Coverage Report

Created: 2024-07-27 06:39

/src/openssl31/ssl/ssl_sess.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright 2005 Nokia. All rights reserved.
4
 *
5
 * Licensed under the Apache License 2.0 (the "License").  You may not use
6
 * this file except in compliance with the License.  You can obtain a copy
7
 * in the file LICENSE in the source distribution or at
8
 * https://www.openssl.org/source/license.html
9
 */
10
11
#if defined(__TANDEM) && defined(_SPT_MODEL_)
12
# include <spthread.h>
13
# include <spt_extensions.h> /* timeval */
14
#endif
15
#include <stdio.h>
16
#include <openssl/rand.h>
17
#include <openssl/engine.h>
18
#include "internal/refcount.h"
19
#include "internal/cryptlib.h"
20
#include "ssl_local.h"
21
#include "statem/statem_local.h"
22
23
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
24
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
25
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
26
27
DEFINE_STACK_OF(SSL_SESSION)
28
29
__owur static int sess_timedout(time_t t, SSL_SESSION *ss)
30
110
{
31
    /* if timeout overflowed, it can never timeout! */
32
110
    if (ss->timeout_ovf)
33
0
        return 0;
34
110
    return t > ss->calc_timeout;
35
110
}
36
37
/*
38
 * Returns -1/0/+1 as other XXXcmp-type functions
39
 * Takes overflow of calculated timeout into consideration
40
 */
41
__owur static int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b)
42
0
{
43
    /* if only one overflowed, then it is greater */
44
0
    if (a->timeout_ovf && !b->timeout_ovf)
45
0
        return 1;
46
0
    if (!a->timeout_ovf && b->timeout_ovf)
47
0
        return -1;
48
    /* No overflow, or both overflowed, so straight compare is safe */
49
0
    if (a->calc_timeout < b->calc_timeout)
50
0
        return -1;
51
0
    if (a->calc_timeout > b->calc_timeout)
52
0
        return 1;
53
0
    return 0;
54
0
}
55
56
/*
57
 * Calculates effective timeout, saving overflow state
58
 * Locking must be done by the caller of this function
59
 */
60
void ssl_session_calculate_timeout(SSL_SESSION *ss)
61
46.6k
{
62
46.6k
#ifndef __DJGPP__ /* time_t is unsigned on djgpp */
63
    /* Force positive timeout */
64
46.6k
    if (ss->timeout < 0)
65
165
        ss->timeout = 0;
66
46.6k
#endif
67
46.6k
    ss->calc_timeout = ss->time + ss->timeout;
68
    /*
69
     * |timeout| is always zero or positive, so the check for
70
     * overflow only needs to consider if |time| is positive
71
     */
72
46.6k
    ss->timeout_ovf = ss->time > 0 && ss->calc_timeout < ss->time;
73
    /*
74
     * N.B. Realistic overflow can only occur in our lifetimes on a
75
     *      32-bit machine with signed time_t, in January 2038.
76
     *      However, There are no controls to limit the |timeout|
77
     *      value, except to keep it positive.
78
     */
79
46.6k
}
80
81
/*
82
 * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because,
83
 * unlike in earlier protocol versions, the session ticket may not have been
84
 * sent yet even though a handshake has finished. The session ticket data could
85
 * come in sometime later...or even change if multiple session ticket messages
86
 * are sent from the server. The preferred way for applications to obtain
87
 * a resumable session is to use SSL_CTX_sess_set_new_cb().
88
 */
89
90
SSL_SESSION *SSL_get_session(const SSL *ssl)
91
/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
92
0
{
93
0
    return ssl->session;
94
0
}
95
96
SSL_SESSION *SSL_get1_session(SSL *ssl)
97
/* variant of SSL_get_session: caller really gets something */
98
0
{
99
0
    SSL_SESSION *sess;
100
    /*
101
     * Need to lock this all up rather than just use CRYPTO_add so that
102
     * somebody doesn't free ssl->session between when we check it's non-null
103
     * and when we up the reference count.
104
     */
105
0
    if (!CRYPTO_THREAD_read_lock(ssl->lock))
106
0
        return NULL;
107
0
    sess = ssl->session;
108
0
    if (sess)
109
0
        SSL_SESSION_up_ref(sess);
110
0
    CRYPTO_THREAD_unlock(ssl->lock);
111
0
    return sess;
112
0
}
113
114
int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
115
0
{
116
0
    return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
117
0
}
118
119
void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
120
0
{
121
0
    return CRYPTO_get_ex_data(&s->ex_data, idx);
122
0
}
123
124
SSL_SESSION *SSL_SESSION_new(void)
125
23.3k
{
126
23.3k
    SSL_SESSION *ss;
127
128
23.3k
    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
129
0
        return NULL;
130
131
23.3k
    ss = OPENSSL_zalloc(sizeof(*ss));
132
23.3k
    if (ss == NULL) {
133
0
        ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
134
0
        return NULL;
135
0
    }
136
137
23.3k
    ss->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_UNSPECIFIED;
138
23.3k
    ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
139
23.3k
    ss->references = 1;
140
23.3k
    ss->timeout = 60 * 5 + 4;   /* 5 minute timeout by default */
141
23.3k
    ss->time = time(NULL);
142
23.3k
    ssl_session_calculate_timeout(ss);
143
23.3k
    ss->lock = CRYPTO_THREAD_lock_new();
144
23.3k
    if (ss->lock == NULL) {
145
0
        ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
146
0
        OPENSSL_free(ss);
147
0
        return NULL;
148
0
    }
149
150
23.3k
    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
151
0
        CRYPTO_THREAD_lock_free(ss->lock);
152
0
        OPENSSL_free(ss);
153
0
        return NULL;
154
0
    }
155
23.3k
    return ss;
156
23.3k
}
157
158
/*
159
 * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
160
 * ticket == 0 then no ticket information is duplicated, otherwise it is.
161
 */
162
static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
163
2
{
164
2
    SSL_SESSION *dest;
165
166
2
    dest = OPENSSL_malloc(sizeof(*dest));
167
2
    if (dest == NULL) {
168
0
        goto err;
169
0
    }
170
2
    memcpy(dest, src, sizeof(*dest));
171
172
    /*
173
     * Set the various pointers to NULL so that we can call SSL_SESSION_free in
174
     * the case of an error whilst halfway through constructing dest
175
     */
176
2
#ifndef OPENSSL_NO_PSK
177
2
    dest->psk_identity_hint = NULL;
178
2
    dest->psk_identity = NULL;
179
2
#endif
180
2
    dest->ext.hostname = NULL;
181
2
    dest->ext.tick = NULL;
182
2
    dest->ext.alpn_selected = NULL;
183
2
#ifndef OPENSSL_NO_SRP
184
2
    dest->srp_username = NULL;
185
2
#endif
186
2
    dest->peer_chain = NULL;
187
2
    dest->peer = NULL;
188
2
    dest->ticket_appdata = NULL;
189
2
    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
190
191
    /* As the copy is not in the cache, we remove the associated pointers */
192
2
    dest->prev = NULL;
193
2
    dest->next = NULL;
194
2
    dest->owner = NULL;
195
196
2
    dest->references = 1;
197
198
2
    dest->lock = CRYPTO_THREAD_lock_new();
199
2
    if (dest->lock == NULL) {
200
0
        OPENSSL_free(dest);
201
0
        dest = NULL;
202
0
        goto err;
203
0
    }
204
205
2
    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data))
206
0
        goto err;
207
208
2
    if (src->peer != NULL) {
209
2
        if (!X509_up_ref(src->peer))
210
0
            goto err;
211
2
        dest->peer = src->peer;
212
2
    }
213
214
2
    if (src->peer_chain != NULL) {
215
2
        dest->peer_chain = X509_chain_up_ref(src->peer_chain);
216
2
        if (dest->peer_chain == NULL)
217
0
            goto err;
218
2
    }
219
2
#ifndef OPENSSL_NO_PSK
220
2
    if (src->psk_identity_hint) {
221
0
        dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
222
0
        if (dest->psk_identity_hint == NULL) {
223
0
            goto err;
224
0
        }
225
0
    }
226
2
    if (src->psk_identity) {
227
0
        dest->psk_identity = OPENSSL_strdup(src->psk_identity);
228
0
        if (dest->psk_identity == NULL) {
229
0
            goto err;
230
0
        }
231
0
    }
232
2
#endif
233
234
2
    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
235
2
                            &dest->ex_data, &src->ex_data)) {
236
0
        goto err;
237
0
    }
238
239
2
    if (src->ext.hostname) {
240
1
        dest->ext.hostname = OPENSSL_strdup(src->ext.hostname);
241
1
        if (dest->ext.hostname == NULL) {
242
0
            goto err;
243
0
        }
244
1
    }
245
246
2
    if (ticket != 0 && src->ext.tick != NULL) {
247
0
        dest->ext.tick =
248
0
            OPENSSL_memdup(src->ext.tick, src->ext.ticklen);
249
0
        if (dest->ext.tick == NULL)
250
0
            goto err;
251
2
    } else {
252
2
        dest->ext.tick_lifetime_hint = 0;
253
2
        dest->ext.ticklen = 0;
254
2
    }
255
256
2
    if (src->ext.alpn_selected != NULL) {
257
0
        dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected,
258
0
                                                 src->ext.alpn_selected_len);
259
0
        if (dest->ext.alpn_selected == NULL)
260
0
            goto err;
261
0
    }
262
263
2
#ifndef OPENSSL_NO_SRP
264
2
    if (src->srp_username) {
265
0
        dest->srp_username = OPENSSL_strdup(src->srp_username);
266
0
        if (dest->srp_username == NULL) {
267
0
            goto err;
268
0
        }
269
0
    }
270
2
#endif
271
272
2
    if (src->ticket_appdata != NULL) {
273
0
        dest->ticket_appdata =
274
0
            OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len);
275
0
        if (dest->ticket_appdata == NULL)
276
0
            goto err;
277
0
    }
278
279
2
    return dest;
280
0
 err:
281
0
    ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
282
0
    SSL_SESSION_free(dest);
283
0
    return NULL;
284
2
}
285
286
SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
287
0
{
288
0
    return ssl_session_dup_intern(src, 1);
289
0
}
290
291
/*
292
 * Used internally when duplicating a session which might be already shared.
293
 * We will have resumed the original session. Subsequently we might have marked
294
 * it as non-resumable (e.g. in another thread) - but this copy should be ok to
295
 * resume from.
296
 */
297
SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
298
886
{
299
886
    SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
300
301
886
    if (sess != NULL)
302
886
        sess->not_resumable = 0;
303
304
886
    return sess;
305
886
}
306
307
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
308
0
{
309
0
    if (len)
310
0
        *len = (unsigned int)s->session_id_length;
311
0
    return s->session_id;
312
0
}
313
const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
314
                                                unsigned int *len)
315
0
{
316
0
    if (len != NULL)
317
0
        *len = (unsigned int)s->sid_ctx_length;
318
0
    return s->sid_ctx;
319
0
}
320
321
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
322
0
{
323
0
    return s->compress_meth;
324
0
}
325
326
/*
327
 * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
328
 * the ID with random junk repeatedly until we have no conflict is going to
329
 * complete in one iteration pretty much "most" of the time (btw:
330
 * understatement). So, if it takes us 10 iterations and we still can't avoid
331
 * a conflict - well that's a reasonable point to call it quits. Either the
332
 * RAND code is broken or someone is trying to open roughly very close to
333
 * 2^256 SSL sessions to our server. How you might store that many sessions
334
 * is perhaps a more interesting question ...
335
 */
336
337
6.10k
#define MAX_SESS_ID_ATTEMPTS 10
338
static int def_generate_session_id(SSL *ssl, unsigned char *id,
339
                                   unsigned int *id_len)
340
6.10k
{
341
6.10k
    unsigned int retry = 0;
342
6.10k
    do
343
6.10k
        if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0)
344
0
            return 0;
345
6.10k
    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
346
6.10k
           (++retry < MAX_SESS_ID_ATTEMPTS)) ;
347
6.10k
    if (retry < MAX_SESS_ID_ATTEMPTS)
348
6.10k
        return 1;
349
    /* else - woops a session_id match */
350
    /*
351
     * XXX We should also check the external cache -- but the probability of
352
     * a collision is negligible, and we could not prevent the concurrent
353
     * creation of sessions with identical IDs since we currently don't have
354
     * means to atomically check whether a session ID already exists and make
355
     * a reservation for it if it does not (this problem applies to the
356
     * internal cache as well).
357
     */
358
0
    return 0;
359
6.10k
}
360
361
int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
362
17.4k
{
363
17.4k
    unsigned int tmp;
364
17.4k
    GEN_SESSION_CB cb = def_generate_session_id;
365
366
17.4k
    switch (s->version) {
367
3.03k
    case SSL3_VERSION:
368
3.74k
    case TLS1_VERSION:
369
4.59k
    case TLS1_1_VERSION:
370
13.9k
    case TLS1_2_VERSION:
371
13.9k
    case TLS1_3_VERSION:
372
13.9k
    case DTLS1_BAD_VER:
373
14.7k
    case DTLS1_VERSION:
374
17.4k
    case DTLS1_2_VERSION:
375
17.4k
        ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
376
17.4k
        break;
377
0
    default:
378
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNSUPPORTED_SSL_VERSION);
379
0
        return 0;
380
17.4k
    }
381
382
    /*-
383
     * If RFC5077 ticket, use empty session ID (as server).
384
     * Note that:
385
     * (a) ssl_get_prev_session() does lookahead into the
386
     *     ClientHello extensions to find the session ticket.
387
     *     When ssl_get_prev_session() fails, statem_srvr.c calls
388
     *     ssl_get_new_session() in tls_process_client_hello().
389
     *     At that point, it has not yet parsed the extensions,
390
     *     however, because of the lookahead, it already knows
391
     *     whether a ticket is expected or not.
392
     *
393
     * (b) statem_clnt.c calls ssl_get_new_session() before parsing
394
     *     ServerHello extensions, and before recording the session
395
     *     ID received from the server, so this block is a noop.
396
     */
397
17.4k
    if (s->ext.ticket_expected) {
398
1.73k
        ss->session_id_length = 0;
399
1.73k
        return 1;
400
1.73k
    }
401
402
    /* Choose which callback will set the session ID */
403
15.6k
    if (!CRYPTO_THREAD_read_lock(s->lock))
404
0
        return 0;
405
15.6k
    if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) {
406
0
        CRYPTO_THREAD_unlock(s->lock);
407
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
408
0
                 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
409
0
        return 0;
410
0
    }
411
15.6k
    if (s->generate_session_id)
412
0
        cb = s->generate_session_id;
413
15.6k
    else if (s->session_ctx->generate_session_id)
414
0
        cb = s->session_ctx->generate_session_id;
415
15.6k
    CRYPTO_THREAD_unlock(s->session_ctx->lock);
416
15.6k
    CRYPTO_THREAD_unlock(s->lock);
417
    /* Choose a session ID */
418
15.6k
    memset(ss->session_id, 0, ss->session_id_length);
419
15.6k
    tmp = (int)ss->session_id_length;
420
15.6k
    if (!cb(s, ss->session_id, &tmp)) {
421
        /* The callback failed */
422
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
423
0
                 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
424
0
        return 0;
425
0
    }
426
    /*
427
     * Don't allow the callback to set the session length to zero. nor
428
     * set it higher than it was.
429
     */
430
15.6k
    if (tmp == 0 || tmp > ss->session_id_length) {
431
        /* The callback set an illegal length */
432
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
433
0
                 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
434
0
        return 0;
435
0
    }
436
15.6k
    ss->session_id_length = tmp;
437
    /* Finally, check for a conflict */
438
15.6k
    if (SSL_has_matching_session_id(s, ss->session_id,
439
15.6k
                                    (unsigned int)ss->session_id_length)) {
440
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT);
441
0
        return 0;
442
0
    }
443
444
15.6k
    return 1;
445
15.6k
}
446
447
int ssl_get_new_session(SSL *s, int session)
448
22.2k
{
449
    /* This gets used by clients and servers. */
450
451
22.2k
    SSL_SESSION *ss = NULL;
452
453
22.2k
    if ((ss = SSL_SESSION_new()) == NULL) {
454
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
455
0
        return 0;
456
0
    }
457
458
    /* If the context has a default timeout, use it */
459
22.2k
    if (s->session_ctx->session_timeout == 0)
460
0
        ss->timeout = SSL_get_default_timeout(s);
461
22.2k
    else
462
22.2k
        ss->timeout = s->session_ctx->session_timeout;
463
22.2k
    ssl_session_calculate_timeout(ss);
464
465
22.2k
    SSL_SESSION_free(s->session);
466
22.2k
    s->session = NULL;
467
468
22.2k
    if (session) {
469
8.21k
        if (SSL_IS_TLS13(s)) {
470
            /*
471
             * We generate the session id while constructing the
472
             * NewSessionTicket in TLSv1.3.
473
             */
474
1.57k
            ss->session_id_length = 0;
475
6.64k
        } else if (!ssl_generate_session_id(s, ss)) {
476
            /* SSLfatal() already called */
477
0
            SSL_SESSION_free(ss);
478
0
            return 0;
479
0
        }
480
481
14.0k
    } else {
482
14.0k
        ss->session_id_length = 0;
483
14.0k
    }
484
485
22.2k
    if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
486
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
487
0
        SSL_SESSION_free(ss);
488
0
        return 0;
489
0
    }
490
22.2k
    memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
491
22.2k
    ss->sid_ctx_length = s->sid_ctx_length;
492
22.2k
    s->session = ss;
493
22.2k
    ss->ssl_version = s->version;
494
22.2k
    ss->verify_result = X509_V_OK;
495
496
    /* If client supports extended master secret set it in session */
497
22.2k
    if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)
498
471
        ss->flags |= SSL_SESS_FLAG_EXTMS;
499
500
22.2k
    return 1;
501
22.2k
}
502
503
SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
504
                                  size_t sess_id_len)
505
287
{
506
287
    SSL_SESSION *ret = NULL;
507
508
287
    if ((s->session_ctx->session_cache_mode
509
287
         & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) {
510
287
        SSL_SESSION data;
511
512
287
        data.ssl_version = s->version;
513
287
        if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH))
514
0
            return NULL;
515
516
287
        memcpy(data.session_id, sess_id, sess_id_len);
517
287
        data.session_id_length = sess_id_len;
518
519
287
        if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock))
520
0
            return NULL;
521
287
        ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
522
287
        if (ret != NULL) {
523
            /* don't allow other threads to steal it: */
524
0
            SSL_SESSION_up_ref(ret);
525
0
        }
526
287
        CRYPTO_THREAD_unlock(s->session_ctx->lock);
527
287
        if (ret == NULL)
528
287
            ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_miss);
529
287
    }
530
531
287
    if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
532
0
        int copy = 1;
533
534
0
        ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, &copy);
535
536
0
        if (ret != NULL) {
537
0
            if (ret->not_resumable) {
538
                /* If its not resumable then ignore this session */
539
0
                if (!copy)
540
0
                    SSL_SESSION_free(ret);
541
0
                return NULL;
542
0
            }
543
0
            ssl_tsan_counter(s->session_ctx,
544
0
                             &s->session_ctx->stats.sess_cb_hit);
545
546
            /*
547
             * Increment reference count now if the session callback asks us
548
             * to do so (note that if the session structures returned by the
549
             * callback are shared between threads, it must handle the
550
             * reference count itself [i.e. copy == 0], or things won't be
551
             * thread-safe).
552
             */
553
0
            if (copy)
554
0
                SSL_SESSION_up_ref(ret);
555
556
            /*
557
             * Add the externally cached session to the internal cache as
558
             * well if and only if we are supposed to.
559
             */
560
0
            if ((s->session_ctx->session_cache_mode &
561
0
                 SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) {
562
                /*
563
                 * Either return value of SSL_CTX_add_session should not
564
                 * interrupt the session resumption process. The return
565
                 * value is intentionally ignored.
566
                 */
567
0
                (void)SSL_CTX_add_session(s->session_ctx, ret);
568
0
            }
569
0
        }
570
0
    }
571
572
287
    return ret;
573
287
}
574
575
/*-
576
 * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
577
 * connection. It is only called by servers.
578
 *
579
 *   hello: The parsed ClientHello data
580
 *
581
 * Returns:
582
 *   -1: fatal error
583
 *    0: no session found
584
 *    1: a session may have been found.
585
 *
586
 * Side effects:
587
 *   - If a session is found then s->session is pointed at it (after freeing an
588
 *     existing session if need be) and s->verify_result is set from the session.
589
 *   - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
590
 *     if the server should issue a new session ticket (to 0 otherwise).
591
 */
592
int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
593
16.0k
{
594
    /* This is used only by servers. */
595
596
16.0k
    SSL_SESSION *ret = NULL;
597
16.0k
    int fatal = 0;
598
16.0k
    int try_session_cache = 0;
599
16.0k
    SSL_TICKET_STATUS r;
600
601
16.0k
    if (SSL_IS_TLS13(s)) {
602
        /*
603
         * By default we will send a new ticket. This can be overridden in the
604
         * ticket processing.
605
         */
606
3.48k
        s->ext.ticket_expected = 1;
607
3.48k
        if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
608
3.48k
                                 SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
609
3.48k
                                 NULL, 0)
610
3.48k
                || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO,
611
3.43k
                                        hello->pre_proc_exts, NULL, 0))
612
421
            return -1;
613
614
3.06k
        ret = s->session;
615
12.5k
    } else {
616
        /* sets s->ext.ticket_expected */
617
12.5k
        r = tls_get_ticket_from_client(s, hello, &ret);
618
12.5k
        switch (r) {
619
0
        case SSL_TICKET_FATAL_ERR_MALLOC:
620
0
        case SSL_TICKET_FATAL_ERR_OTHER:
621
0
            fatal = 1;
622
0
            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
623
0
            goto err;
624
10.5k
        case SSL_TICKET_NONE:
625
11.6k
        case SSL_TICKET_EMPTY:
626
11.6k
            if (hello->session_id_len > 0) {
627
287
                try_session_cache = 1;
628
287
                ret = lookup_sess_in_cache(s, hello->session_id,
629
287
                                           hello->session_id_len);
630
287
            }
631
11.6k
            break;
632
623
        case SSL_TICKET_NO_DECRYPT:
633
855
        case SSL_TICKET_SUCCESS:
634
855
        case SSL_TICKET_SUCCESS_RENEW:
635
855
            break;
636
12.5k
        }
637
12.5k
    }
638
639
15.5k
    if (ret == NULL)
640
15.3k
        goto err;
641
642
    /* Now ret is non-NULL and we own one of its reference counts. */
643
644
    /* Check TLS version consistency */
645
237
    if (ret->ssl_version != s->version)
646
7
        goto err;
647
648
230
    if (ret->sid_ctx_length != s->sid_ctx_length
649
230
        || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
650
        /*
651
         * We have the session requested by the client, but we don't want to
652
         * use it in this context.
653
         */
654
4
        goto err;               /* treat like cache miss */
655
4
    }
656
657
226
    if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
658
        /*
659
         * We can't be sure if this session is being used out of context,
660
         * which is especially important for SSL_VERIFY_PEER. The application
661
         * should have used SSL[_CTX]_set_session_id_context. For this error
662
         * case, we generate an error instead of treating the event like a
663
         * cache miss (otherwise it would be easy for applications to
664
         * effectively disable the session cache by accident without anyone
665
         * noticing).
666
         */
667
668
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
669
0
                 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
670
0
        fatal = 1;
671
0
        goto err;
672
0
    }
673
674
226
    if (sess_timedout(time(NULL), ret)) {
675
4
        ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_timeout);
676
4
        if (try_session_cache) {
677
            /* session was from the cache, so remove it */
678
0
            SSL_CTX_remove_session(s->session_ctx, ret);
679
0
        }
680
4
        goto err;
681
4
    }
682
683
    /* Check extended master secret extension consistency */
684
222
    if (ret->flags & SSL_SESS_FLAG_EXTMS) {
685
        /* If old session includes extms, but new does not: abort handshake */
686
185
        if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
687
11
            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS);
688
11
            fatal = 1;
689
11
            goto err;
690
11
        }
691
185
    } else if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
692
        /* If new session includes extms, but old does not: do not resume */
693
12
        goto err;
694
12
    }
695
696
199
    if (!SSL_IS_TLS13(s)) {
697
        /* We already did this for TLS1.3 */
698
197
        SSL_SESSION_free(s->session);
699
197
        s->session = ret;
700
197
    }
701
702
199
    ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_hit);
703
199
    s->verify_result = s->session->verify_result;
704
199
    return 1;
705
706
15.3k
 err:
707
15.3k
    if (ret != NULL) {
708
38
        SSL_SESSION_free(ret);
709
        /* In TLSv1.3 s->session was already set to ret, so we NULL it out */
710
38
        if (SSL_IS_TLS13(s))
711
3
            s->session = NULL;
712
713
38
        if (!try_session_cache) {
714
            /*
715
             * The session was from a ticket, so we should issue a ticket for
716
             * the new session
717
             */
718
38
            s->ext.ticket_expected = 1;
719
38
        }
720
38
    }
721
15.3k
    if (fatal)
722
11
        return -1;
723
724
15.3k
    return 0;
725
15.3k
}
726
727
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
728
721
{
729
721
    int ret = 0;
730
721
    SSL_SESSION *s;
731
732
    /*
733
     * add just 1 reference count for the SSL_CTX's session cache even though
734
     * it has two ways of access: each session is in a doubly linked list and
735
     * an lhash
736
     */
737
721
    SSL_SESSION_up_ref(c);
738
    /*
739
     * if session c is in already in cache, we take back the increment later
740
     */
741
742
721
    if (!CRYPTO_THREAD_write_lock(ctx->lock)) {
743
0
        SSL_SESSION_free(c);
744
0
        return 0;
745
0
    }
746
721
    s = lh_SSL_SESSION_insert(ctx->sessions, c);
747
748
    /*
749
     * s != NULL iff we already had a session with the given PID. In this
750
     * case, s == c should hold (then we did not really modify
751
     * ctx->sessions), or we're in trouble.
752
     */
753
721
    if (s != NULL && s != c) {
754
        /* We *are* in trouble ... */
755
0
        SSL_SESSION_list_remove(ctx, s);
756
0
        SSL_SESSION_free(s);
757
        /*
758
         * ... so pretend the other session did not exist in cache (we cannot
759
         * handle two SSL_SESSION structures with identical session ID in the
760
         * same cache, which could happen e.g. when two threads concurrently
761
         * obtain the same session from an external cache)
762
         */
763
0
        s = NULL;
764
721
    } else if (s == NULL &&
765
721
               lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
766
        /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
767
768
        /*
769
         * ... so take back the extra reference and also don't add
770
         * the session to the SSL_SESSION_list at this time
771
         */
772
0
        s = c;
773
0
    }
774
775
    /* Adjust last used time, and add back into the cache at the appropriate spot */
776
721
    if (ctx->session_cache_mode & SSL_SESS_CACHE_UPDATE_TIME) {
777
0
        c->time = time(NULL);
778
0
        ssl_session_calculate_timeout(c);
779
0
    }
780
781
721
    if (s == NULL) {
782
        /*
783
         * new cache entry -- remove old ones if cache has become too large
784
         * delete cache entry *before* add, so we don't remove the one we're adding!
785
         */
786
787
721
        ret = 1;
788
789
721
        if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
790
721
            while (SSL_CTX_sess_number(ctx) >= SSL_CTX_sess_get_cache_size(ctx)) {
791
0
                if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
792
0
                    break;
793
0
                else
794
0
                    ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full);
795
0
            }
796
721
        }
797
721
    }
798
799
721
    SSL_SESSION_list_add(ctx, c);
800
801
721
    if (s != NULL) {
802
        /*
803
         * existing cache entry -- decrement previously incremented reference
804
         * count because it already takes into account the cache
805
         */
806
807
0
        SSL_SESSION_free(s);    /* s == c */
808
0
        ret = 0;
809
0
    }
810
721
    CRYPTO_THREAD_unlock(ctx->lock);
811
721
    return ret;
812
721
}
813
814
int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
815
44.6k
{
816
44.6k
    return remove_session_lock(ctx, c, 1);
817
44.6k
}
818
819
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
820
44.6k
{
821
44.6k
    SSL_SESSION *r;
822
44.6k
    int ret = 0;
823
824
44.6k
    if ((c != NULL) && (c->session_id_length != 0)) {
825
15.4k
        if (lck) {
826
15.4k
            if (!CRYPTO_THREAD_write_lock(ctx->lock))
827
0
                return 0;
828
15.4k
        }
829
15.4k
        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
830
630
            ret = 1;
831
630
            r = lh_SSL_SESSION_delete(ctx->sessions, r);
832
630
            SSL_SESSION_list_remove(ctx, r);
833
630
        }
834
15.4k
        c->not_resumable = 1;
835
836
15.4k
        if (lck)
837
15.4k
            CRYPTO_THREAD_unlock(ctx->lock);
838
839
15.4k
        if (ctx->remove_session_cb != NULL)
840
0
            ctx->remove_session_cb(ctx, c);
841
842
15.4k
        if (ret)
843
630
            SSL_SESSION_free(r);
844
15.4k
    }
845
44.6k
    return ret;
846
44.6k
}
847
848
void SSL_SESSION_free(SSL_SESSION *ss)
849
481k
{
850
481k
    int i;
851
852
481k
    if (ss == NULL)
853
403k
        return;
854
77.8k
    CRYPTO_DOWN_REF(&ss->references, &i, ss->lock);
855
77.8k
    REF_PRINT_COUNT("SSL_SESSION", ss);
856
77.8k
    if (i > 0)
857
721
        return;
858
77.1k
    REF_ASSERT_ISNT(i < 0);
859
860
77.1k
    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
861
862
77.1k
    OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
863
77.1k
    OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
864
77.1k
    X509_free(ss->peer);
865
77.1k
    sk_X509_pop_free(ss->peer_chain, X509_free);
866
77.1k
    OPENSSL_free(ss->ext.hostname);
867
77.1k
    OPENSSL_free(ss->ext.tick);
868
77.1k
#ifndef OPENSSL_NO_PSK
869
77.1k
    OPENSSL_free(ss->psk_identity_hint);
870
77.1k
    OPENSSL_free(ss->psk_identity);
871
77.1k
#endif
872
77.1k
#ifndef OPENSSL_NO_SRP
873
77.1k
    OPENSSL_free(ss->srp_username);
874
77.1k
#endif
875
77.1k
    OPENSSL_free(ss->ext.alpn_selected);
876
77.1k
    OPENSSL_free(ss->ticket_appdata);
877
77.1k
    CRYPTO_THREAD_lock_free(ss->lock);
878
77.1k
    OPENSSL_clear_free(ss, sizeof(*ss));
879
77.1k
}
880
881
int SSL_SESSION_up_ref(SSL_SESSION *ss)
882
721
{
883
721
    int i;
884
885
721
    if (CRYPTO_UP_REF(&ss->references, &i, ss->lock) <= 0)
886
0
        return 0;
887
888
721
    REF_PRINT_COUNT("SSL_SESSION", ss);
889
721
    REF_ASSERT_ISNT(i < 2);
890
721
    return ((i > 1) ? 1 : 0);
891
721
}
892
893
int SSL_set_session(SSL *s, SSL_SESSION *session)
894
0
{
895
0
    ssl_clear_bad_session(s);
896
0
    if (s->ctx->method != s->method) {
897
0
        if (!SSL_set_ssl_method(s, s->ctx->method))
898
0
            return 0;
899
0
    }
900
901
0
    if (session != NULL) {
902
0
        SSL_SESSION_up_ref(session);
903
0
        s->verify_result = session->verify_result;
904
0
    }
905
0
    SSL_SESSION_free(s->session);
906
0
    s->session = session;
907
908
0
    return 1;
909
0
}
910
911
int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
912
                        unsigned int sid_len)
913
0
{
914
0
    if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
915
0
      ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG);
916
0
      return 0;
917
0
    }
918
0
    s->session_id_length = sid_len;
919
0
    if (sid != s->session_id)
920
0
        memcpy(s->session_id, sid, sid_len);
921
0
    return 1;
922
0
}
923
924
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
925
0
{
926
0
    time_t new_timeout = (time_t)t;
927
928
0
    if (s == NULL || t < 0)
929
0
        return 0;
930
0
    if (s->owner != NULL) {
931
0
        if (!CRYPTO_THREAD_write_lock(s->owner->lock))
932
0
            return 0;
933
0
        s->timeout = new_timeout;
934
0
        ssl_session_calculate_timeout(s);
935
0
        SSL_SESSION_list_add(s->owner, s);
936
0
        CRYPTO_THREAD_unlock(s->owner->lock);
937
0
    } else {
938
0
        s->timeout = new_timeout;
939
0
        ssl_session_calculate_timeout(s);
940
0
    }
941
0
    return 1;
942
0
}
943
944
long SSL_SESSION_get_timeout(const SSL_SESSION *s)
945
0
{
946
0
    if (s == NULL)
947
0
        return 0;
948
0
    return (long)s->timeout;
949
0
}
950
951
long SSL_SESSION_get_time(const SSL_SESSION *s)
952
0
{
953
0
    if (s == NULL)
954
0
        return 0;
955
0
    return (long)s->time;
956
0
}
957
958
long SSL_SESSION_set_time(SSL_SESSION *s, long t)
959
0
{
960
0
    time_t new_time = (time_t)t;
961
962
0
    if (s == NULL)
963
0
        return 0;
964
0
    if (s->owner != NULL) {
965
0
        if (!CRYPTO_THREAD_write_lock(s->owner->lock))
966
0
            return 0;
967
0
        s->time = new_time;
968
0
        ssl_session_calculate_timeout(s);
969
0
        SSL_SESSION_list_add(s->owner, s);
970
0
        CRYPTO_THREAD_unlock(s->owner->lock);
971
0
    } else {
972
0
        s->time = new_time;
973
0
        ssl_session_calculate_timeout(s);
974
0
    }
975
0
    return t;
976
0
}
977
978
int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
979
0
{
980
0
    return s->ssl_version;
981
0
}
982
983
int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
984
0
{
985
0
    s->ssl_version = version;
986
0
    return 1;
987
0
}
988
989
const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
990
0
{
991
0
    return s->cipher;
992
0
}
993
994
int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher)
995
0
{
996
0
    s->cipher = cipher;
997
0
    return 1;
998
0
}
999
1000
const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
1001
0
{
1002
0
    return s->ext.hostname;
1003
0
}
1004
1005
int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
1006
0
{
1007
0
    OPENSSL_free(s->ext.hostname);
1008
0
    if (hostname == NULL) {
1009
0
        s->ext.hostname = NULL;
1010
0
        return 1;
1011
0
    }
1012
0
    s->ext.hostname = OPENSSL_strdup(hostname);
1013
1014
0
    return s->ext.hostname != NULL;
1015
0
}
1016
1017
int SSL_SESSION_has_ticket(const SSL_SESSION *s)
1018
0
{
1019
0
    return (s->ext.ticklen > 0) ? 1 : 0;
1020
0
}
1021
1022
unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
1023
0
{
1024
0
    return s->ext.tick_lifetime_hint;
1025
0
}
1026
1027
void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
1028
                             size_t *len)
1029
0
{
1030
0
    *len = s->ext.ticklen;
1031
0
    if (tick != NULL)
1032
0
        *tick = s->ext.tick;
1033
0
}
1034
1035
uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
1036
0
{
1037
0
    return s->ext.max_early_data;
1038
0
}
1039
1040
int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
1041
0
{
1042
0
    s->ext.max_early_data = max_early_data;
1043
1044
0
    return 1;
1045
0
}
1046
1047
void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
1048
                                    const unsigned char **alpn,
1049
                                    size_t *len)
1050
0
{
1051
0
    *alpn = s->ext.alpn_selected;
1052
0
    *len = s->ext.alpn_selected_len;
1053
0
}
1054
1055
int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
1056
                                   size_t len)
1057
0
{
1058
0
    OPENSSL_free(s->ext.alpn_selected);
1059
0
    if (alpn == NULL || len == 0) {
1060
0
        s->ext.alpn_selected = NULL;
1061
0
        s->ext.alpn_selected_len = 0;
1062
0
        return 1;
1063
0
    }
1064
0
    s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
1065
0
    if (s->ext.alpn_selected == NULL) {
1066
0
        s->ext.alpn_selected_len = 0;
1067
0
        return 0;
1068
0
    }
1069
0
    s->ext.alpn_selected_len = len;
1070
1071
0
    return 1;
1072
0
}
1073
1074
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
1075
0
{
1076
0
    return s->peer;
1077
0
}
1078
1079
int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
1080
                                unsigned int sid_ctx_len)
1081
0
{
1082
0
    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
1083
0
        ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
1084
0
        return 0;
1085
0
    }
1086
0
    s->sid_ctx_length = sid_ctx_len;
1087
0
    if (sid_ctx != s->sid_ctx)
1088
0
        memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
1089
1090
0
    return 1;
1091
0
}
1092
1093
int SSL_SESSION_is_resumable(const SSL_SESSION *s)
1094
1.46k
{
1095
    /*
1096
     * In the case of EAP-FAST, we can have a pre-shared "ticket" without a
1097
     * session ID.
1098
     */
1099
1.46k
    return !s->not_resumable
1100
1.46k
           && (s->session_id_length > 0 || s->ext.ticklen > 0);
1101
1.46k
}
1102
1103
long SSL_CTX_set_timeout(SSL_CTX *s, long t)
1104
0
{
1105
0
    long l;
1106
0
    if (s == NULL)
1107
0
        return 0;
1108
0
    l = s->session_timeout;
1109
0
    s->session_timeout = t;
1110
0
    return l;
1111
0
}
1112
1113
long SSL_CTX_get_timeout(const SSL_CTX *s)
1114
0
{
1115
0
    if (s == NULL)
1116
0
        return 0;
1117
0
    return s->session_timeout;
1118
0
}
1119
1120
int SSL_set_session_secret_cb(SSL *s,
1121
                              tls_session_secret_cb_fn tls_session_secret_cb,
1122
                              void *arg)
1123
0
{
1124
0
    if (s == NULL)
1125
0
        return 0;
1126
0
    s->ext.session_secret_cb = tls_session_secret_cb;
1127
0
    s->ext.session_secret_cb_arg = arg;
1128
0
    return 1;
1129
0
}
1130
1131
int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
1132
                                  void *arg)
1133
0
{
1134
0
    if (s == NULL)
1135
0
        return 0;
1136
0
    s->ext.session_ticket_cb = cb;
1137
0
    s->ext.session_ticket_cb_arg = arg;
1138
0
    return 1;
1139
0
}
1140
1141
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
1142
0
{
1143
0
    if (s->version >= TLS1_VERSION) {
1144
0
        OPENSSL_free(s->ext.session_ticket);
1145
0
        s->ext.session_ticket = NULL;
1146
0
        s->ext.session_ticket =
1147
0
            OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
1148
0
        if (s->ext.session_ticket == NULL) {
1149
0
            ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
1150
0
            return 0;
1151
0
        }
1152
1153
0
        if (ext_data != NULL) {
1154
0
            s->ext.session_ticket->length = ext_len;
1155
0
            s->ext.session_ticket->data = s->ext.session_ticket + 1;
1156
0
            memcpy(s->ext.session_ticket->data, ext_data, ext_len);
1157
0
        } else {
1158
0
            s->ext.session_ticket->length = 0;
1159
0
            s->ext.session_ticket->data = NULL;
1160
0
        }
1161
1162
0
        return 1;
1163
0
    }
1164
1165
0
    return 0;
1166
0
}
1167
1168
void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
1169
47.9k
{
1170
47.9k
    STACK_OF(SSL_SESSION) *sk;
1171
47.9k
    SSL_SESSION *current;
1172
47.9k
    unsigned long i;
1173
1174
47.9k
    if (!CRYPTO_THREAD_write_lock(s->lock))
1175
0
        return;
1176
1177
47.9k
    sk = sk_SSL_SESSION_new_null();
1178
47.9k
    i = lh_SSL_SESSION_get_down_load(s->sessions);
1179
47.9k
    lh_SSL_SESSION_set_down_load(s->sessions, 0);
1180
1181
    /*
1182
     * Iterate over the list from the back (oldest), and stop
1183
     * when a session can no longer be removed.
1184
     * Add the session to a temporary list to be freed outside
1185
     * the SSL_CTX lock.
1186
     * But still do the remove_session_cb() within the lock.
1187
     */
1188
48.0k
    while (s->session_cache_tail != NULL) {
1189
35
        current = s->session_cache_tail;
1190
35
        if (t == 0 || sess_timedout((time_t)t, current)) {
1191
35
            lh_SSL_SESSION_delete(s->sessions, current);
1192
35
            SSL_SESSION_list_remove(s, current);
1193
35
            current->not_resumable = 1;
1194
35
            if (s->remove_session_cb != NULL)
1195
0
                s->remove_session_cb(s, current);
1196
            /*
1197
             * Throw the session on a stack, it's entirely plausible
1198
             * that while freeing outside the critical section, the
1199
             * session could be re-added, so avoid using the next/prev
1200
             * pointers. If the stack failed to create, or the session
1201
             * couldn't be put on the stack, just free it here
1202
             */
1203
35
            if (sk == NULL || !sk_SSL_SESSION_push(sk, current))
1204
0
                SSL_SESSION_free(current);
1205
35
        } else {
1206
0
            break;
1207
0
        }
1208
35
    }
1209
1210
47.9k
    lh_SSL_SESSION_set_down_load(s->sessions, i);
1211
47.9k
    CRYPTO_THREAD_unlock(s->lock);
1212
1213
47.9k
    sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free);
1214
47.9k
}
1215
1216
int ssl_clear_bad_session(SSL *s)
1217
227k
{
1218
227k
    if ((s->session != NULL) &&
1219
227k
        !(s->shutdown & SSL_SENT_SHUTDOWN) &&
1220
227k
        !(SSL_in_init(s) || SSL_in_before(s))) {
1221
3.84k
        SSL_CTX_remove_session(s->session_ctx, s->session);
1222
3.84k
        return 1;
1223
3.84k
    } else
1224
224k
        return 0;
1225
227k
}
1226
1227
/* locked by SSL_CTX in the calling function */
1228
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
1229
721
{
1230
721
    if ((s->next == NULL) || (s->prev == NULL))
1231
0
        return;
1232
1233
721
    if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
1234
        /* last element in list */
1235
721
        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1236
            /* only one element in list */
1237
721
            ctx->session_cache_head = NULL;
1238
721
            ctx->session_cache_tail = NULL;
1239
721
        } else {
1240
0
            ctx->session_cache_tail = s->prev;
1241
0
            s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1242
0
        }
1243
721
    } else {
1244
0
        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1245
            /* first element in list */
1246
0
            ctx->session_cache_head = s->next;
1247
0
            s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1248
0
        } else {
1249
            /* middle of list */
1250
0
            s->next->prev = s->prev;
1251
0
            s->prev->next = s->next;
1252
0
        }
1253
0
    }
1254
721
    s->prev = s->next = NULL;
1255
721
    s->owner = NULL;
1256
721
}
1257
1258
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
1259
721
{
1260
721
    SSL_SESSION *next;
1261
1262
721
    if ((s->next != NULL) && (s->prev != NULL))
1263
0
        SSL_SESSION_list_remove(ctx, s);
1264
1265
721
    if (ctx->session_cache_head == NULL) {
1266
721
        ctx->session_cache_head = s;
1267
721
        ctx->session_cache_tail = s;
1268
721
        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1269
721
        s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1270
721
    } else {
1271
0
        if (timeoutcmp(s, ctx->session_cache_head) >= 0) {
1272
            /*
1273
             * if we timeout after (or the same time as) the first
1274
             * session, put us first - usual case
1275
             */
1276
0
            s->next = ctx->session_cache_head;
1277
0
            s->next->prev = s;
1278
0
            s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1279
0
            ctx->session_cache_head = s;
1280
0
        } else if (timeoutcmp(s, ctx->session_cache_tail) < 0) {
1281
            /* if we timeout before the last session, put us last */
1282
0
            s->prev = ctx->session_cache_tail;
1283
0
            s->prev->next = s;
1284
0
            s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1285
0
            ctx->session_cache_tail = s;
1286
0
        } else {
1287
            /*
1288
             * we timeout somewhere in-between - if there is only
1289
             * one session in the cache it will be caught above
1290
             */
1291
0
            next = ctx->session_cache_head->next;
1292
0
            while (next != (SSL_SESSION*)&(ctx->session_cache_tail)) {
1293
0
                if (timeoutcmp(s, next) >= 0) {
1294
0
                    s->next = next;
1295
0
                    s->prev = next->prev;
1296
0
                    next->prev->next = s;
1297
0
                    next->prev = s;
1298
0
                    break;
1299
0
                }
1300
0
                next = next->next;
1301
0
            }
1302
0
        }
1303
0
    }
1304
721
    s->owner = ctx;
1305
721
}
1306
1307
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1308
                             int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
1309
0
{
1310
0
    ctx->new_session_cb = cb;
1311
0
}
1312
1313
0
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
1314
0
    return ctx->new_session_cb;
1315
0
}
1316
1317
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1318
                                void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
1319
0
{
1320
0
    ctx->remove_session_cb = cb;
1321
0
}
1322
1323
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
1324
0
                                                  SSL_SESSION *sess) {
1325
0
    return ctx->remove_session_cb;
1326
0
}
1327
1328
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
1329
                             SSL_SESSION *(*cb) (struct ssl_st *ssl,
1330
                                                 const unsigned char *data,
1331
                                                 int len, int *copy))
1332
0
{
1333
0
    ctx->get_session_cb = cb;
1334
0
}
1335
1336
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
1337
                                                       const unsigned char
1338
                                                       *data, int len,
1339
0
                                                       int *copy) {
1340
0
    return ctx->get_session_cb;
1341
0
}
1342
1343
void SSL_CTX_set_info_callback(SSL_CTX *ctx,
1344
                               void (*cb) (const SSL *ssl, int type, int val))
1345
0
{
1346
0
    ctx->info_callback = cb;
1347
0
}
1348
1349
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
1350
0
                                                 int val) {
1351
0
    return ctx->info_callback;
1352
0
}
1353
1354
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1355
                                int (*cb) (SSL *ssl, X509 **x509,
1356
                                           EVP_PKEY **pkey))
1357
0
{
1358
0
    ctx->client_cert_cb = cb;
1359
0
}
1360
1361
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
1362
0
                                                 EVP_PKEY **pkey) {
1363
0
    return ctx->client_cert_cb;
1364
0
}
1365
1366
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1367
                                    int (*cb) (SSL *ssl,
1368
                                               unsigned char *cookie,
1369
                                               unsigned int *cookie_len))
1370
0
{
1371
0
    ctx->app_gen_cookie_cb = cb;
1372
0
}
1373
1374
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1375
                                  int (*cb) (SSL *ssl,
1376
                                             const unsigned char *cookie,
1377
                                             unsigned int cookie_len))
1378
0
{
1379
0
    ctx->app_verify_cookie_cb = cb;
1380
0
}
1381
1382
int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len)
1383
0
{
1384
0
    OPENSSL_free(ss->ticket_appdata);
1385
0
    ss->ticket_appdata_len = 0;
1386
0
    if (data == NULL || len == 0) {
1387
0
        ss->ticket_appdata = NULL;
1388
0
        return 1;
1389
0
    }
1390
0
    ss->ticket_appdata = OPENSSL_memdup(data, len);
1391
0
    if (ss->ticket_appdata != NULL) {
1392
0
        ss->ticket_appdata_len = len;
1393
0
        return 1;
1394
0
    }
1395
0
    return 0;
1396
0
}
1397
1398
int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len)
1399
0
{
1400
0
    *data = ss->ticket_appdata;
1401
0
    *len = ss->ticket_appdata_len;
1402
0
    return 1;
1403
0
}
1404
1405
void SSL_CTX_set_stateless_cookie_generate_cb(
1406
    SSL_CTX *ctx,
1407
    int (*cb) (SSL *ssl,
1408
               unsigned char *cookie,
1409
               size_t *cookie_len))
1410
0
{
1411
0
    ctx->gen_stateless_cookie_cb = cb;
1412
0
}
1413
1414
void SSL_CTX_set_stateless_cookie_verify_cb(
1415
    SSL_CTX *ctx,
1416
    int (*cb) (SSL *ssl,
1417
               const unsigned char *cookie,
1418
               size_t cookie_len))
1419
0
{
1420
0
    ctx->verify_stateless_cookie_cb = cb;
1421
0
}
1422
1423
IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)