From 46232cdf474e181f07c1a89105fd6778cd149a30 Mon Sep 17 00:00:00 2001 From: pennam Date: Wed, 12 Feb 2025 17:03:34 +0100 Subject: [PATCH 1/9] ssl_client: remove unused parameters from ssl_stop --- libraries/SSLClient/src/SSLClient.cpp | 2 +- libraries/SSLClient/src/ssl_client.cpp | 4 ++-- libraries/SSLClient/src/ssl_client.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/libraries/SSLClient/src/SSLClient.cpp b/libraries/SSLClient/src/SSLClient.cpp index f763923a9..9496ce314 100644 --- a/libraries/SSLClient/src/SSLClient.cpp +++ b/libraries/SSLClient/src/SSLClient.cpp @@ -102,7 +102,7 @@ void SSLClient::stop() _connected = false; _peek = -1; } - stop_ssl_socket(sslclient, _CA_cert, _cert, _private_key); + stop_ssl_socket(sslclient); } int SSLClient::connect(IPAddress ip, uint16_t port) diff --git a/libraries/SSLClient/src/ssl_client.cpp b/libraries/SSLClient/src/ssl_client.cpp index 5a334ecdf..3d870bd8c 100644 --- a/libraries/SSLClient/src/ssl_client.cpp +++ b/libraries/SSLClient/src/ssl_client.cpp @@ -336,7 +336,7 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p memset(buf, 0, sizeof(buf)); mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", flags); log_e("Failed to verify peer certificate! verification info: %s", buf); - stop_ssl_socket(ssl_client, rootCABuff, cli_cert, cli_key); //It's not safe continue. + stop_ssl_socket(ssl_client); //It's not safe continue. return handle_error(ret); } else { @@ -361,7 +361,7 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p } -void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key) +void stop_ssl_socket(sslclient_context *ssl_client) { log_v("Cleaning SSL connection."); diff --git a/libraries/SSLClient/src/ssl_client.h b/libraries/SSLClient/src/ssl_client.h index 2951e1193..93e7bbbbc 100644 --- a/libraries/SSLClient/src/ssl_client.h +++ b/libraries/SSLClient/src/ssl_client.h @@ -43,7 +43,7 @@ typedef struct sslclient_context { void ssl_init(sslclient_context *ssl_client, Client *client, const char *ca_path); int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t port, int timeout, const char *rootCABuff, const char *rootCAPath, const char *cli_cert, const char *cli_key, const char *pskIdent, const char *psKey, bool insecure); -void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key); +void stop_ssl_socket(sslclient_context *ssl_client); int data_to_read(sslclient_context *ssl_client); int send_ssl_data(sslclient_context *ssl_client, const uint8_t *data, uint16_t len); int get_ssl_receive(sslclient_context *ssl_client, uint8_t *data, int length); From b0f6711fb99bfd1e6654c405830a673685e6701e Mon Sep 17 00:00:00 2001 From: pennam Date: Wed, 12 Feb 2025 17:06:07 +0100 Subject: [PATCH 2/9] ssl_client: trim text --- libraries/SSLClient/src/ssl_client.cpp | 28 +++++++++++++------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/libraries/SSLClient/src/ssl_client.cpp b/libraries/SSLClient/src/ssl_client.cpp index 3d870bd8c..7ad11cf9a 100644 --- a/libraries/SSLClient/src/ssl_client.cpp +++ b/libraries/SSLClient/src/ssl_client.cpp @@ -52,11 +52,11 @@ static int _handle_error(int err, const char * file, int line) */ static int client_net_recv( void *ctx, unsigned char *buf, size_t len ) { Client *client = (Client*)ctx; - if (!client) { + if (!client) { log_e("Uninitialised!"); return -1; } - + //if (!client->connected()) { // log_e("Not connected!"); // return -2; @@ -68,14 +68,14 @@ static int client_net_recv( void *ctx, unsigned char *buf, size_t len ) { if (result > 0) { //esp_log_buffer_hexdump_internal("SSL.RD", buf, (uint16_t)result, ESP_LOG_VERBOSE); } - + return result; } int client_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, uint32_t timeout ) { Client *client = (Client*)ctx; - if (!client) { + if (!client) { log_e("Uninitialised!"); return -1; } @@ -90,9 +90,9 @@ int client_net_recv_timeout( void *ctx, unsigned char *buf, delay(1); } else break; } while (millis() < tms); - + int result = client->read(buf, len); - + // lwIP interface return -1 if there is no data to read // report without throwing errors or block if (result <= 0) return MBEDTLS_ERR_SSL_WANT_READ; @@ -102,7 +102,7 @@ int client_net_recv_timeout( void *ctx, unsigned char *buf, if (result > 0) { //esp_log_buffer_hexdump_internal("SSL.RD", buf, (uint16_t)result, ESP_LOG_VERBOSE); } - + return result; } @@ -121,20 +121,20 @@ int client_net_recv_timeout( void *ctx, unsigned char *buf, */ static int client_net_send( void *ctx, const unsigned char *buf, size_t len ) { Client *client = (Client*)ctx; - if (!client) { + if (!client) { log_e("Uninitialised!"); return -1; } - + //if (!client->connected()) { // log_e("Not connected!"); // return -2; //} - + //esp_log_buffer_hexdump_internal("SSL.WR", buf, (uint16_t)len, ESP_LOG_VERBOSE); - + int result = client->write(buf, len); - + log_d("SSL client TX res=%d len=%d", result, len); return result; } @@ -342,7 +342,7 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p } else { log_v("Certificate verified."); } - + if ((rootCABuff != NULL) || ((rootCAPath != NULL))) { log_d("free buffer"); mbedtls_x509_crt_free(&ssl_client->ca_cert); @@ -354,7 +354,7 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p if (cli_key != NULL) { mbedtls_pk_free(&ssl_client->client_key); - } + } //return ssl_client->socket; return 1; From 92a80225f44c49a78a1cbcb7c1a1fa258c47ca5e Mon Sep 17 00:00:00 2001 From: pennam Date: Wed, 12 Feb 2025 17:19:58 +0100 Subject: [PATCH 3/9] sslclient: do not compile unused static function --- libraries/SSLClient/src/ssl_client.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libraries/SSLClient/src/ssl_client.cpp b/libraries/SSLClient/src/ssl_client.cpp index 7ad11cf9a..18157066e 100644 --- a/libraries/SSLClient/src/ssl_client.cpp +++ b/libraries/SSLClient/src/ssl_client.cpp @@ -38,6 +38,7 @@ static int _handle_error(int err, const char * file, int line) #define handle_error(e) _handle_error(e, __FUNCTION__, __LINE__) +#if defined(SSL_CLIENT_RECV_DISABLE_TIMEOUT) /** * \brief Read at most 'len' characters. If no error occurs, * the actual amount read is returned. @@ -71,8 +72,8 @@ static int client_net_recv( void *ctx, unsigned char *buf, size_t len ) { return result; } - -int client_net_recv_timeout( void *ctx, unsigned char *buf, +#else +static int client_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, uint32_t timeout ) { Client *client = (Client*)ctx; if (!client) { @@ -105,7 +106,7 @@ int client_net_recv_timeout( void *ctx, unsigned char *buf, return result; } - +#endif /** * \brief Write at most 'len' characters. If no error occurs, From d25db7f1d743423523ca1acf24ba1328b87c1270 Mon Sep 17 00:00:00 2001 From: pennam Date: Wed, 12 Feb 2025 17:20:40 +0100 Subject: [PATCH 4/9] ssl_client: fix unsigned comparison --- libraries/SSLClient/src/ssl_client.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/SSLClient/src/ssl_client.cpp b/libraries/SSLClient/src/ssl_client.cpp index 18157066e..ab02914a9 100644 --- a/libraries/SSLClient/src/ssl_client.cpp +++ b/libraries/SSLClient/src/ssl_client.cpp @@ -226,7 +226,7 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p } unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = strlen(psKey)/2; - for (int j=0; j= '0' && c <= '9') c -= '0'; else if (c >= 'A' && c <= 'F') c -= 'A' - 10; From a2fbb049d47ba4e64942973961561aef50b3d2b2 Mon Sep 17 00:00:00 2001 From: pennam Date: Wed, 12 Feb 2025 17:38:54 +0100 Subject: [PATCH 5/9] SSLClient: fix stop() --- libraries/SSLClient/src/SSLClient.cpp | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/libraries/SSLClient/src/SSLClient.cpp b/libraries/SSLClient/src/SSLClient.cpp index 9496ce314..d62baa1fd 100644 --- a/libraries/SSLClient/src/SSLClient.cpp +++ b/libraries/SSLClient/src/SSLClient.cpp @@ -97,12 +97,9 @@ void SSLClient::setClient(Client& client) void SSLClient::stop() { - if (sslclient->client >= 0) { - //sslclient->client->stop(); - _connected = false; - _peek = -1; - } stop_ssl_socket(sslclient); + _connected = false; + _peek = -1; } int SSLClient::connect(IPAddress ip, uint16_t port) From 7922c8bc8597203101500a27237aaa159cd3c573 Mon Sep 17 00:00:00 2001 From: pennam Date: Wed, 12 Feb 2025 17:40:06 +0100 Subject: [PATCH 6/9] ssl_debug: suppress unused variable warning --- libraries/SSLClient/src/ssl_debug.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libraries/SSLClient/src/ssl_debug.cpp b/libraries/SSLClient/src/ssl_debug.cpp index e22ef0429..32f6964c3 100644 --- a/libraries/SSLClient/src/ssl_debug.cpp +++ b/libraries/SSLClient/src/ssl_debug.cpp @@ -20,7 +20,7 @@ #include "ssl_debug.h" void ssl_debug_print(const char *format, ...) { - char debug_buf[1024]; + char debug_buf[1024]; va_list argptr; va_start(argptr, format); vsnprintf(debug_buf, sizeof(debug_buf), format, argptr); @@ -29,7 +29,7 @@ void ssl_debug_print(const char *format, ...) { } void ssl_debug_println(const char *format, ...) { - char debug_buf[1024]; + char debug_buf[1024]; va_list argptr; va_start(argptr, format); vsnprintf(debug_buf, sizeof(debug_buf), format, argptr); @@ -43,6 +43,7 @@ void ssl_debug_none(const char *format, ...) { void mbedtls_debug_print(void *ctx, int level, const char *file, int line, const char *str) { + ((void) ctx); ((void) level); ssl_debug_print("%s:%04d: %s", file, line, str); } From 6a66623f6bc341d3843bcfc437ac74730ff26894 Mon Sep 17 00:00:00 2001 From: pennam Date: Wed, 12 Feb 2025 17:40:58 +0100 Subject: [PATCH 7/9] ssl_debug: rename DEBUG_LEVEL to SSL_DEBUG_LEVEL --- libraries/SSLClient/src/ssl_client.cpp | 2 +- libraries/SSLClient/src/ssl_debug.h | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/libraries/SSLClient/src/ssl_client.cpp b/libraries/SSLClient/src/ssl_client.cpp index ab02914a9..bb4f0aa15 100644 --- a/libraries/SSLClient/src/ssl_client.cpp +++ b/libraries/SSLClient/src/ssl_client.cpp @@ -153,7 +153,7 @@ void ssl_init(sslclient_context *ssl_client, Client *client, const char * ca_pat mbedtls_ssl_conf_ciphersuites(&ssl_client->ssl_conf, mbedtls_ssl_list_ciphersuites()); mbedtls_ssl_conf_dbg(&ssl_client->ssl_conf, mbedtls_debug_print, NULL); - mbedtls_debug_set_threshold(DEBUG_LEVEL); + mbedtls_debug_set_threshold(SSL_DEBUG_LEVEL); mbedtls_fs_init(ca_path); } diff --git a/libraries/SSLClient/src/ssl_debug.h b/libraries/SSLClient/src/ssl_debug.h index 02d632399..7560e6f5f 100644 --- a/libraries/SSLClient/src/ssl_debug.h +++ b/libraries/SSLClient/src/ssl_debug.h @@ -29,33 +29,33 @@ * 4: DEBUG * 5: VERBOSE */ -#define DEBUG_LEVEL 1 +#define SSL_DEBUG_LEVEL 1 -#if DEBUG_LEVEL > 0 +#if SSL_DEBUG_LEVEL > 0 #define log_e ssl_debug_println #else #define log_e ssl_debug_none #endif -#if DEBUG_LEVEL > 1 +#if SSL_DEBUG_LEVEL > 1 #define log_w ssl_debug_println #else #define log_w ssl_debug_none #endif -#if DEBUG_LEVEL > 2 +#if SSL_DEBUG_LEVEL > 2 #define log_i ssl_debug_println #else #define log_i ssl_debug_none #endif -#if DEBUG_LEVEL > 3 +#if SSL_DEBUG_LEVEL > 3 #define log_d ssl_debug_println #else #define log_d ssl_debug_none #endif - -#if DEBUG_LEVEL > 4 + +#if SSL_DEBUG_LEVEL > 4 #define log_v ssl_debug_println #else #define log_v ssl_debug_none From 01cf5704648016322f29e264ece4145e5d820a3a Mon Sep 17 00:00:00 2001 From: pennam Date: Wed, 12 Feb 2025 17:49:51 +0100 Subject: [PATCH 8/9] SSLClient: fix connect using pre shared key --- libraries/SSLClient/src/SSLClient.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libraries/SSLClient/src/SSLClient.cpp b/libraries/SSLClient/src/SSLClient.cpp index d62baa1fd..e5968cf1e 100644 --- a/libraries/SSLClient/src/SSLClient.cpp +++ b/libraries/SSLClient/src/SSLClient.cpp @@ -147,12 +147,12 @@ int SSLClient::connect(const char *host, uint16_t port, const char *_CA_cert, co } int SSLClient::connect(IPAddress ip, uint16_t port, const char *pskIdent, const char *psKey) { - return connect(ip.toString().c_str(), port,_pskIdent, _psKey); + return connect(ip.toString().c_str(), port, pskIdent, psKey); } int SSLClient::connect(const char *host, uint16_t port, const char *pskIdent, const char *psKey) { log_v("start_ssl_client with PSK"); - int ret = start_ssl_client(sslclient, host, port, _timeout, NULL, NULL, NULL, NULL, _pskIdent, _psKey, _use_insecure); + int ret = start_ssl_client(sslclient, host, port, _timeout, NULL, NULL, NULL, NULL, pskIdent, psKey, _use_insecure); _lastError = ret; if (ret < 0) { log_e("start_ssl_client: %d", ret); From deca0abb6534d1ab517225fa4f6f38a2841bf311 Mon Sep 17 00:00:00 2001 From: pennam Date: Fri, 14 Feb 2025 12:22:48 +0100 Subject: [PATCH 9/9] ssl_client: change type to uint16_t to store client->available() return value --- libraries/SSLClient/src/ssl_client.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libraries/SSLClient/src/ssl_client.cpp b/libraries/SSLClient/src/ssl_client.cpp index bb4f0aa15..8cbe57f2d 100644 --- a/libraries/SSLClient/src/ssl_client.cpp +++ b/libraries/SSLClient/src/ssl_client.cpp @@ -82,11 +82,11 @@ static int client_net_recv_timeout( void *ctx, unsigned char *buf, } unsigned long start = millis(); unsigned long tms = start + timeout; - int pending = client->available(); + uint16_t pending = client->available(); // If there is data in the client, wait for message completion if((pending > 0) && (pending < len)) do { - int pending = client->available(); + uint16_t pending = client->available(); if (pending < len && timeout > 0) { delay(1); } else break;