Add flags field to SSL_SESSION.

Add a "flags" field to SSL_SESSION. This will contain various flags such as encrypt-then-mac and extended master secret support. Reviewed-by: N Tim Hudson <tjh@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>

Add flags field to SSL_SESSION.
Add a "flags" field to SSL_SESSION. This will contain various flags such as encrypt-then-mac and extended master secret support. Reviewed-by: N Tim Hudson <tjh@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>
6f152a15 · Dr. Stephen Henson · 52e028b9 · 6f152a15 · 6f152a15
隐藏空白更改
内联并排

Showing with 28 addition and 0 deletion

ssl/ssl_asn1.c ssl/ssl_asn1.c +23 -0

ssl/ssl_locl.h ssl/ssl_locl.h +5 -0

未找到文件。
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -115,6 +115,7 @@ typedef struct ssl_session_asn1_st {
 #ifndef OPENSSL_NO_SRP
    ASN1_OCTET_STRING srp_username;
 #endif                          /* OPENSSL_NO_SRP */
+    ASN1_INTEGER flags;
 } SSL_SESSION_ASN1;

 int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
@@ -134,6 +135,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 #ifndef OPENSSL_NO_SRP
    int v12 = 0;
 #endif
+    unsigned char fbuf[LSIZE2];
+    int v13 = 0;
    long l;
    SSL_SESSION_ASN1 a;
    M_ASN1_I2D_vars(in);
@@ -256,6 +259,13 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
    }
 #endif                          /* OPENSSL_NO_SRP */

+    if (in->flags) {
+        a.flags.length = LSIZE2;
+        a.flags.type = V_ASN1_INTEGER;
+        a.flags.data = fbuf;
+        ASN1_INTEGER_set(&a.flags, in->flags);
+    }
+
    M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
    M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
    M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
@@ -304,6 +314,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12,
                               v12);
 #endif                          /* OPENSSL_NO_SRP */
+    if (in->flags)
+        M_ASN1_I2D_len_EXP_opt(&(a.flags), i2d_ASN1_INTEGER, 13, v13);

    M_ASN1_I2D_seq_total();

@@ -356,6 +368,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12,
                               v12);
 #endif                          /* OPENSSL_NO_SRP */
+    if (in->flags)
+        M_ASN1_I2D_put_EXP_opt(&a.flags, i2d_ASN1_INTEGER, 13, v13);
    M_ASN1_I2D_finish();
 }

@@ -593,6 +607,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
    } else
        ret->srp_username = NULL;
 #endif                          /* OPENSSL_NO_SRP */
+    ai.length = 0;
+    M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 13);
+    if (ai.data != NULL) {
+        ret->flags = ASN1_INTEGER_get(aip);
+        OPENSSL_free(ai.data);
+        ai.data = NULL;
+        ai.length = 0;
+    } else
+        ret->flags = 0;

    M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);
 }
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -597,6 +597,7 @@ struct ssl_method_st {
 *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
 *      Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
 *      SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
+ *      flags [ 13 ] EXPLICIT INTEGER -- optional flags
 *      }
 * Look in ssl/ssl_asn1.c for more details
 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
@@ -674,8 +675,12 @@ struct ssl_session_st {
 # ifndef OPENSSL_NO_SRP
    char *srp_username;
 # endif
+    long flags;
 };

+/* Extended master secret support */
+#  define SSL_SESS_FLAG_EXTMS             0x1
+

 # ifndef OPENSSL_NO_SRP