From 57820f2065f7c8645c6f4c946b06076ad21ef191 Mon Sep 17 00:00:00 2001 From: Suwatchai K Date: Tue, 29 Oct 2024 10:43:12 +0700 Subject: [PATCH] Fix Raspberry Pi Pico compilation error --- library.json | 2 +- library.properties | 2 +- src/ESP_Mail_Client_Version.h | 4 +- src/client/SSLClient/client/BSSL_Helper.cpp | 96 +++++++------- src/client/SSLClient/client/BSSL_Helper.h | 44 ++++--- .../SSLClient/client/BSSL_SSL_Client.cpp | 123 +++++++++++++----- src/client/SSLClient/client/BSSL_SSL_Client.h | 33 +++-- .../SSLClient/client/BSSL_TCP_Client.cpp | 49 ++++--- src/client/SSLClient/client/BSSL_TCP_Client.h | 45 ++++--- 9 files changed, 253 insertions(+), 145 deletions(-) diff --git a/library.json b/library.json index e0486e3..b56d76d 100644 --- a/library.json +++ b/library.json @@ -1,6 +1,6 @@ { "name": "ESP Mail Client", - "version": "3.4.21", + "version": "3.4.22", "keywords": "communication, email, imap, smtp, esp32, esp8266, samd, arduino", "description": "Arduino E-Mail Client Library to send, read and get incoming email notification for ESP32, ESP8266 and SAMD21 devices. The library also supported other Arduino Devices using Clients interfaces e.g. WiFiClient, EthernetClient, and GSMClient.", "repository": { diff --git a/library.properties b/library.properties index 378ab2a..de7f85f 100644 --- a/library.properties +++ b/library.properties @@ -1,6 +1,6 @@ name=ESP Mail Client -version=3.4.21 +version=3.4.22 author=Mobizt diff --git a/src/ESP_Mail_Client_Version.h b/src/ESP_Mail_Client_Version.h index 8cc53ef..c13a4b6 100644 --- a/src/ESP_Mail_Client_Version.h +++ b/src/ESP_Mail_Client_Version.h @@ -3,8 +3,8 @@ #ifndef ESP_MAIL_VERSION -#define ESP_MAIL_VERSION "3.4.21" -#define ESP_MAIL_VERSION_NUM 30421 +#define ESP_MAIL_VERSION "3.4.22" +#define ESP_MAIL_VERSION_NUM 30422 /* The inconsistent file version checking to prevent mixed versions compilation. */ //#define VALID_VERSION_CHECK(ver) (ver == ESP_MAIL_VERSION_NUM) diff --git a/src/client/SSLClient/client/BSSL_Helper.cpp b/src/client/SSLClient/client/BSSL_Helper.cpp index e7ff87f..12d7c5a 100644 --- a/src/client/SSLClient/client/BSSL_Helper.cpp +++ b/src/client/SSLClient/client/BSSL_Helper.cpp @@ -1,4 +1,6 @@ /* + Updated June 12, 2004. + WiFiClientBearSSL- SSL client/server for esp8266 using BearSSL libraries - Mostly compatible with Arduino WiFi shield library and standard WiFiClient/ServerSecure (except for certificate handling). @@ -121,7 +123,7 @@ namespace key_bssl vec->reserve(vec->size() + len); // Allocate extra space all at once for (size_t i = 0; i < len; i++) { - vec->push_back(((uint8_t *)buff)[i]); + vec->push_back((reinterpret_cast(buff))[i]); } } @@ -134,7 +136,7 @@ namespace key_bssl // Clear everything in the Trust Anchor memset(ta, 0, sizeof(*ta)); - br_x509_decoder_init(dc.get(), byte_vector_append, (void *)&vdn); + br_x509_decoder_init(dc.get(), byte_vector_append, reinterpret_cast(&vdn)); br_x509_decoder_push(dc.get(), xc->data, xc->data_len); pk = br_x509_decoder_get_pkey(dc.get()); if (pk == nullptr) @@ -143,7 +145,7 @@ namespace key_bssl } // Copy the raw certificate data - ta->dn.data = (uint8_t *)malloc(vdn.size()); + ta->dn.data = reinterpret_cast(malloc(vdn.size())); if (!ta->dn.data) { return false; // OOM, but nothing yet allocated @@ -161,8 +163,8 @@ namespace key_bssl { case BR_KEYTYPE_RSA: ta->pkey.key_type = BR_KEYTYPE_RSA; - ta->pkey.key.rsa.n = (uint8_t *)malloc(pk->key.rsa.nlen); - ta->pkey.key.rsa.e = (uint8_t *)malloc(pk->key.rsa.elen); + ta->pkey.key.rsa.n = reinterpret_cast(malloc(pk->key.rsa.nlen)); + ta->pkey.key.rsa.e = reinterpret_cast(malloc(pk->key.rsa.elen)); if ((ta->pkey.key.rsa.n == nullptr) || (ta->pkey.key.rsa.e == nullptr)) { free_ta_contents(ta); // OOM, so clean up @@ -176,7 +178,7 @@ namespace key_bssl case BR_KEYTYPE_EC: ta->pkey.key_type = BR_KEYTYPE_EC; ta->pkey.key.ec.curve = pk->key.ec.curve; - ta->pkey.key.ec.q = (uint8_t *)malloc(pk->key.ec.qlen); + ta->pkey.key.ec.q = reinterpret_cast(malloc(pk->key.ec.qlen)); if (ta->pkey.key.ec.q == nullptr) { free_ta_contents(ta); // OOM, so clean up @@ -196,7 +198,7 @@ namespace key_bssl br_x509_trust_anchor *certificate_to_trust_anchor(const br_x509_certificate *xc) { - br_x509_trust_anchor *ta = (br_x509_trust_anchor *)malloc(sizeof(br_x509_trust_anchor)); + br_x509_trust_anchor *ta = reinterpret_cast(malloc(sizeof(br_x509_trust_anchor))); if (!ta) { return nullptr; @@ -287,7 +289,7 @@ namespace key_bssl char *strdupImpl(const char *s) { size_t slen = strlen(s); - char *result = (char *)malloc(slen + 1); + char *result = reinterpret_cast(malloc(slen + 1)); if (!result) return NULL; memcpy(result, s, slen + 1); @@ -305,13 +307,13 @@ namespace key_bssl { return nullptr; } - pem_object po, *pos; - const unsigned char *buff; + pem_object po, *pos = nullptr; + const unsigned char *buff = nullptr; std::vector bv; *num = 0; br_pem_decoder_init(pc.get()); - buff = (const unsigned char *)src; + buff = reinterpret_cast(src); po.name = nullptr; po.data = nullptr; po.data_len = 0; @@ -337,7 +339,7 @@ namespace key_bssl if (inobj) { // Stick data into the vector - po.data = (uint8_t *)malloc(bv.size()); + po.data = reinterpret_cast(malloc(bv.size())); if (po.data) { memcpy(po.data, &bv[0], bv.size()); @@ -369,7 +371,7 @@ namespace key_bssl if (len == 0 && extra_nl) { extra_nl = false; - buff = (const unsigned char *)"\n"; + buff = reinterpret_cast("\n"); len = 1; } } @@ -384,7 +386,7 @@ namespace key_bssl return nullptr; } - pos = (pem_object *)malloc((1 + pem_list.size()) * sizeof(*pos)); + pos = reinterpret_cast(malloc((1 + pem_list.size()) * sizeof(*pos))); if (pos) { *num = pem_list.size(); @@ -399,21 +401,21 @@ namespace key_bssl br_x509_certificate *read_certificates(const char *buff, size_t len, size_t *num) { std::vector cert_list; - pem_object *pos; - size_t u, num_pos; - br_x509_certificate *xcs; + pem_object *pos = nullptr; + size_t u = 0, num_pos = 0; + br_x509_certificate *xcs = nullptr; br_x509_certificate dummy; *num = 0; - if (looks_like_DER((const unsigned char *)buff, len)) + if (looks_like_DER(reinterpret_cast(buff), len)) { - xcs = (br_x509_certificate *)malloc(2 * sizeof(*xcs)); + xcs = reinterpret_cast(malloc(2 * sizeof(*xcs))); if (!xcs) { return nullptr; } - xcs[0].data = (uint8_t *)malloc(len); + xcs[0].data = reinterpret_cast(malloc(len)); if (!xcs[0].data) { free(xcs); @@ -457,7 +459,7 @@ namespace key_bssl dummy.data = nullptr; dummy.data_len = 0; cert_list.push_back(dummy); - xcs = (br_x509_certificate *)malloc(cert_list.size() * sizeof(*xcs)); + xcs = reinterpret_cast(malloc(cert_list.size() * sizeof(*xcs))); if (!xcs) { for (size_t i = 0; i < cert_list.size(); i++) @@ -508,14 +510,14 @@ namespace key_bssl { case BR_KEYTYPE_RSA: rk = br_pkey_decoder_get_rsa(dc.get()); - pk = (public_key *)malloc(sizeof *pk); + pk = reinterpret_cast(malloc(sizeof *pk)); if (!pk) { return nullptr; } pk->key_type = BR_KEYTYPE_RSA; - pk->key.rsa.n = (uint8_t *)malloc(rk->nlen); - pk->key.rsa.e = (uint8_t *)malloc(rk->elen); + pk->key.rsa.n = reinterpret_cast(malloc(rk->nlen)); + pk->key.rsa.e = reinterpret_cast(malloc(rk->elen)); if (!pk->key.rsa.n || !pk->key.rsa.e) { free(pk->key.rsa.n); @@ -531,13 +533,13 @@ namespace key_bssl case BR_KEYTYPE_EC: ek = br_pkey_decoder_get_ec(dc.get()); - pk = (public_key *)malloc(sizeof *pk); + pk = reinterpret_cast(malloc(sizeof *pk)); if (!pk) { return nullptr; } pk->key_type = BR_KEYTYPE_EC; - pk->key.ec.q = (uint8_t *)malloc(ek->qlen); + pk->key.ec.q = reinterpret_cast(malloc(ek->qlen)); if (!pk->key.ec.q) { free(pk); @@ -594,17 +596,17 @@ namespace key_bssl { case BR_KEYTYPE_RSA: rk = br_skey_decoder_get_rsa(dc.get()); - sk = (private_key *)malloc(sizeof *sk); + sk = reinterpret_cast(malloc(sizeof *sk)); if (!sk) { return nullptr; } sk->key_type = BR_KEYTYPE_RSA; - sk->key.rsa.p = (uint8_t *)malloc(rk->plen); - sk->key.rsa.q = (uint8_t *)malloc(rk->qlen); - sk->key.rsa.dp = (uint8_t *)malloc(rk->dplen); - sk->key.rsa.dq = (uint8_t *)malloc(rk->dqlen); - sk->key.rsa.iq = (uint8_t *)malloc(rk->iqlen); + sk->key.rsa.p = reinterpret_cast(malloc(rk->plen)); + sk->key.rsa.q = reinterpret_cast(malloc(rk->qlen)); + sk->key.rsa.dp = reinterpret_cast(malloc(rk->dplen)); + sk->key.rsa.dq = reinterpret_cast(malloc(rk->dqlen)); + sk->key.rsa.iq = reinterpret_cast(malloc(rk->iqlen)); if (!sk->key.rsa.p || !sk->key.rsa.q || !sk->key.rsa.dp || !sk->key.rsa.dq || !sk->key.rsa.iq) { free_private_key(sk); @@ -625,14 +627,14 @@ namespace key_bssl case BR_KEYTYPE_EC: ek = br_skey_decoder_get_ec(dc.get()); - sk = (private_key *)malloc(sizeof *sk); + sk = reinterpret_cast(malloc(sizeof *sk)); if (!sk) { return nullptr; } sk->key_type = BR_KEYTYPE_EC; sk->key.ec.curve = ek->curve; - sk->key.ec.x = (uint8_t *)malloc(ek->xlen); + sk->key.ec.x = reinterpret_cast(malloc(ek->xlen)); if (!sk->key.ec.x) { free_private_key(sk); @@ -688,9 +690,9 @@ namespace key_bssl private_key *sk = nullptr; pem_object *pos = nullptr; - if (looks_like_DER((const unsigned char *)buff, len)) + if (looks_like_DER(reinterpret_cast(buff), len)) { - sk = decode_private_key((const unsigned char *)buff, len); + sk = decode_private_key(reinterpret_cast(buff), len); return sk; } @@ -720,9 +722,9 @@ namespace key_bssl public_key *pk = nullptr; pem_object *pos = nullptr; - if (looks_like_DER((const unsigned char *)buff, len)) + if (looks_like_DER(reinterpret_cast(buff), len)) { - pk = decode_public_key((const unsigned char *)buff, len); + pk = decode_public_key(reinterpret_cast(buff), len); return pk; } size_t num; @@ -749,7 +751,7 @@ namespace key_bssl static uint8_t *loadStream(Stream &stream, size_t size) { - uint8_t *dest = (uint8_t *)malloc(size); + uint8_t *dest = reinterpret_cast(malloc(size)); if (!dest) { return nullptr; // OOM error @@ -806,7 +808,7 @@ namespace bssl bool PublicKey::parse(const char *pemKey) { - return parse((const uint8_t *)pemKey, strlen_P(pemKey)); + return parse(reinterpret_cast(pemKey), strlen_P(pemKey)); } bool PublicKey::parse(const uint8_t *derKey, size_t derLen) @@ -816,7 +818,7 @@ namespace bssl key_bssl::free_public_key(_key); _key = nullptr; } - _key = key_bssl::read_public_key((const char *)derKey, derLen); + _key = key_bssl::read_public_key(reinterpret_cast(derKey), derLen); return _key ? true : false; } @@ -896,7 +898,7 @@ namespace bssl bool PrivateKey::parse(const char *pemKey) { - return parse((const uint8_t *)pemKey, strlen_P(pemKey)); + return parse(reinterpret_cast(pemKey), strlen_P(pemKey)); } bool PrivateKey::parse(const uint8_t *derKey, size_t derLen) @@ -906,7 +908,7 @@ namespace bssl key_bssl::free_private_key(_key); _key = nullptr; } - _key = key_bssl::read_private_key((const char *)derKey, derLen); + _key = key_bssl::read_private_key(reinterpret_cast(derKey), derLen); return _key ? true : false; } @@ -996,13 +998,13 @@ namespace bssl bool X509List::append(const char *pemCert) { - return append((const uint8_t *)pemCert, strlen_P(pemCert)); + return append(reinterpret_cast(pemCert), strlen_P(pemCert)); } bool X509List::append(const uint8_t *derCert, size_t derLen) { size_t numCerts; - br_x509_certificate *newCerts = key_bssl::read_certificates((const char *)derCert, derLen, &numCerts); + br_x509_certificate *newCerts = key_bssl::read_certificates(reinterpret_cast(derCert), derLen, &numCerts); if (!newCerts) { return false; @@ -1010,7 +1012,7 @@ namespace bssl // Add in the certificates br_x509_certificate *saveCert = _cert; - _cert = (br_x509_certificate *)realloc(_cert, (numCerts + _count) * sizeof(br_x509_certificate)); + _cert = reinterpret_cast(realloc(_cert, (numCerts + _count) * sizeof(br_x509_certificate))); if (!_cert) { free(newCerts); @@ -1022,7 +1024,7 @@ namespace bssl // Build TAs for each certificate br_x509_trust_anchor *saveTa = _ta; - _ta = (br_x509_trust_anchor *)realloc(_ta, (numCerts + _count) * sizeof(br_x509_trust_anchor)); + _ta = reinterpret_cast(realloc(_ta, (numCerts + _count) * sizeof(br_x509_trust_anchor))); if (!_ta) { _ta = saveTa; diff --git a/src/client/SSLClient/client/BSSL_Helper.h b/src/client/SSLClient/client/BSSL_Helper.h index cf45189..6c3a373 100644 --- a/src/client/SSLClient/client/BSSL_Helper.h +++ b/src/client/SSLClient/client/BSSL_Helper.h @@ -1,5 +1,7 @@ /* + Updated June 12, 2004. + WiFiClientBearSSL- SSL client/server for esp8266 using BearSSL libraries - Mostly compatible with Arduino WiFi shield library and standard WiFiClient/ServerSecure (except for certificate handling). @@ -173,10 +175,10 @@ namespace bssl { public: PublicKey(); - PublicKey(const char *pemKey); - PublicKey(const uint8_t *derKey, size_t derLen); - PublicKey(Stream &stream, size_t size); - PublicKey(Stream &stream) : PublicKey(stream, stream.available()){}; + explicit PublicKey(const char *pemKey); + explicit PublicKey(const uint8_t *derKey, size_t derLen); + explicit PublicKey(Stream &stream, size_t size); + explicit PublicKey(Stream &stream) : PublicKey(stream, stream.available()){}; ~PublicKey(); bool parse(const char *pemKey); @@ -203,10 +205,10 @@ namespace bssl { public: PrivateKey(); - PrivateKey(const char *pemKey); - PrivateKey(const uint8_t *derKey, size_t derLen); - PrivateKey(Stream &stream, size_t size); - PrivateKey(Stream &stream) : PrivateKey(stream, stream.available()){}; + explicit PrivateKey(const char *pemKey); + explicit PrivateKey(const uint8_t *derKey, size_t derLen); + explicit PrivateKey(Stream &stream, size_t size); + explicit PrivateKey(Stream &stream) : PrivateKey(stream, stream.available()){}; ~PrivateKey(); bool parse(const char *pemKey); @@ -236,10 +238,10 @@ namespace bssl { public: X509List(); - X509List(const char *pemCert); - X509List(const uint8_t *derCert, size_t derLen); - X509List(Stream &stream, size_t size); - X509List(Stream &stream) : X509List(stream, stream.available()){}; + explicit X509List(const char *pemCert); + explicit X509List(const uint8_t *derCert, size_t derLen); + explicit X509List(Stream &stream, size_t size); + explicit X509List(Stream &stream) : X509List(stream, stream.available()){}; ~X509List(); bool append(const char *pemCert); @@ -260,7 +262,7 @@ namespace bssl } // Disable the copy constructor, we're pointer based - X509List(const X509List &that) = delete; + explicit X509List(const X509List &that) = delete; X509List &operator=(const X509List &that) = delete; private: @@ -341,14 +343,14 @@ namespace bssl // Callback for the x509_minimal subject DN static void insecure_subject_dn_append(void *ctx, const void *buf, size_t len) { - br_x509_insecure_context *xc = (br_x509_insecure_context *)ctx; + br_x509_insecure_context *xc = reinterpret_cast(ctx); br_sha256_update(&xc->sha256_subject, buf, len); } // Callback for the x509_minimal issuer DN static void insecure_issuer_dn_append(void *ctx, const void *buf, size_t len) { - br_x509_insecure_context *xc = (br_x509_insecure_context *)ctx; + br_x509_insecure_context *xc = reinterpret_cast(ctx); br_sha256_update(&xc->sha256_issuer, buf, len); } @@ -363,18 +365,18 @@ namespace bssl // Callback for each byte stream in the chain. Only process first cert. static void insecure_append(const br_x509_class **ctx, const unsigned char *buf, size_t len) { - br_x509_insecure_context *xc = (br_x509_insecure_context *)ctx; + br_x509_insecure_context *xc = reinterpret_cast(ctx); // Don't process anything but the first certificate in the chain if (!xc->done_cert) { br_sha1_update(&xc->sha1_cert, buf, len); - br_x509_decoder_push(&xc->ctx, (const void *)buf, len); + br_x509_decoder_push(&xc->ctx, reinterpret_cast(buf), len); } } // Callback on the first byte of any certificate static void insecure_start_chain(const br_x509_class **ctx, const char *server_name) { - br_x509_insecure_context *xc = (br_x509_insecure_context *)ctx; + br_x509_insecure_context *xc = reinterpret_cast(ctx); #if defined(USE_EMBED_SSL_ENGINE) br_x509_decoder_init(&xc->ctx, insecure_subject_dn_append, xc, insecure_issuer_dn_append, xc); #elif defined(ESP32) || defined(USE_LIB_SSL_ENGINE) @@ -390,7 +392,7 @@ namespace bssl // Callback on individual cert end. static void insecure_end_cert(const br_x509_class **ctx) { - br_x509_insecure_context *xc = (br_x509_insecure_context *)ctx; + br_x509_insecure_context *xc = reinterpret_cast(ctx); xc->done_cert = true; } @@ -398,7 +400,7 @@ namespace bssl // Return 0 on validation success, !0 on validation error static unsigned insecure_end_chain(const br_x509_class **ctx) { - const br_x509_insecure_context *xc = (const br_x509_insecure_context *)ctx; + const br_x509_insecure_context *xc = reinterpret_cast(ctx); if (!xc->done_cert) { // BSSL_BSSL_SSL_Client_DEBUG_PRINTF("insecure_end_chain: No cert seen\n"); @@ -432,7 +434,7 @@ namespace bssl // Return the public key from the validator (set by x509_minimal) static const br_x509_pkey *insecure_get_pkey(const br_x509_class *const *ctx, unsigned *usages) { - const br_x509_insecure_context *xc = (const br_x509_insecure_context *)ctx; + const br_x509_insecure_context *xc = reinterpret_cast(ctx); if (usages != nullptr) { *usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN; // I said we were insecure! diff --git a/src/client/SSLClient/client/BSSL_SSL_Client.cpp b/src/client/SSLClient/client/BSSL_SSL_Client.cpp index 2d97629..275d488 100644 --- a/src/client/SSLClient/client/BSSL_SSL_Client.cpp +++ b/src/client/SSLClient/client/BSSL_SSL_Client.cpp @@ -1,7 +1,7 @@ /** - * BSSL_SSL_Client library v1.0.12 for Arduino devices. + * BSSL_SSL_Client library v1.0.17 for Arduino devices. * - * Created September 2, 2003 + * Created October 29, 2024 * * This work contains codes based on WiFiClientSecure from Earle F. Philhower and SSLClient from OSU OPEnS Lab. * @@ -30,7 +30,6 @@ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - #ifndef BSSL_SSL_CLIENT_CPP #define BSSL_SSL_CLIENT_CPP @@ -132,6 +131,9 @@ int BSSL_SSL_Client::connect(IPAddress ip, uint16_t port) if (!mConnectBasicClient(nullptr, ip, port)) return 0; + _connect_with_ip = true; + _session_ts = millis(); + return 1; } @@ -143,6 +145,9 @@ int BSSL_SSL_Client::connect(const char *host, uint16_t port) if (!mConnectBasicClient(host, IPAddress(), port)) return 0; + _connect_with_ip = false; + _session_ts = millis(); + return 1; } @@ -276,15 +281,21 @@ size_t BSSL_SSL_Client::write(const uint8_t *buf, size_t size) if (!mIsClientInitialized(false)) return 0; + if (!mCheckSessionTimeout()) + return 0; + + _session_ts = millis(); + if (!_secure) return _basic_client->write(buf, size); - const char *func_name = __func__; #if defined(ESP_SSLCLIENT_ENABLE_DEBUG) // super debug if (_debug_level >= esp_ssl_debug_dump) ESP_SSLCLIENT_DEBUG_PORT.write(buf, size); #endif + + const char *func_name = __func__; // check if the socket is still open and such if (!mSoftConnected(func_name) || !buf || !size) return 0; @@ -350,8 +361,8 @@ size_t BSSL_SSL_Client::write(uint8_t b) size_t BSSL_SSL_Client::write_P(PGM_P buf, size_t size) { char dest[size]; - memcpy_P((void *)dest, buf, size); - return write((const uint8_t *)dest, size); + memcpy_P(reinterpret_cast(dest), buf, size); + return write(reinterpret_cast(dest), size); } size_t BSSL_SSL_Client::write(Stream &stream) @@ -440,6 +451,7 @@ int BSSL_SSL_Client::connectSSL(IPAddress ip, uint16_t port) _ip = ip; _port = port; + _connect_with_ip = true; return mConnectSSL(nullptr); } @@ -455,6 +467,7 @@ int BSSL_SSL_Client::connectSSL(const char *host, uint16_t port) _host = host; _port = port; + _connect_with_ip = false; return mConnectSSL(host); } @@ -493,10 +506,12 @@ void BSSL_SSL_Client::stop() mFreeSSL(); } -void BSSL_SSL_Client::setTimeout(unsigned int timeoutMs) { _timeout = timeoutMs; } +void BSSL_SSL_Client::setTimeout(unsigned int timeoutMs) { _timeout_ms = timeoutMs; } void BSSL_SSL_Client::setHandshakeTimeout(unsigned int timeoutMs) { _handshake_timeout = timeoutMs; } +void BSSL_SSL_Client::setSessionTimeout(uint32_t seconds) { _tcp_session_timeout = seconds; } + void BSSL_SSL_Client::flush() { if (!_secure && _basic_client) @@ -931,7 +946,7 @@ void BSSL_SSL_Client::setCertStore(CertStoreBase *certStore) // Set custom list of ciphers bool BSSL_SSL_Client::setCiphers(const uint16_t *cipherAry, int cipherCount) { - _cipher_list = (uint16_t *)mallocImpl(cipherCount); + _cipher_list = reinterpret_cast(mallocImpl(cipherCount)); if (!_cipher_list) { #if defined(ESP_SSLCLIENT_ENABLE_DEBUG) @@ -1036,7 +1051,7 @@ void BSSL_SSL_Client::setPrivateKey(const char *private_key) bool BSSL_SSL_Client::loadCACert(Stream &stream, size_t size) { bool ret = false; - auto buff = (char *)mallocImpl(size); + auto buff = reinterpret_cast(mallocImpl(size)); if (size == stream.readBytes(buff, size)) { setCACert(buff); @@ -1049,7 +1064,7 @@ bool BSSL_SSL_Client::loadCACert(Stream &stream, size_t size) bool BSSL_SSL_Client::loadCertificate(Stream &stream, size_t size) { bool ret = false; - auto buff = (char *)mallocImpl(size); + auto buff = reinterpret_cast(mallocImpl(size)); if (size == stream.readBytes(buff, size)) { setCertificate(buff); @@ -1062,7 +1077,7 @@ bool BSSL_SSL_Client::loadCertificate(Stream &stream, size_t size) bool BSSL_SSL_Client::loadPrivateKey(Stream &stream, size_t size) { bool ret = false; - auto buff = (char *)mallocImpl(size); + auto buff = reinterpret_cast(mallocImpl(size)); if (size == stream.readBytes(buff, size)) { setPrivateKey(buff); @@ -1089,8 +1104,9 @@ BSSL_SSL_Client &BSSL_SSL_Client::operator=(const BSSL_SSL_Client &other) stop(); setClient(other._basic_client); _use_insecure = other._use_insecure; - _timeout = other._timeout; + _timeout_ms = other._timeout_ms; _handshake_timeout = other._handshake_timeout; + _tcp_session_timeout = other._tcp_session_timeout; return *this; } @@ -1099,7 +1115,7 @@ bool BSSL_SSL_Client::operator==(const BSSL_SSL_Client &rhs) return _basic_client == rhs._basic_client; } -unsigned int BSSL_SSL_Client::getTimeout() const { return _timeout; } +unsigned int BSSL_SSL_Client::getTimeout() const { return _timeout_ms; } void BSSL_SSL_Client::setSecure(const char *rootCABuff, const char *cli_cert, const char *cli_key) { @@ -1184,7 +1200,7 @@ bool BSSL_SSL_Client::mProbeMaxFragmentLength(Client *probe, uint16_t len) return false; // Invalid size } int ttlLen = sizeof(clientHelloHead_P) + (2 + sizeof(suites_P)) + (sizeof(clientHelloTail_P) + 1); - uint8_t *clientHello = (uint8_t *)mallocImpl(ttlLen); + uint8_t *clientHello = reinterpret_cast(mallocImpl(ttlLen)); if (!clientHello) { #if defined(ESP_SSLCLIENT_ENABLE_DEBUG) @@ -1333,21 +1349,21 @@ bool BSSL_SSL_Client::mProbeMaxFragmentLength(Client *probe, uint16_t len) uint8_t lenBytes[2]; ret = probe->readBytes(lenBytes, 2); handLen -= 2; - uint16_t extLen = lenBytes[1] | (lenBytes[0] << 8); - if ((ret != 2) || (handLen <= 0) || (extLen > 32) || (extLen > handLen)) + uint16_t _extLen = lenBytes[1] | (lenBytes[0] << 8); + if ((ret != 2) || (handLen <= 0) || (_extLen > 32) || (_extLen > handLen)) { return send_abort(probe, supportsLen); } if ((typeBytes[0] == 0x00) && (typeBytes[1] == 0x01)) { // MFLN extension! // If present and 1-byte in length, it's supported - return send_abort(probe, extLen == 1 ? true : false); + return send_abort(probe, _extLen == 1 ? true : false); } // Skip the extension, move to next one uint8_t junk[32]; - ret = probe->readBytes(junk, extLen); - handLen -= extLen; - if (ret != extLen) + ret = probe->readBytes(junk, _extLen); + handLen -= _extLen; + if (ret != _extLen) { return send_abort(probe, supportsLen); } @@ -1453,7 +1469,7 @@ int BSSL_SSL_Client::mConnectSSL(const char *host) #else #define CRTSTORECOND #endif - if (!_use_insecure && !_use_fingerprint && !_use_self_signed && !_knownkey CRTSTORECOND && !_ta) + if (!_use_insecure && !_use_fingerprint && !_use_self_signed && !_knownkey CRTSTORECOND && !_ta && !_esp32_ta) { esp_ssl_debug_print(PSTR("Connection *will* fail, no authentication method is setup."), _debug_level, esp_ssl_debug_warn, __func__); } @@ -1462,8 +1478,8 @@ int BSSL_SSL_Client::mConnectSSL(const char *host) _sc = std::make_shared(); _eng = &_sc->eng; // Allocation/deallocation taken care of by the _sc shared_ptr - _iobuf_in = (unsigned char *)mallocImpl(_iobuf_in_size); - _iobuf_out = (unsigned char *)mallocImpl(_iobuf_out_size); + _iobuf_in = reinterpret_cast(mallocImpl(_iobuf_in_size)); + _iobuf_out = reinterpret_cast(mallocImpl(_iobuf_out_size)); if (!_sc || !_iobuf_in || !_iobuf_out) { @@ -1574,6 +1590,7 @@ int BSSL_SSL_Client::mConnectSSL(const char *host) _handshake_done = true; _is_connected = true; _secure = true; + _session_ts = millis(); // Save session if (_session) @@ -1600,6 +1617,52 @@ bool BSSL_SSL_Client::mConnectionValidate(const char *host, IPAddress ip, uint16 _basic_client->stop(); } + mCheckSessionTimeout(); + + return true; +} + +bool BSSL_SSL_Client::mCheckSessionTimeout() +{ + const char *func_name = __func__; + + if (_tcp_session_timeout >= BSSL_SSL_CLIENT_MIN_SESSION_TIMEOUT_SEC && _session_ts > 0 && millis() - _session_ts > _tcp_session_timeout * 1000) + { + if (_basic_client && _basic_client->connected()) + { +#if defined(ESP_SSLCLIENT_ENABLE_DEBUG) + esp_ssl_debug_print(PSTR("The session was timed out. Starting new server connection."), _debug_level, esp_ssl_debug_info, func_name); +#endif + int ret = 0; + if (!_secure) + { + _basic_client->flush(); + _basic_client->stop(); + + if (_connect_with_ip) + ret = connect(_ip, _port); + else + ret = connect(_host.c_str(), _port); + } + else + { + stop(); + if (_connect_with_ip) + ret = connectSSL(_ip, _port); + else + ret = connectSSL(_host.c_str(), _port); + } + + if (!ret) + { +#if defined(ESP_SSLCLIENT_ENABLE_DEBUG) + esp_ssl_debug_print(PSTR("Failed while starting new server connection."), _debug_level, esp_ssl_debug_error, func_name); +#endif + return false; + } + } + } + return true; } @@ -1785,7 +1848,7 @@ unsigned BSSL_SSL_Client::mUpdateEngine() else if (state & BR_SSL_SENDAPP) { size_t alen; - unsigned char *buf = br_ssl_engine_sendapp_buf(_eng, &alen); + const unsigned char *buf = br_ssl_engine_sendapp_buf(_eng, &alen); // engine check if (alen == 0 || buf == nullptr) { @@ -1938,7 +2001,7 @@ void BSSL_SSL_Client::mPrintSSLState(const unsigned state, int level, const char bool BSSL_SSL_Client::mIsSecurePort(uint16_t port) { - int size = *(&_secure_ports + 1) - _secure_ports; + int size = 26; for (int i = 0; i < size; i++) { if (port == _secure_ports[i]) @@ -1982,7 +2045,7 @@ void BSSL_SSL_Client::mClearAuthenticationSettings() void BSSL_SSL_Client::mClear() { - _timeout = 15000; + _timeout_ms = 15000; _sc = nullptr; _eng = nullptr; _x509_minimal = nullptr; @@ -2116,14 +2179,14 @@ void BSSL_SSL_Client::mFreeSSL() _recvapp_len = 0; // This connection is toast _handshake_done = false; - _timeout = 15000; + _timeout_ms = 15000; _secure = false; _is_connected = false; } uint8_t *BSSL_SSL_Client::mStreamLoad(Stream &stream, size_t size) { - uint8_t *dest = (uint8_t *)malloc(size + 1); + uint8_t *dest = reinterpret_cast(malloc(size + 1)); if (!dest) { return nullptr; @@ -2159,7 +2222,7 @@ void *BSSL_SSL_Client::mallocImpl(size_t len, bool clear) ESP.setExternalHeap(); #endif - p = (void *)malloc(newLen); + p = reinterpret_cast(malloc(newLen)); bool nn = p ? true : false; #if defined(ESP_SSLCLIENT_ESP8266_USE_EXTERNAL_HEAP) @@ -2178,7 +2241,7 @@ void *BSSL_SSL_Client::mallocImpl(size_t len, bool clear) // Free reserved memory at pointer. void BSSL_SSL_Client::freeImpl(void *ptr) { - void **p = (void **)ptr; + void **p = reinterpret_cast(ptr); if (*p) { free(*p); diff --git a/src/client/SSLClient/client/BSSL_SSL_Client.h b/src/client/SSLClient/client/BSSL_SSL_Client.h index 5196de1..95b1652 100644 --- a/src/client/SSLClient/client/BSSL_SSL_Client.h +++ b/src/client/SSLClient/client/BSSL_SSL_Client.h @@ -1,7 +1,7 @@ /** - * BSSL_SSL_Client library v1.0.12 for Arduino devices. + * BSSL_SSL_Client library v1.0.17 for Arduino devices. * - * Created September 2, 2003 + * Created October 29, 2024 * * This work contains codes based on WiFiClientSecure from Earle F. Philhower and SSLClient from OSU OPEnS Lab. * @@ -39,6 +39,15 @@ #include #include "../ESP_SSLClient_FS.h" #include "../ESP_SSLClient_Const.h" + +#if defined(USE_EMBED_SSL_ENGINE) && !defined(ARDUINO_ARCH_RP2040) && !defined(ARDUINO_NANO_RP2040_CONNECT) +#define EMBED_SSL_ENGINE_BASE_OVERRIDE override +#else +#define EMBED_SSL_ENGINE_BASE_OVERRIDE +#endif + +#define BSSL_SSL_CLIENT_MIN_SESSION_TIMEOUT_SEC 60 + #if defined(USE_LIB_SSL_ENGINE) || defined(USE_EMBED_SSL_ENGINE) #include @@ -134,13 +143,15 @@ class BSSL_SSL_Client : public Client void setHandshakeTimeout(unsigned int timeoutMs); + void setSessionTimeout(uint32_t seconds); + void flush() override; void setBufferSizes(int recv, int xmit); - operator bool() { return connected() > 0; } + operator bool() override { return connected() > 0; } - int availableForWrite(); + int availableForWrite() override; void setSession(BearSSL_Session *session); @@ -180,11 +191,11 @@ class BSSL_SSL_Client : public Client bool probeMaxFragmentLength(const String &host, uint16_t port, uint16_t len); - size_t peekAvailable(); + size_t peekAvailable() EMBED_SSL_ENGINE_BASE_OVERRIDE; - const char *peekBuffer(); + const char *peekBuffer() EMBED_SSL_ENGINE_BASE_OVERRIDE; - void peekConsume(size_t consume); + void peekConsume(size_t consume) EMBED_SSL_ENGINE_BASE_OVERRIDE; void setCACert(const char *rootCA); @@ -240,6 +251,8 @@ class BSSL_SSL_Client : public Client bool mConnectionValidate(const char *host, IPAddress ip, uint16_t port); + bool mCheckSessionTimeout(); + int mRunUntil(const unsigned target, unsigned long timeout = 0); unsigned mUpdateEngine(); @@ -336,12 +349,16 @@ class BSSL_SSL_Client : public Client bool _oom_err = false; unsigned char *_recvapp_buf = nullptr; size_t _recvapp_len; - unsigned long _timeout = 15000; + // Renameing from _timeout which also defined in parent's Stream class. + unsigned long _timeout_ms = 15000; unsigned long _handshake_timeout = 60000; + unsigned long _tcp_session_timeout = 0; + unsigned long _session_ts = 0; bool _isSSLEnabled = false; String _host; uint16_t _port = 0; IPAddress _ip; + bool _connect_with_ip = false; }; #endif diff --git a/src/client/SSLClient/client/BSSL_TCP_Client.cpp b/src/client/SSLClient/client/BSSL_TCP_Client.cpp index f9f9007..a0b141d 100644 --- a/src/client/SSLClient/client/BSSL_TCP_Client.cpp +++ b/src/client/SSLClient/client/BSSL_TCP_Client.cpp @@ -1,7 +1,7 @@ /** - * BSSL_TCP_Client v2.0.12 for Arduino devices. + * BSSL_TCP_Client v2.0.14 for Arduino devices. * - * Created August 27, 2023 + * Created June 27, 2024 * * The MIT License (MIT) * Copyright (c) 2023 K. Suwatchai (Mobizt) @@ -72,7 +72,6 @@ BSSL_TCP_Client::BSSL_TCP_Client() BSSL_TCP_Client::~BSSL_TCP_Client() { - stop(); setClient(nullptr); } @@ -98,10 +97,10 @@ int BSSL_TCP_Client::connect(IPAddress ip, uint16_t port, int32_t timeout) if (timeout > 0) { - _timeout = timeout; + _timeout_ms = timeout; if (_basic_client) - _basic_client->setTimeout(_timeout); - _ssl_client.setTimeout(_timeout); + _basic_client->setTimeout(_timeout_ms); + _ssl_client.setTimeout(_timeout_ms); } return _ssl_client.connect(ip, port); @@ -120,10 +119,10 @@ int BSSL_TCP_Client::connect(const char *host, uint16_t port, int32_t timeout) if (timeout > 0) { - _timeout = timeout; + _timeout_ms = timeout; if (_basic_client) - _basic_client->setTimeout(_timeout); - _ssl_client.setTimeout(_timeout); + _basic_client->setTimeout(_timeout_ms); + _ssl_client.setTimeout(_timeout_ms); } return _ssl_client.connect(host, port); @@ -167,7 +166,7 @@ int BSSL_TCP_Client::read(uint8_t *buf, size_t size) int BSSL_TCP_Client::send(const char *data) { - return write((uint8_t *)data, strlen(data)); + return write(reinterpret_cast(data), strlen(data)); } int BSSL_TCP_Client::print(const char *data) @@ -184,7 +183,7 @@ int BSSL_TCP_Client::print(int data) { char buf[64]; memset(buf, 0, 64); - sprintf(buf, (const char *)FPSTR("%d"), data); + sprintf(buf, "%d", data); int ret = send(buf); return ret; } @@ -194,7 +193,7 @@ int BSSL_TCP_Client::println(const char *data) int len = send(data); if (len < 0) return len; - int sz = send((const char *)FPSTR("\r\n")); + int sz = send("\r\n"); if (sz < 0) return sz; return len + sz; @@ -209,7 +208,7 @@ int BSSL_TCP_Client::println(int data) { char buf[64]; memset(buf, 0, 64); - sprintf(buf, (const char *)FPSTR("%d\r\n"), data); + sprintf(buf, "%d\r\n", data); int ret = send(buf); return ret; } @@ -228,7 +227,7 @@ size_t BSSL_TCP_Client::write(uint8_t data) size_t BSSL_TCP_Client::write_P(PGM_P buf, size_t size) { return _ssl_client.write_P(buf, size); } -size_t BSSL_TCP_Client::write(const char *buf) { return write((const uint8_t *)buf, strlen(buf)); } +size_t BSSL_TCP_Client::write(const char *buf) { return write(reinterpret_cast(buf), strlen(buf)); } size_t BSSL_TCP_Client::write(Stream &stream) { return _ssl_client.write(stream); } @@ -267,8 +266,8 @@ void BSSL_TCP_Client::stop() int BSSL_TCP_Client::setTimeout(uint32_t seconds) { - _timeout = seconds * 1000; - _ssl_client.setTimeout(_timeout); + _timeout_ms = seconds * 1000; + _ssl_client.setTimeout(_timeout_ms); return 1; } @@ -280,6 +279,14 @@ void BSSL_TCP_Client::setHandshakeTimeout(unsigned long handshake_timeout) _ssl_client.setHandshakeTimeout(_handshake_timeout); } +void BSSL_TCP_Client::setSessionTimeout(uint32_t seconds) +{ + if (seconds > 0 && seconds < BSSL_SSL_CLIENT_MIN_SESSION_TIMEOUT_SEC) + seconds = BSSL_SSL_CLIENT_MIN_SESSION_TIMEOUT_SEC; + _tcp_session_timeout = seconds; + _ssl_client.setSessionTimeout(seconds); +} + void BSSL_TCP_Client::flush() { if (!_basic_client) @@ -402,7 +409,7 @@ void BSSL_TCP_Client::setPrivateKey(const char *private_key) { return _ssl_clien bool BSSL_TCP_Client::loadCACert(Stream &stream, size_t size) { - char *dest = mStreamLoad(stream, size); + const char *dest = mStreamLoad(stream, size); bool ret = false; if (dest) { @@ -425,10 +432,12 @@ BSSL_TCP_Client &BSSL_TCP_Client::operator=(const BSSL_TCP_Client &other) stop(); setClient(other._basic_client); _use_insecure = other._use_insecure; - _timeout = other._timeout; + _timeout_ms = other._timeout_ms; _handshake_timeout = other._handshake_timeout; - _ssl_client.setTimeout(_timeout); + _tcp_session_timeout = other._tcp_session_timeout; + _ssl_client.setTimeout(_timeout_ms); _ssl_client.setHandshakeTimeout(_handshake_timeout); + _ssl_client.setSessionTimeout(_tcp_session_timeout); if (_use_insecure) _ssl_client.setInsecure(); return *this; @@ -436,7 +445,7 @@ BSSL_TCP_Client &BSSL_TCP_Client::operator=(const BSSL_TCP_Client &other) char *BSSL_TCP_Client::mStreamLoad(Stream &stream, size_t size) { - char *dest = (char *)malloc(size + 1); + char *dest = reinterpret_cast(malloc(size + 1)); if (!dest) { return nullptr; diff --git a/src/client/SSLClient/client/BSSL_TCP_Client.h b/src/client/SSLClient/client/BSSL_TCP_Client.h index f70dbdd..c88ea94 100644 --- a/src/client/SSLClient/client/BSSL_TCP_Client.h +++ b/src/client/SSLClient/client/BSSL_TCP_Client.h @@ -1,7 +1,7 @@ /** - * BSSL_TCP_Client v2.0.12 for Arduino devices. + * BSSL_TCP_Client v2.0.14 for Arduino devices. * - * Created August 27, 2023 + * Created June 27, 2024 * * The MIT License (MIT) * Copyright (c) 2023 K. Suwatchai (Mobizt) @@ -66,8 +66,6 @@ class BSSL_TCP_Client : public Client bool _use_insecure; public: - BSSL_TCP_Client *next; - // The default class constructor BSSL_TCP_Client(); @@ -78,8 +76,8 @@ class BSSL_TCP_Client : public Client * Set the client. * @param client The pointer to Client interface. * @param enableSSL The ssl option; true for enable, false for disable. - * - * Due to the client pointer is assigned, to avoid dangling pointer, + * + * Due to the client pointer is assigned, to avoid dangling pointer, * client should be existed as long as it was used for transportation. */ void setClient(Client *client, bool enableSSL = true); @@ -300,13 +298,13 @@ class BSSL_TCP_Client : public Client void stop() override; /** - * Set the TCP timeout in seconds. + * Set the TCP connection timeout in seconds. * @param seconds The TCP timeout in seconds. */ int setTimeout(uint32_t seconds); /** - * Get the TCP timeout in seconds. + * Get the TCP connection timeout in seconds. * @return The TCP timeout in seconds. */ int getTimeout(); @@ -317,6 +315,21 @@ class BSSL_TCP_Client : public Client */ void setHandshakeTimeout(unsigned long handshake_timeout); + /** + * Set the TCP session timeout in seconds. + * + * @param seconds The TCP session timeout in seconds. + * + * The minimum session timeout value is 60 seconds. + * Set 0 to disable session timed out. + * + * If There is no data to send (write) within this period, + * the current connection will be closed and reconnect. + * + * This requires when ESP32 WiFiClient was used. + */ + void setSessionTimeout(uint32_t seconds); + /** * Wait for all receive buffer data read. */ @@ -329,9 +342,9 @@ class BSSL_TCP_Client : public Client */ void setBufferSizes(int recv, int xmit); - operator bool() { return connected(); } + operator bool() override { return connected(); } - int availableForWrite(); + int availableForWrite() override; void setSession(BearSSL_Session *session); @@ -377,13 +390,13 @@ class BSSL_TCP_Client : public Client bool probeMaxFragmentLength(const String &host, uint16_t port, uint16_t len); - bool hasPeekBufferAPI() const; + bool hasPeekBufferAPI() const EMBED_SSL_ENGINE_BASE_OVERRIDE; - size_t peekAvailable(); + size_t peekAvailable() EMBED_SSL_ENGINE_BASE_OVERRIDE; - const char *peekBuffer(); + const char *peekBuffer() EMBED_SSL_ENGINE_BASE_OVERRIDE; - void peekConsume(size_t consume); + void peekConsume(size_t consume) EMBED_SSL_ENGINE_BASE_OVERRIDE; /** * Set the Root CA or CA certificate. @@ -426,8 +439,10 @@ class BSSL_TCP_Client : public Client uint16_t _port; BSSL_SSL_Client _ssl_client; Client *_basic_client = nullptr; - unsigned long _timeout = 15000; + // Renameing from _timeout which also defined in parent's Stream class. + unsigned long _timeout_ms = 15000; unsigned long _handshake_timeout = 60000; + unsigned long _tcp_session_timeout = 0; char *mStreamLoad(Stream &stream, size_t size); };