2

We have ported an app which was using OpenSSL to mbel TLS. The one issue with mbel TLS is the documentation which is far from complete and leaves details to assumption or exploration and risk of how things will change in future versions.

While we already ported, we still not clear on which initialization functions to be invoked one time and which initialization functions to be performed for every connections. Based on sample application, we are invoking following initialization functions for every connection. 

mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_net_init( &server_fd );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_x509_crt_init( &ca );
mbedtls_entropy_init( &entropy );

Can someone comment if all these initialization functions to be invoked for every connection or some can be just one time only?

Thanks

jww
  • 97,681
  • 90
  • 411
  • 885
mesibo
  • 3,970
  • 6
  • 25
  • 43
  • @EJP - I removed the OpenSSL tag. The only relevance to OpenSSL seems to be its mentioned by name. Feel free to re-tag the question. – jww Jul 22 '16 at 21:43
  • It looks like mbed.org has a gentle example at [mbed TLS tutorial](https://tls.mbed.org/kb/how-to/mbedtls-tutorial). Maybe that can help you along? – jww Jul 22 '16 at 23:50
  • @jww it's a generic tutorial and doesn't address which should be one time what should be for every connection. – mesibo Oct 20 '17 at 08:02

1 Answers1

1

If you follow the ssl_pthread_server example, you will see that only the mbedtls_ssl_context should be different per connection. The rest should be common for all connections, thus initiated once.
Regards,
Mbed TLS Team member
Ron

Ron Eldor
  • 210
  • 1
  • 11
  • Thanks, this was quite an old query. Btw, although we liked mbedtls, we have to drop it due to performance issues which I also shared on mbedtls forum. You folks should seriously consider adding optimized platform specific AES routines (maybe from openssl/boringssl) - at least we expected it for ARM platform as mbedTLS is part of ARM now. – mesibo Jan 01 '18 at 06:29
  • I apologize for delayed answer. I recently created an account, and going through unanswered posts, for the record, and the benefit of the community. – Ron Eldor Jan 02 '18 at 08:50
  • In addition, there is a pending PR, for the ARM crypto extension in https://github.com/ARMmbed/mbedtls/pull/1173 . – Ron Eldor Jan 02 '18 at 08:51