patrick/zephyr
1
0
Fork 0
Code Issues Pull requests Actions 8 Packages Projects Releases Wiki Activity

net: sockets_tls: Reset mbedtls session on handshake errors

Browse source 
According to MbedTLS API documentation, its session must be reset if
mbedtls_ssl_handshake returns something other than:
 - 0
 - MBEDTLS_ERR_SSL_WANT_READ
 - MBEDTLS_ERR_SSL_WANT_WRITE
 - MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS
 - MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS

In MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS and
MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS cases the function must be called
again when operation is ready. These cases now return -EAGIN or
continue to retry if it's a blocking call.

Signed-off-by: Ramiro Merello <rmerello@itba.edu.ar>
This commit is contained in:
Ramiro Merello 2022-01-01 18:05:50 -05:00 committed by Christopher Friedt
parent f554fcbe4c
commit 4d5eee05f1
1 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
subsys/net/lib/sockets/sockets_tls.c
View file

@ -918,7 +918,9 @@ static int tls_mbedtls_handshake(struct tls_context *context, bool block)
while ((ret = mbedtls_ssl_handshake(&context->ssl)) != 0) {
if (ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
ret == MBEDTLS_ERR_SSL_WANT_WRITE ||
ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ||
ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
if (block) {
continue;
}
@ -945,9 +947,20 @@ static int tls_mbedtls_handshake(struct tls_context *context, bool block)
ret = -ETIMEDOUT;
break;
}
} else {
/* MbedTLS API documentation requires session to
* be reset in other error cases
*/
NET_ERR("TLS handshake error: -%x", -ret);
ret = tls_mbedtls_reset(context);
if (ret == 0) {
ret = -ECONNABORTED;
break;
}
}
NET_ERR("TLS handshake error: -%x", -ret);
/* Avoid constant loop if tls_mbedtls_reset fails */
NET_ERR("TLS reset error: -%x", -ret);
ret = -ECONNABORTED;
break;
}