Skip to content

Commit

Permalink
DTLS 1.3 session id must not be sent by client unless it has a cached…
Browse files Browse the repository at this point in the history
… id. And DTLS 1.3 servers must not echo a session id from a client.
  • Loading branch information
fwh-dc committed Mar 21, 2024
1 parent f77f2b8 commit 75e9c9e
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 5 deletions.
6 changes: 4 additions & 2 deletions ssl/statem/statem_clnt.c
Original file line number Diff line number Diff line change
Expand Up @@ -1256,8 +1256,10 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)

/* Session ID */
session_id = s->session->session_id;
if (s->new_session || s->session->ssl_version == TLS1_3_VERSION || s->session->ssl_version == DTLS1_3_VERSION) {
if ((s->version == TLS1_3_VERSION || s->version == DTLS1_3_VERSION)
if (s->new_session
|| s->session->ssl_version == TLS1_3_VERSION
|| s->session->ssl_version == DTLS1_3_VERSION) {
if (s->version == TLS1_3_VERSION
&& (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) {
sess_id_len = sizeof(s->tmp_session_id);
s->tmp_session_id_len = sess_id_len;
Expand Down
12 changes: 9 additions & 3 deletions ssl/statem/statem_srvr.c
Original file line number Diff line number Diff line change
Expand Up @@ -2390,9 +2390,11 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
int version;
unsigned char *session_id;
int usetls13 = SSL_CONNECTION_IS_TLS13(s)
|| s->hello_retry_request == SSL_HRR_PENDING;
|| (!SSL_CONNECTION_IS_DTLS(s)
&& s->hello_retry_request == SSL_HRR_PENDING);
int usedtls13 = SSL_CONNECTION_IS_DTLS13(s)
|| s->hello_retry_request == SSL_HRR_PENDING;
|| (SSL_CONNECTION_IS_DTLS(s)
&& s->hello_retry_request == SSL_HRR_PENDING);

version = usetls13 ? TLS1_2_VERSION : (usedtls13 ? DTLS1_2_VERSION : s->version);
if (!WPACKET_put_bytes_u16(pkt, version)
Expand Down Expand Up @@ -2422,6 +2424,7 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
* we send back a 0-length session ID.
* - In TLSv1.3 we echo back the session id sent to us by the client
* regardless
* - In DTLSv1.3 we must not echo the session id sent by the client
* s->hit is non-zero in either case of session reuse,
* so the following won't overwrite an ID that we're supposed
* to send back.
Expand All @@ -2431,9 +2434,12 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
&& !s->hit))
s->session->session_id_length = 0;

if (usetls13 || usedtls13) {
if (usetls13) {
sl = s->tmp_session_id_len;
session_id = s->tmp_session_id;
} else if (usedtls13) {
sl = 0;
session_id = NULL;
} else {
sl = s->session->session_id_length;
session_id = s->session->session_id;
Expand Down

0 comments on commit 75e9c9e

Please sign in to comment.