diff options
| author | guenther <> | 2014-04-20 12:48:19 +0000 |
|---|---|---|
| committer | guenther <> | 2014-04-20 12:48:19 +0000 |
| commit | 71d6ded93deb4d1edc464874b5359ece0ef857d2 (patch) | |
| tree | cca6edfc57a2953a5fb440052243f46cd8d7eb12 | |
| parent | 4b4a5d4b04e0ebd28c425210967942e4fa5d834c (diff) | |
| download | openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.tar.gz openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.tar.bz2 openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.zip | |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.
ok tedu@
| -rw-r--r-- | src/lib/libcrypto/crypto/shlib_version | 2 | ||||
| -rw-r--r-- | src/lib/libcrypto/shlib_version | 2 | ||||
| -rw-r--r-- | src/lib/libssl/shlib_version | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_enc.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl.h | 20 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_asn1.c | 24 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_lib.c | 7 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_sess.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_txt.c | 14 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_enc.c | 1 | ||||
| -rw-r--r-- | src/lib/libssl/ssl.h | 20 | ||||
| -rw-r--r-- | src/lib/libssl/ssl/shlib_version | 2 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_asn1.c | 24 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 7 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_txt.c | 14 | ||||
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 1 |
17 files changed, 44 insertions, 118 deletions
diff --git a/src/lib/libcrypto/crypto/shlib_version b/src/lib/libcrypto/crypto/shlib_version index 361604a5eb..c622cb8cdf 100644 --- a/src/lib/libcrypto/crypto/shlib_version +++ b/src/lib/libcrypto/crypto/shlib_version | |||
| @@ -1,2 +1,2 @@ | |||
| 1 | major=25 | 1 | major=26 |
| 2 | minor=0 | 2 | minor=0 |
diff --git a/src/lib/libcrypto/shlib_version b/src/lib/libcrypto/shlib_version index 361604a5eb..c622cb8cdf 100644 --- a/src/lib/libcrypto/shlib_version +++ b/src/lib/libcrypto/shlib_version | |||
| @@ -1,2 +1,2 @@ | |||
| 1 | major=25 | 1 | major=26 |
| 2 | minor=0 | 2 | minor=0 |
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version index df4de0fc4d..906022aa66 100644 --- a/src/lib/libssl/shlib_version +++ b/src/lib/libssl/shlib_version | |||
| @@ -1,2 +1,2 @@ | |||
| 1 | major=23 | 1 | major=24 |
| 2 | minor=0 | 2 | minor=0 |
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index 4d12631694..2b02c5ba06 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c | |||
| @@ -361,8 +361,6 @@ ssl3_change_cipher_state(SSL *s, int which) | |||
| 361 | } | 361 | } |
| 362 | } | 362 | } |
| 363 | 363 | ||
| 364 | s->session->key_arg_length = 0; | ||
| 365 | |||
| 366 | EVP_CipherInit_ex(dd, c, NULL, key, iv,(which & SSL3_CC_WRITE)); | 364 | EVP_CipherInit_ex(dd, c, NULL, key, iv,(which & SSL3_CC_WRITE)); |
| 367 | 365 | ||
| 368 | OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key)); | 366 | OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key)); |
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index f3ca8c5c4e..3624bdcccd 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h | |||
| @@ -399,7 +399,7 @@ struct ssl_cipher_st { | |||
| 399 | }; | 399 | }; |
| 400 | 400 | ||
| 401 | 401 | ||
| 402 | /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ | 402 | /* Used to hold functions for SSLv3/TLSv1 functions */ |
| 403 | struct ssl_method_st { | 403 | struct ssl_method_st { |
| 404 | int version; | 404 | int version; |
| 405 | int (*ssl_new)(SSL *s); | 405 | int (*ssl_new)(SSL *s); |
| @@ -442,7 +442,6 @@ struct ssl_method_st { | |||
| 442 | * Session_ID OCTET STRING, -- the Session ID | 442 | * Session_ID OCTET STRING, -- the Session ID |
| 443 | * Master_key OCTET STRING, -- the master key | 443 | * Master_key OCTET STRING, -- the master key |
| 444 | * KRB5_principal OCTET STRING -- optional Kerberos principal | 444 | * KRB5_principal OCTET STRING -- optional Kerberos principal |
| 445 | * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument | ||
| 446 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time | 445 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time |
| 447 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds | 446 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds |
| 448 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate | 447 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate |
| @@ -463,9 +462,6 @@ struct ssl_session_st { | |||
| 463 | int ssl_version; /* what ssl version session info is | 462 | int ssl_version; /* what ssl version session info is |
| 464 | * being kept in here? */ | 463 | * being kept in here? */ |
| 465 | 464 | ||
| 466 | /* only really used in SSLv2 */ | ||
| 467 | unsigned int key_arg_length; | ||
| 468 | unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; | ||
| 469 | int master_key_length; | 465 | int master_key_length; |
| 470 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; | 466 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; |
| 471 | /* session_id - valid? */ | 467 | /* session_id - valid? */ |
| @@ -502,9 +498,9 @@ struct ssl_session_st { | |||
| 502 | * is not ok, we must remember the error for session reuse: */ | 498 | * is not ok, we must remember the error for session reuse: */ |
| 503 | long verify_result; /* only for servers */ | 499 | long verify_result; /* only for servers */ |
| 504 | 500 | ||
| 505 | int references; | ||
| 506 | long timeout; | 501 | long timeout; |
| 507 | long time; | 502 | time_t time; |
| 503 | int references; | ||
| 508 | 504 | ||
| 509 | unsigned int compress_meth; /* Need to lookup the method */ | 505 | unsigned int compress_meth; /* Need to lookup the method */ |
| 510 | 506 | ||
| @@ -845,9 +841,8 @@ struct ssl_ctx_st { | |||
| 845 | 841 | ||
| 846 | CRYPTO_EX_DATA ex_data; | 842 | CRYPTO_EX_DATA ex_data; |
| 847 | 843 | ||
| 848 | const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ | ||
| 849 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ | 844 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ |
| 850 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ | 845 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */ |
| 851 | 846 | ||
| 852 | STACK_OF(X509) *extra_certs; | 847 | STACK_OF(X509) *extra_certs; |
| 853 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ | 848 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ |
| @@ -1155,7 +1150,6 @@ struct ssl_st { | |||
| 1155 | unsigned char *packet; | 1150 | unsigned char *packet; |
| 1156 | unsigned int packet_length; | 1151 | unsigned int packet_length; |
| 1157 | 1152 | ||
| 1158 | struct ssl2_state_st *s2; /* SSLv2 variables */ | ||
| 1159 | struct ssl3_state_st *s3; /* SSLv3 variables */ | 1153 | struct ssl3_state_st *s3; /* SSLv3 variables */ |
| 1160 | struct dtls1_state_st *d1; /* DTLSv1 variables */ | 1154 | struct dtls1_state_st *d1; /* DTLSv1 variables */ |
| 1161 | 1155 | ||
| @@ -1828,9 +1822,9 @@ const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ | |||
| 1828 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ | 1822 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ |
| 1829 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ | 1823 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ |
| 1830 | 1824 | ||
| 1831 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ | 1825 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 or TLSv1.* */ |
| 1832 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ | 1826 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 or TLSv1.* */ |
| 1833 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ | 1827 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 or TLSv1.* */ |
| 1834 | 1828 | ||
| 1835 | const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ | 1829 | const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ |
| 1836 | const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ | 1830 | const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ |
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c index c551ec4877..1d2590268c 100644 --- a/src/lib/libssl/src/ssl/ssl_asn1.c +++ b/src/lib/libssl/src/ssl/ssl_asn1.c | |||
| @@ -97,7 +97,6 @@ typedef struct ssl_session_asn1_st { | |||
| 97 | ASN1_OCTET_STRING master_key; | 97 | ASN1_OCTET_STRING master_key; |
| 98 | ASN1_OCTET_STRING session_id; | 98 | ASN1_OCTET_STRING session_id; |
| 99 | ASN1_OCTET_STRING session_id_context; | 99 | ASN1_OCTET_STRING session_id_context; |
| 100 | ASN1_OCTET_STRING key_arg; | ||
| 101 | #ifndef OPENSSL_NO_KRB5 | 100 | #ifndef OPENSSL_NO_KRB5 |
| 102 | ASN1_OCTET_STRING krb5_princ; | 101 | ASN1_OCTET_STRING krb5_princ; |
| 103 | #endif /* OPENSSL_NO_KRB5 */ | 102 | #endif /* OPENSSL_NO_KRB5 */ |
| @@ -190,10 +189,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 190 | a.session_id_context.type = V_ASN1_OCTET_STRING; | 189 | a.session_id_context.type = V_ASN1_OCTET_STRING; |
| 191 | a.session_id_context.data = in->sid_ctx; | 190 | a.session_id_context.data = in->sid_ctx; |
| 192 | 191 | ||
| 193 | a.key_arg.length = in->key_arg_length; | ||
| 194 | a.key_arg.type = V_ASN1_OCTET_STRING; | ||
| 195 | a.key_arg.data = in->key_arg; | ||
| 196 | |||
| 197 | #ifndef OPENSSL_NO_KRB5 | 192 | #ifndef OPENSSL_NO_KRB5 |
| 198 | if (in->krb5_client_princ_len) { | 193 | if (in->krb5_client_princ_len) { |
| 199 | a.krb5_princ.length = in->krb5_client_princ_len; | 194 | a.krb5_princ.length = in->krb5_client_princ_len; |
| @@ -206,7 +201,7 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 206 | a.time.length = LSIZE2; | 201 | a.time.length = LSIZE2; |
| 207 | a.time.type = V_ASN1_INTEGER; | 202 | a.time.type = V_ASN1_INTEGER; |
| 208 | a.time.data = ibuf3; | 203 | a.time.data = ibuf3; |
| 209 | ASN1_INTEGER_set(&(a.time), in->time); | 204 | ASN1_INTEGER_set(&(a.time), in->time); /* XXX 2038 */ |
| 210 | } | 205 | } |
| 211 | 206 | ||
| 212 | if (in->timeout != 0L) { | 207 | if (in->timeout != 0L) { |
| @@ -270,8 +265,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 270 | if (in->krb5_client_princ_len) | 265 | if (in->krb5_client_princ_len) |
| 271 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 266 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 272 | #endif /* OPENSSL_NO_KRB5 */ | 267 | #endif /* OPENSSL_NO_KRB5 */ |
| 273 | if (in->key_arg_length > 0) | ||
| 274 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING); | ||
| 275 | if (in->time != 0L) | 268 | if (in->time != 0L) |
| 276 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); | 269 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 277 | if (in->timeout != 0L) | 270 | if (in->timeout != 0L) |
| @@ -316,8 +309,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 316 | if (in->krb5_client_princ_len) | 309 | if (in->krb5_client_princ_len) |
| 317 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 310 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 318 | #endif /* OPENSSL_NO_KRB5 */ | 311 | #endif /* OPENSSL_NO_KRB5 */ |
| 319 | if (in->key_arg_length > 0) | ||
| 320 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0); | ||
| 321 | if (in->time != 0L) | 312 | if (in->time != 0L) |
| 322 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); | 313 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 323 | if (in->timeout != 0L) | 314 | if (in->timeout != 0L) |
| @@ -445,24 +436,15 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) | |||
| 445 | ret->krb5_client_princ_len = 0; | 436 | ret->krb5_client_princ_len = 0; |
| 446 | #endif /* OPENSSL_NO_KRB5 */ | 437 | #endif /* OPENSSL_NO_KRB5 */ |
| 447 | 438 | ||
| 448 | M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING); | ||
| 449 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) | ||
| 450 | ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH; | ||
| 451 | else | ||
| 452 | ret->key_arg_length = os.length; | ||
| 453 | memcpy(ret->key_arg, os.data, ret->key_arg_length); | ||
| 454 | if (os.data != NULL) | ||
| 455 | free(os.data); | ||
| 456 | |||
| 457 | ai.length = 0; | 439 | ai.length = 0; |
| 458 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); | 440 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); /* XXX 2038 */ |
| 459 | if (ai.data != NULL) { | 441 | if (ai.data != NULL) { |
| 460 | ret->time = ASN1_INTEGER_get(aip); | 442 | ret->time = ASN1_INTEGER_get(aip); |
| 461 | free(ai.data); | 443 | free(ai.data); |
| 462 | ai.data = NULL; | 444 | ai.data = NULL; |
| 463 | ai.length = 0; | 445 | ai.length = 0; |
| 464 | } else | 446 | } else |
| 465 | ret->time = (unsigned long)time(NULL); | 447 | ret->time = time(NULL); |
| 466 | 448 | ||
| 467 | ai.length = 0; | 449 | ai.length = 0; |
| 468 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); | 450 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); |
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index 3ab353b8eb..21d6835b98 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -1712,11 +1712,8 @@ SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1712 | ret->references = 1; | 1712 | ret->references = 1; |
| 1713 | ret->quiet_shutdown = 0; | 1713 | ret->quiet_shutdown = 0; |
| 1714 | 1714 | ||
| 1715 | /* ret->cipher=NULL;*/ | 1715 | /* ret->cipher=NULL; |
| 1716 | /* ret->s2->challenge=NULL; | ||
| 1717 | ret->master_key=NULL; | 1716 | ret->master_key=NULL; |
| 1718 | ret->key_arg=NULL; | ||
| 1719 | ret->s2->conn_id=NULL; | ||
| 1720 | */ | 1717 | */ |
| 1721 | 1718 | ||
| 1722 | ret->info_callback = NULL; | 1719 | ret->info_callback = NULL; |
| @@ -2340,7 +2337,7 @@ ssl_update_cache(SSL *s, int mode) | |||
| 2340 | if ((((mode & SSL_SESS_CACHE_CLIENT) | 2337 | if ((((mode & SSL_SESS_CACHE_CLIENT) |
| 2341 | ?s->session_ctx->stats.sess_connect_good | 2338 | ?s->session_ctx->stats.sess_connect_good |
| 2342 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { | 2339 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { |
| 2343 | SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); | 2340 | SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); |
| 2344 | } | 2341 | } |
| 2345 | } | 2342 | } |
| 2346 | } | 2343 | } |
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c index c67ae1c22f..c032154d48 100644 --- a/src/lib/libssl/src/ssl/ssl_sess.c +++ b/src/lib/libssl/src/ssl/ssl_sess.c | |||
| @@ -205,7 +205,7 @@ SSL_SESSION_new(void) | |||
| 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ | 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ |
| 206 | ss->references = 1; | 206 | ss->references = 1; |
| 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ | 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ |
| 208 | ss->time = (unsigned long)time(NULL); | 208 | ss->time = time(NULL); |
| 209 | ss->prev = NULL; | 209 | ss->prev = NULL; |
| 210 | ss->next = NULL; | 210 | ss->next = NULL; |
| 211 | ss->compress_meth = 0; | 211 | ss->compress_meth = 0; |
| @@ -555,7 +555,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 555 | goto err; | 555 | goto err; |
| 556 | } | 556 | } |
| 557 | 557 | ||
| 558 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ | 558 | if (ret->timeout < (time(NULL) - ret->time)) /* timeout */ |
| 559 | { | 559 | { |
| 560 | s->session_ctx->stats.sess_timeout++; | 560 | s->session_ctx->stats.sess_timeout++; |
| 561 | if (try_session_cache) { | 561 | if (try_session_cache) { |
| @@ -699,7 +699,6 @@ SSL_SESSION_free(SSL_SESSION *ss) | |||
| 699 | 699 | ||
| 700 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 700 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 701 | 701 | ||
| 702 | OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); | ||
| 703 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); | 702 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); |
| 704 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); | 703 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); |
| 705 | if (ss->sess_cert != NULL) | 704 | if (ss->sess_cert != NULL) |
| @@ -807,6 +806,7 @@ SSL_SESSION_get_timeout(const SSL_SESSION *s) | |||
| 807 | return (s->timeout); | 806 | return (s->timeout); |
| 808 | } | 807 | } |
| 809 | 808 | ||
| 809 | /* XXX 2038 */ | ||
| 810 | long | 810 | long |
| 811 | SSL_SESSION_get_time(const SSL_SESSION *s) | 811 | SSL_SESSION_get_time(const SSL_SESSION *s) |
| 812 | { | 812 | { |
| @@ -815,6 +815,7 @@ SSL_SESSION_get_time(const SSL_SESSION *s) | |||
| 815 | return (s->time); | 815 | return (s->time); |
| 816 | } | 816 | } |
| 817 | 817 | ||
| 818 | /* XXX 2038 */ | ||
| 818 | long | 819 | long |
| 819 | SSL_SESSION_set_time(SSL_SESSION *s, long t) | 820 | SSL_SESSION_set_time(SSL_SESSION *s, long t) |
| 820 | { | 821 | { |
| @@ -926,7 +927,7 @@ typedef struct timeout_param_st { | |||
| 926 | static void | 927 | static void |
| 927 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | 928 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) |
| 928 | { | 929 | { |
| 929 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ | 930 | if ((p->time == 0) || (p->time > (s->time + s->timeout))) /* timeout */ |
| 930 | { | 931 | { |
| 931 | /* The reason we don't call SSL_CTX_remove_session() is to | 932 | /* The reason we don't call SSL_CTX_remove_session() is to |
| 932 | * save on locking overhead */ | 933 | * save on locking overhead */ |
| @@ -942,6 +943,7 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | |||
| 942 | static | 943 | static |
| 943 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | 944 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) |
| 944 | 945 | ||
| 946 | /* XXX 2038 */ | ||
| 945 | void | 947 | void |
| 946 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) | 948 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) |
| 947 | { | 949 | { |
diff --git a/src/lib/libssl/src/ssl/ssl_txt.c b/src/lib/libssl/src/ssl/ssl_txt.c index 91664ffe43..5538c57562 100644 --- a/src/lib/libssl/src/ssl/ssl_txt.c +++ b/src/lib/libssl/src/ssl/ssl_txt.c | |||
| @@ -161,16 +161,6 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 161 | if (BIO_printf(bp, "%02X", x->master_key[i]) | 161 | if (BIO_printf(bp, "%02X", x->master_key[i]) |
| 162 | <= 0) goto err; | 162 | <= 0) goto err; |
| 163 | } | 163 | } |
| 164 | if (BIO_puts(bp, "\n Key-Arg : ") | ||
| 165 | <= 0) goto err; | ||
| 166 | if (x->key_arg_length == 0) { | ||
| 167 | if (BIO_puts(bp, "None") | ||
| 168 | <= 0) goto err; | ||
| 169 | } else | ||
| 170 | for (i = 0; i < x->key_arg_length; i++) { | ||
| 171 | if (BIO_printf(bp, "%02X", x->key_arg[i]) | ||
| 172 | <= 0) goto err; | ||
| 173 | } | ||
| 174 | #ifndef OPENSSL_NO_KRB5 | 164 | #ifndef OPENSSL_NO_KRB5 |
| 175 | if (BIO_puts(bp, "\n Krb5 Principal: ") | 165 | if (BIO_puts(bp, "\n Krb5 Principal: ") |
| 176 | <= 0) goto err; | 166 | <= 0) goto err; |
| @@ -227,8 +217,8 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 227 | } | 217 | } |
| 228 | } | 218 | } |
| 229 | #endif | 219 | #endif |
| 230 | if (x->time != 0L) { | 220 | if (x->time != 0) { |
| 231 | if (BIO_printf(bp, "\n Start Time: %ld", x->time) | 221 | if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) |
| 232 | <= 0) goto err; | 222 | <= 0) goto err; |
| 233 | } | 223 | } |
| 234 | if (x->timeout != 0L) { | 224 | if (x->timeout != 0L) { |
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index 579eaa6ce4..3f5df9ad7a 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c | |||
| @@ -519,7 +519,6 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 519 | } | 519 | } |
| 520 | } | 520 | } |
| 521 | 521 | ||
| 522 | s->session->key_arg_length = 0; | ||
| 523 | #ifdef KSSL_DEBUG | 522 | #ifdef KSSL_DEBUG |
| 524 | { | 523 | { |
| 525 | int i; | 524 | int i; |
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index f3ca8c5c4e..3624bdcccd 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -399,7 +399,7 @@ struct ssl_cipher_st { | |||
| 399 | }; | 399 | }; |
| 400 | 400 | ||
| 401 | 401 | ||
| 402 | /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ | 402 | /* Used to hold functions for SSLv3/TLSv1 functions */ |
| 403 | struct ssl_method_st { | 403 | struct ssl_method_st { |
| 404 | int version; | 404 | int version; |
| 405 | int (*ssl_new)(SSL *s); | 405 | int (*ssl_new)(SSL *s); |
| @@ -442,7 +442,6 @@ struct ssl_method_st { | |||
| 442 | * Session_ID OCTET STRING, -- the Session ID | 442 | * Session_ID OCTET STRING, -- the Session ID |
| 443 | * Master_key OCTET STRING, -- the master key | 443 | * Master_key OCTET STRING, -- the master key |
| 444 | * KRB5_principal OCTET STRING -- optional Kerberos principal | 444 | * KRB5_principal OCTET STRING -- optional Kerberos principal |
| 445 | * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument | ||
| 446 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time | 445 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time |
| 447 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds | 446 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds |
| 448 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate | 447 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate |
| @@ -463,9 +462,6 @@ struct ssl_session_st { | |||
| 463 | int ssl_version; /* what ssl version session info is | 462 | int ssl_version; /* what ssl version session info is |
| 464 | * being kept in here? */ | 463 | * being kept in here? */ |
| 465 | 464 | ||
| 466 | /* only really used in SSLv2 */ | ||
| 467 | unsigned int key_arg_length; | ||
| 468 | unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; | ||
| 469 | int master_key_length; | 465 | int master_key_length; |
| 470 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; | 466 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; |
| 471 | /* session_id - valid? */ | 467 | /* session_id - valid? */ |
| @@ -502,9 +498,9 @@ struct ssl_session_st { | |||
| 502 | * is not ok, we must remember the error for session reuse: */ | 498 | * is not ok, we must remember the error for session reuse: */ |
| 503 | long verify_result; /* only for servers */ | 499 | long verify_result; /* only for servers */ |
| 504 | 500 | ||
| 505 | int references; | ||
| 506 | long timeout; | 501 | long timeout; |
| 507 | long time; | 502 | time_t time; |
| 503 | int references; | ||
| 508 | 504 | ||
| 509 | unsigned int compress_meth; /* Need to lookup the method */ | 505 | unsigned int compress_meth; /* Need to lookup the method */ |
| 510 | 506 | ||
| @@ -845,9 +841,8 @@ struct ssl_ctx_st { | |||
| 845 | 841 | ||
| 846 | CRYPTO_EX_DATA ex_data; | 842 | CRYPTO_EX_DATA ex_data; |
| 847 | 843 | ||
| 848 | const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ | ||
| 849 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ | 844 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ |
| 850 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ | 845 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */ |
| 851 | 846 | ||
| 852 | STACK_OF(X509) *extra_certs; | 847 | STACK_OF(X509) *extra_certs; |
| 853 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ | 848 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ |
| @@ -1155,7 +1150,6 @@ struct ssl_st { | |||
| 1155 | unsigned char *packet; | 1150 | unsigned char *packet; |
| 1156 | unsigned int packet_length; | 1151 | unsigned int packet_length; |
| 1157 | 1152 | ||
| 1158 | struct ssl2_state_st *s2; /* SSLv2 variables */ | ||
| 1159 | struct ssl3_state_st *s3; /* SSLv3 variables */ | 1153 | struct ssl3_state_st *s3; /* SSLv3 variables */ |
| 1160 | struct dtls1_state_st *d1; /* DTLSv1 variables */ | 1154 | struct dtls1_state_st *d1; /* DTLSv1 variables */ |
| 1161 | 1155 | ||
| @@ -1828,9 +1822,9 @@ const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ | |||
| 1828 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ | 1822 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ |
| 1829 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ | 1823 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ |
| 1830 | 1824 | ||
| 1831 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ | 1825 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 or TLSv1.* */ |
| 1832 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ | 1826 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 or TLSv1.* */ |
| 1833 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ | 1827 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 or TLSv1.* */ |
| 1834 | 1828 | ||
| 1835 | const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ | 1829 | const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ |
| 1836 | const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ | 1830 | const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ |
diff --git a/src/lib/libssl/ssl/shlib_version b/src/lib/libssl/ssl/shlib_version index df4de0fc4d..906022aa66 100644 --- a/src/lib/libssl/ssl/shlib_version +++ b/src/lib/libssl/ssl/shlib_version | |||
| @@ -1,2 +1,2 @@ | |||
| 1 | major=23 | 1 | major=24 |
| 2 | minor=0 | 2 | minor=0 |
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index c551ec4877..1d2590268c 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c | |||
| @@ -97,7 +97,6 @@ typedef struct ssl_session_asn1_st { | |||
| 97 | ASN1_OCTET_STRING master_key; | 97 | ASN1_OCTET_STRING master_key; |
| 98 | ASN1_OCTET_STRING session_id; | 98 | ASN1_OCTET_STRING session_id; |
| 99 | ASN1_OCTET_STRING session_id_context; | 99 | ASN1_OCTET_STRING session_id_context; |
| 100 | ASN1_OCTET_STRING key_arg; | ||
| 101 | #ifndef OPENSSL_NO_KRB5 | 100 | #ifndef OPENSSL_NO_KRB5 |
| 102 | ASN1_OCTET_STRING krb5_princ; | 101 | ASN1_OCTET_STRING krb5_princ; |
| 103 | #endif /* OPENSSL_NO_KRB5 */ | 102 | #endif /* OPENSSL_NO_KRB5 */ |
| @@ -190,10 +189,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 190 | a.session_id_context.type = V_ASN1_OCTET_STRING; | 189 | a.session_id_context.type = V_ASN1_OCTET_STRING; |
| 191 | a.session_id_context.data = in->sid_ctx; | 190 | a.session_id_context.data = in->sid_ctx; |
| 192 | 191 | ||
| 193 | a.key_arg.length = in->key_arg_length; | ||
| 194 | a.key_arg.type = V_ASN1_OCTET_STRING; | ||
| 195 | a.key_arg.data = in->key_arg; | ||
| 196 | |||
| 197 | #ifndef OPENSSL_NO_KRB5 | 192 | #ifndef OPENSSL_NO_KRB5 |
| 198 | if (in->krb5_client_princ_len) { | 193 | if (in->krb5_client_princ_len) { |
| 199 | a.krb5_princ.length = in->krb5_client_princ_len; | 194 | a.krb5_princ.length = in->krb5_client_princ_len; |
| @@ -206,7 +201,7 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 206 | a.time.length = LSIZE2; | 201 | a.time.length = LSIZE2; |
| 207 | a.time.type = V_ASN1_INTEGER; | 202 | a.time.type = V_ASN1_INTEGER; |
| 208 | a.time.data = ibuf3; | 203 | a.time.data = ibuf3; |
| 209 | ASN1_INTEGER_set(&(a.time), in->time); | 204 | ASN1_INTEGER_set(&(a.time), in->time); /* XXX 2038 */ |
| 210 | } | 205 | } |
| 211 | 206 | ||
| 212 | if (in->timeout != 0L) { | 207 | if (in->timeout != 0L) { |
| @@ -270,8 +265,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 270 | if (in->krb5_client_princ_len) | 265 | if (in->krb5_client_princ_len) |
| 271 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 266 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 272 | #endif /* OPENSSL_NO_KRB5 */ | 267 | #endif /* OPENSSL_NO_KRB5 */ |
| 273 | if (in->key_arg_length > 0) | ||
| 274 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING); | ||
| 275 | if (in->time != 0L) | 268 | if (in->time != 0L) |
| 276 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); | 269 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 277 | if (in->timeout != 0L) | 270 | if (in->timeout != 0L) |
| @@ -316,8 +309,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 316 | if (in->krb5_client_princ_len) | 309 | if (in->krb5_client_princ_len) |
| 317 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 310 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 318 | #endif /* OPENSSL_NO_KRB5 */ | 311 | #endif /* OPENSSL_NO_KRB5 */ |
| 319 | if (in->key_arg_length > 0) | ||
| 320 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0); | ||
| 321 | if (in->time != 0L) | 312 | if (in->time != 0L) |
| 322 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); | 313 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 323 | if (in->timeout != 0L) | 314 | if (in->timeout != 0L) |
| @@ -445,24 +436,15 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) | |||
| 445 | ret->krb5_client_princ_len = 0; | 436 | ret->krb5_client_princ_len = 0; |
| 446 | #endif /* OPENSSL_NO_KRB5 */ | 437 | #endif /* OPENSSL_NO_KRB5 */ |
| 447 | 438 | ||
| 448 | M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING); | ||
| 449 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) | ||
| 450 | ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH; | ||
| 451 | else | ||
| 452 | ret->key_arg_length = os.length; | ||
| 453 | memcpy(ret->key_arg, os.data, ret->key_arg_length); | ||
| 454 | if (os.data != NULL) | ||
| 455 | free(os.data); | ||
| 456 | |||
| 457 | ai.length = 0; | 439 | ai.length = 0; |
| 458 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); | 440 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); /* XXX 2038 */ |
| 459 | if (ai.data != NULL) { | 441 | if (ai.data != NULL) { |
| 460 | ret->time = ASN1_INTEGER_get(aip); | 442 | ret->time = ASN1_INTEGER_get(aip); |
| 461 | free(ai.data); | 443 | free(ai.data); |
| 462 | ai.data = NULL; | 444 | ai.data = NULL; |
| 463 | ai.length = 0; | 445 | ai.length = 0; |
| 464 | } else | 446 | } else |
| 465 | ret->time = (unsigned long)time(NULL); | 447 | ret->time = time(NULL); |
| 466 | 448 | ||
| 467 | ai.length = 0; | 449 | ai.length = 0; |
| 468 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); | 450 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 3ab353b8eb..21d6835b98 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1712,11 +1712,8 @@ SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1712 | ret->references = 1; | 1712 | ret->references = 1; |
| 1713 | ret->quiet_shutdown = 0; | 1713 | ret->quiet_shutdown = 0; |
| 1714 | 1714 | ||
| 1715 | /* ret->cipher=NULL;*/ | 1715 | /* ret->cipher=NULL; |
| 1716 | /* ret->s2->challenge=NULL; | ||
| 1717 | ret->master_key=NULL; | 1716 | ret->master_key=NULL; |
| 1718 | ret->key_arg=NULL; | ||
| 1719 | ret->s2->conn_id=NULL; | ||
| 1720 | */ | 1717 | */ |
| 1721 | 1718 | ||
| 1722 | ret->info_callback = NULL; | 1719 | ret->info_callback = NULL; |
| @@ -2340,7 +2337,7 @@ ssl_update_cache(SSL *s, int mode) | |||
| 2340 | if ((((mode & SSL_SESS_CACHE_CLIENT) | 2337 | if ((((mode & SSL_SESS_CACHE_CLIENT) |
| 2341 | ?s->session_ctx->stats.sess_connect_good | 2338 | ?s->session_ctx->stats.sess_connect_good |
| 2342 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { | 2339 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { |
| 2343 | SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); | 2340 | SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); |
| 2344 | } | 2341 | } |
| 2345 | } | 2342 | } |
| 2346 | } | 2343 | } |
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index c67ae1c22f..c032154d48 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -205,7 +205,7 @@ SSL_SESSION_new(void) | |||
| 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ | 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ |
| 206 | ss->references = 1; | 206 | ss->references = 1; |
| 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ | 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ |
| 208 | ss->time = (unsigned long)time(NULL); | 208 | ss->time = time(NULL); |
| 209 | ss->prev = NULL; | 209 | ss->prev = NULL; |
| 210 | ss->next = NULL; | 210 | ss->next = NULL; |
| 211 | ss->compress_meth = 0; | 211 | ss->compress_meth = 0; |
| @@ -555,7 +555,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 555 | goto err; | 555 | goto err; |
| 556 | } | 556 | } |
| 557 | 557 | ||
| 558 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ | 558 | if (ret->timeout < (time(NULL) - ret->time)) /* timeout */ |
| 559 | { | 559 | { |
| 560 | s->session_ctx->stats.sess_timeout++; | 560 | s->session_ctx->stats.sess_timeout++; |
| 561 | if (try_session_cache) { | 561 | if (try_session_cache) { |
| @@ -699,7 +699,6 @@ SSL_SESSION_free(SSL_SESSION *ss) | |||
| 699 | 699 | ||
| 700 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 700 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 701 | 701 | ||
| 702 | OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); | ||
| 703 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); | 702 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); |
| 704 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); | 703 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); |
| 705 | if (ss->sess_cert != NULL) | 704 | if (ss->sess_cert != NULL) |
| @@ -807,6 +806,7 @@ SSL_SESSION_get_timeout(const SSL_SESSION *s) | |||
| 807 | return (s->timeout); | 806 | return (s->timeout); |
| 808 | } | 807 | } |
| 809 | 808 | ||
| 809 | /* XXX 2038 */ | ||
| 810 | long | 810 | long |
| 811 | SSL_SESSION_get_time(const SSL_SESSION *s) | 811 | SSL_SESSION_get_time(const SSL_SESSION *s) |
| 812 | { | 812 | { |
| @@ -815,6 +815,7 @@ SSL_SESSION_get_time(const SSL_SESSION *s) | |||
| 815 | return (s->time); | 815 | return (s->time); |
| 816 | } | 816 | } |
| 817 | 817 | ||
| 818 | /* XXX 2038 */ | ||
| 818 | long | 819 | long |
| 819 | SSL_SESSION_set_time(SSL_SESSION *s, long t) | 820 | SSL_SESSION_set_time(SSL_SESSION *s, long t) |
| 820 | { | 821 | { |
| @@ -926,7 +927,7 @@ typedef struct timeout_param_st { | |||
| 926 | static void | 927 | static void |
| 927 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | 928 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) |
| 928 | { | 929 | { |
| 929 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ | 930 | if ((p->time == 0) || (p->time > (s->time + s->timeout))) /* timeout */ |
| 930 | { | 931 | { |
| 931 | /* The reason we don't call SSL_CTX_remove_session() is to | 932 | /* The reason we don't call SSL_CTX_remove_session() is to |
| 932 | * save on locking overhead */ | 933 | * save on locking overhead */ |
| @@ -942,6 +943,7 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | |||
| 942 | static | 943 | static |
| 943 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | 944 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) |
| 944 | 945 | ||
| 946 | /* XXX 2038 */ | ||
| 945 | void | 947 | void |
| 946 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) | 948 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) |
| 947 | { | 949 | { |
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c index 91664ffe43..5538c57562 100644 --- a/src/lib/libssl/ssl_txt.c +++ b/src/lib/libssl/ssl_txt.c | |||
| @@ -161,16 +161,6 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 161 | if (BIO_printf(bp, "%02X", x->master_key[i]) | 161 | if (BIO_printf(bp, "%02X", x->master_key[i]) |
| 162 | <= 0) goto err; | 162 | <= 0) goto err; |
| 163 | } | 163 | } |
| 164 | if (BIO_puts(bp, "\n Key-Arg : ") | ||
| 165 | <= 0) goto err; | ||
| 166 | if (x->key_arg_length == 0) { | ||
| 167 | if (BIO_puts(bp, "None") | ||
| 168 | <= 0) goto err; | ||
| 169 | } else | ||
| 170 | for (i = 0; i < x->key_arg_length; i++) { | ||
| 171 | if (BIO_printf(bp, "%02X", x->key_arg[i]) | ||
| 172 | <= 0) goto err; | ||
| 173 | } | ||
| 174 | #ifndef OPENSSL_NO_KRB5 | 164 | #ifndef OPENSSL_NO_KRB5 |
| 175 | if (BIO_puts(bp, "\n Krb5 Principal: ") | 165 | if (BIO_puts(bp, "\n Krb5 Principal: ") |
| 176 | <= 0) goto err; | 166 | <= 0) goto err; |
| @@ -227,8 +217,8 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 227 | } | 217 | } |
| 228 | } | 218 | } |
| 229 | #endif | 219 | #endif |
| 230 | if (x->time != 0L) { | 220 | if (x->time != 0) { |
| 231 | if (BIO_printf(bp, "\n Start Time: %ld", x->time) | 221 | if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) |
| 232 | <= 0) goto err; | 222 | <= 0) goto err; |
| 233 | } | 223 | } |
| 234 | if (x->timeout != 0L) { | 224 | if (x->timeout != 0L) { |
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 579eaa6ce4..3f5df9ad7a 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -519,7 +519,6 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 519 | } | 519 | } |
| 520 | } | 520 | } |
| 521 | 521 | ||
| 522 | s->session->key_arg_length = 0; | ||
| 523 | #ifdef KSSL_DEBUG | 522 | #ifdef KSSL_DEBUG |
| 524 | { | 523 | { |
| 525 | int i; | 524 | int i; |