Squashed 'lib/lwip/lwip/' content from commit 0a0452b2c39b

git-subtree-dir: lib/lwip/lwip
git-subtree-split: 0a0452b2c39bdd91e252aef045c115f88f6ca773

1 files changed, 144 insertions, 0 deletions

diff --git a/contrib/examples/httpd/https_example/https_example.c b/contrib/examples/httpd/https_example/https_example.c
new file mode 100644
index 00000000000..7619896961d
--- /dev/null
+++ b/contrib/examples/httpd/https_example/https_example.c
@@ -0,0 +1,144 @@
+/**
+ * @file
+ * HTTPD https example
+ *
+ * This file demonstrates how to initialize httpd for https.
+ * To do this, it needs 2 files:
+ * - server certificate
+ * - server private key
+ *
+ * In addition to that, watch out for resource shortage. You'll need plenty of
+ * heap (start with MEM_SIZE >= 200 KByte or monitor its err counters) and be
+ * sure to at least set the following settings high enough (monitor
+ * lwip_stats for an idea of what's needed):
+ * - MEMP_NUM_TCP_PCB/MEMP_NUM_ALTCP_PCB
+ * - MEMP_NUM_TCPIP_MSG_INPKT
+ * - MEMP_NUM_TCP_SEG
+ */
+ 
+ /*
+ * Copyright (c) 2017-2019 Simon Goldschmidt
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without modification, 
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ * 
+ * Author: Simon Goldschmidt <goldsimon@gmx.de>
+ *
+ */
+
+#include "lwip/opt.h"
+#include "https_example.h"
+
+#include "lwip/altcp_tls.h"
+#include "lwip/apps/httpd.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/** define LWIP_HTTPD_EXAMPLE_HTTPS to 1 to enable this file system */
+#ifndef LWIP_HTTPD_EXAMPLE_HTTPS
+#define LWIP_HTTPD_EXAMPLE_HTTPS 0
+#endif
+
+#if LWIP_HTTPD_EXAMPLE_HTTPS && LWIP_ALTCP_TLS
+
+#ifndef LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE
+#error "define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE to the created server private key"
+#endif
+
+/* If the key file is password-protected, define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS */
+#ifdef LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS
+#ifndef LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS_LEN
+#define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS_LEN  strlen(LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS)
+#endif
+#else
+#define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS      NULL
+#define LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS_LEN  0
+#endif
+
+#ifndef LWIP_HTTPD_EXAMPLE_HTTPS_CERT_FILE
+#error "define LWIP_HTTPD_EXAMPLE_HTTPS_CERT_FILE to the created server certificate"
+#endif
+
+static u8_t *read_file(const char *filename, size_t *file_size)
+{
+  u8_t *buf;
+  long fsize;
+  FILE *f = fopen(filename, "rb");
+  if (!f) {
+    return NULL;
+  }
+  fseek(f, 0, SEEK_END);
+  fsize = ftell(f);
+  fseek(f, 0, SEEK_SET);
+
+  buf = (u8_t *)malloc(fsize + 1);
+  if (!buf) {
+    fclose(f);
+    return NULL;
+  }
+  fread(buf, 1, fsize, f);
+  fclose(f);
+
+  buf[fsize] = 0;
+  if (file_size) {
+    /* Note: the '+ 1' is required for mbedTLS to correctly parse the buffer */
+    *file_size = (size_t)(fsize + 1);
+  }
+  return buf;
+}
+
+/** This function loads a server certificate and private key as x509 from disk.
+ * For information how to create such files, see mbedTLS tutorial ("How to
+ * generate a self-signed certificate") or OpenSSL documentation ("How to
+ * generate a self-signed certificate and private key using OpenSSL"), e.g.
+ * 'openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt'
+ * Copy the resulting files and define the path to them
+ */
+void
+https_ex_init(void)
+{
+  struct altcp_tls_config *conf;
+  u8_t *privkey, *cert;
+  size_t privkey_size, cert_size;
+
+  privkey = read_file(LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE, &privkey_size);
+  LWIP_ASSERT("Failed to open https server private key", privkey != NULL);
+  cert = read_file(LWIP_HTTPD_EXAMPLE_HTTPS_CERT_FILE, &cert_size);
+  LWIP_ASSERT("Failed to open https server certificate", cert != NULL);
+
+  conf = altcp_tls_create_config_server_privkey_cert(privkey, privkey_size,
+    LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS, LWIP_HTTPD_EXAMPLE_HTTPS_KEY_FILE_PASS_LEN, cert, cert_size);
+  LWIP_ASSERT("Failed to create https server config", conf != NULL);
+
+  httpd_inits(conf);
+
+  /* secure erase should be done in production environment */
+  free(privkey);
+  free(cert);
+}
+
+#endif /* LWIP_HTTPD_EXAMPLE_HTTPS */