1e71b7053SJung-uk Kim /* 2*b077aed3SPierre Pronchery * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. 31f13597dSJung-uk Kim * Copyright 2005 Nokia. All rights reserved. 41f13597dSJung-uk Kim * 5*b077aed3SPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use 6e71b7053SJung-uk Kim * this file except in compliance with the License. You can obtain a copy 7e71b7053SJung-uk Kim * in the file LICENSE in the source distribution or at 8e71b7053SJung-uk Kim * https://www.openssl.org/source/license.html 91f13597dSJung-uk Kim */ 1074664626SKris Kennaway 11*b077aed3SPierre Pronchery #if defined(__TANDEM) && defined(_SPT_MODEL_) 12*b077aed3SPierre Pronchery # include <spthread.h> 13*b077aed3SPierre Pronchery # include <spt_extensions.h> /* timeval */ 14*b077aed3SPierre Pronchery #endif 1574664626SKris Kennaway #include <stdio.h> 1674664626SKris Kennaway #include <openssl/rand.h> 17db522d3aSSimon L. B. Nielsen #include <openssl/engine.h> 18e71b7053SJung-uk Kim #include "internal/refcount.h" 19e71b7053SJung-uk Kim #include "internal/cryptlib.h" 2017f01e99SJung-uk Kim #include "ssl_local.h" 2117f01e99SJung-uk Kim #include "statem/statem_local.h" 2274664626SKris Kennaway 2374664626SKris Kennaway static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); 2474664626SKris Kennaway static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); 2574664626SKris Kennaway static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); 2674664626SKris Kennaway 27*b077aed3SPierre Pronchery DEFINE_STACK_OF(SSL_SESSION) 28*b077aed3SPierre Pronchery 29*b077aed3SPierre Pronchery __owur static int sess_timedout(time_t t, SSL_SESSION *ss) 30*b077aed3SPierre Pronchery { 31*b077aed3SPierre Pronchery /* if timeout overflowed, it can never timeout! */ 32*b077aed3SPierre Pronchery if (ss->timeout_ovf) 33*b077aed3SPierre Pronchery return 0; 34*b077aed3SPierre Pronchery return t > ss->calc_timeout; 35*b077aed3SPierre Pronchery } 36*b077aed3SPierre Pronchery 37*b077aed3SPierre Pronchery /* 38*b077aed3SPierre Pronchery * Returns -1/0/+1 as other XXXcmp-type functions 39*b077aed3SPierre Pronchery * Takes overflow of calculated timeout into consideration 40*b077aed3SPierre Pronchery */ 41*b077aed3SPierre Pronchery __owur static int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b) 42*b077aed3SPierre Pronchery { 43*b077aed3SPierre Pronchery /* if only one overflowed, then it is greater */ 44*b077aed3SPierre Pronchery if (a->timeout_ovf && !b->timeout_ovf) 45*b077aed3SPierre Pronchery return 1; 46*b077aed3SPierre Pronchery if (!a->timeout_ovf && b->timeout_ovf) 47*b077aed3SPierre Pronchery return -1; 48*b077aed3SPierre Pronchery /* No overflow, or both overflowed, so straight compare is safe */ 49*b077aed3SPierre Pronchery if (a->calc_timeout < b->calc_timeout) 50*b077aed3SPierre Pronchery return -1; 51*b077aed3SPierre Pronchery if (a->calc_timeout > b->calc_timeout) 52*b077aed3SPierre Pronchery return 1; 53*b077aed3SPierre Pronchery return 0; 54*b077aed3SPierre Pronchery } 55*b077aed3SPierre Pronchery 56*b077aed3SPierre Pronchery /* 57*b077aed3SPierre Pronchery * Calculates effective timeout, saving overflow state 58*b077aed3SPierre Pronchery * Locking must be done by the caller of this function 59*b077aed3SPierre Pronchery */ 60*b077aed3SPierre Pronchery void ssl_session_calculate_timeout(SSL_SESSION *ss) 61*b077aed3SPierre Pronchery { 62*b077aed3SPierre Pronchery /* Force positive timeout */ 63*b077aed3SPierre Pronchery if (ss->timeout < 0) 64*b077aed3SPierre Pronchery ss->timeout = 0; 65*b077aed3SPierre Pronchery ss->calc_timeout = ss->time + ss->timeout; 66*b077aed3SPierre Pronchery /* 67*b077aed3SPierre Pronchery * |timeout| is always zero or positive, so the check for 68*b077aed3SPierre Pronchery * overflow only needs to consider if |time| is positive 69*b077aed3SPierre Pronchery */ 70*b077aed3SPierre Pronchery ss->timeout_ovf = ss->time > 0 && ss->calc_timeout < ss->time; 71*b077aed3SPierre Pronchery /* 72*b077aed3SPierre Pronchery * N.B. Realistic overflow can only occur in our lifetimes on a 73*b077aed3SPierre Pronchery * 32-bit machine in January 2038. 74*b077aed3SPierre Pronchery * However, There are no controls to limit the |timeout| 75*b077aed3SPierre Pronchery * value, except to keep it positive. 76*b077aed3SPierre Pronchery */ 77*b077aed3SPierre Pronchery } 78*b077aed3SPierre Pronchery 79e71b7053SJung-uk Kim /* 80e71b7053SJung-uk Kim * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because, 81e71b7053SJung-uk Kim * unlike in earlier protocol versions, the session ticket may not have been 82e71b7053SJung-uk Kim * sent yet even though a handshake has finished. The session ticket data could 83e71b7053SJung-uk Kim * come in sometime later...or even change if multiple session ticket messages 84e71b7053SJung-uk Kim * are sent from the server. The preferred way for applications to obtain 85e71b7053SJung-uk Kim * a resumable session is to use SSL_CTX_sess_set_new_cb(). 86e71b7053SJung-uk Kim */ 87e71b7053SJung-uk Kim 883b4e3dcbSSimon L. B. Nielsen SSL_SESSION *SSL_get_session(const SSL *ssl) 89f579bf8eSKris Kennaway /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ 9074664626SKris Kennaway { 91e71b7053SJung-uk Kim return ssl->session; 9274664626SKris Kennaway } 9374664626SKris Kennaway 94f579bf8eSKris Kennaway SSL_SESSION *SSL_get1_session(SSL *ssl) 95f579bf8eSKris Kennaway /* variant of SSL_get_session: caller really gets something */ 96f579bf8eSKris Kennaway { 97f579bf8eSKris Kennaway SSL_SESSION *sess; 986f9291ceSJung-uk Kim /* 996f9291ceSJung-uk Kim * Need to lock this all up rather than just use CRYPTO_add so that 1006f9291ceSJung-uk Kim * somebody doesn't free ssl->session between when we check it's non-null 1016f9291ceSJung-uk Kim * and when we up the reference count. 1026f9291ceSJung-uk Kim */ 103*b077aed3SPierre Pronchery if (!CRYPTO_THREAD_read_lock(ssl->lock)) 104*b077aed3SPierre Pronchery return NULL; 105f579bf8eSKris Kennaway sess = ssl->session; 106f579bf8eSKris Kennaway if (sess) 107e71b7053SJung-uk Kim SSL_SESSION_up_ref(sess); 108e71b7053SJung-uk Kim CRYPTO_THREAD_unlock(ssl->lock); 109e71b7053SJung-uk Kim return sess; 11074664626SKris Kennaway } 11174664626SKris Kennaway 11274664626SKris Kennaway int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) 11374664626SKris Kennaway { 114e71b7053SJung-uk Kim return CRYPTO_set_ex_data(&s->ex_data, idx, arg); 11574664626SKris Kennaway } 11674664626SKris Kennaway 1173b4e3dcbSSimon L. B. Nielsen void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) 11874664626SKris Kennaway { 119e71b7053SJung-uk Kim return CRYPTO_get_ex_data(&s->ex_data, idx); 12074664626SKris Kennaway } 12174664626SKris Kennaway 12274664626SKris Kennaway SSL_SESSION *SSL_SESSION_new(void) 12374664626SKris Kennaway { 12474664626SKris Kennaway SSL_SESSION *ss; 12574664626SKris Kennaway 126e71b7053SJung-uk Kim if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) 127e71b7053SJung-uk Kim return NULL; 128e71b7053SJung-uk Kim 129e71b7053SJung-uk Kim ss = OPENSSL_zalloc(sizeof(*ss)); 1306f9291ceSJung-uk Kim if (ss == NULL) { 131*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 132e71b7053SJung-uk Kim return NULL; 13374664626SKris Kennaway } 13474664626SKris Kennaway 135f579bf8eSKris Kennaway ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ 13674664626SKris Kennaway ss->references = 1; 13774664626SKris Kennaway ss->timeout = 60 * 5 + 4; /* 5 minute timeout by default */ 138*b077aed3SPierre Pronchery ss->time = time(NULL); 139*b077aed3SPierre Pronchery ssl_session_calculate_timeout(ss); 140e71b7053SJung-uk Kim ss->lock = CRYPTO_THREAD_lock_new(); 141e71b7053SJung-uk Kim if (ss->lock == NULL) { 142*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 143e71b7053SJung-uk Kim OPENSSL_free(ss); 144e71b7053SJung-uk Kim return NULL; 145e71b7053SJung-uk Kim } 146e71b7053SJung-uk Kim 147e71b7053SJung-uk Kim if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) { 148e71b7053SJung-uk Kim CRYPTO_THREAD_lock_free(ss->lock); 149e71b7053SJung-uk Kim OPENSSL_free(ss); 150e71b7053SJung-uk Kim return NULL; 151e71b7053SJung-uk Kim } 152e71b7053SJung-uk Kim return ss; 153e71b7053SJung-uk Kim } 154e71b7053SJung-uk Kim 155*b077aed3SPierre Pronchery SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) 156e71b7053SJung-uk Kim { 157e71b7053SJung-uk Kim return ssl_session_dup(src, 1); 15874664626SKris Kennaway } 15974664626SKris Kennaway 160ed6b93beSJung-uk Kim /* 161ed6b93beSJung-uk Kim * Create a new SSL_SESSION and duplicate the contents of |src| into it. If 162ed6b93beSJung-uk Kim * ticket == 0 then no ticket information is duplicated, otherwise it is. 163ed6b93beSJung-uk Kim */ 164*b077aed3SPierre Pronchery SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) 165ed6b93beSJung-uk Kim { 166ed6b93beSJung-uk Kim SSL_SESSION *dest; 167ed6b93beSJung-uk Kim 168c3c73b4fSJung-uk Kim dest = OPENSSL_malloc(sizeof(*dest)); 169ed6b93beSJung-uk Kim if (dest == NULL) { 170ed6b93beSJung-uk Kim goto err; 171ed6b93beSJung-uk Kim } 172ed6b93beSJung-uk Kim memcpy(dest, src, sizeof(*dest)); 173ed6b93beSJung-uk Kim 174ed6b93beSJung-uk Kim /* 175ed6b93beSJung-uk Kim * Set the various pointers to NULL so that we can call SSL_SESSION_free in 176ed6b93beSJung-uk Kim * the case of an error whilst halfway through constructing dest 177ed6b93beSJung-uk Kim */ 178ed6b93beSJung-uk Kim #ifndef OPENSSL_NO_PSK 179ed6b93beSJung-uk Kim dest->psk_identity_hint = NULL; 180ed6b93beSJung-uk Kim dest->psk_identity = NULL; 181ed6b93beSJung-uk Kim #endif 182e71b7053SJung-uk Kim dest->ext.hostname = NULL; 183e71b7053SJung-uk Kim dest->ext.tick = NULL; 184e71b7053SJung-uk Kim dest->ext.alpn_selected = NULL; 185ed6b93beSJung-uk Kim #ifndef OPENSSL_NO_SRP 186ed6b93beSJung-uk Kim dest->srp_username = NULL; 187ed6b93beSJung-uk Kim #endif 188e71b7053SJung-uk Kim dest->peer_chain = NULL; 189e71b7053SJung-uk Kim dest->peer = NULL; 190e71b7053SJung-uk Kim dest->ticket_appdata = NULL; 191e71b7053SJung-uk Kim memset(&dest->ex_data, 0, sizeof(dest->ex_data)); 192ed6b93beSJung-uk Kim 193*b077aed3SPierre Pronchery /* As the copy is not in the cache, we remove the associated pointers */ 194ed6b93beSJung-uk Kim dest->prev = NULL; 195ed6b93beSJung-uk Kim dest->next = NULL; 196*b077aed3SPierre Pronchery dest->owner = NULL; 197ed6b93beSJung-uk Kim 198ed6b93beSJung-uk Kim dest->references = 1; 199ed6b93beSJung-uk Kim 200e71b7053SJung-uk Kim dest->lock = CRYPTO_THREAD_lock_new(); 201e71b7053SJung-uk Kim if (dest->lock == NULL) 202e71b7053SJung-uk Kim goto err; 203ed6b93beSJung-uk Kim 20447902a71SJung-uk Kim if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) 20547902a71SJung-uk Kim goto err; 20647902a71SJung-uk Kim 207e71b7053SJung-uk Kim if (src->peer != NULL) { 208e71b7053SJung-uk Kim if (!X509_up_ref(src->peer)) 209e71b7053SJung-uk Kim goto err; 210e71b7053SJung-uk Kim dest->peer = src->peer; 211e71b7053SJung-uk Kim } 212e71b7053SJung-uk Kim 213e71b7053SJung-uk Kim if (src->peer_chain != NULL) { 214e71b7053SJung-uk Kim dest->peer_chain = X509_chain_up_ref(src->peer_chain); 215e71b7053SJung-uk Kim if (dest->peer_chain == NULL) 216e71b7053SJung-uk Kim goto err; 217e71b7053SJung-uk Kim } 218ed6b93beSJung-uk Kim #ifndef OPENSSL_NO_PSK 219ed6b93beSJung-uk Kim if (src->psk_identity_hint) { 220e71b7053SJung-uk Kim dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint); 221ed6b93beSJung-uk Kim if (dest->psk_identity_hint == NULL) { 222ed6b93beSJung-uk Kim goto err; 223ed6b93beSJung-uk Kim } 224ed6b93beSJung-uk Kim } 225ed6b93beSJung-uk Kim if (src->psk_identity) { 226e71b7053SJung-uk Kim dest->psk_identity = OPENSSL_strdup(src->psk_identity); 227ed6b93beSJung-uk Kim if (dest->psk_identity == NULL) { 228ed6b93beSJung-uk Kim goto err; 229ed6b93beSJung-uk Kim } 230ed6b93beSJung-uk Kim } 231ed6b93beSJung-uk Kim #endif 232ed6b93beSJung-uk Kim 233ed6b93beSJung-uk Kim if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, 234ed6b93beSJung-uk Kim &dest->ex_data, &src->ex_data)) { 235ed6b93beSJung-uk Kim goto err; 236ed6b93beSJung-uk Kim } 237ed6b93beSJung-uk Kim 238e71b7053SJung-uk Kim if (src->ext.hostname) { 239e71b7053SJung-uk Kim dest->ext.hostname = OPENSSL_strdup(src->ext.hostname); 240e71b7053SJung-uk Kim if (dest->ext.hostname == NULL) { 241ed6b93beSJung-uk Kim goto err; 242ed6b93beSJung-uk Kim } 243ed6b93beSJung-uk Kim } 244ed6b93beSJung-uk Kim 245e71b7053SJung-uk Kim if (ticket != 0 && src->ext.tick != NULL) { 246e71b7053SJung-uk Kim dest->ext.tick = 247e71b7053SJung-uk Kim OPENSSL_memdup(src->ext.tick, src->ext.ticklen); 248e71b7053SJung-uk Kim if (dest->ext.tick == NULL) 249ed6b93beSJung-uk Kim goto err; 250ed6b93beSJung-uk Kim } else { 251e71b7053SJung-uk Kim dest->ext.tick_lifetime_hint = 0; 252e71b7053SJung-uk Kim dest->ext.ticklen = 0; 253ed6b93beSJung-uk Kim } 254e71b7053SJung-uk Kim 255e71b7053SJung-uk Kim if (src->ext.alpn_selected != NULL) { 256e71b7053SJung-uk Kim dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected, 257e71b7053SJung-uk Kim src->ext.alpn_selected_len); 258e71b7053SJung-uk Kim if (dest->ext.alpn_selected == NULL) 259e71b7053SJung-uk Kim goto err; 260e71b7053SJung-uk Kim } 261ed6b93beSJung-uk Kim 262ed6b93beSJung-uk Kim #ifndef OPENSSL_NO_SRP 263ed6b93beSJung-uk Kim if (src->srp_username) { 264e71b7053SJung-uk Kim dest->srp_username = OPENSSL_strdup(src->srp_username); 265ed6b93beSJung-uk Kim if (dest->srp_username == NULL) { 266ed6b93beSJung-uk Kim goto err; 267ed6b93beSJung-uk Kim } 268ed6b93beSJung-uk Kim } 269ed6b93beSJung-uk Kim #endif 270ed6b93beSJung-uk Kim 271e71b7053SJung-uk Kim if (src->ticket_appdata != NULL) { 272e71b7053SJung-uk Kim dest->ticket_appdata = 273e71b7053SJung-uk Kim OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len); 274e71b7053SJung-uk Kim if (dest->ticket_appdata == NULL) 275e71b7053SJung-uk Kim goto err; 276e71b7053SJung-uk Kim } 277e71b7053SJung-uk Kim 278ed6b93beSJung-uk Kim return dest; 279ed6b93beSJung-uk Kim err: 280*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 281ed6b93beSJung-uk Kim SSL_SESSION_free(dest); 282ed6b93beSJung-uk Kim return NULL; 283ed6b93beSJung-uk Kim } 284ed6b93beSJung-uk Kim 285e71b7053SJung-uk Kim const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) 2863b4e3dcbSSimon L. B. Nielsen { 2873b4e3dcbSSimon L. B. Nielsen if (len) 288e71b7053SJung-uk Kim *len = (unsigned int)s->session_id_length; 2893b4e3dcbSSimon L. B. Nielsen return s->session_id; 2903b4e3dcbSSimon L. B. Nielsen } 291e71b7053SJung-uk Kim const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, 292e71b7053SJung-uk Kim unsigned int *len) 293e71b7053SJung-uk Kim { 294e71b7053SJung-uk Kim if (len != NULL) 295e71b7053SJung-uk Kim *len = (unsigned int)s->sid_ctx_length; 296e71b7053SJung-uk Kim return s->sid_ctx; 297e71b7053SJung-uk Kim } 2983b4e3dcbSSimon L. B. Nielsen 2991f13597dSJung-uk Kim unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) 3001f13597dSJung-uk Kim { 3011f13597dSJung-uk Kim return s->compress_meth; 3021f13597dSJung-uk Kim } 3031f13597dSJung-uk Kim 3046f9291ceSJung-uk Kim /* 305e71b7053SJung-uk Kim * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling 306e71b7053SJung-uk Kim * the ID with random junk repeatedly until we have no conflict is going to 307e71b7053SJung-uk Kim * complete in one iteration pretty much "most" of the time (btw: 308e71b7053SJung-uk Kim * understatement). So, if it takes us 10 iterations and we still can't avoid 309e71b7053SJung-uk Kim * a conflict - well that's a reasonable point to call it quits. Either the 310e71b7053SJung-uk Kim * RAND code is broken or someone is trying to open roughly very close to 311e71b7053SJung-uk Kim * 2^256 SSL sessions to our server. How you might store that many sessions 312e71b7053SJung-uk Kim * is perhaps a more interesting question ... 3136f9291ceSJung-uk Kim */ 3145c87c606SMark Murray 3155c87c606SMark Murray #define MAX_SESS_ID_ATTEMPTS 10 316e71b7053SJung-uk Kim static int def_generate_session_id(SSL *ssl, unsigned char *id, 3175c87c606SMark Murray unsigned int *id_len) 3185c87c606SMark Murray { 3195c87c606SMark Murray unsigned int retry = 0; 3205c87c606SMark Murray do 321*b077aed3SPierre Pronchery if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0) 3226be8ae07SJacques Vidrine return 0; 3235c87c606SMark Murray while (SSL_has_matching_session_id(ssl, id, *id_len) && 3245c87c606SMark Murray (++retry < MAX_SESS_ID_ATTEMPTS)) ; 3255c87c606SMark Murray if (retry < MAX_SESS_ID_ATTEMPTS) 3265c87c606SMark Murray return 1; 3275c87c606SMark Murray /* else - woops a session_id match */ 3286f9291ceSJung-uk Kim /* 3296f9291ceSJung-uk Kim * XXX We should also check the external cache -- but the probability of 3306f9291ceSJung-uk Kim * a collision is negligible, and we could not prevent the concurrent 3316f9291ceSJung-uk Kim * creation of sessions with identical IDs since we currently don't have 3326f9291ceSJung-uk Kim * means to atomically check whether a session ID already exists and make 3336f9291ceSJung-uk Kim * a reservation for it if it does not (this problem applies to the 3346f9291ceSJung-uk Kim * internal cache as well). 3355c87c606SMark Murray */ 3365c87c606SMark Murray return 0; 3375c87c606SMark Murray } 3385c87c606SMark Murray 339e71b7053SJung-uk Kim int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) 340e71b7053SJung-uk Kim { 341e71b7053SJung-uk Kim unsigned int tmp; 342e71b7053SJung-uk Kim GEN_SESSION_CB cb = def_generate_session_id; 343e71b7053SJung-uk Kim 344e71b7053SJung-uk Kim switch (s->version) { 345e71b7053SJung-uk Kim case SSL3_VERSION: 346e71b7053SJung-uk Kim case TLS1_VERSION: 347e71b7053SJung-uk Kim case TLS1_1_VERSION: 348e71b7053SJung-uk Kim case TLS1_2_VERSION: 349e71b7053SJung-uk Kim case TLS1_3_VERSION: 350e71b7053SJung-uk Kim case DTLS1_BAD_VER: 351e71b7053SJung-uk Kim case DTLS1_VERSION: 352e71b7053SJung-uk Kim case DTLS1_2_VERSION: 353e71b7053SJung-uk Kim ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; 354e71b7053SJung-uk Kim break; 355e71b7053SJung-uk Kim default: 356*b077aed3SPierre Pronchery SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNSUPPORTED_SSL_VERSION); 357e71b7053SJung-uk Kim return 0; 358e71b7053SJung-uk Kim } 359e71b7053SJung-uk Kim 360e71b7053SJung-uk Kim /*- 361e71b7053SJung-uk Kim * If RFC5077 ticket, use empty session ID (as server). 362e71b7053SJung-uk Kim * Note that: 363e71b7053SJung-uk Kim * (a) ssl_get_prev_session() does lookahead into the 364e71b7053SJung-uk Kim * ClientHello extensions to find the session ticket. 365e71b7053SJung-uk Kim * When ssl_get_prev_session() fails, statem_srvr.c calls 366e71b7053SJung-uk Kim * ssl_get_new_session() in tls_process_client_hello(). 367e71b7053SJung-uk Kim * At that point, it has not yet parsed the extensions, 368e71b7053SJung-uk Kim * however, because of the lookahead, it already knows 369e71b7053SJung-uk Kim * whether a ticket is expected or not. 370e71b7053SJung-uk Kim * 371e71b7053SJung-uk Kim * (b) statem_clnt.c calls ssl_get_new_session() before parsing 372e71b7053SJung-uk Kim * ServerHello extensions, and before recording the session 373e71b7053SJung-uk Kim * ID received from the server, so this block is a noop. 374e71b7053SJung-uk Kim */ 375e71b7053SJung-uk Kim if (s->ext.ticket_expected) { 376e71b7053SJung-uk Kim ss->session_id_length = 0; 377e71b7053SJung-uk Kim return 1; 378e71b7053SJung-uk Kim } 379e71b7053SJung-uk Kim 380e71b7053SJung-uk Kim /* Choose which callback will set the session ID */ 381*b077aed3SPierre Pronchery if (!CRYPTO_THREAD_read_lock(s->lock)) 382*b077aed3SPierre Pronchery return 0; 383*b077aed3SPierre Pronchery if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) { 384*b077aed3SPierre Pronchery CRYPTO_THREAD_unlock(s->lock); 385*b077aed3SPierre Pronchery SSLfatal(s, SSL_AD_INTERNAL_ERROR, 386*b077aed3SPierre Pronchery SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); 387*b077aed3SPierre Pronchery return 0; 388*b077aed3SPierre Pronchery } 389e71b7053SJung-uk Kim if (s->generate_session_id) 390e71b7053SJung-uk Kim cb = s->generate_session_id; 391e71b7053SJung-uk Kim else if (s->session_ctx->generate_session_id) 392e71b7053SJung-uk Kim cb = s->session_ctx->generate_session_id; 393e71b7053SJung-uk Kim CRYPTO_THREAD_unlock(s->session_ctx->lock); 394e71b7053SJung-uk Kim CRYPTO_THREAD_unlock(s->lock); 395e71b7053SJung-uk Kim /* Choose a session ID */ 396e71b7053SJung-uk Kim memset(ss->session_id, 0, ss->session_id_length); 397e71b7053SJung-uk Kim tmp = (int)ss->session_id_length; 398e71b7053SJung-uk Kim if (!cb(s, ss->session_id, &tmp)) { 399e71b7053SJung-uk Kim /* The callback failed */ 400*b077aed3SPierre Pronchery SSLfatal(s, SSL_AD_INTERNAL_ERROR, 401e71b7053SJung-uk Kim SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); 402e71b7053SJung-uk Kim return 0; 403e71b7053SJung-uk Kim } 404e71b7053SJung-uk Kim /* 405e71b7053SJung-uk Kim * Don't allow the callback to set the session length to zero. nor 406e71b7053SJung-uk Kim * set it higher than it was. 407e71b7053SJung-uk Kim */ 408e71b7053SJung-uk Kim if (tmp == 0 || tmp > ss->session_id_length) { 409e71b7053SJung-uk Kim /* The callback set an illegal length */ 410*b077aed3SPierre Pronchery SSLfatal(s, SSL_AD_INTERNAL_ERROR, 411e71b7053SJung-uk Kim SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); 412e71b7053SJung-uk Kim return 0; 413e71b7053SJung-uk Kim } 414e71b7053SJung-uk Kim ss->session_id_length = tmp; 415e71b7053SJung-uk Kim /* Finally, check for a conflict */ 416e71b7053SJung-uk Kim if (SSL_has_matching_session_id(s, ss->session_id, 417e71b7053SJung-uk Kim (unsigned int)ss->session_id_length)) { 418*b077aed3SPierre Pronchery SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT); 419e71b7053SJung-uk Kim return 0; 420e71b7053SJung-uk Kim } 421e71b7053SJung-uk Kim 422e71b7053SJung-uk Kim return 1; 423e71b7053SJung-uk Kim } 424e71b7053SJung-uk Kim 42574664626SKris Kennaway int ssl_get_new_session(SSL *s, int session) 42674664626SKris Kennaway { 42774664626SKris Kennaway /* This gets used by clients and servers. */ 42874664626SKris Kennaway 42974664626SKris Kennaway SSL_SESSION *ss = NULL; 43074664626SKris Kennaway 431e71b7053SJung-uk Kim if ((ss = SSL_SESSION_new()) == NULL) { 432*b077aed3SPierre Pronchery SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 433e71b7053SJung-uk Kim return 0; 434e71b7053SJung-uk Kim } 43574664626SKris Kennaway 43674664626SKris Kennaway /* If the context has a default timeout, use it */ 4371f13597dSJung-uk Kim if (s->session_ctx->session_timeout == 0) 43874664626SKris Kennaway ss->timeout = SSL_get_default_timeout(s); 43974664626SKris Kennaway else 4401f13597dSJung-uk Kim ss->timeout = s->session_ctx->session_timeout; 441*b077aed3SPierre Pronchery ssl_session_calculate_timeout(ss); 44274664626SKris Kennaway 44374664626SKris Kennaway SSL_SESSION_free(s->session); 44474664626SKris Kennaway s->session = NULL; 44574664626SKris Kennaway 4466f9291ceSJung-uk Kim if (session) { 447e71b7053SJung-uk Kim if (SSL_IS_TLS13(s)) { 4486f9291ceSJung-uk Kim /* 449e71b7053SJung-uk Kim * We generate the session id while constructing the 450e71b7053SJung-uk Kim * NewSessionTicket in TLSv1.3. 4516f9291ceSJung-uk Kim */ 452e71b7053SJung-uk Kim ss->session_id_length = 0; 453e71b7053SJung-uk Kim } else if (!ssl_generate_session_id(s, ss)) { 454e71b7053SJung-uk Kim /* SSLfatal() already called */ 455db522d3aSSimon L. B. Nielsen SSL_SESSION_free(ss); 456db522d3aSSimon L. B. Nielsen return 0; 457db522d3aSSimon L. B. Nielsen } 458e71b7053SJung-uk Kim 4596f9291ceSJung-uk Kim } else { 46074664626SKris Kennaway ss->session_id_length = 0; 46174664626SKris Kennaway } 46274664626SKris Kennaway 463dee36b4fSJung-uk Kim if (s->sid_ctx_length > sizeof(ss->sid_ctx)) { 464*b077aed3SPierre Pronchery SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 46548454956SJacques Vidrine SSL_SESSION_free(ss); 46648454956SJacques Vidrine return 0; 46748454956SJacques Vidrine } 46874664626SKris Kennaway memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length); 46974664626SKris Kennaway ss->sid_ctx_length = s->sid_ctx_length; 47074664626SKris Kennaway s->session = ss; 47174664626SKris Kennaway ss->ssl_version = s->version; 472f579bf8eSKris Kennaway ss->verify_result = X509_V_OK; 47374664626SKris Kennaway 474e71b7053SJung-uk Kim /* If client supports extended master secret set it in session */ 475*b077aed3SPierre Pronchery if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) 476e71b7053SJung-uk Kim ss->flags |= SSL_SESS_FLAG_EXTMS; 477e71b7053SJung-uk Kim 478e71b7053SJung-uk Kim return 1; 47974664626SKris Kennaway } 48074664626SKris Kennaway 481e71b7053SJung-uk Kim SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, 482e71b7053SJung-uk Kim size_t sess_id_len) 48374664626SKris Kennaway { 484db522d3aSSimon L. B. Nielsen SSL_SESSION *ret = NULL; 48574664626SKris Kennaway 486e71b7053SJung-uk Kim if ((s->session_ctx->session_cache_mode 487e71b7053SJung-uk Kim & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) { 488db522d3aSSimon L. B. Nielsen SSL_SESSION data; 489e71b7053SJung-uk Kim 490db522d3aSSimon L. B. Nielsen data.ssl_version = s->version; 491e71b7053SJung-uk Kim if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH)) 492e71b7053SJung-uk Kim return NULL; 493e71b7053SJung-uk Kim 494e71b7053SJung-uk Kim memcpy(data.session_id, sess_id, sess_id_len); 495e71b7053SJung-uk Kim data.session_id_length = sess_id_len; 496e71b7053SJung-uk Kim 497*b077aed3SPierre Pronchery if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) 498*b077aed3SPierre Pronchery return NULL; 4991f13597dSJung-uk Kim ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); 5006f9291ceSJung-uk Kim if (ret != NULL) { 50174664626SKris Kennaway /* don't allow other threads to steal it: */ 502e71b7053SJung-uk Kim SSL_SESSION_up_ref(ret); 5031f13597dSJung-uk Kim } 504e71b7053SJung-uk Kim CRYPTO_THREAD_unlock(s->session_ctx->lock); 5051f13597dSJung-uk Kim if (ret == NULL) 506*b077aed3SPierre Pronchery ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_miss); 50774664626SKris Kennaway } 50874664626SKris Kennaway 509e71b7053SJung-uk Kim if (ret == NULL && s->session_ctx->get_session_cb != NULL) { 51074664626SKris Kennaway int copy = 1; 51174664626SKris Kennaway 512e71b7053SJung-uk Kim ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©); 513e71b7053SJung-uk Kim 514e71b7053SJung-uk Kim if (ret != NULL) { 515*b077aed3SPierre Pronchery ssl_tsan_counter(s->session_ctx, 516*b077aed3SPierre Pronchery &s->session_ctx->stats.sess_cb_hit); 51774664626SKris Kennaway 5186f9291ceSJung-uk Kim /* 5196f9291ceSJung-uk Kim * Increment reference count now if the session callback asks us 5206f9291ceSJung-uk Kim * to do so (note that if the session structures returned by the 5216f9291ceSJung-uk Kim * callback are shared between threads, it must handle the 5226f9291ceSJung-uk Kim * reference count itself [i.e. copy == 0], or things won't be 5236f9291ceSJung-uk Kim * thread-safe). 5246f9291ceSJung-uk Kim */ 52574664626SKris Kennaway if (copy) 526e71b7053SJung-uk Kim SSL_SESSION_up_ref(ret); 52774664626SKris Kennaway 5286f9291ceSJung-uk Kim /* 5296f9291ceSJung-uk Kim * Add the externally cached session to the internal cache as 5306f9291ceSJung-uk Kim * well if and only if we are supposed to. 5316f9291ceSJung-uk Kim */ 532e71b7053SJung-uk Kim if ((s->session_ctx->session_cache_mode & 533e71b7053SJung-uk Kim SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) { 5346f9291ceSJung-uk Kim /* 535e71b7053SJung-uk Kim * Either return value of SSL_CTX_add_session should not 536e71b7053SJung-uk Kim * interrupt the session resumption process. The return 537e71b7053SJung-uk Kim * value is intentionally ignored. 5386f9291ceSJung-uk Kim */ 539e71b7053SJung-uk Kim (void)SSL_CTX_add_session(s->session_ctx, ret); 540e71b7053SJung-uk Kim } 541e71b7053SJung-uk Kim } 542e71b7053SJung-uk Kim } 543e71b7053SJung-uk Kim 544e71b7053SJung-uk Kim return ret; 545e71b7053SJung-uk Kim } 546e71b7053SJung-uk Kim 547e71b7053SJung-uk Kim /*- 548e71b7053SJung-uk Kim * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this 549e71b7053SJung-uk Kim * connection. It is only called by servers. 550e71b7053SJung-uk Kim * 551e71b7053SJung-uk Kim * hello: The parsed ClientHello data 552e71b7053SJung-uk Kim * 553e71b7053SJung-uk Kim * Returns: 554e71b7053SJung-uk Kim * -1: fatal error 555e71b7053SJung-uk Kim * 0: no session found 556e71b7053SJung-uk Kim * 1: a session may have been found. 557e71b7053SJung-uk Kim * 558e71b7053SJung-uk Kim * Side effects: 559e71b7053SJung-uk Kim * - If a session is found then s->session is pointed at it (after freeing an 560e71b7053SJung-uk Kim * existing session if need be) and s->verify_result is set from the session. 561e71b7053SJung-uk Kim * - Both for new and resumed sessions, s->ext.ticket_expected is set to 1 562e71b7053SJung-uk Kim * if the server should issue a new session ticket (to 0 otherwise). 563e71b7053SJung-uk Kim */ 564e71b7053SJung-uk Kim int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) 565e71b7053SJung-uk Kim { 566e71b7053SJung-uk Kim /* This is used only by servers. */ 567e71b7053SJung-uk Kim 568e71b7053SJung-uk Kim SSL_SESSION *ret = NULL; 569e71b7053SJung-uk Kim int fatal = 0; 570e71b7053SJung-uk Kim int try_session_cache = 0; 571e71b7053SJung-uk Kim SSL_TICKET_STATUS r; 572e71b7053SJung-uk Kim 573e71b7053SJung-uk Kim if (SSL_IS_TLS13(s)) { 574e71b7053SJung-uk Kim /* 575e71b7053SJung-uk Kim * By default we will send a new ticket. This can be overridden in the 576e71b7053SJung-uk Kim * ticket processing. 577e71b7053SJung-uk Kim */ 578e71b7053SJung-uk Kim s->ext.ticket_expected = 1; 579e71b7053SJung-uk Kim if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes, 580e71b7053SJung-uk Kim SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts, 581e71b7053SJung-uk Kim NULL, 0) 582e71b7053SJung-uk Kim || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO, 583e71b7053SJung-uk Kim hello->pre_proc_exts, NULL, 0)) 584e71b7053SJung-uk Kim return -1; 585e71b7053SJung-uk Kim 586e71b7053SJung-uk Kim ret = s->session; 587e71b7053SJung-uk Kim } else { 588e71b7053SJung-uk Kim /* sets s->ext.ticket_expected */ 589e71b7053SJung-uk Kim r = tls_get_ticket_from_client(s, hello, &ret); 590e71b7053SJung-uk Kim switch (r) { 591e71b7053SJung-uk Kim case SSL_TICKET_FATAL_ERR_MALLOC: 592e71b7053SJung-uk Kim case SSL_TICKET_FATAL_ERR_OTHER: 593e71b7053SJung-uk Kim fatal = 1; 594*b077aed3SPierre Pronchery SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 595e71b7053SJung-uk Kim goto err; 596e71b7053SJung-uk Kim case SSL_TICKET_NONE: 597e71b7053SJung-uk Kim case SSL_TICKET_EMPTY: 598e71b7053SJung-uk Kim if (hello->session_id_len > 0) { 599e71b7053SJung-uk Kim try_session_cache = 1; 600e71b7053SJung-uk Kim ret = lookup_sess_in_cache(s, hello->session_id, 601e71b7053SJung-uk Kim hello->session_id_len); 602e71b7053SJung-uk Kim } 603e71b7053SJung-uk Kim break; 604e71b7053SJung-uk Kim case SSL_TICKET_NO_DECRYPT: 605e71b7053SJung-uk Kim case SSL_TICKET_SUCCESS: 606e71b7053SJung-uk Kim case SSL_TICKET_SUCCESS_RENEW: 607e71b7053SJung-uk Kim break; 60874664626SKris Kennaway } 60974664626SKris Kennaway } 61074664626SKris Kennaway 6111f13597dSJung-uk Kim if (ret == NULL) 6121f13597dSJung-uk Kim goto err; 6131f13597dSJung-uk Kim 6141f13597dSJung-uk Kim /* Now ret is non-NULL and we own one of its reference counts. */ 61574664626SKris Kennaway 616e71b7053SJung-uk Kim /* Check TLS version consistency */ 617e71b7053SJung-uk Kim if (ret->ssl_version != s->version) 618e71b7053SJung-uk Kim goto err; 619e71b7053SJung-uk Kim 620db522d3aSSimon L. B. Nielsen if (ret->sid_ctx_length != s->sid_ctx_length 6216f9291ceSJung-uk Kim || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { 6226f9291ceSJung-uk Kim /* 6236f9291ceSJung-uk Kim * We have the session requested by the client, but we don't want to 6246f9291ceSJung-uk Kim * use it in this context. 6256f9291ceSJung-uk Kim */ 62674664626SKris Kennaway goto err; /* treat like cache miss */ 62774664626SKris Kennaway } 628db522d3aSSimon L. B. Nielsen 6296f9291ceSJung-uk Kim if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { 6306f9291ceSJung-uk Kim /* 6316f9291ceSJung-uk Kim * We can't be sure if this session is being used out of context, 6326f9291ceSJung-uk Kim * which is especially important for SSL_VERIFY_PEER. The application 6336f9291ceSJung-uk Kim * should have used SSL[_CTX]_set_session_id_context. For this error 6346f9291ceSJung-uk Kim * case, we generate an error instead of treating the event like a 6356f9291ceSJung-uk Kim * cache miss (otherwise it would be easy for applications to 6366f9291ceSJung-uk Kim * effectively disable the session cache by accident without anyone 6376f9291ceSJung-uk Kim * noticing). 638db522d3aSSimon L. B. Nielsen */ 639db522d3aSSimon L. B. Nielsen 640*b077aed3SPierre Pronchery SSLfatal(s, SSL_AD_INTERNAL_ERROR, 6416f9291ceSJung-uk Kim SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); 642db522d3aSSimon L. B. Nielsen fatal = 1; 643db522d3aSSimon L. B. Nielsen goto err; 64474664626SKris Kennaway } 64574664626SKris Kennaway 646*b077aed3SPierre Pronchery if (sess_timedout(time(NULL), ret)) { 647*b077aed3SPierre Pronchery ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_timeout); 6486f9291ceSJung-uk Kim if (try_session_cache) { 6491f13597dSJung-uk Kim /* session was from the cache, so remove it */ 6501f13597dSJung-uk Kim SSL_CTX_remove_session(s->session_ctx, ret); 6511f13597dSJung-uk Kim } 65274664626SKris Kennaway goto err; 65374664626SKris Kennaway } 65474664626SKris Kennaway 655e71b7053SJung-uk Kim /* Check extended master secret extension consistency */ 656e71b7053SJung-uk Kim if (ret->flags & SSL_SESS_FLAG_EXTMS) { 657e71b7053SJung-uk Kim /* If old session includes extms, but new does not: abort handshake */ 658*b077aed3SPierre Pronchery if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) { 659*b077aed3SPierre Pronchery SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS); 660e71b7053SJung-uk Kim fatal = 1; 661e71b7053SJung-uk Kim goto err; 662e71b7053SJung-uk Kim } 663*b077aed3SPierre Pronchery } else if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) { 664e71b7053SJung-uk Kim /* If new session includes extms, but old does not: do not resume */ 665e71b7053SJung-uk Kim goto err; 666e71b7053SJung-uk Kim } 66774664626SKris Kennaway 668e71b7053SJung-uk Kim if (!SSL_IS_TLS13(s)) { 669e71b7053SJung-uk Kim /* We already did this for TLS1.3 */ 67074664626SKris Kennaway SSL_SESSION_free(s->session); 67174664626SKris Kennaway s->session = ret; 672e71b7053SJung-uk Kim } 673e71b7053SJung-uk Kim 674*b077aed3SPierre Pronchery ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_hit); 675f579bf8eSKris Kennaway s->verify_result = s->session->verify_result; 6761f13597dSJung-uk Kim return 1; 67774664626SKris Kennaway 67874664626SKris Kennaway err: 6796f9291ceSJung-uk Kim if (ret != NULL) { 68074664626SKris Kennaway SSL_SESSION_free(ret); 681e71b7053SJung-uk Kim /* In TLSv1.3 s->session was already set to ret, so we NULL it out */ 682e71b7053SJung-uk Kim if (SSL_IS_TLS13(s)) 683e71b7053SJung-uk Kim s->session = NULL; 684e71b7053SJung-uk Kim 6856f9291ceSJung-uk Kim if (!try_session_cache) { 6866f9291ceSJung-uk Kim /* 6876f9291ceSJung-uk Kim * The session was from a ticket, so we should issue a ticket for 6886f9291ceSJung-uk Kim * the new session 6896f9291ceSJung-uk Kim */ 690e71b7053SJung-uk Kim s->ext.ticket_expected = 1; 6911f13597dSJung-uk Kim } 6921f13597dSJung-uk Kim } 69374664626SKris Kennaway if (fatal) 69474664626SKris Kennaway return -1; 695e71b7053SJung-uk Kim 69674664626SKris Kennaway return 0; 69774664626SKris Kennaway } 69874664626SKris Kennaway 69974664626SKris Kennaway int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) 70074664626SKris Kennaway { 70174664626SKris Kennaway int ret = 0; 70274664626SKris Kennaway SSL_SESSION *s; 70374664626SKris Kennaway 7046f9291ceSJung-uk Kim /* 7056f9291ceSJung-uk Kim * add just 1 reference count for the SSL_CTX's session cache even though 7066f9291ceSJung-uk Kim * it has two ways of access: each session is in a doubly linked list and 7076f9291ceSJung-uk Kim * an lhash 7086f9291ceSJung-uk Kim */ 709e71b7053SJung-uk Kim SSL_SESSION_up_ref(c); 7106f9291ceSJung-uk Kim /* 7116f9291ceSJung-uk Kim * if session c is in already in cache, we take back the increment later 7126f9291ceSJung-uk Kim */ 71374664626SKris Kennaway 714*b077aed3SPierre Pronchery if (!CRYPTO_THREAD_write_lock(ctx->lock)) { 715*b077aed3SPierre Pronchery SSL_SESSION_free(c); 716*b077aed3SPierre Pronchery return 0; 717*b077aed3SPierre Pronchery } 7181f13597dSJung-uk Kim s = lh_SSL_SESSION_insert(ctx->sessions, c); 71974664626SKris Kennaway 7206f9291ceSJung-uk Kim /* 7216f9291ceSJung-uk Kim * s != NULL iff we already had a session with the given PID. In this 7226f9291ceSJung-uk Kim * case, s == c should hold (then we did not really modify 7236f9291ceSJung-uk Kim * ctx->sessions), or we're in trouble. 7246f9291ceSJung-uk Kim */ 7256f9291ceSJung-uk Kim if (s != NULL && s != c) { 726f579bf8eSKris Kennaway /* We *are* in trouble ... */ 727f579bf8eSKris Kennaway SSL_SESSION_list_remove(ctx, s); 728f579bf8eSKris Kennaway SSL_SESSION_free(s); 7296f9291ceSJung-uk Kim /* 7306f9291ceSJung-uk Kim * ... so pretend the other session did not exist in cache (we cannot 7316f9291ceSJung-uk Kim * handle two SSL_SESSION structures with identical session ID in the 7326f9291ceSJung-uk Kim * same cache, which could happen e.g. when two threads concurrently 7336f9291ceSJung-uk Kim * obtain the same session from an external cache) 7346f9291ceSJung-uk Kim */ 735f579bf8eSKris Kennaway s = NULL; 7366cf8931aSJung-uk Kim } else if (s == NULL && 7376cf8931aSJung-uk Kim lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) { 7386cf8931aSJung-uk Kim /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */ 7396cf8931aSJung-uk Kim 7406cf8931aSJung-uk Kim /* 7416cf8931aSJung-uk Kim * ... so take back the extra reference and also don't add 7426cf8931aSJung-uk Kim * the session to the SSL_SESSION_list at this time 7436cf8931aSJung-uk Kim */ 7446cf8931aSJung-uk Kim s = c; 745f579bf8eSKris Kennaway } 746f579bf8eSKris Kennaway 747*b077aed3SPierre Pronchery /* Adjust last used time, and add back into the cache at the appropriate spot */ 748*b077aed3SPierre Pronchery if (ctx->session_cache_mode & SSL_SESS_CACHE_UPDATE_TIME) { 749*b077aed3SPierre Pronchery c->time = time(NULL); 750*b077aed3SPierre Pronchery ssl_session_calculate_timeout(c); 751*b077aed3SPierre Pronchery } 752*b077aed3SPierre Pronchery 753*b077aed3SPierre Pronchery if (s == NULL) { 754*b077aed3SPierre Pronchery /* 755*b077aed3SPierre Pronchery * new cache entry -- remove old ones if cache has become too large 756*b077aed3SPierre Pronchery * delete cache entry *before* add, so we don't remove the one we're adding! 757*b077aed3SPierre Pronchery */ 758*b077aed3SPierre Pronchery 759*b077aed3SPierre Pronchery ret = 1; 760*b077aed3SPierre Pronchery 761*b077aed3SPierre Pronchery if (SSL_CTX_sess_get_cache_size(ctx) > 0) { 762*b077aed3SPierre Pronchery while (SSL_CTX_sess_number(ctx) >= SSL_CTX_sess_get_cache_size(ctx)) { 763*b077aed3SPierre Pronchery if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) 764*b077aed3SPierre Pronchery break; 765*b077aed3SPierre Pronchery else 766*b077aed3SPierre Pronchery ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full); 767*b077aed3SPierre Pronchery } 768*b077aed3SPierre Pronchery } 769*b077aed3SPierre Pronchery } 770*b077aed3SPierre Pronchery 77174664626SKris Kennaway SSL_SESSION_list_add(ctx, c); 77274664626SKris Kennaway 7736f9291ceSJung-uk Kim if (s != NULL) { 7746f9291ceSJung-uk Kim /* 7756f9291ceSJung-uk Kim * existing cache entry -- decrement previously incremented reference 7766f9291ceSJung-uk Kim * count because it already takes into account the cache 7776f9291ceSJung-uk Kim */ 778f579bf8eSKris Kennaway 779f579bf8eSKris Kennaway SSL_SESSION_free(s); /* s == c */ 78074664626SKris Kennaway ret = 0; 78174664626SKris Kennaway } 782e71b7053SJung-uk Kim CRYPTO_THREAD_unlock(ctx->lock); 783e71b7053SJung-uk Kim return ret; 78474664626SKris Kennaway } 78574664626SKris Kennaway 78674664626SKris Kennaway int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) 78774664626SKris Kennaway { 78874664626SKris Kennaway return remove_session_lock(ctx, c, 1); 78974664626SKris Kennaway } 79074664626SKris Kennaway 79174664626SKris Kennaway static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) 79274664626SKris Kennaway { 79374664626SKris Kennaway SSL_SESSION *r; 79474664626SKris Kennaway int ret = 0; 79574664626SKris Kennaway 7966f9291ceSJung-uk Kim if ((c != NULL) && (c->session_id_length != 0)) { 797*b077aed3SPierre Pronchery if (lck) { 798*b077aed3SPierre Pronchery if (!CRYPTO_THREAD_write_lock(ctx->lock)) 799*b077aed3SPierre Pronchery return 0; 800*b077aed3SPierre Pronchery } 801e71b7053SJung-uk Kim if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) { 80274664626SKris Kennaway ret = 1; 803e71b7053SJung-uk Kim r = lh_SSL_SESSION_delete(ctx->sessions, r); 804e71b7053SJung-uk Kim SSL_SESSION_list_remove(ctx, r); 80574664626SKris Kennaway } 806e71b7053SJung-uk Kim c->not_resumable = 1; 80774664626SKris Kennaway 8086f9291ceSJung-uk Kim if (lck) 809e71b7053SJung-uk Kim CRYPTO_THREAD_unlock(ctx->lock); 81074664626SKris Kennaway 81174664626SKris Kennaway if (ctx->remove_session_cb != NULL) 812e71b7053SJung-uk Kim ctx->remove_session_cb(ctx, c); 813e71b7053SJung-uk Kim 814e71b7053SJung-uk Kim if (ret) 81574664626SKris Kennaway SSL_SESSION_free(r); 816*b077aed3SPierre Pronchery } 817e71b7053SJung-uk Kim return ret; 81874664626SKris Kennaway } 81974664626SKris Kennaway 82074664626SKris Kennaway void SSL_SESSION_free(SSL_SESSION *ss) 82174664626SKris Kennaway { 82274664626SKris Kennaway int i; 82374664626SKris Kennaway 82474664626SKris Kennaway if (ss == NULL) 82574664626SKris Kennaway return; 826e71b7053SJung-uk Kim CRYPTO_DOWN_REF(&ss->references, &i, ss->lock); 827e71b7053SJung-uk Kim REF_PRINT_COUNT("SSL_SESSION", ss); 8286f9291ceSJung-uk Kim if (i > 0) 8296f9291ceSJung-uk Kim return; 830e71b7053SJung-uk Kim REF_ASSERT_ISNT(i < 0); 83174664626SKris Kennaway 8325c87c606SMark Murray CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); 83374664626SKris Kennaway 834dee36b4fSJung-uk Kim OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key)); 835dee36b4fSJung-uk Kim OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id)); 8366f9291ceSJung-uk Kim X509_free(ss->peer); 837e71b7053SJung-uk Kim sk_X509_pop_free(ss->peer_chain, X509_free); 838e71b7053SJung-uk Kim OPENSSL_free(ss->ext.hostname); 839e71b7053SJung-uk Kim OPENSSL_free(ss->ext.tick); 8401f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 8411f13597dSJung-uk Kim OPENSSL_free(ss->psk_identity_hint); 8421f13597dSJung-uk Kim OPENSSL_free(ss->psk_identity); 8431f13597dSJung-uk Kim #endif 8441f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 8451f13597dSJung-uk Kim OPENSSL_free(ss->srp_username); 846db522d3aSSimon L. B. Nielsen #endif 847e71b7053SJung-uk Kim OPENSSL_free(ss->ext.alpn_selected); 848e71b7053SJung-uk Kim OPENSSL_free(ss->ticket_appdata); 849e71b7053SJung-uk Kim CRYPTO_THREAD_lock_free(ss->lock); 850e71b7053SJung-uk Kim OPENSSL_clear_free(ss, sizeof(*ss)); 851e71b7053SJung-uk Kim } 852e71b7053SJung-uk Kim 853e71b7053SJung-uk Kim int SSL_SESSION_up_ref(SSL_SESSION *ss) 854e71b7053SJung-uk Kim { 855e71b7053SJung-uk Kim int i; 856e71b7053SJung-uk Kim 857e71b7053SJung-uk Kim if (CRYPTO_UP_REF(&ss->references, &i, ss->lock) <= 0) 858e71b7053SJung-uk Kim return 0; 859e71b7053SJung-uk Kim 860e71b7053SJung-uk Kim REF_PRINT_COUNT("SSL_SESSION", ss); 861e71b7053SJung-uk Kim REF_ASSERT_ISNT(i < 2); 862e71b7053SJung-uk Kim return ((i > 1) ? 1 : 0); 86374664626SKris Kennaway } 86474664626SKris Kennaway 86574664626SKris Kennaway int SSL_set_session(SSL *s, SSL_SESSION *session) 86674664626SKris Kennaway { 867e71b7053SJung-uk Kim ssl_clear_bad_session(s); 868e71b7053SJung-uk Kim if (s->ctx->method != s->method) { 869e71b7053SJung-uk Kim if (!SSL_set_ssl_method(s, s->ctx->method)) 870aeb5019cSJung-uk Kim return 0; 871aeb5019cSJung-uk Kim } 8725c87c606SMark Murray 873e71b7053SJung-uk Kim if (session != NULL) { 874e71b7053SJung-uk Kim SSL_SESSION_up_ref(session); 875e71b7053SJung-uk Kim s->verify_result = session->verify_result; 876e71b7053SJung-uk Kim } 87774664626SKris Kennaway SSL_SESSION_free(s->session); 87874664626SKris Kennaway s->session = session; 879e71b7053SJung-uk Kim 880e71b7053SJung-uk Kim return 1; 88174664626SKris Kennaway } 88274664626SKris Kennaway 883e71b7053SJung-uk Kim int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, 884e71b7053SJung-uk Kim unsigned int sid_len) 885e71b7053SJung-uk Kim { 886e71b7053SJung-uk Kim if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) { 887*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG); 888e71b7053SJung-uk Kim return 0; 88974664626SKris Kennaway } 890e71b7053SJung-uk Kim s->session_id_length = sid_len; 891e71b7053SJung-uk Kim if (sid != s->session_id) 892e71b7053SJung-uk Kim memcpy(s->session_id, sid, sid_len); 893e71b7053SJung-uk Kim return 1; 89474664626SKris Kennaway } 89574664626SKris Kennaway 89674664626SKris Kennaway long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) 89774664626SKris Kennaway { 898*b077aed3SPierre Pronchery time_t new_timeout = (time_t)t; 899*b077aed3SPierre Pronchery 900*b077aed3SPierre Pronchery if (s == NULL || t < 0) 901e71b7053SJung-uk Kim return 0; 902*b077aed3SPierre Pronchery if (s->owner != NULL) { 903*b077aed3SPierre Pronchery if (!CRYPTO_THREAD_write_lock(s->owner->lock)) 904*b077aed3SPierre Pronchery return 0; 905*b077aed3SPierre Pronchery s->timeout = new_timeout; 906*b077aed3SPierre Pronchery ssl_session_calculate_timeout(s); 907*b077aed3SPierre Pronchery SSL_SESSION_list_add(s->owner, s); 908*b077aed3SPierre Pronchery CRYPTO_THREAD_unlock(s->owner->lock); 909*b077aed3SPierre Pronchery } else { 910*b077aed3SPierre Pronchery s->timeout = new_timeout; 911*b077aed3SPierre Pronchery ssl_session_calculate_timeout(s); 912*b077aed3SPierre Pronchery } 913e71b7053SJung-uk Kim return 1; 91474664626SKris Kennaway } 91574664626SKris Kennaway 9163b4e3dcbSSimon L. B. Nielsen long SSL_SESSION_get_timeout(const SSL_SESSION *s) 91774664626SKris Kennaway { 9186f9291ceSJung-uk Kim if (s == NULL) 919e71b7053SJung-uk Kim return 0; 920*b077aed3SPierre Pronchery return (long)s->timeout; 92174664626SKris Kennaway } 92274664626SKris Kennaway 9233b4e3dcbSSimon L. B. Nielsen long SSL_SESSION_get_time(const SSL_SESSION *s) 92474664626SKris Kennaway { 9256f9291ceSJung-uk Kim if (s == NULL) 926e71b7053SJung-uk Kim return 0; 927*b077aed3SPierre Pronchery return (long)s->time; 92874664626SKris Kennaway } 92974664626SKris Kennaway 93074664626SKris Kennaway long SSL_SESSION_set_time(SSL_SESSION *s, long t) 93174664626SKris Kennaway { 932*b077aed3SPierre Pronchery time_t new_time = (time_t)t; 933*b077aed3SPierre Pronchery 9346f9291ceSJung-uk Kim if (s == NULL) 935e71b7053SJung-uk Kim return 0; 936*b077aed3SPierre Pronchery if (s->owner != NULL) { 937*b077aed3SPierre Pronchery if (!CRYPTO_THREAD_write_lock(s->owner->lock)) 938*b077aed3SPierre Pronchery return 0; 939*b077aed3SPierre Pronchery s->time = new_time; 940*b077aed3SPierre Pronchery ssl_session_calculate_timeout(s); 941*b077aed3SPierre Pronchery SSL_SESSION_list_add(s->owner, s); 942*b077aed3SPierre Pronchery CRYPTO_THREAD_unlock(s->owner->lock); 943*b077aed3SPierre Pronchery } else { 944*b077aed3SPierre Pronchery s->time = new_time; 945*b077aed3SPierre Pronchery ssl_session_calculate_timeout(s); 946*b077aed3SPierre Pronchery } 947e71b7053SJung-uk Kim return t; 948e71b7053SJung-uk Kim } 949e71b7053SJung-uk Kim 950e71b7053SJung-uk Kim int SSL_SESSION_get_protocol_version(const SSL_SESSION *s) 951e71b7053SJung-uk Kim { 952e71b7053SJung-uk Kim return s->ssl_version; 953e71b7053SJung-uk Kim } 954e71b7053SJung-uk Kim 955e71b7053SJung-uk Kim int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version) 956e71b7053SJung-uk Kim { 957e71b7053SJung-uk Kim s->ssl_version = version; 958e71b7053SJung-uk Kim return 1; 959e71b7053SJung-uk Kim } 960e71b7053SJung-uk Kim 961e71b7053SJung-uk Kim const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s) 962e71b7053SJung-uk Kim { 963e71b7053SJung-uk Kim return s->cipher; 964e71b7053SJung-uk Kim } 965e71b7053SJung-uk Kim 966e71b7053SJung-uk Kim int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher) 967e71b7053SJung-uk Kim { 968e71b7053SJung-uk Kim s->cipher = cipher; 969e71b7053SJung-uk Kim return 1; 970e71b7053SJung-uk Kim } 971e71b7053SJung-uk Kim 972e71b7053SJung-uk Kim const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s) 973e71b7053SJung-uk Kim { 974e71b7053SJung-uk Kim return s->ext.hostname; 975e71b7053SJung-uk Kim } 976e71b7053SJung-uk Kim 977e71b7053SJung-uk Kim int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname) 978e71b7053SJung-uk Kim { 979e71b7053SJung-uk Kim OPENSSL_free(s->ext.hostname); 980e71b7053SJung-uk Kim if (hostname == NULL) { 981e71b7053SJung-uk Kim s->ext.hostname = NULL; 982e71b7053SJung-uk Kim return 1; 983e71b7053SJung-uk Kim } 984e71b7053SJung-uk Kim s->ext.hostname = OPENSSL_strdup(hostname); 985e71b7053SJung-uk Kim 986e71b7053SJung-uk Kim return s->ext.hostname != NULL; 987e71b7053SJung-uk Kim } 988e71b7053SJung-uk Kim 989e71b7053SJung-uk Kim int SSL_SESSION_has_ticket(const SSL_SESSION *s) 990e71b7053SJung-uk Kim { 991e71b7053SJung-uk Kim return (s->ext.ticklen > 0) ? 1 : 0; 992e71b7053SJung-uk Kim } 993e71b7053SJung-uk Kim 994e71b7053SJung-uk Kim unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s) 995e71b7053SJung-uk Kim { 996e71b7053SJung-uk Kim return s->ext.tick_lifetime_hint; 997e71b7053SJung-uk Kim } 998e71b7053SJung-uk Kim 999e71b7053SJung-uk Kim void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, 1000e71b7053SJung-uk Kim size_t *len) 1001e71b7053SJung-uk Kim { 1002e71b7053SJung-uk Kim *len = s->ext.ticklen; 1003e71b7053SJung-uk Kim if (tick != NULL) 1004e71b7053SJung-uk Kim *tick = s->ext.tick; 1005e71b7053SJung-uk Kim } 1006e71b7053SJung-uk Kim 1007e71b7053SJung-uk Kim uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s) 1008e71b7053SJung-uk Kim { 1009e71b7053SJung-uk Kim return s->ext.max_early_data; 1010e71b7053SJung-uk Kim } 1011e71b7053SJung-uk Kim 1012e71b7053SJung-uk Kim int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data) 1013e71b7053SJung-uk Kim { 1014e71b7053SJung-uk Kim s->ext.max_early_data = max_early_data; 1015e71b7053SJung-uk Kim 1016e71b7053SJung-uk Kim return 1; 1017e71b7053SJung-uk Kim } 1018e71b7053SJung-uk Kim 1019e71b7053SJung-uk Kim void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, 1020e71b7053SJung-uk Kim const unsigned char **alpn, 1021e71b7053SJung-uk Kim size_t *len) 1022e71b7053SJung-uk Kim { 1023e71b7053SJung-uk Kim *alpn = s->ext.alpn_selected; 1024e71b7053SJung-uk Kim *len = s->ext.alpn_selected_len; 1025e71b7053SJung-uk Kim } 1026e71b7053SJung-uk Kim 1027e71b7053SJung-uk Kim int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, 1028e71b7053SJung-uk Kim size_t len) 1029e71b7053SJung-uk Kim { 1030e71b7053SJung-uk Kim OPENSSL_free(s->ext.alpn_selected); 1031e71b7053SJung-uk Kim if (alpn == NULL || len == 0) { 1032e71b7053SJung-uk Kim s->ext.alpn_selected = NULL; 1033e71b7053SJung-uk Kim s->ext.alpn_selected_len = 0; 1034e71b7053SJung-uk Kim return 1; 1035e71b7053SJung-uk Kim } 1036e71b7053SJung-uk Kim s->ext.alpn_selected = OPENSSL_memdup(alpn, len); 1037e71b7053SJung-uk Kim if (s->ext.alpn_selected == NULL) { 1038e71b7053SJung-uk Kim s->ext.alpn_selected_len = 0; 1039e71b7053SJung-uk Kim return 0; 1040e71b7053SJung-uk Kim } 1041e71b7053SJung-uk Kim s->ext.alpn_selected_len = len; 1042e71b7053SJung-uk Kim 1043e71b7053SJung-uk Kim return 1; 104474664626SKris Kennaway } 104574664626SKris Kennaway 10461f13597dSJung-uk Kim X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) 10471f13597dSJung-uk Kim { 10481f13597dSJung-uk Kim return s->peer; 10491f13597dSJung-uk Kim } 10501f13597dSJung-uk Kim 10511f13597dSJung-uk Kim int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, 10521f13597dSJung-uk Kim unsigned int sid_ctx_len) 10531f13597dSJung-uk Kim { 10546f9291ceSJung-uk Kim if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 1055*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 10561f13597dSJung-uk Kim return 0; 10571f13597dSJung-uk Kim } 10581f13597dSJung-uk Kim s->sid_ctx_length = sid_ctx_len; 1059e71b7053SJung-uk Kim if (sid_ctx != s->sid_ctx) 10601f13597dSJung-uk Kim memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); 10611f13597dSJung-uk Kim 10621f13597dSJung-uk Kim return 1; 10631f13597dSJung-uk Kim } 10641f13597dSJung-uk Kim 1065e71b7053SJung-uk Kim int SSL_SESSION_is_resumable(const SSL_SESSION *s) 1066e71b7053SJung-uk Kim { 1067e71b7053SJung-uk Kim /* 1068e71b7053SJung-uk Kim * In the case of EAP-FAST, we can have a pre-shared "ticket" without a 1069e71b7053SJung-uk Kim * session ID. 1070e71b7053SJung-uk Kim */ 1071e71b7053SJung-uk Kim return !s->not_resumable 1072e71b7053SJung-uk Kim && (s->session_id_length > 0 || s->ext.ticklen > 0); 1073e71b7053SJung-uk Kim } 1074e71b7053SJung-uk Kim 107574664626SKris Kennaway long SSL_CTX_set_timeout(SSL_CTX *s, long t) 107674664626SKris Kennaway { 107774664626SKris Kennaway long l; 10786f9291ceSJung-uk Kim if (s == NULL) 1079e71b7053SJung-uk Kim return 0; 108074664626SKris Kennaway l = s->session_timeout; 108174664626SKris Kennaway s->session_timeout = t; 1082e71b7053SJung-uk Kim return l; 108374664626SKris Kennaway } 108474664626SKris Kennaway 10853b4e3dcbSSimon L. B. Nielsen long SSL_CTX_get_timeout(const SSL_CTX *s) 108674664626SKris Kennaway { 10876f9291ceSJung-uk Kim if (s == NULL) 1088e71b7053SJung-uk Kim return 0; 1089e71b7053SJung-uk Kim return s->session_timeout; 109074664626SKris Kennaway } 109174664626SKris Kennaway 10926f9291ceSJung-uk Kim int SSL_set_session_secret_cb(SSL *s, 1093e71b7053SJung-uk Kim tls_session_secret_cb_fn tls_session_secret_cb, 10946f9291ceSJung-uk Kim void *arg) 10951f13597dSJung-uk Kim { 10966f9291ceSJung-uk Kim if (s == NULL) 1097e71b7053SJung-uk Kim return 0; 1098e71b7053SJung-uk Kim s->ext.session_secret_cb = tls_session_secret_cb; 1099e71b7053SJung-uk Kim s->ext.session_secret_cb_arg = arg; 1100e71b7053SJung-uk Kim return 1; 11011f13597dSJung-uk Kim } 11021f13597dSJung-uk Kim 11031f13597dSJung-uk Kim int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, 11041f13597dSJung-uk Kim void *arg) 11051f13597dSJung-uk Kim { 11066f9291ceSJung-uk Kim if (s == NULL) 1107e71b7053SJung-uk Kim return 0; 1108e71b7053SJung-uk Kim s->ext.session_ticket_cb = cb; 1109e71b7053SJung-uk Kim s->ext.session_ticket_cb_arg = arg; 1110e71b7053SJung-uk Kim return 1; 11111f13597dSJung-uk Kim } 11121f13597dSJung-uk Kim 11131f13597dSJung-uk Kim int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) 11141f13597dSJung-uk Kim { 11156f9291ceSJung-uk Kim if (s->version >= TLS1_VERSION) { 1116e71b7053SJung-uk Kim OPENSSL_free(s->ext.session_ticket); 1117e71b7053SJung-uk Kim s->ext.session_ticket = NULL; 1118e71b7053SJung-uk Kim s->ext.session_ticket = 11196f9291ceSJung-uk Kim OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); 1120e71b7053SJung-uk Kim if (s->ext.session_ticket == NULL) { 1121*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 11221f13597dSJung-uk Kim return 0; 11231f13597dSJung-uk Kim } 11241f13597dSJung-uk Kim 1125e71b7053SJung-uk Kim if (ext_data != NULL) { 1126e71b7053SJung-uk Kim s->ext.session_ticket->length = ext_len; 1127e71b7053SJung-uk Kim s->ext.session_ticket->data = s->ext.session_ticket + 1; 1128e71b7053SJung-uk Kim memcpy(s->ext.session_ticket->data, ext_data, ext_len); 11296f9291ceSJung-uk Kim } else { 1130e71b7053SJung-uk Kim s->ext.session_ticket->length = 0; 1131e71b7053SJung-uk Kim s->ext.session_ticket->data = NULL; 11321f13597dSJung-uk Kim } 11331f13597dSJung-uk Kim 11341f13597dSJung-uk Kim return 1; 11351f13597dSJung-uk Kim } 11361f13597dSJung-uk Kim 11371f13597dSJung-uk Kim return 0; 11381f13597dSJung-uk Kim } 11391f13597dSJung-uk Kim 114074664626SKris Kennaway void SSL_CTX_flush_sessions(SSL_CTX *s, long t) 114174664626SKris Kennaway { 1142*b077aed3SPierre Pronchery STACK_OF(SSL_SESSION) *sk; 1143*b077aed3SPierre Pronchery SSL_SESSION *current; 114474664626SKris Kennaway unsigned long i; 114574664626SKris Kennaway 1146*b077aed3SPierre Pronchery if (!CRYPTO_THREAD_write_lock(s->lock)) 11476f9291ceSJung-uk Kim return; 1148*b077aed3SPierre Pronchery 1149*b077aed3SPierre Pronchery sk = sk_SSL_SESSION_new_null(); 1150e71b7053SJung-uk Kim i = lh_SSL_SESSION_get_down_load(s->sessions); 1151e71b7053SJung-uk Kim lh_SSL_SESSION_set_down_load(s->sessions, 0); 1152*b077aed3SPierre Pronchery 1153*b077aed3SPierre Pronchery /* 1154*b077aed3SPierre Pronchery * Iterate over the list from the back (oldest), and stop 1155*b077aed3SPierre Pronchery * when a session can no longer be removed. 1156*b077aed3SPierre Pronchery * Add the session to a temporary list to be freed outside 1157*b077aed3SPierre Pronchery * the SSL_CTX lock. 1158*b077aed3SPierre Pronchery * But still do the remove_session_cb() within the lock. 1159*b077aed3SPierre Pronchery */ 1160*b077aed3SPierre Pronchery while (s->session_cache_tail != NULL) { 1161*b077aed3SPierre Pronchery current = s->session_cache_tail; 1162*b077aed3SPierre Pronchery if (t == 0 || sess_timedout((time_t)t, current)) { 1163*b077aed3SPierre Pronchery lh_SSL_SESSION_delete(s->sessions, current); 1164*b077aed3SPierre Pronchery SSL_SESSION_list_remove(s, current); 1165*b077aed3SPierre Pronchery current->not_resumable = 1; 1166*b077aed3SPierre Pronchery if (s->remove_session_cb != NULL) 1167*b077aed3SPierre Pronchery s->remove_session_cb(s, current); 1168*b077aed3SPierre Pronchery /* 1169*b077aed3SPierre Pronchery * Throw the session on a stack, it's entirely plausible 1170*b077aed3SPierre Pronchery * that while freeing outside the critical section, the 1171*b077aed3SPierre Pronchery * session could be re-added, so avoid using the next/prev 1172*b077aed3SPierre Pronchery * pointers. If the stack failed to create, or the session 1173*b077aed3SPierre Pronchery * couldn't be put on the stack, just free it here 1174*b077aed3SPierre Pronchery */ 1175*b077aed3SPierre Pronchery if (sk == NULL || !sk_SSL_SESSION_push(sk, current)) 1176*b077aed3SPierre Pronchery SSL_SESSION_free(current); 1177*b077aed3SPierre Pronchery } else { 1178*b077aed3SPierre Pronchery break; 1179*b077aed3SPierre Pronchery } 1180*b077aed3SPierre Pronchery } 1181*b077aed3SPierre Pronchery 1182e71b7053SJung-uk Kim lh_SSL_SESSION_set_down_load(s->sessions, i); 1183e71b7053SJung-uk Kim CRYPTO_THREAD_unlock(s->lock); 1184*b077aed3SPierre Pronchery 1185*b077aed3SPierre Pronchery sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free); 118674664626SKris Kennaway } 118774664626SKris Kennaway 118874664626SKris Kennaway int ssl_clear_bad_session(SSL *s) 118974664626SKris Kennaway { 119074664626SKris Kennaway if ((s->session != NULL) && 119174664626SKris Kennaway !(s->shutdown & SSL_SENT_SHUTDOWN) && 11926f9291ceSJung-uk Kim !(SSL_in_init(s) || SSL_in_before(s))) { 1193aeb5019cSJung-uk Kim SSL_CTX_remove_session(s->session_ctx, s->session); 1194e71b7053SJung-uk Kim return 1; 11956f9291ceSJung-uk Kim } else 1196e71b7053SJung-uk Kim return 0; 119774664626SKris Kennaway } 119874664626SKris Kennaway 119974664626SKris Kennaway /* locked by SSL_CTX in the calling function */ 120074664626SKris Kennaway static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) 120174664626SKris Kennaway { 12026f9291ceSJung-uk Kim if ((s->next == NULL) || (s->prev == NULL)) 12036f9291ceSJung-uk Kim return; 120474664626SKris Kennaway 12056f9291ceSJung-uk Kim if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) { 12066f9291ceSJung-uk Kim /* last element in list */ 12076f9291ceSJung-uk Kim if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) { 12086f9291ceSJung-uk Kim /* only one element in list */ 120974664626SKris Kennaway ctx->session_cache_head = NULL; 121074664626SKris Kennaway ctx->session_cache_tail = NULL; 12116f9291ceSJung-uk Kim } else { 121274664626SKris Kennaway ctx->session_cache_tail = s->prev; 121374664626SKris Kennaway s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail); 121474664626SKris Kennaway } 12156f9291ceSJung-uk Kim } else { 12166f9291ceSJung-uk Kim if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) { 12176f9291ceSJung-uk Kim /* first element in list */ 121874664626SKris Kennaway ctx->session_cache_head = s->next; 121974664626SKris Kennaway s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head); 12206f9291ceSJung-uk Kim } else { 12216f9291ceSJung-uk Kim /* middle of list */ 122274664626SKris Kennaway s->next->prev = s->prev; 122374664626SKris Kennaway s->prev->next = s->next; 122474664626SKris Kennaway } 122574664626SKris Kennaway } 122674664626SKris Kennaway s->prev = s->next = NULL; 1227*b077aed3SPierre Pronchery s->owner = NULL; 122874664626SKris Kennaway } 122974664626SKris Kennaway 123074664626SKris Kennaway static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) 123174664626SKris Kennaway { 1232*b077aed3SPierre Pronchery SSL_SESSION *next; 1233*b077aed3SPierre Pronchery 123474664626SKris Kennaway if ((s->next != NULL) && (s->prev != NULL)) 123574664626SKris Kennaway SSL_SESSION_list_remove(ctx, s); 123674664626SKris Kennaway 12376f9291ceSJung-uk Kim if (ctx->session_cache_head == NULL) { 123874664626SKris Kennaway ctx->session_cache_head = s; 123974664626SKris Kennaway ctx->session_cache_tail = s; 124074664626SKris Kennaway s->prev = (SSL_SESSION *)&(ctx->session_cache_head); 124174664626SKris Kennaway s->next = (SSL_SESSION *)&(ctx->session_cache_tail); 12426f9291ceSJung-uk Kim } else { 1243*b077aed3SPierre Pronchery if (timeoutcmp(s, ctx->session_cache_head) >= 0) { 1244*b077aed3SPierre Pronchery /* 1245*b077aed3SPierre Pronchery * if we timeout after (or the same time as) the first 1246*b077aed3SPierre Pronchery * session, put us first - usual case 1247*b077aed3SPierre Pronchery */ 124874664626SKris Kennaway s->next = ctx->session_cache_head; 124974664626SKris Kennaway s->next->prev = s; 125074664626SKris Kennaway s->prev = (SSL_SESSION *)&(ctx->session_cache_head); 125174664626SKris Kennaway ctx->session_cache_head = s; 1252*b077aed3SPierre Pronchery } else if (timeoutcmp(s, ctx->session_cache_tail) < 0) { 1253*b077aed3SPierre Pronchery /* if we timeout before the last session, put us last */ 1254*b077aed3SPierre Pronchery s->prev = ctx->session_cache_tail; 1255*b077aed3SPierre Pronchery s->prev->next = s; 1256*b077aed3SPierre Pronchery s->next = (SSL_SESSION *)&(ctx->session_cache_tail); 1257*b077aed3SPierre Pronchery ctx->session_cache_tail = s; 1258*b077aed3SPierre Pronchery } else { 1259*b077aed3SPierre Pronchery /* 1260*b077aed3SPierre Pronchery * we timeout somewhere in-between - if there is only 1261*b077aed3SPierre Pronchery * one session in the cache it will be caught above 1262*b077aed3SPierre Pronchery */ 1263*b077aed3SPierre Pronchery next = ctx->session_cache_head->next; 1264*b077aed3SPierre Pronchery while (next != (SSL_SESSION*)&(ctx->session_cache_tail)) { 1265*b077aed3SPierre Pronchery if (timeoutcmp(s, next) >= 0) { 1266*b077aed3SPierre Pronchery s->next = next; 1267*b077aed3SPierre Pronchery s->prev = next->prev; 1268*b077aed3SPierre Pronchery next->prev->next = s; 1269*b077aed3SPierre Pronchery next->prev = s; 1270*b077aed3SPierre Pronchery break; 127174664626SKris Kennaway } 1272*b077aed3SPierre Pronchery next = next->next; 1273*b077aed3SPierre Pronchery } 1274*b077aed3SPierre Pronchery } 1275*b077aed3SPierre Pronchery } 1276*b077aed3SPierre Pronchery s->owner = ctx; 127774664626SKris Kennaway } 127874664626SKris Kennaway 12795471f83eSSimon L. B. Nielsen void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, 1280e71b7053SJung-uk Kim int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess)) 12815471f83eSSimon L. B. Nielsen { 12825471f83eSSimon L. B. Nielsen ctx->new_session_cb = cb; 12835471f83eSSimon L. B. Nielsen } 12845471f83eSSimon L. B. Nielsen 12856f9291ceSJung-uk Kim int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) { 12865471f83eSSimon L. B. Nielsen return ctx->new_session_cb; 12875471f83eSSimon L. B. Nielsen } 12885471f83eSSimon L. B. Nielsen 12895471f83eSSimon L. B. Nielsen void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, 12905471f83eSSimon L. B. Nielsen void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess)) 12915471f83eSSimon L. B. Nielsen { 12925471f83eSSimon L. B. Nielsen ctx->remove_session_cb = cb; 12935471f83eSSimon L. B. Nielsen } 12945471f83eSSimon L. B. Nielsen 12956f9291ceSJung-uk Kim void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx, 12966f9291ceSJung-uk Kim SSL_SESSION *sess) { 12975471f83eSSimon L. B. Nielsen return ctx->remove_session_cb; 12985471f83eSSimon L. B. Nielsen } 12995471f83eSSimon L. B. Nielsen 13005471f83eSSimon L. B. Nielsen void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, 13015471f83eSSimon L. B. Nielsen SSL_SESSION *(*cb) (struct ssl_st *ssl, 1302e71b7053SJung-uk Kim const unsigned char *data, 1303e71b7053SJung-uk Kim int len, int *copy)) 13045471f83eSSimon L. B. Nielsen { 13055471f83eSSimon L. B. Nielsen ctx->get_session_cb = cb; 13065471f83eSSimon L. B. Nielsen } 13075471f83eSSimon L. B. Nielsen 13085471f83eSSimon L. B. Nielsen SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl, 1309e71b7053SJung-uk Kim const unsigned char 1310e71b7053SJung-uk Kim *data, int len, 1311e71b7053SJung-uk Kim int *copy) { 13125471f83eSSimon L. B. Nielsen return ctx->get_session_cb; 13135471f83eSSimon L. B. Nielsen } 13145471f83eSSimon L. B. Nielsen 13155471f83eSSimon L. B. Nielsen void SSL_CTX_set_info_callback(SSL_CTX *ctx, 13165471f83eSSimon L. B. Nielsen void (*cb) (const SSL *ssl, int type, int val)) 13175471f83eSSimon L. B. Nielsen { 13185471f83eSSimon L. B. Nielsen ctx->info_callback = cb; 13195471f83eSSimon L. B. Nielsen } 13205471f83eSSimon L. B. Nielsen 13216f9291ceSJung-uk Kim void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, 13226f9291ceSJung-uk Kim int val) { 13235471f83eSSimon L. B. Nielsen return ctx->info_callback; 13245471f83eSSimon L. B. Nielsen } 13255471f83eSSimon L. B. Nielsen 13265471f83eSSimon L. B. Nielsen void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, 13276f9291ceSJung-uk Kim int (*cb) (SSL *ssl, X509 **x509, 13286f9291ceSJung-uk Kim EVP_PKEY **pkey)) 13295471f83eSSimon L. B. Nielsen { 13305471f83eSSimon L. B. Nielsen ctx->client_cert_cb = cb; 13315471f83eSSimon L. B. Nielsen } 13325471f83eSSimon L. B. Nielsen 13336f9291ceSJung-uk Kim int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, 13346f9291ceSJung-uk Kim EVP_PKEY **pkey) { 13355471f83eSSimon L. B. Nielsen return ctx->client_cert_cb; 13365471f83eSSimon L. B. Nielsen } 13375471f83eSSimon L. B. Nielsen 13385471f83eSSimon L. B. Nielsen void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, 13396f9291ceSJung-uk Kim int (*cb) (SSL *ssl, 13406f9291ceSJung-uk Kim unsigned char *cookie, 13416f9291ceSJung-uk Kim unsigned int *cookie_len)) 13425471f83eSSimon L. B. Nielsen { 13435471f83eSSimon L. B. Nielsen ctx->app_gen_cookie_cb = cb; 13445471f83eSSimon L. B. Nielsen } 13455471f83eSSimon L. B. Nielsen 13465471f83eSSimon L. B. Nielsen void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, 1347e71b7053SJung-uk Kim int (*cb) (SSL *ssl, 1348e71b7053SJung-uk Kim const unsigned char *cookie, 13496f9291ceSJung-uk Kim unsigned int cookie_len)) 13505471f83eSSimon L. B. Nielsen { 13515471f83eSSimon L. B. Nielsen ctx->app_verify_cookie_cb = cb; 13525471f83eSSimon L. B. Nielsen } 13535471f83eSSimon L. B. Nielsen 1354e71b7053SJung-uk Kim int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len) 1355e71b7053SJung-uk Kim { 1356e71b7053SJung-uk Kim OPENSSL_free(ss->ticket_appdata); 1357e71b7053SJung-uk Kim ss->ticket_appdata_len = 0; 1358e71b7053SJung-uk Kim if (data == NULL || len == 0) { 1359e71b7053SJung-uk Kim ss->ticket_appdata = NULL; 1360e71b7053SJung-uk Kim return 1; 1361e71b7053SJung-uk Kim } 1362e71b7053SJung-uk Kim ss->ticket_appdata = OPENSSL_memdup(data, len); 1363e71b7053SJung-uk Kim if (ss->ticket_appdata != NULL) { 1364e71b7053SJung-uk Kim ss->ticket_appdata_len = len; 1365e71b7053SJung-uk Kim return 1; 1366e71b7053SJung-uk Kim } 1367e71b7053SJung-uk Kim return 0; 1368e71b7053SJung-uk Kim } 1369e71b7053SJung-uk Kim 1370e71b7053SJung-uk Kim int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len) 1371e71b7053SJung-uk Kim { 1372e71b7053SJung-uk Kim *data = ss->ticket_appdata; 1373e71b7053SJung-uk Kim *len = ss->ticket_appdata_len; 1374e71b7053SJung-uk Kim return 1; 1375e71b7053SJung-uk Kim } 1376e71b7053SJung-uk Kim 1377e71b7053SJung-uk Kim void SSL_CTX_set_stateless_cookie_generate_cb( 1378e71b7053SJung-uk Kim SSL_CTX *ctx, 1379e71b7053SJung-uk Kim int (*cb) (SSL *ssl, 1380e71b7053SJung-uk Kim unsigned char *cookie, 1381e71b7053SJung-uk Kim size_t *cookie_len)) 1382e71b7053SJung-uk Kim { 1383e71b7053SJung-uk Kim ctx->gen_stateless_cookie_cb = cb; 1384e71b7053SJung-uk Kim } 1385e71b7053SJung-uk Kim 1386e71b7053SJung-uk Kim void SSL_CTX_set_stateless_cookie_verify_cb( 1387e71b7053SJung-uk Kim SSL_CTX *ctx, 1388e71b7053SJung-uk Kim int (*cb) (SSL *ssl, 1389e71b7053SJung-uk Kim const unsigned char *cookie, 1390e71b7053SJung-uk Kim size_t cookie_len)) 1391e71b7053SJung-uk Kim { 1392e71b7053SJung-uk Kim ctx->verify_stateless_cookie_cb = cb; 1393e71b7053SJung-uk Kim } 1394e71b7053SJung-uk Kim 1395e71b7053SJung-uk Kim IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) 1396