Add is_quic bit to SSL_SESSION
This bit is used to prevent cross-protocol resumption between QUIC and
TLS-over-TCP.
Bug: 221
Change-Id: I8ab5341f00ae96c0a5f7ac3999f61edc7cbeca1c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/40444
Commit-Queue: Nick Harper <nharper@chromium.org>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc
index 6635703..8819239 100644
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc
@@ -197,6 +197,7 @@
new_session->is_server = session->is_server;
new_session->ssl_version = session->ssl_version;
+ new_session->is_quic = session->is_quic;
new_session->sid_ctx_length = session->sid_ctx_length;
OPENSSL_memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length);
@@ -357,6 +358,7 @@
session->is_server = is_server;
session->ssl_version = ssl->version;
+ session->is_quic = ssl->quic_method != nullptr;
// Fill in the time from the |SSL_CTX|'s clock.
struct OPENSSL_timeval now;
@@ -639,7 +641,10 @@
((sk_CRYPTO_BUFFER_num(session->certs.get()) == 0 &&
!session->peer_sha256_valid) ||
session->peer_sha256_valid ==
- hs->config->retain_only_sha256_of_client_certs);
+ hs->config->retain_only_sha256_of_client_certs) &&
+ // Only resume if the underlying transport protocol hasn't changed.
+ // This is to prevent cross-protocol resumption between QUIC and TCP.
+ (hs->ssl->quic_method != nullptr) == session->is_quic;
}
// ssl_lookup_session looks up |session_id| in the session cache and sets
@@ -853,7 +858,8 @@
peer_sha256_valid(false),
not_resumable(false),
ticket_age_add_valid(false),
- is_server(false) {
+ is_server(false),
+ is_quic(false) {
CRYPTO_new_ex_data(&ex_data);
time = ::time(nullptr);
}
