From: Matt Caswell Date: Fri, 16 Mar 2018 09:25:34 +0000 (+0000) Subject: Add an anti-replay mechanism X-Git-Tag: OpenSSL_1_1_1-pre3~37 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=66d7de163491bfa5819fb80b77d321beb58384d4;p=oweals%2Fopenssl.git Add an anti-replay mechanism If the server is configured to allow early data then we check if the PSK session presented by the client is available in the cache or not. If it isn't then this may be a replay and we disallow it. If it is then we allow it and remove the session from the cache. Note: the anti-replay protection is not used for externally established PSKs. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5644) --- diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 5e44d4c41f..6513bf84cc 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -761,10 +761,10 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) if ((c != NULL) && (c->session_id_length != 0)) { if (lck) CRYPTO_THREAD_write_lock(ctx->lock); - if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) { + if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) { ret = 1; - r = lh_SSL_SESSION_delete(ctx->sessions, c); - SSL_SESSION_list_remove(ctx, c); + r = lh_SSL_SESSION_delete(ctx->sessions, r); + SSL_SESSION_list_remove(ctx, r); } c->not_resumable = 1; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 7c9a3f7a6a..ee4cad124c 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1134,6 +1134,14 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (ret == SSL_TICKET_NO_DECRYPT) continue; + /* Check for replay */ + if (s->max_early_data > 0 + && !SSL_CTX_remove_session(s->session_ctx, sess)) { + SSL_SESSION_free(sess); + sess = NULL; + continue; + } + ticket_age = (uint32_t)ticket_agel; now = (uint32_t)time(NULL); agesec = now - (uint32_t)sess->time;