xref: /openssl/ssl/ssl_sess.c (revision dc84829c)
1 /*
2  * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright 2005 Nokia. All rights reserved.
4  *
5  * Licensed under the Apache License 2.0 (the "License").  You may not use
6  * this file except in compliance with the License.  You can obtain a copy
7  * in the file LICENSE in the source distribution or at
8  * https://www.openssl.org/source/license.html
9  */
10 
11 #if defined(__TANDEM) && defined(_SPT_MODEL_)
12 # include <spthread.h>
13 # include <spt_extensions.h> /* timeval */
14 #endif
15 #include <stdio.h>
16 #include <openssl/rand.h>
17 #include <openssl/engine.h>
18 #include "internal/refcount.h"
19 #include "internal/cryptlib.h"
20 #include "ssl_local.h"
21 #include "statem/statem_local.h"
22 
23 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
24 static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
25 static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
26 
DEFINE_STACK_OF(SSL_SESSION)27 DEFINE_STACK_OF(SSL_SESSION)
28 
29 __owur static ossl_inline int sess_timedout(OSSL_TIME t, SSL_SESSION *ss)
30 {
31     return ossl_time_compare(t, ss->calc_timeout) > 0;
32 }
33 
34 /*
35  * Returns -1/0/+1 as other XXXcmp-type functions
36  * Takes calculated timeout into consideration
37  */
timeoutcmp(SSL_SESSION * a,SSL_SESSION * b)38 __owur static ossl_inline int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b)
39 {
40     return ossl_time_compare(a->calc_timeout, b->calc_timeout);
41 }
42 
43 /*
44  * Calculates effective timeout
45  * Locking must be done by the caller of this function
46  */
ssl_session_calculate_timeout(SSL_SESSION * ss)47 void ssl_session_calculate_timeout(SSL_SESSION *ss)
48 {
49     ss->calc_timeout = ossl_time_add(ss->time, ss->timeout);
50 }
51 
52 /*
53  * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because,
54  * unlike in earlier protocol versions, the session ticket may not have been
55  * sent yet even though a handshake has finished. The session ticket data could
56  * come in sometime later...or even change if multiple session ticket messages
57  * are sent from the server. The preferred way for applications to obtain
58  * a resumable session is to use SSL_CTX_sess_set_new_cb().
59  */
60 
SSL_get_session(const SSL * ssl)61 SSL_SESSION *SSL_get_session(const SSL *ssl)
62 /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
63 {
64     const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
65 
66     if (sc == NULL)
67         return NULL;
68 
69     return sc->session;
70 }
71 
SSL_get1_session(SSL * ssl)72 SSL_SESSION *SSL_get1_session(SSL *ssl)
73 /* variant of SSL_get_session: caller really gets something */
74 {
75     SSL_SESSION *sess;
76 
77     /*
78      * Need to lock this all up rather than just use CRYPTO_add so that
79      * somebody doesn't free ssl->session between when we check it's non-null
80      * and when we up the reference count.
81      */
82     if (!CRYPTO_THREAD_read_lock(ssl->lock))
83         return NULL;
84     sess = SSL_get_session(ssl);
85     if (sess != NULL)
86         SSL_SESSION_up_ref(sess);
87     CRYPTO_THREAD_unlock(ssl->lock);
88     return sess;
89 }
90 
SSL_SESSION_set_ex_data(SSL_SESSION * s,int idx,void * arg)91 int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
92 {
93     return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
94 }
95 
SSL_SESSION_get_ex_data(const SSL_SESSION * s,int idx)96 void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
97 {
98     return CRYPTO_get_ex_data(&s->ex_data, idx);
99 }
100 
SSL_SESSION_new(void)101 SSL_SESSION *SSL_SESSION_new(void)
102 {
103     SSL_SESSION *ss;
104 
105     if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
106         return NULL;
107 
108     ss = OPENSSL_zalloc(sizeof(*ss));
109     if (ss == NULL)
110         return NULL;
111 
112     ss->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_UNSPECIFIED;
113     ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
114    /* 5 minute timeout by default */
115     ss->timeout = ossl_seconds2time(60 * 5 + 4);
116     ss->time = ossl_time_now();
117     ssl_session_calculate_timeout(ss);
118     if (!CRYPTO_NEW_REF(&ss->references, 1)) {
119         OPENSSL_free(ss);
120         return NULL;
121     }
122 
123     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
124         CRYPTO_FREE_REF(&ss->references);
125         OPENSSL_free(ss);
126         return NULL;
127     }
128     return ss;
129 }
130 
131 /*
132  * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
133  * ticket == 0 then no ticket information is duplicated, otherwise it is.
134  */
ssl_session_dup_intern(const SSL_SESSION * src,int ticket)135 static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
136 {
137     SSL_SESSION *dest;
138 
139     dest = OPENSSL_malloc(sizeof(*dest));
140     if (dest == NULL)
141         return NULL;
142 
143     /*
144      * src is logically read-only but the prev/next pointers are not, they are
145      * part of the session cache and can be modified concurrently.
146      */
147     memcpy(dest, src, offsetof(SSL_SESSION, prev));
148 
149     /*
150      * Set the various pointers to NULL so that we can call SSL_SESSION_free in
151      * the case of an error whilst halfway through constructing dest
152      */
153 #ifndef OPENSSL_NO_PSK
154     dest->psk_identity_hint = NULL;
155     dest->psk_identity = NULL;
156 #endif
157     dest->ext.hostname = NULL;
158     dest->ext.tick = NULL;
159     dest->ext.alpn_selected = NULL;
160 #ifndef OPENSSL_NO_SRP
161     dest->srp_username = NULL;
162 #endif
163     dest->peer_chain = NULL;
164     dest->peer = NULL;
165     dest->peer_rpk = NULL;
166     dest->ticket_appdata = NULL;
167     memset(&dest->ex_data, 0, sizeof(dest->ex_data));
168 
169     /* As the copy is not in the cache, we remove the associated pointers */
170     dest->prev = NULL;
171     dest->next = NULL;
172     dest->owner = NULL;
173 
174     if (!CRYPTO_NEW_REF(&dest->references, 1)) {
175         OPENSSL_free(dest);
176         return NULL;
177     }
178 
179     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) {
180         ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
181         goto err;
182     }
183 
184     if (src->peer != NULL) {
185         if (!X509_up_ref(src->peer)) {
186             ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
187             goto err;
188         }
189         dest->peer = src->peer;
190     }
191 
192     if (src->peer_chain != NULL) {
193         dest->peer_chain = X509_chain_up_ref(src->peer_chain);
194         if (dest->peer_chain == NULL) {
195             ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
196             goto err;
197         }
198     }
199 
200     if (src->peer_rpk != NULL) {
201         if (!EVP_PKEY_up_ref(src->peer_rpk))
202             goto err;
203         dest->peer_rpk = src->peer_rpk;
204     }
205 
206 #ifndef OPENSSL_NO_PSK
207     if (src->psk_identity_hint) {
208         dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
209         if (dest->psk_identity_hint == NULL)
210             goto err;
211     }
212     if (src->psk_identity) {
213         dest->psk_identity = OPENSSL_strdup(src->psk_identity);
214         if (dest->psk_identity == NULL)
215             goto err;
216     }
217 #endif
218 
219     if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
220                             &dest->ex_data, &src->ex_data)) {
221         ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
222         goto err;
223     }
224 
225     if (src->ext.hostname) {
226         dest->ext.hostname = OPENSSL_strdup(src->ext.hostname);
227         if (dest->ext.hostname == NULL)
228             goto err;
229     }
230 
231     if (ticket != 0 && src->ext.tick != NULL) {
232         dest->ext.tick =
233             OPENSSL_memdup(src->ext.tick, src->ext.ticklen);
234         if (dest->ext.tick == NULL)
235             goto err;
236     } else {
237         dest->ext.tick_lifetime_hint = 0;
238         dest->ext.ticklen = 0;
239     }
240 
241     if (src->ext.alpn_selected != NULL) {
242         dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected,
243                                                  src->ext.alpn_selected_len);
244         if (dest->ext.alpn_selected == NULL)
245             goto err;
246     }
247 
248 #ifndef OPENSSL_NO_SRP
249     if (src->srp_username) {
250         dest->srp_username = OPENSSL_strdup(src->srp_username);
251         if (dest->srp_username == NULL)
252             goto err;
253     }
254 #endif
255 
256     if (src->ticket_appdata != NULL) {
257         dest->ticket_appdata =
258             OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len);
259         if (dest->ticket_appdata == NULL)
260             goto err;
261     }
262 
263     return dest;
264  err:
265     SSL_SESSION_free(dest);
266     return NULL;
267 }
268 
SSL_SESSION_dup(const SSL_SESSION * src)269 SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
270 {
271     return ssl_session_dup_intern(src, 1);
272 }
273 
274 /*
275  * Used internally when duplicating a session which might be already shared.
276  * We will have resumed the original session. Subsequently we might have marked
277  * it as non-resumable (e.g. in another thread) - but this copy should be ok to
278  * resume from.
279  */
ssl_session_dup(const SSL_SESSION * src,int ticket)280 SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
281 {
282     SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
283 
284     if (sess != NULL)
285         sess->not_resumable = 0;
286 
287     return sess;
288 }
289 
SSL_SESSION_get_id(const SSL_SESSION * s,unsigned int * len)290 const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
291 {
292     if (len)
293         *len = (unsigned int)s->session_id_length;
294     return s->session_id;
295 }
296 
SSL_SESSION_get0_id_context(const SSL_SESSION * s,unsigned int * len)297 const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
298                                                 unsigned int *len)
299 {
300     if (len != NULL)
301         *len = (unsigned int)s->sid_ctx_length;
302     return s->sid_ctx;
303 }
304 
SSL_SESSION_get_compress_id(const SSL_SESSION * s)305 unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
306 {
307     return s->compress_meth;
308 }
309 
310 /*
311  * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
312  * the ID with random junk repeatedly until we have no conflict is going to
313  * complete in one iteration pretty much "most" of the time (btw:
314  * understatement). So, if it takes us 10 iterations and we still can't avoid
315  * a conflict - well that's a reasonable point to call it quits. Either the
316  * RAND code is broken or someone is trying to open roughly very close to
317  * 2^256 SSL sessions to our server. How you might store that many sessions
318  * is perhaps a more interesting question ...
319  */
320 
321 #define MAX_SESS_ID_ATTEMPTS 10
def_generate_session_id(SSL * ssl,unsigned char * id,unsigned int * id_len)322 static int def_generate_session_id(SSL *ssl, unsigned char *id,
323                                    unsigned int *id_len)
324 {
325     unsigned int retry = 0;
326     do {
327         if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0)
328             return 0;
329 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
330         if (retry > 0) {
331             id[0]++;
332         }
333 #endif
334     } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
335            (++retry < MAX_SESS_ID_ATTEMPTS)) ;
336     if (retry < MAX_SESS_ID_ATTEMPTS)
337         return 1;
338     /* else - woops a session_id match */
339     /*
340      * XXX We should also check the external cache -- but the probability of
341      * a collision is negligible, and we could not prevent the concurrent
342      * creation of sessions with identical IDs since we currently don't have
343      * means to atomically check whether a session ID already exists and make
344      * a reservation for it if it does not (this problem applies to the
345      * internal cache as well).
346      */
347     return 0;
348 }
349 
ssl_generate_session_id(SSL_CONNECTION * s,SSL_SESSION * ss)350 int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss)
351 {
352     unsigned int tmp;
353     GEN_SESSION_CB cb = def_generate_session_id;
354     SSL *ssl = SSL_CONNECTION_GET_SSL(s);
355 
356     switch (s->version) {
357     case SSL3_VERSION:
358     case TLS1_VERSION:
359     case TLS1_1_VERSION:
360     case TLS1_2_VERSION:
361     case TLS1_3_VERSION:
362     case DTLS1_BAD_VER:
363     case DTLS1_VERSION:
364     case DTLS1_2_VERSION:
365         ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
366         break;
367     default:
368         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNSUPPORTED_SSL_VERSION);
369         return 0;
370     }
371 
372     /*-
373      * If RFC5077 ticket, use empty session ID (as server).
374      * Note that:
375      * (a) ssl_get_prev_session() does lookahead into the
376      *     ClientHello extensions to find the session ticket.
377      *     When ssl_get_prev_session() fails, statem_srvr.c calls
378      *     ssl_get_new_session() in tls_process_client_hello().
379      *     At that point, it has not yet parsed the extensions,
380      *     however, because of the lookahead, it already knows
381      *     whether a ticket is expected or not.
382      *
383      * (b) statem_clnt.c calls ssl_get_new_session() before parsing
384      *     ServerHello extensions, and before recording the session
385      *     ID received from the server, so this block is a noop.
386      */
387     if (s->ext.ticket_expected) {
388         ss->session_id_length = 0;
389         return 1;
390     }
391 
392     /* Choose which callback will set the session ID */
393     if (!CRYPTO_THREAD_read_lock(SSL_CONNECTION_GET_SSL(s)->lock))
394         return 0;
395     if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) {
396         CRYPTO_THREAD_unlock(ssl->lock);
397         SSLfatal(s, SSL_AD_INTERNAL_ERROR,
398                  SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
399         return 0;
400     }
401     if (s->generate_session_id)
402         cb = s->generate_session_id;
403     else if (s->session_ctx->generate_session_id)
404         cb = s->session_ctx->generate_session_id;
405     CRYPTO_THREAD_unlock(s->session_ctx->lock);
406     CRYPTO_THREAD_unlock(ssl->lock);
407     /* Choose a session ID */
408     memset(ss->session_id, 0, ss->session_id_length);
409     tmp = (int)ss->session_id_length;
410     if (!cb(ssl, ss->session_id, &tmp)) {
411         /* The callback failed */
412         SSLfatal(s, SSL_AD_INTERNAL_ERROR,
413                  SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
414         return 0;
415     }
416     /*
417      * Don't allow the callback to set the session length to zero. nor
418      * set it higher than it was.
419      */
420     if (tmp == 0 || tmp > ss->session_id_length) {
421         /* The callback set an illegal length */
422         SSLfatal(s, SSL_AD_INTERNAL_ERROR,
423                  SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
424         return 0;
425     }
426     ss->session_id_length = tmp;
427     /* Finally, check for a conflict */
428     if (SSL_has_matching_session_id(ssl, ss->session_id,
429                                     (unsigned int)ss->session_id_length)) {
430         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT);
431         return 0;
432     }
433 
434     return 1;
435 }
436 
ssl_get_new_session(SSL_CONNECTION * s,int session)437 int ssl_get_new_session(SSL_CONNECTION *s, int session)
438 {
439     /* This gets used by clients and servers. */
440 
441     SSL_SESSION *ss = NULL;
442 
443     if ((ss = SSL_SESSION_new()) == NULL) {
444         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB);
445         return 0;
446     }
447 
448     /* If the context has a default timeout, use it */
449     if (ossl_time_is_zero(s->session_ctx->session_timeout))
450         ss->timeout = SSL_CONNECTION_GET_SSL(s)->method->get_timeout();
451     else
452         ss->timeout = s->session_ctx->session_timeout;
453     ssl_session_calculate_timeout(ss);
454 
455     SSL_SESSION_free(s->session);
456     s->session = NULL;
457 
458     if (session) {
459         if (SSL_CONNECTION_IS_TLS13(s)) {
460             /*
461              * We generate the session id while constructing the
462              * NewSessionTicket in TLSv1.3.
463              */
464             ss->session_id_length = 0;
465         } else if (!ssl_generate_session_id(s, ss)) {
466             /* SSLfatal() already called */
467             SSL_SESSION_free(ss);
468             return 0;
469         }
470 
471     } else {
472         ss->session_id_length = 0;
473     }
474 
475     if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
476         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
477         SSL_SESSION_free(ss);
478         return 0;
479     }
480     memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
481     ss->sid_ctx_length = s->sid_ctx_length;
482     s->session = ss;
483     ss->ssl_version = s->version;
484     ss->verify_result = X509_V_OK;
485 
486     /* If client supports extended master secret set it in session */
487     if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)
488         ss->flags |= SSL_SESS_FLAG_EXTMS;
489 
490     return 1;
491 }
492 
lookup_sess_in_cache(SSL_CONNECTION * s,const unsigned char * sess_id,size_t sess_id_len)493 SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
494                                   const unsigned char *sess_id,
495                                   size_t sess_id_len)
496 {
497     SSL_SESSION *ret = NULL;
498 
499     if ((s->session_ctx->session_cache_mode
500          & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) {
501         SSL_SESSION data;
502 
503         data.ssl_version = s->version;
504         if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH))
505             return NULL;
506 
507         memcpy(data.session_id, sess_id, sess_id_len);
508         data.session_id_length = sess_id_len;
509 
510         if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock))
511             return NULL;
512         ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
513         if (ret != NULL) {
514             /* don't allow other threads to steal it: */
515             SSL_SESSION_up_ref(ret);
516         }
517         CRYPTO_THREAD_unlock(s->session_ctx->lock);
518         if (ret == NULL)
519             ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_miss);
520     }
521 
522     if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
523         int copy = 1;
524 
525         ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_USER_SSL(s),
526                                              sess_id, sess_id_len, &copy);
527 
528         if (ret != NULL) {
529             if (ret->not_resumable) {
530                 /* If its not resumable then ignore this session */
531                 if (!copy)
532                     SSL_SESSION_free(ret);
533                 return NULL;
534             }
535             ssl_tsan_counter(s->session_ctx,
536                              &s->session_ctx->stats.sess_cb_hit);
537 
538             /*
539              * Increment reference count now if the session callback asks us
540              * to do so (note that if the session structures returned by the
541              * callback are shared between threads, it must handle the
542              * reference count itself [i.e. copy == 0], or things won't be
543              * thread-safe).
544              */
545             if (copy)
546                 SSL_SESSION_up_ref(ret);
547 
548             /*
549              * Add the externally cached session to the internal cache as
550              * well if and only if we are supposed to.
551              */
552             if ((s->session_ctx->session_cache_mode &
553                  SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) {
554                 /*
555                  * Either return value of SSL_CTX_add_session should not
556                  * interrupt the session resumption process. The return
557                  * value is intentionally ignored.
558                  */
559                 (void)SSL_CTX_add_session(s->session_ctx, ret);
560             }
561         }
562     }
563 
564     return ret;
565 }
566 
567 /*-
568  * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
569  * connection. It is only called by servers.
570  *
571  *   hello: The parsed ClientHello data
572  *
573  * Returns:
574  *   -1: fatal error
575  *    0: no session found
576  *    1: a session may have been found.
577  *
578  * Side effects:
579  *   - If a session is found then s->session is pointed at it (after freeing an
580  *     existing session if need be) and s->verify_result is set from the session.
581  *   - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
582  *     if the server should issue a new session ticket (to 0 otherwise).
583  */
ssl_get_prev_session(SSL_CONNECTION * s,CLIENTHELLO_MSG * hello)584 int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello)
585 {
586     /* This is used only by servers. */
587 
588     SSL_SESSION *ret = NULL;
589     int fatal = 0;
590     int try_session_cache = 0;
591     SSL_TICKET_STATUS r;
592 
593     if (SSL_CONNECTION_IS_TLS13(s)) {
594         /*
595          * By default we will send a new ticket. This can be overridden in the
596          * ticket processing.
597          */
598         s->ext.ticket_expected = 1;
599         if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
600                                  SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
601                                  NULL, 0)
602                 || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO,
603                                         hello->pre_proc_exts, NULL, 0))
604             return -1;
605 
606         ret = s->session;
607     } else {
608         /* sets s->ext.ticket_expected */
609         r = tls_get_ticket_from_client(s, hello, &ret);
610         switch (r) {
611         case SSL_TICKET_FATAL_ERR_MALLOC:
612         case SSL_TICKET_FATAL_ERR_OTHER:
613             fatal = 1;
614             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
615             goto err;
616         case SSL_TICKET_NONE:
617         case SSL_TICKET_EMPTY:
618             if (hello->session_id_len > 0) {
619                 try_session_cache = 1;
620                 ret = lookup_sess_in_cache(s, hello->session_id,
621                                            hello->session_id_len);
622             }
623             break;
624         case SSL_TICKET_NO_DECRYPT:
625         case SSL_TICKET_SUCCESS:
626         case SSL_TICKET_SUCCESS_RENEW:
627             break;
628         }
629     }
630 
631     if (ret == NULL)
632         goto err;
633 
634     /* Now ret is non-NULL and we own one of its reference counts. */
635 
636     /* Check TLS version consistency */
637     if (ret->ssl_version != s->version)
638         goto err;
639 
640     if (ret->sid_ctx_length != s->sid_ctx_length
641         || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
642         /*
643          * We have the session requested by the client, but we don't want to
644          * use it in this context.
645          */
646         goto err;               /* treat like cache miss */
647     }
648 
649     if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
650         /*
651          * We can't be sure if this session is being used out of context,
652          * which is especially important for SSL_VERIFY_PEER. The application
653          * should have used SSL[_CTX]_set_session_id_context. For this error
654          * case, we generate an error instead of treating the event like a
655          * cache miss (otherwise it would be easy for applications to
656          * effectively disable the session cache by accident without anyone
657          * noticing).
658          */
659 
660         SSLfatal(s, SSL_AD_INTERNAL_ERROR,
661                  SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
662         fatal = 1;
663         goto err;
664     }
665 
666     if (sess_timedout(ossl_time_now(), ret)) {
667         ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_timeout);
668         if (try_session_cache) {
669             /* session was from the cache, so remove it */
670             SSL_CTX_remove_session(s->session_ctx, ret);
671         }
672         goto err;
673     }
674 
675     /* Check extended master secret extension consistency */
676     if (ret->flags & SSL_SESS_FLAG_EXTMS) {
677         /* If old session includes extms, but new does not: abort handshake */
678         if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
679             SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS);
680             fatal = 1;
681             goto err;
682         }
683     } else if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
684         /* If new session includes extms, but old does not: do not resume */
685         goto err;
686     }
687 
688     if (!SSL_CONNECTION_IS_TLS13(s)) {
689         /* We already did this for TLS1.3 */
690         SSL_SESSION_free(s->session);
691         s->session = ret;
692     }
693 
694     ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_hit);
695     s->verify_result = s->session->verify_result;
696     return 1;
697 
698  err:
699     if (ret != NULL) {
700         SSL_SESSION_free(ret);
701         /* In TLSv1.3 s->session was already set to ret, so we NULL it out */
702         if (SSL_CONNECTION_IS_TLS13(s))
703             s->session = NULL;
704 
705         if (!try_session_cache) {
706             /*
707              * The session was from a ticket, so we should issue a ticket for
708              * the new session
709              */
710             s->ext.ticket_expected = 1;
711         }
712     }
713     if (fatal)
714         return -1;
715 
716     return 0;
717 }
718 
SSL_CTX_add_session(SSL_CTX * ctx,SSL_SESSION * c)719 int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
720 {
721     int ret = 0;
722     SSL_SESSION *s;
723 
724     /*
725      * add just 1 reference count for the SSL_CTX's session cache even though
726      * it has two ways of access: each session is in a doubly linked list and
727      * an lhash
728      */
729     SSL_SESSION_up_ref(c);
730     /*
731      * if session c is in already in cache, we take back the increment later
732      */
733 
734     if (!CRYPTO_THREAD_write_lock(ctx->lock)) {
735         SSL_SESSION_free(c);
736         return 0;
737     }
738     s = lh_SSL_SESSION_insert(ctx->sessions, c);
739 
740     /*
741      * s != NULL iff we already had a session with the given PID. In this
742      * case, s == c should hold (then we did not really modify
743      * ctx->sessions), or we're in trouble.
744      */
745     if (s != NULL && s != c) {
746         /* We *are* in trouble ... */
747         SSL_SESSION_list_remove(ctx, s);
748         SSL_SESSION_free(s);
749         /*
750          * ... so pretend the other session did not exist in cache (we cannot
751          * handle two SSL_SESSION structures with identical session ID in the
752          * same cache, which could happen e.g. when two threads concurrently
753          * obtain the same session from an external cache)
754          */
755         s = NULL;
756     } else if (s == NULL &&
757                lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
758         /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
759 
760         /*
761          * ... so take back the extra reference and also don't add
762          * the session to the SSL_SESSION_list at this time
763          */
764         s = c;
765     }
766 
767     /* Adjust last used time, and add back into the cache at the appropriate spot */
768     if (ctx->session_cache_mode & SSL_SESS_CACHE_UPDATE_TIME) {
769         c->time = ossl_time_now();
770         ssl_session_calculate_timeout(c);
771     }
772 
773     if (s == NULL) {
774         /*
775          * new cache entry -- remove old ones if cache has become too large
776          * delete cache entry *before* add, so we don't remove the one we're adding!
777          */
778 
779         ret = 1;
780 
781         if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
782             while (SSL_CTX_sess_number(ctx) >= SSL_CTX_sess_get_cache_size(ctx)) {
783                 if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
784                     break;
785                 else
786                     ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full);
787             }
788         }
789     }
790 
791     SSL_SESSION_list_add(ctx, c);
792 
793     if (s != NULL) {
794         /*
795          * existing cache entry -- decrement previously incremented reference
796          * count because it already takes into account the cache
797          */
798 
799         SSL_SESSION_free(s);    /* s == c */
800         ret = 0;
801     }
802     CRYPTO_THREAD_unlock(ctx->lock);
803     return ret;
804 }
805 
SSL_CTX_remove_session(SSL_CTX * ctx,SSL_SESSION * c)806 int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
807 {
808     return remove_session_lock(ctx, c, 1);
809 }
810 
remove_session_lock(SSL_CTX * ctx,SSL_SESSION * c,int lck)811 static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
812 {
813     SSL_SESSION *r;
814     int ret = 0;
815 
816     if ((c != NULL) && (c->session_id_length != 0)) {
817         if (lck) {
818             if (!CRYPTO_THREAD_write_lock(ctx->lock))
819                 return 0;
820         }
821         if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
822             ret = 1;
823             r = lh_SSL_SESSION_delete(ctx->sessions, r);
824             SSL_SESSION_list_remove(ctx, r);
825         }
826         c->not_resumable = 1;
827 
828         if (lck)
829             CRYPTO_THREAD_unlock(ctx->lock);
830 
831         if (ctx->remove_session_cb != NULL)
832             ctx->remove_session_cb(ctx, c);
833 
834         if (ret)
835             SSL_SESSION_free(r);
836     }
837     return ret;
838 }
839 
SSL_SESSION_free(SSL_SESSION * ss)840 void SSL_SESSION_free(SSL_SESSION *ss)
841 {
842     int i;
843 
844     if (ss == NULL)
845         return;
846     CRYPTO_DOWN_REF(&ss->references, &i);
847     REF_PRINT_COUNT("SSL_SESSION", ss);
848     if (i > 0)
849         return;
850     REF_ASSERT_ISNT(i < 0);
851 
852     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
853 
854     OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
855     OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
856     X509_free(ss->peer);
857     EVP_PKEY_free(ss->peer_rpk);
858     OSSL_STACK_OF_X509_free(ss->peer_chain);
859     OPENSSL_free(ss->ext.hostname);
860     OPENSSL_free(ss->ext.tick);
861 #ifndef OPENSSL_NO_PSK
862     OPENSSL_free(ss->psk_identity_hint);
863     OPENSSL_free(ss->psk_identity);
864 #endif
865 #ifndef OPENSSL_NO_SRP
866     OPENSSL_free(ss->srp_username);
867 #endif
868     OPENSSL_free(ss->ext.alpn_selected);
869     OPENSSL_free(ss->ticket_appdata);
870     CRYPTO_FREE_REF(&ss->references);
871     OPENSSL_clear_free(ss, sizeof(*ss));
872 }
873 
SSL_SESSION_up_ref(SSL_SESSION * ss)874 int SSL_SESSION_up_ref(SSL_SESSION *ss)
875 {
876     int i;
877 
878     if (CRYPTO_UP_REF(&ss->references, &i) <= 0)
879         return 0;
880 
881     REF_PRINT_COUNT("SSL_SESSION", ss);
882     REF_ASSERT_ISNT(i < 2);
883     return ((i > 1) ? 1 : 0);
884 }
885 
SSL_set_session(SSL * s,SSL_SESSION * session)886 int SSL_set_session(SSL *s, SSL_SESSION *session)
887 {
888     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
889 
890     if (sc == NULL)
891         return 0;
892 
893     ssl_clear_bad_session(sc);
894     if (s->defltmeth != s->method) {
895         if (!SSL_set_ssl_method(s, s->defltmeth))
896             return 0;
897     }
898 
899     if (session != NULL) {
900         SSL_SESSION_up_ref(session);
901         sc->verify_result = session->verify_result;
902     }
903     SSL_SESSION_free(sc->session);
904     sc->session = session;
905 
906     return 1;
907 }
908 
SSL_SESSION_set1_id(SSL_SESSION * s,const unsigned char * sid,unsigned int sid_len)909 int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
910                         unsigned int sid_len)
911 {
912     if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
913       ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG);
914       return 0;
915     }
916     s->session_id_length = sid_len;
917     if (sid != s->session_id && sid_len > 0)
918         memcpy(s->session_id, sid, sid_len);
919 
920     return 1;
921 }
922 
SSL_SESSION_set_timeout(SSL_SESSION * s,long t)923 long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
924 {
925     OSSL_TIME new_timeout = ossl_seconds2time(t);
926 
927     if (s == NULL || t < 0)
928         return 0;
929     if (s->owner != NULL) {
930         if (!CRYPTO_THREAD_write_lock(s->owner->lock))
931             return 0;
932         s->timeout = new_timeout;
933         ssl_session_calculate_timeout(s);
934         SSL_SESSION_list_add(s->owner, s);
935         CRYPTO_THREAD_unlock(s->owner->lock);
936     } else {
937         s->timeout = new_timeout;
938         ssl_session_calculate_timeout(s);
939     }
940     return 1;
941 }
942 
SSL_SESSION_get_timeout(const SSL_SESSION * s)943 long SSL_SESSION_get_timeout(const SSL_SESSION *s)
944 {
945     if (s == NULL)
946         return 0;
947     return (long)ossl_time_to_time_t(s->timeout);
948 }
949 
950 #ifndef OPENSSL_NO_DEPRECATED_3_4
SSL_SESSION_get_time(const SSL_SESSION * s)951 long SSL_SESSION_get_time(const SSL_SESSION *s)
952 {
953     return (long) SSL_SESSION_get_time_ex(s);
954 }
955 #endif
956 
SSL_SESSION_get_time_ex(const SSL_SESSION * s)957 time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s)
958 {
959     if (s == NULL)
960         return 0;
961     return ossl_time_to_time_t(s->time);
962 }
963 
SSL_SESSION_set_time_ex(SSL_SESSION * s,time_t t)964 time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t t)
965 {
966     OSSL_TIME new_time = ossl_time_from_time_t(t);
967 
968     if (s == NULL)
969         return 0;
970     if (s->owner != NULL) {
971         if (!CRYPTO_THREAD_write_lock(s->owner->lock))
972             return 0;
973         s->time = new_time;
974         ssl_session_calculate_timeout(s);
975         SSL_SESSION_list_add(s->owner, s);
976         CRYPTO_THREAD_unlock(s->owner->lock);
977     } else {
978         s->time = new_time;
979         ssl_session_calculate_timeout(s);
980     }
981     return t;
982 }
983 
984 #ifndef OPENSSL_NO_DEPRECATED_3_4
SSL_SESSION_set_time(SSL_SESSION * s,long t)985 long SSL_SESSION_set_time(SSL_SESSION *s, long t)
986 {
987     return (long) SSL_SESSION_set_time_ex(s, (time_t) t);
988 }
989 #endif
990 
SSL_SESSION_get_protocol_version(const SSL_SESSION * s)991 int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
992 {
993     return s->ssl_version;
994 }
995 
SSL_SESSION_set_protocol_version(SSL_SESSION * s,int version)996 int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
997 {
998     s->ssl_version = version;
999     return 1;
1000 }
1001 
SSL_SESSION_get0_cipher(const SSL_SESSION * s)1002 const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
1003 {
1004     return s->cipher;
1005 }
1006 
SSL_SESSION_set_cipher(SSL_SESSION * s,const SSL_CIPHER * cipher)1007 int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher)
1008 {
1009     s->cipher = cipher;
1010     return 1;
1011 }
1012 
SSL_SESSION_get0_hostname(const SSL_SESSION * s)1013 const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
1014 {
1015     return s->ext.hostname;
1016 }
1017 
SSL_SESSION_set1_hostname(SSL_SESSION * s,const char * hostname)1018 int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
1019 {
1020     OPENSSL_free(s->ext.hostname);
1021     if (hostname == NULL) {
1022         s->ext.hostname = NULL;
1023         return 1;
1024     }
1025     s->ext.hostname = OPENSSL_strdup(hostname);
1026 
1027     return s->ext.hostname != NULL;
1028 }
1029 
SSL_SESSION_has_ticket(const SSL_SESSION * s)1030 int SSL_SESSION_has_ticket(const SSL_SESSION *s)
1031 {
1032     return (s->ext.ticklen > 0) ? 1 : 0;
1033 }
1034 
SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION * s)1035 unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
1036 {
1037     return s->ext.tick_lifetime_hint;
1038 }
1039 
SSL_SESSION_get0_ticket(const SSL_SESSION * s,const unsigned char ** tick,size_t * len)1040 void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
1041                              size_t *len)
1042 {
1043     *len = s->ext.ticklen;
1044     if (tick != NULL)
1045         *tick = s->ext.tick;
1046 }
1047 
SSL_SESSION_get_max_early_data(const SSL_SESSION * s)1048 uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
1049 {
1050     return s->ext.max_early_data;
1051 }
1052 
SSL_SESSION_set_max_early_data(SSL_SESSION * s,uint32_t max_early_data)1053 int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
1054 {
1055     s->ext.max_early_data = max_early_data;
1056 
1057     return 1;
1058 }
1059 
SSL_SESSION_get0_alpn_selected(const SSL_SESSION * s,const unsigned char ** alpn,size_t * len)1060 void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
1061                                     const unsigned char **alpn,
1062                                     size_t *len)
1063 {
1064     *alpn = s->ext.alpn_selected;
1065     *len = s->ext.alpn_selected_len;
1066 }
1067 
SSL_SESSION_set1_alpn_selected(SSL_SESSION * s,const unsigned char * alpn,size_t len)1068 int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
1069                                    size_t len)
1070 {
1071     OPENSSL_free(s->ext.alpn_selected);
1072     if (alpn == NULL || len == 0) {
1073         s->ext.alpn_selected = NULL;
1074         s->ext.alpn_selected_len = 0;
1075         return 1;
1076     }
1077     s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
1078     if (s->ext.alpn_selected == NULL) {
1079         s->ext.alpn_selected_len = 0;
1080         return 0;
1081     }
1082     s->ext.alpn_selected_len = len;
1083 
1084     return 1;
1085 }
1086 
SSL_SESSION_get0_peer(SSL_SESSION * s)1087 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
1088 {
1089     return s->peer;
1090 }
1091 
SSL_SESSION_get0_peer_rpk(SSL_SESSION * s)1092 EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s)
1093 {
1094     return s->peer_rpk;
1095 }
1096 
SSL_SESSION_set1_id_context(SSL_SESSION * s,const unsigned char * sid_ctx,unsigned int sid_ctx_len)1097 int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
1098                                 unsigned int sid_ctx_len)
1099 {
1100     if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
1101         ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
1102         return 0;
1103     }
1104     s->sid_ctx_length = sid_ctx_len;
1105     if (sid_ctx != s->sid_ctx)
1106         memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
1107 
1108     return 1;
1109 }
1110 
SSL_SESSION_is_resumable(const SSL_SESSION * s)1111 int SSL_SESSION_is_resumable(const SSL_SESSION *s)
1112 {
1113     /*
1114      * In the case of EAP-FAST, we can have a pre-shared "ticket" without a
1115      * session ID.
1116      */
1117     return !s->not_resumable
1118            && (s->session_id_length > 0 || s->ext.ticklen > 0);
1119 }
1120 
SSL_CTX_set_timeout(SSL_CTX * s,long t)1121 long SSL_CTX_set_timeout(SSL_CTX *s, long t)
1122 {
1123     long l;
1124 
1125     if (s == NULL)
1126         return 0;
1127     l = (long)ossl_time2seconds(s->session_timeout);
1128     s->session_timeout = ossl_seconds2time(t);
1129     return l;
1130 }
1131 
SSL_CTX_get_timeout(const SSL_CTX * s)1132 long SSL_CTX_get_timeout(const SSL_CTX *s)
1133 {
1134     if (s == NULL)
1135         return 0;
1136     return (long)ossl_time2seconds(s->session_timeout);
1137 }
1138 
SSL_set_session_secret_cb(SSL * s,tls_session_secret_cb_fn tls_session_secret_cb,void * arg)1139 int SSL_set_session_secret_cb(SSL *s,
1140                               tls_session_secret_cb_fn tls_session_secret_cb,
1141                               void *arg)
1142 {
1143     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1144 
1145     if (sc == NULL)
1146         return 0;
1147 
1148     sc->ext.session_secret_cb = tls_session_secret_cb;
1149     sc->ext.session_secret_cb_arg = arg;
1150     return 1;
1151 }
1152 
SSL_set_session_ticket_ext_cb(SSL * s,tls_session_ticket_ext_cb_fn cb,void * arg)1153 int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
1154                                   void *arg)
1155 {
1156     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1157 
1158     if (sc == NULL)
1159         return 0;
1160 
1161     sc->ext.session_ticket_cb = cb;
1162     sc->ext.session_ticket_cb_arg = arg;
1163     return 1;
1164 }
1165 
SSL_set_session_ticket_ext(SSL * s,void * ext_data,int ext_len)1166 int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
1167 {
1168     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1169 
1170     if (sc == NULL)
1171         return 0;
1172 
1173     if (sc->version >= TLS1_VERSION) {
1174         OPENSSL_free(sc->ext.session_ticket);
1175         sc->ext.session_ticket = NULL;
1176         sc->ext.session_ticket =
1177             OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
1178         if (sc->ext.session_ticket == NULL)
1179             return 0;
1180 
1181         if (ext_data != NULL) {
1182             sc->ext.session_ticket->length = ext_len;
1183             sc->ext.session_ticket->data = sc->ext.session_ticket + 1;
1184             memcpy(sc->ext.session_ticket->data, ext_data, ext_len);
1185         } else {
1186             sc->ext.session_ticket->length = 0;
1187             sc->ext.session_ticket->data = NULL;
1188         }
1189 
1190         return 1;
1191     }
1192 
1193     return 0;
1194 }
1195 
1196 #ifndef OPENSSL_NO_DEPRECATED_3_4
SSL_CTX_flush_sessions(SSL_CTX * s,long t)1197 void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
1198 {
1199     SSL_CTX_flush_sessions_ex(s, (time_t) t);
1200 }
1201 #endif
1202 
SSL_CTX_flush_sessions_ex(SSL_CTX * s,time_t t)1203 void SSL_CTX_flush_sessions_ex(SSL_CTX *s, time_t t)
1204 {
1205     STACK_OF(SSL_SESSION) *sk;
1206     SSL_SESSION *current;
1207     unsigned long i;
1208     const OSSL_TIME timeout = ossl_time_from_time_t(t);
1209 
1210     if (!CRYPTO_THREAD_write_lock(s->lock))
1211         return;
1212 
1213     sk = sk_SSL_SESSION_new_null();
1214     i = lh_SSL_SESSION_get_down_load(s->sessions);
1215     lh_SSL_SESSION_set_down_load(s->sessions, 0);
1216 
1217     /*
1218      * Iterate over the list from the back (oldest), and stop
1219      * when a session can no longer be removed.
1220      * Add the session to a temporary list to be freed outside
1221      * the SSL_CTX lock.
1222      * But still do the remove_session_cb() within the lock.
1223      */
1224     while (s->session_cache_tail != NULL) {
1225         current = s->session_cache_tail;
1226         if (t == 0 || sess_timedout(timeout, current)) {
1227             lh_SSL_SESSION_delete(s->sessions, current);
1228             SSL_SESSION_list_remove(s, current);
1229             current->not_resumable = 1;
1230             if (s->remove_session_cb != NULL)
1231                 s->remove_session_cb(s, current);
1232             /*
1233              * Throw the session on a stack, it's entirely plausible
1234              * that while freeing outside the critical section, the
1235              * session could be re-added, so avoid using the next/prev
1236              * pointers. If the stack failed to create, or the session
1237              * couldn't be put on the stack, just free it here
1238              */
1239             if (sk == NULL || !sk_SSL_SESSION_push(sk, current))
1240                 SSL_SESSION_free(current);
1241         } else {
1242             break;
1243         }
1244     }
1245 
1246     lh_SSL_SESSION_set_down_load(s->sessions, i);
1247     CRYPTO_THREAD_unlock(s->lock);
1248 
1249     sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free);
1250 }
1251 
ssl_clear_bad_session(SSL_CONNECTION * s)1252 int ssl_clear_bad_session(SSL_CONNECTION *s)
1253 {
1254     if ((s->session != NULL) &&
1255         !(s->shutdown & SSL_SENT_SHUTDOWN) &&
1256         !(SSL_in_init(SSL_CONNECTION_GET_SSL(s))
1257           || SSL_in_before(SSL_CONNECTION_GET_SSL(s)))) {
1258         SSL_CTX_remove_session(s->session_ctx, s->session);
1259         return 1;
1260     } else
1261         return 0;
1262 }
1263 
1264 /* locked by SSL_CTX in the calling function */
SSL_SESSION_list_remove(SSL_CTX * ctx,SSL_SESSION * s)1265 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
1266 {
1267     if ((s->next == NULL) || (s->prev == NULL))
1268         return;
1269 
1270     if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
1271         /* last element in list */
1272         if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1273             /* only one element in list */
1274             ctx->session_cache_head = NULL;
1275             ctx->session_cache_tail = NULL;
1276         } else {
1277             ctx->session_cache_tail = s->prev;
1278             s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1279         }
1280     } else {
1281         if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1282             /* first element in list */
1283             ctx->session_cache_head = s->next;
1284             s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1285         } else {
1286             /* middle of list */
1287             s->next->prev = s->prev;
1288             s->prev->next = s->next;
1289         }
1290     }
1291     s->prev = s->next = NULL;
1292     s->owner = NULL;
1293 }
1294 
SSL_SESSION_list_add(SSL_CTX * ctx,SSL_SESSION * s)1295 static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
1296 {
1297     SSL_SESSION *next;
1298 
1299     if ((s->next != NULL) && (s->prev != NULL))
1300         SSL_SESSION_list_remove(ctx, s);
1301 
1302     if (ctx->session_cache_head == NULL) {
1303         ctx->session_cache_head = s;
1304         ctx->session_cache_tail = s;
1305         s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1306         s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1307     } else {
1308         if (timeoutcmp(s, ctx->session_cache_head) >= 0) {
1309             /*
1310              * if we timeout after (or the same time as) the first
1311              * session, put us first - usual case
1312              */
1313             s->next = ctx->session_cache_head;
1314             s->next->prev = s;
1315             s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1316             ctx->session_cache_head = s;
1317         } else if (timeoutcmp(s, ctx->session_cache_tail) < 0) {
1318             /* if we timeout before the last session, put us last */
1319             s->prev = ctx->session_cache_tail;
1320             s->prev->next = s;
1321             s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1322             ctx->session_cache_tail = s;
1323         } else {
1324             /*
1325              * we timeout somewhere in-between - if there is only
1326              * one session in the cache it will be caught above
1327              */
1328             next = ctx->session_cache_head->next;
1329             while (next != (SSL_SESSION*)&(ctx->session_cache_tail)) {
1330                 if (timeoutcmp(s, next) >= 0) {
1331                     s->next = next;
1332                     s->prev = next->prev;
1333                     next->prev->next = s;
1334                     next->prev = s;
1335                     break;
1336                 }
1337                 next = next->next;
1338             }
1339         }
1340     }
1341     s->owner = ctx;
1342 }
1343 
SSL_CTX_sess_set_new_cb(SSL_CTX * ctx,int (* cb)(struct ssl_st * ssl,SSL_SESSION * sess))1344 void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1345                              int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
1346 {
1347     ctx->new_session_cb = cb;
1348 }
1349 
SSL_CTX_sess_get_new_cb(SSL_CTX * ctx)1350 int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
1351     return ctx->new_session_cb;
1352 }
1353 
SSL_CTX_sess_set_remove_cb(SSL_CTX * ctx,void (* cb)(SSL_CTX * ctx,SSL_SESSION * sess))1354 void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1355                                 void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
1356 {
1357     ctx->remove_session_cb = cb;
1358 }
1359 
SSL_CTX_sess_get_remove_cb(SSL_CTX * ctx)1360 void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
1361                                                   SSL_SESSION *sess) {
1362     return ctx->remove_session_cb;
1363 }
1364 
SSL_CTX_sess_set_get_cb(SSL_CTX * ctx,SSL_SESSION * (* cb)(SSL * ssl,const unsigned char * data,int len,int * copy))1365 void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
1366                              SSL_SESSION *(*cb) (SSL *ssl,
1367                                                  const unsigned char *data,
1368                                                  int len, int *copy))
1369 {
1370     ctx->get_session_cb = cb;
1371 }
1372 
SSL_CTX_sess_get_get_cb(SSL_CTX * ctx)1373 SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
1374                                                        const unsigned char
1375                                                        *data, int len,
1376                                                        int *copy) {
1377     return ctx->get_session_cb;
1378 }
1379 
SSL_CTX_set_info_callback(SSL_CTX * ctx,void (* cb)(const SSL * ssl,int type,int val))1380 void SSL_CTX_set_info_callback(SSL_CTX *ctx,
1381                                void (*cb) (const SSL *ssl, int type, int val))
1382 {
1383     ctx->info_callback = cb;
1384 }
1385 
SSL_CTX_get_info_callback(SSL_CTX * ctx)1386 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
1387                                                  int val) {
1388     return ctx->info_callback;
1389 }
1390 
SSL_CTX_set_client_cert_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,X509 ** x509,EVP_PKEY ** pkey))1391 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1392                                 int (*cb) (SSL *ssl, X509 **x509,
1393                                            EVP_PKEY **pkey))
1394 {
1395     ctx->client_cert_cb = cb;
1396 }
1397 
SSL_CTX_get_client_cert_cb(SSL_CTX * ctx)1398 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
1399                                                  EVP_PKEY **pkey) {
1400     return ctx->client_cert_cb;
1401 }
1402 
SSL_CTX_set_cookie_generate_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,unsigned char * cookie,unsigned int * cookie_len))1403 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1404                                     int (*cb) (SSL *ssl,
1405                                                unsigned char *cookie,
1406                                                unsigned int *cookie_len))
1407 {
1408     ctx->app_gen_cookie_cb = cb;
1409 }
1410 
SSL_CTX_set_cookie_verify_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,const unsigned char * cookie,unsigned int cookie_len))1411 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1412                                   int (*cb) (SSL *ssl,
1413                                              const unsigned char *cookie,
1414                                              unsigned int cookie_len))
1415 {
1416     ctx->app_verify_cookie_cb = cb;
1417 }
1418 
SSL_SESSION_set1_ticket_appdata(SSL_SESSION * ss,const void * data,size_t len)1419 int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len)
1420 {
1421     OPENSSL_free(ss->ticket_appdata);
1422     ss->ticket_appdata_len = 0;
1423     if (data == NULL || len == 0) {
1424         ss->ticket_appdata = NULL;
1425         return 1;
1426     }
1427     ss->ticket_appdata = OPENSSL_memdup(data, len);
1428     if (ss->ticket_appdata != NULL) {
1429         ss->ticket_appdata_len = len;
1430         return 1;
1431     }
1432     return 0;
1433 }
1434 
SSL_SESSION_get0_ticket_appdata(SSL_SESSION * ss,void ** data,size_t * len)1435 int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len)
1436 {
1437     *data = ss->ticket_appdata;
1438     *len = ss->ticket_appdata_len;
1439     return 1;
1440 }
1441 
SSL_CTX_set_stateless_cookie_generate_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,unsigned char * cookie,size_t * cookie_len))1442 void SSL_CTX_set_stateless_cookie_generate_cb(
1443     SSL_CTX *ctx,
1444     int (*cb) (SSL *ssl,
1445                unsigned char *cookie,
1446                size_t *cookie_len))
1447 {
1448     ctx->gen_stateless_cookie_cb = cb;
1449 }
1450 
SSL_CTX_set_stateless_cookie_verify_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,const unsigned char * cookie,size_t cookie_len))1451 void SSL_CTX_set_stateless_cookie_verify_cb(
1452     SSL_CTX *ctx,
1453     int (*cb) (SSL *ssl,
1454                const unsigned char *cookie,
1455                size_t cookie_len))
1456 {
1457     ctx->verify_stateless_cookie_cb = cb;
1458 }
1459 
1460 IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
1461