Rework the decrypt ticket callback

Don't call the decrypt ticket callback if we've already encountered a fatal error. Do call it if we have an empty ticket present. Change the return code to have 5 distinct returns codes and separate it from the input status value. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6198)
author: Matt Caswell <matt@openssl.org> 2018-05-09 18:22:36 +0100
committer: Matt Caswell <matt@openssl.org> 2018-05-11 14:51:09 +0100
commit: 61fb59238dad6452a37ec14513fae617a4faef29 (patch)
tree: 5737eeba510f7a64792d3ac007f794d62a2dcb8a /ssl/statem/extensions_srvr.c
parent: c20e3b282c26205f39a89a23664245475d4d7cbc (diff)
1 files changed, 13 insertions, 4 deletions
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index adf63d80bf..ec4e1b8139 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1030,6 +1030,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
         return 0;
     }
 
+    s->ext.ticket_expected = 0;
     for (id = 0; PACKET_remaining(&identities) != 0; id++) {
         PACKET identity;
         unsigned long ticket_agel;
@@ -1127,9 +1128,17 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
                 s->ext.early_data_ok = 1;
         } else {
             uint32_t ticket_age = 0, now, agesec, agems;
-            int ret = tls_decrypt_ticket(s, PACKET_data(&identity),
-                                         PACKET_remaining(&identity), NULL, 0,
-                                         &sess);
+            int ret;
+
+            ret = tls_decrypt_ticket(s, PACKET_data(&identity),
+                                     PACKET_remaining(&identity), NULL, 0,
+                                     &sess);
+
+            if (ret == SSL_TICKET_EMPTY) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                         SSL_R_BAD_EXTENSION);
+                return 0;
+            }
 
             if (ret == SSL_TICKET_FATAL_ERR_MALLOC
                     || ret == SSL_TICKET_FATAL_ERR_OTHER) {
@@ -1137,7 +1146,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
                          SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
                 return 0;
             }
-            if (ret == SSL_TICKET_NO_DECRYPT)
+            if (ret == SSL_TICKET_NONE || ret == SSL_TICKET_NO_DECRYPT)
                 continue;
 
             /* Check for replay */
author	Matt Caswell <matt@openssl.org>	2018-05-09 18:22:36 +0100
committer	Matt Caswell <matt@openssl.org>	2018-05-11 14:51:09 +0100
commit	61fb59238dad6452a37ec14513fae617a4faef29 (patch)
tree	5737eeba510f7a64792d3ac007f794d62a2dcb8a /ssl/statem/extensions_srvr.c
parent	c20e3b282c26205f39a89a23664245475d4d7cbc (diff)