ssl optimizations

Me No Dev · Me No Dev · commit f472595a08d3 · 2016-08-25T19:02:21.000+03:00
diff --git a/src/ESPAsyncTCP.cpp b/src/ESPAsyncTCP.cpp
@@ -30,9 +30,6 @@ extern "C"{
 }
 #include <tcp_axtls.h>
 
-
-bool AsyncServer::_ssl_hasClient = false;
-
 /*
   Async TCP Client
 */
@@ -233,7 +230,7 @@ size_t AsyncClient::add(const char* data, size_t size) {
     int sent = tcp_ssl_write(_pcb, (uint8_t*)data, size);
     if(sent >= 0)
       return sent;
-    //ssl error
+    _close();
     return 0;
   }
   size_t will_send = (room < size) ? room : size;
@@ -294,9 +291,6 @@ int8_t AsyncClient::_close(){
   int8_t err = ERR_OK;
   if(_pcb) {
     if(_pcb_secure){
-      if(tcp_ssl_is_server(_pcb) == 1 && AsyncServer::_ssl_hasClient){
-        AsyncServer::_ssl_hasClient = false;
-      }
       tcp_ssl_free(_pcb);
     }
     tcp_arg(_pcb, NULL);
@@ -318,9 +312,6 @@ int8_t AsyncClient::_close(){
 void AsyncClient::_error(int8_t err) {
   if(_pcb){
     if(_pcb_secure){
-      if(tcp_ssl_is_server(_pcb) == 1 && AsyncServer::_ssl_hasClient){
-        AsyncServer::_ssl_hasClient = false;
-      }
       tcp_ssl_free(_pcb);
     }
     tcp_arg(_pcb, NULL);
@@ -361,6 +352,7 @@ int8_t AsyncClient::_recv(tcp_pcb* pcb, pbuf* pb, int8_t err) {
     int read_bytes = tcp_ssl_read(pcb, pb);
     if(read_bytes < 0){
       if (read_bytes != SSL_CLOSE_NOTIFY) {
+        ets_printf("_recv err: %d\n", read_bytes);
         _close();
       }
       return read_bytes;
@@ -393,6 +385,7 @@ int8_t AsyncClient::_poll(tcp_pcb* pcb){
     return ERR_OK;
   }
   uint32_t now = millis();
+
   // ACK Timeout
   if(_pcb_busy && _ack_timeout && (now - _pcb_sent_at) >= _ack_timeout){
     _pcb_busy = false;
@@ -401,10 +394,16 @@ int8_t AsyncClient::_poll(tcp_pcb* pcb){
     return ERR_OK;
   }
   // RX Timeout
-  if(_rx_since_timeout && now - _rx_last_packet >= _rx_since_timeout * 1000){
+  if(_rx_since_timeout && (now - _rx_last_packet) >= (_rx_since_timeout * 1000)){
     _close();
     return ERR_OK;
   }
+  // SSL Handshake Timeout
+  if(_pcb_secure && !_handshake_done && (now - _rx_last_packet) >= 2000){
+    _close();
+    return ERR_OK;
+  }
+
   // Everything is fine
   if(_poll_cb)
     _poll_cb(_poll_cb_arg, this);
@@ -711,7 +710,6 @@ AsyncServer::AsyncServer(IPAddress addr, uint16_t port)
   , _pcb(0)
   , _pending(NULL)
   , _ssl_ctx(NULL)
-  , _clients_waiting(0)
   , _connect_cb(0)
   , _connect_cb_arg(0)
   , _file_cb(0)
@@ -725,7 +723,6 @@ AsyncServer::AsyncServer(uint16_t port)
   , _pcb(0)
   , _pending(NULL)
   , _ssl_ctx(NULL)
-  , _clients_waiting(0)
   , _connect_cb(0)
   , _connect_cb_arg(0)
   , _file_cb(0)
@@ -833,7 +830,7 @@ int8_t AsyncServer::_accept(tcp_pcb* pcb, int8_t err){
       tcp_nagle_enable(pcb);
 
     if(_ssl_ctx){
-      if(_ssl_hasClient || _pending){
+      if(tcp_ssl_has_client() || _pending){
         struct pending_pcb * new_item = (struct pending_pcb*)malloc(sizeof(struct pending_pcb));
         if(!new_item){
           //ets_printf("### malloc new pending failed!\n");
@@ -842,7 +839,6 @@ int8_t AsyncServer::_accept(tcp_pcb* pcb, int8_t err){
           }
           return ERR_OK;
         }
-        _clients_waiting++;
         //ets_printf("### put to wait: %d\n", _clients_waiting);
         new_item->pcb = pcb;
         new_item->pb = NULL;
@@ -863,7 +859,6 @@ int8_t AsyncServer::_accept(tcp_pcb* pcb, int8_t err){
       } else {
         AsyncClient *c = new AsyncClient(pcb, _ssl_ctx);
         if(c){
-            _ssl_hasClient = true;
             c->onConnect([this](void * arg, AsyncClient *c){
               _connect_cb(_connect_cb_arg, c);
             }, this);
@@ -885,7 +880,7 @@ int8_t AsyncServer::_accept(tcp_pcb* pcb, int8_t err){
 }
 
 int8_t AsyncServer::_poll(tcp_pcb* pcb){
-  if(!_ssl_hasClient && _pending){
+  if(!tcp_ssl_has_client() && _pending){
     struct pending_pcb * p = _pending;
     if(p->pcb == pcb){
       _pending = _pending->next;
@@ -896,8 +891,6 @@ int8_t AsyncServer::_poll(tcp_pcb* pcb){
       p->next = b->next;
       p = b;
     }
-    _ssl_hasClient = true;
-    _clients_waiting--;
     //ets_printf("### remove from wait: %d\n", _clients_waiting);
     AsyncClient *c = new AsyncClient(pcb, _ssl_ctx);
     if(c){
@@ -919,7 +912,6 @@ int8_t AsyncServer::_recv(struct tcp_pcb *pcb, struct pbuf *pb, int8_t err){
   struct pending_pcb * p;
 
   if(!pb){
-    _clients_waiting--;
     //ets_printf("### close from wait: %d\n", _clients_waiting);
     p = _pending;
     if(p->pcb == pcb){
diff --git a/src/ESPAsyncTCP.h b/src/ESPAsyncTCP.h
@@ -180,14 +180,12 @@ class AsyncServer {
     tcp_pcb* _pcb;
     struct pending_pcb * _pending;
     SSL_CTX * _ssl_ctx;
-    size_t _clients_waiting;
     AcConnectHandler _connect_cb;
     void* _connect_cb_arg;
     AcSSlFileHandler _file_cb;
     void* _file_cb_arg;
 
   public:
-    static bool _ssl_hasClient;
 
     AsyncServer(IPAddress addr, uint16_t port);
     AsyncServer(uint16_t port);
diff --git a/src/tcp_axtls.c b/src/tcp_axtls.c
@@ -37,6 +37,8 @@ uint16_t default_private_key_len = 0;
 uint8_t * default_certificate = NULL;
 uint16_t default_certificate_len = 0;
 
+static uint8_t _tcp_ssl_has_client = 0;
+
 SSL_CTX * tcp_ssl_new_server_ctx(const char *cert, const char *private_key_file, const char *password){
   uint32_t options = SSL_CONNECT_IN_PARTS;
   SSL_CTX *ssl_ctx;
@@ -94,6 +96,10 @@ typedef struct tcp_ssl_pcb tcp_ssl_t;
 static tcp_ssl_t * tcp_ssl_array = NULL;
 static int tcp_ssl_next_fd = 0;
 
+uint8_t tcp_ssl_has_client(){
+  return _tcp_ssl_has_client;
+}
+
 tcp_ssl_t * tcp_ssl_new(struct tcp_pcb *tcp) {
 
   if(tcp_ssl_next_fd < 0){
@@ -129,7 +135,7 @@ tcp_ssl_t * tcp_ssl_new(struct tcp_pcb *tcp) {
     item->next = new_item;
   }
 
-  //TCP_SSL_DEBUG("tcp_ssl_new: %d\n", new_item->fd);
+  TCP_SSL_DEBUG("tcp_ssl_new: %d\n", new_item->fd);
   return new_item;
 }
 
@@ -205,6 +211,7 @@ int tcp_ssl_new_server(struct tcp_pcb *tcp, SSL_CTX* ssl_ctx){
   tcp_ssl->type = TCP_SSL_TYPE_SERVER;
   tcp_ssl->ssl_ctx = ssl_ctx;
 
+  _tcp_ssl_has_client = 1;
   tcp_ssl->ssl = ssl_server_new(ssl_ctx, tcp_ssl->fd);
   if(tcp_ssl->ssl == NULL){
     TCP_SSL_DEBUG("tcp_ssl_new_server: failed to allocate ssl\n");
@@ -228,11 +235,13 @@ int tcp_ssl_free(struct tcp_pcb *tcp) {
     if(item->tcp_pbuf != NULL){
       pbuf_free(item->tcp_pbuf);
     }
-    //TCP_SSL_DEBUG("tcp_ssl_free: %d\n", item->fd);
+    TCP_SSL_DEBUG("tcp_ssl_free: %d\n", item->fd);
     if(item->ssl)
       ssl_free(item->ssl);
     if(item->type == TCP_SSL_TYPE_CLIENT && item->ssl_ctx)
       ssl_ctx_free(item->ssl_ctx);
+    if(item->type == TCP_SSL_TYPE_SERVER)
+      _tcp_ssl_has_client = 0;
     free(item);
     return 0;
   }
@@ -249,13 +258,14 @@ int tcp_ssl_free(struct tcp_pcb *tcp) {
   if(i->tcp_pbuf != NULL){
     pbuf_free(i->tcp_pbuf);
   }
-  //TCP_SSL_DEBUG("tcp_ssl_free: %d\n", i->fd);
+  TCP_SSL_DEBUG("tcp_ssl_free: %d\n", i->fd);
   if(i->ssl)
     ssl_free(i->ssl);
   if(i->type == TCP_SSL_TYPE_CLIENT && i->ssl_ctx)
     ssl_ctx_free(i->ssl_ctx);
+  if(i->type == TCP_SSL_TYPE_SERVER)
+    _tcp_ssl_has_client = 0;
   free(i);
-
   return 0;
 }
 
diff --git a/src/tcp_axtls.h b/src/tcp_axtls.h
@@ -63,6 +63,8 @@ typedef void (* tcp_ssl_handshake_cb_t)(void *arg, struct tcp_pcb *tcp, SSL *ssl
 typedef void (* tcp_ssl_error_cb_t)(void *arg, struct tcp_pcb *tcp, int8_t error);
 typedef int (* tcp_ssl_file_cb_t)(void *arg, const char *filename, uint8_t **buf);
 
+uint8_t tcp_ssl_has_client();
+
 int tcp_ssl_new_client(struct tcp_pcb *tcp);
 
 SSL_CTX * tcp_ssl_new_server_ctx(const char *cert, const char *private_key_file, const char *password);
