diff --git a/components/esp-tls/esp_tls.c b/components/esp-tls/esp_tls.c index 039dc31a..f179f4ff 100644 --- a/components/esp-tls/esp_tls.c +++ b/components/esp-tls/esp_tls.c @@ -30,7 +30,7 @@ static const char *TAG = "esp-tls"; #if CONFIG_SSL_USING_MBEDTLS static mbedtls_x509_crt *global_cacert = NULL; -#else +#elif CONFIG_SSL_USING_WOLFSSL static unsigned char *global_cacert = NULL; static unsigned int global_cacert_pem_bytes = 0; #endif @@ -82,8 +82,9 @@ static ssize_t tls_read(esp_tls_t *tls, char *data, size_t datalen) ESP_LOGE(TAG, "read error :%d:", ret); } } -#else - size_t ret = wolfSSL_read(tls->ssl, (unsigned char *)data, datalen); +#elif CONFIG_SSL_USING_WOLFSSL + + ssize_t ret = wolfSSL_read(tls->ssl, (unsigned char *)data, datalen); if (ret < 0) { ret = wolfSSL_get_error(tls->ssl, ret); /* peer sent close notify */ @@ -193,7 +194,7 @@ esp_err_t esp_tls_set_global_ca_store(const unsigned char *cacert_pem_buf, const ESP_LOGE(TAG, "mbedtls_x509_crt_parse was partly successful. No. of failed certificates: %d", ret); } return ESP_OK; -#else +#elif CONFIG_SSL_USING_WOLFSSL if (global_cacert != NULL) { esp_tls_free_global_ca_store(global_cacert); } @@ -219,7 +220,7 @@ void esp_tls_free_global_ca_store() #if CONFIG_SSL_USING_MBEDTLS mbedtls_x509_crt_free(global_cacert); global_cacert = NULL; -#else +#elif CONFIG_SSL_USING_WOLFSSL free(global_cacert); global_cacert = NULL; global_cacert_pem_bytes = 0; @@ -240,7 +241,7 @@ static void verify_certificate(esp_tls_t *tls) } else { ESP_LOGI(TAG, "Certificate verified."); } -#else +#elif CONFIG_SSL_USING_WOLFSSL int flags; if ((flags = wolfSSL_get_verify_result(tls->ssl)) != WOLFSSL_SUCCESS) { ESP_LOGE(TAG, "Failed to verify peer certificate %d!", flags); @@ -268,7 +269,7 @@ static void esp_tls_cleanup(esp_tls_t *tls) mbedtls_ctr_drbg_free(&tls->ctr_drbg); mbedtls_ssl_free(&tls->ssl); mbedtls_net_free(&tls->server_fd); -#else +#elif CONFIG_SSL_USING_WOLFSSL wolfSSL_shutdown(tls->ssl); wolfSSL_free(tls->ssl); close(tls->sockfd); @@ -386,7 +387,7 @@ static int create_ssl_handle(esp_tls_t *tls, const char *hostname, size_t hostle exit: esp_tls_cleanup(tls); return -1; -#else +#elif CONFIG_SSL_USING_WOLFSSL ret = wolfSSL_Init(); if (ret != WOLFSSL_SUCCESS) { ESP_LOGE(TAG, "Init wolfSSL failed: %d", ret); @@ -483,7 +484,7 @@ static ssize_t tls_write(esp_tls_t *tls, const char *data, size_t datalen) } } return ret; -#else +#elif CONFIG_SSL_USING_WOLFSSL ssize_t ret = wolfSSL_write(tls->ssl, (unsigned char*) data, datalen); if (ret < 0) { if (ret != WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_ERROR_WANT_WRITE) { @@ -580,13 +581,14 @@ static int esp_tls_low_level_conn(const char *hostname, int hostlen, int port, c or MBEDTLS_ERR_SSL_WANT_WRITE during handshake */ return 0; } -#else +#elif CONFIG_SSL_USING_WOLFSSL ret = wolfSSL_connect(tls->ssl); if (ret == WOLFSSL_SUCCESS) { tls->conn_state = ESP_TLS_DONE; return 1; } else { - if (ret != WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_ERROR_WANT_WRITE) { + int err = wolfSSL_get_error(tls->ssl, ret); + if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_WANT_WRITE) { ESP_LOGE(TAG, "wolfSSL_connect returned -0x%x", -ret); if (cfg->cacert_pem_buf != NULL || cfg->use_global_ca_store == true) { /* This is to check whether handshake failed due to invalid certificate*/ @@ -645,13 +647,13 @@ int esp_tls_conn_new_async(const char *hostname, int hostlen, int port, const es size_t esp_tls_get_bytes_avail(esp_tls_t *tls) { -#if CONFIG_SSL_USING_MBEDTLS if (!tls) { ESP_LOGE(TAG, "empty arg passed to esp_tls_get_bytes_avail()"); return ESP_FAIL; } +#if CONFIG_SSL_USING_MBEDTLS return mbedtls_ssl_get_bytes_avail(&tls->ssl); -#else - return 0; +#elif CONFIG_SSL_USING_WOLFSSL + return wolfSSL_pending(tls->ssl); #endif } diff --git a/components/esp_http_client/component.mk b/components/esp_http_client/component.mk index 33891f29..353eac79 100644 --- a/components/esp_http_client/component.mk +++ b/components/esp_http_client/component.mk @@ -9,4 +9,10 @@ ifdef CONFIG_SSL_USING_MBEDTLS COMPONENT_SRCDIRS := . lib COMPONENT_ADD_INCLUDEDIRS := include COMPONENT_PRIV_INCLUDEDIRS := lib/include +endif + +ifdef CONFIG_SSL_USING_WOLFSSL +COMPONENT_SRCDIRS := . lib +COMPONENT_ADD_INCLUDEDIRS := include +COMPONENT_PRIV_INCLUDEDIRS := lib/include endif \ No newline at end of file diff --git a/components/esp_http_client/lib/http_auth.c b/components/esp_http_client/lib/http_auth.c index c406937c..66c71f91 100644 --- a/components/esp_http_client/lib/http_auth.c +++ b/components/esp_http_client/lib/http_auth.c @@ -20,8 +20,8 @@ #include "tcpip_adapter.h" #include "lwip/sockets.h" #include "rom/md5_hash.h" -#include "mbedtls/base64.h" +#include "esp_base64.h" #include "esp_system.h" #include "esp_log.h" @@ -134,17 +134,19 @@ _digest_exit: char *http_auth_basic(const char *username, const char *password) { - int out; char *user_info = NULL; char *digest = NULL; - size_t n = 0; + size_t n = 0, size = 0; asprintf(&user_info, "%s:%s", username, password); HTTP_MEM_CHECK(TAG, user_info, return NULL); - mbedtls_base64_encode(NULL, 0, &n, (const unsigned char *)user_info, strlen(user_info)); - digest = calloc(1, 6 + n + 1); + size = strlen(user_info); + n = (size / 3) * 4 + 1; // String to Base64 length calculation + if (size % 3 != 0) + n += 4; + digest = calloc(1, 6 + n); HTTP_MEM_CHECK(TAG, digest, goto _basic_exit); strcpy(digest, "Basic "); - mbedtls_base64_encode((unsigned char *)digest + 6, n, (size_t *)&out, (const unsigned char *)user_info, strlen(user_info)); + n = esp_base64_encode((const unsigned char *)user_info, strlen(user_info), (unsigned char *)digest + 6, n); _basic_exit: free(user_info); return digest; diff --git a/components/esp_https_ota/component.mk b/components/esp_https_ota/component.mk index 4318dd90..6aba23f2 100644 --- a/components/esp_https_ota/component.mk +++ b/components/esp_https_ota/component.mk @@ -4,4 +4,9 @@ COMPONENT_ADD_INCLUDEDIRS := ifdef CONFIG_SSL_USING_MBEDTLS COMPONENT_SRCDIRS := src COMPONENT_ADD_INCLUDEDIRS := include +endif + +ifdef CONFIG_SSL_USING_WOLFSSL +COMPONENT_SRCDIRS := src +COMPONENT_ADD_INCLUDEDIRS := include endif \ No newline at end of file diff --git a/examples/protocols/esp_http_client/main/esp_http_client_example.c b/examples/protocols/esp_http_client/main/esp_http_client_example.c index 9d564277..9805b860 100644 --- a/examples/protocols/esp_http_client/main/esp_http_client_example.c +++ b/examples/protocols/esp_http_client/main/esp_http_client_example.c @@ -18,6 +18,10 @@ #include "esp_http_client.h" +#if CONFIG_SSL_USING_WOLFSSL +#include "lwip/apps/sntp.h" +#endif + #define MAX_HTTP_RECV_BUFFER 512 static const char *TAG = "HTTP_CLIENT"; @@ -67,6 +71,40 @@ esp_err_t _http_event_handler(esp_http_client_event_t *evt) return ESP_OK; } +#if CONFIG_SSL_USING_WOLFSSL +static void get_time() +{ + struct timeval now; + int sntp_retry_cnt = 0; + int sntp_retry_time = 0; + + sntp_setoperatingmode(0); + sntp_setservername(0, "pool.ntp.org"); + sntp_init(); + + while (1) { + for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) { + vTaskDelay(100 / portTICK_RATE_MS); + gettimeofday(&now, NULL); + } + + if (now.tv_sec < 1525952900) { + sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt; + + if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) { + sntp_retry_cnt ++; + } + + ESP_LOGI(TAG,"SNTP get time failed, retry after %d ms\n", sntp_retry_time); + vTaskDelay(sntp_retry_time / portTICK_RATE_MS); + } else { + ESP_LOGI(TAG,"SNTP get time success\n"); + break; + } + } +} +#endif + static void http_rest() { esp_http_client_config_t config = { @@ -375,6 +413,11 @@ static void https_async() static void http_test_task(void *pvParameters) { +#if CONFIG_SSL_USING_WOLFSSL + /* CA date verification need system time */ + get_time(); +#endif + app_wifi_wait_connected(); ESP_LOGI(TAG, "Connected to AP, begin http example"); http_rest(); diff --git a/examples/system/ota/simple_ota_example/main/simple_ota_example.c b/examples/system/ota/simple_ota_example/main/simple_ota_example.c index 7972f8bd..880cf7f3 100644 --- a/examples/system/ota/simple_ota_example/main/simple_ota_example.c +++ b/examples/system/ota/simple_ota_example/main/simple_ota_example.c @@ -21,6 +21,10 @@ #include "nvs.h" #include "nvs_flash.h" +#if CONFIG_SSL_USING_WOLFSSL +#include "lwip/apps/sntp.h" +#endif + static const char *TAG = "simple_ota_example"; extern const uint8_t server_cert_pem_start[] asm("_binary_ca_cert_pem_start"); extern const uint8_t server_cert_pem_end[] asm("_binary_ca_cert_pem_end"); @@ -33,6 +37,40 @@ static EventGroupHandle_t wifi_event_group; to the AP with an IP? */ const int CONNECTED_BIT = BIT0; +#if CONFIG_SSL_USING_WOLFSSL +static void get_time() +{ + struct timeval now; + int sntp_retry_cnt = 0; + int sntp_retry_time = 0; + + sntp_setoperatingmode(0); + sntp_setservername(0, "pool.ntp.org"); + sntp_init(); + + while (1) { + for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) { + vTaskDelay(100 / portTICK_RATE_MS); + gettimeofday(&now, NULL); + } + + if (now.tv_sec < 1525952900) { + sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt; + + if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) { + sntp_retry_cnt ++; + } + + ESP_LOGI(TAG, "SNTP get time failed, retry after %d ms\n", sntp_retry_time); + vTaskDelay(sntp_retry_time / portTICK_RATE_MS); + } else { + ESP_LOGI(TAG, "SNTP get time success\n"); + break; + } + } +} +#endif + esp_err_t _http_event_handler(esp_http_client_event_t *evt) { switch(evt->event_id) { @@ -105,7 +143,12 @@ static void initialise_wifi(void) void simple_ota_example_task(void * pvParameter) { ESP_LOGI(TAG, "Starting OTA example..."); - + + #if CONFIG_SSL_USING_WOLFSSL + /* CA date verification need system time */ + get_time(); + #endif + /* Wait for the callback to set the CONNECTED_BIT in the event group. */