diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 3eaee1d291..b27e058bc7 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -115,6 +115,7 @@ typedef struct ssl_session_asn1_st { #ifndef OPENSSL_NO_SRP ASN1_OCTET_STRING srp_username; #endif /* OPENSSL_NO_SRP */ + ASN1_INTEGER flags; } SSL_SESSION_ASN1; int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) @@ -134,6 +135,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) #ifndef OPENSSL_NO_SRP int v12 = 0; #endif + unsigned char fbuf[LSIZE2]; + int v13 = 0; long l; SSL_SESSION_ASN1 a; M_ASN1_I2D_vars(in); @@ -256,6 +259,13 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) } #endif /* OPENSSL_NO_SRP */ + if (in->flags) { + a.flags.length = LSIZE2; + a.flags.type = V_ASN1_INTEGER; + a.flags.data = fbuf; + ASN1_INTEGER_set(&a.flags, in->flags); + } + M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); @@ -304,6 +314,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); #endif /* OPENSSL_NO_SRP */ + if (in->flags) + M_ASN1_I2D_len_EXP_opt(&(a.flags), i2d_ASN1_INTEGER, 13, v13); M_ASN1_I2D_seq_total(); @@ -356,6 +368,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); #endif /* OPENSSL_NO_SRP */ + if (in->flags) + M_ASN1_I2D_put_EXP_opt(&a.flags, i2d_ASN1_INTEGER, 13, v13); M_ASN1_I2D_finish(); } @@ -593,6 +607,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, } else ret->srp_username = NULL; #endif /* OPENSSL_NO_SRP */ + ai.length = 0; + M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 13); + if (ai.data != NULL) { + ret->flags = ASN1_INTEGER_get(aip); + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } else + ret->flags = 0; M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION); } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 56d6108ea3..513940fc3e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -597,6 +597,7 @@ struct ssl_method_st { * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username + * flags [ 13 ] EXPLICIT INTEGER -- optional flags * } * Look in ssl/ssl_asn1.c for more details * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). @@ -674,8 +675,12 @@ struct ssl_session_st { # ifndef OPENSSL_NO_SRP char *srp_username; # endif + long flags; }; +/* Extended master secret support */ +# define SSL_SESS_FLAG_EXTMS 0x1 + # ifndef OPENSSL_NO_SRP