diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2021-03-16 07:47:09 -0700 |
---|---|---|
committer | Benjamin Kaduk <bkaduk@akamai.com> | 2021-05-15 15:09:07 -0700 |
commit | aa6bd216dd2691d1254eabcbd584691eb3b4b9b8 (patch) | |
tree | c666b319f00d45596172c847a1c365edcfc703fd /ssl/ssl_local.h | |
parent | a8457b4c3d86a42209eabe90eddb605f59041f9e (diff) |
Promote SSL_get_negotiated_group() for non-TLSv1.3
It can be useful to know what group was used for the handshake's
key exchange process even on non-TLS 1.3 connections. Allow this
API, new in OpenSSL 3.0.0, to be used on other TLS versions as well.
Since pre-TLS-1.3 key exchange occurs only on full handshakes, this
necessitates adding a field to the SSL_SESSION object to carry the
group information across resumptions. The key exchange group in the
SSL_SESSION can also be relevant in TLS 1.3 when the resumption handshake
uses the "psk_ke" key-exchange mode, so also track whether a fresh key
exchange was done for TLS 1.3.
Since the new field is optional in the ASN.1 sense, there is no need
to increment SSL_SESSION_ASN1_VERSION (which incurs strong incompatibility
churn).
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14750)
Diffstat (limited to 'ssl/ssl_local.h')
-rw-r--r-- | ssl/ssl_local.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 0a6c4bf9ec..8f3a2f93d6 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -599,6 +599,7 @@ struct ssl_session_st { const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to * load the 'cipher' structure */ + unsigned int kex_group; /* TLS group from key exchange */ CRYPTO_EX_DATA ex_data; /* application specific data */ /* * These are used to make removal of session-ids more efficient and to @@ -1412,6 +1413,12 @@ struct ssl_st { */ char is_probably_safari; + /* + * Track whether we did a key exchange this handshake or not, so + * SSL_get_negotiated_group() knows whether to fall back to the + * value in the SSL_SESSION. + */ + char did_kex; /* For clients: peer temporary key */ /* The group_id for the key exchange key */ uint16_t group_id; |