diff options
| author | Matt Caswell <matt@openssl.org> | 2018-06-01 16:52:34 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-06-07 10:58:35 +0100 |
| commit | 4ff1a5266685f4a687a9f91b531c2f979b96db22 (patch) | |
| tree | 43fd2babb3b724e2c1eb4786a66f66ee4757cf88 /ssl/ssl_locl.h | |
| parent | 309371d6266877a8f04d0aa7b0f6add6d269d962 (diff) | |
Fix TLSv1.3 ticket nonces
All tickets on a connection need to have a unique nonce. When this was
originally implemented we only ever sent one ticket on the conneciton so
this didn't matter. We were just using the value 0. Now we can get multiple
tickets to we need to start doing the ticket nonce properly.
Fixes #6387
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6415)
Diffstat (limited to 'ssl/ssl_locl.h')
| -rw-r--r-- | ssl/ssl_locl.h | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 31e5cc8aa9..23608561ac 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -470,6 +470,8 @@ struct ssl_method_st { long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); }; +# define TLS13_MAX_RESUMPTION_PSK_LENGTH 64 + /*- * Lets make this into an ASN.1 type structure as follows * SSL_SESSION_ID ::= SEQUENCE { @@ -505,9 +507,9 @@ struct ssl_session_st { unsigned char early_secret[EVP_MAX_MD_SIZE]; /* * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption - * master secret + * PSK */ - unsigned char master_key[TLS13_MAX_RESUMPTION_MASTER_LENGTH]; + unsigned char master_key[TLS13_MAX_RESUMPTION_PSK_LENGTH]; /* session_id - valid? */ size_t session_id_length; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; @@ -1125,12 +1127,12 @@ struct ssl_st { */ uint32_t mac_flags; /* - * The TLS1.3 secrets. The resumption master secret is stored in the - * session. + * The TLS1.3 secrets. */ unsigned char early_secret[EVP_MAX_MD_SIZE]; unsigned char handshake_secret[EVP_MAX_MD_SIZE]; unsigned char master_secret[EVP_MAX_MD_SIZE]; + unsigned char resumption_master_secret[EVP_MAX_MD_SIZE]; unsigned char client_finished_secret[EVP_MAX_MD_SIZE]; unsigned char server_finished_secret[EVP_MAX_MD_SIZE]; unsigned char server_finished_hash[EVP_MAX_MD_SIZE]; @@ -1422,6 +1424,8 @@ struct ssl_st { size_t num_tickets; /* The number of TLS1.3 tickets actually sent so far */ size_t sent_tickets; + /* The next nonce value to use when we send a ticket on this connection */ + uint64_t next_ticket_nonce; }; /* |