feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5684 from SparkiDev/ssl_sess_version_check

Browse Source 
SSL session retrieval: check protocol version
This commit is contained in:
JacobBarthelmeh
2022-10-25 17:29:54 -06:00
committed by GitHub
parent 084fabc733 43809b5f97
commit 0f9279ce52
1 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/ssl.c
View File

@@ -13875,7 +13875,12 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
/* Attempt to retrieve the session from the external cache. */ /* Attempt to retrieve the session from the external cache. */
WOLFSSL_MSG("Calling external session cache"); WOLFSSL_MSG("Calling external session cache");
sess = ssl->ctx->get_sess_cb(ssl, (byte*)id, ID_LEN, &copy); sess = ssl->ctx->get_sess_cb(ssl, (byte*)id, ID_LEN, &copy);
if (sess != NULL) { if ((sess != NULL)
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
&& (IsAtLeastTLSv1_3(ssl->version) ==
IsAtLeastTLSv1_3(sess->version))
#endif
) {
WOLFSSL_MSG("Session found in external cache"); WOLFSSL_MSG("Session found in external cache");
error = wolfSSL_DupSession(sess, output, 0); error = wolfSSL_DupSession(sess, output, 0);
#ifdef HAVE_EX_DATA #ifdef HAVE_EX_DATA
@@ -13991,8 +13996,13 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
WOLFSSL_SESSION* current; WOLFSSL_SESSION* current;
current = &sessRow->Sessions[idx]; current = &sessRow->Sessions[idx];
if (XMEMCMP(current->sessionID, id, ID_LEN) == 0 && if (XMEMCMP(current->sessionID, id, ID_LEN) == 0
current->side == ssl->options.side) { && current->side == ssl->options.side
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
&& (IsAtLeastTLSv1_3(ssl->version) ==
IsAtLeastTLSv1_3(current->version))
#endif
) {
WOLFSSL_MSG("Found a session match"); WOLFSSL_MSG("Found a session match");
if (LowResTimer() < (current->bornOn + current->timeout)) { if (LowResTimer() < (current->bornOn + current->timeout)) {
WOLFSSL_MSG("Session valid"); WOLFSSL_MSG("Session valid");
@@ -31844,7 +31854,12 @@ static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx,
for (i = 0; i < SESSIONS_PER_ROW && i < sessRow->totalCount; i++) { for (i = 0; i < SESSIONS_PER_ROW && i < sessRow->totalCount; i++) {
if (XMEMCMP(id, sessRow->Sessions[i].sessionID, ID_LEN) == 0 if (XMEMCMP(id, sessRow->Sessions[i].sessionID, ID_LEN) == 0
&& session->side == sessRow->Sessions[i].side) { && session->side == sessRow->Sessions[i].side
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
&& (IsAtLeastTLSv1_3(session->version) ==
IsAtLeastTLSv1_3(sessRow->Sessions[i].version))
#endif
) {
if (get) { if (get) {
*getRet = wolfSSL_CRYPTO_get_ex_data( *getRet = wolfSSL_CRYPTO_get_ex_data(
&sessRow->Sessions[i].ex_data, idx); &sessRow->Sessions[i].ex_data, idx);