Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 24a7a75be662bd111ee07e0265112e969fedc8aa / . / src / shctx.c
blob: 9d4bea4ba3e397163ac5c9dee92a137604a89194 [file] [log] [blame]
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]1/*
2 * shctx.c - shared context management functions for SSL
3 *
4 * Copyright (C) 2011-2012 EXCELIANCE
5 *
6 * Author: Emeric Brun - emeric@exceliance.fr
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version
11 * 2 of the License, or (at your option) any later version.
12 */
13
14#include <sys/mman.h>
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]15#include <arpa/inet.h>
Willy Tarreauce3f9132014-05-28 16:47:01 +0200[diff] [blame]16#include <ebmbtree.h>
Emeric Bruncd1a5262014-05-07 23:11:42 +0200[diff] [blame]17
William Lallemand24a7a752017-10-09 14:17:39 +0200[diff] [blame^]18#include <proto/shctx.h>
19#include <proto/openssl-compat.h>
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]20
William Lallemand24a7a752017-10-09 14:17:39 +0200[diff] [blame^]21#include <types/global.h>
22#include <types/shctx.h>
Emeric Brun4b3091e2012-09-24 15:48:52 +0200[diff] [blame]23
William Lallemand24a7a752017-10-09 14:17:39 +0200[diff] [blame^]24struct shared_context *shctx = NULL;
Emeric Brun4b3091e2012-09-24 15:48:52 +0200[diff] [blame]25
William Lallemand24a7a752017-10-09 14:17:39 +0200[diff] [blame^]26#if !defined (USE_PRIVATE_CACHE)
27int use_shared_mem = 0;
Emeric Brun9faf0712012-09-25 11:11:16 +0200[diff] [blame]28#endif
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]29
30/* List Macros */
31
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]32#define shblock_unset(s) (s)->n->p = (s)->p; \
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]33 (s)->p->n = (s)->n;
34
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]35#define shblock_set_free(s) shblock_unset(s) \
36 (s)->n = &shctx->free; \
37 (s)->p = shctx->free.p; \
38 shctx->free.p->n = s; \
39 shctx->free.p = s;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]40
41
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]42#define shblock_set_active(s) shblock_unset(s) \
43 (s)->n = &shctx->active; \
44 (s)->p = shctx->active.p; \
45 shctx->active.p->n = s; \
46 shctx->active.p = s;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]47
48
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]49/* Tree Macros */
50
51#define shsess_tree_delete(s) ebmb_delete(&(s)->key);
52
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]53#define shsess_tree_insert(s) (struct shared_session *)ebmb_insert(&shctx->active.data.session.key.node.branches, \
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]54 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
55
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]56#define shsess_tree_lookup(k) (struct shared_session *)ebmb_lookup(&shctx->active.data.session.key.node.branches, \
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]57 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
58
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]59/* shared session functions */
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]60
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]61/* Free session blocks, returns number of freed blocks */
62static int shsess_free(struct shared_session *shsess)
63{
64 struct shared_block *block;
65 int ret = 1;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]66
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]67 if (((struct shared_block *)shsess)->data_len <= sizeof(shsess->data)) {
68 shblock_set_free((struct shared_block *)shsess);
69 return ret;
70 }
71 block = ((struct shared_block *)shsess)->n;
72 shblock_set_free((struct shared_block *)shsess);
73 while (1) {
74 struct shared_block *next;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]75
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]76 if (block->data_len <= sizeof(block->data)) {
77 /* last block */
78 shblock_set_free(block);
79 ret++;
80 break;
81 }
82 next = block->n;
83 shblock_set_free(block);
84 ret++;
85 block = next;
86 }
87 return ret;
88}
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]89
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]90/* This function frees enough blocks to store a new session of data_len.
91 * Returns a ptr on a free block if it succeeds, or NULL if there are not
92 * enough blocks to store that session.
93 */
94static struct shared_session *shsess_get_next(int data_len)
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]95{
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]96 int head = 0;
97 struct shared_block *b;
98
99 b = shctx->free.n;
100 while (b != &shctx->free) {
101 if (!head) {
102 data_len -= sizeof(b->data.session.data);
103 head = 1;
104 }
105 else
106 data_len -= sizeof(b->data.data);
107 if (data_len <= 0)
108 return &shctx->free.n->data.session;
109 b = b->n;
110 }
111 b = shctx->active.n;
112 while (b != &shctx->active) {
113 int freed;
114
115 shsess_tree_delete(&b->data.session);
116 freed = shsess_free(&b->data.session);
117 if (!head)
118 data_len -= sizeof(b->data.session.data) + (freed-1)*sizeof(b->data.data);
119 else
120 data_len -= freed*sizeof(b->data.data);
121 if (data_len <= 0)
122 return &shctx->free.n->data.session;
123 b = shctx->active.n;
124 }
125 return NULL;
126}
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]127
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]128/* store a session into the cache
129 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
130 * data: asn1 encoded session
131 * data_len: asn1 encoded session length
132 * Returns 1 id session was stored (else 0)
133 */
134static int shsess_store(unsigned char *s_id, unsigned char *data, int data_len)
135{
136 struct shared_session *shsess, *oldshsess;
137
138 shsess = shsess_get_next(data_len);
139 if (!shsess) {
140 /* Could not retrieve enough free blocks to store that session */
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]141 return 0;
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]142 }
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]143
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]144 /* prepare key */
145 memcpy(shsess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]146
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]147 /* it returns the already existing node
148 or current node if none, never returns null */
149 oldshsess = shsess_tree_insert(shsess);
150 if (oldshsess != shsess) {
151 /* free all blocks used by old node */
152 shsess_free(oldshsess);
153 shsess = oldshsess;
154 }
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]155
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]156 ((struct shared_block *)shsess)->data_len = data_len;
157 if (data_len <= sizeof(shsess->data)) {
158 /* Store on a single block */
159 memcpy(shsess->data, data, data_len);
160 shblock_set_active((struct shared_block *)shsess);
161 }
162 else {
163 unsigned char *p;
164 /* Store on multiple blocks */
165 int cur_len;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]166
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]167 memcpy(shsess->data, data, sizeof(shsess->data));
168 p = data + sizeof(shsess->data);
169 cur_len = data_len - sizeof(shsess->data);
170 shblock_set_active((struct shared_block *)shsess);
171 while (1) {
172 /* Store next data on free block.
173 * shsess_get_next guarantees that there are enough
174 * free blocks in queue.
175 */
176 struct shared_block *block;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]177
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]178 block = shctx->free.n;
179 if (cur_len <= sizeof(block->data)) {
180 /* This is the last block */
181 block->data_len = cur_len;
182 memcpy(block->data.data, p, cur_len);
183 shblock_set_active(block);
184 break;
185 }
186 /* Intermediate block */
187 block->data_len = cur_len;
188 memcpy(block->data.data, p, sizeof(block->data));
189 p += sizeof(block->data.data);
190 cur_len -= sizeof(block->data.data);
191 shblock_set_active(block);
192 }
193 }
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]194
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]195 return 1;
196}
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]197
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]198
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]199/* SSL context callbacks */
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]200
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]201/* SSL callback used on new session creation */
202int shctx_new_cb(SSL *ssl, SSL_SESSION *sess)
203{
William Lallemand2a979662017-09-18 17:37:07 +0200[diff] [blame]204 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
205 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]206 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]207 int data_len;
208 unsigned int sid_length, sid_ctx_length;
209 const unsigned char *sid_data;
210 const unsigned char *sid_ctx_data;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]211
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]212 /* Session id is already stored in to key and session id is known
213 * so we dont store it to keep size.
214 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]215
216 sid_data = SSL_SESSION_get_id(sess, &sid_length);
217 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
218 SSL_SESSION_set1_id(sess, sid_data, 0);
219 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]220
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]221 /* check if buffer is large enough for the ASN1 encoded session */
222 data_len = i2d_SSL_SESSION(sess, NULL);
223 if (data_len > SHSESS_MAX_DATA_LEN)
224 goto err;
225
William Lallemand2a979662017-09-18 17:37:07 +0200[diff] [blame]226 p = encsess;
227
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]228 /* process ASN1 session encoding before the lock */
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]229 i2d_SSL_SESSION(sess, &p);
230
William Lallemand2a979662017-09-18 17:37:07 +0200[diff] [blame]231 memcpy(encid, sid_data, sid_length);
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]232 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
William Lallemand2a979662017-09-18 17:37:07 +0200[diff] [blame]233 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]234
235 shared_context_lock();
236
237 /* store to cache */
William Lallemand2a979662017-09-18 17:37:07 +0200[diff] [blame]238 shsess_store(encid, encsess, data_len);
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]239
240 shared_context_unlock();
241
242err:
243 /* reset original length values */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]244 SSL_SESSION_set1_id(sess, sid_data, sid_length);
245 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]246
247 return 0; /* do not increment session reference count */
248}
249
250/* SSL callback used on lookup an existing session cause none found in internal cache */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]251SSL_SESSION *shctx_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]252{
253 struct shared_session *shsess;
254 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
255 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]256 int data_len;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]257 SSL_SESSION *sess;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]258
Willy Tarreauce3f9132014-05-28 16:47:01 +0200[diff] [blame]259 global.shctx_lookups++;
260
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]261 /* allow the session to be freed automatically by openssl */
262 *do_copy = 0;
263
264 /* tree key is zeros padded sessionid */
265 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
266 memcpy(tmpkey, key, key_len);
267 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
268 key = tmpkey;
269 }
270
271 /* lock cache */
272 shared_context_lock();
273
274 /* lookup for session */
275 shsess = shsess_tree_lookup(key);
276 if (!shsess) {
277 /* no session found: unlock cache and exit */
278 shared_context_unlock();
Willy Tarreauce3f9132014-05-28 16:47:01 +0200[diff] [blame]279 global.shctx_misses++;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]280 return NULL;
281 }
282
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]283 data_len = ((struct shared_block *)shsess)->data_len;
284 if (data_len <= sizeof(shsess->data)) {
285 /* Session stored on single block */
286 memcpy(data, shsess->data, data_len);
287 shblock_set_active((struct shared_block *)shsess);
288 }
289 else {
290 /* Session stored on multiple blocks */
291 struct shared_block *block;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]292
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]293 memcpy(data, shsess->data, sizeof(shsess->data));
294 p = data + sizeof(shsess->data);
295 block = ((struct shared_block *)shsess)->n;
296 shblock_set_active((struct shared_block *)shsess);
297 while (1) {
298 /* Retrieve data from next block */
299 struct shared_block *next;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]300
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]301 if (block->data_len <= sizeof(block->data.data)) {
302 /* This is the last block */
303 memcpy(p, block->data.data, block->data_len);
304 p += block->data_len;
305 shblock_set_active(block);
306 break;
307 }
308 /* Intermediate block */
309 memcpy(p, block->data.data, sizeof(block->data.data));
310 p += sizeof(block->data.data);
311 next = block->n;
312 shblock_set_active(block);
313 block = next;
314 }
315 }
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]316
317 shared_context_unlock();
318
319 /* decode ASN1 session */
320 p = data;
321 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, data_len);
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]322 /* Reset session id and session id contenxt */
323 if (sess) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]324 SSL_SESSION_set1_id(sess, key, key_len);
325 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]326 }
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]327
328 return sess;
329}
330
331/* SSL callback used to signal session is no more used in internal cache */
332void shctx_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
333{
334 struct shared_session *shsess;
335 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]336 unsigned int sid_length;
337 const unsigned char *sid_data;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]338 (void)ctx;
339
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]340 sid_data = SSL_SESSION_get_id(sess, &sid_length);
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]341 /* tree key is zeros padded sessionid */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]342 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
343 memcpy(tmpkey, sid_data, sid_length);
344 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
345 sid_data = tmpkey;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]346 }
347
348 shared_context_lock();
349
350 /* lookup for session */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]351 shsess = shsess_tree_lookup(sid_data);
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]352 if (shsess) {
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]353 /* free session */
354 shsess_tree_delete(shsess);
355 shsess_free(shsess);
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]356 }
357
358 /* unlock cache */
359 shared_context_unlock();
360}
361
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]362/* Allocate shared memory context.
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]363 * <size> is maximum cached sessions.
Emeric Brun22890a12012-12-28 14:41:32 +0100[diff] [blame]364 * If <size> is set to less or equal to 0, ssl cache is disabled.
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]365 * Returns: -1 on alloc failure, <size> if it performs context alloc,
366 * and 0 if cache is already allocated.
367 */
Emeric Brun4b3091e2012-09-24 15:48:52 +0200[diff] [blame]368int shared_context_init(int size, int shared)
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]369{
370 int i;
Emeric Brun9faf0712012-09-25 11:11:16 +0200[diff] [blame]371#ifndef USE_PRIVATE_CACHE
Emeric Bruncd1a5262014-05-07 23:11:42 +0200[diff] [blame]372#ifdef USE_PTHREAD_PSHARED
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]373 pthread_mutexattr_t attr;
Emeric Bruncd1a5262014-05-07 23:11:42 +0200[diff] [blame]374#endif
Emeric Brun9faf0712012-09-25 11:11:16 +0200[diff] [blame]375#endif
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]376 struct shared_block *prev,*cur;
Emeric Brun4b3091e2012-09-24 15:48:52 +0200[diff] [blame]377 int maptype = MAP_PRIVATE;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]378
379 if (shctx)
380 return 0;
381
382 if (size<=0)
Emeric Brun22890a12012-12-28 14:41:32 +0100[diff] [blame]383 return 0;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]384
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]385 /* Increate size by one to reserve one node for lookup */
386 size++;
Emeric Brun9faf0712012-09-25 11:11:16 +0200[diff] [blame]387#ifndef USE_PRIVATE_CACHE
Emeric Brun4b3091e2012-09-24 15:48:52 +0200[diff] [blame]388 if (shared)
389 maptype = MAP_SHARED;
Emeric Brun9faf0712012-09-25 11:11:16 +0200[diff] [blame]390#endif
Emeric Brun4b3091e2012-09-24 15:48:52 +0200[diff] [blame]391
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]392 shctx = (struct shared_context *)mmap(NULL, sizeof(struct shared_context)+(size*sizeof(struct shared_block)),
Emeric Brun4b3091e2012-09-24 15:48:52 +0200[diff] [blame]393 PROT_READ | PROT_WRITE, maptype | MAP_ANON, -1, 0);
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]394 if (!shctx || shctx == MAP_FAILED) {
395 shctx = NULL;
Emeric Bruncaa19cc2014-05-07 16:10:18 +0200[diff] [blame]396 return SHCTX_E_ALLOC_CACHE;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]397 }
398
Emeric Brun9faf0712012-09-25 11:11:16 +0200[diff] [blame]399#ifndef USE_PRIVATE_CACHE
Emeric Bruncaa19cc2014-05-07 16:10:18 +0200[diff] [blame]400 if (maptype == MAP_SHARED) {
Emeric Bruncd1a5262014-05-07 23:11:42 +0200[diff] [blame]401#ifdef USE_PTHREAD_PSHARED
Emeric Bruncaa19cc2014-05-07 16:10:18 +0200[diff] [blame]402 if (pthread_mutexattr_init(&attr)) {
403 munmap(shctx, sizeof(struct shared_context)+(size*sizeof(struct shared_block)));
404 shctx = NULL;
405 return SHCTX_E_INIT_LOCK;
406 }
407
408 if (pthread_mutexattr_setpshared(&attr, PTHREAD_PROCESS_SHARED)) {
409 pthread_mutexattr_destroy(&attr);
410 munmap(shctx, sizeof(struct shared_context)+(size*sizeof(struct shared_block)));
411 shctx = NULL;
412 return SHCTX_E_INIT_LOCK;
413 }
414
415 if (pthread_mutex_init(&shctx->mutex, &attr)) {
416 pthread_mutexattr_destroy(&attr);
417 munmap(shctx, sizeof(struct shared_context)+(size*sizeof(struct shared_block)));
418 shctx = NULL;
419 return SHCTX_E_INIT_LOCK;
420 }
Emeric Bruncd1a5262014-05-07 23:11:42 +0200[diff] [blame]421#else
422 shctx->waiters = 0;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]423#endif
Emeric Brun4b3091e2012-09-24 15:48:52 +0200[diff] [blame]424 use_shared_mem = 1;
Emeric Bruncaa19cc2014-05-07 16:10:18 +0200[diff] [blame]425 }
Emeric Brun9faf0712012-09-25 11:11:16 +0200[diff] [blame]426#endif
Emeric Brun4b3091e2012-09-24 15:48:52 +0200[diff] [blame]427
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]428 memset(&shctx->active.data.session.key, 0, sizeof(struct ebmb_node));
429 memset(&shctx->free.data.session.key, 0, sizeof(struct ebmb_node));
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]430
431 /* No duplicate authorized in tree: */
Emeric Brunaf9619d2012-11-28 18:47:52 +0100[diff] [blame]432 shctx->active.data.session.key.node.branches = EB_ROOT_UNIQUE;
433
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]434 cur = &shctx->active;
435 cur->n = cur->p = cur;
436
437 cur = &shctx->free;
438 for (i = 0 ; i < size ; i++) {
439 prev = cur;
Vincent Bernat3c2f2f22016-04-03 13:48:42 +0200[diff] [blame]440 cur++;
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]441 prev->n = cur;
442 cur->p = prev;
443 }
444 cur->n = &shctx->free;
445 shctx->free.p = cur;
446
447 return size;
448}
449
450
451/* Set session cache mode to server and disable openssl internal cache.
452 * Set shared cache callbacks on an ssl context.
453 * Shared context MUST be firstly initialized */
454void shared_context_set_cache(SSL_CTX *ctx)
455{
Emeric Brun786991e2012-11-26 18:37:12 +0100[diff] [blame]456 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
457
Emeric Brun22890a12012-12-28 14:41:32 +0100[diff] [blame]458 if (!shctx) {
459 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]460 return;
Emeric Brun22890a12012-12-28 14:41:32 +0100[diff] [blame]461 }
462
463 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
464 SSL_SESS_CACHE_NO_INTERNAL |
465 SSL_SESS_CACHE_NO_AUTO_CLEAR);
Emeric Brun3e541d12012-09-03 11:14:36 +0200[diff] [blame]466
467 /* Set callbacks */
468 SSL_CTX_sess_set_new_cb(ctx, shctx_new_cb);
469 SSL_CTX_sess_set_get_cb(ctx, shctx_get_cb);
470 SSL_CTX_sess_set_remove_cb(ctx, shctx_remove_cb);
471}