diff options
| author | Matt Caswell <matt@openssl.org> | 2017-11-07 10:45:43 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-12-14 15:06:37 +0000 |
| commit | a5816a5ab99610201dcec57a0e02b883d9d32891 (patch) | |
| tree | dbcdbc8473d14ad1204c345725e6193d299b22d3 /ssl/statem/statem_srvr.c | |
| parent | 88050dd1960bfaba7ede12a3ce1afe40f5deb124 (diff) | |
Implement session id TLSv1.3 middlebox compatibility mode
Clients will send a "fake" session id and servers must echo it back.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
Diffstat (limited to 'ssl/statem/statem_srvr.c')
| -rw-r--r-- | ssl/statem/statem_srvr.c | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index e91bba4c0f..36083096b9 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1686,6 +1686,12 @@ static int tls_early_post_process_client_hello(SSL *s) } } + if (SSL_IS_TLS13(s)) { + memcpy(s->tmp_session_id, s->clienthello->session_id, + s->clienthello->session_id_len); + s->tmp_session_id_len = s->clienthello->session_id_len; + } + /* * If it is a hit, check that the cipher is in the list. In TLSv1.3 we check * ciphersuite compatibility with the session as part of resumption. @@ -2192,6 +2198,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) int compm; size_t sl, len; int version; + unsigned char *session_id; version = SSL_IS_TLS13(s) ? TLS1_2_VERSION : s->version; if (!WPACKET_put_bytes_u16(pkt, version) @@ -2217,6 +2224,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) * session ID. * - However, if we want the new session to be single-use, * we send back a 0-length session ID. + * - In TLSv1.3 we echo back the session id sent to us by the client + * regardless * s->hit is non-zero in either case of session reuse, * so the following won't overwrite an ID that we're supposed * to send back. @@ -2226,17 +2235,20 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) && !s->hit)) s->session->session_id_length = 0; - sl = s->session->session_id_length; + if (SSL_IS_TLS13(s)) { + sl = s->tmp_session_id_len; + session_id = s->tmp_session_id; + } else { + sl = s->session->session_id_length; + session_id = s->session->session_id; + } + if (sl > sizeof(s->session->session_id)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); return 0; } - /* Never send a session_id back in the ServerHello */ - if (SSL_IS_TLS13(s)) - sl = 0; - /* set up the compression method */ #ifdef OPENSSL_NO_COMP compm = 0; @@ -2247,7 +2259,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) compm = s->s3->tmp.new_compression->id; #endif - if (!WPACKET_sub_memcpy_u8(pkt, s->session->session_id, sl) + if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl) || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len) || !WPACKET_put_bytes_u8(pkt, compm) || !tls_construct_extensions(s, pkt, |