diff options
| author | Garrett D'Amore <garrett@damore.org> | 2025-06-21 18:29:24 -0700 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2025-06-21 21:11:18 -0700 |
| commit | 258ae680ca0db3471bbf7345472ff92a030c13a0 (patch) | |
| tree | cc0b0067a589b7f174715fad50932a3d31437bbb /src/supplemental/tls/mbedtls | |
| parent | 39b86ba0a4f77ba1aa32586a782354f7505409ee (diff) | |
| download | nng-258ae680ca0db3471bbf7345472ff92a030c13a0.tar.gz nng-258ae680ca0db3471bbf7345472ff92a030c13a0.tar.bz2 nng-258ae680ca0db3471bbf7345472ff92a030c13a0.zip | |
TLS: Remove support for dynamic engine initialization.
This saves some atomic lookups, and avoids possible races when the
engine is not yet initialized or being torn down.
Diffstat (limited to 'src/supplemental/tls/mbedtls')
| -rw-r--r-- | src/supplemental/tls/mbedtls/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | src/supplemental/tls/mbedtls/mbedtls.c | 84 |
2 files changed, 46 insertions, 40 deletions
diff --git a/src/supplemental/tls/mbedtls/CMakeLists.txt b/src/supplemental/tls/mbedtls/CMakeLists.txt index 466f0a1b..573cf5ca 100644 --- a/src/supplemental/tls/mbedtls/CMakeLists.txt +++ b/src/supplemental/tls/mbedtls/CMakeLists.txt @@ -14,8 +14,6 @@ if (NNG_TLS_ENGINE STREQUAL "mbed") Consult a lawyer and the license files for details. ************************************************************") nng_sources(mbedtls.c) - nng_defines(NNG_TLS_ENGINE_INIT=nng_tls_engine_init_mbed) - nng_defines(NNG_TLS_ENGINE_FINI=nng_tls_engine_fini_mbed) nng_defines(NNG_SUPP_TLS) # For now Mbed TLS has PSK unconditionally nng_defines(NNG_SUPP_TLS_PSK) diff --git a/src/supplemental/tls/mbedtls/mbedtls.c b/src/supplemental/tls/mbedtls/mbedtls.c index 825fe21a..239f29fa 100644 --- a/src/supplemental/tls/mbedtls/mbedtls.c +++ b/src/supplemental/tls/mbedtls/mbedtls.c @@ -761,6 +761,48 @@ config_version(nng_tls_engine_config *cfg, nng_tls_version min_ver, return (0); } +static nng_err +tls_engine_init(void) +{ + int rv; + +#ifdef MBEDTLS_PSA_CRYPTO_C + rv = psa_crypto_init(); + if (rv != 0) { + tls_log_err( + "NNG-TLS-INIT", "Failed initializing PSA crypto", rv); + return (tls_mk_err(rv)); + } +#endif + // Uncomment the following to have noisy debug from mbedTLS. + // This may be useful when trying to debug failures. + // mbedtls_debug_set_threshold(9); + + mbedtls_ssl_cookie_init(&mbed_ssl_cookie_ctx); + rv = mbedtls_ssl_cookie_setup(&mbed_ssl_cookie_ctx, tls_random, NULL); + if (rv != 0) { + tls_log_err("NNG_TLS_INIT", + "Failed initializing SSL cookie system", rv); + return (tls_mk_err(rv)); + } + return (NNG_OK); +} + +static void +tls_engine_fini(void) +{ + mbedtls_ssl_cookie_free(&mbed_ssl_cookie_ctx); +#ifdef MBEDTLS_PSA_CRYPTO_C + mbedtls_psa_crypto_free(); +#endif +} + +static bool +fips_mode(void) +{ + return (false); +} + static nng_tls_engine_config_ops config_ops = { .init = config_init, .fini = config_fini, @@ -786,47 +828,13 @@ static nng_tls_engine_conn_ops conn_ops = { .peer_alt_names = conn_peer_alt_names, }; -static nng_tls_engine tls_engine_mbed = { +nng_tls_engine nng_tls_engine_ops = { .version = NNG_TLS_ENGINE_VERSION, .config_ops = &config_ops, .conn_ops = &conn_ops, .name = "mbed", .description = MBEDTLS_VERSION_STRING_FULL, - .fips_mode = false, + .init = tls_engine_init, + .fini = tls_engine_fini, + .fips_mode = fips_mode, }; - -int -nng_tls_engine_init_mbed(void) -{ - int rv; - -#ifdef MBEDTLS_PSA_CRYPTO_C - rv = psa_crypto_init(); - if (rv != 0) { - tls_log_err( - "NNG-TLS-INIT", "Failed initializing PSA crypto", rv); - return (rv); - } -#endif - // Uncomment the following to have noisy debug from mbedTLS. - // This may be useful when trying to debug failures. - // mbedtls_debug_set_threshold(9); - - mbedtls_ssl_cookie_init(&mbed_ssl_cookie_ctx); - rv = mbedtls_ssl_cookie_setup(&mbed_ssl_cookie_ctx, tls_random, NULL); - - if (rv == 0) { - rv = nng_tls_engine_register(&tls_engine_mbed); - } - - return (rv); -} - -void -nng_tls_engine_fini_mbed(void) -{ - mbedtls_ssl_cookie_free(&mbed_ssl_cookie_ctx); -#ifdef MBEDTLS_PSA_CRYPTO_C - mbedtls_psa_crypto_free(); -#endif -} |