diff options
author | Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> | 2024-01-17 14:29:17 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-04-04 08:27:11 +0200 |
commit | 143483df9aff3ce4be4ba992a78e68ae07c687f2 (patch) | |
tree | fc2f5faa08210e19a84b92c3e829a733a850c12f | |
parent | c41bc1614932c188f8b20e26a082c0050739232f (diff) |
Fix sending session ids in DTLS-1.3
DTLS 1.3 session id must not be sent by client unless
it has a cached id. And DTLS 1.3 servers must not echo
a session id from a client.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
-rw-r--r-- | ssl/statem/statem_clnt.c | 6 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 12 |
2 files changed, 13 insertions, 5 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 616cc86b12..7509b69f7d 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1258,8 +1258,10 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) /* Session ID */ session_id = s->session->session_id; - if (s->new_session || s->session->ssl_version == TLS1_3_VERSION || s->session->ssl_version == DTLS1_3_VERSION) { - if ((s->version == TLS1_3_VERSION || s->version == DTLS1_3_VERSION) + if (s->new_session + || s->session->ssl_version == TLS1_3_VERSION + || s->session->ssl_version == DTLS1_3_VERSION) { + if (s->version == TLS1_3_VERSION && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) { sess_id_len = sizeof(s->tmp_session_id); s->tmp_session_id_len = sess_id_len; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 72ea84b019..5dc1e1dbcc 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2390,9 +2390,11 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) int version; unsigned char *session_id; int usetls13 = SSL_CONNECTION_IS_TLS13(s) - || s->hello_retry_request == SSL_HRR_PENDING; + || (!SSL_CONNECTION_IS_DTLS(s) + && s->hello_retry_request == SSL_HRR_PENDING); int usedtls13 = SSL_CONNECTION_IS_DTLS13(s) - || s->hello_retry_request == SSL_HRR_PENDING; + || (SSL_CONNECTION_IS_DTLS(s) + && s->hello_retry_request == SSL_HRR_PENDING); version = usetls13 ? TLS1_2_VERSION : (usedtls13 ? DTLS1_2_VERSION : s->version); if (!WPACKET_put_bytes_u16(pkt, version) @@ -2422,6 +2424,7 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) * we send back a 0-length session ID. * - In TLSv1.3 we echo back the session id sent to us by the client * regardless + * - In DTLSv1.3 we must not echo the session id sent by the client * s->hit is non-zero in either case of session reuse, * so the following won't overwrite an ID that we're supposed * to send back. @@ -2431,9 +2434,12 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) && !s->hit)) s->session->session_id_length = 0; - if (usetls13 || usedtls13) { + if (usetls13) { sl = s->tmp_session_id_len; session_id = s->tmp_session_id; + } else if (usedtls13) { + sl = 0; + session_id = NULL; } else { sl = s->session->session_id_length; session_id = s->session->session_id; |