Serialize unresumable sessions to a placeholder value.
Change-Id: I676d7fb00d63d74946b96c22ae2705072033c5f7
Reviewed-on: https://boringssl-review.googlesource.com/10620
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 6d37054..4409f35 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -85,6 +85,7 @@
#include <limits.h>
#include <string.h>
+#include <openssl/buf.h>
#include <openssl/bytestring.h>
#include <openssl/err.h>
#include <openssl/mem.h>
@@ -377,6 +378,22 @@
int SSL_SESSION_to_bytes(const SSL_SESSION *in, uint8_t **out_data,
size_t *out_len) {
+ if (in->not_resumable) {
+ /* If the caller has an unresumable session, e.g. if |SSL_get_session| were
+ * called on a TLS 1.3 or False Started connection, serialize with a
+ * placeholder value so it is not accidentally deserialized into a resumable
+ * one. */
+ static const char kNotResumableSession[] = "NOT RESUMABLE";
+
+ *out_len = strlen(kNotResumableSession);
+ *out_data = BUF_memdup(kNotResumableSession, *out_len);
+ if (*out_data == NULL) {
+ return 0;
+ }
+
+ return 1;
+ }
+
return SSL_SESSION_to_bytes_full(in, out_data, out_len, 0);
}
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 78900e9..564f0c5 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -1348,6 +1348,8 @@
return false;
}
+ session1->not_resumable = 0;
+
uint8_t *s0_bytes, *s1_bytes;
size_t s0_len, s1_len;