void ssl_set_default_md(SSL *s);
__owur int tls1_set_server_sigalgs(SSL *s);
-__owur int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
- SSL_SESSION **ret);
-
-/* Return codes for tls_decrypt_ticket */
-#define TICKET_FATAL_ERR_MALLOC -2
-#define TICKET_FATAL_ERR_OTHER -1
-#define TICKET_NO_DECRYPT 2
-#define TICKET_SUCCESS 3
-#define TICKET_SUCCESS_RENEW 4
-__owur int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
- size_t eticklen, const unsigned char *sess_id,
- size_t sesslen, SSL_SESSION **psess);
+
+/* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */
+typedef enum ticket_en {
+ TICKET_FATAL_ERR_MALLOC,
+ TICKET_FATAL_ERR_OTHER,
+ TICKET_NONE,
+ TICKET_EMPTY,
+ TICKET_NO_DECRYPT,
+ TICKET_SUCCESS,
+ TICKET_SUCCESS_RENEW
+} TICKET_RETURN;
+
+__owur TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
+ SSL_SESSION **ret);
+__owur TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+ size_t eticklen,
+ const unsigned char *sess_id,
+ size_t sesslen, SSL_SESSION **psess);
__owur int tls_use_ticket(SSL *s);
SSL_SESSION *ret = NULL;
int fatal = 0;
int try_session_cache = 0;
- int r;
+ TICKET_RETURN r;
if (SSL_IS_TLS13(s)) {
int al;
/* sets s->ext.ticket_expected */
r = tls_get_ticket_from_client(s, hello, &ret);
switch (r) {
- case -1: /* Error during processing */
+ case TICKET_FATAL_ERR_MALLOC:
+ case TICKET_FATAL_ERR_OTHER: /* Error during processing */
fatal = 1;
goto err;
- case 0: /* No ticket found */
- case 1: /* Zero length ticket found */
+ case TICKET_NONE: /* No ticket found */
+ case TICKET_EMPTY: /* Zero length ticket found */
try_session_cache = 1;
- break; /* Ok to carry on processing session id. */
- case 2: /* Ticket found but not decrypted. */
- case 3: /* Ticket decrypted, *ret has been set. */
+ break; /* Ok to carry on processing session id. */
+ case TICKET_NO_DECRYPT: /* Ticket found but not decrypted. */
+ case TICKET_SUCCESS: /* Ticket decrypted, *ret has been set. */
+ case TICKET_SUCCESS_RENEW:
break;
- default:
- abort();
}
}
* s->ctx->ext.ticket_key_cb asked to renew the client's ticket.
* Otherwise, s->ext.ticket_expected is set to 0.
*/
-int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
- SSL_SESSION **ret)
+TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
+ SSL_SESSION **ret)
{
int retv;
size_t size;
* resumption.
*/
if (s->version <= SSL3_VERSION || !tls_use_ticket(s))
- return 0;
+ return TICKET_NONE;
ticketext = &hello->pre_proc_exts[TLSEXT_IDX_session_ticket];
if (!ticketext->present)
- return 0;
+ return TICKET_NONE;
size = PACKET_remaining(&ticketext->data);
if (size == 0) {
* one.
*/
s->ext.ticket_expected = 1;
- return 1;
+ return TICKET_EMPTY;
}
if (s->ext.session_secret_cb) {
/*
* abbreviated handshake based on external mechanism to
* calculate the master secret later.
*/
- return 2;
+ return TICKET_NO_DECRYPT;
}
retv = tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size,
switch (retv) {
case TICKET_NO_DECRYPT: /* ticket couldn't be decrypted */
s->ext.ticket_expected = 1;
- return 2;
+ return TICKET_NO_DECRYPT;
case TICKET_SUCCESS: /* ticket was decrypted */
- return 3;
+ return TICKET_SUCCESS;
case TICKET_SUCCESS_RENEW: /* ticket decrypted but need to renew */
s->ext.ticket_expected = 1;
- return 3;
+ return TICKET_SUCCESS;
default: /* fatal error */
- return -1;
+ return TICKET_FATAL_ERR_OTHER;
}
}
* set.
* TICKET_SUCCESS_RENEW: same as 3, but the ticket needs to be renewed
*/
-#define TICKET_FATAL_ERR_MALLOC -2
-#define TICKET_FATAL_ERR_OTHER -1
-#define TICKET_NO_DECRYPT 2
-#define TICKET_SUCCESS 3
-#define TICKET_SUCCESS_RENEW 4
-int tls_decrypt_ticket(SSL *s, const unsigned char *etick, size_t eticklen,
- const unsigned char *sess_id, size_t sesslen,
- SSL_SESSION **psess)
+TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+ size_t eticklen, const unsigned char *sess_id,
+ size_t sesslen, SSL_SESSION **psess)
{
SSL_SESSION *sess;
unsigned char *sdec;
const unsigned char *p;
- int slen, renew_ticket = 0, ret = TICKET_FATAL_ERR_OTHER, declen;
+ int slen, renew_ticket = 0, declen;
+ TICKET_RETURN ret = TICKET_FATAL_ERR_OTHER;
size_t mlen;
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
HMAC_CTX *hctx = NULL;
projects / openssl.git / commitdiff