Blame - library/ssl_cache.c - mirror/mbed-tls

blob: 113f7244098db4ff9f62b5724dab9643800e04f6 [file] [log] [blame]

Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	1	/*
				2	* SSL session cache implementation
				3	*
				4	* Copyright (C) 2006-2012, Brainspark B.V.
				5	*
				6	* This file is part of PolarSSL (http://www.polarssl.org)
				7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
				8	*
				9	* All rights reserved.
				10	*
				11	* This program is free software; you can redistribute it and/or modify
				12	* it under the terms of the GNU General Public License as published by
				13	* the Free Software Foundation; either version 2 of the License, or
				14	* (at your option) any later version.
				15	*
				16	* This program is distributed in the hope that it will be useful,
				17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				19	* GNU General Public License for more details.
				20	*
				21	* You should have received a copy of the GNU General Public License along
				22	* with this program; if not, write to the Free Software Foundation, Inc.,
				23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				24	*/
				25	/*
				26	* These session callbacks use a simple chained list
				27	* to store and retrieve the session information.
				28	*/
				29
				30	#include "polarssl/config.h"
				31
				32	#if defined(POLARSSL_SSL_CACHE_C)
				33
				34	#include "polarssl/ssl_cache.h"
				35
Paul Bakker	6e339b5	2013-07-03 13:37:05 +0200	[diff] [blame]	36	#if defined(POLARSSL_MEMORY_C)
				37	#include "polarssl/memory.h"
				38	#else
				39	#define polarssl_malloc malloc
				40	#define polarssl_free free
				41	#endif
				42
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	43	#include <stdlib.h>
				44
				45	void ssl_cache_init( ssl_cache_context *cache )
				46	{
				47	memset( cache, 0, sizeof( ssl_cache_context ) );
				48
				49	cache->timeout = SSL_CACHE_DEFAULT_TIMEOUT;
Paul Bakker	ba26e9e	2012-10-23 22:18:28 +0000	[diff] [blame]	50	cache->max_entries = SSL_CACHE_DEFAULT_MAX_ENTRIES;
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	51	}
				52
				53	int ssl_cache_get( void data, ssl_session session )
				54	{
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	55	#if defined(POLARSSL_HAVE_TIME)
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	56	time_t t = time( NULL );
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	57	#endif
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	58	ssl_cache_context cache = (ssl_cache_context ) data;
				59	ssl_cache_entry cur, entry;
				60
				61	cur = cache->chain;
				62	entry = NULL;
				63
				64	while( cur != NULL )
				65	{
				66	entry = cur;
				67	cur = cur->next;
				68
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	69	#if defined(POLARSSL_HAVE_TIME)
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	70	if( cache->timeout != 0 &&
				71	(int) ( t - entry->timestamp ) > cache->timeout )
				72	continue;
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	73	#endif
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	74
				75	if( session->ciphersuite != entry->session.ciphersuite \|\|
				76	session->compression != entry->session.compression \|\|
				77	session->length != entry->session.length )
				78	continue;
				79
				80	if( memcmp( session->id, entry->session.id,
				81	entry->session.length ) != 0 )
				82	continue;
				83
				84	memcpy( session->master, entry->session.master, 48 );
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	85
Manuel Pégourié-Gonnard	38d1eba	2013-08-23 10:44:29 +0200	[diff] [blame]	86	session->verify_result = entry->session.verify_result;
				87
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	88	#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	89	/*
				90	* Restore peer certificate (without rest of the original chain)
				91	*/
				92	if( entry->peer_cert.p != NULL )
				93	{
Paul Bakker	c559c7a	2013-09-18 14:13:26 +0200	[diff] [blame]	94	session->peer_cert = (x509_crt *) polarssl_malloc( sizeof(x509_crt) );
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	95	if( session->peer_cert == NULL )
				96	return( 1 );
				97
Paul Bakker	b6b0956	2013-09-18 14:17:41 +0200	[diff] [blame]	98	x509_crt_init( session->peer_cert );
Paul Bakker	ddf26b4	2013-09-18 13:46:23 +0200	[diff] [blame]	99	if( x509_crt_parse( session->peer_cert, entry->peer_cert.p,
				100	entry->peer_cert.len ) != 0 )
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	101	{
Paul Bakker	6e339b5	2013-07-03 13:37:05 +0200	[diff] [blame]	102	polarssl_free( session->peer_cert );
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	103	session->peer_cert = NULL;
				104	return( 1 );
				105	}
				106	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	107	#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	108
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	109	return( 0 );
				110	}
				111
				112	return( 1 );
				113	}
				114
				115	int ssl_cache_set( void data, const ssl_session session )
				116	{
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	117	#if defined(POLARSSL_HAVE_TIME)
Paul Bakker	ba26e9e	2012-10-23 22:18:28 +0000	[diff] [blame]	118	time_t t = time( NULL ), oldest = 0;
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	119	ssl_cache_entry *old = NULL;
				120	#endif
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	121	ssl_cache_context cache = (ssl_cache_context ) data;
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	122	ssl_cache_entry cur, prv;
Paul Bakker	ba26e9e	2012-10-23 22:18:28 +0000	[diff] [blame]	123	int count = 0;
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	124
				125	cur = cache->chain;
				126	prv = NULL;
				127
				128	while( cur != NULL )
				129	{
Paul Bakker	ba26e9e	2012-10-23 22:18:28 +0000	[diff] [blame]	130	count++;
				131
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	132	#if defined(POLARSSL_HAVE_TIME)
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	133	if( cache->timeout != 0 &&
				134	(int) ( t - cur->timestamp ) > cache->timeout )
				135	{
				136	cur->timestamp = t;
				137	break; /* expired, reuse this slot, update timestamp */
				138	}
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	139	#endif
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	140
				141	if( memcmp( session->id, cur->session.id, cur->session.length ) == 0 )
				142	break; /* client reconnected, keep timestamp for session id */
				143
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	144	#if defined(POLARSSL_HAVE_TIME)
Paul Bakker	ba26e9e	2012-10-23 22:18:28 +0000	[diff] [blame]	145	if( oldest == 0 \|\| cur->timestamp < oldest )
				146	{
				147	oldest = cur->timestamp;
				148	old = cur;
				149	}
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	150	#endif
Paul Bakker	ba26e9e	2012-10-23 22:18:28 +0000	[diff] [blame]	151
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	152	prv = cur;
				153	cur = cur->next;
				154	}
				155
				156	if( cur == NULL )
				157	{
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	158	#if defined(POLARSSL_HAVE_TIME)
Paul Bakker	ba26e9e	2012-10-23 22:18:28 +0000	[diff] [blame]	159	/*
				160	* Reuse oldest entry if max_entries reached
				161	*/
				162	if( old != NULL && count >= cache->max_entries )
				163	{
				164	cur = old;
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	165	memset( &cur->session, 0, sizeof(ssl_session) );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	166	#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	167	if( cur->peer_cert.p != NULL )
				168	{
Paul Bakker	6e339b5	2013-07-03 13:37:05 +0200	[diff] [blame]	169	polarssl_free( cur->peer_cert.p );
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	170	memset( &cur->peer_cert, 0, sizeof(x509_buf) );
				171	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	172	#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakker	ba26e9e	2012-10-23 22:18:28 +0000	[diff] [blame]	173	}
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	174	#else /* POLARSSL_HAVE_TIME */
				175	/*
				176	* Reuse first entry in chain if max_entries reached,
				177	* but move to last place
				178	*/
				179	if( count >= cache->max_entries )
				180	{
				181	if( cache->chain == NULL )
				182	return( 1 );
				183
				184	cur = cache->chain;
				185	cache->chain = cur->next;
				186
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	187	#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	188	if( cur->peer_cert.p != NULL )
				189	{
				190	polarssl_free( cur->peer_cert.p );
				191	memset( &cur->peer_cert, 0, sizeof(x509_buf) );
				192	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	193	#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	194
				195	memset( cur, 0, sizeof(ssl_cache_entry) );
				196	prv->next = cur;
				197	}
				198	#endif /* POLARSSL_HAVE_TIME */
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	199	else
Paul Bakker	ba26e9e	2012-10-23 22:18:28 +0000	[diff] [blame]	200	{
Paul Bakker	6e339b5	2013-07-03 13:37:05 +0200	[diff] [blame]	201	cur = (ssl_cache_entry *) polarssl_malloc( sizeof(ssl_cache_entry) );
Paul Bakker	ba26e9e	2012-10-23 22:18:28 +0000	[diff] [blame]	202	if( cur == NULL )
				203	return( 1 );
				204
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	205	memset( cur, 0, sizeof(ssl_cache_entry) );
Paul Bakker	ba26e9e	2012-10-23 22:18:28 +0000	[diff] [blame]	206
				207	if( prv == NULL )
				208	cache->chain = cur;
				209	else
				210	prv->next = cur;
				211	}
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	212
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	213	#if defined(POLARSSL_HAVE_TIME)
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	214	cur->timestamp = t;
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	215	#endif
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	216	}
				217
				218	memcpy( &cur->session, session, sizeof( ssl_session ) );
Paul Bakker	ed27a04	2013-04-18 22:46:23 +0200	[diff] [blame]	219
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	220	#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	221	/*
				222	* Store peer certificate
				223	*/
				224	if( session->peer_cert != NULL )
				225	{
Paul Bakker	6e339b5	2013-07-03 13:37:05 +0200	[diff] [blame]	226	cur->peer_cert.p = (unsigned char *) polarssl_malloc( session->peer_cert->raw.len );
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	227	if( cur->peer_cert.p == NULL )
				228	return( 1 );
				229
				230	memcpy( cur->peer_cert.p, session->peer_cert->raw.p,
				231	session->peer_cert->raw.len );
				232	cur->peer_cert.len = session->peer_cert->raw.len;
				233
				234	cur->session.peer_cert = NULL;
				235	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	236	#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	237
				238	return( 0 );
				239	}
				240
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	241	#if defined(POLARSSL_HAVE_TIME)
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	242	void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout )
				243	{
				244	if( timeout < 0 ) timeout = 0;
				245
				246	cache->timeout = timeout;
				247	}
Paul Bakker	fa9b100	2013-07-03 15:31:03 +0200	[diff] [blame]	248	#endif /* POLARSSL_HAVE_TIME */
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	249
Paul Bakker	ba26e9e	2012-10-23 22:18:28 +0000	[diff] [blame]	250	void ssl_cache_set_max_entries( ssl_cache_context *cache, int max )
				251	{
				252	if( max < 0 ) max = 0;
				253
				254	cache->max_entries = max;
				255	}
				256
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	257	void ssl_cache_free( ssl_cache_context *cache )
				258	{
				259	ssl_cache_entry cur, prv;
				260
				261	cur = cache->chain;
				262
				263	while( cur != NULL )
				264	{
				265	prv = cur;
				266	cur = cur->next;
				267
				268	ssl_session_free( &prv->session );
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	269
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	270	#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	271	if( prv->peer_cert.p != NULL )
Paul Bakker	6e339b5	2013-07-03 13:37:05 +0200	[diff] [blame]	272	polarssl_free( prv->peer_cert.p );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	273	#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakker	e81beda	2013-03-06 17:40:46 +0100	[diff] [blame]	274
Paul Bakker	6e339b5	2013-07-03 13:37:05 +0200	[diff] [blame]	275	polarssl_free( prv );
Paul Bakker	0a59707	2012-09-25 21:55:46 +0000	[diff] [blame]	276	}
				277	}
				278
				279	#endif /* POLARSSL_SSL_CACHE_C */