Hannes Tschofenig
Example program to test AES-GCM functionality. Used for a workshop
Embed:
(wiki syntax)
Show/hide line numbers
ssl_cache.c
00001 /* 00002 * SSL session cache implementation 00003 * 00004 * Copyright (C) 2006-2014, Brainspark B.V. 00005 * 00006 * This file is part of PolarSSL (http://www.polarssl.org) 00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00008 * 00009 * All rights reserved. 00010 * 00011 * This program is free software; you can redistribute it and/or modify 00012 * it under the terms of the GNU General Public License as published by 00013 * the Free Software Foundation; either version 2 of the License, or 00014 * (at your option) any later version. 00015 * 00016 * This program is distributed in the hope that it will be useful, 00017 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00018 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00019 * GNU General Public License for more details. 00020 * 00021 * You should have received a copy of the GNU General Public License along 00022 * with this program; if not, write to the Free Software Foundation, Inc., 00023 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00024 */ 00025 /* 00026 * These session callbacks use a simple chained list 00027 * to store and retrieve the session information. 00028 */ 00029 00030 #if !defined(POLARSSL_CONFIG_FILE) 00031 #include "polarssl/config.h" 00032 #else 00033 #include POLARSSL_CONFIG_FILE 00034 #endif 00035 00036 #if defined(POLARSSL_SSL_CACHE_C) 00037 00038 #include "polarssl/ssl_cache.h" 00039 00040 #if defined(POLARSSL_PLATFORM_C) 00041 #include "polarssl/platform.h" 00042 #else 00043 #define polarssl_malloc malloc 00044 #define polarssl_free free 00045 #endif 00046 00047 #include <stdlib.h> 00048 00049 void ssl_cache_init( ssl_cache_context *cache ) 00050 { 00051 memset( cache, 0, sizeof( ssl_cache_context ) ); 00052 00053 cache->timeout = SSL_CACHE_DEFAULT_TIMEOUT; 00054 cache->max_entries = SSL_CACHE_DEFAULT_MAX_ENTRIES; 00055 00056 #if defined(POLARSSL_THREADING_C) 00057 polarssl_mutex_init( &cache->mutex ); 00058 #endif 00059 } 00060 00061 int ssl_cache_get( void *data, ssl_session *session ) 00062 { 00063 int ret = 1; 00064 #if defined(POLARSSL_HAVE_TIME) 00065 time_t t = time( NULL ); 00066 #endif 00067 ssl_cache_context *cache = (ssl_cache_context *) data; 00068 ssl_cache_entry *cur, *entry; 00069 00070 #if defined(POLARSSL_THREADING_C) 00071 if( polarssl_mutex_lock( &cache->mutex ) != 0 ) 00072 return( 1 ); 00073 #endif 00074 00075 cur = cache->chain ; 00076 entry = NULL; 00077 00078 while( cur != NULL ) 00079 { 00080 entry = cur; 00081 cur = cur->next ; 00082 00083 #if defined(POLARSSL_HAVE_TIME) 00084 if( cache->timeout != 0 && 00085 (int) ( t - entry->timestamp ) > cache->timeout ) 00086 continue; 00087 #endif 00088 00089 if( session->ciphersuite != entry->session .ciphersuite || 00090 session->compression != entry->session .compression || 00091 session->length != entry->session .length ) 00092 continue; 00093 00094 if( memcmp( session->id, entry->session .id, 00095 entry->session .length ) != 0 ) 00096 continue; 00097 00098 memcpy( session->master, entry->session .master, 48 ); 00099 00100 session->verify_result = entry->session .verify_result; 00101 00102 #if defined(POLARSSL_X509_CRT_PARSE_C) 00103 /* 00104 * Restore peer certificate (without rest of the original chain) 00105 */ 00106 if( entry->peer_cert .p != NULL ) 00107 { 00108 session->peer_cert = 00109 (x509_crt *) polarssl_malloc( sizeof(x509_crt) ); 00110 00111 if( session->peer_cert == NULL ) 00112 { 00113 ret = 1; 00114 goto exit; 00115 } 00116 00117 x509_crt_init( session->peer_cert ); 00118 if( x509_crt_parse( session->peer_cert, entry->peer_cert .p, 00119 entry->peer_cert .len ) != 0 ) 00120 { 00121 polarssl_free( session->peer_cert ); 00122 session->peer_cert = NULL; 00123 ret = 1; 00124 goto exit; 00125 } 00126 } 00127 #endif /* POLARSSL_X509_CRT_PARSE_C */ 00128 00129 ret = 0; 00130 goto exit; 00131 } 00132 00133 exit: 00134 #if defined(POLARSSL_THREADING_C) 00135 if( polarssl_mutex_unlock( &cache->mutex ) != 0 ) 00136 ret = 1; 00137 #endif 00138 00139 return( ret ); 00140 } 00141 00142 int ssl_cache_set( void *data, const ssl_session *session ) 00143 { 00144 int ret = 1; 00145 #if defined(POLARSSL_HAVE_TIME) 00146 time_t t = time( NULL ), oldest = 0; 00147 ssl_cache_entry *old = NULL; 00148 #endif 00149 ssl_cache_context *cache = (ssl_cache_context *) data; 00150 ssl_cache_entry *cur, *prv; 00151 int count = 0; 00152 00153 #if defined(POLARSSL_THREADING_C) 00154 if( ( ret = polarssl_mutex_lock( &cache->mutex ) ) != 0 ) 00155 return( ret ); 00156 #endif 00157 00158 cur = cache->chain ; 00159 prv = NULL; 00160 00161 while( cur != NULL ) 00162 { 00163 count++; 00164 00165 #if defined(POLARSSL_HAVE_TIME) 00166 if( cache->timeout != 0 && 00167 (int) ( t - cur->timestamp ) > cache->timeout ) 00168 { 00169 cur->timestamp = t; 00170 break; /* expired, reuse this slot, update timestamp */ 00171 } 00172 #endif 00173 00174 if( memcmp( session->id, cur->session .id, cur->session .length ) == 0 ) 00175 break; /* client reconnected, keep timestamp for session id */ 00176 00177 #if defined(POLARSSL_HAVE_TIME) 00178 if( oldest == 0 || cur->timestamp < oldest ) 00179 { 00180 oldest = cur->timestamp ; 00181 old = cur; 00182 } 00183 #endif 00184 00185 prv = cur; 00186 cur = cur->next ; 00187 } 00188 00189 if( cur == NULL ) 00190 { 00191 #if defined(POLARSSL_HAVE_TIME) 00192 /* 00193 * Reuse oldest entry if max_entries reached 00194 */ 00195 if( count >= cache->max_entries ) 00196 { 00197 if( old == NULL ) 00198 { 00199 ret = 1; 00200 goto exit; 00201 } 00202 00203 cur = old; 00204 } 00205 #else /* POLARSSL_HAVE_TIME */ 00206 /* 00207 * Reuse first entry in chain if max_entries reached, 00208 * but move to last place 00209 */ 00210 if( count >= cache->max_entries ) 00211 { 00212 if( cache->chain == NULL ) 00213 { 00214 ret = 1; 00215 goto exit; 00216 } 00217 00218 cur = cache->chain ; 00219 cache->chain = cur->next ; 00220 cur->next = NULL; 00221 prv->next = cur; 00222 } 00223 #endif /* POLARSSL_HAVE_TIME */ 00224 else 00225 { 00226 /* 00227 * max_entries not reached, create new entry 00228 */ 00229 cur = (ssl_cache_entry *) 00230 polarssl_malloc( sizeof(ssl_cache_entry) ); 00231 if( cur == NULL ) 00232 { 00233 ret = 1; 00234 goto exit; 00235 } 00236 00237 memset( cur, 0, sizeof(ssl_cache_entry) ); 00238 00239 if( prv == NULL ) 00240 cache->chain = cur; 00241 else 00242 prv->next = cur; 00243 } 00244 00245 #if defined(POLARSSL_HAVE_TIME) 00246 cur->timestamp = t; 00247 #endif 00248 } 00249 00250 memcpy( &cur->session , session, sizeof( ssl_session ) ); 00251 00252 #if defined(POLARSSL_X509_CRT_PARSE_C) 00253 /* 00254 * If we're reusing an entry, free its certificate first 00255 */ 00256 if( cur->peer_cert .p != NULL ) 00257 { 00258 polarssl_free( cur->peer_cert .p ); 00259 memset( &cur->peer_cert , 0, sizeof(x509_buf) ); 00260 } 00261 00262 /* 00263 * Store peer certificate 00264 */ 00265 if( session->peer_cert != NULL ) 00266 { 00267 cur->peer_cert .p = (unsigned char *) 00268 polarssl_malloc( session->peer_cert->raw.len ); 00269 if( cur->peer_cert .p == NULL ) 00270 { 00271 ret = 1; 00272 goto exit; 00273 } 00274 00275 memcpy( cur->peer_cert .p, session->peer_cert->raw.p, 00276 session->peer_cert->raw.len ); 00277 cur->peer_cert .len = session->peer_cert->raw.len; 00278 00279 cur->session .peer_cert = NULL; 00280 } 00281 #endif /* POLARSSL_X509_CRT_PARSE_C */ 00282 00283 ret = 0; 00284 00285 exit: 00286 #if defined(POLARSSL_THREADING_C) 00287 if( polarssl_mutex_unlock( &cache->mutex ) != 0 ) 00288 ret = 1; 00289 #endif 00290 00291 return( ret ); 00292 } 00293 00294 #if defined(POLARSSL_HAVE_TIME) 00295 void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout ) 00296 { 00297 if( timeout < 0 ) timeout = 0; 00298 00299 cache->timeout = timeout; 00300 } 00301 #endif /* POLARSSL_HAVE_TIME */ 00302 00303 void ssl_cache_set_max_entries( ssl_cache_context *cache, int max ) 00304 { 00305 if( max < 0 ) max = 0; 00306 00307 cache->max_entries = max; 00308 } 00309 00310 void ssl_cache_free( ssl_cache_context *cache ) 00311 { 00312 ssl_cache_entry *cur, *prv; 00313 00314 cur = cache->chain ; 00315 00316 while( cur != NULL ) 00317 { 00318 prv = cur; 00319 cur = cur->next ; 00320 00321 ssl_session_free( &prv->session ); 00322 00323 #if defined(POLARSSL_X509_CRT_PARSE_C) 00324 if( prv->peer_cert .p != NULL ) 00325 polarssl_free( prv->peer_cert .p ); 00326 #endif /* POLARSSL_X509_CRT_PARSE_C */ 00327 00328 polarssl_free( prv ); 00329 } 00330 00331 #if defined(POLARSSL_THREADING_C) 00332 polarssl_mutex_free( &cache->mutex ); 00333 #endif 00334 } 00335 00336 #endif /* POLARSSL_SSL_CACHE_C */ 00337 00338
Generated on Tue Jul 12 2022 19:40:20 by
1.7.2