diff options
Diffstat (limited to 'src/lib/libssl/ssl_sess.c')
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index b953580d65..460c5d85f1 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sess.c,v 1.91 2020/09/01 06:05:09 tb Exp $ */ | 1 | /* $OpenBSD: ssl_sess.c,v 1.92 2020/09/01 12:40:53 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -420,7 +420,6 @@ ssl_get_new_session(SSL *s, int session) | |||
| 420 | * session_id: points at the session ID in the ClientHello. This code will | 420 | * session_id: points at the session ID in the ClientHello. This code will |
| 421 | * read past the end of this in order to parse out the session ticket | 421 | * read past the end of this in order to parse out the session ticket |
| 422 | * extension, if any. | 422 | * extension, if any. |
| 423 | * session_id_len: the length of the session ID. | ||
| 424 | * ext_block: a CBS for the ClientHello extensions block. | 423 | * ext_block: a CBS for the ClientHello extensions block. |
| 425 | * | 424 | * |
| 426 | * Returns: | 425 | * Returns: |
| @@ -438,6 +437,7 @@ int | |||
| 438 | ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | 437 | ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) |
| 439 | { | 438 | { |
| 440 | SSL_SESSION *sess = NULL; | 439 | SSL_SESSION *sess = NULL; |
| 440 | size_t session_id_len; | ||
| 441 | int alert_desc = SSL_AD_INTERNAL_ERROR, fatal = 0; | 441 | int alert_desc = SSL_AD_INTERNAL_ERROR, fatal = 0; |
| 442 | int try_session_cache = 1; | 442 | int try_session_cache = 1; |
| 443 | 443 | ||
| @@ -450,7 +450,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | |||
| 450 | try_session_cache = 0; | 450 | try_session_cache = 0; |
| 451 | 451 | ||
| 452 | /* Sets s->internal->tlsext_ticket_expected. */ | 452 | /* Sets s->internal->tlsext_ticket_expected. */ |
| 453 | switch (tls1_process_ticket(s, session_id, ext_block, &alert_desc, &sess)) { | 453 | switch (tls1_process_ticket(s, ext_block, &alert_desc, &sess)) { |
| 454 | case TLS1_TICKET_FATAL_ERROR: | 454 | case TLS1_TICKET_FATAL_ERROR: |
| 455 | fatal = 1; | 455 | fatal = 1; |
| 456 | goto err; | 456 | goto err; |
| @@ -458,8 +458,21 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) | |||
| 458 | case TLS1_TICKET_EMPTY: | 458 | case TLS1_TICKET_EMPTY: |
| 459 | break; /* Ok to carry on processing session id. */ | 459 | break; /* Ok to carry on processing session id. */ |
| 460 | case TLS1_TICKET_NOT_DECRYPTED: | 460 | case TLS1_TICKET_NOT_DECRYPTED: |
| 461 | try_session_cache = 0; | ||
| 462 | goto err; | ||
| 461 | case TLS1_TICKET_DECRYPTED: | 463 | case TLS1_TICKET_DECRYPTED: |
| 462 | try_session_cache = 0; | 464 | try_session_cache = 0; |
| 465 | |||
| 466 | /* | ||
| 467 | * The session ID is used by some clients to detect that the | ||
| 468 | * ticket has been accepted so we copy it into sess. | ||
| 469 | */ | ||
| 470 | if (!CBS_write_bytes(session_id, sess->session_id, | ||
| 471 | sizeof(sess->session_id), &session_id_len)) { | ||
| 472 | fatal = 1; | ||
| 473 | goto err; | ||
| 474 | } | ||
| 475 | sess->session_id_length = (unsigned int)session_id_len; | ||
| 463 | break; | 476 | break; |
| 464 | default: | 477 | default: |
| 465 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 478 | SSLerror(s, ERR_R_INTERNAL_ERROR); |