diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2021-03-16 07:47:09 -0700 |
---|---|---|
committer | Benjamin Kaduk <bkaduk@akamai.com> | 2021-05-15 15:09:07 -0700 |
commit | aa6bd216dd2691d1254eabcbd584691eb3b4b9b8 (patch) | |
tree | c666b319f00d45596172c847a1c365edcfc703fd /ssl/s3_lib.c | |
parent | a8457b4c3d86a42209eabe90eddb605f59041f9e (diff) |
Promote SSL_get_negotiated_group() for non-TLSv1.3
It can be useful to know what group was used for the handshake's
key exchange process even on non-TLS 1.3 connections. Allow this
API, new in OpenSSL 3.0.0, to be used on other TLS versions as well.
Since pre-TLS-1.3 key exchange occurs only on full handshakes, this
necessitates adding a field to the SSL_SESSION object to carry the
group information across resumptions. The key exchange group in the
SSL_SESSION can also be relevant in TLS 1.3 when the resumption handshake
uses the "psk_ke" key-exchange mode, so also track whether a fresh key
exchange was done for TLS 1.3.
Since the new field is optional in the ASN.1 sense, there is no need
to increment SSL_SESSION_ASN1_VERSION (which incurs strong incompatibility
churn).
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14750)
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 1b491e7f92..7839a4d318 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3636,9 +3636,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return id; } case SSL_CTRL_GET_NEGOTIATED_GROUP: - ret = tls1_group_id2nid(s->s3.group_id, 1); - break; + { + unsigned int id; + if (SSL_IS_TLS13(s) && s->s3.did_kex) + id = s->s3.group_id; + else + id = s->session->kex_group; + ret = tls1_group_id2nid(id, 1); + break; + } case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(s->cert, parg, larg, 0); |