/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
#include <openssl/lhash.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
+#include "internal/refcount.h"
#include "ssl_locl.h"
#include "statem/statem_locl.h"
return ss;
}
+SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src)
+{
+ return ssl_session_dup(src, 1);
+}
+
/*
* Create a new SSL_SESSION and duplicate the contents of |src| into it. If
* ticket == 0 then no ticket information is duplicated, otherwise it is.
#endif
dest->peer_chain = NULL;
dest->peer = NULL;
+ dest->ext.tick_nonce = NULL;
memset(&dest->ex_data, 0, sizeof(dest->ex_data));
/* We deliberately don't copy the prev and next pointers */
}
}
+ if (src->ext.tick_nonce != NULL) {
+ dest->ext.tick_nonce = OPENSSL_memdup(src->ext.tick_nonce,
+ src->ext.tick_nonce_len);
+ if (dest->ext.tick_nonce == NULL)
+ goto err;
+ }
+
#ifndef OPENSSL_NO_SRP
if (src->srp_username) {
dest->srp_username = OPENSSL_strdup(src->srp_username);
*/
#define MAX_SESS_ID_ATTEMPTS 10
-static int def_generate_session_id(const SSL *ssl, unsigned char *id,
+static int def_generate_session_id(SSL *ssl, unsigned char *id,
unsigned int *id_len)
{
unsigned int retry = 0;
do
- if (RAND_bytes(id, *id_len) <= 0)
+ if (ssl_randbytes(ssl, id, *id_len) <= 0)
return 0;
while (SSL_has_matching_session_id(ssl, id, *id_len) &&
(++retry < MAX_SESS_ID_ATTEMPTS)) ;
goto err;
case TICKET_NONE:
case TICKET_EMPTY:
- try_session_cache = 1;
+ if (hello->session_id_len > 0)
+ try_session_cache = 1;
break;
case TICKET_NO_DECRYPT:
case TICKET_SUCCESS:
(s->session_ctx->session_cache_mode &
SSL_SESS_CACHE_NO_INTERNAL_STORE)) {
/*
- * The following should not return 1, otherwise, things are
- * very strange
+ * Either return value of SSL_CTX_add_session should not
+ * interrupt the session resumption process. The return
+ * value is intentionally ignored.
*/
- if (SSL_CTX_add_session(s->session_ctx, ret))
- goto err;
+ SSL_CTX_add_session(s->session_ctx, ret);
}
}
}
OPENSSL_free(ss->srp_username);
#endif
OPENSSL_free(ss->ext.alpn_selected);
+ OPENSSL_free(ss->ext.tick_nonce);
CRYPTO_THREAD_lock_free(ss->lock);
OPENSSL_clear_free(ss, sizeof(*ss));
}
return s->ext.hostname;
}
+int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
+{
+ OPENSSL_free(s->ext.hostname);
+ if (hostname == NULL) {
+ s->ext.hostname = NULL;
+ return 1;
+ }
+ s->ext.hostname = OPENSSL_strdup(hostname);
+
+ return s->ext.hostname != NULL;
+}
+
int SSL_SESSION_has_ticket(const SSL_SESSION *s)
{
return (s->ext.ticklen > 0) ? 1 : 0;
return s->ext.max_early_data;
}
+int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
+{
+ s->ext.max_early_data = max_early_data;
+
+ return 1;
+}
+
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+ const unsigned char **alpn,
+ size_t *len)
+{
+ *alpn = s->ext.alpn_selected;
+ *len = s->ext.alpn_selected_len;
+}
+
+int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
+ size_t len)
+{
+ OPENSSL_free(s->ext.alpn_selected);
+ if (alpn == NULL || len == 0) {
+ s->ext.alpn_selected = NULL;
+ s->ext.alpn_selected_len = 0;
+ return 1;
+ }
+ s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
+ if (s->ext.alpn_selected == NULL) {
+ s->ext.alpn_selected_len = 0;
+ return 0;
+ }
+ s->ext.alpn_selected_len = len;
+
+ return 1;
+}
+
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
{
return s->peer;