feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Remove redundant dynTicket pointer. Reorder struct for packing/alignment

Browse Source
This commit is contained in:
Nickolas Lapp
2016-03-25 13:31:55 -06:00
parent 0eb59d5c35
commit f27aca0956
3 changed files with 54 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
src/internal.c
View File

@ -2482,9 +2482,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
ssl->session.ticket = ssl->session.staticTicket; ssl->session.ticket = ssl->session.staticTicket;
ssl->session.isDynamic = 0;
ssl->session.dynTicket = NULL;
ssl->session.ticketLen = 0;
#endif #endif
return 0; return 0;
} }
@ -2656,11 +2653,11 @@ void SSL_ResourceFree(WOLFSSL* ssl)
FreeX509(&ssl->peerCert); FreeX509(&ssl->peerCert);
#endif #endif
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
if (ssl->session.dynTicket) { if (ssl->session.isDynamic) {
XFREE(ssl->session.dynTicket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
ssl->session.dynTicket = NULL;
ssl->session.isDynamic = 0;
ssl->session.ticket = ssl->session.staticTicket; ssl->session.ticket = ssl->session.staticTicket;
ssl->session.isDynamic = 0;
ssl->session.ticketLen = 0;
} }
#endif #endif
} }
@ -2800,6 +2797,15 @@ void FreeHandshakeResources(WOLFSSL* ssl)
#ifdef HAVE_QSH #ifdef HAVE_QSH
QSH_FreeAll(ssl); QSH_FreeAll(ssl);
#endif #endif
#ifdef HAVE_SESSION_TICKET
if (ssl->session.isDynamic) {
XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
ssl->session.ticket = ssl->session.staticTicket;
ssl->session.isDynamic = 0;
ssl->session.ticketLen = 0;
}
#endif
} }
@ -14300,35 +14306,26 @@ int DoSessionTicket(WOLFSSL* ssl,
ato16(input + *inOutIdx, &length); ato16(input + *inOutIdx, &length);
*inOutIdx += OPAQUE16_LEN; *inOutIdx += OPAQUE16_LEN;
if ((*inOutIdx - begin) + length > size)
return BUFFER_ERROR;
if (length > sizeof(ssl->session.staticTicket)) { if (length > sizeof(ssl->session.staticTicket)) {
/* Free old dynamic ticket if we already had one */ /* Free old dynamic ticket if we already had one */
if (ssl->session.dynTicket) { if (ssl->session.isDynamic)
XFREE(ssl->session.dynTicket, ssl->heap, XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
DYNAMIC_TYPE_SESSION_TICK); ssl->session.ticket =
} (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
if (ssl->session.ticket == NULL)
ssl->session.dynTicket =
(byte*)XMALLOC(length, ssl->heap,
DYNAMIC_TYPE_SESSION_TICK);
if (ssl->session.dynTicket == NULL)
return MEMORY_E; return MEMORY_E;
ssl->session.isDynamic = 1; ssl->session.isDynamic = 1;
ssl->session.ticket = ssl->session.dynTicket;
} else { } else {
if(ssl->session.dynTicket) { if(ssl->session.isDynamic) {
XFREE(ssl->session.dynTicket, ssl->heap, XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
DYNAMIC_TYPE_SESSION_TICK);
ssl->session.dynTicket = NULL;
} }
ssl->session.isDynamic = 0; ssl->session.isDynamic = 0;
ssl->session.ticket = ssl->session.staticTicket; ssl->session.ticket = ssl->session.staticTicket;
} }
if ((*inOutIdx - begin) + length > size)
return BUFFER_ERROR;
/* If the received ticket including its length is greater than /* If the received ticket including its length is greater than
* a length value, the save it. Otherwise, don't save it. */ * a length value, the save it. Otherwise, don't save it. */
if (length > 0) { if (length > 0) {

48
src/ssl.c
View File

@ -1262,22 +1262,32 @@ WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl,
WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz) WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz)
{ {
if (ssl == NULL || (buf == NULL && bufSz > 0) || bufSz > SESSION_TICKET_LEN) if (ssl == NULL || (buf == NULL && bufSz > 0))
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
ssl->session.ticket = ssl->session.staticTicket; /* Ticket will fit into static ticket */
ssl->session.ticketLen = (word16)bufSz; if(bufSz <= SESSION_TICKET_LEN) {
if (bufSz > 0) { if (ssl->session.isDynamic) {
XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
ssl->session.isDynamic = 0;
}
ssl->session.ticket = ssl->session.staticTicket;
ssl->session.ticketLen = (word16)bufSz;
XMEMCPY(ssl->session.ticket, buf, bufSz); XMEMCPY(ssl->session.ticket, buf, bufSz);
} else { /* Ticket requires dynamic ticket storage */
/*Not big enough space, need to alloc */
if (!(ssl->session.ticketLen >= bufSz)) {
if(ssl->session.isDynamic)
XFREE(ssl->session.ticket);
ssl->session.ticket = XMALLOC(bufSz, ssl->heap, DYNAMIC_TYPE_TICK);
if(!ssl->session.ticket)
return MEMORY_ERROR;
ssl->session.isDynamic = 1;
}
XMEMCPY(ssl->session.ticket, buf, bufSz);
ssl->session.ticketLen = bufSz;
} }
/* session ticket should only be size of static buffer. Delete dynamic buffer*/
if (ssl->session.dynTicket) {
XFREE(ssl->session.dynTicket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
ssl->session.dynTicket = NULL;
}
ssl->session.isDynamic = 0;
return SSL_SUCCESS; return SSL_SUCCESS;
} }
@ -7073,7 +7083,7 @@ int AddSession(WOLFSSL* ssl)
if (LockMutex(&session_mutex) != 0) { if (LockMutex(&session_mutex) != 0) {
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
#endif #endif
return BAD_MUTEX_E; return BAD_MUTEX_E;
} }
@ -7094,22 +7104,20 @@ int AddSession(WOLFSSL* ssl)
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
/* Cleanup cache row's old Dynamic buff if exists */ /* Cleanup cache row's old Dynamic buff if exists */
if(SessionCache[row].Sessions[idx].dynTicket) { if(SessionCache[row].Sessions[idx].isDynamic) {
XFREE(SessionCache[row].Sessions[idx].dynTicket, XFREE(SessionCache[row].Sessions[idx].ticket,
ssl->heap, DYNAMIC_TYPE_SESS_TICK); ssl->heap, DYNAMIC_TYPE_SESS_TICK);
SessionCache[row].Sessions[idx].ticket = NULL;
} }
/* If too large to store in static buffer, use dyn buffer */ /* If too large to store in static buffer, use dyn buffer */
if (ssl->session.ticketLen > SESSION_TICKET_LEN) { if (ssl->session.ticketLen > SESSION_TICKET_LEN) {
SessionCache[row].Sessions[idx].dynTicket = tmpBuff; SessionCache[row].Sessions[idx].ticket = tmpBuff;
SessionCache[row].Sessions[idx].isDynamic = 1; SessionCache[row].Sessions[idx].isDynamic = 1;
SessionCache[row].Sessions[idx].ticket =
SessionCache[row].Sessions[idx].dynTicket;
} else { } else {
SessionCache[row].Sessions[idx].dynTicket = NULL;
SessionCache[row].Sessions[idx].isDynamic = 0;
SessionCache[row].Sessions[idx].ticket = SessionCache[row].Sessions[idx].ticket =
SessionCache[row].Sessions[idx].staticTicket; SessionCache[row].Sessions[idx].staticTicket;
SessionCache[row].Sessions[idx].isDynamic = 0;
} }
SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen; SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen;

7
wolfssl/internal.h
View File

@ -2180,11 +2180,10 @@ struct WOLFSSL_SESSION {
byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
#endif #endif
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
word16 ticketLen;
byte* dynTicket;
byte isDynamic;
byte staticTicket[SESSION_TICKET_LEN];
byte* ticket; byte* ticket;
word16 ticketLen;
byte staticTicket[SESSION_TICKET_LEN];
byte isDynamic;
#endif #endif
#ifdef HAVE_STUNNEL #ifdef HAVE_STUNNEL
void* ex_data[MAX_EX_DATA]; void* ex_data[MAX_EX_DATA];