wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Todd Short a84e5c9aa8 Session resume broken switching contexts 
When an SSL's context is swtiched from a ticket-enabled context to
a ticket-disabled context in the servername callback, no session-id
is generated, so the session can't be resumed.

If a servername callback changes the SSL_OP_NO_TICKET option, check
to see if it's changed to disable, and whether a session ticket is
expected (i.e. the client indicated ticket support and the SSL had
tickets enabled at the time), and whether we already have a previous
session (i.e. s->hit is set).

In this case, clear the ticket-expected flag, remove any ticket data
and generate a session-id in the session.

If the SSL hit (resumed) and switched to a ticket-disabled context,
assume that the resumption was via session-id, and don't bother to
update the session.

Before this fix, the updated unit-tests in 06-sni-ticket.conf would
fail test #4 (server1 = SNI, server2 = no SNI).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/1529)
2017-10-04 10:21:08 +10:00
..
aes aes/asm/aesni-sha*-x86_64.pl: add SHAEXT performance results. 2017-07-24 23:29:46 +02:00
aria Fix potential null problem. 2017-09-01 09:30:18 +10:00
asn1 Use safestack.h exclusively internally. 2017-09-28 13:14:33 +10:00
async Add stack space reservations. 2017-09-28 06:53:40 +10:00
bf Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
bio struct timeval include guards 2017-09-01 09:55:43 +10:00
blake2 Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
bn BN_copy now propagates BN_FLG_CONSTTIME 2017-09-27 10:03:37 +01:00
buffer Use OPENSSL_secure_clear_free for secure mem BIOs and X25519 private keys 2017-07-29 19:26:06 +02:00
camellia Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
cast e_os.h removal from other headers and source files. 2017-08-30 07:20:43 +10:00
chacha x86_64 assembly pack: "optimize" for Knights Landing, add AVX-512 results. 2017-07-21 14:07:32 +02:00
cmac Don't use deprecated EVP_CIPHER_CTX_cleanup() internally 2017-03-01 11:42:50 +01:00
cms Support CMS decrypt without a certificate for all key types 2017-08-08 18:55:56 +01:00
comp make error tables const and separate header file 2017-06-07 15:12:03 -04:00
conf Use safestack.h exclusively internally. 2017-09-28 13:14:33 +10:00
ct Null pointer used. 2017-09-18 06:52:13 +10:00
des Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
dh Allow DH_set0_key with only private key. 2017-09-26 14:48:51 +02:00
dsa Added const-time flag to DSA key decoding to avoid potential leak of privkey 2017-09-29 13:06:25 -04:00
dso Replace malloc+strcpy with strdup 2017-09-14 16:13:53 -04:00
ec nistp521: add a comment to the P+P exceptional case in point_add. 2017-10-02 11:30:30 -04:00
engine Add CRYPTO_thread_glock_new 2017-08-31 19:42:03 -04:00
err Session resume broken switching contexts 2017-10-04 10:21:08 +10:00
evp Add explanatory comment about fitting into a size_t. 2017-09-15 09:02:00 +10:00
hmac Remove OPENSSL_assert() from crypto/hmac 2017-08-21 08:44:44 +01:00
idea Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
include/internal Support EVP_PKEY_meth_remove and pmeth internal cleanup 2017-09-14 12:41:34 +08:00
kdf More updates following review feedback 2017-08-21 08:44:44 +01:00
lhash coding style: remove extra whitespace charactor 2017-07-12 21:27:35 +02:00
md2
md4
md5 Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
mdc2 Convert mdc2 test print to internal test 2016-11-03 13:13:31 +01:00
modes crypto/cryptlib.c: mask more capability bits upon FXSR bit flip. 2017-09-01 08:48:32 +02:00
objects Remove unnecessary #include <openssl/lhash.h> directives. 2017-09-29 07:38:56 +10:00
ocsp Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
pem This has been added to avoid the situation where some host ctype.h functions 2017-08-22 09:45:25 +10:00
perlasm perlasm/ppc-xlate.pl: add PowerISA 3.0B instructions. 2017-06-13 18:37:08 +02:00
pkcs7 This has been added to avoid the situation where some host ctype.h functions 2017-08-22 09:45:25 +10:00
pkcs12 Add checks for alloc failing. 2017-09-06 09:52:16 -04:00
poly1305 x86_64 assembly pack: "optimize" for Knights Landing, add AVX-512 results. 2017-07-21 14:07:32 +02:00
rand Add CRYPTO_thread_glock_new 2017-08-31 19:42:03 -04:00
rc2 Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
rc4 Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
rc5 Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
ripemd Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
rsa Remove unnecessary #include <openssl/lhash.h> directives. 2017-09-29 07:38:56 +10:00
seed Use _WIN32 over WIN32 for preprocessor conditional 2017-02-16 08:59:47 -05:00
sha sha/asm/keccak1600-armv8.pl: fix return value buglet and ... 2017-09-09 19:09:36 +02:00
siphash Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
srp Remove custom base64 code. 2017-08-22 11:03:32 -04:00
stack Postpone allocation of STACK internal storage ... until a first push(), 2017-10-03 12:50:06 +02:00
store Fix OSSL_STORE's 'file' loader: make sure peekbuf is initialised 2017-09-05 17:07:20 +02:00
ts struct timeval include guards 2017-09-01 09:55:43 +10:00
txt_db Fix a few memleaks in TXT_DB. 2017-02-21 14:13:58 -05:00
ui Add UI functions to set result with explicit length and to retrieve the length 2017-09-08 20:06:06 +02:00
whrlpool Fix a read off the end of the input buffer 2017-06-08 16:05:52 -04:00
x509 Remove unnecessary #include <openssl/lhash.h> directives. 2017-09-29 07:38:56 +10:00
x509v3 Use more pre-allocation 2017-10-03 12:52:19 +02:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h
armcap.c Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
armv4cpuid.pl ARMv4 assembly pack: harmonize Thumb-ification of iOS build. 2017-02-15 23:16:01 +01:00
build.info This has been added to avoid the situation where some host ctype.h functions 2017-08-22 09:45:25 +10:00
c64xpluscpuid.pl
cpt_err.c make error tables const and separate header file 2017-06-07 15:12:03 -04:00
cryptlib.c crypto/cryptlib.c: mask more capability bits upon FXSR bit flip. 2017-09-01 08:48:32 +02:00
ctype.c Check for EOF in ASCII conversions. 2017-08-25 06:42:17 +10:00
cversion.c Undo commit d420ac2 2017-07-05 11:32:35 +10:00
dllmain.c Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
ebcdic.c
ex_data.c Remove unnecessary #include <openssl/lhash.h> directives. 2017-09-29 07:38:56 +10:00
ia64cpuid.S Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
init.c Address feedback 2017-08-31 19:42:03 -04:00
LPdir_nyi.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_unix.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_vms.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win32.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_wince.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
mem.c Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
mem_clr.c Fix some style issues... 2016-08-02 09:59:23 +02:00
mem_dbg.c Add CRYPTO_thread_glock_new 2017-08-31 19:42:03 -04:00
mem_sec.c Add CRYPTO_thread_glock_new 2017-08-31 19:42:03 -04:00
mips_arch.h Remove trailing whitespace from some files. 2016-10-10 23:36:21 +01:00
o_dir.c Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
o_fips.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
o_fopen.c
o_init.c Use "" not <> on e_os.h include 2017-08-22 11:07:56 -04:00
o_str.c Revert "GH614: Use memcpy()/strdup() when possible" 2017-09-14 10:26:54 +10:00
o_time.c Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
pariscid.pl
ppc_arch.h
ppccap.c crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X. 2017-04-02 20:45:59 +02:00
ppccpuid.pl
s390xcap.c Fix strict-warnings build 2016-10-18 17:09:47 +01:00
s390xcpuid.S
sparc_arch.h
sparccpuid.S Clean up references to FIPS 2017-02-28 15:26:25 +01:00
sparcv9cap.c crypto/sparcv9cap.c: add missing declaration. 2016-08-12 10:26:20 +02:00
threads_none.c Remove OPENSSL_assert() from crypto/threads_none.c 2017-08-21 08:44:44 +01:00
threads_pthread.c Put thread-fork-init inside a run-once guard 2017-08-18 11:48:35 -04:00
threads_win.c Add fork handlers, based on pthread_atfork 2017-06-29 16:19:41 -04:00
uid.c Cleaning UEFI Build with additional OPENSSL_SYS_UEFI flags 2017-03-29 07:35:59 +02:00
vms_rms.h
x86_64cpuid.pl Fix comment typo. 2017-07-26 23:10:52 -04:00
x86cpuid.pl Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00