Google Git
Sign in
boringssl / boringssl / 707af294a8af53160bd94c1dc788f8587092d997^! / . / ssl / t1_lib.c
commit707af294a8af53160bd94c1dc788f8587092d997[log] [tgz]
authorDavid Benjamin <davidben@google.com>Fri Mar 10 17:47:18 2017 -0500
committerAdam Langley <agl@google.com>Sat Mar 11 00:05:29 2017 +0000
treea8d294bd30eb7ef34d4a38887a2ac638a5499cd3
parent4c341d0299c9eef218a5e7219d0b12da0d88dd42 [diff] [blame]
Support asynchronous ticket decryption with TLS 1.3.

This shuffles a bit of the code around session resumption in TLS 1.3 to
make the async point cleaner to inject. It also fills in cipher and
tlsext_hostname more uniformly.

Filling in the cipher on resumption is a no-op as SSL_SESSION_dup
already copies it, but avoids confusion should we ever implement TLS
1.3's laxer cipher matching on the server. Not filling in
tlsext_hostname on resumption was an oversight; the relevant check isn't
whether we are resuming but whether we have a fresh SSL_SESSION to fill
things into.

Change-Id: Ic02eb079ff228ce4a4d3e0de7445e18cd367e8b2
Reviewed-on: https://boringssl-review.googlesource.com/14205
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e3d0a9e..759d87b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -1958,13 +1958,12 @@
 }
 
 int ssl_ext_pre_shared_key_parse_clienthello(
-    SSL_HANDSHAKE *hs, SSL_SESSION **out_session, CBS *out_binders,
+    SSL_HANDSHAKE *hs, CBS *out_ticket, CBS *out_binders,
     uint32_t *out_obfuscated_ticket_age, uint8_t *out_alert, CBS *contents) {
-  SSL *const ssl = hs->ssl;
   /* We only process the first PSK identity since we don't support pure PSK. */
-  CBS identities, ticket, binders;
+  CBS identities, binders;
   if (!CBS_get_u16_length_prefixed(contents, &identities) ||
-      !CBS_get_u16_length_prefixed(&identities, &ticket) ||
+      !CBS_get_u16_length_prefixed(&identities, out_ticket) ||
       !CBS_get_u32(&identities, out_obfuscated_ticket_age) ||
       !CBS_get_u16_length_prefixed(contents, &binders) ||
       CBS_len(&binders) == 0 ||
@@ -2011,26 +2010,6 @@
     return 0;
   }
 
-  /* TODO(svaldez): Check that the ticket_age is valid when attempting to use
-   * the PSK for 0-RTT. http://crbug.com/boringssl/113 */
-
-  /* TLS 1.3 session tickets are renewed separately as part of the
-   * NewSessionTicket. */
-  int unused_renew;
-  switch (ssl_process_ticket(ssl, out_session, &unused_renew, CBS_data(&ticket),
-                             CBS_len(&ticket), NULL, 0)) {
-    case ssl_ticket_aead_success:
-      break;
-    case ssl_ticket_aead_ignore_ticket:
-      assert(*out_session == NULL);
-      break;
-    case ssl_ticket_aead_retry:
-    /* TODO: async tickets for TLS 1.3. */
-    case ssl_ticket_aead_error:
-      *out_alert = SSL_AD_INTERNAL_ERROR;
-      return 0;
-  }
-
   return 1;
 }