194
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
197
long extlen, idlen, itmp;
201
for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
203
id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
204
itmp = i2d_OCSP_RESPID(id, NULL);
210
if (s->tlsext_ocsp_exts)
212
extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
219
if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL;
220
s2n(TLSEXT_TYPE_status_request, ret);
221
if (extlen + idlen > 0xFFF0)
223
s2n(extlen + idlen + 5, ret);
224
*(ret++) = TLSEXT_STATUSTYPE_ocsp;
226
for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
228
/* save position of id len */
229
unsigned char *q = ret;
230
id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
231
/* skip over id len */
233
itmp = i2d_OCSP_RESPID(id, &ret);
239
i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
193
242
if ((extdatalen = ret-p-2)== 0)
410
else if (type == TLSEXT_TYPE_status_request
411
&& s->ctx->tlsext_status_cb)
416
*al = SSL_AD_DECODE_ERROR;
420
s->tlsext_status_type = *data++;
422
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
424
const unsigned char *sdata;
426
/* Read in responder_id_list */
431
*al = SSL_AD_DECODE_ERROR;
440
*al = SSL_AD_DECODE_ERROR;
447
*al = SSL_AD_DECODE_ERROR;
452
id = d2i_OCSP_RESPID(NULL,
456
*al = SSL_AD_DECODE_ERROR;
461
OCSP_RESPID_free(id);
462
*al = SSL_AD_DECODE_ERROR;
465
if (!s->tlsext_ocsp_ids
466
&& !(s->tlsext_ocsp_ids =
467
sk_OCSP_RESPID_new_null()))
469
OCSP_RESPID_free(id);
470
*al = SSL_AD_INTERNAL_ERROR;
473
if (!sk_OCSP_RESPID_push(
474
s->tlsext_ocsp_ids, id))
476
OCSP_RESPID_free(id);
477
*al = SSL_AD_INTERNAL_ERROR;
482
/* Read in request_extensions */
487
*al = SSL_AD_DECODE_ERROR;
493
s->tlsext_ocsp_exts =
494
d2i_X509_EXTENSIONS(NULL,
496
if (!s->tlsext_ocsp_exts
497
|| (data + dsize != sdata))
499
*al = SSL_AD_DECODE_ERROR;
504
/* We don't know what to do with any other type
508
s->tlsext_status_type = -1;
352
510
/* session ticket processed earlier */
404
562
s->tlsext_ticket_expected = 1;
564
else if (type == TLSEXT_TYPE_status_request)
566
/* MUST be empty and only sent if we've requested
567
* a status request message.
569
if ((s->tlsext_status_type == -1) || (size > 0))
571
*al = TLS1_AD_UNSUPPORTED_EXTENSION;
574
/* Set flag to expect CertificateStatus message */
575
s->tlsext_status_expected = 1;
448
619
else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
449
620
ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
622
/* If status request then ask callback what to do.
623
* Note: this must be called after servername callbacks in case
624
* the certificate has changed.
626
if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb)
629
r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
632
/* We don't want to send a status request response */
633
case SSL_TLSEXT_ERR_NOACK:
634
s->tlsext_status_expected = 0;
636
/* status request response should be sent */
637
case SSL_TLSEXT_ERR_OK:
638
if (s->tlsext_ocsp_resp)
639
s->tlsext_status_expected = 1;
641
s->tlsext_status_expected = 0;
643
/* something bad happened */
644
case SSL_TLSEXT_ERR_ALERT_FATAL:
645
ret = SSL_TLSEXT_ERR_ALERT_FATAL;
646
al = SSL_AD_INTERNAL_ERROR;
651
s->tlsext_status_expected = 0;
453
655
case SSL_TLSEXT_ERR_ALERT_FATAL:
475
677
else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
476
678
ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
680
/* If we've requested certificate status and we wont get one
683
if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
684
&& s->ctx->tlsext_status_cb)
687
/* Set resp to NULL, resplen to -1 so callback knows
688
* there is no response.
690
if (s->tlsext_ocsp_resp)
692
OPENSSL_free(s->tlsext_ocsp_resp);
693
s->tlsext_ocsp_resp = NULL;
695
s->tlsext_ocsp_resplen = -1;
696
r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
699
al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
700
ret = SSL_TLSEXT_ERR_ALERT_FATAL;
704
al = SSL_AD_INTERNAL_ERROR;
705
ret = SSL_TLSEXT_ERR_ALERT_FATAL;
480
711
case SSL_TLSEXT_ERR_ALERT_FATAL:
503
734
/* Point after session ID in client hello */
504
735
const unsigned char *p = session_id + len;
505
736
unsigned short i;
738
/* If tickets disabled behave as if no ticket present
739
* to permit stateful resumption.
741
if (SSL_get_options(s) & SSL_OP_NO_TICKET)
506
744
if ((s->version <= SSL3_VERSION) || !limit)
531
769
if (type == TLSEXT_TYPE_session_ticket)
533
/* If tickets disabled indicate cache miss which will
534
* trigger a full handshake
536
if (SSL_get_options(s) & SSL_OP_NO_TICKET)
538
/* If zero length not client will accept a ticket
771
/* If zero length note client will accept a ticket
539
772
* and indicate cache miss to trigger full handshake
558
791
SSL_SESSION *sess;
559
792
unsigned char *sdec;
560
793
const unsigned char *p;
794
int slen, mlen, renew_ticket = 0;
562
795
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
564
797
EVP_CIPHER_CTX ctx;
798
/* Need at least keyname + iv + some encrypted data */
801
/* Initialize session ticket encryption and HMAC contexts */
802
HMAC_CTX_init(&hctx);
803
EVP_CIPHER_CTX_init(&ctx);
804
if (s->ctx->tlsext_ticket_key_cb)
806
unsigned char *nctick = (unsigned char *)etick;
807
int rv = s->ctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
818
/* Check key name matches */
819
if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16))
821
HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
822
tlsext_tick_md(), NULL);
823
EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
824
s->ctx->tlsext_tick_aes_key, etick + 16);
565
826
/* Attempt to process session ticket, first conduct sanity and
566
827
* integrity checks on ticket.
568
mlen = EVP_MD_size(tlsext_tick_md());
829
mlen = HMAC_size(&hctx);
569
830
eticklen -= mlen;
570
/* Need at least keyname + iv + some encrypted data */
573
/* Check key name matches */
574
if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16))
576
831
/* Check HMAC of encrypted ticket */
577
HMAC_CTX_init(&hctx);
578
HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
579
tlsext_tick_md(), NULL);
580
832
HMAC_Update(&hctx, etick, eticklen);
581
833
HMAC_Final(&hctx, tick_hmac, NULL);
582
834
HMAC_CTX_cleanup(&hctx);
583
835
if (memcmp(tick_hmac, etick + eticklen, mlen))
585
/* Set p to start of IV */
587
EVP_CIPHER_CTX_init(&ctx);
588
837
/* Attempt to decrypt session data */
589
EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
590
s->ctx->tlsext_tick_aes_key, p);
591
838
/* Move p after IV to start of encrypted ticket, update length */
839
p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
840
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
594
841
sdec = OPENSSL_malloc(eticklen);