TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/mbedtls-3.6 / . / library / ssl_cache.c
blob: 772cb8fdfe6ddbbfe4f78f5b4b3ed69f6b1e33c7 [file] [log] [blame]
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]1/*
2 * SSL session cache implementation
3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]6 */
7/*
8 * These session callbacks use a simple chained list
9 * to store and retrieve the session information.
10 */
11
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]12#include "common.h"
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]13
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]14#if defined(MBEDTLS_SSL_CACHE_C)
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]15
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]16#include "mbedtls/platform.h"
Paul Bakker6e339b52013-07-03 13:37:05 +0200[diff] [blame]17
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]18#include "mbedtls/ssl_cache.h"
Chris Jones84a773f2021-03-05 18:38:47 +0000[diff] [blame]19#include "ssl_misc.h"
Pengyu Lvb1895892023-03-16 11:38:43 +0800[diff] [blame]20#include "mbedtls/error.h"
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]21
22#include <string.h>
23
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]24void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache)
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]25{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]26 memset(cache, 0, sizeof(mbedtls_ssl_cache_context));
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]27
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]28 cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT;
29 cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES;
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]30
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]31#if defined(MBEDTLS_THREADING_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]32 mbedtls_mutex_init(&cache->mutex);
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]33#endif
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]34}
35
Manuel Pégourié-Gonnarda3115dc2022-06-17 10:52:54 +0200[diff] [blame]36MBEDTLS_CHECK_RETURN_CRITICAL
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]37static int ssl_cache_find_entry(mbedtls_ssl_cache_context *cache,
38 unsigned char const *session_id,
39 size_t session_id_len,
40 mbedtls_ssl_cache_entry **dst)
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]41{
Pengyu Lve3746d72023-04-10 14:40:03 +0800[diff] [blame]42 int ret = MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND;
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]43#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]44 mbedtls_time_t t = mbedtls_time(NULL);
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]45#endif
46 mbedtls_ssl_cache_entry *cur;
47
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]48 for (cur = cache->chain; cur != NULL; cur = cur->next) {
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]49#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]50 if (cache->timeout != 0 &&
51 (int) (t - cur->timestamp) > cache->timeout) {
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]52 continue;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]53 }
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]54#endif
55
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]56 if (session_id_len != cur->session_id_len ||
57 memcmp(session_id, cur->session_id,
58 cur->session_id_len) != 0) {
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]59 continue;
60 }
61
62 break;
63 }
64
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]65 if (cur != NULL) {
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]66 *dst = cur;
67 ret = 0;
68 }
69
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]70 return ret;
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]71}
72
73
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]74int mbedtls_ssl_cache_get(void *data,
75 unsigned char const *session_id,
76 size_t session_id_len,
77 mbedtls_ssl_session *session)
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]78{
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]79 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]80 mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]81 mbedtls_ssl_cache_entry *entry;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]82
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]83#if defined(MBEDTLS_THREADING_C)
Pengyu Lv0b9c0122023-03-15 14:37:32 +0800[diff] [blame]84 if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
85 return ret;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]86 }
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]87#endif
88
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]89 ret = ssl_cache_find_entry(cache, session_id, session_id_len, &entry);
90 if (ret != 0) {
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]91 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]92 }
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]93
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]94 ret = mbedtls_ssl_session_load(session,
95 entry->session,
96 entry->session_len);
97 if (ret != 0) {
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]98 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]99 }
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]100
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]101 ret = 0;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]102
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]103exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]104#if defined(MBEDTLS_THREADING_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]105 if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
Pengyu Lv0b9c0122023-03-15 14:37:32 +0800[diff] [blame]106 ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]107 }
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]108#endif
109
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]110 return ret;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]111}
112
Pengyu Lv744b5072023-03-15 12:17:14 +0800[diff] [blame]113/* zeroize a cache entry */
114static void ssl_cache_entry_zeroize(mbedtls_ssl_cache_entry *entry)
115{
116 if (entry == NULL) {
117 return;
118 }
119
120 /* zeroize and free session structure */
121 if (entry->session != NULL) {
Tom Cosgroveca8c61b2023-07-17 15:17:40 +0100[diff] [blame]122 mbedtls_zeroize_and_free(entry->session, entry->session_len);
Pengyu Lv744b5072023-03-15 12:17:14 +0800[diff] [blame]123 }
124
125 /* zeroize the whole entry structure */
126 mbedtls_platform_zeroize(entry, sizeof(mbedtls_ssl_cache_entry));
127}
128
Manuel Pégourié-Gonnarda3115dc2022-06-17 10:52:54 +0200[diff] [blame]129MBEDTLS_CHECK_RETURN_CRITICAL
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]130static int ssl_cache_pick_writing_slot(mbedtls_ssl_cache_context *cache,
131 unsigned char const *session_id,
132 size_t session_id_len,
133 mbedtls_ssl_cache_entry **dst)
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]134{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]135#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]136 mbedtls_time_t t = mbedtls_time(NULL), oldest = 0;
Hanno Becker006f2cc2021-05-14 04:55:35 +0100[diff] [blame]137#endif /* MBEDTLS_HAVE_TIME */
138
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]139 mbedtls_ssl_cache_entry *old = NULL;
Paul Bakkerba26e9e2012-10-23 22:18:28 +0000[diff] [blame]140 int count = 0;
Hanno Becker466ed6f2021-05-14 14:54:00 +0100[diff] [blame]141 mbedtls_ssl_cache_entry *cur, *last;
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]142
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]143 /* Check 1: Is there already an entry with the given session ID?
144 *
145 * If yes, overwrite it.
146 *
147 * If not, `count` will hold the size of the session cache
Hanno Becker466ed6f2021-05-14 14:54:00 +0100[diff] [blame]148 * at the end of this loop, and `last` will point to the last
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]149 * entry, both of which will be used later. */
150
Hanno Becker78196e32021-05-14 14:45:38 +0100[diff] [blame]151 last = NULL;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]152 for (cur = cache->chain; cur != NULL; cur = cur->next) {
Paul Bakkerba26e9e2012-10-23 22:18:28 +0000[diff] [blame]153 count++;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]154 if (session_id_len == cur->session_id_len &&
155 memcmp(session_id, cur->session_id, cur->session_id_len) == 0) {
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]156 goto found;
Hanno Beckerccdaf6e2021-04-15 09:26:17 +0100[diff] [blame]157 }
Hanno Becker78196e32021-05-14 14:45:38 +0100[diff] [blame]158 last = cur;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]159 }
160
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]161 /* Check 2: Is there an outdated entry in the cache?
162 *
163 * If so, overwrite it.
164 *
165 * If not, remember the oldest entry in `old` for later.
166 */
167
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]168#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]169 for (cur = cache->chain; cur != NULL; cur = cur->next) {
170 if (cache->timeout != 0 &&
171 (int) (t - cur->timestamp) > cache->timeout) {
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]172 goto found;
Paul Bakkerba26e9e2012-10-23 22:18:28 +0000[diff] [blame]173 }
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]174
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]175 if (oldest == 0 || cur->timestamp < oldest) {
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]176 oldest = cur->timestamp;
177 old = cur;
Paul Bakkerfa9b1002013-07-03 15:31:03 +0200[diff] [blame]178 }
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]179 }
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]180#endif /* MBEDTLS_HAVE_TIME */
Paul Bakkerba26e9e2012-10-23 22:18:28 +0000[diff] [blame]181
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]182 /* Check 3: Is there free space in the cache? */
183
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]184 if (count < cache->max_entries) {
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]185 /* Create new entry */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]186 cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
187 if (cur == NULL) {
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]188 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]189 }
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]190
191 /* Append to the end of the linked list. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]192 if (last == NULL) {
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]193 cache->chain = cur;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]194 } else {
Hanno Becker466ed6f2021-05-14 14:54:00 +0100[diff] [blame]195 last->next = cur;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]196 }
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]197
198 goto found;
199 }
200
201 /* Last resort: The cache is full and doesn't contain any outdated
202 * elements. In this case, we evict the oldest one, judged by timestamp
203 * (if present) or cache-order. */
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]204
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]205#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]206 if (old == NULL) {
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]207 /* This should only happen on an ill-configured cache
208 * with max_entries == 0. */
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]209 return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]210 }
211#else /* MBEDTLS_HAVE_TIME */
212 /* Reuse first entry in chain, but move to last place. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]213 if (cache->chain == NULL) {
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]214 /* This should never happen */
215 return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]216 }
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]217
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]218 old = cache->chain;
219 cache->chain = old->next;
Hanno Becker5cf6f7e2021-05-14 14:45:04 +0100[diff] [blame]220 old->next = NULL;
Hanno Becker466ed6f2021-05-14 14:54:00 +0100[diff] [blame]221 last->next = old;
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]222#endif /* MBEDTLS_HAVE_TIME */
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]223
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]224 /* Now `old` points to the oldest entry to be overwritten. */
225 cur = old;
226
227found:
228
Pengyu Lv744b5072023-03-15 12:17:14 +0800[diff] [blame]229 /* If we're reusing an entry, free it first. */
230 if (cur->session != NULL) {
231 /* `ssl_cache_entry_zeroize` would break the chain,
232 * so we reuse `old` to record `next` temporarily. */
233 old = cur->next;
234 ssl_cache_entry_zeroize(cur);
235 cur->next = old;
236 }
237
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]238#if defined(MBEDTLS_HAVE_TIME)
239 cur->timestamp = t;
240#endif
241
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]242 *dst = cur;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]243 return 0;
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]244}
245
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]246int mbedtls_ssl_cache_set(void *data,
247 unsigned char const *session_id,
248 size_t session_id_len,
249 const mbedtls_ssl_session *session)
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]250{
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]251 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]252 mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
253 mbedtls_ssl_cache_entry *cur;
254
Sergeybef1f632023-03-06 15:25:06 -0700[diff] [blame]255 size_t session_serialized_len = 0;
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]256 unsigned char *session_serialized = NULL;
257
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]258#if defined(MBEDTLS_THREADING_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]259 if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
260 return ret;
261 }
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]262#endif
263
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]264 ret = ssl_cache_pick_writing_slot(cache,
265 session_id, session_id_len,
266 &cur);
267 if (ret != 0) {
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]268 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]269 }
Manuel Pégourié-Gonnard84c30c72014-02-26 17:38:55 +0100[diff] [blame]270
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]271 /* Check how much space we need to serialize the session
272 * and allocate a sufficiently large buffer. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]273 ret = mbedtls_ssl_session_save(session, NULL, 0, &session_serialized_len);
274 if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
Hanno Beckeraee87172019-02-06 14:53:19 +0000[diff] [blame]275 goto exit;
276 }
277
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]278 session_serialized = mbedtls_calloc(1, session_serialized_len);
279 if (session_serialized == NULL) {
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]280 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
281 goto exit;
Paul Bakkere81beda2013-03-06 17:40:46 +0100[diff] [blame]282 }
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]283
284 /* Now serialize the session into the allocated buffer. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]285 ret = mbedtls_ssl_session_save(session,
286 session_serialized,
287 session_serialized_len,
288 &session_serialized_len);
289 if (ret != 0) {
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]290 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]291 }
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]292
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]293 if (session_id_len > sizeof(cur->session_id)) {
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]294 ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]295 goto exit;
296 }
297 cur->session_id_len = session_id_len;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]298 memcpy(cur->session_id, session_id, session_id_len);
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]299
300 cur->session = session_serialized;
301 cur->session_len = session_serialized_len;
302 session_serialized = NULL;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]303
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]304 ret = 0;
305
306exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]307#if defined(MBEDTLS_THREADING_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]308 if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
Pengyu Lv0b9c0122023-03-15 14:37:32 +0800[diff] [blame]309 ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]310 }
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]311#endif
312
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]313 if (session_serialized != NULL) {
Tom Cosgroveca8c61b2023-07-17 15:17:40 +0100[diff] [blame]314 mbedtls_zeroize_and_free(session_serialized, session_serialized_len);
Leonid Rozenboim116f50c2022-04-21 13:05:10 -0700[diff] [blame]315 session_serialized = NULL;
316 }
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]317
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]318 return ret;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]319}
320
Pengyu Lv7b6299b2023-03-07 14:38:45 +0800[diff] [blame]321int mbedtls_ssl_cache_remove(void *data,
322 unsigned char const *session_id,
323 size_t session_id_len)
324{
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]325 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Pengyu Lv7b6299b2023-03-07 14:38:45 +0800[diff] [blame]326 mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
327 mbedtls_ssl_cache_entry *entry;
328 mbedtls_ssl_cache_entry *prev;
329
330#if defined(MBEDTLS_THREADING_C)
Pengyu Lv0b9c0122023-03-15 14:37:32 +0800[diff] [blame]331 if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
332 return ret;
Pengyu Lv7b6299b2023-03-07 14:38:45 +0800[diff] [blame]333 }
334#endif
335
336 ret = ssl_cache_find_entry(cache, session_id, session_id_len, &entry);
337 /* No valid entry found, exit with success */
338 if (ret != 0) {
339 ret = 0;
340 goto exit;
341 }
342
343 /* Now we remove the entry from the chain */
344 if (entry == cache->chain) {
345 cache->chain = entry->next;
346 goto free;
347 }
348 for (prev = cache->chain; prev->next != NULL; prev = prev->next) {
349 if (prev->next == entry) {
350 prev->next = entry->next;
351 break;
352 }
353 }
354
355free:
Pengyu Lv744b5072023-03-15 12:17:14 +0800[diff] [blame]356 ssl_cache_entry_zeroize(entry);
Pengyu Lv7b6299b2023-03-07 14:38:45 +0800[diff] [blame]357 mbedtls_free(entry);
358 ret = 0;
359
360exit:
361#if defined(MBEDTLS_THREADING_C)
362 if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
Pengyu Lv0b9c0122023-03-15 14:37:32 +0800[diff] [blame]363 ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
Pengyu Lv7b6299b2023-03-07 14:38:45 +0800[diff] [blame]364 }
365#endif
366
367 return ret;
368}
369
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]370#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]371void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout)
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]372{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]373 if (timeout < 0) {
374 timeout = 0;
375 }
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]376
377 cache->timeout = timeout;
378}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]379#endif /* MBEDTLS_HAVE_TIME */
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]380
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]381void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max)
Paul Bakkerba26e9e2012-10-23 22:18:28 +0000[diff] [blame]382{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]383 if (max < 0) {
384 max = 0;
385 }
Paul Bakkerba26e9e2012-10-23 22:18:28 +0000[diff] [blame]386
387 cache->max_entries = max;
388}
389
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]390void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache)
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]391{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]392 mbedtls_ssl_cache_entry *cur, *prv;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]393
394 cur = cache->chain;
395
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]396 while (cur != NULL) {
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]397 prv = cur;
398 cur = cur->next;
399
Pengyu Lv744b5072023-03-15 12:17:14 +0800[diff] [blame]400 ssl_cache_entry_zeroize(prv);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]401 mbedtls_free(prv);
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]402 }
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]403
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]404#if defined(MBEDTLS_THREADING_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]405 mbedtls_mutex_free(&cache->mutex);
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]406#endif
Ron Eldor22360822017-10-29 17:53:52 +0200[diff] [blame]407 cache->chain = NULL;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]408}
409
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]410#endif /* MBEDTLS_SSL_CACHE_C */