/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
#include <openssl/engine.h>
#include "internal/refcount.h"
#include "internal/cryptlib.h"
-#include "ssl_locl.h"
-#include "statem/statem_locl.h"
+#include "ssl_local.h"
+#include "statem/statem_local.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
ss = OPENSSL_zalloc(sizeof(*ss));
if (ss == NULL) {
- SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return NULL;
}
ss->time = (unsigned long)time(NULL);
ss->lock = CRYPTO_THREAD_lock_new();
if (ss->lock == NULL) {
- SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
OPENSSL_free(ss);
return NULL;
}
{
SSL_SESSION *dest;
- dest = OPENSSL_malloc(sizeof(*src));
+ dest = OPENSSL_malloc(sizeof(*dest));
if (dest == NULL) {
goto err;
}
dest->psk_identity = NULL;
#endif
dest->ext.hostname = NULL;
-#ifndef OPENSSL_NO_EC
- dest->ext.ecpointformats = NULL;
-#endif
dest->ext.tick = NULL;
dest->ext.alpn_selected = NULL;
#ifndef OPENSSL_NO_SRP
goto err;
}
}
-#ifndef OPENSSL_NO_EC
- if (src->ext.ecpointformats) {
- dest->ext.ecpointformats =
- OPENSSL_memdup(src->ext.ecpointformats,
- src->ext.ecpointformats_len);
- if (dest->ext.ecpointformats == NULL)
- goto err;
- }
-#endif
if (ticket != 0 && src->ext.tick != NULL) {
dest->ext.tick =
return dest;
err:
- SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
SSL_SESSION_free(dest);
return NULL;
}
{
unsigned int retry = 0;
do
- if (RAND_bytes(id, *id_len) <= 0)
+ if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len) <= 0)
return 0;
while (SSL_has_matching_session_id(ssl, id, *id_len) &&
(++retry < MAX_SESS_ID_ATTEMPTS)) ;
sk_X509_pop_free(ss->peer_chain, X509_free);
OPENSSL_free(ss->ext.hostname);
OPENSSL_free(ss->ext.tick);
-#ifndef OPENSSL_NO_EC
- OPENSSL_free(ss->ext.ecpointformats);
- ss->ext.ecpointformats = NULL;
- ss->ext.ecpointformats_len = 0;
-#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_PSK
OPENSSL_free(ss->psk_identity_hint);
OPENSSL_free(ss->psk_identity);
unsigned int sid_len)
{
if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
- SSLerr(SSL_F_SSL_SESSION_SET1_ID,
- SSL_R_SSL_SESSION_ID_TOO_LONG);
+ ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG);
return 0;
}
s->session_id_length = sid_len;
unsigned int sid_ctx_len)
{
if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
- SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,
- SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+ ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
return 0;
}
s->sid_ctx_length = sid_ctx_len;
s->ext.session_ticket =
OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
if (s->ext.session_ticket == NULL) {
- SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
return ctx->client_cert_cb;
}
-#ifndef OPENSSL_NO_ENGINE
-int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
-{
- if (!ENGINE_init(e)) {
- SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
- return 0;
- }
- if (!ENGINE_get_ssl_client_cert_function(e)) {
- SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
- SSL_R_NO_CLIENT_CERT_METHOD);
- ENGINE_finish(e);
- return 0;
- }
- ctx->client_cert_engine = e;
- return 1;
-}
-#endif
-
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
int (*cb) (SSL *ssl,
unsigned char *cookie,