Google Git
Sign in
boringssl / boringssl / 5274cea40447aad76a7bb8c7c8693e9c4ee39aef^! / .
commit5274cea40447aad76a7bb8c7c8693e9c4ee39aef[log] [tgz]
authorSteven Valdez <svaldez@google.com>Wed May 08 11:34:57 2019 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Thu May 23 16:11:44 2019 +0000
treefa466ed047a61a26d1fd48098a348724300073ed
parent35a5a9e7beddb9cec70d7bc1b70a6ac441093f87 [diff]
Always store early data tickets.

This stores early data tickets regardless of whether early data is enabled in
the initial handshake, and provides an API to query whether early data would be
performed to allow for comparison between early data enabled and disabled
resumptions.

Change-Id: Id3ef62e36b5be48f6a39fcd7c67d332b7d495141
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35964
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 63350ea..e732e3a 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -3291,6 +3291,10 @@
 // and |SSL_write| to send half-RTT data.
 OPENSSL_EXPORT int SSL_in_early_data(const SSL *ssl);
 
+// SSL_SESSION_early_data_capable returns whether early data would have been
+// attempted with |session| if enabled.
+OPENSSL_EXPORT int SSL_SESSION_early_data_capable(const SSL_SESSION *session);
+
 // SSL_early_data_accepted returns whether early data was accepted on the
 // handshake performed by |ssl|.
 OPENSSL_EXPORT int SSL_early_data_accepted(const SSL *ssl);

diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc
index 927dd1b..bb04b1a 100644
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc

@@ -1044,6 +1044,11 @@
   }
 }
 
+int SSL_SESSION_early_data_capable(const SSL_SESSION *session) {
+  return ssl_session_protocol_version(session) >= TLS1_3_VERSION &&
+         session->ticket_max_early_data != 0;
+}
+
 SSL_SESSION *SSL_magic_pending_session_ptr(void) {
   return (SSL_SESSION *)&g_pending_session_magic;
 }

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index fee7c16..b792e2d 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -11433,7 +11433,7 @@
 		},
 	})
 
-	// Test that 0-RTT tickets are ignored in clients unless opted in.
+	// Test that 0-RTT tickets are still recorded as such when early data is disabled overall.
 	testCases = append(testCases, testCase{
 		testType: clientTest,
 		name:     "TLS13-SendTicketEarlyDataSupport-Disabled",
@@ -11441,6 +11441,9 @@
 			MaxVersion:       VersionTLS13,
 			MaxEarlyDataSize: 16384,
 		},
+		flags: []string{
+			"-expect-ticket-supports-early-data",
+		},
 	})
 
 	testCases = append(testCases, testCase{

diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index 80918ad..f411e19 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc

@@ -901,7 +901,7 @@
     return false;
   }
 
-  if (have_early_data_info && ssl->enable_early_data) {
+  if (have_early_data_info) {
     if (!CBS_get_u32(&early_data_info, &session->ticket_max_early_data) ||
         CBS_len(&early_data_info) != 0) {
       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);