wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/NickolasLapp/wolfssl into dyntickets

Browse Source
This commit is contained in:
toddouska
2016-05-13 09:07:55 -07:00
parent 67ab30088b ecba5161ac
commit 1ea01a7ad8
11 changed files with 347 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/include.am
View File

@@ -53,7 +53,7 @@ if BUILD_EXAMPLE_CLIENTS
if !BUILD_IPV6 if !BUILD_IPV6
dist_noinst_SCRIPTS+= scripts/external.test dist_noinst_SCRIPTS+= scripts/external.test
dist_noinst_SCRIPTS+= scripts/google.test dist_noinst_SCRIPTS+= scripts/google.test
#dist_noinst_SCRIPTS+= scripts/openssl.test dist_noinst_SCRIPTS+= scripts/openssl.test
endif endif
endif endif

45
scripts/openssl.test
View File

@@ -3,7 +3,15 @@
#openssl.test #openssl.test
# need a unique port since may run the same time as testsuite # need a unique port since may run the same time as testsuite
openssl_port=11114 generate_port() {
openssl_port=`LC_CTYPE=C tr -cd 0-9 </dev/urandom | head -c 7`
openssl_port=$((`LC_CTYPE=C tr -cd 1-9 </dev/urandom | head -c 1`$openssl_port))
openssl_port=$(($openssl_port % (65535-49512)))
openssl_port=$(($openssl_port + 49512))
}
generate_port
no_pid=-1 no_pid=-1
server_pid=$no_pid server_pid=$no_pid
wolf_suites_tested=0 wolf_suites_tested=0
@@ -44,7 +52,7 @@ do_cleanup() {
do_trap() { do_trap() {
echo "got trap" echo "got trap"
do_cleanup do_cleanup
exit -1 exit 1
} }
trap do_trap INT TERM trap do_trap INT TERM
@@ -68,12 +76,35 @@ then
cd .. cd ..
fi fi
echo -e "\nStarting openssl server...\n"
openssl s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem -quiet -CAfile ./certs/client-cert.pem -www -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -Verify 10 -verify_return_error &
server_pid=$!
found_free_port=0
while [ "$counter" -lt 20 ]; do
echo -e "\nTrying to start openssl server on port $openssl_port...\n"
openssl s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem -quiet -CAfile ./certs/client-cert.pem -www -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -Verify 10 -verify_return_error -cipher "ALL:eNULL" &
server_pid=$!
# wait to see if s_server successfully starts before continuing
sleep 0.1
if ps -p $server_pid > /dev/null
then
echo "s_server started successfully on port $openssl_port"
found_free_port=1
break
else
#port already started, try a different port
counter=$((counter+ 1))
generate_port
fi
done
if [ $found_free_port = 0 ]
then
echo -e "Couldn't find free port for server"
do_cleanup
exit 1
fi
# get wolfssl ciphers # get wolfssl ciphers
wolf_ciphers=`./examples/client/client -e` wolf_ciphers=`./examples/client/client -e`
@@ -99,7 +130,7 @@ if [ $server_ready = 0 ]
then then
echo -e "Couldn't verify openssl server is running, timeout error" echo -e "Couldn't verify openssl server is running, timeout error"
do_cleanup do_cleanup
exit -1 exit 1
fi fi
OIFS=$IFS # store old seperator to reset OIFS=$IFS # store old seperator to reset

56
src/internal.c
View File

@@ -2498,6 +2498,10 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
ssl->sessionSecretCb = NULL; ssl->sessionSecretCb = NULL;
ssl->sessionSecretCtx = NULL; ssl->sessionSecretCtx = NULL;
#endif #endif
#ifdef HAVE_SESSION_TICKET
ssl->session.ticket = ssl->session.staticTicket;
#endif
return 0; return 0;
} }
@@ -2668,6 +2672,15 @@ void SSL_ResourceFree(WOLFSSL* ssl)
#if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS) #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
FreeX509(&ssl->peerCert); FreeX509(&ssl->peerCert);
#endif #endif
#ifdef HAVE_SESSION_TICKET
if (ssl->session.isDynamic) {
XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
ssl->session.ticket = ssl->session.staticTicket;
ssl->session.isDynamic = 0;
ssl->session.ticketLen = 0;
}
#endif
} }
#ifdef WOLFSSL_TI_HASH #ifdef WOLFSSL_TI_HASH
@@ -2805,6 +2818,16 @@ void FreeHandshakeResources(WOLFSSL* ssl)
#ifdef HAVE_QSH #ifdef HAVE_QSH
QSH_FreeAll(ssl); QSH_FreeAll(ssl);
#endif #endif
#ifdef HAVE_SESSION_TICKET
if (ssl->session.isDynamic) {
XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
ssl->session.ticket = ssl->session.staticTicket;
ssl->session.isDynamic = 0;
ssl->session.ticketLen = 0;
}
#endif
} }
@@ -14422,12 +14445,29 @@ int DoSessionTicket(WOLFSSL* ssl,
ato16(input + *inOutIdx, &length); ato16(input + *inOutIdx, &length);
*inOutIdx += OPAQUE16_LEN; *inOutIdx += OPAQUE16_LEN;
if (length > sizeof(ssl->session.ticket))
return SESSION_TICKET_LEN_E;
if ((*inOutIdx - begin) + length > size) if ((*inOutIdx - begin) + length > size)
return BUFFER_ERROR; return BUFFER_ERROR;
if (length > sizeof(ssl->session.staticTicket)) {
/* Free old dynamic ticket if we already had one */
if (ssl->session.isDynamic)
XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
ssl->session.ticket =
(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
if (ssl->session.ticket == NULL) {
/* Set to static ticket to avoid null pointer error */
ssl->session.ticket = ssl->session.staticTicket;
return MEMORY_E;
}
ssl->session.isDynamic = 1;
} else {
if(ssl->session.isDynamic) {
XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
}
ssl->session.isDynamic = 0;
ssl->session.ticket = ssl->session.staticTicket;
}
/* If the received ticket including its length is greater than /* If the received ticket including its length is greater than
* a length value, the save it. Otherwise, don't save it. */ * a length value, the save it. Otherwise, don't save it. */
if (length > 0) { if (length > 0) {
@@ -16085,7 +16125,7 @@ int DoSessionTicket(WOLFSSL* ssl,
if (ssl->options.resuming) { /* let's try */ if (ssl->options.resuming) { /* let's try */
int ret = -1; int ret = -1;
WOLFSSL_SESSION* session = GetSession(ssl, WOLFSSL_SESSION* session = GetSession(ssl,
ssl->arrays->masterSecret); ssl->arrays->masterSecret, 1);
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
if (ssl->options.useTicket == 1) { if (ssl->options.useTicket == 1) {
session = &ssl->session; session = &ssl->session;
@@ -16100,9 +16140,6 @@ int DoSessionTicket(WOLFSSL* ssl,
WOLFSSL_MSG("Unsupported cipher suite, OldClientHello"); WOLFSSL_MSG("Unsupported cipher suite, OldClientHello");
return UNSUPPORTED_SUITE; return UNSUPPORTED_SUITE;
} }
#ifdef SESSION_CERTS
ssl->session = *session; /* restore session certs. */
#endif
ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
RAN_LEN); RAN_LEN);
@@ -16480,7 +16517,7 @@ int DoSessionTicket(WOLFSSL* ssl,
if (ssl->options.resuming) { if (ssl->options.resuming) {
int ret = -1; int ret = -1;
WOLFSSL_SESSION* session = GetSession(ssl, WOLFSSL_SESSION* session = GetSession(ssl,
ssl->arrays->masterSecret); ssl->arrays->masterSecret, 1);
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
if (ssl->options.useTicket == 1) { if (ssl->options.useTicket == 1) {
session = &ssl->session; session = &ssl->session;
@@ -16496,9 +16533,6 @@ int DoSessionTicket(WOLFSSL* ssl,
WOLFSSL_MSG("Unsupported cipher suite, ClientHello"); WOLFSSL_MSG("Unsupported cipher suite, ClientHello");
return UNSUPPORTED_SUITE; return UNSUPPORTED_SUITE;
} }
#ifdef SESSION_CERTS
ssl->session = *session; /* restore session certs. */
#endif
ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
RAN_LEN); RAN_LEN);

4
src/sniffer.c
View File

@@ -1560,7 +1560,7 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
if (doResume ) { if (doResume ) {
int ret = 0; int ret = 0;
SSL_SESSION* resume = GetSession(session->sslServer, SSL_SESSION* resume = GetSession(session->sslServer,
session->sslServer->arrays->masterSecret); session->sslServer->arrays->masterSecret, 0);
if (resume == NULL) { if (resume == NULL) {
SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
return -1; return -1;
@@ -1825,7 +1825,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
if (ret == 0 && session->flags.cached == 0) { if (ret == 0 && session->flags.cached == 0) {
if (session->sslServer->options.haveSessionId) { if (session->sslServer->options.haveSessionId) {
WOLFSSL_SESSION* sess = GetSession(session->sslServer, NULL); WOLFSSL_SESSION* sess = GetSession(session->sslServer, NULL, 0);
if (sess == NULL) if (sess == NULL)
AddSession(session->sslServer); /* don't re add */ AddSession(session->sslServer); /* don't re add */
session->flags.cached = 1; session->flags.cached = 1;

285
src/ssl.c
View File

@@ -1290,8 +1290,32 @@ WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz)
if (ssl == NULL || (buf == NULL && bufSz > 0)) if (ssl == NULL || (buf == NULL && bufSz > 0))
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (bufSz > 0) if (bufSz > 0) {
XMEMCPY(ssl->session.ticket, buf, bufSz); /* Ticket will fit into static ticket */
if(bufSz <= SESSION_TICKET_LEN) {
if (ssl->session.isDynamic) {
XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
ssl->session.isDynamic = 0;
ssl->session.ticket = ssl->session.staticTicket;
}
XMEMCPY(ssl->session.ticket, buf, bufSz);
} else { /* Ticket requires dynamic ticket storage */
if (ssl->session.ticketLen < bufSz) {
if(ssl->session.isDynamic)
XFREE(ssl->session.ticket, ssl->heap,
DYNAMIC_TYPE_SESSION_TICK);
ssl->session.ticket = XMALLOC(bufSz, ssl->heap,
DYNAMIC_TYPE_SESSION_TICK);
if(!ssl->session.ticket) {
ssl->session.ticket = ssl->session.staticTicket;
return MEMORY_ERROR;
}
ssl->session.isDynamic = 1;
}
XMEMCPY(ssl->session.ticket, buf, bufSz);
}
}
ssl->session.ticketLen = (word16)bufSz; ssl->session.ticketLen = (word16)bufSz;
return SSL_SUCCESS; return SSL_SUCCESS;
@@ -5278,7 +5302,7 @@ WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl)
{ {
WOLFSSL_ENTER("SSL_get_session"); WOLFSSL_ENTER("SSL_get_session");
if (ssl) if (ssl)
return GetSession(ssl, 0); return GetSession(ssl, 0, 0);
return NULL; return NULL;
} }
@@ -7024,7 +7048,8 @@ WOLFSSL_SESSION* GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
#endif /* NO_CLIENT_CACHE */ #endif /* NO_CLIENT_CACHE */
WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret) WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
byte restoreSessionCerts)
{ {
WOLFSSL_SESSION* ret = 0; WOLFSSL_SESSION* ret = 0;
const byte* id = NULL; const byte* id = NULL;
@@ -7033,6 +7058,8 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret)
int count; int count;
int error = 0; int error = 0;
(void) restoreSessionCerts;
if (ssl->options.sessionCacheOff) if (ssl->options.sessionCacheOff)
return NULL; return NULL;
@@ -7080,6 +7107,17 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret)
ret = current; ret = current;
if (masterSecret) if (masterSecret)
XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN); XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN);
#ifdef SESSION_CERTS
/* If set, we should copy the session certs into the ssl object
* from the session we are returning so we can resume */
if (restoreSessionCerts) {
ssl->session.chain = ret->chain;
ssl->session.version = ret->version;
ssl->session.cipherSuite0 = ret->cipherSuite0;
ssl->session.cipherSuite = ret->cipherSuite;
}
#endif /* SESSION_CERTS */
} else { } else {
WOLFSSL_MSG("Session timed out"); WOLFSSL_MSG("Session timed out");
} }
@@ -7095,13 +7133,102 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret)
} }
int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
{
WOLFSSL_SESSION* copyInto = &ssl->session;
void* tmpBuff = NULL;
int ticketLen;
int doDynamicCopy = 0;
int ret = SSL_SUCCESS;
(void)ticketLen;
(void)doDynamicCopy;
(void)tmpBuff;
if (!ssl || !copyFrom)
return BAD_FUNC_ARG;
if (LockMutex(&session_mutex) != 0)
return BAD_MUTEX_E;
#ifdef HAVE_SESSION_TICKET
/* Free old dynamic ticket if we had one to avoid leak */
if (copyInto->isDynamic) {
XFREE(copyInto->ticket, ssl->heap, DYNAMIC_TYPE_SESS_TICK);
copyInto->ticket = copyInto->staticTicket;
copyInto->isDynamic = 0;
}
/* Size of ticket to alloc if needed; Use later for alloc outside lock */
doDynamicCopy = copyFrom->isDynamic;
ticketLen = copyFrom->ticketLen;
#endif
*copyInto = *copyFrom;
/* Default ticket to non dynamic. This will avoid crash if we fail below */
#ifdef HAVE_SESSION_TICKET
copyInto->ticket = copyInto->staticTicket;
copyInto->isDynamic = 0;
#endif
if (UnLockMutex(&session_mutex) != 0) {
return BAD_MUTEX_E;
}
#ifdef HAVE_SESSION_TICKET
/* If doing dynamic copy, need to alloc outside lock, then inside a lock
* confirm the size still matches and memcpy */
if (doDynamicCopy) {
tmpBuff = XMALLOC(ticketLen, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
if (!tmpBuff)
return MEMORY_ERROR;
if (LockMutex(&session_mutex) != 0) {
XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESS_TICK);
return BAD_MUTEX_E;
}
if (ticketLen != copyFrom->ticketLen) {
/* Another thread modified the ssl-> session ticket during alloc.
* Treat as error, since ticket different than when copy requested */
ret = VAR_STATE_CHANGE_E;
}
if (ret == SSL_SUCCESS) {
copyInto->ticket = tmpBuff;
copyInto->isDynamic = 1;
XMEMCPY(copyInto->ticket, copyFrom->ticket, ticketLen);
}
} else {
/* Need to ensure ticket pointer gets updated to own buffer
* and is not pointing to buff of session copied from */
copyInto->ticket = copyInto->staticTicket;
}
if (UnLockMutex(&session_mutex) != 0) {
if (ret == SSL_SUCCESS)
ret = BAD_MUTEX_E;
}
if (ret != SSL_SUCCESS) {
/* cleanup */
if (tmpBuff)
XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESS_TICK);
copyInto->ticket = copyInto->staticTicket;
copyInto->isDynamic = 0;
}
#endif /* HAVE_SESSION_TICKET */
return ret;
}
int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session) int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
{ {
if (ssl->options.sessionCacheOff) if (ssl->options.sessionCacheOff)
return SSL_FAILURE; return SSL_FAILURE;
if (LowResTimer() < (session->bornOn + session->timeout)) { if (LowResTimer() < (session->bornOn + session->timeout)) {
ssl->session = *session; GetDeepCopySession(ssl, session);
ssl->options.resuming = 1; ssl->options.resuming = 1;
#ifdef SESSION_CERTS #ifdef SESSION_CERTS
@@ -7125,6 +7252,10 @@ int AddSession(WOLFSSL* ssl)
{ {
word32 row, idx; word32 row, idx;
int error = 0; int error = 0;
#ifdef HAVE_SESSION_TICKET
byte* tmpBuff = NULL;
int ticLen = 0;
#endif
if (ssl->options.sessionCacheOff) if (ssl->options.sessionCacheOff)
return 0; return 0;
@@ -7143,8 +7274,23 @@ int AddSession(WOLFSSL* ssl)
return error; return error;
} }
if (LockMutex(&session_mutex) != 0) #ifdef HAVE_SESSION_TICKET
ticLen = ssl->session.ticketLen;
/* Alloc Memory here so if Malloc fails can exit outside of lock */
if(ticLen > SESSION_TICKET_LEN) {
tmpBuff = XMALLOC(ticLen, ssl->heap,
DYNAMIC_TYPE_SESSION_TICK);
if(!tmpBuff)
return MEMORY_E;
}
#endif
if (LockMutex(&session_mutex) != 0) {
#ifdef HAVE_SESSION_TICKET
XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
#endif
return BAD_MUTEX_E; return BAD_MUTEX_E;
}
idx = SessionCache[row].nextIdx++; idx = SessionCache[row].nextIdx++;
#ifdef SESSION_INDEX #ifdef SESSION_INDEX
@@ -7161,52 +7307,93 @@ int AddSession(WOLFSSL* ssl)
SessionCache[row].Sessions[idx].bornOn = LowResTimer(); SessionCache[row].Sessions[idx].bornOn = LowResTimer();
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen; /* Check if another thread modified ticket since alloc */
XMEMCPY(SessionCache[row].Sessions[idx].ticket, if (ticLen != ssl->session.ticketLen) {
ssl->session.ticket, ssl->session.ticketLen); error = VAR_STATE_CHANGE_E;
}
if (error == 0) {
/* Cleanup cache row's old Dynamic buff if exists */
if(SessionCache[row].Sessions[idx].isDynamic) {
XFREE(SessionCache[row].Sessions[idx].ticket,
ssl->heap, DYNAMIC_TYPE_SESS_TICK);
SessionCache[row].Sessions[idx].ticket = NULL;
}
/* If too large to store in static buffer, use dyn buffer */
if (ticLen > SESSION_TICKET_LEN) {
SessionCache[row].Sessions[idx].ticket = tmpBuff;
SessionCache[row].Sessions[idx].isDynamic = 1;
} else {
SessionCache[row].Sessions[idx].ticket =
SessionCache[row].Sessions[idx].staticTicket;
SessionCache[row].Sessions[idx].isDynamic = 0;
}
}
if (error == 0) {
SessionCache[row].Sessions[idx].ticketLen = ticLen;
XMEMCPY(SessionCache[row].Sessions[idx].ticket,
ssl->session.ticket, ticLen);
} else { /* cleanup, reset state */
SessionCache[row].Sessions[idx].ticket =
SessionCache[row].Sessions[idx].staticTicket;
SessionCache[row].Sessions[idx].isDynamic = 0;
SessionCache[row].Sessions[idx].ticketLen = 0;
if (tmpBuff) {
XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
tmpBuff = NULL;
}
}
#endif #endif
#ifdef SESSION_CERTS #ifdef SESSION_CERTS
SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count; if (error == 0) {
XMEMCPY(SessionCache[row].Sessions[idx].chain.certs, SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count;
ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH); XMEMCPY(SessionCache[row].Sessions[idx].chain.certs,
ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH);
SessionCache[row].Sessions[idx].version = ssl->version; SessionCache[row].Sessions[idx].version = ssl->version;
SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0; SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0;
SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite; SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite;
#endif /* SESSION_CERTS */ }
#endif /* SESSION_CERTS */
SessionCache[row].totalCount++; if (error == 0) {
if (SessionCache[row].nextIdx == SESSIONS_PER_ROW) SessionCache[row].totalCount++;
SessionCache[row].nextIdx = 0; if (SessionCache[row].nextIdx == SESSIONS_PER_ROW)
SessionCache[row].nextIdx = 0;
#ifndef NO_CLIENT_CACHE }
if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->session.idLen) { #ifndef NO_CLIENT_CACHE
word32 clientRow, clientIdx; if (error == 0) {
if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->session.idLen) {
WOLFSSL_MSG("Adding client cache entry"); word32 clientRow, clientIdx;
SessionCache[row].Sessions[idx].idLen = ssl->session.idLen; WOLFSSL_MSG("Adding client cache entry");
XMEMCPY(SessionCache[row].Sessions[idx].serverID, ssl->session.serverID,
ssl->session.idLen); SessionCache[row].Sessions[idx].idLen = ssl->session.idLen;
XMEMCPY(SessionCache[row].Sessions[idx].serverID,
clientRow = HashSession(ssl->session.serverID, ssl->session.idLen, ssl->session.serverID, ssl->session.idLen);
&error) % SESSION_ROWS;
if (error != 0) { clientRow = HashSession(ssl->session.serverID, ssl->session.idLen,
WOLFSSL_MSG("Hash session failed"); &error) % SESSION_ROWS;
} else { if (error != 0) {
clientIdx = ClientCache[clientRow].nextIdx++; WOLFSSL_MSG("Hash session failed");
} else {
ClientCache[clientRow].Clients[clientIdx].serverRow = (word16)row; clientIdx = ClientCache[clientRow].nextIdx++;
ClientCache[clientRow].Clients[clientIdx].serverIdx = (word16)idx;
ClientCache[clientRow].Clients[clientIdx].serverRow =
ClientCache[clientRow].totalCount++; (word16)row;
if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW) ClientCache[clientRow].Clients[clientIdx].serverIdx =
ClientCache[clientRow].nextIdx = 0; (word16)idx;
}
ClientCache[clientRow].totalCount++;
if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW)
ClientCache[clientRow].nextIdx = 0;
}
}
else
SessionCache[row].Sessions[idx].idLen = 0;
} }
else
SessionCache[row].Sessions[idx].idLen = 0;
#endif /* NO_CLIENT_CACHE */ #endif /* NO_CLIENT_CACHE */
#if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
@@ -7438,10 +7625,12 @@ int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak,
#else /* NO_SESSION_CACHE */ #else /* NO_SESSION_CACHE */
/* No session cache version */ /* No session cache version */
WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret) WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
byte restoreSessionCerts)
{ {
(void)ssl; (void)ssl;
(void)masterSecret; (void)masterSecret;
(void)restoreSessionCerts;
return NULL; return NULL;
} }

4
src/tls.c
View File

@@ -3212,9 +3212,11 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
#define STK_GET_SIZE TLSX_SessionTicket_GetSize #define STK_GET_SIZE TLSX_SessionTicket_GetSize
#define STK_WRITE TLSX_SessionTicket_Write #define STK_WRITE TLSX_SessionTicket_Write
#define STK_PARSE TLSX_SessionTicket_Parse #define STK_PARSE TLSX_SessionTicket_Parse
#define STK_FREE(stk) TLSX_SessionTicket_Free((SessionTicket*)stk)
#else #else
#define STK_FREE(a)
#define STK_VALIDATE_REQUEST(a) #define STK_VALIDATE_REQUEST(a)
#define STK_GET_SIZE(a, b) 0 #define STK_GET_SIZE(a, b) 0
#define STK_WRITE(a, b, c) 0 #define STK_WRITE(a, b, c) 0
@@ -3864,7 +3866,7 @@ void TLSX_FreeAll(TLSX* list)
break; break;
case TLSX_SESSION_TICKET: case TLSX_SESSION_TICKET:
/* Nothing to do. */ STK_FREE(extension->data);
break; break;
case TLSX_QUANTUM_SAFE_HYBRID: case TLSX_QUANTUM_SAFE_HYBRID:

3
wolfcrypt/src/error.c
View File

@@ -101,6 +101,9 @@ const char* wc_GetErrorString(int error)
case MEMORY_E : case MEMORY_E :
return "out of memory error"; return "out of memory error";
case VAR_STATE_CHANGE_E :
return "Variable state modified by different thread";
case RSA_WRONG_TYPE_E : case RSA_WRONG_TYPE_E :
return "RSA wrong block type for RSA function"; return "RSA wrong block type for RSA function";

24
wolfssl/internal.h
View File

@@ -2199,11 +2199,11 @@ struct WOLFSSL_X509_CHAIN {
/* wolfSSL session type */ /* wolfSSL session type */
struct WOLFSSL_SESSION { struct WOLFSSL_SESSION {
word32 bornOn; /* create time in seconds */ word32 bornOn; /* create time in seconds */
word32 timeout; /* timeout in seconds */ word32 timeout; /* timeout in seconds */
byte sessionID[ID_LEN]; /* id for protocol */ byte sessionID[ID_LEN]; /* id for protocol */
byte sessionIDSz; byte sessionIDSz;
byte masterSecret[SECRET_LEN]; /* stored secret */ byte masterSecret[SECRET_LEN]; /* stored secret */
#ifdef SESSION_CERTS #ifdef SESSION_CERTS
WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
ProtocolVersion version; /* which version was used */ ProtocolVersion version; /* which version was used */
@@ -2211,21 +2211,23 @@ struct WOLFSSL_SESSION {
byte cipherSuite; /* 2nd byte, actual suite */ byte cipherSuite; /* 2nd byte, actual suite */
#endif #endif
#ifndef NO_CLIENT_CACHE #ifndef NO_CLIENT_CACHE
word16 idLen; /* serverID length */ word16 idLen; /* serverID length */
byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
#endif #endif
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
word16 ticketLen; byte* ticket;
byte ticket[SESSION_TICKET_LEN]; word16 ticketLen;
byte staticTicket[SESSION_TICKET_LEN];
byte isDynamic;
#endif #endif
#ifdef HAVE_STUNNEL #ifdef HAVE_STUNNEL
void* ex_data[MAX_EX_DATA]; void* ex_data[MAX_EX_DATA];
#endif #endif
}; };
WOLFSSL_LOCAL WOLFSSL_LOCAL
WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*); WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
WOLFSSL_LOCAL WOLFSSL_LOCAL
int SetSession(WOLFSSL*, WOLFSSL_SESSION*); int SetSession(WOLFSSL*, WOLFSSL_SESSION*);

1
wolfssl/ssl.h
View File

@@ -287,6 +287,7 @@ WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *); WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *);
WOLFSSL_API int GetDeepCopySession(WOLFSSL*, WOLFSSL_SESSION*);
WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl,WOLFSSL_SESSION* session); WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl,WOLFSSL_SESSION* session);
WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* session, long t); WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* session, long t);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl);

2
wolfssl/wolfcrypt/error-crypt.h
View File

@@ -59,6 +59,8 @@ enum {
MP_ZERO_E = -121, /* got a mp zero result, not expected */ MP_ZERO_E = -121, /* got a mp zero result, not expected */
MEMORY_E = -125, /* out of memory error */ MEMORY_E = -125, /* out of memory error */
VAR_STATE_CHANGE_E = -126, /* var state modified by different thread */
RSA_WRONG_TYPE_E = -130, /* RSA wrong block type for RSA function */ RSA_WRONG_TYPE_E = -130, /* RSA wrong block type for RSA function */
RSA_BUFFER_E = -131, /* RSA buffer error, output too small or RSA_BUFFER_E = -131, /* RSA buffer error, output too small or

3
wolfssl/wolfcrypt/types.h
View File

@@ -316,7 +316,8 @@
DYNAMIC_TYPE_X509_CTX = 53, DYNAMIC_TYPE_X509_CTX = 53,
DYNAMIC_TYPE_URL = 54, DYNAMIC_TYPE_URL = 54,
DYNAMIC_TYPE_DTLS_FRAG = 55, DYNAMIC_TYPE_DTLS_FRAG = 55,
DYNAMIC_TYPE_DTLS_BUFFER = 56 DYNAMIC_TYPE_DTLS_BUFFER = 56,
DYNAMIC_TYPE_SESSION_TICK = 57
}; };
/* max error buffer string size */ /* max error buffer string size */