# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464
# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465
# define SSL_F_TLS_PARSE_STOC_COOKIE 534
+# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538
# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528
# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445
# define SSL_F_TLS_PARSE_STOC_PSK 502
# define TLSEXT_TYPE_supported_versions 43
# define TLSEXT_TYPE_cookie 44
# define TLSEXT_TYPE_psk_kex_modes 45
-# define TLSEXT_TYPE_early_data_info 46
/* Temporary extension type */
# define TLSEXT_TYPE_renegotiate 0xff01
"tls_parse_ctos_renegotiate"},
{ERR_FUNC(SSL_F_TLS_PARSE_CTOS_USE_SRTP), "tls_parse_ctos_use_srtp"},
{ERR_FUNC(SSL_F_TLS_PARSE_STOC_COOKIE), "tls_parse_stoc_cookie"},
+ {ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA), "tls_parse_stoc_early_data"},
{ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO),
"tls_parse_stoc_early_data_info"},
{ERR_FUNC(SSL_F_TLS_PARSE_STOC_KEY_SHARE), "tls_parse_stoc_key_share"},
TLSEXT_IDX_renegotiate,
TLSEXT_IDX_server_name,
TLSEXT_IDX_srp,
- TLSEXT_IDX_early_data_info,
TLSEXT_IDX_ec_point_formats,
TLSEXT_IDX_supported_groups,
TLSEXT_IDX_session_ticket,
#else
INVALID_EXTENSION,
#endif
- {
- TLSEXT_TYPE_early_data_info,
- EXT_TLS1_3_NEW_SESSION_TICKET,
- NULL, NULL, tls_parse_stoc_early_data_info,
- tls_construct_stoc_early_data_info, NULL, NULL
- },
#ifndef OPENSSL_NO_EC
{
TLSEXT_TYPE_ec_point_formats,
},
{
TLSEXT_TYPE_early_data,
- EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+ EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+ | EXT_TLS1_3_NEW_SESSION_TICKET,
NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data,
tls_construct_stoc_early_data, tls_construct_ctos_early_data,
final_early_data
return 1;
}
-int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context,
- X509 *x, size_t chainidx, int *al)
-{
- unsigned long max_early_data;
-
- if (!PACKET_get_net_4(pkt, &max_early_data)
- || PACKET_remaining(pkt) != 0) {
- SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO,
- SSL_R_INVALID_MAX_EARLY_DATA);
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
-
- s->session->ext.max_early_data = max_early_data;
-
- return 1;
-}
-
#ifndef OPENSSL_NO_EC
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
{
+ if (context == EXT_TLS1_3_NEW_SESSION_TICKET) {
+ unsigned long max_early_data;
+
+ if (!PACKET_get_net_4(pkt, &max_early_data)
+ || PACKET_remaining(pkt) != 0) {
+ SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA,
+ SSL_R_INVALID_MAX_EARLY_DATA);
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ s->session->ext.max_early_data = max_early_data;
+
+ return 1;
+ }
+
if (PACKET_remaining(pkt) != 0) {
*al = SSL_AD_DECODE_ERROR;
return 0;
return 1;
}
-int tls_construct_stoc_early_data_info(SSL *s, WPACKET *pkt,
- unsigned int context, X509 *x,
- size_t chainidx, int *al)
-{
- if (s->max_early_data == 0)
- return 1;
-
- if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data_info)
- || !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_put_bytes_u32(pkt, s->max_early_data)
- || !WPACKET_close(pkt)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- return 1;
-}
-
#ifndef OPENSSL_NO_EC
int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
{
+ if (context == EXT_TLS1_3_NEW_SESSION_TICKET) {
+ if (s->max_early_data == 0)
+ return 1;
+
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_put_bytes_u32(pkt, s->max_early_data)
+ || !WPACKET_close(pkt)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ return 1;
+ }
+
if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
return 1;
X509 *x, size_t chainidx, int *al);
int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al);
-int tls_construct_stoc_early_data_info(SSL *s, WPACKET *pkt,
- unsigned int context, X509 *x,
- size_t chainidx, int *al);
int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al);
#ifndef OPENSSL_NO_EC
X509 *x, size_t chainidx, int *al);
int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al);
-int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context,
- X509 *x, size_t chainidx, int *al);
int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al);
#ifndef OPENSSL_NO_EC
{TLSEXT_TYPE_padding, "padding"},
{TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
{TLSEXT_TYPE_extended_master_secret, "extended_master_secret"},
- {TLSEXT_TYPE_early_data_info, "ticket_early_data_info"},
{TLSEXT_TYPE_early_data, "early_data"}
};
return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1,
ssl_psk_kex_modes_tbl);
- case TLSEXT_TYPE_early_data_info:
+ case TLSEXT_TYPE_early_data:
+ if (mt != SSL3_MT_NEWSESSION_TICKET)
+ break;
if (extlen != 4)
return 0;
max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8)
projects / oweals / openssl.git / commitdiff