summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl_lib.c3663
1 files changed, 0 insertions, 3663 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index ce68981493..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,3663 +0,0 @@
1/* $OpenBSD: ssl_lib.c,v 1.331 2025/03/12 14:03:55 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#include <arpa/inet.h>
144#include <sys/socket.h>
145#include <netinet/in.h>
146
147#include <limits.h>
148#include <stdio.h>
149
150#include <openssl/dh.h>
151#include <openssl/lhash.h>
152#include <openssl/objects.h>
153#include <openssl/ocsp.h>
154#include <openssl/opensslconf.h>
155#include <openssl/x509v3.h>
156
157#include "bytestring.h"
158#include "dtls_local.h"
159#include "ssl_local.h"
160#include "ssl_sigalgs.h"
161#include "ssl_tlsext.h"
162#include "tls12_internal.h"
163
164int
165SSL_clear(SSL *s)
166{
167 if (s->method == NULL) {
168 SSLerror(s, SSL_R_NO_METHOD_SPECIFIED);
169 return (0);
170 }
171
172 if (ssl_clear_bad_session(s)) {
173 SSL_SESSION_free(s->session);
174 s->session = NULL;
175 }
176
177 s->error = 0;
178 s->hit = 0;
179 s->shutdown = 0;
180
181 if (s->renegotiate) {
182 SSLerror(s, ERR_R_INTERNAL_ERROR);
183 return (0);
184 }
185
186 s->version = s->method->version;
187 s->client_version = s->version;
188 s->rwstate = SSL_NOTHING;
189 s->rstate = SSL_ST_READ_HEADER;
190
191 tls13_ctx_free(s->tls13);
192 s->tls13 = NULL;
193
194 ssl3_release_init_buffer(s);
195
196 ssl_clear_cipher_state(s);
197
198 s->first_packet = 0;
199
200 /*
201 * Check to see if we were changed into a different method, if
202 * so, revert back if we are not doing session-id reuse.
203 */
204 if (!s->in_handshake && (s->session == NULL) &&
205 (s->method != s->ctx->method)) {
206 s->method->ssl_free(s);
207 s->method = s->ctx->method;
208 if (!s->method->ssl_new(s))
209 return (0);
210 } else
211 s->method->ssl_clear(s);
212
213 return (1);
214}
215LSSL_ALIAS(SSL_clear);
216
217/* Used to change an SSL_CTXs default SSL method type */
218int
219SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
220{
221 STACK_OF(SSL_CIPHER) *ciphers;
222
223 ctx->method = meth;
224
225 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
226 ctx->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST,
227 ctx->cert);
228 if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) {
229 SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
230 return (0);
231 }
232 return (1);
233}
234LSSL_ALIAS(SSL_CTX_set_ssl_version);
235
236SSL *
237SSL_new(SSL_CTX *ctx)
238{
239 SSL *s;
240 CBS cbs;
241
242 if (ctx == NULL) {
243 SSLerrorx(SSL_R_NULL_SSL_CTX);
244 return (NULL);
245 }
246 if (ctx->method == NULL) {
247 SSLerrorx(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
248 return (NULL);
249 }
250
251 if ((s = calloc(1, sizeof(*s))) == NULL)
252 goto err;
253
254 if ((s->rl = tls12_record_layer_new()) == NULL)
255 goto err;
256
257 s->min_tls_version = ctx->min_tls_version;
258 s->max_tls_version = ctx->max_tls_version;
259 s->min_proto_version = ctx->min_proto_version;
260 s->max_proto_version = ctx->max_proto_version;
261
262 s->options = ctx->options;
263 s->mode = ctx->mode;
264 s->max_cert_list = ctx->max_cert_list;
265 s->num_tickets = ctx->num_tickets;
266
267 if ((s->cert = ssl_cert_dup(ctx->cert)) == NULL)
268 goto err;
269
270 s->read_ahead = ctx->read_ahead;
271 s->msg_callback = ctx->msg_callback;
272 s->msg_callback_arg = ctx->msg_callback_arg;
273 s->verify_mode = ctx->verify_mode;
274 s->sid_ctx_length = ctx->sid_ctx_length;
275 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
276 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
277 s->verify_callback = ctx->default_verify_callback;
278 s->generate_session_id = ctx->generate_session_id;
279
280 s->param = X509_VERIFY_PARAM_new();
281 if (!s->param)
282 goto err;
283 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
284 s->quiet_shutdown = ctx->quiet_shutdown;
285 s->max_send_fragment = ctx->max_send_fragment;
286
287 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
288 s->ctx = ctx;
289 s->tlsext_debug_cb = NULL;
290 s->tlsext_debug_arg = NULL;
291 s->tlsext_ticket_expected = 0;
292 s->tlsext_status_type = -1;
293 s->tlsext_status_expected = 0;
294 s->tlsext_ocsp_ids = NULL;
295 s->tlsext_ocsp_exts = NULL;
296 s->tlsext_ocsp_resp = NULL;
297 s->tlsext_ocsp_resp_len = 0;
298 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
299 s->initial_ctx = ctx;
300
301 if (!tlsext_randomize_build_order(s))
302 goto err;
303
304 if (ctx->tlsext_ecpointformatlist != NULL) {
305 s->tlsext_ecpointformatlist =
306 calloc(ctx->tlsext_ecpointformatlist_length,
307 sizeof(ctx->tlsext_ecpointformatlist[0]));
308 if (s->tlsext_ecpointformatlist == NULL)
309 goto err;
310 memcpy(s->tlsext_ecpointformatlist,
311 ctx->tlsext_ecpointformatlist,
312 ctx->tlsext_ecpointformatlist_length *
313 sizeof(ctx->tlsext_ecpointformatlist[0]));
314 s->tlsext_ecpointformatlist_length =
315 ctx->tlsext_ecpointformatlist_length;
316 }
317 if (ctx->tlsext_supportedgroups != NULL) {
318 s->tlsext_supportedgroups =
319 calloc(ctx->tlsext_supportedgroups_length,
320 sizeof(ctx->tlsext_supportedgroups[0]));
321 if (s->tlsext_supportedgroups == NULL)
322 goto err;
323 memcpy(s->tlsext_supportedgroups,
324 ctx->tlsext_supportedgroups,
325 ctx->tlsext_supportedgroups_length *
326 sizeof(ctx->tlsext_supportedgroups[0]));
327 s->tlsext_supportedgroups_length =
328 ctx->tlsext_supportedgroups_length;
329 }
330
331 CBS_init(&cbs, ctx->alpn_client_proto_list,
332 ctx->alpn_client_proto_list_len);
333 if (!CBS_stow(&cbs, &s->alpn_client_proto_list,
334 &s->alpn_client_proto_list_len))
335 goto err;
336
337 s->verify_result = X509_V_OK;
338
339 s->method = ctx->method;
340 s->quic_method = ctx->quic_method;
341
342 if (!s->method->ssl_new(s))
343 goto err;
344
345 s->references = 1;
346 s->server = ctx->method->server;
347
348 SSL_clear(s);
349
350 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
351
352 return (s);
353
354 err:
355 SSL_free(s);
356 SSLerrorx(ERR_R_MALLOC_FAILURE);
357 return (NULL);
358}
359LSSL_ALIAS(SSL_new);
360
361int
362SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
363 unsigned int sid_ctx_len)
364{
365 if (sid_ctx_len > sizeof ctx->sid_ctx) {
366 SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
367 return (0);
368 }
369 ctx->sid_ctx_length = sid_ctx_len;
370 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
371
372 return (1);
373}
374LSSL_ALIAS(SSL_CTX_set_session_id_context);
375
376int
377SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
378 unsigned int sid_ctx_len)
379{
380 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
381 SSLerror(ssl, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
382 return (0);
383 }
384 ssl->sid_ctx_length = sid_ctx_len;
385 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
386
387 return (1);
388}
389LSSL_ALIAS(SSL_set_session_id_context);
390
391int
392SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
393{
394 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
395 ctx->generate_session_id = cb;
396 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
397 return (1);
398}
399LSSL_ALIAS(SSL_CTX_set_generate_session_id);
400
401int
402SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
403{
404 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
405 ssl->generate_session_id = cb;
406 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
407 return (1);
408}
409LSSL_ALIAS(SSL_set_generate_session_id);
410
411int
412SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
413 unsigned int id_len)
414{
415 /*
416 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
417 * shows how we can "construct" a session to give us the desired
418 * check - ie. to find if there's a session in the hash table
419 * that would conflict with any new session built out of this
420 * id/id_len and the ssl_version in use by this SSL.
421 */
422 SSL_SESSION r, *p;
423
424 if (id_len > sizeof r.session_id)
425 return (0);
426
427 r.ssl_version = ssl->version;
428 r.session_id_length = id_len;
429 memcpy(r.session_id, id, id_len);
430
431 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
432 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
433 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
434 return (p != NULL);
435}
436LSSL_ALIAS(SSL_has_matching_session_id);
437
438int
439SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
440{
441 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
442}
443LSSL_ALIAS(SSL_CTX_set_purpose);
444
445int
446SSL_set_purpose(SSL *s, int purpose)
447{
448 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
449}
450LSSL_ALIAS(SSL_set_purpose);
451
452int
453SSL_CTX_set_trust(SSL_CTX *s, int trust)
454{
455 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
456}
457LSSL_ALIAS(SSL_CTX_set_trust);
458
459int
460SSL_set_trust(SSL *s, int trust)
461{
462 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
463}
464LSSL_ALIAS(SSL_set_trust);
465
466int
467SSL_set1_host(SSL *s, const char *hostname)
468{
469 struct in_addr ina;
470 struct in6_addr in6a;
471
472 if (hostname != NULL && *hostname != '\0' &&
473 (inet_pton(AF_INET, hostname, &ina) == 1 ||
474 inet_pton(AF_INET6, hostname, &in6a) == 1))
475 return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname);
476 else
477 return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
478}
479LSSL_ALIAS(SSL_set1_host);
480
481void
482SSL_set_hostflags(SSL *s, unsigned int flags)
483{
484 X509_VERIFY_PARAM_set_hostflags(s->param, flags);
485}
486LSSL_ALIAS(SSL_set_hostflags);
487
488const char *
489SSL_get0_peername(SSL *s)
490{
491 return X509_VERIFY_PARAM_get0_peername(s->param);
492}
493LSSL_ALIAS(SSL_get0_peername);
494
495X509_VERIFY_PARAM *
496SSL_CTX_get0_param(SSL_CTX *ctx)
497{
498 return (ctx->param);
499}
500LSSL_ALIAS(SSL_CTX_get0_param);
501
502int
503SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
504{
505 return (X509_VERIFY_PARAM_set1(ctx->param, vpm));
506}
507LSSL_ALIAS(SSL_CTX_set1_param);
508
509X509_VERIFY_PARAM *
510SSL_get0_param(SSL *ssl)
511{
512 return (ssl->param);
513}
514LSSL_ALIAS(SSL_get0_param);
515
516int
517SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
518{
519 return (X509_VERIFY_PARAM_set1(ssl->param, vpm));
520}
521LSSL_ALIAS(SSL_set1_param);
522
523void
524SSL_free(SSL *s)
525{
526 int i;
527
528 if (s == NULL)
529 return;
530
531 i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
532 if (i > 0)
533 return;
534
535 X509_VERIFY_PARAM_free(s->param);
536
537 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
538
539 if (s->bbio != NULL) {
540 /* If the buffering BIO is in place, pop it off */
541 if (s->bbio == s->wbio) {
542 s->wbio = BIO_pop(s->wbio);
543 }
544 BIO_free(s->bbio);
545 s->bbio = NULL;
546 }
547
548 if (s->rbio != s->wbio)
549 BIO_free_all(s->rbio);
550 BIO_free_all(s->wbio);
551
552 tls13_ctx_free(s->tls13);
553
554 ssl3_release_init_buffer(s);
555
556 sk_SSL_CIPHER_free(s->cipher_list);
557 sk_SSL_CIPHER_free(s->cipher_list_tls13);
558
559 /* Make the next call work :-) */
560 if (s->session != NULL) {
561 ssl_clear_bad_session(s);
562 SSL_SESSION_free(s->session);
563 }
564
565 ssl_clear_cipher_state(s);
566
567 ssl_cert_free(s->cert);
568
569 free(s->tlsext_build_order);
570
571 free(s->tlsext_hostname);
572 SSL_CTX_free(s->initial_ctx);
573
574 free(s->tlsext_ecpointformatlist);
575 free(s->tlsext_supportedgroups);
576
577 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
578 X509_EXTENSION_free);
579 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
580 free(s->tlsext_ocsp_resp);
581
582 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
583
584 if (s->method != NULL)
585 s->method->ssl_free(s);
586
587 SSL_CTX_free(s->ctx);
588
589 free(s->alpn_client_proto_list);
590
591 free(s->quic_transport_params);
592
593#ifndef OPENSSL_NO_SRTP
594 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
595#endif
596
597 tls12_record_layer_free(s->rl);
598
599 free(s);
600}
601LSSL_ALIAS(SSL_free);
602
603int
604SSL_up_ref(SSL *s)
605{
606 return CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL) > 1;
607}
608LSSL_ALIAS(SSL_up_ref);
609
610void
611SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
612{
613 /* If the output buffering BIO is still in place, remove it */
614 if (s->bbio != NULL) {
615 if (s->wbio == s->bbio) {
616 s->wbio = BIO_next(s->wbio);
617 BIO_set_next(s->bbio, NULL);
618 }
619 }
620
621 if (s->rbio != rbio && s->rbio != s->wbio)
622 BIO_free_all(s->rbio);
623 if (s->wbio != wbio)
624 BIO_free_all(s->wbio);
625 s->rbio = rbio;
626 s->wbio = wbio;
627}
628LSSL_ALIAS(SSL_set_bio);
629
630BIO *
631SSL_get_rbio(const SSL *s)
632{
633 return (s->rbio);
634}
635LSSL_ALIAS(SSL_get_rbio);
636
637void
638SSL_set0_rbio(SSL *s, BIO *rbio)
639{
640 BIO_free_all(s->rbio);
641 s->rbio = rbio;
642}
643LSSL_ALIAS(SSL_set0_rbio);
644
645BIO *
646SSL_get_wbio(const SSL *s)
647{
648 return (s->wbio);
649}
650LSSL_ALIAS(SSL_get_wbio);
651
652int
653SSL_get_fd(const SSL *s)
654{
655 return (SSL_get_rfd(s));
656}
657LSSL_ALIAS(SSL_get_fd);
658
659int
660SSL_get_rfd(const SSL *s)
661{
662 int ret = -1;
663 BIO *b, *r;
664
665 b = SSL_get_rbio(s);
666 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
667 if (r != NULL)
668 BIO_get_fd(r, &ret);
669 return (ret);
670}
671LSSL_ALIAS(SSL_get_rfd);
672
673int
674SSL_get_wfd(const SSL *s)
675{
676 int ret = -1;
677 BIO *b, *r;
678
679 b = SSL_get_wbio(s);
680 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
681 if (r != NULL)
682 BIO_get_fd(r, &ret);
683 return (ret);
684}
685LSSL_ALIAS(SSL_get_wfd);
686
687int
688SSL_set_fd(SSL *s, int fd)
689{
690 int ret = 0;
691 BIO *bio = NULL;
692
693 bio = BIO_new(BIO_s_socket());
694
695 if (bio == NULL) {
696 SSLerror(s, ERR_R_BUF_LIB);
697 goto err;
698 }
699 BIO_set_fd(bio, fd, BIO_NOCLOSE);
700 SSL_set_bio(s, bio, bio);
701 ret = 1;
702 err:
703 return (ret);
704}
705LSSL_ALIAS(SSL_set_fd);
706
707int
708SSL_set_wfd(SSL *s, int fd)
709{
710 int ret = 0;
711 BIO *bio = NULL;
712
713 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
714 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
715 bio = BIO_new(BIO_s_socket());
716
717 if (bio == NULL) {
718 SSLerror(s, ERR_R_BUF_LIB);
719 goto err;
720 }
721 BIO_set_fd(bio, fd, BIO_NOCLOSE);
722 SSL_set_bio(s, SSL_get_rbio(s), bio);
723 } else
724 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
725 ret = 1;
726 err:
727 return (ret);
728}
729LSSL_ALIAS(SSL_set_wfd);
730
731int
732SSL_set_rfd(SSL *s, int fd)
733{
734 int ret = 0;
735 BIO *bio = NULL;
736
737 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
738 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
739 bio = BIO_new(BIO_s_socket());
740
741 if (bio == NULL) {
742 SSLerror(s, ERR_R_BUF_LIB);
743 goto err;
744 }
745 BIO_set_fd(bio, fd, BIO_NOCLOSE);
746 SSL_set_bio(s, bio, SSL_get_wbio(s));
747 } else
748 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
749 ret = 1;
750 err:
751 return (ret);
752}
753LSSL_ALIAS(SSL_set_rfd);
754
755
756/* return length of latest Finished message we sent, copy to 'buf' */
757size_t
758SSL_get_finished(const SSL *s, void *buf, size_t count)
759{
760 size_t ret;
761
762 ret = s->s3->hs.finished_len;
763 if (count > ret)
764 count = ret;
765 memcpy(buf, s->s3->hs.finished, count);
766 return (ret);
767}
768LSSL_ALIAS(SSL_get_finished);
769
770/* return length of latest Finished message we expected, copy to 'buf' */
771size_t
772SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
773{
774 size_t ret;
775
776 ret = s->s3->hs.peer_finished_len;
777 if (count > ret)
778 count = ret;
779 memcpy(buf, s->s3->hs.peer_finished, count);
780 return (ret);
781}
782LSSL_ALIAS(SSL_get_peer_finished);
783
784
785int
786SSL_get_verify_mode(const SSL *s)
787{
788 return (s->verify_mode);
789}
790LSSL_ALIAS(SSL_get_verify_mode);
791
792int
793SSL_get_verify_depth(const SSL *s)
794{
795 return (X509_VERIFY_PARAM_get_depth(s->param));
796}
797LSSL_ALIAS(SSL_get_verify_depth);
798
799int
800(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
801{
802 return (s->verify_callback);
803}
804LSSL_ALIAS(SSL_get_verify_callback);
805
806void
807SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
808{
809 ctx->keylog_callback = cb;
810}
811LSSL_ALIAS(SSL_CTX_set_keylog_callback);
812
813SSL_CTX_keylog_cb_func
814SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
815{
816 return (ctx->keylog_callback);
817}
818LSSL_ALIAS(SSL_CTX_get_keylog_callback);
819
820int
821SSL_set_num_tickets(SSL *s, size_t num_tickets)
822{
823 s->num_tickets = num_tickets;
824
825 return 1;
826}
827LSSL_ALIAS(SSL_set_num_tickets);
828
829size_t
830SSL_get_num_tickets(const SSL *s)
831{
832 return s->num_tickets;
833}
834LSSL_ALIAS(SSL_get_num_tickets);
835
836int
837SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
838{
839 ctx->num_tickets = num_tickets;
840
841 return 1;
842}
843LSSL_ALIAS(SSL_CTX_set_num_tickets);
844
845size_t
846SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
847{
848 return ctx->num_tickets;
849}
850LSSL_ALIAS(SSL_CTX_get_num_tickets);
851
852int
853SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
854{
855 return (ctx->verify_mode);
856}
857LSSL_ALIAS(SSL_CTX_get_verify_mode);
858
859int
860SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
861{
862 return (X509_VERIFY_PARAM_get_depth(ctx->param));
863}
864LSSL_ALIAS(SSL_CTX_get_verify_depth);
865
866int
867(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
868{
869 return (ctx->default_verify_callback);
870}
871LSSL_ALIAS(SSL_CTX_get_verify_callback);
872
873void
874SSL_set_verify(SSL *s, int mode,
875 int (*callback)(int ok, X509_STORE_CTX *ctx))
876{
877 s->verify_mode = mode;
878 if (callback != NULL)
879 s->verify_callback = callback;
880}
881LSSL_ALIAS(SSL_set_verify);
882
883void
884SSL_set_verify_depth(SSL *s, int depth)
885{
886 X509_VERIFY_PARAM_set_depth(s->param, depth);
887}
888LSSL_ALIAS(SSL_set_verify_depth);
889
890void
891SSL_set_read_ahead(SSL *s, int yes)
892{
893 s->read_ahead = yes;
894}
895LSSL_ALIAS(SSL_set_read_ahead);
896
897int
898SSL_get_read_ahead(const SSL *s)
899{
900 return (s->read_ahead);
901}
902LSSL_ALIAS(SSL_get_read_ahead);
903
904int
905SSL_pending(const SSL *s)
906{
907 return (s->method->ssl_pending(s));
908}
909LSSL_ALIAS(SSL_pending);
910
911X509 *
912SSL_get_peer_certificate(const SSL *s)
913{
914 X509 *cert;
915
916 if (s == NULL || s->session == NULL)
917 return NULL;
918
919 if ((cert = s->session->peer_cert) == NULL)
920 return NULL;
921
922 X509_up_ref(cert);
923
924 return cert;
925}
926LSSL_ALIAS(SSL_get_peer_certificate);
927
928STACK_OF(X509) *
929SSL_get_peer_cert_chain(const SSL *s)
930{
931 if (s == NULL)
932 return NULL;
933
934 /*
935 * Achtung! Due to API inconsistency, a client includes the peer's leaf
936 * certificate in the peer certificate chain, while a server does not.
937 */
938 if (!s->server)
939 return s->s3->hs.peer_certs;
940
941 return s->s3->hs.peer_certs_no_leaf;
942}
943LSSL_ALIAS(SSL_get_peer_cert_chain);
944
945STACK_OF(X509) *
946SSL_get0_verified_chain(const SSL *s)
947{
948 if (s->s3 == NULL)
949 return NULL;
950 return s->s3->hs.verified_chain;
951}
952LSSL_ALIAS(SSL_get0_verified_chain);
953
954/*
955 * Now in theory, since the calling process own 't' it should be safe to
956 * modify. We need to be able to read f without being hassled
957 */
958int
959SSL_copy_session_id(SSL *t, const SSL *f)
960{
961 SSL_CERT *tmp;
962
963 /* Do we need to do SSL locking? */
964 if (!SSL_set_session(t, SSL_get_session(f)))
965 return 0;
966
967 /* What if we are set up for one protocol but want to talk another? */
968 if (t->method != f->method) {
969 t->method->ssl_free(t);
970 t->method = f->method;
971 if (!t->method->ssl_new(t))
972 return 0;
973 }
974
975 tmp = t->cert;
976 if (f->cert != NULL) {
977 CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
978 t->cert = f->cert;
979 } else
980 t->cert = NULL;
981 ssl_cert_free(tmp);
982
983 if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length))
984 return 0;
985
986 return 1;
987}
988LSSL_ALIAS(SSL_copy_session_id);
989
990/* Fix this so it checks all the valid key/cert options */
991int
992SSL_CTX_check_private_key(const SSL_CTX *ctx)
993{
994 if ((ctx == NULL) || (ctx->cert == NULL) ||
995 (ctx->cert->key->x509 == NULL)) {
996 SSLerrorx(SSL_R_NO_CERTIFICATE_ASSIGNED);
997 return (0);
998 }
999 if (ctx->cert->key->privatekey == NULL) {
1000 SSLerrorx(SSL_R_NO_PRIVATE_KEY_ASSIGNED);
1001 return (0);
1002 }
1003 return (X509_check_private_key(ctx->cert->key->x509,
1004 ctx->cert->key->privatekey));
1005}
1006LSSL_ALIAS(SSL_CTX_check_private_key);
1007
1008/* Fix this function so that it takes an optional type parameter */
1009int
1010SSL_check_private_key(const SSL *ssl)
1011{
1012 if (ssl == NULL) {
1013 SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
1014 return (0);
1015 }
1016 if (ssl->cert == NULL) {
1017 SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED);
1018 return (0);
1019 }
1020 if (ssl->cert->key->x509 == NULL) {
1021 SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED);
1022 return (0);
1023 }
1024 if (ssl->cert->key->privatekey == NULL) {
1025 SSLerror(ssl, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
1026 return (0);
1027 }
1028 return (X509_check_private_key(ssl->cert->key->x509,
1029 ssl->cert->key->privatekey));
1030}
1031LSSL_ALIAS(SSL_check_private_key);
1032
1033int
1034SSL_accept(SSL *s)
1035{
1036 if (s->handshake_func == NULL)
1037 SSL_set_accept_state(s); /* Not properly initialized yet */
1038
1039 return (s->method->ssl_accept(s));
1040}
1041LSSL_ALIAS(SSL_accept);
1042
1043int
1044SSL_connect(SSL *s)
1045{
1046 if (s->handshake_func == NULL)
1047 SSL_set_connect_state(s); /* Not properly initialized yet */
1048
1049 return (s->method->ssl_connect(s));
1050}
1051LSSL_ALIAS(SSL_connect);
1052
1053int
1054SSL_is_dtls(const SSL *s)
1055{
1056 return s->method->dtls;
1057}
1058LSSL_ALIAS(SSL_is_dtls);
1059
1060int
1061SSL_is_server(const SSL *s)
1062{
1063 return s->server;
1064}
1065LSSL_ALIAS(SSL_is_server);
1066
1067static long
1068ssl_get_default_timeout(void)
1069{
1070 /*
1071 * 2 hours, the 24 hours mentioned in the TLSv1 spec
1072 * is way too long for http, the cache would over fill.
1073 */
1074 return (2 * 60 * 60);
1075}
1076
1077long
1078SSL_get_default_timeout(const SSL *s)
1079{
1080 return (ssl_get_default_timeout());
1081}
1082LSSL_ALIAS(SSL_get_default_timeout);
1083
1084int
1085SSL_read(SSL *s, void *buf, int num)
1086{
1087 if (num < 0) {
1088 SSLerror(s, SSL_R_BAD_LENGTH);
1089 return -1;
1090 }
1091
1092 if (SSL_is_quic(s)) {
1093 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1094 return (-1);
1095 }
1096
1097 if (s->handshake_func == NULL) {
1098 SSLerror(s, SSL_R_UNINITIALIZED);
1099 return (-1);
1100 }
1101
1102 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1103 s->rwstate = SSL_NOTHING;
1104 return (0);
1105 }
1106 return ssl3_read(s, buf, num);
1107}
1108LSSL_ALIAS(SSL_read);
1109
1110int
1111SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read)
1112{
1113 int ret;
1114
1115 /* We simply don't bother supporting enormous reads */
1116 if (num > INT_MAX) {
1117 SSLerror(s, SSL_R_BAD_LENGTH);
1118 return 0;
1119 }
1120
1121 ret = SSL_read(s, buf, (int)num);
1122 if (ret < 0)
1123 ret = 0;
1124 *bytes_read = ret;
1125
1126 return ret > 0;
1127}
1128LSSL_ALIAS(SSL_read_ex);
1129
1130int
1131SSL_peek(SSL *s, void *buf, int num)
1132{
1133 if (num < 0) {
1134 SSLerror(s, SSL_R_BAD_LENGTH);
1135 return -1;
1136 }
1137
1138 if (SSL_is_quic(s)) {
1139 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1140 return (-1);
1141 }
1142
1143 if (s->handshake_func == NULL) {
1144 SSLerror(s, SSL_R_UNINITIALIZED);
1145 return (-1);
1146 }
1147
1148 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1149 return (0);
1150 }
1151 return ssl3_peek(s, buf, num);
1152}
1153LSSL_ALIAS(SSL_peek);
1154
1155int
1156SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked)
1157{
1158 int ret;
1159
1160 /* We simply don't bother supporting enormous peeks */
1161 if (num > INT_MAX) {
1162 SSLerror(s, SSL_R_BAD_LENGTH);
1163 return 0;
1164 }
1165
1166 ret = SSL_peek(s, buf, (int)num);
1167 if (ret < 0)
1168 ret = 0;
1169 *bytes_peeked = ret;
1170
1171 return ret > 0;
1172}
1173LSSL_ALIAS(SSL_peek_ex);
1174
1175int
1176SSL_write(SSL *s, const void *buf, int num)
1177{
1178 if (num < 0) {
1179 SSLerror(s, SSL_R_BAD_LENGTH);
1180 return -1;
1181 }
1182
1183 if (SSL_is_quic(s)) {
1184 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1185 return (-1);
1186 }
1187
1188 if (s->handshake_func == NULL) {
1189 SSLerror(s, SSL_R_UNINITIALIZED);
1190 return (-1);
1191 }
1192
1193 if (s->shutdown & SSL_SENT_SHUTDOWN) {
1194 s->rwstate = SSL_NOTHING;
1195 SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN);
1196 return (-1);
1197 }
1198 return ssl3_write(s, buf, num);
1199}
1200LSSL_ALIAS(SSL_write);
1201
1202int
1203SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written)
1204{
1205 int ret;
1206
1207 /* We simply don't bother supporting enormous writes */
1208 if (num > INT_MAX) {
1209 SSLerror(s, SSL_R_BAD_LENGTH);
1210 return 0;
1211 }
1212
1213 if (num == 0) {
1214 /* This API is special */
1215 bytes_written = 0;
1216 return 1;
1217 }
1218
1219 ret = SSL_write(s, buf, (int)num);
1220 if (ret < 0)
1221 ret = 0;
1222 *bytes_written = ret;
1223
1224 return ret > 0;
1225}
1226LSSL_ALIAS(SSL_write_ex);
1227
1228uint32_t
1229SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
1230{
1231 return 0;
1232}
1233LSSL_ALIAS(SSL_CTX_get_max_early_data);
1234
1235int
1236SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
1237{
1238 return 1;
1239}
1240LSSL_ALIAS(SSL_CTX_set_max_early_data);
1241
1242uint32_t
1243SSL_get_max_early_data(const SSL *s)
1244{
1245 return 0;
1246}
1247LSSL_ALIAS(SSL_get_max_early_data);
1248
1249int
1250SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
1251{
1252 return 1;
1253}
1254LSSL_ALIAS(SSL_set_max_early_data);
1255
1256int
1257SSL_get_early_data_status(const SSL *s)
1258{
1259 return SSL_EARLY_DATA_REJECTED;
1260}
1261LSSL_ALIAS(SSL_get_early_data_status);
1262
1263int
1264SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
1265{
1266 *readbytes = 0;
1267
1268 if (!s->server) {
1269 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1270 return SSL_READ_EARLY_DATA_ERROR;
1271 }
1272
1273 return SSL_READ_EARLY_DATA_FINISH;
1274}
1275LSSL_ALIAS(SSL_read_early_data);
1276
1277int
1278SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
1279{
1280 *written = 0;
1281 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1282 return 0;
1283}
1284LSSL_ALIAS(SSL_write_early_data);
1285
1286int
1287SSL_shutdown(SSL *s)
1288{
1289 /*
1290 * Note that this function behaves differently from what one might
1291 * expect. Return values are 0 for no success (yet),
1292 * 1 for success; but calling it once is usually not enough,
1293 * even if blocking I/O is used (see ssl3_shutdown).
1294 */
1295
1296 if (s->handshake_func == NULL) {
1297 SSLerror(s, SSL_R_UNINITIALIZED);
1298 return (-1);
1299 }
1300
1301 if (s != NULL && !SSL_in_init(s))
1302 return (s->method->ssl_shutdown(s));
1303
1304 return (1);
1305}
1306LSSL_ALIAS(SSL_shutdown);
1307
1308int
1309SSL_renegotiate(SSL *s)
1310{
1311 if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) {
1312 SSLerror(s, SSL_R_NO_RENEGOTIATION);
1313 return 0;
1314 }
1315
1316 if (s->renegotiate == 0)
1317 s->renegotiate = 1;
1318
1319 s->new_session = 1;
1320
1321 return (s->method->ssl_renegotiate(s));
1322}
1323LSSL_ALIAS(SSL_renegotiate);
1324
1325int
1326SSL_renegotiate_abbreviated(SSL *s)
1327{
1328 if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) {
1329 SSLerror(s, SSL_R_NO_RENEGOTIATION);
1330 return 0;
1331 }
1332
1333 if (s->renegotiate == 0)
1334 s->renegotiate = 1;
1335
1336 s->new_session = 0;
1337
1338 return (s->method->ssl_renegotiate(s));
1339}
1340LSSL_ALIAS(SSL_renegotiate_abbreviated);
1341
1342int
1343SSL_renegotiate_pending(SSL *s)
1344{
1345 /*
1346 * Becomes true when negotiation is requested;
1347 * false again once a handshake has finished.
1348 */
1349 return (s->renegotiate != 0);
1350}
1351LSSL_ALIAS(SSL_renegotiate_pending);
1352
1353long
1354SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1355{
1356 long l;
1357
1358 switch (cmd) {
1359 case SSL_CTRL_GET_READ_AHEAD:
1360 return (s->read_ahead);
1361 case SSL_CTRL_SET_READ_AHEAD:
1362 l = s->read_ahead;
1363 s->read_ahead = larg;
1364 return (l);
1365
1366 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1367 s->msg_callback_arg = parg;
1368 return (1);
1369
1370 case SSL_CTRL_OPTIONS:
1371 return (s->options|=larg);
1372 case SSL_CTRL_CLEAR_OPTIONS:
1373 return (s->options&=~larg);
1374 case SSL_CTRL_MODE:
1375 return (s->mode|=larg);
1376 case SSL_CTRL_CLEAR_MODE:
1377 return (s->mode &=~larg);
1378 case SSL_CTRL_GET_MAX_CERT_LIST:
1379 return (s->max_cert_list);
1380 case SSL_CTRL_SET_MAX_CERT_LIST:
1381 l = s->max_cert_list;
1382 s->max_cert_list = larg;
1383 return (l);
1384 case SSL_CTRL_SET_MTU:
1385 if (larg < (long)dtls1_min_mtu())
1386 return (0);
1387 if (SSL_is_dtls(s)) {
1388 s->d1->mtu = larg;
1389 return (larg);
1390 }
1391 return (0);
1392 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1393 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1394 return (0);
1395 s->max_send_fragment = larg;
1396 return (1);
1397 case SSL_CTRL_GET_RI_SUPPORT:
1398 if (s->s3)
1399 return (s->s3->send_connection_binding);
1400 else return (0);
1401 default:
1402 if (SSL_is_dtls(s))
1403 return dtls1_ctrl(s, cmd, larg, parg);
1404 return ssl3_ctrl(s, cmd, larg, parg);
1405 }
1406}
1407LSSL_ALIAS(SSL_ctrl);
1408
1409long
1410SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1411{
1412 switch (cmd) {
1413 case SSL_CTRL_SET_MSG_CALLBACK:
1414 s->msg_callback = (ssl_msg_callback_fn *)(fp);
1415 return (1);
1416
1417 default:
1418 return (ssl3_callback_ctrl(s, cmd, fp));
1419 }
1420}
1421LSSL_ALIAS(SSL_callback_ctrl);
1422
1423struct lhash_st_SSL_SESSION *
1424SSL_CTX_sessions(SSL_CTX *ctx)
1425{
1426 return (ctx->sessions);
1427}
1428LSSL_ALIAS(SSL_CTX_sessions);
1429
1430long
1431SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1432{
1433 long l;
1434
1435 switch (cmd) {
1436 case SSL_CTRL_GET_READ_AHEAD:
1437 return (ctx->read_ahead);
1438 case SSL_CTRL_SET_READ_AHEAD:
1439 l = ctx->read_ahead;
1440 ctx->read_ahead = larg;
1441 return (l);
1442
1443 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1444 ctx->msg_callback_arg = parg;
1445 return (1);
1446
1447 case SSL_CTRL_GET_MAX_CERT_LIST:
1448 return (ctx->max_cert_list);
1449 case SSL_CTRL_SET_MAX_CERT_LIST:
1450 l = ctx->max_cert_list;
1451 ctx->max_cert_list = larg;
1452 return (l);
1453
1454 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1455 l = ctx->session_cache_size;
1456 ctx->session_cache_size = larg;
1457 return (l);
1458 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1459 return (ctx->session_cache_size);
1460 case SSL_CTRL_SET_SESS_CACHE_MODE:
1461 l = ctx->session_cache_mode;
1462 ctx->session_cache_mode = larg;
1463 return (l);
1464 case SSL_CTRL_GET_SESS_CACHE_MODE:
1465 return (ctx->session_cache_mode);
1466
1467 case SSL_CTRL_SESS_NUMBER:
1468 return (lh_SSL_SESSION_num_items(ctx->sessions));
1469 case SSL_CTRL_SESS_CONNECT:
1470 return (ctx->stats.sess_connect);
1471 case SSL_CTRL_SESS_CONNECT_GOOD:
1472 return (ctx->stats.sess_connect_good);
1473 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1474 return (ctx->stats.sess_connect_renegotiate);
1475 case SSL_CTRL_SESS_ACCEPT:
1476 return (ctx->stats.sess_accept);
1477 case SSL_CTRL_SESS_ACCEPT_GOOD:
1478 return (ctx->stats.sess_accept_good);
1479 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1480 return (ctx->stats.sess_accept_renegotiate);
1481 case SSL_CTRL_SESS_HIT:
1482 return (ctx->stats.sess_hit);
1483 case SSL_CTRL_SESS_CB_HIT:
1484 return (ctx->stats.sess_cb_hit);
1485 case SSL_CTRL_SESS_MISSES:
1486 return (ctx->stats.sess_miss);
1487 case SSL_CTRL_SESS_TIMEOUTS:
1488 return (ctx->stats.sess_timeout);
1489 case SSL_CTRL_SESS_CACHE_FULL:
1490 return (ctx->stats.sess_cache_full);
1491 case SSL_CTRL_OPTIONS:
1492 return (ctx->options|=larg);
1493 case SSL_CTRL_CLEAR_OPTIONS:
1494 return (ctx->options&=~larg);
1495 case SSL_CTRL_MODE:
1496 return (ctx->mode|=larg);
1497 case SSL_CTRL_CLEAR_MODE:
1498 return (ctx->mode&=~larg);
1499 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1500 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1501 return (0);
1502 ctx->max_send_fragment = larg;
1503 return (1);
1504 default:
1505 return (ssl3_ctx_ctrl(ctx, cmd, larg, parg));
1506 }
1507}
1508LSSL_ALIAS(SSL_CTX_ctrl);
1509
1510long
1511SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1512{
1513 switch (cmd) {
1514 case SSL_CTRL_SET_MSG_CALLBACK:
1515 ctx->msg_callback = (ssl_msg_callback_fn *)fp;
1516 return (1);
1517
1518 default:
1519 return (ssl3_ctx_callback_ctrl(ctx, cmd, fp));
1520 }
1521}
1522LSSL_ALIAS(SSL_CTX_callback_ctrl);
1523
1524STACK_OF(SSL_CIPHER) *
1525SSL_get_ciphers(const SSL *s)
1526{
1527 if (s == NULL)
1528 return (NULL);
1529 if (s->cipher_list != NULL)
1530 return (s->cipher_list);
1531
1532 return (s->ctx->cipher_list);
1533}
1534LSSL_ALIAS(SSL_get_ciphers);
1535
1536STACK_OF(SSL_CIPHER) *
1537SSL_get_client_ciphers(const SSL *s)
1538{
1539 if (s == NULL || !s->server)
1540 return NULL;
1541 return s->s3->hs.client_ciphers;
1542}
1543LSSL_ALIAS(SSL_get_client_ciphers);
1544
1545STACK_OF(SSL_CIPHER) *
1546SSL_get1_supported_ciphers(SSL *s)
1547{
1548 STACK_OF(SSL_CIPHER) *supported_ciphers = NULL, *ciphers;
1549 SSL_CIPHER *cipher;
1550 uint16_t min_vers, max_vers;
1551 int i;
1552
1553 if (s == NULL)
1554 return NULL;
1555 if (!ssl_supported_tls_version_range(s, &min_vers, &max_vers))
1556 return NULL;
1557 if ((ciphers = SSL_get_ciphers(s)) == NULL)
1558 return NULL;
1559 if ((supported_ciphers = sk_SSL_CIPHER_new_null()) == NULL)
1560 return NULL;
1561
1562 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1563 if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
1564 goto err;
1565 if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers,
1566 max_vers))
1567 continue;
1568 if (!ssl_security_supported_cipher(s, cipher))
1569 continue;
1570 if (!sk_SSL_CIPHER_push(supported_ciphers, cipher))
1571 goto err;
1572 }
1573
1574 if (sk_SSL_CIPHER_num(supported_ciphers) > 0)
1575 return supported_ciphers;
1576
1577 err:
1578 sk_SSL_CIPHER_free(supported_ciphers);
1579 return NULL;
1580}
1581LSSL_ALIAS(SSL_get1_supported_ciphers);
1582
1583/* See if we have any ECC cipher suites. */
1584int
1585ssl_has_ecc_ciphers(SSL *s)
1586{
1587 STACK_OF(SSL_CIPHER) *ciphers;
1588 unsigned long alg_k, alg_a;
1589 SSL_CIPHER *cipher;
1590 int i;
1591
1592 if ((ciphers = SSL_get_ciphers(s)) == NULL)
1593 return 0;
1594
1595 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1596 cipher = sk_SSL_CIPHER_value(ciphers, i);
1597
1598 alg_k = cipher->algorithm_mkey;
1599 alg_a = cipher->algorithm_auth;
1600
1601 if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))
1602 return 1;
1603 }
1604
1605 return 0;
1606}
1607
1608/* The old interface to get the same thing as SSL_get_ciphers(). */
1609const char *
1610SSL_get_cipher_list(const SSL *s, int n)
1611{
1612 STACK_OF(SSL_CIPHER) *ciphers;
1613 const SSL_CIPHER *cipher;
1614
1615 if ((ciphers = SSL_get_ciphers(s)) == NULL)
1616 return (NULL);
1617 if ((cipher = sk_SSL_CIPHER_value(ciphers, n)) == NULL)
1618 return (NULL);
1619
1620 return (cipher->name);
1621}
1622LSSL_ALIAS(SSL_get_cipher_list);
1623
1624STACK_OF(SSL_CIPHER) *
1625SSL_CTX_get_ciphers(const SSL_CTX *ctx)
1626{
1627 if (ctx == NULL)
1628 return NULL;
1629 return ctx->cipher_list;
1630}
1631LSSL_ALIAS(SSL_CTX_get_ciphers);
1632
1633/* Specify the ciphers to be used by default by the SSL_CTX. */
1634int
1635SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1636{
1637 STACK_OF(SSL_CIPHER) *ciphers;
1638
1639 /*
1640 * ssl_create_cipher_list may return an empty stack if it was unable to
1641 * find a cipher matching the given rule string (for example if the
1642 * rule string specifies a cipher which has been disabled). This is not
1643 * an error as far as ssl_create_cipher_list is concerned, and hence
1644 * ctx->cipher_list has been updated.
1645 */
1646 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1647 ctx->cipher_list_tls13, str, ctx->cert);
1648 if (ciphers == NULL) {
1649 return (0);
1650 } else if (sk_SSL_CIPHER_num(ciphers) == 0) {
1651 SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1652 return (0);
1653 }
1654 return (1);
1655}
1656LSSL_ALIAS(SSL_CTX_set_cipher_list);
1657
1658int
1659SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
1660{
1661 if (!ssl_parse_ciphersuites(&ctx->cipher_list_tls13, str)) {
1662 SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1663 return 0;
1664 }
1665 if (!ssl_merge_cipherlists(ctx->cipher_list,
1666 ctx->cipher_list_tls13, &ctx->cipher_list))
1667 return 0;
1668
1669 return 1;
1670}
1671LSSL_ALIAS(SSL_CTX_set_ciphersuites);
1672
1673/* Specify the ciphers to be used by the SSL. */
1674int
1675SSL_set_cipher_list(SSL *s, const char *str)
1676{
1677 STACK_OF(SSL_CIPHER) *ciphers, *ciphers_tls13;
1678
1679 if ((ciphers_tls13 = s->cipher_list_tls13) == NULL)
1680 ciphers_tls13 = s->ctx->cipher_list_tls13;
1681
1682 /* See comment in SSL_CTX_set_cipher_list. */
1683 ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1684 ciphers_tls13, str, s->cert);
1685 if (ciphers == NULL) {
1686 return (0);
1687 } else if (sk_SSL_CIPHER_num(ciphers) == 0) {
1688 SSLerror(s, SSL_R_NO_CIPHER_MATCH);
1689 return (0);
1690 }
1691 return (1);
1692}
1693LSSL_ALIAS(SSL_set_cipher_list);
1694
1695int
1696SSL_set_ciphersuites(SSL *s, const char *str)
1697{
1698 STACK_OF(SSL_CIPHER) *ciphers;
1699
1700 if ((ciphers = s->cipher_list) == NULL)
1701 ciphers = s->ctx->cipher_list;
1702
1703 if (!ssl_parse_ciphersuites(&s->cipher_list_tls13, str)) {
1704 SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1705 return (0);
1706 }
1707 if (!ssl_merge_cipherlists(ciphers, s->cipher_list_tls13,
1708 &s->cipher_list))
1709 return 0;
1710
1711 return 1;
1712}
1713LSSL_ALIAS(SSL_set_ciphersuites);
1714
1715char *
1716SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1717{
1718 STACK_OF(SSL_CIPHER) *client_ciphers, *server_ciphers;
1719 const SSL_CIPHER *cipher;
1720 size_t curlen = 0;
1721 char *end;
1722 int i;
1723
1724 if (!s->server || len < 2)
1725 return NULL;
1726
1727 if ((client_ciphers = s->s3->hs.client_ciphers) == NULL)
1728 return NULL;
1729 if ((server_ciphers = SSL_get_ciphers(s)) == NULL)
1730 return NULL;
1731 if (sk_SSL_CIPHER_num(client_ciphers) == 0 ||
1732 sk_SSL_CIPHER_num(server_ciphers) == 0)
1733 return NULL;
1734
1735 buf[0] = '\0';
1736 for (i = 0; i < sk_SSL_CIPHER_num(client_ciphers); i++) {
1737 cipher = sk_SSL_CIPHER_value(client_ciphers, i);
1738
1739 if (sk_SSL_CIPHER_find(server_ciphers, cipher) < 0)
1740 continue;
1741
1742 end = buf + curlen;
1743 if (strlcat(buf, cipher->name, len) >= len ||
1744 (curlen = strlcat(buf, ":", len)) >= len) {
1745 /* remove truncated cipher from list */
1746 *end = '\0';
1747 break;
1748 }
1749 }
1750 /* remove trailing colon */
1751 if ((end = strrchr(buf, ':')) != NULL)
1752 *end = '\0';
1753 return buf;
1754}
1755LSSL_ALIAS(SSL_get_shared_ciphers);
1756
1757/*
1758 * Return a servername extension value if provided in Client Hello, or NULL.
1759 * So far, only host_name types are defined (RFC 3546).
1760 */
1761const char *
1762SSL_get_servername(const SSL *s, const int type)
1763{
1764 if (type != TLSEXT_NAMETYPE_host_name)
1765 return (NULL);
1766
1767 return (s->session && !s->tlsext_hostname ?
1768 s->session->tlsext_hostname :
1769 s->tlsext_hostname);
1770}
1771LSSL_ALIAS(SSL_get_servername);
1772
1773int
1774SSL_get_servername_type(const SSL *s)
1775{
1776 if (s->session &&
1777 (!s->tlsext_hostname ?
1778 s->session->tlsext_hostname : s->tlsext_hostname))
1779 return (TLSEXT_NAMETYPE_host_name);
1780 return (-1);
1781}
1782LSSL_ALIAS(SSL_get_servername_type);
1783
1784/*
1785 * SSL_select_next_proto implements standard protocol selection. It is
1786 * expected that this function is called from the callback set by
1787 * SSL_CTX_set_alpn_select_cb.
1788 *
1789 * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
1790 * strings. The length byte itself is not included in the length. A byte
1791 * string of length 0 is invalid. No byte string may be truncated.
1792 *
1793 * It returns either:
1794 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1795 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1796 *
1797 * XXX - the out argument points into server_list or client_list and should
1798 * therefore really be const. We can't fix that without breaking the callers.
1799 */
1800int
1801SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1802 const unsigned char *peer_list, unsigned int peer_list_len,
1803 const unsigned char *supported_list, unsigned int supported_list_len)
1804{
1805 CBS peer, peer_proto, supported, supported_proto;
1806
1807 *out = NULL;
1808 *outlen = 0;
1809
1810 /* First check that the supported list is well-formed. */
1811 CBS_init(&supported, supported_list, supported_list_len);
1812 if (!tlsext_alpn_check_format(&supported))
1813 goto err;
1814
1815 /*
1816 * Use first supported protocol as fallback. This is one way of doing
1817 * NPN's "opportunistic" protocol selection (see security considerations
1818 * in draft-agl-tls-nextprotoneg-04), and it is the documented behavior
1819 * of this API. For ALPN it's the callback's responsibility to fail on
1820 * OPENSSL_NPN_NO_OVERLAP.
1821 */
1822
1823 if (!CBS_get_u8_length_prefixed(&supported, &supported_proto))
1824 goto err;
1825
1826 *out = (unsigned char *)CBS_data(&supported_proto);
1827 *outlen = CBS_len(&supported_proto);
1828
1829 /* Now check that the peer list is well-formed. */
1830 CBS_init(&peer, peer_list, peer_list_len);
1831 if (!tlsext_alpn_check_format(&peer))
1832 goto err;
1833
1834 /*
1835 * Walk the peer list and select the first protocol that appears in
1836 * the supported list. Thus we honor peer preference rather than local
1837 * preference contrary to a SHOULD in RFC 7301, section 3.2.
1838 */
1839 while (CBS_len(&peer) > 0) {
1840 if (!CBS_get_u8_length_prefixed(&peer, &peer_proto))
1841 goto err;
1842
1843 CBS_init(&supported, supported_list, supported_list_len);
1844
1845 while (CBS_len(&supported) > 0) {
1846 if (!CBS_get_u8_length_prefixed(&supported,
1847 &supported_proto))
1848 goto err;
1849
1850 if (CBS_mem_equal(&supported_proto,
1851 CBS_data(&peer_proto), CBS_len(&peer_proto))) {
1852 *out = (unsigned char *)CBS_data(&peer_proto);
1853 *outlen = CBS_len(&peer_proto);
1854
1855 return OPENSSL_NPN_NEGOTIATED;
1856 }
1857 }
1858 }
1859
1860 err:
1861 return OPENSSL_NPN_NO_OVERLAP;
1862}
1863LSSL_ALIAS(SSL_select_next_proto);
1864
1865/* SSL_get0_next_proto_negotiated is deprecated. */
1866void
1867SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
1868 unsigned int *len)
1869{
1870 *data = NULL;
1871 *len = 0;
1872}
1873LSSL_ALIAS(SSL_get0_next_proto_negotiated);
1874
1875/* SSL_CTX_set_next_protos_advertised_cb is deprecated. */
1876void
1877SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
1878 const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1879{
1880}
1881LSSL_ALIAS(SSL_CTX_set_next_protos_advertised_cb);
1882
1883/* SSL_CTX_set_next_proto_select_cb is deprecated. */
1884void
1885SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1886 unsigned char **out, unsigned char *outlen, const unsigned char *in,
1887 unsigned int inlen, void *arg), void *arg)
1888{
1889}
1890LSSL_ALIAS(SSL_CTX_set_next_proto_select_cb);
1891
1892/*
1893 * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
1894 * protocols, which must be in wire-format (i.e. a series of non-empty,
1895 * 8-bit length-prefixed strings). Returns 0 on success.
1896 */
1897int
1898SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
1899 unsigned int protos_len)
1900{
1901 CBS cbs;
1902 int failed = 1;
1903
1904 if (protos == NULL)
1905 protos_len = 0;
1906
1907 CBS_init(&cbs, protos, protos_len);
1908
1909 if (protos_len > 0) {
1910 if (!tlsext_alpn_check_format(&cbs))
1911 goto err;
1912 }
1913
1914 if (!CBS_stow(&cbs, &ctx->alpn_client_proto_list,
1915 &ctx->alpn_client_proto_list_len))
1916 goto err;
1917
1918 failed = 0;
1919
1920 err:
1921 /* NOTE: Return values are the reverse of what you expect. */
1922 return failed;
1923}
1924LSSL_ALIAS(SSL_CTX_set_alpn_protos);
1925
1926/*
1927 * SSL_set_alpn_protos sets the ALPN protocol list to the specified
1928 * protocols, which must be in wire-format (i.e. a series of non-empty,
1929 * 8-bit length-prefixed strings). Returns 0 on success.
1930 */
1931int
1932SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
1933 unsigned int protos_len)
1934{
1935 CBS cbs;
1936 int failed = 1;
1937
1938 if (protos == NULL)
1939 protos_len = 0;
1940
1941 CBS_init(&cbs, protos, protos_len);
1942
1943 if (protos_len > 0) {
1944 if (!tlsext_alpn_check_format(&cbs))
1945 goto err;
1946 }
1947
1948 if (!CBS_stow(&cbs, &ssl->alpn_client_proto_list,
1949 &ssl->alpn_client_proto_list_len))
1950 goto err;
1951
1952 failed = 0;
1953
1954 err:
1955 /* NOTE: Return values are the reverse of what you expect. */
1956 return failed;
1957}
1958LSSL_ALIAS(SSL_set_alpn_protos);
1959
1960/*
1961 * SSL_CTX_set_alpn_select_cb sets a callback function that is called during
1962 * ClientHello processing in order to select an ALPN protocol from the
1963 * client's list of offered protocols.
1964 */
1965void
1966SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
1967 int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
1968 const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1969{
1970 ctx->alpn_select_cb = cb;
1971 ctx->alpn_select_cb_arg = arg;
1972}
1973LSSL_ALIAS(SSL_CTX_set_alpn_select_cb);
1974
1975/*
1976 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
1977 * it sets data to point to len bytes of protocol name (not including the
1978 * leading length-prefix byte). If the server didn't respond with* a negotiated
1979 * protocol then len will be zero.
1980 */
1981void
1982SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
1983 unsigned int *len)
1984{
1985 *data = ssl->s3->alpn_selected;
1986 *len = ssl->s3->alpn_selected_len;
1987}
1988LSSL_ALIAS(SSL_get0_alpn_selected);
1989
1990void
1991SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
1992{
1993 return;
1994}
1995LSSL_ALIAS(SSL_set_psk_use_session_callback);
1996
1997int
1998SSL_export_keying_material(SSL *s, unsigned char *out, size_t out_len,
1999 const char *label, size_t label_len, const unsigned char *context,
2000 size_t context_len, int use_context)
2001{
2002 if (s->tls13 != NULL && s->version == TLS1_3_VERSION) {
2003 if (!use_context) {
2004 context = NULL;
2005 context_len = 0;
2006 }
2007 return tls13_exporter(s->tls13, label, label_len, context,
2008 context_len, out, out_len);
2009 }
2010
2011 return tls12_exporter(s, label, label_len, context, context_len,
2012 use_context, out, out_len);
2013}
2014LSSL_ALIAS(SSL_export_keying_material);
2015
2016static unsigned long
2017ssl_session_hash(const SSL_SESSION *a)
2018{
2019 unsigned long l;
2020
2021 l = (unsigned long)
2022 ((unsigned int) a->session_id[0] )|
2023 ((unsigned int) a->session_id[1]<< 8L)|
2024 ((unsigned long)a->session_id[2]<<16L)|
2025 ((unsigned long)a->session_id[3]<<24L);
2026 return (l);
2027}
2028
2029/*
2030 * NB: If this function (or indeed the hash function which uses a sort of
2031 * coarser function than this one) is changed, ensure
2032 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
2033 * able to construct an SSL_SESSION that will collide with any existing session
2034 * with a matching session ID.
2035 */
2036static int
2037ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
2038{
2039 if (a->ssl_version != b->ssl_version)
2040 return (1);
2041 if (a->session_id_length != b->session_id_length)
2042 return (1);
2043 if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)
2044 return (1);
2045 return (0);
2046}
2047
2048/*
2049 * These wrapper functions should remain rather than redeclaring
2050 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
2051 * variable. The reason is that the functions aren't static, they're exposed via
2052 * ssl.h.
2053 */
2054static unsigned long
2055ssl_session_LHASH_HASH(const void *arg)
2056{
2057 const SSL_SESSION *a = arg;
2058
2059 return ssl_session_hash(a);
2060}
2061
2062static int
2063ssl_session_LHASH_COMP(const void *arg1, const void *arg2)
2064{
2065 const SSL_SESSION *a = arg1;
2066 const SSL_SESSION *b = arg2;
2067
2068 return ssl_session_cmp(a, b);
2069}
2070
2071SSL_CTX *
2072SSL_CTX_new(const SSL_METHOD *meth)
2073{
2074 SSL_CTX *ret;
2075
2076 if (!OPENSSL_init_ssl(0, NULL)) {
2077 SSLerrorx(SSL_R_LIBRARY_BUG);
2078 return (NULL);
2079 }
2080
2081 if (meth == NULL) {
2082 SSLerrorx(SSL_R_NULL_SSL_METHOD_PASSED);
2083 return (NULL);
2084 }
2085
2086 if ((ret = calloc(1, sizeof(*ret))) == NULL) {
2087 SSLerrorx(ERR_R_MALLOC_FAILURE);
2088 return (NULL);
2089 }
2090
2091 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
2092 SSLerrorx(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
2093 goto err;
2094 }
2095
2096 ret->method = meth;
2097 ret->min_tls_version = meth->min_tls_version;
2098 ret->max_tls_version = meth->max_tls_version;
2099 ret->min_proto_version = 0;
2100 ret->max_proto_version = 0;
2101 ret->mode = SSL_MODE_AUTO_RETRY;
2102
2103 ret->cert_store = NULL;
2104 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
2105 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
2106 ret->session_cache_head = NULL;
2107 ret->session_cache_tail = NULL;
2108
2109 /* We take the system default */
2110 ret->session_timeout = ssl_get_default_timeout();
2111
2112 ret->new_session_cb = NULL;
2113 ret->remove_session_cb = NULL;
2114 ret->get_session_cb = NULL;
2115 ret->generate_session_id = NULL;
2116
2117 memset((char *)&ret->stats, 0, sizeof(ret->stats));
2118
2119 ret->references = 1;
2120 ret->quiet_shutdown = 0;
2121
2122 ret->info_callback = NULL;
2123
2124 ret->app_verify_callback = NULL;
2125 ret->app_verify_arg = NULL;
2126
2127 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
2128 ret->read_ahead = 0;
2129 ret->msg_callback = NULL;
2130 ret->msg_callback_arg = NULL;
2131 ret->verify_mode = SSL_VERIFY_NONE;
2132 ret->sid_ctx_length = 0;
2133 ret->default_verify_callback = NULL;
2134
2135 if ((ret->cert = ssl_cert_new()) == NULL)
2136 goto err;
2137
2138 ret->default_passwd_callback = NULL;
2139 ret->default_passwd_callback_userdata = NULL;
2140 ret->client_cert_cb = NULL;
2141 ret->app_gen_cookie_cb = NULL;
2142 ret->app_verify_cookie_cb = NULL;
2143
2144 ret->sessions = lh_SSL_SESSION_new();
2145 if (ret->sessions == NULL)
2146 goto err;
2147 ret->cert_store = X509_STORE_new();
2148 if (ret->cert_store == NULL)
2149 goto err;
2150
2151 ssl_create_cipher_list(ret->method, &ret->cipher_list,
2152 NULL, SSL_DEFAULT_CIPHER_LIST, ret->cert);
2153 if (ret->cipher_list == NULL ||
2154 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
2155 SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS);
2156 goto err2;
2157 }
2158
2159 ret->param = X509_VERIFY_PARAM_new();
2160 if (!ret->param)
2161 goto err;
2162
2163 if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
2164 goto err;
2165
2166 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
2167
2168 ret->extra_certs = NULL;
2169
2170 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
2171
2172 ret->tlsext_servername_callback = 0;
2173 ret->tlsext_servername_arg = NULL;
2174
2175 /* Setup RFC4507 ticket keys */
2176 arc4random_buf(ret->tlsext_tick_key_name, 16);
2177 arc4random_buf(ret->tlsext_tick_hmac_key, 16);
2178 arc4random_buf(ret->tlsext_tick_aes_key, 16);
2179
2180 ret->tlsext_status_cb = 0;
2181 ret->tlsext_status_arg = NULL;
2182
2183 /*
2184 * Default is to connect to non-RI servers. When RI is more widely
2185 * deployed might change this.
2186 */
2187 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
2188
2189 return (ret);
2190 err:
2191 SSLerrorx(ERR_R_MALLOC_FAILURE);
2192 err2:
2193 SSL_CTX_free(ret);
2194 return (NULL);
2195}
2196LSSL_ALIAS(SSL_CTX_new);
2197
2198void
2199SSL_CTX_free(SSL_CTX *ctx)
2200{
2201 int i;
2202
2203 if (ctx == NULL)
2204 return;
2205
2206 i = CRYPTO_add(&ctx->references, -1, CRYPTO_LOCK_SSL_CTX);
2207 if (i > 0)
2208 return;
2209
2210 X509_VERIFY_PARAM_free(ctx->param);
2211
2212 /*
2213 * Free internal session cache. However: the remove_cb() may reference
2214 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
2215 * after the sessions were flushed.
2216 * As the ex_data handling routines might also touch the session cache,
2217 * the most secure solution seems to be: empty (flush) the cache, then
2218 * free ex_data, then finally free the cache.
2219 * (See ticket [openssl.org #212].)
2220 */
2221 if (ctx->sessions != NULL)
2222 SSL_CTX_flush_sessions(ctx, 0);
2223
2224 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ctx, &ctx->ex_data);
2225
2226 lh_SSL_SESSION_free(ctx->sessions);
2227
2228 X509_STORE_free(ctx->cert_store);
2229 sk_SSL_CIPHER_free(ctx->cipher_list);
2230 sk_SSL_CIPHER_free(ctx->cipher_list_tls13);
2231 ssl_cert_free(ctx->cert);
2232 sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free);
2233 sk_X509_pop_free(ctx->extra_certs, X509_free);
2234
2235#ifndef OPENSSL_NO_SRTP
2236 if (ctx->srtp_profiles)
2237 sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
2238#endif
2239
2240 free(ctx->tlsext_ecpointformatlist);
2241 free(ctx->tlsext_supportedgroups);
2242
2243 free(ctx->alpn_client_proto_list);
2244
2245 free(ctx);
2246}
2247LSSL_ALIAS(SSL_CTX_free);
2248
2249int
2250SSL_CTX_up_ref(SSL_CTX *ctx)
2251{
2252 return CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX) > 1;
2253}
2254LSSL_ALIAS(SSL_CTX_up_ref);
2255
2256pem_password_cb *
2257SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
2258{
2259 return (ctx->default_passwd_callback);
2260}
2261LSSL_ALIAS(SSL_CTX_get_default_passwd_cb);
2262
2263void
2264SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
2265{
2266 ctx->default_passwd_callback = cb;
2267}
2268LSSL_ALIAS(SSL_CTX_set_default_passwd_cb);
2269
2270void *
2271SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
2272{
2273 return ctx->default_passwd_callback_userdata;
2274}
2275LSSL_ALIAS(SSL_CTX_get_default_passwd_cb_userdata);
2276
2277void
2278SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
2279{
2280 ctx->default_passwd_callback_userdata = u;
2281}
2282LSSL_ALIAS(SSL_CTX_set_default_passwd_cb_userdata);
2283
2284void
2285SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
2286 int (*cb)(X509_STORE_CTX *, void *), void *arg)
2287{
2288 ctx->app_verify_callback = cb;
2289 ctx->app_verify_arg = arg;
2290}
2291LSSL_ALIAS(SSL_CTX_set_cert_verify_callback);
2292
2293void
2294SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
2295{
2296 ctx->verify_mode = mode;
2297 ctx->default_verify_callback = cb;
2298}
2299LSSL_ALIAS(SSL_CTX_set_verify);
2300
2301void
2302SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
2303{
2304 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2305}
2306LSSL_ALIAS(SSL_CTX_set_verify_depth);
2307
2308void
2309ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher)
2310{
2311 unsigned long mask_a, mask_k;
2312 SSL_CERT_PKEY *cpk;
2313
2314 if (c == NULL)
2315 return;
2316
2317 mask_a = SSL_aNULL | SSL_aTLS1_3;
2318 mask_k = SSL_kECDHE | SSL_kTLS1_3;
2319
2320 if (c->dhe_params != NULL || c->dhe_params_cb != NULL ||
2321 c->dhe_params_auto != 0)
2322 mask_k |= SSL_kDHE;
2323
2324 cpk = &(c->pkeys[SSL_PKEY_ECC]);
2325 if (cpk->x509 != NULL && cpk->privatekey != NULL) {
2326 /* Key usage, if present, must allow signing. */
2327 if (X509_get_key_usage(cpk->x509) & X509v3_KU_DIGITAL_SIGNATURE)
2328 mask_a |= SSL_aECDSA;
2329 }
2330
2331 cpk = &(c->pkeys[SSL_PKEY_RSA]);
2332 if (cpk->x509 != NULL && cpk->privatekey != NULL) {
2333 mask_a |= SSL_aRSA;
2334 mask_k |= SSL_kRSA;
2335 }
2336
2337 c->mask_k = mask_k;
2338 c->mask_a = mask_a;
2339 c->valid = 1;
2340}
2341
2342/* See if this handshake is using an ECC cipher suite. */
2343int
2344ssl_using_ecc_cipher(SSL *s)
2345{
2346 unsigned long alg_a, alg_k;
2347
2348 alg_a = s->s3->hs.cipher->algorithm_auth;
2349 alg_k = s->s3->hs.cipher->algorithm_mkey;
2350
2351 return s->session->tlsext_ecpointformatlist != NULL &&
2352 s->session->tlsext_ecpointformatlist_length > 0 &&
2353 ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA));
2354}
2355
2356int
2357ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x)
2358{
2359 const SSL_CIPHER *cs = s->s3->hs.cipher;
2360 unsigned long alg_a;
2361
2362 alg_a = cs->algorithm_auth;
2363
2364 if (alg_a & SSL_aECDSA) {
2365 /* Key usage, if present, must allow signing. */
2366 if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
2367 SSLerror(s, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2368 return (0);
2369 }
2370 }
2371
2372 return (1);
2373}
2374
2375SSL_CERT_PKEY *
2376ssl_get_server_send_pkey(const SSL *s)
2377{
2378 unsigned long alg_a;
2379 SSL_CERT *c;
2380 int i;
2381
2382 c = s->cert;
2383 ssl_set_cert_masks(c, s->s3->hs.cipher);
2384
2385 alg_a = s->s3->hs.cipher->algorithm_auth;
2386
2387 if (alg_a & SSL_aECDSA) {
2388 i = SSL_PKEY_ECC;
2389 } else if (alg_a & SSL_aRSA) {
2390 i = SSL_PKEY_RSA;
2391 } else { /* if (alg_a & SSL_aNULL) */
2392 SSLerror(s, ERR_R_INTERNAL_ERROR);
2393 return (NULL);
2394 }
2395
2396 return (c->pkeys + i);
2397}
2398
2399EVP_PKEY *
2400ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd,
2401 const struct ssl_sigalg **sap)
2402{
2403 const struct ssl_sigalg *sigalg = NULL;
2404 EVP_PKEY *pkey = NULL;
2405 unsigned long alg_a;
2406 SSL_CERT *c;
2407 int idx = -1;
2408
2409 alg_a = cipher->algorithm_auth;
2410 c = s->cert;
2411
2412 if (alg_a & SSL_aRSA) {
2413 idx = SSL_PKEY_RSA;
2414 } else if ((alg_a & SSL_aECDSA) &&
2415 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2416 idx = SSL_PKEY_ECC;
2417 if (idx == -1) {
2418 SSLerror(s, ERR_R_INTERNAL_ERROR);
2419 return (NULL);
2420 }
2421
2422 pkey = c->pkeys[idx].privatekey;
2423 if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) {
2424 SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
2425 return (NULL);
2426 }
2427 *pmd = sigalg->md();
2428 *sap = sigalg;
2429
2430 return (pkey);
2431}
2432
2433size_t
2434ssl_dhe_params_auto_key_bits(SSL *s)
2435{
2436 SSL_CERT_PKEY *cpk;
2437 int key_bits;
2438
2439 if (s->cert->dhe_params_auto == 2) {
2440 key_bits = 1024;
2441 } else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) {
2442 key_bits = 1024;
2443 if (s->s3->hs.cipher->strength_bits == 256)
2444 key_bits = 3072;
2445 } else {
2446 if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
2447 return 0;
2448 if (cpk->privatekey == NULL ||
2449 EVP_PKEY_get0_RSA(cpk->privatekey) == NULL)
2450 return 0;
2451 if ((key_bits = EVP_PKEY_bits(cpk->privatekey)) <= 0)
2452 return 0;
2453 }
2454
2455 return key_bits;
2456}
2457
2458static int
2459ssl_should_update_external_cache(SSL *s, int mode)
2460{
2461 int cache_mode;
2462
2463 cache_mode = s->session_ctx->session_cache_mode;
2464
2465 /* Don't cache if mode says not to */
2466 if ((cache_mode & mode) == 0)
2467 return 0;
2468
2469 /* if it is not already cached, cache it */
2470 if (!s->hit)
2471 return 1;
2472
2473 /* If it's TLS 1.3, do it to match OpenSSL */
2474 if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION)
2475 return 1;
2476
2477 return 0;
2478}
2479
2480static int
2481ssl_should_update_internal_cache(SSL *s, int mode)
2482{
2483 int cache_mode;
2484
2485 cache_mode = s->session_ctx->session_cache_mode;
2486
2487 /* Don't cache if mode says not to */
2488 if ((cache_mode & mode) == 0)
2489 return 0;
2490
2491 /* If it is already cached, don't cache it again */
2492 if (s->hit)
2493 return 0;
2494
2495 if ((cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0)
2496 return 0;
2497
2498 /* If we are lesser than TLS 1.3, Cache it. */
2499 if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
2500 return 1;
2501
2502 /* Below this we consider TLS 1.3 or later */
2503
2504 /* If it's not a server, add it? OpenSSL does this. */
2505 if (!s->server)
2506 return 1;
2507
2508 /* XXX if we support early data / PSK need to add */
2509
2510 /*
2511 * If we have the remove session callback, we will want
2512 * to know about this even if it's a stateless ticket
2513 * from 1.3 so we can know when it is removed.
2514 */
2515 if (s->session_ctx->remove_session_cb != NULL)
2516 return 1;
2517
2518 /* If we have set OP_NO_TICKET, cache it. */
2519 if ((s->options & SSL_OP_NO_TICKET) != 0)
2520 return 1;
2521
2522 /* Otherwise do not cache */
2523 return 0;
2524}
2525
2526void
2527ssl_update_cache(SSL *s, int mode)
2528{
2529 int cache_mode, do_callback;
2530
2531 if (s->session->session_id_length == 0)
2532 return;
2533
2534 cache_mode = s->session_ctx->session_cache_mode;
2535 do_callback = ssl_should_update_external_cache(s, mode);
2536
2537 if (ssl_should_update_internal_cache(s, mode)) {
2538 /*
2539 * XXX should we fail if the add to the internal cache
2540 * fails? OpenSSL doesn't care..
2541 */
2542 (void) SSL_CTX_add_session(s->session_ctx, s->session);
2543 }
2544
2545 /*
2546 * Update the "external cache" by calling the new session
2547 * callback if present, even with TLS 1.3 without early data
2548 * "because some application just want to know about the
2549 * creation of a session and aren't doing a full cache".
2550 * Apparently, if they are doing a full cache, they'll have
2551 * some fun, but we endeavour to give application writers the
2552 * same glorious experience they expect from OpenSSL which
2553 * does it this way.
2554 */
2555 if (do_callback && s->session_ctx->new_session_cb != NULL) {
2556 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2557 if (!s->session_ctx->new_session_cb(s, s->session))
2558 SSL_SESSION_free(s->session);
2559 }
2560
2561 /* Auto flush every 255 connections. */
2562 if (!(cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR) &&
2563 (cache_mode & mode) != 0) {
2564 int connections;
2565 if (mode & SSL_SESS_CACHE_CLIENT)
2566 connections = s->session_ctx->stats.sess_connect_good;
2567 else
2568 connections = s->session_ctx->stats.sess_accept_good;
2569 if ((connections & 0xff) == 0xff)
2570 SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
2571 }
2572}
2573
2574const SSL_METHOD *
2575SSL_get_ssl_method(SSL *s)
2576{
2577 return (s->method);
2578}
2579LSSL_ALIAS(SSL_get_ssl_method);
2580
2581int
2582SSL_set_ssl_method(SSL *s, const SSL_METHOD *method)
2583{
2584 int (*handshake_func)(SSL *) = NULL;
2585 int ret = 1;
2586
2587 if (s->method == method)
2588 return (ret);
2589
2590 if (s->handshake_func == s->method->ssl_connect)
2591 handshake_func = method->ssl_connect;
2592 else if (s->handshake_func == s->method->ssl_accept)
2593 handshake_func = method->ssl_accept;
2594
2595 if (s->method->version == method->version) {
2596 s->method = method;
2597 } else {
2598 s->method->ssl_free(s);
2599 s->method = method;
2600 ret = s->method->ssl_new(s);
2601 }
2602 s->handshake_func = handshake_func;
2603
2604 return (ret);
2605}
2606LSSL_ALIAS(SSL_set_ssl_method);
2607
2608int
2609SSL_get_error(const SSL *s, int i)
2610{
2611 unsigned long l;
2612 int reason;
2613 BIO *bio;
2614
2615 if (i > 0)
2616 return (SSL_ERROR_NONE);
2617
2618 /*
2619 * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2620 * etc, where we do encode the error.
2621 */
2622 if ((l = ERR_peek_error()) != 0) {
2623 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2624 return (SSL_ERROR_SYSCALL);
2625 else
2626 return (SSL_ERROR_SSL);
2627 }
2628
2629 if (SSL_want_read(s)) {
2630 bio = SSL_get_rbio(s);
2631 if (BIO_should_read(bio)) {
2632 return (SSL_ERROR_WANT_READ);
2633 } else if (BIO_should_write(bio)) {
2634 /*
2635 * This one doesn't make too much sense... We never
2636 * try to write to the rbio, and an application
2637 * program where rbio and wbio are separate couldn't
2638 * even know what it should wait for. However if we
2639 * ever set s->rwstate incorrectly (so that we have
2640 * SSL_want_read(s) instead of SSL_want_write(s))
2641 * and rbio and wbio *are* the same, this test works
2642 * around that bug; so it might be safer to keep it.
2643 */
2644 return (SSL_ERROR_WANT_WRITE);
2645 } else if (BIO_should_io_special(bio)) {
2646 reason = BIO_get_retry_reason(bio);
2647 if (reason == BIO_RR_CONNECT)
2648 return (SSL_ERROR_WANT_CONNECT);
2649 else if (reason == BIO_RR_ACCEPT)
2650 return (SSL_ERROR_WANT_ACCEPT);
2651 else
2652 return (SSL_ERROR_SYSCALL); /* unknown */
2653 }
2654 }
2655
2656 if (SSL_want_write(s)) {
2657 bio = SSL_get_wbio(s);
2658 if (BIO_should_write(bio)) {
2659 return (SSL_ERROR_WANT_WRITE);
2660 } else if (BIO_should_read(bio)) {
2661 /*
2662 * See above (SSL_want_read(s) with
2663 * BIO_should_write(bio))
2664 */
2665 return (SSL_ERROR_WANT_READ);
2666 } else if (BIO_should_io_special(bio)) {
2667 reason = BIO_get_retry_reason(bio);
2668 if (reason == BIO_RR_CONNECT)
2669 return (SSL_ERROR_WANT_CONNECT);
2670 else if (reason == BIO_RR_ACCEPT)
2671 return (SSL_ERROR_WANT_ACCEPT);
2672 else
2673 return (SSL_ERROR_SYSCALL);
2674 }
2675 }
2676
2677 if (SSL_want_x509_lookup(s))
2678 return (SSL_ERROR_WANT_X509_LOOKUP);
2679
2680 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2681 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2682 return (SSL_ERROR_ZERO_RETURN);
2683
2684 return (SSL_ERROR_SYSCALL);
2685}
2686LSSL_ALIAS(SSL_get_error);
2687
2688int
2689SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method)
2690{
2691 if (ctx->method->dtls)
2692 return 0;
2693
2694 ctx->quic_method = quic_method;
2695
2696 return 1;
2697}
2698LSSL_ALIAS(SSL_CTX_set_quic_method);
2699
2700int
2701SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method)
2702{
2703 if (ssl->method->dtls)
2704 return 0;
2705
2706 ssl->quic_method = quic_method;
2707
2708 return 1;
2709}
2710LSSL_ALIAS(SSL_set_quic_method);
2711
2712size_t
2713SSL_quic_max_handshake_flight_len(const SSL *ssl,
2714 enum ssl_encryption_level_t level)
2715{
2716 size_t flight_len;
2717
2718 /* Limit flights to 16K when there are no large certificate messages. */
2719 flight_len = 16384;
2720
2721 switch (level) {
2722 case ssl_encryption_initial:
2723 return flight_len;
2724
2725 case ssl_encryption_early_data:
2726 /* QUIC does not send EndOfEarlyData. */
2727 return 0;
2728
2729 case ssl_encryption_handshake:
2730 if (ssl->server) {
2731 /*
2732 * Servers may receive Certificate message if configured
2733 * to request client certificates.
2734 */
2735 if ((SSL_get_verify_mode(ssl) & SSL_VERIFY_PEER) != 0 &&
2736 ssl->max_cert_list > flight_len)
2737 flight_len = ssl->max_cert_list;
2738 } else {
2739 /*
2740 * Clients may receive both Certificate message and a
2741 * CertificateRequest message.
2742 */
2743 if (ssl->max_cert_list * 2 > flight_len)
2744 flight_len = ssl->max_cert_list * 2;
2745 }
2746 return flight_len;
2747 case ssl_encryption_application:
2748 /*
2749 * Note there is not actually a bound on the number of
2750 * NewSessionTickets one may send in a row. This level may need
2751 * more involved flow control.
2752 */
2753 return flight_len;
2754 }
2755
2756 return 0;
2757}
2758LSSL_ALIAS(SSL_quic_max_handshake_flight_len);
2759
2760enum ssl_encryption_level_t
2761SSL_quic_read_level(const SSL *ssl)
2762{
2763 return ssl->s3->hs.tls13.quic_read_level;
2764}
2765LSSL_ALIAS(SSL_quic_read_level);
2766
2767enum ssl_encryption_level_t
2768SSL_quic_write_level(const SSL *ssl)
2769{
2770 return ssl->s3->hs.tls13.quic_write_level;
2771}
2772LSSL_ALIAS(SSL_quic_write_level);
2773
2774int
2775SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
2776 const uint8_t *data, size_t len)
2777{
2778 if (!SSL_is_quic(ssl)) {
2779 SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2780 return 0;
2781 }
2782
2783 if (level != SSL_quic_read_level(ssl)) {
2784 SSLerror(ssl, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED);
2785 return 0;
2786 }
2787
2788 if (ssl->s3->hs.tls13.quic_read_buffer == NULL) {
2789 ssl->s3->hs.tls13.quic_read_buffer = tls_buffer_new(0);
2790 if (ssl->s3->hs.tls13.quic_read_buffer == NULL) {
2791 SSLerror(ssl, ERR_R_MALLOC_FAILURE);
2792 return 0;
2793 }
2794 }
2795
2796 /* XXX - note that this does not currently downsize. */
2797 tls_buffer_set_capacity_limit(ssl->s3->hs.tls13.quic_read_buffer,
2798 SSL_quic_max_handshake_flight_len(ssl, level));
2799
2800 /*
2801 * XXX - an append that fails due to exceeding capacity should set
2802 * SSL_R_EXCESSIVE_MESSAGE_SIZE.
2803 */
2804 return tls_buffer_append(ssl->s3->hs.tls13.quic_read_buffer, data, len);
2805}
2806LSSL_ALIAS(SSL_provide_quic_data);
2807
2808int
2809SSL_process_quic_post_handshake(SSL *ssl)
2810{
2811 /* XXX - this needs to run PHH received. */
2812 return 1;
2813}
2814LSSL_ALIAS(SSL_process_quic_post_handshake);
2815
2816int
2817SSL_do_handshake(SSL *s)
2818{
2819 if (s->handshake_func == NULL) {
2820 SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET);
2821 return (-1);
2822 }
2823
2824 s->method->ssl_renegotiate_check(s);
2825
2826 if (!SSL_in_init(s) && !SSL_in_before(s))
2827 return 1;
2828
2829 return s->handshake_func(s);
2830}
2831LSSL_ALIAS(SSL_do_handshake);
2832
2833/*
2834 * For the next 2 functions, SSL_clear() sets shutdown and so
2835 * one of these calls will reset it
2836 */
2837void
2838SSL_set_accept_state(SSL *s)
2839{
2840 s->server = 1;
2841 s->shutdown = 0;
2842 s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2843 s->handshake_func = s->method->ssl_accept;
2844 ssl_clear_cipher_state(s);
2845}
2846LSSL_ALIAS(SSL_set_accept_state);
2847
2848void
2849SSL_set_connect_state(SSL *s)
2850{
2851 s->server = 0;
2852 s->shutdown = 0;
2853 s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2854 s->handshake_func = s->method->ssl_connect;
2855 ssl_clear_cipher_state(s);
2856}
2857LSSL_ALIAS(SSL_set_connect_state);
2858
2859int
2860ssl_undefined_function(SSL *s)
2861{
2862 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2863 return (0);
2864}
2865
2866int
2867ssl_undefined_void_function(void)
2868{
2869 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2870 return (0);
2871}
2872
2873int
2874ssl_undefined_const_function(const SSL *s)
2875{
2876 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2877 return (0);
2878}
2879
2880const char *
2881ssl_version_string(int ver)
2882{
2883 switch (ver) {
2884 case TLS1_VERSION:
2885 return (SSL_TXT_TLSV1);
2886 case TLS1_1_VERSION:
2887 return (SSL_TXT_TLSV1_1);
2888 case TLS1_2_VERSION:
2889 return (SSL_TXT_TLSV1_2);
2890 case TLS1_3_VERSION:
2891 return (SSL_TXT_TLSV1_3);
2892 case DTLS1_VERSION:
2893 return (SSL_TXT_DTLS1);
2894 case DTLS1_2_VERSION:
2895 return (SSL_TXT_DTLS1_2);
2896 default:
2897 return ("unknown");
2898 }
2899}
2900
2901const char *
2902SSL_get_version(const SSL *s)
2903{
2904 return ssl_version_string(s->version);
2905}
2906LSSL_ALIAS(SSL_get_version);
2907
2908SSL *
2909SSL_dup(SSL *s)
2910{
2911 STACK_OF(X509_NAME) *sk;
2912 X509_NAME *xn;
2913 SSL *ret;
2914 int i;
2915
2916 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2917 goto err;
2918
2919 ret->version = s->version;
2920 ret->method = s->method;
2921
2922 if (s->session != NULL) {
2923 if (!SSL_copy_session_id(ret, s))
2924 goto err;
2925 } else {
2926 /*
2927 * No session has been established yet, so we have to expect
2928 * that s->cert or ret->cert will be changed later --
2929 * they should not both point to the same object,
2930 * and thus we can't use SSL_copy_session_id.
2931 */
2932
2933 ret->method->ssl_free(ret);
2934 ret->method = s->method;
2935 ret->method->ssl_new(ret);
2936
2937 ssl_cert_free(ret->cert);
2938 if ((ret->cert = ssl_cert_dup(s->cert)) == NULL)
2939 goto err;
2940
2941 if (!SSL_set_session_id_context(ret, s->sid_ctx,
2942 s->sid_ctx_length))
2943 goto err;
2944 }
2945
2946 ret->options = s->options;
2947 ret->mode = s->mode;
2948 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
2949 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
2950 ret->msg_callback = s->msg_callback;
2951 ret->msg_callback_arg = s->msg_callback_arg;
2952 SSL_set_verify(ret, SSL_get_verify_mode(s),
2953 SSL_get_verify_callback(s));
2954 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
2955 ret->generate_session_id = s->generate_session_id;
2956
2957 SSL_set_info_callback(ret, SSL_get_info_callback(s));
2958
2959 /* copy app data, a little dangerous perhaps */
2960 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
2961 &ret->ex_data, &s->ex_data))
2962 goto err;
2963
2964 /* setup rbio, and wbio */
2965 if (s->rbio != NULL) {
2966 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2967 goto err;
2968 }
2969 if (s->wbio != NULL) {
2970 if (s->wbio != s->rbio) {
2971 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2972 goto err;
2973 } else
2974 ret->wbio = ret->rbio;
2975 }
2976 ret->rwstate = s->rwstate;
2977 ret->in_handshake = s->in_handshake;
2978 ret->handshake_func = s->handshake_func;
2979 ret->server = s->server;
2980 ret->renegotiate = s->renegotiate;
2981 ret->new_session = s->new_session;
2982 ret->quiet_shutdown = s->quiet_shutdown;
2983 ret->shutdown = s->shutdown;
2984 /* SSL_dup does not really work at any state, though */
2985 ret->s3->hs.state = s->s3->hs.state;
2986 ret->rstate = s->rstate;
2987
2988 /*
2989 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
2990 * ret->init_off
2991 */
2992 ret->init_num = 0;
2993
2994 ret->hit = s->hit;
2995
2996 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2997
2998 if (s->cipher_list != NULL) {
2999 if ((ret->cipher_list =
3000 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
3001 goto err;
3002 }
3003 if (s->cipher_list_tls13 != NULL) {
3004 if ((ret->cipher_list_tls13 =
3005 sk_SSL_CIPHER_dup(s->cipher_list_tls13)) == NULL)
3006 goto err;
3007 }
3008
3009 /* Dup the client_CA list */
3010 if (s->client_CA != NULL) {
3011 if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
3012 ret->client_CA = sk;
3013 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
3014 xn = sk_X509_NAME_value(sk, i);
3015 if (sk_X509_NAME_set(sk, i,
3016 X509_NAME_dup(xn)) == NULL) {
3017 X509_NAME_free(xn);
3018 goto err;
3019 }
3020 }
3021 }
3022
3023 return ret;
3024 err:
3025 SSL_free(ret);
3026 return NULL;
3027}
3028LSSL_ALIAS(SSL_dup);
3029
3030void
3031ssl_clear_cipher_state(SSL *s)
3032{
3033 tls12_record_layer_clear_read_state(s->rl);
3034 tls12_record_layer_clear_write_state(s->rl);
3035}
3036
3037void
3038ssl_info_callback(const SSL *s, int type, int value)
3039{
3040 ssl_info_callback_fn *cb;
3041
3042 if ((cb = s->info_callback) == NULL)
3043 cb = s->ctx->info_callback;
3044 if (cb != NULL)
3045 cb(s, type, value);
3046}
3047
3048void
3049ssl_msg_callback(SSL *s, int is_write, int content_type,
3050 const void *msg_buf, size_t msg_len)
3051{
3052 if (s->msg_callback == NULL)
3053 return;
3054
3055 s->msg_callback(is_write, s->version, content_type,
3056 msg_buf, msg_len, s, s->msg_callback_arg);
3057}
3058
3059void
3060ssl_msg_callback_cbs(SSL *s, int is_write, int content_type, CBS *cbs)
3061{
3062 ssl_msg_callback(s, is_write, content_type, CBS_data(cbs), CBS_len(cbs));
3063}
3064
3065/* Fix this function so that it takes an optional type parameter */
3066X509 *
3067SSL_get_certificate(const SSL *s)
3068{
3069 return (s->cert->key->x509);
3070}
3071LSSL_ALIAS(SSL_get_certificate);
3072
3073/* Fix this function so that it takes an optional type parameter */
3074EVP_PKEY *
3075SSL_get_privatekey(const SSL *s)
3076{
3077 return (s->cert->key->privatekey);
3078}
3079LSSL_ALIAS(SSL_get_privatekey);
3080
3081const SSL_CIPHER *
3082SSL_get_current_cipher(const SSL *s)
3083{
3084 return s->s3->hs.cipher;
3085}
3086LSSL_ALIAS(SSL_get_current_cipher);
3087
3088const void *
3089SSL_get_current_compression(SSL *s)
3090{
3091 return (NULL);
3092}
3093LSSL_ALIAS(SSL_get_current_compression);
3094
3095const void *
3096SSL_get_current_expansion(SSL *s)
3097{
3098 return (NULL);
3099}
3100LSSL_ALIAS(SSL_get_current_expansion);
3101
3102size_t
3103SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out)
3104{
3105 size_t len = sizeof(s->s3->client_random);
3106
3107 if (out == NULL)
3108 return len;
3109
3110 if (len > max_out)
3111 len = max_out;
3112
3113 memcpy(out, s->s3->client_random, len);
3114
3115 return len;
3116}
3117LSSL_ALIAS(SSL_get_client_random);
3118
3119size_t
3120SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out)
3121{
3122 size_t len = sizeof(s->s3->server_random);
3123
3124 if (out == NULL)
3125 return len;
3126
3127 if (len > max_out)
3128 len = max_out;
3129
3130 memcpy(out, s->s3->server_random, len);
3131
3132 return len;
3133}
3134LSSL_ALIAS(SSL_get_server_random);
3135
3136int
3137ssl_init_wbio_buffer(SSL *s, int push)
3138{
3139 BIO *bbio;
3140
3141 if (s->bbio == NULL) {
3142 bbio = BIO_new(BIO_f_buffer());
3143 if (bbio == NULL)
3144 return (0);
3145 s->bbio = bbio;
3146 } else {
3147 bbio = s->bbio;
3148 if (s->bbio == s->wbio)
3149 s->wbio = BIO_pop(s->wbio);
3150 }
3151 (void)BIO_reset(bbio);
3152/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
3153 if (!BIO_set_read_buffer_size(bbio, 1)) {
3154 SSLerror(s, ERR_R_BUF_LIB);
3155 return (0);
3156 }
3157 if (push) {
3158 if (s->wbio != bbio)
3159 s->wbio = BIO_push(bbio, s->wbio);
3160 } else {
3161 if (s->wbio == bbio)
3162 s->wbio = BIO_pop(bbio);
3163 }
3164 return (1);
3165}
3166
3167void
3168ssl_free_wbio_buffer(SSL *s)
3169{
3170 if (s == NULL)
3171 return;
3172
3173 if (s->bbio == NULL)
3174 return;
3175
3176 if (s->bbio == s->wbio) {
3177 /* remove buffering */
3178 s->wbio = BIO_pop(s->wbio);
3179 }
3180 BIO_free(s->bbio);
3181 s->bbio = NULL;
3182}
3183
3184void
3185SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
3186{
3187 ctx->quiet_shutdown = mode;
3188}
3189LSSL_ALIAS(SSL_CTX_set_quiet_shutdown);
3190
3191int
3192SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
3193{
3194 return (ctx->quiet_shutdown);
3195}
3196LSSL_ALIAS(SSL_CTX_get_quiet_shutdown);
3197
3198void
3199SSL_set_quiet_shutdown(SSL *s, int mode)
3200{
3201 s->quiet_shutdown = mode;
3202}
3203LSSL_ALIAS(SSL_set_quiet_shutdown);
3204
3205int
3206SSL_get_quiet_shutdown(const SSL *s)
3207{
3208 return (s->quiet_shutdown);
3209}
3210LSSL_ALIAS(SSL_get_quiet_shutdown);
3211
3212void
3213SSL_set_shutdown(SSL *s, int mode)
3214{
3215 s->shutdown = mode;
3216}
3217LSSL_ALIAS(SSL_set_shutdown);
3218
3219int
3220SSL_get_shutdown(const SSL *s)
3221{
3222 return (s->shutdown);
3223}
3224LSSL_ALIAS(SSL_get_shutdown);
3225
3226int
3227SSL_version(const SSL *s)
3228{
3229 return (s->version);
3230}
3231LSSL_ALIAS(SSL_version);
3232
3233SSL_CTX *
3234SSL_get_SSL_CTX(const SSL *ssl)
3235{
3236 return (ssl->ctx);
3237}
3238LSSL_ALIAS(SSL_get_SSL_CTX);
3239
3240SSL_CTX *
3241SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
3242{
3243 SSL_CERT *new_cert;
3244
3245 if (ctx == NULL)
3246 ctx = ssl->initial_ctx;
3247 if (ssl->ctx == ctx)
3248 return (ssl->ctx);
3249
3250 if ((new_cert = ssl_cert_dup(ctx->cert)) == NULL)
3251 return NULL;
3252 ssl_cert_free(ssl->cert);
3253 ssl->cert = new_cert;
3254
3255 SSL_CTX_up_ref(ctx);
3256 SSL_CTX_free(ssl->ctx); /* decrement reference count */
3257 ssl->ctx = ctx;
3258
3259 return (ssl->ctx);
3260}
3261LSSL_ALIAS(SSL_set_SSL_CTX);
3262
3263int
3264SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
3265{
3266 return (X509_STORE_set_default_paths(ctx->cert_store));
3267}
3268LSSL_ALIAS(SSL_CTX_set_default_verify_paths);
3269
3270int
3271SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
3272 const char *CApath)
3273{
3274 return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
3275}
3276LSSL_ALIAS(SSL_CTX_load_verify_locations);
3277
3278int
3279SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len)
3280{
3281 return (X509_STORE_load_mem(ctx->cert_store, buf, len));
3282}
3283LSSL_ALIAS(SSL_CTX_load_verify_mem);
3284
3285void
3286SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
3287{
3288 ssl->info_callback = cb;
3289}
3290LSSL_ALIAS(SSL_set_info_callback);
3291
3292void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
3293{
3294 return (ssl->info_callback);
3295}
3296LSSL_ALIAS(SSL_get_info_callback);
3297
3298int
3299SSL_state(const SSL *ssl)
3300{
3301 return (ssl->s3->hs.state);
3302}
3303LSSL_ALIAS(SSL_state);
3304
3305void
3306SSL_set_state(SSL *ssl, int state)
3307{
3308 ssl->s3->hs.state = state;
3309}
3310LSSL_ALIAS(SSL_set_state);
3311
3312void
3313SSL_set_verify_result(SSL *ssl, long arg)
3314{
3315 ssl->verify_result = arg;
3316}
3317LSSL_ALIAS(SSL_set_verify_result);
3318
3319long
3320SSL_get_verify_result(const SSL *ssl)
3321{
3322 return (ssl->verify_result);
3323}
3324LSSL_ALIAS(SSL_get_verify_result);
3325
3326int
3327SSL_verify_client_post_handshake(SSL *ssl)
3328{
3329 return 0;
3330}
3331LSSL_ALIAS(SSL_verify_client_post_handshake);
3332
3333void
3334SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
3335{
3336 return;
3337}
3338LSSL_ALIAS(SSL_CTX_set_post_handshake_auth);
3339
3340void
3341SSL_set_post_handshake_auth(SSL *ssl, int val)
3342{
3343 return;
3344}
3345LSSL_ALIAS(SSL_set_post_handshake_auth);
3346
3347int
3348SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
3349 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
3350{
3351 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
3352 new_func, dup_func, free_func));
3353}
3354LSSL_ALIAS(SSL_get_ex_new_index);
3355
3356int
3357SSL_set_ex_data(SSL *s, int idx, void *arg)
3358{
3359 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3360}
3361LSSL_ALIAS(SSL_set_ex_data);
3362
3363void *
3364SSL_get_ex_data(const SSL *s, int idx)
3365{
3366 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3367}
3368LSSL_ALIAS(SSL_get_ex_data);
3369
3370int
3371SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
3372 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
3373{
3374 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
3375 new_func, dup_func, free_func));
3376}
3377LSSL_ALIAS(SSL_CTX_get_ex_new_index);
3378
3379int
3380SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
3381{
3382 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3383}
3384LSSL_ALIAS(SSL_CTX_set_ex_data);
3385
3386void *
3387SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
3388{
3389 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3390}
3391LSSL_ALIAS(SSL_CTX_get_ex_data);
3392
3393int
3394ssl_ok(SSL *s)
3395{
3396 return (1);
3397}
3398
3399X509_STORE *
3400SSL_CTX_get_cert_store(const SSL_CTX *ctx)
3401{
3402 return (ctx->cert_store);
3403}
3404LSSL_ALIAS(SSL_CTX_get_cert_store);
3405
3406void
3407SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
3408{
3409 X509_STORE_free(ctx->cert_store);
3410 ctx->cert_store = store;
3411}
3412LSSL_ALIAS(SSL_CTX_set_cert_store);
3413
3414void
3415SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
3416{
3417 if (store != NULL)
3418 X509_STORE_up_ref(store);
3419
3420 SSL_CTX_set_cert_store(ctx, store);
3421}
3422LSSL_ALIAS(SSL_CTX_set1_cert_store);
3423
3424X509 *
3425SSL_CTX_get0_certificate(const SSL_CTX *ctx)
3426{
3427 if (ctx->cert == NULL)
3428 return NULL;
3429
3430 return ctx->cert->key->x509;
3431}
3432LSSL_ALIAS(SSL_CTX_get0_certificate);
3433
3434EVP_PKEY *
3435SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
3436{
3437 if (ctx->cert == NULL)
3438 return NULL;
3439
3440 return ctx->cert->key->privatekey;
3441}
3442LSSL_ALIAS(SSL_CTX_get0_privatekey);
3443
3444int
3445SSL_want(const SSL *s)
3446{
3447 return (s->rwstate);
3448}
3449LSSL_ALIAS(SSL_want);
3450
3451void
3452SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export,
3453 int keylength))
3454{
3455 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3456}
3457LSSL_ALIAS(SSL_CTX_set_tmp_rsa_callback);
3458
3459void
3460SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
3461 int keylength))
3462{
3463 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3464}
3465LSSL_ALIAS(SSL_set_tmp_rsa_callback);
3466
3467void
3468SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export,
3469 int keylength))
3470{
3471 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3472}
3473LSSL_ALIAS(SSL_CTX_set_tmp_dh_callback);
3474
3475void
3476SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
3477 int keylength))
3478{
3479 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3480}
3481LSSL_ALIAS(SSL_set_tmp_dh_callback);
3482
3483void
3484SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,
3485 int is_export, int keylength))
3486{
3487 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
3488 (void (*)(void))ecdh);
3489}
3490LSSL_ALIAS(SSL_CTX_set_tmp_ecdh_callback);
3491
3492void
3493SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
3494 int keylength))
3495{
3496 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3497}
3498LSSL_ALIAS(SSL_set_tmp_ecdh_callback);
3499
3500
3501void
3502SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version,
3503 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3504{
3505 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK,
3506 (void (*)(void))cb);
3507}
3508LSSL_ALIAS(SSL_CTX_set_msg_callback);
3509
3510void
3511SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
3512 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3513{
3514 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3515}
3516LSSL_ALIAS(SSL_set_msg_callback);
3517
3518int
3519SSL_cache_hit(SSL *s)
3520{
3521 return (s->hit);
3522}
3523LSSL_ALIAS(SSL_cache_hit);
3524
3525int
3526SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
3527{
3528 return ctx->min_proto_version;
3529}
3530LSSL_ALIAS(SSL_CTX_get_min_proto_version);
3531
3532int
3533SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version)
3534{
3535 return ssl_version_set_min(ctx->method, version,
3536 ctx->max_tls_version, &ctx->min_tls_version,
3537 &ctx->min_proto_version);
3538}
3539LSSL_ALIAS(SSL_CTX_set_min_proto_version);
3540
3541int
3542SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
3543{
3544 return ctx->max_proto_version;
3545}
3546LSSL_ALIAS(SSL_CTX_get_max_proto_version);
3547
3548int
3549SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version)
3550{
3551 return ssl_version_set_max(ctx->method, version,
3552 ctx->min_tls_version, &ctx->max_tls_version,
3553 &ctx->max_proto_version);
3554}
3555LSSL_ALIAS(SSL_CTX_set_max_proto_version);
3556
3557int
3558SSL_get_min_proto_version(SSL *ssl)
3559{
3560 return ssl->min_proto_version;
3561}
3562LSSL_ALIAS(SSL_get_min_proto_version);
3563
3564int
3565SSL_set_min_proto_version(SSL *ssl, uint16_t version)
3566{
3567 return ssl_version_set_min(ssl->method, version,
3568 ssl->max_tls_version, &ssl->min_tls_version,
3569 &ssl->min_proto_version);
3570}
3571LSSL_ALIAS(SSL_set_min_proto_version);
3572int
3573SSL_get_max_proto_version(SSL *ssl)
3574{
3575 return ssl->max_proto_version;
3576}
3577LSSL_ALIAS(SSL_get_max_proto_version);
3578
3579int
3580SSL_set_max_proto_version(SSL *ssl, uint16_t version)
3581{
3582 return ssl_version_set_max(ssl->method, version,
3583 ssl->min_tls_version, &ssl->max_tls_version,
3584 &ssl->max_proto_version);
3585}
3586LSSL_ALIAS(SSL_set_max_proto_version);
3587
3588const SSL_METHOD *
3589SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
3590{
3591 return ctx->method;
3592}
3593LSSL_ALIAS(SSL_CTX_get_ssl_method);
3594
3595int
3596SSL_CTX_get_security_level(const SSL_CTX *ctx)
3597{
3598 return ctx->cert->security_level;
3599}
3600LSSL_ALIAS(SSL_CTX_get_security_level);
3601
3602void
3603SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
3604{
3605 ctx->cert->security_level = level;
3606}
3607LSSL_ALIAS(SSL_CTX_set_security_level);
3608
3609int
3610SSL_get_security_level(const SSL *ssl)
3611{
3612 return ssl->cert->security_level;
3613}
3614LSSL_ALIAS(SSL_get_security_level);
3615
3616void
3617SSL_set_security_level(SSL *ssl, int level)
3618{
3619 ssl->cert->security_level = level;
3620}
3621LSSL_ALIAS(SSL_set_security_level);
3622
3623int
3624SSL_is_quic(const SSL *ssl)
3625{
3626 return ssl->quic_method != NULL;
3627}
3628LSSL_ALIAS(SSL_is_quic);
3629
3630int
3631SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
3632 size_t params_len)
3633{
3634 freezero(ssl->quic_transport_params,
3635 ssl->quic_transport_params_len);
3636 ssl->quic_transport_params = NULL;
3637 ssl->quic_transport_params_len = 0;
3638
3639 if ((ssl->quic_transport_params = malloc(params_len)) == NULL)
3640 return 0;
3641
3642 memcpy(ssl->quic_transport_params, params, params_len);
3643 ssl->quic_transport_params_len = params_len;
3644
3645 return 1;
3646}
3647LSSL_ALIAS(SSL_set_quic_transport_params);
3648
3649void
3650SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params,
3651 size_t *out_params_len)
3652{
3653 *out_params = ssl->s3->peer_quic_transport_params;
3654 *out_params_len = ssl->s3->peer_quic_transport_params_len;
3655}
3656LSSL_ALIAS(SSL_get_peer_quic_transport_params);
3657
3658void
3659SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy)
3660{
3661 /* Not supported. */
3662}
3663LSSL_ALIAS(SSL_set_quic_use_legacy_codepoint);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 22:40:55 +0000