diff options
| -rw-r--r-- | src/lib/libcrypto/crypto/shlib_version | 2 | ||||
| -rw-r--r-- | src/lib/libcrypto/shlib_version | 2 | ||||
| -rw-r--r-- | src/lib/libssl/shlib_version | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_enc.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl.h | 20 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_asn1.c | 24 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_lib.c | 7 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_sess.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_txt.c | 14 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_enc.c | 1 | ||||
| -rw-r--r-- | src/lib/libssl/ssl.h | 20 | ||||
| -rw-r--r-- | src/lib/libssl/ssl/shlib_version | 2 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_asn1.c | 24 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 7 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_txt.c | 14 | ||||
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 1 |
17 files changed, 44 insertions, 118 deletions
diff --git a/src/lib/libcrypto/crypto/shlib_version b/src/lib/libcrypto/crypto/shlib_version index 361604a5eb..c622cb8cdf 100644 --- a/src/lib/libcrypto/crypto/shlib_version +++ b/src/lib/libcrypto/crypto/shlib_version | |||
| @@ -1,2 +1,2 @@ | |||
| 1 | major=25 | 1 | major=26 |
| 2 | minor=0 | 2 | minor=0 |
diff --git a/src/lib/libcrypto/shlib_version b/src/lib/libcrypto/shlib_version index 361604a5eb..c622cb8cdf 100644 --- a/src/lib/libcrypto/shlib_version +++ b/src/lib/libcrypto/shlib_version | |||
| @@ -1,2 +1,2 @@ | |||
| 1 | major=25 | 1 | major=26 |
| 2 | minor=0 | 2 | minor=0 |
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version index df4de0fc4d..906022aa66 100644 --- a/src/lib/libssl/shlib_version +++ b/src/lib/libssl/shlib_version | |||
| @@ -1,2 +1,2 @@ | |||
| 1 | major=23 | 1 | major=24 |
| 2 | minor=0 | 2 | minor=0 |
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index 4d12631694..2b02c5ba06 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c | |||
| @@ -361,8 +361,6 @@ ssl3_change_cipher_state(SSL *s, int which) | |||
| 361 | } | 361 | } |
| 362 | } | 362 | } |
| 363 | 363 | ||
| 364 | s->session->key_arg_length = 0; | ||
| 365 | |||
| 366 | EVP_CipherInit_ex(dd, c, NULL, key, iv,(which & SSL3_CC_WRITE)); | 364 | EVP_CipherInit_ex(dd, c, NULL, key, iv,(which & SSL3_CC_WRITE)); |
| 367 | 365 | ||
| 368 | OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key)); | 366 | OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key)); |
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index f3ca8c5c4e..3624bdcccd 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h | |||
| @@ -399,7 +399,7 @@ struct ssl_cipher_st { | |||
| 399 | }; | 399 | }; |
| 400 | 400 | ||
| 401 | 401 | ||
| 402 | /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ | 402 | /* Used to hold functions for SSLv3/TLSv1 functions */ |
| 403 | struct ssl_method_st { | 403 | struct ssl_method_st { |
| 404 | int version; | 404 | int version; |
| 405 | int (*ssl_new)(SSL *s); | 405 | int (*ssl_new)(SSL *s); |
| @@ -442,7 +442,6 @@ struct ssl_method_st { | |||
| 442 | * Session_ID OCTET STRING, -- the Session ID | 442 | * Session_ID OCTET STRING, -- the Session ID |
| 443 | * Master_key OCTET STRING, -- the master key | 443 | * Master_key OCTET STRING, -- the master key |
| 444 | * KRB5_principal OCTET STRING -- optional Kerberos principal | 444 | * KRB5_principal OCTET STRING -- optional Kerberos principal |
| 445 | * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument | ||
| 446 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time | 445 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time |
| 447 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds | 446 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds |
| 448 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate | 447 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate |
| @@ -463,9 +462,6 @@ struct ssl_session_st { | |||
| 463 | int ssl_version; /* what ssl version session info is | 462 | int ssl_version; /* what ssl version session info is |
| 464 | * being kept in here? */ | 463 | * being kept in here? */ |
| 465 | 464 | ||
| 466 | /* only really used in SSLv2 */ | ||
| 467 | unsigned int key_arg_length; | ||
| 468 | unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; | ||
| 469 | int master_key_length; | 465 | int master_key_length; |
| 470 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; | 466 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; |
| 471 | /* session_id - valid? */ | 467 | /* session_id - valid? */ |
| @@ -502,9 +498,9 @@ struct ssl_session_st { | |||
| 502 | * is not ok, we must remember the error for session reuse: */ | 498 | * is not ok, we must remember the error for session reuse: */ |
| 503 | long verify_result; /* only for servers */ | 499 | long verify_result; /* only for servers */ |
| 504 | 500 | ||
| 505 | int references; | ||
| 506 | long timeout; | 501 | long timeout; |
| 507 | long time; | 502 | time_t time; |
| 503 | int references; | ||
| 508 | 504 | ||
| 509 | unsigned int compress_meth; /* Need to lookup the method */ | 505 | unsigned int compress_meth; /* Need to lookup the method */ |
| 510 | 506 | ||
| @@ -845,9 +841,8 @@ struct ssl_ctx_st { | |||
| 845 | 841 | ||
| 846 | CRYPTO_EX_DATA ex_data; | 842 | CRYPTO_EX_DATA ex_data; |
| 847 | 843 | ||
| 848 | const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ | ||
| 849 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ | 844 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ |
| 850 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ | 845 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */ |
| 851 | 846 | ||
| 852 | STACK_OF(X509) *extra_certs; | 847 | STACK_OF(X509) *extra_certs; |
| 853 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ | 848 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ |
| @@ -1155,7 +1150,6 @@ struct ssl_st { | |||
| 1155 | unsigned char *packet; | 1150 | unsigned char *packet; |
| 1156 | unsigned int packet_length; | 1151 | unsigned int packet_length; |
| 1157 | 1152 | ||
| 1158 | struct ssl2_state_st *s2; /* SSLv2 variables */ | ||
| 1159 | struct ssl3_state_st *s3; /* SSLv3 variables */ | 1153 | struct ssl3_state_st *s3; /* SSLv3 variables */ |
| 1160 | struct dtls1_state_st *d1; /* DTLSv1 variables */ | 1154 | struct dtls1_state_st *d1; /* DTLSv1 variables */ |
| 1161 | 1155 | ||
| @@ -1828,9 +1822,9 @@ const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ | |||
| 1828 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ | 1822 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ |
| 1829 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ | 1823 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ |
| 1830 | 1824 | ||
| 1831 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ | 1825 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 or TLSv1.* */ |
| 1832 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ | 1826 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 or TLSv1.* */ |
| 1833 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ | 1827 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 or TLSv1.* */ |
| 1834 | 1828 | ||
| 1835 | const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ | 1829 | const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ |
| 1836 | const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ | 1830 | const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ |
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c index c551ec4877..1d2590268c 100644 --- a/src/lib/libssl/src/ssl/ssl_asn1.c +++ b/src/lib/libssl/src/ssl/ssl_asn1.c | |||
| @@ -97,7 +97,6 @@ typedef struct ssl_session_asn1_st { | |||
| 97 | ASN1_OCTET_STRING master_key; | 97 | ASN1_OCTET_STRING master_key; |
| 98 | ASN1_OCTET_STRING session_id; | 98 | ASN1_OCTET_STRING session_id; |
| 99 | ASN1_OCTET_STRING session_id_context; | 99 | ASN1_OCTET_STRING session_id_context; |
| 100 | ASN1_OCTET_STRING key_arg; | ||
| 101 | #ifndef OPENSSL_NO_KRB5 | 100 | #ifndef OPENSSL_NO_KRB5 |
| 102 | ASN1_OCTET_STRING krb5_princ; | 101 | ASN1_OCTET_STRING krb5_princ; |
| 103 | #endif /* OPENSSL_NO_KRB5 */ | 102 | #endif /* OPENSSL_NO_KRB5 */ |
| @@ -190,10 +189,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 190 | a.session_id_context.type = V_ASN1_OCTET_STRING; | 189 | a.session_id_context.type = V_ASN1_OCTET_STRING; |
| 191 | a.session_id_context.data = in->sid_ctx; | 190 | a.session_id_context.data = in->sid_ctx; |
| 192 | 191 | ||
| 193 | a.key_arg.length = in->key_arg_length; | ||
| 194 | a.key_arg.type = V_ASN1_OCTET_STRING; | ||
| 195 | a.key_arg.data = in->key_arg; | ||
| 196 | |||
| 197 | #ifndef OPENSSL_NO_KRB5 | 192 | #ifndef OPENSSL_NO_KRB5 |
| 198 | if (in->krb5_client_princ_len) { | 193 | if (in->krb5_client_princ_len) { |
| 199 | a.krb5_princ.length = in->krb5_client_princ_len; | 194 | a.krb5_princ.length = in->krb5_client_princ_len; |
| @@ -206,7 +201,7 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 206 | a.time.length = LSIZE2; | 201 | a.time.length = LSIZE2; |
| 207 | a.time.type = V_ASN1_INTEGER; | 202 | a.time.type = V_ASN1_INTEGER; |
| 208 | a.time.data = ibuf3; | 203 | a.time.data = ibuf3; |
| 209 | ASN1_INTEGER_set(&(a.time), in->time); | 204 | ASN1_INTEGER_set(&(a.time), in->time); /* XXX 2038 */ |
| 210 | } | 205 | } |
| 211 | 206 | ||
| 212 | if (in->timeout != 0L) { | 207 | if (in->timeout != 0L) { |
| @@ -270,8 +265,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 270 | if (in->krb5_client_princ_len) | 265 | if (in->krb5_client_princ_len) |
| 271 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 266 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 272 | #endif /* OPENSSL_NO_KRB5 */ | 267 | #endif /* OPENSSL_NO_KRB5 */ |
| 273 | if (in->key_arg_length > 0) | ||
| 274 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING); | ||
| 275 | if (in->time != 0L) | 268 | if (in->time != 0L) |
| 276 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); | 269 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 277 | if (in->timeout != 0L) | 270 | if (in->timeout != 0L) |
| @@ -316,8 +309,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 316 | if (in->krb5_client_princ_len) | 309 | if (in->krb5_client_princ_len) |
| 317 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 310 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 318 | #endif /* OPENSSL_NO_KRB5 */ | 311 | #endif /* OPENSSL_NO_KRB5 */ |
| 319 | if (in->key_arg_length > 0) | ||
| 320 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0); | ||
| 321 | if (in->time != 0L) | 312 | if (in->time != 0L) |
| 322 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); | 313 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 323 | if (in->timeout != 0L) | 314 | if (in->timeout != 0L) |
| @@ -445,24 +436,15 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) | |||
| 445 | ret->krb5_client_princ_len = 0; | 436 | ret->krb5_client_princ_len = 0; |
| 446 | #endif /* OPENSSL_NO_KRB5 */ | 437 | #endif /* OPENSSL_NO_KRB5 */ |
| 447 | 438 | ||
| 448 | M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING); | ||
| 449 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) | ||
| 450 | ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH; | ||
| 451 | else | ||
| 452 | ret->key_arg_length = os.length; | ||
| 453 | memcpy(ret->key_arg, os.data, ret->key_arg_length); | ||
| 454 | if (os.data != NULL) | ||
| 455 | free(os.data); | ||
| 456 | |||
| 457 | ai.length = 0; | 439 | ai.length = 0; |
| 458 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); | 440 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); /* XXX 2038 */ |
| 459 | if (ai.data != NULL) { | 441 | if (ai.data != NULL) { |
| 460 | ret->time = ASN1_INTEGER_get(aip); | 442 | ret->time = ASN1_INTEGER_get(aip); |
| 461 | free(ai.data); | 443 | free(ai.data); |
| 462 | ai.data = NULL; | 444 | ai.data = NULL; |
| 463 | ai.length = 0; | 445 | ai.length = 0; |
| 464 | } else | 446 | } else |
| 465 | ret->time = (unsigned long)time(NULL); | 447 | ret->time = time(NULL); |
| 466 | 448 | ||
| 467 | ai.length = 0; | 449 | ai.length = 0; |
| 468 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); | 450 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); |
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index 3ab353b8eb..21d6835b98 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -1712,11 +1712,8 @@ SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1712 | ret->references = 1; | 1712 | ret->references = 1; |
| 1713 | ret->quiet_shutdown = 0; | 1713 | ret->quiet_shutdown = 0; |
| 1714 | 1714 | ||
| 1715 | /* ret->cipher=NULL;*/ | 1715 | /* ret->cipher=NULL; |
| 1716 | /* ret->s2->challenge=NULL; | ||
| 1717 | ret->master_key=NULL; | 1716 | ret->master_key=NULL; |
| 1718 | ret->key_arg=NULL; | ||
| 1719 | ret->s2->conn_id=NULL; | ||
| 1720 | */ | 1717 | */ |
| 1721 | 1718 | ||
| 1722 | ret->info_callback = NULL; | 1719 | ret->info_callback = NULL; |
| @@ -2340,7 +2337,7 @@ ssl_update_cache(SSL *s, int mode) | |||
| 2340 | if ((((mode & SSL_SESS_CACHE_CLIENT) | 2337 | if ((((mode & SSL_SESS_CACHE_CLIENT) |
| 2341 | ?s->session_ctx->stats.sess_connect_good | 2338 | ?s->session_ctx->stats.sess_connect_good |
| 2342 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { | 2339 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { |
| 2343 | SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); | 2340 | SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); |
| 2344 | } | 2341 | } |
| 2345 | } | 2342 | } |
| 2346 | } | 2343 | } |
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c index c67ae1c22f..c032154d48 100644 --- a/src/lib/libssl/src/ssl/ssl_sess.c +++ b/src/lib/libssl/src/ssl/ssl_sess.c | |||
| @@ -205,7 +205,7 @@ SSL_SESSION_new(void) | |||
| 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ | 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ |
| 206 | ss->references = 1; | 206 | ss->references = 1; |
| 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ | 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ |
| 208 | ss->time = (unsigned long)time(NULL); | 208 | ss->time = time(NULL); |
| 209 | ss->prev = NULL; | 209 | ss->prev = NULL; |
| 210 | ss->next = NULL; | 210 | ss->next = NULL; |
| 211 | ss->compress_meth = 0; | 211 | ss->compress_meth = 0; |
| @@ -555,7 +555,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 555 | goto err; | 555 | goto err; |
| 556 | } | 556 | } |
| 557 | 557 | ||
| 558 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ | 558 | if (ret->timeout < (time(NULL) - ret->time)) /* timeout */ |
| 559 | { | 559 | { |
| 560 | s->session_ctx->stats.sess_timeout++; | 560 | s->session_ctx->stats.sess_timeout++; |
| 561 | if (try_session_cache) { | 561 | if (try_session_cache) { |
| @@ -699,7 +699,6 @@ SSL_SESSION_free(SSL_SESSION *ss) | |||
| 699 | 699 | ||
| 700 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 700 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 701 | 701 | ||
| 702 | OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); | ||
| 703 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); | 702 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); |
| 704 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); | 703 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); |
| 705 | if (ss->sess_cert != NULL) | 704 | if (ss->sess_cert != NULL) |
| @@ -807,6 +806,7 @@ SSL_SESSION_get_timeout(const SSL_SESSION *s) | |||
| 807 | return (s->timeout); | 806 | return (s->timeout); |
| 808 | } | 807 | } |
| 809 | 808 | ||
| 809 | /* XXX 2038 */ | ||
| 810 | long | 810 | long |
| 811 | SSL_SESSION_get_time(const SSL_SESSION *s) | 811 | SSL_SESSION_get_time(const SSL_SESSION *s) |
| 812 | { | 812 | { |
| @@ -815,6 +815,7 @@ SSL_SESSION_get_time(const SSL_SESSION *s) | |||
| 815 | return (s->time); | 815 | return (s->time); |
| 816 | } | 816 | } |
| 817 | 817 | ||
| 818 | /* XXX 2038 */ | ||
| 818 | long | 819 | long |
| 819 | SSL_SESSION_set_time(SSL_SESSION *s, long t) | 820 | SSL_SESSION_set_time(SSL_SESSION *s, long t) |
| 820 | { | 821 | { |
| @@ -926,7 +927,7 @@ typedef struct timeout_param_st { | |||
| 926 | static void | 927 | static void |
| 927 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | 928 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) |
| 928 | { | 929 | { |
| 929 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ | 930 | if ((p->time == 0) || (p->time > (s->time + s->timeout))) /* timeout */ |
| 930 | { | 931 | { |
| 931 | /* The reason we don't call SSL_CTX_remove_session() is to | 932 | /* The reason we don't call SSL_CTX_remove_session() is to |
| 932 | * save on locking overhead */ | 933 | * save on locking overhead */ |
| @@ -942,6 +943,7 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | |||
| 942 | static | 943 | static |
| 943 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | 944 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) |
| 944 | 945 | ||
| 946 | /* XXX 2038 */ | ||
| 945 | void | 947 | void |
| 946 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) | 948 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) |
| 947 | { | 949 | { |
diff --git a/src/lib/libssl/src/ssl/ssl_txt.c b/src/lib/libssl/src/ssl/ssl_txt.c index 91664ffe43..5538c57562 100644 --- a/src/lib/libssl/src/ssl/ssl_txt.c +++ b/src/lib/libssl/src/ssl/ssl_txt.c | |||
| @@ -161,16 +161,6 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 161 | if (BIO_printf(bp, "%02X", x->master_key[i]) | 161 | if (BIO_printf(bp, "%02X", x->master_key[i]) |
| 162 | <= 0) goto err; | 162 | <= 0) goto err; |
| 163 | } | 163 | } |
| 164 | if (BIO_puts(bp, "\n Key-Arg : ") | ||
| 165 | <= 0) goto err; | ||
| 166 | if (x->key_arg_length == 0) { | ||
| 167 | if (BIO_puts(bp, "None") | ||
| 168 | <= 0) goto err; | ||
| 169 | } else | ||
| 170 | for (i = 0; i < x->key_arg_length; i++) { | ||
| 171 | if (BIO_printf(bp, "%02X", x->key_arg[i]) | ||
| 172 | <= 0) goto err; | ||
| 173 | } | ||
| 174 | #ifndef OPENSSL_NO_KRB5 | 164 | #ifndef OPENSSL_NO_KRB5 |
| 175 | if (BIO_puts(bp, "\n Krb5 Principal: ") | 165 | if (BIO_puts(bp, "\n Krb5 Principal: ") |
| 176 | <= 0) goto err; | 166 | <= 0) goto err; |
| @@ -227,8 +217,8 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 227 | } | 217 | } |
| 228 | } | 218 | } |
| 229 | #endif | 219 | #endif |
| 230 | if (x->time != 0L) { | 220 | if (x->time != 0) { |
| 231 | if (BIO_printf(bp, "\n Start Time: %ld", x->time) | 221 | if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) |
| 232 | <= 0) goto err; | 222 | <= 0) goto err; |
| 233 | } | 223 | } |
| 234 | if (x->timeout != 0L) { | 224 | if (x->timeout != 0L) { |
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index 579eaa6ce4..3f5df9ad7a 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c | |||
| @@ -519,7 +519,6 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 519 | } | 519 | } |
| 520 | } | 520 | } |
| 521 | 521 | ||
| 522 | s->session->key_arg_length = 0; | ||
| 523 | #ifdef KSSL_DEBUG | 522 | #ifdef KSSL_DEBUG |
| 524 | { | 523 | { |
| 525 | int i; | 524 | int i; |
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index f3ca8c5c4e..3624bdcccd 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -399,7 +399,7 @@ struct ssl_cipher_st { | |||
| 399 | }; | 399 | }; |
| 400 | 400 | ||
| 401 | 401 | ||
| 402 | /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ | 402 | /* Used to hold functions for SSLv3/TLSv1 functions */ |
| 403 | struct ssl_method_st { | 403 | struct ssl_method_st { |
| 404 | int version; | 404 | int version; |
| 405 | int (*ssl_new)(SSL *s); | 405 | int (*ssl_new)(SSL *s); |
| @@ -442,7 +442,6 @@ struct ssl_method_st { | |||
| 442 | * Session_ID OCTET STRING, -- the Session ID | 442 | * Session_ID OCTET STRING, -- the Session ID |
| 443 | * Master_key OCTET STRING, -- the master key | 443 | * Master_key OCTET STRING, -- the master key |
| 444 | * KRB5_principal OCTET STRING -- optional Kerberos principal | 444 | * KRB5_principal OCTET STRING -- optional Kerberos principal |
| 445 | * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument | ||
| 446 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time | 445 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time |
| 447 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds | 446 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds |
| 448 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate | 447 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate |
| @@ -463,9 +462,6 @@ struct ssl_session_st { | |||
| 463 | int ssl_version; /* what ssl version session info is | 462 | int ssl_version; /* what ssl version session info is |
| 464 | * being kept in here? */ | 463 | * being kept in here? */ |
| 465 | 464 | ||
| 466 | /* only really used in SSLv2 */ | ||
| 467 | unsigned int key_arg_length; | ||
| 468 | unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; | ||
| 469 | int master_key_length; | 465 | int master_key_length; |
| 470 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; | 466 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; |
| 471 | /* session_id - valid? */ | 467 | /* session_id - valid? */ |
| @@ -502,9 +498,9 @@ struct ssl_session_st { | |||
| 502 | * is not ok, we must remember the error for session reuse: */ | 498 | * is not ok, we must remember the error for session reuse: */ |
| 503 | long verify_result; /* only for servers */ | 499 | long verify_result; /* only for servers */ |
| 504 | 500 | ||
| 505 | int references; | ||
| 506 | long timeout; | 501 | long timeout; |
| 507 | long time; | 502 | time_t time; |
| 503 | int references; | ||
| 508 | 504 | ||
| 509 | unsigned int compress_meth; /* Need to lookup the method */ | 505 | unsigned int compress_meth; /* Need to lookup the method */ |
| 510 | 506 | ||
| @@ -845,9 +841,8 @@ struct ssl_ctx_st { | |||
| 845 | 841 | ||
| 846 | CRYPTO_EX_DATA ex_data; | 842 | CRYPTO_EX_DATA ex_data; |
| 847 | 843 | ||
| 848 | const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ | ||
| 849 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ | 844 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ |
| 850 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ | 845 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */ |
| 851 | 846 | ||
| 852 | STACK_OF(X509) *extra_certs; | 847 | STACK_OF(X509) *extra_certs; |
| 853 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ | 848 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ |
| @@ -1155,7 +1150,6 @@ struct ssl_st { | |||
| 1155 | unsigned char *packet; | 1150 | unsigned char *packet; |
| 1156 | unsigned int packet_length; | 1151 | unsigned int packet_length; |
| 1157 | 1152 | ||
| 1158 | struct ssl2_state_st *s2; /* SSLv2 variables */ | ||
| 1159 | struct ssl3_state_st *s3; /* SSLv3 variables */ | 1153 | struct ssl3_state_st *s3; /* SSLv3 variables */ |
| 1160 | struct dtls1_state_st *d1; /* DTLSv1 variables */ | 1154 | struct dtls1_state_st *d1; /* DTLSv1 variables */ |
| 1161 | 1155 | ||
| @@ -1828,9 +1822,9 @@ const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ | |||
| 1828 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ | 1822 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ |
| 1829 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ | 1823 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ |
| 1830 | 1824 | ||
| 1831 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ | 1825 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 or TLSv1.* */ |
| 1832 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ | 1826 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 or TLSv1.* */ |
| 1833 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ | 1827 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 or TLSv1.* */ |
| 1834 | 1828 | ||
| 1835 | const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ | 1829 | const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ |
| 1836 | const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ | 1830 | const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ |
diff --git a/src/lib/libssl/ssl/shlib_version b/src/lib/libssl/ssl/shlib_version index df4de0fc4d..906022aa66 100644 --- a/src/lib/libssl/ssl/shlib_version +++ b/src/lib/libssl/ssl/shlib_version | |||
| @@ -1,2 +1,2 @@ | |||
| 1 | major=23 | 1 | major=24 |
| 2 | minor=0 | 2 | minor=0 |
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index c551ec4877..1d2590268c 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c | |||
| @@ -97,7 +97,6 @@ typedef struct ssl_session_asn1_st { | |||
| 97 | ASN1_OCTET_STRING master_key; | 97 | ASN1_OCTET_STRING master_key; |
| 98 | ASN1_OCTET_STRING session_id; | 98 | ASN1_OCTET_STRING session_id; |
| 99 | ASN1_OCTET_STRING session_id_context; | 99 | ASN1_OCTET_STRING session_id_context; |
| 100 | ASN1_OCTET_STRING key_arg; | ||
| 101 | #ifndef OPENSSL_NO_KRB5 | 100 | #ifndef OPENSSL_NO_KRB5 |
| 102 | ASN1_OCTET_STRING krb5_princ; | 101 | ASN1_OCTET_STRING krb5_princ; |
| 103 | #endif /* OPENSSL_NO_KRB5 */ | 102 | #endif /* OPENSSL_NO_KRB5 */ |
| @@ -190,10 +189,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 190 | a.session_id_context.type = V_ASN1_OCTET_STRING; | 189 | a.session_id_context.type = V_ASN1_OCTET_STRING; |
| 191 | a.session_id_context.data = in->sid_ctx; | 190 | a.session_id_context.data = in->sid_ctx; |
| 192 | 191 | ||
| 193 | a.key_arg.length = in->key_arg_length; | ||
| 194 | a.key_arg.type = V_ASN1_OCTET_STRING; | ||
| 195 | a.key_arg.data = in->key_arg; | ||
| 196 | |||
| 197 | #ifndef OPENSSL_NO_KRB5 | 192 | #ifndef OPENSSL_NO_KRB5 |
| 198 | if (in->krb5_client_princ_len) { | 193 | if (in->krb5_client_princ_len) { |
| 199 | a.krb5_princ.length = in->krb5_client_princ_len; | 194 | a.krb5_princ.length = in->krb5_client_princ_len; |
| @@ -206,7 +201,7 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 206 | a.time.length = LSIZE2; | 201 | a.time.length = LSIZE2; |
| 207 | a.time.type = V_ASN1_INTEGER; | 202 | a.time.type = V_ASN1_INTEGER; |
| 208 | a.time.data = ibuf3; | 203 | a.time.data = ibuf3; |
| 209 | ASN1_INTEGER_set(&(a.time), in->time); | 204 | ASN1_INTEGER_set(&(a.time), in->time); /* XXX 2038 */ |
| 210 | } | 205 | } |
| 211 | 206 | ||
| 212 | if (in->timeout != 0L) { | 207 | if (in->timeout != 0L) { |
| @@ -270,8 +265,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 270 | if (in->krb5_client_princ_len) | 265 | if (in->krb5_client_princ_len) |
| 271 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 266 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 272 | #endif /* OPENSSL_NO_KRB5 */ | 267 | #endif /* OPENSSL_NO_KRB5 */ |
| 273 | if (in->key_arg_length > 0) | ||
| 274 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING); | ||
| 275 | if (in->time != 0L) | 268 | if (in->time != 0L) |
| 276 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); | 269 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 277 | if (in->timeout != 0L) | 270 | if (in->timeout != 0L) |
| @@ -316,8 +309,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 316 | if (in->krb5_client_princ_len) | 309 | if (in->krb5_client_princ_len) |
| 317 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 310 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 318 | #endif /* OPENSSL_NO_KRB5 */ | 311 | #endif /* OPENSSL_NO_KRB5 */ |
| 319 | if (in->key_arg_length > 0) | ||
| 320 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0); | ||
| 321 | if (in->time != 0L) | 312 | if (in->time != 0L) |
| 322 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); | 313 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 323 | if (in->timeout != 0L) | 314 | if (in->timeout != 0L) |
| @@ -445,24 +436,15 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) | |||
| 445 | ret->krb5_client_princ_len = 0; | 436 | ret->krb5_client_princ_len = 0; |
| 446 | #endif /* OPENSSL_NO_KRB5 */ | 437 | #endif /* OPENSSL_NO_KRB5 */ |
| 447 | 438 | ||
| 448 | M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING); | ||
| 449 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) | ||
| 450 | ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH; | ||
| 451 | else | ||
| 452 | ret->key_arg_length = os.length; | ||
| 453 | memcpy(ret->key_arg, os.data, ret->key_arg_length); | ||
| 454 | if (os.data != NULL) | ||
| 455 | free(os.data); | ||
| 456 | |||
| 457 | ai.length = 0; | 439 | ai.length = 0; |
| 458 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); | 440 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); /* XXX 2038 */ |
| 459 | if (ai.data != NULL) { | 441 | if (ai.data != NULL) { |
| 460 | ret->time = ASN1_INTEGER_get(aip); | 442 | ret->time = ASN1_INTEGER_get(aip); |
| 461 | free(ai.data); | 443 | free(ai.data); |
| 462 | ai.data = NULL; | 444 | ai.data = NULL; |
| 463 | ai.length = 0; | 445 | ai.length = 0; |
| 464 | } else | 446 | } else |
| 465 | ret->time = (unsigned long)time(NULL); | 447 | ret->time = time(NULL); |
| 466 | 448 | ||
| 467 | ai.length = 0; | 449 | ai.length = 0; |
| 468 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); | 450 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 3ab353b8eb..21d6835b98 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1712,11 +1712,8 @@ SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1712 | ret->references = 1; | 1712 | ret->references = 1; |
| 1713 | ret->quiet_shutdown = 0; | 1713 | ret->quiet_shutdown = 0; |
| 1714 | 1714 | ||
| 1715 | /* ret->cipher=NULL;*/ | 1715 | /* ret->cipher=NULL; |
| 1716 | /* ret->s2->challenge=NULL; | ||
| 1717 | ret->master_key=NULL; | 1716 | ret->master_key=NULL; |
| 1718 | ret->key_arg=NULL; | ||
| 1719 | ret->s2->conn_id=NULL; | ||
| 1720 | */ | 1717 | */ |
| 1721 | 1718 | ||
| 1722 | ret->info_callback = NULL; | 1719 | ret->info_callback = NULL; |
| @@ -2340,7 +2337,7 @@ ssl_update_cache(SSL *s, int mode) | |||
| 2340 | if ((((mode & SSL_SESS_CACHE_CLIENT) | 2337 | if ((((mode & SSL_SESS_CACHE_CLIENT) |
| 2341 | ?s->session_ctx->stats.sess_connect_good | 2338 | ?s->session_ctx->stats.sess_connect_good |
| 2342 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { | 2339 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { |
| 2343 | SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); | 2340 | SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); |
| 2344 | } | 2341 | } |
| 2345 | } | 2342 | } |
| 2346 | } | 2343 | } |
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index c67ae1c22f..c032154d48 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -205,7 +205,7 @@ SSL_SESSION_new(void) | |||
| 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ | 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ |
| 206 | ss->references = 1; | 206 | ss->references = 1; |
| 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ | 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ |
| 208 | ss->time = (unsigned long)time(NULL); | 208 | ss->time = time(NULL); |
| 209 | ss->prev = NULL; | 209 | ss->prev = NULL; |
| 210 | ss->next = NULL; | 210 | ss->next = NULL; |
| 211 | ss->compress_meth = 0; | 211 | ss->compress_meth = 0; |
| @@ -555,7 +555,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 555 | goto err; | 555 | goto err; |
| 556 | } | 556 | } |
| 557 | 557 | ||
| 558 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ | 558 | if (ret->timeout < (time(NULL) - ret->time)) /* timeout */ |
| 559 | { | 559 | { |
| 560 | s->session_ctx->stats.sess_timeout++; | 560 | s->session_ctx->stats.sess_timeout++; |
| 561 | if (try_session_cache) { | 561 | if (try_session_cache) { |
| @@ -699,7 +699,6 @@ SSL_SESSION_free(SSL_SESSION *ss) | |||
| 699 | 699 | ||
| 700 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 700 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 701 | 701 | ||
| 702 | OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); | ||
| 703 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); | 702 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); |
| 704 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); | 703 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); |
| 705 | if (ss->sess_cert != NULL) | 704 | if (ss->sess_cert != NULL) |
| @@ -807,6 +806,7 @@ SSL_SESSION_get_timeout(const SSL_SESSION *s) | |||
| 807 | return (s->timeout); | 806 | return (s->timeout); |
| 808 | } | 807 | } |
| 809 | 808 | ||
| 809 | /* XXX 2038 */ | ||
| 810 | long | 810 | long |
| 811 | SSL_SESSION_get_time(const SSL_SESSION *s) | 811 | SSL_SESSION_get_time(const SSL_SESSION *s) |
| 812 | { | 812 | { |
| @@ -815,6 +815,7 @@ SSL_SESSION_get_time(const SSL_SESSION *s) | |||
| 815 | return (s->time); | 815 | return (s->time); |
| 816 | } | 816 | } |
| 817 | 817 | ||
| 818 | /* XXX 2038 */ | ||
| 818 | long | 819 | long |
| 819 | SSL_SESSION_set_time(SSL_SESSION *s, long t) | 820 | SSL_SESSION_set_time(SSL_SESSION *s, long t) |
| 820 | { | 821 | { |
| @@ -926,7 +927,7 @@ typedef struct timeout_param_st { | |||
| 926 | static void | 927 | static void |
| 927 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | 928 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) |
| 928 | { | 929 | { |
| 929 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ | 930 | if ((p->time == 0) || (p->time > (s->time + s->timeout))) /* timeout */ |
| 930 | { | 931 | { |
| 931 | /* The reason we don't call SSL_CTX_remove_session() is to | 932 | /* The reason we don't call SSL_CTX_remove_session() is to |
| 932 | * save on locking overhead */ | 933 | * save on locking overhead */ |
| @@ -942,6 +943,7 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | |||
| 942 | static | 943 | static |
| 943 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | 944 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) |
| 944 | 945 | ||
| 946 | /* XXX 2038 */ | ||
| 945 | void | 947 | void |
| 946 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) | 948 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) |
| 947 | { | 949 | { |
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c index 91664ffe43..5538c57562 100644 --- a/src/lib/libssl/ssl_txt.c +++ b/src/lib/libssl/ssl_txt.c | |||
| @@ -161,16 +161,6 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 161 | if (BIO_printf(bp, "%02X", x->master_key[i]) | 161 | if (BIO_printf(bp, "%02X", x->master_key[i]) |
| 162 | <= 0) goto err; | 162 | <= 0) goto err; |
| 163 | } | 163 | } |
| 164 | if (BIO_puts(bp, "\n Key-Arg : ") | ||
| 165 | <= 0) goto err; | ||
| 166 | if (x->key_arg_length == 0) { | ||
| 167 | if (BIO_puts(bp, "None") | ||
| 168 | <= 0) goto err; | ||
| 169 | } else | ||
| 170 | for (i = 0; i < x->key_arg_length; i++) { | ||
| 171 | if (BIO_printf(bp, "%02X", x->key_arg[i]) | ||
| 172 | <= 0) goto err; | ||
| 173 | } | ||
| 174 | #ifndef OPENSSL_NO_KRB5 | 164 | #ifndef OPENSSL_NO_KRB5 |
| 175 | if (BIO_puts(bp, "\n Krb5 Principal: ") | 165 | if (BIO_puts(bp, "\n Krb5 Principal: ") |
| 176 | <= 0) goto err; | 166 | <= 0) goto err; |
| @@ -227,8 +217,8 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 227 | } | 217 | } |
| 228 | } | 218 | } |
| 229 | #endif | 219 | #endif |
| 230 | if (x->time != 0L) { | 220 | if (x->time != 0) { |
| 231 | if (BIO_printf(bp, "\n Start Time: %ld", x->time) | 221 | if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) |
| 232 | <= 0) goto err; | 222 | <= 0) goto err; |
| 233 | } | 223 | } |
| 234 | if (x->timeout != 0L) { | 224 | if (x->timeout != 0L) { |
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 579eaa6ce4..3f5df9ad7a 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -519,7 +519,6 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 519 | } | 519 | } |
| 520 | } | 520 | } |
| 521 | 521 | ||
| 522 | s->session->key_arg_length = 0; | ||
| 523 | #ifdef KSSL_DEBUG | 522 | #ifdef KSSL_DEBUG |
| 524 | { | 523 | { |
| 525 | int i; | 524 | int i; |