summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src/ssl/ssl_sess.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/src/ssl/ssl_sess.c')
-rw-r--r--lib/libssl/src/ssl/ssl_sess.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c
index 664f8c22305..a505e388fbe 100644
--- a/lib/libssl/src/ssl/ssl_sess.c
+++ b/lib/libssl/src/ssl/ssl_sess.c
@@ -308,9 +308,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
if (copy)
CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
- /* The following should not return 1, otherwise,
- * things are very strange */
- SSL_CTX_add_session(s->ctx,ret);
+ /* Add the externally cached session to the internal
+ * cache as well if and only if we are supposed to. */
+ if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+ /* The following should not return 1, otherwise,
+ * things are very strange */
+ SSL_CTX_add_session(s->ctx,ret);
}
if (ret == NULL)
goto err;
@@ -524,13 +527,13 @@ void SSL_SESSION_free(SSL_SESSION *ss)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
- memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
- memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
- memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
+ OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
+ OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
+ OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
if (ss->peer != NULL) X509_free(ss->peer);
if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
- memset(ss,0,sizeof(*ss));
+ OPENSSL_cleanse(ss,sizeof(*ss));
OPENSSL_free(ss);
}
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.