commit fc99a09cc4713ee3b6f9a2557330d4354f1b0d85
author Hanno Becker <hanno.becker@arm.com> Fri Jun 28 14:45:26 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Fri Jun 28 14:48:32 2019 +0100
tree 24a72de4ecb15e0cb2e76f4bbac5b502b0d63be7
parent a4bfaa8204826fb6f50a5fa2dd3e63f629659622

Don't allow nested CRT acquire()-calls if MBEDTLS_X509_ALWAYS_FLUSH

Forbidding nested calls to acquire() allows to remove the reference
counting logic and hence saving some bytes of code. This is valuable
because MBEDTLS_X509_ALWAYS_FLUSH is likely to be used on constrained
systems where code-size is limited.

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index fa51241..4f33d21 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -113,8 +113,17 @@
     if( mbedtls_mutex_lock( &crt->cache->pk_mutex ) != 0 )
         return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
 #endif
-    /* Can only free the PK context if nobody is using it. */
+
+#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) ||      \
+    defined(MBEDTLS_THREADING_C)
+    /* Can only free the PK context if nobody is using it.
+     * If MBEDTLS_X509_ALWAYS_FLUSH is set, nested uses
+     * of xxx_acquire() are prohibited, and no reference
+     * counting is needed. Also, notice that the code-path
+     * below is safe if the cache isn't filled. */
     if( crt->cache->pk_readers == 0 )
+#endif /* !MBEDTLS_X509_ALWAYS_FLUSH ||
+          MBEDTLS_THREADING_C */
     {
 #if !defined(MBEDTLS_X509_ON_DEMAND_PARSING)
         /* The cache holds a shallow copy of the PK context
@@ -141,8 +150,16 @@
         return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
 #endif
 
-    /* Can only free the frame if nobody is using it. */
+#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) ||      \
+    defined(MBEDTLS_THREADING_C)
+    /* Can only free the PK context if nobody is using it.
+     * If MBEDTLS_X509_ALWAYS_FLUSH is set, nested uses
+     * of xxx_acquire() are prohibited, and no reference
+     * counting is needed. Also, notice that the code-path
+     * below is safe if the cache isn't filled. */
     if( crt->cache->frame_readers == 0 )
+#endif /* !MBEDTLS_X509_ALWAYS_FLUSH ||
+          MBEDTLS_THREADING_C */
     {
         mbedtls_free( crt->cache->frame );
         crt->cache->frame = NULL;
@@ -175,7 +192,15 @@
     mbedtls_x509_crt_frame *frame;
 
     if( cache->frame != NULL )
+    {
+#if !defined(MBEDTLS_X509_ALWAYS_FLUSH)
         return( 0 );
+#else
+        /* If MBEDTLS_X509_ALWAYS_FLUSH is set, we don't
+         * allow nested uses of acquire. */
+        return( MBEDTLS_ERR_X509_FATAL_ERROR );
+#endif
+    }
 
     frame = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt_frame ) );
     if( frame == NULL )
@@ -227,7 +252,15 @@
     mbedtls_pk_context *pk;
 
     if( cache->pk != NULL )
+    {
+#if !defined(MBEDTLS_X509_ALWAYS_FLUSH)
         return( 0 );
+#else
+        /* If MBEDTLS_X509_ALWAYS_FLUSH is set, we don't
+         * allow nested uses of acquire. */
+        return( MBEDTLS_ERR_X509_FATAL_ERROR );
+#endif
+    }
 
     pk = mbedtls_calloc( 1, sizeof( mbedtls_pk_context ) );
     if( pk == NULL )