summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
authorryker <>1998-10-05 20:13:14 +0000
committerryker <>1998-10-05 20:13:14 +0000
commitaeeae06a79815dc190061534d47236cec09f9e32 (patch)
tree851692b9c2f9c04f077666855641900f19fdb217 /src/lib/libssl/ssl_lib.c
parenta4f79641824cbf9f60ca9d1168d1fcc46717a82a (diff)
downloadopenbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.gz
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.bz2
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.zip
Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c1721
1 files changed, 1721 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
new file mode 100644
index 0000000000..f562ec6b14
--- /dev/null
+++ b/src/lib/libssl/ssl_lib.c
@@ -0,0 +1,1721 @@
1/* ssl/ssl_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "objects.h"
61#include "lhash.h"
62#include "ssl_locl.h"
63
64char *SSL_version_str="SSLeay 0.9.0b 29-Jun-1998";
65
66static STACK *ssl_meth=NULL;
67static STACK *ssl_ctx_meth=NULL;
68static int ssl_meth_num=0;
69static int ssl_ctx_meth_num=0;
70
71SSL3_ENC_METHOD ssl3_undef_enc_method={
72 ssl_undefined_function,
73 ssl_undefined_function,
74 ssl_undefined_function,
75 ssl_undefined_function,
76 ssl_undefined_function,
77 ssl_undefined_function,
78 };
79
80void SSL_clear(s)
81SSL *s;
82 {
83 int state;
84
85 if (s->method == NULL) return;
86
87 s->error=0;
88 s->hit=0;
89
90 /* This is set if we are doing dynamic renegotiation so keep
91 * the old cipher. It is sort of a SSL_clear_lite :-) */
92 if (s->new_session) return;
93
94 state=s->state; /* Keep to check if we throw away the session-id */
95 s->type=0;
96
97 s->version=s->method->version;
98 s->rwstate=SSL_NOTHING;
99 s->state=SSL_ST_BEFORE;
100 s->rstate=SSL_ST_READ_HEADER;
101 s->read_ahead=s->ctx->default_read_ahead;
102
103/* s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); */
104
105 if (s->init_buf != NULL)
106 {
107 BUF_MEM_free(s->init_buf);
108 s->init_buf=NULL;
109 }
110
111 ssl_clear_cipher_ctx(s);
112
113 if (ssl_clear_bad_session(s))
114 {
115 SSL_SESSION_free(s->session);
116 s->session=NULL;
117 }
118
119 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
120 s->first_packet=0;
121
122 s->method->ssl_clear(s);
123 }
124
125/* Used to change an SSL_CTXs default SSL method type */
126int SSL_CTX_set_ssl_version(ctx,meth)
127SSL_CTX *ctx;
128SSL_METHOD *meth;
129 {
130 STACK *sk;
131
132 ctx->method=meth;
133
134 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
135 &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
136 if ((sk == NULL) || (sk_num(sk) <= 0))
137 {
138 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
139 return(0);
140 }
141 return(1);
142 }
143
144SSL *SSL_new(ctx)
145SSL_CTX *ctx;
146 {
147 SSL *s;
148
149 if (ctx == NULL)
150 {
151 SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
152 return(NULL);
153 }
154 if (ctx->method == NULL)
155 {
156 SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
157 return(NULL);
158 }
159
160 s=(SSL *)Malloc(sizeof(SSL));
161 if (s == NULL) goto err;
162 memset(s,0,sizeof(SSL));
163
164 if (ctx->default_cert != NULL)
165 {
166 CRYPTO_add(&ctx->default_cert->references,1,
167 CRYPTO_LOCK_SSL_CERT);
168 s->cert=ctx->default_cert;
169 }
170 else
171 s->cert=NULL;
172 s->verify_mode=ctx->default_verify_mode;
173 s->verify_callback=ctx->default_verify_callback;
174 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
175 s->ctx=ctx;
176
177 s->verify_result=X509_V_OK;
178
179 s->method=ctx->method;
180
181 if (!s->method->ssl_new(s))
182 {
183 SSL_CTX_free(ctx);
184 Free(s);
185 goto err;
186 }
187
188 s->quiet_shutdown=ctx->quiet_shutdown;
189 s->references=1;
190 s->options=ctx->options;
191 SSL_clear(s);
192
193 CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data);
194
195 return(s);
196err:
197 SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
198 return(NULL);
199 }
200
201void SSL_free(s)
202SSL *s;
203 {
204 int i;
205
206 i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
207#ifdef REF_PRINT
208 REF_PRINT("SSL",s);
209#endif
210 if (i > 0) return;
211#ifdef REF_CHECK
212 if (i < 0)
213 {
214 fprintf(stderr,"SSL_free, bad reference count\n");
215 abort(); /* ok */
216 }
217#endif
218
219 CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
220
221 if (s->bbio != NULL)
222 {
223 /* If the buffering BIO is in place, pop it off */
224 if (s->bbio == s->wbio)
225 {
226 s->wbio=BIO_pop(s->wbio);
227 }
228 BIO_free(s->bbio);
229 s->bbio=NULL;
230 }
231 if (s->rbio != NULL)
232 BIO_free_all(s->rbio);
233 if ((s->wbio != NULL) && (s->wbio != s->rbio))
234 BIO_free_all(s->wbio);
235
236 if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
237
238 /* add extra stuff */
239 if (s->cipher_list != NULL) sk_free(s->cipher_list);
240 if (s->cipher_list_by_id != NULL) sk_free(s->cipher_list_by_id);
241
242 /* Make the next call work :-) */
243 if (s->session != NULL)
244 {
245 ssl_clear_bad_session(s);
246 SSL_SESSION_free(s->session);
247 }
248
249 ssl_clear_cipher_ctx(s);
250
251 if (s->cert != NULL) ssl_cert_free(s->cert);
252 /* Free up if allocated */
253
254 if (s->ctx) SSL_CTX_free(s->ctx);
255
256 if (s->client_CA != NULL)
257 sk_pop_free(s->client_CA,X509_NAME_free);
258
259 if (s->method != NULL) s->method->ssl_free(s);
260
261 Free((char *)s);
262 }
263
264void SSL_set_bio(s, rbio,wbio)
265SSL *s;
266BIO *rbio;
267BIO *wbio;
268 {
269 /* If the output buffering BIO is still in place, remove it
270 */
271 if (s->bbio != NULL)
272 {
273 if (s->wbio == s->bbio)
274 {
275 s->wbio=s->wbio->next_bio;
276 s->bbio->next_bio=NULL;
277 }
278 }
279 if ((s->rbio != NULL) && (s->rbio != rbio))
280 BIO_free_all(s->rbio);
281 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
282 BIO_free_all(s->wbio);
283 s->rbio=rbio;
284 s->wbio=wbio;
285 }
286
287BIO *SSL_get_rbio(s)
288SSL *s;
289 { return(s->rbio); }
290
291BIO *SSL_get_wbio(s)
292SSL *s;
293 { return(s->wbio); }
294
295int SSL_get_fd(s)
296SSL *s;
297 {
298 int ret= -1;
299 BIO *b,*r;
300
301 b=SSL_get_rbio(s);
302 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
303 if (r != NULL)
304 BIO_get_fd(r,&ret);
305 return(ret);
306 }
307
308#ifndef NO_SOCK
309int SSL_set_fd(s, fd)
310SSL *s;
311int fd;
312 {
313 int ret=0;
314 BIO *bio=NULL;
315
316 bio=BIO_new(BIO_s_socket());
317
318 if (bio == NULL)
319 {
320 SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
321 goto err;
322 }
323 BIO_set_fd(bio,fd,BIO_NOCLOSE);
324 SSL_set_bio(s,bio,bio);
325 ret=1;
326err:
327 return(ret);
328 }
329
330int SSL_set_wfd(s, fd)
331SSL *s;
332int fd;
333 {
334 int ret=0;
335 BIO *bio=NULL;
336
337 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
338 || ((int)BIO_get_fd(s->rbio,NULL) != fd))
339 {
340 bio=BIO_new(BIO_s_socket());
341
342 if (bio == NULL)
343 { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
344 BIO_set_fd(bio,fd,BIO_NOCLOSE);
345 SSL_set_bio(s,SSL_get_rbio(s),bio);
346 }
347 else
348 SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
349 ret=1;
350err:
351 return(ret);
352 }
353
354int SSL_set_rfd(s, fd)
355SSL *s;
356int fd;
357 {
358 int ret=0;
359 BIO *bio=NULL;
360
361 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
362 || ((int)BIO_get_fd(s->wbio,NULL) != fd))
363 {
364 bio=BIO_new(BIO_s_socket());
365
366 if (bio == NULL)
367 {
368 SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
369 goto err;
370 }
371 BIO_set_fd(bio,fd,BIO_NOCLOSE);
372 SSL_set_bio(s,bio,SSL_get_wbio(s));
373 }
374 else
375 SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
376 ret=1;
377err:
378 return(ret);
379 }
380#endif
381
382int SSL_get_verify_mode(s)
383SSL *s;
384 {
385 return(s->verify_mode);
386 }
387
388int (*SSL_get_verify_callback(s))()
389SSL *s;
390 {
391 return(s->verify_callback);
392 }
393
394int SSL_CTX_get_verify_mode(ctx)
395SSL_CTX *ctx;
396 {
397 return(ctx->default_verify_mode);
398 }
399
400int (*SSL_CTX_get_verify_callback(ctx))()
401SSL_CTX *ctx;
402 {
403 return(ctx->default_verify_callback);
404 }
405
406void SSL_set_verify(s, mode, callback)
407SSL *s;
408int mode;
409int (*callback)();
410 {
411 s->verify_mode=mode;
412 if (callback != NULL)
413 s->verify_callback=callback;
414 }
415
416void SSL_set_read_ahead(s, yes)
417SSL *s;
418int yes;
419 {
420 s->read_ahead=yes;
421 }
422
423int SSL_get_read_ahead(s)
424SSL *s;
425 {
426 return(s->read_ahead);
427 }
428
429int SSL_pending(s)
430SSL *s;
431 {
432 return(s->method->ssl_pending(s));
433 }
434
435X509 *SSL_get_peer_certificate(s)
436SSL *s;
437 {
438 X509 *r;
439
440 if ((s == NULL) || (s->session == NULL))
441 r=NULL;
442 else
443 r=s->session->peer;
444
445 if (r == NULL) return(r);
446
447 CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
448
449 return(r);
450 }
451
452STACK *SSL_get_peer_cert_chain(s)
453SSL *s;
454 {
455 STACK *r;
456
457 if ((s == NULL) || (s->session == NULL) || (s->session->cert == NULL))
458 r=NULL;
459 else
460 r=s->session->cert->cert_chain;
461
462 return(r);
463 }
464
465/* Now in theory, since the calling process own 't' it should be safe to
466 * modify. We need to be able to read f without being hassled */
467void SSL_copy_session_id(t,f)
468SSL *t,*f;
469 {
470 CERT *tmp;
471
472 /* Do we need to to SSL locking? */
473 SSL_set_session(t,SSL_get_session(f));
474
475 /* what if we are setup as SSLv2 but want to talk SSLv3 or
476 * vice-versa */
477 if (t->method != f->method)
478 {
479 t->method->ssl_free(t); /* cleanup current */
480 t->method=f->method; /* change method */
481 t->method->ssl_new(t); /* setup new */
482 }
483
484 tmp=t->cert;
485 if (f->cert != NULL)
486 {
487 CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
488 t->cert=f->cert;
489 }
490 else
491 t->cert=NULL;
492 if (tmp != NULL) ssl_cert_free(tmp);
493 }
494
495/* Fix this so it checks all the valid key/cert options */
496int SSL_CTX_check_private_key(ctx)
497SSL_CTX *ctx;
498 {
499 if ( (ctx == NULL) ||
500 (ctx->default_cert == NULL) ||
501 (ctx->default_cert->key->x509 == NULL))
502 {
503 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
504 return(0);
505 }
506 if (ctx->default_cert->key->privatekey == NULL)
507 {
508 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
509 return(0);
510 }
511 return(X509_check_private_key(ctx->default_cert->key->x509, ctx->default_cert->key->privatekey));
512 }
513
514/* Fix this function so that it takes an optional type parameter */
515int SSL_check_private_key(ssl)
516SSL *ssl;
517 {
518 if (ssl == NULL)
519 {
520 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
521 return(0);
522 }
523 if (ssl->cert == NULL)
524 return(SSL_CTX_check_private_key(ssl->ctx));
525 if (ssl->cert->key->x509 == NULL)
526 {
527 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
528 return(0);
529 }
530 if (ssl->cert->key->privatekey == NULL)
531 {
532 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
533 return(0);
534 }
535 return(X509_check_private_key(ssl->cert->key->x509,
536 ssl->cert->key->privatekey));
537 }
538
539int SSL_accept(s)
540SSL *s;
541 {
542 return(s->method->ssl_accept(s));
543 }
544
545int SSL_connect(s)
546SSL *s;
547 {
548 return(s->method->ssl_connect(s));
549 }
550
551long SSL_get_default_timeout(s)
552SSL *s;
553 {
554 return(s->method->get_timeout());
555 }
556
557int SSL_read(s,buf,num)
558SSL *s;
559char *buf;
560int num;
561 {
562 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
563 {
564 s->rwstate=SSL_NOTHING;
565 return(0);
566 }
567 return(s->method->ssl_read(s,buf,num));
568 }
569
570int SSL_peek(s,buf,num)
571SSL *s;
572char *buf;
573int num;
574 {
575 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
576 {
577 return(0);
578 }
579 return(s->method->ssl_peek(s,buf,num));
580 }
581
582int SSL_write(s,buf,num)
583SSL *s;
584char *buf;
585int num;
586 {
587 if (s->shutdown & SSL_SENT_SHUTDOWN)
588 {
589 s->rwstate=SSL_NOTHING;
590 SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
591 return(-1);
592 }
593 return(s->method->ssl_write(s,buf,num));
594 }
595
596int SSL_shutdown(s)
597SSL *s;
598 {
599 if ((s != NULL) && !SSL_in_init(s))
600 return(s->method->ssl_shutdown(s));
601 else
602 return(1);
603 }
604
605int SSL_renegotiate(s)
606SSL *s;
607 {
608 s->new_session=1;
609 return(s->method->ssl_renegotiate(s));
610 }
611
612long SSL_ctrl(s,cmd,larg,parg)
613SSL *s;
614int cmd;
615long larg;
616char *parg;
617 {
618 return(s->method->ssl_ctrl(s,cmd,larg,parg));
619 }
620
621long SSL_CTX_ctrl(ctx,cmd,larg,parg)
622SSL_CTX *ctx;
623int cmd;
624long larg;
625char *parg;
626 {
627 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
628 }
629
630int ssl_cipher_id_cmp(a,b)
631SSL_CIPHER *a,*b;
632 {
633 long l;
634
635 l=a->id-b->id;
636 if (l == 0L)
637 return(0);
638 else
639 return((l > 0)?1:-1);
640 }
641
642int ssl_cipher_ptr_id_cmp(ap,bp)
643SSL_CIPHER **ap,**bp;
644 {
645 long l;
646
647 l=(*ap)->id-(*bp)->id;
648 if (l == 0L)
649 return(0);
650 else
651 return((l > 0)?1:-1);
652 }
653
654/* return a STACK of the ciphers available for the SSL and in order of
655 * preference */
656STACK *SSL_get_ciphers(s)
657SSL *s;
658 {
659 if ((s != NULL) && (s->cipher_list != NULL))
660 {
661 return(s->cipher_list);
662 }
663 else if ((s->ctx != NULL) &&
664 (s->ctx->cipher_list != NULL))
665 {
666 return(s->ctx->cipher_list);
667 }
668 return(NULL);
669 }
670
671/* return a STACK of the ciphers available for the SSL and in order of
672 * algorithm id */
673STACK *ssl_get_ciphers_by_id(s)
674SSL *s;
675 {
676 if ((s != NULL) && (s->cipher_list_by_id != NULL))
677 {
678 return(s->cipher_list_by_id);
679 }
680 else if ((s != NULL) && (s->ctx != NULL) &&
681 (s->ctx->cipher_list_by_id != NULL))
682 {
683 return(s->ctx->cipher_list_by_id);
684 }
685 return(NULL);
686 }
687
688/* The old interface to get the same thing as SSL_get_ciphers() */
689char *SSL_get_cipher_list(s,n)
690SSL *s;
691int n;
692 {
693 SSL_CIPHER *c;
694 STACK *sk;
695
696 if (s == NULL) return(NULL);
697 sk=SSL_get_ciphers(s);
698 if ((sk == NULL) || (sk_num(sk) <= n))
699 return(NULL);
700 c=(SSL_CIPHER *)sk_value(sk,n);
701 if (c == NULL) return(NULL);
702 return(c->name);
703 }
704
705/* specify the ciphers to be used by defaut by the SSL_CTX */
706int SSL_CTX_set_cipher_list(ctx,str)
707SSL_CTX *ctx;
708char *str;
709 {
710 STACK *sk;
711
712 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
713 &ctx->cipher_list_by_id,str);
714/* XXXX */
715 return((sk == NULL)?0:1);
716 }
717
718/* specify the ciphers to be used by the SSL */
719int SSL_set_cipher_list(s, str)
720SSL *s;
721char *str;
722 {
723 STACK *sk;
724
725 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
726 &s->cipher_list_by_id,str);
727/* XXXX */
728 return((sk == NULL)?0:1);
729 }
730
731/* works well for SSLv2, not so good for SSLv3 */
732char *SSL_get_shared_ciphers(s,buf,len)
733SSL *s;
734char *buf;
735int len;
736 {
737 char *p,*cp;
738 STACK *sk;
739 SSL_CIPHER *c;
740 int i;
741
742 if ((s->session == NULL) || (s->session->ciphers == NULL) ||
743 (len < 2))
744 return(NULL);
745
746 p=buf;
747 sk=s->session->ciphers;
748 for (i=0; i<sk_num(sk); i++)
749 {
750 /* Decrement for either the ':' or a '\0' */
751 len--;
752 c=(SSL_CIPHER *)sk_value(sk,i);
753 for (cp=c->name; *cp; )
754 {
755 if (len-- == 0)
756 {
757 *p='\0';
758 return(buf);
759 }
760 else
761 *(p++)= *(cp++);
762 }
763 *(p++)=':';
764 }
765 p[-1]='\0';
766 return(buf);
767 }
768
769int ssl_cipher_list_to_bytes(s,sk,p)
770SSL *s;
771STACK *sk;
772unsigned char *p;
773 {
774 int i,j=0;
775 SSL_CIPHER *c;
776 unsigned char *q;
777
778 if (sk == NULL) return(0);
779 q=p;
780
781 for (i=0; i<sk_num(sk); i++)
782 {
783 c=(SSL_CIPHER *)sk_value(sk,i);
784 j=ssl_put_cipher_by_char(s,c,p);
785 p+=j;
786 }
787 return(p-q);
788 }
789
790STACK *ssl_bytes_to_cipher_list(s,p,num,skp)
791SSL *s;
792unsigned char *p;
793int num;
794STACK **skp;
795 {
796 SSL_CIPHER *c;
797 STACK *sk;
798 int i,n;
799
800 n=ssl_put_cipher_by_char(s,NULL,NULL);
801 if ((num%n) != 0)
802 {
803 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
804 return(NULL);
805 }
806 if ((skp == NULL) || (*skp == NULL))
807 sk=sk_new(NULL); /* change perhaps later */
808 else
809 {
810 sk= *skp;
811 sk_zero(sk);
812 }
813
814 for (i=0; i<num; i+=n)
815 {
816 c=ssl_get_cipher_by_char(s,p);
817 p+=n;
818 if (c != NULL)
819 {
820 if (!sk_push(sk,(char *)c))
821 {
822 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
823 goto err;
824 }
825 }
826 }
827
828 if (skp != NULL)
829 *skp=sk;
830 return(sk);
831err:
832 if ((skp == NULL) || (*skp == NULL))
833 sk_free(sk);
834 return(NULL);
835 }
836
837unsigned long SSL_SESSION_hash(a)
838SSL_SESSION *a;
839 {
840 unsigned long l;
841
842 l= (a->session_id[0] )|(a->session_id[1]<< 8L)|
843 (a->session_id[2]<<16L)|(a->session_id[3]<<24L);
844 return(l);
845 }
846
847int SSL_SESSION_cmp(a, b)
848SSL_SESSION *a;
849SSL_SESSION *b;
850 {
851 if (a->ssl_version != b->ssl_version)
852 return(1);
853 if (a->session_id_length != b->session_id_length)
854 return(1);
855 return(memcmp(a->session_id,b->session_id,a->session_id_length));
856 }
857
858SSL_CTX *SSL_CTX_new(meth)
859SSL_METHOD *meth;
860 {
861 SSL_CTX *ret;
862
863 if (meth == NULL)
864 {
865 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
866 return(NULL);
867 }
868 ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX));
869 if (ret == NULL)
870 goto err;
871
872 memset(ret,0,sizeof(SSL_CTX));
873
874 ret->method=meth;
875
876 ret->cert_store=NULL;
877 ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
878 ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
879 ret->session_cache_head=NULL;
880 ret->session_cache_tail=NULL;
881
882 /* We take the system default */
883 ret->session_timeout=meth->get_timeout();
884
885 ret->new_session_cb=NULL;
886 ret->remove_session_cb=NULL;
887 ret->get_session_cb=NULL;
888
889 ret->sess_connect=0;
890 ret->sess_connect_good=0;
891 ret->sess_accept=0;
892 ret->sess_accept_renegotiate=0;
893 ret->sess_connect_renegotiate=0;
894 ret->sess_accept_good=0;
895 ret->sess_miss=0;
896 ret->sess_timeout=0;
897 ret->sess_cache_full=0;
898 ret->sess_hit=0;
899 ret->sess_cb_hit=0;
900
901 ret->references=1;
902 ret->quiet_shutdown=0;
903
904/* ret->cipher=NULL;*/
905/* ret->s2->challenge=NULL;
906 ret->master_key=NULL;
907 ret->key_arg=NULL;
908 ret->s2->conn_id=NULL; */
909
910 ret->info_callback=NULL;
911
912 ret->app_verify_callback=NULL;
913 ret->app_verify_arg=NULL;
914
915 ret->default_read_ahead=0;
916 ret->default_verify_mode=SSL_VERIFY_NONE;
917 ret->default_verify_callback=NULL;
918 if ((ret->default_cert=ssl_cert_new()) == NULL)
919 goto err;
920
921 ret->default_passwd_callback=NULL;
922 ret->client_cert_cb=NULL;
923
924 ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp);
925 if (ret->sessions == NULL) goto err;
926 ret->cert_store=X509_STORE_new();
927 if (ret->cert_store == NULL) goto err;
928
929 ssl_create_cipher_list(ret->method,
930 &ret->cipher_list,&ret->cipher_list_by_id,
931 SSL_DEFAULT_CIPHER_LIST);
932 if ((ret->cipher_list == NULL) || (sk_num(ret->cipher_list) <= 0))
933 {
934 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
935 goto err2;
936 }
937
938 if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
939 {
940 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
941 goto err2;
942 }
943 if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
944 {
945 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
946 goto err2;
947 }
948 if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
949 {
950 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
951 goto err2;
952 }
953
954 if ((ret->client_CA=sk_new_null()) == NULL)
955 goto err;
956
957 CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
958
959 return(ret);
960err:
961 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
962err2:
963 if (ret != NULL) SSL_CTX_free(ret);
964 return(NULL);
965 }
966
967void SSL_CTX_free(a)
968SSL_CTX *a;
969 {
970 int i;
971
972 if (a == NULL) return;
973
974 i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
975#ifdef REF_PRINT
976 REF_PRINT("SSL_CTX",a);
977#endif
978 if (i > 0) return;
979#ifdef REF_CHECK
980 if (i < 0)
981 {
982 fprintf(stderr,"SSL_CTX_free, bad reference count\n");
983 abort(); /* ok */
984 }
985#endif
986 CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
987
988 if (a->sessions != NULL)
989 {
990 SSL_CTX_flush_sessions(a,0);
991 lh_free(a->sessions);
992 }
993 if (a->cert_store != NULL)
994 X509_STORE_free(a->cert_store);
995 if (a->cipher_list != NULL)
996 sk_free(a->cipher_list);
997 if (a->cipher_list_by_id != NULL)
998 sk_free(a->cipher_list_by_id);
999 if (a->default_cert != NULL)
1000 ssl_cert_free(a->default_cert);
1001 if (a->client_CA != NULL)
1002 sk_pop_free(a->client_CA,X509_NAME_free);
1003 Free((char *)a);
1004 }
1005
1006void SSL_CTX_set_default_passwd_cb(ctx,cb)
1007SSL_CTX *ctx;
1008int (*cb)();
1009 {
1010 ctx->default_passwd_callback=cb;
1011 }
1012
1013void SSL_CTX_set_cert_verify_cb(ctx,cb,arg)
1014SSL_CTX *ctx;
1015int (*cb)();
1016char *arg;
1017 {
1018 ctx->app_verify_callback=cb;
1019 ctx->app_verify_arg=arg;
1020 }
1021
1022void SSL_CTX_set_verify(ctx,mode,cb)
1023SSL_CTX *ctx;
1024int mode;
1025int (*cb)();
1026 {
1027 ctx->default_verify_mode=mode;
1028 ctx->default_verify_callback=cb;
1029 /* This needs cleaning up EAY EAY EAY */
1030 X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
1031 }
1032
1033void ssl_set_cert_masks(c)
1034CERT *c;
1035 {
1036 CERT_PKEY *cpk;
1037 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
1038 int rsa_enc_export,dh_rsa_export,dh_dsa_export;
1039 int rsa_tmp_export,dh_tmp_export;
1040 unsigned long mask,emask;
1041
1042 if ((c == NULL) || (c->valid)) return;
1043
1044#ifndef NO_RSA
1045 rsa_tmp=((c->rsa_tmp != NULL) || (c->rsa_tmp_cb != NULL))?1:0;
1046 rsa_tmp_export=((c->rsa_tmp_cb != NULL) ||
1047 (rsa_tmp && (RSA_size(c->rsa_tmp)*8 <= 512)))?1:0;
1048#else
1049 rsa_tmp=rsa_tmp_export=0;
1050#endif
1051#ifndef NO_DH
1052 dh_tmp=((c->dh_tmp != NULL) || (c->dh_tmp_cb != NULL))?1:0;
1053 dh_tmp_export=((c->dh_tmp_cb != NULL) ||
1054 (dh_tmp && (DH_size(c->dh_tmp)*8 <= 512)))?1:0;
1055#else
1056 dh_tmp=dh_tmp_export=0;
1057#endif
1058
1059 cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
1060 rsa_enc= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
1061 rsa_enc_export=(rsa_enc && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
1062 cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
1063 rsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
1064 cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
1065 dsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
1066 cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
1067 dh_rsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
1068 dh_rsa_export=(dh_rsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
1069 cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
1070/* FIX THIS EAY EAY EAY */
1071 dh_dsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
1072 dh_dsa_export=(dh_dsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
1073
1074 mask=0;
1075 emask=0;
1076
1077#ifdef CIPHER_DEBUG
1078 printf("rt=%d dht=%d re=%d rs=%d ds=%d dhr=%d dhd=%d\n",
1079 rsa_tmp,dh_tmp,
1080 rsa_enc,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
1081#endif
1082
1083 if (rsa_enc || (rsa_tmp && rsa_sign))
1084 mask|=SSL_kRSA;
1085 if (rsa_enc_export || (rsa_tmp_export && rsa_sign))
1086 emask|=SSL_kRSA;
1087
1088#if 0
1089 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
1090 if ( (dh_tmp || dh_rsa || dh_dsa) &&
1091 (rsa_enc || rsa_sign || dsa_sign))
1092 mask|=SSL_kEDH;
1093 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
1094 (rsa_enc || rsa_sign || dsa_sign))
1095 emask|=SSL_kEDH;
1096#endif
1097
1098 if (dh_tmp_export)
1099 emask|=SSL_kEDH;
1100
1101 if (dh_tmp)
1102 mask|=SSL_kEDH;
1103
1104 if (dh_rsa) mask|=SSL_kDHr;
1105 if (dh_rsa_export) emask|=SSL_kDHr;
1106
1107 if (dh_dsa) mask|=SSL_kDHd;
1108 if (dh_dsa_export) emask|=SSL_kDHd;
1109
1110 if (rsa_enc || rsa_sign)
1111 {
1112 mask|=SSL_aRSA;
1113 emask|=SSL_aRSA;
1114 }
1115
1116 if (dsa_sign)
1117 {
1118 mask|=SSL_aDSS;
1119 emask|=SSL_aDSS;
1120 }
1121
1122#ifdef SSL_ALLOW_ADH
1123 mask|=SSL_aNULL;
1124 emask|=SSL_aNULL;
1125#endif
1126
1127 c->mask=mask;
1128 c->export_mask=emask;
1129 c->valid=1;
1130 }
1131
1132/* THIS NEEDS CLEANING UP */
1133X509 *ssl_get_server_send_cert(s)
1134SSL *s;
1135 {
1136 unsigned long alg,mask,kalg;
1137 CERT *c;
1138 int i,export;
1139
1140 c=s->cert;
1141 ssl_set_cert_masks(c);
1142 alg=s->s3->tmp.new_cipher->algorithms;
1143 export=(alg & SSL_EXPORT)?1:0;
1144 mask=(export)?c->export_mask:c->mask;
1145 kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
1146
1147 if (kalg & SSL_kDHr)
1148 i=SSL_PKEY_DH_RSA;
1149 else if (kalg & SSL_kDHd)
1150 i=SSL_PKEY_DH_DSA;
1151 else if (kalg & SSL_aDSS)
1152 i=SSL_PKEY_DSA_SIGN;
1153 else if (kalg & SSL_aRSA)
1154 {
1155 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
1156 i=SSL_PKEY_RSA_SIGN;
1157 else
1158 i=SSL_PKEY_RSA_ENC;
1159 }
1160 else /* if (kalg & SSL_aNULL) */
1161 {
1162 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR);
1163 return(NULL);
1164 }
1165 if (c->pkeys[i].x509 == NULL) return(NULL);
1166 return(c->pkeys[i].x509);
1167 }
1168
1169EVP_PKEY *ssl_get_sign_pkey(s,cipher)
1170SSL *s;
1171SSL_CIPHER *cipher;
1172 {
1173 unsigned long alg;
1174 CERT *c;
1175
1176 alg=cipher->algorithms;
1177 c=s->cert;
1178
1179 if ((alg & SSL_aDSS) &&
1180 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
1181 return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
1182 else if (alg & SSL_aRSA)
1183 {
1184 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
1185 return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
1186 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
1187 return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
1188 else
1189 return(NULL);
1190 }
1191 else /* if (alg & SSL_aNULL) */
1192 {
1193 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR);
1194 return(NULL);
1195 }
1196 }
1197
1198void ssl_update_cache(s,mode)
1199SSL *s;
1200int mode;
1201 {
1202 int i;
1203
1204 /* If the session_id_length is 0, we are not supposed to cache it,
1205 * and it would be rather hard to do anyway :-) */
1206 if (s->session->session_id_length == 0) return;
1207
1208 if ((s->ctx->session_cache_mode & mode)
1209 && (!s->hit)
1210 && SSL_CTX_add_session(s->ctx,s->session)
1211 && (s->ctx->new_session_cb != NULL))
1212 {
1213 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
1214 if (!s->ctx->new_session_cb(s,s->session))
1215 SSL_SESSION_free(s->session);
1216 }
1217
1218 /* auto flush every 255 connections */
1219 i=s->ctx->session_cache_mode;
1220 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
1221 ((i & mode) == mode))
1222 {
1223 if ( (((mode & SSL_SESS_CACHE_CLIENT)
1224 ?s->ctx->sess_connect_good
1225 :s->ctx->sess_accept_good) & 0xff) == 0xff)
1226 {
1227 SSL_CTX_flush_sessions(s->ctx,time(NULL));
1228 }
1229 }
1230 }
1231
1232SSL_METHOD *SSL_get_ssl_method(s)
1233SSL *s;
1234 {
1235 return(s->method);
1236 }
1237
1238int SSL_set_ssl_method(s,meth)
1239SSL *s;
1240SSL_METHOD *meth;
1241 {
1242 int conn= -1;
1243 int ret=1;
1244
1245 if (s->method != meth)
1246 {
1247 if (s->handshake_func != NULL)
1248 conn=(s->handshake_func == s->method->ssl_connect);
1249
1250 if (s->method->version == meth->version)
1251 s->method=meth;
1252 else
1253 {
1254 s->method->ssl_free(s);
1255 s->method=meth;
1256 ret=s->method->ssl_new(s);
1257 }
1258
1259 if (conn == 1)
1260 s->handshake_func=meth->ssl_connect;
1261 else if (conn == 0)
1262 s->handshake_func=meth->ssl_accept;
1263 }
1264 return(ret);
1265 }
1266
1267int SSL_get_error(s,i)
1268SSL *s;
1269int i;
1270 {
1271 int reason;
1272 BIO *bio;
1273
1274 if (i > 0) return(SSL_ERROR_NONE);
1275
1276 if (ERR_peek_error() != 0)
1277 return(SSL_ERROR_SSL);
1278
1279 if ((i < 0) && SSL_want_read(s))
1280 {
1281 bio=SSL_get_rbio(s);
1282 if (BIO_should_read(bio))
1283 return(SSL_ERROR_WANT_READ);
1284 else if (BIO_should_write(bio))
1285 return(SSL_ERROR_WANT_WRITE);
1286 else if (BIO_should_io_special(bio))
1287 {
1288 reason=BIO_get_retry_reason(bio);
1289 if (reason == BIO_RR_CONNECT)
1290 return(SSL_ERROR_WANT_CONNECT);
1291 else
1292 return(SSL_ERROR_SYSCALL); /* unknown */
1293 }
1294 }
1295
1296 if ((i < 0) && SSL_want_write(s))
1297 {
1298 bio=SSL_get_wbio(s);
1299 if (BIO_should_write(bio))
1300 return(SSL_ERROR_WANT_WRITE);
1301 else if (BIO_should_read(bio))
1302 return(SSL_ERROR_WANT_READ);
1303 else if (BIO_should_io_special(bio))
1304 {
1305 reason=BIO_get_retry_reason(bio);
1306 if (reason == BIO_RR_CONNECT)
1307 return(SSL_ERROR_WANT_CONNECT);
1308 else
1309 return(SSL_ERROR_SYSCALL);
1310 }
1311 }
1312 if ((i < 0) && SSL_want_x509_lookup(s))
1313 {
1314 return(SSL_ERROR_WANT_X509_LOOKUP);
1315 }
1316
1317 if (i == 0)
1318 {
1319 if (s->version == SSL2_VERSION)
1320 {
1321 /* assume it is the socket being closed */
1322 return(SSL_ERROR_ZERO_RETURN);
1323 }
1324 else
1325 {
1326 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
1327 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
1328 return(SSL_ERROR_ZERO_RETURN);
1329 }
1330 }
1331 return(SSL_ERROR_SYSCALL);
1332 }
1333
1334int SSL_do_handshake(s)
1335SSL *s;
1336 {
1337 int ret=1;
1338
1339 if (s->handshake_func == NULL)
1340 {
1341 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
1342 return(-1);
1343 }
1344 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1345 if (SSL_in_init(s) || SSL_in_before(s))
1346 {
1347 ret=s->handshake_func(s);
1348 }
1349 return(ret);
1350 }
1351
1352/* For the next 2 functions, SSL_clear() sets shutdown and so
1353 * one of these calls will reset it */
1354void SSL_set_accept_state(s)
1355SSL *s;
1356 {
1357 s->shutdown=0;
1358 s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
1359 s->handshake_func=s->method->ssl_accept;
1360 /* clear the current cipher */
1361 ssl_clear_cipher_ctx(s);
1362 }
1363
1364void SSL_set_connect_state(s)
1365SSL *s;
1366 {
1367 s->shutdown=0;
1368 s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
1369 s->handshake_func=s->method->ssl_connect;
1370 /* clear the current cipher */
1371 ssl_clear_cipher_ctx(s);
1372 }
1373
1374int ssl_undefined_function(s)
1375SSL *s;
1376 {
1377 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1378 return(0);
1379 }
1380
1381SSL_METHOD *ssl_bad_method(ver)
1382int ver;
1383 {
1384 SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1385 return(NULL);
1386 }
1387
1388char *SSL_get_version(s)
1389SSL *s;
1390 {
1391 if (s->version == TLS1_VERSION)
1392 return("TLSv1");
1393 else if (s->version == SSL3_VERSION)
1394 return("SSLv3");
1395 else if (s->version == SSL2_VERSION)
1396 return("SSLv2");
1397 else
1398 return("unknown");
1399 }
1400
1401SSL *SSL_dup(s)
1402SSL *s;
1403 {
1404 STACK *sk;
1405 X509_NAME *xn;
1406 SSL *ret;
1407 int i;
1408
1409 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) return(NULL);
1410
1411 /* This copies version, session-id, SSL_METHOD and 'cert' */
1412 SSL_copy_session_id(ret,s);
1413
1414 SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
1415 SSL_set_verify(ret,SSL_get_verify_mode(s),
1416 SSL_get_verify_callback(s));
1417
1418 SSL_set_info_callback(ret,SSL_get_info_callback(s));
1419
1420 ret->debug=s->debug;
1421 ret->options=s->options;
1422
1423 /* copy app data, a little dangerous perhaps */
1424 if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
1425 goto err;
1426
1427 /* setup rbio, and wbio */
1428 if (s->rbio != NULL)
1429 {
1430 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
1431 goto err;
1432 }
1433 if (s->wbio != NULL)
1434 {
1435 if (s->wbio != s->rbio)
1436 {
1437 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
1438 goto err;
1439 }
1440 else
1441 ret->wbio=ret->rbio;
1442 }
1443
1444 /* dup the cipher_list and cipher_list_by_id stacks */
1445 if (s->cipher_list != NULL)
1446 {
1447 if ((ret->cipher_list=sk_dup(s->cipher_list)) == NULL)
1448 goto err;
1449 }
1450 if (s->cipher_list_by_id != NULL)
1451 if ((ret->cipher_list_by_id=sk_dup(s->cipher_list_by_id))
1452 == NULL)
1453 goto err;
1454
1455 /* Dup the client_CA list */
1456 if (s->client_CA != NULL)
1457 {
1458 if ((sk=sk_dup(s->client_CA)) == NULL) goto err;
1459 ret->client_CA=sk;
1460 for (i=0; i<sk_num(sk); i++)
1461 {
1462 xn=(X509_NAME *)sk_value(sk,i);
1463 if ((sk_value(sk,i)=(char *)X509_NAME_dup(xn)) == NULL)
1464 {
1465 X509_NAME_free(xn);
1466 goto err;
1467 }
1468 }
1469 }
1470
1471 ret->shutdown=s->shutdown;
1472 ret->state=s->state;
1473 ret->handshake_func=s->handshake_func;
1474
1475 if (0)
1476 {
1477err:
1478 if (ret != NULL) SSL_free(ret);
1479 ret=NULL;
1480 }
1481 return(ret);
1482 }
1483
1484void ssl_clear_cipher_ctx(s)
1485SSL *s;
1486 {
1487 if (s->enc_read_ctx != NULL)
1488 {
1489 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
1490 Free(s->enc_read_ctx);
1491 s->enc_read_ctx=NULL;
1492 }
1493 if (s->enc_write_ctx != NULL)
1494 {
1495 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
1496 Free(s->enc_write_ctx);
1497 s->enc_write_ctx=NULL;
1498 }
1499 }
1500
1501/* Fix this function so that it takes an optional type parameter */
1502X509 *SSL_get_certificate(s)
1503SSL *s;
1504 {
1505 if (s->cert != NULL)
1506 return(s->cert->key->x509);
1507 else
1508 return(NULL);
1509 }
1510
1511/* Fix this function so that it takes an optional type parameter */
1512EVP_PKEY *SSL_get_privatekey(s)
1513SSL *s;
1514 {
1515 if (s->cert != NULL)
1516 return(s->cert->key->privatekey);
1517 else
1518 return(NULL);
1519 }
1520
1521SSL_CIPHER *SSL_get_current_cipher(s)
1522SSL *s;
1523 {
1524 if ((s->session != NULL) && (s->session->cipher != NULL))
1525 return(s->session->cipher);
1526 return(NULL);
1527 }
1528
1529int ssl_init_wbio_buffer(s,push)
1530SSL *s;
1531int push;
1532 {
1533 BIO *bbio;
1534
1535 if (s->bbio == NULL)
1536 {
1537 bbio=BIO_new(BIO_f_buffer());
1538 if (bbio == NULL) return(0);
1539 s->bbio=bbio;
1540 }
1541 else
1542 {
1543 bbio=s->bbio;
1544 if (s->bbio == s->wbio)
1545 s->wbio=BIO_pop(s->wbio);
1546 }
1547 BIO_reset(bbio);
1548/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
1549 if (!BIO_set_read_buffer_size(bbio,1))
1550 {
1551 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
1552 return(0);
1553 }
1554 if (push)
1555 {
1556 if (s->wbio != bbio)
1557 s->wbio=BIO_push(bbio,s->wbio);
1558 }
1559 else
1560 {
1561 if (s->wbio == bbio)
1562 s->wbio=BIO_pop(bbio);
1563 }
1564 return(1);
1565 }
1566
1567void SSL_CTX_set_quiet_shutdown(ctx,mode)
1568SSL_CTX *ctx;
1569int mode;
1570 {
1571 ctx->quiet_shutdown=mode;
1572 }
1573
1574int SSL_CTX_get_quiet_shutdown(ctx)
1575SSL_CTX *ctx;
1576 {
1577 return(ctx->quiet_shutdown);
1578 }
1579
1580void SSL_set_quiet_shutdown(s,mode)
1581SSL *s;
1582int mode;
1583 {
1584 s->quiet_shutdown=mode;
1585 }
1586
1587int SSL_get_quiet_shutdown(s)
1588SSL *s;
1589 {
1590 return(s->quiet_shutdown);
1591 }
1592
1593void SSL_set_shutdown(s,mode)
1594SSL *s;
1595int mode;
1596 {
1597 s->shutdown=mode;
1598 }
1599
1600int SSL_get_shutdown(s)
1601SSL *s;
1602 {
1603 return(s->shutdown);
1604 }
1605
1606int SSL_version(s)
1607SSL *s;
1608 {
1609 return(s->version);
1610 }
1611
1612SSL_CTX *SSL_get_SSL_CTX(ssl)
1613SSL *ssl;
1614 {
1615 return(ssl->ctx);
1616 }
1617
1618int SSL_CTX_set_default_verify_paths(ctx)
1619SSL_CTX *ctx;
1620 {
1621 return(X509_STORE_set_default_paths(ctx->cert_store));
1622 }
1623
1624int SSL_CTX_load_verify_locations(ctx,CAfile,CApath)
1625SSL_CTX *ctx;
1626char *CAfile;
1627char *CApath;
1628 {
1629 return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
1630 }
1631
1632void SSL_set_info_callback(ssl,cb)
1633SSL *ssl;
1634void (*cb)();
1635 {
1636 ssl->info_callback=cb;
1637 }
1638
1639void (*SSL_get_info_callback(ssl))()
1640SSL *ssl;
1641 {
1642 return(ssl->info_callback);
1643 }
1644
1645int SSL_state(ssl)
1646SSL *ssl;
1647 {
1648 return(ssl->state);
1649 }
1650
1651void SSL_set_verify_result(ssl,arg)
1652SSL *ssl;
1653long arg;
1654 {
1655 ssl->verify_result=arg;
1656 }
1657
1658long SSL_get_verify_result(ssl)
1659SSL *ssl;
1660 {
1661 return(ssl->verify_result);
1662 }
1663
1664int SSL_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
1665long argl;
1666char *argp;
1667int (*new_func)();
1668int (*dup_func)();
1669void (*free_func)();
1670 {
1671 ssl_meth_num++;
1672 return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
1673 &ssl_meth,argl,argp,new_func,dup_func,free_func));
1674 }
1675
1676int SSL_set_ex_data(s,idx,arg)
1677SSL *s;
1678int idx;
1679char *arg;
1680 {
1681 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
1682 }
1683
1684char *SSL_get_ex_data(s,idx)
1685SSL *s;
1686int idx;
1687 {
1688 return(CRYPTO_get_ex_data(&s->ex_data,idx));
1689 }
1690
1691int SSL_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
1692long argl;
1693char *argp;
1694int (*new_func)();
1695int (*dup_func)();
1696void (*free_func)();
1697 {
1698 ssl_ctx_meth_num++;
1699 return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
1700 &ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
1701 }
1702
1703int SSL_CTX_set_ex_data(s,idx,arg)
1704SSL_CTX *s;
1705int idx;
1706char *arg;
1707 {
1708 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
1709 }
1710
1711char *SSL_CTX_get_ex_data(s,idx)
1712SSL_CTX *s;
1713int idx;
1714 {
1715 return(CRYPTO_get_ex_data(&s->ex_data,idx));
1716 }
1717
1718#if defined(_WINDLL) && defined(WIN16)
1719#include "../crypto/bio/bss_file.c"
1720#endif
1721
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 16:31:25 +0000