Enable the ability to use an external PSK for sending early_data

[openssl.git] / ssl / statem / extensions_srvr.c

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 4e65320df2c772929b0869b6b5673bc57725d7ee..2363c426e047b07b7d643e7a5d695432e319cd16 100644 (file)
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -87,10 +87,9 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
     }
 
     /*
-     * Although the server_name extension was intended to be
-     * extensible to new name types, RFC 4366 defined the
-     * syntax inextensibly and OpenSSL 1.0.x parses it as
-     * such.
+     * Although the intent was for server_name to be extensible, RFC 4366
+     * was not clear about it; and so OpenSSL among other implementations,
+     * always and only allows a 'host_name' name types.
      * RFC 6066 corrected the mistake but adding new name types
      * is nevertheless no longer feasible, so act as if no other
      * SNI types can exist, to simplify parsing.
@@ -477,7 +476,8 @@ int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context,
     while (PACKET_get_1(&psk_kex_modes, &mode)) {
         if (mode == TLSEXT_KEX_MODE_KE_DHE)
             s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE_DHE;
-        else if (mode == TLSEXT_KEX_MODE_KE)
+        else if (mode == TLSEXT_KEX_MODE_KE
+                && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0)
             s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE;
     }
 #endif
@@ -640,14 +640,16 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
         return 0;
     }
 
-    OPENSSL_free(s->session->ext.supportedgroups);
-    s->session->ext.supportedgroups = NULL;
-    s->session->ext.supportedgroups_len = 0;
-    if (!PACKET_memdup(&supported_groups_list,
-                       &s->session->ext.supportedgroups,
-                       &s->session->ext.supportedgroups_len)) {
-        *al = SSL_AD_INTERNAL_ERROR;
-        return 0;
+    if (!s->hit || SSL_IS_TLS13(s)) {
+        OPENSSL_free(s->session->ext.supportedgroups);
+        s->session->ext.supportedgroups = NULL;
+        s->session->ext.supportedgroups_len = 0;
+        if (!PACKET_memdup(&supported_groups_list,
+                           &s->session->ext.supportedgroups,
+                           &s->session->ext.supportedgroups_len)) {
+            *al = SSL_AD_INTERNAL_ERROR;
+            return 0;
+        }
     }
 
     return 1;
@@ -677,6 +679,11 @@ int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
         return 0;
     }
 
+    if (s->hello_retry_request) {
+        *al = SSL_AD_ILLEGAL_PARAMETER;
+        return 0;
+    }
+
     return 1;
 }
 
@@ -713,8 +720,15 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
         }
 
         if (s->psk_find_session_cb != NULL
-                && s->psk_find_session_cb(s, PACKET_data(&identity),
-                                          PACKET_remaining(&identity), &sess)) {
+                && !s->psk_find_session_cb(s, PACKET_data(&identity),
+                                           PACKET_remaining(&identity),
+                                           &sess)) {
+            *al = SSL_AD_INTERNAL_ERROR;
+            return 0;
+        }
+
+        if (sess != NULL) {
+            /* We found a PSK */
             SSL_SESSION *sesstmp = ssl_session_dup(sess, 0);
 
             if (sesstmp == NULL) {
@@ -731,6 +745,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
             memcpy(sess->sid_ctx, s->sid_ctx, s->sid_ctx_length);
             sess->sid_ctx_length = s->sid_ctx_length;
             ext = 1;
+            s->ext.early_data_ok = 1;
         } else {
             uint32_t ticket_age = 0, now, agesec, agems;
             int ret = tls_decrypt_ticket(s, PACKET_data(&identity),