diff options
Diffstat (limited to 'src/lib/libssl/ssl_sess.c')
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 72 |
1 files changed, 33 insertions, 39 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 4e798e08f0..2fa6af4564 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sess.c,v 1.105 2021/09/08 17:27:33 tb Exp $ */ | 1 | /* $OpenBSD: ssl_sess.c,v 1.106 2021/10/25 10:01:46 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -186,13 +186,13 @@ SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | |||
| 186 | int | 186 | int |
| 187 | SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) | 187 | SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) |
| 188 | { | 188 | { |
| 189 | return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg)); | 189 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); |
| 190 | } | 190 | } |
| 191 | 191 | ||
| 192 | void * | 192 | void * |
| 193 | SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) | 193 | SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) |
| 194 | { | 194 | { |
| 195 | return (CRYPTO_get_ex_data(&s->internal->ex_data, idx)); | 195 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); |
| 196 | } | 196 | } |
| 197 | 197 | ||
| 198 | uint32_t | 198 | uint32_t |
| @@ -221,26 +221,21 @@ SSL_SESSION_new(void) | |||
| 221 | SSLerrorx(ERR_R_MALLOC_FAILURE); | 221 | SSLerrorx(ERR_R_MALLOC_FAILURE); |
| 222 | return (NULL); | 222 | return (NULL); |
| 223 | } | 223 | } |
| 224 | if ((ss->internal = calloc(1, sizeof(*ss->internal))) == NULL) { | ||
| 225 | free(ss); | ||
| 226 | SSLerrorx(ERR_R_MALLOC_FAILURE); | ||
| 227 | return (NULL); | ||
| 228 | } | ||
| 229 | 224 | ||
| 230 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ | 225 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ |
| 231 | ss->references = 1; | 226 | ss->references = 1; |
| 232 | ss->timeout=60*5+4; /* 5 minute timeout by default */ | 227 | ss->timeout=60*5+4; /* 5 minute timeout by default */ |
| 233 | ss->time = time(NULL); | 228 | ss->time = time(NULL); |
| 234 | ss->internal->prev = NULL; | 229 | ss->prev = NULL; |
| 235 | ss->internal->next = NULL; | 230 | ss->next = NULL; |
| 236 | ss->tlsext_hostname = NULL; | 231 | ss->tlsext_hostname = NULL; |
| 237 | 232 | ||
| 238 | ss->internal->tlsext_ecpointformatlist_length = 0; | 233 | ss->tlsext_ecpointformatlist_length = 0; |
| 239 | ss->internal->tlsext_ecpointformatlist = NULL; | 234 | ss->tlsext_ecpointformatlist = NULL; |
| 240 | ss->internal->tlsext_supportedgroups_length = 0; | 235 | ss->tlsext_supportedgroups_length = 0; |
| 241 | ss->internal->tlsext_supportedgroups = NULL; | 236 | ss->tlsext_supportedgroups = NULL; |
| 242 | 237 | ||
| 243 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data); | 238 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 244 | 239 | ||
| 245 | return (ss); | 240 | return (ss); |
| 246 | } | 241 | } |
| @@ -738,7 +733,7 @@ remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) | |||
| 738 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 733 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 739 | 734 | ||
| 740 | if (ret) { | 735 | if (ret) { |
| 741 | r->internal->not_resumable = 1; | 736 | r->not_resumable = 1; |
| 742 | if (ctx->internal->remove_session_cb != NULL) | 737 | if (ctx->internal->remove_session_cb != NULL) |
| 743 | ctx->internal->remove_session_cb(ctx, r); | 738 | ctx->internal->remove_session_cb(ctx, r); |
| 744 | SSL_SESSION_free(r); | 739 | SSL_SESSION_free(r); |
| @@ -760,12 +755,12 @@ SSL_SESSION_free(SSL_SESSION *ss) | |||
| 760 | if (i > 0) | 755 | if (i > 0) |
| 761 | return; | 756 | return; |
| 762 | 757 | ||
| 763 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data); | 758 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 764 | 759 | ||
| 765 | explicit_bzero(ss->master_key, sizeof ss->master_key); | 760 | explicit_bzero(ss->master_key, sizeof ss->master_key); |
| 766 | explicit_bzero(ss->session_id, sizeof ss->session_id); | 761 | explicit_bzero(ss->session_id, sizeof ss->session_id); |
| 767 | 762 | ||
| 768 | ssl_sess_cert_free(ss->internal->sess_cert); | 763 | ssl_sess_cert_free(ss->sess_cert); |
| 769 | 764 | ||
| 770 | X509_free(ss->peer); | 765 | X509_free(ss->peer); |
| 771 | 766 | ||
| @@ -773,10 +768,9 @@ SSL_SESSION_free(SSL_SESSION *ss) | |||
| 773 | 768 | ||
| 774 | free(ss->tlsext_hostname); | 769 | free(ss->tlsext_hostname); |
| 775 | free(ss->tlsext_tick); | 770 | free(ss->tlsext_tick); |
| 776 | free(ss->internal->tlsext_ecpointformatlist); | 771 | free(ss->tlsext_ecpointformatlist); |
| 777 | free(ss->internal->tlsext_supportedgroups); | 772 | free(ss->tlsext_supportedgroups); |
| 778 | 773 | ||
| 779 | freezero(ss->internal, sizeof(*ss->internal)); | ||
| 780 | freezero(ss, sizeof(*ss)); | 774 | freezero(ss, sizeof(*ss)); |
| 781 | } | 775 | } |
| 782 | 776 | ||
| @@ -1007,7 +1001,7 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | |||
| 1007 | * save on locking overhead */ | 1001 | * save on locking overhead */ |
| 1008 | (void)lh_SSL_SESSION_delete(p->cache, s); | 1002 | (void)lh_SSL_SESSION_delete(p->cache, s); |
| 1009 | SSL_SESSION_list_remove(p->ctx, s); | 1003 | SSL_SESSION_list_remove(p->ctx, s); |
| 1010 | s->internal->not_resumable = 1; | 1004 | s->not_resumable = 1; |
| 1011 | if (p->ctx->internal->remove_session_cb != NULL) | 1005 | if (p->ctx->internal->remove_session_cb != NULL) |
| 1012 | p->ctx->internal->remove_session_cb(p->ctx, s); | 1006 | p->ctx->internal->remove_session_cb(p->ctx, s); |
| 1013 | SSL_SESSION_free(s); | 1007 | SSL_SESSION_free(s); |
| @@ -1059,50 +1053,50 @@ ssl_clear_bad_session(SSL *s) | |||
| 1059 | static void | 1053 | static void |
| 1060 | SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) | 1054 | SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) |
| 1061 | { | 1055 | { |
| 1062 | if ((s->internal->next == NULL) || (s->internal->prev == NULL)) | 1056 | if (s->next == NULL || s->prev == NULL) |
| 1063 | return; | 1057 | return; |
| 1064 | 1058 | ||
| 1065 | if (s->internal->next == (SSL_SESSION *)&(ctx->internal->session_cache_tail)) { | 1059 | if (s->next == (SSL_SESSION *)&(ctx->internal->session_cache_tail)) { |
| 1066 | /* last element in list */ | 1060 | /* last element in list */ |
| 1067 | if (s->internal->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { | 1061 | if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { |
| 1068 | /* only one element in list */ | 1062 | /* only one element in list */ |
| 1069 | ctx->internal->session_cache_head = NULL; | 1063 | ctx->internal->session_cache_head = NULL; |
| 1070 | ctx->internal->session_cache_tail = NULL; | 1064 | ctx->internal->session_cache_tail = NULL; |
| 1071 | } else { | 1065 | } else { |
| 1072 | ctx->internal->session_cache_tail = s->internal->prev; | 1066 | ctx->internal->session_cache_tail = s->prev; |
| 1073 | s->internal->prev->internal->next = | 1067 | s->prev->next = |
| 1074 | (SSL_SESSION *)&(ctx->internal->session_cache_tail); | 1068 | (SSL_SESSION *)&(ctx->internal->session_cache_tail); |
| 1075 | } | 1069 | } |
| 1076 | } else { | 1070 | } else { |
| 1077 | if (s->internal->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { | 1071 | if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { |
| 1078 | /* first element in list */ | 1072 | /* first element in list */ |
| 1079 | ctx->internal->session_cache_head = s->internal->next; | 1073 | ctx->internal->session_cache_head = s->next; |
| 1080 | s->internal->next->internal->prev = | 1074 | s->next->prev = |
| 1081 | (SSL_SESSION *)&(ctx->internal->session_cache_head); | 1075 | (SSL_SESSION *)&(ctx->internal->session_cache_head); |
| 1082 | } else { | 1076 | } else { |
| 1083 | /* middle of list */ | 1077 | /* middle of list */ |
| 1084 | s->internal->next->internal->prev = s->internal->prev; | 1078 | s->next->prev = s->prev; |
| 1085 | s->internal->prev->internal->next = s->internal->next; | 1079 | s->prev->next = s->next; |
| 1086 | } | 1080 | } |
| 1087 | } | 1081 | } |
| 1088 | s->internal->prev = s->internal->next = NULL; | 1082 | s->prev = s->next = NULL; |
| 1089 | } | 1083 | } |
| 1090 | 1084 | ||
| 1091 | static void | 1085 | static void |
| 1092 | SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) | 1086 | SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) |
| 1093 | { | 1087 | { |
| 1094 | if ((s->internal->next != NULL) && (s->internal->prev != NULL)) | 1088 | if (s->next != NULL && s->prev != NULL) |
| 1095 | SSL_SESSION_list_remove(ctx, s); | 1089 | SSL_SESSION_list_remove(ctx, s); |
| 1096 | 1090 | ||
| 1097 | if (ctx->internal->session_cache_head == NULL) { | 1091 | if (ctx->internal->session_cache_head == NULL) { |
| 1098 | ctx->internal->session_cache_head = s; | 1092 | ctx->internal->session_cache_head = s; |
| 1099 | ctx->internal->session_cache_tail = s; | 1093 | ctx->internal->session_cache_tail = s; |
| 1100 | s->internal->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); | 1094 | s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); |
| 1101 | s->internal->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail); | 1095 | s->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail); |
| 1102 | } else { | 1096 | } else { |
| 1103 | s->internal->next = ctx->internal->session_cache_head; | 1097 | s->next = ctx->internal->session_cache_head; |
| 1104 | s->internal->next->internal->prev = s; | 1098 | s->next->prev = s; |
| 1105 | s->internal->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); | 1099 | s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); |
| 1106 | ctx->internal->session_cache_head = s; | 1100 | ctx->internal->session_cache_head = s; |
| 1107 | } | 1101 | } |
| 1108 | } | 1102 | } |