Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 561e12bb 编写于 作者: M Matt Caswell
浏览文件
操作

PACKETise NewSessionTicket 

Process NewSessionTicket messages using the new PACKET API
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
上级 c83eda8c
隐藏空白更改
内联 并排
Showing with 15 addition and 15 deletion
ssl/s3_clnt.c
浏览文件 @ 561e12bb
...@@ -2174,10 +2174,10 @@ static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b) ...@@ -2174,10 +2174,10 @@ static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
int ssl3_get_new_session_ticket(SSL *s) int ssl3_get_new_session_ticket(SSL *s)
{ {
int ok, al, ret = 0, ticklen; int ok, al, ret = 0;
unsigned int ticklen;
long n; long n;
const unsigned char *p; PACKET pkt;
unsigned char *d;
n = s->method->ssl_get_message(s, n = s->method->ssl_get_message(s,
SSL3_ST_CR_SESSION_TICKET_A, SSL3_ST_CR_SESSION_TICKET_A,
...@@ -2187,15 +2187,12 @@ int ssl3_get_new_session_ticket(SSL *s) ...@@ -2187,15 +2187,12 @@ int ssl3_get_new_session_ticket(SSL *s)
if (!ok) if (!ok)
return ((int)n); return ((int)n);
if (n < 6) { if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
/* need at least ticket_lifetime_hint + ticket length */ al = SSL_AD_INTERNAL_ERROR;
al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
goto f_err; goto f_err;
} }
p = d = (unsigned char *)s->init_msg;
if (s->session->session_id_length > 0) { if (s->session->session_id_length > 0) {
int i = s->session_ctx->session_cache_mode; int i = s->session_ctx->session_cache_mode;
SSL_SESSION *new_sess; SSL_SESSION *new_sess;
...@@ -2227,10 +2224,9 @@ int ssl3_get_new_session_ticket(SSL *s) ...@@ -2227,10 +2224,9 @@ int ssl3_get_new_session_ticket(SSL *s)
s->session = new_sess; s->session = new_sess;
} }
n2l(p, s->session->tlsext_tick_lifetime_hint); if (!PACKET_get_net_4(&pkt, &s->session->tlsext_tick_lifetime_hint)
n2s(p, ticklen); || !PACKET_get_net_2(&pkt, &ticklen)
/* ticket_lifetime_hint + ticket_length + ticket */ || PACKET_remaining(&pkt) != ticklen) {
if (ticklen + 6 != n) {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
goto f_err; goto f_err;
...@@ -2242,7 +2238,11 @@ int ssl3_get_new_session_ticket(SSL *s) ...@@ -2242,7 +2238,11 @@ int ssl3_get_new_session_ticket(SSL *s)
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
memcpy(s->session->tlsext_tick, p, ticklen); if (!PACKET_copy_bytes(&pkt, s->session->tlsext_tick, ticklen)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
s->session->tlsext_ticklen = ticklen; s->session->tlsext_ticklen = ticklen;
/* /*
* There are two ways to detect a resumed ticket session. One is to set * There are two ways to detect a resumed ticket session. One is to set
...@@ -2255,7 +2255,7 @@ int ssl3_get_new_session_ticket(SSL *s) ...@@ -2255,7 +2255,7 @@ int ssl3_get_new_session_ticket(SSL *s)
* elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
* SHA256 is disabled) hash of the ticket. * SHA256 is disabled) hash of the ticket.
*/ */
EVP_Digest(p, ticklen, EVP_Digest(s->session->tlsext_tick, ticklen,
s->session->session_id, &s->session->session_id_length, s->session->session_id, &s->session->session_id_length,
EVP_sha256(), NULL); EVP_sha256(), NULL);
ret = 1; ret = 1;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册