ssl_sess.c 41 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409
  1. /*
  2. * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright 2005 Nokia. All rights reserved.
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. #if defined(__TANDEM) && defined(_SPT_MODEL_)
  11. # include <spthread.h>
  12. # include <spt_extensions.h> /* timeval */
  13. #endif
  14. #include <stdio.h>
  15. #include <openssl/rand.h>
  16. #include <openssl/engine.h>
  17. #include "internal/refcount.h"
  18. #include "internal/cryptlib.h"
  19. #include "ssl_local.h"
  20. #include "statem/statem_local.h"
  21. static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
  22. static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
  23. static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
  24. DEFINE_STACK_OF(SSL_SESSION)
  25. __owur static ossl_inline int sess_timedout(OSSL_TIME t, SSL_SESSION *ss)
  26. {
  27. return ossl_time_compare(t, ss->calc_timeout) > 0;
  28. }
  29. /*
  30. * Returns -1/0/+1 as other XXXcmp-type functions
  31. * Takes calculated timeout into consideration
  32. */
  33. __owur static ossl_inline int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b)
  34. {
  35. return ossl_time_compare(a->calc_timeout, b->calc_timeout);
  36. }
  37. /*
  38. * Calculates effective timeout
  39. * Locking must be done by the caller of this function
  40. */
  41. void ssl_session_calculate_timeout(SSL_SESSION *ss)
  42. {
  43. ss->calc_timeout = ossl_time_add(ss->time, ss->timeout);
  44. }
  45. /*
  46. * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because,
  47. * unlike in earlier protocol versions, the session ticket may not have been
  48. * sent yet even though a handshake has finished. The session ticket data could
  49. * come in sometime later...or even change if multiple session ticket messages
  50. * are sent from the server. The preferred way for applications to obtain
  51. * a resumable session is to use SSL_CTX_sess_set_new_cb().
  52. */
  53. SSL_SESSION *SSL_get_session(const SSL *ssl)
  54. /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
  55. {
  56. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  57. if (sc == NULL)
  58. return NULL;
  59. return sc->session;
  60. }
  61. SSL_SESSION *SSL_get1_session(SSL *ssl)
  62. /* variant of SSL_get_session: caller really gets something */
  63. {
  64. SSL_SESSION *sess;
  65. /*
  66. * Need to lock this all up rather than just use CRYPTO_add so that
  67. * somebody doesn't free ssl->session between when we check it's non-null
  68. * and when we up the reference count.
  69. */
  70. if (!CRYPTO_THREAD_read_lock(ssl->lock))
  71. return NULL;
  72. sess = SSL_get_session(ssl);
  73. if (sess != NULL)
  74. SSL_SESSION_up_ref(sess);
  75. CRYPTO_THREAD_unlock(ssl->lock);
  76. return sess;
  77. }
  78. int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
  79. {
  80. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  81. }
  82. void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
  83. {
  84. return CRYPTO_get_ex_data(&s->ex_data, idx);
  85. }
  86. SSL_SESSION *SSL_SESSION_new(void)
  87. {
  88. SSL_SESSION *ss;
  89. if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
  90. return NULL;
  91. ss = OPENSSL_zalloc(sizeof(*ss));
  92. if (ss == NULL)
  93. return NULL;
  94. ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
  95. /* 5 minute timeout by default */
  96. ss->timeout = ossl_seconds2time(60 * 5 + 4);
  97. ss->time = ossl_time_now();
  98. ssl_session_calculate_timeout(ss);
  99. if (!CRYPTO_NEW_REF(&ss->references, 1)) {
  100. OPENSSL_free(ss);
  101. return NULL;
  102. }
  103. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
  104. CRYPTO_FREE_REF(&ss->references);
  105. OPENSSL_free(ss);
  106. return NULL;
  107. }
  108. return ss;
  109. }
  110. SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
  111. {
  112. return ssl_session_dup(src, 1);
  113. }
  114. /*
  115. * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
  116. * ticket == 0 then no ticket information is duplicated, otherwise it is.
  117. */
  118. SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
  119. {
  120. SSL_SESSION *dest;
  121. dest = OPENSSL_malloc(sizeof(*dest));
  122. if (dest == NULL)
  123. return NULL;
  124. memcpy(dest, src, sizeof(*dest));
  125. /*
  126. * Set the various pointers to NULL so that we can call SSL_SESSION_free in
  127. * the case of an error whilst halfway through constructing dest
  128. */
  129. #ifndef OPENSSL_NO_PSK
  130. dest->psk_identity_hint = NULL;
  131. dest->psk_identity = NULL;
  132. #endif
  133. dest->ext.hostname = NULL;
  134. dest->ext.tick = NULL;
  135. dest->ext.alpn_selected = NULL;
  136. #ifndef OPENSSL_NO_SRP
  137. dest->srp_username = NULL;
  138. #endif
  139. dest->peer_chain = NULL;
  140. dest->peer = NULL;
  141. dest->peer_rpk = NULL;
  142. dest->ticket_appdata = NULL;
  143. memset(&dest->ex_data, 0, sizeof(dest->ex_data));
  144. /* As the copy is not in the cache, we remove the associated pointers */
  145. dest->prev = NULL;
  146. dest->next = NULL;
  147. dest->owner = NULL;
  148. if (!CRYPTO_NEW_REF(&dest->references, 1)) {
  149. OPENSSL_free(dest);
  150. return NULL;
  151. }
  152. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) {
  153. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  154. goto err;
  155. }
  156. if (src->peer != NULL) {
  157. if (!X509_up_ref(src->peer)) {
  158. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  159. goto err;
  160. }
  161. dest->peer = src->peer;
  162. }
  163. if (src->peer_chain != NULL) {
  164. dest->peer_chain = X509_chain_up_ref(src->peer_chain);
  165. if (dest->peer_chain == NULL) {
  166. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  167. goto err;
  168. }
  169. }
  170. if (src->peer_rpk != NULL) {
  171. if (!EVP_PKEY_up_ref(src->peer_rpk))
  172. goto err;
  173. dest->peer_rpk = src->peer_rpk;
  174. }
  175. #ifndef OPENSSL_NO_PSK
  176. if (src->psk_identity_hint) {
  177. dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
  178. if (dest->psk_identity_hint == NULL)
  179. goto err;
  180. }
  181. if (src->psk_identity) {
  182. dest->psk_identity = OPENSSL_strdup(src->psk_identity);
  183. if (dest->psk_identity == NULL)
  184. goto err;
  185. }
  186. #endif
  187. if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
  188. &dest->ex_data, &src->ex_data)) {
  189. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  190. goto err;
  191. }
  192. if (src->ext.hostname) {
  193. dest->ext.hostname = OPENSSL_strdup(src->ext.hostname);
  194. if (dest->ext.hostname == NULL)
  195. goto err;
  196. }
  197. if (ticket != 0 && src->ext.tick != NULL) {
  198. dest->ext.tick =
  199. OPENSSL_memdup(src->ext.tick, src->ext.ticklen);
  200. if (dest->ext.tick == NULL)
  201. goto err;
  202. } else {
  203. dest->ext.tick_lifetime_hint = 0;
  204. dest->ext.ticklen = 0;
  205. }
  206. if (src->ext.alpn_selected != NULL) {
  207. dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected,
  208. src->ext.alpn_selected_len);
  209. if (dest->ext.alpn_selected == NULL)
  210. goto err;
  211. }
  212. #ifndef OPENSSL_NO_SRP
  213. if (src->srp_username) {
  214. dest->srp_username = OPENSSL_strdup(src->srp_username);
  215. if (dest->srp_username == NULL)
  216. goto err;
  217. }
  218. #endif
  219. if (src->ticket_appdata != NULL) {
  220. dest->ticket_appdata =
  221. OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len);
  222. if (dest->ticket_appdata == NULL)
  223. goto err;
  224. }
  225. return dest;
  226. err:
  227. SSL_SESSION_free(dest);
  228. return NULL;
  229. }
  230. const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
  231. {
  232. if (len)
  233. *len = (unsigned int)s->session_id_length;
  234. return s->session_id;
  235. }
  236. const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
  237. unsigned int *len)
  238. {
  239. if (len != NULL)
  240. *len = (unsigned int)s->sid_ctx_length;
  241. return s->sid_ctx;
  242. }
  243. unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
  244. {
  245. return s->compress_meth;
  246. }
  247. /*
  248. * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
  249. * the ID with random junk repeatedly until we have no conflict is going to
  250. * complete in one iteration pretty much "most" of the time (btw:
  251. * understatement). So, if it takes us 10 iterations and we still can't avoid
  252. * a conflict - well that's a reasonable point to call it quits. Either the
  253. * RAND code is broken or someone is trying to open roughly very close to
  254. * 2^256 SSL sessions to our server. How you might store that many sessions
  255. * is perhaps a more interesting question ...
  256. */
  257. #define MAX_SESS_ID_ATTEMPTS 10
  258. static int def_generate_session_id(SSL *ssl, unsigned char *id,
  259. unsigned int *id_len)
  260. {
  261. unsigned int retry = 0;
  262. do {
  263. if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0)
  264. return 0;
  265. #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  266. if (retry > 0) {
  267. id[0]++;
  268. }
  269. #endif
  270. } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
  271. (++retry < MAX_SESS_ID_ATTEMPTS)) ;
  272. if (retry < MAX_SESS_ID_ATTEMPTS)
  273. return 1;
  274. /* else - woops a session_id match */
  275. /*
  276. * XXX We should also check the external cache -- but the probability of
  277. * a collision is negligible, and we could not prevent the concurrent
  278. * creation of sessions with identical IDs since we currently don't have
  279. * means to atomically check whether a session ID already exists and make
  280. * a reservation for it if it does not (this problem applies to the
  281. * internal cache as well).
  282. */
  283. return 0;
  284. }
  285. int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss)
  286. {
  287. unsigned int tmp;
  288. GEN_SESSION_CB cb = def_generate_session_id;
  289. SSL *ssl = SSL_CONNECTION_GET_SSL(s);
  290. switch (s->version) {
  291. case SSL3_VERSION:
  292. case TLS1_VERSION:
  293. case TLS1_1_VERSION:
  294. case TLS1_2_VERSION:
  295. case TLS1_3_VERSION:
  296. case DTLS1_BAD_VER:
  297. case DTLS1_VERSION:
  298. case DTLS1_2_VERSION:
  299. ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
  300. break;
  301. default:
  302. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNSUPPORTED_SSL_VERSION);
  303. return 0;
  304. }
  305. /*-
  306. * If RFC5077 ticket, use empty session ID (as server).
  307. * Note that:
  308. * (a) ssl_get_prev_session() does lookahead into the
  309. * ClientHello extensions to find the session ticket.
  310. * When ssl_get_prev_session() fails, statem_srvr.c calls
  311. * ssl_get_new_session() in tls_process_client_hello().
  312. * At that point, it has not yet parsed the extensions,
  313. * however, because of the lookahead, it already knows
  314. * whether a ticket is expected or not.
  315. *
  316. * (b) statem_clnt.c calls ssl_get_new_session() before parsing
  317. * ServerHello extensions, and before recording the session
  318. * ID received from the server, so this block is a noop.
  319. */
  320. if (s->ext.ticket_expected) {
  321. ss->session_id_length = 0;
  322. return 1;
  323. }
  324. /* Choose which callback will set the session ID */
  325. if (!CRYPTO_THREAD_read_lock(SSL_CONNECTION_GET_SSL(s)->lock))
  326. return 0;
  327. if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) {
  328. CRYPTO_THREAD_unlock(ssl->lock);
  329. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  330. SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
  331. return 0;
  332. }
  333. if (s->generate_session_id)
  334. cb = s->generate_session_id;
  335. else if (s->session_ctx->generate_session_id)
  336. cb = s->session_ctx->generate_session_id;
  337. CRYPTO_THREAD_unlock(s->session_ctx->lock);
  338. CRYPTO_THREAD_unlock(ssl->lock);
  339. /* Choose a session ID */
  340. memset(ss->session_id, 0, ss->session_id_length);
  341. tmp = (int)ss->session_id_length;
  342. if (!cb(ssl, ss->session_id, &tmp)) {
  343. /* The callback failed */
  344. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  345. SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
  346. return 0;
  347. }
  348. /*
  349. * Don't allow the callback to set the session length to zero. nor
  350. * set it higher than it was.
  351. */
  352. if (tmp == 0 || tmp > ss->session_id_length) {
  353. /* The callback set an illegal length */
  354. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  355. SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
  356. return 0;
  357. }
  358. ss->session_id_length = tmp;
  359. /* Finally, check for a conflict */
  360. if (SSL_has_matching_session_id(ssl, ss->session_id,
  361. (unsigned int)ss->session_id_length)) {
  362. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT);
  363. return 0;
  364. }
  365. return 1;
  366. }
  367. int ssl_get_new_session(SSL_CONNECTION *s, int session)
  368. {
  369. /* This gets used by clients and servers. */
  370. SSL_SESSION *ss = NULL;
  371. if ((ss = SSL_SESSION_new()) == NULL) {
  372. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB);
  373. return 0;
  374. }
  375. /* If the context has a default timeout, use it */
  376. if (ossl_time_is_zero(s->session_ctx->session_timeout))
  377. ss->timeout = SSL_CONNECTION_GET_SSL(s)->method->get_timeout();
  378. else
  379. ss->timeout = s->session_ctx->session_timeout;
  380. ssl_session_calculate_timeout(ss);
  381. SSL_SESSION_free(s->session);
  382. s->session = NULL;
  383. if (session) {
  384. if (SSL_CONNECTION_IS_TLS13(s)) {
  385. /*
  386. * We generate the session id while constructing the
  387. * NewSessionTicket in TLSv1.3.
  388. */
  389. ss->session_id_length = 0;
  390. } else if (!ssl_generate_session_id(s, ss)) {
  391. /* SSLfatal() already called */
  392. SSL_SESSION_free(ss);
  393. return 0;
  394. }
  395. } else {
  396. ss->session_id_length = 0;
  397. }
  398. if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
  399. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  400. SSL_SESSION_free(ss);
  401. return 0;
  402. }
  403. memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
  404. ss->sid_ctx_length = s->sid_ctx_length;
  405. s->session = ss;
  406. ss->ssl_version = s->version;
  407. ss->verify_result = X509_V_OK;
  408. /* If client supports extended master secret set it in session */
  409. if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)
  410. ss->flags |= SSL_SESS_FLAG_EXTMS;
  411. return 1;
  412. }
  413. SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
  414. const unsigned char *sess_id,
  415. size_t sess_id_len)
  416. {
  417. SSL_SESSION *ret = NULL;
  418. if ((s->session_ctx->session_cache_mode
  419. & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) {
  420. SSL_SESSION data;
  421. data.ssl_version = s->version;
  422. if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH))
  423. return NULL;
  424. memcpy(data.session_id, sess_id, sess_id_len);
  425. data.session_id_length = sess_id_len;
  426. if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock))
  427. return NULL;
  428. ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
  429. if (ret != NULL) {
  430. /* don't allow other threads to steal it: */
  431. SSL_SESSION_up_ref(ret);
  432. }
  433. CRYPTO_THREAD_unlock(s->session_ctx->lock);
  434. if (ret == NULL)
  435. ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_miss);
  436. }
  437. if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
  438. int copy = 1;
  439. ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_SSL(s),
  440. sess_id, sess_id_len, &copy);
  441. if (ret != NULL) {
  442. ssl_tsan_counter(s->session_ctx,
  443. &s->session_ctx->stats.sess_cb_hit);
  444. /*
  445. * Increment reference count now if the session callback asks us
  446. * to do so (note that if the session structures returned by the
  447. * callback are shared between threads, it must handle the
  448. * reference count itself [i.e. copy == 0], or things won't be
  449. * thread-safe).
  450. */
  451. if (copy)
  452. SSL_SESSION_up_ref(ret);
  453. /*
  454. * Add the externally cached session to the internal cache as
  455. * well if and only if we are supposed to.
  456. */
  457. if ((s->session_ctx->session_cache_mode &
  458. SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) {
  459. /*
  460. * Either return value of SSL_CTX_add_session should not
  461. * interrupt the session resumption process. The return
  462. * value is intentionally ignored.
  463. */
  464. (void)SSL_CTX_add_session(s->session_ctx, ret);
  465. }
  466. }
  467. }
  468. return ret;
  469. }
  470. /*-
  471. * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
  472. * connection. It is only called by servers.
  473. *
  474. * hello: The parsed ClientHello data
  475. *
  476. * Returns:
  477. * -1: fatal error
  478. * 0: no session found
  479. * 1: a session may have been found.
  480. *
  481. * Side effects:
  482. * - If a session is found then s->session is pointed at it (after freeing an
  483. * existing session if need be) and s->verify_result is set from the session.
  484. * - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
  485. * if the server should issue a new session ticket (to 0 otherwise).
  486. */
  487. int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello)
  488. {
  489. /* This is used only by servers. */
  490. SSL_SESSION *ret = NULL;
  491. int fatal = 0;
  492. int try_session_cache = 0;
  493. SSL_TICKET_STATUS r;
  494. if (SSL_CONNECTION_IS_TLS13(s)) {
  495. /*
  496. * By default we will send a new ticket. This can be overridden in the
  497. * ticket processing.
  498. */
  499. s->ext.ticket_expected = 1;
  500. if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
  501. SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
  502. NULL, 0)
  503. || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO,
  504. hello->pre_proc_exts, NULL, 0))
  505. return -1;
  506. ret = s->session;
  507. } else {
  508. /* sets s->ext.ticket_expected */
  509. r = tls_get_ticket_from_client(s, hello, &ret);
  510. switch (r) {
  511. case SSL_TICKET_FATAL_ERR_MALLOC:
  512. case SSL_TICKET_FATAL_ERR_OTHER:
  513. fatal = 1;
  514. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  515. goto err;
  516. case SSL_TICKET_NONE:
  517. case SSL_TICKET_EMPTY:
  518. if (hello->session_id_len > 0) {
  519. try_session_cache = 1;
  520. ret = lookup_sess_in_cache(s, hello->session_id,
  521. hello->session_id_len);
  522. }
  523. break;
  524. case SSL_TICKET_NO_DECRYPT:
  525. case SSL_TICKET_SUCCESS:
  526. case SSL_TICKET_SUCCESS_RENEW:
  527. break;
  528. }
  529. }
  530. if (ret == NULL)
  531. goto err;
  532. /* Now ret is non-NULL and we own one of its reference counts. */
  533. /* Check TLS version consistency */
  534. if (ret->ssl_version != s->version)
  535. goto err;
  536. if (ret->sid_ctx_length != s->sid_ctx_length
  537. || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
  538. /*
  539. * We have the session requested by the client, but we don't want to
  540. * use it in this context.
  541. */
  542. goto err; /* treat like cache miss */
  543. }
  544. if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
  545. /*
  546. * We can't be sure if this session is being used out of context,
  547. * which is especially important for SSL_VERIFY_PEER. The application
  548. * should have used SSL[_CTX]_set_session_id_context. For this error
  549. * case, we generate an error instead of treating the event like a
  550. * cache miss (otherwise it would be easy for applications to
  551. * effectively disable the session cache by accident without anyone
  552. * noticing).
  553. */
  554. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  555. SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
  556. fatal = 1;
  557. goto err;
  558. }
  559. if (sess_timedout(ossl_time_now(), ret)) {
  560. ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_timeout);
  561. if (try_session_cache) {
  562. /* session was from the cache, so remove it */
  563. SSL_CTX_remove_session(s->session_ctx, ret);
  564. }
  565. goto err;
  566. }
  567. /* Check extended master secret extension consistency */
  568. if (ret->flags & SSL_SESS_FLAG_EXTMS) {
  569. /* If old session includes extms, but new does not: abort handshake */
  570. if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
  571. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS);
  572. fatal = 1;
  573. goto err;
  574. }
  575. } else if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
  576. /* If new session includes extms, but old does not: do not resume */
  577. goto err;
  578. }
  579. if (!SSL_CONNECTION_IS_TLS13(s)) {
  580. /* We already did this for TLS1.3 */
  581. SSL_SESSION_free(s->session);
  582. s->session = ret;
  583. }
  584. ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_hit);
  585. s->verify_result = s->session->verify_result;
  586. return 1;
  587. err:
  588. if (ret != NULL) {
  589. SSL_SESSION_free(ret);
  590. /* In TLSv1.3 s->session was already set to ret, so we NULL it out */
  591. if (SSL_CONNECTION_IS_TLS13(s))
  592. s->session = NULL;
  593. if (!try_session_cache) {
  594. /*
  595. * The session was from a ticket, so we should issue a ticket for
  596. * the new session
  597. */
  598. s->ext.ticket_expected = 1;
  599. }
  600. }
  601. if (fatal)
  602. return -1;
  603. return 0;
  604. }
  605. int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
  606. {
  607. int ret = 0;
  608. SSL_SESSION *s;
  609. /*
  610. * add just 1 reference count for the SSL_CTX's session cache even though
  611. * it has two ways of access: each session is in a doubly linked list and
  612. * an lhash
  613. */
  614. SSL_SESSION_up_ref(c);
  615. /*
  616. * if session c is in already in cache, we take back the increment later
  617. */
  618. if (!CRYPTO_THREAD_write_lock(ctx->lock)) {
  619. SSL_SESSION_free(c);
  620. return 0;
  621. }
  622. s = lh_SSL_SESSION_insert(ctx->sessions, c);
  623. /*
  624. * s != NULL iff we already had a session with the given PID. In this
  625. * case, s == c should hold (then we did not really modify
  626. * ctx->sessions), or we're in trouble.
  627. */
  628. if (s != NULL && s != c) {
  629. /* We *are* in trouble ... */
  630. SSL_SESSION_list_remove(ctx, s);
  631. SSL_SESSION_free(s);
  632. /*
  633. * ... so pretend the other session did not exist in cache (we cannot
  634. * handle two SSL_SESSION structures with identical session ID in the
  635. * same cache, which could happen e.g. when two threads concurrently
  636. * obtain the same session from an external cache)
  637. */
  638. s = NULL;
  639. } else if (s == NULL &&
  640. lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
  641. /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
  642. /*
  643. * ... so take back the extra reference and also don't add
  644. * the session to the SSL_SESSION_list at this time
  645. */
  646. s = c;
  647. }
  648. /* Adjust last used time, and add back into the cache at the appropriate spot */
  649. if (ctx->session_cache_mode & SSL_SESS_CACHE_UPDATE_TIME) {
  650. c->time = ossl_time_now();
  651. ssl_session_calculate_timeout(c);
  652. }
  653. if (s == NULL) {
  654. /*
  655. * new cache entry -- remove old ones if cache has become too large
  656. * delete cache entry *before* add, so we don't remove the one we're adding!
  657. */
  658. ret = 1;
  659. if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
  660. while (SSL_CTX_sess_number(ctx) >= SSL_CTX_sess_get_cache_size(ctx)) {
  661. if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
  662. break;
  663. else
  664. ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full);
  665. }
  666. }
  667. }
  668. SSL_SESSION_list_add(ctx, c);
  669. if (s != NULL) {
  670. /*
  671. * existing cache entry -- decrement previously incremented reference
  672. * count because it already takes into account the cache
  673. */
  674. SSL_SESSION_free(s); /* s == c */
  675. ret = 0;
  676. }
  677. CRYPTO_THREAD_unlock(ctx->lock);
  678. return ret;
  679. }
  680. int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
  681. {
  682. return remove_session_lock(ctx, c, 1);
  683. }
  684. static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
  685. {
  686. SSL_SESSION *r;
  687. int ret = 0;
  688. if ((c != NULL) && (c->session_id_length != 0)) {
  689. if (lck) {
  690. if (!CRYPTO_THREAD_write_lock(ctx->lock))
  691. return 0;
  692. }
  693. if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
  694. ret = 1;
  695. r = lh_SSL_SESSION_delete(ctx->sessions, r);
  696. SSL_SESSION_list_remove(ctx, r);
  697. }
  698. c->not_resumable = 1;
  699. if (lck)
  700. CRYPTO_THREAD_unlock(ctx->lock);
  701. if (ctx->remove_session_cb != NULL)
  702. ctx->remove_session_cb(ctx, c);
  703. if (ret)
  704. SSL_SESSION_free(r);
  705. }
  706. return ret;
  707. }
  708. void SSL_SESSION_free(SSL_SESSION *ss)
  709. {
  710. int i;
  711. if (ss == NULL)
  712. return;
  713. CRYPTO_DOWN_REF(&ss->references, &i);
  714. REF_PRINT_COUNT("SSL_SESSION", ss);
  715. if (i > 0)
  716. return;
  717. REF_ASSERT_ISNT(i < 0);
  718. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
  719. OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
  720. OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
  721. X509_free(ss->peer);
  722. EVP_PKEY_free(ss->peer_rpk);
  723. OSSL_STACK_OF_X509_free(ss->peer_chain);
  724. OPENSSL_free(ss->ext.hostname);
  725. OPENSSL_free(ss->ext.tick);
  726. #ifndef OPENSSL_NO_PSK
  727. OPENSSL_free(ss->psk_identity_hint);
  728. OPENSSL_free(ss->psk_identity);
  729. #endif
  730. #ifndef OPENSSL_NO_SRP
  731. OPENSSL_free(ss->srp_username);
  732. #endif
  733. OPENSSL_free(ss->ext.alpn_selected);
  734. OPENSSL_free(ss->ticket_appdata);
  735. CRYPTO_FREE_REF(&ss->references);
  736. OPENSSL_clear_free(ss, sizeof(*ss));
  737. }
  738. int SSL_SESSION_up_ref(SSL_SESSION *ss)
  739. {
  740. int i;
  741. if (CRYPTO_UP_REF(&ss->references, &i) <= 0)
  742. return 0;
  743. REF_PRINT_COUNT("SSL_SESSION", ss);
  744. REF_ASSERT_ISNT(i < 2);
  745. return ((i > 1) ? 1 : 0);
  746. }
  747. int SSL_set_session(SSL *s, SSL_SESSION *session)
  748. {
  749. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  750. if (sc == NULL)
  751. return 0;
  752. ssl_clear_bad_session(sc);
  753. if (s->defltmeth != s->method) {
  754. if (!SSL_set_ssl_method(s, s->defltmeth))
  755. return 0;
  756. }
  757. if (session != NULL) {
  758. SSL_SESSION_up_ref(session);
  759. sc->verify_result = session->verify_result;
  760. }
  761. SSL_SESSION_free(sc->session);
  762. sc->session = session;
  763. return 1;
  764. }
  765. int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
  766. unsigned int sid_len)
  767. {
  768. if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
  769. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG);
  770. return 0;
  771. }
  772. s->session_id_length = sid_len;
  773. if (sid != s->session_id)
  774. memcpy(s->session_id, sid, sid_len);
  775. return 1;
  776. }
  777. long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
  778. {
  779. OSSL_TIME new_timeout = ossl_seconds2time(t);
  780. if (s == NULL || t < 0)
  781. return 0;
  782. if (s->owner != NULL) {
  783. if (!CRYPTO_THREAD_write_lock(s->owner->lock))
  784. return 0;
  785. s->timeout = new_timeout;
  786. ssl_session_calculate_timeout(s);
  787. SSL_SESSION_list_add(s->owner, s);
  788. CRYPTO_THREAD_unlock(s->owner->lock);
  789. } else {
  790. s->timeout = new_timeout;
  791. ssl_session_calculate_timeout(s);
  792. }
  793. return 1;
  794. }
  795. long SSL_SESSION_get_timeout(const SSL_SESSION *s)
  796. {
  797. if (s == NULL)
  798. return 0;
  799. return (long)ossl_time_to_time_t(s->timeout);
  800. }
  801. long SSL_SESSION_get_time(const SSL_SESSION *s)
  802. {
  803. if (s == NULL)
  804. return 0;
  805. return (long)ossl_time_to_time_t(s->time);
  806. }
  807. long SSL_SESSION_set_time(SSL_SESSION *s, long t)
  808. {
  809. OSSL_TIME new_time = ossl_time_from_time_t((time_t)t);
  810. if (s == NULL)
  811. return 0;
  812. if (s->owner != NULL) {
  813. if (!CRYPTO_THREAD_write_lock(s->owner->lock))
  814. return 0;
  815. s->time = new_time;
  816. ssl_session_calculate_timeout(s);
  817. SSL_SESSION_list_add(s->owner, s);
  818. CRYPTO_THREAD_unlock(s->owner->lock);
  819. } else {
  820. s->time = new_time;
  821. ssl_session_calculate_timeout(s);
  822. }
  823. return t;
  824. }
  825. int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
  826. {
  827. return s->ssl_version;
  828. }
  829. int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
  830. {
  831. s->ssl_version = version;
  832. return 1;
  833. }
  834. const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
  835. {
  836. return s->cipher;
  837. }
  838. int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher)
  839. {
  840. s->cipher = cipher;
  841. return 1;
  842. }
  843. const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
  844. {
  845. return s->ext.hostname;
  846. }
  847. int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
  848. {
  849. OPENSSL_free(s->ext.hostname);
  850. if (hostname == NULL) {
  851. s->ext.hostname = NULL;
  852. return 1;
  853. }
  854. s->ext.hostname = OPENSSL_strdup(hostname);
  855. return s->ext.hostname != NULL;
  856. }
  857. int SSL_SESSION_has_ticket(const SSL_SESSION *s)
  858. {
  859. return (s->ext.ticklen > 0) ? 1 : 0;
  860. }
  861. unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
  862. {
  863. return s->ext.tick_lifetime_hint;
  864. }
  865. void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
  866. size_t *len)
  867. {
  868. *len = s->ext.ticklen;
  869. if (tick != NULL)
  870. *tick = s->ext.tick;
  871. }
  872. uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
  873. {
  874. return s->ext.max_early_data;
  875. }
  876. int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
  877. {
  878. s->ext.max_early_data = max_early_data;
  879. return 1;
  880. }
  881. void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
  882. const unsigned char **alpn,
  883. size_t *len)
  884. {
  885. *alpn = s->ext.alpn_selected;
  886. *len = s->ext.alpn_selected_len;
  887. }
  888. int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
  889. size_t len)
  890. {
  891. OPENSSL_free(s->ext.alpn_selected);
  892. if (alpn == NULL || len == 0) {
  893. s->ext.alpn_selected = NULL;
  894. s->ext.alpn_selected_len = 0;
  895. return 1;
  896. }
  897. s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
  898. if (s->ext.alpn_selected == NULL) {
  899. s->ext.alpn_selected_len = 0;
  900. return 0;
  901. }
  902. s->ext.alpn_selected_len = len;
  903. return 1;
  904. }
  905. X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
  906. {
  907. return s->peer;
  908. }
  909. EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s)
  910. {
  911. return s->peer_rpk;
  912. }
  913. int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
  914. unsigned int sid_ctx_len)
  915. {
  916. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  917. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  918. return 0;
  919. }
  920. s->sid_ctx_length = sid_ctx_len;
  921. if (sid_ctx != s->sid_ctx)
  922. memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
  923. return 1;
  924. }
  925. int SSL_SESSION_is_resumable(const SSL_SESSION *s)
  926. {
  927. /*
  928. * In the case of EAP-FAST, we can have a pre-shared "ticket" without a
  929. * session ID.
  930. */
  931. return !s->not_resumable
  932. && (s->session_id_length > 0 || s->ext.ticklen > 0);
  933. }
  934. long SSL_CTX_set_timeout(SSL_CTX *s, long t)
  935. {
  936. long l;
  937. if (s == NULL)
  938. return 0;
  939. l = (long)ossl_time2seconds(s->session_timeout);
  940. s->session_timeout = ossl_seconds2time(t);
  941. return l;
  942. }
  943. long SSL_CTX_get_timeout(const SSL_CTX *s)
  944. {
  945. if (s == NULL)
  946. return 0;
  947. return (long)ossl_time2seconds(s->session_timeout);
  948. }
  949. int SSL_set_session_secret_cb(SSL *s,
  950. tls_session_secret_cb_fn tls_session_secret_cb,
  951. void *arg)
  952. {
  953. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  954. if (sc == NULL)
  955. return 0;
  956. sc->ext.session_secret_cb = tls_session_secret_cb;
  957. sc->ext.session_secret_cb_arg = arg;
  958. return 1;
  959. }
  960. int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
  961. void *arg)
  962. {
  963. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  964. if (sc == NULL)
  965. return 0;
  966. sc->ext.session_ticket_cb = cb;
  967. sc->ext.session_ticket_cb_arg = arg;
  968. return 1;
  969. }
  970. int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
  971. {
  972. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  973. if (sc == NULL)
  974. return 0;
  975. if (sc->version >= TLS1_VERSION) {
  976. OPENSSL_free(sc->ext.session_ticket);
  977. sc->ext.session_ticket = NULL;
  978. sc->ext.session_ticket =
  979. OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
  980. if (sc->ext.session_ticket == NULL)
  981. return 0;
  982. if (ext_data != NULL) {
  983. sc->ext.session_ticket->length = ext_len;
  984. sc->ext.session_ticket->data = sc->ext.session_ticket + 1;
  985. memcpy(sc->ext.session_ticket->data, ext_data, ext_len);
  986. } else {
  987. sc->ext.session_ticket->length = 0;
  988. sc->ext.session_ticket->data = NULL;
  989. }
  990. return 1;
  991. }
  992. return 0;
  993. }
  994. void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
  995. {
  996. STACK_OF(SSL_SESSION) *sk;
  997. SSL_SESSION *current;
  998. unsigned long i;
  999. const OSSL_TIME timeout = ossl_time_from_time_t(t);
  1000. if (!CRYPTO_THREAD_write_lock(s->lock))
  1001. return;
  1002. sk = sk_SSL_SESSION_new_null();
  1003. i = lh_SSL_SESSION_get_down_load(s->sessions);
  1004. lh_SSL_SESSION_set_down_load(s->sessions, 0);
  1005. /*
  1006. * Iterate over the list from the back (oldest), and stop
  1007. * when a session can no longer be removed.
  1008. * Add the session to a temporary list to be freed outside
  1009. * the SSL_CTX lock.
  1010. * But still do the remove_session_cb() within the lock.
  1011. */
  1012. while (s->session_cache_tail != NULL) {
  1013. current = s->session_cache_tail;
  1014. if (t == 0 || sess_timedout(timeout, current)) {
  1015. lh_SSL_SESSION_delete(s->sessions, current);
  1016. SSL_SESSION_list_remove(s, current);
  1017. current->not_resumable = 1;
  1018. if (s->remove_session_cb != NULL)
  1019. s->remove_session_cb(s, current);
  1020. /*
  1021. * Throw the session on a stack, it's entirely plausible
  1022. * that while freeing outside the critical section, the
  1023. * session could be re-added, so avoid using the next/prev
  1024. * pointers. If the stack failed to create, or the session
  1025. * couldn't be put on the stack, just free it here
  1026. */
  1027. if (sk == NULL || !sk_SSL_SESSION_push(sk, current))
  1028. SSL_SESSION_free(current);
  1029. } else {
  1030. break;
  1031. }
  1032. }
  1033. lh_SSL_SESSION_set_down_load(s->sessions, i);
  1034. CRYPTO_THREAD_unlock(s->lock);
  1035. sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free);
  1036. }
  1037. int ssl_clear_bad_session(SSL_CONNECTION *s)
  1038. {
  1039. if ((s->session != NULL) &&
  1040. !(s->shutdown & SSL_SENT_SHUTDOWN) &&
  1041. !(SSL_in_init(SSL_CONNECTION_GET_SSL(s))
  1042. || SSL_in_before(SSL_CONNECTION_GET_SSL(s)))) {
  1043. SSL_CTX_remove_session(s->session_ctx, s->session);
  1044. return 1;
  1045. } else
  1046. return 0;
  1047. }
  1048. /* locked by SSL_CTX in the calling function */
  1049. static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
  1050. {
  1051. if ((s->next == NULL) || (s->prev == NULL))
  1052. return;
  1053. if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
  1054. /* last element in list */
  1055. if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
  1056. /* only one element in list */
  1057. ctx->session_cache_head = NULL;
  1058. ctx->session_cache_tail = NULL;
  1059. } else {
  1060. ctx->session_cache_tail = s->prev;
  1061. s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
  1062. }
  1063. } else {
  1064. if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
  1065. /* first element in list */
  1066. ctx->session_cache_head = s->next;
  1067. s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
  1068. } else {
  1069. /* middle of list */
  1070. s->next->prev = s->prev;
  1071. s->prev->next = s->next;
  1072. }
  1073. }
  1074. s->prev = s->next = NULL;
  1075. s->owner = NULL;
  1076. }
  1077. static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
  1078. {
  1079. SSL_SESSION *next;
  1080. if ((s->next != NULL) && (s->prev != NULL))
  1081. SSL_SESSION_list_remove(ctx, s);
  1082. if (ctx->session_cache_head == NULL) {
  1083. ctx->session_cache_head = s;
  1084. ctx->session_cache_tail = s;
  1085. s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
  1086. s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
  1087. } else {
  1088. if (timeoutcmp(s, ctx->session_cache_head) >= 0) {
  1089. /*
  1090. * if we timeout after (or the same time as) the first
  1091. * session, put us first - usual case
  1092. */
  1093. s->next = ctx->session_cache_head;
  1094. s->next->prev = s;
  1095. s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
  1096. ctx->session_cache_head = s;
  1097. } else if (timeoutcmp(s, ctx->session_cache_tail) < 0) {
  1098. /* if we timeout before the last session, put us last */
  1099. s->prev = ctx->session_cache_tail;
  1100. s->prev->next = s;
  1101. s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
  1102. ctx->session_cache_tail = s;
  1103. } else {
  1104. /*
  1105. * we timeout somewhere in-between - if there is only
  1106. * one session in the cache it will be caught above
  1107. */
  1108. next = ctx->session_cache_head->next;
  1109. while (next != (SSL_SESSION*)&(ctx->session_cache_tail)) {
  1110. if (timeoutcmp(s, next) >= 0) {
  1111. s->next = next;
  1112. s->prev = next->prev;
  1113. next->prev->next = s;
  1114. next->prev = s;
  1115. break;
  1116. }
  1117. next = next->next;
  1118. }
  1119. }
  1120. }
  1121. s->owner = ctx;
  1122. }
  1123. void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
  1124. int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
  1125. {
  1126. ctx->new_session_cb = cb;
  1127. }
  1128. int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
  1129. return ctx->new_session_cb;
  1130. }
  1131. void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
  1132. void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
  1133. {
  1134. ctx->remove_session_cb = cb;
  1135. }
  1136. void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
  1137. SSL_SESSION *sess) {
  1138. return ctx->remove_session_cb;
  1139. }
  1140. void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
  1141. SSL_SESSION *(*cb) (SSL *ssl,
  1142. const unsigned char *data,
  1143. int len, int *copy))
  1144. {
  1145. ctx->get_session_cb = cb;
  1146. }
  1147. SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
  1148. const unsigned char
  1149. *data, int len,
  1150. int *copy) {
  1151. return ctx->get_session_cb;
  1152. }
  1153. void SSL_CTX_set_info_callback(SSL_CTX *ctx,
  1154. void (*cb) (const SSL *ssl, int type, int val))
  1155. {
  1156. ctx->info_callback = cb;
  1157. }
  1158. void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
  1159. int val) {
  1160. return ctx->info_callback;
  1161. }
  1162. void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
  1163. int (*cb) (SSL *ssl, X509 **x509,
  1164. EVP_PKEY **pkey))
  1165. {
  1166. ctx->client_cert_cb = cb;
  1167. }
  1168. int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
  1169. EVP_PKEY **pkey) {
  1170. return ctx->client_cert_cb;
  1171. }
  1172. void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
  1173. int (*cb) (SSL *ssl,
  1174. unsigned char *cookie,
  1175. unsigned int *cookie_len))
  1176. {
  1177. ctx->app_gen_cookie_cb = cb;
  1178. }
  1179. void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
  1180. int (*cb) (SSL *ssl,
  1181. const unsigned char *cookie,
  1182. unsigned int cookie_len))
  1183. {
  1184. ctx->app_verify_cookie_cb = cb;
  1185. }
  1186. int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len)
  1187. {
  1188. OPENSSL_free(ss->ticket_appdata);
  1189. ss->ticket_appdata_len = 0;
  1190. if (data == NULL || len == 0) {
  1191. ss->ticket_appdata = NULL;
  1192. return 1;
  1193. }
  1194. ss->ticket_appdata = OPENSSL_memdup(data, len);
  1195. if (ss->ticket_appdata != NULL) {
  1196. ss->ticket_appdata_len = len;
  1197. return 1;
  1198. }
  1199. return 0;
  1200. }
  1201. int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len)
  1202. {
  1203. *data = ss->ticket_appdata;
  1204. *len = ss->ticket_appdata_len;
  1205. return 1;
  1206. }
  1207. void SSL_CTX_set_stateless_cookie_generate_cb(
  1208. SSL_CTX *ctx,
  1209. int (*cb) (SSL *ssl,
  1210. unsigned char *cookie,
  1211. size_t *cookie_len))
  1212. {
  1213. ctx->gen_stateless_cookie_cb = cb;
  1214. }
  1215. void SSL_CTX_set_stateless_cookie_verify_cb(
  1216. SSL_CTX *ctx,
  1217. int (*cb) (SSL *ssl,
  1218. const unsigned char *cookie,
  1219. size_t cookie_len))
  1220. {
  1221. ctx->verify_stateless_cookie_cb = cb;
  1222. }
  1223. IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)