Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 1 | /* |
| 2 | * SSL session cache implementation |
| 3 | * |
| 4 | * Copyright (C) 2006-2012, Brainspark B.V. |
| 5 | * |
| 6 | * This file is part of PolarSSL (http://www.polarssl.org) |
| 7 | * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> |
| 8 | * |
| 9 | * All rights reserved. |
| 10 | * |
| 11 | * This program is free software; you can redistribute it and/or modify |
| 12 | * it under the terms of the GNU General Public License as published by |
| 13 | * the Free Software Foundation; either version 2 of the License, or |
| 14 | * (at your option) any later version. |
| 15 | * |
| 16 | * This program is distributed in the hope that it will be useful, |
| 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 19 | * GNU General Public License for more details. |
| 20 | * |
| 21 | * You should have received a copy of the GNU General Public License along |
| 22 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 24 | */ |
| 25 | /* |
| 26 | * These session callbacks use a simple chained list |
| 27 | * to store and retrieve the session information. |
| 28 | */ |
| 29 | |
| 30 | #include "polarssl/config.h" |
| 31 | |
| 32 | #if defined(POLARSSL_SSL_CACHE_C) |
| 33 | |
| 34 | #include "polarssl/ssl_cache.h" |
| 35 | |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 36 | #if defined(POLARSSL_MEMORY_C) |
| 37 | #include "polarssl/memory.h" |
| 38 | #else |
| 39 | #define polarssl_malloc malloc |
| 40 | #define polarssl_free free |
| 41 | #endif |
| 42 | |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 43 | #include <stdlib.h> |
| 44 | |
| 45 | void ssl_cache_init( ssl_cache_context *cache ) |
| 46 | { |
| 47 | memset( cache, 0, sizeof( ssl_cache_context ) ); |
| 48 | |
| 49 | cache->timeout = SSL_CACHE_DEFAULT_TIMEOUT; |
Paul Bakker | ba26e9e | 2012-10-23 22:18:28 +0000 | [diff] [blame] | 50 | cache->max_entries = SSL_CACHE_DEFAULT_MAX_ENTRIES; |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 51 | } |
| 52 | |
| 53 | int ssl_cache_get( void *data, ssl_session *session ) |
| 54 | { |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 55 | #if defined(POLARSSL_HAVE_TIME) |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 56 | time_t t = time( NULL ); |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 57 | #endif |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 58 | ssl_cache_context *cache = (ssl_cache_context *) data; |
| 59 | ssl_cache_entry *cur, *entry; |
| 60 | |
| 61 | cur = cache->chain; |
| 62 | entry = NULL; |
| 63 | |
| 64 | while( cur != NULL ) |
| 65 | { |
| 66 | entry = cur; |
| 67 | cur = cur->next; |
| 68 | |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 69 | #if defined(POLARSSL_HAVE_TIME) |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 70 | if( cache->timeout != 0 && |
| 71 | (int) ( t - entry->timestamp ) > cache->timeout ) |
| 72 | continue; |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 73 | #endif |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 74 | |
| 75 | if( session->ciphersuite != entry->session.ciphersuite || |
| 76 | session->compression != entry->session.compression || |
| 77 | session->length != entry->session.length ) |
| 78 | continue; |
| 79 | |
| 80 | if( memcmp( session->id, entry->session.id, |
| 81 | entry->session.length ) != 0 ) |
| 82 | continue; |
| 83 | |
| 84 | memcpy( session->master, entry->session.master, 48 ); |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 85 | |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 86 | #if defined(POLARSSL_X509_PARSE_C) |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 87 | /* |
| 88 | * Restore peer certificate (without rest of the original chain) |
| 89 | */ |
| 90 | if( entry->peer_cert.p != NULL ) |
| 91 | { |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 92 | session->peer_cert = (x509_cert *) polarssl_malloc( sizeof(x509_cert) ); |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 93 | if( session->peer_cert == NULL ) |
| 94 | return( 1 ); |
| 95 | |
| 96 | memset( session->peer_cert, 0, sizeof(x509_cert) ); |
| 97 | if( x509parse_crt( session->peer_cert, entry->peer_cert.p, |
| 98 | entry->peer_cert.len ) != 0 ) |
| 99 | { |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 100 | polarssl_free( session->peer_cert ); |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 101 | session->peer_cert = NULL; |
| 102 | return( 1 ); |
| 103 | } |
| 104 | } |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 105 | #endif /* POLARSSL_X509_PARSE_C */ |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 106 | |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 107 | return( 0 ); |
| 108 | } |
| 109 | |
| 110 | return( 1 ); |
| 111 | } |
| 112 | |
| 113 | int ssl_cache_set( void *data, const ssl_session *session ) |
| 114 | { |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 115 | #if defined(POLARSSL_HAVE_TIME) |
Paul Bakker | ba26e9e | 2012-10-23 22:18:28 +0000 | [diff] [blame] | 116 | time_t t = time( NULL ), oldest = 0; |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 117 | ssl_cache_entry *old = NULL; |
| 118 | #endif |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 119 | ssl_cache_context *cache = (ssl_cache_context *) data; |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 120 | ssl_cache_entry *cur, *prv; |
Paul Bakker | ba26e9e | 2012-10-23 22:18:28 +0000 | [diff] [blame] | 121 | int count = 0; |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 122 | |
| 123 | cur = cache->chain; |
| 124 | prv = NULL; |
| 125 | |
| 126 | while( cur != NULL ) |
| 127 | { |
Paul Bakker | ba26e9e | 2012-10-23 22:18:28 +0000 | [diff] [blame] | 128 | count++; |
| 129 | |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 130 | #if defined(POLARSSL_HAVE_TIME) |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 131 | if( cache->timeout != 0 && |
| 132 | (int) ( t - cur->timestamp ) > cache->timeout ) |
| 133 | { |
| 134 | cur->timestamp = t; |
| 135 | break; /* expired, reuse this slot, update timestamp */ |
| 136 | } |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 137 | #endif |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 138 | |
| 139 | if( memcmp( session->id, cur->session.id, cur->session.length ) == 0 ) |
| 140 | break; /* client reconnected, keep timestamp for session id */ |
| 141 | |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 142 | #if defined(POLARSSL_HAVE_TIME) |
Paul Bakker | ba26e9e | 2012-10-23 22:18:28 +0000 | [diff] [blame] | 143 | if( oldest == 0 || cur->timestamp < oldest ) |
| 144 | { |
| 145 | oldest = cur->timestamp; |
| 146 | old = cur; |
| 147 | } |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 148 | #endif |
Paul Bakker | ba26e9e | 2012-10-23 22:18:28 +0000 | [diff] [blame] | 149 | |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 150 | prv = cur; |
| 151 | cur = cur->next; |
| 152 | } |
| 153 | |
| 154 | if( cur == NULL ) |
| 155 | { |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 156 | #if defined(POLARSSL_HAVE_TIME) |
Paul Bakker | ba26e9e | 2012-10-23 22:18:28 +0000 | [diff] [blame] | 157 | /* |
| 158 | * Reuse oldest entry if max_entries reached |
| 159 | */ |
| 160 | if( old != NULL && count >= cache->max_entries ) |
| 161 | { |
| 162 | cur = old; |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 163 | memset( &cur->session, 0, sizeof(ssl_session) ); |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 164 | #if defined(POLARSSL_X509_PARSE_C) |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 165 | if( cur->peer_cert.p != NULL ) |
| 166 | { |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 167 | polarssl_free( cur->peer_cert.p ); |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 168 | memset( &cur->peer_cert, 0, sizeof(x509_buf) ); |
| 169 | } |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 170 | #endif /* POLARSSL_X509_PARSE_C */ |
Paul Bakker | ba26e9e | 2012-10-23 22:18:28 +0000 | [diff] [blame] | 171 | } |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 172 | #else /* POLARSSL_HAVE_TIME */ |
| 173 | /* |
| 174 | * Reuse first entry in chain if max_entries reached, |
| 175 | * but move to last place |
| 176 | */ |
| 177 | if( count >= cache->max_entries ) |
| 178 | { |
| 179 | if( cache->chain == NULL ) |
| 180 | return( 1 ); |
| 181 | |
| 182 | cur = cache->chain; |
| 183 | cache->chain = cur->next; |
| 184 | |
| 185 | #if defined(POLARSSL_X509_PARSE_C) |
| 186 | if( cur->peer_cert.p != NULL ) |
| 187 | { |
| 188 | polarssl_free( cur->peer_cert.p ); |
| 189 | memset( &cur->peer_cert, 0, sizeof(x509_buf) ); |
| 190 | } |
| 191 | #endif /* POLARSSL_X509_PARSE_C */ |
| 192 | |
| 193 | memset( cur, 0, sizeof(ssl_cache_entry) ); |
| 194 | prv->next = cur; |
| 195 | } |
| 196 | #endif /* POLARSSL_HAVE_TIME */ |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 197 | else |
Paul Bakker | ba26e9e | 2012-10-23 22:18:28 +0000 | [diff] [blame] | 198 | { |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 199 | cur = (ssl_cache_entry *) polarssl_malloc( sizeof(ssl_cache_entry) ); |
Paul Bakker | ba26e9e | 2012-10-23 22:18:28 +0000 | [diff] [blame] | 200 | if( cur == NULL ) |
| 201 | return( 1 ); |
| 202 | |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 203 | memset( cur, 0, sizeof(ssl_cache_entry) ); |
Paul Bakker | ba26e9e | 2012-10-23 22:18:28 +0000 | [diff] [blame] | 204 | |
| 205 | if( prv == NULL ) |
| 206 | cache->chain = cur; |
| 207 | else |
| 208 | prv->next = cur; |
| 209 | } |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 210 | |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 211 | #if defined(POLARSSL_HAVE_TIME) |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 212 | cur->timestamp = t; |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 213 | #endif |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 214 | } |
| 215 | |
| 216 | memcpy( &cur->session, session, sizeof( ssl_session ) ); |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 217 | |
| 218 | #if defined(POLARSSL_X509_PARSE_C) |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 219 | /* |
| 220 | * Store peer certificate |
| 221 | */ |
| 222 | if( session->peer_cert != NULL ) |
| 223 | { |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 224 | cur->peer_cert.p = (unsigned char *) polarssl_malloc( session->peer_cert->raw.len ); |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 225 | if( cur->peer_cert.p == NULL ) |
| 226 | return( 1 ); |
| 227 | |
| 228 | memcpy( cur->peer_cert.p, session->peer_cert->raw.p, |
| 229 | session->peer_cert->raw.len ); |
| 230 | cur->peer_cert.len = session->peer_cert->raw.len; |
| 231 | |
| 232 | cur->session.peer_cert = NULL; |
| 233 | } |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 234 | #endif /* POLARSSL_X509_PARSE_C */ |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 235 | |
| 236 | return( 0 ); |
| 237 | } |
| 238 | |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 239 | #if defined(POLARSSL_HAVE_TIME) |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 240 | void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout ) |
| 241 | { |
| 242 | if( timeout < 0 ) timeout = 0; |
| 243 | |
| 244 | cache->timeout = timeout; |
| 245 | } |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 246 | #endif /* POLARSSL_HAVE_TIME */ |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 247 | |
Paul Bakker | ba26e9e | 2012-10-23 22:18:28 +0000 | [diff] [blame] | 248 | void ssl_cache_set_max_entries( ssl_cache_context *cache, int max ) |
| 249 | { |
| 250 | if( max < 0 ) max = 0; |
| 251 | |
| 252 | cache->max_entries = max; |
| 253 | } |
| 254 | |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 255 | void ssl_cache_free( ssl_cache_context *cache ) |
| 256 | { |
| 257 | ssl_cache_entry *cur, *prv; |
| 258 | |
| 259 | cur = cache->chain; |
| 260 | |
| 261 | while( cur != NULL ) |
| 262 | { |
| 263 | prv = cur; |
| 264 | cur = cur->next; |
| 265 | |
| 266 | ssl_session_free( &prv->session ); |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 267 | |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 268 | #if defined(POLARSSL_X509_PARSE_C) |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 269 | if( prv->peer_cert.p != NULL ) |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 270 | polarssl_free( prv->peer_cert.p ); |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 271 | #endif /* POLARSSL_X509_PARSE_C */ |
Paul Bakker | e81beda | 2013-03-06 17:40:46 +0100 | [diff] [blame] | 272 | |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 273 | polarssl_free( prv ); |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 274 | } |
| 275 | } |
| 276 | |
| 277 | #endif /* POLARSSL_SSL_CACHE_C */ |