Hide SSL_SESSION.
The last libssl struct is now opaque! (Promote the SSL_MAX_* constants
as folks use them pretty frequently.)
Update-Note: SSL_SESSION is now opaque. I believe everything handles
this now.
Bug: 6
Change-Id: I8cd29d16173e4370f3341c0e6f0a56e00ea188e9
Reviewed-on: https://boringssl-review.googlesource.com/28964
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 7f6295e..eb3713f 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1675,6 +1675,9 @@
OPENSSL_EXPORT int SSL_SESSION_set_protocol_version(SSL_SESSION *session,
uint16_t version);
+// SSL_MAX_SSL_SESSION_ID_LENGTH is the maximum length of an SSL session ID.
+#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
+
// SSL_SESSION_get_id returns a pointer to a buffer containing |session|'s
// session ID and sets |*out_len| to its length.
OPENSSL_EXPORT const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *session,
@@ -1726,6 +1729,9 @@
const uint8_t **out,
size_t *out_len);
+// SSL_MAX_MASTER_KEY_LENGTH is the maximum length of a master secret.
+#define SSL_MAX_MASTER_KEY_LENGTH 48
+
// SSL_SESSION_get_master_key writes up to |max_out| bytes of |session|'s master
// secret to |out| and returns the number of bytes written. If |max_out| is
// zero, it returns the size of the master secret.
@@ -1930,6 +1936,9 @@
// sessions created in |ctx|.
OPENSSL_EXPORT uint32_t SSL_CTX_get_timeout(const SSL_CTX *ctx);
+// SSL_MAX_SID_CTX_LENGTH is the maximum length of a session ID context.
+#define SSL_MAX_SID_CTX_LENGTH 32
+
// SSL_CTX_set_session_id_context sets |ctx|'s session ID context to |sid_ctx|.
// It returns one on success and zero on error. The session ID context is an
// application-defined opaque byte string. A session will not be used in a
@@ -4276,143 +4285,6 @@
OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
-// Private structures.
-//
-// This structures are exposed for historical reasons, but access to them is
-// deprecated.
-
-// TODO(davidben): Remove this forward declaration when |SSL_SESSION| is opaque.
-typedef struct ssl_x509_method_st SSL_X509_METHOD;
-
-#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
-#define SSL_MAX_SID_CTX_LENGTH 32
-#define SSL_MAX_MASTER_KEY_LENGTH 48
-
-struct ssl_session_st {
- CRYPTO_refcount_t references;
- uint16_t ssl_version; // what ssl version session info is being kept in here?
-
- // group_id is the ID of the ECDH group used to establish this session or zero
- // if not applicable or unknown.
- uint16_t group_id;
-
- // peer_signature_algorithm is the signature algorithm used to authenticate
- // the peer, or zero if not applicable or unknown.
- uint16_t peer_signature_algorithm;
-
- // master_key, in TLS 1.2 and below, is the master secret associated with the
- // session. In TLS 1.3 and up, it is the resumption secret.
- int master_key_length;
- uint8_t master_key[SSL_MAX_MASTER_KEY_LENGTH];
-
- // session_id - valid?
- unsigned int session_id_length;
- uint8_t session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
- // this is used to determine whether the session is being reused in
- // the appropriate context. It is up to the application to set this,
- // via SSL_new
- uint8_t sid_ctx_length;
- uint8_t sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
- char *psk_identity;
-
- // certs contains the certificate chain from the peer, starting with the leaf
- // certificate.
- STACK_OF(CRYPTO_BUFFER) *certs;
-
- const SSL_X509_METHOD *x509_method;
-
- // x509_peer is the peer's certificate.
- X509 *x509_peer;
-
- // x509_chain is the certificate chain sent by the peer. NOTE: for historical
- // reasons, when a client (so the peer is a server), the chain includes
- // |peer|, but when a server it does not.
- STACK_OF(X509) *x509_chain;
-
- // x509_chain_without_leaf is a lazily constructed copy of |x509_chain| that
- // omits the leaf certificate. This exists because OpenSSL, historically,
- // didn't include the leaf certificate in the chain for a server, but did for
- // a client. The |x509_chain| always includes it and, if an API call requires
- // a chain without, it is stored here.
- STACK_OF(X509) *x509_chain_without_leaf;
-
- // verify_result is the result of certificate verification in the case of
- // non-fatal certificate errors.
- long verify_result;
-
- // timeout is the lifetime of the session in seconds, measured from |time|.
- // This is renewable up to |auth_timeout|.
- uint32_t timeout;
-
- // auth_timeout is the non-renewable lifetime of the session in seconds,
- // measured from |time|.
- uint32_t auth_timeout;
-
- // time is the time the session was issued, measured in seconds from the UNIX
- // epoch.
- uint64_t time;
-
- const SSL_CIPHER *cipher;
-
- CRYPTO_EX_DATA ex_data; // application specific data
-
- // These are used to make removal of session-ids more efficient and to
- // implement a maximum cache size.
- SSL_SESSION *prev, *next;
-
- // RFC4507 info
- uint8_t *tlsext_tick; // Session ticket
- size_t tlsext_ticklen; // Session ticket length
-
- CRYPTO_BUFFER *signed_cert_timestamp_list;
-
- // The OCSP response that came with the session.
- CRYPTO_BUFFER *ocsp_response;
-
- // peer_sha256 contains the SHA-256 hash of the peer's certificate if
- // |peer_sha256_valid| is true.
- uint8_t peer_sha256[SHA256_DIGEST_LENGTH];
-
- // original_handshake_hash contains the handshake hash (either SHA-1+MD5 or
- // SHA-2, depending on TLS version) for the original, full handshake that
- // created a session. This is used by Channel IDs during resumption.
- uint8_t original_handshake_hash[EVP_MAX_MD_SIZE];
- uint8_t original_handshake_hash_len;
-
- uint32_t tlsext_tick_lifetime_hint; // Session lifetime hint in seconds
-
- uint32_t ticket_age_add;
-
- // ticket_max_early_data is the maximum amount of data allowed to be sent as
- // early data. If zero, 0-RTT is disallowed.
- uint32_t ticket_max_early_data;
-
- // early_alpn is the ALPN protocol from the initial handshake. This is only
- // stored for TLS 1.3 and above in order to enforce ALPN matching for 0-RTT
- // resumptions.
- uint8_t *early_alpn;
- size_t early_alpn_len;
-
- // extended_master_secret is true if the master secret in this session was
- // generated using EMS and thus isn't vulnerable to the Triple Handshake
- // attack.
- unsigned extended_master_secret:1;
-
- // peer_sha256_valid is non-zero if |peer_sha256| is valid.
- unsigned peer_sha256_valid:1; // Non-zero if peer_sha256 is valid
-
- // not_resumable is used to indicate that session resumption is disallowed.
- unsigned not_resumable:1;
-
- // ticket_age_add_valid is non-zero if |ticket_age_add| is valid.
- unsigned ticket_age_add_valid:1;
-
- // is_server is true if this session was created by a server.
- unsigned is_server:1;
-};
-
-
// Nodejs compatibility section (hidden).
//
// These defines exist for node.js, with the hope that we can eliminate the
diff --git a/ssl/internal.h b/ssl/internal.h
index 9ca75b3..412c1fe 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -173,6 +173,10 @@
#endif
+// TODO(davidben): This is unnamespaced because |SSL_SESSION| was historically
+// public. After 2018-06-13, move it into the namespace.
+typedef struct ssl_x509_method_st SSL_X509_METHOD;
+
namespace bssl {
struct SSL_CONFIG;
@@ -3202,5 +3206,131 @@
struct ssl_ctx_st : public bssl::SSLContext {};
struct ssl_st : public bssl::SSLConnection {};
+// TODO(davidben): This type was recently made opaque. After 2018-06-13, move it
+// into a namespace and make it C++.
+struct ssl_session_st {
+ CRYPTO_refcount_t references;
+ uint16_t ssl_version; // what ssl version session info is being kept in here?
+
+ // group_id is the ID of the ECDH group used to establish this session or zero
+ // if not applicable or unknown.
+ uint16_t group_id;
+
+ // peer_signature_algorithm is the signature algorithm used to authenticate
+ // the peer, or zero if not applicable or unknown.
+ uint16_t peer_signature_algorithm;
+
+ // master_key, in TLS 1.2 and below, is the master secret associated with the
+ // session. In TLS 1.3 and up, it is the resumption secret.
+ int master_key_length;
+ uint8_t master_key[SSL_MAX_MASTER_KEY_LENGTH];
+
+ // session_id - valid?
+ unsigned int session_id_length;
+ uint8_t session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+ // this is used to determine whether the session is being reused in
+ // the appropriate context. It is up to the application to set this,
+ // via SSL_new
+ uint8_t sid_ctx_length;
+ uint8_t sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+
+ char *psk_identity;
+
+ // certs contains the certificate chain from the peer, starting with the leaf
+ // certificate.
+ STACK_OF(CRYPTO_BUFFER) *certs;
+
+ const SSL_X509_METHOD *x509_method;
+
+ // x509_peer is the peer's certificate.
+ X509 *x509_peer;
+
+ // x509_chain is the certificate chain sent by the peer. NOTE: for historical
+ // reasons, when a client (so the peer is a server), the chain includes
+ // |peer|, but when a server it does not.
+ STACK_OF(X509) *x509_chain;
+
+ // x509_chain_without_leaf is a lazily constructed copy of |x509_chain| that
+ // omits the leaf certificate. This exists because OpenSSL, historically,
+ // didn't include the leaf certificate in the chain for a server, but did for
+ // a client. The |x509_chain| always includes it and, if an API call requires
+ // a chain without, it is stored here.
+ STACK_OF(X509) *x509_chain_without_leaf;
+
+ // verify_result is the result of certificate verification in the case of
+ // non-fatal certificate errors.
+ long verify_result;
+
+ // timeout is the lifetime of the session in seconds, measured from |time|.
+ // This is renewable up to |auth_timeout|.
+ uint32_t timeout;
+
+ // auth_timeout is the non-renewable lifetime of the session in seconds,
+ // measured from |time|.
+ uint32_t auth_timeout;
+
+ // time is the time the session was issued, measured in seconds from the UNIX
+ // epoch.
+ uint64_t time;
+
+ const SSL_CIPHER *cipher;
+
+ CRYPTO_EX_DATA ex_data; // application specific data
+
+ // These are used to make removal of session-ids more efficient and to
+ // implement a maximum cache size.
+ SSL_SESSION *prev, *next;
+
+ // RFC4507 info
+ uint8_t *tlsext_tick; // Session ticket
+ size_t tlsext_ticklen; // Session ticket length
+
+ CRYPTO_BUFFER *signed_cert_timestamp_list;
+
+ // The OCSP response that came with the session.
+ CRYPTO_BUFFER *ocsp_response;
+
+ // peer_sha256 contains the SHA-256 hash of the peer's certificate if
+ // |peer_sha256_valid| is true.
+ uint8_t peer_sha256[SHA256_DIGEST_LENGTH];
+
+ // original_handshake_hash contains the handshake hash (either SHA-1+MD5 or
+ // SHA-2, depending on TLS version) for the original, full handshake that
+ // created a session. This is used by Channel IDs during resumption.
+ uint8_t original_handshake_hash[EVP_MAX_MD_SIZE];
+ uint8_t original_handshake_hash_len;
+
+ uint32_t tlsext_tick_lifetime_hint; // Session lifetime hint in seconds
+
+ uint32_t ticket_age_add;
+
+ // ticket_max_early_data is the maximum amount of data allowed to be sent as
+ // early data. If zero, 0-RTT is disallowed.
+ uint32_t ticket_max_early_data;
+
+ // early_alpn is the ALPN protocol from the initial handshake. This is only
+ // stored for TLS 1.3 and above in order to enforce ALPN matching for 0-RTT
+ // resumptions.
+ uint8_t *early_alpn;
+ size_t early_alpn_len;
+
+ // extended_master_secret is true if the master secret in this session was
+ // generated using EMS and thus isn't vulnerable to the Triple Handshake
+ // attack.
+ unsigned extended_master_secret:1;
+
+ // peer_sha256_valid is non-zero if |peer_sha256| is valid.
+ unsigned peer_sha256_valid:1; // Non-zero if peer_sha256 is valid
+
+ // not_resumable is used to indicate that session resumption is disallowed.
+ unsigned not_resumable:1;
+
+ // ticket_age_add_valid is non-zero if |ticket_age_add| is valid.
+ unsigned ticket_age_add_valid:1;
+
+ // is_server is true if this session was created by a server.
+ unsigned is_server:1;
+};
+
#endif // OPENSSL_HEADER_SSL_INTERNAL_H
