diff options
author | Geoff Thorpe <geoff@openssl.org> | 2001-02-21 21:38:32 +0000 |
---|---|---|
committer | Geoff Thorpe <geoff@openssl.org> | 2001-02-21 21:38:32 +0000 |
commit | ec0f19597ee5358dd9f455db997f86f47008802c (patch) | |
tree | b65b7465fd530d9c96481cf6756a2abe76e5906b /ssl | |
parent | fa2b8db4994d61f4a907a6a97568d6f72f20568f (diff) |
If a callback is generating a new session ID for SSLv2, then upon exiting,
the ID will be padded out to 16 bytes if the callback attempted to generate
a shorter one. The problem is that the uniqueness checking function used in
callbacks may mistakenly think a 9-byte ID is unique when in fact its
padded 16-byte version is not. This makes the checking function detect
SSLv2 cases, and ensures the padded form is checked rather than the shorter
one passed by the callback.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 7864f2f7b0..0e372f5843 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -311,6 +311,17 @@ int SSL_CTX_has_matching_session_id(const SSL_CTX *ctx, const unsigned char *id, r.ssl_version = ctx->method->version; r.session_id_length = id_len; memcpy(r.session_id, id, id_len); + /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a + * callback is calling us to check the uniqueness of a shorter ID, it + * must be compared as a padded-out ID because that is what it will be + * converted to when the callback has finished choosing it. */ + if((r.ssl_version == SSL2_VERSION) && + (id_len < SSL2_SSL_SESSION_ID_LENGTH)) + { + memset(r.session_id + id_len, 0, + SSL2_SSL_SESSION_ID_LENGTH - id_len); + r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; + } CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); p = (SSL_SESSION *)lh_retrieve(ctx->sessions, &r); |