artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4579474) | patch
Annotate misuse of EVP_Digest()
authortb <tb@openbsd.org>
Thu, 20 Oct 2022 15:18:54 +0000 (15:18 +0000)
committertb <tb@openbsd.org>
Thu, 20 Oct 2022 15:18:54 +0000 (15:18 +0000)
commit04bb98f1a6cee7108be52cc4d4efc2f62e9dce1d
tree3aee910481701125951e7709c345ffa5a2e330b4tree | snapshot
parent4579474588f1b03a35eef3ef207d4c22f7fc1290commit | diff
Annotate misuse of EVP_Digest()

The session_id member of SSL_SESSION has 32 bytes for historical
reasons.  This precisely accommodates a SHA-256 and is currently
computed using this hash.  If the hash function is ever changed,
this will likely overflow.  This should be fixed in code.  Leave
it at an XXX comment for now.

Pointed out by jsing
lib/libssl/ssl_clnt.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim