#include "sslCrypto.h"
#include "sslDebug.h"
#include "sslMemory.h"
-#include "appleSession.h"
#include <Security/SecCertificate.h>
#include <Security/SecCertificatePriv.h>
#include "utilities/SecCFRelease.h"
+#include <tls_helpers.h>
+#include <tls_cache.h>
static
int tls_handshake_write_callback(tls_handshake_ctx_t ctx, const SSLBuffer data, uint8_t content_type)
// Need to call this here, in case SetCertificate was already called.
myCtx->clientCertState = kSSLClientCertRequested;
myCtx->clientAuthTypes = tls_handshake_get_peer_acceptable_client_auth_type(myCtx->hdsk, &myCtx->numAuthTypes);
- SSLUpdateNegotiatedClientAuthType(myCtx);
- if (myCtx->breakOnCertRequest && (myCtx->localCert==NULL)) {
+ if (myCtx->breakOnCertRequest && (myCtx->localCertArray==NULL)) {
myCtx->signalCertRequest = true;
err = errSSLClientCertRequested;
}
case tls_handshake_message_server_hello:
myCtx->serverHelloReceived = true;
alpn_data = tls_handshake_get_peer_alpn_data(myCtx->hdsk);
- if(alpn_data) {
+ if (alpn_data && myCtx->alpnFunc != NULL) {
myCtx->alpnFunc(myCtx, myCtx->alpnFuncInfo, alpn_data->data, alpn_data->length);
} else {
npn_data = tls_handshake_get_peer_npn_data(myCtx->hdsk);
case tls_handshake_message_certificate:
/* For clients, we only check the cert when we receive the ServerHelloDone message.
For servers, we check the client's cert right here. For both we set the public key */
- err = tls_set_peer_pubkey(myCtx);
+ err = tls_helper_set_peer_pubkey(myCtx->hdsk);
if(!err && (myCtx->protocolSide == kSSLServerSide)) {
err = tls_verify_peer_cert(myCtx);
}
return myCtx->recFuncs->setProtocolVersion(myCtx->recCtx, protocolVersion);
}
+static int
+_buildConfigurationSpecificSessionCacheKey(SSLContext *myCtx, SSLBuffer *sessionKey, SSLBuffer *outputBuffer)
+{
+ SSLBuffer configurationBuffer;
+ configurationBuffer.data = NULL;
+ configurationBuffer.length = 0;
+ int err = SSLGetSessionConfigurationIdentifier(myCtx, &configurationBuffer);
+ if (err != errSecSuccess) {
+ return err;
+ }
+
+ outputBuffer->length = configurationBuffer.length + sessionKey->length;
+ outputBuffer->data = (uint8_t *) malloc(outputBuffer->length);
+ if (outputBuffer->data == NULL) {
+ free(configurationBuffer.data);
+ return errSecAllocate;
+ }
+
+ memcpy(outputBuffer->data, configurationBuffer.data, configurationBuffer.length);
+ memcpy(outputBuffer->data + configurationBuffer.length, sessionKey->data, sessionKey->length);
+
+ free(configurationBuffer.data);
+
+ return errSecSuccess;
+}
+
static int
tls_handshake_save_session_data_callback(tls_handshake_ctx_t ctx, SSLBuffer sessionKey, SSLBuffer sessionData)
{
+ int err = errSSLSessionNotFound;
SSLContext *myCtx = (SSLContext *)ctx;
- sslDebugLog("%s: %p, key len=%zd, k[0]=%02x, data len=%zd\n", __FUNCTION__, myCtx, sessionKey.length, sessionKey.data[0], sessionData.length);
- return sslAddSession(sessionKey, sessionData, myCtx->sessionCacheTimeout);
+
+ if (myCtx->cache == NULL) {
+ return errSSLSessionNotFound;
+ }
+
+ SSLBuffer configurationSpecificKey;
+ configurationSpecificKey.data = NULL;
+ configurationSpecificKey.length = 0;
+ err = _buildConfigurationSpecificSessionCacheKey(myCtx, &sessionKey, &configurationSpecificKey);
+ if (err != errSecSuccess) {
+ return err;
+ }
+
+ sslDebugLog("%s: %p, key len=%zd, k[0]=%02x, data len=%zd\n", __FUNCTION__, myCtx, configurationSpecificKey.length, configurationSpecificKey.data[0], sessionData.length);
+
+ err = tls_cache_save_session_data(myCtx->cache, &configurationSpecificKey, &sessionData, myCtx->sessionCacheTimeout);
+
+ free(configurationSpecificKey.data);
+
+ return err;
}
static int
tls_handshake_load_session_data_callback(tls_handshake_ctx_t ctx, SSLBuffer sessionKey, SSLBuffer *sessionData)
{
SSLContext *myCtx = (SSLContext *)ctx;
- int err;
+ int err = errSSLSessionNotFound;
SSLFreeBuffer(&myCtx->resumableSession);
- err = sslCopySession(sessionKey, &myCtx->resumableSession);
+ if (myCtx->cache == NULL) {
+ return errSSLSessionNotFound;
+ }
- sslDebugLog("%p, key len=%zd, data len=%zd, err=%d\n", ctx, sessionKey.length, sessionData->length, err);
+ SSLBuffer configurationSpecificKey;
+ configurationSpecificKey.data = NULL;
+ configurationSpecificKey.length = 0;
+ err = _buildConfigurationSpecificSessionCacheKey(myCtx, &sessionKey, &configurationSpecificKey);
+ if (err != errSecSuccess) {
+ return err;
+ }
+ err = tls_cache_load_session_data(myCtx->cache, &configurationSpecificKey, &myCtx->resumableSession);
+ sslDebugLog("%p, key len=%zd, data len=%zd, err=%d\n", ctx, configurationSpecificKey.length, sessionData->length, err);
*sessionData = myCtx->resumableSession;
+ free(configurationSpecificKey.data);
+
return err;
}
static int
tls_handshake_delete_session_data_callback(tls_handshake_ctx_t ctx, SSLBuffer sessionKey)
{
+ int err = errSSLSessionNotFound;
+ SSLContext *myCtx = (SSLContext *)ctx;
+
sslDebugLog("%p, key len=%zd k[0]=%02x\n", ctx, sessionKey.length, sessionKey.data[0]);
- return sslDeleteSession(sessionKey);
+ if(myCtx->cache) {
+ err = tls_cache_delete_session_data(myCtx->cache, &sessionKey);
+ }
+ return err;
}
static int
tls_handshake_delete_all_sessions_callback(tls_handshake_ctx_t ctx)
{
+ SSLContext *myCtx = (SSLContext *)ctx;
sslDebugLog("%p\n", ctx);
- return sslCleanupSession();
+ if(myCtx->cache) {
+ tls_cache_empty(myCtx->cache);
+ }
+ return 0;
}
tls_handshake_callbacks_t tls_handshake_callbacks = {
.advance_read_cipher = tls_handshake_advance_read_cipher_callback,
.set_protocol_version = tls_handshake_set_protocol_version_callback,
};
-
-
projects / apple / security.git / blobdiff