Added check for expected session ticket

This commit is contained in:
John Safranek 2014-10-04 12:41:51 -07:00
parent b95b2a8463
commit 954740e2a8
3 changed files with 26 additions and 2 deletions

View File

@ -127,7 +127,8 @@ enum CyaSSL_ErrorCodes {
/* end negotiation parameter errors only 10 for now */
/* add strings to SetErrorString !!!!! */
SESSION_TICKET_LEN_E = -392 /* Session Ticket too large */
SESSION_TICKET_LEN_E = -392, /* Session Ticket too large */
SESSION_TICKET_EXPECT_E = -393 /* Session Ticket missing */
};

View File

@ -685,7 +685,6 @@ enum Misc {
COMP_LEN = 1, /* compression length */
CURVE_LEN = 2, /* ecc named curve length */
SERVER_ID_LEN = 20, /* server session id length */
SESSION_TICKET_LEN = 256, /* Session ticket length */
HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
RECORD_HEADER_SZ = 5, /* type + version + len(2) */
@ -813,6 +812,10 @@ enum Misc {
#define MAX_CHAIN_DEPTH 9
#endif
#ifndef SESSION_TICKET_LEN
#define SESSION_TICKET_LEN 256
#endif
/* don't use extra 3/4k stack space unless need to */
#ifdef HAVE_NTRU

View File

@ -6323,6 +6323,14 @@ int ProcessReply(CYASSL* ssl)
}
#endif
#ifdef HAVE_SESSION_TICKET
if (ssl->options.side == CYASSL_CLIENT_END &&
ssl->expect_session_ticket) {
CYASSL_MSG("Expected session ticket missing");
return SESSION_TICKET_EXPECT_E;
}
#endif
if (ssl->keys.encryptionOn && ssl->options.handShakeDone) {
ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
ssl->curSize -= ssl->buffers.inputBuffer.idx;
@ -7678,9 +7686,14 @@ const char* CyaSSL_ERR_reason_error_string(unsigned long e)
case SECURE_RENEGOTIATION_E:
return "Invalid Renegotiation Error";
#ifdef HAVE_SESSION_TICKET
case SESSION_TICKET_LEN_E:
return "Session Ticket Too Long Error";
case SESSION_TICKET_EXPECT_E:
return "Session Ticket Error";
#endif
default :
return "unknown error number";
}
@ -10445,6 +10458,11 @@ int DoSessionTicket(CYASSL* ssl,
word32 lifetime;
word16 length;
if (ssl->expect_session_ticket == 0) {
CYASSL_MSG("Unexpected session ticket");
return SESSION_TICKET_EXPECT_E;
}
if ((*inOutIdx - begin) + OPAQUE32_LEN > size)
return BUFFER_ERROR;
@ -10488,6 +10506,8 @@ int DoSessionTicket(CYASSL* ssl,
*inOutIdx += ssl->keys.padSz;
}
ssl->expect_session_ticket = 0;
return BuildFinished(ssl, &ssl->verifyHashes, server);
}
#endif /* HAVE_SESSION_TICKET */