1. Fixed encoding of session ticket hello extension.

2. Session tickets used as alternative resumption.
This commit is contained in:
John Safranek 2014-10-03 13:19:59 -07:00
parent 9dbc1d2d00
commit 80a474ebad
4 changed files with 55 additions and 14 deletions

View File

@ -1655,8 +1655,6 @@ struct CYASSL_SESSION {
word16 idLen; /* serverID length */
#endif
#ifdef HAVE_SESSION_TICKET
word32 ticketBornOn; /* create time in seconds */
word32 ticketTimeout; /* timeout in seconds */
byte ticket[SESSION_TICKET_LEN];
word16 ticketLen;
#endif

View File

@ -1721,6 +1721,10 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ssl->session.idLen = 0;
#endif
#ifdef HAVE_SESSION_TICKET
ssl->session.ticketLen = 0;
#endif
ssl->cipher.ssl = ssl;
#ifdef FORTRESS
@ -8731,6 +8735,21 @@ static void PickHashSigAlgo(CYASSL* ssl,
return SUITES_ERROR;
}
#ifdef HAVE_SESSION_TICKET
if (ssl->session.ticketLen > 0) {
SessionTicket* ticket;
ticket = TLSX_SessionTicket_Create(0,
ssl->session.ticket, ssl->session.ticketLen);
if (ticket == NULL) return MEMORY_E;
ret = TLSX_UseSessionTicket(&ssl->extensions, ticket);
if (ret != SSL_SUCCESS) return ret;
idSz = 0;
}
#endif
length = VERSION_SZ + RAN_LEN
+ idSz + ENUM_LEN
+ ssl->suites->suiteSz + SUITE_LEN
@ -8931,6 +8950,22 @@ static void PickHashSigAlgo(CYASSL* ssl,
}
static INLINE int DSH_CheckSessionId(CYASSL* ssl)
{
int ret;
#ifndef HAVE_SESSION_TICKET
ret = (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
ssl->session.sessionID, ID_LEN) == 0);
#else
ret = (ssl->session.ticketLen > 0) ||
(ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
ssl->session.sessionID, ID_LEN) == 0);
#endif
return ret;
}
static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
word32 helloSz)
{
@ -9080,8 +9115,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
}
if (ssl->options.resuming) {
if (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
ssl->session.sessionID, ID_LEN) == 0) {
if (DSH_CheckSessionId(ssl)) {
if (SetCipherSpecs(ssl) == 0) {
int ret = -1;
@ -10388,7 +10422,6 @@ static void PickHashSigAlgo(CYASSL* ssl,
}
#endif /* NO_CERTS */
#ifdef HAVE_SESSION_TICKET
int DoSessionTicket(CYASSL* ssl,
const byte* input, word32* inOutIdx, word32 size)
@ -10415,17 +10448,25 @@ int DoSessionTicket(CYASSL* ssl,
if ((*inOutIdx - begin) + length > size)
return BUFFER_ERROR;
/* If the received ticket including its length is greater than
* a length value, the save it. Otherwise, don't save it. */
if (length > 0) {
XMEMCPY(ssl->session.ticket, input + *inOutIdx, length);
*inOutIdx += length;
ssl->session.ticketLen = length;
ssl->session.ticketTimeout = lifetime;
ssl->session.ticketBornOn = LowResTimer();
ssl->timeout = lifetime;
/* Create a fake sessionID based on the ticket, this will
* supercede the existing session cache info. */
ssl->options.haveSessionId = 1;
XMEMCPY(ssl->arrays->sessionID,
ssl->session.ticket + length - ID_LEN, ID_LEN);
#ifndef NO_SESSION_CACHE
AddSession(ssl);
#endif
}
else {
ssl->session.ticketLen = 0;
ssl->session.ticketTimeout = 0;
ssl->session.ticketBornOn = 0;
}
return BuildFinished(ssl, &ssl->verifyHashes, server);

View File

@ -5620,6 +5620,12 @@ int AddSession(CYASSL* ssl)
SessionCache[row].Sessions[idx].timeout = ssl->timeout;
SessionCache[row].Sessions[idx].bornOn = LowResTimer();
#ifdef HAVE_SESSION_TICKET
SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen;
XMEMCPY(SessionCache[row].Sessions[idx].ticket,
ssl->session.ticket, ssl->session.ticketLen);
#endif
#ifdef SESSION_CERTS
SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count;
XMEMCPY(SessionCache[row].Sessions[idx].chain.certs,

View File

@ -1778,19 +1778,15 @@ static void TLSX_SessionTicket_ValidateRequest(CYASSL* ssl)
static byte TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
{
return isRequest && ticket ? OPAQUE16_LEN + ticket->size : 0;
return isRequest && ticket ? ticket->size : 0;
}
static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
int isRequest)
{
int offset = 0; /* empty ticket */
if (isRequest && ticket) {
c16toa(ticket->size, output + offset);
offset += OPAQUE16_LEN;
XMEMCPY(output + offset, ticket->data, ticket->size);
offset += ticket->size;
}