mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
670d3030d1
openssl/ssl
History
Benjamin Kaduk e3743355e8 Don't modify resumed session objects 
If s->hit is set, s->session corresponds to a session created on
a previous connection, and is a data structure that is potentially
shared across other SSL objects.  As such, there are thread-safety
issues with modifying the structure without taking its lock (and
of course all corresponding read accesses would also need to take
the lock as well), which have been observed to cause double-frees.

Regardless of thread-safety, the resumed session object is intended
to reflect parameters of the connection that created the session,
and modifying it to reflect the parameters from the current connection
is confusing.  So, modifications to the session object during
ClientHello processing should only be performed on new connections,
i.e., those where s->hit is not set.

The code mostly got this right, providing such checks when processing
SNI and EC point formats, but the supported groups (formerly
supported curves) extension was missing it, which is fixed by this commit.

However, TLS 1.3 makes the suppported_groups extension mandatory
(when using (EC)DHE, which is the normal case), checking for the group
list in the key_share extension processing.  But, TLS 1.3 only [0] supports
session tickets for session resumption, so the session object in question
is the output of d2i_SSL_SESSION(), and will not be shared across SSL
objects.  Thus, it is safe to modify s->session for TLS 1.3 connections.

[0] A psk_find_session callback can also be used, but the restriction that
each callback execution must produce a distinct SSL_SESSION structure
can be documented when the psk_find_session callback documentation is
completed.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4123)
2017-08-09 14:54:47 -05:00
..
record Add a DRBG to each SSL object 2017-08-03 10:24:03 -04:00
statem Don't modify resumed session objects 2017-08-09 14:54:47 -05:00
bio_ssl.c
build.info
d1_lib.c
d1_msg.c
d1_srtp.c
methods.c
packet_locl.h
packet.c Move ossl_assert 2017-08-03 10:48:00 +01:00
pqueue.c Update copyright header 2017-07-30 17:42:00 -04:00
s3_cbc.c Move ossl_assert 2017-08-03 10:48:00 +01:00
s3_enc.c Move ossl_assert 2017-08-03 10:48:00 +01:00
s3_lib.c Add missing include of cryptlib.h 2017-08-06 17:06:19 -04:00
s3_msg.c
ssl_asn1.c
ssl_cert_table.h
ssl_cert.c
ssl_ciph.c Move ossl_assert 2017-08-03 10:48:00 +01:00
ssl_conf.c
ssl_err.c
ssl_init.c
ssl_lib.c Add a DRBG to each SSL object 2017-08-03 10:24:03 -04:00
ssl_locl.h Add a DRBG to each SSL object 2017-08-03 10:24:03 -04:00
ssl_mcnf.c
ssl_rsa.c
ssl_sess.c Add an SSL_SESSION_dup() function 2017-08-09 13:37:06 +10:00
ssl_stat.c Fix errors in SSL_state_string_long 2017-07-31 08:55:37 -04:00
ssl_txt.c
ssl_utst.c
t1_enc.c
t1_lib.c
t1_trce.c Fix the names of older ciphers. 2017-07-31 09:11:18 -04:00
tls13_enc.c
tls_srp.c Add a DRBG to each SSL object 2017-08-03 10:24:03 -04:00