Commit 66d7de16 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add an anti-replay mechanism 



If the server is configured to allow early data then we check if the PSK
session presented by the client is available in the cache or not. If it
isn't then this may be a replay and we disallow it. If it is then we allow
it and remove the session from the cache. Note: the anti-replay protection
is not used for externally established PSKs.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
parent f023ba2d

ssl/ssl_sess.c

+3 −3
Original line number Diff line number Diff line
@@ -761,10 +761,10 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) 
    if ((c != NULL) && (c->session_id_length != 0)) {

        if (lck)

            CRYPTO_THREAD_write_lock(ctx->lock);

        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {

        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {

            ret = 1;

            r = lh_SSL_SESSION_delete(ctx->sessions, c);

            SSL_SESSION_list_remove(ctx, c);

            r = lh_SSL_SESSION_delete(ctx->sessions, r);

            SSL_SESSION_list_remove(ctx, r);

        }

        c->not_resumable = 1;

ssl/statem/extensions_srvr.c

+8 −0
Original line number Diff line number Diff line
@@ -1134,6 +1134,14 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 
            if (ret == SSL_TICKET_NO_DECRYPT)

                continue;



            /* Check for replay */

            if (s->max_early_data > 0

                    && !SSL_CTX_remove_session(s->session_ctx, sess)) {

                SSL_SESSION_free(sess);

                sess = NULL;

                continue;

            }



            ticket_age = (uint32_t)ticket_agel;

            now = (uint32_t)time(NULL);

            agesec = now - (uint32_t)sess->time;