SSL_SESSION *SSL_get_session(const SSL *ssl)
/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
{
- return ssl->session;
+ const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
+
+ if (sc == NULL)
+ return NULL;
+
+ return sc->session;
}
SSL_SESSION *SSL_get1_session(SSL *ssl)
/* variant of SSL_get_session: caller really gets something */
{
SSL_SESSION *sess;
+
/*
* Need to lock this all up rather than just use CRYPTO_add so that
* somebody doesn't free ssl->session between when we check it's non-null
*/
if (!CRYPTO_THREAD_read_lock(ssl->lock))
return NULL;
- sess = ssl->session;
- if (sess)
+ sess = SSL_get_session(ssl);
+ if (sess != NULL)
SSL_SESSION_up_ref(sess);
CRYPTO_THREAD_unlock(ssl->lock);
return sess;
return 0;
}
-int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
+int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss)
{
unsigned int tmp;
GEN_SESSION_CB cb = def_generate_session_id;
+ SSL *ssl = SSL_CONNECTION_GET_SSL(s);
switch (s->version) {
case SSL3_VERSION:
}
/* Choose which callback will set the session ID */
- if (!CRYPTO_THREAD_read_lock(s->lock))
+ if (!CRYPTO_THREAD_read_lock(SSL_CONNECTION_GET_SSL(s)->lock))
return 0;
if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) {
- CRYPTO_THREAD_unlock(s->lock);
+ CRYPTO_THREAD_unlock(ssl->lock);
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
return 0;
else if (s->session_ctx->generate_session_id)
cb = s->session_ctx->generate_session_id;
CRYPTO_THREAD_unlock(s->session_ctx->lock);
- CRYPTO_THREAD_unlock(s->lock);
+ CRYPTO_THREAD_unlock(ssl->lock);
/* Choose a session ID */
memset(ss->session_id, 0, ss->session_id_length);
tmp = (int)ss->session_id_length;
- if (!cb(s, ss->session_id, &tmp)) {
+ if (!cb(ssl, ss->session_id, &tmp)) {
/* The callback failed */
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
}
ss->session_id_length = tmp;
/* Finally, check for a conflict */
- if (SSL_has_matching_session_id(s, ss->session_id,
+ if (SSL_has_matching_session_id(ssl, ss->session_id,
(unsigned int)ss->session_id_length)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT);
return 0;
return 1;
}
-int ssl_get_new_session(SSL *s, int session)
+int ssl_get_new_session(SSL_CONNECTION *s, int session)
{
/* This gets used by clients and servers. */
/* If the context has a default timeout, use it */
if (s->session_ctx->session_timeout == 0)
- ss->timeout = SSL_get_default_timeout(s);
+ ss->timeout = SSL_get_default_timeout(SSL_CONNECTION_GET_SSL(s));
else
ss->timeout = s->session_ctx->session_timeout;
ssl_session_calculate_timeout(ss);
s->session = NULL;
if (session) {
- if (SSL_IS_TLS13(s)) {
+ if (SSL_CONNECTION_IS_TLS13(s)) {
/*
* We generate the session id while constructing the
* NewSessionTicket in TLSv1.3.
return 1;
}
-SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
+SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
+ const unsigned char *sess_id,
size_t sess_id_len)
{
SSL_SESSION *ret = NULL;
if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
int copy = 1;
- ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©);
+ ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_SSL(s),
+ sess_id, sess_id_len, ©);
if (ret != NULL) {
ssl_tsan_counter(s->session_ctx,
* - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
* if the server should issue a new session ticket (to 0 otherwise).
*/
-int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
+int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello)
{
/* This is used only by servers. */
int try_session_cache = 0;
SSL_TICKET_STATUS r;
- if (SSL_IS_TLS13(s)) {
+ if (SSL_CONNECTION_IS_TLS13(s)) {
/*
* By default we will send a new ticket. This can be overridden in the
* ticket processing.
goto err;
}
- if (!SSL_IS_TLS13(s)) {
+ if (!SSL_CONNECTION_IS_TLS13(s)) {
/* We already did this for TLS1.3 */
SSL_SESSION_free(s->session);
s->session = ret;
if (ret != NULL) {
SSL_SESSION_free(ret);
/* In TLSv1.3 s->session was already set to ret, so we NULL it out */
- if (SSL_IS_TLS13(s))
+ if (SSL_CONNECTION_IS_TLS13(s))
s->session = NULL;
if (!try_session_cache) {
int SSL_set_session(SSL *s, SSL_SESSION *session)
{
- ssl_clear_bad_session(s);
+ SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+
+ if (sc == NULL)
+ return 0;
+
+ ssl_clear_bad_session(sc);
if (s->ctx->method != s->method) {
if (!SSL_set_ssl_method(s, s->ctx->method))
return 0;
if (session != NULL) {
SSL_SESSION_up_ref(session);
- s->verify_result = session->verify_result;
+ sc->verify_result = session->verify_result;
}
- SSL_SESSION_free(s->session);
- s->session = session;
+ SSL_SESSION_free(sc->session);
+ sc->session = session;
return 1;
}
tls_session_secret_cb_fn tls_session_secret_cb,
void *arg)
{
- if (s == NULL)
+ SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+
+ if (sc == NULL)
return 0;
- s->ext.session_secret_cb = tls_session_secret_cb;
- s->ext.session_secret_cb_arg = arg;
+
+ sc->ext.session_secret_cb = tls_session_secret_cb;
+ sc->ext.session_secret_cb_arg = arg;
return 1;
}
int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
void *arg)
{
- if (s == NULL)
+ SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+
+ if (sc == NULL)
return 0;
- s->ext.session_ticket_cb = cb;
- s->ext.session_ticket_cb_arg = arg;
+
+ sc->ext.session_ticket_cb = cb;
+ sc->ext.session_ticket_cb_arg = arg;
return 1;
}
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
{
- if (s->version >= TLS1_VERSION) {
- OPENSSL_free(s->ext.session_ticket);
- s->ext.session_ticket = NULL;
- s->ext.session_ticket =
+ SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+
+ if (sc == NULL)
+ return 0;
+
+ if (sc->version >= TLS1_VERSION) {
+ OPENSSL_free(sc->ext.session_ticket);
+ sc->ext.session_ticket = NULL;
+ sc->ext.session_ticket =
OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
- if (s->ext.session_ticket == NULL) {
+ if (sc->ext.session_ticket == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
if (ext_data != NULL) {
- s->ext.session_ticket->length = ext_len;
- s->ext.session_ticket->data = s->ext.session_ticket + 1;
- memcpy(s->ext.session_ticket->data, ext_data, ext_len);
+ sc->ext.session_ticket->length = ext_len;
+ sc->ext.session_ticket->data = sc->ext.session_ticket + 1;
+ memcpy(sc->ext.session_ticket->data, ext_data, ext_len);
} else {
- s->ext.session_ticket->length = 0;
- s->ext.session_ticket->data = NULL;
+ sc->ext.session_ticket->length = 0;
+ sc->ext.session_ticket->data = NULL;
}
return 1;
sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free);
}
-int ssl_clear_bad_session(SSL *s)
+int ssl_clear_bad_session(SSL_CONNECTION *s)
{
if ((s->session != NULL) &&
!(s->shutdown & SSL_SENT_SHUTDOWN) &&
- !(SSL_in_init(s) || SSL_in_before(s))) {
+ !(SSL_in_init(SSL_CONNECTION_GET_SSL(s))
+ || SSL_in_before(SSL_CONNECTION_GET_SSL(s)))) {
SSL_CTX_remove_session(s->session_ctx, s->session);
return 1;
} else
}
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
- SSL_SESSION *(*cb) (struct ssl_st *ssl,
+ SSL_SESSION *(*cb) (SSL *ssl,
const unsigned char *data,
int len, int *copy))
{