[openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-97-g2357cd2

Emilia Kasper emilia at openssl.org
Mon Jan 5 16:39:11 UTC 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".

The branch, OpenSSL_1_0_1-stable has been updated
       via  2357cd2e200dbc964e81e867194dd3be8fc00d7e (commit)
      from  5951cc004b96cd681ffdf39d3fc9238a1ff597ae (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2357cd2e200dbc964e81e867194dd3be8fc00d7e
Author: Adam Langley <agl at chromium.org>
Date:   Mon Jan 5 17:28:33 2015 +0100

    Ensure that the session ID context of an SSL* is updated
    when its SSL_CTX is updated.
    
    From BoringSSL commit
    https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3a
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 61aa44ca99473f9cabdfb2d3b35abd0b473437d1)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES       |    7 +++++++
 ssl/ssl_lib.c |   15 +++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/CHANGES b/CHANGES
index c91552c..bfb75be 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
 
  Changes between 1.0.1j and 1.0.1k [xx XXX xxxx]
 
+  *) Ensure that the session ID context of an SSL is updated when its
+     SSL_CTX is updated via SSL_set_SSL_CTX.
+
+     The session ID context is typically set from the parent SSL_CTX,
+     and can vary with the CTX.
+     [Adam Langley]
+
   *) Fix various certificate fingerprint issues.
 
      By using non-DER or invalid encodings outside the signed portion of a
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 2fab2f1..707ec6b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2982,6 +2982,21 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
 	if (ssl->ctx != NULL)
 		SSL_CTX_free(ssl->ctx); /* decrement reference count */
 	ssl->ctx = ctx;
+
+	/*
+	 * Inherit the session ID context as it is typically set from the
+	 * parent SSL_CTX, and can vary with the CTX.
+	 * Note that per-SSL SSL_set_session_id_context() will not persist
+	 * if called before SSL_set_SSL_CTX.
+	 */
+	ssl->sid_ctx_length = ctx->sid_ctx_length;
+	/*
+	 * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
+	 * so setter APIs must prevent invalid lengths from entering the system.
+	 */
+	OPENSSL_assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx);
+	memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
+
 	return(ssl->ctx);
 	}
 


hooks/post-receive
-- 
OpenSSL source code

More information about the openssl-commits mailing list