X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_sess.c;h=cac408c38e805689c102f6a7c71accfc2d409fec;hp=26a80d66639133f4540461625e1c0d362ae4e96e;hb=673eadec2c9032e938040d5eba241baed30d2c10;hpb=ec577822f95a8bca0023c5c77cef1a4916822d4a diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 26a80d6663..cac408c38e 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -61,14 +61,9 @@ #include #include "ssl_locl.h" -#ifndef NOPROTO static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); -#else -static void SSL_SESSION_list_remove(); -static void SSL_SESSION_list_add(); -#endif - +static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); static int ssl_session_num=0; static STACK *ssl_session_meth=NULL; @@ -120,6 +115,8 @@ SSL_SESSION *SSL_SESSION_new(void) int ssl_get_new_session(SSL *s, int session) { + /* This gets used by clients and servers. */ + SSL_SESSION *ss=NULL; if ((ss=SSL_SESSION_new()) == NULL) return(0); @@ -188,6 +185,8 @@ int ssl_get_new_session(SSL *s, int session) int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) { + /* This is used only by servers. */ + SSL_SESSION *ret=NULL,data; int copy=1; @@ -226,7 +225,11 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))) { - SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + if (s->sid_ctx_length) + SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + else + /* application should have used SSL[_CTX]_set_session_id_context */ + SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); return 0; } @@ -310,8 +313,8 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) { - if (!SSL_CTX_remove_session(ctx, - ctx->session_cache_tail)) + if (!remove_session_lock(ctx, + ctx->session_cache_tail, 0)) break; else ctx->stats.sess_cache_full++; @@ -323,13 +326,18 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) } int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) +{ + return remove_session_lock(ctx, c, 1); +} + +static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) { SSL_SESSION *r; int ret=0; if ((c != NULL) && (c->session_id_length != 0)) { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c); if (r != NULL) { @@ -337,7 +345,7 @@ int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) SSL_SESSION_list_remove(ctx,c); } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); if (ret) { @@ -377,7 +385,7 @@ void SSL_SESSION_free(SSL_SESSION *ss) memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); - if (ss->cert != NULL) ssl_cert_free(ss->cert); + if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); memset(ss,0,sizeof(*ss));