From b1895899f1d4aea2b25b7981f73b0736d592e0f4 Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Thu, 16 Mar 2023 11:38:43 +0800
Subject: [PATCH 1/6] ssl_cache: Improve some comments

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 include/mbedtls/ssl_cache.h | 4 ++--
 library/ssl_cache.c         | 3 ++-
 programs/ssl/ssl_server2.c  | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index 55dcf77c3..1eb933cfa 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -132,9 +132,9 @@ int mbedtls_ssl_cache_set(void *data,
  *                        associated to \p session.
  * \param session_id_len  The length of \p session_id in bytes.
  *
- * \return                0: The cache entry for session with provided ID
+ * \return                \c 0: The cache entry for session with provided ID
  *                           is removed or does not exist.
- *                        Otherwise: fail.
+ *                        A negative error code on failure.
  */
 int mbedtls_ssl_cache_remove(void *data,
                              unsigned char const *session_id,
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 048c21d4f..1c649ca25 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -29,6 +29,7 @@
 
 #include "mbedtls/ssl_cache.h"
 #include "ssl_misc.h"
+#include "mbedtls/error.h"
 
 #include <string.h>
 
@@ -335,7 +336,7 @@ int mbedtls_ssl_cache_remove(void *data,
                              unsigned char const *session_id,
                              size_t session_id_len)
 {
-    int ret = 1;
+    int ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
     mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
     mbedtls_ssl_cache_entry *entry;
     mbedtls_ssl_cache_entry *prev;
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 8277ddee1..d68f00286 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -669,7 +669,7 @@ struct options {
 #if defined(MBEDTLS_HAVE_TIME)
     int cache_timeout;          /* expiration delay of session cache entries*/
 #endif
-    int cache_remove;           /* enable / disable cache removement        */
+    int cache_remove;           /* enable / disable cache entry removal     */
     char *sni;                  /* string describing sni information        */
     const char *curves;         /* list of supported elliptic curves        */
     const char *sig_algs;       /* supported TLS 1.3 signature algorithms   */

From cdf06f69ddb88a4b9c71ed7ea4f672440770e49b Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Thu, 23 Mar 2023 11:15:24 +0800
Subject: [PATCH 2/6] Improve function return value description

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 include/mbedtls/ssl_cache.h | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index 1eb933cfa..00891bc89 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -132,9 +132,10 @@ int mbedtls_ssl_cache_set(void *data,
  *                        associated to \p session.
  * \param session_id_len  The length of \p session_id in bytes.
  *
- * \return                \c 0: The cache entry for session with provided ID
- *                           is removed or does not exist.
- *                        A negative error code on failure.
+ * \return                \c 0 on success. This indicates the cache entry for
+ *                        the session with provided ID is removed or does not
+ *                        exist.
+ * \return                A negative error code on failure.
  */
 int mbedtls_ssl_cache_remove(void *data,
                              unsigned char const *session_id,

From 5038a3869579557a33aac937677aaa32031372ba Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Thu, 23 Mar 2023 15:49:52 +0800
Subject: [PATCH 3/6] ssl_cache: Return standard mbedtls error code

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 include/mbedtls/ssl.h |  3 ++-
 library/ssl_cache.c   | 18 +++++++++---------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 4b954bb45..1e5174511 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -110,7 +110,8 @@
 /* Error space gap */
 /* Error space gap */
 /* Error space gap */
-/* Error space gap */
+/** Cache entry not found */
+#define MBEDTLS_ERR_SSL_CACHE_NOT_FOUND                   -0x7E80
 /** Memory allocation failed */
 #define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00
 /** Hardware acceleration function returned with error */
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 1c649ca25..44dc11a56 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -51,7 +51,7 @@ static int ssl_cache_find_entry(mbedtls_ssl_cache_context *cache,
                                 size_t session_id_len,
                                 mbedtls_ssl_cache_entry **dst)
 {
-    int ret = 1;
+    int ret = MBEDTLS_ERR_SSL_CACHE_NOT_FOUND;
 #if defined(MBEDTLS_HAVE_TIME)
     mbedtls_time_t t = mbedtls_time(NULL);
 #endif
@@ -88,7 +88,7 @@ int mbedtls_ssl_cache_get(void *data,
                           size_t session_id_len,
                           mbedtls_ssl_session *session)
 {
-    int ret = 1;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
     mbedtls_ssl_cache_entry *entry;
 
@@ -198,7 +198,7 @@ static int ssl_cache_pick_writing_slot(mbedtls_ssl_cache_context *cache,
         /* Create new entry */
         cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
         if (cur == NULL) {
-            return 1;
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
         }
 
         /* Append to the end of the linked list. */
@@ -219,12 +219,13 @@ static int ssl_cache_pick_writing_slot(mbedtls_ssl_cache_context *cache,
     if (old == NULL) {
         /* This should only happen on an ill-configured cache
          * with max_entries == 0. */
-        return 1;
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 #else /* MBEDTLS_HAVE_TIME */
     /* Reuse first entry in chain, but move to last place. */
     if (cache->chain == NULL) {
-        return 1;
+        /* This should never happen */
+        return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     }
 
     old = cache->chain;
@@ -260,7 +261,7 @@ int mbedtls_ssl_cache_set(void *data,
                           size_t session_id_len,
                           const mbedtls_ssl_session *session)
 {
-    int ret = 1;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
     mbedtls_ssl_cache_entry *cur;
 
@@ -284,7 +285,6 @@ int mbedtls_ssl_cache_set(void *data,
      * and allocate a sufficiently large buffer. */
     ret = mbedtls_ssl_session_save(session, NULL, 0, &session_serialized_len);
     if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
-        ret = 1;
         goto exit;
     }
 
@@ -304,7 +304,7 @@ int mbedtls_ssl_cache_set(void *data,
     }
 
     if (session_id_len > sizeof(cur->session_id)) {
-        ret = 1;
+        ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
         goto exit;
     }
     cur->session_id_len = session_id_len;
@@ -336,7 +336,7 @@ int mbedtls_ssl_cache_remove(void *data,
                              unsigned char const *session_id,
                              size_t session_id_len)
 {
-    int ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
     mbedtls_ssl_cache_entry *entry;
     mbedtls_ssl_cache_entry *prev;

From 4e7072439681f69a803e7ffdccc6d80156f243ba Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Mon, 27 Mar 2023 11:29:49 +0800
Subject: [PATCH 4/6] ssl_cache: Add descriptions of returns of cache accessors

Add descriptions of the return values of mbedtls_ssl_cache_get
and mbedtls_ssl_cache_set.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 include/mbedtls/ssl_cache.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index 00891bc89..9b7d8e6f4 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -102,6 +102,9 @@ void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache);
  * \param session_id_len  The length of \p session_id in bytes.
  * \param session         The address at which to store the session
  *                        associated with \p session_id, if present.
+ *
+ * \return                \c 0 on success.
+ * \return                A negative error code on failure.
  */
 int mbedtls_ssl_cache_get(void *data,
                           unsigned char const *session_id,
@@ -117,6 +120,9 @@ int mbedtls_ssl_cache_get(void *data,
  *                        associated to \p session.
  * \param session_id_len  The length of \p session_id in bytes.
  * \param session         The session to store.
+ *
+ * \return                \c 0 on success.
+ * \return                A negative error code on failure.
  */
 int mbedtls_ssl_cache_set(void *data,
                           unsigned char const *session_id,

From e3746d7ce6c791a111b83b5f2c762dc4b81df1eb Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Mon, 10 Apr 2023 14:40:03 +0800
Subject: [PATCH 5/6] ssl_cache: Error renaming and document improvement

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 include/mbedtls/ssl.h       | 2 +-
 include/mbedtls/ssl_cache.h | 3 ++-
 library/ssl_cache.c         | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 1e5174511..0588e0cde 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -111,7 +111,7 @@
 /* Error space gap */
 /* Error space gap */
 /** Cache entry not found */
-#define MBEDTLS_ERR_SSL_CACHE_NOT_FOUND                   -0x7E80
+#define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND             -0x7E80
 /** Memory allocation failed */
 #define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00
 /** Hardware acceleration function returned with error */
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index 9b7d8e6f4..7009827f8 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -104,7 +104,8 @@ void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache);
  *                        associated with \p session_id, if present.
  *
  * \return                \c 0 on success.
- * \return                A negative error code on failure.
+ * \return                #MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND if there is
+ *                        no cache entry with specified session ID found.
  */
 int mbedtls_ssl_cache_get(void *data,
                           unsigned char const *session_id,
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 44dc11a56..e29b0bcd2 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -51,7 +51,7 @@ static int ssl_cache_find_entry(mbedtls_ssl_cache_context *cache,
                                 size_t session_id_len,
                                 mbedtls_ssl_cache_entry **dst)
 {
-    int ret = MBEDTLS_ERR_SSL_CACHE_NOT_FOUND;
+    int ret = MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND;
 #if defined(MBEDTLS_HAVE_TIME)
     mbedtls_time_t t = mbedtls_time(NULL);
 #endif

From 723ac268e72242cbb2dedd74050719059884784b Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Tue, 11 Apr 2023 09:19:08 +0800
Subject: [PATCH 6/6] ssh_cache: Add back description of other errors for cache
 getter

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 include/mbedtls/ssl_cache.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index 7009827f8..08f98b559 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -105,7 +105,8 @@ void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache);
  *
  * \return                \c 0 on success.
  * \return                #MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND if there is
- *                        no cache entry with specified session ID found.
+ *                        no cache entry with specified session ID found, or
+ *                        any other negative error code for other failures.
  */
 int mbedtls_ssl_cache_get(void *data,
                           unsigned char const *session_id,