summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
authorjsing <>2014-04-14 13:10:35 +0000
committerjsing <>2014-04-14 13:10:35 +0000
commitb12a89b75a526f5ae9bbd6bfff6053e21295fd2a (patch)
tree7ee2ebf15684ee99e649ef8b3b2dd289398f6325 /src/lib/libssl/ssl_lib.c
parentabb7d374248574dba5fd92eb363fdf180c877abc (diff)
downloadopenbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.tar.gz
openbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.tar.bz2
openbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c3159
1 files changed, 1600 insertions, 1559 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index d9a728493e..98764b82aa 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -160,11 +160,11 @@
160#include <openssl/engine.h> 160#include <openssl/engine.h>
161#endif 161#endif
162 162
163const char *SSL_version_str=OPENSSL_VERSION_TEXT; 163const char *SSL_version_str = OPENSSL_VERSION_TEXT;
164 164
165SSL3_ENC_METHOD ssl3_undef_enc_method={ 165SSL3_ENC_METHOD ssl3_undef_enc_method = {
166 /* evil casts, but these functions are only called if there's a library bug */ 166 /* evil casts, but these functions are only called if there's a library bug */
167 (int (*)(SSL *,int))ssl_undefined_function, 167 (int (*)(SSL *, int))ssl_undefined_function,
168 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, 168 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
169 ssl_undefined_function, 169 ssl_undefined_function,
170 (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, 170 (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
@@ -178,129 +178,124 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
178 0, /* server_finished_label_len */ 178 0, /* server_finished_label_len */
179 (int (*)(int))ssl_undefined_function, 179 (int (*)(int))ssl_undefined_function,
180 (int (*)(SSL *, unsigned char *, size_t, const char *, 180 (int (*)(SSL *, unsigned char *, size_t, const char *,
181 size_t, const unsigned char *, size_t, 181 size_t, const unsigned char *, size_t,
182 int use_context)) ssl_undefined_function, 182 int use_context)) ssl_undefined_function,
183 }; 183};
184 184
185int SSL_clear(SSL *s) 185int
186 { 186SSL_clear(SSL *s)
187{
187 188
188 if (s->method == NULL) 189 if (s->method == NULL) {
189 { 190 SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
190 SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); 191 return (0);
191 return(0); 192 }
192 }
193 193
194 if (ssl_clear_bad_session(s)) 194 if (ssl_clear_bad_session(s)) {
195 {
196 SSL_SESSION_free(s->session); 195 SSL_SESSION_free(s->session);
197 s->session=NULL; 196 s->session = NULL;
198 } 197 }
199 198
200 s->error=0; 199 s->error = 0;
201 s->hit=0; 200 s->hit = 0;
202 s->shutdown=0; 201 s->shutdown = 0;
203 202
204#if 0 /* Disabled since version 1.10 of this file (early return not 203#if 0 /* Disabled since version 1.10 of this file (early return not
205 * needed because SSL_clear is not called when doing renegotiation) */ 204 * needed because SSL_clear is not called when doing renegotiation) */
206 /* This is set if we are doing dynamic renegotiation so keep 205 /* This is set if we are doing dynamic renegotiation so keep
207 * the old cipher. It is sort of a SSL_clear_lite :-) */ 206 * the old cipher. It is sort of a SSL_clear_lite :-) */
208 if (s->renegotiate) return(1);
209#else
210 if (s->renegotiate) 207 if (s->renegotiate)
211 { 208 return (1);
212 SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); 209#else
210 if (s->renegotiate) {
211 SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
213 return 0; 212 return 0;
214 } 213 }
215#endif 214#endif
216 215
217 s->type=0; 216 s->type = 0;
218 217
219 s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); 218 s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
220 219
221 s->version=s->method->version; 220 s->version = s->method->version;
222 s->client_version=s->version; 221 s->client_version = s->version;
223 s->rwstate=SSL_NOTHING; 222 s->rwstate = SSL_NOTHING;
224 s->rstate=SSL_ST_READ_HEADER; 223 s->rstate = SSL_ST_READ_HEADER;
225#if 0 224#if 0
226 s->read_ahead=s->ctx->read_ahead; 225 s->read_ahead = s->ctx->read_ahead;
227#endif 226#endif
228 227
229 if (s->init_buf != NULL) 228 if (s->init_buf != NULL) {
230 {
231 BUF_MEM_free(s->init_buf); 229 BUF_MEM_free(s->init_buf);
232 s->init_buf=NULL; 230 s->init_buf = NULL;
233 } 231 }
234 232
235 ssl_clear_cipher_ctx(s); 233 ssl_clear_cipher_ctx(s);
236 ssl_clear_hash_ctx(&s->read_hash); 234 ssl_clear_hash_ctx(&s->read_hash);
237 ssl_clear_hash_ctx(&s->write_hash); 235 ssl_clear_hash_ctx(&s->write_hash);
238 236
239 s->first_packet=0; 237 s->first_packet = 0;
240 238
241#if 1 239#if 1
242 /* Check to see if we were changed into a different method, if 240 /* Check to see if we were changed into a different method, if
243 * so, revert back if we are not doing session-id reuse. */ 241 * so, revert back if we are not doing session-id reuse. */
244 if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) 242 if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) {
245 {
246 s->method->ssl_free(s); 243 s->method->ssl_free(s);
247 s->method=s->ctx->method; 244 s->method = s->ctx->method;
248 if (!s->method->ssl_new(s)) 245 if (!s->method->ssl_new(s))
249 return(0); 246 return (0);
250 } 247 } else
251 else
252#endif 248#endif
253 s->method->ssl_clear(s); 249 s->method->ssl_clear(s);
254 return(1); 250 return (1);
255 } 251}
256 252
257/** Used to change an SSL_CTXs default SSL method type */ 253/** Used to change an SSL_CTXs default SSL method type */
258int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth) 254int
259 { 255SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
256{
260 STACK_OF(SSL_CIPHER) *sk; 257 STACK_OF(SSL_CIPHER) *sk;
261 258
262 ctx->method=meth; 259 ctx->method = meth;
263 260
264 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), 261 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
265 &(ctx->cipher_list_by_id), 262 &(ctx->cipher_list_by_id),
266 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); 263 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
267 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) 264 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
268 { 265 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
269 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 266 return (0);
270 return(0);
271 }
272 return(1);
273 } 267 }
268 return (1);
269}
274 270
275SSL *SSL_new(SSL_CTX *ctx) 271SSL
276 { 272*SSL_new(SSL_CTX *ctx)
273{
277 SSL *s; 274 SSL *s;
278 275
279 if (ctx == NULL) 276 if (ctx == NULL) {
280 { 277 SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
281 SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); 278 return (NULL);
282 return(NULL); 279 }
283 } 280 if (ctx->method == NULL) {
284 if (ctx->method == NULL) 281 SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
285 { 282 return (NULL);
286 SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 283 }
287 return(NULL);
288 }
289 284
290 s=(SSL *)OPENSSL_malloc(sizeof(SSL)); 285 s = (SSL *)OPENSSL_malloc(sizeof(SSL));
291 if (s == NULL) goto err; 286 if (s == NULL)
292 memset(s,0,sizeof(SSL)); 287 goto err;
288 memset(s, 0, sizeof(SSL));
293 289
294#ifndef OPENSSL_NO_KRB5 290#ifndef OPENSSL_NO_KRB5
295 s->kssl_ctx = kssl_ctx_new(); 291 s->kssl_ctx = kssl_ctx_new();
296#endif /* OPENSSL_NO_KRB5 */ 292#endif /* OPENSSL_NO_KRB5 */
297 293
298 s->options=ctx->options; 294 s->options = ctx->options;
299 s->mode=ctx->mode; 295 s->mode = ctx->mode;
300 s->max_cert_list=ctx->max_cert_list; 296 s->max_cert_list = ctx->max_cert_list;
301 297
302 if (ctx->cert != NULL) 298 if (ctx->cert != NULL) {
303 {
304 /* Earlier library versions used to copy the pointer to 299 /* Earlier library versions used to copy the pointer to
305 * the CERT, not its contents; only when setting new 300 * the CERT, not its contents; only when setting new
306 * parameters for the per-SSL copy, ssl_cert_new would be 301 * parameters for the per-SSL copy, ssl_cert_new would be
@@ -314,22 +309,21 @@ SSL *SSL_new(SSL_CTX *ctx)
314 s->cert = ssl_cert_dup(ctx->cert); 309 s->cert = ssl_cert_dup(ctx->cert);
315 if (s->cert == NULL) 310 if (s->cert == NULL)
316 goto err; 311 goto err;
317 } 312 } else
318 else
319 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ 313 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
320 314
321 s->read_ahead=ctx->read_ahead; 315 s->read_ahead = ctx->read_ahead;
322 s->msg_callback=ctx->msg_callback; 316 s->msg_callback = ctx->msg_callback;
323 s->msg_callback_arg=ctx->msg_callback_arg; 317 s->msg_callback_arg = ctx->msg_callback_arg;
324 s->verify_mode=ctx->verify_mode; 318 s->verify_mode = ctx->verify_mode;
325#if 0 319#if 0
326 s->verify_depth=ctx->verify_depth; 320 s->verify_depth = ctx->verify_depth;
327#endif 321#endif
328 s->sid_ctx_length=ctx->sid_ctx_length; 322 s->sid_ctx_length = ctx->sid_ctx_length;
329 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); 323 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
330 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); 324 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
331 s->verify_callback=ctx->default_verify_callback; 325 s->verify_callback = ctx->default_verify_callback;
332 s->generate_session_id=ctx->generate_session_id; 326 s->generate_session_id = ctx->generate_session_id;
333 327
334 s->param = X509_VERIFY_PARAM_new(); 328 s->param = X509_VERIFY_PARAM_new();
335 if (!s->param) 329 if (!s->param)
@@ -339,11 +333,11 @@ SSL *SSL_new(SSL_CTX *ctx)
339 s->purpose = ctx->purpose; 333 s->purpose = ctx->purpose;
340 s->trust = ctx->trust; 334 s->trust = ctx->trust;
341#endif 335#endif
342 s->quiet_shutdown=ctx->quiet_shutdown; 336 s->quiet_shutdown = ctx->quiet_shutdown;
343 s->max_send_fragment = ctx->max_send_fragment; 337 s->max_send_fragment = ctx->max_send_fragment;
344 338
345 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 339 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
346 s->ctx=ctx; 340 s->ctx = ctx;
347#ifndef OPENSSL_NO_TLSEXT 341#ifndef OPENSSL_NO_TLSEXT
348 s->tlsext_debug_cb = 0; 342 s->tlsext_debug_cb = 0;
349 s->tlsext_debug_arg = NULL; 343 s->tlsext_debug_arg = NULL;
@@ -354,93 +348,95 @@ SSL *SSL_new(SSL_CTX *ctx)
354 s->tlsext_ocsp_exts = NULL; 348 s->tlsext_ocsp_exts = NULL;
355 s->tlsext_ocsp_resp = NULL; 349 s->tlsext_ocsp_resp = NULL;
356 s->tlsext_ocsp_resplen = -1; 350 s->tlsext_ocsp_resplen = -1;
357 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 351 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
358 s->initial_ctx=ctx; 352 s->initial_ctx = ctx;
359# ifndef OPENSSL_NO_NEXTPROTONEG 353# ifndef OPENSSL_NO_NEXTPROTONEG
360 s->next_proto_negotiated = NULL; 354 s->next_proto_negotiated = NULL;
361# endif 355# endif
362#endif 356#endif
363 357
364 s->verify_result=X509_V_OK; 358 s->verify_result = X509_V_OK;
365 359
366 s->method=ctx->method; 360 s->method = ctx->method;
367 361
368 if (!s->method->ssl_new(s)) 362 if (!s->method->ssl_new(s))
369 goto err; 363 goto err;
370 364
371 s->references=1; 365 s->references = 1;
372 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; 366 s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
373 367
374 SSL_clear(s); 368 SSL_clear(s);
375 369
376 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 370 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
377 371
378#ifndef OPENSSL_NO_PSK 372#ifndef OPENSSL_NO_PSK
379 s->psk_client_callback=ctx->psk_client_callback; 373 s->psk_client_callback = ctx->psk_client_callback;
380 s->psk_server_callback=ctx->psk_server_callback; 374 s->psk_server_callback = ctx->psk_server_callback;
381#endif 375#endif
382 376
383 return(s); 377 return (s);
384err: 378err:
385 if (s != NULL) 379 if (s != NULL) {
386 {
387 if (s->cert != NULL) 380 if (s->cert != NULL)
388 ssl_cert_free(s->cert); 381 ssl_cert_free(s->cert);
389 if (s->ctx != NULL) 382 if (s->ctx != NULL)
390 SSL_CTX_free(s->ctx); /* decrement reference count */ 383 SSL_CTX_free(s->ctx); /* decrement reference count */
391 OPENSSL_free(s); 384 OPENSSL_free(s);
392 }
393 SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
394 return(NULL);
395 } 385 }
386 SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
387 return (NULL);
388}
396 389
397int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, 390int
398 unsigned int sid_ctx_len) 391SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
399 { 392 unsigned int sid_ctx_len)
400 if(sid_ctx_len > sizeof ctx->sid_ctx) 393{
401 { 394 if (sid_ctx_len > sizeof ctx->sid_ctx) {
402 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 395 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
403 return 0; 396 return 0;
404 } 397 }
405 ctx->sid_ctx_length=sid_ctx_len; 398 ctx->sid_ctx_length = sid_ctx_len;
406 memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); 399 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
407 400
408 return 1; 401 return 1;
409 } 402}
410 403
411int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, 404int
412 unsigned int sid_ctx_len) 405SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
413 { 406 unsigned int sid_ctx_len)
414 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) 407{
415 { 408 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
416 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 409 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
417 return 0; 410 return 0;
418 } 411 }
419 ssl->sid_ctx_length=sid_ctx_len; 412 ssl->sid_ctx_length = sid_ctx_len;
420 memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); 413 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
421 414
422 return 1; 415 return 1;
423 } 416}
424 417
425int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) 418int
426 { 419SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
420{
427 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 421 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
428 ctx->generate_session_id = cb; 422 ctx->generate_session_id = cb;
429 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 423 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
430 return 1; 424 return 1;
431 } 425}
432 426
433int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) 427int
434 { 428SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
429{
435 CRYPTO_w_lock(CRYPTO_LOCK_SSL); 430 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
436 ssl->generate_session_id = cb; 431 ssl->generate_session_id = cb;
437 CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 432 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
438 return 1; 433 return 1;
439 } 434}
440 435
441int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 436int
442 unsigned int id_len) 437SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
443 { 438 unsigned int id_len)
439{
444 /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how 440 /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
445 * we can "construct" a session to give us the desired check - ie. to 441 * we can "construct" a session to give us the desired check - ie. to
446 * find if there's a session in the hash table that would conflict with 442 * find if there's a session in the hash table that would conflict with
@@ -448,7 +444,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
448 * use by this SSL. */ 444 * use by this SSL. */
449 SSL_SESSION r, *p; 445 SSL_SESSION r, *p;
450 446
451 if(id_len > sizeof r.session_id) 447 if (id_len > sizeof r.session_id)
452 return 0; 448 return 0;
453 449
454 r.ssl_version = ssl->version; 450 r.ssl_version = ssl->version;
@@ -458,68 +454,74 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
458 * callback is calling us to check the uniqueness of a shorter ID, it 454 * callback is calling us to check the uniqueness of a shorter ID, it
459 * must be compared as a padded-out ID because that is what it will be 455 * must be compared as a padded-out ID because that is what it will be
460 * converted to when the callback has finished choosing it. */ 456 * converted to when the callback has finished choosing it. */
461 if((r.ssl_version == SSL2_VERSION) && 457 if ((r.ssl_version == SSL2_VERSION) &&
462 (id_len < SSL2_SSL_SESSION_ID_LENGTH)) 458 (id_len < SSL2_SSL_SESSION_ID_LENGTH)) {
463 {
464 memset(r.session_id + id_len, 0, 459 memset(r.session_id + id_len, 0,
465 SSL2_SSL_SESSION_ID_LENGTH - id_len); 460 SSL2_SSL_SESSION_ID_LENGTH - id_len);
466 r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; 461 r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
467 } 462 }
468 463
469 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 464 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
470 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); 465 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
471 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 466 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
472 return (p != NULL); 467 return (p != NULL);
473 } 468}
474 469
475int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) 470int
476 { 471SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
472{
477 return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 473 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
478 } 474}
479 475
480int SSL_set_purpose(SSL *s, int purpose) 476int
481 { 477SSL_set_purpose(SSL *s, int purpose)
478{
482 return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 479 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
483 } 480}
484 481
485int SSL_CTX_set_trust(SSL_CTX *s, int trust) 482int
486 { 483SSL_CTX_set_trust(SSL_CTX *s, int trust)
484{
487 return X509_VERIFY_PARAM_set_trust(s->param, trust); 485 return X509_VERIFY_PARAM_set_trust(s->param, trust);
488 } 486}
489 487
490int SSL_set_trust(SSL *s, int trust) 488int
491 { 489SSL_set_trust(SSL *s, int trust)
490{
492 return X509_VERIFY_PARAM_set_trust(s->param, trust); 491 return X509_VERIFY_PARAM_set_trust(s->param, trust);
493 } 492}
494 493
495int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) 494int
496 { 495SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
496{
497 return X509_VERIFY_PARAM_set1(ctx->param, vpm); 497 return X509_VERIFY_PARAM_set1(ctx->param, vpm);
498 } 498}
499 499
500int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) 500int
501 { 501SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
502{
502 return X509_VERIFY_PARAM_set1(ssl->param, vpm); 503 return X509_VERIFY_PARAM_set1(ssl->param, vpm);
503 } 504}
504 505
505void SSL_free(SSL *s) 506void
506 { 507SSL_free(SSL *s)
508{
507 int i; 509 int i;
508 510
509 if(s == NULL) 511 if (s == NULL)
510 return; 512 return;
511 513
512 i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); 514 i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
513#ifdef REF_PRINT 515#ifdef REF_PRINT
514 REF_PRINT("SSL",s); 516 REF_PRINT("SSL", s);
515#endif 517#endif
516 if (i > 0) return; 518 if (i > 0)
519 return;
517#ifdef REF_CHECK 520#ifdef REF_CHECK
518 if (i < 0) 521 if (i < 0) {
519 { 522 fprintf(stderr, "SSL_free, bad reference count\n");
520 fprintf(stderr,"SSL_free, bad reference count\n");
521 abort(); /* ok */ 523 abort(); /* ok */
522 } 524 }
523#endif 525#endif
524 526
525 if (s->param) 527 if (s->param)
@@ -527,53 +529,58 @@ void SSL_free(SSL *s)
527 529
528 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 530 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
529 531
530 if (s->bbio != NULL) 532 if (s->bbio != NULL) {
531 {
532 /* If the buffering BIO is in place, pop it off */ 533 /* If the buffering BIO is in place, pop it off */
533 if (s->bbio == s->wbio) 534 if (s->bbio == s->wbio) {
534 { 535 s->wbio = BIO_pop(s->wbio);
535 s->wbio=BIO_pop(s->wbio);
536 }
537 BIO_free(s->bbio);
538 s->bbio=NULL;
539 } 536 }
537 BIO_free(s->bbio);
538 s->bbio = NULL;
539 }
540 if (s->rbio != NULL) 540 if (s->rbio != NULL)
541 BIO_free_all(s->rbio); 541 BIO_free_all(s->rbio);
542 if ((s->wbio != NULL) && (s->wbio != s->rbio)) 542 if ((s->wbio != NULL) && (s->wbio != s->rbio))
543 BIO_free_all(s->wbio); 543 BIO_free_all(s->wbio);
544 544
545 if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); 545 if (s->init_buf != NULL)
546 BUF_MEM_free(s->init_buf);
546 547
547 /* add extra stuff */ 548 /* add extra stuff */
548 if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); 549 if (s->cipher_list != NULL)
549 if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); 550 sk_SSL_CIPHER_free(s->cipher_list);
551 if (s->cipher_list_by_id != NULL)
552 sk_SSL_CIPHER_free(s->cipher_list_by_id);
550 553
551 /* Make the next call work :-) */ 554 /* Make the next call work :-) */
552 if (s->session != NULL) 555 if (s->session != NULL) {
553 {
554 ssl_clear_bad_session(s); 556 ssl_clear_bad_session(s);
555 SSL_SESSION_free(s->session); 557 SSL_SESSION_free(s->session);
556 } 558 }
557 559
558 ssl_clear_cipher_ctx(s); 560 ssl_clear_cipher_ctx(s);
559 ssl_clear_hash_ctx(&s->read_hash); 561 ssl_clear_hash_ctx(&s->read_hash);
560 ssl_clear_hash_ctx(&s->write_hash); 562 ssl_clear_hash_ctx(&s->write_hash);
561 563
562 if (s->cert != NULL) ssl_cert_free(s->cert); 564 if (s->cert != NULL)
565 ssl_cert_free(s->cert);
563 /* Free up if allocated */ 566 /* Free up if allocated */
564 567
565#ifndef OPENSSL_NO_TLSEXT 568#ifndef OPENSSL_NO_TLSEXT
566 if (s->tlsext_hostname) 569 if (s->tlsext_hostname)
567 OPENSSL_free(s->tlsext_hostname); 570 OPENSSL_free(s->tlsext_hostname);
568 if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); 571 if (s->initial_ctx)
572 SSL_CTX_free(s->initial_ctx);
569#ifndef OPENSSL_NO_EC 573#ifndef OPENSSL_NO_EC
570 if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist); 574 if (s->tlsext_ecpointformatlist)
571 if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); 575 OPENSSL_free(s->tlsext_ecpointformatlist);
576 if (s->tlsext_ellipticcurvelist)
577 OPENSSL_free(s->tlsext_ellipticcurvelist);
572#endif /* OPENSSL_NO_EC */ 578#endif /* OPENSSL_NO_EC */
573 if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input); 579 if (s->tlsext_opaque_prf_input)
580 OPENSSL_free(s->tlsext_opaque_prf_input);
574 if (s->tlsext_ocsp_exts) 581 if (s->tlsext_ocsp_exts)
575 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 582 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
576 X509_EXTENSION_free); 583 X509_EXTENSION_free);
577 if (s->tlsext_ocsp_ids) 584 if (s->tlsext_ocsp_ids)
578 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 585 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
579 if (s->tlsext_ocsp_resp) 586 if (s->tlsext_ocsp_resp)
@@ -581,11 +588,13 @@ void SSL_free(SSL *s)
581#endif 588#endif
582 589
583 if (s->client_CA != NULL) 590 if (s->client_CA != NULL)
584 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); 591 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
585 592
586 if (s->method != NULL) s->method->ssl_free(s); 593 if (s->method != NULL)
594 s->method->ssl_free(s);
587 595
588 if (s->ctx) SSL_CTX_free(s->ctx); 596 if (s->ctx)
597 SSL_CTX_free(s->ctx);
589 598
590#ifndef OPENSSL_NO_KRB5 599#ifndef OPENSSL_NO_KRB5
591 if (s->kssl_ctx != NULL) 600 if (s->kssl_ctx != NULL)
@@ -598,223 +607,237 @@ void SSL_free(SSL *s)
598#endif 607#endif
599 608
600#ifndef OPENSSL_NO_SRTP 609#ifndef OPENSSL_NO_SRTP
601 if (s->srtp_profiles) 610 if (s->srtp_profiles)
602 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); 611 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
603#endif 612#endif
604 613
605 OPENSSL_free(s); 614 OPENSSL_free(s);
606 } 615}
607 616
608void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) 617void
609 { 618SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
619{
610 /* If the output buffering BIO is still in place, remove it 620 /* If the output buffering BIO is still in place, remove it
611 */ 621 */
612 if (s->bbio != NULL) 622 if (s->bbio != NULL) {
613 { 623 if (s->wbio == s->bbio) {
614 if (s->wbio == s->bbio) 624 s->wbio = s->wbio->next_bio;
615 { 625 s->bbio->next_bio = NULL;
616 s->wbio=s->wbio->next_bio;
617 s->bbio->next_bio=NULL;
618 }
619 } 626 }
627 }
620 if ((s->rbio != NULL) && (s->rbio != rbio)) 628 if ((s->rbio != NULL) && (s->rbio != rbio))
621 BIO_free_all(s->rbio); 629 BIO_free_all(s->rbio);
622 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) 630 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
623 BIO_free_all(s->wbio); 631 BIO_free_all(s->wbio);
624 s->rbio=rbio; 632 s->rbio = rbio;
625 s->wbio=wbio; 633 s->wbio = wbio;
626 } 634}
627 635
628BIO *SSL_get_rbio(const SSL *s) 636BIO
629 { return(s->rbio); } 637*SSL_get_rbio(const SSL *s)
638 { return (s->rbio);
639}
630 640
631BIO *SSL_get_wbio(const SSL *s) 641BIO
632 { return(s->wbio); } 642*SSL_get_wbio(const SSL *s)
643 { return (s->wbio);
644}
633 645
634int SSL_get_fd(const SSL *s) 646int
635 { 647SSL_get_fd(const SSL *s)
636 return(SSL_get_rfd(s)); 648{
637 } 649 return (SSL_get_rfd(s));
650}
638 651
639int SSL_get_rfd(const SSL *s) 652int
640 { 653SSL_get_rfd(const SSL *s)
641 int ret= -1; 654{
642 BIO *b,*r; 655 int ret = -1;
656 BIO *b, *r;
643 657
644 b=SSL_get_rbio(s); 658 b = SSL_get_rbio(s);
645 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); 659 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
646 if (r != NULL) 660 if (r != NULL)
647 BIO_get_fd(r,&ret); 661 BIO_get_fd(r, &ret);
648 return(ret); 662 return (ret);
649 } 663}
650 664
651int SSL_get_wfd(const SSL *s) 665int
652 { 666SSL_get_wfd(const SSL *s)
653 int ret= -1; 667{
654 BIO *b,*r; 668 int ret = -1;
669 BIO *b, *r;
655 670
656 b=SSL_get_wbio(s); 671 b = SSL_get_wbio(s);
657 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); 672 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
658 if (r != NULL) 673 if (r != NULL)
659 BIO_get_fd(r,&ret); 674 BIO_get_fd(r, &ret);
660 return(ret); 675 return (ret);
661 } 676}
662 677
663#ifndef OPENSSL_NO_SOCK 678#ifndef OPENSSL_NO_SOCK
664int SSL_set_fd(SSL *s,int fd) 679int
665 { 680SSL_set_fd(SSL *s, int fd)
666 int ret=0; 681{
667 BIO *bio=NULL; 682 int ret = 0;
683 BIO *bio = NULL;
668 684
669 bio=BIO_new(BIO_s_socket()); 685 bio = BIO_new(BIO_s_socket());
670 686
671 if (bio == NULL) 687 if (bio == NULL) {
672 { 688 SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
673 SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
674 goto err; 689 goto err;
675 }
676 BIO_set_fd(bio,fd,BIO_NOCLOSE);
677 SSL_set_bio(s,bio,bio);
678 ret=1;
679err:
680 return(ret);
681 } 690 }
691 BIO_set_fd(bio, fd, BIO_NOCLOSE);
692 SSL_set_bio(s, bio, bio);
693 ret = 1;
694err:
695 return (ret);
696}
682 697
683int SSL_set_wfd(SSL *s,int fd) 698int
684 { 699SSL_set_wfd(SSL *s, int fd)
685 int ret=0; 700{
686 BIO *bio=NULL; 701 int ret = 0;
702 BIO *bio = NULL;
687 703
688 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) 704 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
689 || ((int)BIO_get_fd(s->rbio,NULL) != fd)) 705 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
690 { 706 bio = BIO_new(BIO_s_socket());
691 bio=BIO_new(BIO_s_socket());
692 707
693 if (bio == NULL) 708 if (bio == NULL)
694 { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } 709 { SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
695 BIO_set_fd(bio,fd,BIO_NOCLOSE); 710 goto err;
696 SSL_set_bio(s,SSL_get_rbio(s),bio);
697 } 711 }
698 else 712 BIO_set_fd(bio, fd, BIO_NOCLOSE);
699 SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s)); 713 SSL_set_bio(s, SSL_get_rbio(s), bio);
700 ret=1; 714 } else
715 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
716 ret = 1;
701err: 717err:
702 return(ret); 718 return (ret);
703 } 719}
704 720
705int SSL_set_rfd(SSL *s,int fd) 721int
706 { 722SSL_set_rfd(SSL *s, int fd)
707 int ret=0; 723{
708 BIO *bio=NULL; 724 int ret = 0;
725 BIO *bio = NULL;
709 726
710 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) 727 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
711 || ((int)BIO_get_fd(s->wbio,NULL) != fd)) 728 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
712 { 729 bio = BIO_new(BIO_s_socket());
713 bio=BIO_new(BIO_s_socket());
714 730
715 if (bio == NULL) 731 if (bio == NULL) {
716 { 732 SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
717 SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
718 goto err; 733 goto err;
719 }
720 BIO_set_fd(bio,fd,BIO_NOCLOSE);
721 SSL_set_bio(s,bio,SSL_get_wbio(s));
722 } 734 }
723 else 735 BIO_set_fd(bio, fd, BIO_NOCLOSE);
724 SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s)); 736 SSL_set_bio(s, bio, SSL_get_wbio(s));
725 ret=1; 737 } else
738 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
739 ret = 1;
726err: 740err:
727 return(ret); 741 return (ret);
728 } 742}
729#endif 743#endif
730 744
731 745
732/* return length of latest Finished message we sent, copy to 'buf' */ 746/* return length of latest Finished message we sent, copy to 'buf' */
733size_t SSL_get_finished(const SSL *s, void *buf, size_t count) 747size_t
734 { 748SSL_get_finished(const SSL *s, void *buf, size_t count)
749{
735 size_t ret = 0; 750 size_t ret = 0;
736 751
737 if (s->s3 != NULL) 752 if (s->s3 != NULL) {
738 {
739 ret = s->s3->tmp.finish_md_len; 753 ret = s->s3->tmp.finish_md_len;
740 if (count > ret) 754 if (count > ret)
741 count = ret; 755 count = ret;
742 memcpy(buf, s->s3->tmp.finish_md, count); 756 memcpy(buf, s->s3->tmp.finish_md, count);
743 }
744 return ret;
745 } 757 }
758 return ret;
759}
746 760
747/* return length of latest Finished message we expected, copy to 'buf' */ 761/* return length of latest Finished message we expected, copy to 'buf' */
748size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) 762size_t
749 { 763SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
764{
750 size_t ret = 0; 765 size_t ret = 0;
751 766
752 if (s->s3 != NULL) 767 if (s->s3 != NULL) {
753 {
754 ret = s->s3->tmp.peer_finish_md_len; 768 ret = s->s3->tmp.peer_finish_md_len;
755 if (count > ret) 769 if (count > ret)
756 count = ret; 770 count = ret;
757 memcpy(buf, s->s3->tmp.peer_finish_md, count); 771 memcpy(buf, s->s3->tmp.peer_finish_md, count);
758 }
759 return ret;
760 } 772 }
773 return ret;
774}
761 775
762 776
763int SSL_get_verify_mode(const SSL *s) 777int
764 { 778SSL_get_verify_mode(const SSL *s)
765 return(s->verify_mode); 779{
766 } 780 return (s->verify_mode);
781}
767 782
768int SSL_get_verify_depth(const SSL *s) 783int
769 { 784SSL_get_verify_depth(const SSL *s)
785{
770 return X509_VERIFY_PARAM_get_depth(s->param); 786 return X509_VERIFY_PARAM_get_depth(s->param);
771 } 787}
772 788
773int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) 789int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
774 { 790{
775 return(s->verify_callback); 791 return (s->verify_callback);
776 } 792}
777 793
778int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) 794int
779 { 795SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
780 return(ctx->verify_mode); 796{
781 } 797 return (ctx->verify_mode);
798}
782 799
783int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) 800int
784 { 801SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
802{
785 return X509_VERIFY_PARAM_get_depth(ctx->param); 803 return X509_VERIFY_PARAM_get_depth(ctx->param);
786 } 804}
787 805
788int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) 806int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
789 { 807{
790 return(ctx->default_verify_callback); 808 return (ctx->default_verify_callback);
791 } 809}
792 810
793void SSL_set_verify(SSL *s,int mode, 811void
794 int (*callback)(int ok,X509_STORE_CTX *ctx)) 812SSL_set_verify(SSL *s, int mode,
795 { 813 int (*callback)(int ok, X509_STORE_CTX *ctx))
796 s->verify_mode=mode; 814{
815 s->verify_mode = mode;
797 if (callback != NULL) 816 if (callback != NULL)
798 s->verify_callback=callback; 817 s->verify_callback = callback;
799 } 818}
800 819
801void SSL_set_verify_depth(SSL *s,int depth) 820void
802 { 821SSL_set_verify_depth(SSL *s, int depth)
822{
803 X509_VERIFY_PARAM_set_depth(s->param, depth); 823 X509_VERIFY_PARAM_set_depth(s->param, depth);
804 } 824}
805 825
806void SSL_set_read_ahead(SSL *s,int yes) 826void
807 { 827SSL_set_read_ahead(SSL *s, int yes)
808 s->read_ahead=yes; 828{
809 } 829 s->read_ahead = yes;
830}
810 831
811int SSL_get_read_ahead(const SSL *s) 832int
812 { 833SSL_get_read_ahead(const SSL *s)
813 return(s->read_ahead); 834{
814 } 835 return (s->read_ahead);
836}
815 837
816int SSL_pending(const SSL *s) 838int
817 { 839SSL_pending(const SSL *s)
840{
818 /* SSL_pending cannot work properly if read-ahead is enabled 841 /* SSL_pending cannot work properly if read-ahead is enabled
819 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), 842 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
820 * and it is impossible to fix since SSL_pending cannot report 843 * and it is impossible to fix since SSL_pending cannot report
@@ -822,264 +845,266 @@ int SSL_pending(const SSL *s)
822 * (Note that SSL_pending() is often used as a boolean value, 845 * (Note that SSL_pending() is often used as a boolean value,
823 * so we'd better not return -1.) 846 * so we'd better not return -1.)
824 */ 847 */
825 return(s->method->ssl_pending(s)); 848 return (s->method->ssl_pending(s));
826 } 849}
827 850
828X509 *SSL_get_peer_certificate(const SSL *s) 851X509
829 { 852*SSL_get_peer_certificate(const SSL *s)
853{
830 X509 *r; 854 X509 *r;
831 855
832 if ((s == NULL) || (s->session == NULL)) 856 if ((s == NULL) || (s->session == NULL))
833 r=NULL; 857 r = NULL;
834 else 858 else
835 r=s->session->peer; 859 r = s->session->peer;
836 860
837 if (r == NULL) return(r); 861 if (r == NULL)
862 return (r);
838 863
839 CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); 864 CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509);
840 865
841 return(r); 866 return (r);
842 } 867}
843 868
844STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) 869STACK_OF(X509)
845 { 870*SSL_get_peer_cert_chain(const SSL *s)
871{
846 STACK_OF(X509) *r; 872 STACK_OF(X509) *r;
847 873
848 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) 874 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
849 r=NULL; 875 r = NULL;
850 else 876 else
851 r=s->session->sess_cert->cert_chain; 877 r = s->session->sess_cert->cert_chain;
852 878
853 /* If we are a client, cert_chain includes the peer's own 879 /* If we are a client, cert_chain includes the peer's own
854 * certificate; if we are a server, it does not. */ 880 * certificate;
855 881if we are a server, it does not. */
856 return(r); 882
857 } 883 return (r);
884}
858 885
859/* Now in theory, since the calling process own 't' it should be safe to 886/* Now in theory, since the calling process own 't' it should be safe to
860 * modify. We need to be able to read f without being hassled */ 887 * modify. We need to be able to read f without being hassled */
861void SSL_copy_session_id(SSL *t,const SSL *f) 888void
862 { 889SSL_copy_session_id(SSL *t, const SSL *f)
890{
863 CERT *tmp; 891 CERT *tmp;
864 892
865 /* Do we need to to SSL locking? */ 893 /* Do we need to to SSL locking? */
866 SSL_set_session(t,SSL_get_session(f)); 894 SSL_set_session(t, SSL_get_session(f));
867 895
868 /* what if we are setup as SSLv2 but want to talk SSLv3 or 896 /* what if we are setup as SSLv2 but want to talk SSLv3 or
869 * vice-versa */ 897 * vice-versa */
870 if (t->method != f->method) 898 if (t->method != f->method) {
871 {
872 t->method->ssl_free(t); /* cleanup current */ 899 t->method->ssl_free(t); /* cleanup current */
873 t->method=f->method; /* change method */ 900 t->method=f->method; /* change method */
874 t->method->ssl_new(t); /* setup new */ 901 t->method->ssl_new(t); /* setup new */
875 }
876
877 tmp=t->cert;
878 if (f->cert != NULL)
879 {
880 CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
881 t->cert=f->cert;
882 }
883 else
884 t->cert=NULL;
885 if (tmp != NULL) ssl_cert_free(tmp);
886 SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
887 } 902 }
888 903
904 tmp = t->cert;
905 if (f->cert != NULL) {
906 CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
907 t->cert = f->cert;
908 } else
909 t->cert = NULL;
910 if (tmp != NULL)
911 ssl_cert_free(tmp);
912 SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
913}
914
889/* Fix this so it checks all the valid key/cert options */ 915/* Fix this so it checks all the valid key/cert options */
890int SSL_CTX_check_private_key(const SSL_CTX *ctx) 916int
891 { 917SSL_CTX_check_private_key(const SSL_CTX *ctx)
892 if ( (ctx == NULL) || 918{
919 if ((ctx == NULL) ||
893 (ctx->cert == NULL) || 920 (ctx->cert == NULL) ||
894 (ctx->cert->key->x509 == NULL)) 921 (ctx->cert->key->x509 == NULL)) {
895 { 922 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
896 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); 923 return (0);
897 return(0); 924 }
898 } 925 if (ctx->cert->key->privatekey == NULL) {
899 if (ctx->cert->key->privatekey == NULL) 926 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
900 { 927 return (0);
901 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
902 return(0);
903 }
904 return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
905 } 928 }
929 return (X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
930}
906 931
907/* Fix this function so that it takes an optional type parameter */ 932/* Fix this function so that it takes an optional type parameter */
908int SSL_check_private_key(const SSL *ssl) 933int
909 { 934SSL_check_private_key(const SSL *ssl)
910 if (ssl == NULL) 935{
911 { 936 if (ssl == NULL) {
912 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); 937 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
913 return(0); 938 return (0);
914 } 939 }
915 if (ssl->cert == NULL) 940 if (ssl->cert == NULL) {
916 { 941 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
917 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
918 return 0; 942 return 0;
919 }
920 if (ssl->cert->key->x509 == NULL)
921 {
922 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
923 return(0);
924 }
925 if (ssl->cert->key->privatekey == NULL)
926 {
927 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
928 return(0);
929 }
930 return(X509_check_private_key(ssl->cert->key->x509,
931 ssl->cert->key->privatekey));
932 } 943 }
944 if (ssl->cert->key->x509 == NULL) {
945 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
946 return (0);
947 }
948 if (ssl->cert->key->privatekey == NULL) {
949 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
950 return (0);
951 }
952 return(X509_check_private_key(ssl->cert->key->x509,
953 ssl->cert->key->privatekey));
954}
933 955
934int SSL_accept(SSL *s) 956int
935 { 957SSL_accept(SSL *s)
958{
936 if (s->handshake_func == 0) 959 if (s->handshake_func == 0)
937 /* Not properly initialized yet */ 960 /* Not properly initialized yet */
938 SSL_set_accept_state(s); 961 SSL_set_accept_state(s);
939 962
940 return(s->method->ssl_accept(s)); 963 return (s->method->ssl_accept(s));
941 } 964}
942 965
943int SSL_connect(SSL *s) 966int
944 { 967SSL_connect(SSL *s)
968{
945 if (s->handshake_func == 0) 969 if (s->handshake_func == 0)
946 /* Not properly initialized yet */ 970 /* Not properly initialized yet */
947 SSL_set_connect_state(s); 971 SSL_set_connect_state(s);
948 972
949 return(s->method->ssl_connect(s)); 973 return (s->method->ssl_connect(s));
950 } 974}
951 975
952long SSL_get_default_timeout(const SSL *s) 976long
953 { 977SSL_get_default_timeout(const SSL *s)
954 return(s->method->get_timeout()); 978{
955 } 979 return (s->method->get_timeout());
980}
956 981
957int SSL_read(SSL *s,void *buf,int num) 982int
958 { 983SSL_read(SSL *s, void *buf, int num)
959 if (s->handshake_func == 0) 984{
960 { 985 if (s->handshake_func == 0) {
961 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); 986 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
962 return -1; 987 return -1;
963 } 988 }
964 989
965 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 990 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
966 { 991 s->rwstate = SSL_NOTHING;
967 s->rwstate=SSL_NOTHING; 992 return (0);
968 return(0);
969 }
970 return(s->method->ssl_read(s,buf,num));
971 } 993 }
994 return (s->method->ssl_read(s, buf, num));
995}
972 996
973int SSL_peek(SSL *s,void *buf,int num) 997int
974 { 998SSL_peek(SSL *s, void *buf, int num)
975 if (s->handshake_func == 0) 999{
976 { 1000 if (s->handshake_func == 0) {
977 SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); 1001 SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
978 return -1; 1002 return -1;
979 } 1003 }
980 1004
981 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 1005 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
982 { 1006 return (0);
983 return(0);
984 }
985 return(s->method->ssl_peek(s,buf,num));
986 } 1007 }
1008 return (s->method->ssl_peek(s, buf, num));
1009}
987 1010
988int SSL_write(SSL *s,const void *buf,int num) 1011int
989 { 1012SSL_write(SSL *s, const void *buf, int num)
990 if (s->handshake_func == 0) 1013{
991 { 1014 if (s->handshake_func == 0) {
992 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); 1015 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
993 return -1; 1016 return -1;
994 } 1017 }
995 1018
996 if (s->shutdown & SSL_SENT_SHUTDOWN) 1019 if (s->shutdown & SSL_SENT_SHUTDOWN) {
997 { 1020 s->rwstate = SSL_NOTHING;
998 s->rwstate=SSL_NOTHING; 1021 SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
999 SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); 1022 return (-1);
1000 return(-1);
1001 }
1002 return(s->method->ssl_write(s,buf,num));
1003 } 1023 }
1024 return (s->method->ssl_write(s, buf, num));
1025}
1004 1026
1005int SSL_shutdown(SSL *s) 1027int
1006 { 1028SSL_shutdown(SSL *s)
1029{
1007 /* Note that this function behaves differently from what one might 1030 /* Note that this function behaves differently from what one might
1008 * expect. Return values are 0 for no success (yet), 1031 * expect. Return values are 0 for no success (yet),
1009 * 1 for success; but calling it once is usually not enough, 1032 * 1 for success; but calling it once is usually not enough,
1010 * even if blocking I/O is used (see ssl3_shutdown). 1033 * even if blocking I/O is used (see ssl3_shutdown).
1011 */ 1034 */
1012 1035
1013 if (s->handshake_func == 0) 1036 if (s->handshake_func == 0) {
1014 {
1015 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); 1037 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
1016 return -1; 1038 return -1;
1017 } 1039 }
1018 1040
1019 if ((s != NULL) && !SSL_in_init(s)) 1041 if ((s != NULL) && !SSL_in_init(s))
1020 return(s->method->ssl_shutdown(s)); 1042 return (s->method->ssl_shutdown(s));
1021 else 1043 else
1022 return(1); 1044 return (1);
1023 } 1045}
1024 1046
1025int SSL_renegotiate(SSL *s) 1047int
1026 { 1048SSL_renegotiate(SSL *s)
1049{
1027 if (s->renegotiate == 0) 1050 if (s->renegotiate == 0)
1028 s->renegotiate=1; 1051 s->renegotiate = 1;
1029 1052
1030 s->new_session=1; 1053 s->new_session = 1;
1031 1054
1032 return(s->method->ssl_renegotiate(s)); 1055 return (s->method->ssl_renegotiate(s));
1033 } 1056}
1034 1057
1035int SSL_renegotiate_abbreviated(SSL *s) 1058int
1036 { 1059SSL_renegotiate_abbreviated(SSL *s)
1060{
1037 if (s->renegotiate == 0) 1061 if (s->renegotiate == 0)
1038 s->renegotiate=1; 1062 s->renegotiate = 1;
1039 1063
1040 s->new_session=0; 1064 s->new_session = 0;
1041 1065
1042 return(s->method->ssl_renegotiate(s)); 1066 return (s->method->ssl_renegotiate(s));
1043 } 1067}
1044 1068
1045int SSL_renegotiate_pending(SSL *s) 1069int
1046 { 1070SSL_renegotiate_pending(SSL *s)
1071{
1047 /* becomes true when negotiation is requested; 1072 /* becomes true when negotiation is requested;
1048 * false again once a handshake has finished */ 1073 * false again once a handshake has finished */
1049 return (s->renegotiate != 0); 1074 return (s->renegotiate != 0);
1050 } 1075}
1051 1076
1052long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) 1077long
1053 { 1078SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1079{
1054 long l; 1080 long l;
1055 1081
1056 switch (cmd) 1082 switch (cmd) {
1057 {
1058 case SSL_CTRL_GET_READ_AHEAD: 1083 case SSL_CTRL_GET_READ_AHEAD:
1059 return(s->read_ahead); 1084 return (s->read_ahead);
1060 case SSL_CTRL_SET_READ_AHEAD: 1085 case SSL_CTRL_SET_READ_AHEAD:
1061 l=s->read_ahead; 1086 l = s->read_ahead;
1062 s->read_ahead=larg; 1087 s->read_ahead = larg;
1063 return(l); 1088 return (l);
1064 1089
1065 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1090 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1066 s->msg_callback_arg = parg; 1091 s->msg_callback_arg = parg;
1067 return 1; 1092 return 1;
1068 1093
1069 case SSL_CTRL_OPTIONS: 1094 case SSL_CTRL_OPTIONS:
1070 return(s->options|=larg); 1095 return (s->options|=larg);
1071 case SSL_CTRL_CLEAR_OPTIONS: 1096 case SSL_CTRL_CLEAR_OPTIONS:
1072 return(s->options&=~larg); 1097 return (s->options&=~larg);
1073 case SSL_CTRL_MODE: 1098 case SSL_CTRL_MODE:
1074 return(s->mode|=larg); 1099 return (s->mode|=larg);
1075 case SSL_CTRL_CLEAR_MODE: 1100 case SSL_CTRL_CLEAR_MODE:
1076 return(s->mode &=~larg); 1101 return (s->mode &=~larg);
1077 case SSL_CTRL_GET_MAX_CERT_LIST: 1102 case SSL_CTRL_GET_MAX_CERT_LIST:
1078 return(s->max_cert_list); 1103 return (s->max_cert_list);
1079 case SSL_CTRL_SET_MAX_CERT_LIST: 1104 case SSL_CTRL_SET_MAX_CERT_LIST:
1080 l=s->max_cert_list; 1105 l = s->max_cert_list;
1081 s->max_cert_list=larg; 1106 s->max_cert_list = larg;
1082 return(l); 1107 return (l);
1083 case SSL_CTRL_SET_MTU: 1108 case SSL_CTRL_SET_MTU:
1084#ifndef OPENSSL_NO_DTLS1 1109#ifndef OPENSSL_NO_DTLS1
1085 if (larg < (long)dtls1_min_mtu()) 1110 if (larg < (long)dtls1_min_mtu())
@@ -1087,11 +1112,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
1087#endif 1112#endif
1088 1113
1089 if (SSL_version(s) == DTLS1_VERSION || 1114 if (SSL_version(s) == DTLS1_VERSION ||
1090 SSL_version(s) == DTLS1_BAD_VER) 1115 SSL_version(s) == DTLS1_BAD_VER) {
1091 {
1092 s->d1->mtu = larg; 1116 s->d1->mtu = larg;
1093 return larg; 1117 return larg;
1094 } 1118 }
1095 return 0; 1119 return 0;
1096 case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1120 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1097 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1121 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
@@ -1103,203 +1127,204 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
1103 return s->s3->send_connection_binding; 1127 return s->s3->send_connection_binding;
1104 else return 0; 1128 else return 0;
1105 default: 1129 default:
1106 return(s->method->ssl_ctrl(s,cmd,larg,parg)); 1130 return (s->method->ssl_ctrl(s, cmd, larg, parg));
1107 }
1108 } 1131 }
1132}
1109 1133
1110long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 1134long
1111 { 1135SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1112 switch(cmd) 1136{
1113 { 1137 switch (cmd) {
1114 case SSL_CTRL_SET_MSG_CALLBACK: 1138 case SSL_CTRL_SET_MSG_CALLBACK:
1115 s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); 1139 s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1116 return 1; 1140 return 1;
1117 1141
1118 default: 1142 default:
1119 return(s->method->ssl_callback_ctrl(s,cmd,fp)); 1143 return (s->method->ssl_callback_ctrl(s, cmd, fp));
1120 }
1121 } 1144 }
1145}
1122 1146
1123LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) 1147LHASH_OF(SSL_SESSION)
1124 { 1148*SSL_CTX_sessions(SSL_CTX *ctx)
1149{
1125 return ctx->sessions; 1150 return ctx->sessions;
1126 } 1151}
1127 1152
1128long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) 1153long
1129 { 1154SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1155{
1130 long l; 1156 long l;
1131 1157
1132 switch (cmd) 1158 switch (cmd) {
1133 {
1134 case SSL_CTRL_GET_READ_AHEAD: 1159 case SSL_CTRL_GET_READ_AHEAD:
1135 return(ctx->read_ahead); 1160 return (ctx->read_ahead);
1136 case SSL_CTRL_SET_READ_AHEAD: 1161 case SSL_CTRL_SET_READ_AHEAD:
1137 l=ctx->read_ahead; 1162 l = ctx->read_ahead;
1138 ctx->read_ahead=larg; 1163 ctx->read_ahead = larg;
1139 return(l); 1164 return (l);
1140 1165
1141 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1166 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1142 ctx->msg_callback_arg = parg; 1167 ctx->msg_callback_arg = parg;
1143 return 1; 1168 return 1;
1144 1169
1145 case SSL_CTRL_GET_MAX_CERT_LIST: 1170 case SSL_CTRL_GET_MAX_CERT_LIST:
1146 return(ctx->max_cert_list); 1171 return (ctx->max_cert_list);
1147 case SSL_CTRL_SET_MAX_CERT_LIST: 1172 case SSL_CTRL_SET_MAX_CERT_LIST:
1148 l=ctx->max_cert_list; 1173 l = ctx->max_cert_list;
1149 ctx->max_cert_list=larg; 1174 ctx->max_cert_list = larg;
1150 return(l); 1175 return (l);
1151 1176
1152 case SSL_CTRL_SET_SESS_CACHE_SIZE: 1177 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1153 l=ctx->session_cache_size; 1178 l = ctx->session_cache_size;
1154 ctx->session_cache_size=larg; 1179 ctx->session_cache_size = larg;
1155 return(l); 1180 return (l);
1156 case SSL_CTRL_GET_SESS_CACHE_SIZE: 1181 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1157 return(ctx->session_cache_size); 1182 return (ctx->session_cache_size);
1158 case SSL_CTRL_SET_SESS_CACHE_MODE: 1183 case SSL_CTRL_SET_SESS_CACHE_MODE:
1159 l=ctx->session_cache_mode; 1184 l = ctx->session_cache_mode;
1160 ctx->session_cache_mode=larg; 1185 ctx->session_cache_mode = larg;
1161 return(l); 1186 return (l);
1162 case SSL_CTRL_GET_SESS_CACHE_MODE: 1187 case SSL_CTRL_GET_SESS_CACHE_MODE:
1163 return(ctx->session_cache_mode); 1188 return (ctx->session_cache_mode);
1164 1189
1165 case SSL_CTRL_SESS_NUMBER: 1190 case SSL_CTRL_SESS_NUMBER:
1166 return(lh_SSL_SESSION_num_items(ctx->sessions)); 1191 return (lh_SSL_SESSION_num_items(ctx->sessions));
1167 case SSL_CTRL_SESS_CONNECT: 1192 case SSL_CTRL_SESS_CONNECT:
1168 return(ctx->stats.sess_connect); 1193 return (ctx->stats.sess_connect);
1169 case SSL_CTRL_SESS_CONNECT_GOOD: 1194 case SSL_CTRL_SESS_CONNECT_GOOD:
1170 return(ctx->stats.sess_connect_good); 1195 return (ctx->stats.sess_connect_good);
1171 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: 1196 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1172 return(ctx->stats.sess_connect_renegotiate); 1197 return (ctx->stats.sess_connect_renegotiate);
1173 case SSL_CTRL_SESS_ACCEPT: 1198 case SSL_CTRL_SESS_ACCEPT:
1174 return(ctx->stats.sess_accept); 1199 return (ctx->stats.sess_accept);
1175 case SSL_CTRL_SESS_ACCEPT_GOOD: 1200 case SSL_CTRL_SESS_ACCEPT_GOOD:
1176 return(ctx->stats.sess_accept_good); 1201 return (ctx->stats.sess_accept_good);
1177 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: 1202 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1178 return(ctx->stats.sess_accept_renegotiate); 1203 return (ctx->stats.sess_accept_renegotiate);
1179 case SSL_CTRL_SESS_HIT: 1204 case SSL_CTRL_SESS_HIT:
1180 return(ctx->stats.sess_hit); 1205 return (ctx->stats.sess_hit);
1181 case SSL_CTRL_SESS_CB_HIT: 1206 case SSL_CTRL_SESS_CB_HIT:
1182 return(ctx->stats.sess_cb_hit); 1207 return (ctx->stats.sess_cb_hit);
1183 case SSL_CTRL_SESS_MISSES: 1208 case SSL_CTRL_SESS_MISSES:
1184 return(ctx->stats.sess_miss); 1209 return (ctx->stats.sess_miss);
1185 case SSL_CTRL_SESS_TIMEOUTS: 1210 case SSL_CTRL_SESS_TIMEOUTS:
1186 return(ctx->stats.sess_timeout); 1211 return (ctx->stats.sess_timeout);
1187 case SSL_CTRL_SESS_CACHE_FULL: 1212 case SSL_CTRL_SESS_CACHE_FULL:
1188 return(ctx->stats.sess_cache_full); 1213 return (ctx->stats.sess_cache_full);
1189 case SSL_CTRL_OPTIONS: 1214 case SSL_CTRL_OPTIONS:
1190 return(ctx->options|=larg); 1215 return (ctx->options|=larg);
1191 case SSL_CTRL_CLEAR_OPTIONS: 1216 case SSL_CTRL_CLEAR_OPTIONS:
1192 return(ctx->options&=~larg); 1217 return (ctx->options&=~larg);
1193 case SSL_CTRL_MODE: 1218 case SSL_CTRL_MODE:
1194 return(ctx->mode|=larg); 1219 return (ctx->mode|=larg);
1195 case SSL_CTRL_CLEAR_MODE: 1220 case SSL_CTRL_CLEAR_MODE:
1196 return(ctx->mode&=~larg); 1221 return (ctx->mode&=~larg);
1197 case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1222 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1198 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1223 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1199 return 0; 1224 return 0;
1200 ctx->max_send_fragment = larg; 1225 ctx->max_send_fragment = larg;
1201 return 1; 1226 return 1;
1202 default: 1227 default:
1203 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); 1228 return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
1204 }
1205 } 1229 }
1230}
1206 1231
1207long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 1232long
1208 { 1233SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1209 switch(cmd) 1234{
1210 { 1235 switch (cmd) {
1211 case SSL_CTRL_SET_MSG_CALLBACK: 1236 case SSL_CTRL_SET_MSG_CALLBACK:
1212 ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); 1237 ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1213 return 1; 1238 return 1;
1214 1239
1215 default: 1240 default:
1216 return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); 1241 return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
1217 }
1218 } 1242 }
1243}
1219 1244
1220int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) 1245int
1221 { 1246ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1247{
1222 long l; 1248 long l;
1223 1249
1224 l=a->id-b->id; 1250 l = a->id - b->id;
1225 if (l == 0L) 1251 if (l == 0L)
1226 return(0); 1252 return (0);
1227 else 1253 else
1228 return((l > 0)?1:-1); 1254 return ((l > 0) ? 1:-1);
1229 } 1255}
1230 1256
1231int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, 1257int
1232 const SSL_CIPHER * const *bp) 1258ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1233 { 1259 const SSL_CIPHER * const *bp)
1260{
1234 long l; 1261 long l;
1235 1262
1236 l=(*ap)->id-(*bp)->id; 1263 l = (*ap)->id - (*bp)->id;
1237 if (l == 0L) 1264 if (l == 0L)
1238 return(0); 1265 return (0);
1239 else 1266 else
1240 return((l > 0)?1:-1); 1267 return ((l > 0) ? 1:-1);
1241 } 1268}
1242 1269
1243/** return a STACK of the ciphers available for the SSL and in order of 1270/** return a STACK of the ciphers available for the SSL and in order of
1244 * preference */ 1271 * preference */
1245STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) 1272STACK_OF(SSL_CIPHER)
1246 { 1273*SSL_get_ciphers(const SSL *s)
1247 if (s != NULL) 1274{
1248 { 1275 if (s != NULL) {
1249 if (s->cipher_list != NULL) 1276 if (s->cipher_list != NULL) {
1250 { 1277 return (s->cipher_list);
1251 return(s->cipher_list); 1278 } else if ((s->ctx != NULL) &&
1252 } 1279 (s->ctx->cipher_list != NULL)) {
1253 else if ((s->ctx != NULL) && 1280 return (s->ctx->cipher_list);
1254 (s->ctx->cipher_list != NULL))
1255 {
1256 return(s->ctx->cipher_list);
1257 }
1258 } 1281 }
1259 return(NULL);
1260 } 1282 }
1283 return (NULL);
1284}
1261 1285
1262/** return a STACK of the ciphers available for the SSL and in order of 1286/** return a STACK of the ciphers available for the SSL and in order of
1263 * algorithm id */ 1287 * algorithm id */
1264STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) 1288STACK_OF(SSL_CIPHER)
1265 { 1289*ssl_get_ciphers_by_id(SSL *s)
1266 if (s != NULL) 1290{
1267 { 1291 if (s != NULL) {
1268 if (s->cipher_list_by_id != NULL) 1292 if (s->cipher_list_by_id != NULL) {
1269 { 1293 return (s->cipher_list_by_id);
1270 return(s->cipher_list_by_id); 1294 } else if ((s->ctx != NULL) &&
1271 } 1295 (s->ctx->cipher_list_by_id != NULL)) {
1272 else if ((s->ctx != NULL) && 1296 return (s->ctx->cipher_list_by_id);
1273 (s->ctx->cipher_list_by_id != NULL))
1274 {
1275 return(s->ctx->cipher_list_by_id);
1276 }
1277 } 1297 }
1278 return(NULL);
1279 } 1298 }
1299 return (NULL);
1300}
1280 1301
1281/** The old interface to get the same thing as SSL_get_ciphers() */ 1302/** The old interface to get the same thing as SSL_get_ciphers() */
1282const char *SSL_get_cipher_list(const SSL *s,int n) 1303const char
1283 { 1304*SSL_get_cipher_list(const SSL *s, int n)
1305{
1284 SSL_CIPHER *c; 1306 SSL_CIPHER *c;
1285 STACK_OF(SSL_CIPHER) *sk; 1307 STACK_OF(SSL_CIPHER) *sk;
1286 1308
1287 if (s == NULL) return(NULL); 1309 if (s == NULL)
1288 sk=SSL_get_ciphers(s); 1310 return (NULL);
1311 sk = SSL_get_ciphers(s);
1289 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) 1312 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1290 return(NULL); 1313 return (NULL);
1291 c=sk_SSL_CIPHER_value(sk,n); 1314 c = sk_SSL_CIPHER_value(sk, n);
1292 if (c == NULL) return(NULL); 1315 if (c == NULL)
1293 return(c->name); 1316 return (NULL);
1294 } 1317 return (c->name);
1318}
1295 1319
1296/** specify the ciphers to be used by default by the SSL_CTX */ 1320/** specify the ciphers to be used by default by the SSL_CTX */
1297int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) 1321int
1298 { 1322SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1323{
1299 STACK_OF(SSL_CIPHER) *sk; 1324 STACK_OF(SSL_CIPHER) *sk;
1300 1325
1301 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, 1326 sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1302 &ctx->cipher_list_by_id,str); 1327 &ctx->cipher_list_by_id, str);
1303 /* ssl_create_cipher_list may return an empty stack if it 1328 /* ssl_create_cipher_list may return an empty stack if it
1304 * was unable to find a cipher matching the given rule string 1329 * was unable to find a cipher matching the given rule string
1305 * (for example if the rule string specifies a cipher which 1330 * (for example if the rule string specifies a cipher which
@@ -1309,35 +1334,35 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1309 * updated. */ 1334 * updated. */
1310 if (sk == NULL) 1335 if (sk == NULL)
1311 return 0; 1336 return 0;
1312 else if (sk_SSL_CIPHER_num(sk) == 0) 1337 else if (sk_SSL_CIPHER_num(sk) == 0) {
1313 {
1314 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1338 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1315 return 0; 1339 return 0;
1316 }
1317 return 1;
1318 } 1340 }
1341 return 1;
1342}
1319 1343
1320/** specify the ciphers to be used by the SSL */ 1344/** specify the ciphers to be used by the SSL */
1321int SSL_set_cipher_list(SSL *s,const char *str) 1345int
1322 { 1346SSL_set_cipher_list(SSL *s, const char *str)
1347{
1323 STACK_OF(SSL_CIPHER) *sk; 1348 STACK_OF(SSL_CIPHER) *sk;
1324 1349
1325 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, 1350 sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1326 &s->cipher_list_by_id,str); 1351 &s->cipher_list_by_id, str);
1327 /* see comment in SSL_CTX_set_cipher_list */ 1352 /* see comment in SSL_CTX_set_cipher_list */
1328 if (sk == NULL) 1353 if (sk == NULL)
1329 return 0; 1354 return 0;
1330 else if (sk_SSL_CIPHER_num(sk) == 0) 1355 else if (sk_SSL_CIPHER_num(sk) == 0) {
1331 {
1332 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1356 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1333 return 0; 1357 return 0;
1334 }
1335 return 1;
1336 } 1358 }
1359 return 1;
1360}
1337 1361
1338/* works well for SSLv2, not so good for SSLv3 */ 1362/* works well for SSLv2, not so good for SSLv3 */
1339char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) 1363char
1340 { 1364*SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1365{
1341 char *end; 1366 char *end;
1342 STACK_OF(SSL_CIPHER) *sk; 1367 STACK_OF(SSL_CIPHER) *sk;
1343 SSL_CIPHER *c; 1368 SSL_CIPHER *c;
@@ -1346,146 +1371,138 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1346 1371
1347 if ((s->session == NULL) || (s->session->ciphers == NULL) || 1372 if ((s->session == NULL) || (s->session->ciphers == NULL) ||
1348 (len < 2)) 1373 (len < 2))
1349 return(NULL); 1374 return (NULL);
1350 1375
1351 sk=s->session->ciphers; 1376 sk = s->session->ciphers;
1352 buf[0] = '\0'; 1377 buf[0] = '\0';
1353 for (i=0; i<sk_SSL_CIPHER_num(sk); i++) 1378 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1354 { 1379 c = sk_SSL_CIPHER_value(sk, i);
1355 c=sk_SSL_CIPHER_value(sk,i);
1356 end = buf + curlen; 1380 end = buf + curlen;
1357 if (strlcat(buf, c->name, len) >= len || 1381 if (strlcat(buf, c->name, len) >= len ||
1358 (curlen = strlcat(buf, ":", len)) >= len) 1382 (curlen = strlcat(buf, ":", len)) >= len) {
1359 {
1360 /* remove truncated cipher from list */ 1383 /* remove truncated cipher from list */
1361 *end = '\0'; 1384 *end = '\0';
1362 break; 1385 break;
1363 }
1364 } 1386 }
1387 }
1365 /* remove trailing colon */ 1388 /* remove trailing colon */
1366 if ((end = strrchr(buf, ':')) != NULL) 1389 if ((end = strrchr(buf, ':')) != NULL)
1367 *end = '\0'; 1390 *end = '\0';
1368 return(buf); 1391 return (buf);
1369 } 1392}
1370 1393
1371int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, 1394int
1372 int (*put_cb)(const SSL_CIPHER *, unsigned char *)) 1395ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
1373 { 1396 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1374 int i,j=0; 1397{
1398 int i, j = 0;
1375 SSL_CIPHER *c; 1399 SSL_CIPHER *c;
1376 unsigned char *q; 1400 unsigned char *q;
1377#ifndef OPENSSL_NO_KRB5 1401#ifndef OPENSSL_NO_KRB5
1378 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); 1402 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
1379#endif /* OPENSSL_NO_KRB5 */ 1403#endif /* OPENSSL_NO_KRB5 */
1380 1404
1381 if (sk == NULL) return(0); 1405 if (sk == NULL)
1382 q=p; 1406 return (0);
1407 q = p;
1383 1408
1384 for (i=0; i<sk_SSL_CIPHER_num(sk); i++) 1409 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1385 { 1410 c = sk_SSL_CIPHER_value(sk, i);
1386 c=sk_SSL_CIPHER_value(sk,i);
1387 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 1411 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1388 if ((c->algorithm_ssl & SSL_TLSV1_2) && 1412 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
1389 (TLS1_get_client_version(s) < TLS1_2_VERSION)) 1413 (TLS1_get_client_version(s) < TLS1_2_VERSION))
1390 continue; 1414 continue;
1391#ifndef OPENSSL_NO_KRB5 1415#ifndef OPENSSL_NO_KRB5
1392 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && 1416 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
1393 nokrb5) 1417 nokrb5)
1394 continue; 1418 continue;
1395#endif /* OPENSSL_NO_KRB5 */ 1419#endif /* OPENSSL_NO_KRB5 */
1396#ifndef OPENSSL_NO_PSK 1420#ifndef OPENSSL_NO_PSK
1397 /* with PSK there must be client callback set */ 1421 /* with PSK there must be client callback set */
1398 if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && 1422 if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
1399 s->psk_client_callback == NULL) 1423 s->psk_client_callback == NULL)
1400 continue; 1424 continue;
1401#endif /* OPENSSL_NO_PSK */ 1425#endif /* OPENSSL_NO_PSK */
1402 j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); 1426 j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p);
1403 p+=j; 1427 p += j;
1404 } 1428 }
1405 /* If p == q, no ciphers and caller indicates an error. Otherwise 1429 /* If p == q, no ciphers and caller indicates an error. Otherwise
1406 * add SCSV if not renegotiating. 1430 * add SCSV if not renegotiating.
1407 */ 1431 */
1408 if (p != q && !s->renegotiate) 1432 if (p != q && !s->renegotiate) {
1409 { 1433 static SSL_CIPHER scsv = {
1410 static SSL_CIPHER scsv =
1411 {
1412 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 1434 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
1413 }; 1435 };
1414 j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); 1436 j = put_cb ? put_cb(&scsv, p) : ssl_put_cipher_by_char(s, &scsv, p);
1415 p+=j; 1437 p += j;
1416#ifdef OPENSSL_RI_DEBUG 1438#ifdef OPENSSL_RI_DEBUG
1417 fprintf(stderr, "SCSV sent by client\n"); 1439 fprintf(stderr, "SCSV sent by client\n");
1418#endif 1440#endif
1419 }
1420
1421 return(p-q);
1422 } 1441 }
1423 1442
1424STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, 1443 return (p - q);
1425 STACK_OF(SSL_CIPHER) **skp) 1444}
1426 { 1445
1446STACK_OF(SSL_CIPHER)
1447*ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1448STACK_OF(SSL_CIPHER) **skp)
1449{
1427 const SSL_CIPHER *c; 1450 const SSL_CIPHER *c;
1428 STACK_OF(SSL_CIPHER) *sk; 1451 STACK_OF(SSL_CIPHER) *sk;
1429 int i,n; 1452 int i, n;
1430 if (s->s3) 1453 if (s->s3)
1431 s->s3->send_connection_binding = 0; 1454 s->s3->send_connection_binding = 0;
1432 1455
1433 n=ssl_put_cipher_by_char(s,NULL,NULL); 1456 n = ssl_put_cipher_by_char(s, NULL, NULL);
1434 if ((num%n) != 0) 1457 if ((num % n) != 0) {
1435 { 1458 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1436 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 1459 return (NULL);
1437 return(NULL); 1460 }
1438 }
1439 if ((skp == NULL) || (*skp == NULL)) 1461 if ((skp == NULL) || (*skp == NULL))
1440 sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ 1462 sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
1441 else 1463 else {
1442 {
1443 sk= *skp; 1464 sk= *skp;
1444 sk_SSL_CIPHER_zero(sk); 1465 sk_SSL_CIPHER_zero(sk);
1445 } 1466 }
1446 1467
1447 for (i=0; i<num; i+=n) 1468 for (i = 0; i < num; i += n) {
1448 {
1449 /* Check for SCSV */ 1469 /* Check for SCSV */
1450 if (s->s3 && (n != 3 || !p[0]) && 1470 if (s->s3 && (n != 3 || !p[0]) &&
1451 (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && 1471 (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
1452 (p[n-1] == (SSL3_CK_SCSV & 0xff))) 1472 (p[n - 1] == (SSL3_CK_SCSV & 0xff))) {
1453 {
1454 /* SCSV fatal if renegotiating */ 1473 /* SCSV fatal if renegotiating */
1455 if (s->renegotiate) 1474 if (s->renegotiate) {
1456 { 1475 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1457 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); 1476 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1458 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1477
1459 goto err; 1478 goto err;
1460 } 1479 }
1461 s->s3->send_connection_binding = 1; 1480 s->s3->send_connection_binding = 1;
1462 p += n; 1481 p += n;
1463#ifdef OPENSSL_RI_DEBUG 1482#ifdef OPENSSL_RI_DEBUG
1464 fprintf(stderr, "SCSV received by server\n"); 1483 fprintf(stderr, "SCSV received by server\n");
1465#endif 1484#endif
1466 continue; 1485 continue;
1467 } 1486 }
1468 1487
1469 c=ssl_get_cipher_by_char(s,p); 1488 c = ssl_get_cipher_by_char(s, p);
1470 p+=n; 1489 p += n;
1471 if (c != NULL) 1490 if (c != NULL) {
1472 { 1491 if (!sk_SSL_CIPHER_push(sk, c)) {
1473 if (!sk_SSL_CIPHER_push(sk,c)) 1492 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
1474 {
1475 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1476 goto err; 1493 goto err;
1477 }
1478 } 1494 }
1479 } 1495 }
1496 }
1480 1497
1481 if (skp != NULL) 1498 if (skp != NULL)
1482 *skp=sk; 1499 *skp = sk;
1483 return(sk); 1500 return (sk);
1484err: 1501err:
1485 if ((skp == NULL) || (*skp == NULL)) 1502 if ((skp == NULL) || (*skp == NULL))
1486 sk_SSL_CIPHER_free(sk); 1503 sk_SSL_CIPHER_free(sk);
1487 return(NULL); 1504 return (NULL);
1488 } 1505}
1489 1506
1490 1507
1491#ifndef OPENSSL_NO_TLSEXT 1508#ifndef OPENSSL_NO_TLSEXT
@@ -1493,22 +1510,24 @@ err:
1493 * So far, only host_name types are defined (RFC 3546). 1510 * So far, only host_name types are defined (RFC 3546).
1494 */ 1511 */
1495 1512
1496const char *SSL_get_servername(const SSL *s, const int type) 1513const char
1497 { 1514*SSL_get_servername(const SSL *s, const int type)
1515{
1498 if (type != TLSEXT_NAMETYPE_host_name) 1516 if (type != TLSEXT_NAMETYPE_host_name)
1499 return NULL; 1517 return NULL;
1500 1518
1501 return s->session && !s->tlsext_hostname ? 1519 return s->session && !s->tlsext_hostname ?
1502 s->session->tlsext_hostname : 1520 s->session->tlsext_hostname :
1503 s->tlsext_hostname; 1521 s->tlsext_hostname;
1504 } 1522}
1505 1523
1506int SSL_get_servername_type(const SSL *s) 1524int
1507 { 1525SSL_get_servername_type(const SSL *s)
1526{
1508 if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) 1527 if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
1509 return TLSEXT_NAMETYPE_host_name; 1528 return TLSEXT_NAMETYPE_host_name;
1510 return -1; 1529 return -1;
1511 } 1530}
1512 1531
1513# ifndef OPENSSL_NO_NEXTPROTONEG 1532# ifndef OPENSSL_NO_NEXTPROTONEG
1514/* SSL_select_next_proto implements the standard protocol selection. It is 1533/* SSL_select_next_proto implements the standard protocol selection. It is
@@ -1541,31 +1560,29 @@ int SSL_get_servername_type(const SSL *s)
1541 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or 1560 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1542 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. 1561 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1543 */ 1562 */
1544int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) 1563int
1545 { 1564SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len)
1565{
1546 unsigned int i, j; 1566 unsigned int i, j;
1547 const unsigned char *result; 1567 const unsigned char *result;
1548 int status = OPENSSL_NPN_UNSUPPORTED; 1568 int status = OPENSSL_NPN_UNSUPPORTED;
1549 1569
1550 /* For each protocol in server preference order, see if we support it. */ 1570 /* For each protocol in server preference order, see if we support it. */
1551 for (i = 0; i < server_len; ) 1571 for (i = 0; i < server_len; ) {
1552 { 1572 for (j = 0; j < client_len; ) {
1553 for (j = 0; j < client_len; )
1554 {
1555 if (server[i] == client[j] && 1573 if (server[i] == client[j] &&
1556 memcmp(&server[i+1], &client[j+1], server[i]) == 0) 1574 memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
1557 {
1558 /* We found a match */ 1575 /* We found a match */
1559 result = &server[i]; 1576 result = &server[i];
1560 status = OPENSSL_NPN_NEGOTIATED; 1577 status = OPENSSL_NPN_NEGOTIATED;
1561 goto found; 1578 goto found;
1562 } 1579 }
1563 j += client[j]; 1580 j += client[j];
1564 j++; 1581 j++;
1565 } 1582 }
1566 i += server[i]; 1583 i += server[i];
1567 i++; 1584 i++;
1568 } 1585 }
1569 1586
1570 /* There's no overlap between our protocols and the server's list. */ 1587 /* There's no overlap between our protocols and the server's list. */
1571 result = client; 1588 result = client;
@@ -1575,7 +1592,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi
1575 *out = (unsigned char *) result + 1; 1592 *out = (unsigned char *) result + 1;
1576 *outlen = result[0]; 1593 *outlen = result[0];
1577 return status; 1594 return status;
1578 } 1595}
1579 1596
1580/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's 1597/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
1581 * requested protocol for this connection and returns 0. If the client didn't 1598 * requested protocol for this connection and returns 0. If the client didn't
@@ -1585,8 +1602,9 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi
1585 * from this function need not be a member of the list of supported protocols 1602 * from this function need not be a member of the list of supported protocols
1586 * provided by the callback. 1603 * provided by the callback.
1587 */ 1604 */
1588void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) 1605void
1589 { 1606SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len)
1607{
1590 *data = s->next_proto_negotiated; 1608 *data = s->next_proto_negotiated;
1591 if (!*data) { 1609 if (!*data) {
1592 *len = 0; 1610 *len = 0;
@@ -1604,11 +1622,12 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, un
1604 * 1622 *
1605 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no 1623 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no
1606 * such extension will be included in the ServerHello. */ 1624 * such extension will be included in the ServerHello. */
1607void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) 1625void
1608 { 1626SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1627{
1609 ctx->next_protos_advertised_cb = cb; 1628 ctx->next_protos_advertised_cb = cb;
1610 ctx->next_protos_advertised_cb_arg = arg; 1629 ctx->next_protos_advertised_cb_arg = arg;
1611 } 1630}
1612 1631
1613/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a 1632/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
1614 * client needs to select a protocol from the server's provided list. |out| 1633 * client needs to select a protocol from the server's provided list. |out|
@@ -1620,183 +1639,186 @@ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, co
1620 * The client must select a protocol. It is fatal to the connection if this 1639 * The client must select a protocol. It is fatal to the connection if this
1621 * callback returns a value other than SSL_TLSEXT_ERR_OK. 1640 * callback returns a value other than SSL_TLSEXT_ERR_OK.
1622 */ 1641 */
1623void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) 1642void
1624 { 1643SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1644{
1625 ctx->next_proto_select_cb = cb; 1645 ctx->next_proto_select_cb = cb;
1626 ctx->next_proto_select_cb_arg = arg; 1646 ctx->next_proto_select_cb_arg = arg;
1627 } 1647}
1628# endif 1648# endif
1629#endif 1649#endif
1630 1650
1631int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1651int
1632 const char *label, size_t llen, const unsigned char *p, size_t plen, 1652SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1633 int use_context) 1653 const char *label, size_t llen, const unsigned char *p, size_t plen,
1634 { 1654int use_context)
1655{
1635 if (s->version < TLS1_VERSION) 1656 if (s->version < TLS1_VERSION)
1636 return -1; 1657 return -1;
1637 1658
1638 return s->method->ssl3_enc->export_keying_material(s, out, olen, label, 1659 return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
1639 llen, p, plen, 1660 llen, p, plen,
1640 use_context); 1661 use_context);
1641 } 1662}
1642 1663
1643static unsigned long ssl_session_hash(const SSL_SESSION *a) 1664static unsigned long
1644 { 1665ssl_session_hash(const SSL_SESSION *a)
1666{
1645 unsigned long l; 1667 unsigned long l;
1646 1668
1647 l=(unsigned long) 1669 l = (unsigned long)
1648 ((unsigned int) a->session_id[0] )| 1670 ((unsigned int) a->session_id[0] )|
1649 ((unsigned int) a->session_id[1]<< 8L)| 1671 ((unsigned int) a->session_id[1]<< 8L)|
1650 ((unsigned long)a->session_id[2]<<16L)| 1672 ((unsigned long)a->session_id[2]<<16L)|
1651 ((unsigned long)a->session_id[3]<<24L); 1673 ((unsigned long)a->session_id[3]<<24L);
1652 return(l); 1674 return (l);
1653 } 1675}
1654 1676
1655/* NB: If this function (or indeed the hash function which uses a sort of 1677/* NB: If this function (or indeed the hash function which uses a sort of
1656 * coarser function than this one) is changed, ensure 1678 * coarser function than this one) is changed, ensure
1657 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being 1679 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1658 * able to construct an SSL_SESSION that will collide with any existing session 1680 * able to construct an SSL_SESSION that will collide with any existing session
1659 * with a matching session ID. */ 1681 * with a matching session ID. */
1660static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) 1682static int
1661 { 1683ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
1684{
1662 if (a->ssl_version != b->ssl_version) 1685 if (a->ssl_version != b->ssl_version)
1663 return(1); 1686 return (1);
1664 if (a->session_id_length != b->session_id_length) 1687 if (a->session_id_length != b->session_id_length)
1665 return(1); 1688 return (1);
1666 return(memcmp(a->session_id,b->session_id,a->session_id_length)); 1689 return (memcmp(a->session_id, b->session_id, a->session_id_length));
1667 } 1690}
1668 1691
1669/* These wrapper functions should remain rather than redeclaring 1692/* These wrapper functions should remain rather than redeclaring
1670 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each 1693 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1671 * variable. The reason is that the functions aren't static, they're exposed via 1694 * variable. The reason is that the functions aren't static, they're exposed via
1672 * ssl.h. */ 1695 * ssl.h. */
1673static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) 1696static
1674static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) 1697IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
1698static
1699IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
1675 1700
1676SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) 1701SSL_CTX
1677 { 1702*SSL_CTX_new(const SSL_METHOD *meth)
1678 SSL_CTX *ret=NULL; 1703{
1704 SSL_CTX *ret = NULL;
1679 1705
1680 if (meth == NULL) 1706 if (meth == NULL) {
1681 { 1707 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
1682 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); 1708 return (NULL);
1683 return(NULL); 1709 }
1684 }
1685 1710
1686#ifdef OPENSSL_FIPS 1711#ifdef OPENSSL_FIPS
1687 if (FIPS_mode() && (meth->version < TLS1_VERSION)) 1712 if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
1688 {
1689 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 1713 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
1690 return NULL; 1714 return NULL;
1691 } 1715 }
1692#endif 1716#endif
1693 1717
1694 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) 1718 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1695 { 1719 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1696 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1697 goto err; 1720 goto err;
1698 } 1721 }
1699 ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); 1722 ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
1700 if (ret == NULL) 1723 if (ret == NULL)
1701 goto err; 1724 goto err;
1702 1725
1703 memset(ret,0,sizeof(SSL_CTX)); 1726 memset(ret, 0, sizeof(SSL_CTX));
1704 1727
1705 ret->method=meth; 1728 ret->method = meth;
1706 1729
1707 ret->cert_store=NULL; 1730 ret->cert_store = NULL;
1708 ret->session_cache_mode=SSL_SESS_CACHE_SERVER; 1731 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
1709 ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 1732 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1710 ret->session_cache_head=NULL; 1733 ret->session_cache_head = NULL;
1711 ret->session_cache_tail=NULL; 1734 ret->session_cache_tail = NULL;
1712 1735
1713 /* We take the system default */ 1736 /* We take the system default */
1714 ret->session_timeout=meth->get_timeout(); 1737 ret->session_timeout = meth->get_timeout();
1715 1738
1716 ret->new_session_cb=0; 1739 ret->new_session_cb = 0;
1717 ret->remove_session_cb=0; 1740 ret->remove_session_cb = 0;
1718 ret->get_session_cb=0; 1741 ret->get_session_cb = 0;
1719 ret->generate_session_id=0; 1742 ret->generate_session_id = 0;
1720 1743
1721 memset((char *)&ret->stats,0,sizeof(ret->stats)); 1744 memset((char *)&ret->stats, 0, sizeof(ret->stats));
1722 1745
1723 ret->references=1; 1746 ret->references = 1;
1724 ret->quiet_shutdown=0; 1747 ret->quiet_shutdown = 0;
1725 1748
1726/* ret->cipher=NULL;*/ 1749/* ret->cipher=NULL;*/
1727/* ret->s2->challenge=NULL; 1750/* ret->s2->challenge=NULL;
1728 ret->master_key=NULL; 1751 ret->master_key=NULL;
1729 ret->key_arg=NULL; 1752 ret->key_arg=NULL;
1730 ret->s2->conn_id=NULL; */ 1753 ret->s2->conn_id=NULL;
1754*/
1731 1755
1732 ret->info_callback=NULL; 1756 ret->info_callback = NULL;
1733 1757
1734 ret->app_verify_callback=0; 1758 ret->app_verify_callback = 0;
1735 ret->app_verify_arg=NULL; 1759 ret->app_verify_arg = NULL;
1736 1760
1737 ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; 1761 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
1738 ret->read_ahead=0; 1762 ret->read_ahead = 0;
1739 ret->msg_callback=0; 1763 ret->msg_callback = 0;
1740 ret->msg_callback_arg=NULL; 1764 ret->msg_callback_arg = NULL;
1741 ret->verify_mode=SSL_VERIFY_NONE; 1765 ret->verify_mode = SSL_VERIFY_NONE;
1742#if 0 1766#if 0
1743 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ 1767 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
1744#endif 1768#endif
1745 ret->sid_ctx_length=0; 1769 ret->sid_ctx_length = 0;
1746 ret->default_verify_callback=NULL; 1770 ret->default_verify_callback = NULL;
1747 if ((ret->cert=ssl_cert_new()) == NULL) 1771 if ((ret->cert = ssl_cert_new()) == NULL)
1748 goto err; 1772 goto err;
1749 1773
1750 ret->default_passwd_callback=0; 1774 ret->default_passwd_callback = 0;
1751 ret->default_passwd_callback_userdata=NULL; 1775 ret->default_passwd_callback_userdata = NULL;
1752 ret->client_cert_cb=0; 1776 ret->client_cert_cb = 0;
1753 ret->app_gen_cookie_cb=0; 1777 ret->app_gen_cookie_cb = 0;
1754 ret->app_verify_cookie_cb=0; 1778 ret->app_verify_cookie_cb = 0;
1755 1779
1756 ret->sessions=lh_SSL_SESSION_new(); 1780 ret->sessions = lh_SSL_SESSION_new();
1757 if (ret->sessions == NULL) goto err; 1781 if (ret->sessions == NULL)
1758 ret->cert_store=X509_STORE_new(); 1782 goto err;
1759 if (ret->cert_store == NULL) goto err; 1783 ret->cert_store = X509_STORE_new();
1784 if (ret->cert_store == NULL)
1785 goto err;
1760 1786
1761 ssl_create_cipher_list(ret->method, 1787 ssl_create_cipher_list(ret->method,
1762 &ret->cipher_list,&ret->cipher_list_by_id, 1788 &ret->cipher_list, &ret->cipher_list_by_id,
1763 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); 1789 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
1764 if (ret->cipher_list == NULL 1790 if (ret->cipher_list == NULL
1765 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) 1791 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1766 { 1792 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
1767 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
1768 goto err2; 1793 goto err2;
1769 } 1794 }
1770 1795
1771 ret->param = X509_VERIFY_PARAM_new(); 1796 ret->param = X509_VERIFY_PARAM_new();
1772 if (!ret->param) 1797 if (!ret->param)
1773 goto err; 1798 goto err;
1774 1799
1775 if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) 1800 if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) {
1776 { 1801 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1777 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1778 goto err2; 1802 goto err2;
1779 } 1803 }
1780 if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) 1804 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
1781 { 1805 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1782 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1783 goto err2; 1806 goto err2;
1784 } 1807 }
1785 if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL) 1808 if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
1786 { 1809 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1787 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1788 goto err2; 1810 goto err2;
1789 } 1811 }
1790 1812
1791 if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) 1813 if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
1792 goto err; 1814 goto err;
1793 1815
1794 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); 1816 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1795 1817
1796 ret->extra_certs=NULL; 1818 ret->extra_certs = NULL;
1797 /* No compression for DTLS */ 1819 /* No compression for DTLS */
1798 if (meth->version != DTLS1_VERSION) 1820 if (meth->version != DTLS1_VERSION)
1799 ret->comp_methods=SSL_COMP_get_compression_methods(); 1821 ret->comp_methods = SSL_COMP_get_compression_methods();
1800 1822
1801 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1823 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1802 1824
@@ -1806,8 +1828,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1806 /* Setup RFC4507 ticket keys */ 1828 /* Setup RFC4507 ticket keys */
1807 if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) 1829 if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
1808 || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) 1830 || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
1809 || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) 1831 || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
1810 ret->options |= SSL_OP_NO_TICKET; 1832 ret->options |= SSL_OP_NO_TICKET;
1811 1833
1812 ret->tlsext_status_cb = 0; 1834 ret->tlsext_status_cb = 0;
1813 ret->tlsext_status_arg = NULL; 1835 ret->tlsext_status_arg = NULL;
@@ -1818,9 +1840,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1818# endif 1840# endif
1819#endif 1841#endif
1820#ifndef OPENSSL_NO_PSK 1842#ifndef OPENSSL_NO_PSK
1821 ret->psk_identity_hint=NULL; 1843 ret->psk_identity_hint = NULL;
1822 ret->psk_client_callback=NULL; 1844 ret->psk_client_callback = NULL;
1823 ret->psk_server_callback=NULL; 1845 ret->psk_server_callback = NULL;
1824#endif 1846#endif
1825#ifndef OPENSSL_NO_SRP 1847#ifndef OPENSSL_NO_SRP
1826 SSL_CTX_SRP_CTX_init(ret); 1848 SSL_CTX_SRP_CTX_init(ret);
@@ -1834,11 +1856,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1834 ret->rbuf_freelist->len = 0; 1856 ret->rbuf_freelist->len = 0;
1835 ret->rbuf_freelist->head = NULL; 1857 ret->rbuf_freelist->head = NULL;
1836 ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); 1858 ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1837 if (!ret->wbuf_freelist) 1859 if (!ret->wbuf_freelist) {
1838 {
1839 OPENSSL_free(ret->rbuf_freelist); 1860 OPENSSL_free(ret->rbuf_freelist);
1840 goto err; 1861 goto err;
1841 } 1862 }
1842 ret->wbuf_freelist->chunklen = 0; 1863 ret->wbuf_freelist->chunklen = 0;
1843 ret->wbuf_freelist->len = 0; 1864 ret->wbuf_freelist->len = 0;
1844 ret->wbuf_freelist->head = NULL; 1865 ret->wbuf_freelist->head = NULL;
@@ -1850,16 +1871,15 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1850#define eng_str(x) eng_strx(x) 1871#define eng_str(x) eng_strx(x)
1851 /* Use specific client engine automatically... ignore errors */ 1872 /* Use specific client engine automatically... ignore errors */
1852 { 1873 {
1853 ENGINE *eng; 1874 ENGINE *eng;
1854 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1855 if (!eng)
1856 {
1857 ERR_clear_error();
1858 ENGINE_load_builtin_engines();
1859 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 1875 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1876 if (!eng) {
1877 ERR_clear_error();
1878 ENGINE_load_builtin_engines();
1879 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1860 } 1880 }
1861 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) 1881 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1862 ERR_clear_error(); 1882 ERR_clear_error();
1863 } 1883 }
1864#endif 1884#endif
1865#endif 1885#endif
@@ -1868,50 +1888,54 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1868 */ 1888 */
1869 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; 1889 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1870 1890
1871 return(ret); 1891 return (ret);
1872err: 1892err:
1873 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); 1893 SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
1874err2: 1894err2:
1875 if (ret != NULL) SSL_CTX_free(ret); 1895 if (ret != NULL)
1876 return(NULL); 1896 SSL_CTX_free(ret);
1877 } 1897 return (NULL);
1898}
1878 1899
1879#if 0 1900#if 0
1880static void SSL_COMP_free(SSL_COMP *comp) 1901static void
1881 { OPENSSL_free(comp); } 1902SSL_COMP_free(SSL_COMP *comp)
1903 { OPENSSL_free(comp);
1904}
1882#endif 1905#endif
1883 1906
1884#ifndef OPENSSL_NO_BUF_FREELISTS 1907#ifndef OPENSSL_NO_BUF_FREELISTS
1885static void 1908static void
1886ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) 1909ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
1887 { 1910{
1888 SSL3_BUF_FREELIST_ENTRY *ent, *next; 1911 SSL3_BUF_FREELIST_ENTRY *ent, *next;
1889 for (ent = list->head; ent; ent = next) 1912 for (ent = list->head; ent; ent = next) {
1890 {
1891 next = ent->next; 1913 next = ent->next;
1892 OPENSSL_free(ent); 1914 OPENSSL_free(ent);
1893 }
1894 OPENSSL_free(list);
1895 } 1915 }
1916 OPENSSL_free(list);
1917}
1896#endif 1918#endif
1897 1919
1898void SSL_CTX_free(SSL_CTX *a) 1920void
1899 { 1921SSL_CTX_free(SSL_CTX *a)
1922{
1900 int i; 1923 int i;
1901 1924
1902 if (a == NULL) return; 1925 if (a == NULL)
1926 return;
1903 1927
1904 i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); 1928 i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX);
1905#ifdef REF_PRINT 1929#ifdef REF_PRINT
1906 REF_PRINT("SSL_CTX",a); 1930 REF_PRINT("SSL_CTX", a);
1907#endif 1931#endif
1908 if (i > 0) return; 1932 if (i > 0)
1933 return;
1909#ifdef REF_CHECK 1934#ifdef REF_CHECK
1910 if (i < 0) 1935 if (i < 0) {
1911 { 1936 fprintf(stderr, "SSL_CTX_free, bad reference count\n");
1912 fprintf(stderr,"SSL_CTX_free, bad reference count\n");
1913 abort(); /* ok */ 1937 abort(); /* ok */
1914 } 1938 }
1915#endif 1939#endif
1916 1940
1917 if (a->param) 1941 if (a->param)
@@ -1927,7 +1951,7 @@ void SSL_CTX_free(SSL_CTX *a)
1927 * (See ticket [openssl.org #212].) 1951 * (See ticket [openssl.org #212].)
1928 */ 1952 */
1929 if (a->sessions != NULL) 1953 if (a->sessions != NULL)
1930 SSL_CTX_flush_sessions(a,0); 1954 SSL_CTX_flush_sessions(a, 0);
1931 1955
1932 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); 1956 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1933 1957
@@ -1943,19 +1967,19 @@ void SSL_CTX_free(SSL_CTX *a)
1943 if (a->cert != NULL) 1967 if (a->cert != NULL)
1944 ssl_cert_free(a->cert); 1968 ssl_cert_free(a->cert);
1945 if (a->client_CA != NULL) 1969 if (a->client_CA != NULL)
1946 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); 1970 sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
1947 if (a->extra_certs != NULL) 1971 if (a->extra_certs != NULL)
1948 sk_X509_pop_free(a->extra_certs,X509_free); 1972 sk_X509_pop_free(a->extra_certs, X509_free);
1949#if 0 /* This should never be done, since it removes a global database */ 1973#if 0 /* This should never be done, since it removes a global database */
1950 if (a->comp_methods != NULL) 1974 if (a->comp_methods != NULL)
1951 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); 1975 sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free);
1952#else 1976#else
1953 a->comp_methods = NULL; 1977 a->comp_methods = NULL;
1954#endif 1978#endif
1955 1979
1956#ifndef OPENSSL_NO_SRTP 1980#ifndef OPENSSL_NO_SRTP
1957 if (a->srtp_profiles) 1981 if (a->srtp_profiles)
1958 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); 1982 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
1959#endif 1983#endif
1960 1984
1961#ifndef OPENSSL_NO_PSK 1985#ifndef OPENSSL_NO_PSK
@@ -1978,42 +2002,48 @@ void SSL_CTX_free(SSL_CTX *a)
1978#endif 2002#endif
1979 2003
1980 OPENSSL_free(a); 2004 OPENSSL_free(a);
1981 } 2005}
1982 2006
1983void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) 2007void
1984 { 2008SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1985 ctx->default_passwd_callback=cb; 2009{
1986 } 2010 ctx->default_passwd_callback = cb;
2011}
1987 2012
1988void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) 2013void
1989 { 2014SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
1990 ctx->default_passwd_callback_userdata=u; 2015{
1991 } 2016 ctx->default_passwd_callback_userdata = u;
2017}
1992 2018
1993void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) 2019void
1994 { 2020SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg)
1995 ctx->app_verify_callback=cb; 2021{
1996 ctx->app_verify_arg=arg; 2022 ctx->app_verify_callback = cb;
1997 } 2023 ctx->app_verify_arg = arg;
2024}
1998 2025
1999void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) 2026void
2000 { 2027SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
2001 ctx->verify_mode=mode; 2028{
2002 ctx->default_verify_callback=cb; 2029 ctx->verify_mode = mode;
2003 } 2030 ctx->default_verify_callback = cb;
2031}
2004 2032
2005void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) 2033void
2006 { 2034SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
2035{
2007 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2036 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2008 } 2037}
2009 2038
2010void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) 2039void
2011 { 2040ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2041{
2012 CERT_PKEY *cpk; 2042 CERT_PKEY *cpk;
2013 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; 2043 int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
2014 int rsa_enc_export,dh_rsa_export,dh_dsa_export; 2044 int rsa_enc_export, dh_rsa_export, dh_dsa_export;
2015 int rsa_tmp_export,dh_tmp_export,kl; 2045 int rsa_tmp_export, dh_tmp_export, kl;
2016 unsigned long mask_k,mask_a,emask_k,emask_a; 2046 unsigned long mask_k, mask_a, emask_k, emask_a;
2017 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; 2047 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
2018#ifndef OPENSSL_NO_ECDH 2048#ifndef OPENSSL_NO_ECDH
2019 int have_ecdh_tmp; 2049 int have_ecdh_tmp;
@@ -2022,57 +2052,58 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2022 EVP_PKEY *ecc_pkey = NULL; 2052 EVP_PKEY *ecc_pkey = NULL;
2023 int signature_nid = 0, pk_nid = 0, md_nid = 0; 2053 int signature_nid = 0, pk_nid = 0, md_nid = 0;
2024 2054
2025 if (c == NULL) return; 2055 if (c == NULL)
2056 return;
2026 2057
2027 kl=SSL_C_EXPORT_PKEYLENGTH(cipher); 2058 kl = SSL_C_EXPORT_PKEYLENGTH(cipher);
2028 2059
2029#ifndef OPENSSL_NO_RSA 2060#ifndef OPENSSL_NO_RSA
2030 rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); 2061 rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
2031 rsa_tmp_export=(c->rsa_tmp_cb != NULL || 2062 rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
2032 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); 2063 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
2033#else 2064#else
2034 rsa_tmp=rsa_tmp_export=0; 2065 rsa_tmp = rsa_tmp_export = 0;
2035#endif 2066#endif
2036#ifndef OPENSSL_NO_DH 2067#ifndef OPENSSL_NO_DH
2037 dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); 2068 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
2038 dh_tmp_export=(c->dh_tmp_cb != NULL || 2069 dh_tmp_export = (c->dh_tmp_cb != NULL ||
2039 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); 2070 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
2040#else 2071#else
2041 dh_tmp=dh_tmp_export=0; 2072 dh_tmp = dh_tmp_export = 0;
2042#endif 2073#endif
2043 2074
2044#ifndef OPENSSL_NO_ECDH 2075#ifndef OPENSSL_NO_ECDH
2045 have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); 2076 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
2046#endif 2077#endif
2047 cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); 2078 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
2048 rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); 2079 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
2049 rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); 2080 rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2050 cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); 2081 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
2051 rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); 2082 rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
2052 cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); 2083 cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
2053 dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); 2084 dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
2054 cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); 2085 cpk = &(c->pkeys[SSL_PKEY_DH_RSA]);
2055 dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); 2086 dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
2056 dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); 2087 dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2057 cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); 2088 cpk = &(c->pkeys[SSL_PKEY_DH_DSA]);
2058/* FIX THIS EAY EAY EAY */ 2089/* FIX THIS EAY EAY EAY */
2059 dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); 2090 dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
2060 dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); 2091 dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2061 cpk= &(c->pkeys[SSL_PKEY_ECC]); 2092 cpk = &(c->pkeys[SSL_PKEY_ECC]);
2062 have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); 2093 have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
2063 mask_k=0; 2094 mask_k = 0;
2064 mask_a=0; 2095 mask_a = 0;
2065 emask_k=0; 2096 emask_k = 0;
2066 emask_a=0; 2097 emask_a = 0;
2098
2067 2099
2068
2069 2100
2070#ifdef CIPHER_DEBUG 2101#ifdef CIPHER_DEBUG
2071 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", 2102 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
2072 rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp, 2103 rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp,
2073 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); 2104 rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
2074#endif 2105#endif
2075 2106
2076 cpk = &(c->pkeys[SSL_PKEY_GOST01]); 2107 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2077 if (cpk->x509 != NULL && cpk->privatekey !=NULL) { 2108 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
2078 mask_k |= SSL_kGOST; 2109 mask_k |= SSL_kGOST;
@@ -2091,12 +2122,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2091 2122
2092#if 0 2123#if 0
2093 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ 2124 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
2094 if ( (dh_tmp || dh_rsa || dh_dsa) && 2125 if ((dh_tmp || dh_rsa || dh_dsa) &&
2095 (rsa_enc || rsa_sign || dsa_sign)) 2126 (rsa_enc || rsa_sign || dsa_sign))
2096 mask_k|=SSL_kEDH; 2127 mask_k|=SSL_kEDH;
2097 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && 2128 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
2098 (rsa_enc || rsa_sign || dsa_sign)) 2129 (rsa_enc || rsa_sign || dsa_sign))
2099 emask_k|=SSL_kEDH; 2130 emask_k|=SSL_kEDH;
2100#endif 2131#endif
2101 2132
2102 if (dh_tmp_export) 2133 if (dh_tmp_export)
@@ -2105,23 +2136,25 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2105 if (dh_tmp) 2136 if (dh_tmp)
2106 mask_k|=SSL_kEDH; 2137 mask_k|=SSL_kEDH;
2107 2138
2108 if (dh_rsa) mask_k|=SSL_kDHr; 2139 if (dh_rsa)
2109 if (dh_rsa_export) emask_k|=SSL_kDHr; 2140 mask_k|=SSL_kDHr;
2141 if (dh_rsa_export)
2142 emask_k|=SSL_kDHr;
2110 2143
2111 if (dh_dsa) mask_k|=SSL_kDHd; 2144 if (dh_dsa)
2112 if (dh_dsa_export) emask_k|=SSL_kDHd; 2145 mask_k|=SSL_kDHd;
2146 if (dh_dsa_export)
2147 emask_k|=SSL_kDHd;
2113 2148
2114 if (rsa_enc || rsa_sign) 2149 if (rsa_enc || rsa_sign) {
2115 {
2116 mask_a|=SSL_aRSA; 2150 mask_a|=SSL_aRSA;
2117 emask_a|=SSL_aRSA; 2151 emask_a|=SSL_aRSA;
2118 } 2152 }
2119 2153
2120 if (dsa_sign) 2154 if (dsa_sign) {
2121 {
2122 mask_a|=SSL_aDSS; 2155 mask_a|=SSL_aDSS;
2123 emask_a|=SSL_aDSS; 2156 emask_a|=SSL_aDSS;
2124 } 2157 }
2125 2158
2126 mask_a|=SSL_aNULL; 2159 mask_a|=SSL_aNULL;
2127 emask_a|=SSL_aNULL; 2160 emask_a|=SSL_aNULL;
@@ -2136,66 +2169,57 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2136 /* An ECC certificate may be usable for ECDH and/or 2169 /* An ECC certificate may be usable for ECDH and/or
2137 * ECDSA cipher suites depending on the key usage extension. 2170 * ECDSA cipher suites depending on the key usage extension.
2138 */ 2171 */
2139 if (have_ecc_cert) 2172 if (have_ecc_cert) {
2140 {
2141 /* This call populates extension flags (ex_flags) */ 2173 /* This call populates extension flags (ex_flags) */
2142 x = (c->pkeys[SSL_PKEY_ECC]).x509; 2174 x = (c->pkeys[SSL_PKEY_ECC]).x509;
2143 X509_check_purpose(x, -1, 0); 2175 X509_check_purpose(x, -1, 0);
2144 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2176 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2145 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; 2177 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
2146 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2178 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2147 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; 2179 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
2148 ecc_pkey = X509_get_pubkey(x); 2180 ecc_pkey = X509_get_pubkey(x);
2149 ecc_pkey_size = (ecc_pkey != NULL) ? 2181 ecc_pkey_size = (ecc_pkey != NULL) ?
2150 EVP_PKEY_bits(ecc_pkey) : 0; 2182 EVP_PKEY_bits(ecc_pkey) : 0;
2151 EVP_PKEY_free(ecc_pkey); 2183 EVP_PKEY_free(ecc_pkey);
2152 if ((x->sig_alg) && (x->sig_alg->algorithm)) 2184 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2153 {
2154 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2185 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2155 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2186 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2156 } 2187 }
2157#ifndef OPENSSL_NO_ECDH 2188#ifndef OPENSSL_NO_ECDH
2158 if (ecdh_ok) 2189 if (ecdh_ok) {
2159 {
2160 2190
2161 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) 2191 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
2162 {
2163 mask_k|=SSL_kECDHr; 2192 mask_k|=SSL_kECDHr;
2164 mask_a|=SSL_aECDH; 2193 mask_a|=SSL_aECDH;
2165 if (ecc_pkey_size <= 163) 2194 if (ecc_pkey_size <= 163) {
2166 {
2167 emask_k|=SSL_kECDHr; 2195 emask_k|=SSL_kECDHr;
2168 emask_a|=SSL_aECDH; 2196 emask_a|=SSL_aECDH;
2169 }
2170 } 2197 }
2198 }
2171 2199
2172 if (pk_nid == NID_X9_62_id_ecPublicKey) 2200 if (pk_nid == NID_X9_62_id_ecPublicKey) {
2173 {
2174 mask_k|=SSL_kECDHe; 2201 mask_k|=SSL_kECDHe;
2175 mask_a|=SSL_aECDH; 2202 mask_a|=SSL_aECDH;
2176 if (ecc_pkey_size <= 163) 2203 if (ecc_pkey_size <= 163) {
2177 {
2178 emask_k|=SSL_kECDHe; 2204 emask_k|=SSL_kECDHe;
2179 emask_a|=SSL_aECDH; 2205 emask_a|=SSL_aECDH;
2180 }
2181 } 2206 }
2182 } 2207 }
2208 }
2183#endif 2209#endif
2184#ifndef OPENSSL_NO_ECDSA 2210#ifndef OPENSSL_NO_ECDSA
2185 if (ecdsa_ok) 2211 if (ecdsa_ok) {
2186 {
2187 mask_a|=SSL_aECDSA; 2212 mask_a|=SSL_aECDSA;
2188 emask_a|=SSL_aECDSA; 2213 emask_a|=SSL_aECDSA;
2189 }
2190#endif
2191 } 2214 }
2215#endif
2216 }
2192 2217
2193#ifndef OPENSSL_NO_ECDH 2218#ifndef OPENSSL_NO_ECDH
2194 if (have_ecdh_tmp) 2219 if (have_ecdh_tmp) {
2195 {
2196 mask_k|=SSL_kEECDH; 2220 mask_k|=SSL_kEECDH;
2197 emask_k|=SSL_kEECDH; 2221 emask_k|=SSL_kEECDH;
2198 } 2222 }
2199#endif 2223#endif
2200 2224
2201#ifndef OPENSSL_NO_PSK 2225#ifndef OPENSSL_NO_PSK
@@ -2205,12 +2229,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2205 emask_a |= SSL_aPSK; 2229 emask_a |= SSL_aPSK;
2206#endif 2230#endif
2207 2231
2208 c->mask_k=mask_k; 2232 c->mask_k = mask_k;
2209 c->mask_a=mask_a; 2233 c->mask_a = mask_a;
2210 c->export_mask_k=emask_k; 2234 c->export_mask_k = emask_k;
2211 c->export_mask_a=emask_a; 2235 c->export_mask_a = emask_a;
2212 c->valid=1; 2236 c->valid = 1;
2213 } 2237}
2214 2238
2215/* This handy macro borrowed from crypto/x509v3/v3_purp.c */ 2239/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
2216#define ku_reject(x, usage) \ 2240#define ku_reject(x, usage) \
@@ -2218,8 +2242,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2218 2242
2219#ifndef OPENSSL_NO_EC 2243#ifndef OPENSSL_NO_EC
2220 2244
2221int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 2245int
2222 { 2246ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2247{
2223 unsigned long alg_k, alg_a; 2248 unsigned long alg_k, alg_a;
2224 EVP_PKEY *pkey = NULL; 2249 EVP_PKEY *pkey = NULL;
2225 int keysize = 0; 2250 int keysize = 0;
@@ -2229,81 +2254,74 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2229 alg_k = cs->algorithm_mkey; 2254 alg_k = cs->algorithm_mkey;
2230 alg_a = cs->algorithm_auth; 2255 alg_a = cs->algorithm_auth;
2231 2256
2232 if (SSL_C_IS_EXPORT(cs)) 2257 if (SSL_C_IS_EXPORT(cs)) {
2233 {
2234 /* ECDH key length in export ciphers must be <= 163 bits */ 2258 /* ECDH key length in export ciphers must be <= 163 bits */
2235 pkey = X509_get_pubkey(x); 2259 pkey = X509_get_pubkey(x);
2236 if (pkey == NULL) return 0; 2260 if (pkey == NULL)
2261 return 0;
2237 keysize = EVP_PKEY_bits(pkey); 2262 keysize = EVP_PKEY_bits(pkey);
2238 EVP_PKEY_free(pkey); 2263 EVP_PKEY_free(pkey);
2239 if (keysize > 163) return 0; 2264 if (keysize > 163)
2240 } 2265 return 0;
2266 }
2241 2267
2242 /* This call populates the ex_flags field correctly */ 2268 /* This call populates the ex_flags field correctly */
2243 X509_check_purpose(x, -1, 0); 2269 X509_check_purpose(x, -1, 0);
2244 if ((x->sig_alg) && (x->sig_alg->algorithm)) 2270 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2245 {
2246 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2271 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2247 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2272 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2248 } 2273 }
2249 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) 2274 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
2250 {
2251 /* key usage, if present, must allow key agreement */ 2275 /* key usage, if present, must allow key agreement */
2252 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) 2276 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
2253 {
2254 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); 2277 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2255 return 0; 2278 return 0;
2256 } 2279 }
2257 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) 2280 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) {
2258 {
2259 /* signature alg must be ECDSA */ 2281 /* signature alg must be ECDSA */
2260 if (pk_nid != NID_X9_62_id_ecPublicKey) 2282 if (pk_nid != NID_X9_62_id_ecPublicKey) {
2261 {
2262 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); 2283 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2263 return 0; 2284 return 0;
2264 }
2265 } 2285 }
2266 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) 2286 }
2267 { 2287 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) {
2268 /* signature alg must be RSA */ 2288 /* signature alg must be RSA */
2269 2289
2270 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) 2290 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
2271 {
2272 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); 2291 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2273 return 0; 2292 return 0;
2274 }
2275 } 2293 }
2276 } 2294 }
2277 if (alg_a & SSL_aECDSA) 2295 }
2278 { 2296 if (alg_a & SSL_aECDSA) {
2279 /* key usage, if present, must allow signing */ 2297 /* key usage, if present, must allow signing */
2280 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) 2298 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
2281 {
2282 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); 2299 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2283 return 0; 2300 return 0;
2284 }
2285 } 2301 }
2286
2287 return 1; /* all checks are ok */
2288 } 2302 }
2289 2303
2304 return 1;
2305 /* all checks are ok */
2306}
2307
2290#endif 2308#endif
2291 2309
2292/* THIS NEEDS CLEANING UP */ 2310/* THIS NEEDS CLEANING UP */
2293CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) 2311CERT_PKEY
2294 { 2312*ssl_get_server_send_pkey(const SSL *s)
2295 unsigned long alg_k,alg_a; 2313{
2314 unsigned long alg_k, alg_a;
2296 CERT *c; 2315 CERT *c;
2297 int i; 2316 int i;
2298 2317
2299 c=s->cert; 2318 c = s->cert;
2300 ssl_set_cert_masks(c, s->s3->tmp.new_cipher); 2319 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
2301 2320
2302 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2321 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2303 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 2322 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2304 2323
2305 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) 2324 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
2306 {
2307 /* we don't need to look at SSL_kEECDH 2325 /* we don't need to look at SSL_kEECDH
2308 * since no certificate is needed for 2326 * since no certificate is needed for
2309 * anon ECDH and for authenticated 2327 * anon ECDH and for authenticated
@@ -2315,171 +2333,162 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
2315 * checks for SSL_kECDH before RSA 2333 * checks for SSL_kECDH before RSA
2316 * checks ensures the correct cert is chosen. 2334 * checks ensures the correct cert is chosen.
2317 */ 2335 */
2318 i=SSL_PKEY_ECC; 2336 i = SSL_PKEY_ECC;
2319 } 2337 } else if (alg_a & SSL_aECDSA) {
2320 else if (alg_a & SSL_aECDSA) 2338 i = SSL_PKEY_ECC;
2321 { 2339 } else if (alg_k & SSL_kDHr)
2322 i=SSL_PKEY_ECC; 2340 i = SSL_PKEY_DH_RSA;
2323 }
2324 else if (alg_k & SSL_kDHr)
2325 i=SSL_PKEY_DH_RSA;
2326 else if (alg_k & SSL_kDHd) 2341 else if (alg_k & SSL_kDHd)
2327 i=SSL_PKEY_DH_DSA; 2342 i = SSL_PKEY_DH_DSA;
2328 else if (alg_a & SSL_aDSS) 2343 else if (alg_a & SSL_aDSS)
2329 i=SSL_PKEY_DSA_SIGN; 2344 i = SSL_PKEY_DSA_SIGN;
2330 else if (alg_a & SSL_aRSA) 2345 else if (alg_a & SSL_aRSA) {
2331 {
2332 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) 2346 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
2333 i=SSL_PKEY_RSA_SIGN; 2347 i = SSL_PKEY_RSA_SIGN;
2334 else 2348 else
2335 i=SSL_PKEY_RSA_ENC; 2349 i = SSL_PKEY_RSA_ENC;
2336 } 2350 } else if (alg_a & SSL_aKRB5) {
2337 else if (alg_a & SSL_aKRB5)
2338 {
2339 /* VRS something else here? */ 2351 /* VRS something else here? */
2340 return(NULL); 2352 return (NULL);
2341 } 2353 } else if (alg_a & SSL_aGOST94)
2342 else if (alg_a & SSL_aGOST94) 2354 i = SSL_PKEY_GOST94;
2343 i=SSL_PKEY_GOST94;
2344 else if (alg_a & SSL_aGOST01) 2355 else if (alg_a & SSL_aGOST01)
2345 i=SSL_PKEY_GOST01; 2356 i = SSL_PKEY_GOST01;
2346 else /* if (alg_a & SSL_aNULL) */ 2357 else /* if (alg_a & SSL_aNULL) */
2347 { 2358 {
2348 SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); 2359 SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR);
2349 return(NULL); 2360 return (NULL);
2350 } 2361 }
2351 2362
2352 return c->pkeys + i; 2363 return c->pkeys + i;
2353 } 2364}
2354 2365
2355X509 *ssl_get_server_send_cert(const SSL *s) 2366X509
2356 { 2367*ssl_get_server_send_cert(const SSL *s)
2368{
2357 CERT_PKEY *cpk; 2369 CERT_PKEY *cpk;
2358 cpk = ssl_get_server_send_pkey(s); 2370 cpk = ssl_get_server_send_pkey(s);
2359 if (!cpk) 2371 if (!cpk)
2360 return NULL; 2372 return NULL;
2361 return cpk->x509; 2373 return cpk->x509;
2362 } 2374}
2363 2375
2364EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) 2376EVP_PKEY
2365 { 2377*ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
2378{
2366 unsigned long alg_a; 2379 unsigned long alg_a;
2367 CERT *c; 2380 CERT *c;
2368 int idx = -1; 2381 int idx = -1;
2369 2382
2370 alg_a = cipher->algorithm_auth; 2383 alg_a = cipher->algorithm_auth;
2371 c=s->cert; 2384 c = s->cert;
2372 2385
2373 if ((alg_a & SSL_aDSS) && 2386 if ((alg_a & SSL_aDSS) &&
2374 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) 2387 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2375 idx = SSL_PKEY_DSA_SIGN; 2388 idx = SSL_PKEY_DSA_SIGN;
2376 else if (alg_a & SSL_aRSA) 2389 else if (alg_a & SSL_aRSA) {
2377 {
2378 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) 2390 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2379 idx = SSL_PKEY_RSA_SIGN; 2391 idx = SSL_PKEY_RSA_SIGN;
2380 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) 2392 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2381 idx = SSL_PKEY_RSA_ENC; 2393 idx = SSL_PKEY_RSA_ENC;
2382 } 2394 } else if ((alg_a & SSL_aECDSA) &&
2383 else if ((alg_a & SSL_aECDSA) && 2395 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2384 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) 2396 idx = SSL_PKEY_ECC;
2385 idx = SSL_PKEY_ECC; 2397 if (idx == -1) {
2386 if (idx == -1) 2398 SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
2387 { 2399 return (NULL);
2388 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); 2400 }
2389 return(NULL);
2390 }
2391 if (pmd) 2401 if (pmd)
2392 *pmd = c->pkeys[idx].digest; 2402 *pmd = c->pkeys[idx].digest;
2393 return c->pkeys[idx].privatekey; 2403 return c->pkeys[idx].privatekey;
2394 } 2404}
2395 2405
2396void ssl_update_cache(SSL *s,int mode) 2406void
2397 { 2407ssl_update_cache(SSL *s, int mode)
2408{
2398 int i; 2409 int i;
2399 2410
2400 /* If the session_id_length is 0, we are not supposed to cache it, 2411 /* If the session_id_length is 0, we are not supposed to cache it,
2401 * and it would be rather hard to do anyway :-) */ 2412 * and it would be rather hard to do anyway :-) */
2402 if (s->session->session_id_length == 0) return; 2413 if (s->session->session_id_length == 0)
2414 return;
2403 2415
2404 i=s->session_ctx->session_cache_mode; 2416 i = s->session_ctx->session_cache_mode;
2405 if ((i & mode) && (!s->hit) 2417 if ((i & mode) && (!s->hit)
2406 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) 2418 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2407 || SSL_CTX_add_session(s->session_ctx,s->session)) 2419 || SSL_CTX_add_session(s->session_ctx, s->session))
2408 && (s->session_ctx->new_session_cb != NULL)) 2420 && (s->session_ctx->new_session_cb != NULL)) {
2409 { 2421 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2410 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); 2422 if (!s->session_ctx->new_session_cb(s, s->session))
2411 if (!s->session_ctx->new_session_cb(s,s->session))
2412 SSL_SESSION_free(s->session); 2423 SSL_SESSION_free(s->session);
2413 } 2424 }
2414 2425
2415 /* auto flush every 255 connections */ 2426 /* auto flush every 255 connections */
2416 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && 2427 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2417 ((i & mode) == mode)) 2428 ((i & mode) == mode)) {
2418 { 2429 if ((((mode & SSL_SESS_CACHE_CLIENT)
2419 if ( (((mode & SSL_SESS_CACHE_CLIENT)
2420 ?s->session_ctx->stats.sess_connect_good 2430 ?s->session_ctx->stats.sess_connect_good
2421 :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) 2431 :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
2422 {
2423 SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); 2432 SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
2424 }
2425 } 2433 }
2426 } 2434 }
2435}
2427 2436
2428const SSL_METHOD *SSL_get_ssl_method(SSL *s) 2437const SSL_METHOD
2429 { 2438*SSL_get_ssl_method(SSL *s)
2430 return(s->method); 2439{
2431 } 2440 return (s->method);
2441}
2432 2442
2433int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) 2443int
2434 { 2444SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2435 int conn= -1; 2445{
2436 int ret=1; 2446 int conn = -1;
2447 int ret = 1;
2437 2448
2438 if (s->method != meth) 2449 if (s->method != meth) {
2439 {
2440 if (s->handshake_func != NULL) 2450 if (s->handshake_func != NULL)
2441 conn=(s->handshake_func == s->method->ssl_connect); 2451 conn = (s->handshake_func == s->method->ssl_connect);
2442 2452
2443 if (s->method->version == meth->version) 2453 if (s->method->version == meth->version)
2444 s->method=meth; 2454 s->method = meth;
2445 else 2455 else {
2446 {
2447 s->method->ssl_free(s); 2456 s->method->ssl_free(s);
2448 s->method=meth; 2457 s->method = meth;
2449 ret=s->method->ssl_new(s); 2458 ret = s->method->ssl_new(s);
2450 } 2459 }
2451 2460
2452 if (conn == 1) 2461 if (conn == 1)
2453 s->handshake_func=meth->ssl_connect; 2462 s->handshake_func = meth->ssl_connect;
2454 else if (conn == 0) 2463 else if (conn == 0)
2455 s->handshake_func=meth->ssl_accept; 2464 s->handshake_func = meth->ssl_accept;
2456 }
2457 return(ret);
2458 } 2465 }
2466 return (ret);
2467}
2459 2468
2460int SSL_get_error(const SSL *s,int i) 2469int
2461 { 2470SSL_get_error(const SSL *s, int i)
2471{
2462 int reason; 2472 int reason;
2463 unsigned long l; 2473 unsigned long l;
2464 BIO *bio; 2474 BIO *bio;
2465 2475
2466 if (i > 0) return(SSL_ERROR_NONE); 2476 if (i > 0)
2477 return (SSL_ERROR_NONE);
2467 2478
2468 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake 2479 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2469 * etc, where we do encode the error */ 2480 * etc, where we do encode the error */
2470 if ((l=ERR_peek_error()) != 0) 2481 if ((l = ERR_peek_error()) != 0) {
2471 {
2472 if (ERR_GET_LIB(l) == ERR_LIB_SYS) 2482 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2473 return(SSL_ERROR_SYSCALL); 2483 return (SSL_ERROR_SYSCALL);
2474 else 2484 else
2475 return(SSL_ERROR_SSL); 2485 return (SSL_ERROR_SSL);
2476 } 2486 }
2477 2487
2478 if ((i < 0) && SSL_want_read(s)) 2488 if ((i < 0) && SSL_want_read(s)) {
2479 { 2489 bio = SSL_get_rbio(s);
2480 bio=SSL_get_rbio(s);
2481 if (BIO_should_read(bio)) 2490 if (BIO_should_read(bio))
2482 return(SSL_ERROR_WANT_READ); 2491 return (SSL_ERROR_WANT_READ);
2483 else if (BIO_should_write(bio)) 2492 else if (BIO_should_write(bio))
2484 /* This one doesn't make too much sense ... We never try 2493 /* This one doesn't make too much sense ... We never try
2485 * to write to the rbio, and an application program where 2494 * to write to the rbio, and an application program where
@@ -2490,131 +2499,129 @@ int SSL_get_error(const SSL *s,int i)
2490 * SSL_want_write(s)) and rbio and wbio *are* the same, 2499 * SSL_want_write(s)) and rbio and wbio *are* the same,
2491 * this test works around that bug; so it might be safer 2500 * this test works around that bug; so it might be safer
2492 * to keep it. */ 2501 * to keep it. */
2493 return(SSL_ERROR_WANT_WRITE); 2502 return (SSL_ERROR_WANT_WRITE);
2494 else if (BIO_should_io_special(bio)) 2503 else if (BIO_should_io_special(bio)) {
2495 { 2504 reason = BIO_get_retry_reason(bio);
2496 reason=BIO_get_retry_reason(bio);
2497 if (reason == BIO_RR_CONNECT) 2505 if (reason == BIO_RR_CONNECT)
2498 return(SSL_ERROR_WANT_CONNECT); 2506 return (SSL_ERROR_WANT_CONNECT);
2499 else if (reason == BIO_RR_ACCEPT) 2507 else if (reason == BIO_RR_ACCEPT)
2500 return(SSL_ERROR_WANT_ACCEPT); 2508 return (SSL_ERROR_WANT_ACCEPT);
2501 else 2509 else
2502 return(SSL_ERROR_SYSCALL); /* unknown */ 2510 return(SSL_ERROR_SYSCALL); /* unknown */
2503 }
2504 } 2511 }
2512 }
2505 2513
2506 if ((i < 0) && SSL_want_write(s)) 2514 if ((i < 0) && SSL_want_write(s)) {
2507 { 2515 bio = SSL_get_wbio(s);
2508 bio=SSL_get_wbio(s);
2509 if (BIO_should_write(bio)) 2516 if (BIO_should_write(bio))
2510 return(SSL_ERROR_WANT_WRITE); 2517 return (SSL_ERROR_WANT_WRITE);
2511 else if (BIO_should_read(bio)) 2518 else if (BIO_should_read(bio))
2512 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ 2519 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
2513 return(SSL_ERROR_WANT_READ); 2520 return (SSL_ERROR_WANT_READ);
2514 else if (BIO_should_io_special(bio)) 2521 else if (BIO_should_io_special(bio)) {
2515 { 2522 reason = BIO_get_retry_reason(bio);
2516 reason=BIO_get_retry_reason(bio);
2517 if (reason == BIO_RR_CONNECT) 2523 if (reason == BIO_RR_CONNECT)
2518 return(SSL_ERROR_WANT_CONNECT); 2524 return (SSL_ERROR_WANT_CONNECT);
2519 else if (reason == BIO_RR_ACCEPT) 2525 else if (reason == BIO_RR_ACCEPT)
2520 return(SSL_ERROR_WANT_ACCEPT); 2526 return (SSL_ERROR_WANT_ACCEPT);
2521 else 2527 else
2522 return(SSL_ERROR_SYSCALL); 2528 return (SSL_ERROR_SYSCALL);
2523 }
2524 }
2525 if ((i < 0) && SSL_want_x509_lookup(s))
2526 {
2527 return(SSL_ERROR_WANT_X509_LOOKUP);
2528 } 2529 }
2530 }
2531 if ((i < 0) && SSL_want_x509_lookup(s)) {
2532 return (SSL_ERROR_WANT_X509_LOOKUP);
2533 }
2529 2534
2530 if (i == 0) 2535 if (i == 0) {
2531 { 2536 if (s->version == SSL2_VERSION) {
2532 if (s->version == SSL2_VERSION)
2533 {
2534 /* assume it is the socket being closed */ 2537 /* assume it is the socket being closed */
2535 return(SSL_ERROR_ZERO_RETURN); 2538 return (SSL_ERROR_ZERO_RETURN);
2536 } 2539 } else {
2537 else
2538 {
2539 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && 2540 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2540 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) 2541 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2541 return(SSL_ERROR_ZERO_RETURN); 2542 return (SSL_ERROR_ZERO_RETURN);
2542 }
2543 } 2543 }
2544 return(SSL_ERROR_SYSCALL);
2545 } 2544 }
2545 return (SSL_ERROR_SYSCALL);
2546}
2546 2547
2547int SSL_do_handshake(SSL *s) 2548int
2548 { 2549SSL_do_handshake(SSL *s)
2549 int ret=1; 2550{
2551 int ret = 1;
2550 2552
2551 if (s->handshake_func == NULL) 2553 if (s->handshake_func == NULL) {
2552 { 2554 SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
2553 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); 2555 return (-1);
2554 return(-1); 2556 }
2555 }
2556 2557
2557 s->method->ssl_renegotiate_check(s); 2558 s->method->ssl_renegotiate_check(s);
2558 2559
2559 if (SSL_in_init(s) || SSL_in_before(s)) 2560 if (SSL_in_init(s) || SSL_in_before(s)) {
2560 { 2561 ret = s->handshake_func(s);
2561 ret=s->handshake_func(s);
2562 }
2563 return(ret);
2564 } 2562 }
2563 return (ret);
2564}
2565 2565
2566/* For the next 2 functions, SSL_clear() sets shutdown and so 2566/* For the next 2 functions, SSL_clear() sets shutdown and so
2567 * one of these calls will reset it */ 2567 * one of these calls will reset it */
2568void SSL_set_accept_state(SSL *s) 2568void
2569 { 2569SSL_set_accept_state(SSL *s)
2570 s->server=1; 2570{
2571 s->shutdown=0; 2571 s->server = 1;
2572 s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; 2572 s->shutdown = 0;
2573 s->handshake_func=s->method->ssl_accept; 2573 s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2574 s->handshake_func = s->method->ssl_accept;
2574 /* clear the current cipher */ 2575 /* clear the current cipher */
2575 ssl_clear_cipher_ctx(s); 2576 ssl_clear_cipher_ctx(s);
2576 ssl_clear_hash_ctx(&s->read_hash); 2577 ssl_clear_hash_ctx(&s->read_hash);
2577 ssl_clear_hash_ctx(&s->write_hash); 2578 ssl_clear_hash_ctx(&s->write_hash);
2578 } 2579}
2579 2580
2580void SSL_set_connect_state(SSL *s) 2581void
2581 { 2582SSL_set_connect_state(SSL *s)
2582 s->server=0; 2583{
2583 s->shutdown=0; 2584 s->server = 0;
2584 s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; 2585 s->shutdown = 0;
2585 s->handshake_func=s->method->ssl_connect; 2586 s->state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2587 s->handshake_func = s->method->ssl_connect;
2586 /* clear the current cipher */ 2588 /* clear the current cipher */
2587 ssl_clear_cipher_ctx(s); 2589 ssl_clear_cipher_ctx(s);
2588 ssl_clear_hash_ctx(&s->read_hash); 2590 ssl_clear_hash_ctx(&s->read_hash);
2589 ssl_clear_hash_ctx(&s->write_hash); 2591 ssl_clear_hash_ctx(&s->write_hash);
2590 } 2592}
2591 2593
2592int ssl_undefined_function(SSL *s) 2594int
2593 { 2595ssl_undefined_function(SSL *s)
2594 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2596{
2595 return(0); 2597 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2596 } 2598 return (0);
2599}
2597 2600
2598int ssl_undefined_void_function(void) 2601int
2599 { 2602ssl_undefined_void_function(void)
2600 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2603{
2601 return(0); 2604 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2602 } 2605 return (0);
2606}
2603 2607
2604int ssl_undefined_const_function(const SSL *s) 2608int
2605 { 2609ssl_undefined_const_function(const SSL *s)
2606 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2610{
2607 return(0); 2611 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2608 } 2612 return (0);
2613}
2609 2614
2610SSL_METHOD *ssl_bad_method(int ver) 2615SSL_METHOD
2611 { 2616*ssl_bad_method(int ver)
2612 SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2617{
2613 return(NULL); 2618 SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2614 } 2619 return (NULL);
2620}
2615 2621
2616const char *SSL_get_version(const SSL *s) 2622const char
2617 { 2623*SSL_get_version(const SSL *s)
2624{
2618 if (s->version == TLS1_2_VERSION) 2625 if (s->version == TLS1_2_VERSION)
2619 return("TLSv1.2"); 2626 return("TLSv1.2");
2620 else if (s->version == TLS1_1_VERSION) 2627 else if (s->version == TLS1_1_VERSION)
@@ -2627,29 +2634,27 @@ const char *SSL_get_version(const SSL *s)
2627 return("SSLv2"); 2634 return("SSLv2");
2628 else 2635 else
2629 return("unknown"); 2636 return("unknown");
2630 } 2637}
2631 2638
2632SSL *SSL_dup(SSL *s) 2639SSL
2633 { 2640*SSL_dup(SSL *s)
2641{
2634 STACK_OF(X509_NAME) *sk; 2642 STACK_OF(X509_NAME) *sk;
2635 X509_NAME *xn; 2643 X509_NAME *xn;
2636 SSL *ret; 2644 SSL *ret;
2637 int i; 2645 int i;
2638 2646
2639 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) 2647 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2640 return(NULL); 2648 return (NULL);
2641 2649
2642 ret->version = s->version; 2650 ret->version = s->version;
2643 ret->type = s->type; 2651 ret->type = s->type;
2644 ret->method = s->method; 2652 ret->method = s->method;
2645 2653
2646 if (s->session != NULL) 2654 if (s->session != NULL) {
2647 {
2648 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ 2655 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
2649 SSL_copy_session_id(ret,s); 2656 SSL_copy_session_id(ret, s);
2650 } 2657 } else {
2651 else
2652 {
2653 /* No session has been established yet, so we have to expect 2658 /* No session has been established yet, so we have to expect
2654 * that s->cert or ret->cert will be changed later -- 2659 * that s->cert or ret->cert will be changed later --
2655 * they should not both point to the same object, 2660 * they should not both point to the same object,
@@ -2659,56 +2664,50 @@ SSL *SSL_dup(SSL *s)
2659 ret->method = s->method; 2664 ret->method = s->method;
2660 ret->method->ssl_new(ret); 2665 ret->method->ssl_new(ret);
2661 2666
2662 if (s->cert != NULL) 2667 if (s->cert != NULL) {
2663 { 2668 if (ret->cert != NULL) {
2664 if (ret->cert != NULL)
2665 {
2666 ssl_cert_free(ret->cert); 2669 ssl_cert_free(ret->cert);
2667 } 2670 }
2668 ret->cert = ssl_cert_dup(s->cert); 2671 ret->cert = ssl_cert_dup(s->cert);
2669 if (ret->cert == NULL) 2672 if (ret->cert == NULL)
2670 goto err; 2673 goto err;
2671 }
2672
2673 SSL_set_session_id_context(ret,
2674 s->sid_ctx, s->sid_ctx_length);
2675 } 2674 }
2676 2675
2677 ret->options=s->options; 2676 SSL_set_session_id_context(ret,
2678 ret->mode=s->mode; 2677 s->sid_ctx, s->sid_ctx_length);
2679 SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); 2678 }
2680 SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); 2679
2680 ret->options = s->options;
2681 ret->mode = s->mode;
2682 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
2683 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
2681 ret->msg_callback = s->msg_callback; 2684 ret->msg_callback = s->msg_callback;
2682 ret->msg_callback_arg = s->msg_callback_arg; 2685 ret->msg_callback_arg = s->msg_callback_arg;
2683 SSL_set_verify(ret,SSL_get_verify_mode(s), 2686 SSL_set_verify(ret, SSL_get_verify_mode(s),
2684 SSL_get_verify_callback(s)); 2687 SSL_get_verify_callback(s));
2685 SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); 2688 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
2686 ret->generate_session_id = s->generate_session_id; 2689 ret->generate_session_id = s->generate_session_id;
2687 2690
2688 SSL_set_info_callback(ret,SSL_get_info_callback(s)); 2691 SSL_set_info_callback(ret, SSL_get_info_callback(s));
2689 2692
2690 ret->debug=s->debug; 2693 ret->debug = s->debug;
2691 2694
2692 /* copy app data, a little dangerous perhaps */ 2695 /* copy app data, a little dangerous perhaps */
2693 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) 2696 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
2694 goto err; 2697 goto err;
2695 2698
2696 /* setup rbio, and wbio */ 2699 /* setup rbio, and wbio */
2697 if (s->rbio != NULL) 2700 if (s->rbio != NULL) {
2698 {
2699 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) 2701 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2700 goto err; 2702 goto err;
2701 } 2703 }
2702 if (s->wbio != NULL) 2704 if (s->wbio != NULL) {
2703 { 2705 if (s->wbio != s->rbio) {
2704 if (s->wbio != s->rbio)
2705 {
2706 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) 2706 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2707 goto err; 2707 goto err;
2708 } 2708 } else
2709 else 2709 ret->wbio = ret->rbio;
2710 ret->wbio=ret->rbio; 2710 }
2711 }
2712 ret->rwstate = s->rwstate; 2711 ret->rwstate = s->rwstate;
2713 ret->in_handshake = s->in_handshake; 2712 ret->in_handshake = s->in_handshake;
2714 ret->handshake_func = s->handshake_func; 2713 ret->handshake_func = s->handshake_func;
@@ -2716,222 +2715,228 @@ SSL *SSL_dup(SSL *s)
2716 ret->renegotiate = s->renegotiate; 2715 ret->renegotiate = s->renegotiate;
2717 ret->new_session = s->new_session; 2716 ret->new_session = s->new_session;
2718 ret->quiet_shutdown = s->quiet_shutdown; 2717 ret->quiet_shutdown = s->quiet_shutdown;
2719 ret->shutdown=s->shutdown; 2718 ret->shutdown = s->shutdown;
2720 ret->state=s->state; /* SSL_dup does not really work at any state, though */ 2719 ret->state=s->state; /* SSL_dup does not really work at any state, though */
2721 ret->rstate=s->rstate; 2720 ret->rstate = s->rstate;
2722 ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ 2721 ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
2723 ret->hit=s->hit; 2722 ret->hit = s->hit;
2724 2723
2725 X509_VERIFY_PARAM_inherit(ret->param, s->param); 2724 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2726 2725
2727 /* dup the cipher_list and cipher_list_by_id stacks */ 2726 /* dup the cipher_list and cipher_list_by_id stacks */
2728 if (s->cipher_list != NULL) 2727 if (s->cipher_list != NULL) {
2729 { 2728 if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2730 if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2731 goto err; 2729 goto err;
2732 } 2730 }
2733 if (s->cipher_list_by_id != NULL) 2731 if (s->cipher_list_by_id != NULL)
2734 if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) 2732 if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
2735 == NULL) 2733 == NULL)
2736 goto err; 2734 goto err;
2737 2735
2738 /* Dup the client_CA list */ 2736 /* Dup the client_CA list */
2739 if (s->client_CA != NULL) 2737 if (s->client_CA != NULL) {
2740 { 2738 if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
2741 if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; 2739 ret->client_CA = sk;
2742 ret->client_CA=sk; 2740 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
2743 for (i=0; i<sk_X509_NAME_num(sk); i++) 2741 xn = sk_X509_NAME_value(sk, i);
2744 { 2742 if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
2745 xn=sk_X509_NAME_value(sk,i);
2746 if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
2747 {
2748 X509_NAME_free(xn); 2743 X509_NAME_free(xn);
2749 goto err; 2744 goto err;
2750 }
2751 } 2745 }
2752 } 2746 }
2747 }
2753 2748
2754 if (0) 2749 if (0) {
2755 {
2756err: 2750err:
2757 if (ret != NULL) SSL_free(ret); 2751 if (ret != NULL)
2758 ret=NULL; 2752 SSL_free(ret);
2759 } 2753 ret = NULL;
2760 return(ret);
2761 } 2754 }
2755 return (ret);
2756}
2762 2757
2763void ssl_clear_cipher_ctx(SSL *s) 2758void
2764 { 2759ssl_clear_cipher_ctx(SSL *s)
2765 if (s->enc_read_ctx != NULL) 2760{
2766 { 2761 if (s->enc_read_ctx != NULL) {
2767 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); 2762 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
2768 OPENSSL_free(s->enc_read_ctx); 2763 OPENSSL_free(s->enc_read_ctx);
2769 s->enc_read_ctx=NULL; 2764 s->enc_read_ctx = NULL;
2770 } 2765 }
2771 if (s->enc_write_ctx != NULL) 2766 if (s->enc_write_ctx != NULL) {
2772 {
2773 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); 2767 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
2774 OPENSSL_free(s->enc_write_ctx); 2768 OPENSSL_free(s->enc_write_ctx);
2775 s->enc_write_ctx=NULL; 2769 s->enc_write_ctx = NULL;
2776 } 2770 }
2777#ifndef OPENSSL_NO_COMP 2771#ifndef OPENSSL_NO_COMP
2778 if (s->expand != NULL) 2772 if (s->expand != NULL) {
2779 {
2780 COMP_CTX_free(s->expand); 2773 COMP_CTX_free(s->expand);
2781 s->expand=NULL; 2774 s->expand = NULL;
2782 } 2775 }
2783 if (s->compress != NULL) 2776 if (s->compress != NULL) {
2784 {
2785 COMP_CTX_free(s->compress); 2777 COMP_CTX_free(s->compress);
2786 s->compress=NULL; 2778 s->compress = NULL;
2787 }
2788#endif
2789 } 2779 }
2780#endif
2781}
2790 2782
2791/* Fix this function so that it takes an optional type parameter */ 2783/* Fix this function so that it takes an optional type parameter */
2792X509 *SSL_get_certificate(const SSL *s) 2784X509
2793 { 2785*SSL_get_certificate(const SSL *s)
2786{
2794 if (s->cert != NULL) 2787 if (s->cert != NULL)
2795 return(s->cert->key->x509); 2788 return (s->cert->key->x509);
2796 else 2789 else
2797 return(NULL); 2790 return (NULL);
2798 } 2791}
2799 2792
2800/* Fix this function so that it takes an optional type parameter */ 2793/* Fix this function so that it takes an optional type parameter */
2801EVP_PKEY *SSL_get_privatekey(SSL *s) 2794EVP_PKEY
2802 { 2795*SSL_get_privatekey(SSL *s)
2796{
2803 if (s->cert != NULL) 2797 if (s->cert != NULL)
2804 return(s->cert->key->privatekey); 2798 return (s->cert->key->privatekey);
2805 else 2799 else
2806 return(NULL); 2800 return (NULL);
2807 } 2801}
2808 2802
2809const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) 2803const SSL_CIPHER
2810 { 2804*SSL_get_current_cipher(const SSL *s)
2805{
2811 if ((s->session != NULL) && (s->session->cipher != NULL)) 2806 if ((s->session != NULL) && (s->session->cipher != NULL))
2812 return(s->session->cipher); 2807 return (s->session->cipher);
2813 return(NULL); 2808 return (NULL);
2814 } 2809}
2815#ifdef OPENSSL_NO_COMP 2810#ifdef OPENSSL_NO_COMP
2816const void *SSL_get_current_compression(SSL *s) 2811const void
2817 { 2812*SSL_get_current_compression(SSL *s)
2813{
2818 return NULL; 2814 return NULL;
2819 } 2815}
2820const void *SSL_get_current_expansion(SSL *s) 2816
2821 { 2817const void
2818*SSL_get_current_expansion(SSL *s)
2819{
2822 return NULL; 2820 return NULL;
2823 } 2821}
2824#else 2822#else
2825 2823
2826const COMP_METHOD *SSL_get_current_compression(SSL *s) 2824const COMP_METHOD
2827 { 2825*SSL_get_current_compression(SSL *s)
2826{
2828 if (s->compress != NULL) 2827 if (s->compress != NULL)
2829 return(s->compress->meth); 2828 return (s->compress->meth);
2830 return(NULL); 2829 return (NULL);
2831 } 2830}
2832 2831
2833const COMP_METHOD *SSL_get_current_expansion(SSL *s) 2832const COMP_METHOD
2834 { 2833*SSL_get_current_expansion(SSL *s)
2834{
2835 if (s->expand != NULL) 2835 if (s->expand != NULL)
2836 return(s->expand->meth); 2836 return (s->expand->meth);
2837 return(NULL); 2837 return (NULL);
2838 } 2838}
2839#endif 2839#endif
2840 2840
2841int ssl_init_wbio_buffer(SSL *s,int push) 2841int
2842 { 2842ssl_init_wbio_buffer(SSL *s, int push)
2843{
2843 BIO *bbio; 2844 BIO *bbio;
2844 2845
2845 if (s->bbio == NULL) 2846 if (s->bbio == NULL) {
2846 { 2847 bbio = BIO_new(BIO_f_buffer());
2847 bbio=BIO_new(BIO_f_buffer()); 2848 if (bbio == NULL)
2848 if (bbio == NULL) return(0); 2849 return (0);
2849 s->bbio=bbio; 2850 s->bbio = bbio;
2850 } 2851 } else {
2851 else 2852 bbio = s->bbio;
2852 {
2853 bbio=s->bbio;
2854 if (s->bbio == s->wbio) 2853 if (s->bbio == s->wbio)
2855 s->wbio=BIO_pop(s->wbio); 2854 s->wbio = BIO_pop(s->wbio);
2856 } 2855 }
2857 (void)BIO_reset(bbio); 2856 (void)BIO_reset(bbio);
2858/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ 2857/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2859 if (!BIO_set_read_buffer_size(bbio,1)) 2858 if (!BIO_set_read_buffer_size(bbio, 1)) {
2860 { 2859 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
2861 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB); 2860 return (0);
2862 return(0); 2861 }
2863 } 2862 if (push) {
2864 if (push)
2865 {
2866 if (s->wbio != bbio) 2863 if (s->wbio != bbio)
2867 s->wbio=BIO_push(bbio,s->wbio); 2864 s->wbio = BIO_push(bbio, s->wbio);
2868 } 2865 } else {
2869 else
2870 {
2871 if (s->wbio == bbio) 2866 if (s->wbio == bbio)
2872 s->wbio=BIO_pop(bbio); 2867 s->wbio = BIO_pop(bbio);
2873 }
2874 return(1);
2875 } 2868 }
2869 return (1);
2870}
2876 2871
2877void ssl_free_wbio_buffer(SSL *s) 2872void
2878 { 2873ssl_free_wbio_buffer(SSL *s)
2879 if (s->bbio == NULL) return; 2874{
2875 if (s->bbio == NULL)
2876 return;
2880 2877
2881 if (s->bbio == s->wbio) 2878 if (s->bbio == s->wbio) {
2882 {
2883 /* remove buffering */ 2879 /* remove buffering */
2884 s->wbio=BIO_pop(s->wbio); 2880 s->wbio = BIO_pop(s->wbio);
2885#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ 2881#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
2886 assert(s->wbio != NULL); 2882 assert(s->wbio != NULL);
2887#endif 2883#endif
2888 } 2884 }
2889 BIO_free(s->bbio); 2885 BIO_free(s->bbio);
2890 s->bbio=NULL; 2886 s->bbio = NULL;
2891 } 2887}
2892
2893void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
2894 {
2895 ctx->quiet_shutdown=mode;
2896 }
2897 2888
2898int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) 2889void
2899 { 2890SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
2900 return(ctx->quiet_shutdown); 2891{
2901 } 2892 ctx->quiet_shutdown = mode;
2893}
2902 2894
2903void SSL_set_quiet_shutdown(SSL *s,int mode) 2895int
2904 { 2896SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2905 s->quiet_shutdown=mode; 2897{
2906 } 2898 return (ctx->quiet_shutdown);
2899}
2907 2900
2908int SSL_get_quiet_shutdown(const SSL *s) 2901void
2909 { 2902SSL_set_quiet_shutdown(SSL *s, int mode)
2910 return(s->quiet_shutdown); 2903{
2911 } 2904 s->quiet_shutdown = mode;
2905}
2912 2906
2913void SSL_set_shutdown(SSL *s,int mode) 2907int
2914 { 2908SSL_get_quiet_shutdown(const SSL *s)
2915 s->shutdown=mode; 2909{
2916 } 2910 return (s->quiet_shutdown);
2911}
2917 2912
2918int SSL_get_shutdown(const SSL *s) 2913void
2919 { 2914SSL_set_shutdown(SSL *s, int mode)
2920 return(s->shutdown); 2915{
2921 } 2916 s->shutdown = mode;
2917}
2922 2918
2923int SSL_version(const SSL *s) 2919int
2924 { 2920SSL_get_shutdown(const SSL *s)
2925 return(s->version); 2921{
2926 } 2922 return (s->shutdown);
2923}
2927 2924
2928SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) 2925int
2929 { 2926SSL_version(const SSL *s)
2930 return(ssl->ctx); 2927{
2931 } 2928 return (s->version);
2929}
2932 2930
2933SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) 2931SSL_CTX
2934 { 2932*SSL_get_SSL_CTX(const SSL *ssl)
2933{
2934 return (ssl->ctx);
2935}
2936
2937SSL_CTX
2938*SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2939{
2935 if (ssl->ctx == ctx) 2940 if (ssl->ctx == ctx)
2936 return ssl->ctx; 2941 return ssl->ctx;
2937#ifndef OPENSSL_NO_TLSEXT 2942#ifndef OPENSSL_NO_TLSEXT
@@ -2941,114 +2946,131 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2941 if (ssl->cert != NULL) 2946 if (ssl->cert != NULL)
2942 ssl_cert_free(ssl->cert); 2947 ssl_cert_free(ssl->cert);
2943 ssl->cert = ssl_cert_dup(ctx->cert); 2948 ssl->cert = ssl_cert_dup(ctx->cert);
2944 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 2949 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
2945 if (ssl->ctx != NULL) 2950 if (ssl->ctx != NULL)
2946 SSL_CTX_free(ssl->ctx); /* decrement reference count */ 2951 SSL_CTX_free(ssl->ctx); /* decrement reference count */
2947 ssl->ctx = ctx; 2952 ssl->ctx = ctx;
2948 return(ssl->ctx); 2953 return (ssl->ctx);
2949 } 2954}
2950 2955
2951#ifndef OPENSSL_NO_STDIO 2956#ifndef OPENSSL_NO_STDIO
2952int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 2957int
2953 { 2958SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
2954 return(X509_STORE_set_default_paths(ctx->cert_store)); 2959{
2955 } 2960 return (X509_STORE_set_default_paths(ctx->cert_store));
2961}
2956 2962
2957int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 2963int
2958 const char *CApath) 2964SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
2959 { 2965 const char *CApath)
2960 return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); 2966{
2961 } 2967 return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
2968}
2962#endif 2969#endif
2963 2970
2964void SSL_set_info_callback(SSL *ssl, 2971void
2965 void (*cb)(const SSL *ssl,int type,int val)) 2972SSL_set_info_callback(SSL *ssl,
2966 { 2973 void (*cb)(const SSL *ssl, int type, int val))
2967 ssl->info_callback=cb; 2974{
2968 } 2975 ssl->info_callback = cb;
2976}
2969 2977
2970/* One compiler (Diab DCC) doesn't like argument names in returned 2978/* One compiler (Diab DCC) doesn't like argument names in returned
2971 function pointer. */ 2979 function pointer. */
2972void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) 2980void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
2973 { 2981{
2974 return ssl->info_callback; 2982 return ssl->info_callback;
2975 } 2983}
2976 2984
2977int SSL_state(const SSL *ssl) 2985int
2978 { 2986SSL_state(const SSL *ssl)
2979 return(ssl->state); 2987{
2980 } 2988 return (ssl->state);
2989}
2981 2990
2982void SSL_set_state(SSL *ssl, int state) 2991void
2983 { 2992SSL_set_state(SSL *ssl, int state)
2993{
2984 ssl->state = state; 2994 ssl->state = state;
2985 } 2995}
2986 2996
2987void SSL_set_verify_result(SSL *ssl,long arg) 2997void
2988 { 2998SSL_set_verify_result(SSL *ssl, long arg)
2989 ssl->verify_result=arg; 2999{
2990 } 3000 ssl->verify_result = arg;
3001}
2991 3002
2992long SSL_get_verify_result(const SSL *ssl) 3003long
2993 { 3004SSL_get_verify_result(const SSL *ssl)
2994 return(ssl->verify_result); 3005{
2995 } 3006 return (ssl->verify_result);
3007}
2996 3008
2997int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, 3009int
2998 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) 3010SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2999 { 3011 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
3012{
3000 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, 3013 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
3001 new_func, dup_func, free_func); 3014 new_func, dup_func, free_func);
3002 } 3015}
3003 3016
3004int SSL_set_ex_data(SSL *s,int idx,void *arg) 3017int
3005 { 3018SSL_set_ex_data(SSL *s, int idx, void *arg)
3006 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 3019{
3007 } 3020 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3021}
3008 3022
3009void *SSL_get_ex_data(const SSL *s,int idx) 3023void
3010 { 3024*SSL_get_ex_data(const SSL *s, int idx)
3011 return(CRYPTO_get_ex_data(&s->ex_data,idx)); 3025{
3012 } 3026 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3027}
3013 3028
3014int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, 3029int
3015 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) 3030SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
3016 { 3031 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
3032{
3017 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, 3033 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
3018 new_func, dup_func, free_func); 3034 new_func, dup_func, free_func);
3019 } 3035}
3020 3036
3021int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) 3037int
3022 { 3038SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
3023 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 3039{
3024 } 3040 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3041}
3025 3042
3026void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) 3043void
3027 { 3044*SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
3028 return(CRYPTO_get_ex_data(&s->ex_data,idx)); 3045{
3029 } 3046 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3047}
3030 3048
3031int ssl_ok(SSL *s) 3049int
3032 { 3050ssl_ok(SSL *s)
3033 return(1); 3051{
3034 } 3052 return (1);
3053}
3035 3054
3036X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) 3055X509_STORE
3037 { 3056*SSL_CTX_get_cert_store(const SSL_CTX *ctx)
3038 return(ctx->cert_store); 3057{
3039 } 3058 return (ctx->cert_store);
3059}
3040 3060
3041void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) 3061void
3042 { 3062SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
3063{
3043 if (ctx->cert_store != NULL) 3064 if (ctx->cert_store != NULL)
3044 X509_STORE_free(ctx->cert_store); 3065 X509_STORE_free(ctx->cert_store);
3045 ctx->cert_store=store; 3066 ctx->cert_store = store;
3046 } 3067}
3047 3068
3048int SSL_want(const SSL *s) 3069int
3049 { 3070SSL_want(const SSL *s)
3050 return(s->rwstate); 3071{
3051 } 3072 return (s->rwstate);
3073}
3052 3074
3053/*! 3075/*!
3054 * \brief Set the callback for generating temporary RSA keys. 3076 * \brief Set the callback for generating temporary RSA keys.
@@ -3057,19 +3079,21 @@ int SSL_want(const SSL *s)
3057 */ 3079 */
3058 3080
3059#ifndef OPENSSL_NO_RSA 3081#ifndef OPENSSL_NO_RSA
3060void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, 3082void
3061 int is_export, 3083SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,
3062 int keylength)) 3084 int is_export,
3063 { 3085int keylength))
3064 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); 3086{
3065 } 3087 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3066 3088}
3067void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, 3089
3068 int is_export, 3090void
3069 int keylength)) 3091SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl,
3070 { 3092 int is_export,
3071 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); 3093int keylength))
3072 } 3094{
3095 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3096}
3073#endif 3097#endif
3074 3098
3075#ifdef DOXYGEN 3099#ifdef DOXYGEN
@@ -3083,8 +3107,9 @@ void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
3083 * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback 3107 * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
3084 */ 3108 */
3085 3109
3086RSA *cb(SSL *ssl,int is_export,int keylength) 3110RSA
3087 {} 3111*cb(SSL *ssl, int is_export, int keylength)
3112{}
3088#endif 3113#endif
3089 3114
3090/*! 3115/*!
@@ -3094,133 +3119,142 @@ RSA *cb(SSL *ssl,int is_export,int keylength)
3094 */ 3119 */
3095 3120
3096#ifndef OPENSSL_NO_DH 3121#ifndef OPENSSL_NO_DH
3097void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, 3122void
3098 int keylength)) 3123SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export,
3099 { 3124 int keylength))
3100 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); 3125{
3101 } 3126 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3127}
3102 3128
3103void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, 3129void
3104 int keylength)) 3130SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
3105 { 3131 int keylength))
3106 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); 3132{
3107 } 3133 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3134}
3108#endif 3135#endif
3109 3136
3110#ifndef OPENSSL_NO_ECDH 3137#ifndef OPENSSL_NO_ECDH
3111void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, 3138void
3112 int keylength)) 3139SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
3113 { 3140 int keylength))
3114 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); 3141{
3115 } 3142 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3143}
3116 3144
3117void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, 3145void
3118 int keylength)) 3146SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
3119 { 3147 int keylength))
3120 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); 3148{
3121 } 3149 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3150}
3122#endif 3151#endif
3123 3152
3124#ifndef OPENSSL_NO_PSK 3153#ifndef OPENSSL_NO_PSK
3125int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) 3154int
3126 { 3155SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
3127 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) 3156{
3128 { 3157 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
3129 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); 3158 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
3130 return 0; 3159 return 0;
3131 } 3160 }
3132 if (ctx->psk_identity_hint != NULL) 3161 if (ctx->psk_identity_hint != NULL)
3133 OPENSSL_free(ctx->psk_identity_hint); 3162 OPENSSL_free(ctx->psk_identity_hint);
3134 if (identity_hint != NULL) 3163 if (identity_hint != NULL) {
3135 {
3136 ctx->psk_identity_hint = BUF_strdup(identity_hint); 3164 ctx->psk_identity_hint = BUF_strdup(identity_hint);
3137 if (ctx->psk_identity_hint == NULL) 3165 if (ctx->psk_identity_hint == NULL)
3138 return 0; 3166 return 0;
3139 } 3167 } else
3140 else
3141 ctx->psk_identity_hint = NULL; 3168 ctx->psk_identity_hint = NULL;
3142 return 1; 3169 return 1;
3143 } 3170}
3144 3171
3145int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) 3172int
3146 { 3173SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
3174{
3147 if (s == NULL) 3175 if (s == NULL)
3148 return 0; 3176 return 0;
3149 3177
3150 if (s->session == NULL) 3178 if (s->session == NULL)
3151 return 1; /* session not created yet, ignored */ 3179 return 1; /* session not created yet, ignored */
3152 3180
3153 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) 3181 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
3154 {
3155 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); 3182 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
3156 return 0; 3183 return 0;
3157 } 3184 }
3158 if (s->session->psk_identity_hint != NULL) 3185 if (s->session->psk_identity_hint != NULL)
3159 OPENSSL_free(s->session->psk_identity_hint); 3186 OPENSSL_free(s->session->psk_identity_hint);
3160 if (identity_hint != NULL) 3187 if (identity_hint != NULL) {
3161 {
3162 s->session->psk_identity_hint = BUF_strdup(identity_hint); 3188 s->session->psk_identity_hint = BUF_strdup(identity_hint);
3163 if (s->session->psk_identity_hint == NULL) 3189 if (s->session->psk_identity_hint == NULL)
3164 return 0; 3190 return 0;
3165 } 3191 } else
3166 else
3167 s->session->psk_identity_hint = NULL; 3192 s->session->psk_identity_hint = NULL;
3168 return 1; 3193 return 1;
3169 } 3194}
3170 3195
3171const char *SSL_get_psk_identity_hint(const SSL *s) 3196const char
3172 { 3197*SSL_get_psk_identity_hint(const SSL *s)
3198{
3173 if (s == NULL || s->session == NULL) 3199 if (s == NULL || s->session == NULL)
3174 return NULL; 3200 return NULL;
3175 return(s->session->psk_identity_hint); 3201 return (s->session->psk_identity_hint);
3176 } 3202}
3177 3203
3178const char *SSL_get_psk_identity(const SSL *s) 3204const char
3179 { 3205*SSL_get_psk_identity(const SSL *s)
3206{
3180 if (s == NULL || s->session == NULL) 3207 if (s == NULL || s->session == NULL)
3181 return NULL; 3208 return NULL;
3182 return(s->session->psk_identity); 3209 return (s->session->psk_identity);
3183 } 3210}
3184 3211
3185void SSL_set_psk_client_callback(SSL *s, 3212void
3213SSL_set_psk_client_callback(SSL *s,
3186 unsigned int (*cb)(SSL *ssl, const char *hint, 3214 unsigned int (*cb)(SSL *ssl, const char *hint,
3187 char *identity, unsigned int max_identity_len, unsigned char *psk, 3215char *identity, unsigned int max_identity_len, unsigned char *psk,
3188 unsigned int max_psk_len)) 3216 unsigned int max_psk_len))
3189 { 3217{
3190 s->psk_client_callback = cb; 3218 s->psk_client_callback = cb;
3191 } 3219}
3192 3220
3193void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 3221void
3222SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
3194 unsigned int (*cb)(SSL *ssl, const char *hint, 3223 unsigned int (*cb)(SSL *ssl, const char *hint,
3195 char *identity, unsigned int max_identity_len, unsigned char *psk, 3224char *identity, unsigned int max_identity_len, unsigned char *psk,
3196 unsigned int max_psk_len)) 3225 unsigned int max_psk_len))
3197 { 3226{
3198 ctx->psk_client_callback = cb; 3227 ctx->psk_client_callback = cb;
3199 } 3228}
3200 3229
3201void SSL_set_psk_server_callback(SSL *s, 3230void
3231SSL_set_psk_server_callback(SSL *s,
3202 unsigned int (*cb)(SSL *ssl, const char *identity, 3232 unsigned int (*cb)(SSL *ssl, const char *identity,
3203 unsigned char *psk, unsigned int max_psk_len)) 3233unsigned char *psk, unsigned int max_psk_len))
3204 { 3234{
3205 s->psk_server_callback = cb; 3235 s->psk_server_callback = cb;
3206 } 3236}
3207 3237
3208void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 3238void
3239SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
3209 unsigned int (*cb)(SSL *ssl, const char *identity, 3240 unsigned int (*cb)(SSL *ssl, const char *identity,
3210 unsigned char *psk, unsigned int max_psk_len)) 3241unsigned char *psk, unsigned int max_psk_len))
3211 { 3242{
3212 ctx->psk_server_callback = cb; 3243 ctx->psk_server_callback = cb;
3213 } 3244}
3214#endif 3245#endif
3215 3246
3216void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3247void
3217 { 3248SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3249{
3218 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3250 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3219 } 3251}
3220void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3252
3221 { 3253void
3254SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3255{
3222 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3256 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3223 } 3257}
3224 3258
3225/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer 3259/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
3226 * vairable, freeing EVP_MD_CTX previously stored in that variable, if 3260 * vairable, freeing EVP_MD_CTX previously stored in that variable, if
@@ -3228,31 +3262,38 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
3228 * Returns newly allocated ctx; 3262 * Returns newly allocated ctx;
3229 */ 3263 */
3230 3264
3231EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) 3265EVP_MD_CTX
3266*ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
3232{ 3267{
3233 ssl_clear_hash_ctx(hash); 3268 ssl_clear_hash_ctx(hash);
3234 *hash = EVP_MD_CTX_create(); 3269 *hash = EVP_MD_CTX_create();
3235 if (md) EVP_DigestInit_ex(*hash,md,NULL); 3270 if (md)
3271 EVP_DigestInit_ex(*hash, md, NULL);
3236 return *hash; 3272 return *hash;
3237} 3273}
3238void ssl_clear_hash_ctx(EVP_MD_CTX **hash) 3274
3275void
3276ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3239{ 3277{
3240 3278
3241 if (*hash) EVP_MD_CTX_destroy(*hash); 3279 if (*hash)
3242 *hash=NULL; 3280 EVP_MD_CTX_destroy(*hash);
3281 *hash = NULL;
3243} 3282}
3244 3283
3245void SSL_set_debug(SSL *s, int debug) 3284void
3246 { 3285SSL_set_debug(SSL *s, int debug)
3286{
3247 s->debug = debug; 3287 s->debug = debug;
3248 } 3288}
3249 3289
3250int SSL_cache_hit(SSL *s) 3290int
3251 { 3291SSL_cache_hit(SSL *s)
3292{
3252 return s->hit; 3293 return s->hit;
3253 } 3294}
3254 3295
3255IMPLEMENT_STACK_OF(SSL_CIPHER) 3296IMPLEMENT_STACK_OF(SSL_CIPHER)
3256IMPLEMENT_STACK_OF(SSL_COMP) 3297IMPLEMENT_STACK_OF(SSL_COMP)
3257IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, 3298IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
3258 ssl_cipher_id); 3299ssl_cipher_id);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 20:27:23 +0000