Added check for expected session ticket

2025-08-02 20:24:39 +02:00 · 2014-10-04 12:41:51 -07:00
parent b95b2a8463
commit 954740e2a8
3 changed files with 26 additions and 2 deletions
--- a/cyassl/error-ssl.h
+++ b/cyassl/error-ssl.h
@@ -127,7 +127,8 @@ enum CyaSSL_ErrorCodes {
    /* end negotiation parameter errors only 10 for now */
    /* add strings to SetErrorString !!!!! */
-    SESSION_TICKET_LEN_E    = -392         /* Session Ticket too large */
+    SESSION_TICKET_LEN_E    = -392,        /* Session Ticket too large */
    SESSION_TICKET_EXPECT_E = -393         /* Session Ticket missing   */
 };
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@@ -685,7 +685,6 @@ enum Misc {
    COMP_LEN     =  1,         /* compression length      */
    CURVE_LEN    =  2,         /* ecc named curve length  */
    SERVER_ID_LEN = 20,        /* server session id length  */
    SESSION_TICKET_LEN    = 256, /* Session ticket length */
    HANDSHAKE_HEADER_SZ   = 4,  /* type + length(3)        */
    RECORD_HEADER_SZ      = 5,  /* type + version + len(2) */
@@ -813,6 +812,10 @@ enum Misc {
    #define MAX_CHAIN_DEPTH 9
 #endif
 #ifndef SESSION_TICKET_LEN
    #define SESSION_TICKET_LEN 256
 #endif
 /* don't use extra 3/4k stack space unless need to */
 #ifdef HAVE_NTRU
--- a/src/internal.c
+++ b/src/internal.c
@@ -6323,6 +6323,14 @@ int ProcessReply(CYASSL* ssl)
                        }
                    #endif
 #ifdef HAVE_SESSION_TICKET
                    if (ssl->options.side == CYASSL_CLIENT_END &&
                                                  ssl->expect_session_ticket) {
                        CYASSL_MSG("Expected session ticket missing");
                        return SESSION_TICKET_EXPECT_E;
                    }
 #endif
                    if (ssl->keys.encryptionOn && ssl->options.handShakeDone) {
                        ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
                        ssl->curSize -= ssl->buffers.inputBuffer.idx;
@@ -7678,9 +7686,14 @@ const char* CyaSSL_ERR_reason_error_string(unsigned long e)
    case SECURE_RENEGOTIATION_E:
        return "Invalid Renegotiation Error";
 #ifdef HAVE_SESSION_TICKET
    case SESSION_TICKET_LEN_E:
        return "Session Ticket Too Long Error";
    case SESSION_TICKET_EXPECT_E:
        return "Session Ticket Error";
 #endif
    default :
        return "unknown error number";
    }
@@ -10445,6 +10458,11 @@ int DoSessionTicket(CYASSL* ssl,
    word32 lifetime;
    word16 length;
    if (ssl->expect_session_ticket == 0) {
        CYASSL_MSG("Unexpected session ticket");
        return SESSION_TICKET_EXPECT_E;
    }
    if ((*inOutIdx - begin) + OPAQUE32_LEN > size)
        return BUFFER_ERROR;
@@ -10488,6 +10506,8 @@ int DoSessionTicket(CYASSL* ssl,
        *inOutIdx += ssl->keys.padSz;
    }
    ssl->expect_session_ticket = 0;
    return BuildFinished(ssl, &ssl->verifyHashes, server);
 }
 #endif /* HAVE_SESSION_TICKET */