mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adds SESSION_TICKET extension id.

Browse Source 
adds HAVE_TLS_EXTENSIONS as a dependency to HAVE_SECURE_RENEGOTIATION
reduces tlsx semaphore from 16 to 8 bytes (128 flags to 64 flags).
refactors ConvertExtType() to TLSX_ToSemaphore() for a better name and behavior. Now the overflowing flags are set backwards from the end of the flags to avoid collisions.
This commit is contained in:
Moisés Guimarães 2014-09-26 15:57:37 -03:00
parent 95585e93df
commit c340d78c93
3 changed files with 58 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cyassl/internal.h
View File

@ -1233,6 +1233,7 @@ typedef enum {
MAX_FRAGMENT_LENGTH = 0x0001,
TRUNCATED_HMAC = 0x0004,
ELLIPTIC_CURVES = 0x000a,
SESSION_TICKET = 0x0023,
SECURE_RENEGOTIATION = 0xff01
} TLSX_Type;
@ -1243,9 +1244,9 @@ typedef struct TLSX {
struct TLSX* next; /* List Behavior */
} TLSX;
CYASSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
CYASSL_LOCAL void TLSX_FreeAll(TLSX* list);
CYASSL_LOCAL int TLSX_SupportExtensions(CYASSL* ssl);
CYASSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
CYASSL_LOCAL void TLSX_FreeAll(TLSX* list);
CYASSL_LOCAL int TLSX_SupportExtensions(CYASSL* ssl);
#ifndef NO_CYASSL_CLIENT
CYASSL_LOCAL word16 TLSX_GetRequestSize(CYASSL* ssl);
@ -1259,6 +1260,16 @@ CYASSL_LOCAL word16 TLSX_WriteResponse(CYASSL* ssl, byte* output);
CYASSL_LOCAL int TLSX_Parse(CYASSL* ssl, byte* input, word16 length,
byte isRequest, Suites *suites);
#elif defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_SECURE_RENEGOTIATION)
#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
#endif /* HAVE_TLS_EXTENSIONS */
/* Server Name Indication */
#ifdef HAVE_SNI
@ -1342,7 +1353,6 @@ CYASSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions);
#endif /* HAVE_SECURE_RENEGOTIATION */
#endif /* HAVE_TLS_EXTENSIONS */
/* CyaSSL context type */
struct CYASSL_CTX {

8
src/internal.c
View File

@ -4421,7 +4421,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
}
}
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS)
#ifdef HAVE_SECURE_RENEGOTIATION
if (ssl->secure_renegotiation) {
/* save peer's state */
if (ssl->options.side == CYASSL_CLIENT_END)
@ -4431,7 +4431,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
XMEMCPY(ssl->secure_renegotiation->client_verify_data,
input + *inOutIdx, TLS_FINISHED_SZ);
}
#endif /* (HAVE_SECURE_RENEGOTIATION) && (HAVE_TLS_EXTENSIONS) */
#endif
/* force input exhaustion at ProcessReply consuming padSz */
*inOutIdx += size + ssl->keys.padSz;
@ -6784,7 +6784,7 @@ int SendFinished(CYASSL* ssl)
ssl->options.side == CYASSL_CLIENT_END ? client : server);
if (ret != 0) return ret;
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS)
#ifdef HAVE_SECURE_RENEGOTIATION
if (ssl->secure_renegotiation) {
if (ssl->options.side == CYASSL_CLIENT_END)
XMEMCPY(ssl->secure_renegotiation->client_verify_data, hashes,
@ -6793,7 +6793,7 @@ int SendFinished(CYASSL* ssl)
XMEMCPY(ssl->secure_renegotiation->server_verify_data, hashes,
TLS_FINISHED_SZ);
}
#endif /* HAVE_SECURE_RENEGOTIATION && HAVE_TLS_EXTENSIONS */
#endif
sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
handshake);

69
src/tls.c
View File

@ -704,12 +704,29 @@ int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
#ifdef HAVE_TLS_EXTENSIONS
static INLINE word16 ConvertExtType(word16 type)
{
if (type < 0x10)
return type;
/** Supports up to 64 flags. Update as needed. */
#define SEMAPHORE_SIZE 8
return 0x0a + (type & 0xFF);
static INLINE word16 TLSX_ToSemaphore(word16 type)
{
switch (type) {
case SECURE_RENEGOTIATION:
return 63;
default:
if (type > 62) {
/* This message SHOULD only happens during the adding of
new TLS extensions in which its IANA number overflows
the current semaphore's range, or if its number already
is assigned to be used by another extension.
Use this check value for the new extension and decrement
the check value by one. */
CYASSL_MSG("### TLSX semaphore colision or overflow detected!");
}
}
return type;
}
@ -718,7 +735,7 @@ static INLINE word16 ConvertExtType(word16 type)
#define TURN_ON(semaphore, light) \
((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
((semaphore)[(light) / 8] |= (byte) (0xff01 << ((light) % 8)))
static int TLSX_Push(TLSX** list, TLSX_Type type, void* data)
@ -1386,7 +1403,7 @@ static void TLSX_EllipticCurve_ValidateRequest(CYASSL* ssl, byte* semaphore)
return;
/* No elliptic curve suite found */
TURN_ON(semaphore, ConvertExtType(ELLIPTIC_CURVES));
TURN_ON(semaphore, TLSX_ToSemaphore(ELLIPTIC_CURVES));
}
static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list)
@ -1799,7 +1816,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
if (!isRequest && !extension->resp)
continue; /* skip! */
if (!IS_OFF(semaphore, ConvertExtType(extension->type)))
if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
continue; /* skip! */
/* type + data length */
@ -1827,7 +1844,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
break;
}
TURN_ON(semaphore, ConvertExtType(extension->type));
TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
}
return length;
@ -1846,7 +1863,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
if (!isRequest && !extension->resp)
continue; /* skip! */
if (!IS_OFF(semaphore, ConvertExtType(extension->type)))
if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
continue; /* skip! */
/* extension type */
@ -1869,21 +1886,21 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
/* empty extension. */
break;
case ELLIPTIC_CURVES:
offset += EC_WRITE((EllipticCurve*)extension->data,
case ELLIPTIC_CURVES:
offset += EC_WRITE((EllipticCurve*)extension->data,
output + offset);
break;
break;
case SECURE_RENEGOTIATION:
offset += SCR_WRITE((SecureRenegotiation*)extension->data,
case SECURE_RENEGOTIATION:
offset += SCR_WRITE((SecureRenegotiation*)extension->data,
output + offset, isRequest);
break;
break;
}
/* writing extension data length */
c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN);
TURN_ON(semaphore, ConvertExtType(extension->type));
TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
}
return offset;
@ -1896,7 +1913,7 @@ word16 TLSX_GetRequestSize(CYASSL* ssl)
word16 length = 0;
if (TLSX_SupportExtensions(ssl)) {
byte semaphore[16] = {0};
byte semaphore[SEMAPHORE_SIZE] = {0};
EC_VALIDATE_REQUEST(ssl, semaphore);
@ -1921,7 +1938,7 @@ word16 TLSX_WriteRequest(CYASSL* ssl, byte* output)
word16 offset = 0;
if (TLSX_SupportExtensions(ssl) && output) {
byte semaphore[16] = {0};
byte semaphore[SEMAPHORE_SIZE] = {0};
offset += OPAQUE16_LEN; /* extensions length */
@ -1969,7 +1986,7 @@ word16 TLSX_WriteRequest(CYASSL* ssl, byte* output)
word16 TLSX_GetResponseSize(CYASSL* ssl)
{
word16 length = 0;
byte semaphore[16] = {0};
byte semaphore[SEMAPHORE_SIZE] = {0};
if (TLSX_SupportExtensions(ssl))
length += TLSX_GetSize(ssl->extensions, semaphore, 0);
@ -1987,7 +2004,7 @@ word16 TLSX_WriteResponse(CYASSL *ssl, byte* output)
word16 offset = 0;
if (TLSX_SupportExtensions(ssl) && output) {
byte semaphore[16] = {0};
byte semaphore[SEMAPHORE_SIZE] = {0};
offset += OPAQUE16_LEN; /* extensions length */
@ -2089,15 +2106,9 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
/* undefining semaphore macros */
#undef IS_OFF
#undef TURN_ON
#undef SEMAPHORE_SIZE
#elif defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_SUPPORTED_CURVES)
#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
#endif /* HAVE_TLS_EXTENSIONS */
#endif
#ifndef NO_CYASSL_CLIENT