diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-02 10:11:41 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-12 11:56:58 +0200 |
| commit | e1326209aa7160e1332cf571a8eb8c2ccfd7369d (patch) | |
| tree | 51fd8ebb9da0861fd0420cdf9947a999eb65ad47 /lib/tls13 | |
| parent | 40b5e30494230f1e87d1622f14cf65cce5ba3bc9 (diff) | |
| download | gnutls-e1326209aa7160e1332cf571a8eb8c2ccfd7369d.tar.gz | |
gnutls_session_ticket_send: allow sending multiple tickets in one go
This allows combining the tickets in a single record message when
possible.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/tls13')
| -rw-r--r-- | lib/tls13/session_ticket.c | 104 | ||||
| -rw-r--r-- | lib/tls13/session_ticket.h | 2 |
2 files changed, 58 insertions, 48 deletions
diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c index 77edbcda91..184c0ac271 100644 --- a/lib/tls13/session_ticket.c +++ b/lib/tls13/session_ticket.c @@ -227,12 +227,13 @@ generate_session_ticket(gnutls_session_t session, tls13_ticket_t *ticket) return 0; } -int _gnutls13_send_session_ticket(gnutls_session_t session, unsigned again) +int _gnutls13_send_session_ticket(gnutls_session_t session, unsigned nr, unsigned again) { int ret = 0; mbuffer_st *bufel = NULL; gnutls_buffer_st buf; tls13_ticket_t ticket; + unsigned i; /* Client does not send a NewSessionTicket */ if (unlikely(session->security_parameters.entity == GNUTLS_CLIENT)) @@ -249,70 +250,79 @@ int _gnutls13_send_session_ticket(gnutls_session_t session, unsigned again) return gnutls_assert_val(0); if (again == 0) { - memset(&ticket, 0, sizeof(tls13_ticket_t)); - - ret = generate_session_ticket(session, &ticket); - if (ret < 0) { - if (ret == GNUTLS_E_INT_RET_0) { - return gnutls_assert_val(0); + for (i=0;i<nr;i++) { + memset(&ticket, 0, sizeof(tls13_ticket_t)); + bufel = NULL; + + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = generate_session_ticket(session, &ticket); + if (ret < 0) { + if (ret == GNUTLS_E_INT_RET_0) { + ret = gnutls_assert_val(0); + goto cleanup; + } + gnutls_assert(); + goto cleanup; } - return gnutls_assert_val(ret); - } + ret = _gnutls_buffer_append_prefix(&buf, 32, ticket.lifetime); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } - ret = _gnutls_buffer_init_handshake_mbuffer(&buf); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + ret = _gnutls_buffer_append_prefix(&buf, 32, ticket.age_add); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } - ret = _gnutls_buffer_append_prefix(&buf, 32, ticket.lifetime); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + /* append ticket_nonce */ + ret = _gnutls_buffer_append_data_prefix(&buf, 8, ticket.nonce, ticket.nonce_size); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } - ret = _gnutls_buffer_append_prefix(&buf, 32, ticket.age_add); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + /* append ticket */ + ret = _gnutls_buffer_append_data_prefix(&buf, 16, ticket.ticket.data, ticket.ticket.size); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } - /* append ticket_nonce */ - ret = _gnutls_buffer_append_data_prefix(&buf, 8, ticket.nonce, ticket.nonce_size); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + ret = _gnutls_buffer_append_prefix(&buf, 16, 0); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } - /* append ticket */ - ret = _gnutls_buffer_append_data_prefix(&buf, 16, ticket.ticket.data, ticket.ticket.size); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + _gnutls_free_datum(&ticket.ticket); - ret = _gnutls_buffer_append_prefix(&buf, 16, 0); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + bufel = _gnutls_buffer_to_mbuffer(&buf); - _gnutls_free_datum(&ticket.ticket); + ret = _gnutls_send_handshake2(session, bufel, + GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, 1); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } - bufel = _gnutls_buffer_to_mbuffer(&buf); + session->internals.hsk_flags |= HSK_TLS13_TICKET_SENT; + } } - ret = _gnutls_send_handshake(session, bufel, - GNUTLS_HANDSHAKE_NEW_SESSION_TICKET); - if (ret > 0) - session->internals.hsk_flags |= HSK_TLS13_TICKET_SENT; + ret = _gnutls_handshake_io_write_flush(session); return ret; cleanup: _gnutls_free_datum(&ticket.ticket); _mbuffer_xfree(&bufel); + _gnutls_buffer_clear(&buf); return ret; } diff --git a/lib/tls13/session_ticket.h b/lib/tls13/session_ticket.h index 073c28f1f2..d2f637c209 100644 --- a/lib/tls13/session_ticket.h +++ b/lib/tls13/session_ticket.h @@ -23,7 +23,7 @@ #define SESSION_TICKET_H int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *buf); -int _gnutls13_send_session_ticket(gnutls_session_t session, unsigned again); +int _gnutls13_send_session_ticket(gnutls_session_t session, unsigned nr, unsigned again); int _gnutls13_unpack_session_ticket(gnutls_session_t session, gnutls_datum_t *data, |