Add setters to set the early_data callback (c9598459) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

include/openssl/ssl.h

+8 −2

Original line number	Diff line number	Diff line
		@@ -2389,13 +2389,19 @@ int SSL_SESSION_get0_ticket_appdata(SSL_SESSION ss, void data, size_t len);

		extern const char SSL_version_str[];



		typedef unsigned int (DTLS_timer_cb)(SSL s, unsigned int timer_us);

		void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb);


		typedef int (SSL_allow_early_data_cb_fn)(SSL s, void *arg);
		void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
		SSL_allow_early_data_cb_fn cb,
		void *arg);
		void SSL_set_allow_early_data_cb(SSL *s,
		SSL_allow_early_data_cb_fn cb,
		void *arg);

		# ifdef __cplusplus
		}
		# endif

+19 −0

Original line number	Diff line number	Diff line
		@@ -805,6 +805,9 @@ SSL SSL_new(SSL_CTX ctx)

		s->key_update = SSL_KEY_UPDATE_NONE;

		s->allow_early_data_cb = ctx->allow_early_data_cb;
		s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;

		if (!s->method->ssl_new(s))
		goto err;

		@@ -5483,3 +5486,19 @@ int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
		ctx->ticket_cb_data = arg;
		return 1;
		}

		void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
		SSL_allow_early_data_cb_fn cb,
		void *arg)
		{
		ctx->allow_early_data_cb = cb;
		ctx->allow_early_data_cb_data = arg;
		}

		void SSL_set_allow_early_data_cb(SSL *s,
		SSL_allow_early_data_cb_fn cb,
		void *arg)
		{
		s->allow_early_data_cb = cb;
		s->allow_early_data_cb_data = arg;
		}

+8 −2

Original line number	Diff line number	Diff line
		@@ -1047,6 +1047,10 @@ struct ssl_ctx_st {

		/* The number of TLS1.3 tickets to automatically send */
		size_t num_tickets;

		/* Callback to determine if early_data is acceptable or not */
		SSL_allow_early_data_cb_fn allow_early_data_cb;
		void *allow_early_data_cb_data;
		};

		struct ssl_st {
		@@ -1206,8 +1210,6 @@ struct ssl_st {
		SSL_psk_find_session_cb_func psk_find_session_cb;
		SSL_psk_use_session_cb_func psk_use_session_cb;

		int (allow_early_data_cb)(SSL s, SSL_SESSION *sess);

		SSL_CTX *ctx;
		/* Verified chain of peer */
		STACK_OF(X509) *verified_chain;
		@@ -1427,6 +1429,10 @@ struct ssl_st {
		size_t sent_tickets;
		/* The next nonce value to use when we send a ticket on this connection */
		uint64_t next_ticket_nonce;

		/* Callback to determine if early_data is acceptable or not */
		SSL_allow_early_data_cb_fn allow_early_data_cb;
		void *allow_early_data_cb_data;
		};

		/*

+4 −1

Original line number	Diff line number	Diff line
		@@ -1622,7 +1622,10 @@ static int final_early_data(SSL *s, unsigned int context, int sent)
		\|\| s->session->ext.tick_identity != 0
		\|\| s->early_data_state != SSL_EARLY_DATA_ACCEPTING
		\|\| !s->ext.early_data_ok
		\|\| s->hello_retry_request != SSL_HRR_NONE) {
		\|\| s->hello_retry_request != SSL_HRR_NONE
		\|\| (s->ctx->allow_early_data_cb != NULL
		&& !s->ctx->allow_early_data_cb(s,
		s->ctx->allow_early_data_cb_data))) {
		s->ext.early_data = SSL_EARLY_DATA_REJECTED;
		} else {
		s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;

+2 −0

Original line number	Diff line number	Diff line
		@@ -490,3 +490,5 @@ SSL_set_num_tickets 490 1_1_1 EXIST::FUNCTION:
		SSL_CTX_get_num_tickets 491 1_1_1 EXIST::FUNCTION:
		SSL_get_num_tickets 492 1_1_1 EXIST::FUNCTION:
		SSL_CTX_set_num_tickets 493 1_1_1 EXIST::FUNCTION:
		SSL_CTX_set_allow_early_data_cb 494 1_1_1 EXIST::FUNCTION:
		SSL_set_allow_early_data_cb 495 1_1_1 EXIST::FUNCTION: