Set s->hit when using tls_session_secret_cb.
tls_session_secret_cb is used for EAP-FAST which computes the master secret
externally and enters the abbreviated handshake. It appears to only have been
working because ssl3_check_finished would drive it into the appropriate state
afterwards. That, in turn, only has been working because EAP-FAST misuses the
session ticket extension for some other field, so ssl3_check_finished isn't a
no-op.
Instead, set s->hit so it follows the abbreviated state machine directly.
If we ever build wpa_supplicant with BoringSSL, this will require some testing.
(And, if not, this API should be removed.)
Change-Id: Ie2992a9bba049f7120522b996f739906e38a070e
Reviewed-on: https://boringssl-review.googlesource.com/1294
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index f4da38f..45d51d4 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -939,6 +939,8 @@
/* Copy over the server random. */
memcpy(s->s3->server_random, CBS_data(&server_random), SSL3_RANDOM_SIZE);
+ s->hit = 0;
+
/* check if we want to resume the session based on external pre-shared secret */
if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
{
@@ -955,10 +957,11 @@
pref_cipher :
ssl_get_cipher_by_char(s, CBS_data(&server_hello));
s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ s->hit = 1;
}
}
- if (CBS_len(&session_id) != 0 &&
+ if (!s->hit && CBS_len(&session_id) != 0 &&
CBS_mem_equal(&session_id,
s->session->session_id, s->session->session_id_length))
{
@@ -973,11 +976,12 @@
s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->hit = 1;
}
- else /* a miss or crap from the other end */
+
+ /* a miss or crap from the other end */
+ if (!s->hit)
{
/* If we were trying for session-id reuse, make a new
* SSL_SESSION so we don't stuff up other people */
- s->hit=0;
if (s->session->session_id_length > 0)
{
if (!ssl_get_new_session(s,0))
