summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
authorbeck <>1999-09-29 04:37:45 +0000
committerbeck <>1999-09-29 04:37:45 +0000
commitde8f24ea083384bb66b32ec105dc4743c5663cdf (patch)
tree1412176ae62a3cab2cf2b0b92150fcbceaac6092 /src/lib/libssl/ssl_lib.c
parentcb929d29896bcb87c2a97417fbd03e50078fc178 (diff)
downloadopenbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.gz
openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.bz2
openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.zip
OpenSSL 0.9.4 merge
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c1016
1 files changed, 621 insertions, 395 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index f562ec6b14..e192fc4cac 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,6 @@
1/* ssl/ssl_lib.c */ 1/*! \file ssl/ssl_lib.c
2 * \brief Version independent SSL functions.
3 */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 4/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 5 * All rights reserved.
4 * 6 *
@@ -57,18 +59,18 @@
57 */ 59 */
58 60
59#include <stdio.h> 61#include <stdio.h>
60#include "objects.h" 62#include <openssl/objects.h>
61#include "lhash.h" 63#include <openssl/lhash.h>
62#include "ssl_locl.h" 64#include "ssl_locl.h"
63 65
64char *SSL_version_str="SSLeay 0.9.0b 29-Jun-1998"; 66char *SSL_version_str=OPENSSL_VERSION_TEXT;
65 67
66static STACK *ssl_meth=NULL; 68static STACK *ssl_meth=NULL;
67static STACK *ssl_ctx_meth=NULL; 69static STACK *ssl_ctx_meth=NULL;
68static int ssl_meth_num=0; 70static int ssl_meth_num=0;
69static int ssl_ctx_meth_num=0; 71static int ssl_ctx_meth_num=0;
70 72
71SSL3_ENC_METHOD ssl3_undef_enc_method={ 73OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
72 ssl_undefined_function, 74 ssl_undefined_function,
73 ssl_undefined_function, 75 ssl_undefined_function,
74 ssl_undefined_function, 76 ssl_undefined_function,
@@ -77,30 +79,36 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
77 ssl_undefined_function, 79 ssl_undefined_function,
78 }; 80 };
79 81
80void SSL_clear(s) 82int SSL_clear(SSL *s)
81SSL *s;
82 { 83 {
83 int state; 84 int state;
84 85
85 if (s->method == NULL) return; 86 if (s->method == NULL)
87 {
88 SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
89 return(0);
90 }
86 91
87 s->error=0; 92 s->error=0;
88 s->hit=0; 93 s->hit=0;
94 s->shutdown=0;
89 95
96#if 0
90 /* This is set if we are doing dynamic renegotiation so keep 97 /* This is set if we are doing dynamic renegotiation so keep
91 * the old cipher. It is sort of a SSL_clear_lite :-) */ 98 * the old cipher. It is sort of a SSL_clear_lite :-) */
92 if (s->new_session) return; 99 if (s->new_session) return(1);
100#endif
93 101
94 state=s->state; /* Keep to check if we throw away the session-id */ 102 state=s->state; /* Keep to check if we throw away the session-id */
95 s->type=0; 103 s->type=0;
96 104
105 s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
106
97 s->version=s->method->version; 107 s->version=s->method->version;
108 s->client_version=s->version;
98 s->rwstate=SSL_NOTHING; 109 s->rwstate=SSL_NOTHING;
99 s->state=SSL_ST_BEFORE;
100 s->rstate=SSL_ST_READ_HEADER; 110 s->rstate=SSL_ST_READ_HEADER;
101 s->read_ahead=s->ctx->default_read_ahead; 111 s->read_ahead=s->ctx->read_ahead;
102
103/* s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); */
104 112
105 if (s->init_buf != NULL) 113 if (s->init_buf != NULL)
106 { 114 {
@@ -116,24 +124,34 @@ SSL *s;
116 s->session=NULL; 124 s->session=NULL;
117 } 125 }
118 126
119 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
120 s->first_packet=0; 127 s->first_packet=0;
121 128
122 s->method->ssl_clear(s); 129#if 1
130 /* Check to see if we were changed into a different method, if
131 * so, revert back if we are not doing session-id reuse. */
132 if ((s->session == NULL) && (s->method != s->ctx->method))
133 {
134 s->method->ssl_free(s);
135 s->method=s->ctx->method;
136 if (!s->method->ssl_new(s))
137 return(0);
138 }
139 else
140#endif
141 s->method->ssl_clear(s);
142 return(1);
123 } 143 }
124 144
125/* Used to change an SSL_CTXs default SSL method type */ 145/** Used to change an SSL_CTXs default SSL method type */
126int SSL_CTX_set_ssl_version(ctx,meth) 146int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
127SSL_CTX *ctx;
128SSL_METHOD *meth;
129 { 147 {
130 STACK *sk; 148 STACK_OF(SSL_CIPHER) *sk;
131 149
132 ctx->method=meth; 150 ctx->method=meth;
133 151
134 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), 152 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
135 &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST); 153 &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
136 if ((sk == NULL) || (sk_num(sk) <= 0)) 154 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
137 { 155 {
138 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 156 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
139 return(0); 157 return(0);
@@ -141,8 +159,7 @@ SSL_METHOD *meth;
141 return(1); 159 return(1);
142 } 160 }
143 161
144SSL *SSL_new(ctx) 162SSL *SSL_new(SSL_CTX *ctx)
145SSL_CTX *ctx;
146 { 163 {
147 SSL *s; 164 SSL *s;
148 165
@@ -161,15 +178,28 @@ SSL_CTX *ctx;
161 if (s == NULL) goto err; 178 if (s == NULL) goto err;
162 memset(s,0,sizeof(SSL)); 179 memset(s,0,sizeof(SSL));
163 180
164 if (ctx->default_cert != NULL) 181 if (ctx->cert != NULL)
165 { 182 {
166 CRYPTO_add(&ctx->default_cert->references,1, 183 /* Earlier library versions used to copy the pointer to
167 CRYPTO_LOCK_SSL_CERT); 184 * the CERT, not its contents; only when setting new
168 s->cert=ctx->default_cert; 185 * parameters for the per-SSL copy, ssl_cert_new would be
186 * called (and the direct reference to the per-SSL_CTX
187 * settings would be lost, but those still were indirectly
188 * accessed for various purposes, and for that reason they
189 * used to be known as s->ctx->default_cert).
190 * Now we don't look at the SSL_CTX's CERT after having
191 * duplicated it once. */
192
193 s->cert = ssl_cert_dup(ctx->cert);
194 if (s->cert == NULL)
195 goto err;
169 } 196 }
170 else 197 else
171 s->cert=NULL; 198 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
172 s->verify_mode=ctx->default_verify_mode; 199 s->sid_ctx_length=ctx->sid_ctx_length;
200 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
201 s->verify_mode=ctx->verify_mode;
202 s->verify_depth=ctx->verify_depth;
173 s->verify_callback=ctx->default_verify_callback; 203 s->verify_callback=ctx->default_verify_callback;
174 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 204 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
175 s->ctx=ctx; 205 s->ctx=ctx;
@@ -179,30 +209,66 @@ SSL_CTX *ctx;
179 s->method=ctx->method; 209 s->method=ctx->method;
180 210
181 if (!s->method->ssl_new(s)) 211 if (!s->method->ssl_new(s))
182 {
183 SSL_CTX_free(ctx);
184 Free(s);
185 goto err; 212 goto err;
186 }
187 213
188 s->quiet_shutdown=ctx->quiet_shutdown; 214 s->quiet_shutdown=ctx->quiet_shutdown;
189 s->references=1; 215 s->references=1;
216 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
190 s->options=ctx->options; 217 s->options=ctx->options;
218 s->mode=ctx->mode;
191 SSL_clear(s); 219 SSL_clear(s);
192 220
193 CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data); 221 CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data);
194 222
195 return(s); 223 return(s);
196err: 224err:
225 if (s != NULL)
226 {
227 if (s->cert != NULL)
228 ssl_cert_free(s->cert);
229 if (s->ctx != NULL)
230 SSL_CTX_free(s->ctx); /* decrement reference count */
231 Free(s);
232 }
197 SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); 233 SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
198 return(NULL); 234 return(NULL);
199 } 235 }
200 236
201void SSL_free(s) 237int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
202SSL *s; 238 unsigned int sid_ctx_len)
239 {
240 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
241 {
242 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
243 return 0;
244 }
245 ctx->sid_ctx_length=sid_ctx_len;
246 memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
247
248 return 1;
249 }
250
251int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
252 unsigned int sid_ctx_len)
253 {
254 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
255 {
256 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
257 return 0;
258 }
259 ssl->sid_ctx_length=sid_ctx_len;
260 memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
261
262 return 1;
263 }
264
265void SSL_free(SSL *s)
203 { 266 {
204 int i; 267 int i;
205 268
269 if(s == NULL)
270 return;
271
206 i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); 272 i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
207#ifdef REF_PRINT 273#ifdef REF_PRINT
208 REF_PRINT("SSL",s); 274 REF_PRINT("SSL",s);
@@ -236,8 +302,8 @@ SSL *s;
236 if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); 302 if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
237 303
238 /* add extra stuff */ 304 /* add extra stuff */
239 if (s->cipher_list != NULL) sk_free(s->cipher_list); 305 if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
240 if (s->cipher_list_by_id != NULL) sk_free(s->cipher_list_by_id); 306 if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
241 307
242 /* Make the next call work :-) */ 308 /* Make the next call work :-) */
243 if (s->session != NULL) 309 if (s->session != NULL)
@@ -254,17 +320,14 @@ SSL *s;
254 if (s->ctx) SSL_CTX_free(s->ctx); 320 if (s->ctx) SSL_CTX_free(s->ctx);
255 321
256 if (s->client_CA != NULL) 322 if (s->client_CA != NULL)
257 sk_pop_free(s->client_CA,X509_NAME_free); 323 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
258 324
259 if (s->method != NULL) s->method->ssl_free(s); 325 if (s->method != NULL) s->method->ssl_free(s);
260 326
261 Free((char *)s); 327 Free((char *)s);
262 } 328 }
263 329
264void SSL_set_bio(s, rbio,wbio) 330void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
265SSL *s;
266BIO *rbio;
267BIO *wbio;
268 { 331 {
269 /* If the output buffering BIO is still in place, remove it 332 /* If the output buffering BIO is still in place, remove it
270 */ 333 */
@@ -284,16 +347,13 @@ BIO *wbio;
284 s->wbio=wbio; 347 s->wbio=wbio;
285 } 348 }
286 349
287BIO *SSL_get_rbio(s) 350BIO *SSL_get_rbio(SSL *s)
288SSL *s;
289 { return(s->rbio); } 351 { return(s->rbio); }
290 352
291BIO *SSL_get_wbio(s) 353BIO *SSL_get_wbio(SSL *s)
292SSL *s;
293 { return(s->wbio); } 354 { return(s->wbio); }
294 355
295int SSL_get_fd(s) 356int SSL_get_fd(SSL *s)
296SSL *s;
297 { 357 {
298 int ret= -1; 358 int ret= -1;
299 BIO *b,*r; 359 BIO *b,*r;
@@ -306,9 +366,7 @@ SSL *s;
306 } 366 }
307 367
308#ifndef NO_SOCK 368#ifndef NO_SOCK
309int SSL_set_fd(s, fd) 369int SSL_set_fd(SSL *s,int fd)
310SSL *s;
311int fd;
312 { 370 {
313 int ret=0; 371 int ret=0;
314 BIO *bio=NULL; 372 BIO *bio=NULL;
@@ -327,9 +385,7 @@ err:
327 return(ret); 385 return(ret);
328 } 386 }
329 387
330int SSL_set_wfd(s, fd) 388int SSL_set_wfd(SSL *s,int fd)
331SSL *s;
332int fd;
333 { 389 {
334 int ret=0; 390 int ret=0;
335 BIO *bio=NULL; 391 BIO *bio=NULL;
@@ -351,9 +407,7 @@ err:
351 return(ret); 407 return(ret);
352 } 408 }
353 409
354int SSL_set_rfd(s, fd) 410int SSL_set_rfd(SSL *s,int fd)
355SSL *s;
356int fd;
357 { 411 {
358 int ret=0; 412 int ret=0;
359 BIO *bio=NULL; 413 BIO *bio=NULL;
@@ -379,61 +433,65 @@ err:
379 } 433 }
380#endif 434#endif
381 435
382int SSL_get_verify_mode(s) 436int SSL_get_verify_mode(SSL *s)
383SSL *s;
384 { 437 {
385 return(s->verify_mode); 438 return(s->verify_mode);
386 } 439 }
387 440
388int (*SSL_get_verify_callback(s))() 441int SSL_get_verify_depth(SSL *s)
389SSL *s; 442 {
443 return(s->verify_depth);
444 }
445
446int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *)
390 { 447 {
391 return(s->verify_callback); 448 return(s->verify_callback);
392 } 449 }
393 450
394int SSL_CTX_get_verify_mode(ctx) 451int SSL_CTX_get_verify_mode(SSL_CTX *ctx)
395SSL_CTX *ctx; 452 {
453 return(ctx->verify_mode);
454 }
455
456int SSL_CTX_get_verify_depth(SSL_CTX *ctx)
396 { 457 {
397 return(ctx->default_verify_mode); 458 return(ctx->verify_depth);
398 } 459 }
399 460
400int (*SSL_CTX_get_verify_callback(ctx))() 461int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *)
401SSL_CTX *ctx;
402 { 462 {
403 return(ctx->default_verify_callback); 463 return(ctx->default_verify_callback);
404 } 464 }
405 465
406void SSL_set_verify(s, mode, callback) 466void SSL_set_verify(SSL *s,int mode,
407SSL *s; 467 int (*callback)(int ok,X509_STORE_CTX *ctx))
408int mode;
409int (*callback)();
410 { 468 {
411 s->verify_mode=mode; 469 s->verify_mode=mode;
412 if (callback != NULL) 470 if (callback != NULL)
413 s->verify_callback=callback; 471 s->verify_callback=callback;
414 } 472 }
415 473
416void SSL_set_read_ahead(s, yes) 474void SSL_set_verify_depth(SSL *s,int depth)
417SSL *s; 475 {
418int yes; 476 s->verify_depth=depth;
477 }
478
479void SSL_set_read_ahead(SSL *s,int yes)
419 { 480 {
420 s->read_ahead=yes; 481 s->read_ahead=yes;
421 } 482 }
422 483
423int SSL_get_read_ahead(s) 484int SSL_get_read_ahead(SSL *s)
424SSL *s;
425 { 485 {
426 return(s->read_ahead); 486 return(s->read_ahead);
427 } 487 }
428 488
429int SSL_pending(s) 489int SSL_pending(SSL *s)
430SSL *s;
431 { 490 {
432 return(s->method->ssl_pending(s)); 491 return(s->method->ssl_pending(s));
433 } 492 }
434 493
435X509 *SSL_get_peer_certificate(s) 494X509 *SSL_get_peer_certificate(SSL *s)
436SSL *s;
437 { 495 {
438 X509 *r; 496 X509 *r;
439 497
@@ -449,23 +507,21 @@ SSL *s;
449 return(r); 507 return(r);
450 } 508 }
451 509
452STACK *SSL_get_peer_cert_chain(s) 510STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s)
453SSL *s;
454 { 511 {
455 STACK *r; 512 STACK_OF(X509) *r;
456 513
457 if ((s == NULL) || (s->session == NULL) || (s->session->cert == NULL)) 514 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
458 r=NULL; 515 r=NULL;
459 else 516 else
460 r=s->session->cert->cert_chain; 517 r=s->session->sess_cert->cert_chain;
461 518
462 return(r); 519 return(r);
463 } 520 }
464 521
465/* Now in theory, since the calling process own 't' it should be safe to 522/* Now in theory, since the calling process own 't' it should be safe to
466 * modify. We need to be able to read f without being hassled */ 523 * modify. We need to be able to read f without being hassled */
467void SSL_copy_session_id(t,f) 524void SSL_copy_session_id(SSL *t,SSL *f)
468SSL *t,*f;
469 { 525 {
470 CERT *tmp; 526 CERT *tmp;
471 527
@@ -490,30 +546,29 @@ SSL *t,*f;
490 else 546 else
491 t->cert=NULL; 547 t->cert=NULL;
492 if (tmp != NULL) ssl_cert_free(tmp); 548 if (tmp != NULL) ssl_cert_free(tmp);
549 SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
493 } 550 }
494 551
495/* Fix this so it checks all the valid key/cert options */ 552/* Fix this so it checks all the valid key/cert options */
496int SSL_CTX_check_private_key(ctx) 553int SSL_CTX_check_private_key(SSL_CTX *ctx)
497SSL_CTX *ctx;
498 { 554 {
499 if ( (ctx == NULL) || 555 if ( (ctx == NULL) ||
500 (ctx->default_cert == NULL) || 556 (ctx->cert == NULL) ||
501 (ctx->default_cert->key->x509 == NULL)) 557 (ctx->cert->key->x509 == NULL))
502 { 558 {
503 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); 559 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
504 return(0); 560 return(0);
505 } 561 }
506 if (ctx->default_cert->key->privatekey == NULL) 562 if (ctx->cert->key->privatekey == NULL)
507 { 563 {
508 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); 564 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
509 return(0); 565 return(0);
510 } 566 }
511 return(X509_check_private_key(ctx->default_cert->key->x509, ctx->default_cert->key->privatekey)); 567 return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
512 } 568 }
513 569
514/* Fix this function so that it takes an optional type parameter */ 570/* Fix this function so that it takes an optional type parameter */
515int SSL_check_private_key(ssl) 571int SSL_check_private_key(SSL *ssl)
516SSL *ssl;
517 { 572 {
518 if (ssl == NULL) 573 if (ssl == NULL)
519 { 574 {
@@ -521,7 +576,10 @@ SSL *ssl;
521 return(0); 576 return(0);
522 } 577 }
523 if (ssl->cert == NULL) 578 if (ssl->cert == NULL)
524 return(SSL_CTX_check_private_key(ssl->ctx)); 579 {
580 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
581 return 0;
582 }
525 if (ssl->cert->key->x509 == NULL) 583 if (ssl->cert->key->x509 == NULL)
526 { 584 {
527 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); 585 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
@@ -536,29 +594,37 @@ SSL *ssl;
536 ssl->cert->key->privatekey)); 594 ssl->cert->key->privatekey));
537 } 595 }
538 596
539int SSL_accept(s) 597int SSL_accept(SSL *s)
540SSL *s;
541 { 598 {
599 if (s->handshake_func == 0)
600 /* Not properly initialized yet */
601 SSL_set_accept_state(s);
602
542 return(s->method->ssl_accept(s)); 603 return(s->method->ssl_accept(s));
543 } 604 }
544 605
545int SSL_connect(s) 606int SSL_connect(SSL *s)
546SSL *s;
547 { 607 {
608 if (s->handshake_func == 0)
609 /* Not properly initialized yet */
610 SSL_set_connect_state(s);
611
548 return(s->method->ssl_connect(s)); 612 return(s->method->ssl_connect(s));
549 } 613 }
550 614
551long SSL_get_default_timeout(s) 615long SSL_get_default_timeout(SSL *s)
552SSL *s;
553 { 616 {
554 return(s->method->get_timeout()); 617 return(s->method->get_timeout());
555 } 618 }
556 619
557int SSL_read(s,buf,num) 620int SSL_read(SSL *s,char *buf,int num)
558SSL *s;
559char *buf;
560int num;
561 { 621 {
622 if (s->handshake_func == 0)
623 {
624 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
625 return -1;
626 }
627
562 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 628 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
563 { 629 {
564 s->rwstate=SSL_NOTHING; 630 s->rwstate=SSL_NOTHING;
@@ -567,10 +633,7 @@ int num;
567 return(s->method->ssl_read(s,buf,num)); 633 return(s->method->ssl_read(s,buf,num));
568 } 634 }
569 635
570int SSL_peek(s,buf,num) 636int SSL_peek(SSL *s,char *buf,int num)
571SSL *s;
572char *buf;
573int num;
574 { 637 {
575 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 638 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
576 { 639 {
@@ -579,11 +642,14 @@ int num;
579 return(s->method->ssl_peek(s,buf,num)); 642 return(s->method->ssl_peek(s,buf,num));
580 } 643 }
581 644
582int SSL_write(s,buf,num) 645int SSL_write(SSL *s,const char *buf,int num)
583SSL *s;
584char *buf;
585int num;
586 { 646 {
647 if (s->handshake_func == 0)
648 {
649 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
650 return -1;
651 }
652
587 if (s->shutdown & SSL_SENT_SHUTDOWN) 653 if (s->shutdown & SSL_SENT_SHUTDOWN)
588 { 654 {
589 s->rwstate=SSL_NOTHING; 655 s->rwstate=SSL_NOTHING;
@@ -593,42 +659,113 @@ int num;
593 return(s->method->ssl_write(s,buf,num)); 659 return(s->method->ssl_write(s,buf,num));
594 } 660 }
595 661
596int SSL_shutdown(s) 662int SSL_shutdown(SSL *s)
597SSL *s;
598 { 663 {
664 /* Note that this function behaves differently from what one might
665 * expect. Return values are 0 for no success (yet),
666 * 1 for success; but calling it once is usually not enough,
667 * even if blocking I/O is used (see ssl3_shutdown).
668 */
669
670 if (s->handshake_func == 0)
671 {
672 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
673 return -1;
674 }
675
599 if ((s != NULL) && !SSL_in_init(s)) 676 if ((s != NULL) && !SSL_in_init(s))
600 return(s->method->ssl_shutdown(s)); 677 return(s->method->ssl_shutdown(s));
601 else 678 else
602 return(1); 679 return(1);
603 } 680 }
604 681
605int SSL_renegotiate(s) 682int SSL_renegotiate(SSL *s)
606SSL *s;
607 { 683 {
608 s->new_session=1; 684 s->new_session=1;
609 return(s->method->ssl_renegotiate(s)); 685 return(s->method->ssl_renegotiate(s));
610 } 686 }
611 687
612long SSL_ctrl(s,cmd,larg,parg) 688long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
613SSL *s;
614int cmd;
615long larg;
616char *parg;
617 { 689 {
618 return(s->method->ssl_ctrl(s,cmd,larg,parg)); 690 long l;
691
692 switch (cmd)
693 {
694 case SSL_CTRL_GET_READ_AHEAD:
695 return(s->read_ahead);
696 case SSL_CTRL_SET_READ_AHEAD:
697 l=s->read_ahead;
698 s->read_ahead=larg;
699 return(l);
700 case SSL_CTRL_OPTIONS:
701 return(s->options|=larg);
702 case SSL_CTRL_MODE:
703 return(s->mode|=larg);
704 default:
705 return(s->method->ssl_ctrl(s,cmd,larg,parg));
706 }
619 } 707 }
620 708
621long SSL_CTX_ctrl(ctx,cmd,larg,parg) 709long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg)
622SSL_CTX *ctx;
623int cmd;
624long larg;
625char *parg;
626 { 710 {
627 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); 711 long l;
628 }
629 712
630int ssl_cipher_id_cmp(a,b) 713 switch (cmd)
631SSL_CIPHER *a,*b; 714 {
715 case SSL_CTRL_GET_READ_AHEAD:
716 return(ctx->read_ahead);
717 case SSL_CTRL_SET_READ_AHEAD:
718 l=ctx->read_ahead;
719 ctx->read_ahead=larg;
720 return(l);
721
722 case SSL_CTRL_SET_SESS_CACHE_SIZE:
723 l=ctx->session_cache_size;
724 ctx->session_cache_size=larg;
725 return(l);
726 case SSL_CTRL_GET_SESS_CACHE_SIZE:
727 return(ctx->session_cache_size);
728 case SSL_CTRL_SET_SESS_CACHE_MODE:
729 l=ctx->session_cache_mode;
730 ctx->session_cache_mode=larg;
731 return(l);
732 case SSL_CTRL_GET_SESS_CACHE_MODE:
733 return(ctx->session_cache_mode);
734
735 case SSL_CTRL_SESS_NUMBER:
736 return(ctx->sessions->num_items);
737 case SSL_CTRL_SESS_CONNECT:
738 return(ctx->stats.sess_connect);
739 case SSL_CTRL_SESS_CONNECT_GOOD:
740 return(ctx->stats.sess_connect_good);
741 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
742 return(ctx->stats.sess_connect_renegotiate);
743 case SSL_CTRL_SESS_ACCEPT:
744 return(ctx->stats.sess_accept);
745 case SSL_CTRL_SESS_ACCEPT_GOOD:
746 return(ctx->stats.sess_accept_good);
747 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
748 return(ctx->stats.sess_accept_renegotiate);
749 case SSL_CTRL_SESS_HIT:
750 return(ctx->stats.sess_hit);
751 case SSL_CTRL_SESS_CB_HIT:
752 return(ctx->stats.sess_cb_hit);
753 case SSL_CTRL_SESS_MISSES:
754 return(ctx->stats.sess_miss);
755 case SSL_CTRL_SESS_TIMEOUTS:
756 return(ctx->stats.sess_timeout);
757 case SSL_CTRL_SESS_CACHE_FULL:
758 return(ctx->stats.sess_cache_full);
759 case SSL_CTRL_OPTIONS:
760 return(ctx->options|=larg);
761 case SSL_CTRL_MODE:
762 return(ctx->mode|=larg);
763 default:
764 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
765 }
766 }
767
768int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b)
632 { 769 {
633 long l; 770 long l;
634 771
@@ -639,8 +776,7 @@ SSL_CIPHER *a,*b;
639 return((l > 0)?1:-1); 776 return((l > 0)?1:-1);
640 } 777 }
641 778
642int ssl_cipher_ptr_id_cmp(ap,bp) 779int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp)
643SSL_CIPHER **ap,**bp;
644 { 780 {
645 long l; 781 long l;
646 782
@@ -651,10 +787,9 @@ SSL_CIPHER **ap,**bp;
651 return((l > 0)?1:-1); 787 return((l > 0)?1:-1);
652 } 788 }
653 789
654/* return a STACK of the ciphers available for the SSL and in order of 790/** return a STACK of the ciphers available for the SSL and in order of
655 * preference */ 791 * preference */
656STACK *SSL_get_ciphers(s) 792STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
657SSL *s;
658 { 793 {
659 if ((s != NULL) && (s->cipher_list != NULL)) 794 if ((s != NULL) && (s->cipher_list != NULL))
660 { 795 {
@@ -668,10 +803,9 @@ SSL *s;
668 return(NULL); 803 return(NULL);
669 } 804 }
670 805
671/* return a STACK of the ciphers available for the SSL and in order of 806/** return a STACK of the ciphers available for the SSL and in order of
672 * algorithm id */ 807 * algorithm id */
673STACK *ssl_get_ciphers_by_id(s) 808STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
674SSL *s;
675 { 809 {
676 if ((s != NULL) && (s->cipher_list_by_id != NULL)) 810 if ((s != NULL) && (s->cipher_list_by_id != NULL))
677 { 811 {
@@ -685,29 +819,25 @@ SSL *s;
685 return(NULL); 819 return(NULL);
686 } 820 }
687 821
688/* The old interface to get the same thing as SSL_get_ciphers() */ 822/** The old interface to get the same thing as SSL_get_ciphers() */
689char *SSL_get_cipher_list(s,n) 823const char *SSL_get_cipher_list(SSL *s,int n)
690SSL *s;
691int n;
692 { 824 {
693 SSL_CIPHER *c; 825 SSL_CIPHER *c;
694 STACK *sk; 826 STACK_OF(SSL_CIPHER) *sk;
695 827
696 if (s == NULL) return(NULL); 828 if (s == NULL) return(NULL);
697 sk=SSL_get_ciphers(s); 829 sk=SSL_get_ciphers(s);
698 if ((sk == NULL) || (sk_num(sk) <= n)) 830 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
699 return(NULL); 831 return(NULL);
700 c=(SSL_CIPHER *)sk_value(sk,n); 832 c=sk_SSL_CIPHER_value(sk,n);
701 if (c == NULL) return(NULL); 833 if (c == NULL) return(NULL);
702 return(c->name); 834 return(c->name);
703 } 835 }
704 836
705/* specify the ciphers to be used by defaut by the SSL_CTX */ 837/** specify the ciphers to be used by defaut by the SSL_CTX */
706int SSL_CTX_set_cipher_list(ctx,str) 838int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str)
707SSL_CTX *ctx;
708char *str;
709 { 839 {
710 STACK *sk; 840 STACK_OF(SSL_CIPHER) *sk;
711 841
712 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, 842 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
713 &ctx->cipher_list_by_id,str); 843 &ctx->cipher_list_by_id,str);
@@ -715,12 +845,10 @@ char *str;
715 return((sk == NULL)?0:1); 845 return((sk == NULL)?0:1);
716 } 846 }
717 847
718/* specify the ciphers to be used by the SSL */ 848/** specify the ciphers to be used by the SSL */
719int SSL_set_cipher_list(s, str) 849int SSL_set_cipher_list(SSL *s,char *str)
720SSL *s;
721char *str;
722 { 850 {
723 STACK *sk; 851 STACK_OF(SSL_CIPHER) *sk;
724 852
725 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, 853 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
726 &s->cipher_list_by_id,str); 854 &s->cipher_list_by_id,str);
@@ -729,13 +857,11 @@ char *str;
729 } 857 }
730 858
731/* works well for SSLv2, not so good for SSLv3 */ 859/* works well for SSLv2, not so good for SSLv3 */
732char *SSL_get_shared_ciphers(s,buf,len) 860char *SSL_get_shared_ciphers(SSL *s,char *buf,int len)
733SSL *s;
734char *buf;
735int len;
736 { 861 {
737 char *p,*cp; 862 char *p;
738 STACK *sk; 863 const char *cp;
864 STACK_OF(SSL_CIPHER) *sk;
739 SSL_CIPHER *c; 865 SSL_CIPHER *c;
740 int i; 866 int i;
741 867
@@ -745,11 +871,11 @@ int len;
745 871
746 p=buf; 872 p=buf;
747 sk=s->session->ciphers; 873 sk=s->session->ciphers;
748 for (i=0; i<sk_num(sk); i++) 874 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
749 { 875 {
750 /* Decrement for either the ':' or a '\0' */ 876 /* Decrement for either the ':' or a '\0' */
751 len--; 877 len--;
752 c=(SSL_CIPHER *)sk_value(sk,i); 878 c=sk_SSL_CIPHER_value(sk,i);
753 for (cp=c->name; *cp; ) 879 for (cp=c->name; *cp; )
754 { 880 {
755 if (len-- == 0) 881 if (len-- == 0)
@@ -766,10 +892,7 @@ int len;
766 return(buf); 892 return(buf);
767 } 893 }
768 894
769int ssl_cipher_list_to_bytes(s,sk,p) 895int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
770SSL *s;
771STACK *sk;
772unsigned char *p;
773 { 896 {
774 int i,j=0; 897 int i,j=0;
775 SSL_CIPHER *c; 898 SSL_CIPHER *c;
@@ -778,23 +901,20 @@ unsigned char *p;
778 if (sk == NULL) return(0); 901 if (sk == NULL) return(0);
779 q=p; 902 q=p;
780 903
781 for (i=0; i<sk_num(sk); i++) 904 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
782 { 905 {
783 c=(SSL_CIPHER *)sk_value(sk,i); 906 c=sk_SSL_CIPHER_value(sk,i);
784 j=ssl_put_cipher_by_char(s,c,p); 907 j=ssl_put_cipher_by_char(s,c,p);
785 p+=j; 908 p+=j;
786 } 909 }
787 return(p-q); 910 return(p-q);
788 } 911 }
789 912
790STACK *ssl_bytes_to_cipher_list(s,p,num,skp) 913STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
791SSL *s; 914 STACK_OF(SSL_CIPHER) **skp)
792unsigned char *p;
793int num;
794STACK **skp;
795 { 915 {
796 SSL_CIPHER *c; 916 SSL_CIPHER *c;
797 STACK *sk; 917 STACK_OF(SSL_CIPHER) *sk;
798 int i,n; 918 int i,n;
799 919
800 n=ssl_put_cipher_by_char(s,NULL,NULL); 920 n=ssl_put_cipher_by_char(s,NULL,NULL);
@@ -804,11 +924,11 @@ STACK **skp;
804 return(NULL); 924 return(NULL);
805 } 925 }
806 if ((skp == NULL) || (*skp == NULL)) 926 if ((skp == NULL) || (*skp == NULL))
807 sk=sk_new(NULL); /* change perhaps later */ 927 sk=sk_SSL_CIPHER_new(NULL); /* change perhaps later */
808 else 928 else
809 { 929 {
810 sk= *skp; 930 sk= *skp;
811 sk_zero(sk); 931 sk_SSL_CIPHER_zero(sk);
812 } 932 }
813 933
814 for (i=0; i<num; i+=n) 934 for (i=0; i<num; i+=n)
@@ -817,7 +937,7 @@ STACK **skp;
817 p+=n; 937 p+=n;
818 if (c != NULL) 938 if (c != NULL)
819 { 939 {
820 if (!sk_push(sk,(char *)c)) 940 if (!sk_SSL_CIPHER_push(sk,c))
821 { 941 {
822 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 942 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
823 goto err; 943 goto err;
@@ -830,23 +950,23 @@ STACK **skp;
830 return(sk); 950 return(sk);
831err: 951err:
832 if ((skp == NULL) || (*skp == NULL)) 952 if ((skp == NULL) || (*skp == NULL))
833 sk_free(sk); 953 sk_SSL_CIPHER_free(sk);
834 return(NULL); 954 return(NULL);
835 } 955 }
836 956
837unsigned long SSL_SESSION_hash(a) 957unsigned long SSL_SESSION_hash(SSL_SESSION *a)
838SSL_SESSION *a;
839 { 958 {
840 unsigned long l; 959 unsigned long l;
841 960
842 l= (a->session_id[0] )|(a->session_id[1]<< 8L)| 961 l=(unsigned long)
843 (a->session_id[2]<<16L)|(a->session_id[3]<<24L); 962 ((unsigned int) a->session_id[0] )|
963 ((unsigned int) a->session_id[1]<< 8L)|
964 ((unsigned long)a->session_id[2]<<16L)|
965 ((unsigned long)a->session_id[3]<<24L);
844 return(l); 966 return(l);
845 } 967 }
846 968
847int SSL_SESSION_cmp(a, b) 969int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b)
848SSL_SESSION *a;
849SSL_SESSION *b;
850 { 970 {
851 if (a->ssl_version != b->ssl_version) 971 if (a->ssl_version != b->ssl_version)
852 return(1); 972 return(1);
@@ -855,16 +975,21 @@ SSL_SESSION *b;
855 return(memcmp(a->session_id,b->session_id,a->session_id_length)); 975 return(memcmp(a->session_id,b->session_id,a->session_id_length));
856 } 976 }
857 977
858SSL_CTX *SSL_CTX_new(meth) 978SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
859SSL_METHOD *meth;
860 { 979 {
861 SSL_CTX *ret; 980 SSL_CTX *ret=NULL;
862 981
863 if (meth == NULL) 982 if (meth == NULL)
864 { 983 {
865 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); 984 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
866 return(NULL); 985 return(NULL);
867 } 986 }
987
988 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
989 {
990 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
991 goto err;
992 }
868 ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX)); 993 ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX));
869 if (ret == NULL) 994 if (ret == NULL)
870 goto err; 995 goto err;
@@ -886,17 +1011,7 @@ SSL_METHOD *meth;
886 ret->remove_session_cb=NULL; 1011 ret->remove_session_cb=NULL;
887 ret->get_session_cb=NULL; 1012 ret->get_session_cb=NULL;
888 1013
889 ret->sess_connect=0; 1014 memset((char *)&ret->stats,0,sizeof(ret->stats));
890 ret->sess_connect_good=0;
891 ret->sess_accept=0;
892 ret->sess_accept_renegotiate=0;
893 ret->sess_connect_renegotiate=0;
894 ret->sess_accept_good=0;
895 ret->sess_miss=0;
896 ret->sess_timeout=0;
897 ret->sess_cache_full=0;
898 ret->sess_hit=0;
899 ret->sess_cb_hit=0;
900 1015
901 ret->references=1; 1016 ret->references=1;
902 ret->quiet_shutdown=0; 1017 ret->quiet_shutdown=0;
@@ -912,13 +1027,15 @@ SSL_METHOD *meth;
912 ret->app_verify_callback=NULL; 1027 ret->app_verify_callback=NULL;
913 ret->app_verify_arg=NULL; 1028 ret->app_verify_arg=NULL;
914 1029
915 ret->default_read_ahead=0; 1030 ret->read_ahead=0;
916 ret->default_verify_mode=SSL_VERIFY_NONE; 1031 ret->verify_mode=SSL_VERIFY_NONE;
1032 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
917 ret->default_verify_callback=NULL; 1033 ret->default_verify_callback=NULL;
918 if ((ret->default_cert=ssl_cert_new()) == NULL) 1034 if ((ret->cert=ssl_cert_new()) == NULL)
919 goto err; 1035 goto err;
920 1036
921 ret->default_passwd_callback=NULL; 1037 ret->default_passwd_callback=NULL;
1038 ret->default_passwd_callback_userdata=NULL;
922 ret->client_cert_cb=NULL; 1039 ret->client_cert_cb=NULL;
923 1040
924 ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp); 1041 ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp);
@@ -929,7 +1046,8 @@ SSL_METHOD *meth;
929 ssl_create_cipher_list(ret->method, 1046 ssl_create_cipher_list(ret->method,
930 &ret->cipher_list,&ret->cipher_list_by_id, 1047 &ret->cipher_list,&ret->cipher_list_by_id,
931 SSL_DEFAULT_CIPHER_LIST); 1048 SSL_DEFAULT_CIPHER_LIST);
932 if ((ret->cipher_list == NULL) || (sk_num(ret->cipher_list) <= 0)) 1049 if (ret->cipher_list == NULL
1050 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
933 { 1051 {
934 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); 1052 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
935 goto err2; 1053 goto err2;
@@ -951,11 +1069,14 @@ SSL_METHOD *meth;
951 goto err2; 1069 goto err2;
952 } 1070 }
953 1071
954 if ((ret->client_CA=sk_new_null()) == NULL) 1072 if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
955 goto err; 1073 goto err;
956 1074
957 CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data); 1075 CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
958 1076
1077 ret->extra_certs=NULL;
1078 ret->comp_methods=SSL_COMP_get_compression_methods();
1079
959 return(ret); 1080 return(ret);
960err: 1081err:
961 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); 1082 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
@@ -964,8 +1085,10 @@ err2:
964 return(NULL); 1085 return(NULL);
965 } 1086 }
966 1087
967void SSL_CTX_free(a) 1088static void SSL_COMP_free(SSL_COMP *comp)
968SSL_CTX *a; 1089 { Free(comp); }
1090
1091void SSL_CTX_free(SSL_CTX *a)
969 { 1092 {
970 int i; 1093 int i;
971 1094
@@ -993,96 +1116,108 @@ SSL_CTX *a;
993 if (a->cert_store != NULL) 1116 if (a->cert_store != NULL)
994 X509_STORE_free(a->cert_store); 1117 X509_STORE_free(a->cert_store);
995 if (a->cipher_list != NULL) 1118 if (a->cipher_list != NULL)
996 sk_free(a->cipher_list); 1119 sk_SSL_CIPHER_free(a->cipher_list);
997 if (a->cipher_list_by_id != NULL) 1120 if (a->cipher_list_by_id != NULL)
998 sk_free(a->cipher_list_by_id); 1121 sk_SSL_CIPHER_free(a->cipher_list_by_id);
999 if (a->default_cert != NULL) 1122 if (a->cert != NULL)
1000 ssl_cert_free(a->default_cert); 1123 ssl_cert_free(a->cert);
1001 if (a->client_CA != NULL) 1124 if (a->client_CA != NULL)
1002 sk_pop_free(a->client_CA,X509_NAME_free); 1125 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
1126 if (a->extra_certs != NULL)
1127 sk_X509_pop_free(a->extra_certs,X509_free);
1128 if (a->comp_methods != NULL)
1129 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
1003 Free((char *)a); 1130 Free((char *)a);
1004 } 1131 }
1005 1132
1006void SSL_CTX_set_default_passwd_cb(ctx,cb) 1133void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1007SSL_CTX *ctx;
1008int (*cb)();
1009 { 1134 {
1010 ctx->default_passwd_callback=cb; 1135 ctx->default_passwd_callback=cb;
1011 } 1136 }
1012 1137
1013void SSL_CTX_set_cert_verify_cb(ctx,cb,arg) 1138void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
1014SSL_CTX *ctx;
1015int (*cb)();
1016char *arg;
1017 { 1139 {
1140 ctx->default_passwd_callback_userdata=u;
1141 }
1142
1143void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg)
1144 {
1145 /* now
1146 * int (*cb)(X509_STORE_CTX *),
1147 * but should be
1148 * int (*cb)(X509_STORE_CTX *, void *arg)
1149 */
1018 ctx->app_verify_callback=cb; 1150 ctx->app_verify_callback=cb;
1019 ctx->app_verify_arg=arg; 1151 ctx->app_verify_arg=arg; /* never used */
1020 } 1152 }
1021 1153
1022void SSL_CTX_set_verify(ctx,mode,cb) 1154void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
1023SSL_CTX *ctx;
1024int mode;
1025int (*cb)();
1026 { 1155 {
1027 ctx->default_verify_mode=mode; 1156 ctx->verify_mode=mode;
1028 ctx->default_verify_callback=cb; 1157 ctx->default_verify_callback=cb;
1029 /* This needs cleaning up EAY EAY EAY */ 1158 /* This needs cleaning up EAY EAY EAY */
1030 X509_STORE_set_verify_cb_func(ctx->cert_store,cb); 1159 X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
1031 } 1160 }
1032 1161
1033void ssl_set_cert_masks(c) 1162void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
1034CERT *c; 1163 {
1164 ctx->verify_depth=depth;
1165 }
1166
1167void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
1035 { 1168 {
1036 CERT_PKEY *cpk; 1169 CERT_PKEY *cpk;
1037 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; 1170 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
1038 int rsa_enc_export,dh_rsa_export,dh_dsa_export; 1171 int rsa_enc_export,dh_rsa_export,dh_dsa_export;
1039 int rsa_tmp_export,dh_tmp_export; 1172 int rsa_tmp_export,dh_tmp_export,kl;
1040 unsigned long mask,emask; 1173 unsigned long mask,emask;
1041 1174
1042 if ((c == NULL) || (c->valid)) return; 1175 if (c == NULL) return;
1176
1177 kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1043 1178
1044#ifndef NO_RSA 1179#ifndef NO_RSA
1045 rsa_tmp=((c->rsa_tmp != NULL) || (c->rsa_tmp_cb != NULL))?1:0; 1180 rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
1046 rsa_tmp_export=((c->rsa_tmp_cb != NULL) || 1181 rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
1047 (rsa_tmp && (RSA_size(c->rsa_tmp)*8 <= 512)))?1:0; 1182 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
1048#else 1183#else
1049 rsa_tmp=rsa_tmp_export=0; 1184 rsa_tmp=rsa_tmp_export=0;
1050#endif 1185#endif
1051#ifndef NO_DH 1186#ifndef NO_DH
1052 dh_tmp=((c->dh_tmp != NULL) || (c->dh_tmp_cb != NULL))?1:0; 1187 dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
1053 dh_tmp_export=((c->dh_tmp_cb != NULL) || 1188 dh_tmp_export=(c->dh_tmp_cb != NULL ||
1054 (dh_tmp && (DH_size(c->dh_tmp)*8 <= 512)))?1:0; 1189 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
1055#else 1190#else
1056 dh_tmp=dh_tmp_export=0; 1191 dh_tmp=dh_tmp_export=0;
1057#endif 1192#endif
1058 1193
1059 cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); 1194 cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
1060 rsa_enc= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; 1195 rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
1061 rsa_enc_export=(rsa_enc && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; 1196 rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1062 cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); 1197 cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
1063 rsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; 1198 rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1064 cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); 1199 cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
1065 dsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; 1200 dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1066 cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); 1201 cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
1067 dh_rsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; 1202 dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
1068 dh_rsa_export=(dh_rsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; 1203 dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1069 cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); 1204 cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
1070/* FIX THIS EAY EAY EAY */ 1205/* FIX THIS EAY EAY EAY */
1071 dh_dsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; 1206 dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
1072 dh_dsa_export=(dh_dsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; 1207 dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1073 1208
1074 mask=0; 1209 mask=0;
1075 emask=0; 1210 emask=0;
1076 1211
1077#ifdef CIPHER_DEBUG 1212#ifdef CIPHER_DEBUG
1078 printf("rt=%d dht=%d re=%d rs=%d ds=%d dhr=%d dhd=%d\n", 1213 printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
1079 rsa_tmp,dh_tmp, 1214 rsa_tmp,rsa_tmp_export,dh_tmp,
1080 rsa_enc,rsa_sign,dsa_sign,dh_rsa,dh_dsa); 1215 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
1081#endif 1216#endif
1082 1217
1083 if (rsa_enc || (rsa_tmp && rsa_sign)) 1218 if (rsa_enc || (rsa_tmp && rsa_sign))
1084 mask|=SSL_kRSA; 1219 mask|=SSL_kRSA;
1085 if (rsa_enc_export || (rsa_tmp_export && rsa_sign)) 1220 if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
1086 emask|=SSL_kRSA; 1221 emask|=SSL_kRSA;
1087 1222
1088#if 0 1223#if 0
@@ -1130,18 +1265,17 @@ CERT *c;
1130 } 1265 }
1131 1266
1132/* THIS NEEDS CLEANING UP */ 1267/* THIS NEEDS CLEANING UP */
1133X509 *ssl_get_server_send_cert(s) 1268X509 *ssl_get_server_send_cert(SSL *s)
1134SSL *s;
1135 { 1269 {
1136 unsigned long alg,mask,kalg; 1270 unsigned long alg,mask,kalg;
1137 CERT *c; 1271 CERT *c;
1138 int i,export; 1272 int i,is_export;
1139 1273
1140 c=s->cert; 1274 c=s->cert;
1141 ssl_set_cert_masks(c); 1275 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
1142 alg=s->s3->tmp.new_cipher->algorithms; 1276 alg=s->s3->tmp.new_cipher->algorithms;
1143 export=(alg & SSL_EXPORT)?1:0; 1277 is_export=SSL_IS_EXPORT(alg);
1144 mask=(export)?c->export_mask:c->mask; 1278 mask=is_export?c->export_mask:c->mask;
1145 kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); 1279 kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
1146 1280
1147 if (kalg & SSL_kDHr) 1281 if (kalg & SSL_kDHr)
@@ -1166,9 +1300,7 @@ SSL *s;
1166 return(c->pkeys[i].x509); 1300 return(c->pkeys[i].x509);
1167 } 1301 }
1168 1302
1169EVP_PKEY *ssl_get_sign_pkey(s,cipher) 1303EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
1170SSL *s;
1171SSL_CIPHER *cipher;
1172 { 1304 {
1173 unsigned long alg; 1305 unsigned long alg;
1174 CERT *c; 1306 CERT *c;
@@ -1195,9 +1327,7 @@ SSL_CIPHER *cipher;
1195 } 1327 }
1196 } 1328 }
1197 1329
1198void ssl_update_cache(s,mode) 1330void ssl_update_cache(SSL *s,int mode)
1199SSL *s;
1200int mode;
1201 { 1331 {
1202 int i; 1332 int i;
1203 1333
@@ -1221,23 +1351,20 @@ int mode;
1221 ((i & mode) == mode)) 1351 ((i & mode) == mode))
1222 { 1352 {
1223 if ( (((mode & SSL_SESS_CACHE_CLIENT) 1353 if ( (((mode & SSL_SESS_CACHE_CLIENT)
1224 ?s->ctx->sess_connect_good 1354 ?s->ctx->stats.sess_connect_good
1225 :s->ctx->sess_accept_good) & 0xff) == 0xff) 1355 :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
1226 { 1356 {
1227 SSL_CTX_flush_sessions(s->ctx,time(NULL)); 1357 SSL_CTX_flush_sessions(s->ctx,time(NULL));
1228 } 1358 }
1229 } 1359 }
1230 } 1360 }
1231 1361
1232SSL_METHOD *SSL_get_ssl_method(s) 1362SSL_METHOD *SSL_get_ssl_method(SSL *s)
1233SSL *s;
1234 { 1363 {
1235 return(s->method); 1364 return(s->method);
1236 } 1365 }
1237 1366
1238int SSL_set_ssl_method(s,meth) 1367int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
1239SSL *s;
1240SSL_METHOD *meth;
1241 { 1368 {
1242 int conn= -1; 1369 int conn= -1;
1243 int ret=1; 1370 int ret=1;
@@ -1264,17 +1391,23 @@ SSL_METHOD *meth;
1264 return(ret); 1391 return(ret);
1265 } 1392 }
1266 1393
1267int SSL_get_error(s,i) 1394int SSL_get_error(SSL *s,int i)
1268SSL *s;
1269int i;
1270 { 1395 {
1271 int reason; 1396 int reason;
1397 unsigned long l;
1272 BIO *bio; 1398 BIO *bio;
1273 1399
1274 if (i > 0) return(SSL_ERROR_NONE); 1400 if (i > 0) return(SSL_ERROR_NONE);
1275 1401
1276 if (ERR_peek_error() != 0) 1402 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
1277 return(SSL_ERROR_SSL); 1403 * etc, where we do encode the error */
1404 if ((l=ERR_peek_error()) != 0)
1405 {
1406 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
1407 return(SSL_ERROR_SYSCALL);
1408 else
1409 return(SSL_ERROR_SSL);
1410 }
1278 1411
1279 if ((i < 0) && SSL_want_read(s)) 1412 if ((i < 0) && SSL_want_read(s))
1280 { 1413 {
@@ -1282,6 +1415,15 @@ int i;
1282 if (BIO_should_read(bio)) 1415 if (BIO_should_read(bio))
1283 return(SSL_ERROR_WANT_READ); 1416 return(SSL_ERROR_WANT_READ);
1284 else if (BIO_should_write(bio)) 1417 else if (BIO_should_write(bio))
1418 /* This one doesn't make too much sense ... We never try
1419 * to write to the rbio, and an application program where
1420 * rbio and wbio are separate couldn't even know what it
1421 * should wait for.
1422 * However if we ever set s->rwstate incorrectly
1423 * (so that we have SSL_want_read(s) instead of
1424 * SSL_want_write(s)) and rbio and wbio *are* the same,
1425 * this test works around that bug; so it might be safer
1426 * to keep it. */
1285 return(SSL_ERROR_WANT_WRITE); 1427 return(SSL_ERROR_WANT_WRITE);
1286 else if (BIO_should_io_special(bio)) 1428 else if (BIO_should_io_special(bio))
1287 { 1429 {
@@ -1299,6 +1441,7 @@ int i;
1299 if (BIO_should_write(bio)) 1441 if (BIO_should_write(bio))
1300 return(SSL_ERROR_WANT_WRITE); 1442 return(SSL_ERROR_WANT_WRITE);
1301 else if (BIO_should_read(bio)) 1443 else if (BIO_should_read(bio))
1444 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
1302 return(SSL_ERROR_WANT_READ); 1445 return(SSL_ERROR_WANT_READ);
1303 else if (BIO_should_io_special(bio)) 1446 else if (BIO_should_io_special(bio))
1304 { 1447 {
@@ -1331,8 +1474,7 @@ int i;
1331 return(SSL_ERROR_SYSCALL); 1474 return(SSL_ERROR_SYSCALL);
1332 } 1475 }
1333 1476
1334int SSL_do_handshake(s) 1477int SSL_do_handshake(SSL *s)
1335SSL *s;
1336 { 1478 {
1337 int ret=1; 1479 int ret=1;
1338 1480
@@ -1341,7 +1483,9 @@ SSL *s;
1341 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); 1483 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
1342 return(-1); 1484 return(-1);
1343 } 1485 }
1344 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 1486
1487 s->method->ssl_renegotiate_check(s);
1488
1345 if (SSL_in_init(s) || SSL_in_before(s)) 1489 if (SSL_in_init(s) || SSL_in_before(s))
1346 { 1490 {
1347 ret=s->handshake_func(s); 1491 ret=s->handshake_func(s);
@@ -1351,9 +1495,9 @@ SSL *s;
1351 1495
1352/* For the next 2 functions, SSL_clear() sets shutdown and so 1496/* For the next 2 functions, SSL_clear() sets shutdown and so
1353 * one of these calls will reset it */ 1497 * one of these calls will reset it */
1354void SSL_set_accept_state(s) 1498void SSL_set_accept_state(SSL *s)
1355SSL *s;
1356 { 1499 {
1500 s->server=1;
1357 s->shutdown=0; 1501 s->shutdown=0;
1358 s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; 1502 s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
1359 s->handshake_func=s->method->ssl_accept; 1503 s->handshake_func=s->method->ssl_accept;
@@ -1361,9 +1505,9 @@ SSL *s;
1361 ssl_clear_cipher_ctx(s); 1505 ssl_clear_cipher_ctx(s);
1362 } 1506 }
1363 1507
1364void SSL_set_connect_state(s) 1508void SSL_set_connect_state(SSL *s)
1365SSL *s;
1366 { 1509 {
1510 s->server=0;
1367 s->shutdown=0; 1511 s->shutdown=0;
1368 s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; 1512 s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
1369 s->handshake_func=s->method->ssl_connect; 1513 s->handshake_func=s->method->ssl_connect;
@@ -1371,22 +1515,19 @@ SSL *s;
1371 ssl_clear_cipher_ctx(s); 1515 ssl_clear_cipher_ctx(s);
1372 } 1516 }
1373 1517
1374int ssl_undefined_function(s) 1518int ssl_undefined_function(SSL *s)
1375SSL *s;
1376 { 1519 {
1377 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1520 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1378 return(0); 1521 return(0);
1379 } 1522 }
1380 1523
1381SSL_METHOD *ssl_bad_method(ver) 1524SSL_METHOD *ssl_bad_method(int ver)
1382int ver;
1383 { 1525 {
1384 SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1526 SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1385 return(NULL); 1527 return(NULL);
1386 } 1528 }
1387 1529
1388char *SSL_get_version(s) 1530char *SSL_get_version(SSL *s)
1389SSL *s;
1390 { 1531 {
1391 if (s->version == TLS1_VERSION) 1532 if (s->version == TLS1_VERSION)
1392 return("TLSv1"); 1533 return("TLSv1");
@@ -1398,22 +1539,46 @@ SSL *s;
1398 return("unknown"); 1539 return("unknown");
1399 } 1540 }
1400 1541
1401SSL *SSL_dup(s) 1542SSL *SSL_dup(SSL *s)
1402SSL *s; 1543 {
1403 { 1544 STACK_OF(X509_NAME) *sk;
1404 STACK *sk;
1405 X509_NAME *xn; 1545 X509_NAME *xn;
1406 SSL *ret; 1546 SSL *ret;
1407 int i; 1547 int i;
1408 1548
1409 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) return(NULL); 1549 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
1550 return(NULL);
1410 1551
1411 /* This copies version, session-id, SSL_METHOD and 'cert' */ 1552 if (s->session != NULL)
1412 SSL_copy_session_id(ret,s); 1553 {
1554 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
1555 SSL_copy_session_id(ret,s);
1556 }
1557 else
1558 {
1559 /* No session has been established yet, so we have to expect
1560 * that s->cert or ret->cert will be changed later --
1561 * they should not both point to the same object,
1562 * and thus we can't use SSL_copy_session_id. */
1563
1564 ret->method = s->method;
1565 ret->method->ssl_new(ret);
1566
1567 if (s->cert != NULL)
1568 {
1569 ret->cert = ssl_cert_dup(s->cert);
1570 if (ret->cert == NULL)
1571 goto err;
1572 }
1573
1574 SSL_set_session_id_context(ret,
1575 s->sid_ctx, s->sid_ctx_length);
1576 }
1413 1577
1414 SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); 1578 SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
1415 SSL_set_verify(ret,SSL_get_verify_mode(s), 1579 SSL_set_verify(ret,SSL_get_verify_mode(s),
1416 SSL_get_verify_callback(s)); 1580 SSL_get_verify_callback(s));
1581 SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
1417 1582
1418 SSL_set_info_callback(ret,SSL_get_info_callback(s)); 1583 SSL_set_info_callback(ret,SSL_get_info_callback(s));
1419 1584
@@ -1444,23 +1609,23 @@ SSL *s;
1444 /* dup the cipher_list and cipher_list_by_id stacks */ 1609 /* dup the cipher_list and cipher_list_by_id stacks */
1445 if (s->cipher_list != NULL) 1610 if (s->cipher_list != NULL)
1446 { 1611 {
1447 if ((ret->cipher_list=sk_dup(s->cipher_list)) == NULL) 1612 if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
1448 goto err; 1613 goto err;
1449 } 1614 }
1450 if (s->cipher_list_by_id != NULL) 1615 if (s->cipher_list_by_id != NULL)
1451 if ((ret->cipher_list_by_id=sk_dup(s->cipher_list_by_id)) 1616 if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
1452 == NULL) 1617 == NULL)
1453 goto err; 1618 goto err;
1454 1619
1455 /* Dup the client_CA list */ 1620 /* Dup the client_CA list */
1456 if (s->client_CA != NULL) 1621 if (s->client_CA != NULL)
1457 { 1622 {
1458 if ((sk=sk_dup(s->client_CA)) == NULL) goto err; 1623 if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
1459 ret->client_CA=sk; 1624 ret->client_CA=sk;
1460 for (i=0; i<sk_num(sk); i++) 1625 for (i=0; i<sk_X509_NAME_num(sk); i++)
1461 { 1626 {
1462 xn=(X509_NAME *)sk_value(sk,i); 1627 xn=sk_X509_NAME_value(sk,i);
1463 if ((sk_value(sk,i)=(char *)X509_NAME_dup(xn)) == NULL) 1628 if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
1464 { 1629 {
1465 X509_NAME_free(xn); 1630 X509_NAME_free(xn);
1466 goto err; 1631 goto err;
@@ -1471,6 +1636,7 @@ SSL *s;
1471 ret->shutdown=s->shutdown; 1636 ret->shutdown=s->shutdown;
1472 ret->state=s->state; 1637 ret->state=s->state;
1473 ret->handshake_func=s->handshake_func; 1638 ret->handshake_func=s->handshake_func;
1639 ret->server=s->server;
1474 1640
1475 if (0) 1641 if (0)
1476 { 1642 {
@@ -1481,26 +1647,34 @@ err:
1481 return(ret); 1647 return(ret);
1482 } 1648 }
1483 1649
1484void ssl_clear_cipher_ctx(s) 1650void ssl_clear_cipher_ctx(SSL *s)
1485SSL *s;
1486 { 1651 {
1487 if (s->enc_read_ctx != NULL) 1652 if (s->enc_read_ctx != NULL)
1488 { 1653 {
1489 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); 1654 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
1490 Free(s->enc_read_ctx); 1655 Free(s->enc_read_ctx);
1491 s->enc_read_ctx=NULL; 1656 s->enc_read_ctx=NULL;
1492 } 1657 }
1493 if (s->enc_write_ctx != NULL) 1658 if (s->enc_write_ctx != NULL)
1494 { 1659 {
1495 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); 1660 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
1496 Free(s->enc_write_ctx); 1661 Free(s->enc_write_ctx);
1497 s->enc_write_ctx=NULL; 1662 s->enc_write_ctx=NULL;
1498 } 1663 }
1664 if (s->expand != NULL)
1665 {
1666 COMP_CTX_free(s->expand);
1667 s->expand=NULL;
1668 }
1669 if (s->compress != NULL)
1670 {
1671 COMP_CTX_free(s->compress);
1672 s->compress=NULL;
1673 }
1499 } 1674 }
1500 1675
1501/* Fix this function so that it takes an optional type parameter */ 1676/* Fix this function so that it takes an optional type parameter */
1502X509 *SSL_get_certificate(s) 1677X509 *SSL_get_certificate(SSL *s)
1503SSL *s;
1504 { 1678 {
1505 if (s->cert != NULL) 1679 if (s->cert != NULL)
1506 return(s->cert->key->x509); 1680 return(s->cert->key->x509);
@@ -1509,8 +1683,7 @@ SSL *s;
1509 } 1683 }
1510 1684
1511/* Fix this function so that it takes an optional type parameter */ 1685/* Fix this function so that it takes an optional type parameter */
1512EVP_PKEY *SSL_get_privatekey(s) 1686EVP_PKEY *SSL_get_privatekey(SSL *s)
1513SSL *s;
1514 { 1687 {
1515 if (s->cert != NULL) 1688 if (s->cert != NULL)
1516 return(s->cert->key->privatekey); 1689 return(s->cert->key->privatekey);
@@ -1518,17 +1691,14 @@ SSL *s;
1518 return(NULL); 1691 return(NULL);
1519 } 1692 }
1520 1693
1521SSL_CIPHER *SSL_get_current_cipher(s) 1694SSL_CIPHER *SSL_get_current_cipher(SSL *s)
1522SSL *s;
1523 { 1695 {
1524 if ((s->session != NULL) && (s->session->cipher != NULL)) 1696 if ((s->session != NULL) && (s->session->cipher != NULL))
1525 return(s->session->cipher); 1697 return(s->session->cipher);
1526 return(NULL); 1698 return(NULL);
1527 } 1699 }
1528 1700
1529int ssl_init_wbio_buffer(s,push) 1701int ssl_init_wbio_buffer(SSL *s,int push)
1530SSL *s;
1531int push;
1532 { 1702 {
1533 BIO *bbio; 1703 BIO *bbio;
1534 1704
@@ -1544,7 +1714,7 @@ int push;
1544 if (s->bbio == s->wbio) 1714 if (s->bbio == s->wbio)
1545 s->wbio=BIO_pop(s->wbio); 1715 s->wbio=BIO_pop(s->wbio);
1546 } 1716 }
1547 BIO_reset(bbio); 1717 (void)BIO_reset(bbio);
1548/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ 1718/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
1549 if (!BIO_set_read_buffer_size(bbio,1)) 1719 if (!BIO_set_read_buffer_size(bbio,1))
1550 { 1720 {
@@ -1563,159 +1733,215 @@ int push;
1563 } 1733 }
1564 return(1); 1734 return(1);
1565 } 1735 }
1736
1737void ssl_free_wbio_buffer(SSL *s)
1738 {
1739 BIO *under;
1740
1741 if (s->bbio == NULL) return;
1742
1743 if (s->bbio == s->wbio)
1744 {
1745 /* remove buffering */
1746 under=BIO_pop(s->wbio);
1747 if (under != NULL)
1748 s->wbio=under;
1749 else
1750 abort(); /* ok */
1751 }
1752 BIO_free(s->bbio);
1753 s->bbio=NULL;
1754 }
1566 1755
1567void SSL_CTX_set_quiet_shutdown(ctx,mode) 1756void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
1568SSL_CTX *ctx;
1569int mode;
1570 { 1757 {
1571 ctx->quiet_shutdown=mode; 1758 ctx->quiet_shutdown=mode;
1572 } 1759 }
1573 1760
1574int SSL_CTX_get_quiet_shutdown(ctx) 1761int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx)
1575SSL_CTX *ctx;
1576 { 1762 {
1577 return(ctx->quiet_shutdown); 1763 return(ctx->quiet_shutdown);
1578 } 1764 }
1579 1765
1580void SSL_set_quiet_shutdown(s,mode) 1766void SSL_set_quiet_shutdown(SSL *s,int mode)
1581SSL *s;
1582int mode;
1583 { 1767 {
1584 s->quiet_shutdown=mode; 1768 s->quiet_shutdown=mode;
1585 } 1769 }
1586 1770
1587int SSL_get_quiet_shutdown(s) 1771int SSL_get_quiet_shutdown(SSL *s)
1588SSL *s;
1589 { 1772 {
1590 return(s->quiet_shutdown); 1773 return(s->quiet_shutdown);
1591 } 1774 }
1592 1775
1593void SSL_set_shutdown(s,mode) 1776void SSL_set_shutdown(SSL *s,int mode)
1594SSL *s;
1595int mode;
1596 { 1777 {
1597 s->shutdown=mode; 1778 s->shutdown=mode;
1598 } 1779 }
1599 1780
1600int SSL_get_shutdown(s) 1781int SSL_get_shutdown(SSL *s)
1601SSL *s;
1602 { 1782 {
1603 return(s->shutdown); 1783 return(s->shutdown);
1604 } 1784 }
1605 1785
1606int SSL_version(s) 1786int SSL_version(SSL *s)
1607SSL *s;
1608 { 1787 {
1609 return(s->version); 1788 return(s->version);
1610 } 1789 }
1611 1790
1612SSL_CTX *SSL_get_SSL_CTX(ssl) 1791SSL_CTX *SSL_get_SSL_CTX(SSL *ssl)
1613SSL *ssl;
1614 { 1792 {
1615 return(ssl->ctx); 1793 return(ssl->ctx);
1616 } 1794 }
1617 1795
1618int SSL_CTX_set_default_verify_paths(ctx) 1796#ifndef NO_STDIO
1619SSL_CTX *ctx; 1797int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
1620 { 1798 {
1621 return(X509_STORE_set_default_paths(ctx->cert_store)); 1799 return(X509_STORE_set_default_paths(ctx->cert_store));
1622 } 1800 }
1623 1801
1624int SSL_CTX_load_verify_locations(ctx,CAfile,CApath) 1802int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1625SSL_CTX *ctx; 1803 const char *CApath)
1626char *CAfile;
1627char *CApath;
1628 { 1804 {
1629 return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); 1805 return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
1630 } 1806 }
1807#endif
1631 1808
1632void SSL_set_info_callback(ssl,cb) 1809void SSL_set_info_callback(SSL *ssl,void (*cb)())
1633SSL *ssl;
1634void (*cb)();
1635 { 1810 {
1636 ssl->info_callback=cb; 1811 ssl->info_callback=cb;
1637 } 1812 }
1638 1813
1639void (*SSL_get_info_callback(ssl))() 1814void (*SSL_get_info_callback(SSL *ssl))(void)
1640SSL *ssl;
1641 { 1815 {
1642 return(ssl->info_callback); 1816 return((void (*)())ssl->info_callback);
1643 } 1817 }
1644 1818
1645int SSL_state(ssl) 1819int SSL_state(SSL *ssl)
1646SSL *ssl;
1647 { 1820 {
1648 return(ssl->state); 1821 return(ssl->state);
1649 } 1822 }
1650 1823
1651void SSL_set_verify_result(ssl,arg) 1824void SSL_set_verify_result(SSL *ssl,long arg)
1652SSL *ssl;
1653long arg;
1654 { 1825 {
1655 ssl->verify_result=arg; 1826 ssl->verify_result=arg;
1656 } 1827 }
1657 1828
1658long SSL_get_verify_result(ssl) 1829long SSL_get_verify_result(SSL *ssl)
1659SSL *ssl;
1660 { 1830 {
1661 return(ssl->verify_result); 1831 return(ssl->verify_result);
1662 } 1832 }
1663 1833
1664int SSL_get_ex_new_index(argl,argp,new_func,dup_func,free_func) 1834int SSL_get_ex_new_index(long argl,char *argp,int (*new_func)(),
1665long argl; 1835 int (*dup_func)(),void (*free_func)())
1666char *argp; 1836 {
1667int (*new_func)();
1668int (*dup_func)();
1669void (*free_func)();
1670 {
1671 ssl_meth_num++; 1837 ssl_meth_num++;
1672 return(CRYPTO_get_ex_new_index(ssl_meth_num-1, 1838 return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
1673 &ssl_meth,argl,argp,new_func,dup_func,free_func)); 1839 &ssl_meth,argl,argp,new_func,dup_func,free_func));
1674 } 1840 }
1675 1841
1676int SSL_set_ex_data(s,idx,arg) 1842int SSL_set_ex_data(SSL *s,int idx,void *arg)
1677SSL *s;
1678int idx;
1679char *arg;
1680 { 1843 {
1681 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 1844 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
1682 } 1845 }
1683 1846
1684char *SSL_get_ex_data(s,idx) 1847void *SSL_get_ex_data(SSL *s,int idx)
1685SSL *s;
1686int idx;
1687 { 1848 {
1688 return(CRYPTO_get_ex_data(&s->ex_data,idx)); 1849 return(CRYPTO_get_ex_data(&s->ex_data,idx));
1689 } 1850 }
1690 1851
1691int SSL_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func) 1852int SSL_CTX_get_ex_new_index(long argl,char *argp,int (*new_func)(),
1692long argl; 1853 int (*dup_func)(),void (*free_func)())
1693char *argp; 1854 {
1694int (*new_func)();
1695int (*dup_func)();
1696void (*free_func)();
1697 {
1698 ssl_ctx_meth_num++; 1855 ssl_ctx_meth_num++;
1699 return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1, 1856 return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
1700 &ssl_ctx_meth,argl,argp,new_func,dup_func,free_func)); 1857 &ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
1701 } 1858 }
1702 1859
1703int SSL_CTX_set_ex_data(s,idx,arg) 1860int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
1704SSL_CTX *s;
1705int idx;
1706char *arg;
1707 { 1861 {
1708 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 1862 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
1709 } 1863 }
1710 1864
1711char *SSL_CTX_get_ex_data(s,idx) 1865void *SSL_CTX_get_ex_data(SSL_CTX *s,int idx)
1712SSL_CTX *s;
1713int idx;
1714 { 1866 {
1715 return(CRYPTO_get_ex_data(&s->ex_data,idx)); 1867 return(CRYPTO_get_ex_data(&s->ex_data,idx));
1716 } 1868 }
1717 1869
1870int ssl_ok(SSL *s)
1871 {
1872 return(1);
1873 }
1874
1875X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx)
1876 {
1877 return(ctx->cert_store);
1878 }
1879
1880void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
1881 {
1882 if (ctx->cert_store != NULL)
1883 X509_STORE_free(ctx->cert_store);
1884 ctx->cert_store=store;
1885 }
1886
1887int SSL_want(SSL *s)
1888 {
1889 return(s->rwstate);
1890 }
1891
1892/*!
1893 * \brief Set the callback for generating temporary RSA keys.
1894 * \param ctx the SSL context.
1895 * \param cb the callback
1896 */
1897
1898#ifndef NO_RSA
1899void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
1900 int is_export,
1901 int keylength))
1902 { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
1903#endif
1904
1905#ifndef NO_RSA
1906void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,int is_export,
1907 int keylength))
1908 { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
1909#endif
1910
1911#ifdef DOXYGEN
1912/*!
1913 * \brief The RSA temporary key callback function.
1914 * \param ssl the SSL session.
1915 * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
1916 * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
1917 * of the required key in bits.
1918 * \return the temporary RSA key.
1919 * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
1920 */
1921
1922RSA *cb(SSL *ssl,int is_export,int keylength)
1923 {}
1924#endif
1925
1926/*!
1927 * \brief Set the callback for generating temporary DH keys.
1928 * \param ctx the SSL context.
1929 * \param dh the callback
1930 */
1931
1932#ifndef NO_DH
1933void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
1934 int keylength))
1935 { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
1936
1937void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
1938 int keylength))
1939 { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
1940#endif
1941
1718#if defined(_WINDLL) && defined(WIN16) 1942#if defined(_WINDLL) && defined(WIN16)
1719#include "../crypto/bio/bss_file.c" 1943#include "../crypto/bio/bss_file.c"
1720#endif 1944#endif
1721 1945
1946IMPLEMENT_STACK_OF(SSL_CIPHER)
1947IMPLEMENT_STACK_OF(SSL_COMP)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-25 13:21:04 +0000