forked from wolfSSL/wolfssl
Merge pull request #6187 from SparkiDev/tls13_server_id
Server ID - long id, TLS 1.3 - cache client session for tickets
This commit is contained in:
JacobBarthelmeh
GitHub
17
src/ssl.c
17
src/ssl.c
@@ -11495,12 +11495,25 @@ int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session)
|
||||
int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
|
||||
{
|
||||
WOLFSSL_SESSION* session = NULL;
|
||||
byte idHash[SERVER_ID_LEN];
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_SetServerID");
|
||||
|
||||
if (ssl == NULL || id == NULL || len <= 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (len > SERVER_ID_LEN) {
|
||||
#if defined(NO_SHA) && !defined(NO_SHA256)
|
||||
if (wc_Sha256Hash(id, len, idHash) != 0)
|
||||
return WOLFSSL_FAILURE;
|
||||
#else
|
||||
if (wc_ShaHash(id, len, idHash) != 0)
|
||||
return WOLFSSL_FAILURE;
|
||||
#endif
|
||||
id = idHash;
|
||||
len = SERVER_ID_LEN;
|
||||
}
|
||||
|
||||
if (newSession == 0) {
|
||||
session = wolfSSL_GetSessionClient(ssl, id, len);
|
||||
if (session) {
|
||||
@@ -11517,8 +11530,8 @@ int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
|
||||
if (session == NULL) {
|
||||
WOLFSSL_MSG("Valid ServerID not cached already");
|
||||
|
||||
ssl->session->idLen = (word16)min(SERVER_ID_LEN, (word32)len);
|
||||
XMEMCPY(ssl->session->serverID, id, ssl->session->idLen);
|
||||
ssl->session->idLen = (word16)len;
|
||||
XMEMCPY(ssl->session->serverID, id, len);
|
||||
}
|
||||
#ifdef HAVE_EXT_CACHE
|
||||
else {
|
||||
|
||||
12
src/tls13.c
12
src/tls13.c
@@ -10016,6 +10016,10 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input,
|
||||
#endif
|
||||
const byte* nonce;
|
||||
byte nonceLength;
|
||||
#ifndef NO_SESSION_CACHE
|
||||
const byte* id;
|
||||
byte idSz;
|
||||
#endif
|
||||
|
||||
WOLFSSL_START(WC_FUNC_NEW_SESSION_TICKET_DO);
|
||||
WOLFSSL_ENTER("DoTls13NewSessionTicket");
|
||||
@@ -10113,6 +10117,14 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input,
|
||||
|
||||
#ifndef NO_SESSION_CACHE
|
||||
AddSession(ssl);
|
||||
id = ssl->session->sessionID;
|
||||
idSz = ssl->session->sessionIDSz;
|
||||
if (ssl->session->haveAltSessionID) {
|
||||
id = ssl->session->altSessionID;
|
||||
idSz = ID_LEN;
|
||||
}
|
||||
AddSessionToCache(ssl->ctx, ssl->session, id, idSz, NULL,
|
||||
ssl->session->side, 1, &ssl->clientSession);
|
||||
#endif
|
||||
|
||||
/* Always encrypted. */
|
||||
|
||||
12
tests/api.c
12
tests/api.c
@@ -42702,7 +42702,8 @@ static int clientSessRemCountFree = 0;
|
||||
static int serverSessRemCountFree = 0;
|
||||
static WOLFSSL_CTX* serverSessCtx = NULL;
|
||||
static WOLFSSL_SESSION* serverSess = NULL;
|
||||
#ifndef NO_SESSION_CACHE_REF
|
||||
#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
|
||||
!defined(NO_SESSION_CACHE_REF)
|
||||
static WOLFSSL_CTX* clientSessCtx = NULL;
|
||||
static WOLFSSL_SESSION* clientSess = NULL;
|
||||
#endif
|
||||
@@ -42744,7 +42745,8 @@ static void SessRemSslSetupCb(WOLFSSL* ssl)
|
||||
*mallocedData = SSL_is_server(ssl);
|
||||
if (!*mallocedData) {
|
||||
clientSessRemCountMalloc++;
|
||||
#ifndef NO_SESSION_CACHE_REF
|
||||
#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
|
||||
!defined(NO_SESSION_CACHE_REF)
|
||||
AssertNotNull(clientSess = SSL_get1_session(ssl));
|
||||
AssertIntEQ(SSL_CTX_up_ref(clientSessCtx = SSL_get_SSL_CTX(ssl)),
|
||||
SSL_SUCCESS);
|
||||
@@ -42815,7 +42817,8 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void)
|
||||
/* Both should have been allocated */
|
||||
AssertIntEQ(clientSessRemCountMalloc, 1);
|
||||
AssertIntEQ(serverSessRemCountMalloc, 1);
|
||||
#ifdef NO_SESSION_CACHE_REF
|
||||
#if (!defined(WOLFSSL_TLS13) || !defined(HAVE_SESSION_TICKET)) && \
|
||||
defined(NO_SESSION_CACHE_REF)
|
||||
/* Client session should not be added to cache so this should be free'd when
|
||||
* the SSL object was being free'd */
|
||||
AssertIntEQ(clientSessRemCountFree, 1);
|
||||
@@ -42848,7 +42851,8 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void)
|
||||
/* Need to free the references that we kept */
|
||||
SSL_CTX_free(serverSessCtx);
|
||||
SSL_SESSION_free(serverSess);
|
||||
#ifndef NO_SESSION_CACHE_REF
|
||||
#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
|
||||
!defined(NO_SESSION_CACHE_REF)
|
||||
SSL_CTX_free(clientSessCtx);
|
||||
SSL_SESSION_free(clientSess);
|
||||
#endif
|
||||
|
||||
@@ -1449,7 +1449,11 @@ enum Misc {
|
||||
COMP_LEN = 1, /* compression length */
|
||||
CURVE_LEN = 2, /* ecc named curve length */
|
||||
KE_GROUP_LEN = 2, /* key exchange group length */
|
||||
SERVER_ID_LEN = 20, /* server session id length */
|
||||
#if defined(NO_SHA) && !defined(NO_SHA256)
|
||||
SERVER_ID_LEN = WC_SHA256_DIGEST_SIZE,
|
||||
#else
|
||||
SERVER_ID_LEN = WC_SHA_DIGEST_SIZE,
|
||||
#endif
|
||||
|
||||
HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
|
||||
RECORD_HEADER_SZ = 5, /* type + version + len(2) */
|
||||
|
||||
Reference in New Issue
Block a user