Skip to content

Commit

Permalink
Update unused headers and NULL checks for platform wrappers (FreeRTOS…
Browse files Browse the repository at this point in the history 
…#367)

- Remove unused headers in the plaintext FreeRTOS sockets wrapper
- Update MFLN even though the preceding optional configuration returned an mbedTLS error
- Remove an unused `NULL` check in a private method that is already checked by the public connect method
- Add a `NULL` check to the public disconnect method

Co-authored-by: Joseph Julicher <jjulicher@mac.com>
  • Loading branch information
@yourslab @n9wxu
yourslab and n9wxu authored Oct 28, 2020
1 parent ca9dcda commit 559772a
Show file tree
Hide file tree
Showing 3 changed files with 86 additions and 86 deletions.
2 changes: 0 additions & 2 deletions ...OS-Plus/Source/Application-Protocols/platform/freertos/transport/src/plaintext_freertos.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,6 @@

/* FreeRTOS includes. */
#include "FreeRTOS.h"
#include "atomic.h"
#include "semphr.h"

/* FreeRTOS+TCP includes. */
#include "FreeRTOS_IP.h"
Expand Down
83 changes: 41 additions & 42 deletions FreeRTOS-Plus/Source/Application-Protocols/platform/freertos/transport/src/tls_freertos.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -328,12 +328,9 @@ static int32_t setCredentials( SSLContext_t * pSslContext,
mbedtls_ssl_conf_cert_profile( &( pSslContext->config ),
&( pSslContext->certProfile ) );

if( pNetworkCredentials->pRootCa != NULL )
{
mbedtlsError = setRootCa( pSslContext,
pNetworkCredentials->pRootCa,
pNetworkCredentials->rootCaSize );
}
mbedtlsError = setRootCa( pSslContext,
pNetworkCredentials->pRootCa,
pNetworkCredentials->rootCaSize );

if( ( pNetworkCredentials->pClientCert != NULL ) &&
( pNetworkCredentials->pPrivateKey != NULL ) )
Expand Down Expand Up @@ -405,8 +402,7 @@ static void setOptionalConfigurations( SSLContext_t * pSslContext,

/* Set Maximum Fragment Length if enabled. */
#ifdef MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
if( 0 == mbedtlsError )
{

/* Enable the max fragment extension. 4096 bytes is currently the largest fragment size permitted.
* See RFC 8449 https://tools.ietf.org/html/rfc8449 for more information.
*
Expand All @@ -420,9 +416,7 @@ static void setOptionalConfigurations( SSLContext_t * pSslContext,
mbedtlsHighLevelCodeOrDefault( mbedtlsError ),
mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) );
}
}
#endif

#endif /* ifdef MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
}
/*-----------------------------------------------------------*/

Expand Down Expand Up @@ -672,12 +666,14 @@ TlsTransportStatus_t TLS_FreeRTOS_Connect( NetworkContext_t * pNetworkContext,
/* Clean up on failure. */
if( returnStatus != TLS_TRANSPORT_SUCCESS )
{
sslContextFree( &( pNetworkContext->sslContext ) );

if( ( pNetworkContext != NULL ) &&
( pNetworkContext->tcpSocket != FREERTOS_INVALID_SOCKET ) )
if( pNetworkContext != NULL )
{
( void ) FreeRTOS_closesocket( pNetworkContext->tcpSocket );
sslContextFree( &( pNetworkContext->sslContext ) );

if( pNetworkContext->tcpSocket != FREERTOS_INVALID_SOCKET )
{
( void ) FreeRTOS_closesocket( pNetworkContext->tcpSocket );
}
}
}
else
Expand All @@ -695,40 +691,43 @@ void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext )
{
BaseType_t tlsStatus = 0;

/* Attempting to terminate TLS connection. */
tlsStatus = ( BaseType_t ) mbedtls_ssl_close_notify( &( pNetworkContext->sslContext.context ) );

/* Ignore the WANT_READ and WANT_WRITE return values. */
if( ( tlsStatus != ( BaseType_t ) MBEDTLS_ERR_SSL_WANT_READ ) &&
( tlsStatus != ( BaseType_t ) MBEDTLS_ERR_SSL_WANT_WRITE ) )
if( pNetworkContext != NULL )
{
if( tlsStatus == 0 )
/* Attempting to terminate TLS connection. */
tlsStatus = ( BaseType_t ) mbedtls_ssl_close_notify( &( pNetworkContext->sslContext.context ) );

/* Ignore the WANT_READ and WANT_WRITE return values. */
if( ( tlsStatus != ( BaseType_t ) MBEDTLS_ERR_SSL_WANT_READ ) &&
( tlsStatus != ( BaseType_t ) MBEDTLS_ERR_SSL_WANT_WRITE ) )
{
LogInfo( ( "(Network connection %p) TLS close-notify sent.",
pNetworkContext ) );
if( tlsStatus == 0 )
{
LogInfo( ( "(Network connection %p) TLS close-notify sent.",
pNetworkContext ) );
}
else
{
LogError( ( "(Network connection %p) Failed to send TLS close-notify: mbedTLSError= %s : %s.",
pNetworkContext,
mbedtlsHighLevelCodeOrDefault( tlsStatus ),
mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) );
}
}
else
{
LogError( ( "(Network connection %p) Failed to send TLS close-notify: mbedTLSError= %s : %s.",
pNetworkContext,
mbedtlsHighLevelCodeOrDefault( tlsStatus ),
mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) );
/* WANT_READ and WANT_WRITE can be ignored. Logging for debugging purposes. */
LogInfo( ( "(Network connection %p) TLS close-notify sent; ",
"received %s as the TLS status can be ignored for close-notify."
( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) ? "WANT_READ" : "WANT_WRITE",
pNetworkContext ) );
}
}
else
{
/* WANT_READ and WANT_WRITE can be ignored. Logging for debugging purposes. */
LogInfo( ( "(Network connection %p) TLS close-notify sent; ",
"received %s as the TLS status can be ignored for close-notify."
( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) ? "WANT_READ" : "WANT_WRITE",
pNetworkContext ) );
}

/* Call socket shutdown function to close connection. */
Sockets_Disconnect( pNetworkContext->tcpSocket );
/* Call socket shutdown function to close connection. */
Sockets_Disconnect( pNetworkContext->tcpSocket );

/* Free mbed TLS contexts. */
sslContextFree( &( pNetworkContext->sslContext ) );
/* Free mbed TLS contexts. */
sslContextFree( &( pNetworkContext->sslContext ) );
}

/* Clear the mutex functions for mbed TLS thread safety. */
mbedtls_threading_free_alt();
Expand Down
87 changes: 45 additions & 42 deletions ...S-Plus/Source/Application-Protocols/platform/freertos/transport/src/tls_freertos_pkcs11.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -395,24 +395,24 @@ static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetworkContext,

/* Set Maximum Fragment Length if enabled. */
#ifdef MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
if( returnStatus == TLS_TRANSPORT_SUCCESS )
{
/* Enable the max fragment extension. 4096 bytes is currently the largest fragment size permitted.
* See RFC 8449 https://tools.ietf.org/html/rfc8449 for more information.
*
* Smaller values can be found in "mbedtls/include/ssl.h".
*/
mbedtlsError = mbedtls_ssl_conf_max_frag_len( &( pNetworkContext->sslContext.config ), MBEDTLS_SSL_MAX_FRAG_LEN_4096 );

if( mbedtlsError != 0 )
if( returnStatus == TLS_TRANSPORT_SUCCESS )
{
LogError( ( "Failed to maximum fragment length extension: mbedTLSError= %s : %s.",
mbedtlsHighLevelCodeOrDefault( mbedtlsError ),
mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) );
returnStatus = TLS_TRANSPORT_INTERNAL_ERROR;
/* Enable the max fragment extension. 4096 bytes is currently the largest fragment size permitted.
* See RFC 8449 https://tools.ietf.org/html/rfc8449 for more information.
*
* Smaller values can be found in "mbedtls/include/ssl.h".
*/
mbedtlsError = mbedtls_ssl_conf_max_frag_len( &( pNetworkContext->sslContext.config ), MBEDTLS_SSL_MAX_FRAG_LEN_4096 );

if( mbedtlsError != 0 )
{
LogError( ( "Failed to maximum fragment length extension: mbedTLSError= %s : %s.",
mbedtlsHighLevelCodeOrDefault( mbedtlsError ),
mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) );
returnStatus = TLS_TRANSPORT_INTERNAL_ERROR;
}
}
}
#endif
#endif /* ifdef MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */

if( returnStatus == TLS_TRANSPORT_SUCCESS )
{
Expand Down Expand Up @@ -853,40 +853,43 @@ void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext )
{
BaseType_t tlsStatus = 0;

/* Attempting to terminate TLS connection. */
tlsStatus = ( BaseType_t ) mbedtls_ssl_close_notify( &( pNetworkContext->sslContext.context ) );

/* Ignore the WANT_READ and WANT_WRITE return values. */
if( ( tlsStatus != ( BaseType_t ) MBEDTLS_ERR_SSL_WANT_READ ) &&
( tlsStatus != ( BaseType_t ) MBEDTLS_ERR_SSL_WANT_WRITE ) )
if( pNetworkContext != NULL )
{
if( tlsStatus == 0 )
/* Attempting to terminate TLS connection. */
tlsStatus = ( BaseType_t ) mbedtls_ssl_close_notify( &( pNetworkContext->sslContext.context ) );

/* Ignore the WANT_READ and WANT_WRITE return values. */
if( ( tlsStatus != ( BaseType_t ) MBEDTLS_ERR_SSL_WANT_READ ) &&
( tlsStatus != ( BaseType_t ) MBEDTLS_ERR_SSL_WANT_WRITE ) )
{
LogInfo( ( "(Network connection %p) TLS close-notify sent.",
pNetworkContext ) );
if( tlsStatus == 0 )
{
LogInfo( ( "(Network connection %p) TLS close-notify sent.",
pNetworkContext ) );
}
else
{
LogError( ( "(Network connection %p) Failed to send TLS close-notify: mbedTLSError= %s : %s.",
pNetworkContext,
mbedtlsHighLevelCodeOrDefault( tlsStatus ),
mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) );
}
}
else
{
LogError( ( "(Network connection %p) Failed to send TLS close-notify: mbedTLSError= %s : %s.",
pNetworkContext,
mbedtlsHighLevelCodeOrDefault( tlsStatus ),
mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) );
/* WANT_READ and WANT_WRITE can be ignored. Logging for debugging purposes. */
LogInfo( ( "(Network connection %p) TLS close-notify sent; ",
"received %s as the TLS status can be ignored for close-notify."
( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) ? "WANT_READ" : "WANT_WRITE",
pNetworkContext ) );
}
}
else
{
/* WANT_READ and WANT_WRITE can be ignored. Logging for debugging purposes. */
LogInfo( ( "(Network connection %p) TLS close-notify sent; ",
"received %s as the TLS status can be ignored for close-notify."
( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) ? "WANT_READ" : "WANT_WRITE",
pNetworkContext ) );
}

/* Call socket shutdown function to close connection. */
Sockets_Disconnect( pNetworkContext->tcpSocket );
/* Call socket shutdown function to close connection. */
Sockets_Disconnect( pNetworkContext->tcpSocket );

/* Free mbed TLS contexts. */
sslContextFree( &( pNetworkContext->sslContext ) );
/* Free mbed TLS contexts. */
sslContextFree( &( pNetworkContext->sslContext ) );
}

/* Clear the mutex functions for mbed TLS thread safety. */
mbedtls_threading_free_alt();
Expand Down

0 comments on commit 559772a

Please sign in to comment.