提交 ec0f1959 编写于 作者: G Geoff Thorpe

If a callback is generating a new session ID for SSLv2, then upon exiting,

the ID will be padded out to 16 bytes if the callback attempted to generate
a shorter one. The problem is that the uniqueness checking function used in
callbacks may mistakenly think a 9-byte ID is unique when in fact its
padded 16-byte version is not. This makes the checking function detect
SSLv2 cases, and ensures the padded form is checked rather than the shorter
one passed by the callback.
上级 fa2b8db4
...@@ -311,6 +311,17 @@ int SSL_CTX_has_matching_session_id(const SSL_CTX *ctx, const unsigned char *id, ...@@ -311,6 +311,17 @@ int SSL_CTX_has_matching_session_id(const SSL_CTX *ctx, const unsigned char *id,
r.ssl_version = ctx->method->version; r.ssl_version = ctx->method->version;
r.session_id_length = id_len; r.session_id_length = id_len;
memcpy(r.session_id, id, id_len); memcpy(r.session_id, id, id_len);
/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
* callback is calling us to check the uniqueness of a shorter ID, it
* must be compared as a padded-out ID because that is what it will be
* converted to when the callback has finished choosing it. */
if((r.ssl_version == SSL2_VERSION) &&
(id_len < SSL2_SSL_SESSION_ID_LENGTH))
{
memset(r.session_id + id_len, 0,
SSL2_SSL_SESSION_ID_LENGTH - id_len);
r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
}
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
p = (SSL_SESSION *)lh_retrieve(ctx->sessions, &r); p = (SSL_SESSION *)lh_retrieve(ctx->sessions, &r);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册