forked from wolfSSL/wolfssl
Merge pull request #6187 from SparkiDev/tls13_server_id
Server ID - long id, TLS 1.3 - cache client session for tickets
This commit is contained in:
JacobBarthelmeh
GitHub
17
src/ssl.c
17
src/ssl.c
@@ -11495,12 +11495,25 @@ int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session)
|
|||||||
int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
|
int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
|
||||||
{
|
{
|
||||||
WOLFSSL_SESSION* session = NULL;
|
WOLFSSL_SESSION* session = NULL;
|
||||||
|
byte idHash[SERVER_ID_LEN];
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_SetServerID");
|
WOLFSSL_ENTER("wolfSSL_SetServerID");
|
||||||
|
|
||||||
if (ssl == NULL || id == NULL || len <= 0)
|
if (ssl == NULL || id == NULL || len <= 0)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
if (len > SERVER_ID_LEN) {
|
||||||
|
#if defined(NO_SHA) && !defined(NO_SHA256)
|
||||||
|
if (wc_Sha256Hash(id, len, idHash) != 0)
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
#else
|
||||||
|
if (wc_ShaHash(id, len, idHash) != 0)
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
#endif
|
||||||
|
id = idHash;
|
||||||
|
len = SERVER_ID_LEN;
|
||||||
|
}
|
||||||
|
|
||||||
if (newSession == 0) {
|
if (newSession == 0) {
|
||||||
session = wolfSSL_GetSessionClient(ssl, id, len);
|
session = wolfSSL_GetSessionClient(ssl, id, len);
|
||||||
if (session) {
|
if (session) {
|
||||||
@@ -11517,8 +11530,8 @@ int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
|
|||||||
if (session == NULL) {
|
if (session == NULL) {
|
||||||
WOLFSSL_MSG("Valid ServerID not cached already");
|
WOLFSSL_MSG("Valid ServerID not cached already");
|
||||||
|
|
||||||
ssl->session->idLen = (word16)min(SERVER_ID_LEN, (word32)len);
|
ssl->session->idLen = (word16)len;
|
||||||
XMEMCPY(ssl->session->serverID, id, ssl->session->idLen);
|
XMEMCPY(ssl->session->serverID, id, len);
|
||||||
}
|
}
|
||||||
#ifdef HAVE_EXT_CACHE
|
#ifdef HAVE_EXT_CACHE
|
||||||
else {
|
else {
|
||||||
|
|||||||
12
src/tls13.c
12
src/tls13.c
@@ -10016,6 +10016,10 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input,
|
|||||||
#endif
|
#endif
|
||||||
const byte* nonce;
|
const byte* nonce;
|
||||||
byte nonceLength;
|
byte nonceLength;
|
||||||
|
#ifndef NO_SESSION_CACHE
|
||||||
|
const byte* id;
|
||||||
|
byte idSz;
|
||||||
|
#endif
|
||||||
|
|
||||||
WOLFSSL_START(WC_FUNC_NEW_SESSION_TICKET_DO);
|
WOLFSSL_START(WC_FUNC_NEW_SESSION_TICKET_DO);
|
||||||
WOLFSSL_ENTER("DoTls13NewSessionTicket");
|
WOLFSSL_ENTER("DoTls13NewSessionTicket");
|
||||||
@@ -10113,6 +10117,14 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input,
|
|||||||
|
|
||||||
#ifndef NO_SESSION_CACHE
|
#ifndef NO_SESSION_CACHE
|
||||||
AddSession(ssl);
|
AddSession(ssl);
|
||||||
|
id = ssl->session->sessionID;
|
||||||
|
idSz = ssl->session->sessionIDSz;
|
||||||
|
if (ssl->session->haveAltSessionID) {
|
||||||
|
id = ssl->session->altSessionID;
|
||||||
|
idSz = ID_LEN;
|
||||||
|
}
|
||||||
|
AddSessionToCache(ssl->ctx, ssl->session, id, idSz, NULL,
|
||||||
|
ssl->session->side, 1, &ssl->clientSession);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Always encrypted. */
|
/* Always encrypted. */
|
||||||
|
|||||||
12
tests/api.c
12
tests/api.c
@@ -42702,7 +42702,8 @@ static int clientSessRemCountFree = 0;
|
|||||||
static int serverSessRemCountFree = 0;
|
static int serverSessRemCountFree = 0;
|
||||||
static WOLFSSL_CTX* serverSessCtx = NULL;
|
static WOLFSSL_CTX* serverSessCtx = NULL;
|
||||||
static WOLFSSL_SESSION* serverSess = NULL;
|
static WOLFSSL_SESSION* serverSess = NULL;
|
||||||
#ifndef NO_SESSION_CACHE_REF
|
#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
|
||||||
|
!defined(NO_SESSION_CACHE_REF)
|
||||||
static WOLFSSL_CTX* clientSessCtx = NULL;
|
static WOLFSSL_CTX* clientSessCtx = NULL;
|
||||||
static WOLFSSL_SESSION* clientSess = NULL;
|
static WOLFSSL_SESSION* clientSess = NULL;
|
||||||
#endif
|
#endif
|
||||||
@@ -42744,7 +42745,8 @@ static void SessRemSslSetupCb(WOLFSSL* ssl)
|
|||||||
*mallocedData = SSL_is_server(ssl);
|
*mallocedData = SSL_is_server(ssl);
|
||||||
if (!*mallocedData) {
|
if (!*mallocedData) {
|
||||||
clientSessRemCountMalloc++;
|
clientSessRemCountMalloc++;
|
||||||
#ifndef NO_SESSION_CACHE_REF
|
#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
|
||||||
|
!defined(NO_SESSION_CACHE_REF)
|
||||||
AssertNotNull(clientSess = SSL_get1_session(ssl));
|
AssertNotNull(clientSess = SSL_get1_session(ssl));
|
||||||
AssertIntEQ(SSL_CTX_up_ref(clientSessCtx = SSL_get_SSL_CTX(ssl)),
|
AssertIntEQ(SSL_CTX_up_ref(clientSessCtx = SSL_get_SSL_CTX(ssl)),
|
||||||
SSL_SUCCESS);
|
SSL_SUCCESS);
|
||||||
@@ -42815,7 +42817,8 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void)
|
|||||||
/* Both should have been allocated */
|
/* Both should have been allocated */
|
||||||
AssertIntEQ(clientSessRemCountMalloc, 1);
|
AssertIntEQ(clientSessRemCountMalloc, 1);
|
||||||
AssertIntEQ(serverSessRemCountMalloc, 1);
|
AssertIntEQ(serverSessRemCountMalloc, 1);
|
||||||
#ifdef NO_SESSION_CACHE_REF
|
#if (!defined(WOLFSSL_TLS13) || !defined(HAVE_SESSION_TICKET)) && \
|
||||||
|
defined(NO_SESSION_CACHE_REF)
|
||||||
/* Client session should not be added to cache so this should be free'd when
|
/* Client session should not be added to cache so this should be free'd when
|
||||||
* the SSL object was being free'd */
|
* the SSL object was being free'd */
|
||||||
AssertIntEQ(clientSessRemCountFree, 1);
|
AssertIntEQ(clientSessRemCountFree, 1);
|
||||||
@@ -42848,7 +42851,8 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void)
|
|||||||
/* Need to free the references that we kept */
|
/* Need to free the references that we kept */
|
||||||
SSL_CTX_free(serverSessCtx);
|
SSL_CTX_free(serverSessCtx);
|
||||||
SSL_SESSION_free(serverSess);
|
SSL_SESSION_free(serverSess);
|
||||||
#ifndef NO_SESSION_CACHE_REF
|
#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
|
||||||
|
!defined(NO_SESSION_CACHE_REF)
|
||||||
SSL_CTX_free(clientSessCtx);
|
SSL_CTX_free(clientSessCtx);
|
||||||
SSL_SESSION_free(clientSess);
|
SSL_SESSION_free(clientSess);
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -1449,7 +1449,11 @@ enum Misc {
|
|||||||
COMP_LEN = 1, /* compression length */
|
COMP_LEN = 1, /* compression length */
|
||||||
CURVE_LEN = 2, /* ecc named curve length */
|
CURVE_LEN = 2, /* ecc named curve length */
|
||||||
KE_GROUP_LEN = 2, /* key exchange group length */
|
KE_GROUP_LEN = 2, /* key exchange group length */
|
||||||
SERVER_ID_LEN = 20, /* server session id length */
|
#if defined(NO_SHA) && !defined(NO_SHA256)
|
||||||
|
SERVER_ID_LEN = WC_SHA256_DIGEST_SIZE,
|
||||||
|
#else
|
||||||
|
SERVER_ID_LEN = WC_SHA_DIGEST_SIZE,
|
||||||
|
#endif
|
||||||
|
|
||||||
HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
|
HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
|
||||||
RECORD_HEADER_SZ = 5, /* type + version + len(2) */
|
RECORD_HEADER_SZ = 5, /* type + version + len(2) */
|
||||||
|
|||||||
Reference in New Issue
Block a user