Move TLSv1.3 Session Ticket processing into the state machine

We still ignore it for now, but at least its in the right place.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

ssl/record/rec_layer_s3.c

@@ -1372,16 +1372,6 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
         }
     }
 
-    /*
-     * TODO(TLS1.3): Temporarily we will just ignore NewSessionTicket messages.
-     * Later we will want to process them.
-     */
-    if (!s->server && SSL_IS_TLS13(s) && s->rlayer.handshake_fragment_len >= 4
-            && s->rlayer.handshake_fragment[0] == SSL3_MT_NEWSESSION_TICKET) {
-        SSL3_RECORD_set_read(rr);
-        goto start;
-    }
-
     /*-
      * s->rlayer.handshake_fragment_len == 4  iff  rr->type == SSL3_RT_HANDSHAKE;
      * s->rlayer.alert_fragment_len == 2      iff  rr->type == SSL3_RT_ALERT.

ssl/statem/statem_clnt.c

@@ -181,6 +181,13 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt)
             return 1;
         }
         break;
+
+    case TLS_ST_OK:
+        if (mt == SSL3_MT_NEWSESSION_TICKET) {
+            st->hand_state = TLS_ST_CR_SESSION_TICKET;
+            return 1;
+        }
+        break;
     }
 
     /* No valid transition found */
@@ -406,10 +413,15 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
         st->hand_state = TLS_ST_CW_FINISHED;
         return WRITE_TRAN_CONTINUE;
 
+    case TLS_ST_CR_SESSION_TICKET:
     case TLS_ST_CW_FINISHED:
         st->hand_state = TLS_ST_OK;
         ossl_statem_set_in_init(s, 0);
         return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_OK:
+        /* Just go straight to trying to read from the server */
+        return WRITE_TRAN_FINISHED;
     }
 }
 
@@ -845,6 +857,8 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
         return tls_process_change_cipher_spec(s, pkt);
 
     case TLS_ST_CR_SESSION_TICKET:
+        if (SSL_IS_TLS13(s))
+            return tls13_process_new_session_ticket(s, pkt);
         return tls_process_new_session_ticket(s, pkt);
 
     case TLS_ST_CR_FINISHED:
@@ -2269,6 +2283,12 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
     return MSG_PROCESS_ERROR;
 }
 
+MSG_PROCESS_RETURN tls13_process_new_session_ticket(SSL *s, PACKET *pkt)
+{
+    /* TODO(TLS1.3): For now we just ignore these. This needs implementing */
+    return MSG_PROCESS_FINISHED_READING;
+}
+
 /*
  * In TLSv1.3 this is called from the extensions code, otherwise it is used to
  * parse a separate message. Returns 1 on success or 0 on failure. On failure

ssl/statem/statem_locl.h

@@ -115,6 +115,7 @@ __owur int tls_construct_client_hello(SSL *s, WPACKET *pkt);
 __owur MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt);
 __owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt);
 __owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls13_process_new_session_ticket(SSL *s, PACKET *pkt);
 __owur int tls_process_cert_status_body(SSL *s, PACKET *pkt, int *al);
 __owur MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt);
 __owur MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt);