[vlc-commits] GnuTLS: remove server-side support for session resumption

Sat Jul 23 13:03:23 CEST 2011

vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sat Jul 23 13:04:23 2011 +0300| [48130cfa26d78048bdebf3eaccf67c46bd18661f] | committer: Rémi Denis-Courmont

GnuTLS: remove server-side support for session resumption

This was lame as we did not ever call db_check.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=48130cfa26d78048bdebf3eaccf67c46bd18661f
---

 modules/misc/gnutls.c |  162 -------------------------------------------------
 1 files changed, 0 insertions(+), 162 deletions(-)

diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index 1077f88..c185c7b 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -58,10 +58,6 @@
 #include <gnutls/x509.h>
 
 #include <vlc_gcrypt.h>
-
-#define CACHE_TIMEOUT     3600
-#define CACHE_SIZE          64
-
 #include "dhparams.h"
 
 #include <assert.h>
@@ -93,16 +89,6 @@ static const char *const priorities_text[] = {
     N_("Export (include insecure ciphers)"),
 };
 
-#define CACHE_TIMEOUT_TEXT N_("Expiration time for resumed TLS sessions")
-#define CACHE_TIMEOUT_LONGTEXT N_( \
-    "It is possible to cache the resumed TLS sessions. This is the expiration "\
-    "time of the sessions stored in this cache, in seconds." )
-
-#define CACHE_SIZE_TEXT N_("Number of resumed TLS sessions")
-#define CACHE_SIZE_LONGTEXT N_( \
-    "This is the maximum number of resumed TLS sessions that " \
-    "the cache will hold." )
-
 vlc_module_begin ()
     set_shortname( "GNU TLS" )
     set_description( N_("GNU TLS transport layer security") )
@@ -121,10 +107,6 @@ vlc_module_begin ()
         add_string ("gnutls-priorities", "NORMAL", PRIORITIES_TEXT,
                     PRIORITIES_LONGTEXT, false)
             change_string_list (priorities_values, priorities_text, NULL)
-        add_integer( "gnutls-cache-timeout", CACHE_TIMEOUT,
-                    CACHE_TIMEOUT_TEXT, CACHE_TIMEOUT_LONGTEXT, true )
-        add_integer( "gnutls-cache-size", CACHE_SIZE, CACHE_SIZE_TEXT,
-                    CACHE_SIZE_LONGTEXT, true )
 vlc_module_end ()
 
 static vlc_mutex_t gnutls_mutex = VLC_STATIC_MUTEX;
@@ -744,127 +726,11 @@ struct tls_server_sys_t
 {
     gnutls_certificate_credentials_t x509_cred;
     gnutls_dh_params_t               dh_params;
-
-    struct saved_session_t          *p_cache;
-    struct saved_session_t          *p_store;
-    int                              i_cache_size;
-    vlc_mutex_t                      cache_lock;
-
     int                            (*pf_handshake) (tls_session_t *);
 };
 
 
 /**
- * TLS session resumption callbacks (server-side)
- */
-#define MAX_SESSION_ID    32
-#define MAX_SESSION_DATA  1024
-
-typedef struct saved_session_t
-{
-    char id[MAX_SESSION_ID];
-    char data[MAX_SESSION_DATA];
-
-    unsigned i_idlen;
-    unsigned i_datalen;
-} saved_session_t;
-
-
-static int cb_store( void *p_server, gnutls_datum key, gnutls_datum data )
-{
-    tls_server_sys_t *p_sys = ((tls_server_t *)p_server)->p_sys;
-
-    if( ( p_sys->i_cache_size == 0 )
-     || ( key.size > MAX_SESSION_ID )
-     || ( data.size > MAX_SESSION_DATA ) )
-        return -1;
-
-    vlc_mutex_lock( &p_sys->cache_lock );
-
-    memcpy( p_sys->p_store->id, key.data, key.size);
-    memcpy( p_sys->p_store->data, data.data, data.size );
-    p_sys->p_store->i_idlen = key.size;
-    p_sys->p_store->i_datalen = data.size;
-
-    p_sys->p_store++;
-    if( ( p_sys->p_store - p_sys->p_cache ) == p_sys->i_cache_size )
-        p_sys->p_store = p_sys->p_cache;
-
-    vlc_mutex_unlock( &p_sys->cache_lock );
-
-    return 0;
-}
-
-
-static gnutls_datum cb_fetch( void *p_server, gnutls_datum key )
-{
-    static const gnutls_datum_t err_datum = { NULL, 0 };
-    tls_server_sys_t *p_sys = ((tls_server_t *)p_server)->p_sys;
-    saved_session_t *p_session, *p_end;
-
-    p_session = p_sys->p_cache;
-    p_end = p_session + p_sys->i_cache_size;
-
-    vlc_mutex_lock( &p_sys->cache_lock );
-
-    while( p_session < p_end )
-    {
-        if( ( p_session->i_idlen == key.size )
-         && !memcmp( p_session->id, key.data, key.size ) )
-        {
-            gnutls_datum_t data;
-
-            data.size = p_session->i_datalen;
-
-            data.data = gnutls_malloc( data.size );
-            if( data.data == NULL )
-            {
-                vlc_mutex_unlock( &p_sys->cache_lock );
-                return err_datum;
-            }
-
-            memcpy( data.data, p_session->data, data.size );
-            vlc_mutex_unlock( &p_sys->cache_lock );
-            return data;
-        }
-        p_session++;
-    }
-
-    vlc_mutex_unlock( &p_sys->cache_lock );
-
-    return err_datum;
-}
-
-
-static int cb_delete( void *p_server, gnutls_datum key )
-{
-    tls_server_sys_t *p_sys = ((tls_server_t *)p_server)->p_sys;
-    saved_session_t *p_session, *p_end;
-
-    p_session = p_sys->p_cache;
-    p_end = p_session + p_sys->i_cache_size;
-
-    vlc_mutex_lock( &p_sys->cache_lock );
-
-    while( p_session < p_end )
-    {
-        if( ( p_session->i_idlen == key.size )
-         && !memcmp( p_session->id, key.data, key.size ) )
-        {
-            p_session->i_datalen = p_session->i_idlen = 0;
-            vlc_mutex_unlock( &p_sys->cache_lock );
-            return 0;
-        }
-        p_session++;
-    }
-
-    vlc_mutex_unlock( &p_sys->cache_lock );
-
-    return -1;
-}
-
-
-/**
  * Terminates TLS session and releases session data.
  * You still have to close the socket yourself.
  */
@@ -945,15 +811,6 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server )
     if (p_session->pf_handshake == gnutls_HandshakeAndValidate)
         gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
 
-    /* Session resumption support */
-    i_val = var_InheritInteger (p_server, "gnutls-cache-timeout");
-    if (i_val >= 0)
-        gnutls_db_set_cache_expiration (session, i_val);
-    gnutls_db_set_retrieve_function( session, cb_fetch );
-    gnutls_db_set_remove_function( session, cb_delete );
-    gnutls_db_set_store_function( session, cb_store );
-    gnutls_db_set_ptr( session, p_server );
-
     return p_session;
 
 error:
@@ -1046,18 +903,6 @@ static int OpenServer (vlc_object_t *obj)
     if( p_sys == NULL )
         return VLC_ENOMEM;
 
-    p_sys->i_cache_size = var_InheritInteger (obj, "gnutls-cache-size");
-    if (p_sys->i_cache_size == -1) /* Duh, config subsystem exploded?! */
-        p_sys->i_cache_size = 0;
-    p_sys->p_cache = calloc (p_sys->i_cache_size,
-                             sizeof (struct saved_session_t));
-    if (p_sys->p_cache == NULL)
-    {
-        free (p_sys);
-        return VLC_ENOMEM;
-    }
-
-    p_sys->p_store = p_sys->p_cache;
     p_server->p_sys = p_sys;
     p_server->pf_add_CA  = gnutls_ServerAddCA;
     p_server->pf_add_CRL = gnutls_ServerAddCRL;
@@ -1067,8 +912,6 @@ static int OpenServer (vlc_object_t *obj)
     /* No certificate validation by default */
     p_sys->pf_handshake  = gnutls_ContinueHandshake;
 
-    vlc_mutex_init( &p_sys->cache_lock );
-
     /* Sets server's credentials */
     val = gnutls_certificate_allocate_credentials( &p_sys->x509_cred );
     if( val != 0 )
@@ -1124,8 +967,6 @@ static int OpenServer (vlc_object_t *obj)
     return VLC_SUCCESS;
 
 error:
-    vlc_mutex_destroy (&p_sys->cache_lock);
-    free (p_sys->p_cache);
     free (p_sys);
     return VLC_EGENERIC;
 }
@@ -1137,9 +978,6 @@ static void CloseServer (vlc_object_t *p_server)
 {
     tls_server_sys_t *p_sys = ((tls_server_t *)p_server)->p_sys;
 
-    vlc_mutex_destroy (&p_sys->cache_lock);
-    free (p_sys->p_cache);
-
     /* all sessions depending on the server are now deinitialized */
     gnutls_certificate_free_credentials (p_sys->x509_cred);
     gnutls_dh_params_deinit (p_sys->dh_params);

