Add ctrls to set and get RFC4507bis keys to enable several contexts to
reuse the same tickets.
This commit is contained in:
Dr. Stephen Henson
parent
ec5d747328
commit
94d511cdbd
25
ssl/s3_lib.c
25
ssl/s3_lib.c
@ -2536,6 +2536,31 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
|
||||
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
|
||||
ctx->tlsext_servername_arg=parg;
|
||||
break;
|
||||
case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
|
||||
case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
|
||||
{
|
||||
unsigned char *keys = parg;
|
||||
if (!keys)
|
||||
return 48;
|
||||
if (larg != 48)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
|
||||
{
|
||||
memcpy(ctx->tlsext_tick_key_name, keys, 16);
|
||||
memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
|
||||
memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy(keys, ctx->tlsext_tick_key_name, 16);
|
||||
memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
|
||||
memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
#endif /* !OPENSSL_NO_TLSEXT */
|
||||
/* A Thawte special :-) */
|
||||
case SSL_CTRL_EXTRA_CHAIN_CERT:
|
||||
|
||||
@ -1302,6 +1302,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||
#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
|
||||
#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
|
||||
#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
|
||||
#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
|
||||
#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
|
||||
#endif
|
||||
|
||||
#define SSL_session_reused(ssl) \
|
||||
@ -1946,6 +1948,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_INVALID_CHALLENGE_LENGTH 158
|
||||
#define SSL_R_INVALID_COMMAND 280
|
||||
#define SSL_R_INVALID_PURPOSE 278
|
||||
#define SSL_R_INVALID_TICKET_KEYS_LENGTH 324
|
||||
#define SSL_R_INVALID_TRUST 279
|
||||
#define SSL_R_KEY_ARG_TOO_LONG 284
|
||||
#define SSL_R_KRB5 285
|
||||
|
||||
@ -338,6 +338,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
|
||||
{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
|
||||
{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
|
||||
{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
|
||||
{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"},
|
||||
{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"},
|
||||
{ERR_REASON(SSL_R_KRB5) ,"krb5"},
|
||||
|
||||
@ -230,6 +230,11 @@ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
|
||||
|
||||
#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
|
||||
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
|
||||
|
||||
#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
|
||||
SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys))
|
||||
#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
|
||||
SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys))
|
||||
#endif
|
||||
|
||||
/* PSK ciphersuites from 4279 */
|
||||
|
||||
Loading…
Reference in New Issue
Block a user