static CURLcode
mbed_connect_step3(struct connectdata *conn,
int sockindex)
{
CURLcode retcode = CURLE_OK;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct Curl_easy *data = conn->data;
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
if(SSL_SET_OPTION(primary.sessionid)) {
int ret;
mbedtls_ssl_session *our_ssl_sessionid;
void *old_ssl_sessionid = NULL;
our_ssl_sessionid = malloc(sizeof(mbedtls_ssl_session));
if(!our_ssl_sessionid)
return CURLE_OUT_OF_MEMORY;
mbedtls_ssl_session_init(our_ssl_sessionid);
ret = mbedtls_ssl_get_session(&BACKEND->ssl, our_ssl_sessionid);
if(ret) {
free(our_ssl_sessionid);
failf(data, "mbedtls_ssl_get_session returned -0x%x", -ret);
return CURLE_SSL_CONNECT_ERROR;
}
/* If there's already a matching session in the cache, delete it */
Curl_ssl_sessionid_lock(conn);
if(!Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, sockindex))
Curl_ssl_delsessionid(conn, old_ssl_sessionid);
retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex);
Curl_ssl_sessionid_unlock(conn);
if(retcode) {
free(our_ssl_sessionid);
failf(data, "failed to store ssl session");
return retcode;
}
}
connssl->connecting_state = ssl_connect_done;
return CURLE_OK;
}
static int conn_link_mbedtls_initialize(void)
{
if (g_https_data.initialized)
return 0;
g_https_data.mbedtls = calloc(1, sizeof(*g_https_data.mbedtls));
if (!g_https_data.mbedtls)
return -1;
mbedtls_platform_set_calloc_free(conn_link_mbedtls_calloc,
conn_link_mbedtls_free);
mbedtls_ssl_config_init(&g_https_data.mbedtls->conf);
mbedtls_ssl_session_init(&g_https_data.mbedtls->saved_session);
mbedtls_entropy_init(&g_https_data.mbedtls->entropy);
#ifdef CONFIG_MBEDTLS_ENABLE_CTR_DRBG
mbedtls_ctr_drbg_init(&g_https_data.mbedtls->drbg);
if (mbedtls_ctr_drbg_seed(&g_https_data.mbedtls->drbg,
mbedtls_entropy_func,
&g_https_data.mbedtls->entropy,
(const void *)"sfx", 3) != 0)
{
goto err_free;
}
#else
const mbedtls_md_info_t *md_info = NULL;
#ifdef MBEDTLS_SHA1_C
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
#elif defined(MBEDTLS_SHA256_C)
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
#elif defined(MBEDTLS_SHA512_C)
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
#endif
DEBUGASSERT(md_info != NULL);
mbedtls_hmac_drbg_init(&g_https_data.mbedtls->drbg);
if (mbedtls_hmac_drbg_seed(&g_https_data.mbedtls->drbg,
md_info,
mbedtls_entropy_func,
&g_https_data.mbedtls->entropy,
(const void *)"sfx", 3) != 0)
{
goto err_free;
}
#endif
if (mbedtls_ssl_config_defaults(&g_https_data.mbedtls->conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT) != 0)
{
goto err_free;
}
#ifdef CONFIG_MBEDTLS_ENABLE_CTR_DRBG
mbedtls_ssl_conf_rng(&g_https_data.mbedtls->conf,
mbedtls_ctr_drbg_random,
&g_https_data.mbedtls->drbg);
#else
mbedtls_ssl_conf_rng(&g_https_data.mbedtls->conf,
mbedtls_hmac_drbg_random,
&g_https_data.mbedtls->drbg);
#endif
mbedtls_ssl_conf_authmode(&g_https_data.mbedtls->conf,
MBEDTLS_SSL_VERIFY_NONE);
#ifdef CONFIG_MBEDTLS_MAX_FRAGMENT
mbedtls_ssl_conf_max_frag_len(&g_https_data.mbedtls->conf,
MBEDTLS_SSL_MAX_FRAG_LEN_512);
#endif
#ifdef CONFIG_MBEDTLS_TRUNCATED_HMAC
mbedtls_ssl_conf_truncated_hmac(&g_https_data.mbedtls->conf,
MBEDTLS_SSL_TRUNC_HMAC_ENABLED);
#endif
#ifdef CONFIG_MBEDTLS_SESSION_TICKET
/* Use SSL out-fragment buffer of at least 384 bytes with session tickets,
* preferably at least 512 bytes. */
mbedtls_ssl_conf_session_tickets(&g_https_data.mbedtls->conf,
MBEDTLS_SSL_SESSION_TICKETS_ENABLED);
#endif
g_https_data.initialized = true;
return 0;
err_free:
#ifdef CONFIG_MBEDTLS_ENABLE_CTR_DRBG
mbedtls_ctr_drbg_free(&g_https_data.mbedtls->drbg);
#else
mbedtls_hmac_drbg_free(&g_https_data.mbedtls->drbg);
#endif
mbedtls_ssl_session_free(&g_https_data.mbedtls->saved_session);
mbedtls_ssl_config_free(&g_https_data.mbedtls->conf);
free(g_https_data.mbedtls);
g_https_data.mbedtls = NULL;
mbedtls_platform_set_calloc_free(calloc, free);
g_https_data.initialized = false;
return -1;
}
