Document functions acting on an SSL_SESSION.

Change-Id: I0b4386d1972af0ac10db397716de8161810a87f4
Reviewed-on: https://boringssl-review.googlesource.com/5877
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2015-09-13 14:07:33 -04:00 committed by Adam Langley
parent 79c117a4ac
commit a6b8cdfbe9
4 changed files with 103 additions and 70 deletions

View File

@ -235,6 +235,7 @@ typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_ctx_st SSL_CTX; typedef struct ssl_ctx_st SSL_CTX;
typedef struct ssl_custom_extension SSL_CUSTOM_EXTENSION; typedef struct ssl_custom_extension SSL_CUSTOM_EXTENSION;
typedef struct ssl_method_st SSL_METHOD; typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_session_st SSL_SESSION;
typedef struct ssl_st SSL; typedef struct ssl_st SSL;
typedef struct st_ERR_FNS ERR_FNS; typedef struct st_ERR_FNS ERR_FNS;
typedef struct v3_ext_ctx X509V3_CTX; typedef struct v3_ext_ctx X509V3_CTX;

View File

@ -1049,6 +1049,89 @@ OPENSSL_EXPORT int SSL_CTX_add_server_custom_ext(
SSL_custom_ext_parse_cb parse_cb, void *parse_arg); SSL_custom_ext_parse_cb parse_cb, void *parse_arg);
/* Sessions.
*
* An |SSL_SESSION| represents an SSL session that may be resumed in an
* abbreviated handshake. It is reference-counted and immutable. Once
* established, an |SSL_SESSION| may be shared by multiple |SSL| objects on
* different threads and must not be modified. */
/* SSL_SESSION_new returns a newly-allocated blank |SSL_SESSION| or NULL on
* error. This may be useful in writing tests but otherwise should not be
* used outside the library. */
OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_new(void);
/* SSL_SESSION_up_ref, if |session| is not NULL, increments the reference count
* of |session|. It then returns |session|. */
OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_up_ref(SSL_SESSION *session);
/* SSL_SESSION_free decrements the reference count of |session|. If it reaches
* zero, all data referenced by |session| and |session| itself are released. */
OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *session);
/* SSL_SESSION_to_bytes serializes |in| into a newly allocated buffer and sets
* |*out_data| to that buffer and |*out_len| to its length. The caller takes
* ownership of the buffer and must call |OPENSSL_free| when done. It returns
* one on success and zero on error. */
OPENSSL_EXPORT int SSL_SESSION_to_bytes(SSL_SESSION *in, uint8_t **out_data,
size_t *out_len);
/* SSL_SESSION_to_bytes_for_ticket serializes |in|, but excludes the session
* identification information, namely the session ID and ticket. */
OPENSSL_EXPORT int SSL_SESSION_to_bytes_for_ticket(SSL_SESSION *in,
uint8_t **out_data,
size_t *out_len);
/* SSL_SESSION_from_bytes parses |in_len| bytes from |in| as an SSL_SESSION. It
* returns a newly-allocated |SSL_SESSION| on success or NULL on error. */
OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_from_bytes(const uint8_t *in,
size_t in_len);
/* SSL_SESSION_get_version returns a string describing the TLS version |session|
* was established at. For example, "TLSv1.2" or "SSLv3". */
OPENSSL_EXPORT const char *SSL_SESSION_get_version(const SSL_SESSION *session);
/* SSL_SESSION_get_id returns a pointer to a buffer containg |session|'s session
* ID and sets |*out_len| to its length. */
OPENSSL_EXPORT const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *session,
unsigned *out_len);
/* SSL_SESSION_get_time returns the time at which |session| was established in
* seconds since the UNIX epoch. */
OPENSSL_EXPORT long SSL_SESSION_get_time(const SSL_SESSION *session);
/* SSL_SESSION_get_timeout returns the lifetime of |session| in seconds. */
OPENSSL_EXPORT long SSL_SESSION_get_timeout(const SSL_SESSION *session);
/* SSL_SESSION_get_key_exchange_info returns a value that describes the
* strength of the asymmetric operation that provides confidentiality to
* |session|. Its interpretation depends on the operation used. See the
* documentation for this value in the |SSL_SESSION| structure. */
OPENSSL_EXPORT uint32_t SSL_SESSION_get_key_exchange_info(SSL_SESSION *session);
/* SSL_SESSION_get0_peer return's the peer leaf certificate stored in
* |session|. */
OPENSSL_EXPORT X509 *SSL_SESSION_get0_peer(SSL_SESSION *session);
/* SSL_SESSION_set_time sets |session|'s creation time to |time| and returns
* |time|. This function may be useful in writing tests but otherwise should not
* be used. */
OPENSSL_EXPORT long SSL_SESSION_set_time(SSL_SESSION *session, long time);
/* SSL_SESSION_set_time sets |session|'s timeout to |timeout| and returns one.
* This function may be useful in writing tests but otherwise should not be
* used. */
OPENSSL_EXPORT long SSL_SESSION_set_timeout(SSL_SESSION *session, long timeout);
/* SSL_SESSION_set1_id_context sets |session|'s session ID context (see
* |SSL_CTX_set_session_id_context|) to |sid_ctx|. It returns one on success and
* zero on error. This function may be useful in writing tests but otherwise
* should not be used. */
OPENSSL_EXPORT int SSL_SESSION_set1_id_context(SSL_SESSION *session,
const uint8_t *sid_ctx,
unsigned sid_ctx_len);
/* Session tickets. */ /* Session tickets. */
/* SSL_CTX_get_tlsext_ticket_keys writes |ctx|'s session ticket key material to /* SSL_CTX_get_tlsext_ticket_keys writes |ctx|'s session ticket key material to
@ -1186,11 +1269,6 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb(
#define SSL_RECEIVED_SHUTDOWN 2 #define SSL_RECEIVED_SHUTDOWN 2
typedef struct ssl_protocol_method_st SSL_PROTOCOL_METHOD; typedef struct ssl_protocol_method_st SSL_PROTOCOL_METHOD;
/* An SSL_SESSION represents an SSL session that may be resumed in an
* abbreviated handshake. */
typedef struct ssl_session_st SSL_SESSION;
typedef struct ssl_conf_ctx_st SSL_CONF_CTX; typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
typedef struct ssl3_enc_method SSL3_ENC_METHOD; typedef struct ssl3_enc_method SSL3_ENC_METHOD;
@ -1770,36 +1848,10 @@ OPENSSL_EXPORT int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *
OPENSSL_EXPORT const char *SSL_state_string(const SSL *s); OPENSSL_EXPORT const char *SSL_state_string(const SSL *s);
OPENSSL_EXPORT const char *SSL_state_string_long(const SSL *s); OPENSSL_EXPORT const char *SSL_state_string_long(const SSL *s);
OPENSSL_EXPORT long SSL_SESSION_get_time(const SSL_SESSION *s);
OPENSSL_EXPORT long SSL_SESSION_set_time(SSL_SESSION *s, long t);
OPENSSL_EXPORT long SSL_SESSION_get_timeout(const SSL_SESSION *s);
OPENSSL_EXPORT long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
/* SSL_SESSION_get_key_exchange_info returns a value that describes the
* strength of the asymmetric operation that provides confidentiality to
* |session|. Its interpretation depends on the operation used. See the
* documentation for this value in the |SSL_SESSION| structure. */
OPENSSL_EXPORT uint32_t SSL_SESSION_get_key_exchange_info(SSL_SESSION *session);
OPENSSL_EXPORT X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
OPENSSL_EXPORT int SSL_SESSION_set1_id_context(SSL_SESSION *s,
const uint8_t *sid_ctx,
unsigned int sid_ctx_len);
OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_new(void);
OPENSSL_EXPORT const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *s,
unsigned int *len);
OPENSSL_EXPORT int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); OPENSSL_EXPORT int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
OPENSSL_EXPORT int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); OPENSSL_EXPORT int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
/* SSL_SESSION_up_ref, if |session| is not NULL, increments the reference count
* of |session|. It then returns |session|. */
OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_up_ref(SSL_SESSION *session);
/* SSL_SESSION_free decrements the reference count of |session|. If it reaches
* zero, all data referenced by |session| and |session| itself are released. */
OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *session);
OPENSSL_EXPORT int SSL_set_session(SSL *to, SSL_SESSION *session); OPENSSL_EXPORT int SSL_set_session(SSL *to, SSL_SESSION *session);
OPENSSL_EXPORT int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); OPENSSL_EXPORT int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
OPENSSL_EXPORT int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); OPENSSL_EXPORT int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
@ -1809,24 +1861,6 @@ OPENSSL_EXPORT int SSL_has_matching_session_id(const SSL *ssl,
const uint8_t *id, const uint8_t *id,
unsigned int id_len); unsigned int id_len);
/* SSL_SESSION_to_bytes serializes |in| into a newly allocated buffer and sets
* |*out_data| to that buffer and |*out_len| to its length. The caller takes
* ownership of the buffer and must call |OPENSSL_free| when done. It returns
* one on success and zero on error. */
OPENSSL_EXPORT int SSL_SESSION_to_bytes(SSL_SESSION *in, uint8_t **out_data,
size_t *out_len);
/* SSL_SESSION_to_bytes_for_ticket serializes |in|, but excludes the session
* identification information, namely the session ID and ticket. */
OPENSSL_EXPORT int SSL_SESSION_to_bytes_for_ticket(SSL_SESSION *in,
uint8_t **out_data,
size_t *out_len);
/* SSL_SESSION_from_bytes parses |in_len| bytes from |in| as an SSL_SESSION. It
* returns a newly-allocated |SSL_SESSION| on success or NULL on error. */
OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_from_bytes(const uint8_t *in,
size_t in_len);
OPENSSL_EXPORT int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); OPENSSL_EXPORT int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
OPENSSL_EXPORT int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); OPENSSL_EXPORT int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
OPENSSL_EXPORT int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))( OPENSSL_EXPORT int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(
@ -1863,9 +1897,6 @@ OPENSSL_EXPORT X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
/* SSL_get_version returns a string describing the TLS version used by |s|. For /* SSL_get_version returns a string describing the TLS version used by |s|. For
* example, "TLSv1.2" or "SSLv3". */ * example, "TLSv1.2" or "SSLv3". */
OPENSSL_EXPORT const char *SSL_get_version(const SSL *s); OPENSSL_EXPORT const char *SSL_get_version(const SSL *s);
/* SSL_SESSION_get_version returns a string describing the TLS version used by
* |sess|. For example, "TLSv1.2" or "SSLv3". */
OPENSSL_EXPORT const char *SSL_SESSION_get_version(const SSL_SESSION *sess);
/* SSL_get_curve_name returns a human-readable name for the elliptic curve /* SSL_get_curve_name returns a human-readable name for the elliptic curve
* specified by the given TLS curve id, or NULL if the curve if unknown. */ * specified by the given TLS curve id, or NULL if the curve if unknown. */

View File

@ -2050,8 +2050,8 @@ const char *SSL_get_version(const SSL *s) {
return ssl_get_version(s->version); return ssl_get_version(s->version);
} }
const char *SSL_SESSION_get_version(const SSL_SESSION *sess) { const char *SSL_SESSION_get_version(const SSL_SESSION *session) {
return ssl_get_version(sess->ssl_version); return ssl_get_version(session->ssl_version);
} }
const char* SSL_get_curve_name(uint16_t curve_id) { const char* SSL_get_curve_name(uint16_t curve_id) {

View File

@ -210,11 +210,12 @@ SSL_SESSION *SSL_SESSION_new(void) {
return ss; return ss;
} }
const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) { const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *session,
if (len) { unsigned *out_len) {
*len = s->session_id_length; if (out_len != NULL) {
*out_len = session->session_id_length;
} }
return s->session_id; return session->session_id;
} }
/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space.
@ -630,12 +631,12 @@ int SSL_set_session(SSL *s, SSL_SESSION *session) {
return 1; return 1;
} }
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) { long SSL_SESSION_set_timeout(SSL_SESSION *session, long timeout) {
if (s == NULL) { if (session == NULL) {
return 0; return 0;
} }
s->timeout = t; session->timeout = timeout;
return 1; return 1;
} }
@ -647,30 +648,30 @@ long SSL_SESSION_get_time(const SSL_SESSION *session) {
return session->time; return session->time;
} }
long SSL_SESSION_set_time(SSL_SESSION *s, long t) { long SSL_SESSION_set_time(SSL_SESSION *session, long time) {
if (s == NULL) { if (session == NULL) {
return 0; return 0;
} }
s->time = t; session->time = time;
return t; return time;
} }
uint32_t SSL_SESSION_get_key_exchange_info(SSL_SESSION *session) { uint32_t SSL_SESSION_get_key_exchange_info(SSL_SESSION *session) {
return session->key_exchange_info; return session->key_exchange_info;
} }
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) { return s->peer; } X509 *SSL_SESSION_get0_peer(SSL_SESSION *session) { return session->peer; }
int SSL_SESSION_set1_id_context(SSL_SESSION *s, const uint8_t *sid_ctx, int SSL_SESSION_set1_id_context(SSL_SESSION *session, const uint8_t *sid_ctx,
unsigned int sid_ctx_len) { unsigned sid_ctx_len) {
if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
return 0; return 0;
} }
s->sid_ctx_length = sid_ctx_len; session->sid_ctx_length = sid_ctx_len;
memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); memcpy(session->sid_ctx, sid_ctx, sid_ctx_len);
return 1; return 1;
} }