Add an anti-replay mechanism

If the server is configured to allow early data then we check if the PSK session presented by the client is available in the cache or not. If it isn't then this may be a replay and we disallow it. If it is then we allow it and remove the session from the cache. Note: the anti-replay protection is not used for externally established PSKs. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
author: Matt Caswell <matt@openssl.org> 2018-03-16 09:25:34 +0000
committer: Matt Caswell <matt@openssl.org> 2018-03-19 12:21:41 +0000
commit: 66d7de163491bfa5819fb80b77d321beb58384d4 (patch)
tree: b2a5fcb49174f0d108ed54d15218c64dd74a0afc /ssl/statem/extensions_srvr.c
parent: f023ba2df821d186d73fefda6fa5cafcc5a3ee39 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 7c9a3f7a6a..ee4cad124c 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1134,6 +1134,14 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
             if (ret == SSL_TICKET_NO_DECRYPT)
                 continue;
 
+            /* Check for replay */
+            if (s->max_early_data > 0
+                    && !SSL_CTX_remove_session(s->session_ctx, sess)) {
+                SSL_SESSION_free(sess);
+                sess = NULL;
+                continue;
+            }
+
             ticket_age = (uint32_t)ticket_agel;
             now = (uint32_t)time(NULL);
             agesec = now - (uint32_t)sess->time;
author	Matt Caswell <matt@openssl.org>	2018-03-16 09:25:34 +0000
committer	Matt Caswell <matt@openssl.org>	2018-03-19 12:21:41 +0000
commit	66d7de163491bfa5819fb80b77d321beb58384d4 (patch)
tree	b2a5fcb49174f0d108ed54d15218c64dd74a0afc /ssl/statem/extensions_srvr.c
parent	f023ba2df821d186d73fefda6fa5cafcc5a3ee39 (diff)