ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-10 00:49:04 +08:00
Code Issues Releases Wiki Activity

Add helper function to finding a fresh entry in the SSL cache

Browse Source 
This commit improves the readability of the SSL session cache
reference implementation of mbedtls_ssl_cache_set() by moving
the logic for finding a suitable free slot for the session to
store into a static helper function.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
Hanno Becker 2021-04-15 09:57:17 +01:00
parent ccdaf6ed22
commit 02a68ebc0e
1 changed files with 43 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
library/ssl_cache.c
View File

@ -138,24 +138,18 @@ exit:
return( ret ); return( ret );
} }
int mbedtls_ssl_cache_set( void *data, static int ssl_cache_find_fresh_entry( mbedtls_ssl_cache_context *cache,
unsigned char const *session_id, unsigned char const *session_id,
size_t session_id_len, size_t session_id_len,
const mbedtls_ssl_session *session ) mbedtls_ssl_cache_entry **dst )
{ {
int ret = 1; int ret = 1;
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0; mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0;
mbedtls_ssl_cache_entry *old = NULL; mbedtls_ssl_cache_entry *old = NULL;
#endif #endif
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *cur, *prv;
int count = 0; int count = 0;
mbedtls_ssl_cache_entry *cur, *prv;
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &cache->mutex ) ) != 0 )
return( ret );
#endif
cur = cache->chain; cur = cache->chain;
prv = NULL; prv = NULL;
@ -249,8 +243,10 @@ int mbedtls_ssl_cache_set( void *data,
#endif #endif
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ if( cur != NULL )
defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) {
*dst = cur;
/* /*
* If we're reusing an entry, free its certificate first * If we're reusing an entry, free its certificate first
*/ */
@ -259,7 +255,34 @@ int mbedtls_ssl_cache_set( void *data,
mbedtls_free( cur->peer_cert.p ); mbedtls_free( cur->peer_cert.p );
memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) ); memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) );
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
ret = 0;
}
exit:
return( ret );
}
int mbedtls_ssl_cache_set( void *data,
unsigned char const *session_id,
size_t session_id_len,
const mbedtls_ssl_session *session )
{
int ret = 1;
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *cur;
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &cache->mutex ) ) != 0 )
return( ret );
#endif
ret = ssl_cache_find_fresh_entry( cache,
session_id, session_id_len,
&cur );
if( ret != 0 )
goto exit;
/* Copy the entire session; this temporarily makes a copy of the /* Copy the entire session; this temporarily makes a copy of the
* X.509 CRT structure even though we only want to store the raw CRT. * X.509 CRT structure even though we only want to store the raw CRT.