summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>2024-01-17 14:29:17 +0100
committerTomas Mraz <tomas@openssl.org>2024-04-04 08:27:11 +0200
commit143483df9aff3ce4be4ba992a78e68ae07c687f2 (patch)
treefc2f5faa08210e19a84b92c3e829a733a850c12f
parentc41bc1614932c188f8b20e26a082c0050739232f (diff)
Fix sending session ids in DTLS-1.3
DTLS 1.3 session id must not be sent by client unless it has a cached id. And DTLS 1.3 servers must not echo a session id from a client. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22366)
Diffstat
-rw-r--r--ssl/statem/statem_clnt.c6
-rw-r--r--ssl/statem/statem_srvr.c12
2 files changed, 13 insertions, 5 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 616cc86b12..7509b69f7d 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1258,8 +1258,10 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
/* Session ID */
session_id = s->session->session_id;
- if (s->new_session || s->session->ssl_version == TLS1_3_VERSION || s->session->ssl_version == DTLS1_3_VERSION) {
- if ((s->version == TLS1_3_VERSION || s->version == DTLS1_3_VERSION)
+ if (s->new_session
+ || s->session->ssl_version == TLS1_3_VERSION
+ || s->session->ssl_version == DTLS1_3_VERSION) {
+ if (s->version == TLS1_3_VERSION
&& (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) {
sess_id_len = sizeof(s->tmp_session_id);
s->tmp_session_id_len = sess_id_len;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 72ea84b019..5dc1e1dbcc 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2390,9 +2390,11 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
int version;
unsigned char *session_id;
int usetls13 = SSL_CONNECTION_IS_TLS13(s)
- || s->hello_retry_request == SSL_HRR_PENDING;
+ || (!SSL_CONNECTION_IS_DTLS(s)
+ && s->hello_retry_request == SSL_HRR_PENDING);
int usedtls13 = SSL_CONNECTION_IS_DTLS13(s)
- || s->hello_retry_request == SSL_HRR_PENDING;
+ || (SSL_CONNECTION_IS_DTLS(s)
+ && s->hello_retry_request == SSL_HRR_PENDING);
version = usetls13 ? TLS1_2_VERSION : (usedtls13 ? DTLS1_2_VERSION : s->version);
if (!WPACKET_put_bytes_u16(pkt, version)
@@ -2422,6 +2424,7 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
* we send back a 0-length session ID.
* - In TLSv1.3 we echo back the session id sent to us by the client
* regardless
+ * - In DTLSv1.3 we must not echo the session id sent by the client
* s->hit is non-zero in either case of session reuse,
* so the following won't overwrite an ID that we're supposed
* to send back.
@@ -2431,9 +2434,12 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
&& !s->hit))
s->session->session_id_length = 0;
- if (usetls13 || usedtls13) {
+ if (usetls13) {
sl = s->tmp_session_id_len;
session_id = s->tmp_session_id;
+ } else if (usedtls13) {
+ sl = 0;
+ session_id = NULL;
} else {
sl = s->session->session_id_length;
session_id = s->session->session_id;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-10 15:27:56 +0000