diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index d864f8cb2..1ef3007f8 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -169,14 +169,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) if (TicketInit() != 0) err_sys("unable to setup Session Ticket Key context"); -#ifdef OPENSSL_EXTRA - /* In OpenSSL compat case, the compat layer handles the session - * tickets internally by default */ -#elif ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \ - defined(HAVE_AESGCM)) wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); #endif -#endif #ifndef NO_FILESYSTEM if (doPSK == 0) { diff --git a/examples/server/server.c b/examples/server/server.c index 2260fa46c..05b6f2f54 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1804,14 +1804,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) if (TicketInit() != 0) err_sys_ex(catastrophic, "unable to setup Session Ticket Key context"); -#ifdef OPENSSL_EXTRA - /* In OpenSSL compat case, the compat layer handles the session - * tickets internally by default */ -#elif ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \ - defined(HAVE_AESGCM)) wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); #endif -#endif #if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_STATIC_EPHEMERAL) /* used for testing only to set a static/fixed ephemeral key diff --git a/src/internal.c b/src/internal.c index 178452af1..70199b2b3 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1673,123 +1673,6 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side) } #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ -#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \ - defined(OPENSSL_EXTRA) -static int ctxInitTicket(WOLFSSL_CTX* ctx) -{ - int ret = 0; -#if (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) \ - || (!defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AESGCM)) - WC_RNG rng; - - ret = wc_InitRng(&rng); - if (ret != 0) - return ret; - - ret = wc_RNG_GenerateBlock(&rng, - ctx->ticketCompatName, sizeof(ctx->ticketCompatName)); - if (ret == 0) - ret = wc_RNG_GenerateBlock(&rng, - ctx->ticketCompatKey, sizeof(ctx->ticketCompatKey)); - - wc_FreeRng(&rng); -#else - (void)ctx; -#endif - return ret; -} - -static WC_INLINE int myTicketEncCbCompat(WOLFSSL* ssl, - byte key_name[WOLFSSL_TICKET_NAME_SZ], - byte iv[WOLFSSL_TICKET_IV_SZ], - byte mac[WOLFSSL_TICKET_MAC_SZ], - int enc, byte* ticket, int inLen, int* outLen, - void* userCtx) { - int ret; - word16 sLen = XHTONS(inLen); - byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2]; - byte* tmp = aad; - - WOLFSSL_ENTER("myTicketEncCbCompat"); - - if (ssl == NULL || key_name == NULL || iv == NULL || mac == NULL - || ticket == NULL || outLen == NULL) - return WOLFSSL_TICKET_RET_FATAL; - - (void)userCtx; - - if (enc) { - XMEMCPY(key_name, ssl->ctx->ticketCompatName, WOLFSSL_TICKET_NAME_SZ); - ret = wc_RNG_GenerateBlock(ssl->rng, iv, WOLFSSL_TICKET_IV_SZ); - if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; - } - else { - /* see if we know this key */ - if (XMEMCMP(key_name, ssl->ctx->ticketCompatName, - WOLFSSL_TICKET_NAME_SZ) != 0){ - WOLFSSL_MSG("client presented unknown ticket key name"); - return WOLFSSL_TICKET_RET_FATAL; - } - } - - /* build aad from key name, iv, and length */ - XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ); - tmp += WOLFSSL_TICKET_NAME_SZ; - XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ); - tmp += WOLFSSL_TICKET_IV_SZ; - XMEMCPY(tmp, &sLen, 2); - - /* encrypt */ - if (enc) { -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - ret = wc_ChaCha20Poly1305_Encrypt(ssl->ctx->ticketCompatKey, iv, - aad, sizeof(aad), ticket, inLen, ticket, mac); -#elif !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) - Aes aes; - ret = wc_AesInit(&aes, ssl->heap, INVALID_DEVID); - if (ret == 0) { - ret = wc_AesGcmSetKey(&aes, ssl->ctx->ticketCompatKey, AES_256_KEY_SIZE); - if (ret == 0) - ret = wc_AesGcmEncrypt(&aes, ticket, ticket, inLen, iv, - WOLFSSL_TICKET_IV_SZ, mac, AES_BLOCK_SIZE, - aad, sizeof(aad)); - wc_AesFree(&aes); - } -#else - WOLFSSL_MSG("Neither chacha20-poly1305 or aes-gcm available for " - "session ticket generation"); - return WOLFSSL_TICKET_RET_FATAL; -#endif - } - /* decrypt */ - else { -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - ret = wc_ChaCha20Poly1305_Decrypt(ssl->ctx->ticketCompatKey, iv, - aad, sizeof(aad), ticket, inLen, mac, ticket); -#elif !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) - Aes aes; - ret = wc_AesInit(&aes, ssl->heap, INVALID_DEVID); - if (ret == 0) { - ret = wc_AesGcmSetKey(&aes, ssl->ctx->ticketCompatKey, AES_256_KEY_SIZE); - if (ret == 0) - ret = wc_AesGcmDecrypt(&aes, ticket, ticket, inLen, iv, - WOLFSSL_TICKET_IV_SZ, mac, AES_BLOCK_SIZE, - aad, sizeof(aad)); - wc_AesFree(&aes); - } -#else - WOLFSSL_MSG("Neither chacha20-poly1305 or aes-gcm available for " - "session ticket decryption"); - return WOLFSSL_TICKET_RET_FATAL; -#endif - } - if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; - *outLen = inLen; /* no padding in this mode */ - - return WOLFSSL_TICKET_RET_OK; -} -#endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER && OPENSSL_EXTRA */ - /* Initialize SSL context, return 0 on success */ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) { @@ -1942,19 +1825,6 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) ctx->ticketEncCtx = (void*)&ctx->ticketKeyCtx; #endif ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT; -#ifdef OPENSSL_EXTRA - if (ret == 0) - ret = ctxInitTicket(ctx); -#if (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) \ - || (!defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AESGCM)) - /* No need for compat ticket init flag since below callback setter is - * only called when the above parameter generation has succeeded */ - if (ret == 0 && - wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCbCompat) - != WOLFSSL_SUCCESS) - ret = SESSION_SECRET_CB_E; -#endif -#endif #endif #ifdef HAVE_WOLF_EVENT @@ -2101,11 +1971,6 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) } } #endif /* WOLFSSL_STATIC_MEMORY */ -#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \ - defined(OPENSSL_EXTRA) && ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) \ - || (!defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AESGCM))) - ForceZero(ctx->ticketCompatKey, sizeof(ctx->ticketCompatKey)); -#endif } diff --git a/src/ssl.c b/src/ssl.c index f8a86bcd5..dcd950fc8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15714,12 +15714,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (ctx->mask & SSL_OP_NO_TICKET) { ctx->ticketEncCb = NULL; ctx->ticketEncCtx = NULL; - XMEMSET(ctx->ticketCompatName, 0, WOLFSSL_TICKET_NAME_SZ); -#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \ - defined(OPENSSL_EXTRA) && ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) \ - || (!defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AESGCM))) - ForceZero(ctx->ticketCompatKey, sizeof(ctx->ticketCompatKey)); -#endif WOLFSSL_MSG("\tSSL_OP_NO_TICKET"); } #endif diff --git a/tests/api.c b/tests/api.c index 6c10128dc..d3ed6e13b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2605,6 +2605,75 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd) } #endif /* WOLFSSL_SESSION_EXPORT */ + +#if defined(HAVE_SESSION_TICKET) && \ + ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) && \ + defined(OPENSSL_EXTRA) + + typedef struct openssl_key_ctx { + byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */ + byte key[AES_256_KEY_SIZE]; /* cipher key */ + byte hmacKey[WOLFSSL_TICKET_NAME_SZ]; /* hmac key */ + byte iv[WOLFSSL_TICKET_IV_SZ]; /* cipher iv */ + } openssl_key_ctx; + + static THREAD_LS_T openssl_key_ctx myOpenSSLKey_ctx; + static THREAD_LS_T WC_RNG myOpenSSLKey_rng; + + static WC_INLINE int OpenSSLTicketInit(void) + { + int ret = wc_InitRng(&myOpenSSLKey_rng); + if (ret != 0) return ret; + + ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.name, + sizeof(myOpenSSLKey_ctx.name)); + if (ret != 0) return ret; + + ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.key, + sizeof(myOpenSSLKey_ctx.key)); + if (ret != 0) return ret; + + ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.hmacKey, + sizeof(myOpenSSLKey_ctx.hmacKey)); + if (ret != 0) return ret; + + ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.iv, + sizeof(myOpenSSLKey_ctx.iv)); + if (ret != 0) return ret; + + return 0; + } + + static WC_INLINE int myTicketEncCbOpenSSL(WOLFSSL* ssl, + byte name[WOLFSSL_TICKET_NAME_SZ], + byte iv[WOLFSSL_TICKET_IV_SZ], + WOLFSSL_EVP_CIPHER_CTX *ectx, + WOLFSSL_HMAC_CTX *hctx, int enc) { + (void)ssl; + if (enc) { + XMEMCPY(name, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name)); + XMEMCPY(iv, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv)); + } + else if (XMEMCMP(name, myOpenSSLKey_ctx.name, + sizeof(myOpenSSLKey_ctx.name)) != 0 || + XMEMCMP(iv, myOpenSSLKey_ctx.iv, + sizeof(myOpenSSLKey_ctx.iv)) != 0) { + return 0; + } + HMAC_Init_ex(hctx, myOpenSSLKey_ctx.hmacKey, WOLFSSL_TICKET_NAME_SZ, EVP_sha256(), NULL); + if (enc) + EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv); + else + EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv); + return 1; + } + + static WC_INLINE void OpenSSLTicketCleanup(void) + { + wc_FreeRng(&myOpenSSLKey_rng); + } +#endif + static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; @@ -2646,12 +2715,13 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) ctx = wolfSSL_CTX_new(method); } -#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ +#if defined(HAVE_SESSION_TICKET) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) - TicketInit(); #ifdef OPENSSL_EXTRA + OpenSSLTicketInit(); wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL); -#else +#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) + TicketInit(); wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); #endif #endif @@ -2837,10 +2907,14 @@ done: wc_ecc_fp_free(); /* free per thread cache */ #endif -#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ +#if defined(HAVE_SESSION_TICKET) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) +#ifdef OPENSSL_EXTRA + OpenSSLTicketCleanup(); +#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) TicketCleanup(); #endif +#endif #ifndef WOLFSSL_TIRTOS return 0; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 5269bbd00..aebfb3a69 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2935,11 +2935,9 @@ struct WOLFSSL_CTX { #endif #endif #endif - #endif #ifdef HAVE_SUPPORTED_CURVES byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */ #endif -#endif #ifdef ATOMIC_USER CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */ CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */ diff --git a/wolfssl/test.h b/wolfssl/test.h index 6e0df1ceb..5da853e60 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -3930,71 +3930,10 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num) } + #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \ defined(HAVE_AESGCM)) - static THREAD_LS_T WC_RNG myKey_rng; - - static WC_INLINE void TicketCleanup(void) - { - wc_FreeRng(&myKey_rng); - } - -#ifdef OPENSSL_EXTRA - - typedef struct key_ctx { - byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */ - byte key[AES_256_KEY_SIZE]; /* cipher key */ - byte hmacKey[WOLFSSL_TICKET_NAME_SZ]; /* hmac key */ - byte iv[WOLFSSL_TICKET_IV_SZ]; /* cipher iv */ - } key_ctx; - - static THREAD_LS_T key_ctx myKey_ctx; - - static WC_INLINE int TicketInit(void) - { - int ret = wc_InitRng(&myKey_rng); - if (ret != 0) return ret; - - ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.name, sizeof(myKey_ctx.name)); - if (ret != 0) return ret; - - ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.key, sizeof(myKey_ctx.key)); - if (ret != 0) return ret; - - ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.hmacKey, sizeof(myKey_ctx.hmacKey)); - if (ret != 0) return ret; - - ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.iv,sizeof(myKey_ctx.iv)); - if (ret != 0) return ret; - - return 0; - } - - static WC_INLINE int myTicketEncCbOpenSSL(WOLFSSL* ssl, - byte name[WOLFSSL_TICKET_NAME_SZ], - byte iv[WOLFSSL_TICKET_IV_SZ], - WOLFSSL_EVP_CIPHER_CTX *ectx, - WOLFSSL_HMAC_CTX *hctx, int enc) { - (void)ssl; - if (enc) { - XMEMCPY(name, myKey_ctx.name, sizeof(myKey_ctx.name)); - XMEMCPY(iv, myKey_ctx.iv, sizeof(myKey_ctx.iv)); - } - else if (XMEMCMP(name, myKey_ctx.name, sizeof(myKey_ctx.name)) != 0 || - XMEMCMP(iv, myKey_ctx.iv, sizeof(myKey_ctx.iv)) != 0) { - return 0; - } - HMAC_Init_ex(hctx, myKey_ctx.hmacKey, WOLFSSL_TICKET_NAME_SZ, EVP_sha256(), NULL); - if (enc) - EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myKey_ctx.key, iv); - else - EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myKey_ctx.key, iv); - return 1; - } - -#elif ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \ - defined(HAVE_AESGCM)) #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) #include @@ -4011,6 +3950,7 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num) } key_ctx; static THREAD_LS_T key_ctx myKey_ctx; + static THREAD_LS_T WC_RNG myKey_rng; static WC_INLINE int TicketInit(void) { @@ -4026,6 +3966,11 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num) return 0; } + static WC_INLINE void TicketCleanup(void) + { + wc_FreeRng(&myKey_rng); + } + static WC_INLINE int myTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], byte iv[WOLFSSL_TICKET_IV_SZ], @@ -4123,8 +4068,9 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num) return WOLFSSL_TICKET_RET_OK; } -#endif /* OPENSSL_EXTRA elif ((HAVE_CHACHA && HAVE_POLY1305) || HAVE_AESGCM) */ -#endif /* HAVE_SESSION_TICKET */ + +#endif /* HAVE_SESSION_TICKET && ((HAVE_CHACHA && HAVE_POLY1305) || HAVE_AESGCM) */ + static WC_INLINE word16 GetRandomPort(void) {