diff --git a/src/internal.c b/src/internal.c index 03b45ba66..ab2ec279e 100755 --- a/src/internal.c +++ b/src/internal.c @@ -2482,9 +2482,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) #ifdef HAVE_SESSION_TICKET ssl->session.ticket = ssl->session.staticTicket; - ssl->session.isDynamic = 0; - ssl->session.dynTicket = NULL; - ssl->session.ticketLen = 0; #endif return 0; } @@ -2656,11 +2653,11 @@ void SSL_ResourceFree(WOLFSSL* ssl) FreeX509(&ssl->peerCert); #endif #ifdef HAVE_SESSION_TICKET - if (ssl->session.dynTicket) { - XFREE(ssl->session.dynTicket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); - ssl->session.dynTicket = NULL; - ssl->session.isDynamic = 0; + if (ssl->session.isDynamic) { + XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); ssl->session.ticket = ssl->session.staticTicket; + ssl->session.isDynamic = 0; + ssl->session.ticketLen = 0; } #endif } @@ -2800,6 +2797,15 @@ void FreeHandshakeResources(WOLFSSL* ssl) #ifdef HAVE_QSH QSH_FreeAll(ssl); #endif +#ifdef HAVE_SESSION_TICKET + if (ssl->session.isDynamic) { + XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + ssl->session.ticket = ssl->session.staticTicket; + ssl->session.isDynamic = 0; + ssl->session.ticketLen = 0; + } +#endif + } @@ -14300,35 +14306,26 @@ int DoSessionTicket(WOLFSSL* ssl, ato16(input + *inOutIdx, &length); *inOutIdx += OPAQUE16_LEN; + if ((*inOutIdx - begin) + length > size) + return BUFFER_ERROR; + if (length > sizeof(ssl->session.staticTicket)) { /* Free old dynamic ticket if we already had one */ - if (ssl->session.dynTicket) { - XFREE(ssl->session.dynTicket, ssl->heap, - DYNAMIC_TYPE_SESSION_TICK); - } - - ssl->session.dynTicket = - (byte*)XMALLOC(length, ssl->heap, - DYNAMIC_TYPE_SESSION_TICK); - - if (ssl->session.dynTicket == NULL) + if (ssl->session.isDynamic) + XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + ssl->session.ticket = + (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + if (ssl->session.ticket == NULL) return MEMORY_E; - ssl->session.isDynamic = 1; - ssl->session.ticket = ssl->session.dynTicket; } else { - if(ssl->session.dynTicket) { - XFREE(ssl->session.dynTicket, ssl->heap, - DYNAMIC_TYPE_SESSION_TICK); - ssl->session.dynTicket = NULL; + if(ssl->session.isDynamic) { + XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); } ssl->session.isDynamic = 0; ssl->session.ticket = ssl->session.staticTicket; } - if ((*inOutIdx - begin) + length > size) - return BUFFER_ERROR; - /* If the received ticket including its length is greater than * a length value, the save it. Otherwise, don't save it. */ if (length > 0) { diff --git a/src/ssl.c b/src/ssl.c index 986dae3ab..d120f4bae 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1262,22 +1262,32 @@ WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl, WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz) { - if (ssl == NULL || (buf == NULL && bufSz > 0) || bufSz > SESSION_TICKET_LEN) + if (ssl == NULL || (buf == NULL && bufSz > 0)) return BAD_FUNC_ARG; - ssl->session.ticket = ssl->session.staticTicket; - ssl->session.ticketLen = (word16)bufSz; - if (bufSz > 0) { + /* Ticket will fit into static ticket */ + if(bufSz <= SESSION_TICKET_LEN) { + if (ssl->session.isDynamic) { + XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + ssl->session.isDynamic = 0; + } + + ssl->session.ticket = ssl->session.staticTicket; + ssl->session.ticketLen = (word16)bufSz; XMEMCPY(ssl->session.ticket, buf, bufSz); + } else { /* Ticket requires dynamic ticket storage */ + /*Not big enough space, need to alloc */ + if (!(ssl->session.ticketLen >= bufSz)) { + if(ssl->session.isDynamic) + XFREE(ssl->session.ticket); + ssl->session.ticket = XMALLOC(bufSz, ssl->heap, DYNAMIC_TYPE_TICK); + if(!ssl->session.ticket) + return MEMORY_ERROR; + ssl->session.isDynamic = 1; + } + XMEMCPY(ssl->session.ticket, buf, bufSz); + ssl->session.ticketLen = bufSz; } - - /* session ticket should only be size of static buffer. Delete dynamic buffer*/ - if (ssl->session.dynTicket) { - XFREE(ssl->session.dynTicket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); - ssl->session.dynTicket = NULL; - } - ssl->session.isDynamic = 0; - return SSL_SUCCESS; } @@ -7073,7 +7083,7 @@ int AddSession(WOLFSSL* ssl) if (LockMutex(&session_mutex) != 0) { #ifdef HAVE_SESSION_TICKET - XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); #endif return BAD_MUTEX_E; } @@ -7094,22 +7104,20 @@ int AddSession(WOLFSSL* ssl) #ifdef HAVE_SESSION_TICKET /* Cleanup cache row's old Dynamic buff if exists */ - if(SessionCache[row].Sessions[idx].dynTicket) { - XFREE(SessionCache[row].Sessions[idx].dynTicket, + if(SessionCache[row].Sessions[idx].isDynamic) { + XFREE(SessionCache[row].Sessions[idx].ticket, ssl->heap, DYNAMIC_TYPE_SESS_TICK); + SessionCache[row].Sessions[idx].ticket = NULL; } /* If too large to store in static buffer, use dyn buffer */ if (ssl->session.ticketLen > SESSION_TICKET_LEN) { - SessionCache[row].Sessions[idx].dynTicket = tmpBuff; + SessionCache[row].Sessions[idx].ticket = tmpBuff; SessionCache[row].Sessions[idx].isDynamic = 1; - SessionCache[row].Sessions[idx].ticket = - SessionCache[row].Sessions[idx].dynTicket; } else { - SessionCache[row].Sessions[idx].dynTicket = NULL; - SessionCache[row].Sessions[idx].isDynamic = 0; SessionCache[row].Sessions[idx].ticket = SessionCache[row].Sessions[idx].staticTicket; + SessionCache[row].Sessions[idx].isDynamic = 0; } SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 60651e19d..b7e66a86d 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2180,11 +2180,10 @@ struct WOLFSSL_SESSION { byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ #endif #ifdef HAVE_SESSION_TICKET - word16 ticketLen; - byte* dynTicket; - byte isDynamic; - byte staticTicket[SESSION_TICKET_LEN]; byte* ticket; + word16 ticketLen; + byte staticTicket[SESSION_TICKET_LEN]; + byte isDynamic; #endif #ifdef HAVE_STUNNEL void* ex_data[MAX_EX_DATA];