commit 9b6a82546151d6f971628e2d7828752ee47bfef7
author Matt Caswell <matt@openssl.org> Wed Jul 05 08:45:46 2017 +0100
committer Matt Caswell <matt@openssl.org> Fri Jul 07 15:02:09 2017 +0100
tree d06ef726a463be94649301639b19307a59260fc0
parent 07ff590f8f2d0affcd89afad103274100bb5705b

Send and receive the ticket_nonce field in a NewSessionTicket

This just adds the processing for sending and receiving the newly added
ticket_nonce field. It doesn't actually use it yet.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)

ssl/statem/statem_clnt.c

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 53aa1dc..e6c7226 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2421,9 +2421,15 @@
     unsigned long ticket_lifetime_hint, age_add = 0;
     unsigned int sess_len;
     RAW_EXTENSION *exts = NULL;
+    PACKET nonce;
 
     if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint)
-        || (SSL_IS_TLS13(s) && !PACKET_get_net_4(pkt, &age_add))
+        || (SSL_IS_TLS13(s)
+            && (!PACKET_get_net_4(pkt, &age_add)
+                || !PACKET_get_length_prefixed_1(pkt, &nonce)
+                || PACKET_remaining(&nonce) == 0
+                || !PACKET_memdup(&nonce, &s->session->ext.tick_nonce,
+                                  &s->session->ext.tick_nonce_len)))
         || !PACKET_get_net_2(pkt, &ticklen)
         || (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) != ticklen)
         || (SSL_IS_TLS13(s)

ssl/statem/statem_srvr.c

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 05405b0..cfe6f51 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3381,6 +3381,19 @@
         if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0)
             goto err;
         s->session->ext.tick_age_add = age_add_u.age_add;
+       /*
+        * ticket_nonce is set to a single 0 byte because we only ever send a
+        * single ticket per connection. IMPORTANT: If we ever support multiple
+        * tickets per connection then this will need to be changed.
+        */
+        OPENSSL_free(s->session->ext.tick_nonce);
+        s->session->ext.tick_nonce = OPENSSL_zalloc(sizeof(char));
+        if (s->session->ext.tick_nonce == NULL) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+                   ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        s->session->ext.tick_nonce_len = 1;
         s->session->time = (long)time(NULL);
         if (s->s3->alpn_selected != NULL) {
             OPENSSL_free(s->session->ext.alpn_selected);
@@ -3497,7 +3510,11 @@
                                (s->hit && !SSL_IS_TLS13(s))
                                ? 0 : s->session->timeout)
             || (SSL_IS_TLS13(s)
-                && !WPACKET_put_bytes_u32(pkt, age_add_u.age_add))
+                && (!WPACKET_put_bytes_u32(pkt, age_add_u.age_add)
+                       /* ticket_nonce */
+                    || !WPACKET_start_sub_packet_u8(pkt)
+                    || !WPACKET_put_bytes_u8(pkt, 0)
+                    || !WPACKET_close(pkt)))
                /* Now the actual ticket data */
             || !WPACKET_start_sub_packet_u16(pkt)
             || !WPACKET_get_total_written(pkt, &macoffset)