Splitting SSL session state.
To prevent configuration/established session confusion, the handshake
session state is separated into the configured session (ssl->session)
and the newly created session (ssl->s3->new_session). Upon conclusion of
the handshake, the finalized session is stored
in (ssl->s3->established_session). During the handshake, any requests
for the session (SSL_get_session) return a non-resumable session, to
prevent resumption of a partially filled session. Sessions should only
be cached upon the completion of the full handshake, using the resulting
established_session. The semantics of accessors on the session are
maintained mid-renego.
Change-Id: I4358aecb71fce4fe14a6746c5af1416a69935078
Reviewed-on: https://boringssl-review.googlesource.com/8612
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 82d503e..ec8eba2 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1658,10 +1658,16 @@
* |session|. */
OPENSSL_EXPORT int SSL_set_session(SSL *ssl, SSL_SESSION *session);
-/* SSL_get_session returns a non-owning pointer to |ssl|'s session. Prior to the
- * initial handshake beginning, this is the session to be offered, set by
- * |SSL_set_session|. After a handshake has finished, this is the currently
- * active session. Its behavior is undefined while a handshake is progress. */
+/* SSL_get_session returns a non-owning pointer to |ssl|'s session. For
+ * historical reasons, which session it returns depends on |ssl|'s state.
+ *
+ * Prior to the start of the initial handshake, it returns the session the
+ * caller set with |SSL_set_session|. After the initial handshake has finished
+ * and if no additional handshakes are in progress, it returns the currently
+ * active session. Its behavior is undefined while a handshake is in progress.
+ *
+ * Using this function to add new sessions to an external session cache is
+ * deprecated. Use |SSL_CTX_sess_set_new_cb| instead. */
OPENSSL_EXPORT SSL_SESSION *SSL_get_session(const SSL *ssl);
/* SSL_get0_session is an alias for |SSL_get_session|. */
@@ -2945,6 +2951,7 @@
#define SSL_ST_OK 0x03
#define SSL_ST_RENEGOTIATE (0x04 | SSL_ST_INIT)
#define SSL_ST_TLS13 (0x05 | SSL_ST_INIT)
+#define SSL_ST_ERROR (0x06| SSL_ST_INIT)
/* SSL_CB_* are possible values for the |type| parameter in the info
* callback and the bitmasks that make them up. */
@@ -3681,9 +3688,7 @@
/* peer_sha256_valid is non-zero if |peer_sha256| is valid. */
unsigned peer_sha256_valid:1; /* Non-zero if peer_sha256 is valid */
- /* not_resumable is used to indicate that session resumption is not allowed.
- * Applications can also set this bit for a new session via
- * not_resumable_session_cb to disable session caching and tickets. */
+ /* not_resumable is used to indicate that session resumption is disallowed. */
unsigned not_resumable:1;
};
@@ -4069,7 +4074,8 @@
unsigned int sid_ctx_length;
uint8_t sid_ctx[SSL_MAX_SID_CTX_LENGTH];
- /* This can also be in the session once a session is established */
+ /* session is the configured session to be offered by the client. This session
+ * is immutable. */
SSL_SESSION *session;
int (*verify_callback)(int ok,
@@ -4139,9 +4145,6 @@
/* verify_mode is a bitmask of |SSL_VERIFY_*| values. */
uint8_t verify_mode;
- /* hit is true if this connection is resuming a previous session. */
- unsigned hit:1;
-
/* server is true iff the this SSL* is the server half. Note: before the SSL*
* is initialized by either SSL_set_accept_state or SSL_set_connect_state,
* the side is not determined. In this state, server is always false. */
@@ -4397,6 +4400,15 @@
uint32_t server_params_len;
} tmp;
+ /* new_session is the new mutable session being established by the current
+ * handshake. It should not be cached. */
+ SSL_SESSION *new_session;
+
+ /* established_session is the session established by the connection. This
+ * session is only filled upon the completion of the handshake and is
+ * immutable. */
+ SSL_SESSION *established_session;
+
/* Connection binding to prevent renegotiation attacks */
uint8_t previous_client_finished[EVP_MAX_MD_SIZE];
uint8_t previous_client_finished_len;