TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7cd0270d6c9e0b4afc3d72ed0e908cd0a1a50477^! / .
commit7cd0270d6c9e0b4afc3d72ed0e908cd0a1a50477[log] [tgz]
authorNeil Armstrong <narmstrong@baylibre.com>Fri Mar 04 15:08:43 2022 +0100
committerNeil Armstrong <narmstrong@baylibre.com>Mon Mar 07 14:33:21 2022 +0100
tree38a121601f2e122b85576dbe1d665fd72d9e40fa
parent2217d6f82507aaf28c82ee234f6a8b358894a437 [diff]
Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>

diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 723a13e..0278bcf 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h

@@ -65,9 +65,11 @@
     unsigned long   MBEDTLS_PRIVATE(timeout);    /*!< timeout delay, in seconds if HAVE_TIME,
                                      or in number of tickets issued */
 
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
 #endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
 } mbedtls_ssl_cookie_ctx;
 
 /**

diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index a0e9680..a742888 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c

@@ -78,9 +78,11 @@
 #endif
     ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;
 
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_mutex_init( &ctx->mutex );
 #endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
 }
 
 void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay )
@@ -94,11 +96,11 @@
     psa_destroy_key( ctx->psa_hmac );
 #else
     mbedtls_md_free( &ctx->hmac_ctx );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_mutex_free( &ctx->mutex );
 #endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
 }
@@ -250,16 +252,16 @@
     MBEDTLS_PUT_UINT32_BE(t, *p, 0);
     *p += 4;
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    ret = ssl_cookie_hmac( ctx, *p - 4,
+                           p, end, cli_id, cli_id_len );
+#else
 #if defined(MBEDTLS_THREADING_C)
     if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    ret = ssl_cookie_hmac( ctx, *p - 4,
-#else
     ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
                            p, end, cli_id, cli_id_len );
 
 #if defined(MBEDTLS_THREADING_C)
@@ -267,6 +269,7 @@
         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR,
                 MBEDTLS_ERR_THREADING_MUTEX_ERROR ) );
 #endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     return( ret );
 }
@@ -290,16 +293,19 @@
     if( cookie_len != COOKIE_LEN )
         return( -1 );
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( ssl_cookie_hmac( ctx, cookie,
+                         &p, p + sizeof( ref_hmac ),
+                         cli_id, cli_id_len ) != 0 )
+        ret = -1;
+
+#else
 #if defined(MBEDTLS_THREADING_C)
     if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ssl_cookie_hmac( ctx, cookie,
-#else
     if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
                          &p, p + sizeof( ref_hmac ),
                          cli_id, cli_id_len ) != 0 )
         ret = -1;
@@ -311,6 +317,7 @@
                                  MBEDTLS_ERR_THREADING_MUTEX_ERROR );
     }
 #endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if( ret != 0 )
         goto exit;