diff options
author | David Benjamin <davidben@chromium.org> | 2014-10-21 01:46:30 -0400 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2014-10-28 19:02:59 +0000 |
commit | 3cac450af57ff631004a41f09f26414d517b9605 (patch) | |
tree | c0a6ceb0f2361f65b2990bd7c646a805c5c7c539 /include | |
parent | 773bb55c6fac2ee874f15139ee6f931cef5accc6 (diff) | |
download | boringssl-3cac450af57ff631004a41f09f26414d517b9605.zip boringssl-3cac450af57ff631004a41f09f26414d517b9605.tar.gz boringssl-3cac450af57ff631004a41f09f26414d517b9605.tar.bz2 |
Add SSL_SESSION_to_bytes to replace i2d_SSL_SESSION.
Deprecate the old two-pass version of the function. If the ticket is too long,
replace it with a placeholder value but keep the connection working.
Change-Id: Ib9fdea66389b171862143d79b5540ea90a9bd5fb
Reviewed-on: https://boringssl-review.googlesource.com/2011
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 858d2fd..37521bd 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1957,14 +1957,50 @@ OPENSSL_EXPORT int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); OPENSSL_EXPORT int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); #endif OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *ses); -OPENSSL_EXPORT int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); OPENSSL_EXPORT int SSL_set_session(SSL *to, SSL_SESSION *session); OPENSSL_EXPORT int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); OPENSSL_EXPORT int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); OPENSSL_EXPORT int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); OPENSSL_EXPORT int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); OPENSSL_EXPORT int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, unsigned int id_len); -OPENSSL_EXPORT SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, long length); + +/* SSL_SESSION_to_bytes serializes |in| into a newly allocated buffer + * and sets |*out_data| to that buffer and |*out_len| to its + * length. The caller takes ownership of the buffer and must call + * |OPENSSL_free| when done. It returns one on success and zero on + * error. */ +OPENSSL_EXPORT int SSL_SESSION_to_bytes(SSL_SESSION *in, uint8_t **out_data, + size_t *out_len); + +/* SSL_SESSION_to_bytes_for_ticket serializes |in|, but excludes the + * session ID which is not necessary in a session ticket. */ +OPENSSL_EXPORT int SSL_SESSION_to_bytes_for_ticket(SSL_SESSION *in, + uint8_t **out_data, + size_t *out_len); + +/* Deprecated: i2d_SSL_SESSION serializes |in| to the bytes pointed to + * by |*pp|. On success, it returns the number of bytes written and + * advances |*pp| by that many bytes. On failure, it returns -1. If + * |pp| is NULL, no bytes are written and only the length is + * returned. + * + * Use SSL_SESSION_to_bytes instead. */ +OPENSSL_EXPORT int i2d_SSL_SESSION(SSL_SESSION *in, uint8_t **pp); + +/* d2i_SSL_SESSION deserializes a serialized buffer contained in the + * |length| bytes pointed to by |*pp|. It returns the new SSL_SESSION + * and advances |*pp| by the number of bytes consumed on success and + * NULL on failure. If |a| is NULL, the caller takes ownership of the + * new session and must call |SSL_SESSION_free| when done. + * + * If |a| and |*a| are not NULL, the SSL_SESSION at |*a| is overridden + * with the deserialized session rather than allocating a new one. In + * addition, |a| is not NULL, but |*a| is, |*a| is set to the new + * SSL_SESSION. + * + * Passing a value other than NULL to |a| is deprecated. */ +OPENSSL_EXPORT SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, + long length); OPENSSL_EXPORT X509 * SSL_get_peer_certificate(const SSL *s); @@ -2440,6 +2476,10 @@ OPENSSL_EXPORT void ERR_load_SSL_strings(void); #define SSL_F_ssl_ctx_log_master_secret 286 #define SSL_F_d2i_SSL_SESSION 287 #define SSL_F_i2d_SSL_SESSION 288 +#define SSL_F_d2i_SSL_SESSION_get_octet_string 289 +#define SSL_F_d2i_SSL_SESSION_get_string 290 +#define SSL_F_ssl3_send_new_session_ticket 291 +#define SSL_F_SSL_SESSION_to_bytes_full 292 #define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 100 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 101 #define SSL_R_INVALID_NULL_CMD_NAME 102 |