summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_sess.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Stop fiddling with hash table internals from lhash doall callers.jsing2024-01-241-6/+3
| | | | | | | | It is now safe to call delete from an lhash doall callback - stop fiddling wit hash table internals from lhash doall callers that previously has to workaround this themselves. ok tb@
* Unifdef OPENSSL_NO_ENGINE in libssltb2023-11-191-24/+1
| | | | | | As usual, a few manual fixes to avoid duplicate lines. ok jsing
* Hide all public symbols in libsslbeck2023-07-081-1/+53
| | | | | | With the guentherizer 9000 ok tb@
* Make internal header file names consistenttb2022-11-261-2/+2
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Provide ssl_session_dup()tb2022-10-201-1/+106
| | | | | | | | SSL_SESSION_dup() is a currently essentially unused public OpenSSL 1.1.1 API. Add a version that does not duplicate the secrets for internal use. If the public API should be needed, we can easily make it a wrapper. ok jsing
* Clean up resumption master secret in SSL_SESSION_free()tb2022-10-201-1/+3
| | | | ok jsing
* Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.jsing2022-10-021-73/+73
| | | | | | | | These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL. Prompted by tb@
* Deduplicate peer certificate chain processing code.jsing2022-08-171-3/+3
| | | | | | | | | | | | | | Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one. This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption. ok tb@
* Use CBS_write_bytes() instead of manual unpacking of a CBS and assigningtb2022-06-071-3/+5
| | | | | | | length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however). ok jsing
* Simplify various CBS_write_bytes() callstb2022-06-071-4/+2
| | | | | | | Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable. ok jsing
* Tweak readability of a test: compare tmp explicitly against 0 and droptb2022-06-071-2/+2
| | | | | | redundant parentheses. ok jsing
* Add a cast to SSL_SESSION_get_id() to indicate that session_id_lengthtb2022-06-071-2/+2
| | | | | | | is deliberately reduced to an unsigned int. Since the session_id is at most 32 bytes, this is not a concern. ok jsing
* fix indenttb2022-06-071-2/+2
|
* Unindent and simplify remove_session_lock()tb2022-06-071-21/+22
| | | | ok jsing (who informs me he had the same diff in his jungle)
* Fix comment + spacing.tb2022-06-061-2/+2
| | | | | Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case with sufficiently potent crack, which would explain a few things in here.
* Remove peer_pkeys from SSL_SESSION.jsing2022-01-111-5/+1
| | | | | | | | | | peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate). ok inoguchi@ tb@
* Rename 'peer' to 'peer_cert' in SSL_SESSION.jsing2022-01-111-3/+3
| | | | | | | The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful. ok inoguchi@ tb@
* Merge SESS_CERT into SSL_SESSION.jsing2022-01-081-2/+6
| | | | | | | There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow. ok inoguchi@ tb@
* Fold SSL_SESSION_INTERNAL back into SSL_SESSION.jsing2021-10-251-39/+33
| | | | ok beck@ tb@
* Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubstb2021-09-081-1/+7
| | | | ok jsing
* Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*jsing2021-05-161-1/+2
| | | | | | Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
* Provide SSL_SESSION_get0_cipher(3)tb2021-05-101-1/+7
| | | | ok jsing
* Handle DTLS1_2_VERSION in various places.jsing2021-02-201-1/+2
| | | | ok tb@
* Condense and simplify TLS methods.jsing2020-10-111-2/+2
| | | | | | | | | | | | | | | Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method. Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does. ok tb@
* Prepare to provide SSL_SESSION_{set,get}_max_early_data()tb2020-09-191-1/+13
| | | | | | | Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined. ok beck jsing
* Simplify SSL method lookups.jsing2020-09-171-4/+2
| | | | | | | | | There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types. ok inoguchi@ millert@
* Cleanup and simplify SSL_set_session().jsing2020-09-141-36/+22
| | | | | | | | | | SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client. ok beck@
* KNF and comment tweakstb2020-09-021-8/+10
|
* Zero out data to avoid leaving stack garbage in the tail oftb2020-09-011-1/+3
| | | | | | | the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH. long standing bug pointed out by jsing
* The bumping of sess_cb_hit stats can wait until handling oftb2020-09-011-4/+3
| | | | get_session_cb is completed.
* In the explanatory comment of ssl_get_prev_session fix the spelling oftb2020-09-011-5/+6
| | | | the function name, document alert and make it fit into 80 columns.
* Split session retrieval out of ssl_get_prev_session()tb2020-09-011-78/+92
| | | | | | | | | | | | | | | | In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye. I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted. To top things off, a little bit of polish in the exit path. ok beck inoguchi jsing (with the usual healthy dose of nits)
* copy session id directly in ssl_get_prev_sessiontb2020-09-011-3/+16
| | | | | | | | | | | | ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session(). Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so. ok inoguchi jsing
* indent the only other label in this filetb2020-09-011-2/+2
|
* Indent label and remove dangling elsetb2020-09-011-4/+4
|
* Zap NULL check before SSL_SESSION_free()tb2020-09-011-3/+2
|
* Rename the session pointer ret to sesstb2020-09-011-25/+25
| | | | | | ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
* Return code tweaks for session ticket handlerstb2020-08-311-9/+7
| | | | | | | | In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments. ok beck inoguchi
* Send alert on ssl_get_prev_session failuretb2020-08-311-6/+7
| | | | | | | | | | | | ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe. Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere. ok beck inoguchi jsing
* Pass the session ID down to the session/ticket handling code as a CBS.jsing2019-04-221-9/+10
| | | | | | | | | Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions. ok tb@
* This case also needs to be fatal.jsing2019-04-041-1/+2
|
* mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sighderaadt2019-04-011-3/+3
|
* do not call assert(), which has a tendency to leave traces of stuff inderaadt2019-03-241-2/+3
| | | | | | corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
* Simplify session ticket parsing/handling.jsing2018-08-241-11/+11
| | | | | | | | | | | | The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing. While here standarise on naming for session_id and session_id_len. ok inoguchi@ tb@
* OpenSSL started adding const to functions all over the place. Make alltb2018-04-251-4/+4
| | | | | | | | our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step. this went through a i386 bulk by sthen ok jsing
* Provide SSL_SESSION_set1_id()tb2018-03-201-1/+14
| | | | ok jsing
* Bring in compatibility for OpenSSL 1.1 style init functions.beck2018-03-171-1/+6
| | | | | | | | | This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL ok jsing@, nits by tb@ and deraadt@
* Provide SSL_SESSION_get_ticket_lifetime_hint() andtb2018-03-171-1/+13
| | | | | | SSL_SESSION_has_ticket() ok jsing
* SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *.tb2018-03-171-2/+2
| | | | | | Noted by schwarze@ ok jsing@
* Provide SSL_SESSION_get0_id_context().jsing2018-03-171-6/+14
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 07:20:27 +0000