Add guards for closed socket in net.c

This is particularly problematic when calling FD_SET( -1, ... ), but let's
check it in all functions.

This was introduced with the new API and the fact the net_free() now sets the
internal fd to -1 in order to mark it as closed: now using this information.

library/error.c

@@ -640,6 +640,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
         mbedtls_snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" );
     if( use_ret == -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL) )
         mbedtls_snprintf( buf, buflen, "NET - Buffer is too small to hold the data" );
+    if( use_ret == -(MBEDTLS_ERR_NET_INVALID_CONTEXT) )
+        mbedtls_snprintf( buf, buflen, "NET - The context is invalid, eg because it was free()ed" );
 #endif /* MBEDTLS_NET_C */
 
 #if defined(MBEDTLS_OID_C)

library/net.c

@@ -448,8 +448,13 @@ void mbedtls_net_usleep( unsigned long usec )
  */
 int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
 {
+    int ret;
     int fd = ((mbedtls_net_context *) ctx)->fd;
-    int ret = (int) read( fd, buf, len );
+
+    if( fd < 0 )
+        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+
+    ret = (int) read( fd, buf, len );
 
     if( ret < 0 )
     {
@@ -485,6 +490,9 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
     fd_set read_fds;
     int fd = ((mbedtls_net_context *) ctx)->fd;
 
+    if( fd < 0 )
+        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+
     FD_ZERO( &read_fds );
     FD_SET( fd, &read_fds );
 
@@ -520,8 +528,13 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
  */
 int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
 {
+    int ret;
     int fd = ((mbedtls_net_context *) ctx)->fd;
-    int ret = (int) write( fd, buf, len );
+
+    if( fd < 0 )
+        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+
+    ret = (int) write( fd, buf, len );
 
     if( ret < 0 )
     {