Reset executable bits on files where not needed.

[openssl.git] / ssl / ssl_locl.h

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index f8492789f1a79abd2916421650baab9db91626e1..6811b4f3f4a95fe6d912d5d4739244163fa412ae 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -580,6 +580,9 @@ struct ssl_session_st {
         int tick_identity;
         /* Max number of bytes that can be sent as early data */
         uint32_t max_early_data;
+        /* The ALPN protocol selected for this session */
+        unsigned char *alpn_selected;
+        size_t alpn_selected_len;
     } ext;
 # ifndef OPENSSL_NO_SRP
     char *srp_username;
@@ -618,6 +621,7 @@ typedef enum {
     SSL_EARLY_DATA_CONNECTING,
     SSL_EARLY_DATA_WRITE_RETRY,
     SSL_EARLY_DATA_WRITING,
+    SSL_EARLY_DATA_UNAUTH_WRITING,
     SSL_EARLY_DATA_FINISHED_WRITING,
     SSL_EARLY_DATA_ACCEPT_RETRY,
     SSL_EARLY_DATA_ACCEPTING,
@@ -626,6 +630,26 @@ typedef enum {
     SSL_EARLY_DATA_FINISHED_READING
 } SSL_EARLY_DATA_STATE;
 
+/*
+ * We check that the amount of unreadable early data doesn't exceed
+ * max_early_data. max_early_data is given in plaintext bytes. However if it is
+ * unreadable then we only know the number of ciphertext bytes. We also don't
+ * know how much the overhead should be because it depends on the ciphersuite.
+ * We make a small allowance. We assume 5 records of actual data plus the end
+ * of early data alert record. Each record has a tag and a content type byte.
+ * The longest tag length we know of is EVP_GCM_TLS_TAG_LEN. We don't count the
+ * content of the alert record either which is 2 bytes.
+ */
+# define EARLY_DATA_CIPHERTEXT_OVERHEAD ((6 * (EVP_GCM_TLS_TAG_LEN + 1)) + 2)
+
+/*
+ * The allowance we have between the client's calculated ticket age and our own.
+ * We allow for 10 seconds (units are in ms). If a ticket is presented and the
+ * client's age calculation is different by more than this than our own then we
+ * do not allow that ticket for early_data.
+ */
+# define TICKET_AGE_ALLOWANCE   (10 * 1000)
+
 #define MAX_COMPRESSIONS_SIZE   255
 
 struct ssl_comp_st {
@@ -1185,6 +1209,8 @@ struct ssl_st {
 
         /* Are we expecting to receive early data? */
         int early_data;
+        /* Is the session suitable for early data? */
+        int early_data_ok;
     } ext;
 
     /* Parsed form of the ClientHello, kept around across early_cb calls. */
@@ -1245,8 +1271,14 @@ struct ssl_st {
     ASYNC_WAIT_CTX *waitctx;
     size_t asyncrw;
 
-    /* The maximum number of bytes that can be sent as early data */
+    /* The maximum number of plaintext bytes that can be sent as early data */
     uint32_t max_early_data;
+    /*
+     * The number of bytes of early data received so far. If we accepted early
+     * data then this is a count of the plaintext bytes. If we rejected it then
+     * this is a count of the ciphertext bytes.
+     */
+    uint32_t early_data_count;
 
     CRYPTO_RWLOCK *lock;
 };
@@ -1755,7 +1787,6 @@ typedef enum tlsext_index_en {
     TLSEXT_IDX_server_name,
     TLSEXT_IDX_srp,
     TLSEXT_IDX_early_data_info,
-    TLSEXT_IDX_early_data,
     TLSEXT_IDX_ec_point_formats,
     TLSEXT_IDX_supported_groups,
     TLSEXT_IDX_session_ticket,
@@ -1771,6 +1802,7 @@ typedef enum tlsext_index_en {
     TLSEXT_IDX_psk_kex_modes,
     TLSEXT_IDX_key_share,
     TLSEXT_IDX_cryptopro_bug,
+    TLSEXT_IDX_early_data,
     TLSEXT_IDX_padding,
     TLSEXT_IDX_psk
 } TLSEXT_INDEX;