From fc007eeef5ddf53fd990290acaea745b330bb507 Mon Sep 17 00:00:00 2001 From: Robert Lubos Date: Mon, 16 Sep 2024 16:52:34 +0200 Subject: [PATCH] net: sockets: tls: Prevent infinite block during handshake In case peer goes down or we disconnect from the network during the TLS handshake, the TLS socket may block indefinitely during connect()/accept(), waiting for data from the peer. This should be avoided, hence use the preconfigured timeout for the TLS handshake, same as we use for TCP-level handshake. Signed-off-by: Robert Lubos --- subsys/net/lib/sockets/sockets_tls.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/subsys/net/lib/sockets/sockets_tls.c b/subsys/net/lib/sockets/sockets_tls.c index 8005796a1ce..4d190891377 100644 --- a/subsys/net/lib/sockets/sockets_tls.c +++ b/subsys/net/lib/sockets/sockets_tls.c @@ -2181,7 +2181,8 @@ int ztls_connect_ctx(struct tls_context *ctx, const struct sockaddr *addr, /* TODO For simplicity, TLS handshake blocks the socket * even for non-blocking socket. */ - ret = tls_mbedtls_handshake(ctx, K_FOREVER); + ret = tls_mbedtls_handshake( + ctx, K_MSEC(CONFIG_NET_SOCKETS_CONNECT_TIMEOUT)); if (ret < 0) { goto error; } @@ -2238,7 +2239,8 @@ int ztls_accept_ctx(struct tls_context *parent, struct sockaddr *addr, /* TODO For simplicity, TLS handshake blocks the socket even for * non-blocking socket. */ - ret = tls_mbedtls_handshake(child, K_FOREVER); + ret = tls_mbedtls_handshake( + child, K_MSEC(CONFIG_NET_SOCKETS_CONNECT_TIMEOUT)); if (ret < 0) { goto error; } @@ -2379,6 +2381,9 @@ static ssize_t sendto_dtls_client(struct tls_context *ctx, const void *buf, /* TODO For simplicity, TLS handshake blocks the socket even for * non-blocking socket. + * DTLS handshake timeout/retransmissions are limited by + * mbed TLS, so K_FOREVER is fine here, the function will not + * block indefinitely. */ ret = tls_mbedtls_handshake(ctx, K_FOREVER); if (ret < 0) {