diff options
author | Richard Levitte <levitte@openssl.org> | 2002-09-25 19:12:13 +0400 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2002-09-25 19:12:13 +0400 |
commit | c4a24b13f3fdd0a96214494045e6cec8a9bbfdd0 (patch) | |
tree | 2372abd60dfde110157bd5cd7b854246ca2b481d /ssl | |
parent | bb298120c96066af2068fa02025791d411b0b914 (diff) |
Merge in recent changes from 0.9.6-stable.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s23_clnt.c | 4 | ||||
-rw-r--r-- | ssl/s23_srvr.c | 4 | ||||
-rw-r--r-- | ssl/s2_clnt.c | 4 | ||||
-rw-r--r-- | ssl/s2_srvr.c | 6 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 27 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 4 | ||||
-rw-r--r-- | ssl/ssl-lib.com | 2 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 19 | ||||
-rw-r--r-- | ssl/t1_clnt.c | 4 | ||||
-rw-r--r-- | ssl/t1_srvr.c | 4 |
10 files changed, 55 insertions, 23 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 2d0eb4a8ff..df9ed02ddd 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -87,11 +87,15 @@ SSL_METHOD *SSLv23_client_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&SSLv23_client_data, (char *)sslv23_base_method(),sizeof(SSL_METHOD)); SSLv23_client_data.ssl_connect=ssl23_connect; SSLv23_client_data.get_ssl_method=ssl23_get_client_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv23_client_data); } diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index b40bb01ab7..94198750f9 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -139,11 +139,15 @@ SSL_METHOD *SSLv23_server_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&SSLv23_server_data, (char *)sslv23_base_method(),sizeof(SSL_METHOD)); SSLv23_server_data.ssl_accept=ssl23_accept; SSLv23_server_data.get_ssl_method=ssl23_get_server_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv23_server_data); } diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 236b394db7..c59fa6e429 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -145,11 +145,15 @@ SSL_METHOD *SSLv2_client_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(), sizeof(SSL_METHOD)); SSLv2_client_data.ssl_connect=ssl2_connect; SSLv2_client_data.get_ssl_method=ssl2_get_client_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv2_client_data); } diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index d736f6807b..48fff175d4 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -145,11 +145,15 @@ SSL_METHOD *SSLv2_server_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(), sizeof(SSL_METHOD)); SSLv2_server_data.ssl_accept=ssl2_accept; SSLv2_server_data.get_ssl_method=ssl2_get_server_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv2_server_data); } @@ -1001,7 +1005,7 @@ static int request_certificate(SSL *s) len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen; if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) { - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); + SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG); goto end; } j = (int)len - s->init_num; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 32b9cea1ca..a55acd1975 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -146,11 +146,15 @@ SSL_METHOD *SSLv3_client_method(void) if (init) { - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(), sizeof(SSL_METHOD)); SSLv3_client_data.ssl_connect=ssl3_connect; SSLv3_client_data.get_ssl_method=ssl3_get_client_method; + init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv3_client_data); } @@ -632,23 +636,11 @@ static int ssl3_get_server_hello(SSL *s) /* get the session-id */ j= *(p++); - if(j > sizeof s->session->session_id) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, - SSL_R_SSL3_SESSION_ID_TOO_LONG); - goto f_err; - } - - if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) + if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { - /* SSLref returns 16 :-( */ - if (j < SSL2_SSL_SESSION_ID_LENGTH) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); - goto f_err; - } + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG); + goto f_err; } if (j != 0 && j == s->session->session_id_length && memcmp(p,s->session->session_id,j) == 0) @@ -656,6 +648,7 @@ static int ssl3_get_server_hello(SSL *s) if(s->sid_ctx_length != s->session->sid_ctx_length || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) { + /* actually a client application bug */ al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index fe1e689014..50913ae8e4 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -151,11 +151,15 @@ SSL_METHOD *SSLv3_server_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), sizeof(SSL_METHOD)); SSLv3_server_data.ssl_accept=ssl3_accept; SSLv3_server_data.get_ssl_method=ssl3_get_server_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv3_server_data); } diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com index 7d2836478d..44ea1bb979 100644 --- a/ssl/ssl-lib.com +++ b/ssl/ssl-lib.com @@ -1089,7 +1089,7 @@ $ ENDIF $! $! Show user the result $! -$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC +$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC $! $! Else The User Entered An Invalid Arguement. $! diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4f84a3476d..6b5a135ffe 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1245,13 +1245,24 @@ void SSL_CTX_free(SSL_CTX *a) abort(); /* ok */ } #endif + + /* + * Free internal session cache. However: the remove_cb() may reference + * the ex_data of SSL_CTX, thus the ex_data store can only be removed + * after the sessions were flushed. + * As the ex_data handling routines might also touch the session cache, + * the most secure solution seems to be: empty (flush) the cache, then + * free ex_data, then finally free the cache. + * (See ticket [openssl.org #212].) + */ + if (a->sessions != NULL) + SSL_CTX_flush_sessions(a,0); + CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data); if (a->sessions != NULL) - { - SSL_CTX_flush_sessions(a,0); - lh_free(a->sessions); - } + lh_free(a->sessions); + if (a->cert_store != NULL) X509_STORE_free(a->cert_store); if (a->cipher_list != NULL) diff --git a/ssl/t1_clnt.c b/ssl/t1_clnt.c index 9745630a00..df00a1215a 100644 --- a/ssl/t1_clnt.c +++ b/ssl/t1_clnt.c @@ -79,11 +79,15 @@ SSL_METHOD *TLSv1_client_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(), sizeof(SSL_METHOD)); TLSv1_client_data.ssl_connect=ssl3_connect; TLSv1_client_data.get_ssl_method=tls1_get_client_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&TLSv1_client_data); } diff --git a/ssl/t1_srvr.c b/ssl/t1_srvr.c index 996b7ca8e2..e62275c6f8 100644 --- a/ssl/t1_srvr.c +++ b/ssl/t1_srvr.c @@ -80,11 +80,15 @@ SSL_METHOD *TLSv1_server_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(), sizeof(SSL_METHOD)); TLSv1_server_data.ssl_accept=ssl3_accept; TLSv1_server_data.get_ssl_method=tls1_get_server_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&TLSv1_server_data); } |