Enable the ability to use an external PSK for sending early_data (add8d0e9) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

apps/s_client.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -2600,8 +2600,10 @@ int s_client_main(int argc, char **argv)
		}

		if (early_data_file != NULL
		&& SSL_get0_session(con) != NULL
		&& SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0) {
		&& ((SSL_get0_session(con) != NULL
		&& SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0)
		\|\| (psksess != NULL
		&& SSL_SESSION_get_max_early_data(psksess) > 0))) {
		BIO *edfile = BIO_new_file(early_data_file, "r");
		size_t readbytes, writtenbytes;
		int finish = 0;

+14 −5

Original line number	Diff line number	Diff line
		@@ -104,15 +104,24 @@ static int ssl3_record_app_data_waiting(SSL *s)
		int early_data_count_ok(SSL s, size_t length, size_t overhead, int al)
		{
		uint32_t max_early_data = s->max_early_data;
		SSL_SESSION *sess = s->session;

		/*
		* If we are a client then we always use the max_early_data from the
		* session. Otherwise we go with the lowest out of the max early data set in
		* the session and the configured max_early_data.
		* session/psksession. Otherwise we go with the lowest out of the max early
		* data set in the session and the configured max_early_data.
		*/
		if (!s->server \|\| (s->hit
		&& s->session->ext.max_early_data < s->max_early_data))
		max_early_data = s->session->ext.max_early_data;
		if (!s->server && sess->ext.max_early_data == 0) {
		if (!ossl_assert(s->psksession != NULL
		&& s->psksession->ext.max_early_data > 0)) {
		SSLerr(SSL_F_EARLY_DATA_COUNT_OK, ERR_R_INTERNAL_ERROR);
		return 0;
		}
		sess = s->psksession;
		}
		if (!s->server
		\|\| (s->hit && sess->ext.max_early_data < s->max_early_data))
		max_early_data = sess->ext.max_early_data;

		if (max_early_data == 0) {
		if (al != NULL)

+4 −1

Original line number	Diff line number	Diff line
		@@ -58,7 +58,10 @@ int tls13_enc(SSL s, SSL3_RECORD recs, size_t n_recs, int sending)

		if (s->early_data_state == SSL_EARLY_DATA_WRITING
		\|\| s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
		if (s->session != NULL && s->session->ext.max_early_data > 0)
		alg_enc = s->session->cipher->algorithm_enc;
		else
		alg_enc = s->psksession->cipher->algorithm_enc;
		} else {
		/*
		* To get here we must have selected a ciphersuite - otherwise ctx would

+6 −2

Original line number	Diff line number	Diff line
		@@ -534,6 +534,9 @@ int SSL_clear(SSL *s)
		}
		SSL_SESSION_free(s->psksession);
		s->psksession = NULL;
		OPENSSL_free(s->psksession_id);
		s->psksession_id = NULL;
		s->psksession_id_len = 0;

		s->error = 0;
		s->hit = 0;
		@@ -1097,6 +1100,7 @@ void SSL_free(SSL *s)
		SSL_SESSION_free(s->session);
		}
		SSL_SESSION_free(s->psksession);
		OPENSSL_free(s->psksession_id);

		clear_ciphers(s);

		@@ -1910,8 +1914,8 @@ int SSL_write_early_data(SSL s, const void buf, size_t num, size_t *written)
		case SSL_EARLY_DATA_NONE:
		if (s->server
		\|\| !SSL_in_before(s)
		\|\| s->session == NULL
		\|\| s->session->ext.max_early_data == 0) {
		\|\| ((s->session == NULL \|\| s->session->ext.max_early_data == 0)
		&& (s->psk_use_session_cb == NULL))) {
		SSLerr(SSL_F_SSL_WRITE_EARLY_DATA,
		ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		return 0;

+2 −0

Original line number	Diff line number	Diff line
		@@ -1119,6 +1119,8 @@ struct ssl_st {
		SSL_SESSION *session;
		/* TLSv1.3 PSK session */
		SSL_SESSION *psksession;
		unsigned char *psksession_id;
		size_t psksession_id_len;
		/* Default generate session ID callback. */
		GEN_SESSION_CB generate_session_id;
		/* Used in SSL3 */