Move TLSv1.3 Session Ticket processing into the state machine (cc2455bf) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/record/rec_layer_s3.c

+0 −10

Original line number	Diff line number	Diff line
		@@ -1372,16 +1372,6 @@ int ssl3_read_bytes(SSL s, int type, int recvd_type, unsigned char *buf,
		}
		}

		/*
		* TODO(TLS1.3): Temporarily we will just ignore NewSessionTicket messages.
		* Later we will want to process them.
		*/
		if (!s->server && SSL_IS_TLS13(s) && s->rlayer.handshake_fragment_len >= 4
		&& s->rlayer.handshake_fragment[0] == SSL3_MT_NEWSESSION_TICKET) {
		SSL3_RECORD_set_read(rr);
		goto start;
		}

		/*-
		* s->rlayer.handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
		* s->rlayer.alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.

+20 −0

Original line number	Diff line number	Diff line
		@@ -181,6 +181,13 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt)
		return 1;
		}
		break;

		case TLS_ST_OK:
		if (mt == SSL3_MT_NEWSESSION_TICKET) {
		st->hand_state = TLS_ST_CR_SESSION_TICKET;
		return 1;
		}
		break;
		}

		/* No valid transition found */
		@@ -406,10 +413,15 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
		st->hand_state = TLS_ST_CW_FINISHED;
		return WRITE_TRAN_CONTINUE;

		case TLS_ST_CR_SESSION_TICKET:
		case TLS_ST_CW_FINISHED:
		st->hand_state = TLS_ST_OK;
		ossl_statem_set_in_init(s, 0);
		return WRITE_TRAN_CONTINUE;

		case TLS_ST_OK:
		/* Just go straight to trying to read from the server */
		return WRITE_TRAN_FINISHED;
		}
		}

		@@ -845,6 +857,8 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL s, PACKET pkt)
		return tls_process_change_cipher_spec(s, pkt);

		case TLS_ST_CR_SESSION_TICKET:
		if (SSL_IS_TLS13(s))
		return tls13_process_new_session_ticket(s, pkt);
		return tls_process_new_session_ticket(s, pkt);

		case TLS_ST_CR_FINISHED:
		@@ -2269,6 +2283,12 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL s, PACKET pkt)
		return MSG_PROCESS_ERROR;
		}

		MSG_PROCESS_RETURN tls13_process_new_session_ticket(SSL s, PACKET pkt)
		{
		/* TODO(TLS1.3): For now we just ignore these. This needs implementing */
		return MSG_PROCESS_FINISHED_READING;
		}

		/*
		* In TLSv1.3 this is called from the extensions code, otherwise it is used to
		* parse a separate message. Returns 1 on success or 0 on failure. On failure

+1 −0

Original line number	Diff line number	Diff line
		@@ -115,6 +115,7 @@ __owur int tls_construct_client_hello(SSL s, WPACKET pkt);
		__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL s, PACKET pkt);
		__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL s, PACKET pkt);
		__owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL s, PACKET pkt);
		__owur MSG_PROCESS_RETURN tls13_process_new_session_ticket(SSL s, PACKET pkt);
		__owur int tls_process_cert_status_body(SSL s, PACKET pkt, int *al);
		__owur MSG_PROCESS_RETURN tls_process_cert_status(SSL s, PACKET pkt);
		__owur MSG_PROCESS_RETURN tls_process_server_done(SSL s, PACKET pkt);

Original line number	Diff line number	Diff line
		@@ -115,6 +115,7 @@ __owur int tls_construct_client_hello(SSL s, WPACKET pkt);
		__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL s, PACKET pkt);
		__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL s, PACKET pkt);
		__owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL s, PACKET pkt);
		__owur MSG_PROCESS_RETURN tls13_process_new_session_ticket(SSL s, PACKET pkt);
		__owur int tls_process_cert_status_body(SSL s, PACKET pkt, int *al);
		__owur MSG_PROCESS_RETURN tls_process_cert_status(SSL s, PACKET pkt);
		__owur MSG_PROCESS_RETURN tls_process_server_done(SSL s, PACKET pkt);