diff options
author | Matt Caswell <matt@openssl.org> | 2017-03-15 18:41:50 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-03-16 14:20:38 +0000 |
commit | 69b2d39332e04d0745faed119eaad5e6a9033082 (patch) | |
tree | b696de4573e7b37783f03ea01586f41409ccd8c3 /ssl | |
parent | cf3e221bd90085035d869d3a233a03970d036638 (diff) | |
download | openssl-69b2d39332e04d0745faed119eaad5e6a9033082.tar.gz |
Fix ciphersuite handling during an HRR
Choose a new ciphersuite for the HRR. Don't just use the one from the
session.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem_srvr.c | 41 |
1 files changed, 23 insertions, 18 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 08b5f8dcd4..a1feb27a6c 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1849,12 +1849,7 @@ static int tls_early_post_process_client_hello(SSL *s, int *al) * Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher */ - if (!s->hit) { -#ifdef OPENSSL_NO_COMP - s->session->compress_meth = 0; -#else - s->session->compress_meth = (comp == NULL) ? 0 : comp->id; -#endif + if (!s->hit || s->hello_retry_request) { sk_SSL_CIPHER_free(s->session->ciphers); s->session->ciphers = ciphers; if (ciphers == NULL) { @@ -1863,6 +1858,14 @@ static int tls_early_post_process_client_hello(SSL *s, int *al) goto err; } ciphers = NULL; + } + + if (!s->hit) { +#ifdef OPENSSL_NO_COMP + s->session->compress_meth = 0; +#else + s->session->compress_meth = (comp == NULL) ? 0 : comp->id; +#endif if (!tls1_set_server_sigalgs(s)) { SSLerr(SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); goto err; @@ -1951,7 +1954,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) wst = WORK_MORE_B; } if (wst == WORK_MORE_B) { - if (!s->hit) { + if (!s->hit || s->hello_retry_request) { /* Let cert callback update server certificates if required */ if (s->cert->cert_cb) { int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg); @@ -1986,17 +1989,19 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) goto f_err; } s->s3->tmp.new_cipher = cipher; - if (!tls_choose_sigalg(s, &al)) - goto f_err; - /* check whether we should disable session resumption */ - if (s->not_resumable_session_cb != NULL) - s->session->not_resumable = - s->not_resumable_session_cb(s, ((cipher->algorithm_mkey - & (SSL_kDHE | SSL_kECDHE)) - != 0)); - if (s->session->not_resumable) - /* do not send a session ticket */ - s->ext.ticket_expected = 0; + if (!s->hit) { + if (!tls_choose_sigalg(s, &al)) + goto f_err; + /* check whether we should disable session resumption */ + if (s->not_resumable_session_cb != NULL) + s->session->not_resumable = + s->not_resumable_session_cb(s, ((cipher->algorithm_mkey + & (SSL_kDHE | SSL_kECDHE)) + != 0)); + if (s->session->not_resumable) + /* do not send a session ticket */ + s->ext.ticket_expected = 0; + } } else { /* Session-id reuse */ s->s3->tmp.new_cipher = s->session->cipher; |