summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl_lib.c3159
1 files changed, 1600 insertions, 1559 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index d9a728493e..98764b82aa 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -160,11 +160,11 @@
160#include <openssl/engine.h> 160#include <openssl/engine.h>
161#endif 161#endif
162 162
163const char *SSL_version_str=OPENSSL_VERSION_TEXT; 163const char *SSL_version_str = OPENSSL_VERSION_TEXT;
164 164
165SSL3_ENC_METHOD ssl3_undef_enc_method={ 165SSL3_ENC_METHOD ssl3_undef_enc_method = {
166 /* evil casts, but these functions are only called if there's a library bug */ 166 /* evil casts, but these functions are only called if there's a library bug */
167 (int (*)(SSL *,int))ssl_undefined_function, 167 (int (*)(SSL *, int))ssl_undefined_function,
168 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, 168 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
169 ssl_undefined_function, 169 ssl_undefined_function,
170 (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, 170 (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
@@ -178,129 +178,124 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
178 0, /* server_finished_label_len */ 178 0, /* server_finished_label_len */
179 (int (*)(int))ssl_undefined_function, 179 (int (*)(int))ssl_undefined_function,
180 (int (*)(SSL *, unsigned char *, size_t, const char *, 180 (int (*)(SSL *, unsigned char *, size_t, const char *,
181 size_t, const unsigned char *, size_t, 181 size_t, const unsigned char *, size_t,
182 int use_context)) ssl_undefined_function, 182 int use_context)) ssl_undefined_function,
183 }; 183};
184 184
185int SSL_clear(SSL *s) 185int
186 { 186SSL_clear(SSL *s)
187{
187 188
188 if (s->method == NULL) 189 if (s->method == NULL) {
189 { 190 SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
190 SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); 191 return (0);
191 return(0); 192 }
192 }
193 193
194 if (ssl_clear_bad_session(s)) 194 if (ssl_clear_bad_session(s)) {
195 {
196 SSL_SESSION_free(s->session); 195 SSL_SESSION_free(s->session);
197 s->session=NULL; 196 s->session = NULL;
198 } 197 }
199 198
200 s->error=0; 199 s->error = 0;
201 s->hit=0; 200 s->hit = 0;
202 s->shutdown=0; 201 s->shutdown = 0;
203 202
204#if 0 /* Disabled since version 1.10 of this file (early return not 203#if 0 /* Disabled since version 1.10 of this file (early return not
205 * needed because SSL_clear is not called when doing renegotiation) */ 204 * needed because SSL_clear is not called when doing renegotiation) */
206 /* This is set if we are doing dynamic renegotiation so keep 205 /* This is set if we are doing dynamic renegotiation so keep
207 * the old cipher. It is sort of a SSL_clear_lite :-) */ 206 * the old cipher. It is sort of a SSL_clear_lite :-) */
208 if (s->renegotiate) return(1);
209#else
210 if (s->renegotiate) 207 if (s->renegotiate)
211 { 208 return (1);
212 SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); 209#else
210 if (s->renegotiate) {
211 SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
213 return 0; 212 return 0;
214 } 213 }
215#endif 214#endif
216 215
217 s->type=0; 216 s->type = 0;
218 217
219 s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); 218 s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
220 219
221 s->version=s->method->version; 220 s->version = s->method->version;
222 s->client_version=s->version; 221 s->client_version = s->version;
223 s->rwstate=SSL_NOTHING; 222 s->rwstate = SSL_NOTHING;
224 s->rstate=SSL_ST_READ_HEADER; 223 s->rstate = SSL_ST_READ_HEADER;
225#if 0 224#if 0
226 s->read_ahead=s->ctx->read_ahead; 225 s->read_ahead = s->ctx->read_ahead;
227#endif 226#endif
228 227
229 if (s->init_buf != NULL) 228 if (s->init_buf != NULL) {
230 {
231 BUF_MEM_free(s->init_buf); 229 BUF_MEM_free(s->init_buf);
232 s->init_buf=NULL; 230 s->init_buf = NULL;
233 } 231 }
234 232
235 ssl_clear_cipher_ctx(s); 233 ssl_clear_cipher_ctx(s);
236 ssl_clear_hash_ctx(&s->read_hash); 234 ssl_clear_hash_ctx(&s->read_hash);
237 ssl_clear_hash_ctx(&s->write_hash); 235 ssl_clear_hash_ctx(&s->write_hash);
238 236
239 s->first_packet=0; 237 s->first_packet = 0;
240 238
241#if 1 239#if 1
242 /* Check to see if we were changed into a different method, if 240 /* Check to see if we were changed into a different method, if
243 * so, revert back if we are not doing session-id reuse. */ 241 * so, revert back if we are not doing session-id reuse. */
244 if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) 242 if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) {
245 {
246 s->method->ssl_free(s); 243 s->method->ssl_free(s);
247 s->method=s->ctx->method; 244 s->method = s->ctx->method;
248 if (!s->method->ssl_new(s)) 245 if (!s->method->ssl_new(s))
249 return(0); 246 return (0);
250 } 247 } else
251 else
252#endif 248#endif
253 s->method->ssl_clear(s); 249 s->method->ssl_clear(s);
254 return(1); 250 return (1);
255 } 251}
256 252
257/** Used to change an SSL_CTXs default SSL method type */ 253/** Used to change an SSL_CTXs default SSL method type */
258int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth) 254int
259 { 255SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
256{
260 STACK_OF(SSL_CIPHER) *sk; 257 STACK_OF(SSL_CIPHER) *sk;
261 258
262 ctx->method=meth; 259 ctx->method = meth;
263 260
264 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), 261 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
265 &(ctx->cipher_list_by_id), 262 &(ctx->cipher_list_by_id),
266 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); 263 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
267 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) 264 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
268 { 265 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
269 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 266 return (0);
270 return(0);
271 }
272 return(1);
273 } 267 }
268 return (1);
269}
274 270
275SSL *SSL_new(SSL_CTX *ctx) 271SSL
276 { 272*SSL_new(SSL_CTX *ctx)
273{
277 SSL *s; 274 SSL *s;
278 275
279 if (ctx == NULL) 276 if (ctx == NULL) {
280 { 277 SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
281 SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); 278 return (NULL);
282 return(NULL); 279 }
283 } 280 if (ctx->method == NULL) {
284 if (ctx->method == NULL) 281 SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
285 { 282 return (NULL);
286 SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 283 }
287 return(NULL);
288 }
289 284
290 s=(SSL *)OPENSSL_malloc(sizeof(SSL)); 285 s = (SSL *)OPENSSL_malloc(sizeof(SSL));
291 if (s == NULL) goto err; 286 if (s == NULL)
292 memset(s,0,sizeof(SSL)); 287 goto err;
288 memset(s, 0, sizeof(SSL));
293 289
294#ifndef OPENSSL_NO_KRB5 290#ifndef OPENSSL_NO_KRB5
295 s->kssl_ctx = kssl_ctx_new(); 291 s->kssl_ctx = kssl_ctx_new();
296#endif /* OPENSSL_NO_KRB5 */ 292#endif /* OPENSSL_NO_KRB5 */
297 293
298 s->options=ctx->options; 294 s->options = ctx->options;
299 s->mode=ctx->mode; 295 s->mode = ctx->mode;
300 s->max_cert_list=ctx->max_cert_list; 296 s->max_cert_list = ctx->max_cert_list;
301 297
302 if (ctx->cert != NULL) 298 if (ctx->cert != NULL) {
303 {
304 /* Earlier library versions used to copy the pointer to 299 /* Earlier library versions used to copy the pointer to
305 * the CERT, not its contents; only when setting new 300 * the CERT, not its contents; only when setting new
306 * parameters for the per-SSL copy, ssl_cert_new would be 301 * parameters for the per-SSL copy, ssl_cert_new would be
@@ -314,22 +309,21 @@ SSL *SSL_new(SSL_CTX *ctx)
314 s->cert = ssl_cert_dup(ctx->cert); 309 s->cert = ssl_cert_dup(ctx->cert);
315 if (s->cert == NULL) 310 if (s->cert == NULL)
316 goto err; 311 goto err;
317 } 312 } else
318 else
319 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ 313 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
320 314
321 s->read_ahead=ctx->read_ahead; 315 s->read_ahead = ctx->read_ahead;
322 s->msg_callback=ctx->msg_callback; 316 s->msg_callback = ctx->msg_callback;
323 s->msg_callback_arg=ctx->msg_callback_arg; 317 s->msg_callback_arg = ctx->msg_callback_arg;
324 s->verify_mode=ctx->verify_mode; 318 s->verify_mode = ctx->verify_mode;
325#if 0 319#if 0
326 s->verify_depth=ctx->verify_depth; 320 s->verify_depth = ctx->verify_depth;
327#endif 321#endif
328 s->sid_ctx_length=ctx->sid_ctx_length; 322 s->sid_ctx_length = ctx->sid_ctx_length;
329 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); 323 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
330 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); 324 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
331 s->verify_callback=ctx->default_verify_callback; 325 s->verify_callback = ctx->default_verify_callback;
332 s->generate_session_id=ctx->generate_session_id; 326 s->generate_session_id = ctx->generate_session_id;
333 327
334 s->param = X509_VERIFY_PARAM_new(); 328 s->param = X509_VERIFY_PARAM_new();
335 if (!s->param) 329 if (!s->param)
@@ -339,11 +333,11 @@ SSL *SSL_new(SSL_CTX *ctx)
339 s->purpose = ctx->purpose; 333 s->purpose = ctx->purpose;
340 s->trust = ctx->trust; 334 s->trust = ctx->trust;
341#endif 335#endif
342 s->quiet_shutdown=ctx->quiet_shutdown; 336 s->quiet_shutdown = ctx->quiet_shutdown;
343 s->max_send_fragment = ctx->max_send_fragment; 337 s->max_send_fragment = ctx->max_send_fragment;
344 338
345 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 339 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
346 s->ctx=ctx; 340 s->ctx = ctx;
347#ifndef OPENSSL_NO_TLSEXT 341#ifndef OPENSSL_NO_TLSEXT
348 s->tlsext_debug_cb = 0; 342 s->tlsext_debug_cb = 0;
349 s->tlsext_debug_arg = NULL; 343 s->tlsext_debug_arg = NULL;
@@ -354,93 +348,95 @@ SSL *SSL_new(SSL_CTX *ctx)
354 s->tlsext_ocsp_exts = NULL; 348 s->tlsext_ocsp_exts = NULL;
355 s->tlsext_ocsp_resp = NULL; 349 s->tlsext_ocsp_resp = NULL;
356 s->tlsext_ocsp_resplen = -1; 350 s->tlsext_ocsp_resplen = -1;
357 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 351 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
358 s->initial_ctx=ctx; 352 s->initial_ctx = ctx;
359# ifndef OPENSSL_NO_NEXTPROTONEG 353# ifndef OPENSSL_NO_NEXTPROTONEG
360 s->next_proto_negotiated = NULL; 354 s->next_proto_negotiated = NULL;
361# endif 355# endif
362#endif 356#endif
363 357
364 s->verify_result=X509_V_OK; 358 s->verify_result = X509_V_OK;
365 359
366 s->method=ctx->method; 360 s->method = ctx->method;
367 361
368 if (!s->method->ssl_new(s)) 362 if (!s->method->ssl_new(s))
369 goto err; 363 goto err;
370 364
371 s->references=1; 365 s->references = 1;
372 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; 366 s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
373 367
374 SSL_clear(s); 368 SSL_clear(s);
375 369
376 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 370 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
377 371
378#ifndef OPENSSL_NO_PSK 372#ifndef OPENSSL_NO_PSK
379 s->psk_client_callback=ctx->psk_client_callback; 373 s->psk_client_callback = ctx->psk_client_callback;
380 s->psk_server_callback=ctx->psk_server_callback; 374 s->psk_server_callback = ctx->psk_server_callback;
381#endif 375#endif
382 376
383 return(s); 377 return (s);
384err: 378err:
385 if (s != NULL) 379 if (s != NULL) {
386 {
387 if (s->cert != NULL) 380 if (s->cert != NULL)
388 ssl_cert_free(s->cert); 381 ssl_cert_free(s->cert);
389 if (s->ctx != NULL) 382 if (s->ctx != NULL)
390 SSL_CTX_free(s->ctx); /* decrement reference count */ 383 SSL_CTX_free(s->ctx); /* decrement reference count */
391 OPENSSL_free(s); 384 OPENSSL_free(s);
392 }
393 SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
394 return(NULL);
395 } 385 }
386 SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
387 return (NULL);
388}
396 389
397int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, 390int
398 unsigned int sid_ctx_len) 391SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
399 { 392 unsigned int sid_ctx_len)
400 if(sid_ctx_len > sizeof ctx->sid_ctx) 393{
401 { 394 if (sid_ctx_len > sizeof ctx->sid_ctx) {
402 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 395 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
403 return 0; 396 return 0;
404 } 397 }
405 ctx->sid_ctx_length=sid_ctx_len; 398 ctx->sid_ctx_length = sid_ctx_len;
406 memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); 399 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
407 400
408 return 1; 401 return 1;
409 } 402}
410 403
411int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, 404int
412 unsigned int sid_ctx_len) 405SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
413 { 406 unsigned int sid_ctx_len)
414 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) 407{
415 { 408 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
416 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 409 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
417 return 0; 410 return 0;
418 } 411 }
419 ssl->sid_ctx_length=sid_ctx_len; 412 ssl->sid_ctx_length = sid_ctx_len;
420 memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); 413 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
421 414
422 return 1; 415 return 1;
423 } 416}
424 417
425int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) 418int
426 { 419SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
420{
427 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 421 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
428 ctx->generate_session_id = cb; 422 ctx->generate_session_id = cb;
429 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 423 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
430 return 1; 424 return 1;
431 } 425}
432 426
433int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) 427int
434 { 428SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
429{
435 CRYPTO_w_lock(CRYPTO_LOCK_SSL); 430 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
436 ssl->generate_session_id = cb; 431 ssl->generate_session_id = cb;
437 CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 432 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
438 return 1; 433 return 1;
439 } 434}
440 435
441int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 436int
442 unsigned int id_len) 437SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
443 { 438 unsigned int id_len)
439{
444 /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how 440 /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
445 * we can "construct" a session to give us the desired check - ie. to 441 * we can "construct" a session to give us the desired check - ie. to
446 * find if there's a session in the hash table that would conflict with 442 * find if there's a session in the hash table that would conflict with
@@ -448,7 +444,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
448 * use by this SSL. */ 444 * use by this SSL. */
449 SSL_SESSION r, *p; 445 SSL_SESSION r, *p;
450 446
451 if(id_len > sizeof r.session_id) 447 if (id_len > sizeof r.session_id)
452 return 0; 448 return 0;
453 449
454 r.ssl_version = ssl->version; 450 r.ssl_version = ssl->version;
@@ -458,68 +454,74 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
458 * callback is calling us to check the uniqueness of a shorter ID, it 454 * callback is calling us to check the uniqueness of a shorter ID, it
459 * must be compared as a padded-out ID because that is what it will be 455 * must be compared as a padded-out ID because that is what it will be
460 * converted to when the callback has finished choosing it. */ 456 * converted to when the callback has finished choosing it. */
461 if((r.ssl_version == SSL2_VERSION) && 457 if ((r.ssl_version == SSL2_VERSION) &&
462 (id_len < SSL2_SSL_SESSION_ID_LENGTH)) 458 (id_len < SSL2_SSL_SESSION_ID_LENGTH)) {
463 {
464 memset(r.session_id + id_len, 0, 459 memset(r.session_id + id_len, 0,
465 SSL2_SSL_SESSION_ID_LENGTH - id_len); 460 SSL2_SSL_SESSION_ID_LENGTH - id_len);
466 r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; 461 r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
467 } 462 }
468 463
469 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 464 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
470 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); 465 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
471 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 466 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
472 return (p != NULL); 467 return (p != NULL);
473 } 468}
474 469
475int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) 470int
476 { 471SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
472{
477 return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 473 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
478 } 474}
479 475
480int SSL_set_purpose(SSL *s, int purpose) 476int
481 { 477SSL_set_purpose(SSL *s, int purpose)
478{
482 return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 479 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
483 } 480}
484 481
485int SSL_CTX_set_trust(SSL_CTX *s, int trust) 482int
486 { 483SSL_CTX_set_trust(SSL_CTX *s, int trust)
484{
487 return X509_VERIFY_PARAM_set_trust(s->param, trust); 485 return X509_VERIFY_PARAM_set_trust(s->param, trust);
488 } 486}
489 487
490int SSL_set_trust(SSL *s, int trust) 488int
491 { 489SSL_set_trust(SSL *s, int trust)
490{
492 return X509_VERIFY_PARAM_set_trust(s->param, trust); 491 return X509_VERIFY_PARAM_set_trust(s->param, trust);
493 } 492}
494 493
495int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) 494int
496 { 495SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
496{
497 return X509_VERIFY_PARAM_set1(ctx->param, vpm); 497 return X509_VERIFY_PARAM_set1(ctx->param, vpm);
498 } 498}
499 499
500int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) 500int
501 { 501SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
502{
502 return X509_VERIFY_PARAM_set1(ssl->param, vpm); 503 return X509_VERIFY_PARAM_set1(ssl->param, vpm);
503 } 504}
504 505
505void SSL_free(SSL *s) 506void
506 { 507SSL_free(SSL *s)
508{
507 int i; 509 int i;
508 510
509 if(s == NULL) 511 if (s == NULL)
510 return; 512 return;
511 513
512 i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); 514 i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
513#ifdef REF_PRINT 515#ifdef REF_PRINT
514 REF_PRINT("SSL",s); 516 REF_PRINT("SSL", s);
515#endif 517#endif
516 if (i > 0) return; 518 if (i > 0)
519 return;
517#ifdef REF_CHECK 520#ifdef REF_CHECK
518 if (i < 0) 521 if (i < 0) {
519 { 522 fprintf(stderr, "SSL_free, bad reference count\n");
520 fprintf(stderr,"SSL_free, bad reference count\n");
521 abort(); /* ok */ 523 abort(); /* ok */
522 } 524 }
523#endif 525#endif
524 526
525 if (s->param) 527 if (s->param)
@@ -527,53 +529,58 @@ void SSL_free(SSL *s)
527 529
528 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 530 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
529 531
530 if (s->bbio != NULL) 532 if (s->bbio != NULL) {
531 {
532 /* If the buffering BIO is in place, pop it off */ 533 /* If the buffering BIO is in place, pop it off */
533 if (s->bbio == s->wbio) 534 if (s->bbio == s->wbio) {
534 { 535 s->wbio = BIO_pop(s->wbio);
535 s->wbio=BIO_pop(s->wbio);
536 }
537 BIO_free(s->bbio);
538 s->bbio=NULL;
539 } 536 }
537 BIO_free(s->bbio);
538 s->bbio = NULL;
539 }
540 if (s->rbio != NULL) 540 if (s->rbio != NULL)
541 BIO_free_all(s->rbio); 541 BIO_free_all(s->rbio);
542 if ((s->wbio != NULL) && (s->wbio != s->rbio)) 542 if ((s->wbio != NULL) && (s->wbio != s->rbio))
543 BIO_free_all(s->wbio); 543 BIO_free_all(s->wbio);
544 544
545 if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); 545 if (s->init_buf != NULL)
546 BUF_MEM_free(s->init_buf);
546 547
547 /* add extra stuff */ 548 /* add extra stuff */
548 if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); 549 if (s->cipher_list != NULL)
549 if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); 550 sk_SSL_CIPHER_free(s->cipher_list);
551 if (s->cipher_list_by_id != NULL)
552 sk_SSL_CIPHER_free(s->cipher_list_by_id);
550 553
551 /* Make the next call work :-) */ 554 /* Make the next call work :-) */
552 if (s->session != NULL) 555 if (s->session != NULL) {
553 {
554 ssl_clear_bad_session(s); 556 ssl_clear_bad_session(s);
555 SSL_SESSION_free(s->session); 557 SSL_SESSION_free(s->session);
556 } 558 }
557 559
558 ssl_clear_cipher_ctx(s); 560 ssl_clear_cipher_ctx(s);
559 ssl_clear_hash_ctx(&s->read_hash); 561 ssl_clear_hash_ctx(&s->read_hash);
560 ssl_clear_hash_ctx(&s->write_hash); 562 ssl_clear_hash_ctx(&s->write_hash);
561 563
562 if (s->cert != NULL) ssl_cert_free(s->cert); 564 if (s->cert != NULL)
565 ssl_cert_free(s->cert);
563 /* Free up if allocated */ 566 /* Free up if allocated */
564 567
565#ifndef OPENSSL_NO_TLSEXT 568#ifndef OPENSSL_NO_TLSEXT
566 if (s->tlsext_hostname) 569 if (s->tlsext_hostname)
567 OPENSSL_free(s->tlsext_hostname); 570 OPENSSL_free(s->tlsext_hostname);
568 if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); 571 if (s->initial_ctx)
572 SSL_CTX_free(s->initial_ctx);
569#ifndef OPENSSL_NO_EC 573#ifndef OPENSSL_NO_EC
570 if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist); 574 if (s->tlsext_ecpointformatlist)
571 if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); 575 OPENSSL_free(s->tlsext_ecpointformatlist);
576 if (s->tlsext_ellipticcurvelist)
577 OPENSSL_free(s->tlsext_ellipticcurvelist);
572#endif /* OPENSSL_NO_EC */ 578#endif /* OPENSSL_NO_EC */
573 if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input); 579 if (s->tlsext_opaque_prf_input)
580 OPENSSL_free(s->tlsext_opaque_prf_input);
574 if (s->tlsext_ocsp_exts) 581 if (s->tlsext_ocsp_exts)
575 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 582 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
576 X509_EXTENSION_free); 583 X509_EXTENSION_free);
577 if (s->tlsext_ocsp_ids) 584 if (s->tlsext_ocsp_ids)
578 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 585 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
579 if (s->tlsext_ocsp_resp) 586 if (s->tlsext_ocsp_resp)
@@ -581,11 +588,13 @@ void SSL_free(SSL *s)
581#endif 588#endif
582 589
583 if (s->client_CA != NULL) 590 if (s->client_CA != NULL)
584 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); 591 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
585 592
586 if (s->method != NULL) s->method->ssl_free(s); 593 if (s->method != NULL)
594 s->method->ssl_free(s);
587 595
588 if (s->ctx) SSL_CTX_free(s->ctx); 596 if (s->ctx)
597 SSL_CTX_free(s->ctx);
589 598
590#ifndef OPENSSL_NO_KRB5 599#ifndef OPENSSL_NO_KRB5
591 if (s->kssl_ctx != NULL) 600 if (s->kssl_ctx != NULL)
@@ -598,223 +607,237 @@ void SSL_free(SSL *s)
598#endif 607#endif
599 608
600#ifndef OPENSSL_NO_SRTP 609#ifndef OPENSSL_NO_SRTP
601 if (s->srtp_profiles) 610 if (s->srtp_profiles)
602 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); 611 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
603#endif 612#endif
604 613
605 OPENSSL_free(s); 614 OPENSSL_free(s);
606 } 615}
607 616
608void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) 617void
609 { 618SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
619{
610 /* If the output buffering BIO is still in place, remove it 620 /* If the output buffering BIO is still in place, remove it
611 */ 621 */
612 if (s->bbio != NULL) 622 if (s->bbio != NULL) {
613 { 623 if (s->wbio == s->bbio) {
614 if (s->wbio == s->bbio) 624 s->wbio = s->wbio->next_bio;
615 { 625 s->bbio->next_bio = NULL;
616 s->wbio=s->wbio->next_bio;
617 s->bbio->next_bio=NULL;
618 }
619 } 626 }
627 }
620 if ((s->rbio != NULL) && (s->rbio != rbio)) 628 if ((s->rbio != NULL) && (s->rbio != rbio))
621 BIO_free_all(s->rbio); 629 BIO_free_all(s->rbio);
622 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) 630 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
623 BIO_free_all(s->wbio); 631 BIO_free_all(s->wbio);
624 s->rbio=rbio; 632 s->rbio = rbio;
625 s->wbio=wbio; 633 s->wbio = wbio;
626 } 634}
627 635
628BIO *SSL_get_rbio(const SSL *s) 636BIO
629 { return(s->rbio); } 637*SSL_get_rbio(const SSL *s)
638 { return (s->rbio);
639}
630 640
631BIO *SSL_get_wbio(const SSL *s) 641BIO
632 { return(s->wbio); } 642*SSL_get_wbio(const SSL *s)
643 { return (s->wbio);
644}
633 645
634int SSL_get_fd(const SSL *s) 646int
635 { 647SSL_get_fd(const SSL *s)
636 return(SSL_get_rfd(s)); 648{
637 } 649 return (SSL_get_rfd(s));
650}
638 651
639int SSL_get_rfd(const SSL *s) 652int
640 { 653SSL_get_rfd(const SSL *s)
641 int ret= -1; 654{
642 BIO *b,*r; 655 int ret = -1;
656 BIO *b, *r;
643 657
644 b=SSL_get_rbio(s); 658 b = SSL_get_rbio(s);
645 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); 659 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
646 if (r != NULL) 660 if (r != NULL)
647 BIO_get_fd(r,&ret); 661 BIO_get_fd(r, &ret);
648 return(ret); 662 return (ret);
649 } 663}
650 664
651int SSL_get_wfd(const SSL *s) 665int
652 { 666SSL_get_wfd(const SSL *s)
653 int ret= -1; 667{
654 BIO *b,*r; 668 int ret = -1;
669 BIO *b, *r;
655 670
656 b=SSL_get_wbio(s); 671 b = SSL_get_wbio(s);
657 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); 672 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
658 if (r != NULL) 673 if (r != NULL)
659 BIO_get_fd(r,&ret); 674 BIO_get_fd(r, &ret);
660 return(ret); 675 return (ret);
661 } 676}
662 677
663#ifndef OPENSSL_NO_SOCK 678#ifndef OPENSSL_NO_SOCK
664int SSL_set_fd(SSL *s,int fd) 679int
665 { 680SSL_set_fd(SSL *s, int fd)
666 int ret=0; 681{
667 BIO *bio=NULL; 682 int ret = 0;
683 BIO *bio = NULL;
668 684
669 bio=BIO_new(BIO_s_socket()); 685 bio = BIO_new(BIO_s_socket());
670 686
671 if (bio == NULL) 687 if (bio == NULL) {
672 { 688 SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
673 SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
674 goto err; 689 goto err;
675 }
676 BIO_set_fd(bio,fd,BIO_NOCLOSE);
677 SSL_set_bio(s,bio,bio);
678 ret=1;
679err:
680 return(ret);
681 } 690 }
691 BIO_set_fd(bio, fd, BIO_NOCLOSE);
692 SSL_set_bio(s, bio, bio);
693 ret = 1;
694err:
695 return (ret);
696}
682 697
683int SSL_set_wfd(SSL *s,int fd) 698int
684 { 699SSL_set_wfd(SSL *s, int fd)
685 int ret=0; 700{
686 BIO *bio=NULL; 701 int ret = 0;
702 BIO *bio = NULL;
687 703
688 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) 704 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
689 || ((int)BIO_get_fd(s->rbio,NULL) != fd)) 705 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
690 { 706 bio = BIO_new(BIO_s_socket());
691 bio=BIO_new(BIO_s_socket());
692 707
693 if (bio == NULL) 708 if (bio == NULL)
694 { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } 709 { SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
695 BIO_set_fd(bio,fd,BIO_NOCLOSE); 710 goto err;
696 SSL_set_bio(s,SSL_get_rbio(s),bio);
697 } 711 }
698 else 712 BIO_set_fd(bio, fd, BIO_NOCLOSE);
699 SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s)); 713 SSL_set_bio(s, SSL_get_rbio(s), bio);
700 ret=1; 714 } else
715 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
716 ret = 1;
701err: 717err:
702 return(ret); 718 return (ret);
703 } 719}
704 720
705int SSL_set_rfd(SSL *s,int fd) 721int
706 { 722SSL_set_rfd(SSL *s, int fd)
707 int ret=0; 723{
708 BIO *bio=NULL; 724 int ret = 0;
725 BIO *bio = NULL;
709 726
710 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) 727 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
711 || ((int)BIO_get_fd(s->wbio,NULL) != fd)) 728 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
712 { 729 bio = BIO_new(BIO_s_socket());
713 bio=BIO_new(BIO_s_socket());
714 730
715 if (bio == NULL) 731 if (bio == NULL) {
716 { 732 SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
717 SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
718 goto err; 733 goto err;
719 }
720 BIO_set_fd(bio,fd,BIO_NOCLOSE);
721 SSL_set_bio(s,bio,SSL_get_wbio(s));
722 } 734 }
723 else 735 BIO_set_fd(bio, fd, BIO_NOCLOSE);
724 SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s)); 736 SSL_set_bio(s, bio, SSL_get_wbio(s));
725 ret=1; 737 } else
738 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
739 ret = 1;
726err: 740err:
727 return(ret); 741 return (ret);
728 } 742}
729#endif 743#endif
730 744
731 745
732/* return length of latest Finished message we sent, copy to 'buf' */ 746/* return length of latest Finished message we sent, copy to 'buf' */
733size_t SSL_get_finished(const SSL *s, void *buf, size_t count) 747size_t
734 { 748SSL_get_finished(const SSL *s, void *buf, size_t count)
749{
735 size_t ret = 0; 750 size_t ret = 0;
736 751
737 if (s->s3 != NULL) 752 if (s->s3 != NULL) {
738 {
739 ret = s->s3->tmp.finish_md_len; 753 ret = s->s3->tmp.finish_md_len;
740 if (count > ret) 754 if (count > ret)
741 count = ret; 755 count = ret;
742 memcpy(buf, s->s3->tmp.finish_md, count); 756 memcpy(buf, s->s3->tmp.finish_md, count);
743 }
744 return ret;
745 } 757 }
758 return ret;
759}
746 760
747/* return length of latest Finished message we expected, copy to 'buf' */ 761/* return length of latest Finished message we expected, copy to 'buf' */
748size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) 762size_t
749 { 763SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
764{
750 size_t ret = 0; 765 size_t ret = 0;
751 766
752 if (s->s3 != NULL) 767 if (s->s3 != NULL) {
753 {
754 ret = s->s3->tmp.peer_finish_md_len; 768 ret = s->s3->tmp.peer_finish_md_len;
755 if (count > ret) 769 if (count > ret)
756 count = ret; 770 count = ret;
757 memcpy(buf, s->s3->tmp.peer_finish_md, count); 771 memcpy(buf, s->s3->tmp.peer_finish_md, count);
758 }
759 return ret;
760 } 772 }
773 return ret;
774}
761 775
762 776
763int SSL_get_verify_mode(const SSL *s) 777int
764 { 778SSL_get_verify_mode(const SSL *s)
765 return(s->verify_mode); 779{
766 } 780 return (s->verify_mode);
781}
767 782
768int SSL_get_verify_depth(const SSL *s) 783int
769 { 784SSL_get_verify_depth(const SSL *s)
785{
770 return X509_VERIFY_PARAM_get_depth(s->param); 786 return X509_VERIFY_PARAM_get_depth(s->param);
771 } 787}
772 788
773int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) 789int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
774 { 790{
775 return(s->verify_callback); 791 return (s->verify_callback);
776 } 792}
777 793
778int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) 794int
779 { 795SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
780 return(ctx->verify_mode); 796{
781 } 797 return (ctx->verify_mode);
798}
782 799
783int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) 800int
784 { 801SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
802{
785 return X509_VERIFY_PARAM_get_depth(ctx->param); 803 return X509_VERIFY_PARAM_get_depth(ctx->param);
786 } 804}
787 805
788int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) 806int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
789 { 807{
790 return(ctx->default_verify_callback); 808 return (ctx->default_verify_callback);
791 } 809}
792 810
793void SSL_set_verify(SSL *s,int mode, 811void
794 int (*callback)(int ok,X509_STORE_CTX *ctx)) 812SSL_set_verify(SSL *s, int mode,
795 { 813 int (*callback)(int ok, X509_STORE_CTX *ctx))
796 s->verify_mode=mode; 814{
815 s->verify_mode = mode;
797 if (callback != NULL) 816 if (callback != NULL)
798 s->verify_callback=callback; 817 s->verify_callback = callback;
799 } 818}
800 819
801void SSL_set_verify_depth(SSL *s,int depth) 820void
802 { 821SSL_set_verify_depth(SSL *s, int depth)
822{
803 X509_VERIFY_PARAM_set_depth(s->param, depth); 823 X509_VERIFY_PARAM_set_depth(s->param, depth);
804 } 824}
805 825
806void SSL_set_read_ahead(SSL *s,int yes) 826void
807 { 827SSL_set_read_ahead(SSL *s, int yes)
808 s->read_ahead=yes; 828{
809 } 829 s->read_ahead = yes;
830}
810 831
811int SSL_get_read_ahead(const SSL *s) 832int
812 { 833SSL_get_read_ahead(const SSL *s)
813 return(s->read_ahead); 834{
814 } 835 return (s->read_ahead);
836}
815 837
816int SSL_pending(const SSL *s) 838int
817 { 839SSL_pending(const SSL *s)
840{
818 /* SSL_pending cannot work properly if read-ahead is enabled 841 /* SSL_pending cannot work properly if read-ahead is enabled
819 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), 842 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
820 * and it is impossible to fix since SSL_pending cannot report 843 * and it is impossible to fix since SSL_pending cannot report
@@ -822,264 +845,266 @@ int SSL_pending(const SSL *s)
822 * (Note that SSL_pending() is often used as a boolean value, 845 * (Note that SSL_pending() is often used as a boolean value,
823 * so we'd better not return -1.) 846 * so we'd better not return -1.)
824 */ 847 */
825 return(s->method->ssl_pending(s)); 848 return (s->method->ssl_pending(s));
826 } 849}
827 850
828X509 *SSL_get_peer_certificate(const SSL *s) 851X509
829 { 852*SSL_get_peer_certificate(const SSL *s)
853{
830 X509 *r; 854 X509 *r;
831 855
832 if ((s == NULL) || (s->session == NULL)) 856 if ((s == NULL) || (s->session == NULL))
833 r=NULL; 857 r = NULL;
834 else 858 else
835 r=s->session->peer; 859 r = s->session->peer;
836 860
837 if (r == NULL) return(r); 861 if (r == NULL)
862 return (r);
838 863
839 CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); 864 CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509);
840 865
841 return(r); 866 return (r);
842 } 867}
843 868
844STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) 869STACK_OF(X509)
845 { 870*SSL_get_peer_cert_chain(const SSL *s)
871{
846 STACK_OF(X509) *r; 872 STACK_OF(X509) *r;
847 873
848 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) 874 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
849 r=NULL; 875 r = NULL;
850 else 876 else
851 r=s->session->sess_cert->cert_chain; 877 r = s->session->sess_cert->cert_chain;
852 878
853 /* If we are a client, cert_chain includes the peer's own 879 /* If we are a client, cert_chain includes the peer's own
854 * certificate; if we are a server, it does not. */ 880 * certificate;
855 881if we are a server, it does not. */
856 return(r); 882
857 } 883 return (r);
884}
858 885
859/* Now in theory, since the calling process own 't' it should be safe to 886/* Now in theory, since the calling process own 't' it should be safe to
860 * modify. We need to be able to read f without being hassled */ 887 * modify. We need to be able to read f without being hassled */
861void SSL_copy_session_id(SSL *t,const SSL *f) 888void
862 { 889SSL_copy_session_id(SSL *t, const SSL *f)
890{
863 CERT *tmp; 891 CERT *tmp;
864 892
865 /* Do we need to to SSL locking? */ 893 /* Do we need to to SSL locking? */
866 SSL_set_session(t,SSL_get_session(f)); 894 SSL_set_session(t, SSL_get_session(f));
867 895
868 /* what if we are setup as SSLv2 but want to talk SSLv3 or 896 /* what if we are setup as SSLv2 but want to talk SSLv3 or
869 * vice-versa */ 897 * vice-versa */
870 if (t->method != f->method) 898 if (t->method != f->method) {
871 {
872 t->method->ssl_free(t); /* cleanup current */ 899 t->method->ssl_free(t); /* cleanup current */
873 t->method=f->method; /* change method */ 900 t->method=f->method; /* change method */
874 t->method->ssl_new(t); /* setup new */ 901 t->method->ssl_new(t); /* setup new */
875 }
876
877 tmp=t->cert;
878 if (f->cert != NULL)
879 {
880 CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
881 t->cert=f->cert;
882 }
883 else
884 t->cert=NULL;
885 if (tmp != NULL) ssl_cert_free(tmp);
886 SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
887 } 902 }
888 903
904 tmp = t->cert;
905 if (f->cert != NULL) {
906 CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
907 t->cert = f->cert;
908 } else
909 t->cert = NULL;
910 if (tmp != NULL)
911 ssl_cert_free(tmp);
912 SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
913}
914
889/* Fix this so it checks all the valid key/cert options */ 915/* Fix this so it checks all the valid key/cert options */
890int SSL_CTX_check_private_key(const SSL_CTX *ctx) 916int
891 { 917SSL_CTX_check_private_key(const SSL_CTX *ctx)
892 if ( (ctx == NULL) || 918{
919 if ((ctx == NULL) ||
893 (ctx->cert == NULL) || 920 (ctx->cert == NULL) ||
894 (ctx->cert->key->x509 == NULL)) 921 (ctx->cert->key->x509 == NULL)) {
895 { 922 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
896 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); 923 return (0);
897 return(0); 924 }
898 } 925 if (ctx->cert->key->privatekey == NULL) {
899 if (ctx->cert->key->privatekey == NULL) 926 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
900 { 927 return (0);
901 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
902 return(0);
903 }
904 return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
905 } 928 }
929 return (X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
930}
906 931
907/* Fix this function so that it takes an optional type parameter */ 932/* Fix this function so that it takes an optional type parameter */
908int SSL_check_private_key(const SSL *ssl) 933int
909 { 934SSL_check_private_key(const SSL *ssl)
910 if (ssl == NULL) 935{
911 { 936 if (ssl == NULL) {
912 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); 937 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
913 return(0); 938 return (0);
914 } 939 }
915 if (ssl->cert == NULL) 940 if (ssl->cert == NULL) {
916 { 941 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
917 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
918 return 0; 942 return 0;
919 }
920 if (ssl->cert->key->x509 == NULL)
921 {
922 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
923 return(0);
924 }
925 if (ssl->cert->key->privatekey == NULL)
926 {
927 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
928 return(0);
929 }
930 return(X509_check_private_key(ssl->cert->key->x509,
931 ssl->cert->key->privatekey));
932 } 943 }
944 if (ssl->cert->key->x509 == NULL) {
945 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
946 return (0);
947 }
948 if (ssl->cert->key->privatekey == NULL) {
949 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
950 return (0);
951 }
952 return(X509_check_private_key(ssl->cert->key->x509,
953 ssl->cert->key->privatekey));
954}
933 955
934int SSL_accept(SSL *s) 956int
935 { 957SSL_accept(SSL *s)
958{
936 if (s->handshake_func == 0) 959 if (s->handshake_func == 0)
937 /* Not properly initialized yet */ 960 /* Not properly initialized yet */
938 SSL_set_accept_state(s); 961 SSL_set_accept_state(s);
939 962
940 return(s->method->ssl_accept(s)); 963 return (s->method->ssl_accept(s));
941 } 964}
942 965
943int SSL_connect(SSL *s) 966int
944 { 967SSL_connect(SSL *s)
968{
945 if (s->handshake_func == 0) 969 if (s->handshake_func == 0)
946 /* Not properly initialized yet */ 970 /* Not properly initialized yet */
947 SSL_set_connect_state(s); 971 SSL_set_connect_state(s);
948 972
949 return(s->method->ssl_connect(s)); 973 return (s->method->ssl_connect(s));
950 } 974}
951 975
952long SSL_get_default_timeout(const SSL *s) 976long
953 { 977SSL_get_default_timeout(const SSL *s)
954 return(s->method->get_timeout()); 978{
955 } 979 return (s->method->get_timeout());
980}
956 981
957int SSL_read(SSL *s,void *buf,int num) 982int
958 { 983SSL_read(SSL *s, void *buf, int num)
959 if (s->handshake_func == 0) 984{
960 { 985 if (s->handshake_func == 0) {
961 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); 986 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
962 return -1; 987 return -1;
963 } 988 }
964 989
965 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 990 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
966 { 991 s->rwstate = SSL_NOTHING;
967 s->rwstate=SSL_NOTHING; 992 return (0);
968 return(0);
969 }
970 return(s->method->ssl_read(s,buf,num));
971 } 993 }
994 return (s->method->ssl_read(s, buf, num));
995}
972 996
973int SSL_peek(SSL *s,void *buf,int num) 997int
974 { 998SSL_peek(SSL *s, void *buf, int num)
975 if (s->handshake_func == 0) 999{
976 { 1000 if (s->handshake_func == 0) {
977 SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); 1001 SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
978 return -1; 1002 return -1;
979 } 1003 }
980 1004
981 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 1005 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
982 { 1006 return (0);
983 return(0);
984 }
985 return(s->method->ssl_peek(s,buf,num));
986 } 1007 }
1008 return (s->method->ssl_peek(s, buf, num));
1009}
987 1010
988int SSL_write(SSL *s,const void *buf,int num) 1011int
989 { 1012SSL_write(SSL *s, const void *buf, int num)
990 if (s->handshake_func == 0) 1013{
991 { 1014 if (s->handshake_func == 0) {
992 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); 1015 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
993 return -1; 1016 return -1;
994 } 1017 }
995 1018
996 if (s->shutdown & SSL_SENT_SHUTDOWN) 1019 if (s->shutdown & SSL_SENT_SHUTDOWN) {
997 { 1020 s->rwstate = SSL_NOTHING;
998 s->rwstate=SSL_NOTHING; 1021 SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
999 SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); 1022 return (-1);
1000 return(-1);
1001 }
1002 return(s->method->ssl_write(s,buf,num));
1003 } 1023 }
1024 return (s->method->ssl_write(s, buf, num));
1025}
1004 1026
1005int SSL_shutdown(SSL *s) 1027int
1006 { 1028SSL_shutdown(SSL *s)
1029{
1007 /* Note that this function behaves differently from what one might 1030 /* Note that this function behaves differently from what one might
1008 * expect. Return values are 0 for no success (yet), 1031 * expect. Return values are 0 for no success (yet),
1009 * 1 for success; but calling it once is usually not enough, 1032 * 1 for success; but calling it once is usually not enough,
1010 * even if blocking I/O is used (see ssl3_shutdown). 1033 * even if blocking I/O is used (see ssl3_shutdown).
1011 */ 1034 */
1012 1035
1013 if (s->handshake_func == 0) 1036 if (s->handshake_func == 0) {
1014 {
1015 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); 1037 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
1016 return -1; 1038 return -1;
1017 } 1039 }
1018 1040
1019 if ((s != NULL) && !SSL_in_init(s)) 1041 if ((s != NULL) && !SSL_in_init(s))
1020 return(s->method->ssl_shutdown(s)); 1042 return (s->method->ssl_shutdown(s));
1021 else 1043 else
1022 return(1); 1044 return (1);
1023 } 1045}
1024 1046
1025int SSL_renegotiate(SSL *s) 1047int
1026 { 1048SSL_renegotiate(SSL *s)
1049{
1027 if (s->renegotiate == 0) 1050 if (s->renegotiate == 0)
1028 s->renegotiate=1; 1051 s->renegotiate = 1;
1029 1052
1030 s->new_session=1; 1053 s->new_session = 1;
1031 1054
1032 return(s->method->ssl_renegotiate(s)); 1055 return (s->method->ssl_renegotiate(s));
1033 } 1056}
1034 1057
1035int SSL_renegotiate_abbreviated(SSL *s) 1058int
1036 { 1059SSL_renegotiate_abbreviated(SSL *s)
1060{
1037 if (s->renegotiate == 0) 1061 if (s->renegotiate == 0)
1038 s->renegotiate=1; 1062 s->renegotiate = 1;
1039 1063
1040 s->new_session=0; 1064 s->new_session = 0;
1041 1065
1042 return(s->method->ssl_renegotiate(s)); 1066 return (s->method->ssl_renegotiate(s));
1043 } 1067}
1044 1068
1045int SSL_renegotiate_pending(SSL *s) 1069int
1046 { 1070SSL_renegotiate_pending(SSL *s)
1071{
1047 /* becomes true when negotiation is requested; 1072 /* becomes true when negotiation is requested;
1048 * false again once a handshake has finished */ 1073 * false again once a handshake has finished */
1049 return (s->renegotiate != 0); 1074 return (s->renegotiate != 0);
1050 } 1075}
1051 1076
1052long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) 1077long
1053 { 1078SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1079{
1054 long l; 1080 long l;
1055 1081
1056 switch (cmd) 1082 switch (cmd) {
1057 {
1058 case SSL_CTRL_GET_READ_AHEAD: 1083 case SSL_CTRL_GET_READ_AHEAD:
1059 return(s->read_ahead); 1084 return (s->read_ahead);
1060 case SSL_CTRL_SET_READ_AHEAD: 1085 case SSL_CTRL_SET_READ_AHEAD:
1061 l=s->read_ahead; 1086 l = s->read_ahead;
1062 s->read_ahead=larg; 1087 s->read_ahead = larg;
1063 return(l); 1088 return (l);
1064 1089
1065 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1090 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1066 s->msg_callback_arg = parg; 1091 s->msg_callback_arg = parg;
1067 return 1; 1092 return 1;
1068 1093
1069 case SSL_CTRL_OPTIONS: 1094 case SSL_CTRL_OPTIONS:
1070 return(s->options|=larg); 1095 return (s->options|=larg);
1071 case SSL_CTRL_CLEAR_OPTIONS: 1096 case SSL_CTRL_CLEAR_OPTIONS:
1072 return(s->options&=~larg); 1097 return (s->options&=~larg);
1073 case SSL_CTRL_MODE: 1098 case SSL_CTRL_MODE:
1074 return(s->mode|=larg); 1099 return (s->mode|=larg);
1075 case SSL_CTRL_CLEAR_MODE: 1100 case SSL_CTRL_CLEAR_MODE:
1076 return(s->mode &=~larg); 1101 return (s->mode &=~larg);
1077 case SSL_CTRL_GET_MAX_CERT_LIST: 1102 case SSL_CTRL_GET_MAX_CERT_LIST:
1078 return(s->max_cert_list); 1103 return (s->max_cert_list);
1079 case SSL_CTRL_SET_MAX_CERT_LIST: 1104 case SSL_CTRL_SET_MAX_CERT_LIST:
1080 l=s->max_cert_list; 1105 l = s->max_cert_list;
1081 s->max_cert_list=larg; 1106 s->max_cert_list = larg;
1082 return(l); 1107 return (l);
1083 case SSL_CTRL_SET_MTU: 1108 case SSL_CTRL_SET_MTU:
1084#ifndef OPENSSL_NO_DTLS1 1109#ifndef OPENSSL_NO_DTLS1
1085 if (larg < (long)dtls1_min_mtu()) 1110 if (larg < (long)dtls1_min_mtu())
@@ -1087,11 +1112,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
1087#endif 1112#endif
1088 1113
1089 if (SSL_version(s) == DTLS1_VERSION || 1114 if (SSL_version(s) == DTLS1_VERSION ||
1090 SSL_version(s) == DTLS1_BAD_VER) 1115 SSL_version(s) == DTLS1_BAD_VER) {
1091 {
1092 s->d1->mtu = larg; 1116 s->d1->mtu = larg;
1093 return larg; 1117 return larg;
1094 } 1118 }
1095 return 0; 1119 return 0;
1096 case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1120 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1097 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1121 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
@@ -1103,203 +1127,204 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
1103 return s->s3->send_connection_binding; 1127 return s->s3->send_connection_binding;
1104 else return 0; 1128 else return 0;
1105 default: 1129 default:
1106 return(s->method->ssl_ctrl(s,cmd,larg,parg)); 1130 return (s->method->ssl_ctrl(s, cmd, larg, parg));
1107 }
1108 } 1131 }
1132}
1109 1133
1110long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 1134long
1111 { 1135SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1112 switch(cmd) 1136{
1113 { 1137 switch (cmd) {
1114 case SSL_CTRL_SET_MSG_CALLBACK: 1138 case SSL_CTRL_SET_MSG_CALLBACK:
1115 s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); 1139 s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1116 return 1; 1140 return 1;
1117 1141
1118 default: 1142 default:
1119 return(s->method->ssl_callback_ctrl(s,cmd,fp)); 1143 return (s->method->ssl_callback_ctrl(s, cmd, fp));
1120 }
1121 } 1144 }
1145}
1122 1146
1123LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) 1147LHASH_OF(SSL_SESSION)
1124 { 1148*SSL_CTX_sessions(SSL_CTX *ctx)
1149{
1125 return ctx->sessions; 1150 return ctx->sessions;
1126 } 1151}
1127 1152
1128long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) 1153long
1129 { 1154SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1155{
1130 long l; 1156 long l;
1131 1157
1132 switch (cmd) 1158 switch (cmd) {
1133 {
1134 case SSL_CTRL_GET_READ_AHEAD: 1159 case SSL_CTRL_GET_READ_AHEAD:
1135 return(ctx->read_ahead); 1160 return (ctx->read_ahead);
1136 case SSL_CTRL_SET_READ_AHEAD: 1161 case SSL_CTRL_SET_READ_AHEAD:
1137 l=ctx->read_ahead; 1162 l = ctx->read_ahead;
1138 ctx->read_ahead=larg; 1163 ctx->read_ahead = larg;
1139 return(l); 1164 return (l);
1140 1165
1141 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1166 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1142 ctx->msg_callback_arg = parg; 1167 ctx->msg_callback_arg = parg;
1143 return 1; 1168 return 1;
1144 1169
1145 case SSL_CTRL_GET_MAX_CERT_LIST: 1170 case SSL_CTRL_GET_MAX_CERT_LIST:
1146 return(ctx->max_cert_list); 1171 return (ctx->max_cert_list);
1147 case SSL_CTRL_SET_MAX_CERT_LIST: 1172 case SSL_CTRL_SET_MAX_CERT_LIST:
1148 l=ctx->max_cert_list; 1173 l = ctx->max_cert_list;
1149 ctx->max_cert_list=larg; 1174 ctx->max_cert_list = larg;
1150 return(l); 1175 return (l);
1151 1176
1152 case SSL_CTRL_SET_SESS_CACHE_SIZE: 1177 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1153 l=ctx->session_cache_size; 1178 l = ctx->session_cache_size;
1154 ctx->session_cache_size=larg; 1179 ctx->session_cache_size = larg;
1155 return(l); 1180 return (l);
1156 case SSL_CTRL_GET_SESS_CACHE_SIZE: 1181 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1157 return(ctx->session_cache_size); 1182 return (ctx->session_cache_size);
1158 case SSL_CTRL_SET_SESS_CACHE_MODE: 1183 case SSL_CTRL_SET_SESS_CACHE_MODE:
1159 l=ctx->session_cache_mode; 1184 l = ctx->session_cache_mode;
1160 ctx->session_cache_mode=larg; 1185 ctx->session_cache_mode = larg;
1161 return(l); 1186 return (l);
1162 case SSL_CTRL_GET_SESS_CACHE_MODE: 1187 case SSL_CTRL_GET_SESS_CACHE_MODE:
1163 return(ctx->session_cache_mode); 1188 return (ctx->session_cache_mode);
1164 1189
1165 case SSL_CTRL_SESS_NUMBER: 1190 case SSL_CTRL_SESS_NUMBER:
1166 return(lh_SSL_SESSION_num_items(ctx->sessions)); 1191 return (lh_SSL_SESSION_num_items(ctx->sessions));
1167 case SSL_CTRL_SESS_CONNECT: 1192 case SSL_CTRL_SESS_CONNECT:
1168 return(ctx->stats.sess_connect); 1193 return (ctx->stats.sess_connect);
1169 case SSL_CTRL_SESS_CONNECT_GOOD: 1194 case SSL_CTRL_SESS_CONNECT_GOOD:
1170 return(ctx->stats.sess_connect_good); 1195 return (ctx->stats.sess_connect_good);
1171 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: 1196 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1172 return(ctx->stats.sess_connect_renegotiate); 1197 return (ctx->stats.sess_connect_renegotiate);
1173 case SSL_CTRL_SESS_ACCEPT: 1198 case SSL_CTRL_SESS_ACCEPT:
1174 return(ctx->stats.sess_accept); 1199 return (ctx->stats.sess_accept);
1175 case SSL_CTRL_SESS_ACCEPT_GOOD: 1200 case SSL_CTRL_SESS_ACCEPT_GOOD:
1176 return(ctx->stats.sess_accept_good); 1201 return (ctx->stats.sess_accept_good);
1177 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: 1202 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1178 return(ctx->stats.sess_accept_renegotiate); 1203 return (ctx->stats.sess_accept_renegotiate);
1179 case SSL_CTRL_SESS_HIT: 1204 case SSL_CTRL_SESS_HIT:
1180 return(ctx->stats.sess_hit); 1205 return (ctx->stats.sess_hit);
1181 case SSL_CTRL_SESS_CB_HIT: 1206 case SSL_CTRL_SESS_CB_HIT:
1182 return(ctx->stats.sess_cb_hit); 1207 return (ctx->stats.sess_cb_hit);
1183 case SSL_CTRL_SESS_MISSES: 1208 case SSL_CTRL_SESS_MISSES:
1184 return(ctx->stats.sess_miss); 1209 return (ctx->stats.sess_miss);
1185 case SSL_CTRL_SESS_TIMEOUTS: 1210 case SSL_CTRL_SESS_TIMEOUTS:
1186 return(ctx->stats.sess_timeout); 1211 return (ctx->stats.sess_timeout);
1187 case SSL_CTRL_SESS_CACHE_FULL: 1212 case SSL_CTRL_SESS_CACHE_FULL:
1188 return(ctx->stats.sess_cache_full); 1213 return (ctx->stats.sess_cache_full);
1189 case SSL_CTRL_OPTIONS: 1214 case SSL_CTRL_OPTIONS:
1190 return(ctx->options|=larg); 1215 return (ctx->options|=larg);
1191 case SSL_CTRL_CLEAR_OPTIONS: 1216 case SSL_CTRL_CLEAR_OPTIONS:
1192 return(ctx->options&=~larg); 1217 return (ctx->options&=~larg);
1193 case SSL_CTRL_MODE: 1218 case SSL_CTRL_MODE:
1194 return(ctx->mode|=larg); 1219 return (ctx->mode|=larg);
1195 case SSL_CTRL_CLEAR_MODE: 1220 case SSL_CTRL_CLEAR_MODE:
1196 return(ctx->mode&=~larg); 1221 return (ctx->mode&=~larg);
1197 case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1222 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1198 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1223 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1199 return 0; 1224 return 0;
1200 ctx->max_send_fragment = larg; 1225 ctx->max_send_fragment = larg;
1201 return 1; 1226 return 1;
1202 default: 1227 default:
1203 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); 1228 return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
1204 }
1205 } 1229 }
1230}
1206 1231
1207long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 1232long
1208 { 1233SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1209 switch(cmd) 1234{
1210 { 1235 switch (cmd) {
1211 case SSL_CTRL_SET_MSG_CALLBACK: 1236 case SSL_CTRL_SET_MSG_CALLBACK:
1212 ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); 1237 ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1213 return 1; 1238 return 1;
1214 1239
1215 default: 1240 default:
1216 return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); 1241 return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
1217 }
1218 } 1242 }
1243}
1219 1244
1220int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) 1245int
1221 { 1246ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1247{
1222 long l; 1248 long l;
1223 1249
1224 l=a->id-b->id; 1250 l = a->id - b->id;
1225 if (l == 0L) 1251 if (l == 0L)
1226 return(0); 1252 return (0);
1227 else 1253 else
1228 return((l > 0)?1:-1); 1254 return ((l > 0) ? 1:-1);
1229 } 1255}
1230 1256
1231int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, 1257int
1232 const SSL_CIPHER * const *bp) 1258ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1233 { 1259 const SSL_CIPHER * const *bp)
1260{
1234 long l; 1261 long l;
1235 1262
1236 l=(*ap)->id-(*bp)->id; 1263 l = (*ap)->id - (*bp)->id;
1237 if (l == 0L) 1264 if (l == 0L)
1238 return(0); 1265 return (0);
1239 else 1266 else
1240 return((l > 0)?1:-1); 1267 return ((l > 0) ? 1:-1);
1241 } 1268}
1242 1269
1243/** return a STACK of the ciphers available for the SSL and in order of 1270/** return a STACK of the ciphers available for the SSL and in order of
1244 * preference */ 1271 * preference */
1245STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) 1272STACK_OF(SSL_CIPHER)
1246 { 1273*SSL_get_ciphers(const SSL *s)
1247 if (s != NULL) 1274{
1248 { 1275 if (s != NULL) {
1249 if (s->cipher_list != NULL) 1276 if (s->cipher_list != NULL) {
1250 { 1277 return (s->cipher_list);
1251 return(s->cipher_list); 1278 } else if ((s->ctx != NULL) &&
1252 } 1279 (s->ctx->cipher_list != NULL)) {
1253 else if ((s->ctx != NULL) && 1280 return (s->ctx->cipher_list);
1254 (s->ctx->cipher_list != NULL))
1255 {
1256 return(s->ctx->cipher_list);
1257 }
1258 } 1281 }
1259 return(NULL);
1260 } 1282 }
1283 return (NULL);
1284}
1261 1285
1262/** return a STACK of the ciphers available for the SSL and in order of 1286/** return a STACK of the ciphers available for the SSL and in order of
1263 * algorithm id */ 1287 * algorithm id */
1264STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) 1288STACK_OF(SSL_CIPHER)
1265 { 1289*ssl_get_ciphers_by_id(SSL *s)
1266 if (s != NULL) 1290{
1267 { 1291 if (s != NULL) {
1268 if (s->cipher_list_by_id != NULL) 1292 if (s->cipher_list_by_id != NULL) {
1269 { 1293 return (s->cipher_list_by_id);
1270 return(s->cipher_list_by_id); 1294 } else if ((s->ctx != NULL) &&
1271 } 1295 (s->ctx->cipher_list_by_id != NULL)) {
1272 else if ((s->ctx != NULL) && 1296 return (s->ctx->cipher_list_by_id);
1273 (s->ctx->cipher_list_by_id != NULL))
1274 {
1275 return(s->ctx->cipher_list_by_id);
1276 }
1277 } 1297 }
1278 return(NULL);
1279 } 1298 }
1299 return (NULL);
1300}
1280 1301
1281/** The old interface to get the same thing as SSL_get_ciphers() */ 1302/** The old interface to get the same thing as SSL_get_ciphers() */
1282const char *SSL_get_cipher_list(const SSL *s,int n) 1303const char
1283 { 1304*SSL_get_cipher_list(const SSL *s, int n)
1305{
1284 SSL_CIPHER *c; 1306 SSL_CIPHER *c;
1285 STACK_OF(SSL_CIPHER) *sk; 1307 STACK_OF(SSL_CIPHER) *sk;
1286 1308
1287 if (s == NULL) return(NULL); 1309 if (s == NULL)
1288 sk=SSL_get_ciphers(s); 1310 return (NULL);
1311 sk = SSL_get_ciphers(s);
1289 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) 1312 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1290 return(NULL); 1313 return (NULL);
1291 c=sk_SSL_CIPHER_value(sk,n); 1314 c = sk_SSL_CIPHER_value(sk, n);
1292 if (c == NULL) return(NULL); 1315 if (c == NULL)
1293 return(c->name); 1316 return (NULL);
1294 } 1317 return (c->name);
1318}
1295 1319
1296/** specify the ciphers to be used by default by the SSL_CTX */ 1320/** specify the ciphers to be used by default by the SSL_CTX */
1297int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) 1321int
1298 { 1322SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1323{
1299 STACK_OF(SSL_CIPHER) *sk; 1324 STACK_OF(SSL_CIPHER) *sk;
1300 1325
1301 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, 1326 sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1302 &ctx->cipher_list_by_id,str); 1327 &ctx->cipher_list_by_id, str);
1303 /* ssl_create_cipher_list may return an empty stack if it 1328 /* ssl_create_cipher_list may return an empty stack if it
1304 * was unable to find a cipher matching the given rule string 1329 * was unable to find a cipher matching the given rule string
1305 * (for example if the rule string specifies a cipher which 1330 * (for example if the rule string specifies a cipher which
@@ -1309,35 +1334,35 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1309 * updated. */ 1334 * updated. */
1310 if (sk == NULL) 1335 if (sk == NULL)
1311 return 0; 1336 return 0;
1312 else if (sk_SSL_CIPHER_num(sk) == 0) 1337 else if (sk_SSL_CIPHER_num(sk) == 0) {
1313 {
1314 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1338 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1315 return 0; 1339 return 0;
1316 }
1317 return 1;
1318 } 1340 }
1341 return 1;
1342}
1319 1343
1320/** specify the ciphers to be used by the SSL */ 1344/** specify the ciphers to be used by the SSL */
1321int SSL_set_cipher_list(SSL *s,const char *str) 1345int
1322 { 1346SSL_set_cipher_list(SSL *s, const char *str)
1347{
1323 STACK_OF(SSL_CIPHER) *sk; 1348 STACK_OF(SSL_CIPHER) *sk;
1324 1349
1325 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, 1350 sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1326 &s->cipher_list_by_id,str); 1351 &s->cipher_list_by_id, str);
1327 /* see comment in SSL_CTX_set_cipher_list */ 1352 /* see comment in SSL_CTX_set_cipher_list */
1328 if (sk == NULL) 1353 if (sk == NULL)
1329 return 0; 1354 return 0;
1330 else if (sk_SSL_CIPHER_num(sk) == 0) 1355 else if (sk_SSL_CIPHER_num(sk) == 0) {
1331 {
1332 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1356 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1333 return 0; 1357 return 0;
1334 }
1335 return 1;
1336 } 1358 }
1359 return 1;
1360}
1337 1361
1338/* works well for SSLv2, not so good for SSLv3 */ 1362/* works well for SSLv2, not so good for SSLv3 */
1339char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) 1363char
1340 { 1364*SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1365{
1341 char *end; 1366 char *end;
1342 STACK_OF(SSL_CIPHER) *sk; 1367 STACK_OF(SSL_CIPHER) *sk;
1343 SSL_CIPHER *c; 1368 SSL_CIPHER *c;
@@ -1346,146 +1371,138 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1346 1371
1347 if ((s->session == NULL) || (s->session->ciphers == NULL) || 1372 if ((s->session == NULL) || (s->session->ciphers == NULL) ||
1348 (len < 2)) 1373 (len < 2))
1349 return(NULL); 1374 return (NULL);
1350 1375
1351 sk=s->session->ciphers; 1376 sk = s->session->ciphers;
1352 buf[0] = '\0'; 1377 buf[0] = '\0';
1353 for (i=0; i<sk_SSL_CIPHER_num(sk); i++) 1378 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1354 { 1379 c = sk_SSL_CIPHER_value(sk, i);
1355 c=sk_SSL_CIPHER_value(sk,i);
1356 end = buf + curlen; 1380 end = buf + curlen;
1357 if (strlcat(buf, c->name, len) >= len || 1381 if (strlcat(buf, c->name, len) >= len ||
1358 (curlen = strlcat(buf, ":", len)) >= len) 1382 (curlen = strlcat(buf, ":", len)) >= len) {
1359 {
1360 /* remove truncated cipher from list */ 1383 /* remove truncated cipher from list */
1361 *end = '\0'; 1384 *end = '\0';
1362 break; 1385 break;
1363 }
1364 } 1386 }
1387 }
1365 /* remove trailing colon */ 1388 /* remove trailing colon */
1366 if ((end = strrchr(buf, ':')) != NULL) 1389 if ((end = strrchr(buf, ':')) != NULL)
1367 *end = '\0'; 1390 *end = '\0';
1368 return(buf); 1391 return (buf);
1369 } 1392}
1370 1393
1371int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, 1394int
1372 int (*put_cb)(const SSL_CIPHER *, unsigned char *)) 1395ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
1373 { 1396 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1374 int i,j=0; 1397{
1398 int i, j = 0;
1375 SSL_CIPHER *c; 1399 SSL_CIPHER *c;
1376 unsigned char *q; 1400 unsigned char *q;
1377#ifndef OPENSSL_NO_KRB5 1401#ifndef OPENSSL_NO_KRB5
1378 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); 1402 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
1379#endif /* OPENSSL_NO_KRB5 */ 1403#endif /* OPENSSL_NO_KRB5 */
1380 1404
1381 if (sk == NULL) return(0); 1405 if (sk == NULL)
1382 q=p; 1406 return (0);
1407 q = p;
1383 1408
1384 for (i=0; i<sk_SSL_CIPHER_num(sk); i++) 1409 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1385 { 1410 c = sk_SSL_CIPHER_value(sk, i);
1386 c=sk_SSL_CIPHER_value(sk,i);
1387 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 1411 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1388 if ((c->algorithm_ssl & SSL_TLSV1_2) && 1412 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
1389 (TLS1_get_client_version(s) < TLS1_2_VERSION)) 1413 (TLS1_get_client_version(s) < TLS1_2_VERSION))
1390 continue; 1414 continue;
1391#ifndef OPENSSL_NO_KRB5 1415#ifndef OPENSSL_NO_KRB5
1392 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && 1416 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
1393 nokrb5) 1417 nokrb5)
1394 continue; 1418 continue;
1395#endif /* OPENSSL_NO_KRB5 */ 1419#endif /* OPENSSL_NO_KRB5 */
1396#ifndef OPENSSL_NO_PSK 1420#ifndef OPENSSL_NO_PSK
1397 /* with PSK there must be client callback set */ 1421 /* with PSK there must be client callback set */
1398 if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && 1422 if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
1399 s->psk_client_callback == NULL) 1423 s->psk_client_callback == NULL)
1400 continue; 1424 continue;
1401#endif /* OPENSSL_NO_PSK */ 1425#endif /* OPENSSL_NO_PSK */
1402 j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); 1426 j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p);
1403 p+=j; 1427 p += j;
1404 } 1428 }
1405 /* If p == q, no ciphers and caller indicates an error. Otherwise 1429 /* If p == q, no ciphers and caller indicates an error. Otherwise
1406 * add SCSV if not renegotiating. 1430 * add SCSV if not renegotiating.
1407 */ 1431 */
1408 if (p != q && !s->renegotiate) 1432 if (p != q && !s->renegotiate) {
1409 { 1433 static SSL_CIPHER scsv = {
1410 static SSL_CIPHER scsv =
1411 {
1412 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 1434 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
1413 }; 1435 };
1414 j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); 1436 j = put_cb ? put_cb(&scsv, p) : ssl_put_cipher_by_char(s, &scsv, p);
1415 p+=j; 1437 p += j;
1416#ifdef OPENSSL_RI_DEBUG 1438#ifdef OPENSSL_RI_DEBUG
1417 fprintf(stderr, "SCSV sent by client\n"); 1439 fprintf(stderr, "SCSV sent by client\n");
1418#endif 1440#endif
1419 }
1420
1421 return(p-q);
1422 } 1441 }
1423 1442
1424STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, 1443 return (p - q);
1425 STACK_OF(SSL_CIPHER) **skp) 1444}
1426 { 1445
1446STACK_OF(SSL_CIPHER)
1447*ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1448STACK_OF(SSL_CIPHER) **skp)
1449{
1427 const SSL_CIPHER *c; 1450 const SSL_CIPHER *c;
1428 STACK_OF(SSL_CIPHER) *sk; 1451 STACK_OF(SSL_CIPHER) *sk;
1429 int i,n; 1452 int i, n;
1430 if (s->s3) 1453 if (s->s3)
1431 s->s3->send_connection_binding = 0; 1454 s->s3->send_connection_binding = 0;
1432 1455
1433 n=ssl_put_cipher_by_char(s,NULL,NULL); 1456 n = ssl_put_cipher_by_char(s, NULL, NULL);
1434 if ((num%n) != 0) 1457 if ((num % n) != 0) {
1435 { 1458 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1436 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 1459 return (NULL);
1437 return(NULL); 1460 }
1438 }
1439 if ((skp == NULL) || (*skp == NULL)) 1461 if ((skp == NULL) || (*skp == NULL))
1440 sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ 1462 sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
1441 else 1463 else {
1442 {
1443 sk= *skp; 1464 sk= *skp;
1444 sk_SSL_CIPHER_zero(sk); 1465 sk_SSL_CIPHER_zero(sk);
1445 } 1466 }
1446 1467
1447 for (i=0; i<num; i+=n) 1468 for (i = 0; i < num; i += n) {
1448 {
1449 /* Check for SCSV */ 1469 /* Check for SCSV */
1450 if (s->s3 && (n != 3 || !p[0]) && 1470 if (s->s3 && (n != 3 || !p[0]) &&
1451 (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && 1471 (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
1452 (p[n-1] == (SSL3_CK_SCSV & 0xff))) 1472 (p[n - 1] == (SSL3_CK_SCSV & 0xff))) {
1453 {
1454 /* SCSV fatal if renegotiating */ 1473 /* SCSV fatal if renegotiating */
1455 if (s->renegotiate) 1474 if (s->renegotiate) {
1456 { 1475 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1457 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); 1476 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1458 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1477
1459 goto err; 1478 goto err;
1460 } 1479 }
1461 s->s3->send_connection_binding = 1; 1480 s->s3->send_connection_binding = 1;
1462 p += n; 1481 p += n;
1463#ifdef OPENSSL_RI_DEBUG 1482#ifdef OPENSSL_RI_DEBUG
1464 fprintf(stderr, "SCSV received by server\n"); 1483 fprintf(stderr, "SCSV received by server\n");
1465#endif 1484#endif
1466 continue; 1485 continue;
1467 } 1486 }
1468 1487
1469 c=ssl_get_cipher_by_char(s,p); 1488 c = ssl_get_cipher_by_char(s, p);
1470 p+=n; 1489 p += n;
1471 if (c != NULL) 1490 if (c != NULL) {
1472 { 1491 if (!sk_SSL_CIPHER_push(sk, c)) {
1473 if (!sk_SSL_CIPHER_push(sk,c)) 1492 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
1474 {
1475 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1476 goto err; 1493 goto err;
1477 }
1478 } 1494 }
1479 } 1495 }
1496 }
1480 1497
1481 if (skp != NULL) 1498 if (skp != NULL)
1482 *skp=sk; 1499 *skp = sk;
1483 return(sk); 1500 return (sk);
1484err: 1501err:
1485 if ((skp == NULL) || (*skp == NULL)) 1502 if ((skp == NULL) || (*skp == NULL))
1486 sk_SSL_CIPHER_free(sk); 1503 sk_SSL_CIPHER_free(sk);
1487 return(NULL); 1504 return (NULL);
1488 } 1505}
1489 1506
1490 1507
1491#ifndef OPENSSL_NO_TLSEXT 1508#ifndef OPENSSL_NO_TLSEXT
@@ -1493,22 +1510,24 @@ err:
1493 * So far, only host_name types are defined (RFC 3546). 1510 * So far, only host_name types are defined (RFC 3546).
1494 */ 1511 */
1495 1512
1496const char *SSL_get_servername(const SSL *s, const int type) 1513const char
1497 { 1514*SSL_get_servername(const SSL *s, const int type)
1515{
1498 if (type != TLSEXT_NAMETYPE_host_name) 1516 if (type != TLSEXT_NAMETYPE_host_name)
1499 return NULL; 1517 return NULL;
1500 1518
1501 return s->session && !s->tlsext_hostname ? 1519 return s->session && !s->tlsext_hostname ?
1502 s->session->tlsext_hostname : 1520 s->session->tlsext_hostname :
1503 s->tlsext_hostname; 1521 s->tlsext_hostname;
1504 } 1522}
1505 1523
1506int SSL_get_servername_type(const SSL *s) 1524int
1507 { 1525SSL_get_servername_type(const SSL *s)
1526{
1508 if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) 1527 if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
1509 return TLSEXT_NAMETYPE_host_name; 1528 return TLSEXT_NAMETYPE_host_name;
1510 return -1; 1529 return -1;
1511 } 1530}
1512 1531
1513# ifndef OPENSSL_NO_NEXTPROTONEG 1532# ifndef OPENSSL_NO_NEXTPROTONEG
1514/* SSL_select_next_proto implements the standard protocol selection. It is 1533/* SSL_select_next_proto implements the standard protocol selection. It is
@@ -1541,31 +1560,29 @@ int SSL_get_servername_type(const SSL *s)
1541 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or 1560 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1542 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. 1561 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1543 */ 1562 */
1544int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) 1563int
1545 { 1564SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len)
1565{
1546 unsigned int i, j; 1566 unsigned int i, j;
1547 const unsigned char *result; 1567 const unsigned char *result;
1548 int status = OPENSSL_NPN_UNSUPPORTED; 1568 int status = OPENSSL_NPN_UNSUPPORTED;
1549 1569
1550 /* For each protocol in server preference order, see if we support it. */ 1570 /* For each protocol in server preference order, see if we support it. */
1551 for (i = 0; i < server_len; ) 1571 for (i = 0; i < server_len; ) {
1552 { 1572 for (j = 0; j < client_len; ) {
1553 for (j = 0; j < client_len; )
1554 {
1555 if (server[i] == client[j] && 1573 if (server[i] == client[j] &&
1556 memcmp(&server[i+1], &client[j+1], server[i]) == 0) 1574 memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
1557 {
1558 /* We found a match */ 1575 /* We found a match */
1559 result = &server[i]; 1576 result = &server[i];
1560 status = OPENSSL_NPN_NEGOTIATED; 1577 status = OPENSSL_NPN_NEGOTIATED;
1561 goto found; 1578 goto found;
1562 } 1579 }
1563 j += client[j]; 1580 j += client[j];
1564 j++; 1581 j++;
1565 } 1582 }
1566 i += server[i]; 1583 i += server[i];
1567 i++; 1584 i++;
1568 } 1585 }
1569 1586
1570 /* There's no overlap between our protocols and the server's list. */ 1587 /* There's no overlap between our protocols and the server's list. */
1571 result = client; 1588 result = client;
@@ -1575,7 +1592,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi
1575 *out = (unsigned char *) result + 1; 1592 *out = (unsigned char *) result + 1;
1576 *outlen = result[0]; 1593 *outlen = result[0];
1577 return status; 1594 return status;
1578 } 1595}
1579 1596
1580/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's 1597/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
1581 * requested protocol for this connection and returns 0. If the client didn't 1598 * requested protocol for this connection and returns 0. If the client didn't
@@ -1585,8 +1602,9 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi
1585 * from this function need not be a member of the list of supported protocols 1602 * from this function need not be a member of the list of supported protocols
1586 * provided by the callback. 1603 * provided by the callback.
1587 */ 1604 */
1588void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) 1605void
1589 { 1606SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len)
1607{
1590 *data = s->next_proto_negotiated; 1608 *data = s->next_proto_negotiated;
1591 if (!*data) { 1609 if (!*data) {
1592 *len = 0; 1610 *len = 0;
@@ -1604,11 +1622,12 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, un
1604 * 1622 *
1605 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no 1623 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no
1606 * such extension will be included in the ServerHello. */ 1624 * such extension will be included in the ServerHello. */
1607void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) 1625void
1608 { 1626SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1627{
1609 ctx->next_protos_advertised_cb = cb; 1628 ctx->next_protos_advertised_cb = cb;
1610 ctx->next_protos_advertised_cb_arg = arg; 1629 ctx->next_protos_advertised_cb_arg = arg;
1611 } 1630}
1612 1631
1613/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a 1632/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
1614 * client needs to select a protocol from the server's provided list. |out| 1633 * client needs to select a protocol from the server's provided list. |out|
@@ -1620,183 +1639,186 @@ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, co
1620 * The client must select a protocol. It is fatal to the connection if this 1639 * The client must select a protocol. It is fatal to the connection if this
1621 * callback returns a value other than SSL_TLSEXT_ERR_OK. 1640 * callback returns a value other than SSL_TLSEXT_ERR_OK.
1622 */ 1641 */
1623void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) 1642void
1624 { 1643SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1644{
1625 ctx->next_proto_select_cb = cb; 1645 ctx->next_proto_select_cb = cb;
1626 ctx->next_proto_select_cb_arg = arg; 1646 ctx->next_proto_select_cb_arg = arg;
1627 } 1647}
1628# endif 1648# endif
1629#endif 1649#endif
1630 1650
1631int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1651int
1632 const char *label, size_t llen, const unsigned char *p, size_t plen, 1652SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1633 int use_context) 1653 const char *label, size_t llen, const unsigned char *p, size_t plen,
1634 { 1654int use_context)
1655{
1635 if (s->version < TLS1_VERSION) 1656 if (s->version < TLS1_VERSION)
1636 return -1; 1657 return -1;
1637 1658
1638 return s->method->ssl3_enc->export_keying_material(s, out, olen, label, 1659 return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
1639 llen, p, plen, 1660 llen, p, plen,
1640 use_context); 1661 use_context);
1641 } 1662}
1642 1663
1643static unsigned long ssl_session_hash(const SSL_SESSION *a) 1664static unsigned long
1644 { 1665ssl_session_hash(const SSL_SESSION *a)
1666{
1645 unsigned long l; 1667 unsigned long l;
1646 1668
1647 l=(unsigned long) 1669 l = (unsigned long)
1648 ((unsigned int) a->session_id[0] )| 1670 ((unsigned int) a->session_id[0] )|
1649 ((unsigned int) a->session_id[1]<< 8L)| 1671 ((unsigned int) a->session_id[1]<< 8L)|
1650 ((unsigned long)a->session_id[2]<<16L)| 1672 ((unsigned long)a->session_id[2]<<16L)|
1651 ((unsigned long)a->session_id[3]<<24L); 1673 ((unsigned long)a->session_id[3]<<24L);
1652 return(l); 1674 return (l);
1653 } 1675}
1654 1676
1655/* NB: If this function (or indeed the hash function which uses a sort of 1677/* NB: If this function (or indeed the hash function which uses a sort of
1656 * coarser function than this one) is changed, ensure 1678 * coarser function than this one) is changed, ensure
1657 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being 1679 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1658 * able to construct an SSL_SESSION that will collide with any existing session 1680 * able to construct an SSL_SESSION that will collide with any existing session
1659 * with a matching session ID. */ 1681 * with a matching session ID. */
1660static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) 1682static int
1661 { 1683ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
1684{
1662 if (a->ssl_version != b->ssl_version) 1685 if (a->ssl_version != b->ssl_version)
1663 return(1); 1686 return (1);
1664 if (a->session_id_length != b->session_id_length) 1687 if (a->session_id_length != b->session_id_length)
1665 return(1); 1688 return (1);
1666 return(memcmp(a->session_id,b->session_id,a->session_id_length)); 1689 return (memcmp(a->session_id, b->session_id, a->session_id_length));
1667 } 1690}
1668 1691
1669/* These wrapper functions should remain rather than redeclaring 1692/* These wrapper functions should remain rather than redeclaring
1670 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each 1693 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1671 * variable. The reason is that the functions aren't static, they're exposed via 1694 * variable. The reason is that the functions aren't static, they're exposed via
1672 * ssl.h. */ 1695 * ssl.h. */
1673static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) 1696static
1674static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) 1697IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
1698static
1699IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
1675 1700
1676SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) 1701SSL_CTX
1677 { 1702*SSL_CTX_new(const SSL_METHOD *meth)
1678 SSL_CTX *ret=NULL; 1703{
1704 SSL_CTX *ret = NULL;
1679 1705
1680 if (meth == NULL) 1706 if (meth == NULL) {
1681 { 1707 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
1682 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); 1708 return (NULL);
1683 return(NULL); 1709 }
1684 }
1685 1710
1686#ifdef OPENSSL_FIPS 1711#ifdef OPENSSL_FIPS
1687 if (FIPS_mode() && (meth->version < TLS1_VERSION)) 1712 if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
1688 {
1689 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 1713 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
1690 return NULL; 1714 return NULL;
1691 } 1715 }
1692#endif 1716#endif
1693 1717
1694 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) 1718 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1695 { 1719 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1696 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1697 goto err; 1720 goto err;
1698 } 1721 }
1699 ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); 1722 ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
1700 if (ret == NULL) 1723 if (ret == NULL)
1701 goto err; 1724 goto err;
1702 1725
1703 memset(ret,0,sizeof(SSL_CTX)); 1726 memset(ret, 0, sizeof(SSL_CTX));
1704 1727
1705 ret->method=meth; 1728 ret->method = meth;
1706 1729
1707 ret->cert_store=NULL; 1730 ret->cert_store = NULL;
1708 ret->session_cache_mode=SSL_SESS_CACHE_SERVER; 1731 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
1709 ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 1732 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1710 ret->session_cache_head=NULL; 1733 ret->session_cache_head = NULL;
1711 ret->session_cache_tail=NULL; 1734 ret->session_cache_tail = NULL;
1712 1735
1713 /* We take the system default */ 1736 /* We take the system default */
1714 ret->session_timeout=meth->get_timeout(); 1737 ret->session_timeout = meth->get_timeout();
1715 1738
1716 ret->new_session_cb=0; 1739 ret->new_session_cb = 0;
1717 ret->remove_session_cb=0; 1740 ret->remove_session_cb = 0;
1718 ret->get_session_cb=0; 1741 ret->get_session_cb = 0;
1719 ret->generate_session_id=0; 1742 ret->generate_session_id = 0;
1720 1743
1721 memset((char *)&ret->stats,0,sizeof(ret->stats)); 1744 memset((char *)&ret->stats, 0, sizeof(ret->stats));
1722 1745
1723 ret->references=1; 1746 ret->references = 1;
1724 ret->quiet_shutdown=0; 1747 ret->quiet_shutdown = 0;
1725 1748
1726/* ret->cipher=NULL;*/ 1749/* ret->cipher=NULL;*/
1727/* ret->s2->challenge=NULL; 1750/* ret->s2->challenge=NULL;
1728 ret->master_key=NULL; 1751 ret->master_key=NULL;
1729 ret->key_arg=NULL; 1752 ret->key_arg=NULL;
1730 ret->s2->conn_id=NULL; */ 1753 ret->s2->conn_id=NULL;
1754*/
1731 1755
1732 ret->info_callback=NULL; 1756 ret->info_callback = NULL;
1733 1757
1734 ret->app_verify_callback=0; 1758 ret->app_verify_callback = 0;
1735 ret->app_verify_arg=NULL; 1759 ret->app_verify_arg = NULL;
1736 1760
1737 ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; 1761 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
1738 ret->read_ahead=0; 1762 ret->read_ahead = 0;
1739 ret->msg_callback=0; 1763 ret->msg_callback = 0;
1740 ret->msg_callback_arg=NULL; 1764 ret->msg_callback_arg = NULL;
1741 ret->verify_mode=SSL_VERIFY_NONE; 1765 ret->verify_mode = SSL_VERIFY_NONE;
1742#if 0 1766#if 0
1743 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ 1767 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
1744#endif 1768#endif
1745 ret->sid_ctx_length=0; 1769 ret->sid_ctx_length = 0;
1746 ret->default_verify_callback=NULL; 1770 ret->default_verify_callback = NULL;
1747 if ((ret->cert=ssl_cert_new()) == NULL) 1771 if ((ret->cert = ssl_cert_new()) == NULL)
1748 goto err; 1772 goto err;
1749 1773
1750 ret->default_passwd_callback=0; 1774 ret->default_passwd_callback = 0;
1751 ret->default_passwd_callback_userdata=NULL; 1775 ret->default_passwd_callback_userdata = NULL;
1752 ret->client_cert_cb=0; 1776 ret->client_cert_cb = 0;
1753 ret->app_gen_cookie_cb=0; 1777 ret->app_gen_cookie_cb = 0;
1754 ret->app_verify_cookie_cb=0; 1778 ret->app_verify_cookie_cb = 0;
1755 1779
1756 ret->sessions=lh_SSL_SESSION_new(); 1780 ret->sessions = lh_SSL_SESSION_new();
1757 if (ret->sessions == NULL) goto err; 1781 if (ret->sessions == NULL)
1758 ret->cert_store=X509_STORE_new(); 1782 goto err;
1759 if (ret->cert_store == NULL) goto err; 1783 ret->cert_store = X509_STORE_new();
1784 if (ret->cert_store == NULL)
1785 goto err;
1760 1786
1761 ssl_create_cipher_list(ret->method, 1787 ssl_create_cipher_list(ret->method,
1762 &ret->cipher_list,&ret->cipher_list_by_id, 1788 &ret->cipher_list, &ret->cipher_list_by_id,
1763 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); 1789 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
1764 if (ret->cipher_list == NULL 1790 if (ret->cipher_list == NULL
1765 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) 1791 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1766 { 1792 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
1767 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
1768 goto err2; 1793 goto err2;
1769 } 1794 }
1770 1795
1771 ret->param = X509_VERIFY_PARAM_new(); 1796 ret->param = X509_VERIFY_PARAM_new();
1772 if (!ret->param) 1797 if (!ret->param)
1773 goto err; 1798 goto err;
1774 1799
1775 if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) 1800 if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) {
1776 { 1801 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1777 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1778 goto err2; 1802 goto err2;
1779 } 1803 }
1780 if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) 1804 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
1781 { 1805 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1782 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1783 goto err2; 1806 goto err2;
1784 } 1807 }
1785 if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL) 1808 if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
1786 { 1809 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1787 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1788 goto err2; 1810 goto err2;
1789 } 1811 }
1790 1812
1791 if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) 1813 if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
1792 goto err; 1814 goto err;
1793 1815
1794 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); 1816 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1795 1817
1796 ret->extra_certs=NULL; 1818 ret->extra_certs = NULL;
1797 /* No compression for DTLS */ 1819 /* No compression for DTLS */
1798 if (meth->version != DTLS1_VERSION) 1820 if (meth->version != DTLS1_VERSION)
1799 ret->comp_methods=SSL_COMP_get_compression_methods(); 1821 ret->comp_methods = SSL_COMP_get_compression_methods();
1800 1822
1801 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1823 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1802 1824
@@ -1806,8 +1828,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1806 /* Setup RFC4507 ticket keys */ 1828 /* Setup RFC4507 ticket keys */
1807 if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) 1829 if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
1808 || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) 1830 || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
1809 || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) 1831 || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
1810 ret->options |= SSL_OP_NO_TICKET; 1832 ret->options |= SSL_OP_NO_TICKET;
1811 1833
1812 ret->tlsext_status_cb = 0; 1834 ret->tlsext_status_cb = 0;
1813 ret->tlsext_status_arg = NULL; 1835 ret->tlsext_status_arg = NULL;
@@ -1818,9 +1840,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1818# endif 1840# endif
1819#endif 1841#endif
1820#ifndef OPENSSL_NO_PSK 1842#ifndef OPENSSL_NO_PSK
1821 ret->psk_identity_hint=NULL; 1843 ret->psk_identity_hint = NULL;
1822 ret->psk_client_callback=NULL; 1844 ret->psk_client_callback = NULL;
1823 ret->psk_server_callback=NULL; 1845 ret->psk_server_callback = NULL;
1824#endif 1846#endif
1825#ifndef OPENSSL_NO_SRP 1847#ifndef OPENSSL_NO_SRP
1826 SSL_CTX_SRP_CTX_init(ret); 1848 SSL_CTX_SRP_CTX_init(ret);
@@ -1834,11 +1856,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1834 ret->rbuf_freelist->len = 0; 1856 ret->rbuf_freelist->len = 0;
1835 ret->rbuf_freelist->head = NULL; 1857 ret->rbuf_freelist->head = NULL;
1836 ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); 1858 ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1837 if (!ret->wbuf_freelist) 1859 if (!ret->wbuf_freelist) {
1838 {
1839 OPENSSL_free(ret->rbuf_freelist); 1860 OPENSSL_free(ret->rbuf_freelist);
1840 goto err; 1861 goto err;
1841 } 1862 }
1842 ret->wbuf_freelist->chunklen = 0; 1863 ret->wbuf_freelist->chunklen = 0;
1843 ret->wbuf_freelist->len = 0; 1864 ret->wbuf_freelist->len = 0;
1844 ret->wbuf_freelist->head = NULL; 1865 ret->wbuf_freelist->head = NULL;
@@ -1850,16 +1871,15 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1850#define eng_str(x) eng_strx(x) 1871#define eng_str(x) eng_strx(x)
1851 /* Use specific client engine automatically... ignore errors */ 1872 /* Use specific client engine automatically... ignore errors */
1852 { 1873 {
1853 ENGINE *eng; 1874 ENGINE *eng;
1854 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1855 if (!eng)
1856 {
1857 ERR_clear_error();
1858 ENGINE_load_builtin_engines();
1859 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 1875 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1876 if (!eng) {
1877 ERR_clear_error();
1878 ENGINE_load_builtin_engines();
1879 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1860 } 1880 }
1861 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) 1881 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1862 ERR_clear_error(); 1882 ERR_clear_error();
1863 } 1883 }
1864#endif 1884#endif
1865#endif 1885#endif
@@ -1868,50 +1888,54 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1868 */ 1888 */
1869 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; 1889 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1870 1890
1871 return(ret); 1891 return (ret);
1872err: 1892err:
1873 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); 1893 SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
1874err2: 1894err2:
1875 if (ret != NULL) SSL_CTX_free(ret); 1895 if (ret != NULL)
1876 return(NULL); 1896 SSL_CTX_free(ret);
1877 } 1897 return (NULL);
1898}
1878 1899
1879#if 0 1900#if 0
1880static void SSL_COMP_free(SSL_COMP *comp) 1901static void
1881 { OPENSSL_free(comp); } 1902SSL_COMP_free(SSL_COMP *comp)
1903 { OPENSSL_free(comp);
1904}
1882#endif 1905#endif
1883 1906
1884#ifndef OPENSSL_NO_BUF_FREELISTS 1907#ifndef OPENSSL_NO_BUF_FREELISTS
1885static void 1908static void
1886ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) 1909ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
1887 { 1910{
1888 SSL3_BUF_FREELIST_ENTRY *ent, *next; 1911 SSL3_BUF_FREELIST_ENTRY *ent, *next;
1889 for (ent = list->head; ent; ent = next) 1912 for (ent = list->head; ent; ent = next) {
1890 {
1891 next = ent->next; 1913 next = ent->next;
1892 OPENSSL_free(ent); 1914 OPENSSL_free(ent);
1893 }
1894 OPENSSL_free(list);
1895 } 1915 }
1916 OPENSSL_free(list);
1917}
1896#endif 1918#endif
1897 1919
1898void SSL_CTX_free(SSL_CTX *a) 1920void
1899 { 1921SSL_CTX_free(SSL_CTX *a)
1922{
1900 int i; 1923 int i;
1901 1924
1902 if (a == NULL) return; 1925 if (a == NULL)
1926 return;
1903 1927
1904 i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); 1928 i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX);
1905#ifdef REF_PRINT 1929#ifdef REF_PRINT
1906 REF_PRINT("SSL_CTX",a); 1930 REF_PRINT("SSL_CTX", a);
1907#endif 1931#endif
1908 if (i > 0) return; 1932 if (i > 0)
1933 return;
1909#ifdef REF_CHECK 1934#ifdef REF_CHECK
1910 if (i < 0) 1935 if (i < 0) {
1911 { 1936 fprintf(stderr, "SSL_CTX_free, bad reference count\n");
1912 fprintf(stderr,"SSL_CTX_free, bad reference count\n");
1913 abort(); /* ok */ 1937 abort(); /* ok */
1914 } 1938 }
1915#endif 1939#endif
1916 1940
1917 if (a->param) 1941 if (a->param)
@@ -1927,7 +1951,7 @@ void SSL_CTX_free(SSL_CTX *a)
1927 * (See ticket [openssl.org #212].) 1951 * (See ticket [openssl.org #212].)
1928 */ 1952 */
1929 if (a->sessions != NULL) 1953 if (a->sessions != NULL)
1930 SSL_CTX_flush_sessions(a,0); 1954 SSL_CTX_flush_sessions(a, 0);
1931 1955
1932 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); 1956 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1933 1957
@@ -1943,19 +1967,19 @@ void SSL_CTX_free(SSL_CTX *a)
1943 if (a->cert != NULL) 1967 if (a->cert != NULL)
1944 ssl_cert_free(a->cert); 1968 ssl_cert_free(a->cert);
1945 if (a->client_CA != NULL) 1969 if (a->client_CA != NULL)
1946 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); 1970 sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
1947 if (a->extra_certs != NULL) 1971 if (a->extra_certs != NULL)
1948 sk_X509_pop_free(a->extra_certs,X509_free); 1972 sk_X509_pop_free(a->extra_certs, X509_free);
1949#if 0 /* This should never be done, since it removes a global database */ 1973#if 0 /* This should never be done, since it removes a global database */
1950 if (a->comp_methods != NULL) 1974 if (a->comp_methods != NULL)
1951 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); 1975 sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free);
1952#else 1976#else
1953 a->comp_methods = NULL; 1977 a->comp_methods = NULL;
1954#endif 1978#endif
1955 1979
1956#ifndef OPENSSL_NO_SRTP 1980#ifndef OPENSSL_NO_SRTP
1957 if (a->srtp_profiles) 1981 if (a->srtp_profiles)
1958 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); 1982 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
1959#endif 1983#endif
1960 1984
1961#ifndef OPENSSL_NO_PSK 1985#ifndef OPENSSL_NO_PSK
@@ -1978,42 +2002,48 @@ void SSL_CTX_free(SSL_CTX *a)
1978#endif 2002#endif
1979 2003
1980 OPENSSL_free(a); 2004 OPENSSL_free(a);
1981 } 2005}
1982 2006
1983void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) 2007void
1984 { 2008SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1985 ctx->default_passwd_callback=cb; 2009{
1986 } 2010 ctx->default_passwd_callback = cb;
2011}
1987 2012
1988void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) 2013void
1989 { 2014SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
1990 ctx->default_passwd_callback_userdata=u; 2015{
1991 } 2016 ctx->default_passwd_callback_userdata = u;
2017}
1992 2018
1993void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) 2019void
1994 { 2020SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg)
1995 ctx->app_verify_callback=cb; 2021{
1996 ctx->app_verify_arg=arg; 2022 ctx->app_verify_callback = cb;
1997 } 2023 ctx->app_verify_arg = arg;
2024}
1998 2025
1999void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) 2026void
2000 { 2027SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
2001 ctx->verify_mode=mode; 2028{
2002 ctx->default_verify_callback=cb; 2029 ctx->verify_mode = mode;
2003 } 2030 ctx->default_verify_callback = cb;
2031}
2004 2032
2005void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) 2033void
2006 { 2034SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
2035{
2007 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2036 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2008 } 2037}
2009 2038
2010void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) 2039void
2011 { 2040ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2041{
2012 CERT_PKEY *cpk; 2042 CERT_PKEY *cpk;
2013 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; 2043 int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
2014 int rsa_enc_export,dh_rsa_export,dh_dsa_export; 2044 int rsa_enc_export, dh_rsa_export, dh_dsa_export;
2015 int rsa_tmp_export,dh_tmp_export,kl; 2045 int rsa_tmp_export, dh_tmp_export, kl;
2016 unsigned long mask_k,mask_a,emask_k,emask_a; 2046 unsigned long mask_k, mask_a, emask_k, emask_a;
2017 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; 2047 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
2018#ifndef OPENSSL_NO_ECDH 2048#ifndef OPENSSL_NO_ECDH
2019 int have_ecdh_tmp; 2049 int have_ecdh_tmp;
@@ -2022,57 +2052,58 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2022 EVP_PKEY *ecc_pkey = NULL; 2052 EVP_PKEY *ecc_pkey = NULL;
2023 int signature_nid = 0, pk_nid = 0, md_nid = 0; 2053 int signature_nid = 0, pk_nid = 0, md_nid = 0;
2024 2054
2025 if (c == NULL) return; 2055 if (c == NULL)
2056 return;
2026 2057
2027 kl=SSL_C_EXPORT_PKEYLENGTH(cipher); 2058 kl = SSL_C_EXPORT_PKEYLENGTH(cipher);
2028 2059
2029#ifndef OPENSSL_NO_RSA 2060#ifndef OPENSSL_NO_RSA
2030 rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); 2061 rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
2031 rsa_tmp_export=(c->rsa_tmp_cb != NULL || 2062 rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
2032 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); 2063 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
2033#else 2064#else
2034 rsa_tmp=rsa_tmp_export=0; 2065 rsa_tmp = rsa_tmp_export = 0;
2035#endif 2066#endif
2036#ifndef OPENSSL_NO_DH 2067#ifndef OPENSSL_NO_DH
2037 dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); 2068 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
2038 dh_tmp_export=(c->dh_tmp_cb != NULL || 2069 dh_tmp_export = (c->dh_tmp_cb != NULL ||
2039 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); 2070 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
2040#else 2071#else
2041 dh_tmp=dh_tmp_export=0; 2072 dh_tmp = dh_tmp_export = 0;
2042#endif 2073#endif
2043 2074
2044#ifndef OPENSSL_NO_ECDH 2075#ifndef OPENSSL_NO_ECDH
2045 have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); 2076 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
2046#endif 2077#endif
2047 cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); 2078 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
2048 rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); 2079 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
2049 rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); 2080 rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2050 cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); 2081 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
2051 rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); 2082 rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
2052 cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); 2083 cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
2053 dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); 2084 dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
2054 cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); 2085 cpk = &(c->pkeys[SSL_PKEY_DH_RSA]);
2055 dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); 2086 dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
2056 dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); 2087 dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2057 cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); 2088 cpk = &(c->pkeys[SSL_PKEY_DH_DSA]);
2058/* FIX THIS EAY EAY EAY */ 2089/* FIX THIS EAY EAY EAY */
2059 dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); 2090 dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
2060 dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); 2091 dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2061 cpk= &(c->pkeys[SSL_PKEY_ECC]); 2092 cpk = &(c->pkeys[SSL_PKEY_ECC]);
2062 have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); 2093 have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
2063 mask_k=0; 2094 mask_k = 0;
2064 mask_a=0; 2095 mask_a = 0;
2065 emask_k=0; 2096 emask_k = 0;
2066 emask_a=0; 2097 emask_a = 0;
2098
2067 2099
2068
2069 2100
2070#ifdef CIPHER_DEBUG 2101#ifdef CIPHER_DEBUG
2071 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", 2102 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
2072 rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp, 2103 rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp,
2073 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); 2104 rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
2074#endif 2105#endif
2075 2106
2076 cpk = &(c->pkeys[SSL_PKEY_GOST01]); 2107 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2077 if (cpk->x509 != NULL && cpk->privatekey !=NULL) { 2108 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
2078 mask_k |= SSL_kGOST; 2109 mask_k |= SSL_kGOST;
@@ -2091,12 +2122,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2091 2122
2092#if 0 2123#if 0
2093 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ 2124 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
2094 if ( (dh_tmp || dh_rsa || dh_dsa) && 2125 if ((dh_tmp || dh_rsa || dh_dsa) &&
2095 (rsa_enc || rsa_sign || dsa_sign)) 2126 (rsa_enc || rsa_sign || dsa_sign))
2096 mask_k|=SSL_kEDH; 2127 mask_k|=SSL_kEDH;
2097 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && 2128 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
2098 (rsa_enc || rsa_sign || dsa_sign)) 2129 (rsa_enc || rsa_sign || dsa_sign))
2099 emask_k|=SSL_kEDH; 2130 emask_k|=SSL_kEDH;
2100#endif 2131#endif
2101 2132
2102 if (dh_tmp_export) 2133 if (dh_tmp_export)
@@ -2105,23 +2136,25 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2105 if (dh_tmp) 2136 if (dh_tmp)
2106 mask_k|=SSL_kEDH; 2137 mask_k|=SSL_kEDH;
2107 2138
2108 if (dh_rsa) mask_k|=SSL_kDHr; 2139 if (dh_rsa)
2109 if (dh_rsa_export) emask_k|=SSL_kDHr; 2140 mask_k|=SSL_kDHr;
2141 if (dh_rsa_export)
2142 emask_k|=SSL_kDHr;
2110 2143
2111 if (dh_dsa) mask_k|=SSL_kDHd; 2144 if (dh_dsa)
2112 if (dh_dsa_export) emask_k|=SSL_kDHd; 2145 mask_k|=SSL_kDHd;
2146 if (dh_dsa_export)
2147 emask_k|=SSL_kDHd;
2113 2148
2114 if (rsa_enc || rsa_sign) 2149 if (rsa_enc || rsa_sign) {
2115 {
2116 mask_a|=SSL_aRSA; 2150 mask_a|=SSL_aRSA;
2117 emask_a|=SSL_aRSA; 2151 emask_a|=SSL_aRSA;
2118 } 2152 }
2119 2153
2120 if (dsa_sign) 2154 if (dsa_sign) {
2121 {
2122 mask_a|=SSL_aDSS; 2155 mask_a|=SSL_aDSS;
2123 emask_a|=SSL_aDSS; 2156 emask_a|=SSL_aDSS;
2124 } 2157 }
2125 2158
2126 mask_a|=SSL_aNULL; 2159 mask_a|=SSL_aNULL;
2127 emask_a|=SSL_aNULL; 2160 emask_a|=SSL_aNULL;
@@ -2136,66 +2169,57 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2136 /* An ECC certificate may be usable for ECDH and/or 2169 /* An ECC certificate may be usable for ECDH and/or
2137 * ECDSA cipher suites depending on the key usage extension. 2170 * ECDSA cipher suites depending on the key usage extension.
2138 */ 2171 */
2139 if (have_ecc_cert) 2172 if (have_ecc_cert) {
2140 {
2141 /* This call populates extension flags (ex_flags) */ 2173 /* This call populates extension flags (ex_flags) */
2142 x = (c->pkeys[SSL_PKEY_ECC]).x509; 2174 x = (c->pkeys[SSL_PKEY_ECC]).x509;
2143 X509_check_purpose(x, -1, 0); 2175 X509_check_purpose(x, -1, 0);
2144 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2176 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2145 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; 2177 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
2146 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2178 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2147 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; 2179 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
2148 ecc_pkey = X509_get_pubkey(x); 2180 ecc_pkey = X509_get_pubkey(x);
2149 ecc_pkey_size = (ecc_pkey != NULL) ? 2181 ecc_pkey_size = (ecc_pkey != NULL) ?
2150 EVP_PKEY_bits(ecc_pkey) : 0; 2182 EVP_PKEY_bits(ecc_pkey) : 0;
2151 EVP_PKEY_free(ecc_pkey); 2183 EVP_PKEY_free(ecc_pkey);
2152 if ((x->sig_alg) && (x->sig_alg->algorithm)) 2184 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2153 {
2154 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2185 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2155 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2186 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2156 } 2187 }
2157#ifndef OPENSSL_NO_ECDH 2188#ifndef OPENSSL_NO_ECDH
2158 if (ecdh_ok) 2189 if (ecdh_ok) {
2159 {
2160 2190
2161 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) 2191 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
2162 {
2163 mask_k|=SSL_kECDHr; 2192 mask_k|=SSL_kECDHr;
2164 mask_a|=SSL_aECDH; 2193 mask_a|=SSL_aECDH;
2165 if (ecc_pkey_size <= 163) 2194 if (ecc_pkey_size <= 163) {
2166 {
2167 emask_k|=SSL_kECDHr; 2195 emask_k|=SSL_kECDHr;
2168 emask_a|=SSL_aECDH; 2196 emask_a|=SSL_aECDH;
2169 }
2170 } 2197 }
2198 }
2171 2199
2172 if (pk_nid == NID_X9_62_id_ecPublicKey) 2200 if (pk_nid == NID_X9_62_id_ecPublicKey) {
2173 {
2174 mask_k|=SSL_kECDHe; 2201 mask_k|=SSL_kECDHe;
2175 mask_a|=SSL_aECDH; 2202 mask_a|=SSL_aECDH;
2176 if (ecc_pkey_size <= 163) 2203 if (ecc_pkey_size <= 163) {
2177 {
2178 emask_k|=SSL_kECDHe; 2204 emask_k|=SSL_kECDHe;
2179 emask_a|=SSL_aECDH; 2205 emask_a|=SSL_aECDH;
2180 }
2181 } 2206 }
2182 } 2207 }
2208 }
2183#endif 2209#endif
2184#ifndef OPENSSL_NO_ECDSA 2210#ifndef OPENSSL_NO_ECDSA
2185 if (ecdsa_ok) 2211 if (ecdsa_ok) {
2186 {
2187 mask_a|=SSL_aECDSA; 2212 mask_a|=SSL_aECDSA;
2188 emask_a|=SSL_aECDSA; 2213 emask_a|=SSL_aECDSA;
2189 }
2190#endif
2191 } 2214 }
2215#endif
2216 }
2192 2217
2193#ifndef OPENSSL_NO_ECDH 2218#ifndef OPENSSL_NO_ECDH
2194 if (have_ecdh_tmp) 2219 if (have_ecdh_tmp) {
2195 {
2196 mask_k|=SSL_kEECDH; 2220 mask_k|=SSL_kEECDH;
2197 emask_k|=SSL_kEECDH; 2221 emask_k|=SSL_kEECDH;
2198 } 2222 }
2199#endif 2223#endif
2200 2224
2201#ifndef OPENSSL_NO_PSK 2225#ifndef OPENSSL_NO_PSK
@@ -2205,12 +2229,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2205 emask_a |= SSL_aPSK; 2229 emask_a |= SSL_aPSK;
2206#endif 2230#endif
2207 2231
2208 c->mask_k=mask_k; 2232 c->mask_k = mask_k;
2209 c->mask_a=mask_a; 2233 c->mask_a = mask_a;
2210 c->export_mask_k=emask_k; 2234 c->export_mask_k = emask_k;
2211 c->export_mask_a=emask_a; 2235 c->export_mask_a = emask_a;
2212 c->valid=1; 2236 c->valid = 1;
2213 } 2237}
2214 2238
2215/* This handy macro borrowed from crypto/x509v3/v3_purp.c */ 2239/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
2216#define ku_reject(x, usage) \ 2240#define ku_reject(x, usage) \
@@ -2218,8 +2242,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2218 2242
2219#ifndef OPENSSL_NO_EC 2243#ifndef OPENSSL_NO_EC
2220 2244
2221int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 2245int
2222 { 2246ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2247{
2223 unsigned long alg_k, alg_a; 2248 unsigned long alg_k, alg_a;
2224 EVP_PKEY *pkey = NULL; 2249 EVP_PKEY *pkey = NULL;
2225 int keysize = 0; 2250 int keysize = 0;
@@ -2229,81 +2254,74 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2229 alg_k = cs->algorithm_mkey; 2254 alg_k = cs->algorithm_mkey;
2230 alg_a = cs->algorithm_auth; 2255 alg_a = cs->algorithm_auth;
2231 2256
2232 if (SSL_C_IS_EXPORT(cs)) 2257 if (SSL_C_IS_EXPORT(cs)) {
2233 {
2234 /* ECDH key length in export ciphers must be <= 163 bits */ 2258 /* ECDH key length in export ciphers must be <= 163 bits */
2235 pkey = X509_get_pubkey(x); 2259 pkey = X509_get_pubkey(x);
2236 if (pkey == NULL) return 0; 2260 if (pkey == NULL)
2261 return 0;
2237 keysize = EVP_PKEY_bits(pkey); 2262 keysize = EVP_PKEY_bits(pkey);
2238 EVP_PKEY_free(pkey); 2263 EVP_PKEY_free(pkey);
2239 if (keysize > 163) return 0; 2264 if (keysize > 163)
2240 } 2265 return 0;
2266 }
2241 2267
2242 /* This call populates the ex_flags field correctly */ 2268 /* This call populates the ex_flags field correctly */
2243 X509_check_purpose(x, -1, 0); 2269 X509_check_purpose(x, -1, 0);
2244 if ((x->sig_alg) && (x->sig_alg->algorithm)) 2270 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2245 {
2246 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2271 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2247 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2272 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2248 } 2273 }
2249 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) 2274 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
2250 {
2251 /* key usage, if present, must allow key agreement */ 2275 /* key usage, if present, must allow key agreement */
2252 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) 2276 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
2253 {
2254 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); 2277 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2255 return 0; 2278 return 0;
2256 } 2279 }
2257 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) 2280 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) {
2258 {
2259 /* signature alg must be ECDSA */ 2281 /* signature alg must be ECDSA */
2260 if (pk_nid != NID_X9_62_id_ecPublicKey) 2282 if (pk_nid != NID_X9_62_id_ecPublicKey) {
2261 {
2262 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); 2283 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2263 return 0; 2284 return 0;
2264 }
2265 } 2285 }
2266 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) 2286 }
2267 { 2287 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) {
2268 /* signature alg must be RSA */ 2288 /* signature alg must be RSA */
2269 2289
2270 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) 2290 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
2271 {
2272 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); 2291 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2273 return 0; 2292 return 0;
2274 }
2275 } 2293 }
2276 } 2294 }
2277 if (alg_a & SSL_aECDSA) 2295 }
2278 { 2296 if (alg_a & SSL_aECDSA) {
2279 /* key usage, if present, must allow signing */ 2297 /* key usage, if present, must allow signing */
2280 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) 2298 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
2281 {
2282 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); 2299 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2283 return 0; 2300 return 0;
2284 }
2285 } 2301 }
2286
2287 return 1; /* all checks are ok */
2288 } 2302 }
2289 2303
2304 return 1;
2305 /* all checks are ok */
2306}
2307
2290#endif 2308#endif
2291 2309
2292/* THIS NEEDS CLEANING UP */ 2310/* THIS NEEDS CLEANING UP */
2293CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) 2311CERT_PKEY
2294 { 2312*ssl_get_server_send_pkey(const SSL *s)
2295 unsigned long alg_k,alg_a; 2313{
2314 unsigned long alg_k, alg_a;
2296 CERT *c; 2315 CERT *c;
2297 int i; 2316 int i;
2298 2317
2299 c=s->cert; 2318 c = s->cert;
2300 ssl_set_cert_masks(c, s->s3->tmp.new_cipher); 2319 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
2301 2320
2302 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2321 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2303 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 2322 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2304 2323
2305 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) 2324 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
2306 {
2307 /* we don't need to look at SSL_kEECDH 2325 /* we don't need to look at SSL_kEECDH
2308 * since no certificate is needed for 2326 * since no certificate is needed for
2309 * anon ECDH and for authenticated 2327 * anon ECDH and for authenticated
@@ -2315,171 +2333,162 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
2315 * checks for SSL_kECDH before RSA 2333 * checks for SSL_kECDH before RSA
2316 * checks ensures the correct cert is chosen. 2334 * checks ensures the correct cert is chosen.
2317 */ 2335 */
2318 i=SSL_PKEY_ECC; 2336 i = SSL_PKEY_ECC;
2319 } 2337 } else if (alg_a & SSL_aECDSA) {
2320 else if (alg_a & SSL_aECDSA) 2338 i = SSL_PKEY_ECC;
2321 { 2339 } else if (alg_k & SSL_kDHr)
2322 i=SSL_PKEY_ECC; 2340 i = SSL_PKEY_DH_RSA;
2323 }
2324 else if (alg_k & SSL_kDHr)
2325 i=SSL_PKEY_DH_RSA;
2326 else if (alg_k & SSL_kDHd) 2341 else if (alg_k & SSL_kDHd)
2327 i=SSL_PKEY_DH_DSA; 2342 i = SSL_PKEY_DH_DSA;
2328 else if (alg_a & SSL_aDSS) 2343 else if (alg_a & SSL_aDSS)
2329 i=SSL_PKEY_DSA_SIGN; 2344 i = SSL_PKEY_DSA_SIGN;
2330 else if (alg_a & SSL_aRSA) 2345 else if (alg_a & SSL_aRSA) {
2331 {
2332 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) 2346 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
2333 i=SSL_PKEY_RSA_SIGN; 2347 i = SSL_PKEY_RSA_SIGN;
2334 else 2348 else
2335 i=SSL_PKEY_RSA_ENC; 2349 i = SSL_PKEY_RSA_ENC;
2336 } 2350 } else if (alg_a & SSL_aKRB5) {
2337 else if (alg_a & SSL_aKRB5)
2338 {
2339 /* VRS something else here? */ 2351 /* VRS something else here? */
2340 return(NULL); 2352 return (NULL);
2341 } 2353 } else if (alg_a & SSL_aGOST94)
2342 else if (alg_a & SSL_aGOST94) 2354 i = SSL_PKEY_GOST94;
2343 i=SSL_PKEY_GOST94;
2344 else if (alg_a & SSL_aGOST01) 2355 else if (alg_a & SSL_aGOST01)
2345 i=SSL_PKEY_GOST01; 2356 i = SSL_PKEY_GOST01;
2346 else /* if (alg_a & SSL_aNULL) */ 2357 else /* if (alg_a & SSL_aNULL) */
2347 { 2358 {
2348 SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); 2359 SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR);
2349 return(NULL); 2360 return (NULL);
2350 } 2361 }
2351 2362
2352 return c->pkeys + i; 2363 return c->pkeys + i;
2353 } 2364}
2354 2365
2355X509 *ssl_get_server_send_cert(const SSL *s) 2366X509
2356 { 2367*ssl_get_server_send_cert(const SSL *s)
2368{
2357 CERT_PKEY *cpk; 2369 CERT_PKEY *cpk;
2358 cpk = ssl_get_server_send_pkey(s); 2370 cpk = ssl_get_server_send_pkey(s);
2359 if (!cpk) 2371 if (!cpk)
2360 return NULL; 2372 return NULL;
2361 return cpk->x509; 2373 return cpk->x509;
2362 } 2374}
2363 2375
2364EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) 2376EVP_PKEY
2365 { 2377*ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
2378{
2366 unsigned long alg_a; 2379 unsigned long alg_a;
2367 CERT *c; 2380 CERT *c;
2368 int idx = -1; 2381 int idx = -1;
2369 2382
2370 alg_a = cipher->algorithm_auth; 2383 alg_a = cipher->algorithm_auth;
2371 c=s->cert; 2384 c = s->cert;
2372 2385
2373 if ((alg_a & SSL_aDSS) && 2386 if ((alg_a & SSL_aDSS) &&
2374 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) 2387 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2375 idx = SSL_PKEY_DSA_SIGN; 2388 idx = SSL_PKEY_DSA_SIGN;
2376 else if (alg_a & SSL_aRSA) 2389 else if (alg_a & SSL_aRSA) {
2377 {
2378 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) 2390 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2379 idx = SSL_PKEY_RSA_SIGN; 2391 idx = SSL_PKEY_RSA_SIGN;
2380 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) 2392 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2381 idx = SSL_PKEY_RSA_ENC; 2393 idx = SSL_PKEY_RSA_ENC;
2382 } 2394 } else if ((alg_a & SSL_aECDSA) &&
2383 else if ((alg_a & SSL_aECDSA) && 2395 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2384 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) 2396 idx = SSL_PKEY_ECC;
2385 idx = SSL_PKEY_ECC; 2397 if (idx == -1) {
2386 if (idx == -1) 2398 SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
2387 { 2399 return (NULL);
2388 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); 2400 }
2389 return(NULL);
2390 }
2391 if (pmd) 2401 if (pmd)
2392 *pmd = c->pkeys[idx].digest; 2402 *pmd = c->pkeys[idx].digest;
2393 return c->pkeys[idx].privatekey; 2403 return c->pkeys[idx].privatekey;
2394 } 2404}
2395 2405
2396void ssl_update_cache(SSL *s,int mode) 2406void
2397 { 2407ssl_update_cache(SSL *s, int mode)
2408{
2398 int i; 2409 int i;
2399 2410
2400 /* If the session_id_length is 0, we are not supposed to cache it, 2411 /* If the session_id_length is 0, we are not supposed to cache it,
2401 * and it would be rather hard to do anyway :-) */ 2412 * and it would be rather hard to do anyway :-) */
2402 if (s->session->session_id_length == 0) return; 2413 if (s->session->session_id_length == 0)
2414 return;
2403 2415
2404 i=s->session_ctx->session_cache_mode; 2416 i = s->session_ctx->session_cache_mode;
2405 if ((i & mode) && (!s->hit) 2417 if ((i & mode) && (!s->hit)
2406 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) 2418 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2407 || SSL_CTX_add_session(s->session_ctx,s->session)) 2419 || SSL_CTX_add_session(s->session_ctx, s->session))
2408 && (s->session_ctx->new_session_cb != NULL)) 2420 && (s->session_ctx->new_session_cb != NULL)) {
2409 { 2421 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2410 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); 2422 if (!s->session_ctx->new_session_cb(s, s->session))
2411 if (!s->session_ctx->new_session_cb(s,s->session))
2412 SSL_SESSION_free(s->session); 2423 SSL_SESSION_free(s->session);
2413 } 2424 }
2414 2425
2415 /* auto flush every 255 connections */ 2426 /* auto flush every 255 connections */
2416 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && 2427 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2417 ((i & mode) == mode)) 2428 ((i & mode) == mode)) {
2418 { 2429 if ((((mode & SSL_SESS_CACHE_CLIENT)
2419 if ( (((mode & SSL_SESS_CACHE_CLIENT)
2420 ?s->session_ctx->stats.sess_connect_good 2430 ?s->session_ctx->stats.sess_connect_good
2421 :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) 2431 :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
2422 {
2423 SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); 2432 SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
2424 }
2425 } 2433 }
2426 } 2434 }
2435}
2427 2436
2428const SSL_METHOD *SSL_get_ssl_method(SSL *s) 2437const SSL_METHOD
2429 { 2438*SSL_get_ssl_method(SSL *s)
2430 return(s->method); 2439{
2431 } 2440 return (s->method);
2441}
2432 2442
2433int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) 2443int
2434 { 2444SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2435 int conn= -1; 2445{
2436 int ret=1; 2446 int conn = -1;
2447 int ret = 1;
2437 2448
2438 if (s->method != meth) 2449 if (s->method != meth) {
2439 {
2440 if (s->handshake_func != NULL) 2450 if (s->handshake_func != NULL)
2441 conn=(s->handshake_func == s->method->ssl_connect); 2451 conn = (s->handshake_func == s->method->ssl_connect);
2442 2452
2443 if (s->method->version == meth->version) 2453 if (s->method->version == meth->version)
2444 s->method=meth; 2454 s->method = meth;
2445 else 2455 else {
2446 {
2447 s->method->ssl_free(s); 2456 s->method->ssl_free(s);
2448 s->method=meth; 2457 s->method = meth;
2449 ret=s->method->ssl_new(s); 2458 ret = s->method->ssl_new(s);
2450 } 2459 }
2451 2460
2452 if (conn == 1) 2461 if (conn == 1)
2453 s->handshake_func=meth->ssl_connect; 2462 s->handshake_func = meth->ssl_connect;
2454 else if (conn == 0) 2463 else if (conn == 0)
2455 s->handshake_func=meth->ssl_accept; 2464 s->handshake_func = meth->ssl_accept;
2456 }
2457 return(ret);
2458 } 2465 }
2466 return (ret);
2467}
2459 2468
2460int SSL_get_error(const SSL *s,int i) 2469int
2461 { 2470SSL_get_error(const SSL *s, int i)
2471{
2462 int reason; 2472 int reason;
2463 unsigned long l; 2473 unsigned long l;
2464 BIO *bio; 2474 BIO *bio;
2465 2475
2466 if (i > 0) return(SSL_ERROR_NONE); 2476 if (i > 0)
2477 return (SSL_ERROR_NONE);
2467 2478
2468 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake 2479 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2469 * etc, where we do encode the error */ 2480 * etc, where we do encode the error */
2470 if ((l=ERR_peek_error()) != 0) 2481 if ((l = ERR_peek_error()) != 0) {
2471 {
2472 if (ERR_GET_LIB(l) == ERR_LIB_SYS) 2482 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2473 return(SSL_ERROR_SYSCALL); 2483 return (SSL_ERROR_SYSCALL);
2474 else 2484 else
2475 return(SSL_ERROR_SSL); 2485 return (SSL_ERROR_SSL);
2476 } 2486 }
2477 2487
2478 if ((i < 0) && SSL_want_read(s)) 2488 if ((i < 0) && SSL_want_read(s)) {
2479 { 2489 bio = SSL_get_rbio(s);
2480 bio=SSL_get_rbio(s);
2481 if (BIO_should_read(bio)) 2490 if (BIO_should_read(bio))
2482 return(SSL_ERROR_WANT_READ); 2491 return (SSL_ERROR_WANT_READ);
2483 else if (BIO_should_write(bio)) 2492 else if (BIO_should_write(bio))
2484 /* This one doesn't make too much sense ... We never try 2493 /* This one doesn't make too much sense ... We never try
2485 * to write to the rbio, and an application program where 2494 * to write to the rbio, and an application program where
@@ -2490,131 +2499,129 @@ int SSL_get_error(const SSL *s,int i)
2490 * SSL_want_write(s)) and rbio and wbio *are* the same, 2499 * SSL_want_write(s)) and rbio and wbio *are* the same,
2491 * this test works around that bug; so it might be safer 2500 * this test works around that bug; so it might be safer
2492 * to keep it. */ 2501 * to keep it. */
2493 return(SSL_ERROR_WANT_WRITE); 2502 return (SSL_ERROR_WANT_WRITE);
2494 else if (BIO_should_io_special(bio)) 2503 else if (BIO_should_io_special(bio)) {
2495 { 2504 reason = BIO_get_retry_reason(bio);
2496 reason=BIO_get_retry_reason(bio);
2497 if (reason == BIO_RR_CONNECT) 2505 if (reason == BIO_RR_CONNECT)
2498 return(SSL_ERROR_WANT_CONNECT); 2506 return (SSL_ERROR_WANT_CONNECT);
2499 else if (reason == BIO_RR_ACCEPT) 2507 else if (reason == BIO_RR_ACCEPT)
2500 return(SSL_ERROR_WANT_ACCEPT); 2508 return (SSL_ERROR_WANT_ACCEPT);
2501 else 2509 else
2502 return(SSL_ERROR_SYSCALL); /* unknown */ 2510 return(SSL_ERROR_SYSCALL); /* unknown */
2503 }
2504 } 2511 }
2512 }
2505 2513
2506 if ((i < 0) && SSL_want_write(s)) 2514 if ((i < 0) && SSL_want_write(s)) {
2507 { 2515 bio = SSL_get_wbio(s);
2508 bio=SSL_get_wbio(s);
2509 if (BIO_should_write(bio)) 2516 if (BIO_should_write(bio))
2510 return(SSL_ERROR_WANT_WRITE); 2517 return (SSL_ERROR_WANT_WRITE);
2511 else if (BIO_should_read(bio)) 2518 else if (BIO_should_read(bio))
2512 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ 2519 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
2513 return(SSL_ERROR_WANT_READ); 2520 return (SSL_ERROR_WANT_READ);
2514 else if (BIO_should_io_special(bio)) 2521 else if (BIO_should_io_special(bio)) {
2515 { 2522 reason = BIO_get_retry_reason(bio);
2516 reason=BIO_get_retry_reason(bio);
2517 if (reason == BIO_RR_CONNECT) 2523 if (reason == BIO_RR_CONNECT)
2518 return(SSL_ERROR_WANT_CONNECT); 2524 return (SSL_ERROR_WANT_CONNECT);
2519 else if (reason == BIO_RR_ACCEPT) 2525 else if (reason == BIO_RR_ACCEPT)
2520 return(SSL_ERROR_WANT_ACCEPT); 2526 return (SSL_ERROR_WANT_ACCEPT);
2521 else 2527 else
2522 return(SSL_ERROR_SYSCALL); 2528 return (SSL_ERROR_SYSCALL);
2523 }
2524 }
2525 if ((i < 0) && SSL_want_x509_lookup(s))
2526 {
2527 return(SSL_ERROR_WANT_X509_LOOKUP);
2528 } 2529 }
2530 }
2531 if ((i < 0) && SSL_want_x509_lookup(s)) {
2532 return (SSL_ERROR_WANT_X509_LOOKUP);
2533 }
2529 2534
2530 if (i == 0) 2535 if (i == 0) {
2531 { 2536 if (s->version == SSL2_VERSION) {
2532 if (s->version == SSL2_VERSION)
2533 {
2534 /* assume it is the socket being closed */ 2537 /* assume it is the socket being closed */
2535 return(SSL_ERROR_ZERO_RETURN); 2538 return (SSL_ERROR_ZERO_RETURN);
2536 } 2539 } else {
2537 else
2538 {
2539 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && 2540 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2540 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) 2541 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2541 return(SSL_ERROR_ZERO_RETURN); 2542 return (SSL_ERROR_ZERO_RETURN);
2542 }
2543 } 2543 }
2544 return(SSL_ERROR_SYSCALL);
2545 } 2544 }
2545 return (SSL_ERROR_SYSCALL);
2546}
2546 2547
2547int SSL_do_handshake(SSL *s) 2548int
2548 { 2549SSL_do_handshake(SSL *s)
2549 int ret=1; 2550{
2551 int ret = 1;
2550 2552
2551 if (s->handshake_func == NULL) 2553 if (s->handshake_func == NULL) {
2552 { 2554 SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
2553 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); 2555 return (-1);
2554 return(-1); 2556 }
2555 }
2556 2557
2557 s->method->ssl_renegotiate_check(s); 2558 s->method->ssl_renegotiate_check(s);
2558 2559
2559 if (SSL_in_init(s) || SSL_in_before(s)) 2560 if (SSL_in_init(s) || SSL_in_before(s)) {
2560 { 2561 ret = s->handshake_func(s);
2561 ret=s->handshake_func(s);
2562 }
2563 return(ret);
2564 } 2562 }
2563 return (ret);
2564}
2565 2565
2566/* For the next 2 functions, SSL_clear() sets shutdown and so 2566/* For the next 2 functions, SSL_clear() sets shutdown and so
2567 * one of these calls will reset it */ 2567 * one of these calls will reset it */
2568void SSL_set_accept_state(SSL *s) 2568void
2569 { 2569SSL_set_accept_state(SSL *s)
2570 s->server=1; 2570{
2571 s->shutdown=0; 2571 s->server = 1;
2572 s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; 2572 s->shutdown = 0;
2573 s->handshake_func=s->method->ssl_accept; 2573 s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2574 s->handshake_func = s->method->ssl_accept;
2574 /* clear the current cipher */ 2575 /* clear the current cipher */
2575 ssl_clear_cipher_ctx(s); 2576 ssl_clear_cipher_ctx(s);
2576 ssl_clear_hash_ctx(&s->read_hash); 2577 ssl_clear_hash_ctx(&s->read_hash);
2577 ssl_clear_hash_ctx(&s->write_hash); 2578 ssl_clear_hash_ctx(&s->write_hash);
2578 } 2579}
2579 2580
2580void SSL_set_connect_state(SSL *s) 2581void
2581 { 2582SSL_set_connect_state(SSL *s)
2582 s->server=0; 2583{
2583 s->shutdown=0; 2584 s->server = 0;
2584 s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; 2585 s->shutdown = 0;
2585 s->handshake_func=s->method->ssl_connect; 2586 s->state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2587 s->handshake_func = s->method->ssl_connect;
2586 /* clear the current cipher */ 2588 /* clear the current cipher */
2587 ssl_clear_cipher_ctx(s); 2589 ssl_clear_cipher_ctx(s);
2588 ssl_clear_hash_ctx(&s->read_hash); 2590 ssl_clear_hash_ctx(&s->read_hash);
2589 ssl_clear_hash_ctx(&s->write_hash); 2591 ssl_clear_hash_ctx(&s->write_hash);
2590 } 2592}
2591 2593
2592int ssl_undefined_function(SSL *s) 2594int
2593 { 2595ssl_undefined_function(SSL *s)
2594 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2596{
2595 return(0); 2597 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2596 } 2598 return (0);
2599}
2597 2600
2598int ssl_undefined_void_function(void) 2601int
2599 { 2602ssl_undefined_void_function(void)
2600 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2603{
2601 return(0); 2604 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2602 } 2605 return (0);
2606}
2603 2607
2604int ssl_undefined_const_function(const SSL *s) 2608int
2605 { 2609ssl_undefined_const_function(const SSL *s)
2606 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2610{
2607 return(0); 2611 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2608 } 2612 return (0);
2613}
2609 2614
2610SSL_METHOD *ssl_bad_method(int ver) 2615SSL_METHOD
2611 { 2616*ssl_bad_method(int ver)
2612 SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2617{
2613 return(NULL); 2618 SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2614 } 2619 return (NULL);
2620}
2615 2621
2616const char *SSL_get_version(const SSL *s) 2622const char
2617 { 2623*SSL_get_version(const SSL *s)
2624{
2618 if (s->version == TLS1_2_VERSION) 2625 if (s->version == TLS1_2_VERSION)
2619 return("TLSv1.2"); 2626 return("TLSv1.2");
2620 else if (s->version == TLS1_1_VERSION) 2627 else if (s->version == TLS1_1_VERSION)
@@ -2627,29 +2634,27 @@ const char *SSL_get_version(const SSL *s)
2627 return("SSLv2"); 2634 return("SSLv2");
2628 else 2635 else
2629 return("unknown"); 2636 return("unknown");
2630 } 2637}
2631 2638
2632SSL *SSL_dup(SSL *s) 2639SSL
2633 { 2640*SSL_dup(SSL *s)
2641{
2634 STACK_OF(X509_NAME) *sk; 2642 STACK_OF(X509_NAME) *sk;
2635 X509_NAME *xn; 2643 X509_NAME *xn;
2636 SSL *ret; 2644 SSL *ret;
2637 int i; 2645 int i;
2638 2646
2639 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) 2647 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2640 return(NULL); 2648 return (NULL);
2641 2649
2642 ret->version = s->version; 2650 ret->version = s->version;
2643 ret->type = s->type; 2651 ret->type = s->type;
2644 ret->method = s->method; 2652 ret->method = s->method;
2645 2653
2646 if (s->session != NULL) 2654 if (s->session != NULL) {
2647 {
2648 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ 2655 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
2649 SSL_copy_session_id(ret,s); 2656 SSL_copy_session_id(ret, s);
2650 } 2657 } else {
2651 else
2652 {
2653 /* No session has been established yet, so we have to expect 2658 /* No session has been established yet, so we have to expect
2654 * that s->cert or ret->cert will be changed later -- 2659 * that s->cert or ret->cert will be changed later --
2655 * they should not both point to the same object, 2660 * they should not both point to the same object,
@@ -2659,56 +2664,50 @@ SSL *SSL_dup(SSL *s)
2659 ret->method = s->method; 2664 ret->method = s->method;
2660 ret->method->ssl_new(ret); 2665 ret->method->ssl_new(ret);
2661 2666
2662 if (s->cert != NULL) 2667 if (s->cert != NULL) {
2663 { 2668 if (ret->cert != NULL) {
2664 if (ret->cert != NULL)
2665 {
2666 ssl_cert_free(ret->cert); 2669 ssl_cert_free(ret->cert);
2667 } 2670 }
2668 ret->cert = ssl_cert_dup(s->cert); 2671 ret->cert = ssl_cert_dup(s->cert);
2669 if (ret->cert == NULL) 2672 if (ret->cert == NULL)
2670 goto err; 2673 goto err;
2671 }
2672
2673 SSL_set_session_id_context(ret,
2674 s->sid_ctx, s->sid_ctx_length);
2675 } 2674 }
2676 2675
2677 ret->options=s->options; 2676 SSL_set_session_id_context(ret,
2678 ret->mode=s->mode; 2677 s->sid_ctx, s->sid_ctx_length);
2679 SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); 2678 }
2680 SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); 2679
2680 ret->options = s->options;
2681 ret->mode = s->mode;
2682 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
2683 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
2681 ret->msg_callback = s->msg_callback; 2684 ret->msg_callback = s->msg_callback;
2682 ret->msg_callback_arg = s->msg_callback_arg; 2685 ret->msg_callback_arg = s->msg_callback_arg;
2683 SSL_set_verify(ret,SSL_get_verify_mode(s), 2686 SSL_set_verify(ret, SSL_get_verify_mode(s),
2684 SSL_get_verify_callback(s)); 2687 SSL_get_verify_callback(s));
2685 SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); 2688 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
2686 ret->generate_session_id = s->generate_session_id; 2689 ret->generate_session_id = s->generate_session_id;
2687 2690
2688 SSL_set_info_callback(ret,SSL_get_info_callback(s)); 2691 SSL_set_info_callback(ret, SSL_get_info_callback(s));
2689 2692
2690 ret->debug=s->debug; 2693 ret->debug = s->debug;
2691 2694
2692 /* copy app data, a little dangerous perhaps */ 2695 /* copy app data, a little dangerous perhaps */
2693 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) 2696 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
2694 goto err; 2697 goto err;
2695 2698
2696 /* setup rbio, and wbio */ 2699 /* setup rbio, and wbio */
2697 if (s->rbio != NULL) 2700 if (s->rbio != NULL) {
2698 {
2699 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) 2701 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2700 goto err; 2702 goto err;
2701 } 2703 }
2702 if (s->wbio != NULL) 2704 if (s->wbio != NULL) {
2703 { 2705 if (s->wbio != s->rbio) {
2704 if (s->wbio != s->rbio)
2705 {
2706 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) 2706 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2707 goto err; 2707 goto err;
2708 } 2708 } else
2709 else 2709 ret->wbio = ret->rbio;
2710 ret->wbio=ret->rbio; 2710 }
2711 }
2712 ret->rwstate = s->rwstate; 2711 ret->rwstate = s->rwstate;
2713 ret->in_handshake = s->in_handshake; 2712 ret->in_handshake = s->in_handshake;
2714 ret->handshake_func = s->handshake_func; 2713 ret->handshake_func = s->handshake_func;
@@ -2716,222 +2715,228 @@ SSL *SSL_dup(SSL *s)
2716 ret->renegotiate = s->renegotiate; 2715 ret->renegotiate = s->renegotiate;
2717 ret->new_session = s->new_session; 2716 ret->new_session = s->new_session;
2718 ret->quiet_shutdown = s->quiet_shutdown; 2717 ret->quiet_shutdown = s->quiet_shutdown;
2719 ret->shutdown=s->shutdown; 2718 ret->shutdown = s->shutdown;
2720 ret->state=s->state; /* SSL_dup does not really work at any state, though */ 2719 ret->state=s->state; /* SSL_dup does not really work at any state, though */
2721 ret->rstate=s->rstate; 2720 ret->rstate = s->rstate;
2722 ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ 2721 ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
2723 ret->hit=s->hit; 2722 ret->hit = s->hit;
2724 2723
2725 X509_VERIFY_PARAM_inherit(ret->param, s->param); 2724 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2726 2725
2727 /* dup the cipher_list and cipher_list_by_id stacks */ 2726 /* dup the cipher_list and cipher_list_by_id stacks */
2728 if (s->cipher_list != NULL) 2727 if (s->cipher_list != NULL) {
2729 { 2728 if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2730 if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2731 goto err; 2729 goto err;
2732 } 2730 }
2733 if (s->cipher_list_by_id != NULL) 2731 if (s->cipher_list_by_id != NULL)
2734 if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) 2732 if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
2735 == NULL) 2733 == NULL)
2736 goto err; 2734 goto err;
2737 2735
2738 /* Dup the client_CA list */ 2736 /* Dup the client_CA list */
2739 if (s->client_CA != NULL) 2737 if (s->client_CA != NULL) {
2740 { 2738 if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
2741 if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; 2739 ret->client_CA = sk;
2742 ret->client_CA=sk; 2740 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
2743 for (i=0; i<sk_X509_NAME_num(sk); i++) 2741 xn = sk_X509_NAME_value(sk, i);
2744 { 2742 if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
2745 xn=sk_X509_NAME_value(sk,i);
2746 if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
2747 {
2748 X509_NAME_free(xn); 2743 X509_NAME_free(xn);
2749 goto err; 2744 goto err;
2750 }
2751 } 2745 }
2752 } 2746 }
2747 }
2753 2748
2754 if (0) 2749 if (0) {
2755 {
2756err: 2750err:
2757 if (ret != NULL) SSL_free(ret); 2751 if (ret != NULL)
2758 ret=NULL; 2752 SSL_free(ret);
2759 } 2753 ret = NULL;
2760 return(ret);
2761 } 2754 }
2755 return (ret);
2756}
2762 2757
2763void ssl_clear_cipher_ctx(SSL *s) 2758void
2764 { 2759ssl_clear_cipher_ctx(SSL *s)
2765 if (s->enc_read_ctx != NULL) 2760{
2766 { 2761 if (s->enc_read_ctx != NULL) {
2767 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); 2762 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
2768 OPENSSL_free(s->enc_read_ctx); 2763 OPENSSL_free(s->enc_read_ctx);
2769 s->enc_read_ctx=NULL; 2764 s->enc_read_ctx = NULL;
2770 } 2765 }
2771 if (s->enc_write_ctx != NULL) 2766 if (s->enc_write_ctx != NULL) {
2772 {
2773 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); 2767 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
2774 OPENSSL_free(s->enc_write_ctx); 2768 OPENSSL_free(s->enc_write_ctx);
2775 s->enc_write_ctx=NULL; 2769 s->enc_write_ctx = NULL;
2776 } 2770 }
2777#ifndef OPENSSL_NO_COMP 2771#ifndef OPENSSL_NO_COMP
2778 if (s->expand != NULL) 2772 if (s->expand != NULL) {
2779 {
2780 COMP_CTX_free(s->expand); 2773 COMP_CTX_free(s->expand);
2781 s->expand=NULL; 2774 s->expand = NULL;
2782 } 2775 }
2783 if (s->compress != NULL) 2776 if (s->compress != NULL) {
2784 {
2785 COMP_CTX_free(s->compress); 2777 COMP_CTX_free(s->compress);
2786 s->compress=NULL; 2778 s->compress = NULL;
2787 }
2788#endif
2789 } 2779 }
2780#endif
2781}
2790 2782
2791/* Fix this function so that it takes an optional type parameter */ 2783/* Fix this function so that it takes an optional type parameter */
2792X509 *SSL_get_certificate(const SSL *s) 2784X509
2793 { 2785*SSL_get_certificate(const SSL *s)
2786{
2794 if (s->cert != NULL) 2787 if (s->cert != NULL)
2795 return(s->cert->key->x509); 2788 return (s->cert->key->x509);
2796 else 2789 else
2797 return(NULL); 2790 return (NULL);
2798 } 2791}
2799 2792
2800/* Fix this function so that it takes an optional type parameter */ 2793/* Fix this function so that it takes an optional type parameter */
2801EVP_PKEY *SSL_get_privatekey(SSL *s) 2794EVP_PKEY
2802 { 2795*SSL_get_privatekey(SSL *s)
2796{
2803 if (s->cert != NULL) 2797 if (s->cert != NULL)
2804 return(s->cert->key->privatekey); 2798 return (s->cert->key->privatekey);
2805 else 2799 else
2806 return(NULL); 2800 return (NULL);
2807 } 2801}
2808 2802
2809const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) 2803const SSL_CIPHER
2810 { 2804*SSL_get_current_cipher(const SSL *s)
2805{
2811 if ((s->session != NULL) && (s->session->cipher != NULL)) 2806 if ((s->session != NULL) && (s->session->cipher != NULL))
2812 return(s->session->cipher); 2807 return (s->session->cipher);
2813 return(NULL); 2808 return (NULL);
2814 } 2809}
2815#ifdef OPENSSL_NO_COMP 2810#ifdef OPENSSL_NO_COMP
2816const void *SSL_get_current_compression(SSL *s) 2811const void
2817 { 2812*SSL_get_current_compression(SSL *s)
2813{
2818 return NULL; 2814 return NULL;
2819 } 2815}
2820const void *SSL_get_current_expansion(SSL *s) 2816
2821 { 2817const void
2818*SSL_get_current_expansion(SSL *s)
2819{
2822 return NULL; 2820 return NULL;
2823 } 2821}
2824#else 2822#else
2825 2823
2826const COMP_METHOD *SSL_get_current_compression(SSL *s) 2824const COMP_METHOD
2827 { 2825*SSL_get_current_compression(SSL *s)
2826{
2828 if (s->compress != NULL) 2827 if (s->compress != NULL)
2829 return(s->compress->meth); 2828 return (s->compress->meth);
2830 return(NULL); 2829 return (NULL);
2831 } 2830}
2832 2831
2833const COMP_METHOD *SSL_get_current_expansion(SSL *s) 2832const COMP_METHOD
2834 { 2833*SSL_get_current_expansion(SSL *s)
2834{
2835 if (s->expand != NULL) 2835 if (s->expand != NULL)
2836 return(s->expand->meth); 2836 return (s->expand->meth);
2837 return(NULL); 2837 return (NULL);
2838 } 2838}
2839#endif 2839#endif
2840 2840
2841int ssl_init_wbio_buffer(SSL *s,int push) 2841int
2842 { 2842ssl_init_wbio_buffer(SSL *s, int push)
2843{
2843 BIO *bbio; 2844 BIO *bbio;
2844 2845
2845 if (s->bbio == NULL) 2846 if (s->bbio == NULL) {
2846 { 2847 bbio = BIO_new(BIO_f_buffer());
2847 bbio=BIO_new(BIO_f_buffer()); 2848 if (bbio == NULL)
2848 if (bbio == NULL) return(0); 2849 return (0);
2849 s->bbio=bbio; 2850 s->bbio = bbio;
2850 } 2851 } else {
2851 else 2852 bbio = s->bbio;
2852 {
2853 bbio=s->bbio;
2854 if (s->bbio == s->wbio) 2853 if (s->bbio == s->wbio)
2855 s->wbio=BIO_pop(s->wbio); 2854 s->wbio = BIO_pop(s->wbio);
2856 } 2855 }
2857 (void)BIO_reset(bbio); 2856 (void)BIO_reset(bbio);
2858/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ 2857/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2859 if (!BIO_set_read_buffer_size(bbio,1)) 2858 if (!BIO_set_read_buffer_size(bbio, 1)) {
2860 { 2859 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
2861 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB); 2860 return (0);
2862 return(0); 2861 }
2863 } 2862 if (push) {
2864 if (push)
2865 {
2866 if (s->wbio != bbio) 2863 if (s->wbio != bbio)
2867 s->wbio=BIO_push(bbio,s->wbio); 2864 s->wbio = BIO_push(bbio, s->wbio);
2868 } 2865 } else {
2869 else
2870 {
2871 if (s->wbio == bbio) 2866 if (s->wbio == bbio)
2872 s->wbio=BIO_pop(bbio); 2867 s->wbio = BIO_pop(bbio);
2873 }
2874 return(1);
2875 } 2868 }
2869 return (1);
2870}
2876 2871
2877void ssl_free_wbio_buffer(SSL *s) 2872void
2878 { 2873ssl_free_wbio_buffer(SSL *s)
2879 if (s->bbio == NULL) return; 2874{
2875 if (s->bbio == NULL)
2876 return;
2880 2877
2881 if (s->bbio == s->wbio) 2878 if (s->bbio == s->wbio) {
2882 {
2883 /* remove buffering */ 2879 /* remove buffering */
2884 s->wbio=BIO_pop(s->wbio); 2880 s->wbio = BIO_pop(s->wbio);
2885#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ 2881#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
2886 assert(s->wbio != NULL); 2882 assert(s->wbio != NULL);
2887#endif 2883#endif
2888 } 2884 }
2889 BIO_free(s->bbio); 2885 BIO_free(s->bbio);
2890 s->bbio=NULL; 2886 s->bbio = NULL;
2891 } 2887}
2892
2893void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
2894 {
2895 ctx->quiet_shutdown=mode;
2896 }
2897 2888
2898int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) 2889void
2899 { 2890SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
2900 return(ctx->quiet_shutdown); 2891{
2901 } 2892 ctx->quiet_shutdown = mode;
2893}
2902 2894
2903void SSL_set_quiet_shutdown(SSL *s,int mode) 2895int
2904 { 2896SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2905 s->quiet_shutdown=mode; 2897{
2906 } 2898 return (ctx->quiet_shutdown);
2899}
2907 2900
2908int SSL_get_quiet_shutdown(const SSL *s) 2901void
2909 { 2902SSL_set_quiet_shutdown(SSL *s, int mode)
2910 return(s->quiet_shutdown); 2903{
2911 } 2904 s->quiet_shutdown = mode;
2905}
2912 2906
2913void SSL_set_shutdown(SSL *s,int mode) 2907int
2914 { 2908SSL_get_quiet_shutdown(const SSL *s)
2915 s->shutdown=mode; 2909{
2916 } 2910 return (s->quiet_shutdown);
2911}
2917 2912
2918int SSL_get_shutdown(const SSL *s) 2913void
2919 { 2914SSL_set_shutdown(SSL *s, int mode)
2920 return(s->shutdown); 2915{
2921 } 2916 s->shutdown = mode;
2917}
2922 2918
2923int SSL_version(const SSL *s) 2919int
2924 { 2920SSL_get_shutdown(const SSL *s)
2925 return(s->version); 2921{
2926 } 2922 return (s->shutdown);
2923}
2927 2924
2928SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) 2925int
2929 { 2926SSL_version(const SSL *s)
2930 return(ssl->ctx); 2927{
2931 } 2928 return (s->version);
2929}
2932 2930
2933SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) 2931SSL_CTX
2934 { 2932*SSL_get_SSL_CTX(const SSL *ssl)
2933{
2934 return (ssl->ctx);
2935}
2936
2937SSL_CTX
2938*SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2939{
2935 if (ssl->ctx == ctx) 2940 if (ssl->ctx == ctx)
2936 return ssl->ctx; 2941 return ssl->ctx;
2937#ifndef OPENSSL_NO_TLSEXT 2942#ifndef OPENSSL_NO_TLSEXT
@@ -2941,114 +2946,131 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2941 if (ssl->cert != NULL) 2946 if (ssl->cert != NULL)
2942 ssl_cert_free(ssl->cert); 2947 ssl_cert_free(ssl->cert);
2943 ssl->cert = ssl_cert_dup(ctx->cert); 2948 ssl->cert = ssl_cert_dup(ctx->cert);
2944 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 2949 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
2945 if (ssl->ctx != NULL) 2950 if (ssl->ctx != NULL)
2946 SSL_CTX_free(ssl->ctx); /* decrement reference count */ 2951 SSL_CTX_free(ssl->ctx); /* decrement reference count */
2947 ssl->ctx = ctx; 2952 ssl->ctx = ctx;
2948 return(ssl->ctx); 2953 return (ssl->ctx);
2949 } 2954}
2950 2955
2951#ifndef OPENSSL_NO_STDIO 2956#ifndef OPENSSL_NO_STDIO
2952int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 2957int
2953 { 2958SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
2954 return(X509_STORE_set_default_paths(ctx->cert_store)); 2959{
2955 } 2960 return (X509_STORE_set_default_paths(ctx->cert_store));
2961}
2956 2962
2957int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 2963int
2958 const char *CApath) 2964SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
2959 { 2965 const char *CApath)
2960 return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); 2966{
2961 } 2967 return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
2968}
2962#endif 2969#endif
2963 2970
2964void SSL_set_info_callback(SSL *ssl, 2971void
2965 void (*cb)(const SSL *ssl,int type,int val)) 2972SSL_set_info_callback(SSL *ssl,
2966 { 2973 void (*cb)(const SSL *ssl, int type, int val))
2967 ssl->info_callback=cb; 2974{
2968 } 2975 ssl->info_callback = cb;
2976}
2969 2977
2970/* One compiler (Diab DCC) doesn't like argument names in returned 2978/* One compiler (Diab DCC) doesn't like argument names in returned
2971 function pointer. */ 2979 function pointer. */
2972void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) 2980void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
2973 { 2981{
2974 return ssl->info_callback; 2982 return ssl->info_callback;
2975 } 2983}
2976 2984
2977int SSL_state(const SSL *ssl) 2985int
2978 { 2986SSL_state(const SSL *ssl)
2979 return(ssl->state); 2987{
2980 } 2988 return (ssl->state);
2989}
2981 2990
2982void SSL_set_state(SSL *ssl, int state) 2991void
2983 { 2992SSL_set_state(SSL *ssl, int state)
2993{
2984 ssl->state = state; 2994 ssl->state = state;
2985 } 2995}
2986 2996
2987void SSL_set_verify_result(SSL *ssl,long arg) 2997void
2988 { 2998SSL_set_verify_result(SSL *ssl, long arg)
2989 ssl->verify_result=arg; 2999{
2990 } 3000 ssl->verify_result = arg;
3001}
2991 3002
2992long SSL_get_verify_result(const SSL *ssl) 3003long
2993 { 3004SSL_get_verify_result(const SSL *ssl)
2994 return(ssl->verify_result); 3005{
2995 } 3006 return (ssl->verify_result);
3007}
2996 3008
2997int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, 3009int
2998 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) 3010SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2999 { 3011 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
3012{
3000 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, 3013 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
3001 new_func, dup_func, free_func); 3014 new_func, dup_func, free_func);
3002 } 3015}
3003 3016
3004int SSL_set_ex_data(SSL *s,int idx,void *arg) 3017int
3005 { 3018SSL_set_ex_data(SSL *s, int idx, void *arg)
3006 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 3019{
3007 } 3020 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3021}
3008 3022
3009void *SSL_get_ex_data(const SSL *s,int idx) 3023void
3010 { 3024*SSL_get_ex_data(const SSL *s, int idx)
3011 return(CRYPTO_get_ex_data(&s->ex_data,idx)); 3025{
3012 } 3026 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3027}
3013 3028
3014int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, 3029int
3015 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) 3030SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
3016 { 3031 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
3032{
3017 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, 3033 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
3018 new_func, dup_func, free_func); 3034 new_func, dup_func, free_func);
3019 } 3035}
3020 3036
3021int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) 3037int
3022 { 3038SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
3023 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 3039{
3024 } 3040 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3041}
3025 3042
3026void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) 3043void
3027 { 3044*SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
3028 return(CRYPTO_get_ex_data(&s->ex_data,idx)); 3045{
3029 } 3046 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3047}
3030 3048
3031int ssl_ok(SSL *s) 3049int
3032 { 3050ssl_ok(SSL *s)
3033 return(1); 3051{
3034 } 3052 return (1);
3053}
3035 3054
3036X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) 3055X509_STORE
3037 { 3056*SSL_CTX_get_cert_store(const SSL_CTX *ctx)
3038 return(ctx->cert_store); 3057{
3039 } 3058 return (ctx->cert_store);
3059}
3040 3060
3041void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) 3061void
3042 { 3062SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
3063{
3043 if (ctx->cert_store != NULL) 3064 if (ctx->cert_store != NULL)
3044 X509_STORE_free(ctx->cert_store); 3065 X509_STORE_free(ctx->cert_store);
3045 ctx->cert_store=store; 3066 ctx->cert_store = store;
3046 } 3067}
3047 3068
3048int SSL_want(const SSL *s) 3069int
3049 { 3070SSL_want(const SSL *s)
3050 return(s->rwstate); 3071{
3051 } 3072 return (s->rwstate);
3073}
3052 3074
3053/*! 3075/*!
3054 * \brief Set the callback for generating temporary RSA keys. 3076 * \brief Set the callback for generating temporary RSA keys.
@@ -3057,19 +3079,21 @@ int SSL_want(const SSL *s)
3057 */ 3079 */
3058 3080
3059#ifndef OPENSSL_NO_RSA 3081#ifndef OPENSSL_NO_RSA
3060void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, 3082void
3061 int is_export, 3083SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,
3062 int keylength)) 3084 int is_export,
3063 { 3085int keylength))
3064 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); 3086{
3065 } 3087 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3066 3088}
3067void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, 3089
3068 int is_export, 3090void
3069 int keylength)) 3091SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl,
3070 { 3092 int is_export,
3071 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); 3093int keylength))
3072 } 3094{
3095 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3096}
3073#endif 3097#endif
3074 3098
3075#ifdef DOXYGEN 3099#ifdef DOXYGEN
@@ -3083,8 +3107,9 @@ void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
3083 * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback 3107 * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
3084 */ 3108 */
3085 3109
3086RSA *cb(SSL *ssl,int is_export,int keylength) 3110RSA
3087 {} 3111*cb(SSL *ssl, int is_export, int keylength)
3112{}
3088#endif 3113#endif
3089 3114
3090/*! 3115/*!
@@ -3094,133 +3119,142 @@ RSA *cb(SSL *ssl,int is_export,int keylength)
3094 */ 3119 */
3095 3120
3096#ifndef OPENSSL_NO_DH 3121#ifndef OPENSSL_NO_DH
3097void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, 3122void
3098 int keylength)) 3123SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export,
3099 { 3124 int keylength))
3100 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); 3125{
3101 } 3126 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3127}
3102 3128
3103void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, 3129void
3104 int keylength)) 3130SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
3105 { 3131 int keylength))
3106 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); 3132{
3107 } 3133 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3134}
3108#endif 3135#endif
3109 3136
3110#ifndef OPENSSL_NO_ECDH 3137#ifndef OPENSSL_NO_ECDH
3111void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, 3138void
3112 int keylength)) 3139SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
3113 { 3140 int keylength))
3114 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); 3141{
3115 } 3142 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3143}
3116 3144
3117void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, 3145void
3118 int keylength)) 3146SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
3119 { 3147 int keylength))
3120 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); 3148{
3121 } 3149 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3150}
3122#endif 3151#endif
3123 3152
3124#ifndef OPENSSL_NO_PSK 3153#ifndef OPENSSL_NO_PSK
3125int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) 3154int
3126 { 3155SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
3127 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) 3156{
3128 { 3157 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
3129 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); 3158 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
3130 return 0; 3159 return 0;
3131 } 3160 }
3132 if (ctx->psk_identity_hint != NULL) 3161 if (ctx->psk_identity_hint != NULL)
3133 OPENSSL_free(ctx->psk_identity_hint); 3162 OPENSSL_free(ctx->psk_identity_hint);
3134 if (identity_hint != NULL) 3163 if (identity_hint != NULL) {
3135 {
3136 ctx->psk_identity_hint = BUF_strdup(identity_hint); 3164 ctx->psk_identity_hint = BUF_strdup(identity_hint);
3137 if (ctx->psk_identity_hint == NULL) 3165 if (ctx->psk_identity_hint == NULL)
3138 return 0; 3166 return 0;
3139 } 3167 } else
3140 else
3141 ctx->psk_identity_hint = NULL; 3168 ctx->psk_identity_hint = NULL;
3142 return 1; 3169 return 1;
3143 } 3170}
3144 3171
3145int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) 3172int
3146 { 3173SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
3174{
3147 if (s == NULL) 3175 if (s == NULL)
3148 return 0; 3176 return 0;
3149 3177
3150 if (s->session == NULL) 3178 if (s->session == NULL)
3151 return 1; /* session not created yet, ignored */ 3179 return 1; /* session not created yet, ignored */
3152 3180
3153 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) 3181 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
3154 {
3155 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); 3182 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
3156 return 0; 3183 return 0;
3157 } 3184 }
3158 if (s->session->psk_identity_hint != NULL) 3185 if (s->session->psk_identity_hint != NULL)
3159 OPENSSL_free(s->session->psk_identity_hint); 3186 OPENSSL_free(s->session->psk_identity_hint);
3160 if (identity_hint != NULL) 3187 if (identity_hint != NULL) {
3161 {
3162 s->session->psk_identity_hint = BUF_strdup(identity_hint); 3188 s->session->psk_identity_hint = BUF_strdup(identity_hint);
3163 if (s->session->psk_identity_hint == NULL) 3189 if (s->session->psk_identity_hint == NULL)
3164 return 0; 3190 return 0;
3165 } 3191 } else
3166 else
3167 s->session->psk_identity_hint = NULL; 3192 s->session->psk_identity_hint = NULL;
3168 return 1; 3193 return 1;
3169 } 3194}
3170 3195
3171const char *SSL_get_psk_identity_hint(const SSL *s) 3196const char
3172 { 3197*SSL_get_psk_identity_hint(const SSL *s)
3198{
3173 if (s == NULL || s->session == NULL) 3199 if (s == NULL || s->session == NULL)
3174 return NULL; 3200 return NULL;
3175 return(s->session->psk_identity_hint); 3201 return (s->session->psk_identity_hint);
3176 } 3202}
3177 3203
3178const char *SSL_get_psk_identity(const SSL *s) 3204const char
3179 { 3205*SSL_get_psk_identity(const SSL *s)
3206{
3180 if (s == NULL || s->session == NULL) 3207 if (s == NULL || s->session == NULL)
3181 return NULL; 3208 return NULL;
3182 return(s->session->psk_identity); 3209 return (s->session->psk_identity);
3183 } 3210}
3184 3211
3185void SSL_set_psk_client_callback(SSL *s, 3212void
3213SSL_set_psk_client_callback(SSL *s,
3186 unsigned int (*cb)(SSL *ssl, const char *hint, 3214 unsigned int (*cb)(SSL *ssl, const char *hint,
3187 char *identity, unsigned int max_identity_len, unsigned char *psk, 3215char *identity, unsigned int max_identity_len, unsigned char *psk,
3188 unsigned int max_psk_len)) 3216 unsigned int max_psk_len))
3189 { 3217{
3190 s->psk_client_callback = cb; 3218 s->psk_client_callback = cb;
3191 } 3219}
3192 3220
3193void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 3221void
3222SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
3194 unsigned int (*cb)(SSL *ssl, const char *hint, 3223 unsigned int (*cb)(SSL *ssl, const char *hint,
3195 char *identity, unsigned int max_identity_len, unsigned char *psk, 3224char *identity, unsigned int max_identity_len, unsigned char *psk,
3196 unsigned int max_psk_len)) 3225 unsigned int max_psk_len))
3197 { 3226{
3198 ctx->psk_client_callback = cb; 3227 ctx->psk_client_callback = cb;
3199 } 3228}
3200 3229
3201void SSL_set_psk_server_callback(SSL *s, 3230void
3231SSL_set_psk_server_callback(SSL *s,
3202 unsigned int (*cb)(SSL *ssl, const char *identity, 3232 unsigned int (*cb)(SSL *ssl, const char *identity,
3203 unsigned char *psk, unsigned int max_psk_len)) 3233unsigned char *psk, unsigned int max_psk_len))
3204 { 3234{
3205 s->psk_server_callback = cb; 3235 s->psk_server_callback = cb;
3206 } 3236}
3207 3237
3208void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 3238void
3239SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
3209 unsigned int (*cb)(SSL *ssl, const char *identity, 3240 unsigned int (*cb)(SSL *ssl, const char *identity,
3210 unsigned char *psk, unsigned int max_psk_len)) 3241unsigned char *psk, unsigned int max_psk_len))
3211 { 3242{
3212 ctx->psk_server_callback = cb; 3243 ctx->psk_server_callback = cb;
3213 } 3244}
3214#endif 3245#endif
3215 3246
3216void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3247void
3217 { 3248SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3249{
3218 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3250 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3219 } 3251}
3220void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3252
3221 { 3253void
3254SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3255{
3222 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3256 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3223 } 3257}
3224 3258
3225/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer 3259/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
3226 * vairable, freeing EVP_MD_CTX previously stored in that variable, if 3260 * vairable, freeing EVP_MD_CTX previously stored in that variable, if
@@ -3228,31 +3262,38 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
3228 * Returns newly allocated ctx; 3262 * Returns newly allocated ctx;
3229 */ 3263 */
3230 3264
3231EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) 3265EVP_MD_CTX
3266*ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
3232{ 3267{
3233 ssl_clear_hash_ctx(hash); 3268 ssl_clear_hash_ctx(hash);
3234 *hash = EVP_MD_CTX_create(); 3269 *hash = EVP_MD_CTX_create();
3235 if (md) EVP_DigestInit_ex(*hash,md,NULL); 3270 if (md)
3271 EVP_DigestInit_ex(*hash, md, NULL);
3236 return *hash; 3272 return *hash;
3237} 3273}
3238void ssl_clear_hash_ctx(EVP_MD_CTX **hash) 3274
3275void
3276ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3239{ 3277{
3240 3278
3241 if (*hash) EVP_MD_CTX_destroy(*hash); 3279 if (*hash)
3242 *hash=NULL; 3280 EVP_MD_CTX_destroy(*hash);
3281 *hash = NULL;
3243} 3282}
3244 3283
3245void SSL_set_debug(SSL *s, int debug) 3284void
3246 { 3285SSL_set_debug(SSL *s, int debug)
3286{
3247 s->debug = debug; 3287 s->debug = debug;
3248 } 3288}
3249 3289
3250int SSL_cache_hit(SSL *s) 3290int
3251 { 3291SSL_cache_hit(SSL *s)
3292{
3252 return s->hit; 3293 return s->hit;
3253 } 3294}
3254 3295
3255IMPLEMENT_STACK_OF(SSL_CIPHER) 3296IMPLEMENT_STACK_OF(SSL_CIPHER)
3256IMPLEMENT_STACK_OF(SSL_COMP) 3297IMPLEMENT_STACK_OF(SSL_COMP)
3257IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, 3298IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
3258 ssl_cipher_id); 3299ssl_cipher_id);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-27 19:21:39 +0000