diff options
| author | Matt Caswell <matt@openssl.org> | 2020-03-14 00:54:07 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-03-24 17:13:59 +0100 |
| commit | abd86cecce06a2f56f2d0ccc4743273e5981d547 (patch) | |
| tree | cc560401fee0ef345f99633f13502b7bd1be152f /ssl/statem | |
| parent | Use correct libctx when fetching the TLS1 PRF in libssl (diff) | |
| download | openssl-abd86cecce06a2f56f2d0ccc4743273e5981d547.tar.xz openssl-abd86cecce06a2f56f2d0ccc4743273e5981d547.zip | |
Use a fetched version of SHA256 in tls_process_new_session_ticket()
We use the SHA256 digest of the ticket as a "fake" session id. We should
ensure that the SHA256 implementation is fetched from the appropriate
provider.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11356)
Diffstat (limited to 'ssl/statem')
| -rw-r--r-- | ssl/statem/statem_clnt.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index dfc6f5a721..534902f9b9 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2560,6 +2560,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) unsigned int sess_len; RAW_EXTENSION *exts = NULL; PACKET nonce; + EVP_MD *sha256 = NULL; PACKET_null_init(&nonce); @@ -2675,20 +2676,28 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) * other way is to set zero length session ID when the ticket is * presented and rely on the handshake to determine session resumption. * We choose the former approach because this fits in with assumptions - * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is - * SHA256 is disabled) hash of the ticket. + * elsewhere in OpenSSL. The session ID is set to the SHA256 hash of the + * ticket. */ + sha256 = EVP_MD_fetch(s->ctx->libctx, "SHA2-256", s->ctx->propq); + if (sha256 == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, + SSL_R_ALGORITHM_FETCH_FAILED); + goto err; + } /* * TODO(size_t): we use sess_len here because EVP_Digest expects an int * but s->session->session_id_length is a size_t */ if (!EVP_Digest(s->session->ext.tick, ticklen, s->session->session_id, &sess_len, - EVP_sha256(), NULL)) { + sha256, NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB); goto err; } + EVP_MD_free(sha256); + sha256 = NULL; s->session->session_id_length = sess_len; s->session->not_resumable = 0; @@ -2727,6 +2736,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) return MSG_PROCESS_CONTINUE_READING; err: + EVP_MD_free(sha256); OPENSSL_free(exts); return MSG_PROCESS_ERROR; } |