mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
b7140b0604
openssl/ssl
History
Benjamin Kaduk 7c73fefe38 Let SSL_new_session_ticket() enter init immediately 
The initial implementation always deferred the generation of the
requested ticket(s) until the next application write, but this
is not a great fit for what it actually does, architecturally wise.
A request to send a session ticket means entering back into the
handshake state machine (or "in init", as it's known in the
implementation).  The state machine transition is not something that
only occurs at an application-data write, and in general could occur at
any time.  The only constraint is that we can't enter "init" while in
the middle of writing application data.  In such cases we will need to
wait until the next TLS record boundary to enter the state machine,
as is currently done.

However, there is no reason why we cannot enter the handshake state
machine immediately in SSL_new_session_ticket() if there are no
application writes pending.  Doing so provides a cleaner API surface to
the application, as then calling SSL_do_handshake() suffices to drive
the actual ticket generation.  In the previous state of affairs a dummy
zero-length SSL_write() would be needed to trigger the ticket
generation, which is a logical mismatch in the type of operation being
performed.

This commit should only change whether SSL_do_handshake() vs zero-length
SSL_write() is needed to immediately generate a ticket after the
SSL_new_session_ticket() call -- the default behavior is still to defer
the actual write until there is other application data to write, unless
the application requests otherwise.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14817)
2021-05-19 14:56:08 -07:00
..
record Update copyright year 2021-04-22 14:38:44 +01:00
statem Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION 2021-05-17 10:53:30 +02:00
bio_ssl.c Update copyright year 2021-04-08 13:04:41 +01:00
build.info Drop libimplementations.a 2021-05-07 10:17:23 +02:00
d1_lib.c Update copyright year 2021-01-28 13:54:57 +01:00
d1_msg.c
d1_srtp.c
ktls.c Only enable KTLS if it is explicitly configured 2021-04-12 11:32:05 +01:00
methods.c
pqueue.c
s3_cbc.c Remove unused code from the fips module 2021-05-08 20:44:41 +10:00
s3_enc.c Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg 2021-02-05 15:22:43 +00:00
s3_lib.c Promote SSL_get_negotiated_group() for non-TLSv1.3 2021-05-15 15:09:07 -07:00
s3_msg.c Avoid sending alerts after shutdown 2021-05-06 17:07:11 +02:00
ssl_asn1.c Promote SSL_get_negotiated_group() for non-TLSv1.3 2021-05-15 15:09:07 -07:00
ssl_cert_table.h
ssl_cert.c Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 2021-03-03 16:16:19 +10:00
ssl_ciph.c ssl: fix problem where MAC IDs were globally cached. 2021-03-30 18:59:42 +02:00
ssl_conf.c Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION 2021-05-17 10:53:30 +02:00
ssl_err_legacy.c
ssl_err.c make update 2021-05-12 09:11:48 -07:00
ssl_init.c
ssl_lib.c Let SSL_new_session_ticket() enter init immediately 2021-05-19 14:56:08 -07:00
ssl_local.h Promote SSL_get_negotiated_group() for non-TLSv1.3 2021-05-15 15:09:07 -07:00
ssl_mcnf.c
ssl_rsa_legacy.c
ssl_rsa.c ssl: coverity 1465527 - dereference after null check 2021-03-20 10:18:32 +10:00
ssl_sess.c Update copyright year 2021-04-08 13:04:41 +01:00
ssl_stat.c
ssl_txt.c
ssl_utst.c
sslerr.h Make supported_groups code independent of EC and DH 2021-02-05 15:20:37 +00:00
t1_enc.c Only enable KTLS if it is explicitly configured 2021-04-12 11:32:05 +01:00
t1_lib.c Replace EVP_PKEY_supports_digest_nid 2021-05-13 13:19:39 +02:00
t1_trce.c Update copyright year 2021-02-18 15:05:17 +00:00
tls13_enc.c Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions 2021-05-08 14:35:03 +02:00
tls_depr.c Remove OPENSSL_NO_DH guards from libssl 2021-02-05 15:20:36 +00:00
tls_srp.c Update copyright year 2021-02-18 15:05:17 +00:00