Move tlsext_ticket_expected to SSL_HANDSHAKE.
It's all of one bit, but having it on the SSL object means we need
manually to reset it on renego.
Change-Id: I989dacd430fe0fa63d76451b95f036a942aefcfe
Reviewed-on: https://boringssl-review.googlesource.com/12229
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index cc63d6f..1d56e75 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -4200,9 +4200,6 @@
* we'll advertise support. */
unsigned tlsext_channel_id_enabled:1;
- /* RFC4507 session ticket expected to be received or sent */
- unsigned tlsext_ticket_expected:1;
-
/* TODO(agl): remove once node.js not longer references this. */
int tlsext_status_type;
};
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 3583be4..27cd7ba 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -448,7 +448,7 @@
goto end;
case SSL3_ST_CR_SESSION_TICKET_A:
- if (ssl->tlsext_ticket_expected) {
+ if (ssl->s3->hs->ticket_expected) {
ret = ssl3_get_new_session_ticket(ssl);
if (ret <= 0) {
goto end;
@@ -536,9 +536,6 @@
/* Remove write buffering now. */
ssl_free_wbio_buffer(ssl);
- ssl_handshake_free(ssl->s3->hs);
- ssl->s3->hs = NULL;
-
const int is_initial_handshake = !ssl->s3->initial_handshake_complete;
ssl->s3->initial_handshake_complete = 1;
if (is_initial_handshake) {
@@ -546,6 +543,9 @@
ssl_update_cache(ssl, SSL_SESS_CACHE_CLIENT);
}
+ ssl_handshake_free(ssl->s3->hs);
+ ssl->s3->hs = NULL;
+
ret = 1;
ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_DONE, 1);
goto end;
@@ -1881,10 +1881,9 @@
if (CBS_len(&ticket) == 0) {
/* RFC 5077 allows a server to change its mind and send no ticket after
- * negotiating the extension. The value of |tlsext_ticket_expected| is
- * checked in |ssl_update_cache| so is cleared here to avoid an unnecessary
- * update. */
- ssl->tlsext_ticket_expected = 0;
+ * negotiating the extension. The value of |ticket_expected| is checked in
+ * |ssl_update_cache| so is cleared here to avoid an unnecessary update. */
+ ssl->s3->hs->ticket_expected = 0;
return 1;
}
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index e9da90e..710af02 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -415,7 +415,7 @@
case SSL3_ST_SW_SESSION_TICKET_A:
case SSL3_ST_SW_SESSION_TICKET_B:
- if (ssl->tlsext_ticket_expected) {
+ if (ssl->s3->hs->ticket_expected) {
ret = ssl3_send_new_session_ticket(ssl);
if (ret <= 0) {
goto end;
@@ -501,15 +501,13 @@
/* remove buffering on output */
ssl_free_wbio_buffer(ssl);
+ ssl->s3->initial_handshake_complete = 1;
+ ssl_update_cache(ssl, SSL_SESS_CACHE_SERVER);
+
ssl_handshake_free(ssl->s3->hs);
ssl->s3->hs = NULL;
- ssl->s3->initial_handshake_complete = 1;
-
- ssl_update_cache(ssl, SSL_SESS_CACHE_SERVER);
-
ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_DONE, 1);
-
ret = 1;
goto end;
@@ -743,7 +741,7 @@
ssl->rwstate = SSL_PENDING_SESSION;
goto err;
}
- ssl->tlsext_ticket_expected = send_new_ticket;
+ ssl->s3->hs->ticket_expected = send_new_ticket;
/* The EMS state is needed when making the resumption decision, but
* extensions are not normally parsed until later. This detects the EMS
diff --git a/ssl/internal.h b/ssl/internal.h
index 64cc597..030542d 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -991,6 +991,10 @@
/* next_proto_neg_seen is one of NPN was negotiated. */
unsigned next_proto_neg_seen:1;
+ /* ticket_expected is one if a TLS 1.2 NewSessionTicket message is to be sent
+ * or received. */
+ unsigned ticket_expected:1;
+
/* peer_psk_identity_hint, on the client, is the psk_identity_hint sent by the
* server when using a TLS 1.2 PSK key exchange. */
char *peer_psk_identity_hint;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d8270f3..ca3022c 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2081,7 +2081,7 @@
* decides to renew the ticket. Once the handshake is completed, it should be
* inserted into the cache. */
if (ssl->s3->established_session != ssl->session ||
- (!ssl->server && ssl->tlsext_ticket_expected)) {
+ (!ssl->server && ssl->s3->hs->ticket_expected)) {
if (use_internal_cache) {
SSL_CTX_add_session(ctx, ssl->s3->established_session);
}
diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c
index 585d051..9f61a5d 100644
--- a/ssl/ssl_session.c
+++ b/ssl/ssl_session.c
@@ -473,7 +473,7 @@
session->ssl_version = ssl->version;
if (is_server) {
- if (ssl->tlsext_ticket_expected) {
+ if (ssl->s3->hs->ticket_expected) {
/* Don't set session IDs for sessions resumed with tickets. This will keep
* them out of the session cache. */
session->session_id_length = 0;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index fbc723b..39a6b33 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1030,8 +1030,6 @@
static int ext_ticket_parse_serverhello(SSL *ssl, uint8_t *out_alert,
CBS *contents) {
- ssl->tlsext_ticket_expected = 0;
-
if (contents == NULL) {
return 1;
}
@@ -1049,17 +1047,16 @@
return 0;
}
- ssl->tlsext_ticket_expected = 1;
+ ssl->s3->hs->ticket_expected = 1;
return 1;
}
static int ext_ticket_add_serverhello(SSL *ssl, CBB *out) {
- if (!ssl->tlsext_ticket_expected) {
+ if (!ssl->s3->hs->ticket_expected) {
return 1;
}
- /* If |SSL_OP_NO_TICKET| is set, |tlsext_ticket_expected| should never be
- * true. */
+ /* If |SSL_OP_NO_TICKET| is set, |ticket_expected| should never be true. */
assert((SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0);
if (!CBB_add_u16(out, TLSEXT_TYPE_session_ticket) ||
