summaryrefslogtreecommitdiffstats
path: root/src/ssl/internal.h
diff options
context:
space:
mode:
authorAdam Langley <agl@google.com>2015-06-23 16:20:13 -0700
committerAdam Langley <agl@google.com>2015-06-23 16:32:39 -0700
commit56d250321ea9dfa66ea9afa599f12c83a4147c86 (patch)
tree32f131cd6ff8f2c2db1ba6a533d0b2da3853f58d /src/ssl/internal.h
parent0e6bb1c72014c26289d09f4deea9c25706be5824 (diff)
downloadexternal_boringssl-56d250321ea9dfa66ea9afa599f12c83a4147c86.zip
external_boringssl-56d250321ea9dfa66ea9afa599f12c83a4147c86.tar.gz
external_boringssl-56d250321ea9dfa66ea9afa599f12c83a4147c86.tar.bz2
Fixes for CVE-2015-1791.
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. This change cherry-picks the following BoringSSL changes: b31040d0 – Get rid of CERT_PKEY slots in SESS_CERT. fd67aa8c – Add SSL_SESSION_from_bytes. 95d31825 – Duplicate SSL_SESSIONs when renewing them. d65bb78c – Add SSL_initial_handshake_complete. 680ca961 – Preserve session->sess_cert on ticket renewal. Change-Id: I474065330842e4ab0066b2485c1489a50e4dfd5b
Diffstat (limited to 'src/ssl/internal.h')
-rw-r--r--src/ssl/internal.h18
1 files changed, 8 insertions, 10 deletions
diff --git a/src/ssl/internal.h b/src/ssl/internal.h
index 7d9a5ad..4d70431 100644
--- a/src/ssl/internal.h
+++ b/src/ssl/internal.h
@@ -581,15 +581,13 @@ typedef struct cert_st {
} CERT;
typedef struct sess_cert_st {
- STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
+ /* cert_chain is the certificate chain sent by the peer. NOTE: for a client,
+ * this does includes the server's leaf certificate, but, for a server, this
+ * does NOT include the client's leaf. */
+ STACK_OF(X509) *cert_chain;
- /* The 'peer_...' members are used only by clients. */
- int peer_cert_type;
-
- CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
- CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
- /* Obviously we don't have the private keys of these,
- * so maybe we shouldn't even use the CERT_PKEY type here. */
+ /* peer_cert, on a client, is the leaf certificate of the peer. */
+ X509 *peer_cert;
DH *peer_dh_tmp;
EC_KEY *peer_ecdh_tmp;
@@ -799,8 +797,8 @@ CERT *ssl_cert_dup(CERT *cert);
void ssl_cert_clear_certs(CERT *c);
void ssl_cert_free(CERT *c);
SESS_CERT *ssl_sess_cert_new(void);
-void ssl_sess_cert_free(SESS_CERT *sc);
-int ssl_set_peer_cert_type(SESS_CERT *c, int type);
+SESS_CERT *ssl_sess_cert_dup(const SESS_CERT *sess_cert);
+void ssl_sess_cert_free(SESS_CERT *sess_cert);
int ssl_get_new_session(SSL *s, int session);
int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx);
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs);