Commit cbf1ccad authored by Oleksii Beketov's avatar Oleksii Beketov Committed by Phil Coval
parent f3d056b1
...@@ -174,7 +174,7 @@ if (g_sslCallback) ...@@ -174,7 +174,7 @@ if (g_sslCallback)
* @param[in] ret error code * @param[in] ret error code
* @param[in] str debug string * @param[in] str debug string
* @param[in] mutex ca mutex * @param[in] mutex ca mutex
* @param[in] return error code * @param[in] if code does not equal to -1 returns error code
* @param[in] msg allert message * @param[in] msg allert message
*/ */
#define SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg) \ #define SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg) \
...@@ -203,7 +203,10 @@ if (0 != (ret) && MBEDTLS_ERR_SSL_WANT_READ != (int) (ret) && ...@@ -203,7 +203,10 @@ if (0 != (ret) && MBEDTLS_ERR_SSL_WANT_READ != (int) (ret) &&
oc_mutex_unlock(g_sslContextMutex); \ oc_mutex_unlock(g_sslContextMutex); \
} \ } \
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); \ OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); \
return (error); \ if (-1 != error) \
{ \
return (error); \
} \
} }
/** @def CHECK_MBEDTLS_RET(f, ...) /** @def CHECK_MBEDTLS_RET(f, ...)
* A macro that checks \a f function return code * A macro that checks \a f function return code
...@@ -363,6 +366,10 @@ typedef struct SslContext ...@@ -363,6 +366,10 @@ typedef struct SslContext
bool cipherFlag[2]; bool cipherFlag[2];
int selectedCipher; int selectedCipher;
#ifdef __WITH_DTLS__
int timerId;
#endif
} SslContext_t; } SslContext_t;
/** /**
...@@ -1187,7 +1194,18 @@ static SslEndPoint_t * InitiateTlsHandshake(const CAEndpoint_t *endpoint) ...@@ -1187,7 +1194,18 @@ static SslEndPoint_t * InitiateTlsHandshake(const CAEndpoint_t *endpoint)
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
return tep; return tep;
} }
#ifdef __WITH_DTLS__
/**
* Stops DTLS retransmission.
*/
static void StopRetransmit()
{
if (g_caSslContext)
{
unregisterTimer(g_caSslContext->timerId);
}
}
#endif
void CAdeinitSslAdapter() void CAdeinitSslAdapter()
{ {
OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__); OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
...@@ -1214,7 +1232,9 @@ void CAdeinitSslAdapter() ...@@ -1214,7 +1232,9 @@ void CAdeinitSslAdapter()
#endif // __WITH_DTLS__ #endif // __WITH_DTLS__
mbedtls_ctr_drbg_free(&g_caSslContext->rnd); mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
mbedtls_entropy_free(&g_caSslContext->entropy); mbedtls_entropy_free(&g_caSslContext->entropy);
#ifdef __WITH_DTLS__
StopRetransmit();
#endif
// De-initialize tls Context // De-initialize tls Context
OICFree(g_caSslContext); OICFree(g_caSslContext);
g_caSslContext = NULL; g_caSslContext = NULL;
...@@ -1257,30 +1277,25 @@ static int InitConfig(mbedtls_ssl_config * conf, int transport, int mode) ...@@ -1257,30 +1277,25 @@ static int InitConfig(mbedtls_ssl_config * conf, int transport, int mode)
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
return 0; return 0;
} }
#ifdef __WITH_DTLS__
/** /**
* Starts DTLS retransmission. * Starts DTLS retransmission.
*/ */
static void StartRetransmit() static int StartRetransmit()
{ {
static int timerId = -1;
uint32_t listIndex = 0; uint32_t listIndex = 0;
uint32_t listLength = 0; uint32_t listLength = 0;
SslEndPoint_t *tep = NULL; SslEndPoint_t *tep = NULL;
if (timerId != -1) if (NULL == g_caSslContext)
{
OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL. Stop retransmission");
return -1;
}
oc_mutex_lock(g_sslContextMutex);
if (g_caSslContext->timerId != -1)
{ {
//clear previous timer //clear previous timer
unregisterTimer(timerId); unregisterTimer(g_caSslContext->timerId);
oc_mutex_lock(g_sslContextMutex);
//stop retransmission if context is invalid
if(NULL == g_caSslContext)
{
OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL. Stop retransmission");
oc_mutex_unlock(g_sslContextMutex);
return;
}
listLength = u_arraylist_length(g_caSslContext->peerList); listLength = u_arraylist_length(g_caSslContext->peerList);
for (listIndex = 0; listIndex < listLength; listIndex++) for (listIndex = 0; listIndex < listLength; listIndex++)
...@@ -1293,16 +1308,20 @@ static void StartRetransmit() ...@@ -1293,16 +1308,20 @@ static void StartRetransmit()
continue; continue;
} }
int ret = mbedtls_ssl_handshake_step(&tep->ssl); int ret = mbedtls_ssl_handshake_step(&tep->ssl);
if (0 != ret && MBEDTLS_ERR_SSL_CONN_EOF != ret)
if (MBEDTLS_ERR_SSL_CONN_EOF != ret)
{ {
OIC_LOG_V(ERROR, NET_SSL_TAG, "Retransmission error: -0x%x", -ret); SSL_CHECK_FAIL(tep, ret, "Retransmission", NULL, -1,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
} }
} }
oc_mutex_unlock(g_sslContextMutex);
} }
//start new timer //start new timer
registerTimer(RETRANSMISSION_TIME, &timerId, (void *) StartRetransmit); registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
oc_mutex_unlock(g_sslContextMutex);
return 0;
} }
#endif
CAResult_t CAinitSslAdapter() CAResult_t CAinitSslAdapter()
{ {
...@@ -1446,10 +1465,13 @@ CAResult_t CAinitSslAdapter() ...@@ -1446,10 +1465,13 @@ CAResult_t CAinitSslAdapter()
mbedtls_x509_crl_init(&g_caSslContext->crl); mbedtls_x509_crl_init(&g_caSslContext->crl);
#ifdef __WITH_DTLS__ #ifdef __WITH_DTLS__
StartRetransmit(); g_caSslContext->timerId = -1;
#endif #endif
oc_mutex_unlock(g_sslContextMutex); oc_mutex_unlock(g_sslContextMutex);
#ifdef __WITH_DTLS__
StartRetransmit();
#endif
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
return CA_STATUS_OK; return CA_STATUS_OK;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment