mirror of
https://github.com/espressif/esp-idf.git
synced 2025-08-12 05:17:38 +00:00
5928a87aa7
Problem: 1. In low-memory scenarios, the dynamic buffer feature can fail due to memory fragmentation. 2. It requires a contiguous 16KB heap chunk, but continuous allocation and deallocation of the RX buffer can lead to fragmentation. 3. If another component allocates memory between these operations, it can break up the available 16KB block, causing allocation failure. Solution: 1. Introduce configurable strategy for using dynamic buffers in TLS connections. 2. For example, convert RX buffers to static after the TLS handshake. 3. Allow users to select the strategy via a new field in the esp_http_client_cfg_t structure. 4. The strategy can be controlled independently for each TLS session.
116 lines
5.8 KiB
C
116 lines
5.8 KiB
C
/*
|
|
* SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
|
|
*
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
/**
|
|
* @brief ESP-TLS Connection Handle
|
|
*/
|
|
|
|
#include <stdbool.h>
|
|
#include <sys/socket.h>
|
|
#include <fcntl.h>
|
|
#include "esp_err.h"
|
|
#include "esp_tls_errors.h"
|
|
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
|
|
#include "mbedtls/platform.h"
|
|
#include "mbedtls/net_sockets.h"
|
|
#include "mbedtls/esp_debug.h"
|
|
#include "mbedtls/ssl.h"
|
|
#include "mbedtls/entropy.h"
|
|
#include "mbedtls/ctr_drbg.h"
|
|
#include "mbedtls/error.h"
|
|
#ifdef CONFIG_ESP_TLS_SERVER_SESSION_TICKETS
|
|
#include "mbedtls/ssl_ticket.h"
|
|
#endif
|
|
#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3
|
|
#include "psa/crypto.h"
|
|
#endif
|
|
#elif CONFIG_ESP_TLS_USING_WOLFSSL
|
|
#include "wolfssl/wolfcrypt/settings.h"
|
|
#include "wolfssl/ssl.h"
|
|
#endif
|
|
|
|
struct esp_tls {
|
|
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
|
|
mbedtls_ssl_context ssl; /*!< TLS/SSL context */
|
|
|
|
mbedtls_entropy_context entropy; /*!< mbedTLS entropy context structure */
|
|
|
|
mbedtls_ctr_drbg_context ctr_drbg; /*!< mbedTLS ctr drbg context structure.
|
|
CTR_DRBG is deterministic random
|
|
bit generation based on AES-256 */
|
|
|
|
mbedtls_ssl_config conf; /*!< TLS/SSL configuration to be shared
|
|
between mbedtls_ssl_context
|
|
structures */
|
|
|
|
mbedtls_net_context server_fd; /*!< mbedTLS wrapper type for sockets */
|
|
|
|
mbedtls_x509_crt cacert; /*!< Container for the X.509 CA certificate */
|
|
|
|
mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */
|
|
union {
|
|
mbedtls_x509_crt clientcert; /*!< Container for the X.509 client certificate */
|
|
mbedtls_x509_crt servercert; /*!< Container for the X.509 server certificate */
|
|
};
|
|
|
|
union {
|
|
mbedtls_pk_context clientkey; /*!< Container for the private key of the client
|
|
certificate */
|
|
mbedtls_pk_context serverkey; /*!< Container for the private key of the server
|
|
certificate */
|
|
};
|
|
#ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
|
|
bool use_ecdsa_peripheral; /*!< Use the ECDSA peripheral for the private key operations. */
|
|
uint8_t ecdsa_efuse_blk; /*!< The efuse block number where the ECDSA key is stored. */
|
|
#endif
|
|
#if CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 && CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
|
|
unsigned char *client_session; /*!< Pointer for the serialized client session ticket context. */
|
|
size_t client_session_len; /*!< Length of the serialized client session ticket context. */
|
|
#endif /* CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 && CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
|
|
#elif CONFIG_ESP_TLS_USING_WOLFSSL
|
|
void *priv_ctx;
|
|
void *priv_ssl;
|
|
#endif
|
|
int sockfd; /*!< Underlying socket file descriptor. */
|
|
|
|
ssize_t (*read)(esp_tls_t *tls, char *data, size_t datalen); /*!< Callback function for reading data from TLS/SSL
|
|
connection. */
|
|
|
|
ssize_t (*write)(esp_tls_t *tls, const char *data, size_t datalen); /*!< Callback function for writing data to TLS/SSL
|
|
connection. */
|
|
|
|
esp_tls_conn_state_t conn_state; /*!< ESP-TLS Connection state */
|
|
|
|
fd_set rset; /*!< read file descriptors */
|
|
|
|
fd_set wset; /*!< write file descriptors */
|
|
|
|
bool is_tls; /*!< indicates connection type (TLS or NON-TLS) */
|
|
|
|
esp_tls_role_t role; /*!< esp-tls role
|
|
- ESP_TLS_CLIENT
|
|
- ESP_TLS_SERVER */
|
|
|
|
esp_tls_error_handle_t error_handle; /*!< handle to error descriptor */
|
|
|
|
#if CONFIG_MBEDTLS_DYNAMIC_BUFFER
|
|
esp_tls_dyn_buf_strategy_t esp_tls_dyn_buf_strategy; /*!< ESP-TLS dynamic buffer strategy */
|
|
#endif
|
|
|
|
};
|
|
|
|
// Function pointer for the server configuration API
|
|
typedef esp_err_t (*set_server_config_func_ptr) (esp_tls_cfg_server_t *cfg, esp_tls_t *tls);
|
|
|
|
// This struct contains any data that is only specific to the server session and not required by the client.
|
|
typedef struct esp_tls_server_params {
|
|
set_server_config_func_ptr set_server_cfg;
|
|
} esp_tls_server_params_t;
|
|
|
|
#define ESP_TLS_DEFAULT_SERVER_HANDSHAKE_TIMEOUT_MS (10000) /*!< Default handshake timeout in milliseconds */
|