diff options
| author |   jsing <jsing@openbsd.org> | 2019-04-22 15:12:20 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2019-04-22 15:12:20 +0000 |
| commit | 8890443aec005e3d38161bede2a11c27f0b28166 (patch) | |
| tree | ce09678d86ebf5ea47d8349598f884629bf0a9ce /lib/libssl/ssl_sess.c | |
| parent | Inline and remove the tlsext_tick_md macro. (diff) | |
| download | wireguard-openbsd-8890443aec005e3d38161bede2a11c27f0b28166.tar.xz wireguard-openbsd-8890443aec005e3d38161bede2a11c27f0b28166.zip | |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and
tls1_decrypt_ticket() to handle the session ID from the client hello
as a CBS. While here also swap the order of arguments for
tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
Diffstat (limited to 'lib/libssl/ssl_sess.c')
| -rw-r--r-- | lib/libssl/ssl_sess.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 7e8a1bc6700..16b4b75bc4a 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.84 2019/04/04 14:32:49 jsing Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.85 2019/04/22 15:12:20 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -435,8 +435,7 @@ sess_id_done: * to 1 if the server should issue a new session ticket (to 0 otherwise). */ int -ssl_get_prev_session(SSL *s, const unsigned char *session_id, - int session_id_len, CBS *ext_block) +ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block) { SSL_SESSION *ret = NULL; int fatal = 0; @@ -445,14 +444,14 @@ ssl_get_prev_session(SSL *s, const unsigned char *session_id, /* This is used only by servers. */ - if (session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) + if (CBS_len(session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) goto err; - if (session_id_len == 0) + if (CBS_len(session_id) == 0) try_session_cache = 0; /* Sets s->internal->tlsext_ticket_expected. */ - r = tls1_process_ticket(s, session_id, session_id_len, ext_block, &ret); + r = tls1_process_ticket(s, session_id, ext_block, &ret); switch (r) { case -1: /* Error during processing */ fatal = 1; @@ -474,9 +473,11 @@ ssl_get_prev_session(SSL *s, const unsigned char *session_id, !(s->session_ctx->internal->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { SSL_SESSION data; + data.ssl_version = s->version; - data.session_id_length = session_id_len; - memcpy(data.session_id, session_id, session_id_len); + data.session_id_length = CBS_len(session_id); + memcpy(data.session_id, CBS_data(session_id), + CBS_len(session_id)); CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); ret = lh_SSL_SESSION_retrieve(s->session_ctx->internal->sessions, &data); @@ -496,7 +497,7 @@ ssl_get_prev_session(SSL *s, const unsigned char *session_id, int copy = 1; if ((ret = s->session_ctx->internal->get_session_cb(s, - session_id, session_id_len, ©))) { + CBS_data(session_id), CBS_len(session_id), ©))) { s->session_ctx->internal->stats.sess_cb_hit++; /* |