diff options
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 44 |
1 files changed, 28 insertions, 16 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 4bc4ce5b3a..8701fb33ca 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -273,6 +273,7 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 273 | s->verify_mode=ctx->verify_mode; | 273 | s->verify_mode=ctx->verify_mode; |
| 274 | s->verify_depth=ctx->verify_depth; | 274 | s->verify_depth=ctx->verify_depth; |
| 275 | s->sid_ctx_length=ctx->sid_ctx_length; | 275 | s->sid_ctx_length=ctx->sid_ctx_length; |
| 276 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); | ||
| 276 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); | 277 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); |
| 277 | s->verify_callback=ctx->default_verify_callback; | 278 | s->verify_callback=ctx->default_verify_callback; |
| 278 | s->generate_session_id=ctx->generate_session_id; | 279 | s->generate_session_id=ctx->generate_session_id; |
| @@ -314,7 +315,7 @@ err: | |||
| 314 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, | 315 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, |
| 315 | unsigned int sid_ctx_len) | 316 | unsigned int sid_ctx_len) |
| 316 | { | 317 | { |
| 317 | if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) | 318 | if(sid_ctx_len > sizeof ctx->sid_ctx) |
| 318 | { | 319 | { |
| 319 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 320 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 320 | return 0; | 321 | return 0; |
| @@ -364,6 +365,10 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |||
| 364 | * any new session built out of this id/id_len and the ssl_version in | 365 | * any new session built out of this id/id_len and the ssl_version in |
| 365 | * use by this SSL. */ | 366 | * use by this SSL. */ |
| 366 | SSL_SESSION r, *p; | 367 | SSL_SESSION r, *p; |
| 368 | |||
| 369 | if(id_len > sizeof r.session_id) | ||
| 370 | return 0; | ||
| 371 | |||
| 367 | r.ssl_version = ssl->version; | 372 | r.ssl_version = ssl->version; |
| 368 | r.session_id_length = id_len; | 373 | r.session_id_length = id_len; |
| 369 | memcpy(r.session_id, id, id_len); | 374 | memcpy(r.session_id, id, id_len); |
| @@ -1063,14 +1068,17 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | |||
| 1063 | * preference */ | 1068 | * preference */ |
| 1064 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) | 1069 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) |
| 1065 | { | 1070 | { |
| 1066 | if ((s != NULL) && (s->cipher_list != NULL)) | 1071 | if (s != NULL) |
| 1067 | { | ||
| 1068 | return(s->cipher_list); | ||
| 1069 | } | ||
| 1070 | else if ((s->ctx != NULL) && | ||
| 1071 | (s->ctx->cipher_list != NULL)) | ||
| 1072 | { | 1072 | { |
| 1073 | return(s->ctx->cipher_list); | 1073 | if (s->cipher_list != NULL) |
| 1074 | { | ||
| 1075 | return(s->cipher_list); | ||
| 1076 | } | ||
| 1077 | else if ((s->ctx != NULL) && | ||
| 1078 | (s->ctx->cipher_list != NULL)) | ||
| 1079 | { | ||
| 1080 | return(s->ctx->cipher_list); | ||
| 1081 | } | ||
| 1074 | } | 1082 | } |
| 1075 | return(NULL); | 1083 | return(NULL); |
| 1076 | } | 1084 | } |
| @@ -1079,14 +1087,17 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) | |||
| 1079 | * algorithm id */ | 1087 | * algorithm id */ |
| 1080 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) | 1088 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) |
| 1081 | { | 1089 | { |
| 1082 | if ((s != NULL) && (s->cipher_list_by_id != NULL)) | 1090 | if (s != NULL) |
| 1083 | { | ||
| 1084 | return(s->cipher_list_by_id); | ||
| 1085 | } | ||
| 1086 | else if ((s != NULL) && (s->ctx != NULL) && | ||
| 1087 | (s->ctx->cipher_list_by_id != NULL)) | ||
| 1088 | { | 1091 | { |
| 1089 | return(s->ctx->cipher_list_by_id); | 1092 | if (s->cipher_list_by_id != NULL) |
| 1093 | { | ||
| 1094 | return(s->cipher_list_by_id); | ||
| 1095 | } | ||
| 1096 | else if ((s->ctx != NULL) && | ||
| 1097 | (s->ctx->cipher_list_by_id != NULL)) | ||
| 1098 | { | ||
| 1099 | return(s->ctx->cipher_list_by_id); | ||
| 1100 | } | ||
| 1090 | } | 1101 | } |
| 1091 | return(NULL); | 1102 | return(NULL); |
| 1092 | } | 1103 | } |
| @@ -1652,7 +1663,7 @@ void ssl_update_cache(SSL *s,int mode) | |||
| 1652 | 1663 | ||
| 1653 | i=s->ctx->session_cache_mode; | 1664 | i=s->ctx->session_cache_mode; |
| 1654 | if ((i & mode) && (!s->hit) | 1665 | if ((i & mode) && (!s->hit) |
| 1655 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) | 1666 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) |
| 1656 | || SSL_CTX_add_session(s->ctx,s->session)) | 1667 | || SSL_CTX_add_session(s->ctx,s->session)) |
| 1657 | && (s->ctx->new_session_cb != NULL)) | 1668 | && (s->ctx->new_session_cb != NULL)) |
| 1658 | { | 1669 | { |
| @@ -1884,6 +1895,7 @@ SSL *SSL_dup(SSL *s) | |||
| 1884 | * they should not both point to the same object, | 1895 | * they should not both point to the same object, |
| 1885 | * and thus we can't use SSL_copy_session_id. */ | 1896 | * and thus we can't use SSL_copy_session_id. */ |
| 1886 | 1897 | ||
| 1898 | ret->method->ssl_free(ret); | ||
| 1887 | ret->method = s->method; | 1899 | ret->method = s->method; |
| 1888 | ret->method->ssl_new(ret); | 1900 | ret->method->ssl_new(ret); |
| 1889 | 1901 | ||