lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

- Added simple SSL session cache implementation

Browse Source 
- Revamped session resumption handling
This commit is contained in:
Paul Bakker
2012-09-25 21:55:46 +00:00
parent 1a0f552030
commit 0a59707523
18 changed files with 408 additions and 372 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
programs/ssl/ssl_client1.c
View File

@ -78,7 +78,6 @@ int main( int argc, char *argv[] )
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
((void) argc);
((void) argv);
@ -86,7 +85,6 @@ int main( int argc, char *argv[] )
/*
* 0. Initialize the RNG and the session data
*/
memset( &ssn, 0, sizeof( ssl_session ) );
memset( &ssl, 0, sizeof( ssl_context ) );
printf( "\n . Seeding the random number generator..." );
@ -141,7 +139,6 @@ int main( int argc, char *argv[] )
net_send, &server_fd );
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
ssl_set_session( &ssl, 1, 600, &ssn );
/*
* 3. Write the GET request

5
programs/ssl/ssl_client2.c
View File

@ -131,7 +131,6 @@ int main( int argc, char *argv[] )
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
x509_cert cacert;
x509_cert clicert;
rsa_context rsa;
@ -144,7 +143,6 @@ int main( int argc, char *argv[] )
* Make sure memory references are valid.
*/
server_fd = 0;
memset( &ssn, 0, sizeof( ssl_session ) );
memset( &ssl, 0, sizeof( ssl_context ) );
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &clicert, 0, sizeof( x509_cert ) );
@ -389,8 +387,6 @@ int main( int argc, char *argv[] )
ssl_set_renegotiation( &ssl, opt.renegotiation );
ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
ssl_set_session( &ssl, 1, 600, &ssn );
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
ssl_set_own_cert( &ssl, &clicert, &rsa );
@ -518,7 +514,6 @@ exit:
x509_free( &clicert );
x509_free( &cacert );
rsa_free( &rsa );
ssl_session_free( &ssn );
ssl_free( &ssl );
memset( &ssl, 0, sizeof( ssl ) );

91
programs/ssl/ssl_fork_server.c
View File

@ -126,80 +126,6 @@ void my_debug( void *ctx, int level, const char *str )
}
}
/*
* These session callbacks use a simple chained list
* to store and retrieve the session information.
*/
ssl_session *s_list_1st = NULL;
ssl_session *cur, *prv;
static int my_get_session( ssl_context *ssl )
{
time_t t = time( NULL );
if( ssl->resume == 0 )
return( 1 );
cur = s_list_1st;
prv = NULL;
while( cur != NULL )
{
prv = cur;
cur = cur->next;
if( ssl->timeout != 0 && t - prv->start > ssl->timeout )
continue;
if( ssl->session->ciphersuite != prv->ciphersuite ||
ssl->session->length != prv->length )
continue;
if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
continue;
memcpy( ssl->session->master, prv->master, 48 );
return( 0 );
}
return( 1 );
}
static int my_set_session( ssl_context *ssl )
{
time_t t = time( NULL );
cur = s_list_1st;
prv = NULL;
while( cur != NULL )
{
if( ssl->timeout != 0 && t - cur->start > ssl->timeout )
break; /* expired, reuse this slot */
if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
break; /* client reconnected */
prv = cur;
cur = cur->next;
}
if( cur == NULL )
{
cur = (ssl_session *) malloc( sizeof( ssl_session ) );
if( cur == NULL )
return( 1 );
if( prv == NULL )
s_list_1st = cur;
else prv->next = cur;
}
memcpy( cur, ssl->session, sizeof( ssl_session ) );
return( 0 );
}
int main( int argc, char *argv[] )
{
int ret, len, cnt = 0, pid;
@ -211,7 +137,6 @@ int main( int argc, char *argv[] )
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
x509_cert srvcert;
rsa_context rsa;
@ -369,13 +294,8 @@ int main( int argc, char *argv[] )
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
ssl_set_scb( &ssl, my_get_session,
my_set_session );
ssl_set_ciphersuites( &ssl, my_ciphersuites );
ssl_set_session( &ssl, 1, 0, &ssn );
memset( &ssn, 0, sizeof( ssl_session ) );
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
@ -482,17 +402,6 @@ exit:
rsa_free( &rsa );
ssl_free( &ssl );
cur = s_list_1st;
while( cur != NULL )
{
prv = cur;
cur = cur->next;
memset( prv, 0, sizeof( ssl_session ) );
free( prv );
}
memset( &ssl, 0, sizeof( ssl_context ) );
#if defined(_WIN32)
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();

8
programs/ssl/ssl_mail_client.c
View File

@ -349,7 +349,6 @@ int main( int argc, char *argv[] )
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
x509_cert cacert;
x509_cert clicert;
rsa_context rsa;
@ -362,8 +361,6 @@ int main( int argc, char *argv[] )
* Make sure memory references are valid.
*/
server_fd = 0;
memset( &ssn, 0, sizeof( ssl_session ) );
memset( &ssl, 0, sizeof( ssl_context ) );
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &clicert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) );
@ -607,8 +604,6 @@ int main( int argc, char *argv[] )
else
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
ssl_set_session( &ssl, 1, 600, &ssn );
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
ssl_set_own_cert( &ssl, &clicert, &rsa );
@ -804,11 +799,8 @@ exit:
x509_free( &clicert );
x509_free( &cacert );
rsa_free( &rsa );
ssl_session_free( &ssn );
ssl_free( &ssl );
memset( &ssl, 0, sizeof( ssl ) );
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();

99
programs/ssl/ssl_server.c
View File

@ -45,6 +45,10 @@
#include "polarssl/net.h"
#include "polarssl/error.h"
#if defined(POLARSSL_SSL_CACHE_C)
#include "polarssl/ssl_cache.h"
#endif
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
"<h2>PolarSSL Test Server</h2>\r\n" \
@ -153,80 +157,6 @@ void my_debug( void *ctx, int level, const char *str )
}
}
/*
* These session callbacks use a simple chained list
* to store and retrieve the session information.
*/
ssl_session *s_list_1st = NULL;
ssl_session *cur, *prv;
static int my_get_session( ssl_context *ssl )
{
time_t t = time( NULL );
if( ssl->resume == 0 )
return( 1 );
cur = s_list_1st;
prv = NULL;
while( cur != NULL )
{
prv = cur;
cur = cur->next;
if( ssl->timeout != 0 && (int) ( t - prv->start ) > ssl->timeout )
continue;
if( ssl->session->ciphersuite != prv->ciphersuite ||
ssl->session->length != prv->length )
continue;
if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
continue;
memcpy( ssl->session->master, prv->master, 48 );
return( 0 );
}
return( 1 );
}
static int my_set_session( ssl_context *ssl )
{
time_t t = time( NULL );
cur = s_list_1st;
prv = NULL;
while( cur != NULL )
{
if( ssl->timeout != 0 && (int) ( t - cur->start ) > ssl->timeout )
break; /* expired, reuse this slot */
if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
break; /* client reconnected */
prv = cur;
cur = cur->next;
}
if( cur == NULL )
{
cur = (ssl_session *) malloc( sizeof( ssl_session ) );
if( cur == NULL )
return( 1 );
if( prv == NULL )
s_list_1st = cur;
else prv->next = cur;
}
memcpy( cur, ssl->session, sizeof( ssl_session ) );
return( 0 );
}
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
@ -254,14 +184,17 @@ int main( int argc, char *argv[] )
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
x509_cert srvcert;
rsa_context rsa;
((void) argc);
((void) argv);
memset( &ssl, 0, sizeof( ssl_context ) );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache;
ssl_cache_init( &cache );
#endif
/*
* 1. Load the certificates and private RSA key
@ -351,13 +284,12 @@ int main( int argc, char *argv[] )
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_scb( &ssl, my_get_session,
my_set_session );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
ssl_cache_set, &cache );
#endif
ssl_set_ciphersuites( &ssl, my_ciphersuites );
ssl_set_session( &ssl, 1, 0, &ssn );
memset( &ssn, 0, sizeof( ssl_session ) );
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
@ -527,9 +459,10 @@ exit:
net_close( client_fd );
x509_free( &srvcert );
rsa_free( &rsa );
ssl_session_free( &ssn );
ssl_session_free( s_list_1st );
ssl_free( &ssl );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_free( &cache );
#endif
#if defined(_WIN32)
printf( " Press Enter to exit this program.\n" );

101
programs/ssl/ssl_server2.c
View File

@ -45,6 +45,10 @@
#include "polarssl/x509.h"
#include "polarssl/error.h"
#if defined(POLARSSL_SSL_CACHE_C)
#include "polarssl/ssl_cache.h"
#endif
#define DFL_SERVER_PORT 4433
#define DFL_REQUEST_PAGE "/"
#define DFL_DEBUG_LEVEL 0
@ -94,80 +98,6 @@ void my_debug( void *ctx, int level, const char *str )
}
}
/*
* These session callbacks use a simple chained list
* to store and retrieve the session information.
*/
ssl_session *s_list_1st = NULL;
ssl_session *cur, *prv;
static int my_get_session( ssl_context *ssl )
{
time_t t = time( NULL );
if( ssl->resume == 0 )
return( 1 );
cur = s_list_1st;
prv = NULL;
while( cur != NULL )
{
prv = cur;
cur = cur->next;
if( ssl->timeout != 0 && (int) ( t - prv->start ) > ssl->timeout )
continue;
if( ssl->session->ciphersuite != prv->ciphersuite ||
ssl->session->length != prv->length )
continue;
if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
continue;
memcpy( ssl->session->master, prv->master, 48 );
return( 0 );
}
return( 1 );
}
static int my_set_session( ssl_context *ssl )
{
time_t t = time( NULL );
cur = s_list_1st;
prv = NULL;
while( cur != NULL )
{
if( ssl->timeout != 0 && (int) ( t - cur->start ) > ssl->timeout )
break; /* expired, reuse this slot */
if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
break; /* client reconnected */
prv = cur;
cur = cur->next;
}
if( cur == NULL )
{
cur = (ssl_session *) malloc( sizeof( ssl_session ) );
if( cur == NULL )
return( 1 );
if( prv == NULL )
s_list_1st = cur;
else prv->next = cur;
}
memcpy( cur, ssl->session, sizeof( ssl_session ) );
return( 0 );
}
#if defined(POLARSSL_FS_IO)
#define USAGE_IO \
" ca_file=%%s default: \"\" (pre-loaded)\n" \
@ -218,10 +148,12 @@ int main( int argc, char *argv[] )
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
x509_cert cacert;
x509_cert srvcert;
rsa_context rsa;
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache;
#endif
int i;
size_t j, n;
@ -232,11 +164,12 @@ int main( int argc, char *argv[] )
* Make sure memory references are valid.
*/
listen_fd = 0;
memset( &ssn, 0, sizeof( ssl_session ) );
memset( &ssl, 0, sizeof( ssl_context ) );
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &srvcert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache );
#endif
if( argc == 0 )
{
@ -455,8 +388,10 @@ int main( int argc, char *argv[] )
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_scb( &ssl, my_get_session,
my_set_session );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
ssl_cache_set, &cache );
#endif
if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
@ -466,8 +401,6 @@ int main( int argc, char *argv[] )
ssl_set_renegotiation( &ssl, opt.renegotiation );
ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
ssl_set_session( &ssl, 1, 0, &ssn );
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
@ -673,10 +606,12 @@ exit:
x509_free( &srvcert );
x509_free( &cacert );
rsa_free( &rsa );
ssl_session_free( &ssn );
ssl_session_free( s_list_1st );
ssl_free( &ssl );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_free( &cache );
#endif
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();

4
programs/test/ssl_test.c
View File

@ -167,7 +167,6 @@ static int ssl_test( struct options *opt )
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
x509_cert srvcert;
rsa_context rsa;
@ -273,9 +272,6 @@ static int ssl_test( struct options *opt )
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
ssl_set_session( &ssl, opt->session_reuse,
opt->session_lifetime, &ssn );
if( opt->force_ciphersuite[0] == DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
else ssl_set_ciphersuites( &ssl, opt->force_ciphersuite );

5
programs/x509/cert_app.c
View File

@ -108,7 +108,6 @@ int main( int argc, char *argv[] )
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
x509_cert clicert;
rsa_context rsa;
int i, j, n;
@ -119,8 +118,6 @@ int main( int argc, char *argv[] )
* Set to sane values
*/
server_fd = 0;
memset( &ssl, 0, sizeof( ssl_context ) );
memset( &ssn, 0, sizeof( ssl_session ) );
memset( &clicert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) );
@ -288,7 +285,6 @@ int main( int argc, char *argv[] )
net_send, &server_fd );
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
ssl_set_session( &ssl, 1, 600, &ssn );
ssl_set_own_cert( &ssl, &clicert, &rsa );
@ -333,7 +329,6 @@ exit:
net_close( server_fd );
x509_free( &clicert );
rsa_free( &rsa );
ssl_session_free( &ssn );
ssl_free( &ssl );
#if defined(_WIN32)