/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#ifndef OPENSSL_NO_SRP
dest->srp_username = NULL;
#endif
+ dest->peer_chain = NULL;
+ dest->peer = NULL;
memset(&dest->ex_data, 0, sizeof(dest->ex_data));
/* We deliberately don't copy the prev and next pointers */
if (dest->lock == NULL)
goto err;
- if (src->peer != NULL)
- X509_up_ref(src->peer);
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data))
+ goto err;
+
+ if (src->peer != NULL) {
+ if (!X509_up_ref(src->peer))
+ goto err;
+ dest->peer = src->peer;
+ }
if (src->peer_chain != NULL) {
dest->peer_chain = X509_chain_up_ref(src->peer_chain);
if (dest->peer_chain == NULL)
goto err;
}
-
#ifndef OPENSSL_NO_PSK
if (src->psk_identity_hint) {
dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
}
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
- &dest->ex_data, &src->ex_data)) {
+ &dest->ex_data, &src->ex_data)) {
goto err;
}
if (src->tlsext_ecpointformatlist) {
dest->tlsext_ecpointformatlist =
OPENSSL_memdup(src->tlsext_ecpointformatlist,
- src->tlsext_ecpointformatlist_length);
+ src->tlsext_ecpointformatlist_length);
if (dest->tlsext_ecpointformatlist == NULL)
goto err;
}
if (src->tlsext_ellipticcurvelist) {
dest->tlsext_ellipticcurvelist =
OPENSSL_memdup(src->tlsext_ellipticcurvelist,
- src->tlsext_ellipticcurvelist_length);
+ src->tlsext_ellipticcurvelist_length);
if (dest->tlsext_ellipticcurvelist == NULL)
goto err;
}
#endif
- if (ticket != 0) {
- dest->tlsext_tick = OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen);
+ if (ticket != 0 && src->tlsext_tick != NULL) {
+ dest->tlsext_tick =
+ OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen);
if (dest->tlsext_tick == NULL)
goto err;
} else {
#endif
return dest;
-err:
+ err:
SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
SSL_SESSION_free(dest);
return NULL;
}
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
- unsigned int *len)
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
{
if (len)
*len = s->session_id_length;
ss->session_id_length = 0;
}
- if (s->sid_ctx_length > sizeof ss->sid_ctx) {
+ if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
SSL_SESSION_free(ss);
return 0;
data.ssl_version = s->version;
memset(data.session_id, 0, sizeof(data.session_id));
if (!PACKET_copy_all(session_id, data.session_id,
- sizeof(data.session_id),
- &local_len)) {
+ sizeof(data.session_id), &local_len)) {
goto err;
}
data.session_id_length = local_len;
(s->session_ctx->session_cache_mode &
SSL_SESS_CACHE_NO_INTERNAL_STORE)) {
/*
- * The following should not return 1, otherwise, things are
- * very strange
+ * Either return value of SSL_CTX_add_session should not
+ * interrupt the session resumption process. The return
+ * value is intentionally ignored.
*/
- if (SSL_CTX_add_session(s->session_ctx, ret))
- goto err;
+ SSL_CTX_add_session(s->session_ctx, ret);
}
}
}
* obtain the same session from an external cache)
*/
s = NULL;
+ } else if (s == NULL &&
+ lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
+ /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
+
+ /*
+ * ... so take back the extra reference and also don't add
+ * the session to the SSL_SESSION_list at this time
+ */
+ s = c;
}
/* Put at the head of the queue unless it is already in the cache */
ret = 1;
if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
- while (SSL_CTX_sess_number(ctx) >
- SSL_CTX_sess_get_cache_size(ctx)) {
+ while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) {
if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
break;
else
if (lck)
CRYPTO_THREAD_unlock(ctx->lock);
- if (ret)
- SSL_SESSION_free(r);
-
if (ctx->remove_session_cb != NULL)
ctx->remove_session_cb(ctx, c);
+
+ if (ret)
+ SSL_SESSION_free(r);
} else
ret = 0;
return (ret);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
- OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
- OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
+ OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
+ OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
X509_free(ss->peer);
sk_X509_pop_free(ss->peer_chain, X509_free);
sk_SSL_CIPHER_free(ss->ciphers);
OPENSSL_free(ss->tlsext_ecpointformatlist);
ss->tlsext_ellipticcurvelist_length = 0;
OPENSSL_free(ss->tlsext_ellipticcurvelist);
-#endif /* OPENSSL_NO_EC */
+#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_PSK
OPENSSL_free(ss->psk_identity_hint);
OPENSSL_free(ss->psk_identity);
return 0;
}
s->session_id_length = sid_len;
- memcpy(s->session_id, sid, sid_len);
+ if (sid != s->session_id)
+ memcpy(s->session_id, sid, sid_len);
return 1;
}
}
void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
- size_t *len)
+ size_t *len)
{
*len = s->tlsext_ticklen;
if (tick != NULL)
return 0;
}
s->sid_ctx_length = sid_ctx_len;
- memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
+ if (sid_ctx != s->sid_ctx)
+ memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
return 1;
}
}
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
- int (*cb) (struct ssl_st *ssl,
- SSL_SESSION *sess))
+ int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
{
ctx->new_session_cb = cb;
}
}
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
- const unsigned char *data,
- int len, int *copy) {
+ const unsigned char
+ *data, int len,
+ int *copy) {
return ctx->get_session_cb;
}
}
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
- int (*cb) (SSL *ssl, const unsigned char *cookie,
+ int (*cb) (SSL *ssl,
+ const unsigned char *cookie,
unsigned int cookie_len))
{
ctx->app_verify_cookie_cb = cb;
}
-IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION,
- SSL_SESSION)
+IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)