X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fssl_sess.c;h=85581d43ca40ba11fb75aac1ffb7abb23f0258e9;hb=dc90f64d563f2c9709749d0731d6b26c6bce5325;hp=ca1a7427be1116e5317a25aaadd46a8abcb6655d;hpb=5574e0ed417c9a09487a270fec3df34d3094f5c6;p=oweals%2Fopenssl.git diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index ca1a7427be..85581d43ca 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -60,7 +60,6 @@ #include #include #include "ssl_locl.h" -#include "cryptlib.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); @@ -79,11 +78,11 @@ SSL_SESSION *SSL_get1_session(SSL *ssl) /* Need to lock this all up rather than just use CRYPTO_add so that * somebody doesn't free ssl->session between when we check it's * non-null and when we up the reference count. */ - CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION); + CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); sess = ssl->session; if(sess) sess->references++; - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION); + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); return(sess); } @@ -127,6 +126,13 @@ SSL_SESSION *SSL_SESSION_new(void) return(ss); } +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) + { + if(len) + *len = s->session_id_length; + return s->session_id; + } + /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly * until we have no conflict is going to complete in one iteration pretty much @@ -309,9 +315,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) if (copy) CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); - /* The following should not return 1, otherwise, - * things are very strange */ - SSL_CTX_add_session(s->ctx,ret); + /* Add the externally cached session to the internal + * cache as well if and only if we are supposed to. */ + if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) + /* The following should not return 1, otherwise, + * things are very strange */ + SSL_CTX_add_session(s->ctx,ret); } if (ret == NULL) goto err; @@ -525,13 +534,13 @@ void SSL_SESSION_free(SSL_SESSION *ss) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); - memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); - memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); + OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); + OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); + OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); - memset(ss,0,sizeof(*ss)); + OPENSSL_cleanse(ss,sizeof(*ss)); OPENSSL_free(ss); }