mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
42141197a1
openssl/ssl
History
anupamam13 42141197a1 Fix for negative return value from SSL_CTX_sess_accept() 
Fixes #13183

From the original issue report, before this commit, on master and on
1.1.1, the issue can be detected with the following steps:

- Start with a default SSL_CTX, initiate a TLS 1.3 connection with SNI,
  "Accept" count of default context gets incremented
- After servername lookup, "Accept" count of default context gets
  decremented and that of SNI context is incremented
- Server sends a "Hello Retry Request"
- Client sends the second "Client Hello", now again "Accept" count of
  default context is decremented. Hence giving a negative value.

This commit fixes it by adding a check on `s->hello_retry_request` in
addition to `SSL_IS_FIRST_HANDSHAKE(s)`, to ensure the counter is moved
only on the first ClientHello.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13297)
2021-01-09 00:55:02 +02:00
..
record Ensure DTLS free functions can handle NULL 2021-01-08 10:26:26 +00:00
statem Fix for negative return value from SSL_CTX_sess_accept() 2021-01-09 00:55:02 +02:00
bio_ssl.c Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call 2020-11-11 12:12:11 +01:00
build.info Modify the ERR init functions to use the internal ERR string loaders 2020-11-24 15:21:44 +01:00
d1_lib.c Ensure DTLS free functions can handle NULL 2021-01-08 10:26:26 +00:00
d1_msg.c Update copyright year 2020-11-26 14:18:57 +00:00
d1_srtp.c Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call 2020-11-11 12:12:11 +01:00
ktls.c Move KTLS inline functions only used by libssl into ssl/ktls.c. 2020-08-31 09:34:19 +01:00
methods.c
pqueue.c Update copyright year 2020-11-26 14:18:57 +00:00
s3_cbc.c TLS fixes for CBC mode and no-deprecated 2020-09-09 17:59:08 +10:00
s3_enc.c SSL: refactor all SSLfatal() calls 2020-11-11 12:12:23 +01:00
s3_lib.c Adding TLS group name retrieval 2021-01-08 17:04:46 +00:00
s3_msg.c Update copyright year 2020-11-26 14:18:57 +00:00
ssl_asn1.c Update copyright year 2020-11-26 14:18:57 +00:00
ssl_cert_table.h
ssl_cert.c Only disabled what we need to in a no-dh build 2020-11-18 14:14:52 +00:00
ssl_ciph.c Remove extra space. 2021-01-07 17:38:56 +01:00
ssl_conf.c Implement a replacement for SSL_set_tmp_dh() 2020-11-18 14:14:52 +00:00
ssl_err_legacy.c Modify the ERR init functions to use the internal ERR string loaders 2020-11-24 15:21:44 +01:00
ssl_err.c ERR: Rebuild all generated error headers and source files 2020-11-24 15:22:33 +01:00
ssl_init.c Modify the ERR init functions to use the internal ERR string loaders 2020-11-24 15:21:44 +01:00
ssl_lib.c replace 'unsigned const char' with 'const unsigned char' 2021-01-09 00:20:16 +02:00
ssl_local.h Adding TLS group name retrieval 2021-01-08 17:04:46 +00:00
ssl_mcnf.c SSL: refactor all SSLfatal() calls 2020-11-11 12:12:23 +01:00
ssl_rsa_legacy.c Deprecate RSA harder 2020-11-18 23:38:34 +01:00
ssl_rsa.c Deprecate RSA harder 2020-11-18 23:38:34 +01:00
ssl_sess.c SSL: refactor all SSLfatal() calls 2020-11-11 12:12:23 +01:00
ssl_stat.c
ssl_txt.c Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call 2020-11-11 12:12:11 +01:00
ssl_utst.c
sslerr.h Update copyright year 2020-11-26 14:18:57 +00:00
t1_enc.c SSL: refactor all SSLfatal() calls 2020-11-11 12:12:23 +01:00
t1_lib.c Adding TLS group name retrieval 2021-01-08 17:04:46 +00:00
t1_trce.c
tls13_enc.c SSL: refactor all SSLfatal() calls 2020-11-11 12:12:23 +01:00
tls_depr.c Implement a replacement for SSL_set_tmp_dh() 2020-11-18 14:14:52 +00:00
tls_srp.c SSL: refactor all SSLfatal() calls 2020-11-11 12:12:23 +01:00