From f281a8e1232ddfdb5a8ff8e702854a79a90fc273 Mon Sep 17 00:00:00 2001
From: Joonghwan Lee <jh05.lee@samsung.com>
Date: Thu, 22 Dec 2016 11:51:40 +0900
Subject: [PATCH] Send alert after bad client hello

Fix the following situation:
1. client tries OTM to server
2. OTM completed
3. network of server goes down and up => DTLS session has been removed
4. client tries to send a request to secure resource(e.g., /oic/sec/acl)
5. server prints bad client error(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO), and then ignore this
6. client never gets a response of it even if re-tries to sent same message

Change-Id: Ie2cd3eaa49fc8782522126799994a5cd47cfaf4e
Signed-off-by: Dmitriy Zhuravlev <d.zhuravlev@samsung.com>
Signed-off-by: Oleksii Beketov <ol.beketov@samsung.com>
Signed-off-by: Joonghwan Lee <jh05.lee@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/15853
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
(cherry picked from commit 7241811f3c1fba031aff1f1fc90f81f6a8a9a038)
Reviewed-on: https://gerrit.iotivity.org/gerrit/15855
Tested-by: jenkins-iotivity <jenkins@iotivity.org>
Reviewed-by: Kevin Kane <kkane@microsoft.com>
Reviewed-by: Mats Wichmann <mats@linux.com>
---
 .../src/adapter_util/ca_adapter_net_ssl.c          | 33 +++++++++++++---------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
index 01f9a9d..31e947e 100644
--- a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
+++ b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
@@ -214,25 +214,32 @@ if (g_sslCallback)
  * @param[in] msg allert message
  */
 #define SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg)                                          \
-if (0 != (ret) && MBEDTLS_ERR_SSL_WANT_READ != (int) (ret) &&                                      \
-    MBEDTLS_ERR_SSL_WANT_WRITE != (int) (ret) &&                                                   \
+if (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY != (int) (ret) &&                                            \
     MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED != (int) (ret) &&                                        \
-    MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY != (int) (ret))                                              \
+    MBEDTLS_ERR_SSL_WANT_READ != (int) (ret) &&                                                    \
+    MBEDTLS_ERR_SSL_WANT_WRITE != (int) (ret) &&                                                   \
+    MBEDTLS_ERR_SSL_NON_FATAL != (int) (ret) &&                                                    \
+    MBEDTLS_SSL_ALERT_MSG_USER_CANCELED != (int) (ret) &&                                          \
+    MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION != (int) (ret) &&                                       \
+    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT != (int) (ret) &&                                        \
+    MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY != (int) (ret) &&                                           \
+    MBEDTLS_SSL_ALERT_MSG_NO_CERT != (int) (ret) &&                                                \
+    MBEDTLS_SSL_ALERT_MSG_BAD_CERT != (int) (ret) &&                                               \
+    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT != (int) (ret) &&                                       \
+    MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED != (int) (ret) &&                                           \
+    MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED != (int) (ret) &&                                           \
+    MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN != (int) (ret) &&                                           \
+    MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK != (int) (ret) &&                                  \
+    MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME != (int) (ret) &&                                      \
+    MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY != (int) (ret) &&                                   \
+    MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL != (int) (ret))                                  \
 {                                                                                                  \
     OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -(ret));                                     \
-    if ((int) MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE != (int) (ret) &&                                \
-       (int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int) (ret))                                   \
+    if ((int) MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE != (int) (ret))                                  \
     {                                                                                              \
         mbedtls_ssl_send_alert_message(&(peer)->ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, (msg));        \
     }                                                                                              \
-    if ((int) MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE == (int) (ret) &&                                \
-        ((int) MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED == (peer)->ssl.in_msg[1] ||                 \
-         (int) MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR == (peer)->ssl.in_msg[1] ||                     \
-         (int) MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE == (peer)->ssl.in_msg[1] ||                 \
-         (int) MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC == (peer)->ssl.in_msg[1]))                     \
-    {                                                                                              \
-        SSL_RES((peer), CA_DTLS_AUTHENTICATION_FAILURE);                                           \
-    }                                                                                              \
+    SSL_RES((peer), CA_DTLS_AUTHENTICATION_FAILURE);                                               \
     RemovePeerFromList(&(peer)->sep.endpoint);                                                     \
     if (mutex)                                                                                     \
     {                                                                                              \
-- 
2.7.4