diff --git a/lib/core-net/private-lib-core-net.h b/lib/core-net/private-lib-core-net.h index 0d1556a55..5e7dcbc24 100644 --- a/lib/core-net/private-lib-core-net.h +++ b/lib/core-net/private-lib-core-net.h @@ -1408,6 +1408,13 @@ lws_socks5c_handle_state(struct lws *wsi, struct lws_pollfd *pollfd, int lws_socks5c_greet(struct lws *wsi, const char **pcce); +int +lws_plat_mbedtls_net_send(void *ctx, const uint8_t *buf, size_t len); + +int +lws_plat_mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len); + + enum { LW5CHS_RET_RET0, LW5CHS_RET_BAIL3, diff --git a/lib/plat/freertos/freertos-sockets.c b/lib/plat/freertos/freertos-sockets.c index 2a9775788..4efdd07f8 100644 --- a/lib/plat/freertos/freertos-sockets.c +++ b/lib/plat/freertos/freertos-sockets.c @@ -24,6 +24,14 @@ #include "private-lib-core.h" +#if defined(LWS_WITH_MBEDTLS) +#if defined(LWS_HAVE_MBEDTLS_NET_SOCKETS) +#include "mbedtls/net_sockets.h" +#else +#include "mbedtls/net.h" +#endif +#endif + int lws_send_pipe_choked(struct lws *wsi) { @@ -259,3 +267,56 @@ lws_plat_ifconfig_ip(const char *ifname, int fd, uint8_t *ip, uint8_t *mask_ip, return -1; } + +#if defined(LWS_WITH_MBEDTLS) +int +lws_plat_mbedtls_net_send(void *ctx, const uint8_t *buf, size_t len) +{ + int fd = ((mbedtls_net_context *) ctx)->fd; + int ret; + + if (fd < 0) + return MBEDTLS_ERR_NET_INVALID_CONTEXT; + + ret = write(fd, buf, len); + if (ret >= 0) + return ret; + + if (errno == EAGAIN || errno == EWOULDBLOCK) + return MBEDTLS_ERR_SSL_WANT_WRITE; + + if (errno == EPIPE || errno == ECONNRESET) + return MBEDTLS_ERR_NET_CONN_RESET; + + if( errno == EINTR ) + return MBEDTLS_ERR_SSL_WANT_WRITE; + + return MBEDTLS_ERR_NET_SEND_FAILED; +} + +int +lws_plat_mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len) +{ + int fd = ((mbedtls_net_context *) ctx)->fd; + int ret; + + if (fd < 0) + return MBEDTLS_ERR_NET_INVALID_CONTEXT; + + ret = (int)read(fd, buf, len); + if (ret >= 0) + return ret; + + if (errno == EAGAIN || errno == EWOULDBLOCK) + return MBEDTLS_ERR_SSL_WANT_READ; + + if (errno == EPIPE || errno == ECONNRESET) + return MBEDTLS_ERR_NET_CONN_RESET; + + if (errno == EINTR) + return MBEDTLS_ERR_SSL_WANT_READ; + + return MBEDTLS_ERR_NET_RECV_FAILED; +} +#endif + diff --git a/lib/plat/optee/network.c b/lib/plat/optee/network.c index 487e9f48b..767c25499 100644 --- a/lib/plat/optee/network.c +++ b/lib/plat/optee/network.c @@ -24,6 +24,13 @@ #include "private-lib-core.h" +#if defined(LWS_WITH_MBEDTLS) +#if defined(LWS_HAVE_MBEDTLS_NET_SOCKETS) +#include "mbedtls/net_sockets.h" +#else +#include "mbedtls/net.h" +#endif +#endif int lws_plat_pipe_create(struct lws *wsi) @@ -247,4 +254,55 @@ lws_plat_inet_pton(int af, const char *src, void *dst) return 1; } +#if defined(LWS_WITH_MBEDTLS) +int +lws_plat_mbedtls_net_send(void *ctx, const uint8_t *buf, size_t len) +{ + int fd = ((mbedtls_net_context *) ctx)->fd; + int ret; + if (fd < 0) + return MBEDTLS_ERR_NET_INVALID_CONTEXT; + + ret = write(fd, buf, len); + if (ret >= 0) + return ret; + + if (errno == EAGAIN || errno == EWOULDBLOCK) + return MBEDTLS_ERR_SSL_WANT_WRITE; + + if (errno == EPIPE || errno == ECONNRESET) + return MBEDTLS_ERR_NET_CONN_RESET; + + if( errno == EINTR ) + return MBEDTLS_ERR_SSL_WANT_WRITE; + + return MBEDTLS_ERR_NET_SEND_FAILED; +} + +int +lws_plat_mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len) +{ + int fd = ((mbedtls_net_context *) ctx)->fd; + int ret; + + if (fd < 0) + return MBEDTLS_ERR_NET_INVALID_CONTEXT; + + ret = (int)read(fd, buf, len); + if (ret >= 0) + return ret; + + if (errno == EAGAIN || errno == EWOULDBLOCK) + return MBEDTLS_ERR_SSL_WANT_READ; + + if (errno == EPIPE || errno == ECONNRESET) + return MBEDTLS_ERR_NET_CONN_RESET; + + if (errno == EINTR) + return MBEDTLS_ERR_SSL_WANT_READ; + + return MBEDTLS_ERR_NET_RECV_FAILED; +} + +#endif diff --git a/lib/plat/unix/unix-sockets.c b/lib/plat/unix/unix-sockets.c index 5e7a68ac2..abdb07f9b 100644 --- a/lib/plat/unix/unix-sockets.c +++ b/lib/plat/unix/unix-sockets.c @@ -34,7 +34,13 @@ #include #include - +#if defined(LWS_WITH_MBEDTLS) +#if defined(LWS_HAVE_MBEDTLS_NET_SOCKETS) +#include "mbedtls/net_sockets.h" +#else +#include "mbedtls/net.h" +#endif +#endif int lws_send_pipe_choked(struct lws *wsi) @@ -455,3 +461,55 @@ lws_plat_ifconfig_ip(const char *ifname, int fd, uint8_t *ip, uint8_t *mask_ip, return -1; #endif } + +#if defined(LWS_WITH_MBEDTLS) +int +lws_plat_mbedtls_net_send(void *ctx, const uint8_t *buf, size_t len) +{ + int fd = ((mbedtls_net_context *) ctx)->fd; + int ret; + + if (fd < 0) + return MBEDTLS_ERR_NET_INVALID_CONTEXT; + + ret = write(fd, buf, len); + if (ret >= 0) + return ret; + + if (errno == EAGAIN || errno == EWOULDBLOCK) + return MBEDTLS_ERR_SSL_WANT_WRITE; + + if (errno == EPIPE || errno == ECONNRESET) + return MBEDTLS_ERR_NET_CONN_RESET; + + if( errno == EINTR ) + return MBEDTLS_ERR_SSL_WANT_WRITE; + + return MBEDTLS_ERR_NET_SEND_FAILED; +} + +int +lws_plat_mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len) +{ + int fd = ((mbedtls_net_context *) ctx)->fd; + int ret; + + if (fd < 0) + return MBEDTLS_ERR_NET_INVALID_CONTEXT; + + ret = (int)read(fd, buf, len); + if (ret >= 0) + return ret; + + if (errno == EAGAIN || errno == EWOULDBLOCK) + return MBEDTLS_ERR_SSL_WANT_READ; + + if (errno == EPIPE || errno == ECONNRESET) + return MBEDTLS_ERR_NET_CONN_RESET; + + if (errno == EINTR) + return MBEDTLS_ERR_SSL_WANT_READ; + + return MBEDTLS_ERR_NET_RECV_FAILED; +} +#endif diff --git a/lib/plat/windows/windows-sockets.c b/lib/plat/windows/windows-sockets.c index f3d3ec20b..e52dd62da 100644 --- a/lib/plat/windows/windows-sockets.c +++ b/lib/plat/windows/windows-sockets.c @@ -27,6 +27,13 @@ #endif #include "private-lib-core.h" +#if defined(LWS_WITH_MBEDTLS) +#if defined(LWS_HAVE_MBEDTLS_NET_SOCKETS) +#include "mbedtls/net_sockets.h" +#else +#include "mbedtls/net.h" +#endif +#endif int lws_send_pipe_choked(struct lws *wsi) @@ -380,3 +387,49 @@ lws_plat_ifconfig_ip(const char *ifname, int fd, uint8_t *ip, uint8_t *mask_ip, return -1; } +#if defined(LWS_WITH_MBEDTLS) +int +lws_plat_mbedtls_net_send(void *ctx, const uint8_t *buf, size_t len) +{ + int fd = ((mbedtls_net_context *) ctx)->fd; + int ret; + + if (fd < 0) + return MBEDTLS_ERR_NET_INVALID_CONTEXT; + + ret = write(fd, buf, len); + if (ret >= 0) + return ret; + + if (errno == EAGAIN || errno == EWOULDBLOCK) + return MBEDTLS_ERR_SSL_WANT_WRITE; + + if (WSAGetLastError() == WSAECONNRESET ) + return( MBEDTLS_ERR_NET_CONN_RESET ); + + return MBEDTLS_ERR_NET_SEND_FAILED; +} + +int +lws_plat_mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len) +{ + int fd = ((mbedtls_net_context *) ctx)->fd; + int ret; + + if (fd < 0) + return MBEDTLS_ERR_NET_INVALID_CONTEXT; + + ret = (int)read(fd, buf, len); + if (ret >= 0) + return ret; + + if (errno == EAGAIN || errno == EWOULDBLOCK) + return MBEDTLS_ERR_SSL_WANT_READ; + + if (WSAGetLastError() == WSAECONNRESET) + return MBEDTLS_ERR_NET_CONN_RESET; + + return MBEDTLS_ERR_NET_RECV_FAILED; +} +#endif + diff --git a/lib/tls/mbedtls/wrapper/platform/ssl_pm.c b/lib/tls/mbedtls/wrapper/platform/ssl_pm.c index 15f2b962f..a5bddea20 100755 --- a/lib/tls/mbedtls/wrapper/platform/ssl_pm.c +++ b/lib/tls/mbedtls/wrapper/platform/ssl_pm.c @@ -67,6 +67,7 @@ struct pkey_pm unsigned int max_content_len; + /*********************************************************************************************/ /************************************ SSL arch interface *************************************/ @@ -185,7 +186,9 @@ int ssl_pm_new(SSL *ssl) goto mbedtls_err2; } - mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL); + mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, + lws_plat_mbedtls_net_send, + lws_plat_mbedtls_net_recv, NULL); ssl->ssl_pm = ssl_pm;