feat(esp-tls): adds per ssl context state management

2026-04-27 19:13:21 +00:00 · 2026-02-05 16:31:22 +08:00
parent f0f8183281
commit 20a6888b41
3 changed files with 23 additions and 24 deletions
@@ -6,10 +6,6 @@

 #pragma once

-/**
- * @brief      ESP-TLS Connection Handle
- */
-
 #include <stdbool.h>
 #include <sys/socket.h>
 #include <fcntl.h>
@@ -23,12 +19,15 @@
 #include "mbedtls/error.h"
 #ifdef CONFIG_ESP_TLS_SERVER_SESSION_TICKETS
 #include "mbedtls/ssl_ticket.h"
-#endif
+#endif /* CONFIG_ESP_TLS_SERVER_SESSION_TICKETS */
 #ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3
 #include "psa/crypto.h"
-#endif
-#endif
+#endif /* CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif /* CONFIG_ESP_TLS_USING_MBEDTLS */

+/**
+ * @brief      ESP-TLS Connection Handle
+ */
 struct esp_tls {
 #ifdef CONFIG_ESP_TLS_USING_MBEDTLS
    mbedtls_ssl_context ssl;                                                    /*!< TLS/SSL context */
@@ -17,13 +17,9 @@ int __wrap_mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl);

 static const char *TAG = "SSL client";

-static int manage_resource(mbedtls_ssl_context *ssl, bool add)
+static int manage_resource(mbedtls_ssl_context *ssl, bool add, int prev_state)
 {
-    static _Thread_local int last_state = 0;
-    int state = add ? ssl->MBEDTLS_PRIVATE(state) : last_state;
-    if (add) {
-        last_state = state;
-    }
+    int state = add ? ssl->MBEDTLS_PRIVATE(state) : prev_state;

    if (mbedtls_ssl_is_handshake_over(ssl) || ssl->MBEDTLS_PRIVATE(handshake) == NULL) {
        return 0;
@@ -264,33 +260,36 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)

 int __wrap_mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
 {
-    CHECK_OK(manage_resource(ssl, true));
+    int prev_state = ssl->MBEDTLS_PRIVATE(state);
+    CHECK_OK(manage_resource(ssl, true, prev_state));

    CHECK_OK(__real_mbedtls_ssl_handshake_client_step(ssl));

-    CHECK_OK(manage_resource(ssl, false));
+    CHECK_OK(manage_resource(ssl, false, prev_state));

    return 0;
 }

 int __wrap_mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl)
 {
-    CHECK_OK(manage_resource(ssl, true));
+    int prev_state = ssl->MBEDTLS_PRIVATE(state);
+    CHECK_OK(manage_resource(ssl, true, prev_state));

    CHECK_OK(__real_mbedtls_ssl_tls13_handshake_client_step(ssl));

-    CHECK_OK(manage_resource(ssl, false));
+    CHECK_OK(manage_resource(ssl, false, prev_state));

    return 0;
 }

 int __wrap_mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl)
 {
-    CHECK_OK(manage_resource(ssl, true));
+    int prev_state = ssl->MBEDTLS_PRIVATE(state);
+    CHECK_OK(manage_resource(ssl, true, prev_state));

    CHECK_OK(__real_mbedtls_ssl_write_client_hello(ssl));

-    CHECK_OK(manage_resource(ssl, false));
+    CHECK_OK(manage_resource(ssl, false, prev_state));

    return 0;
 }
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2026 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -29,9 +29,9 @@ static bool ssl_ciphersuite_uses_rsa_key_ex(mbedtls_ssl_context *ssl)
 }
 #endif

-static int manage_resource(mbedtls_ssl_context *ssl, bool add)
+static int manage_resource(mbedtls_ssl_context *ssl, bool add, int prev_state)
 {
-    int state = add ? ssl->MBEDTLS_PRIVATE(state) : ssl->MBEDTLS_PRIVATE(state) - 1;
+    int state = add ? ssl->MBEDTLS_PRIVATE(state) : prev_state;

    if (mbedtls_ssl_is_handshake_over(ssl) || ssl->MBEDTLS_PRIVATE(handshake) == NULL) {
        return 0;
@@ -207,11 +207,12 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)

 int __wrap_mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
 {
-    CHECK_OK(manage_resource(ssl, true));
+    int prev_state = ssl->MBEDTLS_PRIVATE(state);
+    CHECK_OK(manage_resource(ssl, true, prev_state));

    CHECK_OK(__real_mbedtls_ssl_handshake_server_step(ssl));

-    CHECK_OK(manage_resource(ssl, false));
+    CHECK_OK(manage_resource(ssl, false, prev_state));

    return 0;
 }