Fix a race condition in supported groups handling

In TLSv1.3 the supported groups can be negotiated each time a handshake occurs, regardless of whether we are resuming or not. We should not store the supported groups information in the session because session objects can be shared between multiple threads and we can end up with race conditions. For most users this won't be seen because, by default, we use stateless tickets in TLSv1.3 which don't get shared. However if you use SSL_OP_NO_TICKET (to get stateful tickets in TLSv1.3) then this can happen. The answer is to move the supported the supported group information into the SSL object instead. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9176)
author: Matt Caswell <matt@openssl.org> 2019-06-14 12:46:13 +0100
committer: Matt Caswell <matt@openssl.org> 2019-06-18 14:26:16 +0100
commit: 2813852d7111ad0a49a963bdc49d944d453e52e7 (patch)
tree: 7d368b49840569638d90c0bba215fccdf1619cd9 /ssl/ssl_lib.c
parent: 2459dc1bd09468c83f1767b6b6a1ddc45ba60d36 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index f559bc10ef..5584a1b089 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1179,6 +1179,7 @@ void SSL_free(SSL *s)
 #ifndef OPENSSL_NO_EC
     OPENSSL_free(s->ext.ecpointformats);
     OPENSSL_free(s->ext.supportedgroups);
+    OPENSSL_free(s->ext.peer_supportedgroups);
 #endif                          /* OPENSSL_NO_EC */
     sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
 #ifndef OPENSSL_NO_OCSP
author	Matt Caswell <matt@openssl.org>	2019-06-14 12:46:13 +0100
committer	Matt Caswell <matt@openssl.org>	2019-06-18 14:26:16 +0100
commit	2813852d7111ad0a49a963bdc49d944d453e52e7 (patch)
tree	7d368b49840569638d90c0bba215fccdf1619cd9 /ssl/ssl_lib.c
parent	2459dc1bd09468c83f1767b6b6a1ddc45ba60d36 (diff)