git.librecmc.org Git - oweals/openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Fri, 14 Jun 2019 11:46:13 +0000 (12:46 +0100)
committer	Matt Caswell <matt@openssl.org>
	Tue, 18 Jun 2019 13:26:16 +0000 (14:26 +0100)
commit	2813852d7111ad0a49a963bdc49d944d453e52e7
tree	7d368b49840569638d90c0bba215fccdf1619cd9	tree \| snapshot
parent	2459dc1bd09468c83f1767b6b6a1ddc45ba60d36	commit \| diff

Fix a race condition in supported groups handling

In TLSv1.3 the supported groups can be negotiated each time a handshake
occurs, regardless of whether we are resuming or not. We should not store
the supported groups information in the session because session objects
can be shared between multiple threads and we can end up with race
conditions. For most users this won't be seen because, by default, we
use stateless tickets in TLSv1.3 which don't get shared. However if you
use SSL_OP_NO_TICKET (to get stateful tickets in TLSv1.3) then this can
happen.

The answer is to move the supported the supported group information into
the SSL object instead.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9176)

ssl/s3_lib.c		diff \| blob \| history
ssl/ssl_lib.c		diff \| blob \| history
ssl/ssl_locl.h		diff \| blob \| history
ssl/ssl_sess.c		diff \| blob \| history
ssl/statem/extensions_srvr.c		diff \| blob \| history