/* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */
typedef enum ticket_en {
+ /* fatal error, malloc failure */
TICKET_FATAL_ERR_MALLOC,
+ /* fatal error, either from parsing or decrypting the ticket */
TICKET_FATAL_ERR_OTHER,
+ /* No ticket present */
TICKET_NONE,
+ /* Empty ticket present */
TICKET_EMPTY,
+ /* the ticket couldn't be decrypted */
TICKET_NO_DECRYPT,
+ /* a ticket was successfully decrypted */
TICKET_SUCCESS,
+ /* same as above but the ticket needs to be reneewed */
TICKET_SUCCESS_RENEW
} TICKET_RETURN;
int *al)
{
#ifndef OPENSSL_NO_TLS1_3
- uint32_t now, ages, agems;
+ uint32_t now, agesec, agems;
size_t hashsize, binderoffset, msglen;
unsigned char *binder = NULL, *msgstart = NULL;
const EVP_MD *md;
|| s->session->ext.ticklen == 0)
return 1;
+ if (s->session->cipher == NULL) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
md = ssl_md(s->session->cipher->algorithm2);
if (md == NULL) {
/* Don't recognise this cipher so we can't use the session. Ignore it */
* in the code, so portability shouldn't be an issue.
*/
now = (uint32_t)time(NULL);
- ages = now - (uint32_t)s->session->time;
+ agesec = now - (uint32_t)s->session->time;
- if (s->session->ext.tick_lifetime_hint < ages) {
+ if (s->session->ext.tick_lifetime_hint < agesec) {
/* Ticket is too old. Ignore it. */
return 1;
}
* Calculate age in ms. We're just doing it to nearest second. Should be
* good enough.
*/
- agems = ages * (uint32_t)1000;
+ agems = agesec * (uint32_t)1000;
- if (ages != 0 && agems / (uint32_t)1000 != ages) {
+ if (agesec != 0 && agems / (uint32_t)1000 != agesec) {
/*
* Overflow. Shouldn't happen unless this is a *really* old session. If
* so we just ignore it.
*/
agems += s->session->ext.tick_age_add;
- if (s->session->cipher == NULL) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
hashsize = EVP_MD_size(md);
/* Create the extension, but skip over the binder for now */
* sesslen: the length of the session ID.
* psess: (output) on return, if a ticket was decrypted, then this is set to
* point to the resulting session.
- *
- * Returns:
- * TICKET_FATAL_ERR_MALLOC: fatal error, malloc failure.
- * TICKET_FATAL_ERR_OTHER: fatal error, either from parsing or decrypting the
- * ticket.
- * TICKET_NO_DECRYPT: the ticket couldn't be decrypted.
- * TICKET_SUCCESS: a ticket was successfully decrypted and *psess was
- * set.
- * TICKET_SUCCESS_RENEW: same as 3, but the ticket needs to be renewed
*/
TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
size_t eticklen, const unsigned char *sess_id,
projects / oweals / openssl.git / commitdiff