summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
authormarkus <>2003-05-11 21:36:58 +0000
committermarkus <>2003-05-11 21:36:58 +0000
commit1c98a87f0daac81245653c227eb2f2508a22a965 (patch)
tree3de6d603296ec563b936da4e6a8a1e33d48f8884 /src/lib/libssl/ssl_lib.c
parent31392c89d1135cf2a416f97295f6d21681b3fbc4 (diff)
downloadopenbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.gz
openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.bz2
openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.zip
import 0.9.7b (without idea and rc5)
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c45
1 files changed, 29 insertions, 16 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 4bc4ce5b3a..ddd8114587 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -121,6 +121,7 @@
121#include <openssl/objects.h> 121#include <openssl/objects.h>
122#include <openssl/lhash.h> 122#include <openssl/lhash.h>
123#include <openssl/x509v3.h> 123#include <openssl/x509v3.h>
124#include "cryptlib.h"
124 125
125const char *SSL_version_str=OPENSSL_VERSION_TEXT; 126const char *SSL_version_str=OPENSSL_VERSION_TEXT;
126 127
@@ -273,6 +274,7 @@ SSL *SSL_new(SSL_CTX *ctx)
273 s->verify_mode=ctx->verify_mode; 274 s->verify_mode=ctx->verify_mode;
274 s->verify_depth=ctx->verify_depth; 275 s->verify_depth=ctx->verify_depth;
275 s->sid_ctx_length=ctx->sid_ctx_length; 276 s->sid_ctx_length=ctx->sid_ctx_length;
277 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
276 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); 278 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
277 s->verify_callback=ctx->default_verify_callback; 279 s->verify_callback=ctx->default_verify_callback;
278 s->generate_session_id=ctx->generate_session_id; 280 s->generate_session_id=ctx->generate_session_id;
@@ -314,7 +316,7 @@ err:
314int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, 316int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
315 unsigned int sid_ctx_len) 317 unsigned int sid_ctx_len)
316 { 318 {
317 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) 319 if(sid_ctx_len > sizeof ctx->sid_ctx)
318 { 320 {
319 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 321 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
320 return 0; 322 return 0;
@@ -364,6 +366,10 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
364 * any new session built out of this id/id_len and the ssl_version in 366 * any new session built out of this id/id_len and the ssl_version in
365 * use by this SSL. */ 367 * use by this SSL. */
366 SSL_SESSION r, *p; 368 SSL_SESSION r, *p;
369
370 if(id_len > sizeof r.session_id)
371 return 0;
372
367 r.ssl_version = ssl->version; 373 r.ssl_version = ssl->version;
368 r.session_id_length = id_len; 374 r.session_id_length = id_len;
369 memcpy(r.session_id, id, id_len); 375 memcpy(r.session_id, id, id_len);
@@ -1063,14 +1069,17 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1063 * preference */ 1069 * preference */
1064STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) 1070STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
1065 { 1071 {
1066 if ((s != NULL) && (s->cipher_list != NULL)) 1072 if (s != NULL)
1067 {
1068 return(s->cipher_list);
1069 }
1070 else if ((s->ctx != NULL) &&
1071 (s->ctx->cipher_list != NULL))
1072 { 1073 {
1073 return(s->ctx->cipher_list); 1074 if (s->cipher_list != NULL)
1075 {
1076 return(s->cipher_list);
1077 }
1078 else if ((s->ctx != NULL) &&
1079 (s->ctx->cipher_list != NULL))
1080 {
1081 return(s->ctx->cipher_list);
1082 }
1074 } 1083 }
1075 return(NULL); 1084 return(NULL);
1076 } 1085 }
@@ -1079,14 +1088,17 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
1079 * algorithm id */ 1088 * algorithm id */
1080STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) 1089STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
1081 { 1090 {
1082 if ((s != NULL) && (s->cipher_list_by_id != NULL)) 1091 if (s != NULL)
1083 {
1084 return(s->cipher_list_by_id);
1085 }
1086 else if ((s != NULL) && (s->ctx != NULL) &&
1087 (s->ctx->cipher_list_by_id != NULL))
1088 { 1092 {
1089 return(s->ctx->cipher_list_by_id); 1093 if (s->cipher_list_by_id != NULL)
1094 {
1095 return(s->cipher_list_by_id);
1096 }
1097 else if ((s->ctx != NULL) &&
1098 (s->ctx->cipher_list_by_id != NULL))
1099 {
1100 return(s->ctx->cipher_list_by_id);
1101 }
1090 } 1102 }
1091 return(NULL); 1103 return(NULL);
1092 } 1104 }
@@ -1652,7 +1664,7 @@ void ssl_update_cache(SSL *s,int mode)
1652 1664
1653 i=s->ctx->session_cache_mode; 1665 i=s->ctx->session_cache_mode;
1654 if ((i & mode) && (!s->hit) 1666 if ((i & mode) && (!s->hit)
1655 && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) 1667 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
1656 || SSL_CTX_add_session(s->ctx,s->session)) 1668 || SSL_CTX_add_session(s->ctx,s->session))
1657 && (s->ctx->new_session_cb != NULL)) 1669 && (s->ctx->new_session_cb != NULL))
1658 { 1670 {
@@ -1884,6 +1896,7 @@ SSL *SSL_dup(SSL *s)
1884 * they should not both point to the same object, 1896 * they should not both point to the same object,
1885 * and thus we can't use SSL_copy_session_id. */ 1897 * and thus we can't use SSL_copy_session_id. */
1886 1898
1899 ret->method->ssl_free(ret);
1887 ret->method = s->method; 1900 ret->method = s->method;
1888 ret->method->ssl_new(ret); 1901 ret->method->ssl_new(ret);
1889 1902
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 21:25:38 +0000