}
#endif
+int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
+ X509 *x, size_t chainidx, int *al)
+{
+ if (PACKET_remaining(pkt) != 0) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ if (s->max_early_data == 0 || !s->hit || s->session->ext.tick_identity != 0
+ || s->early_data_state != SSL_EARLY_DATA_ACCEPTING) {
+ s->ext.early_data = SSL_EARLY_DATA_REJECTED;
+ } else {
+ s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
+
+ if (!tls13_change_cipher_state(s,
+ SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
#ifndef OPENSSL_NO_EC
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
size_t chainidx, int *al)
{
if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC))
- s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
+ s->ext.use_etm = 1;
return 1;
}
return 1;
}
+int tls_construct_stoc_early_data_info(SSL *s, WPACKET *pkt,
+ unsigned int context, X509 *x,
+ size_t chainidx, int *al)
+{
+ if (s->max_early_data == 0)
+ return 1;
+
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data_info)
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_put_bytes_u32(pkt, s->max_early_data)
+ || !WPACKET_close(pkt)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context,
+ X509 *x, size_t chainidx, int *al)
+{
+ if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
+ return 1;
+
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_close(pkt)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
#ifndef OPENSSL_NO_EC
int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
int tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,
size_t chainidx, int *al)
{
- if ((s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) == 0)
+ if (!s->ext.use_etm)
return 1;
/*
|| s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4
|| s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT
|| s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) {
- s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
+ s->ext.use_etm = 0;
return 1;
}