Merge branch 'contrib/github_pr_14493' into 'master'

Make esp_mbedtls_server_session_create async compatible (GitHub PR) Closes IDFGH-13606 See merge request espressif/esp-idf!34237
espressif · Dec 2, 2024 · 030c995 · 030c995
2 parents 9ee8daf + f9d64d4
commit 030c995
Show file tree

Hide file tree

Showing 4 changed files with 102 additions and 14 deletions.
diff --git a/components/esp-tls/esp_tls.c b/components/esp-tls/esp_tls.c
@@ -73,6 +73,8 @@ static const char *TAG = "esp-tls";
 #define _esp_tls_free_client_session        esp_mbedtls_free_client_session
 #define _esp_tls_get_ssl_context            esp_mbedtls_get_ssl_context
 #define _esp_tls_server_session_create      esp_mbedtls_server_session_create
+#define _esp_tls_server_session_init        esp_mbedtls_server_session_init
+#define _esp_tls_server_session_continue_async     esp_mbedtls_server_session_continue_async
 #define _esp_tls_server_session_delete      esp_mbedtls_server_session_delete
 #define _esp_tls_server_session_ticket_ctx_init    esp_mbedtls_server_session_ticket_ctx_init
 #define _esp_tls_server_session_ticket_ctx_free    esp_mbedtls_server_session_ticket_ctx_free
@@ -652,6 +654,17 @@ const int *esp_tls_get_ciphersuites_list(void)
 {
     return _esp_tls_get_ciphersuites_list();
 }
+
+esp_err_t esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
+{
+    return _esp_tls_server_session_init(cfg, sockfd, tls);
+}
+
+int esp_tls_server_session_continue_async(esp_tls_t *tls)
+{
+    return _esp_tls_server_session_continue_async(tls);
+}
+
 #endif /* CONFIG_ESP_TLS_USING_MBEDTLS */
 
 #ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
@@ -703,6 +716,7 @@ int esp_tls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls
 {
     return _esp_tls_server_session_create(cfg, sockfd, tls);
 }
+
 /**
  * @brief      Close the server side TLS/SSL connection and free any allocated resources.
  */

diff --git a/components/esp-tls/esp_tls.h b/components/esp-tls/esp_tls.h
@@ -694,6 +694,42 @@ mbedtls_x509_crt *esp_tls_get_global_ca_store(void);
  *
  */
 const int *esp_tls_get_ciphersuites_list(void);
+
+/**
+ * @brief      Initialize server side TLS/SSL connection
+ *
+ * This function should be used to initialize the server side TLS/SSL connection when the
+ * application wants to handle the TLS/SSL connection asynchronously with the help of
+ * esp_tls_server_session_continue_async() function.
+ *
+ * @param[in]  cfg      Pointer to esp_tls_cfg_server_t
+ * @param[in]  sockfd   FD of accepted connection
+ * @param[out] tls      Pointer to allocated esp_tls_t
+ *
+ * @return
+ *          - ESP_OK if successful
+ *          - ESP_ERR_INVALID_ARG if invalid arguments
+ *          - ESP_FAIL if server session setup failed
+ */
+esp_err_t esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
+
+/**
+ * @brief      Asynchronous continue of esp_tls_server_session_init
+ *
+ * This function should be called in a loop by the user until it returns 0. If this functions returns
+ * something other than 0, ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE,
+ * the esp-tls context must not be used and should be freed using esp_tls_conn_destroy();
+ *
+ * @param[in]  tls  pointer to esp_tls_t
+ *
+ * @return
+ *          - 0  if successful
+ *          - <0 in case of error
+ *          - ESP_TLS_ERR_SSL_WANT_READ/ESP_TLS_ERR_SSL_WANT_WRITE
+ *            if the handshake is incomplete and waiting for data to be available for reading.
+ */
+int esp_tls_server_session_continue_async(esp_tls_t *tls);
+
 #endif /* CONFIG_ESP_TLS_USING_MBEDTLS */
 /**
  * @brief      Create TLS/SSL server session

diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c
@@ -923,9 +923,26 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
  * @brief      Create TLS/SSL server session
  */
 int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
+{
+    int ret = 0;
+    if ((ret = esp_mbedtls_server_session_init(cfg, sockfd, tls)) != 0) {
+        return ret;
+    }
+    while ((ret = esp_mbedtls_server_session_continue_async(tls)) != 0) {
+        if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
+            return ret;
+        }
+    }
+    return ret;
+}
+
+/**
+ * @brief      ESP-TLS server session initialization (initialization part of esp_mbedtls_server_session_create)
+ */
+esp_err_t esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
 {
     if (tls == NULL || cfg == NULL) {
-        return -1;
+        return ESP_ERR_INVALID_ARG;
     }
     tls->role = ESP_TLS_SERVER;
     tls->sockfd = sockfd;
@@ -936,24 +953,33 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
         ESP_LOGE(TAG, "create_ssl_handle failed, returned [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
         ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, esp_ret);
         tls->conn_state = ESP_TLS_FAIL;
-        return -1;
+        return ESP_FAIL;
     }
 
     tls->read = esp_mbedtls_read;
     tls->write = esp_mbedtls_write;
-    int ret;
-    while ((ret = mbedtls_ssl_handshake(&tls->ssl)) != 0) {
-        if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
-            ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%04X", -ret);
-            mbedtls_print_error_msg(ret);
-            ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret);
-            ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED);
-            tls->conn_state = ESP_TLS_FAIL;
-            return ret;
-        }
+    return ESP_OK;
+}
+
+/**
+ * @brief      Asynchronous continue of server session initialized with esp_mbedtls_server_session_init, to be
+ *             called in a loop by the user until it returns 0, ESP_TLS_ERR_SSL_WANT_READ
+ *             or ESP_TLS_ERR_SSL_WANT_WRITE.
+ */
+int esp_mbedtls_server_session_continue_async(esp_tls_t *tls)
+{
+    int ret = mbedtls_ssl_handshake(&tls->ssl);
+    if (ret != 0 && ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
+        ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%04X", -ret);
+        mbedtls_print_error_msg(ret);
+        ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret);
+        ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED);
+        tls->conn_state = ESP_TLS_FAIL;
+        return ret;
     }
-    return 0;
+    return ret;
 }
+
 /**
  * @brief      Close the server side TLS/SSL connection and free any allocated resources.
  */

diff --git a/components/esp-tls/private_include/esp_tls_mbedtls.h b/components/esp-tls/private_include/esp_tls_mbedtls.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -69,6 +69,18 @@ void *esp_mbedtls_get_ssl_context(esp_tls_t *tls);
  */
 int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
 
+/**
+ * Initialization part of internal callback for mbedtls_server_session_create
+ */
+esp_err_t esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
+
+/**
+ * Asynchronous continue of internal callback for mbedtls_server_session_create,
+ * to be called in a loop by the user until it returns 0,
+ * ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE.
+ */
+int esp_mbedtls_server_session_continue_async(esp_tls_t *tls);
+
 /**
  * Internal Callback for mbedtls_server_session_delete
  *