src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo Buehler <tb@cvs.openbsd.org>	2018-03-20 15:28:13 +0000
committer	Theo Buehler <tb@cvs.openbsd.org>	2018-03-20 15:28:13 +0000
commit	a4c43ac8c0297b8abedd45e2c4654ac5dcdd1117 (patch)
tree	dd7a3489ab380b91603d8e4e045ebb93b607ec71 /lib/libssl
parent	294f55a818fbc890ba65c9abd209f1fa039e7001 (diff)

Provide SSL_SESSION_set1_id()

ok jsing

Diffstat (limited to 'lib/libssl')

-rw-r--r--

lib/libssl/Symbols.list

-rw-r--r--

lib/libssl/ssl.h

-rw-r--r--

lib/libssl/ssl_err.c

-rw-r--r--

lib/libssl/ssl_sess.c

4 files changed, 21 insertions, 3 deletions

diff --git a/lib/libssl/Symbols.list b/lib/libssl/Symbols.list
index 3b513d5c288..c66024e21d3 100644
--- a/lib/libssl/Symbols.list
+++ b/lib/libssl/Symbols.list

@@ -154,6 +154,7 @@ SSL_SESSION_has_ticket

SSL_SESSION_new

SSL_SESSION_print

SSL_SESSION_print_fp

+SSL_SESSION_set1_id

SSL_SESSION_set1_id_context

SSL_SESSION_set_ex_data

SSL_SESSION_set_time

diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 97d1c40a669..78a6787d437 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl.h,v 1.153 2018/03/17 16:20:01 beck Exp $ */

+/* $OpenBSD: ssl.h,v 1.154 2018/03/20 15:28:12 tb Exp $ */

@@ -1317,6 +1317,8 @@ long SSL_SESSION_get_timeout(const SSL_SESSION *s);

long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);

void SSL_copy_session_id(SSL *to, const SSL *from);

X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);

+int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,

+ unsigned int sid_len);

int SSL_SESSION_set1_id_context(SSL_SESSION *s,

const unsigned char *sid_ctx, unsigned int sid_ctx_len);

@@ -2039,6 +2041,7 @@ void ERR_load_SSL_strings(void);

#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273

#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303

#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231

+#define SSL_R_SSL_SESSION_ID_TOO_LONG 408

#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049

#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050

#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021

diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c
index db3c1a0d2db..250a9eef6bc 100644
--- a/lib/libssl/ssl_err.c
+++ b/lib/libssl/ssl_err.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_err.c,v 1.35 2017/08/28 17:36:58 jsing Exp $ */

+/* $OpenBSD: ssl_err.c,v 1.36 2018/03/20 15:28:12 tb Exp $ */

/* ====================================================================

@@ -390,6 +390,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {

{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"},

{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"},

{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"},

+ {ERR_REASON(SSL_R_SSL_SESSION_ID_TOO_LONG), "ssl session id is too long"},

{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"},

{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},

{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"},

diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index 51aa2eac044..b3ee7ef4302 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_sess.c,v 1.78 2018/03/17 16:20:01 beck Exp $ */

+/* $OpenBSD: ssl_sess.c,v 1.79 2018/03/20 15:28:12 tb Exp $ */

@@ -851,6 +851,19 @@ SSL_SESSION_get0_peer(SSL_SESSION *s)

}

int

+SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,

+ unsigned int sid_len)

+ if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {

+ SSLerrorx(SSL_R_SSL_SESSION_ID_TOO_LONG);

+ return 0;

+ }

+ s->session_id_length = sid_len;

+ memmove(s->session_id, sid, sid_len);

+ return 1;

+int

SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,

unsigned int sid_ctx_len)

{