Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build in NET errors in error.c, even if MBEDTLS_NET_C is not defined #1997

Open
NWilson opened this issue Aug 30, 2018 · 1 comment
Open

Build in NET errors in error.c, even if MBEDTLS_NET_C is not defined #1997

NWilson opened this issue Aug 30, 2018 · 1 comment
Labels
component-tls enhancement historical-reviewing Currently reviewing (for legacy PR/issues)

Comments

@NWilson
Copy link
Contributor

NWilson commented Aug 30, 2018
edited
Loading

Description

  • Type: Enhancement
  • Priority: Minor

We are not using mbedTLS's "net" functions, instead we provide our own I/O layer which feeds data to mbedTLS from our C++ in-out streams. (This allows us to run our MbedTlsEngine over any stream - a memory stream for testing, a socket stream, or a thread IPC stream...) I would expect that it is fairly common for users to run mbedTLS over their own I/O abstraction, rather than using the "net" functions to hand raw sockets to mbedTLS.

For those of us using mbedtls_ssl_set_bio, we need to choose some return codes to use in our mbedtls_ssl_send_t and mbedtls_ssl_recv_t functions. We are using codes such as MBEDTLS_ERR_NET_RECV_FAILED, since we have to choose error codes that are allocated from among the mbedTLS numbers (we wouldn't want to return numbers that clash with a future allocation). Those are the natural return codes to be using. mbedTLS does kind-of assume that the return values from the send/receive functions are within its own space of allocated codes, since it checks for specific values from the functions, such as MBEDTLS_ERR_SSL_WANT_READ.

Would it be possible to build in the "_NET_" error codes, in error.c, even if MBEDTLS_NET_C is not defined? Otherwise - what codes are you expecting people to return from their mbedtls_ssl_send_t and mbedtls_ssl_recv_t functions? These codes represent a special case; even if customers are not using the "net" layer, the corresponding error numbers are still probably/possibly in use.
@RonEld RonEld mentioned this issue Sep 2, 2018
Open
@RonEld
Copy link
Contributor

RonEld commented Sep 2, 2018

@NWilson Thank you for raising this
Your use case is reasonable, and we will consider it. Note that this is not entirely according to Mbed TLS architecture, however the networking module is a bit of an exception, as MBEDTLS_NET_C defines the networking module for specific use case, and we do allow "alternative" implementations(through the set_bio function), but not through a *_ALT interface.

your example on MBEDTLS_ERR_SSL_WANT_READ and MBEDTLS_ERR_SSL_WANT_WRITE may actually reflect a bug, of a missing dependency, or missing errors. I have raised #2000 to track it.

@daverodgman daverodgman added the historical-reviewing Currently reviewing (for legacy PR/issues) label Oct 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component-tls enhancement historical-reviewing Currently reviewing (for legacy PR/issues)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@NWilson @daverodgman @RonEld