diff options
| author | Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> | 2024-01-17 14:29:17 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-04-04 08:27:11 +0200 |
| commit | 143483df9aff3ce4be4ba992a78e68ae07c687f2 (patch) | |
| tree | fc2f5faa08210e19a84b92c3e829a733a850c12f /ssl/statem/statem_srvr.c | |
| parent | c41bc1614932c188f8b20e26a082c0050739232f (diff) | |
Fix sending session ids in DTLS-1.3
DTLS 1.3 session id must not be sent by client unless
it has a cached id. And DTLS 1.3 servers must not echo
a session id from a client.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
Diffstat (limited to 'ssl/statem/statem_srvr.c')
| -rw-r--r-- | ssl/statem/statem_srvr.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 72ea84b019..5dc1e1dbcc 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2390,9 +2390,11 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) int version; unsigned char *session_id; int usetls13 = SSL_CONNECTION_IS_TLS13(s) - || s->hello_retry_request == SSL_HRR_PENDING; + || (!SSL_CONNECTION_IS_DTLS(s) + && s->hello_retry_request == SSL_HRR_PENDING); int usedtls13 = SSL_CONNECTION_IS_DTLS13(s) - || s->hello_retry_request == SSL_HRR_PENDING; + || (SSL_CONNECTION_IS_DTLS(s) + && s->hello_retry_request == SSL_HRR_PENDING); version = usetls13 ? TLS1_2_VERSION : (usedtls13 ? DTLS1_2_VERSION : s->version); if (!WPACKET_put_bytes_u16(pkt, version) @@ -2422,6 +2424,7 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) * we send back a 0-length session ID. * - In TLSv1.3 we echo back the session id sent to us by the client * regardless + * - In DTLSv1.3 we must not echo the session id sent by the client * s->hit is non-zero in either case of session reuse, * so the following won't overwrite an ID that we're supposed * to send back. @@ -2431,9 +2434,12 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) && !s->hit)) s->session->session_id_length = 0; - if (usetls13 || usedtls13) { + if (usetls13) { sl = s->tmp_session_id_len; session_id = s->tmp_session_id; + } else if (usedtls13) { + sl = 0; + session_id = NULL; } else { sl = s->session->session_id_length; session_id = s->session->session_id; |