ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-09 08:31:33 +08:00
Code Issues Releases Wiki Activity

ssl_cache: use auxiliary function to zeroize cache entry

Browse Source 
This commit introduce a auxiliary function to zeroize
the cache entry, especially the session structure. The
function is called wherever we need to free the entry.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
This commit is contained in:
Pengyu Lv 2023-03-15 12:17:14 +08:00
parent f30488f5cd
commit 744b507866
1 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
library/ssl_cache.c
View File

@ -121,6 +121,23 @@ exit:
return ret; return ret;
} }
/* zeroize a cache entry */
static void ssl_cache_entry_zeroize(mbedtls_ssl_cache_entry *entry)
{
if (entry == NULL) {
return;
}
/* zeroize and free session structure */
if (entry->session != NULL) {
mbedtls_platform_zeroize(entry->session, entry->session_len);
mbedtls_free(entry->session);
}
/* zeroize the whole entry structure */
mbedtls_platform_zeroize(entry, sizeof(mbedtls_ssl_cache_entry));
}
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_cache_pick_writing_slot(mbedtls_ssl_cache_context *cache, static int ssl_cache_pick_writing_slot(mbedtls_ssl_cache_context *cache,
unsigned char const *session_id, unsigned char const *session_id,
@ -220,19 +237,19 @@ static int ssl_cache_pick_writing_slot(mbedtls_ssl_cache_context *cache,
found: found:
/* If we're reusing an entry, free it first. */
if (cur->session != NULL) {
/* `ssl_cache_entry_zeroize` would break the chain,
* so we reuse `old` to record `next` temporarily. */
old = cur->next;
ssl_cache_entry_zeroize(cur);
cur->next = old;
}
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
cur->timestamp = t; cur->timestamp = t;
#endif #endif
/* If we're reusing an entry, free it first. */
if (cur->session != NULL) {
mbedtls_free(cur->session);
cur->session = NULL;
cur->session_len = 0;
memset(cur->session_id, 0, sizeof(cur->session_id));
cur->session_id_len = 0;
}
*dst = cur; *dst = cur;
return 0; return 0;
} }
@ -349,11 +366,7 @@ int mbedtls_ssl_cache_remove(void *data,
} }
free: free:
if (entry->session != NULL) { ssl_cache_entry_zeroize(entry);
mbedtls_platform_zeroize(entry->session, entry->session_len);
mbedtls_free(entry->session);
}
mbedtls_platform_zeroize(entry, sizeof(mbedtls_ssl_cache_entry));
mbedtls_free(entry); mbedtls_free(entry);
ret = 0; ret = 0;
@ -397,7 +410,7 @@ void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache)
prv = cur; prv = cur;
cur = cur->next; cur = cur->next;
mbedtls_free(prv->session); ssl_cache_entry_zeroize(prv);
mbedtls_free(prv); mbedtls_free(prv);
} }