feat/wolfssl_http_client: Added wolfssl support to http-client & ota.

Changes:
Client, OTA examples fixed. Bug fixes in esp-tls wolfssl support.

components/esp-tls/esp_tls.c

@@ -30,7 +30,7 @@
 static const char *TAG = "esp-tls";
 #if CONFIG_SSL_USING_MBEDTLS
 static mbedtls_x509_crt *global_cacert = NULL;
-#else
+#elif CONFIG_SSL_USING_WOLFSSL
 static unsigned char *global_cacert = NULL;
 static unsigned int global_cacert_pem_bytes = 0;
 #endif
@@ -82,8 +82,9 @@ static ssize_t tls_read(esp_tls_t *tls, char *data, size_t datalen)
             ESP_LOGE(TAG, "read error :%d:", ret);
         }
     }
-#else
-    size_t ret = wolfSSL_read(tls->ssl, (unsigned char *)data, datalen);
+#elif CONFIG_SSL_USING_WOLFSSL
+    
+    ssize_t ret = wolfSSL_read(tls->ssl, (unsigned char *)data, datalen);
     if (ret < 0) {
         ret = wolfSSL_get_error(tls->ssl, ret);
         /* peer sent close notify */
@@ -193,7 +194,7 @@ esp_err_t esp_tls_set_global_ca_store(const unsigned char *cacert_pem_buf, const
         ESP_LOGE(TAG, "mbedtls_x509_crt_parse was partly successful. No. of failed certificates: %d", ret);
     }
     return ESP_OK;
-#else
+#elif CONFIG_SSL_USING_WOLFSSL
     if (global_cacert != NULL) {
         esp_tls_free_global_ca_store(global_cacert);
     }
@@ -219,7 +220,7 @@ void esp_tls_free_global_ca_store()
 #if CONFIG_SSL_USING_MBEDTLS
         mbedtls_x509_crt_free(global_cacert);
         global_cacert = NULL;
-#else
+#elif CONFIG_SSL_USING_WOLFSSL
         free(global_cacert);
         global_cacert = NULL;
         global_cacert_pem_bytes = 0;
@@ -240,7 +241,7 @@ static void verify_certificate(esp_tls_t *tls)
     } else {
         ESP_LOGI(TAG, "Certificate verified.");
     }
-#else
+#elif CONFIG_SSL_USING_WOLFSSL
     int flags;
     if ((flags = wolfSSL_get_verify_result(tls->ssl)) != WOLFSSL_SUCCESS) {
         ESP_LOGE(TAG, "Failed to verify peer certificate %d!", flags);
@@ -268,7 +269,7 @@ static void esp_tls_cleanup(esp_tls_t *tls)
     mbedtls_ctr_drbg_free(&tls->ctr_drbg);
     mbedtls_ssl_free(&tls->ssl);
     mbedtls_net_free(&tls->server_fd);
-#else
+#elif CONFIG_SSL_USING_WOLFSSL
     wolfSSL_shutdown(tls->ssl);
     wolfSSL_free(tls->ssl);
     close(tls->sockfd);
@@ -386,7 +387,7 @@ static int create_ssl_handle(esp_tls_t *tls, const char *hostname, size_t hostle
 exit:
     esp_tls_cleanup(tls);
     return -1;
-#else
+#elif CONFIG_SSL_USING_WOLFSSL
     ret = wolfSSL_Init();
     if (ret != WOLFSSL_SUCCESS) {
         ESP_LOGE(TAG, "Init wolfSSL failed: %d", ret);
@@ -483,7 +484,7 @@ static ssize_t tls_write(esp_tls_t *tls, const char *data, size_t datalen)
         }
     }
     return ret;
-#else
+#elif CONFIG_SSL_USING_WOLFSSL
     ssize_t ret = wolfSSL_write(tls->ssl, (unsigned char*) data, datalen);
     if (ret < 0) {
         if (ret != WOLFSSL_ERROR_WANT_READ  && ret != WOLFSSL_ERROR_WANT_WRITE) {
@@ -580,13 +581,14 @@ static int esp_tls_low_level_conn(const char *hostname, int hostlen, int port, c
                    or MBEDTLS_ERR_SSL_WANT_WRITE during handshake */
                 return 0;
             }
-#else
+#elif CONFIG_SSL_USING_WOLFSSL
             ret = wolfSSL_connect(tls->ssl);
             if (ret == WOLFSSL_SUCCESS) {
                 tls->conn_state = ESP_TLS_DONE;
                 return 1;
             } else {
-                if (ret != WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_ERROR_WANT_WRITE) {
+                int err = wolfSSL_get_error(tls->ssl, ret);
+                if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_WANT_WRITE) {
                     ESP_LOGE(TAG, "wolfSSL_connect returned -0x%x", -ret);
                     if (cfg->cacert_pem_buf != NULL || cfg->use_global_ca_store == true) {
                         /* This is to check whether handshake failed due to invalid certificate*/
@@ -645,13 +647,13 @@ int esp_tls_conn_new_async(const char *hostname, int hostlen, int port, const es
 
 size_t esp_tls_get_bytes_avail(esp_tls_t *tls)
 {
-#if CONFIG_SSL_USING_MBEDTLS
     if (!tls) {
         ESP_LOGE(TAG, "empty arg passed to esp_tls_get_bytes_avail()");
         return ESP_FAIL;
     }
+#if CONFIG_SSL_USING_MBEDTLS
     return mbedtls_ssl_get_bytes_avail(&tls->ssl);
-#else
-    return 0;
+#elif CONFIG_SSL_USING_WOLFSSL
+    return wolfSSL_pending(tls->ssl);
 #endif
 }

components/esp_http_client/component.mk

@@ -10,3 +10,9 @@ COMPONENT_SRCDIRS := . lib
 COMPONENT_ADD_INCLUDEDIRS := include
 COMPONENT_PRIV_INCLUDEDIRS := lib/include
 endif
+
+ifdef CONFIG_SSL_USING_WOLFSSL
+COMPONENT_SRCDIRS := . lib
+COMPONENT_ADD_INCLUDEDIRS := include
+COMPONENT_PRIV_INCLUDEDIRS := lib/include
+endif

components/esp_http_client/lib/http_auth.c

@@ -20,8 +20,8 @@
 #include "tcpip_adapter.h"
 #include "lwip/sockets.h"
 #include "rom/md5_hash.h"
-#include "mbedtls/base64.h"
 
+#include "esp_base64.h"
 #include "esp_system.h"
 #include "esp_log.h"
 
@@ -134,17 +134,19 @@ _digest_exit:
 
 char *http_auth_basic(const char *username, const char *password)
 {
-    int out;
     char *user_info = NULL;
     char *digest = NULL;
-    size_t n = 0;
+    size_t n = 0, size = 0;
     asprintf(&user_info, "%s:%s", username, password);
     HTTP_MEM_CHECK(TAG, user_info, return NULL);
-    mbedtls_base64_encode(NULL, 0, &n, (const unsigned char *)user_info, strlen(user_info));
-    digest = calloc(1, 6 + n + 1);
+    size = strlen(user_info);
+    n = (size / 3) * 4 + 1; // String to Base64 length calculation
+    if (size % 3 != 0)
+        n += 4;
+    digest = calloc(1, 6 + n);
     HTTP_MEM_CHECK(TAG, digest, goto _basic_exit);
     strcpy(digest, "Basic ");
-    mbedtls_base64_encode((unsigned char *)digest + 6, n, (size_t *)&out, (const unsigned char *)user_info, strlen(user_info));
+    n = esp_base64_encode((const unsigned char *)user_info, strlen(user_info), (unsigned char *)digest + 6, n);
 _basic_exit:
     free(user_info);
     return digest;

components/esp_https_ota/component.mk

@@ -5,3 +5,8 @@ ifdef CONFIG_SSL_USING_MBEDTLS
 COMPONENT_SRCDIRS := src
 COMPONENT_ADD_INCLUDEDIRS := include
 endif
+
+ifdef CONFIG_SSL_USING_WOLFSSL
+COMPONENT_SRCDIRS := src
+COMPONENT_ADD_INCLUDEDIRS := include
+endif

examples/protocols/esp_http_client/main/esp_http_client_example.c

@@ -18,6 +18,10 @@
 
 #include "esp_http_client.h"
 
+#if CONFIG_SSL_USING_WOLFSSL
+#include "lwip/apps/sntp.h"
+#endif
+
 #define MAX_HTTP_RECV_BUFFER 512
 static const char *TAG = "HTTP_CLIENT";
 
@@ -67,6 +71,40 @@ esp_err_t _http_event_handler(esp_http_client_event_t *evt)
     return ESP_OK;
 }
 
+#if CONFIG_SSL_USING_WOLFSSL
+static void get_time()
+{
+    struct timeval now;
+    int sntp_retry_cnt = 0;
+    int sntp_retry_time = 0;
+
+    sntp_setoperatingmode(0);
+    sntp_setservername(0, "pool.ntp.org");
+    sntp_init();
+
+    while (1) {
+        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
+            vTaskDelay(100 / portTICK_RATE_MS);
+            gettimeofday(&now, NULL);
+        }
+
+        if (now.tv_sec < 1525952900) {
+            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
+
+            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
+                sntp_retry_cnt ++;
+            }
+
+            ESP_LOGI(TAG,"SNTP get time failed, retry after %d ms\n", sntp_retry_time);
+            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
+        } else {
+            ESP_LOGI(TAG,"SNTP get time success\n");
+            break;
+        }
+    }
+}
+#endif
+
 static void http_rest()
 {
     esp_http_client_config_t config = {
@@ -375,6 +413,11 @@ static void https_async()
 
 static void http_test_task(void *pvParameters)
 {
+#if CONFIG_SSL_USING_WOLFSSL
+    /* CA date verification need system time */
+    get_time();
+#endif
+
     app_wifi_wait_connected();
     ESP_LOGI(TAG, "Connected to AP, begin http example");
     http_rest();

examples/system/ota/simple_ota_example/main/simple_ota_example.c

@@ -21,6 +21,10 @@
 #include "nvs.h"
 #include "nvs_flash.h"
 
+#if CONFIG_SSL_USING_WOLFSSL
+#include "lwip/apps/sntp.h"
+#endif
+
 static const char *TAG = "simple_ota_example";
 extern const uint8_t server_cert_pem_start[] asm("_binary_ca_cert_pem_start");
 extern const uint8_t server_cert_pem_end[] asm("_binary_ca_cert_pem_end");
@@ -33,6 +37,40 @@ static EventGroupHandle_t wifi_event_group;
    to the AP with an IP? */
 const int CONNECTED_BIT = BIT0;
 
+#if CONFIG_SSL_USING_WOLFSSL
+static void get_time()
+{
+    struct timeval now;
+    int sntp_retry_cnt = 0;
+    int sntp_retry_time = 0;
+
+    sntp_setoperatingmode(0);
+    sntp_setservername(0, "pool.ntp.org");
+    sntp_init();
+
+    while (1) {
+        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
+            vTaskDelay(100 / portTICK_RATE_MS);
+            gettimeofday(&now, NULL);
+        }
+
+        if (now.tv_sec < 1525952900) {
+            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
+
+            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
+                sntp_retry_cnt ++;
+            }
+
+            ESP_LOGI(TAG, "SNTP get time failed, retry after %d ms\n", sntp_retry_time);
+            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
+        } else {
+            ESP_LOGI(TAG, "SNTP get time success\n");
+            break;
+        }
+    }
+}
+#endif
+
 esp_err_t _http_event_handler(esp_http_client_event_t *evt)
 {
     switch(evt->event_id) {
@@ -106,6 +144,11 @@ void simple_ota_example_task(void * pvParameter)
 {
     ESP_LOGI(TAG, "Starting OTA example...");
     
+    #if CONFIG_SSL_USING_WOLFSSL
+    /* CA date verification need system time */
+    get_time();
+    #endif
+    
     /* Wait for the callback to set the CONNECTED_BIT in the
        event group.
     */