int tls13_process_new_session_ticket(SSL *ssl) { SSL_SESSION *session = SSL_SESSION_dup(ssl->s3->established_session, SSL_SESSION_INCLUDE_NONAUTH); if (session == NULL) { return 0; } CBS cbs, extensions, ticket; CBS_init(&cbs, ssl->init_msg, ssl->init_num); if (!CBS_get_u32(&cbs, &session->tlsext_tick_lifetime_hint) || !CBS_get_u32(&cbs, &session->ticket_flags) || !CBS_get_u32(&cbs, &session->ticket_age_add) || !CBS_get_u16_length_prefixed(&cbs, &extensions) || !CBS_get_u16_length_prefixed(&cbs, &ticket) || !CBS_stow(&ticket, &session->tlsext_tick, &session->tlsext_ticklen) || CBS_len(&cbs) != 0) { SSL_SESSION_free(session); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); return 0; } session->ticket_age_add_valid = 1; session->not_resumable = 0; if (ssl->ctx->new_session_cb != NULL && ssl->ctx->new_session_cb(ssl, session)) { /* |new_session_cb|'s return value signals that it took ownership. */ return 1; } SSL_SESSION_free(session); return 1; }
END_TEST #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) START_TEST(cache_dsess_04) { SSL_SESSION *s1, *s2; s1 = ssl_session_from_file(TMP_SESS_FILE); fail_unless(!!s1, "creating session failed"); fail_unless(ssl_session_is_valid(s1), "session invalid"); fail_unless(s1->references == 1, "refcount != 1"); cachemgr_dsess_set((struct sockaddr*)&addr, addrlen, sni, s1); fail_unless(s1->references == 1, "refcount != 1"); s2 = cachemgr_dsess_get((struct sockaddr*)&addr, addrlen, sni); fail_unless(s1->references == 1, "refcount != 1"); fail_unless(!!s2, "cache returned no session"); fail_unless(s2->references == 1, "refcount != 1"); cachemgr_dsess_set((struct sockaddr*)&addr, addrlen, sni, s1); fail_unless(s1->references == 1, "refcount != 1"); cachemgr_dsess_del((struct sockaddr*)&addr, addrlen, sni); fail_unless(s1->references == 1, "refcount != 1"); cachemgr_dsess_set((struct sockaddr*)&addr, addrlen, sni, s1); fail_unless(s1->references == 1, "refcount != 1"); SSL_SESSION_free(s1); SSL_SESSION_free(s2); }
void ssl3_free(SSL *ssl) { if (ssl == NULL || ssl->s3 == NULL) { return; } ssl3_cleanup_key_block(ssl); ssl_read_buffer_clear(ssl); ssl_write_buffer_clear(ssl); SSL_ECDH_CTX_cleanup(&ssl->s3->tmp.ecdh_ctx); OPENSSL_free(ssl->s3->tmp.peer_key); OPENSSL_free(ssl->s3->tmp.server_params); sk_X509_NAME_pop_free(ssl->s3->tmp.ca_names, X509_NAME_free); OPENSSL_free(ssl->s3->tmp.certificate_types); OPENSSL_free(ssl->s3->tmp.peer_supported_group_list); OPENSSL_free(ssl->s3->tmp.peer_psk_identity_hint); SSL_SESSION_free(ssl->s3->new_session); SSL_SESSION_free(ssl->s3->established_session); ssl3_free_handshake_buffer(ssl); ssl3_free_handshake_hash(ssl); ssl_handshake_free(ssl->s3->hs); OPENSSL_free(ssl->s3->next_proto_negotiated); OPENSSL_free(ssl->s3->alpn_selected); SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx); SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx); OPENSSL_free(ssl->s3->pending_message); OPENSSL_cleanse(ssl->s3, sizeof *ssl->s3); OPENSSL_free(ssl->s3); ssl->s3 = NULL; }
int ssl_get_new_session(SSL *s, int session) { /* This gets used by clients and servers. */ SSL_SESSION *ss = NULL; if ((ss = SSL_SESSION_new()) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); return 0; } /* If the context has a default timeout, use it */ if (s->session_ctx->session_timeout == 0) ss->timeout = SSL_get_default_timeout(s); else ss->timeout = s->session_ctx->session_timeout; SSL_SESSION_free(s->session); s->session = NULL; if (session) { if (!ssl_generate_session_id(s, ss)) { /* SSLfatal() already called */ SSL_SESSION_free(ss); return 0; } if (s->ext.hostname) { ss->ext.hostname = OPENSSL_strdup(s->ext.hostname); if (ss->ext.hostname == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; } } } else { ss->session_id_length = 0; } if (s->sid_ctx_length > sizeof ss->sid_ctx) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; } memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length); ss->sid_ctx_length = s->sid_ctx_length; s->session = ss; ss->ssl_version = s->version; ss->verify_result = X509_V_OK; /* If client supports extended master secret set it in session */ if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) ss->flags |= SSL_SESS_FLAG_EXTMS; return 1; }
int ssl_get_new_session(SSL *ssl, int is_server) { if (ssl->mode & SSL_MODE_NO_SESSION_CREATION) { OPENSSL_PUT_ERROR(SSL, SSL_R_SESSION_MAY_NOT_BE_CREATED); return 0; } SSL_SESSION *session = SSL_SESSION_new(); if (session == NULL) { return 0; } /* If the context has a default timeout, use it over the default. */ if (ssl->initial_ctx->session_timeout != 0) { session->timeout = ssl->initial_ctx->session_timeout; } session->ssl_version = ssl->version; if (is_server) { if (ssl->tlsext_ticket_expected) { /* Don't set session IDs for sessions resumed with tickets. This will keep * them out of the session cache. */ session->session_id_length = 0; } else { session->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; if (!RAND_bytes(session->session_id, session->session_id_length)) { goto err; } } if (ssl->tlsext_hostname != NULL) { session->tlsext_hostname = BUF_strdup(ssl->tlsext_hostname); if (session->tlsext_hostname == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; } } } else { session->session_id_length = 0; } if (ssl->sid_ctx_length > sizeof(session->sid_ctx)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); goto err; } memcpy(session->sid_ctx, ssl->sid_ctx, ssl->sid_ctx_length); session->sid_ctx_length = ssl->sid_ctx_length; session->verify_result = X509_V_OK; SSL_SESSION_free(ssl->session); ssl->session = session; return 1; err: SSL_SESSION_free(session); return 0; }
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) { int ret = 0; SSL_SESSION *s; /* add just 1 reference count for the SSL_CTX's session cache even though it * has two ways of access: each session is in a doubly linked list and an * lhash */ SSL_SESSION_up_ref(c); /* if session c is in already in cache, we take back the increment later */ CRYPTO_MUTEX_lock_write(&ctx->lock); if (!lh_SSL_SESSION_insert(ctx->sessions, &s, c)) { CRYPTO_MUTEX_unlock(&ctx->lock); return 0; } /* s != NULL iff we already had a session with the given PID. In this case, s * == c should hold (then we did not really modify ctx->sessions), or we're * in trouble. */ if (s != NULL && s != c) { /* We *are* in trouble ... */ SSL_SESSION_list_remove(ctx, s); SSL_SESSION_free(s); /* ... so pretend the other session did not exist in cache (we cannot * handle two SSL_SESSION structures with identical session ID in the same * cache, which could happen e.g. when two threads concurrently obtain the * same session from an external cache) */ s = NULL; } /* Put at the head of the queue unless it is already in the cache */ if (s == NULL) { SSL_SESSION_list_add(ctx, c); } if (s != NULL) { /* existing cache entry -- decrement previously incremented reference count * because it already takes into account the cache */ SSL_SESSION_free(s); /* s == c */ ret = 0; } else { /* new cache entry -- remove old ones if cache has become too large */ ret = 1; if (SSL_CTX_sess_get_cache_size(ctx) > 0) { while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) { if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) { break; } } } } CRYPTO_MUTEX_unlock(&ctx->lock); return ret; }
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) { SSL_SESSION *r; int ret = 0; if ((c != NULL) && (c->session_id_length != 0)) { if (lck) CRYPTO_THREAD_write_lock(ctx->lock); if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) { ret = 1; r = lh_SSL_SESSION_delete(ctx->sessions, c); SSL_SESSION_list_remove(ctx, c); } c->not_resumable = 1; if (lck) CRYPTO_THREAD_unlock(ctx->lock); if (ret) SSL_SESSION_free(r); if (ctx->remove_session_cb != NULL) ctx->remove_session_cb(ctx, c); } else ret = 0; return (ret); }
static int ma_tls_session_cb(SSL *ssl, SSL_SESSION *session) { MYSQL *mysql; MA_SSL_SESSION *stored_session; int i; mysql= (MYSQL *)SSL_get_app_data(ssl); /* check if we already stored session key */ if ((stored_session= ma_tls_get_session(mysql))) { SSL_SESSION_free(stored_session->session); stored_session->session= session; return 1; } for (i=0; i < ma_tls_session_cache_size; i++) { if (!ma_tls_sessions[i].session) { ma_md4_hash(mysql->host, mysql->user, mysql->port, ma_tls_sessions[i].md4_hash); ma_tls_sessions[i].session= session; } return 1; } return 0; }
TLS_SOCKET_CLASS::~TLS_SOCKET_CLASS() // DESCRIPTION : Destructor. // PRECONDITIONS : // POSTCONDITIONS : // EXCEPTIONS : // NOTES : //<<=========================================================================== { // set this thread to the owner so the memory will get freed ownerThreadIdM = getThreadId(); // close the socket close(); // free any saved sessions if (savedClientSessionM_ptr != NULL) { SSL_SESSION_free(savedClientSessionM_ptr); } // free the CTX if (ctxM_ptr != NULL) { if (ctxM_ptr->references == 1) { // the ctx structure will be freed, delete the password memory delete [] (char*)ctxM_ptr->default_passwd_callback_userdata; } SSL_CTX_free(ctxM_ptr); // this will decrement the reference count and delete the structure if 0 } }
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lock) { SSL_SESSION *r; int ret = 0; if (c != NULL && c->session_id_length != 0) { if (lock) { CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); } r = lh_SSL_SESSION_retrieve(ctx->sessions, c); if (r == c) { ret = 1; r = lh_SSL_SESSION_delete(ctx->sessions, c); SSL_SESSION_list_remove(ctx, c); } if (lock) { CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); } if (ret) { r->not_resumable = 1; if (ctx->remove_session_cb != NULL) { ctx->remove_session_cb(ctx, r); } SSL_SESSION_free(r); } } return ret; }
HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx, SSL_CTX *resume_client_ctx, const SSL_TEST_CTX *test_ctx) { HANDSHAKE_RESULT *result; SSL_SESSION *session = NULL; result = do_handshake_internal(server_ctx, server2_ctx, client_ctx, test_ctx, NULL, &session); if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_SIMPLE) goto end; OPENSSL_assert(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME); if (result->result != SSL_TEST_SUCCESS) { result->result = SSL_TEST_FIRST_HANDSHAKE_FAILED; return result; } HANDSHAKE_RESULT_free(result); /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */ result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx, test_ctx, session, NULL); end: SSL_SESSION_free(session); return result; }
static int new_server_session_cb(SSL *ssl, SSL_SESSION *session) { const char *myname = "new_server_session_cb"; VSTRING *cache_id; TLS_SESS_STATE *TLScontext; VSTRING *session_data; if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0) msg_panic("%s: null TLScontext in new session callback", myname); GEN_CACHE_ID(cache_id, session->session_id, session->session_id_length, TLScontext->serverid); if (TLScontext->log_level >= 2) msg_info("%s: save session %s to %s cache", TLScontext->namaddr, STR(cache_id), TLScontext->cache_type); /* * Passivate and save the session state. */ session_data = tls_session_passivate(session); if (session_data) tls_mgr_update(TLScontext->cache_type, STR(cache_id), STR(session_data), LEN(session_data)); /* * Clean up. */ if (session_data) vstring_free(session_data); vstring_free(cache_id); SSL_SESSION_free(session); /* 200502 */ return (1); }
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) { SSL_SESSION *r; int ret = 0; if ((c != NULL) && (c->session_id_length != 0)) { if (lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); if ((r = lh_SSL_SESSION_retrieve(ctx->internal->sessions, c)) == c) { ret = 1; r = lh_SSL_SESSION_delete(ctx->internal->sessions, c); SSL_SESSION_list_remove(ctx, c); } if (lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); if (ret) { r->internal->not_resumable = 1; if (ctx->internal->remove_session_cb != NULL) ctx->internal->remove_session_cb(ctx, r); SSL_SESSION_free(r); } } else ret = 0; return (ret); }
void LocalSSLSessionCache::pruneSessionCallback(const string& sessionId, SSL_SESSION* session) { VLOG(4) << "Free SSL session from local cache; id=" << SSLUtil::hexlify(sessionId); SSL_SESSION_free(session); ++removedSessions_; }
static int new_client_session_cb(SSL *ssl, SSL_SESSION *session) { const char *myname = "new_client_session_cb"; TLS_SESS_STATE *TLScontext; VSTRING *session_data; /* * The cache name (if caching is enabled in tlsmgr(8)) and the cache ID * string for this session are stored in the TLScontext. It cannot be * null at this point. */ if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0) msg_panic("%s: null TLScontext in new session callback", myname); /* * We only get here if the cache_type is not empty. This callback is not * set unless caching is enabled and the cache_type is stored in the * server SSL context. */ if (TLScontext->cache_type == 0) msg_panic("%s: null session cache type in new session callback", myname); if (TLScontext->log_mask & TLS_LOG_CACHE) /* serverid already contains namaddrport information */ msg_info("save session %s to %s cache", TLScontext->serverid, TLScontext->cache_type); #if (OPENSSL_VERSION_NUMBER < 0x00906011L) || (OPENSSL_VERSION_NUMBER == 0x00907000L) /* * Ugly Hack: OpenSSL before 0.9.6a does not store the verify result in * sessions for the client side. We modify the session directly which is * version specific, but this bug is version specific, too. * * READ: 0-09-06-01-1 = 0-9-6-a-beta1: all versions before beta1 have this * bug, it has been fixed during development of 0.9.6a. The development * version of 0.9.7 can have this bug, too. It has been fixed on * 2000/11/29. */ session->verify_result = SSL_get_verify_result(TLScontext->con); #endif /* * Passivate and save the session object. Errors are non-fatal, since * caching is only an optimization. */ if ((session_data = tls_session_passivate(session)) != 0) { tls_mgr_update(TLScontext->cache_type, TLScontext->serverid, STR(session_data), LEN(session_data)); vstring_free(session_data); } /* * Clean up. */ SSL_SESSION_free(session); /* 200502 */ return (1); }
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *session, int lock) { int ret = 0; if (session != NULL && session->session_id_length != 0) { if (lock) { CRYPTO_MUTEX_lock_write(&ctx->lock); } SSL_SESSION *found_session = lh_SSL_SESSION_retrieve(ctx->sessions, session); if (found_session == session) { ret = 1; found_session = lh_SSL_SESSION_delete(ctx->sessions, session); SSL_SESSION_list_remove(ctx, session); } if (lock) { CRYPTO_MUTEX_unlock(&ctx->lock); } if (ret) { found_session->not_resumable = 1; if (ctx->remove_session_cb != NULL) { ctx->remove_session_cb(ctx, found_session); } SSL_SESSION_free(found_session); } } return ret; }
static void ssl_session_free( pn_ssl_session_t *ssn) { if (ssn) { if (ssn->id) free( (void *)ssn->id ); if (ssn->session) SSL_SESSION_free( ssn->session ); free( ssn ); } }
static SSL_SESSION *shmcb_subcache_retrieve(server_rec *s, SHMCBHeader *header, SHMCBSubcache *subcache, UCHAR *id, unsigned int idlen) { unsigned int pos; unsigned int loop = 0; /* If there are entries to expire, ditch them first. */ shmcb_subcache_expire(s, header, subcache); pos = subcache->idx_pos; while (loop < subcache->idx_used) { SHMCBIndex *idx = SHMCB_INDEX(subcache, pos); /* Only consider 'idx' if; * (a) the s_id2 byte matches * (b) the "removed" flag isn't set. */ if ((idx->s_id2 == id[1]) && !idx->removed) { SSL_SESSION *pSession; unsigned char *s_id; unsigned int s_idlen; unsigned char tempasn[SSL_SESSION_MAX_DER]; MODSSL_D2I_SSL_SESSION_CONST unsigned char *ptr = tempasn; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "possible match at idx=%d, data=%d", pos, idx->data_pos); /* Copy the data */ shmcb_cyclic_cton_memcpy(header->subcache_data_size, tempasn, SHMCB_DATA(header, subcache), idx->data_pos, idx->data_used); /* Decode the session */ pSession = d2i_SSL_SESSION(NULL, &ptr, idx->data_used); if (!pSession) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "shmcb_subcache_retrieve internal error"); return NULL; } s_id = SSL_SESSION_get_session_id(pSession); s_idlen = SSL_SESSION_get_session_id_length(pSession); if (s_idlen == idlen && memcmp(s_id, id, idlen) == 0) { /* Found the matching session */ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "shmcb_subcache_retrieve returning matching session"); return pSession; } SSL_SESSION_free(pSession); } /* Increment */ loop++; pos = SHMCB_CYCLIC_INCREMENT(pos, 1, header->index_num); } ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "shmcb_subcache_retrieve found no match"); return NULL; }
static BOOL shmcb_subcache_remove(server_rec *s, SHMCBHeader *header, SHMCBSubcache *subcache, UCHAR *id, unsigned int idlen) { unsigned int pos; unsigned int loop = 0; BOOL to_return = FALSE; /* Unlike the others, we don't do an expire-run first. This is to keep * consistent statistics where a "remove" operation may actually be the * higher layer spotting an expiry issue prior to us. Our caller is * handling stats, so a failure return would be inconsistent if the * intended session was in fact removed by an expiry run. */ pos = subcache->idx_pos; while (!to_return && (loop < subcache->idx_used)) { SHMCBIndex *idx = SHMCB_INDEX(subcache, pos); /* Only consider 'idx' if the s_id2 byte matches and it's not already * removed - easiest way to avoid costly ASN decodings. */ if ((idx->s_id2 == id[1]) && !idx->removed) { SSL_SESSION *pSession; unsigned char *s_id; unsigned int s_idlen; unsigned char tempasn[SSL_SESSION_MAX_DER]; MODSSL_D2I_SSL_SESSION_CONST unsigned char *ptr = tempasn; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "possible match at idx=%d, data=%d", pos, idx->data_pos); /* Copy the data */ shmcb_cyclic_cton_memcpy(header->subcache_data_size, tempasn, SHMCB_DATA(header, subcache), idx->data_pos, idx->data_used); /* Decode the session */ pSession = d2i_SSL_SESSION(NULL, &ptr, idx->data_used); if (!pSession) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "shmcb_subcache_remove internal error"); return FALSE; } s_id = SSL_SESSION_get_session_id(pSession); s_idlen = SSL_SESSION_get_session_id_length(pSession); if (s_idlen == idlen && memcmp(s_id, id, idlen) == 0) { /* Found the matching session, remove it quietly. */ idx->removed = 1; to_return = TRUE; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "shmcb_subcache_remove removing matching session"); } SSL_SESSION_free(pSession); } /* Increment */ loop++; pos = SHMCB_CYCLIC_INCREMENT(pos, 1, header->index_num); } return to_return; }
int SSL_set_session(SSL *s, SSL_SESSION *session) { int ret = 0; const SSL_METHOD *meth; if (session != NULL) { meth = s->ctx->method->internal->get_ssl_method(session->ssl_version); if (meth == NULL) meth = s->method->internal->get_ssl_method(session->ssl_version); if (meth == NULL) { SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); return (0); } if (meth != s->method) { if (!SSL_set_ssl_method(s, meth)) return (0); } /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); if (s->session != NULL) SSL_SESSION_free(s->session); s->session = session; s->verify_result = s->session->verify_result; /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ ret = 1; } else { if (s->session != NULL) { SSL_SESSION_free(s->session); s->session = NULL; } meth = s->ctx->method; if (meth != s->method) { if (!SSL_set_ssl_method(s, meth)) return (0); } ret = 1; } return (ret); }
void readSession(SSL *ssl, const char *filename) { FILE *fd = fopen(filename,"r"); CHECK(fd != NULL); // We can faff with d2i_SSL_SESSION() but this is easier. SSL_SESSION *session = PEM_read_SSL_SESSION(fd,NULL,0,NULL); CHECK(session != NULL); SSL_set_session(ssl, session); SSL_SESSION_free(session); // Decrement session refcount fclose(fd); }
void ssl_set_session(SSL *ssl, SSL_SESSION *session) { if (ssl->session == session) { return; } SSL_SESSION_free(ssl->session); ssl->session = session; if (session != NULL) { SSL_SESSION_up_ref(session); } }
static cache_val_t cachessess_unpackverify_val_cb(cache_val_t val, int copy) { dynbuf_t *valbuf = val; SSL_SESSION *sess; const unsigned char *p; p = (const unsigned char *)valbuf->buf; sess = d2i_SSL_SESSION(NULL, &p, valbuf->sz); /* increments p */ if (!sess) return NULL; if (!ssl_session_is_valid(sess)) { SSL_SESSION_free(sess); return NULL; } if (copy) return sess; SSL_SESSION_free(sess); return ((cache_val_t)!NULL); }
static void ma_tls_remove_session_cb(SSL_CTX* ctx, SSL_SESSION* session) { int i; for (i=0; i < ma_tls_session_cache_size; i++) if (session == ma_tls_sessions[i].session) { ma_tls_sessions[i].md4_hash[0]= 0; SSL_SESSION_free(ma_tls_sessions[i].session); ma_tls_sessions[i].session= NULL; } }
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session) { /* Although |session| is inserted into two structures (a doubly-linked list * and the hash table), |ctx| only takes one reference. */ SSL_SESSION_up_ref(session); SSL_SESSION *old_session; CRYPTO_MUTEX_lock_write(&ctx->lock); if (!lh_SSL_SESSION_insert(ctx->sessions, &old_session, session)) { CRYPTO_MUTEX_unlock(&ctx->lock); SSL_SESSION_free(session); return 0; } if (old_session != NULL) { if (old_session == session) { /* |session| was already in the cache. */ CRYPTO_MUTEX_unlock(&ctx->lock); SSL_SESSION_free(old_session); return 0; } /* There was a session ID collision. |old_session| must be removed from * the linked list and released. */ SSL_SESSION_list_remove(ctx, old_session); SSL_SESSION_free(old_session); } SSL_SESSION_list_add(ctx, session); /* Enforce any cache size limits. */ if (SSL_CTX_sess_get_cache_size(ctx) > 0) { while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) { if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) { break; } } } CRYPTO_MUTEX_unlock(&ctx->lock); return 1; }
int new_session_callback(SSL * ssl, SSL_SESSION * session){ connection * c = SSL_get_ex_data(ssl,ssl_data_index); if(c && c->cache){ if(c->cache->cached_session){ SSL_SESSION_free(c->cache->cached_session); //SSL_SESSION * session = c->cache->cached_session; //printf("free %p %ld %ld %d\n",session,SSL_SESSION_get_time(session), SSL_SESSION_get_timeout(session),session->references); c->cache->cached_session=NULL; } c->cache->cached_session=session; } return 1; }
static HB_GARBAGE_FUNC( SSL_SESSION_release ) { void ** ph = ( void ** ) Cargo; /* Check if pointer is not NULL to avoid multiple freeing */ if( ph && *ph ) { /* Destroy the object */ SSL_SESSION_free( ( SSL_SESSION * ) *ph ); /* set pointer to NULL just in case */ *ph = NULL; } }
SSLSession::Ptr SSLSocket::currentSession() { if (_sslAdapter._ssl) { SSL_SESSION* session = SSL_get1_session(_sslAdapter._ssl); if (session) { if (_session && session == _session->sslSession()) { SSL_SESSION_free(session); return _session; } else return std::make_shared<SSLSession>(session); // new SSLSession(session); } } return 0; }
int SSL_set_session(SSL *ssl, SSL_SESSION *session) { if (ssl->session == session) { return 1; } SSL_SESSION_free(ssl->session); ssl->session = session; if (session != NULL) { SSL_SESSION_up_ref(session); ssl->verify_result = session->verify_result; } return 1; }
END_TEST START_TEST(cache_dsess_02) { SSL_SESSION *s1, *s2; s1 = ssl_session_from_file(TMP_SESS_FILE); fail_unless(!!s1, "creating session failed"); fail_unless(ssl_session_is_valid(s1), "session invalid"); s2 = cachemgr_dsess_get((struct sockaddr*)&addr, addrlen, sni); fail_unless(s2 == NULL, "session was already in empty cache"); SSL_SESSION_free(s1); }