Lines Matching defs:s
23 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
24 static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
56 #ifdef __DJGPP__ /* time_t is unsigned on djgpp, it's signed anywhere else */
115 * somebody doesn't free ssl->session between when we check it's non-null
127 int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
129 return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
132 void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
134 return CRYPTO_get_ex_data(&s->ex_data, idx);
320 const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
323 *len = (unsigned int)s->session_id_length;
324 return s->session_id;
326 const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
330 *len = (unsigned int)s->sid_ctx_length;
331 return s->sid_ctx;
334 unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
336 return s->compress_meth;
344 * a conflict - well that's a reasonable point to call it quits. Either the
374 int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
379 switch (s->version) {
391 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNSUPPORTED_SSL_VERSION);
410 if (s->ext.ticket_expected) {
416 if (!CRYPTO_THREAD_read_lock(s->lock))
418 if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) {
419 CRYPTO_THREAD_unlock(s->lock);
420 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
424 if (s->generate_session_id)
425 cb = s->generate_session_id;
426 else if (s->session_ctx->generate_session_id)
427 cb = s->session_ctx->generate_session_id;
428 CRYPTO_THREAD_unlock(s->session_ctx->lock);
429 CRYPTO_THREAD_unlock(s->lock);
433 if (!cb(s, ss->session_id, &tmp)) {
435 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
445 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
451 if (SSL_has_matching_session_id(s, ss->session_id,
453 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT);
460 int ssl_get_new_session(SSL *s, int session)
467 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
472 if (s->session_ctx->session_timeout == 0)
473 ss->timeout = SSL_get_default_timeout(s);
475 ss->timeout = s->session_ctx->session_timeout;
478 SSL_SESSION_free(s->session);
479 s->session = NULL;
482 if (SSL_IS_TLS13(s)) {
488 } else if (!ssl_generate_session_id(s, ss)) {
498 if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
499 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
503 memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
504 ss->sid_ctx_length = s->sid_ctx_length;
505 s->session = ss;
506 ss->ssl_version = s->version;
510 if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)
516 SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
521 if ((s->session_ctx->session_cache_mode
525 data.ssl_version = s->version;
532 if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock))
534 ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
539 CRYPTO_THREAD_unlock(s->session_ctx->lock);
541 ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_miss);
544 if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
547 ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©);
556 ssl_tsan_counter(s->session_ctx,
557 &s->session_ctx->stats.sess_cb_hit);
573 if ((s->session_ctx->session_cache_mode &
580 (void)SSL_CTX_add_session(s->session_ctx, ret);
600 * - If a session is found then s->session is pointed at it (after freeing an
601 * existing session if need be) and s->verify_result is set from the session.
602 * - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
605 int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
614 if (SSL_IS_TLS13(s)) {
619 s->ext.ticket_expected = 1;
620 if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
623 || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO,
627 ret = s->session;
629 /* sets s->ext.ticket_expected */
630 r = tls_get_ticket_from_client(s, hello, &ret);
635 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
641 ret = lookup_sess_in_cache(s, hello->session_id,
658 if (ret->ssl_version != s->version)
661 if (ret->sid_ctx_length != s->sid_ctx_length
662 || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
670 if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
681 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
688 ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_timeout);
691 SSL_CTX_remove_session(s->session_ctx, ret);
699 if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
700 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS);
704 } else if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
709 if (!SSL_IS_TLS13(s)) {
711 SSL_SESSION_free(s->session);
712 s->session = ret;
715 ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_hit);
716 s->verify_result = s->session->verify_result;
722 /* In TLSv1.3 s->session was already set to ret, so we NULL it out */
723 if (SSL_IS_TLS13(s))
724 s->session = NULL;
731 s->ext.ticket_expected = 1;
743 SSL_SESSION *s;
746 * add just 1 reference count for the SSL_CTX's session cache even though
759 s = lh_SSL_SESSION_insert(ctx->sessions, c);
762 * s != NULL iff we already had a session with the given PID. In this
763 * case, s == c should hold (then we did not really modify
766 if (s != NULL && s != c) {
768 SSL_SESSION_list_remove(ctx, s);
769 SSL_SESSION_free(s);
776 s = NULL;
777 } else if (s == NULL &&
779 /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
785 s = c;
794 if (s == NULL) {
814 if (s != NULL) {
820 SSL_SESSION_free(s); /* s == c */
906 int SSL_set_session(SSL *s, SSL_SESSION *session)
908 ssl_clear_bad_session(s);
909 if (s->ctx->method != s->method) {
910 if (!SSL_set_ssl_method(s, s->ctx->method))
916 s->verify_result = session->verify_result;
918 SSL_SESSION_free(s->session);
919 s->session = session;
924 int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
931 s->session_id_length = sid_len;
932 if (sid != s->session_id)
933 memcpy(s->session_id, sid, sid_len);
937 long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
941 if (s == NULL || t < 0)
943 if (s->owner != NULL) {
944 if (!CRYPTO_THREAD_write_lock(s->owner->lock))
946 s->timeout = new_timeout;
947 ssl_session_calculate_timeout(s);
948 SSL_SESSION_list_add(s->owner, s);
949 CRYPTO_THREAD_unlock(s->owner->lock);
951 s->timeout = new_timeout;
952 ssl_session_calculate_timeout(s);
957 long SSL_SESSION_get_timeout(const SSL_SESSION *s)
959 if (s == NULL)
961 return (long)s->timeout;
964 long SSL_SESSION_get_time(const SSL_SESSION *s)
966 if (s == NULL)
968 return (long)s->time;
971 long SSL_SESSION_set_time(SSL_SESSION *s, long t)
975 if (s == NULL)
977 if (s->owner != NULL) {
978 if (!CRYPTO_THREAD_write_lock(s->owner->lock))
980 s->time = new_time;
981 ssl_session_calculate_timeout(s);
982 SSL_SESSION_list_add(s->owner, s);
983 CRYPTO_THREAD_unlock(s->owner->lock);
985 s->time = new_time;
986 ssl_session_calculate_timeout(s);
991 int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
993 return s->ssl_version;
996 int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
998 s->ssl_version = version;
1002 const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
1004 return s->cipher;
1007 int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher)
1009 s->cipher = cipher;
1013 const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
1015 return s->ext.hostname;
1018 int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
1020 OPENSSL_free(s->ext.hostname);
1022 s->ext.hostname = NULL;
1025 s->ext.hostname = OPENSSL_strdup(hostname);
1027 return s->ext.hostname != NULL;
1030 int SSL_SESSION_has_ticket(const SSL_SESSION *s)
1032 return (s->ext.ticklen > 0) ? 1 : 0;
1035 unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
1037 return s->ext.tick_lifetime_hint;
1040 void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
1043 *len = s->ext.ticklen;
1045 *tick = s->ext.tick;
1048 uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
1050 return s->ext.max_early_data;
1053 int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
1055 s->ext.max_early_data = max_early_data;
1060 void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
1064 *alpn = s->ext.alpn_selected;
1065 *len = s->ext.alpn_selected_len;
1068 int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
1071 OPENSSL_free(s->ext.alpn_selected);
1073 s->ext.alpn_selected = NULL;
1074 s->ext.alpn_selected_len = 0;
1077 s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
1078 if (s->ext.alpn_selected == NULL) {
1079 s->ext.alpn_selected_len = 0;
1082 s->ext.alpn_selected_len = len;
1087 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
1089 return s->peer;
1092 int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
1099 s->sid_ctx_length = sid_ctx_len;
1100 if (sid_ctx != s->sid_ctx)
1101 memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
1106 int SSL_SESSION_is_resumable(const SSL_SESSION *s)
1112 return !s->not_resumable
1113 && (s->session_id_length > 0 || s->ext.ticklen > 0);
1116 long SSL_CTX_set_timeout(SSL_CTX *s, long t)
1119 if (s == NULL)
1121 l = s->session_timeout;
1122 s->session_timeout = t;
1126 long SSL_CTX_get_timeout(const SSL_CTX *s)
1128 if (s == NULL)
1130 return s->session_timeout;
1133 int SSL_set_session_secret_cb(SSL *s,
1137 if (s == NULL)
1139 s->ext.session_secret_cb = tls_session_secret_cb;
1140 s->ext.session_secret_cb_arg = arg;
1144 int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
1147 if (s == NULL)
1149 s->ext.session_ticket_cb = cb;
1150 s->ext.session_ticket_cb_arg = arg;
1154 int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
1156 if (s->version >= TLS1_VERSION) {
1157 OPENSSL_free(s->ext.session_ticket);
1158 s->ext.session_ticket = NULL;
1159 s->ext.session_ticket =
1161 if (s->ext.session_ticket == NULL) {
1167 s->ext.session_ticket->length = ext_len;
1168 s->ext.session_ticket->data = s->ext.session_ticket + 1;
1169 memcpy(s->ext.session_ticket->data, ext_data, ext_len);
1171 s->ext.session_ticket->length = 0;
1172 s->ext.session_ticket->data = NULL;
1181 void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
1187 if (!CRYPTO_THREAD_write_lock(s->lock))
1191 i = lh_SSL_SESSION_get_down_load(s->sessions);
1192 lh_SSL_SESSION_set_down_load(s->sessions, 0);
1201 while (s->session_cache_tail != NULL) {
1202 current = s->session_cache_tail;
1204 lh_SSL_SESSION_delete(s->sessions, current);
1205 SSL_SESSION_list_remove(s, current);
1207 if (s->remove_session_cb != NULL)
1208 s->remove_session_cb(s, current);
1210 * Throw the session on a stack, it's entirely plausible
1223 lh_SSL_SESSION_set_down_load(s->sessions, i);
1224 CRYPTO_THREAD_unlock(s->lock);
1229 int ssl_clear_bad_session(SSL *s)
1231 if ((s->session != NULL) &&
1232 !(s->shutdown & SSL_SENT_SHUTDOWN) &&
1233 !(SSL_in_init(s) || SSL_in_before(s))) {
1234 SSL_CTX_remove_session(s->session_ctx, s->session);
1241 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
1243 if ((s->next == NULL) || (s->prev == NULL))
1246 if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
1248 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1253 ctx->session_cache_tail = s->prev;
1254 s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1257 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1259 ctx->session_cache_head = s->next;
1260 s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1263 s->next->prev = s->prev;
1264 s->prev->next = s->next;
1267 s->prev = s->next = NULL;
1268 s->owner = NULL;
1271 static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
1275 if ((s->next != NULL) && (s->prev != NULL))
1276 SSL_SESSION_list_remove(ctx, s);
1279 ctx->session_cache_head = s;
1280 ctx->session_cache_tail = s;
1281 s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1282 s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1284 if (timeoutcmp(s, ctx->session_cache_head) >= 0) {
1289 s->next = ctx->session_cache_head;
1290 s->next->prev = s;
1291 s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1292 ctx->session_cache_head = s;
1293 } else if (timeoutcmp(s, ctx->session_cache_tail) < 0) {
1295 s->prev = ctx->session_cache_tail;
1296 s->prev->next = s;
1297 s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1298 ctx->session_cache_tail = s;
1306 if (timeoutcmp(s, next) >= 0) {
1307 s->next = next;
1308 s->prev = next->prev;
1309 next->prev->next = s;
1310 next->prev = s;
1317 s->owner = ctx;