# ifndef OPENSSL_NO_SRP
char *srp_username;
# endif
+ unsigned char *ticket_appdata;
+ size_t ticket_appdata_len;
uint32_t flags;
CRYPTO_RWLOCK *lock;
};
STACK_OF(SSL_CIPHER) *cipher_list;
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+ /* TLSv1.3 specific ciphersuites */
+ STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
struct x509_store_st /* X509_STORE */ *cert_store;
LHASH_OF(SSL_SESSION) *sessions;
/*
int (*app_verify_cookie_cb) (SSL *ssl, const unsigned char *cookie,
unsigned int cookie_len);
+ /* TLS1.3 app-controlled cookie generate callback */
+ int (*gen_stateless_cookie_cb) (SSL *ssl, unsigned char *cookie,
+ size_t *cookie_len);
+
+ /* TLS1.3 verify app-controlled cookie callback */
+ int (*verify_stateless_cookie_cb) (SSL *ssl, const unsigned char *cookie,
+ size_t cookie_len);
+
CRYPTO_EX_DATA ex_data;
const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
void *record_padding_arg;
size_t block_padding;
+
+ /* Session ticket appdata */
+ SSL_CTX_generate_session_ticket_fn generate_ticket_cb;
+ SSL_CTX_decrypt_session_ticket_fn decrypt_ticket_cb;
+ void *ticket_cb_data;
};
struct ssl_st {
/* crypto */
STACK_OF(SSL_CIPHER) *cipher_list;
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+ /* TLSv1.3 specific ciphersuites */
+ STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
/*
* These are the ones being used, the ones in SSL_SESSION are the ones to
* be 'copied' into these ones
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
-__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
- STACK_OF(SSL_CIPHER) **pref,
- STACK_OF(SSL_CIPHER)
- **sorted,
+__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+ STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
+ STACK_OF(SSL_CIPHER) **cipher_list,
+ STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str,
CERT *c);
__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format);
__owur int tls1_set_server_sigalgs(SSL *s);
-/* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */
-typedef enum ticket_en {
- /* fatal error, malloc failure */
- TICKET_FATAL_ERR_MALLOC,
- /* fatal error, either from parsing or decrypting the ticket */
- TICKET_FATAL_ERR_OTHER,
- /* No ticket present */
- TICKET_NONE,
- /* Empty ticket present */
- TICKET_EMPTY,
- /* the ticket couldn't be decrypted */
- TICKET_NO_DECRYPT,
- /* a ticket was successfully decrypted */
- TICKET_SUCCESS,
- /* same as above but the ticket needs to be renewed */
- TICKET_SUCCESS_RENEW
-} TICKET_RETURN;
-
-__owur TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
- SSL_SESSION **ret);
-__owur TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
- size_t eticklen,
- const unsigned char *sess_id,
- size_t sesslen, SSL_SESSION **psess);
+__owur SSL_TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
+ SSL_SESSION **ret);
+__owur SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+ size_t eticklen,
+ const unsigned char *sess_id,
+ size_t sesslen, SSL_SESSION **psess);
__owur int tls_use_ticket(SSL *s);
projects / openssl.git / blobdiff