1 /** 2 * \file ssl_cache.h 3 * 4 * \brief SSL session cache implementation 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 */ 10 #ifndef MBEDTLS_SSL_CACHE_H 11 #define MBEDTLS_SSL_CACHE_H 12 13 #if !defined(MBEDTLS_CONFIG_FILE) 14 #include "mbedtls/config.h" 15 #else 16 #include MBEDTLS_CONFIG_FILE 17 #endif 18 19 #include "mbedtls/ssl.h" 20 21 #if defined(MBEDTLS_THREADING_C) 22 #include "mbedtls/threading.h" 23 #endif 24 25 /** 26 * \name SECTION: Module settings 27 * 28 * The configuration options you can set for this module are in this section. 29 * Either change them in config.h or define them on the compiler command line. 30 * \{ 31 */ 32 33 #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT) 34 #define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */ 35 #endif 36 37 #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES) 38 #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */ 39 #endif 40 41 /** \} name SECTION: Module settings */ 42 43 #ifdef __cplusplus 44 extern "C" { 45 #endif 46 47 typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context; 48 typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry; 49 50 /** 51 * \brief This structure is used for storing cache entries 52 */ 53 struct mbedtls_ssl_cache_entry { 54 #if defined(MBEDTLS_HAVE_TIME) 55 mbedtls_time_t timestamp; /*!< entry timestamp */ 56 #endif 57 mbedtls_ssl_session session; /*!< entry session */ 58 #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ 59 defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) 60 mbedtls_x509_buf peer_cert; /*!< entry peer_cert */ 61 #endif 62 mbedtls_ssl_cache_entry *next; /*!< chain pointer */ 63 }; 64 65 /** 66 * \brief Cache context 67 */ 68 struct mbedtls_ssl_cache_context { 69 mbedtls_ssl_cache_entry *chain; /*!< start of the chain */ 70 int timeout; /*!< cache entry timeout */ 71 int max_entries; /*!< maximum entries */ 72 #if defined(MBEDTLS_THREADING_C) 73 mbedtls_threading_mutex_t mutex; /*!< mutex */ 74 #endif 75 }; 76 77 /** 78 * \brief Initialize an SSL cache context 79 * 80 * \param cache SSL cache context 81 */ 82 void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache); 83 84 /** 85 * \brief Cache get callback implementation 86 * (Thread-safe if MBEDTLS_THREADING_C is enabled) 87 * 88 * \param data SSL cache context 89 * \param session session to retrieve entry for 90 * 91 * \return \c 0 on success. 92 * \return #MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND if there is 93 * no cache entry with specified session ID found, or 94 * any other negative error code for other failures. 95 */ 96 int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session); 97 98 /** 99 * \brief Cache set callback implementation 100 * (Thread-safe if MBEDTLS_THREADING_C is enabled) 101 * 102 * \param data SSL cache context 103 * \param session session to store entry for 104 * 105 * \return \c 0 on success. 106 * \return A negative error code on failure. 107 */ 108 int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session); 109 110 #if defined(MBEDTLS_HAVE_TIME) 111 /** 112 * \brief Set the cache timeout 113 * (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day)) 114 * 115 * A timeout of 0 indicates no timeout. 116 * 117 * \param cache SSL cache context 118 * \param timeout cache entry timeout in seconds 119 */ 120 void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout); 121 #endif /* MBEDTLS_HAVE_TIME */ 122 123 /** 124 * \brief Set the maximum number of cache entries 125 * (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50)) 126 * 127 * \param cache SSL cache context 128 * \param max cache entry maximum 129 */ 130 void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max); 131 132 /** 133 * \brief Free referenced items in a cache context and clear memory 134 * 135 * \param cache SSL cache context 136 */ 137 void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache); 138 139 #ifdef __cplusplus 140 } 141 #endif 142 143 #endif /* ssl_cache.h */ 144