diff options
Diffstat (limited to 'lib/tls13/session_ticket.c')
| -rw-r--r-- | lib/tls13/session_ticket.c | 44 |
1 files changed, 40 insertions, 4 deletions
diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c index 184c0ac271..2f8a472b2f 100644 --- a/lib/tls13/session_ticket.c +++ b/lib/tls13/session_ticket.c @@ -27,6 +27,7 @@ #include "mbuffers.h" #include "ext/pre_shared_key.h" #include "ext/session_ticket.h" +#include "ext/early_data.h" #include "auth/cert.h" #include "tls13/session_ticket.h" #include "session_pack.h" @@ -227,12 +228,26 @@ generate_session_ticket(gnutls_session_t session, tls13_ticket_t *ticket) return 0; } +static int +append_early_data_extension(void *ctx, gnutls_buffer_st *buf) +{ + gnutls_session_t session = ctx; + int ret; + + ret = _gnutls_buffer_append_prefix(buf, 32, session->security_parameters.max_early_data_size); + if (ret < 0) + return gnutls_assert_val(ret); + + return 0; +} + int _gnutls13_send_session_ticket(gnutls_session_t session, unsigned nr, unsigned again) { int ret = 0; mbuffer_st *bufel = NULL; gnutls_buffer_st buf; tls13_ticket_t ticket; + unsigned init_pos; unsigned i; /* Client does not send a NewSessionTicket */ @@ -294,13 +309,27 @@ int _gnutls13_send_session_ticket(gnutls_session_t session, unsigned nr, unsigne goto cleanup; } - ret = _gnutls_buffer_append_prefix(&buf, 16, 0); + _gnutls_free_datum(&ticket.ticket); + + ret = _gnutls_extv_append_init(&buf); if (ret < 0) { gnutls_assert(); goto cleanup; } + init_pos = ret; - _gnutls_free_datum(&ticket.ticket); + ret = _gnutls_extv_append(&buf, ext_mod_early_data.tls_id, session, + (extv_append_func)append_early_data_extension); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_extv_append_final(&buf, init_pos); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } bufel = _gnutls_buffer_to_mbuffer(&buf); @@ -329,7 +358,14 @@ cleanup: static int parse_nst_extension(void *ctx, unsigned tls_id, const unsigned char *data, unsigned data_size) { - /* ignore all extensions */ + gnutls_session_t session = ctx; + if (tls_id == ext_mod_early_data.tls_id) { + uint32_t size; + if (data_size < 4) + return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR); + size = _gnutls_read_uint32(data); + session->security_parameters.max_early_data_size = size; + } return 0; } @@ -382,7 +418,7 @@ int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *bu return gnutls_assert_val(ret); /* Extensions */ - ret = _gnutls_extv_parse(NULL, parse_nst_extension, buf->data, buf->length); + ret = _gnutls_extv_parse(session, parse_nst_extension, buf->data, buf->length); if (ret < 0) return gnutls_assert_val(ret); |