feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

don't retrieve or cache null sessions

Browse Source
This commit is contained in:
toddouska
2012-05-17 10:55:42 -07:00
parent e5953ce6f6
commit 4b8ab62bd1
3 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cyassl/internal.h
View File

@ -986,6 +986,7 @@ typedef struct Options {
byte downgrade; /* allow downgrade of versions */ byte downgrade; /* allow downgrade of versions */
byte sendVerify; /* false = 0, true = 1, sendBlank = 2 */ byte sendVerify; /* false = 0, true = 1, sendBlank = 2 */
byte resuming; byte resuming;
byte haveSessionId; /* server may not send */
byte tls; /* using TLS ? */ byte tls; /* using TLS ? */
byte tls1_1; /* using TLSv1.1+ ? */ byte tls1_1; /* using TLSv1.1+ ? */
byte dtls; /* using datagrams ? */ byte dtls; /* using datagrams ? */

8
src/internal.c
View File

@ -858,6 +858,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ssl->options.sendVerify = ctx->sendVerify; ssl->options.sendVerify = ctx->sendVerify;
ssl->options.resuming = 0; ssl->options.resuming = 0;
ssl->options.haveSessionId = 0;
ssl->hmac = Hmac; /* default to SSLv3 */ ssl->hmac = Hmac; /* default to SSLv3 */
ssl->heap = ctx->heap; /* defaults to self */ ssl->heap = ctx->heap; /* defaults to self */
ssl->options.tls = 0; ssl->options.tls = 0;
@ -4169,7 +4170,6 @@ int SetCipherList(Suites* s, const char* list)
byte compression; byte compression;
ProtocolVersion pv; ProtocolVersion pv;
word32 i = *inOutIdx; word32 i = *inOutIdx;
int serverResumption = 0;
#ifdef CYASSL_CALLBACKS #ifdef CYASSL_CALLBACKS
if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo); if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
@ -4211,7 +4211,7 @@ int SetCipherList(Suites* s, const char* list)
if (b) { if (b) {
XMEMCPY(ssl->arrays.sessionID, input + i, b); XMEMCPY(ssl->arrays.sessionID, input + i, b);
i += b; i += b;
serverResumption = 1; ssl->options.haveSessionId = 1;
} }
ssl->options.cipherSuite0 = input[i++]; ssl->options.cipherSuite0 = input[i++];
ssl->options.cipherSuite = input[i++]; ssl->options.cipherSuite = input[i++];
@ -4227,7 +4227,7 @@ int SetCipherList(Suites* s, const char* list)
*inOutIdx = i; *inOutIdx = i;
if (ssl->options.resuming) { if (ssl->options.resuming) {
if (serverResumption && XMEMCMP(ssl->arrays.sessionID, if (ssl->options.haveSessionId && XMEMCMP(ssl->arrays.sessionID,
ssl->session.sessionID, ID_LEN) == 0) { ssl->session.sessionID, ID_LEN) == 0) {
if (SetCipherSpecs(ssl) == 0) { if (SetCipherSpecs(ssl) == 0) {
int ret; int ret;
@ -5571,6 +5571,7 @@ int SetCipherList(Suites* s, const char* list)
ssl->options.clientState = CLIENT_HELLO_COMPLETE; ssl->options.clientState = CLIENT_HELLO_COMPLETE;
*inOutIdx = idx; *inOutIdx = idx;
ssl->options.haveSessionId = 1;
/* DoClientHello uses same resume code */ /* DoClientHello uses same resume code */
while (ssl->options.resuming) { /* let's try */ while (ssl->options.resuming) { /* let's try */
int ret; int ret;
@ -5726,6 +5727,7 @@ int SetCipherList(Suites* s, const char* list)
if ( (i - begin) < helloSz) if ( (i - begin) < helloSz)
*inOutIdx = begin + helloSz; /* skip extensions */ *inOutIdx = begin + helloSz; /* skip extensions */
ssl->options.haveSessionId = 1;
/* ProcessOld uses same resume code */ /* ProcessOld uses same resume code */
while (ssl->options.resuming) { /* let's try */ while (ssl->options.resuming) { /* let's try */
int ret; int ret;

8
src/ssl.c
View File

@ -2572,7 +2572,10 @@ CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret)
int idx; int idx;
if (ssl->options.sessionCacheOff) if (ssl->options.sessionCacheOff)
return 0; return NULL;
if (ssl->options.haveSessionId == 0)
return NULL;
row = HashSession(id) % SESSION_ROWS; row = HashSession(id) % SESSION_ROWS;
@ -2635,6 +2638,9 @@ int AddSession(CYASSL* ssl)
if (ssl->options.sessionCacheOff) if (ssl->options.sessionCacheOff)
return 0; return 0;
if (ssl->options.haveSessionId == 0)
return 0;
row = HashSession(ssl->arrays.sessionID) % SESSION_ROWS; row = HashSession(ssl->arrays.sessionID) % SESSION_ROWS;
if (LockMutex(&session_mutex) != 0) if (LockMutex(&session_mutex) != 0)