diff options
author | Martin Thomson <martin.thomson@gmail.com> | 2018-09-04 13:30:11 +1000 |
---|---|---|
committer | Martin Thomson <martin.thomson@gmail.com> | 2018-09-04 13:30:11 +1000 |
commit | 1e089e6a50a8f3dbd454e066eb17f6e0d59cf248 (patch) | |
tree | a311d31d2986c734d612d143dfe873cf1cfc6455 /lib/ssl | |
parent | 65cb41c5f89637b34ac47a9a630833365b46df16 (diff) | |
download | nss-hg-1e089e6a50a8f3dbd454e066eb17f6e0d59cf248.tar.gz |
Bug 1488320 - Cross-version resumption tests, r=ekr
This fixes an issue that arises from an interaction between compatibility mode
and cross-version resumption in DTLS. The DTLS 1.3 spec has an open PR that
makes the spec align with this: https://github.com/tlswg/dtls13-spec/pull/59
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/ssl3con.c | 9 | ||||
-rw-r--r-- | lib/ssl/tls13con.c | 1 | ||||
-rw-r--r-- | lib/ssl/tls13exthandle.c | 1 |
3 files changed, 8 insertions, 3 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 48393d087..26efdfdc0 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -6386,15 +6386,18 @@ ssl_CheckServerSessionIdCorrectness(sslSocket *ss, SECItem *sidBytes) /* TLS 1.2: Session ID shouldn't match if we sent a fake. */ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { - return !sentFakeSid || !sidMatch; + if (sentFakeSid) { + return !sidMatch; + } + return PR_TRUE; } /* TLS 1.3: We sent a session ID. The server's should match. */ - if (sentRealSid || sentFakeSid) { + if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) { return sidMatch; } - /* TLS 1.3: The server shouldn't send a session ID. */ + /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */ return sidBytes->len == 0; } diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c index 1194c0d23..227f6d08b 100644 --- a/lib/ssl/tls13con.c +++ b/lib/ssl/tls13con.c @@ -2499,6 +2499,7 @@ tls13_HandleServerHelloPart2(sslSocket *ss) } if (ss->statelessResume) { + PORT_Assert(sid->version >= SSL_LIBRARY_VERSION_TLS_1_3); if (tls13_GetHash(ss) != tls13_GetHashForCipherSuite(sid->u.ssl3.cipherSuite)) { FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_SERVER_HELLO, diff --git a/lib/ssl/tls13exthandle.c b/lib/ssl/tls13exthandle.c index a4b2967e5..b155a9c46 100644 --- a/lib/ssl/tls13exthandle.c +++ b/lib/ssl/tls13exthandle.c @@ -396,6 +396,7 @@ tls13_ClientSendPreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData, xtnData->lastXtnOffset = buf->len - 4; PORT_Assert(ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3); + PORT_Assert(ss->sec.ci.sid->version >= SSL_LIBRARY_VERSION_TLS_1_3); /* Send a single ticket identity. */ session_ticket = &ss->sec.ci.sid->u.ssl3.locked.sessionTicket; |