BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_MUTEX *lock, const BIGNUM *mod, BN_CTX *bn_ctx) { CRYPTO_MUTEX_lock_read(lock); BN_MONT_CTX *ctx = *pmont; CRYPTO_MUTEX_unlock(lock); if (ctx) { return ctx; } CRYPTO_MUTEX_lock_write(lock); ctx = *pmont; if (ctx) { goto out; } ctx = BN_MONT_CTX_new(); if (ctx == NULL) { goto out; } if (!BN_MONT_CTX_set(ctx, mod, bn_ctx)) { BN_MONT_CTX_free(ctx); ctx = NULL; goto out; } *pmont = ctx; out: CRYPTO_MUTEX_unlock(lock); return ctx; }
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) { int ret = 0; SSL_SESSION *s; /* add just 1 reference count for the SSL_CTX's session cache even though it * has two ways of access: each session is in a doubly linked list and an * lhash */ SSL_SESSION_up_ref(c); /* if session c is in already in cache, we take back the increment later */ CRYPTO_MUTEX_lock_write(&ctx->lock); if (!lh_SSL_SESSION_insert(ctx->sessions, &s, c)) { CRYPTO_MUTEX_unlock(&ctx->lock); return 0; } /* s != NULL iff we already had a session with the given PID. In this case, s * == c should hold (then we did not really modify ctx->sessions), or we're * in trouble. */ if (s != NULL && s != c) { /* We *are* in trouble ... */ SSL_SESSION_list_remove(ctx, s); SSL_SESSION_free(s); /* ... so pretend the other session did not exist in cache (we cannot * handle two SSL_SESSION structures with identical session ID in the same * cache, which could happen e.g. when two threads concurrently obtain the * same session from an external cache) */ s = NULL; } /* Put at the head of the queue unless it is already in the cache */ if (s == NULL) { SSL_SESSION_list_add(ctx, c); } if (s != NULL) { /* existing cache entry -- decrement previously incremented reference count * because it already takes into account the cache */ SSL_SESSION_free(s); /* s == c */ ret = 0; } else { /* new cache entry -- remove old ones if cache has become too large */ ret = 1; if (SSL_CTX_sess_get_cache_size(ctx) > 0) { while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) { if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) { break; } } } } CRYPTO_MUTEX_unlock(&ctx->lock); return ret; }
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *session, int lock) { int ret = 0; if (session != NULL && session->session_id_length != 0) { if (lock) { CRYPTO_MUTEX_lock_write(&ctx->lock); } SSL_SESSION *found_session = lh_SSL_SESSION_retrieve(ctx->sessions, session); if (found_session == session) { ret = 1; found_session = lh_SSL_SESSION_delete(ctx->sessions, session); SSL_SESSION_list_remove(ctx, session); } if (lock) { CRYPTO_MUTEX_unlock(&ctx->lock); } if (ret) { found_session->not_resumable = 1; if (ctx->remove_session_cb != NULL) { ctx->remove_session_cb(ctx, found_session); } SSL_SESSION_free(found_session); } } return ret; }
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lock) { SSL_SESSION *r; int ret = 0; if (c != NULL && c->session_id_length != 0) { if (lock) { CRYPTO_MUTEX_lock_write(&ctx->lock); } r = lh_SSL_SESSION_retrieve(ctx->sessions, c); if (r == c) { ret = 1; r = lh_SSL_SESSION_delete(ctx->sessions, c); SSL_SESSION_list_remove(ctx, c); } if (lock) { CRYPTO_MUTEX_unlock(&ctx->lock); } if (ret) { r->not_resumable = 1; if (ctx->remove_session_cb != NULL) { ctx->remove_session_cb(ctx, r); } SSL_SESSION_free(r); } } return ret; }
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session) { /* Although |session| is inserted into two structures (a doubly-linked list * and the hash table), |ctx| only takes one reference. */ SSL_SESSION_up_ref(session); SSL_SESSION *old_session; CRYPTO_MUTEX_lock_write(&ctx->lock); if (!lh_SSL_SESSION_insert(ctx->sessions, &old_session, session)) { CRYPTO_MUTEX_unlock(&ctx->lock); SSL_SESSION_free(session); return 0; } if (old_session != NULL) { if (old_session == session) { /* |session| was already in the cache. */ CRYPTO_MUTEX_unlock(&ctx->lock); SSL_SESSION_free(old_session); return 0; } /* There was a session ID collision. |old_session| must be removed from * the linked list and released. */ SSL_SESSION_list_remove(ctx, old_session); SSL_SESSION_free(old_session); } SSL_SESSION_list_add(ctx, session); /* Enforce any cache size limits. */ if (SSL_CTX_sess_get_cache_size(ctx) > 0) { while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) { if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) { break; } } } CRYPTO_MUTEX_unlock(&ctx->lock); return 1; }
/* rsa_blinding_release marks the cached BN_BLINDING at the given index as free * for other threads to use. */ static void rsa_blinding_release(RSA *rsa, BN_BLINDING *blinding, unsigned blinding_index) { if (blinding_index == MAX_BLINDINGS_PER_RSA) { /* This blinding wasn't cached. */ BN_BLINDING_free(blinding); return; } CRYPTO_MUTEX_lock_write(&rsa->lock); rsa->blindings_inuse[blinding_index] = 0; CRYPTO_MUTEX_unlock(&rsa->lock); }
void SSL_CTX_flush_sessions(SSL_CTX *ctx, long time) { TIMEOUT_PARAM tp; tp.ctx = ctx; tp.cache = ctx->sessions; if (tp.cache == NULL) { return; } tp.time = time; CRYPTO_MUTEX_lock_write(&ctx->lock); lh_SSL_SESSION_doall_arg(tp.cache, timeout_doall_arg, &tp); CRYPTO_MUTEX_unlock(&ctx->lock); }
/* ssl_lookup_session looks up |session_id| in the session cache and sets * |*out_session| to an |SSL_SESSION| object if found. The caller takes * ownership of the result. */ static enum ssl_session_result_t ssl_lookup_session( SSL *ssl, SSL_SESSION **out_session, const uint8_t *session_id, size_t session_id_len) { *out_session = NULL; if (session_id_len == 0 || session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) { return ssl_session_success; } SSL_SESSION *session; /* Try the internal cache, if it exists. */ if (!(ssl->initial_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { SSL_SESSION data; data.ssl_version = ssl->version; data.session_id_length = session_id_len; memcpy(data.session_id, session_id, session_id_len); CRYPTO_MUTEX_lock_read(&ssl->initial_ctx->lock); session = lh_SSL_SESSION_retrieve(ssl->initial_ctx->sessions, &data); if (session != NULL) { SSL_SESSION_up_ref(session); } /* TODO(davidben): This should probably move it to the front of the list. */ CRYPTO_MUTEX_unlock(&ssl->initial_ctx->lock); if (session != NULL) { *out_session = session; return ssl_session_success; } } /* Fall back to the external cache, if it exists. */ if (ssl->initial_ctx->get_session_cb == NULL) { return ssl_session_success; } int copy = 1; session = ssl->initial_ctx->get_session_cb(ssl, (uint8_t *)session_id, session_id_len, ©); if (session == NULL) { return ssl_session_success; } if (session == SSL_magic_pending_session_ptr()) { return ssl_session_retry; } /* Increment reference count now if the session callback asks us to do so * (note that if the session structures returned by the callback are shared * between threads, it must handle the reference count itself [i.e. copy == * 0], or things won't be thread-safe). */ if (copy) { SSL_SESSION_up_ref(session); } /* Add the externally cached session to the internal cache if necessary. */ if (!(ssl->initial_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) { SSL_CTX_add_session(ssl->initial_ctx, session); } *out_session = session; return ssl_session_success; }
/* rsa_blinding_get returns a BN_BLINDING to use with |rsa|. It does this by * allocating one of the cached BN_BLINDING objects in |rsa->blindings|. If * none are free, the cache will be extended by a extra element and the new * BN_BLINDING is returned. * * On success, the index of the assigned BN_BLINDING is written to * |*index_used| and must be passed to |rsa_blinding_release| when finished. */ static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used, BN_CTX *ctx) { BN_BLINDING *ret = NULL; BN_BLINDING **new_blindings; uint8_t *new_blindings_inuse; char overflow = 0; CRYPTO_MUTEX_lock_write(&rsa->lock); unsigned i; for (i = 0; i < rsa->num_blindings; i++) { if (rsa->blindings_inuse[i] == 0) { rsa->blindings_inuse[i] = 1; ret = rsa->blindings[i]; *index_used = i; break; } } if (ret != NULL) { CRYPTO_MUTEX_unlock(&rsa->lock); return ret; } overflow = rsa->num_blindings >= MAX_BLINDINGS_PER_RSA; /* We didn't find a free BN_BLINDING to use so increase the length of * the arrays by one and use the newly created element. */ CRYPTO_MUTEX_unlock(&rsa->lock); ret = rsa_setup_blinding(rsa, ctx); if (ret == NULL) { return NULL; } if (overflow) { /* We cannot add any more cached BN_BLINDINGs so we use |ret| * and mark it for destruction in |rsa_blinding_release|. */ *index_used = MAX_BLINDINGS_PER_RSA; return ret; } CRYPTO_MUTEX_lock_write(&rsa->lock); new_blindings = OPENSSL_malloc(sizeof(BN_BLINDING *) * (rsa->num_blindings + 1)); if (new_blindings == NULL) { goto err1; } memcpy(new_blindings, rsa->blindings, sizeof(BN_BLINDING *) * rsa->num_blindings); new_blindings[rsa->num_blindings] = ret; new_blindings_inuse = OPENSSL_malloc(rsa->num_blindings + 1); if (new_blindings_inuse == NULL) { goto err2; } memcpy(new_blindings_inuse, rsa->blindings_inuse, rsa->num_blindings); new_blindings_inuse[rsa->num_blindings] = 1; *index_used = rsa->num_blindings; OPENSSL_free(rsa->blindings); rsa->blindings = new_blindings; OPENSSL_free(rsa->blindings_inuse); rsa->blindings_inuse = new_blindings_inuse; rsa->num_blindings++; CRYPTO_MUTEX_unlock(&rsa->lock); return ret; err2: OPENSSL_free(new_blindings); err1: CRYPTO_MUTEX_unlock(&rsa->lock); BN_BLINDING_free(ret); return NULL; }
/* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this * connection. It is only called by servers. * * ctx: contains the early callback context, which is the result of a * shallow parse of the ClientHello. * * Returns: * -1: error * 0: a session may have been found. * * Side effects: * - If a session is found then s->session is pointed at it (after freeing an * existing session if need be) and s->verify_result is set from the session. * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 * if the server should issue a new session ticket (to 0 otherwise). */ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) { /* This is used only by servers. */ SSL_SESSION *ret = NULL; int fatal = 0; int try_session_cache = 1; int r; if (ctx->session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) { goto err; } if (ctx->session_id_len == 0) { try_session_cache = 0; } r = tls1_process_ticket(s, ctx, &ret); /* sets s->tlsext_ticket_expected */ switch (r) { case -1: /* Error during processing */ fatal = 1; goto err; case 0: /* No ticket found */ case 1: /* Zero length ticket found */ break; /* Ok to carry on processing session id. */ case 2: /* Ticket found but not decrypted. */ case 3: /* Ticket decrypted, *ret has been set. */ try_session_cache = 0; break; default: abort(); } if (try_session_cache && ret == NULL && !(s->initial_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { SSL_SESSION data; data.ssl_version = s->version; data.session_id_length = ctx->session_id_len; if (ctx->session_id_len == 0) { return 0; } memcpy(data.session_id, ctx->session_id, ctx->session_id_len); CRYPTO_MUTEX_lock_read(&s->initial_ctx->lock); ret = lh_SSL_SESSION_retrieve(s->initial_ctx->sessions, &data); if (ret != NULL) { SSL_SESSION_up_ref(ret); } CRYPTO_MUTEX_unlock(&s->initial_ctx->lock); } if (try_session_cache && ret == NULL && s->initial_ctx->get_session_cb != NULL) { int copy = 1; ret = s->initial_ctx->get_session_cb(s, (uint8_t *)ctx->session_id, ctx->session_id_len, ©); if (ret != NULL) { if (ret == SSL_magic_pending_session_ptr()) { /* This is a magic value which indicates that the callback needs to * unwind the stack and figure out the session asynchronously. */ return PENDING_SESSION; } /* Increment reference count now if the session callback asks us to do so * (note that if the session structures returned by the callback are * shared between threads, it must handle the reference count itself * [i.e. copy == 0], or things won't be thread-safe). */ if (copy) { SSL_SESSION_up_ref(ret); } /* Add the externally cached session to the internal cache as well if and * only if we are supposed to. */ if (!(s->initial_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) { /* The following should not return 1, otherwise, things are very * strange */ SSL_CTX_add_session(s->initial_ctx, ret); } } } if (ret == NULL) { goto err; } /* Now ret is non-NULL and we own one of its reference counts. */ if (ret->sid_ctx_length != s->sid_ctx_length || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { /* We have the session requested by the client, but we don't want to use it * in this context. */ goto err; /* treat like cache miss */ } if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { /* We can't be sure if this session is being used out of context, which is * especially important for SSL_VERIFY_PEER. The application should have * used SSL[_CTX]_set_session_id_context. * * For this error case, we generate an error instead of treating the event * like a cache miss (otherwise it would be easy for applications to * effectively disable the session cache by accident without anyone * noticing). */ OPENSSL_PUT_ERROR(SSL, ssl_get_prev_session, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); fatal = 1; goto err; } if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */ if (try_session_cache) { /* session was from the cache, so remove it */ SSL_CTX_remove_session(s->initial_ctx, ret); } goto err; } SSL_SESSION_free(s->session); s->session = ret; s->verify_result = s->session->verify_result; return 1; err: if (ret != NULL) { SSL_SESSION_free(ret); if (!try_session_cache) { /* The session was from a ticket, so we should * issue a ticket for the new session */ s->tlsext_ticket_expected = 1; } } if (fatal) { return -1; } return 0; }