net: lib: tls_credentials: return size required

If either no buffer is provided or the size of it is too small, return the required length. Signed-off-by: Pete Skeggs <peter.skeggs@nordicsemi.no>
2024-10-04 15:35:36 -07:00 · 2024-10-04 15:35:36 -07:00 · 6ec5729a3d
commit 6ec5729a3d
parent b33b3b17f7
2 changed files with 13 additions and 0 deletions
--- a/include/zephyr/net/tls_credentials.h
+++ b/include/zephyr/net/tls_credentials.h
@ -107,6 +107,7 @@ int tls_credential_add(sec_tag_t tag, enum tls_credential_type type,
 * @retval -EACCES Access to the TLS credential subsystem was denied.
 * @retval -ENOENT Requested TLS credential was not found.
 * @retval -EFBIG Requested TLS credential does not fit in the buffer provided.
+ *                Check *credlen for size required.
 */
 int tls_credential_get(sec_tag_t tag, enum tls_credential_type type,
 		       void *cred, size_t *credlen);
--- a/subsys/net/lib/tls_credentials/tls_credentials.c
+++ b/subsys/net/lib/tls_credentials/tls_credentials.c
@ -11,6 +11,11 @@
 #include "tls_internal.h"
 #include "tls_credentials_digest_raw.h"

+#include <zephyr/logging/log.h>
+
+LOG_MODULE_DECLARE(tls_credentials,
+		   CONFIG_TLS_CREDENTIALS_LOG_LEVEL);
+
 /* Global pool of credentials shared among TLS contexts. */
 static struct tls_credential credentials[CONFIG_TLS_MAX_CREDENTIALS_NUMBER];

@ -158,11 +163,18 @@ int tls_credential_get(sec_tag_t tag, enum tls_credential_type type,
 	credential = credential_get(tag, type);
 	if (credential == NULL) {
 		ret = -ENOENT;
+		*credlen = 0;
 		goto exit;
 	}

 	if (credential->len > *credlen) {
 		ret = -EFBIG;
+		LOG_DBG("Not enough room in the credential buffer to "
+			"retrieve credential with sectag %d and type %d. "
+			"Increase TLS_CREDENTIALS_SHELL_MAX_CRED_LEN "
+			">= %d.\n",
+			tag, (int)type, (int)credential->len);
+		*credlen = credential->len;
 		goto exit;
 	}