[patch #9862] altcp_mbedtls: multiple fixes and session save/restore

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[patch #9862] altcp_mbedtls: multiple fixes and session save/restore

Simon Goldschmidt
URL:
  <https://savannah.nongnu.org/patch/?9862>

                 Summary: altcp_mbedtls: multiple fixes and session
save/restore
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: dgirault
            Submitted on: mar. 15 oct. 2019 13:01:04 UTC
                Category: apps
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email:
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None

    _______________________________________________________

Details:

-   Ensure no memory leaks and entropy counter is protected

-   Use ERR_CLSD only for handshake error.    
    This allow better handling of handshake error in application.

-   Call the application sent() callback with usefull len
   
    First calculate and sum TLS overhead when altcp_mbedtls_write() is
called.
    Then take care of it when calling application sent callback. Give
reveived
    len from inner_conn, minus calculated overhead.

-   Support for saving/restoring session information
   
    According to mbedTLS source code and documentation, calls to
    `mbedtls_ssl_conf_session_cache` and
`mbedtls_ssl_conf_session_tickets_cb`
    are only available if mbedTLS is configured for server mode (ie.
MBEDTLS_SSL_SRV_C
    is defined). This cannot be used on client mode to resume a previous
session.
   
    To allow session reuse in client mode, application must save session
parameters
    (including tickets provided by the server if any) after successfull
connection
    and restore them before attemting to reconnect. Since `alctp_close()` free
the
    structure, it cannot be used to store the required information.
   
    So, two new API were added, directly wrapped to mbedTLS functions, allow
application
    to do that by itself.
   
    Also added full declaration of `struct altcp_tls_session` in altcp_tls.h
to allow
    easier usage in application when using mbedTLS port.

-   Ensure configuration is properly freed.





    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: mar. 15 oct. 2019 13:01:04 UTC  Name:
0001-altcp_tls_mbedtls-ensure-configuration-is-properly-f.patch  Size: 898o  
By: dgirault

<http://savannah.nongnu.org/patch/download.php?file_id=47686>
-------------------------------------------------------
Date: mar. 15 oct. 2019 13:01:04 UTC  Name:
0002-altcp_tls-support-for-saving-restoring-session-infor.patch  Size: 4kio  
By: dgirault

<http://savannah.nongnu.org/patch/download.php?file_id=47687>
-------------------------------------------------------
Date: mar. 15 oct. 2019 13:01:04 UTC  Name:
0003-altcp_tls-call-the-application-sent-callback-with-us.patch  Size: 6kio  
By: dgirault

<http://savannah.nongnu.org/patch/download.php?file_id=47688>
-------------------------------------------------------
Date: mar. 15 oct. 2019 13:01:04 UTC  Name:
0004-altcp_tls-use-ERR_CLSD-only-for-handshake-error.patch  Size: 2kio   By:
dgirault

<http://savannah.nongnu.org/patch/download.php?file_id=47689>

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/patch/?9862>

_______________________________________________
  Message posté via Savannah
  https://savannah.nongnu.org/


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

[patch #9862] altcp_mbedtls: multiple fixes and session save/restore

Simon Goldschmidt
Additional Item Attachment, patch #9862 (project lwip):

File name: 0005-altcp_tls-ensure-no-memory-leaks-and-entropy-counter.patch
Size:7 KB
   
<https://savannah.nongnu.org/file/0005-altcp_tls-ensure-no-memory-leaks-and-entropy-counter.patch?file_id=47690>



    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/patch/?9862>

_______________________________________________
  Message posté via Savannah
  https://savannah.nongnu.org/


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

[patch #9862] altcp_mbedtls: multiple fixes and session save/restore

Simon Goldschmidt
Follow-up Comment #1, patch #9862 (project lwip):

Sorry this took 2 months...

- to 0001: shouldn't this be fixed by altcp_mbedtls_unref_entropy() some lines
below?
- to 0002: including mbedtls headers in the application should be avoided. Up
to now, applications don't need to set an include path that provides mbedtls
headers, and I'd like to keep it that way. Given how much mbedTLS itself uses
malloc, can we solve this without a public include to mbedTLS?
- to 0003: I don't really get the code flow here, could you explain more in
the commit message what's done?
- to 0005: This seems wrong: you can't block interrupts during ref/unref/free
entropy (you'll break realtime behaviour of many systems) and you shouldn't.
All this altcp code is expected to be called under CORE_LOCK, so concurrent
execution is not supported anyway.


    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/patch/?9862>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

[patch #9862] altcp_mbedtls: multiple fixes and session save/restore

Simon Goldschmidt
Follow-up Comment #2, patch #9862 (project lwip):

Hi Simon,

I'll come back to you tomorrow for your questions.
Seems there is some pb with the rebase I made for this patchset.


David



    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/patch/?9862>

_______________________________________________
  Message posté via Savannah
  https://savannah.nongnu.org/


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel