Session Ticket app data
Adds application data into the encrypted session ticket
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3802)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 8b0d9aa..596fdd4 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1205,8 +1205,8 @@
* s->ctx->ext.ticket_key_cb asked to renew the client's ticket.
* Otherwise, s->ext.ticket_expected is set to 0.
*/
-TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
- SSL_SESSION **ret)
+SSL_TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
+ SSL_SESSION **ret)
{
int retv;
size_t size;
@@ -1221,11 +1221,11 @@
* resumption.
*/
if (s->version <= SSL3_VERSION || !tls_use_ticket(s))
- return TICKET_NONE;
+ return SSL_TICKET_NONE;
ticketext = &hello->pre_proc_exts[TLSEXT_IDX_session_ticket];
if (!ticketext->present)
- return TICKET_NONE;
+ return SSL_TICKET_NONE;
size = PACKET_remaining(&ticketext->data);
if (size == 0) {
@@ -1234,7 +1234,7 @@
* one.
*/
s->ext.ticket_expected = 1;
- return TICKET_EMPTY;
+ return SSL_TICKET_EMPTY;
}
if (s->ext.session_secret_cb) {
/*
@@ -1243,25 +1243,49 @@
* abbreviated handshake based on external mechanism to
* calculate the master secret later.
*/
- return TICKET_NO_DECRYPT;
+ return SSL_TICKET_NO_DECRYPT;
}
retv = tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size,
hello->session_id, hello->session_id_len, ret);
+
+ /*
+ * If set, the decrypt_ticket_cb() is always called regardless of the
+ * return from tls_decrypt_ticket(). The callback is responsible for
+ * checking |retv| before it performs any action
+ */
+ if (s->session_ctx->decrypt_ticket_cb != NULL) {
+ size_t keyname_len = size;
+
+ if (keyname_len > TLSEXT_KEYNAME_LENGTH)
+ keyname_len = TLSEXT_KEYNAME_LENGTH;
+ retv = s->session_ctx->decrypt_ticket_cb(s, *ret,
+ PACKET_data(&ticketext->data),
+ keyname_len,
+ retv, s->session_ctx->ticket_cb_data);
+ }
+
switch (retv) {
- case TICKET_NO_DECRYPT:
+ case SSL_TICKET_NO_DECRYPT:
s->ext.ticket_expected = 1;
- return TICKET_NO_DECRYPT;
+ return SSL_TICKET_NO_DECRYPT;
- case TICKET_SUCCESS:
- return TICKET_SUCCESS;
+ case SSL_TICKET_SUCCESS:
+ return SSL_TICKET_SUCCESS;
- case TICKET_SUCCESS_RENEW:
+ case SSL_TICKET_SUCCESS_RENEW:
s->ext.ticket_expected = 1;
- return TICKET_SUCCESS;
+ return SSL_TICKET_SUCCESS;
+
+ case SSL_TICKET_EMPTY:
+ s->ext.ticket_expected = 1;
+ return SSL_TICKET_EMPTY;
+
+ case SSL_TICKET_NONE:
+ return SSL_TICKET_NONE;
default:
- return TICKET_FATAL_ERR_OTHER;
+ return SSL_TICKET_FATAL_ERR_OTHER;
}
}
@@ -1275,15 +1299,15 @@
* psess: (output) on return, if a ticket was decrypted, then this is set to
* point to the resulting session.
*/
-TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
- size_t eticklen, const unsigned char *sess_id,
- size_t sesslen, SSL_SESSION **psess)
+SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+ size_t eticklen, const unsigned char *sess_id,
+ size_t sesslen, SSL_SESSION **psess)
{
SSL_SESSION *sess;
unsigned char *sdec;
const unsigned char *p;
int slen, renew_ticket = 0, declen;
- TICKET_RETURN ret = TICKET_FATAL_ERR_OTHER;
+ SSL_TICKET_RETURN ret = SSL_TICKET_FATAL_ERR_OTHER;
size_t mlen;
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
HMAC_CTX *hctx = NULL;
@@ -1292,17 +1316,17 @@
/* Need at least keyname + iv */
if (eticklen < TLSEXT_KEYNAME_LENGTH + EVP_MAX_IV_LENGTH) {
- ret = TICKET_NO_DECRYPT;
+ ret = SSL_TICKET_NO_DECRYPT;
goto err;
}
/* Initialize session ticket encryption and HMAC contexts */
hctx = HMAC_CTX_new();
if (hctx == NULL)
- return TICKET_FATAL_ERR_MALLOC;
+ return SSL_TICKET_FATAL_ERR_MALLOC;
ctx = EVP_CIPHER_CTX_new();
if (ctx == NULL) {
- ret = TICKET_FATAL_ERR_MALLOC;
+ ret = SSL_TICKET_FATAL_ERR_MALLOC;
goto err;
}
if (tctx->ext.ticket_key_cb) {
@@ -1313,7 +1337,7 @@
if (rv < 0)
goto err;
if (rv == 0) {
- ret = TICKET_NO_DECRYPT;
+ ret = SSL_TICKET_NO_DECRYPT;
goto err;
}
if (rv == 2)
@@ -1322,7 +1346,7 @@
/* Check key name matches */
if (memcmp(etick, tctx->ext.tick_key_name,
TLSEXT_KEYNAME_LENGTH) != 0) {
- ret = TICKET_NO_DECRYPT;
+ ret = SSL_TICKET_NO_DECRYPT;
goto err;
}
if (HMAC_Init_ex(hctx, tctx->ext.tick_hmac_key,
@@ -1345,7 +1369,7 @@
/* Sanity check ticket length: must exceed keyname + IV + HMAC */
if (eticklen <=
TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + mlen) {
- ret = TICKET_NO_DECRYPT;
+ ret = SSL_TICKET_NO_DECRYPT;
goto err;
}
eticklen -= mlen;
@@ -1357,7 +1381,7 @@
HMAC_CTX_free(hctx);
if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
EVP_CIPHER_CTX_free(ctx);
- return TICKET_NO_DECRYPT;
+ return SSL_TICKET_NO_DECRYPT;
}
/* Attempt to decrypt session data */
/* Move p after IV to start of encrypted ticket, update length */
@@ -1368,12 +1392,12 @@
(int)eticklen) <= 0) {
EVP_CIPHER_CTX_free(ctx);
OPENSSL_free(sdec);
- return TICKET_FATAL_ERR_OTHER;
+ return SSL_TICKET_FATAL_ERR_OTHER;
}
if (EVP_DecryptFinal(ctx, sdec + slen, &declen) <= 0) {
EVP_CIPHER_CTX_free(ctx);
OPENSSL_free(sdec);
- return TICKET_NO_DECRYPT;
+ return SSL_TICKET_NO_DECRYPT;
}
slen += declen;
EVP_CIPHER_CTX_free(ctx);
@@ -1387,7 +1411,7 @@
/* Some additional consistency checks */
if (slen != 0 || sess->session_id_length != 0) {
SSL_SESSION_free(sess);
- return TICKET_NO_DECRYPT;
+ return SSL_TICKET_NO_DECRYPT;
}
/*
* The session ID, if non-empty, is used by some clients to detect
@@ -1400,15 +1424,15 @@
sess->session_id_length = sesslen;
*psess = sess;
if (renew_ticket)
- return TICKET_SUCCESS_RENEW;
+ return SSL_TICKET_SUCCESS_RENEW;
else
- return TICKET_SUCCESS;
+ return SSL_TICKET_SUCCESS;
}
ERR_clear_error();
/*
* For session parse failure, indicate that we need to send a new ticket.
*/
- return TICKET_NO_DECRYPT;
+ return SSL_TICKET_NO_DECRYPT;
err:
EVP_CIPHER_CTX_free(ctx);
HMAC_CTX_free(hctx);
