/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
#endif
dest->peer_chain = NULL;
dest->peer = NULL;
- dest->ext.tick_nonce = NULL;
dest->ticket_appdata = NULL;
memset(&dest->ex_data, 0, sizeof(dest->ex_data));
if (src->ext.supportedgroups) {
dest->ext.supportedgroups =
OPENSSL_memdup(src->ext.supportedgroups,
- src->ext.supportedgroups_len);
+ src->ext.supportedgroups_len
+ * sizeof(*src->ext.supportedgroups));
if (dest->ext.supportedgroups == NULL)
goto err;
}
}
}
- if (src->ext.tick_nonce != NULL) {
- dest->ext.tick_nonce = OPENSSL_memdup(src->ext.tick_nonce,
- src->ext.tick_nonce_len);
- if (dest->ext.tick_nonce == NULL)
- goto err;
- }
-
#ifndef OPENSSL_NO_SRP
if (src->srp_username) {
dest->srp_username = OPENSSL_strdup(src->srp_username);
{
unsigned int retry = 0;
do
- if (ssl_randbytes(ssl, id, *id_len) <= 0)
+ if (RAND_bytes(id, *id_len) <= 0)
return 0;
while (SSL_has_matching_session_id(ssl, id, *id_len) &&
(++retry < MAX_SESS_ID_ATTEMPTS)) ;
s->session = NULL;
if (session) {
- if (!ssl_generate_session_id(s, ss)) {
+ if (SSL_IS_TLS13(s)) {
+ /*
+ * We generate the session id while constructing the
+ * NewSessionTicket in TLSv1.3.
+ */
+ ss->session_id_length = 0;
+ } else if (!ssl_generate_session_id(s, ss)) {
/* SSLfatal() already called */
SSL_SESSION_free(ss);
return 0;
SSL_SESSION *ret = NULL;
int fatal = 0, discard;
int try_session_cache = 0;
- SSL_TICKET_RETURN r;
+ SSL_TICKET_STATUS r;
if (SSL_IS_TLS13(s)) {
+ /*
+ * By default we will send a new ticket. This can be overridden in the
+ * ticket processing.
+ */
+ s->ext.ticket_expected = 1;
if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
NULL, 0)
if ((c != NULL) && (c->session_id_length != 0)) {
if (lck)
CRYPTO_THREAD_write_lock(ctx->lock);
- if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
+ if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
ret = 1;
- r = lh_SSL_SESSION_delete(ctx->sessions, c);
- SSL_SESSION_list_remove(ctx, c);
+ r = lh_SSL_SESSION_delete(ctx->sessions, r);
+ SSL_SESSION_list_remove(ctx, r);
}
c->not_resumable = 1;
if (lck)
CRYPTO_THREAD_unlock(ctx->lock);
- if (ret)
- SSL_SESSION_free(r);
-
if (ctx->remove_session_cb != NULL)
ctx->remove_session_cb(ctx, c);
+
+ if (ret)
+ SSL_SESSION_free(r);
} else
ret = 0;
return ret;
if (ss == NULL)
return;
-
CRYPTO_DOWN_REF(&ss->references, &i, ss->lock);
REF_PRINT_COUNT("SSL_SESSION", ss);
if (i > 0)
OPENSSL_free(ss->srp_username);
#endif
OPENSSL_free(ss->ext.alpn_selected);
- OPENSSL_free(ss->ext.tick_nonce);
OPENSSL_free(ss->ticket_appdata);
CRYPTO_THREAD_lock_free(ss->lock);
OPENSSL_clear_free(ss, sizeof(*ss));
return 1;
}
+void SSL_CTX_set_stateless_cookie_generate_cb(
+ SSL_CTX *ctx,
+ int (*cb) (SSL *ssl,
+ unsigned char *cookie,
+ size_t *cookie_len))
+{
+ ctx->gen_stateless_cookie_cb = cb;
+}
+
+void SSL_CTX_set_stateless_cookie_verify_cb(
+ SSL_CTX *ctx,
+ int (*cb) (SSL *ssl,
+ const unsigned char *cookie,
+ size_t cookie_len))
+{
+ ctx->verify_stateless_cookie_cb = cb;
+}
+
IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)