diff options
| author | jsing <> | 2020-09-14 18:34:12 +0000 |
|---|---|---|
| committer | jsing <> | 2020-09-14 18:34:12 +0000 |
| commit | 07d852a2d72d056f17ece38dbd2bfd08a7480686 (patch) | |
| tree | 9ee88f4fd0c90f09e94f151c60d17aeb772764e0 /src/lib | |
| parent | 565b8c302e9c618e9f4fefc8953951fe5533f7fa (diff) | |
| download | openbsd-07d852a2d72d056f17ece38dbd2bfd08a7480686.tar.gz openbsd-07d852a2d72d056f17ece38dbd2bfd08a7480686.tar.bz2 openbsd-07d852a2d72d056f17ece38dbd2bfd08a7480686.zip | |
Move state initialisation from SSL_clear() to ssl3_clear().
If we use the default method (now TLSv1.3) and end up talking to a TLSv1.2
server that gives us a session ticket, then try to resume that session,
we end up trying to talk TLS without doing a handshake.
This is caused by the state (S3I(s)->hs.state) getting cleared, which
results in SSL_do_handshake() and others thinking they do not need to do
anything (as SSL_in_init() and SSL_in_before() are not true).
The reason this occurs is due to SSL_set_ssl_method() calling ssl_free()
and ssl_new() when switching methods. The end result is that the S3I(s)
has been freed and reallocated, losing the state in the process.
Since the state is part of the S3I(s) structure, move its initialisation
into ssl3_clear() - this ensures it gets correctly reinitialised across a
SSL_set_ssl_method() call.
Issue noticed by sthen@ with nginx and unifi.
ok beck@ tb@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index c2cf922973..fae70cc5c7 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.196 2020/06/06 01:40:08 beck Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.197 2020/09/14 18:34:12 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1648,6 +1648,8 @@ ssl3_clear(SSL *s) | |||
| 1648 | 1648 | ||
| 1649 | s->internal->packet_length = 0; | 1649 | s->internal->packet_length = 0; |
| 1650 | s->version = TLS1_VERSION; | 1650 | s->version = TLS1_VERSION; |
| 1651 | |||
| 1652 | S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); | ||
| 1651 | } | 1653 | } |
| 1652 | 1654 | ||
| 1653 | static long | 1655 | static long |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index a194e5639a..82c544c620 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.226 2020/09/13 16:49:05 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.227 2020/09/14 18:34:12 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -216,8 +216,6 @@ SSL_clear(SSL *s) | |||
| 216 | } else | 216 | } else |
| 217 | s->method->internal->ssl_clear(s); | 217 | s->method->internal->ssl_clear(s); |
| 218 | 218 | ||
| 219 | S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); | ||
| 220 | |||
| 221 | return (1); | 219 | return (1); |
| 222 | } | 220 | } |
| 223 | 221 | ||