diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 3f1b987a7c..3af4cfa79c 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sess.c,v 1.96 2020/09/01 19:17:36 tb Exp $ */ | 1 | /* $OpenBSD: ssl_sess.c,v 1.97 2020/09/02 08:04:06 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -561,11 +561,13 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | |||
| 561 | /* Now sess is non-NULL and we own one of its reference counts. */ | 561 | /* Now sess is non-NULL and we own one of its reference counts. */ |
| 562 | 562 | ||
| 563 | if (sess->sid_ctx_length != s->sid_ctx_length || | 563 | if (sess->sid_ctx_length != s->sid_ctx_length || |
| 564 | timingsafe_memcmp(sess->sid_ctx, | 564 | timingsafe_memcmp(sess->sid_ctx, s->sid_ctx, |
| 565 | s->sid_ctx, sess->sid_ctx_length) != 0) { | 565 | sess->sid_ctx_length) != 0) { |
| 566 | /* We have the session requested by the client, but we don't | 566 | /* |
| 567 | * want to use it in this context. */ | 567 | * We have the session requested by the client, but we don't |
| 568 | goto err; /* treat like cache miss */ | 568 | * want to use it in this context. Treat it like a cache miss. |
| 569 | */ | ||
| 570 | goto err; | ||
| 569 | } | 571 | } |
| 570 | 572 | ||
| 571 | if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { | 573 | if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { |
| @@ -592,10 +594,9 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | |||
| 592 | } | 594 | } |
| 593 | 595 | ||
| 594 | if (sess->timeout < (time(NULL) - sess->time)) { | 596 | if (sess->timeout < (time(NULL) - sess->time)) { |
| 595 | /* timeout */ | ||
| 596 | s->session_ctx->internal->stats.sess_timeout++; | 597 | s->session_ctx->internal->stats.sess_timeout++; |
| 597 | if (!ticket_decrypted) { | 598 | if (!ticket_decrypted) { |
| 598 | /* session was from the cache, so remove it */ | 599 | /* The session was from the cache, so remove it. */ |
| 599 | SSL_CTX_remove_session(s->session_ctx, sess); | 600 | SSL_CTX_remove_session(s->session_ctx, sess); |
| 600 | } | 601 | } |
| 601 | goto err; | 602 | goto err; |
| @@ -606,6 +607,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | |||
| 606 | SSL_SESSION_free(s->session); | 607 | SSL_SESSION_free(s->session); |
| 607 | s->session = sess; | 608 | s->session = sess; |
| 608 | s->verify_result = s->session->verify_result; | 609 | s->verify_result = s->session->verify_result; |
| 610 | |||
| 609 | return 1; | 611 | return 1; |
| 610 | 612 | ||
| 611 | err: | 613 | err: |