diff options
| author | jsing <> | 2018-08-24 18:10:25 +0000 |
|---|---|---|
| committer | jsing <> | 2018-08-24 18:10:25 +0000 |
| commit | 84fe391fb9021a6be2b592ffb9543ccc421a80be (patch) | |
| tree | fabc473b718cb60026ab4e730baa46df5eaee4dc /src/lib/libssl/ssl_locl.h | |
| parent | 32564ad6b169c4d391b5303bf7ed7e516be54aca (diff) | |
| download | openbsd-84fe391fb9021a6be2b592ffb9543ccc421a80be.tar.gz openbsd-84fe391fb9021a6be2b592ffb9543ccc421a80be.tar.bz2 openbsd-84fe391fb9021a6be2b592ffb9543ccc421a80be.zip | |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively
have two lots of code that parse a ClientHello and two lots of code that
parse TLS extensions. Partially simplify this by passing a CBS containing
the extension block through to the session handling functions, removing the
need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_locl.h')
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index e5423859af..44afd1717e 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.208 2018/08/24 17:30:32 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.209 2018/08/24 18:10:25 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1056,10 +1056,11 @@ void ssl_cert_free(CERT *c); | |||
| 1056 | SESS_CERT *ssl_sess_cert_new(void); | 1056 | SESS_CERT *ssl_sess_cert_new(void); |
| 1057 | void ssl_sess_cert_free(SESS_CERT *sc); | 1057 | void ssl_sess_cert_free(SESS_CERT *sc); |
| 1058 | int ssl_get_new_session(SSL *s, int session); | 1058 | int ssl_get_new_session(SSL *s, int session); |
| 1059 | int ssl_get_prev_session(SSL *s, unsigned char *session, int len, | 1059 | int ssl_get_prev_session(SSL *s, const unsigned char *session_id, |
| 1060 | const unsigned char *limit); | 1060 | int session_id_len, CBS *ext_block); |
| 1061 | int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); | 1061 | int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); |
| 1062 | SSL_CIPHER *OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num); | 1062 | SSL_CIPHER *OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, |
| 1063 | int num); | ||
| 1063 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | 1064 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
| 1064 | const SSL_CIPHER * const *bp); | 1065 | const SSL_CIPHER * const *bp); |
| 1065 | int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb); | 1066 | int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb); |
| @@ -1278,8 +1279,8 @@ int ssl_check_clienthello_tlsext_late(SSL *s); | |||
| 1278 | int ssl_check_serverhello_tlsext(SSL *s); | 1279 | int ssl_check_serverhello_tlsext(SSL *s); |
| 1279 | 1280 | ||
| 1280 | #define tlsext_tick_md EVP_sha256 | 1281 | #define tlsext_tick_md EVP_sha256 |
| 1281 | int tls1_process_ticket(SSL *s, const unsigned char *session_id, int len, | 1282 | int tls1_process_ticket(SSL *s, const unsigned char *session_id, |
| 1282 | const unsigned char *limit, SSL_SESSION **ret); | 1283 | int session_id_len, CBS *ext_block, SSL_SESSION **ret); |
| 1283 | int tls12_get_hashid(const EVP_MD *md); | 1284 | int tls12_get_hashid(const EVP_MD *md); |
| 1284 | int tls12_get_sigid(const EVP_PKEY *pk); | 1285 | int tls12_get_sigid(const EVP_PKEY *pk); |
| 1285 | int tls12_get_hashandsig(CBB *cbb, const EVP_PKEY *pk, const EVP_MD *md); | 1286 | int tls12_get_hashandsig(CBB *cbb, const EVP_PKEY *pk, const EVP_MD *md); |