From 68aa450503748670ee499c62969ccc77c1ccdd4b Mon Sep 17 00:00:00 2001
From: thetek42 <git@thetek.de>
Date: Mon, 30 Sep 2024 08:48:41 +0200
Subject: [PATCH] fix(esp-tls): async server_session_create for esp_tls and
 wolfssl

---
 components/esp-tls/esp_tls.c                  | 20 +++++++
 components/esp-tls/esp_tls_mbedtls.c          | 14 ++---
 components/esp-tls/esp_tls_wolfssl.c          | 52 +++++++++++++++----
 .../esp-tls/private_include/esp_tls_mbedtls.h |  4 +-
 4 files changed, 72 insertions(+), 18 deletions(-)

diff --git a/components/esp-tls/esp_tls.c b/components/esp-tls/esp_tls.c
index 063a87a3a3..a606e4f532 100644
--- a/components/esp-tls/esp_tls.c
+++ b/components/esp-tls/esp_tls.c
@@ -73,6 +73,8 @@ static const char *TAG = "esp-tls";
 #define _esp_tls_free_client_session        esp_mbedtls_free_client_session
 #define _esp_tls_get_ssl_context            esp_mbedtls_get_ssl_context
 #define _esp_tls_server_session_create      esp_mbedtls_server_session_create
+#define _esp_tls_server_session_init        esp_mbedtls_server_session_init
+#define _esp_tls_server_session_continue_async     esp_mbedtls_server_session_continue_async
 #define _esp_tls_server_session_delete      esp_mbedtls_server_session_delete
 #define _esp_tls_server_session_ticket_ctx_init    esp_mbedtls_server_session_ticket_ctx_init
 #define _esp_tls_server_session_ticket_ctx_free    esp_mbedtls_server_session_ticket_ctx_free
@@ -90,6 +92,8 @@ static const char *TAG = "esp-tls";
 #define _esp_tls_conn_delete                esp_wolfssl_conn_delete
 #define _esp_tls_net_init                   esp_wolfssl_net_init
 #define _esp_tls_server_session_create      esp_wolfssl_server_session_create
+#define _esp_tls_server_session_init        esp_wolfssl_server_session_init
+#define _esp_tls_server_session_continue_async     esp_wolfssl_server_session_continue_async
 #define _esp_tls_server_session_delete      esp_wolfssl_server_session_delete
 #define _esp_tls_get_bytes_avail            esp_wolfssl_get_bytes_avail
 #define _esp_tls_init_global_ca_store       esp_wolfssl_init_global_ca_store
@@ -703,6 +707,22 @@ int esp_tls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls
 {
     return _esp_tls_server_session_create(cfg, sockfd, tls);
 }
+/**
+ * @brief      Initialization part of esp_tls_server_session_create
+ */
+int esp_tls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
+{
+    return _esp_tls_server_session_init(cfg, sockfd, tls);
+}
+/**
+ * @brief      Asynchronous continue of esp_tls_server_session_create, to be
+ *             called in a loop by the user until it returns 0,
+ *             ESP_TLS_ERR_SSL_WANT_READ or ESP_TLS_ERR_SSL_WANT_WRITE
+ */
+int esp_tls_server_session_continue_async(esp_tls_t *tls)
+{
+    return _esp_tls_server_session_continue_async(tls);
+}
 /**
  * @brief      Close the server side TLS/SSL connection and free any allocated resources.
  */
diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c
index 043857e204..f0c2a61b43 100644
--- a/components/esp-tls/esp_tls_mbedtls.c
+++ b/components/esp-tls/esp_tls_mbedtls.c
@@ -789,7 +789,7 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
 #endif
 #ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
     } else if (cfg->client_session != NULL) {
-        ESP_LOGD(TAG, "Resuing the saved client session");
+        ESP_LOGD(TAG, "Reusing the saved client session");
 #endif
     } else {
 #ifdef CONFIG_ESP_TLS_SKIP_SERVER_CERT_VERIFY
@@ -916,8 +916,10 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
 int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
 {
     int ret = 0;
-    if ((ret = esp_mbedtls_server_session_create_start(cfg, sockfd, tls)) != 0) return ret;
-    while ((ret = esp_mbedtls_server_session_create_continue_async(tls)) != 0) {
+    if ((ret = esp_mbedtls_server_session_init(cfg, sockfd, tls)) != 0) {
+        return ret;
+    }
+    while ((ret = esp_mbedtls_server_session_continue_async(tls)) != 0) {
         if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
             return ret;
         }
@@ -928,7 +930,7 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
 /**
  * @brief      Initialization part of esp_mbedtls_server_session_create
  */
-int esp_mbedtls_server_session_create_start(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
+int esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
 {
     if (tls == NULL || cfg == NULL) {
         return -1;
@@ -951,11 +953,11 @@ int esp_mbedtls_server_session_create_start(esp_tls_cfg_server_t *cfg, int sockf
 }
 
 /**
- * @brief      Asyncronous continue of esp_mbedtls_server_session_create, to be
+ * @brief      Asynchronous continue of esp_mbedtls_server_session_create, to be
  *             called in a loop by the user until it returns 0, ESP_TLS_ERR_SSL_WANT_READ
  *             or ESP_TLS_ERR_SSL_WANT_WRITE
  */
-int esp_mbedtls_server_session_create_continue_async(esp_tls_t *tls)
+int esp_mbedtls_server_session_continue_async(esp_tls_t *tls)
 {
     int ret = mbedtls_ssl_handshake(&tls->ssl);
     if (ret != 0 && ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
diff --git a/components/esp-tls/esp_tls_wolfssl.c b/components/esp-tls/esp_tls_wolfssl.c
index b0f6316442..b8aee63ef9 100644
--- a/components/esp-tls/esp_tls_wolfssl.c
+++ b/components/esp-tls/esp_tls_wolfssl.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -501,9 +501,26 @@ void esp_wolfssl_cleanup(esp_tls_t *tls)
 }
 
 /**
- * @brief       Create TLS/SSL server session
+ * @brief      Create TLS/SSL server session
  */
 int esp_wolfssl_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
+{
+    int ret = 0;
+    if ((ret = esp_wolfssl_server_session_init(cfg, sockfd, tls)) != 0) {
+        return ret;
+    }
+    while ((ret = esp_mbedtls_server_session_continue_async(tls)) != 0) {
+        if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
+            return -1;
+        }
+    }
+    return 0;
+}
+
+/**
+ * @brief      Initialization part of esp_wolfssl_server_session_create
+ */
+int esp_wolfssl_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls)
 {
     if (tls == NULL || cfg == NULL) {
         return -1;
@@ -521,15 +538,30 @@ int esp_wolfssl_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
     }
     tls->read = esp_wolfssl_read;
     tls->write = esp_wolfssl_write;
-    int ret;
-    while ((ret = wolfSSL_accept((WOLFSSL *)tls->priv_ssl)) != WOLFSSL_SUCCESS) {
+    return 0;
+}
+
+/**
+ * @brief      Asynchronous continue of esp_wolfssl_server_session_create, to be
+ *             called in a loop by the user until it returns 0, ESP_TLS_ERR_SSL_WANT_READ
+ *             or ESP_TLS_ERR_SSL_WANT_WRITE
+ */
+int esp_wolfssl_server_session_continue_async(esp_tls_t *tls)
+{
+    int ret = wolfSSL_accept((WOLFSSL *)tls->priv_ssl);
+    if (ret != WOLFSSL_SUCCESS) {
         int err = wolfSSL_get_error((WOLFSSL *)tls->priv_ssl, ret);
-        if (err != WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_ERROR_WANT_WRITE) {
-            ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_WOLFSSL, err);
-            ESP_LOGE(TAG, "wolfSSL_accept returned %d, error code: %d", ret, err);
-            wolfssl_print_error_msg(err);
-            tls->conn_state = ESP_TLS_FAIL;
-            return -1;
+        switch (err) {
+            case WOLFSSL_ERROR_WANT_READ:
+                return ESP_TLS_SSL_ERR_WANT_READ;
+            case WOLFSSL_ERROR_WANT_WRITE:
+                return ESP_TLS_SSL_ERR_WANT_WRITE;
+            default:
+                ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_WOLFSSL, err);
+                ESP_LOGE(TAG, "wolfSSL_accept returned %d, error code: %d", ret, err);
+                wolfssl_print_error_msg(err);
+                tls->conn_state = ESP_TLS_FAIL;
+                return err;
         }
     }
     return 0;
diff --git a/components/esp-tls/private_include/esp_tls_mbedtls.h b/components/esp-tls/private_include/esp_tls_mbedtls.h
index 0800f95831..7ebb1317b7 100644
--- a/components/esp-tls/private_include/esp_tls_mbedtls.h
+++ b/components/esp-tls/private_include/esp_tls_mbedtls.h
@@ -74,7 +74,7 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
  *
  * /note :- The function can only be used with mbedtls ssl library
  */
-int esp_mbedtls_server_session_create_start(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
+int esp_mbedtls_server_session_init(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls_t *tls);
 
 /**
  * Asynchronous continue of internal callback for mbedtls_server_session_create,
@@ -83,7 +83,7 @@ int esp_mbedtls_server_session_create_start(esp_tls_cfg_server_t *cfg, int sockf
  *
  * /note :- The function can only be used with mbedtls ssl library
  */
-int esp_mbedtls_server_session_create_continue_async(esp_tls_t *tls);
+int esp_mbedtls_server_session_continue_async(esp_tls_t *tls);
 
 /**
  * Internal Callback for mbedtls_server_session_delete