summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/shlib_version2
-rw-r--r--lib/libssl/ssl.h20
-rw-r--r--lib/libssl/ssl_asn1.c24
-rw-r--r--lib/libssl/ssl_lib.c7
-rw-r--r--lib/libssl/ssl_sess.c10
-rw-r--r--lib/libssl/ssl_txt.c14
-rw-r--r--lib/libssl/t1_enc.c1
7 files changed, 21 insertions, 57 deletions
diff --git a/lib/libssl/shlib_version b/lib/libssl/shlib_version
index df4de0fc4dc..906022aa66d 100644
--- a/lib/libssl/shlib_version
+++ b/lib/libssl/shlib_version
@@ -1,2 +1,2 @@
-major=23
+major=24
minor=0
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index f3ca8c5c4e6..3624bdcccd8 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -399,7 +399,7 @@ struct ssl_cipher_st {
};
-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+/* Used to hold functions for SSLv3/TLSv1 functions */
struct ssl_method_st {
int version;
int (*ssl_new)(SSL *s);
@@ -442,7 +442,6 @@ struct ssl_method_st {
* Session_ID OCTET STRING, -- the Session ID
* Master_key OCTET STRING, -- the master key
* KRB5_principal OCTET STRING -- optional Kerberos principal
- * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
* Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
* Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
* Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
@@ -463,9 +462,6 @@ struct ssl_session_st {
int ssl_version; /* what ssl version session info is
* being kept in here? */
- /* only really used in SSLv2 */
- unsigned int key_arg_length;
- unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
int master_key_length;
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
/* session_id - valid? */
@@ -502,9 +498,9 @@ struct ssl_session_st {
* is not ok, we must remember the error for session reuse: */
long verify_result; /* only for servers */
- int references;
long timeout;
- long time;
+ time_t time;
+ int references;
unsigned int compress_meth; /* Need to lookup the method */
@@ -845,9 +841,8 @@ struct ssl_ctx_st {
CRYPTO_EX_DATA ex_data;
- const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */
const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
- const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
+ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */
STACK_OF(X509) *extra_certs;
STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
@@ -1155,7 +1150,6 @@ struct ssl_st {
unsigned char *packet;
unsigned int packet_length;
- struct ssl2_state_st *s2; /* SSLv2 variables */
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
@@ -1828,9 +1822,9 @@ const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
-const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_method(void); /* SSLv3 or TLSv1.* */
+const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 or TLSv1.* */
+const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 or TLSv1.* */
const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
diff --git a/lib/libssl/ssl_asn1.c b/lib/libssl/ssl_asn1.c
index c551ec48772..1d2590268ce 100644
--- a/lib/libssl/ssl_asn1.c
+++ b/lib/libssl/ssl_asn1.c
@@ -97,7 +97,6 @@ typedef struct ssl_session_asn1_st {
ASN1_OCTET_STRING master_key;
ASN1_OCTET_STRING session_id;
ASN1_OCTET_STRING session_id_context;
- ASN1_OCTET_STRING key_arg;
#ifndef OPENSSL_NO_KRB5
ASN1_OCTET_STRING krb5_princ;
#endif /* OPENSSL_NO_KRB5 */
@@ -190,10 +189,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
a.session_id_context.type = V_ASN1_OCTET_STRING;
a.session_id_context.data = in->sid_ctx;
- a.key_arg.length = in->key_arg_length;
- a.key_arg.type = V_ASN1_OCTET_STRING;
- a.key_arg.data = in->key_arg;
-
#ifndef OPENSSL_NO_KRB5
if (in->krb5_client_princ_len) {
a.krb5_princ.length = in->krb5_client_princ_len;
@@ -206,7 +201,7 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
a.time.length = LSIZE2;
a.time.type = V_ASN1_INTEGER;
a.time.data = ibuf3;
- ASN1_INTEGER_set(&(a.time), in->time);
+ ASN1_INTEGER_set(&(a.time), in->time); /* XXX 2038 */
}
if (in->timeout != 0L) {
@@ -270,8 +265,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
if (in->krb5_client_princ_len)
M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
#endif /* OPENSSL_NO_KRB5 */
- if (in->key_arg_length > 0)
- M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING);
if (in->time != 0L)
M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
if (in->timeout != 0L)
@@ -316,8 +309,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
if (in->krb5_client_princ_len)
M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
#endif /* OPENSSL_NO_KRB5 */
- if (in->key_arg_length > 0)
- M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0);
if (in->time != 0L)
M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
if (in->timeout != 0L)
@@ -445,24 +436,15 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
ret->krb5_client_princ_len = 0;
#endif /* OPENSSL_NO_KRB5 */
- M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING);
- if (os.length > SSL_MAX_KEY_ARG_LENGTH)
- ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH;
- else
- ret->key_arg_length = os.length;
- memcpy(ret->key_arg, os.data, ret->key_arg_length);
- if (os.data != NULL)
- free(os.data);
-
ai.length = 0;
- M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1);
+ M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); /* XXX 2038 */
if (ai.data != NULL) {
ret->time = ASN1_INTEGER_get(aip);
free(ai.data);
ai.data = NULL;
ai.length = 0;
} else
- ret->time = (unsigned long)time(NULL);
+ ret->time = time(NULL);
ai.length = 0;
M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2);
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 3ab353b8eb9..21d6835b98e 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1712,11 +1712,8 @@ SSL_CTX_new(const SSL_METHOD *meth)
ret->references = 1;
ret->quiet_shutdown = 0;
-/* ret->cipher=NULL;*/
-/* ret->s2->challenge=NULL;
+/* ret->cipher=NULL;
ret->master_key=NULL;
- ret->key_arg=NULL;
- ret->s2->conn_id=NULL;
*/
ret->info_callback = NULL;
@@ -2340,7 +2337,7 @@ ssl_update_cache(SSL *s, int mode)
if ((((mode & SSL_SESS_CACHE_CLIENT)
?s->session_ctx->stats.sess_connect_good
:s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
- SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
+ SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
}
}
}
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index c67ae1c22f6..c032154d48f 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -205,7 +205,7 @@ SSL_SESSION_new(void)
ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
ss->references = 1;
ss->timeout=60*5+4; /* 5 minute timeout by default */
- ss->time = (unsigned long)time(NULL);
+ ss->time = time(NULL);
ss->prev = NULL;
ss->next = NULL;
ss->compress_meth = 0;
@@ -555,7 +555,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
goto err;
}
- if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
+ if (ret->timeout < (time(NULL) - ret->time)) /* timeout */
{
s->session_ctx->stats.sess_timeout++;
if (try_session_cache) {
@@ -699,7 +699,6 @@ SSL_SESSION_free(SSL_SESSION *ss)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
- OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg);
OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
if (ss->sess_cert != NULL)
@@ -807,6 +806,7 @@ SSL_SESSION_get_timeout(const SSL_SESSION *s)
return (s->timeout);
}
+/* XXX 2038 */
long
SSL_SESSION_get_time(const SSL_SESSION *s)
{
@@ -815,6 +815,7 @@ SSL_SESSION_get_time(const SSL_SESSION *s)
return (s->time);
}
+/* XXX 2038 */
long
SSL_SESSION_set_time(SSL_SESSION *s, long t)
{
@@ -926,7 +927,7 @@ typedef struct timeout_param_st {
static void
timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
{
- if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
+ if ((p->time == 0) || (p->time > (s->time + s->timeout))) /* timeout */
{
/* The reason we don't call SSL_CTX_remove_session() is to
* save on locking overhead */
@@ -942,6 +943,7 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
static
IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
+/* XXX 2038 */
void
SSL_CTX_flush_sessions(SSL_CTX *s, long t)
{
diff --git a/lib/libssl/ssl_txt.c b/lib/libssl/ssl_txt.c
index 91664ffe432..5538c57562a 100644
--- a/lib/libssl/ssl_txt.c
+++ b/lib/libssl/ssl_txt.c
@@ -161,16 +161,6 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if (BIO_printf(bp, "%02X", x->master_key[i])
<= 0) goto err;
}
- if (BIO_puts(bp, "\n Key-Arg : ")
- <= 0) goto err;
- if (x->key_arg_length == 0) {
- if (BIO_puts(bp, "None")
- <= 0) goto err;
- } else
- for (i = 0; i < x->key_arg_length; i++) {
- if (BIO_printf(bp, "%02X", x->key_arg[i])
- <= 0) goto err;
- }
#ifndef OPENSSL_NO_KRB5
if (BIO_puts(bp, "\n Krb5 Principal: ")
<= 0) goto err;
@@ -227,8 +217,8 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
}
}
#endif
- if (x->time != 0L) {
- if (BIO_printf(bp, "\n Start Time: %ld", x->time)
+ if (x->time != 0) {
+ if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time)
<= 0) goto err;
}
if (x->timeout != 0L) {
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index 579eaa6ce44..3f5df9ad7a6 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -519,7 +519,6 @@ tls1_change_cipher_state(SSL *s, int which)
}
}
- s->session->key_arg_length = 0;
#ifdef KSSL_DEBUG
{
int i;
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-20 09:05:28 +0000