diff options
Diffstat (limited to 'src/lib/libssl/ssl_sess.c')
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 7e8a1bc670..16b4b75bc4 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sess.c,v 1.84 2019/04/04 14:32:49 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_sess.c,v 1.85 2019/04/22 15:12:20 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -435,8 +435,7 @@ sess_id_done: | |||
| 435 | * to 1 if the server should issue a new session ticket (to 0 otherwise). | 435 | * to 1 if the server should issue a new session ticket (to 0 otherwise). |
| 436 | */ | 436 | */ |
| 437 | int | 437 | int |
| 438 | ssl_get_prev_session(SSL *s, const unsigned char *session_id, | 438 | ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block) |
| 439 | int session_id_len, CBS *ext_block) | ||
| 440 | { | 439 | { |
| 441 | SSL_SESSION *ret = NULL; | 440 | SSL_SESSION *ret = NULL; |
| 442 | int fatal = 0; | 441 | int fatal = 0; |
| @@ -445,14 +444,14 @@ ssl_get_prev_session(SSL *s, const unsigned char *session_id, | |||
| 445 | 444 | ||
| 446 | /* This is used only by servers. */ | 445 | /* This is used only by servers. */ |
| 447 | 446 | ||
| 448 | if (session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) | 447 | if (CBS_len(session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) |
| 449 | goto err; | 448 | goto err; |
| 450 | 449 | ||
| 451 | if (session_id_len == 0) | 450 | if (CBS_len(session_id) == 0) |
| 452 | try_session_cache = 0; | 451 | try_session_cache = 0; |
| 453 | 452 | ||
| 454 | /* Sets s->internal->tlsext_ticket_expected. */ | 453 | /* Sets s->internal->tlsext_ticket_expected. */ |
| 455 | r = tls1_process_ticket(s, session_id, session_id_len, ext_block, &ret); | 454 | r = tls1_process_ticket(s, session_id, ext_block, &ret); |
| 456 | switch (r) { | 455 | switch (r) { |
| 457 | case -1: /* Error during processing */ | 456 | case -1: /* Error during processing */ |
| 458 | fatal = 1; | 457 | fatal = 1; |
| @@ -474,9 +473,11 @@ ssl_get_prev_session(SSL *s, const unsigned char *session_id, | |||
| 474 | !(s->session_ctx->internal->session_cache_mode & | 473 | !(s->session_ctx->internal->session_cache_mode & |
| 475 | SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { | 474 | SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { |
| 476 | SSL_SESSION data; | 475 | SSL_SESSION data; |
| 476 | |||
| 477 | data.ssl_version = s->version; | 477 | data.ssl_version = s->version; |
| 478 | data.session_id_length = session_id_len; | 478 | data.session_id_length = CBS_len(session_id); |
| 479 | memcpy(data.session_id, session_id, session_id_len); | 479 | memcpy(data.session_id, CBS_data(session_id), |
| 480 | CBS_len(session_id)); | ||
| 480 | 481 | ||
| 481 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 482 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 482 | ret = lh_SSL_SESSION_retrieve(s->session_ctx->internal->sessions, &data); | 483 | ret = lh_SSL_SESSION_retrieve(s->session_ctx->internal->sessions, &data); |
| @@ -496,7 +497,7 @@ ssl_get_prev_session(SSL *s, const unsigned char *session_id, | |||
| 496 | int copy = 1; | 497 | int copy = 1; |
| 497 | 498 | ||
| 498 | if ((ret = s->session_ctx->internal->get_session_cb(s, | 499 | if ((ret = s->session_ctx->internal->get_session_cb(s, |
| 499 | session_id, session_id_len, ©))) { | 500 | CBS_data(session_id), CBS_len(session_id), ©))) { |
| 500 | s->session_ctx->internal->stats.sess_cb_hit++; | 501 | s->session_ctx->internal->stats.sess_cb_hit++; |
| 501 | 502 | ||
| 502 | /* | 503 | /* |