Add handshake hints for TLS 1.2 session tickets. This runs through much the same code as the TLS 1.3 bits, though we use a different hint field to avoid mixups between the fields. (Otherwise the receiver may misinterpret a decryptPSK hint as the result of decrypting the session_ticket extension, or vice versa. This could happen if a ClientHello contains both a PSK and a session ticket.) Bug: 504 Change-Id: I968bafe12120938e6e46e52536efd552b12c66a0 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53805 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com>

commit: adaa322b63d1bfbd1abcf4a308926a9a83a6acbe [log] [tgz]
author: David Benjamin <davidben@google.com> Tue Aug 02 17:10:53 2022 -0700
committer: Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Wed Aug 03 20:51:37 2022 +0000
tree: 16dd70fcaf52b8299a32e209b749d6e0c94dee05
parent: 7f857eace90b67f45c889b9aadadb5789ad9d33c [diff] [blame]
diff --git a/ssl/internal.h b/ssl/internal.h
index 0a15ace..153c9ca 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1719,6 +1719,10 @@
   uint16_t ecdhe_group_id = 0;
   Array<uint8_t> ecdhe_public_key;
   Array<uint8_t> ecdhe_private_key;
+
+  Array<uint8_t> decrypted_ticket;
+  bool renew_ticket = false;
+  bool ignore_ticket = false;
 };
 
 struct SSL_HANDSHAKE {
commit	adaa322b63d1bfbd1abcf4a308926a9a83a6acbe	[log] [tgz]
author	David Benjamin <davidben@google.com>	Tue Aug 02 17:10:53 2022 -0700
committer	Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>	Wed Aug 03 20:51:37 2022 +0000
tree	16dd70fcaf52b8299a32e209b749d6e0c94dee05
parent	7f857eace90b67f45c889b9aadadb5789ad9d33c [diff] [blame]