BOOL ssl_scache_shmht_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess) { SSLModConfigRec *mc = myModConfig(); void *vp; UCHAR ucaData[SSL_SESSION_MAX_DER]; int nData; UCHAR *ucp; /* streamline session data */ if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData)) return FALSE; ucp = ucaData; i2d_SSL_SESSION(sess, &ucp); ssl_mutex_on(s); if (table_insert_kd(mc->tSessionCacheDataTable, id, idlen, NULL, sizeof(time_t)+nData, NULL, &vp, 1) != TABLE_ERROR_NONE) { ssl_mutex_off(s); return FALSE; } memcpy(vp, &expiry, sizeof(time_t)); memcpy((char *)vp+sizeof(time_t), ucaData, nData); ssl_mutex_off(s); /* allow the regular expiring to occur */ ssl_scache_shmht_expire(s); return TRUE; }
BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen, apr_time_t expiry, SSL_SESSION *sess, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); unsigned char encoded[SSL_SESSION_MAX_DER], *ptr; unsigned int len; apr_status_t rv; /* Serialise the session. */ len = i2d_SSL_SESSION(sess, NULL); if (len > sizeof encoded) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01875) "session is too big (%u bytes)", len); return FALSE; } ptr = encoded; len = i2d_SSL_SESSION(sess, &ptr); if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) { ssl_mutex_on(s); } rv = mc->sesscache->store(mc->sesscache_context, s, id, idlen, expiry, encoded, len, p); if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) { ssl_mutex_off(s); } return rv == APR_SUCCESS ? TRUE : FALSE; }
bool SSLSessionCacheManager::storeCacheRecord(const string& sessionId, SSL_SESSION* session) { std::string sessionString; uint32_t sessionLen = i2d_SSL_SESSION(session, nullptr); sessionString.resize(sessionLen); uint8_t* cp = (uint8_t *)sessionString.data(); i2d_SSL_SESSION(session, &cp); size_t expiration = SSL_CTX_get_timeout(ctx_->getSSLCtx()); return externalCache_->setAsync(sessionId, sessionString, std::chrono::seconds(expiration)); }
NOEXPORT int sess_new_cb(SSL *ssl, SSL_SESSION *sess) { unsigned char *val, *val_tmp; int val_len; val_len=i2d_SSL_SESSION(sess, NULL); val_tmp=val=str_alloc(val_len); i2d_SSL_SESSION(sess, &val_tmp); cache_transfer(ssl->ctx, CACHE_CMD_NEW, SSL_SESSION_get_timeout(sess), sess->session_id, sess->session_id_length, val, val_len, NULL, NULL); str_free(val); return 1; /* leave the session in local cache for reuse */ }
cache_val_t cachessess_mkval(SSL_SESSION *sess) { dynbuf_t *db; unsigned char *p; size_t asn1sz; asn1sz = i2d_SSL_SESSION(sess, NULL); if (!asn1sz || !(db = dynbuf_new_alloc(asn1sz))) { return NULL; } p = db->buf; i2d_SSL_SESSION(sess, &p); /* updates p */ return db; }
static int on_async_resumption_new(SSL *ssl, SSL_SESSION *session) { h2o_iovec_t data; const unsigned char *id; unsigned id_len; unsigned char *p; /* build data */ data.len = i2d_SSL_SESSION(session, NULL); data.base = alloca(data.len); p = (void *)data.base; i2d_SSL_SESSION(session, &p); id = SSL_SESSION_get_id(session, &id_len); resumption_new(h2o_iovec_init(id, id_len), data); return 0; }
std::string getSessionData(SSL_SESSION* s, size_t expectedLength) { std::unique_ptr<unsigned char[]> sessionData(new unsigned char[expectedLength]); auto p = sessionData.get(); auto len = i2d_SSL_SESSION(s, &p); CHECK(expectedLength == len); return std::string(reinterpret_cast<const char*>(sessionData.get()), len); }
std::string SSLSessionImpl::serialize(void) const { std::string ret; // Get the length first, then we know how much space to allocate. auto len = i2d_SSL_SESSION(session_, nullptr); if (len > 0) { std::unique_ptr<unsigned char[]> uptr(new unsigned char[len]); auto p = uptr.get(); auto written = i2d_SSL_SESSION(session_, &p); if (written <= 0) { VLOG(2) << "Could not serialize SSL_SESSION!"; } else { ret.assign(uptr.get(), uptr.get() + written); } } return ret; }
/* * call-seq: * session.to_der -> aString * * Returns an ASN1 encoded String that contains the Session object. */ static VALUE ossl_ssl_session_to_der(VALUE self) { SSL_SESSION *ctx; unsigned char *p; int len; VALUE str; GetSSLSession(self, ctx); len = i2d_SSL_SESSION(ctx, NULL); if (len <= 0) { ossl_raise(eSSLSession, "i2d_SSL_SESSION"); } str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); i2d_SSL_SESSION(ctx, &p); ossl_str_adjust(str, p); return str; }
BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen, time_t timeout, SSL_SESSION * pSession) { SSLModConfigRec *mc = myModConfig(s); BOOL to_return = FALSE; unsigned char encoded[SSL_SESSION_MAX_DER]; unsigned char *ptr_encoded; unsigned int len_encoded; SHMCBHeader *header = mc->tSessionCacheDataTable; SHMCBSubcache *subcache = SHMCB_MASK(header, id); ssl_mutex_on(s); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "ssl_scache_shmcb_store (0x%02x -> subcache %d)", SHMCB_MASK_DBG(header, id)); if (idlen < 4) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "unusably short session_id provided " "(%u bytes)", idlen); goto done; } /* Serialise the session. */ len_encoded = i2d_SSL_SESSION(pSession, NULL); if (len_encoded > SSL_SESSION_MAX_DER) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "session is too big (%u bytes)", len_encoded); goto done; } ptr_encoded = encoded; len_encoded = i2d_SSL_SESSION(pSession, &ptr_encoded); if (!shmcb_subcache_store(s, header, subcache, encoded, len_encoded, id, timeout)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "can't store a session!"); goto done; } header->stat_stores++; to_return = TRUE; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "leaving ssl_scache_shmcb_store successfully"); done: ssl_mutex_off(s); return to_return; }
NOEXPORT void cache_new(SSL *ssl, SSL_SESSION *sess) { unsigned char *val, *val_tmp; ssize_t val_len; const unsigned char *session_id; unsigned int session_id_length; val_len=i2d_SSL_SESSION(sess, NULL); val_tmp=val=str_alloc((size_t)val_len); i2d_SSL_SESSION(sess, &val_tmp); #if OPENSSL_VERSION_NUMBER>=0x0090800fL session_id=SSL_SESSION_get_id(sess, &session_id_length); #else session_id=(const unsigned char *)sess->session_id; session_id_length=sess->session_id_length; #endif cache_transfer(SSL_get_SSL_CTX(ssl), CACHE_CMD_NEW, SSL_SESSION_get_timeout(sess), session_id, session_id_length, val, (size_t)val_len, NULL, NULL); str_free(val); }
int uwsgi_ssl_session_new_cb(SSL *ssl, SSL_SESSION *sess) { char session_blob[4096]; int len = i2d_SSL_SESSION(sess, NULL); if (len > 4096) { if (uwsgi.ssl_verbose) { uwsgi_log("[uwsgi-ssl] unable to store session of size %d\n", len); } return 0; } unsigned char *p = (unsigned char *) session_blob; i2d_SSL_SESSION(sess, &p); // ok let's write the value to the cache uwsgi_wlock(uwsgi.ssl_sessions_cache->lock); if (uwsgi_cache_set2(uwsgi.ssl_sessions_cache, (char *) sess->session_id, sess->session_id_length, session_blob, len, uwsgi.ssl_sessions_timeout, 0)) { if (uwsgi.ssl_verbose) { uwsgi_log("[uwsgi-ssl] unable to store session of size %d in the cache\n", len); } } uwsgi_rwunlock(uwsgi.ssl_sessions_cache->lock); return 0; }
BOOL ssl_scache_dc_store(server_rec *s, UCHAR *id, int idlen, time_t timeout, SSL_SESSION * pSession) { unsigned char der[SSL_SESSION_MAX_DER]; int der_len; unsigned char *pder = der; SSLModConfigRec *mc = myModConfig(s); DC_CTX *ctx = mc->tSessionCacheDataTable; /* Serialise the SSL_SESSION object */ if ((der_len = i2d_SSL_SESSION(pSession, NULL)) > SSL_SESSION_MAX_DER) return FALSE; i2d_SSL_SESSION(pSession, &pder); /* !@#$%^ - why do we deal with *absolute* time anyway??? */ timeout -= time(NULL); /* Send the serialised session to the distributed cache context */ if (!DC_CTX_add_session(ctx, id, idlen, der, der_len, (unsigned long)timeout * 1000)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'add_session' failed"); return FALSE; } ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "distributed scache 'add_session' successful"); return TRUE; }
/* * call-seq: * session.to_der -> aString * * Returns an ASN1 encoded String that contains the Session object. */ static VALUE ossl_ssl_session_to_der(VALUE self) { SSL_SESSION *ctx; unsigned char buf[1024*10], *p; int len; GetSSLSession(self, ctx); p = buf; len = i2d_SSL_SESSION(ctx, &p); if (len <= 0) ossl_raise(eSSLSession, "i2d_SSL_SESSION"); else if (len >= sizeof(buf)) ossl_raise(eSSLSession, "i2d_SSL_SESSION too large"); return rb_str_new((const char *) p, len); }
/* return the size of serialized session. */ int ngx_http_lua_ffi_ssl_get_serialized_session_size(ngx_http_request_t *r, char **err) { int len; ngx_ssl_conn_t *ssl_conn; ngx_connection_t *c; ngx_ssl_session_t *session; ngx_http_lua_ssl_ctx_t *cctx; c = r->connection; if (c == NULL || c->ssl == NULL) { *err = "bad request"; return NGX_ERROR; } ssl_conn = c->ssl->connection; if (ssl_conn == NULL) { *err = "bad ssl conn"; return NGX_ERROR; } dd("get cctx session size"); cctx = ngx_http_lua_ssl_get_ctx(c->ssl->connection); if (cctx == NULL) { *err = "bad lua context"; return NGX_ERROR; } session = cctx->session; if (session == NULL) { *err = "bad session in lua context"; return NGX_ERROR; } len = i2d_SSL_SESSION(session, NULL); if (len == 0) { *err = "i2d_SSL_SESSION() failed"; return NGX_ERROR; } return len; }
static void ngx_stream_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc, void *data) { ngx_stream_upstream_rr_peer_data_t *rrp = data; ngx_ssl_session_t *old_ssl_session, *ssl_session; ngx_stream_upstream_rr_peer_t *peer; #if (NGX_STREAM_UPSTREAM_ZONE) int len; u_char *p; ngx_stream_upstream_rr_peers_t *peers; u_char buf[NGX_SSL_MAX_SESSION_SIZE]; #endif #if (NGX_STREAM_UPSTREAM_ZONE) peers = rrp->peers; if (peers->shpool) { ssl_session = SSL_get0_session(pc->connection->ssl->connection); if (ssl_session == NULL) { return; } ngx_log_debug1(NGX_LOG_DEBUG_STREAM, pc->log, 0, "save session: %p", ssl_session); len = i2d_SSL_SESSION(ssl_session, NULL); /* do not cache too big session */ if (len > NGX_SSL_MAX_SESSION_SIZE) { return; } p = buf; (void) i2d_SSL_SESSION(ssl_session, &p); peer = rrp->current; ngx_stream_upstream_rr_peers_rlock(peers); ngx_stream_upstream_rr_peer_lock(peers, peer); if (len > peer->ssl_session_len) { ngx_shmtx_lock(&peers->shpool->mutex); if (peer->ssl_session) { ngx_slab_free_locked(peers->shpool, peer->ssl_session); } peer->ssl_session = ngx_slab_alloc_locked(peers->shpool, len); ngx_shmtx_unlock(&peers->shpool->mutex); if (peer->ssl_session == NULL) { peer->ssl_session_len = 0; ngx_stream_upstream_rr_peer_unlock(peers, peer); ngx_stream_upstream_rr_peers_unlock(peers); return; } peer->ssl_session_len = len; } ngx_memcpy(peer->ssl_session, buf, len); ngx_stream_upstream_rr_peer_unlock(peers, peer); ngx_stream_upstream_rr_peers_unlock(peers); return; } #endif ssl_session = ngx_ssl_get_session(pc->connection); if (ssl_session == NULL) { return; } ngx_log_debug1(NGX_LOG_DEBUG_STREAM, pc->log, 0, "save session: %p", ssl_session); peer = rrp->current; old_ssl_session = peer->ssl_session; peer->ssl_session = ssl_session; if (old_ssl_session) { ngx_log_debug1(NGX_LOG_DEBUG_STREAM, pc->log, 0, "old session: %p", old_ssl_session); /* TODO: may block */ ngx_ssl_free_session(old_ssl_session); } }
int MAIN(int argc, char **argv) { SSL_SESSION *x=NULL; int ret=1,i,num,badops=0; BIO *out=NULL; int informat,outformat; char *infile=NULL,*outfile=NULL,*context=NULL; int cert=0,noout=0,text=0; char **pp; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); informat=FORMAT_PEM; outformat=FORMAT_PEM; argc--; argv++; num=0; while (argc >= 1) { if (strcmp(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-text") == 0) text= ++num; else if (strcmp(*argv,"-cert") == 0) cert= ++num; else if (strcmp(*argv,"-noout") == 0) noout= ++num; else if (strcmp(*argv,"-context") == 0) { if(--argc < 1) goto bad; context=*++argv; } else { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: for (pp=sess_id_usage; (*pp != NULL); pp++) BIO_printf(bio_err,*pp); goto end; } ERR_load_crypto_strings(); x=load_sess_id(infile,informat); if (x == NULL) { goto end; } if(context) { x->sid_ctx_length=strlen(context); if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH) { BIO_printf(bio_err,"Context too long\n"); goto end; } memcpy(x->sid_ctx,context,x->sid_ctx_length); } #ifdef undef /* just testing for memory leaks :-) */ { SSL_SESSION *s; char buf[1024*10],*p; int i; s=SSL_SESSION_new(); p= &buf; i=i2d_SSL_SESSION(x,&p); p= &buf; d2i_SSL_SESSION(&s,&p,(long)i); p= &buf; d2i_SSL_SESSION(&s,&p,(long)i); p= &buf; d2i_SSL_SESSION(&s,&p,(long)i); SSL_SESSION_free(s); } #endif if (!noout || text) { out=BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } } if (text) { SSL_SESSION_print(out,x); if (cert) { if (x->peer == NULL) BIO_puts(out,"No certificate present\n"); else X509_print(out,x->peer); } } if (!noout && !cert) { if (outformat == FORMAT_ASN1) i=(int)i2d_SSL_SESSION_bio(out,x); else if (outformat == FORMAT_PEM) i=PEM_write_bio_SSL_SESSION(out,x); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write SSL_SESSION\n"); goto end; } } else if (!noout && (x->peer != NULL)) /* just print the certificate */ { if (outformat == FORMAT_ASN1) i=(int)i2d_X509_bio(out,x->peer); else if (outformat == FORMAT_PEM) i=PEM_write_bio_X509(out,x->peer); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write X509\n"); goto end; } } ret=0; end: if (out != NULL) BIO_free_all(out); if (x != NULL) SSL_SESSION_free(x); EXIT(ret); }