mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 21:25:46 +01:00
83e3671d87
Session-ID based session resumption requires that the resumed session is consistent with the client's ClientHello in terms of choice of ciphersuite and choice of compression. This check was previously assumed to be performed in the session cache implementation, which seems wrong: The session cache should be an id-based lookup only, and protocol specific checks should be left to Mbed TLS. This commit - adds an explicit ciphersuite and compression consistency check after the SSL session cache has been queried - removes the ciphersuite and compression consistency check from Mbed TLS' session cache reference implementation. Don't use ssl_check_xxx() for functions with void return Signed-off-by: Hanno Becker <hanno.becker@arm.com>
346 lines
9.0 KiB
C
346 lines
9.0 KiB
C
/*
|
|
* SSL session cache implementation
|
|
*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
/*
|
|
* These session callbacks use a simple chained list
|
|
* to store and retrieve the session information.
|
|
*/
|
|
|
|
#include "common.h"
|
|
|
|
#if defined(MBEDTLS_SSL_CACHE_C)
|
|
|
|
#if defined(MBEDTLS_PLATFORM_C)
|
|
#include "mbedtls/platform.h"
|
|
#else
|
|
#include <stdlib.h>
|
|
#define mbedtls_calloc calloc
|
|
#define mbedtls_free free
|
|
#endif
|
|
|
|
#include "mbedtls/ssl_cache.h"
|
|
#include "mbedtls/ssl_internal.h"
|
|
|
|
#include <string.h>
|
|
|
|
void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache )
|
|
{
|
|
memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) );
|
|
|
|
cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT;
|
|
cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES;
|
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
mbedtls_mutex_init( &cache->mutex );
|
|
#endif
|
|
}
|
|
|
|
int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
|
|
{
|
|
int ret = 1;
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
mbedtls_time_t t = mbedtls_time( NULL );
|
|
#endif
|
|
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
|
|
mbedtls_ssl_cache_entry *cur, *entry;
|
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
if( mbedtls_mutex_lock( &cache->mutex ) != 0 )
|
|
return( 1 );
|
|
#endif
|
|
|
|
cur = cache->chain;
|
|
entry = NULL;
|
|
|
|
while( cur != NULL )
|
|
{
|
|
entry = cur;
|
|
cur = cur->next;
|
|
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
if( cache->timeout != 0 &&
|
|
(int) ( t - entry->timestamp ) > cache->timeout )
|
|
continue;
|
|
#endif
|
|
|
|
if( session->id_len != entry->session.id_len ||
|
|
memcmp( session->id, entry->session.id,
|
|
entry->session.id_len ) != 0 )
|
|
{
|
|
continue;
|
|
}
|
|
|
|
ret = mbedtls_ssl_session_copy( session, &entry->session );
|
|
if( ret != 0 )
|
|
{
|
|
ret = 1;
|
|
goto exit;
|
|
}
|
|
|
|
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
|
defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
|
/*
|
|
* Restore peer certificate (without rest of the original chain)
|
|
*/
|
|
if( entry->peer_cert.p != NULL )
|
|
{
|
|
/* `session->peer_cert` is NULL after the call to
|
|
* mbedtls_ssl_session_copy(), because cache entries
|
|
* have the `peer_cert` field set to NULL. */
|
|
|
|
if( ( session->peer_cert = mbedtls_calloc( 1,
|
|
sizeof(mbedtls_x509_crt) ) ) == NULL )
|
|
{
|
|
ret = 1;
|
|
goto exit;
|
|
}
|
|
|
|
mbedtls_x509_crt_init( session->peer_cert );
|
|
if( mbedtls_x509_crt_parse( session->peer_cert, entry->peer_cert.p,
|
|
entry->peer_cert.len ) != 0 )
|
|
{
|
|
mbedtls_free( session->peer_cert );
|
|
session->peer_cert = NULL;
|
|
ret = 1;
|
|
goto exit;
|
|
}
|
|
}
|
|
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
|
|
|
ret = 0;
|
|
goto exit;
|
|
}
|
|
|
|
exit:
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
|
|
ret = 1;
|
|
#endif
|
|
|
|
return( ret );
|
|
}
|
|
|
|
int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
|
|
{
|
|
int ret = 1;
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0;
|
|
mbedtls_ssl_cache_entry *old = NULL;
|
|
#endif
|
|
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
|
|
mbedtls_ssl_cache_entry *cur, *prv;
|
|
int count = 0;
|
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
if( ( ret = mbedtls_mutex_lock( &cache->mutex ) ) != 0 )
|
|
return( ret );
|
|
#endif
|
|
|
|
cur = cache->chain;
|
|
prv = NULL;
|
|
|
|
while( cur != NULL )
|
|
{
|
|
count++;
|
|
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
if( cache->timeout != 0 &&
|
|
(int) ( t - cur->timestamp ) > cache->timeout )
|
|
{
|
|
cur->timestamp = t;
|
|
break; /* expired, reuse this slot, update timestamp */
|
|
}
|
|
#endif
|
|
|
|
if( memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 )
|
|
break; /* client reconnected, keep timestamp for session id */
|
|
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
if( oldest == 0 || cur->timestamp < oldest )
|
|
{
|
|
oldest = cur->timestamp;
|
|
old = cur;
|
|
}
|
|
#endif
|
|
|
|
prv = cur;
|
|
cur = cur->next;
|
|
}
|
|
|
|
if( cur == NULL )
|
|
{
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
/*
|
|
* Reuse oldest entry if max_entries reached
|
|
*/
|
|
if( count >= cache->max_entries )
|
|
{
|
|
if( old == NULL )
|
|
{
|
|
ret = 1;
|
|
goto exit;
|
|
}
|
|
|
|
cur = old;
|
|
}
|
|
#else /* MBEDTLS_HAVE_TIME */
|
|
/*
|
|
* Reuse first entry in chain if max_entries reached,
|
|
* but move to last place
|
|
*/
|
|
if( count >= cache->max_entries )
|
|
{
|
|
if( cache->chain == NULL )
|
|
{
|
|
ret = 1;
|
|
goto exit;
|
|
}
|
|
|
|
cur = cache->chain;
|
|
cache->chain = cur->next;
|
|
cur->next = NULL;
|
|
prv->next = cur;
|
|
}
|
|
#endif /* MBEDTLS_HAVE_TIME */
|
|
else
|
|
{
|
|
/*
|
|
* max_entries not reached, create new entry
|
|
*/
|
|
cur = mbedtls_calloc( 1, sizeof(mbedtls_ssl_cache_entry) );
|
|
if( cur == NULL )
|
|
{
|
|
ret = 1;
|
|
goto exit;
|
|
}
|
|
|
|
if( prv == NULL )
|
|
cache->chain = cur;
|
|
else
|
|
prv->next = cur;
|
|
}
|
|
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
cur->timestamp = t;
|
|
#endif
|
|
}
|
|
|
|
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
|
defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
|
/*
|
|
* If we're reusing an entry, free its certificate first
|
|
*/
|
|
if( cur->peer_cert.p != NULL )
|
|
{
|
|
mbedtls_free( cur->peer_cert.p );
|
|
memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) );
|
|
}
|
|
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
|
|
|
/* Copy the entire session; this temporarily makes a copy of the
|
|
* X.509 CRT structure even though we only want to store the raw CRT.
|
|
* This inefficiency will go away as soon as we implement on-demand
|
|
* parsing of CRTs, in which case there's no need for the `peer_cert`
|
|
* field anymore in the first place, and we're done after this call. */
|
|
ret = mbedtls_ssl_session_copy( &cur->session, session );
|
|
if( ret != 0 )
|
|
{
|
|
ret = 1;
|
|
goto exit;
|
|
}
|
|
|
|
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
|
defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
|
/* If present, free the X.509 structure and only store the raw CRT data. */
|
|
if( cur->session.peer_cert != NULL )
|
|
{
|
|
cur->peer_cert.p =
|
|
mbedtls_calloc( 1, cur->session.peer_cert->raw.len );
|
|
if( cur->peer_cert.p == NULL )
|
|
{
|
|
ret = 1;
|
|
goto exit;
|
|
}
|
|
|
|
memcpy( cur->peer_cert.p,
|
|
cur->session.peer_cert->raw.p,
|
|
cur->session.peer_cert->raw.len );
|
|
cur->peer_cert.len = session->peer_cert->raw.len;
|
|
|
|
mbedtls_x509_crt_free( cur->session.peer_cert );
|
|
mbedtls_free( cur->session.peer_cert );
|
|
cur->session.peer_cert = NULL;
|
|
}
|
|
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
|
|
|
ret = 0;
|
|
|
|
exit:
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
|
|
ret = 1;
|
|
#endif
|
|
|
|
return( ret );
|
|
}
|
|
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
|
void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout )
|
|
{
|
|
if( timeout < 0 ) timeout = 0;
|
|
|
|
cache->timeout = timeout;
|
|
}
|
|
#endif /* MBEDTLS_HAVE_TIME */
|
|
|
|
void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max )
|
|
{
|
|
if( max < 0 ) max = 0;
|
|
|
|
cache->max_entries = max;
|
|
}
|
|
|
|
void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache )
|
|
{
|
|
mbedtls_ssl_cache_entry *cur, *prv;
|
|
|
|
cur = cache->chain;
|
|
|
|
while( cur != NULL )
|
|
{
|
|
prv = cur;
|
|
cur = cur->next;
|
|
|
|
mbedtls_ssl_session_free( &prv->session );
|
|
|
|
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
|
defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
|
mbedtls_free( prv->peer_cert.p );
|
|
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
|
|
|
mbedtls_free( prv );
|
|
}
|
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
|
mbedtls_mutex_free( &cache->mutex );
|
|
#endif
|
|
cache->chain = NULL;
|
|
}
|
|
|
|
#endif /* MBEDTLS_SSL_CACHE_C */
|