feat(esp-tls): Update support for asynchronous server session create

Closes https://github.com/espressif/esp-idf/pull/14493
2025-03-09 09:09:10 -04:00 · 2024-10-23 22:10:16 +05:30 · 2024-10-23 22:10:16 +05:30 · f9d64d4db8
commit f9d64d4db8
parent d97e435af9
5 changed files with 68 additions and 74 deletions
--- a/components/esp-tls/esp_tls.c
+++ b/components/esp-tls/esp_tls.c
@ -92,8 +92,6 @@ static const char *TAG = "esp-tls";
 #define _esp_tls_conn_delete                esp_wolfssl_conn_delete
 #define _esp_tls_net_init                   esp_wolfssl_net_init
 #define _esp_tls_server_session_create      esp_wolfssl_server_session_create
-#define _esp_tls_server_session_init        esp_wolfssl_server_session_init
-#define _esp_tls_server_session_continue_async     esp_wolfssl_server_session_continue_async
 #define _esp_tls_server_session_delete      esp_wolfssl_server_session_delete
 #define _esp_tls_get_bytes_avail            esp_wolfssl_get_bytes_avail
 #define _esp_tls_init_global_ca_store       esp_wolfssl_init_global_ca_store
@ -656,6 +654,17 @@ const int *esp_tls_get_ciphersuites_list(void)
 {
    return _esp_tls_get_ciphersuites_list();
 }
+
+esp_err_t esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
+{
+    return _esp_tls_server_session_init(cfg, sockfd, tls);
+}
+
+int esp_tls_server_session_continue_async(esp_tls_t *tls)
+{
+    return _esp_tls_server_session_continue_async(tls);
+}
+
 #endif /* CONFIG_ESP_TLS_USING_MBEDTLS */

 #ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
@ -707,22 +716,7 @@ int esp_tls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls
 {
    return _esp_tls_server_session_create(cfg, sockfd, tls);
 }
-/**
- * @brief      Initialization part of esp_tls_server_session_create
- */
-int esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
-{
-    return _esp_tls_server_session_init(cfg, sockfd, tls);
-}
-/**
- * @brief      Asynchronous continue of esp_tls_server_session_create, to be
- *             called in a loop by the user until it returns 0,
- *             ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE
- */
-int esp_tls_server_session_continue_async(esp_tls_t *tls)
-{
-    return _esp_tls_server_session_continue_async(tls);
-}
+
 /**
 * @brief      Close the server side TLS/SSL connection and free any allocated resources.
 */
--- a/components/esp-tls/esp_tls.h
+++ b/components/esp-tls/esp_tls.h
@ -694,6 +694,42 @@ mbedtls_x509_crt *esp_tls_get_global_ca_store(void);
 *
 */
 const int *esp_tls_get_ciphersuites_list(void);
+
+/**
+ * @brief      Initialize server side TLS/SSL connection
+ *
+ * This function should be used to initialize the server side TLS/SSL connection when the
+ * application wants to handle the TLS/SSL connection asynchronously with the help of
+ * esp_tls_server_session_continue_async() function.
+ *
+ * @param[in]  cfg      Pointer to esp_tls_cfg_server_t
+ * @param[in]  sockfd   FD of accepted connection
+ * @param[out] tls      Pointer to allocated esp_tls_t
+ *
+ * @return
+ *          - ESP_OK if successful
+ *          - ESP_ERR_INVALID_ARG if invalid arguments
+ *          - ESP_FAIL if server session setup failed
+ */
+esp_err_t esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
+
+/**
+ * @brief      Asynchronous continue of esp_tls_server_session_init
+ *
+ * This function should be called in a loop by the user until it returns 0. If this functions returns
+ * something other than 0, ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE,
+ * the esp-tls context must not be used and should be freed using esp_tls_conn_destroy();
+ *
+ * @param[in]  tls  pointer to esp_tls_t
+ *
+ * @return
+ *          - 0  if successful
+ *          - <0 in case of error
+ *          - ESP_TLS_ERR_SSL_WANT_READ/ESP_TLS_ERR_SSL_WANT_WRITE
+ *            if the handshake is incomplete and waiting for data to be available for reading.
+ */
+int esp_tls_server_session_continue_async(esp_tls_t *tls);
+
 #endif /* CONFIG_ESP_TLS_USING_MBEDTLS */
 /**
 * @brief      Create TLS/SSL server session
--- a/components/esp-tls/esp_tls_mbedtls.c
+++ b/components/esp-tls/esp_tls_mbedtls.c
@ -937,12 +937,12 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
 }

 /**
- * @brief      Initialization part of esp_mbedtls_server_session_create
+ * @brief      ESP-TLS server session initialization (initialization part of esp_mbedtls_server_session_create)
 */
-int esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
+esp_err_t esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
 {
    if (tls == NULL || cfg == NULL) {
-        return -1;
+        return ESP_ERR_INVALID_ARG;
    }
    tls->role = ESP_TLS_SERVER;
    tls->sockfd = sockfd;
@ -953,18 +953,18 @@ int esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_t
        ESP_LOGE(TAG, "create_ssl_handle failed, returned [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
        ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, esp_ret);
        tls->conn_state = ESP_TLS_FAIL;
-        return -1;
+        return ESP_FAIL;
    }

    tls->read = esp_mbedtls_read;
    tls->write = esp_mbedtls_write;
-    return 0;
+    return ESP_OK;
 }

 /**
- * @brief      Asynchronous continue of esp_mbedtls_server_session_create, to be
+ * @brief      Asynchronous continue of server session initialized with esp_mbedtls_server_session_init, to be
 *             called in a loop by the user until it returns 0, ESP_TLS_ERR_SSL_WANT_READ
- *             or ESP_TLS_ERR_SSL_WANT_WRITE
+ *             or ESP_TLS_ERR_SSL_WANT_WRITE.
 */
 int esp_mbedtls_server_session_continue_async(esp_tls_t *tls)
 {
--- a/components/esp-tls/esp_tls_wolfssl.c
+++ b/components/esp-tls/esp_tls_wolfssl.c
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -505,26 +505,9 @@ void esp_wolfssl_cleanup(esp_tls_t *tls)
 }

 /**
- * @brief      Create TLS/SSL server session
+ * @brief       Create TLS/SSL server session
 */
 int esp_wolfssl_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
-{
-    int ret = 0;
-    if ((ret = esp_wolfssl_server_session_init(cfg, sockfd, tls)) != 0) {
-        return ret;
-    }
-    while ((ret = esp_mbedtls_server_session_continue_async(tls)) != 0) {
-        if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
-            return -1;
-        }
-    }
-    return 0;
-}
-
-/**
- * @brief      Initialization part of esp_wolfssl_server_session_create
- */
-int esp_wolfssl_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
 {
    if (tls == NULL || cfg == NULL) {
        return -1;
@ -542,30 +525,15 @@ int esp_wolfssl_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_t
    }
    tls->read = esp_wolfssl_read;
    tls->write = esp_wolfssl_write;
-    return 0;
-}
-
-/**
- * @brief      Asynchronous continue of esp_wolfssl_server_session_create, to be
- *             called in a loop by the user until it returns 0, ESP_TLS_ERR_SSL_WANT_READ
- *             or ESP_TLS_ERR_SSL_WANT_WRITE
- */
-int esp_wolfssl_server_session_continue_async(esp_tls_t *tls)
-{
-    int ret = wolfSSL_accept((WOLFSSL *)tls->priv_ssl);
-    if (ret != WOLFSSL_SUCCESS) {
+    int ret;
+    while ((ret = wolfSSL_accept((WOLFSSL *)tls->priv_ssl)) != WOLFSSL_SUCCESS) {
        int err = wolfSSL_get_error((WOLFSSL *)tls->priv_ssl, ret);
-        switch (err) {
-            case WOLFSSL_ERROR_WANT_READ:
-                return ESP_TLS_SSL_ERR_WANT_READ;
-            case WOLFSSL_ERROR_WANT_WRITE:
-                return ESP_TLS_SSL_ERR_WANT_WRITE;
-            default:
-                ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_WOLFSSL, err);
-                ESP_LOGE(TAG, "wolfSSL_accept returned %d, error code: %d", ret, err);
-                wolfssl_print_error_msg(err);
-                tls->conn_state = ESP_TLS_FAIL;
-                return err;
+        if (err != WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_ERROR_WANT_WRITE) {
+            ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_WOLFSSL, err);
+            ESP_LOGE(TAG, "wolfSSL_accept returned %d, error code: %d", ret, err);
+            wolfssl_print_error_msg(err);
+            tls->conn_state = ESP_TLS_FAIL;
+            return -1;
        }
    }
    return 0;
--- a/components/esp-tls/private_include/esp_tls_mbedtls.h
+++ b/components/esp-tls/private_include/esp_tls_mbedtls.h
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -71,17 +71,13 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp

 /**
 * Initialization part of internal callback for mbedtls_server_session_create
- *
- * /note :- The function can only be used with mbedtls ssl library
 */
-int esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
+esp_err_t esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);

 /**
 * Asynchronous continue of internal callback for mbedtls_server_session_create,
 * to be called in a loop by the user until it returns 0,
- * ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE
- *
- * /note :- The function can only be used with mbedtls ssl library
+ * ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE.
 */
 int esp_mbedtls_server_session_continue_async(esp_tls_t *tls);