181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org/* ssl/ssl_sess.c */ 281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * All rights reserved. 481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * This package is an SSL implementation written 681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * by Eric Young (eay@cryptsoft.com). 781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * The implementation was written so as to conform with Netscapes SSL. 881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * This library is free for commercial and non-commercial use as long as 1081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * the following conditions are aheared to. The following conditions 1181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * apply to all code found in this distribution, be it the RC4, RSA, 1281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * included with this distribution is covered by the same copyright terms 1481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 1681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * Copyright remains Eric Young's, and as such any Copyright notices in 1781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * the code are not to be removed. 1881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * If this package is used in a product, Eric Young should be given attribution 1981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * as the author of the parts of the library used. 2081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * This can be in the form of a textual message at program startup or 2181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * in documentation (online or textual) provided with the package. 2281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 2381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * Redistribution and use in source and binary forms, with or without 2481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * modification, are permitted provided that the following conditions 2581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * are met: 2681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 1. Redistributions of source code must retain the copyright 2781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * notice, this list of conditions and the following disclaimer. 2881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 2. Redistributions in binary form must reproduce the above copyright 2981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * notice, this list of conditions and the following disclaimer in the 3081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * documentation and/or other materials provided with the distribution. 3181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 3. All advertising materials mentioning features or use of this software 3281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * must display the following acknowledgement: 3381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * "This product includes cryptographic software written by 3481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * Eric Young (eay@cryptsoft.com)" 3581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * The word 'cryptographic' can be left out if the rouines from the library 3681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * being used are not cryptographic related :-). 3781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 4. If you include any Windows specific code (or a derivative thereof) from 3881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * the apps directory (application code) you must include an acknowledgement: 3981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 4181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49c3836fd58fdfa6f8bb2c70e40e6aaf11dfaa76d5sgk@chromium.org * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50c3836fd58fdfa6f8bb2c70e40e6aaf11dfaa76d5sgk@chromium.org * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * SUCH DAMAGE. 5281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 5381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * The licence and distribution terms for any publically available version or 5481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * derivative of this code cannot be changed. i.e. this code cannot simply be 5581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * copied and put under another distribution licence 5681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * [including the GNU Public Licence.] 5781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org */ 5881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org/* ==================================================================== 5981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 6081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 6181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * Redistribution and use in source and binary forms, with or without 6281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * modification, are permitted provided that the following conditions 6381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * are met: 6481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 6581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 1. Redistributions of source code must retain the above copyright 6681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * notice, this list of conditions and the following disclaimer. 6781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 6881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 2. Redistributions in binary form must reproduce the above copyright 6981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * notice, this list of conditions and the following disclaimer in 7081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * the documentation and/or other materials provided with the 7181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * distribution. 7281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 7381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 3. All advertising materials mentioning features or use of this 7481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * software must display the following acknowledgment: 75c3836fd58fdfa6f8bb2c70e40e6aaf11dfaa76d5sgk@chromium.org * "This product includes software developed by the OpenSSL Project 7681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 7781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 7881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 7981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * endorse or promote products derived from this software without 8081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * prior written permission. For written permission, please contact 8181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * openssl-core@openssl.org. 8281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 8381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 5. Products derived from this software may not be called "OpenSSL" 8481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * nor may "OpenSSL" appear in their names without prior written 8581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * permission of the OpenSSL Project. 8681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 8781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 6. Redistributions of any form whatsoever must retain the following 8881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * acknowledgment: 8981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * "This product includes software developed by the OpenSSL Project 9081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 9181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 92c3836fd58fdfa6f8bb2c70e40e6aaf11dfaa76d5sgk@chromium.org * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93c3836fd58fdfa6f8bb2c70e40e6aaf11dfaa76d5sgk@chromium.org * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 9481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 9581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 9681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 9781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 9881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 9981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 10081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 10181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 10281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 10381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * OF THE POSSIBILITY OF SUCH DAMAGE. 10481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * ==================================================================== 10581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 10681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * This product includes cryptographic software written by Eric Young 10781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * (eay@cryptsoft.com). This product includes software written by Tim 10881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * Hudson (tjh@cryptsoft.com). 10981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 11081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org */ 11181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org/* ==================================================================== 11281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * Copyright 2005 Nokia. All rights reserved. 11381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 11481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * The portions of the attached software ("Contribution") is developed by 11581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * Nokia Corporation and is licensed pursuant to the OpenSSL open source 11681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * license. 11781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 11881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * The Contribution, originally written by Mika Kousa and Pasi Eronen of 11981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 12081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * support (see RFC 4279) to OpenSSL. 12181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 12281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * No patent licenses or other rights except those expressly stated in 12381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * the OpenSSL open source license shall be deemed granted or received 12481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * expressly, by implication, estoppel, or otherwise. 12581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 12681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * No assurances are provided by Nokia that the Contribution does not 12781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * infringe the patent or other intellectual property rights of any third 12881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * party or that the license provides you with all the necessary rights 12981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * to make use of the Contribution. 13081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 13181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 13281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 13381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 13481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 13581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * OTHERWISE. 13681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org */ 13781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 13881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#include <stdio.h> 13981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#include <openssl/lhash.h> 14081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#include <openssl/rand.h> 14181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#ifndef OPENSSL_NO_ENGINE 14281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#include <openssl/engine.h> 14381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#endif 14481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#include "ssl_locl.h" 14581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 14681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgstatic void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); 14781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgstatic void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); 14881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgstatic int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); 14981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 15081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgSSL_SESSION *SSL_get_session(const SSL *ssl) 15181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ 15281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 15381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return(ssl->session); 15481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 15581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 15681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgSSL_SESSION *SSL_get1_session(SSL *ssl) 15781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org/* variant of SSL_get_session: caller really gets something */ 15881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 15981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_SESSION *sess; 16081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* Need to lock this all up rather than just use CRYPTO_add so that 16181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * somebody doesn't free ssl->session between when we check it's 16281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * non-null and when we up the reference count. */ 16381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); 16481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org sess = ssl->session; 16581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if(sess) 16681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org sess->references++; 16781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); 16881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return(sess); 16981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 17081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 17181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgint SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 17281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 17381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 17481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, 17581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org new_func, dup_func, free_func); 17681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 17781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 17881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgint SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) 17981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 18081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 18181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 18281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 18381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgvoid *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) 18481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 18581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return(CRYPTO_get_ex_data(&s->ex_data,idx)); 18681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 18781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 18881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgSSL_SESSION *SSL_SESSION_new(void) 18981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 19081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_SESSION *ss; 19181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 192ca50e4158e519b054520ed2a897503a991889a94thakis@chromium.org ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); 193ca50e4158e519b054520ed2a897503a991889a94thakis@chromium.org if (ss == NULL) 194ca50e4158e519b054520ed2a897503a991889a94thakis@chromium.org { 195ca50e4158e519b054520ed2a897503a991889a94thakis@chromium.org SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); 196ca50e4158e519b054520ed2a897503a991889a94thakis@chromium.org return(0); 197ca50e4158e519b054520ed2a897503a991889a94thakis@chromium.org } 198ca50e4158e519b054520ed2a897503a991889a94thakis@chromium.org memset(ss,0,sizeof(SSL_SESSION)); 19981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 20054d2f6fe6d8a7b9d9786bd1f8540df6b4f46b83fsbc@chromium.org ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ 201ca50e4158e519b054520ed2a897503a991889a94thakis@chromium.org ss->references=1; 202ca50e4158e519b054520ed2a897503a991889a94thakis@chromium.org ss->timeout=60*5+4; /* 5 minute timeout by default */ 20381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->time=(unsigned long)time(NULL); 20481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->prev=NULL; 20581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->next=NULL; 20681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->compress_meth=0; 20781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#ifndef OPENSSL_NO_TLSEXT 20881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->tlsext_hostname = NULL; 20981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#ifndef OPENSSL_NO_EC 21081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->tlsext_ecpointformatlist_length = 0; 21181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->tlsext_ecpointformatlist = NULL; 21281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->tlsext_ellipticcurvelist_length = 0; 21381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->tlsext_ellipticcurvelist = NULL; 21481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#endif 21581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#endif 21681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); 21781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#ifndef OPENSSL_NO_PSK 21881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->psk_identity_hint=NULL; 21981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->psk_identity=NULL; 22081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#endif 22181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#ifndef OPENSSL_NO_SRP 22281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->srp_username=NULL; 22381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#endif 22481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return(ss); 22581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 22681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 22781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgconst unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) 22881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 22981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if(len) 23081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org *len = s->session_id_length; 23181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return s->session_id; 23281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 23381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 23481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgunsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) 23581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 23681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return s->compress_meth; 23781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 23881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 23981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 24081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly 24181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * until we have no conflict is going to complete in one iteration pretty much 24281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * "most" of the time (btw: understatement). So, if it takes us 10 iterations 24381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * and we still can't avoid a conflict - well that's a reasonable point to call 24481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * it quits. Either the RAND code is broken or someone is trying to open roughly 24581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * very close to 2^128 (or 2^256) SSL sessions to our server. How you might 24681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * store that many sessions is perhaps a more interesting question ... */ 24781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 24881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#define MAX_SESS_ID_ATTEMPTS 10 24981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgstatic int def_generate_session_id(const SSL *ssl, unsigned char *id, 25081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org unsigned int *id_len) 25181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org{ 25281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org unsigned int retry = 0; 25381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org do 25481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (RAND_pseudo_bytes(id, *id_len) <= 0) 25581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return 0; 25681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org while(SSL_has_matching_session_id(ssl, id, *id_len) && 25781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org (++retry < MAX_SESS_ID_ATTEMPTS)); 25881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if(retry < MAX_SESS_ID_ATTEMPTS) 25981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return 1; 26081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* else - woops a session_id match */ 26181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* XXX We should also check the external cache -- 26281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * but the probability of a collision is negligible, and 26381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * we could not prevent the concurrent creation of sessions 26481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * with identical IDs since we currently don't have means 26581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * to atomically check whether a session ID already exists 26681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * and make a reservation for it if it does not 26781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * (this problem applies to the internal cache as well). 26881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org */ 26981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return 0; 27081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org} 27181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 27281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgvoid SSL_set_session_creation_enabled (SSL *s, int creation_enabled) 27381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 27481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org s->session_creation_enabled = creation_enabled; 27581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 27681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 27781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgint ssl_get_new_session(SSL *s, int session) 27881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 27981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* This gets used by clients and servers. */ 28081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 28181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org unsigned int tmp; 28281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_SESSION *ss=NULL; 28381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org GEN_SESSION_CB cb = def_generate_session_id; 28481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 28581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* caller should check this if they can do better error handling */ 28681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (!s->session_creation_enabled) return(0); 28781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if ((ss=SSL_SESSION_new()) == NULL) return(0); 28881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 28981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* If the context has a default timeout, use it */ 29081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (s->session_ctx->session_timeout == 0) 29181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->timeout=SSL_get_default_timeout(s); 29281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org else 29381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->timeout=s->session_ctx->session_timeout; 29481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 29581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (s->session != NULL) 29681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 29781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_SESSION_free(s->session); 29881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org s->session=NULL; 29981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 30081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 30181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (session) 30281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 30381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (s->version == SSL2_VERSION) 30481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 30581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->ssl_version=SSL2_VERSION; 30681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; 30781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 30881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org else if (s->version == SSL3_VERSION) 30981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 31081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->ssl_version=SSL3_VERSION; 31181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 31281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 31381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org else if (s->version == TLS1_VERSION) 31481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 31581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->ssl_version=TLS1_VERSION; 31681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 31781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 31881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org else if (s->version == TLS1_1_VERSION) 31981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 32081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->ssl_version=TLS1_1_VERSION; 32181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 32281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 32381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org else if (s->version == TLS1_2_VERSION) 32481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 32581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->ssl_version=TLS1_2_VERSION; 32681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 32781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 32881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org else if (s->version == DTLS1_BAD_VER) 32981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 33081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->ssl_version=DTLS1_BAD_VER; 33181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 33281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 33381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org else if (s->version == DTLS1_VERSION) 33481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 33581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->ssl_version=DTLS1_VERSION; 33684f26de1771168933a19776955b0713d3b5892b1bradnelson@google.com ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 33784f26de1771168933a19776955b0713d3b5892b1bradnelson@google.com } 33884f26de1771168933a19776955b0713d3b5892b1bradnelson@google.com else 33984f26de1771168933a19776955b0713d3b5892b1bradnelson@google.com { 34084f26de1771168933a19776955b0713d3b5892b1bradnelson@google.com SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); 34184f26de1771168933a19776955b0713d3b5892b1bradnelson@google.com SSL_SESSION_free(ss); 34284f26de1771168933a19776955b0713d3b5892b1bradnelson@google.com return(0); 34384f26de1771168933a19776955b0713d3b5892b1bradnelson@google.com } 34484f26de1771168933a19776955b0713d3b5892b1bradnelson@google.com#ifndef OPENSSL_NO_TLSEXT 34584f26de1771168933a19776955b0713d3b5892b1bradnelson@google.com /* If RFC4507 ticket use empty session ID */ 34684f26de1771168933a19776955b0713d3b5892b1bradnelson@google.com if (s->tlsext_ticket_expected) 347c3836fd58fdfa6f8bb2c70e40e6aaf11dfaa76d5sgk@chromium.org { 34884f26de1771168933a19776955b0713d3b5892b1bradnelson@google.com ss->session_id_length = 0; 34981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org goto sess_id_done; 35081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 35181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#endif 35281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* Choose which callback will set the session ID */ 35381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 35481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if(s->generate_session_id) 35581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org cb = s->generate_session_id; 35681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org else if(s->session_ctx->generate_session_id) 35781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org cb = s->session_ctx->generate_session_id; 35881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 35981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* Choose a session ID */ 36081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org tmp = ss->session_id_length; 36181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if(!cb(s, ss->session_id, &tmp)) 36281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 36381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* The callback failed */ 36481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, 36581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); 36681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_SESSION_free(ss); 36781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return(0); 36881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 36981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* Don't allow the callback to set the session length to zero. 37081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * nor set it higher than it was. */ 37181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if(!tmp || (tmp > ss->session_id_length)) 37281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 37381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* The callback set an illegal length */ 37481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, 37581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); 37681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_SESSION_free(ss); 37781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return(0); 37881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 37981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* If the session length was shrunk and we're SSLv2, pad it */ 38081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) 38181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); 38281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org else 38381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->session_id_length = tmp; 38481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* Finally, check for a conflict */ 38581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if(SSL_has_matching_session_id(s, ss->session_id, 38681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->session_id_length)) 38781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 38881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, 38981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_R_SSL_SESSION_ID_CONFLICT); 39081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_SESSION_free(ss); 39181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return(0); 39281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 39381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#ifndef OPENSSL_NO_TLSEXT 39481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org sess_id_done: 39581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (s->tlsext_hostname) { 39681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); 39781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (ss->tlsext_hostname == NULL) { 39881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); 39981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_SESSION_free(ss); 40081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return 0; 40181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 40281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 40381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#ifndef OPENSSL_NO_EC 40481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (s->tlsext_ecpointformatlist) 40581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 40681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); 40781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) 40881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 40981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 41081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_SESSION_free(ss); 41181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return 0; 41281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 41381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; 41481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 41581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 41681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (s->tlsext_ellipticcurvelist) 41781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 41881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); 41981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) 42081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 42181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 42281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_SESSION_free(ss); 42381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return 0; 42481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 42581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; 42681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); 42781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 42881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#endif 42981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#endif 43081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#ifndef OPENSSL_NO_PSK 43181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (s->psk_identity_hint) 43281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 43381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->psk_identity_hint = BUF_strdup(s->psk_identity_hint); 43481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (ss->psk_identity_hint == NULL) 43581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 43681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 43781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_SESSION_free(ss); 43881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return 0; 43981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 44081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 44181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#endif 44281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 44381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org else 44481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 44581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->session_id_length=0; 4463afe3277af466c60b6d35a56f578c09a4c5f4c98sbc@chromium.org } 4473afe3277af466c60b6d35a56f578c09a4c5f4c98sbc@chromium.org 4483afe3277af466c60b6d35a56f578c09a4c5f4c98sbc@chromium.org if (s->sid_ctx_length > sizeof ss->sid_ctx) 4493afe3277af466c60b6d35a56f578c09a4c5f4c98sbc@chromium.org { 4503afe3277af466c60b6d35a56f578c09a4c5f4c98sbc@chromium.org SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); 4513afe3277af466c60b6d35a56f578c09a4c5f4c98sbc@chromium.org SSL_SESSION_free(ss); 4523afe3277af466c60b6d35a56f578c09a4c5f4c98sbc@chromium.org return 0; 45381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 45481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); 45581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->sid_ctx_length=s->sid_ctx_length; 45681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org s->session=ss; 45781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->ssl_version=s->version; 45881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ss->verify_result = X509_V_OK; 45981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 46081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return(1); 46181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 46281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 46381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org/* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this 46481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * connection. It is only called by servers. 46581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 46681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * session_id: points at the session ID in the ClientHello. This code will 46781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * read past the end of this in order to parse out the session ticket 46881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * extension, if any. 46981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * len: the length of the session ID. 47081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * limit: a pointer to the first byte after the ClientHello. 47181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 47281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * Returns: 47381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * -1: error 47481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 0: a session may have been found. 47581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * 47681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * Side effects: 47781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * - If a session is found then s->session is pointed at it (after freeing an 47881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * existing session if need be) and s->verify_result is set from the session. 47981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 48081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * if the server should issue a new session ticket (to 0 otherwise). 48181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org */ 48281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.orgint ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, 48381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org const unsigned char *limit) 48481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 48581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* This is used only by servers. */ 48681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 48781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_SESSION *ret=NULL; 48881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org int fatal = 0; 48981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org int try_session_cache = 1; 49081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#ifndef OPENSSL_NO_TLSEXT 49181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org int r; 49281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#endif 49381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 49481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) 49581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org goto err; 49681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 49781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (len == 0) 49881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org try_session_cache = 0; 49981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 50081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#ifndef OPENSSL_NO_TLSEXT 50181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ 50281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org switch (r) 50381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 50481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org case -1: /* Error during processing */ 50581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org fatal = 1; 50681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org goto err; 50781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org case 0: /* No ticket found */ 50881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org case 1: /* Zero length ticket found */ 50981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org break; /* Ok to carry on processing session id. */ 51081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org case 2: /* Ticket found but not decrypted. */ 51181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org case 3: /* Ticket decrypted, *ret has been set. */ 51281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org try_session_cache = 0; 51381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org break; 51481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org default: 51581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org abort(); 51681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 51781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org#endif 51881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 51981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (try_session_cache && 52081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ret == NULL && 52181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) 52281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 52381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_SESSION data; 52481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org data.ssl_version=s->version; 52581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org data.session_id_length=len; 52681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (len == 0) 52781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org return 0; 52881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org memcpy(data.session_id,session_id,len); 5293afe3277af466c60b6d35a56f578c09a4c5f4c98sbc@chromium.org CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 53081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data); 53181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (ret != NULL) 53281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 53381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* don't allow other threads to steal it: */ 53481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); 53581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 53681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 53781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (ret == NULL) 53881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org s->session_ctx->stats.sess_miss++; 53981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 54081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 54181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (try_session_cache && 54281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org ret == NULL && 54381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org s->session_ctx->get_session_cb != NULL) 54481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 54581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org int copy=1; 54681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 54781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if ((ret=s->session_ctx->get_session_cb(s,session_id,len,©))) 54881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org { 54981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org s->session_ctx->stats.sess_cb_hit++; 55081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 55181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* Increment reference count now if the session callback 55281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * asks us to do so (note that if the session structures 55381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * returned by the callback are shared between threads, 55481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * it must handle the reference count itself [i.e. copy == 0], 55581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * or things won't be thread-safe). */ 55681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (copy) 55781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); 55881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 55981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* Add the externally cached session to the internal 56081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * cache as well if and only if we are supposed to. */ 56181ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) 56281ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org /* The following should not return 1, otherwise, 56381ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org * things are very strange */ 56481ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org SSL_CTX_add_session(s->session_ctx,ret); 56581ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 56681ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org } 56781ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 56881ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org if (ret == NULL) 56981ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org goto err; 57081ac0047a01ca7d34b493fba09e7fd6a5acf09c5sgk@chromium.org 571 /* Now ret is non-NULL and we own one of its reference counts. */ 572 573 if (ret->sid_ctx_length != s->sid_ctx_length 574 || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) 575 { 576 /* We have the session requested by the client, but we don't 577 * want to use it in this context. */ 578 goto err; /* treat like cache miss */ 579 } 580 581 if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) 582 { 583 /* We can't be sure if this session is being used out of 584 * context, which is especially important for SSL_VERIFY_PEER. 585 * The application should have used SSL[_CTX]_set_session_id_context. 586 * 587 * For this error case, we generate an error instead of treating 588 * the event like a cache miss (otherwise it would be easy for 589 * applications to effectively disable the session cache by 590 * accident without anyone noticing). 591 */ 592 593 SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); 594 fatal = 1; 595 goto err; 596 } 597 598 if (ret->cipher == NULL) 599 { 600 unsigned char buf[5],*p; 601 unsigned long l; 602 603 p=buf; 604 l=ret->cipher_id; 605 l2n(l,p); 606 if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR) 607 ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); 608 else 609 ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); 610 if (ret->cipher == NULL) 611 goto err; 612 } 613 614 if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ 615 { 616 s->session_ctx->stats.sess_timeout++; 617 if (try_session_cache) 618 { 619 /* session was from the cache, so remove it */ 620 SSL_CTX_remove_session(s->session_ctx,ret); 621 } 622 goto err; 623 } 624 625 s->session_ctx->stats.sess_hit++; 626 627 if (s->session != NULL) 628 SSL_SESSION_free(s->session); 629 s->session=ret; 630 s->verify_result = s->session->verify_result; 631 return 1; 632 633 err: 634 if (ret != NULL) 635 { 636 SSL_SESSION_free(ret); 637#ifndef OPENSSL_NO_TLSEXT 638 if (!try_session_cache) 639 { 640 /* The session was from a ticket, so we should 641 * issue a ticket for the new session */ 642 s->tlsext_ticket_expected = 1; 643 } 644#endif 645 } 646 if (fatal) 647 return -1; 648 else 649 return 0; 650 } 651 652int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) 653 { 654 int ret=0; 655 SSL_SESSION *s; 656 657 /* add just 1 reference count for the SSL_CTX's session cache 658 * even though it has two ways of access: each session is in a 659 * doubly linked list and an lhash */ 660 CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); 661 /* if session c is in already in cache, we take back the increment later */ 662 663 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 664 s=lh_SSL_SESSION_insert(ctx->sessions,c); 665 666 /* s != NULL iff we already had a session with the given PID. 667 * In this case, s == c should hold (then we did not really modify 668 * ctx->sessions), or we're in trouble. */ 669 if (s != NULL && s != c) 670 { 671 /* We *are* in trouble ... */ 672 SSL_SESSION_list_remove(ctx,s); 673 SSL_SESSION_free(s); 674 /* ... so pretend the other session did not exist in cache 675 * (we cannot handle two SSL_SESSION structures with identical 676 * session ID in the same cache, which could happen e.g. when 677 * two threads concurrently obtain the same session from an external 678 * cache) */ 679 s = NULL; 680 } 681 682 /* Put at the head of the queue unless it is already in the cache */ 683 if (s == NULL) 684 SSL_SESSION_list_add(ctx,c); 685 686 if (s != NULL) 687 { 688 /* existing cache entry -- decrement previously incremented reference 689 * count because it already takes into account the cache */ 690 691 SSL_SESSION_free(s); /* s == c */ 692 ret=0; 693 } 694 else 695 { 696 /* new cache entry -- remove old ones if cache has become too large */ 697 698 ret=1; 699 700 if (SSL_CTX_sess_get_cache_size(ctx) > 0) 701 { 702 while (SSL_CTX_sess_number(ctx) > 703 SSL_CTX_sess_get_cache_size(ctx)) 704 { 705 if (!remove_session_lock(ctx, 706 ctx->session_cache_tail, 0)) 707 break; 708 else 709 ctx->stats.sess_cache_full++; 710 } 711 } 712 } 713 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 714 return(ret); 715 } 716 717int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) 718{ 719 return remove_session_lock(ctx, c, 1); 720} 721 722static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) 723 { 724 SSL_SESSION *r; 725 int ret=0; 726 727 if ((c != NULL) && (c->session_id_length != 0)) 728 { 729 if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 730 if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c) 731 { 732 ret=1; 733 r=lh_SSL_SESSION_delete(ctx->sessions,c); 734 SSL_SESSION_list_remove(ctx,c); 735 } 736 737 if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 738 739 if (ret) 740 { 741 r->not_resumable=1; 742 if (ctx->remove_session_cb != NULL) 743 ctx->remove_session_cb(ctx,r); 744 SSL_SESSION_free(r); 745 } 746 } 747 else 748 ret=0; 749 return(ret); 750 } 751 752void SSL_SESSION_free(SSL_SESSION *ss) 753 { 754 int i; 755 756 if(ss == NULL) 757 return; 758 759 i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); 760#ifdef REF_PRINT 761 REF_PRINT("SSL_SESSION",ss); 762#endif 763 if (i > 0) return; 764#ifdef REF_CHECK 765 if (i < 0) 766 { 767 fprintf(stderr,"SSL_SESSION_free, bad reference count\n"); 768 abort(); /* ok */ 769 } 770#endif 771 772 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); 773 774 OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); 775 OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); 776 OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); 777 if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); 778 if (ss->peer != NULL) X509_free(ss->peer); 779 if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); 780#ifndef OPENSSL_NO_TLSEXT 781 if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); 782 if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); 783#ifndef OPENSSL_NO_EC 784 ss->tlsext_ecpointformatlist_length = 0; 785 if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); 786 ss->tlsext_ellipticcurvelist_length = 0; 787 if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); 788#endif /* OPENSSL_NO_EC */ 789#endif 790#ifndef OPENSSL_NO_PSK 791 if (ss->psk_identity_hint != NULL) 792 OPENSSL_free(ss->psk_identity_hint); 793 if (ss->psk_identity != NULL) 794 OPENSSL_free(ss->psk_identity); 795#endif 796#ifndef OPENSSL_NO_SRP 797 if (ss->srp_username != NULL) 798 OPENSSL_free(ss->srp_username); 799#endif 800 OPENSSL_cleanse(ss,sizeof(*ss)); 801 OPENSSL_free(ss); 802 } 803 804int SSL_set_session(SSL *s, SSL_SESSION *session) 805 { 806 int ret=0; 807 const SSL_METHOD *meth; 808 809 if (session != NULL) 810 { 811 meth=s->ctx->method->get_ssl_method(session->ssl_version); 812 if (meth == NULL) 813 meth=s->method->get_ssl_method(session->ssl_version); 814 if (meth == NULL) 815 { 816 SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD); 817 return(0); 818 } 819 820 if (meth != s->method) 821 { 822 if (!SSL_set_ssl_method(s,meth)) 823 return(0); 824 } 825 826#ifndef OPENSSL_NO_KRB5 827 if (s->kssl_ctx && !s->kssl_ctx->client_princ && 828 session->krb5_client_princ_len > 0) 829 { 830 s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); 831 memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, 832 session->krb5_client_princ_len); 833 s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; 834 } 835#endif /* OPENSSL_NO_KRB5 */ 836 837 /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ 838 CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); 839 if (s->session != NULL) 840 SSL_SESSION_free(s->session); 841 s->session=session; 842 s->verify_result = s->session->verify_result; 843 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ 844 ret=1; 845 } 846 else 847 { 848 if (s->session != NULL) 849 { 850 SSL_SESSION_free(s->session); 851 s->session=NULL; 852 } 853 854 meth=s->ctx->method; 855 if (meth != s->method) 856 { 857 if (!SSL_set_ssl_method(s,meth)) 858 return(0); 859 } 860 ret=1; 861 } 862 return(ret); 863 } 864 865long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) 866 { 867 if (s == NULL) return(0); 868 s->timeout=t; 869 return(1); 870 } 871 872long SSL_SESSION_get_timeout(const SSL_SESSION *s) 873 { 874 if (s == NULL) return(0); 875 return(s->timeout); 876 } 877 878long SSL_SESSION_get_time(const SSL_SESSION *s) 879 { 880 if (s == NULL) return(0); 881 return(s->time); 882 } 883 884long SSL_SESSION_set_time(SSL_SESSION *s, long t) 885 { 886 if (s == NULL) return(0); 887 s->time=t; 888 return(t); 889 } 890 891X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) 892 { 893 return s->peer; 894 } 895 896int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, 897 unsigned int sid_ctx_len) 898 { 899 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) 900 { 901 SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 902 return 0; 903 } 904 s->sid_ctx_length=sid_ctx_len; 905 memcpy(s->sid_ctx,sid_ctx,sid_ctx_len); 906 907 return 1; 908 } 909 910long SSL_CTX_set_timeout(SSL_CTX *s, long t) 911 { 912 long l; 913 if (s == NULL) return(0); 914 l=s->session_timeout; 915 s->session_timeout=t; 916 return(l); 917 } 918 919long SSL_CTX_get_timeout(const SSL_CTX *s) 920 { 921 if (s == NULL) return(0); 922 return(s->session_timeout); 923 } 924 925#ifndef OPENSSL_NO_TLSEXT 926int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, 927 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) 928 { 929 if (s == NULL) return(0); 930 s->tls_session_secret_cb = tls_session_secret_cb; 931 s->tls_session_secret_cb_arg = arg; 932 return(1); 933 } 934 935int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, 936 void *arg) 937 { 938 if (s == NULL) return(0); 939 s->tls_session_ticket_ext_cb = cb; 940 s->tls_session_ticket_ext_cb_arg = arg; 941 return(1); 942 } 943 944int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) 945 { 946 if (s->version >= TLS1_VERSION) 947 { 948 if (s->tlsext_session_ticket) 949 { 950 OPENSSL_free(s->tlsext_session_ticket); 951 s->tlsext_session_ticket = NULL; 952 } 953 954 s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); 955 if (!s->tlsext_session_ticket) 956 { 957 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); 958 return 0; 959 } 960 961 if (ext_data) 962 { 963 s->tlsext_session_ticket->length = ext_len; 964 s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; 965 memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); 966 } 967 else 968 { 969 s->tlsext_session_ticket->length = 0; 970 s->tlsext_session_ticket->data = NULL; 971 } 972 973 return 1; 974 } 975 976 return 0; 977 } 978#endif /* OPENSSL_NO_TLSEXT */ 979 980typedef struct timeout_param_st 981 { 982 SSL_CTX *ctx; 983 long time; 984 LHASH_OF(SSL_SESSION) *cache; 985 } TIMEOUT_PARAM; 986 987static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) 988 { 989 if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ 990 { 991 /* The reason we don't call SSL_CTX_remove_session() is to 992 * save on locking overhead */ 993 (void)lh_SSL_SESSION_delete(p->cache,s); 994 SSL_SESSION_list_remove(p->ctx,s); 995 s->not_resumable=1; 996 if (p->ctx->remove_session_cb != NULL) 997 p->ctx->remove_session_cb(p->ctx,s); 998 SSL_SESSION_free(s); 999 } 1000 } 1001 1002static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) 1003 1004void SSL_CTX_flush_sessions(SSL_CTX *s, long t) 1005 { 1006 unsigned long i; 1007 TIMEOUT_PARAM tp; 1008 1009 tp.ctx=s; 1010 tp.cache=s->sessions; 1011 if (tp.cache == NULL) return; 1012 tp.time=t; 1013 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 1014 i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; 1015 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; 1016 lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), 1017 TIMEOUT_PARAM, &tp); 1018 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; 1019 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 1020 } 1021 1022int ssl_clear_bad_session(SSL *s) 1023 { 1024 if ( (s->session != NULL) && 1025 !(s->shutdown & SSL_SENT_SHUTDOWN) && 1026 !(SSL_in_init(s) || SSL_in_before(s))) 1027 { 1028 SSL_CTX_remove_session(s->ctx,s->session); 1029 return(1); 1030 } 1031 else 1032 return(0); 1033 } 1034 1035/* locked by SSL_CTX in the calling function */ 1036static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) 1037 { 1038 if ((s->next == NULL) || (s->prev == NULL)) return; 1039 1040 if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) 1041 { /* last element in list */ 1042 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) 1043 { /* only one element in list */ 1044 ctx->session_cache_head=NULL; 1045 ctx->session_cache_tail=NULL; 1046 } 1047 else 1048 { 1049 ctx->session_cache_tail=s->prev; 1050 s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail); 1051 } 1052 } 1053 else 1054 { 1055 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) 1056 { /* first element in list */ 1057 ctx->session_cache_head=s->next; 1058 s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); 1059 } 1060 else 1061 { /* middle of list */ 1062 s->next->prev=s->prev; 1063 s->prev->next=s->next; 1064 } 1065 } 1066 s->prev=s->next=NULL; 1067 } 1068 1069static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) 1070 { 1071 if ((s->next != NULL) && (s->prev != NULL)) 1072 SSL_SESSION_list_remove(ctx,s); 1073 1074 if (ctx->session_cache_head == NULL) 1075 { 1076 ctx->session_cache_head=s; 1077 ctx->session_cache_tail=s; 1078 s->prev=(SSL_SESSION *)&(ctx->session_cache_head); 1079 s->next=(SSL_SESSION *)&(ctx->session_cache_tail); 1080 } 1081 else 1082 { 1083 s->next=ctx->session_cache_head; 1084 s->next->prev=s; 1085 s->prev=(SSL_SESSION *)&(ctx->session_cache_head); 1086 ctx->session_cache_head=s; 1087 } 1088 } 1089 1090void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, 1091 int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) 1092 { 1093 ctx->new_session_cb=cb; 1094 } 1095 1096int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) 1097 { 1098 return ctx->new_session_cb; 1099 } 1100 1101void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, 1102 void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) 1103 { 1104 ctx->remove_session_cb=cb; 1105 } 1106 1107void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) 1108 { 1109 return ctx->remove_session_cb; 1110 } 1111 1112void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, 1113 SSL_SESSION *(*cb)(struct ssl_st *ssl, 1114 unsigned char *data,int len,int *copy)) 1115 { 1116 ctx->get_session_cb=cb; 1117 } 1118 1119SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, 1120 unsigned char *data,int len,int *copy) 1121 { 1122 return ctx->get_session_cb; 1123 } 1124 1125void SSL_CTX_set_info_callback(SSL_CTX *ctx, 1126 void (*cb)(const SSL *ssl,int type,int val)) 1127 { 1128 ctx->info_callback=cb; 1129 } 1130 1131void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) 1132 { 1133 return ctx->info_callback; 1134 } 1135 1136void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, 1137 int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) 1138 { 1139 ctx->client_cert_cb=cb; 1140 } 1141 1142int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) 1143 { 1144 return ctx->client_cert_cb; 1145 } 1146 1147void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, 1148 void (*cb)(SSL *ssl, EVP_PKEY **pkey)) 1149 { 1150 ctx->channel_id_cb=cb; 1151 } 1152 1153void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey) 1154 { 1155 return ctx->channel_id_cb; 1156 } 1157 1158#ifndef OPENSSL_NO_ENGINE 1159int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) 1160 { 1161 if (!ENGINE_init(e)) 1162 { 1163 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); 1164 return 0; 1165 } 1166 if(!ENGINE_get_ssl_client_cert_function(e)) 1167 { 1168 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); 1169 ENGINE_finish(e); 1170 return 0; 1171 } 1172 ctx->client_cert_engine = e; 1173 return 1; 1174 } 1175#endif 1176 1177void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, 1178 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) 1179 { 1180 ctx->app_gen_cookie_cb=cb; 1181 } 1182 1183void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, 1184 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) 1185 { 1186 ctx->app_verify_cookie_cb=cb; 1187 } 1188 1189IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) 1190