diff options
author | Matt Caswell <matt@openssl.org> | 2019-06-14 15:06:55 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-06-18 14:36:25 +0200 |
commit | eee2a6a718151336534d15a61d8d11209d4dfb1e (patch) | |
tree | 0ec41e4336d7400c672d6663e751be8522bbb828 /ssl/ssl_sess.c | |
parent | Fix a race condition in supported groups handling (diff) | |
download | openssl-eee2a6a718151336534d15a61d8d11209d4dfb1e.tar.xz openssl-eee2a6a718151336534d15a61d8d11209d4dfb1e.zip |
Fix a race condition in ciphers handling
Similarly to the previous commit we were storing the peer offered list
of ciphers in the session. In practice there is no need for this
information to be avilable from one resumption to the next since this
list is specific to a particular handshake. Since the session object is
supposed to be immutable we should not be updating it once we have decided
to resume. The solution is to remove the session list out of the session
object.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9162)
Diffstat (limited to 'ssl/ssl_sess.c')
-rw-r--r-- | ssl/ssl_sess.c | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 9809fcc882..f13c909da7 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -121,7 +121,6 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) dest->psk_identity_hint = NULL; dest->psk_identity = NULL; #endif - dest->ciphers = NULL; dest->ext.hostname = NULL; #ifndef OPENSSL_NO_EC dest->ext.ecpointformats = NULL; @@ -175,12 +174,6 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) } #endif - if (src->ciphers != NULL) { - dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); - if (dest->ciphers == NULL) - goto err; - } - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, &dest->ex_data, &src->ex_data)) { goto err; @@ -781,7 +774,6 @@ void SSL_SESSION_free(SSL_SESSION *ss) OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id)); X509_free(ss->peer); sk_X509_pop_free(ss->peer_chain, X509_free); - sk_SSL_CIPHER_free(ss->ciphers); OPENSSL_free(ss->ext.hostname); OPENSSL_free(ss->ext.tick); #ifndef OPENSSL_NO_EC |