summaryrefslogtreecommitdiff
path: root/thirdparty/mbedtls/library/ssl_cache.c
diff options
context:
space:
mode:
authorRĂ©mi Verschelde <rverschelde@gmail.com>2023-04-18 10:38:24 +0200
committerYuri Sizov <yuris@humnom.net>2023-04-26 14:14:07 +0200
commit878367b3acfde1a6dbc666dc69e630757d499610 (patch)
tree73dd512c35c511c435cd3389cd156366f5e72ff1 /thirdparty/mbedtls/library/ssl_cache.c
parenta27dd86755178744fd7487a8a2170d7bb6fe6f22 (diff)
mbedtls: Update to upstream version 2.28.3
Rediff patch from PR 1453, lstrlenW is no longer used upstream so that part of the patch was dropped. (cherry picked from commit 1fde2092d0b6e840f026abaf438c4e591138125a)
Diffstat (limited to 'thirdparty/mbedtls/library/ssl_cache.c')
-rw-r--r--thirdparty/mbedtls/library/ssl_cache.c172
1 files changed, 81 insertions, 91 deletions
diff --git a/thirdparty/mbedtls/library/ssl_cache.c b/thirdparty/mbedtls/library/ssl_cache.c
index 7a600cad18..0f0e61077c 100644
--- a/thirdparty/mbedtls/library/ssl_cache.c
+++ b/thirdparty/mbedtls/library/ssl_cache.c
@@ -32,83 +32,79 @@
#include <string.h>
-void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache )
+void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache)
{
- memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) );
+ memset(cache, 0, sizeof(mbedtls_ssl_cache_context));
cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT;
cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES;
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &cache->mutex );
+ mbedtls_mutex_init(&cache->mutex);
#endif
}
-int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
+int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session)
{
int ret = 1;
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t t = mbedtls_time( NULL );
+ mbedtls_time_t t = mbedtls_time(NULL);
#endif
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *cur, *entry;
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_lock( &cache->mutex ) != 0 )
- return( 1 );
+ if (mbedtls_mutex_lock(&cache->mutex) != 0) {
+ return 1;
+ }
#endif
cur = cache->chain;
entry = NULL;
- while( cur != NULL )
- {
+ while (cur != NULL) {
entry = cur;
cur = cur->next;
#if defined(MBEDTLS_HAVE_TIME)
- if( cache->timeout != 0 &&
- (int) ( t - entry->timestamp ) > cache->timeout )
+ if (cache->timeout != 0 &&
+ (int) (t - entry->timestamp) > cache->timeout) {
continue;
+ }
#endif
- if( session->id_len != entry->session.id_len ||
- memcmp( session->id, entry->session.id,
- entry->session.id_len ) != 0 )
- {
+ if (session->id_len != entry->session.id_len ||
+ memcmp(session->id, entry->session.id,
+ entry->session.id_len) != 0) {
continue;
}
- ret = mbedtls_ssl_session_copy( session, &entry->session );
- if( ret != 0 )
- {
+ ret = mbedtls_ssl_session_copy(session, &entry->session);
+ if (ret != 0) {
ret = 1;
goto exit;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
- defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/*
* Restore peer certificate (without rest of the original chain)
*/
- if( entry->peer_cert.p != NULL )
- {
+ if (entry->peer_cert.p != NULL) {
/* `session->peer_cert` is NULL after the call to
* mbedtls_ssl_session_copy(), because cache entries
* have the `peer_cert` field set to NULL. */
- if( ( session->peer_cert = mbedtls_calloc( 1,
- sizeof(mbedtls_x509_crt) ) ) == NULL )
- {
+ if ((session->peer_cert = mbedtls_calloc(1,
+ sizeof(mbedtls_x509_crt))) == NULL) {
ret = 1;
goto exit;
}
- mbedtls_x509_crt_init( session->peer_cert );
- if( mbedtls_x509_crt_parse( session->peer_cert, entry->peer_cert.p,
- entry->peer_cert.len ) != 0 )
- {
- mbedtls_free( session->peer_cert );
+ mbedtls_x509_crt_init(session->peer_cert);
+ if (mbedtls_x509_crt_parse(session->peer_cert, entry->peer_cert.p,
+ entry->peer_cert.len) != 0) {
+ mbedtls_free(session->peer_cert);
session->peer_cert = NULL;
ret = 1;
goto exit;
@@ -122,18 +118,19 @@ int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
exit:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
+ if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
ret = 1;
+ }
#endif
- return( ret );
+ return ret;
}
-int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
+int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session)
{
int ret = 1;
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0;
+ mbedtls_time_t t = mbedtls_time(NULL), oldest = 0;
mbedtls_ssl_cache_entry *old = NULL;
#endif
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
@@ -141,32 +138,31 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
int count = 0;
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &cache->mutex ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
+ return ret;
+ }
#endif
cur = cache->chain;
prv = NULL;
- while( cur != NULL )
- {
+ while (cur != NULL) {
count++;
#if defined(MBEDTLS_HAVE_TIME)
- if( cache->timeout != 0 &&
- (int) ( t - cur->timestamp ) > cache->timeout )
- {
+ if (cache->timeout != 0 &&
+ (int) (t - cur->timestamp) > cache->timeout) {
cur->timestamp = t;
break; /* expired, reuse this slot, update timestamp */
}
#endif
- if( memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 )
+ if (memcmp(session->id, cur->session.id, cur->session.id_len) == 0) {
break; /* client reconnected, keep timestamp for session id */
+ }
#if defined(MBEDTLS_HAVE_TIME)
- if( oldest == 0 || cur->timestamp < oldest )
- {
+ if (oldest == 0 || cur->timestamp < oldest) {
oldest = cur->timestamp;
old = cur;
}
@@ -176,16 +172,13 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
cur = cur->next;
}
- if( cur == NULL )
- {
+ if (cur == NULL) {
#if defined(MBEDTLS_HAVE_TIME)
/*
* Reuse oldest entry if max_entries reached
*/
- if( count >= cache->max_entries )
- {
- if( old == NULL )
- {
+ if (count >= cache->max_entries) {
+ if (old == NULL) {
ret = 1;
goto exit;
}
@@ -197,10 +190,8 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
* Reuse first entry in chain if max_entries reached,
* but move to last place
*/
- if( count >= cache->max_entries )
- {
- if( cache->chain == NULL )
- {
+ if (count >= cache->max_entries) {
+ if (cache->chain == NULL) {
ret = 1;
goto exit;
}
@@ -211,22 +202,21 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
prv->next = cur;
}
#endif /* MBEDTLS_HAVE_TIME */
- else
- {
+ else {
/*
* max_entries not reached, create new entry
*/
- cur = mbedtls_calloc( 1, sizeof(mbedtls_ssl_cache_entry) );
- if( cur == NULL )
- {
+ cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
+ if (cur == NULL) {
ret = 1;
goto exit;
}
- if( prv == NULL )
+ if (prv == NULL) {
cache->chain = cur;
- else
+ } else {
prv->next = cur;
+ }
}
#if defined(MBEDTLS_HAVE_TIME)
@@ -239,10 +229,9 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
/*
* If we're reusing an entry, free its certificate first
*/
- if( cur->peer_cert.p != NULL )
- {
- mbedtls_free( cur->peer_cert.p );
- memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) );
+ if (cur->peer_cert.p != NULL) {
+ mbedtls_free(cur->peer_cert.p);
+ memset(&cur->peer_cert, 0, sizeof(mbedtls_x509_buf));
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -251,9 +240,8 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
* This inefficiency will go away as soon as we implement on-demand
* parsing of CRTs, in which case there's no need for the `peer_cert`
* field anymore in the first place, and we're done after this call. */
- ret = mbedtls_ssl_session_copy( &cur->session, session );
- if( ret != 0 )
- {
+ ret = mbedtls_ssl_session_copy(&cur->session, session);
+ if (ret != 0) {
ret = 1;
goto exit;
}
@@ -261,23 +249,21 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* If present, free the X.509 structure and only store the raw CRT data. */
- if( cur->session.peer_cert != NULL )
- {
+ if (cur->session.peer_cert != NULL) {
cur->peer_cert.p =
- mbedtls_calloc( 1, cur->session.peer_cert->raw.len );
- if( cur->peer_cert.p == NULL )
- {
+ mbedtls_calloc(1, cur->session.peer_cert->raw.len);
+ if (cur->peer_cert.p == NULL) {
ret = 1;
goto exit;
}
- memcpy( cur->peer_cert.p,
- cur->session.peer_cert->raw.p,
- cur->session.peer_cert->raw.len );
+ memcpy(cur->peer_cert.p,
+ cur->session.peer_cert->raw.p,
+ cur->session.peer_cert->raw.len);
cur->peer_cert.len = session->peer_cert->raw.len;
- mbedtls_x509_crt_free( cur->session.peer_cert );
- mbedtls_free( cur->session.peer_cert );
+ mbedtls_x509_crt_free(cur->session.peer_cert);
+ mbedtls_free(cur->session.peer_cert);
cur->session.peer_cert = NULL;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -286,52 +272,56 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
exit:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
+ if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
ret = 1;
+ }
#endif
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_HAVE_TIME)
-void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout )
+void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout)
{
- if( timeout < 0 ) timeout = 0;
+ if (timeout < 0) {
+ timeout = 0;
+ }
cache->timeout = timeout;
}
#endif /* MBEDTLS_HAVE_TIME */
-void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max )
+void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max)
{
- if( max < 0 ) max = 0;
+ if (max < 0) {
+ max = 0;
+ }
cache->max_entries = max;
}
-void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache )
+void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache)
{
mbedtls_ssl_cache_entry *cur, *prv;
cur = cache->chain;
- while( cur != NULL )
- {
+ while (cur != NULL) {
prv = cur;
cur = cur->next;
- mbedtls_ssl_session_free( &prv->session );
+ mbedtls_ssl_session_free(&prv->session);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
- defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_free( prv->peer_cert.p );
+ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_free(prv->peer_cert.p);
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- mbedtls_free( prv );
+ mbedtls_free(prv);
}
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free( &cache->mutex );
+ mbedtls_mutex_free(&cache->mutex);
#endif
cache->chain = NULL;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-01 09:04:13 +0000