ssl_sess.c 42 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442
  1. /*
  2. * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright 2005 Nokia. All rights reserved.
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. #if defined(__TANDEM) && defined(_SPT_MODEL_)
  11. # include <spthread.h>
  12. # include <spt_extensions.h> /* timeval */
  13. #endif
  14. #include <stdio.h>
  15. #include <openssl/rand.h>
  16. #include <openssl/engine.h>
  17. #include "internal/refcount.h"
  18. #include "internal/cryptlib.h"
  19. #include "ssl_local.h"
  20. #include "statem/statem_local.h"
  21. static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
  22. static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
  23. static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
  24. DEFINE_STACK_OF(SSL_SESSION)
  25. __owur static ossl_inline int sess_timedout(OSSL_TIME t, SSL_SESSION *ss)
  26. {
  27. return ossl_time_compare(t, ss->calc_timeout) > 0;
  28. }
  29. /*
  30. * Returns -1/0/+1 as other XXXcmp-type functions
  31. * Takes calculated timeout into consideration
  32. */
  33. __owur static ossl_inline int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b)
  34. {
  35. return ossl_time_compare(a->calc_timeout, b->calc_timeout);
  36. }
  37. /*
  38. * Calculates effective timeout
  39. * Locking must be done by the caller of this function
  40. */
  41. void ssl_session_calculate_timeout(SSL_SESSION *ss)
  42. {
  43. ss->calc_timeout = ossl_time_add(ss->time, ss->timeout);
  44. }
  45. /*
  46. * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because,
  47. * unlike in earlier protocol versions, the session ticket may not have been
  48. * sent yet even though a handshake has finished. The session ticket data could
  49. * come in sometime later...or even change if multiple session ticket messages
  50. * are sent from the server. The preferred way for applications to obtain
  51. * a resumable session is to use SSL_CTX_sess_set_new_cb().
  52. */
  53. SSL_SESSION *SSL_get_session(const SSL *ssl)
  54. /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
  55. {
  56. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  57. if (sc == NULL)
  58. return NULL;
  59. return sc->session;
  60. }
  61. SSL_SESSION *SSL_get1_session(SSL *ssl)
  62. /* variant of SSL_get_session: caller really gets something */
  63. {
  64. SSL_SESSION *sess;
  65. /*
  66. * Need to lock this all up rather than just use CRYPTO_add so that
  67. * somebody doesn't free ssl->session between when we check it's non-null
  68. * and when we up the reference count.
  69. */
  70. if (!CRYPTO_THREAD_read_lock(ssl->lock))
  71. return NULL;
  72. sess = SSL_get_session(ssl);
  73. if (sess != NULL)
  74. SSL_SESSION_up_ref(sess);
  75. CRYPTO_THREAD_unlock(ssl->lock);
  76. return sess;
  77. }
  78. int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
  79. {
  80. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  81. }
  82. void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
  83. {
  84. return CRYPTO_get_ex_data(&s->ex_data, idx);
  85. }
  86. SSL_SESSION *SSL_SESSION_new(void)
  87. {
  88. SSL_SESSION *ss;
  89. if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
  90. return NULL;
  91. ss = OPENSSL_zalloc(sizeof(*ss));
  92. if (ss == NULL)
  93. return NULL;
  94. ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
  95. /* 5 minute timeout by default */
  96. ss->timeout = ossl_seconds2time(60 * 5 + 4);
  97. ss->time = ossl_time_now();
  98. ssl_session_calculate_timeout(ss);
  99. if (!CRYPTO_NEW_REF(&ss->references, 1)) {
  100. OPENSSL_free(ss);
  101. return NULL;
  102. }
  103. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
  104. CRYPTO_FREE_REF(&ss->references);
  105. OPENSSL_free(ss);
  106. return NULL;
  107. }
  108. return ss;
  109. }
  110. /*
  111. * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
  112. * ticket == 0 then no ticket information is duplicated, otherwise it is.
  113. */
  114. static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
  115. {
  116. SSL_SESSION *dest;
  117. dest = OPENSSL_malloc(sizeof(*dest));
  118. if (dest == NULL)
  119. return NULL;
  120. memcpy(dest, src, sizeof(*dest));
  121. /*
  122. * Set the various pointers to NULL so that we can call SSL_SESSION_free in
  123. * the case of an error whilst halfway through constructing dest
  124. */
  125. #ifndef OPENSSL_NO_PSK
  126. dest->psk_identity_hint = NULL;
  127. dest->psk_identity = NULL;
  128. #endif
  129. dest->ext.hostname = NULL;
  130. dest->ext.tick = NULL;
  131. dest->ext.alpn_selected = NULL;
  132. #ifndef OPENSSL_NO_SRP
  133. dest->srp_username = NULL;
  134. #endif
  135. dest->peer_chain = NULL;
  136. dest->peer = NULL;
  137. dest->peer_rpk = NULL;
  138. dest->ticket_appdata = NULL;
  139. memset(&dest->ex_data, 0, sizeof(dest->ex_data));
  140. /* As the copy is not in the cache, we remove the associated pointers */
  141. dest->prev = NULL;
  142. dest->next = NULL;
  143. dest->owner = NULL;
  144. if (!CRYPTO_NEW_REF(&dest->references, 1)) {
  145. OPENSSL_free(dest);
  146. return NULL;
  147. }
  148. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) {
  149. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  150. goto err;
  151. }
  152. if (src->peer != NULL) {
  153. if (!X509_up_ref(src->peer)) {
  154. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  155. goto err;
  156. }
  157. dest->peer = src->peer;
  158. }
  159. if (src->peer_chain != NULL) {
  160. dest->peer_chain = X509_chain_up_ref(src->peer_chain);
  161. if (dest->peer_chain == NULL) {
  162. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  163. goto err;
  164. }
  165. }
  166. if (src->peer_rpk != NULL) {
  167. if (!EVP_PKEY_up_ref(src->peer_rpk))
  168. goto err;
  169. dest->peer_rpk = src->peer_rpk;
  170. }
  171. #ifndef OPENSSL_NO_PSK
  172. if (src->psk_identity_hint) {
  173. dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
  174. if (dest->psk_identity_hint == NULL)
  175. goto err;
  176. }
  177. if (src->psk_identity) {
  178. dest->psk_identity = OPENSSL_strdup(src->psk_identity);
  179. if (dest->psk_identity == NULL)
  180. goto err;
  181. }
  182. #endif
  183. if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
  184. &dest->ex_data, &src->ex_data)) {
  185. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  186. goto err;
  187. }
  188. if (src->ext.hostname) {
  189. dest->ext.hostname = OPENSSL_strdup(src->ext.hostname);
  190. if (dest->ext.hostname == NULL)
  191. goto err;
  192. }
  193. if (ticket != 0 && src->ext.tick != NULL) {
  194. dest->ext.tick =
  195. OPENSSL_memdup(src->ext.tick, src->ext.ticklen);
  196. if (dest->ext.tick == NULL)
  197. goto err;
  198. } else {
  199. dest->ext.tick_lifetime_hint = 0;
  200. dest->ext.ticklen = 0;
  201. }
  202. if (src->ext.alpn_selected != NULL) {
  203. dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected,
  204. src->ext.alpn_selected_len);
  205. if (dest->ext.alpn_selected == NULL)
  206. goto err;
  207. }
  208. #ifndef OPENSSL_NO_SRP
  209. if (src->srp_username) {
  210. dest->srp_username = OPENSSL_strdup(src->srp_username);
  211. if (dest->srp_username == NULL)
  212. goto err;
  213. }
  214. #endif
  215. if (src->ticket_appdata != NULL) {
  216. dest->ticket_appdata =
  217. OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len);
  218. if (dest->ticket_appdata == NULL)
  219. goto err;
  220. }
  221. return dest;
  222. err:
  223. SSL_SESSION_free(dest);
  224. return NULL;
  225. }
  226. SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
  227. {
  228. return ssl_session_dup_intern(src, 1);
  229. }
  230. /*
  231. * Used internally when duplicating a session which might be already shared.
  232. * We will have resumed the original session. Subsequently we might have marked
  233. * it as non-resumable (e.g. in another thread) - but this copy should be ok to
  234. * resume from.
  235. */
  236. SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
  237. {
  238. SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
  239. if (sess != NULL)
  240. sess->not_resumable = 0;
  241. return sess;
  242. }
  243. const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
  244. {
  245. if (len)
  246. *len = (unsigned int)s->session_id_length;
  247. return s->session_id;
  248. }
  249. const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
  250. unsigned int *len)
  251. {
  252. if (len != NULL)
  253. *len = (unsigned int)s->sid_ctx_length;
  254. return s->sid_ctx;
  255. }
  256. unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
  257. {
  258. return s->compress_meth;
  259. }
  260. /*
  261. * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
  262. * the ID with random junk repeatedly until we have no conflict is going to
  263. * complete in one iteration pretty much "most" of the time (btw:
  264. * understatement). So, if it takes us 10 iterations and we still can't avoid
  265. * a conflict - well that's a reasonable point to call it quits. Either the
  266. * RAND code is broken or someone is trying to open roughly very close to
  267. * 2^256 SSL sessions to our server. How you might store that many sessions
  268. * is perhaps a more interesting question ...
  269. */
  270. #define MAX_SESS_ID_ATTEMPTS 10
  271. static int def_generate_session_id(SSL *ssl, unsigned char *id,
  272. unsigned int *id_len)
  273. {
  274. unsigned int retry = 0;
  275. do {
  276. if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0)
  277. return 0;
  278. #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  279. if (retry > 0) {
  280. id[0]++;
  281. }
  282. #endif
  283. } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
  284. (++retry < MAX_SESS_ID_ATTEMPTS)) ;
  285. if (retry < MAX_SESS_ID_ATTEMPTS)
  286. return 1;
  287. /* else - woops a session_id match */
  288. /*
  289. * XXX We should also check the external cache -- but the probability of
  290. * a collision is negligible, and we could not prevent the concurrent
  291. * creation of sessions with identical IDs since we currently don't have
  292. * means to atomically check whether a session ID already exists and make
  293. * a reservation for it if it does not (this problem applies to the
  294. * internal cache as well).
  295. */
  296. return 0;
  297. }
  298. int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss)
  299. {
  300. unsigned int tmp;
  301. GEN_SESSION_CB cb = def_generate_session_id;
  302. SSL *ssl = SSL_CONNECTION_GET_SSL(s);
  303. switch (s->version) {
  304. case SSL3_VERSION:
  305. case TLS1_VERSION:
  306. case TLS1_1_VERSION:
  307. case TLS1_2_VERSION:
  308. case TLS1_3_VERSION:
  309. case DTLS1_BAD_VER:
  310. case DTLS1_VERSION:
  311. case DTLS1_2_VERSION:
  312. ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
  313. break;
  314. default:
  315. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNSUPPORTED_SSL_VERSION);
  316. return 0;
  317. }
  318. /*-
  319. * If RFC5077 ticket, use empty session ID (as server).
  320. * Note that:
  321. * (a) ssl_get_prev_session() does lookahead into the
  322. * ClientHello extensions to find the session ticket.
  323. * When ssl_get_prev_session() fails, statem_srvr.c calls
  324. * ssl_get_new_session() in tls_process_client_hello().
  325. * At that point, it has not yet parsed the extensions,
  326. * however, because of the lookahead, it already knows
  327. * whether a ticket is expected or not.
  328. *
  329. * (b) statem_clnt.c calls ssl_get_new_session() before parsing
  330. * ServerHello extensions, and before recording the session
  331. * ID received from the server, so this block is a noop.
  332. */
  333. if (s->ext.ticket_expected) {
  334. ss->session_id_length = 0;
  335. return 1;
  336. }
  337. /* Choose which callback will set the session ID */
  338. if (!CRYPTO_THREAD_read_lock(SSL_CONNECTION_GET_SSL(s)->lock))
  339. return 0;
  340. if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) {
  341. CRYPTO_THREAD_unlock(ssl->lock);
  342. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  343. SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
  344. return 0;
  345. }
  346. if (s->generate_session_id)
  347. cb = s->generate_session_id;
  348. else if (s->session_ctx->generate_session_id)
  349. cb = s->session_ctx->generate_session_id;
  350. CRYPTO_THREAD_unlock(s->session_ctx->lock);
  351. CRYPTO_THREAD_unlock(ssl->lock);
  352. /* Choose a session ID */
  353. memset(ss->session_id, 0, ss->session_id_length);
  354. tmp = (int)ss->session_id_length;
  355. if (!cb(ssl, ss->session_id, &tmp)) {
  356. /* The callback failed */
  357. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  358. SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
  359. return 0;
  360. }
  361. /*
  362. * Don't allow the callback to set the session length to zero. nor
  363. * set it higher than it was.
  364. */
  365. if (tmp == 0 || tmp > ss->session_id_length) {
  366. /* The callback set an illegal length */
  367. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  368. SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
  369. return 0;
  370. }
  371. ss->session_id_length = tmp;
  372. /* Finally, check for a conflict */
  373. if (SSL_has_matching_session_id(ssl, ss->session_id,
  374. (unsigned int)ss->session_id_length)) {
  375. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT);
  376. return 0;
  377. }
  378. return 1;
  379. }
  380. int ssl_get_new_session(SSL_CONNECTION *s, int session)
  381. {
  382. /* This gets used by clients and servers. */
  383. SSL_SESSION *ss = NULL;
  384. if ((ss = SSL_SESSION_new()) == NULL) {
  385. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB);
  386. return 0;
  387. }
  388. /* If the context has a default timeout, use it */
  389. if (ossl_time_is_zero(s->session_ctx->session_timeout))
  390. ss->timeout = SSL_CONNECTION_GET_SSL(s)->method->get_timeout();
  391. else
  392. ss->timeout = s->session_ctx->session_timeout;
  393. ssl_session_calculate_timeout(ss);
  394. SSL_SESSION_free(s->session);
  395. s->session = NULL;
  396. if (session) {
  397. if (SSL_CONNECTION_IS_TLS13(s)) {
  398. /*
  399. * We generate the session id while constructing the
  400. * NewSessionTicket in TLSv1.3.
  401. */
  402. ss->session_id_length = 0;
  403. } else if (!ssl_generate_session_id(s, ss)) {
  404. /* SSLfatal() already called */
  405. SSL_SESSION_free(ss);
  406. return 0;
  407. }
  408. } else {
  409. ss->session_id_length = 0;
  410. }
  411. if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
  412. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  413. SSL_SESSION_free(ss);
  414. return 0;
  415. }
  416. memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
  417. ss->sid_ctx_length = s->sid_ctx_length;
  418. s->session = ss;
  419. ss->ssl_version = s->version;
  420. ss->verify_result = X509_V_OK;
  421. /* If client supports extended master secret set it in session */
  422. if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)
  423. ss->flags |= SSL_SESS_FLAG_EXTMS;
  424. return 1;
  425. }
  426. SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
  427. const unsigned char *sess_id,
  428. size_t sess_id_len)
  429. {
  430. SSL_SESSION *ret = NULL;
  431. if ((s->session_ctx->session_cache_mode
  432. & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) {
  433. SSL_SESSION data;
  434. data.ssl_version = s->version;
  435. if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH))
  436. return NULL;
  437. memcpy(data.session_id, sess_id, sess_id_len);
  438. data.session_id_length = sess_id_len;
  439. if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock))
  440. return NULL;
  441. ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
  442. if (ret != NULL) {
  443. /* don't allow other threads to steal it: */
  444. SSL_SESSION_up_ref(ret);
  445. }
  446. CRYPTO_THREAD_unlock(s->session_ctx->lock);
  447. if (ret == NULL)
  448. ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_miss);
  449. }
  450. if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
  451. int copy = 1;
  452. ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_SSL(s),
  453. sess_id, sess_id_len, &copy);
  454. if (ret != NULL) {
  455. if (ret->not_resumable) {
  456. /* If its not resumable then ignore this session */
  457. if (!copy)
  458. SSL_SESSION_free(ret);
  459. return NULL;
  460. }
  461. ssl_tsan_counter(s->session_ctx,
  462. &s->session_ctx->stats.sess_cb_hit);
  463. /*
  464. * Increment reference count now if the session callback asks us
  465. * to do so (note that if the session structures returned by the
  466. * callback are shared between threads, it must handle the
  467. * reference count itself [i.e. copy == 0], or things won't be
  468. * thread-safe).
  469. */
  470. if (copy)
  471. SSL_SESSION_up_ref(ret);
  472. /*
  473. * Add the externally cached session to the internal cache as
  474. * well if and only if we are supposed to.
  475. */
  476. if ((s->session_ctx->session_cache_mode &
  477. SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) {
  478. /*
  479. * Either return value of SSL_CTX_add_session should not
  480. * interrupt the session resumption process. The return
  481. * value is intentionally ignored.
  482. */
  483. (void)SSL_CTX_add_session(s->session_ctx, ret);
  484. }
  485. }
  486. }
  487. return ret;
  488. }
  489. /*-
  490. * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
  491. * connection. It is only called by servers.
  492. *
  493. * hello: The parsed ClientHello data
  494. *
  495. * Returns:
  496. * -1: fatal error
  497. * 0: no session found
  498. * 1: a session may have been found.
  499. *
  500. * Side effects:
  501. * - If a session is found then s->session is pointed at it (after freeing an
  502. * existing session if need be) and s->verify_result is set from the session.
  503. * - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
  504. * if the server should issue a new session ticket (to 0 otherwise).
  505. */
  506. int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello)
  507. {
  508. /* This is used only by servers. */
  509. SSL_SESSION *ret = NULL;
  510. int fatal = 0;
  511. int try_session_cache = 0;
  512. SSL_TICKET_STATUS r;
  513. if (SSL_CONNECTION_IS_TLS13(s)) {
  514. /*
  515. * By default we will send a new ticket. This can be overridden in the
  516. * ticket processing.
  517. */
  518. s->ext.ticket_expected = 1;
  519. if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
  520. SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
  521. NULL, 0)
  522. || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO,
  523. hello->pre_proc_exts, NULL, 0))
  524. return -1;
  525. ret = s->session;
  526. } else {
  527. /* sets s->ext.ticket_expected */
  528. r = tls_get_ticket_from_client(s, hello, &ret);
  529. switch (r) {
  530. case SSL_TICKET_FATAL_ERR_MALLOC:
  531. case SSL_TICKET_FATAL_ERR_OTHER:
  532. fatal = 1;
  533. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  534. goto err;
  535. case SSL_TICKET_NONE:
  536. case SSL_TICKET_EMPTY:
  537. if (hello->session_id_len > 0) {
  538. try_session_cache = 1;
  539. ret = lookup_sess_in_cache(s, hello->session_id,
  540. hello->session_id_len);
  541. }
  542. break;
  543. case SSL_TICKET_NO_DECRYPT:
  544. case SSL_TICKET_SUCCESS:
  545. case SSL_TICKET_SUCCESS_RENEW:
  546. break;
  547. }
  548. }
  549. if (ret == NULL)
  550. goto err;
  551. /* Now ret is non-NULL and we own one of its reference counts. */
  552. /* Check TLS version consistency */
  553. if (ret->ssl_version != s->version)
  554. goto err;
  555. if (ret->sid_ctx_length != s->sid_ctx_length
  556. || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
  557. /*
  558. * We have the session requested by the client, but we don't want to
  559. * use it in this context.
  560. */
  561. goto err; /* treat like cache miss */
  562. }
  563. if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
  564. /*
  565. * We can't be sure if this session is being used out of context,
  566. * which is especially important for SSL_VERIFY_PEER. The application
  567. * should have used SSL[_CTX]_set_session_id_context. For this error
  568. * case, we generate an error instead of treating the event like a
  569. * cache miss (otherwise it would be easy for applications to
  570. * effectively disable the session cache by accident without anyone
  571. * noticing).
  572. */
  573. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  574. SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
  575. fatal = 1;
  576. goto err;
  577. }
  578. if (sess_timedout(ossl_time_now(), ret)) {
  579. ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_timeout);
  580. if (try_session_cache) {
  581. /* session was from the cache, so remove it */
  582. SSL_CTX_remove_session(s->session_ctx, ret);
  583. }
  584. goto err;
  585. }
  586. /* Check extended master secret extension consistency */
  587. if (ret->flags & SSL_SESS_FLAG_EXTMS) {
  588. /* If old session includes extms, but new does not: abort handshake */
  589. if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
  590. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS);
  591. fatal = 1;
  592. goto err;
  593. }
  594. } else if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
  595. /* If new session includes extms, but old does not: do not resume */
  596. goto err;
  597. }
  598. if (!SSL_CONNECTION_IS_TLS13(s)) {
  599. /* We already did this for TLS1.3 */
  600. SSL_SESSION_free(s->session);
  601. s->session = ret;
  602. }
  603. ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_hit);
  604. s->verify_result = s->session->verify_result;
  605. return 1;
  606. err:
  607. if (ret != NULL) {
  608. SSL_SESSION_free(ret);
  609. /* In TLSv1.3 s->session was already set to ret, so we NULL it out */
  610. if (SSL_CONNECTION_IS_TLS13(s))
  611. s->session = NULL;
  612. if (!try_session_cache) {
  613. /*
  614. * The session was from a ticket, so we should issue a ticket for
  615. * the new session
  616. */
  617. s->ext.ticket_expected = 1;
  618. }
  619. }
  620. if (fatal)
  621. return -1;
  622. return 0;
  623. }
  624. int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
  625. {
  626. int ret = 0;
  627. SSL_SESSION *s;
  628. /*
  629. * add just 1 reference count for the SSL_CTX's session cache even though
  630. * it has two ways of access: each session is in a doubly linked list and
  631. * an lhash
  632. */
  633. SSL_SESSION_up_ref(c);
  634. /*
  635. * if session c is in already in cache, we take back the increment later
  636. */
  637. if (!CRYPTO_THREAD_write_lock(ctx->lock)) {
  638. SSL_SESSION_free(c);
  639. return 0;
  640. }
  641. s = lh_SSL_SESSION_insert(ctx->sessions, c);
  642. /*
  643. * s != NULL iff we already had a session with the given PID. In this
  644. * case, s == c should hold (then we did not really modify
  645. * ctx->sessions), or we're in trouble.
  646. */
  647. if (s != NULL && s != c) {
  648. /* We *are* in trouble ... */
  649. SSL_SESSION_list_remove(ctx, s);
  650. SSL_SESSION_free(s);
  651. /*
  652. * ... so pretend the other session did not exist in cache (we cannot
  653. * handle two SSL_SESSION structures with identical session ID in the
  654. * same cache, which could happen e.g. when two threads concurrently
  655. * obtain the same session from an external cache)
  656. */
  657. s = NULL;
  658. } else if (s == NULL &&
  659. lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
  660. /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
  661. /*
  662. * ... so take back the extra reference and also don't add
  663. * the session to the SSL_SESSION_list at this time
  664. */
  665. s = c;
  666. }
  667. /* Adjust last used time, and add back into the cache at the appropriate spot */
  668. if (ctx->session_cache_mode & SSL_SESS_CACHE_UPDATE_TIME) {
  669. c->time = ossl_time_now();
  670. ssl_session_calculate_timeout(c);
  671. }
  672. if (s == NULL) {
  673. /*
  674. * new cache entry -- remove old ones if cache has become too large
  675. * delete cache entry *before* add, so we don't remove the one we're adding!
  676. */
  677. ret = 1;
  678. if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
  679. while (SSL_CTX_sess_number(ctx) >= SSL_CTX_sess_get_cache_size(ctx)) {
  680. if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
  681. break;
  682. else
  683. ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full);
  684. }
  685. }
  686. }
  687. SSL_SESSION_list_add(ctx, c);
  688. if (s != NULL) {
  689. /*
  690. * existing cache entry -- decrement previously incremented reference
  691. * count because it already takes into account the cache
  692. */
  693. SSL_SESSION_free(s); /* s == c */
  694. ret = 0;
  695. }
  696. CRYPTO_THREAD_unlock(ctx->lock);
  697. return ret;
  698. }
  699. int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
  700. {
  701. return remove_session_lock(ctx, c, 1);
  702. }
  703. static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
  704. {
  705. SSL_SESSION *r;
  706. int ret = 0;
  707. if ((c != NULL) && (c->session_id_length != 0)) {
  708. if (lck) {
  709. if (!CRYPTO_THREAD_write_lock(ctx->lock))
  710. return 0;
  711. }
  712. if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
  713. ret = 1;
  714. r = lh_SSL_SESSION_delete(ctx->sessions, r);
  715. SSL_SESSION_list_remove(ctx, r);
  716. }
  717. c->not_resumable = 1;
  718. if (lck)
  719. CRYPTO_THREAD_unlock(ctx->lock);
  720. if (ctx->remove_session_cb != NULL)
  721. ctx->remove_session_cb(ctx, c);
  722. if (ret)
  723. SSL_SESSION_free(r);
  724. }
  725. return ret;
  726. }
  727. void SSL_SESSION_free(SSL_SESSION *ss)
  728. {
  729. int i;
  730. if (ss == NULL)
  731. return;
  732. CRYPTO_DOWN_REF(&ss->references, &i);
  733. REF_PRINT_COUNT("SSL_SESSION", ss);
  734. if (i > 0)
  735. return;
  736. REF_ASSERT_ISNT(i < 0);
  737. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
  738. OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
  739. OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
  740. X509_free(ss->peer);
  741. EVP_PKEY_free(ss->peer_rpk);
  742. OSSL_STACK_OF_X509_free(ss->peer_chain);
  743. OPENSSL_free(ss->ext.hostname);
  744. OPENSSL_free(ss->ext.tick);
  745. #ifndef OPENSSL_NO_PSK
  746. OPENSSL_free(ss->psk_identity_hint);
  747. OPENSSL_free(ss->psk_identity);
  748. #endif
  749. #ifndef OPENSSL_NO_SRP
  750. OPENSSL_free(ss->srp_username);
  751. #endif
  752. OPENSSL_free(ss->ext.alpn_selected);
  753. OPENSSL_free(ss->ticket_appdata);
  754. CRYPTO_FREE_REF(&ss->references);
  755. OPENSSL_clear_free(ss, sizeof(*ss));
  756. }
  757. int SSL_SESSION_up_ref(SSL_SESSION *ss)
  758. {
  759. int i;
  760. if (CRYPTO_UP_REF(&ss->references, &i) <= 0)
  761. return 0;
  762. REF_PRINT_COUNT("SSL_SESSION", ss);
  763. REF_ASSERT_ISNT(i < 2);
  764. return ((i > 1) ? 1 : 0);
  765. }
  766. int SSL_set_session(SSL *s, SSL_SESSION *session)
  767. {
  768. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  769. if (sc == NULL)
  770. return 0;
  771. ssl_clear_bad_session(sc);
  772. if (s->defltmeth != s->method) {
  773. if (!SSL_set_ssl_method(s, s->defltmeth))
  774. return 0;
  775. }
  776. if (session != NULL) {
  777. SSL_SESSION_up_ref(session);
  778. sc->verify_result = session->verify_result;
  779. }
  780. SSL_SESSION_free(sc->session);
  781. sc->session = session;
  782. return 1;
  783. }
  784. int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
  785. unsigned int sid_len)
  786. {
  787. if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
  788. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG);
  789. return 0;
  790. }
  791. s->session_id_length = sid_len;
  792. if (sid != s->session_id && sid_len > 0)
  793. memcpy(s->session_id, sid, sid_len);
  794. return 1;
  795. }
  796. long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
  797. {
  798. OSSL_TIME new_timeout = ossl_seconds2time(t);
  799. if (s == NULL || t < 0)
  800. return 0;
  801. if (s->owner != NULL) {
  802. if (!CRYPTO_THREAD_write_lock(s->owner->lock))
  803. return 0;
  804. s->timeout = new_timeout;
  805. ssl_session_calculate_timeout(s);
  806. SSL_SESSION_list_add(s->owner, s);
  807. CRYPTO_THREAD_unlock(s->owner->lock);
  808. } else {
  809. s->timeout = new_timeout;
  810. ssl_session_calculate_timeout(s);
  811. }
  812. return 1;
  813. }
  814. long SSL_SESSION_get_timeout(const SSL_SESSION *s)
  815. {
  816. if (s == NULL)
  817. return 0;
  818. return (long)ossl_time_to_time_t(s->timeout);
  819. }
  820. long SSL_SESSION_get_time(const SSL_SESSION *s)
  821. {
  822. return (long) SSL_SESSION_get_time_ex(s);
  823. }
  824. time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s)
  825. {
  826. if (s == NULL)
  827. return 0;
  828. return ossl_time_to_time_t(s->time);
  829. }
  830. time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t t)
  831. {
  832. OSSL_TIME new_time = ossl_time_from_time_t(t);
  833. if (s == NULL)
  834. return 0;
  835. if (s->owner != NULL) {
  836. if (!CRYPTO_THREAD_write_lock(s->owner->lock))
  837. return 0;
  838. s->time = new_time;
  839. ssl_session_calculate_timeout(s);
  840. SSL_SESSION_list_add(s->owner, s);
  841. CRYPTO_THREAD_unlock(s->owner->lock);
  842. } else {
  843. s->time = new_time;
  844. ssl_session_calculate_timeout(s);
  845. }
  846. return t;
  847. }
  848. long SSL_SESSION_set_time(SSL_SESSION *s, long t)
  849. {
  850. return (long) SSL_SESSION_set_time_ex(s, (time_t) t);
  851. }
  852. int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
  853. {
  854. return s->ssl_version;
  855. }
  856. int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
  857. {
  858. s->ssl_version = version;
  859. return 1;
  860. }
  861. const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
  862. {
  863. return s->cipher;
  864. }
  865. int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher)
  866. {
  867. s->cipher = cipher;
  868. return 1;
  869. }
  870. const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
  871. {
  872. return s->ext.hostname;
  873. }
  874. int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
  875. {
  876. OPENSSL_free(s->ext.hostname);
  877. if (hostname == NULL) {
  878. s->ext.hostname = NULL;
  879. return 1;
  880. }
  881. s->ext.hostname = OPENSSL_strdup(hostname);
  882. return s->ext.hostname != NULL;
  883. }
  884. int SSL_SESSION_has_ticket(const SSL_SESSION *s)
  885. {
  886. return (s->ext.ticklen > 0) ? 1 : 0;
  887. }
  888. unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
  889. {
  890. return s->ext.tick_lifetime_hint;
  891. }
  892. void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
  893. size_t *len)
  894. {
  895. *len = s->ext.ticklen;
  896. if (tick != NULL)
  897. *tick = s->ext.tick;
  898. }
  899. uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
  900. {
  901. return s->ext.max_early_data;
  902. }
  903. int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
  904. {
  905. s->ext.max_early_data = max_early_data;
  906. return 1;
  907. }
  908. void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
  909. const unsigned char **alpn,
  910. size_t *len)
  911. {
  912. *alpn = s->ext.alpn_selected;
  913. *len = s->ext.alpn_selected_len;
  914. }
  915. int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
  916. size_t len)
  917. {
  918. OPENSSL_free(s->ext.alpn_selected);
  919. if (alpn == NULL || len == 0) {
  920. s->ext.alpn_selected = NULL;
  921. s->ext.alpn_selected_len = 0;
  922. return 1;
  923. }
  924. s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
  925. if (s->ext.alpn_selected == NULL) {
  926. s->ext.alpn_selected_len = 0;
  927. return 0;
  928. }
  929. s->ext.alpn_selected_len = len;
  930. return 1;
  931. }
  932. X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
  933. {
  934. return s->peer;
  935. }
  936. EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s)
  937. {
  938. return s->peer_rpk;
  939. }
  940. int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
  941. unsigned int sid_ctx_len)
  942. {
  943. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  944. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  945. return 0;
  946. }
  947. s->sid_ctx_length = sid_ctx_len;
  948. if (sid_ctx != s->sid_ctx)
  949. memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
  950. return 1;
  951. }
  952. int SSL_SESSION_is_resumable(const SSL_SESSION *s)
  953. {
  954. /*
  955. * In the case of EAP-FAST, we can have a pre-shared "ticket" without a
  956. * session ID.
  957. */
  958. return !s->not_resumable
  959. && (s->session_id_length > 0 || s->ext.ticklen > 0);
  960. }
  961. long SSL_CTX_set_timeout(SSL_CTX *s, long t)
  962. {
  963. long l;
  964. if (s == NULL)
  965. return 0;
  966. l = (long)ossl_time2seconds(s->session_timeout);
  967. s->session_timeout = ossl_seconds2time(t);
  968. return l;
  969. }
  970. long SSL_CTX_get_timeout(const SSL_CTX *s)
  971. {
  972. if (s == NULL)
  973. return 0;
  974. return (long)ossl_time2seconds(s->session_timeout);
  975. }
  976. int SSL_set_session_secret_cb(SSL *s,
  977. tls_session_secret_cb_fn tls_session_secret_cb,
  978. void *arg)
  979. {
  980. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  981. if (sc == NULL)
  982. return 0;
  983. sc->ext.session_secret_cb = tls_session_secret_cb;
  984. sc->ext.session_secret_cb_arg = arg;
  985. return 1;
  986. }
  987. int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
  988. void *arg)
  989. {
  990. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  991. if (sc == NULL)
  992. return 0;
  993. sc->ext.session_ticket_cb = cb;
  994. sc->ext.session_ticket_cb_arg = arg;
  995. return 1;
  996. }
  997. int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
  998. {
  999. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1000. if (sc == NULL)
  1001. return 0;
  1002. if (sc->version >= TLS1_VERSION) {
  1003. OPENSSL_free(sc->ext.session_ticket);
  1004. sc->ext.session_ticket = NULL;
  1005. sc->ext.session_ticket =
  1006. OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
  1007. if (sc->ext.session_ticket == NULL)
  1008. return 0;
  1009. if (ext_data != NULL) {
  1010. sc->ext.session_ticket->length = ext_len;
  1011. sc->ext.session_ticket->data = sc->ext.session_ticket + 1;
  1012. memcpy(sc->ext.session_ticket->data, ext_data, ext_len);
  1013. } else {
  1014. sc->ext.session_ticket->length = 0;
  1015. sc->ext.session_ticket->data = NULL;
  1016. }
  1017. return 1;
  1018. }
  1019. return 0;
  1020. }
  1021. void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
  1022. {
  1023. STACK_OF(SSL_SESSION) *sk;
  1024. SSL_SESSION *current;
  1025. unsigned long i;
  1026. const OSSL_TIME timeout = ossl_time_from_time_t(t);
  1027. if (!CRYPTO_THREAD_write_lock(s->lock))
  1028. return;
  1029. sk = sk_SSL_SESSION_new_null();
  1030. i = lh_SSL_SESSION_get_down_load(s->sessions);
  1031. lh_SSL_SESSION_set_down_load(s->sessions, 0);
  1032. /*
  1033. * Iterate over the list from the back (oldest), and stop
  1034. * when a session can no longer be removed.
  1035. * Add the session to a temporary list to be freed outside
  1036. * the SSL_CTX lock.
  1037. * But still do the remove_session_cb() within the lock.
  1038. */
  1039. while (s->session_cache_tail != NULL) {
  1040. current = s->session_cache_tail;
  1041. if (t == 0 || sess_timedout(timeout, current)) {
  1042. lh_SSL_SESSION_delete(s->sessions, current);
  1043. SSL_SESSION_list_remove(s, current);
  1044. current->not_resumable = 1;
  1045. if (s->remove_session_cb != NULL)
  1046. s->remove_session_cb(s, current);
  1047. /*
  1048. * Throw the session on a stack, it's entirely plausible
  1049. * that while freeing outside the critical section, the
  1050. * session could be re-added, so avoid using the next/prev
  1051. * pointers. If the stack failed to create, or the session
  1052. * couldn't be put on the stack, just free it here
  1053. */
  1054. if (sk == NULL || !sk_SSL_SESSION_push(sk, current))
  1055. SSL_SESSION_free(current);
  1056. } else {
  1057. break;
  1058. }
  1059. }
  1060. lh_SSL_SESSION_set_down_load(s->sessions, i);
  1061. CRYPTO_THREAD_unlock(s->lock);
  1062. sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free);
  1063. }
  1064. int ssl_clear_bad_session(SSL_CONNECTION *s)
  1065. {
  1066. if ((s->session != NULL) &&
  1067. !(s->shutdown & SSL_SENT_SHUTDOWN) &&
  1068. !(SSL_in_init(SSL_CONNECTION_GET_SSL(s))
  1069. || SSL_in_before(SSL_CONNECTION_GET_SSL(s)))) {
  1070. SSL_CTX_remove_session(s->session_ctx, s->session);
  1071. return 1;
  1072. } else
  1073. return 0;
  1074. }
  1075. /* locked by SSL_CTX in the calling function */
  1076. static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
  1077. {
  1078. if ((s->next == NULL) || (s->prev == NULL))
  1079. return;
  1080. if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
  1081. /* last element in list */
  1082. if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
  1083. /* only one element in list */
  1084. ctx->session_cache_head = NULL;
  1085. ctx->session_cache_tail = NULL;
  1086. } else {
  1087. ctx->session_cache_tail = s->prev;
  1088. s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
  1089. }
  1090. } else {
  1091. if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
  1092. /* first element in list */
  1093. ctx->session_cache_head = s->next;
  1094. s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
  1095. } else {
  1096. /* middle of list */
  1097. s->next->prev = s->prev;
  1098. s->prev->next = s->next;
  1099. }
  1100. }
  1101. s->prev = s->next = NULL;
  1102. s->owner = NULL;
  1103. }
  1104. static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
  1105. {
  1106. SSL_SESSION *next;
  1107. if ((s->next != NULL) && (s->prev != NULL))
  1108. SSL_SESSION_list_remove(ctx, s);
  1109. if (ctx->session_cache_head == NULL) {
  1110. ctx->session_cache_head = s;
  1111. ctx->session_cache_tail = s;
  1112. s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
  1113. s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
  1114. } else {
  1115. if (timeoutcmp(s, ctx->session_cache_head) >= 0) {
  1116. /*
  1117. * if we timeout after (or the same time as) the first
  1118. * session, put us first - usual case
  1119. */
  1120. s->next = ctx->session_cache_head;
  1121. s->next->prev = s;
  1122. s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
  1123. ctx->session_cache_head = s;
  1124. } else if (timeoutcmp(s, ctx->session_cache_tail) < 0) {
  1125. /* if we timeout before the last session, put us last */
  1126. s->prev = ctx->session_cache_tail;
  1127. s->prev->next = s;
  1128. s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
  1129. ctx->session_cache_tail = s;
  1130. } else {
  1131. /*
  1132. * we timeout somewhere in-between - if there is only
  1133. * one session in the cache it will be caught above
  1134. */
  1135. next = ctx->session_cache_head->next;
  1136. while (next != (SSL_SESSION*)&(ctx->session_cache_tail)) {
  1137. if (timeoutcmp(s, next) >= 0) {
  1138. s->next = next;
  1139. s->prev = next->prev;
  1140. next->prev->next = s;
  1141. next->prev = s;
  1142. break;
  1143. }
  1144. next = next->next;
  1145. }
  1146. }
  1147. }
  1148. s->owner = ctx;
  1149. }
  1150. void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
  1151. int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
  1152. {
  1153. ctx->new_session_cb = cb;
  1154. }
  1155. int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
  1156. return ctx->new_session_cb;
  1157. }
  1158. void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
  1159. void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
  1160. {
  1161. ctx->remove_session_cb = cb;
  1162. }
  1163. void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
  1164. SSL_SESSION *sess) {
  1165. return ctx->remove_session_cb;
  1166. }
  1167. void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
  1168. SSL_SESSION *(*cb) (SSL *ssl,
  1169. const unsigned char *data,
  1170. int len, int *copy))
  1171. {
  1172. ctx->get_session_cb = cb;
  1173. }
  1174. SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
  1175. const unsigned char
  1176. *data, int len,
  1177. int *copy) {
  1178. return ctx->get_session_cb;
  1179. }
  1180. void SSL_CTX_set_info_callback(SSL_CTX *ctx,
  1181. void (*cb) (const SSL *ssl, int type, int val))
  1182. {
  1183. ctx->info_callback = cb;
  1184. }
  1185. void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
  1186. int val) {
  1187. return ctx->info_callback;
  1188. }
  1189. void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
  1190. int (*cb) (SSL *ssl, X509 **x509,
  1191. EVP_PKEY **pkey))
  1192. {
  1193. ctx->client_cert_cb = cb;
  1194. }
  1195. int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
  1196. EVP_PKEY **pkey) {
  1197. return ctx->client_cert_cb;
  1198. }
  1199. void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
  1200. int (*cb) (SSL *ssl,
  1201. unsigned char *cookie,
  1202. unsigned int *cookie_len))
  1203. {
  1204. ctx->app_gen_cookie_cb = cb;
  1205. }
  1206. void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
  1207. int (*cb) (SSL *ssl,
  1208. const unsigned char *cookie,
  1209. unsigned int cookie_len))
  1210. {
  1211. ctx->app_verify_cookie_cb = cb;
  1212. }
  1213. int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len)
  1214. {
  1215. OPENSSL_free(ss->ticket_appdata);
  1216. ss->ticket_appdata_len = 0;
  1217. if (data == NULL || len == 0) {
  1218. ss->ticket_appdata = NULL;
  1219. return 1;
  1220. }
  1221. ss->ticket_appdata = OPENSSL_memdup(data, len);
  1222. if (ss->ticket_appdata != NULL) {
  1223. ss->ticket_appdata_len = len;
  1224. return 1;
  1225. }
  1226. return 0;
  1227. }
  1228. int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len)
  1229. {
  1230. *data = ss->ticket_appdata;
  1231. *len = ss->ticket_appdata_len;
  1232. return 1;
  1233. }
  1234. void SSL_CTX_set_stateless_cookie_generate_cb(
  1235. SSL_CTX *ctx,
  1236. int (*cb) (SSL *ssl,
  1237. unsigned char *cookie,
  1238. size_t *cookie_len))
  1239. {
  1240. ctx->gen_stateless_cookie_cb = cb;
  1241. }
  1242. void SSL_CTX_set_stateless_cookie_verify_cb(
  1243. SSL_CTX *ctx,
  1244. int (*cb) (SSL *ssl,
  1245. const unsigned char *cookie,
  1246. size_t cookie_len))
  1247. {
  1248. ctx->verify_stateless_cookie_cb = cb;
  1249. }
  1250. IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)