forked from wolfSSL/wolfssl
Sniffer: Add multiple sessions by removing cached check
This commit is contained in:
Lealem Amedie
@ -449,6 +449,7 @@ SL_SE_KEY_TYPE_ECC_P521
|
|||||||
SL_SE_KEY_TYPE_ECC_X25519
|
SL_SE_KEY_TYPE_ECC_X25519
|
||||||
SL_SE_KEY_TYPE_ECC_X448
|
SL_SE_KEY_TYPE_ECC_X448
|
||||||
SL_SE_PRF_HMAC_SHA1
|
SL_SE_PRF_HMAC_SHA1
|
||||||
|
SNIFFER_SINGLE_SESSION_CACHE
|
||||||
SOFTDEVICE_PRESENT
|
SOFTDEVICE_PRESENT
|
||||||
SO_NOSIGPIPE
|
SO_NOSIGPIPE
|
||||||
SO_REUSEPORT
|
SO_REUSEPORT
|
||||||
|
|||||||
@ -27,6 +27,7 @@
|
|||||||
|
|
||||||
/* Build Options:
|
/* Build Options:
|
||||||
* WOLFSSL_SNIFFER_NO_RECOVERY: Do not track missed data count.
|
* WOLFSSL_SNIFFER_NO_RECOVERY: Do not track missed data count.
|
||||||
|
* SNIFFER_SINGLE_SESSION_CACHE: Do not cache more than one session.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
@ -446,7 +447,6 @@ typedef struct Flags {
|
|||||||
byte serverCipherOn; /* indicates whether cipher is active */
|
byte serverCipherOn; /* indicates whether cipher is active */
|
||||||
byte clientCipherOn; /* indicates whether cipher is active */
|
byte clientCipherOn; /* indicates whether cipher is active */
|
||||||
byte resuming; /* did this session come from resumption */
|
byte resuming; /* did this session come from resumption */
|
||||||
byte cached; /* have we cached this session yet */
|
|
||||||
byte clientHello; /* processed client hello yet, for SSLv2 */
|
byte clientHello; /* processed client hello yet, for SSLv2 */
|
||||||
byte finCount; /* get both FINs before removing */
|
byte finCount; /* get both FINs before removing */
|
||||||
byte fatalError; /* fatal error state */
|
byte fatalError; /* fatal error state */
|
||||||
@ -462,6 +462,9 @@ typedef struct Flags {
|
|||||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||||
byte wasPolled;
|
byte wasPolled;
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef SNIFFER_SINGLE_SESSION_CACHE
|
||||||
|
byte cached; /* have we cached this session yet */
|
||||||
|
#endif
|
||||||
} Flags;
|
} Flags;
|
||||||
|
|
||||||
|
|
||||||
@ -3466,6 +3469,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
|
|||||||
if (IsAtLeastTLSv1_3(ssl->version)) {
|
if (IsAtLeastTLSv1_3(ssl->version)) {
|
||||||
/* Note: Must use server session for sessions */
|
/* Note: Must use server session for sessions */
|
||||||
#ifdef HAVE_SESSION_TICKET
|
#ifdef HAVE_SESSION_TICKET
|
||||||
|
WOLFSSL_SESSION* sess;
|
||||||
if (SetTicket(session->sslServer, input, len) != 0) {
|
if (SetTicket(session->sslServer, input, len) != 0) {
|
||||||
SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
|
SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
|
||||||
return WOLFSSL_FATAL_ERROR;
|
return WOLFSSL_FATAL_ERROR;
|
||||||
@ -3474,10 +3478,11 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
|
|||||||
/* set haveSessionId to use the wolfSession cache */
|
/* set haveSessionId to use the wolfSession cache */
|
||||||
session->sslServer->options.haveSessionId = 1;
|
session->sslServer->options.haveSessionId = 1;
|
||||||
|
|
||||||
|
#ifdef SNIFFER_SINGLE_SESSION_CACHE
|
||||||
/* Use the wolf Session cache to retain resumption secret */
|
/* Use the wolf Session cache to retain resumption secret */
|
||||||
if (session->flags.cached == 0) {
|
if (session->flags.cached == 0) {
|
||||||
WOLFSSL_SESSION* sess = wolfSSL_GetSession(session->sslServer,
|
#endif /* SNIFFER_SINGLE_SESSION_CACHE */
|
||||||
NULL, 0);
|
sess = wolfSSL_GetSession(session->sslServer, NULL, 0);
|
||||||
if (sess == NULL) {
|
if (sess == NULL) {
|
||||||
SetupSession(session->sslServer);
|
SetupSession(session->sslServer);
|
||||||
AddSession(session->sslServer); /* don't re add */
|
AddSession(session->sslServer); /* don't re add */
|
||||||
@ -3485,8 +3490,10 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
|
|||||||
INC_STAT(SnifferStats.sslResumptionInserts);
|
INC_STAT(SnifferStats.sslResumptionInserts);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
#ifdef SNIFFER_SINGLE_SESSION_CACHE
|
||||||
session->flags.cached = 1;
|
session->flags.cached = 1;
|
||||||
}
|
}
|
||||||
|
#endif /* SNIFFER_SINGLE_SESSION_CACHE */
|
||||||
#endif /* HAVE_SESSION_TICKET */
|
#endif /* HAVE_SESSION_TICKET */
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -4405,7 +4412,11 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret == 0 && session->flags.cached == 0) {
|
if (ret == 0
|
||||||
|
#ifdef SNIFFER_SINGLE_SESSION_CACHE
|
||||||
|
&& session->flags.cached == 0
|
||||||
|
#endif
|
||||||
|
) {
|
||||||
if (session->sslServer->options.haveSessionId) {
|
if (session->sslServer->options.haveSessionId) {
|
||||||
#ifndef NO_SESSION_CACHE
|
#ifndef NO_SESSION_CACHE
|
||||||
WOLFSSL_SESSION* sess = wolfSSL_GetSession(session->sslServer, NULL, 0);
|
WOLFSSL_SESSION* sess = wolfSSL_GetSession(session->sslServer, NULL, 0);
|
||||||
@ -4416,7 +4427,9 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
|
|||||||
INC_STAT(SnifferStats.sslResumptionInserts);
|
INC_STAT(SnifferStats.sslResumptionInserts);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
session->flags.cached = 1;
|
#ifdef SNIFFER_SINGLE_SESSION_CACHE
|
||||||
|
session->flags.cached = 1;
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user