const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
int dores = 0;
- s->session->ext.tick_identity = TLSEXT_PSK_BAD_IDENTITY;
+ s->ext.tick_identity = 0;
/*
* Note: At this stage of the code we only support adding a single
agems += s->session->ext.tick_age_add;
reshashsize = EVP_MD_size(mdres);
+ s->ext.tick_identity++;
dores = 1;
}
ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
}
+ s->ext.tick_identity++;
}
if (!WPACKET_close(pkt)
return EXT_RETURN_FAIL;
}
- if (dores)
- s->session->ext.tick_identity = 0;
- if (s->psksession != NULL)
- s->psksession->ext.tick_identity = (dores ? 1 : 0);
-
return EXT_RETURN_SENT;
#else
return EXT_RETURN_NOT_SENT;
}
if (!s->ext.early_data_ok
- || !s->hit
- || s->session->ext.tick_identity != 0) {
+ || !s->hit) {
/*
* If we get here then we didn't send early data, or we didn't resume
* using the first identity, or the SNI/ALPN is not consistent so the
return 0;
}
- if (s->session->ext.tick_identity == (int)identity) {
+ if (identity >= (unsigned int)s->ext.tick_identity) {
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_PSK,
+ SSL_R_BAD_PSK_IDENTITY);
+ return 0;
+ }
+
+ /*
+ * Session resumption tickets are always sent before PSK tickets. If the
+ * ticket index is 0 then it must be for a session resumption ticket if we
+ * sent two tickets, or if we didn't send a PSK ticket.
+ */
+ if (identity == 0 && (s->psksession == NULL || s->ext.tick_identity == 2)) {
s->hit = 1;
SSL_SESSION_free(s->psksession);
s->psksession = NULL;
return 1;
}
- if (s->psksession == NULL
- || s->psksession->ext.tick_identity != (int)identity) {
- SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_PSK,
- SSL_R_BAD_PSK_IDENTITY);
+ if (s->psksession == NULL) {
+ /* Should never happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_PSK,
+ ERR_R_INTERNAL_ERROR);
return 0;
}
s->session = s->psksession;
s->psksession = NULL;
s->hit = 1;
+ /* Early data is only allowed if we used the first ticket */
+ if (identity != 0)
+ s->ext.early_data_ok = 0;
#endif
return 1;