From 453345799beaaba355d2b9fafa03e9ae5206d0f7 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 24 Jan 2020 04:47:13 +0000
Subject: Store the legacy session identifier from the ClientHello so we can
 actually echo it.

ok beck@ tb@
---
 src/lib/libssl/tls13_server.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index aeeea599bc..a5a39d092c 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.14 2020/01/24 04:43:09 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.15 2020/01/24 04:47:13 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -223,6 +223,15 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
 		goto err;
 	}
 
+	/* Store legacy session identifier so we can echo it. */
+	if (CBS_len(&session_id) > sizeof(ctx->hs->legacy_session_id)) {
+		ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
+		goto err;
+	}
+	if (!CBS_write_bytes(&session_id, ctx->hs->legacy_session_id,
+	    sizeof(ctx->hs->legacy_session_id), &ctx->hs->legacy_session_id_len))
+		goto err;
+
 	/* Parse cipher suites list and select preferred cipher. */
 	if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) {
 		ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
-- 
cgit v1.2.3-55-g6feb