Add extra validation parsing the server-to-client early_data extension

Check that we actually resumed the session, and that we selected the first identity. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)

Add extra validation parsing the server-to-client early_data extension
Check that we actually resumed the session, and that we selected the first identity. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
538bea6c · Matt Caswell · 329114f9 · 538bea6c
隐藏空白更改
内联并排

Showing with 5 addition and 3 deletion

ssl/statem/extensions_clnt.c ssl/statem/extensions_clnt.c +5 -3

未找到文件。
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -931,10 +931,12 @@ int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
        return 0;
    }

-    if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) {
+    if (s->ext.early_data != SSL_EARLY_DATA_REJECTED
+            || !s->hit
+            || s->session->ext.tick_identity != 0) {
        /*
-         * If we get here then we didn't send early data, so the server should
-         * not be accepting it.
+         * If we get here then we didn't send early data, or we didn't resume
+         * using the first identity so the server should not be accepting it.
         */
        *al = SSL_AD_ILLEGAL_PARAMETER;
        return 0;