Various style fixes following review feedback (40f805ad) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/ssl_locl.h

+7 −0

Original line number	Diff line number	Diff line
		@@ -2197,12 +2197,19 @@ __owur int tls1_set_server_sigalgs(SSL *s);

		/* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */
		typedef enum ticket_en {
		/* fatal error, malloc failure */
		TICKET_FATAL_ERR_MALLOC,
		/* fatal error, either from parsing or decrypting the ticket */
		TICKET_FATAL_ERR_OTHER,
		/* No ticket present */
		TICKET_NONE,
		/* Empty ticket present */
		TICKET_EMPTY,
		/* the ticket couldn't be decrypted */
		TICKET_NO_DECRYPT,
		/* a ticket was successfully decrypted */
		TICKET_SUCCESS,
		/* same as above but the ticket needs to be reneewed */
		TICKET_SUCCESS_RENEW
		} TICKET_RETURN;

ssl/ssl_sess.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -640,9 +640,9 @@ int ssl_get_prev_session(SSL s, CLIENTHELLO_MSG hello, int *al)
		if (fatal) {
		*al = SSL_AD_INTERNAL_ERROR;
		return -1;
		} else {
		return 0;
		}

		return 0;
		}

		int SSL_CTX_add_session(SSL_CTX ctx, SSL_SESSION c)

ssl/statem/extensions_clnt.c

+10 −10

Original line number	Diff line number	Diff line
		@@ -666,7 +666,7 @@ int tls_construct_ctos_psk(SSL s, WPACKET pkt, X509 *x, size_t chainidx,
		int *al)
		{
		#ifndef OPENSSL_NO_TLS1_3
		uint32_t now, ages, agems;
		uint32_t now, agesec, agems;
		size_t hashsize, binderoffset, msglen;
		unsigned char binder = NULL, msgstart = NULL;
		const EVP_MD *md;
		@@ -682,6 +682,11 @@ int tls_construct_ctos_psk(SSL s, WPACKET pkt, X509 *x, size_t chainidx,
		\|\| s->session->ext.ticklen == 0)
		return 1;

		if (s->session->cipher == NULL) {
		SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);
		goto err;
		}

		md = ssl_md(s->session->cipher->algorithm2);
		if (md == NULL) {
		/* Don't recognise this cipher so we can't use the session. Ignore it */
		@@ -696,9 +701,9 @@ int tls_construct_ctos_psk(SSL s, WPACKET pkt, X509 *x, size_t chainidx,
		* in the code, so portability shouldn't be an issue.
		*/
		now = (uint32_t)time(NULL);
		ages = now - (uint32_t)s->session->time;
		agesec = now - (uint32_t)s->session->time;

		if (s->session->ext.tick_lifetime_hint < ages) {
		if (s->session->ext.tick_lifetime_hint < agesec) {
		/* Ticket is too old. Ignore it. */
		return 1;
		}
		@@ -707,9 +712,9 @@ int tls_construct_ctos_psk(SSL s, WPACKET pkt, X509 *x, size_t chainidx,
		* Calculate age in ms. We're just doing it to nearest second. Should be
		* good enough.
		*/
		agems = ages * (uint32_t)1000;
		agems = agesec * (uint32_t)1000;

		if (ages != 0 && agems / (uint32_t)1000 != ages) {
		if (agesec != 0 && agems / (uint32_t)1000 != agesec) {
		/*
		* Overflow. Shouldn't happen unless this is a really old session. If
		* so we just ignore it.
		@@ -723,11 +728,6 @@ int tls_construct_ctos_psk(SSL s, WPACKET pkt, X509 *x, size_t chainidx,
		*/
		agems += s->session->ext.tick_age_add;

		if (s->session->cipher == NULL) {
		SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);
		goto err;
		}

		hashsize = EVP_MD_size(md);

		/* Create the extension, but skip over the binder for now */

ssl/t1_lib.c

+0 −9

Original line number	Diff line number	Diff line
		@@ -1118,15 +1118,6 @@ TICKET_RETURN tls_get_ticket_from_client(SSL s, CLIENTHELLO_MSG hello,
		* sesslen: the length of the session ID.
		* psess: (output) on return, if a ticket was decrypted, then this is set to
		* point to the resulting session.
		*
		* Returns:
		* TICKET_FATAL_ERR_MALLOC: fatal error, malloc failure.
		* TICKET_FATAL_ERR_OTHER: fatal error, either from parsing or decrypting the
		* ticket.
		* TICKET_NO_DECRYPT: the ticket couldn't be decrypted.
		* TICKET_SUCCESS: a ticket was successfully decrypted and *psess was
		* set.
		* TICKET_SUCCESS_RENEW: same as 3, but the ticket needs to be renewed
		*/
		TICKET_RETURN tls_decrypt_ticket(SSL s, const unsigned char etick,
		size_t eticklen, const unsigned char *sess_id,