cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-03 20:22:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

SSL Cache threading support

Browse Source
This commit is contained in:
Paul Bakker 2013-09-28 15:01:27 +02:00
parent 2466d93546
commit c55988406f
2 changed files with 65 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/polarssl/ssl_cache.h
View File

@ -29,6 +29,10 @@
#include "ssl.h" #include "ssl.h"
#if defined(POLARSSL_THREADING_C)
#include "threading.h"
#endif
#if !defined(POLARSSL_CONFIG_OPTIONS) #if !defined(POLARSSL_CONFIG_OPTIONS)
#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */ #define SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */
#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */ #define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */
@ -64,6 +68,9 @@ struct _ssl_cache_context
ssl_cache_entry *chain; /*!< start of the chain */ ssl_cache_entry *chain; /*!< start of the chain */
int timeout; /*!< cache entry timeout */ int timeout; /*!< cache entry timeout */
int max_entries; /*!< maximum entries */ int max_entries; /*!< maximum entries */
#if defined(POLARSSL_THREADING_C)
threading_mutex_t mutex; /*!< mutex */
#endif
}; };
/** /**
@ -75,6 +82,7 @@ void ssl_cache_init( ssl_cache_context *cache );
/** /**
* \brief Cache get callback implementation * \brief Cache get callback implementation
* (Thread-safe if POLARSSL_THREADING_C is enabled)
* *
* \param data SSL cache context * \param data SSL cache context
* \param session session to retrieve entry for * \param session session to retrieve entry for
@ -83,6 +91,7 @@ int ssl_cache_get( void *data, ssl_session *session );
/** /**
* \brief Cache set callback implementation * \brief Cache set callback implementation
* (Thread-safe if POLARSSL_THREADING_C is enabled)
* *
* \param data SSL cache context * \param data SSL cache context
* \param session session to store entry for * \param session session to store entry for

64
library/ssl_cache.c
View File

@ -48,16 +48,26 @@ void ssl_cache_init( ssl_cache_context *cache )
cache->timeout = SSL_CACHE_DEFAULT_TIMEOUT; cache->timeout = SSL_CACHE_DEFAULT_TIMEOUT;
cache->max_entries = SSL_CACHE_DEFAULT_MAX_ENTRIES; cache->max_entries = SSL_CACHE_DEFAULT_MAX_ENTRIES;
#if defined(POLARSSL_THREADING_C)
polarssl_mutex_init( &cache->mutex );
#endif
} }
int ssl_cache_get( void *data, ssl_session *session ) int ssl_cache_get( void *data, ssl_session *session )
{ {
int ret = 1;
#if defined(POLARSSL_HAVE_TIME) #if defined(POLARSSL_HAVE_TIME)
time_t t = time( NULL ); time_t t = time( NULL );
#endif #endif
ssl_cache_context *cache = (ssl_cache_context *) data; ssl_cache_context *cache = (ssl_cache_context *) data;
ssl_cache_entry *cur, *entry; ssl_cache_entry *cur, *entry;
#if defined(POLARSSL_THREADING_C)
if( polarssl_mutex_lock( &cache->mutex ) != 0 )
return( 1 );
#endif
cur = cache->chain; cur = cache->chain;
entry = NULL; entry = NULL;
@ -93,7 +103,10 @@ int ssl_cache_get( void *data, ssl_session *session )
{ {
session->peer_cert = (x509_crt *) polarssl_malloc( sizeof(x509_crt) ); session->peer_cert = (x509_crt *) polarssl_malloc( sizeof(x509_crt) );
if( session->peer_cert == NULL ) if( session->peer_cert == NULL )
return( 1 ); {
ret = 1;
goto exit;
}
x509_crt_init( session->peer_cert ); x509_crt_init( session->peer_cert );
if( x509_crt_parse( session->peer_cert, entry->peer_cert.p, if( x509_crt_parse( session->peer_cert, entry->peer_cert.p,
@ -101,19 +114,28 @@ int ssl_cache_get( void *data, ssl_session *session )
{ {
polarssl_free( session->peer_cert ); polarssl_free( session->peer_cert );
session->peer_cert = NULL; session->peer_cert = NULL;
return( 1 ); ret = 1;
goto exit;
} }
} }
#endif /* POLARSSL_X509_CRT_PARSE_C */ #endif /* POLARSSL_X509_CRT_PARSE_C */
return( 0 ); ret = 0;
goto exit;
} }
return( 1 ); exit:
#if defined(POLARSSL_THREADING_C)
if( polarssl_mutex_unlock( &cache->mutex ) != 0 )
ret = 1;
#endif
return( ret );
} }
int ssl_cache_set( void *data, const ssl_session *session ) int ssl_cache_set( void *data, const ssl_session *session )
{ {
int ret = 1;
#if defined(POLARSSL_HAVE_TIME) #if defined(POLARSSL_HAVE_TIME)
time_t t = time( NULL ), oldest = 0; time_t t = time( NULL ), oldest = 0;
ssl_cache_entry *old = NULL; ssl_cache_entry *old = NULL;
@ -122,6 +144,11 @@ int ssl_cache_set( void *data, const ssl_session *session )
ssl_cache_entry *cur, *prv; ssl_cache_entry *cur, *prv;
int count = 0; int count = 0;
#if defined(POLARSSL_THREADING_C)
if( ( ret = polarssl_mutex_lock( &cache->mutex ) ) != 0 )
return( ret );
#endif
cur = cache->chain; cur = cache->chain;
prv = NULL; prv = NULL;
@ -179,7 +206,10 @@ int ssl_cache_set( void *data, const ssl_session *session )
if( count >= cache->max_entries ) if( count >= cache->max_entries )
{ {
if( cache->chain == NULL ) if( cache->chain == NULL )
return( 1 ); {
ret = 1;
goto exit;
}
cur = cache->chain; cur = cache->chain;
cache->chain = cur->next; cache->chain = cur->next;
@ -200,7 +230,10 @@ int ssl_cache_set( void *data, const ssl_session *session )
{ {
cur = (ssl_cache_entry *) polarssl_malloc( sizeof(ssl_cache_entry) ); cur = (ssl_cache_entry *) polarssl_malloc( sizeof(ssl_cache_entry) );
if( cur == NULL ) if( cur == NULL )
return( 1 ); {
ret = 1;
goto exit;
}
memset( cur, 0, sizeof(ssl_cache_entry) ); memset( cur, 0, sizeof(ssl_cache_entry) );
@ -225,7 +258,10 @@ int ssl_cache_set( void *data, const ssl_session *session )
{ {
cur->peer_cert.p = (unsigned char *) polarssl_malloc( session->peer_cert->raw.len ); cur->peer_cert.p = (unsigned char *) polarssl_malloc( session->peer_cert->raw.len );
if( cur->peer_cert.p == NULL ) if( cur->peer_cert.p == NULL )
return( 1 ); {
ret = 1;
goto exit;
}
memcpy( cur->peer_cert.p, session->peer_cert->raw.p, memcpy( cur->peer_cert.p, session->peer_cert->raw.p,
session->peer_cert->raw.len ); session->peer_cert->raw.len );
@ -235,7 +271,15 @@ int ssl_cache_set( void *data, const ssl_session *session )
} }
#endif /* POLARSSL_X509_CRT_PARSE_C */ #endif /* POLARSSL_X509_CRT_PARSE_C */
return( 0 ); ret = 0;
exit:
#if defined(POLARSSL_THREADING_C)
if( polarssl_mutex_unlock( &cache->mutex ) != 0 )
ret = 1;
#endif
return( ret );
} }
#if defined(POLARSSL_HAVE_TIME) #if defined(POLARSSL_HAVE_TIME)
@ -274,6 +318,10 @@ void ssl_cache_free( ssl_cache_context *cache )
polarssl_free( prv ); polarssl_free( prv );
} }
#if defined(POLARSSL_THREADING_C)
polarssl_mutex_free( &cache->mutex );
#endif
} }
#endif /* POLARSSL_SSL_CACHE_C */ #endif /* POLARSSL_SSL_CACHE_C */