PR: 631

[openssl.git] / ssl / ssl_sess.c

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 6424f775e21f785c1222e27fc57e04acebe4b4fa..b4fb90448f8183aa278d4f69f03d8d86dca831c7 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -60,6 +60,7 @@
 #include <openssl/lhash.h>
 #include <openssl/rand.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -126,6 +127,13 @@ SSL_SESSION *SSL_SESSION_new(void)
        return(ss);
        }
 
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+       {
+       if(len)
+               *len = s->session_id_length;
+       return s->session_id;
+       }
+
 /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
  * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
  * until we have no conflict is going to complete in one iteration pretty much
@@ -250,6 +258,12 @@ int ssl_get_new_session(SSL *s, int session)
                ss->session_id_length=0;
                }
 
+       if (s->sid_ctx_length > sizeof ss->sid_ctx)
+               {
+               SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+               SSL_SESSION_free(ss);
+               return 0;
+               }
        memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
        ss->sid_ctx_length=s->sid_ctx_length;
        s->session=ss;
@@ -302,9 +316,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
                        if (copy)
                                CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
 
-                       /* The following should not return 1, otherwise,
-                        * things are very strange */
-                       SSL_CTX_add_session(s->ctx,ret);
+                       /* Add the externally cached session to the internal
+                        * cache as well if and only if we are supposed to. */
+                       if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+                               /* The following should not return 1, otherwise,
+                                * things are very strange */
+                               SSL_CTX_add_session(s->ctx,ret);
                        }
                if (ret == NULL)
                        goto err;
@@ -518,13 +535,13 @@ void SSL_SESSION_free(SSL_SESSION *ss)
 
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
 
-       memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
-       memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
-       memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
+       OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
+       OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
+       OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
        if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
        if (ss->peer != NULL) X509_free(ss->peer);
        if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
-       memset(ss,0,sizeof(*ss));
+       OPENSSL_cleanse(ss,sizeof(*ss));
        OPENSSL_free(ss);
        }