Coverage Report

Created: 2024-07-27 06:39

/src/openssl32/ssl/ssl_sess.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright 2005 Nokia. All rights reserved.
4
 *
5
 * Licensed under the Apache License 2.0 (the "License").  You may not use
6
 * this file except in compliance with the License.  You can obtain a copy
7
 * in the file LICENSE in the source distribution or at
8
 * https://www.openssl.org/source/license.html
9
 */
10
11
#if defined(__TANDEM) && defined(_SPT_MODEL_)
12
# include <spthread.h>
13
# include <spt_extensions.h> /* timeval */
14
#endif
15
#include <stdio.h>
16
#include <openssl/rand.h>
17
#include <openssl/engine.h>
18
#include "internal/refcount.h"
19
#include "internal/cryptlib.h"
20
#include "ssl_local.h"
21
#include "statem/statem_local.h"
22
23
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
24
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
25
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
26
27
DEFINE_STACK_OF(SSL_SESSION)
28
29
__owur static ossl_inline int sess_timedout(OSSL_TIME t, SSL_SESSION *ss)
30
116
{
31
116
    return ossl_time_compare(t, ss->calc_timeout) > 0;
32
116
}
33
34
/*
35
 * Returns -1/0/+1 as other XXXcmp-type functions
36
 * Takes calculated timeout into consideration
37
 */
38
__owur static ossl_inline int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b)
39
0
{
40
0
    return ossl_time_compare(a->calc_timeout, b->calc_timeout);
41
0
}
42
43
/*
44
 * Calculates effective timeout
45
 * Locking must be done by the caller of this function
46
 */
47
void ssl_session_calculate_timeout(SSL_SESSION *ss)
48
106k
{
49
106k
    ss->calc_timeout = ossl_time_add(ss->time, ss->timeout);
50
106k
}
51
52
/*
53
 * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because,
54
 * unlike in earlier protocol versions, the session ticket may not have been
55
 * sent yet even though a handshake has finished. The session ticket data could
56
 * come in sometime later...or even change if multiple session ticket messages
57
 * are sent from the server. The preferred way for applications to obtain
58
 * a resumable session is to use SSL_CTX_sess_set_new_cb().
59
 */
60
61
SSL_SESSION *SSL_get_session(const SSL *ssl)
62
/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
63
2
{
64
2
    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
65
66
2
    if (sc == NULL)
67
0
        return NULL;
68
69
2
    return sc->session;
70
2
}
71
72
SSL_SESSION *SSL_get1_session(SSL *ssl)
73
/* variant of SSL_get_session: caller really gets something */
74
0
{
75
0
    SSL_SESSION *sess;
76
77
    /*
78
     * Need to lock this all up rather than just use CRYPTO_add so that
79
     * somebody doesn't free ssl->session between when we check it's non-null
80
     * and when we up the reference count.
81
     */
82
0
    if (!CRYPTO_THREAD_read_lock(ssl->lock))
83
0
        return NULL;
84
0
    sess = SSL_get_session(ssl);
85
0
    if (sess != NULL)
86
0
        SSL_SESSION_up_ref(sess);
87
0
    CRYPTO_THREAD_unlock(ssl->lock);
88
0
    return sess;
89
0
}
90
91
int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
92
0
{
93
0
    return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
94
0
}
95
96
void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
97
0
{
98
0
    return CRYPTO_get_ex_data(&s->ex_data, idx);
99
0
}
100
101
SSL_SESSION *SSL_SESSION_new(void)
102
52.8k
{
103
52.8k
    SSL_SESSION *ss;
104
105
52.8k
    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
106
0
        return NULL;
107
108
52.8k
    ss = OPENSSL_zalloc(sizeof(*ss));
109
52.8k
    if (ss == NULL)
110
0
        return NULL;
111
112
52.8k
    ss->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_UNSPECIFIED;
113
52.8k
    ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
114
   /* 5 minute timeout by default */
115
52.8k
    ss->timeout = ossl_seconds2time(60 * 5 + 4);
116
52.8k
    ss->time = ossl_time_now();
117
52.8k
    ssl_session_calculate_timeout(ss);
118
52.8k
    if (!CRYPTO_NEW_REF(&ss->references, 1)) {
119
0
        OPENSSL_free(ss);
120
0
        return NULL;
121
0
    }
122
123
52.8k
    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
124
0
        CRYPTO_FREE_REF(&ss->references);
125
0
        OPENSSL_free(ss);
126
0
        return NULL;
127
0
    }
128
52.8k
    return ss;
129
52.8k
}
130
131
/*
132
 * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
133
 * ticket == 0 then no ticket information is duplicated, otherwise it is.
134
 */
135
static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
136
884
{
137
884
    SSL_SESSION *dest;
138
139
884
    dest = OPENSSL_malloc(sizeof(*dest));
140
884
    if (dest == NULL)
141
0
        return NULL;
142
143
    /*
144
     * src is logically read-only but the prev/next pointers are not, they are
145
     * part of the session cache and can be modified concurrently.
146
     */
147
884
    memcpy(dest, src, offsetof(SSL_SESSION, prev));
148
149
    /*
150
     * Set the various pointers to NULL so that we can call SSL_SESSION_free in
151
     * the case of an error whilst halfway through constructing dest
152
     */
153
884
#ifndef OPENSSL_NO_PSK
154
884
    dest->psk_identity_hint = NULL;
155
884
    dest->psk_identity = NULL;
156
884
#endif
157
884
    dest->ext.hostname = NULL;
158
884
    dest->ext.tick = NULL;
159
884
    dest->ext.alpn_selected = NULL;
160
884
#ifndef OPENSSL_NO_SRP
161
884
    dest->srp_username = NULL;
162
884
#endif
163
884
    dest->peer_chain = NULL;
164
884
    dest->peer = NULL;
165
884
    dest->peer_rpk = NULL;
166
884
    dest->ticket_appdata = NULL;
167
884
    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
168
169
    /* As the copy is not in the cache, we remove the associated pointers */
170
884
    dest->prev = NULL;
171
884
    dest->next = NULL;
172
884
    dest->owner = NULL;
173
174
884
    if (!CRYPTO_NEW_REF(&dest->references, 1)) {
175
0
        OPENSSL_free(dest);
176
0
        return NULL;
177
0
    }
178
179
884
    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) {
180
0
        ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
181
0
        goto err;
182
0
    }
183
184
884
    if (src->peer != NULL) {
185
884
        if (!X509_up_ref(src->peer)) {
186
0
            ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
187
0
            goto err;
188
0
        }
189
884
        dest->peer = src->peer;
190
884
    }
191
192
884
    if (src->peer_chain != NULL) {
193
884
        dest->peer_chain = X509_chain_up_ref(src->peer_chain);
194
884
        if (dest->peer_chain == NULL) {
195
0
            ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
196
0
            goto err;
197
0
        }
198
884
    }
199
200
884
    if (src->peer_rpk != NULL) {
201
0
        if (!EVP_PKEY_up_ref(src->peer_rpk))
202
0
            goto err;
203
0
        dest->peer_rpk = src->peer_rpk;
204
0
    }
205
206
884
#ifndef OPENSSL_NO_PSK
207
884
    if (src->psk_identity_hint) {
208
0
        dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
209
0
        if (dest->psk_identity_hint == NULL)
210
0
            goto err;
211
0
    }
212
884
    if (src->psk_identity) {
213
0
        dest->psk_identity = OPENSSL_strdup(src->psk_identity);
214
0
        if (dest->psk_identity == NULL)
215
0
            goto err;
216
0
    }
217
884
#endif
218
219
884
    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
220
884
                            &dest->ex_data, &src->ex_data)) {
221
0
        ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
222
0
        goto err;
223
0
    }
224
225
884
    if (src->ext.hostname) {
226
2
        dest->ext.hostname = OPENSSL_strdup(src->ext.hostname);
227
2
        if (dest->ext.hostname == NULL)
228
0
            goto err;
229
2
    }
230
231
884
    if (ticket != 0 && src->ext.tick != NULL) {
232
0
        dest->ext.tick =
233
0
            OPENSSL_memdup(src->ext.tick, src->ext.ticklen);
234
0
        if (dest->ext.tick == NULL)
235
0
            goto err;
236
884
    } else {
237
884
        dest->ext.tick_lifetime_hint = 0;
238
884
        dest->ext.ticklen = 0;
239
884
    }
240
241
884
    if (src->ext.alpn_selected != NULL) {
242
880
        dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected,
243
880
                                                 src->ext.alpn_selected_len);
244
880
        if (dest->ext.alpn_selected == NULL)
245
0
            goto err;
246
880
    }
247
248
884
#ifndef OPENSSL_NO_SRP
249
884
    if (src->srp_username) {
250
0
        dest->srp_username = OPENSSL_strdup(src->srp_username);
251
0
        if (dest->srp_username == NULL)
252
0
            goto err;
253
0
    }
254
884
#endif
255
256
884
    if (src->ticket_appdata != NULL) {
257
0
        dest->ticket_appdata =
258
0
            OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len);
259
0
        if (dest->ticket_appdata == NULL)
260
0
            goto err;
261
0
    }
262
263
884
    return dest;
264
0
 err:
265
0
    SSL_SESSION_free(dest);
266
0
    return NULL;
267
884
}
268
269
SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
270
0
{
271
0
    return ssl_session_dup_intern(src, 1);
272
0
}
273
274
/*
275
 * Used internally when duplicating a session which might be already shared.
276
 * We will have resumed the original session. Subsequently we might have marked
277
 * it as non-resumable (e.g. in another thread) - but this copy should be ok to
278
 * resume from.
279
 */
280
SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
281
886
{
282
886
    SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
283
284
886
    if (sess != NULL)
285
886
        sess->not_resumable = 0;
286
287
886
    return sess;
288
886
}
289
290
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
291
0
{
292
0
    if (len)
293
0
        *len = (unsigned int)s->session_id_length;
294
0
    return s->session_id;
295
0
}
296
const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
297
                                                unsigned int *len)
298
0
{
299
0
    if (len != NULL)
300
0
        *len = (unsigned int)s->sid_ctx_length;
301
0
    return s->sid_ctx;
302
0
}
303
304
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
305
0
{
306
0
    return s->compress_meth;
307
0
}
308
309
/*
310
 * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
311
 * the ID with random junk repeatedly until we have no conflict is going to
312
 * complete in one iteration pretty much "most" of the time (btw:
313
 * understatement). So, if it takes us 10 iterations and we still can't avoid
314
 * a conflict - well that's a reasonable point to call it quits. Either the
315
 * RAND code is broken or someone is trying to open roughly very close to
316
 * 2^256 SSL sessions to our server. How you might store that many sessions
317
 * is perhaps a more interesting question ...
318
 */
319
320
9.57k
#define MAX_SESS_ID_ATTEMPTS 10
321
static int def_generate_session_id(SSL *ssl, unsigned char *id,
322
                                   unsigned int *id_len)
323
9.57k
{
324
9.57k
    unsigned int retry = 0;
325
9.57k
    do {
326
9.57k
        if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0)
327
0
            return 0;
328
9.57k
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
329
9.57k
        if (retry > 0) {
330
0
            id[0]++;
331
0
        }
332
9.57k
#endif
333
9.57k
    } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
334
9.57k
           (++retry < MAX_SESS_ID_ATTEMPTS)) ;
335
9.57k
    if (retry < MAX_SESS_ID_ATTEMPTS)
336
9.57k
        return 1;
337
    /* else - woops a session_id match */
338
    /*
339
     * XXX We should also check the external cache -- but the probability of
340
     * a collision is negligible, and we could not prevent the concurrent
341
     * creation of sessions with identical IDs since we currently don't have
342
     * means to atomically check whether a session ID already exists and make
343
     * a reservation for it if it does not (this problem applies to the
344
     * internal cache as well).
345
     */
346
0
    return 0;
347
9.57k
}
348
349
int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss)
350
17.4k
{
351
17.4k
    unsigned int tmp;
352
17.4k
    GEN_SESSION_CB cb = def_generate_session_id;
353
17.4k
    SSL *ssl = SSL_CONNECTION_GET_SSL(s);
354
355
17.4k
    switch (s->version) {
356
3.03k
    case SSL3_VERSION:
357
3.74k
    case TLS1_VERSION:
358
4.59k
    case TLS1_1_VERSION:
359
13.9k
    case TLS1_2_VERSION:
360
13.9k
    case TLS1_3_VERSION:
361
13.9k
    case DTLS1_BAD_VER:
362
14.7k
    case DTLS1_VERSION:
363
17.4k
    case DTLS1_2_VERSION:
364
17.4k
        ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
365
17.4k
        break;
366
0
    default:
367
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNSUPPORTED_SSL_VERSION);
368
0
        return 0;
369
17.4k
    }
370
371
    /*-
372
     * If RFC5077 ticket, use empty session ID (as server).
373
     * Note that:
374
     * (a) ssl_get_prev_session() does lookahead into the
375
     *     ClientHello extensions to find the session ticket.
376
     *     When ssl_get_prev_session() fails, statem_srvr.c calls
377
     *     ssl_get_new_session() in tls_process_client_hello().
378
     *     At that point, it has not yet parsed the extensions,
379
     *     however, because of the lookahead, it already knows
380
     *     whether a ticket is expected or not.
381
     *
382
     * (b) statem_clnt.c calls ssl_get_new_session() before parsing
383
     *     ServerHello extensions, and before recording the session
384
     *     ID received from the server, so this block is a noop.
385
     */
386
17.4k
    if (s->ext.ticket_expected) {
387
1.73k
        ss->session_id_length = 0;
388
1.73k
        return 1;
389
1.73k
    }
390
391
    /* Choose which callback will set the session ID */
392
15.6k
    if (!CRYPTO_THREAD_read_lock(SSL_CONNECTION_GET_SSL(s)->lock))
393
0
        return 0;
394
15.6k
    if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) {
395
0
        CRYPTO_THREAD_unlock(ssl->lock);
396
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
397
0
                 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
398
0
        return 0;
399
0
    }
400
15.6k
    if (s->generate_session_id)
401
0
        cb = s->generate_session_id;
402
15.6k
    else if (s->session_ctx->generate_session_id)
403
0
        cb = s->session_ctx->generate_session_id;
404
15.6k
    CRYPTO_THREAD_unlock(s->session_ctx->lock);
405
15.6k
    CRYPTO_THREAD_unlock(ssl->lock);
406
    /* Choose a session ID */
407
15.6k
    memset(ss->session_id, 0, ss->session_id_length);
408
15.6k
    tmp = (int)ss->session_id_length;
409
15.6k
    if (!cb(ssl, ss->session_id, &tmp)) {
410
        /* The callback failed */
411
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
412
0
                 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
413
0
        return 0;
414
0
    }
415
    /*
416
     * Don't allow the callback to set the session length to zero. nor
417
     * set it higher than it was.
418
     */
419
15.6k
    if (tmp == 0 || tmp > ss->session_id_length) {
420
        /* The callback set an illegal length */
421
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
422
0
                 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
423
0
        return 0;
424
0
    }
425
15.6k
    ss->session_id_length = tmp;
426
    /* Finally, check for a conflict */
427
15.6k
    if (SSL_has_matching_session_id(ssl, ss->session_id,
428
15.6k
                                    (unsigned int)ss->session_id_length)) {
429
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT);
430
0
        return 0;
431
0
    }
432
433
15.6k
    return 1;
434
15.6k
}
435
436
int ssl_get_new_session(SSL_CONNECTION *s, int session)
437
51.5k
{
438
    /* This gets used by clients and servers. */
439
440
51.5k
    SSL_SESSION *ss = NULL;
441
442
51.5k
    if ((ss = SSL_SESSION_new()) == NULL) {
443
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB);
444
0
        return 0;
445
0
    }
446
447
    /* If the context has a default timeout, use it */
448
51.5k
    if (ossl_time_is_zero(s->session_ctx->session_timeout))
449
0
        ss->timeout = SSL_CONNECTION_GET_SSL(s)->method->get_timeout();
450
51.5k
    else
451
51.5k
        ss->timeout = s->session_ctx->session_timeout;
452
51.5k
    ssl_session_calculate_timeout(ss);
453
454
51.5k
    SSL_SESSION_free(s->session);
455
51.5k
    s->session = NULL;
456
457
51.5k
    if (session) {
458
12.2k
        if (SSL_CONNECTION_IS_TLS13(s)) {
459
            /*
460
             * We generate the session id while constructing the
461
             * NewSessionTicket in TLSv1.3.
462
             */
463
1.48k
            ss->session_id_length = 0;
464
10.7k
        } else if (!ssl_generate_session_id(s, ss)) {
465
            /* SSLfatal() already called */
466
0
            SSL_SESSION_free(ss);
467
0
            return 0;
468
0
        }
469
470
39.3k
    } else {
471
39.3k
        ss->session_id_length = 0;
472
39.3k
    }
473
474
51.5k
    if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
475
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
476
0
        SSL_SESSION_free(ss);
477
0
        return 0;
478
0
    }
479
51.5k
    memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
480
51.5k
    ss->sid_ctx_length = s->sid_ctx_length;
481
51.5k
    s->session = ss;
482
51.5k
    ss->ssl_version = s->version;
483
51.5k
    ss->verify_result = X509_V_OK;
484
485
    /* If client supports extended master secret set it in session */
486
51.5k
    if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)
487
1.29k
        ss->flags |= SSL_SESS_FLAG_EXTMS;
488
489
51.5k
    return 1;
490
51.5k
}
491
492
SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
493
                                  const unsigned char *sess_id,
494
                                  size_t sess_id_len)
495
287
{
496
287
    SSL_SESSION *ret = NULL;
497
498
287
    if ((s->session_ctx->session_cache_mode
499
287
         & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) {
500
287
        SSL_SESSION data;
501
502
287
        data.ssl_version = s->version;
503
287
        if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH))
504
0
            return NULL;
505
506
287
        memcpy(data.session_id, sess_id, sess_id_len);
507
287
        data.session_id_length = sess_id_len;
508
509
287
        if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock))
510
0
            return NULL;
511
287
        ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
512
287
        if (ret != NULL) {
513
            /* don't allow other threads to steal it: */
514
0
            SSL_SESSION_up_ref(ret);
515
0
        }
516
287
        CRYPTO_THREAD_unlock(s->session_ctx->lock);
517
287
        if (ret == NULL)
518
287
            ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_miss);
519
287
    }
520
521
287
    if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
522
0
        int copy = 1;
523
524
0
        ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_SSL(s),
525
0
                                             sess_id, sess_id_len, &copy);
526
527
0
        if (ret != NULL) {
528
0
            if (ret->not_resumable) {
529
                /* If its not resumable then ignore this session */
530
0
                if (!copy)
531
0
                    SSL_SESSION_free(ret);
532
0
                return NULL;
533
0
            }
534
0
            ssl_tsan_counter(s->session_ctx,
535
0
                             &s->session_ctx->stats.sess_cb_hit);
536
537
            /*
538
             * Increment reference count now if the session callback asks us
539
             * to do so (note that if the session structures returned by the
540
             * callback are shared between threads, it must handle the
541
             * reference count itself [i.e. copy == 0], or things won't be
542
             * thread-safe).
543
             */
544
0
            if (copy)
545
0
                SSL_SESSION_up_ref(ret);
546
547
            /*
548
             * Add the externally cached session to the internal cache as
549
             * well if and only if we are supposed to.
550
             */
551
0
            if ((s->session_ctx->session_cache_mode &
552
0
                 SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) {
553
                /*
554
                 * Either return value of SSL_CTX_add_session should not
555
                 * interrupt the session resumption process. The return
556
                 * value is intentionally ignored.
557
                 */
558
0
                (void)SSL_CTX_add_session(s->session_ctx, ret);
559
0
            }
560
0
        }
561
0
    }
562
563
287
    return ret;
564
287
}
565
566
/*-
567
 * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
568
 * connection. It is only called by servers.
569
 *
570
 *   hello: The parsed ClientHello data
571
 *
572
 * Returns:
573
 *   -1: fatal error
574
 *    0: no session found
575
 *    1: a session may have been found.
576
 *
577
 * Side effects:
578
 *   - If a session is found then s->session is pointed at it (after freeing an
579
 *     existing session if need be) and s->verify_result is set from the session.
580
 *   - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
581
 *     if the server should issue a new session ticket (to 0 otherwise).
582
 */
583
int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello)
584
16.0k
{
585
    /* This is used only by servers. */
586
587
16.0k
    SSL_SESSION *ret = NULL;
588
16.0k
    int fatal = 0;
589
16.0k
    int try_session_cache = 0;
590
16.0k
    SSL_TICKET_STATUS r;
591
592
16.0k
    if (SSL_CONNECTION_IS_TLS13(s)) {
593
        /*
594
         * By default we will send a new ticket. This can be overridden in the
595
         * ticket processing.
596
         */
597
3.48k
        s->ext.ticket_expected = 1;
598
3.48k
        if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
599
3.48k
                                 SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
600
3.48k
                                 NULL, 0)
601
3.48k
                || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO,
602
3.43k
                                        hello->pre_proc_exts, NULL, 0))
603
421
            return -1;
604
605
3.06k
        ret = s->session;
606
12.5k
    } else {
607
        /* sets s->ext.ticket_expected */
608
12.5k
        r = tls_get_ticket_from_client(s, hello, &ret);
609
12.5k
        switch (r) {
610
0
        case SSL_TICKET_FATAL_ERR_MALLOC:
611
0
        case SSL_TICKET_FATAL_ERR_OTHER:
612
0
            fatal = 1;
613
0
            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
614
0
            goto err;
615
10.5k
        case SSL_TICKET_NONE:
616
11.6k
        case SSL_TICKET_EMPTY:
617
11.6k
            if (hello->session_id_len > 0) {
618
287
                try_session_cache = 1;
619
287
                ret = lookup_sess_in_cache(s, hello->session_id,
620
287
                                           hello->session_id_len);
621
287
            }
622
11.6k
            break;
623
623
        case SSL_TICKET_NO_DECRYPT:
624
855
        case SSL_TICKET_SUCCESS:
625
855
        case SSL_TICKET_SUCCESS_RENEW:
626
855
            break;
627
12.5k
        }
628
12.5k
    }
629
630
15.5k
    if (ret == NULL)
631
15.3k
        goto err;
632
633
    /* Now ret is non-NULL and we own one of its reference counts. */
634
635
    /* Check TLS version consistency */
636
237
    if (ret->ssl_version != s->version)
637
7
        goto err;
638
639
230
    if (ret->sid_ctx_length != s->sid_ctx_length
640
230
        || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
641
        /*
642
         * We have the session requested by the client, but we don't want to
643
         * use it in this context.
644
         */
645
4
        goto err;               /* treat like cache miss */
646
4
    }
647
648
226
    if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
649
        /*
650
         * We can't be sure if this session is being used out of context,
651
         * which is especially important for SSL_VERIFY_PEER. The application
652
         * should have used SSL[_CTX]_set_session_id_context. For this error
653
         * case, we generate an error instead of treating the event like a
654
         * cache miss (otherwise it would be easy for applications to
655
         * effectively disable the session cache by accident without anyone
656
         * noticing).
657
         */
658
659
0
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
660
0
                 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
661
0
        fatal = 1;
662
0
        goto err;
663
0
    }
664
665
226
    if (sess_timedout(ossl_time_now(), ret)) {
666
4
        ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_timeout);
667
4
        if (try_session_cache) {
668
            /* session was from the cache, so remove it */
669
0
            SSL_CTX_remove_session(s->session_ctx, ret);
670
0
        }
671
4
        goto err;
672
4
    }
673
674
    /* Check extended master secret extension consistency */
675
222
    if (ret->flags & SSL_SESS_FLAG_EXTMS) {
676
        /* If old session includes extms, but new does not: abort handshake */
677
185
        if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
678
11
            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS);
679
11
            fatal = 1;
680
11
            goto err;
681
11
        }
682
185
    } else if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
683
        /* If new session includes extms, but old does not: do not resume */
684
12
        goto err;
685
12
    }
686
687
199
    if (!SSL_CONNECTION_IS_TLS13(s)) {
688
        /* We already did this for TLS1.3 */
689
197
        SSL_SESSION_free(s->session);
690
197
        s->session = ret;
691
197
    }
692
693
199
    ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_hit);
694
199
    s->verify_result = s->session->verify_result;
695
199
    return 1;
696
697
15.3k
 err:
698
15.3k
    if (ret != NULL) {
699
38
        SSL_SESSION_free(ret);
700
        /* In TLSv1.3 s->session was already set to ret, so we NULL it out */
701
38
        if (SSL_CONNECTION_IS_TLS13(s))
702
3
            s->session = NULL;
703
704
38
        if (!try_session_cache) {
705
            /*
706
             * The session was from a ticket, so we should issue a ticket for
707
             * the new session
708
             */
709
38
            s->ext.ticket_expected = 1;
710
38
        }
711
38
    }
712
15.3k
    if (fatal)
713
11
        return -1;
714
715
15.3k
    return 0;
716
15.3k
}
717
718
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
719
721
{
720
721
    int ret = 0;
721
721
    SSL_SESSION *s;
722
723
    /*
724
     * add just 1 reference count for the SSL_CTX's session cache even though
725
     * it has two ways of access: each session is in a doubly linked list and
726
     * an lhash
727
     */
728
721
    SSL_SESSION_up_ref(c);
729
    /*
730
     * if session c is in already in cache, we take back the increment later
731
     */
732
733
721
    if (!CRYPTO_THREAD_write_lock(ctx->lock)) {
734
0
        SSL_SESSION_free(c);
735
0
        return 0;
736
0
    }
737
721
    s = lh_SSL_SESSION_insert(ctx->sessions, c);
738
739
    /*
740
     * s != NULL iff we already had a session with the given PID. In this
741
     * case, s == c should hold (then we did not really modify
742
     * ctx->sessions), or we're in trouble.
743
     */
744
721
    if (s != NULL && s != c) {
745
        /* We *are* in trouble ... */
746
0
        SSL_SESSION_list_remove(ctx, s);
747
0
        SSL_SESSION_free(s);
748
        /*
749
         * ... so pretend the other session did not exist in cache (we cannot
750
         * handle two SSL_SESSION structures with identical session ID in the
751
         * same cache, which could happen e.g. when two threads concurrently
752
         * obtain the same session from an external cache)
753
         */
754
0
        s = NULL;
755
721
    } else if (s == NULL &&
756
721
               lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
757
        /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
758
759
        /*
760
         * ... so take back the extra reference and also don't add
761
         * the session to the SSL_SESSION_list at this time
762
         */
763
0
        s = c;
764
0
    }
765
766
    /* Adjust last used time, and add back into the cache at the appropriate spot */
767
721
    if (ctx->session_cache_mode & SSL_SESS_CACHE_UPDATE_TIME) {
768
0
        c->time = ossl_time_now();
769
0
        ssl_session_calculate_timeout(c);
770
0
    }
771
772
721
    if (s == NULL) {
773
        /*
774
         * new cache entry -- remove old ones if cache has become too large
775
         * delete cache entry *before* add, so we don't remove the one we're adding!
776
         */
777
778
721
        ret = 1;
779
780
721
        if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
781
721
            while (SSL_CTX_sess_number(ctx) >= SSL_CTX_sess_get_cache_size(ctx)) {
782
0
                if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
783
0
                    break;
784
0
                else
785
0
                    ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full);
786
0
            }
787
721
        }
788
721
    }
789
790
721
    SSL_SESSION_list_add(ctx, c);
791
792
721
    if (s != NULL) {
793
        /*
794
         * existing cache entry -- decrement previously incremented reference
795
         * count because it already takes into account the cache
796
         */
797
798
0
        SSL_SESSION_free(s);    /* s == c */
799
0
        ret = 0;
800
0
    }
801
721
    CRYPTO_THREAD_unlock(ctx->lock);
802
721
    return ret;
803
721
}
804
805
int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
806
44.6k
{
807
44.6k
    return remove_session_lock(ctx, c, 1);
808
44.6k
}
809
810
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
811
44.6k
{
812
44.6k
    SSL_SESSION *r;
813
44.6k
    int ret = 0;
814
815
44.6k
    if ((c != NULL) && (c->session_id_length != 0)) {
816
15.4k
        if (lck) {
817
15.4k
            if (!CRYPTO_THREAD_write_lock(ctx->lock))
818
0
                return 0;
819
15.4k
        }
820
15.4k
        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
821
630
            ret = 1;
822
630
            r = lh_SSL_SESSION_delete(ctx->sessions, r);
823
630
            SSL_SESSION_list_remove(ctx, r);
824
630
        }
825
15.4k
        c->not_resumable = 1;
826
827
15.4k
        if (lck)
828
15.4k
            CRYPTO_THREAD_unlock(ctx->lock);
829
830
15.4k
        if (ctx->remove_session_cb != NULL)
831
0
            ctx->remove_session_cb(ctx, c);
832
833
15.4k
        if (ret)
834
630
            SSL_SESSION_free(r);
835
15.4k
    }
836
44.6k
    return ret;
837
44.6k
}
838
839
void SSL_SESSION_free(SSL_SESSION *ss)
840
481k
{
841
481k
    int i;
842
843
481k
    if (ss == NULL)
844
403k
        return;
845
77.8k
    CRYPTO_DOWN_REF(&ss->references, &i);
846
77.8k
    REF_PRINT_COUNT("SSL_SESSION", ss);
847
77.8k
    if (i > 0)
848
721
        return;
849
77.1k
    REF_ASSERT_ISNT(i < 0);
850
851
77.1k
    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
852
853
77.1k
    OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
854
77.1k
    OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
855
77.1k
    X509_free(ss->peer);
856
77.1k
    EVP_PKEY_free(ss->peer_rpk);
857
77.1k
    OSSL_STACK_OF_X509_free(ss->peer_chain);
858
77.1k
    OPENSSL_free(ss->ext.hostname);
859
77.1k
    OPENSSL_free(ss->ext.tick);
860
77.1k
#ifndef OPENSSL_NO_PSK
861
77.1k
    OPENSSL_free(ss->psk_identity_hint);
862
77.1k
    OPENSSL_free(ss->psk_identity);
863
77.1k
#endif
864
77.1k
#ifndef OPENSSL_NO_SRP
865
77.1k
    OPENSSL_free(ss->srp_username);
866
77.1k
#endif
867
77.1k
    OPENSSL_free(ss->ext.alpn_selected);
868
77.1k
    OPENSSL_free(ss->ticket_appdata);
869
77.1k
    CRYPTO_FREE_REF(&ss->references);
870
77.1k
    OPENSSL_clear_free(ss, sizeof(*ss));
871
77.1k
}
872
873
int SSL_SESSION_up_ref(SSL_SESSION *ss)
874
721
{
875
721
    int i;
876
877
721
    if (CRYPTO_UP_REF(&ss->references, &i) <= 0)
878
0
        return 0;
879
880
721
    REF_PRINT_COUNT("SSL_SESSION", ss);
881
721
    REF_ASSERT_ISNT(i < 2);
882
721
    return ((i > 1) ? 1 : 0);
883
721
}
884
885
int SSL_set_session(SSL *s, SSL_SESSION *session)
886
0
{
887
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
888
889
0
    if (sc == NULL)
890
0
        return 0;
891
892
0
    ssl_clear_bad_session(sc);
893
0
    if (s->defltmeth != s->method) {
894
0
        if (!SSL_set_ssl_method(s, s->defltmeth))
895
0
            return 0;
896
0
    }
897
898
0
    if (session != NULL) {
899
0
        SSL_SESSION_up_ref(session);
900
0
        sc->verify_result = session->verify_result;
901
0
    }
902
0
    SSL_SESSION_free(sc->session);
903
0
    sc->session = session;
904
905
0
    return 1;
906
0
}
907
908
int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
909
                        unsigned int sid_len)
910
0
{
911
0
    if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
912
0
      ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG);
913
0
      return 0;
914
0
    }
915
0
    s->session_id_length = sid_len;
916
0
    if (sid != s->session_id && sid_len > 0)
917
0
        memcpy(s->session_id, sid, sid_len);
918
919
0
    return 1;
920
0
}
921
922
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
923
0
{
924
0
    OSSL_TIME new_timeout = ossl_seconds2time(t);
925
926
0
    if (s == NULL || t < 0)
927
0
        return 0;
928
0
    if (s->owner != NULL) {
929
0
        if (!CRYPTO_THREAD_write_lock(s->owner->lock))
930
0
            return 0;
931
0
        s->timeout = new_timeout;
932
0
        ssl_session_calculate_timeout(s);
933
0
        SSL_SESSION_list_add(s->owner, s);
934
0
        CRYPTO_THREAD_unlock(s->owner->lock);
935
0
    } else {
936
0
        s->timeout = new_timeout;
937
0
        ssl_session_calculate_timeout(s);
938
0
    }
939
0
    return 1;
940
0
}
941
942
long SSL_SESSION_get_timeout(const SSL_SESSION *s)
943
0
{
944
0
    if (s == NULL)
945
0
        return 0;
946
0
    return (long)ossl_time_to_time_t(s->timeout);
947
0
}
948
949
long SSL_SESSION_get_time(const SSL_SESSION *s)
950
0
{
951
0
    if (s == NULL)
952
0
        return 0;
953
0
    return (long)ossl_time_to_time_t(s->time);
954
0
}
955
956
long SSL_SESSION_set_time(SSL_SESSION *s, long t)
957
0
{
958
0
    OSSL_TIME new_time = ossl_time_from_time_t((time_t)t);
959
960
0
    if (s == NULL)
961
0
        return 0;
962
0
    if (s->owner != NULL) {
963
0
        if (!CRYPTO_THREAD_write_lock(s->owner->lock))
964
0
            return 0;
965
0
        s->time = new_time;
966
0
        ssl_session_calculate_timeout(s);
967
0
        SSL_SESSION_list_add(s->owner, s);
968
0
        CRYPTO_THREAD_unlock(s->owner->lock);
969
0
    } else {
970
0
        s->time = new_time;
971
0
        ssl_session_calculate_timeout(s);
972
0
    }
973
0
    return t;
974
0
}
975
976
int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
977
0
{
978
0
    return s->ssl_version;
979
0
}
980
981
int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
982
0
{
983
0
    s->ssl_version = version;
984
0
    return 1;
985
0
}
986
987
const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
988
0
{
989
0
    return s->cipher;
990
0
}
991
992
int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher)
993
0
{
994
0
    s->cipher = cipher;
995
0
    return 1;
996
0
}
997
998
const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
999
0
{
1000
0
    return s->ext.hostname;
1001
0
}
1002
1003
int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
1004
0
{
1005
0
    OPENSSL_free(s->ext.hostname);
1006
0
    if (hostname == NULL) {
1007
0
        s->ext.hostname = NULL;
1008
0
        return 1;
1009
0
    }
1010
0
    s->ext.hostname = OPENSSL_strdup(hostname);
1011
1012
0
    return s->ext.hostname != NULL;
1013
0
}
1014
1015
int SSL_SESSION_has_ticket(const SSL_SESSION *s)
1016
0
{
1017
0
    return (s->ext.ticklen > 0) ? 1 : 0;
1018
0
}
1019
1020
unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
1021
0
{
1022
0
    return s->ext.tick_lifetime_hint;
1023
0
}
1024
1025
void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
1026
                             size_t *len)
1027
0
{
1028
0
    *len = s->ext.ticklen;
1029
0
    if (tick != NULL)
1030
0
        *tick = s->ext.tick;
1031
0
}
1032
1033
uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
1034
0
{
1035
0
    return s->ext.max_early_data;
1036
0
}
1037
1038
int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
1039
0
{
1040
0
    s->ext.max_early_data = max_early_data;
1041
1042
0
    return 1;
1043
0
}
1044
1045
void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
1046
                                    const unsigned char **alpn,
1047
                                    size_t *len)
1048
0
{
1049
0
    *alpn = s->ext.alpn_selected;
1050
0
    *len = s->ext.alpn_selected_len;
1051
0
}
1052
1053
int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
1054
                                   size_t len)
1055
0
{
1056
0
    OPENSSL_free(s->ext.alpn_selected);
1057
0
    if (alpn == NULL || len == 0) {
1058
0
        s->ext.alpn_selected = NULL;
1059
0
        s->ext.alpn_selected_len = 0;
1060
0
        return 1;
1061
0
    }
1062
0
    s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
1063
0
    if (s->ext.alpn_selected == NULL) {
1064
0
        s->ext.alpn_selected_len = 0;
1065
0
        return 0;
1066
0
    }
1067
0
    s->ext.alpn_selected_len = len;
1068
1069
0
    return 1;
1070
0
}
1071
1072
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
1073
0
{
1074
0
    return s->peer;
1075
0
}
1076
1077
EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s)
1078
0
{
1079
0
    return s->peer_rpk;
1080
0
}
1081
1082
int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
1083
                                unsigned int sid_ctx_len)
1084
0
{
1085
0
    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
1086
0
        ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
1087
0
        return 0;
1088
0
    }
1089
0
    s->sid_ctx_length = sid_ctx_len;
1090
0
    if (sid_ctx != s->sid_ctx)
1091
0
        memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
1092
1093
0
    return 1;
1094
0
}
1095
1096
int SSL_SESSION_is_resumable(const SSL_SESSION *s)
1097
1.46k
{
1098
    /*
1099
     * In the case of EAP-FAST, we can have a pre-shared "ticket" without a
1100
     * session ID.
1101
     */
1102
1.46k
    return !s->not_resumable
1103
1.46k
           && (s->session_id_length > 0 || s->ext.ticklen > 0);
1104
1.46k
}
1105
1106
long SSL_CTX_set_timeout(SSL_CTX *s, long t)
1107
0
{
1108
0
    long l;
1109
1110
0
    if (s == NULL)
1111
0
        return 0;
1112
0
    l = (long)ossl_time2seconds(s->session_timeout);
1113
0
    s->session_timeout = ossl_seconds2time(t);
1114
0
    return l;
1115
0
}
1116
1117
long SSL_CTX_get_timeout(const SSL_CTX *s)
1118
0
{
1119
0
    if (s == NULL)
1120
0
        return 0;
1121
0
    return (long)ossl_time2seconds(s->session_timeout);
1122
0
}
1123
1124
int SSL_set_session_secret_cb(SSL *s,
1125
                              tls_session_secret_cb_fn tls_session_secret_cb,
1126
                              void *arg)
1127
0
{
1128
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1129
1130
0
    if (sc == NULL)
1131
0
        return 0;
1132
1133
0
    sc->ext.session_secret_cb = tls_session_secret_cb;
1134
0
    sc->ext.session_secret_cb_arg = arg;
1135
0
    return 1;
1136
0
}
1137
1138
int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
1139
                                  void *arg)
1140
0
{
1141
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1142
1143
0
    if (sc == NULL)
1144
0
        return 0;
1145
1146
0
    sc->ext.session_ticket_cb = cb;
1147
0
    sc->ext.session_ticket_cb_arg = arg;
1148
0
    return 1;
1149
0
}
1150
1151
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
1152
0
{
1153
0
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1154
1155
0
    if (sc == NULL)
1156
0
        return 0;
1157
1158
0
    if (sc->version >= TLS1_VERSION) {
1159
0
        OPENSSL_free(sc->ext.session_ticket);
1160
0
        sc->ext.session_ticket = NULL;
1161
0
        sc->ext.session_ticket =
1162
0
            OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
1163
0
        if (sc->ext.session_ticket == NULL)
1164
0
            return 0;
1165
1166
0
        if (ext_data != NULL) {
1167
0
            sc->ext.session_ticket->length = ext_len;
1168
0
            sc->ext.session_ticket->data = sc->ext.session_ticket + 1;
1169
0
            memcpy(sc->ext.session_ticket->data, ext_data, ext_len);
1170
0
        } else {
1171
0
            sc->ext.session_ticket->length = 0;
1172
0
            sc->ext.session_ticket->data = NULL;
1173
0
        }
1174
1175
0
        return 1;
1176
0
    }
1177
1178
0
    return 0;
1179
0
}
1180
1181
void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
1182
47.9k
{
1183
47.9k
    STACK_OF(SSL_SESSION) *sk;
1184
47.9k
    SSL_SESSION *current;
1185
47.9k
    unsigned long i;
1186
47.9k
    const OSSL_TIME timeout = ossl_time_from_time_t(t);
1187
1188
47.9k
    if (!CRYPTO_THREAD_write_lock(s->lock))
1189
0
        return;
1190
1191
47.9k
    sk = sk_SSL_SESSION_new_null();
1192
47.9k
    i = lh_SSL_SESSION_get_down_load(s->sessions);
1193
47.9k
    lh_SSL_SESSION_set_down_load(s->sessions, 0);
1194
1195
    /*
1196
     * Iterate over the list from the back (oldest), and stop
1197
     * when a session can no longer be removed.
1198
     * Add the session to a temporary list to be freed outside
1199
     * the SSL_CTX lock.
1200
     * But still do the remove_session_cb() within the lock.
1201
     */
1202
48.0k
    while (s->session_cache_tail != NULL) {
1203
35
        current = s->session_cache_tail;
1204
35
        if (t == 0 || sess_timedout(timeout, current)) {
1205
35
            lh_SSL_SESSION_delete(s->sessions, current);
1206
35
            SSL_SESSION_list_remove(s, current);
1207
35
            current->not_resumable = 1;
1208
35
            if (s->remove_session_cb != NULL)
1209
0
                s->remove_session_cb(s, current);
1210
            /*
1211
             * Throw the session on a stack, it's entirely plausible
1212
             * that while freeing outside the critical section, the
1213
             * session could be re-added, so avoid using the next/prev
1214
             * pointers. If the stack failed to create, or the session
1215
             * couldn't be put on the stack, just free it here
1216
             */
1217
35
            if (sk == NULL || !sk_SSL_SESSION_push(sk, current))
1218
0
                SSL_SESSION_free(current);
1219
35
        } else {
1220
0
            break;
1221
0
        }
1222
35
    }
1223
1224
47.9k
    lh_SSL_SESSION_set_down_load(s->sessions, i);
1225
47.9k
    CRYPTO_THREAD_unlock(s->lock);
1226
1227
47.9k
    sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free);
1228
47.9k
}
1229
1230
int ssl_clear_bad_session(SSL_CONNECTION *s)
1231
227k
{
1232
227k
    if ((s->session != NULL) &&
1233
227k
        !(s->shutdown & SSL_SENT_SHUTDOWN) &&
1234
227k
        !(SSL_in_init(SSL_CONNECTION_GET_SSL(s))
1235
72.6k
          || SSL_in_before(SSL_CONNECTION_GET_SSL(s)))) {
1236
3.84k
        SSL_CTX_remove_session(s->session_ctx, s->session);
1237
3.84k
        return 1;
1238
3.84k
    } else
1239
224k
        return 0;
1240
227k
}
1241
1242
/* locked by SSL_CTX in the calling function */
1243
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
1244
721
{
1245
721
    if ((s->next == NULL) || (s->prev == NULL))
1246
0
        return;
1247
1248
721
    if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
1249
        /* last element in list */
1250
721
        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1251
            /* only one element in list */
1252
721
            ctx->session_cache_head = NULL;
1253
721
            ctx->session_cache_tail = NULL;
1254
721
        } else {
1255
0
            ctx->session_cache_tail = s->prev;
1256
0
            s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1257
0
        }
1258
721
    } else {
1259
0
        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1260
            /* first element in list */
1261
0
            ctx->session_cache_head = s->next;
1262
0
            s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1263
0
        } else {
1264
            /* middle of list */
1265
0
            s->next->prev = s->prev;
1266
0
            s->prev->next = s->next;
1267
0
        }
1268
0
    }
1269
721
    s->prev = s->next = NULL;
1270
721
    s->owner = NULL;
1271
721
}
1272
1273
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
1274
721
{
1275
721
    SSL_SESSION *next;
1276
1277
721
    if ((s->next != NULL) && (s->prev != NULL))
1278
0
        SSL_SESSION_list_remove(ctx, s);
1279
1280
721
    if (ctx->session_cache_head == NULL) {
1281
721
        ctx->session_cache_head = s;
1282
721
        ctx->session_cache_tail = s;
1283
721
        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1284
721
        s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1285
721
    } else {
1286
0
        if (timeoutcmp(s, ctx->session_cache_head) >= 0) {
1287
            /*
1288
             * if we timeout after (or the same time as) the first
1289
             * session, put us first - usual case
1290
             */
1291
0
            s->next = ctx->session_cache_head;
1292
0
            s->next->prev = s;
1293
0
            s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1294
0
            ctx->session_cache_head = s;
1295
0
        } else if (timeoutcmp(s, ctx->session_cache_tail) < 0) {
1296
            /* if we timeout before the last session, put us last */
1297
0
            s->prev = ctx->session_cache_tail;
1298
0
            s->prev->next = s;
1299
0
            s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1300
0
            ctx->session_cache_tail = s;
1301
0
        } else {
1302
            /*
1303
             * we timeout somewhere in-between - if there is only
1304
             * one session in the cache it will be caught above
1305
             */
1306
0
            next = ctx->session_cache_head->next;
1307
0
            while (next != (SSL_SESSION*)&(ctx->session_cache_tail)) {
1308
0
                if (timeoutcmp(s, next) >= 0) {
1309
0
                    s->next = next;
1310
0
                    s->prev = next->prev;
1311
0
                    next->prev->next = s;
1312
0
                    next->prev = s;
1313
0
                    break;
1314
0
                }
1315
0
                next = next->next;
1316
0
            }
1317
0
        }
1318
0
    }
1319
721
    s->owner = ctx;
1320
721
}
1321
1322
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1323
                             int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
1324
0
{
1325
0
    ctx->new_session_cb = cb;
1326
0
}
1327
1328
0
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
1329
0
    return ctx->new_session_cb;
1330
0
}
1331
1332
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1333
                                void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
1334
0
{
1335
0
    ctx->remove_session_cb = cb;
1336
0
}
1337
1338
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
1339
0
                                                  SSL_SESSION *sess) {
1340
0
    return ctx->remove_session_cb;
1341
0
}
1342
1343
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
1344
                             SSL_SESSION *(*cb) (SSL *ssl,
1345
                                                 const unsigned char *data,
1346
                                                 int len, int *copy))
1347
0
{
1348
0
    ctx->get_session_cb = cb;
1349
0
}
1350
1351
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
1352
                                                       const unsigned char
1353
                                                       *data, int len,
1354
0
                                                       int *copy) {
1355
0
    return ctx->get_session_cb;
1356
0
}
1357
1358
void SSL_CTX_set_info_callback(SSL_CTX *ctx,
1359
                               void (*cb) (const SSL *ssl, int type, int val))
1360
0
{
1361
0
    ctx->info_callback = cb;
1362
0
}
1363
1364
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
1365
0
                                                 int val) {
1366
0
    return ctx->info_callback;
1367
0
}
1368
1369
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1370
                                int (*cb) (SSL *ssl, X509 **x509,
1371
                                           EVP_PKEY **pkey))
1372
0
{
1373
0
    ctx->client_cert_cb = cb;
1374
0
}
1375
1376
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
1377
0
                                                 EVP_PKEY **pkey) {
1378
0
    return ctx->client_cert_cb;
1379
0
}
1380
1381
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1382
                                    int (*cb) (SSL *ssl,
1383
                                               unsigned char *cookie,
1384
                                               unsigned int *cookie_len))
1385
0
{
1386
0
    ctx->app_gen_cookie_cb = cb;
1387
0
}
1388
1389
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1390
                                  int (*cb) (SSL *ssl,
1391
                                             const unsigned char *cookie,
1392
                                             unsigned int cookie_len))
1393
0
{
1394
0
    ctx->app_verify_cookie_cb = cb;
1395
0
}
1396
1397
int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len)
1398
0
{
1399
0
    OPENSSL_free(ss->ticket_appdata);
1400
0
    ss->ticket_appdata_len = 0;
1401
0
    if (data == NULL || len == 0) {
1402
0
        ss->ticket_appdata = NULL;
1403
0
        return 1;
1404
0
    }
1405
0
    ss->ticket_appdata = OPENSSL_memdup(data, len);
1406
0
    if (ss->ticket_appdata != NULL) {
1407
0
        ss->ticket_appdata_len = len;
1408
0
        return 1;
1409
0
    }
1410
0
    return 0;
1411
0
}
1412
1413
int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len)
1414
0
{
1415
0
    *data = ss->ticket_appdata;
1416
0
    *len = ss->ticket_appdata_len;
1417
0
    return 1;
1418
0
}
1419
1420
void SSL_CTX_set_stateless_cookie_generate_cb(
1421
    SSL_CTX *ctx,
1422
    int (*cb) (SSL *ssl,
1423
               unsigned char *cookie,
1424
               size_t *cookie_len))
1425
0
{
1426
0
    ctx->gen_stateless_cookie_cb = cb;
1427
0
}
1428
1429
void SSL_CTX_set_stateless_cookie_verify_cb(
1430
    SSL_CTX *ctx,
1431
    int (*cb) (SSL *ssl,
1432
               const unsigned char *cookie,
1433
               size_t cookie_len))
1434
0
{
1435
0
    ctx->verify_stateless_cookie_cb = cb;
1436
0
}
1437
1438
IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)