diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2021-03-16 07:47:09 -0700 |
---|---|---|
committer | Benjamin Kaduk <bkaduk@akamai.com> | 2021-05-15 15:09:07 -0700 |
commit | aa6bd216dd2691d1254eabcbd584691eb3b4b9b8 (patch) | |
tree | c666b319f00d45596172c847a1c365edcfc703fd /ssl/ssl_asn1.c | |
parent | a8457b4c3d86a42209eabe90eddb605f59041f9e (diff) |
Promote SSL_get_negotiated_group() for non-TLSv1.3
It can be useful to know what group was used for the handshake's
key exchange process even on non-TLS 1.3 connections. Allow this
API, new in OpenSSL 3.0.0, to be used on other TLS versions as well.
Since pre-TLS-1.3 key exchange occurs only on full handshakes, this
necessitates adding a field to the SSL_SESSION object to carry the
group information across resumptions. The key exchange group in the
SSL_SESSION can also be relevant in TLS 1.3 when the resumption handshake
uses the "psk_ke" key-exchange mode, so also track whether a fresh key
exchange was done for TLS 1.3.
Since the new field is optional in the ASN.1 sense, there is no need
to increment SSL_SESSION_ASN1_VERSION (which incurs strong incompatibility
churn).
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14750)
Diffstat (limited to 'ssl/ssl_asn1.c')
-rw-r--r-- | ssl/ssl_asn1.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index de93ccbde6..b27a58df7c 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -43,6 +43,7 @@ typedef struct { ASN1_OCTET_STRING *alpn_selected; uint32_t tlsext_max_fragment_len_mode; ASN1_OCTET_STRING *ticket_appdata; + uint32_t kex_group; } SSL_SESSION_ASN1; ASN1_SEQUENCE(SSL_SESSION_ASN1) = { @@ -73,7 +74,8 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = { ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15), ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16), ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17), - ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18) + ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18), + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, kex_group, UINT32, 19) } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1) IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) @@ -134,6 +136,8 @@ int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp) as.version = SSL_SESSION_ASN1_VERSION; as.ssl_version = in->ssl_version; + as.kex_group = in->kex_group; + if (in->cipher == NULL) l = in->cipher_id; else @@ -272,6 +276,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->ssl_version = (int)as->ssl_version; + ret->kex_group = as->kex_group; + if (as->cipher->length != 2) { ERR_raise(ERR_LIB_SSL, SSL_R_CIPHER_CODE_WRONG_LENGTH); goto err; |