data point
- *
- * @return none
- */
-void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
-                                int (*cb) (SSL *ssl,
-                                           const unsigned char **out,
-                                           unsigned char *outlen,
-                                           const unsigned char *in,
-                                           unsigned int inlen,
-                                           void *arg),
-                                void *arg);
-
-
-/**
- * @brief set the SSL context ALPN select protocol
- *
- * @param ctx        - SSL context point
- * @param protos     - ALPN protocol name
- * @param protos_len - ALPN protocol name bytes
- *
- * @return result
- *     0 : OK
- *     1 : failed
- */
-int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len);
-
-/**
- * @brief set the SSL context next ALPN select callback function
- *
- * @param ctx - SSL context point
- * @param cb  - ALPN select callback function
- * @param arg - ALPN select callback function entry private data point
- *
- * @return none
- */
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
-                                      int (*cb) (SSL *ssl,
-                                                 unsigned char **out,
-                                                 unsigned char *outlen,
-                                                 const unsigned char *in,
-                                                 unsigned int inlen,
-                                                 void *arg),
-                                      void *arg);
-
-/**
- * @brief initialize the SSL library
- *
- * @param none
- *
- * @return none
- */
-void SSL_library_init(void);
-
-/**
- * @brief generates a human-readable string representing the error code e
- *        and store it into the "ret" point memory
- *
- * @param e   - error code
- * @param ret - memory point to store the string
- *
- * @return the result string point
- */
-char *ERR_error_string(unsigned long e, char *ret);
-
-/**
- * @brief add the SSL context option
- *
- * @param ctx - SSL context point
- * @param opt - new SSL context option
- *
- * @return the SSL context option
- */
-unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt);
-
-/**
- * @brief add the SSL context mode
- *
- * @param ctx - SSL context point
- * @param mod - new SSL context mod
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_set_mode(SSL_CTX *ctx, int mod);
-
-/*
-}
-*/
-
-/**
- * @brief perform the SSL handshake
- *
- * @param ssl - SSL point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- *    -1 : a error catch
- */
-int SSL_do_handshake(SSL *ssl);
-
-/**
- * @brief get the SSL current version
- *
- * @param ssl - SSL point
- *
- * @return the version string
- */
-const char *SSL_get_version(const SSL *ssl);
-
-/**
- * @brief set  the SSL context version
- *
- * @param ctx  - SSL context point
- * @param meth - SSL method point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
-
-/**
- * @brief get the bytes numbers which are to be read
- *
- * @param ssl  - SSL point
- *
- * @return bytes number
- */
-int SSL_pending(const SSL *ssl);
-
-/**
- * @brief check if SSL want nothing
- *
- * @param ssl - SSL point
- *
- * @return result
- *     0 : false
- *     1 : true
- */
-int SSL_want_nothing(const SSL *ssl);
-
-/**
- * @brief check if SSL want to read
- *
- * @param ssl - SSL point
- *
- * @return result
- *     0 : false
- *     1 : true
- */
-int SSL_want_read(const SSL *ssl);
-
-/**
- * @brief check if SSL want to write
- *
- * @param ssl - SSL point
- *
- * @return result
- *     0 : false
- *     1 : true
- */
-int SSL_want_write(const SSL *ssl);
-
-/**
- * @brief get the SSL context current method
- *
- * @param ctx - SSL context point
- *
- * @return the SSL context current method
- */
-const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);
-
-/**
- * @brief get the SSL current method
- *
- * @param ssl - SSL point
- *
- * @return the SSL current method
- */
-const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
-
-/**
- * @brief set the SSL method
- *
- * @param ssl  - SSL point
- * @param meth - SSL method point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method);
-
-/**
- * @brief add CA client certification into the SSL
- *
- * @param ssl - SSL point
- * @param x   - CA certification point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_add_client_CA(SSL *ssl, X509 *x);
-
-/**
- * @brief add CA client certification into the SSL context
- *
- * @param ctx - SSL context point
- * @param x   - CA certification point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
-
-/**
- * @brief set the SSL CA certification list
- *
- * @param ssl       - SSL point
- * @param name_list - CA certification list
- *
- * @return none
- */
-void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list);
-
-/**
- * @brief set the SSL context CA certification list
- *
- * @param ctx       - SSL context point
- * @param name_list - CA certification list
- *
- * @return none
- */
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
-
-/**
- * @briefget the SSL CA certification list
- *
- * @param ssl - SSL point
- *
- * @return CA certification list
- */
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl);
-
-/**
- * @brief get the SSL context CA certification list
- *
- * @param ctx - SSL context point
- *
- * @return CA certification list
- */
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
-
-/**
- * @brief get the SSL certification point
- *
- * @param ssl - SSL point
- *
- * @return SSL certification point
- */
-X509 *SSL_get_certificate(const SSL *ssl);
-
-/**
- * @brief get the SSL private key point
- *
- * @param ssl - SSL point
- *
- * @return SSL private key point
- */
-EVP_PKEY *SSL_get_privatekey(const SSL *ssl);
-
-/**
- * @brief set the SSL information callback function
- *
- * @param ssl - SSL point
- * @param cb  - information callback function
- *
- * @return none
- */
-void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val));
-
-/**
- * @brief get the SSL state
- *
- * @param ssl - SSL point
- *
- * @return SSL state
- */
-OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
-
-/**
- * @brief set the SSL context read buffer length
- *
- * @param ctx - SSL context point
- * @param len - read buffer length
- *
- * @return none
- */
-void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
-
-/**
- * @brief set the SSL read buffer length
- *
- * @param ssl - SSL point
- * @param len - read buffer length
- *
- * @return none
- */
-void SSL_set_default_read_buffer_len(SSL *ssl, size_t len);
-
-/**
- * @brief set the SSL security level
- *
- * @param ssl   - SSL point
- * @param level - security level
- *
- * @return none
- */
-void SSL_set_security_level(SSL *ssl, int level);
-
-/**
- * @brief get the SSL security level
- *
- * @param ssl - SSL point
- *
- * @return security level
- */
-int SSL_get_security_level(const SSL *ssl);
-
-/**
- * @brief get the SSL verifying mode of the SSL context
- *
- * @param ctx - SSL context point
- *
- * @return verifying mode
- */
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
-
-/**
- * @brief get the SSL verifying depth of the SSL context
- *
- * @param ctx - SSL context point
- *
- * @return verifying depth
- */
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-
-/**
- * @brief set the SSL context verifying of the SSL context
- *
- * @param ctx             - SSL context point
- * @param mode            - verifying mode
- * @param verify_callback - verifying callback function
- *
- * @return none
- */
-void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *));
-
-/**
- * @brief set the SSL verifying of the SSL context
- *
- * @param ctx             - SSL point
- * @param mode            - verifying mode
- * @param verify_callback - verifying callback function
- *
- * @return none
- */
-void SSL_set_verify(SSL *s, int mode, int (*verify_callback)(int, X509_STORE_CTX *));
-
-/**
- * @brief set the SSL verify depth of the SSL context
- *
- * @param ctx   - SSL context point
- * @param depth - verifying depth
- *
- * @return none
- */
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
-
-/**
- * @brief certification verifying callback function
- *
- * @param preverify_ok - verifying result
- * @param x509_ctx     - X509 certification point
- *
- * @return verifying result
- */
-int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx);
-
-/**
- * @brief set the session timeout time
- *
- * @param ctx - SSL context point
- * @param t   - new session timeout time
- *
- * @return old session timeout time
- */
-long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
-
-/**
- * @brief get the session timeout time
- *
- * @param ctx - SSL context point
- *
- * @return current session timeout time
- */
-long SSL_CTX_get_timeout(const SSL_CTX *ctx);
-
-/**
- * @brief set the SSL context cipher through the list string
- *
- * @param ctx - SSL context point
- * @param str - cipher controller list string
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
-
-/**
- * @brief set the SSL cipher through the list string
- *
- * @param ssl - SSL point
- * @param str - cipher controller list string
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_set_cipher_list(SSL *ssl, const char *str);
-
-/**
- * @brief get the SSL cipher list string
- *
- * @param ssl - SSL point
- *
- * @return cipher controller list string
- */
-const char *SSL_get_cipher_list(const SSL *ssl, int n);
-
-/**
- * @brief get the SSL cipher
- *
- * @param ssl - SSL point
- *
- * @return current cipher
- */
-const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
-
-/**
- * @brief get the SSL cipher string
- *
- * @param ssl - SSL point
- *
- * @return cipher string
- */
-const char *SSL_get_cipher(const SSL *ssl);
-
-/**
- * @brief get the SSL context object X509 certification storage
- *
- * @param ctx - SSL context point
- *
- * @return x509 certification storage
- */
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
-
-/**
- * @brief set the SSL context object X509 certification store
- *
- * @param ctx   - SSL context point
- * @param store - X509 certification store
- *
- * @return none
- */
-void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
-
-/**
- * @brief get the SSL specifical statement
- *
- * @param ssl - SSL point
- *
- * @return specifical statement
- */
-int SSL_want(const SSL *ssl);
-
-/**
- * @brief check if the SSL is SSL_X509_LOOKUP state
- *
- * @param ssl - SSL point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_want_x509_lookup(const SSL *ssl);
-
-/**
- * @brief reset the SSL
- *
- * @param ssl - SSL point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_clear(SSL *ssl);
-
-/**
- * @brief get the socket handle of the SSL
- *
- * @param ssl - SSL point
- *
- * @return result
- *     >= 0 : yes, and return socket handle
- *      < 0 : a error catch
- */
-int SSL_get_fd(const SSL *ssl);
-
-/**
- * @brief get the read only socket handle of the SSL
- *
- * @param ssl - SSL point
- *
- * @return result
- *     >= 0 : yes, and return socket handle
- *      < 0 : a error catch
- */
-int SSL_get_rfd(const SSL *ssl);
-
-/**
- * @brief get the write only socket handle of the SSL
- *
- * @param ssl - SSL point
- *
- * @return result
- *     >= 0 : yes, and return socket handle
- *      < 0 : a error catch
- */
-int SSL_get_wfd(const SSL *ssl);
-
-/**
- * @brief set the SSL if we can read as many as data
- *
- * @param ssl - SSL point
- * @param yes - enable the function
- *
- * @return none
- */
-void SSL_set_read_ahead(SSL *s, int yes);
-
-/**
- * @brief set the SSL context if we can read as many as data
- *
- * @param ctx - SSL context point
- * @param yes - enbale the function
- *
- * @return none
- */
-void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes);
-
-/**
- * @brief get the SSL ahead signal if we can read as many as data
- *
- * @param ssl - SSL point
- *
- * @return SSL context ahead signal
- */
-int SSL_get_read_ahead(const SSL *ssl);
-
-/**
- * @brief get the SSL context ahead signal if we can read as many as data
- *
- * @param ctx - SSL context point
- *
- * @return SSL context ahead signal
- */
-long SSL_CTX_get_read_ahead(SSL_CTX *ctx);
-
-/**
- * @brief check if some data can be read
- *
- * @param ssl - SSL point
- *
- * @return
- *         1 : there are bytes to be read
- *         0 : no data
- */
-int SSL_has_pending(const SSL *ssl);
-
-/**
- * @brief load the X509 certification into SSL context
- *
- * @param ctx - SSL context point
- * @param x   - X509 certification point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);//loads the certificate x into ctx
-
-/**
- * @brief load the ASN1 certification into SSL context
- *
- * @param ctx - SSL context point
- * @param len - certification length
- * @param d   - data point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
-
-/**
- * @brief load the certification file into SSL context
- *
- * @param ctx  - SSL context point
- * @param file - certification file name
- * @param type - certification encoding type
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
-
-/**
- * @brief load the certification chain file into SSL context
- *
- * @param ctx  - SSL context point
- * @param file - certification chain file name
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
-
-
-/**
- * @brief load the ASN1 private key into SSL context
- *
- * @param ctx - SSL context point
- * @param d   - data point
- * @param len - private key length
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d,  long len);//adds the private key of type pk stored at memory location d (length len) to ctx
-
-/**
- * @brief load the private key file into SSL context
- *
- * @param ctx  - SSL context point
- * @param file - private key file name
- * @param type - private key encoding type
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-
-/**
- * @brief load the RSA private key into SSL context
- *
- * @param ctx - SSL context point
- * @param x   - RSA private key point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-
-/**
- * @brief load the RSA ASN1 private key into SSL context
- *
- * @param ctx - SSL context point
- * @param d   - data point
- * @param len - RSA private key length
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
-
-/**
- * @brief load the RSA private key file into SSL context
- *
- * @param ctx  - SSL context point
- * @param file - RSA private key file name
- * @param type - private key encoding type
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-
-
-/**
- * @brief check if the private key and certification is matched
- *
- * @param ctx  - SSL context point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_check_private_key(const SSL_CTX *ctx);
-
-/**
- * @brief set the SSL context server information
- *
- * @param ctx               - SSL context point
- * @param serverinfo        - server information string
- * @param serverinfo_length - server information length
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, size_t serverinfo_length);
-
-/**
- * @brief load  the SSL context server infomation file into SSL context
- *
- * @param ctx  - SSL context point
- * @param file - server information file
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
-
-/**
- * @brief SSL select next function
- *
- * @param out        - point of output data point
- * @param outlen     - output data length
- * @param in         - input data
- * @param inlen      - input data length
- * @param client     - client data point
- * @param client_len -client data length
- *
- * @return NPN state
- *         OPENSSL_NPN_UNSUPPORTED : not support
- *         OPENSSL_NPN_NEGOTIATED  : negotiated
- *         OPENSSL_NPN_NO_OVERLAP  : no overlap
- */
-int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-                          const unsigned char *in, unsigned int inlen,
-                          const unsigned char *client, unsigned int client_len);
-
-/**
- * @brief load the extra certification chain into the SSL context
- *
- * @param ctx  - SSL context point
- * @param x509 - X509 certification
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *);
-
-/**
- * @brief control the SSL context
- *
- * @param ctx  - SSL context point
- * @param cmd  - command
- * @param larg - parameter length
- * @param parg - parameter point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);
-
-/**
- * @brief get the SSL context cipher
- *
- * @param ctx - SSL context point
- *
- * @return SSL context cipher
- */
-STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
-
-/**
- * @brief check if the SSL context can read as many as data
- *
- * @param ctx - SSL context point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);
-
-/**
- * @brief get the SSL context extra data
- *
- * @param ctx - SSL context point
- * @param idx - index
- *
- * @return data point
- */
-char *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx);
-
-/**
- * @brief get the SSL context quiet shutdown option
- *
- * @param ctx - SSL context point
- *
- * @return quiet shutdown option
- */
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
-
-/**
- * @brief load the SSL context CA file
- *
- * @param ctx    - SSL context point
- * @param CAfile - CA certification file
- * @param CApath - CA certification file path
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath);
-
-/**
- * @brief add SSL context reference count by '1'
- *
- * @param ctx - SSL context point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_up_ref(SSL_CTX *ctx);
-
-/**
- * @brief set SSL context application private data
- *
- * @param ctx - SSL context point
- * @param arg - private data
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);
-
-/**
- * @brief set SSL context client certification callback function
- *
- * @param ctx - SSL context point
- * @param cb  - callback function
- *
- * @return none
- */
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
-
-/**
- * @brief set the SSL context if we can read as many as data
- *
- * @param ctx - SSL context point
- * @param m   - enable the fuction
- *
- * @return none
- */
-void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);
-
-/**
- * @brief set SSL context default verifying path
- *
- * @param ctx - SSL context point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-
-/**
- * @brief set SSL context default verifying directory
- *
- * @param ctx - SSL context point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
-
-/**
- * @brief set SSL context default verifying file
- *
- * @param ctx - SSL context point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
-
-/**
- * @brief set SSL context extra data
- *
- * @param ctx - SSL context point
- * @param idx - data index
- * @param arg - data point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);
-
-/**
- * @brief clear the SSL context option bit of "op"
- *
- * @param ctx - SSL context point
- * @param op  - option
- *
- * @return SSL context option
- */
-unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
-
-/**
- * @brief get the SSL context option
- *
- * @param ctx - SSL context point
- * @param op  - option
- *
- * @return SSL context option
- */
-unsigned long SSL_CTX_get_options(SSL_CTX *ctx);
-
-/**
- * @brief set the SSL context quiet shutdown mode
- *
- * @param ctx  - SSL context point
- * @param mode - mode
- *
- * @return none
- */
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
-
-/**
- * @brief get the SSL context X509 certification
- *
- * @param ctx - SSL context point
- *
- * @return X509 certification
- */
-X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
-
-/**
- * @brief get the SSL context private key
- *
- * @param ctx - SSL context point
- *
- * @return private key
- */
-EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
-
-/**
- * @brief set SSL context PSK identity hint
- *
- * @param ctx  - SSL context point
- * @param hint - PSK identity hint
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
-
-/**
- * @brief set SSL context PSK server callback function
- *
- * @param ctx      - SSL context point
- * @param callback - callback function
- *
- * @return none
- */
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
-                                     unsigned int (*callback)(SSL *ssl,
-                                                              const char *identity,
-                                                              unsigned char *psk,
-                                                              int max_psk_len));
-/**
- * @brief get alert description string
- *
- * @param value - alert value
- *
- * @return alert description string
- */
-const char *SSL_alert_desc_string(int value);
-
-/**
- * @brief get alert description long string
- *
- * @param value - alert value
- *
- * @return alert description long string
- */
-const char *SSL_alert_desc_string_long(int value);
-
-/**
- * @brief get alert type string
- *
- * @param value - alert value
- *
- * @return alert type string
- */
-const char *SSL_alert_type_string(int value);
-
-/**
- * @brief get alert type long string
- *
- * @param value - alert value
- *
- * @return alert type long string
- */
-const char *SSL_alert_type_string_long(int value);
-
-/**
- * @brief get SSL context of the SSL
- *
- * @param ssl - SSL point
- *
- * @return SSL context
- */
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
-
-/**
- * @brief get SSL application data
- *
- * @param ssl - SSL point
- *
- * @return application data
- */
-void *SSL_get_app_data(SSL *ssl);
-
-/**
- * @brief get SSL error code
- *
- * @param ssl       - SSL point
- * @param ret_code  - SSL return code
- *
- * @return SSL error number
- */
-int SSL_get_error(const SSL *ssl, int ret_code);
-
-/**
- * @brief get SSL cipher bits
- *
- * @param ssl - SSL point
- * @param alg_bits - algorithm bits
- *
- * @return strength bits
- */
-int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits);
-
-/**
- * @brief get SSL cipher name
- *
- * @param ssl - SSL point
- *
- * @return SSL cipher name
- */
-char *SSL_get_cipher_name(const SSL *ssl);
-
-/**
- * @brief get SSL cipher version
- *
- * @param ssl - SSL point
- *
- * @return SSL cipher version
- */
-char *SSL_get_cipher_version(const SSL *ssl);
-
-/**
- * @brief get SSL extra data
- *
- * @param ssl - SSL point
- * @param idx - data index
- *
- * @return extra data
- */
-char *SSL_get_ex_data(const SSL *ssl, int idx);
-
-/**
- * @brief get index of the SSL extra data X509 storage context
- *
- * @param none
- *
- * @return data index
- */
-int SSL_get_ex_data_X509_STORE_CTX_idx(void);
-
-/**
- * @brief get peer certification chain
- *
- * @param ssl - SSL point
- *
- * @return certification chain
- */
-STACK *SSL_get_peer_cert_chain(const SSL *ssl);
-
-/**
- * @brief get peer certification
- *
- * @param ssl - SSL point
- *
- * @return certification
- */
-X509 *SSL_get_peer_certificate(const SSL *ssl);
-
-/**
- * @brief get SSL quiet shutdown mode
- *
- * @param ssl - SSL point
- *
- * @return quiet shutdown mode
- */
-int SSL_get_quiet_shutdown(const SSL *ssl);
-
-/**
- * @brief get SSL read only IO handle
- *
- * @param ssl - SSL point
- *
- * @return IO handle
- */
-BIO *SSL_get_rbio(const SSL *ssl);
-
-/**
- * @brief get SSL shared ciphers
- *
- * @param ssl - SSL point
- * @param buf - buffer to store the ciphers
- * @param len - buffer len
- *
- * @return shared ciphers
- */
-char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len);
-
-/**
- * @brief get SSL shutdown mode
- *
- * @param ssl - SSL point
- *
- * @return shutdown mode
- */
-int SSL_get_shutdown(const SSL *ssl);
-
-/**
- * @brief get SSL session time
- *
- * @param ssl - SSL point
- *
- * @return session time
- */
-long SSL_get_time(const SSL *ssl);
-
-/**
- * @brief get SSL session timeout time
- *
- * @param ssl - SSL point
- *
- * @return session timeout time
- */
-long SSL_get_timeout(const SSL *ssl);
-
-/**
- * @brief get SSL verifying mode
- *
- * @param ssl - SSL point
- *
- * @return verifying mode
- */
-int SSL_get_verify_mode(const SSL *ssl);
-
-/**
- * @brief get SSL verify parameters
- *
- * @param ssl - SSL point
- *
- * @return verify parameters
- */
-X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
-
-/**
- * @brief set expected hostname the peer cert CN should have
- *
- * @param param - verify parameters from SSL_get0_param()
- *
- * @param name - the expected hostname
- *
- * @param namelen - the length of the hostname, or 0 if NUL terminated
- *
- * @return verify parameters
- */
-int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
-                                const char *name, size_t namelen);
-
-/**
- * @brief set parameters for X509 host verify action
- *
- * @param param -verify parameters from SSL_get0_param()
- *
- * @param flags - bitfield of X509_CHECK_FLAG_... parameters to set
- *
- * @return 1 for success, 0 for failure
- */
-int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
-                    unsigned long flags);
-
-/**
- * @brief clear parameters for X509 host verify action
- *
- * @param param -verify parameters from SSL_get0_param()
- *
- * @param flags - bitfield of X509_CHECK_FLAG_... parameters to clear
- *
- * @return 1 for success, 0 for failure
- */
-int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
-                      unsigned long flags);
-
-/**
- * @brief get SSL write only IO handle
- *
- * @param ssl - SSL point
- *
- * @return IO handle
- */
-BIO *SSL_get_wbio(const SSL *ssl);
-
-/**
- * @brief load SSL client CA certification file
- *
- * @param file - file name
- *
- * @return certification loading object
- */
-STACK *SSL_load_client_CA_file(const char *file);
-
-/**
- * @brief add SSL reference by '1'
- *
- * @param ssl - SSL point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_up_ref(SSL *ssl);
-
-/**
- * @brief read and put data into buf, but not clear the SSL low-level storage
- *
- * @param ssl - SSL point
- * @param buf - storage buffer point
- * @param num - data bytes
- *
- * @return result
- *     > 0 : OK, and return read bytes
- *     = 0 : connect is closed
- *     < 0 : a error catch
- */
-int SSL_peek(SSL *ssl, void *buf, int num);
-
-/**
- * @brief make SSL renegotiate
- *
- * @param ssl - SSL point
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_renegotiate(SSL *ssl);
-
-/**
- * @brief get the state string where SSL is reading
- *
- * @param ssl - SSL point
- *
- * @return state string
- */
-const char *SSL_rstate_string(SSL *ssl);
-
-/**
- * @brief get the statement long string where SSL is reading
- *
- * @param ssl - SSL point
- *
- * @return statement long string
- */
-const char *SSL_rstate_string_long(SSL *ssl);
-
-/**
- * @brief set SSL accept statement
- *
- * @param ssl - SSL point
- *
- * @return none
- */
-void SSL_set_accept_state(SSL *ssl);
-
-/**
- * @brief set SSL application data
- *
- * @param ssl - SSL point
- * @param arg - SSL application data point
- *
- * @return none
- */
-void SSL_set_app_data(SSL *ssl, void *arg);
-
-/**
- * @brief set SSL BIO
- *
- * @param ssl  - SSL point
- * @param rbio - read only IO
- * @param wbio - write only IO
- *
- * @return none
- */
-void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
-
-/**
- * @brief clear SSL option
- *
- * @param ssl - SSL point
- * @param op  - clear option
- *
- * @return SSL option
- */
-unsigned long SSL_clear_options(SSL *ssl, unsigned long op);
-
-/**
- * @brief get SSL option
- *
- * @param ssl - SSL point
- *
- * @return SSL option
- */
-unsigned long SSL_get_options(SSL *ssl);
-
-/**
- * @brief clear SSL option
- *
- * @param ssl - SSL point
- * @param op  - setting option
- *
- * @return SSL option
- */
-unsigned long SSL_set_options(SSL *ssl, unsigned long op);
-
-/**
- * @brief set SSL quiet shutdown mode
- *
- * @param ssl  - SSL point
- * @param mode - quiet shutdown mode
- *
- * @return none
- */
-void SSL_set_quiet_shutdown(SSL *ssl, int mode);
-
-/**
- * @brief set SSL shutdown mode
- *
- * @param ssl  - SSL point
- * @param mode - shutdown mode
- *
- * @return none
- */
-void SSL_set_shutdown(SSL *ssl, int mode);
-
-/**
- * @brief set SSL session time
- *
- * @param ssl - SSL point
- * @param t   - session time
- *
- * @return session time
- */
-void SSL_set_time(SSL *ssl, long t);
-
-/**
- * @brief set SSL session timeout time
- *
- * @param ssl - SSL point
- * @param t   - session timeout time
- *
- * @return session timeout time
- */
-void SSL_set_timeout(SSL *ssl, long t);
-
-/**
- * @brief get SSL statement string
- *
- * @param ssl - SSL point
- *
- * @return SSL statement string
- */
-const char *SSL_state_string(const SSL *ssl);
-
-/**
- * @brief get SSL statement long string
- *
- * @param ssl - SSL point
- *
- * @return SSL statement long string
- */
-char *SSL_state_string_long(const SSL *ssl);
-
-/**
- * @brief get SSL renegotiation count
- *
- * @param ssl - SSL point
- *
- * @return renegotiation count
- */
-long SSL_total_renegotiations(SSL *ssl);
-
-/**
- * @brief get SSL version
- *
- * @param ssl - SSL point
- *
- * @return SSL version
- */
-int SSL_version(const SSL *ssl);
-
-/**
- * @brief set SSL PSK identity hint
- *
- * @param ssl  - SSL point
- * @param hint - identity hint
- *
- * @return result
- *     1 : OK
- *     0 : failed
- */
-int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
-
-/**
- * @brief get SSL PSK identity hint
- *
- * @param ssl - SSL point
- *
- * @return identity hint
- */
-const char *SSL_get_psk_identity_hint(SSL *ssl);
-
-/**
- * @brief get SSL PSK identity
- *
- * @param ssl - SSL point
- *
- * @return identity
- */
-const char *SSL_get_psk_identity(SSL *ssl);
-
-/**
- * @brief set the SSL verify depth of the SSL
- *
- * @param ssl - SSL context
- * @param depth - Depth level to verify
- *
- */
-void SSL_set_verify_depth(SSL *ssl, int depth);
-
-/**
- * @brief Get default verify callback
- *
- * @param ctx             - SSL context
- * @return verify_callback - verifying callback function
- *
- */
-openssl_verify_callback SSL_CTX_get_verify_callback(const SSL_CTX *ctx);
-
-/**
- * @brief Get default verify callback
- *
- * @param ctx             - SSL context
- * @return verify_callback - verifying callback function
- *
- */
-openssl_verify_callback SSL_get_verify_callback(const SSL *s);
-
-/**
- * @brief Frees RSA object
- *
- * Current implementation calls directly EVP_PKEY free
- *
- * @param r RSA object
- *
- */
-void RSA_free(RSA *r);
-
-/**
- * @brief Sets SSL mode, partially implemented
- *
- * @param ssl SSL context
- *
- * @return the new mode bitmask after adding mode
- */
-uint32_t SSL_set_mode(SSL *ssl, uint32_t mode);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

components/openssl/include/platform/ssl_opt.h

@@ -1,20 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _SSL_OPT_H_
-#define _SSL_OPT_H_
-
-#include "sdkconfig.h"
-
-#endif

components/openssl/include/platform/ssl_pm.h

@@ -1,63 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _SSL_PM_H_
-#define _SSL_PM_H_
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#include <string.h>
-#include "ssl_types.h"
-#include "ssl_port.h"
-
-#define LOCAL_ATRR
-
-int ssl_pm_new(SSL *ssl);
-void ssl_pm_free(SSL *ssl);
-
-int ssl_pm_handshake(SSL *ssl);
-int ssl_pm_shutdown(SSL *ssl);
-int ssl_pm_clear(SSL *ssl);
-
-int ssl_pm_read(SSL *ssl, void *buffer, int len);
-int ssl_pm_send(SSL *ssl, const void *buffer, int len);
-int ssl_pm_pending(const SSL *ssl);
-
-void ssl_pm_set_fd(SSL *ssl, int fd, int mode);
-int ssl_pm_get_fd(const SSL *ssl, int mode);
-
-void ssl_pm_set_hostname(SSL *ssl, const char *hostname);
-
-OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl);
-
-void ssl_pm_set_bufflen(SSL *ssl, int len);
-
-int x509_pm_show_info(X509 *x);
-int x509_pm_new(X509 *x, X509 *m_x);
-void x509_pm_free(X509 *x);
-int x509_pm_load(X509 *x, const unsigned char *buffer, int len);
-
-int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pk);
-void pkey_pm_free(EVP_PKEY *pk);
-int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len);
-
-long ssl_pm_get_verify_result(const SSL *ssl);
-
-#ifdef __cplusplus
- }
-#endif
-
-#endif

components/openssl/include/platform/ssl_port.h

@@ -1,45 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _SSL_PORT_H_
-#define _SSL_PORT_H_
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-#include "esp_types.h"
-#include "esp_log.h"
-#include "string.h"
-#include "malloc.h"
-
-void *ssl_mem_zalloc(size_t size);
-
-#define ssl_mem_malloc malloc
-#define ssl_mem_free   free
-
-#define ssl_memcpy     memcpy
-#define ssl_strlen     strlen
-
-#define ssl_speed_up_enter()
-#define ssl_speed_up_exit()
-
-#define SSL_DEBUG_FL
-#define SSL_DEBUG_LOG(fmt, ...) ESP_LOGI("openssl", fmt, ##__VA_ARGS__)
-
-#ifdef __cplusplus
- }
-#endif
-
-#endif

components/openssl/library/ssl_bio.c

@@ -1,209 +0,0 @@
-// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "ssl_lib.h"
-#include "openssl/bio.h"
-#include "ssl_dbg.h"
-#include "openssl/err.h"
-
-#define DEFAULT_BIO_SIZE 1024
-
-BIO *BIO_new_mem_buf(void *buf, int len)
-{
-    BIO_METHOD m = { .type = BIO_TYPE_MEM, .size = 0 };
-    BIO *b = BIO_new(&m);
-    if (b) {
-        b->dlen = len;
-        b->data = buf;
-    }
-    return b;
-}
-
-/**
- * @brief create a BIO object
- */
-BIO *BIO_new(BIO_METHOD * method)
-{
-    BIO *b = (BIO *)ssl_mem_zalloc(sizeof(BIO));
-    if (!b) {
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    if (method) {
-        b->size = method->size;
-        b->type = method->type;
-    } else {
-        b->type = BIO_TYPE_NONE;
-    }
-    if ((b->type & BIO_TYPE_BIO) && b->size) {
-        b->data = ssl_mem_zalloc(b->size);
-        if (!b->data) {
-            OPENSSL_PUT_LIB_ERROR(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-    }
-    return b;
-
-err:
-    if (b && (b->type&BIO_TYPE_BIO)) {
-        ssl_mem_free(b->data);
-    }
-    ssl_mem_free(b);
-    return NULL;
-}
-
-/**
- * @brief free a BIO object
- */
-void BIO_free(BIO *b)
-{
-    if (b && (b->type&BIO_TYPE_BIO)) {
-        ssl_mem_free(b->data);
-    }
-    ssl_mem_free(b);
-}
-
-int BIO_new_bio_pair(BIO **out1, size_t writebuf1, BIO **out2, size_t writebuf2)
-{
-    BIO *bio1 = NULL;
-    BIO *bio2 = NULL;
-    if (!writebuf1) {
-        writebuf1 = DEFAULT_BIO_SIZE;
-    }
-    if (!writebuf2) {
-        writebuf2 = DEFAULT_BIO_SIZE;
-    }
-    BIO_METHOD m1 = {
-            .size = writebuf1,
-            .type = BIO_TYPE_BIO,
-    };
-    BIO_METHOD m2 = {
-            .size = writebuf1,
-            .type = BIO_TYPE_BIO,
-    };
-    bio1 = BIO_new(&m1);
-    if (!bio1) {
-        goto err;
-    }
-    bio2 = BIO_new(&m2);
-    if (!bio2) {
-        goto err;
-    }
-    *out1 = bio1;
-    *out2 = bio2;
-    bio1->peer = bio2;
-    bio1->size = writebuf1;
-    bio2->peer = bio1;
-    bio2->size = writebuf2;
-    return 1;
-
-err:
-    if (bio1)
-    {
-        BIO_free(bio1);
-        *out1 = NULL;
-    }
-    if (bio2)
-    {
-        BIO_free(bio2);
-        *out2 = NULL;
-    }
-    return 0;
-
-}
-
-/**
- * @brief get the memory BIO method function
- */
-void *BIO_s_mem(void)
-{
-    return NULL;
-}
-
-int BIO_method_type(const BIO *b)
-{
-    SSL_ASSERT1(b);
-    return b->type;
-}
-
-/**
- * @brief load data into BIO.
- *
- */
-int BIO_write(BIO *b, const void * data, int dlen)
-{
-    SSL_ASSERT1(b);
-    int remaining = b->size - b->offset;
-    if (remaining <= 0) {
-        b->flags |= BIO_FLAGS_WRITE;
-        return -1;
-    }
-    int len_to_write = dlen > remaining?remaining:dlen;
-    memcpy(b->data + b->offset, data, len_to_write);
-    b->offset += len_to_write;
-    b->dlen = b->offset;
-    if (len_to_write == dlen) {
-        b->flags &= ~BIO_FLAGS_WRITE;
-    }
-    return len_to_write;
-}
-
-/**
- * @brief Read from BIO.
- *
- */
-int BIO_read(BIO *bio, void *data, int len)
-{
-    SSL_ASSERT1(bio);
-    BIO *peer = bio->peer;
-    int remaining = peer->dlen - peer->roffset;
-    if (remaining <= 0) {
-        bio->flags |= BIO_FLAGS_READ;
-        return -1;
-    }
-    int len_to_read = remaining > len ? len : remaining;
-    memcpy(data, peer->data + peer->roffset, len_to_read);
-    peer->roffset += len_to_read;
-    if (len_to_read == len) {
-        bio->flags &= ~BIO_FLAGS_READ;
-    }
-    if (peer->offset) {
-        // shift data back to the beginning of the buffer
-        memmove(peer->data, peer->data+peer->roffset, peer->offset - peer->roffset);
-        peer->offset -= peer->roffset;
-        peer->roffset = 0;
-        peer->dlen = peer->offset;
-    }
-    return len_to_read;
-}
-
-size_t BIO_wpending(const BIO *bio)
-{
-    return bio->dlen - bio->roffset;
-}
-
-size_t BIO_ctrl_pending(const BIO *bio)
-{
-    return bio->peer->dlen - bio->peer->roffset;
-}
-
-size_t BIO_ctrl_get_write_guarantee(BIO *b)
-{
-    return (long)b->size - b->dlen;
-}
-
-int  BIO_test_flags(const BIO *b, int flags)
-{
-    return (b->flags & flags);
-}

components/openssl/library/ssl_cert.c

@@ -1,87 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "ssl_cert.h"
-#include "ssl_pkey.h"
-#include "ssl_x509.h"
-#include "ssl_dbg.h"
-#include "ssl_port.h"
-
-/**
- * @brief create a certification object according to input certification
- */
-CERT *__ssl_cert_new(CERT *ic)
-{
-    CERT *cert;
-
-    X509 *ix;
-    EVP_PKEY *ipk;
-
-    cert = ssl_mem_zalloc(sizeof(CERT));
-    if (!cert) {
-        SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "no enough memory > (cert)");
-        goto no_mem;
-    }
-
-    if (ic) {
-        ipk = ic->pkey;
-        ix = ic->x509;
-    } else {
-        ipk = NULL;
-        ix = NULL;
-    }
-
-    cert->pkey = __EVP_PKEY_new(ipk);
-    if (!cert->pkey) {
-        SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__EVP_PKEY_new() return NULL");
-        goto pkey_err;
-    }
-
-    cert->x509 = __X509_new(ix);
-    if (!cert->x509) {
-        SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__X509_new() return NULL");
-        goto x509_err;
-    }
-
-    return cert;
-
-x509_err:
-    EVP_PKEY_free(cert->pkey);
-pkey_err:
-    ssl_mem_free(cert);
-no_mem:
-    return NULL;
-}
-
-/**
- * @brief create a certification object include private key object
- */
-CERT *ssl_cert_new(void)
-{
-    return __ssl_cert_new(NULL);
-}
-
-/**
- * @brief free a certification object
- */
-void ssl_cert_free(CERT *cert)
-{
-    SSL_ASSERT3(cert);
-
-    X509_free(cert->x509);
-
-    EVP_PKEY_free(cert->pkey);
-
-    ssl_mem_free(cert);
-}

components/openssl/library/ssl_err.c

@@ -1,120 +0,0 @@
-// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "ssl_dbg.h"
-
-struct err_error_st {
-    /* file contains the filename where the error occurred. */
-    const char *file;
-    /* packed contains the error library and reason, as packed by ERR_PACK. */
-    uint32_t packed;
-    /* line contains the line number where the error occurred. */
-    uint32_t line;
-};
-
-#define ERR_NUM_ERRORS 4
-
-typedef struct err_state_st {
-    /* errors contains the ERR_NUM_ERRORS most recent errors, organised as a ring
-     * buffer. */
-    struct err_error_st errors[ERR_NUM_ERRORS];
-    /* top contains the index one past the most recent error. If |top| equals
-     * |bottom| then the queue is empty. */
-    unsigned top;
-    /* bottom contains the index of the last error in the queue. */
-    unsigned bottom;
-} ERR_STATE;
-
-#if CONFIG_OPENSSL_ERROR_STACK
-static ERR_STATE s_err_state = { 0 };
-#endif
-
-void ERR_clear_error(void)
-{
-#if CONFIG_OPENSSL_ERROR_STACK
-    memset(&s_err_state.errors[0], 0, sizeof(struct err_state_st));
-    s_err_state.top = s_err_state.bottom = 0;
-#endif
-}
-
-static uint32_t ERR_get_peek_error_internal(const char **file, int *line, bool peak)
-{
-#if CONFIG_OPENSSL_ERROR_STACK
-    if (s_err_state.top == s_err_state.bottom) {
-        return 0;
-    }
-    unsigned new_bottom = (s_err_state.bottom + 1) % ERR_NUM_ERRORS;
-    int err = s_err_state.errors[new_bottom].packed;
-
-    if (file) {
-        *file = s_err_state.errors[new_bottom].file;
-    }
-    if (line) {
-        *line = s_err_state.errors[new_bottom].line;
-    }
-
-    if (peak == false) {
-        memset(&s_err_state.errors[new_bottom], 0, sizeof(struct err_error_st));
-        s_err_state.bottom = new_bottom;
-    }
-
-    return err;
-#else
-    return 0;
-#endif
-}
-
-uint32_t ERR_get_error(void)
-{
-    return ERR_get_peek_error_internal(NULL, NULL, false);
-}
-
-uint32_t ERR_peek_error(void)
-{
-    return ERR_get_peek_error_internal(NULL, NULL, true);
-}
-
-uint32_t ERR_peek_last_error(void)
-{
-    return ERR_get_peek_error_internal(NULL, NULL, true);
-}
-
-uint32_t ERR_peek_error_line_data(const char **file, int *line, const char **data, int *flags)
-{
-    return ERR_get_peek_error_internal(file, line, true);
-}
-
-uint32_t ERR_get_error_line_data(const char **file, int *line, const char **data, int *flags)
-{
-    return ERR_get_peek_error_internal(file, line, false);
-}
-
-const char *ERR_reason_error_string(uint32_t packed_error)
-{
-    return NULL;
-}
-
-void ERR_put_error(int library, int unused, int reason, const char *file, unsigned line)
-{
-#if CONFIG_OPENSSL_ERROR_STACK
-    s_err_state.top = (s_err_state.top + 1) % ERR_NUM_ERRORS;
-    if (s_err_state.top == s_err_state.bottom) {
-        s_err_state.bottom = (s_err_state.bottom + 1) % ERR_NUM_ERRORS;
-    }
-
-    s_err_state.errors[s_err_state.top].packed = (uint32_t)library<<24 | abs(reason);
-    s_err_state.errors[s_err_state.top].file = file;
-    s_err_state.errors[s_err_state.top].line = line;
-#endif
-}

components/openssl/library/ssl_lib.c

@@ -1,1684 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "ssl_lib.h"
-#include "ssl_pkey.h"
-#include "ssl_x509.h"
-#include "ssl_cert.h"
-#include "ssl_dbg.h"
-#include "ssl_port.h"
-
-#define SSL_SEND_DATA_MAX_LENGTH 1460
-
-/**
- * @brief create a new SSL session object
- */
-static SSL_SESSION* SSL_SESSION_new(void)
-{
-    SSL_SESSION *session;
-
-    session = ssl_mem_zalloc(sizeof(SSL_SESSION));
-    if (!session) {
-        SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (session)");
-        goto failed1;
-    }
-
-    session->peer = X509_new();
-    if (!session->peer) {
-       SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL");
-       goto failed2;
-    }
-
-    return session;
-
-failed2:
-    ssl_mem_free(session);
-failed1:
-    return NULL;
-}
-
-/**
- * @brief free a new SSL session object
- */
-static void SSL_SESSION_free(SSL_SESSION *session)
-{
-    X509_free(session->peer);
-    ssl_mem_free(session);
-}
-
-/**
- * @brief Discover whether the current connection is in the error state
- */
-int ossl_statem_in_error(const SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    if (ssl->statem.state == MSG_FLOW_ERROR)
-        return 1;
-
-    return 0;
-}
-
-/**
- * @brief get the SSL specifical statement
- */
-int SSL_want(const SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return ssl->rwstate;
-}
-
-/**
- * @brief check if SSL want nothing
- */
-int SSL_want_nothing(const SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return (SSL_want(ssl) == SSL_NOTHING);
-}
-
-/**
- * @brief check if SSL want to read
- */
-int SSL_want_read(const SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return (SSL_want(ssl) == SSL_READING);
-}
-
-/**
- * @brief check if SSL want to write
- */
-int SSL_want_write(const SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return (SSL_want(ssl) == SSL_WRITING);
-}
-
-/**
- * @brief check if SSL want to lookup X509 certification
- */
-int SSL_want_x509_lookup(const SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return (SSL_want(ssl) == SSL_WRITING);
-}
-
-/**
- * @brief get SSL error code
- */
-int SSL_get_error(const SSL *ssl, int ret_code)
-{
-    int ret = SSL_ERROR_SYSCALL;
-
-    SSL_ASSERT1(ssl);
-
-    if (ret_code > 0)
-        ret = SSL_ERROR_NONE;
-    else if (ret_code < 0)
-    {
-        if (SSL_want_read(ssl))
-            ret = SSL_ERROR_WANT_READ;
-        else if (SSL_want_write(ssl))
-            ret = SSL_ERROR_WANT_WRITE;
-        else
-            ret = SSL_ERROR_SYSCALL; //unknown
-    }
-    else // ret_code == 0
-    {
-        if (ssl->shutdown & SSL_RECEIVED_SHUTDOWN)
-            ret = SSL_ERROR_ZERO_RETURN;
-        else
-            ret = SSL_ERROR_SYSCALL;
-    }
-
-    return ret;
-}
-
-/**
- * @brief get the SSL state
- */
-OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
-{
-    OSSL_HANDSHAKE_STATE state;
-
-    SSL_ASSERT1(ssl);
-
-    state = SSL_METHOD_CALL(get_state, ssl);
-
-    return state;
-}
-
-/**
- * @brief create a SSL context
- */
-SSL_CTX* SSL_CTX_new(const SSL_METHOD *method)
-{
-    SSL_CTX *ctx;
-    CERT *cert;
-    X509 *client_ca;
-
-    if (!method) {
-        SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no no_method");
-        return NULL;
-    }
-
-    client_ca = X509_new();
-    if (!client_ca) {
-        SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL");
-        goto failed1;
-    }
-
-    cert = ssl_cert_new();
-    if (!cert) {
-        SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "ssl_cert_new() return NULL");
-        goto failed2;
-    }
-
-    ctx = (SSL_CTX *)ssl_mem_zalloc(sizeof(SSL_CTX));
-    if (!ctx) {
-        SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ctx)");
-        goto failed3;
-    }
-
-    ctx->method = method;
-    ctx->client_CA = client_ca;
-    ctx->cert = cert;
-
-    ctx->version = method->version;
-
-    return ctx;
-
-failed3:
-    ssl_cert_free(cert);
-failed2:
-    X509_free(client_ca);
-failed1:
-    return NULL;
-}
-
-/**
- * @brief free a SSL context
- */
-void SSL_CTX_free(SSL_CTX* ctx)
-{
-    SSL_ASSERT3(ctx);
-
-    ssl_cert_free(ctx->cert);
-
-    X509_free(ctx->client_CA);
-
-    if (ctx->ssl_alpn.alpn_string) {
-	 ssl_mem_free((void *)ctx->ssl_alpn.alpn_string);
-    }
-
-    ssl_mem_free(ctx);
-}
-
-/**
- * @brief set  the SSL context version
- */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
-{
-    SSL_ASSERT1(ctx);
-    SSL_ASSERT1(meth);
-
-    ctx->method = meth;
-
-    ctx->version = meth->version;
-
-    return 1;
-}
-
-/**
- * @brief get the SSL context current method
- */
-const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
-{
-    SSL_ASSERT2(ctx);
-
-    return ctx->method;
-}
-
-/**
- * @brief create a SSL
- */
-SSL *SSL_new(SSL_CTX *ctx)
-{
-    int ret = 0;
-    SSL *ssl;
-
-    if (!ctx) {
-        SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no ctx");
-        return NULL;
-    }
-
-    ssl = (SSL *)ssl_mem_zalloc(sizeof(SSL));
-    if (!ssl) {
-        SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ssl)");
-        goto failed1;
-    }
-
-    ssl->session = SSL_SESSION_new();
-    if (!ssl->session) {
-        SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_SESSION_new() return NULL");
-        goto failed2;
-    }
-
-    ssl->cert = __ssl_cert_new(ctx->cert);
-    if (!ssl->cert) {
-        SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__ssl_cert_new() return NULL");
-        goto failed3;
-    }
-
-    ssl->client_CA = __X509_new(ctx->client_CA);
-    if (!ssl->client_CA) {
-        SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__X509_new() return NULL");
-        goto failed4;
-    }
-
-    ssl->ctx = ctx;
-    ssl->method = ctx->method;
-
-    ssl->version = ctx->version;
-    ssl->options = ctx->options;
-
-    ssl->verify_mode = ctx->verify_mode;
-
-    ret = SSL_METHOD_CALL(new, ssl);
-    if (ret) {
-        SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
-        goto failed5;
-    }
-
-    ssl->rwstate = SSL_NOTHING;
-
-    return ssl;
-
-failed5:
-    X509_free(ssl->client_CA);
-failed4:
-    ssl_cert_free(ssl->cert);
-failed3:
-    SSL_SESSION_free(ssl->session);
-failed2:
-    ssl_mem_free(ssl);
-failed1:
-    return NULL;
-}
-
-/**
- * @brief free the SSL
- */
-void SSL_free(SSL *ssl)
-{
-    SSL_ASSERT3(ssl);
-
-    SSL_METHOD_CALL(free, ssl);
-
-    X509_free(ssl->client_CA);
-
-    ssl_cert_free(ssl->cert);
-
-    SSL_SESSION_free(ssl->session);
-
-    ssl_mem_free(ssl);
-}
-
-/**
- * @brief perform the SSL handshake
- */
-int SSL_do_handshake(SSL *ssl)
-{
-    int ret;
-
-    SSL_ASSERT1(ssl);
-
-    ret = SSL_METHOD_CALL(handshake, ssl);
-
-    return ret;
-}
-
-/**
- * @brief connect to the remote SSL server
- */
-int SSL_connect(SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return SSL_do_handshake(ssl);
-}
-
-/**
- * @brief accept the remote connection
- */
-int SSL_accept(SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return SSL_do_handshake(ssl);
-}
-
-/**
- * @brief shutdown the connection
- */
-int SSL_shutdown(SSL *ssl)
-{
-    int ret;
-
-    SSL_ASSERT1(ssl);
-
-    if (SSL_get_state(ssl) != TLS_ST_OK) return 1;
-
-    ret = SSL_METHOD_CALL(shutdown, ssl);
-
-    return ret;
-}
-
-/**
- * @brief reset the SSL
- */
-int SSL_clear(SSL *ssl)
-{
-    int ret;
-
-    SSL_ASSERT1(ssl);
-
-    ret = SSL_shutdown(ssl);
-    if (1 != ret) {
-        SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret);
-        goto failed1;
-    }
-
-    SSL_METHOD_CALL(free, ssl);
-
-    ret = SSL_METHOD_CALL(new, ssl);
-    if (!ret) {
-        SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
-        goto failed1;
-    }
-
-    return 1;
-
-failed1:
-    return ret;
-}
-
-/**
- * @brief read data from to remote
- */
-int SSL_read(SSL *ssl, void *buffer, int len)
-{
-    int ret;
-
-    SSL_ASSERT1(ssl);
-    SSL_ASSERT1(buffer);
-    SSL_ASSERT1(len);
-
-    ssl->rwstate = SSL_READING;
-
-    ret = SSL_METHOD_CALL(read, ssl, buffer, len);
-
-    if (ret == len)
-        ssl->rwstate = SSL_NOTHING;
-
-    return ret;
-}
-
-/**
- * @brief send the data to remote
- */
-int SSL_write(SSL *ssl, const void *buffer, int len)
-{
-    int ret;
-    int send_bytes;
-    const unsigned char *pbuf;
-
-    SSL_ASSERT1(ssl);
-    SSL_ASSERT1(buffer);
-    SSL_ASSERT1(len);
-
-    ssl->rwstate = SSL_WRITING;
-
-    send_bytes = len;
-    pbuf = (const unsigned char *)buffer;
-
-    do {
-        int bytes;
-
-        if (send_bytes > SSL_SEND_DATA_MAX_LENGTH)
-            bytes = SSL_SEND_DATA_MAX_LENGTH;
-        else
-            bytes = send_bytes;
-
-        ret = SSL_METHOD_CALL(send, ssl, pbuf, bytes);
-        if (ret > 0) {
-            pbuf += ret;
-            send_bytes -= ret;
-        }
-    } while (ret > 0 && send_bytes);
-
-    if (ret >= 0) {
-        ret = len - send_bytes;
-        ssl->rwstate = SSL_NOTHING;
-    } else
-        ret = -1;
-
-    return ret;
-}
-
-/**
- * @brief get SSL context of the SSL
- */
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
-{
-    SSL_ASSERT2(ssl);
-
-    return ssl->ctx;
-}
-
-/**
- * @brief get the SSL current method
- */
-const SSL_METHOD *SSL_get_ssl_method(SSL *ssl)
-{
-    SSL_ASSERT2(ssl);
-
-    return ssl->method;
-}
-
-/**
- * @brief set the SSL method
- */
-int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method)
-{
-    int ret;
-
-    SSL_ASSERT1(ssl);
-    SSL_ASSERT1(method);
-
-    if (ssl->version != method->version) {
-
-        ret = SSL_shutdown(ssl);
-        if (1 != ret) {
-            SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret);
-            goto failed1;
-        }
-
-        SSL_METHOD_CALL(free, ssl);
-
-        ssl->method = method;
-
-        ret = SSL_METHOD_CALL(new, ssl);
-        if (!ret) {
-            SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
-            goto failed1;
-        }
-    } else {
-        ssl->method = method;
-    }
-
-
-    return 1;
-
-failed1:
-    return ret;
-}
-
-/**
- * @brief get SSL shutdown mode
- */
-int SSL_get_shutdown(const SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return ssl->shutdown;
-}
-
-/**
- * @brief set SSL shutdown mode
- */
-void SSL_set_shutdown(SSL *ssl, int mode)
-{
-    SSL_ASSERT3(ssl);
-
-    ssl->shutdown = mode;
-}
-
-
-/**
- * @brief get the number of the bytes to be read
- */
-int SSL_pending(const SSL *ssl)
-{
-    int ret;
-
-    SSL_ASSERT1(ssl);
-
-    ret = SSL_METHOD_CALL(pending, ssl);
-
-    return ret;
-}
-
-/**
- * @brief check if some data can be read
- */
-int SSL_has_pending(const SSL *ssl)
-{
-    int ret;
-
-    SSL_ASSERT1(ssl);
-
-    if (SSL_pending(ssl))
-        ret = 1;
-    else
-        ret = 0;
-
-    return ret;
-}
-
-/**
- * @brief clear the SSL context option bit of "op"
- */
-unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
-{
-    SSL_ASSERT1(ctx);
-
-    return ctx->options &= ~op;
-}
-
-/**
- * @brief get the SSL context option
- */
-unsigned long SSL_CTX_get_options(SSL_CTX *ctx)
-{
-    SSL_ASSERT1(ctx);
-
-    return ctx->options;
-}
-
-/**
- * @brief set the option of the SSL context
- */
-unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt)
-{
-    SSL_ASSERT1(ctx);
-
-    return ctx->options |= opt;
-}
-
-/**
- * @brief clear SSL option
- */
-unsigned long SSL_clear_options(SSL *ssl, unsigned long op)
-{
-    SSL_ASSERT1(ssl);
-
-    return ssl->options & ~op;
-}
-
-/**
- * @brief get SSL option
- */
-unsigned long SSL_get_options(SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return ssl->options;
-}
-
-/**
- * @brief clear SSL option
- */
-unsigned long SSL_set_options(SSL *ssl, unsigned long op)
-{
-    SSL_ASSERT1(ssl);
-
-    return ssl->options |= op;
-}
-
-/**
- * @brief get the socket handle of the SSL
- */
-int SSL_get_fd(const SSL *ssl)
-{
-    int ret;
-
-    SSL_ASSERT1(ssl);
-
-    ret = SSL_METHOD_CALL(get_fd, ssl, 0);
-
-    return ret;
-}
-
-/**
- * @brief get the read only socket handle of the SSL
- */
-int SSL_get_rfd(const SSL *ssl)
-{
-    int ret;
-
-    SSL_ASSERT1(ssl);
-
-    ret = SSL_METHOD_CALL(get_fd, ssl, 0);
-
-    return ret;
-}
-
-/**
- * @brief get the write only socket handle of the SSL
- */
-int SSL_get_wfd(const SSL *ssl)
-{
-    int ret;
-
-    SSL_ASSERT1(ssl);
-
-    ret = SSL_METHOD_CALL(get_fd, ssl, 0);
-
-    return ret;
-}
-
-/**
- * @brief bind the socket file description into the SSL
- */
-int SSL_set_fd(SSL *ssl, int fd)
-{
-    SSL_ASSERT1(ssl);
-    SSL_ASSERT1(fd >= 0);
-
-    SSL_METHOD_CALL(set_fd, ssl, fd, 0);
-
-    return 1;
-}
-
-/**
- * @brief bind the read only socket file description into the SSL
- */
-int SSL_set_rfd(SSL *ssl, int fd)
-{
-    SSL_ASSERT1(ssl);
-    SSL_ASSERT1(fd >= 0);
-
-    SSL_METHOD_CALL(set_fd, ssl, fd, 0);
-
-    return 1;
-}
-
-/**
- * @brief bind the write only socket file description into the SSL
- */
-int SSL_set_wfd(SSL *ssl, int fd)
-{
-    SSL_ASSERT1(ssl);
-    SSL_ASSERT1(fd >= 0);
-
-    SSL_METHOD_CALL(set_fd, ssl, fd, 0);
-
-    return 1;
-}
-
-/**
- * @brief SET TLS Hostname
- */
-int SSL_set_tlsext_host_name(SSL* ssl, const char *hostname)
-{
-     SSL_ASSERT1(ssl);
-     SSL_ASSERT1(hostname);
-
-     SSL_METHOD_CALL(set_hostname, ssl, hostname);
-
-     return 1;
-}
-
-/**
- * @brief get SSL version
- */
-int SSL_version(const SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return ssl->version;
-}
-
-/**
- * @brief get the SSL version string
- */
-static const char* ssl_protocol_to_string(int version)
-{
-    const char *str;
-
-    if (version == TLS1_2_VERSION)
-        str = "TLSv1.2";
-    else if (version == TLS1_1_VERSION)
-        str = "TLSv1.1";
-    else if (version == TLS1_VERSION)
-        str = "TLSv1";
-    else if (version == SSL3_VERSION)
-        str = "SSLv3";
-    else
-        str = "unknown";
-
-    return str;
-}
-
-/**
- * @brief get the SSL current version
- */
-const char *SSL_get_version(const SSL *ssl)
-{
-    SSL_ASSERT2(ssl);
-
-    return ssl_protocol_to_string(SSL_version(ssl));
-}
-
-/**
- * @brief get alert description string
- */
-const char* SSL_alert_desc_string(int value)
-{
-    const char *str;
-
-    switch (value & 0xff)
-    {
-        case SSL3_AD_CLOSE_NOTIFY:
-            str = "CN";
-            break;
-        case SSL3_AD_UNEXPECTED_MESSAGE:
-            str = "UM";
-            break;
-        case SSL3_AD_BAD_RECORD_MAC:
-            str = "BM";
-            break;
-        case SSL3_AD_DECOMPRESSION_FAILURE:
-            str = "DF";
-            break;
-        case SSL3_AD_HANDSHAKE_FAILURE:
-            str = "HF";
-            break;
-        case SSL3_AD_NO_CERTIFICATE:
-            str = "NC";
-            break;
-        case SSL3_AD_BAD_CERTIFICATE:
-            str = "BC";
-            break;
-        case SSL3_AD_UNSUPPORTED_CERTIFICATE:
-            str = "UC";
-            break;
-        case SSL3_AD_CERTIFICATE_REVOKED:
-            str = "CR";
-            break;
-        case SSL3_AD_CERTIFICATE_EXPIRED:
-            str = "CE";
-            break;
-        case SSL3_AD_CERTIFICATE_UNKNOWN:
-            str = "CU";
-            break;
-        case SSL3_AD_ILLEGAL_PARAMETER:
-            str = "IP";
-            break;
-        case TLS1_AD_DECRYPTION_FAILED:
-            str = "DC";
-            break;
-        case TLS1_AD_RECORD_OVERFLOW:
-            str = "RO";
-            break;
-        case TLS1_AD_UNKNOWN_CA:
-            str = "CA";
-            break;
-        case TLS1_AD_ACCESS_DENIED:
-            str = "AD";
-            break;
-        case TLS1_AD_DECODE_ERROR:
-            str = "DE";
-            break;
-        case TLS1_AD_DECRYPT_ERROR:
-            str = "CY";
-            break;
-        case TLS1_AD_EXPORT_RESTRICTION:
-            str = "ER";
-            break;
-        case TLS1_AD_PROTOCOL_VERSION:
-            str = "PV";
-            break;
-        case TLS1_AD_INSUFFICIENT_SECURITY:
-            str = "IS";
-            break;
-        case TLS1_AD_INTERNAL_ERROR:
-            str = "IE";
-            break;
-        case TLS1_AD_USER_CANCELLED:
-            str = "US";
-            break;
-        case TLS1_AD_NO_RENEGOTIATION:
-            str = "NR";
-            break;
-        case TLS1_AD_UNSUPPORTED_EXTENSION:
-            str = "UE";
-            break;
-        case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
-            str = "CO";
-            break;
-        case TLS1_AD_UNRECOGNIZED_NAME:
-            str = "UN";
-            break;
-        case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
-            str = "BR";
-            break;
-        case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
-            str = "BH";
-            break;
-        case TLS1_AD_UNKNOWN_PSK_IDENTITY:
-            str = "UP";
-            break;
-        default:
-            str = "UK";
-            break;
-    }
-
-    return str;
-}
-
-/**
- * @brief get alert description long string
- */
-const char* SSL_alert_desc_string_long(int value)
-{
-    const char *str;
-
-    switch (value & 0xff)
-    {
-        case SSL3_AD_CLOSE_NOTIFY:
-            str = "close notify";
-            break;
-        case SSL3_AD_UNEXPECTED_MESSAGE:
-            str = "unexpected_message";
-            break;
-        case SSL3_AD_BAD_RECORD_MAC:
-            str = "bad record mac";
-            break;
-        case SSL3_AD_DECOMPRESSION_FAILURE:
-            str = "decompression failure";
-            break;
-        case SSL3_AD_HANDSHAKE_FAILURE:
-            str = "handshake failure";
-            break;
-        case SSL3_AD_NO_CERTIFICATE:
-            str = "no certificate";
-            break;
-        case SSL3_AD_BAD_CERTIFICATE:
-            str = "bad certificate";
-            break;
-        case SSL3_AD_UNSUPPORTED_CERTIFICATE:
-            str = "unsupported certificate";
-            break;
-        case SSL3_AD_CERTIFICATE_REVOKED:
-            str = "certificate revoked";
-            break;
-        case SSL3_AD_CERTIFICATE_EXPIRED:
-            str = "certificate expired";
-            break;
-        case SSL3_AD_CERTIFICATE_UNKNOWN:
-            str = "certificate unknown";
-            break;
-        case SSL3_AD_ILLEGAL_PARAMETER:
-            str = "illegal parameter";
-            break;
-        case TLS1_AD_DECRYPTION_FAILED:
-            str = "decryption failed";
-            break;
-        case TLS1_AD_RECORD_OVERFLOW:
-            str = "record overflow";
-            break;
-        case TLS1_AD_UNKNOWN_CA:
-            str = "unknown CA";
-            break;
-        case TLS1_AD_ACCESS_DENIED:
-            str = "access denied";
-            break;
-        case TLS1_AD_DECODE_ERROR:
-            str = "decode error";
-            break;
-        case TLS1_AD_DECRYPT_ERROR:
-            str = "decrypt error";
-            break;
-        case TLS1_AD_EXPORT_RESTRICTION:
-            str = "export restriction";
-            break;
-        case TLS1_AD_PROTOCOL_VERSION:
-            str = "protocol version";
-            break;
-        case TLS1_AD_INSUFFICIENT_SECURITY:
-            str = "insufficient security";
-            break;
-        case TLS1_AD_INTERNAL_ERROR:
-            str = "internal error";
-            break;
-        case TLS1_AD_USER_CANCELLED:
-            str = "user canceled";
-            break;
-        case TLS1_AD_NO_RENEGOTIATION:
-            str = "no renegotiation";
-            break;
-        case TLS1_AD_UNSUPPORTED_EXTENSION:
-            str = "unsupported extension";
-            break;
-        case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
-            str = "certificate unobtainable";
-            break;
-        case TLS1_AD_UNRECOGNIZED_NAME:
-            str = "unrecognized name";
-            break;
-        case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
-            str = "bad certificate status response";
-            break;
-        case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
-            str = "bad certificate hash value";
-            break;
-        case TLS1_AD_UNKNOWN_PSK_IDENTITY:
-            str = "unknown PSK identity";
-            break;
-        default:
-            str = "unknown";
-            break;
-    }
-
-    return str;
-}
-
-/**
- * @brief get alert type string
- */
-const char *SSL_alert_type_string(int value)
-{
-    const char *str;
-
-    switch (value >> 8)
-    {
-    case SSL3_AL_WARNING:
-        str = "W";
-        break;
-    case SSL3_AL_FATAL:
-        str = "F";
-        break;
-    default:
-        str = "U";
-        break;
-    }
-
-    return str;
-}
-
-/**
- * @brief get alert type long string
- */
-const char *SSL_alert_type_string_long(int value)
-{
-    const char *str;
-
-    switch (value >> 8)
-    {
-        case SSL3_AL_WARNING:
-            str = "warning";
-            break;
-        case SSL3_AL_FATAL:
-            str = "fatal";
-            break;
-        default:
-            str = "unknown";
-            break;
-    }
-
-    return str;
-}
-
-/**
- * @brief get the state string where SSL is reading
- */
-const char *SSL_rstate_string(SSL *ssl)
-{
-    const char *str;
-
-    SSL_ASSERT2(ssl);
-
-    switch (ssl->rlayer.rstate)
-    {
-        case SSL_ST_READ_HEADER:
-            str = "RH";
-            break;
-        case SSL_ST_READ_BODY:
-            str = "RB";
-            break;
-        case SSL_ST_READ_DONE:
-            str = "RD";
-            break;
-        default:
-            str = "unknown";
-            break;
-    }
-
-    return str;
-}
-
-/**
- * @brief get the statement long string where SSL is reading
- */
-const char *SSL_rstate_string_long(SSL *ssl)
-{
-    const char *str = "unknown";
-
-    SSL_ASSERT2(ssl);
-
-    switch (ssl->rlayer.rstate)
-    {
-        case SSL_ST_READ_HEADER:
-            str = "read header";
-            break;
-        case SSL_ST_READ_BODY:
-            str = "read body";
-            break;
-        case SSL_ST_READ_DONE:
-            str = "read done";
-            break;
-        default:
-            break;
-    }
-
-    return str;
-}
-
-/**
- * @brief get SSL statement string
- */
-const char *SSL_state_string(const SSL *ssl)
-{
-    const char *str = "UNKWN ";
-
-    SSL_ASSERT2(ssl);
-
-    if (ossl_statem_in_error(ssl))
-        str = "SSLERR";
-    else
-    {
-        switch (SSL_get_state(ssl))
-        {
-            case TLS_ST_BEFORE:
-                str = "PINIT ";
-                break;
-            case TLS_ST_OK:
-                str =  "SSLOK ";
-                break;
-            case TLS_ST_CW_CLNT_HELLO:
-                str = "TWCH";
-                break;
-            case TLS_ST_CR_SRVR_HELLO:
-                str = "TRSH";
-                break;
-            case TLS_ST_CR_CERT:
-                str = "TRSC";
-                break;
-            case TLS_ST_CR_KEY_EXCH:
-                str = "TRSKE";
-                break;
-            case TLS_ST_CR_CERT_REQ:
-                str = "TRCR";
-                break;
-            case TLS_ST_CR_SRVR_DONE:
-                str = "TRSD";
-                break;
-            case TLS_ST_CW_CERT:
-                str = "TWCC";
-                break;
-            case TLS_ST_CW_KEY_EXCH:
-                str = "TWCKE";
-                break;
-            case TLS_ST_CW_CERT_VRFY:
-                str = "TWCV";
-                break;
-            case TLS_ST_SW_CHANGE:
-            case TLS_ST_CW_CHANGE:
-                str = "TWCCS";
-                break;
-            case TLS_ST_SW_FINISHED:
-            case TLS_ST_CW_FINISHED:
-                str = "TWFIN";
-                break;
-            case TLS_ST_SR_CHANGE:
-            case TLS_ST_CR_CHANGE:
-                str = "TRCCS";
-                break;
-            case TLS_ST_SR_FINISHED:
-            case TLS_ST_CR_FINISHED:
-                str = "TRFIN";
-                break;
-            case TLS_ST_SW_HELLO_REQ:
-                str = "TWHR";
-                break;
-            case TLS_ST_SR_CLNT_HELLO:
-                str = "TRCH";
-                break;
-            case TLS_ST_SW_SRVR_HELLO:
-                str = "TWSH";
-                break;
-            case TLS_ST_SW_CERT:
-                str = "TWSC";
-                break;
-            case TLS_ST_SW_KEY_EXCH:
-                str = "TWSKE";
-                break;
-            case TLS_ST_SW_CERT_REQ:
-                str = "TWCR";
-                break;
-            case TLS_ST_SW_SRVR_DONE:
-                str = "TWSD";
-                break;
-            case TLS_ST_SR_CERT:
-                str = "TRCC";
-                break;
-            case TLS_ST_SR_KEY_EXCH:
-                str = "TRCKE";
-                break;
-            case TLS_ST_SR_CERT_VRFY:
-                str = "TRCV";
-                break;
-            case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
-                str = "DRCHV";
-                break;
-            case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
-                str = "DWCHV";
-                break;
-            default:
-                break;
-        }
-    }
-
-    return str;
-}
-
-/**
- * @brief get SSL statement long string
- */
-const char *SSL_state_string_long(const SSL *ssl)
-{
-    const char *str = "UNKWN ";
-
-    SSL_ASSERT2(ssl);
-
-    if (ossl_statem_in_error(ssl))
-        str = "SSLERR";
-    else
-    {
-        switch (SSL_get_state(ssl))
-        {
-            case TLS_ST_BEFORE:
-                str = "before SSL initialization";
-                break;
-            case TLS_ST_OK:
-                str = "SSL negotiation finished successfully";
-                break;
-            case TLS_ST_CW_CLNT_HELLO:
-                str = "SSLv3/TLS write client hello";
-                break;
-            case TLS_ST_CR_SRVR_HELLO:
-                str = "SSLv3/TLS read server hello";
-                break;
-            case TLS_ST_CR_CERT:
-                str = "SSLv3/TLS read server certificate";
-                break;
-            case TLS_ST_CR_KEY_EXCH:
-                str = "SSLv3/TLS read server key exchange";
-                break;
-            case TLS_ST_CR_CERT_REQ:
-                str = "SSLv3/TLS read server certificate request";
-                break;
-            case TLS_ST_CR_SESSION_TICKET:
-                str = "SSLv3/TLS read server session ticket";
-                break;
-            case TLS_ST_CR_SRVR_DONE:
-                str = "SSLv3/TLS read server done";
-                break;
-            case TLS_ST_CW_CERT:
-                str = "SSLv3/TLS write client certificate";
-                break;
-            case TLS_ST_CW_KEY_EXCH:
-                str = "SSLv3/TLS write client key exchange";
-                break;
-            case TLS_ST_CW_CERT_VRFY:
-                str = "SSLv3/TLS write certificate verify";
-                break;
-            case TLS_ST_CW_CHANGE:
-            case TLS_ST_SW_CHANGE:
-                str = "SSLv3/TLS write change cipher spec";
-                break;
-            case TLS_ST_CW_FINISHED:
-            case TLS_ST_SW_FINISHED:
-                str = "SSLv3/TLS write finished";
-                break;
-            case TLS_ST_CR_CHANGE:
-            case TLS_ST_SR_CHANGE:
-                str = "SSLv3/TLS read change cipher spec";
-                break;
-            case TLS_ST_CR_FINISHED:
-            case TLS_ST_SR_FINISHED:
-                str = "SSLv3/TLS read finished";
-                break;
-            case TLS_ST_SR_CLNT_HELLO:
-                str = "SSLv3/TLS read client hello";
-                break;
-            case TLS_ST_SW_HELLO_REQ:
-                str = "SSLv3/TLS write hello request";
-                break;
-            case TLS_ST_SW_SRVR_HELLO:
-                str = "SSLv3/TLS write server hello";
-                break;
-            case TLS_ST_SW_CERT:
-                str = "SSLv3/TLS write certificate";
-                break;
-            case TLS_ST_SW_KEY_EXCH:
-                str = "SSLv3/TLS write key exchange";
-                break;
-            case TLS_ST_SW_CERT_REQ:
-                str = "SSLv3/TLS write certificate request";
-                break;
-            case TLS_ST_SW_SESSION_TICKET:
-                str = "SSLv3/TLS write session ticket";
-                break;
-            case TLS_ST_SW_SRVR_DONE:
-                str = "SSLv3/TLS write server done";
-                break;
-            case TLS_ST_SR_CERT:
-                str = "SSLv3/TLS read client certificate";
-                break;
-            case TLS_ST_SR_KEY_EXCH:
-                str = "SSLv3/TLS read client key exchange";
-                break;
-            case TLS_ST_SR_CERT_VRFY:
-                str = "SSLv3/TLS read certificate verify";
-                break;
-            case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
-                str = "DTLS1 read hello verify request";
-                break;
-            case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
-                str = "DTLS1 write hello verify request";
-                break;
-            default:
-                break;
-        }
-    }
-
-    return str;
-}
-
-/**
- * @brief set the SSL context read buffer length
- */
-void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
-{
-    SSL_ASSERT3(ctx);
-
-    ctx->read_buffer_len = len;
-}
-
-/**
- * @brief set the SSL read buffer length
- */
-void SSL_set_default_read_buffer_len(SSL *ssl, size_t len)
-{
-    SSL_ASSERT3(ssl);
-    SSL_ASSERT3(len);
-
-    SSL_METHOD_CALL(set_bufflen, ssl, len);
-}
-
-/**
- * @brief set the SSL information callback function
- */
-void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val))
-{
-    SSL_ASSERT3(ssl);
-
-    ssl->info_callback = cb;
-}
-
-/**
- * @brief add SSL context reference count by '1'
- */
-int SSL_CTX_up_ref(SSL_CTX *ctx)
-{
-    SSL_ASSERT1(ctx);
-
-    /**
-     * no support multi-thread SSL here
-     */
-    ctx->references++;
-
-    return 1;
-}
-
-/**
- * @brief set the SSL security level
- */
-void SSL_set_security_level(SSL *ssl, int level)
-{
-    SSL_ASSERT3(ssl);
-
-    ssl->cert->sec_level = level;
-}
-
-/**
- * @brief get the SSL security level
- */
-int SSL_get_security_level(const SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return ssl->cert->sec_level;
-}
-
-/**
- * @brief get the SSL verifying mode of the SSL context
- */
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
-{
-    SSL_ASSERT1(ctx);
-
-    return ctx->verify_mode;
-}
-
-/**
- * @brief set the session timeout time
- */
-long SSL_CTX_set_timeout(SSL_CTX *ctx, long t)
-{
-    long l;
-
-    SSL_ASSERT1(ctx);
-
-    l = ctx->session_timeout;
-    ctx->session_timeout = t;
-
-    return l;
-}
-
-/**
- * @brief get the session timeout time
- */
-long SSL_CTX_get_timeout(const SSL_CTX *ctx)
-{
-    SSL_ASSERT1(ctx);
-
-    return ctx->session_timeout;
-}
-
-/**
- * @brief set the SSL if we can read as many as data
- */
-void SSL_set_read_ahead(SSL *ssl, int yes)
-{
-    SSL_ASSERT3(ssl);
-
-    ssl->rlayer.read_ahead = yes;
-}
-
-/**
- * @brief set the SSL context if we can read as many as data
- */
-void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes)
-{
-    SSL_ASSERT3(ctx);
-
-    ctx->read_ahead = yes;
-}
-
-/**
- * @brief get the SSL ahead signal if we can read as many as data
- */
-int SSL_get_read_ahead(const SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return ssl->rlayer.read_ahead;
-}
-
-/**
- * @brief get the SSL context ahead signal if we can read as many as data
- */
-long SSL_CTX_get_read_ahead(SSL_CTX *ctx)
-{
-    SSL_ASSERT1(ctx);
-
-    return ctx->read_ahead;
-}
-
-/**
- * @brief check if the SSL context can read as many as data
- */
-long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx)
-{
-    SSL_ASSERT1(ctx);
-
-    return ctx->read_ahead;
-}
-
-char *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx)
-{
-    SSL_ASSERT2(ctx);
-
-    return NULL;
-}
-
-int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg)
-{
-    SSL_ASSERT1(ctx);
-
-    return 0;
-}
-
-void *SSL_get_app_data(SSL *ssl)
-{
-    SSL_ASSERT2(ssl);
-
-    return NULL;
-}
-
-void SSL_set_app_data(SSL *ssl, void *arg)
-{
-    SSL_ASSERT3(ssl);
-}
-
-void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio)
-{
-    SSL_ASSERT3(ssl);
-
-    ssl->bio = rbio;
-}
-
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
-{
-    SSL_ASSERT1(1)
-
-    return -1;
-}
-
-/**
- * @brief set SSL session time
- */
-long SSL_set_time(SSL *ssl, long t)
-{
-    SSL_ASSERT1(ssl);
-
-    ssl->session->time = t;
-
-    return t;
-}
-
-/**
- * @brief set SSL session timeout time
- */
-long SSL_set_timeout(SSL *ssl, long t)
-{
-    SSL_ASSERT1(ssl);
-
-    ssl->session->timeout = t;
-
-    return t;
-}
-
-/**
- * @brief get the verifying result of the SSL certification
- */
-long SSL_get_verify_result(const SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return SSL_METHOD_CALL(get_verify_result, ssl);
-}
-
-/**
- * @brief get the SSL verifying depth of the SSL context
- */
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
-{
-    SSL_ASSERT1(ctx);
-
-    return ctx->param.depth;
-}
-
-/**
- * @brief set the SSL verify depth of the SSL context
- */
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
-{
-    SSL_ASSERT3(ctx);
-
-    ctx->param.depth = depth;
-}
-
-/**
- * @brief get the SSL verifying depth of the SSL
- */
-int SSL_get_verify_depth(const SSL *ssl)
-{
-    SSL_ASSERT1(ssl);
-
-    return ssl->param.depth;
-}
-
-/**
- * @brief set the SSL verify depth of the SSL
- */
-void SSL_set_verify_depth(SSL *ssl, int depth)
-{
-    SSL_ASSERT3(ssl);
-
-    ssl->param.depth = depth;
-}
-
-#define ESP_OPENSSL_VERIFYCB_IS_SUPPORTED 0
-/**
- * @brief set the SSL context verifying of the SSL context
- */
-void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *))
-{
-    SSL_ASSERT3(ctx);
-    if (verify_callback) {
-        SSL_ASSERT3(ESP_OPENSSL_VERIFYCB_IS_SUPPORTED);
-    }
-
-    ctx->verify_mode = mode;
-    ctx->default_verify_callback = verify_callback;
-}
-
-/**
- * @brief set the SSL verifying of the SSL context
- */
-void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *))
-{
-    SSL_ASSERT3(ssl);
-    if (verify_callback) {
-        SSL_ASSERT3(ESP_OPENSSL_VERIFYCB_IS_SUPPORTED);
-    }
-
-    ssl->verify_mode = mode;
-    ssl->verify_callback = verify_callback;
-}
-
-/**
- * @brief get the SSL verify callback from the context
- */
-openssl_verify_callback SSL_CTX_get_verify_callback(const SSL_CTX *ctx)
-{
-    SSL_ASSERT2(ctx);
-
-    return ctx->default_verify_callback;
-}
-
-/**
- * @brief get the SSL verify callback from ssl pointer
- */
-openssl_verify_callback SSL_get_verify_callback(const SSL *ssl)
-{
-    SSL_ASSERT2(ssl);
-
-    return ssl->verify_callback;
-}
-
-/**
- * @brief set the ALPN protocols in the preferred order. SSL APIs require the
- * protocols in a <length><value><length2><value2> format. mbedtls doesn't need
- * that though. We sanitize that here itself. So convert from:
- * "\x02h2\x06spdy/1" to { {"h2"}, {"spdy/1}, {NULL}}
- */
-int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned protos_len)
-{
-     ctx->ssl_alpn.alpn_string = ssl_mem_zalloc(protos_len + 1);
-     if (! ctx->ssl_alpn.alpn_string) {
-	  return 1;
-     }
-     ctx->ssl_alpn.alpn_status = ALPN_ENABLE;
-     memcpy(ctx->ssl_alpn.alpn_string, protos, protos_len);
-
-     char *ptr = ctx->ssl_alpn.alpn_string;
-     int i;
-     /* Only running to 1 less than the actual size */
-     for (i = 0; i < ALPN_LIST_MAX - 1; i++) {
-	  char len = *ptr;
-	  *ptr = '\0'; // Overwrite the length to act as previous element's string terminator
-	  ptr++;
-	  protos_len--;
-	  ctx->ssl_alpn.alpn_list[i] = ptr;
-	  ptr += len;
-	  protos_len -= len;
-	  if (! protos_len) {
-	       i++;
-	       break;
-	  }
-     }
-     ctx->ssl_alpn.alpn_list[i] = NULL;
-     return 0;
-}
-
-/**
- * @brief Set the mode, but might assert if the related mode is not supported once session starts
- */
-uint32_t SSL_set_mode(SSL *ssl, uint32_t mode)
-{
-    ssl->mode |= mode;
-    return ssl->mode;
-}

components/openssl/library/ssl_methods.c

@@ -1,111 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "ssl_methods.h"
-#include "ssl_pm.h"
-
-/**
- * TLS method function collection
- */
-IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func,
-        ssl_pm_new, ssl_pm_free,
-        ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear,
-        ssl_pm_read, ssl_pm_send, ssl_pm_pending,
-        ssl_pm_set_fd, ssl_pm_set_hostname, ssl_pm_get_fd,
-        ssl_pm_set_bufflen,
-        ssl_pm_get_verify_result,
-        ssl_pm_get_state);
-
-/**
- * TLS or SSL client method collection
- */
-IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method);
-
-IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method);
-
-IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 0, TLS_method_func, TLSv1_1_client_method);
-
-IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method);
-
-IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method);
-
-/**
- * TLS or SSL server method collection
- */
-IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method);
-
-IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method);
-
-IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 1, TLS_method_func, TLSv1_2_server_method);
-
-IMPLEMENT_TLS_METHOD(TLS1_VERSION, 1, TLS_method_func, TLSv1_server_method);
-
-IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method);
-
-/**
- * TLS or SSL method collection
- */
-IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method);
-
-IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method);
-
-IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method);
-
-IMPLEMENT_TLS_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method);
-
-IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method);
-
-/**
- * @brief get X509 object method
- */
-IMPLEMENT_X509_METHOD(X509_method,
-            x509_pm_new, x509_pm_free,
-            x509_pm_load, x509_pm_show_info);
-
-/**
- * @brief get private key object method
- */
-IMPLEMENT_PKEY_METHOD(EVP_PKEY_method,
-            pkey_pm_new, pkey_pm_free,
-            pkey_pm_load);
-
-/**
- * @brief Generic SSL/TLS methods
- */
-const SSL_METHOD *SSLv23_method(void)
-{
-    return TLS_method();
-}
-
-const SSL_METHOD *SSLv23_server_method(void)
-{
-    return TLS_server_method();
-}
-
-const SSL_METHOD *SSLv23_client_method(void)
-{
-    return TLS_client_method();
-}
-
-int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version)
-{
-    ctx->min_version = version;
-    return 1;
-}
-
-int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version)
-{
-    ctx->max_version = version;
-    return 1;
-}

components/openssl/library/ssl_pkey.c

@@ -1,311 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "ssl_pkey.h"
-#include "ssl_methods.h"
-#include "ssl_dbg.h"
-#include "ssl_port.h"
-#include "openssl/bio.h"
-
-/**
- * @brief create a private key object according to input private key
- */
-EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
-{
-    int ret;
-    EVP_PKEY *pkey;
-
-    pkey = ssl_mem_zalloc(sizeof(EVP_PKEY));
-    if (!pkey) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "no enough memory > (pkey)");
-        goto no_mem;
-    }
-
-    pkey->ref_counter = 1;
-
-    if (ipk) {
-        pkey->method = ipk->method;
-    } else {
-        pkey->method = EVP_PKEY_method();
-    }
-
-    ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk);
-    if (ret) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(new) return %d", ret);
-        goto failed;
-    }
-
-    return pkey;
-
-failed:
-    ssl_mem_free(pkey);
-no_mem:
-    return NULL;
-}
-
-/**
- * @brief create a private key object
- */
-EVP_PKEY* EVP_PKEY_new(void)
-{
-    return __EVP_PKEY_new(NULL);
-}
-
-/**
- * @brief free a private key object
- */
-void EVP_PKEY_free(EVP_PKEY *pkey)
-{
-    SSL_ASSERT3(pkey);
-
-    if (--pkey->ref_counter > 0) {
-        return;
-    }
-
-    EVP_PKEY_METHOD_CALL(free, pkey);
-
-    ssl_mem_free(pkey);
-}
-
-/**
- * @brief load a character key context into system context. If '*a' is pointed to the
- *        private key, then load key into it. Or create a new private key object
- */
-EVP_PKEY *d2i_PrivateKey(int type,
-                         EVP_PKEY **a,
-                         const unsigned char **pp,
-                         long length)
-{
-    int m = 0;
-    int ret;
-    EVP_PKEY *pkey;
-
-    SSL_ASSERT2(pp);
-    SSL_ASSERT2(*pp);
-    SSL_ASSERT2(length);
-
-    if (a && *a) {
-        pkey = *a;
-    } else {
-        pkey = EVP_PKEY_new();;
-        if (!pkey) {
-            SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
-            goto failed1;
-        }
-
-        m = 1;
-    }
-
-    ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length);
-    if (ret) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
-        goto failed2;
-    }
-
-    if (a)
-        *a = pkey;
-
-    return pkey;
-
-failed2:
-    if (m)
-        EVP_PKEY_free(pkey);
-failed1:
-    return NULL;
-}
-
-EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
-{
-    return d2i_PrivateKey(0, a, (const unsigned char **)&bp->data, bp->dlen);
-}
-
-RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **a)
-{
-    return d2i_PrivateKey_bio(bp, (EVP_PKEY**)a);
-}
-
-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, pem_password_cb *cb, void *u)
-{
-    return PEM_read_bio_PrivateKey(bp, (EVP_PKEY**)x, cb, u);
-}
-
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **pk, pem_password_cb *cb, void *u)
-{
-
-    int m = 0;
-    int ret;
-    EVP_PKEY *x;
-
-    SSL_ASSERT2(BIO_method_type(bp) &  BIO_TYPE_MEM);
-    if (bp->data == NULL || bp->dlen == 0) {
-        return NULL;
-    }
-    if (pk && *pk) {
-        x = *pk;
-    } else {
-        x = EVP_PKEY_new();
-        if (!x) {
-            SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
-            goto failed;
-        }
-        m = 1;
-    }
-
-    ret = EVP_PKEY_METHOD_CALL(load, x, bp->data, bp->dlen);
-    if (ret) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
-        goto failed;
-    }
-
-    // If buffer successfully created a EVP_PKEY from the bio, mark the buffer as consumed
-    bp->data = NULL;
-    bp->dlen = 0;
-    return x;
-
-    failed:
-    if (m) {
-        EVP_PKEY_free(x);
-    }
-
-    return NULL;}
-/**
- * @brief set the SSL context private key
- */
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
-{
-    SSL_ASSERT1(ctx);
-    SSL_ASSERT1(pkey);
-
-    if (ctx->cert->pkey == pkey)
-        return 1;
-
-    if (ctx->cert->pkey)
-        EVP_PKEY_free(ctx->cert->pkey);
-
-    pkey->ref_counter++;
-    ctx->cert->pkey = pkey;
-
-    return 1;
-}
-
-/**
- * @brief set the SSL private key
- */
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
-{
-    SSL_ASSERT1(ssl);
-    SSL_ASSERT1(pkey);
-
-    if (ssl->cert->pkey == pkey)
-        return 1;
-
-    if (ssl->cert->pkey)
-        EVP_PKEY_free(ssl->cert->pkey);
-
-    ssl->cert->pkey = pkey;
-
-    return 1;
-}
-
-/**
- * @brief load private key into the SSL context
- */
-int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
-                                const unsigned char *d, long len)
-{
-    int ret;
-    EVP_PKEY *pk;
-
-    pk = d2i_PrivateKey(0, NULL, &d, len);
-    if (!pk) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
-        goto failed1;
-    }
-
-    ret = SSL_CTX_use_PrivateKey(ctx, pk);
-    if (!ret) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_PrivateKey() return %d", ret);
-        goto failed2;
-    }
-
-    return 1;
-
-failed2:
-    EVP_PKEY_free(pk);
-failed1:
-    return 0;
-}
-
-/**
- * @brief load private key into the SSL
- */
-int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
-                                const unsigned char *d, long len)
-{
-    int ret;
-    EVP_PKEY *pk;
-
-    pk = d2i_PrivateKey(0, NULL, &d, len);
-    if (!pk) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
-        goto failed1;
-    }
-
-    ret = SSL_use_PrivateKey(ssl, pk);
-    if (!ret) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_PrivateKey() return %d", ret);
-        goto failed2;
-    }
-
-    return 1;
-
-failed2:
-    EVP_PKEY_free(pk);
-failed1:
-    return 0;
-}
-
-#define ESP_OPENSSL_FILES_IS_SUPPORTED 0
-/**
- * @brief load the private key file into SSL context
- */
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-{
-    // Using file name as private key is discouraged
-    SSL_ASSERT1(ESP_OPENSSL_FILES_IS_SUPPORTED);
-    return -1;
-}
-
-/**
- * @brief load the private key file into SSL
- */
-int SSL_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-{
-    // Using file name as private key is discouraged
-    SSL_ASSERT1(ESP_OPENSSL_FILES_IS_SUPPORTED);
-    return -1;
-}
-
-/**
- * @brief load the RSA ASN1 private key into SSL context
- */
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
-{
-    return SSL_CTX_use_PrivateKey_ASN1(0, ctx, d, len);
-}
-
-void RSA_free (RSA *r)
-{
-    EVP_PKEY_free(r);
-}

components/openssl/library/ssl_stack.c

@@ -1,97 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "ssl_stack.h"
-#include "ssl_dbg.h"
-#include "ssl_port.h"
-
-#ifndef CONFIG_MIN_NODES
-    #define MIN_NODES 4
-#else
-    #define MIN_NODES CONFIG_MIN_NODES
-#endif
-
-/**
- * @brief create a openssl stack object
- */
-typedef struct stack_st_tag {
-    size_t num;
-    void **data;
-} _STACK;
-
-
-GENERAL_NAME *sk_GENERAL_NAME_value(const struct stack_st_GENERAL_NAME *sk, size_t i)
-{
-    if (!sk || i >= ((_STACK*)sk)->num) {
-        return NULL;
-    }
-    return ((_STACK*)sk)->data[i];
-}
-
-
-size_t sk_GENERAL_NAME_num(const struct stack_st_GENERAL_NAME *sk)
-{
-    if (sk == NULL) {
-        return 0;
-    }
-    return ((_STACK*)sk)->num;
-}
-
-OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c)
-{
-    OPENSSL_STACK *stack;
-    char **data;
-
-    stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK));
-    if (!stack) {
-        SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (stack)");
-        goto no_mem1;
-    }
-
-    data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES);
-    if (!data) {
-        SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (data)");
-        goto no_mem2;
-    }
-
-    stack->data = data;
-    stack->num_alloc = MIN_NODES;
-    stack->c = c;
-
-    return stack;
-
-no_mem2:
-    ssl_mem_free(stack);
-no_mem1:
-    return NULL;
-}
-
-/**
- * @brief create a NULL function openssl stack object
- */
-OPENSSL_STACK *OPENSSL_sk_new_null(void)
-{
-    return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL);
-}
-
-/**
- * @brief free openssl stack object
- */
-void OPENSSL_sk_free(OPENSSL_STACK *stack)
-{
-    SSL_ASSERT3(stack);
-
-    ssl_mem_free(stack->data);
-    ssl_mem_free(stack);
-}

components/openssl/library/ssl_x509.c

@@ -1,401 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#include "ssl_x509.h"
-#include "ssl_methods.h"
-#include "ssl_dbg.h"
-#include "ssl_port.h"
-#include "bio.h"
-
-/**
- * @brief show X509 certification information
- */
-int __X509_show_info(X509 *x)
-{
-    return X509_METHOD_CALL(show_info, x);
-}
-
-/**
- * @brief create a X509 certification object according to input X509 certification
- */
-X509* __X509_new(X509 *ix)
-{
-    int ret;
-    X509 *x;
-
-    x = ssl_mem_zalloc(sizeof(X509));
-    if (!x) {
-        SSL_DEBUG(SSL_X509_ERROR_LEVEL, "no enough memory > (x)");
-        goto no_mem;
-    }
-
-    x->ref_counter = 1;
-
-    if (ix &&  ix->method)
-        x->method = ix->method;
-    else
-        x->method = X509_method();
-
-    ret = X509_METHOD_CALL(new, x, ix);
-    if (ret) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(new) return %d", ret);
-        goto failed;
-    }
-
-    return x;
-
-failed:
-    ssl_mem_free(x);
-no_mem:
-    return NULL;
-}
-
-/**
- * @brief create a X509 certification object
- */
-X509* X509_new(void)
-{
-    return __X509_new(NULL);
-}
-
-/**
- * @brief free a X509 certification object
- */
-void X509_free(X509 *x)
-{
-    SSL_ASSERT3(x);
-
-    if (--x->ref_counter > 0) {
-        return;
-    }
-
-    X509_METHOD_CALL(free, x);
-
-    ssl_mem_free(x);
-};
-
-/**
- * @brief load a character certification context into system context. If '*cert' is pointed to the
- *        certification, then load certification into it. Or create a new X509 certification object
- */
-X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
-{
-    int m = 0;
-    int ret;
-    X509 *x;
-
-    SSL_ASSERT2(buffer);
-    SSL_ASSERT2(len);
-
-    if (cert && *cert) {
-        x = *cert;
-    } else {
-        x = X509_new();
-        if (!x) {
-            SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
-            goto failed1;
-        }
-        m = 1;
-    }
-
-    ret = X509_METHOD_CALL(load, x, buffer, len);
-    if (ret) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
-        goto failed2;
-    }
-
-    return x;
-
-failed2:
-    if (m)
-        X509_free(x);
-failed1:
-    return NULL;
-}
-
-/**
- * @brief return SSL X509 verify parameters
- */
-
-X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
-{
-    return &ssl->param;
-}
-
-/**
- * @brief set X509 host verification flags
- */
-
-int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
-                    unsigned long flags)
-{
-    /* flags not supported yet */
-    return 0;
-}
-
-/**
- * @brief clear X509 host verification flags
- */
-
-int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
-                      unsigned long flags)
-{
-    /* flags not supported yet */
-    return 0;
-}
-
-/**
- * @brief set SSL context client CA certification
- */
-int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
-{
-    SSL_ASSERT1(ctx);
-    SSL_ASSERT1(x);
-
-    if (ctx->client_CA == x)
-        return 1;
-
-    X509_free(ctx->client_CA);
-
-    ctx->client_CA = x;
-
-    return 1;
-}
-
-/**
- * @brief add CA client certification into the SSL
- */
-int SSL_add_client_CA(SSL *ssl, X509 *x)
-{
-    SSL_ASSERT1(ssl);
-    SSL_ASSERT1(x);
-
-    if (ssl->client_CA == x)
-        return 1;
-
-    X509_free(ssl->client_CA);
-
-    ssl->client_CA = x;
-
-    return 1;
-}
-
-/**
- * @brief set the SSL context certification
- */
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
-{
-    SSL_ASSERT1(ctx);
-    SSL_ASSERT1(x);
-
-    if (ctx->cert->x509 == x)
-        return 1;
-
-    X509_free(ctx->cert->x509);
-
-    ctx->cert->x509 = x;
-    x->ref_counter++;
-
-    return 1;
-}
-
-/**
- * @brief set the SSL certification
- */
-int SSL_use_certificate(SSL *ssl, X509 *x)
-{
-    SSL_ASSERT1(ssl);
-    SSL_ASSERT1(x);
-
-    if (ssl->cert->x509 == x)
-        return 1;
-
-    X509_free(ssl->cert->x509);
-
-    ssl->cert->x509 = x;
-
-    return 1;
-}
-
-long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x)
-{
-    return SSL_CTX_use_certificate(ctx, x);
-}
-
-/**
- * @brief get the SSL certification point
- */
-X509 *SSL_get_certificate(const SSL *ssl)
-{
-    SSL_ASSERT2(ssl);
-
-    return ssl->cert->x509;
-}
-
-/**
- * @brief load certification into the SSL context
- */
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
-                                 const unsigned char *d)
-{
-    int ret;
-    X509 *x;
-
-    x = d2i_X509(NULL, d, len);
-    if (!x) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
-        goto failed1;
-    }
-
-    ret = SSL_CTX_use_certificate(ctx, x);  // This uses the "x" so increments ref_count
-    if (!ret) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_certificate() return %d", ret);
-        goto failed2;
-    }
-
-    X509_free(x); // decrements ref_count, so in case of happy flow doesn't free the "x"
-    return 1;
-
-failed2:
-    X509_free(x);
-failed1:
-    return 0;
-}
-
-/**
- * @brief load certification into the SSL
- */
-int SSL_use_certificate_ASN1(SSL *ssl, int len,
-                             const unsigned char *d)
-{
-    int ret;
-    X509 *x;
-
-    x = d2i_X509(NULL, d, len);
-    if (!x) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
-        goto failed1;
-    }
-
-    ret = SSL_use_certificate(ssl, x);
-    if (!ret) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_certificate() return %d", ret);
-        goto failed2;
-    }
-
-    return 1;
-
-failed2:
-    X509_free(x);
-failed1:
-    return 0;
-}
-
-/**
- * @brief load the certification file into SSL context
- */
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
-{
-    return 0;
-}
-
-/**
- * @brief load the certification file into SSL
- */
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
-{
-    return 0;
-}
-
-/**
- * @brief get peer certification
- */
-X509 *SSL_get_peer_certificate(const SSL *ssl)
-{
-    SSL_ASSERT2(ssl);
-
-    return ssl->session->peer;
-}
-
-/**
- * @brief set SSL context client CA certification
- */
-int X509_STORE_add_cert(X509_STORE *store, X509 *x) {
-
-    x->ref_counter++;
-
-    SSL_CTX *ctx = (SSL_CTX *)store;
-    SSL_ASSERT1(ctx);
-    SSL_ASSERT1(x);
-
-    if (ctx->client_CA == x) {
-        return 1;
-    }
-
-    if (ctx->client_CA!=NULL) {
-        X509_free(ctx->client_CA);
-    }
-
-    ctx->client_CA = x;
-    return 1;
-}
-
-/**
- * @brief load a character certification context into system context.
- *
- * If '*cert' is pointed to the certification, then load certification
- * into it, or create a new X509 certification object.
- */
-X509 * PEM_read_bio_X509(BIO *bp, X509 **cert, pem_password_cb cb, void *u) {
-    int m = 0;
-    int ret;
-    X509 *x;
-
-    SSL_ASSERT2(BIO_method_type(bp) & BIO_TYPE_MEM);
-    if (bp->data == NULL || bp->dlen == 0) {
-        return NULL;
-    }
-    if (cert && *cert) {
-        x = *cert;
-    } else {
-        x = X509_new();
-        if (!x) {
-            SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
-            goto failed;
-        }
-        m = 1;
-    }
-
-    ret = X509_METHOD_CALL(load, x, bp->data, bp->dlen);
-    if (ret) {
-        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
-        goto failed;
-    }
-
-    // If buffer successfully created a X509 from the bio, mark the buffer as consumed
-    bp->data = NULL;
-    bp->dlen = 0;
-    return x;
-
-failed:
-    if (m) {
-        X509_free(x);
-    }
-
-    return NULL;
-}
-
-X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **cert, pem_password_cb *cb, void *u)
-{
-    return PEM_read_bio_X509(bp, cert, cb, u);
-}
-
-/**
- * @brief get the SSL context object X509 certification storage
- */
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
-    return (X509_STORE *)ctx;
-}

components/openssl/platform/ssl_pm.c

@@ -1,788 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "ssl_pm.h"
-#include "ssl_port.h"
-#include "ssl_dbg.h"
-
-/* mbedtls include */
-#include "mbedtls/platform.h"
-#include "mbedtls/net_sockets.h"
-#include "mbedtls/debug.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/error.h"
-#include "mbedtls/certs.h"
-#include "openssl/bio.h"
-#include "openssl/err.h"
-
-#define X509_INFO_STRING_LENGTH 8192
-
-struct ssl_pm
-{
-    /* local socket file description */
-    mbedtls_net_context fd;
-    /* remote client socket file description */
-    mbedtls_net_context cl_fd;
-
-    mbedtls_ssl_config conf;
-
-    mbedtls_ctr_drbg_context ctr_drbg;
-
-    mbedtls_ssl_context ssl;
-
-    mbedtls_entropy_context entropy;
-};
-
-struct x509_pm
-{
-    mbedtls_x509_crt *x509_crt;
-
-    mbedtls_x509_crt *ex_crt;
-};
-
-struct pkey_pm
-{
-    mbedtls_pk_context *pkey;
-
-    mbedtls_pk_context *ex_pkey;
-};
-
-unsigned int max_content_len;
-
-/*********************************************************************************************/
-/************************************ SSL arch interface *************************************/
-
-#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
-
-/* mbedtls debug level */
-#define MBEDTLS_DEBUG_LEVEL 4
-
-/**
- * @brief mbedtls debug function
- */
-static void ssl_platform_debug(void *ctx, int level,
-                     const char *file, int line,
-                     const char *str)
-{
-    /* Shorten 'file' from the whole file path to just the filename
-
-       This is a bit wasteful because the macros are compiled in with
-       the full _FILE_ path in each case.
-    */
-    char *file_sep = rindex(file, '/');
-    if(file_sep)
-        file = file_sep + 1;
-
-    SSL_DEBUG(SSL_DEBUG_ON, "%s:%d %s", file, line, str);
-}
-#endif
-
-static int mbedtls_bio_send(void *ctx, const unsigned char *buf, size_t len )
-{
-    BIO *bio = ctx;
-    int written = BIO_write(bio, buf, len);
-    if (written <= 0 && BIO_should_write(bio)) {
-        return MBEDTLS_ERR_SSL_WANT_WRITE;
-    }
-    return written;
-}
-
-static int mbedtls_bio_recv(void *ctx, unsigned char *buf, size_t len )
-{
-    BIO *bio = ctx;
-    int read = BIO_read(bio, buf, len);
-    if (read <= 0 && BIO_should_read(bio)) {
-        return MBEDTLS_ERR_SSL_WANT_READ;
-    }
-    return read;
-}
-
-static int ssl_pm_reload_crt(SSL *ssl);
-
-static int get_mbedtls_minor_ssl_version(int openssl_version_nr)
-{
-    if (TLS1_2_VERSION == openssl_version_nr)
-        return MBEDTLS_SSL_MINOR_VERSION_3;
-    if (TLS1_1_VERSION ==openssl_version_nr)
-        return MBEDTLS_SSL_MINOR_VERSION_2;
-    if (TLS1_VERSION == openssl_version_nr)
-        return MBEDTLS_SSL_MINOR_VERSION_1;
-    // SSLv3.0 otherwise
-    return MBEDTLS_SSL_MINOR_VERSION_0;
-}
-/**
- * @brief create SSL low-level object
- */
-int ssl_pm_new(SSL *ssl)
-{
-    struct ssl_pm *ssl_pm;
-    int ret;
-
-    const unsigned char pers[] = "OpenSSL PM";
-    size_t pers_len = sizeof(pers);
-
-    int endpoint;
-
-    const SSL_METHOD *method = ssl->method;
-
-    ssl_pm = ssl_mem_zalloc(sizeof(struct ssl_pm));
-    if (!ssl_pm) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (ssl_pm)");
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
-        goto no_mem;
-    }
-
-    max_content_len = ssl->ctx->read_buffer_len;
-
-    mbedtls_net_init(&ssl_pm->fd);
-    mbedtls_net_init(&ssl_pm->cl_fd);
-
-    mbedtls_ssl_config_init(&ssl_pm->conf);
-    mbedtls_ctr_drbg_init(&ssl_pm->ctr_drbg);
-    mbedtls_entropy_init(&ssl_pm->entropy);
-    mbedtls_ssl_init(&ssl_pm->ssl);
-
-    ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len);
-    if (ret) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ctr_drbg_seed() return -0x%x", -ret);
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_RAND, ret);
-        goto mbedtls_err1;
-    }
-
-    if (method->endpoint) {
-        endpoint = MBEDTLS_SSL_IS_SERVER;
-    } else {
-        endpoint = MBEDTLS_SSL_IS_CLIENT;
-    }
-    ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
-    if (ret) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_config_defaults() return -0x%x", -ret);
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_CONF, ret);
-        goto mbedtls_err2;
-    }
-
-    if (TLS_ANY_VERSION != ssl->version) {
-        int min_version = ssl->ctx->min_version ? ssl->ctx->min_version : ssl->version;
-        int max_version = ssl->ctx->max_version ? ssl->ctx->max_version : ssl->version;
-
-        mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, get_mbedtls_minor_ssl_version(max_version));
-        mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, get_mbedtls_minor_ssl_version(min_version));
-    } else {
-        mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
-        mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0);
-    }
-
-    if (ssl->ctx->ssl_alpn.alpn_status == ALPN_ENABLE) {
-#ifdef MBEDTLS_SSL_ALPN
-        mbedtls_ssl_conf_alpn_protocols( &ssl_pm->conf, ssl->ctx->ssl_alpn.alpn_list );
-#else
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "CONFIG_MBEDTLS_SSL_ALPN must be enabled to use ALPN", -1);
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_FATAL);
-#endif // MBEDTLS_SSL_ALPN
-    }
-    mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg);
-
-#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
-    mbedtls_debug_set_threshold(MBEDTLS_DEBUG_LEVEL);
-    mbedtls_ssl_conf_dbg(&ssl_pm->conf, ssl_platform_debug, NULL);
-#else
-    mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL);
-#endif
-
-    ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf);
-    if (ret) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_setup() return -0x%x", -ret);
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_CONF, ret);
-        goto mbedtls_err2;
-    }
-
-    mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL);
-
-    ssl->ssl_pm = ssl_pm;
-    ret = ssl_pm_reload_crt(ssl);
-    if (ret)
-        return 0;
-
-    return 0;
-
-mbedtls_err2:
-    mbedtls_ssl_config_free(&ssl_pm->conf);
-    mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
-mbedtls_err1:
-    mbedtls_entropy_free(&ssl_pm->entropy);
-    ssl_mem_free(ssl_pm);
-no_mem:
-    return -1;
-}
-
-/**
- * @brief free SSL low-level object
- */
-void ssl_pm_free(SSL *ssl)
-{
-    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
-
-    mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg);
-    mbedtls_entropy_free(&ssl_pm->entropy);
-    mbedtls_ssl_config_free(&ssl_pm->conf);
-    mbedtls_ssl_free(&ssl_pm->ssl);
-
-    ssl_mem_free(ssl_pm);
-    ssl->ssl_pm = NULL;
-}
-
-/**
- * @brief reload SSL low-level certification object
- */
-static int ssl_pm_reload_crt(SSL *ssl)
-{
-    int ret;
-    int mode = MBEDTLS_SSL_VERIFY_UNSET;
-    struct ssl_pm *ssl_pm = ssl->ssl_pm;
-    struct x509_pm *ca_pm = (struct x509_pm *)ssl->client_CA->x509_pm;
-
-    struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
-    struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
-
-/* OpenSSL verification modes outline (see `man SSL_set_verify` for more details)
- *
- * | openssl mode    | Server                                     | Client                                    |
- * | SSL_VERIFY_NONE | will not send a client certificate request |  server certificate which will be checked |
- *                                                                   handshake  will be continued regardless  |
- * | SSL_VERIFY_PEER | depends on SSL_VERIFY_FAIL_IF_NO_PEER_CERT |  handshake is terminated if verify fails  |
- *                                                                   (unless anonymous ciphers--not supported |
- * | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | handshake is terminated if |   ignored                                 |
- *                                     client cert verify fails   |                                           |
- */
-    if (ssl->method->endpoint == MBEDTLS_SSL_IS_SERVER) {
-        if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
-            mode = MBEDTLS_SSL_VERIFY_REQUIRED;
-        else if (ssl->verify_mode & SSL_VERIFY_PEER)
-            mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
-        else if (ssl->verify_mode == SSL_VERIFY_NONE)
-            mode = MBEDTLS_SSL_VERIFY_NONE;
-    } else if (ssl->method->endpoint == MBEDTLS_SSL_IS_CLIENT) {
-        if (ssl->verify_mode & SSL_VERIFY_PEER)
-            mode = MBEDTLS_SSL_VERIFY_REQUIRED;
-        else if (ssl->verify_mode == SSL_VERIFY_NONE)
-            mode = MBEDTLS_SSL_VERIFY_NONE;
-    }
-
-    mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode);
-
-    if (ca_pm->x509_crt) {
-        mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL);
-    } else if (ca_pm->ex_crt) {
-        mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->ex_crt, NULL);
-    }
-
-    if (crt_pm->x509_crt && pkey_pm->pkey) {
-        ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->x509_crt, pkey_pm->pkey);
-    } else if (crt_pm->ex_crt && pkey_pm->ex_pkey) {
-        ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->ex_crt, pkey_pm->ex_pkey);
-    } else {
-        ret = 0;
-    }
-
-    if (ret) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_conf_own_cert() return -0x%x", -ret);
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_X509, ret);
-        ret = -1;
-    }
-
-    return ret;
-}
-
-/*
- * Perform the mbedtls SSL handshake instead of mbedtls_ssl_handshake.
- * We can add debug here.
- */
-static int mbedtls_handshake( mbedtls_ssl_context *ssl )
-{
-    int ret = 0;
-
-    while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
-        ret = mbedtls_ssl_handshake_step(ssl);
-
-        SSL_DEBUG(SSL_PLATFORM_DEBUG_LEVEL, "ssl ret %d state %d", ret, ssl->state);
-
-        if (ret != 0)
-            break;
-    }
-
-    return ret;
-}
-
-int ssl_pm_handshake(SSL *ssl)
-{
-    int ret;
-    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
-
-    if (ssl->bio) {
-        // if using BIO, make sure the mode is supported
-        SSL_ASSERT1(ssl->mode & (SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER));
-        mbedtls_ssl_set_bio(&ssl_pm->ssl, ssl->bio, mbedtls_bio_send, mbedtls_bio_recv, NULL);
-    } else {
-        // defaults to SSL_read/write using a file descriptor -- expects default mode
-        SSL_ASSERT1(ssl->mode == 0);
-    }
-
-    ret = ssl_pm_reload_crt(ssl);
-    if (ret)
-        return 0;
-
-    ssl_speed_up_enter();
-
-    while((ret = mbedtls_handshake(&ssl_pm->ssl)) != 0) {
-        if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
-           // exit handshake in case of any other error
-           break;
-        } else if (ssl->bio) {
-           // exit even if wanted read/write if BIO used
-            if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
-                ssl->rwstate = SSL_READING;
-            } else if (ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
-                ssl->rwstate = SSL_WRITING;
-            }
-            return ret;
-        }
-    }
-
-    ssl_speed_up_exit();
-    ssl->rwstate = SSL_NOTHING;
-    if (ret) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_handshake() return -0x%x", -ret);
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
-        ret = 0;
-    } else {
-        struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm;
-
-        x509_pm->ex_crt = (mbedtls_x509_crt *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl);
-        ret = 1;
-    }
-
-    return ret;
-}
-
-int ssl_pm_shutdown(SSL *ssl)
-{
-    int ret;
-    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
-
-    ret = mbedtls_ssl_close_notify(&ssl_pm->ssl);
-    if (ret) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_close_notify() return -0x%x", -ret);
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
-        ret = -1;
-    } else {
-        struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm;
-
-        x509_pm->ex_crt = NULL;
-    }
-
-    return ret;
-}
-
-int ssl_pm_clear(SSL *ssl)
-{
-    return ssl_pm_shutdown(ssl);
-}
-
-
-int ssl_pm_read(SSL *ssl, void *buffer, int len)
-{
-    int ret;
-    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
-
-    ret = mbedtls_ssl_read(&ssl_pm->ssl, buffer, len);
-    if (ret < 0) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_read() return -0x%x", -ret);
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
-        ret = -1;
-    }
-
-    return ret;
-}
-
-int ssl_pm_send(SSL *ssl, const void *buffer, int len)
-{
-    int ret;
-    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
-
-    ret = mbedtls_ssl_write(&ssl_pm->ssl, buffer, len);
-    if (ret < 0) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_write() return -0x%x", -ret);
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
-        ret = -1;
-    }
-
-    return ret;
-}
-
-int ssl_pm_pending(const SSL *ssl)
-{
-    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
-
-    return mbedtls_ssl_get_bytes_avail(&ssl_pm->ssl);
-}
-
-void ssl_pm_set_fd(SSL *ssl, int fd, int mode)
-{
-    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
-
-    ssl_pm->fd.fd = fd;
-}
-
-void ssl_pm_set_hostname(SSL *ssl, const char *hostname)
-{
-    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
-
-    mbedtls_ssl_set_hostname(&ssl_pm->ssl, hostname);
-}
-
-int ssl_pm_get_fd(const SSL *ssl, int mode)
-{
-    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
-
-    return ssl_pm->fd.fd;
-}
-
-OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl)
-{
-    OSSL_HANDSHAKE_STATE state;
-
-    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
-
-    switch (ssl_pm->ssl.state)
-    {
-        case MBEDTLS_SSL_CLIENT_HELLO:
-            state = TLS_ST_CW_CLNT_HELLO;
-            break;
-        case MBEDTLS_SSL_SERVER_HELLO:
-            state = TLS_ST_SW_SRVR_HELLO;
-            break;
-        case MBEDTLS_SSL_SERVER_CERTIFICATE:
-            state = TLS_ST_SW_CERT;
-            break;
-        case MBEDTLS_SSL_SERVER_HELLO_DONE:
-            state = TLS_ST_SW_SRVR_DONE;
-            break;
-        case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
-            state = TLS_ST_CW_KEY_EXCH;
-            break;
-        case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
-            state = TLS_ST_CW_CHANGE;
-            break;
-        case MBEDTLS_SSL_CLIENT_FINISHED:
-            state = TLS_ST_CW_FINISHED;
-            break;
-        case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
-            state = TLS_ST_SW_CHANGE;
-            break;
-        case MBEDTLS_SSL_SERVER_FINISHED:
-            state = TLS_ST_SW_FINISHED;
-            break;
-        case MBEDTLS_SSL_CLIENT_CERTIFICATE:
-            state = TLS_ST_CW_CERT;
-            break;
-        case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
-            state = TLS_ST_SR_KEY_EXCH;
-            break;
-        case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:
-            state = TLS_ST_SW_SESSION_TICKET;
-            break;
-        case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:
-            state = TLS_ST_SW_CERT_REQ;
-            break;
-        case MBEDTLS_SSL_HANDSHAKE_OVER:
-            state = TLS_ST_OK;
-            break;
-        default :
-            state = TLS_ST_BEFORE;
-            break;
-    }
-
-    return state;
-}
-
-int x509_pm_show_info(X509 *x)
-{
-    int ret;
-    char *buf;
-    mbedtls_x509_crt *x509_crt;
-    struct x509_pm *x509_pm = x->x509_pm;
-
-    if (x509_pm->x509_crt)
-        x509_crt = x509_pm->x509_crt;
-    else if (x509_pm->ex_crt)
-        x509_crt = x509_pm->ex_crt;
-    else
-        x509_crt = NULL;
-
-    if (!x509_crt)
-        return -1;
-
-    buf = ssl_mem_malloc(X509_INFO_STRING_LENGTH);
-    if (!buf) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (buf)");
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
-        goto no_mem;
-    }
-
-    ret = mbedtls_x509_crt_info(buf, X509_INFO_STRING_LENGTH - 1, "", x509_crt);
-    if (ret <= 0) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_info() return -0x%x", -ret);
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_X509, ret);
-        goto mbedtls_err1;
-    }
-
-    buf[ret] = 0;
-
-    ssl_mem_free(buf);
-
-    SSL_DEBUG(SSL_DEBUG_ON, "%s", buf);
-
-    return 0;
-
-mbedtls_err1:
-    ssl_mem_free(buf);
-no_mem:
-    return -1;
-}
-
-int x509_pm_new(X509 *x, X509 *m_x)
-{
-    struct x509_pm *x509_pm;
-
-    x509_pm = ssl_mem_zalloc(sizeof(struct x509_pm));
-    if (!x509_pm) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm)");
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
-        goto failed1;
-    }
-
-    x->x509_pm = x509_pm;
-
-    if (m_x) {
-        struct x509_pm *m_x509_pm = (struct x509_pm *)m_x->x509_pm;
-
-        x509_pm->ex_crt = m_x509_pm->x509_crt;
-    }
-
-    return 0;
-
-failed1:
-    return -1;
-}
-
-void x509_pm_free(X509 *x)
-{
-    struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm;
-
-    if (x509_pm->x509_crt) {
-        mbedtls_x509_crt_free(x509_pm->x509_crt);
-
-        ssl_mem_free(x509_pm->x509_crt);
-        x509_pm->x509_crt = NULL;
-    }
-
-    ssl_mem_free(x->x509_pm);
-    x->x509_pm = NULL;
-}
-
-int x509_pm_load(X509 *x, const unsigned char *buffer, int len)
-{
-    int ret;
-    unsigned char *load_buf;
-    struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm;
-
-	if (x509_pm->x509_crt)
-        mbedtls_x509_crt_free(x509_pm->x509_crt);
-
-    if (!x509_pm->x509_crt) {
-        x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt));
-        if (!x509_pm->x509_crt) {
-            SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm->x509_crt)");
-            OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
-            goto no_mem;
-        }
-    }
-
-    load_buf = ssl_mem_malloc(len + 1);
-    if (!load_buf) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
-        goto failed;
-    }
-
-    ssl_memcpy(load_buf, buffer, len);
-    load_buf[len] = '\0';
-
-    mbedtls_x509_crt_init(x509_pm->x509_crt);
-
-    ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1);
-    ssl_mem_free(load_buf);
-
-    if (ret) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_parse return -0x%x", -ret);
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_X509, ret);
-        goto failed;
-    }
-
-    return 0;
-
-failed:
-    mbedtls_x509_crt_free(x509_pm->x509_crt);
-    ssl_mem_free(x509_pm->x509_crt);
-    x509_pm->x509_crt = NULL;
-no_mem:
-    return -1;
-}
-
-int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey)
-{
-    struct pkey_pm *pkey_pm;
-
-    pkey_pm = ssl_mem_zalloc(sizeof(struct pkey_pm));
-    if (!pkey_pm)
-        return -1;
-
-    pk->pkey_pm = pkey_pm;
-
-    if (m_pkey) {
-        struct pkey_pm *m_pkey_pm = (struct pkey_pm *)m_pkey->pkey_pm;
-
-        pkey_pm->ex_pkey = m_pkey_pm->pkey;
-    }
-
-    return 0;
-}
-
-void pkey_pm_free(EVP_PKEY *pk)
-{
-    struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm;
-
-    if (pkey_pm->pkey) {
-        mbedtls_pk_free(pkey_pm->pkey);
-
-        ssl_mem_free(pkey_pm->pkey);
-        pkey_pm->pkey = NULL;
-    }
-
-    ssl_mem_free(pk->pkey_pm);
-    pk->pkey_pm = NULL;
-}
-
-int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len)
-{
-    int ret;
-    unsigned char *load_buf;
-    struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm;
-
-    if (pkey_pm->pkey)
-        mbedtls_pk_free(pkey_pm->pkey);
-
-    if (!pkey_pm->pkey) {
-        pkey_pm->pkey = ssl_mem_malloc(sizeof(mbedtls_pk_context));
-        if (!pkey_pm->pkey) {
-            SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (pkey_pm->pkey)");
-            OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
-            goto no_mem;
-        }
-    }
-
-    load_buf = ssl_mem_malloc(len + 1);
-    if (!load_buf) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_SYS, ERR_R_MALLOC_FAILURE);
-        goto failed;
-    }
-
-    ssl_memcpy(load_buf, buffer, len);
-    load_buf[len] = '\0';
-
-    mbedtls_pk_init(pkey_pm->pkey);
-
-    ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len + 1, NULL, 0);
-    ssl_mem_free(load_buf);
-
-    if (ret) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_pk_parse_key return -0x%x", -ret);
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_PKCS8, ret);
-        goto failed;
-    }
-
-    return 0;
-
-failed:
-    mbedtls_pk_free(pkey_pm->pkey);
-    ssl_mem_free(pkey_pm->pkey);
-    pkey_pm->pkey = NULL;
-no_mem:
-    return -1;
-}
-
-
-
-void ssl_pm_set_bufflen(SSL *ssl, int len)
-{
-    max_content_len = len;
-}
-
-long ssl_pm_get_verify_result(const SSL *ssl)
-{
-    uint32_t ret;
-    long verify_result;
-    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
-
-    ret = mbedtls_ssl_get_verify_result(&ssl_pm->ssl);
-    if (ret) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_get_verify_result() return 0x%x", ret);
-        OPENSSL_PUT_LIB_ERROR(ERR_LIB_SSL, ret);
-        verify_result = X509_V_ERR_UNSPECIFIED;
-    } else
-        verify_result = X509_V_OK;
-
-    return verify_result;
-}
-
-/**
- * @brief set expected hostname on peer cert CN
- */
-int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
-                                const char *name, size_t namelen)
-{
-    SSL *ssl = (SSL *)((char *)param - offsetof(SSL, param));
-    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
-    char *name_cstr = NULL;
-
-    if (namelen) {
-        name_cstr = malloc(namelen + 1);
-        if (!name_cstr) {
-            return 0;
-        }
-        memcpy(name_cstr, name, namelen);
-        name_cstr[namelen] = '\0';
-        name = name_cstr;
-    }
-
-    mbedtls_ssl_set_hostname(&ssl_pm->ssl, name);
-
-    if (namelen) {
-        free(name_cstr);
-    }
-
-    return 1;
-}

components/openssl/platform/ssl_port.c

@@ -1,28 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "ssl_port.h"
-
-/*********************************************************************************************/
-/********************************* SSL general interface *************************************/
-
-void *ssl_mem_zalloc(size_t size)
-{
-    void *p = malloc(size);
-
-    if (p)
-        memset(p, 0, size);
-
-    return p;
-}

components/openssl/test/CMakeLists.txt

@@ -1,2 +0,0 @@
-idf_component_register(SRC_DIRS "."
-                    PRIV_REQUIRES cmock test_utils openssl)

components/openssl/test/test_openssl.c

@@ -1,152 +0,0 @@
-/* Copyright (c) 2014, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING
-#include "openssl/ssl.h"
-#include "unity.h"
-
-/**
- * @brief This simple test suite is taken from OpenSSL err_test.cc and bio_test.cc, the relevant test
- * cases were adopted to the supported fraction of OpenSSL port in esp-idf
- */
-
-//
-// Basic error stack support and test
-//
-#define ERR_NUM_ERRORS 4
-
-TEST_CASE("ErrTest, Overflow", "[openssl]")
-{
-
-    for (unsigned i = 0; i < ERR_NUM_ERRORS*2; i++) {
-        ERR_put_error(1, 0 /* unused */, i+1, "test", 1);
-    }
-
-    for (unsigned i = 0; i < ERR_NUM_ERRORS - 1; i++) {
-        uint32_t err = ERR_get_error();
-        /* Errors are returned in order they were pushed, with the least recent ones
-         * removed, up to |ERR_NUM_ERRORS - 1| errors. So the errors returned are
-         * |ERR_NUM_ERRORS + 2| through |ERR_NUM_ERRORS * 2|, inclusive. */
-        TEST_ASSERT_NOT_EQUAL(0u, err);
-        TEST_ASSERT_EQUAL(i + ERR_NUM_ERRORS + 2, ERR_GET_REASON(err));
-    }
-
-    TEST_ASSERT_EQUAL(0u, ERR_get_error());
-}
-
-TEST_CASE("ErrTest, PutError", "[openssl]")
-{
-    TEST_ASSERT_EQUAL(0u, ERR_get_error()); // ERR_get_error returned value before an error was added.
-
-    ERR_put_error(1, 0 /* unused */, 2, "test", 4);
-
-    int peeked_line, line, peeked_flags, flags;
-    const char *peeked_file, *file, *peeked_data, *data;
-    uint32_t peeked_packed_error =
-            ERR_peek_error_line_data(&peeked_file, &peeked_line, &peeked_data,
-                                     &peeked_flags);
-    uint32_t packed_error = ERR_get_error_line_data(&file, &line, &data, &flags);
-
-    TEST_ASSERT_EQUAL(peeked_packed_error, packed_error);
-    TEST_ASSERT_EQUAL(peeked_file, file);
-
-    TEST_ASSERT_EQUAL_STRING("test", file);
-    TEST_ASSERT_EQUAL(4, line);
-    TEST_ASSERT_EQUAL(1, ERR_GET_LIB(packed_error));
-    TEST_ASSERT_EQUAL(2, ERR_GET_REASON(packed_error));
-}
-
-TEST_CASE("ErrTest, ClearError", "[openssl]")
-{
-    TEST_ASSERT_EQUAL(0u, ERR_get_error()); // ERR_get_error returned value before an error was added.
-
-    ERR_put_error(1, 0 /* unused */, 2, "test", 4);
-    ERR_clear_error();
-
-    // The error queue should be cleared.
-    TEST_ASSERT_EQUAL(0u, ERR_get_error());
-}
-
-//
-// Simplified BIO support and check
-//
-TEST_CASE("BioTest, TestPair", "[openssl]")
-{
-    BIO *bio1, *bio2;
-    TEST_ASSERT_NOT_EQUAL(0, BIO_new_bio_pair(&bio1, 10, &bio2, 10));
-    TEST_ASSERT_EQUAL(BIO_ctrl_get_write_guarantee(bio1), 10);
-
-    // Data written in one end may be read out the other.
-    char buf[20];
-    TEST_ASSERT_EQUAL(5, BIO_write(bio1, "12345", 5));
-    TEST_ASSERT_EQUAL(5, BIO_ctrl_get_write_guarantee(bio1));
-    TEST_ASSERT_EQUAL(5, BIO_read(bio2, buf, sizeof(buf)));
-    TEST_ASSERT_EQUAL_UINT8_ARRAY("12345", buf, 5);
-    TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1));
-
-    // Attempting to write more than 10 bytes will write partially.
-    TEST_ASSERT_EQUAL(10, BIO_write(bio1, "1234567890___", 13));
-    TEST_ASSERT_EQUAL(0, BIO_ctrl_get_write_guarantee(bio1));
-    TEST_ASSERT_EQUAL(-1, BIO_write(bio1, "z", 1));
-    TEST_ASSERT_TRUE(BIO_should_write(bio1));
-    TEST_ASSERT_EQUAL(10, BIO_read(bio2, buf, sizeof(buf)));
-    TEST_ASSERT_EQUAL_UINT8_ARRAY("1234567890", buf, 10);
-    TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1));
-
-    // Unsuccessful reads update the read request.
-    TEST_ASSERT_EQUAL(-1, BIO_read(bio2, buf, 5));
-    TEST_ASSERT_TRUE(BIO_should_read(bio2));
-
-    // The read request is clamped to the size of the buffer.
-    TEST_ASSERT_EQUAL(-1, BIO_read(bio2, buf, 20));
-    TEST_ASSERT_TRUE(BIO_should_read(bio2));
-
-    // Data may be written and read in chunks.
-    TEST_ASSERT_EQUAL(BIO_write(bio1, "12345", 5), 5);
-    TEST_ASSERT_EQUAL(5, BIO_ctrl_get_write_guarantee(bio1));
-    TEST_ASSERT_EQUAL(5, BIO_write(bio1, "67890___", 8));
-    TEST_ASSERT_EQUAL(0, BIO_ctrl_get_write_guarantee(bio1));
-    TEST_ASSERT_EQUAL(3, BIO_read(bio2, buf, 3));
-    TEST_ASSERT_EQUAL_UINT8_ARRAY("123", buf, 3);
-    TEST_ASSERT_EQUAL(3, BIO_ctrl_get_write_guarantee(bio1));
-    TEST_ASSERT_EQUAL(7, BIO_read(bio2, buf, sizeof(buf)));
-    TEST_ASSERT_EQUAL_UINT8_ARRAY("4567890", buf, 7);
-    TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1));
-
-    // Test writes and reads starting in the middle of the ring buffer and
-    // wrapping to front.
-    TEST_ASSERT_EQUAL(8, BIO_write(bio1, "abcdefgh", 8));
-    TEST_ASSERT_EQUAL(2, BIO_ctrl_get_write_guarantee(bio1));
-    TEST_ASSERT_EQUAL(3, BIO_read(bio2, buf, 3));
-    TEST_ASSERT_EQUAL_UINT8_ARRAY("abc", buf, 3);
-    TEST_ASSERT_EQUAL(5, BIO_ctrl_get_write_guarantee(bio1));
-    TEST_ASSERT_EQUAL(5, BIO_write(bio1, "ijklm___", 8));
-    TEST_ASSERT_EQUAL(0, BIO_ctrl_get_write_guarantee(bio1));
-    TEST_ASSERT_EQUAL(10, BIO_read(bio2, buf, sizeof(buf)));
-    TEST_ASSERT_EQUAL_UINT8_ARRAY("defghijklm", buf, 10);
-    TEST_ASSERT_EQUAL(10, BIO_ctrl_get_write_guarantee(bio1));
-
-    // Data may flow from both ends in parallel.
-    TEST_ASSERT_EQUAL(5, BIO_write(bio1, "12345", 5));
-    TEST_ASSERT_EQUAL(5, BIO_write(bio2, "67890", 5));
-    TEST_ASSERT_EQUAL(5, BIO_read(bio2, buf, sizeof(buf)));
-    TEST_ASSERT_EQUAL_UINT8_ARRAY("12345", buf, 5);
-    TEST_ASSERT_EQUAL(5, BIO_read(bio1, buf, sizeof(buf)));
-    TEST_ASSERT_EQUAL_UINT8_ARRAY("67890", buf, 5);
-
-    // Other tests below not imported since BIO_shutdown_wr() not supported
-    // - Closing the write end causes an EOF on the read half, after draining.
-    // - A closed write end may not be written to.
-    // - The other end is still functional.
-}

docs/en/api-reference/protocols/index.rst

@@ -18,7 +18,6 @@ Application Protocols
     esp_https_server
     icmp_echo
     mdns
-    openssl_apis
     
 Code examples for this API section are provided in the :example:`protocols` directory of ESP-IDF examples.
 

docs/en/api-reference/protocols/openssl_apis.rst

@@ -1,1801 +0,0 @@
-OpenSSL-APIs 
-------------
-
-.. note:: The OpenSSL-API will be discontinued in ESP-IDF from v5.0. Please use ESP-TLS <esp_tls> instead.
-
-The code of this API (located in :component:`openssl` directory), does not contain OpenSSL itself but is intended as a wrapper for applications using the OpenSSL API.
-It uses mbedTLS to do the actual work, so anyone compiling openssl code needs the mbedtls library and header file.
-
-OpenSSL APIs not mentioned in this article are not open to public for the time,
-also do not have the corresponding function.
-If user calls it directly, it will always return an error or may show cannot link at compiling time.
-
-Chapter Introduction
-====================
-
-- Chapter 1. SSL Context Method Create
-- Chapter 2. SSL Context Function
-- Chapter 3. SSL Function
-- Chapter 4. SSL X509 Certification and Private Key Function
-
-
-Chapter 1. SSL Context Method Create 
-====================================
-
-.. highlight:: none
-
-1.1 const SSL_METHOD* ``SSLv3_client_method`` (void)
-
-    Arguments::
-    
-        none
-    
-    Return::
-    
-        SSLV3.0 version SSL context client method point
-    
-    Description::
-    
-        create the target SSL context method
-    
-    Example::
-    
-        void example(void)
-        {
-            const SSL_METHOD *method = SSLv3_client_method();
- 
-            ...
-        }
-
-1.2 const SSL_METHOD* ``TLSv1_client_method`` (void)
-
-    Arguments::
-    
-        none
-    
-    Return::
-    
-        TLSV1.0 version SSL context client method point
-    
-    Description::
-    
-        create the target SSL context method
-    
-    Example::
-    
-        void example(void)
-        {
-            const SSL_METHOD *method = TLSv1_client_method();
- 
-            ...
-        }
-
-1.3 const SSL_METHOD* ``TLSv1_1_client_method`` (void)
-
-    Arguments::
-    
-        none
-    
-    Return::
-    
-        TLSV1.1 version SSL context client method point
-    
-    Description::
-    
-        create the target SSL context method
-    
-    Example::
-    
-        void example(void)
-        {
-            const SSL_METHOD *method = TLSv1_1_client_method();
- 
-            ...
-        }
-
-1.4 const SSL_METHOD* ``TLSv1_2_client_method`` (void)
-
-    Arguments::
-    
-       none
-    
-    Return::
-    
-       TLSV1.2 version SSL context client method point
-    
-    Description::
-    
-       create the target SSL context method
-    
-    Example::
-    
-        void example(void)
-        {
-            const SSL_METHOD *method = TLSv1_2_client_method();
- 
-            ...
-        }
-        
-1.5 const SSL_METHOD* ``TLS_client_method`` (void)
-
-    Arguments::
-    
-       none
-    
-    Return::
-    
-       TLSV1.2 version SSL context client method point
-    
-    Description::
-    
-       create the default SSL context method, it's always to be TLSV1.2
-    
-    Example::
-    
-        void example(void)
-        {
-            const SSL_METHOD *method = TLSv1_2_client_method();
- 
-            ...
-        }        
-
-1.6 const SSL_METHOD* ``SSLv3_server_method`` (void)
-
-    Arguments::
-    
-        none
-    
-    Return::
-    
-        SSLV3.0 version SSL context server method point
-    
-    Description::
-    
-        create the target SSL context method
-    
-    Example::
-    
-        void example(void)
-        {
-            const SSL_METHOD *method = SSLv3_server_method();
- 
-            ...
-        }
-
-1.7 const SSL_METHOD* ``TLSv1_server_method`` (void)
-
-    Arguments::
-    
-        none
-    
-    Return::
-    
-        TLSV1.0 version SSL context server method point
-    
-    Description::
-    
-        create the target SSL context method
-    
-    Example::
-    
-        void example(void)
-        {
-            const SSL_METHOD *method = TLSv1_server_method();
- 
-            ...
-        }
-
-1.8 const SSL_METHOD* ``TLSv1_1_server_method`` (void)
-
-    Arguments::
-    
-        none
-    
-    Return::
-    
-        TLSV1.1 version SSL context server method point
-    
-    Description::
-    
-        create the target SSL context method
-    
-    Example::
-    
-        void example(void)
-        {
-            const SSL_METHOD *method = TLSv1_1_server_method();
- 
-            ...
-        }
-
-
-1.9 const SSL_METHOD* ``TLSv1_2_server_method`` (void)
-
-    Arguments::
-    
-        none
-    
-    Return::
-    
-        TLSV1.2 version SSL context server method point
-    
-    Description::
-    
-        create the target SSL context method
-    
-    Example::
-    
-        void example(void)
-        {
-            const SSL_METHOD *method = TLSv1_2_server_method();
- 
-            ...
-        }
-
-1.10 const SSL_METHOD* ``TLS_server_method`` (void)
-
-    Arguments::
-    
-        none
-    
-    Return::
-    
-        TLSV1.2 version SSL context server method point
-    
-    Description::
-    
-        create the default SSL context method, it's always to be TLSV1.2
-    
-    Example::
-    
-        void example(void)
-        {
-            const SSL_METHOD *method = TLSv1_2_server_method();
- 
-            ...
-        }
-
-
-Chapter 2. SSL Context Function
-===============================
-
-
-2.1 SSL_CTX* ``SSL_CTX_new`` (const SSL_METHOD * method)
-
-    Arguments::
-    
-        method - the SSL context method point
-    
-    Return::
-    
-        context point
-    
-    Description::
-    
-        create a SSL context
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL_CTX *ctx = SSL_CTX_new(SSLv3_server_method());
- 
-            ...
-        }
-
-
-2.2 ``void SSL_CTX_free`` (SSL_CTX * ctx)
-
-    Arguments::
-    
-        ctx - the SSL context point
-    
-    Return::
-    
-        none
-    
-    Description::
-    
-        free a SSL context
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL_CTX *ctx;
-        
-            ... ...
-            
-            SSL_CTX_free(ctx);
-        }
-
-
-2.3 ``int SSL_CTX_set_ssl_version`` (SSL_CTX * ctx, const SSL_METHOD * meth)
-
-    Arguments::
-    
-        ctx  - SSL context point
-        meth - SSL method point
-    
-    Return::
-    
-        1 : OK
-        0 : failed
-    
-    Description::
-    
-        set the SSL context version
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL_CTX *ctx;
-            const SSL_METHOD *meth;
-            
-            ... ...
-            
-            SSL_CTX_set_ssl_version(ctx, meth);    
-        }
-
-
-2.4 const SSL_METHOD* ``SSL_CTX_get_ssl_method`` (SSL_CTX * ctx)
-
-    Arguments::
-    
-        ctx - SSL context point
-    
-    Return::
-    
-        SSL context method
-    
-    Description::
-    
-        get the SSL context method
-    
-    Example::
-    
-        void example(void)
-        {
-            const SSL_METHOD *method;
-            SSL_CTX *ctx;
-            
-            ... ...
-                
-            method = SSL_CTX_get_ssl_method(ctx);    
-        }
-
-
-
-Chapter 3. SSL Function
-=======================
-
-
-3.1 SSL* ``SSL_new`` (SSL_CTX * ctx)
-
-    Arguments::
-    
-        ctx - SSL context point
-    
-    Return::
-    
-        SSL method
-    
-    Description::
-    
-        create a SSL
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            SSL_CTX *ctx;
-
-            ... ...
-   
-            ssl = SSL_new(ctx);
-        }
-
-
-3.2 void ``SSL_free`` (SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        none
-    
-    Description::
-    
-        free SSL
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            
-            ... ...
-            
-            SSL_free(ssl);
-        }
-        
-
-3.3 int ``SSL_do_handshake`` (SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        1 : OK
-        0 : failed, connect is close by remote
-       -1 : a error catch
-    
-    Description::
-    
-        perform the SSL handshake
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            int ret;
-            
-            ... ...
-            
-            ret = SSL_do_handshake(ssl);
-        }
-
-
-3.4 int ``SSL_connect`` (SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        1 : OK
-        0 : failed, connect is close by remote
-       -1 : a error catch
-    
-    Description::
-    
-        connect to the remote SSL server
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            int ret;
-            
-            ... ...
-            
-            ret = SSL_connect(ssl);
-        }
-
-
-3.5 int ``SSL_accept`` (SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        1 : OK
-        0 : failed, connect is close by remote
-       -1 : a error catch
-    
-    Description::
-    
-        accept the remote connection
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            int ret;
-            
-            ... ...
-            
-            ret = SSL_accept(ssl);
-        }
-
-
-3.6 int ``SSL_shutdown`` (SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        1 : OK
-        0 : failed, connect is close by remote
-       -1 : a error catch
-    
-    Description::
-    
-        shutdown the connection
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            int ret;
-            
-            ... ...
-            
-            ret = SSL_shutdown(ssl);
-        }
-
-
-3.7 int ``SSL_clear`` (SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        1 : OK
-        0 : failed
-        
-    Description::
-    
-        shutdown the connection
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            int ret;
-            
-            ... ...
-            
-            ret = SSL_clear(ssl);
-        }
-
-
-3.8 int ``SSL_read`` (SSL * ssl, void * buffer, int len)
-
-    Arguments::
-    
-        ssl    - point
-        buffer - data buffer point
-        len    - data length
-    
-    Return::
-    
-        > 0 : OK, and return received data bytes
-        = 0 : no data received or connection is closed
-        < 0 : an error catch
-        
-    Description::
-    
-        read data from remote
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            char *buf;
-            int len;
-            int ret;
-            
-            ... ...
-            
-            ret = SSL_read(ssl, buf, len);
-        }
-
-3.9 int ``SSL_write`` (SSL * ssl, const void * buffer, int len)
-
-    Arguments::
-    
-        ssl    - SSL point
-        buffer - data buffer point
-        len    - data length
-    
-    Return::
-    
-        > 0 : OK, and return received data bytes
-        = 0 : no data sent or connection is closed
-        < 0 : an error catch
-        
-    Description::
-    
-        send the data to remote
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            char *buf;
-            int len;
-            int ret;
-            
-            ... ...
-            
-            ret = SSL_write(ssl, buf, len);
-        }
-
-
-3.10 ``SSL_CTX *SSL_get_SSL_CTX`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        SSL context
-        
-    Description::
-    
-        get SSL context of the SSL
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            SSL_CTX *ctx;
-            
-            ... ...
-            
-            ctx = SSL_get_SSL_CTX(ssl);
-        }
-
-
-3.11 int ``SSL_get_shutdown`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        shutdown mode
-        
-    Description::
-    
-        get SSL shutdown mode
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            int mode;
-            
-            ... ...
-            
-            mode = SSL_get_SSL_CTX(ssl);
-        }
-
-
-3.12 void ``SSL_set_shutdown`` (SSL * ssl, int mode)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        shutdown mode
-        
-    Description::
-    
-        set SSL shutdown mode
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            int mode = 0;
-            
-            ... ...
-            
-            SSL_set_shutdown(ssl, mode);
-        }
-
-
-3.13 const SSL_METHOD* ``SSL_get_ssl_method`` (SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        SSL method
-        
-    Description::
-    
-        set SSL shutdown mode
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            const SSL_METHOD *method;
-            
-            ... ...
-            
-            method = SSL_get_ssl_method(ssl);
-        }
-        
-
-3.14 int ``SSL_set_ssl_method`` (SSL * ssl, const SSL_METHOD * method)
-
-    Arguments::
-    
-        ssl  - SSL point
-        meth - SSL method point
-    
-    Return::
-    
-        1 : OK
-        0 : failed
-        
-    Description::
-    
-        set the SSL method
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL *ssl;
-            const SSL_METHOD *method;
-            
-            ... ...
-            
-            ret = SSL_set_ssl_method(ssl, method);
-        }
-
-
-3.15 int ``SSL_pending`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        data bytes
-        
-    Description::
-    
-        get received data bytes
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL *ssl;
-            
-            ... ...
-            
-            ret = SSL_pending(ssl);
-        }
-
-
-3.16 int ``SSL_has_pending`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        1 : Yes
-        0 : No
-        
-    Description::
-    
-        check if data is received
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL *ssl;
-            
-            ... ...
-            
-            ret = SSL_has_pending(ssl);
-        }
-
-
-3.17 int ``SSL_get_fd`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        >= 0 : socket id
-         < 0 : a error catch
-        
-    Description::
-    
-        get the socket of the SSL
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL *ssl;
-            
-            ... ...
-            
-            ret = SSL_get_fd(ssl);
-        }
-
-
-3.18 int ``SSL_get_rfd`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        >= 0 : socket id
-         < 0 : a error catch
-        
-    Description::
-    
-        get the read only socket of the SSL
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL *ssl;
-            
-            ... ...
-            
-            ret = SSL_get_rfd(ssl);
-        }
-
-
-3.19 int ``SSL_get_wfd`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        >= 0 : socket id
-         < 0 : a error catch
-        
-    Description::
-    
-        get the write only socket of the SSL
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL *ssl;
-            
-            ... ...
-            
-            ret = SSL_get_wfd(ssl);
-        }
-
-
-3.20 int ``SSL_set_fd`` (SSL * ssl, int fd)
-
-    Arguments::
-    
-        ssl - SSL point
-        fd  - socket id
-    
-    Return::
-    
-        1 : OK
-        0 : failed
-        
-    Description::
-    
-        set socket to SSL
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL *ssl;
-            int socket;
-                        
-            ... ...
-            
-            ret = SSL_set_fd(ssl, socket);
-        }
-
-
-3.21 int ``SSL_set_rfd`` (SSL * ssl, int fd)
-
-    Arguments::
-    
-        ssl - SSL point
-        fd  - socket id
-    
-    Return::
-    
-        1 : OK
-        0 : failed
-        
-    Description::
-    
-        set read only socket to SSL
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL *ssl;
-            int socket;
-                        
-            ... ...
-            
-            ret = SSL_set_rfd(ssl, socket);
-        }
-        
-
-3.22 int ``SSL_set_wfd`` (SSL * ssl, int fd)
-
-    Arguments::
-    
-        ssl - SSL point
-        fd  - socket id
-    
-    Return::
-    
-        1 : OK
-        0 : failed
-        
-    Description::
-    
-        set write only socket to SSL
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL *ssl;
-            int socket;
-                        
-            ... ...
-            
-            ret = SSL_set_wfd(ssl, socket);
-        }
-        
-
-3.23 int ``SSL_version`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        SSL version
-        
-    Description::
-    
-        get SSL version
-    
-    Example::
-    
-        void example(void)
-        {
-            int version;
-            SSL *ssl;
-                        
-            ... ...
-            
-            version = SSL_version(ssl);
-        }
-
-
-3.24 const char* ``SSL_get_version`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        SSL version string
-        
-    Description::
-    
-        get the SSL current version string
-    
-    Example::
-    
-        void example(void)
-        {
-            char *version;
-            SSL *ssl;
-                        
-            ... ...
-            
-            version = SSL_get_version(ssl);
-        }
-        
-        
-3.25 OSSL_HANDSHAKE_STATE ``SSL_get_state`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        SSL state
-        
-    Description::
-    
-        get the SSL state
-    
-    Example::
-    
-        void example(void)
-        {
-            OSSL_HANDSHAKE_STATE state;
-            SSL *ssl;
-                        
-            ... ...
-            
-            state = SSL_get_state(ssl);
-        }
-
-
-3.26 const char* ``SSL_alert_desc_string`` (int value)
-
-    Arguments::
-    
-        value - SSL description
-    
-    Return::
-    
-        alert value string
-        
-    Description::
-    
-        get alert description string
-    
-    Example::
-    
-        void example(void)
-        {
-            int val;
-            char *str;
-                        
-            ... ...
-            
-            str = SSL_alert_desc_string(val);
-        }
-
-
-3.27 const char* ``SSL_alert_desc_string_long`` (int value)
-
-    Arguments::
-    
-        value - SSL description
-    
-    Return::
-    
-        alert value long string
-        
-    Description::
-    
-        get alert description long string
-    
-    Example::
-    
-        void example(void)
-        {
-            int val;
-            char *str;
-                        
-            ... ...
-            
-            str = SSL_alert_desc_string_long(val);
-        }
-
-
-3.28 const char* ``SSL_alert_type_string`` (int value)
-
-    Arguments::
-    
-        value - SSL type description
-    
-    Return::
-    
-        alert type string
-        
-    Description::
-    
-        get alert type string
-    
-    Example::
-    
-        void example(void)
-        {
-            int val;
-            char *str;
-                        
-            ... ...
-            
-            str = SSL_alert_type_string(val);
-        }
-        
-        
-3.29 const char* ``SSL_alert_type_string_long`` (int value)
-
-    Arguments::
-    
-        value - SSL type description
-    
-    Return::
-    
-        alert type long string
-        
-    Description::
-    
-        get alert type long string
-    
-    Example::
-    
-        void example(void)
-        {
-            int val;
-            char *str;
-                        
-            ... ...
-            
-            str = SSL_alert_type_string_long(val);
-        }
-
-3.30 const char* ``SSL_rstate_string`` (SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        state string
-        
-    Description::
-    
-        get the state string where SSL is reading
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            char *str;
-                        
-            ... ...
-            
-            str = SSL_rstate_string(ssl);
-        }
-        
-
-3.31 const char* ``SSL_rstate_string_long`` (SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        state long string
-        
-    Description::
-    
-        get the state long string where SSL is reading
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            char *str;
-                        
-            ... ...
-            
-            str = SSL_rstate_string_long(ssl);
-        }
-
-
-3.32 const char* ``SSL_state_string`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        state string
-        
-    Description::
-    
-        get the state string
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            const char *str;
-                        
-            ... ...
-            
-            str = SSL_state_string(ssl);
-        }
-
-
-3.33 char* ``SSL_state_string_long`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        state long string
-        
-    Description::
-    
-        get the state long string
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            char *str;
-                        
-            ... ...
-            
-            str = SSL_state_string(ssl);
-        }
-
-
-3.34 int ``SSL_get_error`` (const SSL * ssl, int ret_code)
-
-    Arguments::
-    
-        ssl      - SSL point
-        ret_code - SSL return code
-    
-    Return::
-    
-        SSL error number
-        
-    Description::
-    
-        get SSL error code
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            int ret;
-            int err;
-                        
-            ... ...
-            
-            err = SSL_get_error(ssl, ret);
-        }
-
-3.35 int ``SSL_want`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        specifical statement
-        
-    Description::
-    
-        get the SSL specifical statement
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            int state;
-                        
-            ... ...
-            
-            state = SSL_want(ssl);
-        }
-        
-
-3.36 int ``SSL_want_nothing`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        0 : false
-        1 : true
-        
-    Description::
-    
-        check if SSL want nothing
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            int ret;
-                        
-            ... ...
-            
-            ret = SSL_want(ssl);
-        }
-        
-        
-3.37 int ``SSL_want_read`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        0 : false
-        1 : true
-        
-    Description::
-    
-        check if SSL want to read
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            int ret;
-                        
-            ... ...
-            
-            ret = SSL_want_read(ssl);
-        }
-
-
-3.38 int ``SSL_want_write`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        0 : false
-        1 : true
-        
-    Description::
-    
-        check if SSL want to write
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            int ret;
-                        
-            ... ...
-            
-            ret = SSL_want_write(ssl);
-        }        
-
-
-Chapter 4. SSL X509 Certification and Private Key Function
-==========================================================
-
-
-4.1 X509 * ``d2i_X509`` (X509 ** cert, const unsigned char * buffer, long len)
-
-    Arguments::
-    
-        cert   - a point pointed to X509 certification
-        buffer - a point pointed to the certification context memory point
-        length - certification bytes
-    
-    Return::
-    
-        X509 certification object point
-        
-    Description::
-    
-        load a character certification context into system context. If '*cert' is pointed to the
-        certification, then load certification into it. Or create a new X509 certification object
-    
-    Example::
-    
-        void example(void)
-        {
-            X509 *new;
-            X509 *cert;
-            unsigned char *buffer;
-            long len;            
-            ... ...
-            
-            new = d2i_X509(&cert, buffer, len);
-        }
-
-
-4.2 int ``SSL_add_client_CA`` (SSL * ssl, X509 * x)
-
-    Arguments::
-    
-        ssl - SSL point
-        x   - CA certification point
-    
-    Return::
-
-        1 : OK
-        0 : failed
-        
-    Description::
-    
-        add CA client certification into the SSL
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL *ssl;
-            X509 *new;
-                        
-            ... ...
-            
-            ret = SSL_add_client_CA(ssl, new);
-        }
-
-
-4.3 int ``SSL_CTX_add_client_CA`` (SSL_CTX * ctx, X509 * x)
-
-    Arguments::
-    
-        ctx - SSL context point
-         x   - CA certification point
-    
-    Return::
-
-        1 : OK
-        0 : failed
-        
-    Description::
-    
-        add CA client certification into the SSL context
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL_CTX *ctx;
-            X509 *new;
-                        
-            ... ...
-            
-            ret = SSL_add_clSSL_CTX_add_client_CAient_CA(ctx, new);
-        }
-
-
-4.4 X509* ``SSL_get_certificate`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        SSL certification point
-        
-    Description::
-    
-        get the SSL certification point
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            X509 *cert;
-                        
-            ... ...
-            
-            cert = SSL_get_certificate(ssl);
-        }
-
-
-4.5 long ``SSL_get_verify_result`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        the result of verifying
-        
-    Description::
-    
-        get the verifying result of the SSL certification
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            long ret;
-                        
-            ... ...
-            
-            ret = SSL_get_verify_result(ssl);
-        }
-
-
-4.6 int ``SSL_CTX_use_certificate`` (SSL_CTX * ctx, X509 * x)
-
-    Arguments::
-    
-        ctx  - the SSL context point
-        pkey - certification object point
-    
-    Return::
-    
-        1 : OK
-        0 : failed
-        
-    Description::
-    
-        load the certification into the SSL_CTX or SSL object
- 
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL_CTX *ctx
-            X509 *new;
-                        
-            ... ...
-            
-            ret = SSL_CTX_use_certificate(ctx, new);
-        }
-
-
-4.7 int ``SSL_CTX_use_certificate_ASN1`` (SSL_CTX * ctx, int len, const unsigned char * d)
-
-    Arguments::
-    
-        ctx - SSL context point
-        len - certification length
-        d   - data point
-    
-    Return::
-     
-        1 : OK
-        0 : failed
-        
-    Description::
-    
-        load the ASN1 certification into SSL context
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL_CTX *ctx;
-            const unsigned char *buf;
-            int len;
-                        
-            ... ...
-            
-            ret = SSL_CTX_use_certificate_ASN1(ctx, len, buf);
-        }
-        
-
-4.8 int ``SSL_CTX_use_PrivateKey`` (SSL_CTX * ctx, EVP_PKEY * pkey)
-
-    Arguments::
-    
-        ctx - SSL context point
-        pkey - private key object point
-    
-    Return::
-
-        1 : OK
-        0 : failed
-        
-    Description::
-    
-        load the private key into the context object
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL_CTX *ctx;
-            EVP_PKEY *pkey;
-                        
-            ... ...
-            
-            ret = SSL_CTX_use_PrivateKey(ctx, pkey);
-        }
-
-
-4.9 int ``SSL_CTX_use_PrivateKey_ASN1`` (int pk, SSL_CTX * ctx, const unsigned char * d,  long len)
-
-    Arguments::
-    
-        ctx - SSL context point
-        d   - data point
-        len - private key length
-    
-    Return::
-    
-        1 : OK
-        0 : failed
-        
-    Description::
-    
-        load the ASN1 private key into SSL context
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            int pk;
-            SSL_CTX *ctx;
-            const unsigned char *buf;
-            long len;
-                        
-            ... ...
-            
-            ret = SSL_CTX_use_PrivateKey_ASN1(pk, ctx, buf, len);
-        }
-        
-
-4.10 int ``SSL_CTX_use_RSAPrivateKey_ASN1`` (SSL_CTX * ctx, const unsigned char * d, long len)
-
-    Arguments::
-    
-        ctx - SSL context point
-        d   - data point
-        len - private key length
-    
-    Return::
-    
-        1 : OK
-        0 : failed
-        
-    Description::
-    
-        load the RSA ASN1 private key into SSL context
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL_CTX *ctx;
-            const unsigned char *buf;
-            long len;
-                        
-            ... ...
-            
-            ret = SSL_CTX_use_RSAPrivateKey_ASN1(ctx, buf, len);
-        }
-
-
-4.11 int ``SSL_use_certificate_ASN1`` (SSL * ssl, int len, const unsigned char * d)
-
-    Arguments::
-    
-        ssl - SSL point
-        len - data bytes
-        d   - data point
-    
-    Return::
-    
-        1 : OK
-        0 : failed
-        
-    Description::
-    
-        load certification into the SSL
-    
-    Example::
-    
-        void example(void)
-        {
-            int ret;
-            SSL *ssl;
-            const unsigned char *buf;
-            long len;
-                        
-            ... ...
-            
-            ret = SSL_use_certificate_ASN1(ssl, len, buf);
-        }
-
-
-4.12 X509* ``SSL_get_peer_certificate`` (const SSL * ssl)
-
-    Arguments::
-    
-        ssl - SSL point
-    
-    Return::
-    
-        peer certification
-        
-    Description::
-    
-        get peer certification
-    
-    Example::
-    
-        void example(void)
-        {
-            SSL *ssl;
-            X509 *peer;
-                        
-            ... ...
-            
-            peer = SSL_get_peer_certificate(ssl);
-        }
-

docs/en/migration-guides/removed-components.rst

@@ -22,3 +22,5 @@ For example, to install libsodium component with exact version X.Y, run: ``idf.p
 To install libsodium component with the latest version compatible to X.Y according to `semver <https://semver.org/>`_ rules, run: ``idf.py add-dependency libsodium~X.Y``.
 
 To find out which versions of each component are available, open https://components.espressif.com, search for the component by its name and check the versions listed on the component page.
+
+.. note:: OpenSSL-API component is no longer supported. It is not available in the IDF Component Registry, either. Please use :doc:`ESP-TLS </api-reference/protocols/esp_tls>` or :component:`mbedtls` API directly.

docs/zh_CN/api-reference/protocols/index.rst

@@ -18,7 +18,6 @@
     esp_https_server
     icmp_echo
     mdns
-    openssl_apis
 
 此 API 部分的示例代码存放在 ESP-IDF 示例项目的 :example:`protocols` 目录下。
 

docs/zh_CN/api-reference/protocols/openssl_apis.rst

@@ -1 +0,0 @@
-.. include:: ../../../en/api-reference/protocols/openssl_apis.rst

tools/ci/check_copyright_ignore.txt

@@ -1304,33 +1304,6 @@ components/nvs_flash/test_nvs_host/test_nvs_initialization.cpp
 components/nvs_flash/test_nvs_host/test_nvs_partition.cpp
 components/nvs_flash/test_nvs_host/test_nvs_storage.cpp
 components/nvs_flash/test_nvs_host/test_spi_flash_emulation.cpp
-components/openssl/include/internal/ssl3.h
-components/openssl/include/internal/ssl_cert.h
-components/openssl/include/internal/ssl_code.h
-components/openssl/include/internal/ssl_dbg.h
-components/openssl/include/internal/ssl_lib.h
-components/openssl/include/internal/ssl_methods.h
-components/openssl/include/internal/ssl_pkey.h
-components/openssl/include/internal/ssl_stack.h
-components/openssl/include/internal/ssl_types.h
-components/openssl/include/internal/ssl_x509.h
-components/openssl/include/internal/tls1.h
-components/openssl/include/internal/x509_vfy.h
-components/openssl/include/openssl/bio.h
-components/openssl/include/openssl/err.h
-components/openssl/include/platform/ssl_opt.h
-components/openssl/include/platform/ssl_pm.h
-components/openssl/include/platform/ssl_port.h
-components/openssl/library/ssl_bio.c
-components/openssl/library/ssl_cert.c
-components/openssl/library/ssl_err.c
-components/openssl/library/ssl_lib.c
-components/openssl/library/ssl_methods.c
-components/openssl/library/ssl_pkey.c
-components/openssl/library/ssl_stack.c
-components/openssl/platform/ssl_pm.c
-components/openssl/platform/ssl_port.c
-components/openssl/test/test_openssl.c
 components/openthread/include/esp_openthread.h
 components/openthread/include/esp_openthread_lock.h
 components/openthread/include/esp_openthread_netif_glue.h
@@ -2488,12 +2461,6 @@ examples/protocols/mqtt/ws/main/app_main.c
 examples/protocols/mqtt/ws/mqtt_ws_example_test.py
 examples/protocols/mqtt/wss/main/app_main.c
 examples/protocols/mqtt/wss/mqtt_wss_example_test.py
-examples/protocols/openssl_client/example_test.py
-examples/protocols/openssl_client/main/openssl_client_example.h
-examples/protocols/openssl_client/main/openssl_client_example_main.c
-examples/protocols/openssl_server/example_test.py
-examples/protocols/openssl_server/main/openssl_server_example.h
-examples/protocols/openssl_server/main/openssl_server_example_main.c
 examples/protocols/slip/slip_udp/components/slip_modem/include/slip_modem.h
 examples/protocols/slip/slip_udp/main/slip_client_main.c
 examples/protocols/smtp_client/main/smtp_client_example_main.c

tools/test_apps/protocols/openssl/CMakeLists.txt

@@ -1,14 +0,0 @@
-# The following four lines of boilerplate have to be in your project's CMakeLists
-# in this exact order for cmake to work correctly
-cmake_minimum_required(VERSION 3.5)
-
-# (Not part of the boilerplate)
-# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
-
-include($ENV{IDF_PATH}/tools/cmake/project.cmake)
-
-project(openssl_connect_test)
-
-target_add_binary_data(openssl_connect_test.elf "client_certs/ca.crt" TEXT)
-target_add_binary_data(openssl_connect_test.elf "client_certs/ca.key" TEXT)

tools/test_apps/protocols/openssl/README.md

@@ -1,14 +0,0 @@
-| Supported Targets | ESP32 | ESP32-S2 | ESP32-C3 |
-| ----------------- | ----- | -------- | -------- |
-
-# ESP-OPENSSL connect test project
-
-Main purpose of this application is to test the ESP-OPENSSL library to correctly connect/refuse connectio with TLS servers.
-It is possible to run this example manually without any test to exercise ESP-OPENSSL library.
-
-## Runtime settings
-This app waits for user input to provide these parameters:
- test-type: "conn" connection test (host, port, test-case)
-
-## Hardware Required
-This test-app can be executed on any ESP32 board, the only required interface is WiFi and connection to a local network and tls server.

tools/test_apps/protocols/openssl/app_test.py

@@ -1,126 +0,0 @@
-from __future__ import print_function, unicode_literals
-
-import os
-import re
-import socket
-import ssl
-from threading import Event, Thread
-
-import ttfw_idf
-
-SERVER_CERTS_DIR = 'server_certs/'
-
-
-def _path(f):
-    return os.path.join(os.path.dirname(os.path.realpath(__file__)),f)
-
-
-def get_my_ip():
-    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
-    try:
-        # doesn't even have to be reachable
-        s.connect(('10.255.255.255', 1))
-        IP = s.getsockname()[0]
-    except socket.error:
-        IP = '127.0.0.1'
-    finally:
-        s.close()
-    return IP
-
-
-# Simple TLS server
-class TlsServer:
-
-    def __init__(self, port, negotiated_protocol=ssl.PROTOCOL_TLSv1):
-        self.port = port
-        self.socket = socket.socket()
-        self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-        self.socket.settimeout(20.0)
-        self.shutdown = Event()
-        self.negotiated_protocol = negotiated_protocol
-        self.conn = None
-        self.ssl_error = None
-        self.server_thread = None
-
-    def __enter__(self):
-        try:
-            self.socket.bind(('', self.port))
-        except socket.error as e:
-            print('Bind failed:{}'.format(e))
-            raise
-
-        self.socket.listen(1)
-        self.server_thread = Thread(target=self.run_server)
-        self.server_thread.start()
-
-        return self
-
-    def __exit__(self, exc_type, exc_value, traceback):
-        self.shutdown.set()
-        self.server_thread.join()
-        self.socket.close()
-        if (self.conn is not None):
-            self.conn.close()
-
-    def run_server(self):
-        context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
-        context.load_verify_locations(cafile=_path(SERVER_CERTS_DIR + 'ca.crt'))
-        context.load_cert_chain(certfile=_path(SERVER_CERTS_DIR + 'server.crt'), keyfile=_path(SERVER_CERTS_DIR + 'server.key'))
-        context.verify_flags = self.negotiated_protocol
-        self.socket = context.wrap_socket(self.socket, server_side=True)
-        try:
-            print('Listening socket')
-            self.conn, address = self.socket.accept()  # accept new connection
-            self.socket.settimeout(20.0)
-            print(' - connection from: {}'.format(address))
-        except ssl.SSLError as e:
-            self.conn = None
-            self.ssl_error = str(e)
-            print(' - SSLError: {}'.format(str(e)))
-
-
-@ttfw_idf.idf_custom_test(env_tag='Example_WIFI', group='test-apps')
-def test_app_esp_openssl(env, extra_data):
-    dut1 = env.get_dut('openssl_connect_test', 'tools/test_apps/protocols/openssl', dut_class=ttfw_idf.ESP32DUT)
-    # check and log bin size
-    binary_file = os.path.join(dut1.app.binary_path, 'openssl_connect_test.bin')
-    bin_size = os.path.getsize(binary_file)
-    ttfw_idf.log_performance('openssl_connect_test_bin_size', '{}KB'.format(bin_size // 1024))
-    dut1.start_app()
-    esp_ip = dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30)
-    print('Got IP={}'.format(esp_ip[0]))
-    ip = get_my_ip()
-    server_port = 2222
-
-    def start_case(case, desc, negotiated_protocol, result):
-        with TlsServer(server_port, negotiated_protocol=negotiated_protocol):
-            print('Starting {}: {}'.format(case, desc))
-            dut1.write('conn {} {} {}'.format(ip, server_port, case))
-            dut1.expect(re.compile(result), timeout=10)
-            return case
-
-    # start test cases
-    start_case(
-        case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE',
-        desc='Connect with verify_none mode using wrong certs',
-        negotiated_protocol=ssl.PROTOCOL_TLSv1_1,
-        result='SSL Connection Succeed')
-    start_case(
-        case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER',
-        desc='Connect with verify_peer mode using wrong certs',
-        negotiated_protocol=ssl.PROTOCOL_TLSv1_1,
-        result='SSL Connection Failed')
-    start_case(
-        case='CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE',
-        desc='Connect with verify_none mode using wrong certs',
-        negotiated_protocol=ssl.PROTOCOL_TLSv1_2,
-        result='SSL Connection Succeed')
-    start_case(
-        case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER',
-        desc='Connect with verify_peer mode using wrong certs',
-        negotiated_protocol=ssl.PROTOCOL_TLSv1_2,
-        result='SSL Connection Failed')
-
-
-if __name__ == '__main__':
-    test_app_esp_openssl()

tools/test_apps/protocols/openssl/client_certs/ca.crt

@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDTTCCAjWgAwIBAgIUV+ePqdbRF3ln6vDyuopcmiQjLNcwDQYJKoZIhvcNAQEL
-BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
-CUVzcHJlc3NpZjAeFw0yMDEwMDQyMTA3MzhaFw0yMDExMDMyMTA3MzhaMDYxCzAJ
-BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
-aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdrEr3ams2MvGm8Xqd
-9uMikvx/lQ2S1l5FD8kP7SaMmQJ6I9pLaDTSPzg7ZdiI94B7v1s+DJUPe9t9+Drb
-zk1fyI9SFooSkiTKcNcDq0MIKlI/6pBp9B86Bn+wpLL+u8G6616X8ERREltJ/HJh
-oR41zCHWYKmkRIEMfXPcRbiqw4dNtos5si26MIbBzouUAaN1odXnXGZxntAn3AmR
-jQso9GkW2YlrLhpUFgwLxzJZE8EOZsYXvo4X0/n+LoZIiRAGnX6Zy45zMTWAP5ZL
-DEo4RT8a2wOHXw6/as/ec7d7pZHk3lSzsfSONH38OWprieOqqnAK1TqBcjggPXvE
-pRq/AgMBAAGjUzBRMB0GA1UdDgQWBBSA0K7lXEuCBvJ5pBixVYLN3lXwDDAfBgNV
-HSMEGDAWgBSA0K7lXEuCBvJ5pBixVYLN3lXwDDAPBgNVHRMBAf8EBTADAQH/MA0G
-CSqGSIb3DQEBCwUAA4IBAQCaMiRZpBr48Nq4S1xMkPw+ILeyGxwHdHKYMuqrEtKW
-ErRy1lij6ShCjKdXGLmjwOAtq8UV5BvtD6Rak88GwiP2D9Jn8Jw4oF7CGxQw/tjQ
-+MxRF7ok8XNyp5fYkhGRYph0cMDhfYObku/cE9ser1UxKSq/szS9orTduyUfJZYd
-Doe6R7KNTq9uPKs5Gk2Lu7gflqlcv89j+r+r+uWf45uLXGP/8iZ9KEJB7xKuNAR1
-z1HovlFW1h08eLYpaLFKRXkSSmUhdEE59mdIYhToE9AHgoyGJqz3tkhzleRn6lmA
-JhDVxbm2xFHWCG9SJ6f8OYHpjOrAKXlX45zOLjUVcsN9
------END CERTIFICATE-----

tools/test_apps/protocols/openssl/client_certs/ca.key

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAnaxK92prNjLxpvF6nfbjIpL8f5UNktZeRQ/JD+0mjJkCeiPa
-S2g00j84O2XYiPeAe79bPgyVD3vbffg6285NX8iPUhaKEpIkynDXA6tDCCpSP+qQ
-afQfOgZ/sKSy/rvBuutel/BEURJbSfxyYaEeNcwh1mCppESBDH1z3EW4qsOHTbaL
-ObItujCGwc6LlAGjdaHV51xmcZ7QJ9wJkY0LKPRpFtmJay4aVBYMC8cyWRPBDmbG
-F76OF9P5/i6GSIkQBp1+mcuOczE1gD+WSwxKOEU/GtsDh18Ov2rP3nO3e6WR5N5U
-s7H0jjR9/Dlqa4njqqpwCtU6gXI4ID17xKUavwIDAQABAoIBAAMEVvLhAGgrFWCi
-Yjw/ix0QPvCaA4Z5v5gGs0wwt3odO2Tm5rhmqAwV1ZedXUVRpw23HaHUT83aCtsg
-MtAd5HEev09MyxuL3FRbUGHrlv7DAIvkixrb5vUPRsY0gJBLO2u+MTMrD8OVXFXQ
-FMg1cwSIgWU+uEBCZ0274MmoM95gk7ZFI3f5TSjFshSBdcaoewdZS0hhKo9GlhmY
-Y/zRT0sQfzKZX8zRslqsWjHuJ1um8w+SRZhGX1Pdl8tZpAGoQASzaelJuNAzSQoD
-wW+FhpMKAB4VNwgNOD1BDelDdJb1VlK+mt5I/U1tvetynks6NbuEqtMoKFQSXyVH
-LLU7V9ECgYEA0U9mtFfmEyZDmvZaPBeiYwC5gYg5NK7QYFvIibkjvIrPvQUIP5jn
-kvrZv2Nsyf6iH6oq4xhS8n+JhzteAOJu56YprHbOXcVo7KhxiUcqvUCWyrwL7LiC
-zv0nVXW1SGNtSsZ334eI1B27L6wkVLTsz3tKPldn93s7zBE2tsbO2S0CgYEAwNgq
-vO60mYrEu/u6Eje59PULuODiFX+cwJoqCmsh1Uc4N3ty5B3pm0eI4aCGPYWpA0aQ
-ktxQVVHgXIVHDrqRCY+FqSoBQJ4/QNHtMYA23Uk5CcnrCKrhFtUwdXHbC2Lz1Men
-DA8zaxJaaJvqREpQH6w7YLDGyH1Klpe9R4/+3xsCgYBacPKx7mEt2RTROq2W1aeH
-G+MMQ25kgzzqxf4K9IKqj1hgFnKP+GPnsJiyCCYTygEHqaHKatI8kjs8wbxGqZC+
-a6AKM3PMNOa3i7kzVhrzl5sQktycNsXe5qg+VxQz6TJqYwOdBJVtAkPFv54bM+o3
-ZNCZy27TEt6tuKppo9HxKQKBgQCKYNNSHWvknaoMRla/ydMbTldqA5zX1mlx3235
-aeSuOVvCnEfWHwzJSuyTEvAg529fFVyatZLDlmwLl+tkS0XV+XHs8GJTrvouljTB
-B4LXCTrvpj+MSaoZC0OpktiedBQJhHZ+9c1ssI/FbtQMytJx19IH0PHjXdyO8TV2
-S4KVLwKBgQCYEldaRhQhRVD2JiY2qWqdqDSytX+NkSMF7uJQeAtx1xD+mCQQpKPA
-UviFoCpd6X2m2rGpEy/hOAlciS4LDuwzBlIR5XZgtIbTap5l0/fwS4cEvoP3ncYs
-y8v+dZLTwu81IlShVIN1c0SszX+yNrVyfdvLLV1boOX4YzE75EObiw==
------END RSA PRIVATE KEY-----

tools/test_apps/protocols/openssl/main/CMakeLists.txt

@@ -1,2 +0,0 @@
-idf_component_register(SRCS "main.c" "connect_test.c"
-                       INCLUDE_DIRS ".")

tools/test_apps/protocols/openssl/main/connect_test.c

@@ -1,131 +0,0 @@
-#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING
-
-#include <sys/socket.h>
-#include <unistd.h>
-#include <netdb.h>
-#include <openssl/ssl.h>
-#include "esp_log.h"
-
-static const char *TAG = "OPENSSL_TEST";
-
-static int open_connection(const char *host, const int port)
-{
-    struct sockaddr_in addr;
-    struct hostent *h;
-    int sd;
-    if ((h = gethostbyname(host)) == NULL) {
-        ESP_LOGI(TAG, "Failed to get host name %s", host);
-        return -1;
-    }
-    sd = socket(AF_INET, SOCK_STREAM, 0);
-    bzero(&addr, sizeof(addr));
-    addr.sin_family = AF_INET;
-    addr.sin_port = htons(port);
-    addr.sin_addr.s_addr = *(long*)(h->h_addr);
-    if (connect(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0) {
-        return -1;
-    }
-    return sd;
-}
-
-static SSL_CTX* init_ctx(const char *test_case)
-{
-    extern const unsigned char cacert_pem_start[] asm("_binary_ca_crt_start");
-    extern const unsigned char cacert_pem_end[]   asm("_binary_ca_crt_end");
-    const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
-    const SSL_METHOD *method = NULL;
-    SSL_CTX *ctx = NULL;
-    if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) {
-        method = TLSv1_1_client_method();
-        ctx = SSL_CTX_new(method);   /* Create new context */
-        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
-    } else if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER") == 0) {
-        method = TLSv1_1_client_method();
-        ctx = SSL_CTX_new(method);   /* Create new context */
-        SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
-    } else if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) {
-        method = TLSv1_2_client_method();
-        ctx = SSL_CTX_new(method);   /* Create new context */
-        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
-    } else if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_PEER") == 0) {
-        method = TLSv1_2_client_method();
-        ctx = SSL_CTX_new(method);   /* Create new context */
-        SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
-    }
-    X509 *x = d2i_X509(NULL, cacert_pem_start, cacert_pem_bytes);
-    if(!x) {
-        ESP_LOGI(TAG, "Loading certs failed");
-        goto failed;
-    }
-    SSL_CTX_add_client_CA(ctx, x);
-    return ctx;
-failed:
-    return NULL;
-}
-
-static void start_test(const char *host, const int port, const char *test_case)
-{
-    SSL_CTX *ctx = NULL;
-    SSL *ssl = NULL;
-    int sockfd;
-    int ret;
-
-    ESP_LOGI(TAG, "Test %s started", test_case);
-    ctx = init_ctx(test_case);
-    if (!ctx) {
-        ESP_LOGI(TAG, "Failed");
-        goto failed1;
-    }
-    ESP_LOGI(TAG, "Trying connect to %s port %d test case %s ...", host, port, test_case);
-    sockfd = open_connection(host, port);
-    if(sockfd < 0) {
-        ESP_LOGI(TAG,"Failed");
-        goto failed1;
-    }
-    ESP_LOGI(TAG, "OK");
-    ESP_LOGI(TAG, "Create SSL obj");
-    ssl = SSL_new(ctx);
-    if (!ssl) {
-        ESP_LOGI(TAG,"Failed");
-        goto failed2;
-    }
-    ESP_LOGI(TAG, "OK");
-    SSL_set_fd(ssl, sockfd);
-    ESP_LOGI(TAG, "SSL verify mode = %d connected to %s port %d ...", SSL_CTX_get_verify_mode(ctx),
-        host, port);
-    ret = SSL_connect(ssl);
-    ESP_LOGI(TAG, "OK");
-    if (ret <= 0) {
-        ESP_LOGI(TAG,"SSL Connection Failed");
-        goto failed3;
-    }
-    ESP_LOGI(TAG,"SSL Connection Succeed");
-failed3:
-    SSL_free(ssl);
-    ssl = NULL;
-failed2:
-    close(sockfd);
-    sockfd = -1;
-failed1:
-    SSL_CTX_free(ctx);
-    ctx = NULL;
-}
-
-static void scan(char *s, char **test_type, char **host, int *p, char **test_case)
-{
-    const char *delim = " ";
-    *test_type = strtok(s, delim);
-    *host = strtok(NULL, delim);
-    *p = atoi(strtok(NULL, delim));
-    *test_case = strtok(NULL, delim);
-}
-
-void connection_test(char *line)
-{
-    char *test_case;
-    char *test_type;
-    char *host;
-    int port;
-    scan(line, &test_type, &host, &port, &test_case);
-    start_test(host, port, test_case);
-}

tools/test_apps/protocols/openssl/main/main.c

@@ -1,70 +0,0 @@
-/* OpenSSL client test
-
-   This example code is in the Public Domain (or CC0 licensed, at your option.)
-
-   Unless required by applicable law or agreed to in writing, this
-   software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-   CONDITIONS OF ANY KIND, either express or implied.
-*/
-#include <stdio.h>
-#include <stddef.h>
-#include <string.h>
-#include "esp_system.h"
-#include "nvs_flash.h"
-#include "esp_event.h"
-#include "esp_netif.h"
-#include "esp_log.h"
-#include "protocol_examples_common.h"
-
-static const char *TAG = "OPENSSL_TEST";
-void connection_test(char *line);
-
-static void get_string(char *line, size_t size)
-{
-    int count = 0;
-    while (count < size) {
-        int c = fgetc(stdin);
-        if (c == '\n') {
-            line[count] = '\0';
-            break;
-        } else if (c > 0 && c < 127) {
-            line[count] = c;
-            ++count;
-        }
-        vTaskDelay(10 / portTICK_PERIOD_MS);
-    }
-}
-
-void app_main(void)
-{
-    char line[256];
-
-    ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size());
-    ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version());
-
-    esp_log_level_set("*", ESP_LOG_INFO);
-    esp_log_level_set("OPENSSL_CLIENT", ESP_LOG_VERBOSE);
-    esp_log_level_set("TRANSPORT_BASE", ESP_LOG_VERBOSE);
-    esp_log_level_set("TRANSPORT", ESP_LOG_VERBOSE);
-    esp_log_level_set("OUTBOX", ESP_LOG_VERBOSE);
-
-    ESP_ERROR_CHECK(nvs_flash_init());
-    ESP_ERROR_CHECK(esp_netif_init());
-    ESP_ERROR_CHECK(esp_event_loop_create_default());
-
-    /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
-     * Read "Establishing Wi-Fi or Ethernet Connection" section in
-     * examples/protocols/README.md for more information about this function.
-     */
-    ESP_ERROR_CHECK(example_connect());
-
-    while (1) {
-        get_string(line, sizeof(line));
-        if (memcmp(line, "conn", 4) == 0) {
-            // line starting with "conn" indicate connection tests
-            connection_test(line);
-            get_string(line, sizeof(line));
-            continue;
-        }
-    }
-}

tools/test_apps/protocols/openssl/server_certs/ca.crt

@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL
-BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
-CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ
-BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
-aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP
-yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug
-0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+
-coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ
-tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl
-IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx
-oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV
-HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G
-CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU
-Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY
-XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr
-8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY
-fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF
-AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2
------END CERTIFICATE-----

tools/test_apps/protocols/openssl/server_certs/ca.key

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+
-trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz
-kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp
-QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS
-HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94
-XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0
-VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui
-khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA
-wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd
-ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF
-qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB
-t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/
-8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X
-BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9
-Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU
-EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI
-pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl
-F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA
-/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A
-zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H
-DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW
-6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt
-Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj
-gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f
-eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ==
------END RSA PRIVATE KEY-----

tools/test_apps/protocols/openssl/server_certs/ca.srl

@@ -1 +0,0 @@
-2F41CC40E62F73ACADA631D44C6D40D87504A661

tools/test_apps/protocols/openssl/server_certs/server.crt

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDCTCCAfECFC9BzEDmL3OsraYx1ExtQNh1BKZhMA0GCSqGSIb3DQEBCwUAMDYx
-CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3By
-ZXNzaWYwHhcNMjAwOTIzMDgwMDE5WhcNNDgwMjA5MDgwMDE5WjBMMQswCQYDVQQG
-EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UECgwJRXNwcmVzc2lmMRQw
-EgYDVQQDDAtDb21tb24gTmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBANjphhEwXDfNjysOcPKhLoQQyZa/5ku3bZFHwlNf4XXbkmPOUgjWOq4JMDC6
-WZB93Ey+OJHIowuoPkADlUtsWRgSLizttn50hcO9PWLfd4NBoNJGqJmh38UiS1tB
-SO7YaFcAuXkv+SoirMw5bYuRTJQD8G/j5juvsMUWhif9WsYLPYurkksZqvdZHhrG
-nRqPD76RwXpzPwMa5OOj3N9jIxrt4NI8vizjS4weq3e/VNNZS6L93CZFFDB+O382
-ijtavThQ+S9LMyHe+EtoGyF/aSJk58pwo0J+u6t1iblHEBz0O3ZEuUn4vjtNSNnz
-f2Mbc/MlPWoibTe2uw7XxbHyaQMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdpNQ
-lPHWiXizOxK46pI2EfeggUTtlAFoDvAT+s2SdlwZKNw6Hf80yFJ55nnOgmiMN9aq
-x7oXFBPdxhgWStqR+yN0KRyoc+5AS3lz4m61l2jIRYYhg7ItURxujGQPfHPcmQSp
-A+gkMXt0DBsdYBz/xxa4Bgw9S/BWUsXMLPG95SAPpAObSZEs/QXagVg0fxzdZTc9
-fajmP8S/5sO3MM+krpyh1NcrJZKm9poHYCG8bBOz19SNPl46eQHdoud3dstHPn0Q
-+Jmg12w4HZ4Z5CU4zcgCWsGf0D/ezg15NEYU5r3hyskqFtTjOdoXY9cTdmgAtPGn
-NiUtKzHKywP+pO5h0Q==
------END CERTIFICATE-----

tools/test_apps/protocols/openssl/server_certs/server.csr

@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICkTCCAXkCAQAwTDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
-EjAQBgNVBAoMCUVzcHJlc3NpZjEUMBIGA1UEAwwLQ29tbW9uIE5hbWUwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY6YYRMFw3zY8rDnDyoS6EEMmWv+ZL
-t22RR8JTX+F125JjzlII1jquCTAwulmQfdxMvjiRyKMLqD5AA5VLbFkYEi4s7bZ+
-dIXDvT1i33eDQaDSRqiZod/FIktbQUju2GhXALl5L/kqIqzMOW2LkUyUA/Bv4+Y7
-r7DFFoYn/VrGCz2Lq5JLGar3WR4axp0ajw++kcF6cz8DGuTjo9zfYyMa7eDSPL4s
-40uMHqt3v1TTWUui/dwmRRQwfjt/Noo7Wr04UPkvSzMh3vhLaBshf2kiZOfKcKNC
-frurdYm5RxAc9Dt2RLlJ+L47TUjZ839jG3PzJT1qIm03trsO18Wx8mkDAgMBAAGg
-ADANBgkqhkiG9w0BAQsFAAOCAQEArUWZtrKI9cJEVP2WZXmsSI1vlLhSeqyv+d7z
-5nx5Nzmyuhkck75sA6h7cTZ+QPyJbaijDv8cVx7ZWNhwhIjOD0f7LGMK3EYa8skv
-SA92liKLL6zFWJKeJ/DhfM3PXp3g2jNKOwOuQkmWXdoqgR+VmlgA58gWS3EeBzNT
-C1MwqSd2s/DHOOoEg4FRAjH7DXUSW09vph7zRYr7KzDRSAaE+2S0FK2Uxl7pzpUc
-M2hh2GJ/yClP06XYl7OMFiIbp0hhyLBLLbXnZeYz570Cu8kCAhtfTE7CUiV7eAaY
-2/Bv8/a5qxaVEI2cbjJsmn0RURkXzo0a3FrXJPBeWqsKlPqlBQ==
------END CERTIFICATE REQUEST-----

tools/test_apps/protocols/openssl/server_certs/server.key

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA2OmGETBcN82PKw5w8qEuhBDJlr/mS7dtkUfCU1/hdduSY85S
-CNY6rgkwMLpZkH3cTL44kcijC6g+QAOVS2xZGBIuLO22fnSFw709Yt93g0Gg0kao
-maHfxSJLW0FI7thoVwC5eS/5KiKszDlti5FMlAPwb+PmO6+wxRaGJ/1axgs9i6uS
-Sxmq91keGsadGo8PvpHBenM/Axrk46Pc32MjGu3g0jy+LONLjB6rd79U01lLov3c
-JkUUMH47fzaKO1q9OFD5L0szId74S2gbIX9pImTnynCjQn67q3WJuUcQHPQ7dkS5
-Sfi+O01I2fN/Yxtz8yU9aiJtN7a7DtfFsfJpAwIDAQABAoIBAAxoh2/SSWQz0R3Q
-bKukhsmtQCrsfVsVeiIWbcphML+SOPSWp+CziJXOFsCi2F7IpGKLeybzyEfxbuYw
-jkjLQOl8mMGfM5JWThSdbbaLPAX5Kh79RcXMGcXoKVFmEasAHC/l7bY+BU3gv+vK
-2TZjsHLDKuzrp48AhOcxW6lL9/ZeMUcjg1Qr00s1KzYMpnPSQYT+dH5INTX1fxaY
-gIOAipe4Xg5nJKB7eqI7B4d6EJaQhp+SIwtb3aZnETqPLRJFlyiqbaUVPDwWQ4qz
-HtN+h749OdmhK6xOyfs02fJBrqpfSXT620qNZTsjfq+GoKCPL1VmSSVuzJtDDclH
-e6ikPcECgYEA7+GKRCGHrO8QpubcIVr6VoCz9pwdzFxm5DOjVWfR/kJ2i51ne+f5
-VTEfLlsLQmoY54sSm7ojqpqN+lM7vZfZ8S4V9M+6zGq1I6GK0CA4vTB39qRyqMcv
-O+DahEQ+H7DlUsZUYMTjyeSlYcd70h2uQiKQSkDaWKpMYhL6n2/lWuMCgYEA53zf
-GvhlB3QSw98vE07/xWEaZWpFGBgTdjMRl8lv0H7yiLV319ax5HwSJZrI9nCM23Lk
-CiubgVSb8qtwnbJGlsKgvYbngtOsJMOhggAovyYY6U414hJBwRJz4jb9RIub7cpX
-+9RQTw15I7UrQW/Gp7PtnViszDwLBMQOhg2dc2ECgYEA0jjcDV09I8bW1w3WuLyc
-Sxa7oFGso54O5cqDR6OWmrbwYOZu/F2NWqWT5/IN6gRFExYEFsmH3ElaR5iN8FeV
-vhFfWI577A1P9YvqtP6n+tTxLQttGJCGynkBx4xuzSMfteztoWirIBHrBcfmsXsl
-bfwQa6JuN+n2yrRLQ1Kys3UCgYBR/gPUPLkkK7Pd1vaIo0mq8trzovF4OEbkbfBE
-UCAfvGdRjt01ASGfaWbQFQQrbfAmZoppI8r/wyU9jgXkhVnFWoiuuNLVnv3xQ624
-KzBDjE30jTQ+r/LEXTHYpVuN5NlFH4+MbkZHyeDniesZUWsOyYdXXSpPaNEKThtK
-1hW34QKBgAcqVqoKWSFS2Z44LCE/E9npOxFHZdFsXy0U+EbLBNIoIEMbPex1c5ss
-nUzpvQcw8wpEcKn8RKIOMzJtdSat5yzGUIpziRHeSdyYK7pnBHn40SR2yQYDH/YO
-C9vrJRcoVFDOHmoQITCW/oOfL/QlKWgL54kmdHNDm8IqTKP2JYp4
------END RSA PRIVATE KEY-----