[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

Mon Sep 28 14:17:25 UTC 2015

The branch OpenSSL_1_0_1-stable has been updated
       via  64ec479559d359cb18cc9dc94b6503a624831eee (commit)
      from  7794c355eadd49d2fc1670b1dc8ac19f1e93c26f (commit)


- Log -----------------------------------------------------------------
commit 64ec479559d359cb18cc9dc94b6503a624831eee
Author: Emilia Kasper <emilia at openssl.org>
Date:   Wed Sep 23 19:29:18 2015 +0200

    RT2772: accept empty SessionTicket
    
    RFC 5077 section 3.3 says: If the server determines that it does not
    want to include a ticket after it has included the SessionTicket
    extension in the ServerHello, then it sends a zero-length ticket in the
    NewSessionTicket handshake message.
    
    Previously the client would fail upon attempting to allocate a
    zero-length buffer. Now, we have the client ignore the empty ticket and
    keep the existing session.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit 21b538d616b388fa0ce64ef54da3504253895cf8)

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_clnt.c | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index c89564b..47b3189 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2134,6 +2134,7 @@ int ssl3_get_new_session_ticket(SSL *s)
     long n;
     const unsigned char *p;
     unsigned char *d;
+    unsigned long ticket_lifetime_hint;
 
     n = s->method->ssl_get_message(s,
                                    SSL3_ST_CR_SESSION_TICKET_A,
@@ -2152,6 +2153,19 @@ int ssl3_get_new_session_ticket(SSL *s)
 
     p = d = (unsigned char *)s->init_msg;
 
+    n2l(p, ticket_lifetime_hint);
+    n2s(p, ticklen);
+    /* ticket_lifetime_hint + ticket_length + ticket */
+    if (ticklen + 6 != n) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+
+    /* Server is allowed to change its mind and send an empty ticket. */
+    if (ticklen == 0)
+        return 1;
+
     if (s->session->session_id_length > 0) {
         int i = s->session_ctx->session_cache_mode;
         SSL_SESSION *new_sess;
@@ -2183,14 +2197,6 @@ int ssl3_get_new_session_ticket(SSL *s)
         s->session = new_sess;
     }
 
-    n2l(p, s->session->tlsext_tick_lifetime_hint);
-    n2s(p, ticklen);
-    /* ticket_lifetime_hint + ticket_length + ticket */
-    if (ticklen + 6 != n) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
     if (s->session->tlsext_tick) {
         OPENSSL_free(s->session->tlsext_tick);
         s->session->tlsext_ticklen = 0;
@@ -2201,6 +2207,7 @@ int ssl3_get_new_session_ticket(SSL *s)
         goto err;
     }
     memcpy(s->session->tlsext_tick, p, ticklen);
+    s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint;
     s->session->tlsext_ticklen = ticklen;
     /*
      * There are two ways to detect a resumed ticket session. One is to set
