OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
author: beck <> 2000-03-19 11:13:58 +0000
committer: beck <> 2000-03-19 11:13:58 +0000
commit: 796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree: 6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libssl/ssl_lib.c
parent: 5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
download: openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip
1 files changed, 143 insertions, 32 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index e192fc4cac..3109708480 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -61,22 +61,24 @@
 #include <stdio.h>
 #include <openssl/objects.h>
 #include <openssl/lhash.h>
+#include <openssl/x509v3.h>
 #include "ssl_locl.h"
-char *SSL_version_str=OPENSSL_VERSION_TEXT;
+const char *SSL_version_str=OPENSSL_VERSION_TEXT;
-static STACK *ssl_meth=NULL;
+static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
-static STACK *ssl_ctx_meth=NULL;
+static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
 static int ssl_meth_num=0;
 static int ssl_ctx_meth_num=0;
 OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
+        /* evil casts, but these functions are only called if there's a library bug */
+        (int (*)(SSL *,int))ssl_undefined_function,
+        (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
        ssl_undefined_function,
-        ssl_undefined_function,
+        (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
-        ssl_undefined_function,
+        (int (*)(SSL*, int))ssl_undefined_function,
-        ssl_undefined_function,
+        (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function
-        ssl_undefined_function,
-        ssl_undefined_function,
        };
 int SSL_clear(SSL *s)
@@ -93,10 +95,17 @@ int SSL_clear(SSL *s)
        s->hit=0;
        s->shutdown=0;
-#if 0
+#if 0 /* Disabled since version 1.10 of this file (early return not
+       * needed because SSL_clear is not called when doing renegotiation) */
        /* This is set if we are doing dynamic renegotiation so keep
         * the old cipher.  It is sort of a SSL_clear_lite :-) */
        if (s->new_session) return(1);
+#else
+        if (s->new_session)
+                {
+                SSLerr(SSL_F_SSL_CLEAR,SSL_R_INTERNAL_ERROR);
+                return 0;
+                }
 #endif
        state=s->state; /* Keep to check if we throw away the session-id */
@@ -201,6 +210,8 @@ SSL *SSL_new(SSL_CTX *ctx)
        s->verify_mode=ctx->verify_mode;
        s->verify_depth=ctx->verify_depth;
        s->verify_callback=ctx->default_verify_callback;
+        s->purpose = ctx->purpose;
+        s->trust = ctx->trust;
        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
        s->ctx=ctx;
@@ -218,7 +229,7 @@ SSL *SSL_new(SSL_CTX *ctx)
        s->mode=ctx->mode;
        SSL_clear(s);
-        CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data);
+        CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data);
        return(s);
 err:
@@ -262,6 +273,46 @@ int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
    return 1;
    }
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
+{
+        if(X509_PURPOSE_get_by_id(purpose) == -1) {
+                SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
+                return 0;
+        }
+        s->purpose = purpose;
+        return 1;
+}
+int SSL_set_purpose(SSL *s, int purpose)
+{
+        if(X509_PURPOSE_get_by_id(purpose) == -1) {
+                SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
+                return 0;
+        }
+        s->purpose = purpose;
+        return 1;
+}
+        
+int SSL_CTX_set_trust(SSL_CTX *s, int trust)
+{
+        if(X509_TRUST_get_by_id(trust) == -1) {
+                SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST);
+                return 0;
+        }
+        s->trust = trust;
+        return 1;
+}
+int SSL_set_trust(SSL *s, int trust)
+{
+        if(X509_TRUST_get_by_id(trust) == -1) {
+                SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST);
+                return 0;
+        }
+        s->trust = trust;
+        return 1;
+}
 void SSL_free(SSL *s)
        {
        int i;
@@ -324,7 +375,7 @@ void SSL_free(SSL *s)
        if (s->method != NULL) s->method->ssl_free(s);
-        Free((char *)s);
+        Free(s);
        }
 void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
@@ -433,6 +484,38 @@ err:
        }
 #endif
+/* return length of latest Finished message we sent, copy to 'buf' */
+size_t SSL_get_finished(SSL *s, void *buf, size_t count)
+        {
+        size_t ret = 0;
+        
+        if (s->s3 != NULL)
+                {
+                ret = s->s3->tmp.finish_md_len;
+                if (count > ret)
+                        count = ret;
+                memcpy(buf, s->s3->tmp.finish_md, count);
+                }
+        return ret;
+        }
+/* return length of latest Finished message we expected, copy to 'buf' */
+size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count)
+        {
+        size_t ret = 0;
+        
+        if (s->s3 != NULL)
+                {
+                ret = s->s3->tmp.peer_finish_md_len;
+                if (count > ret)
+                        count = ret;
+                memcpy(buf, s->s3->tmp.peer_finish_md, count);
+                }
+        return ret;
+        }
 int SSL_get_verify_mode(SSL *s)
        {
        return(s->verify_mode);
@@ -706,6 +789,20 @@ long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
                }
        }
+long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)())
+        {
+        switch(cmd)
+                {
+        default:
+                return(s->method->ssl_callback_ctrl(s,cmd,fp));
+                }
+        }
+struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
+        {
+        return ctx->sessions;
+        }
 long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg)
        {
        long l;
@@ -765,6 +862,15 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg)
                }
        }
+long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+        {
+        switch(cmd)
+                {
+        default:
+                return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
+                }
+        }
 int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b)
        {
        long l;
@@ -834,8 +940,8 @@ const char *SSL_get_cipher_list(SSL *s,int n)
        return(c->name);
        }
-/** specify the ciphers to be used by defaut by the SSL_CTX */
+/** specify the ciphers to be used by default by the SSL_CTX */
-int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str)
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
        {
        STACK_OF(SSL_CIPHER) *sk;
        
@@ -846,7 +952,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str)
        }
 /** specify the ciphers to be used by the SSL */
-int SSL_set_cipher_list(SSL *s,char *str)
+int SSL_set_cipher_list(SSL *s,const char *str)
        {
        STACK_OF(SSL_CIPHER) *sk;
        
@@ -1127,7 +1233,7 @@ void SSL_CTX_free(SSL_CTX *a)
                sk_X509_pop_free(a->extra_certs,X509_free);
        if (a->comp_methods != NULL)
                sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
-        Free((char *)a);
+        Free(a);
        }
 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
@@ -1254,10 +1360,8 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
                emask|=SSL_aDSS;
                }
-#ifdef SSL_ALLOW_ADH
        mask|=SSL_aNULL;
        emask|=SSL_aNULL;
-#endif
        c->mask=mask;
        c->export_mask=emask;
@@ -1274,7 +1378,7 @@ X509 *ssl_get_server_send_cert(SSL *s)
        c=s->cert;
        ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
        alg=s->s3->tmp.new_cipher->algorithms;
-        is_export=SSL_IS_EXPORT(alg);
+        is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
        mask=is_export?c->export_mask:c->mask;
        kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
@@ -1527,7 +1631,7 @@ SSL_METHOD *ssl_bad_method(int ver)
        return(NULL);
        }
-char *SSL_get_version(SSL *s)
+const char *SSL_get_version(SSL *s)
        {
        if (s->version == TLS1_VERSION)
                return("TLSv1");
@@ -1831,8 +1935,8 @@ long SSL_get_verify_result(SSL *ssl)
        return(ssl->verify_result);
        }
-int SSL_get_ex_new_index(long argl,char *argp,int (*new_func)(),
+int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
-                         int (*dup_func)(),void (*free_func)())
+                         CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
        {
        ssl_meth_num++;
        return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
@@ -1849,8 +1953,8 @@ void *SSL_get_ex_data(SSL *s,int idx)
        return(CRYPTO_get_ex_data(&s->ex_data,idx));
        }
-int SSL_CTX_get_ex_new_index(long argl,char *argp,int (*new_func)(),
+int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
-                             int (*dup_func)(),void (*free_func)())
+                             CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
        {
        ssl_ctx_meth_num++;
        return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
@@ -1899,13 +2003,16 @@ int SSL_want(SSL *s)
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
                                                          int is_export,
                                                          int keylength))
-    { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
+    {
-#endif
+    SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
+    }
-#ifndef NO_RSA
+void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
-void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,int is_export,
+                                                  int is_export,
-                                                          int keylength))
+                                                  int keylength))
-    { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
+    {
+    SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
+    }
 #endif
 #ifdef DOXYGEN
@@ -1932,11 +2039,15 @@ RSA *cb(SSL *ssl,int is_export,int keylength)
 #ifndef NO_DH
 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
                                                        int keylength))
-    { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
+    {
+    SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+    }
 void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
-                                                        int keylength))
+                                                int keylength))
-    { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
+    {
+    SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+    }
 #endif
 #if defined(_WINDLL) && defined(WIN16)
author	beck <>	2000-03-19 11:13:58 +0000
committer	beck <>	2000-03-19 11:13:58 +0000
commit	796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree	6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libssl/ssl_lib.c
parent	5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
download	openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2 openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip