kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
3240 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Struktur: e63d9d7625
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „e63d9d7625“
${ noResults }
boringssl/ssl/ssl_session.c

980 Zeilen
32 KiB
Originalformat Blame Verlauf 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.]

  56.  */

  57. /* ====================================================================

  58.  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

  59.  *

  60.  * Redistribution and use in source and binary forms, with or without

  61.  * modification, are permitted provided that the following conditions

  62.  * are met:

  63.  *

  64.  * 1. Redistributions of source code must retain the above copyright

  65.  *    notice, this list of conditions and the following disclaimer.

  66.  *

  67.  * 2. Redistributions in binary form must reproduce the above copyright

  68.  *    notice, this list of conditions and the following disclaimer in

  69.  *    the documentation and/or other materials provided with the

  70.  *    distribution.

  71.  *

  72.  * 3. All advertising materials mentioning features or use of this

  73.  *    software must display the following acknowledgment:

  74.  *    "This product includes software developed by the OpenSSL Project

  75.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  76.  *

  77.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  78.  *    endorse or promote products derived from this software without

  79.  *    prior written permission. For written permission, please contact

  80.  *    openssl-core@openssl.org.

  81.  *

  82.  * 5. Products derived from this software may not be called "OpenSSL"

  83.  *    nor may "OpenSSL" appear in their names without prior written

  84.  *    permission of the OpenSSL Project.

  85.  *

  86.  * 6. Redistributions of any form whatsoever must retain the following

  87.  *    acknowledgment:

  88.  *    "This product includes software developed by the OpenSSL Project

  89.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  90.  *

  91.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  92.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  93.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  94.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  95.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  96.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  97.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  98.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  99.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  100.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  101.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  102.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  103.  * ====================================================================

  104.  *

  105.  * This product includes cryptographic software written by Eric Young

  106.  * (eay@cryptsoft.com).  This product includes software written by Tim

  107.  * Hudson (tjh@cryptsoft.com).

  108.  *

  109.  */

  110. /* ====================================================================

  111.  * Copyright 2005 Nokia. All rights reserved.

  112.  *

  113.  * The portions of the attached software ("Contribution") is developed by

  114.  * Nokia Corporation and is licensed pursuant to the OpenSSL open source

  115.  * license.

  116.  *

  117.  * The Contribution, originally written by Mika Kousa and Pasi Eronen of

  118.  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites

  119.  * support (see RFC 4279) to OpenSSL.

  120.  *

  121.  * No patent licenses or other rights except those expressly stated in

  122.  * the OpenSSL open source license shall be deemed granted or received

  123.  * expressly, by implication, estoppel, or otherwise.

  124.  *

  125.  * No assurances are provided by Nokia that the Contribution does not

  126.  * infringe the patent or other intellectual property rights of any third

  127.  * party or that the license provides you with all the necessary rights

  128.  * to make use of the Contribution.

  129.  *

  130.  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN

  131.  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA

  132.  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY

  133.  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR

  134.  * OTHERWISE. */

  135. 

  136. #include <openssl/ssl.h>

  137. 

  138. #include <assert.h>

  139. #include <stdlib.h>

  140. #include <string.h>

  141. 

  142. #include <openssl/err.h>

  143. #include <openssl/lhash.h>

  144. #include <openssl/mem.h>

  145. #include <openssl/rand.h>

  146. 

  147. #include "internal.h"

  148. #include "../crypto/internal.h"

  149. 

  150. 

  151. /* The address of this is a magic value, a pointer to which is returned by

  152.  * SSL_magic_pending_session_ptr(). It allows a session callback to indicate

  153.  * that it needs to asynchronously fetch session information. */

  154. static const char g_pending_session_magic = 0;

  155. 

  156. static CRYPTO_EX_DATA_CLASS g_ex_data_class =

  157.     CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;

  158. 

  159. static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *session);

  160. static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *session);

  161. static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *session, int lock);

  162. 

  163. SSL_SESSION *SSL_SESSION_new(void) {

  164.   SSL_SESSION *session = OPENSSL_malloc(sizeof(SSL_SESSION));

  165.   if (session == NULL) {

  166.     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  167.     return 0;

  168.   }

  169.   memset(session, 0, sizeof(SSL_SESSION));

  170. 

  171.   session->verify_result = X509_V_ERR_INVALID_CALL;

  172.   session->references = 1;

  173.   session->timeout = SSL_DEFAULT_SESSION_TIMEOUT;

  174.   session->time = (long)time(NULL);

  175.   CRYPTO_new_ex_data(&session->ex_data);

  176.   return session;

  177. }

  178. 

  179. SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {

  180.   SSL_SESSION *new_session = SSL_SESSION_new();

  181.   if (new_session == NULL) {

  182.     goto err;

  183.   }

  184. 

  185.   new_session->ssl_version = session->ssl_version;

  186.   new_session->sid_ctx_length = session->sid_ctx_length;

  187.   memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length);

  188. 

  189.   /* Copy the key material. */

  190.   new_session->master_key_length = session->master_key_length;

  191.   memcpy(new_session->master_key, session->master_key,

  192.          session->master_key_length);

  193.   new_session->cipher = session->cipher;

  194. 

  195.   /* Copy authentication state. */

  196.   if (session->psk_identity != NULL) {

  197.     new_session->psk_identity = BUF_strdup(session->psk_identity);

  198.     if (new_session->psk_identity == NULL) {

  199.       goto err;

  200.     }

  201.   }

  202.   if (session->peer != NULL) {

  203.     X509_up_ref(session->peer);

  204.     new_session->peer = session->peer;

  205.   }

  206.   if (session->cert_chain != NULL) {

  207.     new_session->cert_chain = X509_chain_up_ref(session->cert_chain);

  208.     if (new_session->cert_chain == NULL) {

  209.       goto err;

  210.     }

  211.   }

  212.   new_session->verify_result = session->verify_result;

  213. 

  214.   new_session->ocsp_response_length = session->ocsp_response_length;

  215.   if (session->ocsp_response != NULL) {

  216.     new_session->ocsp_response = BUF_memdup(session->ocsp_response,

  217.                                             session->ocsp_response_length);

  218.     if (new_session->ocsp_response == NULL) {

  219.       goto err;

  220.     }

  221.   }

  222. 

  223.   new_session->tlsext_signed_cert_timestamp_list_length =

  224.       session->tlsext_signed_cert_timestamp_list_length;

  225.   if (session->tlsext_signed_cert_timestamp_list != NULL) {

  226.     new_session->tlsext_signed_cert_timestamp_list =

  227.         BUF_memdup(session->tlsext_signed_cert_timestamp_list,

  228.                    session->tlsext_signed_cert_timestamp_list_length);

  229.     if (new_session->tlsext_signed_cert_timestamp_list == NULL) {

  230.       goto err;

  231.     }

  232.   }

  233. 

  234.   memcpy(new_session->peer_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH);

  235.   new_session->peer_sha256_valid = session->peer_sha256_valid;

  236. 

  237.   /* Copy non-authentication connection properties. */

  238.   if (dup_flags & SSL_SESSION_INCLUDE_NONAUTH) {

  239.     new_session->session_id_length = session->session_id_length;

  240.     memcpy(new_session->session_id, session->session_id,

  241.            session->session_id_length);

  242. 

  243.     new_session->key_exchange_info = session->key_exchange_info;

  244.     new_session->timeout = session->timeout;

  245.     new_session->time = session->time;

  246. 

  247.     if (session->tlsext_hostname != NULL) {

  248.       new_session->tlsext_hostname = BUF_strdup(session->tlsext_hostname);

  249.       if (new_session->tlsext_hostname == NULL) {

  250.         goto err;

  251.       }

  252.     }

  253. 

  254.     memcpy(new_session->original_handshake_hash,

  255.            session->original_handshake_hash,

  256.            session->original_handshake_hash_len);

  257.     new_session->original_handshake_hash_len =

  258.         session->original_handshake_hash_len;

  259.     new_session->tlsext_tick_lifetime_hint = session->tlsext_tick_lifetime_hint;

  260.     new_session->ticket_flags = session->ticket_flags;

  261.     new_session->ticket_age_add = session->ticket_age_add;

  262.     new_session->extended_master_secret = session->extended_master_secret;

  263.   }

  264. 

  265.   /* Copy the ticket. */

  266.   if (dup_flags & SSL_SESSION_INCLUDE_TICKET) {

  267.     if (session->tlsext_tick != NULL) {

  268.       new_session->tlsext_tick =

  269.           BUF_memdup(session->tlsext_tick, session->tlsext_ticklen);

  270.       if (new_session->tlsext_tick == NULL) {

  271.         goto err;

  272.       }

  273.     }

  274.     new_session->tlsext_ticklen = session->tlsext_ticklen;

  275.   }

  276. 

  277.   /* The new_session does not get a copy of the ex_data. */

  278. 

  279.   new_session->not_resumable = 1;

  280.   return new_session;

  281. 

  282. err:

  283.   SSL_SESSION_free(new_session);

  284.   OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  285.   return 0;

  286. }

  287. 

  288. int SSL_SESSION_up_ref(SSL_SESSION *session) {

  289.   CRYPTO_refcount_inc(&session->references);

  290.   return 1;

  291. }

  292. 

  293. void SSL_SESSION_free(SSL_SESSION *session) {

  294.   if (session == NULL ||

  295.       !CRYPTO_refcount_dec_and_test_zero(&session->references)) {

  296.     return;

  297.   }

  298. 

  299.   CRYPTO_free_ex_data(&g_ex_data_class, session, &session->ex_data);

  300. 

  301.   OPENSSL_cleanse(session->master_key, sizeof(session->master_key));

  302.   OPENSSL_cleanse(session->session_id, sizeof(session->session_id));

  303.   X509_free(session->peer);

  304.   sk_X509_pop_free(session->cert_chain, X509_free);

  305.   OPENSSL_free(session->tlsext_hostname);

  306.   OPENSSL_free(session->tlsext_tick);

  307.   OPENSSL_free(session->tlsext_signed_cert_timestamp_list);

  308.   OPENSSL_free(session->ocsp_response);

  309.   OPENSSL_free(session->psk_identity);

  310.   OPENSSL_cleanse(session, sizeof(*session));

  311.   OPENSSL_free(session);

  312. }

  313. 

  314. const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *session,

  315.                                   unsigned *out_len) {

  316.   if (out_len != NULL) {

  317.     *out_len = session->session_id_length;

  318.   }

  319.   return session->session_id;

  320. }

  321. 

  322. long SSL_SESSION_get_timeout(const SSL_SESSION *session) {

  323.   return session->timeout;

  324. }

  325. 

  326. long SSL_SESSION_get_time(const SSL_SESSION *session) {

  327.   if (session == NULL) {

  328.     /* NULL should crash, but silently accept it here for compatibility. */

  329.     return 0;

  330.   }

  331.   return session->time;

  332. }

  333. 

  334. X509 *SSL_SESSION_get0_peer(const SSL_SESSION *session) {

  335.   return session->peer;

  336. }

  337. 

  338. size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, uint8_t *out,

  339.                                   size_t max_out) {

  340.   /* TODO(davidben): Fix master_key_length's type and remove these casts. */

  341.   if (max_out == 0) {

  342.     return (size_t)session->master_key_length;

  343.   }

  344.   if (max_out > (size_t)session->master_key_length) {

  345.     max_out = (size_t)session->master_key_length;

  346.   }

  347.   memcpy(out, session->master_key, max_out);

  348.   return max_out;

  349. }

  350. 

  351. long SSL_SESSION_set_time(SSL_SESSION *session, long time) {

  352.   if (session == NULL) {

  353.     return 0;

  354.   }

  355. 

  356.   session->time = time;

  357.   return time;

  358. }

  359. 

  360. long SSL_SESSION_set_timeout(SSL_SESSION *session, long timeout) {

  361.   if (session == NULL) {

  362.     return 0;

  363.   }

  364. 

  365.   session->timeout = timeout;

  366.   return 1;

  367. }

  368. 

  369. int SSL_SESSION_set1_id_context(SSL_SESSION *session, const uint8_t *sid_ctx,

  370.                                 unsigned sid_ctx_len) {

  371.   if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {

  372.     OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);

  373.     return 0;

  374.   }

  375. 

  376.   session->sid_ctx_length = sid_ctx_len;

  377.   memcpy(session->sid_ctx, sid_ctx, sid_ctx_len);

  378. 

  379.   return 1;

  380. }

  381. 

  382. SSL_SESSION *SSL_magic_pending_session_ptr(void) {

  383.   return (SSL_SESSION *)&g_pending_session_magic;

  384. }

  385. 

  386. SSL_SESSION *SSL_get_session(const SSL *ssl) {

  387.   /* Once the handshake completes we return the established session. Otherwise

  388.    * we return the intermediate session, either |session| (for resumption) or

  389.    * |new_session| if doing a full handshake. */

  390.   if (!SSL_in_init(ssl)) {

  391.     return ssl->s3->established_session;

  392.   }

  393.   if (ssl->s3->new_session != NULL) {

  394.     return ssl->s3->new_session;

  395.   }

  396.   return ssl->session;

  397. }

  398. 

  399. SSL_SESSION *SSL_get1_session(SSL *ssl) {

  400.   SSL_SESSION *ret = SSL_get_session(ssl);

  401.   if (ret != NULL) {

  402.     SSL_SESSION_up_ref(ret);

  403.   }

  404.   return ret;

  405. }

  406. 

  407. int SSL_SESSION_get_ex_new_index(long argl, void *argp,

  408.                                  CRYPTO_EX_unused *unused,

  409.                                  CRYPTO_EX_dup *dup_func,

  410.                                  CRYPTO_EX_free *free_func) {

  411.   int index;

  412.   if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, dup_func,

  413.                                free_func)) {

  414.     return -1;

  415.   }

  416.   return index;

  417. }

  418. 

  419. int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg) {

  420.   return CRYPTO_set_ex_data(&session->ex_data, idx, arg);

  421. }

  422. 

  423. void *SSL_SESSION_get_ex_data(const SSL_SESSION *session, int idx) {

  424.   return CRYPTO_get_ex_data(&session->ex_data, idx);

  425. }

  426. 

  427. int ssl_get_new_session(SSL *ssl, int is_server) {

  428.   if (ssl->mode & SSL_MODE_NO_SESSION_CREATION) {

  429.     OPENSSL_PUT_ERROR(SSL, SSL_R_SESSION_MAY_NOT_BE_CREATED);

  430.     return 0;

  431.   }

  432. 

  433.   SSL_SESSION *session = SSL_SESSION_new();

  434.   if (session == NULL) {

  435.     return 0;

  436.   }

  437. 

  438.   /* Fill in the time from the |SSL_CTX|'s clock. */

  439.   struct timeval now;

  440.   ssl_get_current_time(ssl, &now);

  441.   session->time = now.tv_sec;

  442. 

  443.   /* If the context has a default timeout, use it over the default. */

  444.   if (ssl->initial_ctx->session_timeout != 0) {

  445.     session->timeout = ssl->initial_ctx->session_timeout;

  446.   }

  447. 

  448.   session->ssl_version = ssl->version;

  449. 

  450.   if (is_server) {

  451.     if (ssl->tlsext_ticket_expected) {

  452.       /* Don't set session IDs for sessions resumed with tickets. This will keep

  453.        * them out of the session cache. */

  454.       session->session_id_length = 0;

  455.     } else {

  456.       session->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;

  457.       if (!RAND_bytes(session->session_id, session->session_id_length)) {

  458.         goto err;

  459.       }

  460.     }

  461. 

  462.     if (ssl->tlsext_hostname != NULL) {

  463.       session->tlsext_hostname = BUF_strdup(ssl->tlsext_hostname);

  464.       if (session->tlsext_hostname == NULL) {

  465.         OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  466.         goto err;

  467.       }

  468.     }

  469.   } else {

  470.     session->session_id_length = 0;

  471.   }

  472. 

  473.   if (ssl->sid_ctx_length > sizeof(session->sid_ctx)) {

  474.     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);

  475.     goto err;

  476.   }

  477.   memcpy(session->sid_ctx, ssl->sid_ctx, ssl->sid_ctx_length);

  478.   session->sid_ctx_length = ssl->sid_ctx_length;

  479. 

  480.   /* The session is marked not resumable until it is completely filled in. */

  481.   session->not_resumable = 1;

  482.   session->verify_result = X509_V_ERR_INVALID_CALL;

  483. 

  484.   SSL_SESSION_free(ssl->s3->new_session);

  485.   ssl->s3->new_session = session;

  486.   ssl_set_session(ssl, NULL);

  487.   return 1;

  488. 

  489. err:

  490.   SSL_SESSION_free(session);

  491.   return 0;

  492. }

  493. 

  494. int ssl_encrypt_ticket(SSL *ssl, CBB *out, const SSL_SESSION *session) {

  495.   int ret = 0;

  496. 

  497.   /* Serialize the SSL_SESSION to be encoded into the ticket. */

  498.   uint8_t *session_buf = NULL;

  499.   size_t session_len;

  500.   if (!SSL_SESSION_to_bytes_for_ticket(session, &session_buf, &session_len)) {

  501.     return -1;

  502.   }

  503. 

  504.   EVP_CIPHER_CTX ctx;

  505.   EVP_CIPHER_CTX_init(&ctx);

  506.   HMAC_CTX hctx;

  507.   HMAC_CTX_init(&hctx);

  508. 

  509.   /* If the session is too long, emit a dummy value rather than abort the

  510.    * connection. */

  511.   static const size_t kMaxTicketOverhead =

  512.       16 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE;

  513.   if (session_len > 0xffff - kMaxTicketOverhead) {

  514.     static const char kTicketPlaceholder[] = "TICKET TOO LARGE";

  515.     if (CBB_add_bytes(out, (const uint8_t *)kTicketPlaceholder,

  516.                       strlen(kTicketPlaceholder))) {

  517.       ret = 1;

  518.     }

  519.     goto err;

  520.   }

  521. 

  522.   /* Initialize HMAC and cipher contexts. If callback present it does all the

  523.    * work otherwise use generated values from parent ctx. */

  524.   SSL_CTX *tctx = ssl->initial_ctx;

  525.   uint8_t iv[EVP_MAX_IV_LENGTH];

  526.   uint8_t key_name[16];

  527.   if (tctx->tlsext_ticket_key_cb != NULL) {

  528.     if (tctx->tlsext_ticket_key_cb(ssl, key_name, iv, &ctx, &hctx,

  529.                                    1 /* encrypt */) < 0) {

  530.       goto err;

  531.     }

  532.   } else {

  533.     if (!RAND_bytes(iv, 16) ||

  534.         !EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,

  535.                             tctx->tlsext_tick_aes_key, iv) ||

  536.         !HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, tlsext_tick_md(),

  537.                       NULL)) {

  538.       goto err;

  539.     }

  540.     memcpy(key_name, tctx->tlsext_tick_key_name, 16);

  541.   }

  542. 

  543.   uint8_t *ptr;

  544.   if (!CBB_add_bytes(out, key_name, 16) ||

  545.       !CBB_add_bytes(out, iv, EVP_CIPHER_CTX_iv_length(&ctx)) ||

  546.       !CBB_reserve(out, &ptr, session_len + EVP_MAX_BLOCK_LENGTH)) {

  547.     goto err;

  548.   }

  549. 

  550.   int len;

  551.   size_t total = 0;

  552.   if (!EVP_EncryptUpdate(&ctx, ptr + total, &len, session_buf, session_len)) {

  553.     goto err;

  554.   }

  555.   total += len;

  556.   if (!EVP_EncryptFinal_ex(&ctx, ptr + total, &len)) {

  557.     goto err;

  558.   }

  559.   total += len;

  560.   if (!CBB_did_write(out, total)) {

  561.     goto err;

  562.   }

  563. 

  564.   unsigned hlen;

  565.   if (!HMAC_Update(&hctx, CBB_data(out), CBB_len(out)) ||

  566.       !CBB_reserve(out, &ptr, EVP_MAX_MD_SIZE) ||

  567.       !HMAC_Final(&hctx, ptr, &hlen) ||

  568.       !CBB_did_write(out, hlen)) {

  569.     goto err;

  570.   }

  571. 

  572.   ret = 1;

  573. 

  574. err:

  575.   OPENSSL_free(session_buf);

  576.   EVP_CIPHER_CTX_cleanup(&ctx);

  577.   HMAC_CTX_cleanup(&hctx);

  578.   return ret;

  579. }

  580. 

  581. int ssl_session_is_context_valid(const SSL *ssl, const SSL_SESSION *session) {

  582.   if (session == NULL) {

  583.     return 0;

  584.   }

  585. 

  586.   return session->sid_ctx_length == ssl->sid_ctx_length &&

  587.          memcmp(session->sid_ctx, ssl->sid_ctx, ssl->sid_ctx_length) == 0;

  588. }

  589. 

  590. int ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session) {

  591.   if (session == NULL) {

  592.     return 0;

  593.   }

  594. 

  595.   struct timeval now;

  596.   ssl_get_current_time(ssl, &now);

  597.   return session->timeout >= (long)now.tv_sec - session->time;

  598. }

  599. 

  600. /* ssl_lookup_session looks up |session_id| in the session cache and sets

  601.  * |*out_session| to an |SSL_SESSION| object if found. The caller takes

  602.  * ownership of the result. */

  603. static enum ssl_session_result_t ssl_lookup_session(

  604.     SSL *ssl, SSL_SESSION **out_session, const uint8_t *session_id,

  605.     size_t session_id_len) {

  606.   *out_session = NULL;

  607. 

  608.   if (session_id_len == 0 || session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {

  609.     return ssl_session_success;

  610.   }

  611. 

  612.   SSL_SESSION *session = NULL;

  613.   /* Try the internal cache, if it exists. */

  614.   if (!(ssl->initial_ctx->session_cache_mode &

  615.         SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) {

  616.     SSL_SESSION data;

  617.     data.ssl_version = ssl->version;

  618.     data.session_id_length = session_id_len;

  619.     memcpy(data.session_id, session_id, session_id_len);

  620. 

  621.     CRYPTO_MUTEX_lock_read(&ssl->initial_ctx->lock);

  622.     session = lh_SSL_SESSION_retrieve(ssl->initial_ctx->sessions, &data);

  623.     if (session != NULL) {

  624.       SSL_SESSION_up_ref(session);

  625.     }

  626.     /* TODO(davidben): This should probably move it to the front of the list. */

  627.     CRYPTO_MUTEX_unlock_read(&ssl->initial_ctx->lock);

  628.   }

  629. 

  630.   /* Fall back to the external cache, if it exists. */

  631.   if (session == NULL &&

  632.       ssl->initial_ctx->get_session_cb != NULL) {

  633.     int copy = 1;

  634.     session = ssl->initial_ctx->get_session_cb(ssl, (uint8_t *)session_id,

  635.                                                session_id_len, &copy);

  636. 

  637.     if (session == NULL) {

  638.       return ssl_session_success;

  639.     }

  640. 

  641.     if (session == SSL_magic_pending_session_ptr()) {

  642.       return ssl_session_retry;

  643.     }

  644. 

  645.     /* Increment reference count now if the session callback asks us to do so

  646.      * (note that if the session structures returned by the callback are shared

  647.      * between threads, it must handle the reference count itself [i.e. copy ==

  648.      * 0], or things won't be thread-safe). */

  649.     if (copy) {

  650.       SSL_SESSION_up_ref(session);

  651.     }

  652. 

  653.     /* Add the externally cached session to the internal cache if necessary. */

  654.     if (!(ssl->initial_ctx->session_cache_mode &

  655.           SSL_SESS_CACHE_NO_INTERNAL_STORE)) {

  656.       SSL_CTX_add_session(ssl->initial_ctx, session);

  657.     }

  658.   }

  659. 

  660.   if (session == NULL) {

  661.     return ssl_session_success;

  662.   }

  663. 

  664.   if (!ssl_session_is_context_valid(ssl, session)) {

  665.     /* The client did not offer a suitable ticket or session ID. */

  666.     SSL_SESSION_free(session);

  667.     session = NULL;

  668.   } else if (!ssl_session_is_time_valid(ssl, session)) {

  669.     /* The session was from the cache, so remove it. */

  670.     SSL_CTX_remove_session(ssl->initial_ctx, session);

  671.     SSL_SESSION_free(session);

  672.     session = NULL;

  673.   }

  674. 

  675.   *out_session = session;

  676.   return ssl_session_success;

  677. }

  678. 

  679. enum ssl_session_result_t ssl_get_prev_session(

  680.     SSL *ssl, SSL_SESSION **out_session, int *out_send_ticket,

  681.     const struct ssl_early_callback_ctx *ctx) {

  682.   /* This is used only by servers. */

  683.   assert(ssl->server);

  684.   SSL_SESSION *session = NULL;

  685.   int renew_ticket = 0;

  686. 

  687.   /* If tickets are disabled, always behave as if no tickets are present. */

  688.   const uint8_t *ticket = NULL;

  689.   size_t ticket_len = 0;

  690.   const int tickets_supported =

  691.       !(SSL_get_options(ssl) & SSL_OP_NO_TICKET) &&

  692.       ssl->version > SSL3_VERSION &&

  693.       SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_session_ticket,

  694.                                            &ticket, &ticket_len);

  695.   if (tickets_supported && ticket_len > 0) {

  696.     if (!tls_process_ticket(ssl, &session, &renew_ticket, ticket, ticket_len,

  697.                             ctx->session_id, ctx->session_id_len)) {

  698.       return ssl_session_error;

  699.     }

  700.   } else {

  701.     /* The client didn't send a ticket, so the session ID is a real ID. */

  702.     enum ssl_session_result_t lookup_ret = ssl_lookup_session(

  703.         ssl, &session, ctx->session_id, ctx->session_id_len);

  704.     if (lookup_ret != ssl_session_success) {

  705.       return lookup_ret;

  706.     }

  707.   }

  708. 

  709.   *out_session = session;

  710.   if (session != NULL) {

  711.     *out_send_ticket = renew_ticket;

  712.   } else {

  713.     *out_send_ticket = tickets_supported;

  714.   }

  715.   return ssl_session_success;

  716. }

  717. 

  718. int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session) {

  719.   /* Although |session| is inserted into two structures (a doubly-linked list

  720.    * and the hash table), |ctx| only takes one reference. */

  721.   SSL_SESSION_up_ref(session);

  722. 

  723.   SSL_SESSION *old_session;

  724.   CRYPTO_MUTEX_lock_write(&ctx->lock);

  725.   if (!lh_SSL_SESSION_insert(ctx->sessions, &old_session, session)) {

  726.     CRYPTO_MUTEX_unlock_write(&ctx->lock);

  727.     SSL_SESSION_free(session);

  728.     return 0;

  729.   }

  730. 

  731.   if (old_session != NULL) {

  732.     if (old_session == session) {

  733.       /* |session| was already in the cache. */

  734.       CRYPTO_MUTEX_unlock_write(&ctx->lock);

  735.       SSL_SESSION_free(old_session);

  736.       return 0;

  737.     }

  738. 

  739.     /* There was a session ID collision. |old_session| must be removed from

  740.      * the linked list and released. */

  741.     SSL_SESSION_list_remove(ctx, old_session);

  742.     SSL_SESSION_free(old_session);

  743.   }

  744. 

  745.   SSL_SESSION_list_add(ctx, session);

  746. 

  747.   /* Enforce any cache size limits. */

  748.   if (SSL_CTX_sess_get_cache_size(ctx) > 0) {

  749.     while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) {

  750.       if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) {

  751.         break;

  752.       }

  753.     }

  754.   }

  755. 

  756.   CRYPTO_MUTEX_unlock_write(&ctx->lock);

  757.   return 1;

  758. }

  759. 

  760. int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session) {

  761.   return remove_session_lock(ctx, session, 1);

  762. }

  763. 

  764. static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *session, int lock) {

  765.   int ret = 0;

  766. 

  767.   if (session != NULL && session->session_id_length != 0) {

  768.     if (lock) {

  769.       CRYPTO_MUTEX_lock_write(&ctx->lock);

  770.     }

  771.     SSL_SESSION *found_session = lh_SSL_SESSION_retrieve(ctx->sessions,

  772.                                                          session);

  773.     if (found_session == session) {

  774.       ret = 1;

  775.       found_session = lh_SSL_SESSION_delete(ctx->sessions, session);

  776.       SSL_SESSION_list_remove(ctx, session);

  777.     }

  778. 

  779.     if (lock) {

  780.       CRYPTO_MUTEX_unlock_write(&ctx->lock);

  781.     }

  782. 

  783.     if (ret) {

  784.       found_session->not_resumable = 1;

  785.       if (ctx->remove_session_cb != NULL) {

  786.         ctx->remove_session_cb(ctx, found_session);

  787.       }

  788.       SSL_SESSION_free(found_session);

  789.     }

  790.   }

  791. 

  792.   return ret;

  793. }

  794. 

  795. int SSL_set_session(SSL *ssl, SSL_SESSION *session) {

  796.   /* SSL_set_session may only be called before the handshake has started. */

  797.   if (ssl->state != SSL_ST_INIT || ssl->s3->initial_handshake_complete) {

  798.     abort();

  799.   }

  800. 

  801.   ssl_set_session(ssl, session);

  802.   return 1;

  803. }

  804. 

  805. void ssl_set_session(SSL *ssl, SSL_SESSION *session) {

  806.   if (ssl->session == session) {

  807.     return;

  808.   }

  809. 

  810.   SSL_SESSION_free(ssl->session);

  811.   ssl->session = session;

  812.   if (session != NULL) {

  813.     SSL_SESSION_up_ref(session);

  814.   }

  815. }

  816. 

  817. long SSL_CTX_set_timeout(SSL_CTX *ctx, long timeout) {

  818.   if (ctx == NULL) {

  819.     return 0;

  820.   }

  821. 

  822.   long old_timeout = ctx->session_timeout;

  823.   ctx->session_timeout = timeout;

  824.   return old_timeout;

  825. }

  826. 

  827. long SSL_CTX_get_timeout(const SSL_CTX *ctx) {

  828.   if (ctx == NULL) {

  829.     return 0;

  830.   }

  831. 

  832.   return ctx->session_timeout;

  833. }

  834. 

  835. typedef struct timeout_param_st {

  836.   SSL_CTX *ctx;

  837.   long time;

  838.   LHASH_OF(SSL_SESSION) *cache;

  839. } TIMEOUT_PARAM;

  840. 

  841. static void timeout_doall_arg(SSL_SESSION *session, void *void_param) {

  842.   TIMEOUT_PARAM *param = void_param;

  843. 

  844.   if (param->time == 0 ||

  845.       param->time > (session->time + session->timeout)) {

  846.     /* timeout */

  847.     /* The reason we don't call SSL_CTX_remove_session() is to

  848.      * save on locking overhead */

  849.     (void) lh_SSL_SESSION_delete(param->cache, session);

  850.     SSL_SESSION_list_remove(param->ctx, session);

  851.     session->not_resumable = 1;

  852.     if (param->ctx->remove_session_cb != NULL) {

  853.       param->ctx->remove_session_cb(param->ctx, session);

  854.     }

  855.     SSL_SESSION_free(session);

  856.   }

  857. }

  858. 

  859. void SSL_CTX_flush_sessions(SSL_CTX *ctx, long time) {

  860.   TIMEOUT_PARAM tp;

  861. 

  862.   tp.ctx = ctx;

  863.   tp.cache = ctx->sessions;

  864.   if (tp.cache == NULL) {

  865.     return;

  866.   }

  867.   tp.time = time;

  868.   CRYPTO_MUTEX_lock_write(&ctx->lock);

  869.   lh_SSL_SESSION_doall_arg(tp.cache, timeout_doall_arg, &tp);

  870.   CRYPTO_MUTEX_unlock_write(&ctx->lock);

  871. }

  872. 

  873. /* locked by SSL_CTX in the calling function */

  874. static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *session) {

  875.   if (session->next == NULL || session->prev == NULL) {

  876.     return;

  877.   }

  878. 

  879.   if (session->next == (SSL_SESSION *)&ctx->session_cache_tail) {

  880.     /* last element in list */

  881.     if (session->prev == (SSL_SESSION *)&ctx->session_cache_head) {

  882.       /* only one element in list */

  883.       ctx->session_cache_head = NULL;

  884.       ctx->session_cache_tail = NULL;

  885.     } else {

  886.       ctx->session_cache_tail = session->prev;

  887.       session->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);

  888.     }

  889.   } else {

  890.     if (session->prev == (SSL_SESSION *)&ctx->session_cache_head) {

  891.       /* first element in list */

  892.       ctx->session_cache_head = session->next;

  893.       session->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);

  894.     } else { /* middle of list */

  895.       session->next->prev = session->prev;

  896.       session->prev->next = session->next;

  897.     }

  898.   }

  899.   session->prev = session->next = NULL;

  900. }

  901. 

  902. static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *session) {

  903.   if (session->next != NULL && session->prev != NULL) {

  904.     SSL_SESSION_list_remove(ctx, session);

  905.   }

  906. 

  907.   if (ctx->session_cache_head == NULL) {

  908.     ctx->session_cache_head = session;

  909.     ctx->session_cache_tail = session;

  910.     session->prev = (SSL_SESSION *)&(ctx->session_cache_head);

  911.     session->next = (SSL_SESSION *)&(ctx->session_cache_tail);

  912.   } else {

  913.     session->next = ctx->session_cache_head;

  914.     session->next->prev = session;

  915.     session->prev = (SSL_SESSION *)&(ctx->session_cache_head);

  916.     ctx->session_cache_head = session;

  917.   }

  918. }

  919. 

  920. void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,

  921.                              int (*cb)(SSL *ssl, SSL_SESSION *session)) {

  922.   ctx->new_session_cb = cb;

  923. }

  924. 

  925. int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *session) {

  926.   return ctx->new_session_cb;

  927. }

  928. 

  929. void SSL_CTX_sess_set_remove_cb(

  930.     SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *session)) {

  931.   ctx->remove_session_cb = cb;

  932. }

  933. 

  934. void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX *ctx,

  935.                                                  SSL_SESSION *session) {

  936.   return ctx->remove_session_cb;

  937. }

  938. 

  939. void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,

  940.                              SSL_SESSION *(*cb)(SSL *ssl,

  941.                                                 uint8_t *id, int id_len,

  942.                                                 int *out_copy)) {

  943.   ctx->get_session_cb = cb;

  944. }

  945. 

  946. SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(

  947.     SSL *ssl, uint8_t *id, int id_len, int *out_copy) {

  948.   return ctx->get_session_cb;

  949. }

  950. 

  951. void SSL_CTX_set_info_callback(

  952.     SSL_CTX *ctx, void (*cb)(const SSL *ssl, int type, int value)) {

  953.   ctx->info_callback = cb;

  954. }

  955. 

  956. void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,

  957.                                                 int value) {

  958.   return ctx->info_callback;

  959. }

  960. 

  961. void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl,

  962.                                                         X509 **out_x509,

  963.                                                         EVP_PKEY **out_pkey)) {

  964.   ctx->client_cert_cb = cb;

  965. }

  966. 

  967. int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **out_x509,

  968.                                                 EVP_PKEY **out_pkey) {

  969.   return ctx->client_cert_cb;

  970. }

  971. 

  972. void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx,

  973.                                void (*cb)(SSL *ssl, EVP_PKEY **pkey)) {

  974.   ctx->channel_id_cb = cb;

  975. }

  976. 

  977. void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey) {

  978.   return ctx->channel_id_cb;

  979. }