forked from espressif/esp-idf
Merge branch 'contrib/github_pr_14493' into 'master'
Make esp_mbedtls_server_session_create async compatible (GitHub PR) Closes IDFGH-13606 See merge request espressif/esp-idf!34237
This commit is contained in:
Mahavir Jain
@ -73,6 +73,8 @@ static const char *TAG = "esp-tls";
|
||||
#define _esp_tls_free_client_session esp_mbedtls_free_client_session
|
||||
#define _esp_tls_get_ssl_context esp_mbedtls_get_ssl_context
|
||||
#define _esp_tls_server_session_create esp_mbedtls_server_session_create
|
||||
#define _esp_tls_server_session_init esp_mbedtls_server_session_init
|
||||
#define _esp_tls_server_session_continue_async esp_mbedtls_server_session_continue_async
|
||||
#define _esp_tls_server_session_delete esp_mbedtls_server_session_delete
|
||||
#define _esp_tls_server_session_ticket_ctx_init esp_mbedtls_server_session_ticket_ctx_init
|
||||
#define _esp_tls_server_session_ticket_ctx_free esp_mbedtls_server_session_ticket_ctx_free
|
||||
@ -652,6 +654,17 @@ const int *esp_tls_get_ciphersuites_list(void)
|
||||
{
|
||||
return _esp_tls_get_ciphersuites_list();
|
||||
}
|
||||
|
||||
esp_err_t esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
|
||||
{
|
||||
return _esp_tls_server_session_init(cfg, sockfd, tls);
|
||||
}
|
||||
|
||||
int esp_tls_server_session_continue_async(esp_tls_t *tls)
|
||||
{
|
||||
return _esp_tls_server_session_continue_async(tls);
|
||||
}
|
||||
|
||||
#endif /* CONFIG_ESP_TLS_USING_MBEDTLS */
|
||||
|
||||
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
|
||||
@ -703,6 +716,7 @@ int esp_tls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls
|
||||
{
|
||||
return _esp_tls_server_session_create(cfg, sockfd, tls);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Close the server side TLS/SSL connection and free any allocated resources.
|
||||
*/
|
||||
|
||||
@ -694,6 +694,42 @@ mbedtls_x509_crt *esp_tls_get_global_ca_store(void);
|
||||
*
|
||||
*/
|
||||
const int *esp_tls_get_ciphersuites_list(void);
|
||||
|
||||
/**
|
||||
* @brief Initialize server side TLS/SSL connection
|
||||
*
|
||||
* This function should be used to initialize the server side TLS/SSL connection when the
|
||||
* application wants to handle the TLS/SSL connection asynchronously with the help of
|
||||
* esp_tls_server_session_continue_async() function.
|
||||
*
|
||||
* @param[in] cfg Pointer to esp_tls_cfg_server_t
|
||||
* @param[in] sockfd FD of accepted connection
|
||||
* @param[out] tls Pointer to allocated esp_tls_t
|
||||
*
|
||||
* @return
|
||||
* - ESP_OK if successful
|
||||
* - ESP_ERR_INVALID_ARG if invalid arguments
|
||||
* - ESP_FAIL if server session setup failed
|
||||
*/
|
||||
esp_err_t esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
|
||||
|
||||
/**
|
||||
* @brief Asynchronous continue of esp_tls_server_session_init
|
||||
*
|
||||
* This function should be called in a loop by the user until it returns 0. If this functions returns
|
||||
* something other than 0, ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE,
|
||||
* the esp-tls context must not be used and should be freed using esp_tls_conn_destroy();
|
||||
*
|
||||
* @param[in] tls pointer to esp_tls_t
|
||||
*
|
||||
* @return
|
||||
* - 0 if successful
|
||||
* - <0 in case of error
|
||||
* - ESP_TLS_ERR_SSL_WANT_READ/ESP_TLS_ERR_SSL_WANT_WRITE
|
||||
* if the handshake is incomplete and waiting for data to be available for reading.
|
||||
*/
|
||||
int esp_tls_server_session_continue_async(esp_tls_t *tls);
|
||||
|
||||
#endif /* CONFIG_ESP_TLS_USING_MBEDTLS */
|
||||
/**
|
||||
* @brief Create TLS/SSL server session
|
||||
|
||||
@ -923,9 +923,26 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
|
||||
* @brief Create TLS/SSL server session
|
||||
*/
|
||||
int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
|
||||
{
|
||||
int ret = 0;
|
||||
if ((ret = esp_mbedtls_server_session_init(cfg, sockfd, tls)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
while ((ret = esp_mbedtls_server_session_continue_async(tls)) != 0) {
|
||||
if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief ESP-TLS server session initialization (initialization part of esp_mbedtls_server_session_create)
|
||||
*/
|
||||
esp_err_t esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
|
||||
{
|
||||
if (tls == NULL || cfg == NULL) {
|
||||
return -1;
|
||||
return ESP_ERR_INVALID_ARG;
|
||||
}
|
||||
tls->role = ESP_TLS_SERVER;
|
||||
tls->sockfd = sockfd;
|
||||
@ -936,24 +953,33 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
|
||||
ESP_LOGE(TAG, "create_ssl_handle failed, returned [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
|
||||
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, esp_ret);
|
||||
tls->conn_state = ESP_TLS_FAIL;
|
||||
return -1;
|
||||
return ESP_FAIL;
|
||||
}
|
||||
|
||||
tls->read = esp_mbedtls_read;
|
||||
tls->write = esp_mbedtls_write;
|
||||
int ret;
|
||||
while ((ret = mbedtls_ssl_handshake(&tls->ssl)) != 0) {
|
||||
if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
|
||||
ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%04X", -ret);
|
||||
mbedtls_print_error_msg(ret);
|
||||
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret);
|
||||
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED);
|
||||
tls->conn_state = ESP_TLS_FAIL;
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
return ESP_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Asynchronous continue of server session initialized with esp_mbedtls_server_session_init, to be
|
||||
* called in a loop by the user until it returns 0, ESP_TLS_ERR_SSL_WANT_READ
|
||||
* or ESP_TLS_ERR_SSL_WANT_WRITE.
|
||||
*/
|
||||
int esp_mbedtls_server_session_continue_async(esp_tls_t *tls)
|
||||
{
|
||||
int ret = mbedtls_ssl_handshake(&tls->ssl);
|
||||
if (ret != 0 && ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
|
||||
ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%04X", -ret);
|
||||
mbedtls_print_error_msg(ret);
|
||||
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret);
|
||||
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED);
|
||||
tls->conn_state = ESP_TLS_FAIL;
|
||||
return ret;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Close the server side TLS/SSL connection and free any allocated resources.
|
||||
*/
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
|
||||
* SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
|
||||
*
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
@ -69,6 +69,18 @@ void *esp_mbedtls_get_ssl_context(esp_tls_t *tls);
|
||||
*/
|
||||
int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
|
||||
|
||||
/**
|
||||
* Initialization part of internal callback for mbedtls_server_session_create
|
||||
*/
|
||||
esp_err_t esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
|
||||
|
||||
/**
|
||||
* Asynchronous continue of internal callback for mbedtls_server_session_create,
|
||||
* to be called in a loop by the user until it returns 0,
|
||||
* ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE.
|
||||
*/
|
||||
int esp_mbedtls_server_session_continue_async(esp_tls_t *tls);
|
||||
|
||||
/**
|
||||
* Internal Callback for mbedtls_server_session_delete
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user