PR: 631

[openssl.git] / ssl / ssl_sess.c

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index a969d8fdceb171907bf162f2ce27eddb2210b049..b4fb90448f8183aa278d4f69f03d8d86dca831c7 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -127,6 +127,13 @@ SSL_SESSION *SSL_SESSION_new(void)
        return(ss);
        }
 
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+       {
+       if(len)
+               *len = s->session_id_length;
+       return s->session_id;
+       }
+
 /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
  * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
  * until we have no conflict is going to complete in one iteration pretty much
@@ -528,13 +535,13 @@ void SSL_SESSION_free(SSL_SESSION *ss)
 
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
 
-       memset(ss->key_arg,0,sizeof ss->key_arg);
-       memset(ss->master_key,0,sizeof ss->master_key);
-       memset(ss->session_id,0,sizeof ss->session_id);
+       OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
+       OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
+       OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
        if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
        if (ss->peer != NULL) X509_free(ss->peer);
        if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
-       memset(ss,0,sizeof(*ss));
+       OPENSSL_cleanse(ss,sizeof(*ss));
        OPENSSL_free(ss);
        }