diff options
author | Matt Caswell <matt@openssl.org> | 2023-08-07 12:21:20 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2023-08-15 14:41:31 +0100 |
commit | 04c7fb53e0437f83e2476e5d55a1af61959fadf5 (patch) | |
tree | 0023be1df9fe26d0e5f8a9da397d7f980d4d67f4 /ssl/statem | |
parent | 0f2add9e8d4c1dc09848ea12aaad2eb4c5358bf2 (diff) |
NewSessionTickets with an early_data extension must have a valid max value
The max_early_data value must be 0xffffffff if the extension is present in
a NewSessionTicket message in QUIC. Otherwise it is a PROTOCOL_VIOLATION.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/extensions_clnt.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index d32dcfbd06..381a6c9d7b 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1934,6 +1934,22 @@ int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt, s->session->ext.max_early_data = max_early_data; + if (SSL_IS_QUIC_HANDSHAKE(s) && max_early_data != 0xffffffff) { + /* + * QUIC allows missing max_early_data, or a max_early_data value + * of 0xffffffff. Missing max_early_data is stored in the session + * as 0. This is indistinguishable in OpenSSL from a present + * max_early_data value that was 0. In order that later checks for + * invalid max_early_data correctly treat as an error the case where + * max_early_data is present and it is 0, we store any invalid + * value in the same (non-zero) way. Otherwise we would have to + * introduce a new flag just for this. + */ + s->session->ext.max_early_data = 1; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INVALID_MAX_EARLY_DATA); + return 0; + } + return 1; } |