yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api

Browse source 
ssl_cache: misc improvements
This commit is contained in:
Gilles Peskine 2023-04-11 09:30:40 +02:00 committed by GitHub
commit c9e8a65d06
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 25 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
include/mbedtls/ssl.h
View file

@ -106,7 +106,8 @@
/* Error space gap */ /* Error space gap */
/* Error space gap */ /* Error space gap */
/* Error space gap */ /* Error space gap */
/* Error space gap */ /** Cache entry not found */
#define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x7E80
/** Memory allocation failed */ /** Memory allocation failed */
#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 #define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
/** Hardware acceleration function returned with error */ /** Hardware acceleration function returned with error */

15
include/mbedtls/ssl_cache.h
View file

@ -102,6 +102,11 @@ void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache);
* \param session_id_len The length of \p session_id in bytes. * \param session_id_len The length of \p session_id in bytes.
* \param session The address at which to store the session * \param session The address at which to store the session
* associated with \p session_id, if present. * associated with \p session_id, if present.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND if there is
* no cache entry with specified session ID found, or
* any other negative error code for other failures.
*/ */
int mbedtls_ssl_cache_get(void *data, int mbedtls_ssl_cache_get(void *data,
unsigned char const *session_id, unsigned char const *session_id,
@ -117,6 +122,9 @@ int mbedtls_ssl_cache_get(void *data,
* associated to \p session. * associated to \p session.
* \param session_id_len The length of \p session_id in bytes. * \param session_id_len The length of \p session_id in bytes.
* \param session The session to store. * \param session The session to store.
*
* \return \c 0 on success.
* \return A negative error code on failure.
*/ */
int mbedtls_ssl_cache_set(void *data, int mbedtls_ssl_cache_set(void *data,
unsigned char const *session_id, unsigned char const *session_id,
@ -132,9 +140,10 @@ int mbedtls_ssl_cache_set(void *data,
* associated to \p session. * associated to \p session.
* \param session_id_len The length of \p session_id in bytes. * \param session_id_len The length of \p session_id in bytes.
* *
* \return 0: The cache entry for session with provided ID * \return \c 0 on success. This indicates the cache entry for
* is removed or does not exist. * the session with provided ID is removed or does not
* Otherwise: fail. * exist.
* \return A negative error code on failure.
*/ */
int mbedtls_ssl_cache_remove(void *data, int mbedtls_ssl_cache_remove(void *data,
unsigned char const *session_id, unsigned char const *session_id,

19
library/ssl_cache.c
View file

@ -29,6 +29,7 @@
#include "mbedtls/ssl_cache.h" #include "mbedtls/ssl_cache.h"
#include "ssl_misc.h" #include "ssl_misc.h"
#include "mbedtls/error.h"
#include <string.h> #include <string.h>
@ -50,7 +51,7 @@ static int ssl_cache_find_entry(mbedtls_ssl_cache_context *cache,
size_t session_id_len, size_t session_id_len,
mbedtls_ssl_cache_entry **dst) mbedtls_ssl_cache_entry **dst)
{ {
int ret = 1; int ret = MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND;
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t t = mbedtls_time(NULL); mbedtls_time_t t = mbedtls_time(NULL);
#endif #endif
@ -87,7 +88,7 @@ int mbedtls_ssl_cache_get(void *data,
size_t session_id_len, size_t session_id_len,
mbedtls_ssl_session *session) mbedtls_ssl_session *session)
{ {
int ret = 1; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *entry; mbedtls_ssl_cache_entry *entry;
@ -197,7 +198,7 @@ static int ssl_cache_pick_writing_slot(mbedtls_ssl_cache_context *cache,
/* Create new entry */ /* Create new entry */
cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry)); cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
if (cur == NULL) { if (cur == NULL) {
return 1; return MBEDTLS_ERR_SSL_ALLOC_FAILED;
} }
/* Append to the end of the linked list. */ /* Append to the end of the linked list. */
@ -218,12 +219,13 @@ static int ssl_cache_pick_writing_slot(mbedtls_ssl_cache_context *cache,
if (old == NULL) { if (old == NULL) {
/* This should only happen on an ill-configured cache /* This should only happen on an ill-configured cache
* with max_entries == 0. */ * with max_entries == 0. */
return 1; return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
} }
#else /* MBEDTLS_HAVE_TIME */ #else /* MBEDTLS_HAVE_TIME */
/* Reuse first entry in chain, but move to last place. */ /* Reuse first entry in chain, but move to last place. */
if (cache->chain == NULL) { if (cache->chain == NULL) {
return 1; /* This should never happen */
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
} }
old = cache->chain; old = cache->chain;
@ -259,7 +261,7 @@ int mbedtls_ssl_cache_set(void *data,
size_t session_id_len, size_t session_id_len,
const mbedtls_ssl_session *session) const mbedtls_ssl_session *session)
{ {
int ret = 1; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *cur; mbedtls_ssl_cache_entry *cur;
@ -283,7 +285,6 @@ int mbedtls_ssl_cache_set(void *data,
* and allocate a sufficiently large buffer. */ * and allocate a sufficiently large buffer. */
ret = mbedtls_ssl_session_save(session, NULL, 0, &session_serialized_len); ret = mbedtls_ssl_session_save(session, NULL, 0, &session_serialized_len);
if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
ret = 1;
goto exit; goto exit;
} }
@ -303,7 +304,7 @@ int mbedtls_ssl_cache_set(void *data,
} }
if (session_id_len > sizeof(cur->session_id)) { if (session_id_len > sizeof(cur->session_id)) {
ret = 1; ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
goto exit; goto exit;
} }
cur->session_id_len = session_id_len; cur->session_id_len = session_id_len;
@ -335,7 +336,7 @@ int mbedtls_ssl_cache_remove(void *data,
unsigned char const *session_id, unsigned char const *session_id,
size_t session_id_len) size_t session_id_len)
{ {
int ret = 1; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *entry; mbedtls_ssl_cache_entry *entry;
mbedtls_ssl_cache_entry *prev; mbedtls_ssl_cache_entry *prev;

2
programs/ssl/ssl_server2.c
View file

@ -671,7 +671,7 @@ struct options {
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
int cache_timeout; /* expiration delay of session cache entries*/ int cache_timeout; /* expiration delay of session cache entries*/
#endif #endif
int cache_remove; /* enable / disable cache removement */ int cache_remove; /* enable / disable cache entry removal */
char *sni; /* string describing sni information */ char *sni; /* string describing sni information */
const char *curves; /* list of supported elliptic curves */ const char *curves; /* list of supported elliptic curves */
const char *sig_algs; /* supported TLS 1.3 signature algorithms */ const char *sig_algs; /* supported TLS 1.3 signature algorithms */