WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix rand num generation on MacOS, Improve organization with tic storage

pull/316/head
Nickolas Lapp 2016-03-11 09:50:46 -07:00
parent c8b20d9090
commit 0eb59d5c35
5 changed files with 92 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/openssl.test
View File

@ -4,8 +4,8 @@
# need a unique port since may run the same time as testsuite # need a unique port since may run the same time as testsuite
generate_port() { generate_port() {
openssl_port=`tr -cd 0-9 </dev/urandom | head -c 7` openssl_port=`LC_CTYPE=C tr -cd 0-9 </dev/urandom | head -c 7`
openssl_port=$((`tr -cd 1-9 </dev/urandom | head -c 1`$openssl_port)) openssl_port=$((`LC_CTYPE=C tr -cd 1-9 </dev/urandom | head -c 1`$openssl_port))
openssl_port=$(($openssl_port % (65535-49512))) openssl_port=$(($openssl_port % (65535-49512)))
openssl_port=$(($openssl_port + 49512)) openssl_port=$(($openssl_port + 49512))
} }

68
src/internal.c
View File

@ -2479,6 +2479,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
ssl->sessionSecretCb = NULL; ssl->sessionSecretCb = NULL;
ssl->sessionSecretCtx = NULL; ssl->sessionSecretCtx = NULL;
#endif #endif
#ifdef HAVE_SESSION_TICKET
ssl->session.ticket = ssl->session.staticTicket;
ssl->session.isDynamic = 0;
ssl->session.dynTicket = NULL;
ssl->session.ticketLen = 0;
#endif
return 0; return 0;
} }
@ -2649,8 +2656,12 @@ void SSL_ResourceFree(WOLFSSL* ssl)
FreeX509(&ssl->peerCert); FreeX509(&ssl->peerCert);
#endif #endif
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
if (ssl->session.dynTicket) if (ssl->session.dynTicket) {
XFREE(ssl->session.dynTicket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); XFREE(ssl->session.dynTicket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
ssl->session.dynTicket = NULL;
ssl->session.isDynamic = 0;
ssl->session.ticket = ssl->session.staticTicket;
}
#endif #endif
} }
@ -11353,14 +11364,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
if (ssl->options.resuming && ssl->session.ticketLen > 0) { if (ssl->options.resuming && ssl->session.ticketLen > 0) {
SessionTicket* ticket; SessionTicket* ticket;
byte* ticketData;
ticketData = ssl->session.isDynamic ?
ssl->session.dynTicket :
ssl->session.ticket;
ticket = TLSX_SessionTicket_Create(0, ticket = TLSX_SessionTicket_Create(0,
ticketData, ssl->session.ticketLen); ssl->session.ticket, ssl->session.ticketLen);
if (ticket == NULL) return MEMORY_E; if (ticket == NULL) return MEMORY_E;
ret = TLSX_UseSessionTicket(&ssl->extensions, ticket); ret = TLSX_UseSessionTicket(&ssl->extensions, ticket);
@ -14294,15 +14300,30 @@ int DoSessionTicket(WOLFSSL* ssl,
ato16(input + *inOutIdx, &length); ato16(input + *inOutIdx, &length);
*inOutIdx += OPAQUE16_LEN; *inOutIdx += OPAQUE16_LEN;
if (length > sizeof(ssl->session.ticket)) { if (length > sizeof(ssl->session.staticTicket)) {
ssl->session.isDynamic = 1; /* Free old dynamic ticket if we already had one */
if (ssl->session.dynTicket) {
ssl->session.dynTicket = (byte*)XMALLOC( XFREE(ssl->session.dynTicket, ssl->heap,
length, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
DYNAMIC_TYPE_SESSION_TICK);
if (ssl->session.dynTicket == NULL) {
return MEMORY_E;
} }
ssl->session.dynTicket =
(byte*)XMALLOC(length, ssl->heap,
DYNAMIC_TYPE_SESSION_TICK);
if (ssl->session.dynTicket == NULL)
return MEMORY_E;
ssl->session.isDynamic = 1;
ssl->session.ticket = ssl->session.dynTicket;
} else {
if(ssl->session.dynTicket) {
XFREE(ssl->session.dynTicket, ssl->heap,
DYNAMIC_TYPE_SESSION_TICK);
ssl->session.dynTicket = NULL;
}
ssl->session.isDynamic = 0;
ssl->session.ticket = ssl->session.staticTicket;
} }
if ((*inOutIdx - begin) + length > size) if ((*inOutIdx - begin) + length > size)
@ -14311,11 +14332,7 @@ int DoSessionTicket(WOLFSSL* ssl,
/* If the received ticket including its length is greater than /* If the received ticket including its length is greater than
* a length value, the save it. Otherwise, don't save it. */ * a length value, the save it. Otherwise, don't save it. */
if (length > 0) { if (length > 0) {
if (ssl->session.isDynamic) XMEMCPY(ssl->session.ticket, input + *inOutIdx, length);
XMEMCPY(ssl->session.dynTicket, input + *inOutIdx, length);
else
XMEMCPY(ssl->session.ticket, input + *inOutIdx, length);
*inOutIdx += length; *inOutIdx += length;
ssl->session.ticketLen = length; ssl->session.ticketLen = length;
ssl->timeout = lifetime; ssl->timeout = lifetime;
@ -14326,12 +14343,7 @@ int DoSessionTicket(WOLFSSL* ssl,
} }
/* Create a fake sessionID based on the ticket, this will /* Create a fake sessionID based on the ticket, this will
* supercede the existing session cache info. */ * supercede the existing session cache info. */
ssl->options.haveSessionId = 1; ssl->options.haveSessionId = 1;
if (ssl->session.isDynamic)
XMEMCPY(ssl->arrays->sessionID,
ssl->session.dynTicket + length - ID_LEN, ID_LEN);
else
XMEMCPY(ssl->arrays->sessionID, XMEMCPY(ssl->arrays->sessionID,
ssl->session.ticket + length - ID_LEN, ID_LEN); ssl->session.ticket + length - ID_LEN, ID_LEN);
#ifndef NO_SESSION_CACHE #ifndef NO_SESSION_CACHE
@ -16644,9 +16656,7 @@ int DoSessionTicket(WOLFSSL* ssl,
static int CreateTicket(WOLFSSL* ssl) static int CreateTicket(WOLFSSL* ssl)
{ {
InternalTicket it; InternalTicket it;
ExternalTicket* et = ssl->session.isDynamic ? ExternalTicket* et = (ExternalTicket*)ssl->session.ticket;
(ExternalTicket*)ssl->session.dynTicket :
(ExternalTicket*)ssl->session.ticket;
int encLen; int encLen;
int ret; int ret;
byte zeros[WOLFSSL_TICKET_MAC_SZ]; /* biggest cmp size */ byte zeros[WOLFSSL_TICKET_MAC_SZ]; /* biggest cmp size */

79
src/ssl.c
View File

@ -1251,10 +1251,7 @@ WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (ssl->session.ticketLen <= *bufSz) { if (ssl->session.ticketLen <= *bufSz) {
if (ssl->session.isDynamic) XMEMCPY(buf, ssl->session.ticket, ssl->session.ticketLen);
XMEMCPY(buf, ssl->session.dynTicket, ssl->session.ticketLen);
else
XMEMCPY(buf, ssl->session.ticket, ssl->session.ticketLen);
*bufSz = ssl->session.ticketLen; *bufSz = ssl->session.ticketLen;
} }
else else
@ -1268,15 +1265,19 @@ WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz)
if (ssl == NULL || (buf == NULL && bufSz > 0) || bufSz > SESSION_TICKET_LEN) if (ssl == NULL || (buf == NULL && bufSz > 0) || bufSz > SESSION_TICKET_LEN)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (bufSz > 0) ssl->session.ticket = ssl->session.staticTicket;
XMEMCPY(ssl->session.ticket, buf, bufSz);
ssl->session.ticketLen = (word16)bufSz; ssl->session.ticketLen = (word16)bufSz;
/* session ticket should only be size of static buffer. Delete dynamic buffer*/ if (bufSz > 0) {
if (ssl->session.isDynamic) { XMEMCPY(ssl->session.ticket, buf, bufSz);
XFREE(ssl->session.dynTicket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
ssl->session.isDynamic = 0;
} }
/* session ticket should only be size of static buffer. Delete dynamic buffer*/
if (ssl->session.dynTicket) {
XFREE(ssl->session.dynTicket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
ssl->session.dynTicket = NULL;
}
ssl->session.isDynamic = 0;
return SSL_SUCCESS; return SSL_SUCCESS;
} }
@ -7039,6 +7040,9 @@ int AddSession(WOLFSSL* ssl)
{ {
word32 row, idx; word32 row, idx;
int error = 0; int error = 0;
#ifdef HAVE_SESSION_TICKET
byte* tmpBuff = NULL;
#endif
if (ssl->options.sessionCacheOff) if (ssl->options.sessionCacheOff)
return 0; return 0;
@ -7057,8 +7061,22 @@ int AddSession(WOLFSSL* ssl)
return error; return error;
} }
if (LockMutex(&session_mutex) != 0) #ifdef HAVE_SESSION_TICKET
/* Alloc Memory here so if Malloc fails can exit outside of lock */
if(ssl->session.ticketLen > SESSION_TICKET_LEN) {
tmpBuff = XMALLOC(ssl->session.ticketLen, ssl->heap,
DYNAMIC_TYPE_SESSION_TICK);
if(!tmpBuff)
return MEMORY_E;
}
#endif
if (LockMutex(&session_mutex) != 0) {
#ifdef HAVE_SESSION_TICKET
XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
#endif
return BAD_MUTEX_E; return BAD_MUTEX_E;
}
idx = SessionCache[row].nextIdx++; idx = SessionCache[row].nextIdx++;
#ifdef SESSION_INDEX #ifdef SESSION_INDEX
@ -7075,29 +7093,28 @@ int AddSession(WOLFSSL* ssl)
SessionCache[row].Sessions[idx].bornOn = LowResTimer(); SessionCache[row].Sessions[idx].bornOn = LowResTimer();
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
if (ssl->session.isDynamic) { /* Cleanup cache row's old Dynamic buff if exists */
if (!SessionCache[row].Sessions[idx].dynTicket) { if(SessionCache[row].Sessions[idx].dynTicket) {
SessionCache[row].Sessions[idx].dynTicket = XMALLOC( XFREE(SessionCache[row].Sessions[idx].dynTicket,
ssl->session.ticketLen, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); ssl->heap, DYNAMIC_TYPE_SESS_TICK);
if (!SessionCache[row].Sessions[idx].dynTicket) }
return MEMORY_E;
} else if (SessionCache[row].Sessions[idx].ticketLen < ssl->session.ticketLen) { /* If too large to store in static buffer, use dyn buffer */
XFREE(SessionCache[row].Sessions[idx].dynTicket, if (ssl->session.ticketLen > SESSION_TICKET_LEN) {
ssl->heap, DYNAMIC_TYPE_SESS_TICK); SessionCache[row].Sessions[idx].dynTicket = tmpBuff;
SessionCache[row].Sessions[idx].dynTicket = XMALLOC(
ssl->session.ticketLen, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
if (!SessionCache[row].Sessions[idx].dynTicket)
return MEMORY_E;
}
XMEMCPY(SessionCache[row].Sessions[idx].dynTicket,
ssl->session.dynTicket, ssl->session.ticketLen);
SessionCache[row].Sessions[idx].isDynamic = 1; SessionCache[row].Sessions[idx].isDynamic = 1;
SessionCache[row].Sessions[idx].ticket =
SessionCache[row].Sessions[idx].dynTicket;
} else {
SessionCache[row].Sessions[idx].dynTicket = NULL;
SessionCache[row].Sessions[idx].isDynamic = 0;
SessionCache[row].Sessions[idx].ticket =
SessionCache[row].Sessions[idx].staticTicket;
} }
else {
XMEMCPY(SessionCache[row].Sessions[idx].ticket,
ssl->session.ticket, ssl->session.ticketLen);
}
SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen; SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen;
XMEMCPY(SessionCache[row].Sessions[idx].ticket,
ssl->session.ticket, ssl->session.ticketLen);
#endif #endif
#ifdef SESSION_CERTS #ifdef SESSION_CERTS

1
src/tls.c
View File

@ -3866,7 +3866,6 @@ void TLSX_FreeAll(TLSX* list)
break; break;
case TLSX_SESSION_TICKET: case TLSX_SESSION_TICKET:
/* Nothing to do. */
STK_FREE(extension->data); STK_FREE(extension->data);
break; break;

5
wolfssl/internal.h
View File

@ -2181,9 +2181,10 @@ struct WOLFSSL_SESSION {
#endif #endif
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
word16 ticketLen; word16 ticketLen;
byte *dynTicket; byte* dynTicket;
byte isDynamic; byte isDynamic;
byte ticket[SESSION_TICKET_LEN]; byte staticTicket[SESSION_TICKET_LEN];
byte* ticket;
#endif #endif
#ifdef HAVE_STUNNEL #ifdef HAVE_STUNNEL
void* ex_data[MAX_EX_DATA]; void* ex_data[MAX_EX_DATA];