Coverage Report

Created: 2024-07-27 06:39

/src/openssl30/ssl/ssl_sess.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright 2005 Nokia. All rights reserved.
4
 *
5
 * Licensed under the Apache License 2.0 (the "License").  You may not use
6
 * this file except in compliance with the License.  You can obtain a copy
7
 * in the file LICENSE in the source distribution or at
8
 * https://www.openssl.org/source/license.html
9
 */
10
11
#if defined(__TANDEM) && defined(_SPT_MODEL_)
12
# include <spthread.h>
13
# include <spt_extensions.h> /* timeval */
14
#endif
15
#include <stdio.h>
16
#include <openssl/rand.h>
17
#include <openssl/engine.h>
18
#include "internal/refcount.h"
19
#include "internal/cryptlib.h"
20
#include "ssl_local.h"
21
#include "statem/statem_local.h"
22
23
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
24
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
25
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
26
27
DEFINE_STACK_OF(SSL_SESSION)
28
29
__owur static int sess_timedout(time_t t, SSL_SESSION *ss)
30
110
{
31
    /* if timeout overflowed, it can never timeout! */
32
110
    if (ss->timeout_ovf)
33
0
        return 0;
34
110
    return t > ss->calc_timeout;
35
110
}
36
37
/*
38
 * Returns -1/0/+1 as other XXXcmp-type functions
39
 * Takes overflow of calculated timeout into consideration
40
 */
41
__owur static int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b)
42
0
{
43
    /* if only one overflowed, then it is greater */
44
0
    if (a->timeout_ovf && !b->timeout_ovf)
45
0
        return 1;
46
0
    if (!a->timeout_ovf && b->timeout_ovf)
47
0
        return -1;
48
    /* No overflow, or both overflowed, so straight compare is safe */
49
0
    if (a->calc_timeout < b->calc_timeout)
50
0
        return -1;
51
0
    if (a->calc_timeout > b->calc_timeout)
52
0
        return 1;
53
0
    return 0;
54
0
}
55
56
/*
57
 * Calculates effective timeout, saving overflow state
58
 * Locking must be done by the caller of this function
59
 */
60
void ssl_session_calculate_timeout(SSL_SESSION *ss)
61
46.6k
{
62
    /* Force positive timeout */
63
46.6k
    if (ss->timeout < 0)
64
165
        ss->timeout = 0;
65
46.6k
    ss->calc_timeout = ss->time + ss->timeout;
66
    /*
67
     * |timeout| is always zero or positive, so the check for
68
     * overflow only needs to consider if |time| is positive
69
     */
70
46.6k
    ss->timeout_ovf = ss->time > 0 && ss->calc_timeout < ss->time;
71
    /*
72
     * N.B. Realistic overflow can only occur in our lifetimes on a
73
     *      32-bit machine in January 2038.
74
     *      However, There are no controls to limit the |timeout|
75
     *      value, except to keep it positive.
76
     */
77
46.6k
}
78
79
/*
80
 * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because,
81
 * unlike in earlier protocol versions, the session ticket may not have been
82
 * sent yet even though a handshake has finished. The session ticket data could
83
 * come in sometime later...or even change if multiple session ticket messages
84
 * are sent from the server. The preferred way for applications to obtain
85
 * a resumable session is to use SSL_CTX_sess_set_new_cb().
86
 */
87
88
SSL_SESSION *SSL_get_session(const SSL *ssl)
89
/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
90
0
{
91
0
    return ssl->session;
92
0
}
93
94
SSL_SESSION *SSL_get1_session(SSL *ssl)
95
/* variant of SSL_get_session: caller really gets something */
96
0
{
97
0
    SSL_SESSION *sess;
98
    /*
99
     * Need to lock this all up rather than just use CRYPTO_add so that
100
     * somebody doesn't free ssl->session between when we check it's non-null
101
     * and when we up the reference count.
102
     */
103
0
    if (!CRYPTO_THREAD_read_lock(ssl->lock))
104
0
        return NULL;
105
0
    sess = ssl->session;
106
0
    if (sess)
107
0
        SSL_SESSION_up_ref(sess);
108
0
    CRYPTO_THREAD_unlock(ssl->lock);
109
0
    return sess;
110
0
}
111
112
int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
113
0
{
114
0
    return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
115
0
}
116
117
void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
118
0
{
119
0
    return CRYPTO_get_ex_data(&s->ex_data, idx);
120
0
}
121
122
SSL_SESSION *SSL_SESSION_new(void)
123
23.3k
{
124
23.3k
    SSL_SESSION *ss;
125
126
23.3k
    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
127
0
        return NULL;
128
129
23.3k
    ss = OPENSSL_zalloc(sizeof(*ss));
130
23.3k
    if (ss == NULL) {
131
0
        ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
132
0
        return NULL;
133
0
    }
134
135
23.3k
    ss->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_UNSPECIFIED;
136
23.3k
    ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
137
23.3k
    ss->references = 1;
138
23.3k
    ss->timeout = 60 * 5 + 4;   /* 5 minute timeout by default */
139
23.3k
    ss->time = time(NULL);
140
23.3k
    ssl_session_calculate_timeout(ss);
141
23.3k
    ss->lock = CRYPTO_THREAD_lock_new();
142
23.3k
    if (ss->lock == NULL) {
143
0
        ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
144
0
        OPENSSL_free(ss);
145
0
        return NULL;
146
0
    }
147
148
23.3k
    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
149
0
        CRYPTO_THREAD_lock_free(ss->lock);
150
0
        OPENSSL_free(ss);
151
0
        return NULL;
152
0
    }
153
23.3k
    return ss;
154
23.3k
}
155
156
/*
157
 * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
158
 * ticket == 0 then no ticket information is duplicated, otherwise it is.
159
 */
160
static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
161
2
{
162
2
    SSL_SESSION *dest;
163
164
2
    dest = OPENSSL_malloc(sizeof(*dest));
165
2
    if (dest == NULL) {
166
0
        goto err;
167
0
    }
168
2
    memcpy(dest, src, sizeof(*dest));
169
170
    /*
171
     * Set the various pointers to NULL so that we can call SSL_SESSION_free in
172
     * the case of an error whilst halfway through constructing dest
173
     */
174
2
#ifndef OPENSSL_NO_PSK
175
2
    dest->psk_identity_hint = NULL;
176
2
    dest->psk_identity = NULL;
177
2
#endif
178
2
    dest->ext.hostname = NULL;
179
2
    dest->ext.tick = NULL;
180
2
    dest->ext.alpn_selected = NULL;
181
2
#ifndef OPENSSL_NO_SRP
182
2
    dest->srp_username = NULL;
183
2
#endif
184
2
    dest->peer_chain = NULL;
185
2
    dest->peer = NULL;
186
2
    dest->ticket_appdata = NULL;
187
2
    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
188
189
    /* As the copy is not in the cache, we remove the associated pointers */
190
2
    dest->prev = NULL;
191
2
    dest->next = NULL;
192
2
    dest->owner = NULL;
193
194
2
    dest->references = 1;
195
196
2
    dest->lock = CRYPTO_THREAD_lock_new();
197
2
    if (dest->lock == NULL) {
198
0
        OPENSSL_free(dest);
199
0
        dest = NULL;
200
0
        goto err;
201
0
    }
202
203
2
    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data))
204
0
        goto err;
205
206
2
    if (src->peer != NULL) {
207
2
        if (!X509_up_ref(src->peer))
208
0
            goto err;
209
2
        dest->peer = src->peer;
210
2
    }
211
212
2
    if (src->peer_chain != NULL) {
213
2
        dest->peer_chain = X509_chain_up_ref(src->peer_chain);
214
2
        if (dest->peer_chain == NULL)
215
0
            goto err;
216
2
    }
217
2
#ifndef OPENSSL_NO_PSK
218
2
    if (src->psk_identity_hint) {
219
0
        dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
220
0
        if (dest->psk_identity_hint == NULL) {
221
0
            goto err;
222
0
        }
223
0
    }
224
2
    if (src->psk_identity) {
225
0
        dest->psk_identity = OPENSSL_strdup(src->psk_identity);
226
0
        if (dest->psk_identity == NULL) {
227
0
            goto err;
228
0
        }
229
0
    }
230
2
#endif
231
232
2
    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
233
2
                            &dest->ex_data, &src->ex_data)) {
234
0
        goto err;
235
0
    }
236
237
2
    if (src->ext.hostname) {
238
1
        dest->ext.hostname = OPENSSL_strdup(src->ext.hostname);
239
1
        if (dest->ext.hostname == NULL) {
240
0
            goto err;
241
0
        }
242
1
    }
243
244
2
    if (ticket != 0 && src->ext.tick != NULL) {
245
0
        dest->ext.tick =
246
0
            OPENSSL_memdup(src->ext.tick, src->ext.ticklen);
247
0
        if (dest->ext.tick == NULL)
248
0
            goto err;
249
2
    } else {
250
2
        dest->ext.tick_lifetime_hint = 0;
251
2
        dest->ext.ticklen = 0;
252
2
    }
253
254
2
    if (src->ext.alpn_selected != NULL) {
255
0
        dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected,
256
0
                                                 src->ext.alpn_selected_len);
257
0
        if (dest->ext.alpn_selected == NULL)
258
0
            goto err;
259
0
    }
260
261
2
#ifndef OPENSSL_NO_SRP
262
2
    if (src->srp_username) {
263
0
        dest->srp_username = OPENSSL_strdup(src->srp_username);
264
0
        if (dest->srp_username == NULL) {
265
0
            goto err;
266
0
        }
267
0
    }
268
2
#endif
269
270
2
    if (src->ticket_appdata != NULL) {
271
0
        dest->ticket_appdata =
272
0
            OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len);
273
0
        if (dest->ticket_appdata == NULL)
274
0
            goto err;
275
0
    }
276
277
2
    return dest;
278
0
 err:
279
0
    ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
280
0
    SSL_SESSION_free(dest);
281
0
    return NULL;
282
2
}
283
284
SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
285
0
{
286
0
    return ssl_session_dup_intern(src, 1);
287
0
}
288
289
/*
290
 * Used internally when duplicating a session which might be already shared.
291
 * We will have resumed the original session. Subsequently we might have marked
292
 * it as non-resumable (e.g. in another thread) - but this copy should be ok to
293
 * resume from.
294
 */
295
SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
296
886
{
297
886
    SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
298
299
886
    if (sess != NULL)
300
886
        sess->not_resumable = 0;
301
302
886
    return sess;
303
886
}
304
305
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
306
0
{
307
0
    if (len)
308
0
        *len = (unsigned int)s->session_id_length;
309
0
    return s->session_id;
310
0
}
311
const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
312
                                                unsigned int *len)
313
0
{
314
0
    if (len != NULL)
315
0
        *len = (unsigned int)s->sid_ctx_length;
316
0
    return s->sid_ctx;
317
0
}
318
319
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
320
0
{
321
0
    return s->compress_meth;
322
0
}
323
324
/*
325
 * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
326
 * the ID with random junk repeatedly until we have no conflict is going to
327
 * complete in one iteration pretty much "most" of the time (btw:
328
 * understatement). So, if it takes us 10 iterations and we still can't avoid
329
 * a conflict - well that's a reasonable point to call it quits. Either the
330
 * RAND code is broken or someone is trying to open roughly very close to
331
 * 2^256 SSL sessions to our server. How you might store that many sessions
332
 * is perhaps a more interesting question ...
333
 */
334
335
6.10k
#define MAX_SESS_ID_ATTEMPTS 10
336
static int def_generate_session_id(SSL *ssl, unsigned char *id,
337
                                   unsigned int *id_len)
338
6.10k
{
339
6.10k
    unsigned int retry = 0;
340
6.10k
    do
341
6.10k
        if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0)
342
0
            return 0;
343
6.10k
    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
344
6.10k
           (++retry < MAX_SESS_ID_ATTEMPTS)) ;
345
6.10k
    if (retry < MAX_SESS_ID_ATTEMPTS)
346
6.10k
        return 1;
347
    /* else - woops a session_id match */
348
    /*
349
     * XXX We should also check the external cache -- but the probability of
350
     * a collision is negligible, and we could not prevent the concurrent
351
     * creation of sessions with identical IDs since we currently don't have
352
     * means to atomically check whether a session ID already exists and make
353
     * a reservation for it if it does not (this problem applies to the
354
     * internal cache as well).
355
     */
356
0
    return 0;
357
6.10k
}
358
359
int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
360
17.4k
{
361
17.4k
    unsigned int tmp;
362
17.4k
    GEN_SESSION_CB cb = def_generate_session_id;
363
364
17.4k
    switch (s->version) {
365
3.03k
    case SSL3_VERSION:
366
3.74k
    case TLS1_VERSION:
367
4.59k
    case TLS1_1_VERSION:
368
13.9k
    case TLS1_2_VERSION:
369
13.9k
    case TLS1_3_VERSION:
370
13.9k
    case DTLS1_BAD_VER:
371
14.7k
    case DTLS1_VERSION:
372
17.4k
    case DTLS1_2_VERSION:
373
17.4k
        ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
374
17.4k
        break;
375
0
    default:
376
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNSUPPORTED_SSL_VERSION);
377
0
        return 0;
378
17.4k
    }
379
380
    /*-
381
     * If RFC5077 ticket, use empty session ID (as server).
382
     * Note that:
383
     * (a) ssl_get_prev_session() does lookahead into the
384
     *     ClientHello extensions to find the session ticket.
385
     *     When ssl_get_prev_session() fails, statem_srvr.c calls
386
     *     ssl_get_new_session() in tls_process_client_hello().
387
     *     At that point, it has not yet parsed the extensions,
388
     *     however, because of the lookahead, it already knows
389
     *     whether a ticket is expected or not.
390
     *
391
     * (b) statem_clnt.c calls ssl_get_new_session() before parsing
392
     *     ServerHello extensions, and before recording the session
393
     *     ID received from the server, so this block is a noop.
394
     */
395
17.4k
    if (s->ext.ticket_expected) {
396
1.73k
        ss->session_id_length = 0;
397
1.73k
        return 1;
398
1.73k
    }
399
400
    /* Choose which callback will set the session ID */
401
15.6k
    if (!CRYPTO_THREAD_read_lock(s->lock))
402
0
        return 0;
403
15.6k
    if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) {
404
0
        CRYPTO_THREAD_unlock(s->lock);
405
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
406
0
                 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
407
0
        return 0;
408
0
    }
409
15.6k
    if (s->generate_session_id)
410
0
        cb = s->generate_session_id;
411
15.6k
    else if (s->session_ctx->generate_session_id)
412
0
        cb = s->session_ctx->generate_session_id;
413
15.6k
    CRYPTO_THREAD_unlock(s->session_ctx->lock);
414
15.6k
    CRYPTO_THREAD_unlock(s->lock);
415
    /* Choose a session ID */
416
15.6k
    memset(ss->session_id, 0, ss->session_id_length);
417
15.6k
    tmp = (int)ss->session_id_length;
418
15.6k
    if (!cb(s, ss->session_id, &tmp)) {
419
        /* The callback failed */
420
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
421
0
                 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
422
0
        return 0;
423
0
    }
424
    /*
425
     * Don't allow the callback to set the session length to zero. nor
426
     * set it higher than it was.
427
     */
428
15.6k
    if (tmp == 0 || tmp > ss->session_id_length) {
429
        /* The callback set an illegal length */
430
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
431
0
                 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
432
0
        return 0;
433
0
    }
434
15.6k
    ss->session_id_length = tmp;
435
    /* Finally, check for a conflict */
436
15.6k
    if (SSL_has_matching_session_id(s, ss->session_id,
437
15.6k
                                    (unsigned int)ss->session_id_length)) {
438
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT);
439
0
        return 0;
440
0
    }
441
442
15.6k
    return 1;
443
15.6k
}
444
445
int ssl_get_new_session(SSL *s, int session)
446
22.2k
{
447
    /* This gets used by clients and servers. */
448
449
22.2k
    SSL_SESSION *ss = NULL;
450
451
22.2k
    if ((ss = SSL_SESSION_new()) == NULL) {
452
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
453
0
        return 0;
454
0
    }
455
456
    /* If the context has a default timeout, use it */
457
22.2k
    if (s->session_ctx->session_timeout == 0)
458
0
        ss->timeout = SSL_get_default_timeout(s);
459
22.2k
    else
460
22.2k
        ss->timeout = s->session_ctx->session_timeout;
461
22.2k
    ssl_session_calculate_timeout(ss);
462
463
22.2k
    SSL_SESSION_free(s->session);
464
22.2k
    s->session = NULL;
465
466
22.2k
    if (session) {
467
8.21k
        if (SSL_IS_TLS13(s)) {
468
            /*
469
             * We generate the session id while constructing the
470
             * NewSessionTicket in TLSv1.3.
471
             */
472
1.57k
            ss->session_id_length = 0;
473
6.64k
        } else if (!ssl_generate_session_id(s, ss)) {
474
            /* SSLfatal() already called */
475
0
            SSL_SESSION_free(ss);
476
0
            return 0;
477
0
        }
478
479
14.0k
    } else {
480
14.0k
        ss->session_id_length = 0;
481
14.0k
    }
482
483
22.2k
    if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
484
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
485
0
        SSL_SESSION_free(ss);
486
0
        return 0;
487
0
    }
488
22.2k
    memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
489
22.2k
    ss->sid_ctx_length = s->sid_ctx_length;
490
22.2k
    s->session = ss;
491
22.2k
    ss->ssl_version = s->version;
492
22.2k
    ss->verify_result = X509_V_OK;
493
494
    /* If client supports extended master secret set it in session */
495
22.2k
    if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)
496
471
        ss->flags |= SSL_SESS_FLAG_EXTMS;
497
498
22.2k
    return 1;
499
22.2k
}
500
501
SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
502
                                  size_t sess_id_len)
503
287
{
504
287
    SSL_SESSION *ret = NULL;
505
506
287
    if ((s->session_ctx->session_cache_mode
507
287
         & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) {
508
287
        SSL_SESSION data;
509
510
287
        data.ssl_version = s->version;
511
287
        if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH))
512
0
            return NULL;
513
514
287
        memcpy(data.session_id, sess_id, sess_id_len);
515
287
        data.session_id_length = sess_id_len;
516
517
287
        if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock))
518
0
            return NULL;
519
287
        ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
520
287
        if (ret != NULL) {
521
            /* don't allow other threads to steal it: */
522
0
            SSL_SESSION_up_ref(ret);
523
0
        }
524
287
        CRYPTO_THREAD_unlock(s->session_ctx->lock);
525
287
        if (ret == NULL)
526
287
            ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_miss);
527
287
    }
528
529
287
    if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
530
0
        int copy = 1;
531
532
0
        ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, &copy);
533
534
0
        if (ret != NULL) {
535
0
            if (ret->not_resumable) {
536
                /* If its not resumable then ignore this session */
537
0
                if (!copy)
538
0
                    SSL_SESSION_free(ret);
539
0
                return NULL;
540
0
            }
541
0
            ssl_tsan_counter(s->session_ctx,
542
0
                             &s->session_ctx->stats.sess_cb_hit);
543
544
            /*
545
             * Increment reference count now if the session callback asks us
546
             * to do so (note that if the session structures returned by the
547
             * callback are shared between threads, it must handle the
548
             * reference count itself [i.e. copy == 0], or things won't be
549
             * thread-safe).
550
             */
551
0
            if (copy)
552
0
                SSL_SESSION_up_ref(ret);
553
554
            /*
555
             * Add the externally cached session to the internal cache as
556
             * well if and only if we are supposed to.
557
             */
558
0
            if ((s->session_ctx->session_cache_mode &
559
0
                 SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) {
560
                /*
561
                 * Either return value of SSL_CTX_add_session should not
562
                 * interrupt the session resumption process. The return
563
                 * value is intentionally ignored.
564
                 */
565
0
                (void)SSL_CTX_add_session(s->session_ctx, ret);
566
0
            }
567
0
        }
568
0
    }
569
570
287
    return ret;
571
287
}
572
573
/*-
574
 * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
575
 * connection. It is only called by servers.
576
 *
577
 *   hello: The parsed ClientHello data
578
 *
579
 * Returns:
580
 *   -1: fatal error
581
 *    0: no session found
582
 *    1: a session may have been found.
583
 *
584
 * Side effects:
585
 *   - If a session is found then s->session is pointed at it (after freeing an
586
 *     existing session if need be) and s->verify_result is set from the session.
587
 *   - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
588
 *     if the server should issue a new session ticket (to 0 otherwise).
589
 */
590
int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
591
16.0k
{
592
    /* This is used only by servers. */
593
594
16.0k
    SSL_SESSION *ret = NULL;
595
16.0k
    int fatal = 0;
596
16.0k
    int try_session_cache = 0;
597
16.0k
    SSL_TICKET_STATUS r;
598
599
16.0k
    if (SSL_IS_TLS13(s)) {
600
        /*
601
         * By default we will send a new ticket. This can be overridden in the
602
         * ticket processing.
603
         */
604
3.48k
        s->ext.ticket_expected = 1;
605
3.48k
        if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
606
3.48k
                                 SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
607
3.48k
                                 NULL, 0)
608
3.48k
                || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO,
609
3.43k
                                        hello->pre_proc_exts, NULL, 0))
610
421
            return -1;
611
612
3.06k
        ret = s->session;
613
12.5k
    } else {
614
        /* sets s->ext.ticket_expected */
615
12.5k
        r = tls_get_ticket_from_client(s, hello, &ret);
616
12.5k
        switch (r) {
617
0
        case SSL_TICKET_FATAL_ERR_MALLOC:
618
0
        case SSL_TICKET_FATAL_ERR_OTHER:
619
0
            fatal = 1;
620
0
            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
621
0
            goto err;
622
10.5k
        case SSL_TICKET_NONE:
623
11.6k
        case SSL_TICKET_EMPTY:
624
11.6k
            if (hello->session_id_len > 0) {
625
287
                try_session_cache = 1;
626
287
                ret = lookup_sess_in_cache(s, hello->session_id,
627
287
                                           hello->session_id_len);
628
287
            }
629
11.6k
            break;
630
623
        case SSL_TICKET_NO_DECRYPT:
631
855
        case SSL_TICKET_SUCCESS:
632
855
        case SSL_TICKET_SUCCESS_RENEW:
633
855
            break;
634
12.5k
        }
635
12.5k
    }
636
637
15.5k
    if (ret == NULL)
638
15.3k
        goto err;
639
640
    /* Now ret is non-NULL and we own one of its reference counts. */
641
642
    /* Check TLS version consistency */
643
237
    if (ret->ssl_version != s->version)
644
7
        goto err;
645
646
230
    if (ret->sid_ctx_length != s->sid_ctx_length
647
230
        || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
648
        /*
649
         * We have the session requested by the client, but we don't want to
650
         * use it in this context.
651
         */
652
4
        goto err;               /* treat like cache miss */
653
4
    }
654
655
226
    if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
656
        /*
657
         * We can't be sure if this session is being used out of context,
658
         * which is especially important for SSL_VERIFY_PEER. The application
659
         * should have used SSL[_CTX]_set_session_id_context. For this error
660
         * case, we generate an error instead of treating the event like a
661
         * cache miss (otherwise it would be easy for applications to
662
         * effectively disable the session cache by accident without anyone
663
         * noticing).
664
         */
665
666
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
667
0
                 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
668
0
        fatal = 1;
669
0
        goto err;
670
0
    }
671
672
226
    if (sess_timedout(time(NULL), ret)) {
673
4
        ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_timeout);
674
4
        if (try_session_cache) {
675
            /* session was from the cache, so remove it */
676
0
            SSL_CTX_remove_session(s->session_ctx, ret);
677
0
        }
678
4
        goto err;
679
4
    }
680
681
    /* Check extended master secret extension consistency */
682
222
    if (ret->flags & SSL_SESS_FLAG_EXTMS) {
683
        /* If old session includes extms, but new does not: abort handshake */
684
185
        if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
685
11
            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS);
686
11
            fatal = 1;
687
11
            goto err;
688
11
        }
689
185
    } else if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
690
        /* If new session includes extms, but old does not: do not resume */
691
12
        goto err;
692
12
    }
693
694
199
    if (!SSL_IS_TLS13(s)) {
695
        /* We already did this for TLS1.3 */
696
197
        SSL_SESSION_free(s->session);
697
197
        s->session = ret;
698
197
    }
699
700
199
    ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_hit);
701
199
    s->verify_result = s->session->verify_result;
702
199
    return 1;
703
704
15.3k
 err:
705
15.3k
    if (ret != NULL) {
706
38
        SSL_SESSION_free(ret);
707
        /* In TLSv1.3 s->session was already set to ret, so we NULL it out */
708
38
        if (SSL_IS_TLS13(s))
709
3
            s->session = NULL;
710
711
38
        if (!try_session_cache) {
712
            /*
713
             * The session was from a ticket, so we should issue a ticket for
714
             * the new session
715
             */
716
38
            s->ext.ticket_expected = 1;
717
38
        }
718
38
    }
719
15.3k
    if (fatal)
720
11
        return -1;
721
722
15.3k
    return 0;
723
15.3k
}
724
725
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
726
721
{
727
721
    int ret = 0;
728
721
    SSL_SESSION *s;
729
730
    /*
731
     * add just 1 reference count for the SSL_CTX's session cache even though
732
     * it has two ways of access: each session is in a doubly linked list and
733
     * an lhash
734
     */
735
721
    SSL_SESSION_up_ref(c);
736
    /*
737
     * if session c is in already in cache, we take back the increment later
738
     */
739
740
721
    if (!CRYPTO_THREAD_write_lock(ctx->lock)) {
741
0
        SSL_SESSION_free(c);
742
0
        return 0;
743
0
    }
744
721
    s = lh_SSL_SESSION_insert(ctx->sessions, c);
745
746
    /*
747
     * s != NULL iff we already had a session with the given PID. In this
748
     * case, s == c should hold (then we did not really modify
749
     * ctx->sessions), or we're in trouble.
750
     */
751
721
    if (s != NULL && s != c) {
752
        /* We *are* in trouble ... */
753
0
        SSL_SESSION_list_remove(ctx, s);
754
0
        SSL_SESSION_free(s);
755
        /*
756
         * ... so pretend the other session did not exist in cache (we cannot
757
         * handle two SSL_SESSION structures with identical session ID in the
758
         * same cache, which could happen e.g. when two threads concurrently
759
         * obtain the same session from an external cache)
760
         */
761
0
        s = NULL;
762
721
    } else if (s == NULL &&
763
721
               lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
764
        /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
765
766
        /*
767
         * ... so take back the extra reference and also don't add
768
         * the session to the SSL_SESSION_list at this time
769
         */
770
0
        s = c;
771
0
    }
772
773
    /* Adjust last used time, and add back into the cache at the appropriate spot */
774
721
    if (ctx->session_cache_mode & SSL_SESS_CACHE_UPDATE_TIME) {
775
0
        c->time = time(NULL);
776
0
        ssl_session_calculate_timeout(c);
777
0
    }
778
779
721
    if (s == NULL) {
780
        /*
781
         * new cache entry -- remove old ones if cache has become too large
782
         * delete cache entry *before* add, so we don't remove the one we're adding!
783
         */
784
785
721
        ret = 1;
786
787
721
        if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
788
721
            while (SSL_CTX_sess_number(ctx) >= SSL_CTX_sess_get_cache_size(ctx)) {
789
0
                if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
790
0
                    break;
791
0
                else
792
0
                    ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full);
793
0
            }
794
721
        }
795
721
    }
796
797
721
    SSL_SESSION_list_add(ctx, c);
798
799
721
    if (s != NULL) {
800
        /*
801
         * existing cache entry -- decrement previously incremented reference
802
         * count because it already takes into account the cache
803
         */
804
805
0
        SSL_SESSION_free(s);    /* s == c */
806
0
        ret = 0;
807
0
    }
808
721
    CRYPTO_THREAD_unlock(ctx->lock);
809
721
    return ret;
810
721
}
811
812
int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
813
44.6k
{
814
44.6k
    return remove_session_lock(ctx, c, 1);
815
44.6k
}
816
817
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
818
44.6k
{
819
44.6k
    SSL_SESSION *r;
820
44.6k
    int ret = 0;
821
822
44.6k
    if ((c != NULL) && (c->session_id_length != 0)) {
823
15.4k
        if (lck) {
824
15.4k
            if (!CRYPTO_THREAD_write_lock(ctx->lock))
825
0
                return 0;
826
15.4k
        }
827
15.4k
        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
828
630
            ret = 1;
829
630
            r = lh_SSL_SESSION_delete(ctx->sessions, r);
830
630
            SSL_SESSION_list_remove(ctx, r);
831
630
        }
832
15.4k
        c->not_resumable = 1;
833
834
15.4k
        if (lck)
835
15.4k
            CRYPTO_THREAD_unlock(ctx->lock);
836
837
15.4k
        if (ctx->remove_session_cb != NULL)
838
0
            ctx->remove_session_cb(ctx, c);
839
840
15.4k
        if (ret)
841
630
            SSL_SESSION_free(r);
842
15.4k
    }
843
44.6k
    return ret;
844
44.6k
}
845
846
void SSL_SESSION_free(SSL_SESSION *ss)
847
481k
{
848
481k
    int i;
849
850
481k
    if (ss == NULL)
851
403k
        return;
852
77.8k
    CRYPTO_DOWN_REF(&ss->references, &i, ss->lock);
853
77.8k
    REF_PRINT_COUNT("SSL_SESSION", ss);
854
77.8k
    if (i > 0)
855
721
        return;
856
77.1k
    REF_ASSERT_ISNT(i < 0);
857
858
77.1k
    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
859
860
77.1k
    OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
861
77.1k
    OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
862
77.1k
    X509_free(ss->peer);
863
77.1k
    sk_X509_pop_free(ss->peer_chain, X509_free);
864
77.1k
    OPENSSL_free(ss->ext.hostname);
865
77.1k
    OPENSSL_free(ss->ext.tick);
866
77.1k
#ifndef OPENSSL_NO_PSK
867
77.1k
    OPENSSL_free(ss->psk_identity_hint);
868
77.1k
    OPENSSL_free(ss->psk_identity);
869
77.1k
#endif
870
77.1k
#ifndef OPENSSL_NO_SRP
871
77.1k
    OPENSSL_free(ss->srp_username);
872
77.1k
#endif
873
77.1k
    OPENSSL_free(ss->ext.alpn_selected);
874
77.1k
    OPENSSL_free(ss->ticket_appdata);
875
77.1k
    CRYPTO_THREAD_lock_free(ss->lock);
876
77.1k
    OPENSSL_clear_free(ss, sizeof(*ss));
877
77.1k
}
878
879
int SSL_SESSION_up_ref(SSL_SESSION *ss)
880
721
{
881
721
    int i;
882
883
721
    if (CRYPTO_UP_REF(&ss->references, &i, ss->lock) <= 0)
884
0
        return 0;
885
886
721
    REF_PRINT_COUNT("SSL_SESSION", ss);
887
721
    REF_ASSERT_ISNT(i < 2);
888
721
    return ((i > 1) ? 1 : 0);
889
721
}
890
891
int SSL_set_session(SSL *s, SSL_SESSION *session)
892
0
{
893
0
    ssl_clear_bad_session(s);
894
0
    if (s->ctx->method != s->method) {
895
0
        if (!SSL_set_ssl_method(s, s->ctx->method))
896
0
            return 0;
897
0
    }
898
899
0
    if (session != NULL) {
900
0
        SSL_SESSION_up_ref(session);
901
0
        s->verify_result = session->verify_result;
902
0
    }
903
0
    SSL_SESSION_free(s->session);
904
0
    s->session = session;
905
906
0
    return 1;
907
0
}
908
909
int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
910
                        unsigned int sid_len)
911
0
{
912
0
    if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
913
0
      ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG);
914
0
      return 0;
915
0
    }
916
0
    s->session_id_length = sid_len;
917
0
    if (sid != s->session_id)
918
0
        memcpy(s->session_id, sid, sid_len);
919
0
    return 1;
920
0
}
921
922
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
923
0
{
924
0
    time_t new_timeout = (time_t)t;
925
926
0
    if (s == NULL || t < 0)
927
0
        return 0;
928
0
    if (s->owner != NULL) {
929
0
        if (!CRYPTO_THREAD_write_lock(s->owner->lock))
930
0
            return 0;
931
0
        s->timeout = new_timeout;
932
0
        ssl_session_calculate_timeout(s);
933
0
        SSL_SESSION_list_add(s->owner, s);
934
0
        CRYPTO_THREAD_unlock(s->owner->lock);
935
0
    } else {
936
0
        s->timeout = new_timeout;
937
0
        ssl_session_calculate_timeout(s);
938
0
    }
939
0
    return 1;
940
0
}
941
942
long SSL_SESSION_get_timeout(const SSL_SESSION *s)
943
0
{
944
0
    if (s == NULL)
945
0
        return 0;
946
0
    return (long)s->timeout;
947
0
}
948
949
long SSL_SESSION_get_time(const SSL_SESSION *s)
950
0
{
951
0
    if (s == NULL)
952
0
        return 0;
953
0
    return (long)s->time;
954
0
}
955
956
long SSL_SESSION_set_time(SSL_SESSION *s, long t)
957
0
{
958
0
    time_t new_time = (time_t)t;
959
960
0
    if (s == NULL)
961
0
        return 0;
962
0
    if (s->owner != NULL) {
963
0
        if (!CRYPTO_THREAD_write_lock(s->owner->lock))
964
0
            return 0;
965
0
        s->time = new_time;
966
0
        ssl_session_calculate_timeout(s);
967
0
        SSL_SESSION_list_add(s->owner, s);
968
0
        CRYPTO_THREAD_unlock(s->owner->lock);
969
0
    } else {
970
0
        s->time = new_time;
971
0
        ssl_session_calculate_timeout(s);
972
0
    }
973
0
    return t;
974
0
}
975
976
int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
977
0
{
978
0
    return s->ssl_version;
979
0
}
980
981
int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
982
0
{
983
0
    s->ssl_version = version;
984
0
    return 1;
985
0
}
986
987
const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
988
0
{
989
0
    return s->cipher;
990
0
}
991
992
int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher)
993
0
{
994
0
    s->cipher = cipher;
995
0
    return 1;
996
0
}
997
998
const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
999
0
{
1000
0
    return s->ext.hostname;
1001
0
}
1002
1003
int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
1004
0
{
1005
0
    OPENSSL_free(s->ext.hostname);
1006
0
    if (hostname == NULL) {
1007
0
        s->ext.hostname = NULL;
1008
0
        return 1;
1009
0
    }
1010
0
    s->ext.hostname = OPENSSL_strdup(hostname);
1011
1012
0
    return s->ext.hostname != NULL;
1013
0
}
1014
1015
int SSL_SESSION_has_ticket(const SSL_SESSION *s)
1016
0
{
1017
0
    return (s->ext.ticklen > 0) ? 1 : 0;
1018
0
}
1019
1020
unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
1021
0
{
1022
0
    return s->ext.tick_lifetime_hint;
1023
0
}
1024
1025
void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
1026
                             size_t *len)
1027
0
{
1028
0
    *len = s->ext.ticklen;
1029
0
    if (tick != NULL)
1030
0
        *tick = s->ext.tick;
1031
0
}
1032
1033
uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
1034
0
{
1035
0
    return s->ext.max_early_data;
1036
0
}
1037
1038
int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
1039
0
{
1040
0
    s->ext.max_early_data = max_early_data;
1041
1042
0
    return 1;
1043
0
}
1044
1045
void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
1046
                                    const unsigned char **alpn,
1047
                                    size_t *len)
1048
0
{
1049
0
    *alpn = s->ext.alpn_selected;
1050
0
    *len = s->ext.alpn_selected_len;
1051
0
}
1052
1053
int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
1054
                                   size_t len)
1055
0
{
1056
0
    OPENSSL_free(s->ext.alpn_selected);
1057
0
    if (alpn == NULL || len == 0) {
1058
0
        s->ext.alpn_selected = NULL;
1059
0
        s->ext.alpn_selected_len = 0;
1060
0
        return 1;
1061
0
    }
1062
0
    s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
1063
0
    if (s->ext.alpn_selected == NULL) {
1064
0
        s->ext.alpn_selected_len = 0;
1065
0
        return 0;
1066
0
    }
1067
0
    s->ext.alpn_selected_len = len;
1068
1069
0
    return 1;
1070
0
}
1071
1072
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
1073
0
{
1074
0
    return s->peer;
1075
0
}
1076
1077
int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
1078
                                unsigned int sid_ctx_len)
1079
0
{
1080
0
    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
1081
0
        ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
1082
0
        return 0;
1083
0
    }
1084
0
    s->sid_ctx_length = sid_ctx_len;
1085
0
    if (sid_ctx != s->sid_ctx)
1086
0
        memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
1087
1088
0
    return 1;
1089
0
}
1090
1091
int SSL_SESSION_is_resumable(const SSL_SESSION *s)
1092
1.46k
{
1093
    /*
1094
     * In the case of EAP-FAST, we can have a pre-shared "ticket" without a
1095
     * session ID.
1096
     */
1097
1.46k
    return !s->not_resumable
1098
1.46k
           && (s->session_id_length > 0 || s->ext.ticklen > 0);
1099
1.46k
}
1100
1101
long SSL_CTX_set_timeout(SSL_CTX *s, long t)
1102
0
{
1103
0
    long l;
1104
0
    if (s == NULL)
1105
0
        return 0;
1106
0
    l = s->session_timeout;
1107
0
    s->session_timeout = t;
1108
0
    return l;
1109
0
}
1110
1111
long SSL_CTX_get_timeout(const SSL_CTX *s)
1112
0
{
1113
0
    if (s == NULL)
1114
0
        return 0;
1115
0
    return s->session_timeout;
1116
0
}
1117
1118
int SSL_set_session_secret_cb(SSL *s,
1119
                              tls_session_secret_cb_fn tls_session_secret_cb,
1120
                              void *arg)
1121
0
{
1122
0
    if (s == NULL)
1123
0
        return 0;
1124
0
    s->ext.session_secret_cb = tls_session_secret_cb;
1125
0
    s->ext.session_secret_cb_arg = arg;
1126
0
    return 1;
1127
0
}
1128
1129
int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
1130
                                  void *arg)
1131
0
{
1132
0
    if (s == NULL)
1133
0
        return 0;
1134
0
    s->ext.session_ticket_cb = cb;
1135
0
    s->ext.session_ticket_cb_arg = arg;
1136
0
    return 1;
1137
0
}
1138
1139
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
1140
0
{
1141
0
    if (s->version >= TLS1_VERSION) {
1142
0
        OPENSSL_free(s->ext.session_ticket);
1143
0
        s->ext.session_ticket = NULL;
1144
0
        s->ext.session_ticket =
1145
0
            OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
1146
0
        if (s->ext.session_ticket == NULL) {
1147
0
            ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
1148
0
            return 0;
1149
0
        }
1150
1151
0
        if (ext_data != NULL) {
1152
0
            s->ext.session_ticket->length = ext_len;
1153
0
            s->ext.session_ticket->data = s->ext.session_ticket + 1;
1154
0
            memcpy(s->ext.session_ticket->data, ext_data, ext_len);
1155
0
        } else {
1156
0
            s->ext.session_ticket->length = 0;
1157
0
            s->ext.session_ticket->data = NULL;
1158
0
        }
1159
1160
0
        return 1;
1161
0
    }
1162
1163
0
    return 0;
1164
0
}
1165
1166
void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
1167
47.9k
{
1168
47.9k
    STACK_OF(SSL_SESSION) *sk;
1169
47.9k
    SSL_SESSION *current;
1170
47.9k
    unsigned long i;
1171
1172
47.9k
    if (!CRYPTO_THREAD_write_lock(s->lock))
1173
0
        return;
1174
1175
47.9k
    sk = sk_SSL_SESSION_new_null();
1176
47.9k
    i = lh_SSL_SESSION_get_down_load(s->sessions);
1177
47.9k
    lh_SSL_SESSION_set_down_load(s->sessions, 0);
1178
1179
    /*
1180
     * Iterate over the list from the back (oldest), and stop
1181
     * when a session can no longer be removed.
1182
     * Add the session to a temporary list to be freed outside
1183
     * the SSL_CTX lock.
1184
     * But still do the remove_session_cb() within the lock.
1185
     */
1186
48.0k
    while (s->session_cache_tail != NULL) {
1187
35
        current = s->session_cache_tail;
1188
35
        if (t == 0 || sess_timedout((time_t)t, current)) {
1189
35
            lh_SSL_SESSION_delete(s->sessions, current);
1190
35
            SSL_SESSION_list_remove(s, current);
1191
35
            current->not_resumable = 1;
1192
35
            if (s->remove_session_cb != NULL)
1193
0
                s->remove_session_cb(s, current);
1194
            /*
1195
             * Throw the session on a stack, it's entirely plausible
1196
             * that while freeing outside the critical section, the
1197
             * session could be re-added, so avoid using the next/prev
1198
             * pointers. If the stack failed to create, or the session
1199
             * couldn't be put on the stack, just free it here
1200
             */
1201
35
            if (sk == NULL || !sk_SSL_SESSION_push(sk, current))
1202
0
                SSL_SESSION_free(current);
1203
35
        } else {
1204
0
            break;
1205
0
        }
1206
35
    }
1207
1208
47.9k
    lh_SSL_SESSION_set_down_load(s->sessions, i);
1209
47.9k
    CRYPTO_THREAD_unlock(s->lock);
1210
1211
47.9k
    sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free);
1212
47.9k
}
1213
1214
int ssl_clear_bad_session(SSL *s)
1215
227k
{
1216
227k
    if ((s->session != NULL) &&
1217
227k
        !(s->shutdown & SSL_SENT_SHUTDOWN) &&
1218
227k
        !(SSL_in_init(s) || SSL_in_before(s))) {
1219
3.84k
        SSL_CTX_remove_session(s->session_ctx, s->session);
1220
3.84k
        return 1;
1221
3.84k
    } else
1222
224k
        return 0;
1223
227k
}
1224
1225
/* locked by SSL_CTX in the calling function */
1226
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
1227
721
{
1228
721
    if ((s->next == NULL) || (s->prev == NULL))
1229
0
        return;
1230
1231
721
    if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
1232
        /* last element in list */
1233
721
        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1234
            /* only one element in list */
1235
721
            ctx->session_cache_head = NULL;
1236
721
            ctx->session_cache_tail = NULL;
1237
721
        } else {
1238
0
            ctx->session_cache_tail = s->prev;
1239
0
            s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1240
0
        }
1241
721
    } else {
1242
0
        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1243
            /* first element in list */
1244
0
            ctx->session_cache_head = s->next;
1245
0
            s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1246
0
        } else {
1247
            /* middle of list */
1248
0
            s->next->prev = s->prev;
1249
0
            s->prev->next = s->next;
1250
0
        }
1251
0
    }
1252
721
    s->prev = s->next = NULL;
1253
721
    s->owner = NULL;
1254
721
}
1255
1256
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
1257
721
{
1258
721
    SSL_SESSION *next;
1259
1260
721
    if ((s->next != NULL) && (s->prev != NULL))
1261
0
        SSL_SESSION_list_remove(ctx, s);
1262
1263
721
    if (ctx->session_cache_head == NULL) {
1264
721
        ctx->session_cache_head = s;
1265
721
        ctx->session_cache_tail = s;
1266
721
        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1267
721
        s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1268
721
    } else {
1269
0
        if (timeoutcmp(s, ctx->session_cache_head) >= 0) {
1270
            /*
1271
             * if we timeout after (or the same time as) the first
1272
             * session, put us first - usual case
1273
             */
1274
0
            s->next = ctx->session_cache_head;
1275
0
            s->next->prev = s;
1276
0
            s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1277
0
            ctx->session_cache_head = s;
1278
0
        } else if (timeoutcmp(s, ctx->session_cache_tail) < 0) {
1279
            /* if we timeout before the last session, put us last */
1280
0
            s->prev = ctx->session_cache_tail;
1281
0
            s->prev->next = s;
1282
0
            s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1283
0
            ctx->session_cache_tail = s;
1284
0
        } else {
1285
            /*
1286
             * we timeout somewhere in-between - if there is only
1287
             * one session in the cache it will be caught above
1288
             */
1289
0
            next = ctx->session_cache_head->next;
1290
0
            while (next != (SSL_SESSION*)&(ctx->session_cache_tail)) {
1291
0
                if (timeoutcmp(s, next) >= 0) {
1292
0
                    s->next = next;
1293
0
                    s->prev = next->prev;
1294
0
                    next->prev->next = s;
1295
0
                    next->prev = s;
1296
0
                    break;
1297
0
                }
1298
0
                next = next->next;
1299
0
            }
1300
0
        }
1301
0
    }
1302
721
    s->owner = ctx;
1303
721
}
1304
1305
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1306
                             int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
1307
0
{
1308
0
    ctx->new_session_cb = cb;
1309
0
}
1310
1311
0
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
1312
0
    return ctx->new_session_cb;
1313
0
}
1314
1315
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1316
                                void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
1317
0
{
1318
0
    ctx->remove_session_cb = cb;
1319
0
}
1320
1321
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
1322
0
                                                  SSL_SESSION *sess) {
1323
0
    return ctx->remove_session_cb;
1324
0
}
1325
1326
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
1327
                             SSL_SESSION *(*cb) (struct ssl_st *ssl,
1328
                                                 const unsigned char *data,
1329
                                                 int len, int *copy))
1330
0
{
1331
0
    ctx->get_session_cb = cb;
1332
0
}
1333
1334
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
1335
                                                       const unsigned char
1336
                                                       *data, int len,
1337
0
                                                       int *copy) {
1338
0
    return ctx->get_session_cb;
1339
0
}
1340
1341
void SSL_CTX_set_info_callback(SSL_CTX *ctx,
1342
                               void (*cb) (const SSL *ssl, int type, int val))
1343
0
{
1344
0
    ctx->info_callback = cb;
1345
0
}
1346
1347
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
1348
0
                                                 int val) {
1349
0
    return ctx->info_callback;
1350
0
}
1351
1352
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1353
                                int (*cb) (SSL *ssl, X509 **x509,
1354
                                           EVP_PKEY **pkey))
1355
0
{
1356
0
    ctx->client_cert_cb = cb;
1357
0
}
1358
1359
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
1360
0
                                                 EVP_PKEY **pkey) {
1361
0
    return ctx->client_cert_cb;
1362
0
}
1363
1364
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1365
                                    int (*cb) (SSL *ssl,
1366
                                               unsigned char *cookie,
1367
                                               unsigned int *cookie_len))
1368
0
{
1369
0
    ctx->app_gen_cookie_cb = cb;
1370
0
}
1371
1372
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1373
                                  int (*cb) (SSL *ssl,
1374
                                             const unsigned char *cookie,
1375
                                             unsigned int cookie_len))
1376
0
{
1377
0
    ctx->app_verify_cookie_cb = cb;
1378
0
}
1379
1380
int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len)
1381
0
{
1382
0
    OPENSSL_free(ss->ticket_appdata);
1383
0
    ss->ticket_appdata_len = 0;
1384
0
    if (data == NULL || len == 0) {
1385
0
        ss->ticket_appdata = NULL;
1386
0
        return 1;
1387
0
    }
1388
0
    ss->ticket_appdata = OPENSSL_memdup(data, len);
1389
0
    if (ss->ticket_appdata != NULL) {
1390
0
        ss->ticket_appdata_len = len;
1391
0
        return 1;
1392
0
    }
1393
0
    return 0;
1394
0
}
1395
1396
int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len)
1397
0
{
1398
0
    *data = ss->ticket_appdata;
1399
0
    *len = ss->ticket_appdata_len;
1400
0
    return 1;
1401
0
}
1402
1403
void SSL_CTX_set_stateless_cookie_generate_cb(
1404
    SSL_CTX *ctx,
1405
    int (*cb) (SSL *ssl,
1406
               unsigned char *cookie,
1407
               size_t *cookie_len))
1408
0
{
1409
0
    ctx->gen_stateless_cookie_cb = cb;
1410
0
}
1411
1412
void SSL_CTX_set_stateless_cookie_verify_cb(
1413
    SSL_CTX *ctx,
1414
    int (*cb) (SSL *ssl,
1415
               const unsigned char *cookie,
1416
               size_t cookie_len))
1417
0
{
1418
0
    ctx->verify_stateless_cookie_cb = cb;
1419
0
}
1420
1421
IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)