From 9b27a5de4ef0f29fdcb9e9210ed6200fe71768a4 Mon Sep 17 00:00:00 2001 From: ActoryOu Date: Tue, 11 Jan 2022 11:08:43 +0800 Subject: [PATCH] Return error if invalid input detected in transport layer (Send/Recv) (#773) * return error if invalid input detected in transport layer --- .../using_mbedtls/using_mbedtls.c | 126 +++++++++----- .../using_mbedtls_pkcs11.c | 159 +++++++++++------- .../using_plaintext/using_plaintext.c | 114 ++++++++----- .../using_wolfSSL/using_wolfSSL.c | 82 ++++++--- 4 files changed, 310 insertions(+), 171 deletions(-) diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.c index 8686ac255..cf93cebbe 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.c +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.c @@ -773,35 +773,52 @@ int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext, TlsTransportParams_t * pTlsTransportParams = NULL; int32_t tlsStatus = 0; - configASSERT( ( pNetworkContext != NULL ) && ( pNetworkContext->pParams != NULL ) ); - - pTlsTransportParams = pNetworkContext->pParams; - tlsStatus = ( int32_t ) mbedtls_ssl_read( &( pTlsTransportParams->sslContext.context ), - pBuffer, - bytesToRecv ); - - if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) + if( ( pNetworkContext == NULL ) || ( pNetworkContext->pParams == NULL ) ) { - LogDebug( ( "Failed to read data. However, a read can be retried on this error. " - "mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( tlsStatus ), - mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); - - /* Mark these set of errors as a timeout. The libraries may retry read - * on these errors. */ - tlsStatus = 0; + LogError( ( "invalid input, pNetworkContext=%p", pNetworkContext ) ); + tlsStatus = -1; } - else if( tlsStatus < 0 ) + else if( pBuffer == NULL ) { - LogError( ( "Failed to read data: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( tlsStatus ), - mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); + LogError( ( "invalid input, pBuffer == NULL" ) ); + tlsStatus = -1; + } + else if( bytesToRecv == 0 ) + { + LogError( ( "invalid input, bytesToRecv == 0" ) ); + tlsStatus = -1; } else { - /* Empty else marker. */ + pTlsTransportParams = pNetworkContext->pParams; + + tlsStatus = ( int32_t ) mbedtls_ssl_read( &( pTlsTransportParams->sslContext.context ), + pBuffer, + bytesToRecv ); + + if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || + ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || + ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) + { + LogDebug( ( "Failed to read data. However, a read can be retried on this error. " + "mbedTLSError= %s : %s.", + mbedtlsHighLevelCodeOrDefault( tlsStatus ), + mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); + + /* Mark these set of errors as a timeout. The libraries may retry read + * on these errors. */ + tlsStatus = 0; + } + else if( tlsStatus < 0 ) + { + LogError( ( "Failed to read data: mbedTLSError= %s : %s.", + mbedtlsHighLevelCodeOrDefault( tlsStatus ), + mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); + } + else + { + /* Empty else marker. */ + } } return tlsStatus; @@ -815,35 +832,52 @@ int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext, TlsTransportParams_t * pTlsTransportParams = NULL; int32_t tlsStatus = 0; - configASSERT( ( pNetworkContext != NULL ) && ( pNetworkContext->pParams != NULL ) ); - - pTlsTransportParams = pNetworkContext->pParams; - tlsStatus = ( int32_t ) mbedtls_ssl_write( &( pTlsTransportParams->sslContext.context ), - pBuffer, - bytesToSend ); - - if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) + if( ( pNetworkContext == NULL ) || ( pNetworkContext->pParams == NULL ) ) { - LogDebug( ( "Failed to send data. However, send can be retried on this error. " - "mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( tlsStatus ), - mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); - - /* Mark these set of errors as a timeout. The libraries may retry send - * on these errors. */ - tlsStatus = 0; + LogError( ( "invalid input, pNetworkContext=%p", pNetworkContext ) ); + tlsStatus = -1; } - else if( tlsStatus < 0 ) + else if( pBuffer == NULL ) { - LogError( ( "Failed to send data: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( tlsStatus ), - mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); + LogError( ( "invalid input, pBuffer == NULL" ) ); + tlsStatus = -1; + } + else if( bytesToSend == 0 ) + { + LogError( ( "invalid input, bytesToSend == 0" ) ); + tlsStatus = -1; } else { - /* Empty else marker. */ + pTlsTransportParams = pNetworkContext->pParams; + + tlsStatus = ( int32_t ) mbedtls_ssl_write( &( pTlsTransportParams->sslContext.context ), + pBuffer, + bytesToSend ); + + if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || + ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || + ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) + { + LogDebug( ( "Failed to send data. However, send can be retried on this error. " + "mbedTLSError= %s : %s.", + mbedtlsHighLevelCodeOrDefault( tlsStatus ), + mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); + + /* Mark these set of errors as a timeout. The libraries may retry send + * on these errors. */ + tlsStatus = 0; + } + else if( tlsStatus < 0 ) + { + LogError( ( "Failed to send data: mbedTLSError= %s : %s.", + mbedtlsHighLevelCodeOrDefault( tlsStatus ), + mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); + } + else + { + /* Empty else marker. */ + } } return tlsStatus; diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls_pkcs11/using_mbedtls_pkcs11.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls_pkcs11/using_mbedtls_pkcs11.c index 8f0ce2ad0..6bd709d68 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls_pkcs11/using_mbedtls_pkcs11.c +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls_pkcs11/using_mbedtls_pkcs11.c @@ -88,7 +88,7 @@ static const char * pNoLowLevelMbedTlsCodeStr = ""; * @brief Utility for converting the high-level code in an mbedTLS error to string, * if the code-contains a high-level code; otherwise, using a default string. */ -#define mbedtlsHighLevelCodeOrDefault( mbedTlsCode ) \ +#define mbedtlsHighLevelCodeOrDefault( mbedTlsCode ) \ ( mbedtls_high_level_strerr( mbedTlsCode ) != NULL ) ? \ mbedtls_high_level_strerr( mbedTlsCode ) : pNoHighLevelMbedTlsCodeStr @@ -96,7 +96,7 @@ static const char * pNoLowLevelMbedTlsCodeStr = ""; * @brief Utility for converting the level-level code in an mbedTLS error to string, * if the code-contains a level-level code; otherwise, using a default string. */ -#define mbedtlsLowLevelCodeOrDefault( mbedTlsCode ) \ +#define mbedtlsLowLevelCodeOrDefault( mbedTlsCode ) \ ( mbedtls_low_level_strerr( mbedTlsCode ) != NULL ) ? \ mbedtls_low_level_strerr( mbedTlsCode ) : pNoLowLevelMbedTlsCodeStr @@ -208,9 +208,9 @@ static int32_t privateKeySigningCallback( void * pvContext, size_t xHashLen, unsigned char * pucSig, size_t * pxSigLen, - int32_t ( * piRng )( void *, - unsigned char *, - size_t ), + int32_t ( *piRng )( void *, + unsigned char *, + size_t ), void * pvRng ); @@ -703,19 +703,19 @@ static CK_RV initializeClientKeys( SSLContext_t * pxCtx, pxCtx->privKeyInfo.get_bitlen = NULL; pxCtx->privKeyInfo.can_do = canDoStub; pxCtx->privKeyInfo.verify_func = NULL; -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - pxCtx->privKeyInfo.verify_rs_func = NULL; - pxCtx->privKeyInfo.sign_rs_func = NULL; -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ + #if defined( MBEDTLS_ECDSA_C ) && defined( MBEDTLS_ECP_RESTARTABLE ) + pxCtx->privKeyInfo.verify_rs_func = NULL; + pxCtx->privKeyInfo.sign_rs_func = NULL; + #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ pxCtx->privKeyInfo.decrypt_func = NULL; pxCtx->privKeyInfo.encrypt_func = NULL; pxCtx->privKeyInfo.check_pair_func = NULL; pxCtx->privKeyInfo.ctx_alloc_func = NULL; pxCtx->privKeyInfo.ctx_free_func = NULL; -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - pxCtx->privKeyInfo.rs_alloc_func = NULL; - pxCtx->privKeyInfo.rs_free_func = NULL; -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ + #if defined( MBEDTLS_ECDSA_C ) && defined( MBEDTLS_ECP_RESTARTABLE ) + pxCtx->privKeyInfo.rs_alloc_func = NULL; + pxCtx->privKeyInfo.rs_free_func = NULL; + #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ pxCtx->privKeyInfo.debug_func = NULL; pxCtx->privKeyInfo.sign_func = privateKeySigningCallback; @@ -737,9 +737,9 @@ static int32_t privateKeySigningCallback( void * pvContext, size_t xHashLen, unsigned char * pucSig, size_t * pxSigLen, - int32_t ( * piRng )( void *, - unsigned char *, - size_t ), + int32_t ( *piRng )( void *, + unsigned char *, + size_t ), void * pvRng ) { CK_RV xResult = CKR_OK; @@ -923,7 +923,7 @@ void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext ) TlsTransportParams_t * pTlsTransportParams = NULL; BaseType_t tlsStatus = 0; - if( pNetworkContext != NULL && pNetworkContext->pParams != NULL ) + if( ( pNetworkContext != NULL ) && ( pNetworkContext->pParams != NULL ) ) { pTlsTransportParams = pNetworkContext->pParams; /* Attempting to terminate TLS connection. */ @@ -975,35 +975,52 @@ int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext, TlsTransportParams_t * pTlsTransportParams = NULL; int32_t tlsStatus = 0; - configASSERT( ( pNetworkContext != NULL ) && ( pNetworkContext->pParams != NULL ) ); - - pTlsTransportParams = pNetworkContext->pParams; - tlsStatus = ( int32_t ) mbedtls_ssl_read( &( pTlsTransportParams->sslContext.context ), - pBuffer, - bytesToRecv ); - - if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) + if( ( pNetworkContext == NULL ) || ( pNetworkContext->pParams == NULL ) ) { - LogDebug( ( "Failed to read data. However, a read can be retried on this error. " - "mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( tlsStatus ), - mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); - - /* Mark these set of errors as a timeout. The libraries may retry read - * on these errors. */ - tlsStatus = 0; + LogError( ( "invalid input, pNetworkContext=%p", pNetworkContext ) ); + tlsStatus = -1; } - else if( tlsStatus < 0 ) + else if( pBuffer == NULL ) { - LogError( ( "Failed to read data: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( tlsStatus ), - mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); + LogError( ( "invalid input, pBuffer == NULL" ) ); + tlsStatus = -1; + } + else if( bytesToRecv == 0 ) + { + LogError( ( "invalid input, bytesToRecv == 0" ) ); + tlsStatus = -1; } else { - /* Empty else marker. */ + pTlsTransportParams = pNetworkContext->pParams; + + tlsStatus = ( int32_t ) mbedtls_ssl_read( &( pTlsTransportParams->sslContext.context ), + pBuffer, + bytesToRecv ); + + if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || + ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || + ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) + { + LogDebug( ( "Failed to read data. However, a read can be retried on this error. " + "mbedTLSError= %s : %s.", + mbedtlsHighLevelCodeOrDefault( tlsStatus ), + mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); + + /* Mark these set of errors as a timeout. The libraries may retry read + * on these errors. */ + tlsStatus = 0; + } + else if( tlsStatus < 0 ) + { + LogError( ( "Failed to read data: mbedTLSError= %s : %s.", + mbedtlsHighLevelCodeOrDefault( tlsStatus ), + mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); + } + else + { + /* Empty else marker. */ + } } return tlsStatus; @@ -1018,35 +1035,51 @@ int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext, TlsTransportParams_t * pTlsTransportParams = NULL; int32_t tlsStatus = 0; - configASSERT( ( pNetworkContext != NULL ) && ( pNetworkContext->pParams != NULL ) ); - - pTlsTransportParams = pNetworkContext->pParams; - tlsStatus = ( int32_t ) mbedtls_ssl_write( &( pTlsTransportParams->sslContext.context ), - pBuffer, - bytesToSend ); - - if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) + if( ( pNetworkContext == NULL ) || ( pNetworkContext->pParams == NULL ) ) { - LogDebug( ( "Failed to send data. However, send can be retried on this error. " - "mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( tlsStatus ), - mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); - - /* Mark these set of errors as a timeout. The libraries may retry send - * on these errors. */ - tlsStatus = 0; + LogError( ( "invalid input, pNetworkContext=%p", pNetworkContext ) ); + tlsStatus = -1; } - else if( tlsStatus < 0 ) + else if( pBuffer == NULL ) { - LogError( ( "Failed to send data: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( tlsStatus ), - mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); + LogError( ( "invalid input, pBuffer == NULL" ) ); + tlsStatus = -1; + } + else if( bytesToSend == 0 ) + { + LogError( ( "invalid input, bytesToSend == 0" ) ); + tlsStatus = -1; } else { - /* Empty else marker. */ + pTlsTransportParams = pNetworkContext->pParams; + tlsStatus = ( int32_t ) mbedtls_ssl_write( &( pTlsTransportParams->sslContext.context ), + pBuffer, + bytesToSend ); + + if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || + ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || + ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) + { + LogDebug( ( "Failed to send data. However, send can be retried on this error. " + "mbedTLSError= %s : %s.", + mbedtlsHighLevelCodeOrDefault( tlsStatus ), + mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); + + /* Mark these set of errors as a timeout. The libraries may retry send + * on these errors. */ + tlsStatus = 0; + } + else if( tlsStatus < 0 ) + { + LogError( ( "Failed to send data: mbedTLSError= %s : %s.", + mbedtlsHighLevelCodeOrDefault( tlsStatus ), + mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); + } + else + { + /* Empty else marker. */ + } } return tlsStatus; diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_plaintext/using_plaintext.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_plaintext/using_plaintext.c index fb6225d70..1c6f180af 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_plaintext/using_plaintext.c +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_plaintext/using_plaintext.c @@ -133,30 +133,46 @@ int32_t Plaintext_FreeRTOS_recv( NetworkContext_t * pNetworkContext, PlaintextTransportParams_t * pPlaintextTransportParams = NULL; int32_t socketStatus = 1; - configASSERT( ( pNetworkContext != NULL ) && ( pNetworkContext->pParams != NULL ) ); - - pPlaintextTransportParams = pNetworkContext->pParams; - - /* The TCP socket may have a receive block time. If bytesToRecv is greater - * than 1 then a frame is likely already part way through reception and - * blocking to wait for the desired number of bytes to be available is the - * most efficient thing to do. If bytesToRecv is 1 then this may be a - * speculative call to read to find the start of a new frame, in which case - * blocking is not desirable as it could block an entire protocol agent - * task for the duration of the read block time and therefore negatively - * impact performance. So if bytesToRecv is 1 then don't call recv unless - * it is known that bytes are already available. */ - if( bytesToRecv == 1 ) + if( ( pNetworkContext == NULL ) || ( pNetworkContext->pParams == NULL ) ) { - socketStatus = ( int32_t ) FreeRTOS_recvcount( pPlaintextTransportParams->tcpSocket ); + LogError( ( "invalid input, pNetworkContext=%p", pNetworkContext ) ); + socketStatus = -1; } - - if( socketStatus > 0 ) + else if( pBuffer == NULL ) { - socketStatus = FreeRTOS_recv( pPlaintextTransportParams->tcpSocket, - pBuffer, - bytesToRecv, - 0 ); + LogError( ( "invalid input, pBuffer == NULL" ) ); + socketStatus = -1; + } + else if( bytesToRecv == 0 ) + { + LogError( ( "invalid input, bytesToRecv == 0" ) ); + socketStatus = -1; + } + else + { + pPlaintextTransportParams = pNetworkContext->pParams; + + /* The TCP socket may have a receive block time. If bytesToRecv is greater + * than 1 then a frame is likely already part way through reception and + * blocking to wait for the desired number of bytes to be available is the + * most efficient thing to do. If bytesToRecv is 1 then this may be a + * speculative call to read to find the start of a new frame, in which case + * blocking is not desirable as it could block an entire protocol agent + * task for the duration of the read block time and therefore negatively + * impact performance. So if bytesToRecv is 1 then don't call recv unless + * it is known that bytes are already available. */ + if( bytesToRecv == 1 ) + { + socketStatus = ( int32_t ) FreeRTOS_recvcount( pPlaintextTransportParams->tcpSocket ); + } + + if( socketStatus > 0 ) + { + socketStatus = FreeRTOS_recv( pPlaintextTransportParams->tcpSocket, + pBuffer, + bytesToRecv, + 0 ); + } } return socketStatus; @@ -169,31 +185,47 @@ int32_t Plaintext_FreeRTOS_send( NetworkContext_t * pNetworkContext, PlaintextTransportParams_t * pPlaintextTransportParams = NULL; int32_t socketStatus = 0; - configASSERT( ( pNetworkContext != NULL ) && ( pNetworkContext->pParams != NULL ) ); - - pPlaintextTransportParams = pNetworkContext->pParams; - socketStatus = FreeRTOS_send( pPlaintextTransportParams->tcpSocket, - pBuffer, - bytesToSend, - 0 ); - - if( socketStatus == -pdFREERTOS_ERRNO_ENOSPC ) + if( ( pNetworkContext == NULL ) || ( pNetworkContext->pParams == NULL ) ) { - /* The TCP buffers could not accept any more bytes so zero bytes were sent. - * This is not necessarily an error that should cause a disconnect - * unless it persists. */ - socketStatus = 0; + LogError( ( "invalid input, pNetworkContext=%p", pNetworkContext ) ); + socketStatus = -1; } + else if( pBuffer == NULL ) + { + LogError( ( "invalid input, pBuffer == NULL" ) ); + socketStatus = -1; + } + else if( bytesToSend == 0 ) + { + LogError( ( "invalid input, bytesToSend == 0" ) ); + socketStatus = -1; + } + else + { + pPlaintextTransportParams = pNetworkContext->pParams; + socketStatus = FreeRTOS_send( pPlaintextTransportParams->tcpSocket, + pBuffer, + bytesToSend, + 0 ); - #if ( configUSE_PREEMPTION == 0 ) + if( socketStatus == -pdFREERTOS_ERRNO_ENOSPC ) { - /* FreeRTOS_send adds the packet to be sent to the IP task's queue for later processing. - * The packet is sent later by the IP task. When FreeRTOS is used in collaborative - * mode (i.e. configUSE_PREEMPTION is 0), call taskYIELD to give IP task a chance to run - * so that the packet is actually sent before this function returns. */ - taskYIELD(); + /* The TCP buffers could not accept any more bytes so zero bytes were sent. + * This is not necessarily an error that should cause a disconnect + * unless it persists. */ + socketStatus = 0; } - #endif + + #if ( configUSE_PREEMPTION == 0 ) + { + /* FreeRTOS_send adds the packet to be sent to the IP task's queue for later processing. + * The packet is sent later by the IP task. When FreeRTOS is used in collaborative + * mode (i.e. configUSE_PREEMPTION is 0), call taskYIELD to give IP task a chance to run + * so that the packet is actually sent before this function returns. */ + taskYIELD(); + } + #endif + } return socketStatus; } diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_wolfSSL/using_wolfSSL.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_wolfSSL/using_wolfSSL.c index fdeb626d6..60d2cb8e0 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_wolfSSL/using_wolfSSL.c +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_wolfSSL/using_wolfSSL.c @@ -242,7 +242,7 @@ static TlsTransportStatus_t loadCredentials( NetworkContext_t * pNetCtx, } return returnStatus; - #else /* if defined( democonfigCREDENTIALS_IN_BUFFER ) */ + #else /* if defined( democonfigCREDENTIALS_IN_BUFFER ) */ if( wolfSSL_CTX_load_verify_locations( pNetCtx->sslContext.ctx, ( const char * ) ( pNetCred->pRootCa ), NULL ) == SSL_SUCCESS ) { @@ -482,23 +482,43 @@ int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext, { int32_t tlsStatus = 0; int iResult = 0; - WOLFSSL * pSsl = pNetworkContext->sslContext.ssl; + WOLFSSL * pSsl = NULL; - iResult = wolfSSL_read( pSsl, pBuffer, bytesToRecv ); - - if( iResult > 0 ) + if( ( pNetworkContext == NULL ) || ( pNetworkContext->sslContext.ssl == NULL ) ) { - tlsStatus = iResult; + LogError( ( "invalid input, pNetworkContext=%p", pNetworkContext ) ); + tlsStatus = -1; } - else if( wolfSSL_want_read( pSsl ) == 1 ) + else if( pBuffer == NULL ) { - tlsStatus = 0; + LogError( ( "invalid input, pBuffer == NULL" ) ); + tlsStatus = -1; + } + else if( bytesToRecv == 0 ) + { + LogError( ( "invalid input, bytesToRecv == 0" ) ); + tlsStatus = -1; } else { - tlsStatus = wolfSSL_state( pSsl ); - LogError( ( "Error from wolfSSL_read %d : %s ", - iResult, wolfSSL_ERR_reason_error_string( tlsStatus ) ) ); + pSsl = pNetworkContext->sslContext.ssl; + + iResult = wolfSSL_read( pSsl, pBuffer, bytesToRecv ); + + if( iResult > 0 ) + { + tlsStatus = iResult; + } + else if( wolfSSL_want_read( pSsl ) == 1 ) + { + tlsStatus = 0; + } + else + { + tlsStatus = wolfSSL_state( pSsl ); + LogError( ( "Error from wolfSSL_read %d : %s ", + iResult, wolfSSL_ERR_reason_error_string( tlsStatus ) ) ); + } } return tlsStatus; @@ -512,23 +532,43 @@ int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext, { int32_t tlsStatus = 0; int iResult = 0; - WOLFSSL * pSsl = pNetworkContext->sslContext.ssl; + WOLFSSL * pSsl = NULL; - iResult = wolfSSL_write( pSsl, pBuffer, bytesToSend ); - - if( iResult > 0 ) + if( ( pNetworkContext == NULL ) || ( pNetworkContext->sslContext.ssl == NULL ) ) { - tlsStatus = iResult; + LogError( ( "invalid input, pNetworkContext=%p", pNetworkContext ) ); + tlsStatus = -1; } - else if( wolfSSL_want_write( pSsl ) == 1 ) + else if( pBuffer == NULL ) { - tlsStatus = 0; + LogError( ( "invalid input, pBuffer == NULL" ) ); + tlsStatus = -1; + } + else if( bytesToSend == 0 ) + { + LogError( ( "invalid input, bytesToSend == 0" ) ); + tlsStatus = -1; } else { - tlsStatus = wolfSSL_state( pSsl ); - LogError( ( "Error from wolfSL_write %d : %s ", - iResult, wolfSSL_ERR_reason_error_string( tlsStatus ) ) ); + pSsl = pNetworkContext->sslContext.ssl; + + iResult = wolfSSL_write( pSsl, pBuffer, bytesToSend ); + + if( iResult > 0 ) + { + tlsStatus = iResult; + } + else if( wolfSSL_want_write( pSsl ) == 1 ) + { + tlsStatus = 0; + } + else + { + tlsStatus = wolfSSL_state( pSsl ); + LogError( ( "Error from wolfSL_write %d : %s ", + iResult, wolfSSL_ERR_reason_error_string( tlsStatus ) ) ); + } } return tlsStatus;