wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Parse the NewSessionTicket handshake message

Browse Source
This commit is contained in:
John Safranek
2014-10-01 16:28:01 -07:00
parent 2f5520d14c
commit 9dbc1d2d00
3 changed files with 69 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cyassl/error-ssl.h
View File

@@ -123,9 +123,11 @@ enum CyaSSL_ErrorCodes {
/* begin negotiation parameter errors */ /* begin negotiation parameter errors */
UNSUPPORTED_SUITE = -390, /* unsupported cipher suite */ UNSUPPORTED_SUITE = -390, /* unsupported cipher suite */
MATCH_SUITE_ERROR = -391 /* can't match cipher suite */ MATCH_SUITE_ERROR = -391, /* can't match cipher suite */
/* end negotiation parameter errors only 10 for now */ /* end negotiation parameter errors only 10 for now */
/* add strings to SetErrorString !!!!! */ /* add strings to SetErrorString !!!!! */
SESSION_TICKET_LEN_E = -392 /* Session Ticket too large */
}; };

8
cyassl/internal.h
View File

@@ -681,9 +681,11 @@ enum Misc {
OPAQUE8_LEN = 1, /* 1 byte */ OPAQUE8_LEN = 1, /* 1 byte */
OPAQUE16_LEN = 2, /* 2 bytes */ OPAQUE16_LEN = 2, /* 2 bytes */
OPAQUE24_LEN = 3, /* 3 bytes */ OPAQUE24_LEN = 3, /* 3 bytes */
OPAQUE32_LEN = 4, /* 4 bytes */
COMP_LEN = 1, /* compression length */ COMP_LEN = 1, /* compression length */
CURVE_LEN = 2, /* ecc named curve length */ CURVE_LEN = 2, /* ecc named curve length */
SERVER_ID_LEN = 20, /* server session id length */ SERVER_ID_LEN = 20, /* server session id length */
SESSION_TICKET_LEN = 256, /* Session ticket length */
HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
RECORD_HEADER_SZ = 5, /* type + version + len(2) */ RECORD_HEADER_SZ = 5, /* type + version + len(2) */
@@ -1652,6 +1654,12 @@ struct CYASSL_SESSION {
byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
word16 idLen; /* serverID length */ word16 idLen; /* serverID length */
#endif #endif
#ifdef HAVE_SESSION_TICKET
word32 ticketBornOn; /* create time in seconds */
word32 ticketTimeout; /* timeout in seconds */
byte ticket[SESSION_TICKET_LEN];
word16 ticketLen;
#endif
}; };

59
src/internal.c
View File

@@ -76,6 +76,10 @@ static int BuildMessage(CYASSL* ssl, byte* output, int outSz,
static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*, static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*,
word32); word32);
#endif #endif
#ifdef HAVE_SESSION_TICKET
static int DoSessionTicket(CYASSL* ssl, const byte* input, word32*,
word32);
#endif
#endif #endif
@@ -232,7 +236,7 @@ static INLINE void ato16(const byte* c, word16* u16)
} }
#ifdef CYASSL_DTLS #if defined(CYASSL_DTLS) || defined(HAVE_SESSION_TICKET)
/* convert opaque to 32 bit integer */ /* convert opaque to 32 bit integer */
static INLINE void ato32(const byte* c, word32* u32) static INLINE void ato32(const byte* c, word32* u32)
@@ -4590,6 +4594,13 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
CYASSL_MSG("processing server key exchange"); CYASSL_MSG("processing server key exchange");
ret = DoServerKeyExchange(ssl, input, inOutIdx, size); ret = DoServerKeyExchange(ssl, input, inOutIdx, size);
break; break;
#ifdef HAVE_SESSION_TICKET
case session_ticket:
CYASSL_MSG("processing session ticket");
ret = DoSessionTicket(ssl, input, inOutIdx, size);
break;
#endif /* HAVE_SESSION_TICKET */
#endif #endif
#ifndef NO_CERTS #ifndef NO_CERTS
@@ -7648,6 +7659,9 @@ const char* CyaSSL_ERR_reason_error_string(unsigned long e)
case SECURE_RENEGOTIATION_E: case SECURE_RENEGOTIATION_E:
return "Invalid Renegotiation Error"; return "Invalid Renegotiation Error";
case SESSION_TICKET_LEN_E:
return "Session Ticket Too Long Error";
default : default :
return "unknown error number"; return "unknown error number";
} }
@@ -10375,6 +10389,49 @@ static void PickHashSigAlgo(CYASSL* ssl,
#endif /* NO_CERTS */ #endif /* NO_CERTS */
#ifdef HAVE_SESSION_TICKET
int DoSessionTicket(CYASSL* ssl,
const byte* input, word32* inOutIdx, word32 size)
{
word32 begin = *inOutIdx;
word32 lifetime;
word16 length;
if ((*inOutIdx - begin) + OPAQUE32_LEN > size)
return BUFFER_ERROR;
ato32(input + *inOutIdx, &lifetime);
*inOutIdx += OPAQUE32_LEN;
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
return BUFFER_ERROR;
ato16(input + *inOutIdx, &length);
*inOutIdx += OPAQUE16_LEN;
if (length > sizeof(ssl->session.ticket))
return SESSION_TICKET_LEN_E;
if ((*inOutIdx - begin) + length > size)
return BUFFER_ERROR;
if (length > 0) {
XMEMCPY(ssl->session.ticket, input + *inOutIdx, length);
*inOutIdx += length;
ssl->session.ticketLen = length;
ssl->session.ticketTimeout = lifetime;
ssl->session.ticketBornOn = LowResTimer();
}
else {
ssl->session.ticketLen = 0;
ssl->session.ticketTimeout = 0;
ssl->session.ticketBornOn = 0;
}
return BuildFinished(ssl, &ssl->verifyHashes, server);
}
#endif /* HAVE_SESSION_TICKET */
#endif /* NO_CYASSL_CLIENT */ #endif /* NO_CYASSL_CLIENT */