Parse the ticket_early_data_info extension (5d5b3fba) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

include/openssl/ssl.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -2382,6 +2382,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLS_PARSE_CTOS_PSK 505
		# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464
		# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465
		# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 520
		# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445
		# define SSL_F_TLS_PARSE_STOC_PSK 502
		# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448
		@@ -2525,6 +2526,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_R_INVALID_CONFIGURATION_NAME 113
		# define SSL_R_INVALID_CT_VALIDATION_TYPE 212
		# define SSL_R_INVALID_KEY_UPDATE_TYPE 120
		# define SSL_R_INVALID_MAX_EARLY_DATA 174
		# define SSL_R_INVALID_NULL_CMD_NAME 385
		# define SSL_R_INVALID_SEQUENCE_NUMBER 402
		# define SSL_R_INVALID_SERVERINFO_DATA 388

+5 −1

Original line number	Diff line number	Diff line
		@@ -65,6 +65,7 @@ typedef struct {
		ASN1_OCTET_STRING *srp_username;
		#endif
		long flags;
		uint32_t max_early_data;
		} SSL_SESSION_ASN1;

		ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
		@@ -91,7 +92,8 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
		ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
		#endif
		ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZLONG, 13),
		ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_age_add, ZLONG, 14)
		ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_age_add, ZLONG, 14),
		ASN1_EXP_OPT(SSL_SESSION_ASN1, max_early_data, ZLONG, 15)
		} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)

		IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
		@@ -203,6 +205,7 @@ int i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
		#endif /* OPENSSL_NO_SRP */

		as.flags = in->flags;
		as.max_early_data = in->ext.max_early_data;

		return i2d_SSL_SESSION_ASN1(&as, pp);

		@@ -357,6 +360,7 @@ SSL_SESSION d2i_SSL_SESSION(SSL_SESSION a, const unsigned char *pp,
		#endif /* OPENSSL_NO_SRP */
		/* Flags defaults to zero which is fine */
		ret->flags = as->flags;
		ret->ext.max_early_data = as->max_early_data;

		M_ASN1_free_of(as, SSL_SESSION_ASN1);

+3 −0

Original line number	Diff line number	Diff line
		@@ -392,6 +392,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
		{ERR_FUNC(SSL_F_TLS_PARSE_CTOS_RENEGOTIATE),
		"tls_parse_ctos_renegotiate"},
		{ERR_FUNC(SSL_F_TLS_PARSE_CTOS_USE_SRTP), "tls_parse_ctos_use_srtp"},
		{ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO),
		"tls_parse_stoc_early_data_info"},
		{ERR_FUNC(SSL_F_TLS_PARSE_STOC_KEY_SHARE), "tls_parse_stoc_key_share"},
		{ERR_FUNC(SSL_F_TLS_PARSE_STOC_PSK), "tls_parse_stoc_psk"},
		{ERR_FUNC(SSL_F_TLS_PARSE_STOC_RENEGOTIATE),
		@@ -587,6 +589,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
		{ERR_REASON(SSL_R_INVALID_CT_VALIDATION_TYPE),
		"invalid ct validation type"},
		{ERR_REASON(SSL_R_INVALID_KEY_UPDATE_TYPE), "invalid key update type"},
		{ERR_REASON(SSL_R_INVALID_MAX_EARLY_DATA), "invalid max early data"},
		{ERR_REASON(SSL_R_INVALID_NULL_CMD_NAME), "invalid null cmd name"},
		{ERR_REASON(SSL_R_INVALID_SEQUENCE_NUMBER), "invalid sequence number"},
		{ERR_REASON(SSL_R_INVALID_SERVERINFO_DATA), "invalid serverinfo data"},

+2 −0

Original line number	Diff line number	Diff line
		@@ -575,6 +575,8 @@ struct ssl_session_st {
		unsigned long tick_lifetime_hint;
		uint32_t tick_age_add;
		int tick_identity;
		/* Max number of bytes that can be sent as early data */
		uint32_t max_early_data;
		} ext;
		# ifndef OPENSSL_NO_SRP
		char *srp_username;

+2 −1

Original line number	Diff line number	Diff line
		@@ -132,7 +132,8 @@ static const EXTENSION_DEFINITION ext_defs[] = {
		{
		TLSEXT_TYPE_early_data_info,
		EXT_TLS1_3_NEW_SESSION_TICKET,
		NULL, NULL, NULL, tls_construct_stoc_early_data_info, NULL, NULL
		NULL, NULL, tls_parse_stoc_early_data_info,
		tls_construct_stoc_early_data_info, NULL, NULL
		},
		#ifndef OPENSSL_NO_EC
		{