}
/*
- * Although the server_name extension was intended to be
- * extensible to new name types, RFC 4366 defined the
- * syntax inextensibly and OpenSSL 1.0.x parses it as
- * such.
+ * Although the intent was for server_name to be extensible, RFC 4366
+ * was not clear about it; and so OpenSSL among other implementations,
+ * always and only allows a 'host_name' name types.
* RFC 6066 corrected the mistake but adding new name types
* is nevertheless no longer feasible, so act as if no other
* SNI types can exist, to simplify parsing.
while (PACKET_get_1(&psk_kex_modes, &mode)) {
if (mode == TLSEXT_KEX_MODE_KE_DHE)
s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE_DHE;
- else if (mode == TLSEXT_KEX_MODE_KE)
+ else if (mode == TLSEXT_KEX_MODE_KE
+ && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0)
s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE;
}
#endif
return 0;
}
- OPENSSL_free(s->session->ext.supportedgroups);
- s->session->ext.supportedgroups = NULL;
- s->session->ext.supportedgroups_len = 0;
- if (!PACKET_memdup(&supported_groups_list,
- &s->session->ext.supportedgroups,
- &s->session->ext.supportedgroups_len)) {
- *al = SSL_AD_INTERNAL_ERROR;
- return 0;
+ if (!s->hit || SSL_IS_TLS13(s)) {
+ OPENSSL_free(s->session->ext.supportedgroups);
+ s->session->ext.supportedgroups = NULL;
+ s->session->ext.supportedgroups_len = 0;
+ if (!PACKET_memdup(&supported_groups_list,
+ &s->session->ext.supportedgroups,
+ &s->session->ext.supportedgroups_len)) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
}
return 1;
return 0;
}
+ if (s->hello_retry_request) {
+ *al = SSL_AD_ILLEGAL_PARAMETER;
+ return 0;
+ }
+
return 1;
}
}
if (s->psk_find_session_cb != NULL
- && s->psk_find_session_cb(s, PACKET_data(&identity),
- PACKET_remaining(&identity), &sess)) {
+ && !s->psk_find_session_cb(s, PACKET_data(&identity),
+ PACKET_remaining(&identity),
+ &sess)) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
+
+ if (sess != NULL) {
+ /* We found a PSK */
SSL_SESSION *sesstmp = ssl_session_dup(sess, 0);
if (sesstmp == NULL) {
memcpy(sess->sid_ctx, s->sid_ctx, s->sid_ctx_length);
sess->sid_ctx_length = s->sid_ctx_length;
ext = 1;
+ s->ext.early_data_ok = 1;
} else {
uint32_t ticket_age = 0, now, agesec, agems;
int ret = tls_decrypt_ticket(s, PACKET_data(&identity),