diff options
author | Matt Caswell <matt@openssl.org> | 2017-07-05 08:45:46 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-07-07 15:02:09 +0100 |
commit | 9b6a82546151d6f971628e2d7828752ee47bfef7 (patch) | |
tree | d06ef726a463be94649301639b19307a59260fc0 /ssl/ssl_asn1.c | |
parent | 07ff590f8f2d0affcd89afad103274100bb5705b (diff) |
Send and receive the ticket_nonce field in a NewSessionTicket
This just adds the processing for sending and receiving the newly added
ticket_nonce field. It doesn't actually use it yet.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)
Diffstat (limited to 'ssl/ssl_asn1.c')
-rw-r--r-- | ssl/ssl_asn1.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 340fcf288b..f6019bca06 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -41,6 +41,7 @@ typedef struct { uint64_t flags; uint32_t max_early_data; ASN1_OCTET_STRING *alpn_selected; + ASN1_OCTET_STRING *tick_nonce; } SSL_SESSION_ASN1; ASN1_SEQUENCE(SSL_SESSION_ASN1) = { @@ -69,7 +70,8 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = { ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13), ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14), ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15), - ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16) + ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16), + ASN1_EXP_OPT(SSL_SESSION_ASN1, tick_nonce, ASN1_OCTET_STRING, 17) } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1) IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) @@ -118,6 +120,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ASN1_OCTET_STRING psk_identity, psk_identity_hint; #endif ASN1_OCTET_STRING alpn_selected; + ASN1_OCTET_STRING tick_nonce; long l; @@ -187,6 +190,12 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ssl_session_oinit(&as.alpn_selected, &alpn_selected, in->ext.alpn_selected, in->ext.alpn_selected_len); + if (in->ext.tick_nonce == NULL) + as.tick_nonce = NULL; + else + ssl_session_oinit(&as.tick_nonce, &tick_nonce, + in->ext.tick_nonce, in->ext.tick_nonce_len); + return i2d_SSL_SESSION_ASN1(&as, pp); } @@ -352,6 +361,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->ext.alpn_selected_len = 0; } + if (as->tick_nonce != NULL) { + ret->ext.tick_nonce = as->tick_nonce->data; + ret->ext.tick_nonce_len = as->tick_nonce->length; + as->tick_nonce->data = NULL; + } else { + ret->ext.tick_nonce = NULL; + ret->ext.tick_nonce_len = 0; + } + M_ASN1_free_of(as, SSL_SESSION_ASN1); if ((a != NULL) && (*a == NULL)) |