Respect SSL_OP_NO_TICKET in TLSv1.3 (6cc0b3c2) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/err/openssl.txt

+3 −0

Original line number	Diff line number	Diff line
		@@ -1089,7 +1089,10 @@ SSL_F_CHECK_SUITEB_CIPHER_LIST:331:check_suiteb_cipher_list
		SSL_F_CIPHERSUITE_CB:622:ciphersuite_cb
		SSL_F_CONSTRUCT_CA_NAMES:552:construct_ca_names
		SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS:553:construct_key_exchange_tbs
		SSL_F_CONSTRUCT_STATEFUL_TICKET:636:construct_stateful_ticket
		SSL_F_CONSTRUCT_STATELESS_TICKET:637:construct_stateless_ticket
		SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH:539:create_synthetic_message_hash
		SSL_F_CREATE_TICKET_PREQUEL:638:create_ticket_prequel
		SSL_F_CT_MOVE_SCTS:345:ct_move_scts
		SSL_F_CT_STRICT:349:ct_strict
		SSL_F_CUSTOM_EXT_ADD:554:custom_ext_add

+3 −1

Original line number	Diff line number	Diff line
		@@ -26,8 +26,10 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_CIPHERSUITE_CB 622
		# define SSL_F_CONSTRUCT_CA_NAMES 552
		# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553
		# define SSL_F_CONSTRUCT_STATEFUL_TICKET 636
		# define SSL_F_CONSTRUCT_STATELESS_TICKET 637
		# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539
		# define SSL_F_CREATE_TICKET_PREQUEL 636
		# define SSL_F_CREATE_TICKET_PREQUEL 638
		# define SSL_F_CT_MOVE_SCTS 345
		# define SSL_F_CT_STRICT 349
		# define SSL_F_CUSTOM_EXT_ADD 554

+4 −0

Original line number	Diff line number	Diff line
		@@ -24,6 +24,10 @@ static const ERR_STRING_DATA SSL_str_functs[] = {
		{ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_CA_NAMES, 0), "construct_ca_names"},
		{ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS, 0),
		"construct_key_exchange_tbs"},
		{ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATEFUL_TICKET, 0),
		"construct_stateful_ticket"},
		{ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATELESS_TICKET, 0),
		"construct_stateless_ticket"},
		{ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH, 0),
		"create_synthetic_message_hash"},
		{ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_TICKET_PREQUEL, 0),

+6 −3

Original line number	Diff line number	Diff line
		@@ -3369,18 +3369,21 @@ void ssl_update_cache(SSL *s, int mode)
		&& (!s->hit \|\| SSL_IS_TLS13(s))) {
		/*
		* Add the session to the internal cache. In server side TLSv1.3 we
		* normally don't do this because its a full stateless ticket with only
		* a dummy session id so there is no reason to cache it, unless:
		* normally don't do this because by default it's a full stateless ticket
		* with only a dummy session id so there is no reason to cache it,
		* unless:
		* - we are doing early_data, in which case we cache so that we can
		* detect replays
		* - the application has set a remove_session_cb so needs to know about
		* session timeout events
		* - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
		*/
		if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
		&& (!SSL_IS_TLS13(s)
		\|\| !s->server
		\|\| s->max_early_data > 0
		\|\| s->session_ctx->remove_session_cb != NULL))
		\|\| s->session_ctx->remove_session_cb != NULL
		\|\| (s->options & SSL_OP_NO_TICKET) != 0))
		SSL_CTX_add_session(s->session_ctx, s->session);

		/*

+2 −0

Original line number	Diff line number	Diff line
		@@ -2212,6 +2212,8 @@ void ssl_cert_clear_certs(CERT *c);
		void ssl_cert_free(CERT *c);
		__owur int ssl_generate_session_id(SSL s, SSL_SESSION ss);
		__owur int ssl_get_new_session(SSL *s, int session);
		__owur SSL_SESSION lookup_sess_in_cache(SSL s, const unsigned char *sess_id,
		size_t sess_id_len);
		__owur int ssl_get_prev_session(SSL s, CLIENTHELLO_MSG hello);
		__owur SSL_SESSION ssl_session_dup(SSL_SESSION src, int ticket);
		__owur int ssl_cipher_id_cmp(const SSL_CIPHER a, const SSL_CIPHER b);