提交 c9598459 编写于 作者: M Matt Caswell

Add setters to set the early_data callback

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6469)
上级 5d263fb7
...@@ -2389,13 +2389,19 @@ int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); ...@@ -2389,13 +2389,19 @@ int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len);
extern const char SSL_version_str[]; extern const char SSL_version_str[];
typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us);
void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb);
typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg);
void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
SSL_allow_early_data_cb_fn cb,
void *arg);
void SSL_set_allow_early_data_cb(SSL *s,
SSL_allow_early_data_cb_fn cb,
void *arg);
# ifdef __cplusplus # ifdef __cplusplus
} }
# endif # endif
......
...@@ -805,6 +805,9 @@ SSL *SSL_new(SSL_CTX *ctx) ...@@ -805,6 +805,9 @@ SSL *SSL_new(SSL_CTX *ctx)
s->key_update = SSL_KEY_UPDATE_NONE; s->key_update = SSL_KEY_UPDATE_NONE;
s->allow_early_data_cb = ctx->allow_early_data_cb;
s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
if (!s->method->ssl_new(s)) if (!s->method->ssl_new(s))
goto err; goto err;
...@@ -5483,3 +5486,19 @@ int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, ...@@ -5483,3 +5486,19 @@ int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
ctx->ticket_cb_data = arg; ctx->ticket_cb_data = arg;
return 1; return 1;
} }
void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
SSL_allow_early_data_cb_fn cb,
void *arg)
{
ctx->allow_early_data_cb = cb;
ctx->allow_early_data_cb_data = arg;
}
void SSL_set_allow_early_data_cb(SSL *s,
SSL_allow_early_data_cb_fn cb,
void *arg)
{
s->allow_early_data_cb = cb;
s->allow_early_data_cb_data = arg;
}
...@@ -1047,6 +1047,10 @@ struct ssl_ctx_st { ...@@ -1047,6 +1047,10 @@ struct ssl_ctx_st {
/* The number of TLS1.3 tickets to automatically send */ /* The number of TLS1.3 tickets to automatically send */
size_t num_tickets; size_t num_tickets;
/* Callback to determine if early_data is acceptable or not */
SSL_allow_early_data_cb_fn allow_early_data_cb;
void *allow_early_data_cb_data;
}; };
struct ssl_st { struct ssl_st {
...@@ -1206,8 +1210,6 @@ struct ssl_st { ...@@ -1206,8 +1210,6 @@ struct ssl_st {
SSL_psk_find_session_cb_func psk_find_session_cb; SSL_psk_find_session_cb_func psk_find_session_cb;
SSL_psk_use_session_cb_func psk_use_session_cb; SSL_psk_use_session_cb_func psk_use_session_cb;
int (*allow_early_data_cb)(SSL *s, SSL_SESSION *sess);
SSL_CTX *ctx; SSL_CTX *ctx;
/* Verified chain of peer */ /* Verified chain of peer */
STACK_OF(X509) *verified_chain; STACK_OF(X509) *verified_chain;
...@@ -1427,6 +1429,10 @@ struct ssl_st { ...@@ -1427,6 +1429,10 @@ struct ssl_st {
size_t sent_tickets; size_t sent_tickets;
/* The next nonce value to use when we send a ticket on this connection */ /* The next nonce value to use when we send a ticket on this connection */
uint64_t next_ticket_nonce; uint64_t next_ticket_nonce;
/* Callback to determine if early_data is acceptable or not */
SSL_allow_early_data_cb_fn allow_early_data_cb;
void *allow_early_data_cb_data;
}; };
/* /*
......
...@@ -1622,7 +1622,10 @@ static int final_early_data(SSL *s, unsigned int context, int sent) ...@@ -1622,7 +1622,10 @@ static int final_early_data(SSL *s, unsigned int context, int sent)
|| s->session->ext.tick_identity != 0 || s->session->ext.tick_identity != 0
|| s->early_data_state != SSL_EARLY_DATA_ACCEPTING || s->early_data_state != SSL_EARLY_DATA_ACCEPTING
|| !s->ext.early_data_ok || !s->ext.early_data_ok
|| s->hello_retry_request != SSL_HRR_NONE) { || s->hello_retry_request != SSL_HRR_NONE
|| (s->ctx->allow_early_data_cb != NULL
&& !s->ctx->allow_early_data_cb(s,
s->ctx->allow_early_data_cb_data))) {
s->ext.early_data = SSL_EARLY_DATA_REJECTED; s->ext.early_data = SSL_EARLY_DATA_REJECTED;
} else { } else {
s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
......
...@@ -490,3 +490,5 @@ SSL_set_num_tickets 490 1_1_1 EXIST::FUNCTION: ...@@ -490,3 +490,5 @@ SSL_set_num_tickets 490 1_1_1 EXIST::FUNCTION:
SSL_CTX_get_num_tickets 491 1_1_1 EXIST::FUNCTION: SSL_CTX_get_num_tickets 491 1_1_1 EXIST::FUNCTION:
SSL_get_num_tickets 492 1_1_1 EXIST::FUNCTION: SSL_get_num_tickets 492 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_num_tickets 493 1_1_1 EXIST::FUNCTION: SSL_CTX_set_num_tickets 493 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_allow_early_data_cb 494 1_1_1 EXIST::FUNCTION:
SSL_set_allow_early_data_cb 495 1_1_1 EXIST::FUNCTION:
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册