commit 4c341d0299c9eef218a5e7219d0b12da0d88dd42
author Adam Langley <alangley@gmail.com> Wed Mar 08 19:33:21 2017 -0800
committer Adam Langley <agl@google.com> Sat Mar 11 00:04:18 2017 +0000
tree 84c1a84341016a33b6258c2e4b69e0d4d7734ba8
parent be49706c42e135b273a9eaaec5d3f22f7bd8c7c9

Support asynchronous ticket decryption with TLS 1.0–1.2.

This change adds support for setting an |SSL_TICKET_AEAD_METHOD| which
allows a caller to control ticket encryption and decryption to a greater
extent than previously possible and also permits asynchronous ticket
decryption.

This change only includes partial support: TLS 1.3 work remains to be
done.

Change-Id: Ia2e10ebb3257e1a119630c463b6bf389cf20ef18
Reviewed-on: https://boringssl-review.googlesource.com/14144
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

ssl/ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 95ea170..d16c952 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -910,6 +910,9 @@
 
     case SSL_PRIVATE_KEY_OPERATION:
       return SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
+
+    case SSL_PENDING_TICKET:
+      return SSL_ERROR_PENDING_TICKET;
   }
 
   return SSL_ERROR_SYSCALL;
@@ -2699,3 +2702,8 @@
 int SSL_set_max_version(SSL *ssl, uint16_t version) {
   return SSL_set_max_proto_version(ssl, version);
 }
+
+void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx,
+                                    const SSL_TICKET_AEAD_METHOD *aead_method) {
+  ctx->ticket_aead_method = aead_method;
+}