diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2020-01-24 13:44:27 -0800 |
---|---|---|
committer | Benjamin Kaduk <kaduk@mit.edu> | 2020-03-13 14:20:14 -0700 |
commit | 2e3ec2e1578977fca830a47fd7f521e290540e6d (patch) | |
tree | eefd4e2c6d1c13fb2615a8fe057bc9aabe60f953 /crypto/err/openssl.txt | |
parent | d74014c4b8740f28a54b562f799ad1e754b517b9 (diff) |
Code to thread-safety in ChangeCipherState
The server-side ChangeCipherState processing stores the new cipher
in the SSL_SESSION object, so that the new state can be used if
this session gets resumed. However, writing to the session is only
thread-safe for initial handshakes, as at other times the session
object may be in a shared cache and in use by another thread at the
same time. Reflect this invariant in the code by only writing to
s->session->cipher when it is currently NULL (we do not cache sessions
with no cipher). The code prior to this change would never actually
change the (non-NULL) cipher value in a session object, since our
server enforces that (pre-TLS-1.3) resumptions use the exact same
cipher as the initial connection, and non-abbreviated renegotiations
have produced a new session object before we get to this point.
Regardless, include logic to detect such a condition and abort the
handshake if it occurs, to avoid any risk of inadvertently using
the wrong cipher on a connection.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10943)
Diffstat (limited to 'crypto/err/openssl.txt')
-rw-r--r-- | crypto/err/openssl.txt | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index c921207698..4073891de0 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1310,6 +1310,7 @@ SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE:431:* SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE:601:\ ossl_statem_server_post_process_message SSL_F_OSSL_STATEM_SERVER_POST_WORK:602:ossl_statem_server_post_work +SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640: SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE:603:ossl_statem_server_process_message SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION:418:ossl_statem_server_read_transition SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\ |