feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

feat(esp-tls): Update support for asynchronous server session create

Browse Source 
Closes https://github.com/espressif/esp-idf/pull/14493
This commit is contained in:
Aditya Patwardhan
2024-10-23 22:10:16 +05:30
parent d97e435af9
commit f9d64d4db8
5 changed files with 68 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
components/esp-tls/esp_tls.c
View File

@@ -92,8 +92,6 @@ static const char *TAG = "esp-tls";
#define _esp_tls_conn_delete esp_wolfssl_conn_delete #define _esp_tls_conn_delete esp_wolfssl_conn_delete
#define _esp_tls_net_init esp_wolfssl_net_init #define _esp_tls_net_init esp_wolfssl_net_init
#define _esp_tls_server_session_create esp_wolfssl_server_session_create #define _esp_tls_server_session_create esp_wolfssl_server_session_create
#define _esp_tls_server_session_init esp_wolfssl_server_session_init
#define _esp_tls_server_session_continue_async esp_wolfssl_server_session_continue_async
#define _esp_tls_server_session_delete esp_wolfssl_server_session_delete #define _esp_tls_server_session_delete esp_wolfssl_server_session_delete
#define _esp_tls_get_bytes_avail esp_wolfssl_get_bytes_avail #define _esp_tls_get_bytes_avail esp_wolfssl_get_bytes_avail
#define _esp_tls_init_global_ca_store esp_wolfssl_init_global_ca_store #define _esp_tls_init_global_ca_store esp_wolfssl_init_global_ca_store
@@ -656,6 +654,17 @@ const int *esp_tls_get_ciphersuites_list(void)
{ {
return _esp_tls_get_ciphersuites_list(); return _esp_tls_get_ciphersuites_list();
} }
esp_err_t esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
{
return _esp_tls_server_session_init(cfg, sockfd, tls);
}
int esp_tls_server_session_continue_async(esp_tls_t *tls)
{
return _esp_tls_server_session_continue_async(tls);
}
#endif /* CONFIG_ESP_TLS_USING_MBEDTLS */ #endif /* CONFIG_ESP_TLS_USING_MBEDTLS */
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS #ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
@@ -707,22 +716,7 @@ int esp_tls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls
{ {
return _esp_tls_server_session_create(cfg, sockfd, tls); return _esp_tls_server_session_create(cfg, sockfd, tls);
} }
/**
* @brief Initialization part of esp_tls_server_session_create
*/
int esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
{
return _esp_tls_server_session_init(cfg, sockfd, tls);
}
/**
* @brief Asynchronous continue of esp_tls_server_session_create, to be
* called in a loop by the user until it returns 0,
* ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE
*/
int esp_tls_server_session_continue_async(esp_tls_t *tls)
{
return _esp_tls_server_session_continue_async(tls);
}
/** /**
* @brief Close the server side TLS/SSL connection and free any allocated resources. * @brief Close the server side TLS/SSL connection and free any allocated resources.
*/ */

36
components/esp-tls/esp_tls.h
View File

@@ -694,6 +694,42 @@ mbedtls_x509_crt *esp_tls_get_global_ca_store(void);
* *
*/ */
const int *esp_tls_get_ciphersuites_list(void); const int *esp_tls_get_ciphersuites_list(void);
/**
* @brief Initialize server side TLS/SSL connection
*
* This function should be used to initialize the server side TLS/SSL connection when the
* application wants to handle the TLS/SSL connection asynchronously with the help of
* esp_tls_server_session_continue_async() function.
*
* @param[in] cfg Pointer to esp_tls_cfg_server_t
* @param[in] sockfd FD of accepted connection
* @param[out] tls Pointer to allocated esp_tls_t
*
* @return
* - ESP_OK if successful
* - ESP_ERR_INVALID_ARG if invalid arguments
* - ESP_FAIL if server session setup failed
*/
esp_err_t esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
/**
* @brief Asynchronous continue of esp_tls_server_session_init
*
* This function should be called in a loop by the user until it returns 0. If this functions returns
* something other than 0, ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE,
* the esp-tls context must not be used and should be freed using esp_tls_conn_destroy();
*
* @param[in] tls pointer to esp_tls_t
*
* @return
* - 0 if successful
* - <0 in case of error
* - ESP_TLS_ERR_SSL_WANT_READ/ESP_TLS_ERR_SSL_WANT_WRITE
* if the handshake is incomplete and waiting for data to be available for reading.
*/
int esp_tls_server_session_continue_async(esp_tls_t *tls);
#endif /* CONFIG_ESP_TLS_USING_MBEDTLS */ #endif /* CONFIG_ESP_TLS_USING_MBEDTLS */
/** /**
* @brief Create TLS/SSL server session * @brief Create TLS/SSL server session

14
components/esp-tls/esp_tls_mbedtls.c
View File

@@ -937,12 +937,12 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
} }
/** /**
* @brief Initialization part of esp_mbedtls_server_session_create * @brief ESP-TLS server session initialization (initialization part of esp_mbedtls_server_session_create)
*/ */
int esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls) esp_err_t esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
{ {
if (tls == NULL || cfg == NULL) { if (tls == NULL || cfg == NULL) {
return -1; return ESP_ERR_INVALID_ARG;
} }
tls->role = ESP_TLS_SERVER; tls->role = ESP_TLS_SERVER;
tls->sockfd = sockfd; tls->sockfd = sockfd;
@@ -953,18 +953,18 @@ int esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_t
ESP_LOGE(TAG, "create_ssl_handle failed, returned [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret)); ESP_LOGE(TAG, "create_ssl_handle failed, returned [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, esp_ret); ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, esp_ret);
tls->conn_state = ESP_TLS_FAIL; tls->conn_state = ESP_TLS_FAIL;
return -1; return ESP_FAIL;
} }
tls->read = esp_mbedtls_read; tls->read = esp_mbedtls_read;
tls->write = esp_mbedtls_write; tls->write = esp_mbedtls_write;
return 0; return ESP_OK;
} }
/** /**
* @brief Asynchronous continue of esp_mbedtls_server_session_create, to be * @brief Asynchronous continue of server session initialized with esp_mbedtls_server_session_init, to be
* called in a loop by the user until it returns 0, ESP_TLS_ERR_SSL_WANT_READ * called in a loop by the user until it returns 0, ESP_TLS_ERR_SSL_WANT_READ
* or ESP_TLS_ERR_SSL_WANT_WRITE * or ESP_TLS_ERR_SSL_WANT_WRITE.
*/ */
int esp_mbedtls_server_session_continue_async(esp_tls_t *tls) int esp_mbedtls_server_session_continue_async(esp_tls_t *tls)
{ {

52
components/esp-tls/esp_tls_wolfssl.c
View File

@@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@@ -505,26 +505,9 @@ void esp_wolfssl_cleanup(esp_tls_t *tls)
} }
/** /**
* @brief Create TLS/SSL server session * @brief Create TLS/SSL server session
*/ */
int esp_wolfssl_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls) int esp_wolfssl_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
{
int ret = 0;
if ((ret = esp_wolfssl_server_session_init(cfg, sockfd, tls)) != 0) {
return ret;
}
while ((ret = esp_mbedtls_server_session_continue_async(tls)) != 0) {
if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
return -1;
}
}
return 0;
}
/**
* @brief Initialization part of esp_wolfssl_server_session_create
*/
int esp_wolfssl_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
{ {
if (tls == NULL || cfg == NULL) { if (tls == NULL || cfg == NULL) {
return -1; return -1;
@@ -542,30 +525,15 @@ int esp_wolfssl_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_t
} }
tls->read = esp_wolfssl_read; tls->read = esp_wolfssl_read;
tls->write = esp_wolfssl_write; tls->write = esp_wolfssl_write;
return 0; int ret;
} while ((ret = wolfSSL_accept((WOLFSSL *)tls->priv_ssl)) != WOLFSSL_SUCCESS) {
/**
* @brief Asynchronous continue of esp_wolfssl_server_session_create, to be
* called in a loop by the user until it returns 0, ESP_TLS_ERR_SSL_WANT_READ
* or ESP_TLS_ERR_SSL_WANT_WRITE
*/
int esp_wolfssl_server_session_continue_async(esp_tls_t *tls)
{
int ret = wolfSSL_accept((WOLFSSL *)tls->priv_ssl);
if (ret != WOLFSSL_SUCCESS) {
int err = wolfSSL_get_error((WOLFSSL *)tls->priv_ssl, ret); int err = wolfSSL_get_error((WOLFSSL *)tls->priv_ssl, ret);
switch (err) { if (err != WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_ERROR_WANT_WRITE) {
case WOLFSSL_ERROR_WANT_READ: ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_WOLFSSL, err);
return ESP_TLS_SSL_ERR_WANT_READ; ESP_LOGE(TAG, "wolfSSL_accept returned %d, error code: %d", ret, err);
case WOLFSSL_ERROR_WANT_WRITE: wolfssl_print_error_msg(err);
return ESP_TLS_SSL_ERR_WANT_WRITE; tls->conn_state = ESP_TLS_FAIL;
default: return -1;
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_WOLFSSL, err);
ESP_LOGE(TAG, "wolfSSL_accept returned %d, error code: %d", ret, err);
wolfssl_print_error_msg(err);
tls->conn_state = ESP_TLS_FAIL;
return err;
} }
} }
return 0; return 0;

10
components/esp-tls/private_include/esp_tls_mbedtls.h
View File

@@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@@ -71,17 +71,13 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
/** /**
* Initialization part of internal callback for mbedtls_server_session_create * Initialization part of internal callback for mbedtls_server_session_create
*
* /note :- The function can only be used with mbedtls ssl library
*/ */
int esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls); esp_err_t esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
/** /**
* Asynchronous continue of internal callback for mbedtls_server_session_create, * Asynchronous continue of internal callback for mbedtls_server_session_create,
* to be called in a loop by the user until it returns 0, * to be called in a loop by the user until it returns 0,
* ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE * ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE.
*
* /note :- The function can only be used with mbedtls ssl library
*/ */
int esp_mbedtls_server_session_continue_async(esp_tls_t *tls); int esp_mbedtls_server_session_continue_async(esp_tls_t *tls);