1 files changed, 10 insertions, 1 deletions

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index aeeea599bc..a5a39d092c 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.14 2020/01/24 04:43:09 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.15 2020/01/24 04:47:13 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -223,6 +223,15 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
                 goto err;
         }
 
+        /* Store legacy session identifier so we can echo it. */
+        if (CBS_len(&session_id) > sizeof(ctx->hs->legacy_session_id)) {
+                ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
+                goto err;
+        }
+        if (!CBS_write_bytes(&session_id, ctx->hs->legacy_session_id,
+            sizeof(ctx->hs->legacy_session_id), &ctx->hs->legacy_session_id_len))
+                goto err;
+
         /* Parse cipher suites list and select preferred cipher. */
         if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) {
                 ctx->alert = SSL_AD_ILLEGAL_PARAMETER;