diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-05-15 10:27:00 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-05-26 04:12:04 +0000 |
commit | d34a59be1fbada81ce56474bf16b3c2a094081a6 (patch) | |
tree | 44e6188e8705ba03bfc19fad3a4bcc4dc908cc74 | |
parent | 9e197e0cc1ffe9186bcdf1aff925316d93f232a2 (diff) | |
download | gnutls-d34a59be1fbada81ce56474bf16b3c2a094081a6.tar.gz |
gnutls_session_ticket_send: new function
Introduced in order for a server to be able to send an arbitrary
amount of tickets, at any time.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | lib/gnutls_int.h | 8 | ||||
-rw-r--r-- | lib/handshake-tls13.c | 46 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 2 | ||||
-rw-r--r-- | lib/libgnutls.map | 1 |
5 files changed, 57 insertions, 1 deletions
@@ -60,6 +60,7 @@ See the end for copying conditions. ** API and ABI modifications: gnutls_fips140_set_mode: Added gnutls_session_key_update: Added +gnutls_session_ticket_send: Added gnutls_ext_get_current_msg: Added gnutls_reauth: Added gnutls_ocsp_status_request_get2: Added diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index cc2003ae5f..367dbff83e 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2000-2016 Free Software Foundation, Inc. - * Copyright (C) 2015-2017 Red Hat, Inc. + * Copyright (C) 2015-2018 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -277,11 +277,16 @@ typedef enum bye_state_t { BYE_STATE0 = 0, BYE_STATE1, BYE_STATE2 } bye_state_t; +typedef enum send_ticket_state_t { + TICKET_STATE0 = 0, TICKET_STATE1 +} send_ticket_state_t; + typedef enum reauth_state_t { REAUTH_STATE0 = 0, REAUTH_STATE1, REAUTH_STATE2, REAUTH_STATE3, REAUTH_STATE4, REAUTH_STATE5 } reauth_state_t; +#define TICKET_STATE session->internals.ticket_state #define BYE_STATE session->internals.bye_state #define REAUTH_STATE session->internals.reauth_state @@ -1023,6 +1028,7 @@ typedef struct { * message */ bool resumable; /* TRUE or FALSE - if we can resume that session */ + send_ticket_state_t ticket_state; /* used by gnutls_session_ticket_send() */ bye_state_t bye_state; /* used by gnutls_bye() */ reauth_state_t reauth_state; /* used by gnutls_reauth() */ diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c index effc260566..2ebf20af5f 100644 --- a/lib/handshake-tls13.c +++ b/lib/handshake-tls13.c @@ -487,3 +487,49 @@ _gnutls13_recv_async_handshake(gnutls_session_t session, gnutls_buffer_st *buf) return 0; } +/** + * gnutls_session_ticket_send: + * @session: is a #gnutls_session_t type. + * @flags: must be zero + * + * Sends a fresh session ticket to the peer. This is relevant only + * in server side under TLS1.3. This function may also return %GNUTLS_E_AGAIN + * or %GNUTLS_E_INTERRUPTED. + * + * Returns: %GNUTLS_E_SUCCESS on success, or a negative error code. + **/ +int gnutls_session_ticket_send(gnutls_session_t session, unsigned flags) +{ + int ret = 0; + const version_entry_st *vers = get_version(session); + + if (!vers->tls13_sem || session->security_parameters.entity == GNUTLS_CLIENT) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + switch (TICKET_STATE) { + case TICKET_STATE0: + ret = _gnutls_io_write_flush(session); + TICKET_STATE = TICKET_STATE0; + if (ret < 0) { + gnutls_assert(); + return ret; + } + /* fall through */ + case TICKET_STATE1: + ret = + _gnutls13_send_session_ticket(session, TICKET_STATE==TICKET_STATE1?1:0); + TICKET_STATE = TICKET_STATE1; + if (ret < 0) { + gnutls_assert(); + return ret; + } + break; + default: + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } + + TICKET_STATE = TICKET_STATE0; + + return 0; +} diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index b4f909873d..be350ecb15 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1396,6 +1396,8 @@ int gnutls_session_ticket_enable_client(gnutls_session_t session); int gnutls_session_ticket_enable_server(gnutls_session_t session, const gnutls_datum_t * key); +int gnutls_session_ticket_send(gnutls_session_t session, unsigned flags); + /* SRTP, RFC 5764 */ /** diff --git a/lib/libgnutls.map b/lib/libgnutls.map index bcde6c177b..cfbd58c40e 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1219,6 +1219,7 @@ GNUTLS_3_6_3 gnutls_pcert_list_import_x509_file; gnutls_pkcs11_token_get_ptr; gnutls_pkcs11_obj_get_ptr; + gnutls_session_ticket_send; } GNUTLS_3_6_2; GNUTLS_FIPS140_3_4 { |