summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2015-03-08 16:48:49 +0000
committercvs2svn <admin@example.com>2015-03-08 16:48:49 +0000
commitdecf84ba5550c1656a7fdb51b5b81969590c3f03 (patch)
tree44872802e872bdfd60730fa9cf01d9d5751251c1 /src/lib/libssl/ssl_lib.c
parent7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427 (diff)
downloadopenbsd-libressl-v2.1.5.tar.gz
openbsd-libressl-v2.1.5.tar.bz2
openbsd-libressl-v2.1.5.zip
This commit was manufactured by cvs2git to create branch 'OPENBSD_5_7'.libressl-v2.1.5
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c3121
1 files changed, 0 insertions, 3121 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index d7b5283501..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,3121 +0,0 @@
1/* $OpenBSD: ssl_lib.c,v 1.101 2015/02/22 15:54:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#include <stdio.h>
144
145#include "ssl_locl.h"
146
147#include <openssl/bn.h>
148#include <openssl/dh.h>
149#include <openssl/lhash.h>
150#include <openssl/objects.h>
151#include <openssl/ocsp.h>
152#include <openssl/x509v3.h>
153
154#ifndef OPENSSL_NO_ENGINE
155#include <openssl/engine.h>
156#endif
157
158const char *SSL_version_str = OPENSSL_VERSION_TEXT;
159
160SSL3_ENC_METHOD ssl3_undef_enc_method = {
161 /*
162 * Evil casts, but these functions are only called if there's a
163 * library bug.
164 */
165 .enc = (int (*)(SSL *, int))ssl_undefined_function,
166 .mac = (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
167 .setup_key_block = ssl_undefined_function,
168 .generate_master_secret = (int (*)(SSL *, unsigned char *,
169 unsigned char *, int))ssl_undefined_function,
170 .change_cipher_state = (int (*)(SSL*, int))ssl_undefined_function,
171 .final_finish_mac = (int (*)(SSL *, const char*, int,
172 unsigned char *))ssl_undefined_function,
173 .finish_mac_length = 0,
174 .cert_verify_mac = (int (*)(SSL *, int,
175 unsigned char *))ssl_undefined_function,
176 .client_finished_label = NULL,
177 .client_finished_label_len = 0,
178 .server_finished_label = NULL,
179 .server_finished_label_len = 0,
180 .alert_value = (int (*)(int))ssl_undefined_function,
181 .export_keying_material = (int (*)(SSL *, unsigned char *, size_t,
182 const char *, size_t, const unsigned char *, size_t,
183 int use_context))ssl_undefined_function,
184 .enc_flags = 0,
185};
186
187int
188SSL_clear(SSL *s)
189{
190 if (s->method == NULL) {
191 SSLerr(SSL_F_SSL_CLEAR,
192 SSL_R_NO_METHOD_SPECIFIED);
193 return (0);
194 }
195
196 if (ssl_clear_bad_session(s)) {
197 SSL_SESSION_free(s->session);
198 s->session = NULL;
199 }
200
201 s->error = 0;
202 s->hit = 0;
203 s->shutdown = 0;
204
205 if (s->renegotiate) {
206 SSLerr(SSL_F_SSL_CLEAR,
207 ERR_R_INTERNAL_ERROR);
208 return (0);
209 }
210
211 s->type = 0;
212
213 s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
214
215 s->version = s->method->version;
216 s->client_version = s->version;
217 s->rwstate = SSL_NOTHING;
218 s->rstate = SSL_ST_READ_HEADER;
219
220 if (s->init_buf != NULL) {
221 BUF_MEM_free(s->init_buf);
222 s->init_buf = NULL;
223 }
224
225 ssl_clear_cipher_ctx(s);
226 ssl_clear_hash_ctx(&s->read_hash);
227 ssl_clear_hash_ctx(&s->write_hash);
228
229 s->first_packet = 0;
230
231 /*
232 * Check to see if we were changed into a different method, if
233 * so, revert back if we are not doing session-id reuse.
234 */
235 if (!s->in_handshake && (s->session == NULL) &&
236 (s->method != s->ctx->method)) {
237 s->method->ssl_free(s);
238 s->method = s->ctx->method;
239 if (!s->method->ssl_new(s))
240 return (0);
241 } else
242 s->method->ssl_clear(s);
243 return (1);
244}
245
246/* Used to change an SSL_CTXs default SSL method type */
247int
248SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
249{
250 STACK_OF(SSL_CIPHER) *sk;
251
252 ctx->method = meth;
253
254 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
255 &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
256 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
257 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
258 SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
259 return (0);
260 }
261 return (1);
262}
263
264SSL *
265SSL_new(SSL_CTX *ctx)
266{
267 SSL *s;
268
269 if (ctx == NULL) {
270 SSLerr(SSL_F_SSL_NEW,
271 SSL_R_NULL_SSL_CTX);
272 return (NULL);
273 }
274 if (ctx->method == NULL) {
275 SSLerr(SSL_F_SSL_NEW,
276 SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
277 return (NULL);
278 }
279
280 s = calloc(1, sizeof(SSL));
281 if (s == NULL)
282 goto err;
283
284
285 s->options = ctx->options;
286 s->mode = ctx->mode;
287 s->max_cert_list = ctx->max_cert_list;
288
289 if (ctx->cert != NULL) {
290 /*
291 * Earlier library versions used to copy the pointer to
292 * the CERT, not its contents; only when setting new
293 * parameters for the per-SSL copy, ssl_cert_new would be
294 * called (and the direct reference to the per-SSL_CTX
295 * settings would be lost, but those still were indirectly
296 * accessed for various purposes, and for that reason they
297 * used to be known as s->ctx->default_cert).
298 * Now we don't look at the SSL_CTX's CERT after having
299 * duplicated it once.
300 */
301 s->cert = ssl_cert_dup(ctx->cert);
302 if (s->cert == NULL)
303 goto err;
304 } else
305 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
306
307 s->read_ahead = ctx->read_ahead;
308 s->msg_callback = ctx->msg_callback;
309 s->msg_callback_arg = ctx->msg_callback_arg;
310 s->verify_mode = ctx->verify_mode;
311 s->sid_ctx_length = ctx->sid_ctx_length;
312 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
313 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
314 s->verify_callback = ctx->default_verify_callback;
315 s->generate_session_id = ctx->generate_session_id;
316
317 s->param = X509_VERIFY_PARAM_new();
318 if (!s->param)
319 goto err;
320 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
321 s->quiet_shutdown = ctx->quiet_shutdown;
322 s->max_send_fragment = ctx->max_send_fragment;
323
324 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
325 s->ctx = ctx;
326 s->tlsext_debug_cb = 0;
327 s->tlsext_debug_arg = NULL;
328 s->tlsext_ticket_expected = 0;
329 s->tlsext_status_type = -1;
330 s->tlsext_status_expected = 0;
331 s->tlsext_ocsp_ids = NULL;
332 s->tlsext_ocsp_exts = NULL;
333 s->tlsext_ocsp_resp = NULL;
334 s->tlsext_ocsp_resplen = -1;
335 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
336 s->initial_ctx = ctx;
337 s->next_proto_negotiated = NULL;
338
339 if (s->ctx->alpn_client_proto_list != NULL) {
340 s->alpn_client_proto_list =
341 malloc(s->ctx->alpn_client_proto_list_len);
342 if (s->alpn_client_proto_list == NULL)
343 goto err;
344 memcpy(s->alpn_client_proto_list,
345 s->ctx->alpn_client_proto_list,
346 s->ctx->alpn_client_proto_list_len);
347 s->alpn_client_proto_list_len =
348 s->ctx->alpn_client_proto_list_len;
349 }
350
351 s->verify_result = X509_V_OK;
352
353 s->method = ctx->method;
354
355 if (!s->method->ssl_new(s))
356 goto err;
357
358 s->references = 1;
359 s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
360
361 SSL_clear(s);
362
363 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
364
365
366 return (s);
367err:
368 if (s != NULL) {
369 if (s->cert != NULL)
370 ssl_cert_free(s->cert);
371 SSL_CTX_free(s->ctx); /* decrement reference count */
372 free(s);
373 }
374 SSLerr(SSL_F_SSL_NEW,
375 ERR_R_MALLOC_FAILURE);
376 return (NULL);
377}
378
379int
380SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
381 unsigned int sid_ctx_len)
382{
383 if (sid_ctx_len > sizeof ctx->sid_ctx) {
384 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
385 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
386 return (0);
387 }
388 ctx->sid_ctx_length = sid_ctx_len;
389 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
390
391 return (1);
392}
393
394int
395SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
396 unsigned int sid_ctx_len)
397{
398 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
399 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
400 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
401 return (0);
402 }
403 ssl->sid_ctx_length = sid_ctx_len;
404 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
405
406 return (1);
407}
408
409int
410SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
411{
412 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
413 ctx->generate_session_id = cb;
414 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
415 return (1);
416}
417
418int
419SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
420{
421 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
422 ssl->generate_session_id = cb;
423 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
424 return (1);
425}
426
427int
428SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
429 unsigned int id_len)
430{
431 /*
432 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
433 * shows how we can "construct" a session to give us the desired
434 * check - ie. to find if there's a session in the hash table
435 * that would conflict with any new session built out of this
436 * id/id_len and the ssl_version in use by this SSL.
437 */
438 SSL_SESSION r, *p;
439
440 if (id_len > sizeof r.session_id)
441 return (0);
442
443 r.ssl_version = ssl->version;
444 r.session_id_length = id_len;
445 memcpy(r.session_id, id, id_len);
446
447 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
448 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
449 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
450 return (p != NULL);
451}
452
453int
454SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
455{
456 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
457}
458
459int
460SSL_set_purpose(SSL *s, int purpose)
461{
462 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
463}
464
465int
466SSL_CTX_set_trust(SSL_CTX *s, int trust)
467{
468 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
469}
470
471int
472SSL_set_trust(SSL *s, int trust)
473{
474 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
475}
476
477int
478SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
479{
480 return (X509_VERIFY_PARAM_set1(ctx->param, vpm));
481}
482
483int
484SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
485{
486 return (X509_VERIFY_PARAM_set1(ssl->param, vpm));
487}
488
489void
490SSL_free(SSL *s)
491{
492 int i;
493
494 if (s == NULL)
495 return;
496
497 i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
498 if (i > 0)
499 return;
500
501 if (s->param)
502 X509_VERIFY_PARAM_free(s->param);
503
504 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
505
506 if (s->bbio != NULL) {
507 /* If the buffering BIO is in place, pop it off */
508 if (s->bbio == s->wbio) {
509 s->wbio = BIO_pop(s->wbio);
510 }
511 BIO_free(s->bbio);
512 s->bbio = NULL;
513 }
514 if (s->rbio != NULL)
515 BIO_free_all(s->rbio);
516 if ((s->wbio != NULL) && (s->wbio != s->rbio))
517 BIO_free_all(s->wbio);
518
519 if (s->init_buf != NULL)
520 BUF_MEM_free(s->init_buf);
521
522 /* add extra stuff */
523 if (s->cipher_list != NULL)
524 sk_SSL_CIPHER_free(s->cipher_list);
525 if (s->cipher_list_by_id != NULL)
526 sk_SSL_CIPHER_free(s->cipher_list_by_id);
527
528 /* Make the next call work :-) */
529 if (s->session != NULL) {
530 ssl_clear_bad_session(s);
531 SSL_SESSION_free(s->session);
532 }
533
534 ssl_clear_cipher_ctx(s);
535 ssl_clear_hash_ctx(&s->read_hash);
536 ssl_clear_hash_ctx(&s->write_hash);
537
538 if (s->cert != NULL)
539 ssl_cert_free(s->cert);
540 /* Free up if allocated */
541
542 free(s->tlsext_hostname);
543 SSL_CTX_free(s->initial_ctx);
544 free(s->tlsext_ecpointformatlist);
545 free(s->tlsext_ellipticcurvelist);
546 if (s->tlsext_ocsp_exts)
547 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
548 X509_EXTENSION_free);
549 if (s->tlsext_ocsp_ids)
550 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
551 free(s->tlsext_ocsp_resp);
552
553 if (s->client_CA != NULL)
554 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
555
556 if (s->method != NULL)
557 s->method->ssl_free(s);
558
559 SSL_CTX_free(s->ctx);
560
561
562 free(s->next_proto_negotiated);
563 free(s->alpn_client_proto_list);
564
565#ifndef OPENSSL_NO_SRTP
566 if (s->srtp_profiles)
567 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
568#endif
569
570 free(s);
571}
572
573void
574SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
575{
576 /* If the output buffering BIO is still in place, remove it */
577 if (s->bbio != NULL) {
578 if (s->wbio == s->bbio) {
579 s->wbio = s->wbio->next_bio;
580 s->bbio->next_bio = NULL;
581 }
582 }
583 if ((s->rbio != NULL) && (s->rbio != rbio))
584 BIO_free_all(s->rbio);
585 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
586 BIO_free_all(s->wbio);
587 s->rbio = rbio;
588 s->wbio = wbio;
589}
590
591BIO *
592SSL_get_rbio(const SSL *s)
593{
594 return (s->rbio);
595}
596
597BIO *
598SSL_get_wbio(const SSL *s)
599{
600 return (s->wbio);
601}
602
603int
604SSL_get_fd(const SSL *s)
605{
606 return (SSL_get_rfd(s));
607}
608
609int
610SSL_get_rfd(const SSL *s)
611{
612 int ret = -1;
613 BIO *b, *r;
614
615 b = SSL_get_rbio(s);
616 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
617 if (r != NULL)
618 BIO_get_fd(r, &ret);
619 return (ret);
620}
621
622int
623SSL_get_wfd(const SSL *s)
624{
625 int ret = -1;
626 BIO *b, *r;
627
628 b = SSL_get_wbio(s);
629 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
630 if (r != NULL)
631 BIO_get_fd(r, &ret);
632 return (ret);
633}
634
635int
636SSL_set_fd(SSL *s, int fd)
637{
638 int ret = 0;
639 BIO *bio = NULL;
640
641 bio = BIO_new(BIO_s_socket());
642
643 if (bio == NULL) {
644 SSLerr(SSL_F_SSL_SET_FD,
645 ERR_R_BUF_LIB);
646 goto err;
647 }
648 BIO_set_fd(bio, fd, BIO_NOCLOSE);
649 SSL_set_bio(s, bio, bio);
650 ret = 1;
651err:
652 return (ret);
653}
654
655int
656SSL_set_wfd(SSL *s, int fd)
657{
658 int ret = 0;
659 BIO *bio = NULL;
660
661 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
662 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
663 bio = BIO_new(BIO_s_socket());
664
665 if (bio == NULL) {
666 SSLerr(SSL_F_SSL_SET_WFD,
667 ERR_R_BUF_LIB);
668 goto err;
669 }
670 BIO_set_fd(bio, fd, BIO_NOCLOSE);
671 SSL_set_bio(s, SSL_get_rbio(s), bio);
672 } else
673 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
674 ret = 1;
675err:
676 return (ret);
677}
678
679int
680SSL_set_rfd(SSL *s, int fd)
681{
682 int ret = 0;
683 BIO *bio = NULL;
684
685 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
686 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
687 bio = BIO_new(BIO_s_socket());
688
689 if (bio == NULL) {
690 SSLerr(SSL_F_SSL_SET_RFD,
691 ERR_R_BUF_LIB);
692 goto err;
693 }
694 BIO_set_fd(bio, fd, BIO_NOCLOSE);
695 SSL_set_bio(s, bio, SSL_get_wbio(s));
696 } else
697 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
698 ret = 1;
699err:
700 return (ret);
701}
702
703
704/* return length of latest Finished message we sent, copy to 'buf' */
705size_t
706SSL_get_finished(const SSL *s, void *buf, size_t count)
707{
708 size_t ret = 0;
709
710 if (s->s3 != NULL) {
711 ret = s->s3->tmp.finish_md_len;
712 if (count > ret)
713 count = ret;
714 memcpy(buf, s->s3->tmp.finish_md, count);
715 }
716 return (ret);
717}
718
719/* return length of latest Finished message we expected, copy to 'buf' */
720size_t
721SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
722{
723 size_t ret = 0;
724
725 if (s->s3 != NULL) {
726 ret = s->s3->tmp.peer_finish_md_len;
727 if (count > ret)
728 count = ret;
729 memcpy(buf, s->s3->tmp.peer_finish_md, count);
730 }
731 return (ret);
732}
733
734
735int
736SSL_get_verify_mode(const SSL *s)
737{
738 return (s->verify_mode);
739}
740
741int
742SSL_get_verify_depth(const SSL *s)
743{
744 return (X509_VERIFY_PARAM_get_depth(s->param));
745}
746
747int
748(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
749{
750 return (s->verify_callback);
751}
752
753int
754SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
755{
756 return (ctx->verify_mode);
757}
758
759int
760SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
761{
762 return (X509_VERIFY_PARAM_get_depth(ctx->param));
763}
764
765int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
766{
767 return (ctx->default_verify_callback);
768}
769
770void
771SSL_set_verify(SSL *s, int mode,
772 int (*callback)(int ok, X509_STORE_CTX *ctx))
773{
774 s->verify_mode = mode;
775 if (callback != NULL)
776 s->verify_callback = callback;
777}
778
779void
780SSL_set_verify_depth(SSL *s, int depth)
781{
782 X509_VERIFY_PARAM_set_depth(s->param, depth);
783}
784
785void
786SSL_set_read_ahead(SSL *s, int yes)
787{
788 s->read_ahead = yes;
789}
790
791int
792SSL_get_read_ahead(const SSL *s)
793{
794 return (s->read_ahead);
795}
796
797int
798SSL_pending(const SSL *s)
799{
800 /*
801 * SSL_pending cannot work properly if read-ahead is enabled
802 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
803 * and it is impossible to fix since SSL_pending cannot report
804 * errors that may be observed while scanning the new data.
805 * (Note that SSL_pending() is often used as a boolean value,
806 * so we'd better not return -1.)
807 */
808 return (s->method->ssl_pending(s));
809}
810
811X509 *
812SSL_get_peer_certificate(const SSL *s)
813{
814 X509 *r;
815
816 if ((s == NULL) || (s->session == NULL))
817 r = NULL;
818 else
819 r = s->session->peer;
820
821 if (r == NULL)
822 return (r);
823
824 CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509);
825
826 return (r);
827}
828
829STACK_OF(X509) *
830SSL_get_peer_cert_chain(const SSL *s)
831{
832 STACK_OF(X509) *r;
833
834 if ((s == NULL) || (s->session == NULL) ||
835 (s->session->sess_cert == NULL))
836 r = NULL;
837 else
838 r = s->session->sess_cert->cert_chain;
839
840 /*
841 * If we are a client, cert_chain includes the peer's own
842 * certificate;
843 * if we are a server, it does not.
844 */
845 return (r);
846}
847
848/*
849 * Now in theory, since the calling process own 't' it should be safe to
850 * modify. We need to be able to read f without being hassled
851 */
852void
853SSL_copy_session_id(SSL *t, const SSL *f)
854{
855 CERT *tmp;
856
857 /* Do we need to to SSL locking? */
858 SSL_set_session(t, SSL_get_session(f));
859
860 /*
861 * What if we are setup as SSLv2 but want to talk SSLv3 or
862 * vice-versa.
863 */
864 if (t->method != f->method) {
865 t->method->ssl_free(t); /* cleanup current */
866 t->method=f->method; /* change method */
867 t->method->ssl_new(t); /* setup new */
868 }
869
870 tmp = t->cert;
871 if (f->cert != NULL) {
872 CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
873 t->cert = f->cert;
874 } else
875 t->cert = NULL;
876 if (tmp != NULL)
877 ssl_cert_free(tmp);
878 SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
879}
880
881/* Fix this so it checks all the valid key/cert options */
882int
883SSL_CTX_check_private_key(const SSL_CTX *ctx)
884{
885 if ((ctx == NULL) || (ctx->cert == NULL) ||
886 (ctx->cert->key->x509 == NULL)) {
887 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
888 SSL_R_NO_CERTIFICATE_ASSIGNED);
889 return (0);
890 }
891 if (ctx->cert->key->privatekey == NULL) {
892 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
893 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
894 return (0);
895 }
896 return (X509_check_private_key(ctx->cert->key->x509,
897 ctx->cert->key->privatekey));
898}
899
900/* Fix this function so that it takes an optional type parameter */
901int
902SSL_check_private_key(const SSL *ssl)
903{
904 if (ssl == NULL) {
905 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
906 ERR_R_PASSED_NULL_PARAMETER);
907 return (0);
908 }
909 if (ssl->cert == NULL) {
910 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
911 SSL_R_NO_CERTIFICATE_ASSIGNED);
912 return (0);
913 }
914 if (ssl->cert->key->x509 == NULL) {
915 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
916 SSL_R_NO_CERTIFICATE_ASSIGNED);
917 return (0);
918 }
919 if (ssl->cert->key->privatekey == NULL) {
920 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
921 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
922 return (0);
923 }
924 return (X509_check_private_key(ssl->cert->key->x509,
925 ssl->cert->key->privatekey));
926}
927
928int
929SSL_accept(SSL *s)
930{
931 if (s->handshake_func == 0)
932 SSL_set_accept_state(s); /* Not properly initialized yet */
933
934 return (s->method->ssl_accept(s));
935}
936
937int
938SSL_connect(SSL *s)
939{
940 if (s->handshake_func == 0)
941 SSL_set_connect_state(s); /* Not properly initialized yet */
942
943 return (s->method->ssl_connect(s));
944}
945
946long
947SSL_get_default_timeout(const SSL *s)
948{
949 return (s->method->get_timeout());
950}
951
952int
953SSL_read(SSL *s, void *buf, int num)
954{
955 if (s->handshake_func == 0) {
956 SSLerr(SSL_F_SSL_READ,
957 SSL_R_UNINITIALIZED);
958 return (-1);
959 }
960
961 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
962 s->rwstate = SSL_NOTHING;
963 return (0);
964 }
965 return (s->method->ssl_read(s, buf, num));
966}
967
968int
969SSL_peek(SSL *s, void *buf, int num)
970{
971 if (s->handshake_func == 0) {
972 SSLerr(SSL_F_SSL_PEEK,
973 SSL_R_UNINITIALIZED);
974 return (-1);
975 }
976
977 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
978 return (0);
979 }
980 return (s->method->ssl_peek(s, buf, num));
981}
982
983int
984SSL_write(SSL *s, const void *buf, int num)
985{
986 if (s->handshake_func == 0) {
987 SSLerr(SSL_F_SSL_WRITE,
988 SSL_R_UNINITIALIZED);
989 return (-1);
990 }
991
992 if (s->shutdown & SSL_SENT_SHUTDOWN) {
993 s->rwstate = SSL_NOTHING;
994 SSLerr(SSL_F_SSL_WRITE,
995 SSL_R_PROTOCOL_IS_SHUTDOWN);
996 return (-1);
997 }
998 return (s->method->ssl_write(s, buf, num));
999}
1000
1001int
1002SSL_shutdown(SSL *s)
1003{
1004 /*
1005 * Note that this function behaves differently from what one might
1006 * expect. Return values are 0 for no success (yet),
1007 * 1 for success; but calling it once is usually not enough,
1008 * even if blocking I/O is used (see ssl3_shutdown).
1009 */
1010
1011 if (s->handshake_func == 0) {
1012 SSLerr(SSL_F_SSL_SHUTDOWN,
1013 SSL_R_UNINITIALIZED);
1014 return (-1);
1015 }
1016
1017 if ((s != NULL) && !SSL_in_init(s))
1018 return (s->method->ssl_shutdown(s));
1019 else
1020 return (1);
1021}
1022
1023int
1024SSL_renegotiate(SSL *s)
1025{
1026 if (s->renegotiate == 0)
1027 s->renegotiate = 1;
1028
1029 s->new_session = 1;
1030
1031 return (s->method->ssl_renegotiate(s));
1032}
1033
1034int
1035SSL_renegotiate_abbreviated(SSL *s)
1036{
1037 if (s->renegotiate == 0)
1038 s->renegotiate = 1;
1039
1040 s->new_session = 0;
1041
1042 return (s->method->ssl_renegotiate(s));
1043}
1044
1045int
1046SSL_renegotiate_pending(SSL *s)
1047{
1048 /*
1049 * Becomes true when negotiation is requested;
1050 * false again once a handshake has finished.
1051 */
1052 return (s->renegotiate != 0);
1053}
1054
1055long
1056SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1057{
1058 long l;
1059
1060 switch (cmd) {
1061 case SSL_CTRL_GET_READ_AHEAD:
1062 return (s->read_ahead);
1063 case SSL_CTRL_SET_READ_AHEAD:
1064 l = s->read_ahead;
1065 s->read_ahead = larg;
1066 return (l);
1067
1068 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1069 s->msg_callback_arg = parg;
1070 return (1);
1071
1072 case SSL_CTRL_OPTIONS:
1073 return (s->options|=larg);
1074 case SSL_CTRL_CLEAR_OPTIONS:
1075 return (s->options&=~larg);
1076 case SSL_CTRL_MODE:
1077 return (s->mode|=larg);
1078 case SSL_CTRL_CLEAR_MODE:
1079 return (s->mode &=~larg);
1080 case SSL_CTRL_GET_MAX_CERT_LIST:
1081 return (s->max_cert_list);
1082 case SSL_CTRL_SET_MAX_CERT_LIST:
1083 l = s->max_cert_list;
1084 s->max_cert_list = larg;
1085 return (l);
1086 case SSL_CTRL_SET_MTU:
1087#ifndef OPENSSL_NO_DTLS1
1088 if (larg < (long)dtls1_min_mtu())
1089 return (0);
1090#endif
1091 if (SSL_IS_DTLS(s)) {
1092 s->d1->mtu = larg;
1093 return (larg);
1094 }
1095 return (0);
1096 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1097 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1098 return (0);
1099 s->max_send_fragment = larg;
1100 return (1);
1101 case SSL_CTRL_GET_RI_SUPPORT:
1102 if (s->s3)
1103 return (s->s3->send_connection_binding);
1104 else return (0);
1105 default:
1106 return (s->method->ssl_ctrl(s, cmd, larg, parg));
1107 }
1108}
1109
1110long
1111SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1112{
1113 switch (cmd) {
1114 case SSL_CTRL_SET_MSG_CALLBACK:
1115 s->msg_callback = (void (*)(int write_p, int version,
1116 int content_type, const void *buf, size_t len,
1117 SSL *ssl, void *arg))(fp);
1118 return (1);
1119
1120 default:
1121 return (s->method->ssl_callback_ctrl(s, cmd, fp));
1122 }
1123}
1124
1125LHASH_OF(SSL_SESSION) *
1126SSL_CTX_sessions(SSL_CTX *ctx)
1127{
1128 return (ctx->sessions);
1129}
1130
1131long
1132SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1133{
1134 long l;
1135
1136 switch (cmd) {
1137 case SSL_CTRL_GET_READ_AHEAD:
1138 return (ctx->read_ahead);
1139 case SSL_CTRL_SET_READ_AHEAD:
1140 l = ctx->read_ahead;
1141 ctx->read_ahead = larg;
1142 return (l);
1143
1144 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1145 ctx->msg_callback_arg = parg;
1146 return (1);
1147
1148 case SSL_CTRL_GET_MAX_CERT_LIST:
1149 return (ctx->max_cert_list);
1150 case SSL_CTRL_SET_MAX_CERT_LIST:
1151 l = ctx->max_cert_list;
1152 ctx->max_cert_list = larg;
1153 return (l);
1154
1155 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1156 l = ctx->session_cache_size;
1157 ctx->session_cache_size = larg;
1158 return (l);
1159 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1160 return (ctx->session_cache_size);
1161 case SSL_CTRL_SET_SESS_CACHE_MODE:
1162 l = ctx->session_cache_mode;
1163 ctx->session_cache_mode = larg;
1164 return (l);
1165 case SSL_CTRL_GET_SESS_CACHE_MODE:
1166 return (ctx->session_cache_mode);
1167
1168 case SSL_CTRL_SESS_NUMBER:
1169 return (lh_SSL_SESSION_num_items(ctx->sessions));
1170 case SSL_CTRL_SESS_CONNECT:
1171 return (ctx->stats.sess_connect);
1172 case SSL_CTRL_SESS_CONNECT_GOOD:
1173 return (ctx->stats.sess_connect_good);
1174 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1175 return (ctx->stats.sess_connect_renegotiate);
1176 case SSL_CTRL_SESS_ACCEPT:
1177 return (ctx->stats.sess_accept);
1178 case SSL_CTRL_SESS_ACCEPT_GOOD:
1179 return (ctx->stats.sess_accept_good);
1180 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1181 return (ctx->stats.sess_accept_renegotiate);
1182 case SSL_CTRL_SESS_HIT:
1183 return (ctx->stats.sess_hit);
1184 case SSL_CTRL_SESS_CB_HIT:
1185 return (ctx->stats.sess_cb_hit);
1186 case SSL_CTRL_SESS_MISSES:
1187 return (ctx->stats.sess_miss);
1188 case SSL_CTRL_SESS_TIMEOUTS:
1189 return (ctx->stats.sess_timeout);
1190 case SSL_CTRL_SESS_CACHE_FULL:
1191 return (ctx->stats.sess_cache_full);
1192 case SSL_CTRL_OPTIONS:
1193 return (ctx->options|=larg);
1194 case SSL_CTRL_CLEAR_OPTIONS:
1195 return (ctx->options&=~larg);
1196 case SSL_CTRL_MODE:
1197 return (ctx->mode|=larg);
1198 case SSL_CTRL_CLEAR_MODE:
1199 return (ctx->mode&=~larg);
1200 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1201 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1202 return (0);
1203 ctx->max_send_fragment = larg;
1204 return (1);
1205 default:
1206 return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
1207 }
1208}
1209
1210long
1211SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1212{
1213 switch (cmd) {
1214 case SSL_CTRL_SET_MSG_CALLBACK:
1215 ctx->msg_callback = (void (*)(int write_p, int version,
1216 int content_type, const void *buf, size_t len, SSL *ssl,
1217 void *arg))(fp);
1218 return (1);
1219
1220 default:
1221 return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
1222 }
1223}
1224
1225int
1226ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1227{
1228 long l;
1229
1230 l = a->id - b->id;
1231 if (l == 0L)
1232 return (0);
1233 else
1234 return ((l > 0) ? 1:-1);
1235}
1236
1237int
1238ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1239 const SSL_CIPHER * const *bp)
1240{
1241 long l;
1242
1243 l = (*ap)->id - (*bp)->id;
1244 if (l == 0L)
1245 return (0);
1246 else
1247 return ((l > 0) ? 1:-1);
1248}
1249
1250/*
1251 * Return a STACK of the ciphers available for the SSL and in order of
1252 * preference.
1253 */
1254STACK_OF(SSL_CIPHER) *
1255SSL_get_ciphers(const SSL *s)
1256{
1257 if (s != NULL) {
1258 if (s->cipher_list != NULL) {
1259 return (s->cipher_list);
1260 } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
1261 return (s->ctx->cipher_list);
1262 }
1263 }
1264 return (NULL);
1265}
1266
1267/*
1268 * Return a STACK of the ciphers available for the SSL and in order of
1269 * algorithm id.
1270 */
1271STACK_OF(SSL_CIPHER) *
1272ssl_get_ciphers_by_id(SSL *s)
1273{
1274 if (s != NULL) {
1275 if (s->cipher_list_by_id != NULL) {
1276 return (s->cipher_list_by_id);
1277 } else if ((s->ctx != NULL) &&
1278 (s->ctx->cipher_list_by_id != NULL)) {
1279 return (s->ctx->cipher_list_by_id);
1280 }
1281 }
1282 return (NULL);
1283}
1284
1285/* The old interface to get the same thing as SSL_get_ciphers(). */
1286const char *
1287SSL_get_cipher_list(const SSL *s, int n)
1288{
1289 SSL_CIPHER *c;
1290 STACK_OF(SSL_CIPHER) *sk;
1291
1292 if (s == NULL)
1293 return (NULL);
1294 sk = SSL_get_ciphers(s);
1295 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1296 return (NULL);
1297 c = sk_SSL_CIPHER_value(sk, n);
1298 if (c == NULL)
1299 return (NULL);
1300 return (c->name);
1301}
1302
1303/* Specify the ciphers to be used by default by the SSL_CTX. */
1304int
1305SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1306{
1307 STACK_OF(SSL_CIPHER) *sk;
1308
1309 sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1310 &ctx->cipher_list_by_id, str);
1311 /*
1312 * ssl_create_cipher_list may return an empty stack if it
1313 * was unable to find a cipher matching the given rule string
1314 * (for example if the rule string specifies a cipher which
1315 * has been disabled). This is not an error as far as
1316 * ssl_create_cipher_list is concerned, and hence
1317 * ctx->cipher_list and ctx->cipher_list_by_id has been
1318 * updated.
1319 */
1320 if (sk == NULL)
1321 return (0);
1322 else if (sk_SSL_CIPHER_num(sk) == 0) {
1323 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST,
1324 SSL_R_NO_CIPHER_MATCH);
1325 return (0);
1326 }
1327 return (1);
1328}
1329
1330/* Specify the ciphers to be used by the SSL. */
1331int
1332SSL_set_cipher_list(SSL *s, const char *str)
1333{
1334 STACK_OF(SSL_CIPHER) *sk;
1335
1336 sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1337 &s->cipher_list_by_id, str);
1338 /* see comment in SSL_CTX_set_cipher_list */
1339 if (sk == NULL)
1340 return (0);
1341 else if (sk_SSL_CIPHER_num(sk) == 0) {
1342 SSLerr(SSL_F_SSL_SET_CIPHER_LIST,
1343 SSL_R_NO_CIPHER_MATCH);
1344 return (0);
1345 }
1346 return (1);
1347}
1348
1349/* works well for SSLv2, not so good for SSLv3 */
1350char *
1351SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1352{
1353 char *end;
1354 STACK_OF(SSL_CIPHER) *sk;
1355 SSL_CIPHER *c;
1356 size_t curlen = 0;
1357 int i;
1358
1359 if (s->session == NULL || s->session->ciphers == NULL || len < 2)
1360 return (NULL);
1361
1362 sk = s->session->ciphers;
1363 if (sk_SSL_CIPHER_num(sk) == 0)
1364 return (NULL);
1365
1366 buf[0] = '\0';
1367 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1368 c = sk_SSL_CIPHER_value(sk, i);
1369 end = buf + curlen;
1370 if (strlcat(buf, c->name, len) >= len ||
1371 (curlen = strlcat(buf, ":", len)) >= len) {
1372 /* remove truncated cipher from list */
1373 *end = '\0';
1374 break;
1375 }
1376 }
1377 /* remove trailing colon */
1378 if ((end = strrchr(buf, ':')) != NULL)
1379 *end = '\0';
1380 return (buf);
1381}
1382
1383int
1384ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
1385{
1386 int i;
1387 SSL_CIPHER *c;
1388 unsigned char *q;
1389
1390 if (sk == NULL)
1391 return (0);
1392 q = p;
1393
1394 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1395 c = sk_SSL_CIPHER_value(sk, i);
1396
1397 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1398 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
1399 (TLS1_get_client_version(s) < TLS1_2_VERSION))
1400 continue;
1401
1402 s2n(ssl3_cipher_get_value(c), p);
1403 }
1404
1405 /*
1406 * If p == q, no ciphers and caller indicates an error. Otherwise
1407 * add SCSV if not renegotiating.
1408 */
1409 if (p != q && !s->renegotiate)
1410 s2n(SSL3_CK_SCSV & SSL3_CK_VALUE_MASK, p);
1411
1412 return (p - q);
1413}
1414
1415STACK_OF(SSL_CIPHER) *
1416ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1417 STACK_OF(SSL_CIPHER) **skp)
1418{
1419 const SSL_CIPHER *c;
1420 STACK_OF(SSL_CIPHER) *sk;
1421 int i;
1422 unsigned long cipher_id;
1423 uint16_t cipher_value;
1424 uint16_t max_version;
1425
1426 if (s->s3)
1427 s->s3->send_connection_binding = 0;
1428
1429 if ((num % SSL3_CIPHER_VALUE_SIZE) != 0) {
1430 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1431 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1432 return (NULL);
1433 }
1434 if (skp == NULL || *skp == NULL) {
1435 sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */
1436 if (sk == NULL)
1437 goto err;
1438 } else {
1439 sk = *skp;
1440 sk_SSL_CIPHER_zero(sk);
1441 }
1442
1443 for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {
1444 n2s(p, cipher_value);
1445 cipher_id = SSL3_CK_ID | cipher_value;
1446
1447 if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) {
1448 /*
1449 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if
1450 * renegotiating.
1451 */
1452 if (s->renegotiate) {
1453 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1454 SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1455 ssl3_send_alert(s, SSL3_AL_FATAL,
1456 SSL_AD_HANDSHAKE_FAILURE);
1457
1458 goto err;
1459 }
1460 s->s3->send_connection_binding = 1;
1461 continue;
1462 }
1463
1464 if (cipher_id == SSL3_CK_FALLBACK_SCSV) {
1465 /*
1466 * TLS_FALLBACK_SCSV indicates that the client
1467 * previously tried a higher protocol version.
1468 * Fail if the current version is an unexpected
1469 * downgrade.
1470 */
1471 max_version = ssl_max_server_version(s);
1472 if (max_version == 0 || s->version < max_version) {
1473 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1474 SSL_R_INAPPROPRIATE_FALLBACK);
1475 if (s->s3 != NULL)
1476 ssl3_send_alert(s, SSL3_AL_FATAL,
1477 SSL_AD_INAPPROPRIATE_FALLBACK);
1478 goto err;
1479 }
1480 continue;
1481 }
1482
1483 if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
1484 if (!sk_SSL_CIPHER_push(sk, c)) {
1485 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1486 ERR_R_MALLOC_FAILURE);
1487 goto err;
1488 }
1489 }
1490 }
1491
1492 if (skp != NULL)
1493 *skp = sk;
1494 return (sk);
1495
1496err:
1497 if (skp == NULL || *skp == NULL)
1498 sk_SSL_CIPHER_free(sk);
1499 return (NULL);
1500}
1501
1502
1503/*
1504 * Return a servername extension value if provided in Client Hello, or NULL.
1505 * So far, only host_name types are defined (RFC 3546).
1506 */
1507const char *
1508SSL_get_servername(const SSL *s, const int type)
1509{
1510 if (type != TLSEXT_NAMETYPE_host_name)
1511 return (NULL);
1512
1513 return (s->session && !s->tlsext_hostname ?
1514 s->session->tlsext_hostname :
1515 s->tlsext_hostname);
1516}
1517
1518int
1519SSL_get_servername_type(const SSL *s)
1520{
1521 if (s->session &&
1522 (!s->tlsext_hostname ?
1523 s->session->tlsext_hostname : s->tlsext_hostname))
1524 return (TLSEXT_NAMETYPE_host_name);
1525 return (-1);
1526}
1527
1528/*
1529 * SSL_select_next_proto implements the standard protocol selection. It is
1530 * expected that this function is called from the callback set by
1531 * SSL_CTX_set_next_proto_select_cb.
1532 *
1533 * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
1534 * strings. The length byte itself is not included in the length. A byte
1535 * string of length 0 is invalid. No byte string may be truncated.
1536 *
1537 * The current, but experimental algorithm for selecting the protocol is:
1538 *
1539 * 1) If the server doesn't support NPN then this is indicated to the
1540 * callback. In this case, the client application has to abort the connection
1541 * or have a default application level protocol.
1542 *
1543 * 2) If the server supports NPN, but advertises an empty list then the
1544 * client selects the first protcol in its list, but indicates via the
1545 * API that this fallback case was enacted.
1546 *
1547 * 3) Otherwise, the client finds the first protocol in the server's list
1548 * that it supports and selects this protocol. This is because it's
1549 * assumed that the server has better information about which protocol
1550 * a client should use.
1551 *
1552 * 4) If the client doesn't support any of the server's advertised
1553 * protocols, then this is treated the same as case 2.
1554 *
1555 * It returns either
1556 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1557 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1558 */
1559int
1560SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1561 const unsigned char *server, unsigned int server_len,
1562 const unsigned char *client, unsigned int client_len)
1563{
1564 unsigned int i, j;
1565 const unsigned char *result;
1566 int status = OPENSSL_NPN_UNSUPPORTED;
1567
1568 /*
1569 * For each protocol in server preference order,
1570 * see if we support it.
1571 */
1572 for (i = 0; i < server_len; ) {
1573 for (j = 0; j < client_len; ) {
1574 if (server[i] == client[j] &&
1575 memcmp(&server[i + 1],
1576 &client[j + 1], server[i]) == 0) {
1577 /* We found a match */
1578 result = &server[i];
1579 status = OPENSSL_NPN_NEGOTIATED;
1580 goto found;
1581 }
1582 j += client[j];
1583 j++;
1584 }
1585 i += server[i];
1586 i++;
1587 }
1588
1589 /* There's no overlap between our protocols and the server's list. */
1590 result = client;
1591 status = OPENSSL_NPN_NO_OVERLAP;
1592
1593found:
1594 *out = (unsigned char *) result + 1;
1595 *outlen = result[0];
1596 return (status);
1597}
1598
1599/*
1600 * SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
1601 * requested protocol for this connection and returns 0. If the client didn't
1602 * request any protocol, then *data is set to NULL.
1603 *
1604 * Note that the client can request any protocol it chooses. The value returned
1605 * from this function need not be a member of the list of supported protocols
1606 * provided by the callback.
1607 */
1608void
1609SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
1610 unsigned *len)
1611{
1612 *data = s->next_proto_negotiated;
1613 if (!*data) {
1614 *len = 0;
1615 } else {
1616 *len = s->next_proto_negotiated_len;
1617 }
1618}
1619
1620/*
1621 * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
1622 * TLS server needs a list of supported protocols for Next Protocol
1623 * Negotiation. The returned list must be in wire format. The list is returned
1624 * by setting |out| to point to it and |outlen| to its length. This memory will
1625 * not be modified, but one should assume that the SSL* keeps a reference to
1626 * it.
1627 *
1628 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise.
1629 * Otherwise, no such extension will be included in the ServerHello.
1630 */
1631void
1632SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
1633 const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1634{
1635 ctx->next_protos_advertised_cb = cb;
1636 ctx->next_protos_advertised_cb_arg = arg;
1637}
1638
1639/*
1640 * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
1641 * client needs to select a protocol from the server's provided list. |out|
1642 * must be set to point to the selected protocol (which may be within |in|).
1643 * The length of the protocol name must be written into |outlen|. The server's
1644 * advertised protocols are provided in |in| and |inlen|. The callback can
1645 * assume that |in| is syntactically valid.
1646 *
1647 * The client must select a protocol. It is fatal to the connection if this
1648 * callback returns a value other than SSL_TLSEXT_ERR_OK.
1649 */
1650void
1651SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1652 unsigned char **out, unsigned char *outlen, const unsigned char *in,
1653 unsigned int inlen, void *arg), void *arg)
1654{
1655 ctx->next_proto_select_cb = cb;
1656 ctx->next_proto_select_cb_arg = arg;
1657}
1658
1659/*
1660 * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
1661 * protocols, which must be in wire-format (i.e. a series of non-empty,
1662 * 8-bit length-prefixed strings). Returns 0 on success.
1663 */
1664int
1665SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
1666 unsigned int protos_len)
1667{
1668 free(ctx->alpn_client_proto_list);
1669 if ((ctx->alpn_client_proto_list = malloc(protos_len)) == NULL)
1670 return (1);
1671 memcpy(ctx->alpn_client_proto_list, protos, protos_len);
1672 ctx->alpn_client_proto_list_len = protos_len;
1673
1674 return (0);
1675}
1676
1677/*
1678 * SSL_set_alpn_protos sets the ALPN protocol list to the specified
1679 * protocols, which must be in wire-format (i.e. a series of non-empty,
1680 * 8-bit length-prefixed strings). Returns 0 on success.
1681 */
1682int
1683SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
1684 unsigned int protos_len)
1685{
1686 free(ssl->alpn_client_proto_list);
1687 if ((ssl->alpn_client_proto_list = malloc(protos_len)) == NULL)
1688 return (1);
1689 memcpy(ssl->alpn_client_proto_list, protos, protos_len);
1690 ssl->alpn_client_proto_list_len = protos_len;
1691
1692 return (0);
1693}
1694
1695/*
1696 * SSL_CTX_set_alpn_select_cb sets a callback function that is called during
1697 * ClientHello processing in order to select an ALPN protocol from the
1698 * client's list of offered protocols.
1699 */
1700void
1701SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
1702 int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
1703 const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1704{
1705 ctx->alpn_select_cb = cb;
1706 ctx->alpn_select_cb_arg = arg;
1707}
1708
1709/*
1710 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
1711 * it sets data to point to len bytes of protocol name (not including the
1712 * leading length-prefix byte). If the server didn't respond with* a negotiated
1713 * protocol then len will be zero.
1714 */
1715void
1716SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
1717 unsigned *len)
1718{
1719 *data = NULL;
1720 *len = 0;
1721
1722 if (ssl->s3 != NULL) {
1723 *data = ssl->s3->alpn_selected;
1724 *len = ssl->s3->alpn_selected_len;
1725 }
1726}
1727
1728int
1729SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1730 const char *label, size_t llen, const unsigned char *p, size_t plen,
1731 int use_context)
1732{
1733 if (s->version < TLS1_VERSION)
1734 return (-1);
1735
1736 return (s->method->ssl3_enc->export_keying_material(s, out, olen,
1737 label, llen, p, plen, use_context));
1738}
1739
1740static unsigned long
1741ssl_session_hash(const SSL_SESSION *a)
1742{
1743 unsigned long l;
1744
1745 l = (unsigned long)
1746 ((unsigned int) a->session_id[0] )|
1747 ((unsigned int) a->session_id[1]<< 8L)|
1748 ((unsigned long)a->session_id[2]<<16L)|
1749 ((unsigned long)a->session_id[3]<<24L);
1750 return (l);
1751}
1752
1753/*
1754 * NB: If this function (or indeed the hash function which uses a sort of
1755 * coarser function than this one) is changed, ensure
1756 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1757 * able to construct an SSL_SESSION that will collide with any existing session
1758 * with a matching session ID.
1759 */
1760static int
1761ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
1762{
1763 if (a->ssl_version != b->ssl_version)
1764 return (1);
1765 if (a->session_id_length != b->session_id_length)
1766 return (1);
1767 if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)
1768 return (1);
1769 return (0);
1770}
1771
1772/*
1773 * These wrapper functions should remain rather than redeclaring
1774 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1775 * variable. The reason is that the functions aren't static, they're exposed via
1776 * ssl.h.
1777 */
1778static
1779IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
1780static
1781IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
1782
1783SSL_CTX *
1784SSL_CTX_new(const SSL_METHOD *meth)
1785{
1786 SSL_CTX *ret = NULL;
1787
1788 if (meth == NULL) {
1789 SSLerr(SSL_F_SSL_CTX_NEW,
1790 SSL_R_NULL_SSL_METHOD_PASSED);
1791 return (NULL);
1792 }
1793
1794 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1795 SSLerr(SSL_F_SSL_CTX_NEW,
1796 SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1797 goto err;
1798 }
1799 ret = calloc(1, sizeof(SSL_CTX));
1800 if (ret == NULL)
1801 goto err;
1802
1803 ret->method = meth;
1804
1805 ret->cert_store = NULL;
1806 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
1807 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1808 ret->session_cache_head = NULL;
1809 ret->session_cache_tail = NULL;
1810
1811 /* We take the system default */
1812 ret->session_timeout = meth->get_timeout();
1813
1814 ret->new_session_cb = 0;
1815 ret->remove_session_cb = 0;
1816 ret->get_session_cb = 0;
1817 ret->generate_session_id = 0;
1818
1819 memset((char *)&ret->stats, 0, sizeof(ret->stats));
1820
1821 ret->references = 1;
1822 ret->quiet_shutdown = 0;
1823
1824 ret->info_callback = NULL;
1825
1826 ret->app_verify_callback = 0;
1827 ret->app_verify_arg = NULL;
1828
1829 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
1830 ret->read_ahead = 0;
1831 ret->msg_callback = 0;
1832 ret->msg_callback_arg = NULL;
1833 ret->verify_mode = SSL_VERIFY_NONE;
1834 ret->sid_ctx_length = 0;
1835 ret->default_verify_callback = NULL;
1836 if ((ret->cert = ssl_cert_new()) == NULL)
1837 goto err;
1838
1839 ret->default_passwd_callback = 0;
1840 ret->default_passwd_callback_userdata = NULL;
1841 ret->client_cert_cb = 0;
1842 ret->app_gen_cookie_cb = 0;
1843 ret->app_verify_cookie_cb = 0;
1844
1845 ret->sessions = lh_SSL_SESSION_new();
1846 if (ret->sessions == NULL)
1847 goto err;
1848 ret->cert_store = X509_STORE_new();
1849 if (ret->cert_store == NULL)
1850 goto err;
1851
1852 ssl_create_cipher_list(ret->method, &ret->cipher_list,
1853 &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
1854 if (ret->cipher_list == NULL ||
1855 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1856 SSLerr(SSL_F_SSL_CTX_NEW,
1857 SSL_R_LIBRARY_HAS_NO_CIPHERS);
1858 goto err2;
1859 }
1860
1861 ret->param = X509_VERIFY_PARAM_new();
1862 if (!ret->param)
1863 goto err;
1864
1865 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
1866 SSLerr(SSL_F_SSL_CTX_NEW,
1867 SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1868 goto err2;
1869 }
1870 if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
1871 SSLerr(SSL_F_SSL_CTX_NEW,
1872 SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1873 goto err2;
1874 }
1875
1876 if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
1877 goto err;
1878
1879 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1880
1881 ret->extra_certs = NULL;
1882
1883 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1884
1885 ret->tlsext_servername_callback = 0;
1886 ret->tlsext_servername_arg = NULL;
1887
1888 /* Setup RFC4507 ticket keys */
1889 arc4random_buf(ret->tlsext_tick_key_name, 16);
1890 arc4random_buf(ret->tlsext_tick_hmac_key, 16);
1891 arc4random_buf(ret->tlsext_tick_aes_key, 16);
1892
1893 ret->tlsext_status_cb = 0;
1894 ret->tlsext_status_arg = NULL;
1895
1896 ret->next_protos_advertised_cb = 0;
1897 ret->next_proto_select_cb = 0;
1898#ifndef OPENSSL_NO_ENGINE
1899 ret->client_cert_engine = NULL;
1900#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
1901#define eng_strx(x) #x
1902#define eng_str(x) eng_strx(x)
1903 /* Use specific client engine automatically... ignore errors */
1904 {
1905 ENGINE *eng;
1906 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1907 if (!eng) {
1908 ERR_clear_error();
1909 ENGINE_load_builtin_engines();
1910 eng = ENGINE_by_id(eng_str(
1911 OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1912 }
1913 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1914 ERR_clear_error();
1915 }
1916#endif
1917#endif
1918 /*
1919 * Default is to connect to non-RI servers. When RI is more widely
1920 * deployed might change this.
1921 */
1922 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1923
1924 /* Disable SSLv3 by default. */
1925 ret->options |= SSL_OP_NO_SSLv3;
1926
1927 return (ret);
1928err:
1929 SSLerr(SSL_F_SSL_CTX_NEW,
1930 ERR_R_MALLOC_FAILURE);
1931err2:
1932 SSL_CTX_free(ret);
1933 return (NULL);
1934}
1935
1936void
1937SSL_CTX_free(SSL_CTX *a)
1938{
1939 int i;
1940
1941 if (a == NULL)
1942 return;
1943
1944 i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX);
1945 if (i > 0)
1946 return;
1947
1948 if (a->param)
1949 X509_VERIFY_PARAM_free(a->param);
1950
1951 /*
1952 * Free internal session cache. However: the remove_cb() may reference
1953 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
1954 * after the sessions were flushed.
1955 * As the ex_data handling routines might also touch the session cache,
1956 * the most secure solution seems to be: empty (flush) the cache, then
1957 * free ex_data, then finally free the cache.
1958 * (See ticket [openssl.org #212].)
1959 */
1960 if (a->sessions != NULL)
1961 SSL_CTX_flush_sessions(a, 0);
1962
1963 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1964
1965 if (a->sessions != NULL)
1966 lh_SSL_SESSION_free(a->sessions);
1967
1968 if (a->cert_store != NULL)
1969 X509_STORE_free(a->cert_store);
1970 if (a->cipher_list != NULL)
1971 sk_SSL_CIPHER_free(a->cipher_list);
1972 if (a->cipher_list_by_id != NULL)
1973 sk_SSL_CIPHER_free(a->cipher_list_by_id);
1974 if (a->cert != NULL)
1975 ssl_cert_free(a->cert);
1976 if (a->client_CA != NULL)
1977 sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
1978 if (a->extra_certs != NULL)
1979 sk_X509_pop_free(a->extra_certs, X509_free);
1980
1981#ifndef OPENSSL_NO_SRTP
1982 if (a->srtp_profiles)
1983 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
1984#endif
1985
1986#ifndef OPENSSL_NO_ENGINE
1987 if (a->client_cert_engine)
1988 ENGINE_finish(a->client_cert_engine);
1989#endif
1990
1991 free(a->alpn_client_proto_list);
1992
1993 free(a);
1994}
1995
1996void
1997SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1998{
1999 ctx->default_passwd_callback = cb;
2000}
2001
2002void
2003SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
2004{
2005 ctx->default_passwd_callback_userdata = u;
2006}
2007
2008void
2009SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,
2010 void *), void *arg)
2011{
2012 ctx->app_verify_callback = cb;
2013 ctx->app_verify_arg = arg;
2014}
2015
2016void
2017SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
2018{
2019 ctx->verify_mode = mode;
2020 ctx->default_verify_callback = cb;
2021}
2022
2023void
2024SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
2025{
2026 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2027}
2028
2029void
2030ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2031{
2032 CERT_PKEY *cpk;
2033 int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
2034 unsigned long mask_k, mask_a;
2035 int have_ecc_cert, ecdh_ok, ecdsa_ok;
2036 int have_ecdh_tmp;
2037 X509 *x = NULL;
2038 EVP_PKEY *ecc_pkey = NULL;
2039 int signature_nid = 0, pk_nid = 0, md_nid = 0;
2040
2041 if (c == NULL)
2042 return;
2043
2044 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL ||
2045 c->dh_tmp_auto != 0);
2046
2047 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL ||
2048 c->ecdh_tmp_auto != 0);
2049 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
2050 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
2051 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
2052 rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
2053 cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
2054 dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
2055/* FIX THIS EAY EAY EAY */
2056 cpk = &(c->pkeys[SSL_PKEY_ECC]);
2057 have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
2058 mask_k = 0;
2059 mask_a = 0;
2060
2061 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2062 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
2063 mask_k |= SSL_kGOST;
2064 mask_a |= SSL_aGOST01;
2065 }
2066
2067 if (rsa_enc)
2068 mask_k|=SSL_kRSA;
2069
2070 if (dh_tmp)
2071 mask_k|=SSL_kDHE;
2072
2073 if (rsa_enc || rsa_sign)
2074 mask_a|=SSL_aRSA;
2075
2076 if (dsa_sign)
2077 mask_a|=SSL_aDSS;
2078
2079 mask_a|=SSL_aNULL;
2080
2081 /*
2082 * An ECC certificate may be usable for ECDH and/or
2083 * ECDSA cipher suites depending on the key usage extension.
2084 */
2085 if (have_ecc_cert) {
2086 /* This call populates extension flags (ex_flags) */
2087 x = (c->pkeys[SSL_PKEY_ECC]).x509;
2088 X509_check_purpose(x, -1, 0);
2089 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2090 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
2091 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2092 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
2093 ecc_pkey = X509_get_pubkey(x);
2094 EVP_PKEY_free(ecc_pkey);
2095 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2096 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2097 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2098 }
2099 if (ecdh_ok) {
2100 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
2101 mask_k|=SSL_kECDHr;
2102 mask_a|=SSL_aECDH;
2103 }
2104 if (pk_nid == NID_X9_62_id_ecPublicKey) {
2105 mask_k|=SSL_kECDHe;
2106 mask_a|=SSL_aECDH;
2107 }
2108 }
2109 if (ecdsa_ok)
2110 mask_a|=SSL_aECDSA;
2111 }
2112
2113 if (have_ecdh_tmp) {
2114 mask_k|=SSL_kECDHE;
2115 }
2116
2117
2118 c->mask_k = mask_k;
2119 c->mask_a = mask_a;
2120 c->valid = 1;
2121}
2122
2123/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
2124#define ku_reject(x, usage) \
2125 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
2126
2127
2128int
2129ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2130{
2131 unsigned long alg_k, alg_a;
2132 int signature_nid = 0, md_nid = 0, pk_nid = 0;
2133 const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
2134
2135 alg_k = cs->algorithm_mkey;
2136 alg_a = cs->algorithm_auth;
2137
2138 /* This call populates the ex_flags field correctly */
2139 X509_check_purpose(x, -1, 0);
2140 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2141 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2142 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2143 }
2144 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
2145 /* key usage, if present, must allow key agreement */
2146 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
2147 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2148 SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2149 return (0);
2150 }
2151 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) <
2152 TLS1_2_VERSION) {
2153 /* signature alg must be ECDSA */
2154 if (pk_nid != NID_X9_62_id_ecPublicKey) {
2155 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2156 SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2157 return (0);
2158 }
2159 }
2160 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) <
2161 TLS1_2_VERSION) {
2162 /* signature alg must be RSA */
2163 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
2164 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2165 SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2166 return (0);
2167 }
2168 }
2169 }
2170 if (alg_a & SSL_aECDSA) {
2171 /* key usage, if present, must allow signing */
2172 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
2173 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2174 SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2175 return (0);
2176 }
2177 }
2178
2179 return (1);
2180 /* all checks are ok */
2181}
2182
2183
2184/* THIS NEEDS CLEANING UP */
2185CERT_PKEY *
2186ssl_get_server_send_pkey(const SSL *s)
2187{
2188 unsigned long alg_k, alg_a;
2189 CERT *c;
2190 int i;
2191
2192 c = s->cert;
2193 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
2194
2195 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2196 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2197
2198 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
2199 /*
2200 * We don't need to look at SSL_kECDHE
2201 * since no certificate is needed for
2202 * anon ECDH and for authenticated
2203 * ECDHE, the check for the auth
2204 * algorithm will set i correctly
2205 * NOTE: For ECDH-RSA, we need an ECC
2206 * not an RSA cert but for EECDH-RSA
2207 * we need an RSA cert. Placing the
2208 * checks for SSL_kECDH before RSA
2209 * checks ensures the correct cert is chosen.
2210 */
2211 i = SSL_PKEY_ECC;
2212 } else if (alg_a & SSL_aECDSA) {
2213 i = SSL_PKEY_ECC;
2214 } else if (alg_a & SSL_aDSS) {
2215 i = SSL_PKEY_DSA_SIGN;
2216 } else if (alg_a & SSL_aRSA) {
2217 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
2218 i = SSL_PKEY_RSA_SIGN;
2219 else
2220 i = SSL_PKEY_RSA_ENC;
2221 } else if (alg_a & SSL_aGOST01) {
2222 i = SSL_PKEY_GOST01;
2223 } else { /* if (alg_a & SSL_aNULL) */
2224 SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR);
2225 return (NULL);
2226 }
2227
2228 return (c->pkeys + i);
2229}
2230
2231X509 *
2232ssl_get_server_send_cert(const SSL *s)
2233{
2234 CERT_PKEY *cpk;
2235
2236 cpk = ssl_get_server_send_pkey(s);
2237 if (!cpk)
2238 return (NULL);
2239 return (cpk->x509);
2240}
2241
2242EVP_PKEY *
2243ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
2244{
2245 unsigned long alg_a;
2246 CERT *c;
2247 int idx = -1;
2248
2249 alg_a = cipher->algorithm_auth;
2250 c = s->cert;
2251
2252 if ((alg_a & SSL_aDSS) &&
2253 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2254 idx = SSL_PKEY_DSA_SIGN;
2255 else if (alg_a & SSL_aRSA) {
2256 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2257 idx = SSL_PKEY_RSA_SIGN;
2258 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2259 idx = SSL_PKEY_RSA_ENC;
2260 } else if ((alg_a & SSL_aECDSA) &&
2261 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2262 idx = SSL_PKEY_ECC;
2263 if (idx == -1) {
2264 SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
2265 return (NULL);
2266 }
2267 if (pmd)
2268 *pmd = c->pkeys[idx].digest;
2269 return (c->pkeys[idx].privatekey);
2270}
2271
2272DH *
2273ssl_get_auto_dh(SSL *s)
2274{
2275 CERT_PKEY *cpk;
2276 int keylen;
2277 DH *dhp;
2278
2279 if (s->cert->dh_tmp_auto == 2) {
2280 keylen = 1024;
2281 } else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
2282 keylen = 1024;
2283 if (s->s3->tmp.new_cipher->strength_bits == 256)
2284 keylen = 3072;
2285 } else {
2286 if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
2287 return (NULL);
2288 if (cpk->privatekey == NULL || cpk->privatekey->pkey.dh == NULL)
2289 return (NULL);
2290 keylen = EVP_PKEY_bits(cpk->privatekey);
2291 }
2292
2293 if ((dhp = DH_new()) == NULL)
2294 return (NULL);
2295
2296 dhp->g = BN_new();
2297 if (dhp->g != NULL)
2298 BN_set_word(dhp->g, 2);
2299
2300 if (keylen >= 8192)
2301 dhp->p = get_rfc3526_prime_8192(NULL);
2302 else if (keylen >= 4096)
2303 dhp->p = get_rfc3526_prime_4096(NULL);
2304 else if (keylen >= 3072)
2305 dhp->p = get_rfc3526_prime_3072(NULL);
2306 else if (keylen >= 2048)
2307 dhp->p = get_rfc3526_prime_2048(NULL);
2308 else if (keylen >= 1536)
2309 dhp->p = get_rfc3526_prime_1536(NULL);
2310 else
2311 dhp->p = get_rfc2409_prime_1024(NULL);
2312
2313 if (dhp->p == NULL || dhp->g == NULL) {
2314 DH_free(dhp);
2315 return (NULL);
2316 }
2317 return (dhp);
2318}
2319
2320void
2321ssl_update_cache(SSL *s, int mode)
2322{
2323 int i;
2324
2325 /*
2326 * If the session_id_length is 0, we are not supposed to cache it,
2327 * and it would be rather hard to do anyway :-)
2328 */
2329 if (s->session->session_id_length == 0)
2330 return;
2331
2332 i = s->session_ctx->session_cache_mode;
2333 if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2334 || SSL_CTX_add_session(s->session_ctx, s->session))
2335 && (s->session_ctx->new_session_cb != NULL)) {
2336 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2337 if (!s->session_ctx->new_session_cb(s, s->session))
2338 SSL_SESSION_free(s->session);
2339 }
2340
2341 /* auto flush every 255 connections */
2342 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2343 ((i & mode) == mode)) {
2344 if ((((mode & SSL_SESS_CACHE_CLIENT) ?
2345 s->session_ctx->stats.sess_connect_good :
2346 s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
2347 SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
2348 }
2349 }
2350}
2351
2352const SSL_METHOD *
2353SSL_get_ssl_method(SSL *s)
2354{
2355 return (s->method);
2356}
2357
2358int
2359SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2360{
2361 int conn = -1;
2362 int ret = 1;
2363
2364 if (s->method != meth) {
2365 if (s->handshake_func != NULL)
2366 conn = (s->handshake_func == s->method->ssl_connect);
2367
2368 if (s->method->version == meth->version)
2369 s->method = meth;
2370 else {
2371 s->method->ssl_free(s);
2372 s->method = meth;
2373 ret = s->method->ssl_new(s);
2374 }
2375
2376 if (conn == 1)
2377 s->handshake_func = meth->ssl_connect;
2378 else if (conn == 0)
2379 s->handshake_func = meth->ssl_accept;
2380 }
2381 return (ret);
2382}
2383
2384int
2385SSL_get_error(const SSL *s, int i)
2386{
2387 int reason;
2388 unsigned long l;
2389 BIO *bio;
2390
2391 if (i > 0)
2392 return (SSL_ERROR_NONE);
2393
2394 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2395 * etc, where we do encode the error */
2396 if ((l = ERR_peek_error()) != 0) {
2397 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2398 return (SSL_ERROR_SYSCALL);
2399 else
2400 return (SSL_ERROR_SSL);
2401 }
2402
2403 if ((i < 0) && SSL_want_read(s)) {
2404 bio = SSL_get_rbio(s);
2405 if (BIO_should_read(bio)) {
2406 return (SSL_ERROR_WANT_READ);
2407 } else if (BIO_should_write(bio)) {
2408 /*
2409 * This one doesn't make too much sense... We never
2410 * try to write to the rbio, and an application
2411 * program where rbio and wbio are separate couldn't
2412 * even know what it should wait for. However if we
2413 * ever set s->rwstate incorrectly (so that we have
2414 * SSL_want_read(s) instead of SSL_want_write(s))
2415 * and rbio and wbio *are* the same, this test works
2416 * around that bug; so it might be safer to keep it.
2417 */
2418 return (SSL_ERROR_WANT_WRITE);
2419 } else if (BIO_should_io_special(bio)) {
2420 reason = BIO_get_retry_reason(bio);
2421 if (reason == BIO_RR_CONNECT)
2422 return (SSL_ERROR_WANT_CONNECT);
2423 else if (reason == BIO_RR_ACCEPT)
2424 return (SSL_ERROR_WANT_ACCEPT);
2425 else
2426 return (SSL_ERROR_SYSCALL); /* unknown */
2427 }
2428 }
2429
2430 if ((i < 0) && SSL_want_write(s)) {
2431 bio = SSL_get_wbio(s);
2432 if (BIO_should_write(bio)) {
2433 return (SSL_ERROR_WANT_WRITE);
2434 } else if (BIO_should_read(bio)) {
2435 /*
2436 * See above (SSL_want_read(s) with
2437 * BIO_should_write(bio))
2438 */
2439 return (SSL_ERROR_WANT_READ);
2440 } else if (BIO_should_io_special(bio)) {
2441 reason = BIO_get_retry_reason(bio);
2442 if (reason == BIO_RR_CONNECT)
2443 return (SSL_ERROR_WANT_CONNECT);
2444 else if (reason == BIO_RR_ACCEPT)
2445 return (SSL_ERROR_WANT_ACCEPT);
2446 else
2447 return (SSL_ERROR_SYSCALL);
2448 }
2449 }
2450 if ((i < 0) && SSL_want_x509_lookup(s)) {
2451 return (SSL_ERROR_WANT_X509_LOOKUP);
2452 }
2453
2454 if (i == 0) {
2455 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2456 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2457 return (SSL_ERROR_ZERO_RETURN);
2458 }
2459 return (SSL_ERROR_SYSCALL);
2460}
2461
2462int
2463SSL_do_handshake(SSL *s)
2464{
2465 int ret = 1;
2466
2467 if (s->handshake_func == NULL) {
2468 SSLerr(SSL_F_SSL_DO_HANDSHAKE,
2469 SSL_R_CONNECTION_TYPE_NOT_SET);
2470 return (-1);
2471 }
2472
2473 s->method->ssl_renegotiate_check(s);
2474
2475 if (SSL_in_init(s) || SSL_in_before(s)) {
2476 ret = s->handshake_func(s);
2477 }
2478 return (ret);
2479}
2480
2481/*
2482 * For the next 2 functions, SSL_clear() sets shutdown and so
2483 * one of these calls will reset it
2484 */
2485void
2486SSL_set_accept_state(SSL *s)
2487{
2488 s->server = 1;
2489 s->shutdown = 0;
2490 s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2491 s->handshake_func = s->method->ssl_accept;
2492 /* clear the current cipher */
2493 ssl_clear_cipher_ctx(s);
2494 ssl_clear_hash_ctx(&s->read_hash);
2495 ssl_clear_hash_ctx(&s->write_hash);
2496}
2497
2498void
2499SSL_set_connect_state(SSL *s)
2500{
2501 s->server = 0;
2502 s->shutdown = 0;
2503 s->state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2504 s->handshake_func = s->method->ssl_connect;
2505 /* clear the current cipher */
2506 ssl_clear_cipher_ctx(s);
2507 ssl_clear_hash_ctx(&s->read_hash);
2508 ssl_clear_hash_ctx(&s->write_hash);
2509}
2510
2511int
2512ssl_undefined_function(SSL *s)
2513{
2514 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,
2515 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2516 return (0);
2517}
2518
2519int
2520ssl_undefined_void_function(void)
2521{
2522 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
2523 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2524 return (0);
2525}
2526
2527int
2528ssl_undefined_const_function(const SSL *s)
2529{
2530 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,
2531 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2532 return (0);
2533}
2534
2535SSL_METHOD *
2536ssl_bad_method(int ver)
2537{
2538 SSLerr(SSL_F_SSL_BAD_METHOD,
2539 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2540 return (NULL);
2541}
2542
2543const char *
2544ssl_version_string(int ver)
2545{
2546 switch (ver) {
2547 case DTLS1_BAD_VER:
2548 return (SSL_TXT_DTLS1_BAD);
2549 case DTLS1_VERSION:
2550 return (SSL_TXT_DTLS1);
2551 case SSL3_VERSION:
2552 return (SSL_TXT_SSLV3);
2553 case TLS1_VERSION:
2554 return (SSL_TXT_TLSV1);
2555 case TLS1_1_VERSION:
2556 return (SSL_TXT_TLSV1_1);
2557 case TLS1_2_VERSION:
2558 return (SSL_TXT_TLSV1_2);
2559 default:
2560 return ("unknown");
2561 }
2562}
2563
2564const char *
2565SSL_get_version(const SSL *s)
2566{
2567 return ssl_version_string(s->version);
2568}
2569
2570uint16_t
2571ssl_max_server_version(SSL *s)
2572{
2573 uint16_t max_version;
2574
2575 /*
2576 * The SSL method will be changed during version negotiation, as such
2577 * we want to use the SSL method from the context.
2578 */
2579 max_version = s->ctx->method->version;
2580
2581 if (SSL_IS_DTLS(s))
2582 return (DTLS1_VERSION);
2583
2584 if ((s->options & SSL_OP_NO_TLSv1_2) == 0 &&
2585 max_version >= TLS1_2_VERSION)
2586 return (TLS1_2_VERSION);
2587 if ((s->options & SSL_OP_NO_TLSv1_1) == 0 &&
2588 max_version >= TLS1_1_VERSION)
2589 return (TLS1_1_VERSION);
2590 if ((s->options & SSL_OP_NO_TLSv1) == 0 &&
2591 max_version >= TLS1_VERSION)
2592 return (TLS1_VERSION);
2593 if ((s->options & SSL_OP_NO_SSLv3) == 0 &&
2594 max_version >= SSL3_VERSION)
2595 return (SSL3_VERSION);
2596
2597 return (0);
2598}
2599
2600SSL *
2601SSL_dup(SSL *s)
2602{
2603 STACK_OF(X509_NAME) *sk;
2604 X509_NAME *xn;
2605 SSL *ret;
2606 int i;
2607
2608 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2609 return (NULL);
2610
2611 ret->version = s->version;
2612 ret->type = s->type;
2613 ret->method = s->method;
2614
2615 if (s->session != NULL) {
2616 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
2617 SSL_copy_session_id(ret, s);
2618 } else {
2619 /*
2620 * No session has been established yet, so we have to expect
2621 * that s->cert or ret->cert will be changed later --
2622 * they should not both point to the same object,
2623 * and thus we can't use SSL_copy_session_id.
2624 */
2625
2626 ret->method->ssl_free(ret);
2627 ret->method = s->method;
2628 ret->method->ssl_new(ret);
2629
2630 if (s->cert != NULL) {
2631 if (ret->cert != NULL) {
2632 ssl_cert_free(ret->cert);
2633 }
2634 ret->cert = ssl_cert_dup(s->cert);
2635 if (ret->cert == NULL)
2636 goto err;
2637 }
2638
2639 SSL_set_session_id_context(ret,
2640 s->sid_ctx, s->sid_ctx_length);
2641 }
2642
2643 ret->options = s->options;
2644 ret->mode = s->mode;
2645 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
2646 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
2647 ret->msg_callback = s->msg_callback;
2648 ret->msg_callback_arg = s->msg_callback_arg;
2649 SSL_set_verify(ret, SSL_get_verify_mode(s),
2650 SSL_get_verify_callback(s));
2651 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
2652 ret->generate_session_id = s->generate_session_id;
2653
2654 SSL_set_info_callback(ret, SSL_get_info_callback(s));
2655
2656 ret->debug = s->debug;
2657
2658 /* copy app data, a little dangerous perhaps */
2659 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
2660 &ret->ex_data, &s->ex_data))
2661 goto err;
2662
2663 /* setup rbio, and wbio */
2664 if (s->rbio != NULL) {
2665 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2666 goto err;
2667 }
2668 if (s->wbio != NULL) {
2669 if (s->wbio != s->rbio) {
2670 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2671 goto err;
2672 } else
2673 ret->wbio = ret->rbio;
2674 }
2675 ret->rwstate = s->rwstate;
2676 ret->in_handshake = s->in_handshake;
2677 ret->handshake_func = s->handshake_func;
2678 ret->server = s->server;
2679 ret->renegotiate = s->renegotiate;
2680 ret->new_session = s->new_session;
2681 ret->quiet_shutdown = s->quiet_shutdown;
2682 ret->shutdown = s->shutdown;
2683 /* SSL_dup does not really work at any state, though */
2684 ret->state=s->state;
2685 ret->rstate = s->rstate;
2686
2687 /*
2688 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
2689 * ret->init_off
2690 */
2691 ret->init_num = 0;
2692
2693 ret->hit = s->hit;
2694
2695 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2696
2697 /* dup the cipher_list and cipher_list_by_id stacks */
2698 if (s->cipher_list != NULL) {
2699 if ((ret->cipher_list =
2700 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2701 goto err;
2702 }
2703 if (s->cipher_list_by_id != NULL) {
2704 if ((ret->cipher_list_by_id =
2705 sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL)
2706 goto err;
2707 }
2708
2709 /* Dup the client_CA list */
2710 if (s->client_CA != NULL) {
2711 if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
2712 ret->client_CA = sk;
2713 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
2714 xn = sk_X509_NAME_value(sk, i);
2715 if (sk_X509_NAME_set(sk, i,
2716 X509_NAME_dup(xn)) == NULL) {
2717 X509_NAME_free(xn);
2718 goto err;
2719 }
2720 }
2721 }
2722
2723 if (0) {
2724err:
2725 if (ret != NULL)
2726 SSL_free(ret);
2727 ret = NULL;
2728 }
2729 return (ret);
2730}
2731
2732void
2733ssl_clear_cipher_ctx(SSL *s)
2734{
2735 EVP_CIPHER_CTX_free(s->enc_read_ctx);
2736 s->enc_read_ctx = NULL;
2737 EVP_CIPHER_CTX_free(s->enc_write_ctx);
2738 s->enc_write_ctx = NULL;
2739
2740 if (s->aead_read_ctx != NULL) {
2741 EVP_AEAD_CTX_cleanup(&s->aead_read_ctx->ctx);
2742 free(s->aead_read_ctx);
2743 s->aead_read_ctx = NULL;
2744 }
2745 if (s->aead_write_ctx != NULL) {
2746 EVP_AEAD_CTX_cleanup(&s->aead_write_ctx->ctx);
2747 free(s->aead_write_ctx);
2748 s->aead_write_ctx = NULL;
2749 }
2750
2751}
2752
2753/* Fix this function so that it takes an optional type parameter */
2754X509 *
2755SSL_get_certificate(const SSL *s)
2756{
2757 if (s->cert != NULL)
2758 return (s->cert->key->x509);
2759 else
2760 return (NULL);
2761}
2762
2763/* Fix this function so that it takes an optional type parameter */
2764EVP_PKEY *
2765SSL_get_privatekey(SSL *s)
2766{
2767 if (s->cert != NULL)
2768 return (s->cert->key->privatekey);
2769 else
2770 return (NULL);
2771}
2772
2773const SSL_CIPHER *
2774SSL_get_current_cipher(const SSL *s)
2775{
2776 if ((s->session != NULL) && (s->session->cipher != NULL))
2777 return (s->session->cipher);
2778 return (NULL);
2779}
2780const void *
2781SSL_get_current_compression(SSL *s)
2782{
2783 return (NULL);
2784}
2785
2786const void *
2787SSL_get_current_expansion(SSL *s)
2788{
2789 return (NULL);
2790}
2791
2792int
2793ssl_init_wbio_buffer(SSL *s, int push)
2794{
2795 BIO *bbio;
2796
2797 if (s->bbio == NULL) {
2798 bbio = BIO_new(BIO_f_buffer());
2799 if (bbio == NULL)
2800 return (0);
2801 s->bbio = bbio;
2802 } else {
2803 bbio = s->bbio;
2804 if (s->bbio == s->wbio)
2805 s->wbio = BIO_pop(s->wbio);
2806 }
2807 (void)BIO_reset(bbio);
2808/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2809 if (!BIO_set_read_buffer_size(bbio, 1)) {
2810 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,
2811 ERR_R_BUF_LIB);
2812 return (0);
2813 }
2814 if (push) {
2815 if (s->wbio != bbio)
2816 s->wbio = BIO_push(bbio, s->wbio);
2817 } else {
2818 if (s->wbio == bbio)
2819 s->wbio = BIO_pop(bbio);
2820 }
2821 return (1);
2822}
2823
2824void
2825ssl_free_wbio_buffer(SSL *s)
2826{
2827 if (s->bbio == NULL)
2828 return;
2829
2830 if (s->bbio == s->wbio) {
2831 /* remove buffering */
2832 s->wbio = BIO_pop(s->wbio);
2833 }
2834 BIO_free(s->bbio);
2835 s->bbio = NULL;
2836}
2837
2838void
2839SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
2840{
2841 ctx->quiet_shutdown = mode;
2842}
2843
2844int
2845SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2846{
2847 return (ctx->quiet_shutdown);
2848}
2849
2850void
2851SSL_set_quiet_shutdown(SSL *s, int mode)
2852{
2853 s->quiet_shutdown = mode;
2854}
2855
2856int
2857SSL_get_quiet_shutdown(const SSL *s)
2858{
2859 return (s->quiet_shutdown);
2860}
2861
2862void
2863SSL_set_shutdown(SSL *s, int mode)
2864{
2865 s->shutdown = mode;
2866}
2867
2868int
2869SSL_get_shutdown(const SSL *s)
2870{
2871 return (s->shutdown);
2872}
2873
2874int
2875SSL_version(const SSL *s)
2876{
2877 return (s->version);
2878}
2879
2880SSL_CTX *
2881SSL_get_SSL_CTX(const SSL *ssl)
2882{
2883 return (ssl->ctx);
2884}
2885
2886SSL_CTX *
2887SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2888{
2889 if (ssl->ctx == ctx)
2890 return (ssl->ctx);
2891 if (ctx == NULL)
2892 ctx = ssl->initial_ctx;
2893 if (ssl->cert != NULL)
2894 ssl_cert_free(ssl->cert);
2895 ssl->cert = ssl_cert_dup(ctx->cert);
2896 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
2897 SSL_CTX_free(ssl->ctx); /* decrement reference count */
2898 ssl->ctx = ctx;
2899 return (ssl->ctx);
2900}
2901
2902int
2903SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
2904{
2905 return (X509_STORE_set_default_paths(ctx->cert_store));
2906}
2907
2908int
2909SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
2910 const char *CApath)
2911{
2912 return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
2913}
2914
2915int
2916SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len)
2917{
2918 return (X509_STORE_load_mem(ctx->cert_store, buf, len));
2919}
2920
2921void
2922SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
2923{
2924 ssl->info_callback = cb;
2925}
2926
2927void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
2928{
2929 return (ssl->info_callback);
2930}
2931
2932int
2933SSL_state(const SSL *ssl)
2934{
2935 return (ssl->state);
2936}
2937
2938void
2939SSL_set_state(SSL *ssl, int state)
2940{
2941 ssl->state = state;
2942}
2943
2944void
2945SSL_set_verify_result(SSL *ssl, long arg)
2946{
2947 ssl->verify_result = arg;
2948}
2949
2950long
2951SSL_get_verify_result(const SSL *ssl)
2952{
2953 return (ssl->verify_result);
2954}
2955
2956int
2957SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2958 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2959{
2960 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
2961 new_func, dup_func, free_func));
2962}
2963
2964int
2965SSL_set_ex_data(SSL *s, int idx, void *arg)
2966{
2967 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
2968}
2969
2970void *
2971SSL_get_ex_data(const SSL *s, int idx)
2972{
2973 return (CRYPTO_get_ex_data(&s->ex_data, idx));
2974}
2975
2976int
2977SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2978 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2979{
2980 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
2981 new_func, dup_func, free_func));
2982}
2983
2984int
2985SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
2986{
2987 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
2988}
2989
2990void *
2991SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
2992{
2993 return (CRYPTO_get_ex_data(&s->ex_data, idx));
2994}
2995
2996int
2997ssl_ok(SSL *s)
2998{
2999 return (1);
3000}
3001
3002X509_STORE *
3003SSL_CTX_get_cert_store(const SSL_CTX *ctx)
3004{
3005 return (ctx->cert_store);
3006}
3007
3008void
3009SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
3010{
3011 if (ctx->cert_store != NULL)
3012 X509_STORE_free(ctx->cert_store);
3013 ctx->cert_store = store;
3014}
3015
3016int
3017SSL_want(const SSL *s)
3018{
3019 return (s->rwstate);
3020}
3021
3022void
3023SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export,
3024 int keylength))
3025{
3026 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3027}
3028
3029void
3030SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
3031 int keylength))
3032{
3033 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3034}
3035
3036void
3037SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export,
3038 int keylength))
3039{
3040 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3041}
3042
3043void
3044SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
3045 int keylength))
3046{
3047 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3048}
3049
3050void
3051SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,
3052 int is_export, int keylength))
3053{
3054 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
3055 (void (*)(void))ecdh);
3056}
3057
3058void
3059SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
3060 int keylength))
3061{
3062 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3063}
3064
3065
3066void
3067SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version,
3068 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3069{
3070 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK,
3071 (void (*)(void))cb);
3072}
3073
3074void
3075SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
3076 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3077{
3078 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3079}
3080
3081/*
3082 * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
3083 * variable, freeing EVP_MD_CTX previously stored in that variable, if
3084 * any. If EVP_MD pointer is passed, initializes ctx with this md
3085 * Returns newly allocated ctx;
3086 */
3087EVP_MD_CTX *
3088ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
3089{
3090 ssl_clear_hash_ctx(hash);
3091 *hash = EVP_MD_CTX_create();
3092 if (*hash != NULL && md != NULL) {
3093 if (!EVP_DigestInit_ex(*hash, md, NULL)) {
3094 ssl_clear_hash_ctx(hash);
3095 return (NULL);
3096 }
3097 }
3098 return (*hash);
3099}
3100
3101void
3102ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3103{
3104 if (*hash)
3105 EVP_MD_CTX_destroy(*hash);
3106 *hash = NULL;
3107}
3108
3109void
3110SSL_set_debug(SSL *s, int debug)
3111{
3112 s->debug = debug;
3113}
3114
3115int
3116SSL_cache_hit(SSL *s)
3117{
3118 return (s->hit);
3119}
3120
3121IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 09:41:27 +0000