From a5f2bd4e8165d51a856c73eacf301883b1d2819d Mon Sep 17 00:00:00 2001 From: Federico Francescon Date: Mon, 5 Feb 2024 14:35:00 +0100 Subject: [PATCH] feat: added semaphore around `TLSSocket_performHandshake` --- hal/tls/mbedtls/tls_mbedtls.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hal/tls/mbedtls/tls_mbedtls.c b/hal/tls/mbedtls/tls_mbedtls.c index e2f152d0..e9e5eb3c 100644 --- a/hal/tls/mbedtls/tls_mbedtls.c +++ b/hal/tls/mbedtls/tls_mbedtls.c @@ -99,6 +99,7 @@ struct sTLSSocket { /* time of last session renegotiation (used to calculate next renegotiation time) */ uint64_t lastRenegotiationTime; + Semaphore renegotiationLock; /* time of the last CRL update */ uint64_t crlUpdated; @@ -708,6 +709,7 @@ TLSSocket_create(Socket socket, TLSConfiguration configuration, bool storeClient self->storePeerCert = storeClientCert; self->peerCert = NULL; self->peerCertLength = 0; + self->renegotiationLock = Semaphore_create(1); TLSConfiguration_setupComplete(configuration); @@ -850,6 +852,7 @@ TLSSocket_getPeerCertificate(TLSSocket self, int* certSize) bool TLSSocket_performHandshake(TLSSocket self) { + Semaphore_wait(self->renegotiationLock); int ret = mbedtls_ssl_renegotiate(&(self->ssl)); if (ret == 0) { @@ -857,6 +860,9 @@ TLSSocket_performHandshake(TLSSocket self) raiseSecurityEvent(self->tlsConfig, TLS_SEC_EVT_WARNING, TLS_EVENT_CODE_WRN_INSECURE_TLS_VERSION, "Warning: Insecure TLS version", self); } + Semaphore_post(self->renegotiationLock); + + DEBUG_PRINT("TLS", "TLSSocket_performHandshake Success -> ret=%i\n", ret); return true; } else { @@ -868,6 +874,7 @@ TLSSocket_performHandshake(TLSSocket self) createSecurityEvents(self->tlsConfig, ret, flags, self); } + Semaphore_post(self->renegotiationLock); return false; } } @@ -1008,6 +1015,8 @@ TLSSocket_close(TLSSocket self) if (self->peerCert) GLOBAL_FREEMEM(self->peerCert); + Semaphore_destroy(self->renegotiationLock); + GLOBAL_FREEMEM(self); }