Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api
ssl_cache: misc improvements
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index f8c5948..03063ac 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -106,7 +106,8 @@
/* Error space gap */
/* Error space gap */
/* Error space gap */
-/* Error space gap */
+/** Cache entry not found */
+#define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x7E80
/** Memory allocation failed */
#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
/** Hardware acceleration function returned with error */
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index 55dcf77..08f98b5 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -102,6 +102,11 @@
* \param session_id_len The length of \p session_id in bytes.
* \param session The address at which to store the session
* associated with \p session_id, if present.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND if there is
+ * no cache entry with specified session ID found, or
+ * any other negative error code for other failures.
*/
int mbedtls_ssl_cache_get(void *data,
unsigned char const *session_id,
@@ -117,6 +122,9 @@
* associated to \p session.
* \param session_id_len The length of \p session_id in bytes.
* \param session The session to store.
+ *
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_ssl_cache_set(void *data,
unsigned char const *session_id,
@@ -132,9 +140,10 @@
* associated to \p session.
* \param session_id_len The length of \p session_id in bytes.
*
- * \return 0: The cache entry for session with provided ID
- * is removed or does not exist.
- * Otherwise: fail.
+ * \return \c 0 on success. This indicates the cache entry for
+ * the session with provided ID is removed or does not
+ * exist.
+ * \return A negative error code on failure.
*/
int mbedtls_ssl_cache_remove(void *data,
unsigned char const *session_id,
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 048c21d..e29b0bc 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -29,6 +29,7 @@
#include "mbedtls/ssl_cache.h"
#include "ssl_misc.h"
+#include "mbedtls/error.h"
#include <string.h>
@@ -50,7 +51,7 @@
size_t session_id_len,
mbedtls_ssl_cache_entry **dst)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND;
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t t = mbedtls_time(NULL);
#endif
@@ -87,7 +88,7 @@
size_t session_id_len,
mbedtls_ssl_session *session)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *entry;
@@ -197,7 +198,7 @@
/* Create new entry */
cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
if (cur == NULL) {
- return 1;
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
/* Append to the end of the linked list. */
@@ -218,12 +219,13 @@
if (old == NULL) {
/* This should only happen on an ill-configured cache
* with max_entries == 0. */
- return 1;
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#else /* MBEDTLS_HAVE_TIME */
/* Reuse first entry in chain, but move to last place. */
if (cache->chain == NULL) {
- return 1;
+ /* This should never happen */
+ return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
old = cache->chain;
@@ -259,7 +261,7 @@
size_t session_id_len,
const mbedtls_ssl_session *session)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *cur;
@@ -283,7 +285,6 @@
* and allocate a sufficiently large buffer. */
ret = mbedtls_ssl_session_save(session, NULL, 0, &session_serialized_len);
if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
- ret = 1;
goto exit;
}
@@ -303,7 +304,7 @@
}
if (session_id_len > sizeof(cur->session_id)) {
- ret = 1;
+ ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
goto exit;
}
cur->session_id_len = session_id_len;
@@ -335,7 +336,7 @@
unsigned char const *session_id,
size_t session_id_len)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *entry;
mbedtls_ssl_cache_entry *prev;
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index b2bd8b8..9eb23ca 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -671,7 +671,7 @@
#if defined(MBEDTLS_HAVE_TIME)
int cache_timeout; /* expiration delay of session cache entries*/
#endif
- int cache_remove; /* enable / disable cache removement */
+ int cache_remove; /* enable / disable cache entry removal */
char *sni; /* string describing sni information */
const char *curves; /* list of supported elliptic curves */
const char *sig_algs; /* supported TLS 1.3 signature algorithms */