diff options
| author | Kevin Jacobs <kjacobs@mozilla.com> | 2020-11-18 20:08:53 +0000 |
|---|---|---|
| committer | Kevin Jacobs <kjacobs@mozilla.com> | 2020-11-18 20:08:53 +0000 |
| commit | 6324d9405f524e7efb78eb2d71afbdd45c53ec84 (patch) | |
| tree | 68894063a51e4f84dd678160ddd1f80a540858b1 | |
| parent | 2bd4e6f231c8e7c262495fed7c147b4cc67c834c (diff) | |
| download | nss-hg-6324d9405f524e7efb78eb2d71afbdd45c53ec84.tar.gz | |
Bug 1654332 - Fixup a10493dcfcc9: copy ECHConfig.config_id with socket r=jcj
A late review change for ECH was for the server to compute each ECHConfig `config_id` when set to the socket, rather than on each connection. This works, but now we also need to copy that config_id when copying a socket, else the server won't find a matching ECHConfig to use for decryption.
Differential Revision: https://phabricator.services.mozilla.com/D97475
| -rw-r--r-- | lib/ssl/ssl3con.c | 2 | ||||
| -rw-r--r-- | lib/ssl/tls13con.c | 2 | ||||
| -rw-r--r-- | lib/ssl/tls13ech.c | 1 |
3 files changed, 3 insertions, 2 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index bf5704c7f..cd36b80a5 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -5521,7 +5521,7 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type) if (IS_DTLS(ss)) { rv = dtls_StageHandshakeMessage(ss); if (rv != SECSuccess) { - return rv; + goto loser; } } /* By default, all messagess are added to both the inner and diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c index b1e3b2ebe..a10962981 100644 --- a/lib/ssl/tls13con.c +++ b/lib/ssl/tls13con.c @@ -1752,7 +1752,7 @@ tls13_MaybeSendHelloRetry(sslSocket *ss, const sslNamedGroupDef *requestedGroup, return SECFailure; /* Code already set. */ } - /* We received ECH, but have to start over with CH2. */ + /* We may have received ECH, but have to start over with CH2. */ ss->ssl3.hs.echAccepted = PR_FALSE; PK11_HPKE_DestroyContext(ss->ssl3.hs.echHpkeCtx, PR_TRUE); ss->ssl3.hs.echHpkeCtx = NULL; diff --git a/lib/ssl/tls13ech.c b/lib/ssl/tls13ech.c index e208c92bf..a42bda01a 100644 --- a/lib/ssl/tls13ech.c +++ b/lib/ssl/tls13ech.c @@ -86,6 +86,7 @@ tls13_CopyEchConfigs(PRCList *oConfigs, PRCList *configs) newConfig->contents.kdfId = config->contents.kdfId; newConfig->contents.aeadId = config->contents.aeadId; newConfig->contents.maxNameLen = config->contents.maxNameLen; + PORT_Memcpy(newConfig->configId, config->configId, sizeof(newConfig->configId)); PR_APPEND_LINK(&newConfig->link, configs); } return SECSuccess; |