195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * All rights reserved. 395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This package is an SSL implementation written 595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * by Eric Young (eay@cryptsoft.com). 695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * The implementation was written so as to conform with Netscapes SSL. 795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This library is free for commercial and non-commercial use as long as 995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the following conditions are aheared to. The following conditions 1095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * apply to all code found in this distribution, be it the RC4, RSA, 1195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * included with this distribution is covered by the same copyright terms 1395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Copyright remains Eric Young's, and as such any Copyright notices in 1695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the code are not to be removed. 1795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * If this package is used in a product, Eric Young should be given attribution 1895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * as the author of the parts of the library used. 1995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This can be in the form of a textual message at program startup or 2095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * in documentation (online or textual) provided with the package. 2195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Redistribution and use in source and binary forms, with or without 2395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * modification, are permitted provided that the following conditions 2495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * are met: 2595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1. Redistributions of source code must retain the copyright 2695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer. 2795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2. Redistributions in binary form must reproduce the above copyright 2895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer in the 2995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * documentation and/or other materials provided with the distribution. 3095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3. All advertising materials mentioning features or use of this software 3195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * must display the following acknowledgement: 3295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes cryptographic software written by 3395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Eric Young (eay@cryptsoft.com)" 3495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * The word 'cryptographic' can be left out if the rouines from the library 3595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * being used are not cryptographic related :-). 3695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 4. If you include any Windows specific code (or a derivative thereof) from 3795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the apps directory (application code) you must include an acknowledgement: 3895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 3995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 4095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 4995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * SUCH DAMAGE. 5195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 5295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * The licence and distribution terms for any publically available version or 5395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * derivative of this code cannot be changed. i.e. this code cannot simply be 5495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * copied and put under another distribution licence 5595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * [including the GNU Public Licence.] 5695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley */ 5795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* ==================================================================== 5895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 5995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 6095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Redistribution and use in source and binary forms, with or without 6195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * modification, are permitted provided that the following conditions 6295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * are met: 6395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 6495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1. Redistributions of source code must retain the above copyright 6595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer. 6695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 6795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2. Redistributions in binary form must reproduce the above copyright 6895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer in 6995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the documentation and/or other materials provided with the 7095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * distribution. 7195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 7295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3. All advertising materials mentioning features or use of this 7395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * software must display the following acknowledgment: 7495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes software developed by the OpenSSL Project 7595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 7695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 7795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 7895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * endorse or promote products derived from this software without 7995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * prior written permission. For written permission, please contact 8095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * openssl-core@openssl.org. 8195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 8295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 5. Products derived from this software may not be called "OpenSSL" 8395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * nor may "OpenSSL" appear in their names without prior written 8495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * permission of the OpenSSL Project. 8595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 8695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 6. Redistributions of any form whatsoever must retain the following 8795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * acknowledgment: 8895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes software developed by the OpenSSL Project 8995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 9095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 9195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 9295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 9395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 9495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 9595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 9695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 9795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 9895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 9995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 10095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 10195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 10295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * OF THE POSSIBILITY OF SUCH DAMAGE. 10395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ==================================================================== 10495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 10595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This product includes cryptographic software written by Eric Young 10695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * (eay@cryptsoft.com). This product includes software written by Tim 10795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Hudson (tjh@cryptsoft.com). 10895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 10995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley */ 11095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* ==================================================================== 11195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Copyright 2005 Nokia. All rights reserved. 11295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 11395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * The portions of the attached software ("Contribution") is developed by 11495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Nokia Corporation and is licensed pursuant to the OpenSSL open source 11595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * license. 11695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 11795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * The Contribution, originally written by Mika Kousa and Pasi Eronen of 11895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 11995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * support (see RFC 4279) to OpenSSL. 12095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 12195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * No patent licenses or other rights except those expressly stated in 12295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the OpenSSL open source license shall be deemed granted or received 12395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * expressly, by implication, estoppel, or otherwise. 12495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 12595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * No assurances are provided by Nokia that the Contribution does not 12695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * infringe the patent or other intellectual property rights of any third 12795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * party or that the license provides you with all the necessary rights 12895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * to make use of the Contribution. 12995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 13095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 13195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 13295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 13395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 13495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * OTHERWISE. */ 13595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 13695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <stdio.h> 13795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 13895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/engine.h> 13995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/err.h> 14095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/lhash.h> 14195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/mem.h> 14295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/rand.h> 14395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 14495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include "ssl_locl.h" 14595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 146b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley/* The address of this is a magic value, a pointer to which is returned by 147b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley * SSL_magic_pending_session_ptr(). It allows a session callback to indicate 148b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley * that it needs to asynchronously fetch session information. */ 149b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langleystatic char g_pending_session_magic; 150b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley 15195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); 15295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); 15395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); 15495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 155c44d2f4cb8a892a603edbbe710fa82bcd30f9cb5David BenjaminSSL_SESSION *SSL_magic_pending_session_ptr(void) 156b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley { 157b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley return (SSL_SESSION*) &g_pending_session_magic; 158b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley } 159b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley 16095c29f3cd1f6c08c6c0927868683392eea727ccAdam LangleySSL_SESSION *SSL_get_session(const SSL *ssl) 16195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ 16295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 16395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(ssl->session); 16495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 16595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 16695c29f3cd1f6c08c6c0927868683392eea727ccAdam LangleySSL_SESSION *SSL_get1_session(SSL *ssl) 16795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* variant of SSL_get_session: caller really gets something */ 16895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 16995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION *sess; 17095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Need to lock this all up rather than just use CRYPTO_add so that 17195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * somebody doesn't free ssl->session between when we check it's 17295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * non-null and when we up the reference count. */ 17395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); 17495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley sess = ssl->session; 17595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if(sess) 17695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley sess->references++; 17795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); 17895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(sess); 17995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 18095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 18195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 18295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 18395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 18495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, 18595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley new_func, dup_func, free_func); 18695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 18795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 18895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) 18995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 19095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 19195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 19295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 19395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) 19495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 19595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(CRYPTO_get_ex_data(&s->ex_data,idx)); 19695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 19795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 19895c29f3cd1f6c08c6c0927868683392eea727ccAdam LangleySSL_SESSION *SSL_SESSION_new(void) 19995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 20095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION *ss; 20195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 20295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); 20395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ss == NULL) 20495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 20595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, SSL_SESSION_new, ERR_R_MALLOC_FAILURE); 20695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(0); 20795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 20895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley memset(ss,0,sizeof(SSL_SESSION)); 20995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 21095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ 21195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->references=1; 212f4501347c9f709fe3dad745ac96479513a1c9a8dDavid Benjamin ss->timeout = SSL_DEFAULT_SESSION_TIMEOUT; 21395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->time=(unsigned long)time(NULL); 21495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); 21595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(ss); 21695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 21795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 21895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyconst unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) 21995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 22095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if(len) 22195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley *len = s->session_id_length; 22295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return s->session_id; 22395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 22495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 22595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 22695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly 22795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * until we have no conflict is going to complete in one iteration pretty much 22895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "most" of the time (btw: understatement). So, if it takes us 10 iterations 22995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * and we still can't avoid a conflict - well that's a reasonable point to call 23095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * it quits. Either the RAND code is broken or someone is trying to open roughly 23195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * very close to 2^128 (or 2^256) SSL sessions to our server. How you might 23295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * store that many sessions is perhaps a more interesting question ... */ 23395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 23495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#define MAX_SESS_ID_ATTEMPTS 10 23595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int def_generate_session_id(const SSL *ssl, unsigned char *id, 23695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned int *id_len) 23795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley{ 23895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned int retry = 0; 23995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley do 24095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (RAND_pseudo_bytes(id, *id_len) <= 0) 24195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 24295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley while(SSL_has_matching_session_id(ssl, id, *id_len) && 24395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley (++retry < MAX_SESS_ID_ATTEMPTS)); 24495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if(retry < MAX_SESS_ID_ATTEMPTS) 24595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 24695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* else - woops a session_id match */ 24795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* XXX We should also check the external cache -- 24895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * but the probability of a collision is negligible, and 24995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * we could not prevent the concurrent creation of sessions 25095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * with identical IDs since we currently don't have means 25195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * to atomically check whether a session ID already exists 25295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * and make a reservation for it if it does not 25395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * (this problem applies to the internal cache as well). 25495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley */ 25595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 25695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 25795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 25895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint ssl_get_new_session(SSL *s, int session) 25995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 26095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* This gets used by clients and servers. */ 26195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 26295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned int tmp; 26395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION *ss=NULL; 26495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley GEN_SESSION_CB cb = def_generate_session_id; 26595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 2668eaaa86da3691e7729adc7c19004344633ffc9d1Adam Langley if (s->mode & SSL_MODE_NO_SESSION_CREATION) 2678eaaa86da3691e7729adc7c19004344633ffc9d1Adam Langley { 2688eaaa86da3691e7729adc7c19004344633ffc9d1Adam Langley OPENSSL_PUT_ERROR(SSL, ssl_get_new_session, SSL_R_SESSION_MAY_NOT_BE_CREATED); 2698eaaa86da3691e7729adc7c19004344633ffc9d1Adam Langley return 0; 2708eaaa86da3691e7729adc7c19004344633ffc9d1Adam Langley } 2718eaaa86da3691e7729adc7c19004344633ffc9d1Adam Langley 27295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((ss=SSL_SESSION_new()) == NULL) return(0); 27395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 274f4501347c9f709fe3dad745ac96479513a1c9a8dDavid Benjamin /* If the context has a default timeout, use it over the default. */ 275041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin if (s->initial_ctx->session_timeout != 0) 276041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin ss->timeout=s->initial_ctx->session_timeout; 27795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 27895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->session != NULL) 27995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 28095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(s->session); 28195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->session=NULL; 28295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 28395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 28495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (session) 28595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 28695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->version == SSL2_VERSION) 28795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 28895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->ssl_version=SSL2_VERSION; 28995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; 29095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 29195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (s->version == SSL3_VERSION) 29295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 29395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->ssl_version=SSL3_VERSION; 29495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 29595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 29695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (s->version == TLS1_VERSION) 29795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 29895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->ssl_version=TLS1_VERSION; 29995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 30095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 30195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (s->version == TLS1_1_VERSION) 30295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 30395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->ssl_version=TLS1_1_VERSION; 30495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 30595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 30695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (s->version == TLS1_2_VERSION) 30795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 30895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->ssl_version=TLS1_2_VERSION; 30995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 31095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 31195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (s->version == DTLS1_VERSION) 31295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 31395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->ssl_version=DTLS1_VERSION; 31495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 31595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 31695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (s->version == DTLS1_2_VERSION) 31795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 31895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->ssl_version=DTLS1_2_VERSION; 31995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 32095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 32195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 32295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 32395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, ssl_get_new_session, SSL_R_UNSUPPORTED_SSL_VERSION); 32495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(ss); 32595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(0); 32695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 32795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* If RFC4507 ticket use empty session ID */ 32895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->tlsext_ticket_expected) 32995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 33095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->session_id_length = 0; 33195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto sess_id_done; 33295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 33395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Choose which callback will set the session ID */ 33495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 33595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if(s->generate_session_id) 33695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley cb = s->generate_session_id; 337041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin else if(s->initial_ctx->generate_session_id) 338041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin cb = s->initial_ctx->generate_session_id; 33995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 34095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Choose a session ID */ 34195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley tmp = ss->session_id_length; 34295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if(!cb(s, ss->session_id, &tmp)) 34395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 34495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* The callback failed */ 34595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, ssl_get_new_session, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); 34695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(ss); 34795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(0); 34895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 34995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Don't allow the callback to set the session length to zero. 35095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * nor set it higher than it was. */ 35195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if(!tmp || (tmp > ss->session_id_length)) 35295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 35395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* The callback set an illegal length */ 35495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, ssl_get_new_session, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); 35595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(ss); 35695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(0); 35795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 35895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* If the session length was shrunk and we're SSLv2, pad it */ 35995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) 36095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); 36195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 36295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->session_id_length = tmp; 36395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Finally, check for a conflict */ 36495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if(SSL_has_matching_session_id(s, ss->session_id, 36595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->session_id_length)) 36695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 36795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, ssl_get_new_session, SSL_R_SSL_SESSION_ID_CONFLICT); 36895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(ss); 36995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(0); 37095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 37195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley sess_id_done: 37295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->tlsext_hostname) { 37395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); 37495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ss->tlsext_hostname == NULL) { 37595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, ssl_get_new_session, ERR_R_INTERNAL_ERROR); 37695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(ss); 37795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 37895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 37995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 3800289c730517210b6cb7413a097d08fcd2087b7f2Adam Langley if (s->psk_identity_hint) 3810289c730517210b6cb7413a097d08fcd2087b7f2Adam Langley { 3820289c730517210b6cb7413a097d08fcd2087b7f2Adam Langley ss->psk_identity_hint = BUF_strdup(s->psk_identity_hint); 3830289c730517210b6cb7413a097d08fcd2087b7f2Adam Langley if (ss->psk_identity_hint == NULL) 3840289c730517210b6cb7413a097d08fcd2087b7f2Adam Langley { 3850289c730517210b6cb7413a097d08fcd2087b7f2Adam Langley OPENSSL_PUT_ERROR(SSL, ssl_get_new_session, ERR_R_MALLOC_FAILURE); 3860289c730517210b6cb7413a097d08fcd2087b7f2Adam Langley SSL_SESSION_free(ss); 3870289c730517210b6cb7413a097d08fcd2087b7f2Adam Langley return 0; 3880289c730517210b6cb7413a097d08fcd2087b7f2Adam Langley } 3890289c730517210b6cb7413a097d08fcd2087b7f2Adam Langley } 39095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 39195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 39295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 39395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->session_id_length=0; 39495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 39595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 39695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->sid_ctx_length > sizeof ss->sid_ctx) 39795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 39895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, ssl_get_new_session, ERR_R_INTERNAL_ERROR); 39995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(ss); 40095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 40195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 40295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); 40395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->sid_ctx_length=s->sid_ctx_length; 40495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->session=ss; 40595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->ssl_version=s->version; 40695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->verify_result = X509_V_OK; 40795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 40895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(1); 40995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 41095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 41195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this 41295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * connection. It is only called by servers. 41395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 414dc9b1411279f02e604367bc56fca8cf2acc9d531Adam Langley * ctx: contains the early callback context, which is the result of a 415dc9b1411279f02e604367bc56fca8cf2acc9d531Adam Langley * shallow parse of the ClientHello. 41695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 41795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Returns: 41895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * -1: error 41995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 0: a session may have been found. 42095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 42195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Side effects: 42295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * - If a session is found then s->session is pointed at it (after freeing an 42395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * existing session if need be) and s->verify_result is set from the session. 42495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 42595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * if the server should issue a new session ticket (to 0 otherwise). 42695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley */ 427dc9b1411279f02e604367bc56fca8cf2acc9d531Adam Langleyint ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) 42895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 42995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* This is used only by servers. */ 43095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 43195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION *ret=NULL; 43295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int fatal = 0; 43395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int try_session_cache = 1; 43495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int r; 43595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 436dc9b1411279f02e604367bc56fca8cf2acc9d531Adam Langley if (ctx->session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) 43795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 43895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 439dc9b1411279f02e604367bc56fca8cf2acc9d531Adam Langley if (ctx->session_id_len == 0) 44095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley try_session_cache = 0; 44195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 442dc9b1411279f02e604367bc56fca8cf2acc9d531Adam Langley r = tls1_process_ticket(s, ctx, &ret); /* sets s->tlsext_ticket_expected */ 44395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley switch (r) 44495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 44595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case -1: /* Error during processing */ 44695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley fatal = 1; 44795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 44895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case 0: /* No ticket found */ 44995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case 1: /* Zero length ticket found */ 45095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; /* Ok to carry on processing session id. */ 45195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case 2: /* Ticket found but not decrypted. */ 45295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case 3: /* Ticket decrypted, *ret has been set. */ 45395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley try_session_cache = 0; 45495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 45595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley default: 45695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley abort(); 45795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 45895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 45995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (try_session_cache && 46095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret == NULL && 461041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin !(s->initial_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) 46295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 46395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION data; 46495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley data.ssl_version=s->version; 465dc9b1411279f02e604367bc56fca8cf2acc9d531Adam Langley data.session_id_length=ctx->session_id_len; 466dc9b1411279f02e604367bc56fca8cf2acc9d531Adam Langley if (ctx->session_id_len == 0) 46795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 468dc9b1411279f02e604367bc56fca8cf2acc9d531Adam Langley memcpy(data.session_id,ctx->session_id,ctx->session_id_len); 46995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 470041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin ret=lh_SSL_SESSION_retrieve(s->initial_ctx->sessions,&data); 47195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret != NULL) 47295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 47395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* don't allow other threads to steal it: */ 47495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); 47595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 47695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 47795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret == NULL) 478041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin s->initial_ctx->stats.sess_miss++; 47995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 48095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 48195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (try_session_cache && 48295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret == NULL && 483041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin s->initial_ctx->get_session_cb != NULL) 48495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 48595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int copy=1; 48695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 487041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin if ((ret=s->initial_ctx->get_session_cb(s,(unsigned char *) ctx->session_id,ctx->session_id_len,©))) 48895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 489b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley if (ret == SSL_magic_pending_session_ptr()) 490b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley { 491b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley /* This is a magic value which indicates that 492b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley * the callback needs to unwind the stack and 493b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley * figure out the session asynchronously. */ 494b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley return PENDING_SESSION; 495b2ce05839b435bb21fe70acd0fc00abfa918f41eAdam Langley } 496041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin s->initial_ctx->stats.sess_cb_hit++; 49795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 49895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Increment reference count now if the session callback 49995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * asks us to do so (note that if the session structures 50095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * returned by the callback are shared between threads, 50195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * it must handle the reference count itself [i.e. copy == 0], 50295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * or things won't be thread-safe). */ 50395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (copy) 50495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); 50595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 50695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Add the externally cached session to the internal 50795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * cache as well if and only if we are supposed to. */ 508041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin if(!(s->initial_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) 50995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* The following should not return 1, otherwise, 51095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * things are very strange */ 511041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin SSL_CTX_add_session(s->initial_ctx,ret); 51295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 51395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 51495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 51595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret == NULL) 51695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 51795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 51895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Now ret is non-NULL and we own one of its reference counts. */ 51995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 52095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret->sid_ctx_length != s->sid_ctx_length 52195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) 52295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 52395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* We have the session requested by the client, but we don't 52495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * want to use it in this context. */ 52595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; /* treat like cache miss */ 52695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 52795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 52895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) 52995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 53095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* We can't be sure if this session is being used out of 53195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * context, which is especially important for SSL_VERIFY_PEER. 53295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * The application should have used SSL[_CTX]_set_session_id_context. 53395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 53495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * For this error case, we generate an error instead of treating 53595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the event like a cache miss (otherwise it would be easy for 53695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * applications to effectively disable the session cache by 53795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * accident without anyone noticing). 53895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley */ 53995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 54095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, ssl_get_prev_session, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); 54195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley fatal = 1; 54295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 54395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 54495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 54595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ 54695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 547041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin s->initial_ctx->stats.sess_timeout++; 54895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (try_session_cache) 54995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 55095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* session was from the cache, so remove it */ 551041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin SSL_CTX_remove_session(s->initial_ctx,ret); 55295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 55395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 55495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 55595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 556041b58a6684d2f032f66fa45b0e35f50f9a0fa40David Benjamin s->initial_ctx->stats.sess_hit++; 55795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 55895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->session != NULL) 55995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(s->session); 56095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->session=ret; 56195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->verify_result = s->session->verify_result; 56295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 56395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 56495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley err: 56595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret != NULL) 56695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 56795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(ret); 56895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!try_session_cache) 56995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 57095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* The session was from a ticket, so we should 57195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * issue a ticket for the new session */ 57295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->tlsext_ticket_expected = 1; 57395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 57495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 57595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (fatal) 57695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return -1; 57795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 57895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 57995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 58095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 58195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) 58295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 58395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int ret=0; 58495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION *s; 58595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 58695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* add just 1 reference count for the SSL_CTX's session cache 58795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * even though it has two ways of access: each session is in a 58895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * doubly linked list and an lhash */ 58995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); 59095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* if session c is in already in cache, we take back the increment later */ 59195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 59295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 59395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!lh_SSL_SESSION_insert(ctx->sessions,&s,c)) { 59495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 59595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 59695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 59795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* s != NULL iff we already had a session with the given PID. 59895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * In this case, s == c should hold (then we did not really modify 59995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ctx->sessions), or we're in trouble. */ 60095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s != NULL && s != c) 60195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 60295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* We *are* in trouble ... */ 60395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_list_remove(ctx,s); 60495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(s); 60595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* ... so pretend the other session did not exist in cache 60695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * (we cannot handle two SSL_SESSION structures with identical 60795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * session ID in the same cache, which could happen e.g. when 60895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * two threads concurrently obtain the same session from an external 60995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * cache) */ 61095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s = NULL; 61195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 61295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 61395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Put at the head of the queue unless it is already in the cache */ 61495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s == NULL) 61595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_list_add(ctx,c); 61695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 61795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s != NULL) 61895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 61995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* existing cache entry -- decrement previously incremented reference 62095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * count because it already takes into account the cache */ 62195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 62295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(s); /* s == c */ 62395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=0; 62495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 62595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 62695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 62795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* new cache entry -- remove old ones if cache has become too large */ 62895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 62995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=1; 63095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 63195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (SSL_CTX_sess_get_cache_size(ctx) > 0) 63295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 63395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley while (SSL_CTX_sess_number(ctx) > 63495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_CTX_sess_get_cache_size(ctx)) 63595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 63695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!remove_session_lock(ctx, 63795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->session_cache_tail, 0)) 63895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 63995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 64095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->stats.sess_cache_full++; 64195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 64295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 64395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 64495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 64595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(ret); 64695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 64795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 64895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) 64995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley{ 65095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return remove_session_lock(ctx, c, 1); 65195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley} 65295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 65395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) 65495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 65595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION *r; 65695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int ret=0; 65795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 65895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((c != NULL) && (c->session_id_length != 0)) 65995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 66095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 66195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c) 66295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 66395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=1; 66495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley r=lh_SSL_SESSION_delete(ctx->sessions,c); 66595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_list_remove(ctx,c); 66695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 66795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 66895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 66995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 67095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret) 67195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 67295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley r->not_resumable=1; 67395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ctx->remove_session_cb != NULL) 67495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->remove_session_cb(ctx,r); 67595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(r); 67695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 67795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 67895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 67995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=0; 68095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(ret); 68195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 68295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 68395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid SSL_SESSION_free(SSL_SESSION *ss) 68495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 68595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int i; 68695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 68795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if(ss == NULL) 68895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return; 68995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 69095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); 69195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#ifdef REF_PRINT 69295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley REF_PRINT("SSL_SESSION",ss); 69395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#endif 69495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (i > 0) return; 69595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#ifdef REF_CHECK 69695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (i < 0) 69795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 69895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley fprintf(stderr,"SSL_SESSION_free, bad reference count\n"); 69995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley abort(); /* ok */ 70095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 70195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#endif 70295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 70395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); 70495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 70595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); 70695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); 70795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); 70895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); 70995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ss->peer != NULL) X509_free(ss->peer); 71095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); 71195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); 71295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); 71395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->tlsext_ecpointformatlist_length = 0; 71495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); 71595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ss->tlsext_ellipticcurvelist_length = 0; 71695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); 7179169c964589694a3dac5fecf6465806fb1f8b22bHÃ¥vard Molland if (ss->tlsext_signed_cert_timestamp_list != NULL) 7189169c964589694a3dac5fecf6465806fb1f8b22bHÃ¥vard Molland OPENSSL_free(ss->tlsext_signed_cert_timestamp_list); 7196c7aed048ca0a335e02dfee10976c5dc8620783eDavid Benjamin if (ss->ocsp_response != NULL) 7206c7aed048ca0a335e02dfee10976c5dc8620783eDavid Benjamin OPENSSL_free(ss->ocsp_response); 72195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ss->psk_identity_hint != NULL) 72295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(ss->psk_identity_hint); 72395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ss->psk_identity != NULL) 72495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(ss->psk_identity); 72595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_cleanse(ss,sizeof(*ss)); 72695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(ss); 72795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 72895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 72995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint SSL_set_session(SSL *s, SSL_SESSION *session) 73095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 73195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int ret=0; 73295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley const SSL_METHOD *meth; 73395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 73495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (session != NULL) 73595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 73695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley meth=s->ctx->method->get_ssl_method(session->ssl_version); 73795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (meth == NULL) 73895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley meth=s->method->get_ssl_method(session->ssl_version); 73995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (meth == NULL) 74095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 74195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, SSL_set_session, SSL_R_UNABLE_TO_FIND_SSL_METHOD); 74295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(0); 74395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 74495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 74595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (meth != s->method) 74695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 74795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!SSL_set_ssl_method(s,meth)) 74895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(0); 74995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 75095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 75195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ 75295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); 75395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->session != NULL) 75495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(s->session); 75595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->session=session; 75695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->verify_result = s->session->verify_result; 75795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ 75895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=1; 75995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 76095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 76195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 76295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->session != NULL) 76395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 76495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(s->session); 76595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->session=NULL; 76695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 76795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 76895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley meth=s->ctx->method; 76995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (meth != s->method) 77095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 77195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!SSL_set_ssl_method(s,meth)) 77295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(0); 77395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 77495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=1; 77595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 77695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(ret); 77795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 77895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 77995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleylong SSL_SESSION_set_timeout(SSL_SESSION *s, long t) 78095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 78195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s == NULL) return(0); 78295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->timeout=t; 78395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(1); 78495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 78595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 78695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleylong SSL_SESSION_get_timeout(const SSL_SESSION *s) 78795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 78895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s == NULL) return(0); 78995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(s->timeout); 79095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 79195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 79295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleylong SSL_SESSION_get_time(const SSL_SESSION *s) 79395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 79495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s == NULL) return(0); 79595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(s->time); 79695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 79795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 79895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleylong SSL_SESSION_set_time(SSL_SESSION *s, long t) 79995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 80095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s == NULL) return(0); 80195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->time=t; 80295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(t); 80395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 80495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 80595c29f3cd1f6c08c6c0927868683392eea727ccAdam LangleyX509 *SSL_SESSION_get0_peer(SSL_SESSION *s) 80695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 80795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return s->peer; 80895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 80995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 81095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, 81195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned int sid_ctx_len) 81295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 81395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) 81495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 81595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, SSL_SESSION_set1_id_context, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 81695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 81795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 81895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->sid_ctx_length=sid_ctx_len; 81995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley memcpy(s->sid_ctx,sid_ctx,sid_ctx_len); 82095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 82195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 82295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 82395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 82495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleylong SSL_CTX_set_timeout(SSL_CTX *s, long t) 82595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 82695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley long l; 82795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s == NULL) return(0); 82895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley l=s->session_timeout; 82995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->session_timeout=t; 83095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(l); 83195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 83295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 83395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleylong SSL_CTX_get_timeout(const SSL_CTX *s) 83495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 83595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s == NULL) return(0); 83695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(s->session_timeout); 83795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 83895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 83995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, 8406f2600199c82330240de9a7f65a801b6f606b7b3David Benjamin STACK_OF(SSL_CIPHER) *peer_ciphers, const SSL_CIPHER **cipher, void *arg), void *arg) 84195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 84295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s == NULL) return(0); 84395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->tls_session_secret_cb = tls_session_secret_cb; 84495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->tls_session_secret_cb_arg = arg; 84595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(1); 84695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 84795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 84895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, 84995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley void *arg) 85095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 85195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s == NULL) return(0); 85295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->tls_session_ticket_ext_cb = cb; 85395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->tls_session_ticket_ext_cb_arg = arg; 85495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(1); 85595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 85695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 85795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) 85895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 85995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->version >= TLS1_VERSION) 86095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 86195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->tlsext_session_ticket) 86295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 86395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_free(s->tlsext_session_ticket); 86495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->tlsext_session_ticket = NULL; 86595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 86695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 86795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); 86895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!s->tlsext_session_ticket) 86995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 87095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, SSL_set_session_ticket_ext, ERR_R_MALLOC_FAILURE); 87195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 87295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 87395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 87495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ext_data) 87595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 87695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->tlsext_session_ticket->length = ext_len; 87795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; 87895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); 87995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 88095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 88195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 88295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->tlsext_session_ticket->length = 0; 88395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->tlsext_session_ticket->data = NULL; 88495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 88595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 88695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 1; 88795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 88895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 88995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 89095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 89195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 89295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleytypedef struct timeout_param_st 89395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 89495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_CTX *ctx; 89595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley long time; 89695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley LHASH_OF(SSL_SESSION) *cache; 89795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } TIMEOUT_PARAM; 89895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 89995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic void timeout_doall_arg(SSL_SESSION *sess, void *void_param) 90095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 90195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley TIMEOUT_PARAM *param = void_param; 90295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 90395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((param->time == 0) || (param->time > (sess->time+sess->timeout))) /* timeout */ 90495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 90595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* The reason we don't call SSL_CTX_remove_session() is to 90695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * save on locking overhead */ 90795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley (void)lh_SSL_SESSION_delete(param->cache,sess); 90895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_list_remove(param->ctx,sess); 90995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley sess->not_resumable=1; 91095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (param->ctx->remove_session_cb != NULL) 91195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley param->ctx->remove_session_cb(param->ctx,sess); 91295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_free(sess); 91395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 91495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 91595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 91695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid SSL_CTX_flush_sessions(SSL_CTX *s, long t) 91795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 91895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley TIMEOUT_PARAM tp; 91995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 92095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley tp.ctx=s; 92195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley tp.cache=s->sessions; 92295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (tp.cache == NULL) return; 92395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley tp.time=t; 92495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 92595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley lh_SSL_SESSION_doall_arg(tp.cache, timeout_doall_arg, &tp); 92695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 92795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 92895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 92995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint ssl_clear_bad_session(SSL *s) 93095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 93195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ( (s->session != NULL) && 93295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !(s->shutdown & SSL_SENT_SHUTDOWN) && 93395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !(SSL_in_init(s) || SSL_in_before(s))) 93495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 93595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_CTX_remove_session(s->ctx,s->session); 93695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(1); 93795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 93895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 93995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(0); 94095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 94195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 94295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* locked by SSL_CTX in the calling function */ 94395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) 94495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 94595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((s->next == NULL) || (s->prev == NULL)) return; 94695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 94795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) 94895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { /* last element in list */ 94995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) 95095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { /* only one element in list */ 95195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->session_cache_head=NULL; 95295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->session_cache_tail=NULL; 95395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 95495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 95595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 95695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->session_cache_tail=s->prev; 95795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail); 95895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 95995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 96095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 96195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 96295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) 96395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { /* first element in list */ 96495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->session_cache_head=s->next; 96595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); 96695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 96795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 96895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { /* middle of list */ 96995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->next->prev=s->prev; 97095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->prev->next=s->next; 97195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 97295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 97395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->prev=s->next=NULL; 97495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 97595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 97695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) 97795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 97895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((s->next != NULL) && (s->prev != NULL)) 97995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION_list_remove(ctx,s); 98095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 98195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ctx->session_cache_head == NULL) 98295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 98395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->session_cache_head=s; 98495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->session_cache_tail=s; 98595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->prev=(SSL_SESSION *)&(ctx->session_cache_head); 98695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->next=(SSL_SESSION *)&(ctx->session_cache_tail); 98795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 98895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 98995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 99095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->next=ctx->session_cache_head; 99195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->next->prev=s; 99295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->prev=(SSL_SESSION *)&(ctx->session_cache_head); 99395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->session_cache_head=s; 99495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 99595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 99695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 99795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, 99895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) 99995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 100095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->new_session_cb=cb; 100195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 100295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 100395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) 100495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 100595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return ctx->new_session_cb; 100695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 100795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 100895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, 100995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) 101095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 101195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->remove_session_cb=cb; 101295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 101395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 101495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) 101595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 101695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return ctx->remove_session_cb; 101795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 101895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 101995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, 102095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley SSL_SESSION *(*cb)(struct ssl_st *ssl, 102195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned char *data,int len,int *copy)) 102295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 102395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->get_session_cb=cb; 102495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 102595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 102695c29f3cd1f6c08c6c0927868683392eea727ccAdam LangleySSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, 102795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned char *data,int len,int *copy) 102895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 102995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return ctx->get_session_cb; 103095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 103195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 103295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid SSL_CTX_set_info_callback(SSL_CTX *ctx, 103395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley void (*cb)(const SSL *ssl,int type,int val)) 103495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 103595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->info_callback=cb; 103695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 103795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 103895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) 103995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 104095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return ctx->info_callback; 104195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 104295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 104395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, 104495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) 104595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 104695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->client_cert_cb=cb; 104795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 104895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 104995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) 105095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 105195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return ctx->client_cert_cb; 105295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 105395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 105495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, 1055fb4ea28bb84875a844cd65a9e4a2167ec884cd48David Benjamin int (*cb)(SSL *ssl, uint8_t *cookie, size_t *cookie_len)) 105695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 105795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->app_gen_cookie_cb=cb; 105895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 105995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 106095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyvoid SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, 1061fb4ea28bb84875a844cd65a9e4a2167ec884cd48David Benjamin int (*cb)(SSL *ssl, const uint8_t *cookie, size_t cookie_len)) 106295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 106395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ctx->app_verify_cookie_cb=cb; 106495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 106595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 10661258b6a756674d63f172602d8041ccc0dffd03d1Adam Langleyvoid SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, 10671258b6a756674d63f172602d8041ccc0dffd03d1Adam Langley void (*cb)(SSL *ssl, EVP_PKEY **pkey)) 10681258b6a756674d63f172602d8041ccc0dffd03d1Adam Langley { 10691258b6a756674d63f172602d8041ccc0dffd03d1Adam Langley ctx->channel_id_cb=cb; 10701258b6a756674d63f172602d8041ccc0dffd03d1Adam Langley } 10711258b6a756674d63f172602d8041ccc0dffd03d1Adam Langley 10721258b6a756674d63f172602d8041ccc0dffd03d1Adam Langleyvoid (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey) 10731258b6a756674d63f172602d8041ccc0dffd03d1Adam Langley { 10741258b6a756674d63f172602d8041ccc0dffd03d1Adam Langley return ctx->channel_id_cb; 10751258b6a756674d63f172602d8041ccc0dffd03d1Adam Langley } 10761258b6a756674d63f172602d8041ccc0dffd03d1Adam Langley 107795c29f3cd1f6c08c6c0927868683392eea727ccAdam LangleyIMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) 1078