Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't remap MBEDTLS_ERR_MPS_RETRY to MBEDTLS_ERR_SSL_WANT_READ #232

Open
hanno-becker opened this issue Apr 26, 2021 · 0 comments
Open

Don't remap MBEDTLS_ERR_MPS_RETRY to MBEDTLS_ERR_SSL_WANT_READ #232

hanno-becker opened this issue Apr 26, 2021 · 0 comments
Labels
bug

Comments

@hanno-becker
Copy link
Collaborator

hanno-becker commented Apr 26, 2021
edited
Loading

MBEDTLS_ERR_MPS_RETRY signals that the last API call should be retried. It's different from MBEDTLS_ERR_SSL_WANT_READ in that is does not imply that more data is required from the underlying transport.

In mbedtls_ssl_mps_remap_error(), we're remapping MBEDTLS_ERR_MPS_RETRY to MBEDTLS_ERR_SSL_WANT_READ, which looks like a temporary patch rather than something thought through.

This issue is to track finding and implementing a proper solution to this. Two approaches are:

  1. Loop at some point within the TLS stack when MBEDTLS_ERR_MPS_RETRY is generated. That's what the legacy messaging stack does when the equivalent internal error code MBEDTLS_ERR_SSL_CONTINUE_PROCESSING is generated.
  2. Forward the error code to the user. In this case, it probably still needs to be remapped to the SSL namespace, added to the public API, and documented.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hanno-becker