diff options
Diffstat (limited to 'ssl/t1_lib.c')
| -rw-r--r-- | ssl/t1_lib.c | 49 |
1 files changed, 14 insertions, 35 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 463f34e687..aeae5b0cba 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2901,11 +2901,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt) * ClientHello, and other operations depend on the result, we need to handle * any TLS session ticket extension at the same time. * - * session_id: points at the session ID in the ClientHello. This code will - * read past the end of this in order to parse out the session ticket - * extension, if any. - * len: the length of the session ID. - * limit: a pointer to the first byte after the ClientHello. + * session_id: ClientHello session ID. + * ext: ClientHello extensions (including length prefix) * ret: (output) on return, if a ticket was decrypted, then this is set to * point to the resulting session. * @@ -2930,11 +2927,11 @@ int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt) * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket. * Otherwise, s->tlsext_ticket_expected is set to 0. */ -int tls1_process_ticket(SSL *s, PACKET *pkt, unsigned char *session_id, - int len, SSL_SESSION **ret) +int tls1_process_ticket(SSL *s, const PACKET *ext, const PACKET *session_id, + SSL_SESSION **ret) { unsigned int i; - PACKET bookmark = *pkt; + PACKET local_ext = *ext; int retv = -1; *ret = NULL; @@ -2949,38 +2946,20 @@ int tls1_process_ticket(SSL *s, PACKET *pkt, unsigned char *session_id, if ((s->version <= SSL3_VERSION)) return 0; - /* Skip past DTLS cookie */ - if (SSL_IS_DTLS(s)) { - if (!PACKET_get_1(pkt, &i) - || !PACKET_forward(pkt, i)) { - retv = -1; - goto end; - } - } - /* Skip past cipher list and compression algorithm list */ - if (!PACKET_get_net_2(pkt, &i) - || !PACKET_forward(pkt, i) - || !PACKET_get_1(pkt, &i) - || !PACKET_forward(pkt, i)) { - retv = -1; - goto end; - } - - /* Now at start of extensions */ - if (!PACKET_get_net_2(pkt, &i)) { + if (!PACKET_get_net_2(&local_ext, &i)) { retv = 0; goto end; } - while (PACKET_remaining (pkt) >= 4) { + while (PACKET_remaining(&local_ext) >= 4) { unsigned int type, size; - if (!PACKET_get_net_2(pkt, &type) - || !PACKET_get_net_2(pkt, &size)) { + if (!PACKET_get_net_2(&local_ext, &type) + || !PACKET_get_net_2(&local_ext, &size)) { /* Shouldn't ever happen */ retv = -1; goto end; } - if (PACKET_remaining(pkt) < size) { + if (PACKET_remaining(&local_ext) < size) { retv = 0; goto end; } @@ -3007,12 +2986,13 @@ int tls1_process_ticket(SSL *s, PACKET *pkt, unsigned char *session_id, retv = 2; goto end; } - if (!PACKET_get_bytes(pkt, &etick, size)) { + if (!PACKET_get_bytes(&local_ext, &etick, size)) { /* Shouldn't ever happen */ retv = -1; goto end; } - r = tls_decrypt_ticket(s, etick, size, session_id, len, ret); + r = tls_decrypt_ticket(s, etick, size, PACKET_data(session_id), + PACKET_remaining(session_id), ret); switch (r) { case 2: /* ticket couldn't be decrypted */ s->tlsext_ticket_expected = 1; @@ -3031,7 +3011,7 @@ int tls1_process_ticket(SSL *s, PACKET *pkt, unsigned char *session_id, } goto end; } else { - if (!PACKET_forward(pkt, size)) { + if (!PACKET_forward(&local_ext, size)) { retv = -1; goto end; } @@ -3039,7 +3019,6 @@ int tls1_process_ticket(SSL *s, PACKET *pkt, unsigned char *session_id, } retv = 0; end: - *pkt = bookmark; return retv; } |