wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Changes from review

Browse Source 
Add a free handshake resources API.
Rename to wolfSSL_KeepHandshakeResources().
Add APIs to indicate the client's preference order is to be used when
matching cipher suites.
This commit is contained in:
Sean Parkinson
2017-03-07 13:02:49 +10:00
parent ac713e62c5
commit 97b98c5c44
4 changed files with 59 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/internal.c
View File

@@ -3513,6 +3513,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
#ifdef HAVE_EXTENDED_MASTER #ifdef HAVE_EXTENDED_MASTER
ssl->options.haveEMS = ctx->haveEMS; ssl->options.haveEMS = ctx->haveEMS;
#endif #endif
ssl->options.useClientOrder = ctx->useClientOrder;
#ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_TLS_EXTENSIONS
#ifdef HAVE_MAX_FRAGMENT #ifdef HAVE_MAX_FRAGMENT
@@ -18841,8 +18842,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ssl->suites == NULL) if (ssl->suites == NULL)
return SUITES_ERROR; return SUITES_ERROR;
#ifdef WOLFSSL_WPAS if (!ssl->options.useClientOrder) {
if (ssl->options.mask | SSL_OP_CIPHER_SERVER_PREFERENCE) {
/* Server order */ /* Server order */
for (i = 0; i < ssl->suites->suiteSz; i += 2) { for (i = 0; i < ssl->suites->suiteSz; i += 2) {
for (j = 0; j < peerSuites->suiteSz; j += 2) { for (j = 0; j < peerSuites->suiteSz; j += 2) {
@@ -18862,16 +18862,6 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
} }
} }
} }
#else
/* Server order */
for (i = 0; i < ssl->suites->suiteSz; i += 2) {
for (j = 0; j < peerSuites->suiteSz; j += 2) {
ret = CompareSuites(ssl, peerSuites, i, j);
if (ret != MATCH_SUITE_ERROR)
return ret;
}
}
#endif
return MATCH_SUITE_ERROR; return MATCH_SUITE_ERROR;
} }

50
src/ssl.c
View File

@@ -2065,8 +2065,9 @@ void wolfSSL_FreeArrays(WOLFSSL* ssl)
* handshake. * handshake.
* *
* ssl The SSL/TLS object. * ssl The SSL/TLS object.
* returns BAD_FUNC_ARG when ssl is NULL and 0 on success.
*/ */
int wolfSSL_KeepResources(WOLFSSL* ssl) int wolfSSL_KeepHandshakeResources(WOLFSSL* ssl)
{ {
if (ssl == NULL) if (ssl == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -2076,6 +2077,51 @@ int wolfSSL_KeepResources(WOLFSSL* ssl)
return 0; return 0;
} }
/* Free the handshake resources after handshake.
*
* ssl The SSL/TLS object.
* returns BAD_FUNC_ARG when ssl is NULL and 0 on success.
*/
int wolfSSL_FreeHandshakeResources(WOLFSSL* ssl)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
FreeHandshakeResources(ssl);
return 0;
}
/* Use the client's order of preference when matching cipher suites.
*
* ssl The SSL/TLS context object.
* returns BAD_FUNC_ARG when ssl is NULL and 0 on success.
*/
int wolfSSL_CTX_UseClientSuites(WOLFSSL_CTX* ctx)
{
if (ctx == NULL)
return BAD_FUNC_ARG;
ctx->useClientOrder = 1;
return 0;
}
/* Use the client's order of preference when matching cipher suites.
*
* ssl The SSL/TLS object.
* returns BAD_FUNC_ARG when ssl is NULL and 0 on success.
*/
int wolfSSL_UseClientSuites(WOLFSSL* ssl)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
ssl->options.useClientOrder = 1;
return 0;
}
const byte* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify) const byte* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify)
{ {
if (ssl == NULL) if (ssl == NULL)
@@ -8225,8 +8271,10 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#endif /* NO_HANDSHAKE_DONE_CB */ #endif /* NO_HANDSHAKE_DONE_CB */
if (!ssl->options.dtls) { if (!ssl->options.dtls) {
if (!ssl->options.keepResources) {
FreeHandshakeResources(ssl); FreeHandshakeResources(ssl);
} }
}
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
else { else {
ssl->options.dtlsHsRetain = 1; ssl->options.dtlsHsRetain = 1;

2
wolfssl/internal.h
View File

@@ -1984,6 +1984,7 @@ struct WOLFSSL_CTX {
byte groupMessages; /* group handshake messages before sending */ byte groupMessages; /* group handshake messages before sending */
byte minDowngrade; /* minimum downgrade version */ byte minDowngrade; /* minimum downgrade version */
byte haveEMS; /* have extended master secret extension */ byte haveEMS; /* have extended master secret extension */
byte useClientOrder; /* Use client's cipher preference order */
#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
byte dtlsSctp; /* DTLS-over-SCTP mode */ byte dtlsSctp; /* DTLS-over-SCTP mode */
word16 dtlsMtuSz; /* DTLS MTU size */ word16 dtlsMtuSz; /* DTLS MTU size */
@@ -2495,6 +2496,7 @@ typedef struct Options {
word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */ word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
#endif #endif
word16 keepResources:1; /* Keep resources after handshake */ word16 keepResources:1; /* Keep resources after handshake */
word16 useClientOrder:1; /* Use client's cipher order */
/* need full byte values for this section */ /* need full byte values for this section */
byte processReply; /* nonblocking resume */ byte processReply; /* nonblocking resume */

6
wolfssl/ssl.h
View File

@@ -1650,7 +1650,11 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*); WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*);
WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*); WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*);
WOLFSSL_API int wolfSSL_KeepResources(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_KeepHandshakeResources(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_FreeHandshakeResources(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_CTX_UseClientSuites(WOLFSSL_CTX* ctx);
WOLFSSL_API int wolfSSL_UseClientSuites(WOLFSSL* ssl);
/* async additions */ /* async additions */
WOLFSSL_API int wolfSSL_UseAsync(WOLFSSL*, int devId); WOLFSSL_API int wolfSSL_UseAsync(WOLFSSL*, int devId);