[openssl-dev] Minor bug in custom TLS extensions
Bill Cox
waywardgeek at google.com
Tue Aug 25 17:26:33 UTC 2015
This seems like a bug to me:
/*
* If this ClientHello extension was unhandled and this is a
* nonresumed connection, check whether the extension is a custom
* TLS Extension (has a custom_srv_ext_record), and if so call the
* callback and record the extension number so that an appropriate
* ServerHello may be later returned.
*/
else if (!s->hit) {
if (custom_ext_parse(s, 1, type, data, size, al) <= 0)
return 0;
}
This is in t1_lib.c, in function ssl_scan_clienthello_tlsext. It looks
like the check for !s->hit will cause the server to ignore all custom
extensions on resumed sessions. At the same time, we do not have a
mechanism for saving custom extension state in the session. As a result,
the server will lose all knowledge of the existence of a custom extension
after resumption. Some extensions are only needed during the initial
handshake, but others set state on the connection that should persist.
Also, there seems to be no code to keep the client from sending custom
extensions on resumption, so when OpenSSL talks to OpenSSL with identical
custom extensions, we're sending TLS extensions on resumption which are
ignored by the server.
I think the one-line fix is to change the "else if (!s->hit) {" to "else
{". Would you guys agree?
Any existing custom extensions that depend on the old behavior need to
check SSL_session_reused(ssl) to disable custom TLS extensions on
resumption. On the positive side, this will reduce the current overhead
caused by the client sending these extensions on resumption.
Thanks,
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150825/430b3327/attachment.html>
More information about the openssl-dev
mailing list