Import latest version of yaSSL

parent 09a36146
This diff is collapsed.
...@@ -626,6 +626,7 @@ struct Connection { ...@@ -626,6 +626,7 @@ struct Connection {
bool send_server_key_; // server key exchange? bool send_server_key_; // server key exchange?
bool master_clean_; // master secret clean? bool master_clean_; // master secret clean?
bool TLS_; // TLSv1 or greater bool TLS_; // TLSv1 or greater
bool sessionID_Set_; // do we have a session
ProtocolVersion version_; ProtocolVersion version_;
RandomPool& random_; RandomPool& random_;
......
...@@ -1172,7 +1172,8 @@ input_buffer& operator>>(input_buffer& input, ServerHello& hello) ...@@ -1172,7 +1172,8 @@ input_buffer& operator>>(input_buffer& input, ServerHello& hello)
// Session // Session
hello.id_len_ = input[AUTO]; hello.id_len_ = input[AUTO];
input.read(hello.session_id_, ID_LEN); if (hello.id_len_)
input.read(hello.session_id_, hello.id_len_);
// Suites // Suites
hello.cipher_suite_[0] = input[AUTO]; hello.cipher_suite_[0] = input[AUTO];
...@@ -1215,7 +1216,10 @@ void ServerHello::Process(input_buffer&, SSL& ssl) ...@@ -1215,7 +1216,10 @@ void ServerHello::Process(input_buffer&, SSL& ssl)
{ {
ssl.set_pending(cipher_suite_[1]); ssl.set_pending(cipher_suite_[1]);
ssl.set_random(random_, server_end); ssl.set_random(random_, server_end);
if (id_len_)
ssl.set_sessionID(session_id_); ssl.set_sessionID(session_id_);
else
ssl.useSecurity().use_connection().sessionID_Set_ = false;
if (ssl.getSecurity().get_resuming()) if (ssl.getSecurity().get_resuming())
if (memcmp(session_id_, ssl.getSecurity().get_resume().GetID(), if (memcmp(session_id_, ssl.getSecurity().get_resume().GetID(),
......
...@@ -709,6 +709,7 @@ void SSL::set_masterSecret(const opaque* sec) ...@@ -709,6 +709,7 @@ void SSL::set_masterSecret(const opaque* sec)
void SSL::set_sessionID(const opaque* sessionID) void SSL::set_sessionID(const opaque* sessionID)
{ {
memcpy(secure_.use_connection().sessionID_, sessionID, ID_LEN); memcpy(secure_.use_connection().sessionID_, sessionID, ID_LEN);
secure_.use_connection().sessionID_Set_ = true;
} }
...@@ -1423,8 +1424,10 @@ typedef Mutex::Lock Lock; ...@@ -1423,8 +1424,10 @@ typedef Mutex::Lock Lock;
void Sessions::add(const SSL& ssl) void Sessions::add(const SSL& ssl)
{ {
if (ssl.getSecurity().get_connection().sessionID_Set_) {
Lock guard(mutex_); Lock guard(mutex_);
list_.push_back(NEW_YS SSL_SESSION(ssl, random_)); list_.push_back(NEW_YS SSL_SESSION(ssl, random_));
}
} }
......
...@@ -103,7 +103,7 @@ enum Constants ...@@ -103,7 +103,7 @@ enum Constants
MAX_ALGO_SIZE = 9, MAX_ALGO_SIZE = 9,
MAX_DIGEST_SZ = 25, // SHA + enum(Bit or Octet) + length(4) MAX_DIGEST_SZ = 25, // SHA + enum(Bit or Octet) + length(4)
DSA_SIG_SZ = 40, DSA_SIG_SZ = 40,
NAME_MAX = 512 // max total of all included names ASN_NAME_MAX = 512 // max total of all included names
}; };
...@@ -216,7 +216,7 @@ enum { SHA_SIZE = 20 }; ...@@ -216,7 +216,7 @@ enum { SHA_SIZE = 20 };
// A Signing Authority // A Signing Authority
class Signer { class Signer {
PublicKey key_; PublicKey key_;
char name_[NAME_MAX]; char name_[ASN_NAME_MAX];
byte hash_[SHA_SIZE]; byte hash_[SHA_SIZE];
public: public:
Signer(const byte* k, word32 kSz, const char* n, const byte* h); Signer(const byte* k, word32 kSz, const char* n, const byte* h);
...@@ -270,8 +270,8 @@ private: ...@@ -270,8 +270,8 @@ private:
byte subjectHash_[SHA_SIZE]; // hash of all Names byte subjectHash_[SHA_SIZE]; // hash of all Names
byte issuerHash_[SHA_SIZE]; // hash of all Names byte issuerHash_[SHA_SIZE]; // hash of all Names
byte* signature_; byte* signature_;
char issuer_[NAME_MAX]; // Names char issuer_[ASN_NAME_MAX]; // Names
char subject_[NAME_MAX]; // Names char subject_[ASN_NAME_MAX]; // Names
char beforeDate_[MAX_DATE_SZ]; // valid before date char beforeDate_[MAX_DATE_SZ]; // valid before date
char afterDate_[MAX_DATE_SZ]; // valid after date char afterDate_[MAX_DATE_SZ]; // valid after date
bool verify_; // Default to yes, but could be off bool verify_; // Default to yes, but could be off
......
...@@ -665,7 +665,7 @@ void CertDecoder::GetName(NameType nt) ...@@ -665,7 +665,7 @@ void CertDecoder::GetName(NameType nt)
SHA sha; SHA sha;
word32 length = GetSequence(); // length of all distinguished names word32 length = GetSequence(); // length of all distinguished names
assert (length < NAME_MAX); assert (length < ASN_NAME_MAX);
length += source_.get_index(); length += source_.get_index();
char* ptr = (nt == ISSUER) ? issuer_ : subject_; char* ptr = (nt == ISSUER) ? issuer_ : subject_;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment