Add tls_session_ticket_ext_cb and use the new wolfSSL_set_session_ticket_ext_cb API.
Signed-off-by: Juliusz Sosinowicz <juliusz@xxxxxxxxxxx>
---
src/crypto/tls_wolfssl.c | 59 +++++++++++++++++++++++++++++++---------
1 file changed, 46 insertions(+), 13 deletions(-)
diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index b6869b7488..22f8d6eb78 100644
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -94,7 +94,8 @@ struct tls_connection {
#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
tls_session_ticket_cb session_ticket_cb;
void *session_ticket_cb_ctx;
- byte session_ticket[SESSION_TICKET_LEN];
+ u8 *session_ticket;
+ size_t session_ticket_len;
#endif
unsigned int ca_cert_verify:1;
unsigned int cert_probe:1;
@@ -513,6 +514,7 @@ void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
os_free(conn->domain_match);
os_free(conn->peer_subject);
os_free(conn->check_cert_subject);
+ os_free(conn->session_ticket);
/* self */
os_free(conn);
@@ -2481,32 +2483,58 @@ static int tls_sess_sec_cb(WOLFSSL *s, void *secret, int *secret_len, void *arg)
int ret;
unsigned char client_random[RAN_LEN];
unsigned char server_random[RAN_LEN];
- word32 ticket_len = sizeof(conn->session_ticket);
if (!conn || !conn->session_ticket_cb)
- return 1;
+ return -1;
+
+ wpa_printf(MSG_DEBUG, "wolfSSL: %s", __func__);
if (wolfSSL_get_client_random(s, client_random,
sizeof(client_random)) == 0 ||
wolfSSL_get_server_random(s, server_random,
- sizeof(server_random)) == 0 ||
- wolfSSL_get_SessionTicket(s, conn->session_ticket,
- &ticket_len) != 1)
- return 1;
-
- if (ticket_len == 0)
- return 0;
+ sizeof(server_random)) == 0)
+ return -1;
ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
- conn->session_ticket, ticket_len,
+ conn->session_ticket, conn->session_ticket_len,
client_random, server_random, secret);
+
+ wpa_printf(MSG_DEBUG, "wolfSSL: %s conn->session_ticket_cb: %d", __func__, ret);
+
+ os_free(conn->session_ticket);
+ conn->session_ticket = NULL;
+
if (ret <= 0)
- return 1;
+ return -1;
*secret_len = SECRET_LEN;
return 0;
}
+static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data,
+ int len, void *arg)
+{
+ struct tls_connection *conn = arg;
+
+ if (conn == NULL || conn->session_ticket_cb == NULL)
+ return 0;
+
+ wpa_printf(MSG_DEBUG, "wolfSSL: %s: length=%d", __func__, len);
+
+ os_free(conn->session_ticket);
+ conn->session_ticket = NULL;
+
+ wpa_hexdump(MSG_DEBUG, "wolfSSL: ClientHello SessionTicket "
+ "extension", data, len);
+
+ conn->session_ticket = os_memdup(data, len);
+ if (conn->session_ticket == NULL)
+ return 0;
+
+ conn->session_ticket_len = len;
+
+ return 1;
+}
#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
@@ -2521,11 +2549,16 @@ int tls_connection_set_session_ticket_cb(void *tls_ctx,
if (cb) {
if (wolfSSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
- conn) != 1)
+ conn) != 1)
+ return -1;
+ if (wolfSSL_set_session_ticket_ext_cb(conn->ssl,
+ tls_session_ticket_ext_cb, conn) != 1)
return -1;
} else {
if (wolfSSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
return -1;
+ if (wolfSSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL) != 1)
+ return -1;
}
return 0;
--
2.34.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
