+++ /dev/null
-/* ssl/ssl_comp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-
-#ifndef NOPROTO
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
-static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
-#else
-static void SSL_SESSION_list_remove();
-static void SSL_SESSION_list_add();
-#endif
-
-static int ssl_session_num=0;
-static STACK *ssl_session_meth=NULL;
-
-SSL_SESSION *SSL_get_session(ssl)
-SSL *ssl;
- {
- return(ssl->session);
- }
-
-int SSL_SESSION_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
- {
- ssl_session_num++;
- return(CRYPTO_get_ex_new_index(ssl_session_num-1,
- &ssl_session_meth,
- argl,argp,new_func,dup_func,free_func));
- }
-
-int SSL_SESSION_set_ex_data(s,idx,arg)
-SSL_SESSION *s;
-int idx;
-char *arg;
- {
- return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
- }
-
-char *SSL_SESSION_get_ex_data(s,idx)
-SSL_SESSION *s;
-int idx;
- {
- return(CRYPTO_get_ex_data(&s->ex_data,idx));
- }
-
-SSL_SESSION *SSL_SESSION_new()
- {
- SSL_SESSION *ss;
-
- ss=(SSL_SESSION *)Malloc(sizeof(SSL_SESSION));
- if (ss == NULL)
- {
- SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- memset(ss,0,sizeof(SSL_SESSION));
-
- ss->references=1;
- ss->timeout=60*5+4; /* 5 minute timeout by default */
- ss->time=time(NULL);
- ss->prev=NULL;
- ss->next=NULL;
- CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
- return(ss);
- }
-
-int ssl_get_new_session(s, session)
-SSL *s;
-int session;
- {
- SSL_SESSION *ss=NULL;
-
- if ((ss=SSL_SESSION_new()) == NULL) return(0);
-
- /* If the context has a default timeout, use it */
- if (s->ctx->session_timeout != 0)
- ss->timeout=SSL_get_default_timeout(s);
-
- if (s->session != NULL)
- {
- SSL_SESSION_free(s->session);
- s->session=NULL;
- }
-
- if (session)
- {
- if (s->version == SSL2_CLIENT_VERSION)
- {
- ss->ssl_version=SSL2_VERSION;
- ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == SSL3_VERSION)
- {
- ss->ssl_version=SSL3_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == TLS1_VERSION)
- {
- ss->ssl_version=TLS1_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else
- {
- SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
- SSL_SESSION_free(ss);
- return(0);
- }
-
- for (;;)
- {
- SSL_SESSION *r;
-
- RAND_bytes(ss->session_id,ss->session_id_length);
- CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
- r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,
- (char *)ss);
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
- if (r == NULL) break;
- /* else - woops a session_id match */
- }
- }
- else
- {
- ss->session_id_length=0;
- }
-
- s->session=ss;
- ss->ssl_version=s->version;
-
- return(1);
- }
-
-int ssl_get_prev_session(s,session_id,len)
-SSL *s;
-unsigned char *session_id;
-int len;
- {
- SSL_SESSION *ret=NULL,data;
-
- /* conn_init();*/
- data.ssl_version=s->version;
- data.session_id_length=len;
- if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
- return(0);
- memcpy(data.session_id,session_id,len);;
-
- if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
- {
- CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
- ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data);
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
- }
-
- if (ret == NULL)
- {
- int copy=1;
-
- s->ctx->sess_miss++;
- ret=NULL;
- if ((s->ctx->get_session_cb != NULL) &&
- ((ret=s->ctx->get_session_cb(s,session_id,len,©))
- != NULL))
- {
- s->ctx->sess_cb_hit++;
-
- /* The following should not return 1, otherwise,
- * things are very strange */
- SSL_CTX_add_session(s->ctx,ret);
- /* auto free it */
- if (!copy)
- SSL_SESSION_free(ret);
- }
- if (ret == NULL) return(0);
- }
-
- if (ret->cipher == NULL)
- {
- char buf[5],*p;
- unsigned long l;
-
- p=buf;
- l=ret->cipher_id;
- l2n(l,p);
- if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
- ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
- else
- ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
- if (ret->cipher == NULL)
- return(0);
- }
-
- /* If a thread got the session, then 'swaped', and another got
- * it and then due to a time-out decided to 'Free' it we could
- * be in trouble. So I'll increment it now, then double decrement
- * later - am I speaking rubbish?. */
- CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-
- if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
- {
- s->ctx->sess_timeout++;
- /* remove it from the cache */
- SSL_CTX_remove_session(s->ctx,ret);
- SSL_SESSION_free(ret); /* again to actually Free it */
- return(0);
- }
-
- s->ctx->sess_hit++;
-
- /* ret->time=time(NULL); */ /* rezero timeout? */
- /* again, just leave the session
- * if it is the same session, we have just incremented and
- * then decremented the reference count :-) */
- if (s->session != NULL)
- SSL_SESSION_free(s->session);
- s->session=ret;
- return(1);
- }
-
-int SSL_CTX_add_session(ctx,c)
-SSL_CTX *ctx;
-SSL_SESSION *c;
- {
- int ret=0;
- SSL_SESSION *s;
-
- /* conn_init(); */
- CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
-
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- s=(SSL_SESSION *)lh_insert(ctx->sessions,(char *)c);
-
- /* Put on the end of the queue unless it is already in the cache */
- if (s == NULL)
- SSL_SESSION_list_add(ctx,c);
-
- /* If the same session if is being 're-added', Free the old
- * one when the last person stops using it.
- * This will also work if it is alread in the cache.
- * The references will go up and then down :-) */
- if (s != NULL)
- {
- SSL_SESSION_free(s);
- ret=0;
- }
- else
- {
- ret=1;
-
- if (SSL_CTX_sess_get_cache_size(ctx) > 0)
- {
- while (SSL_CTX_sess_number(ctx) >
- SSL_CTX_sess_get_cache_size(ctx))
- {
- if (!SSL_CTX_remove_session(ctx,
- ctx->session_cache_tail))
- break;
- else
- ctx->sess_cache_full++;
- }
- }
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- return(ret);
- }
-
-int SSL_CTX_remove_session(ctx,c)
-SSL_CTX *ctx;
-SSL_SESSION *c;
- {
- SSL_SESSION *r;
- int ret=0;
-
- if ((c != NULL) && (c->session_id_length != 0))
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c);
- if (r != NULL)
- {
- ret=1;
- SSL_SESSION_list_remove(ctx,c);
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-
- if (ret)
- {
- r->not_resumable=1;
- if (ctx->remove_session_cb != NULL)
- ctx->remove_session_cb(ctx,r);
- SSL_SESSION_free(r);
- }
- }
- else
- ret=0;
- return(ret);
- }
-
-void SSL_SESSION_free(ss)
-SSL_SESSION *ss;
- {
- int i;
-
- if(ss == NULL)
- return;
-
- i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
-#ifdef REF_PRINT
- REF_PRINT("SSL_SESSION",ss);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
- CRYPTO_free_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
-
- memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
- memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
- memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
- if (ss->cert != NULL) ssl_cert_free(ss->cert);
- if (ss->peer != NULL) X509_free(ss->peer);
- if (ss->ciphers != NULL) sk_free(ss->ciphers);
- memset(ss,0,sizeof(*ss));
- Free(ss);
- }
-
-int SSL_set_session(s, session)
-SSL *s;
-SSL_SESSION *session;
- {
- int ret=0;
- SSL_METHOD *meth;
-
- if (session != NULL)
- {
- meth=s->ctx->method->get_ssl_method(session->ssl_version);
- if (meth == NULL)
- meth=s->method->get_ssl_method(session->ssl_version);
- if (meth == NULL)
- {
- SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
- return(0);
- }
-
- if (meth != s->method)
- {
- if (!SSL_set_ssl_method(s,meth))
- return(0);
- session->timeout=SSL_get_default_timeout(s);
- }
-
- /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
- CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
- if (s->session != NULL)
- SSL_SESSION_free(s->session);
- s->session=session;
- /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
- ret=1;
- }
- else
- {
- if (s->session != NULL)
- {
- SSL_SESSION_free(s->session);
- s->session=NULL;
- }
- }
- return(ret);
- }
-
-long SSL_SESSION_set_timeout(s,t)
-SSL_SESSION *s;
-long t;
- {
- if (s == NULL) return(0);
- s->timeout=t;
- return(1);
- }
-
-long SSL_SESSION_get_timeout(s)
-SSL_SESSION *s;
- {
- if (s == NULL) return(0);
- return(s->timeout);
- }
-
-long SSL_SESSION_get_time(s)
-SSL_SESSION *s;
- {
- if (s == NULL) return(0);
- return(s->time);
- }
-
-long SSL_SESSION_set_time(s,t)
-SSL_SESSION *s;
-long t;
- {
- if (s == NULL) return(0);
- s->time=t;
- return(t);
- }
-
-typedef struct timeout_param_st
- {
- SSL_CTX *ctx;
- long time;
- LHASH *cache;
- } TIMEOUT_PARAM;
-
-static void timeout(s,p)
-SSL_SESSION *s;
-TIMEOUT_PARAM *p;
- {
- if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
- {
- /* The reason we don't call SSL_CTX_remove_session() is to
- * save on locking overhead */
- lh_delete(p->cache,(char *)s);
- SSL_SESSION_list_remove(p->ctx,s);
- s->not_resumable=1;
- if (p->ctx->remove_session_cb != NULL)
- p->ctx->remove_session_cb(p->ctx,s);
- SSL_SESSION_free(s);
- }
- }
-
-void SSL_CTX_flush_sessions(s,t)
-SSL_CTX *s;
-long t;
- {
- unsigned long i;
- TIMEOUT_PARAM tp;
-
- tp.ctx=s;
- tp.cache=SSL_CTX_sessions(s);
- if (tp.cache == NULL) return;
- tp.time=t;
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- i=tp.cache->down_load;
- tp.cache->down_load=0;
- lh_doall_arg(tp.cache,(void (*)())timeout,(char *)&tp);
- tp.cache->down_load=i;
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- }
-
-int ssl_clear_bad_session(s)
-SSL *s;
- {
- if ( (s->session != NULL) &&
- !(s->shutdown & SSL_SENT_SHUTDOWN) &&
- !(SSL_in_init(s) || SSL_in_before(s)))
- {
- SSL_CTX_remove_session(s->ctx,s->session);
- return(1);
- }
- else
- return(0);
- }
-
-/* locked by SSL_CTX in the calling function */
-static void SSL_SESSION_list_remove(ctx,s)
-SSL_CTX *ctx;
-SSL_SESSION *s;
- {
- if ((s->next == NULL) || (s->prev == NULL)) return;
-
- if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
- { /* last element in list */
- if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
- { /* only one element in list */
- ctx->session_cache_head=NULL;
- ctx->session_cache_tail=NULL;
- }
- else
- {
- ctx->session_cache_tail=s->prev;
- s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
- }
- }
- else
- {
- if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
- { /* first element in list */
- ctx->session_cache_head=s->next;
- s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
- }
- else
- { /* middle of list */
- s->next->prev=s->prev;
- s->prev->next=s->next;
- }
- }
- s->prev=s->next=NULL;
- }
-
-static void SSL_SESSION_list_add(ctx,s)
-SSL_CTX *ctx;
-SSL_SESSION *s;
- {
- if ((s->next != NULL) && (s->prev != NULL))
- SSL_SESSION_list_remove(ctx,s);
-
- if (ctx->session_cache_head == NULL)
- {
- ctx->session_cache_head=s;
- ctx->session_cache_tail=s;
- s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
- s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
- }
- else
- {
- s->next=ctx->session_cache_head;
- s->next->prev=s;
- s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
- ctx->session_cache_head=s;
- }
- }
-