s->psksession_id = NULL;
s->psksession_id_len = 0;
s->hello_retry_request = 0;
+ s->sent_tickets = 0;
s->error = 0;
s->hit = 0;
s->mode = ctx->mode;
s->max_cert_list = ctx->max_cert_list;
s->max_early_data = ctx->max_early_data;
+ s->recv_max_early_data = ctx->recv_max_early_data;
+ s->num_tickets = ctx->num_tickets;
/* Shallow copy of the ciphersuites stack */
s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
s->key_update = SSL_KEY_UPDATE_NONE;
+ s->allow_early_data_cb = ctx->allow_early_data_cb;
+ s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
+
if (!s->method->ssl_new(s))
goto err;
/* We are a server writing to an unauthenticated client */
s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
ret = SSL_write_ex(s, buf, num, written);
+ /* The buffering BIO is still in place */
+ if (ret)
+ (void)BIO_flush(s->wbio);
s->early_data_state = early_data_state;
return ret;
return 1;
}
-char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
{
char *p;
- STACK_OF(SSL_CIPHER) *sk;
+ STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
const SSL_CIPHER *c;
int i;
- if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2))
+ if (!s->server
+ || s->session == NULL
+ || s->session->ciphers == NULL
+ || size < 2)
return NULL;
p = buf;
- sk = s->session->ciphers;
+ clntsk = s->session->ciphers;
+ srvrsk = SSL_get_ciphers(s);
+ if (clntsk == NULL || srvrsk == NULL)
+ return NULL;
- if (sk_SSL_CIPHER_num(sk) == 0)
+ if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
return NULL;
- for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+ for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
int n;
- c = sk_SSL_CIPHER_value(sk, i);
+ c = sk_SSL_CIPHER_value(clntsk, i);
+ if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
+ continue;
+
n = strlen(c->name);
- if (n + 1 > len) {
+ if (n + 1 > size) {
if (p != buf)
--p;
*p = '\0';
strcpy(p, c->name);
p += n;
*(p++) = ':';
- len -= n + 1;
+ size -= n + 1;
}
p[-1] = '\0';
return buf;
if (type != TLSEXT_NAMETYPE_host_name)
return NULL;
- return s->session && !s->ext.hostname ?
+ /*
+ * TODO(OpenSSL1.2) clean up this compat mess. This API is
+ * currently a mix of "what did I configure" and "what did the
+ * peer send" and "what was actually negotiated"; we should have
+ * a clear distinction amongst those three.
+ */
+ if (SSL_in_init(s)) {
+ if (s->hit)
+ return s->session->ext.hostname;
+ return s->ext.hostname;
+ }
+ return (s->session != NULL && s->ext.hostname == NULL) ?
s->session->ext.hostname : s->ext.hostname;
}
ret->method = meth;
ret->min_proto_version = 0;
ret->max_proto_version = 0;
+ ret->mode = SSL_MODE_AUTO_RETRY;
ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
/* We take the system default. */
*/
ret->max_early_data = 0;
+ /*
+ * Default recv_max_early_data is a fully loaded single record. Could be
+ * split across multiple records in practice. We set this differently to
+ * max_early_data so that, in the default case, we do not advertise any
+ * support for early_data, but if a client were to send us some (e.g.
+ * because of an old, stale ticket) then we will tolerate it and skip over
+ * it.
+ */
+ ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
+
+ /* By default we send two session tickets automatically in TLSv1.3 */
+ ret->num_tickets = 2;
+
ssl_ctx_system_config(ret);
return ret;
/*
* If sid_ctx_length is 0 there is no specific application context
* associated with this session, so when we try to resume it and
- * SSL_VERIFY_PEER is requested, we have no indication that this is
- * actually a session for the proper application context, and the
- * *handshake* will fail, not just the resumption attempt.
- * Do not cache these sessions that are not resumable.
+ * SSL_VERIFY_PEER is requested to verify the client identity, we have no
+ * indication that this is actually a session for the proper application
+ * context, and the *handshake* will fail, not just the resumption attempt.
+ * Do not cache (on the server) these sessions that are not resumable
+ * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
*/
- if (s->session->sid_ctx_length == 0
+ if (s->server && s->session->sid_ctx_length == 0
&& (s->verify_mode & SSL_VERIFY_PEER) != 0)
return;
i = s->session_ctx->session_cache_mode;
if ((i & mode) != 0
- && (!s->hit || SSL_IS_TLS13(s))
- && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0
- || SSL_CTX_add_session(s->session_ctx, s->session))
- && s->session_ctx->new_session_cb != NULL) {
- SSL_SESSION_up_ref(s->session);
- if (!s->session_ctx->new_session_cb(s, s->session))
- SSL_SESSION_free(s->session);
+ && (!s->hit || SSL_IS_TLS13(s))) {
+ /*
+ * Add the session to the internal cache. In server side TLSv1.3 we
+ * normally don't do this because by default it's a full stateless ticket
+ * with only a dummy session id so there is no reason to cache it,
+ * unless:
+ * - we are doing early_data, in which case we cache so that we can
+ * detect replays
+ * - the application has set a remove_session_cb so needs to know about
+ * session timeout events
+ * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
+ */
+ if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
+ && (!SSL_IS_TLS13(s)
+ || !s->server
+ || (s->max_early_data > 0
+ && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
+ || s->session_ctx->remove_session_cb != NULL
+ || (s->options & SSL_OP_NO_TICKET) != 0))
+ SSL_CTX_add_session(s->session_ctx, s->session);
+
+ /*
+ * Add the session to the external cache. We do this even in server side
+ * TLSv1.3 without early data because some applications just want to
+ * know about the creation of a session and aren't doing a full cache.
+ */
+ if (s->session_ctx->new_session_cb != NULL) {
+ SSL_SESSION_up_ref(s->session);
+ if (!s->session_ctx->new_session_cb(s, s->session))
+ SSL_SESSION_free(s->session);
+ }
}
/* auto flush every 255 connections */
return 1;
s->wbio = BIO_pop(s->wbio);
- if (!ossl_assert(s->wbio != NULL))
- return 0;
BIO_free(s->bbio);
s->bbio = NULL;
return 1;
}
+int SSL_set_num_tickets(SSL *s, size_t num_tickets)
+{
+ s->num_tickets = num_tickets;
+
+ return 1;
+}
+
+size_t SSL_get_num_tickets(SSL *s)
+{
+ return s->num_tickets;
+}
+
+int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
+{
+ ctx->num_tickets = num_tickets;
+
+ return 1;
+}
+
+size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx)
+{
+ return ctx->num_tickets;
+}
+
/*
* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
* variable, freeing EVP_MD_CTX previously stored in that variable, if any.
return s->max_early_data;
}
+int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
+{
+ ctx->recv_max_early_data = recv_max_early_data;
+
+ return 1;
+}
+
+uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
+{
+ return ctx->recv_max_early_data;
+}
+
+int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)
+{
+ s->recv_max_early_data = recv_max_early_data;
+
+ return 1;
+}
+
+uint32_t SSL_get_recv_max_early_data(const SSL *s)
+{
+ return s->recv_max_early_data;
+}
+
__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl)
{
/* Return any active Max Fragment Len extension */
ctx->ticket_cb_data = arg;
return 1;
}
+
+void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+ SSL_allow_early_data_cb_fn cb,
+ void *arg)
+{
+ ctx->allow_early_data_cb = cb;
+ ctx->allow_early_data_cb_data = arg;
+}
+
+void SSL_set_allow_early_data_cb(SSL *s,
+ SSL_allow_early_data_cb_fn cb,
+ void *arg)
+{
+ s->allow_early_data_cb = cb;
+ s->allow_early_data_cb_data = arg;
+}
projects / openssl.git / blobdiff