Check presence of DTLS timers only once

Mbed TLS requires users of DTLS to configure timer callbacks needed to implement the wait-and-retransmit logic of DTLS. Previously, the presence of these timer callbacks was checked at every invocation of `mbedtls_ssl_fetch_input()`, so lowest layer of the messaging stack interfacing with the underlying transport. This commit removes this recurring check and instead checks the presence of timers once at the beginning of the handshake. The main rationale for this change is that it is a step towards separating the various layers of the messaging stack more cleanly: datagram layer, record layer, message layer, retransmission layer. Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2026-01-06 11:41:12 +03:00 · 2020-10-20 15:20:23 +01:00
parent 8f24a8bb34
commit a817ea449a
2 changed files with 13 additions and 8 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5682,11 +5682,24 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
 {
    int ret = 0;

+    /* Sanity checks */
+
    if( ssl == NULL || ssl->conf == NULL )
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );

+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use "
+                                     "mbedtls_ssl_set_timer_cb() for DTLS" ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );

+    /* Main handshake loop */
    while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
    {
        ret = mbedtls_ssl_handshake_step( ssl );