# define SSL_F_TLS_PARSE_CTOS_PSK 505
# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464
# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465
+# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 520
# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445
# define SSL_F_TLS_PARSE_STOC_PSK 502
# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448
# define SSL_R_INVALID_CONFIGURATION_NAME 113
# define SSL_R_INVALID_CT_VALIDATION_TYPE 212
# define SSL_R_INVALID_KEY_UPDATE_TYPE 120
+# define SSL_R_INVALID_MAX_EARLY_DATA 174
# define SSL_R_INVALID_NULL_CMD_NAME 385
# define SSL_R_INVALID_SEQUENCE_NUMBER 402
# define SSL_R_INVALID_SERVERINFO_DATA 388
ASN1_OCTET_STRING *srp_username;
#endif
long flags;
+ uint32_t max_early_data;
} SSL_SESSION_ASN1;
ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
#endif
ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZLONG, 13),
- ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_age_add, ZLONG, 14)
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_age_add, ZLONG, 14),
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, max_early_data, ZLONG, 15)
} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
#endif /* OPENSSL_NO_SRP */
as.flags = in->flags;
+ as.max_early_data = in->ext.max_early_data;
return i2d_SSL_SESSION_ASN1(&as, pp);
#endif /* OPENSSL_NO_SRP */
/* Flags defaults to zero which is fine */
ret->flags = as->flags;
+ ret->ext.max_early_data = as->max_early_data;
M_ASN1_free_of(as, SSL_SESSION_ASN1);
{ERR_FUNC(SSL_F_TLS_PARSE_CTOS_RENEGOTIATE),
"tls_parse_ctos_renegotiate"},
{ERR_FUNC(SSL_F_TLS_PARSE_CTOS_USE_SRTP), "tls_parse_ctos_use_srtp"},
+ {ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO),
+ "tls_parse_stoc_early_data_info"},
{ERR_FUNC(SSL_F_TLS_PARSE_STOC_KEY_SHARE), "tls_parse_stoc_key_share"},
{ERR_FUNC(SSL_F_TLS_PARSE_STOC_PSK), "tls_parse_stoc_psk"},
{ERR_FUNC(SSL_F_TLS_PARSE_STOC_RENEGOTIATE),
{ERR_REASON(SSL_R_INVALID_CT_VALIDATION_TYPE),
"invalid ct validation type"},
{ERR_REASON(SSL_R_INVALID_KEY_UPDATE_TYPE), "invalid key update type"},
+ {ERR_REASON(SSL_R_INVALID_MAX_EARLY_DATA), "invalid max early data"},
{ERR_REASON(SSL_R_INVALID_NULL_CMD_NAME), "invalid null cmd name"},
{ERR_REASON(SSL_R_INVALID_SEQUENCE_NUMBER), "invalid sequence number"},
{ERR_REASON(SSL_R_INVALID_SERVERINFO_DATA), "invalid serverinfo data"},
unsigned long tick_lifetime_hint;
uint32_t tick_age_add;
int tick_identity;
+ /* Max number of bytes that can be sent as early data */
+ uint32_t max_early_data;
} ext;
# ifndef OPENSSL_NO_SRP
char *srp_username;
{
TLSEXT_TYPE_early_data_info,
EXT_TLS1_3_NEW_SESSION_TICKET,
- NULL, NULL, NULL, tls_construct_stoc_early_data_info, NULL, NULL
+ NULL, NULL, tls_parse_stoc_early_data_info,
+ tls_construct_stoc_early_data_info, NULL, NULL
},
#ifndef OPENSSL_NO_EC
{
return 1;
}
+int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context,
+ X509 *x, size_t chainidx, int *al)
+{
+ unsigned long max_early_data;
+
+ if (!PACKET_get_net_4(pkt, &max_early_data)
+ || PACKET_remaining(pkt) != 0) {
+ SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO,
+ SSL_R_INVALID_MAX_EARLY_DATA);
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ s->session->ext.max_early_data = max_early_data;
+
+ return 1;
+}
+
#ifndef OPENSSL_NO_EC
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
X509 *x, size_t chainidx, int *al);
int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al);
+int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context,
+ X509 *x, size_t chainidx, int *al);
#ifndef OPENSSL_NO_EC
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al);
projects / oweals / openssl.git / commitdiff