ssl_sess.c 42 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442
  1. /*
  2. * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright 2005 Nokia. All rights reserved.
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. #if defined(__TANDEM) && defined(_SPT_MODEL_)
  11. # include <spthread.h>
  12. # include <spt_extensions.h> /* timeval */
  13. #endif
  14. #include <stdio.h>
  15. #include <openssl/rand.h>
  16. #include <openssl/engine.h>
  17. #include "internal/refcount.h"
  18. #include "internal/cryptlib.h"
  19. #include "ssl_local.h"
  20. #include "statem/statem_local.h"
  21. static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
  22. static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
  23. static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
  24. DEFINE_STACK_OF(SSL_SESSION)
  25. __owur static ossl_inline int sess_timedout(OSSL_TIME t, SSL_SESSION *ss)
  26. {
  27. return ossl_time_compare(t, ss->calc_timeout) > 0;
  28. }
  29. /*
  30. * Returns -1/0/+1 as other XXXcmp-type functions
  31. * Takes calculated timeout into consideration
  32. */
  33. __owur static ossl_inline int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b)
  34. {
  35. return ossl_time_compare(a->calc_timeout, b->calc_timeout);
  36. }
  37. /*
  38. * Calculates effective timeout
  39. * Locking must be done by the caller of this function
  40. */
  41. void ssl_session_calculate_timeout(SSL_SESSION *ss)
  42. {
  43. ss->calc_timeout = ossl_time_add(ss->time, ss->timeout);
  44. }
  45. /*
  46. * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because,
  47. * unlike in earlier protocol versions, the session ticket may not have been
  48. * sent yet even though a handshake has finished. The session ticket data could
  49. * come in sometime later...or even change if multiple session ticket messages
  50. * are sent from the server. The preferred way for applications to obtain
  51. * a resumable session is to use SSL_CTX_sess_set_new_cb().
  52. */
  53. SSL_SESSION *SSL_get_session(const SSL *ssl)
  54. /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
  55. {
  56. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  57. if (sc == NULL)
  58. return NULL;
  59. return sc->session;
  60. }
  61. SSL_SESSION *SSL_get1_session(SSL *ssl)
  62. /* variant of SSL_get_session: caller really gets something */
  63. {
  64. SSL_SESSION *sess;
  65. /*
  66. * Need to lock this all up rather than just use CRYPTO_add so that
  67. * somebody doesn't free ssl->session between when we check it's non-null
  68. * and when we up the reference count.
  69. */
  70. if (!CRYPTO_THREAD_read_lock(ssl->lock))
  71. return NULL;
  72. sess = SSL_get_session(ssl);
  73. if (sess != NULL)
  74. SSL_SESSION_up_ref(sess);
  75. CRYPTO_THREAD_unlock(ssl->lock);
  76. return sess;
  77. }
  78. int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
  79. {
  80. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  81. }
  82. void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
  83. {
  84. return CRYPTO_get_ex_data(&s->ex_data, idx);
  85. }
  86. SSL_SESSION *SSL_SESSION_new(void)
  87. {
  88. SSL_SESSION *ss;
  89. if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
  90. return NULL;
  91. ss = OPENSSL_zalloc(sizeof(*ss));
  92. if (ss == NULL)
  93. return NULL;
  94. ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
  95. /* 5 minute timeout by default */
  96. ss->timeout = ossl_seconds2time(60 * 5 + 4);
  97. ss->time = ossl_time_now();
  98. ssl_session_calculate_timeout(ss);
  99. if (!CRYPTO_NEW_REF(&ss->references, 1)) {
  100. OPENSSL_free(ss);
  101. return NULL;
  102. }
  103. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
  104. CRYPTO_FREE_REF(&ss->references);
  105. OPENSSL_free(ss);
  106. return NULL;
  107. }
  108. return ss;
  109. }
  110. /*
  111. * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
  112. * ticket == 0 then no ticket information is duplicated, otherwise it is.
  113. */
  114. static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
  115. {
  116. SSL_SESSION *dest;
  117. dest = OPENSSL_malloc(sizeof(*dest));
  118. if (dest == NULL)
  119. return NULL;
  120. memcpy(dest, src, sizeof(*dest));
  121. /*
  122. * Set the various pointers to NULL so that we can call SSL_SESSION_free in
  123. * the case of an error whilst halfway through constructing dest
  124. */
  125. #ifndef OPENSSL_NO_PSK
  126. dest->psk_identity_hint = NULL;
  127. dest->psk_identity = NULL;
  128. #endif
  129. dest->ext.hostname = NULL;
  130. dest->ext.tick = NULL;
  131. dest->ext.alpn_selected = NULL;
  132. #ifndef OPENSSL_NO_SRP
  133. dest->srp_username = NULL;
  134. #endif
  135. dest->peer_chain = NULL;
  136. dest->peer = NULL;
  137. dest->peer_rpk = NULL;
  138. dest->ticket_appdata = NULL;
  139. memset(&dest->ex_data, 0, sizeof(dest->ex_data));
  140. /* As the copy is not in the cache, we remove the associated pointers */
  141. dest->prev = NULL;
  142. dest->next = NULL;
  143. dest->owner = NULL;
  144. if (!CRYPTO_NEW_REF(&dest->references, 1)) {
  145. OPENSSL_free(dest);
  146. return NULL;
  147. }
  148. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) {
  149. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  150. goto err;
  151. }
  152. if (src->peer != NULL) {
  153. if (!X509_up_ref(src->peer)) {
  154. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  155. goto err;
  156. }
  157. dest->peer = src->peer;
  158. }
  159. if (src->peer_chain != NULL) {
  160. dest->peer_chain = X509_chain_up_ref(src->peer_chain);
  161. if (dest->peer_chain == NULL) {
  162. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  163. goto err;
  164. }
  165. }
  166. if (src->peer_rpk != NULL) {
  167. if (!EVP_PKEY_up_ref(src->peer_rpk))
  168. goto err;
  169. dest->peer_rpk = src->peer_rpk;
  170. }
  171. #ifndef OPENSSL_NO_PSK
  172. if (src->psk_identity_hint) {
  173. dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
  174. if (dest->psk_identity_hint == NULL)
  175. goto err;
  176. }
  177. if (src->psk_identity) {
  178. dest->psk_identity = OPENSSL_strdup(src->psk_identity);
  179. if (dest->psk_identity == NULL)
  180. goto err;
  181. }
  182. #endif
  183. if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
  184. &dest->ex_data, &src->ex_data)) {
  185. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  186. goto err;
  187. }
  188. if (src->ext.hostname) {
  189. dest->ext.hostname = OPENSSL_strdup(src->ext.hostname);
  190. if (dest->ext.hostname == NULL)
  191. goto err;
  192. }
  193. if (ticket != 0 && src->ext.tick != NULL) {
  194. dest->ext.tick =
  195. OPENSSL_memdup(src->ext.tick, src->ext.ticklen);
  196. if (dest->ext.tick == NULL)
  197. goto err;
  198. } else {
  199. dest->ext.tick_lifetime_hint = 0;
  200. dest->ext.ticklen = 0;
  201. }
  202. if (src->ext.alpn_selected != NULL) {
  203. dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected,
  204. src->ext.alpn_selected_len);
  205. if (dest->ext.alpn_selected == NULL)
  206. goto err;
  207. }
  208. #ifndef OPENSSL_NO_SRP
  209. if (src->srp_username) {
  210. dest->srp_username = OPENSSL_strdup(src->srp_username);
  211. if (dest->srp_username == NULL)
  212. goto err;
  213. }
  214. #endif
  215. if (src->ticket_appdata != NULL) {
  216. dest->ticket_appdata =
  217. OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len);
  218. if (dest->ticket_appdata == NULL)
  219. goto err;
  220. }
  221. return dest;
  222. err:
  223. SSL_SESSION_free(dest);
  224. return NULL;
  225. }
  226. SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
  227. {
  228. return ssl_session_dup_intern(src, 1);
  229. }
  230. /*
  231. * Used internally when duplicating a session which might be already shared.
  232. * We will have resumed the original session. Subsequently we might have marked
  233. * it as non-resumable (e.g. in another thread) - but this copy should be ok to
  234. * resume from.
  235. */
  236. SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
  237. {
  238. SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
  239. if (sess != NULL)
  240. sess->not_resumable = 0;
  241. return sess;
  242. }
  243. const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
  244. {
  245. if (len)
  246. *len = (unsigned int)s->session_id_length;
  247. return s->session_id;
  248. }
  249. const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
  250. unsigned int *len)
  251. {
  252. if (len != NULL)
  253. *len = (unsigned int)s->sid_ctx_length;
  254. return s->sid_ctx;
  255. }
  256. unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
  257. {
  258. return s->compress_meth;
  259. }
  260. /*
  261. * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
  262. * the ID with random junk repeatedly until we have no conflict is going to
  263. * complete in one iteration pretty much "most" of the time (btw:
  264. * understatement). So, if it takes us 10 iterations and we still can't avoid
  265. * a conflict - well that's a reasonable point to call it quits. Either the
  266. * RAND code is broken or someone is trying to open roughly very close to
  267. * 2^256 SSL sessions to our server. How you might store that many sessions
  268. * is perhaps a more interesting question ...
  269. */
  270. #define MAX_SESS_ID_ATTEMPTS 10
  271. static int def_generate_session_id(SSL *ssl, unsigned char *id,
  272. unsigned int *id_len)
  273. {
  274. unsigned int retry = 0;
  275. do {
  276. if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0)
  277. return 0;
  278. #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  279. if (retry > 0) {
  280. id[0]++;
  281. }
  282. #endif
  283. } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
  284. (++retry < MAX_SESS_ID_ATTEMPTS)) ;
  285. if (retry < MAX_SESS_ID_ATTEMPTS)
  286. return 1;
  287. /* else - woops a session_id match */
  288. /*
  289. * XXX We should also check the external cache -- but the probability of
  290. * a collision is negligible, and we could not prevent the concurrent
  291. * creation of sessions with identical IDs since we currently don't have
  292. * means to atomically check whether a session ID already exists and make
  293. * a reservation for it if it does not (this problem applies to the
  294. * internal cache as well).
  295. */
  296. return 0;
  297. }
  298. int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss)
  299. {
  300. unsigned int tmp;
  301. GEN_SESSION_CB cb = def_generate_session_id;
  302. SSL *ssl = SSL_CONNECTION_GET_SSL(s);
  303. switch (s->version) {
  304. case SSL3_VERSION:
  305. case TLS1_VERSION:
  306. case TLS1_1_VERSION:
  307. case TLS1_2_VERSION:
  308. case TLS1_3_VERSION:
  309. case DTLS1_BAD_VER:
  310. case DTLS1_VERSION:
  311. case DTLS1_2_VERSION:
  312. case DTLS1_3_VERSION:
  313. ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
  314. break;
  315. default:
  316. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNSUPPORTED_SSL_VERSION);
  317. return 0;
  318. }
  319. /*-
  320. * If RFC5077 ticket, use empty session ID (as server).
  321. * Note that:
  322. * (a) ssl_get_prev_session() does lookahead into the
  323. * ClientHello extensions to find the session ticket.
  324. * When ssl_get_prev_session() fails, statem_srvr.c calls
  325. * ssl_get_new_session() in tls_process_client_hello().
  326. * At that point, it has not yet parsed the extensions,
  327. * however, because of the lookahead, it already knows
  328. * whether a ticket is expected or not.
  329. *
  330. * (b) statem_clnt.c calls ssl_get_new_session() before parsing
  331. * ServerHello extensions, and before recording the session
  332. * ID received from the server, so this block is a noop.
  333. */
  334. if (s->ext.ticket_expected) {
  335. ss->session_id_length = 0;
  336. return 1;
  337. }
  338. /* Choose which callback will set the session ID */
  339. if (!CRYPTO_THREAD_read_lock(SSL_CONNECTION_GET_SSL(s)->lock))
  340. return 0;
  341. if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) {
  342. CRYPTO_THREAD_unlock(ssl->lock);
  343. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  344. SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
  345. return 0;
  346. }
  347. if (s->generate_session_id)
  348. cb = s->generate_session_id;
  349. else if (s->session_ctx->generate_session_id)
  350. cb = s->session_ctx->generate_session_id;
  351. CRYPTO_THREAD_unlock(s->session_ctx->lock);
  352. CRYPTO_THREAD_unlock(ssl->lock);
  353. /* Choose a session ID */
  354. memset(ss->session_id, 0, ss->session_id_length);
  355. tmp = (int)ss->session_id_length;
  356. if (!cb(ssl, ss->session_id, &tmp)) {
  357. /* The callback failed */
  358. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  359. SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
  360. return 0;
  361. }
  362. /*
  363. * Don't allow the callback to set the session length to zero. nor
  364. * set it higher than it was.
  365. */
  366. if (tmp == 0 || tmp > ss->session_id_length) {
  367. /* The callback set an illegal length */
  368. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  369. SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
  370. return 0;
  371. }
  372. ss->session_id_length = tmp;
  373. /* Finally, check for a conflict */
  374. if (SSL_has_matching_session_id(ssl, ss->session_id,
  375. (unsigned int)ss->session_id_length)) {
  376. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT);
  377. return 0;
  378. }
  379. return 1;
  380. }
  381. int ssl_get_new_session(SSL_CONNECTION *s, int session)
  382. {
  383. /* This gets used by clients and servers. */
  384. SSL_SESSION *ss = NULL;
  385. if ((ss = SSL_SESSION_new()) == NULL) {
  386. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB);
  387. return 0;
  388. }
  389. /* If the context has a default timeout, use it */
  390. if (ossl_time_is_zero(s->session_ctx->session_timeout))
  391. ss->timeout = SSL_CONNECTION_GET_SSL(s)->method->get_timeout();
  392. else
  393. ss->timeout = s->session_ctx->session_timeout;
  394. ssl_session_calculate_timeout(ss);
  395. SSL_SESSION_free(s->session);
  396. s->session = NULL;
  397. if (session) {
  398. if (SSL_CONNECTION_IS_VERSION13(s)) {
  399. /*
  400. * We generate the session id while constructing the
  401. * NewSessionTicket in TLSv1.3.
  402. */
  403. ss->session_id_length = 0;
  404. } else if (!ssl_generate_session_id(s, ss)) {
  405. /* SSLfatal() already called */
  406. SSL_SESSION_free(ss);
  407. return 0;
  408. }
  409. } else {
  410. ss->session_id_length = 0;
  411. }
  412. if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
  413. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  414. SSL_SESSION_free(ss);
  415. return 0;
  416. }
  417. memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
  418. ss->sid_ctx_length = s->sid_ctx_length;
  419. s->session = ss;
  420. ss->ssl_version = s->version;
  421. ss->verify_result = X509_V_OK;
  422. /* If client supports extended master secret set it in session */
  423. if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)
  424. ss->flags |= SSL_SESS_FLAG_EXTMS;
  425. return 1;
  426. }
  427. SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
  428. const unsigned char *sess_id,
  429. size_t sess_id_len)
  430. {
  431. SSL_SESSION *ret = NULL;
  432. if ((s->session_ctx->session_cache_mode
  433. & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) {
  434. SSL_SESSION data;
  435. data.ssl_version = s->version;
  436. if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH))
  437. return NULL;
  438. memcpy(data.session_id, sess_id, sess_id_len);
  439. data.session_id_length = sess_id_len;
  440. if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock))
  441. return NULL;
  442. ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
  443. if (ret != NULL) {
  444. /* don't allow other threads to steal it: */
  445. SSL_SESSION_up_ref(ret);
  446. }
  447. CRYPTO_THREAD_unlock(s->session_ctx->lock);
  448. if (ret == NULL)
  449. ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_miss);
  450. }
  451. if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
  452. int copy = 1;
  453. ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_SSL(s),
  454. sess_id, sess_id_len, &copy);
  455. if (ret != NULL) {
  456. if (ret->not_resumable) {
  457. /* If its not resumable then ignore this session */
  458. if (!copy)
  459. SSL_SESSION_free(ret);
  460. return NULL;
  461. }
  462. ssl_tsan_counter(s->session_ctx,
  463. &s->session_ctx->stats.sess_cb_hit);
  464. /*
  465. * Increment reference count now if the session callback asks us
  466. * to do so (note that if the session structures returned by the
  467. * callback are shared between threads, it must handle the
  468. * reference count itself [i.e. copy == 0], or things won't be
  469. * thread-safe).
  470. */
  471. if (copy)
  472. SSL_SESSION_up_ref(ret);
  473. /*
  474. * Add the externally cached session to the internal cache as
  475. * well if and only if we are supposed to.
  476. */
  477. if ((s->session_ctx->session_cache_mode &
  478. SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) {
  479. /*
  480. * Either return value of SSL_CTX_add_session should not
  481. * interrupt the session resumption process. The return
  482. * value is intentionally ignored.
  483. */
  484. (void)SSL_CTX_add_session(s->session_ctx, ret);
  485. }
  486. }
  487. }
  488. return ret;
  489. }
  490. /*-
  491. * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
  492. * connection. It is only called by servers.
  493. *
  494. * hello: The parsed ClientHello data
  495. *
  496. * Returns:
  497. * -1: fatal error
  498. * 0: no session found
  499. * 1: a session may have been found.
  500. *
  501. * Side effects:
  502. * - If a session is found then s->session is pointed at it (after freeing an
  503. * existing session if need be) and s->verify_result is set from the session.
  504. * - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
  505. * if the server should issue a new session ticket (to 0 otherwise).
  506. */
  507. int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello)
  508. {
  509. /* This is used only by servers. */
  510. SSL_SESSION *ret = NULL;
  511. int fatal = 0;
  512. int try_session_cache = 0;
  513. SSL_TICKET_STATUS r;
  514. if (SSL_CONNECTION_IS_VERSION13(s)) {
  515. /*
  516. * By default we will send a new ticket. This can be overridden in the
  517. * ticket processing.
  518. */
  519. s->ext.ticket_expected = 1;
  520. if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
  521. SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
  522. NULL, 0)
  523. || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO,
  524. hello->pre_proc_exts, NULL, 0))
  525. return -1;
  526. ret = s->session;
  527. } else {
  528. /* sets s->ext.ticket_expected */
  529. r = tls_get_ticket_from_client(s, hello, &ret);
  530. switch (r) {
  531. case SSL_TICKET_FATAL_ERR_MALLOC:
  532. case SSL_TICKET_FATAL_ERR_OTHER:
  533. fatal = 1;
  534. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  535. goto err;
  536. case SSL_TICKET_NONE:
  537. case SSL_TICKET_EMPTY:
  538. if (hello->session_id_len > 0) {
  539. try_session_cache = 1;
  540. ret = lookup_sess_in_cache(s, hello->session_id,
  541. hello->session_id_len);
  542. }
  543. break;
  544. case SSL_TICKET_NO_DECRYPT:
  545. case SSL_TICKET_SUCCESS:
  546. case SSL_TICKET_SUCCESS_RENEW:
  547. break;
  548. }
  549. }
  550. if (ret == NULL)
  551. goto err;
  552. /* Now ret is non-NULL and we own one of its reference counts. */
  553. /* Check TLS version consistency */
  554. if (ret->ssl_version != s->version)
  555. goto err;
  556. if (ret->sid_ctx_length != s->sid_ctx_length
  557. || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
  558. /*
  559. * We have the session requested by the client, but we don't want to
  560. * use it in this context.
  561. */
  562. goto err; /* treat like cache miss */
  563. }
  564. if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
  565. /*
  566. * We can't be sure if this session is being used out of context,
  567. * which is especially important for SSL_VERIFY_PEER. The application
  568. * should have used SSL[_CTX]_set_session_id_context. For this error
  569. * case, we generate an error instead of treating the event like a
  570. * cache miss (otherwise it would be easy for applications to
  571. * effectively disable the session cache by accident without anyone
  572. * noticing).
  573. */
  574. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  575. SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
  576. fatal = 1;
  577. goto err;
  578. }
  579. if (sess_timedout(ossl_time_now(), ret)) {
  580. ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_timeout);
  581. if (try_session_cache) {
  582. /* session was from the cache, so remove it */
  583. SSL_CTX_remove_session(s->session_ctx, ret);
  584. }
  585. goto err;
  586. }
  587. /* Check extended master secret extension consistency */
  588. if (ret->flags & SSL_SESS_FLAG_EXTMS) {
  589. /* If old session includes extms, but new does not: abort handshake */
  590. if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
  591. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS);
  592. fatal = 1;
  593. goto err;
  594. }
  595. } else if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
  596. /* If new session includes extms, but old does not: do not resume */
  597. goto err;
  598. }
  599. if (!SSL_CONNECTION_IS_VERSION13(s)) {
  600. /* We already did this for (D)TLS1.3 */
  601. SSL_SESSION_free(s->session);
  602. s->session = ret;
  603. }
  604. ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_hit);
  605. s->verify_result = s->session->verify_result;
  606. return 1;
  607. err:
  608. if (ret != NULL) {
  609. SSL_SESSION_free(ret);
  610. /* In (D)TLSv1.3 s->session was already set to ret, so we NULL it out */
  611. if (SSL_CONNECTION_IS_VERSION13(s))
  612. s->session = NULL;
  613. if (!try_session_cache) {
  614. /*
  615. * The session was from a ticket, so we should issue a ticket for
  616. * the new session
  617. */
  618. s->ext.ticket_expected = 1;
  619. }
  620. }
  621. if (fatal)
  622. return -1;
  623. return 0;
  624. }
  625. int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
  626. {
  627. int ret = 0;
  628. SSL_SESSION *s;
  629. /*
  630. * add just 1 reference count for the SSL_CTX's session cache even though
  631. * it has two ways of access: each session is in a doubly linked list and
  632. * an lhash
  633. */
  634. SSL_SESSION_up_ref(c);
  635. /*
  636. * if session c is in already in cache, we take back the increment later
  637. */
  638. if (!CRYPTO_THREAD_write_lock(ctx->lock)) {
  639. SSL_SESSION_free(c);
  640. return 0;
  641. }
  642. s = lh_SSL_SESSION_insert(ctx->sessions, c);
  643. /*
  644. * s != NULL iff we already had a session with the given PID. In this
  645. * case, s == c should hold (then we did not really modify
  646. * ctx->sessions), or we're in trouble.
  647. */
  648. if (s != NULL && s != c) {
  649. /* We *are* in trouble ... */
  650. SSL_SESSION_list_remove(ctx, s);
  651. SSL_SESSION_free(s);
  652. /*
  653. * ... so pretend the other session did not exist in cache (we cannot
  654. * handle two SSL_SESSION structures with identical session ID in the
  655. * same cache, which could happen e.g. when two threads concurrently
  656. * obtain the same session from an external cache)
  657. */
  658. s = NULL;
  659. } else if (s == NULL &&
  660. lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
  661. /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
  662. /*
  663. * ... so take back the extra reference and also don't add
  664. * the session to the SSL_SESSION_list at this time
  665. */
  666. s = c;
  667. }
  668. /* Adjust last used time, and add back into the cache at the appropriate spot */
  669. if (ctx->session_cache_mode & SSL_SESS_CACHE_UPDATE_TIME) {
  670. c->time = ossl_time_now();
  671. ssl_session_calculate_timeout(c);
  672. }
  673. if (s == NULL) {
  674. /*
  675. * new cache entry -- remove old ones if cache has become too large
  676. * delete cache entry *before* add, so we don't remove the one we're adding!
  677. */
  678. ret = 1;
  679. if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
  680. while (SSL_CTX_sess_number(ctx) >= SSL_CTX_sess_get_cache_size(ctx)) {
  681. if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
  682. break;
  683. else
  684. ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full);
  685. }
  686. }
  687. }
  688. SSL_SESSION_list_add(ctx, c);
  689. if (s != NULL) {
  690. /*
  691. * existing cache entry -- decrement previously incremented reference
  692. * count because it already takes into account the cache
  693. */
  694. SSL_SESSION_free(s); /* s == c */
  695. ret = 0;
  696. }
  697. CRYPTO_THREAD_unlock(ctx->lock);
  698. return ret;
  699. }
  700. int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
  701. {
  702. return remove_session_lock(ctx, c, 1);
  703. }
  704. static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
  705. {
  706. SSL_SESSION *r;
  707. int ret = 0;
  708. if ((c != NULL) && (c->session_id_length != 0)) {
  709. if (lck) {
  710. if (!CRYPTO_THREAD_write_lock(ctx->lock))
  711. return 0;
  712. }
  713. if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
  714. ret = 1;
  715. r = lh_SSL_SESSION_delete(ctx->sessions, r);
  716. SSL_SESSION_list_remove(ctx, r);
  717. }
  718. c->not_resumable = 1;
  719. if (lck)
  720. CRYPTO_THREAD_unlock(ctx->lock);
  721. if (ctx->remove_session_cb != NULL)
  722. ctx->remove_session_cb(ctx, c);
  723. if (ret)
  724. SSL_SESSION_free(r);
  725. }
  726. return ret;
  727. }
  728. void SSL_SESSION_free(SSL_SESSION *ss)
  729. {
  730. int i;
  731. if (ss == NULL)
  732. return;
  733. CRYPTO_DOWN_REF(&ss->references, &i);
  734. REF_PRINT_COUNT("SSL_SESSION", ss);
  735. if (i > 0)
  736. return;
  737. REF_ASSERT_ISNT(i < 0);
  738. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
  739. OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
  740. OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
  741. X509_free(ss->peer);
  742. EVP_PKEY_free(ss->peer_rpk);
  743. OSSL_STACK_OF_X509_free(ss->peer_chain);
  744. OPENSSL_free(ss->ext.hostname);
  745. OPENSSL_free(ss->ext.tick);
  746. #ifndef OPENSSL_NO_PSK
  747. OPENSSL_free(ss->psk_identity_hint);
  748. OPENSSL_free(ss->psk_identity);
  749. #endif
  750. #ifndef OPENSSL_NO_SRP
  751. OPENSSL_free(ss->srp_username);
  752. #endif
  753. OPENSSL_free(ss->ext.alpn_selected);
  754. OPENSSL_free(ss->ticket_appdata);
  755. CRYPTO_FREE_REF(&ss->references);
  756. OPENSSL_clear_free(ss, sizeof(*ss));
  757. }
  758. int SSL_SESSION_up_ref(SSL_SESSION *ss)
  759. {
  760. int i;
  761. if (CRYPTO_UP_REF(&ss->references, &i) <= 0)
  762. return 0;
  763. REF_PRINT_COUNT("SSL_SESSION", ss);
  764. REF_ASSERT_ISNT(i < 2);
  765. return ((i > 1) ? 1 : 0);
  766. }
  767. int SSL_set_session(SSL *s, SSL_SESSION *session)
  768. {
  769. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  770. if (sc == NULL)
  771. return 0;
  772. ssl_clear_bad_session(sc);
  773. if (s->defltmeth != s->method) {
  774. if (!SSL_set_ssl_method(s, s->defltmeth))
  775. return 0;
  776. }
  777. if (session != NULL) {
  778. SSL_SESSION_up_ref(session);
  779. sc->verify_result = session->verify_result;
  780. }
  781. SSL_SESSION_free(sc->session);
  782. sc->session = session;
  783. return 1;
  784. }
  785. int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
  786. unsigned int sid_len)
  787. {
  788. if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
  789. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG);
  790. return 0;
  791. }
  792. s->session_id_length = sid_len;
  793. if (sid != s->session_id)
  794. memcpy(s->session_id, sid, sid_len);
  795. return 1;
  796. }
  797. long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
  798. {
  799. OSSL_TIME new_timeout = ossl_seconds2time(t);
  800. if (s == NULL || t < 0)
  801. return 0;
  802. if (s->owner != NULL) {
  803. if (!CRYPTO_THREAD_write_lock(s->owner->lock))
  804. return 0;
  805. s->timeout = new_timeout;
  806. ssl_session_calculate_timeout(s);
  807. SSL_SESSION_list_add(s->owner, s);
  808. CRYPTO_THREAD_unlock(s->owner->lock);
  809. } else {
  810. s->timeout = new_timeout;
  811. ssl_session_calculate_timeout(s);
  812. }
  813. return 1;
  814. }
  815. long SSL_SESSION_get_timeout(const SSL_SESSION *s)
  816. {
  817. if (s == NULL)
  818. return 0;
  819. return (long)ossl_time_to_time_t(s->timeout);
  820. }
  821. long SSL_SESSION_get_time(const SSL_SESSION *s)
  822. {
  823. return (long) SSL_SESSION_get_time_ex(s);
  824. }
  825. time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s)
  826. {
  827. if (s == NULL)
  828. return 0;
  829. return ossl_time_to_time_t(s->time);
  830. }
  831. time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t t)
  832. {
  833. OSSL_TIME new_time = ossl_time_from_time_t(t);
  834. if (s == NULL)
  835. return 0;
  836. if (s->owner != NULL) {
  837. if (!CRYPTO_THREAD_write_lock(s->owner->lock))
  838. return 0;
  839. s->time = new_time;
  840. ssl_session_calculate_timeout(s);
  841. SSL_SESSION_list_add(s->owner, s);
  842. CRYPTO_THREAD_unlock(s->owner->lock);
  843. } else {
  844. s->time = new_time;
  845. ssl_session_calculate_timeout(s);
  846. }
  847. return t;
  848. }
  849. long SSL_SESSION_set_time(SSL_SESSION *s, long t)
  850. {
  851. return (long) SSL_SESSION_set_time_ex(s, (time_t) t);
  852. }
  853. int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
  854. {
  855. return s->ssl_version;
  856. }
  857. int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
  858. {
  859. s->ssl_version = version;
  860. return 1;
  861. }
  862. const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
  863. {
  864. return s->cipher;
  865. }
  866. int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher)
  867. {
  868. s->cipher = cipher;
  869. return 1;
  870. }
  871. const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
  872. {
  873. return s->ext.hostname;
  874. }
  875. int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
  876. {
  877. OPENSSL_free(s->ext.hostname);
  878. if (hostname == NULL) {
  879. s->ext.hostname = NULL;
  880. return 1;
  881. }
  882. s->ext.hostname = OPENSSL_strdup(hostname);
  883. return s->ext.hostname != NULL;
  884. }
  885. int SSL_SESSION_has_ticket(const SSL_SESSION *s)
  886. {
  887. return (s->ext.ticklen > 0) ? 1 : 0;
  888. }
  889. unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
  890. {
  891. return s->ext.tick_lifetime_hint;
  892. }
  893. void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
  894. size_t *len)
  895. {
  896. *len = s->ext.ticklen;
  897. if (tick != NULL)
  898. *tick = s->ext.tick;
  899. }
  900. uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
  901. {
  902. return s->ext.max_early_data;
  903. }
  904. int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
  905. {
  906. s->ext.max_early_data = max_early_data;
  907. return 1;
  908. }
  909. void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
  910. const unsigned char **alpn,
  911. size_t *len)
  912. {
  913. *alpn = s->ext.alpn_selected;
  914. *len = s->ext.alpn_selected_len;
  915. }
  916. int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
  917. size_t len)
  918. {
  919. OPENSSL_free(s->ext.alpn_selected);
  920. if (alpn == NULL || len == 0) {
  921. s->ext.alpn_selected = NULL;
  922. s->ext.alpn_selected_len = 0;
  923. return 1;
  924. }
  925. s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
  926. if (s->ext.alpn_selected == NULL) {
  927. s->ext.alpn_selected_len = 0;
  928. return 0;
  929. }
  930. s->ext.alpn_selected_len = len;
  931. return 1;
  932. }
  933. X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
  934. {
  935. return s->peer;
  936. }
  937. EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s)
  938. {
  939. return s->peer_rpk;
  940. }
  941. int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
  942. unsigned int sid_ctx_len)
  943. {
  944. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  945. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  946. return 0;
  947. }
  948. s->sid_ctx_length = sid_ctx_len;
  949. if (sid_ctx != s->sid_ctx)
  950. memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
  951. return 1;
  952. }
  953. int SSL_SESSION_is_resumable(const SSL_SESSION *s)
  954. {
  955. /*
  956. * In the case of EAP-FAST, we can have a pre-shared "ticket" without a
  957. * session ID.
  958. */
  959. return !s->not_resumable
  960. && (s->session_id_length > 0 || s->ext.ticklen > 0);
  961. }
  962. long SSL_CTX_set_timeout(SSL_CTX *s, long t)
  963. {
  964. long l;
  965. if (s == NULL)
  966. return 0;
  967. l = (long)ossl_time2seconds(s->session_timeout);
  968. s->session_timeout = ossl_seconds2time(t);
  969. return l;
  970. }
  971. long SSL_CTX_get_timeout(const SSL_CTX *s)
  972. {
  973. if (s == NULL)
  974. return 0;
  975. return (long)ossl_time2seconds(s->session_timeout);
  976. }
  977. int SSL_set_session_secret_cb(SSL *s,
  978. tls_session_secret_cb_fn tls_session_secret_cb,
  979. void *arg)
  980. {
  981. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  982. if (sc == NULL)
  983. return 0;
  984. sc->ext.session_secret_cb = tls_session_secret_cb;
  985. sc->ext.session_secret_cb_arg = arg;
  986. return 1;
  987. }
  988. int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
  989. void *arg)
  990. {
  991. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  992. if (sc == NULL)
  993. return 0;
  994. sc->ext.session_ticket_cb = cb;
  995. sc->ext.session_ticket_cb_arg = arg;
  996. return 1;
  997. }
  998. int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
  999. {
  1000. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1001. if (sc == NULL)
  1002. return 0;
  1003. if (sc->version >= TLS1_VERSION) {
  1004. OPENSSL_free(sc->ext.session_ticket);
  1005. sc->ext.session_ticket = NULL;
  1006. sc->ext.session_ticket =
  1007. OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
  1008. if (sc->ext.session_ticket == NULL)
  1009. return 0;
  1010. if (ext_data != NULL) {
  1011. sc->ext.session_ticket->length = ext_len;
  1012. sc->ext.session_ticket->data = sc->ext.session_ticket + 1;
  1013. memcpy(sc->ext.session_ticket->data, ext_data, ext_len);
  1014. } else {
  1015. sc->ext.session_ticket->length = 0;
  1016. sc->ext.session_ticket->data = NULL;
  1017. }
  1018. return 1;
  1019. }
  1020. return 0;
  1021. }
  1022. void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
  1023. {
  1024. STACK_OF(SSL_SESSION) *sk;
  1025. SSL_SESSION *current;
  1026. unsigned long i;
  1027. const OSSL_TIME timeout = ossl_time_from_time_t(t);
  1028. if (!CRYPTO_THREAD_write_lock(s->lock))
  1029. return;
  1030. sk = sk_SSL_SESSION_new_null();
  1031. i = lh_SSL_SESSION_get_down_load(s->sessions);
  1032. lh_SSL_SESSION_set_down_load(s->sessions, 0);
  1033. /*
  1034. * Iterate over the list from the back (oldest), and stop
  1035. * when a session can no longer be removed.
  1036. * Add the session to a temporary list to be freed outside
  1037. * the SSL_CTX lock.
  1038. * But still do the remove_session_cb() within the lock.
  1039. */
  1040. while (s->session_cache_tail != NULL) {
  1041. current = s->session_cache_tail;
  1042. if (t == 0 || sess_timedout(timeout, current)) {
  1043. lh_SSL_SESSION_delete(s->sessions, current);
  1044. SSL_SESSION_list_remove(s, current);
  1045. current->not_resumable = 1;
  1046. if (s->remove_session_cb != NULL)
  1047. s->remove_session_cb(s, current);
  1048. /*
  1049. * Throw the session on a stack, it's entirely plausible
  1050. * that while freeing outside the critical section, the
  1051. * session could be re-added, so avoid using the next/prev
  1052. * pointers. If the stack failed to create, or the session
  1053. * couldn't be put on the stack, just free it here
  1054. */
  1055. if (sk == NULL || !sk_SSL_SESSION_push(sk, current))
  1056. SSL_SESSION_free(current);
  1057. } else {
  1058. break;
  1059. }
  1060. }
  1061. lh_SSL_SESSION_set_down_load(s->sessions, i);
  1062. CRYPTO_THREAD_unlock(s->lock);
  1063. sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free);
  1064. }
  1065. int ssl_clear_bad_session(SSL_CONNECTION *s)
  1066. {
  1067. if ((s->session != NULL) &&
  1068. !(s->shutdown & SSL_SENT_SHUTDOWN) &&
  1069. !(SSL_in_init(SSL_CONNECTION_GET_SSL(s))
  1070. || SSL_in_before(SSL_CONNECTION_GET_SSL(s)))) {
  1071. SSL_CTX_remove_session(s->session_ctx, s->session);
  1072. return 1;
  1073. } else
  1074. return 0;
  1075. }
  1076. /* locked by SSL_CTX in the calling function */
  1077. static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
  1078. {
  1079. if ((s->next == NULL) || (s->prev == NULL))
  1080. return;
  1081. if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
  1082. /* last element in list */
  1083. if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
  1084. /* only one element in list */
  1085. ctx->session_cache_head = NULL;
  1086. ctx->session_cache_tail = NULL;
  1087. } else {
  1088. ctx->session_cache_tail = s->prev;
  1089. s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
  1090. }
  1091. } else {
  1092. if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
  1093. /* first element in list */
  1094. ctx->session_cache_head = s->next;
  1095. s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
  1096. } else {
  1097. /* middle of list */
  1098. s->next->prev = s->prev;
  1099. s->prev->next = s->next;
  1100. }
  1101. }
  1102. s->prev = s->next = NULL;
  1103. s->owner = NULL;
  1104. }
  1105. static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
  1106. {
  1107. SSL_SESSION *next;
  1108. if ((s->next != NULL) && (s->prev != NULL))
  1109. SSL_SESSION_list_remove(ctx, s);
  1110. if (ctx->session_cache_head == NULL) {
  1111. ctx->session_cache_head = s;
  1112. ctx->session_cache_tail = s;
  1113. s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
  1114. s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
  1115. } else {
  1116. if (timeoutcmp(s, ctx->session_cache_head) >= 0) {
  1117. /*
  1118. * if we timeout after (or the same time as) the first
  1119. * session, put us first - usual case
  1120. */
  1121. s->next = ctx->session_cache_head;
  1122. s->next->prev = s;
  1123. s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
  1124. ctx->session_cache_head = s;
  1125. } else if (timeoutcmp(s, ctx->session_cache_tail) < 0) {
  1126. /* if we timeout before the last session, put us last */
  1127. s->prev = ctx->session_cache_tail;
  1128. s->prev->next = s;
  1129. s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
  1130. ctx->session_cache_tail = s;
  1131. } else {
  1132. /*
  1133. * we timeout somewhere in-between - if there is only
  1134. * one session in the cache it will be caught above
  1135. */
  1136. next = ctx->session_cache_head->next;
  1137. while (next != (SSL_SESSION*)&(ctx->session_cache_tail)) {
  1138. if (timeoutcmp(s, next) >= 0) {
  1139. s->next = next;
  1140. s->prev = next->prev;
  1141. next->prev->next = s;
  1142. next->prev = s;
  1143. break;
  1144. }
  1145. next = next->next;
  1146. }
  1147. }
  1148. }
  1149. s->owner = ctx;
  1150. }
  1151. void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
  1152. int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
  1153. {
  1154. ctx->new_session_cb = cb;
  1155. }
  1156. int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
  1157. return ctx->new_session_cb;
  1158. }
  1159. void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
  1160. void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
  1161. {
  1162. ctx->remove_session_cb = cb;
  1163. }
  1164. void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
  1165. SSL_SESSION *sess) {
  1166. return ctx->remove_session_cb;
  1167. }
  1168. void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
  1169. SSL_SESSION *(*cb) (SSL *ssl,
  1170. const unsigned char *data,
  1171. int len, int *copy))
  1172. {
  1173. ctx->get_session_cb = cb;
  1174. }
  1175. SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
  1176. const unsigned char
  1177. *data, int len,
  1178. int *copy) {
  1179. return ctx->get_session_cb;
  1180. }
  1181. void SSL_CTX_set_info_callback(SSL_CTX *ctx,
  1182. void (*cb) (const SSL *ssl, int type, int val))
  1183. {
  1184. ctx->info_callback = cb;
  1185. }
  1186. void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
  1187. int val) {
  1188. return ctx->info_callback;
  1189. }
  1190. void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
  1191. int (*cb) (SSL *ssl, X509 **x509,
  1192. EVP_PKEY **pkey))
  1193. {
  1194. ctx->client_cert_cb = cb;
  1195. }
  1196. int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
  1197. EVP_PKEY **pkey) {
  1198. return ctx->client_cert_cb;
  1199. }
  1200. void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
  1201. int (*cb) (SSL *ssl,
  1202. unsigned char *cookie,
  1203. unsigned int *cookie_len))
  1204. {
  1205. ctx->app_gen_cookie_cb = cb;
  1206. }
  1207. void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
  1208. int (*cb) (SSL *ssl,
  1209. const unsigned char *cookie,
  1210. unsigned int cookie_len))
  1211. {
  1212. ctx->app_verify_cookie_cb = cb;
  1213. }
  1214. int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len)
  1215. {
  1216. OPENSSL_free(ss->ticket_appdata);
  1217. ss->ticket_appdata_len = 0;
  1218. if (data == NULL || len == 0) {
  1219. ss->ticket_appdata = NULL;
  1220. return 1;
  1221. }
  1222. ss->ticket_appdata = OPENSSL_memdup(data, len);
  1223. if (ss->ticket_appdata != NULL) {
  1224. ss->ticket_appdata_len = len;
  1225. return 1;
  1226. }
  1227. return 0;
  1228. }
  1229. int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len)
  1230. {
  1231. *data = ss->ticket_appdata;
  1232. *len = ss->ticket_appdata_len;
  1233. return 1;
  1234. }
  1235. void SSL_CTX_set_stateless_cookie_generate_cb(
  1236. SSL_CTX *ctx,
  1237. int (*cb) (SSL *ssl,
  1238. unsigned char *cookie,
  1239. size_t *cookie_len))
  1240. {
  1241. ctx->gen_stateless_cookie_cb = cb;
  1242. }
  1243. void SSL_CTX_set_stateless_cookie_verify_cb(
  1244. SSL_CTX *ctx,
  1245. int (*cb) (SSL *ssl,
  1246. const unsigned char *cookie,
  1247. size_t cookie_len))
  1248. {
  1249. ctx->verify_stateless_cookie_cb = cb;
  1250. }
  1251. IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)