From a657eb77218dee6196f21046912ac88ee5c8dccc Mon Sep 17 00:00:00 2001 From: Michael Zillgith Date: Tue, 13 Dec 2022 14:07:01 +0000 Subject: [PATCH] - applied coding style --- hal/inc/tls_config.h | 1 - hal/tls/mbedtls/tls_mbedtls.c | 47 ++++++++++++++++++++--------------- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/hal/inc/tls_config.h b/hal/inc/tls_config.h index 8ebaf184..39aa691f 100644 --- a/hal/inc/tls_config.h +++ b/hal/inc/tls_config.h @@ -299,7 +299,6 @@ TLSConfiguration_addCRLFromFile(TLSConfiguration self, const char* filename); /** * \brief Removes any CRL (certificate revocation list) currently in use - * */ PAL_API void TLSConfiguration_resetCRL(TLSConfiguration self); diff --git a/hal/tls/mbedtls/tls_mbedtls.c b/hal/tls/mbedtls/tls_mbedtls.c index 91012f0c..df7b5d38 100644 --- a/hal/tls/mbedtls/tls_mbedtls.c +++ b/hal/tls/mbedtls/tls_mbedtls.c @@ -446,16 +446,16 @@ TLSConfiguration_addCACertificateFromFile(TLSConfiguration self, const char* fil } static void -confCRLUpdated(TLSConfiguration self) +udpatedCRL(TLSConfiguration self) { self->crlUpdated = Hal_getTimeInMs(); /* We need to clean-up resumption cache (if enabled) to make sure we renegotiate as CRL may have changed data */ - if (!self->useSessionResumption) { return; } - - if (self->conf.endpoint == MBEDTLS_SSL_IS_CLIENT) { + if (self->useSessionResumption == false) + return; - } else { + if (self->conf.endpoint == MBEDTLS_SSL_IS_SERVER) + { mbedtls_ssl_cache_entry *cur = self->cache.chain; while (cur) { @@ -474,7 +474,7 @@ TLSConfiguration_addCRL(TLSConfiguration self, uint8_t* crl, int crlLen) DEBUG_PRINT("TLS", "mbedtls_x509_crl_parse returned -0x%x\n", -ret); } else { - confCRLUpdated(self); + udpatedCRL(self); } return (ret == 0); @@ -489,7 +489,7 @@ TLSConfiguration_addCRLFromFile(TLSConfiguration self, const char* filename) DEBUG_PRINT("TLS", "mbedtls_x509_crl_parse_file returned %d\n", ret); } else { - confCRLUpdated(self); + udpatedCRL(self); } return (ret == 0); @@ -873,9 +873,10 @@ TLSSocket_performHandshake(TLSSocket self) } static void -socketCheckCRLUpdated(TLSSocket self) +checkForCRLUpdate(TLSSocket self) { - if (self->crlUpdated == self->tlsConfig->crlUpdated) { return; } + if (self->crlUpdated == self->tlsConfig->crlUpdated) + return; DEBUG_PRINT("TLS", "CRL updated -> refresh CA chain\n"); @@ -887,30 +888,35 @@ socketCheckCRLUpdated(TLSSocket self) self->lastRenegotiationTime = 0; } -/* 0 = renegotiation is not needed or it is successfull, -1 = Failed */ -static int -socketCheckRenegotiation(TLSSocket self) +/* true = renegotiation is not needed or it is successfull, false = Failed */ +static bool +startRenegotiationIfRequired(TLSSocket self) { - if (self->tlsConfig->renegotiationTimeInMs <= 0) { return 0; } - if (Hal_getTimeInMs() <= self->lastRenegotiationTime + self->tlsConfig->renegotiationTimeInMs) { return 0; } + if (self->tlsConfig->renegotiationTimeInMs <= 0) + return true; + + if (Hal_getTimeInMs() <= self->lastRenegotiationTime + self->tlsConfig->renegotiationTimeInMs) + return true; raiseSecurityEvent(self->tlsConfig, TLS_SEC_EVT_INFO, TLS_EVENT_CODE_INF_SESSION_RENEGOTIATION, "Info: session renegotiation started", self); if (TLSSocket_performHandshake(self) == false) { DEBUG_PRINT("TLS", " renegotiation failed\n"); - return -1; + return false; } DEBUG_PRINT("TLS", " started renegotiation\n"); self->lastRenegotiationTime = Hal_getTimeInMs(); - return 0; + + return true; } int TLSSocket_read(TLSSocket self, uint8_t* buf, int size) { - socketCheckCRLUpdated(self); - if (socketCheckRenegotiation(self) != 0) { + checkForCRLUpdate(self); + + if (startRenegotiationIfRequired(self) == false) { return -1; } @@ -953,8 +959,9 @@ TLSSocket_write(TLSSocket self, uint8_t* buf, int size) int ret; int len = size; - socketCheckCRLUpdated(self); - if (socketCheckRenegotiation(self) != 0) { + checkForCRLUpdate(self); + + if (startRenegotiationIfRequired(self) == false) { return -1; }