Google Git
Sign in
flutter / third_party / openssl / 12bf56c017a34bd0d5fc6d817564ae49d0a9e861^! / . / ssl / t1_lib.c
commit12bf56c017a34bd0d5fc6d817564ae49d0a9e861[log] [tgz]
authorDr. Stephen Henson <steve@openssl.org>Sat Nov 15 17:18:12 2008 +0000
committerDr. Stephen Henson <steve@openssl.org>Sat Nov 15 17:18:12 2008 +0000
tree09b94269d5872083636a81b6c0c3e6b83ada6c55
parent93c4ba07d715fc8e3bad982ef4ea33e90d6a344e [diff] [blame]
PR: 1574
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dc0396c..e6ba33d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -154,6 +154,12 @@
 
 void tls1_free(SSL *s)
 	{
+#ifndef OPENSSL_NO_TLSEXT
+	if (s->tlsext_session_ticket)
+		{
+		OPENSSL_free(s->tlsext_session_ticket);
+		}
+#endif /* OPENSSL_NO_TLSEXT */
 	ssl3_free(s);
 	}
 
@@ -357,8 +363,23 @@
 		int ticklen;
 		if (s->session && s->session->tlsext_tick)
 			ticklen = s->session->tlsext_ticklen;
+		else if (s->session && s->tlsext_session_ticket &&
+			 s->tlsext_session_ticket->data)
+			{
+			ticklen = s->tlsext_session_ticket->length;
+			s->session->tlsext_tick = OPENSSL_malloc(ticklen);
+			if (!s->session->tlsext_tick)
+				return NULL;
+			memcpy(s->session->tlsext_tick,
+			       s->tlsext_session_ticket->data,
+			       ticklen);
+			s->session->tlsext_ticklen = ticklen;
+			}
 		else
 			ticklen = 0;
+		if (ticklen == 0 && s->tlsext_session_ticket &&
+		    s->tlsext_session_ticket->data == NULL)
+			goto skip_ext;
 		/* Check for enough room 2 for extension type, 2 for len
  		 * rest for ticket
   		 */
@@ -371,6 +392,7 @@
 			ret += ticklen;
 			}
 		}
+		skip_ext:
 
 #ifdef TLSEXT_TYPE_opaque_prf_input
 	if (s->s3->client_opaque_prf_input != NULL)
@@ -751,6 +773,15 @@
 				}
 			}
 #endif
+		else if (type == TLSEXT_TYPE_session_ticket)
+			{
+			if (s->tls_session_ticket_ext_cb &&
+			    !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
+				{
+				*al = TLS1_AD_INTERNAL_ERROR;
+				return 0;
+				}
+			}
 		else if (type == TLSEXT_TYPE_status_request
 						&& s->ctx->tlsext_status_cb)
 			{
@@ -928,6 +959,12 @@
 
 		else if (type == TLSEXT_TYPE_session_ticket)
 			{
+			if (s->tls_session_ticket_ext_cb &&
+			    !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
+				{
+				*al = TLS1_AD_INTERNAL_ERROR;
+				return 0;
+				}
 			if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
 				|| (size > 0))
 				{
@@ -1435,6 +1472,15 @@
 				s->tlsext_ticket_expected = 1;
 				return 0;	/* Cache miss */
 				}
+			if (s->tls_session_secret_cb)
+				{
+				/* Indicate cache miss here and instead of
+				 * generating the session from ticket now,
+				 * trigger abbreviated handshake based on
+				 * external mechanism to calculate the master
+				 * secret later. */
+				return 0;
+				}
 			return tls_decrypt_ticket(s, p, size, session_id, len,
 									ret);
 			}