diff options
Diffstat (limited to 'src/lib/libssl/ssl_sess.c')
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 9e8edd93e8..601a851860 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sess.c,v 1.87 2020/08/31 14:34:01 tb Exp $ */ | 1 | /* $OpenBSD: ssl_sess.c,v 1.88 2020/09/01 05:58:35 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -437,7 +437,7 @@ sess_id_done: | |||
| 437 | int | 437 | int |
| 438 | ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | 438 | ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) |
| 439 | { | 439 | { |
| 440 | SSL_SESSION *ret = NULL; | 440 | SSL_SESSION *sess = NULL; |
| 441 | int alert_desc = SSL_AD_INTERNAL_ERROR, fatal = 0; | 441 | int alert_desc = SSL_AD_INTERNAL_ERROR, fatal = 0; |
| 442 | int try_session_cache = 1; | 442 | int try_session_cache = 1; |
| 443 | 443 | ||
| @@ -450,7 +450,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | |||
| 450 | try_session_cache = 0; | 450 | try_session_cache = 0; |
| 451 | 451 | ||
| 452 | /* Sets s->internal->tlsext_ticket_expected. */ | 452 | /* Sets s->internal->tlsext_ticket_expected. */ |
| 453 | switch (tls1_process_ticket(s, session_id, ext_block, &alert_desc, &ret)) { | 453 | switch (tls1_process_ticket(s, session_id, ext_block, &alert_desc, &sess)) { |
| 454 | case TLS1_TICKET_FATAL_ERROR: | 454 | case TLS1_TICKET_FATAL_ERROR: |
| 455 | fatal = 1; | 455 | fatal = 1; |
| 456 | goto err; | 456 | goto err; |
| @@ -467,7 +467,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | |||
| 467 | goto err; | 467 | goto err; |
| 468 | } | 468 | } |
| 469 | 469 | ||
| 470 | if (try_session_cache && ret == NULL && | 470 | if (try_session_cache && sess == NULL && |
| 471 | !(s->session_ctx->internal->session_cache_mode & | 471 | !(s->session_ctx->internal->session_cache_mode & |
| 472 | SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { | 472 | SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { |
| 473 | SSL_SESSION data; | 473 | SSL_SESSION data; |
| @@ -478,23 +478,23 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | |||
| 478 | CBS_len(session_id)); | 478 | CBS_len(session_id)); |
| 479 | 479 | ||
| 480 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 480 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 481 | ret = lh_SSL_SESSION_retrieve(s->session_ctx->internal->sessions, &data); | 481 | sess = lh_SSL_SESSION_retrieve(s->session_ctx->internal->sessions, &data); |
| 482 | if (ret != NULL) { | 482 | if (sess != NULL) { |
| 483 | /* Don't allow other threads to steal it. */ | 483 | /* Don't allow other threads to steal it. */ |
| 484 | CRYPTO_add(&ret->references, 1, | 484 | CRYPTO_add(&sess->references, 1, |
| 485 | CRYPTO_LOCK_SSL_SESSION); | 485 | CRYPTO_LOCK_SSL_SESSION); |
| 486 | } | 486 | } |
| 487 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 487 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 488 | 488 | ||
| 489 | if (ret == NULL) | 489 | if (sess == NULL) |
| 490 | s->session_ctx->internal->stats.sess_miss++; | 490 | s->session_ctx->internal->stats.sess_miss++; |
| 491 | } | 491 | } |
| 492 | 492 | ||
| 493 | if (try_session_cache && ret == NULL && | 493 | if (try_session_cache && sess == NULL && |
| 494 | s->session_ctx->internal->get_session_cb != NULL) { | 494 | s->session_ctx->internal->get_session_cb != NULL) { |
| 495 | int copy = 1; | 495 | int copy = 1; |
| 496 | 496 | ||
| 497 | if ((ret = s->session_ctx->internal->get_session_cb(s, | 497 | if ((sess = s->session_ctx->internal->get_session_cb(s, |
| 498 | CBS_data(session_id), CBS_len(session_id), ©))) { | 498 | CBS_data(session_id), CBS_len(session_id), ©))) { |
| 499 | s->session_ctx->internal->stats.sess_cb_hit++; | 499 | s->session_ctx->internal->stats.sess_cb_hit++; |
| 500 | 500 | ||
| @@ -507,7 +507,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | |||
| 507 | * thread-safe). | 507 | * thread-safe). |
| 508 | */ | 508 | */ |
| 509 | if (copy) | 509 | if (copy) |
| 510 | CRYPTO_add(&ret->references, 1, | 510 | CRYPTO_add(&sess->references, 1, |
| 511 | CRYPTO_LOCK_SSL_SESSION); | 511 | CRYPTO_LOCK_SSL_SESSION); |
| 512 | 512 | ||
| 513 | /* | 513 | /* |
| @@ -520,18 +520,18 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | |||
| 520 | * The following should not return 1, | 520 | * The following should not return 1, |
| 521 | * otherwise, things are very strange. | 521 | * otherwise, things are very strange. |
| 522 | */ | 522 | */ |
| 523 | SSL_CTX_add_session(s->session_ctx, ret); | 523 | SSL_CTX_add_session(s->session_ctx, sess); |
| 524 | } | 524 | } |
| 525 | } | 525 | } |
| 526 | 526 | ||
| 527 | if (ret == NULL) | 527 | if (sess == NULL) |
| 528 | goto err; | 528 | goto err; |
| 529 | 529 | ||
| 530 | /* Now ret is non-NULL and we own one of its reference counts. */ | 530 | /* Now sess is non-NULL and we own one of its reference counts. */ |
| 531 | 531 | ||
| 532 | if (ret->sid_ctx_length != s->sid_ctx_length || | 532 | if (sess->sid_ctx_length != s->sid_ctx_length || |
| 533 | timingsafe_memcmp(ret->sid_ctx, | 533 | timingsafe_memcmp(sess->sid_ctx, |
| 534 | s->sid_ctx, ret->sid_ctx_length) != 0) { | 534 | s->sid_ctx, sess->sid_ctx_length) != 0) { |
| 535 | /* We have the session requested by the client, but we don't | 535 | /* We have the session requested by the client, but we don't |
| 536 | * want to use it in this context. */ | 536 | * want to use it in this context. */ |
| 537 | goto err; /* treat like cache miss */ | 537 | goto err; /* treat like cache miss */ |
| @@ -554,18 +554,18 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | |||
| 554 | goto err; | 554 | goto err; |
| 555 | } | 555 | } |
| 556 | 556 | ||
| 557 | if (ret->cipher == NULL) { | 557 | if (sess->cipher == NULL) { |
| 558 | ret->cipher = ssl3_get_cipher_by_id(ret->cipher_id); | 558 | sess->cipher = ssl3_get_cipher_by_id(sess->cipher_id); |
| 559 | if (ret->cipher == NULL) | 559 | if (sess->cipher == NULL) |
| 560 | goto err; | 560 | goto err; |
| 561 | } | 561 | } |
| 562 | 562 | ||
| 563 | if (ret->timeout < (time(NULL) - ret->time)) { | 563 | if (sess->timeout < (time(NULL) - sess->time)) { |
| 564 | /* timeout */ | 564 | /* timeout */ |
| 565 | s->session_ctx->internal->stats.sess_timeout++; | 565 | s->session_ctx->internal->stats.sess_timeout++; |
| 566 | if (try_session_cache) { | 566 | if (try_session_cache) { |
| 567 | /* session was from the cache, so remove it */ | 567 | /* session was from the cache, so remove it */ |
| 568 | SSL_CTX_remove_session(s->session_ctx, ret); | 568 | SSL_CTX_remove_session(s->session_ctx, sess); |
| 569 | } | 569 | } |
| 570 | goto err; | 570 | goto err; |
| 571 | } | 571 | } |
| @@ -574,13 +574,13 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | |||
| 574 | 574 | ||
| 575 | if (s->session != NULL) | 575 | if (s->session != NULL) |
| 576 | SSL_SESSION_free(s->session); | 576 | SSL_SESSION_free(s->session); |
| 577 | s->session = ret; | 577 | s->session = sess; |
| 578 | s->verify_result = s->session->verify_result; | 578 | s->verify_result = s->session->verify_result; |
| 579 | return 1; | 579 | return 1; |
| 580 | 580 | ||
| 581 | err: | 581 | err: |
| 582 | if (ret != NULL) { | 582 | if (sess != NULL) { |
| 583 | SSL_SESSION_free(ret); | 583 | SSL_SESSION_free(sess); |
| 584 | if (!try_session_cache) { | 584 | if (!try_session_cache) { |
| 585 | /* | 585 | /* |
| 586 | * The session was from a ticket, so we should | 586 | * The session was from a ticket, so we should |