|
@@ -1205,8 +1205,8 @@ int tls1_set_server_sigalgs(SSL *s)
|
|
|
* s->ctx->ext.ticket_key_cb asked to renew the client's ticket.
|
|
|
* Otherwise, s->ext.ticket_expected is set to 0.
|
|
|
*/
|
|
|
-TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
|
|
|
- SSL_SESSION **ret)
|
|
|
+SSL_TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
|
|
|
+ SSL_SESSION **ret)
|
|
|
{
|
|
|
int retv;
|
|
|
size_t size;
|
|
@@ -1221,11 +1221,11 @@ TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
|
|
|
* resumption.
|
|
|
*/
|
|
|
if (s->version <= SSL3_VERSION || !tls_use_ticket(s))
|
|
|
- return TICKET_NONE;
|
|
|
+ return SSL_TICKET_NONE;
|
|
|
|
|
|
ticketext = &hello->pre_proc_exts[TLSEXT_IDX_session_ticket];
|
|
|
if (!ticketext->present)
|
|
|
- return TICKET_NONE;
|
|
|
+ return SSL_TICKET_NONE;
|
|
|
|
|
|
size = PACKET_remaining(&ticketext->data);
|
|
|
if (size == 0) {
|
|
@@ -1234,7 +1234,7 @@ TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
|
|
|
* one.
|
|
|
*/
|
|
|
s->ext.ticket_expected = 1;
|
|
|
- return TICKET_EMPTY;
|
|
|
+ return SSL_TICKET_EMPTY;
|
|
|
}
|
|
|
if (s->ext.session_secret_cb) {
|
|
|
/*
|
|
@@ -1243,25 +1243,49 @@ TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
|
|
|
* abbreviated handshake based on external mechanism to
|
|
|
* calculate the master secret later.
|
|
|
*/
|
|
|
- return TICKET_NO_DECRYPT;
|
|
|
+ return SSL_TICKET_NO_DECRYPT;
|
|
|
}
|
|
|
|
|
|
retv = tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size,
|
|
|
hello->session_id, hello->session_id_len, ret);
|
|
|
+
|
|
|
+ /*
|
|
|
+ * If set, the decrypt_ticket_cb() is always called regardless of the
|
|
|
+ * return from tls_decrypt_ticket(). The callback is responsible for
|
|
|
+ * checking |retv| before it performs any action
|
|
|
+ */
|
|
|
+ if (s->session_ctx->decrypt_ticket_cb != NULL) {
|
|
|
+ size_t keyname_len = size;
|
|
|
+
|
|
|
+ if (keyname_len > TLSEXT_KEYNAME_LENGTH)
|
|
|
+ keyname_len = TLSEXT_KEYNAME_LENGTH;
|
|
|
+ retv = s->session_ctx->decrypt_ticket_cb(s, *ret,
|
|
|
+ PACKET_data(&ticketext->data),
|
|
|
+ keyname_len,
|
|
|
+ retv, s->session_ctx->ticket_cb_data);
|
|
|
+ }
|
|
|
+
|
|
|
switch (retv) {
|
|
|
- case TICKET_NO_DECRYPT:
|
|
|
+ case SSL_TICKET_NO_DECRYPT:
|
|
|
s->ext.ticket_expected = 1;
|
|
|
- return TICKET_NO_DECRYPT;
|
|
|
+ return SSL_TICKET_NO_DECRYPT;
|
|
|
+
|
|
|
+ case SSL_TICKET_SUCCESS:
|
|
|
+ return SSL_TICKET_SUCCESS;
|
|
|
|
|
|
- case TICKET_SUCCESS:
|
|
|
- return TICKET_SUCCESS;
|
|
|
+ case SSL_TICKET_SUCCESS_RENEW:
|
|
|
+ s->ext.ticket_expected = 1;
|
|
|
+ return SSL_TICKET_SUCCESS;
|
|
|
|
|
|
- case TICKET_SUCCESS_RENEW:
|
|
|
+ case SSL_TICKET_EMPTY:
|
|
|
s->ext.ticket_expected = 1;
|
|
|
- return TICKET_SUCCESS;
|
|
|
+ return SSL_TICKET_EMPTY;
|
|
|
+
|
|
|
+ case SSL_TICKET_NONE:
|
|
|
+ return SSL_TICKET_NONE;
|
|
|
|
|
|
default:
|
|
|
- return TICKET_FATAL_ERR_OTHER;
|
|
|
+ return SSL_TICKET_FATAL_ERR_OTHER;
|
|
|
}
|
|
|
}
|
|
|
|
|
@@ -1275,15 +1299,15 @@ TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
|
|
|
* psess: (output) on return, if a ticket was decrypted, then this is set to
|
|
|
* point to the resulting session.
|
|
|
*/
|
|
|
-TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
|
|
- size_t eticklen, const unsigned char *sess_id,
|
|
|
- size_t sesslen, SSL_SESSION **psess)
|
|
|
+SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
|
|
+ size_t eticklen, const unsigned char *sess_id,
|
|
|
+ size_t sesslen, SSL_SESSION **psess)
|
|
|
{
|
|
|
SSL_SESSION *sess;
|
|
|
unsigned char *sdec;
|
|
|
const unsigned char *p;
|
|
|
int slen, renew_ticket = 0, declen;
|
|
|
- TICKET_RETURN ret = TICKET_FATAL_ERR_OTHER;
|
|
|
+ SSL_TICKET_RETURN ret = SSL_TICKET_FATAL_ERR_OTHER;
|
|
|
size_t mlen;
|
|
|
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
|
|
|
HMAC_CTX *hctx = NULL;
|
|
@@ -1292,17 +1316,17 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
|
|
|
|
|
/* Need at least keyname + iv */
|
|
|
if (eticklen < TLSEXT_KEYNAME_LENGTH + EVP_MAX_IV_LENGTH) {
|
|
|
- ret = TICKET_NO_DECRYPT;
|
|
|
+ ret = SSL_TICKET_NO_DECRYPT;
|
|
|
goto err;
|
|
|
}
|
|
|
|
|
|
/* Initialize session ticket encryption and HMAC contexts */
|
|
|
hctx = HMAC_CTX_new();
|
|
|
if (hctx == NULL)
|
|
|
- return TICKET_FATAL_ERR_MALLOC;
|
|
|
+ return SSL_TICKET_FATAL_ERR_MALLOC;
|
|
|
ctx = EVP_CIPHER_CTX_new();
|
|
|
if (ctx == NULL) {
|
|
|
- ret = TICKET_FATAL_ERR_MALLOC;
|
|
|
+ ret = SSL_TICKET_FATAL_ERR_MALLOC;
|
|
|
goto err;
|
|
|
}
|
|
|
if (tctx->ext.ticket_key_cb) {
|
|
@@ -1313,7 +1337,7 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
|
|
if (rv < 0)
|
|
|
goto err;
|
|
|
if (rv == 0) {
|
|
|
- ret = TICKET_NO_DECRYPT;
|
|
|
+ ret = SSL_TICKET_NO_DECRYPT;
|
|
|
goto err;
|
|
|
}
|
|
|
if (rv == 2)
|
|
@@ -1322,7 +1346,7 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
|
|
/* Check key name matches */
|
|
|
if (memcmp(etick, tctx->ext.tick_key_name,
|
|
|
TLSEXT_KEYNAME_LENGTH) != 0) {
|
|
|
- ret = TICKET_NO_DECRYPT;
|
|
|
+ ret = SSL_TICKET_NO_DECRYPT;
|
|
|
goto err;
|
|
|
}
|
|
|
if (HMAC_Init_ex(hctx, tctx->ext.tick_hmac_key,
|
|
@@ -1345,7 +1369,7 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
|
|
/* Sanity check ticket length: must exceed keyname + IV + HMAC */
|
|
|
if (eticklen <=
|
|
|
TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + mlen) {
|
|
|
- ret = TICKET_NO_DECRYPT;
|
|
|
+ ret = SSL_TICKET_NO_DECRYPT;
|
|
|
goto err;
|
|
|
}
|
|
|
eticklen -= mlen;
|
|
@@ -1357,7 +1381,7 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
|
|
HMAC_CTX_free(hctx);
|
|
|
if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
|
- return TICKET_NO_DECRYPT;
|
|
|
+ return SSL_TICKET_NO_DECRYPT;
|
|
|
}
|
|
|
/* Attempt to decrypt session data */
|
|
|
/* Move p after IV to start of encrypted ticket, update length */
|
|
@@ -1368,12 +1392,12 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
|
|
(int)eticklen) <= 0) {
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
|
OPENSSL_free(sdec);
|
|
|
- return TICKET_FATAL_ERR_OTHER;
|
|
|
+ return SSL_TICKET_FATAL_ERR_OTHER;
|
|
|
}
|
|
|
if (EVP_DecryptFinal(ctx, sdec + slen, &declen) <= 0) {
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
|
OPENSSL_free(sdec);
|
|
|
- return TICKET_NO_DECRYPT;
|
|
|
+ return SSL_TICKET_NO_DECRYPT;
|
|
|
}
|
|
|
slen += declen;
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
@@ -1387,7 +1411,7 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
|
|
/* Some additional consistency checks */
|
|
|
if (slen != 0 || sess->session_id_length != 0) {
|
|
|
SSL_SESSION_free(sess);
|
|
|
- return TICKET_NO_DECRYPT;
|
|
|
+ return SSL_TICKET_NO_DECRYPT;
|
|
|
}
|
|
|
/*
|
|
|
* The session ID, if non-empty, is used by some clients to detect
|
|
@@ -1400,15 +1424,15 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
|
|
sess->session_id_length = sesslen;
|
|
|
*psess = sess;
|
|
|
if (renew_ticket)
|
|
|
- return TICKET_SUCCESS_RENEW;
|
|
|
+ return SSL_TICKET_SUCCESS_RENEW;
|
|
|
else
|
|
|
- return TICKET_SUCCESS;
|
|
|
+ return SSL_TICKET_SUCCESS;
|
|
|
}
|
|
|
ERR_clear_error();
|
|
|
/*
|
|
|
* For session parse failure, indicate that we need to send a new ticket.
|
|
|
*/
|
|
|
- return TICKET_NO_DECRYPT;
|
|
|
+ return SSL_TICKET_NO_DECRYPT;
|
|
|
err:
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
|
HMAC_CTX_free(hctx);
|