Added check for expected session ticket
This commit is contained in:
parent
b95b2a8463
commit
954740e2a8
@ -127,7 +127,8 @@ enum CyaSSL_ErrorCodes {
|
||||
/* end negotiation parameter errors only 10 for now */
|
||||
/* add strings to SetErrorString !!!!! */
|
||||
|
||||
SESSION_TICKET_LEN_E = -392 /* Session Ticket too large */
|
||||
SESSION_TICKET_LEN_E = -392, /* Session Ticket too large */
|
||||
SESSION_TICKET_EXPECT_E = -393 /* Session Ticket missing */
|
||||
};
|
||||
|
||||
|
||||
|
@ -685,7 +685,6 @@ enum Misc {
|
||||
COMP_LEN = 1, /* compression length */
|
||||
CURVE_LEN = 2, /* ecc named curve length */
|
||||
SERVER_ID_LEN = 20, /* server session id length */
|
||||
SESSION_TICKET_LEN = 256, /* Session ticket length */
|
||||
|
||||
HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
|
||||
RECORD_HEADER_SZ = 5, /* type + version + len(2) */
|
||||
@ -813,6 +812,10 @@ enum Misc {
|
||||
#define MAX_CHAIN_DEPTH 9
|
||||
#endif
|
||||
|
||||
#ifndef SESSION_TICKET_LEN
|
||||
#define SESSION_TICKET_LEN 256
|
||||
#endif
|
||||
|
||||
|
||||
/* don't use extra 3/4k stack space unless need to */
|
||||
#ifdef HAVE_NTRU
|
||||
|
@ -6323,6 +6323,14 @@ int ProcessReply(CYASSL* ssl)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
if (ssl->options.side == CYASSL_CLIENT_END &&
|
||||
ssl->expect_session_ticket) {
|
||||
CYASSL_MSG("Expected session ticket missing");
|
||||
return SESSION_TICKET_EXPECT_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ssl->keys.encryptionOn && ssl->options.handShakeDone) {
|
||||
ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
|
||||
ssl->curSize -= ssl->buffers.inputBuffer.idx;
|
||||
@ -7678,9 +7686,14 @@ const char* CyaSSL_ERR_reason_error_string(unsigned long e)
|
||||
case SECURE_RENEGOTIATION_E:
|
||||
return "Invalid Renegotiation Error";
|
||||
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
case SESSION_TICKET_LEN_E:
|
||||
return "Session Ticket Too Long Error";
|
||||
|
||||
case SESSION_TICKET_EXPECT_E:
|
||||
return "Session Ticket Error";
|
||||
#endif
|
||||
|
||||
default :
|
||||
return "unknown error number";
|
||||
}
|
||||
@ -10445,6 +10458,11 @@ int DoSessionTicket(CYASSL* ssl,
|
||||
word32 lifetime;
|
||||
word16 length;
|
||||
|
||||
if (ssl->expect_session_ticket == 0) {
|
||||
CYASSL_MSG("Unexpected session ticket");
|
||||
return SESSION_TICKET_EXPECT_E;
|
||||
}
|
||||
|
||||
if ((*inOutIdx - begin) + OPAQUE32_LEN > size)
|
||||
return BUFFER_ERROR;
|
||||
|
||||
@ -10488,6 +10506,8 @@ int DoSessionTicket(CYASSL* ssl,
|
||||
*inOutIdx += ssl->keys.padSz;
|
||||
}
|
||||
|
||||
ssl->expect_session_ticket = 0;
|
||||
|
||||
return BuildFinished(ssl, &ssl->verifyHashes, server);
|
||||
}
|
||||
#endif /* HAVE_SESSION_TICKET */
|
||||
|
Loading…
Reference in New Issue
Block a user