提交 0f32c841 编写于 作者: B Bodo Möller

stricter session ID context matching

上级 41a8d516
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
OpenSSL CHANGES OpenSSL CHANGES
_______________ _______________
Changes between 0.9.8e and 0.9.9 [xx XXX xxxx] Changes between 0.9.8f and 0.9.9 [xx XXX xxxx]
*) Change ssl_cipher_apply_rule(), the internal function that does *) Change ssl_cipher_apply_rule(), the internal function that does
the work each time a ciphersuite string requests enabling the work each time a ciphersuite string requests enabling
...@@ -481,13 +481,26 @@ ...@@ -481,13 +481,26 @@
*) Change 'Configure' script to enable Camellia by default. *) Change 'Configure' script to enable Camellia by default.
[NTT] [NTT]
Changes between 0.9.8d and 0.9.8e [23 Feb 2007] Changes between 0.9.8e and 0.9.8f [xx XXX xxxx]
*) In the SSL/TLS server implementation, be strict about session ID
context matching (which matters if an application uses a single
external cache for different purposes). Previously,
out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
set. This did ensure strict client verification, but meant that,
with applications using a single external cache for quite
different requirements, clients could circumvent ciphersuite
restrictions for a given session ID context by starting a session
in a different context.
[Bodo Moeller]
*) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
a ciphersuite string such as "DEFAULT:RSA" cannot enable a ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites. authentication-only ciphersuites.
[Bodo Moeller] [Bodo Moeller]
Changes between 0.9.8d and 0.9.8e [23 Feb 2007]
*) Since AES128 and AES256 (and similarly Camellia128 and *) Since AES128 and AES256 (and similarly Camellia128 and
Camellia256) share a single mask bit in the logic of Camellia256) share a single mask bit in the logic of
ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
...@@ -1526,6 +1539,19 @@ ...@@ -1526,6 +1539,19 @@
differing sizes. differing sizes.
[Richard Levitte] [Richard Levitte]
Changes between 0.9.7m and 0.9.7n [xx XXX xxxx]
*) In the SSL/TLS server implementation, be strict about session ID
context matching (which matters if an application uses a single
external cache for different purposes). Previously,
out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
set. This did ensure strict client verification, but meant that,
with applications using a single external cache for quite
different requirements, clients could circumvent ciphersuite
restrictions for a given session ID context by starting a session
in a different context.
[Bodo Moeller]
Changes between 0.9.7l and 0.9.7m [23 Feb 2007] Changes between 0.9.7l and 0.9.7m [23 Feb 2007]
*) Cleanse PEM buffers before freeing them since they may contain *) Cleanse PEM buffers before freeing them since they may contain
......
...@@ -462,26 +462,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) ...@@ -462,26 +462,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
/* Now ret is non-NULL, and we own one of its reference counts. */ /* Now ret is non-NULL, and we own one of its reference counts. */
if((s->verify_mode&SSL_VERIFY_PEER) if (ret->sid_ctx_length != s->sid_ctx_length
&& (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
|| memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
{ {
/* We've found the session named by the client, but we don't /* We've found the session named by the client, but we don't
* want to use it in this context. */ * want to use it in this context. */
if (s->sid_ctx_length == 0)
{
/* application should have used SSL[_CTX]_set_session_id_context
* -- we could tolerate this and just pretend we never heard
* of this session, but then applications could effectively
* disable the session cache by accident without anyone noticing */
SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
fatal = 1;
goto err;
}
else
{
#if 0 /* The client cannot always know when a session is not appropriate, #if 0 /* The client cannot always know when a session is not appropriate,
* so we shouldn't generate an error message. */ * so we shouldn't generate an error message. */
...@@ -489,6 +475,22 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) ...@@ -489,6 +475,22 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
#endif #endif
goto err; /* treat like cache miss */ goto err; /* treat like cache miss */
} }
if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
{
/* We can't be sure if this session is being used out of
* context, which is especially important for SSL_VERIFY_PEER.
* The application should have used SSL[_CTX]_set_session_id_context.
*
* For this error case, we generate an error instead of treating
* the event like a cache miss (otherwise it would be easy for
* applications to effectively disable the session cache by
* accident without anyone noticing).
*/
SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
fatal = 1;
goto err;
} }
if (ret->cipher == NULL) if (ret->cipher == NULL)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册