1
/*
2
 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright 2005 Nokia. All rights reserved.
4
 *
5
 * Licensed under the Apache License 2.0 (the "License").  You may not use
6
 * this file except in compliance with the License.  You can obtain a copy
7
 * in the file LICENSE in the source distribution or at
8
 * https://www.openssl.org/source/license.html
9
 */
10

11
#if defined(__TANDEM) && defined(_SPT_MODEL_)
12
# include <spthread.h>
13
# include <spt_extensions.h> /* timeval */
14
#endif
15
#include <stdio.h>
16
#include <openssl/rand.h>
17
#include <openssl/engine.h>
18
#include "internal/refcount.h"
19
#include "internal/cryptlib.h"
20
#include "internal/ssl_unwrap.h"
21
#include "ssl_local.h"
22
#include "statem/statem_local.h"
23

24
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
25
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
26
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
27

28
DEFINE_STACK_OF(SSL_SESSION)
29

30
__owur static ossl_inline int sess_timedout(OSSL_TIME t, SSL_SESSION *ss)
31
{
32
    return ossl_time_compare(t, ss->calc_timeout) > 0;
33
}
34

35
/*
36
 * Returns -1/0/+1 as other XXXcmp-type functions
37
 * Takes calculated timeout into consideration
38
 */
39
__owur static ossl_inline int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b)
40
{
41
    return ossl_time_compare(a->calc_timeout, b->calc_timeout);
42
}
43

44
/*
45
 * Calculates effective timeout
46
 * Locking must be done by the caller of this function
47
 */
48
void ssl_session_calculate_timeout(SSL_SESSION *ss)
49
{
50
    ss->calc_timeout = ossl_time_add(ss->time, ss->timeout);
51
}
52

53
/*
54
 * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because,
55
 * unlike in earlier protocol versions, the session ticket may not have been
56
 * sent yet even though a handshake has finished. The session ticket data could
57
 * come in sometime later...or even change if multiple session ticket messages
58
 * are sent from the server. The preferred way for applications to obtain
59
 * a resumable session is to use SSL_CTX_sess_set_new_cb().
60
 */
61

62
SSL_SESSION *SSL_get_session(const SSL *ssl)
63
/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
64
{
65
    const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
66

67
    if (sc == NULL)
68
        return NULL;
69

70
    return sc->session;
71
}
72

73
SSL_SESSION *SSL_get1_session(SSL *ssl)
74
/* variant of SSL_get_session: caller really gets something */
75
{
76
    SSL_SESSION *sess;
77

78
    /*
79
     * Need to lock this all up rather than just use CRYPTO_add so that
80
     * somebody doesn't free ssl->session between when we check it's non-null
81
     * and when we up the reference count.
82
     */
83
    if (!CRYPTO_THREAD_read_lock(ssl->lock))
84
        return NULL;
85
    sess = SSL_get_session(ssl);
86
    if (sess != NULL && !SSL_SESSION_up_ref(sess))
87
        sess = NULL;
88
    CRYPTO_THREAD_unlock(ssl->lock);
89
    return sess;
90
}
91

92
int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
93
{
94
    return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
95
}
96

97
void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
98
{
99
    return CRYPTO_get_ex_data(&s->ex_data, idx);
100
}
101

102
SSL_SESSION *SSL_SESSION_new(void)
103
{
104
    SSL_SESSION *ss;
105

106
    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
107
        return NULL;
108

109
    ss = OPENSSL_zalloc(sizeof(*ss));
110
    if (ss == NULL)
111
        return NULL;
112

113
    ss->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_UNSPECIFIED;
114
    ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
115
   /* 5 minute timeout by default */
116
    ss->timeout = ossl_seconds2time(60 * 5 + 4);
117
    ss->time = ossl_time_now();
118
    ssl_session_calculate_timeout(ss);
119
    if (!CRYPTO_NEW_REF(&ss->references, 1)) {
120
        OPENSSL_free(ss);
121
        return NULL;
122
    }
123

124
    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
125
        CRYPTO_FREE_REF(&ss->references);
126
        OPENSSL_free(ss);
127
        return NULL;
128
    }
129
    return ss;
130
}
131

132
/*
133
 * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
134
 * ticket == 0 then no ticket information is duplicated, otherwise it is.
135
 */
136
static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
137
{
138
    SSL_SESSION *dest;
139

140
    dest = OPENSSL_malloc(sizeof(*dest));
141
    if (dest == NULL)
142
        return NULL;
143

144
    /*
145
     * src is logically read-only but the prev/next pointers are not, they are
146
     * part of the session cache and can be modified concurrently.
147
     */
148
    memcpy(dest, src, offsetof(SSL_SESSION, prev));
149

150
    /*
151
     * Set the various pointers to NULL so that we can call SSL_SESSION_free in
152
     * the case of an error whilst halfway through constructing dest
153
     */
154
#ifndef OPENSSL_NO_PSK
155
    dest->psk_identity_hint = NULL;
156
    dest->psk_identity = NULL;
157
#endif
158
    dest->ext.hostname = NULL;
159
    dest->ext.tick = NULL;
160
    dest->ext.alpn_selected = NULL;
161
#ifndef OPENSSL_NO_SRP
162
    dest->srp_username = NULL;
163
#endif
164
    dest->peer_chain = NULL;
165
    dest->peer = NULL;
166
    dest->peer_rpk = NULL;
167
    dest->ticket_appdata = NULL;
168
    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
169

170
    /* As the copy is not in the cache, we remove the associated pointers */
171
    dest->prev = NULL;
172
    dest->next = NULL;
173
    dest->owner = NULL;
174

175
    if (!CRYPTO_NEW_REF(&dest->references, 1)) {
176
        OPENSSL_free(dest);
177
        return NULL;
178
    }
179

180
    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) {
181
        ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
182
        goto err;
183
    }
184

185
    if (src->peer != NULL) {
186
        if (!X509_up_ref(src->peer)) {
187
            ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
188
            goto err;
189
        }
190
        dest->peer = src->peer;
191
    }
192

193
    if (src->peer_chain != NULL) {
194
        dest->peer_chain = X509_chain_up_ref(src->peer_chain);
195
        if (dest->peer_chain == NULL) {
196
            ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
197
            goto err;
198
        }
199
    }
200

201
    if (src->peer_rpk != NULL) {
202
        if (!EVP_PKEY_up_ref(src->peer_rpk))
203
            goto err;
204
        dest->peer_rpk = src->peer_rpk;
205
    }
206

207
#ifndef OPENSSL_NO_PSK
208
    if (src->psk_identity_hint) {
209
        dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
210
        if (dest->psk_identity_hint == NULL)
211
            goto err;
212
    }
213
    if (src->psk_identity) {
214
        dest->psk_identity = OPENSSL_strdup(src->psk_identity);
215
        if (dest->psk_identity == NULL)
216
            goto err;
217
    }
218
#endif
219

220
    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
221
                            &dest->ex_data, &src->ex_data)) {
222
        ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
223
        goto err;
224
    }
225

226
    if (src->ext.hostname) {
227
        dest->ext.hostname = OPENSSL_strdup(src->ext.hostname);
228
        if (dest->ext.hostname == NULL)
229
            goto err;
230
    }
231

232
    if (ticket != 0 && src->ext.tick != NULL) {
233
        dest->ext.tick =
234
            OPENSSL_memdup(src->ext.tick, src->ext.ticklen);
235
        if (dest->ext.tick == NULL)
236
            goto err;
237
    } else {
238
        dest->ext.tick_lifetime_hint = 0;
239
        dest->ext.ticklen = 0;
240
    }
241

242
    if (src->ext.alpn_selected != NULL) {
243
        dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected,
244
                                                 src->ext.alpn_selected_len);
245
        if (dest->ext.alpn_selected == NULL)
246
            goto err;
247
    }
248

249
#ifndef OPENSSL_NO_SRP
250
    if (src->srp_username) {
251
        dest->srp_username = OPENSSL_strdup(src->srp_username);
252
        if (dest->srp_username == NULL)
253
            goto err;
254
    }
255
#endif
256

257
    if (src->ticket_appdata != NULL) {
258
        dest->ticket_appdata =
259
            OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len);
260
        if (dest->ticket_appdata == NULL)
261
            goto err;
262
    }
263

264
    return dest;
265
 err:
266
    SSL_SESSION_free(dest);
267
    return NULL;
268
}
269

270
SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
271
{
272
    return ssl_session_dup_intern(src, 1);
273
}
274

275
/*
276
 * Used internally when duplicating a session which might be already shared.
277
 * We will have resumed the original session. Subsequently we might have marked
278
 * it as non-resumable (e.g. in another thread) - but this copy should be ok to
279
 * resume from.
280
 */
281
SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
282
{
283
    SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
284

285
    if (sess != NULL)
286
        sess->not_resumable = 0;
287

288
    return sess;
289
}
290

291
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
292
{
293
    if (len)
294
        *len = (unsigned int)s->session_id_length;
295
    return s->session_id;
296
}
297

298
const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
299
                                                unsigned int *len)
300
{
301
    if (len != NULL)
302
        *len = (unsigned int)s->sid_ctx_length;
303
    return s->sid_ctx;
304
}
305

306
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
307
{
308
    return s->compress_meth;
309
}
310

311
/*
312
 * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
313
 * the ID with random junk repeatedly until we have no conflict is going to
314
 * complete in one iteration pretty much "most" of the time (btw:
315
 * understatement). So, if it takes us 10 iterations and we still can't avoid
316
 * a conflict - well that's a reasonable point to call it quits. Either the
317
 * RAND code is broken or someone is trying to open roughly very close to
318
 * 2^256 SSL sessions to our server. How you might store that many sessions
319
 * is perhaps a more interesting question ...
320
 */
321

322
#define MAX_SESS_ID_ATTEMPTS 10
323
static int def_generate_session_id(SSL *ssl, unsigned char *id,
324
                                   unsigned int *id_len)
325
{
326
    unsigned int retry = 0;
327
    do {
328
        if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0)
329
            return 0;
330
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
331
        if (retry > 0) {
332
            id[0]++;
333
        }
334
#endif
335
    } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
336
           (++retry < MAX_SESS_ID_ATTEMPTS)) ;
337
    if (retry < MAX_SESS_ID_ATTEMPTS)
338
        return 1;
339
    /* else - woops a session_id match */
340
    /*
341
     * XXX We should also check the external cache -- but the probability of
342
     * a collision is negligible, and we could not prevent the concurrent
343
     * creation of sessions with identical IDs since we currently don't have
344
     * means to atomically check whether a session ID already exists and make
345
     * a reservation for it if it does not (this problem applies to the
346
     * internal cache as well).
347
     */
348
    return 0;
349
}
350

351
int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss)
352
{
353
    unsigned int tmp;
354
    GEN_SESSION_CB cb = def_generate_session_id;
355
    SSL *ssl = SSL_CONNECTION_GET_SSL(s);
356

357
    switch (s->version) {
358
    case SSL3_VERSION:
359
    case TLS1_VERSION:
360
    case TLS1_1_VERSION:
361
    case TLS1_2_VERSION:
362
    case TLS1_3_VERSION:
363
    case DTLS1_BAD_VER:
364
    case DTLS1_VERSION:
365
    case DTLS1_2_VERSION:
366
        ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
367
        break;
368
    default:
369
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNSUPPORTED_SSL_VERSION);
370
        return 0;
371
    }
372

373
    /*-
374
     * If RFC5077 ticket, use empty session ID (as server).
375
     * Note that:
376
     * (a) ssl_get_prev_session() does lookahead into the
377
     *     ClientHello extensions to find the session ticket.
378
     *     When ssl_get_prev_session() fails, statem_srvr.c calls
379
     *     ssl_get_new_session() in tls_process_client_hello().
380
     *     At that point, it has not yet parsed the extensions,
381
     *     however, because of the lookahead, it already knows
382
     *     whether a ticket is expected or not.
383
     *
384
     * (b) statem_clnt.c calls ssl_get_new_session() before parsing
385
     *     ServerHello extensions, and before recording the session
386
     *     ID received from the server, so this block is a noop.
387
     */
388
    if (s->ext.ticket_expected) {
389
        ss->session_id_length = 0;
390
        return 1;
391
    }
392

393
    /* Choose which callback will set the session ID */
394
    if (!CRYPTO_THREAD_read_lock(SSL_CONNECTION_GET_SSL(s)->lock))
395
        return 0;
396
    if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) {
397
        CRYPTO_THREAD_unlock(ssl->lock);
398
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
399
                 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
400
        return 0;
401
    }
402
    if (s->generate_session_id)
403
        cb = s->generate_session_id;
404
    else if (s->session_ctx->generate_session_id)
405
        cb = s->session_ctx->generate_session_id;
406
    CRYPTO_THREAD_unlock(s->session_ctx->lock);
407
    CRYPTO_THREAD_unlock(ssl->lock);
408
    /* Choose a session ID */
409
    memset(ss->session_id, 0, ss->session_id_length);
410
    tmp = (int)ss->session_id_length;
411
    if (!cb(ssl, ss->session_id, &tmp)) {
412
        /* The callback failed */
413
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
414
                 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
415
        return 0;
416
    }
417
    /*
418
     * Don't allow the callback to set the session length to zero. nor
419
     * set it higher than it was.
420
     */
421
    if (tmp == 0 || tmp > ss->session_id_length) {
422
        /* The callback set an illegal length */
423
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
424
                 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
425
        return 0;
426
    }
427
    ss->session_id_length = tmp;
428
    /* Finally, check for a conflict */
429
    if (SSL_has_matching_session_id(ssl, ss->session_id,
430
                                    (unsigned int)ss->session_id_length)) {
431
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT);
432
        return 0;
433
    }
434

435
    return 1;
436
}
437

438
int ssl_get_new_session(SSL_CONNECTION *s, int session)
439
{
440
    /* This gets used by clients and servers. */
441

442
    SSL_SESSION *ss = NULL;
443

444
    if ((ss = SSL_SESSION_new()) == NULL) {
445
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB);
446
        return 0;
447
    }
448

449
    /* If the context has a default timeout, use it */
450
    if (ossl_time_is_zero(s->session_ctx->session_timeout))
451
        ss->timeout = SSL_CONNECTION_GET_SSL(s)->method->get_timeout();
452
    else
453
        ss->timeout = s->session_ctx->session_timeout;
454
    ssl_session_calculate_timeout(ss);
455

456
    SSL_SESSION_free(s->session);
457
    s->session = NULL;
458

459
    if (session) {
460
        if (SSL_CONNECTION_IS_TLS13(s)) {
461
            /*
462
             * We generate the session id while constructing the
463
             * NewSessionTicket in TLSv1.3.
464
             */
465
            ss->session_id_length = 0;
466
        } else if (!ssl_generate_session_id(s, ss)) {
467
            /* SSLfatal() already called */
468
            SSL_SESSION_free(ss);
469
            return 0;
470
        }
471

472
    } else {
473
        ss->session_id_length = 0;
474
    }
475

476
    if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
477
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
478
        SSL_SESSION_free(ss);
479
        return 0;
480
    }
481
    memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
482
    ss->sid_ctx_length = s->sid_ctx_length;
483
    s->session = ss;
484
    ss->ssl_version = s->version;
485
    ss->verify_result = X509_V_OK;
486

487
    /* If client supports extended master secret set it in session */
488
    if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)
489
        ss->flags |= SSL_SESS_FLAG_EXTMS;
490

491
    return 1;
492
}
493

494
SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
495
                                  const unsigned char *sess_id,
496
                                  size_t sess_id_len)
497
{
498
    SSL_SESSION *ret = NULL;
499

500
    if ((s->session_ctx->session_cache_mode
501
         & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) {
502
        SSL_SESSION data;
503

504
        data.ssl_version = s->version;
505
        if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH))
506
            return NULL;
507

508
        memcpy(data.session_id, sess_id, sess_id_len);
509
        data.session_id_length = sess_id_len;
510

511
        if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock))
512
            return NULL;
513
        ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
514
        if (ret != NULL) {
515
            /* don't allow other threads to steal it: */
516
            if (!SSL_SESSION_up_ref(ret)) {
517
                CRYPTO_THREAD_unlock(s->session_ctx->lock);
518
                return NULL;
519
            }
520
        }
521
        CRYPTO_THREAD_unlock(s->session_ctx->lock);
522
        if (ret == NULL)
523
            ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_miss);
524
    }
525

526
    if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
527
        int copy = 1;
528

529
        ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_USER_SSL(s),
530
                                             sess_id, sess_id_len, &copy);
531

532
        if (ret != NULL) {
533
            if (ret->not_resumable) {
534
                /* If its not resumable then ignore this session */
535
                if (!copy)
536
                    SSL_SESSION_free(ret);
537
                return NULL;
538
            }
539
            ssl_tsan_counter(s->session_ctx,
540
                             &s->session_ctx->stats.sess_cb_hit);
541

542
            /*
543
             * Increment reference count now if the session callback asks us
544
             * to do so (note that if the session structures returned by the
545
             * callback are shared between threads, it must handle the
546
             * reference count itself [i.e. copy == 0], or things won't be
547
             * thread-safe).
548
             */
549
            if (copy && !SSL_SESSION_up_ref(ret))
550
                return NULL;
551

552
            /*
553
             * Add the externally cached session to the internal cache as
554
             * well if and only if we are supposed to.
555
             */
556
            if ((s->session_ctx->session_cache_mode &
557
                 SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) {
558
                /*
559
                 * Either return value of SSL_CTX_add_session should not
560
                 * interrupt the session resumption process. The return
561
                 * value is intentionally ignored.
562
                 */
563
                (void)SSL_CTX_add_session(s->session_ctx, ret);
564
            }
565
        }
566
    }
567

568
    return ret;
569
}
570

571
/*-
572
 * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
573
 * connection. It is only called by servers.
574
 *
575
 *   hello: The parsed ClientHello data
576
 *
577
 * Returns:
578
 *   -1: fatal error
579
 *    0: no session found
580
 *    1: a session may have been found.
581
 *
582
 * Side effects:
583
 *   - If a session is found then s->session is pointed at it (after freeing an
584
 *     existing session if need be) and s->verify_result is set from the session.
585
 *   - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
586
 *     if the server should issue a new session ticket (to 0 otherwise).
587
 */
588
int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello)
589
{
590
    /* This is used only by servers. */
591

592
    SSL_SESSION *ret = NULL;
593
    int fatal = 0;
594
    int try_session_cache = 0;
595
    SSL_TICKET_STATUS r;
596

597
    if (SSL_CONNECTION_IS_TLS13(s)) {
598
        SSL_SESSION_free(s->session);
599
        s->session = NULL;
600
        /*
601
         * By default we will send a new ticket. This can be overridden in the
602
         * ticket processing.
603
         */
604
        s->ext.ticket_expected = 1;
605
        if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
606
                                 SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
607
                                 NULL, 0)
608
                || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO,
609
                                        hello->pre_proc_exts, NULL, 0))
610
            return -1;
611

612
        /* If we resumed, s->session will now be set */
613
        ret = s->session;
614
    } else {
615
        /* sets s->ext.ticket_expected */
616
        r = tls_get_ticket_from_client(s, hello, &ret);
617
        switch (r) {
618
        case SSL_TICKET_FATAL_ERR_MALLOC:
619
        case SSL_TICKET_FATAL_ERR_OTHER:
620
            fatal = 1;
621
            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
622
            goto err;
623
        case SSL_TICKET_NONE:
624
        case SSL_TICKET_EMPTY:
625
            if (hello->session_id_len > 0) {
626
                try_session_cache = 1;
627
                ret = lookup_sess_in_cache(s, hello->session_id,
628
                                           hello->session_id_len);
629
            }
630
            break;
631
        case SSL_TICKET_NO_DECRYPT:
632
        case SSL_TICKET_SUCCESS:
633
        case SSL_TICKET_SUCCESS_RENEW:
634
            break;
635
        }
636
    }
637

638
    if (ret == NULL)
639
        goto err;
640

641
    /* Now ret is non-NULL and we own one of its reference counts. */
642

643
    /* Check TLS version consistency */
644
    if (ret->ssl_version != s->version)
645
        goto err;
646

647
    if (ret->sid_ctx_length != s->sid_ctx_length
648
        || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
649
        /*
650
         * We have the session requested by the client, but we don't want to
651
         * use it in this context.
652
         */
653
        goto err;               /* treat like cache miss */
654
    }
655

656
    if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
657
        /*
658
         * We can't be sure if this session is being used out of context,
659
         * which is especially important for SSL_VERIFY_PEER. The application
660
         * should have used SSL[_CTX]_set_session_id_context. For this error
661
         * case, we generate an error instead of treating the event like a
662
         * cache miss (otherwise it would be easy for applications to
663
         * effectively disable the session cache by accident without anyone
664
         * noticing).
665
         */
666

667
        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
668
                 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
669
        fatal = 1;
670
        goto err;
671
    }
672

673
    if (sess_timedout(ossl_time_now(), ret)) {
674
        ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_timeout);
675
        if (try_session_cache) {
676
            /* session was from the cache, so remove it */
677
            SSL_CTX_remove_session(s->session_ctx, ret);
678
        }
679
        goto err;
680
    }
681

682
    /* Check extended master secret extension consistency */
683
    if (ret->flags & SSL_SESS_FLAG_EXTMS) {
684
        /* If old session includes extms, but new does not: abort handshake */
685
        if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
686
            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS);
687
            fatal = 1;
688
            goto err;
689
        }
690
    } else if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
691
        /* If new session includes extms, but old does not: do not resume */
692
        goto err;
693
    }
694

695
    if (!SSL_CONNECTION_IS_TLS13(s)) {
696
        /* We already did this for TLS1.3 */
697
        SSL_SESSION_free(s->session);
698
        s->session = ret;
699
    }
700

701
    ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_hit);
702
    s->verify_result = s->session->verify_result;
703
    return 1;
704

705
 err:
706
    if (ret != NULL) {
707
        SSL_SESSION_free(ret);
708
        /* In TLSv1.3 s->session was already set to ret, so we NULL it out */
709
        if (SSL_CONNECTION_IS_TLS13(s))
710
            s->session = NULL;
711

712
        if (!try_session_cache) {
713
            /*
714
             * The session was from a ticket, so we should issue a ticket for
715
             * the new session
716
             */
717
            s->ext.ticket_expected = 1;
718
        }
719
    }
720
    if (fatal)
721
        return -1;
722

723
    return 0;
724
}
725

726
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
727
{
728
    int ret = 0;
729
    SSL_SESSION *s;
730

731
    /*
732
     * add just 1 reference count for the SSL_CTX's session cache even though
733
     * it has two ways of access: each session is in a doubly linked list and
734
     * an lhash
735
     */
736
    if (!SSL_SESSION_up_ref(c))
737
        return 0;
738
    /*
739
     * if session c is in already in cache, we take back the increment later
740
     */
741

742
    if (!CRYPTO_THREAD_write_lock(ctx->lock)) {
743
        SSL_SESSION_free(c);
744
        return 0;
745
    }
746
    s = lh_SSL_SESSION_insert(ctx->sessions, c);
747

748
    /*
749
     * s != NULL iff we already had a session with the given PID. In this
750
     * case, s == c should hold (then we did not really modify
751
     * ctx->sessions), or we're in trouble.
752
     */
753
    if (s != NULL && s != c) {
754
        /* We *are* in trouble ... */
755
        SSL_SESSION_list_remove(ctx, s);
756
        SSL_SESSION_free(s);
757
        /*
758
         * ... so pretend the other session did not exist in cache (we cannot
759
         * handle two SSL_SESSION structures with identical session ID in the
760
         * same cache, which could happen e.g. when two threads concurrently
761
         * obtain the same session from an external cache)
762
         */
763
        s = NULL;
764
    } else if (s == NULL &&
765
               lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
766
        /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
767

768
        /*
769
         * ... so take back the extra reference and also don't add
770
         * the session to the SSL_SESSION_list at this time
771
         */
772
        s = c;
773
    }
774

775
    /* Adjust last used time, and add back into the cache at the appropriate spot */
776
    if (ctx->session_cache_mode & SSL_SESS_CACHE_UPDATE_TIME) {
777
        c->time = ossl_time_now();
778
        ssl_session_calculate_timeout(c);
779
    }
780

781
    if (s == NULL) {
782
        /*
783
         * new cache entry -- remove old ones if cache has become too large
784
         * delete cache entry *before* add, so we don't remove the one we're adding!
785
         */
786

787
        ret = 1;
788

789
        if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
790
            while (SSL_CTX_sess_number(ctx) >= SSL_CTX_sess_get_cache_size(ctx)) {
791
                if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
792
                    break;
793
                else
794
                    ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full);
795
            }
796
        }
797
    }
798

799
    SSL_SESSION_list_add(ctx, c);
800

801
    if (s != NULL) {
802
        /*
803
         * existing cache entry -- decrement previously incremented reference
804
         * count because it already takes into account the cache
805
         */
806

807
        SSL_SESSION_free(s);    /* s == c */
808
        ret = 0;
809
    }
810
    CRYPTO_THREAD_unlock(ctx->lock);
811
    return ret;
812
}
813

814
int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
815
{
816
    return remove_session_lock(ctx, c, 1);
817
}
818

819
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
820
{
821
    SSL_SESSION *r;
822
    int ret = 0;
823

824
    if ((c != NULL) && (c->session_id_length != 0)) {
825
        if (lck) {
826
            if (!CRYPTO_THREAD_write_lock(ctx->lock))
827
                return 0;
828
        }
829
        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
830
            ret = 1;
831
            r = lh_SSL_SESSION_delete(ctx->sessions, r);
832
            SSL_SESSION_list_remove(ctx, r);
833
        }
834
        c->not_resumable = 1;
835

836
        if (lck)
837
            CRYPTO_THREAD_unlock(ctx->lock);
838

839
        if (ctx->remove_session_cb != NULL)
840
            ctx->remove_session_cb(ctx, c);
841

842
        if (ret)
843
            SSL_SESSION_free(r);
844
    }
845
    return ret;
846
}
847

848
void SSL_SESSION_free(SSL_SESSION *ss)
849
{
850
    int i;
851

852
    if (ss == NULL)
853
        return;
854
    CRYPTO_DOWN_REF(&ss->references, &i);
855
    REF_PRINT_COUNT("SSL_SESSION", i, ss);
856
    if (i > 0)
857
        return;
858
    REF_ASSERT_ISNT(i < 0);
859

860
    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
861

862
    OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
863
    OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
864
    X509_free(ss->peer);
865
    EVP_PKEY_free(ss->peer_rpk);
866
    OSSL_STACK_OF_X509_free(ss->peer_chain);
867
    OPENSSL_free(ss->ext.hostname);
868
    OPENSSL_free(ss->ext.tick);
869
#ifndef OPENSSL_NO_PSK
870
    OPENSSL_free(ss->psk_identity_hint);
871
    OPENSSL_free(ss->psk_identity);
872
#endif
873
#ifndef OPENSSL_NO_SRP
874
    OPENSSL_free(ss->srp_username);
875
#endif
876
    OPENSSL_free(ss->ext.alpn_selected);
877
    OPENSSL_free(ss->ticket_appdata);
878
    CRYPTO_FREE_REF(&ss->references);
879
    OPENSSL_clear_free(ss, sizeof(*ss));
880
}
881

882
int SSL_SESSION_up_ref(SSL_SESSION *ss)
883
{
884
    int i;
885

886
    if (CRYPTO_UP_REF(&ss->references, &i) <= 0)
887
        return 0;
888

889
    REF_PRINT_COUNT("SSL_SESSION", i, ss);
890
    REF_ASSERT_ISNT(i < 2);
891
    return ((i > 1) ? 1 : 0);
892
}
893

894
int SSL_set_session(SSL *s, SSL_SESSION *session)
895
{
896
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
897

898
    if (sc == NULL)
899
        return 0;
900

901
    if (session != NULL && !SSL_SESSION_up_ref(session))
902
        return 0;
903

904
    ssl_clear_bad_session(sc);
905
    if (s->defltmeth != s->method) {
906
        if (!SSL_set_ssl_method(s, s->defltmeth)) {
907
            SSL_SESSION_free(session);
908
            return 0;
909
        }
910
    }
911

912
    if (session != NULL)
913
        sc->verify_result = session->verify_result;
914

915
    SSL_SESSION_free(sc->session);
916
    sc->session = session;
917

918
    return 1;
919
}
920

921
int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
922
                        unsigned int sid_len)
923
{
924
    if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
925
      ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG);
926
      return 0;
927
    }
928
    s->session_id_length = sid_len;
929
    if (sid != s->session_id && sid_len > 0)
930
        memcpy(s->session_id, sid, sid_len);
931

932
    return 1;
933
}
934

935
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
936
{
937
    OSSL_TIME new_timeout = ossl_seconds2time(t);
938

939
    if (s == NULL || t < 0)
940
        return 0;
941
    if (s->owner != NULL) {
942
        if (!CRYPTO_THREAD_write_lock(s->owner->lock))
943
            return 0;
944
        s->timeout = new_timeout;
945
        ssl_session_calculate_timeout(s);
946
        SSL_SESSION_list_add(s->owner, s);
947
        CRYPTO_THREAD_unlock(s->owner->lock);
948
    } else {
949
        s->timeout = new_timeout;
950
        ssl_session_calculate_timeout(s);
951
    }
952
    return 1;
953
}
954

955
long SSL_SESSION_get_timeout(const SSL_SESSION *s)
956
{
957
    if (s == NULL)
958
        return 0;
959
    return (long)ossl_time_to_time_t(s->timeout);
960
}
961

962
#ifndef OPENSSL_NO_DEPRECATED_3_4
963
long SSL_SESSION_get_time(const SSL_SESSION *s)
964
{
965
    return (long) SSL_SESSION_get_time_ex(s);
966
}
967
#endif
968

969
time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s)
970
{
971
    if (s == NULL)
972
        return 0;
973
    return ossl_time_to_time_t(s->time);
974
}
975

976
time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t t)
977
{
978
    OSSL_TIME new_time = ossl_time_from_time_t(t);
979

980
    if (s == NULL)
981
        return 0;
982
    if (s->owner != NULL) {
983
        if (!CRYPTO_THREAD_write_lock(s->owner->lock))
984
            return 0;
985
        s->time = new_time;
986
        ssl_session_calculate_timeout(s);
987
        SSL_SESSION_list_add(s->owner, s);
988
        CRYPTO_THREAD_unlock(s->owner->lock);
989
    } else {
990
        s->time = new_time;
991
        ssl_session_calculate_timeout(s);
992
    }
993
    return t;
994
}
995

996
#ifndef OPENSSL_NO_DEPRECATED_3_4
997
long SSL_SESSION_set_time(SSL_SESSION *s, long t)
998
{
999
    return (long) SSL_SESSION_set_time_ex(s, (time_t) t);
1000
}
1001
#endif
1002

1003
int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
1004
{
1005
    return s->ssl_version;
1006
}
1007

1008
int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
1009
{
1010
    s->ssl_version = version;
1011
    return 1;
1012
}
1013

1014
const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
1015
{
1016
    return s->cipher;
1017
}
1018

1019
int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher)
1020
{
1021
    s->cipher = cipher;
1022
    return 1;
1023
}
1024

1025
const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
1026
{
1027
    return s->ext.hostname;
1028
}
1029

1030
int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
1031
{
1032
    OPENSSL_free(s->ext.hostname);
1033
    if (hostname == NULL) {
1034
        s->ext.hostname = NULL;
1035
        return 1;
1036
    }
1037
    s->ext.hostname = OPENSSL_strdup(hostname);
1038

1039
    return s->ext.hostname != NULL;
1040
}
1041

1042
int SSL_SESSION_has_ticket(const SSL_SESSION *s)
1043
{
1044
    return (s->ext.ticklen > 0) ? 1 : 0;
1045
}
1046

1047
unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
1048
{
1049
    return s->ext.tick_lifetime_hint;
1050
}
1051

1052
void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
1053
                             size_t *len)
1054
{
1055
    *len = s->ext.ticklen;
1056
    if (tick != NULL)
1057
        *tick = s->ext.tick;
1058
}
1059

1060
uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
1061
{
1062
    return s->ext.max_early_data;
1063
}
1064

1065
int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
1066
{
1067
    s->ext.max_early_data = max_early_data;
1068

1069
    return 1;
1070
}
1071

1072
void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
1073
                                    const unsigned char **alpn,
1074
                                    size_t *len)
1075
{
1076
    *alpn = s->ext.alpn_selected;
1077
    *len = s->ext.alpn_selected_len;
1078
}
1079

1080
int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
1081
                                   size_t len)
1082
{
1083
    OPENSSL_free(s->ext.alpn_selected);
1084
    if (alpn == NULL || len == 0) {
1085
        s->ext.alpn_selected = NULL;
1086
        s->ext.alpn_selected_len = 0;
1087
        return 1;
1088
    }
1089
    s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
1090
    if (s->ext.alpn_selected == NULL) {
1091
        s->ext.alpn_selected_len = 0;
1092
        return 0;
1093
    }
1094
    s->ext.alpn_selected_len = len;
1095

1096
    return 1;
1097
}
1098

1099
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
1100
{
1101
    return s->peer;
1102
}
1103

1104
EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s)
1105
{
1106
    return s->peer_rpk;
1107
}
1108

1109
int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
1110
                                unsigned int sid_ctx_len)
1111
{
1112
    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
1113
        ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
1114
        return 0;
1115
    }
1116
    s->sid_ctx_length = sid_ctx_len;
1117
    if (sid_ctx != s->sid_ctx)
1118
        memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
1119

1120
    return 1;
1121
}
1122

1123
int SSL_SESSION_is_resumable(const SSL_SESSION *s)
1124
{
1125
    /*
1126
     * In the case of EAP-FAST, we can have a pre-shared "ticket" without a
1127
     * session ID.
1128
     */
1129
    return !s->not_resumable
1130
           && (s->session_id_length > 0 || s->ext.ticklen > 0);
1131
}
1132

1133
long SSL_CTX_set_timeout(SSL_CTX *s, long t)
1134
{
1135
    long l;
1136

1137
    if (s == NULL)
1138
        return 0;
1139
    l = (long)ossl_time2seconds(s->session_timeout);
1140
    s->session_timeout = ossl_seconds2time(t);
1141
    return l;
1142
}
1143

1144
long SSL_CTX_get_timeout(const SSL_CTX *s)
1145
{
1146
    if (s == NULL)
1147
        return 0;
1148
    return (long)ossl_time2seconds(s->session_timeout);
1149
}
1150

1151
int SSL_set_session_secret_cb(SSL *s,
1152
                              tls_session_secret_cb_fn tls_session_secret_cb,
1153
                              void *arg)
1154
{
1155
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1156

1157
    if (sc == NULL)
1158
        return 0;
1159

1160
    sc->ext.session_secret_cb = tls_session_secret_cb;
1161
    sc->ext.session_secret_cb_arg = arg;
1162
    return 1;
1163
}
1164

1165
int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
1166
                                  void *arg)
1167
{
1168
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1169

1170
    if (sc == NULL)
1171
        return 0;
1172

1173
    sc->ext.session_ticket_cb = cb;
1174
    sc->ext.session_ticket_cb_arg = arg;
1175
    return 1;
1176
}
1177

1178
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
1179
{
1180
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1181

1182
    if (sc == NULL)
1183
        return 0;
1184

1185
    if (sc->version >= TLS1_VERSION) {
1186
        OPENSSL_free(sc->ext.session_ticket);
1187
        sc->ext.session_ticket = NULL;
1188
        sc->ext.session_ticket =
1189
            OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
1190
        if (sc->ext.session_ticket == NULL)
1191
            return 0;
1192

1193
        if (ext_data != NULL) {
1194
            sc->ext.session_ticket->length = ext_len;
1195
            sc->ext.session_ticket->data = sc->ext.session_ticket + 1;
1196
            memcpy(sc->ext.session_ticket->data, ext_data, ext_len);
1197
        } else {
1198
            sc->ext.session_ticket->length = 0;
1199
            sc->ext.session_ticket->data = NULL;
1200
        }
1201

1202
        return 1;
1203
    }
1204

1205
    return 0;
1206
}
1207

1208
#ifndef OPENSSL_NO_DEPRECATED_3_4
1209
void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
1210
{
1211
    SSL_CTX_flush_sessions_ex(s, (time_t) t);
1212
}
1213
#endif
1214

1215
void SSL_CTX_flush_sessions_ex(SSL_CTX *s, time_t t)
1216
{
1217
    STACK_OF(SSL_SESSION) *sk;
1218
    SSL_SESSION *current;
1219
    unsigned long i;
1220
    const OSSL_TIME timeout = ossl_time_from_time_t(t);
1221

1222
    if (!CRYPTO_THREAD_write_lock(s->lock))
1223
        return;
1224

1225
    sk = sk_SSL_SESSION_new_null();
1226
    i = lh_SSL_SESSION_get_down_load(s->sessions);
1227
    lh_SSL_SESSION_set_down_load(s->sessions, 0);
1228

1229
    /*
1230
     * Iterate over the list from the back (oldest), and stop
1231
     * when a session can no longer be removed.
1232
     * Add the session to a temporary list to be freed outside
1233
     * the SSL_CTX lock.
1234
     * But still do the remove_session_cb() within the lock.
1235
     */
1236
    while (s->session_cache_tail != NULL) {
1237
        current = s->session_cache_tail;
1238
        if (t == 0 || sess_timedout(timeout, current)) {
1239
            lh_SSL_SESSION_delete(s->sessions, current);
1240
            SSL_SESSION_list_remove(s, current);
1241
            current->not_resumable = 1;
1242
            if (s->remove_session_cb != NULL)
1243
                s->remove_session_cb(s, current);
1244
            /*
1245
             * Throw the session on a stack, it's entirely plausible
1246
             * that while freeing outside the critical section, the
1247
             * session could be re-added, so avoid using the next/prev
1248
             * pointers. If the stack failed to create, or the session
1249
             * couldn't be put on the stack, just free it here
1250
             */
1251
            if (sk == NULL || !sk_SSL_SESSION_push(sk, current))
1252
                SSL_SESSION_free(current);
1253
        } else {
1254
            break;
1255
        }
1256
    }
1257

1258
    lh_SSL_SESSION_set_down_load(s->sessions, i);
1259
    CRYPTO_THREAD_unlock(s->lock);
1260

1261
    sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free);
1262
}
1263

1264
int ssl_clear_bad_session(SSL_CONNECTION *s)
1265
{
1266
    if ((s->session != NULL) &&
1267
        !(s->shutdown & SSL_SENT_SHUTDOWN) &&
1268
        !(SSL_in_init(SSL_CONNECTION_GET_SSL(s))
1269
          || SSL_in_before(SSL_CONNECTION_GET_SSL(s)))) {
1270
        SSL_CTX_remove_session(s->session_ctx, s->session);
1271
        return 1;
1272
    } else
1273
        return 0;
1274
}
1275

1276
/* locked by SSL_CTX in the calling function */
1277
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
1278
{
1279
    if ((s->next == NULL) || (s->prev == NULL))
1280
        return;
1281

1282
    if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
1283
        /* last element in list */
1284
        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1285
            /* only one element in list */
1286
            ctx->session_cache_head = NULL;
1287
            ctx->session_cache_tail = NULL;
1288
        } else {
1289
            ctx->session_cache_tail = s->prev;
1290
            s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1291
        }
1292
    } else {
1293
        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1294
            /* first element in list */
1295
            ctx->session_cache_head = s->next;
1296
            s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1297
        } else {
1298
            /* middle of list */
1299
            s->next->prev = s->prev;
1300
            s->prev->next = s->next;
1301
        }
1302
    }
1303
    s->prev = s->next = NULL;
1304
    s->owner = NULL;
1305
}
1306

1307
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
1308
{
1309
    SSL_SESSION *next;
1310

1311
    if ((s->next != NULL) && (s->prev != NULL))
1312
        SSL_SESSION_list_remove(ctx, s);
1313

1314
    if (ctx->session_cache_head == NULL) {
1315
        ctx->session_cache_head = s;
1316
        ctx->session_cache_tail = s;
1317
        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1318
        s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1319
    } else {
1320
        if (timeoutcmp(s, ctx->session_cache_head) >= 0) {
1321
            /*
1322
             * if we timeout after (or the same time as) the first
1323
             * session, put us first - usual case
1324
             */
1325
            s->next = ctx->session_cache_head;
1326
            s->next->prev = s;
1327
            s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1328
            ctx->session_cache_head = s;
1329
        } else if (timeoutcmp(s, ctx->session_cache_tail) < 0) {
1330
            /* if we timeout before the last session, put us last */
1331
            s->prev = ctx->session_cache_tail;
1332
            s->prev->next = s;
1333
            s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1334
            ctx->session_cache_tail = s;
1335
        } else {
1336
            /*
1337
             * we timeout somewhere in-between - if there is only
1338
             * one session in the cache it will be caught above
1339
             */
1340
            next = ctx->session_cache_head->next;
1341
            while (next != (SSL_SESSION*)&(ctx->session_cache_tail)) {
1342
                if (timeoutcmp(s, next) >= 0) {
1343
                    s->next = next;
1344
                    s->prev = next->prev;
1345
                    next->prev->next = s;
1346
                    next->prev = s;
1347
                    break;
1348
                }
1349
                next = next->next;
1350
            }
1351
        }
1352
    }
1353
    s->owner = ctx;
1354
}
1355

1356
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1357
                             int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
1358
{
1359
    ctx->new_session_cb = cb;
1360
}
1361

1362
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
1363
    return ctx->new_session_cb;
1364
}
1365

1366
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1367
                                void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
1368
{
1369
    ctx->remove_session_cb = cb;
1370
}
1371

1372
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
1373
                                                  SSL_SESSION *sess) {
1374
    return ctx->remove_session_cb;
1375
}
1376

1377
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
1378
                             SSL_SESSION *(*cb) (SSL *ssl,
1379
                                                 const unsigned char *data,
1380
                                                 int len, int *copy))
1381
{
1382
    ctx->get_session_cb = cb;
1383
}
1384

1385
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
1386
                                                       const unsigned char
1387
                                                       *data, int len,
1388
                                                       int *copy) {
1389
    return ctx->get_session_cb;
1390
}
1391

1392
void SSL_CTX_set_info_callback(SSL_CTX *ctx,
1393
                               void (*cb) (const SSL *ssl, int type, int val))
1394
{
1395
    ctx->info_callback = cb;
1396
}
1397

1398
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
1399
                                                 int val) {
1400
    return ctx->info_callback;
1401
}
1402

1403
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1404
                                int (*cb) (SSL *ssl, X509 **x509,
1405
                                           EVP_PKEY **pkey))
1406
{
1407
    ctx->client_cert_cb = cb;
1408
}
1409

1410
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
1411
                                                 EVP_PKEY **pkey) {
1412
    return ctx->client_cert_cb;
1413
}
1414

1415
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1416
                                    int (*cb) (SSL *ssl,
1417
                                               unsigned char *cookie,
1418
                                               unsigned int *cookie_len))
1419
{
1420
    ctx->app_gen_cookie_cb = cb;
1421
}
1422

1423
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1424
                                  int (*cb) (SSL *ssl,
1425
                                             const unsigned char *cookie,
1426
                                             unsigned int cookie_len))
1427
{
1428
    ctx->app_verify_cookie_cb = cb;
1429
}
1430

1431
int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len)
1432
{
1433
    OPENSSL_free(ss->ticket_appdata);
1434
    ss->ticket_appdata_len = 0;
1435
    if (data == NULL || len == 0) {
1436
        ss->ticket_appdata = NULL;
1437
        return 1;
1438
    }
1439
    ss->ticket_appdata = OPENSSL_memdup(data, len);
1440
    if (ss->ticket_appdata != NULL) {
1441
        ss->ticket_appdata_len = len;
1442
        return 1;
1443
    }
1444
    return 0;
1445
}
1446

1447
int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len)
1448
{
1449
    *data = ss->ticket_appdata;
1450
    *len = ss->ticket_appdata_len;
1451
    return 1;
1452
}
1453

1454
void SSL_CTX_set_stateless_cookie_generate_cb(
1455
    SSL_CTX *ctx,
1456
    int (*cb) (SSL *ssl,
1457
               unsigned char *cookie,
1458
               size_t *cookie_len))
1459
{
1460
    ctx->gen_stateless_cookie_cb = cb;
1461
}
1462

1463
void SSL_CTX_set_stateless_cookie_verify_cb(
1464
    SSL_CTX *ctx,
1465
    int (*cb) (SSL *ssl,
1466
               const unsigned char *cookie,
1467
               size_t cookie_len))
1468
{
1469
    ctx->verify_stateless_cookie_cb = cb;
1470
}
1471

1472
IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
1473

1474