grpc 1.9.1 → 1.10.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +2654 -953
- data/etc/roots.pem +282 -683
- data/include/grpc/compression.h +9 -26
- data/include/grpc/grpc.h +10 -24
- data/include/grpc/grpc_security.h +7 -1
- data/include/grpc/impl/codegen/compression_types.h +5 -62
- data/include/grpc/impl/codegen/grpc_types.h +10 -6
- data/include/grpc/module.modulemap +1 -10
- data/include/grpc/support/alloc.h +3 -2
- data/include/grpc/support/log.h +1 -2
- data/{src/core/lib/gpr/thd_internal.h → include/grpc/support/thd_id.h} +23 -9
- data/src/boringssl/err_data.c +550 -496
- data/src/core/ext/census/grpc_context.cc +2 -1
- data/src/core/ext/filters/client_channel/backup_poller.cc +5 -4
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +7 -7
- data/src/core/ext/filters/client_channel/client_channel.cc +162 -172
- data/src/core/ext/filters/client_channel/client_channel_factory.cc +4 -2
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +10 -10
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +18 -14
- data/src/core/ext/filters/client_channel/http_proxy.cc +3 -1
- data/src/core/ext/filters/client_channel/lb_policy.cc +21 -105
- data/src/core/ext/filters/client_channel/lb_policy.h +166 -170
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +41 -36
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +1452 -1459
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +7 -8
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +27 -27
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +279 -304
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +358 -330
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc +30 -41
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +7 -14
- data/src/core/ext/filters/client_channel/lb_policy_factory.cc +8 -21
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +23 -27
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +58 -33
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +25 -12
- data/src/core/ext/filters/client_channel/parse_address.cc +10 -8
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver.cc +6 -52
- data/src/core/ext/filters/client_channel/resolver.h +98 -55
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +266 -237
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +31 -27
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +244 -207
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +161 -148
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +47 -31
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +126 -126
- data/src/core/ext/filters/client_channel/resolver_factory.h +33 -32
- data/src/core/ext/filters/client_channel/resolver_registry.cc +110 -90
- data/src/core/ext/filters/client_channel/resolver_registry.h +49 -36
- data/src/core/ext/filters/client_channel/retry_throttle.cc +29 -22
- data/src/core/ext/filters/client_channel/subchannel.cc +173 -173
- data/src/core/ext/filters/client_channel/subchannel.h +38 -45
- data/src/core/ext/filters/client_channel/subchannel_index.cc +44 -40
- data/src/core/ext/filters/client_channel/uri_parser.cc +3 -3
- data/src/core/ext/filters/deadline/deadline_filter.cc +27 -18
- data/src/core/ext/filters/http/client/http_client_filter.cc +26 -23
- data/src/core/ext/filters/http/http_filters_plugin.cc +3 -2
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +78 -110
- data/src/core/ext/filters/http/server/http_server_filter.cc +29 -26
- data/src/core/ext/filters/load_reporting/server_load_reporting_filter.cc +9 -11
- data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.cc +2 -1
- data/src/core/ext/filters/max_age/max_age_filter.cc +14 -14
- data/src/core/ext/filters/message_size/message_size_filter.cc +20 -18
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +4 -4
- data/src/core/ext/filters/workarounds/workaround_utils.cc +4 -4
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +2 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +10 -10
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +4 -4
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +11 -12
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +16 -13
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +36 -9
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +3 -0
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +17 -14
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +139 -145
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +16 -14
- data/src/core/ext/transport/chttp2/transport/flow_control.h +8 -7
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +35 -33
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +27 -25
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +12 -12
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +16 -15
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +19 -19
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +11 -11
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +23 -22
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +35 -35
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +10 -7
- data/src/core/ext/transport/chttp2/transport/http2_settings.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +35 -39
- data/src/core/ext/transport/chttp2/transport/stream_map.cc +8 -7
- data/src/core/ext/transport/chttp2/transport/varint.cc +5 -5
- data/src/core/ext/transport/chttp2/transport/writing.cc +18 -18
- data/src/core/ext/transport/inproc/inproc_transport.cc +43 -23
- data/src/core/lib/{gpr → avl}/avl.cc +61 -57
- data/{include/grpc/support → src/core/lib/avl}/avl.h +25 -35
- data/src/core/lib/backoff/backoff.cc +6 -5
- data/src/core/lib/channel/channel_args.cc +23 -109
- data/src/core/lib/channel/channel_args.h +5 -31
- data/src/core/lib/channel/channel_stack.cc +11 -8
- data/src/core/lib/channel/channel_stack_builder.cc +10 -7
- data/src/core/lib/channel/connected_channel.cc +18 -17
- data/src/core/lib/channel/handshaker.cc +8 -8
- data/src/core/lib/channel/handshaker_registry.cc +3 -2
- data/src/core/lib/compression/algorithm_metadata.h +13 -6
- data/src/core/lib/compression/compression.cc +72 -183
- data/src/core/lib/compression/compression_internal.cc +274 -0
- data/src/core/lib/compression/compression_internal.h +86 -0
- data/src/core/lib/compression/message_compress.cc +15 -15
- data/src/core/lib/compression/message_compress.h +4 -3
- data/src/core/lib/compression/stream_compression_gzip.cc +8 -8
- data/src/core/lib/compression/stream_compression_identity.cc +1 -1
- data/src/core/lib/debug/stats.cc +10 -8
- data/src/core/lib/debug/stats_data.cc +2 -1
- data/src/core/lib/debug/trace.cc +3 -3
- data/src/core/lib/gpr/alloc.cc +7 -11
- data/src/core/lib/gpr/arena.cc +34 -12
- data/src/core/lib/gpr/atm.cc +2 -1
- data/src/core/lib/gpr/cpu_linux.cc +3 -3
- data/src/core/lib/gpr/cpu_posix.cc +2 -1
- data/src/core/lib/gpr/env.h +1 -1
- data/src/core/lib/gpr/env_linux.cc +1 -1
- data/src/core/lib/gpr/env_windows.cc +4 -4
- data/src/core/lib/gpr/fork.cc +16 -2
- data/src/core/lib/gpr/host_port.cc +5 -4
- data/{include/grpc/support → src/core/lib/gpr}/host_port.h +5 -13
- data/src/core/lib/gpr/log.cc +5 -4
- data/src/core/lib/gpr/log_linux.cc +1 -1
- data/src/core/lib/gpr/mpscq.cc +1 -0
- data/src/core/lib/gpr/murmur_hash.cc +4 -4
- data/src/core/lib/gpr/string.cc +19 -16
- data/src/core/lib/gpr/string_posix.cc +3 -3
- data/src/core/lib/gpr/sync_posix.cc +5 -9
- data/src/core/lib/gpr/thd.cc +3 -3
- data/{include/grpc/support → src/core/lib/gpr}/thd.h +20 -28
- data/src/core/lib/gpr/thd_posix.cc +6 -4
- data/src/core/lib/gpr/thd_windows.cc +3 -1
- data/src/core/lib/gpr/time.cc +6 -4
- data/src/core/lib/gpr/time_posix.cc +2 -2
- data/{include/grpc/support → src/core/lib/gpr}/tls.h +6 -6
- data/{include/grpc/support → src/core/lib/gpr}/tls_gcc.h +3 -3
- data/{include/grpc/support → src/core/lib/gpr}/tls_msvc.h +3 -3
- data/src/core/lib/gpr/tls_pthread.cc +1 -1
- data/{include/grpc/support → src/core/lib/gpr}/tls_pthread.h +3 -3
- data/{include/grpc/support → src/core/lib/gpr}/useful.h +3 -3
- data/src/core/lib/{gpr++ → gprpp}/abstract.h +3 -3
- data/src/core/lib/{gpr++ → gprpp}/atomic.h +5 -5
- data/src/core/lib/{gpr++ → gprpp}/atomic_with_atm.h +3 -3
- data/src/core/lib/{gpr++ → gprpp}/atomic_with_std.h +3 -3
- data/src/core/lib/{gpr++ → gprpp}/debug_location.h +3 -3
- data/src/core/lib/{gpr++ → gprpp}/inlined_vector.h +44 -22
- data/src/core/lib/{gpr++ → gprpp}/manual_constructor.h +2 -2
- data/src/core/lib/{gpr++ → gprpp}/memory.h +14 -5
- data/src/core/lib/{gpr++ → gprpp}/orphanable.h +39 -14
- data/src/core/lib/{gpr++ → gprpp}/ref_counted.h +42 -10
- data/src/core/lib/{gpr++ → gprpp}/ref_counted_ptr.h +18 -8
- data/src/core/lib/http/format_request.cc +3 -3
- data/src/core/lib/http/httpcli.cc +6 -7
- data/src/core/lib/http/httpcli_security_connector.cc +10 -10
- data/src/core/lib/http/parser.cc +16 -12
- data/src/core/lib/iomgr/call_combiner.cc +12 -13
- data/src/core/lib/iomgr/closure.h +4 -6
- data/src/core/lib/iomgr/combiner.cc +10 -21
- data/src/core/lib/iomgr/error.cc +50 -55
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +41 -52
- data/src/core/lib/iomgr/ev_epollex_linux.cc +80 -28
- data/src/core/lib/iomgr/ev_epollsig_linux.cc +23 -30
- data/src/core/lib/iomgr/ev_poll_posix.cc +52 -46
- data/src/core/lib/iomgr/ev_posix.cc +47 -6
- data/src/core/lib/iomgr/exec_ctx.cc +10 -10
- data/src/core/lib/iomgr/exec_ctx.h +1 -1
- data/src/core/lib/iomgr/executor.cc +16 -13
- data/src/core/lib/iomgr/fork_posix.cc +1 -3
- data/src/core/lib/iomgr/gethostname_host_name_max.cc +1 -1
- data/src/core/lib/iomgr/iocp_windows.cc +1 -2
- data/src/core/lib/iomgr/iomgr.cc +2 -2
- data/src/core/lib/iomgr/iomgr_uv.cc +2 -0
- data/src/core/lib/iomgr/iomgr_uv.h +1 -1
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +5 -4
- data/src/core/lib/iomgr/load_file.cc +3 -3
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -9
- data/src/core/lib/iomgr/resolve_address_uv.cc +2 -2
- data/src/core/lib/iomgr/resolve_address_windows.cc +3 -2
- data/src/core/lib/iomgr/resource_quota.cc +36 -34
- data/src/core/lib/iomgr/sockaddr_utils.cc +39 -23
- data/src/core/lib/iomgr/socket_factory_posix.cc +5 -5
- data/src/core/lib/iomgr/socket_mutator.cc +7 -7
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -4
- data/src/core/lib/iomgr/socket_utils_linux.cc +3 -2
- data/src/core/lib/iomgr/tcp_client_posix.cc +7 -6
- data/src/core/lib/iomgr/tcp_client_windows.cc +0 -1
- data/src/core/lib/iomgr/tcp_posix.cc +47 -55
- data/src/core/lib/iomgr/tcp_server_posix.cc +12 -10
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -5
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +4 -3
- data/src/core/lib/iomgr/tcp_windows.cc +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +16 -14
- data/src/core/lib/iomgr/timer_heap.cc +8 -7
- data/src/core/lib/iomgr/timer_manager.cc +4 -3
- data/src/core/lib/iomgr/udp_server.cc +24 -16
- data/src/core/lib/iomgr/unix_sockets_posix.cc +15 -10
- data/src/core/lib/iomgr/wakeup_fd_cv.cc +6 -5
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +1 -2
- data/src/core/lib/json/json.cc +1 -1
- data/src/core/lib/json/json_reader.cc +8 -6
- data/src/core/lib/json/json_string.cc +19 -18
- data/src/core/lib/json/json_writer.cc +10 -8
- data/src/core/lib/profiling/basic_timers.cc +1 -1
- data/src/core/lib/profiling/timers.h +3 -20
- data/src/core/lib/security/context/security_context.cc +16 -14
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +17 -14
- data/src/core/lib/security/credentials/credentials.cc +9 -8
- data/src/core/lib/security/credentials/credentials.h +1 -1
- data/src/core/lib/security/credentials/credentials_metadata.cc +2 -2
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +12 -13
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -4
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +5 -3
- data/src/core/lib/security/credentials/jwt/json_token.cc +4 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -7
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +21 -18
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +23 -18
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +11 -7
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +22 -21
- data/src/core/lib/security/{transport → security_connector}/security_connector.cc +46 -43
- data/src/core/lib/security/{transport → security_connector}/security_connector.h +3 -3
- data/src/core/lib/security/transport/client_auth_filter.cc +32 -34
- data/src/core/lib/security/transport/lb_targets_info.cc +7 -5
- data/src/core/lib/security/transport/secure_endpoint.cc +21 -21
- data/src/core/lib/security/transport/security_handshaker.cc +19 -18
- data/src/core/lib/security/transport/security_handshaker.h +1 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +21 -21
- data/src/core/lib/slice/b64.cc +19 -16
- data/src/core/lib/slice/percent_encoding.cc +5 -5
- data/src/core/lib/slice/slice.cc +35 -33
- data/src/core/lib/slice/slice_buffer.cc +16 -14
- data/src/core/lib/slice/slice_hash_table.cc +3 -2
- data/src/core/lib/slice/slice_intern.cc +21 -25
- data/src/core/lib/slice/slice_string_helpers.cc +45 -9
- data/src/core/lib/slice/slice_string_helpers.h +6 -0
- data/src/core/lib/surface/byte_buffer.cc +2 -2
- data/src/core/lib/surface/byte_buffer_reader.cc +6 -3
- data/src/core/lib/surface/call.cc +171 -260
- data/src/core/lib/surface/call_test_only.h +1 -13
- data/src/core/lib/surface/channel.cc +20 -43
- data/src/core/lib/surface/channel_init.cc +7 -7
- data/src/core/lib/surface/channel_ping.cc +2 -2
- data/src/core/lib/surface/completion_queue.cc +69 -75
- data/src/core/lib/surface/init.cc +4 -5
- data/src/core/lib/surface/init_secure.cc +1 -1
- data/src/core/lib/surface/lame_client.cc +1 -1
- data/src/core/lib/surface/server.cc +64 -59
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.cc +6 -5
- data/src/core/lib/transport/byte_stream.cc +23 -14
- data/src/core/lib/transport/byte_stream.h +1 -1
- data/src/core/lib/transport/connectivity_state.cc +9 -13
- data/src/core/lib/transport/error_utils.cc +10 -7
- data/src/core/lib/transport/metadata.cc +27 -26
- data/src/core/lib/transport/metadata.h +1 -1
- data/src/core/lib/transport/pid_controller.cc +2 -1
- data/src/core/lib/transport/service_config.cc +5 -5
- data/src/core/lib/transport/static_metadata.cc +225 -222
- data/src/core/lib/transport/static_metadata.h +77 -76
- data/src/core/lib/transport/timeout_encoding.cc +3 -2
- data/src/core/lib/transport/transport.cc +6 -5
- data/src/core/lib/transport/transport_op_string.cc +0 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -4
- data/src/core/tsi/alts_transport_security.cc +61 -0
- data/src/core/tsi/{gts_transport_security.h → alts_transport_security.h} +16 -8
- data/src/core/tsi/fake_transport_security.cc +59 -43
- data/src/core/tsi/ssl_transport_security.cc +122 -107
- data/src/core/tsi/transport_security.cc +3 -3
- data/src/core/tsi/transport_security_adapter.cc +16 -10
- data/src/ruby/bin/apis/pubsub_demo.rb +1 -1
- data/src/ruby/ext/grpc/rb_channel.c +3 -4
- data/src/ruby/ext/grpc/rb_compression_options.c +13 -3
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -76
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +8 -120
- data/src/ruby/ext/grpc/rb_server.c +52 -28
- data/src/ruby/lib/grpc/generic/rpc_server.rb +7 -4
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/test/client.rb +1 -1
- data/src/ruby/pb/test/server.rb +1 -1
- data/src/ruby/spec/client_server_spec.rb +4 -2
- data/src/ruby/spec/generic/active_call_spec.rb +2 -1
- data/src/ruby/spec/generic/client_stub_spec.rb +32 -8
- data/src/ruby/spec/server_spec.rb +26 -7
- data/third_party/boringssl/crypto/asn1/a_bitstr.c +7 -2
- data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +15 -0
- data/third_party/boringssl/crypto/asn1/a_gentm.c +1 -1
- data/third_party/boringssl/crypto/asn1/a_print.c +0 -28
- data/third_party/boringssl/crypto/asn1/a_strnid.c +3 -0
- data/third_party/boringssl/crypto/asn1/a_time.c +17 -9
- data/third_party/boringssl/crypto/asn1/a_utctm.c +1 -1
- data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -49
- data/third_party/boringssl/crypto/asn1/asn1_locl.h +1 -1
- data/third_party/boringssl/crypto/asn1/tasn_dec.c +9 -9
- data/third_party/boringssl/crypto/asn1/tasn_enc.c +0 -6
- data/third_party/boringssl/crypto/asn1/time_support.c +5 -5
- data/third_party/boringssl/crypto/base64/base64.c +65 -43
- data/third_party/boringssl/crypto/bio/bio.c +134 -110
- data/third_party/boringssl/crypto/bio/bio_mem.c +9 -9
- data/third_party/boringssl/crypto/bio/connect.c +17 -17
- data/third_party/boringssl/crypto/bio/fd.c +2 -1
- data/third_party/boringssl/crypto/bio/file.c +14 -14
- data/third_party/boringssl/crypto/bio/hexdump.c +15 -16
- data/third_party/boringssl/crypto/bio/internal.h +14 -14
- data/third_party/boringssl/crypto/bio/pair.c +45 -45
- data/third_party/boringssl/crypto/bio/printf.c +6 -10
- data/third_party/boringssl/crypto/{bn → bn_extra}/bn_asn1.c +9 -9
- data/third_party/boringssl/crypto/{bn → bn_extra}/convert.c +18 -223
- data/third_party/boringssl/crypto/buf/buf.c +20 -44
- data/third_party/boringssl/crypto/bytestring/ber.c +35 -35
- data/third_party/boringssl/crypto/bytestring/cbb.c +24 -24
- data/third_party/boringssl/crypto/bytestring/cbs.c +33 -37
- data/third_party/boringssl/crypto/bytestring/internal.h +38 -38
- data/third_party/boringssl/crypto/chacha/chacha.c +7 -7
- data/third_party/boringssl/crypto/{asn1/t_bitst.c → cipher_extra/cipher_extra.c} +49 -38
- data/third_party/boringssl/crypto/{cipher → cipher_extra}/derive_key.c +0 -2
- data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +281 -0
- data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +867 -0
- data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +326 -0
- data/third_party/boringssl/crypto/{cipher → cipher_extra}/e_null.c +0 -1
- data/third_party/boringssl/crypto/{cipher → cipher_extra}/e_rc2.c +22 -10
- data/third_party/boringssl/crypto/{cipher → cipher_extra}/e_rc4.c +0 -0
- data/third_party/boringssl/crypto/{cipher → cipher_extra}/e_ssl3.c +120 -64
- data/third_party/boringssl/crypto/{cipher → cipher_extra}/e_tls.c +220 -141
- data/third_party/boringssl/crypto/{asn1/x_bignum.c → cipher_extra/internal.h} +61 -86
- data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +482 -0
- data/third_party/boringssl/crypto/cmac/cmac.c +20 -20
- data/third_party/boringssl/crypto/conf/conf.c +32 -20
- data/third_party/boringssl/crypto/conf/internal.h +3 -3
- data/third_party/boringssl/crypto/cpu-aarch64-linux.c +5 -5
- data/third_party/boringssl/crypto/cpu-arm-linux.c +44 -41
- data/third_party/boringssl/crypto/cpu-intel.c +68 -43
- data/third_party/boringssl/crypto/cpu-ppc64le.c +5 -7
- data/third_party/boringssl/crypto/crypto.c +54 -32
- data/third_party/boringssl/crypto/curve25519/curve25519.c +269 -269
- data/third_party/boringssl/crypto/curve25519/internal.h +28 -8
- data/third_party/boringssl/crypto/curve25519/spake25519.c +180 -106
- data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +9 -9
- data/third_party/boringssl/crypto/dh/check.c +33 -34
- data/third_party/boringssl/crypto/dh/dh.c +72 -36
- data/third_party/boringssl/crypto/dh/dh_asn1.c +1 -1
- data/third_party/boringssl/crypto/dh/params.c +1 -161
- data/third_party/boringssl/crypto/digest_extra/digest_extra.c +240 -0
- data/third_party/boringssl/crypto/dsa/dsa.c +127 -87
- data/third_party/boringssl/crypto/dsa/dsa_asn1.c +1 -1
- data/third_party/boringssl/crypto/{ec → ec_extra}/ec_asn1.c +83 -70
- data/third_party/boringssl/crypto/ecdh/ecdh.c +1 -1
- data/third_party/boringssl/crypto/{ecdsa → ecdsa_extra}/ecdsa_asn1.c +86 -31
- data/third_party/boringssl/crypto/engine/engine.c +6 -6
- data/third_party/boringssl/crypto/err/err.c +197 -106
- data/third_party/boringssl/crypto/err/internal.h +58 -0
- data/third_party/boringssl/crypto/evp/digestsign.c +86 -14
- data/third_party/boringssl/crypto/evp/evp.c +6 -11
- data/third_party/boringssl/crypto/evp/evp_asn1.c +17 -17
- data/third_party/boringssl/crypto/evp/evp_ctx.c +15 -11
- data/third_party/boringssl/crypto/evp/internal.h +66 -51
- data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +11 -11
- data/third_party/boringssl/crypto/evp/p_ec.c +10 -8
- data/third_party/boringssl/crypto/evp/p_ec_asn1.c +11 -12
- data/third_party/boringssl/crypto/evp/p_ed25519.c +71 -0
- data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +190 -0
- data/third_party/boringssl/crypto/evp/p_rsa.c +50 -95
- data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +28 -18
- data/third_party/boringssl/crypto/evp/pbkdf.c +49 -56
- data/third_party/boringssl/crypto/evp/print.c +5 -36
- data/third_party/boringssl/crypto/evp/scrypt.c +209 -0
- data/third_party/boringssl/crypto/ex_data.c +15 -45
- data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +100 -0
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +679 -0
- data/third_party/boringssl/crypto/{bn → fipsmodule/bn}/internal.h +40 -27
- data/third_party/boringssl/crypto/{bn → fipsmodule/bn}/rsaz_exp.h +0 -0
- data/third_party/boringssl/crypto/{cipher → fipsmodule/cipher}/internal.h +34 -67
- data/third_party/boringssl/crypto/fipsmodule/delocate.h +88 -0
- data/third_party/boringssl/crypto/{des → fipsmodule/des}/internal.h +18 -4
- data/third_party/boringssl/crypto/{digest → fipsmodule/digest}/internal.h +18 -18
- data/third_party/boringssl/crypto/{digest → fipsmodule/digest}/md32_common.h +58 -64
- data/third_party/boringssl/crypto/{ec → fipsmodule/ec}/internal.h +58 -52
- data/third_party/boringssl/crypto/{ec → fipsmodule/ec}/p256-x86_64-table.h +11 -11
- data/third_party/boringssl/crypto/{ec → fipsmodule/ec}/p256-x86_64.h +32 -32
- data/third_party/boringssl/crypto/{rand/internal.h → fipsmodule/is_fips.c} +10 -15
- data/third_party/boringssl/crypto/{modes → fipsmodule/modes}/internal.h +112 -119
- data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +92 -0
- data/third_party/boringssl/crypto/{rsa → fipsmodule/rsa}/internal.h +36 -49
- data/third_party/boringssl/crypto/hkdf/hkdf.c +6 -6
- data/third_party/boringssl/crypto/internal.h +301 -233
- data/third_party/boringssl/crypto/lhash/lhash.c +26 -45
- data/third_party/boringssl/crypto/mem.c +76 -33
- data/third_party/boringssl/crypto/obj/obj.c +44 -28
- data/third_party/boringssl/crypto/obj/obj_dat.h +102 -34
- data/third_party/boringssl/crypto/obj/obj_xref.c +6 -6
- data/third_party/boringssl/crypto/pem/pem_info.c +3 -5
- data/third_party/boringssl/crypto/pem/pem_lib.c +1 -6
- data/third_party/boringssl/crypto/pem/pem_pk8.c +1 -0
- data/third_party/boringssl/crypto/pem/pem_pkey.c +1 -1
- data/third_party/boringssl/crypto/pem/pem_xaux.c +0 -2
- data/third_party/boringssl/crypto/pkcs7/internal.h +49 -0
- data/third_party/boringssl/crypto/pkcs7/pkcs7.c +166 -0
- data/third_party/boringssl/crypto/{x509/pkcs7.c → pkcs7/pkcs7_x509.c} +27 -147
- data/third_party/boringssl/crypto/pkcs8/internal.h +34 -16
- data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +120 -39
- data/third_party/boringssl/crypto/pkcs8/pkcs8.c +144 -857
- data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +789 -0
- data/third_party/boringssl/crypto/poly1305/internal.h +4 -3
- data/third_party/boringssl/crypto/poly1305/poly1305.c +14 -14
- data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +11 -11
- data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +41 -41
- data/third_party/boringssl/crypto/pool/internal.h +2 -2
- data/third_party/boringssl/crypto/pool/pool.c +15 -15
- data/third_party/boringssl/crypto/{rand → rand_extra}/deterministic.c +7 -7
- data/third_party/boringssl/crypto/rand_extra/forkunsafe.c +46 -0
- data/third_party/boringssl/crypto/{rand → rand_extra}/fuchsia.c +7 -7
- data/third_party/boringssl/crypto/rand_extra/rand_extra.c +70 -0
- data/third_party/boringssl/crypto/{rand → rand_extra}/windows.c +5 -5
- data/third_party/boringssl/crypto/refcount_c11.c +2 -2
- data/third_party/boringssl/crypto/refcount_lock.c +1 -1
- data/third_party/boringssl/crypto/{rsa → rsa_extra}/rsa_asn1.c +12 -120
- data/third_party/boringssl/crypto/stack/stack.c +13 -13
- data/third_party/boringssl/crypto/thread_none.c +1 -1
- data/third_party/boringssl/crypto/thread_pthread.c +1 -1
- data/third_party/boringssl/crypto/thread_win.c +40 -40
- data/third_party/boringssl/crypto/x509/a_sign.c +5 -12
- data/third_party/boringssl/crypto/x509/a_verify.c +6 -18
- data/third_party/boringssl/crypto/x509/algorithm.c +22 -6
- data/third_party/boringssl/crypto/x509/asn1_gen.c +30 -7
- data/third_party/boringssl/crypto/x509/by_dir.c +2 -2
- data/third_party/boringssl/crypto/x509/by_file.c +2 -2
- data/third_party/boringssl/crypto/x509/rsa_pss.c +5 -5
- data/third_party/boringssl/crypto/x509/t_x509.c +2 -1
- data/third_party/boringssl/crypto/x509/x509_def.c +5 -0
- data/third_party/boringssl/crypto/x509/x509_lu.c +35 -4
- data/third_party/boringssl/crypto/x509/x509_set.c +10 -0
- data/third_party/boringssl/crypto/x509/x509_vfy.c +20 -17
- data/third_party/boringssl/crypto/x509/x_name.c +13 -16
- data/third_party/boringssl/crypto/x509/x_x509.c +3 -3
- data/third_party/boringssl/crypto/x509/x_x509a.c +0 -7
- data/third_party/boringssl/crypto/x509v3/ext_dat.h +8 -0
- data/third_party/boringssl/crypto/x509v3/pcy_int.h +2 -2
- data/third_party/boringssl/crypto/x509v3/pcy_lib.c +0 -9
- data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -1
- data/third_party/boringssl/crypto/x509v3/pcy_tree.c +25 -15
- data/third_party/boringssl/crypto/x509v3/v3_alt.c +21 -11
- data/third_party/boringssl/crypto/x509v3/v3_cpols.c +9 -3
- data/third_party/boringssl/crypto/x509v3/v3_info.c +22 -14
- data/third_party/boringssl/crypto/x509v3/v3_ncons.c +27 -11
- data/third_party/boringssl/crypto/x509v3/v3_pci.c +0 -33
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +4 -4
- data/third_party/boringssl/include/openssl/aead.h +280 -191
- data/third_party/boringssl/include/openssl/aes.h +50 -50
- data/third_party/boringssl/include/openssl/arm_arch.h +12 -12
- data/third_party/boringssl/include/openssl/asn1.h +14 -77
- data/third_party/boringssl/include/openssl/asn1t.h +11 -15
- data/third_party/boringssl/include/openssl/base.h +78 -51
- data/third_party/boringssl/include/openssl/base64.h +68 -68
- data/third_party/boringssl/include/openssl/bio.h +472 -406
- data/third_party/boringssl/include/openssl/blowfish.h +1 -1
- data/third_party/boringssl/include/openssl/bn.h +454 -435
- data/third_party/boringssl/include/openssl/buf.h +27 -27
- data/third_party/boringssl/include/openssl/bytestring.h +282 -267
- data/third_party/boringssl/include/openssl/cast.h +2 -2
- data/third_party/boringssl/include/openssl/chacha.h +5 -5
- data/third_party/boringssl/include/openssl/cipher.h +209 -200
- data/third_party/boringssl/include/openssl/cmac.h +27 -27
- data/third_party/boringssl/include/openssl/conf.h +49 -46
- data/third_party/boringssl/include/openssl/cpu.h +60 -45
- data/third_party/boringssl/include/openssl/crypto.h +59 -35
- data/third_party/boringssl/include/openssl/curve25519.h +97 -92
- data/third_party/boringssl/include/openssl/des.h +25 -25
- data/third_party/boringssl/include/openssl/dh.h +98 -97
- data/third_party/boringssl/include/openssl/digest.h +143 -114
- data/third_party/boringssl/include/openssl/dsa.h +217 -202
- data/third_party/boringssl/include/openssl/ec.h +132 -131
- data/third_party/boringssl/include/openssl/ec_key.h +132 -128
- data/third_party/boringssl/include/openssl/ecdh.h +9 -9
- data/third_party/boringssl/include/openssl/ecdsa.h +66 -66
- data/third_party/boringssl/include/openssl/engine.h +38 -38
- data/third_party/boringssl/include/openssl/err.h +189 -219
- data/third_party/boringssl/include/openssl/evp.h +473 -397
- data/third_party/boringssl/include/openssl/ex_data.h +46 -56
- data/third_party/boringssl/include/openssl/hkdf.h +17 -17
- data/third_party/boringssl/include/openssl/hmac.h +55 -43
- data/third_party/boringssl/include/openssl/is_boringssl.h +16 -0
- data/third_party/boringssl/include/openssl/lhash.h +67 -67
- data/third_party/boringssl/include/openssl/lhash_macros.h +4 -4
- data/third_party/boringssl/include/openssl/md4.h +14 -14
- data/third_party/boringssl/include/openssl/md5.h +14 -14
- data/third_party/boringssl/include/openssl/mem.h +39 -33
- data/third_party/boringssl/include/openssl/nid.h +43 -0
- data/third_party/boringssl/include/openssl/obj.h +93 -87
- data/third_party/boringssl/include/openssl/opensslconf.h +8 -1
- data/third_party/boringssl/include/openssl/pem.h +2 -122
- data/third_party/boringssl/include/openssl/pkcs7.h +68 -2
- data/third_party/boringssl/include/openssl/pkcs8.h +81 -66
- data/third_party/boringssl/include/openssl/poly1305.h +11 -11
- data/third_party/boringssl/include/openssl/pool.h +29 -25
- data/third_party/boringssl/include/openssl/rand.h +48 -45
- data/third_party/boringssl/include/openssl/rc4.h +9 -9
- data/third_party/boringssl/include/openssl/ripemd.h +13 -13
- data/third_party/boringssl/include/openssl/rsa.h +371 -340
- data/third_party/boringssl/include/openssl/sha.h +71 -71
- data/third_party/boringssl/include/openssl/span.h +191 -0
- data/third_party/boringssl/include/openssl/ssl.h +2639 -2519
- data/third_party/boringssl/include/openssl/ssl3.h +39 -122
- data/third_party/boringssl/include/openssl/stack.h +355 -164
- data/third_party/boringssl/include/openssl/thread.h +43 -43
- data/third_party/boringssl/include/openssl/tls1.h +60 -63
- data/third_party/boringssl/include/openssl/type_check.h +10 -14
- data/third_party/boringssl/include/openssl/x509.h +41 -116
- data/third_party/boringssl/include/openssl/x509_vfy.h +17 -25
- data/third_party/boringssl/include/openssl/x509v3.h +27 -21
- data/third_party/boringssl/ssl/{bio_ssl.c → bio_ssl.cc} +9 -5
- data/third_party/boringssl/ssl/{custom_extensions.c → custom_extensions.cc} +19 -12
- data/third_party/boringssl/ssl/{d1_both.c → d1_both.cc} +224 -193
- data/third_party/boringssl/ssl/{d1_lib.c → d1_lib.cc} +86 -79
- data/third_party/boringssl/ssl/{d1_pkt.c → d1_pkt.cc} +55 -87
- data/third_party/boringssl/ssl/{d1_srtp.c → d1_srtp.cc} +12 -16
- data/third_party/boringssl/ssl/{dtls_method.c → dtls_method.cc} +33 -50
- data/third_party/boringssl/ssl/{dtls_record.c → dtls_record.cc} +76 -64
- data/third_party/boringssl/ssl/handshake.cc +547 -0
- data/third_party/boringssl/ssl/handshake_client.cc +1828 -0
- data/third_party/boringssl/ssl/handshake_server.cc +1672 -0
- data/third_party/boringssl/ssl/internal.h +2027 -1280
- data/third_party/boringssl/ssl/s3_both.cc +603 -0
- data/third_party/boringssl/ssl/{s3_lib.c → s3_lib.cc} +22 -10
- data/third_party/boringssl/ssl/{s3_pkt.c → s3_pkt.cc} +171 -75
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +415 -0
- data/third_party/boringssl/ssl/{ssl_asn1.c → ssl_asn1.cc} +257 -261
- data/third_party/boringssl/ssl/{ssl_buffer.c → ssl_buffer.cc} +81 -97
- data/third_party/boringssl/ssl/{ssl_cert.c → ssl_cert.cc} +304 -414
- data/third_party/boringssl/ssl/{ssl_cipher.c → ssl_cipher.cc} +427 -505
- data/third_party/boringssl/ssl/{ssl_file.c → ssl_file.cc} +24 -16
- data/third_party/boringssl/ssl/ssl_key_share.cc +245 -0
- data/third_party/boringssl/ssl/{ssl_lib.c → ssl_lib.cc} +665 -828
- data/third_party/boringssl/ssl/ssl_privkey.cc +518 -0
- data/third_party/boringssl/ssl/{ssl_session.c → ssl_session.cc} +596 -471
- data/third_party/boringssl/ssl/{ssl_stat.c → ssl_stat.cc} +5 -224
- data/third_party/boringssl/ssl/{ssl_transcript.c → ssl_transcript.cc} +117 -140
- data/third_party/boringssl/ssl/ssl_versions.cc +439 -0
- data/third_party/boringssl/ssl/{ssl_x509.c → ssl_x509.cc} +751 -267
- data/third_party/boringssl/ssl/{t1_enc.c → t1_enc.cc} +120 -161
- data/third_party/boringssl/ssl/{t1_lib.c → t1_lib.cc} +859 -966
- data/third_party/boringssl/ssl/{tls13_both.c → tls13_both.cc} +202 -284
- data/third_party/boringssl/ssl/tls13_client.cc +842 -0
- data/third_party/boringssl/ssl/{tls13_enc.c → tls13_enc.cc} +108 -90
- data/third_party/boringssl/ssl/tls13_server.cc +967 -0
- data/third_party/boringssl/ssl/{tls_method.c → tls_method.cc} +94 -73
- data/third_party/boringssl/ssl/tls_record.cc +675 -0
- metadata +117 -168
- data/include/grpc/support/cmdline.h +0 -88
- data/include/grpc/support/subprocess.h +0 -44
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +0 -29
- data/src/core/ext/filters/client_channel/resolver_factory.cc +0 -40
- data/src/core/lib/gpr/cmdline.cc +0 -330
- data/src/core/lib/gpr/subprocess_posix.cc +0 -99
- data/src/core/lib/gpr/subprocess_windows.cc +0 -126
- data/src/core/lib/surface/alarm.cc +0 -137
- data/src/core/lib/surface/alarm_internal.h +0 -40
- data/src/core/tsi/gts_transport_security.cc +0 -40
- data/third_party/boringssl/crypto/aes/aes.c +0 -1142
- data/third_party/boringssl/crypto/aes/internal.h +0 -87
- data/third_party/boringssl/crypto/aes/key_wrap.c +0 -138
- data/third_party/boringssl/crypto/aes/mode_wrappers.c +0 -112
- data/third_party/boringssl/crypto/asn1/x_long.c +0 -200
- data/third_party/boringssl/crypto/bn/add.c +0 -377
- data/third_party/boringssl/crypto/bn/asm/x86_64-gcc.c +0 -532
- data/third_party/boringssl/crypto/bn/bn.c +0 -365
- data/third_party/boringssl/crypto/bn/cmp.c +0 -239
- data/third_party/boringssl/crypto/bn/ctx.c +0 -313
- data/third_party/boringssl/crypto/bn/div.c +0 -728
- data/third_party/boringssl/crypto/bn/exponentiation.c +0 -1240
- data/third_party/boringssl/crypto/bn/gcd.c +0 -635
- data/third_party/boringssl/crypto/bn/generic.c +0 -707
- data/third_party/boringssl/crypto/bn/kronecker.c +0 -176
- data/third_party/boringssl/crypto/bn/montgomery.c +0 -409
- data/third_party/boringssl/crypto/bn/montgomery_inv.c +0 -207
- data/third_party/boringssl/crypto/bn/mul.c +0 -871
- data/third_party/boringssl/crypto/bn/prime.c +0 -861
- data/third_party/boringssl/crypto/bn/random.c +0 -343
- data/third_party/boringssl/crypto/bn/rsaz_exp.c +0 -254
- data/third_party/boringssl/crypto/bn/shift.c +0 -307
- data/third_party/boringssl/crypto/bn/sqrt.c +0 -506
- data/third_party/boringssl/crypto/cipher/aead.c +0 -156
- data/third_party/boringssl/crypto/cipher/cipher.c +0 -657
- data/third_party/boringssl/crypto/cipher/e_aes.c +0 -1771
- data/third_party/boringssl/crypto/cipher/e_chacha20poly1305.c +0 -276
- data/third_party/boringssl/crypto/cipher/e_des.c +0 -205
- data/third_party/boringssl/crypto/cipher/tls_cbc.c +0 -482
- data/third_party/boringssl/crypto/des/des.c +0 -771
- data/third_party/boringssl/crypto/digest/digest.c +0 -251
- data/third_party/boringssl/crypto/digest/digests.c +0 -358
- data/third_party/boringssl/crypto/ec/ec.c +0 -847
- data/third_party/boringssl/crypto/ec/ec_key.c +0 -479
- data/third_party/boringssl/crypto/ec/ec_montgomery.c +0 -303
- data/third_party/boringssl/crypto/ec/oct.c +0 -416
- data/third_party/boringssl/crypto/ec/p224-64.c +0 -1143
- data/third_party/boringssl/crypto/ec/p256-64.c +0 -1701
- data/third_party/boringssl/crypto/ec/p256-x86_64.c +0 -561
- data/third_party/boringssl/crypto/ec/simple.c +0 -1118
- data/third_party/boringssl/crypto/ec/util-64.c +0 -109
- data/third_party/boringssl/crypto/ec/wnaf.c +0 -458
- data/third_party/boringssl/crypto/ecdsa/ecdsa.c +0 -479
- data/third_party/boringssl/crypto/hmac/hmac.c +0 -215
- data/third_party/boringssl/crypto/md4/md4.c +0 -236
- data/third_party/boringssl/crypto/md5/md5.c +0 -285
- data/third_party/boringssl/crypto/modes/cbc.c +0 -212
- data/third_party/boringssl/crypto/modes/cfb.c +0 -230
- data/third_party/boringssl/crypto/modes/ctr.c +0 -219
- data/third_party/boringssl/crypto/modes/gcm.c +0 -1071
- data/third_party/boringssl/crypto/modes/ofb.c +0 -95
- data/third_party/boringssl/crypto/modes/polyval.c +0 -94
- data/third_party/boringssl/crypto/pkcs8/p8_pkey.c +0 -85
- data/third_party/boringssl/crypto/rand/rand.c +0 -244
- data/third_party/boringssl/crypto/rand/urandom.c +0 -335
- data/third_party/boringssl/crypto/rsa/blinding.c +0 -265
- data/third_party/boringssl/crypto/rsa/padding.c +0 -708
- data/third_party/boringssl/crypto/rsa/rsa.c +0 -830
- data/third_party/boringssl/crypto/rsa/rsa_impl.c +0 -1100
- data/third_party/boringssl/crypto/sha/sha1-altivec.c +0 -346
- data/third_party/boringssl/crypto/sha/sha1.c +0 -355
- data/third_party/boringssl/crypto/sha/sha256.c +0 -329
- data/third_party/boringssl/crypto/sha/sha512.c +0 -609
- data/third_party/boringssl/crypto/x509/x509type.c +0 -126
- data/third_party/boringssl/include/openssl/stack_macros.h +0 -3987
- data/third_party/boringssl/ssl/handshake_client.c +0 -1883
- data/third_party/boringssl/ssl/handshake_server.c +0 -1950
- data/third_party/boringssl/ssl/s3_both.c +0 -895
- data/third_party/boringssl/ssl/ssl_aead_ctx.c +0 -335
- data/third_party/boringssl/ssl/ssl_ecdh.c +0 -465
- data/third_party/boringssl/ssl/ssl_privkey.c +0 -683
- data/third_party/boringssl/ssl/ssl_privkey_cc.cc +0 -76
- data/third_party/boringssl/ssl/tls13_client.c +0 -712
- data/third_party/boringssl/ssl/tls13_server.c +0 -680
- data/third_party/boringssl/ssl/tls_record.c +0 -556
@@ -139,7 +139,10 @@
|
|
139
139
|
#include <stdlib.h>
|
140
140
|
#include <string.h>
|
141
141
|
|
142
|
+
#include <utility>
|
143
|
+
|
142
144
|
#include <openssl/err.h>
|
145
|
+
#include <openssl/hmac.h>
|
143
146
|
#include <openssl/lhash.h>
|
144
147
|
#include <openssl/mem.h>
|
145
148
|
#include <openssl/rand.h>
|
@@ -148,9 +151,11 @@
|
|
148
151
|
#include "../crypto/internal.h"
|
149
152
|
|
150
153
|
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
+
namespace bssl {
|
155
|
+
|
156
|
+
// The address of this is a magic value, a pointer to which is returned by
|
157
|
+
// SSL_magic_pending_session_ptr(). It allows a session callback to indicate
|
158
|
+
// that it needs to asynchronously fetch session information.
|
154
159
|
static const char g_pending_session_magic = 0;
|
155
160
|
|
156
161
|
static CRYPTO_EX_DATA_CLASS g_ex_data_class =
|
@@ -160,32 +165,29 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *session);
|
|
160
165
|
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *session);
|
161
166
|
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *session, int lock);
|
162
167
|
|
163
|
-
SSL_SESSION
|
164
|
-
SSL_SESSION
|
165
|
-
|
168
|
+
UniquePtr<SSL_SESSION> ssl_session_new(const SSL_X509_METHOD *x509_method) {
|
169
|
+
UniquePtr<SSL_SESSION> session(
|
170
|
+
(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)));
|
171
|
+
if (!session) {
|
166
172
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
167
173
|
return 0;
|
168
174
|
}
|
169
|
-
OPENSSL_memset(session, 0, sizeof(SSL_SESSION));
|
175
|
+
OPENSSL_memset(session.get(), 0, sizeof(SSL_SESSION));
|
170
176
|
|
171
177
|
session->x509_method = x509_method;
|
172
178
|
session->verify_result = X509_V_ERR_INVALID_CALL;
|
173
179
|
session->references = 1;
|
174
180
|
session->timeout = SSL_DEFAULT_SESSION_TIMEOUT;
|
175
181
|
session->auth_timeout = SSL_DEFAULT_SESSION_TIMEOUT;
|
176
|
-
session->time =
|
182
|
+
session->time = time(NULL);
|
177
183
|
CRYPTO_new_ex_data(&session->ex_data);
|
178
184
|
return session;
|
179
185
|
}
|
180
186
|
|
181
|
-
SSL_SESSION
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
|
186
|
-
SSL_SESSION *new_session = ssl_session_new(session->x509_method);
|
187
|
-
if (new_session == NULL) {
|
188
|
-
goto err;
|
187
|
+
UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
|
188
|
+
UniquePtr<SSL_SESSION> new_session = ssl_session_new(session->x509_method);
|
189
|
+
if (!new_session) {
|
190
|
+
return nullptr;
|
189
191
|
}
|
190
192
|
|
191
193
|
new_session->is_server = session->is_server;
|
@@ -193,77 +195,61 @@ SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
|
|
193
195
|
new_session->sid_ctx_length = session->sid_ctx_length;
|
194
196
|
OPENSSL_memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length);
|
195
197
|
|
196
|
-
|
198
|
+
// Copy the key material.
|
197
199
|
new_session->master_key_length = session->master_key_length;
|
198
200
|
OPENSSL_memcpy(new_session->master_key, session->master_key,
|
199
201
|
session->master_key_length);
|
200
202
|
new_session->cipher = session->cipher;
|
201
203
|
|
202
|
-
|
204
|
+
// Copy authentication state.
|
203
205
|
if (session->psk_identity != NULL) {
|
204
206
|
new_session->psk_identity = BUF_strdup(session->psk_identity);
|
205
207
|
if (new_session->psk_identity == NULL) {
|
206
|
-
|
208
|
+
return nullptr;
|
207
209
|
}
|
208
210
|
}
|
209
211
|
if (session->certs != NULL) {
|
210
212
|
new_session->certs = sk_CRYPTO_BUFFER_new_null();
|
211
213
|
if (new_session->certs == NULL) {
|
212
|
-
|
214
|
+
return nullptr;
|
213
215
|
}
|
214
216
|
for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(session->certs); i++) {
|
215
217
|
CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(session->certs, i);
|
216
218
|
if (!sk_CRYPTO_BUFFER_push(new_session->certs, buffer)) {
|
217
|
-
|
219
|
+
return nullptr;
|
218
220
|
}
|
219
221
|
CRYPTO_BUFFER_up_ref(buffer);
|
220
222
|
}
|
221
223
|
}
|
222
224
|
|
223
|
-
if (!session->x509_method->session_dup(new_session, session)) {
|
224
|
-
|
225
|
+
if (!session->x509_method->session_dup(new_session.get(), session)) {
|
226
|
+
return nullptr;
|
225
227
|
}
|
226
228
|
|
227
229
|
new_session->verify_result = session->verify_result;
|
228
230
|
|
229
|
-
new_session->ocsp_response_length = session->ocsp_response_length;
|
230
231
|
if (session->ocsp_response != NULL) {
|
231
|
-
new_session->ocsp_response =
|
232
|
-
|
233
|
-
if (new_session->ocsp_response == NULL) {
|
234
|
-
goto err;
|
235
|
-
}
|
232
|
+
new_session->ocsp_response = session->ocsp_response;
|
233
|
+
CRYPTO_BUFFER_up_ref(new_session->ocsp_response);
|
236
234
|
}
|
237
235
|
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
new_session->
|
242
|
-
BUF_memdup(session->tlsext_signed_cert_timestamp_list,
|
243
|
-
session->tlsext_signed_cert_timestamp_list_length);
|
244
|
-
if (new_session->tlsext_signed_cert_timestamp_list == NULL) {
|
245
|
-
goto err;
|
246
|
-
}
|
236
|
+
if (session->signed_cert_timestamp_list != NULL) {
|
237
|
+
new_session->signed_cert_timestamp_list =
|
238
|
+
session->signed_cert_timestamp_list;
|
239
|
+
CRYPTO_BUFFER_up_ref(new_session->signed_cert_timestamp_list);
|
247
240
|
}
|
248
241
|
|
249
242
|
OPENSSL_memcpy(new_session->peer_sha256, session->peer_sha256,
|
250
243
|
SHA256_DIGEST_LENGTH);
|
251
244
|
new_session->peer_sha256_valid = session->peer_sha256_valid;
|
252
245
|
|
253
|
-
if (session->tlsext_hostname != NULL) {
|
254
|
-
new_session->tlsext_hostname = BUF_strdup(session->tlsext_hostname);
|
255
|
-
if (new_session->tlsext_hostname == NULL) {
|
256
|
-
goto err;
|
257
|
-
}
|
258
|
-
}
|
259
|
-
|
260
246
|
new_session->peer_signature_algorithm = session->peer_signature_algorithm;
|
261
247
|
|
262
248
|
new_session->timeout = session->timeout;
|
263
249
|
new_session->auth_timeout = session->auth_timeout;
|
264
250
|
new_session->time = session->time;
|
265
251
|
|
266
|
-
|
252
|
+
// Copy non-authentication connection properties.
|
267
253
|
if (dup_flags & SSL_SESSION_INCLUDE_NONAUTH) {
|
268
254
|
new_session->session_id_length = session->session_id_length;
|
269
255
|
OPENSSL_memcpy(new_session->session_id, session->session_id,
|
@@ -283,55 +269,48 @@ SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
|
|
283
269
|
|
284
270
|
if (session->early_alpn != NULL) {
|
285
271
|
new_session->early_alpn =
|
286
|
-
BUF_memdup(session->early_alpn, session->early_alpn_len);
|
272
|
+
(uint8_t *)BUF_memdup(session->early_alpn, session->early_alpn_len);
|
287
273
|
if (new_session->early_alpn == NULL) {
|
288
|
-
|
274
|
+
return nullptr;
|
289
275
|
}
|
290
276
|
}
|
291
277
|
new_session->early_alpn_len = session->early_alpn_len;
|
292
278
|
}
|
293
279
|
|
294
|
-
|
280
|
+
// Copy the ticket.
|
295
281
|
if (dup_flags & SSL_SESSION_INCLUDE_TICKET) {
|
296
282
|
if (session->tlsext_tick != NULL) {
|
297
283
|
new_session->tlsext_tick =
|
298
|
-
BUF_memdup(session->tlsext_tick, session->tlsext_ticklen);
|
284
|
+
(uint8_t *)BUF_memdup(session->tlsext_tick, session->tlsext_ticklen);
|
299
285
|
if (new_session->tlsext_tick == NULL) {
|
300
|
-
|
286
|
+
return nullptr;
|
301
287
|
}
|
302
288
|
}
|
303
289
|
new_session->tlsext_ticklen = session->tlsext_ticklen;
|
304
290
|
}
|
305
291
|
|
306
|
-
|
292
|
+
// The new_session does not get a copy of the ex_data.
|
307
293
|
|
308
294
|
new_session->not_resumable = 1;
|
309
295
|
return new_session;
|
310
|
-
|
311
|
-
err:
|
312
|
-
SSL_SESSION_free(new_session);
|
313
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
314
|
-
return 0;
|
315
296
|
}
|
316
297
|
|
317
298
|
void ssl_session_rebase_time(SSL *ssl, SSL_SESSION *session) {
|
318
|
-
struct
|
299
|
+
struct OPENSSL_timeval now;
|
319
300
|
ssl_get_current_time(ssl, &now);
|
320
301
|
|
321
|
-
|
322
|
-
|
323
|
-
if (session->time > now.tv_sec
|
324
|
-
session->time < 0 ||
|
325
|
-
now.tv_sec < 0) {
|
302
|
+
// To avoid overflows and underflows, if we've gone back in time, update the
|
303
|
+
// time, but mark the session expired.
|
304
|
+
if (session->time > now.tv_sec) {
|
326
305
|
session->time = now.tv_sec;
|
327
306
|
session->timeout = 0;
|
328
307
|
session->auth_timeout = 0;
|
329
308
|
return;
|
330
309
|
}
|
331
310
|
|
332
|
-
|
333
|
-
|
334
|
-
|
311
|
+
// Adjust the session time and timeouts. If the session has already expired,
|
312
|
+
// clamp the timeouts at zero.
|
313
|
+
uint64_t delta = now.tv_sec - session->time;
|
335
314
|
session->time = now.tv_sec;
|
336
315
|
if (session->timeout < delta) {
|
337
316
|
session->timeout = 0;
|
@@ -345,9 +324,10 @@ void ssl_session_rebase_time(SSL *ssl, SSL_SESSION *session) {
|
|
345
324
|
}
|
346
325
|
}
|
347
326
|
|
348
|
-
void ssl_session_renew_timeout(SSL *ssl, SSL_SESSION *session,
|
349
|
-
|
350
|
-
|
327
|
+
void ssl_session_renew_timeout(SSL *ssl, SSL_SESSION *session,
|
328
|
+
uint32_t timeout) {
|
329
|
+
// Rebase the timestamp relative to the current time so |timeout| is measured
|
330
|
+
// correctly.
|
351
331
|
ssl_session_rebase_time(ssl, session);
|
352
332
|
|
353
333
|
if (session->timeout > timeout) {
|
@@ -360,156 +340,21 @@ void ssl_session_renew_timeout(SSL *ssl, SSL_SESSION *session, long timeout) {
|
|
360
340
|
}
|
361
341
|
}
|
362
342
|
|
363
|
-
|
364
|
-
|
365
|
-
|
366
|
-
|
367
|
-
|
368
|
-
|
369
|
-
if (session == NULL ||
|
370
|
-
!CRYPTO_refcount_dec_and_test_zero(&session->references)) {
|
371
|
-
return;
|
372
|
-
}
|
373
|
-
|
374
|
-
CRYPTO_free_ex_data(&g_ex_data_class, session, &session->ex_data);
|
375
|
-
|
376
|
-
OPENSSL_cleanse(session->master_key, sizeof(session->master_key));
|
377
|
-
OPENSSL_cleanse(session->session_id, sizeof(session->session_id));
|
378
|
-
sk_CRYPTO_BUFFER_pop_free(session->certs, CRYPTO_BUFFER_free);
|
379
|
-
session->x509_method->session_clear(session);
|
380
|
-
OPENSSL_free(session->tlsext_hostname);
|
381
|
-
OPENSSL_free(session->tlsext_tick);
|
382
|
-
OPENSSL_free(session->tlsext_signed_cert_timestamp_list);
|
383
|
-
OPENSSL_free(session->ocsp_response);
|
384
|
-
OPENSSL_free(session->psk_identity);
|
385
|
-
OPENSSL_free(session->early_alpn);
|
386
|
-
OPENSSL_cleanse(session, sizeof(*session));
|
387
|
-
OPENSSL_free(session);
|
388
|
-
}
|
389
|
-
|
390
|
-
const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *session,
|
391
|
-
unsigned *out_len) {
|
392
|
-
if (out_len != NULL) {
|
393
|
-
*out_len = session->session_id_length;
|
394
|
-
}
|
395
|
-
return session->session_id;
|
396
|
-
}
|
397
|
-
|
398
|
-
long SSL_SESSION_get_timeout(const SSL_SESSION *session) {
|
399
|
-
return session->timeout;
|
400
|
-
}
|
401
|
-
|
402
|
-
long SSL_SESSION_get_time(const SSL_SESSION *session) {
|
403
|
-
if (session == NULL) {
|
404
|
-
/* NULL should crash, but silently accept it here for compatibility. */
|
405
|
-
return 0;
|
406
|
-
}
|
407
|
-
return session->time;
|
408
|
-
}
|
409
|
-
|
410
|
-
X509 *SSL_SESSION_get0_peer(const SSL_SESSION *session) {
|
411
|
-
return session->x509_peer;
|
412
|
-
}
|
413
|
-
|
414
|
-
size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, uint8_t *out,
|
415
|
-
size_t max_out) {
|
416
|
-
/* TODO(davidben): Fix master_key_length's type and remove these casts. */
|
417
|
-
if (max_out == 0) {
|
418
|
-
return (size_t)session->master_key_length;
|
419
|
-
}
|
420
|
-
if (max_out > (size_t)session->master_key_length) {
|
421
|
-
max_out = (size_t)session->master_key_length;
|
422
|
-
}
|
423
|
-
OPENSSL_memcpy(out, session->master_key, max_out);
|
424
|
-
return max_out;
|
425
|
-
}
|
426
|
-
|
427
|
-
long SSL_SESSION_set_time(SSL_SESSION *session, long time) {
|
428
|
-
if (session == NULL) {
|
429
|
-
return 0;
|
430
|
-
}
|
431
|
-
|
432
|
-
session->time = time;
|
433
|
-
return time;
|
434
|
-
}
|
435
|
-
|
436
|
-
long SSL_SESSION_set_timeout(SSL_SESSION *session, long timeout) {
|
437
|
-
if (session == NULL) {
|
438
|
-
return 0;
|
439
|
-
}
|
440
|
-
|
441
|
-
session->timeout = timeout;
|
442
|
-
session->auth_timeout = timeout;
|
443
|
-
return 1;
|
444
|
-
}
|
445
|
-
|
446
|
-
int SSL_SESSION_set1_id_context(SSL_SESSION *session, const uint8_t *sid_ctx,
|
447
|
-
size_t sid_ctx_len) {
|
448
|
-
if (sid_ctx_len > sizeof(session->sid_ctx)) {
|
449
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
|
343
|
+
uint16_t ssl_session_protocol_version(const SSL_SESSION *session) {
|
344
|
+
uint16_t ret;
|
345
|
+
if (!ssl_protocol_version_from_wire(&ret, session->ssl_version)) {
|
346
|
+
// An |SSL_SESSION| will never have an invalid version. This is enforced by
|
347
|
+
// the parser.
|
348
|
+
assert(0);
|
450
349
|
return 0;
|
451
350
|
}
|
452
351
|
|
453
|
-
assert(sizeof(session->sid_ctx) < 256);
|
454
|
-
session->sid_ctx_length = (uint8_t)sid_ctx_len;
|
455
|
-
OPENSSL_memcpy(session->sid_ctx, sid_ctx, sid_ctx_len);
|
456
|
-
|
457
|
-
return 1;
|
458
|
-
}
|
459
|
-
|
460
|
-
SSL_SESSION *SSL_magic_pending_session_ptr(void) {
|
461
|
-
return (SSL_SESSION *)&g_pending_session_magic;
|
462
|
-
}
|
463
|
-
|
464
|
-
SSL_SESSION *SSL_get_session(const SSL *ssl) {
|
465
|
-
/* Once the handshake completes we return the established session. Otherwise
|
466
|
-
* we return the intermediate session, either |session| (for resumption) or
|
467
|
-
* |new_session| if doing a full handshake. */
|
468
|
-
if (!SSL_in_init(ssl)) {
|
469
|
-
return ssl->s3->established_session;
|
470
|
-
}
|
471
|
-
if (ssl->s3->hs->new_session != NULL) {
|
472
|
-
return ssl->s3->hs->new_session;
|
473
|
-
}
|
474
|
-
return ssl->session;
|
475
|
-
}
|
476
|
-
|
477
|
-
SSL_SESSION *SSL_get1_session(SSL *ssl) {
|
478
|
-
SSL_SESSION *ret = SSL_get_session(ssl);
|
479
|
-
if (ret != NULL) {
|
480
|
-
SSL_SESSION_up_ref(ret);
|
481
|
-
}
|
482
352
|
return ret;
|
483
353
|
}
|
484
354
|
|
485
|
-
|
486
|
-
|
487
|
-
|
488
|
-
CRYPTO_EX_free *free_func) {
|
489
|
-
int index;
|
490
|
-
if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, dup_func,
|
491
|
-
free_func)) {
|
492
|
-
return -1;
|
493
|
-
}
|
494
|
-
return index;
|
495
|
-
}
|
496
|
-
|
497
|
-
int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg) {
|
498
|
-
return CRYPTO_set_ex_data(&session->ex_data, idx, arg);
|
499
|
-
}
|
500
|
-
|
501
|
-
void *SSL_SESSION_get_ex_data(const SSL_SESSION *session, int idx) {
|
502
|
-
return CRYPTO_get_ex_data(&session->ex_data, idx);
|
503
|
-
}
|
504
|
-
|
505
|
-
const EVP_MD *SSL_SESSION_get_digest(const SSL_SESSION *session,
|
506
|
-
const SSL *ssl) {
|
507
|
-
uint16_t version;
|
508
|
-
if (!ssl->method->version_from_wire(&version, session->ssl_version)) {
|
509
|
-
return NULL;
|
510
|
-
}
|
511
|
-
|
512
|
-
return ssl_get_handshake_digest(session->cipher->algorithm_prf, version);
|
355
|
+
const EVP_MD *ssl_session_get_digest(const SSL_SESSION *session) {
|
356
|
+
return ssl_get_handshake_digest(ssl_session_protocol_version(session),
|
357
|
+
session->cipher);
|
513
358
|
}
|
514
359
|
|
515
360
|
int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
|
@@ -519,7 +364,7 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
|
|
519
364
|
return 0;
|
520
365
|
}
|
521
366
|
|
522
|
-
SSL_SESSION
|
367
|
+
UniquePtr<SSL_SESSION> session = ssl_session_new(ssl->ctx->x509_method);
|
523
368
|
if (session == NULL) {
|
524
369
|
return 0;
|
525
370
|
}
|
@@ -527,33 +372,33 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
|
|
527
372
|
session->is_server = is_server;
|
528
373
|
session->ssl_version = ssl->version;
|
529
374
|
|
530
|
-
|
531
|
-
struct
|
375
|
+
// Fill in the time from the |SSL_CTX|'s clock.
|
376
|
+
struct OPENSSL_timeval now;
|
532
377
|
ssl_get_current_time(ssl, &now);
|
533
378
|
session->time = now.tv_sec;
|
534
379
|
|
535
380
|
uint16_t version = ssl3_protocol_version(ssl);
|
536
381
|
if (version >= TLS1_3_VERSION) {
|
537
|
-
|
538
|
-
|
539
|
-
session->timeout = ssl->
|
382
|
+
// TLS 1.3 uses tickets as authenticators, so we are willing to use them for
|
383
|
+
// longer.
|
384
|
+
session->timeout = ssl->session_ctx->session_psk_dhe_timeout;
|
540
385
|
session->auth_timeout = SSL_DEFAULT_SESSION_AUTH_TIMEOUT;
|
541
386
|
} else {
|
542
|
-
|
543
|
-
|
544
|
-
session->timeout = ssl->
|
545
|
-
session->auth_timeout = ssl->
|
387
|
+
// TLS 1.2 resumption does not incorporate new key material, so we use a
|
388
|
+
// much shorter timeout.
|
389
|
+
session->timeout = ssl->session_ctx->session_timeout;
|
390
|
+
session->auth_timeout = ssl->session_ctx->session_timeout;
|
546
391
|
}
|
547
392
|
|
548
393
|
if (is_server) {
|
549
394
|
if (hs->ticket_expected || version >= TLS1_3_VERSION) {
|
550
|
-
|
551
|
-
|
395
|
+
// Don't set session IDs for sessions resumed with tickets. This will keep
|
396
|
+
// them out of the session cache.
|
552
397
|
session->session_id_length = 0;
|
553
398
|
} else {
|
554
399
|
session->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
|
555
400
|
if (!RAND_bytes(session->session_id, session->session_id_length)) {
|
556
|
-
|
401
|
+
return 0;
|
557
402
|
}
|
558
403
|
}
|
559
404
|
} else {
|
@@ -562,80 +407,121 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
|
|
562
407
|
|
563
408
|
if (ssl->cert->sid_ctx_length > sizeof(session->sid_ctx)) {
|
564
409
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
565
|
-
|
410
|
+
return 0;
|
566
411
|
}
|
567
412
|
OPENSSL_memcpy(session->sid_ctx, ssl->cert->sid_ctx,
|
568
413
|
ssl->cert->sid_ctx_length);
|
569
414
|
session->sid_ctx_length = ssl->cert->sid_ctx_length;
|
570
415
|
|
571
|
-
|
416
|
+
// The session is marked not resumable until it is completely filled in.
|
572
417
|
session->not_resumable = 1;
|
573
418
|
session->verify_result = X509_V_ERR_INVALID_CALL;
|
574
419
|
|
575
|
-
|
576
|
-
hs->new_session = session;
|
420
|
+
hs->new_session = std::move(session);
|
577
421
|
ssl_set_session(ssl, NULL);
|
578
422
|
return 1;
|
579
|
-
|
580
|
-
err:
|
581
|
-
SSL_SESSION_free(session);
|
582
|
-
return 0;
|
583
423
|
}
|
584
424
|
|
585
|
-
int
|
586
|
-
|
425
|
+
int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx) {
|
426
|
+
OPENSSL_timeval now;
|
427
|
+
ssl_ctx_get_current_time(ctx, &now);
|
428
|
+
{
|
429
|
+
// Avoid acquiring a write lock in the common case (i.e. a non-default key
|
430
|
+
// is used or the default keys have not expired yet).
|
431
|
+
MutexReadLock lock(&ctx->lock);
|
432
|
+
if (ctx->tlsext_ticket_key_current &&
|
433
|
+
(ctx->tlsext_ticket_key_current->next_rotation_tv_sec == 0 ||
|
434
|
+
ctx->tlsext_ticket_key_current->next_rotation_tv_sec > now.tv_sec) &&
|
435
|
+
(!ctx->tlsext_ticket_key_prev ||
|
436
|
+
ctx->tlsext_ticket_key_prev->next_rotation_tv_sec > now.tv_sec)) {
|
437
|
+
return 1;
|
438
|
+
}
|
439
|
+
}
|
587
440
|
|
588
|
-
|
589
|
-
|
590
|
-
|
591
|
-
|
592
|
-
|
441
|
+
MutexWriteLock lock(&ctx->lock);
|
442
|
+
if (!ctx->tlsext_ticket_key_current ||
|
443
|
+
(ctx->tlsext_ticket_key_current->next_rotation_tv_sec != 0 &&
|
444
|
+
ctx->tlsext_ticket_key_current->next_rotation_tv_sec <= now.tv_sec)) {
|
445
|
+
// The current key has not been initialized or it is expired.
|
446
|
+
auto new_key = bssl::MakeUnique<struct tlsext_ticket_key>();
|
447
|
+
if (!new_key) {
|
448
|
+
return 0;
|
449
|
+
}
|
450
|
+
OPENSSL_memset(new_key.get(), 0, sizeof(struct tlsext_ticket_key));
|
451
|
+
if (ctx->tlsext_ticket_key_current) {
|
452
|
+
// The current key expired. Rotate it to prev and bump up its rotation
|
453
|
+
// timestamp. Note that even with the new rotation time it may still be
|
454
|
+
// expired and get droppped below.
|
455
|
+
ctx->tlsext_ticket_key_current->next_rotation_tv_sec +=
|
456
|
+
SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL;
|
457
|
+
OPENSSL_free(ctx->tlsext_ticket_key_prev);
|
458
|
+
ctx->tlsext_ticket_key_prev = ctx->tlsext_ticket_key_current;
|
459
|
+
}
|
460
|
+
ctx->tlsext_ticket_key_current = new_key.release();
|
461
|
+
RAND_bytes(ctx->tlsext_ticket_key_current->name, 16);
|
462
|
+
RAND_bytes(ctx->tlsext_ticket_key_current->hmac_key, 16);
|
463
|
+
RAND_bytes(ctx->tlsext_ticket_key_current->aes_key, 16);
|
464
|
+
ctx->tlsext_ticket_key_current->next_rotation_tv_sec =
|
465
|
+
now.tv_sec + SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL;
|
466
|
+
}
|
467
|
+
|
468
|
+
// Drop an expired prev key.
|
469
|
+
if (ctx->tlsext_ticket_key_prev &&
|
470
|
+
ctx->tlsext_ticket_key_prev->next_rotation_tv_sec <= now.tv_sec) {
|
471
|
+
OPENSSL_free(ctx->tlsext_ticket_key_prev);
|
472
|
+
ctx->tlsext_ticket_key_prev = nullptr;
|
593
473
|
}
|
594
474
|
|
595
|
-
|
596
|
-
|
597
|
-
|
598
|
-
|
475
|
+
return 1;
|
476
|
+
}
|
477
|
+
|
478
|
+
static int ssl_encrypt_ticket_with_cipher_ctx(SSL *ssl, CBB *out,
|
479
|
+
const uint8_t *session_buf,
|
480
|
+
size_t session_len) {
|
481
|
+
ScopedEVP_CIPHER_CTX ctx;
|
482
|
+
ScopedHMAC_CTX hctx;
|
599
483
|
|
600
|
-
|
601
|
-
|
484
|
+
// If the session is too long, emit a dummy value rather than abort the
|
485
|
+
// connection.
|
602
486
|
static const size_t kMaxTicketOverhead =
|
603
487
|
16 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE;
|
604
488
|
if (session_len > 0xffff - kMaxTicketOverhead) {
|
605
489
|
static const char kTicketPlaceholder[] = "TICKET TOO LARGE";
|
606
|
-
|
607
|
-
|
608
|
-
ret = 1;
|
609
|
-
}
|
610
|
-
goto err;
|
490
|
+
return CBB_add_bytes(out, (const uint8_t *)kTicketPlaceholder,
|
491
|
+
strlen(kTicketPlaceholder));
|
611
492
|
}
|
612
493
|
|
613
|
-
|
614
|
-
|
615
|
-
SSL_CTX *tctx = ssl->
|
494
|
+
// Initialize HMAC and cipher contexts. If callback present it does all the
|
495
|
+
// work otherwise use generated values from parent ctx.
|
496
|
+
SSL_CTX *tctx = ssl->session_ctx;
|
616
497
|
uint8_t iv[EVP_MAX_IV_LENGTH];
|
617
498
|
uint8_t key_name[16];
|
618
499
|
if (tctx->tlsext_ticket_key_cb != NULL) {
|
619
|
-
if (tctx->tlsext_ticket_key_cb(ssl, key_name, iv,
|
500
|
+
if (tctx->tlsext_ticket_key_cb(ssl, key_name, iv, ctx.get(), hctx.get(),
|
620
501
|
1 /* encrypt */) < 0) {
|
621
|
-
|
502
|
+
return 0;
|
622
503
|
}
|
623
504
|
} else {
|
505
|
+
// Rotate ticket key if necessary.
|
506
|
+
if (!ssl_ctx_rotate_ticket_encryption_key(tctx)) {
|
507
|
+
return 0;
|
508
|
+
}
|
509
|
+
MutexReadLock lock(&tctx->lock);
|
624
510
|
if (!RAND_bytes(iv, 16) ||
|
625
|
-
!EVP_EncryptInit_ex(
|
626
|
-
tctx->
|
627
|
-
!HMAC_Init_ex(
|
628
|
-
NULL)) {
|
629
|
-
|
511
|
+
!EVP_EncryptInit_ex(ctx.get(), EVP_aes_128_cbc(), NULL,
|
512
|
+
tctx->tlsext_ticket_key_current->aes_key, iv) ||
|
513
|
+
!HMAC_Init_ex(hctx.get(), tctx->tlsext_ticket_key_current->hmac_key, 16,
|
514
|
+
tlsext_tick_md(), NULL)) {
|
515
|
+
return 0;
|
630
516
|
}
|
631
|
-
OPENSSL_memcpy(key_name, tctx->
|
517
|
+
OPENSSL_memcpy(key_name, tctx->tlsext_ticket_key_current->name, 16);
|
632
518
|
}
|
633
519
|
|
634
520
|
uint8_t *ptr;
|
635
521
|
if (!CBB_add_bytes(out, key_name, 16) ||
|
636
|
-
!CBB_add_bytes(out, iv, EVP_CIPHER_CTX_iv_length(
|
522
|
+
!CBB_add_bytes(out, iv, EVP_CIPHER_CTX_iv_length(ctx.get())) ||
|
637
523
|
!CBB_reserve(out, &ptr, session_len + EVP_MAX_BLOCK_LENGTH)) {
|
638
|
-
|
524
|
+
return 0;
|
639
525
|
}
|
640
526
|
|
641
527
|
size_t total = 0;
|
@@ -644,33 +530,76 @@ int ssl_encrypt_ticket(SSL *ssl, CBB *out, const SSL_SESSION *session) {
|
|
644
530
|
total = session_len;
|
645
531
|
#else
|
646
532
|
int len;
|
647
|
-
if (!EVP_EncryptUpdate(
|
648
|
-
|
533
|
+
if (!EVP_EncryptUpdate(ctx.get(), ptr + total, &len, session_buf, session_len)) {
|
534
|
+
return 0;
|
649
535
|
}
|
650
536
|
total += len;
|
651
|
-
if (!EVP_EncryptFinal_ex(
|
652
|
-
|
537
|
+
if (!EVP_EncryptFinal_ex(ctx.get(), ptr + total, &len)) {
|
538
|
+
return 0;
|
653
539
|
}
|
654
540
|
total += len;
|
655
541
|
#endif
|
656
542
|
if (!CBB_did_write(out, total)) {
|
657
|
-
|
543
|
+
return 0;
|
658
544
|
}
|
659
545
|
|
660
546
|
unsigned hlen;
|
661
|
-
if (!HMAC_Update(
|
547
|
+
if (!HMAC_Update(hctx.get(), CBB_data(out), CBB_len(out)) ||
|
662
548
|
!CBB_reserve(out, &ptr, EVP_MAX_MD_SIZE) ||
|
663
|
-
!HMAC_Final(
|
549
|
+
!HMAC_Final(hctx.get(), ptr, &hlen) ||
|
664
550
|
!CBB_did_write(out, hlen)) {
|
665
|
-
|
551
|
+
return 0;
|
552
|
+
}
|
553
|
+
|
554
|
+
return 1;
|
555
|
+
}
|
556
|
+
|
557
|
+
static int ssl_encrypt_ticket_with_method(SSL *ssl, CBB *out,
|
558
|
+
const uint8_t *session_buf,
|
559
|
+
size_t session_len) {
|
560
|
+
const SSL_TICKET_AEAD_METHOD *method = ssl->session_ctx->ticket_aead_method;
|
561
|
+
const size_t max_overhead = method->max_overhead(ssl);
|
562
|
+
const size_t max_out = session_len + max_overhead;
|
563
|
+
if (max_out < max_overhead) {
|
564
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
|
565
|
+
return 0;
|
566
|
+
}
|
567
|
+
|
568
|
+
uint8_t *ptr;
|
569
|
+
if (!CBB_reserve(out, &ptr, max_out)) {
|
570
|
+
return 0;
|
571
|
+
}
|
572
|
+
|
573
|
+
size_t out_len;
|
574
|
+
if (!method->seal(ssl, ptr, &out_len, max_out, session_buf, session_len)) {
|
575
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_TICKET_ENCRYPTION_FAILED);
|
576
|
+
return 0;
|
577
|
+
}
|
578
|
+
|
579
|
+
if (!CBB_did_write(out, out_len)) {
|
580
|
+
return 0;
|
581
|
+
}
|
582
|
+
|
583
|
+
return 1;
|
584
|
+
}
|
585
|
+
|
586
|
+
int ssl_encrypt_ticket(SSL *ssl, CBB *out, const SSL_SESSION *session) {
|
587
|
+
// Serialize the SSL_SESSION to be encoded into the ticket.
|
588
|
+
uint8_t *session_buf = NULL;
|
589
|
+
size_t session_len;
|
590
|
+
if (!SSL_SESSION_to_bytes_for_ticket(session, &session_buf, &session_len)) {
|
591
|
+
return -1;
|
666
592
|
}
|
667
593
|
|
668
|
-
ret =
|
594
|
+
int ret = 0;
|
595
|
+
if (ssl->session_ctx->ticket_aead_method) {
|
596
|
+
ret = ssl_encrypt_ticket_with_method(ssl, out, session_buf, session_len);
|
597
|
+
} else {
|
598
|
+
ret =
|
599
|
+
ssl_encrypt_ticket_with_cipher_ctx(ssl, out, session_buf, session_len);
|
600
|
+
}
|
669
601
|
|
670
|
-
err:
|
671
602
|
OPENSSL_free(session_buf);
|
672
|
-
EVP_CIPHER_CTX_cleanup(&ctx);
|
673
|
-
HMAC_CTX_cleanup(&hctx);
|
674
603
|
return ret;
|
675
604
|
}
|
676
605
|
|
@@ -689,193 +618,160 @@ int ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session) {
|
|
689
618
|
return 0;
|
690
619
|
}
|
691
620
|
|
692
|
-
struct
|
621
|
+
struct OPENSSL_timeval now;
|
693
622
|
ssl_get_current_time(ssl, &now);
|
694
623
|
|
695
|
-
|
696
|
-
if (
|
624
|
+
// Reject tickets from the future to avoid underflow.
|
625
|
+
if (now.tv_sec < session->time) {
|
697
626
|
return 0;
|
698
627
|
}
|
699
628
|
|
700
|
-
return session->timeout >
|
629
|
+
return session->timeout > now.tv_sec - session->time;
|
701
630
|
}
|
702
631
|
|
703
632
|
int ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
|
704
633
|
const SSL_SESSION *session) {
|
705
634
|
const SSL *const ssl = hs->ssl;
|
706
635
|
return ssl_session_is_context_valid(ssl, session) &&
|
707
|
-
|
708
|
-
|
636
|
+
// The session must have been created by the same type of end point as
|
637
|
+
// we're now using it with.
|
709
638
|
ssl->server == session->is_server &&
|
710
|
-
|
639
|
+
// The session must not be expired.
|
711
640
|
ssl_session_is_time_valid(ssl, session) &&
|
712
641
|
/* Only resume if the session's version matches the negotiated
|
713
642
|
* version. */
|
714
643
|
ssl->version == session->ssl_version &&
|
715
|
-
|
644
|
+
// Only resume if the session's cipher matches the negotiated one.
|
716
645
|
hs->new_cipher == session->cipher &&
|
717
|
-
|
718
|
-
|
719
|
-
|
646
|
+
// If the session contains a client certificate (either the full
|
647
|
+
// certificate or just the hash) then require that the form of the
|
648
|
+
// certificate matches the current configuration.
|
720
649
|
((sk_CRYPTO_BUFFER_num(session->certs) == 0 &&
|
721
650
|
!session->peer_sha256_valid) ||
|
722
651
|
session->peer_sha256_valid ==
|
723
652
|
ssl->retain_only_sha256_of_client_certs);
|
724
653
|
}
|
725
654
|
|
726
|
-
|
727
|
-
|
728
|
-
|
729
|
-
|
730
|
-
SSL *ssl, SSL_SESSION **out_session, const uint8_t *session_id,
|
655
|
+
// ssl_lookup_session looks up |session_id| in the session cache and sets
|
656
|
+
// |*out_session| to an |SSL_SESSION| object if found.
|
657
|
+
static enum ssl_hs_wait_t ssl_lookup_session(
|
658
|
+
SSL *ssl, UniquePtr<SSL_SESSION> *out_session, const uint8_t *session_id,
|
731
659
|
size_t session_id_len) {
|
732
|
-
|
660
|
+
out_session->reset();
|
733
661
|
|
734
662
|
if (session_id_len == 0 || session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
|
735
|
-
return
|
663
|
+
return ssl_hs_ok;
|
736
664
|
}
|
737
665
|
|
738
|
-
SSL_SESSION
|
739
|
-
|
740
|
-
if (!(ssl->
|
666
|
+
UniquePtr<SSL_SESSION> session;
|
667
|
+
// Try the internal cache, if it exists.
|
668
|
+
if (!(ssl->session_ctx->session_cache_mode &
|
741
669
|
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) {
|
742
670
|
SSL_SESSION data;
|
743
671
|
data.ssl_version = ssl->version;
|
744
672
|
data.session_id_length = session_id_len;
|
745
673
|
OPENSSL_memcpy(data.session_id, session_id, session_id_len);
|
746
674
|
|
747
|
-
|
748
|
-
session
|
749
|
-
if (session
|
750
|
-
|
675
|
+
MutexReadLock lock(&ssl->session_ctx->lock);
|
676
|
+
session.reset(lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &data));
|
677
|
+
if (session) {
|
678
|
+
// |lh_SSL_SESSION_retrieve| returns a non-owning pointer.
|
679
|
+
SSL_SESSION_up_ref(session.get());
|
751
680
|
}
|
752
|
-
|
753
|
-
CRYPTO_MUTEX_unlock_read(&ssl->initial_ctx->lock);
|
681
|
+
// TODO(davidben): This should probably move it to the front of the list.
|
754
682
|
}
|
755
683
|
|
756
|
-
|
757
|
-
if (session
|
758
|
-
|
684
|
+
// Fall back to the external cache, if it exists.
|
685
|
+
if (!session && (ssl->session_ctx->get_session_cb != nullptr ||
|
686
|
+
ssl->session_ctx->get_session_cb_legacy != nullptr)) {
|
759
687
|
int copy = 1;
|
760
|
-
|
761
|
-
|
688
|
+
if (ssl->session_ctx->get_session_cb != nullptr) {
|
689
|
+
session.reset(ssl->session_ctx->get_session_cb(ssl, session_id,
|
690
|
+
session_id_len, ©));
|
691
|
+
} else {
|
692
|
+
session.reset(ssl->session_ctx->get_session_cb_legacy(
|
693
|
+
ssl, const_cast<uint8_t *>(session_id), session_id_len, ©));
|
694
|
+
}
|
762
695
|
|
763
|
-
if (session
|
764
|
-
return
|
696
|
+
if (!session) {
|
697
|
+
return ssl_hs_ok;
|
765
698
|
}
|
766
699
|
|
767
|
-
if (session == SSL_magic_pending_session_ptr()) {
|
768
|
-
|
700
|
+
if (session.get() == SSL_magic_pending_session_ptr()) {
|
701
|
+
session.release(); // This pointer is not actually owned.
|
702
|
+
return ssl_hs_pending_session;
|
769
703
|
}
|
770
704
|
|
771
|
-
|
772
|
-
|
773
|
-
|
774
|
-
|
705
|
+
// Increment reference count now if the session callback asks us to do so
|
706
|
+
// (note that if the session structures returned by the callback are shared
|
707
|
+
// between threads, it must handle the reference count itself [i.e. copy ==
|
708
|
+
// 0], or things won't be thread-safe).
|
775
709
|
if (copy) {
|
776
|
-
SSL_SESSION_up_ref(session);
|
710
|
+
SSL_SESSION_up_ref(session.get());
|
777
711
|
}
|
778
712
|
|
779
|
-
|
780
|
-
if (!(ssl->
|
713
|
+
// Add the externally cached session to the internal cache if necessary.
|
714
|
+
if (!(ssl->session_ctx->session_cache_mode &
|
781
715
|
SSL_SESS_CACHE_NO_INTERNAL_STORE)) {
|
782
|
-
SSL_CTX_add_session(ssl->
|
716
|
+
SSL_CTX_add_session(ssl->session_ctx, session.get());
|
783
717
|
}
|
784
718
|
}
|
785
719
|
|
786
|
-
if (session
|
787
|
-
|
788
|
-
|
789
|
-
|
790
|
-
SSL_SESSION_free(session);
|
791
|
-
session = NULL;
|
720
|
+
if (session && !ssl_session_is_time_valid(ssl, session.get())) {
|
721
|
+
// The session was from the cache, so remove it.
|
722
|
+
SSL_CTX_remove_session(ssl->session_ctx, session.get());
|
723
|
+
session.reset();
|
792
724
|
}
|
793
725
|
|
794
|
-
*out_session = session;
|
795
|
-
return
|
726
|
+
*out_session = std::move(session);
|
727
|
+
return ssl_hs_ok;
|
796
728
|
}
|
797
729
|
|
798
|
-
enum
|
799
|
-
|
800
|
-
|
801
|
-
|
730
|
+
enum ssl_hs_wait_t ssl_get_prev_session(SSL *ssl,
|
731
|
+
UniquePtr<SSL_SESSION> *out_session,
|
732
|
+
bool *out_tickets_supported,
|
733
|
+
bool *out_renew_ticket,
|
734
|
+
const SSL_CLIENT_HELLO *client_hello) {
|
735
|
+
// This is used only by servers.
|
802
736
|
assert(ssl->server);
|
803
|
-
SSL_SESSION
|
804
|
-
|
737
|
+
UniquePtr<SSL_SESSION> session;
|
738
|
+
bool renew_ticket = false;
|
805
739
|
|
806
|
-
|
740
|
+
// If tickets are disabled, always behave as if no tickets are present.
|
807
741
|
const uint8_t *ticket = NULL;
|
808
742
|
size_t ticket_len = 0;
|
809
|
-
const
|
743
|
+
const bool tickets_supported =
|
810
744
|
!(SSL_get_options(ssl) & SSL_OP_NO_TICKET) &&
|
811
745
|
ssl->version > SSL3_VERSION &&
|
812
746
|
SSL_early_callback_ctx_extension_get(
|
813
747
|
client_hello, TLSEXT_TYPE_session_ticket, &ticket, &ticket_len);
|
814
748
|
if (tickets_supported && ticket_len > 0) {
|
815
|
-
|
816
|
-
|
817
|
-
|
818
|
-
|
749
|
+
switch (ssl_process_ticket(ssl, &session, &renew_ticket, ticket, ticket_len,
|
750
|
+
client_hello->session_id,
|
751
|
+
client_hello->session_id_len)) {
|
752
|
+
case ssl_ticket_aead_success:
|
753
|
+
break;
|
754
|
+
case ssl_ticket_aead_ignore_ticket:
|
755
|
+
assert(!session);
|
756
|
+
break;
|
757
|
+
case ssl_ticket_aead_error:
|
758
|
+
return ssl_hs_error;
|
759
|
+
case ssl_ticket_aead_retry:
|
760
|
+
return ssl_hs_pending_ticket;
|
819
761
|
}
|
820
762
|
} else {
|
821
|
-
|
822
|
-
enum
|
763
|
+
// The client didn't send a ticket, so the session ID is a real ID.
|
764
|
+
enum ssl_hs_wait_t lookup_ret = ssl_lookup_session(
|
823
765
|
ssl, &session, client_hello->session_id, client_hello->session_id_len);
|
824
|
-
if (lookup_ret !=
|
766
|
+
if (lookup_ret != ssl_hs_ok) {
|
825
767
|
return lookup_ret;
|
826
768
|
}
|
827
769
|
}
|
828
770
|
|
829
|
-
*out_session = session;
|
771
|
+
*out_session = std::move(session);
|
830
772
|
*out_tickets_supported = tickets_supported;
|
831
773
|
*out_renew_ticket = renew_ticket;
|
832
|
-
return
|
833
|
-
}
|
834
|
-
|
835
|
-
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session) {
|
836
|
-
/* Although |session| is inserted into two structures (a doubly-linked list
|
837
|
-
* and the hash table), |ctx| only takes one reference. */
|
838
|
-
SSL_SESSION_up_ref(session);
|
839
|
-
|
840
|
-
SSL_SESSION *old_session;
|
841
|
-
CRYPTO_MUTEX_lock_write(&ctx->lock);
|
842
|
-
if (!lh_SSL_SESSION_insert(ctx->sessions, &old_session, session)) {
|
843
|
-
CRYPTO_MUTEX_unlock_write(&ctx->lock);
|
844
|
-
SSL_SESSION_free(session);
|
845
|
-
return 0;
|
846
|
-
}
|
847
|
-
|
848
|
-
if (old_session != NULL) {
|
849
|
-
if (old_session == session) {
|
850
|
-
/* |session| was already in the cache. */
|
851
|
-
CRYPTO_MUTEX_unlock_write(&ctx->lock);
|
852
|
-
SSL_SESSION_free(old_session);
|
853
|
-
return 0;
|
854
|
-
}
|
855
|
-
|
856
|
-
/* There was a session ID collision. |old_session| must be removed from
|
857
|
-
* the linked list and released. */
|
858
|
-
SSL_SESSION_list_remove(ctx, old_session);
|
859
|
-
SSL_SESSION_free(old_session);
|
860
|
-
}
|
861
|
-
|
862
|
-
SSL_SESSION_list_add(ctx, session);
|
863
|
-
|
864
|
-
/* Enforce any cache size limits. */
|
865
|
-
if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
|
866
|
-
while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) {
|
867
|
-
if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) {
|
868
|
-
break;
|
869
|
-
}
|
870
|
-
}
|
871
|
-
}
|
872
|
-
|
873
|
-
CRYPTO_MUTEX_unlock_write(&ctx->lock);
|
874
|
-
return 1;
|
875
|
-
}
|
876
|
-
|
877
|
-
int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session) {
|
878
|
-
return remove_session_lock(ctx, session, 1);
|
774
|
+
return ssl_hs_ok;
|
879
775
|
}
|
880
776
|
|
881
777
|
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *session, int lock) {
|
@@ -898,7 +794,6 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *session, int lock) {
|
|
898
794
|
}
|
899
795
|
|
900
796
|
if (ret) {
|
901
|
-
found_session->not_resumable = 1;
|
902
797
|
if (ctx->remove_session_cb != NULL) {
|
903
798
|
ctx->remove_session_cb(ctx, found_session);
|
904
799
|
}
|
@@ -909,18 +804,6 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *session, int lock) {
|
|
909
804
|
return ret;
|
910
805
|
}
|
911
806
|
|
912
|
-
int SSL_set_session(SSL *ssl, SSL_SESSION *session) {
|
913
|
-
/* SSL_set_session may only be called before the handshake has started. */
|
914
|
-
if (ssl->s3->initial_handshake_complete ||
|
915
|
-
ssl->s3->hs == NULL ||
|
916
|
-
ssl->s3->hs->state != SSL_ST_INIT) {
|
917
|
-
abort();
|
918
|
-
}
|
919
|
-
|
920
|
-
ssl_set_session(ssl, session);
|
921
|
-
return 1;
|
922
|
-
}
|
923
|
-
|
924
807
|
void ssl_set_session(SSL *ssl, SSL_SESSION *session) {
|
925
808
|
if (ssl->session == session) {
|
926
809
|
return;
|
@@ -933,22 +816,306 @@ void ssl_set_session(SSL *ssl, SSL_SESSION *session) {
|
|
933
816
|
}
|
934
817
|
}
|
935
818
|
|
936
|
-
|
819
|
+
// locked by SSL_CTX in the calling function
|
820
|
+
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *session) {
|
821
|
+
if (session->next == NULL || session->prev == NULL) {
|
822
|
+
return;
|
823
|
+
}
|
824
|
+
|
825
|
+
if (session->next == (SSL_SESSION *)&ctx->session_cache_tail) {
|
826
|
+
// last element in list
|
827
|
+
if (session->prev == (SSL_SESSION *)&ctx->session_cache_head) {
|
828
|
+
// only one element in list
|
829
|
+
ctx->session_cache_head = NULL;
|
830
|
+
ctx->session_cache_tail = NULL;
|
831
|
+
} else {
|
832
|
+
ctx->session_cache_tail = session->prev;
|
833
|
+
session->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
|
834
|
+
}
|
835
|
+
} else {
|
836
|
+
if (session->prev == (SSL_SESSION *)&ctx->session_cache_head) {
|
837
|
+
// first element in list
|
838
|
+
ctx->session_cache_head = session->next;
|
839
|
+
session->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
|
840
|
+
} else { // middle of list
|
841
|
+
session->next->prev = session->prev;
|
842
|
+
session->prev->next = session->next;
|
843
|
+
}
|
844
|
+
}
|
845
|
+
session->prev = session->next = NULL;
|
846
|
+
}
|
847
|
+
|
848
|
+
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *session) {
|
849
|
+
if (session->next != NULL && session->prev != NULL) {
|
850
|
+
SSL_SESSION_list_remove(ctx, session);
|
851
|
+
}
|
852
|
+
|
853
|
+
if (ctx->session_cache_head == NULL) {
|
854
|
+
ctx->session_cache_head = session;
|
855
|
+
ctx->session_cache_tail = session;
|
856
|
+
session->prev = (SSL_SESSION *)&(ctx->session_cache_head);
|
857
|
+
session->next = (SSL_SESSION *)&(ctx->session_cache_tail);
|
858
|
+
} else {
|
859
|
+
session->next = ctx->session_cache_head;
|
860
|
+
session->next->prev = session;
|
861
|
+
session->prev = (SSL_SESSION *)&(ctx->session_cache_head);
|
862
|
+
ctx->session_cache_head = session;
|
863
|
+
}
|
864
|
+
}
|
865
|
+
|
866
|
+
} // namespace bssl
|
867
|
+
|
868
|
+
using namespace bssl;
|
869
|
+
|
870
|
+
SSL_SESSION *SSL_SESSION_new(const SSL_CTX *ctx) {
|
871
|
+
return ssl_session_new(ctx->x509_method).release();
|
872
|
+
}
|
873
|
+
|
874
|
+
int SSL_SESSION_up_ref(SSL_SESSION *session) {
|
875
|
+
CRYPTO_refcount_inc(&session->references);
|
876
|
+
return 1;
|
877
|
+
}
|
878
|
+
|
879
|
+
void SSL_SESSION_free(SSL_SESSION *session) {
|
880
|
+
if (session == NULL ||
|
881
|
+
!CRYPTO_refcount_dec_and_test_zero(&session->references)) {
|
882
|
+
return;
|
883
|
+
}
|
884
|
+
|
885
|
+
CRYPTO_free_ex_data(&g_ex_data_class, session, &session->ex_data);
|
886
|
+
|
887
|
+
OPENSSL_cleanse(session->master_key, sizeof(session->master_key));
|
888
|
+
OPENSSL_cleanse(session->session_id, sizeof(session->session_id));
|
889
|
+
sk_CRYPTO_BUFFER_pop_free(session->certs, CRYPTO_BUFFER_free);
|
890
|
+
session->x509_method->session_clear(session);
|
891
|
+
OPENSSL_free(session->tlsext_tick);
|
892
|
+
CRYPTO_BUFFER_free(session->signed_cert_timestamp_list);
|
893
|
+
CRYPTO_BUFFER_free(session->ocsp_response);
|
894
|
+
OPENSSL_free(session->psk_identity);
|
895
|
+
OPENSSL_free(session->early_alpn);
|
896
|
+
OPENSSL_free(session);
|
897
|
+
}
|
898
|
+
|
899
|
+
const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *session,
|
900
|
+
unsigned *out_len) {
|
901
|
+
if (out_len != NULL) {
|
902
|
+
*out_len = session->session_id_length;
|
903
|
+
}
|
904
|
+
return session->session_id;
|
905
|
+
}
|
906
|
+
|
907
|
+
uint32_t SSL_SESSION_get_timeout(const SSL_SESSION *session) {
|
908
|
+
return session->timeout;
|
909
|
+
}
|
910
|
+
|
911
|
+
uint64_t SSL_SESSION_get_time(const SSL_SESSION *session) {
|
912
|
+
if (session == NULL) {
|
913
|
+
// NULL should crash, but silently accept it here for compatibility.
|
914
|
+
return 0;
|
915
|
+
}
|
916
|
+
return session->time;
|
917
|
+
}
|
918
|
+
|
919
|
+
X509 *SSL_SESSION_get0_peer(const SSL_SESSION *session) {
|
920
|
+
return session->x509_peer;
|
921
|
+
}
|
922
|
+
|
923
|
+
size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, uint8_t *out,
|
924
|
+
size_t max_out) {
|
925
|
+
// TODO(davidben): Fix master_key_length's type and remove these casts.
|
926
|
+
if (max_out == 0) {
|
927
|
+
return (size_t)session->master_key_length;
|
928
|
+
}
|
929
|
+
if (max_out > (size_t)session->master_key_length) {
|
930
|
+
max_out = (size_t)session->master_key_length;
|
931
|
+
}
|
932
|
+
OPENSSL_memcpy(out, session->master_key, max_out);
|
933
|
+
return max_out;
|
934
|
+
}
|
935
|
+
|
936
|
+
uint64_t SSL_SESSION_set_time(SSL_SESSION *session, uint64_t time) {
|
937
|
+
if (session == NULL) {
|
938
|
+
return 0;
|
939
|
+
}
|
940
|
+
|
941
|
+
session->time = time;
|
942
|
+
return time;
|
943
|
+
}
|
944
|
+
|
945
|
+
uint32_t SSL_SESSION_set_timeout(SSL_SESSION *session, uint32_t timeout) {
|
946
|
+
if (session == NULL) {
|
947
|
+
return 0;
|
948
|
+
}
|
949
|
+
|
950
|
+
session->timeout = timeout;
|
951
|
+
session->auth_timeout = timeout;
|
952
|
+
return 1;
|
953
|
+
}
|
954
|
+
|
955
|
+
int SSL_SESSION_set1_id_context(SSL_SESSION *session, const uint8_t *sid_ctx,
|
956
|
+
size_t sid_ctx_len) {
|
957
|
+
if (sid_ctx_len > sizeof(session->sid_ctx)) {
|
958
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
|
959
|
+
return 0;
|
960
|
+
}
|
961
|
+
|
962
|
+
static_assert(sizeof(session->sid_ctx) < 256, "sid_ctx_len does not fit");
|
963
|
+
session->sid_ctx_length = (uint8_t)sid_ctx_len;
|
964
|
+
OPENSSL_memcpy(session->sid_ctx, sid_ctx, sid_ctx_len);
|
965
|
+
|
966
|
+
return 1;
|
967
|
+
}
|
968
|
+
|
969
|
+
int SSL_SESSION_should_be_single_use(const SSL_SESSION *session) {
|
970
|
+
return ssl_session_protocol_version(session) >= TLS1_3_VERSION;
|
971
|
+
}
|
972
|
+
|
973
|
+
int SSL_SESSION_is_resumable(const SSL_SESSION *session) {
|
974
|
+
return !session->not_resumable;
|
975
|
+
}
|
976
|
+
|
977
|
+
int SSL_SESSION_has_ticket(const SSL_SESSION *session) {
|
978
|
+
return session->tlsext_ticklen > 0;
|
979
|
+
}
|
980
|
+
|
981
|
+
void SSL_SESSION_get0_ticket(const SSL_SESSION *session,
|
982
|
+
const uint8_t **out_ticket, size_t *out_len) {
|
983
|
+
if (out_ticket != nullptr) {
|
984
|
+
*out_ticket = session->tlsext_tick;
|
985
|
+
}
|
986
|
+
*out_len = session->tlsext_ticklen;
|
987
|
+
}
|
988
|
+
|
989
|
+
uint32_t SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session) {
|
990
|
+
return session->tlsext_tick_lifetime_hint;
|
991
|
+
}
|
992
|
+
|
993
|
+
SSL_SESSION *SSL_magic_pending_session_ptr(void) {
|
994
|
+
return (SSL_SESSION *)&g_pending_session_magic;
|
995
|
+
}
|
996
|
+
|
997
|
+
SSL_SESSION *SSL_get_session(const SSL *ssl) {
|
998
|
+
// Once the handshake completes we return the established session. Otherwise
|
999
|
+
// we return the intermediate session, either |session| (for resumption) or
|
1000
|
+
// |new_session| if doing a full handshake.
|
1001
|
+
if (!SSL_in_init(ssl)) {
|
1002
|
+
return ssl->s3->established_session;
|
1003
|
+
}
|
1004
|
+
SSL_HANDSHAKE *hs = ssl->s3->hs;
|
1005
|
+
if (hs->early_session) {
|
1006
|
+
return hs->early_session.get();
|
1007
|
+
}
|
1008
|
+
if (hs->new_session) {
|
1009
|
+
return hs->new_session.get();
|
1010
|
+
}
|
1011
|
+
return ssl->session;
|
1012
|
+
}
|
1013
|
+
|
1014
|
+
SSL_SESSION *SSL_get1_session(SSL *ssl) {
|
1015
|
+
SSL_SESSION *ret = SSL_get_session(ssl);
|
1016
|
+
if (ret != NULL) {
|
1017
|
+
SSL_SESSION_up_ref(ret);
|
1018
|
+
}
|
1019
|
+
return ret;
|
1020
|
+
}
|
1021
|
+
|
1022
|
+
int SSL_SESSION_get_ex_new_index(long argl, void *argp,
|
1023
|
+
CRYPTO_EX_unused *unused,
|
1024
|
+
CRYPTO_EX_dup *dup_unused,
|
1025
|
+
CRYPTO_EX_free *free_func) {
|
1026
|
+
int index;
|
1027
|
+
if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
|
1028
|
+
free_func)) {
|
1029
|
+
return -1;
|
1030
|
+
}
|
1031
|
+
return index;
|
1032
|
+
}
|
1033
|
+
|
1034
|
+
int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg) {
|
1035
|
+
return CRYPTO_set_ex_data(&session->ex_data, idx, arg);
|
1036
|
+
}
|
1037
|
+
|
1038
|
+
void *SSL_SESSION_get_ex_data(const SSL_SESSION *session, int idx) {
|
1039
|
+
return CRYPTO_get_ex_data(&session->ex_data, idx);
|
1040
|
+
}
|
1041
|
+
|
1042
|
+
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session) {
|
1043
|
+
// Although |session| is inserted into two structures (a doubly-linked list
|
1044
|
+
// and the hash table), |ctx| only takes one reference.
|
1045
|
+
SSL_SESSION_up_ref(session);
|
1046
|
+
UniquePtr<SSL_SESSION> owned_session(session);
|
1047
|
+
|
1048
|
+
SSL_SESSION *old_session;
|
1049
|
+
MutexWriteLock lock(&ctx->lock);
|
1050
|
+
if (!lh_SSL_SESSION_insert(ctx->sessions, &old_session, session)) {
|
1051
|
+
return 0;
|
1052
|
+
}
|
1053
|
+
// |ctx->sessions| took ownership of |session| and gave us back a reference to
|
1054
|
+
// |old_session|. (|old_session| may be the same as |session|, in which case
|
1055
|
+
// we traded identical references with |ctx->sessions|.)
|
1056
|
+
owned_session.release();
|
1057
|
+
owned_session.reset(old_session);
|
1058
|
+
|
1059
|
+
if (old_session != NULL) {
|
1060
|
+
if (old_session == session) {
|
1061
|
+
// |session| was already in the cache. There are no linked list pointers
|
1062
|
+
// to update.
|
1063
|
+
return 0;
|
1064
|
+
}
|
1065
|
+
|
1066
|
+
// There was a session ID collision. |old_session| was replaced with
|
1067
|
+
// |session| in the hash table, so |old_session| must be removed from the
|
1068
|
+
// linked list to match.
|
1069
|
+
SSL_SESSION_list_remove(ctx, old_session);
|
1070
|
+
}
|
1071
|
+
|
1072
|
+
SSL_SESSION_list_add(ctx, session);
|
1073
|
+
|
1074
|
+
// Enforce any cache size limits.
|
1075
|
+
if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
|
1076
|
+
while (lh_SSL_SESSION_num_items(ctx->sessions) >
|
1077
|
+
SSL_CTX_sess_get_cache_size(ctx)) {
|
1078
|
+
if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) {
|
1079
|
+
break;
|
1080
|
+
}
|
1081
|
+
}
|
1082
|
+
}
|
1083
|
+
|
1084
|
+
return 1;
|
1085
|
+
}
|
1086
|
+
|
1087
|
+
int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session) {
|
1088
|
+
return remove_session_lock(ctx, session, 1);
|
1089
|
+
}
|
1090
|
+
|
1091
|
+
int SSL_set_session(SSL *ssl, SSL_SESSION *session) {
|
1092
|
+
// SSL_set_session may only be called before the handshake has started.
|
1093
|
+
if (ssl->s3->initial_handshake_complete ||
|
1094
|
+
ssl->s3->hs == NULL ||
|
1095
|
+
ssl->s3->hs->state != 0) {
|
1096
|
+
abort();
|
1097
|
+
}
|
1098
|
+
|
1099
|
+
ssl_set_session(ssl, session);
|
1100
|
+
return 1;
|
1101
|
+
}
|
1102
|
+
|
1103
|
+
uint32_t SSL_CTX_set_timeout(SSL_CTX *ctx, uint32_t timeout) {
|
937
1104
|
if (ctx == NULL) {
|
938
1105
|
return 0;
|
939
1106
|
}
|
940
1107
|
|
941
|
-
|
1108
|
+
// Historically, zero was treated as |SSL_DEFAULT_SESSION_TIMEOUT|.
|
942
1109
|
if (timeout == 0) {
|
943
1110
|
timeout = SSL_DEFAULT_SESSION_TIMEOUT;
|
944
1111
|
}
|
945
1112
|
|
946
|
-
|
1113
|
+
uint32_t old_timeout = ctx->session_timeout;
|
947
1114
|
ctx->session_timeout = timeout;
|
948
1115
|
return old_timeout;
|
949
1116
|
}
|
950
1117
|
|
951
|
-
|
1118
|
+
uint32_t SSL_CTX_get_timeout(const SSL_CTX *ctx) {
|
952
1119
|
if (ctx == NULL) {
|
953
1120
|
return 0;
|
954
1121
|
}
|
@@ -956,27 +1123,26 @@ long SSL_CTX_get_timeout(const SSL_CTX *ctx) {
|
|
956
1123
|
return ctx->session_timeout;
|
957
1124
|
}
|
958
1125
|
|
959
|
-
void SSL_CTX_set_session_psk_dhe_timeout(SSL_CTX *ctx,
|
1126
|
+
void SSL_CTX_set_session_psk_dhe_timeout(SSL_CTX *ctx, uint32_t timeout) {
|
960
1127
|
ctx->session_psk_dhe_timeout = timeout;
|
961
1128
|
}
|
962
1129
|
|
963
1130
|
typedef struct timeout_param_st {
|
964
1131
|
SSL_CTX *ctx;
|
965
|
-
|
1132
|
+
uint64_t time;
|
966
1133
|
LHASH_OF(SSL_SESSION) *cache;
|
967
1134
|
} TIMEOUT_PARAM;
|
968
1135
|
|
969
1136
|
static void timeout_doall_arg(SSL_SESSION *session, void *void_param) {
|
970
|
-
TIMEOUT_PARAM *param = void_param;
|
1137
|
+
TIMEOUT_PARAM *param = reinterpret_cast<TIMEOUT_PARAM *>(void_param);
|
971
1138
|
|
972
1139
|
if (param->time == 0 ||
|
1140
|
+
session->time + session->timeout < session->time ||
|
973
1141
|
param->time > (session->time + session->timeout)) {
|
974
|
-
|
975
|
-
|
976
|
-
* save on locking overhead */
|
1142
|
+
// The reason we don't call SSL_CTX_remove_session() is to
|
1143
|
+
// save on locking overhead
|
977
1144
|
(void) lh_SSL_SESSION_delete(param->cache, session);
|
978
1145
|
SSL_SESSION_list_remove(param->ctx, session);
|
979
|
-
session->not_resumable = 1;
|
980
1146
|
if (param->ctx->remove_session_cb != NULL) {
|
981
1147
|
param->ctx->remove_session_cb(param->ctx, session);
|
982
1148
|
}
|
@@ -984,7 +1150,7 @@ static void timeout_doall_arg(SSL_SESSION *session, void *void_param) {
|
|
984
1150
|
}
|
985
1151
|
}
|
986
1152
|
|
987
|
-
void SSL_CTX_flush_sessions(SSL_CTX *ctx,
|
1153
|
+
void SSL_CTX_flush_sessions(SSL_CTX *ctx, uint64_t time) {
|
988
1154
|
TIMEOUT_PARAM tp;
|
989
1155
|
|
990
1156
|
tp.ctx = ctx;
|
@@ -993,56 +1159,8 @@ void SSL_CTX_flush_sessions(SSL_CTX *ctx, long time) {
|
|
993
1159
|
return;
|
994
1160
|
}
|
995
1161
|
tp.time = time;
|
996
|
-
|
1162
|
+
MutexWriteLock lock(&ctx->lock);
|
997
1163
|
lh_SSL_SESSION_doall_arg(tp.cache, timeout_doall_arg, &tp);
|
998
|
-
CRYPTO_MUTEX_unlock_write(&ctx->lock);
|
999
|
-
}
|
1000
|
-
|
1001
|
-
/* locked by SSL_CTX in the calling function */
|
1002
|
-
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *session) {
|
1003
|
-
if (session->next == NULL || session->prev == NULL) {
|
1004
|
-
return;
|
1005
|
-
}
|
1006
|
-
|
1007
|
-
if (session->next == (SSL_SESSION *)&ctx->session_cache_tail) {
|
1008
|
-
/* last element in list */
|
1009
|
-
if (session->prev == (SSL_SESSION *)&ctx->session_cache_head) {
|
1010
|
-
/* only one element in list */
|
1011
|
-
ctx->session_cache_head = NULL;
|
1012
|
-
ctx->session_cache_tail = NULL;
|
1013
|
-
} else {
|
1014
|
-
ctx->session_cache_tail = session->prev;
|
1015
|
-
session->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
|
1016
|
-
}
|
1017
|
-
} else {
|
1018
|
-
if (session->prev == (SSL_SESSION *)&ctx->session_cache_head) {
|
1019
|
-
/* first element in list */
|
1020
|
-
ctx->session_cache_head = session->next;
|
1021
|
-
session->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
|
1022
|
-
} else { /* middle of list */
|
1023
|
-
session->next->prev = session->prev;
|
1024
|
-
session->prev->next = session->next;
|
1025
|
-
}
|
1026
|
-
}
|
1027
|
-
session->prev = session->next = NULL;
|
1028
|
-
}
|
1029
|
-
|
1030
|
-
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *session) {
|
1031
|
-
if (session->next != NULL && session->prev != NULL) {
|
1032
|
-
SSL_SESSION_list_remove(ctx, session);
|
1033
|
-
}
|
1034
|
-
|
1035
|
-
if (ctx->session_cache_head == NULL) {
|
1036
|
-
ctx->session_cache_head = session;
|
1037
|
-
ctx->session_cache_tail = session;
|
1038
|
-
session->prev = (SSL_SESSION *)&(ctx->session_cache_head);
|
1039
|
-
session->next = (SSL_SESSION *)&(ctx->session_cache_tail);
|
1040
|
-
} else {
|
1041
|
-
session->next = ctx->session_cache_head;
|
1042
|
-
session->next->prev = session;
|
1043
|
-
session->prev = (SSL_SESSION *)&(ctx->session_cache_head);
|
1044
|
-
ctx->session_cache_head = session;
|
1045
|
-
}
|
1046
1164
|
}
|
1047
1165
|
|
1048
1166
|
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
|
@@ -1065,14 +1183,21 @@ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX *ctx,
|
|
1065
1183
|
}
|
1066
1184
|
|
1067
1185
|
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
|
1068
|
-
SSL_SESSION *(*cb)(SSL *ssl,
|
1069
|
-
|
1070
|
-
int *out_copy)) {
|
1186
|
+
SSL_SESSION *(*cb)(SSL *ssl, const uint8_t *id,
|
1187
|
+
int id_len, int *out_copy)) {
|
1071
1188
|
ctx->get_session_cb = cb;
|
1072
1189
|
}
|
1073
1190
|
|
1074
|
-
|
1075
|
-
|
1191
|
+
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
|
1192
|
+
SSL_SESSION *(*cb)(SSL *ssl, uint8_t *id,
|
1193
|
+
int id_len, int *out_copy)) {
|
1194
|
+
ctx->get_session_cb_legacy = cb;
|
1195
|
+
}
|
1196
|
+
|
1197
|
+
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
|
1198
|
+
const uint8_t *id,
|
1199
|
+
int id_len,
|
1200
|
+
int *out_copy) {
|
1076
1201
|
return ctx->get_session_cb;
|
1077
1202
|
}
|
1078
1203
|
|