cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-30 03:00:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Make ssl_cookie.c thread-safe

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-05-28 15:48:09 +02:00
parent b48ef9cce9
commit 2a84dfd747
2 changed files with 49 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
include/mbedtls/ssl_cookie.h
View File

@ -26,6 +26,10 @@
#include "ssl.h" #include "ssl.h"
#if defined(MBEDTLS_THREADING_C)
#include "threading.h"
#endif
/** /**
* \name SECTION: Module settings * \name SECTION: Module settings
* *
@ -55,6 +59,9 @@ typedef struct
unsigned long timeout; /*!< timeout delay, in seconds if HAVE_TIME, unsigned long timeout; /*!< timeout delay, in seconds if HAVE_TIME,
or in number of tickets issued */ or in number of tickets issued */
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t mutex;
#endif
} mbedtls_ssl_cookie_ctx; } mbedtls_ssl_cookie_ctx;
/** /**

45
library/ssl_cookie.c
View File

@ -83,6 +83,10 @@ void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
ctx->serial = 0; ctx->serial = 0;
#endif #endif
ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT; ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init( &ctx->mutex );
#endif
} }
void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay ) void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay )
@ -93,6 +97,12 @@ void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long
void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ) void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
{ {
mbedtls_md_free( &ctx->hmac_ctx ); mbedtls_md_free( &ctx->hmac_ctx );
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init( &ctx->mutex );
#endif
mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
} }
int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
@ -152,6 +162,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
unsigned char **p, unsigned char *end, unsigned char **p, unsigned char *end,
const unsigned char *cli_id, size_t cli_id_len ) const unsigned char *cli_id, size_t cli_id_len )
{ {
int ret;
mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
unsigned long t; unsigned long t;
@ -173,8 +184,21 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
(*p)[3] = (unsigned char)( t ); (*p)[3] = (unsigned char)( t );
*p += 4; *p += 4;
return( ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4, #if defined(MBEDTLS_THREADING_C)
p, end, cli_id, cli_id_len ) ); if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret );
#endif
ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
p, end, cli_id, cli_id_len );
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
return( ret );
} }
/* /*
@ -185,6 +209,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
const unsigned char *cli_id, size_t cli_id_len ) const unsigned char *cli_id, size_t cli_id_len )
{ {
unsigned char ref_hmac[COOKIE_HMAC_LEN]; unsigned char ref_hmac[COOKIE_HMAC_LEN];
int ret = 0;
unsigned char *p = ref_hmac; unsigned char *p = ref_hmac;
mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
unsigned long cur_time, cookie_time; unsigned long cur_time, cookie_time;
@ -195,10 +220,24 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
if( cookie_len != COOKIE_LEN ) if( cookie_len != COOKIE_LEN )
return( -1 ); return( -1 );
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret );
#endif
if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie, if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
&p, p + sizeof( ref_hmac ), &p, p + sizeof( ref_hmac ),
cli_id, cli_id_len ) != 0 ) cli_id, cli_id_len ) != 0 )
return( -1 ); ret = -1;
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
if( ret != 0 )
return( ret );
if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 ) if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
return( -1 ); return( -1 );