1. Fixed encoding of session ticket hello extension.
2. Session tickets used as alternative resumption.
This commit is contained in:
parent
9dbc1d2d00
commit
80a474ebad
@ -1655,8 +1655,6 @@ struct CYASSL_SESSION {
|
||||
word16 idLen; /* serverID length */
|
||||
#endif
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
word32 ticketBornOn; /* create time in seconds */
|
||||
word32 ticketTimeout; /* timeout in seconds */
|
||||
byte ticket[SESSION_TICKET_LEN];
|
||||
word16 ticketLen;
|
||||
#endif
|
||||
|
@ -1721,6 +1721,10 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
||||
ssl->session.idLen = 0;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
ssl->session.ticketLen = 0;
|
||||
#endif
|
||||
|
||||
ssl->cipher.ssl = ssl;
|
||||
|
||||
#ifdef FORTRESS
|
||||
@ -8731,6 +8735,21 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
||||
return SUITES_ERROR;
|
||||
}
|
||||
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
if (ssl->session.ticketLen > 0) {
|
||||
SessionTicket* ticket;
|
||||
|
||||
ticket = TLSX_SessionTicket_Create(0,
|
||||
ssl->session.ticket, ssl->session.ticketLen);
|
||||
if (ticket == NULL) return MEMORY_E;
|
||||
|
||||
ret = TLSX_UseSessionTicket(&ssl->extensions, ticket);
|
||||
if (ret != SSL_SUCCESS) return ret;
|
||||
|
||||
idSz = 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
length = VERSION_SZ + RAN_LEN
|
||||
+ idSz + ENUM_LEN
|
||||
+ ssl->suites->suiteSz + SUITE_LEN
|
||||
@ -8931,6 +8950,22 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
||||
}
|
||||
|
||||
|
||||
static INLINE int DSH_CheckSessionId(CYASSL* ssl)
|
||||
{
|
||||
int ret;
|
||||
|
||||
#ifndef HAVE_SESSION_TICKET
|
||||
ret = (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
|
||||
ssl->session.sessionID, ID_LEN) == 0);
|
||||
#else
|
||||
ret = (ssl->session.ticketLen > 0) ||
|
||||
(ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
|
||||
ssl->session.sessionID, ID_LEN) == 0);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
|
||||
word32 helloSz)
|
||||
{
|
||||
@ -9080,8 +9115,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
||||
}
|
||||
|
||||
if (ssl->options.resuming) {
|
||||
if (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
|
||||
ssl->session.sessionID, ID_LEN) == 0) {
|
||||
if (DSH_CheckSessionId(ssl)) {
|
||||
if (SetCipherSpecs(ssl) == 0) {
|
||||
int ret = -1;
|
||||
|
||||
@ -10388,7 +10422,6 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
||||
}
|
||||
#endif /* NO_CERTS */
|
||||
|
||||
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
int DoSessionTicket(CYASSL* ssl,
|
||||
const byte* input, word32* inOutIdx, word32 size)
|
||||
@ -10415,17 +10448,25 @@ int DoSessionTicket(CYASSL* ssl,
|
||||
if ((*inOutIdx - begin) + length > size)
|
||||
return BUFFER_ERROR;
|
||||
|
||||
/* If the received ticket including its length is greater than
|
||||
* a length value, the save it. Otherwise, don't save it. */
|
||||
if (length > 0) {
|
||||
XMEMCPY(ssl->session.ticket, input + *inOutIdx, length);
|
||||
*inOutIdx += length;
|
||||
ssl->session.ticketLen = length;
|
||||
ssl->session.ticketTimeout = lifetime;
|
||||
ssl->session.ticketBornOn = LowResTimer();
|
||||
ssl->timeout = lifetime;
|
||||
/* Create a fake sessionID based on the ticket, this will
|
||||
* supercede the existing session cache info. */
|
||||
ssl->options.haveSessionId = 1;
|
||||
XMEMCPY(ssl->arrays->sessionID,
|
||||
ssl->session.ticket + length - ID_LEN, ID_LEN);
|
||||
#ifndef NO_SESSION_CACHE
|
||||
AddSession(ssl);
|
||||
#endif
|
||||
|
||||
}
|
||||
else {
|
||||
ssl->session.ticketLen = 0;
|
||||
ssl->session.ticketTimeout = 0;
|
||||
ssl->session.ticketBornOn = 0;
|
||||
}
|
||||
|
||||
return BuildFinished(ssl, &ssl->verifyHashes, server);
|
||||
|
@ -5620,6 +5620,12 @@ int AddSession(CYASSL* ssl)
|
||||
SessionCache[row].Sessions[idx].timeout = ssl->timeout;
|
||||
SessionCache[row].Sessions[idx].bornOn = LowResTimer();
|
||||
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen;
|
||||
XMEMCPY(SessionCache[row].Sessions[idx].ticket,
|
||||
ssl->session.ticket, ssl->session.ticketLen);
|
||||
#endif
|
||||
|
||||
#ifdef SESSION_CERTS
|
||||
SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count;
|
||||
XMEMCPY(SessionCache[row].Sessions[idx].chain.certs,
|
||||
|
@ -1778,19 +1778,15 @@ static void TLSX_SessionTicket_ValidateRequest(CYASSL* ssl)
|
||||
|
||||
static byte TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
|
||||
{
|
||||
return isRequest && ticket ? OPAQUE16_LEN + ticket->size : 0;
|
||||
return isRequest && ticket ? ticket->size : 0;
|
||||
}
|
||||
|
||||
|
||||
static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
|
||||
int isRequest)
|
||||
{
|
||||
int offset = 0; /* empty ticket */
|
||||
|
||||
if (isRequest && ticket) {
|
||||
c16toa(ticket->size, output + offset);
|
||||
offset += OPAQUE16_LEN;
|
||||
|
||||
XMEMCPY(output + offset, ticket->data, ticket->size);
|
||||
offset += ticket->size;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user