Relocate internal SSL client.

src/client/SSLClient/ESP_SSLClient.h

@@ -0,0 +1,79 @@
+/**
+ *
+ * The ESP SSL Client Class, ESP_SSLClient.h v2.1.7
+ *
+ * Created September 2, 2023
+ *
+ * The MIT License (MIT)
+ * Copyright (c) 2023 K. Suwatchai (Mobizt)
+ *
+ *
+ * Permission is hereby granted, free of charge, to any person returning a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+#ifndef ESP_SSLCLIENT_H
+#define ESP_SSLCLIENT_H
+
+#include "ESP_SSLClient_FS.h"
+
+#ifndef SSLCLIENT_CONNECTION_UPGRADABLE
+#define SSLCLIENT_CONNECTION_UPGRADABLE
+#endif
+#include "ESP_SSLClient_Const.h"
+#if defined(USE_EMBED_SSL_ENGINE) || defined(USE_LIB_SSL_ENGINE)
+#include "client/BSSL_TCP_Client.h"
+class ESP_SSLClient : public BSSL_TCP_Client
+{
+public:
+    ESP_SSLClient(){};
+    ~ESP_SSLClient(){};
+};
+
+class ESP_SSLClient2 : public BSSL_TCP_Client
+{
+public:
+    ESP_SSLClient2(Client &client, bool enableSSL = true) : _base_client(client)
+    {
+        setClient(&_base_client, enableSSL);
+    };
+    ~ESP_SSLClient2(){};
+
+private:
+    Client &_base_client;
+};
+
+#else
+class ESP_SSLClient
+{
+public:
+    ESP_SSLClient(){};
+    ~ESP_SSLClient(){};
+};
+
+class ESP_SSLClient2
+{
+public:
+    ESP_SSLClient2(Client &client, bool enableSSL = true) : _base_client(client){};
+    ~ESP_SSLClient2(){};
+
+private:
+    Client &_base_client;
+};
+#endif
+
+#endif

src/client/SSLClient/ESP_SSLClient_Const.h

@@ -0,0 +1,138 @@
+#ifndef ESP_SSLCLIENT_CONST_H
+#define ESP_SSLCLIENT_CONST_H
+
+#pragma GCC diagnostic ignored "-Wunused-function"
+#pragma GCC diagnostic ignored "-Wvla"
+
+#include "ESP_SSLClient_FS.h"
+
+#include <Arduino.h>
+#include <Client.h>
+
+#if defined(__AVR__)
+#undef USE_LIB_SSL_ENGINE
+#undef USE_EMBED_SSL_ENGINE
+#error "Not support AVR architecture"
+#endif
+
+#define ESP_SSLCLIENT_VALID_TIMESTAMP 1690979919
+
+#ifndef SSLCLIENT_CONNECTION_UPGRADABLE
+#define SSLCLIENT_CONNECTION_UPGRADABLE
+#endif
+
+#ifdef ESP_SSLCLIENT_ENABLE_DEBUG
+#if !defined(ESP_SSLCLIENT_DEBUG_PORT)
+#define ESP_SSLCLIENT_DEBUG_PORT Serial
+#endif
+#define ESP_SSLCLIENT_DEBUG_PRINT ESP_SSLCLIENT_DEBUG_PORT.print
+#else
+#define ESP_SSLCLIENT_DEBUG_PRINT(...)
+#endif
+
+#if !defined(FPSTR)
+#define FPSTR
+#endif
+
+#if defined(USE_EMBED_SSL_ENGINE) || defined(USE_LIB_SSL_ENGINE)
+
+enum esp_ssl_client_debug_level
+{
+    esp_ssl_debug_none = 0,
+    esp_ssl_debug_error = 1,
+    esp_ssl_debug_warn = 2,
+    esp_ssl_debug_info = 3,
+    esp_ssl_debug_dump = 4
+};
+
+enum esp_ssl_client_error_types
+{
+    esp_ssl_ok,
+    esp_ssl_connection_fail,
+    esp_ssl_write_error,
+    esp_ssl_read_error,
+    esp_ssl_out_of_memory,
+    esp_ssl_internal_error
+};
+
+#if defined(ESP_SSLCLIENT_ENABLE_DEBUG)
+
+static void esp_ssl_debug_print_prefix(const char *func_name, int level)
+{
+    ESP_SSLCLIENT_DEBUG_PRINT(PSTR("> "));
+    // print the debug level
+    switch (level)
+    {
+    case esp_ssl_debug_info:
+        ESP_SSLCLIENT_DEBUG_PRINT(PSTR("INFO."));
+        break;
+    case esp_ssl_debug_warn:
+        ESP_SSLCLIENT_DEBUG_PRINT(PSTR("WARN."));
+        break;
+    case esp_ssl_debug_error:
+        ESP_SSLCLIENT_DEBUG_PRINT(PSTR("ERROR."));
+        break;
+    default:
+        break;
+    }
+
+    // print the function name
+    ESP_SSLCLIENT_DEBUG_PRINT(PSTR(""));
+    ESP_SSLCLIENT_DEBUG_PRINT(func_name);
+    ESP_SSLCLIENT_DEBUG_PRINT(PSTR(": "));
+}
+
+static void esp_ssl_debug_print(PGM_P msg, int debug_level, int level, const char *func_name)
+{
+    if (debug_level >= level)
+    {
+        esp_ssl_debug_print_prefix(func_name, level);
+        ESP_SSLCLIENT_DEBUG_PRINT(msg);
+        ESP_SSLCLIENT_DEBUG_PRINT("\r\n");
+    }
+}
+
+#endif
+
+static uint8_t htoi(unsigned char c)
+{
+    if (c >= '0' && c <= '9')
+        return c - '0';
+    else if (c >= 'A' && c <= 'F')
+        return 10 + c - 'A';
+    else if (c >= 'a' && c <= 'f')
+        return 10 + c - 'a';
+    else
+        return 255;
+}
+
+// Helper function which aborts a TLS handshake by sending TLS
+// ClientAbort and ClientClose messages.
+static bool send_abort(Client *probe, bool supportsLen)
+{
+    // If we're still connected, send the appropriate notice that
+    // we're aborting the handshake per RFCs.
+    static const uint8_t clientAbort_P[] PROGMEM = {
+        0x15 /*alert*/, 0x03, 0x03 /*TLS 1.2*/, 0x00, 0x02,
+        1, 90 /* warning: user_cancelled */
+    };
+    static const uint8_t clientClose_P[] PROGMEM = {
+        0x15 /*alert*/, 0x03, 0x03 /*TLS 1.2*/, 0x00, 0x02,
+        1, 0 /* warning: close_notify */
+    };
+    if (probe->connected())
+    {
+        uint8_t msg[sizeof(clientAbort_P)];
+        memcpy_P(msg, clientAbort_P, sizeof(clientAbort_P));
+        probe->write(msg, sizeof(clientAbort_P));
+        memcpy_P(msg, clientClose_P, sizeof(clientClose_P));
+        probe->write(msg, sizeof(clientClose_P));
+    }
+    return supportsLen;
+}
+
+const uint16_t _secure_ports[26] = {443 /* HTTPS */, 465 /* SMTP */, 563 /* NNTP */, 636 /* LDAPS */, 695 /* IEEE-MMS-SSL */, 832 /* NETCONF */, 853 /* DNS */, 989 /* FTPS */, 990 /* FTPS */, 992 /* Telnet */, 993 /* IMAP */, 995 /* POP3 */, 4116 /* Smartcard */, 4843 /* OPC */, 5061 /* SIP */, 5085 /* LLIP */, 5349 /* NAT */, 5671 /* AMQP */, 5986 /* WinRM-HTTPS */, 6513 /* NETCONF */, 6514 /* Syslog */, 6515 /* Elipse RPC */, 6619 /* OFTP */, 8243 /* Apache Synapse */, 8403 /* GxFWD */, 8883 /* MQTT */};
+
+#endif
+
+#endif

src/client/SSLClient/ESP_SSLClient_FS.h

@@ -0,0 +1,42 @@
+#ifndef ESP_SSLClient_FS_H
+#define ESP_SSLClient_FS_H
+
+#if (defined(ESP8266) || defined(ARDUINO_ARCH_RP2040)) && !defined(ARDUINO_NANO_RP2040_CONNECT)
+// for ESP8266 and Raspberry Pi Pico (RP2040) only except for Arduino Nano RP2040 Connect
+#define USE_EMBED_SSL_ENGINE
+#else
+#define USE_LIB_SSL_ENGINE
+#endif
+
+#pragma once
+
+// for enable debugging
+#define ESP_SSLCLIENT_ENABLE_DEBUG
+
+/** Call ssl_client.setDebugLevel(x) to set the debug
+ * esp_ssl_debug_none = 0
+ * esp_ssl_debug_error = 1
+ * esp_ssl_debug_warn = 2
+ * esp_ssl_debug_info = 3
+ * esp_ssl_debug_dump = 4
+ */
+
+// for debug port
+#define ESP_SSLCLIENT_DEBUG_PORT Serial
+
+// for SSL Error String
+#define ESP_SSLCLIENT_ENABLE_SSL_ERROR_STRING
+
+// for Filesystem support that required for CertStore
+#define ESP_SSLCLIENT_USE_FILESYSTEM
+
+// For external SRAM (PSRAM) support
+#define ESP_SSLCLIENT_USE_PSRAM
+
+#if defined __has_include
+#if __has_include(<Custom_ESP_SSLClient_FS.h>)
+#include "Custom_ESP_SSLClient_FS.h"
+#endif
+#endif
+
+#endif

src/client/SSLClient/bssl/aes_big_cbcdec.c

@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2016 Thomas Pornin <[email protected]>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining 
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be 
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include "../ESP_SSLClient_FS.h"
+#if defined(USE_LIB_SSL_ENGINE)
+
+#include "inner.h"
+
+/* see bearssl_block.h */
+void
+br_aes_big_cbcdec_init(br_aes_big_cbcdec_keys *ctx,
+	const void *key, size_t len)
+{
+	ctx->vtable = &br_aes_big_cbcdec_vtable;
+	ctx->num_rounds = br_aes_big_keysched_inv(ctx->skey, key, len);
+}
+
+/* see bearssl_block.h */
+void
+br_aes_big_cbcdec_run(const br_aes_big_cbcdec_keys *ctx,
+	void *iv, void *data, size_t len)
+{
+	unsigned char *buf, *ivbuf;
+
+	ivbuf = iv;
+	buf = data;
+	while (len > 0) {
+		unsigned char tmp[16];
+		int i;
+
+		memcpy(tmp, buf, 16);
+		br_aes_big_decrypt(ctx->num_rounds, ctx->skey, buf);
+		for (i = 0; i < 16; i ++) {
+			buf[i] ^= ivbuf[i];
+		}
+		memcpy(ivbuf, tmp, 16);
+		buf += 16;
+		len -= 16;
+	}
+}
+
+/* see bearssl_block.h */
+const br_block_cbcdec_class br_aes_big_cbcdec_vtable = {
+	sizeof(br_aes_big_cbcdec_keys),
+	16,
+	4,
+	(void (*)(const br_block_cbcdec_class **, const void *, size_t))
+		&br_aes_big_cbcdec_init,
+	(void (*)(const br_block_cbcdec_class *const *, void *, void *, size_t))
+		&br_aes_big_cbcdec_run
+};
+
+#endif