mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-09 05:51:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
ad090d57e2
openssl/crypto/err
History
Benjamin Kaduk 2e3ec2e157 Code to thread-safety in ChangeCipherState 
The server-side ChangeCipherState processing stores the new cipher
in the SSL_SESSION object, so that the new state can be used if
this session gets resumed.  However, writing to the session is only
thread-safe for initial handshakes, as at other times the session
object may be in a shared cache and in use by another thread at the
same time.  Reflect this invariant in the code by only writing to
s->session->cipher when it is currently NULL (we do not cache sessions
with no cipher).  The code prior to this change would never actually
change the (non-NULL) cipher value in a session object, since our
server enforces that (pre-TLS-1.3) resumptions use the exact same
cipher as the initial connection, and non-abbreviated renegotiations
have produced a new session object before we get to this point.
Regardless, include logic to detect such a condition and abort the
handshake if it occurs, to avoid any risk of inadvertently using
the wrong cipher on a connection.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)
2020-03-13 14:20:14 -07:00
..
build.info ERR: Add new building blocks for reporting errors 2019-07-31 06:42:45 +02:00
err_all.c Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c 2020-02-10 16:49:37 +01:00
err_blocks.c Reorganize local header files 2019-09-28 20:26:35 +02:00
err_local.h Reorganize local header files 2019-09-28 20:26:35 +02:00
err_prn.c fix two mistakes w.r.t. ERR_LIB_* parameters in ERR_add_error_txt() 2020-03-10 16:09:44 +01:00
err.c Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c 2020-02-10 16:49:37 +01:00
openssl.ec Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c 2020-02-10 16:49:37 +01:00
openssl.txt Code to thread-safety in ChangeCipherState 2020-03-13 14:20:14 -07:00
README

README 

Adding new libraries
--------------------

When adding a new sub-library to OpenSSL, assign it a library number
ERR_LIB_XXX, define a macro XXXerr() (both in err.h), add its
name to ERR_str_libraries[] (in crypto/err/err.c), and add
ERR_load_XXX_strings() to the ERR_load_crypto_strings() function
(in crypto/err/err_all.c). Finally, add an entry:

    L      XXX     xxx.h   xxx_err.c

to crypto/err/openssl.ec, and add xxx_err.c to the Makefile.
Running make errors will then generate a file xxx_err.c, and
add all error codes used in the library to xxx.h.

Additionally the library include file must have a certain form.
Typically it will initially look like this:

    #ifndef HEADER_XXX_H
    #define HEADER_XXX_H

    #ifdef __cplusplus
    extern "C" {
    #endif

    /* Include files */

    #include <openssl/bio.h>
    #include <openssl/x509.h>

    /* Macros, structures and function prototypes */


    /* BEGIN ERROR CODES */

The BEGIN ERROR CODES sequence is used by the error code
generation script as the point to place new error codes, any text
after this point will be overwritten when make errors is run.
The closing #endif etc will be automatically added by the script.

The generated C error code file xxx_err.c will load the header
files stdio.h, openssl/err.h and openssl/xxx.h so the
header file must load any additional header files containing any
definitions it uses.