diff options
author | Matt Caswell <matt@openssl.org> | 2018-06-05 12:23:28 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-06-07 10:58:35 +0100 |
commit | 6cf2dbd9faffbed52a6bede924fe0a93345b8bfa (patch) | |
tree | 81f0b2d8235ed72960672ff1663582c6367e4ff8 /ssl/ssl_asn1.c | |
parent | 4ff1a5266685f4a687a9f91b531c2f979b96db22 (diff) |
Don't store the ticket nonce in the session
We generate the secrets based on the nonce immediately so there is no
need to keep the nonce.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6415)
Diffstat (limited to 'ssl/ssl_asn1.c')
-rw-r--r-- | ssl/ssl_asn1.c | 22 |
1 files changed, 2 insertions, 20 deletions
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 8c2afbe6af..9af4b84d36 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -41,7 +41,6 @@ typedef struct { uint64_t flags; uint32_t max_early_data; ASN1_OCTET_STRING *alpn_selected; - ASN1_OCTET_STRING *tick_nonce; uint32_t tlsext_max_fragment_len_mode; ASN1_OCTET_STRING *ticket_appdata; } SSL_SESSION_ASN1; @@ -73,9 +72,8 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = { ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14), ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15), ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16), - ASN1_EXP_OPT(SSL_SESSION_ASN1, tick_nonce, ASN1_OCTET_STRING, 17), - ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 18), - ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 19) + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17), + ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18) } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1) IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) @@ -124,7 +122,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ASN1_OCTET_STRING psk_identity, psk_identity_hint; #endif ASN1_OCTET_STRING alpn_selected; - ASN1_OCTET_STRING tick_nonce; ASN1_OCTET_STRING ticket_appdata; long l; @@ -195,12 +192,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ssl_session_oinit(&as.alpn_selected, &alpn_selected, in->ext.alpn_selected, in->ext.alpn_selected_len); - if (in->ext.tick_nonce == NULL) - as.tick_nonce = NULL; - else - ssl_session_oinit(&as.tick_nonce, &tick_nonce, - in->ext.tick_nonce, in->ext.tick_nonce_len); - as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode; if (in->ticket_appdata == NULL) @@ -374,15 +365,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->ext.alpn_selected_len = 0; } - if (as->tick_nonce != NULL) { - ret->ext.tick_nonce = as->tick_nonce->data; - ret->ext.tick_nonce_len = as->tick_nonce->length; - as->tick_nonce->data = NULL; - } else { - ret->ext.tick_nonce = NULL; - ret->ext.tick_nonce_len = 0; - } - ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode; if (as->ticket_appdata != NULL) { |