diff --git a/FreeRTOS/Source/portable/esp8266/portmacro.h b/FreeRTOS/Source/portable/esp8266/portmacro.h
index a41b1f7..3c54612 100644
--- a/FreeRTOS/Source/portable/esp8266/portmacro.h
+++ b/FreeRTOS/Source/portable/esp8266/portmacro.h
@@ -70,6 +70,7 @@
extern "C" {
#endif
+#include "esp8266.h"
#include "espressif/esp8266/ets_sys.h"
#include <stdint.h>
#include <xtruntime.h>
diff --git a/FreeRTOS/Source/portable/esp8266/sdk_compat.c b/FreeRTOS/Source/portable/esp8266/sdk_compat.c
index 9691138..9ca5cd4 100644
--- a/FreeRTOS/Source/portable/esp8266/sdk_compat.c
+++ b/FreeRTOS/Source/portable/esp8266/sdk_compat.c
@@ -4,7 +4,7 @@
#include <string.h>
#include "FreeRTOS.h"
-/* SDK uses this and so does lwip, it was defined in libudhcp.a
+/* SDK uses errno. errno was defined in libudhcp.a
but that library has been removed. */
int errno;
diff --git a/axtls/axtls_esp_stubs.c b/axtls/axtls_esp_stubs.c
new file mode 100644
index 0000000..00b7fd6
--- /dev/null
+++ b/axtls/axtls_esp_stubs.c
@@ -0,0 +1,29 @@
+#include <time.h>
+#include <sys/time.h>
+#include <stdio.h>
+/*
+ * Stub time functions for TLS time-related operations
+ *
+ * ESPTODO: Revisit these soon as gettimeofday() is used for entropy
+ */
+
+time_t time(time_t *t)
+{
+ return 0;
+}
+
+time_t mktime(struct tm *tm)
+{
+ return 0;
+}
+
+int gettimeofday(struct timeval *tv, void *tz)
+{
+ return 0;
+}
+
+void abort(void)
+{
+ printf("abort() was called.\r\n");
+ while(1) {}
+}
diff --git a/axtls/component.mk b/axtls/component.mk
new file mode 100644
index 0000000..185f47e
--- /dev/null
+++ b/axtls/component.mk
@@ -0,0 +1,19 @@
+# Component makefile for axTLS
+
+# axTLS has its own configure and build system, but it's not particularly
+# designed for embedded systems. For now we're just imposing the ESP Open RTOS
+# build system over the top.
+
+# We supply our own hand tweaked config.h in the external 'include' dir.
+
+AXTLS_DIR = $(ROOT)axtls/axtls/
+INC_DIRS += $(ROOT)axtls/include $(AXTLS_DIR)ssl $(AXTLS_DIR)crypto
+
+# args for passing into compile rule generation
+axtls_ROOT = $(ROOT)axtls
+axtls_INC_DIR = $(AXTLS_DIR)include $(AXTLS_DIR)
+axtls_SRC_DIR = $(AXTLS_DIR)crypto $(AXTLS_DIR)ssl $(ROOT)axtls
+
+#axtls_CFLAGS = $(CFLAGS) -Wno-address
+
+$(eval $(call component_compile_rules,axtls))
diff --git a/include/ssl/ssl_config.h b/axtls/include/config.h
similarity index 66%
rename from include/ssl/ssl_config.h
rename to axtls/include/config.h
index 3404b5b..175d083 100644
--- a/include/ssl/ssl_config.h
+++ b/axtls/include/config.h
@@ -1,18 +1,18 @@
/*
* Automatically generated header file: don't edit
*/
-
-#define HAVE_DOT_CONFIG 1
+#define HAVE_DOT_CONFIG 0
#undef CONFIG_PLATFORM_LINUX
-#define CONFIG_PLATFORM_CYGWIN 1
+#undef CONFIG_PLATFORM_CYGWIN
#undef CONFIG_PLATFORM_WIN32
/*
* General Configuration
*/
#define PREFIX "/usr/local"
-#define CONFIG_DEBUG 1
-#undef CONFIG_STRIP_UNWANTED_SECTIONS
+#define CROSS "xtensa-lx106-elf-"
+#undef CONFIG_DEBUG
+#define CONFIG_STRIP_UNWANTED_SECTIONS 1
#undef CONFIG_VISUAL_STUDIO_7_0
#undef CONFIG_VISUAL_STUDIO_8_0
#undef CONFIG_VISUAL_STUDIO_10_0
@@ -22,18 +22,26 @@
#define CONFIG_EXTRA_CFLAGS_OPTIONS ""
#define CONFIG_EXTRA_LDFLAGS_OPTIONS ""
+/*
+ * Embedded System Options (added for ESP RTOS SDK, don't have config entries yetr)
+ */
+#define CONFIG_NO_FILESYSTEM 1
+#define CONFIG_USE_RAND 1
+#define CONFIG_MAX_PLAIN_LENGTH 1024
+#define CONFIG_MAX_KEY_BYTE_SIZE 256 /* for max 2048 bit keys (untested with >1024 bit keys) */
+
/*
* SSL Library
*/
#undef CONFIG_SSL_SERVER_ONLY
#undef CONFIG_SSL_CERT_VERIFICATION
-#undef CONFIG_SSL_ENABLE_CLIENT
-#define CONFIG_SSL_FULL_MODE 1
+#define CONFIG_SSL_ENABLE_CLIENT 1
+#undef CONFIG_SSL_FULL_MODE
#undef CONFIG_SSL_SKELETON_MODE
#undef CONFIG_SSL_PROT_LOW
#define CONFIG_SSL_PROT_MEDIUM 1
#undef CONFIG_SSL_PROT_HIGH
-#define CONFIG_SSL_USE_DEFAULT_KEY
+#undef CONFIG_SSL_USE_DEFAULT_KEY
#define CONFIG_SSL_PRIVATE_KEY_LOCATION ""
#define CONFIG_SSL_PRIVATE_KEY_PASSWORD ""
#define CONFIG_SSL_X509_CERT_LOCATION ""
@@ -42,45 +50,37 @@
#define CONFIG_SSL_X509_ORGANIZATION_NAME ""
#define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME ""
#undef CONFIG_SSL_ENABLE_V23_HANDSHAKE
-#define CONFIG_SSL_HAS_PEM 1
+#undef CONFIG_SSL_HAS_PEM
#undef CONFIG_SSL_USE_PKCS12
#define CONFIG_SSL_EXPIRY_TIME 24
-#define CONFIG_X509_MAX_CA_CERTS 150
+#define CONFIG_X509_MAX_CA_CERTS 1
#define CONFIG_SSL_MAX_CERTS 3
#undef CONFIG_SSL_CTX_MUTEXING
-//#define CONFIG_USE_DEV_URANDOM 1
+#undef CONFIG_USE_DEV_URANDOM
#undef CONFIG_WIN32_USE_CRYPTO_LIB
#undef CONFIG_OPENSSL_COMPATIBLE
#undef CONFIG_PERFORMANCE_TESTING
-#define CONFIG_SSL_TEST 1
+#undef CONFIG_SSL_TEST
#undef CONFIG_AXTLSWRAP
-#define CONFIG_AXHTTPD 1
-
-/*
- * Axhttpd Configuration
- */
+#undef CONFIG_AXHTTPD
#undef CONFIG_HTTP_STATIC_BUILD
-#define CONFIG_HTTP_PORT 80
-#define CONFIG_HTTP_HTTPS_PORT 443
-#define CONFIG_HTTP_SESSION_CACHE_SIZE 5
-#define CONFIG_HTTP_WEBROOT "../www"
-#define CONFIG_HTTP_TIMEOUT 300
-
-/*
- * CGI
- */
-#undef CONFIG_HTTP_HAS_CGI
-#define CONFIG_HTTP_CGI_EXTENSIONS ".lua,.lp,.php"
-#define CONFIG_HTTP_ENABLE_LUA 1
-#define CONFIG_HTTP_LUA_PREFIX "/usr"
+#define CONFIG_HTTP_PORT
+#define CONFIG_HTTP_HTTPS_PORT
+#define CONFIG_HTTP_SESSION_CACHE_SIZE
+#define CONFIG_HTTP_WEBROOT ""
+#define CONFIG_HTTP_TIMEOUT
+#undef CONFIG_HTTP_HAS_CGI
+#define CONFIG_HTTP_CGI_EXTENSIONS ""
+#undef CONFIG_HTTP_ENABLE_LUA
+#define CONFIG_HTTP_LUA_PREFIX ""
#undef CONFIG_HTTP_BUILD_LUA
-#define CONFIG_HTTP_CGI_LAUNCHER "/usr/bin/cgi"
-#define CONFIG_HTTP_DIRECTORIES 1
-#define CONFIG_HTTP_HAS_AUTHORIZATION 1
+#define CONFIG_HTTP_CGI_LAUNCHER ""
+#undef CONFIG_HTTP_DIRECTORIES
+#undef CONFIG_HTTP_HAS_AUTHORIZATION
#undef CONFIG_HTTP_HAS_IPV6
#undef CONFIG_HTTP_ENABLE_DIFFERENT_USER
#define CONFIG_HTTP_USER ""
-#define CONFIG_HTTP_VERBOSE 0
+#undef CONFIG_HTTP_VERBOSE
#undef CONFIG_HTTP_IS_DAEMON
/*
@@ -101,8 +101,8 @@
/*
* Samples
*/
-#define CONFIG_SAMPLES 1
-#define CONFIG_C_SAMPLES 1
+#undef CONFIG_SAMPLES
+#undef CONFIG_C_SAMPLES
#undef CONFIG_CSHARP_SAMPLES
#undef CONFIG_VBNET_SAMPLES
#undef CONFIG_JAVA_SAMPLES
@@ -117,11 +117,12 @@
#define CONFIG_BIGINT_BARRETT 1
#define CONFIG_BIGINT_CRT 1
#undef CONFIG_BIGINT_KARATSUBA
-#define MUL_KARATSUBA_THRESH
-#define SQU_KARATSUBA_THRESH
+#define MUL_KARATSUBA_THRESH
+#define SQU_KARATSUBA_THRESH
#define CONFIG_BIGINT_SLIDING_WINDOW 1
#define CONFIG_BIGINT_SQUARE 1
#define CONFIG_BIGINT_CHECK_ON 1
#define CONFIG_INTEGER_32BIT 1
#undef CONFIG_INTEGER_16BIT
#undef CONFIG_INTEGER_8BIT
+
diff --git a/axtls/include/os_int.h b/axtls/include/os_int.h
new file mode 100644
index 0000000..3fc09cd
--- /dev/null
+++ b/axtls/include/os_int.h
@@ -0,0 +1,6 @@
+#ifndef _OS_INT_H
+#define _OS_INT_H
+
+#include <stdint.h>
+
+#endif
diff --git a/include/ssl/ssl_os_port.h b/axtls/include/os_port.h
similarity index 60%
rename from include/ssl/ssl_os_port.h
rename to axtls/include/os_port.h
index a68b9e1..67fc3db 100644
--- a/include/ssl/ssl_os_port.h
+++ b/axtls/include/os_port.h
@@ -1,5 +1,6 @@
/*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2015, Cameron Rich
+ * Modifications Copyright (c) 2015 Superhouse Automation Pty Ltd
*
* All rights reserved.
*
@@ -34,28 +35,58 @@
* Some stuff to minimise the differences between windows and linux/unix
*/
-#ifndef HEADER_OS_PORT_H
-#define HEADER_OS_PORT_H
+#ifndef _HEADER_OS_PORT_H
+#define _HEADER_OS_PORT_H
#ifdef __cplusplus
extern "C" {
#endif
-#include "esp_common.h"
-
-#if 0
-#define ssl_printf(fmt, args...) os_printf(fmt,## args)
-#else
-#define ssl_printf(fmt, args...)
+#include "FreeRTOS.h"
+#include "os_int.h"
+#include "config.h"
+#include <stdio.h>
+#include <pwd.h>
+#include <netdb.h>
+//#include <fcntl.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <posix/sys/socket.h>
+#include <sys/wait.h>
+#include <ipv4/lwip/inet.h>
+#if defined(CONFIG_SSL_CTX_MUTEXING)
+#include "semphr.h"
#endif
-#define STDCALL
-#define EXP_FUNC
+#define SOCKET_READ(A,B,C) read(A,B,C)
+#define SOCKET_WRITE(A,B,C) write(A,B,C)
+#define SOCKET_CLOSE(A) if (A >= 0) close(A)
+#define TTY_FLUSH()
+static inline uint64_t be64toh(uint64_t x) {
+ return ntohl(x>>32) | ((uint64_t)(ntohl(x)) << 32);
+}
+
+void exit_now(const char *format, ...) __attribute((noreturn));
+
+#define EXP_FUNC
+#define STDCALL
+
+/* Mutex definitions */
+#if defined(CONFIG_SSL_CTX_MUTEXING)
+#define SSL_CTX_MUTEX_TYPE xSemaphoreHandle
+#define SSL_CTX_MUTEX_INIT(A) vSemaphoreCreateBinaryCreateMutex(A)
+#define SSL_CTX_MUTEX_DESTROY(A) vSemaphoreDelete(A)
+#define SSL_CTX_LOCK(A) xSemaphoreTakeRecursive(A, portMAX_DELAY)
+#define SSL_CTX_UNLOCK(A) xSemaphoreGiveRecursive(A)
+#else
+#define SSL_CTX_MUTEX_TYPE
#define SSL_CTX_MUTEX_INIT(A)
#define SSL_CTX_MUTEX_DESTROY(A)
#define SSL_CTX_LOCK(A)
#define SSL_CTX_UNLOCK(A)
+#endif
#ifdef __cplusplus
}
diff --git a/common.mk b/common.mk
index fa8082f..c5467d0 100644
--- a/common.mk
+++ b/common.mk
@@ -53,7 +53,7 @@ OBJCOPY = $(CROSS)objcopy
# Source components to compile and link. Each of these are subdirectories
# of the root, with a 'component.mk' file.
-COMPONENTS ?= FreeRTOS lwip
+COMPONENTS ?= FreeRTOS lwip axtls
# binary esp-iot-rtos SDK libraries to link. These are pre-processed prior to linking.
SDK_LIBS ?= main net80211 phy pp wpa
diff --git a/include/esp8266.h b/include/esp8266.h
index a58a9be..492ed46 100644
--- a/include/esp8266.h
+++ b/include/esp8266.h
@@ -1,5 +1,6 @@
/* esp8266.h
*
+<<<<<<< HEAD
* ESP-specific SoC-level addresses, macros, etc.
* Part of esp-open-rtos
*
@@ -23,7 +24,6 @@
*/
#define IROM __attribute__((section(".irom0"))) const
-
/* Register addresses
ESPTODO: break this out to its own header file and clean it up, add other regs, etc.
diff --git a/include/ssl/ssl_bigint.h b/include/ssl/ssl_bigint.h
deleted file mode 100644
index 99f5415..0000000
--- a/include/ssl/ssl_bigint.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef BIGINT_HEADER
-#define BIGINT_HEADER
-
-#include "ssl/ssl_crypto.h"
-
-BI_CTX *bi_initialize(void);
-void bi_terminate(BI_CTX *ctx);
-void bi_permanent(bigint *bi);
-void bi_depermanent(bigint *bi);
-void bi_clear_cache(BI_CTX *ctx);
-void bi_free(BI_CTX *ctx, bigint *bi);
-bigint *bi_copy(bigint *bi);
-bigint *bi_clone(BI_CTX *ctx, const bigint *bi);
-void bi_export(BI_CTX *ctx, bigint *bi, uint8_t *data, int size);
-bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int len);
-bigint *int_to_bi(BI_CTX *ctx, comp i);
-
-/* the functions that actually do something interesting */
-bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib);
-bigint *bi_subtract(BI_CTX *ctx, bigint *bia,
- bigint *bib, int *is_negative);
-bigint *bi_divide(BI_CTX *ctx, bigint *bia, bigint *bim, int is_mod);
-bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib);
-bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp);
-bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp);
-int bi_compare(bigint *bia, bigint *bib);
-void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset);
-void bi_free_mod(BI_CTX *ctx, int mod_offset);
-
-#ifdef CONFIG_SSL_FULL_MODE
-void bi_print(const char *label, bigint *bi);
-bigint *bi_str_import(BI_CTX *ctx, const char *data);
-#endif
-
-/**
- * @def bi_mod
- * Find the residue of B. bi_set_mod() must be called before hand.
- */
-#define bi_mod(A, B) bi_divide(A, B, ctx->bi_mod[ctx->mod_offset], 1)
-
-/**
- * bi_residue() is technically the same as bi_mod(), but it uses the
- * appropriate reduction technique (which is bi_mod() when doing classical
- * reduction).
- */
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-#define bi_residue(A, B) bi_mont(A, B)
-bigint *bi_mont(BI_CTX *ctx, bigint *bixy);
-#elif defined(CONFIG_BIGINT_BARRETT)
-#define bi_residue(A, B) bi_barrett(A, B)
-bigint *bi_barrett(BI_CTX *ctx, bigint *bi);
-#else /* if defined(CONFIG_BIGINT_CLASSICAL) */
-#define bi_residue(A, B) bi_mod(A, B)
-#endif
-
-#ifdef CONFIG_BIGINT_SQUARE
-bigint *bi_square(BI_CTX *ctx, bigint *bi);
-#else
-#define bi_square(A, B) bi_multiply(A, bi_copy(B), B)
-#endif
-
-#ifdef CONFIG_BIGINT_CRT
-bigint *bi_crt(BI_CTX *ctx, bigint *bi,
- bigint *dP, bigint *dQ,
- bigint *p, bigint *q,
- bigint *qInv);
-#endif
-
-#endif
diff --git a/include/ssl/ssl_bigint_impl.h b/include/ssl/ssl_bigint_impl.h
deleted file mode 100644
index c82fefb..0000000
--- a/include/ssl/ssl_bigint_impl.h
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef BIGINT_IMPL_HEADER
-#define BIGINT_IMPL_HEADER
-
-/* Maintain a number of precomputed variables when doing reduction */
-#define BIGINT_M_OFFSET 0 /**< Normal modulo offset. */
-#ifdef CONFIG_BIGINT_CRT
-#define BIGINT_P_OFFSET 1 /**< p modulo offset. */
-#define BIGINT_Q_OFFSET 2 /**< q module offset. */
-#define BIGINT_NUM_MODS 3 /**< The number of modulus constants used. */
-#else
-#define BIGINT_NUM_MODS 1
-#endif
-
-/* Architecture specific functions for big ints */
-#if defined(CONFIG_INTEGER_8BIT)
-#define COMP_RADIX 256U /**< Max component + 1 */
-#define COMP_MAX 0xFFFFU/**< (Max dbl comp -1) */
-#define COMP_BIT_SIZE 8 /**< Number of bits in a component. */
-#define COMP_BYTE_SIZE 1 /**< Number of bytes in a component. */
-#define COMP_NUM_NIBBLES 2 /**< Used For diagnostics only. */
-typedef uint8_t comp; /**< A single precision component. */
-typedef uint16_t long_comp; /**< A double precision component. */
-typedef int16_t slong_comp; /**< A signed double precision component. */
-#elif defined(CONFIG_INTEGER_16BIT)
-#define COMP_RADIX 65536U /**< Max component + 1 */
-#define COMP_MAX 0xFFFFFFFFU/**< (Max dbl comp -1) */
-#define COMP_BIT_SIZE 16 /**< Number of bits in a component. */
-#define COMP_BYTE_SIZE 2 /**< Number of bytes in a component. */
-#define COMP_NUM_NIBBLES 4 /**< Used For diagnostics only. */
-typedef uint16_t comp; /**< A single precision component. */
-typedef uint32_t long_comp; /**< A double precision component. */
-typedef int32_t slong_comp; /**< A signed double precision component. */
-#else /* regular 32 bit */
-#ifdef WIN32
-#define COMP_RADIX 4294967296i64
-#define COMP_MAX 0xFFFFFFFFFFFFFFFFui64
-#else
-#define COMP_RADIX 4294967296ULL /**< Max component + 1 */
-#define COMP_MAX 0xFFFFFFFFFFFFFFFFULL/**< (Max dbl comp -1) */
-#endif
-#define COMP_BIT_SIZE 32 /**< Number of bits in a component. */
-#define COMP_BYTE_SIZE 4 /**< Number of bytes in a component. */
-#define COMP_NUM_NIBBLES 8 /**< Used For diagnostics only. */
-typedef uint32_t comp; /**< A single precision component. */
-typedef uint64_t long_comp; /**< A double precision component. */
-typedef sint64_t slong_comp; /**< A signed double precision component. */
-#endif
-
-/**
- * @struct _bigint
- * @brief A big integer basic object
- */
-struct _bigint
-{
- struct _bigint* next; /**< The next bigint in the cache. */
- short size; /**< The number of components in this bigint. */
- short max_comps; /**< The heapsize allocated for this bigint */
- int refs; /**< An internal reference count. */
- comp* comps; /**< A ptr to the actual component data */
-};
-
-typedef struct _bigint bigint; /**< An alias for _bigint */
-
-/**
- * Maintains the state of the cache, and a number of variables used in
- * reduction.
- */
-typedef struct /**< A big integer "session" context. */
-{
- bigint *active_list; /**< Bigints currently used. */
- bigint *free_list; /**< Bigints not used. */
- bigint *bi_radix; /**< The radix used. */
- bigint *bi_mod[BIGINT_NUM_MODS]; /**< modulus */
-
-#if defined(CONFIG_BIGINT_MONTGOMERY)
- bigint *bi_RR_mod_m[BIGINT_NUM_MODS]; /**< R^2 mod m */
- bigint *bi_R_mod_m[BIGINT_NUM_MODS]; /**< R mod m */
- comp N0_dash[BIGINT_NUM_MODS];
-#elif defined(CONFIG_BIGINT_BARRETT)
- bigint *bi_mu[BIGINT_NUM_MODS]; /**< Storage for mu */
-#endif
- bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */
- bigint **g; /**< Used by sliding-window. */
- int window; /**< The size of the sliding window */
- int active_count; /**< Number of active bigints. */
- int free_count; /**< Number of free bigints. */
-
-#ifdef CONFIG_BIGINT_MONTGOMERY
- uint8_t use_classical; /**< Use classical reduction. */
-#endif
- uint8_t mod_offset; /**< The mod offset we are using */
-} BI_CTX;
-
-#ifndef WIN32
-#define max(a,b) ((a)>(b)?(a):(b)) /**< Find the maximum of 2 numbers. */
-#define min(a,b) ((a)<(b)?(a):(b)) /**< Find the minimum of 2 numbers. */
-#endif
-
-#define PERMANENT 0x7FFF55AA /**< A magic number for permanents. */
-
-#endif
diff --git a/include/ssl/ssl_crypto.h b/include/ssl/ssl_crypto.h
deleted file mode 100644
index 1ea461a..0000000
--- a/include/ssl/ssl_crypto.h
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @file crypto.h
- */
-
-#ifndef HEADER_CRYPTO_H
-#define HEADER_CRYPTO_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "ssl/ssl_config.h"
-#include "ssl/ssl_bigint_impl.h"
-#include "ssl/ssl_bigint.h"
-
-#ifndef STDCALL
-#define STDCALL
-#endif
-#ifndef EXP_FUNC
-#define EXP_FUNC
-#endif
-
-
-/* enable features based on a 'super-set' capbaility. */
-#if defined(CONFIG_SSL_FULL_MODE)
-#define CONFIG_SSL_ENABLE_CLIENT
-#define CONFIG_SSL_CERT_VERIFICATION
-#elif defined(CONFIG_SSL_ENABLE_CLIENT)
-#define CONFIG_SSL_CERT_VERIFICATION
-#endif
-
-/**************************************************************************
- * AES declarations
- **************************************************************************/
-
-#define AES_MAXROUNDS 14
-#define AES_BLOCKSIZE 16
-#define AES_IV_SIZE 16
-
-typedef struct aes_key_st
-{
- uint16_t rounds;
- uint16_t key_size;
- uint32_t ks[(AES_MAXROUNDS+1)*8];
- uint8_t iv[AES_IV_SIZE];
-} AES_CTX;
-
-typedef enum
-{
- AES_MODE_128,
- AES_MODE_256
-} AES_MODE;
-
-void AES_set_key(AES_CTX *ctx, const uint8_t *key,
- const uint8_t *iv, AES_MODE mode);
-void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg,
- uint8_t *out, int length);
-void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
-void AES_convert_key(AES_CTX *ctx);
-
-/**************************************************************************
- * RC4 declarations
- **************************************************************************/
-
-typedef struct
-{
- uint8_t x, y, m[256];
-} RC4_CTX;
-
-void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
-void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
-
-/**************************************************************************
- * SHA1 declarations
- **************************************************************************/
-
-#define SHA1_SIZE 20
-
-/*
- * This structure will hold context information for the SHA-1
- * hashing operation
- */
-typedef struct
-{
- uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */
- uint32_t Length_Low; /* Message length in bits */
- uint32_t Length_High; /* Message length in bits */
- uint16_t Message_Block_Index; /* Index into message block array */
- uint8_t Message_Block[64]; /* 512-bit message blocks */
-} SHA1_CTX;
-
-void SHA1_Init(SHA1_CTX *);
-void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len);
-void SHA1_Final(uint8_t *digest, SHA1_CTX *);
-
-/**************************************************************************
- * MD2 declarations
- **************************************************************************/
-
-#define MD2_SIZE 16
-
-typedef struct
-{
- unsigned char cksum[16]; /* checksum of the data block */
- unsigned char state[48]; /* intermediate digest state */
- unsigned char buffer[16]; /* data block being processed */
- int left; /* amount of data in buffer */
-} MD2_CTX;
-
-EXP_FUNC void STDCALL MD2_Init(MD2_CTX *ctx);
-EXP_FUNC void STDCALL MD2_Update(MD2_CTX *ctx, const uint8_t *input, int ilen);
-EXP_FUNC void STDCALL MD2_Final(uint8_t *digest, MD2_CTX *ctx);
-
-/**************************************************************************
- * MD5 declarations
- **************************************************************************/
-
-#define MD5_SIZE 16
-
-typedef struct
-{
- uint32_t state[4]; /* state (ABCD) */
- uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */
- uint8_t buffer[64]; /* input buffer */
-} MD5_CTX;
-
-EXP_FUNC void STDCALL MD5_Init(MD5_CTX *);
-EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
-EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
-
-/**************************************************************************
- * HMAC declarations
- **************************************************************************/
-void ssl_hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
- int key_len, uint8_t *digest);// fix hmac_md5 to ssl_hmac_md5, discriminate ieee80211
-void ssl_hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
- int key_len, uint8_t *digest);// fix hmac_md5 to ssl_hmac_sha1, discriminate ieee80211
-
-/**************************************************************************
- * RSA declarations
- **************************************************************************/
-
-typedef struct
-{
- bigint *m; /* modulus */
- bigint *e; /* public exponent */
- bigint *d; /* private exponent */
-#ifdef CONFIG_BIGINT_CRT
- bigint *p; /* p as in m = pq */
- bigint *q; /* q as in m = pq */
- bigint *dP; /* d mod (p-1) */
- bigint *dQ; /* d mod (q-1) */
- bigint *qInv; /* q^-1 mod p */
-#endif
- int num_octets;
- BI_CTX *bi_ctx;
-} RSA_CTX;
-
-void RSA_priv_key_new(RSA_CTX **rsa_ctx,
- const uint8_t *modulus, int mod_len,
- const uint8_t *pub_exp, int pub_len,
- const uint8_t *priv_exp, int priv_len
-#ifdef CONFIG_BIGINT_CRT
- , const uint8_t *p, int p_len,
- const uint8_t *q, int q_len,
- const uint8_t *dP, int dP_len,
- const uint8_t *dQ, int dQ_len,
- const uint8_t *qInv, int qInv_len
-#endif
- );
-void RSA_pub_key_new(RSA_CTX **rsa_ctx,
- const uint8_t *modulus, int mod_len,
- const uint8_t *pub_exp, int pub_len);
-void RSA_free(RSA_CTX *ctx);
-int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
- int is_decryption);
-bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
-#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
-bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
- bigint *modulus, bigint *pub_exp);
-bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
-int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
- uint8_t *out_data, int is_signing);
-void RSA_print(const RSA_CTX *ctx);
-#endif
-
-/**************************************************************************
- * RNG declarations
- **************************************************************************/
-EXP_FUNC void STDCALL RNG_initialize(void);
-EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size);
-EXP_FUNC void STDCALL RNG_terminate(void);
-EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
-void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/ssl/ssl_crypto_misc.h b/include/ssl/ssl_crypto_misc.h
deleted file mode 100644
index 8e1ba53..0000000
--- a/include/ssl/ssl_crypto_misc.h
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/**
- * @file crypto_misc.h
- */
-
-#ifndef HEADER_CRYPTO_MISC_H
-#define HEADER_CRYPTO_MISC_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "ssl/ssl_crypto.h"
-#include "ssl/ssl_bigint.h"
-
-/**************************************************************************
- * X509 declarations
- **************************************************************************/
-#define X509_OK 0
-#define X509_NOT_OK -1
-#define X509_VFY_ERROR_NO_TRUSTED_CERT -2
-#define X509_VFY_ERROR_BAD_SIGNATURE -3
-#define X509_VFY_ERROR_NOT_YET_VALID -4
-#define X509_VFY_ERROR_EXPIRED -5
-#define X509_VFY_ERROR_SELF_SIGNED -6
-#define X509_VFY_ERROR_INVALID_CHAIN -7
-#define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8
-#define X509_INVALID_PRIV_KEY -9
-
-/*
- * The Distinguished Name
- */
-#define X509_NUM_DN_TYPES 3
-#define X509_COMMON_NAME 0
-#define X509_ORGANIZATION 1
-#define X509_ORGANIZATIONAL_UNIT 2
-
-struct _x509_ctx
-{
- char *ca_cert_dn[X509_NUM_DN_TYPES];
- char *cert_dn[X509_NUM_DN_TYPES];
- char **subject_alt_dnsnames;
- time_t not_before;
- time_t not_after;
- uint8_t *signature;
- uint16_t sig_len;
- uint8_t sig_type;
- RSA_CTX *rsa_ctx;
- bigint *digest;
- struct _x509_ctx *next;
-};
-
-typedef struct _x509_ctx X509_CTX;
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-typedef struct
-{
- X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
-} CA_CERT_CTX;
-#endif
-
-int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
-void x509_free(X509_CTX *x509_ctx);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
-#endif
-#ifdef CONFIG_SSL_FULL_MODE
-void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
-const char * x509_display_error(int error);
-#endif
-
-/**************************************************************************
- * ASN1 declarations
- **************************************************************************/
-#define ASN1_INTEGER 0x02
-#define ASN1_BIT_STRING 0x03
-#define ASN1_OCTET_STRING 0x04
-#define ASN1_NULL 0x05
-#define ASN1_PRINTABLE_STR2 0x0C
-#define ASN1_OID 0x06
-#define ASN1_PRINTABLE_STR2 0x0C
-#define ASN1_PRINTABLE_STR 0x13
-#define ASN1_TELETEX_STR 0x14
-#define ASN1_IA5_STR 0x16
-#define ASN1_UTC_TIME 0x17
-#define ASN1_UNICODE_STR 0x1e
-#define ASN1_SEQUENCE 0x30
-#define ASN1_CONTEXT_DNSNAME 0x82
-#define ASN1_SET 0x31
-#define ASN1_V3_DATA 0xa3
-#define ASN1_IMPLICIT_TAG 0x80
-#define ASN1_CONTEXT_DNSNAME 0x82
-#define ASN1_EXPLICIT_TAG 0xa0
-#define ASN1_V3_DATA 0xa3
-
-#define SIG_TYPE_MD2 0x02
-#define SIG_TYPE_MD5 0x04
-#define SIG_TYPE_SHA1 0x05
-
-int get_asn1_length(const uint8_t *buf, int *offset);
-int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
-int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
-int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
-int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
-int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
-int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
-int asn1_name(const uint8_t *cert, int *offset, char *dn[]);
-int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
-int asn1_find_subjectaltname(const uint8_t* cert, int offset);
-int asn1_compare_dn(char * const dn1[], char * const dn2[]);
-#endif /* CONFIG_SSL_CERT_VERIFICATION */
-int asn1_signature_type(const uint8_t *cert,
- int *offset, X509_CTX *x509_ctx);
-
-/**************************************************************************
- * MISC declarations
- **************************************************************************/
-#define SALT_SIZE 8
-
-extern const char * const unsupported_str;
-
-typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
-typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key,
- int key_len, uint8_t *digest);
-
-int get_file(const char *filename, uint8_t **buf);
-
-#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
-EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
-#else
- #define print_blob(...)
-#endif
-
-EXP_FUNC int STDCALL base64_decode(const char *in, int len,
- uint8_t *out, int *outlen);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/ssl/ssl_ssl.h b/include/ssl/ssl_ssl.h
deleted file mode 100644
index 4564533..0000000
--- a/include/ssl/ssl_ssl.h
+++ /dev/null
@@ -1,500 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @mainpage axTLS API
- *
- * @image html axolotl.jpg
- *
- * The axTLS library has features such as:
- * - The TLSv1 SSL client/server protocol
- * - No requirement to use any openssl libraries.
- * - A choice between AES block (128/256 bit) and RC4 (128 bit) stream ciphers.
- * - RSA encryption/decryption with variable sized keys (up to 4096 bits).
- * - Certificate chaining and peer authentication.
- * - Session resumption, session renegotiation.
- * - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding.
- * - Highly configurable compile time options.
- * - Portable across many platforms (written in ANSI C), and has language
- * bindings in C, C#, VB.NET, Java, Perl and Lua.
- * - Partial openssl API compatibility (via a wrapper).
- * - A very small footprint (around 50-60kB for the library in 'server-only'
- * mode).
- * - No dependencies on sockets - can use serial connections for example.
- * - A very simple API - ~ 20 functions/methods.
- *
- * A list of these functions/methods are described below.
- *
- * @ref c_api
- *
- * @ref bigint_api
- *
- * @ref csharp_api
- *
- * @ref java_api
- */
-#ifndef HEADER_SSL_H
-#define HEADER_SSL_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-//#include <time.h>
-typedef long time_t;
-
-/* need to predefine before ssl_lib.h gets to it */
-#define SSL_SESSION_ID_SIZE 32
-
-#include "ssl/ssl_tls1.h"
-
-/* The optional parameters that can be given to the client/server SSL engine */
-#define SSL_CLIENT_AUTHENTICATION 0x00010000
-#define SSL_SERVER_VERIFY_LATER 0x00020000
-#define SSL_NO_DEFAULT_KEY 0x00040000
-#define SSL_DISPLAY_STATES 0x00080000
-#define SSL_DISPLAY_BYTES 0x00100000
-#define SSL_DISPLAY_CERTS 0x00200000
-#define SSL_DISPLAY_RSA 0x00400000
-#define SSL_CONNECT_IN_PARTS 0x00800000
-
-/* errors that can be generated */
-#define SSL_OK 0
-#define SSL_NOT_OK -1
-#define SSL_ERROR_DEAD -2
-#define SSL_CLOSE_NOTIFY -3
-#define SSL_ERROR_CONN_LOST -256
-#define SSL_ERROR_SOCK_SETUP_FAILURE -258
-#define SSL_ERROR_INVALID_HANDSHAKE -260
-#define SSL_ERROR_INVALID_PROT_MSG -261
-#define SSL_ERROR_INVALID_HMAC -262
-#define SSL_ERROR_INVALID_VERSION -263
-#define SSL_ERROR_INVALID_SESSION -265
-#define SSL_ERROR_NO_CIPHER -266
-#define SSL_ERROR_BAD_CERTIFICATE -268
-#define SSL_ERROR_INVALID_KEY -269
-#define SSL_ERROR_FINISHED_INVALID -271
-#define SSL_ERROR_NO_CERT_DEFINED -272
-#define SSL_ERROR_NO_CLIENT_RENOG -273
-#define SSL_ERROR_NOT_SUPPORTED -274
-#define SSL_X509_OFFSET -512
-#define SSL_X509_ERROR(A) (SSL_X509_OFFSET+A)
-
-/* alert types that are recognized */
-#define SSL_ALERT_TYPE_WARNING 1
-#define SLL_ALERT_TYPE_FATAL 2
-
-/* these are all the alerts that are recognized */
-#define SSL_ALERT_CLOSE_NOTIFY 0
-#define SSL_ALERT_UNEXPECTED_MESSAGE 10
-#define SSL_ALERT_BAD_RECORD_MAC 20
-#define SSL_ALERT_HANDSHAKE_FAILURE 40
-#define SSL_ALERT_BAD_CERTIFICATE 42
-#define SSL_ALERT_ILLEGAL_PARAMETER 47
-#define SSL_ALERT_DECODE_ERROR 50
-#define SSL_ALERT_DECRYPT_ERROR 51
-#define SSL_ALERT_INVALID_VERSION 70
-#define SSL_ALERT_NO_RENEGOTIATION 100
-
-/* The ciphers that are supported */
-#define SSL_AES128_SHA 0x2f
-#define SSL_AES256_SHA 0x35
-#define SSL_RC4_128_SHA 0x05
-#define SSL_RC4_128_MD5 0x04
-
-/* build mode ids' */
-#define SSL_BUILD_SKELETON_MODE 0x01
-#define SSL_BUILD_SERVER_ONLY 0x02
-#define SSL_BUILD_ENABLE_VERIFICATION 0x03
-#define SSL_BUILD_ENABLE_CLIENT 0x04
-#define SSL_BUILD_FULL_MODE 0x05
-
-/* offsets to retrieve configuration information */
-#define SSL_BUILD_MODE 0
-#define SSL_MAX_CERT_CFG_OFFSET 1
-#define SSL_MAX_CA_CERT_CFG_OFFSET 2
-#define SSL_HAS_PEM 3
-
-/* default session sizes */
-#define SSL_DEFAULT_SVR_SESS 1 //modify 5->1 by lhan
-#define SSL_DEFAULT_CLNT_SESS 1
-
-/* X.509/X.520 distinguished name types */
-#define SSL_X509_CERT_COMMON_NAME 0
-#define SSL_X509_CERT_ORGANIZATION 1
-#define SSL_X509_CERT_ORGANIZATIONAL_NAME 2
-#define SSL_X509_CA_CERT_COMMON_NAME 3
-#define SSL_X509_CA_CERT_ORGANIZATION 4
-#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME 5
-
-/* SSL object loader types */
-#define SSL_OBJ_X509_CERT 1
-#define SSL_OBJ_X509_CACERT 2
-#define SSL_OBJ_RSA_KEY 3
-#define SSL_OBJ_PKCS8 4
-#define SSL_OBJ_PKCS12 5
-
-/**
- * @defgroup c_api Standard C API
- * @brief The standard interface in C.
- * @{
- */
-
-/**
- * @brief Establish a new client/server context.
- *
- * This function is called before any client/server SSL connections are made.
- *
- * Each new connection will use the this context's private key and
- * certificate chain. If a different certificate chain is required, then a
- * different context needs to be be used.
- *
- * There are two threading models supported - a single thread with one
- * SSL_CTX can support any number of SSL connections - and multiple threads can
- * support one SSL_CTX object each (the default). But if a single SSL_CTX
- * object uses many SSL objects in individual threads, then the
- * CONFIG_SSL_CTX_MUTEXING option needs to be configured.
- *
- * @param options [in] Any particular options. At present the options
- * supported are:
- * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server
- * authentication fails. The certificate can be authenticated later with a
- * call to ssl_verify_cert().
- * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
- * i.e. each handshake will include a "certificate request" message from the
- * server. Only available if verification has been enabled.
- * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
- * during the handshake.
- * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
- * during the handshake.
- * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that
- * are passed during a handshake.
- * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that
- * are passed during a handshake.
- * - SSL_CONNECT_IN_PARTS (client only): To use a non-blocking version of
- * ssl_client_new().
- * @param num_sessions [in] The number of sessions to be used for session
- * caching. If this value is 0, then there is no session caching. This option
- * is not used in skeleton mode.
- * @return A client/server context.
- */
-EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
-
-/**
- * @brief Remove a client/server context.
- *
- * Frees any used resources used by this context. Each connection will be
- * sent a "Close Notify" alert (if possible).
- * @param ssl_ctx [in] The client/server context.
- */
-EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
-
-/**
- * @brief (server only) Establish a new SSL connection to an SSL client.
- *
- * It is up to the application to establish the logical connection (whether it
- * is a socket, serial connection etc).
- * @param ssl_ctx [in] The server context.
- * @param client_fd [in] The client's file descriptor.
- * @return An SSL object reference.
- */
-EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
-
-/**
- * @brief (client only) Establish a new SSL connection to an SSL server.
- *
- * It is up to the application to establish the initial logical connection
- * (whether it is a socket, serial connection etc).
- *
- * This is a normally a blocking call - it will finish when the handshake is
- * complete (or has failed). To use in non-blocking mode, set
- * SSL_CONNECT_IN_PARTS in ssl_ctx_new().
- * @param ssl_ctx [in] The client context.
- * @param client_fd [in] The client's file descriptor.
- * @param session_id [in] A 32 byte session id for session resumption. This
- * can be null if no session resumption is being used or required. This option
- * is not used in skeleton mode.
- * @param sess_id_size The size of the session id (max 32)
- * @return An SSL object reference. Use ssl_handshake_status() to check
- * if a handshake succeeded.
- */
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size);
-
-/**
- * @brief Free any used resources on this connection.
-
- * A "Close Notify" message is sent on this connection (if possible). It is up
- * to the application to close the socket or file descriptor.
- * @param ssl [in] The ssl object reference.
- */
-EXP_FUNC void STDCALL ssl_free(SSL *ssl);
-
-/**
- * @brief Read the SSL data stream.
- * If the socket is non-blocking and data is blocked then SSO_OK will be
- * returned.
- * @param ssl [in] An SSL object reference.
- * @param in_data [out] If the read was successful, a pointer to the read
- * buffer will be here. Do NOT ever free this memory as this buffer is used in
- * sucessive calls. If the call was unsuccessful, this value will be null.
- * @return The number of decrypted bytes:
- * - if > 0, then the handshaking is complete and we are returning the number
- * of decrypted bytes.
- * - SSL_OK if the handshaking stage is successful (but not yet complete).
- * - < 0 if an error.
- * @see ssl.h for the error code list.
- * @note Use in_data before doing any successive ssl calls.
- */
-EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data);
-
-/**
- * @brief Write to the SSL data stream.
- * if the socket is non-blocking and data is blocked then a check is made
- * to ensure that all data is sent (i.e. blocked mode is forced).
- * @param ssl [in] An SSL obect reference.
- * @param out_data [in] The data to be written
- * @param out_len [in] The number of bytes to be written.
- * @return The number of bytes sent, or if < 0 if an error.
- * @see ssl.h for the error code list.
- */
-EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
-
-/**
- * @brief Find an ssl object based on a file descriptor.
- *
- * Goes through the list of SSL objects maintained in a client/server context
- * to look for a file descriptor match.
- * @param ssl_ctx [in] The client/server context.
- * @param client_fd [in] The file descriptor.
- * @return A reference to the SSL object. Returns null if the object could not
- * be found.
- */
-EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
-
-/**
- * @brief Get the session id for a handshake.
- *
- * This will be a 32 byte sequence and is available after the first
- * handshaking messages are sent.
- * @param ssl [in] An SSL object reference.
- * @return The session id as a 32 byte sequence.
- * @note A SSLv23 handshake may have only 16 valid bytes.
- */
-EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
-
-/**
- * @brief Get the session id size for a handshake.
- *
- * This will normally be 32 but could be 0 (no session id) or something else.
- * @param ssl [in] An SSL object reference.
- * @return The size of the session id.
- */
-EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
-
-/**
- * @brief Return the cipher id (in the SSL form).
- * @param ssl [in] An SSL object reference.
- * @return The cipher id. This will be one of the following:
- * - SSL_AES128_SHA (0x2f)
- * - SSL_AES256_SHA (0x35)
- * - SSL_RC4_128_SHA (0x05)
- * - SSL_RC4_128_MD5 (0x04)
- */
-EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
-
-/**
- * @brief Return the status of the handshake.
- * @param ssl [in] An SSL object reference.
- * @return SSL_OK if the handshake is complete and ok.
- * @see ssl.h for the error code list.
- */
-EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
-
-/**
- * @brief Retrieve various parameters about the axTLS engine.
- * @param offset [in] The configuration offset. It will be one of the following:
- * - SSL_BUILD_MODE The build mode. This will be one of the following:
- * - SSL_BUILD_SERVER_ONLY (basic server mode)
- * - SSL_BUILD_ENABLE_VERIFICATION (server can do client authentication)
- * - SSL_BUILD_ENABLE_CLIENT (client/server capabilties)
- * - SSL_BUILD_FULL_MODE (client/server with diagnostics)
- * - SSL_BUILD_SKELETON_MODE (skeleton mode)
- * - SSL_MAX_CERT_CFG_OFFSET The maximum number of certificates allowed.
- * - SSL_MAX_CA_CERT_CFG_OFFSET The maximum number of CA certificates allowed.
- * - SSL_HAS_PEM 1 if supported
- * @return The value of the requested parameter.
- */
-EXP_FUNC int STDCALL ssl_get_config(int offset);
-
-/**
- * @brief Display why the handshake failed.
- *
- * This call is only useful in a 'full mode' build. The output is to stdout.
- * @param error_code [in] An error code.
- * @see ssl.h for the error code list.
- */
-//EXP_FUNC void STDCALL ssl_display_error(int error_code);
-
-/**
- * @brief Authenticate a received certificate.
- *
- * This call is usually made by a client after a handshake is complete and the
- * context is in SSL_SERVER_VERIFY_LATER mode.
- * @param ssl [in] An SSL object reference.
- * @return SSL_OK if the certificate is verified.
- */
-EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
-
-/**
- * @brief Retrieve an X.509 distinguished name component.
- *
- * When a handshake is complete and a certificate has been exchanged, then the
- * details of the remote certificate can be retrieved.
- *
- * This will usually be used by a client to check that the server's common
- * name matches the URL.
- *
- * @param ssl [in] An SSL object reference.
- * @param component [in] one of:
- * - SSL_X509_CERT_COMMON_NAME
- * - SSL_X509_CERT_ORGANIZATION
- * - SSL_X509_CERT_ORGANIZATIONAL_NAME
- * - SSL_X509_CA_CERT_COMMON_NAME
- * - SSL_X509_CA_CERT_ORGANIZATION
- * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
- * @return The appropriate string (or null if not defined)
- * @note Verification build mode must be enabled.
- */
-EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
-
-/**
- * @brief Retrieve a Subject Alternative DNSName
- *
- * When a handshake is complete and a certificate has been exchanged, then the
- * details of the remote certificate can be retrieved.
- *
- * This will usually be used by a client to check that the server's DNS
- * name matches the URL.
- *
- * @param ssl [in] An SSL object reference.
- * @param dnsindex [in] The index of the DNS name to retrieve.
- * @return The appropriate string (or null if not defined)
- * @note Verification build mode must be enabled.
- */
-EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int dnsindex);
-
-/**
- * @brief Force the client to perform its handshake again.
- *
- * For a client this involves sending another "client hello" message.
- * For the server is means sending a "hello request" message.
- *
- * This is a blocking call on the client (until the handshake completes).
- *
- * @param ssl [in] An SSL object reference.
- * @return SSL_OK if renegotiation instantiation was ok
- */
-EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
-
-/**
- * @brief Process a file that is in binary DER or ASCII PEM format.
- *
- * These are temporary objects that are used to load private keys,
- * certificates etc into memory.
- * @param ssl_ctx [in] The client/server context.
- * @param obj_type [in] The format of the file. Can be one of:
- * - SSL_OBJ_X509_CERT (no password required)
- * - SSL_OBJ_X509_CACERT (no password required)
- * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
- * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported)
- * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported)
- *
- * PEM files are automatically detected (if supported). The object type is
- * also detected, and so is not relevant for these types of files.
- * @param filename [in] The location of a file in DER/PEM format.
- * @param password [in] The password used. Can be null if not required.
- * @return SSL_OK if all ok
- * @note Not available in skeleton build mode.
- */
-EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password);
-
-/**
- * @brief Process binary data.
- *
- * These are temporary objects that are used to load private keys,
- * certificates etc into memory.
- * @param ssl_ctx [in] The client/server context.
- * @param obj_type [in] The format of the memory data.
- * @param data [in] The binary data to be loaded.
- * @param len [in] The amount of data to be loaded.
- * @param password [in] The password used. Can be null if not required.
- * @return SSL_OK if all ok
- * @see ssl_obj_load for more details on obj_type.
- */
-EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
-
-#ifdef CONFIG_SSL_GENERATE_X509_CERT
-/**
- * @brief Create an X.509 certificate.
- *
- * This certificate is a self-signed v1 cert with a fixed start/stop validity
- * times. It is signed with an internal private key in ssl_ctx.
- *
- * @param ssl_ctx [in] The client/server context.
- * @param options [in] Not used yet.
- * @param dn [in] An array of distinguished name strings. The array is defined
- * by:
- * - SSL_X509_CERT_COMMON_NAME (0)
- * - If SSL_X509_CERT_COMMON_NAME is empty or not defined, then the
- * hostname will be used.
- * - SSL_X509_CERT_ORGANIZATION (1)
- * - If SSL_X509_CERT_ORGANIZATION is empty or not defined, then $USERNAME
- * will be used.
- * - SSL_X509_CERT_ORGANIZATIONAL_NAME (2)
- * - SSL_X509_CERT_ORGANIZATIONAL_NAME is optional.
- * @param cert_data [out] The certificate as a sequence of bytes.
- * @return < 0 if an error, or the size of the certificate in bytes.
- * @note cert_data must be freed when there is no more need for it.
- */
-EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data);
-#endif
-
-/**
- * @brief Return the axTLS library version as a string.
- */
-EXP_FUNC const char * STDCALL ssl_version(void);
-
-/** @} */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/ssl/ssl_tls1.h b/include/ssl/ssl_tls1.h
deleted file mode 100644
index 5597856..0000000
--- a/include/ssl/ssl_tls1.h
+++ /dev/null
@@ -1,298 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @file tls1.h
- *
- * @brief The definitions for the TLS library.
- */
-#ifndef HEADER_SSL_LIB_H
-#define HEADER_SSL_LIB_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "c_types.h"
-#include "ssl/ssl_version.h"
-#include "ssl/ssl_config.h"
-
-#include "ssl/ssl_crypto.h"
-#include "ssl/ssl_crypto_misc.h"
-
-#define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */
-#define SSL_PROTOCOL_MINOR_VERSION 0x02 /* TLS v1.1 */
-#define SSL_PROTOCOL_VERSION_MAX 0x32 /* TLS v1.1 */
-#define SSL_PROTOCOL_VERSION1_1 0x32 /* TLS v1.1 */
-#define SSL_RANDOM_SIZE 32
-#define SSL_SECRET_SIZE 48
-#define SSL_FINISHED_HASH_SIZE 12
-#define SSL_RECORD_SIZE 5
-#define SSL_SERVER_READ 0
-#define SSL_SERVER_WRITE 1
-#define SSL_CLIENT_READ 2
-#define SSL_CLIENT_WRITE 3
-#define SSL_HS_HDR_SIZE 4
-
-/* the flags we use while establishing a connection */
-#define SSL_NEED_RECORD 0x0001
-#define SSL_TX_ENCRYPTED 0x0002
-#define SSL_RX_ENCRYPTED 0x0004
-#define SSL_SESSION_RESUME 0x0008
-#define SSL_IS_CLIENT 0x0010
-#define SSL_HAS_CERT_REQ 0x0020
-#define SSL_SENT_CLOSE_NOTIFY 0x0040
-
-/* some macros to muck around with flag bits */
-#define SET_SSL_FLAG(A) (ssl->flag |= A)
-#define CLR_SSL_FLAG(A) (ssl->flag &= ~A)
-#define IS_SET_SSL_FLAG(A) (ssl->flag & A)
-
-#define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */
-#define RT_MAX_PLAIN_LENGTH 1024
-#define RT_EXTRA 1024
-#define BM_RECORD_OFFSET 5
-
-#ifdef CONFIG_SSL_SKELETON_MODE
-#define NUM_PROTOCOLS 1
-#else
-#define NUM_PROTOCOLS 4
-#endif
-
-#define PARANOIA_CHECK(A, B) if (A < B) { \
- ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
-
-/* protocol types */
-enum
-{
- PT_CHANGE_CIPHER_SPEC = 20,
- PT_ALERT_PROTOCOL,
- PT_HANDSHAKE_PROTOCOL,
- PT_APP_PROTOCOL_DATA
-};
-
-/* handshaking types */
-enum
-{
- HS_HELLO_REQUEST,
- HS_CLIENT_HELLO,
- HS_SERVER_HELLO,
- HS_CERTIFICATE = 11,
- HS_SERVER_KEY_XCHG,
- HS_CERT_REQ,
- HS_SERVER_HELLO_DONE,
- HS_CERT_VERIFY,
- HS_CLIENT_KEY_XCHG,
- HS_FINISHED = 20
-};
-
-typedef struct
-{
- uint8_t cipher;
- uint8_t key_size;
- uint8_t iv_size;
- uint8_t key_block_size;
- uint8_t padding_size;
- uint8_t digest_size;
- hmac_func hmac;
- crypt_func encrypt;
- crypt_func decrypt;
-} cipher_info_t;
-
-struct _SSLObjLoader
-{
- uint8_t *buf;
- int len;
-};
-
-typedef struct _SSLObjLoader SSLObjLoader;
-
-typedef struct
-{
- time_t conn_time;
- uint8_t session_id[SSL_SESSION_ID_SIZE];
- uint8_t master_secret[SSL_SECRET_SIZE];
-} SSL_SESSION;
-
-typedef struct
-{
- uint8_t *buf;
- int size;
-} SSL_CERT;
-
-typedef struct
-{
- MD5_CTX md5_ctx;
- SHA1_CTX sha1_ctx;
- uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
- uint8_t *key_block;
- uint8_t master_secret[SSL_SECRET_SIZE];
- uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
- uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
- uint16_t bm_proc_index;
-} DISPOSABLE_CTX;
-
-struct _SSL
-{
- uint32_t flag;
- uint16_t need_bytes;
- uint16_t got_bytes;
- uint8_t record_type;
- uint8_t cipher;
- uint8_t sess_id_size;
- uint8_t version;
- uint8_t client_version;
- sint16_t next_state;
- sint16_t hs_status;
- DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */
- int client_fd;
- const cipher_info_t *cipher_info;
- void *encrypt_ctx;
- void *decrypt_ctx;
- uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
- uint8_t *bm_data;
- uint16_t bm_index;
- uint16_t bm_read_index;
- struct _SSL *next; /* doubly linked list */
- struct _SSL *prev;
- struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */
-#ifndef CONFIG_SSL_SKELETON_MODE
- uint16_t session_index;
- SSL_SESSION *session;
-#endif
-#ifdef CONFIG_SSL_CERT_VERIFICATION
- X509_CTX *x509_ctx;
-#endif
-
- uint8_t session_id[SSL_SESSION_ID_SIZE];
- uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */
- uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */
- uint8_t read_sequence[8]; /* 64 bit sequence number */
- uint8_t write_sequence[8]; /* 64 bit sequence number */
- uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */
-};
-
-typedef struct _SSL SSL;
-
-struct _SSL_CTX
-{
- uint32_t options;
- uint8_t chain_length;
- RSA_CTX *rsa_ctx;
-#ifdef CONFIG_SSL_CERT_VERIFICATION
- CA_CERT_CTX *ca_cert_ctx;
-#endif
- SSL *head;
- SSL *tail;
- SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
-#ifndef CONFIG_SSL_SKELETON_MODE
- uint16_t num_sessions;
- SSL_SESSION **ssl_sessions;
-#endif
-#ifdef CONFIG_SSL_CTX_MUTEXING
- SSL_CTX_MUTEX_TYPE mutex;
-#endif
-#ifdef CONFIG_OPENSSL_COMPATIBLE
- void *bonus_attr;
-#endif
-};
-
-typedef struct _SSL_CTX SSL_CTX;
-
-/* backwards compatibility */
-typedef struct _SSL_CTX SSLCTX;
-
-extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
-
-SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
-void disposable_new(SSL *ssl);
-void disposable_free(SSL *ssl);
-int send_packet(SSL *ssl, uint8_t protocol,
- const uint8_t *in, int length);
-int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
-int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
-int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
-int process_sslv23_client_hello(SSL *ssl);
-int send_alert(SSL *ssl, int error_code);
-int send_finished(SSL *ssl);
-int send_certificate(SSL *ssl);
-int basic_read(SSL *ssl, uint8_t **in_data);
-int send_change_cipher_spec(SSL *ssl);
-void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
-void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
-void add_packet(SSL *ssl, const uint8_t *pkt, int len);
-int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
-int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
-void ssl_obj_free(SSLObjLoader *ssl_obj);
-int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
-int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
-int load_key_certs(SSL_CTX *ssl_ctx);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
-void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
-#endif
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-int do_client_connect(SSL *ssl);
-#endif
-
-#ifdef CONFIG_SSL_FULL_MODE
-//void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
-//void DISPLAY_BYTES(SSL *ssl, const char *format,
-// const uint8_t *data, int size, ...);
-//void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
-//void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx);
-//void DISPLAY_ALERT(SSL *ssl, int alert);
-#else
-#define DISPLAY_STATE(A,B,C,D)
-#define DISPLAY_CERT(A,B)
-#define DISPLAY_RSA(A,B)
-#define DISPLAY_ALERT(A, B)
-#ifdef WIN32
-void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
- const uint8_t *data, int size, ...);
-#else
-#define DISPLAY_BYTES(A,B,C,D,...)
-#endif
-#endif
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
-#endif
-
-SSL_SESSION *ssl_session_update(int max_sessions,
- SSL_SESSION *ssl_sessions[], SSL *ssl,
- const uint8_t *session_id);
-void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/ssl/ssl_version.h b/include/ssl/ssl_version.h
deleted file mode 100644
index e8158cc..0000000
--- a/include/ssl/ssl_version.h
+++ /dev/null
@@ -1 +0,0 @@
-#define AXTLS_VERSION "1.4.9"
diff --git a/lib/libssl.a b/lib/libssl.a
deleted file mode 100644
index 77d9dfa..0000000
Binary files a/lib/libssl.a and /dev/null differ
diff --git a/lib/symbols_norename.txt b/lib/symbols_norename.txt
index 8d762b4..766c191 100644
--- a/lib/symbols_norename.txt
+++ b/lib/symbols_norename.txt
@@ -3,4 +3,6 @@
puts
printf
putchar
+rand
+srand
atoi
diff --git a/lwip/component.mk b/lwip/component.mk
index 7f737a6..92e8a36 100644
--- a/lwip/component.mk
+++ b/lwip/component.mk
@@ -1,7 +1,7 @@
# Component makefile for LWIP
LWIP_DIR = $(ROOT)lwip/lwip/src/
-INC_DIRS += $(LWIP_DIR)/include $(ROOT)/lwip/include $(ROOT)lwip/include $(LWIP_DIR)include/ipv4 $(LWIP_DIR)include/ipv4/lwip
+INC_DIRS += $(LWIP_DIR)include $(ROOT)lwip/include $(ROOT)lwip/include $(LWIP_DIR)include/ipv4 $(LWIP_DIR)include/ipv4/lwip $(LWIP_DIR)include/lwip
# args for passing into compile rule generation
lwip_ROOT = $(ROOT)/lwip
diff --git a/lwip/include/arch/cc.h b/lwip/include/arch/cc.h
index fe10d25..acd5f3d 100644
--- a/lwip/include/arch/cc.h
+++ b/lwip/include/arch/cc.h
@@ -47,6 +47,8 @@
#include <stdio.h> /* printf, fflush, FILE */
#include <stdlib.h> /* abort */
#include <stdint.h>
+#include <sys/time.h>
+#include <sys/errno.h>
#define BYTE_ORDER LITTLE_ENDIAN
@@ -59,8 +61,6 @@
#pragma warning (disable: 4103) /* structure packing changed by including file */
#endif
-#define LWIP_PROVIDE_ERRNO
-
/* Define generic types used in lwIP */
typedef uint8_t u8_t;
typedef int8_t s8_t;
@@ -86,6 +86,7 @@ typedef int sys_prot_t;
#define PACK_STRUCT_STRUCT __attribute__( (packed) )
/* Plaform specific diagnostic output */
+#ifdef LWIP_DEBUG
#define LWIP_PLATFORM_DIAG(x) do { printf x; } while(0)
#define LWIP_PLATFORM_ASSERT(x) do { printf("Assertion \"%s\" failed at line %d in %s\n", \
@@ -94,6 +95,11 @@ typedef int sys_prot_t;
#define LWIP_ERROR(message, expression, handler) do { if (!(expression)) { \
printf("Assertion \"%s\" failed at line %d in %s\n", message, __LINE__, __FILE__); \
handler;} } while(0)
+#else
+#define LWIP_PLATFORM_DIAG(x)
+#define LWIP_PLATFORM_ASSERT(x)
+#define LWIP_ERROR(m,e,h)
+#endif
#define LWIP_PLATFORM_BYTESWAP 1
diff --git a/lwip/include/lwipopts.h b/lwip/include/lwipopts.h
index e4b3955..0cdd8d9 100644
--- a/lwip/include/lwipopts.h
+++ b/lwip/include/lwipopts.h
@@ -1,439 +1,440 @@
-/*
- * Copyright (c) 2001-2003 Swedish Institute of Computer Science.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without modification,
- * are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
- * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
- * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
- * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
- * OF SUCH DAMAGE.
- *
- * This file is part of the lwIP TCP/IP stack.
- *
- * Author: Simon Goldschmidt
- *
- */
-#ifndef __LWIPOPTS_H__
-#define __LWIPOPTS_H__
-
-#define LWIP_ESP 1
-#define ESP_RTOS 1
-#define PBUF_RSV_FOR_WLAN 1
-#define EBUF_LWIP 1
-#define ESP_TIMEWAIT_THRESHOLD 10000
-
-// Uncomment this line, and set the debug options you want below, for IP stack debug output
-//#define LWIP_DEBUG
-
-/*
- -----------------------------------------------
- ---------- Platform specific locking ----------
- -----------------------------------------------
-*/
-/**
- * SYS_LIGHTWEIGHT_PROT==1: if you want inter-task protection for certain
- * critical regions during buffer allocation, deallocation and memory
- * allocation and deallocation.
- */
-#define SYS_LIGHTWEIGHT_PROT 1
-
-/**
- * MEMCPY: override this if you have a faster implementation at hand than the
- * one included in your C library
- */
-#define MEMCPY(dst,src,len) memcpy(dst,src,len)
-
-/**
- * SMEMCPY: override this with care! Some compilers (e.g. gcc) can inline a
- * call to memcpy() if the length is known at compile time and is small.
- */
-#define SMEMCPY(dst,src,len) memcpy(dst,src,len)
-
-/*
- ------------------------------------
- ---------- Memory options ----------
- ------------------------------------
-*/
-/**
- * MEM_LIBC_MALLOC==1: Use malloc/free/realloc provided by your C-library
- * instead of the lwip internal allocator. Can save code size if you
- * already use it.
- */
-#define MEM_LIBC_MALLOC 1
-
-/**
-* MEMP_MEM_MALLOC==1: Use mem_malloc/mem_free instead of the lwip pool allocator.
-* Especially useful with MEM_LIBC_MALLOC but handle with care regarding execution
-* speed and usage from interrupts!
-*/
-#define MEMP_MEM_MALLOC 1
-
-/**
- * MEM_ALIGNMENT: should be set to the alignment of the CPU
- * 4 byte alignment -> #define MEM_ALIGNMENT 4
- * 2 byte alignment -> #define MEM_ALIGNMENT 2
- */
-#define MEM_ALIGNMENT 4
-
-/*
- ------------------------------------------------
- ---------- Internal Memory Pool Sizes ----------
- ------------------------------------------------
-*/
-
-/*
- --------------------------------
- ---------- ARP options -------
- --------------------------------
-*/
-/**
- * ARP_QUEUEING==1: Multiple outgoing packets are queued during hardware address
- * resolution. By default, only the most recent packet is queued per IP address.
- * This is sufficient for most protocols and mainly reduces TCP connection
- * startup time. Set this to 1 if you know your application sends more than one
- * packet in a row to an IP address that is not in the ARP cache.
- */
-#define ARP_QUEUEING 1
-
-/*
- --------------------------------
- ---------- IP options ----------
- --------------------------------
-*/
-/**
- * IP_REASSEMBLY==1: Reassemble incoming fragmented IP packets. Note that
- * this option does not affect outgoing packet sizes, which can be controlled
- * via IP_FRAG.
- */
-#define IP_REASSEMBLY 0
-
-/**
- * IP_FRAG==1: Fragment outgoing IP packets if their size exceeds MTU. Note
- * that this option does not affect incoming packet sizes, which can be
- * controlled via IP_REASSEMBLY.
- */
-#define IP_FRAG 1
-
-/**
- * IP_REASS_MAXAGE: Maximum time (in multiples of IP_TMR_INTERVAL - so seconds, normally)
- * a fragmented IP packet waits for all fragments to arrive. If not all fragments arrived
- * in this time, the whole packet is discarded.
- */
-#define IP_REASS_MAXAGE 3
-
-/**
- * IP_REASS_MAX_PBUFS: Total maximum amount of pbufs waiting to be reassembled.
- * Since the received pbufs are enqueued, be sure to configure
- * PBUF_POOL_SIZE > IP_REASS_MAX_PBUFS so that the stack is still able to receive
- * packets even if the maximum amount of fragments is enqueued for reassembly!
- */
-#define IP_REASS_MAX_PBUFS 10
-
-/*
- ----------------------------------
- ---------- ICMP options ----------
- ----------------------------------
-*/
-
-/*
- ---------------------------------
- ---------- RAW options ----------
- ---------------------------------
-*/
-
-/*
- ----------------------------------
- ---------- DHCP options ----------
- ----------------------------------
-*/
-/**
- * LWIP_DHCP==1: Enable DHCP module.
- */
-#define LWIP_DHCP 1
-
-#define LWIP_DHCP_BOOTP_FILE 0
-
-/*
- ------------------------------------
- ---------- AUTOIP options ----------
- ------------------------------------
-*/
-/*
- ----------------------------------
- ---------- SNMP options ----------
- ----------------------------------
-*/
-/*
- ----------------------------------
- ---------- IGMP options ----------
- ----------------------------------
-*/
-/*
- ----------------------------------
- ---------- DNS options -----------
- ----------------------------------
-*/
-/**
- * LWIP_DNS==1: Turn on DNS module. UDP must be available for DNS
- * transport.
- */
-#define LWIP_DNS 1
-
-/*
- ---------------------------------
- ---------- UDP options ----------
- ---------------------------------
-*/
-/*
- ---------------------------------
- ---------- TCP options ----------
- ---------------------------------
-*/
-/**
- * TCP_QUEUE_OOSEQ==1: TCP will queue segments that arrive out of order.
- * Define to 0 if your device is low on memory.
- */
-#define TCP_QUEUE_OOSEQ 0
-
-/*
- * LWIP_EVENT_API==1: The user defines lwip_tcp_event() to receive all
- * events (accept, sent, etc) that happen in the system.
- * LWIP_CALLBACK_API==1: The PCB callback function is called directly
- * for the event. This is the default.
-*/
-#define TCP_MSS 1460
-
-/**
- * TCP_MAXRTX: Maximum number of retransmissions of data segments.
- */
-#define TCP_MAXRTX 6
-
-
-/**
- * TCP_SYNMAXRTX: Maximum number of retransmissions of SYN segments.
- */
-#define TCP_SYNMAXRTX 3
-
-/*
- ----------------------------------
- ---------- Pbuf options ----------
- ----------------------------------
-*/
-
-/*
- ------------------------------------------------
- ---------- Network Interfaces options ----------
- ------------------------------------------------
-*/
-/**
- * LWIP_NETIF_TX_SINGLE_PBUF: if this is set to 1, lwIP tries to put all data
- * to be sent into one single pbuf. This is for compatibility with DMA-enabled
- * MACs that do not support scatter-gather.
- * Beware that this might involve CPU-memcpy before transmitting that would not
- * be needed without this flag! Use this only if you need to!
- *
- * @todo: TCP and IP-frag do not work with this, yet:
- */
-#define LWIP_NETIF_TX_SINGLE_PBUF 1
-
-/*
- ------------------------------------
- ---------- LOOPIF options ----------
- ------------------------------------
-*/
-
-/*
- ------------------------------------
- ---------- SLIPIF options ----------
- ------------------------------------
-*/
-
-/*
- ------------------------------------
- ---------- Thread options ----------
- ------------------------------------
-*/
-/**
- * TCPIP_THREAD_STACKSIZE: The stack size used by the main tcpip thread.
- * The stack size value itself is platform-dependent, but is passed to
- * sys_thread_new() when the thread is created.
- */
-#define TCPIP_THREAD_STACKSIZE 512 //not ok:384
-
-/**
- * TCPIP_THREAD_PRIO: The priority assigned to the main tcpip thread.
- * The priority value itself is platform-dependent, but is passed to
- * sys_thread_new() when the thread is created.
- */
-#define TCPIP_THREAD_PRIO (configMAX_PRIORITIES-5)
-
-/**
- * TCPIP_MBOX_SIZE: The mailbox size for the tcpip thread messages
- * The queue size value itself is platform-dependent, but is passed to
- * sys_mbox_new() when tcpip_init is called.
- */
-#define TCPIP_MBOX_SIZE 16
-
-/**
- * DEFAULT_UDP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a
- * NETCONN_UDP. The queue size value itself is platform-dependent, but is passed
- * to sys_mbox_new() when the recvmbox is created.
- */
-#define DEFAULT_UDP_RECVMBOX_SIZE 6
-
-/**
- * DEFAULT_TCP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a
- * NETCONN_TCP. The queue size value itself is platform-dependent, but is passed
- * to sys_mbox_new() when the recvmbox is created.
- */
-#define DEFAULT_TCP_RECVMBOX_SIZE 6
-
-/**
- * DEFAULT_ACCEPTMBOX_SIZE: The mailbox size for the incoming connections.
- * The queue size value itself is platform-dependent, but is passed to
- * sys_mbox_new() when the acceptmbox is created.
- */
-#define DEFAULT_ACCEPTMBOX_SIZE 6
-
-/*
- ----------------------------------------------
- ---------- Sequential layer options ----------
- ----------------------------------------------
-*/
-
-/*
- ------------------------------------
- ---------- Socket options ----------
- ------------------------------------
-*/
-/**
- * LWIP_SO_SNDTIMEO==1: Enable send timeout for sockets/netconns and
- * SO_SNDTIMEO processing.
- */
-#define LWIP_SO_SNDTIMEO 1
-
-/**
- * LWIP_SO_RCVTIMEO==1: Enable receive timeout for sockets/netconns and
- * SO_RCVTIMEO processing.
- */
-#define LWIP_SO_RCVTIMEO 1
-
-/**
- * LWIP_TCP_KEEPALIVE==1: Enable TCP_KEEPIDLE, TCP_KEEPINTVL and TCP_KEEPCNT
- * options processing. Note that TCP_KEEPIDLE and TCP_KEEPINTVL have to be set
- * in seconds. (does not require sockets.c, and will affect tcp.c)
- */
-#define LWIP_TCP_KEEPALIVE 1
-
-/**
- * LWIP_SO_RCVBUF==1: Enable SO_RCVBUF processing.
- */
-#define LWIP_SO_RCVBUF 0
-
-/**
- * SO_REUSE==1: Enable SO_REUSEADDR option.
- */
-#define SO_REUSE 1
-
-/*
- ----------------------------------------
- ---------- Statistics options ----------
- ----------------------------------------
-*/
-
-/*
- ---------------------------------
- ---------- PPP options ----------
- ---------------------------------
-*/
-
-/*
- --------------------------------------
- ---------- Checksum options ----------
- --------------------------------------
-*/
-
-/*
- ---------------------------------------
- ---------- IPv6 options ---------------
- ---------------------------------------
-*/
-
-/*
- ---------------------------------------
- ---------- Hook options ---------------
- ---------------------------------------
-*/
-
-/*
- ---------------------------------------
- ---------- Debugging options ----------
- ---------------------------------------
-*/
-/**
- * ETHARP_DEBUG: Enable debugging in etharp.c.
- */
-#define ETHARP_DEBUG LWIP_DBG_OFF
-
-/**
- * PBUF_DEBUG: Enable debugging in pbuf.c.
- */
-#define PBUF_DEBUG LWIP_DBG_OFF
-
-/**
- * API_LIB_DEBUG: Enable debugging in api_lib.c.
- */
-#define API_LIB_DEBUG LWIP_DBG_OFF
-
-/**
- * SOCKETS_DEBUG: Enable debugging in sockets.c.
- */
-#define SOCKETS_DEBUG LWIP_DBG_OFF
-
-/**
- * IP_DEBUG: Enable debugging for IP.
- */
-#define IP_DEBUG LWIP_DBG_OFF
-
-/**
- * MEMP_DEBUG: Enable debugging in memp.c.
- */
-#define MEMP_DEBUG LWIP_DBG_OFF
-
-/**
- * TCP_INPUT_DEBUG: Enable debugging in tcp_in.c for incoming debug.
- */
-#define TCP_INPUT_DEBUG LWIP_DBG_OFF
-
-/**
- * TCP_OUTPUT_DEBUG: Enable debugging in tcp_out.c output functions.
- */
-#define TCP_OUTPUT_DEBUG LWIP_DBG_OFF
-
-/**
- * TCPIP_DEBUG: Enable debugging in tcpip.c.
- */
-#define TCPIP_DEBUG LWIP_DBG_OFF
-
-/**
- * DHCP_DEBUG: Enable debugging in dhcp.c.
- */
-#define DHCP_DEBUG LWIP_DBG_OFF
-
-#endif /* __LWIPOPTS_H__ */
+/*
+ * Copyright (c) 2001-2003 Swedish Institute of Computer Science.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Simon Goldschmidt
+ *
+ */
+#ifndef __LWIPOPTS_H__
+#define __LWIPOPTS_H__
+
+#define LWIP_ESP 1
+#define ESP_RTOS 1
+#define PBUF_RSV_FOR_WLAN 1
+#define EBUF_LWIP 1
+#define ESP_TIMEWAIT_THRESHOLD 10000
+#define LWIP_TIMEVAL_PRIVATE 0
+
+// Uncomment this line, and set the debug options you want below, for IP stack debug output
+//#define LWIP_DEBUG
+
+/*
+ -----------------------------------------------
+ ---------- Platform specific locking ----------
+ -----------------------------------------------
+*/
+/**
+ * SYS_LIGHTWEIGHT_PROT==1: if you want inter-task protection for certain
+ * critical regions during buffer allocation, deallocation and memory
+ * allocation and deallocation.
+ */
+#define SYS_LIGHTWEIGHT_PROT 1
+
+/**
+ * MEMCPY: override this if you have a faster implementation at hand than the
+ * one included in your C library
+ */
+#define MEMCPY(dst,src,len) memcpy(dst,src,len)
+
+/**
+ * SMEMCPY: override this with care! Some compilers (e.g. gcc) can inline a
+ * call to memcpy() if the length is known at compile time and is small.
+ */
+#define SMEMCPY(dst,src,len) memcpy(dst,src,len)
+
+/*
+ ------------------------------------
+ ---------- Memory options ----------
+ ------------------------------------
+*/
+/**
+ * MEM_LIBC_MALLOC==1: Use malloc/free/realloc provided by your C-library
+ * instead of the lwip internal allocator. Can save code size if you
+ * already use it.
+ */
+#define MEM_LIBC_MALLOC 1
+
+/**
+* MEMP_MEM_MALLOC==1: Use mem_malloc/mem_free instead of the lwip pool allocator.
+* Especially useful with MEM_LIBC_MALLOC but handle with care regarding execution
+* speed and usage from interrupts!
+*/
+#define MEMP_MEM_MALLOC 1
+
+/**
+ * MEM_ALIGNMENT: should be set to the alignment of the CPU
+ * 4 byte alignment -> #define MEM_ALIGNMENT 4
+ * 2 byte alignment -> #define MEM_ALIGNMENT 2
+ */
+#define MEM_ALIGNMENT 4
+
+/*
+ ------------------------------------------------
+ ---------- Internal Memory Pool Sizes ----------
+ ------------------------------------------------
+*/
+
+/*
+ --------------------------------
+ ---------- ARP options -------
+ --------------------------------
+*/
+/**
+ * ARP_QUEUEING==1: Multiple outgoing packets are queued during hardware address
+ * resolution. By default, only the most recent packet is queued per IP address.
+ * This is sufficient for most protocols and mainly reduces TCP connection
+ * startup time. Set this to 1 if you know your application sends more than one
+ * packet in a row to an IP address that is not in the ARP cache.
+ */
+#define ARP_QUEUEING 1
+
+/*
+ --------------------------------
+ ---------- IP options ----------
+ --------------------------------
+*/
+/**
+ * IP_REASSEMBLY==1: Reassemble incoming fragmented IP packets. Note that
+ * this option does not affect outgoing packet sizes, which can be controlled
+ * via IP_FRAG.
+ */
+#define IP_REASSEMBLY 0
+
+/**
+ * IP_FRAG==1: Fragment outgoing IP packets if their size exceeds MTU. Note
+ * that this option does not affect incoming packet sizes, which can be
+ * controlled via IP_REASSEMBLY.
+ */
+#define IP_FRAG 1
+
+/**
+ * IP_REASS_MAXAGE: Maximum time (in multiples of IP_TMR_INTERVAL - so seconds, normally)
+ * a fragmented IP packet waits for all fragments to arrive. If not all fragments arrived
+ * in this time, the whole packet is discarded.
+ */
+#define IP_REASS_MAXAGE 3
+
+/**
+ * IP_REASS_MAX_PBUFS: Total maximum amount of pbufs waiting to be reassembled.
+ * Since the received pbufs are enqueued, be sure to configure
+ * PBUF_POOL_SIZE > IP_REASS_MAX_PBUFS so that the stack is still able to receive
+ * packets even if the maximum amount of fragments is enqueued for reassembly!
+ */
+#define IP_REASS_MAX_PBUFS 10
+
+/*
+ ----------------------------------
+ ---------- ICMP options ----------
+ ----------------------------------
+*/
+
+/*
+ ---------------------------------
+ ---------- RAW options ----------
+ ---------------------------------
+*/
+
+/*
+ ----------------------------------
+ ---------- DHCP options ----------
+ ----------------------------------
+*/
+/**
+ * LWIP_DHCP==1: Enable DHCP module.
+ */
+#define LWIP_DHCP 1
+
+#define LWIP_DHCP_BOOTP_FILE 0
+
+/*
+ ------------------------------------
+ ---------- AUTOIP options ----------
+ ------------------------------------
+*/
+/*
+ ----------------------------------
+ ---------- SNMP options ----------
+ ----------------------------------
+*/
+/*
+ ----------------------------------
+ ---------- IGMP options ----------
+ ----------------------------------
+*/
+/*
+ ----------------------------------
+ ---------- DNS options -----------
+ ----------------------------------
+*/
+/**
+ * LWIP_DNS==1: Turn on DNS module. UDP must be available for DNS
+ * transport.
+ */
+#define LWIP_DNS 1
+
+/*
+ ---------------------------------
+ ---------- UDP options ----------
+ ---------------------------------
+*/
+/*
+ ---------------------------------
+ ---------- TCP options ----------
+ ---------------------------------
+*/
+/**
+ * TCP_QUEUE_OOSEQ==1: TCP will queue segments that arrive out of order.
+ * Define to 0 if your device is low on memory.
+ */
+#define TCP_QUEUE_OOSEQ 0
+
+/*
+ * LWIP_EVENT_API==1: The user defines lwip_tcp_event() to receive all
+ * events (accept, sent, etc) that happen in the system.
+ * LWIP_CALLBACK_API==1: The PCB callback function is called directly
+ * for the event. This is the default.
+*/
+#define TCP_MSS 1460
+
+/**
+ * TCP_MAXRTX: Maximum number of retransmissions of data segments.
+ */
+#define TCP_MAXRTX 6
+
+
+/**
+ * TCP_SYNMAXRTX: Maximum number of retransmissions of SYN segments.
+ */
+#define TCP_SYNMAXRTX 3
+
+/*
+ ----------------------------------
+ ---------- Pbuf options ----------
+ ----------------------------------
+*/
+
+/*
+ ------------------------------------------------
+ ---------- Network Interfaces options ----------
+ ------------------------------------------------
+*/
+/**
+ * LWIP_NETIF_TX_SINGLE_PBUF: if this is set to 1, lwIP tries to put all data
+ * to be sent into one single pbuf. This is for compatibility with DMA-enabled
+ * MACs that do not support scatter-gather.
+ * Beware that this might involve CPU-memcpy before transmitting that would not
+ * be needed without this flag! Use this only if you need to!
+ *
+ * @todo: TCP and IP-frag do not work with this, yet:
+ */
+#define LWIP_NETIF_TX_SINGLE_PBUF 1
+
+/*
+ ------------------------------------
+ ---------- LOOPIF options ----------
+ ------------------------------------
+*/
+
+/*
+ ------------------------------------
+ ---------- SLIPIF options ----------
+ ------------------------------------
+*/
+
+/*
+ ------------------------------------
+ ---------- Thread options ----------
+ ------------------------------------
+*/
+/**
+ * TCPIP_THREAD_STACKSIZE: The stack size used by the main tcpip thread.
+ * The stack size value itself is platform-dependent, but is passed to
+ * sys_thread_new() when the thread is created.
+ */
+#define TCPIP_THREAD_STACKSIZE 512 //not ok:384
+
+/**
+ * TCPIP_THREAD_PRIO: The priority assigned to the main tcpip thread.
+ * The priority value itself is platform-dependent, but is passed to
+ * sys_thread_new() when the thread is created.
+ */
+#define TCPIP_THREAD_PRIO (configMAX_PRIORITIES-5)
+
+/**
+ * TCPIP_MBOX_SIZE: The mailbox size for the tcpip thread messages
+ * The queue size value itself is platform-dependent, but is passed to
+ * sys_mbox_new() when tcpip_init is called.
+ */
+#define TCPIP_MBOX_SIZE 16
+
+/**
+ * DEFAULT_UDP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a
+ * NETCONN_UDP. The queue size value itself is platform-dependent, but is passed
+ * to sys_mbox_new() when the recvmbox is created.
+ */
+#define DEFAULT_UDP_RECVMBOX_SIZE 6
+
+/**
+ * DEFAULT_TCP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a
+ * NETCONN_TCP. The queue size value itself is platform-dependent, but is passed
+ * to sys_mbox_new() when the recvmbox is created.
+ */
+#define DEFAULT_TCP_RECVMBOX_SIZE 6
+
+/**
+ * DEFAULT_ACCEPTMBOX_SIZE: The mailbox size for the incoming connections.
+ * The queue size value itself is platform-dependent, but is passed to
+ * sys_mbox_new() when the acceptmbox is created.
+ */
+#define DEFAULT_ACCEPTMBOX_SIZE 6
+
+/*
+ ----------------------------------------------
+ ---------- Sequential layer options ----------
+ ----------------------------------------------
+*/
+
+/*
+ ------------------------------------
+ ---------- Socket options ----------
+ ------------------------------------
+*/
+/**
+ * LWIP_SO_SNDTIMEO==1: Enable send timeout for sockets/netconns and
+ * SO_SNDTIMEO processing.
+ */
+#define LWIP_SO_SNDTIMEO 1
+
+/**
+ * LWIP_SO_RCVTIMEO==1: Enable receive timeout for sockets/netconns and
+ * SO_RCVTIMEO processing.
+ */
+#define LWIP_SO_RCVTIMEO 1
+
+/**
+ * LWIP_TCP_KEEPALIVE==1: Enable TCP_KEEPIDLE, TCP_KEEPINTVL and TCP_KEEPCNT
+ * options processing. Note that TCP_KEEPIDLE and TCP_KEEPINTVL have to be set
+ * in seconds. (does not require sockets.c, and will affect tcp.c)
+ */
+#define LWIP_TCP_KEEPALIVE 1
+
+/**
+ * LWIP_SO_RCVBUF==1: Enable SO_RCVBUF processing.
+ */
+#define LWIP_SO_RCVBUF 0
+
+/**
+ * SO_REUSE==1: Enable SO_REUSEADDR option.
+ */
+#define SO_REUSE 1
+
+/*
+ ----------------------------------------
+ ---------- Statistics options ----------
+ ----------------------------------------
+*/
+
+/*
+ ---------------------------------
+ ---------- PPP options ----------
+ ---------------------------------
+*/
+
+/*
+ --------------------------------------
+ ---------- Checksum options ----------
+ --------------------------------------
+*/
+
+/*
+ ---------------------------------------
+ ---------- IPv6 options ---------------
+ ---------------------------------------
+*/
+
+/*
+ ---------------------------------------
+ ---------- Hook options ---------------
+ ---------------------------------------
+*/
+
+/*
+ ---------------------------------------
+ ---------- Debugging options ----------
+ ---------------------------------------
+*/
+/**
+ * ETHARP_DEBUG: Enable debugging in etharp.c.
+ */
+#define ETHARP_DEBUG LWIP_DBG_OFF
+
+/**
+ * PBUF_DEBUG: Enable debugging in pbuf.c.
+ */
+#define PBUF_DEBUG LWIP_DBG_OFF
+
+/**
+ * API_LIB_DEBUG: Enable debugging in api_lib.c.
+ */
+#define API_LIB_DEBUG LWIP_DBG_OFF
+
+/**
+ * SOCKETS_DEBUG: Enable debugging in sockets.c.
+ */
+#define SOCKETS_DEBUG LWIP_DBG_OFF
+
+/**
+ * IP_DEBUG: Enable debugging for IP.
+ */
+#define IP_DEBUG LWIP_DBG_OFF
+
+/**
+ * MEMP_DEBUG: Enable debugging in memp.c.
+ */
+#define MEMP_DEBUG LWIP_DBG_OFF
+
+/**
+ * TCP_INPUT_DEBUG: Enable debugging in tcp_in.c for incoming debug.
+ */
+#define TCP_INPUT_DEBUG LWIP_DBG_OFF
+
+/**
+ * TCP_OUTPUT_DEBUG: Enable debugging in tcp_out.c output functions.
+ */
+#define TCP_OUTPUT_DEBUG LWIP_DBG_OFF
+
+/**
+ * TCPIP_DEBUG: Enable debugging in tcpip.c.
+ */
+#define TCPIP_DEBUG LWIP_DBG_OFF
+
+/**
+ * DHCP_DEBUG: Enable debugging in dhcp.c.
+ */
+#define DHCP_DEBUG LWIP_DBG_OFF
+
+#endif /* __LWIPOPTS_H__ */