From 1a9f457c6656a0905102c8850ca586eda1e3ba91 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 25 Jan 2017 11:56:23 +0000 Subject: [PATCH] If we have no suitable PSK kex modes then don't attempt to resume Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2259) --- ssl/ssl_locl.h | 2 +- ssl/ssl_sess.c | 16 +++++++++------- ssl/statem/extensions.c | 1 - ssl/statem/extensions_srvr.c | 8 ++++++++ ssl/statem/statem_srvr.c | 4 ++-- 5 files changed, 20 insertions(+), 11 deletions(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index f95b4660a7..bceee4c702 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1933,7 +1933,7 @@ __owur CERT *ssl_cert_dup(CERT *cert); void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); __owur int ssl_get_new_session(SSL *s, int session); -__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); +__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al); __owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index c0fc8b356c..686d18a384 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -458,7 +458,7 @@ int ssl_get_new_session(SSL *s, int session) * - Both for new and resumed sessions, s->ext.ticket_expected is set to 1 * if the server should issue a new session ticket (to 0 otherwise). */ -int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) +int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) { /* This is used only by servers. */ @@ -468,10 +468,10 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) TICKET_RETURN r; if (SSL_IS_TLS13(s)) { - int al; - - if (!tls_parse_extension(s, TLSEXT_IDX_psk, EXT_CLIENT_HELLO, - hello->pre_proc_exts, NULL, 0, &al)) + if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes, EXT_CLIENT_HELLO, + hello->pre_proc_exts, NULL, 0, al) + || !tls_parse_extension(s, TLSEXT_IDX_psk, EXT_CLIENT_HELLO, + hello->pre_proc_exts, NULL, 0, al)) return -1; ret = s->session; @@ -637,10 +637,12 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) s->ext.ticket_expected = 1; } } - if (fatal) + if (fatal) { + *al = SSL_AD_INTERNAL_ERROR; return -1; - else + } else { return 0; + } } int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index bce31a2c17..526318f791 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -237,7 +237,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { NULL, NULL, NULL, tls_construct_ctos_supported_versions, NULL }, { - /* Must be before key_share */ TLSEXT_TYPE_psk_kex_modes, EXT_CLIENT_HELLO | EXT_TLS_IMPLEMENTATION_ONLY | EXT_TLS1_3_ONLY, init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL, diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 407b48c671..41dd5b6fbb 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -687,6 +687,14 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al) unsigned int id, i; const EVP_MD *md = NULL; + /* + * If we have no PSK kex mode that we recognise then we can't resume so + * ignore this extension + */ + if ((s->ext.psk_kex_mode + & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0) + return 1; + if (!PACKET_get_length_prefixed_2(pkt, &identities)) { *al = SSL_AD_DECODE_ERROR; return 0; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 9292284bdc..023f1ac1f2 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1475,12 +1475,12 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (!ssl_get_new_session(s, 1)) goto err; } else { - i = ssl_get_prev_session(s, &clienthello); + i = ssl_get_prev_session(s, &clienthello, &al); if (i == 1) { /* previous session */ s->hit = 1; } else if (i == -1) { - goto err; + goto f_err; } else { /* i == 0 */ if (!ssl_get_new_session(s, 1)) -- 2.25.1