fix TLS multiple-record-per-frame handling in bare metal

Author: scaprile

mongoose.c

@@ -4769,9 +4769,8 @@ static void read_conn(struct mg_connection *c, struct pkt *pkt) {
     }
     tx_tcp(c->mgr->ifp, s->mac, rem_ip, flags, c->loc.port, c->rem.port,
            mg_htonl(s->seq), mg_htonl(s->ack), "", 0);
-  } else if (pkt->pay.len == 0) { // this is an ACK
-    if (s->fin_rcvd && s->ttype == MIP_TTYPE_FIN)
-      s->twclosure = true;
+  } else if (pkt->pay.len == 0) {  // this is an ACK
+    if (s->fin_rcvd && s->ttype == MIP_TTYPE_FIN) s->twclosure = true;
   } else if (seq != s->ack) {
     uint32_t ack = (uint32_t) (mg_htonl(pkt->tcp->seq) + pkt->pay.len);
     if (s->ack == ack) {
@@ -5242,17 +5241,20 @@ void mg_mgr_poll(struct mg_mgr *mgr, int ms) {
     tmp = c->next;
     struct connstate *s = (struct connstate *) (c + 1);
     mg_call(c, MG_EV_POLL, &now);
-    MG_VERBOSE(("%lu .. %c%c%c%c%c", c->id, c->is_tls ? 'T' : 't',
+    MG_VERBOSE(("%lu .. %c%c%c%c%c %lu %lu", c->id, c->is_tls ? 'T' : 't',
                 c->is_connecting ? 'C' : 'c', c->is_tls_hs ? 'H' : 'h',
-                c->is_resolving ? 'R' : 'r', c->is_closing ? 'C' : 'c'));
-    // order is important, TLS conn close with > 1 record in buffer
-    if (c->is_tls && mg_tls_pending(c) > 0) handle_tls_recv(c);
+                c->is_resolving ? 'R' : 'r', c->is_closing ? 'C' : 'c',
+                mg_tls_pending(c), c->rtls.len));
+    // order is important, TLS conn close with > 1 record in buffer (below)
+    if (c->is_tls && (c->rtls.len > 0 || mg_tls_pending(c) > 0))
+      handle_tls_recv(c);
     if (can_write(c)) write_conn(c);
     if (c->is_draining && c->send.len == 0 && s->ttype != MIP_TTYPE_FIN)
       init_closure(c);
     // For non-TLS, close immediately upon completing the 3-way closure
-    // For TLS, process any pending data until MIP_TTYPE_FIN timeout expires
-    if (s->twclosure && (!c->is_tls || mg_tls_pending(c) == 0))
+    // For TLS, handle any pending data (above) until MIP_TTYPE_FIN expires
+    if (s->twclosure &&
+        (!c->is_tls || (c->rtls.len == 0 && mg_tls_pending(c) == 0)))
       c->is_closing = 1;
     if (c->is_closing) close_conn(c);
   }

mongoose.h

@@ -2690,25 +2690,6 @@ bool mg_ota_end(void);                           // Stop writing
 
 
 
-#if MG_OTA != MG_OTA_NONE && MG_OTA != MG_OTA_CUSTOM
-
-struct mg_flash {
-  void *start;    // Address at which flash starts
-  size_t size;    // Flash size
-  size_t secsz;   // Sector size
-  size_t align;   // Write alignment
-  bool (*write_fn)(void *, const void *, size_t);  // Write function
-  bool (*swap_fn)(void);                           // Swap partitions
-};
-
-bool mg_ota_flash_begin(size_t new_firmware_size, struct mg_flash *flash);
-bool mg_ota_flash_write(const void *buf, size_t len, struct mg_flash *flash);
-bool mg_ota_flash_end(struct mg_flash *flash);
-
-#endif
-
-
-
 
 
 

src/net_builtin.c

@@ -689,9 +689,8 @@ static void read_conn(struct mg_connection *c, struct pkt *pkt) {
     }
     tx_tcp(c->mgr->ifp, s->mac, rem_ip, flags, c->loc.port, c->rem.port,
            mg_htonl(s->seq), mg_htonl(s->ack), "", 0);
-  } else if (pkt->pay.len == 0) { // this is an ACK
-    if (s->fin_rcvd && s->ttype == MIP_TTYPE_FIN)
-      s->twclosure = true;
+  } else if (pkt->pay.len == 0) {  // this is an ACK
+    if (s->fin_rcvd && s->ttype == MIP_TTYPE_FIN) s->twclosure = true;
   } else if (seq != s->ack) {
     uint32_t ack = (uint32_t) (mg_htonl(pkt->tcp->seq) + pkt->pay.len);
     if (s->ack == ack) {
@@ -1162,17 +1161,20 @@ void mg_mgr_poll(struct mg_mgr *mgr, int ms) {
     tmp = c->next;
     struct connstate *s = (struct connstate *) (c + 1);
     mg_call(c, MG_EV_POLL, &now);
-    MG_VERBOSE(("%lu .. %c%c%c%c%c", c->id, c->is_tls ? 'T' : 't',
+    MG_VERBOSE(("%lu .. %c%c%c%c%c %lu %lu", c->id, c->is_tls ? 'T' : 't',
                 c->is_connecting ? 'C' : 'c', c->is_tls_hs ? 'H' : 'h',
-                c->is_resolving ? 'R' : 'r', c->is_closing ? 'C' : 'c'));
-    // order is important, TLS conn close with > 1 record in buffer
-    if (c->is_tls && mg_tls_pending(c) > 0) handle_tls_recv(c);
+                c->is_resolving ? 'R' : 'r', c->is_closing ? 'C' : 'c',
+                mg_tls_pending(c), c->rtls.len));
+    // order is important, TLS conn close with > 1 record in buffer (below)
+    if (c->is_tls && (c->rtls.len > 0 || mg_tls_pending(c) > 0))
+      handle_tls_recv(c);
     if (can_write(c)) write_conn(c);
     if (c->is_draining && c->send.len == 0 && s->ttype != MIP_TTYPE_FIN)
       init_closure(c);
     // For non-TLS, close immediately upon completing the 3-way closure
-    // For TLS, process any pending data until MIP_TTYPE_FIN timeout expires
-    if (s->twclosure && (!c->is_tls || mg_tls_pending(c) == 0))
+    // For TLS, handle any pending data (above) until MIP_TTYPE_FIN expires
+    if (s->twclosure &&
+        (!c->is_tls || (c->rtls.len == 0 && mg_tls_pending(c) == 0)))
       c->is_closing = 1;
     if (c->is_closing) close_conn(c);
   }

test/mip_tap_test.c

@@ -198,6 +198,8 @@ static int fetch(struct mg_mgr *mgr, char *buf, const char *url,
   mg_vprintf(c, fmt, &ap);
   va_end(ap);
   buf[0] = '\0';
+  // - TLS: multiple (small) records: allow enough loops so mg_mgr_poll can
+  // process buffered records when no more frames are coming in
   for (i = 0; i < 500 && buf[0] == '\0' && !fd.closed; i++) {
     mg_mgr_poll(mgr, 0);
     usleep(5000);  // 5 ms. Slow down poll loop to ensure packet transit, but
@@ -403,7 +405,6 @@ int main(void) {
 
   // Events
   struct mg_mgr mgr;  // Event manager
-  mg_log_set(MG_LL_DEBUG);
   mg_mgr_init(&mgr);  // Initialise event manager
 
   // MIP driver

test/tls_multirec/patched_mongoose.c

@@ -11300,7 +11300,7 @@ void mg_tls_free(struct mg_connection *c) {
 long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
   struct tls_data *tls = (struct tls_data *) c->tls;
   long n = MG_IO_WAIT;
-  size_t maxsize = 1024, encrypted = 0;
+  size_t maxsize = 256, encrypted = 0;
   if (len > MG_IO_SIZE) len = MG_IO_SIZE;
   if (len > 16384) len = 16384;
   while (encrypted < len) {