summaryrefslogtreecommitdiffstats
path: root/thirdparty/mbedtls/library/ssl_cache.c
diff options
context:
space:
mode:
Diffstat (limited to 'thirdparty/mbedtls/library/ssl_cache.c')
-rw-r--r--thirdparty/mbedtls/library/ssl_cache.c172
1 files changed, 81 insertions, 91 deletions
diff --git a/thirdparty/mbedtls/library/ssl_cache.c b/thirdparty/mbedtls/library/ssl_cache.c
index 7a600cad18..0f0e61077c 100644
--- a/thirdparty/mbedtls/library/ssl_cache.c
+++ b/thirdparty/mbedtls/library/ssl_cache.c
@@ -32,83 +32,79 @@
#include <string.h>
-void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache )
+void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache)
{
- memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) );
+ memset(cache, 0, sizeof(mbedtls_ssl_cache_context));
cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT;
cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES;
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &cache->mutex );
+ mbedtls_mutex_init(&cache->mutex);
#endif
}
-int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
+int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session)
{
int ret = 1;
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t t = mbedtls_time( NULL );
+ mbedtls_time_t t = mbedtls_time(NULL);
#endif
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *cur, *entry;
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_lock( &cache->mutex ) != 0 )
- return( 1 );
+ if (mbedtls_mutex_lock(&cache->mutex) != 0) {
+ return 1;
+ }
#endif
cur = cache->chain;
entry = NULL;
- while( cur != NULL )
- {
+ while (cur != NULL) {
entry = cur;
cur = cur->next;
#if defined(MBEDTLS_HAVE_TIME)
- if( cache->timeout != 0 &&
- (int) ( t - entry->timestamp ) > cache->timeout )
+ if (cache->timeout != 0 &&
+ (int) (t - entry->timestamp) > cache->timeout) {
continue;
+ }
#endif
- if( session->id_len != entry->session.id_len ||
- memcmp( session->id, entry->session.id,
- entry->session.id_len ) != 0 )
- {
+ if (session->id_len != entry->session.id_len ||
+ memcmp(session->id, entry->session.id,
+ entry->session.id_len) != 0) {
continue;
}
- ret = mbedtls_ssl_session_copy( session, &entry->session );
- if( ret != 0 )
- {
+ ret = mbedtls_ssl_session_copy(session, &entry->session);
+ if (ret != 0) {
ret = 1;
goto exit;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
- defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/*
* Restore peer certificate (without rest of the original chain)
*/
- if( entry->peer_cert.p != NULL )
- {
+ if (entry->peer_cert.p != NULL) {
/* `session->peer_cert` is NULL after the call to
* mbedtls_ssl_session_copy(), because cache entries
* have the `peer_cert` field set to NULL. */
- if( ( session->peer_cert = mbedtls_calloc( 1,
- sizeof(mbedtls_x509_crt) ) ) == NULL )
- {
+ if ((session->peer_cert = mbedtls_calloc(1,
+ sizeof(mbedtls_x509_crt))) == NULL) {
ret = 1;
goto exit;
}
- mbedtls_x509_crt_init( session->peer_cert );
- if( mbedtls_x509_crt_parse( session->peer_cert, entry->peer_cert.p,
- entry->peer_cert.len ) != 0 )
- {
- mbedtls_free( session->peer_cert );
+ mbedtls_x509_crt_init(session->peer_cert);
+ if (mbedtls_x509_crt_parse(session->peer_cert, entry->peer_cert.p,
+ entry->peer_cert.len) != 0) {
+ mbedtls_free(session->peer_cert);
session->peer_cert = NULL;
ret = 1;
goto exit;
@@ -122,18 +118,19 @@ int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
exit:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
+ if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
ret = 1;
+ }
#endif
- return( ret );
+ return ret;
}
-int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
+int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session)
{
int ret = 1;
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0;
+ mbedtls_time_t t = mbedtls_time(NULL), oldest = 0;
mbedtls_ssl_cache_entry *old = NULL;
#endif
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
@@ -141,32 +138,31 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
int count = 0;
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &cache->mutex ) ) != 0 )
- return( ret );
+ if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
+ return ret;
+ }
#endif
cur = cache->chain;
prv = NULL;
- while( cur != NULL )
- {
+ while (cur != NULL) {
count++;
#if defined(MBEDTLS_HAVE_TIME)
- if( cache->timeout != 0 &&
- (int) ( t - cur->timestamp ) > cache->timeout )
- {
+ if (cache->timeout != 0 &&
+ (int) (t - cur->timestamp) > cache->timeout) {
cur->timestamp = t;
break; /* expired, reuse this slot, update timestamp */
}
#endif
- if( memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 )
+ if (memcmp(session->id, cur->session.id, cur->session.id_len) == 0) {
break; /* client reconnected, keep timestamp for session id */
+ }
#if defined(MBEDTLS_HAVE_TIME)
- if( oldest == 0 || cur->timestamp < oldest )
- {
+ if (oldest == 0 || cur->timestamp < oldest) {
oldest = cur->timestamp;
old = cur;
}
@@ -176,16 +172,13 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
cur = cur->next;
}
- if( cur == NULL )
- {
+ if (cur == NULL) {
#if defined(MBEDTLS_HAVE_TIME)
/*
* Reuse oldest entry if max_entries reached
*/
- if( count >= cache->max_entries )
- {
- if( old == NULL )
- {
+ if (count >= cache->max_entries) {
+ if (old == NULL) {
ret = 1;
goto exit;
}
@@ -197,10 +190,8 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
* Reuse first entry in chain if max_entries reached,
* but move to last place
*/
- if( count >= cache->max_entries )
- {
- if( cache->chain == NULL )
- {
+ if (count >= cache->max_entries) {
+ if (cache->chain == NULL) {
ret = 1;
goto exit;
}
@@ -211,22 +202,21 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
prv->next = cur;
}
#endif /* MBEDTLS_HAVE_TIME */
- else
- {
+ else {
/*
* max_entries not reached, create new entry
*/
- cur = mbedtls_calloc( 1, sizeof(mbedtls_ssl_cache_entry) );
- if( cur == NULL )
- {
+ cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
+ if (cur == NULL) {
ret = 1;
goto exit;
}
- if( prv == NULL )
+ if (prv == NULL) {
cache->chain = cur;
- else
+ } else {
prv->next = cur;
+ }
}
#if defined(MBEDTLS_HAVE_TIME)
@@ -239,10 +229,9 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
/*
* If we're reusing an entry, free its certificate first
*/
- if( cur->peer_cert.p != NULL )
- {
- mbedtls_free( cur->peer_cert.p );
- memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) );
+ if (cur->peer_cert.p != NULL) {
+ mbedtls_free(cur->peer_cert.p);
+ memset(&cur->peer_cert, 0, sizeof(mbedtls_x509_buf));
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -251,9 +240,8 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
* This inefficiency will go away as soon as we implement on-demand
* parsing of CRTs, in which case there's no need for the `peer_cert`
* field anymore in the first place, and we're done after this call. */
- ret = mbedtls_ssl_session_copy( &cur->session, session );
- if( ret != 0 )
- {
+ ret = mbedtls_ssl_session_copy(&cur->session, session);
+ if (ret != 0) {
ret = 1;
goto exit;
}
@@ -261,23 +249,21 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* If present, free the X.509 structure and only store the raw CRT data. */
- if( cur->session.peer_cert != NULL )
- {
+ if (cur->session.peer_cert != NULL) {
cur->peer_cert.p =
- mbedtls_calloc( 1, cur->session.peer_cert->raw.len );
- if( cur->peer_cert.p == NULL )
- {
+ mbedtls_calloc(1, cur->session.peer_cert->raw.len);
+ if (cur->peer_cert.p == NULL) {
ret = 1;
goto exit;
}
- memcpy( cur->peer_cert.p,
- cur->session.peer_cert->raw.p,
- cur->session.peer_cert->raw.len );
+ memcpy(cur->peer_cert.p,
+ cur->session.peer_cert->raw.p,
+ cur->session.peer_cert->raw.len);
cur->peer_cert.len = session->peer_cert->raw.len;
- mbedtls_x509_crt_free( cur->session.peer_cert );
- mbedtls_free( cur->session.peer_cert );
+ mbedtls_x509_crt_free(cur->session.peer_cert);
+ mbedtls_free(cur->session.peer_cert);
cur->session.peer_cert = NULL;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -286,52 +272,56 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
exit:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
+ if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
ret = 1;
+ }
#endif
- return( ret );
+ return ret;
}
#if defined(MBEDTLS_HAVE_TIME)
-void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout )
+void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout)
{
- if( timeout < 0 ) timeout = 0;
+ if (timeout < 0) {
+ timeout = 0;
+ }
cache->timeout = timeout;
}
#endif /* MBEDTLS_HAVE_TIME */
-void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max )
+void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max)
{
- if( max < 0 ) max = 0;
+ if (max < 0) {
+ max = 0;
+ }
cache->max_entries = max;
}
-void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache )
+void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache)
{
mbedtls_ssl_cache_entry *cur, *prv;
cur = cache->chain;
- while( cur != NULL )
- {
+ while (cur != NULL) {
prv = cur;
cur = cur->next;
- mbedtls_ssl_session_free( &prv->session );
+ mbedtls_ssl_session_free(&prv->session);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
- defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_free( prv->peer_cert.p );
+ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_free(prv->peer_cert.p);
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- mbedtls_free( prv );
+ mbedtls_free(prv);
}
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free( &cache->mutex );
+ mbedtls_mutex_free(&cache->mutex);
#endif
cache->chain = NULL;
}