#include <openssl/engine.h>
#include <openssl/async.h>
#include <openssl/ct.h>
+#include "internal/cryptlib.h"
+#include "internal/rand.h"
const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
goto err;
s->lock = CRYPTO_THREAD_lock_new();
- if (s->lock == NULL) {
- SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
- OPENSSL_free(s);
- return NULL;
+ if (s->lock == NULL)
+ goto err;
+
+ /*
+ * If not using the standard RAND (say for fuzzing), then don't use a
+ * chained DRBG.
+ */
+ if (RAND_get_rand_method() == RAND_OpenSSL()) {
+ s->drbg = RAND_DRBG_new(NID_aes_128_ctr, RAND_DRBG_FLAG_CTR_USE_DF,
+ RAND_DRBG_get0_global());
+ if (s->drbg == NULL) {
+ CRYPTO_THREAD_lock_free(s->lock);
+ goto err;
+ }
}
RECORD_LAYER_init(&s->rlayer, s);
sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
#endif
+ RAND_DRBG_free(s->drbg);
CRYPTO_THREAD_lock_free(s->lock);
OPENSSL_free(s);
return;
i = s->session_ctx->session_cache_mode;
- if ((i & mode) && (!s->hit)
- && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
+ if ((i & mode) != 0
+ && (!s->hit || SSL_IS_TLS13(s))
+ && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0
|| SSL_CTX_add_session(s->session_ctx, s->session))
- && (s->session_ctx->new_session_cb != NULL)) {
+ && s->session_ctx->new_session_cb != NULL) {
SSL_SESSION_up_ref(s->session);
if (!s->session_ctx->new_session_cb(s, s->session))
SSL_SESSION_free(s->session);
s->method->ssl_renegotiate_check(s, 0);
+ if (SSL_is_server(s)) {
+ /* clear SNI settings at server-side */
+ OPENSSL_free(s->ext.hostname);
+ s->ext.hostname = NULL;
+ }
+
if (SSL_in_init(s) || SSL_in_before(s)) {
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
return (NULL);
}
+const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
+{
+ return s->s3->tmp.new_cipher;
+}
+
const COMP_METHOD *SSL_get_current_compression(SSL *s)
{
#ifndef OPENSSL_NO_COMP
{
return s->max_early_data;
}
+
+int ssl_randbytes(SSL *s, unsigned char *rnd, size_t size)
+{
+ if (s->drbg != NULL)
+ return RAND_DRBG_generate(s->drbg, rnd, size, 0, NULL, 0);
+ return RAND_bytes(rnd, (int)size);
+}