espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-02 18:10:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'fix/add_missing_event_tracter_capture_duirng_mbedtls_read' into 'master'

Browse Source 
fix(esp-tls): added missing event tracker capture during mbedtls read operation

Closes IDFGH-15609

See merge request espressif/esp-idf!41266
This commit is contained in:
Mahavir Jain
2025-09-21 19:13:13 +05:30
parent 262a70a1f0 54d97fdac1
commit 572119684c
3 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
components/esp-tls/esp_tls_errors.h
View File

@@ -47,6 +47,7 @@ extern "C" {
#define ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1A) /*!< mbedtls api returned failed */ #define ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1A) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_CONF_PSK_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1B) /*!< mbedtls api returned failed */ #define ESP_ERR_MBEDTLS_SSL_CONF_PSK_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1B) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_TICKET_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1C) /*!< mbedtls api returned failed */ #define ESP_ERR_MBEDTLS_SSL_TICKET_SETUP_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1C) /*!< mbedtls api returned failed */
#define ESP_ERR_MBEDTLS_SSL_READ_FAILED (ESP_ERR_ESP_TLS_BASE + 0x1D) /*!< mbedtls api returned failed */
/* wolfssl specific error codes */ /* wolfssl specific error codes */
#define ESP_ERR_WOLFSSL_SSL_SET_HOSTNAME_FAILED (ESP_ERR_ESP_TLS_BASE + 0x31) /*!< wolfSSL api returned error */ #define ESP_ERR_WOLFSSL_SSL_SET_HOSTNAME_FAILED (ESP_ERR_ESP_TLS_BASE + 0x31) /*!< wolfSSL api returned error */

5
components/esp-tls/esp_tls_mbedtls.c
View File

@@ -310,8 +310,12 @@ int esp_mbedtls_handshake(esp_tls_t *tls, const esp_tls_cfg_t *cfg)
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret); ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret);
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED); ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED);
if (cfg->crt_bundle_attach != NULL || cfg->cacert_buf != NULL || cfg->use_global_ca_store == true) { if (cfg->crt_bundle_attach != NULL || cfg->cacert_buf != NULL || cfg->use_global_ca_store == true) {
if (mbedtls_ssl_get_peer_cert(&tls->ssl) != NULL) {
/* This is to check whether handshake failed due to invalid certificate*/ /* This is to check whether handshake failed due to invalid certificate*/
esp_mbedtls_verify_certificate(tls); esp_mbedtls_verify_certificate(tls);
} else {
ESP_LOGD(TAG, "Skipping certificate verification - no peer certificate received");
}
} }
tls->conn_state = ESP_TLS_FAIL; tls->conn_state = ESP_TLS_FAIL;
return -1; return -1;
@@ -407,6 +411,7 @@ ssize_t esp_mbedtls_read(esp_tls_t *tls, char *data, size_t datalen)
} }
if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) { if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret); ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret);
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, ESP_ERR_MBEDTLS_SSL_READ_FAILED);
ESP_LOGE(TAG, "read error :-0x%04"NEWLIB_NANO_SSIZE_T_COMPAT_FORMAT, -ret); ESP_LOGE(TAG, "read error :-0x%04"NEWLIB_NANO_SSIZE_T_COMPAT_FORMAT, -ret);
mbedtls_print_error_msg(ret); mbedtls_print_error_msg(ret);
} }

3
components/esp_common/src/esp_err_to_name.c
View File

@@ -746,6 +746,9 @@ static const esp_err_msg_t esp_err_msg_table[] = {
# ifdef ESP_ERR_MBEDTLS_SSL_TICKET_SETUP_FAILED # ifdef ESP_ERR_MBEDTLS_SSL_TICKET_SETUP_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_TICKET_SETUP_FAILED), /* 32796 0x801c mbedtls api returned failed */ ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_TICKET_SETUP_FAILED), /* 32796 0x801c mbedtls api returned failed */
# endif # endif
# ifdef ESP_ERR_MBEDTLS_SSL_READ_FAILED
ERR_TBL_IT(ESP_ERR_MBEDTLS_SSL_READ_FAILED), /* 32797 0x801d mbedtls api returned failed */
# endif
# ifdef ESP_ERR_WOLFSSL_SSL_SET_HOSTNAME_FAILED # ifdef ESP_ERR_WOLFSSL_SSL_SET_HOSTNAME_FAILED
ERR_TBL_IT(ESP_ERR_WOLFSSL_SSL_SET_HOSTNAME_FAILED), /* 32817 0x8031 wolfSSL api returned error */ ERR_TBL_IT(ESP_ERR_WOLFSSL_SSL_SET_HOSTNAME_FAILED), /* 32817 0x8031 wolfSSL api returned error */
# endif # endif