Only accept early_data if the negotiated ALPN is the same

[openssl.git] / ssl / ssl_locl.h

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 2151d631e81973ce598a8f7939cf7466e3fc62c7..d8d16eb944e4bb4f2343f274c780538d4b1767ca 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -580,6 +580,9 @@ struct ssl_session_st {
         int tick_identity;
         /* Max number of bytes that can be sent as early data */
         uint32_t max_early_data;
+        /* The ALPN protocol selected for this session */
+        unsigned char *alpn_selected;
+        size_t alpn_selected_len;
     } ext;
 # ifndef OPENSSL_NO_SRP
     char *srp_username;
@@ -638,6 +641,14 @@ typedef enum {
  */
 # define EARLY_DATA_CIPHERTEXT_OVERHEAD ((6 * (EVP_GCM_TLS_TAG_LEN + 1)) + 2)
 
+/*
+ * The allowance we have between the client's calculated ticket age and our own.
+ * We allow for 10 seconds (units are in ms). If a ticket is presented and the
+ * client's age calculation is different by more than this than our own then we
+ * do not allow that ticket for early_data.
+ */
+# define TICKET_AGE_ALLOWANCE   (10 * 1000)
+
 #define MAX_COMPRESSIONS_SIZE   255
 
 struct ssl_comp_st {
@@ -1197,6 +1208,8 @@ struct ssl_st {
 
         /* Are we expecting to receive early data? */
         int early_data;
+        /* Is the session suitable for early data? */
+        int early_data_ok;
     } ext;
 
     /* Parsed form of the ClientHello, kept around across early_cb calls. */
@@ -1773,7 +1786,6 @@ typedef enum tlsext_index_en {
     TLSEXT_IDX_server_name,
     TLSEXT_IDX_srp,
     TLSEXT_IDX_early_data_info,
-    TLSEXT_IDX_early_data,
     TLSEXT_IDX_ec_point_formats,
     TLSEXT_IDX_supported_groups,
     TLSEXT_IDX_session_ticket,
@@ -1789,6 +1801,7 @@ typedef enum tlsext_index_en {
     TLSEXT_IDX_psk_kex_modes,
     TLSEXT_IDX_key_share,
     TLSEXT_IDX_cryptopro_bug,
+    TLSEXT_IDX_early_data,
     TLSEXT_IDX_padding,
     TLSEXT_IDX_psk
 } TLSEXT_INDEX;