* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
#include <stdio.h>
#include <openssl/lhash.h>
ss->compress_meth=0;
#ifndef OPENSSL_NO_TLSEXT
ss->tlsext_hostname = NULL;
+#ifndef OPENSSL_NO_EC
+ ss->tlsext_ecpointformatlist_length = 0;
+ ss->tlsext_ecpointformatlist = NULL;
+ ss->tlsext_ellipticcurvelist_length = 0;
+ ss->tlsext_ellipticcurvelist = NULL;
+#endif
#endif
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
+#ifndef OPENSSL_NO_PSK
+ ss->psk_identity_hint=NULL;
+ ss->psk_identity=NULL;
+#endif
return(ss);
}
if ((ss=SSL_SESSION_new()) == NULL) return(0);
/* If the context has a default timeout, use it */
- if (s->ctx->session_timeout == 0)
+ if (s->session_ctx->session_timeout == 0)
ss->timeout=SSL_get_default_timeout(s);
else
- ss->timeout=s->ctx->session_timeout;
+ ss->timeout=s->session_ctx->session_timeout;
if (s->session != NULL)
{
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
if(s->generate_session_id)
cb = s->generate_session_id;
- else if(s->ctx->generate_session_id)
- cb = s->ctx->generate_session_id;
+ else if(s->session_ctx->generate_session_id)
+ cb = s->session_ctx->generate_session_id;
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
/* Choose a session ID */
tmp = ss->session_id_length;
SSL_SESSION_free(ss);
return(0);
}
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->tlsext_hostname) {
+ ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
+ if (ss->tlsext_hostname == NULL) {
+ SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+ SSL_SESSION_free(ss);
+ return 0;
+ }
+ }
+#ifndef OPENSSL_NO_EC
+ if (s->tlsext_ecpointformatlist)
+ {
+ if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
+ if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL)
+ {
+ SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
+ SSL_SESSION_free(ss);
+ return 0;
+ }
+ ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length;
+ memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
+ }
+ if (s->tlsext_ellipticcurvelist)
+ {
+ if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
+ if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
+ {
+ SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
+ SSL_SESSION_free(ss);
+ return 0;
+ }
+ ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length;
+ memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
+ }
+#endif
+#endif
}
else
{
goto err;
memcpy(data.session_id,session_id,len);
- if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+ if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
{
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
- ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
+ ret=(SSL_SESSION *)lh_retrieve(s->session_ctx->sessions,&data);
if (ret != NULL)
/* don't allow other threads to steal it: */
CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
{
int copy=1;
- s->ctx->stats.sess_miss++;
+ s->session_ctx->stats.sess_miss++;
ret=NULL;
- if (s->ctx->get_session_cb != NULL
- && (ret=s->ctx->get_session_cb(s,session_id,len,©))
+ if (s->session_ctx->get_session_cb != NULL
+ && (ret=s->session_ctx->get_session_cb(s,session_id,len,©))
!= NULL)
{
- s->ctx->stats.sess_cb_hit++;
+ s->session_ctx->stats.sess_cb_hit++;
/* Increment reference count now if the session callback
* asks us to do so (note that if the session structures
/* Add the externally cached session to the internal
* cache as well if and only if we are supposed to. */
- if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+ if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
/* The following should not return 1, otherwise,
* things are very strange */
- SSL_CTX_add_session(s->ctx,ret);
+ SSL_CTX_add_session(s->session_ctx,ret);
}
if (ret == NULL)
goto err;
if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
{
- s->ctx->stats.sess_timeout++;
+ s->session_ctx->stats.sess_timeout++;
/* remove it from the cache */
- SSL_CTX_remove_session(s->ctx,ret);
+ SSL_CTX_remove_session(s->session_ctx,ret);
goto err;
}
- s->ctx->stats.sess_hit++;
+ s->session_ctx->stats.sess_hit++;
/* ret->time=time(NULL); */ /* rezero timeout? */
/* again, just leave the session
if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
#ifndef OPENSSL_NO_TLSEXT
if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
+#ifndef OPENSSL_NO_EC
+ ss->tlsext_ecpointformatlist_length = 0;
+ if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
+ ss->tlsext_ellipticcurvelist_length = 0;
+ if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
+#endif /* OPENSSL_NO_EC */
+#endif
+#ifndef OPENSSL_NO_PSK
+ if (ss->psk_identity_hint != NULL)
+ OPENSSL_free(ss->psk_identity_hint);
+ if (ss->psk_identity != NULL)
+ OPENSSL_free(ss->psk_identity);
#endif
OPENSSL_cleanse(ss,sizeof(*ss));
OPENSSL_free(ss);