TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / a817ea449a16c2a724478492996c157979300035^! / . / library
commita817ea449a16c2a724478492996c157979300035[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Tue Oct 20 15:20:23 2020 +0100
committerHanno Becker <hanno.becker@arm.com>Tue Oct 20 15:29:14 2020 +0100
tree12a8c2e1c10e21550c838c72d5806340038da6d7
parent8f24a8bb3401b4c8d5fef63f415f5a1ae1f840eb [diff]
Check presence of DTLS timers only once

Mbed TLS requires users of DTLS to configure timer callbacks
needed to implement the wait-and-retransmit logic of DTLS.

Previously, the presence of these timer callbacks was checked
at every invocation of `mbedtls_ssl_fetch_input()`, so lowest
layer of the messaging stack interfacing with the underlying
transport.

This commit removes this recurring check and instead checks the
presence of timers once at the beginning of the handshake.

The main rationale for this change is that it is a step towards
separating the various layers of the messaging stack more cleanly:
datagram layer, record layer, message layer, retransmission layer.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 981d94e..bdf882d 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c

@@ -2018,14 +2018,6 @@
     {
         uint32_t timeout;
 
-        /* Just to be sure */
-        if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use "
-                        "mbedtls_ssl_set_timer_cb() for DTLS" ) );
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        }
-
         /*
          * The point is, we need to always read a full datagram at once, so we
          * sometimes read more then requested, and handle the additional data.

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7062d53..34953f2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -5682,11 +5682,24 @@
 {
     int ret = 0;
 
+    /* Sanity checks */
+
     if( ssl == NULL || ssl->conf == NULL )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use "
+                                     "mbedtls_ssl_set_timer_cb() for DTLS" ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
 
+    /* Main handshake loop */
     while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
     {
         ret = mbedtls_ssl_handshake_step( ssl );