#endif
long flags;
uint32_t max_early_data;
+ ASN1_OCTET_STRING *alpn_selected;
} SSL_SESSION_ASN1;
ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
#endif
ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZLONG, 13),
ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_age_add, ZLONG, 14),
- ASN1_EXP_OPT(SSL_SESSION_ASN1, max_early_data, ZLONG, 15)
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, max_early_data, ZLONG, 15),
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16)
} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
ASN1_OCTET_STRING comp_id;
unsigned char comp_id_data;
#endif
-
ASN1_OCTET_STRING tlsext_hostname, tlsext_tick;
-
#ifndef OPENSSL_NO_SRP
ASN1_OCTET_STRING srp_username;
#endif
-
#ifndef OPENSSL_NO_PSK
ASN1_OCTET_STRING psk_identity, psk_identity_hint;
#endif
+ ASN1_OCTET_STRING alpn_selected;
long l;
as.flags = in->flags;
as.max_early_data = in->ext.max_early_data;
+ if (in->ext.alpn_selected == NULL)
+ as.alpn_selected = NULL;
+ else
+ ssl_session_oinit(&as.alpn_selected, &alpn_selected,
+ in->ext.alpn_selected, in->ext.alpn_selected_len);
+
return i2d_SSL_SESSION_ASN1(&as, pp);
}
ret->flags = as->flags;
ret->ext.max_early_data = as->max_early_data;
+ if (as->alpn_selected != NULL) {
+ if (!ssl_session_strndup((char **)&ret->ext.alpn_selected,
+ as->alpn_selected))
+ goto err;
+ ret->ext.alpn_selected_len = as->alpn_selected->length;
+ } else {
+ ret->ext.alpn_selected = NULL;
+ ret->ext.alpn_selected_len = 0;
+ }
+
M_ASN1_free_of(as, SSL_SESSION_ASN1);
if ((a != NULL) && (*a == NULL))
* https://www.openssl.org/source/license.html
*/
+#include <string.h>
#include "../ssl_locl.h"
#include "statem_locl.h"
|| s->session->ext.tick_identity != 0
|| s->early_data_state != SSL_EARLY_DATA_ACCEPTING
|| !s->ext.early_data_ok
- || s->hello_retry_request) {
+ || s->hello_retry_request
+ || s->s3->alpn_selected_len != s->session->ext.alpn_selected_len
+ || memcmp(s->s3->alpn_selected, s->session->ext.alpn_selected,
+ s->s3->alpn_selected_len) != 0){
s->ext.early_data = SSL_EARLY_DATA_REJECTED;
} else {
s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
goto err;
s->session->ext.tick_age_add = age_add_u.age_add;
s->session->time = (long)time(NULL);
+ if (s->s3->alpn_selected != NULL) {
+ OPENSSL_free(s->session->ext.alpn_selected);
+ s->session->ext.alpn_selected =
+ OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
+ if (s->session->ext.alpn_selected == NULL) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ s->session->ext.alpn_selected_len = s->s3->alpn_selected_len;
+ }
+ s->session->ext.max_early_data = s->max_early_data;
}
/* get session encoding length */
* long
*/
if (slen_full == 0 || slen_full > 0xFF00) {
- ossl_statem_set_error(s);
- return 0;
+ SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
+ goto err;
}
senc = OPENSSL_malloc(slen_full);
if (senc == NULL) {
- ossl_statem_set_error(s);
- return 0;
+ SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+ goto err;
}
ctx = EVP_CIPHER_CTX_new();
return 1;
err:
+ ossl_statem_set_error(s);
OPENSSL_free(senc);
EVP_CIPHER_CTX_free(ctx);
HMAC_CTX_free(hctx);
projects / oweals / openssl.git / commitdiff