summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2020-05-09 15:30:21 +0000
committerjsing <>2020-05-09 15:30:21 +0000
commite60743c2598f2b8d05fbd008cafbfe16bfe0b9a3 (patch)
tree6666049523937c7ae835bbe58ae646628168a32f
parent465ed0712229ad7d942b62e920b8adff60f611ab (diff)
downloadopenbsd-e60743c2598f2b8d05fbd008cafbfe16bfe0b9a3.tar.gz
openbsd-e60743c2598f2b8d05fbd008cafbfe16bfe0b9a3.tar.bz2
openbsd-e60743c2598f2b8d05fbd008cafbfe16bfe0b9a3.zip
Add a middlebox_compat flag and condition session ID randomisation on it.
ok tb@
Diffstat
-rw-r--r--src/lib/libssl/tls13_client.c4
-rw-r--r--src/lib/libssl/tls13_internal.h3
-rw-r--r--src/lib/libssl/tls13_lib.c4
3 files changed, 7 insertions, 4 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index aab83dcc69..d5ac6ba5e0 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.55 2020/05/09 15:05:50 beck Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.56 2020/05/09 15:30:21 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -61,7 +61,7 @@ tls13_client_init(struct tls13_ctx *ctx)
61 * legacy session identifier triggers compatibility mode (see RFC 8446 61 * legacy session identifier triggers compatibility mode (see RFC 8446
62 * Appendix D.4). In the pre-TLSv1.3 case a zero length value is used. 62 * Appendix D.4). In the pre-TLSv1.3 case a zero length value is used.
63 */ 63 */
64 if (ctx->hs->max_version >= TLS1_3_VERSION) { 64 if (ctx->middlebox_compat && ctx->hs->max_version >= TLS1_3_VERSION) {
65 arc4random_buf(ctx->hs->legacy_session_id, 65 arc4random_buf(ctx->hs->legacy_session_id,
66 sizeof(ctx->hs->legacy_session_id)); 66 sizeof(ctx->hs->legacy_session_id));
67 ctx->hs->legacy_session_id_len = 67 ctx->hs->legacy_session_id_len =
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index b699b20501..f15d11551a 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_internal.h,v 1.68 2020/05/09 15:05:50 beck Exp $ */ 1/* $OpenBSD: tls13_internal.h,v 1.69 2020/05/09 15:30:21 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -218,6 +218,7 @@ struct tls13_ctx {
218 uint8_t mode; 218 uint8_t mode;
219 struct tls13_handshake_stage handshake_stage; 219 struct tls13_handshake_stage handshake_stage;
220 int handshake_completed; 220 int handshake_completed;
221 int middlebox_compat;
221 222
222 int close_notify_sent; 223 int close_notify_sent;
223 int close_notify_recv; 224 int close_notify_recv;
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 37f300ae43..3825707d5c 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_lib.c,v 1.37 2020/05/09 15:05:50 beck Exp $ */ 1/* $OpenBSD: tls13_lib.c,v 1.38 2020/05/09 15:30:21 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -351,6 +351,8 @@ tls13_ctx_new(int mode)
351 ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb; 351 ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;
352 ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb; 352 ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;
353 353
354 ctx->middlebox_compat = 1;
355
354 return ctx; 356 return ctx;
355 357
356 err: 358 err:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:40:53 +0000