[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed Aug 17 09:40:07 UTC 2016
The branch master has been updated
via fddfc0afc84728f8a5140685163e66ce6471742d (commit)
from 46117d31fe420124dd07f8f16d7a76fecc290980 (commit)
- Log -----------------------------------------------------------------
commit fddfc0afc84728f8a5140685163e66ce6471742d
Author: Remi Gacogne <rgacogne-github at coredump.fr>
Date: Sat Aug 6 12:54:29 2016 +0200
Add missing session id and tlsext_status accessors
* SSL_SESSION_set1_id()
* SSL_SESSION_get0_id_context()
* SSL_CTX_get_tlsext_status_cb()
* SSL_CTX_get_tlsext_status_arg()
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
doc/ssl/SSL_CTX_set_tlsext_status_cb.pod | 9 +++++++
doc/ssl/SSL_SESSION_get0_id_context.pod | 41 ++++++++++++++++++++++++++++++++
doc/ssl/SSL_SESSION_set1_id.pod | 41 ++++++++++++++++++++++++++++++++
include/openssl/ssl.h | 8 +++++++
include/openssl/tls1.h | 4 ++++
ssl/s3_lib.c | 8 +++++++
ssl/ssl_err.c | 3 +++
ssl/ssl_sess.c | 20 ++++++++++++++++
util/libssl.num | 2 ++
9 files changed, 136 insertions(+)
create mode 100644 doc/ssl/SSL_SESSION_get0_id_context.pod
create mode 100644 doc/ssl/SSL_SESSION_set1_id.pod
diff --git a/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod b/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
index 5c58b23..c12ff0e 100644
--- a/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
+++ b/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
@@ -3,7 +3,9 @@
=head1 NAME
SSL_CTX_set_tlsext_status_cb,
+SSL_CTX_get_tlsext_status_cb,
SSL_CTX_set_tlsext_status_arg,
+SSL_CTX_get_tlsext_status_arg,
SSL_CTX_set_tlsext_status_type,
SSL_CTX_get_tlsext_status_type,
SSL_set_tlsext_status_type,
@@ -18,7 +20,11 @@ SSL_set_tlsext_status_ocsp_resp
long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx,
int (*callback)(SSL *, void *));
+ long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx,
+ int (**callback)(SSL *, void *));
+
long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
+ long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg);
long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type);
long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx);
@@ -48,6 +54,9 @@ acceptable or not. The callback will be passed as an argument the value
previously set via a call to SSL_CTX_set_tlsext_status_arg(). Note that the
callback will not be called in the event of a handshake where session resumption
occurs (because there are no Certificates exchanged in such a handshake).
+The callback previously set via SSL_CTX_set_tlsext_status_cb() can be retrieved
+by calling SSL_CTX_get_tlsext_status_cb(), and the argument by calling
+SSL_CTX_get_tlsext_status_arg().
On the client side SSL_get_tlsext_status_type() can be used to determine whether
the client has previously called SSL_set_tlsext_status_type(). It will return
diff --git a/doc/ssl/SSL_SESSION_get0_id_context.pod b/doc/ssl/SSL_SESSION_get0_id_context.pod
new file mode 100644
index 0000000..2ac3fc4
--- /dev/null
+++ b/doc/ssl/SSL_SESSION_get0_id_context.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get0_id_context - get the SSL ID context associated with a session
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+ unsigned int *len)
+
+=head1 DESCRIPTION
+
+SSL_SESSION_get0_id_context() returns the ID context associated with
+the SSL/TLS session B<s>. The length of the ID context is written to
+B<*len> if B<len> is not NULL.
+
+The value returned is a pointer to an object maintained within B<s> and
+should not be released.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_set_session_id_context(3)>
+
+=head1 HISTORY
+
+SSL_SESSION_get0_id_context() was first added to OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/ssl/SSL_SESSION_set1_id.pod b/doc/ssl/SSL_SESSION_set1_id.pod
new file mode 100644
index 0000000..fe8a1c4
--- /dev/null
+++ b/doc/ssl/SSL_SESSION_set1_id.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_set1_id - set the SSL session ID
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+ unsigned int sid_len);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_set1_id() sets the the session ID for the B<ssl> SSL/TLS session
+to B<sid> of length B<sid_len>.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_set1_id() returns 1 for success and 0 for failure, for example
+if the supplied session ID length exceeds B<SSL_MAX_SSL_SESSION_ID_LENGTH>.
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 HISTORY
+
+SSL_SESSION_set1_id() was first added to OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 0f28920..a7732ff 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1137,6 +1137,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125
# define SSL_CTRL_SET_MAX_PIPELINES 126
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
# define SSL_CERT_SET_FIRST 1
# define SSL_CERT_SET_NEXT 2
# define SSL_CERT_SET_SERVER 3
@@ -1406,10 +1408,14 @@ __owur int SSL_copy_session_id(SSL *to, const SSL *from);
__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
+__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+ unsigned int sid_len);
__owur SSL_SESSION *SSL_SESSION_new(void);
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
unsigned int *len);
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+ unsigned int *len);
__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
# ifndef OPENSSL_NO_STDIO
int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
@@ -2169,6 +2175,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_SSL_SESSION_DUP 348
# define SSL_F_SSL_SESSION_NEW 189
# define SSL_F_SSL_SESSION_PRINT_FP 190
+# define SSL_F_SSL_SESSION_SET1_ID 423
# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
# define SSL_F_SSL_SET_ALPN_PROTOS 344
# define SSL_F_SSL_SET_CERT 191
@@ -2448,6 +2455,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_SSL_SECTION_NOT_FOUND 136
# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
# define SSL_R_SSL_SESSION_ID_CONFLICT 302
+# define SSL_R_SSL_SESSION_ID_TOO_LONG 408
# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 11ad8e5..23e382c 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -292,9 +292,13 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
+# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \
+SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb)
# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
+# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \
+SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg
# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index eea75a3..81d21f2 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3340,6 +3340,14 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
ctx->tlsext_status_arg = parg;
return 1;
+ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
+ *(void**)parg = ctx->tlsext_status_arg;
+ break;
+
+ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
+ *(int (**)(SSL*, void*))parg = ctx->tlsext_status_cb;
+ break;
+
#ifndef OPENSSL_NO_SRP
case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
ctx->srp_ctx.srp_Mask |= SSL_kSRP;
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index f573633..9644fd2 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -182,6 +182,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"},
{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID), "SSL_SESSION_set1_id"},
{ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT),
"SSL_SESSION_set1_id_context"},
{ERR_FUNC(SSL_F_SSL_SET_ALPN_PROTOS), "SSL_set_alpn_protos"},
@@ -564,6 +565,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"},
{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),
"ssl session id context too long"},
+ {ERR_REASON(SSL_R_SSL_SESSION_ID_TOO_LONG),
+ "ssl session id too long"},
{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
"ssl session id has bad length"},
{ERR_REASON(SSL_R_SSL_SESSION_VERSION_MISMATCH),
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 1a2872c..509175b 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -240,6 +240,13 @@ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
*len = s->session_id_length;
return s->session_id;
}
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+ unsigned int *len)
+{
+ if (len != NULL)
+ *len = s->sid_ctx_length;
+ return s->sid_ctx;
+}
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
{
@@ -792,6 +799,19 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
return 1;
}
+int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+ unsigned int sid_len)
+{
+ if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+ SSLerr(SSL_F_SSL_SESSION_SET1_ID,
+ SSL_R_SSL_SESSION_ID_TOO_LONG);
+ return 0;
+ }
+ s->session_id_length = sid_len;
+ memcpy(s->session_id, sid, sid_len);
+ return 1;
+}
+
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
{
if (s == NULL)
diff --git a/util/libssl.num b/util/libssl.num
index 02dface..200629f 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -401,3 +401,5 @@ SSL_dane_set_flags 401 1_1_0 EXIST::FUNCTION:
SSL_CTX_dane_clear_flags 402 1_1_0 EXIST::FUNCTION:
SSL_dane_clear_flags 403 1_1_0 EXIST::FUNCTION:
SSL_SESSION_get0_cipher 404 1_1_0 EXIST::FUNCTION:
+SSL_SESSION_get0_id_context 405 1_1_0 EXIST::FUNCTION:
+SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list