TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/coverity_scan / . / library / ssl_cache.c
blob: 28d0cfbb7d6377bbb5707d334d8d208186018bdc [file] [log] [blame]
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]1/*
2 * SSL session cache implementation
3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]6 */
7/*
8 * These session callbacks use a simple chained list
9 * to store and retrieve the session information.
10 */
11
Harry Ramsey0f6bc412024-10-04 10:36:54 +0100[diff] [blame]12#include "ssl_misc.h"
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]13
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]14#if defined(MBEDTLS_SSL_CACHE_C)
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]15
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]16#include "mbedtls/platform.h"
Paul Bakker6e339b52013-07-03 13:37:05 +0200[diff] [blame]17
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]18#include "mbedtls/ssl_cache.h"
Pengyu Lvb1895892023-03-16 11:38:43 +0800[diff] [blame]19#include "mbedtls/error.h"
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]20
21#include <string.h>
22
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]23void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache)
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]24{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]25 memset(cache, 0, sizeof(mbedtls_ssl_cache_context));
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]26
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]27 cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT;
28 cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES;
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]29
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]30#if defined(MBEDTLS_THREADING_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]31 mbedtls_mutex_init(&cache->mutex);
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]32#endif
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]33}
34
Manuel Pégourié-Gonnarda3115dc2022-06-17 10:52:54 +0200[diff] [blame]35MBEDTLS_CHECK_RETURN_CRITICAL
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]36static int ssl_cache_find_entry(mbedtls_ssl_cache_context *cache,
37 unsigned char const *session_id,
38 size_t session_id_len,
39 mbedtls_ssl_cache_entry **dst)
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]40{
Pengyu Lve3746d72023-04-10 14:40:03 +0800[diff] [blame]41 int ret = MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND;
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]42#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]43 mbedtls_time_t t = mbedtls_time(NULL);
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]44#endif
45 mbedtls_ssl_cache_entry *cur;
46
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]47 for (cur = cache->chain; cur != NULL; cur = cur->next) {
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]48#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]49 if (cache->timeout != 0 &&
50 (int) (t - cur->timestamp) > cache->timeout) {
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]51 continue;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]52 }
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]53#endif
54
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]55 if (session_id_len != cur->session_id_len ||
56 memcmp(session_id, cur->session_id,
57 cur->session_id_len) != 0) {
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]58 continue;
59 }
60
61 break;
62 }
63
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]64 if (cur != NULL) {
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]65 *dst = cur;
66 ret = 0;
67 }
68
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]69 return ret;
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]70}
71
72
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]73int mbedtls_ssl_cache_get(void *data,
74 unsigned char const *session_id,
75 size_t session_id_len,
76 mbedtls_ssl_session *session)
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]77{
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]78 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79 mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]80 mbedtls_ssl_cache_entry *entry;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]81
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]82#if defined(MBEDTLS_THREADING_C)
Pengyu Lv0b9c0122023-03-15 14:37:32 +0800[diff] [blame]83 if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
84 return ret;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]85 }
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]86#endif
87
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]88 ret = ssl_cache_find_entry(cache, session_id, session_id_len, &entry);
89 if (ret != 0) {
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]90 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]91 }
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]92
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]93 ret = mbedtls_ssl_session_load(session,
94 entry->session,
95 entry->session_len);
96 if (ret != 0) {
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]97 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]98 }
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]99
Hanno Beckerf938c432021-04-15 10:17:53 +0100[diff] [blame]100 ret = 0;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]101
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]102exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]103#if defined(MBEDTLS_THREADING_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]104 if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
Pengyu Lv0b9c0122023-03-15 14:37:32 +0800[diff] [blame]105 ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]106 }
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]107#endif
108
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]109 return ret;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]110}
111
Pengyu Lv744b5072023-03-15 12:17:14 +0800[diff] [blame]112/* zeroize a cache entry */
113static void ssl_cache_entry_zeroize(mbedtls_ssl_cache_entry *entry)
114{
115 if (entry == NULL) {
116 return;
117 }
118
119 /* zeroize and free session structure */
120 if (entry->session != NULL) {
Tom Cosgroveca8c61b2023-07-17 15:17:40 +0100[diff] [blame]121 mbedtls_zeroize_and_free(entry->session, entry->session_len);
Pengyu Lv744b5072023-03-15 12:17:14 +0800[diff] [blame]122 }
123
124 /* zeroize the whole entry structure */
125 mbedtls_platform_zeroize(entry, sizeof(mbedtls_ssl_cache_entry));
126}
127
Manuel Pégourié-Gonnarda3115dc2022-06-17 10:52:54 +0200[diff] [blame]128MBEDTLS_CHECK_RETURN_CRITICAL
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]129static int ssl_cache_pick_writing_slot(mbedtls_ssl_cache_context *cache,
130 unsigned char const *session_id,
131 size_t session_id_len,
132 mbedtls_ssl_cache_entry **dst)
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]133{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]134#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]135 mbedtls_time_t t = mbedtls_time(NULL), oldest = 0;
Hanno Becker006f2cc2021-05-14 04:55:35 +0100[diff] [blame]136#endif /* MBEDTLS_HAVE_TIME */
137
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]138 mbedtls_ssl_cache_entry *old = NULL;
Paul Bakkerba26e9e2012-10-23 22:18:28 +0000[diff] [blame]139 int count = 0;
Hanno Becker466ed6f2021-05-14 14:54:00 +0100[diff] [blame]140 mbedtls_ssl_cache_entry *cur, *last;
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]141
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]142 /* Check 1: Is there already an entry with the given session ID?
143 *
144 * If yes, overwrite it.
145 *
146 * If not, `count` will hold the size of the session cache
Hanno Becker466ed6f2021-05-14 14:54:00 +0100[diff] [blame]147 * at the end of this loop, and `last` will point to the last
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]148 * entry, both of which will be used later. */
149
Hanno Becker78196e32021-05-14 14:45:38 +0100[diff] [blame]150 last = NULL;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]151 for (cur = cache->chain; cur != NULL; cur = cur->next) {
Paul Bakkerba26e9e2012-10-23 22:18:28 +0000[diff] [blame]152 count++;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]153 if (session_id_len == cur->session_id_len &&
154 memcmp(session_id, cur->session_id, cur->session_id_len) == 0) {
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]155 goto found;
Hanno Beckerccdaf6e2021-04-15 09:26:17 +0100[diff] [blame]156 }
Hanno Becker78196e32021-05-14 14:45:38 +0100[diff] [blame]157 last = cur;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]158 }
159
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]160 /* Check 2: Is there an outdated entry in the cache?
161 *
162 * If so, overwrite it.
163 *
164 * If not, remember the oldest entry in `old` for later.
165 */
166
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]167#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]168 for (cur = cache->chain; cur != NULL; cur = cur->next) {
169 if (cache->timeout != 0 &&
170 (int) (t - cur->timestamp) > cache->timeout) {
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]171 goto found;
Paul Bakkerba26e9e2012-10-23 22:18:28 +0000[diff] [blame]172 }
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]173
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]174 if (oldest == 0 || cur->timestamp < oldest) {
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]175 oldest = cur->timestamp;
176 old = cur;
Paul Bakkerfa9b1002013-07-03 15:31:03 +0200[diff] [blame]177 }
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]178 }
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]179#endif /* MBEDTLS_HAVE_TIME */
Paul Bakkerba26e9e2012-10-23 22:18:28 +0000[diff] [blame]180
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]181 /* Check 3: Is there free space in the cache? */
182
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]183 if (count < cache->max_entries) {
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]184 /* Create new entry */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]185 cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
186 if (cur == NULL) {
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]187 return MBEDTLS_ERR_SSL_ALLOC_FAILED;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]188 }
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]189
190 /* Append to the end of the linked list. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]191 if (last == NULL) {
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]192 cache->chain = cur;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]193 } else {
Hanno Becker466ed6f2021-05-14 14:54:00 +0100[diff] [blame]194 last->next = cur;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]195 }
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]196
197 goto found;
198 }
199
200 /* Last resort: The cache is full and doesn't contain any outdated
201 * elements. In this case, we evict the oldest one, judged by timestamp
202 * (if present) or cache-order. */
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]203
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]204#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]205 if (old == NULL) {
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]206 /* This should only happen on an ill-configured cache
207 * with max_entries == 0. */
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]208 return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]209 }
210#else /* MBEDTLS_HAVE_TIME */
211 /* Reuse first entry in chain, but move to last place. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]212 if (cache->chain == NULL) {
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]213 /* This should never happen */
214 return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]215 }
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]216
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]217 old = cache->chain;
218 cache->chain = old->next;
Hanno Becker5cf6f7e2021-05-14 14:45:04 +0100[diff] [blame]219 old->next = NULL;
Hanno Becker466ed6f2021-05-14 14:54:00 +0100[diff] [blame]220 last->next = old;
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]221#endif /* MBEDTLS_HAVE_TIME */
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]222
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]223 /* Now `old` points to the oldest entry to be overwritten. */
224 cur = old;
225
226found:
227
Pengyu Lv744b5072023-03-15 12:17:14 +0800[diff] [blame]228 /* If we're reusing an entry, free it first. */
229 if (cur->session != NULL) {
230 /* `ssl_cache_entry_zeroize` would break the chain,
231 * so we reuse `old` to record `next` temporarily. */
232 old = cur->next;
233 ssl_cache_entry_zeroize(cur);
234 cur->next = old;
235 }
236
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]237#if defined(MBEDTLS_HAVE_TIME)
238 cur->timestamp = t;
239#endif
240
Hanno Becker845ceb72021-05-13 07:05:07 +0100[diff] [blame]241 *dst = cur;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]242 return 0;
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]243}
244
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]245int mbedtls_ssl_cache_set(void *data,
246 unsigned char const *session_id,
247 size_t session_id_len,
248 const mbedtls_ssl_session *session)
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]249{
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]250 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]251 mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
252 mbedtls_ssl_cache_entry *cur;
253
Sergeybef1f632023-03-06 15:25:06 -0700[diff] [blame]254 size_t session_serialized_len = 0;
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]255 unsigned char *session_serialized = NULL;
256
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]257#if defined(MBEDTLS_THREADING_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]258 if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
259 return ret;
260 }
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]261#endif
262
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]263 ret = ssl_cache_pick_writing_slot(cache,
264 session_id, session_id_len,
265 &cur);
266 if (ret != 0) {
Hanno Becker02a68eb2021-04-15 09:57:17 +0100[diff] [blame]267 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]268 }
Manuel Pégourié-Gonnard84c30c72014-02-26 17:38:55 +0100[diff] [blame]269
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]270 /* Check how much space we need to serialize the session
271 * and allocate a sufficiently large buffer. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]272 ret = mbedtls_ssl_session_save(session, NULL, 0, &session_serialized_len);
273 if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
Hanno Beckeraee87172019-02-06 14:53:19 +0000[diff] [blame]274 goto exit;
275 }
276
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]277 session_serialized = mbedtls_calloc(1, session_serialized_len);
278 if (session_serialized == NULL) {
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]279 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
280 goto exit;
Paul Bakkere81beda2013-03-06 17:40:46 +0100[diff] [blame]281 }
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]282
283 /* Now serialize the session into the allocated buffer. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]284 ret = mbedtls_ssl_session_save(session,
285 session_serialized,
286 session_serialized_len,
287 &session_serialized_len);
288 if (ret != 0) {
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]289 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]290 }
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]291
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]292 if (session_id_len > sizeof(cur->session_id)) {
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]293 ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]294 goto exit;
295 }
296 cur->session_id_len = session_id_len;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]297 memcpy(cur->session_id, session_id, session_id_len);
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]298
299 cur->session = session_serialized;
300 cur->session_len = session_serialized_len;
301 session_serialized = NULL;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]302
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]303 ret = 0;
304
305exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]306#if defined(MBEDTLS_THREADING_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]307 if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
Pengyu Lv0b9c0122023-03-15 14:37:32 +0800[diff] [blame]308 ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]309 }
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]310#endif
311
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]312 if (session_serialized != NULL) {
Tom Cosgroveca8c61b2023-07-17 15:17:40 +0100[diff] [blame]313 mbedtls_zeroize_and_free(session_serialized, session_serialized_len);
Leonid Rozenboim116f50c2022-04-21 13:05:10 -0700[diff] [blame]314 session_serialized = NULL;
315 }
Hanno Becker7e6eb9f2021-04-15 10:26:06 +0100[diff] [blame]316
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]317 return ret;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]318}
319
Pengyu Lv7b6299b2023-03-07 14:38:45 +0800[diff] [blame]320int mbedtls_ssl_cache_remove(void *data,
321 unsigned char const *session_id,
322 size_t session_id_len)
323{
Pengyu Lv5038a382023-03-23 15:49:52 +0800[diff] [blame]324 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Pengyu Lv7b6299b2023-03-07 14:38:45 +0800[diff] [blame]325 mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
326 mbedtls_ssl_cache_entry *entry;
327 mbedtls_ssl_cache_entry *prev;
328
329#if defined(MBEDTLS_THREADING_C)
Pengyu Lv0b9c0122023-03-15 14:37:32 +0800[diff] [blame]330 if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
331 return ret;
Pengyu Lv7b6299b2023-03-07 14:38:45 +0800[diff] [blame]332 }
333#endif
334
335 ret = ssl_cache_find_entry(cache, session_id, session_id_len, &entry);
336 /* No valid entry found, exit with success */
337 if (ret != 0) {
338 ret = 0;
339 goto exit;
340 }
341
342 /* Now we remove the entry from the chain */
343 if (entry == cache->chain) {
344 cache->chain = entry->next;
345 goto free;
346 }
347 for (prev = cache->chain; prev->next != NULL; prev = prev->next) {
348 if (prev->next == entry) {
349 prev->next = entry->next;
350 break;
351 }
352 }
353
354free:
Pengyu Lv744b5072023-03-15 12:17:14 +0800[diff] [blame]355 ssl_cache_entry_zeroize(entry);
Pengyu Lv7b6299b2023-03-07 14:38:45 +0800[diff] [blame]356 mbedtls_free(entry);
357 ret = 0;
358
359exit:
360#if defined(MBEDTLS_THREADING_C)
361 if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
Pengyu Lv0b9c0122023-03-15 14:37:32 +0800[diff] [blame]362 ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
Pengyu Lv7b6299b2023-03-07 14:38:45 +0800[diff] [blame]363 }
364#endif
365
366 return ret;
367}
368
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]369#if defined(MBEDTLS_HAVE_TIME)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]370void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout)
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]371{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]372 if (timeout < 0) {
373 timeout = 0;
374 }
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]375
376 cache->timeout = timeout;
377}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]378#endif /* MBEDTLS_HAVE_TIME */
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]379
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]380void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max)
Paul Bakkerba26e9e2012-10-23 22:18:28 +0000[diff] [blame]381{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]382 if (max < 0) {
383 max = 0;
384 }
Paul Bakkerba26e9e2012-10-23 22:18:28 +0000[diff] [blame]385
386 cache->max_entries = max;
387}
388
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]389void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache)
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]390{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]391 mbedtls_ssl_cache_entry *cur, *prv;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]392
393 cur = cache->chain;
394
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]395 while (cur != NULL) {
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]396 prv = cur;
397 cur = cur->next;
398
Pengyu Lv744b5072023-03-15 12:17:14 +0800[diff] [blame]399 ssl_cache_entry_zeroize(prv);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]400 mbedtls_free(prv);
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]401 }
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]402
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]403#if defined(MBEDTLS_THREADING_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]404 mbedtls_mutex_free(&cache->mutex);
Paul Bakkerc5598842013-09-28 15:01:27 +0200[diff] [blame]405#endif
Ron Eldor22360822017-10-29 17:53:52 +0200[diff] [blame]406 cache->chain = NULL;
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]407}
408
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]409#endif /* MBEDTLS_SSL_CACHE_C */