1c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* ssl/ssl_sess.c */ 2c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * All rights reserved. 4c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 5c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * This package is an SSL implementation written 6c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * by Eric Young (eay@cryptsoft.com). 7c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * The implementation was written so as to conform with Netscapes SSL. 8c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 9c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * This library is free for commercial and non-commercial use as long as 10c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * the following conditions are aheared to. The following conditions 11c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * apply to all code found in this distribution, be it the RC4, RSA, 12c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * included with this distribution is covered by the same copyright terms 14c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 16c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * Copyright remains Eric Young's, and as such any Copyright notices in 17c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * the code are not to be removed. 18c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * If this package is used in a product, Eric Young should be given attribution 19c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * as the author of the parts of the library used. 20c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * This can be in the form of a textual message at program startup or 21c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * in documentation (online or textual) provided with the package. 22c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 23c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * Redistribution and use in source and binary forms, with or without 24c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * modification, are permitted provided that the following conditions 25c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * are met: 26c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 1. Redistributions of source code must retain the copyright 27c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * notice, this list of conditions and the following disclaimer. 28c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 2. Redistributions in binary form must reproduce the above copyright 29c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * notice, this list of conditions and the following disclaimer in the 30c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * documentation and/or other materials provided with the distribution. 31c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 3. All advertising materials mentioning features or use of this software 32c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * must display the following acknowledgement: 33c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * "This product includes cryptographic software written by 34c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * Eric Young (eay@cryptsoft.com)" 35c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * The word 'cryptographic' can be left out if the rouines from the library 36c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * being used are not cryptographic related :-). 37c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 4. If you include any Windows specific code (or a derivative thereof) from 38c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * the apps directory (application code) you must include an acknowledgement: 39c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 41c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * SUCH DAMAGE. 52c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 53c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * The licence and distribution terms for any publically available version or 54c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * derivative of this code cannot be changed. i.e. this code cannot simply be 55c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * copied and put under another distribution licence 56c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * [including the GNU Public Licence.] 57c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 58480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org/* ==================================================================== 59480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 61480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * Redistribution and use in source and binary forms, with or without 62480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * modification, are permitted provided that the following conditions 63480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * are met: 64480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 65480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 1. Redistributions of source code must retain the above copyright 66480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * notice, this list of conditions and the following disclaimer. 67480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 68480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 2. Redistributions in binary form must reproduce the above copyright 69480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * notice, this list of conditions and the following disclaimer in 70480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * the documentation and/or other materials provided with the 71480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * distribution. 72480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 73480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 3. All advertising materials mentioning features or use of this 74480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * software must display the following acknowledgment: 75480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * "This product includes software developed by the OpenSSL Project 76480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 78480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * endorse or promote products derived from this software without 80480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * prior written permission. For written permission, please contact 81480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * openssl-core@openssl.org. 82480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 83480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 5. Products derived from this software may not be called "OpenSSL" 84480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * nor may "OpenSSL" appear in their names without prior written 85480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * permission of the OpenSSL Project. 86480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 87480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 6. Redistributions of any form whatsoever must retain the following 88480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * acknowledgment: 89480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * "This product includes software developed by the OpenSSL Project 90480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 92480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * OF THE POSSIBILITY OF SUCH DAMAGE. 104480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * ==================================================================== 105480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 106480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * This product includes cryptographic software written by Eric Young 107480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * (eay@cryptsoft.com). This product includes software written by Tim 108480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * Hudson (tjh@cryptsoft.com). 109480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 110480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org */ 111480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org/* ==================================================================== 112480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * Copyright 2005 Nokia. All rights reserved. 113480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 114480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * The portions of the attached software ("Contribution") is developed by 115480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * Nokia Corporation and is licensed pursuant to the OpenSSL open source 116480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * license. 117480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 118480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * The Contribution, originally written by Mika Kousa and Pasi Eronen of 119480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 120480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * support (see RFC 4279) to OpenSSL. 121480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 122480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * No patent licenses or other rights except those expressly stated in 123480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * the OpenSSL open source license shall be deemed granted or received 124480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * expressly, by implication, estoppel, or otherwise. 125480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 126480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * No assurances are provided by Nokia that the Contribution does not 127480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * infringe the patent or other intellectual property rights of any third 128480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * party or that the license provides you with all the necessary rights 129480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * to make use of the Contribution. 130480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * 131480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 132480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 133480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 134480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 135480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org * OTHERWISE. 136480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org */ 137c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 138c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <stdio.h> 139c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/lhash.h> 140c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/rand.h> 141c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef OPENSSL_NO_ENGINE 142c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/engine.h> 143c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 144c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include "ssl_locl.h" 145c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 146c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); 147c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); 148c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); 149c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 150c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgSSL_SESSION *SSL_get_session(const SSL *ssl) 151c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ 152c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 153c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(ssl->session); 154c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 155c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 156c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgSSL_SESSION *SSL_get1_session(SSL *ssl) 157c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* variant of SSL_get_session: caller really gets something */ 158c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 159c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION *sess; 160c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Need to lock this all up rather than just use CRYPTO_add so that 161c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * somebody doesn't free ssl->session between when we check it's 162c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * non-null and when we up the reference count. */ 163c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); 164c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org sess = ssl->session; 165c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(sess) 166c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org sess->references++; 167c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); 168c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(sess); 169c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 170c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 171c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 172c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 173c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 174c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, 175c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org new_func, dup_func, free_func); 176c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 177c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 178c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) 179c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 180c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 181c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 182c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 183c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) 184c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 185c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(CRYPTO_get_ex_data(&s->ex_data,idx)); 186c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 187c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 188c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgSSL_SESSION *SSL_SESSION_new(void) 189c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 190c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION *ss; 191c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 192c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); 193c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ss == NULL) 194c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 195c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); 196c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(0); 197c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 198c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memset(ss,0,sizeof(SSL_SESSION)); 199c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 200c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ 201c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->references=1; 202c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->timeout=60*5+4; /* 5 minute timeout by default */ 203c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->time=(unsigned long)time(NULL); 204c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->prev=NULL; 205c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->next=NULL; 206c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->compress_meth=0; 207c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef OPENSSL_NO_TLSEXT 208c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->tlsext_hostname = NULL; 209480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#ifndef OPENSSL_NO_EC 210480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ss->tlsext_ecpointformatlist_length = 0; 211480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ss->tlsext_ecpointformatlist = NULL; 212480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ss->tlsext_ellipticcurvelist_length = 0; 213480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ss->tlsext_ellipticcurvelist = NULL; 214480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#endif 215c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 216c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); 217480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#ifndef OPENSSL_NO_PSK 218480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ss->psk_identity_hint=NULL; 219480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ss->psk_identity=NULL; 220480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#endif 2212c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org#ifndef OPENSSL_NO_SRP 2222c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org ss->srp_username=NULL; 2232c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org#endif 224c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(ss); 225c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 226c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 227c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgconst unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) 228c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 229c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(len) 230c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org *len = s->session_id_length; 231c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return s->session_id; 232c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 233c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 2342c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.orgunsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) 2352c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org { 2362c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org return s->compress_meth; 2372c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org } 2382c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org 239c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 240c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly 241c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * until we have no conflict is going to complete in one iteration pretty much 242c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * "most" of the time (btw: understatement). So, if it takes us 10 iterations 243c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * and we still can't avoid a conflict - well that's a reasonable point to call 244c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * it quits. Either the RAND code is broken or someone is trying to open roughly 245c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * very close to 2^128 (or 2^256) SSL sessions to our server. How you might 246c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * store that many sessions is perhaps a more interesting question ... */ 247c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 248c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#define MAX_SESS_ID_ATTEMPTS 10 249c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic int def_generate_session_id(const SSL *ssl, unsigned char *id, 250c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned int *id_len) 251c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org{ 252c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned int retry = 0; 253c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org do 254c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (RAND_pseudo_bytes(id, *id_len) <= 0) 255c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return 0; 256c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org while(SSL_has_matching_session_id(ssl, id, *id_len) && 257c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org (++retry < MAX_SESS_ID_ATTEMPTS)); 258c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(retry < MAX_SESS_ID_ATTEMPTS) 259c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return 1; 260c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* else - woops a session_id match */ 261c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* XXX We should also check the external cache -- 262c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * but the probability of a collision is negligible, and 263c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * we could not prevent the concurrent creation of sessions 264c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * with identical IDs since we currently don't have means 265c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * to atomically check whether a session ID already exists 266c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * and make a reservation for it if it does not 267c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * (this problem applies to the internal cache as well). 268c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 269c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return 0; 270c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org} 271c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 272480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgvoid SSL_set_session_creation_enabled (SSL *s, int creation_enabled) 273480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 274480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->session_creation_enabled = creation_enabled; 275480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 276480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 277c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint ssl_get_new_session(SSL *s, int session) 278c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 279c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* This gets used by clients and servers. */ 280c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 281c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned int tmp; 282c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION *ss=NULL; 283c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org GEN_SESSION_CB cb = def_generate_session_id; 284c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 285480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org /* caller should check this if they can do better error handling */ 286480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (!s->session_creation_enabled) return(0); 287c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((ss=SSL_SESSION_new()) == NULL) return(0); 288c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 289c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* If the context has a default timeout, use it */ 290480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (s->session_ctx->session_timeout == 0) 291c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->timeout=SSL_get_default_timeout(s); 292c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 293480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ss->timeout=s->session_ctx->session_timeout; 294c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 295c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s->session != NULL) 296c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 297c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(s->session); 298c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->session=NULL; 299c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 300c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 301c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (session) 302c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 303c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s->version == SSL2_VERSION) 304c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 305c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->ssl_version=SSL2_VERSION; 306c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; 307c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 308c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else if (s->version == SSL3_VERSION) 309c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 310c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->ssl_version=SSL3_VERSION; 311c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 312c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 313c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else if (s->version == TLS1_VERSION) 314c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 315c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->ssl_version=TLS1_VERSION; 316c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 317c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 3182c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org else if (s->version == TLS1_1_VERSION) 3192c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org { 3202c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org ss->ssl_version=TLS1_1_VERSION; 3212c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 3222c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org } 3232c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org else if (s->version == TLS1_2_VERSION) 3242c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org { 3252c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org ss->ssl_version=TLS1_2_VERSION; 3262c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 3272c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org } 328c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else if (s->version == DTLS1_BAD_VER) 329c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 330c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->ssl_version=DTLS1_BAD_VER; 331c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 332c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 333c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else if (s->version == DTLS1_VERSION) 334c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 335c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->ssl_version=DTLS1_VERSION; 336c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 337c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 338c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 339c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 340c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); 341c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(ss); 342c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(0); 343c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 344c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef OPENSSL_NO_TLSEXT 345c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* If RFC4507 ticket use empty session ID */ 346c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s->tlsext_ticket_expected) 347c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 348c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->session_id_length = 0; 349c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto sess_id_done; 350c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 351c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 352c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Choose which callback will set the session ID */ 353c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 354c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(s->generate_session_id) 355c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org cb = s->generate_session_id; 356480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org else if(s->session_ctx->generate_session_id) 357480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org cb = s->session_ctx->generate_session_id; 358c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 359c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Choose a session ID */ 360c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org tmp = ss->session_id_length; 361c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(!cb(s, ss->session_id, &tmp)) 362c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 363c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* The callback failed */ 364c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, 365c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); 366c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(ss); 367c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(0); 368c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 369c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Don't allow the callback to set the session length to zero. 370c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * nor set it higher than it was. */ 371c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(!tmp || (tmp > ss->session_id_length)) 372c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 373c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* The callback set an illegal length */ 374c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, 375c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); 376c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(ss); 377c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(0); 378c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 379c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* If the session length was shrunk and we're SSLv2, pad it */ 380c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) 381c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); 382c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 383c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->session_id_length = tmp; 384c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Finally, check for a conflict */ 385c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(SSL_has_matching_session_id(s, ss->session_id, 386c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->session_id_length)) 387c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 388c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, 389c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_R_SSL_SESSION_ID_CONFLICT); 390c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(ss); 391c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(0); 392c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 393c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef OPENSSL_NO_TLSEXT 394c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org sess_id_done: 395c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s->tlsext_hostname) { 396c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); 397c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ss->tlsext_hostname == NULL) { 398c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); 399c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(ss); 400c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return 0; 401c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 402c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 403480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#ifndef OPENSSL_NO_EC 404480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (s->tlsext_ecpointformatlist) 405480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 406480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); 407480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) 408480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 409480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 410480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org SSL_SESSION_free(ss); 411480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return 0; 412480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 413480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; 414480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 415480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 416480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (s->tlsext_ellipticcurvelist) 417480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 418480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); 419480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) 420480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 421480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 422480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org SSL_SESSION_free(ss); 423480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return 0; 424480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 425480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; 426480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); 427480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 428480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#endif 429c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 430c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 431c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 432c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 433c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->session_id_length=0; 434c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 435c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 436c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s->sid_ctx_length > sizeof ss->sid_ctx) 437c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 438c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); 439c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(ss); 440c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return 0; 441c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 442c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); 443c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->sid_ctx_length=s->sid_ctx_length; 444c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->session=ss; 445c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->ssl_version=s->version; 446c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ss->verify_result = X509_V_OK; 447c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 448c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(1); 449c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 450c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 4512c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org/* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this 4522c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * connection. It is only called by servers. 4532c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * 4542c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * session_id: points at the session ID in the ClientHello. This code will 4552c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * read past the end of this in order to parse out the session ticket 4562c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * extension, if any. 4572c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * len: the length of the session ID. 4582c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * limit: a pointer to the first byte after the ClientHello. 4592c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * 4602c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * Returns: 4612c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * -1: error 4622c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * 0: a session may have been found. 4632c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * 4642c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * Side effects: 4652c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * - If a session is found then s->session is pointed at it (after freeing an 4662c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * existing session if need be) and s->verify_result is set from the session. 4672c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 4682c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * if the server should issue a new session ticket (to 0 otherwise). 4692c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org */ 470c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, 471c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org const unsigned char *limit) 472c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 473c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* This is used only by servers. */ 474c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 475c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION *ret=NULL; 476c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int fatal = 0; 4772c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org int try_session_cache = 1; 478c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef OPENSSL_NO_TLSEXT 479c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int r; 480c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 481480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 482c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) 483c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 4842c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org 4852c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if (len == 0) 4862c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org try_session_cache = 0; 4872c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org 488c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef OPENSSL_NO_TLSEXT 4892c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ 4902c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org switch (r) 491c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 4922c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org case -1: /* Error during processing */ 493c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org fatal = 1; 494480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org goto err; 4952c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org case 0: /* No ticket found */ 4962c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org case 1: /* Zero length ticket found */ 4972c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org break; /* Ok to carry on processing session id. */ 4982c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org case 2: /* Ticket found but not decrypted. */ 4992c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org case 3: /* Ticket decrypted, *ret has been set. */ 5002c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org try_session_cache = 0; 5012c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org break; 5022c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org default: 5032c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org abort(); 504c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 505c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 5062c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org 5072c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if (try_session_cache && 5082c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org ret == NULL && 5092c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) 510c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 511c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION data; 512c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org data.ssl_version=s->version; 513c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org data.session_id_length=len; 514c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (len == 0) 515c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return 0; 516480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org memcpy(data.session_id,session_id,len); 517c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 518480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data); 519c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ret != NULL) 5202c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org { 5212c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org /* don't allow other threads to steal it: */ 5222c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); 5232c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org } 524c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 5252c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if (ret == NULL) 5262c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org s->session_ctx->stats.sess_miss++; 527c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 528c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 5292c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if (try_session_cache && 5302c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org ret == NULL && 5312c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org s->session_ctx->get_session_cb != NULL) 532c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 533c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int copy=1; 534c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 5352c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if ((ret=s->session_ctx->get_session_cb(s,session_id,len,©))) 536c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 537480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->session_ctx->stats.sess_cb_hit++; 538c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 539c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Increment reference count now if the session callback 540c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * asks us to do so (note that if the session structures 541c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * returned by the callback are shared between threads, 542c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * it must handle the reference count itself [i.e. copy == 0], 543c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * or things won't be thread-safe). */ 544c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (copy) 545c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); 546c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 547c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Add the externally cached session to the internal 548c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * cache as well if and only if we are supposed to. */ 549480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) 550c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* The following should not return 1, otherwise, 551c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * things are very strange */ 552480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org SSL_CTX_add_session(s->session_ctx,ret); 553c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 554c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 555c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 5562c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if (ret == NULL) 5572c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org goto err; 5582c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org 5592c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org /* Now ret is non-NULL and we own one of its reference counts. */ 560c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 561c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ret->sid_ctx_length != s->sid_ctx_length 562c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) 563c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 5642c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org /* We have the session requested by the client, but we don't 565c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * want to use it in this context. */ 566c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; /* treat like cache miss */ 567c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 568c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 569c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) 570c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 571c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* We can't be sure if this session is being used out of 572c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * context, which is especially important for SSL_VERIFY_PEER. 573c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * The application should have used SSL[_CTX]_set_session_id_context. 574c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 575c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * For this error case, we generate an error instead of treating 576c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * the event like a cache miss (otherwise it would be easy for 577c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * applications to effectively disable the session cache by 578c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * accident without anyone noticing). 579c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 580c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 581c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); 582c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org fatal = 1; 583c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 584c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 585c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 586c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ret->cipher == NULL) 587c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 588c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned char buf[5],*p; 589c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned long l; 590c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 591c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org p=buf; 592c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org l=ret->cipher_id; 593c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org l2n(l,p); 594c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR) 595c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); 596c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 597c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); 598c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ret->cipher == NULL) 599c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 600c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 601c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 602c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ 603c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 604480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->session_ctx->stats.sess_timeout++; 6052c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if (try_session_cache) 6062c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org { 6072c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org /* session was from the cache, so remove it */ 6082c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org SSL_CTX_remove_session(s->session_ctx,ret); 6092c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org } 610c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 611c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 612c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 613480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->session_ctx->stats.sess_hit++; 614c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 615c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s->session != NULL) 616c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(s->session); 617c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->session=ret; 618c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->verify_result = s->session->verify_result; 6192c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org return 1; 620c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 621c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org err: 622c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ret != NULL) 6232c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org { 624c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(ret); 6252c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org#ifndef OPENSSL_NO_TLSEXT 6262c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if (!try_session_cache) 6272c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org { 6282c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org /* The session was from a ticket, so we should 6292c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org * issue a ticket for the new session */ 6302c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org s->tlsext_ticket_expected = 1; 6312c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org } 6322c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org#endif 6332c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org } 634c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (fatal) 635c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return -1; 636c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 637c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return 0; 638c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 639c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 640c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) 641c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 642c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int ret=0; 643c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION *s; 644c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 645c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* add just 1 reference count for the SSL_CTX's session cache 646c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * even though it has two ways of access: each session is in a 647c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * doubly linked list and an lhash */ 648c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); 649c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* if session c is in already in cache, we take back the increment later */ 650c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 651c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 652480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s=lh_SSL_SESSION_insert(ctx->sessions,c); 653c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 654c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* s != NULL iff we already had a session with the given PID. 655c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * In this case, s == c should hold (then we did not really modify 656c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * ctx->sessions), or we're in trouble. */ 657c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s != NULL && s != c) 658c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 659c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* We *are* in trouble ... */ 660c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_list_remove(ctx,s); 661c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(s); 662c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* ... so pretend the other session did not exist in cache 663c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * (we cannot handle two SSL_SESSION structures with identical 664c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * session ID in the same cache, which could happen e.g. when 665c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * two threads concurrently obtain the same session from an external 666c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * cache) */ 667c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s = NULL; 668c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 669c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 670c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Put at the head of the queue unless it is already in the cache */ 671c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s == NULL) 672c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_list_add(ctx,c); 673c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 674c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s != NULL) 675c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 676c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* existing cache entry -- decrement previously incremented reference 677c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * count because it already takes into account the cache */ 678c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 679c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(s); /* s == c */ 680c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ret=0; 681c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 682c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 683c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 684c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* new cache entry -- remove old ones if cache has become too large */ 685c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 686c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ret=1; 687c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 688c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (SSL_CTX_sess_get_cache_size(ctx) > 0) 689c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 690c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org while (SSL_CTX_sess_number(ctx) > 691c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_CTX_sess_get_cache_size(ctx)) 692c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 693c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!remove_session_lock(ctx, 694c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->session_cache_tail, 0)) 695c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org break; 696c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 697c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->stats.sess_cache_full++; 698c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 699c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 700c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 701c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 702c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(ret); 703c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 704c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 705c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) 706c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org{ 707c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return remove_session_lock(ctx, c, 1); 708c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org} 709c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 710c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) 711c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 712c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION *r; 713c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int ret=0; 714c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 715c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((c != NULL) && (c->session_id_length != 0)) 716c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 717c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 718480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c) 719c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 720c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ret=1; 721480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org r=lh_SSL_SESSION_delete(ctx->sessions,c); 722c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_list_remove(ctx,c); 723c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 724c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 725c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 726c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 727c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ret) 728c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 729c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org r->not_resumable=1; 730c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ctx->remove_session_cb != NULL) 731c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->remove_session_cb(ctx,r); 732c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(r); 733c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 734c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 735c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 736c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ret=0; 737c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(ret); 738c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 739c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 740c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid SSL_SESSION_free(SSL_SESSION *ss) 741c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 742c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i; 743c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 744c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(ss == NULL) 745c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return; 746c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 747c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); 748c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef REF_PRINT 749c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org REF_PRINT("SSL_SESSION",ss); 750c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 751c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (i > 0) return; 752c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifdef REF_CHECK 753c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (i < 0) 754c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 755c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org fprintf(stderr,"SSL_SESSION_free, bad reference count\n"); 756c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org abort(); /* ok */ 757c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 758c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 759c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 760c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); 761c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 762c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); 763c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); 764c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); 765c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); 766c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ss->peer != NULL) X509_free(ss->peer); 767c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); 768c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef OPENSSL_NO_TLSEXT 769c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); 770c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); 771480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#ifndef OPENSSL_NO_EC 772480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ss->tlsext_ecpointformatlist_length = 0; 773480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); 774480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org ss->tlsext_ellipticcurvelist_length = 0; 775480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); 776480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#endif /* OPENSSL_NO_EC */ 777480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#endif 778480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#ifndef OPENSSL_NO_PSK 779480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (ss->psk_identity_hint != NULL) 780480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org OPENSSL_free(ss->psk_identity_hint); 781480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (ss->psk_identity != NULL) 782480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org OPENSSL_free(ss->psk_identity); 783c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 7842c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org#ifndef OPENSSL_NO_SRP 7852c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if (ss->srp_username != NULL) 7862c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org OPENSSL_free(ss->srp_username); 7872c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org#endif 788c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org OPENSSL_cleanse(ss,sizeof(*ss)); 789c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org OPENSSL_free(ss); 790c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 791c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 792c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint SSL_set_session(SSL *s, SSL_SESSION *session) 793c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 794c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int ret=0; 795480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org const SSL_METHOD *meth; 796c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 797c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (session != NULL) 798c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 799c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org meth=s->ctx->method->get_ssl_method(session->ssl_version); 800c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (meth == NULL) 801c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org meth=s->method->get_ssl_method(session->ssl_version); 802c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (meth == NULL) 803c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 804c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD); 805c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(0); 806c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 807c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 808c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (meth != s->method) 809c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 810c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!SSL_set_ssl_method(s,meth)) 811c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(0); 812c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 813c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 814c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef OPENSSL_NO_KRB5 815c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s->kssl_ctx && !s->kssl_ctx->client_princ && 816c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org session->krb5_client_princ_len > 0) 817c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 818c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); 819c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, 820c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org session->krb5_client_princ_len); 821c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; 822c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 823c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif /* OPENSSL_NO_KRB5 */ 824c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 825c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ 826c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); 827c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s->session != NULL) 828c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(s->session); 829c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->session=session; 830c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->verify_result = s->session->verify_result; 831c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ 832c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ret=1; 833c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 834c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 835c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 836c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s->session != NULL) 837c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 838c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(s->session); 839c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->session=NULL; 840c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 841c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 842c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org meth=s->ctx->method; 843c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (meth != s->method) 844c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 845c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!SSL_set_ssl_method(s,meth)) 846c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(0); 847c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 848c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ret=1; 849c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 850c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(ret); 851c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 852c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 853c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orglong SSL_SESSION_set_timeout(SSL_SESSION *s, long t) 854c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 855c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s == NULL) return(0); 856c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->timeout=t; 857c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(1); 858c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 859c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 860c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orglong SSL_SESSION_get_timeout(const SSL_SESSION *s) 861c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 862c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s == NULL) return(0); 863c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(s->timeout); 864c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 865c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 866c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orglong SSL_SESSION_get_time(const SSL_SESSION *s) 867c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 868c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s == NULL) return(0); 869c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(s->time); 870c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 871c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 872c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orglong SSL_SESSION_set_time(SSL_SESSION *s, long t) 873c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 874c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s == NULL) return(0); 875c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->time=t; 876c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(t); 877c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 878c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 8792c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.orgX509 *SSL_SESSION_get0_peer(SSL_SESSION *s) 8802c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org { 8812c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org return s->peer; 8822c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org } 8832c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org 8842c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.orgint SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, 8852c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org unsigned int sid_ctx_len) 8862c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org { 8872c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) 8882c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org { 8892c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 8902c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org return 0; 8912c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org } 8922c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org s->sid_ctx_length=sid_ctx_len; 8932c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org memcpy(s->sid_ctx,sid_ctx,sid_ctx_len); 8942c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org 8952c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org return 1; 8962c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org } 8972c4508dfe2bc5b6296c01114ed11ddc64b7718c6digit@chromium.org 898c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orglong SSL_CTX_set_timeout(SSL_CTX *s, long t) 899c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 900c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org long l; 901c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s == NULL) return(0); 902c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org l=s->session_timeout; 903c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->session_timeout=t; 904c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(l); 905c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 906c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 907c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orglong SSL_CTX_get_timeout(const SSL_CTX *s) 908c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 909c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s == NULL) return(0); 910c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(s->session_timeout); 911c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 912c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 913480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#ifndef OPENSSL_NO_TLSEXT 914480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgint SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, 915480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) 916480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 917480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (s == NULL) return(0); 918480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->tls_session_secret_cb = tls_session_secret_cb; 919480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->tls_session_secret_cb_arg = arg; 920480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return(1); 921480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 922480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 923480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgint SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, 924480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org void *arg) 925480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 926480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (s == NULL) return(0); 927480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->tls_session_ticket_ext_cb = cb; 928480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->tls_session_ticket_ext_cb_arg = arg; 929480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return(1); 930480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 931480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 932480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgint SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) 933480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 934480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (s->version >= TLS1_VERSION) 935480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 936480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (s->tlsext_session_ticket) 937480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 938480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org OPENSSL_free(s->tlsext_session_ticket); 939480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->tlsext_session_ticket = NULL; 940480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 941480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 942480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); 943480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (!s->tlsext_session_ticket) 944480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 945480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); 946480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return 0; 947480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 948480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 949480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org if (ext_data) 950480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 951480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->tlsext_session_ticket->length = ext_len; 952480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; 953480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); 954480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 955480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org else 956480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org { 957480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->tlsext_session_ticket->length = 0; 958480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org s->tlsext_session_ticket->data = NULL; 959480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 960480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 961480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return 1; 962480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 963480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 964480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org return 0; 965480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org } 966480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org#endif /* OPENSSL_NO_TLSEXT */ 967480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org 968c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgtypedef struct timeout_param_st 969c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 970c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_CTX *ctx; 971c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org long time; 972480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org LHASH_OF(SSL_SESSION) *cache; 973c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } TIMEOUT_PARAM; 974c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 975480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgstatic void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) 976c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 977c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ 978c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 979c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* The reason we don't call SSL_CTX_remove_session() is to 980c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * save on locking overhead */ 981480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org (void)lh_SSL_SESSION_delete(p->cache,s); 982c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_list_remove(p->ctx,s); 983c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->not_resumable=1; 984c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (p->ctx->remove_session_cb != NULL) 985c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org p->ctx->remove_session_cb(p->ctx,s); 986c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_free(s); 987c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 988c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 989c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 990480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgstatic IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) 991c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 992c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid SSL_CTX_flush_sessions(SSL_CTX *s, long t) 993c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 994c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned long i; 995c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org TIMEOUT_PARAM tp; 996c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 997c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org tp.ctx=s; 998c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org tp.cache=s->sessions; 999c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (tp.cache == NULL) return; 1000c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org tp.time=t; 1001c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 1002480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), 1003480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.org TIMEOUT_PARAM, &tp); 1004c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 1005c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1006c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1007c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint ssl_clear_bad_session(SSL *s) 1008c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1009c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ( (s->session != NULL) && 1010c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org !(s->shutdown & SSL_SENT_SHUTDOWN) && 1011c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org !(SSL_in_init(s) || SSL_in_before(s))) 1012c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1013c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_CTX_remove_session(s->ctx,s->session); 1014c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(1); 1015c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1016c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 1017c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(0); 1018c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1019c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1020c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* locked by SSL_CTX in the calling function */ 1021c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) 1022c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1023c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((s->next == NULL) || (s->prev == NULL)) return; 1024c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1025c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) 1026c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { /* last element in list */ 1027c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) 1028c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { /* only one element in list */ 1029c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->session_cache_head=NULL; 1030c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->session_cache_tail=NULL; 1031c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1032c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 1033c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1034c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->session_cache_tail=s->prev; 1035c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail); 1036c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1037c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1038c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 1039c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1040c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) 1041c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { /* first element in list */ 1042c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->session_cache_head=s->next; 1043c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); 1044c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1045c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 1046c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { /* middle of list */ 1047c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->next->prev=s->prev; 1048c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->prev->next=s->next; 1049c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1050c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1051c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->prev=s->next=NULL; 1052c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1053c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1054c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgstatic void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) 1055c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1056c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((s->next != NULL) && (s->prev != NULL)) 1057c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION_list_remove(ctx,s); 1058c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1059c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (ctx->session_cache_head == NULL) 1060c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1061c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->session_cache_head=s; 1062c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->session_cache_tail=s; 1063c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->prev=(SSL_SESSION *)&(ctx->session_cache_head); 1064c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->next=(SSL_SESSION *)&(ctx->session_cache_tail); 1065c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1066c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 1067c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1068c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->next=ctx->session_cache_head; 1069c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->next->prev=s; 1070c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org s->prev=(SSL_SESSION *)&(ctx->session_cache_head); 1071c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->session_cache_head=s; 1072c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1073c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1074c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1075c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, 1076c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) 1077c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1078c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->new_session_cb=cb; 1079c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1080c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1081c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) 1082c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1083c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return ctx->new_session_cb; 1084c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1085c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1086c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, 1087c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) 1088c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1089c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->remove_session_cb=cb; 1090c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1091c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1092c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) 1093c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1094c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return ctx->remove_session_cb; 1095c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1096c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1097c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, 1098c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSL_SESSION *(*cb)(struct ssl_st *ssl, 1099c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned char *data,int len,int *copy)) 1100c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1101c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->get_session_cb=cb; 1102c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1103c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1104c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgSSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, 1105c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned char *data,int len,int *copy) 1106c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1107c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return ctx->get_session_cb; 1108c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1109c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1110c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid SSL_CTX_set_info_callback(SSL_CTX *ctx, 1111c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org void (*cb)(const SSL *ssl,int type,int val)) 1112c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1113c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->info_callback=cb; 1114c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1115c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1116c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) 1117c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1118c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return ctx->info_callback; 1119c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1120c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1121c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, 1122c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) 1123c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1124c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->client_cert_cb=cb; 1125c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1126c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1127c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) 1128c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1129c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return ctx->client_cert_cb; 1130c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1131c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1132daa13d14b712434b44dfbfb4b6bd34fd071d86eaqsr@chromium.orgvoid SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, 1133daa13d14b712434b44dfbfb4b6bd34fd071d86eaqsr@chromium.org void (*cb)(SSL *ssl, EVP_PKEY **pkey)) 1134daa13d14b712434b44dfbfb4b6bd34fd071d86eaqsr@chromium.org { 1135daa13d14b712434b44dfbfb4b6bd34fd071d86eaqsr@chromium.org ctx->channel_id_cb=cb; 1136daa13d14b712434b44dfbfb4b6bd34fd071d86eaqsr@chromium.org } 1137daa13d14b712434b44dfbfb4b6bd34fd071d86eaqsr@chromium.org 1138daa13d14b712434b44dfbfb4b6bd34fd071d86eaqsr@chromium.orgvoid (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey) 1139daa13d14b712434b44dfbfb4b6bd34fd071d86eaqsr@chromium.org { 1140daa13d14b712434b44dfbfb4b6bd34fd071d86eaqsr@chromium.org return ctx->channel_id_cb; 1141daa13d14b712434b44dfbfb4b6bd34fd071d86eaqsr@chromium.org } 1142daa13d14b712434b44dfbfb4b6bd34fd071d86eaqsr@chromium.org 1143c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#ifndef OPENSSL_NO_ENGINE 1144c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) 1145c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1146c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!ENGINE_init(e)) 1147c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1148c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); 1149c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return 0; 1150c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1151c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(!ENGINE_get_ssl_client_cert_function(e)) 1152c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1153c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); 1154c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ENGINE_finish(e); 1155c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return 0; 1156c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1157c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->client_cert_engine = e; 1158c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return 1; 1159c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1160c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#endif 1161c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1162c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, 1163c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) 1164c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1165c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->app_gen_cookie_cb=cb; 1166c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1167c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1168c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgvoid SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, 1169c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) 1170c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 1171c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ctx->app_verify_cookie_cb=cb; 1172c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 1173c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 1174480da75abf485e7e2a6be5acc0f71842368792c0jnd@chromium.orgIMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) 1175