mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-02 04:04:39 +02:00
Fix for session test with TLS v1.3 and session tickets not enabled. Cleanups in AddSession.
This commit is contained in:
David Garske
49
src/ssl.c
49
src/ssl.c
@@ -12626,6 +12626,7 @@ int AddSession(WOLFSSL* ssl)
|
|||||||
word32 row = 0;
|
word32 row = 0;
|
||||||
word32 idx = 0;
|
word32 idx = 0;
|
||||||
int error = 0;
|
int error = 0;
|
||||||
|
const byte* id = NULL;
|
||||||
#ifdef HAVE_SESSION_TICKET
|
#ifdef HAVE_SESSION_TICKET
|
||||||
byte* tmpBuff = NULL;
|
byte* tmpBuff = NULL;
|
||||||
int ticLen = 0;
|
int ticLen = 0;
|
||||||
@@ -12645,6 +12646,17 @@ int AddSession(WOLFSSL* ssl)
|
|||||||
return 0;
|
return 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
|
||||||
|
if (ssl->options.tls1_3)
|
||||||
|
id = ssl->session.sessionID;
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
if (ssl->arrays)
|
||||||
|
id = ssl->arrays->sessionID;
|
||||||
|
if (id == NULL) {
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef HAVE_SESSION_TICKET
|
#ifdef HAVE_SESSION_TICKET
|
||||||
ticLen = ssl->session.ticketLen;
|
ticLen = ssl->session.ticketLen;
|
||||||
/* Alloc Memory here so if Malloc fails can exit outside of lock */
|
/* Alloc Memory here so if Malloc fails can exit outside of lock */
|
||||||
@@ -12675,17 +12687,7 @@ int AddSession(WOLFSSL* ssl)
|
|||||||
{
|
{
|
||||||
/* Use the session object in the cache for external cache if required.
|
/* Use the session object in the cache for external cache if required.
|
||||||
*/
|
*/
|
||||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
|
row = HashSession(id, ID_LEN, &error) % SESSION_ROWS;
|
||||||
if (ssl->options.tls1_3) {
|
|
||||||
row = HashSession(ssl->session.sessionID, ID_LEN, &error) %
|
|
||||||
SESSION_ROWS;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
{
|
|
||||||
row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) %
|
|
||||||
SESSION_ROWS;
|
|
||||||
}
|
|
||||||
if (error != 0) {
|
if (error != 0) {
|
||||||
WOLFSSL_MSG("Hash session failed");
|
WOLFSSL_MSG("Hash session failed");
|
||||||
#ifdef HAVE_SESSION_TICKET
|
#ifdef HAVE_SESSION_TICKET
|
||||||
@@ -12702,23 +12704,13 @@ int AddSession(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (i=0; i<SESSIONS_PER_ROW; i++) {
|
for (i=0; i<SESSIONS_PER_ROW; i++) {
|
||||||
if (ssl->options.tls1_3) {
|
if (XMEMCMP(id, SessionCache[row].Sessions[i].sessionID, ID_LEN) == 0) {
|
||||||
if (XMEMCMP(ssl->session.sessionID, SessionCache[row].Sessions[i].sessionID, ID_LEN) == 0) {
|
|
||||||
WOLFSSL_MSG("Session already exists. Overwriting.");
|
WOLFSSL_MSG("Session already exists. Overwriting.");
|
||||||
overwrite = 1;
|
overwrite = 1;
|
||||||
idx = i;
|
idx = i;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
if (XMEMCMP(ssl->arrays->sessionID, SessionCache[row].Sessions[i].sessionID, ID_LEN) == 0) {
|
|
||||||
WOLFSSL_MSG("Session already exists. Overwriting.");
|
|
||||||
overwrite = 1;
|
|
||||||
idx = i;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!overwrite) {
|
if (!overwrite) {
|
||||||
idx = SessionCache[row].nextIdx++;
|
idx = SessionCache[row].nextIdx++;
|
||||||
@@ -12729,22 +12721,19 @@ int AddSession(WOLFSSL* ssl)
|
|||||||
session = &SessionCache[row].Sessions[idx];
|
session = &SessionCache[row].Sessions[idx];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ssl->options.tls1_3)
|
#ifdef WOLFSSL_TLS13
|
||||||
XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN);
|
|
||||||
else
|
|
||||||
XMEMCPY(session->masterSecret, ssl->session.masterSecret, SECRET_LEN);
|
|
||||||
session->haveEMS = ssl->options.haveEMS;
|
|
||||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
|
|
||||||
if (ssl->options.tls1_3) {
|
if (ssl->options.tls1_3) {
|
||||||
XMEMCPY(session->sessionID, ssl->session.sessionID, ID_LEN);
|
XMEMCPY(session->masterSecret, ssl->session.masterSecret, SECRET_LEN);
|
||||||
session->sessionIDSz = ID_LEN;
|
session->sessionIDSz = ID_LEN;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN);
|
XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN);
|
||||||
session->sessionIDSz = ssl->arrays->sessionIDSz;
|
session->sessionIDSz = ssl->arrays->sessionIDSz;
|
||||||
}
|
}
|
||||||
|
XMEMCPY(session->sessionID, id, ID_LEN);
|
||||||
|
session->haveEMS = ssl->options.haveEMS;
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
/* If using compatibility layer then check for and copy over session context
|
/* If using compatibility layer then check for and copy over session context
|
||||||
|
|||||||
@@ -25449,7 +25449,12 @@ static void test_wolfSSL_SESSION(void)
|
|||||||
char msg[80];
|
char msg[80];
|
||||||
|
|
||||||
printf(testingFmt, "wolfSSL_SESSION()");
|
printf(testingFmt, "wolfSSL_SESSION()");
|
||||||
|
/* TLS v1.3 requires session tickets */
|
||||||
|
#if defined(WOLFSSL_TLS13) && !defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_TLS12)
|
||||||
|
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
|
||||||
|
#else
|
||||||
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
|
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
|
||||||
|
#endif
|
||||||
|
|
||||||
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
|
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
|
||||||
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
|
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
|
||||||
|
|||||||
Reference in New Issue
Block a user