- Added simple SSL session cache implementation
- Revamped session resumption handling
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 9bd578d..3cd05ab 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -78,7 +78,6 @@
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
- ssl_session ssn;
((void) argc);
((void) argv);
@@ -86,7 +85,6 @@
/*
* 0. Initialize the RNG and the session data
*/
- memset( &ssn, 0, sizeof( ssl_session ) );
memset( &ssl, 0, sizeof( ssl_context ) );
printf( "\n . Seeding the random number generator..." );
@@ -141,7 +139,6 @@
net_send, &server_fd );
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
- ssl_set_session( &ssl, 1, 600, &ssn );
/*
* 3. Write the GET request
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 0c962f2..4c4cf3e 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -131,7 +131,6 @@
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
- ssl_session ssn;
x509_cert cacert;
x509_cert clicert;
rsa_context rsa;
@@ -144,7 +143,6 @@
* Make sure memory references are valid.
*/
server_fd = 0;
- memset( &ssn, 0, sizeof( ssl_session ) );
memset( &ssl, 0, sizeof( ssl_context ) );
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &clicert, 0, sizeof( x509_cert ) );
@@ -389,8 +387,6 @@
ssl_set_renegotiation( &ssl, opt.renegotiation );
ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
- ssl_set_session( &ssl, 1, 600, &ssn );
-
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
ssl_set_own_cert( &ssl, &clicert, &rsa );
@@ -518,7 +514,6 @@
x509_free( &clicert );
x509_free( &cacert );
rsa_free( &rsa );
- ssl_session_free( &ssn );
ssl_free( &ssl );
memset( &ssl, 0, sizeof( ssl ) );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 416d4bf..0ef3cf9 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -126,80 +126,6 @@
}
}
-/*
- * These session callbacks use a simple chained list
- * to store and retrieve the session information.
- */
-ssl_session *s_list_1st = NULL;
-ssl_session *cur, *prv;
-
-static int my_get_session( ssl_context *ssl )
-{
- time_t t = time( NULL );
-
- if( ssl->resume == 0 )
- return( 1 );
-
- cur = s_list_1st;
- prv = NULL;
-
- while( cur != NULL )
- {
- prv = cur;
- cur = cur->next;
-
- if( ssl->timeout != 0 && t - prv->start > ssl->timeout )
- continue;
-
- if( ssl->session->ciphersuite != prv->ciphersuite ||
- ssl->session->length != prv->length )
- continue;
-
- if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
- continue;
-
- memcpy( ssl->session->master, prv->master, 48 );
- return( 0 );
- }
-
- return( 1 );
-}
-
-static int my_set_session( ssl_context *ssl )
-{
- time_t t = time( NULL );
-
- cur = s_list_1st;
- prv = NULL;
-
- while( cur != NULL )
- {
- if( ssl->timeout != 0 && t - cur->start > ssl->timeout )
- break; /* expired, reuse this slot */
-
- if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
- break; /* client reconnected */
-
- prv = cur;
- cur = cur->next;
- }
-
- if( cur == NULL )
- {
- cur = (ssl_session *) malloc( sizeof( ssl_session ) );
- if( cur == NULL )
- return( 1 );
-
- if( prv == NULL )
- s_list_1st = cur;
- else prv->next = cur;
- }
-
- memcpy( cur, ssl->session, sizeof( ssl_session ) );
-
- return( 0 );
-}
-
int main( int argc, char *argv[] )
{
int ret, len, cnt = 0, pid;
@@ -211,7 +137,6 @@
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
- ssl_session ssn;
x509_cert srvcert;
rsa_context rsa;
@@ -369,13 +294,8 @@
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
- ssl_set_scb( &ssl, my_get_session,
- my_set_session );
ssl_set_ciphersuites( &ssl, my_ciphersuites );
- ssl_set_session( &ssl, 1, 0, &ssn );
-
- memset( &ssn, 0, sizeof( ssl_session ) );
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
@@ -482,17 +402,6 @@
rsa_free( &rsa );
ssl_free( &ssl );
- cur = s_list_1st;
- while( cur != NULL )
- {
- prv = cur;
- cur = cur->next;
- memset( prv, 0, sizeof( ssl_session ) );
- free( prv );
- }
-
- memset( &ssl, 0, sizeof( ssl_context ) );
-
#if defined(_WIN32)
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index ea7068c..a94d38a 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -349,7 +349,6 @@
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
- ssl_session ssn;
x509_cert cacert;
x509_cert clicert;
rsa_context rsa;
@@ -362,8 +361,6 @@
* Make sure memory references are valid.
*/
server_fd = 0;
- memset( &ssn, 0, sizeof( ssl_session ) );
- memset( &ssl, 0, sizeof( ssl_context ) );
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &clicert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) );
@@ -607,8 +604,6 @@
else
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
- ssl_set_session( &ssl, 1, 600, &ssn );
-
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
ssl_set_own_cert( &ssl, &clicert, &rsa );
@@ -804,11 +799,8 @@
x509_free( &clicert );
x509_free( &cacert );
rsa_free( &rsa );
- ssl_session_free( &ssn );
ssl_free( &ssl );
- memset( &ssl, 0, sizeof( ssl ) );
-
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index a8855b8..070d534 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -45,6 +45,10 @@
#include "polarssl/net.h"
#include "polarssl/error.h"
+#if defined(POLARSSL_SSL_CACHE_C)
+#include "polarssl/ssl_cache.h"
+#endif
+
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
"<h2>PolarSSL Test Server</h2>\r\n" \
@@ -153,80 +157,6 @@
}
}
-/*
- * These session callbacks use a simple chained list
- * to store and retrieve the session information.
- */
-ssl_session *s_list_1st = NULL;
-ssl_session *cur, *prv;
-
-static int my_get_session( ssl_context *ssl )
-{
- time_t t = time( NULL );
-
- if( ssl->resume == 0 )
- return( 1 );
-
- cur = s_list_1st;
- prv = NULL;
-
- while( cur != NULL )
- {
- prv = cur;
- cur = cur->next;
-
- if( ssl->timeout != 0 && (int) ( t - prv->start ) > ssl->timeout )
- continue;
-
- if( ssl->session->ciphersuite != prv->ciphersuite ||
- ssl->session->length != prv->length )
- continue;
-
- if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
- continue;
-
- memcpy( ssl->session->master, prv->master, 48 );
- return( 0 );
- }
-
- return( 1 );
-}
-
-static int my_set_session( ssl_context *ssl )
-{
- time_t t = time( NULL );
-
- cur = s_list_1st;
- prv = NULL;
-
- while( cur != NULL )
- {
- if( ssl->timeout != 0 && (int) ( t - cur->start ) > ssl->timeout )
- break; /* expired, reuse this slot */
-
- if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
- break; /* client reconnected */
-
- prv = cur;
- cur = cur->next;
- }
-
- if( cur == NULL )
- {
- cur = (ssl_session *) malloc( sizeof( ssl_session ) );
- if( cur == NULL )
- return( 1 );
-
- if( prv == NULL )
- s_list_1st = cur;
- else prv->next = cur;
- }
-
- memcpy( cur, ssl->session, sizeof( ssl_session ) );
-
- return( 0 );
-}
-
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
@@ -254,14 +184,17 @@
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
- ssl_session ssn;
x509_cert srvcert;
rsa_context rsa;
((void) argc);
((void) argv);
- memset( &ssl, 0, sizeof( ssl_context ) );
+#if defined(POLARSSL_SSL_CACHE_C)
+ ssl_cache_context cache;
+
+ ssl_cache_init( &cache );
+#endif
/*
* 1. Load the certificates and private RSA key
@@ -351,13 +284,12 @@
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
- ssl_set_scb( &ssl, my_get_session,
- my_set_session );
+#if defined(POLARSSL_SSL_CACHE_C)
+ ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
+ ssl_cache_set, &cache );
+#endif
ssl_set_ciphersuites( &ssl, my_ciphersuites );
- ssl_set_session( &ssl, 1, 0, &ssn );
-
- memset( &ssn, 0, sizeof( ssl_session ) );
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
@@ -527,9 +459,10 @@
net_close( client_fd );
x509_free( &srvcert );
rsa_free( &rsa );
- ssl_session_free( &ssn );
- ssl_session_free( s_list_1st );
ssl_free( &ssl );
+#if defined(POLARSSL_SSL_CACHE_C)
+ ssl_cache_free( &cache );
+#endif
#if defined(_WIN32)
printf( " Press Enter to exit this program.\n" );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index bc5402f..6f97de3 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -45,6 +45,10 @@
#include "polarssl/x509.h"
#include "polarssl/error.h"
+#if defined(POLARSSL_SSL_CACHE_C)
+#include "polarssl/ssl_cache.h"
+#endif
+
#define DFL_SERVER_PORT 4433
#define DFL_REQUEST_PAGE "/"
#define DFL_DEBUG_LEVEL 0
@@ -94,80 +98,6 @@
}
}
-/*
- * These session callbacks use a simple chained list
- * to store and retrieve the session information.
- */
-ssl_session *s_list_1st = NULL;
-ssl_session *cur, *prv;
-
-static int my_get_session( ssl_context *ssl )
-{
- time_t t = time( NULL );
-
- if( ssl->resume == 0 )
- return( 1 );
-
- cur = s_list_1st;
- prv = NULL;
-
- while( cur != NULL )
- {
- prv = cur;
- cur = cur->next;
-
- if( ssl->timeout != 0 && (int) ( t - prv->start ) > ssl->timeout )
- continue;
-
- if( ssl->session->ciphersuite != prv->ciphersuite ||
- ssl->session->length != prv->length )
- continue;
-
- if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
- continue;
-
- memcpy( ssl->session->master, prv->master, 48 );
- return( 0 );
- }
-
- return( 1 );
-}
-
-static int my_set_session( ssl_context *ssl )
-{
- time_t t = time( NULL );
-
- cur = s_list_1st;
- prv = NULL;
-
- while( cur != NULL )
- {
- if( ssl->timeout != 0 && (int) ( t - cur->start ) > ssl->timeout )
- break; /* expired, reuse this slot */
-
- if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
- break; /* client reconnected */
-
- prv = cur;
- cur = cur->next;
- }
-
- if( cur == NULL )
- {
- cur = (ssl_session *) malloc( sizeof( ssl_session ) );
- if( cur == NULL )
- return( 1 );
-
- if( prv == NULL )
- s_list_1st = cur;
- else prv->next = cur;
- }
-
- memcpy( cur, ssl->session, sizeof( ssl_session ) );
-
- return( 0 );
-}
-
#if defined(POLARSSL_FS_IO)
#define USAGE_IO \
" ca_file=%%s default: \"\" (pre-loaded)\n" \
@@ -218,10 +148,12 @@
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
- ssl_session ssn;
x509_cert cacert;
x509_cert srvcert;
rsa_context rsa;
+#if defined(POLARSSL_SSL_CACHE_C)
+ ssl_cache_context cache;
+#endif
int i;
size_t j, n;
@@ -232,11 +164,12 @@
* Make sure memory references are valid.
*/
listen_fd = 0;
- memset( &ssn, 0, sizeof( ssl_session ) );
- memset( &ssl, 0, sizeof( ssl_context ) );
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &srvcert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) );
+#if defined(POLARSSL_SSL_CACHE_C)
+ ssl_cache_init( &cache );
+#endif
if( argc == 0 )
{
@@ -455,8 +388,10 @@
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
- ssl_set_scb( &ssl, my_get_session,
- my_set_session );
+#if defined(POLARSSL_SSL_CACHE_C)
+ ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
+ ssl_cache_set, &cache );
+#endif
if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
@@ -466,8 +401,6 @@
ssl_set_renegotiation( &ssl, opt.renegotiation );
ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
- ssl_set_session( &ssl, 1, 0, &ssn );
-
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
@@ -673,10 +606,12 @@
x509_free( &srvcert );
x509_free( &cacert );
rsa_free( &rsa );
- ssl_session_free( &ssn );
- ssl_session_free( s_list_1st );
ssl_free( &ssl );
+#if defined(POLARSSL_SSL_CACHE_C)
+ ssl_cache_free( &cache );
+#endif
+
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
