| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187 |
- /**
- * \file ssl_cache.h
- *
- * \brief SSL session cache implementation
- */
- /*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
- #ifndef MBEDTLS_SSL_CACHE_H
- #define MBEDTLS_SSL_CACHE_H
- #include "mbedtls/private_access.h"
- #include "mbedtls/build_info.h"
- #include "mbedtls/ssl.h"
- #if defined(MBEDTLS_THREADING_C)
- #include "mbedtls/threading.h"
- #endif
- /**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
- * \{
- */
- #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
- #define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */
- #endif
- #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
- #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */
- #endif
- /** \} name SECTION: Module settings */
- #ifdef __cplusplus
- extern "C" {
- #endif
- typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context;
- typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
- /**
- * \brief This structure is used for storing cache entries
- */
- struct mbedtls_ssl_cache_entry {
- #if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */
- #endif
- unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */
- size_t MBEDTLS_PRIVATE(session_id_len);
- unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
- size_t MBEDTLS_PRIVATE(session_len);
- mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */
- };
- /**
- * \brief Cache context
- */
- struct mbedtls_ssl_cache_context {
- mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */
- int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */
- int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */
- #if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
- #endif
- };
- /**
- * \brief Initialize an SSL cache context
- *
- * \param cache SSL cache context
- */
- void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache);
- /**
- * \brief Cache get callback implementation
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data The SSL cache context to use.
- * \param session_id The pointer to the buffer holding the session ID
- * for the session to load.
- * \param session_id_len The length of \p session_id in bytes.
- * \param session The address at which to store the session
- * associated with \p session_id, if present.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND if there is
- * no cache entry with specified session ID found, or
- * any other negative error code for other failures.
- */
- int mbedtls_ssl_cache_get(void *data,
- unsigned char const *session_id,
- size_t session_id_len,
- mbedtls_ssl_session *session);
- /**
- * \brief Cache set callback implementation
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data The SSL cache context to use.
- * \param session_id The pointer to the buffer holding the session ID
- * associated to \p session.
- * \param session_id_len The length of \p session_id in bytes.
- * \param session The session to store.
- *
- * \return \c 0 on success.
- * \return A negative error code on failure.
- */
- int mbedtls_ssl_cache_set(void *data,
- unsigned char const *session_id,
- size_t session_id_len,
- const mbedtls_ssl_session *session);
- /**
- * \brief Remove the cache entry by the session ID
- * (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data The SSL cache context to use.
- * \param session_id The pointer to the buffer holding the session ID
- * associated to session.
- * \param session_id_len The length of \p session_id in bytes.
- *
- * \return \c 0 on success. This indicates the cache entry for
- * the session with provided ID is removed or does not
- * exist.
- * \return A negative error code on failure.
- */
- int mbedtls_ssl_cache_remove(void *data,
- unsigned char const *session_id,
- size_t session_id_len);
- #if defined(MBEDTLS_HAVE_TIME)
- /**
- * \brief Set the cache timeout
- * (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day))
- *
- * A timeout of 0 indicates no timeout.
- *
- * \param cache SSL cache context
- * \param timeout cache entry timeout in seconds
- */
- void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout);
- /**
- * \brief Get the cache timeout
- *
- * A timeout of 0 indicates no timeout.
- *
- * \param cache SSL cache context
- *
- * \return cache entry timeout in seconds
- */
- static inline int mbedtls_ssl_cache_get_timeout(mbedtls_ssl_cache_context *cache)
- {
- return cache->MBEDTLS_PRIVATE(timeout);
- }
- #endif /* MBEDTLS_HAVE_TIME */
- /**
- * \brief Set the maximum number of cache entries
- * (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
- *
- * \param cache SSL cache context
- * \param max cache entry maximum
- */
- void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max);
- /**
- * \brief Free referenced items in a cache context and clear memory
- *
- * \param cache SSL cache context
- */
- void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache);
- #ifdef __cplusplus
- }
- #endif
- #endif /* ssl_cache.h */
|
