/*
* This constructor, the only one, allocs copies of the key and value
* SSLBuffers.
*/
static SessionCacheEntry *SessionCacheEntryCreate(
const SSLBuffer *key,
const SSLBuffer *sessionData,
CFAbsoluteTime expirationTime)
{
OSStatus serr;
SessionCacheEntry *entry = malloc(sizeof(SessionCacheEntry));
if (entry == NULL)
return NULL;
serr = SSLCopyBuffer(key, &entry->mKey);
if(serr) {
free (entry);
return NULL;
}
serr = SSLCopyBuffer(sessionData, &entry->mSessionData);
if(serr) {
SSLFreeBuffer(&entry->mKey, NULL);
free (entry);
return NULL;
}
sslLogSessCacheDebug("SessionCacheEntryCreate(buf,buf) %p", entry);
entry->mExpiration = expirationTime;
return entry;
}
/* Server: set ocsp response data */
int
tls_handshake_set_ocsp_response(tls_handshake_t filter, tls_buffer *ocsp_response)
{
assert(filter->isServer);
SSLFreeBuffer(&filter->ocsp_response);
return SSLCopyBuffer(ocsp_response, &filter->ocsp_response);
}
/* Client: set ocsp request_extensions */
int
tls_handshake_set_ocsp_request_extensions(tls_handshake_t filter, tls_buffer ocsp_request_extensions)
{
assert(!filter->isServer);
SSLFreeBuffer(&filter->ocsp_request_extensions);
return SSLCopyBuffer(&ocsp_request_extensions, &filter->ocsp_request_extensions);
}
/* Set the PSK identity - Client only */
int
tls_handshake_set_psk_identity(tls_handshake_t filter, tls_buffer *psk_identity)
{
assert(!filter->isServer);
SSLCopyBuffer(psk_identity, &filter->pskIdentity);
return 0;
}
static OSStatus SessionCacheLookupEntry(
SessionCache *cache,
const SSLBuffer *sessionKey,
SSLBuffer *sessionData)
{
SessionCacheEntry *entry = NULL;
SessionCacheEntry **current;
for (current = &(cache->head); *current; current = &((*current)->next)) {
entry = *current;
if (SessionCacheEntryMatchKey(entry, sessionKey))
break;
}
if (*current == NULL)
return errSSLSessionNotFound;
if (SessionCacheEntryIsStaleNow(entry)) {
sslLogSessCacheDebug("SessionCache::lookupEntry %p: STALE "
"entry, deleting; current %p, entry->next %p",
entry, current, entry->next);
cachePrint(entry, sessionKey, &entry->mSessionData);
*current = entry->next;
SessionCacheEntryDelete(entry);
return errSSLSessionNotFound;
}
/* alloc/copy sessionData from existing entry (caller must free) */
return SSLCopyBuffer(&entry->mSessionData, sessionData);
}
/* (re)handshake */
int
tls_handshake_negotiate(tls_handshake_t filter, tls_buffer *peerID)
{
assert(!filter->isServer);
if ((filter->state != SSL_HdskStateClientReady) && (filter->state != SSL_HdskStateClientUninit))
{
sslDebugLog("Requesting renegotiation while handshake in progress...");
return errSSLIllegalParam; // TODO: better error code for this case.
}
if(peerID) {
check(filter->peerID.data==NULL); // Note sure that's illegal, but it's fishy
filter->callbacks->load_session_data(filter->callback_ctx, *peerID, &filter->resumableSession);
SSLFreeBuffer(&filter->peerID);
SSLCopyBuffer(peerID, &filter->peerID);
} else {
SSLFreeBuffer(&filter->peerID);
}
return SSLAdvanceHandshake(SSL_HdskHelloRequest, filter);
}
int SSLAllocCopyBuffer(
const SSLBuffer *src,
SSLBuffer **dst) // buffer and data mallocd and returned
{
int serr;
SSLBuffer *rtn = (SSLBuffer *)sslMalloc(sizeof(SSLBuffer));
if(rtn == NULL) {
sslErrorLog("SSLAllocCopyBuffer: NULL buf!\n");
check(0);
return -1;
}
serr = SSLCopyBuffer(src, rtn);
if(serr) {
sslFree(rtn);
}
else {
*dst = rtn;
}
return serr;
}
static OSStatus SessionCacheLookupEntry(
SessionCache *cache,
const tls_buffer *sessionKey,
tls_buffer *sessionData)
{
SessionCacheEntry *entry = NULL;
SessionCacheEntry **current;
for (current = &(cache->head); *current; current = &((*current)->next)) {
entry = *current;
if (SessionCacheEntryMatchKey(entry, sessionKey))
break;
}
if (*current == NULL)
return -9804; //errSSLSessionNotFound;
if (SessionCacheEntryIsStaleNow(entry)) {
sslLogSessCacheDebug("SessionCache::lookupEntry %p: STALE "
"entry, deleting; current %p, entry->next %p",
entry, current, entry->next);
cachePrint(entry, sessionKey, &entry->mSessionData);
*current = entry->next;
SessionCacheEntryDelete(entry);
return -9804; //errSSLSessionNotFound;
}
#if 1
// "get" not "copy", see: <rdar://problem/16277298> coreTLS: session cache callbacks can lead to leaks or crashes
sessionData->data = entry->mSessionData.data;
sessionData->length = entry->mSessionData.length;
return 0;
#else
/* alloc/copy sessionData from existing entry (caller must free) */
return SSLCopyBuffer(&entry->mSessionData, sessionData);
#endif
}
int
tls_handshake_set_alpn_data(tls_handshake_t filter, tls_buffer alpnData)
{
SSLFreeBuffer(&filter->alpnOwnData);
return SSLCopyBuffer(&alpnData, &filter->alpnOwnData);
}
int
tls_handshake_set_psk_secret(tls_handshake_t filter, tls_buffer *psk_secret)
{
SSLCopyBuffer(psk_secret, &filter->pskSharedSecret);
return 0;
}
/* replace existing mSessionData */
static OSStatus SessionCacheEntrySetSessionData(SessionCacheEntry *entry,
const SSLBuffer *data)
{
SSLFreeBuffer(&entry->mSessionData, NULL);
return SSLCopyBuffer(data, &entry->mSessionData);
}