summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/ssl_locl.h3
-rw-r--r--src/lib/libssl/t1_lib.c23
2 files changed, 7 insertions, 19 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 18ff5b0c30..2f8ba1fc09 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.286 2020/08/31 14:34:01 tb Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.287 2020/09/01 05:32:11 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1402,7 +1402,6 @@ int ssl_check_serverhello_tlsext(SSL *s);
1402#define TLS1_TICKET_EMPTY 1 1402#define TLS1_TICKET_EMPTY 1
1403#define TLS1_TICKET_NOT_DECRYPTED 2 1403#define TLS1_TICKET_NOT_DECRYPTED 2
1404#define TLS1_TICKET_DECRYPTED 3 1404#define TLS1_TICKET_DECRYPTED 3
1405#define TLS1_TICKET_DECRYPTED_RENEW 4
1406 1405
1407int tls1_process_ticket(SSL *s, CBS *session_id, CBS *ext_block, 1406int tls1_process_ticket(SSL *s, CBS *session_id, CBS *ext_block,
1408 int *alert, SSL_SESSION **ret); 1407 int *alert, SSL_SESSION **ret);
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b0fc630236..64e64bf902 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.171 2020/08/31 14:34:01 tb Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.172 2020/09/01 05:32:11 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -844,18 +844,7 @@ tls1_process_ticket(SSL *s, CBS *session_id, CBS *ext_block, int *alert,
844 return TLS1_TICKET_NOT_DECRYPTED; 844 return TLS1_TICKET_NOT_DECRYPTED;
845 } 845 }
846 846
847 switch (tls_decrypt_ticket(s, session_id, &ext_data, alert, ret)) { 847 return tls_decrypt_ticket(s, session_id, &ext_data, alert, ret);
848 case TLS1_TICKET_NOT_DECRYPTED:
849 s->internal->tlsext_ticket_expected = 1;
850 return TLS1_TICKET_NOT_DECRYPTED;
851 case TLS1_TICKET_DECRYPTED:
852 return TLS1_TICKET_DECRYPTED;
853 case TLS1_TICKET_DECRYPTED_RENEW:
854 s->internal->tlsext_ticket_expected = 1;
855 return TLS1_TICKET_DECRYPTED;
856 default:
857 return TLS1_TICKET_FATAL_ERROR;
858 }
859} 848}
860 849
861/* tls_decrypt_ticket attempts to decrypt a session ticket. 850/* tls_decrypt_ticket attempts to decrypt a session ticket.
@@ -869,7 +858,6 @@ tls1_process_ticket(SSL *s, CBS *session_id, CBS *ext_block, int *alert,
869 * TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket. 858 * TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket.
870 * TLS1_TICKET_NOT_DECRYPTED: the ticket couldn't be decrypted. 859 * TLS1_TICKET_NOT_DECRYPTED: the ticket couldn't be decrypted.
871 * TLS1_TICKET_DECRYPTED: a ticket was decrypted and *psess was set. 860 * TLS1_TICKET_DECRYPTED: a ticket was decrypted and *psess was set.
872 * TLS1_TICKET_DECRYPTED_RENEW: same as 3, but the ticket needs to be renewed.
873 */ 861 */
874static int 862static int
875tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, int *alert, 863tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, int *alert,
@@ -1017,13 +1005,14 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, int *alert,
1017 sess = NULL; 1005 sess = NULL;
1018 1006
1019 if (renew_ticket) 1007 if (renew_ticket)
1020 ret = TLS1_TICKET_DECRYPTED_RENEW; 1008 s->internal->tlsext_ticket_expected = 1;
1021 else 1009
1022 ret = TLS1_TICKET_DECRYPTED; 1010 ret = TLS1_TICKET_DECRYPTED;
1023 1011
1024 goto done; 1012 goto done;
1025 1013
1026 derr: 1014 derr:
1015 s->internal->tlsext_ticket_expected = 1;
1027 ret = TLS1_TICKET_NOT_DECRYPTED; 1016 ret = TLS1_TICKET_NOT_DECRYPTED;
1028 goto done; 1017 goto done;
1029 1018
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 23:27:09 +0000