diff options
author | Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> | 2024-01-17 14:29:17 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2024-04-23 11:57:05 +0100 |
commit | 2496f91d4ee71220a4e5f87075c17c23d92890a7 (patch) | |
tree | 1a4b5e395d198cb3b9fce8839c9a374f212e6bcc | |
parent | e758f33cb038e01a896faf38e278bda021b5e644 (diff) |
Fix sending session ids in DTLS-1.3
DTLS 1.3 session id must not be sent by client unless
it has a cached id. And DTLS 1.3 servers must not echo
a session id from a client.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
-rw-r--r-- | ssl/statem/statem_clnt.c | 6 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 12 |
2 files changed, 13 insertions, 5 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index fc9d9c5aab..5e16f24048 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1258,8 +1258,10 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) /* Session ID */ session_id = s->session->session_id; - if (s->new_session || s->session->ssl_version == TLS1_3_VERSION || s->session->ssl_version == DTLS1_3_VERSION) { - if ((s->version == TLS1_3_VERSION || s->version == DTLS1_3_VERSION) + if (s->new_session + || s->session->ssl_version == TLS1_3_VERSION + || s->session->ssl_version == DTLS1_3_VERSION) { + if (s->version == TLS1_3_VERSION && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) { sess_id_len = sizeof(s->tmp_session_id); s->tmp_session_id_len = sess_id_len; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 7f7e5dccfe..17348cf8be 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2390,9 +2390,11 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) int version; unsigned char *session_id; int usetls13 = SSL_CONNECTION_IS_TLS13(s) - || s->hello_retry_request == SSL_HRR_PENDING; + || (!SSL_CONNECTION_IS_DTLS(s) + && s->hello_retry_request == SSL_HRR_PENDING); int usedtls13 = SSL_CONNECTION_IS_DTLS13(s) - || s->hello_retry_request == SSL_HRR_PENDING; + || (SSL_CONNECTION_IS_DTLS(s) + && s->hello_retry_request == SSL_HRR_PENDING); version = usetls13 ? TLS1_2_VERSION : (usedtls13 ? DTLS1_2_VERSION : s->version); if (!WPACKET_put_bytes_u16(pkt, version) @@ -2422,6 +2424,7 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) * we send back a 0-length session ID. * - In TLSv1.3 we echo back the session id sent to us by the client * regardless + * - In DTLSv1.3 we must not echo the session id sent by the client * s->hit is non-zero in either case of session reuse, * so the following won't overwrite an ID that we're supposed * to send back. @@ -2430,9 +2433,12 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) && !s->hit) s->session->session_id_length = 0; - if (usetls13 || usedtls13) { + if (usetls13) { sl = s->tmp_session_id_len; session_id = s->tmp_session_id; + } else if (usedtls13) { + sl = 0; + session_id = NULL; } else { sl = s->session->session_id_length; session_id = s->session->session_id; |