copy session id directly in ssl_get_prev_session

ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session(). Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so. ok inoguchi jsing
author: tb <> 2020-09-01 12:40:53 +0000
committer: tb <> 2020-09-01 12:40:53 +0000
commit: 1e6510105e17f4686509b6cef5e4a607664dd5c0 (patch)
tree: 6fdd9e8bc65d3d8f4c0c2ef68a3210541959652c /src/lib/libssl/ssl_sess.c
parent: 74672b5d1316338ff3c0a52e10612b0ba2619c15 (diff)
download: openbsd-1e6510105e17f4686509b6cef5e4a607664dd5c0.tar.gz
openbsd-1e6510105e17f4686509b6cef5e4a607664dd5c0.tar.bz2
openbsd-1e6510105e17f4686509b6cef5e4a607664dd5c0.zip
1 files changed, 16 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index b953580d65..460c5d85f1 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.91 2020/09/01 06:05:09 tb Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.92 2020/09/01 12:40:53 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -420,7 +420,6 @@ ssl_get_new_session(SSL *s, int session)
 *   session_id: points at the session ID in the ClientHello. This code will
 *       read past the end of this in order to parse out the session ticket
 *       extension, if any.
- *   session_id_len: the length of the session ID.
 *   ext_block: a CBS for the ClientHello extensions block.
 *
 * Returns:
@@ -438,6 +437,7 @@ int
 ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert)
 {
        SSL_SESSION *sess = NULL;
+        size_t session_id_len;
        int alert_desc = SSL_AD_INTERNAL_ERROR, fatal = 0;
        int try_session_cache = 1;
@@ -450,7 +450,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert)
                try_session_cache = 0;
        /* Sets s->internal->tlsext_ticket_expected. */
-        switch (tls1_process_ticket(s, session_id, ext_block, &alert_desc, &sess)) {
+        switch (tls1_process_ticket(s, ext_block, &alert_desc, &sess)) {
        case TLS1_TICKET_FATAL_ERROR:
                fatal = 1;
                goto err;
@@ -458,8 +458,21 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert)
        case TLS1_TICKET_EMPTY:
                break; /* Ok to carry on processing session id. */
        case TLS1_TICKET_NOT_DECRYPTED:
+                try_session_cache = 0;
+                goto err;
        case TLS1_TICKET_DECRYPTED:
                try_session_cache = 0;
+                /*
+                 * The session ID is used by some clients to detect that the
+                 * ticket has been accepted so we copy it into sess.
+                 */
+                if (!CBS_write_bytes(session_id, sess->session_id,
+                    sizeof(sess->session_id), &session_id_len)) {
+                        fatal = 1;
+                        goto err;
+                }
+                sess->session_id_length = (unsigned int)session_id_len;
                break;
        default:
                SSLerror(s, ERR_R_INTERNAL_ERROR);
author	tb <>	2020-09-01 12:40:53 +0000
committer	tb <>	2020-09-01 12:40:53 +0000
commit	1e6510105e17f4686509b6cef5e4a607664dd5c0 (patch)
tree	6fdd9e8bc65d3d8f4c0c2ef68a3210541959652c /src/lib/libssl/ssl_sess.c
parent	74672b5d1316338ff3c0a52e10612b0ba2619c15 (diff)
download	openbsd-1e6510105e17f4686509b6cef5e4a607664dd5c0.tar.gz openbsd-1e6510105e17f4686509b6cef5e4a607664dd5c0.tar.bz2 openbsd-1e6510105e17f4686509b6cef5e4a607664dd5c0.zip