40fa684c18
Keep module compatibility with mbedtls 2.x (old LTS branch). A patch has been added to allow compiling after removing all the `psa_*` files from the library folder (will look into upstreaming it). Note: mbedTLS 3.6 finally enabled TLSv1.3 by default, but it requires some module changes, and to enable PSA crypto (new "standard" API specification), so it might be best done in a separate commit/PR.
410 lines
11 KiB
C
410 lines
11 KiB
C
/*
|
|
* SSL session cache implementation
|
|
*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
*/
|
|
/*
|
|
* These session callbacks use a simple chained list
|
|
* to store and retrieve the session information.
|
|
*/
|
|
|
|
#include "common.h"
|
|
|
|
#if defined(MBEDTLS_SSL_CACHE_C)
|
|
|
|
#include "mbedtls/platform.h"
|
|
|
|
#include "mbedtls/ssl_cache.h"
|
|
#include "ssl_misc.h"
|
|
#include "mbedtls/error.h"
|
|
|
|
#include <string.h>
|
|
|
|
void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache)
|
|
{
|
|
memset(cache, 0, sizeof(mbedtls_ssl_cache_context));
|
|
|
|
cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT;
|
|
cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES;
|
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
mbedtls_mutex_init(&cache->mutex);
|
|
#endif
|
|
}
|
|
|
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
|
static int ssl_cache_find_entry(mbedtls_ssl_cache_context *cache,
|
|
unsigned char const *session_id,
|
|
size_t session_id_len,
|
|
mbedtls_ssl_cache_entry **dst)
|
|
{
|
|
int ret = MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND;
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
mbedtls_time_t t = mbedtls_time(NULL);
|
|
#endif
|
|
mbedtls_ssl_cache_entry *cur;
|
|
|
|
for (cur = cache->chain; cur != NULL; cur = cur->next) {
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
if (cache->timeout != 0 &&
|
|
(int) (t - cur->timestamp) > cache->timeout) {
|
|
continue;
|
|
}
|
|
#endif
|
|
|
|
if (session_id_len != cur->session_id_len ||
|
|
memcmp(session_id, cur->session_id,
|
|
cur->session_id_len) != 0) {
|
|
continue;
|
|
}
|
|
|
|
break;
|
|
}
|
|
|
|
if (cur != NULL) {
|
|
*dst = cur;
|
|
ret = 0;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
|
|
int mbedtls_ssl_cache_get(void *data,
|
|
unsigned char const *session_id,
|
|
size_t session_id_len,
|
|
mbedtls_ssl_session *session)
|
|
{
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
|
|
mbedtls_ssl_cache_entry *entry;
|
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
|
|
return ret;
|
|
}
|
|
#endif
|
|
|
|
ret = ssl_cache_find_entry(cache, session_id, session_id_len, &entry);
|
|
if (ret != 0) {
|
|
goto exit;
|
|
}
|
|
|
|
ret = mbedtls_ssl_session_load(session,
|
|
entry->session,
|
|
entry->session_len);
|
|
if (ret != 0) {
|
|
goto exit;
|
|
}
|
|
|
|
ret = 0;
|
|
|
|
exit:
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
|
|
ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
|
|
}
|
|
#endif
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* zeroize a cache entry */
|
|
static void ssl_cache_entry_zeroize(mbedtls_ssl_cache_entry *entry)
|
|
{
|
|
if (entry == NULL) {
|
|
return;
|
|
}
|
|
|
|
/* zeroize and free session structure */
|
|
if (entry->session != NULL) {
|
|
mbedtls_zeroize_and_free(entry->session, entry->session_len);
|
|
}
|
|
|
|
/* zeroize the whole entry structure */
|
|
mbedtls_platform_zeroize(entry, sizeof(mbedtls_ssl_cache_entry));
|
|
}
|
|
|
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
|
static int ssl_cache_pick_writing_slot(mbedtls_ssl_cache_context *cache,
|
|
unsigned char const *session_id,
|
|
size_t session_id_len,
|
|
mbedtls_ssl_cache_entry **dst)
|
|
{
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
mbedtls_time_t t = mbedtls_time(NULL), oldest = 0;
|
|
#endif /* MBEDTLS_HAVE_TIME */
|
|
|
|
mbedtls_ssl_cache_entry *old = NULL;
|
|
int count = 0;
|
|
mbedtls_ssl_cache_entry *cur, *last;
|
|
|
|
/* Check 1: Is there already an entry with the given session ID?
|
|
*
|
|
* If yes, overwrite it.
|
|
*
|
|
* If not, `count` will hold the size of the session cache
|
|
* at the end of this loop, and `last` will point to the last
|
|
* entry, both of which will be used later. */
|
|
|
|
last = NULL;
|
|
for (cur = cache->chain; cur != NULL; cur = cur->next) {
|
|
count++;
|
|
if (session_id_len == cur->session_id_len &&
|
|
memcmp(session_id, cur->session_id, cur->session_id_len) == 0) {
|
|
goto found;
|
|
}
|
|
last = cur;
|
|
}
|
|
|
|
/* Check 2: Is there an outdated entry in the cache?
|
|
*
|
|
* If so, overwrite it.
|
|
*
|
|
* If not, remember the oldest entry in `old` for later.
|
|
*/
|
|
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
for (cur = cache->chain; cur != NULL; cur = cur->next) {
|
|
if (cache->timeout != 0 &&
|
|
(int) (t - cur->timestamp) > cache->timeout) {
|
|
goto found;
|
|
}
|
|
|
|
if (oldest == 0 || cur->timestamp < oldest) {
|
|
oldest = cur->timestamp;
|
|
old = cur;
|
|
}
|
|
}
|
|
#endif /* MBEDTLS_HAVE_TIME */
|
|
|
|
/* Check 3: Is there free space in the cache? */
|
|
|
|
if (count < cache->max_entries) {
|
|
/* Create new entry */
|
|
cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
|
|
if (cur == NULL) {
|
|
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
|
}
|
|
|
|
/* Append to the end of the linked list. */
|
|
if (last == NULL) {
|
|
cache->chain = cur;
|
|
} else {
|
|
last->next = cur;
|
|
}
|
|
|
|
goto found;
|
|
}
|
|
|
|
/* Last resort: The cache is full and doesn't contain any outdated
|
|
* elements. In this case, we evict the oldest one, judged by timestamp
|
|
* (if present) or cache-order. */
|
|
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
if (old == NULL) {
|
|
/* This should only happen on an ill-configured cache
|
|
* with max_entries == 0. */
|
|
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
|
}
|
|
#else /* MBEDTLS_HAVE_TIME */
|
|
/* Reuse first entry in chain, but move to last place. */
|
|
if (cache->chain == NULL) {
|
|
/* This should never happen */
|
|
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
}
|
|
|
|
old = cache->chain;
|
|
cache->chain = old->next;
|
|
old->next = NULL;
|
|
last->next = old;
|
|
#endif /* MBEDTLS_HAVE_TIME */
|
|
|
|
/* Now `old` points to the oldest entry to be overwritten. */
|
|
cur = old;
|
|
|
|
found:
|
|
|
|
/* If we're reusing an entry, free it first. */
|
|
if (cur->session != NULL) {
|
|
/* `ssl_cache_entry_zeroize` would break the chain,
|
|
* so we reuse `old` to record `next` temporarily. */
|
|
old = cur->next;
|
|
ssl_cache_entry_zeroize(cur);
|
|
cur->next = old;
|
|
}
|
|
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
cur->timestamp = t;
|
|
#endif
|
|
|
|
*dst = cur;
|
|
return 0;
|
|
}
|
|
|
|
int mbedtls_ssl_cache_set(void *data,
|
|
unsigned char const *session_id,
|
|
size_t session_id_len,
|
|
const mbedtls_ssl_session *session)
|
|
{
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
|
|
mbedtls_ssl_cache_entry *cur;
|
|
|
|
size_t session_serialized_len = 0;
|
|
unsigned char *session_serialized = NULL;
|
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
|
|
return ret;
|
|
}
|
|
#endif
|
|
|
|
ret = ssl_cache_pick_writing_slot(cache,
|
|
session_id, session_id_len,
|
|
&cur);
|
|
if (ret != 0) {
|
|
goto exit;
|
|
}
|
|
|
|
/* Check how much space we need to serialize the session
|
|
* and allocate a sufficiently large buffer. */
|
|
ret = mbedtls_ssl_session_save(session, NULL, 0, &session_serialized_len);
|
|
if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
|
|
goto exit;
|
|
}
|
|
|
|
session_serialized = mbedtls_calloc(1, session_serialized_len);
|
|
if (session_serialized == NULL) {
|
|
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
|
goto exit;
|
|
}
|
|
|
|
/* Now serialize the session into the allocated buffer. */
|
|
ret = mbedtls_ssl_session_save(session,
|
|
session_serialized,
|
|
session_serialized_len,
|
|
&session_serialized_len);
|
|
if (ret != 0) {
|
|
goto exit;
|
|
}
|
|
|
|
if (session_id_len > sizeof(cur->session_id)) {
|
|
ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
|
goto exit;
|
|
}
|
|
cur->session_id_len = session_id_len;
|
|
memcpy(cur->session_id, session_id, session_id_len);
|
|
|
|
cur->session = session_serialized;
|
|
cur->session_len = session_serialized_len;
|
|
session_serialized = NULL;
|
|
|
|
ret = 0;
|
|
|
|
exit:
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
|
|
ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
|
|
}
|
|
#endif
|
|
|
|
if (session_serialized != NULL) {
|
|
mbedtls_zeroize_and_free(session_serialized, session_serialized_len);
|
|
session_serialized = NULL;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
int mbedtls_ssl_cache_remove(void *data,
|
|
unsigned char const *session_id,
|
|
size_t session_id_len)
|
|
{
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
|
|
mbedtls_ssl_cache_entry *entry;
|
|
mbedtls_ssl_cache_entry *prev;
|
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
|
|
return ret;
|
|
}
|
|
#endif
|
|
|
|
ret = ssl_cache_find_entry(cache, session_id, session_id_len, &entry);
|
|
/* No valid entry found, exit with success */
|
|
if (ret != 0) {
|
|
ret = 0;
|
|
goto exit;
|
|
}
|
|
|
|
/* Now we remove the entry from the chain */
|
|
if (entry == cache->chain) {
|
|
cache->chain = entry->next;
|
|
goto free;
|
|
}
|
|
for (prev = cache->chain; prev->next != NULL; prev = prev->next) {
|
|
if (prev->next == entry) {
|
|
prev->next = entry->next;
|
|
break;
|
|
}
|
|
}
|
|
|
|
free:
|
|
ssl_cache_entry_zeroize(entry);
|
|
mbedtls_free(entry);
|
|
ret = 0;
|
|
|
|
exit:
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
|
|
ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
|
|
}
|
|
#endif
|
|
|
|
return ret;
|
|
}
|
|
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout)
|
|
{
|
|
if (timeout < 0) {
|
|
timeout = 0;
|
|
}
|
|
|
|
cache->timeout = timeout;
|
|
}
|
|
#endif /* MBEDTLS_HAVE_TIME */
|
|
|
|
void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max)
|
|
{
|
|
if (max < 0) {
|
|
max = 0;
|
|
}
|
|
|
|
cache->max_entries = max;
|
|
}
|
|
|
|
void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache)
|
|
{
|
|
mbedtls_ssl_cache_entry *cur, *prv;
|
|
|
|
cur = cache->chain;
|
|
|
|
while (cur != NULL) {
|
|
prv = cur;
|
|
cur = cur->next;
|
|
|
|
ssl_cache_entry_zeroize(prv);
|
|
mbedtls_free(prv);
|
|
}
|
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
mbedtls_mutex_free(&cache->mutex);
|
|
#endif
|
|
cache->chain = NULL;
|
|
}
|
|
|
|
#endif /* MBEDTLS_SSL_CACHE_C */
|