From 0b7058d8ef923b44dfc06ffb86a78e14593f0142 Mon Sep 17 00:00:00 2001
From: Angus Gratton <angus@espressif.com>
Date: Sat, 26 Nov 2016 11:58:50 +1100
Subject: [PATCH] mbedTLS: Add generic support for mbedTLS debug output via the
 esp_log functionality

---
 components/mbedtls/Kconfig                    | 15 ++--
 .../mbedtls/port/include/mbedtls/esp_debug.h  | 45 ++++++++++
 components/mbedtls/port/mbedtls_debug.c       | 86 +++++++++++++++++++
 .../https_request/main/https_request_main.c   | 51 +----------
 4 files changed, 140 insertions(+), 57 deletions(-)
 create mode 100644 components/mbedtls/port/include/mbedtls/esp_debug.h
 create mode 100644 components/mbedtls/port/mbedtls_debug.c

diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index e6619e36c4..015635a786 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -24,15 +24,12 @@ config MBEDTLS_DEBUG
    bool "Enable mbedTLS debugging"
    default n
    help
-       Enable mbedTLS debugging functions.
-       
-       If this option is enabled, use the mbedtls_debug_set_threshold()
-       and mbedtls_ssl_conf_dbg() functions to obtain debugging output
-       from mbedTLS.
-       
-       Note thatm mbedTLS debugging is not related to the ESP logging
-       functionality. See the "https_request_main" example for a
-       sample function which connects the two together.
+       Enable mbedTLS debugging functions at compile time.
+
+       If this option is enabled, you can include
+	   "mbedtls/esp_debug.h" and call mbedtls_esp_enable_debug_log()
+	   at runtime in order to enable mbedTLS debug output via the ESP
+	   log mechanism.
 
 config MBEDTLS_HARDWARE_AES
    bool "Enable hardware AES acceleration"
diff --git a/components/mbedtls/port/include/mbedtls/esp_debug.h b/components/mbedtls/port/include/mbedtls/esp_debug.h
new file mode 100644
index 0000000000..bf39cc73ba
--- /dev/null
+++ b/components/mbedtls/port/include/mbedtls/esp_debug.h
@@ -0,0 +1,45 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "sdkconfig.h"
+#ifdef CONFIG_MBEDTLS_DEBUG
+
+/** @brief Enable mbedTLS debug logging via the esp_log mechanism.
+ *
+ * mbedTLS internal debugging is filtered from a specified mbedTLS
+ * threshold level to esp_log level at runtime:
+ *
+ * - 1 - Warning
+ * - 2 - Info
+ * - 3 - Debug
+ * - 4 - Verbose
+ *
+ * (Note that mbedTLS debug thresholds are not always consistently used.)
+ *
+ * This function will set the esp log level for "mbedtls" to the specified mbedTLS
+ * threshold level that matches. However, the overall max ESP log level must be set high
+ * enough in menuconfig, or some messages may be filtered at compile time.
+ *
+ * @param conf mbedtls_ssl_config structure
+ * @param mbedTLS debug threshold, 0-4. Messages are filtered at runtime.
+ */
+void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold);
+
+/** @brief Disable mbedTLS debug logging via the esp_log mechanism.
+ *
+ */
+void mbedtls_esp_disable_debug_log(mbedtls_ssl_config *conf);
+
+
+#endif
diff --git a/components/mbedtls/port/mbedtls_debug.c b/components/mbedtls/port/mbedtls_debug.c
new file mode 100644
index 0000000000..e9f038b6ab
--- /dev/null
+++ b/components/mbedtls/port/mbedtls_debug.c
@@ -0,0 +1,86 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <strings.h>
+
+#include "esp_log.h"
+#include "mbedtls/platform.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/esp_debug.h"
+
+static const char *TAG = "mbedtls";
+
+static void mbedtls_esp_debug(void *ctx, int level,
+                              const char *file, int line,
+                              const char *str);
+
+void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold)
+{
+    mbedtls_debug_set_threshold(threshold);
+    mbedtls_ssl_conf_dbg(conf, mbedtls_esp_debug, NULL);
+    esp_log_level_t level = ESP_LOG_NONE;
+    switch(threshold) {
+    case 1:
+        level = ESP_LOG_WARN;
+    case 2:
+        level = ESP_LOG_INFO;
+    case 3:
+        level = ESP_LOG_DEBUG;
+    case 4:
+        level = ESP_LOG_VERBOSE;
+    }
+    esp_log_level_set(TAG, level);
+}
+
+void mbedtls_esp_disable_debug_log(mbedtls_ssl_config *conf)
+{
+    mbedtls_ssl_conf_dbg(conf, NULL, NULL);
+}
+
+/* Default mbedtls debug function that translates mbedTLS debug output
+   to ESP_LOGx debug output.
+*/
+static void mbedtls_esp_debug(void *ctx, int level,
+                     const char *file, int line,
+                     const char *str)
+{
+    char *file_sep;
+
+    /* Shorten 'file' from the whole file path to just the filename
+
+       This is a bit wasteful because the macros are compiled in with
+       the full _FILE_ path in each case.
+    */
+    file_sep = rindex(file, '/');
+    if(file_sep)
+        file = file_sep+1;
+
+    switch(level) {
+    case 1:
+        ESP_LOGW(TAG, "%s:%d %s", file, line, str);
+        break;
+    case 2:
+        ESP_LOGI(TAG, "%s:%d %s", file, line, str);
+        break;
+    case 3:
+        ESP_LOGD(TAG, "%s:%d %s", file, line, str);
+    case 4:
+        ESP_LOGV(TAG, "%s:%d %s", file, line, str);
+        break;
+    default:
+        ESP_LOGE(TAG, "Unexpected log level %d: %s", level, str);
+        break;
+    }
+}
diff --git a/examples/protocols/https_request/main/https_request_main.c b/examples/protocols/https_request/main/https_request_main.c
index 933d97ac83..b953252aac 100644
--- a/examples/protocols/https_request/main/https_request_main.c
+++ b/examples/protocols/https_request/main/https_request_main.c
@@ -40,7 +40,7 @@
 
 #include "mbedtls/platform.h"
 #include "mbedtls/net.h"
-#include "mbedtls/debug.h"
+#include "mbedtls/esp_debug.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
@@ -89,50 +89,6 @@ static const char *REQUEST = "GET " WEB_URL " HTTP/1.1\n"
 extern const uint8_t server_root_cert_pem_start[] asm("_binary_server_root_cert_pem_start");
 extern const uint8_t server_root_cert_pem_end[]   asm("_binary_server_root_cert_pem_end");
 
-#ifdef MBEDTLS_DEBUG_C
-
-#define MBEDTLS_DEBUG_LEVEL 4
-
-/* mbedtls debug function that translates mbedTLS debug output
-   to ESP_LOGx debug output.
-
-   MBEDTLS_DEBUG_LEVEL 4 means all mbedTLS debug output gets sent here,
-   and then filtered to the ESP logging mechanism.
-*/
-static void mbedtls_debug(void *ctx, int level,
-                     const char *file, int line,
-                     const char *str)
-{
-    const char *MBTAG = "mbedtls";
-    char *file_sep;
-
-    /* Shorten 'file' from the whole file path to just the filename
-
-       This is a bit wasteful because the macros are compiled in with
-       the full _FILE_ path in each case.
-    */
-    file_sep = rindex(file, '/');
-    if(file_sep)
-        file = file_sep+1;
-
-    switch(level) {
-    case 1:
-        ESP_LOGI(MBTAG, "%s:%d %s", file, line, str);
-        break;
-    case 2:
-    case 3:
-        ESP_LOGD(MBTAG, "%s:%d %s", file, line, str);
-    case 4:
-        ESP_LOGV(MBTAG, "%s:%d %s", file, line, str);
-        break;
-    default:
-        ESP_LOGE(MBTAG, "Unexpected log level %d: %s", level, str);
-        break;
-    }
-}
-
-#endif
-
 static esp_err_t event_handler(void *ctx, system_event_t *event)
 {
     switch(event->event_id) {
@@ -240,9 +196,8 @@ static void https_get_task(void *pvParameters)
     mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
     mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
     mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
-#ifdef MBEDTLS_DEBUG_C
-    mbedtls_debug_set_threshold(MBEDTLS_DEBUG_LEVEL);
-    mbedtls_ssl_conf_dbg(&conf, mbedtls_debug, NULL);
+#ifdef CONFIG_MBEDTLS_DEBUG
+    mbedtls_esp_enable_debug_log(&conf, 4);
 #endif
 
     if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0)