[En-Nut-Discussion] [PATCH 2/2] FIX: TLS when sending & receiving simultaneously

[Krzysztof Sawicki]

---
 nut/tls/tls1.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/nut/tls/tls1.c b/nut/tls/tls1.c
index 2d76eb9..de46e6d 100644
--- a/nut/tls/tls1.c
+++ b/nut/tls/tls1.c
@@ -936,7 +936,6 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
         }
     }
 
-    SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
     ssl->bm_index = 0;
 
     if (protocol != PT_APP_PROTOCOL_DATA)
@@ -1143,6 +1142,13 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     int read_len, is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
     uint8_t *buf = ssl->bm_data;
 
+    uint32_t avail = 0;
+    NutTcpDeviceIOCtl((TCPSOCKET *) ssl->client_fd, IOCTL_GETINBUFCOUNT, &avail);
+    if (avail < ssl->need_bytes) {
+        NutThreadYield();       // allow another thread to receive data from network
+        return SSL_OK;
+    }
+
     read_len = NutTcpReceive ((TCPSOCKET *)ssl->client_fd, &buf[ssl->bm_read_index],
                             ssl->need_bytes-ssl->got_bytes);
 
-- 
2.7.4


Comment:

let's consider following situation:

we call:
a) ssl_read() 
b) ssl_write()
c) ssl_read()

ad. a - we get only ssl header (5B), so ssl_read returns 0
ad. b - send some data
ad. c - error - SSL_ERROR_INVALID_PROT_MSG - it is because ssl_write->send_packet->send_raw_packet sets SET_SSL_FLAG(SSL_NEED_RECORD) so we expect SSL header again but get SSL data


and another situation:
a) ssl_read()
b) ssl_write()
c) ssl_read()

ad. a - we get part of data, so ssl_read returns 0
ad. b - send some data
ad. c - error - SSL_ERROR_INVALID_HMAC - it is because ssl_write overwrites rx buffer (ssl->bm_data); my solution is to check if whole SSL data field is available in TCP buffer and read it at once, not part by part