From: Emilia Kasper <emilia@openssl.org>
Date: Wed, 19 Nov 2014 15:40:27 +0000 (+0100)
Subject: Always require an advertised NewSessionTicket message.
X-Git-Tag: master-post-reformat~283
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=de2c7504ebd4ec15334ae151a31917753468f86f;hp=980bc1ec6114f5511b20c2e6ca741e61a39b99d6

Always require an advertised NewSessionTicket message.

The server must send a NewSessionTicket message if it advertised one
in the ServerHello, so make a missing ticket message an alert
in the client.

An equivalent change was independently made in BoringSSL, see commit
6444287806d801b9a45baf1f6f02a0e3a16e144c.

Reviewed-by: Matt Caswell <matt@openssl.org>
---

diff --git a/CHANGES b/CHANGES
index d90febcd51..0d9bd505c3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -310,6 +310,10 @@
       the extension anew in the ServerHello. Previously, a TLS client would
       reuse the old extension state and thus accept a session ticket if one was
       announced in the initial ServerHello.
+
+      Similarly, ensure that the client requires a session ticket if one
+      was advertised in the ServerHello. Previously, a TLS client would
+      ignore a missing NewSessionTicket message.
       [Emilia Käsper]
 
   *) Accelerated NIST P-256 elliptic curve implementation for x86_64
@@ -639,6 +643,10 @@
       the extension anew in the ServerHello. Previously, a TLS client would
       reuse the old extension state and thus accept a session ticket if one was
       announced in the initial ServerHello.
+
+      Similarly, ensure that the client requires a session ticket if one
+      was advertised in the ServerHello. Previously, a TLS client would
+      ignore a missing NewSessionTicket message.
       [Emilia Käsper]
 
  Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d5e79dfbe9..64439c164a 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2288,24 +2288,13 @@ int ssl3_get_new_session_ticket(SSL *s)
 	n=s->method->ssl_get_message(s,
 		SSL3_ST_CR_SESSION_TICKET_A,
 		SSL3_ST_CR_SESSION_TICKET_B,
-		-1,
+		SSL3_MT_NEWSESSION_TICKET,
 		16384,
 		&ok);
 
 	if (!ok)
 		return((int)n);
 
-	if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
-		{
-		s->s3->tmp.reuse_message=1;
-		return(1);
-		}
-	if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
-		{
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
-		goto f_err;
-		}
 	if (n < 6)
 		{
 		/* need at least ticket_lifetime_hint + ticket length */