X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_sess.c;h=e918d9854f19a82a2265de1c088c89f23cdb3cc8;hp=a172107bd29f3df5b8db58135ea6dd0a5ba2dd56;hb=1dfad80565312a520b719bfd5115aedf9f3f1487;hpb=801294f873d158c831b04d3df941f01e14d6875e

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index a172107bd2..e918d9854f 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -115,6 +115,8 @@ SSL_SESSION *SSL_SESSION_new(void)
 
 int ssl_get_new_session(SSL *s, int session)
 	{
+	/* This gets used by clients and servers. */
+
 	SSL_SESSION *ss=NULL;
 
 	if ((ss=SSL_SESSION_new()) == NULL) return(0);
@@ -166,6 +168,8 @@ int ssl_get_new_session(SSL *s, int session)
 			CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
 			if (r == NULL) break;
 			/* else - woops a session_id match */
+			/* XXX should also check external cache!
+			 * (But the probability of a collision is negligible, anyway...) */
 			}
 		}
 	else
@@ -183,25 +187,31 @@ int ssl_get_new_session(SSL *s, int session)
 
 int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 	{
+	/* This is used only by servers. */
+
 	SSL_SESSION *ret=NULL,data;
-	int copy=1;
+	int fatal = 0;
 
 	/* conn_init();*/
 	data.ssl_version=s->version;
 	data.session_id_length=len;
 	if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
-		return(0);
+		goto err;
 	memcpy(data.session_id,session_id,len);
 
 	if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 		{
 		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
 		ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data);
+		/* don't allow other threads to steal it: */
+		CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
 		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
 		}
 
 	if (ret == NULL)
 		{
+		int copy=1;
+	
 		s->ctx->stats.sess_miss++;
 		ret=NULL;
 		if (s->ctx->get_session_cb != NULL
@@ -210,24 +220,52 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 			{
 			s->ctx->stats.sess_cb_hit++;
 
+			/* Increment reference count now if the session callback
+			 * asks us to do so (note that if the session structures
+			 * returned by the callback are shared between threads,
+			 * it must handle the reference count itself [i.e. copy == 0],
+			 * or things won't be thread-safe). */
+			if (copy)
+				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+
 			/* The following should not return 1, otherwise,
 			 * things are very strange */
 			SSL_CTX_add_session(s->ctx,ret);
 			}
-		if (ret == NULL) return(0);
+		if (ret == NULL)
+			goto err;
 		}
 
+	/* Now ret is non-NULL, and we own one of its reference counts. */
+
 	if((s->verify_mode&SSL_VERIFY_PEER)
 	   && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
 	       || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
 	    {
-	    SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
-	    return 0;
-	    }
+		/* We've found the session named by the client, but we don't
+		 * want to use it in this context. */
+		
+		if (s->sid_ctx_length == 0)
+			{
+			/* application should have used SSL[_CTX]_set_session_id_context
+			 * -- we could tolerate this and just pretend we never heard
+			 * of this session, but then applications could effectively
+			 * disable the session cache by accident without anyone noticing */
+
+			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+			fatal = 1;
+			goto err;
+			}
+		else
+			{
+#if 0 /* The client cannot always know when a session is not appropriate,
+	   * so we shouldn't generate an error message. */
 
-	/* auto free it */
-	if (!copy)
-	    SSL_SESSION_free(ret);
+			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+#endif
+			goto err; /* treat like cache miss */
+			}
+		}
 
 	if (ret->cipher == NULL)
 		{
@@ -242,22 +280,25 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 		else 
 			ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
 		if (ret->cipher == NULL)
-			return(0);
+			goto err;
 		}
 
+
+#if 0 /* This is way too late. */
+
 	/* If a thread got the session, then 'swaped', and another got
 	 * it and then due to a time-out decided to 'Free' it we could
 	 * be in trouble.  So I'll increment it now, then double decrement
 	 * later - am I speaking rubbish?. */
 	CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+#endif
 
 	if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
 		{
 		s->ctx->stats.sess_timeout++;
 		/* remove it from the cache */
 		SSL_CTX_remove_session(s->ctx,ret);
-		SSL_SESSION_free(ret);		/* again to actually Free it */
-		return(0);
+		goto err;
 		}
 
 	s->ctx->stats.sess_hit++;
@@ -270,6 +311,14 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 		SSL_SESSION_free(s->session);
 	s->session=ret;
 	return(1);
+
+ err:
+	if (ret != NULL)
+		SSL_SESSION_free(ret);
+	if (fatal)
+		return -1;
+	else
+		return 0;
 	}
 
 int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
@@ -322,7 +371,7 @@ int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
 	return remove_session_lock(ctx, c, 1);
 }
 
-int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
 	{
 	SSL_SESSION *r;
 	int ret=0;
@@ -377,7 +426,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
 	memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
 	memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
 	memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
-	if (ss->cert != NULL) ssl_cert_free(ss->cert);
+	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
 	if (ss->peer != NULL) X509_free(ss->peer);
 	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
 	memset(ss,0,sizeof(*ss));