[openssl-dev] [openssl.org #3655] Inconsistency in d2i_SSL_SESSION

[Jonathan Larmour via RT]

Hi,

I sent this to openssl-dev before and was advised to file it under rt...

The implementation of d2i_SSL_SESSION() (in ssl_asn1.c) doesn't seem
correct to me.

d2i_SSL_SESSION() decodes an ASN1 encoding of an SSL_SESSION object
previously encoded by i2d_SSL_SESSION(). Various SSL_SESSION fields are
optional, and tags are used to identify which fields are present... so
far, so good. But in two cases when they are not present,
d2i_SSL_SESSION() actually sets values which were not in the original.

Specifically, if 'time' is not present (which means it was 0 when
i2d_SSL_SESSION() looked at it) it is set to the current time(). And if
'timeout' was not present, it is set to 3.

Surely d2i_SSL_SESSION() should return exactly the session data that was
passed into i2d_SSL_SESSION()?

This came to my attention because I am working on an embedded device, and
OpenSSL is used before the device has had its real time clock set, which
means time() is returning 0. This resulted in
ssl3_send_newsession_ticket() getting different asn1 sizes for a session
encoded with i2d_SSL_SESSION, and decoded with d2i_SSL_SESSION, resulting
in an error being returned due to this check:
		if (slen > slen_full) /* shouldn't ever happen */
(because the decoded session now had a 'time' field the original did not
have).

While I know this won't affect big Linux/Unix/BSD users, it may affect
other embedded device users. The inconsistency with the 'timeout' field
could affect other people too though - why change it to 3?

So I have attached a patch for your consideration to resolve the
inconsistency.

Thanks,

Jifl
-- 
------["Si fractum non sit, noli id reficere"]------       Opinions==mine

-------------- next part --------------
A non-text attachment was scrubbed...
Name: asn1_d2i_session.patch
Type: text/x-patch
Size: 1050 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150114/6cb2a748/attachment-0001.bin>