From d97e435af9396163b4f29a2f29ef8dda9658bab1 Mon Sep 17 00:00:00 2001 From: thetek42 Date: Wed, 16 Oct 2024 17:26:53 +0200 Subject: [PATCH 1/2] fix: make esp_tls_server_session_create async compatible --- components/esp-tls/esp_tls.c | 20 +++++++ components/esp-tls/esp_tls_mbedtls.c | 48 +++++++++++++---- components/esp-tls/esp_tls_wolfssl.c | 52 +++++++++++++++---- .../esp-tls/private_include/esp_tls_mbedtls.h | 16 ++++++ 4 files changed, 115 insertions(+), 21 deletions(-) diff --git a/components/esp-tls/esp_tls.c b/components/esp-tls/esp_tls.c index 063a87a3a32..a606e4f532f 100644 --- a/components/esp-tls/esp_tls.c +++ b/components/esp-tls/esp_tls.c @@ -73,6 +73,8 @@ static const char *TAG = "esp-tls"; #define _esp_tls_free_client_session esp_mbedtls_free_client_session #define _esp_tls_get_ssl_context esp_mbedtls_get_ssl_context #define _esp_tls_server_session_create esp_mbedtls_server_session_create +#define _esp_tls_server_session_init esp_mbedtls_server_session_init +#define _esp_tls_server_session_continue_async esp_mbedtls_server_session_continue_async #define _esp_tls_server_session_delete esp_mbedtls_server_session_delete #define _esp_tls_server_session_ticket_ctx_init esp_mbedtls_server_session_ticket_ctx_init #define _esp_tls_server_session_ticket_ctx_free esp_mbedtls_server_session_ticket_ctx_free @@ -90,6 +92,8 @@ static const char *TAG = "esp-tls"; #define _esp_tls_conn_delete esp_wolfssl_conn_delete #define _esp_tls_net_init esp_wolfssl_net_init #define _esp_tls_server_session_create esp_wolfssl_server_session_create +#define _esp_tls_server_session_init esp_wolfssl_server_session_init +#define _esp_tls_server_session_continue_async esp_wolfssl_server_session_continue_async #define _esp_tls_server_session_delete esp_wolfssl_server_session_delete #define _esp_tls_get_bytes_avail esp_wolfssl_get_bytes_avail #define _esp_tls_init_global_ca_store esp_wolfssl_init_global_ca_store @@ -703,6 +707,22 @@ int esp_tls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls { return _esp_tls_server_session_create(cfg, sockfd, tls); } +/** + * @brief Initialization part of esp_tls_server_session_create + */ +int esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls) +{ + return _esp_tls_server_session_init(cfg, sockfd, tls); +} +/** + * @brief Asynchronous continue of esp_tls_server_session_create, to be + * called in a loop by the user until it returns 0, + * ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE + */ +int esp_tls_server_session_continue_async(esp_tls_t *tls) +{ + return _esp_tls_server_session_continue_async(tls); +} /** * @brief Close the server side TLS/SSL connection and free any allocated resources. */ diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c index 4759f2f8924..9a3f96dfa80 100644 --- a/components/esp-tls/esp_tls_mbedtls.c +++ b/components/esp-tls/esp_tls_mbedtls.c @@ -923,6 +923,23 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t * @brief Create TLS/SSL server session */ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls) +{ + int ret = 0; + if ((ret = esp_mbedtls_server_session_init(cfg, sockfd, tls)) != 0) { + return ret; + } + while ((ret = esp_mbedtls_server_session_continue_async(tls)) != 0) { + if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) { + return ret; + } + } + return ret; +} + +/** + * @brief Initialization part of esp_mbedtls_server_session_create + */ +int esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls) { if (tls == NULL || cfg == NULL) { return -1; @@ -941,19 +958,28 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp tls->read = esp_mbedtls_read; tls->write = esp_mbedtls_write; - int ret; - while ((ret = mbedtls_ssl_handshake(&tls->ssl)) != 0) { - if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) { - ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%04X", -ret); - mbedtls_print_error_msg(ret); - ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret); - ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED); - tls->conn_state = ESP_TLS_FAIL; - return ret; - } - } return 0; } + +/** + * @brief Asynchronous continue of esp_mbedtls_server_session_create, to be + * called in a loop by the user until it returns 0, ESP_TLS_ERR_SSL_WANT_READ + * or ESP_TLS_ERR_SSL_WANT_WRITE + */ +int esp_mbedtls_server_session_continue_async(esp_tls_t *tls) +{ + int ret = mbedtls_ssl_handshake(&tls->ssl); + if (ret != 0 && ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) { + ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%04X", -ret); + mbedtls_print_error_msg(ret); + ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret); + ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED); + tls->conn_state = ESP_TLS_FAIL; + return ret; + } + return ret; +} + /** * @brief Close the server side TLS/SSL connection and free any allocated resources. */ diff --git a/components/esp-tls/esp_tls_wolfssl.c b/components/esp-tls/esp_tls_wolfssl.c index 6096d717e4f..66c0a5ccd67 100644 --- a/components/esp-tls/esp_tls_wolfssl.c +++ b/components/esp-tls/esp_tls_wolfssl.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -505,9 +505,26 @@ void esp_wolfssl_cleanup(esp_tls_t *tls) } /** - * @brief Create TLS/SSL server session + * @brief Create TLS/SSL server session */ int esp_wolfssl_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls) +{ + int ret = 0; + if ((ret = esp_wolfssl_server_session_init(cfg, sockfd, tls)) != 0) { + return ret; + } + while ((ret = esp_mbedtls_server_session_continue_async(tls)) != 0) { + if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) { + return -1; + } + } + return 0; +} + +/** + * @brief Initialization part of esp_wolfssl_server_session_create + */ +int esp_wolfssl_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls) { if (tls == NULL || cfg == NULL) { return -1; @@ -525,15 +542,30 @@ int esp_wolfssl_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp } tls->read = esp_wolfssl_read; tls->write = esp_wolfssl_write; - int ret; - while ((ret = wolfSSL_accept((WOLFSSL *)tls->priv_ssl)) != WOLFSSL_SUCCESS) { + return 0; +} + +/** + * @brief Asynchronous continue of esp_wolfssl_server_session_create, to be + * called in a loop by the user until it returns 0, ESP_TLS_ERR_SSL_WANT_READ + * or ESP_TLS_ERR_SSL_WANT_WRITE + */ +int esp_wolfssl_server_session_continue_async(esp_tls_t *tls) +{ + int ret = wolfSSL_accept((WOLFSSL *)tls->priv_ssl); + if (ret != WOLFSSL_SUCCESS) { int err = wolfSSL_get_error((WOLFSSL *)tls->priv_ssl, ret); - if (err != WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_ERROR_WANT_WRITE) { - ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_WOLFSSL, err); - ESP_LOGE(TAG, "wolfSSL_accept returned %d, error code: %d", ret, err); - wolfssl_print_error_msg(err); - tls->conn_state = ESP_TLS_FAIL; - return -1; + switch (err) { + case WOLFSSL_ERROR_WANT_READ: + return ESP_TLS_SSL_ERR_WANT_READ; + case WOLFSSL_ERROR_WANT_WRITE: + return ESP_TLS_SSL_ERR_WANT_WRITE; + default: + ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_WOLFSSL, err); + ESP_LOGE(TAG, "wolfSSL_accept returned %d, error code: %d", ret, err); + wolfssl_print_error_msg(err); + tls->conn_state = ESP_TLS_FAIL; + return err; } } return 0; diff --git a/components/esp-tls/private_include/esp_tls_mbedtls.h b/components/esp-tls/private_include/esp_tls_mbedtls.h index 6bb1071ab04..7ebb1317b7c 100644 --- a/components/esp-tls/private_include/esp_tls_mbedtls.h +++ b/components/esp-tls/private_include/esp_tls_mbedtls.h @@ -69,6 +69,22 @@ void *esp_mbedtls_get_ssl_context(esp_tls_t *tls); */ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls); +/** + * Initialization part of internal callback for mbedtls_server_session_create + * + * /note :- The function can only be used with mbedtls ssl library + */ +int esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls); + +/** + * Asynchronous continue of internal callback for mbedtls_server_session_create, + * to be called in a loop by the user until it returns 0, + * ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE + * + * /note :- The function can only be used with mbedtls ssl library + */ +int esp_mbedtls_server_session_continue_async(esp_tls_t *tls); + /** * Internal Callback for mbedtls_server_session_delete * From f9d64d4db8d8d6de5696fdbe0e31635b1c7995bc Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 23 Oct 2024 22:10:16 +0530 Subject: [PATCH 2/2] feat(esp-tls): Update support for asynchronous server session create Closes https://github.com/espressif/esp-idf/pull/14493 --- components/esp-tls/esp_tls.c | 30 +++++------ components/esp-tls/esp_tls.h | 36 +++++++++++++ components/esp-tls/esp_tls_mbedtls.c | 14 ++--- components/esp-tls/esp_tls_wolfssl.c | 52 ++++--------------- .../esp-tls/private_include/esp_tls_mbedtls.h | 10 ++-- 5 files changed, 68 insertions(+), 74 deletions(-) diff --git a/components/esp-tls/esp_tls.c b/components/esp-tls/esp_tls.c index a606e4f532f..994560d532e 100644 --- a/components/esp-tls/esp_tls.c +++ b/components/esp-tls/esp_tls.c @@ -92,8 +92,6 @@ static const char *TAG = "esp-tls"; #define _esp_tls_conn_delete esp_wolfssl_conn_delete #define _esp_tls_net_init esp_wolfssl_net_init #define _esp_tls_server_session_create esp_wolfssl_server_session_create -#define _esp_tls_server_session_init esp_wolfssl_server_session_init -#define _esp_tls_server_session_continue_async esp_wolfssl_server_session_continue_async #define _esp_tls_server_session_delete esp_wolfssl_server_session_delete #define _esp_tls_get_bytes_avail esp_wolfssl_get_bytes_avail #define _esp_tls_init_global_ca_store esp_wolfssl_init_global_ca_store @@ -656,6 +654,17 @@ const int *esp_tls_get_ciphersuites_list(void) { return _esp_tls_get_ciphersuites_list(); } + +esp_err_t esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls) +{ + return _esp_tls_server_session_init(cfg, sockfd, tls); +} + +int esp_tls_server_session_continue_async(esp_tls_t *tls) +{ + return _esp_tls_server_session_continue_async(tls); +} + #endif /* CONFIG_ESP_TLS_USING_MBEDTLS */ #ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS @@ -707,22 +716,7 @@ int esp_tls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls { return _esp_tls_server_session_create(cfg, sockfd, tls); } -/** - * @brief Initialization part of esp_tls_server_session_create - */ -int esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls) -{ - return _esp_tls_server_session_init(cfg, sockfd, tls); -} -/** - * @brief Asynchronous continue of esp_tls_server_session_create, to be - * called in a loop by the user until it returns 0, - * ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE - */ -int esp_tls_server_session_continue_async(esp_tls_t *tls) -{ - return _esp_tls_server_session_continue_async(tls); -} + /** * @brief Close the server side TLS/SSL connection and free any allocated resources. */ diff --git a/components/esp-tls/esp_tls.h b/components/esp-tls/esp_tls.h index 2449f6665aa..a846341bc2f 100644 --- a/components/esp-tls/esp_tls.h +++ b/components/esp-tls/esp_tls.h @@ -694,6 +694,42 @@ mbedtls_x509_crt *esp_tls_get_global_ca_store(void); * */ const int *esp_tls_get_ciphersuites_list(void); + +/** + * @brief Initialize server side TLS/SSL connection + * + * This function should be used to initialize the server side TLS/SSL connection when the + * application wants to handle the TLS/SSL connection asynchronously with the help of + * esp_tls_server_session_continue_async() function. + * + * @param[in] cfg Pointer to esp_tls_cfg_server_t + * @param[in] sockfd FD of accepted connection + * @param[out] tls Pointer to allocated esp_tls_t + * + * @return + * - ESP_OK if successful + * - ESP_ERR_INVALID_ARG if invalid arguments + * - ESP_FAIL if server session setup failed + */ +esp_err_t esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls); + +/** + * @brief Asynchronous continue of esp_tls_server_session_init + * + * This function should be called in a loop by the user until it returns 0. If this functions returns + * something other than 0, ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE, + * the esp-tls context must not be used and should be freed using esp_tls_conn_destroy(); + * + * @param[in] tls pointer to esp_tls_t + * + * @return + * - 0 if successful + * - <0 in case of error + * - ESP_TLS_ERR_SSL_WANT_READ/ESP_TLS_ERR_SSL_WANT_WRITE + * if the handshake is incomplete and waiting for data to be available for reading. + */ +int esp_tls_server_session_continue_async(esp_tls_t *tls); + #endif /* CONFIG_ESP_TLS_USING_MBEDTLS */ /** * @brief Create TLS/SSL server session diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c index 9a3f96dfa80..40898314a1d 100644 --- a/components/esp-tls/esp_tls_mbedtls.c +++ b/components/esp-tls/esp_tls_mbedtls.c @@ -937,12 +937,12 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp } /** - * @brief Initialization part of esp_mbedtls_server_session_create + * @brief ESP-TLS server session initialization (initialization part of esp_mbedtls_server_session_create) */ -int esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls) +esp_err_t esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls) { if (tls == NULL || cfg == NULL) { - return -1; + return ESP_ERR_INVALID_ARG; } tls->role = ESP_TLS_SERVER; tls->sockfd = sockfd; @@ -953,18 +953,18 @@ int esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_t ESP_LOGE(TAG, "create_ssl_handle failed, returned [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret)); ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, esp_ret); tls->conn_state = ESP_TLS_FAIL; - return -1; + return ESP_FAIL; } tls->read = esp_mbedtls_read; tls->write = esp_mbedtls_write; - return 0; + return ESP_OK; } /** - * @brief Asynchronous continue of esp_mbedtls_server_session_create, to be + * @brief Asynchronous continue of server session initialized with esp_mbedtls_server_session_init, to be * called in a loop by the user until it returns 0, ESP_TLS_ERR_SSL_WANT_READ - * or ESP_TLS_ERR_SSL_WANT_WRITE + * or ESP_TLS_ERR_SSL_WANT_WRITE. */ int esp_mbedtls_server_session_continue_async(esp_tls_t *tls) { diff --git a/components/esp-tls/esp_tls_wolfssl.c b/components/esp-tls/esp_tls_wolfssl.c index 66c0a5ccd67..6096d717e4f 100644 --- a/components/esp-tls/esp_tls_wolfssl.c +++ b/components/esp-tls/esp_tls_wolfssl.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -505,26 +505,9 @@ void esp_wolfssl_cleanup(esp_tls_t *tls) } /** - * @brief Create TLS/SSL server session + * @brief Create TLS/SSL server session */ int esp_wolfssl_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls) -{ - int ret = 0; - if ((ret = esp_wolfssl_server_session_init(cfg, sockfd, tls)) != 0) { - return ret; - } - while ((ret = esp_mbedtls_server_session_continue_async(tls)) != 0) { - if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) { - return -1; - } - } - return 0; -} - -/** - * @brief Initialization part of esp_wolfssl_server_session_create - */ -int esp_wolfssl_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls) { if (tls == NULL || cfg == NULL) { return -1; @@ -542,30 +525,15 @@ int esp_wolfssl_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_t } tls->read = esp_wolfssl_read; tls->write = esp_wolfssl_write; - return 0; -} - -/** - * @brief Asynchronous continue of esp_wolfssl_server_session_create, to be - * called in a loop by the user until it returns 0, ESP_TLS_ERR_SSL_WANT_READ - * or ESP_TLS_ERR_SSL_WANT_WRITE - */ -int esp_wolfssl_server_session_continue_async(esp_tls_t *tls) -{ - int ret = wolfSSL_accept((WOLFSSL *)tls->priv_ssl); - if (ret != WOLFSSL_SUCCESS) { + int ret; + while ((ret = wolfSSL_accept((WOLFSSL *)tls->priv_ssl)) != WOLFSSL_SUCCESS) { int err = wolfSSL_get_error((WOLFSSL *)tls->priv_ssl, ret); - switch (err) { - case WOLFSSL_ERROR_WANT_READ: - return ESP_TLS_SSL_ERR_WANT_READ; - case WOLFSSL_ERROR_WANT_WRITE: - return ESP_TLS_SSL_ERR_WANT_WRITE; - default: - ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_WOLFSSL, err); - ESP_LOGE(TAG, "wolfSSL_accept returned %d, error code: %d", ret, err); - wolfssl_print_error_msg(err); - tls->conn_state = ESP_TLS_FAIL; - return err; + if (err != WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_ERROR_WANT_WRITE) { + ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_WOLFSSL, err); + ESP_LOGE(TAG, "wolfSSL_accept returned %d, error code: %d", ret, err); + wolfssl_print_error_msg(err); + tls->conn_state = ESP_TLS_FAIL; + return -1; } } return 0; diff --git a/components/esp-tls/private_include/esp_tls_mbedtls.h b/components/esp-tls/private_include/esp_tls_mbedtls.h index 7ebb1317b7c..05394a73d71 100644 --- a/components/esp-tls/private_include/esp_tls_mbedtls.h +++ b/components/esp-tls/private_include/esp_tls_mbedtls.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -71,17 +71,13 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp /** * Initialization part of internal callback for mbedtls_server_session_create - * - * /note :- The function can only be used with mbedtls ssl library */ -int esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls); +esp_err_t esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls); /** * Asynchronous continue of internal callback for mbedtls_server_session_create, * to be called in a loop by the user until it returns 0, - * ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE - * - * /note :- The function can only be used with mbedtls ssl library + * ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE. */ int esp_mbedtls_server_session_continue_async(esp_tls_t *tls);