APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.
ok tedu@
-major=25
+major=26
minor=0
-major=25
+major=26
minor=0
-major=23
+major=24
minor=0
}
}
- s->session->key_arg_length = 0;
-
EVP_CipherInit_ex(dd, c, NULL, key, iv,(which & SSL3_CC_WRITE));
OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key));
};
-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+/* Used to hold functions for SSLv3/TLSv1 functions */
struct ssl_method_st {
int version;
int (*ssl_new)(SSL *s);
* Session_ID OCTET STRING, -- the Session ID
* Master_key OCTET STRING, -- the master key
* KRB5_principal OCTET STRING -- optional Kerberos principal
- * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
* Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
* Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
* Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
int ssl_version; /* what ssl version session info is
* being kept in here? */
- /* only really used in SSLv2 */
- unsigned int key_arg_length;
- unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
int master_key_length;
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
/* session_id - valid? */
* is not ok, we must remember the error for session reuse: */
long verify_result; /* only for servers */
- int references;
long timeout;
- long time;
+ time_t time;
+ int references;
unsigned int compress_meth; /* Need to lookup the method */
CRYPTO_EX_DATA ex_data;
- const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */
const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
- const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
+ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */
STACK_OF(X509) *extra_certs;
STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
unsigned char *packet;
unsigned int packet_length;
- struct ssl2_state_st *s2; /* SSLv2 variables */
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
-const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_method(void); /* SSLv3 or TLSv1.* */
+const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 or TLSv1.* */
+const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 or TLSv1.* */
const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
ASN1_OCTET_STRING master_key;
ASN1_OCTET_STRING session_id;
ASN1_OCTET_STRING session_id_context;
- ASN1_OCTET_STRING key_arg;
#ifndef OPENSSL_NO_KRB5
ASN1_OCTET_STRING krb5_princ;
#endif /* OPENSSL_NO_KRB5 */
a.session_id_context.type = V_ASN1_OCTET_STRING;
a.session_id_context.data = in->sid_ctx;
- a.key_arg.length = in->key_arg_length;
- a.key_arg.type = V_ASN1_OCTET_STRING;
- a.key_arg.data = in->key_arg;
-
#ifndef OPENSSL_NO_KRB5
if (in->krb5_client_princ_len) {
a.krb5_princ.length = in->krb5_client_princ_len;
a.time.length = LSIZE2;
a.time.type = V_ASN1_INTEGER;
a.time.data = ibuf3;
- ASN1_INTEGER_set(&(a.time), in->time);
+ ASN1_INTEGER_set(&(a.time), in->time); /* XXX 2038 */
}
if (in->timeout != 0L) {
if (in->krb5_client_princ_len)
M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
#endif /* OPENSSL_NO_KRB5 */
- if (in->key_arg_length > 0)
- M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING);
if (in->time != 0L)
M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
if (in->timeout != 0L)
if (in->krb5_client_princ_len)
M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
#endif /* OPENSSL_NO_KRB5 */
- if (in->key_arg_length > 0)
- M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0);
if (in->time != 0L)
M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
if (in->timeout != 0L)
ret->krb5_client_princ_len = 0;
#endif /* OPENSSL_NO_KRB5 */
- M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING);
- if (os.length > SSL_MAX_KEY_ARG_LENGTH)
- ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH;
- else
- ret->key_arg_length = os.length;
- memcpy(ret->key_arg, os.data, ret->key_arg_length);
- if (os.data != NULL)
- free(os.data);
-
ai.length = 0;
- M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1);
+ M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); /* XXX 2038 */
if (ai.data != NULL) {
ret->time = ASN1_INTEGER_get(aip);
free(ai.data);
ai.data = NULL;
ai.length = 0;
} else
- ret->time = (unsigned long)time(NULL);
+ ret->time = time(NULL);
ai.length = 0;
M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2);
ret->references = 1;
ret->quiet_shutdown = 0;
-/* ret->cipher=NULL;*/
-/* ret->s2->challenge=NULL;
+/* ret->cipher=NULL;
ret->master_key=NULL;
- ret->key_arg=NULL;
- ret->s2->conn_id=NULL;
*/
ret->info_callback = NULL;
if ((((mode & SSL_SESS_CACHE_CLIENT)
?s->session_ctx->stats.sess_connect_good
:s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
- SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
+ SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
}
}
}
ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
ss->references = 1;
ss->timeout=60*5+4; /* 5 minute timeout by default */
- ss->time = (unsigned long)time(NULL);
+ ss->time = time(NULL);
ss->prev = NULL;
ss->next = NULL;
ss->compress_meth = 0;
goto err;
}
- if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
+ if (ret->timeout < (time(NULL) - ret->time)) /* timeout */
{
s->session_ctx->stats.sess_timeout++;
if (try_session_cache) {
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
- OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg);
OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
if (ss->sess_cert != NULL)
return (s->timeout);
}
+/* XXX 2038 */
long
SSL_SESSION_get_time(const SSL_SESSION *s)
{
return (s->time);
}
+/* XXX 2038 */
long
SSL_SESSION_set_time(SSL_SESSION *s, long t)
{
static void
timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
{
- if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
+ if ((p->time == 0) || (p->time > (s->time + s->timeout))) /* timeout */
{
/* The reason we don't call SSL_CTX_remove_session() is to
* save on locking overhead */
static
IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
+/* XXX 2038 */
void
SSL_CTX_flush_sessions(SSL_CTX *s, long t)
{
if (BIO_printf(bp, "%02X", x->master_key[i])
<= 0) goto err;
}
- if (BIO_puts(bp, "\n Key-Arg : ")
- <= 0) goto err;
- if (x->key_arg_length == 0) {
- if (BIO_puts(bp, "None")
- <= 0) goto err;
- } else
- for (i = 0; i < x->key_arg_length; i++) {
- if (BIO_printf(bp, "%02X", x->key_arg[i])
- <= 0) goto err;
- }
#ifndef OPENSSL_NO_KRB5
if (BIO_puts(bp, "\n Krb5 Principal: ")
<= 0) goto err;
}
}
#endif
- if (x->time != 0L) {
- if (BIO_printf(bp, "\n Start Time: %ld", x->time)
+ if (x->time != 0) {
+ if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time)
<= 0) goto err;
}
if (x->timeout != 0L) {
}
}
- s->session->key_arg_length = 0;
#ifdef KSSL_DEBUG
{
int i;
};
-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+/* Used to hold functions for SSLv3/TLSv1 functions */
struct ssl_method_st {
int version;
int (*ssl_new)(SSL *s);
* Session_ID OCTET STRING, -- the Session ID
* Master_key OCTET STRING, -- the master key
* KRB5_principal OCTET STRING -- optional Kerberos principal
- * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
* Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
* Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
* Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
int ssl_version; /* what ssl version session info is
* being kept in here? */
- /* only really used in SSLv2 */
- unsigned int key_arg_length;
- unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
int master_key_length;
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
/* session_id - valid? */
* is not ok, we must remember the error for session reuse: */
long verify_result; /* only for servers */
- int references;
long timeout;
- long time;
+ time_t time;
+ int references;
unsigned int compress_meth; /* Need to lookup the method */
CRYPTO_EX_DATA ex_data;
- const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */
const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
- const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
+ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */
STACK_OF(X509) *extra_certs;
STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
unsigned char *packet;
unsigned int packet_length;
- struct ssl2_state_st *s2; /* SSLv2 variables */
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
-const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_method(void); /* SSLv3 or TLSv1.* */
+const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 or TLSv1.* */
+const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 or TLSv1.* */
const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
-major=23
+major=24
minor=0
ASN1_OCTET_STRING master_key;
ASN1_OCTET_STRING session_id;
ASN1_OCTET_STRING session_id_context;
- ASN1_OCTET_STRING key_arg;
#ifndef OPENSSL_NO_KRB5
ASN1_OCTET_STRING krb5_princ;
#endif /* OPENSSL_NO_KRB5 */
a.session_id_context.type = V_ASN1_OCTET_STRING;
a.session_id_context.data = in->sid_ctx;
- a.key_arg.length = in->key_arg_length;
- a.key_arg.type = V_ASN1_OCTET_STRING;
- a.key_arg.data = in->key_arg;
-
#ifndef OPENSSL_NO_KRB5
if (in->krb5_client_princ_len) {
a.krb5_princ.length = in->krb5_client_princ_len;
a.time.length = LSIZE2;
a.time.type = V_ASN1_INTEGER;
a.time.data = ibuf3;
- ASN1_INTEGER_set(&(a.time), in->time);
+ ASN1_INTEGER_set(&(a.time), in->time); /* XXX 2038 */
}
if (in->timeout != 0L) {
if (in->krb5_client_princ_len)
M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
#endif /* OPENSSL_NO_KRB5 */
- if (in->key_arg_length > 0)
- M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING);
if (in->time != 0L)
M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
if (in->timeout != 0L)
if (in->krb5_client_princ_len)
M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
#endif /* OPENSSL_NO_KRB5 */
- if (in->key_arg_length > 0)
- M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0);
if (in->time != 0L)
M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
if (in->timeout != 0L)
ret->krb5_client_princ_len = 0;
#endif /* OPENSSL_NO_KRB5 */
- M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING);
- if (os.length > SSL_MAX_KEY_ARG_LENGTH)
- ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH;
- else
- ret->key_arg_length = os.length;
- memcpy(ret->key_arg, os.data, ret->key_arg_length);
- if (os.data != NULL)
- free(os.data);
-
ai.length = 0;
- M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1);
+ M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); /* XXX 2038 */
if (ai.data != NULL) {
ret->time = ASN1_INTEGER_get(aip);
free(ai.data);
ai.data = NULL;
ai.length = 0;
} else
- ret->time = (unsigned long)time(NULL);
+ ret->time = time(NULL);
ai.length = 0;
M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2);
ret->references = 1;
ret->quiet_shutdown = 0;
-/* ret->cipher=NULL;*/
-/* ret->s2->challenge=NULL;
+/* ret->cipher=NULL;
ret->master_key=NULL;
- ret->key_arg=NULL;
- ret->s2->conn_id=NULL;
*/
ret->info_callback = NULL;
if ((((mode & SSL_SESS_CACHE_CLIENT)
?s->session_ctx->stats.sess_connect_good
:s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
- SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
+ SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
}
}
}
ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
ss->references = 1;
ss->timeout=60*5+4; /* 5 minute timeout by default */
- ss->time = (unsigned long)time(NULL);
+ ss->time = time(NULL);
ss->prev = NULL;
ss->next = NULL;
ss->compress_meth = 0;
goto err;
}
- if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
+ if (ret->timeout < (time(NULL) - ret->time)) /* timeout */
{
s->session_ctx->stats.sess_timeout++;
if (try_session_cache) {
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
- OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg);
OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
if (ss->sess_cert != NULL)
return (s->timeout);
}
+/* XXX 2038 */
long
SSL_SESSION_get_time(const SSL_SESSION *s)
{
return (s->time);
}
+/* XXX 2038 */
long
SSL_SESSION_set_time(SSL_SESSION *s, long t)
{
static void
timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
{
- if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
+ if ((p->time == 0) || (p->time > (s->time + s->timeout))) /* timeout */
{
/* The reason we don't call SSL_CTX_remove_session() is to
* save on locking overhead */
static
IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
+/* XXX 2038 */
void
SSL_CTX_flush_sessions(SSL_CTX *s, long t)
{
if (BIO_printf(bp, "%02X", x->master_key[i])
<= 0) goto err;
}
- if (BIO_puts(bp, "\n Key-Arg : ")
- <= 0) goto err;
- if (x->key_arg_length == 0) {
- if (BIO_puts(bp, "None")
- <= 0) goto err;
- } else
- for (i = 0; i < x->key_arg_length; i++) {
- if (BIO_printf(bp, "%02X", x->key_arg[i])
- <= 0) goto err;
- }
#ifndef OPENSSL_NO_KRB5
if (BIO_puts(bp, "\n Krb5 Principal: ")
<= 0) goto err;
}
}
#endif
- if (x->time != 0L) {
- if (BIO_printf(bp, "\n Start Time: %ld", x->time)
+ if (x->time != 0) {
+ if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time)
<= 0) goto err;
}
if (x->timeout != 0L) {
}
}
- s->session->key_arg_length = 0;
#ifdef KSSL_DEBUG
{
int i;
projects / openbsd / commitdiff