Do not lookup zero-length session ID

A condition was removed by commit 1053a6e2; presumably it was an unintended change. Restore the previous behavior so the get_session_cb won't be called with zero-length session ID. Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4236)

Do not lookup zero-length session ID
A condition was removed by commit 1053a6e2; presumably it was an unintended change. Restore the previous behavior so the get_session_cb won't be called with zero-length session ID. Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4236)
0afca811 · Kazuki Yamaguchi · Bernd Edlinger · 0139ce7c · 0afca811 · 0afca811
隐藏空白更改
内联并排

Showing with 22 addition and 9 deletion

ssl/ssl_sess.c ssl/ssl_sess.c +2 -1

test/sslapitest.c test/sslapitest.c +20 -8

未找到文件。
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -491,7 +491,8 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al)
            goto err;
        case TICKET_NONE:
        case TICKET_EMPTY:
-            try_session_cache = 1;
+            if (hello->session_id_len > 0)
+                try_session_cache = 1;
            break;
        case TICKET_NO_DECRYPT:
        case TICKET_SUCCESS:

--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -757,7 +757,7 @@ static int test_tlsext_status_type(void)
 }
 #endif

-static int new_called = 0, remove_called = 0;
+static int new_called, remove_called, get_called;

 static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
 {
@@ -780,6 +780,7 @@ static SSL_SESSION *get_sess_val = NULL;
 static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len,
                                   int *copy)
 {
+    get_called++;
    *copy = 1;
    return get_sess_val;
 }
@@ -969,7 +970,7 @@ static int execute_test_session(int maxprot, int use_int_cache,

    SSL_CTX_set_max_proto_version(sctx, maxprot);
    SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET);
-    new_called = remove_called = 0;
+    new_called = remove_called = get_called = 0;
    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
                                      NULL, NULL))
            || !TEST_true(create_ssl_connection(serverssl1, clientssl1,
@@ -985,7 +986,9 @@ static int execute_test_session(int maxprot, int use_int_cache,
    if (use_ext_cache) {
        SSL_SESSION *tmp = sess2;

-        if (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0))
+        if (!TEST_int_eq(new_called, 1)
+                || !TEST_int_eq(remove_called, 0)
+                || !TEST_int_eq(get_called, 0))
            goto end;
        /*
         * Delete the session from the internal cache to force a lookup from
@@ -1001,7 +1004,7 @@ static int execute_test_session(int maxprot, int use_int_cache,
        sess2 = tmp;
    }

-    new_called = remove_called = 0;
+    new_called = remove_called = get_called = 0;
    get_sess_val = sess2;
    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
                                      &clientssl2, NULL, NULL))
@@ -1011,10 +1014,19 @@ static int execute_test_session(int maxprot, int use_int_cache,
            || !TEST_true(SSL_session_reused(clientssl2)))
        goto end;

-    if (use_ext_cache
-            && (!TEST_int_eq(new_called, 0)
-                || !TEST_int_eq(remove_called, 0)))
-        goto end;
+    if (use_ext_cache) {
+        if (!TEST_int_eq(new_called, 0)
+                || !TEST_int_eq(remove_called, 0))
+            goto end;
+
+        if (maxprot == TLS1_3_VERSION) {
+            if (!TEST_int_eq(get_called, 0))
+                goto end;
+        } else {
+            if (!TEST_int_eq(get_called, 1))
+                goto end;
+        }
+    }

    testresult = 1;