Skip to content

If tlsext ticket decrypt callback returns error, cleanup ctxs #3273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ajmohan wants to merge 2 commits into from
Closed

If tlsext ticket decrypt callback returns error, cleanup ctxs #3273

ajmohan wants to merge 2 commits into from

Conversation

@ajmohan
Copy link
Contributor

@ajmohan ajmohan commented Apr 21, 2017
edited
Loading

If application has a TLS ext ticket callback and if the callback returns error while decrypting the ticket the contexts were not cleaned up.

Instead of returning immediately, goto err handles it.

This is taken care in 1.1.0 and in 1.0.2 it is taken care if callback invoked for encryption returns error.

tmshort
tmshort reviewed Apr 21, 2017
View reviewed changes
ssl/t1_lib.c
return -1;
goto err;
if (rv == 0)
return 2;
Copy link
Contributor

@tmshort tmshort Apr 21, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Contexts are not cleaned up in this case as well.

Copy link
Contributor Author

@ajmohan ajmohan Apr 21, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As return value 0 is when key is not matched. In this case, is application expected to call HMAC_Init_ex() and EVP_DecryptInit_ex().

If there is no assumption on this, then yes, need to clean up here as well.

@ajmohan
Cleanup ctxs if callback fail to retrieve session ticket
9304ab0 
If tlsext ticket decrypt callback returns error, cleanup ctxs
mattcaswell
mattcaswell approved these changes Aug 21, 2017
View reviewed changes
Copy link
Member

@mattcaswell mattcaswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ping @openssl/committers for second review

@mattcaswell mattcaswell added branch: 1.0.2 Applies to OpenSSL_1_0_2-stable branch (EOL) approval: review pending This pull request needs review by a committer labels Aug 21, 2017
@mattcaswell mattcaswell added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Jan 24, 2018
levitte pushed a commit that referenced this pull request Jan 24, 2018
@ajmohan @mattcaswell
Cleanup ctxs if callback fail to retrieve session ticket
8748933 
If tlsext ticket decrypt callback returns error, cleanup ctxs

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #3273)
@mattcaswell
Copy link
Member

mattcaswell commented Jan 24, 2018

Merged. Better late than never. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tmshort tmshort tmshort left review comments

@mattcaswell mattcaswell mattcaswell approved these changes

+1 more reviewer

@richsalz richsalz richsalz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approval: done This pull request has the required number of approvals branch: 1.0.2 Applies to OpenSSL_1_0_2-stable branch (EOL)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ajmohan @mattcaswell @richsalz @tmshort