Skip to content

Commit

Permalink
Simplify TLS 1.2 session ID logic
Browse files Browse the repository at this point in the history
Optimize entropy use. Only generate the exact amount of random data that we will actually keep.

Refactor done as part of work on ZD18822
  • Loading branch information
julek-wolfssl committed Oct 22, 2024
1 parent 846ef15 commit 2847cbf
Showing 1 changed file with 42 additions and 45 deletions.
87 changes: 42 additions & 45 deletions src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -34510,6 +34510,29 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,

#ifndef WOLFSSL_NO_TLS12

static int getSessionID(WOLFSSL* ssl)
{
int sessIdSz = 0;
(void)ssl;
#ifndef NO_SESSION_CACHE
/* if no session cache don't send a session ID */
if (!ssl->options.sessionCacheOff)
sessIdSz = ID_LEN;
#endif
#ifdef HAVE_SESSION_TICKET
/* we may be echoing an ID as part of session tickets */
if (ssl->options.useTicket) {
/* echo session id sz can be 0,32 or bogus len in between */
sessIdSz = ssl->arrays->sessionIDSz;
if (sessIdSz > ID_LEN) {
WOLFSSL_MSG("Bad bogus session id len");
return BUFFER_ERROR;
}
}
#endif /* HAVE_SESSION_TICKET */
return sessIdSz;
}

/* handle generation of server_hello (2) */
int SendServerHello(WOLFSSL* ssl)
{
Expand All @@ -34518,63 +34541,31 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
word16 length;
word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
int sendSz;
byte sessIdSz = ID_LEN;
#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET)
byte echoId = 0; /* ticket echo id flag */
#endif
byte cacheOff = 0; /* session cache off flag */
byte sessIdSz;

WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND);
WOLFSSL_ENTER("SendServerHello");

ret = getSessionID(ssl);
if (ret < 0)
return ret;
sessIdSz = (byte)ret;

length = VERSION_SZ + RAN_LEN
+ ID_LEN + ENUM_LEN
+ ENUM_LEN + sessIdSz
+ SUITE_LEN
+ ENUM_LEN;

#ifdef HAVE_TLS_EXTENSIONS
ret = TLSX_GetResponseSize(ssl, server_hello, &length);
if (ret != 0)
return ret;
#ifdef HAVE_SESSION_TICKET
if (ssl->options.useTicket) {
/* echo session id sz can be 0,32 or bogus len in between */
sessIdSz = ssl->arrays->sessionIDSz;
if (sessIdSz > ID_LEN) {
WOLFSSL_MSG("Bad bogus session id len");
return BUFFER_ERROR;
}
if (!IsAtLeastTLSv1_3(ssl->version))
length -= (ID_LEN - sessIdSz); /* adjust ID_LEN assumption */
echoId = 1;
}
#endif /* HAVE_SESSION_TICKET */
#else
if (ssl->options.haveEMS) {
length += HELLO_EXT_SZ_SZ + HELLO_EXT_SZ;
}
#endif

/* is the session cache off at build or runtime */
#ifdef NO_SESSION_CACHE
cacheOff = 1;
#else
if (ssl->options.sessionCacheOff == 1) {
cacheOff = 1;
}
#endif

/* if no session cache don't send a session ID unless we're echoing
* an ID as part of session tickets */
if (cacheOff == 1
#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET)
&& echoId == 0
#endif
) {
length -= ID_LEN; /* adjust ID_LEN assumption */
sessIdSz = 0;
}

sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
Expand Down Expand Up @@ -34605,18 +34596,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,

/* then random and session id */
if (!ssl->options.resuming) {
/* generate random part and session id */
ret = wc_RNG_GenerateBlock(ssl->rng, output + idx,
RAN_LEN + sizeof(sessIdSz) + sessIdSz);
if (ret != 0)
return ret;
word32 genRanLen = RAN_LEN;

#ifdef WOLFSSL_TLS13
if (TLSv1_3_Capable(ssl)) {
/* TLS v1.3 capable server downgraded. */
XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1),
tls13Downgrade, TLS13_DOWNGRADE_SZ);
output[idx + RAN_LEN - 1] = (byte)IsAtLeastTLSv1_2(ssl);
genRanLen -= TLS13_DOWNGRADE_SZ + 1;
}
else
#endif
Expand All @@ -34628,12 +34616,21 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1),
tls13Downgrade, TLS13_DOWNGRADE_SZ);
output[idx + RAN_LEN - 1] = 0;
genRanLen -= TLS13_DOWNGRADE_SZ + 1;
}

/* store info in SSL for later */
/* generate random part */
ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, genRanLen);
if (ret != 0)
return ret;
XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN);
idx += RAN_LEN;

/* generate session id */
output[idx++] = sessIdSz;
ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, sessIdSz);
if (ret != 0)
return ret;
XMEMCPY(ssl->arrays->sessionID, output + idx, sessIdSz);
ssl->arrays->sessionIDSz = sessIdSz;
}
Expand Down

0 comments on commit 2847cbf

Please sign in to comment.