diff options
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 45 |
1 files changed, 16 insertions, 29 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index ddd8114587..4bc4ce5b3a 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -121,7 +121,6 @@ | |||
| 121 | #include <openssl/objects.h> | 121 | #include <openssl/objects.h> |
| 122 | #include <openssl/lhash.h> | 122 | #include <openssl/lhash.h> |
| 123 | #include <openssl/x509v3.h> | 123 | #include <openssl/x509v3.h> |
| 124 | #include "cryptlib.h" | ||
| 125 | 124 | ||
| 126 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; | 125 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; |
| 127 | 126 | ||
| @@ -274,7 +273,6 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 274 | s->verify_mode=ctx->verify_mode; | 273 | s->verify_mode=ctx->verify_mode; |
| 275 | s->verify_depth=ctx->verify_depth; | 274 | s->verify_depth=ctx->verify_depth; |
| 276 | s->sid_ctx_length=ctx->sid_ctx_length; | 275 | s->sid_ctx_length=ctx->sid_ctx_length; |
| 277 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); | ||
| 278 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); | 276 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); |
| 279 | s->verify_callback=ctx->default_verify_callback; | 277 | s->verify_callback=ctx->default_verify_callback; |
| 280 | s->generate_session_id=ctx->generate_session_id; | 278 | s->generate_session_id=ctx->generate_session_id; |
| @@ -316,7 +314,7 @@ err: | |||
| 316 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, | 314 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, |
| 317 | unsigned int sid_ctx_len) | 315 | unsigned int sid_ctx_len) |
| 318 | { | 316 | { |
| 319 | if(sid_ctx_len > sizeof ctx->sid_ctx) | 317 | if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) |
| 320 | { | 318 | { |
| 321 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 319 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 322 | return 0; | 320 | return 0; |
| @@ -366,10 +364,6 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |||
| 366 | * any new session built out of this id/id_len and the ssl_version in | 364 | * any new session built out of this id/id_len and the ssl_version in |
| 367 | * use by this SSL. */ | 365 | * use by this SSL. */ |
| 368 | SSL_SESSION r, *p; | 366 | SSL_SESSION r, *p; |
| 369 | |||
| 370 | if(id_len > sizeof r.session_id) | ||
| 371 | return 0; | ||
| 372 | |||
| 373 | r.ssl_version = ssl->version; | 367 | r.ssl_version = ssl->version; |
| 374 | r.session_id_length = id_len; | 368 | r.session_id_length = id_len; |
| 375 | memcpy(r.session_id, id, id_len); | 369 | memcpy(r.session_id, id, id_len); |
| @@ -1069,17 +1063,14 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | |||
| 1069 | * preference */ | 1063 | * preference */ |
| 1070 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) | 1064 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) |
| 1071 | { | 1065 | { |
| 1072 | if (s != NULL) | 1066 | if ((s != NULL) && (s->cipher_list != NULL)) |
| 1073 | { | 1067 | { |
| 1074 | if (s->cipher_list != NULL) | 1068 | return(s->cipher_list); |
| 1075 | { | 1069 | } |
| 1076 | return(s->cipher_list); | 1070 | else if ((s->ctx != NULL) && |
| 1077 | } | 1071 | (s->ctx->cipher_list != NULL)) |
| 1078 | else if ((s->ctx != NULL) && | 1072 | { |
| 1079 | (s->ctx->cipher_list != NULL)) | 1073 | return(s->ctx->cipher_list); |
| 1080 | { | ||
| 1081 | return(s->ctx->cipher_list); | ||
| 1082 | } | ||
| 1083 | } | 1074 | } |
| 1084 | return(NULL); | 1075 | return(NULL); |
| 1085 | } | 1076 | } |
| @@ -1088,17 +1079,14 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) | |||
| 1088 | * algorithm id */ | 1079 | * algorithm id */ |
| 1089 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) | 1080 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) |
| 1090 | { | 1081 | { |
| 1091 | if (s != NULL) | 1082 | if ((s != NULL) && (s->cipher_list_by_id != NULL)) |
| 1092 | { | 1083 | { |
| 1093 | if (s->cipher_list_by_id != NULL) | 1084 | return(s->cipher_list_by_id); |
| 1094 | { | 1085 | } |
| 1095 | return(s->cipher_list_by_id); | 1086 | else if ((s != NULL) && (s->ctx != NULL) && |
| 1096 | } | 1087 | (s->ctx->cipher_list_by_id != NULL)) |
| 1097 | else if ((s->ctx != NULL) && | 1088 | { |
| 1098 | (s->ctx->cipher_list_by_id != NULL)) | 1089 | return(s->ctx->cipher_list_by_id); |
| 1099 | { | ||
| 1100 | return(s->ctx->cipher_list_by_id); | ||
| 1101 | } | ||
| 1102 | } | 1090 | } |
| 1103 | return(NULL); | 1091 | return(NULL); |
| 1104 | } | 1092 | } |
| @@ -1664,7 +1652,7 @@ void ssl_update_cache(SSL *s,int mode) | |||
| 1664 | 1652 | ||
| 1665 | i=s->ctx->session_cache_mode; | 1653 | i=s->ctx->session_cache_mode; |
| 1666 | if ((i & mode) && (!s->hit) | 1654 | if ((i & mode) && (!s->hit) |
| 1667 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) | 1655 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) |
| 1668 | || SSL_CTX_add_session(s->ctx,s->session)) | 1656 | || SSL_CTX_add_session(s->ctx,s->session)) |
| 1669 | && (s->ctx->new_session_cb != NULL)) | 1657 | && (s->ctx->new_session_cb != NULL)) |
| 1670 | { | 1658 | { |
| @@ -1896,7 +1884,6 @@ SSL *SSL_dup(SSL *s) | |||
| 1896 | * they should not both point to the same object, | 1884 | * they should not both point to the same object, |
| 1897 | * and thus we can't use SSL_copy_session_id. */ | 1885 | * and thus we can't use SSL_copy_session_id. */ |
| 1898 | 1886 | ||
| 1899 | ret->method->ssl_free(ret); | ||
| 1900 | ret->method = s->method; | 1887 | ret->method = s->method; |
| 1901 | ret->method->ssl_new(ret); | 1888 | ret->method->ssl_new(ret); |
| 1902 | 1889 | ||