From 6ec5729a3dd80ef8bd4b2aa02263e6d4b75e5e72 Mon Sep 17 00:00:00 2001 From: Pete Skeggs Date: Fri, 4 Oct 2024 15:35:36 -0700 Subject: [PATCH] net: lib: tls_credentials: return size required If either no buffer is provided or the size of it is too small, return the required length. Signed-off-by: Pete Skeggs --- include/zephyr/net/tls_credentials.h | 1 + subsys/net/lib/tls_credentials/tls_credentials.c | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/include/zephyr/net/tls_credentials.h b/include/zephyr/net/tls_credentials.h index 6477543f4042..2804df061018 100644 --- a/include/zephyr/net/tls_credentials.h +++ b/include/zephyr/net/tls_credentials.h @@ -107,6 +107,7 @@ int tls_credential_add(sec_tag_t tag, enum tls_credential_type type, * @retval -EACCES Access to the TLS credential subsystem was denied. * @retval -ENOENT Requested TLS credential was not found. * @retval -EFBIG Requested TLS credential does not fit in the buffer provided. + * Check *credlen for size required. */ int tls_credential_get(sec_tag_t tag, enum tls_credential_type type, void *cred, size_t *credlen); diff --git a/subsys/net/lib/tls_credentials/tls_credentials.c b/subsys/net/lib/tls_credentials/tls_credentials.c index 94f4d9c5cd5a..2836c8b20c2a 100644 --- a/subsys/net/lib/tls_credentials/tls_credentials.c +++ b/subsys/net/lib/tls_credentials/tls_credentials.c @@ -11,6 +11,11 @@ #include "tls_internal.h" #include "tls_credentials_digest_raw.h" +#include + +LOG_MODULE_DECLARE(tls_credentials, + CONFIG_TLS_CREDENTIALS_LOG_LEVEL); + /* Global pool of credentials shared among TLS contexts. */ static struct tls_credential credentials[CONFIG_TLS_MAX_CREDENTIALS_NUMBER]; @@ -158,11 +163,18 @@ int tls_credential_get(sec_tag_t tag, enum tls_credential_type type, credential = credential_get(tag, type); if (credential == NULL) { ret = -ENOENT; + *credlen = 0; goto exit; } if (credential->len > *credlen) { ret = -EFBIG; + LOG_DBG("Not enough room in the credential buffer to " + "retrieve credential with sectag %d and type %d. " + "Increase TLS_CREDENTIALS_SHELL_MAX_CRED_LEN " + ">= %d.\n", + tag, (int)type, (int)credential->len); + *credlen = credential->len; goto exit; }