Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.

These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL. Prompted by tb@
author: jsing <> 2022-10-02 16:36:42 +0000
committer: jsing <> 2022-10-02 16:36:42 +0000
commit: efde998d3821e41e124a4bfcdf103e506055fc52 (patch)
tree: 739f174130582d68ff159ff94cdb3fb2185e31ef /src/lib/libssl/ssl_sess.c
parent: ce780ee20f92c920e451f9c3bdd6bb5fe83f4c5b (diff)
download: openbsd-efde998d3821e41e124a4bfcdf103e506055fc52.tar.gz
openbsd-efde998d3821e41e124a4bfcdf103e506055fc52.tar.bz2
openbsd-efde998d3821e41e124a4bfcdf103e506055fc52.zip
1 files changed, 73 insertions, 73 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 7cf36f8984..45c6ddb682 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.117 2022/08/17 07:39:19 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.118 2022/10/02 16:36:41 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -354,17 +354,17 @@ ssl_get_new_session(SSL *s, int session)
                }
                /* If RFC4507 ticket use empty session ID. */
-                if (s->internal->tlsext_ticket_expected) {
+                if (s->tlsext_ticket_expected) {
                        ss->session_id_length = 0;
                        goto sess_id_done;
                }
                /* Choose which callback will set the session ID. */
                CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-                if (s->internal->generate_session_id)
+                if (s->generate_session_id)
-                        cb = s->internal->generate_session_id;
+                        cb = s->generate_session_id;
-                else if (s->session_ctx->internal->generate_session_id)
+                else if (s->session_ctx->generate_session_id)
-                        cb = s->session_ctx->internal->generate_session_id;
+                        cb = s->session_ctx->generate_session_id;
                CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
                /* Choose a session ID. */
@@ -430,7 +430,7 @@ ssl_session_from_cache(SSL *s, CBS *session_id)
        SSL_SESSION *sess;
        SSL_SESSION data;
-        if ((s->session_ctx->internal->session_cache_mode &
+        if ((s->session_ctx->session_cache_mode &
             SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
                return NULL;
@@ -443,13 +443,13 @@ ssl_session_from_cache(SSL *s, CBS *session_id)
                return NULL;
        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-        sess = lh_SSL_SESSION_retrieve(s->session_ctx->internal->sessions, &data);
+        sess = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
        if (sess != NULL)
                CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
        if (sess == NULL)
-                s->session_ctx->internal->stats.sess_miss++;
+                s->session_ctx->stats.sess_miss++;
        return sess;
 }
@@ -460,11 +460,11 @@ ssl_session_from_callback(SSL *s, CBS *session_id)
        SSL_SESSION *sess;
        int copy;
-        if (s->session_ctx->internal->get_session_cb == NULL)
+        if (s->session_ctx->get_session_cb == NULL)
                return NULL;
        copy = 1;
-        if ((sess = s->session_ctx->internal->get_session_cb(s,
+        if ((sess = s->session_ctx->get_session_cb(s,
            CBS_data(session_id), CBS_len(session_id), &copy)) == NULL)
                return NULL;
        /*
@@ -476,10 +476,10 @@ ssl_session_from_callback(SSL *s, CBS *session_id)
        if (copy)
                CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
-        s->session_ctx->internal->stats.sess_cb_hit++;
+        s->session_ctx->stats.sess_cb_hit++;
        /* Add the externally cached session to the internal cache as well. */
-        if (!(s->session_ctx->internal->session_cache_mode &
+        if (!(s->session_ctx->session_cache_mode &
            SSL_SESS_CACHE_NO_INTERNAL_STORE)) {
                /*
                 * The following should not return 1,
@@ -523,7 +523,7 @@ ssl_session_by_id(SSL *s, CBS *session_id)
 *   - If a session is found then s->session is pointed at it (after freeing
 *     an existing session if need be) and s->verify_result is set from the
 *     session.
- *   - For both new and resumed sessions, s->internal->tlsext_ticket_expected
+ *   - For both new and resumed sessions, s->tlsext_ticket_expected
 *     indicates whether the server should issue a new session ticket or not.
 */
 int
@@ -538,7 +538,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert)
        if (CBS_len(session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH)
                goto err;
-        /* Sets s->internal->tlsext_ticket_expected. */
+        /* Sets s->tlsext_ticket_expected. */
        switch (tls1_process_ticket(s, ext_block, &alert_desc, &sess)) {
        case TLS1_TICKET_FATAL_ERROR:
                fatal = 1;
@@ -605,7 +605,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert)
        }
        if (sess->timeout < (time(NULL) - sess->time)) {
-                s->session_ctx->internal->stats.sess_timeout++;
+                s->session_ctx->stats.sess_timeout++;
                if (!ticket_decrypted) {
                        /* The session was from the cache, so remove it. */
                        SSL_CTX_remove_session(s->session_ctx, sess);
@@ -613,7 +613,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert)
                goto err;
        }
-        s->session_ctx->internal->stats.sess_hit++;
+        s->session_ctx->stats.sess_hit++;
        SSL_SESSION_free(s->session);
        s->session = sess;
@@ -628,7 +628,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert)
                 * The session was from a ticket. Issue a ticket for the new
                 * session.
                 */
-                s->internal->tlsext_ticket_expected = 1;
+                s->tlsext_ticket_expected = 1;
        }
        if (fatal) {
                *alert = alert_desc;
@@ -655,12 +655,12 @@ SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
         * later.
         */
        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        s = lh_SSL_SESSION_insert(ctx->internal->sessions, c);
+        s = lh_SSL_SESSION_insert(ctx->sessions, c);
        /*
         * s != NULL iff we already had a session with the given PID.
         * In this case, s == c should hold (then we did not really modify
-         * ctx->internal->sessions), or we're in trouble.
+         * ctx->sessions), or we're in trouble.
         */
        if (s != NULL && s != c) {
                /* We *are* in trouble ... */
@@ -700,10 +700,10 @@ SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
                        while (SSL_CTX_sess_number(ctx) >
                            SSL_CTX_sess_get_cache_size(ctx)) {
                                if (!remove_session_lock(ctx,
-                                    ctx->internal->session_cache_tail, 0))
+                                    ctx->session_cache_tail, 0))
                                        break;
                                else
-                                        ctx->internal->stats.sess_cache_full++;
+                                        ctx->stats.sess_cache_full++;
                        }
                }
        }
@@ -728,9 +728,9 @@ remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
        if (lck)
                CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        if ((r = lh_SSL_SESSION_retrieve(ctx->internal->sessions, c)) == c) {
+        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
                ret = 1;
-                r = lh_SSL_SESSION_delete(ctx->internal->sessions, c);
+                r = lh_SSL_SESSION_delete(ctx->sessions, c);
                SSL_SESSION_list_remove(ctx, c);
        }
        if (lck)
@@ -738,8 +738,8 @@ remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
        if (ret) {
                r->not_resumable = 1;
-                if (ctx->internal->remove_session_cb != NULL)
+                if (ctx->remove_session_cb != NULL)
-                        ctx->internal->remove_session_cb(ctx, r);
+                        ctx->remove_session_cb(ctx, r);
                SSL_SESSION_free(r);
        }
@@ -942,8 +942,8 @@ SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s,
 {
        if (s == NULL)
                return (0);
-        s->internal->tls_session_secret_cb = tls_session_secret_cb;
+        s->tls_session_secret_cb = tls_session_secret_cb;
-        s->internal->tls_session_secret_cb_arg = arg;
+        s->tls_session_secret_cb_arg = arg;
        return (1);
 }
@@ -953,8 +953,8 @@ SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
 {
        if (s == NULL)
                return (0);
-        s->internal->tls_session_ticket_ext_cb = cb;
+        s->tls_session_ticket_ext_cb = cb;
-        s->internal->tls_session_ticket_ext_cb_arg = arg;
+        s->tls_session_ticket_ext_cb_arg = arg;
        return (1);
 }
@@ -962,23 +962,23 @@ int
 SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
 {
        if (s->version >= TLS1_VERSION) {
-                free(s->internal->tlsext_session_ticket);
+                free(s->tlsext_session_ticket);
-                s->internal->tlsext_session_ticket =
+                s->tlsext_session_ticket =
                    malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
-                if (!s->internal->tlsext_session_ticket) {
+                if (!s->tlsext_session_ticket) {
                        SSLerror(s, ERR_R_MALLOC_FAILURE);
                        return 0;
                }
                if (ext_data) {
-                        s->internal->tlsext_session_ticket->length = ext_len;
+                        s->tlsext_session_ticket->length = ext_len;
-                        s->internal->tlsext_session_ticket->data =
+                        s->tlsext_session_ticket->data =
-                            s->internal->tlsext_session_ticket + 1;
+                            s->tlsext_session_ticket + 1;
-                        memcpy(s->internal->tlsext_session_ticket->data,
+                        memcpy(s->tlsext_session_ticket->data,
                            ext_data, ext_len);
                } else {
-                        s->internal->tlsext_session_ticket->length = 0;
+                        s->tlsext_session_ticket->length = 0;
-                        s->internal->tlsext_session_ticket->data = NULL;
+                        s->tlsext_session_ticket->data = NULL;
                }
                return 1;
@@ -1003,8 +1003,8 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
                (void)lh_SSL_SESSION_delete(p->cache, s);
                SSL_SESSION_list_remove(p->ctx, s);
                s->not_resumable = 1;
-                if (p->ctx->internal->remove_session_cb != NULL)
+                if (p->ctx->remove_session_cb != NULL)
-                        p->ctx->internal->remove_session_cb(p->ctx, s);
+                        p->ctx->remove_session_cb(p->ctx, s);
                SSL_SESSION_free(s);
        }
 }
@@ -1026,7 +1026,7 @@ SSL_CTX_flush_sessions(SSL_CTX *s, long t)
        TIMEOUT_PARAM tp;
        tp.ctx = s;
-        tp.cache = s->internal->sessions;
+        tp.cache = s->sessions;
        if (tp.cache == NULL)
                return;
        tp.time = t;
@@ -1042,7 +1042,7 @@ SSL_CTX_flush_sessions(SSL_CTX *s, long t)
 int
 ssl_clear_bad_session(SSL *s)
 {
-        if ((s->session != NULL) && !(s->internal->shutdown & SSL_SENT_SHUTDOWN) &&
+        if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) &&
            !(SSL_in_init(s) || SSL_in_before(s))) {
                SSL_CTX_remove_session(s->ctx, s->session);
                return (1);
@@ -1057,23 +1057,23 @@ SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
        if (s->next == NULL || s->prev == NULL)
                return;
-        if (s->next == (SSL_SESSION *)&(ctx->internal->session_cache_tail)) {
+        if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
                /* last element in list */
-                if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) {
+                if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
                        /* only one element in list */
-                        ctx->internal->session_cache_head = NULL;
+                        ctx->session_cache_head = NULL;
-                        ctx->internal->session_cache_tail = NULL;
+                        ctx->session_cache_tail = NULL;
                } else {
-                        ctx->internal->session_cache_tail = s->prev;
+                        ctx->session_cache_tail = s->prev;
                        s->prev->next =
-                            (SSL_SESSION *)&(ctx->internal->session_cache_tail);
+                            (SSL_SESSION *)&(ctx->session_cache_tail);
                }
        } else {
-                if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) {
+                if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
                        /* first element in list */
-                        ctx->internal->session_cache_head = s->next;
+                        ctx->session_cache_head = s->next;
                        s->next->prev =
-                            (SSL_SESSION *)&(ctx->internal->session_cache_head);
+                            (SSL_SESSION *)&(ctx->session_cache_head);
                } else {
                        /* middle of list */
                        s->next->prev = s->prev;
@@ -1089,83 +1089,83 @@ SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
        if (s->next != NULL && s->prev != NULL)
                SSL_SESSION_list_remove(ctx, s);
-        if (ctx->internal->session_cache_head == NULL) {
+        if (ctx->session_cache_head == NULL) {
-                ctx->internal->session_cache_head = s;
+                ctx->session_cache_head = s;
-                ctx->internal->session_cache_tail = s;
+                ctx->session_cache_tail = s;
-                s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head);
+                s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
-                s->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail);
+                s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
        } else {
-                s->next = ctx->internal->session_cache_head;
+                s->next = ctx->session_cache_head;
                s->next->prev = s;
-                s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head);
+                s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
-                ctx->internal->session_cache_head = s;
+                ctx->session_cache_head = s;
        }
 }
 void
 SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
    int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) {
-        ctx->internal->new_session_cb = cb;
+        ctx->new_session_cb = cb;
 }
 int
 (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
 {
-        return ctx->internal->new_session_cb;
+        return ctx->new_session_cb;
 }
 void
 SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
    void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess))
 {
-        ctx->internal->remove_session_cb = cb;
+        ctx->remove_session_cb = cb;
 }
 void
 (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess)
 {
-        return ctx->internal->remove_session_cb;
+        return ctx->remove_session_cb;
 }
 void
 SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl,
    const unsigned char *data, int len, int *copy))
 {
-        ctx->internal->get_session_cb = cb;
+        ctx->get_session_cb = cb;
 }
 SSL_SESSION *
 (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, const unsigned char *data,
    int len, int *copy)
 {
-        return ctx->internal->get_session_cb;
+        return ctx->get_session_cb;
 }
 void
 SSL_CTX_set_info_callback(SSL_CTX *ctx,
    void (*cb)(const SSL *ssl, int type, int val))
 {
-        ctx->internal->info_callback = cb;
+        ctx->info_callback = cb;
 }
 void
 (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val)
 {
-        return ctx->internal->info_callback;
+        return ctx->info_callback;
 }
 void
 SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
    int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
 {
-        ctx->internal->client_cert_cb = cb;
+        ctx->client_cert_cb = cb;
 }
 int
 (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509,
    EVP_PKEY **pkey)
 {
-        return ctx->internal->client_cert_cb;
+        return ctx->client_cert_cb;
 }
 #ifndef OPENSSL_NO_ENGINE
@@ -1181,7 +1181,7 @@ SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
                ENGINE_finish(e);
                return 0;
        }
-        ctx->internal->client_cert_engine = e;
+        ctx->client_cert_engine = e;
        return 1;
 }
 #endif
@@ -1190,14 +1190,14 @@ void
 SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
    int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
 {
-        ctx->internal->app_gen_cookie_cb = cb;
+        ctx->app_gen_cookie_cb = cb;
 }
 void
 SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
    int (*cb)(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len))
 {
-        ctx->internal->app_verify_cookie_cb = cb;
+        ctx->app_verify_cookie_cb = cb;
 }
 int
author	jsing <>	2022-10-02 16:36:42 +0000
committer	jsing <>	2022-10-02 16:36:42 +0000
commit	efde998d3821e41e124a4bfcdf103e506055fc52 (patch)
tree	739f174130582d68ff159ff94cdb3fb2185e31ef /src/lib/libssl/ssl_sess.c
parent	ce780ee20f92c920e451f9c3bdd6bb5fe83f4c5b (diff)
download	openbsd-efde998d3821e41e124a4bfcdf103e506055fc52.tar.gz openbsd-efde998d3821e41e124a4bfcdf103e506055fc52.tar.bz2 openbsd-efde998d3821e41e124a4bfcdf103e506055fc52.zip

diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 7cf36f8984..45c6ddb682 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sess.c,v 1.117 2022/08/17 07:39:19 jsing Exp $ */	1	/* $OpenBSD: ssl_sess.c,v 1.118 2022/10/02 16:36:41 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -354,17 +354,17 @@ ssl_get_new_session(SSL *s, int session)
354	}	354	}
355		355
356	/* If RFC4507 ticket use empty session ID. */	356	/* If RFC4507 ticket use empty session ID. */
357	if (s->internal->tlsext_ticket_expected) {	357	if (s->tlsext_ticket_expected) {
358	ss->session_id_length = 0;	358	ss->session_id_length = 0;
359	goto sess_id_done;	359	goto sess_id_done;
360	}	360	}
361		361
362	/* Choose which callback will set the session ID. */	362	/* Choose which callback will set the session ID. */
363	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);	363	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
364	if (s->internal->generate_session_id)	364	if (s->generate_session_id)
365	cb = s->internal->generate_session_id;	365	cb = s->generate_session_id;
366	else if (s->session_ctx->internal->generate_session_id)	366	else if (s->session_ctx->generate_session_id)
367	cb = s->session_ctx->internal->generate_session_id;	367	cb = s->session_ctx->generate_session_id;
368	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);	368	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
369		369
370	/* Choose a session ID. */	370	/* Choose a session ID. */
@@ -430,7 +430,7 @@ ssl_session_from_cache(SSL s, CBS session_id)
430	SSL_SESSION *sess;	430	SSL_SESSION *sess;
431	SSL_SESSION data;	431	SSL_SESSION data;
432		432
433	if ((s->session_ctx->internal->session_cache_mode &	433	if ((s->session_ctx->session_cache_mode &
434	SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))	434	SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
435	return NULL;	435	return NULL;
436		436
@@ -443,13 +443,13 @@ ssl_session_from_cache(SSL s, CBS session_id)
443	return NULL;	443	return NULL;
444		444
445	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);	445	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
446	sess = lh_SSL_SESSION_retrieve(s->session_ctx->internal->sessions, &data);	446	sess = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
447	if (sess != NULL)	447	if (sess != NULL)
448	CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);	448	CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
449	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);	449	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
450		450
451	if (sess == NULL)	451	if (sess == NULL)
452	s->session_ctx->internal->stats.sess_miss++;	452	s->session_ctx->stats.sess_miss++;
453		453
454	return sess;	454	return sess;
455	}	455	}
@@ -460,11 +460,11 @@ ssl_session_from_callback(SSL s, CBS session_id)
460	SSL_SESSION *sess;	460	SSL_SESSION *sess;
461	int copy;	461	int copy;
462		462
463	if (s->session_ctx->internal->get_session_cb == NULL)	463	if (s->session_ctx->get_session_cb == NULL)
464	return NULL;	464	return NULL;
465		465
466	copy = 1;	466	copy = 1;
467	if ((sess = s->session_ctx->internal->get_session_cb(s,	467	if ((sess = s->session_ctx->get_session_cb(s,
468	CBS_data(session_id), CBS_len(session_id), &copy)) == NULL)	468	CBS_data(session_id), CBS_len(session_id), &copy)) == NULL)
469	return NULL;	469	return NULL;
470	/*	470	/*
@@ -476,10 +476,10 @@ ssl_session_from_callback(SSL s, CBS session_id)
476	if (copy)	476	if (copy)
477	CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);	477	CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
478		478
479	s->session_ctx->internal->stats.sess_cb_hit++;	479	s->session_ctx->stats.sess_cb_hit++;
480		480
481	/* Add the externally cached session to the internal cache as well. */	481	/* Add the externally cached session to the internal cache as well. */
482	if (!(s->session_ctx->internal->session_cache_mode &	482	if (!(s->session_ctx->session_cache_mode &
483	SSL_SESS_CACHE_NO_INTERNAL_STORE)) {	483	SSL_SESS_CACHE_NO_INTERNAL_STORE)) {
484	/*	484	/*
485	* The following should not return 1,	485	* The following should not return 1,
@@ -523,7 +523,7 @@ ssl_session_by_id(SSL s, CBS session_id)
523	* - If a session is found then s->session is pointed at it (after freeing	523	* - If a session is found then s->session is pointed at it (after freeing
524	* an existing session if need be) and s->verify_result is set from the	524	* an existing session if need be) and s->verify_result is set from the
525	* session.	525	* session.
526	* - For both new and resumed sessions, s->internal->tlsext_ticket_expected	526	* - For both new and resumed sessions, s->tlsext_ticket_expected
527	* indicates whether the server should issue a new session ticket or not.	527	* indicates whether the server should issue a new session ticket or not.
528	*/	528	*/
529	int	529	int
@@ -538,7 +538,7 @@ ssl_get_prev_session(SSL s, CBS session_id, CBS ext_block, int alert)
538	if (CBS_len(session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH)	538	if (CBS_len(session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH)
539	goto err;	539	goto err;
540		540
541	/* Sets s->internal->tlsext_ticket_expected. */	541	/* Sets s->tlsext_ticket_expected. */
542	switch (tls1_process_ticket(s, ext_block, &alert_desc, &sess)) {	542	switch (tls1_process_ticket(s, ext_block, &alert_desc, &sess)) {
543	case TLS1_TICKET_FATAL_ERROR:	543	case TLS1_TICKET_FATAL_ERROR:
544	fatal = 1;	544	fatal = 1;
@@ -605,7 +605,7 @@ ssl_get_prev_session(SSL s, CBS session_id, CBS ext_block, int alert)
605	}	605	}
606		606
607	if (sess->timeout < (time(NULL) - sess->time)) {	607	if (sess->timeout < (time(NULL) - sess->time)) {
608	s->session_ctx->internal->stats.sess_timeout++;	608	s->session_ctx->stats.sess_timeout++;
609	if (!ticket_decrypted) {	609	if (!ticket_decrypted) {
610	/* The session was from the cache, so remove it. */	610	/* The session was from the cache, so remove it. */
611	SSL_CTX_remove_session(s->session_ctx, sess);	611	SSL_CTX_remove_session(s->session_ctx, sess);
@@ -613,7 +613,7 @@ ssl_get_prev_session(SSL s, CBS session_id, CBS ext_block, int alert)
613	goto err;	613	goto err;
614	}	614	}
615		615
616	s->session_ctx->internal->stats.sess_hit++;	616	s->session_ctx->stats.sess_hit++;
617		617
618	SSL_SESSION_free(s->session);	618	SSL_SESSION_free(s->session);
619	s->session = sess;	619	s->session = sess;
@@ -628,7 +628,7 @@ ssl_get_prev_session(SSL s, CBS session_id, CBS ext_block, int alert)
628	* The session was from a ticket. Issue a ticket for the new	628	* The session was from a ticket. Issue a ticket for the new
629	* session.	629	* session.
630	*/	630	*/
631	s->internal->tlsext_ticket_expected = 1;	631	s->tlsext_ticket_expected = 1;
632	}	632	}
633	if (fatal) {	633	if (fatal) {
634	*alert = alert_desc;	634	*alert = alert_desc;
@@ -655,12 +655,12 @@ SSL_CTX_add_session(SSL_CTX ctx, SSL_SESSION c)
655	* later.	655	* later.
656	*/	656	*/
657	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);	657	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
658	s = lh_SSL_SESSION_insert(ctx->internal->sessions, c);	658	s = lh_SSL_SESSION_insert(ctx->sessions, c);
659		659
660	/*	660	/*
661	* s != NULL iff we already had a session with the given PID.	661	* s != NULL iff we already had a session with the given PID.
662	* In this case, s == c should hold (then we did not really modify	662	* In this case, s == c should hold (then we did not really modify
663	* ctx->internal->sessions), or we're in trouble.	663	* ctx->sessions), or we're in trouble.
664	*/	664	*/
665	if (s != NULL && s != c) {	665	if (s != NULL && s != c) {
666	/* We are in trouble ... */	666	/* We are in trouble ... */
@@ -700,10 +700,10 @@ SSL_CTX_add_session(SSL_CTX ctx, SSL_SESSION c)
700	while (SSL_CTX_sess_number(ctx) >	700	while (SSL_CTX_sess_number(ctx) >
701	SSL_CTX_sess_get_cache_size(ctx)) {	701	SSL_CTX_sess_get_cache_size(ctx)) {
702	if (!remove_session_lock(ctx,	702	if (!remove_session_lock(ctx,
703	ctx->internal->session_cache_tail, 0))	703	ctx->session_cache_tail, 0))
704	break;	704	break;
705	else	705	else
706	ctx->internal->stats.sess_cache_full++;	706	ctx->stats.sess_cache_full++;
707	}	707	}
708	}	708	}
709	}	709	}
@@ -728,9 +728,9 @@ remove_session_lock(SSL_CTX ctx, SSL_SESSION c, int lck)
728		728
729	if (lck)	729	if (lck)
730	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);	730	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
731	if ((r = lh_SSL_SESSION_retrieve(ctx->internal->sessions, c)) == c) {	731	if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
732	ret = 1;	732	ret = 1;
733	r = lh_SSL_SESSION_delete(ctx->internal->sessions, c);	733	r = lh_SSL_SESSION_delete(ctx->sessions, c);
734	SSL_SESSION_list_remove(ctx, c);	734	SSL_SESSION_list_remove(ctx, c);
735	}	735	}
736	if (lck)	736	if (lck)
@@ -738,8 +738,8 @@ remove_session_lock(SSL_CTX ctx, SSL_SESSION c, int lck)
738		738
739	if (ret) {	739	if (ret) {
740	r->not_resumable = 1;	740	r->not_resumable = 1;
741	if (ctx->internal->remove_session_cb != NULL)	741	if (ctx->remove_session_cb != NULL)
742	ctx->internal->remove_session_cb(ctx, r);	742	ctx->remove_session_cb(ctx, r);
743	SSL_SESSION_free(r);	743	SSL_SESSION_free(r);
744	}	744	}
745		745
@@ -942,8 +942,8 @@ SSL_set_session_secret_cb(SSL s, int (tls_session_secret_cb)(SSL *s,
942	{	942	{
943	if (s == NULL)	943	if (s == NULL)
944	return (0);	944	return (0);
945	s->internal->tls_session_secret_cb = tls_session_secret_cb;	945	s->tls_session_secret_cb = tls_session_secret_cb;
946	s->internal->tls_session_secret_cb_arg = arg;	946	s->tls_session_secret_cb_arg = arg;
947	return (1);	947	return (1);
948	}	948	}
949		949
@@ -953,8 +953,8 @@ SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
953	{	953	{
954	if (s == NULL)	954	if (s == NULL)
955	return (0);	955	return (0);
956	s->internal->tls_session_ticket_ext_cb = cb;	956	s->tls_session_ticket_ext_cb = cb;
957	s->internal->tls_session_ticket_ext_cb_arg = arg;	957	s->tls_session_ticket_ext_cb_arg = arg;
958	return (1);	958	return (1);
959	}	959	}
960		960
@@ -962,23 +962,23 @@ int
962	SSL_set_session_ticket_ext(SSL s, void ext_data, int ext_len)	962	SSL_set_session_ticket_ext(SSL s, void ext_data, int ext_len)
963	{	963	{
964	if (s->version >= TLS1_VERSION) {	964	if (s->version >= TLS1_VERSION) {
965	free(s->internal->tlsext_session_ticket);	965	free(s->tlsext_session_ticket);
966	s->internal->tlsext_session_ticket =	966	s->tlsext_session_ticket =
967	malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);	967	malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
968	if (!s->internal->tlsext_session_ticket) {	968	if (!s->tlsext_session_ticket) {
969	SSLerror(s, ERR_R_MALLOC_FAILURE);	969	SSLerror(s, ERR_R_MALLOC_FAILURE);
970	return 0;	970	return 0;
971	}	971	}
972		972
973	if (ext_data) {	973	if (ext_data) {
974	s->internal->tlsext_session_ticket->length = ext_len;	974	s->tlsext_session_ticket->length = ext_len;
975	s->internal->tlsext_session_ticket->data =	975	s->tlsext_session_ticket->data =
976	s->internal->tlsext_session_ticket + 1;	976	s->tlsext_session_ticket + 1;
977	memcpy(s->internal->tlsext_session_ticket->data,	977	memcpy(s->tlsext_session_ticket->data,
978	ext_data, ext_len);	978	ext_data, ext_len);
979	} else {	979	} else {
980	s->internal->tlsext_session_ticket->length = 0;	980	s->tlsext_session_ticket->length = 0;
981	s->internal->tlsext_session_ticket->data = NULL;	981	s->tlsext_session_ticket->data = NULL;
982	}	982	}
983		983
984	return 1;	984	return 1;
@@ -1003,8 +1003,8 @@ timeout_doall_arg(SSL_SESSION s, TIMEOUT_PARAM p)
1003	(void)lh_SSL_SESSION_delete(p->cache, s);	1003	(void)lh_SSL_SESSION_delete(p->cache, s);
1004	SSL_SESSION_list_remove(p->ctx, s);	1004	SSL_SESSION_list_remove(p->ctx, s);
1005	s->not_resumable = 1;	1005	s->not_resumable = 1;
1006	if (p->ctx->internal->remove_session_cb != NULL)	1006	if (p->ctx->remove_session_cb != NULL)
1007	p->ctx->internal->remove_session_cb(p->ctx, s);	1007	p->ctx->remove_session_cb(p->ctx, s);
1008	SSL_SESSION_free(s);	1008	SSL_SESSION_free(s);
1009	}	1009	}
1010	}	1010	}
@@ -1026,7 +1026,7 @@ SSL_CTX_flush_sessions(SSL_CTX *s, long t)
1026	TIMEOUT_PARAM tp;	1026	TIMEOUT_PARAM tp;
1027		1027
1028	tp.ctx = s;	1028	tp.ctx = s;
1029	tp.cache = s->internal->sessions;	1029	tp.cache = s->sessions;
1030	if (tp.cache == NULL)	1030	if (tp.cache == NULL)
1031	return;	1031	return;
1032	tp.time = t;	1032	tp.time = t;
@@ -1042,7 +1042,7 @@ SSL_CTX_flush_sessions(SSL_CTX *s, long t)
1042	int	1042	int
1043	ssl_clear_bad_session(SSL *s)	1043	ssl_clear_bad_session(SSL *s)
1044	{	1044	{
1045	if ((s->session != NULL) && !(s->internal->shutdown & SSL_SENT_SHUTDOWN) &&	1045	if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) &&
1046	!(SSL_in_init(s) \|\| SSL_in_before(s))) {	1046	!(SSL_in_init(s) \|\| SSL_in_before(s))) {
1047	SSL_CTX_remove_session(s->ctx, s->session);	1047	SSL_CTX_remove_session(s->ctx, s->session);
1048	return (1);	1048	return (1);
@@ -1057,23 +1057,23 @@ SSL_SESSION_list_remove(SSL_CTX ctx, SSL_SESSION s)
1057	if (s->next == NULL \|\| s->prev == NULL)	1057	if (s->next == NULL \|\| s->prev == NULL)
1058	return;	1058	return;
1059		1059
1060	if (s->next == (SSL_SESSION *)&(ctx->internal->session_cache_tail)) {	1060	if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
1061	/* last element in list */	1061	/* last element in list */
1062	if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) {	1062	if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1063	/* only one element in list */	1063	/* only one element in list */
1064	ctx->internal->session_cache_head = NULL;	1064	ctx->session_cache_head = NULL;
1065	ctx->internal->session_cache_tail = NULL;	1065	ctx->session_cache_tail = NULL;
1066	} else {	1066	} else {
1067	ctx->internal->session_cache_tail = s->prev;	1067	ctx->session_cache_tail = s->prev;
1068	s->prev->next =	1068	s->prev->next =
1069	(SSL_SESSION *)&(ctx->internal->session_cache_tail);	1069	(SSL_SESSION *)&(ctx->session_cache_tail);
1070	}	1070	}
1071	} else {	1071	} else {
1072	if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) {	1072	if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1073	/* first element in list */	1073	/* first element in list */
1074	ctx->internal->session_cache_head = s->next;	1074	ctx->session_cache_head = s->next;
1075	s->next->prev =	1075	s->next->prev =
1076	(SSL_SESSION *)&(ctx->internal->session_cache_head);	1076	(SSL_SESSION *)&(ctx->session_cache_head);
1077	} else {	1077	} else {
1078	/* middle of list */	1078	/* middle of list */
1079	s->next->prev = s->prev;	1079	s->next->prev = s->prev;
@@ -1089,83 +1089,83 @@ SSL_SESSION_list_add(SSL_CTX ctx, SSL_SESSION s)
1089	if (s->next != NULL && s->prev != NULL)	1089	if (s->next != NULL && s->prev != NULL)
1090	SSL_SESSION_list_remove(ctx, s);	1090	SSL_SESSION_list_remove(ctx, s);
1091		1091
1092	if (ctx->internal->session_cache_head == NULL) {	1092	if (ctx->session_cache_head == NULL) {
1093	ctx->internal->session_cache_head = s;	1093	ctx->session_cache_head = s;
1094	ctx->internal->session_cache_tail = s;	1094	ctx->session_cache_tail = s;
1095	s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head);	1095	s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1096	s->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail);	1096	s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1097	} else {	1097	} else {
1098	s->next = ctx->internal->session_cache_head;	1098	s->next = ctx->session_cache_head;
1099	s->next->prev = s;	1099	s->next->prev = s;
1100	s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head);	1100	s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1101	ctx->internal->session_cache_head = s;	1101	ctx->session_cache_head = s;
1102	}	1102	}
1103	}	1103	}
1104		1104
1105	void	1105	void
1106	SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,	1106	SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1107	int (cb)(struct ssl_st ssl, SSL_SESSION *sess)) {	1107	int (cb)(struct ssl_st ssl, SSL_SESSION *sess)) {
1108	ctx->internal->new_session_cb = cb;	1108	ctx->new_session_cb = cb;
1109	}	1109	}
1110		1110
1111	int	1111	int
1112	(SSL_CTX_sess_get_new_cb(SSL_CTX ctx))(SSL ssl, SSL_SESSION sess)	1112	(SSL_CTX_sess_get_new_cb(SSL_CTX ctx))(SSL ssl, SSL_SESSION sess)
1113	{	1113	{
1114	return ctx->internal->new_session_cb;	1114	return ctx->new_session_cb;
1115	}	1115	}
1116		1116
1117	void	1117	void
1118	SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,	1118	SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1119	void (cb)(SSL_CTX ctx, SSL_SESSION *sess))	1119	void (cb)(SSL_CTX ctx, SSL_SESSION *sess))
1120	{	1120	{
1121	ctx->internal->remove_session_cb = cb;	1121	ctx->remove_session_cb = cb;
1122	}	1122	}
1123		1123
1124	void	1124	void
1125	(SSL_CTX_sess_get_remove_cb(SSL_CTX ctx))(SSL_CTX * ctx, SSL_SESSION *sess)	1125	(SSL_CTX_sess_get_remove_cb(SSL_CTX ctx))(SSL_CTX * ctx, SSL_SESSION *sess)
1126	{	1126	{
1127	return ctx->internal->remove_session_cb;	1127	return ctx->remove_session_cb;
1128	}	1128	}
1129		1129
1130	void	1130	void
1131	SSL_CTX_sess_set_get_cb(SSL_CTX ctx, SSL_SESSION (cb)(struct ssl_st ssl,	1131	SSL_CTX_sess_set_get_cb(SSL_CTX ctx, SSL_SESSION (cb)(struct ssl_st ssl,
1132	const unsigned char data, int len, int copy))	1132	const unsigned char data, int len, int copy))
1133	{	1133	{
1134	ctx->internal->get_session_cb = cb;	1134	ctx->get_session_cb = cb;
1135	}	1135	}
1136		1136
1137	SSL_SESSION *	1137	SSL_SESSION *
1138	(SSL_CTX_sess_get_get_cb(SSL_CTX ctx))(SSL ssl, const unsigned char data,	1138	(SSL_CTX_sess_get_get_cb(SSL_CTX ctx))(SSL ssl, const unsigned char data,
1139	int len, int *copy)	1139	int len, int *copy)
1140	{	1140	{
1141	return ctx->internal->get_session_cb;	1141	return ctx->get_session_cb;
1142	}	1142	}
1143		1143
1144	void	1144	void
1145	SSL_CTX_set_info_callback(SSL_CTX *ctx,	1145	SSL_CTX_set_info_callback(SSL_CTX *ctx,
1146	void (cb)(const SSL ssl, int type, int val))	1146	void (cb)(const SSL ssl, int type, int val))
1147	{	1147	{
1148	ctx->internal->info_callback = cb;	1148	ctx->info_callback = cb;
1149	}	1149	}
1150		1150
1151	void	1151	void
1152	(SSL_CTX_get_info_callback(SSL_CTX ctx))(const SSL *ssl, int type, int val)	1152	(SSL_CTX_get_info_callback(SSL_CTX ctx))(const SSL *ssl, int type, int val)
1153	{	1153	{
1154	return ctx->internal->info_callback;	1154	return ctx->info_callback;
1155	}	1155	}
1156		1156
1157	void	1157	void
1158	SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,	1158	SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1159	int (cb)(SSL ssl, X509 x509, EVP_PKEY pkey))	1159	int (cb)(SSL ssl, X509 x509, EVP_PKEY pkey))
1160	{	1160	{
1161	ctx->internal->client_cert_cb = cb;	1161	ctx->client_cert_cb = cb;
1162	}	1162	}
1163		1163
1164	int	1164	int
1165	(SSL_CTX_get_client_cert_cb(SSL_CTX ctx))(SSL * ssl, X509 ** x509,	1165	(SSL_CTX_get_client_cert_cb(SSL_CTX ctx))(SSL * ssl, X509 ** x509,
1166	EVP_PKEY **pkey)	1166	EVP_PKEY **pkey)
1167	{	1167	{
1168	return ctx->internal->client_cert_cb;	1168	return ctx->client_cert_cb;
1169	}	1169	}
1170		1170
1171	#ifndef OPENSSL_NO_ENGINE	1171	#ifndef OPENSSL_NO_ENGINE
@@ -1181,7 +1181,7 @@ SSL_CTX_set_client_cert_engine(SSL_CTX ctx, ENGINE e)
1181	ENGINE_finish(e);	1181	ENGINE_finish(e);
1182	return 0;	1182	return 0;
1183	}	1183	}
1184	ctx->internal->client_cert_engine = e;	1184	ctx->client_cert_engine = e;
1185	return 1;	1185	return 1;
1186	}	1186	}
1187	#endif	1187	#endif
@@ -1190,14 +1190,14 @@ void
1190	SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,	1190	SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1191	int (cb)(SSL ssl, unsigned char cookie, unsigned int cookie_len))	1191	int (cb)(SSL ssl, unsigned char cookie, unsigned int cookie_len))
1192	{	1192	{
1193	ctx->internal->app_gen_cookie_cb = cb;	1193	ctx->app_gen_cookie_cb = cb;
1194	}	1194	}
1195		1195
1196	void	1196	void
1197	SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,	1197	SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1198	int (cb)(SSL ssl, const unsigned char *cookie, unsigned int cookie_len))	1198	int (cb)(SSL ssl, const unsigned char *cookie, unsigned int cookie_len))
1199	{	1199	{
1200	ctx->internal->app_verify_cookie_cb = cb;	1200	ctx->app_verify_cookie_cb = cb;
1201	}	1201	}
1202		1202
1203	int	1203	int