If we have no suitable PSK kex modes then don't attempt to resume

author Matt Caswell <matt@openssl.org>

Wed, 25 Jan 2017 11:56:23 +0000 (11:56 +0000)

committer Matt Caswell <matt@openssl.org>

Mon, 30 Jan 2017 10:18:24 +0000 (10:18 +0000)
author Matt Caswell <matt@openssl.org>
Wed, 25 Jan 2017 11:56:23 +0000 (11:56 +0000)
committer Matt Caswell <matt@openssl.org>
Mon, 30 Jan 2017 10:18:24 +0000 (10:18 +0000)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index f95b4660a70ae13b0108045efc1381b98b12dddd..bceee4c7026f0006fe5762fc4dff5d77689c1d49 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1933,7 +1933,7 @@ __owur CERT *ssl_cert_dup(CERT *cert);
  void ssl_cert_clear_certs(CERT *c);
  void ssl_cert_free(CERT *c);
  __owur int ssl_get_new_session(SSL *s, int session);
-__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello);
+__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al);
  __owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
  __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
  DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c

index c0fc8b356c2e56d4dd327a4c629db328e5f82ff3..686d18a384279610881eabcd0929eeced53e9431 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -458,7 +458,7 @@ int ssl_get_new_session(SSL *s, int session)
   *   - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
   *     if the server should issue a new session ticket (to 0 otherwise).
   */
-int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
+int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al)
  {
      /* This is used only by servers. */
  
@@ -468,10 +468,10 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
      TICKET_RETURN r;
  
      if (SSL_IS_TLS13(s)) {
-        int al;
-
-        if (!tls_parse_extension(s, TLSEXT_IDX_psk, EXT_CLIENT_HELLO,
-                                 hello->pre_proc_exts, NULL, 0, &al))
+        if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes, EXT_CLIENT_HELLO,
+                                 hello->pre_proc_exts, NULL, 0, al)
+                || !tls_parse_extension(s, TLSEXT_IDX_psk, EXT_CLIENT_HELLO,
+                                        hello->pre_proc_exts, NULL, 0, al))
              return -1;
  
          ret = s->session;
@@ -637,10 +637,12 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
              s->ext.ticket_expected = 1;
          }
      }
-    if (fatal)
+    if (fatal) {
+        *al = SSL_AD_INTERNAL_ERROR;
          return -1;
-    else
+    } else {
          return 0;
+    }
  }
  
  int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c

index bce31a2c17e9ee27c1c41d72d3a7d3f4d83effbb..526318f791e502e16419ad82ffce3b1c4080700d 100644 (file)
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -237,7 +237,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
          NULL, NULL, NULL, tls_construct_ctos_supported_versions, NULL
      },
      {
-        /* Must be before key_share */
          TLSEXT_TYPE_psk_kex_modes,
          EXT_CLIENT_HELLO | EXT_TLS_IMPLEMENTATION_ONLY | EXT_TLS1_3_ONLY,
          init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL,
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c

index 407b48c6715c09a5d34c8686b90adfafc71cb517..41dd5b6fbb602dbccf4001228ce721604d14c005 100644 (file)
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -687,6 +687,14 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
      unsigned int id, i;
      const EVP_MD *md = NULL;
  
+    /*
+     * If we have no PSK kex mode that we recognise then we can't resume so
+     * ignore this extension
+     */
+    if ((s->ext.psk_kex_mode
+            & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0)
+        return 1;
+
      if (!PACKET_get_length_prefixed_2(pkt, &identities)) {
          *al = SSL_AD_DECODE_ERROR;
          return 0;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c

index 9292284bdc723a98c5b861faab3108b757c069ed..023f1ac1f2871964de682b191f556521157c3389 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1475,12 +1475,12 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
          if (!ssl_get_new_session(s, 1))
              goto err;
      } else {
-        i = ssl_get_prev_session(s, &clienthello);
+        i = ssl_get_prev_session(s, &clienthello, &al);
          if (i == 1) {
              /* previous session */
              s->hit = 1;
          } else if (i == -1) {
-            goto err;
+            goto f_err;
          } else {
              /* i == 0 */
              if (!ssl_get_new_session(s, 1))
author	Matt Caswell <matt@openssl.org>
	Wed, 25 Jan 2017 11:56:23 +0000 (11:56 +0000)
committer	Matt Caswell <matt@openssl.org>
	Mon, 30 Jan 2017 10:18:24 +0000 (10:18 +0000)
ssl/ssl_locl.h		patch \| blob \| history
ssl/ssl_sess.c		patch \| blob \| history
ssl/statem/extensions.c		patch \| blob \| history
ssl/statem/extensions_srvr.c		patch \| blob \| history
ssl/statem/statem_srvr.c		patch \| blob \| history