mirror of
https://github.com/cuberite/polarssl.git
synced 2025-11-03 20:22:59 -05:00
188 lines
6.0 KiB
C
188 lines
6.0 KiB
C
/**
|
|
* \file ssl_cache.h
|
|
*
|
|
* \brief SSL session cache implementation
|
|
*/
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
*/
|
|
#ifndef MBEDTLS_SSL_CACHE_H
|
|
#define MBEDTLS_SSL_CACHE_H
|
|
#include "mbedtls/private_access.h"
|
|
|
|
#include "mbedtls/build_info.h"
|
|
|
|
#include "mbedtls/ssl.h"
|
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
#include "mbedtls/threading.h"
|
|
#endif
|
|
|
|
/**
|
|
* \name SECTION: Module settings
|
|
*
|
|
* The configuration options you can set for this module are in this section.
|
|
* Either change them in mbedtls_config.h or define them on the compiler command line.
|
|
* \{
|
|
*/
|
|
|
|
#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
|
|
#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
|
|
#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */
|
|
#endif
|
|
|
|
/** \} name SECTION: Module settings */
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context;
|
|
typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
|
|
|
|
/**
|
|
* \brief This structure is used for storing cache entries
|
|
*/
|
|
struct mbedtls_ssl_cache_entry {
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */
|
|
#endif
|
|
|
|
unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */
|
|
size_t MBEDTLS_PRIVATE(session_id_len);
|
|
|
|
unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
|
|
size_t MBEDTLS_PRIVATE(session_len);
|
|
|
|
mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */
|
|
};
|
|
|
|
/**
|
|
* \brief Cache context
|
|
*/
|
|
struct mbedtls_ssl_cache_context {
|
|
mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */
|
|
int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */
|
|
int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
|
|
#endif
|
|
};
|
|
|
|
/**
|
|
* \brief Initialize an SSL cache context
|
|
*
|
|
* \param cache SSL cache context
|
|
*/
|
|
void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache);
|
|
|
|
/**
|
|
* \brief Cache get callback implementation
|
|
* (Thread-safe if MBEDTLS_THREADING_C is enabled)
|
|
*
|
|
* \param data The SSL cache context to use.
|
|
* \param session_id The pointer to the buffer holding the session ID
|
|
* for the session to load.
|
|
* \param session_id_len The length of \p session_id in bytes.
|
|
* \param session The address at which to store the session
|
|
* associated with \p session_id, if present.
|
|
*
|
|
* \return \c 0 on success.
|
|
* \return #MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND if there is
|
|
* no cache entry with specified session ID found, or
|
|
* any other negative error code for other failures.
|
|
*/
|
|
int mbedtls_ssl_cache_get(void *data,
|
|
unsigned char const *session_id,
|
|
size_t session_id_len,
|
|
mbedtls_ssl_session *session);
|
|
|
|
/**
|
|
* \brief Cache set callback implementation
|
|
* (Thread-safe if MBEDTLS_THREADING_C is enabled)
|
|
*
|
|
* \param data The SSL cache context to use.
|
|
* \param session_id The pointer to the buffer holding the session ID
|
|
* associated to \p session.
|
|
* \param session_id_len The length of \p session_id in bytes.
|
|
* \param session The session to store.
|
|
*
|
|
* \return \c 0 on success.
|
|
* \return A negative error code on failure.
|
|
*/
|
|
int mbedtls_ssl_cache_set(void *data,
|
|
unsigned char const *session_id,
|
|
size_t session_id_len,
|
|
const mbedtls_ssl_session *session);
|
|
|
|
/**
|
|
* \brief Remove the cache entry by the session ID
|
|
* (Thread-safe if MBEDTLS_THREADING_C is enabled)
|
|
*
|
|
* \param data The SSL cache context to use.
|
|
* \param session_id The pointer to the buffer holding the session ID
|
|
* associated to session.
|
|
* \param session_id_len The length of \p session_id in bytes.
|
|
*
|
|
* \return \c 0 on success. This indicates the cache entry for
|
|
* the session with provided ID is removed or does not
|
|
* exist.
|
|
* \return A negative error code on failure.
|
|
*/
|
|
int mbedtls_ssl_cache_remove(void *data,
|
|
unsigned char const *session_id,
|
|
size_t session_id_len);
|
|
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
/**
|
|
* \brief Set the cache timeout
|
|
* (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day))
|
|
*
|
|
* A timeout of 0 indicates no timeout.
|
|
*
|
|
* \param cache SSL cache context
|
|
* \param timeout cache entry timeout in seconds
|
|
*/
|
|
void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout);
|
|
|
|
/**
|
|
* \brief Get the cache timeout
|
|
*
|
|
* A timeout of 0 indicates no timeout.
|
|
*
|
|
* \param cache SSL cache context
|
|
*
|
|
* \return cache entry timeout in seconds
|
|
*/
|
|
static inline int mbedtls_ssl_cache_get_timeout(mbedtls_ssl_cache_context *cache)
|
|
{
|
|
return cache->MBEDTLS_PRIVATE(timeout);
|
|
}
|
|
#endif /* MBEDTLS_HAVE_TIME */
|
|
|
|
/**
|
|
* \brief Set the maximum number of cache entries
|
|
* (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
|
|
*
|
|
* \param cache SSL cache context
|
|
* \param max cache entry maximum
|
|
*/
|
|
void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max);
|
|
|
|
/**
|
|
* \brief Free referenced items in a cache context and clear memory
|
|
*
|
|
* \param cache SSL cache context
|
|
*/
|
|
void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* ssl_cache.h */
|