mbed-os5 only for TYBLE16

Dependents:   TYBLE16_simple_data_logger TYBLE16_MP3_Air

Committer:
kenjiArai
Date:
Tue Dec 31 06:02:27 2019 +0000
Revision:
1:9db0e321a9f4
Parent:
0:5b88d5760320
updated based on mbed-os5.15.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
kenjiArai 0:5b88d5760320 1 /*
kenjiArai 0:5b88d5760320 2 * SSL session cache implementation
kenjiArai 0:5b88d5760320 3 *
kenjiArai 0:5b88d5760320 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
kenjiArai 0:5b88d5760320 5 * SPDX-License-Identifier: Apache-2.0
kenjiArai 0:5b88d5760320 6 *
kenjiArai 0:5b88d5760320 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
kenjiArai 0:5b88d5760320 8 * not use this file except in compliance with the License.
kenjiArai 0:5b88d5760320 9 * You may obtain a copy of the License at
kenjiArai 0:5b88d5760320 10 *
kenjiArai 0:5b88d5760320 11 * http://www.apache.org/licenses/LICENSE-2.0
kenjiArai 0:5b88d5760320 12 *
kenjiArai 0:5b88d5760320 13 * Unless required by applicable law or agreed to in writing, software
kenjiArai 0:5b88d5760320 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
kenjiArai 0:5b88d5760320 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
kenjiArai 0:5b88d5760320 16 * See the License for the specific language governing permissions and
kenjiArai 0:5b88d5760320 17 * limitations under the License.
kenjiArai 0:5b88d5760320 18 *
kenjiArai 0:5b88d5760320 19 * This file is part of mbed TLS (https://tls.mbed.org)
kenjiArai 0:5b88d5760320 20 */
kenjiArai 0:5b88d5760320 21 /*
kenjiArai 0:5b88d5760320 22 * These session callbacks use a simple chained list
kenjiArai 0:5b88d5760320 23 * to store and retrieve the session information.
kenjiArai 0:5b88d5760320 24 */
kenjiArai 0:5b88d5760320 25
kenjiArai 0:5b88d5760320 26 #if !defined(MBEDTLS_CONFIG_FILE)
kenjiArai 0:5b88d5760320 27 #include "mbedtls/config.h"
kenjiArai 0:5b88d5760320 28 #else
kenjiArai 0:5b88d5760320 29 #include MBEDTLS_CONFIG_FILE
kenjiArai 0:5b88d5760320 30 #endif
kenjiArai 0:5b88d5760320 31
kenjiArai 0:5b88d5760320 32 #if defined(MBEDTLS_SSL_CACHE_C)
kenjiArai 0:5b88d5760320 33
kenjiArai 0:5b88d5760320 34 #if defined(MBEDTLS_PLATFORM_C)
kenjiArai 0:5b88d5760320 35 #include "mbedtls/platform.h"
kenjiArai 0:5b88d5760320 36 #else
kenjiArai 0:5b88d5760320 37 #include <stdlib.h>
kenjiArai 0:5b88d5760320 38 #define mbedtls_calloc calloc
kenjiArai 0:5b88d5760320 39 #define mbedtls_free free
kenjiArai 0:5b88d5760320 40 #endif
kenjiArai 0:5b88d5760320 41
kenjiArai 0:5b88d5760320 42 #include "mbedtls/ssl_cache.h"
kenjiArai 0:5b88d5760320 43 #include "mbedtls/ssl_internal.h"
kenjiArai 0:5b88d5760320 44
kenjiArai 0:5b88d5760320 45 #include <string.h>
kenjiArai 0:5b88d5760320 46
kenjiArai 0:5b88d5760320 47 void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache )
kenjiArai 0:5b88d5760320 48 {
kenjiArai 0:5b88d5760320 49 memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) );
kenjiArai 0:5b88d5760320 50
kenjiArai 0:5b88d5760320 51 cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT;
kenjiArai 0:5b88d5760320 52 cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES;
kenjiArai 0:5b88d5760320 53
kenjiArai 0:5b88d5760320 54 #if defined(MBEDTLS_THREADING_C)
kenjiArai 0:5b88d5760320 55 mbedtls_mutex_init( &cache->mutex );
kenjiArai 0:5b88d5760320 56 #endif
kenjiArai 0:5b88d5760320 57 }
kenjiArai 0:5b88d5760320 58
kenjiArai 0:5b88d5760320 59 int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
kenjiArai 0:5b88d5760320 60 {
kenjiArai 0:5b88d5760320 61 int ret = 1;
kenjiArai 0:5b88d5760320 62 #if defined(MBEDTLS_HAVE_TIME)
kenjiArai 0:5b88d5760320 63 mbedtls_time_t t = mbedtls_time( NULL );
kenjiArai 0:5b88d5760320 64 #endif
kenjiArai 0:5b88d5760320 65 mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
kenjiArai 0:5b88d5760320 66 mbedtls_ssl_cache_entry *cur, *entry;
kenjiArai 0:5b88d5760320 67
kenjiArai 0:5b88d5760320 68 #if defined(MBEDTLS_THREADING_C)
kenjiArai 0:5b88d5760320 69 if( mbedtls_mutex_lock( &cache->mutex ) != 0 )
kenjiArai 0:5b88d5760320 70 return( 1 );
kenjiArai 0:5b88d5760320 71 #endif
kenjiArai 0:5b88d5760320 72
kenjiArai 0:5b88d5760320 73 cur = cache->chain;
kenjiArai 0:5b88d5760320 74 entry = NULL;
kenjiArai 0:5b88d5760320 75
kenjiArai 0:5b88d5760320 76 while( cur != NULL )
kenjiArai 0:5b88d5760320 77 {
kenjiArai 0:5b88d5760320 78 entry = cur;
kenjiArai 0:5b88d5760320 79 cur = cur->next;
kenjiArai 0:5b88d5760320 80
kenjiArai 0:5b88d5760320 81 #if defined(MBEDTLS_HAVE_TIME)
kenjiArai 0:5b88d5760320 82 if( cache->timeout != 0 &&
kenjiArai 0:5b88d5760320 83 (int) ( t - entry->timestamp ) > cache->timeout )
kenjiArai 0:5b88d5760320 84 continue;
kenjiArai 0:5b88d5760320 85 #endif
kenjiArai 0:5b88d5760320 86
kenjiArai 0:5b88d5760320 87 if( session->ciphersuite != entry->session.ciphersuite ||
kenjiArai 0:5b88d5760320 88 session->compression != entry->session.compression ||
kenjiArai 0:5b88d5760320 89 session->id_len != entry->session.id_len )
kenjiArai 0:5b88d5760320 90 continue;
kenjiArai 0:5b88d5760320 91
kenjiArai 0:5b88d5760320 92 if( memcmp( session->id, entry->session.id,
kenjiArai 0:5b88d5760320 93 entry->session.id_len ) != 0 )
kenjiArai 0:5b88d5760320 94 continue;
kenjiArai 0:5b88d5760320 95
kenjiArai 0:5b88d5760320 96 ret = mbedtls_ssl_session_copy( session, &entry->session );
kenjiArai 0:5b88d5760320 97 if( ret != 0 )
kenjiArai 0:5b88d5760320 98 {
kenjiArai 0:5b88d5760320 99 ret = 1;
kenjiArai 0:5b88d5760320 100 goto exit;
kenjiArai 0:5b88d5760320 101 }
kenjiArai 0:5b88d5760320 102
kenjiArai 0:5b88d5760320 103 #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
kenjiArai 0:5b88d5760320 104 defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
kenjiArai 0:5b88d5760320 105 /*
kenjiArai 0:5b88d5760320 106 * Restore peer certificate (without rest of the original chain)
kenjiArai 0:5b88d5760320 107 */
kenjiArai 0:5b88d5760320 108 if( entry->peer_cert.p != NULL )
kenjiArai 0:5b88d5760320 109 {
kenjiArai 0:5b88d5760320 110 /* `session->peer_cert` is NULL after the call to
kenjiArai 0:5b88d5760320 111 * mbedtls_ssl_session_copy(), because cache entries
kenjiArai 0:5b88d5760320 112 * have the `peer_cert` field set to NULL. */
kenjiArai 0:5b88d5760320 113
kenjiArai 0:5b88d5760320 114 if( ( session->peer_cert = mbedtls_calloc( 1,
kenjiArai 0:5b88d5760320 115 sizeof(mbedtls_x509_crt) ) ) == NULL )
kenjiArai 0:5b88d5760320 116 {
kenjiArai 0:5b88d5760320 117 ret = 1;
kenjiArai 0:5b88d5760320 118 goto exit;
kenjiArai 0:5b88d5760320 119 }
kenjiArai 0:5b88d5760320 120
kenjiArai 0:5b88d5760320 121 mbedtls_x509_crt_init( session->peer_cert );
kenjiArai 0:5b88d5760320 122 if( mbedtls_x509_crt_parse( session->peer_cert, entry->peer_cert.p,
kenjiArai 0:5b88d5760320 123 entry->peer_cert.len ) != 0 )
kenjiArai 0:5b88d5760320 124 {
kenjiArai 0:5b88d5760320 125 mbedtls_free( session->peer_cert );
kenjiArai 0:5b88d5760320 126 session->peer_cert = NULL;
kenjiArai 0:5b88d5760320 127 ret = 1;
kenjiArai 0:5b88d5760320 128 goto exit;
kenjiArai 0:5b88d5760320 129 }
kenjiArai 0:5b88d5760320 130 }
kenjiArai 0:5b88d5760320 131 #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
kenjiArai 0:5b88d5760320 132
kenjiArai 0:5b88d5760320 133 ret = 0;
kenjiArai 0:5b88d5760320 134 goto exit;
kenjiArai 0:5b88d5760320 135 }
kenjiArai 0:5b88d5760320 136
kenjiArai 0:5b88d5760320 137 exit:
kenjiArai 0:5b88d5760320 138 #if defined(MBEDTLS_THREADING_C)
kenjiArai 0:5b88d5760320 139 if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
kenjiArai 0:5b88d5760320 140 ret = 1;
kenjiArai 0:5b88d5760320 141 #endif
kenjiArai 0:5b88d5760320 142
kenjiArai 0:5b88d5760320 143 return( ret );
kenjiArai 0:5b88d5760320 144 }
kenjiArai 0:5b88d5760320 145
kenjiArai 0:5b88d5760320 146 int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
kenjiArai 0:5b88d5760320 147 {
kenjiArai 0:5b88d5760320 148 int ret = 1;
kenjiArai 0:5b88d5760320 149 #if defined(MBEDTLS_HAVE_TIME)
kenjiArai 0:5b88d5760320 150 mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0;
kenjiArai 0:5b88d5760320 151 mbedtls_ssl_cache_entry *old = NULL;
kenjiArai 0:5b88d5760320 152 #endif
kenjiArai 0:5b88d5760320 153 mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
kenjiArai 0:5b88d5760320 154 mbedtls_ssl_cache_entry *cur, *prv;
kenjiArai 0:5b88d5760320 155 int count = 0;
kenjiArai 0:5b88d5760320 156
kenjiArai 0:5b88d5760320 157 #if defined(MBEDTLS_THREADING_C)
kenjiArai 0:5b88d5760320 158 if( ( ret = mbedtls_mutex_lock( &cache->mutex ) ) != 0 )
kenjiArai 0:5b88d5760320 159 return( ret );
kenjiArai 0:5b88d5760320 160 #endif
kenjiArai 0:5b88d5760320 161
kenjiArai 0:5b88d5760320 162 cur = cache->chain;
kenjiArai 0:5b88d5760320 163 prv = NULL;
kenjiArai 0:5b88d5760320 164
kenjiArai 0:5b88d5760320 165 while( cur != NULL )
kenjiArai 0:5b88d5760320 166 {
kenjiArai 0:5b88d5760320 167 count++;
kenjiArai 0:5b88d5760320 168
kenjiArai 0:5b88d5760320 169 #if defined(MBEDTLS_HAVE_TIME)
kenjiArai 0:5b88d5760320 170 if( cache->timeout != 0 &&
kenjiArai 0:5b88d5760320 171 (int) ( t - cur->timestamp ) > cache->timeout )
kenjiArai 0:5b88d5760320 172 {
kenjiArai 0:5b88d5760320 173 cur->timestamp = t;
kenjiArai 0:5b88d5760320 174 break; /* expired, reuse this slot, update timestamp */
kenjiArai 0:5b88d5760320 175 }
kenjiArai 0:5b88d5760320 176 #endif
kenjiArai 0:5b88d5760320 177
kenjiArai 0:5b88d5760320 178 if( memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 )
kenjiArai 0:5b88d5760320 179 break; /* client reconnected, keep timestamp for session id */
kenjiArai 0:5b88d5760320 180
kenjiArai 0:5b88d5760320 181 #if defined(MBEDTLS_HAVE_TIME)
kenjiArai 0:5b88d5760320 182 if( oldest == 0 || cur->timestamp < oldest )
kenjiArai 0:5b88d5760320 183 {
kenjiArai 0:5b88d5760320 184 oldest = cur->timestamp;
kenjiArai 0:5b88d5760320 185 old = cur;
kenjiArai 0:5b88d5760320 186 }
kenjiArai 0:5b88d5760320 187 #endif
kenjiArai 0:5b88d5760320 188
kenjiArai 0:5b88d5760320 189 prv = cur;
kenjiArai 0:5b88d5760320 190 cur = cur->next;
kenjiArai 0:5b88d5760320 191 }
kenjiArai 0:5b88d5760320 192
kenjiArai 0:5b88d5760320 193 if( cur == NULL )
kenjiArai 0:5b88d5760320 194 {
kenjiArai 0:5b88d5760320 195 #if defined(MBEDTLS_HAVE_TIME)
kenjiArai 0:5b88d5760320 196 /*
kenjiArai 0:5b88d5760320 197 * Reuse oldest entry if max_entries reached
kenjiArai 0:5b88d5760320 198 */
kenjiArai 0:5b88d5760320 199 if( count >= cache->max_entries )
kenjiArai 0:5b88d5760320 200 {
kenjiArai 0:5b88d5760320 201 if( old == NULL )
kenjiArai 0:5b88d5760320 202 {
kenjiArai 0:5b88d5760320 203 ret = 1;
kenjiArai 0:5b88d5760320 204 goto exit;
kenjiArai 0:5b88d5760320 205 }
kenjiArai 0:5b88d5760320 206
kenjiArai 0:5b88d5760320 207 cur = old;
kenjiArai 0:5b88d5760320 208 }
kenjiArai 0:5b88d5760320 209 #else /* MBEDTLS_HAVE_TIME */
kenjiArai 0:5b88d5760320 210 /*
kenjiArai 0:5b88d5760320 211 * Reuse first entry in chain if max_entries reached,
kenjiArai 0:5b88d5760320 212 * but move to last place
kenjiArai 0:5b88d5760320 213 */
kenjiArai 0:5b88d5760320 214 if( count >= cache->max_entries )
kenjiArai 0:5b88d5760320 215 {
kenjiArai 0:5b88d5760320 216 if( cache->chain == NULL )
kenjiArai 0:5b88d5760320 217 {
kenjiArai 0:5b88d5760320 218 ret = 1;
kenjiArai 0:5b88d5760320 219 goto exit;
kenjiArai 0:5b88d5760320 220 }
kenjiArai 0:5b88d5760320 221
kenjiArai 0:5b88d5760320 222 cur = cache->chain;
kenjiArai 0:5b88d5760320 223 cache->chain = cur->next;
kenjiArai 0:5b88d5760320 224 cur->next = NULL;
kenjiArai 0:5b88d5760320 225 prv->next = cur;
kenjiArai 0:5b88d5760320 226 }
kenjiArai 0:5b88d5760320 227 #endif /* MBEDTLS_HAVE_TIME */
kenjiArai 0:5b88d5760320 228 else
kenjiArai 0:5b88d5760320 229 {
kenjiArai 0:5b88d5760320 230 /*
kenjiArai 0:5b88d5760320 231 * max_entries not reached, create new entry
kenjiArai 0:5b88d5760320 232 */
kenjiArai 0:5b88d5760320 233 cur = mbedtls_calloc( 1, sizeof(mbedtls_ssl_cache_entry) );
kenjiArai 0:5b88d5760320 234 if( cur == NULL )
kenjiArai 0:5b88d5760320 235 {
kenjiArai 0:5b88d5760320 236 ret = 1;
kenjiArai 0:5b88d5760320 237 goto exit;
kenjiArai 0:5b88d5760320 238 }
kenjiArai 0:5b88d5760320 239
kenjiArai 0:5b88d5760320 240 if( prv == NULL )
kenjiArai 0:5b88d5760320 241 cache->chain = cur;
kenjiArai 0:5b88d5760320 242 else
kenjiArai 0:5b88d5760320 243 prv->next = cur;
kenjiArai 0:5b88d5760320 244 }
kenjiArai 0:5b88d5760320 245
kenjiArai 0:5b88d5760320 246 #if defined(MBEDTLS_HAVE_TIME)
kenjiArai 0:5b88d5760320 247 cur->timestamp = t;
kenjiArai 0:5b88d5760320 248 #endif
kenjiArai 0:5b88d5760320 249 }
kenjiArai 0:5b88d5760320 250
kenjiArai 0:5b88d5760320 251 #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
kenjiArai 0:5b88d5760320 252 defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
kenjiArai 0:5b88d5760320 253 /*
kenjiArai 0:5b88d5760320 254 * If we're reusing an entry, free its certificate first
kenjiArai 0:5b88d5760320 255 */
kenjiArai 0:5b88d5760320 256 if( cur->peer_cert.p != NULL )
kenjiArai 0:5b88d5760320 257 {
kenjiArai 0:5b88d5760320 258 mbedtls_free( cur->peer_cert.p );
kenjiArai 0:5b88d5760320 259 memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) );
kenjiArai 0:5b88d5760320 260 }
kenjiArai 0:5b88d5760320 261 #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
kenjiArai 0:5b88d5760320 262
kenjiArai 0:5b88d5760320 263 /* Copy the entire session; this temporarily makes a copy of the
kenjiArai 0:5b88d5760320 264 * X.509 CRT structure even though we only want to store the raw CRT.
kenjiArai 0:5b88d5760320 265 * This inefficiency will go away as soon as we implement on-demand
kenjiArai 0:5b88d5760320 266 * parsing of CRTs, in which case there's no need for the `peer_cert`
kenjiArai 0:5b88d5760320 267 * field anymore in the first place, and we're done after this call. */
kenjiArai 0:5b88d5760320 268 ret = mbedtls_ssl_session_copy( &cur->session, session );
kenjiArai 0:5b88d5760320 269 if( ret != 0 )
kenjiArai 0:5b88d5760320 270 {
kenjiArai 0:5b88d5760320 271 ret = 1;
kenjiArai 0:5b88d5760320 272 goto exit;
kenjiArai 0:5b88d5760320 273 }
kenjiArai 0:5b88d5760320 274
kenjiArai 0:5b88d5760320 275 #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
kenjiArai 0:5b88d5760320 276 defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
kenjiArai 0:5b88d5760320 277 /* If present, free the X.509 structure and only store the raw CRT data. */
kenjiArai 0:5b88d5760320 278 if( cur->session.peer_cert != NULL )
kenjiArai 0:5b88d5760320 279 {
kenjiArai 0:5b88d5760320 280 cur->peer_cert.p =
kenjiArai 0:5b88d5760320 281 mbedtls_calloc( 1, cur->session.peer_cert->raw.len );
kenjiArai 0:5b88d5760320 282 if( cur->peer_cert.p == NULL )
kenjiArai 0:5b88d5760320 283 {
kenjiArai 0:5b88d5760320 284 ret = 1;
kenjiArai 0:5b88d5760320 285 goto exit;
kenjiArai 0:5b88d5760320 286 }
kenjiArai 0:5b88d5760320 287
kenjiArai 0:5b88d5760320 288 memcpy( cur->peer_cert.p,
kenjiArai 0:5b88d5760320 289 cur->session.peer_cert->raw.p,
kenjiArai 0:5b88d5760320 290 cur->session.peer_cert->raw.len );
kenjiArai 0:5b88d5760320 291 cur->peer_cert.len = session->peer_cert->raw.len;
kenjiArai 0:5b88d5760320 292
kenjiArai 0:5b88d5760320 293 mbedtls_x509_crt_free( cur->session.peer_cert );
kenjiArai 0:5b88d5760320 294 mbedtls_free( cur->session.peer_cert );
kenjiArai 0:5b88d5760320 295 cur->session.peer_cert = NULL;
kenjiArai 0:5b88d5760320 296 }
kenjiArai 0:5b88d5760320 297 #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
kenjiArai 0:5b88d5760320 298
kenjiArai 0:5b88d5760320 299 ret = 0;
kenjiArai 0:5b88d5760320 300
kenjiArai 0:5b88d5760320 301 exit:
kenjiArai 0:5b88d5760320 302 #if defined(MBEDTLS_THREADING_C)
kenjiArai 0:5b88d5760320 303 if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
kenjiArai 0:5b88d5760320 304 ret = 1;
kenjiArai 0:5b88d5760320 305 #endif
kenjiArai 0:5b88d5760320 306
kenjiArai 0:5b88d5760320 307 return( ret );
kenjiArai 0:5b88d5760320 308 }
kenjiArai 0:5b88d5760320 309
kenjiArai 0:5b88d5760320 310 #if defined(MBEDTLS_HAVE_TIME)
kenjiArai 0:5b88d5760320 311 void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout )
kenjiArai 0:5b88d5760320 312 {
kenjiArai 0:5b88d5760320 313 if( timeout < 0 ) timeout = 0;
kenjiArai 0:5b88d5760320 314
kenjiArai 0:5b88d5760320 315 cache->timeout = timeout;
kenjiArai 0:5b88d5760320 316 }
kenjiArai 0:5b88d5760320 317 #endif /* MBEDTLS_HAVE_TIME */
kenjiArai 0:5b88d5760320 318
kenjiArai 0:5b88d5760320 319 void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max )
kenjiArai 0:5b88d5760320 320 {
kenjiArai 0:5b88d5760320 321 if( max < 0 ) max = 0;
kenjiArai 0:5b88d5760320 322
kenjiArai 0:5b88d5760320 323 cache->max_entries = max;
kenjiArai 0:5b88d5760320 324 }
kenjiArai 0:5b88d5760320 325
kenjiArai 0:5b88d5760320 326 void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache )
kenjiArai 0:5b88d5760320 327 {
kenjiArai 0:5b88d5760320 328 mbedtls_ssl_cache_entry *cur, *prv;
kenjiArai 0:5b88d5760320 329
kenjiArai 0:5b88d5760320 330 cur = cache->chain;
kenjiArai 0:5b88d5760320 331
kenjiArai 0:5b88d5760320 332 while( cur != NULL )
kenjiArai 0:5b88d5760320 333 {
kenjiArai 0:5b88d5760320 334 prv = cur;
kenjiArai 0:5b88d5760320 335 cur = cur->next;
kenjiArai 0:5b88d5760320 336
kenjiArai 0:5b88d5760320 337 mbedtls_ssl_session_free( &prv->session );
kenjiArai 0:5b88d5760320 338
kenjiArai 0:5b88d5760320 339 #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
kenjiArai 0:5b88d5760320 340 defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
kenjiArai 0:5b88d5760320 341 mbedtls_free( prv->peer_cert.p );
kenjiArai 0:5b88d5760320 342 #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
kenjiArai 0:5b88d5760320 343
kenjiArai 0:5b88d5760320 344 mbedtls_free( prv );
kenjiArai 0:5b88d5760320 345 }
kenjiArai 0:5b88d5760320 346
kenjiArai 0:5b88d5760320 347 #if defined(MBEDTLS_THREADING_C)
kenjiArai 0:5b88d5760320 348 mbedtls_mutex_free( &cache->mutex );
kenjiArai 0:5b88d5760320 349 #endif
kenjiArai 0:5b88d5760320 350 cache->chain = NULL;
kenjiArai 0:5b88d5760320 351 }
kenjiArai 0:5b88d5760320 352
kenjiArai 0:5b88d5760320 353 #endif /* MBEDTLS_SSL_CACHE_C */