commit d1681e614f8c3b4105efc42fb1fd35bd3ec09547
author David Benjamin <davidben@chromium.org> Thu Nov 20 14:54:14 2014 -0500
committer Adam Langley <agl@google.com> Fri Nov 21 21:51:10 2014 +0000
tree 4dac317d54035223fb85ba31bc6be3c34d12dcfc
parent fe8eb9a6031aedf6426e2dda2ffcdb274fa5c9c1

Remove SSL_set_session_secret_cb (EAP-FAST)

This is only used for EAP-FAST which we apparently don't need to support.
Remove it outright. We broke it in 9eaeef81fa2d4fd6246dc02b6203fa936a5eaf67 by
failing to account for session misses.

If this changes and we need it later, we can resurrect it. Preferably
implemented differently: the current implementation is bolted badly onto the
handshake. Ideally use the supplied callbacks to fabricate an appropriate
SSL_SESSION and resume that with as much of the normal session ticket flow as
possible.

The one difference is that EAP-FAST seems to require the probing mechanism for
session tickets rather than the sane session ID echoing version.  We can
reimplement that by asking the record layer to probe ahead for one byte.

Change-Id: I38304953cc36b2020611556a91e8ac091691edac
Reviewed-on: https://boringssl-review.googlesource.com/2360
Reviewed-by: Adam Langley <agl@google.com>

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 6ba8585..fa506bd 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -980,25 +980,10 @@
 
 	if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
 		{
-		int ticklen;
+		int ticklen = 0;
 		if (!s->new_session && s->session && s->session->tlsext_tick)
 			ticklen = s->session->tlsext_ticklen;
-		else if (s->session && s->tlsext_session_ticket &&
-			 s->tlsext_session_ticket->data)
-			{
-			s->session->tlsext_tick = BUF_memdup(
-			       s->tlsext_session_ticket->data,
-			       s->tlsext_session_ticket->length);
-			if (!s->session->tlsext_tick)
-				return NULL;
-			ticklen = s->tlsext_session_ticket->length;
-			s->session->tlsext_ticklen = ticklen;
-			}
-		else
-			ticklen = 0;
-		if (ticklen == 0 && s->tlsext_session_ticket &&
-		    s->tlsext_session_ticket->data == NULL)
-			goto skip_ext;
+
 		/* Check for enough room 2 for extension type, 2 for len
  		 * rest for ticket
   		 */
@@ -1011,7 +996,6 @@
 			ret += ticklen;
 			}
 		}
-		skip_ext:
 
 	if (SSL_USE_SIGALGS(s))
 		{
@@ -1659,15 +1643,6 @@
 				}
 			s->s3->tmp.peer_ellipticcurvelist_length = num_curves;
 			}
-		else if (type == TLSEXT_TYPE_session_ticket)
-			{
-			if (s->tls_session_ticket_ext_cb &&
-				!s->tls_session_ticket_ext_cb(s, CBS_data(&extension), CBS_len(&extension), s->tls_session_ticket_ext_cb_arg))
-				{
-				*out_alert = SSL_AD_INTERNAL_ERROR;
-				return 0;
-				}
-			}
 		else if (type == TLSEXT_TYPE_renegotiate)
 			{
 			if (!ssl_parse_clienthello_renegotiate_ext(s, &extension, out_alert))
@@ -1948,14 +1923,6 @@
 			}
 		else if (type == TLSEXT_TYPE_session_ticket)
 			{
-			if (s->tls_session_ticket_ext_cb &&
-				!s->tls_session_ticket_ext_cb(s, CBS_data(&extension), CBS_len(&extension),
-                                        s->tls_session_ticket_ext_cb_arg))
-				{
-				*out_alert = SSL_AD_INTERNAL_ERROR;
-				return 0;
-				}
-
 			if ((SSL_get_options(s) & SSL_OP_NO_TICKET) || CBS_len(&extension) > 0)
 				{
 				*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
@@ -2272,26 +2239,21 @@
  *   ret: (output) on return, if a ticket was decrypted, then this is set to
  *       point to the resulting session.
  *
- * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
- * ciphersuite, in which case we have no use for session tickets and one will
- * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
- *
  * Returns:
  *   -1: fatal error, either from parsing or decrypting the ticket.
  *    0: no ticket was found (or was ignored, based on settings).
  *    1: a zero length extension was found, indicating that the client supports
  *       session tickets but doesn't currently have one to offer.
- *    2: either s->tls_session_secret_cb was set, or a ticket was offered but
- *       couldn't be decrypted because of a non-fatal error.
+ *    2: a ticket was offered but couldn't be decrypted because of a non-fatal
+ *       error.
  *    3: a ticket was successfully decrypted and *ret was set.
  *
  * Side effects:
  *   Sets s->tlsext_ticket_expected to 1 if the server will have to issue
  *   a new session ticket to the client because the client indicated support
- *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
- *   a session ticket or we couldn't use the one it gave us, or if
- *   s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
- *   Otherwise, s->tlsext_ticket_expected is set to 0.
+ *   but the client either doesn't have a session ticket or we couldn't use
+ *   the one it gave us, or if s->ctx->tlsext_ticket_key_cb asked to renew
+ *   the client's ticket.  Otherwise, s->tlsext_ticket_expected is set to 0.
  */
 int tls1_process_ticket(SSL *s, const struct ssl_early_callback_ctx *ctx,
 			SSL_SESSION **ret)
@@ -2321,15 +2283,6 @@
 		s->tlsext_ticket_expected = 1;
 		return 1;
 		}
-	if (s->tls_session_secret_cb)
-		{
-		/* Indicate that the ticket couldn't be
-		 * decrypted rather than generating the session
-		 * from ticket now, trigger abbreviated
-		 * handshake based on external mechanism to
-		 * calculate the master secret later. */
-		return 2;
-		}
 	r = tls_decrypt_ticket(s, data, len, ctx->session_id,
 			       ctx->session_id_len, ret);
 	switch (r)