Respect SSL_OP_NO_TICKET in TLSv1.3

Implement support for stateful TLSv1.3 tickets, and use them if SSL_OP_NO_TICKET is set. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6563)
author: Matt Caswell <matt@openssl.org> 2018-06-13 15:57:39 +0100
committer: Matt Caswell <matt@openssl.org> 2018-06-26 18:09:46 +0100
commit: 6cc0b3c2171e26379e898574cb6d42b8d8dcc113 (patch)
tree: abc151eedbe6c46563085d8f690b7b008b3c1c8e /ssl/statem/extensions_srvr.c
parent: 6a11d5c5ededa1543c2eeb2f9edcbe39bc58bb70 (diff)
1 files changed, 33 insertions, 3 deletions
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 7c756c03a0..48be0444af 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1009,6 +1009,33 @@ int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
     return 1;
 }
 
+static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
+                                                 SSL_SESSION **sess)
+{
+    SSL_SESSION *tmpsess = NULL;
+
+    switch (PACKET_remaining(tick)) {
+        case 0:
+            return SSL_TICKET_EMPTY;
+
+        case SSL_MAX_SSL_SESSION_ID_LENGTH:
+            break;
+
+        default:
+            return SSL_TICKET_NO_DECRYPT;
+    }
+
+    tmpsess = lookup_sess_in_cache(s, PACKET_data(tick),
+                                   SSL_MAX_SSL_SESSION_ID_LENGTH);
+
+    if (tmpsess == NULL)
+        return SSL_TICKET_NO_DECRYPT;
+
+    s->ext.ticket_expected = 1;
+    *sess = tmpsess;
+    return SSL_TICKET_SUCCESS;
+}
+
 int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
                        size_t chainidx)
 {
@@ -1132,9 +1159,12 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
             uint32_t ticket_age = 0, now, agesec, agems;
             int ret;
 
-            ret = tls_decrypt_ticket(s, PACKET_data(&identity),
-                                     PACKET_remaining(&identity), NULL, 0,
-                                     &sess);
+            if ((s->options & SSL_OP_NO_TICKET) != 0)
+                ret = tls_get_stateful_ticket(s, &identity, &sess);
+            else
+                ret = tls_decrypt_ticket(s, PACKET_data(&identity),
+                                         PACKET_remaining(&identity), NULL, 0,
+                                         &sess);
 
             if (ret == SSL_TICKET_EMPTY) {
                 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
author	Matt Caswell <matt@openssl.org>	2018-06-13 15:57:39 +0100
committer	Matt Caswell <matt@openssl.org>	2018-06-26 18:09:46 +0100
commit	6cc0b3c2171e26379e898574cb6d42b8d8dcc113 (patch)
tree	abc151eedbe6c46563085d8f690b7b008b3c1c8e /ssl/statem/extensions_srvr.c
parent	6a11d5c5ededa1543c2eeb2f9edcbe39bc58bb70 (diff)