From: Joonghwan Lee <jh05.lee@samsung.com>
Date: Wed, 14 Dec 2016 09:35:42 +0000 (+0900)
Subject: Fix handshake error check
X-Git-Tag: 1.3.0~965
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=29f737c0fc3a5826407a4b76a35f0bbaf58d53ce;p=platform%2Fupstream%2Fiotivity.git

Fix handshake error check

- Only delete peer info without sending alert message when socket error returned during handshake
  : this will prevent re-trying TLS handsake in order to send alert message
- Check if received data size is larger than zero

Change-Id: I3e5423b9f82e5b6bc703814fd72166844e6149b3
Signed-off-by: Joonghwan Lee <jh05.lee@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/15605
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Chul Lee <chuls.lee@samsung.com>
Reviewed-by: dongik Lee <dongik.lee@samsung.com>
Reviewed-by: Jongsung Lee <js126.lee@samsung.com>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/15887
---

diff --git a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
index b460960..303948e 100644
--- a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
+++ b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
@@ -1194,6 +1194,12 @@ static SslEndPoint_t * InitiateTlsHandshake(const CAEndpoint_t *endpoint)
         {
             break;
         }
+        else if (-1 == ret)
+        {
+            OIC_LOG(ERROR, NET_SSL_TAG, "Handshake failed due to socket error");
+            RemovePeerFromList(&tep->sep.endpoint);
+            return NULL;
+        }
         SSL_CHECK_FAIL(tep, ret, "Handshake error", 0, NULL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
     }
     OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
@@ -1816,17 +1822,20 @@ CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, uint32_t d
             oc_mutex_unlock(g_sslContextMutex);
             return CA_STATUS_FAILED;
         }
-        int adapterIndex = GetAdapterIndex(peer->sep.endpoint.adapter);
-        if (0 == adapterIndex || adapterIndex == 1)
+        else if (0 < ret)
         {
-            g_caSslContext->adapterCallbacks[adapterIndex].recvCallback(&peer->sep, decryptBuffer, ret);
-        }
-        else
-        {
-            OIC_LOG(ERROR, NET_SSL_TAG, "Unsuported adapter");
-            RemovePeerFromList(&peer->sep.endpoint);
-            oc_mutex_unlock(g_sslContextMutex);
-            return CA_STATUS_FAILED;
+            int adapterIndex = GetAdapterIndex(peer->sep.endpoint.adapter);
+            if (0 == adapterIndex || adapterIndex == 1)
+            {
+                g_caSslContext->adapterCallbacks[adapterIndex].recvCallback(&peer->sep, decryptBuffer, ret);
+            }
+            else
+            {
+                OIC_LOG(ERROR, NET_SSL_TAG, "Unsuported adapter");
+                RemovePeerFromList(&peer->sep.endpoint);
+                oc_mutex_unlock(g_sslContextMutex);
+                return CA_STATUS_FAILED;
+            }
         }
     }