components/openssl: add license header

components/openssl/Makefile.projbuild

@@ -1,4 +1,3 @@
 # Anyone compiling mbedTLS code needs the name of the
 # alternative config file
-CFLAGS += -DMBEDTLS_CONFIG_FILE='"mbedtls/esp_config.h"'
 

components/openssl/include/internal/ssl3.h

@@ -1,3 +1,17 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #ifndef _SSL3_H_
 #define _SSL3_H_
 

components/openssl/include/internal/ssl_cert.h

@@ -1,11 +1,23 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #ifndef _SSL_CERT_H_
 #define _SSL_CERT_H_
 
-#include "ssl_pkey.h"
-#include "ssl_x509.h"
-
-CERT *ssl_cert_new(void);
+#include "ssl_types.h"
 
+CERT* ssl_cert_new(void);
 void ssl_cert_free(CERT *c);
 
 #endif

components/openssl/include/internal/ssl_code.h

@@ -1,3 +1,17 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #ifndef _SSL_CODE_H_
 #define _SSL_CODE_H_
 

components/openssl/include/internal/ssl_dbg.h

@@ -1,13 +1,29 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #ifndef _SSL_DEBUG_H_
 #define _SSL_DEBUG_H_
 
-#define SSL_DEBUG_ENBALE 0
+#define SSL_DEBUG_ENBALE 1
 #define SSL_DEBUG_LEVEL 0
 #define SSL_ASSERT_ENABLE 1
 #define SSL_DEBUG_LOCATION_ENABLE 1
 
 #if SSL_DEBUG_ENBALE
-    #define SSL_PRINT os_printf
+    extern int ets_printf(const char *fmt, ...);
+
+    #define SSL_PRINT ets_printf
 #else
     #define SSL_PRINT(...)
 #endif

components/openssl/include/internal/ssl_lib.h

@@ -1,3 +1,17 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #ifndef _SSL_LIB_H_
 #define _SSL_LIB_H_
 

components/openssl/include/internal/ssl_methods.h

@@ -1,3 +1,17 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #ifndef _SSL_METHODS_H_
 #define _SSL_METHODS_H_
 
@@ -8,7 +22,7 @@
                     set_fd, get_fd, \
                     set_bufflen, \
                     get_state) \
-        static const SSL_METHOD_FUNC func_name = { \
+        static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \
                 new, \
                 free, \
                 handshake, \
@@ -25,7 +39,7 @@
 
 #define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \
     const SSL_METHOD* func_name(void) { \
-        static const SSL_METHOD func_name##_data = { \
+        static const SSL_METHOD func_name##_data LOCAL_ATRR = { \
                 ver, \
                 mode, \
                 &(fun), \
@@ -35,7 +49,7 @@
 
 #define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \
     const SSL_METHOD* func_name(void) { \
-        static const SSL_METHOD func_name##_data = { \
+        static const SSL_METHOD func_name##_data LOCAL_ATRR = { \
                 ver, \
                 mode, \
                 &(fun), \
@@ -43,4 +57,37 @@
         return &func_name##_data; \
     }
 
+#define IMPLEMENT_X509_METHOD(func_name, \
+                new, \
+                free, \
+                load, \
+                unload) \
+    const X509_METHOD* func_name(void) { \
+        static const X509_METHOD func_name##_data LOCAL_ATRR = { \
+                new, \
+                free, \
+                load, \
+                unload, \
+        }; \
+        return &func_name##_data; \
+    }
+
+#define IMPLEMENT_PKEY_METHOD(func_name, \
+                new, \
+                free, \
+                load, \
+                unload) \
+    const PKEY_METHOD* func_name(void) { \
+        static const PKEY_METHOD func_name##_data LOCAL_ATRR = { \
+                new, \
+                free, \
+                load, \
+                unload, \
+        }; \
+        return &func_name##_data; \
+    }
+
+const X509_METHOD* X509_method(void);
+const PKEY_METHOD* EVP_PKEY_method(void);
+
 #endif

components/openssl/include/internal/ssl_pkey.h

@@ -1,9 +1,25 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #ifndef _SSL_PKEY_H_
 #define _SSL_PKEY_H_
 
 #include "ssl_types.h"
 
-EVP_PKEY *d2i_PrivateKey(int type,
+EVP_PKEY* EVP_PKEY_new(void);
+
+EVP_PKEY* d2i_PrivateKey(int type,
                          EVP_PKEY **a,
                          const unsigned char **pp,
                          long length);

components/openssl/include/internal/ssl_rsa.h

@@ -1,3 +1,17 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #ifndef _SSL_RSA_H_
 #define _SSL_RSA_H_
 

components/openssl/include/internal/ssl_types.h

@@ -1,8 +1,21 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #ifndef _SSL_TYPES_H_
 #define _SSL_TYPES_H_
 
 #include "ssl_code.h"
-#include <stddef.h>
 
 typedef void SSL_CIPHER;
 
@@ -47,15 +60,25 @@ typedef struct x509_st X509;
 struct evp_pkey_st;
 typedef struct evp_pkey_st EVP_PKEY;
 
+struct x509_method_st;
+typedef struct x509_method_st X509_METHOD;
+
+struct pkey_method_st;
+typedef struct pkey_method_st PKEY_METHOD;
+
 struct evp_pkey_st {
 
     void *pkey_pm;
+
+    const PKEY_METHOD *method;
 };
 
 struct x509_st {
 
     /* X509 certification platform private point */
     void *x509_pm;
+
+    const X509_METHOD *method;
 };
 
 struct cert_st {
@@ -111,6 +134,8 @@ struct ssl_ctx_st
     long session_timeout;
 
     int read_ahead;
+
+    int read_buffer_len;
 };
 
 struct ssl_st
@@ -183,8 +208,34 @@ struct ssl_method_func_st {
     OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl);
 };
 
+struct x509_method_st {
+
+    int (*x509_new)(X509 *x);
+
+    void (*x509_free)(X509 *x);
+
+    int (*x509_load)(X509 *x, const unsigned char *buf, int len);
+
+    void (*x509_unload)(X509 *x);
+};
+
+struct pkey_method_st {
+
+    int (*pkey_new)(EVP_PKEY *pkey);
+
+    void (*pkey_free)(EVP_PKEY *pkey);
+
+    int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len);
+
+    void (*pkey_unload)(EVP_PKEY *pkey);
+};
+
 typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out,
                              unsigned char *outlen, const unsigned char *in,
                              unsigned int inlen, void *arg);
 
+#define SSL_METHOD_CALL(f, s, ...)        s->method->func->ssl_##f(s, ##__VA_ARGS__)
+#define X509_METHOD_CALL(f, x, ...)       x->method->x509_##f(x, ##__VA_ARGS__)
+#define EVP_PKEY_METHOD_CALL(f, k, ...)   k->method->pkey_##f(k, ##__VA_ARGS__)
+
 #endif

components/openssl/include/internal/ssl_x509.h

@@ -1,3 +1,17 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #ifndef _SSL_X509_H_
 #define _SSL_X509_H_
 

components/openssl/include/internal/tls1.h

@@ -1,3 +1,17 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #ifndef _TLS1_H_
 #define _TLS1_H_
 

components/openssl/include/openssl/ssl.h

@@ -1,6 +1,21 @@
-#ifndef HEADER_SSL_H
-#define HEADER_SSL_H
-
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef _SSL_H_
+#define _SSL_H_
+
+#include "ssl_port.h"
 #include "internal/ssl_types.h"
 
 /*

components/openssl/include/platform/ssl_pm.h

@@ -1,14 +1,24 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #ifndef _SSL_PM_H_
 #define _SSL_PM_H_
 
 #include "ssl_types.h"
-#include "esp_types.h"
-#include "esp_system.h"
+#include "ssl_port.h"
 
-void* ssl_zalloc(size_t size);
-void *ssl_malloc(size_t size);
-void ssl_free(void *p);
-void* ssl_memcpy(void *to, const void *from, size_t size);
+#define LOCAL_ATRR
 
 int ssl_pm_new(SSL *ssl);
 void ssl_pm_free(SSL *ssl);
@@ -28,15 +38,15 @@ OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl);
 
 void ssl_pm_set_bufflen(SSL *ssl, int len);
 
-void* x509_pm_new(void);
-void x509_pm_free(void *pm);
-int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len);
-void x509_pm_unload_crt(void *pm);
-void x509_pm_start_ca(void *ssl, void *pm);
+int x509_pm_new(X509 *x);
+void x509_pm_free(X509 *x);
+int x509_pm_load(X509 *x, const unsigned char *buffer, int len);
+void x509_pm_unload(X509 *x);
+void x509_pm_start_ca(X509 *x);
 
-void* pkey_pm_new(void);
-void pkey_pm_free(void *pm);
-int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len);
-void pkey_pm_unload_crt(void *pm);
+int pkey_pm_new(EVP_PKEY *pkey);
+void pkey_pm_free(EVP_PKEY *pkey);
+int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len);
+void pkey_pm_unload(EVP_PKEY *pkey);
 
 #endif

components/openssl/include/platform/ssl_port.h

@@ -1,17 +1,16 @@
-/* Copyright 2015-2016 Espressif Systems (Wuxi) PTE LTD
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 #ifndef _SSL_PORT_H_
 #define _SSL_PORT_H_

components/openssl/library/ssl_cert.c

@@ -1,29 +1,68 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #include "ssl_cert.h"
+#include "ssl_pkey.h"
+#include "ssl_x509.h"
 #include "ssl_dbg.h"
-#include "ssl_pm.h"
+#include "ssl_port.h"
 
+/*
+ * ssl_cert_new - create a certification object include private key object
+ *
+ * @param none
+ *
+ * @return certification object point or NULL if failed
+ */
 CERT *ssl_cert_new(void)
 {
-    return ssl_zalloc(sizeof(CERT));
-}
+    CERT *cert;
 
-void ssl_cert_free(CERT *c)
-{
-    if (c->x509)
-        X509_free(c->x509);
+    cert = ssl_zalloc(sizeof(CERT));
+    if (!cert)
+        SSL_RET(failed1, "ssl_zalloc\n");
 
-    if (c->pkey)
-        EVP_PKEY_free(c->pkey);
+    cert->pkey = EVP_PKEY_new();
+    if (!cert->pkey)
+        SSL_RET(failed2, "EVP_PKEY_new\n");
 
-    ssl_free(c);
+    cert->x509 = sk_X509_NAME_new_null();
+    if (!cert->x509)
+        SSL_RET(failed3, "sk_X509_NAME_new_null\n");
+
+    return cert;
+
+failed3:
+    EVP_PKEY_free(cert->pkey);
+failed2:
+    ssl_free(cert);
+failed1:
+    return NULL;
 }
 
-int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
+/*
+ * ssl_cert_free - free a certification object
+ *
+ * @param c - certification object point
+ *
+ * @return none
+ */
+void ssl_cert_free(CERT *c)
 {
-    SSL_ASSERT(ctx);
-    SSL_ASSERT(x);
+    X509_free(c->x509);
 
-    ctx->client_CA = x;
+    EVP_PKEY_free(c->pkey);
 
-    return 1;
+    ssl_free(c);
 }

components/openssl/library/ssl_lib.c

@@ -1,11 +1,35 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #include "ssl_lib.h"
 #include "ssl_pkey.h"
+#include "ssl_x509.h"
 #include "ssl_cert.h"
 #include "ssl_dbg.h"
-#include "ssl_pm.h"
+#include "ssl_port.h"
 
 #define SSL_SEND_DATA_MAX_LENGTH 1460
 
+/*
+ * ossl_statem_in_error - Discover whether the current connection is in the error state
+ *
+ * @param ssl - SSL point
+ *
+ * @return
+ *         1 : Yes
+ *         0 : no
+ */
 int ossl_statem_in_error(const SSL *ssl)
 {
     if (ssl->statem.state == MSG_FLOW_ERROR)
@@ -23,7 +47,7 @@ int ossl_statem_in_error(const SSL *ssl)
  */
 int SSL_want(const SSL *ssl)
 {
-    return 0;
+    return ssl->rwstate;
 }
 
 /*
@@ -131,7 +155,7 @@ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
 
     SSL_ASSERT(ssl);
 
-    state = ssl->method->func->ssl_get_state(ssl);
+    state = SSL_METHOD_CALL(get_state, ssl);
 
     return state;
 }
@@ -154,15 +178,15 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method)
 
     client_ca = sk_X509_NAME_new_null();
     if (!client_ca)
-        SSL_ERR(-2, go_failed1, "ssl_ctx_new:ctx:[%d]\n", ret);
+        SSL_ERR(-2, go_failed1, "sk_X509_NAME_new_null\n");
 
     cert = ssl_cert_new();
     if (!cert)
-        SSL_ERR(-2, go_failed2, "ssl_ctx_new:ctx:[%d]\n", ret);
+        SSL_ERR(-2, go_failed2, "ssl_cert_new\n");
 
     ctx = (SSL_CTX *)ssl_zalloc(sizeof(SSL_CTX));
     if (!ctx)
-        SSL_ERR(-2, go_failed3, "ssl_ctx_new:ctx:[%d]\n", ret);
+        SSL_ERR(-2, go_failed3, "ssl_ctx_new:ctx\n");
 
     ctx->method = method;
     ctx->cert = cert;
@@ -215,6 +239,8 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
 
     ctx->method = meth;
 
+    ctx->version = meth->version;
+
     return 1;
 }
 
@@ -258,10 +284,12 @@ SSL *SSL_new(SSL_CTX *ctx)
     ssl->version = ctx->version;
     ssl->options = ctx->options;
 
-    ret = ssl->method->func->ssl_new(ssl);
+    ret = SSL_METHOD_CALL(new, ssl);
     if (ret)
         SSL_RET(failed2, "ssl_new\n");
 
+    ssl->rwstate = SSL_NOTHING;
+
     return ssl;
 
 failed2:
@@ -281,7 +309,7 @@ void SSL_free(SSL *ssl)
 {
     SSL_ASSERT(ssl);
 
-    ssl->method->func->ssl_free(ssl);
+    SSL_METHOD_CALL(free, ssl);
 
     ssl_free(ssl);
 }
@@ -302,7 +330,7 @@ int SSL_do_handshake(SSL *ssl)
 
     SSL_ASSERT(ssl);
 
-    ret = ssl->method->func->ssl_handshake(ssl);
+    ret = SSL_METHOD_CALL(handshake, ssl);
 
     return ret;
 }
@@ -357,7 +385,7 @@ int SSL_shutdown(SSL *ssl)
 
     if (SSL_get_state(ssl) != TLS_ST_OK) return 0;
 
-    ret = ssl->method->func->ssl_shutdown(ssl);
+    ret = SSL_METHOD_CALL(shutdown, ssl);
 
     return ret;
 }
@@ -381,9 +409,9 @@ int SSL_clear(SSL *ssl)
     if (1 != ret)
         SSL_ERR(0, go_failed1, "SSL_shutdown\n");
 
-    ssl->method->func->ssl_free(ssl);
+    SSL_METHOD_CALL(free, ssl);
 
-    ret = ssl->method->func->ssl_new(ssl);
+    ret = SSL_METHOD_CALL(new, ssl);
     if (!ret)
         SSL_ERR(0, go_failed1, "ssl_new\n");
 
@@ -413,7 +441,11 @@ int SSL_read(SSL *ssl, void *buffer, int len)
     SSL_ASSERT(buffer);
     SSL_ASSERT(len);
 
-    ret = ssl->method->func->ssl_read(ssl, buffer, len);
+    ssl->rwstate = SSL_READING;
+
+    ret = SSL_METHOD_CALL(read, ssl, buffer, len);
+
+    ssl->rwstate = SSL_NOTHING;
 
     return ret;
 }
@@ -440,6 +472,8 @@ int SSL_write(SSL *ssl, const void *buffer, int len)
     SSL_ASSERT(buffer);
     SSL_ASSERT(len);
 
+    ssl->rwstate = SSL_WRITING;
+
     send_bytes = len;
     pbuf = (const unsigned char *)buffer;
 
@@ -451,13 +485,15 @@ int SSL_write(SSL *ssl, const void *buffer, int len)
         else
             bytes = send_bytes;
 
-        ret = ssl->method->func->ssl_send(ssl, buffer, len);
+        ret = SSL_METHOD_CALL(send, ssl, buffer, len);
         if (ret > 0) {
             pbuf += ret;
             send_bytes -= ret;
         }
     } while (ret > 0 && send_bytes);
 
+    ssl->rwstate = SSL_NOTHING;
+
     send_bytes = len - send_bytes;
     if (send_bytes >= 0)
         ret = send_bytes;
@@ -518,11 +554,11 @@ int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method)
         if (1 != ret)
             SSL_ERR(0, go_failed1, "SSL_shutdown\n");
 
-        ssl->method->func->ssl_free(ssl);
+        SSL_METHOD_CALL(free, ssl);
 
         ssl->method = method;
 
-        ret = ssl->method->func->ssl_new(ssl);
+        ret = SSL_METHOD_CALL(new, ssl);
         if (!ret)
             SSL_ERR(0, go_failed1, "ssl_new\n");
     } else {
@@ -579,7 +615,7 @@ int SSL_pending(const SSL *ssl)
 
     SSL_ASSERT(ssl);
 
-    ret = ssl->method->func->ssl_pending(ssl);
+    ret = SSL_METHOD_CALL(pending, ssl);
 
     return ret;
 }
@@ -705,7 +741,7 @@ int SSL_get_fd(const SSL *ssl)
 
     SSL_ASSERT(ssl);
 
-    ret = ssl->method->func->ssl_get_fd(ssl, 0);
+    ret = SSL_METHOD_CALL(get_fd, ssl, 0);
 
     return ret;
 }
@@ -725,7 +761,7 @@ int SSL_get_rfd(const SSL *ssl)
 
     SSL_ASSERT(ssl);
 
-    ret = ssl->method->func->ssl_get_fd(ssl, 0);
+    ret = SSL_METHOD_CALL(get_fd, ssl, 0);
 
     return ret;
 }
@@ -745,7 +781,7 @@ int SSL_get_wfd(const SSL *ssl)
 
     SSL_ASSERT(ssl);
 
-    ret = ssl->method->func->ssl_get_fd(ssl, 0);
+    ret = SSL_METHOD_CALL(get_fd, ssl, 0);
 
     return ret;
 }
@@ -767,7 +803,7 @@ int SSL_set_fd(SSL *ssl, int fd)
     SSL_ASSERT(ssl);
     SSL_ASSERT(fd >= 0);
 
-    ssl->method->func->ssl_set_fd(ssl, fd, 0);
+    SSL_METHOD_CALL(set_fd, ssl, fd, 0);
 
     return 1;
 }
@@ -789,7 +825,7 @@ int SSL_set_rfd(SSL *ssl, int fd)
     SSL_ASSERT(ssl);
     SSL_ASSERT(fd >= 0);
 
-    ssl->method->func->ssl_set_fd(ssl, fd, 0);
+    SSL_METHOD_CALL(set_fd, ssl, fd, 0);
 
     return 1;
 }
@@ -811,7 +847,7 @@ int SSL_set_wfd(SSL *ssl, int fd)
     SSL_ASSERT(ssl);
     SSL_ASSERT(fd >= 0);
 
-    ssl->method->func->ssl_set_fd(ssl, fd, 0);
+    SSL_METHOD_CALL(set_fd, ssl, fd, 0);
 
     return 1;
 }
@@ -1451,7 +1487,7 @@ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
     SSL_ASSERT(ctx);
     SSL_ASSERT(len);
 
-    ctx->method->func->ssl_set_bufflen(NULL, len);
+    ctx->read_buffer_len = len;
 }
 
 /*
@@ -1467,7 +1503,7 @@ void SSL_set_default_read_buffer_len(SSL *ssl, size_t len)
     SSL_ASSERT(ssl);
     SSL_ASSERT(len);
 
-    ssl->method->func->ssl_set_bufflen(ssl, len);
+    SSL_METHOD_CALL(set_bufflen, ssl, len);
 }
 
 /*
@@ -1688,3 +1724,18 @@ long SSL_set_timeout(SSL *ssl, long t)
 
     return t;
 }
+
+/*
+ * SSL_set_verify - set the SSL verifying of the SSL context
+ *
+ * @param ctx             - SSL point
+ * @param mode            - verifying mode
+ * @param verify_callback - verifying callback function
+ *
+ * @return none
+ */
+void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *))
+{
+    SSL_ASSERT(ssl);
+    SSL_ASSERT(verify_callback);
+}

components/openssl/library/ssl_methods.c

@@ -1,7 +1,24 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #include "ssl_lib.h"
 #include "ssl_methods.h"
 #include "ssl_pm.h"
 
+/*
+ * TLS method function collection
+ */
 IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func,
         ssl_pm_new, ssl_pm_free,
         ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear,
@@ -10,6 +27,9 @@ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func,
         ssl_pm_set_bufflen,
         ssl_pm_get_state);
 
+/*
+ * TLS or SSL client method collection
+ */
 IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method);
 
 IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method);
@@ -20,7 +40,9 @@ IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method);
 
 IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method);
 
-
+/*
+ * TLS or SSL server method collection
+ */
 IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method);
 
 IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method);
@@ -31,7 +53,9 @@ IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_server_method);
 
 IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method);
 
-
+/*
+ * TLS or SSL method collection
+ */
 IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method);
 
 IMPLEMENT_SSL_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method);
@@ -41,3 +65,17 @@ IMPLEMENT_SSL_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method);
 IMPLEMENT_SSL_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method);
 
 IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method);
+
+/*
+ * X509 certification method collection
+ */
+IMPLEMENT_X509_METHOD(X509_method,
+            x509_pm_new, x509_pm_free,
+            x509_pm_load, x509_pm_unload);
+
+/*
+ * private key method collection
+ */
+IMPLEMENT_PKEY_METHOD(EVP_PKEY_method,
+            pkey_pm_new, pkey_pm_free,
+            pkey_pm_load, pkey_pm_unload);

components/openssl/library/ssl_pkey.c

@@ -1,50 +1,109 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #include "ssl_lib.h"
 #include "ssl_pkey.h"
+#include "ssl_methods.h"
 #include "ssl_dbg.h"
-#include "ssl_pm.h"
+#include "ssl_port.h"
+
+/*
+ * EVP_PKEY_new - create a private key object
+ *
+ * @param none
+ *
+ * @return private key object point or NULL if failed
+ */
+EVP_PKEY* EVP_PKEY_new(void)
+{
+    int ret;
+    EVP_PKEY *pkey;
+
+    pkey = ssl_malloc(sizeof(EVP_PKEY));
+    if (!pkey)
+        SSL_RET(failed1, "ssl_malloc\n");
+
+    pkey->method = EVP_PKEY_method();
+
+    ret = EVP_PKEY_METHOD_CALL(new, pkey);
+    if (ret)
+        SSL_RET(failed2, "pkey_new\n");
+
+    return pkey;
+
+failed2:
+    ssl_free(pkey);
+failed1:
+    return NULL;
+}
+
+/*
+ * EVP_PKEY_free - free a private key object
+ *
+ * @param pkey - private key object point
+ *
+ * @return none
+ */
+void EVP_PKEY_free(EVP_PKEY *pkey)
+{
+    EVP_PKEY_METHOD_CALL(free, pkey);
 
+    ssl_free(pkey);
+}
+
+/*
+ * d2i_PrivateKey - load a character key context into system context. If '*a' is pointed to the
+ *                  private key, then load key into it. Or create a new private key object
+ *
+ * @param type   - private key type
+ * @param a      - a point pointed to a private key point
+ * @param pp     - a point pointed to the key context memory point
+ * @param length - key bytes
+ *
+ * @return private key object point or NULL if failed
+ */
 EVP_PKEY *d2i_PrivateKey(int type,
                          EVP_PKEY **a,
                          const unsigned char **pp,
                          long length)
 {
-    EVP_PKEY *pkey;
-    void *pkey_pm;
     int ret;
+    EVP_PKEY *pkey;
 
     SSL_ASSERT(pp);
     SSL_ASSERT(*pp);
     SSL_ASSERT(length);
 
-    pkey = ssl_malloc(sizeof(EVP_PKEY));
-    if (!pkey)
-        SSL_RET(failed1, "ssl_malloc\n");
-
-    pkey_pm = pkey_pm_new();
-    if (!pkey_pm)
-        SSL_RET(failed2, "pkey_pm_new\n");
+    if (a && *a) {
+        pkey = *a;
+    } else {
+        pkey = EVP_PKEY_new();;
+        if (!pkey)
+            SSL_RET(failed1, "ssl_malloc\n");
+    }
 
-    ret = pkey_pm_load_crt(pkey_pm, *pp, length);
+    ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length);
     if (ret)
-        SSL_RET(failed3, "pkey_pm_load_crt\n");
+        SSL_RET(failed2, "pkey_pm_load_crt\n");
 
-    pkey->pkey_pm = pkey_pm;
     if (a)
         *a = pkey;
 
     return pkey;
 
-failed3:
-    pkey_pm_free(pkey_pm);
 failed2:
-    ssl_free(pkey);
+    EVP_PKEY_free(pkey);
 failed1:
     return NULL;
 }
-
-void EVP_PKEY_free(EVP_PKEY *x)
-{
-    pkey_pm_unload_crt(x->pkey_pm);
-    pkey_pm_free(x->pkey_pm);
-    ssl_free(x);
-}

components/openssl/library/ssl_rsa.c

@@ -1,10 +1,33 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #include "ssl_lib.h"
 #include "ssl_rsa.h"
 #include "ssl_pkey.h"
 #include "ssl_x509.h"
 #include "ssl_dbg.h"
-#include "ssl_pm.h"
 
+/*
+ * SSL_CTX_use_certificate - set the SSL context certification
+ *
+ * @param ctx - SSL context point
+ * @param x   - X509 certification point
+ *
+ * @return
+ *         1 : OK
+ *         0 : failed
+ */
 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
 {
     SSL_ASSERT(ctx);
@@ -15,13 +38,24 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
     return 1;
 }
 
+/*
+ * SSL_CTX_use_certificate_ASN1 - load certification into the SSL context
+ *
+ * @param ctx - SSL context point
+ * @param len - certification context bytes
+ * @param d   - certification context point
+ *
+ * @return
+ *         1 : OK
+ *         0 : failed
+ */
 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
                                  const unsigned char *d)
 {
     int ret;
     X509 *cert;
 
-    cert = d2i_X509(NULL, d, len);
+    cert = d2i_X509(&ctx->cert->x509, d, len);
     if (!cert)
         SSL_RET(failed1, "d2i_X509\n");
 
@@ -37,6 +71,16 @@ failed1:
     return 0;
 }
 
+/*
+ * SSL_CTX_use_certificate - set the SSL context private key
+ *
+ * @param ctx - SSL context point
+ * @param x   - private key point
+ *
+ * @return
+ *         1 : OK
+ *         0 : failed
+ */
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
 {
     SSL_ASSERT(ctx);
@@ -47,13 +91,25 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
     return 1;
 }
 
+/*
+ * SSL_CTX_use_PrivateKey_ASN1 - load private key into the SSL context
+ *
+ * @param type - private key type
+ * @param ctx  - SSL context point
+ * @param d    - private key context point
+ * @param len  - private key context bytes
+ *
+ * @return
+ *         1 : OK
+ *         0 : failed
+ */
 int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
                                 const unsigned char *d, long len)
 {
     int ret;
     EVP_PKEY *pkey;
 
-    pkey = d2i_PrivateKey(0, NULL, &d, len);
+    pkey = d2i_PrivateKey(0, &ctx->cert->pkey, &d, len);
     if (!pkey)
         SSL_RET(failed1, "d2i_PrivateKey\n");
 
@@ -68,3 +124,23 @@ failed2:
 failed1:
     return 0;
 }
+
+/*
+ * SSL_CTX_add_client_CA - set SSL context client CA certification
+ *
+ * @param ctx - SSL context point
+ * @param x   - client CA certification point
+ *
+ * @return
+ *         1 : OK
+ *         0 : failed
+ */
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
+{
+    SSL_ASSERT(ctx);
+    SSL_ASSERT(x);
+
+    ctx->client_CA = x;
+
+    return 1;
+}

components/openssl/library/ssl_x509.c

@@ -1,54 +1,100 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #include "ssl_x509.h"
+#include "ssl_methods.h"
 #include "ssl_dbg.h"
-#include "ssl_pm.h"
+#include "ssl_port.h"
 
+/*
+ * sk_X509_NAME_new_null - create a X509 certification object
+ *
+ * @param none
+ *
+ * @return X509 certification object point or NULL if failed
+ */
 X509* sk_X509_NAME_new_null(void)
 {
-    return ssl_malloc(sizeof(X509));
+    int ret;
+    X509 *x;
+
+    x = ssl_malloc(sizeof(X509));
+    if (!x)
+        SSL_RET(failed1, "ssl_malloc\n");
+
+    x->method = X509_method();
+
+    ret = x->method->x509_new(x);
+    if (ret)
+        SSL_RET(failed2, "x509_new\n");
+
+    return x;
+
+failed2:
+    ssl_free(x);
+failed1:
+    return NULL;
 }
 
+/*
+ * X509_free - free a X509 certification object
+ *
+ * @param x - X509 certification object point
+ *
+ * @return none
+ */
+void X509_free(X509 *x)
+{
+    X509_METHOD_CALL(free, x);
+
+    ssl_free(x);
+};
+
+/*
+ * d2i_X509 - load a character certification context into system context. If '*cert' is pointed to the
+ *            certification, then load certification into it. Or create a new X509 certification object
+ *
+ * @param cert   - a point pointed to X509 certification
+ * @param buffer - a point pointed to the certification context memory point
+ * @param length - certification bytes
+ *
+ * @return X509 certification object point or NULL if failed
+ */
 X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
 {
-    X509 *x509_crt;
-    void *x509_pm;
     int ret;
+    X509 *x;
 
-    SSL_ASSERT(cert);
     SSL_ASSERT(buffer);
     SSL_ASSERT(len);
 
-    x509_crt = sk_X509_NAME_new_null();
-    if (!x509_crt)
-        SSL_RET(failed1, "");
-
-    x509_pm = x509_pm_new();
-    if (!x509_pm)
-        SSL_RET(failed2, "");
+    if (cert && *cert) {
+        x = *cert;
+    } else {
+        x = sk_X509_NAME_new_null();
+        if (!x)
+            SSL_RET(failed1, "sk_X509_NAME_new_null\n");
+    }
 
-    ret = x509_pm_load_crt(x509_pm, buffer, len);
+    ret = X509_METHOD_CALL(load, x, buffer, len);
     if (ret)
-        SSL_RET(failed3, "");
+        SSL_RET(failed2, "x509_load\n");
 
-    x509_crt->x509_pm = x509_pm;
-    if (cert)
-        *cert = x509_crt;
+    return x;
 
-    return x509_crt;
-
-failed3:
-    x509_pm_free(x509_pm);
 failed2:
-    ssl_free(x509_crt);
+    X509_free(x);
 failed1:
     return NULL;
 }
-
-void X509_free(X509 *cert)
-{
-    if (cert->x509_pm) {
-        x509_pm_unload_crt(cert->x509_pm);
-        x509_pm_free(cert->x509_pm);
-    }
-    ssl_free(cert);
-};
-

components/openssl/platform/ssl_pm.c

@@ -1,4 +1,19 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #include "ssl_pm.h"
+#include "ssl_port.h"
 #include "ssl_dbg.h"
 
 #include <string.h>
@@ -30,11 +45,15 @@ struct ssl_pm
 
 struct x509_pm
 {
+    int load;
+
     mbedtls_x509_crt x509_crt;
 };
 
 struct pkey_pm
 {
+    int load;
+
     mbedtls_pk_context pkey;
 };
 
@@ -42,44 +61,6 @@ struct pkey_pm
 unsigned int max_content_len;
 
 
-/*********************************************************************************************/
-/********************************* SSL general interface *************************************/
-
-void* ssl_zalloc(size_t size)
-{
-    void *p = malloc(size);
-
-    if (p)
-        memset(p, 0, size);
-
-    return p;
-}
-
-void *ssl_malloc(size_t size)
-{
-    return ssl_zalloc(size);
-}
-
-void ssl_free(void *p)
-{
-    free(p);
-}
-
-void* ssl_memcpy(void *to, const void *from, size_t size)
-{
-    return memcpy(to, from, size);
-}
-
-void ssl_speed_up_enter(void)
-{
-
-}
-
-void ssl_speed_up_exit(void)
-{
-
-}
-
 /*********************************************************************************************/
 /************************************ SSL arch interface *************************************/
 
@@ -90,13 +71,18 @@ int ssl_pm_new(SSL *ssl)
 
     char *pers;
     int endpoint;
+    int mode;
+    int version;
 
     SSL_CTX *ctx = ssl->ctx;
     const SSL_METHOD *method = ssl->method;
 
-    ssl_pm = malloc(sizeof(struct ssl_pm));
+    struct x509_pm *x509_pm;
+    struct pkey_pm *pkey_pm;
+
+    ssl_pm = ssl_malloc(sizeof(struct ssl_pm));
     if (!ssl_pm)
-        return -1;
+        SSL_ERR(ret, failed1, "ssl_malloc\n");
 
     if (method->endpoint) {
         pers = "server";
@@ -124,21 +110,34 @@ int ssl_pm_new(SSL *ssl)
     if (ret)
         SSL_ERR(ret, failed2, "mbedtls_ssl_config_defaults:[-0x%x]\n", -ret);
 
+    if (TLS1_2_VERSION == ssl->version)
+        version = MBEDTLS_SSL_MINOR_VERSION_3;
+    else if (TLS1_1_VERSION == ssl->version)
+        version = MBEDTLS_SSL_MINOR_VERSION_2;
+    else if (TLS1_VERSION == ssl->version)
+        version = MBEDTLS_SSL_MINOR_VERSION_1;
+    else
+        version = MBEDTLS_SSL_MINOR_VERSION_0;
+
+    mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version);
+
     mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg);
+
     mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL);
 
-    if (ctx->client_CA->x509_pm) {
-        struct x509_pm *x509_pm = (struct x509_pm *)ctx->client_CA->x509_pm;
+    x509_pm = (struct x509_pm *)ctx->client_CA->x509_pm;
+    if (x509_pm->load) {
+        mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL);
 
-         mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL);
-         mbedtls_ssl_conf_authmode(&ssl_pm->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+        mode = MBEDTLS_SSL_VERIFY_REQUIRED;
     } else {
-        mbedtls_ssl_conf_authmode(&ssl_pm->conf, MBEDTLS_SSL_VERIFY_NONE);
+        mode = MBEDTLS_SSL_VERIFY_NONE;
     }
-    if (ctx->cert->x509 &&
-        ctx->cert->pkey) {
-        struct x509_pm *x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm;
-        struct pkey_pm *pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm;
+    mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode);
+
+    pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm;
+    if (pkey_pm->load) {
+        x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm;
 
         ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey);
         if (ret)
@@ -332,21 +331,24 @@ OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl)
     return state;
 }
 
-void* x509_pm_new(void)
+int x509_pm_new(X509 *x)
 {
-    return ssl_malloc(sizeof(struct x509_pm));
-}
+    struct x509_pm *x509_pm;
 
-void x509_pm_free(void *pm)
-{
-    ssl_free(pm);
+    x509_pm = ssl_malloc(sizeof(struct x509_pm));
+    if (!x509_pm)
+        return -1;
+
+    x->x509_pm = x509_pm;
+
+    return 0;
 }
 
-int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len)
+int x509_pm_load(X509 *x, const unsigned char *buffer, int len)
 {
     int ret;
     unsigned char *load_buf;
-    struct x509_pm *x509_pm = (struct x509_pm *)pm;
+    struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm;
 
     load_buf = ssl_malloc(len + 1);
     if (!load_buf)
@@ -362,34 +364,48 @@ int x509_pm_load_crt(void *pm, const unsigned char *buffer, int len)
     if (ret)
         SSL_RET(failed1, "");
 
+    x509_pm->load = 1;
+
     return 0;
 
 failed1:
     return -1;
 }
 
-void x509_pm_unload_crt(void *pm)
+void x509_pm_unload(X509 *x)
 {
-    struct x509_pm *x509_pm = (struct x509_pm *)pm;
+    struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm;
 
     mbedtls_x509_crt_free(&x509_pm->x509_crt);
+
+    x509_pm->load = 0;
 }
 
-void* pkey_pm_new(void)
+void x509_pm_free(X509 *x)
 {
-    return ssl_malloc(sizeof(struct pkey_pm));
+    x509_pm_unload(x);
+
+    ssl_free(x->x509_pm);
 }
 
-void pkey_pm_free(void *pm)
+int pkey_pm_new(EVP_PKEY *pkey)
 {
-    ssl_free(pm);
+    struct pkey_pm *pkey_pm;
+
+    pkey_pm = ssl_malloc(sizeof(struct pkey_pm));
+    if (!pkey_pm)
+        return -1;
+
+    pkey->pkey_pm = pkey_pm;
+
+    return 0;
 }
 
-int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len)
+int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len)
 {
     int ret;
     unsigned char *load_buf;
-    struct pkey_pm *pkey_pm = (struct pkey_pm *)pm;
+    struct pkey_pm *pkey_pm = (struct pkey_pm *)pkey->pkey_pm;
 
     load_buf = ssl_malloc(len + 1);
     if (!load_buf)
@@ -405,17 +421,28 @@ int pkey_pm_load_crt(void *pm, const unsigned char *buffer, int len)
     if (ret)
         SSL_RET(failed1, "");
 
+    pkey_pm->load = 1;
+
     return 0;
 
 failed1:
     return -1;
 }
 
-void pkey_pm_unload_crt(void *pm)
+void pkey_pm_unload(EVP_PKEY *pkey)
 {
-    struct pkey_pm *pkey_pm = (struct pkey_pm *)pm;
+    struct pkey_pm *pkey_pm = (struct pkey_pm *)pkey->pkey_pm;
 
     mbedtls_pk_free(&pkey_pm->pkey);
+
+    pkey_pm->load = 0;
+}
+
+void pkey_pm_free(EVP_PKEY *pkey)
+{
+    pkey_pm_unload(pkey);
+
+    ssl_free(pkey->pkey_pm);
 }
 
 void ssl_pm_set_bufflen(SSL *ssl, int len)

components/openssl/platform/ssl_port.c

@@ -1,17 +1,16 @@
-/* Copyright 2015-2016 Espressif Systems (Wuxi) PTE LTD
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 #include <string.h>
 #include "ssl_port.h"