diff --git a/handshake_client.go b/handshake_client.go index 502bd88..7b6d598 100644 --- a/handshake_client.go +++ b/handshake_client.go @@ -909,10 +909,7 @@ func (hs *clientHandshakeState) saveSessionTicket() error { return nil } - session, err := c.sessionState() - if err != nil { - return err - } + session := c.sessionState() session.secret = hs.masterSecret cs := &ClientSessionState{ticket: hs.ticket, session: session} diff --git a/handshake_client_tls13.go b/handshake_client_tls13.go index ed6e807..843e052 100644 --- a/handshake_client_tls13.go +++ b/handshake_client_tls13.go @@ -753,11 +753,7 @@ func (c *Conn) handleNewSessionTicket(msg *newSessionTicketMsgTLS13) error { psk := cipherSuite.expandLabel(c.resumptionSecret, "resumption", msg.nonce, cipherSuite.hash.Size()) - session, err := c.sessionState() - if err != nil { - c.sendAlert(alertInternalError) - return err - } + session := c.sessionState() session.secret = psk session.useBy = uint64(c.config.time().Add(lifetime).Unix()) session.ageAdd = msg.ageAdd diff --git a/handshake_server.go b/handshake_server.go index bddfaba..3a8d8cb 100644 --- a/handshake_server.go +++ b/handshake_server.go @@ -802,10 +802,7 @@ func (hs *serverHandshakeState) sendSessionTicket() error { c := hs.c m := new(newSessionTicketMsg) - state, err := c.sessionState() - if err != nil { - return err - } + state := c.sessionState() state.secret = hs.masterSecret if hs.sessionState != nil { // If this is re-wrapping an old key, then keep @@ -813,6 +810,7 @@ func (hs *serverHandshakeState) sendSessionTicket() error { state.createdAt = hs.sessionState.createdAt } if c.config.WrapSession != nil { + var err error m.ticket, err = c.config.WrapSession(c.connectionStateLocked(), state) if err != nil { return err diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go index 8afc39c..ab39d06 100644 --- a/handshake_server_tls13.go +++ b/handshake_server_tls13.go @@ -889,13 +889,11 @@ func (c *Conn) sendSessionTicket(earlyData bool) error { m := new(newSessionTicketMsgTLS13) - state, err := c.sessionState() - if err != nil { - return err - } + state := c.sessionState() state.secret = psk state.EarlyData = earlyData if c.config.WrapSession != nil { + var err error m.label, err = c.config.WrapSession(c.connectionStateLocked(), state) if err != nil { return err @@ -917,8 +915,7 @@ func (c *Conn) sendSessionTicket(earlyData bool) error { // The value is not stored anywhere; we never need to check the ticket age // because 0-RTT is not supported. ageAdd := make([]byte, 4) - _, err = c.config.rand().Read(ageAdd) - if err != nil { + if _, err := c.config.rand().Read(ageAdd); err != nil { return err } m.ageAdd = binary.LittleEndian.Uint32(ageAdd) diff --git a/ticket.go b/ticket.go index cc9e68d..2732e6d 100644 --- a/ticket.go +++ b/ticket.go @@ -289,7 +289,7 @@ func ParseSessionState(data []byte) (*SessionState, error) { // sessionState returns a partially filled-out [SessionState] with information // from the current connection. -func (c *Conn) sessionState() (*SessionState, error) { +func (c *Conn) sessionState() *SessionState { return &SessionState{ version: c.vers, cipherSuite: c.cipherSuite, @@ -302,7 +302,7 @@ func (c *Conn) sessionState() (*SessionState, error) { isClient: c.isClient, extMasterSecret: c.extMasterSecret, verifiedChains: c.verifiedChains, - }, nil + } } // EncryptTicket encrypts a ticket with the [Config]'s configured (or default)