From 44bad9cbf7daa5ff7dd201e0c61e684b2e2eb971 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Fri, 24 Jan 2020 13:44:27 -0800 Subject: Code to thread-safety in ChangeCipherState The server-side ChangeCipherState processing stores the new cipher in the SSL_SESSION object, so that the new state can be used if this session gets resumed. However, writing to the session is only thread-safe for initial handshakes, as at other times the session object may be in a shared cache and in use by another thread at the same time. Reflect this invariant in the code by only writing to s->session->cipher when it is currently NULL (we do not cache sessions with no cipher). The code prior to this change would never actually change the (non-NULL) cipher value in a session object, since our server enforces that (pre-TLS-1.3) resumptions use the exact same cipher as the initial connection, and non-abbreviated renegotiations have produced a new session object before we get to this point. Regardless, include logic to detect such a condition and abort the handshake if it occurs, to avoid any risk of inadvertently using the wrong cipher on a connection. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10943) (cherry picked from commit 2e3ec2e1578977fca830a47fd7f521e290540e6d) --- include/openssl/sslerr.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index b6cac4f5f5..0ef684f3c1 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -88,6 +88,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 431 # define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 601 # define SSL_F_OSSL_STATEM_SERVER_POST_WORK 602 +# define SSL_F_OSSL_STATEM_SERVER_PRE_WORK 640 # define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 603 # define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 # define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 604 -- cgit v1.2.3