From fa9b10050bf36f32aa73d660ae22c1f0714526ff Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 3 Jul 2013 15:31:03 +0200 Subject: [PATCH] Also compiles / runs without time-based functions in OS Can now run without need of time() / localtime() and gettimeofday() --- ChangeLog | 1 + include/polarssl/config.h | 9 +++++++ include/polarssl/ssl.h | 8 +++++-- include/polarssl/ssl_cache.h | 4 ++++ library/asn1parse.c | 1 - library/havege.c | 1 - library/net.c | 9 ++++++- library/ssl_cache.c | 43 +++++++++++++++++++++++++++++++++- library/ssl_cli.c | 33 ++++++++++++++++++++------ library/ssl_srv.c | 12 ++++++++++ library/ssl_tls.c | 1 - library/x509parse.c | 8 +++++++ programs/ssl/ssl_fork_server.c | 5 ++-- 13 files changed, 119 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index beff0b6fb..0ee0ceebe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ Features * PSK and DHE-PSK based ciphersuites added * Memory allocation abstraction layer added * Buffer-based memory allocator added (no malloc() / free() / HEAP usage) + * Also compiles / runs without time-based functions (!POLARSSL_HAVE_TIME) Changes * Introduced separate SSL Ciphersuites module that is based on diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 84f4fe12b..5742fe59b 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -94,6 +94,15 @@ * #define POLARSSL_HAVE_SSE2 */ + +/** + * \def POLARSSL_HAVE_TIME + * + * System has time.h and time() / localtime() / gettimeofday() + * + * Comment if your system does not support time functions + */ +#define POLARSSL_HAVE_TIME /* \} name */ /** diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 4bc0fad8e..eca6879e3 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -27,8 +27,6 @@ #ifndef POLARSSL_SSL_H #define POLARSSL_SSL_H -#include - #include "config.h" #include "net.h" #include "bignum.h" @@ -60,6 +58,10 @@ #include "zlib.h" #endif +#if defined(POLARSSL_HAVE_TIME) +#include +#endif + #if defined(_MSC_VER) && !defined(inline) #define inline _inline #else @@ -306,7 +308,9 @@ typedef struct _ssl_handshake_params ssl_handshake_params; */ struct _ssl_session { +#if defined(POLARSSL_HAVE_TIME) time_t start; /*!< starting time */ +#endif int ciphersuite; /*!< chosen ciphersuite */ int compression; /*!< chosen compression */ size_t length; /*!< session id length */ diff --git a/include/polarssl/ssl_cache.h b/include/polarssl/ssl_cache.h index c47330d95..979dc14f7 100644 --- a/include/polarssl/ssl_cache.h +++ b/include/polarssl/ssl_cache.h @@ -46,7 +46,9 @@ typedef struct _ssl_cache_entry ssl_cache_entry; */ struct _ssl_cache_entry { +#if defined(POLARSSL_HAVE_TIME) time_t timestamp; /*!< entry timestamp */ +#endif ssl_session session; /*!< entry session */ #if defined(POLARSSL_X509_PARSE_C) x509_buf peer_cert; /*!< entry peer_cert */ @@ -87,6 +89,7 @@ int ssl_cache_get( void *data, ssl_session *session ); */ int ssl_cache_set( void *data, const ssl_session *session ); +#if defined(POLARSSL_HAVE_TIME) /** * \brief Set the cache timeout * (Default: SSL_CACHE_DEFAULT_TIMEOUT (1 day)) @@ -97,6 +100,7 @@ int ssl_cache_set( void *data, const ssl_session *session ); * \param timeout cache entry timeout */ void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout ); +#endif /* POLARSSL_HAVE_TIME */ /** * \brief Set the cache timeout diff --git a/library/asn1parse.c b/library/asn1parse.c index d0a22343e..5b86aa60e 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -42,7 +42,6 @@ #include #include -#include /* * ASN.1 DER decoding routines diff --git a/library/havege.c b/library/havege.c index ff302c577..4d6f418ec 100644 --- a/library/havege.c +++ b/library/havege.c @@ -38,7 +38,6 @@ #include "polarssl/timing.h" #include -#include /* ------------------------------------------------------------------------ * On average, one iteration accesses two 8-word blocks in the havege WALK diff --git a/library/net.c b/library/net.c index 7a1818df0..da7214de3 100644 --- a/library/net.c +++ b/library/net.c @@ -1,7 +1,7 @@ /* * TCP networking functions * - * Copyright (C) 2006-2010, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker @@ -52,7 +52,9 @@ static int wsa_init_done = 0; #include #include #include +#if defined(POLARSSL_HAVE_TIME) #include +#endif #include #include #include @@ -74,7 +76,10 @@ static int wsa_init_done = 0; #include #include + +#if defined(POLARSSL_HAVE_TIME) #include +#endif #ifdef _MSC_VER #include @@ -293,6 +298,7 @@ int net_set_nonblock( int fd ) #endif } +#if defined(POLARSSL_HAVE_TIME) /* * Portable usleep helper */ @@ -303,6 +309,7 @@ void net_usleep( unsigned long usec ) tv.tv_usec = usec; select( 0, NULL, NULL, NULL, &tv ); } +#endif /* POLARSSL_HAVE_TIME */ /* * Read at most 'len' characters diff --git a/library/ssl_cache.c b/library/ssl_cache.c index bc4326a8c..f5d3e48cc 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -52,7 +52,9 @@ void ssl_cache_init( ssl_cache_context *cache ) int ssl_cache_get( void *data, ssl_session *session ) { +#if defined(POLARSSL_HAVE_TIME) time_t t = time( NULL ); +#endif ssl_cache_context *cache = (ssl_cache_context *) data; ssl_cache_entry *cur, *entry; @@ -64,9 +66,11 @@ int ssl_cache_get( void *data, ssl_session *session ) entry = cur; cur = cur->next; +#if defined(POLARSSL_HAVE_TIME) if( cache->timeout != 0 && (int) ( t - entry->timestamp ) > cache->timeout ) continue; +#endif if( session->ciphersuite != entry->session.ciphersuite || session->compression != entry->session.compression || @@ -108,9 +112,12 @@ int ssl_cache_get( void *data, ssl_session *session ) int ssl_cache_set( void *data, const ssl_session *session ) { +#if defined(POLARSSL_HAVE_TIME) time_t t = time( NULL ), oldest = 0; + ssl_cache_entry *old = NULL; +#endif ssl_cache_context *cache = (ssl_cache_context *) data; - ssl_cache_entry *cur, *prv, *old = NULL; + ssl_cache_entry *cur, *prv; int count = 0; cur = cache->chain; @@ -120,21 +127,25 @@ int ssl_cache_set( void *data, const ssl_session *session ) { count++; +#if defined(POLARSSL_HAVE_TIME) if( cache->timeout != 0 && (int) ( t - cur->timestamp ) > cache->timeout ) { cur->timestamp = t; break; /* expired, reuse this slot, update timestamp */ } +#endif if( memcmp( session->id, cur->session.id, cur->session.length ) == 0 ) break; /* client reconnected, keep timestamp for session id */ +#if defined(POLARSSL_HAVE_TIME) if( oldest == 0 || cur->timestamp < oldest ) { oldest = cur->timestamp; old = cur; } +#endif prv = cur; cur = cur->next; @@ -142,6 +153,7 @@ int ssl_cache_set( void *data, const ssl_session *session ) if( cur == NULL ) { +#if defined(POLARSSL_HAVE_TIME) /* * Reuse oldest entry if max_entries reached */ @@ -157,6 +169,31 @@ int ssl_cache_set( void *data, const ssl_session *session ) } #endif /* POLARSSL_X509_PARSE_C */ } +#else /* POLARSSL_HAVE_TIME */ + /* + * Reuse first entry in chain if max_entries reached, + * but move to last place + */ + if( count >= cache->max_entries ) + { + if( cache->chain == NULL ) + return( 1 ); + + cur = cache->chain; + cache->chain = cur->next; + +#if defined(POLARSSL_X509_PARSE_C) + if( cur->peer_cert.p != NULL ) + { + polarssl_free( cur->peer_cert.p ); + memset( &cur->peer_cert, 0, sizeof(x509_buf) ); + } +#endif /* POLARSSL_X509_PARSE_C */ + + memset( cur, 0, sizeof(ssl_cache_entry) ); + prv->next = cur; + } +#endif /* POLARSSL_HAVE_TIME */ else { cur = (ssl_cache_entry *) polarssl_malloc( sizeof(ssl_cache_entry) ); @@ -171,7 +208,9 @@ int ssl_cache_set( void *data, const ssl_session *session ) prv->next = cur; } +#if defined(POLARSSL_HAVE_TIME) cur->timestamp = t; +#endif } memcpy( &cur->session, session, sizeof( ssl_session ) ); @@ -197,12 +236,14 @@ int ssl_cache_set( void *data, const ssl_session *session ) return( 0 ); } +#if defined(POLARSSL_HAVE_TIME) void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout ) { if( timeout < 0 ) timeout = 0; cache->timeout = timeout; } +#endif /* POLARSSL_HAVE_TIME */ void ssl_cache_set_max_entries( ssl_cache_context *cache, int max ) { diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 93d81a6c3..6496b84b7 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -32,7 +32,17 @@ #include #include + +#ifdef _MSC_VER +#include +typedef UINT32 uint32_t; +#else +#include +#endif + +#if defined(POLARSSL_HAVE_TIME) #include +#endif static void ssl_write_hostname_ext( ssl_context *ssl, unsigned char *buf, @@ -265,7 +275,9 @@ static int ssl_write_client_hello( ssl_context *ssl ) size_t i, n, olen, ext_len = 0; unsigned char *buf; unsigned char *p, *q; +#if defined(POLARSSL_HAVE_TIME) time_t t; +#endif const int *ciphersuites; const ssl_ciphersuite_t *ciphersuite_info; @@ -299,6 +311,7 @@ static int ssl_write_client_hello( ssl_context *ssl ) SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]", buf[4], buf[5] ) ); +#if defined(POLARSSL_HAVE_TIME) t = time( NULL ); *p++ = (unsigned char)( t >> 24 ); *p++ = (unsigned char)( t >> 16 ); @@ -306,6 +319,12 @@ static int ssl_write_client_hello( ssl_context *ssl ) *p++ = (unsigned char)( t ); SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) ); +#else + if( ( ret = ssl->f_rng( ssl->p_rng, p, 4 ) ) != 0 ) + return( ret ); + + p += 4; +#endif if( ( ret = ssl->f_rng( ssl->p_rng, p, 28 ) ) != 0 ) return( ret ); @@ -483,9 +502,7 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl, static int ssl_parse_server_hello( ssl_context *ssl ) { -#if defined(POLARSSL_DEBUG_C) - time_t t; -#endif + uint32_t t; int ret, i, comp; size_t n; size_t ext_len = 0; @@ -548,10 +565,10 @@ static int ssl_parse_server_hello( ssl_context *ssl ) } #if defined(POLARSSL_DEBUG_C) - t = ( (time_t) buf[6] << 24 ) - | ( (time_t) buf[7] << 16 ) - | ( (time_t) buf[8] << 8 ) - | ( (time_t) buf[9] ); + t = ( (uint32_t) buf[6] << 24 ) + | ( (uint32_t) buf[7] << 16 ) + | ( (uint32_t) buf[8] << 8 ) + | ( (uint32_t) buf[9] ); #endif memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 ); @@ -619,7 +636,9 @@ static int ssl_parse_server_hello( ssl_context *ssl ) { ssl->state++; ssl->handshake->resume = 0; +#if defined(POLARSSL_HAVE_TIME) ssl->session_negotiate->start = time( NULL ); +#endif ssl->session_negotiate->ciphersuite = i; ssl->session_negotiate->compression = comp; ssl->session_negotiate->length = n; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 2bf372526..451d44569 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -35,7 +35,10 @@ #include #include + +#if defined(POLARSSL_HAVE_TIME) #include +#endif static int ssl_parse_servername_ext( ssl_context *ssl, const unsigned char *buf, @@ -933,7 +936,9 @@ have_ciphersuite: static int ssl_write_server_hello( ssl_context *ssl ) { +#if defined(POLARSSL_HAVE_TIME) time_t t; +#endif int ret, n; size_t ext_len = 0; unsigned char *buf, *p; @@ -956,6 +961,7 @@ static int ssl_write_server_hello( ssl_context *ssl ) SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]", buf[4], buf[5] ) ); +#if defined(POLARSSL_HAVE_TIME) t = time( NULL ); *p++ = (unsigned char)( t >> 24 ); *p++ = (unsigned char)( t >> 16 ); @@ -963,6 +969,12 @@ static int ssl_write_server_hello( ssl_context *ssl ) *p++ = (unsigned char)( t ); SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); +#else + if( ( ret = ssl->f_rng( ssl->p_rng, p, 4 ) ) != 0 ) + return( ret ); + + p += 4; +#endif if( ( ret = ssl->f_rng( ssl->p_rng, p, 28 ) ) != 0 ) return( ret ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3ac60f570..cea90eb77 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -54,7 +54,6 @@ #endif #include -#include #if defined _MSC_VER && !defined strcasecmp #define strcasecmp _stricmp diff --git a/library/x509parse.c b/library/x509parse.c index b27faf9a4..ea3a24abc 100644 --- a/library/x509parse.c +++ b/library/x509parse.c @@ -2875,6 +2875,7 @@ int x509parse_crl_info( char *buf, size_t size, const char *prefix, /* * Return 0 if the x509_time is still valid, or 1 otherwise. */ +#if defined(POLARSSL_HAVE_TIME) int x509parse_time_expired( const x509_time *to ) { int year, mon, day; @@ -2941,6 +2942,13 @@ int x509parse_time_expired( const x509_time *to ) return( 0 ); } +#else /* POLARSSL_HAVE_TIME */ +int x509parse_time_expired( const x509_time *to ) +{ + ((void) to); + return( 0 ); +} +#endif /* POLARSSL_HAVE_TIME */ /* * Return 1 if the certificate is revoked, or 0 otherwise. diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 03112adcd..e021ebbd6 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -56,7 +56,7 @@ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \ !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \ - !defined(POLARSSL_X509_PARSE_C) + !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_TIMING_C) int main( int argc, char *argv[] ) { ((void) argc); @@ -65,7 +65,8 @@ int main( int argc, char *argv[] ) printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C " "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C not defined.\n"); + "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C and/or " + "POLARSSL_TIMING_C not defined.\n"); return( 0 ); } #elif defined(_WIN32)