}
#endif
-int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
- X509 *x, size_t chainidx, int *al)
-{
- if (PACKET_remaining(pkt) != 0) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
-
- if (s->max_early_data == 0 || !s->hit || s->session->ext.tick_identity != 0
- || s->early_data_state != SSL_EARLY_DATA_ACCEPTING
- || !s->ext.early_data_ok) {
- s->ext.early_data = SSL_EARLY_DATA_REJECTED;
- } else {
- s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
-
- if (!tls13_change_cipher_state(s,
- SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) {
- *al = SSL_AD_INTERNAL_ERROR;
- return 0;
- }
- }
-
- return 1;
-}
-
#ifndef OPENSSL_NO_EC
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
return 1;
}
+
+int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
+ X509 *x, size_t chainidx, int *al)
+{
+ if (PACKET_remaining(pkt) != 0) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ return 1;
+}
+
int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx, int *al)
{
SSL_SESSION *sess = NULL;
unsigned int id, i;
const EVP_MD *md = NULL;
- uint32_t ticket_age, now, agesec, agems;
+ uint32_t ticket_age = 0, now, agesec, agems;
/*
* If we have no PSK kex mode that we recognise then we can't resume so
s->session = sess;
return 1;
err:
+ SSL_SESSION_free(sess);
return 0;
}
return 1;
}
-int tls_construct_stoc_early_data_info(SSL *s, WPACKET *pkt,
- unsigned int context, X509 *x,
- size_t chainidx, int *al)
-{
- if (s->max_early_data == 0)
- return 1;
-
- if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data_info)
- || !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_put_bytes_u32(pkt, s->max_early_data)
- || !WPACKET_close(pkt)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context,
- X509 *x, size_t chainidx, int *al)
-{
- if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
- return 1;
-
- if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
- || !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_close(pkt)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- return 1;
-}
-
#ifndef OPENSSL_NO_EC
int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
return 1;
}
+int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context,
+ X509 *x, size_t chainidx, int *al)
+{
+ if (context == EXT_TLS1_3_NEW_SESSION_TICKET) {
+ if (s->max_early_data == 0)
+ return 1;
+
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_put_bytes_u32(pkt, s->max_early_data)
+ || !WPACKET_close(pkt)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ return 1;
+ }
+
+ if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
+ return 1;
+
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_close(pkt)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
int tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,
size_t chainidx, int *al)
{