summaryrefslogtreecommitdiff
path: root/thirdparty/libwebsockets/mbedtls_wrapper/library
diff options
context:
space:
mode:
Diffstat (limited to 'thirdparty/libwebsockets/mbedtls_wrapper/library')
-rw-r--r--thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_cert.c87
-rw-r--r--thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_lib.c1679
-rw-r--r--thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_methods.c81
-rw-r--r--thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_pkey.c239
-rw-r--r--thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_stack.c74
-rw-r--r--thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_x509.c330
6 files changed, 2490 insertions, 0 deletions
diff --git a/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_cert.c b/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_cert.c
new file mode 100644
index 0000000000..5c608125ac
--- /dev/null
+++ b/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_cert.c
@@ -0,0 +1,87 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "ssl_cert.h"
+#include "ssl_pkey.h"
+#include "ssl_x509.h"
+#include "ssl_dbg.h"
+#include "ssl_port.h"
+
+/**
+ * @brief create a certification object according to input certification
+ */
+CERT *__ssl_cert_new(CERT *ic)
+{
+ CERT *cert;
+
+ X509 *ix;
+ EVP_PKEY *ipk;
+
+ cert = ssl_mem_zalloc(sizeof(CERT));
+ if (!cert) {
+ SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "no enough memory > (cert)");
+ goto no_mem;
+ }
+
+ if (ic) {
+ ipk = ic->pkey;
+ ix = ic->x509;
+ } else {
+ ipk = NULL;
+ ix = NULL;
+ }
+
+ cert->pkey = __EVP_PKEY_new(ipk);
+ if (!cert->pkey) {
+ SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__EVP_PKEY_new() return NULL");
+ goto pkey_err;
+ }
+
+ cert->x509 = __X509_new(ix);
+ if (!cert->x509) {
+ SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__X509_new() return NULL");
+ goto x509_err;
+ }
+
+ return cert;
+
+x509_err:
+ EVP_PKEY_free(cert->pkey);
+pkey_err:
+ ssl_mem_free(cert);
+no_mem:
+ return NULL;
+}
+
+/**
+ * @brief create a certification object include private key object
+ */
+CERT *ssl_cert_new(void)
+{
+ return __ssl_cert_new(NULL);
+}
+
+/**
+ * @brief free a certification object
+ */
+void ssl_cert_free(CERT *cert)
+{
+ SSL_ASSERT3(cert);
+
+ X509_free(cert->x509);
+
+ EVP_PKEY_free(cert->pkey);
+
+ ssl_mem_free(cert);
+}
diff --git a/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_lib.c b/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_lib.c
new file mode 100644
index 0000000000..d8fdd06fad
--- /dev/null
+++ b/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_lib.c
@@ -0,0 +1,1679 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "ssl_lib.h"
+#include "ssl_pkey.h"
+#include "ssl_x509.h"
+#include "ssl_cert.h"
+#include "ssl_dbg.h"
+#include "ssl_port.h"
+
+#define SSL_SEND_DATA_MAX_LENGTH 1460
+
+/**
+ * @brief create a new SSL session object
+ */
+static SSL_SESSION* SSL_SESSION_new(void)
+{
+ SSL_SESSION *session;
+
+ session = ssl_mem_zalloc(sizeof(SSL_SESSION));
+ if (!session) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (session)");
+ goto failed1;
+ }
+
+ session->peer = X509_new();
+ if (!session->peer) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL");
+ goto failed2;
+ }
+
+ return session;
+
+failed2:
+ ssl_mem_free(session);
+failed1:
+ return NULL;
+}
+
+/**
+ * @brief free a new SSL session object
+ */
+static void SSL_SESSION_free(SSL_SESSION *session)
+{
+ X509_free(session->peer);
+ ssl_mem_free(session);
+}
+
+/**
+ * @brief Discover whether the current connection is in the error state
+ */
+int ossl_statem_in_error(const SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ if (ssl->statem.state == MSG_FLOW_ERROR)
+ return 1;
+
+ return 0;
+}
+
+/**
+ * @brief get the SSL specifical statement
+ */
+int SSL_want(const SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ return ssl->rwstate;
+}
+
+/**
+ * @brief check if SSL want nothing
+ */
+int SSL_want_nothing(const SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ if (ssl->err)
+ return 1;
+
+ return (SSL_want(ssl) == SSL_NOTHING);
+}
+
+/**
+ * @brief check if SSL want to read
+ */
+int SSL_want_read(const SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ if (ssl->err)
+ return 0;
+
+ return (SSL_want(ssl) == SSL_READING);
+}
+
+/**
+ * @brief check if SSL want to write
+ */
+int SSL_want_write(const SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ if (ssl->err)
+ return 0;
+
+ return (SSL_want(ssl) == SSL_WRITING);
+}
+
+/**
+ * @brief check if SSL want to lookup X509 certification
+ */
+int SSL_want_x509_lookup(const SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ return (SSL_want(ssl) == SSL_WRITING);
+}
+
+/**
+ * @brief get SSL error code
+ */
+int SSL_get_error(const SSL *ssl, int ret_code)
+{
+ int ret = SSL_ERROR_SYSCALL;
+
+ SSL_ASSERT1(ssl);
+
+ if (ret_code > 0)
+ ret = SSL_ERROR_NONE;
+ else if (ret_code < 0)
+ {
+ if (ssl->err == SSL_ERROR_WANT_READ || SSL_want_read(ssl))
+ ret = SSL_ERROR_WANT_READ;
+ else if (ssl->err == SSL_ERROR_WANT_WRITE || SSL_want_write(ssl))
+ ret = SSL_ERROR_WANT_WRITE;
+ else
+ ret = SSL_ERROR_SYSCALL; //unknown
+ }
+ else // ret_code == 0
+ {
+ if (ssl->shutdown & SSL_RECEIVED_SHUTDOWN)
+ ret = SSL_ERROR_ZERO_RETURN;
+ else
+ ret = SSL_ERROR_SYSCALL;
+ }
+
+ return ret;
+}
+
+/**
+ * @brief get the SSL state
+ */
+OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
+{
+ OSSL_HANDSHAKE_STATE state;
+
+ SSL_ASSERT1(ssl);
+
+ state = SSL_METHOD_CALL(get_state, ssl);
+
+ return state;
+}
+
+/**
+ * @brief create a SSL context
+ */
+SSL_CTX* SSL_CTX_new(const SSL_METHOD *method)
+{
+ SSL_CTX *ctx;
+ CERT *cert;
+ X509 *client_ca;
+
+ if (!method) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no no_method");
+ return NULL;
+ }
+
+ client_ca = X509_new();
+ if (!client_ca) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL");
+ goto failed1;
+ }
+
+ cert = ssl_cert_new();
+ if (!cert) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "ssl_cert_new() return NULL");
+ goto failed2;
+ }
+
+ ctx = (SSL_CTX *)ssl_mem_zalloc(sizeof(SSL_CTX));
+ if (!ctx) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ctx)");
+ goto failed3;
+ }
+
+ ctx->method = method;
+ ctx->client_CA = client_ca;
+ ctx->cert = cert;
+
+ ctx->version = method->version;
+
+ return ctx;
+
+failed3:
+ ssl_cert_free(cert);
+failed2:
+ X509_free(client_ca);
+failed1:
+ return NULL;
+}
+
+/**
+ * @brief free a SSL context
+ */
+void SSL_CTX_free(SSL_CTX* ctx)
+{
+ SSL_ASSERT3(ctx);
+
+ ssl_cert_free(ctx->cert);
+
+ X509_free(ctx->client_CA);
+
+ if (ctx->alpn_protos)
+ ssl_mem_free(ctx->alpn_protos);
+
+ ssl_mem_free(ctx);
+}
+
+/**
+ * @brief set the SSL context version
+ */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
+{
+ SSL_ASSERT1(ctx);
+ SSL_ASSERT1(meth);
+
+ ctx->method = meth;
+
+ ctx->version = meth->version;
+
+ return 1;
+}
+
+/**
+ * @brief get the SSL context current method
+ */
+const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
+{
+ SSL_ASSERT2(ctx);
+
+ return ctx->method;
+}
+
+/**
+ * @brief create a SSL
+ */
+SSL *SSL_new(SSL_CTX *ctx)
+{
+ int ret = 0;
+ SSL *ssl;
+
+ if (!ctx) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no ctx");
+ return NULL;
+ }
+
+ ssl = (SSL *)ssl_mem_zalloc(sizeof(SSL));
+ if (!ssl) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ssl)");
+ goto failed1;
+ }
+
+ ssl->session = SSL_SESSION_new();
+ if (!ssl->session) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_SESSION_new() return NULL");
+ goto failed2;
+ }
+
+ ssl->cert = __ssl_cert_new(ctx->cert);
+ if (!ssl->cert) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__ssl_cert_new() return NULL");
+ goto failed3;
+ }
+
+ ssl->client_CA = __X509_new(ctx->client_CA);
+ if (!ssl->client_CA) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__X509_new() return NULL");
+ goto failed4;
+ }
+
+ ssl->ctx = ctx;
+ ssl->method = ctx->method;
+
+ ssl->version = ctx->version;
+ ssl->options = ctx->options;
+
+ ssl->verify_mode = ctx->verify_mode;
+
+ ret = SSL_METHOD_CALL(new, ssl);
+ if (ret) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
+ goto failed5;
+ }
+
+ _ssl_set_alpn_list(ssl);
+
+ ssl->rwstate = SSL_NOTHING;
+
+ return ssl;
+
+failed5:
+ X509_free(ssl->client_CA);
+failed4:
+ ssl_cert_free(ssl->cert);
+failed3:
+ SSL_SESSION_free(ssl->session);
+failed2:
+ ssl_mem_free(ssl);
+failed1:
+ return NULL;
+}
+
+/**
+ * @brief free the SSL
+ */
+void SSL_free(SSL *ssl)
+{
+ SSL_ASSERT3(ssl);
+
+ SSL_METHOD_CALL(free, ssl);
+
+ X509_free(ssl->client_CA);
+
+ ssl_cert_free(ssl->cert);
+
+ SSL_SESSION_free(ssl->session);
+
+ ssl_mem_free(ssl);
+}
+
+/**
+ * @brief perform the SSL handshake
+ */
+int SSL_do_handshake(SSL *ssl)
+{
+ int ret;
+
+ SSL_ASSERT1(ssl);
+
+ ret = SSL_METHOD_CALL(handshake, ssl);
+
+ return ret;
+}
+
+/**
+ * @brief connect to the remote SSL server
+ */
+int SSL_connect(SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ return SSL_do_handshake(ssl);
+}
+
+/**
+ * @brief accept the remote connection
+ */
+int SSL_accept(SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ return SSL_do_handshake(ssl);
+}
+
+/**
+ * @brief shutdown the connection
+ */
+int SSL_shutdown(SSL *ssl)
+{
+ int ret;
+
+ SSL_ASSERT1(ssl);
+
+ if (SSL_get_state(ssl) != TLS_ST_OK) return 1;
+
+ ret = SSL_METHOD_CALL(shutdown, ssl);
+
+ return ret;
+}
+
+/**
+ * @brief reset the SSL
+ */
+int SSL_clear(SSL *ssl)
+{
+ int ret;
+
+ SSL_ASSERT1(ssl);
+
+ ret = SSL_shutdown(ssl);
+ if (1 != ret) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret);
+ goto failed1;
+ }
+
+ SSL_METHOD_CALL(free, ssl);
+
+ ret = SSL_METHOD_CALL(new, ssl);
+ if (!ret) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
+ goto failed1;
+ }
+
+ return 1;
+
+failed1:
+ return ret;
+}
+
+/**
+ * @brief read data from to remote
+ */
+int SSL_read(SSL *ssl, void *buffer, int len)
+{
+ int ret;
+
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(buffer);
+ SSL_ASSERT1(len);
+
+ ssl->rwstate = SSL_READING;
+
+ ret = SSL_METHOD_CALL(read, ssl, buffer, len);
+
+ if (ret == len)
+ ssl->rwstate = SSL_NOTHING;
+
+ return ret;
+}
+
+/**
+ * @brief send the data to remote
+ */
+int SSL_write(SSL *ssl, const void *buffer, int len)
+{
+ int ret;
+ int send_bytes, bytes;
+ const unsigned char *pbuf;
+
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(buffer);
+ SSL_ASSERT1(len);
+
+ ssl->rwstate = SSL_WRITING;
+
+ send_bytes = len;
+ pbuf = (const unsigned char *)buffer;
+
+ do {
+ if (send_bytes > SSL_SEND_DATA_MAX_LENGTH)
+ bytes = SSL_SEND_DATA_MAX_LENGTH;
+ else
+ bytes = send_bytes;
+
+ if (ssl->interrupted_remaining_write) {
+ bytes = ssl->interrupted_remaining_write;
+ ssl->interrupted_remaining_write = 0;
+ }
+
+ ret = SSL_METHOD_CALL(send, ssl, pbuf, bytes);
+ //printf("%s: ssl_pm said %d for %d requested (cum %d)\n", __func__, ret, bytes, len -send_bytes);
+ /* the return is a NEGATIVE OpenSSL error code, or the length sent */
+ if (ret > 0) {
+ pbuf += ret;
+ send_bytes -= ret;
+ } else
+ ssl->interrupted_remaining_write = bytes;
+ } while (ret > 0 && send_bytes && ret == bytes);
+
+ if (ret >= 0) {
+ ret = len - send_bytes;
+ if (!ret)
+ ssl->rwstate = SSL_NOTHING;
+ } else {
+ if (send_bytes == len)
+ ret = -1;
+ else
+ ret = len - send_bytes;
+ }
+
+ return ret;
+}
+
+/**
+ * @brief get SSL context of the SSL
+ */
+SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
+{
+ SSL_ASSERT2(ssl);
+
+ return ssl->ctx;
+}
+
+/**
+ * @brief get the SSL current method
+ */
+const SSL_METHOD *SSL_get_ssl_method(SSL *ssl)
+{
+ SSL_ASSERT2(ssl);
+
+ return ssl->method;
+}
+
+/**
+ * @brief set the SSL method
+ */
+int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method)
+{
+ int ret;
+
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(method);
+
+ if (ssl->version != method->version) {
+
+ ret = SSL_shutdown(ssl);
+ if (1 != ret) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret);
+ goto failed1;
+ }
+
+ SSL_METHOD_CALL(free, ssl);
+
+ ssl->method = method;
+
+ ret = SSL_METHOD_CALL(new, ssl);
+ if (!ret) {
+ SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret);
+ goto failed1;
+ }
+ } else {
+ ssl->method = method;
+ }
+
+
+ return 1;
+
+failed1:
+ return ret;
+}
+
+/**
+ * @brief get SSL shutdown mode
+ */
+int SSL_get_shutdown(const SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ return ssl->shutdown;
+}
+
+/**
+ * @brief set SSL shutdown mode
+ */
+void SSL_set_shutdown(SSL *ssl, int mode)
+{
+ SSL_ASSERT3(ssl);
+
+ ssl->shutdown = mode;
+}
+
+
+/**
+ * @brief get the number of the bytes to be read
+ */
+int SSL_pending(const SSL *ssl)
+{
+ int ret;
+
+ SSL_ASSERT1(ssl);
+
+ ret = SSL_METHOD_CALL(pending, ssl);
+
+ return ret;
+}
+
+/**
+ * @brief check if some data can be read
+ */
+int SSL_has_pending(const SSL *ssl)
+{
+ int ret;
+
+ SSL_ASSERT1(ssl);
+
+ if (SSL_pending(ssl))
+ ret = 1;
+ else
+ ret = 0;
+
+ return ret;
+}
+
+/**
+ * @brief clear the SSL context option bit of "op"
+ */
+unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
+{
+ SSL_ASSERT1(ctx);
+
+ return ctx->options &= ~op;
+}
+
+/**
+ * @brief get the SSL context option
+ */
+unsigned long SSL_CTX_get_options(SSL_CTX *ctx)
+{
+ SSL_ASSERT1(ctx);
+
+ return ctx->options;
+}
+
+/**
+ * @brief set the option of the SSL context
+ */
+unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt)
+{
+ SSL_ASSERT1(ctx);
+
+ return ctx->options |= opt;
+}
+
+/**
+ * @brief clear SSL option
+ */
+unsigned long SSL_clear_options(SSL *ssl, unsigned long op)
+{
+ SSL_ASSERT1(ssl);
+
+ return ssl->options & ~op;
+}
+
+/**
+ * @brief get SSL option
+ */
+unsigned long SSL_get_options(SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ return ssl->options;
+}
+
+/**
+ * @brief clear SSL option
+ */
+unsigned long SSL_set_options(SSL *ssl, unsigned long op)
+{
+ SSL_ASSERT1(ssl);
+
+ return ssl->options |= op;
+}
+
+/**
+ * @brief get the socket handle of the SSL
+ */
+int SSL_get_fd(const SSL *ssl)
+{
+ int ret;
+
+ SSL_ASSERT1(ssl);
+
+ ret = SSL_METHOD_CALL(get_fd, ssl, 0);
+
+ return ret;
+}
+
+/**
+ * @brief get the read only socket handle of the SSL
+ */
+int SSL_get_rfd(const SSL *ssl)
+{
+ int ret;
+
+ SSL_ASSERT1(ssl);
+
+ ret = SSL_METHOD_CALL(get_fd, ssl, 0);
+
+ return ret;
+}
+
+/**
+ * @brief get the write only socket handle of the SSL
+ */
+int SSL_get_wfd(const SSL *ssl)
+{
+ int ret;
+
+ SSL_ASSERT1(ssl);
+
+ ret = SSL_METHOD_CALL(get_fd, ssl, 0);
+
+ return ret;
+}
+
+/**
+ * @brief bind the socket file description into the SSL
+ */
+int SSL_set_fd(SSL *ssl, int fd)
+{
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(fd >= 0);
+
+ SSL_METHOD_CALL(set_fd, ssl, fd, 0);
+
+ return 1;
+}
+
+/**
+ * @brief bind the read only socket file description into the SSL
+ */
+int SSL_set_rfd(SSL *ssl, int fd)
+{
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(fd >= 0);
+
+ SSL_METHOD_CALL(set_fd, ssl, fd, 0);
+
+ return 1;
+}
+
+/**
+ * @brief bind the write only socket file description into the SSL
+ */
+int SSL_set_wfd(SSL *ssl, int fd)
+{
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(fd >= 0);
+
+ SSL_METHOD_CALL(set_fd, ssl, fd, 0);
+
+ return 1;
+}
+
+/**
+ * @brief get SSL version
+ */
+int SSL_version(const SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ return ssl->version;
+}
+
+/**
+ * @brief get the SSL version string
+ */
+static const char* ssl_protocol_to_string(int version)
+{
+ const char *str;
+
+ if (version == TLS1_2_VERSION)
+ str = "TLSv1.2";
+ else if (version == TLS1_1_VERSION)
+ str = "TLSv1.1";
+ else if (version == TLS1_VERSION)
+ str = "TLSv1";
+ else if (version == SSL3_VERSION)
+ str = "SSLv3";
+ else
+ str = "unknown";
+
+ return str;
+}
+
+/**
+ * @brief get the SSL current version
+ */
+const char *SSL_get_version(const SSL *ssl)
+{
+ SSL_ASSERT2(ssl);
+
+ return ssl_protocol_to_string(SSL_version(ssl));
+}
+
+/**
+ * @brief get alert description string
+ */
+const char* SSL_alert_desc_string(int value)
+{
+ const char *str;
+
+ switch (value & 0xff)
+ {
+ case SSL3_AD_CLOSE_NOTIFY:
+ str = "CN";
+ break;
+ case SSL3_AD_UNEXPECTED_MESSAGE:
+ str = "UM";
+ break;
+ case SSL3_AD_BAD_RECORD_MAC:
+ str = "BM";
+ break;
+ case SSL3_AD_DECOMPRESSION_FAILURE:
+ str = "DF";
+ break;
+ case SSL3_AD_HANDSHAKE_FAILURE:
+ str = "HF";
+ break;
+ case SSL3_AD_NO_CERTIFICATE:
+ str = "NC";
+ break;
+ case SSL3_AD_BAD_CERTIFICATE:
+ str = "BC";
+ break;
+ case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+ str = "UC";
+ break;
+ case SSL3_AD_CERTIFICATE_REVOKED:
+ str = "CR";
+ break;
+ case SSL3_AD_CERTIFICATE_EXPIRED:
+ str = "CE";
+ break;
+ case SSL3_AD_CERTIFICATE_UNKNOWN:
+ str = "CU";
+ break;
+ case SSL3_AD_ILLEGAL_PARAMETER:
+ str = "IP";
+ break;
+ case TLS1_AD_DECRYPTION_FAILED:
+ str = "DC";
+ break;
+ case TLS1_AD_RECORD_OVERFLOW:
+ str = "RO";
+ break;
+ case TLS1_AD_UNKNOWN_CA:
+ str = "CA";
+ break;
+ case TLS1_AD_ACCESS_DENIED:
+ str = "AD";
+ break;
+ case TLS1_AD_DECODE_ERROR:
+ str = "DE";
+ break;
+ case TLS1_AD_DECRYPT_ERROR:
+ str = "CY";
+ break;
+ case TLS1_AD_EXPORT_RESTRICTION:
+ str = "ER";
+ break;
+ case TLS1_AD_PROTOCOL_VERSION:
+ str = "PV";
+ break;
+ case TLS1_AD_INSUFFICIENT_SECURITY:
+ str = "IS";
+ break;
+ case TLS1_AD_INTERNAL_ERROR:
+ str = "IE";
+ break;
+ case TLS1_AD_USER_CANCELLED:
+ str = "US";
+ break;
+ case TLS1_AD_NO_RENEGOTIATION:
+ str = "NR";
+ break;
+ case TLS1_AD_UNSUPPORTED_EXTENSION:
+ str = "UE";
+ break;
+ case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+ str = "CO";
+ break;
+ case TLS1_AD_UNRECOGNIZED_NAME:
+ str = "UN";
+ break;
+ case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+ str = "BR";
+ break;
+ case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+ str = "BH";
+ break;
+ case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+ str = "UP";
+ break;
+ default:
+ str = "UK";
+ break;
+ }
+
+ return str;
+}
+
+/**
+ * @brief get alert description long string
+ */
+const char* SSL_alert_desc_string_long(int value)
+{
+ const char *str;
+
+ switch (value & 0xff)
+ {
+ case SSL3_AD_CLOSE_NOTIFY:
+ str = "close notify";
+ break;
+ case SSL3_AD_UNEXPECTED_MESSAGE:
+ str = "unexpected_message";
+ break;
+ case SSL3_AD_BAD_RECORD_MAC:
+ str = "bad record mac";
+ break;
+ case SSL3_AD_DECOMPRESSION_FAILURE:
+ str = "decompression failure";
+ break;
+ case SSL3_AD_HANDSHAKE_FAILURE:
+ str = "handshake failure";
+ break;
+ case SSL3_AD_NO_CERTIFICATE:
+ str = "no certificate";
+ break;
+ case SSL3_AD_BAD_CERTIFICATE:
+ str = "bad certificate";
+ break;
+ case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+ str = "unsupported certificate";
+ break;
+ case SSL3_AD_CERTIFICATE_REVOKED:
+ str = "certificate revoked";
+ break;
+ case SSL3_AD_CERTIFICATE_EXPIRED:
+ str = "certificate expired";
+ break;
+ case SSL3_AD_CERTIFICATE_UNKNOWN:
+ str = "certificate unknown";
+ break;
+ case SSL3_AD_ILLEGAL_PARAMETER:
+ str = "illegal parameter";
+ break;
+ case TLS1_AD_DECRYPTION_FAILED:
+ str = "decryption failed";
+ break;
+ case TLS1_AD_RECORD_OVERFLOW:
+ str = "record overflow";
+ break;
+ case TLS1_AD_UNKNOWN_CA:
+ str = "unknown CA";
+ break;
+ case TLS1_AD_ACCESS_DENIED:
+ str = "access denied";
+ break;
+ case TLS1_AD_DECODE_ERROR:
+ str = "decode error";
+ break;
+ case TLS1_AD_DECRYPT_ERROR:
+ str = "decrypt error";
+ break;
+ case TLS1_AD_EXPORT_RESTRICTION:
+ str = "export restriction";
+ break;
+ case TLS1_AD_PROTOCOL_VERSION:
+ str = "protocol version";
+ break;
+ case TLS1_AD_INSUFFICIENT_SECURITY:
+ str = "insufficient security";
+ break;
+ case TLS1_AD_INTERNAL_ERROR:
+ str = "internal error";
+ break;
+ case TLS1_AD_USER_CANCELLED:
+ str = "user canceled";
+ break;
+ case TLS1_AD_NO_RENEGOTIATION:
+ str = "no renegotiation";
+ break;
+ case TLS1_AD_UNSUPPORTED_EXTENSION:
+ str = "unsupported extension";
+ break;
+ case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+ str = "certificate unobtainable";
+ break;
+ case TLS1_AD_UNRECOGNIZED_NAME:
+ str = "unrecognized name";
+ break;
+ case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+ str = "bad certificate status response";
+ break;
+ case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+ str = "bad certificate hash value";
+ break;
+ case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+ str = "unknown PSK identity";
+ break;
+ default:
+ str = "unknown";
+ break;
+ }
+
+ return str;
+}
+
+/**
+ * @brief get alert type string
+ */
+const char *SSL_alert_type_string(int value)
+{
+ const char *str;
+
+ switch (value >> 8)
+ {
+ case SSL3_AL_WARNING:
+ str = "W";
+ break;
+ case SSL3_AL_FATAL:
+ str = "F";
+ break;
+ default:
+ str = "U";
+ break;
+ }
+
+ return str;
+}
+
+/**
+ * @brief get alert type long string
+ */
+const char *SSL_alert_type_string_long(int value)
+{
+ const char *str;
+
+ switch (value >> 8)
+ {
+ case SSL3_AL_WARNING:
+ str = "warning";
+ break;
+ case SSL3_AL_FATAL:
+ str = "fatal";
+ break;
+ default:
+ str = "unknown";
+ break;
+ }
+
+ return str;
+}
+
+/**
+ * @brief get the state string where SSL is reading
+ */
+const char *SSL_rstate_string(SSL *ssl)
+{
+ const char *str;
+
+ SSL_ASSERT2(ssl);
+
+ switch (ssl->rlayer.rstate)
+ {
+ case SSL_ST_READ_HEADER:
+ str = "RH";
+ break;
+ case SSL_ST_READ_BODY:
+ str = "RB";
+ break;
+ case SSL_ST_READ_DONE:
+ str = "RD";
+ break;
+ default:
+ str = "unknown";
+ break;
+ }
+
+ return str;
+}
+
+/**
+ * @brief get the statement long string where SSL is reading
+ */
+const char *SSL_rstate_string_long(SSL *ssl)
+{
+ const char *str = "unknown";
+
+ SSL_ASSERT2(ssl);
+
+ switch (ssl->rlayer.rstate)
+ {
+ case SSL_ST_READ_HEADER:
+ str = "read header";
+ break;
+ case SSL_ST_READ_BODY:
+ str = "read body";
+ break;
+ case SSL_ST_READ_DONE:
+ str = "read done";
+ break;
+ default:
+ break;
+ }
+
+ return str;
+}
+
+/**
+ * @brief get SSL statement string
+ */
+char *SSL_state_string(const SSL *ssl)
+{
+ char *str = "UNKWN ";
+
+ SSL_ASSERT2(ssl);
+
+ if (ossl_statem_in_error(ssl))
+ str = "SSLERR";
+ else
+ {
+ switch (SSL_get_state(ssl))
+ {
+ case TLS_ST_BEFORE:
+ str = "PINIT ";
+ break;
+ case TLS_ST_OK:
+ str = "SSLOK ";
+ break;
+ case TLS_ST_CW_CLNT_HELLO:
+ str = "TWCH";
+ break;
+ case TLS_ST_CR_SRVR_HELLO:
+ str = "TRSH";
+ break;
+ case TLS_ST_CR_CERT:
+ str = "TRSC";
+ break;
+ case TLS_ST_CR_KEY_EXCH:
+ str = "TRSKE";
+ break;
+ case TLS_ST_CR_CERT_REQ:
+ str = "TRCR";
+ break;
+ case TLS_ST_CR_SRVR_DONE:
+ str = "TRSD";
+ break;
+ case TLS_ST_CW_CERT:
+ str = "TWCC";
+ break;
+ case TLS_ST_CW_KEY_EXCH:
+ str = "TWCKE";
+ break;
+ case TLS_ST_CW_CERT_VRFY:
+ str = "TWCV";
+ break;
+ case TLS_ST_SW_CHANGE:
+ case TLS_ST_CW_CHANGE:
+ str = "TWCCS";
+ break;
+ case TLS_ST_SW_FINISHED:
+ case TLS_ST_CW_FINISHED:
+ str = "TWFIN";
+ break;
+ case TLS_ST_SR_CHANGE:
+ case TLS_ST_CR_CHANGE:
+ str = "TRCCS";
+ break;
+ case TLS_ST_SR_FINISHED:
+ case TLS_ST_CR_FINISHED:
+ str = "TRFIN";
+ break;
+ case TLS_ST_SW_HELLO_REQ:
+ str = "TWHR";
+ break;
+ case TLS_ST_SR_CLNT_HELLO:
+ str = "TRCH";
+ break;
+ case TLS_ST_SW_SRVR_HELLO:
+ str = "TWSH";
+ break;
+ case TLS_ST_SW_CERT:
+ str = "TWSC";
+ break;
+ case TLS_ST_SW_KEY_EXCH:
+ str = "TWSKE";
+ break;
+ case TLS_ST_SW_CERT_REQ:
+ str = "TWCR";
+ break;
+ case TLS_ST_SW_SRVR_DONE:
+ str = "TWSD";
+ break;
+ case TLS_ST_SR_CERT:
+ str = "TRCC";
+ break;
+ case TLS_ST_SR_KEY_EXCH:
+ str = "TRCKE";
+ break;
+ case TLS_ST_SR_CERT_VRFY:
+ str = "TRCV";
+ break;
+ case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+ str = "DRCHV";
+ break;
+ case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+ str = "DWCHV";
+ break;
+ default:
+ break;
+ }
+ }
+
+ return str;
+}
+
+/**
+ * @brief get SSL statement long string
+ */
+char *SSL_state_string_long(const SSL *ssl)
+{
+ char *str = "UNKWN ";
+
+ SSL_ASSERT2(ssl);
+
+ if (ossl_statem_in_error(ssl))
+ str = "SSLERR";
+ else
+ {
+ switch (SSL_get_state(ssl))
+ {
+ case TLS_ST_BEFORE:
+ str = "before SSL initialization";
+ break;
+ case TLS_ST_OK:
+ str = "SSL negotiation finished successfully";
+ break;
+ case TLS_ST_CW_CLNT_HELLO:
+ str = "SSLv3/TLS write client hello";
+ break;
+ case TLS_ST_CR_SRVR_HELLO:
+ str = "SSLv3/TLS read server hello";
+ break;
+ case TLS_ST_CR_CERT:
+ str = "SSLv3/TLS read server certificate";
+ break;
+ case TLS_ST_CR_KEY_EXCH:
+ str = "SSLv3/TLS read server key exchange";
+ break;
+ case TLS_ST_CR_CERT_REQ:
+ str = "SSLv3/TLS read server certificate request";
+ break;
+ case TLS_ST_CR_SESSION_TICKET:
+ str = "SSLv3/TLS read server session ticket";
+ break;
+ case TLS_ST_CR_SRVR_DONE:
+ str = "SSLv3/TLS read server done";
+ break;
+ case TLS_ST_CW_CERT:
+ str = "SSLv3/TLS write client certificate";
+ break;
+ case TLS_ST_CW_KEY_EXCH:
+ str = "SSLv3/TLS write client key exchange";
+ break;
+ case TLS_ST_CW_CERT_VRFY:
+ str = "SSLv3/TLS write certificate verify";
+ break;
+ case TLS_ST_CW_CHANGE:
+ case TLS_ST_SW_CHANGE:
+ str = "SSLv3/TLS write change cipher spec";
+ break;
+ case TLS_ST_CW_FINISHED:
+ case TLS_ST_SW_FINISHED:
+ str = "SSLv3/TLS write finished";
+ break;
+ case TLS_ST_CR_CHANGE:
+ case TLS_ST_SR_CHANGE:
+ str = "SSLv3/TLS read change cipher spec";
+ break;
+ case TLS_ST_CR_FINISHED:
+ case TLS_ST_SR_FINISHED:
+ str = "SSLv3/TLS read finished";
+ break;
+ case TLS_ST_SR_CLNT_HELLO:
+ str = "SSLv3/TLS read client hello";
+ break;
+ case TLS_ST_SW_HELLO_REQ:
+ str = "SSLv3/TLS write hello request";
+ break;
+ case TLS_ST_SW_SRVR_HELLO:
+ str = "SSLv3/TLS write server hello";
+ break;
+ case TLS_ST_SW_CERT:
+ str = "SSLv3/TLS write certificate";
+ break;
+ case TLS_ST_SW_KEY_EXCH:
+ str = "SSLv3/TLS write key exchange";
+ break;
+ case TLS_ST_SW_CERT_REQ:
+ str = "SSLv3/TLS write certificate request";
+ break;
+ case TLS_ST_SW_SESSION_TICKET:
+ str = "SSLv3/TLS write session ticket";
+ break;
+ case TLS_ST_SW_SRVR_DONE:
+ str = "SSLv3/TLS write server done";
+ break;
+ case TLS_ST_SR_CERT:
+ str = "SSLv3/TLS read client certificate";
+ break;
+ case TLS_ST_SR_KEY_EXCH:
+ str = "SSLv3/TLS read client key exchange";
+ break;
+ case TLS_ST_SR_CERT_VRFY:
+ str = "SSLv3/TLS read certificate verify";
+ break;
+ case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+ str = "DTLS1 read hello verify request";
+ break;
+ case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+ str = "DTLS1 write hello verify request";
+ break;
+ default:
+ break;
+ }
+ }
+
+ return str;
+}
+
+/**
+ * @brief set the SSL context read buffer length
+ */
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
+{
+ SSL_ASSERT3(ctx);
+
+ ctx->read_buffer_len = len;
+}
+
+/**
+ * @brief set the SSL read buffer length
+ */
+void SSL_set_default_read_buffer_len(SSL *ssl, size_t len)
+{
+ SSL_ASSERT3(ssl);
+ SSL_ASSERT3(len);
+
+ SSL_METHOD_CALL(set_bufflen, ssl, len);
+}
+
+/**
+ * @brief set the SSL information callback function
+ */
+void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val))
+{
+ SSL_ASSERT3(ssl);
+
+ ssl->info_callback = cb;
+}
+
+/**
+ * @brief add SSL context reference count by '1'
+ */
+int SSL_CTX_up_ref(SSL_CTX *ctx)
+{
+ SSL_ASSERT1(ctx);
+
+ /**
+ * no support multi-thread SSL here
+ */
+ ctx->references++;
+
+ return 1;
+}
+
+/**
+ * @brief set the SSL security level
+ */
+void SSL_set_security_level(SSL *ssl, int level)
+{
+ SSL_ASSERT3(ssl);
+
+ ssl->cert->sec_level = level;
+}
+
+/**
+ * @brief get the SSL security level
+ */
+int SSL_get_security_level(const SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ return ssl->cert->sec_level;
+}
+
+/**
+ * @brief get the SSL verifying mode of the SSL context
+ */
+int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
+{
+ SSL_ASSERT1(ctx);
+
+ return ctx->verify_mode;
+}
+
+/**
+ * @brief set the session timeout time
+ */
+long SSL_CTX_set_timeout(SSL_CTX *ctx, long t)
+{
+ long l;
+
+ SSL_ASSERT1(ctx);
+
+ l = ctx->session_timeout;
+ ctx->session_timeout = t;
+
+ return l;
+}
+
+/**
+ * @brief get the session timeout time
+ */
+long SSL_CTX_get_timeout(const SSL_CTX *ctx)
+{
+ SSL_ASSERT1(ctx);
+
+ return ctx->session_timeout;
+}
+
+/**
+ * @brief set the SSL if we can read as many as data
+ */
+void SSL_set_read_ahead(SSL *ssl, int yes)
+{
+ SSL_ASSERT3(ssl);
+
+ ssl->rlayer.read_ahead = yes;
+}
+
+/**
+ * @brief set the SSL context if we can read as many as data
+ */
+void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes)
+{
+ SSL_ASSERT3(ctx);
+
+ ctx->read_ahead = yes;
+}
+
+/**
+ * @brief get the SSL ahead signal if we can read as many as data
+ */
+int SSL_get_read_ahead(const SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ return ssl->rlayer.read_ahead;
+}
+
+/**
+ * @brief get the SSL context ahead signal if we can read as many as data
+ */
+long SSL_CTX_get_read_ahead(SSL_CTX *ctx)
+{
+ SSL_ASSERT1(ctx);
+
+ return ctx->read_ahead;
+}
+
+/**
+ * @brief check if the SSL context can read as many as data
+ */
+long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx)
+{
+ SSL_ASSERT1(ctx);
+
+ return ctx->read_ahead;
+}
+
+/**
+ * @brief set SSL session time
+ */
+long SSL_set_time(SSL *ssl, long t)
+{
+ SSL_ASSERT1(ssl);
+
+ ssl->session->time = t;
+
+ return t;
+}
+
+/**
+ * @brief set SSL session timeout time
+ */
+long SSL_set_timeout(SSL *ssl, long t)
+{
+ SSL_ASSERT1(ssl);
+
+ ssl->session->timeout = t;
+
+ return t;
+}
+
+/**
+ * @brief get the verifying result of the SSL certification
+ */
+long SSL_get_verify_result(const SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ return SSL_METHOD_CALL(get_verify_result, ssl);
+}
+
+/**
+ * @brief get the SSL verifying depth of the SSL context
+ */
+int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
+{
+ SSL_ASSERT1(ctx);
+
+ return ctx->param.depth;
+}
+
+/**
+ * @brief set the SSL verify depth of the SSL context
+ */
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
+{
+ SSL_ASSERT3(ctx);
+
+ ctx->param.depth = depth;
+}
+
+/**
+ * @brief get the SSL verifying depth of the SSL
+ */
+int SSL_get_verify_depth(const SSL *ssl)
+{
+ SSL_ASSERT1(ssl);
+
+ return ssl->param.depth;
+}
+
+/**
+ * @brief set the SSL verify depth of the SSL
+ */
+void SSL_set_verify_depth(SSL *ssl, int depth)
+{
+ SSL_ASSERT3(ssl);
+
+ ssl->param.depth = depth;
+}
+
+/**
+ * @brief set the SSL context verifying of the SSL context
+ */
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *))
+{
+ SSL_ASSERT3(ctx);
+
+ ctx->verify_mode = mode;
+ ctx->default_verify_callback = verify_callback;
+}
+
+/**
+ * @brief set the SSL verifying of the SSL context
+ */
+void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *))
+{
+ SSL_ASSERT3(ssl);
+
+ ssl->verify_mode = mode;
+ ssl->verify_callback = verify_callback;
+}
+
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+{
+ strncpy(buf, "unknown", len);
+}
+
+void ERR_free_strings(void)
+{
+}
+
+char *ERR_error_string(unsigned long e, char *buf)
+{
+ if (buf) {
+ strcpy(buf, "unknown");
+ }
+
+ return "unknown";
+}
+
+void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx)
+{
+ return NULL;
+}
+
+/*
+ * Openssl wants the valid protocol names supplied like this:
+ *
+ * (unsigned char *)"\x02h2\x08http/1.1", 6 + 9
+ *
+ * Mbedtls wants this:
+ *
+ * Pointer to a NULL-terminated list of supported protocols, in decreasing
+ * preference order. The pointer to the list is recorded by the library for
+ * later reference as required, so the lifetime of the table must be at least
+ * as long as the lifetime of the SSL configuration structure.
+ *
+ * So accept the OpenSSL style and convert to mbedtls style
+ */
+
+struct alpn_ctx {
+ unsigned char *data;
+ unsigned short len;
+};
+
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, next_proto_cb cb, void *arg)
+{
+ struct alpn_ctx *ac = arg;
+ unsigned char *p = ac->data, *q;
+ unsigned char len;
+ int count = 0;
+
+ /* find out how many entries he gave us */
+
+ len = *p++;
+ while (p - ac->data < ac->len) {
+ if (len--) {
+ p++;
+ continue;
+ }
+ count++;
+ len = *p++;
+ if (!len)
+ break;
+ }
+
+ if (!count)
+ return;
+
+ /* allocate space for count + 1 pointers and the data afterwards */
+
+ ctx->alpn_protos = ssl_mem_zalloc((count + 1) * sizeof(char *) + ac->len + 1);
+ if (!ctx->alpn_protos)
+ return;
+
+ /* convert to mbedtls format */
+
+ q = (unsigned char *)ctx->alpn_protos + (count + 1) * sizeof(char *);
+ p = ac->data;
+ count = 0;
+
+ len = *p++;
+ ctx->alpn_protos[count] = (char *)q;
+ while (p - ac->data < ac->len) {
+ if (len--) {
+ *q++ = *p++;
+ continue;
+ }
+ *q++ = '\0';
+ count++;
+ len = *p++;
+ ctx->alpn_protos[count] = (char *)q;
+ if (!len)
+ break;
+ }
+ ctx->alpn_protos[count] = NULL; /* last pointer ends list with NULL */
+
+ ctx->alpn_cb = cb;
+}
diff --git a/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_methods.c b/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_methods.c
new file mode 100644
index 0000000000..0002360846
--- /dev/null
+++ b/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_methods.c
@@ -0,0 +1,81 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "ssl_methods.h"
+#include "ssl_pm.h"
+
+/**
+ * TLS method function collection
+ */
+IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func,
+ ssl_pm_new, ssl_pm_free,
+ ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear,
+ ssl_pm_read, ssl_pm_send, ssl_pm_pending,
+ ssl_pm_set_fd, ssl_pm_get_fd,
+ ssl_pm_set_bufflen,
+ ssl_pm_get_verify_result,
+ ssl_pm_get_state);
+
+/**
+ * TLS or SSL client method collection
+ */
+IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method);
+
+IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method);
+
+IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 0, TLS_method_func, TLSv1_1_client_method);
+
+IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method);
+
+IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method);
+
+/**
+ * TLS or SSL server method collection
+ */
+IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method);
+
+IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method);
+
+IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 1, TLS_method_func, TLSv1_2_server_method);
+
+IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_server_method);
+
+IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method);
+
+/**
+ * TLS or SSL method collection
+ */
+IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method);
+
+IMPLEMENT_SSL_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method);
+
+IMPLEMENT_SSL_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method);
+
+IMPLEMENT_SSL_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method);
+
+IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method);
+
+/**
+ * @brief get X509 object method
+ */
+IMPLEMENT_X509_METHOD(X509_method,
+ x509_pm_new, x509_pm_free,
+ x509_pm_load, x509_pm_show_info);
+
+/**
+ * @brief get private key object method
+ */
+IMPLEMENT_PKEY_METHOD(EVP_PKEY_method,
+ pkey_pm_new, pkey_pm_free,
+ pkey_pm_load);
diff --git a/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_pkey.c b/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_pkey.c
new file mode 100644
index 0000000000..567a33e2c2
--- /dev/null
+++ b/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_pkey.c
@@ -0,0 +1,239 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "ssl_pkey.h"
+#include "ssl_methods.h"
+#include "ssl_dbg.h"
+#include "ssl_port.h"
+
+/**
+ * @brief create a private key object according to input private key
+ */
+EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk)
+{
+ int ret;
+ EVP_PKEY *pkey;
+
+ pkey = ssl_mem_zalloc(sizeof(EVP_PKEY));
+ if (!pkey) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "no enough memory > (pkey)");
+ goto no_mem;
+ }
+
+ if (ipk) {
+ pkey->method = ipk->method;
+ } else {
+ pkey->method = EVP_PKEY_method();
+ }
+
+ ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk);
+ if (ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(new) return %d", ret);
+ goto failed;
+ }
+
+ return pkey;
+
+failed:
+ ssl_mem_free(pkey);
+no_mem:
+ return NULL;
+}
+
+/**
+ * @brief create a private key object
+ */
+EVP_PKEY* EVP_PKEY_new(void)
+{
+ return __EVP_PKEY_new(NULL);
+}
+
+/**
+ * @brief free a private key object
+ */
+void EVP_PKEY_free(EVP_PKEY *pkey)
+{
+ SSL_ASSERT3(pkey);
+
+ EVP_PKEY_METHOD_CALL(free, pkey);
+
+ ssl_mem_free(pkey);
+}
+
+/**
+ * @brief load a character key context into system context. If '*a' is pointed to the
+ * private key, then load key into it. Or create a new private key object
+ */
+EVP_PKEY *d2i_PrivateKey(int type,
+ EVP_PKEY **a,
+ const unsigned char **pp,
+ long length)
+{
+ int m = 0;
+ int ret;
+ EVP_PKEY *pkey;
+
+ SSL_ASSERT2(pp);
+ SSL_ASSERT2(*pp);
+ SSL_ASSERT2(length);
+
+ if (a && *a) {
+ pkey = *a;
+ } else {
+ pkey = EVP_PKEY_new();;
+ if (!pkey) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL");
+ goto failed1;
+ }
+
+ m = 1;
+ }
+
+ ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length);
+ if (ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret);
+ goto failed2;
+ }
+
+ if (a)
+ *a = pkey;
+
+ return pkey;
+
+failed2:
+ if (m)
+ EVP_PKEY_free(pkey);
+failed1:
+ return NULL;
+}
+
+/**
+ * @brief set the SSL context private key
+ */
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
+{
+ SSL_ASSERT1(ctx);
+ SSL_ASSERT1(pkey);
+
+ if (ctx->cert->pkey == pkey)
+ return 1;
+
+ if (ctx->cert->pkey)
+ EVP_PKEY_free(ctx->cert->pkey);
+
+ ctx->cert->pkey = pkey;
+
+ return 1;
+}
+
+/**
+ * @brief set the SSL private key
+ */
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
+{
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(pkey);
+
+ if (ssl->cert->pkey == pkey)
+ return 1;
+
+ if (ssl->cert->pkey)
+ EVP_PKEY_free(ssl->cert->pkey);
+
+ ssl->cert->pkey = pkey;
+
+ return 1;
+}
+
+/**
+ * @brief load private key into the SSL context
+ */
+int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
+ const unsigned char *d, long len)
+{
+ int ret;
+ EVP_PKEY *pk;
+
+ pk = d2i_PrivateKey(0, NULL, &d, len);
+ if (!pk) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
+ goto failed1;
+ }
+
+ ret = SSL_CTX_use_PrivateKey(ctx, pk);
+ if (!ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_PrivateKey() return %d", ret);
+ goto failed2;
+ }
+
+ return 1;
+
+failed2:
+ EVP_PKEY_free(pk);
+failed1:
+ return 0;
+}
+
+/**
+ * @brief load private key into the SSL
+ */
+int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
+ const unsigned char *d, long len)
+{
+ int ret;
+ EVP_PKEY *pk;
+
+ pk = d2i_PrivateKey(0, NULL, &d, len);
+ if (!pk) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
+ goto failed1;
+ }
+
+ ret = SSL_use_PrivateKey(ssl, pk);
+ if (!ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_PrivateKey() return %d", ret);
+ goto failed2;
+ }
+
+ return 1;
+
+failed2:
+ EVP_PKEY_free(pk);
+failed1:
+ return 0;
+}
+
+/**
+ * @brief load the private key file into SSL context
+ */
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+ return 0;
+}
+
+/**
+ * @brief load the private key file into SSL
+ */
+int SSL_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+ return 0;
+}
+
+/**
+ * @brief load the RSA ASN1 private key into SSL context
+ */
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
+{
+ return SSL_CTX_use_PrivateKey_ASN1(0, ctx, d, len);
+}
diff --git a/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_stack.c b/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_stack.c
new file mode 100644
index 0000000000..da836daf9c
--- /dev/null
+++ b/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_stack.c
@@ -0,0 +1,74 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "ssl_stack.h"
+#include "ssl_dbg.h"
+#include "ssl_port.h"
+
+#ifndef CONFIG_MIN_NODES
+ #define MIN_NODES 4
+#else
+ #define MIN_NODES CONFIG_MIN_NODES
+#endif
+
+/**
+ * @brief create a openssl stack object
+ */
+OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c)
+{
+ OPENSSL_STACK *stack;
+ char **data;
+
+ stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK));
+ if (!stack) {
+ SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (stack)");
+ goto no_mem1;
+ }
+
+ data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES);
+ if (!data) {
+ SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (data)");
+ goto no_mem2;
+ }
+
+ stack->data = data;
+ stack->num_alloc = MIN_NODES;
+ stack->c = c;
+
+ return stack;
+
+no_mem2:
+ ssl_mem_free(stack);
+no_mem1:
+ return NULL;
+}
+
+/**
+ * @brief create a NULL function openssl stack object
+ */
+OPENSSL_STACK *OPENSSL_sk_new_null(void)
+{
+ return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL);
+}
+
+/**
+ * @brief free openssl stack object
+ */
+void OPENSSL_sk_free(OPENSSL_STACK *stack)
+{
+ SSL_ASSERT3(stack);
+
+ ssl_mem_free(stack->data);
+ ssl_mem_free(stack);
+}
diff --git a/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_x509.c b/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_x509.c
new file mode 100644
index 0000000000..4441490a03
--- /dev/null
+++ b/thirdparty/libwebsockets/mbedtls_wrapper/library/ssl_x509.c
@@ -0,0 +1,330 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "ssl_x509.h"
+#include "ssl_methods.h"
+#include "ssl_dbg.h"
+#include "ssl_port.h"
+
+/**
+ * @brief show X509 certification information
+ */
+int __X509_show_info(X509 *x)
+{
+ return X509_METHOD_CALL(show_info, x);
+}
+
+/**
+ * @brief create a X509 certification object according to input X509 certification
+ */
+X509* __X509_new(X509 *ix)
+{
+ int ret;
+ X509 *x;
+
+ x = ssl_mem_zalloc(sizeof(X509));
+ if (!x) {
+ SSL_DEBUG(SSL_X509_ERROR_LEVEL, "no enough memory > (x)");
+ goto no_mem;
+ }
+
+ if (ix)
+ x->method = ix->method;
+ else
+ x->method = X509_method();
+
+ ret = X509_METHOD_CALL(new, x, ix);
+ if (ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(new) return %d", ret);
+ goto failed;
+ }
+
+ return x;
+
+failed:
+ ssl_mem_free(x);
+no_mem:
+ return NULL;
+}
+
+/**
+ * @brief create a X509 certification object
+ */
+X509* X509_new(void)
+{
+ return __X509_new(NULL);
+}
+
+/**
+ * @brief free a X509 certification object
+ */
+void X509_free(X509 *x)
+{
+ SSL_ASSERT3(x);
+
+ X509_METHOD_CALL(free, x);
+
+ ssl_mem_free(x);
+};
+
+/**
+ * @brief load a character certification context into system context. If '*cert' is pointed to the
+ * certification, then load certification into it. Or create a new X509 certification object
+ */
+X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len)
+{
+ int m = 0;
+ int ret;
+ X509 *x;
+
+ SSL_ASSERT2(buffer);
+ SSL_ASSERT2(len);
+
+ if (cert && *cert) {
+ x = *cert;
+ } else {
+ x = X509_new();
+ if (!x) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
+ goto failed1;
+ }
+ m = 1;
+ }
+
+ ret = X509_METHOD_CALL(load, x, buffer, len);
+ if (ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
+ goto failed2;
+ }
+
+ return x;
+
+failed2:
+ if (m)
+ X509_free(x);
+failed1:
+ return NULL;
+}
+
+/**
+ * @brief return SSL X509 verify parameters
+ */
+
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+{
+ return &ssl->param;
+}
+
+/**
+ * @brief set X509 host verification flags
+ */
+
+int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+ unsigned long flags)
+{
+ /* flags not supported yet */
+ return 0;
+}
+
+/**
+ * @brief clear X509 host verification flags
+ */
+
+int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
+ unsigned long flags)
+{
+ /* flags not supported yet */
+ return 0;
+}
+
+/**
+ * @brief set SSL context client CA certification
+ */
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
+{
+ SSL_ASSERT1(ctx);
+ SSL_ASSERT1(x);
+
+ if (ctx->client_CA == x)
+ return 1;
+
+ X509_free(ctx->client_CA);
+
+ ctx->client_CA = x;
+
+ return 1;
+}
+
+/**
+ * @brief add CA client certification into the SSL
+ */
+int SSL_add_client_CA(SSL *ssl, X509 *x)
+{
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(x);
+
+ if (ssl->client_CA == x)
+ return 1;
+
+ X509_free(ssl->client_CA);
+
+ ssl->client_CA = x;
+
+ return 1;
+}
+
+/**
+ * @brief set the SSL context certification
+ */
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
+{
+ SSL_ASSERT1(ctx);
+ SSL_ASSERT1(x);
+
+ if (ctx->cert->x509 == x)
+ return 1;
+
+ X509_free(ctx->cert->x509);
+
+ ctx->cert->x509 = x;
+
+ return 1;
+}
+
+/**
+ * @brief set the SSL certification
+ */
+int SSL_use_certificate(SSL *ssl, X509 *x)
+{
+ SSL_ASSERT1(ssl);
+ SSL_ASSERT1(x);
+
+ if (ssl->cert->x509 == x)
+ return 1;
+
+ X509_free(ssl->cert->x509);
+
+ ssl->cert->x509 = x;
+
+ return 1;
+}
+
+/**
+ * @brief get the SSL certification point
+ */
+X509 *SSL_get_certificate(const SSL *ssl)
+{
+ SSL_ASSERT2(ssl);
+
+ return ssl->cert->x509;
+}
+
+/**
+ * @brief load certification into the SSL context
+ */
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
+ const unsigned char *d)
+{
+ int ret;
+ X509 *x;
+
+ x = d2i_X509(NULL, d, len);
+ if (!x) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
+ goto failed1;
+ }
+
+ ret = SSL_CTX_use_certificate(ctx, x);
+ if (!ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_certificate() return %d", ret);
+ goto failed2;
+ }
+
+ return 1;
+
+failed2:
+ X509_free(x);
+failed1:
+ return 0;
+}
+
+/**
+ * @brief load certification into the SSL
+ */
+int SSL_use_certificate_ASN1(SSL *ssl, int len,
+ const unsigned char *d)
+{
+ int ret;
+ X509 *x;
+
+ x = d2i_X509(NULL, d, len);
+ if (!x) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL");
+ goto failed1;
+ }
+
+ ret = SSL_use_certificate(ssl, x);
+ if (!ret) {
+ SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_certificate() return %d", ret);
+ goto failed2;
+ }
+
+ return 1;
+
+failed2:
+ X509_free(x);
+failed1:
+ return 0;
+}
+
+/**
+ * @brief load the certification file into SSL context
+ */
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
+{
+ return 0;
+}
+
+/**
+ * @brief load the certification file into SSL
+ */
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
+{
+ return 0;
+}
+
+/**
+ * @brief get peer certification
+ */
+X509 *SSL_get_peer_certificate(const SSL *ssl)
+{
+ SSL_ASSERT2(ssl);
+
+ return ssl->session->peer;
+}
+
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
+{
+ return X509_V_ERR_UNSPECIFIED;
+}
+
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
+{
+ return 0;
+}
+
+const char *X509_verify_cert_error_string(long n)
+{
+ return "unknown";
+}