summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_sess.c
diff options
context:
space:
mode:
authorjsing <>2014-04-14 13:10:35 +0000
committerjsing <>2014-04-14 13:10:35 +0000
commitb12a89b75a526f5ae9bbd6bfff6053e21295fd2a (patch)
tree7ee2ebf15684ee99e649ef8b3b2dd289398f6325 /src/lib/libssl/ssl_sess.c
parentabb7d374248574dba5fd92eb363fdf180c877abc (diff)
downloadopenbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.tar.gz
openbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.tar.bz2
openbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src/lib/libssl/ssl_sess.c')
-rw-r--r--src/lib/libssl/ssl_sess.c1094
1 files changed, 539 insertions, 555 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index ad40fadd02..b29115862b 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -144,68 +144,74 @@
144#include "ssl_locl.h" 144#include "ssl_locl.h"
145 145
146static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); 146static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
147static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); 147static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
148static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); 148static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
149 149
150SSL_SESSION *SSL_get_session(const SSL *ssl) 150SSL_SESSION
151*SSL_get_session(const SSL *ssl)
151/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ 152/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
152 { 153{
153 return(ssl->session); 154 return (ssl->session);
154 } 155}
155 156
156SSL_SESSION *SSL_get1_session(SSL *ssl) 157SSL_SESSION
158*SSL_get1_session(SSL *ssl)
157/* variant of SSL_get_session: caller really gets something */ 159/* variant of SSL_get_session: caller really gets something */
158 { 160{
159 SSL_SESSION *sess; 161 SSL_SESSION *sess;
160 /* Need to lock this all up rather than just use CRYPTO_add so that 162 /* Need to lock this all up rather than just use CRYPTO_add so that
161 * somebody doesn't free ssl->session between when we check it's 163 * somebody doesn't free ssl->session between when we check it's
162 * non-null and when we up the reference count. */ 164 * non-null and when we up the reference count. */
163 CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); 165 CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
164 sess = ssl->session; 166 sess = ssl->session;
165 if(sess) 167 if (sess)
166 sess->references++; 168 sess->references++;
167 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); 169 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
168 return(sess); 170 return (sess);
169 } 171}
170 172
171int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 173int
172 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 174SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
173 { 175 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
176{
174 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, 177 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
175 new_func, dup_func, free_func); 178 new_func, dup_func, free_func);
176 } 179}
177 180
178int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) 181int
179 { 182SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
180 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 183{
181 } 184 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
185}
182 186
183void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) 187void
184 { 188*SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
185 return(CRYPTO_get_ex_data(&s->ex_data,idx)); 189{
186 } 190 return (CRYPTO_get_ex_data(&s->ex_data, idx));
191}
187 192
188SSL_SESSION *SSL_SESSION_new(void) 193SSL_SESSION
189 { 194*SSL_SESSION_new(void)
195{
190 SSL_SESSION *ss; 196 SSL_SESSION *ss;
191 197
192 ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); 198 ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
193 if (ss == NULL) 199 if (ss == NULL) {
194 { 200 SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
195 SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); 201 return (0);
196 return(0); 202 }
197 } 203 memset(ss, 0, sizeof(SSL_SESSION));
198 memset(ss,0,sizeof(SSL_SESSION));
199 204
200 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ 205 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
201 ss->references=1; 206 ss->references = 1;
202 ss->timeout=60*5+4; /* 5 minute timeout by default */ 207 ss->timeout=60*5+4; /* 5 minute timeout by default */
203 ss->time=(unsigned long)time(NULL); 208 ss->time = (unsigned long)time(NULL);
204 ss->prev=NULL; 209 ss->prev = NULL;
205 ss->next=NULL; 210 ss->next = NULL;
206 ss->compress_meth=0; 211 ss->compress_meth = 0;
207#ifndef OPENSSL_NO_TLSEXT 212#ifndef OPENSSL_NO_TLSEXT
208 ss->tlsext_hostname = NULL; 213 ss->tlsext_hostname = NULL;
214
209#ifndef OPENSSL_NO_EC 215#ifndef OPENSSL_NO_EC
210 ss->tlsext_ecpointformatlist_length = 0; 216 ss->tlsext_ecpointformatlist_length = 0;
211 ss->tlsext_ecpointformatlist = NULL; 217 ss->tlsext_ecpointformatlist = NULL;
@@ -215,26 +221,28 @@ SSL_SESSION *SSL_SESSION_new(void)
215#endif 221#endif
216 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); 222 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
217#ifndef OPENSSL_NO_PSK 223#ifndef OPENSSL_NO_PSK
218 ss->psk_identity_hint=NULL; 224 ss->psk_identity_hint = NULL;
219 ss->psk_identity=NULL; 225 ss->psk_identity = NULL;
220#endif 226#endif
221#ifndef OPENSSL_NO_SRP 227#ifndef OPENSSL_NO_SRP
222 ss->srp_username=NULL; 228 ss->srp_username = NULL;
223#endif 229#endif
224 return(ss); 230 return (ss);
225 } 231}
226 232
227const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) 233const unsigned char
228 { 234*SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
229 if(len) 235{
236 if (len)
230 *len = s->session_id_length; 237 *len = s->session_id_length;
231 return s->session_id; 238 return s->session_id;
232 } 239}
233 240
234unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) 241unsigned int
235 { 242SSL_SESSION_get_compress_id(const SSL_SESSION *s)
243{
236 return s->compress_meth; 244 return s->compress_meth;
237 } 245}
238 246
239/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 247/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
240 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly 248 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
@@ -246,16 +254,17 @@ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
246 * store that many sessions is perhaps a more interesting question ... */ 254 * store that many sessions is perhaps a more interesting question ... */
247 255
248#define MAX_SESS_ID_ATTEMPTS 10 256#define MAX_SESS_ID_ATTEMPTS 10
249static int def_generate_session_id(const SSL *ssl, unsigned char *id, 257static int
250 unsigned int *id_len) 258def_generate_session_id(const SSL *ssl, unsigned char *id,
259 unsigned int *id_len)
251{ 260{
252 unsigned int retry = 0; 261 unsigned int retry = 0;
253 do 262 do
254 if (RAND_pseudo_bytes(id, *id_len) <= 0) 263 if (RAND_pseudo_bytes(id, *id_len) <= 0)
255 return 0; 264 return 0;
256 while(SSL_has_matching_session_id(ssl, id, *id_len) && 265 while (SSL_has_matching_session_id(ssl, id, *id_len) &&
257 (++retry < MAX_SESS_ID_ATTEMPTS)); 266 (++retry < MAX_SESS_ID_ATTEMPTS));
258 if(retry < MAX_SESS_ID_ATTEMPTS) 267 if (retry < MAX_SESS_ID_ATTEMPTS)
259 return 1; 268 return 1;
260 /* else - woops a session_id match */ 269 /* else - woops a session_id match */
261 /* XXX We should also check the external cache -- 270 /* XXX We should also check the external cache --
@@ -269,120 +278,100 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id,
269 return 0; 278 return 0;
270} 279}
271 280
272int ssl_get_new_session(SSL *s, int session) 281int
273 { 282ssl_get_new_session(SSL *s, int session)
283{
274 /* This gets used by clients and servers. */ 284 /* This gets used by clients and servers. */
275 285
276 unsigned int tmp; 286 unsigned int tmp;
277 SSL_SESSION *ss=NULL; 287 SSL_SESSION *ss = NULL;
278 GEN_SESSION_CB cb = def_generate_session_id; 288 GEN_SESSION_CB cb = def_generate_session_id;
279 289
280 if ((ss=SSL_SESSION_new()) == NULL) return(0); 290 if ((ss = SSL_SESSION_new()) == NULL) return (0);
281 291
282 /* If the context has a default timeout, use it */ 292 /* If the context has a default timeout, use it */
283 if (s->session_ctx->session_timeout == 0) 293 if (s->session_ctx->session_timeout == 0)
284 ss->timeout=SSL_get_default_timeout(s); 294 ss->timeout = SSL_get_default_timeout(s);
285 else 295 else
286 ss->timeout=s->session_ctx->session_timeout; 296 ss->timeout = s->session_ctx->session_timeout;
287 297
288 if (s->session != NULL) 298 if (s->session != NULL) {
289 {
290 SSL_SESSION_free(s->session); 299 SSL_SESSION_free(s->session);
291 s->session=NULL; 300 s->session = NULL;
292 } 301 }
293 302
294 if (session) 303 if (session) {
295 { 304 if (s->version == SSL2_VERSION) {
296 if (s->version == SSL2_VERSION) 305 ss->ssl_version = SSL2_VERSION;
297 { 306 ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
298 ss->ssl_version=SSL2_VERSION; 307 } else if (s->version == SSL3_VERSION) {
299 ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; 308 ss->ssl_version = SSL3_VERSION;
300 } 309 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
301 else if (s->version == SSL3_VERSION) 310 } else if (s->version == TLS1_VERSION) {
302 { 311 ss->ssl_version = TLS1_VERSION;
303 ss->ssl_version=SSL3_VERSION; 312 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
304 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 313 } else if (s->version == TLS1_1_VERSION) {
305 } 314 ss->ssl_version = TLS1_1_VERSION;
306 else if (s->version == TLS1_VERSION) 315 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
307 { 316 } else if (s->version == TLS1_2_VERSION) {
308 ss->ssl_version=TLS1_VERSION; 317 ss->ssl_version = TLS1_2_VERSION;
309 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 318 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
310 } 319 } else if (s->version == DTLS1_BAD_VER) {
311 else if (s->version == TLS1_1_VERSION) 320 ss->ssl_version = DTLS1_BAD_VER;
312 { 321 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
313 ss->ssl_version=TLS1_1_VERSION; 322 } else if (s->version == DTLS1_VERSION) {
314 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 323 ss->ssl_version = DTLS1_VERSION;
315 } 324 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
316 else if (s->version == TLS1_2_VERSION) 325 } else {
317 { 326 SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
318 ss->ssl_version=TLS1_2_VERSION;
319 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
320 }
321 else if (s->version == DTLS1_BAD_VER)
322 {
323 ss->ssl_version=DTLS1_BAD_VER;
324 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
325 }
326 else if (s->version == DTLS1_VERSION)
327 {
328 ss->ssl_version=DTLS1_VERSION;
329 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
330 }
331 else
332 {
333 SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
334 SSL_SESSION_free(ss); 327 SSL_SESSION_free(ss);
335 return(0); 328 return (0);
336 } 329 }
337#ifndef OPENSSL_NO_TLSEXT 330#ifndef OPENSSL_NO_TLSEXT
338 /* If RFC4507 ticket use empty session ID */ 331 /* If RFC4507 ticket use empty session ID */
339 if (s->tlsext_ticket_expected) 332 if (s->tlsext_ticket_expected) {
340 {
341 ss->session_id_length = 0; 333 ss->session_id_length = 0;
342 goto sess_id_done; 334 goto sess_id_done;
343 } 335 }
344#endif 336#endif
345 /* Choose which callback will set the session ID */ 337 /* Choose which callback will set the session ID */
346 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 338 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
347 if(s->generate_session_id) 339 if (s->generate_session_id)
348 cb = s->generate_session_id; 340 cb = s->generate_session_id;
349 else if(s->session_ctx->generate_session_id) 341 else if (s->session_ctx->generate_session_id)
350 cb = s->session_ctx->generate_session_id; 342 cb = s->session_ctx->generate_session_id;
351 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 343 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
352 /* Choose a session ID */ 344 /* Choose a session ID */
353 tmp = ss->session_id_length; 345 tmp = ss->session_id_length;
354 if(!cb(s, ss->session_id, &tmp)) 346 if (!cb(s, ss->session_id, &tmp)) {
355 {
356 /* The callback failed */ 347 /* The callback failed */
357 SSLerr(SSL_F_SSL_GET_NEW_SESSION, 348 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
358 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); 349 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
359 SSL_SESSION_free(ss); 350 SSL_SESSION_free(ss);
360 return(0); 351 return (0);
361 } 352 }
362 /* Don't allow the callback to set the session length to zero. 353 /* Don't allow the callback to set the session length to zero.
363 * nor set it higher than it was. */ 354 * nor set it higher than it was. */
364 if(!tmp || (tmp > ss->session_id_length)) 355 if (!tmp || (tmp > ss->session_id_length)) {
365 {
366 /* The callback set an illegal length */ 356 /* The callback set an illegal length */
367 SSLerr(SSL_F_SSL_GET_NEW_SESSION, 357 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
368 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); 358 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
369 SSL_SESSION_free(ss); 359 SSL_SESSION_free(ss);
370 return(0); 360 return (0);
371 } 361 }
372 /* If the session length was shrunk and we're SSLv2, pad it */ 362 /* If the session length was shrunk and we're SSLv2, pad it */
373 if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) 363 if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
374 memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); 364 memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
375 else 365 else
376 ss->session_id_length = tmp; 366 ss->session_id_length = tmp;
377 /* Finally, check for a conflict */ 367 /* Finally, check for a conflict */
378 if(SSL_has_matching_session_id(s, ss->session_id, 368 if (SSL_has_matching_session_id(s, ss->session_id,
379 ss->session_id_length)) 369 ss->session_id_length)) {
380 {
381 SSLerr(SSL_F_SSL_GET_NEW_SESSION, 370 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
382 SSL_R_SSL_SESSION_ID_CONFLICT); 371 SSL_R_SSL_SESSION_ID_CONFLICT);
383 SSL_SESSION_free(ss); 372 SSL_SESSION_free(ss);
384 return(0); 373 return (0);
385 } 374 }
386#ifndef OPENSSL_NO_TLSEXT 375#ifndef OPENSSL_NO_TLSEXT
387 sess_id_done: 376 sess_id_done:
388 if (s->tlsext_hostname) { 377 if (s->tlsext_hostname) {
@@ -391,55 +380,50 @@ int ssl_get_new_session(SSL *s, int session)
391 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); 380 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
392 SSL_SESSION_free(ss); 381 SSL_SESSION_free(ss);
393 return 0; 382 return 0;
394 }
395 } 383 }
384 }
396#ifndef OPENSSL_NO_EC 385#ifndef OPENSSL_NO_EC
397 if (s->tlsext_ecpointformatlist) 386 if (s->tlsext_ecpointformatlist) {
398 { 387 if (ss->tlsext_ecpointformatlist != NULL)
399 if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); 388 OPENSSL_free(ss->tlsext_ecpointformatlist);
400 if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) 389 if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) {
401 {
402 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 390 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
403 SSL_SESSION_free(ss); 391 SSL_SESSION_free(ss);
404 return 0; 392 return 0;
405 } 393 }
406 ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; 394 ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length;
407 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 395 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
408 } 396 }
409 if (s->tlsext_ellipticcurvelist) 397 if (s->tlsext_ellipticcurvelist) {
410 { 398 if (ss->tlsext_ellipticcurvelist != NULL)
411 if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); 399 OPENSSL_free(ss->tlsext_ellipticcurvelist);
412 if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) 400 if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
413 {
414 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 401 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
415 SSL_SESSION_free(ss); 402 SSL_SESSION_free(ss);
416 return 0; 403 return 0;
417 } 404 }
418 ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; 405 ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length;
419 memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); 406 memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
420 } 407 }
421#endif 408#endif
422#endif 409#endif
423 } 410 } else {
424 else 411 ss->session_id_length = 0;
425 { 412 }
426 ss->session_id_length=0;
427 }
428 413
429 if (s->sid_ctx_length > sizeof ss->sid_ctx) 414 if (s->sid_ctx_length > sizeof ss->sid_ctx) {
430 {
431 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); 415 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
432 SSL_SESSION_free(ss); 416 SSL_SESSION_free(ss);
433 return 0; 417 return 0;
434 } 418 }
435 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); 419 memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
436 ss->sid_ctx_length=s->sid_ctx_length; 420 ss->sid_ctx_length = s->sid_ctx_length;
437 s->session=ss; 421 s->session = ss;
438 ss->ssl_version=s->version; 422 ss->ssl_version = s->version;
439 ss->verify_result = X509_V_OK; 423 ss->verify_result = X509_V_OK;
440 424
441 return(1); 425 return (1);
442 } 426}
443 427
444/* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this 428/* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
445 * connection. It is only called by servers. 429 * connection. It is only called by servers.
@@ -460,12 +444,13 @@ int ssl_get_new_session(SSL *s, int session)
460 * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 444 * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1
461 * if the server should issue a new session ticket (to 0 otherwise). 445 * if the server should issue a new session ticket (to 0 otherwise).
462 */ 446 */
463int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, 447int
464 const unsigned char *limit) 448ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
465 { 449 const unsigned char *limit)
450{
466 /* This is used only by servers. */ 451 /* This is used only by servers. */
467 452
468 SSL_SESSION *ret=NULL; 453 SSL_SESSION *ret = NULL;
469 int fatal = 0; 454 int fatal = 0;
470 int try_session_cache = 1; 455 int try_session_cache = 1;
471#ifndef OPENSSL_NO_TLSEXT 456#ifndef OPENSSL_NO_TLSEXT
@@ -480,8 +465,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
480 465
481#ifndef OPENSSL_NO_TLSEXT 466#ifndef OPENSSL_NO_TLSEXT
482 r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ 467 r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */
483 switch (r) 468 switch (r) {
484 {
485 case -1: /* Error during processing */ 469 case -1: /* Error during processing */
486 fatal = 1; 470 fatal = 1;
487 goto err; 471 goto err;
@@ -494,39 +478,35 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
494 break; 478 break;
495 default: 479 default:
496 abort(); 480 abort();
497 } 481 }
498#endif 482#endif
499 483
500 if (try_session_cache && 484 if (try_session_cache &&
501 ret == NULL && 485 ret == NULL &&
502 !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) 486 !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) {
503 {
504 SSL_SESSION data; 487 SSL_SESSION data;
505 data.ssl_version=s->version; 488 data.ssl_version = s->version;
506 data.session_id_length=len; 489 data.session_id_length = len;
507 if (len == 0) 490 if (len == 0)
508 return 0; 491 return 0;
509 memcpy(data.session_id,session_id,len); 492 memcpy(data.session_id, session_id, len);
510 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 493 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
511 ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data); 494 ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
512 if (ret != NULL) 495 if (ret != NULL) {
513 {
514 /* don't allow other threads to steal it: */ 496 /* don't allow other threads to steal it: */
515 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); 497 CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION);
516 } 498 }
517 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 499 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
518 if (ret == NULL) 500 if (ret == NULL)
519 s->session_ctx->stats.sess_miss++; 501 s->session_ctx->stats.sess_miss++;
520 } 502 }
521 503
522 if (try_session_cache && 504 if (try_session_cache &&
523 ret == NULL && 505 ret == NULL &&
524 s->session_ctx->get_session_cb != NULL) 506 s->session_ctx->get_session_cb != NULL) {
525 { 507 int copy = 1;
526 int copy=1; 508
527 509 if ((ret = s->session_ctx->get_session_cb(s, session_id, len, &copy))) {
528 if ((ret=s->session_ctx->get_session_cb(s,session_id,len,&copy)))
529 {
530 s->session_ctx->stats.sess_cb_hit++; 510 s->session_ctx->stats.sess_cb_hit++;
531 511
532 /* Increment reference count now if the session callback 512 /* Increment reference count now if the session callback
@@ -535,16 +515,16 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
535 * it must handle the reference count itself [i.e. copy == 0], 515 * it must handle the reference count itself [i.e. copy == 0],
536 * or things won't be thread-safe). */ 516 * or things won't be thread-safe). */
537 if (copy) 517 if (copy)
538 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); 518 CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION);
539 519
540 /* Add the externally cached session to the internal 520 /* Add the externally cached session to the internal
541 * cache as well if and only if we are supposed to. */ 521 * cache as well if and only if we are supposed to. */
542 if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) 522 if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
543 /* The following should not return 1, otherwise, 523 /* The following should not return 1, otherwise,
544 * things are very strange */ 524 * things are very strange */
545 SSL_CTX_add_session(s->session_ctx,ret); 525 SSL_CTX_add_session(s->session_ctx, ret);
546 }
547 } 526 }
527 }
548 528
549 if (ret == NULL) 529 if (ret == NULL)
550 goto err; 530 goto err;
@@ -552,15 +532,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
552 /* Now ret is non-NULL and we own one of its reference counts. */ 532 /* Now ret is non-NULL and we own one of its reference counts. */
553 533
554 if (ret->sid_ctx_length != s->sid_ctx_length 534 if (ret->sid_ctx_length != s->sid_ctx_length
555 || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) 535 || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
556 {
557 /* We have the session requested by the client, but we don't 536 /* We have the session requested by the client, but we don't
558 * want to use it in this context. */ 537 * want to use it in this context. */
559 goto err; /* treat like cache miss */ 538 goto err; /* treat like cache miss */
560 } 539 }
561 540
562 if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) 541 if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
563 {
564 /* We can't be sure if this session is being used out of 542 /* We can't be sure if this session is being used out of
565 * context, which is especially important for SSL_VERIFY_PEER. 543 * context, which is especially important for SSL_VERIFY_PEER.
566 * The application should have used SSL[_CTX]_set_session_id_context. 544 * The application should have used SSL[_CTX]_set_session_id_context.
@@ -570,87 +548,83 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
570 * applications to effectively disable the session cache by 548 * applications to effectively disable the session cache by
571 * accident without anyone noticing). 549 * accident without anyone noticing).
572 */ 550 */
573 551
574 SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); 552 SSLerr(SSL_F_SSL_GET_PREV_SESSION, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
575 fatal = 1; 553 fatal = 1;
576 goto err; 554 goto err;
577 } 555 }
578 556
579 if (ret->cipher == NULL) 557 if (ret->cipher == NULL) {
580 { 558 unsigned char buf[5], *p;
581 unsigned char buf[5],*p;
582 unsigned long l; 559 unsigned long l;
583 560
584 p=buf; 561 p = buf;
585 l=ret->cipher_id; 562 l = ret->cipher_id;
586 l2n(l,p); 563 l2n(l, p);
587 if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR) 564 if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)
588 ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); 565 ret->cipher = ssl_get_cipher_by_char(s, &(buf[2]));
589 else 566 else
590 ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); 567 ret->cipher = ssl_get_cipher_by_char(s, &(buf[1]));
591 if (ret->cipher == NULL) 568 if (ret->cipher == NULL)
592 goto err; 569 goto err;
593 } 570 }
594 571
595 if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ 572 if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
596 { 573 {
597 s->session_ctx->stats.sess_timeout++; 574 s->session_ctx->stats.sess_timeout++;
598 if (try_session_cache) 575 if (try_session_cache) {
599 {
600 /* session was from the cache, so remove it */ 576 /* session was from the cache, so remove it */
601 SSL_CTX_remove_session(s->session_ctx,ret); 577 SSL_CTX_remove_session(s->session_ctx, ret);
602 }
603 goto err;
604 } 578 }
579 goto err;
580 }
605 581
606 s->session_ctx->stats.sess_hit++; 582 s->session_ctx->stats.sess_hit++;
607 583
608 if (s->session != NULL) 584 if (s->session != NULL)
609 SSL_SESSION_free(s->session); 585 SSL_SESSION_free(s->session);
610 s->session=ret; 586 s->session = ret;
611 s->verify_result = s->session->verify_result; 587 s->verify_result = s->session->verify_result;
612 return 1; 588 return 1;
613 589
614 err: 590 err:
615 if (ret != NULL) 591 if (ret != NULL) {
616 {
617 SSL_SESSION_free(ret); 592 SSL_SESSION_free(ret);
618#ifndef OPENSSL_NO_TLSEXT 593#ifndef OPENSSL_NO_TLSEXT
619 if (!try_session_cache) 594 if (!try_session_cache) {
620 {
621 /* The session was from a ticket, so we should 595 /* The session was from a ticket, so we should
622 * issue a ticket for the new session */ 596 * issue a ticket for the new session */
623 s->tlsext_ticket_expected = 1; 597 s->tlsext_ticket_expected = 1;
624 }
625#endif
626 } 598 }
599#endif
600 }
627 if (fatal) 601 if (fatal)
628 return -1; 602 return -1;
629 else 603 else
630 return 0; 604 return 0;
631 } 605}
632 606
633int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) 607int
634 { 608SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
635 int ret=0; 609{
610 int ret = 0;
636 SSL_SESSION *s; 611 SSL_SESSION *s;
637 612
638 /* add just 1 reference count for the SSL_CTX's session cache 613 /* add just 1 reference count for the SSL_CTX's session cache
639 * even though it has two ways of access: each session is in a 614 * even though it has two ways of access: each session is in a
640 * doubly linked list and an lhash */ 615 * doubly linked list and an lhash */
641 CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); 616 CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION);
642 /* if session c is in already in cache, we take back the increment later */ 617 /* if session c is in already in cache, we take back the increment later */
643 618
644 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 619 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
645 s=lh_SSL_SESSION_insert(ctx->sessions,c); 620 s = lh_SSL_SESSION_insert(ctx->sessions, c);
646 621
647 /* s != NULL iff we already had a session with the given PID. 622 /* s != NULL iff we already had a session with the given PID.
648 * In this case, s == c should hold (then we did not really modify 623 * In this case, s == c should hold (then we did not really modify
649 * ctx->sessions), or we're in trouble. */ 624 * ctx->sessions), or we're in trouble. */
650 if (s != NULL && s != c) 625 if (s != NULL && s != c) {
651 {
652 /* We *are* in trouble ... */ 626 /* We *are* in trouble ... */
653 SSL_SESSION_list_remove(ctx,s); 627 SSL_SESSION_list_remove(ctx, s);
654 SSL_SESSION_free(s); 628 SSL_SESSION_free(s);
655 /* ... so pretend the other session did not exist in cache 629 /* ... so pretend the other session did not exist in cache
656 * (we cannot handle two SSL_SESSION structures with identical 630 * (we cannot handle two SSL_SESSION structures with identical
@@ -658,114 +632,117 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
658 * two threads concurrently obtain the same session from an external 632 * two threads concurrently obtain the same session from an external
659 * cache) */ 633 * cache) */
660 s = NULL; 634 s = NULL;
661 } 635 }
662 636
663 /* Put at the head of the queue unless it is already in the cache */ 637 /* Put at the head of the queue unless it is already in the cache */
664 if (s == NULL) 638 if (s == NULL)
665 SSL_SESSION_list_add(ctx,c); 639 SSL_SESSION_list_add(ctx, c);
666 640
667 if (s != NULL) 641 if (s != NULL) {
668 {
669 /* existing cache entry -- decrement previously incremented reference 642 /* existing cache entry -- decrement previously incremented reference
670 * count because it already takes into account the cache */ 643 * count because it already takes into account the cache */
671 644
672 SSL_SESSION_free(s); /* s == c */ 645 SSL_SESSION_free(s); /* s == c */
673 ret=0; 646 ret = 0;
674 } 647 } else {
675 else
676 {
677 /* new cache entry -- remove old ones if cache has become too large */ 648 /* new cache entry -- remove old ones if cache has become too large */
678
679 ret=1;
680 649
681 if (SSL_CTX_sess_get_cache_size(ctx) > 0) 650 ret = 1;
682 { 651
652 if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
683 while (SSL_CTX_sess_number(ctx) > 653 while (SSL_CTX_sess_number(ctx) >
684 SSL_CTX_sess_get_cache_size(ctx)) 654 SSL_CTX_sess_get_cache_size(ctx)) {
685 {
686 if (!remove_session_lock(ctx, 655 if (!remove_session_lock(ctx,
687 ctx->session_cache_tail, 0)) 656 ctx->session_cache_tail, 0))
688 break; 657 break;
689 else 658 else
690 ctx->stats.sess_cache_full++; 659 ctx->stats.sess_cache_full++;
691 }
692 } 660 }
693 } 661 }
694 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
695 return(ret);
696 } 662 }
663 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
664 return (ret);
665}
697 666
698int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) 667int
668SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
699{ 669{
700 return remove_session_lock(ctx, c, 1); 670 return remove_session_lock(ctx, c, 1);
701} 671}
702 672
703static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) 673static int
704 { 674remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
675{
705 SSL_SESSION *r; 676 SSL_SESSION *r;
706 int ret=0; 677 int ret = 0;
707 678
708 if ((c != NULL) && (c->session_id_length != 0)) 679 if ((c != NULL) && (c->session_id_length != 0)) {
709 { 680 if (lck)
710 if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 681 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
711 if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c) 682 if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
712 { 683 ret = 1;
713 ret=1; 684 r = lh_SSL_SESSION_delete(ctx->sessions, c);
714 r=lh_SSL_SESSION_delete(ctx->sessions,c); 685 SSL_SESSION_list_remove(ctx, c);
715 SSL_SESSION_list_remove(ctx,c); 686 }
716 }
717 687
718 if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 688 if (lck)
689 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
719 690
720 if (ret) 691 if (ret) {
721 { 692 r->not_resumable = 1;
722 r->not_resumable=1;
723 if (ctx->remove_session_cb != NULL) 693 if (ctx->remove_session_cb != NULL)
724 ctx->remove_session_cb(ctx,r); 694 ctx->remove_session_cb(ctx, r);
725 SSL_SESSION_free(r); 695 SSL_SESSION_free(r);
726 }
727 } 696 }
728 else 697 } else
729 ret=0; 698 ret = 0;
730 return(ret); 699 return (ret);
731 } 700}
732 701
733void SSL_SESSION_free(SSL_SESSION *ss) 702void
734 { 703SSL_SESSION_free(SSL_SESSION *ss)
704{
735 int i; 705 int i;
736 706
737 if(ss == NULL) 707 if (ss == NULL)
738 return; 708 return;
739 709
740 i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); 710 i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION);
741#ifdef REF_PRINT 711#ifdef REF_PRINT
742 REF_PRINT("SSL_SESSION",ss); 712 REF_PRINT("SSL_SESSION", ss);
743#endif 713#endif
744 if (i > 0) return; 714 if (i > 0)
715 return;
745#ifdef REF_CHECK 716#ifdef REF_CHECK
746 if (i < 0) 717 if (i < 0) {
747 { 718 fprintf(stderr, "SSL_SESSION_free, bad reference count\n");
748 fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
749 abort(); /* ok */ 719 abort(); /* ok */
750 } 720 }
751#endif 721#endif
752 722
753 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); 723 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
754 724
755 OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); 725 OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg);
756 OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); 726 OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
757 OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); 727 OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
758 if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); 728 if (ss->sess_cert != NULL)
759 if (ss->peer != NULL) X509_free(ss->peer); 729 ssl_sess_cert_free(ss->sess_cert);
760 if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); 730 if (ss->peer != NULL)
731 X509_free(ss->peer);
732 if (ss->ciphers != NULL)
733 sk_SSL_CIPHER_free(ss->ciphers);
761#ifndef OPENSSL_NO_TLSEXT 734#ifndef OPENSSL_NO_TLSEXT
762 if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); 735 if (ss->tlsext_hostname != NULL)
763 if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); 736 OPENSSL_free(ss->tlsext_hostname);
737 if (ss->tlsext_tick != NULL)
738 OPENSSL_free(ss->tlsext_tick);
764#ifndef OPENSSL_NO_EC 739#ifndef OPENSSL_NO_EC
765 ss->tlsext_ecpointformatlist_length = 0; 740 ss->tlsext_ecpointformatlist_length = 0;
766 if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); 741 if (ss->tlsext_ecpointformatlist != NULL)
742 OPENSSL_free(ss->tlsext_ecpointformatlist);
767 ss->tlsext_ellipticcurvelist_length = 0; 743 ss->tlsext_ellipticcurvelist_length = 0;
768 if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); 744 if (ss->tlsext_ellipticcurvelist != NULL)
745 OPENSSL_free(ss->tlsext_ellipticcurvelist);
769#endif /* OPENSSL_NO_EC */ 746#endif /* OPENSSL_NO_EC */
770#endif 747#endif
771#ifndef OPENSSL_NO_PSK 748#ifndef OPENSSL_NO_PSK
@@ -778,382 +755,389 @@ void SSL_SESSION_free(SSL_SESSION *ss)
778 if (ss->srp_username != NULL) 755 if (ss->srp_username != NULL)
779 OPENSSL_free(ss->srp_username); 756 OPENSSL_free(ss->srp_username);
780#endif 757#endif
781 OPENSSL_cleanse(ss,sizeof(*ss)); 758 OPENSSL_cleanse(ss, sizeof(*ss));
782 OPENSSL_free(ss); 759 OPENSSL_free(ss);
783 } 760}
784 761
785int SSL_set_session(SSL *s, SSL_SESSION *session) 762int
786 { 763SSL_set_session(SSL *s, SSL_SESSION *session)
787 int ret=0; 764{
765 int ret = 0;
788 const SSL_METHOD *meth; 766 const SSL_METHOD *meth;
789 767
790 if (session != NULL) 768 if (session != NULL) {
791 { 769 meth = s->ctx->method->get_ssl_method(session->ssl_version);
792 meth=s->ctx->method->get_ssl_method(session->ssl_version);
793 if (meth == NULL) 770 if (meth == NULL)
794 meth=s->method->get_ssl_method(session->ssl_version); 771 meth = s->method->get_ssl_method(session->ssl_version);
795 if (meth == NULL) 772 if (meth == NULL) {
796 { 773 SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
797 SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD); 774 return (0);
798 return(0); 775 }
799 }
800 776
801 if (meth != s->method) 777 if (meth != s->method) {
802 { 778 if (!SSL_set_ssl_method(s, meth))
803 if (!SSL_set_ssl_method(s,meth)) 779 return (0);
804 return(0); 780 }
805 }
806 781
807#ifndef OPENSSL_NO_KRB5 782#ifndef OPENSSL_NO_KRB5
808 if (s->kssl_ctx && !s->kssl_ctx->client_princ && 783 if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
809 session->krb5_client_princ_len > 0) 784 session->krb5_client_princ_len > 0) {
810 { 785 s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
811 s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); 786 memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ,
812 memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, 787 session->krb5_client_princ_len);
813 session->krb5_client_princ_len); 788 s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
814 s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; 789 }
815 }
816#endif /* OPENSSL_NO_KRB5 */ 790#endif /* OPENSSL_NO_KRB5 */
817 791
818 /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ 792 /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
819 CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); 793 CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
820 if (s->session != NULL) 794 if (s->session != NULL)
821 SSL_SESSION_free(s->session); 795 SSL_SESSION_free(s->session);
822 s->session=session; 796 s->session = session;
823 s->verify_result = s->session->verify_result; 797 s->verify_result = s->session->verify_result;
824 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ 798 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
825 ret=1; 799 ret = 1;
826 } 800 } else {
827 else 801 if (s->session != NULL) {
828 {
829 if (s->session != NULL)
830 {
831 SSL_SESSION_free(s->session); 802 SSL_SESSION_free(s->session);
832 s->session=NULL; 803 s->session = NULL;
833 } 804 }
834 805
835 meth=s->ctx->method; 806 meth = s->ctx->method;
836 if (meth != s->method) 807 if (meth != s->method) {
837 { 808 if (!SSL_set_ssl_method(s, meth))
838 if (!SSL_set_ssl_method(s,meth)) 809 return (0);
839 return(0);
840 }
841 ret=1;
842 } 810 }
843 return(ret); 811 ret = 1;
844 } 812 }
813 return (ret);
814}
845 815
846long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) 816long
847 { 817SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
848 if (s == NULL) return(0); 818{
849 s->timeout=t; 819 if (s == NULL)
850 return(1); 820 return (0);
851 } 821 s->timeout = t;
822 return (1);
823}
852 824
853long SSL_SESSION_get_timeout(const SSL_SESSION *s) 825long
854 { 826SSL_SESSION_get_timeout(const SSL_SESSION *s)
855 if (s == NULL) return(0); 827{
856 return(s->timeout); 828 if (s == NULL)
857 } 829 return (0);
830 return (s->timeout);
831}
858 832
859long SSL_SESSION_get_time(const SSL_SESSION *s) 833long
860 { 834SSL_SESSION_get_time(const SSL_SESSION *s)
861 if (s == NULL) return(0); 835{
862 return(s->time); 836 if (s == NULL)
863 } 837 return (0);
838 return (s->time);
839}
864 840
865long SSL_SESSION_set_time(SSL_SESSION *s, long t) 841long
866 { 842SSL_SESSION_set_time(SSL_SESSION *s, long t)
867 if (s == NULL) return(0); 843{
868 s->time=t; 844 if (s == NULL)
869 return(t); 845 return (0);
870 } 846 s->time = t;
847 return (t);
848}
871 849
872X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) 850X509
873 { 851*SSL_SESSION_get0_peer(SSL_SESSION *s)
852{
874 return s->peer; 853 return s->peer;
875 } 854}
876 855
877int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, 856int
878 unsigned int sid_ctx_len) 857SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
879 { 858 unsigned int sid_ctx_len)
880 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) 859{
881 { 860 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
882 SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 861 SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
883 return 0; 862 return 0;
884 } 863 }
885 s->sid_ctx_length=sid_ctx_len; 864 s->sid_ctx_length = sid_ctx_len;
886 memcpy(s->sid_ctx,sid_ctx,sid_ctx_len); 865 memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
887 866
888 return 1; 867 return 1;
889 } 868}
890 869
891long SSL_CTX_set_timeout(SSL_CTX *s, long t) 870long
892 { 871SSL_CTX_set_timeout(SSL_CTX *s, long t)
872{
893 long l; 873 long l;
894 if (s == NULL) return(0); 874 if (s == NULL)
895 l=s->session_timeout; 875 return (0);
896 s->session_timeout=t; 876 l = s->session_timeout;
897 return(l); 877 s->session_timeout = t;
898 } 878 return (l);
879}
899 880
900long SSL_CTX_get_timeout(const SSL_CTX *s) 881long
901 { 882SSL_CTX_get_timeout(const SSL_CTX *s)
902 if (s == NULL) return(0); 883{
903 return(s->session_timeout); 884 if (s == NULL)
904 } 885 return (0);
886 return (s->session_timeout);
887}
905 888
906#ifndef OPENSSL_NO_TLSEXT 889#ifndef OPENSSL_NO_TLSEXT
907int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, 890int
908 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) 891SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
909 { 892 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
910 if (s == NULL) return(0); 893{
894 if (s == NULL)
895 return (0);
911 s->tls_session_secret_cb = tls_session_secret_cb; 896 s->tls_session_secret_cb = tls_session_secret_cb;
912 s->tls_session_secret_cb_arg = arg; 897 s->tls_session_secret_cb_arg = arg;
913 return(1); 898 return (1);
914 } 899}
915 900
916int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, 901int
917 void *arg) 902SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
918 { 903 void *arg)
919 if (s == NULL) return(0); 904{
905 if (s == NULL)
906 return (0);
920 s->tls_session_ticket_ext_cb = cb; 907 s->tls_session_ticket_ext_cb = cb;
921 s->tls_session_ticket_ext_cb_arg = arg; 908 s->tls_session_ticket_ext_cb_arg = arg;
922 return(1); 909 return (1);
923 } 910}
924 911
925int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) 912int
926 { 913SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
927 if (s->version >= TLS1_VERSION) 914{
928 { 915 if (s->version >= TLS1_VERSION) {
929 if (s->tlsext_session_ticket) 916 if (s->tlsext_session_ticket) {
930 {
931 OPENSSL_free(s->tlsext_session_ticket); 917 OPENSSL_free(s->tlsext_session_ticket);
932 s->tlsext_session_ticket = NULL; 918 s->tlsext_session_ticket = NULL;
933 } 919 }
934 920
935 s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); 921 s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
936 if (!s->tlsext_session_ticket) 922 if (!s->tlsext_session_ticket) {
937 {
938 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); 923 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
939 return 0; 924 return 0;
940 } 925 }
941 926
942 if (ext_data) 927 if (ext_data) {
943 {
944 s->tlsext_session_ticket->length = ext_len; 928 s->tlsext_session_ticket->length = ext_len;
945 s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; 929 s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
946 memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); 930 memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
947 } 931 } else {
948 else
949 {
950 s->tlsext_session_ticket->length = 0; 932 s->tlsext_session_ticket->length = 0;
951 s->tlsext_session_ticket->data = NULL; 933 s->tlsext_session_ticket->data = NULL;
952 } 934 }
953 935
954 return 1; 936 return 1;
955 } 937 }
956 938
957 return 0; 939 return 0;
958 } 940}
959#endif /* OPENSSL_NO_TLSEXT */ 941#endif /* OPENSSL_NO_TLSEXT */
960 942
961typedef struct timeout_param_st 943typedef struct timeout_param_st {
962 {
963 SSL_CTX *ctx; 944 SSL_CTX *ctx;
964 long time; 945 long time;
965 LHASH_OF(SSL_SESSION) *cache; 946 LHASH_OF(SSL_SESSION) *cache;
966 } TIMEOUT_PARAM; 947} TIMEOUT_PARAM;
967 948
968static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) 949static void
969 { 950timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
951{
970 if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ 952 if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
971 { 953 {
972 /* The reason we don't call SSL_CTX_remove_session() is to 954 /* The reason we don't call SSL_CTX_remove_session() is to
973 * save on locking overhead */ 955 * save on locking overhead */
974 (void)lh_SSL_SESSION_delete(p->cache,s); 956 (void)lh_SSL_SESSION_delete(p->cache, s);
975 SSL_SESSION_list_remove(p->ctx,s); 957 SSL_SESSION_list_remove(p->ctx, s);
976 s->not_resumable=1; 958 s->not_resumable = 1;
977 if (p->ctx->remove_session_cb != NULL) 959 if (p->ctx->remove_session_cb != NULL)
978 p->ctx->remove_session_cb(p->ctx,s); 960 p->ctx->remove_session_cb(p->ctx, s);
979 SSL_SESSION_free(s); 961 SSL_SESSION_free(s);
980 }
981 } 962 }
963}
982 964
983static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) 965static
966IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
984 967
985void SSL_CTX_flush_sessions(SSL_CTX *s, long t) 968void
986 { 969SSL_CTX_flush_sessions(SSL_CTX *s, long t)
970{
987 unsigned long i; 971 unsigned long i;
988 TIMEOUT_PARAM tp; 972 TIMEOUT_PARAM tp;
989 973
990 tp.ctx=s; 974 tp.ctx = s;
991 tp.cache=s->sessions; 975 tp.cache = s->sessions;
992 if (tp.cache == NULL) return; 976 if (tp.cache == NULL)
993 tp.time=t; 977 return;
978 tp.time = t;
994 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 979 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
995 i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; 980 i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
996 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; 981 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0;
997 lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), 982 lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
998 TIMEOUT_PARAM, &tp); 983 TIMEOUT_PARAM, &tp);
999 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; 984 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i;
1000 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 985 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
1001 } 986}
1002 987
1003int ssl_clear_bad_session(SSL *s) 988int
1004 { 989ssl_clear_bad_session(SSL *s)
1005 if ( (s->session != NULL) && 990{
991 if ((s->session != NULL) &&
1006 !(s->shutdown & SSL_SENT_SHUTDOWN) && 992 !(s->shutdown & SSL_SENT_SHUTDOWN) &&
1007 !(SSL_in_init(s) || SSL_in_before(s))) 993 !(SSL_in_init(s) || SSL_in_before(s))) {
1008 { 994 SSL_CTX_remove_session(s->ctx, s->session);
1009 SSL_CTX_remove_session(s->ctx,s->session); 995 return (1);
1010 return(1); 996 } else
1011 } 997 return (0);
1012 else 998}
1013 return(0);
1014 }
1015 999
1016/* locked by SSL_CTX in the calling function */ 1000/* locked by SSL_CTX in the calling function */
1017static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) 1001static void
1018 { 1002SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
1019 if ((s->next == NULL) || (s->prev == NULL)) return; 1003{
1004 if ((s->next == NULL)
1005 || (s->prev == NULL)) return;
1020 1006
1021 if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) 1007 if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
1022 { /* last element in list */ 1008 { /* last element in list */
1023 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) 1009 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
1024 { /* only one element in list */ 1010 { /* only one element in list */
1025 ctx->session_cache_head=NULL; 1011 ctx->session_cache_head = NULL;
1026 ctx->session_cache_tail=NULL; 1012 ctx->session_cache_tail = NULL;
1027 } 1013 } else {
1028 else 1014 ctx->session_cache_tail = s->prev;
1029 { 1015 s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1030 ctx->session_cache_tail=s->prev;
1031 s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
1032 }
1033 } 1016 }
1034 else 1017 } else {
1035 {
1036 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) 1018 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
1037 { /* first element in list */ 1019 { /* first element in list */
1038 ctx->session_cache_head=s->next; 1020 ctx->session_cache_head = s->next;
1039 s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); 1021 s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1040 } 1022 } else
1041 else 1023 { /* middle of list */
1042 { /* middle of list */ 1024 s->next->prev = s->prev;
1043 s->next->prev=s->prev; 1025 s->prev->next = s->next;
1044 s->prev->next=s->next;
1045 }
1046 } 1026 }
1047 s->prev=s->next=NULL;
1048 } 1027 }
1028 s->prev = s->next = NULL;
1029}
1049 1030
1050static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) 1031static void
1051 { 1032SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
1033{
1052 if ((s->next != NULL) && (s->prev != NULL)) 1034 if ((s->next != NULL) && (s->prev != NULL))
1053 SSL_SESSION_list_remove(ctx,s); 1035 SSL_SESSION_list_remove(ctx, s);
1054 1036
1055 if (ctx->session_cache_head == NULL) 1037 if (ctx->session_cache_head == NULL) {
1056 { 1038 ctx->session_cache_head = s;
1057 ctx->session_cache_head=s; 1039 ctx->session_cache_tail = s;
1058 ctx->session_cache_tail=s; 1040 s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1059 s->prev=(SSL_SESSION *)&(ctx->session_cache_head); 1041 s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1060 s->next=(SSL_SESSION *)&(ctx->session_cache_tail); 1042 } else {
1061 } 1043 s->next = ctx->session_cache_head;
1062 else 1044 s->next->prev = s;
1063 { 1045 s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1064 s->next=ctx->session_cache_head; 1046 ctx->session_cache_head = s;
1065 s->next->prev=s;
1066 s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
1067 ctx->session_cache_head=s;
1068 }
1069 } 1047 }
1048}
1070 1049
1071void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, 1050void
1072 int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) 1051SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1073 { 1052 int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) {
1074 ctx->new_session_cb=cb; 1053 ctx->new_session_cb = cb;
1075 } 1054}
1076 1055
1077int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) 1056int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
1078 { 1057{
1079 return ctx->new_session_cb; 1058 return ctx->new_session_cb;
1080 } 1059}
1081 1060
1082void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, 1061void
1083 void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) 1062SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1084 { 1063 void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess))
1085 ctx->remove_session_cb=cb; 1064{
1086 } 1065 ctx->remove_session_cb = cb;
1066}
1087 1067
1088void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) 1068void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess)
1089 { 1069{
1090 return ctx->remove_session_cb; 1070 return ctx->remove_session_cb;
1091 } 1071}
1092 1072
1093void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, 1073void
1094 SSL_SESSION *(*cb)(struct ssl_st *ssl, 1074SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
1095 unsigned char *data,int len,int *copy)) 1075 SSL_SESSION *(*cb)(struct ssl_st *ssl,
1096 { 1076unsigned char *data, int len, int *copy))
1097 ctx->get_session_cb=cb; 1077{
1098 } 1078 ctx->get_session_cb = cb;
1079}
1099 1080
1100SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, 1081SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
1101 unsigned char *data,int len,int *copy) 1082 unsigned char *data, int len, int *copy)
1102 { 1083{
1103 return ctx->get_session_cb; 1084 return ctx->get_session_cb;
1104 } 1085}
1105 1086
1106void SSL_CTX_set_info_callback(SSL_CTX *ctx, 1087void
1107 void (*cb)(const SSL *ssl,int type,int val)) 1088SSL_CTX_set_info_callback(SSL_CTX *ctx,
1108 { 1089 void (*cb)(const SSL *ssl, int type, int val))
1109 ctx->info_callback=cb; 1090{
1110 } 1091 ctx->info_callback = cb;
1092}
1111 1093
1112void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) 1094void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val)
1113 { 1095{
1114 return ctx->info_callback; 1096 return ctx->info_callback;
1115 } 1097}
1116 1098
1117void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, 1099void
1118 int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) 1100SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1119 { 1101 int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
1120 ctx->client_cert_cb=cb; 1102{
1121 } 1103 ctx->client_cert_cb = cb;
1104}
1122 1105
1123int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) 1106int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey)
1124 { 1107{
1125 return ctx->client_cert_cb; 1108 return ctx->client_cert_cb;
1126 } 1109}
1127 1110
1128#ifndef OPENSSL_NO_ENGINE 1111#ifndef OPENSSL_NO_ENGINE
1129int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) 1112int
1130 { 1113SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
1131 if (!ENGINE_init(e)) 1114{
1132 { 1115 if (!ENGINE_init(e)) {
1133 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); 1116 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
1134 return 0; 1117 return 0;
1135 } 1118 }
1136 if(!ENGINE_get_ssl_client_cert_function(e)) 1119 if (!ENGINE_get_ssl_client_cert_function(e)) {
1137 {
1138 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); 1120 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD);
1139 ENGINE_finish(e); 1121 ENGINE_finish(e);
1140 return 0; 1122 return 0;
1141 } 1123 }
1142 ctx->client_cert_engine = e; 1124 ctx->client_cert_engine = e;
1143 return 1; 1125 return 1;
1144 } 1126}
1145#endif 1127#endif
1146 1128
1147void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, 1129void
1148 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) 1130SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1149 { 1131 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
1150 ctx->app_gen_cookie_cb=cb; 1132{
1151 } 1133 ctx->app_gen_cookie_cb = cb;
1134}
1152 1135
1153void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, 1136void
1154 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) 1137SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1155 { 1138 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
1156 ctx->app_verify_cookie_cb=cb; 1139{
1157 } 1140 ctx->app_verify_cookie_cb = cb;
1141}
1158 1142
1159IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) 1143IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 08:20:14 +0000