summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c3125
1 files changed, 0 insertions, 3125 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index 629ad03554..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,3125 +0,0 @@
1/* $OpenBSD: ssl_lib.c,v 1.105 2015/07/19 20:32:18 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#include <stdio.h>
144
145#include "ssl_locl.h"
146
147#include <openssl/bn.h>
148#include <openssl/dh.h>
149#include <openssl/lhash.h>
150#include <openssl/objects.h>
151#include <openssl/ocsp.h>
152#include <openssl/x509v3.h>
153
154#ifndef OPENSSL_NO_ENGINE
155#include <openssl/engine.h>
156#endif
157
158#include "bytestring.h"
159
160const char *SSL_version_str = OPENSSL_VERSION_TEXT;
161
162SSL3_ENC_METHOD ssl3_undef_enc_method = {
163 /*
164 * Evil casts, but these functions are only called if there's a
165 * library bug.
166 */
167 .enc = (int (*)(SSL *, int))ssl_undefined_function,
168 .mac = (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
169 .setup_key_block = ssl_undefined_function,
170 .generate_master_secret = (int (*)(SSL *, unsigned char *,
171 unsigned char *, int))ssl_undefined_function,
172 .change_cipher_state = (int (*)(SSL*, int))ssl_undefined_function,
173 .final_finish_mac = (int (*)(SSL *, const char*, int,
174 unsigned char *))ssl_undefined_function,
175 .finish_mac_length = 0,
176 .cert_verify_mac = (int (*)(SSL *, int,
177 unsigned char *))ssl_undefined_function,
178 .client_finished_label = NULL,
179 .client_finished_label_len = 0,
180 .server_finished_label = NULL,
181 .server_finished_label_len = 0,
182 .alert_value = (int (*)(int))ssl_undefined_function,
183 .export_keying_material = (int (*)(SSL *, unsigned char *, size_t,
184 const char *, size_t, const unsigned char *, size_t,
185 int use_context))ssl_undefined_function,
186 .enc_flags = 0,
187};
188
189int
190SSL_clear(SSL *s)
191{
192 if (s->method == NULL) {
193 SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
194 return (0);
195 }
196
197 if (ssl_clear_bad_session(s)) {
198 SSL_SESSION_free(s->session);
199 s->session = NULL;
200 }
201
202 s->error = 0;
203 s->hit = 0;
204 s->shutdown = 0;
205
206 if (s->renegotiate) {
207 SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
208 return (0);
209 }
210
211 s->type = 0;
212
213 s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
214
215 s->version = s->method->version;
216 s->client_version = s->version;
217 s->rwstate = SSL_NOTHING;
218 s->rstate = SSL_ST_READ_HEADER;
219
220 BUF_MEM_free(s->init_buf);
221 s->init_buf = NULL;
222
223 ssl_clear_cipher_ctx(s);
224 ssl_clear_hash_ctx(&s->read_hash);
225 ssl_clear_hash_ctx(&s->write_hash);
226
227 s->first_packet = 0;
228
229 /*
230 * Check to see if we were changed into a different method, if
231 * so, revert back if we are not doing session-id reuse.
232 */
233 if (!s->in_handshake && (s->session == NULL) &&
234 (s->method != s->ctx->method)) {
235 s->method->ssl_free(s);
236 s->method = s->ctx->method;
237 if (!s->method->ssl_new(s))
238 return (0);
239 } else
240 s->method->ssl_clear(s);
241
242 return (1);
243}
244
245/* Used to change an SSL_CTXs default SSL method type */
246int
247SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
248{
249 STACK_OF(SSL_CIPHER) *sk;
250
251 ctx->method = meth;
252
253 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
254 &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
255 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
256 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
257 SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
258 return (0);
259 }
260 return (1);
261}
262
263SSL *
264SSL_new(SSL_CTX *ctx)
265{
266 SSL *s;
267
268 if (ctx == NULL) {
269 SSLerr(SSL_F_SSL_NEW,
270 SSL_R_NULL_SSL_CTX);
271 return (NULL);
272 }
273 if (ctx->method == NULL) {
274 SSLerr(SSL_F_SSL_NEW,
275 SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
276 return (NULL);
277 }
278
279 s = calloc(1, sizeof(SSL));
280 if (s == NULL)
281 goto err;
282
283
284 s->options = ctx->options;
285 s->mode = ctx->mode;
286 s->max_cert_list = ctx->max_cert_list;
287
288 if (ctx->cert != NULL) {
289 /*
290 * Earlier library versions used to copy the pointer to
291 * the CERT, not its contents; only when setting new
292 * parameters for the per-SSL copy, ssl_cert_new would be
293 * called (and the direct reference to the per-SSL_CTX
294 * settings would be lost, but those still were indirectly
295 * accessed for various purposes, and for that reason they
296 * used to be known as s->ctx->default_cert).
297 * Now we don't look at the SSL_CTX's CERT after having
298 * duplicated it once.
299 */
300 s->cert = ssl_cert_dup(ctx->cert);
301 if (s->cert == NULL)
302 goto err;
303 } else
304 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
305
306 s->read_ahead = ctx->read_ahead;
307 s->msg_callback = ctx->msg_callback;
308 s->msg_callback_arg = ctx->msg_callback_arg;
309 s->verify_mode = ctx->verify_mode;
310 s->sid_ctx_length = ctx->sid_ctx_length;
311 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
312 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
313 s->verify_callback = ctx->default_verify_callback;
314 s->generate_session_id = ctx->generate_session_id;
315
316 s->param = X509_VERIFY_PARAM_new();
317 if (!s->param)
318 goto err;
319 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
320 s->quiet_shutdown = ctx->quiet_shutdown;
321 s->max_send_fragment = ctx->max_send_fragment;
322
323 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
324 s->ctx = ctx;
325 s->tlsext_debug_cb = 0;
326 s->tlsext_debug_arg = NULL;
327 s->tlsext_ticket_expected = 0;
328 s->tlsext_status_type = -1;
329 s->tlsext_status_expected = 0;
330 s->tlsext_ocsp_ids = NULL;
331 s->tlsext_ocsp_exts = NULL;
332 s->tlsext_ocsp_resp = NULL;
333 s->tlsext_ocsp_resplen = -1;
334 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
335 s->initial_ctx = ctx;
336 s->next_proto_negotiated = NULL;
337
338 if (s->ctx->alpn_client_proto_list != NULL) {
339 s->alpn_client_proto_list =
340 malloc(s->ctx->alpn_client_proto_list_len);
341 if (s->alpn_client_proto_list == NULL)
342 goto err;
343 memcpy(s->alpn_client_proto_list,
344 s->ctx->alpn_client_proto_list,
345 s->ctx->alpn_client_proto_list_len);
346 s->alpn_client_proto_list_len =
347 s->ctx->alpn_client_proto_list_len;
348 }
349
350 s->verify_result = X509_V_OK;
351
352 s->method = ctx->method;
353
354 if (!s->method->ssl_new(s))
355 goto err;
356
357 s->references = 1;
358 s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
359
360 SSL_clear(s);
361
362 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
363
364
365 return (s);
366err:
367 if (s != NULL) {
368 if (s->cert != NULL)
369 ssl_cert_free(s->cert);
370 SSL_CTX_free(s->ctx); /* decrement reference count */
371 free(s);
372 }
373 SSLerr(SSL_F_SSL_NEW,
374 ERR_R_MALLOC_FAILURE);
375 return (NULL);
376}
377
378int
379SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
380 unsigned int sid_ctx_len)
381{
382 if (sid_ctx_len > sizeof ctx->sid_ctx) {
383 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
384 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
385 return (0);
386 }
387 ctx->sid_ctx_length = sid_ctx_len;
388 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
389
390 return (1);
391}
392
393int
394SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
395 unsigned int sid_ctx_len)
396{
397 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
398 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
399 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
400 return (0);
401 }
402 ssl->sid_ctx_length = sid_ctx_len;
403 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
404
405 return (1);
406}
407
408int
409SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
410{
411 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
412 ctx->generate_session_id = cb;
413 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
414 return (1);
415}
416
417int
418SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
419{
420 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
421 ssl->generate_session_id = cb;
422 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
423 return (1);
424}
425
426int
427SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
428 unsigned int id_len)
429{
430 /*
431 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
432 * shows how we can "construct" a session to give us the desired
433 * check - ie. to find if there's a session in the hash table
434 * that would conflict with any new session built out of this
435 * id/id_len and the ssl_version in use by this SSL.
436 */
437 SSL_SESSION r, *p;
438
439 if (id_len > sizeof r.session_id)
440 return (0);
441
442 r.ssl_version = ssl->version;
443 r.session_id_length = id_len;
444 memcpy(r.session_id, id, id_len);
445
446 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
447 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
448 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
449 return (p != NULL);
450}
451
452int
453SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
454{
455 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
456}
457
458int
459SSL_set_purpose(SSL *s, int purpose)
460{
461 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
462}
463
464int
465SSL_CTX_set_trust(SSL_CTX *s, int trust)
466{
467 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
468}
469
470int
471SSL_set_trust(SSL *s, int trust)
472{
473 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
474}
475
476int
477SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
478{
479 return (X509_VERIFY_PARAM_set1(ctx->param, vpm));
480}
481
482int
483SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
484{
485 return (X509_VERIFY_PARAM_set1(ssl->param, vpm));
486}
487
488void
489SSL_free(SSL *s)
490{
491 int i;
492
493 if (s == NULL)
494 return;
495
496 i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
497 if (i > 0)
498 return;
499
500 if (s->param)
501 X509_VERIFY_PARAM_free(s->param);
502
503 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
504
505 if (s->bbio != NULL) {
506 /* If the buffering BIO is in place, pop it off */
507 if (s->bbio == s->wbio) {
508 s->wbio = BIO_pop(s->wbio);
509 }
510 BIO_free(s->bbio);
511 s->bbio = NULL;
512 }
513 if (s->rbio != NULL)
514 BIO_free_all(s->rbio);
515 if ((s->wbio != NULL) && (s->wbio != s->rbio))
516 BIO_free_all(s->wbio);
517
518 if (s->init_buf != NULL)
519 BUF_MEM_free(s->init_buf);
520
521 /* add extra stuff */
522 if (s->cipher_list != NULL)
523 sk_SSL_CIPHER_free(s->cipher_list);
524 if (s->cipher_list_by_id != NULL)
525 sk_SSL_CIPHER_free(s->cipher_list_by_id);
526
527 /* Make the next call work :-) */
528 if (s->session != NULL) {
529 ssl_clear_bad_session(s);
530 SSL_SESSION_free(s->session);
531 }
532
533 ssl_clear_cipher_ctx(s);
534 ssl_clear_hash_ctx(&s->read_hash);
535 ssl_clear_hash_ctx(&s->write_hash);
536
537 if (s->cert != NULL)
538 ssl_cert_free(s->cert);
539 /* Free up if allocated */
540
541 free(s->tlsext_hostname);
542 SSL_CTX_free(s->initial_ctx);
543 free(s->tlsext_ecpointformatlist);
544 free(s->tlsext_ellipticcurvelist);
545 if (s->tlsext_ocsp_exts)
546 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
547 X509_EXTENSION_free);
548 if (s->tlsext_ocsp_ids)
549 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
550 free(s->tlsext_ocsp_resp);
551
552 if (s->client_CA != NULL)
553 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
554
555 if (s->method != NULL)
556 s->method->ssl_free(s);
557
558 SSL_CTX_free(s->ctx);
559
560
561 free(s->next_proto_negotiated);
562 free(s->alpn_client_proto_list);
563
564#ifndef OPENSSL_NO_SRTP
565 if (s->srtp_profiles)
566 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
567#endif
568
569 free(s);
570}
571
572void
573SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
574{
575 /* If the output buffering BIO is still in place, remove it */
576 if (s->bbio != NULL) {
577 if (s->wbio == s->bbio) {
578 s->wbio = s->wbio->next_bio;
579 s->bbio->next_bio = NULL;
580 }
581 }
582 if ((s->rbio != NULL) && (s->rbio != rbio))
583 BIO_free_all(s->rbio);
584 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
585 BIO_free_all(s->wbio);
586 s->rbio = rbio;
587 s->wbio = wbio;
588}
589
590BIO *
591SSL_get_rbio(const SSL *s)
592{
593 return (s->rbio);
594}
595
596BIO *
597SSL_get_wbio(const SSL *s)
598{
599 return (s->wbio);
600}
601
602int
603SSL_get_fd(const SSL *s)
604{
605 return (SSL_get_rfd(s));
606}
607
608int
609SSL_get_rfd(const SSL *s)
610{
611 int ret = -1;
612 BIO *b, *r;
613
614 b = SSL_get_rbio(s);
615 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
616 if (r != NULL)
617 BIO_get_fd(r, &ret);
618 return (ret);
619}
620
621int
622SSL_get_wfd(const SSL *s)
623{
624 int ret = -1;
625 BIO *b, *r;
626
627 b = SSL_get_wbio(s);
628 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
629 if (r != NULL)
630 BIO_get_fd(r, &ret);
631 return (ret);
632}
633
634int
635SSL_set_fd(SSL *s, int fd)
636{
637 int ret = 0;
638 BIO *bio = NULL;
639
640 bio = BIO_new(BIO_s_socket());
641
642 if (bio == NULL) {
643 SSLerr(SSL_F_SSL_SET_FD,
644 ERR_R_BUF_LIB);
645 goto err;
646 }
647 BIO_set_fd(bio, fd, BIO_NOCLOSE);
648 SSL_set_bio(s, bio, bio);
649 ret = 1;
650err:
651 return (ret);
652}
653
654int
655SSL_set_wfd(SSL *s, int fd)
656{
657 int ret = 0;
658 BIO *bio = NULL;
659
660 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
661 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
662 bio = BIO_new(BIO_s_socket());
663
664 if (bio == NULL) {
665 SSLerr(SSL_F_SSL_SET_WFD,
666 ERR_R_BUF_LIB);
667 goto err;
668 }
669 BIO_set_fd(bio, fd, BIO_NOCLOSE);
670 SSL_set_bio(s, SSL_get_rbio(s), bio);
671 } else
672 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
673 ret = 1;
674err:
675 return (ret);
676}
677
678int
679SSL_set_rfd(SSL *s, int fd)
680{
681 int ret = 0;
682 BIO *bio = NULL;
683
684 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
685 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
686 bio = BIO_new(BIO_s_socket());
687
688 if (bio == NULL) {
689 SSLerr(SSL_F_SSL_SET_RFD,
690 ERR_R_BUF_LIB);
691 goto err;
692 }
693 BIO_set_fd(bio, fd, BIO_NOCLOSE);
694 SSL_set_bio(s, bio, SSL_get_wbio(s));
695 } else
696 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
697 ret = 1;
698err:
699 return (ret);
700}
701
702
703/* return length of latest Finished message we sent, copy to 'buf' */
704size_t
705SSL_get_finished(const SSL *s, void *buf, size_t count)
706{
707 size_t ret = 0;
708
709 if (s->s3 != NULL) {
710 ret = s->s3->tmp.finish_md_len;
711 if (count > ret)
712 count = ret;
713 memcpy(buf, s->s3->tmp.finish_md, count);
714 }
715 return (ret);
716}
717
718/* return length of latest Finished message we expected, copy to 'buf' */
719size_t
720SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
721{
722 size_t ret = 0;
723
724 if (s->s3 != NULL) {
725 ret = s->s3->tmp.peer_finish_md_len;
726 if (count > ret)
727 count = ret;
728 memcpy(buf, s->s3->tmp.peer_finish_md, count);
729 }
730 return (ret);
731}
732
733
734int
735SSL_get_verify_mode(const SSL *s)
736{
737 return (s->verify_mode);
738}
739
740int
741SSL_get_verify_depth(const SSL *s)
742{
743 return (X509_VERIFY_PARAM_get_depth(s->param));
744}
745
746int
747(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
748{
749 return (s->verify_callback);
750}
751
752int
753SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
754{
755 return (ctx->verify_mode);
756}
757
758int
759SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
760{
761 return (X509_VERIFY_PARAM_get_depth(ctx->param));
762}
763
764int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
765{
766 return (ctx->default_verify_callback);
767}
768
769void
770SSL_set_verify(SSL *s, int mode,
771 int (*callback)(int ok, X509_STORE_CTX *ctx))
772{
773 s->verify_mode = mode;
774 if (callback != NULL)
775 s->verify_callback = callback;
776}
777
778void
779SSL_set_verify_depth(SSL *s, int depth)
780{
781 X509_VERIFY_PARAM_set_depth(s->param, depth);
782}
783
784void
785SSL_set_read_ahead(SSL *s, int yes)
786{
787 s->read_ahead = yes;
788}
789
790int
791SSL_get_read_ahead(const SSL *s)
792{
793 return (s->read_ahead);
794}
795
796int
797SSL_pending(const SSL *s)
798{
799 /*
800 * SSL_pending cannot work properly if read-ahead is enabled
801 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
802 * and it is impossible to fix since SSL_pending cannot report
803 * errors that may be observed while scanning the new data.
804 * (Note that SSL_pending() is often used as a boolean value,
805 * so we'd better not return -1.)
806 */
807 return (s->method->ssl_pending(s));
808}
809
810X509 *
811SSL_get_peer_certificate(const SSL *s)
812{
813 X509 *r;
814
815 if ((s == NULL) || (s->session == NULL))
816 r = NULL;
817 else
818 r = s->session->peer;
819
820 if (r == NULL)
821 return (r);
822
823 CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509);
824
825 return (r);
826}
827
828STACK_OF(X509) *
829SSL_get_peer_cert_chain(const SSL *s)
830{
831 STACK_OF(X509) *r;
832
833 if ((s == NULL) || (s->session == NULL) ||
834 (s->session->sess_cert == NULL))
835 r = NULL;
836 else
837 r = s->session->sess_cert->cert_chain;
838
839 /*
840 * If we are a client, cert_chain includes the peer's own
841 * certificate;
842 * if we are a server, it does not.
843 */
844 return (r);
845}
846
847/*
848 * Now in theory, since the calling process own 't' it should be safe to
849 * modify. We need to be able to read f without being hassled
850 */
851void
852SSL_copy_session_id(SSL *t, const SSL *f)
853{
854 CERT *tmp;
855
856 /* Do we need to to SSL locking? */
857 SSL_set_session(t, SSL_get_session(f));
858
859 /*
860 * What if we are setup as SSLv2 but want to talk SSLv3 or
861 * vice-versa.
862 */
863 if (t->method != f->method) {
864 t->method->ssl_free(t); /* cleanup current */
865 t->method=f->method; /* change method */
866 t->method->ssl_new(t); /* setup new */
867 }
868
869 tmp = t->cert;
870 if (f->cert != NULL) {
871 CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
872 t->cert = f->cert;
873 } else
874 t->cert = NULL;
875 if (tmp != NULL)
876 ssl_cert_free(tmp);
877 SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
878}
879
880/* Fix this so it checks all the valid key/cert options */
881int
882SSL_CTX_check_private_key(const SSL_CTX *ctx)
883{
884 if ((ctx == NULL) || (ctx->cert == NULL) ||
885 (ctx->cert->key->x509 == NULL)) {
886 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
887 SSL_R_NO_CERTIFICATE_ASSIGNED);
888 return (0);
889 }
890 if (ctx->cert->key->privatekey == NULL) {
891 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
892 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
893 return (0);
894 }
895 return (X509_check_private_key(ctx->cert->key->x509,
896 ctx->cert->key->privatekey));
897}
898
899/* Fix this function so that it takes an optional type parameter */
900int
901SSL_check_private_key(const SSL *ssl)
902{
903 if (ssl == NULL) {
904 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
905 ERR_R_PASSED_NULL_PARAMETER);
906 return (0);
907 }
908 if (ssl->cert == NULL) {
909 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
910 SSL_R_NO_CERTIFICATE_ASSIGNED);
911 return (0);
912 }
913 if (ssl->cert->key->x509 == NULL) {
914 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
915 SSL_R_NO_CERTIFICATE_ASSIGNED);
916 return (0);
917 }
918 if (ssl->cert->key->privatekey == NULL) {
919 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
920 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
921 return (0);
922 }
923 return (X509_check_private_key(ssl->cert->key->x509,
924 ssl->cert->key->privatekey));
925}
926
927int
928SSL_accept(SSL *s)
929{
930 if (s->handshake_func == 0)
931 SSL_set_accept_state(s); /* Not properly initialized yet */
932
933 return (s->method->ssl_accept(s));
934}
935
936int
937SSL_connect(SSL *s)
938{
939 if (s->handshake_func == 0)
940 SSL_set_connect_state(s); /* Not properly initialized yet */
941
942 return (s->method->ssl_connect(s));
943}
944
945long
946SSL_get_default_timeout(const SSL *s)
947{
948 return (s->method->get_timeout());
949}
950
951int
952SSL_read(SSL *s, void *buf, int num)
953{
954 if (s->handshake_func == 0) {
955 SSLerr(SSL_F_SSL_READ,
956 SSL_R_UNINITIALIZED);
957 return (-1);
958 }
959
960 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
961 s->rwstate = SSL_NOTHING;
962 return (0);
963 }
964 return (s->method->ssl_read(s, buf, num));
965}
966
967int
968SSL_peek(SSL *s, void *buf, int num)
969{
970 if (s->handshake_func == 0) {
971 SSLerr(SSL_F_SSL_PEEK,
972 SSL_R_UNINITIALIZED);
973 return (-1);
974 }
975
976 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
977 return (0);
978 }
979 return (s->method->ssl_peek(s, buf, num));
980}
981
982int
983SSL_write(SSL *s, const void *buf, int num)
984{
985 if (s->handshake_func == 0) {
986 SSLerr(SSL_F_SSL_WRITE,
987 SSL_R_UNINITIALIZED);
988 return (-1);
989 }
990
991 if (s->shutdown & SSL_SENT_SHUTDOWN) {
992 s->rwstate = SSL_NOTHING;
993 SSLerr(SSL_F_SSL_WRITE,
994 SSL_R_PROTOCOL_IS_SHUTDOWN);
995 return (-1);
996 }
997 return (s->method->ssl_write(s, buf, num));
998}
999
1000int
1001SSL_shutdown(SSL *s)
1002{
1003 /*
1004 * Note that this function behaves differently from what one might
1005 * expect. Return values are 0 for no success (yet),
1006 * 1 for success; but calling it once is usually not enough,
1007 * even if blocking I/O is used (see ssl3_shutdown).
1008 */
1009
1010 if (s->handshake_func == 0) {
1011 SSLerr(SSL_F_SSL_SHUTDOWN,
1012 SSL_R_UNINITIALIZED);
1013 return (-1);
1014 }
1015
1016 if ((s != NULL) && !SSL_in_init(s))
1017 return (s->method->ssl_shutdown(s));
1018 else
1019 return (1);
1020}
1021
1022int
1023SSL_renegotiate(SSL *s)
1024{
1025 if (s->renegotiate == 0)
1026 s->renegotiate = 1;
1027
1028 s->new_session = 1;
1029
1030 return (s->method->ssl_renegotiate(s));
1031}
1032
1033int
1034SSL_renegotiate_abbreviated(SSL *s)
1035{
1036 if (s->renegotiate == 0)
1037 s->renegotiate = 1;
1038
1039 s->new_session = 0;
1040
1041 return (s->method->ssl_renegotiate(s));
1042}
1043
1044int
1045SSL_renegotiate_pending(SSL *s)
1046{
1047 /*
1048 * Becomes true when negotiation is requested;
1049 * false again once a handshake has finished.
1050 */
1051 return (s->renegotiate != 0);
1052}
1053
1054long
1055SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1056{
1057 long l;
1058
1059 switch (cmd) {
1060 case SSL_CTRL_GET_READ_AHEAD:
1061 return (s->read_ahead);
1062 case SSL_CTRL_SET_READ_AHEAD:
1063 l = s->read_ahead;
1064 s->read_ahead = larg;
1065 return (l);
1066
1067 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1068 s->msg_callback_arg = parg;
1069 return (1);
1070
1071 case SSL_CTRL_OPTIONS:
1072 return (s->options|=larg);
1073 case SSL_CTRL_CLEAR_OPTIONS:
1074 return (s->options&=~larg);
1075 case SSL_CTRL_MODE:
1076 return (s->mode|=larg);
1077 case SSL_CTRL_CLEAR_MODE:
1078 return (s->mode &=~larg);
1079 case SSL_CTRL_GET_MAX_CERT_LIST:
1080 return (s->max_cert_list);
1081 case SSL_CTRL_SET_MAX_CERT_LIST:
1082 l = s->max_cert_list;
1083 s->max_cert_list = larg;
1084 return (l);
1085 case SSL_CTRL_SET_MTU:
1086#ifndef OPENSSL_NO_DTLS1
1087 if (larg < (long)dtls1_min_mtu())
1088 return (0);
1089#endif
1090 if (SSL_IS_DTLS(s)) {
1091 s->d1->mtu = larg;
1092 return (larg);
1093 }
1094 return (0);
1095 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1096 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1097 return (0);
1098 s->max_send_fragment = larg;
1099 return (1);
1100 case SSL_CTRL_GET_RI_SUPPORT:
1101 if (s->s3)
1102 return (s->s3->send_connection_binding);
1103 else return (0);
1104 default:
1105 return (s->method->ssl_ctrl(s, cmd, larg, parg));
1106 }
1107}
1108
1109long
1110SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1111{
1112 switch (cmd) {
1113 case SSL_CTRL_SET_MSG_CALLBACK:
1114 s->msg_callback = (void (*)(int write_p, int version,
1115 int content_type, const void *buf, size_t len,
1116 SSL *ssl, void *arg))(fp);
1117 return (1);
1118
1119 default:
1120 return (s->method->ssl_callback_ctrl(s, cmd, fp));
1121 }
1122}
1123
1124LHASH_OF(SSL_SESSION) *
1125SSL_CTX_sessions(SSL_CTX *ctx)
1126{
1127 return (ctx->sessions);
1128}
1129
1130long
1131SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1132{
1133 long l;
1134
1135 switch (cmd) {
1136 case SSL_CTRL_GET_READ_AHEAD:
1137 return (ctx->read_ahead);
1138 case SSL_CTRL_SET_READ_AHEAD:
1139 l = ctx->read_ahead;
1140 ctx->read_ahead = larg;
1141 return (l);
1142
1143 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1144 ctx->msg_callback_arg = parg;
1145 return (1);
1146
1147 case SSL_CTRL_GET_MAX_CERT_LIST:
1148 return (ctx->max_cert_list);
1149 case SSL_CTRL_SET_MAX_CERT_LIST:
1150 l = ctx->max_cert_list;
1151 ctx->max_cert_list = larg;
1152 return (l);
1153
1154 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1155 l = ctx->session_cache_size;
1156 ctx->session_cache_size = larg;
1157 return (l);
1158 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1159 return (ctx->session_cache_size);
1160 case SSL_CTRL_SET_SESS_CACHE_MODE:
1161 l = ctx->session_cache_mode;
1162 ctx->session_cache_mode = larg;
1163 return (l);
1164 case SSL_CTRL_GET_SESS_CACHE_MODE:
1165 return (ctx->session_cache_mode);
1166
1167 case SSL_CTRL_SESS_NUMBER:
1168 return (lh_SSL_SESSION_num_items(ctx->sessions));
1169 case SSL_CTRL_SESS_CONNECT:
1170 return (ctx->stats.sess_connect);
1171 case SSL_CTRL_SESS_CONNECT_GOOD:
1172 return (ctx->stats.sess_connect_good);
1173 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1174 return (ctx->stats.sess_connect_renegotiate);
1175 case SSL_CTRL_SESS_ACCEPT:
1176 return (ctx->stats.sess_accept);
1177 case SSL_CTRL_SESS_ACCEPT_GOOD:
1178 return (ctx->stats.sess_accept_good);
1179 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1180 return (ctx->stats.sess_accept_renegotiate);
1181 case SSL_CTRL_SESS_HIT:
1182 return (ctx->stats.sess_hit);
1183 case SSL_CTRL_SESS_CB_HIT:
1184 return (ctx->stats.sess_cb_hit);
1185 case SSL_CTRL_SESS_MISSES:
1186 return (ctx->stats.sess_miss);
1187 case SSL_CTRL_SESS_TIMEOUTS:
1188 return (ctx->stats.sess_timeout);
1189 case SSL_CTRL_SESS_CACHE_FULL:
1190 return (ctx->stats.sess_cache_full);
1191 case SSL_CTRL_OPTIONS:
1192 return (ctx->options|=larg);
1193 case SSL_CTRL_CLEAR_OPTIONS:
1194 return (ctx->options&=~larg);
1195 case SSL_CTRL_MODE:
1196 return (ctx->mode|=larg);
1197 case SSL_CTRL_CLEAR_MODE:
1198 return (ctx->mode&=~larg);
1199 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1200 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1201 return (0);
1202 ctx->max_send_fragment = larg;
1203 return (1);
1204 default:
1205 return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
1206 }
1207}
1208
1209long
1210SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1211{
1212 switch (cmd) {
1213 case SSL_CTRL_SET_MSG_CALLBACK:
1214 ctx->msg_callback = (void (*)(int write_p, int version,
1215 int content_type, const void *buf, size_t len, SSL *ssl,
1216 void *arg))(fp);
1217 return (1);
1218
1219 default:
1220 return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
1221 }
1222}
1223
1224int
1225ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1226{
1227 long l;
1228
1229 l = a->id - b->id;
1230 if (l == 0L)
1231 return (0);
1232 else
1233 return ((l > 0) ? 1:-1);
1234}
1235
1236int
1237ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1238 const SSL_CIPHER * const *bp)
1239{
1240 long l;
1241
1242 l = (*ap)->id - (*bp)->id;
1243 if (l == 0L)
1244 return (0);
1245 else
1246 return ((l > 0) ? 1:-1);
1247}
1248
1249/*
1250 * Return a STACK of the ciphers available for the SSL and in order of
1251 * preference.
1252 */
1253STACK_OF(SSL_CIPHER) *
1254SSL_get_ciphers(const SSL *s)
1255{
1256 if (s != NULL) {
1257 if (s->cipher_list != NULL) {
1258 return (s->cipher_list);
1259 } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
1260 return (s->ctx->cipher_list);
1261 }
1262 }
1263 return (NULL);
1264}
1265
1266/*
1267 * Return a STACK of the ciphers available for the SSL and in order of
1268 * algorithm id.
1269 */
1270STACK_OF(SSL_CIPHER) *
1271ssl_get_ciphers_by_id(SSL *s)
1272{
1273 if (s != NULL) {
1274 if (s->cipher_list_by_id != NULL) {
1275 return (s->cipher_list_by_id);
1276 } else if ((s->ctx != NULL) &&
1277 (s->ctx->cipher_list_by_id != NULL)) {
1278 return (s->ctx->cipher_list_by_id);
1279 }
1280 }
1281 return (NULL);
1282}
1283
1284/* The old interface to get the same thing as SSL_get_ciphers(). */
1285const char *
1286SSL_get_cipher_list(const SSL *s, int n)
1287{
1288 SSL_CIPHER *c;
1289 STACK_OF(SSL_CIPHER) *sk;
1290
1291 if (s == NULL)
1292 return (NULL);
1293 sk = SSL_get_ciphers(s);
1294 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1295 return (NULL);
1296 c = sk_SSL_CIPHER_value(sk, n);
1297 if (c == NULL)
1298 return (NULL);
1299 return (c->name);
1300}
1301
1302/* Specify the ciphers to be used by default by the SSL_CTX. */
1303int
1304SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1305{
1306 STACK_OF(SSL_CIPHER) *sk;
1307
1308 sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1309 &ctx->cipher_list_by_id, str);
1310 /*
1311 * ssl_create_cipher_list may return an empty stack if it
1312 * was unable to find a cipher matching the given rule string
1313 * (for example if the rule string specifies a cipher which
1314 * has been disabled). This is not an error as far as
1315 * ssl_create_cipher_list is concerned, and hence
1316 * ctx->cipher_list and ctx->cipher_list_by_id has been
1317 * updated.
1318 */
1319 if (sk == NULL)
1320 return (0);
1321 else if (sk_SSL_CIPHER_num(sk) == 0) {
1322 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST,
1323 SSL_R_NO_CIPHER_MATCH);
1324 return (0);
1325 }
1326 return (1);
1327}
1328
1329/* Specify the ciphers to be used by the SSL. */
1330int
1331SSL_set_cipher_list(SSL *s, const char *str)
1332{
1333 STACK_OF(SSL_CIPHER) *sk;
1334
1335 sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1336 &s->cipher_list_by_id, str);
1337 /* see comment in SSL_CTX_set_cipher_list */
1338 if (sk == NULL)
1339 return (0);
1340 else if (sk_SSL_CIPHER_num(sk) == 0) {
1341 SSLerr(SSL_F_SSL_SET_CIPHER_LIST,
1342 SSL_R_NO_CIPHER_MATCH);
1343 return (0);
1344 }
1345 return (1);
1346}
1347
1348/* works well for SSLv2, not so good for SSLv3 */
1349char *
1350SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1351{
1352 char *end;
1353 STACK_OF(SSL_CIPHER) *sk;
1354 SSL_CIPHER *c;
1355 size_t curlen = 0;
1356 int i;
1357
1358 if (s->session == NULL || s->session->ciphers == NULL || len < 2)
1359 return (NULL);
1360
1361 sk = s->session->ciphers;
1362 if (sk_SSL_CIPHER_num(sk) == 0)
1363 return (NULL);
1364
1365 buf[0] = '\0';
1366 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1367 c = sk_SSL_CIPHER_value(sk, i);
1368 end = buf + curlen;
1369 if (strlcat(buf, c->name, len) >= len ||
1370 (curlen = strlcat(buf, ":", len)) >= len) {
1371 /* remove truncated cipher from list */
1372 *end = '\0';
1373 break;
1374 }
1375 }
1376 /* remove trailing colon */
1377 if ((end = strrchr(buf, ':')) != NULL)
1378 *end = '\0';
1379 return (buf);
1380}
1381
1382int
1383ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
1384{
1385 int i;
1386 SSL_CIPHER *c;
1387 unsigned char *q;
1388
1389 if (sk == NULL)
1390 return (0);
1391 q = p;
1392
1393 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1394 c = sk_SSL_CIPHER_value(sk, i);
1395
1396 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1397 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
1398 (TLS1_get_client_version(s) < TLS1_2_VERSION))
1399 continue;
1400
1401 s2n(ssl3_cipher_get_value(c), p);
1402 }
1403
1404 /*
1405 * If p == q, no ciphers and caller indicates an error. Otherwise
1406 * add SCSV if not renegotiating.
1407 */
1408 if (p != q && !s->renegotiate)
1409 s2n(SSL3_CK_SCSV & SSL3_CK_VALUE_MASK, p);
1410
1411 return (p - q);
1412}
1413
1414STACK_OF(SSL_CIPHER) *
1415ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1416{
1417 CBS cbs;
1418 const SSL_CIPHER *c;
1419 STACK_OF(SSL_CIPHER) *sk = NULL;
1420 unsigned long cipher_id;
1421 uint16_t cipher_value, max_version;
1422
1423 if (s->s3)
1424 s->s3->send_connection_binding = 0;
1425
1426 /*
1427 * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
1428 */
1429 if (num < 2 || num > 0x10000 - 2) {
1430 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1431 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1432 return (NULL);
1433 }
1434
1435 if ((sk = sk_SSL_CIPHER_new_null()) == NULL) {
1436 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
1437 goto err;
1438 }
1439
1440 CBS_init(&cbs, p, num);
1441 while (CBS_len(&cbs) > 0) {
1442 if (!CBS_get_u16(&cbs, &cipher_value)) {
1443 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1444 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1445 goto err;
1446 }
1447
1448 cipher_id = SSL3_CK_ID | cipher_value;
1449
1450 if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) {
1451 /*
1452 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if
1453 * renegotiating.
1454 */
1455 if (s->renegotiate) {
1456 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1457 SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1458 ssl3_send_alert(s, SSL3_AL_FATAL,
1459 SSL_AD_HANDSHAKE_FAILURE);
1460
1461 goto err;
1462 }
1463 s->s3->send_connection_binding = 1;
1464 continue;
1465 }
1466
1467 if (cipher_id == SSL3_CK_FALLBACK_SCSV) {
1468 /*
1469 * TLS_FALLBACK_SCSV indicates that the client
1470 * previously tried a higher protocol version.
1471 * Fail if the current version is an unexpected
1472 * downgrade.
1473 */
1474 max_version = ssl_max_server_version(s);
1475 if (max_version == 0 || s->version < max_version) {
1476 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1477 SSL_R_INAPPROPRIATE_FALLBACK);
1478 if (s->s3 != NULL)
1479 ssl3_send_alert(s, SSL3_AL_FATAL,
1480 SSL_AD_INAPPROPRIATE_FALLBACK);
1481 goto err;
1482 }
1483 continue;
1484 }
1485
1486 if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
1487 if (!sk_SSL_CIPHER_push(sk, c)) {
1488 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1489 ERR_R_MALLOC_FAILURE);
1490 goto err;
1491 }
1492 }
1493 }
1494
1495 return (sk);
1496
1497err:
1498 sk_SSL_CIPHER_free(sk);
1499
1500 return (NULL);
1501}
1502
1503
1504/*
1505 * Return a servername extension value if provided in Client Hello, or NULL.
1506 * So far, only host_name types are defined (RFC 3546).
1507 */
1508const char *
1509SSL_get_servername(const SSL *s, const int type)
1510{
1511 if (type != TLSEXT_NAMETYPE_host_name)
1512 return (NULL);
1513
1514 return (s->session && !s->tlsext_hostname ?
1515 s->session->tlsext_hostname :
1516 s->tlsext_hostname);
1517}
1518
1519int
1520SSL_get_servername_type(const SSL *s)
1521{
1522 if (s->session &&
1523 (!s->tlsext_hostname ?
1524 s->session->tlsext_hostname : s->tlsext_hostname))
1525 return (TLSEXT_NAMETYPE_host_name);
1526 return (-1);
1527}
1528
1529/*
1530 * SSL_select_next_proto implements the standard protocol selection. It is
1531 * expected that this function is called from the callback set by
1532 * SSL_CTX_set_next_proto_select_cb.
1533 *
1534 * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
1535 * strings. The length byte itself is not included in the length. A byte
1536 * string of length 0 is invalid. No byte string may be truncated.
1537 *
1538 * The current, but experimental algorithm for selecting the protocol is:
1539 *
1540 * 1) If the server doesn't support NPN then this is indicated to the
1541 * callback. In this case, the client application has to abort the connection
1542 * or have a default application level protocol.
1543 *
1544 * 2) If the server supports NPN, but advertises an empty list then the
1545 * client selects the first protcol in its list, but indicates via the
1546 * API that this fallback case was enacted.
1547 *
1548 * 3) Otherwise, the client finds the first protocol in the server's list
1549 * that it supports and selects this protocol. This is because it's
1550 * assumed that the server has better information about which protocol
1551 * a client should use.
1552 *
1553 * 4) If the client doesn't support any of the server's advertised
1554 * protocols, then this is treated the same as case 2.
1555 *
1556 * It returns either
1557 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1558 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1559 */
1560int
1561SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1562 const unsigned char *server, unsigned int server_len,
1563 const unsigned char *client, unsigned int client_len)
1564{
1565 unsigned int i, j;
1566 const unsigned char *result;
1567 int status = OPENSSL_NPN_UNSUPPORTED;
1568
1569 /*
1570 * For each protocol in server preference order,
1571 * see if we support it.
1572 */
1573 for (i = 0; i < server_len; ) {
1574 for (j = 0; j < client_len; ) {
1575 if (server[i] == client[j] &&
1576 memcmp(&server[i + 1],
1577 &client[j + 1], server[i]) == 0) {
1578 /* We found a match */
1579 result = &server[i];
1580 status = OPENSSL_NPN_NEGOTIATED;
1581 goto found;
1582 }
1583 j += client[j];
1584 j++;
1585 }
1586 i += server[i];
1587 i++;
1588 }
1589
1590 /* There's no overlap between our protocols and the server's list. */
1591 result = client;
1592 status = OPENSSL_NPN_NO_OVERLAP;
1593
1594found:
1595 *out = (unsigned char *) result + 1;
1596 *outlen = result[0];
1597 return (status);
1598}
1599
1600/*
1601 * SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
1602 * requested protocol for this connection and returns 0. If the client didn't
1603 * request any protocol, then *data is set to NULL.
1604 *
1605 * Note that the client can request any protocol it chooses. The value returned
1606 * from this function need not be a member of the list of supported protocols
1607 * provided by the callback.
1608 */
1609void
1610SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
1611 unsigned *len)
1612{
1613 *data = s->next_proto_negotiated;
1614 if (!*data) {
1615 *len = 0;
1616 } else {
1617 *len = s->next_proto_negotiated_len;
1618 }
1619}
1620
1621/*
1622 * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
1623 * TLS server needs a list of supported protocols for Next Protocol
1624 * Negotiation. The returned list must be in wire format. The list is returned
1625 * by setting |out| to point to it and |outlen| to its length. This memory will
1626 * not be modified, but one should assume that the SSL* keeps a reference to
1627 * it.
1628 *
1629 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise.
1630 * Otherwise, no such extension will be included in the ServerHello.
1631 */
1632void
1633SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
1634 const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1635{
1636 ctx->next_protos_advertised_cb = cb;
1637 ctx->next_protos_advertised_cb_arg = arg;
1638}
1639
1640/*
1641 * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
1642 * client needs to select a protocol from the server's provided list. |out|
1643 * must be set to point to the selected protocol (which may be within |in|).
1644 * The length of the protocol name must be written into |outlen|. The server's
1645 * advertised protocols are provided in |in| and |inlen|. The callback can
1646 * assume that |in| is syntactically valid.
1647 *
1648 * The client must select a protocol. It is fatal to the connection if this
1649 * callback returns a value other than SSL_TLSEXT_ERR_OK.
1650 */
1651void
1652SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1653 unsigned char **out, unsigned char *outlen, const unsigned char *in,
1654 unsigned int inlen, void *arg), void *arg)
1655{
1656 ctx->next_proto_select_cb = cb;
1657 ctx->next_proto_select_cb_arg = arg;
1658}
1659
1660/*
1661 * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
1662 * protocols, which must be in wire-format (i.e. a series of non-empty,
1663 * 8-bit length-prefixed strings). Returns 0 on success.
1664 */
1665int
1666SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
1667 unsigned int protos_len)
1668{
1669 free(ctx->alpn_client_proto_list);
1670 if ((ctx->alpn_client_proto_list = malloc(protos_len)) == NULL)
1671 return (1);
1672 memcpy(ctx->alpn_client_proto_list, protos, protos_len);
1673 ctx->alpn_client_proto_list_len = protos_len;
1674
1675 return (0);
1676}
1677
1678/*
1679 * SSL_set_alpn_protos sets the ALPN protocol list to the specified
1680 * protocols, which must be in wire-format (i.e. a series of non-empty,
1681 * 8-bit length-prefixed strings). Returns 0 on success.
1682 */
1683int
1684SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
1685 unsigned int protos_len)
1686{
1687 free(ssl->alpn_client_proto_list);
1688 if ((ssl->alpn_client_proto_list = malloc(protos_len)) == NULL)
1689 return (1);
1690 memcpy(ssl->alpn_client_proto_list, protos, protos_len);
1691 ssl->alpn_client_proto_list_len = protos_len;
1692
1693 return (0);
1694}
1695
1696/*
1697 * SSL_CTX_set_alpn_select_cb sets a callback function that is called during
1698 * ClientHello processing in order to select an ALPN protocol from the
1699 * client's list of offered protocols.
1700 */
1701void
1702SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
1703 int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
1704 const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1705{
1706 ctx->alpn_select_cb = cb;
1707 ctx->alpn_select_cb_arg = arg;
1708}
1709
1710/*
1711 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
1712 * it sets data to point to len bytes of protocol name (not including the
1713 * leading length-prefix byte). If the server didn't respond with* a negotiated
1714 * protocol then len will be zero.
1715 */
1716void
1717SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
1718 unsigned *len)
1719{
1720 *data = NULL;
1721 *len = 0;
1722
1723 if (ssl->s3 != NULL) {
1724 *data = ssl->s3->alpn_selected;
1725 *len = ssl->s3->alpn_selected_len;
1726 }
1727}
1728
1729int
1730SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1731 const char *label, size_t llen, const unsigned char *p, size_t plen,
1732 int use_context)
1733{
1734 if (s->version < TLS1_VERSION)
1735 return (-1);
1736
1737 return (s->method->ssl3_enc->export_keying_material(s, out, olen,
1738 label, llen, p, plen, use_context));
1739}
1740
1741static unsigned long
1742ssl_session_hash(const SSL_SESSION *a)
1743{
1744 unsigned long l;
1745
1746 l = (unsigned long)
1747 ((unsigned int) a->session_id[0] )|
1748 ((unsigned int) a->session_id[1]<< 8L)|
1749 ((unsigned long)a->session_id[2]<<16L)|
1750 ((unsigned long)a->session_id[3]<<24L);
1751 return (l);
1752}
1753
1754/*
1755 * NB: If this function (or indeed the hash function which uses a sort of
1756 * coarser function than this one) is changed, ensure
1757 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1758 * able to construct an SSL_SESSION that will collide with any existing session
1759 * with a matching session ID.
1760 */
1761static int
1762ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
1763{
1764 if (a->ssl_version != b->ssl_version)
1765 return (1);
1766 if (a->session_id_length != b->session_id_length)
1767 return (1);
1768 if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)
1769 return (1);
1770 return (0);
1771}
1772
1773/*
1774 * These wrapper functions should remain rather than redeclaring
1775 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1776 * variable. The reason is that the functions aren't static, they're exposed via
1777 * ssl.h.
1778 */
1779static
1780IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
1781static
1782IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
1783
1784SSL_CTX *
1785SSL_CTX_new(const SSL_METHOD *meth)
1786{
1787 SSL_CTX *ret = NULL;
1788
1789 if (meth == NULL) {
1790 SSLerr(SSL_F_SSL_CTX_NEW,
1791 SSL_R_NULL_SSL_METHOD_PASSED);
1792 return (NULL);
1793 }
1794
1795 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1796 SSLerr(SSL_F_SSL_CTX_NEW,
1797 SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1798 goto err;
1799 }
1800 ret = calloc(1, sizeof(SSL_CTX));
1801 if (ret == NULL)
1802 goto err;
1803
1804 ret->method = meth;
1805
1806 ret->cert_store = NULL;
1807 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
1808 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1809 ret->session_cache_head = NULL;
1810 ret->session_cache_tail = NULL;
1811
1812 /* We take the system default */
1813 ret->session_timeout = meth->get_timeout();
1814
1815 ret->new_session_cb = 0;
1816 ret->remove_session_cb = 0;
1817 ret->get_session_cb = 0;
1818 ret->generate_session_id = 0;
1819
1820 memset((char *)&ret->stats, 0, sizeof(ret->stats));
1821
1822 ret->references = 1;
1823 ret->quiet_shutdown = 0;
1824
1825 ret->info_callback = NULL;
1826
1827 ret->app_verify_callback = 0;
1828 ret->app_verify_arg = NULL;
1829
1830 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
1831 ret->read_ahead = 0;
1832 ret->msg_callback = 0;
1833 ret->msg_callback_arg = NULL;
1834 ret->verify_mode = SSL_VERIFY_NONE;
1835 ret->sid_ctx_length = 0;
1836 ret->default_verify_callback = NULL;
1837 if ((ret->cert = ssl_cert_new()) == NULL)
1838 goto err;
1839
1840 ret->default_passwd_callback = 0;
1841 ret->default_passwd_callback_userdata = NULL;
1842 ret->client_cert_cb = 0;
1843 ret->app_gen_cookie_cb = 0;
1844 ret->app_verify_cookie_cb = 0;
1845
1846 ret->sessions = lh_SSL_SESSION_new();
1847 if (ret->sessions == NULL)
1848 goto err;
1849 ret->cert_store = X509_STORE_new();
1850 if (ret->cert_store == NULL)
1851 goto err;
1852
1853 ssl_create_cipher_list(ret->method, &ret->cipher_list,
1854 &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
1855 if (ret->cipher_list == NULL ||
1856 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1857 SSLerr(SSL_F_SSL_CTX_NEW,
1858 SSL_R_LIBRARY_HAS_NO_CIPHERS);
1859 goto err2;
1860 }
1861
1862 ret->param = X509_VERIFY_PARAM_new();
1863 if (!ret->param)
1864 goto err;
1865
1866 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
1867 SSLerr(SSL_F_SSL_CTX_NEW,
1868 SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1869 goto err2;
1870 }
1871 if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
1872 SSLerr(SSL_F_SSL_CTX_NEW,
1873 SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1874 goto err2;
1875 }
1876
1877 if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
1878 goto err;
1879
1880 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1881
1882 ret->extra_certs = NULL;
1883
1884 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1885
1886 ret->tlsext_servername_callback = 0;
1887 ret->tlsext_servername_arg = NULL;
1888
1889 /* Setup RFC4507 ticket keys */
1890 arc4random_buf(ret->tlsext_tick_key_name, 16);
1891 arc4random_buf(ret->tlsext_tick_hmac_key, 16);
1892 arc4random_buf(ret->tlsext_tick_aes_key, 16);
1893
1894 ret->tlsext_status_cb = 0;
1895 ret->tlsext_status_arg = NULL;
1896
1897 ret->next_protos_advertised_cb = 0;
1898 ret->next_proto_select_cb = 0;
1899#ifndef OPENSSL_NO_ENGINE
1900 ret->client_cert_engine = NULL;
1901#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
1902#define eng_strx(x) #x
1903#define eng_str(x) eng_strx(x)
1904 /* Use specific client engine automatically... ignore errors */
1905 {
1906 ENGINE *eng;
1907 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1908 if (!eng) {
1909 ERR_clear_error();
1910 ENGINE_load_builtin_engines();
1911 eng = ENGINE_by_id(eng_str(
1912 OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1913 }
1914 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1915 ERR_clear_error();
1916 }
1917#endif
1918#endif
1919 /*
1920 * Default is to connect to non-RI servers. When RI is more widely
1921 * deployed might change this.
1922 */
1923 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1924
1925 /* Disable SSLv3 by default. */
1926 ret->options |= SSL_OP_NO_SSLv3;
1927
1928 return (ret);
1929err:
1930 SSLerr(SSL_F_SSL_CTX_NEW,
1931 ERR_R_MALLOC_FAILURE);
1932err2:
1933 SSL_CTX_free(ret);
1934 return (NULL);
1935}
1936
1937void
1938SSL_CTX_free(SSL_CTX *a)
1939{
1940 int i;
1941
1942 if (a == NULL)
1943 return;
1944
1945 i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX);
1946 if (i > 0)
1947 return;
1948
1949 if (a->param)
1950 X509_VERIFY_PARAM_free(a->param);
1951
1952 /*
1953 * Free internal session cache. However: the remove_cb() may reference
1954 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
1955 * after the sessions were flushed.
1956 * As the ex_data handling routines might also touch the session cache,
1957 * the most secure solution seems to be: empty (flush) the cache, then
1958 * free ex_data, then finally free the cache.
1959 * (See ticket [openssl.org #212].)
1960 */
1961 if (a->sessions != NULL)
1962 SSL_CTX_flush_sessions(a, 0);
1963
1964 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1965
1966 if (a->sessions != NULL)
1967 lh_SSL_SESSION_free(a->sessions);
1968
1969 if (a->cert_store != NULL)
1970 X509_STORE_free(a->cert_store);
1971 if (a->cipher_list != NULL)
1972 sk_SSL_CIPHER_free(a->cipher_list);
1973 if (a->cipher_list_by_id != NULL)
1974 sk_SSL_CIPHER_free(a->cipher_list_by_id);
1975 if (a->cert != NULL)
1976 ssl_cert_free(a->cert);
1977 if (a->client_CA != NULL)
1978 sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
1979 if (a->extra_certs != NULL)
1980 sk_X509_pop_free(a->extra_certs, X509_free);
1981
1982#ifndef OPENSSL_NO_SRTP
1983 if (a->srtp_profiles)
1984 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
1985#endif
1986
1987#ifndef OPENSSL_NO_ENGINE
1988 if (a->client_cert_engine)
1989 ENGINE_finish(a->client_cert_engine);
1990#endif
1991
1992 free(a->alpn_client_proto_list);
1993
1994 free(a);
1995}
1996
1997void
1998SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1999{
2000 ctx->default_passwd_callback = cb;
2001}
2002
2003void
2004SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
2005{
2006 ctx->default_passwd_callback_userdata = u;
2007}
2008
2009void
2010SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,
2011 void *), void *arg)
2012{
2013 ctx->app_verify_callback = cb;
2014 ctx->app_verify_arg = arg;
2015}
2016
2017void
2018SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
2019{
2020 ctx->verify_mode = mode;
2021 ctx->default_verify_callback = cb;
2022}
2023
2024void
2025SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
2026{
2027 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2028}
2029
2030void
2031ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2032{
2033 CERT_PKEY *cpk;
2034 int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
2035 unsigned long mask_k, mask_a;
2036 int have_ecc_cert, ecdh_ok, ecdsa_ok;
2037 int have_ecdh_tmp;
2038 X509 *x = NULL;
2039 EVP_PKEY *ecc_pkey = NULL;
2040 int signature_nid = 0, pk_nid = 0, md_nid = 0;
2041
2042 if (c == NULL)
2043 return;
2044
2045 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL ||
2046 c->dh_tmp_auto != 0);
2047
2048 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL ||
2049 c->ecdh_tmp_auto != 0);
2050 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
2051 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
2052 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
2053 rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
2054 cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
2055 dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
2056/* FIX THIS EAY EAY EAY */
2057 cpk = &(c->pkeys[SSL_PKEY_ECC]);
2058 have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
2059 mask_k = 0;
2060 mask_a = 0;
2061
2062 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2063 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
2064 mask_k |= SSL_kGOST;
2065 mask_a |= SSL_aGOST01;
2066 }
2067
2068 if (rsa_enc)
2069 mask_k|=SSL_kRSA;
2070
2071 if (dh_tmp)
2072 mask_k|=SSL_kDHE;
2073
2074 if (rsa_enc || rsa_sign)
2075 mask_a|=SSL_aRSA;
2076
2077 if (dsa_sign)
2078 mask_a|=SSL_aDSS;
2079
2080 mask_a|=SSL_aNULL;
2081
2082 /*
2083 * An ECC certificate may be usable for ECDH and/or
2084 * ECDSA cipher suites depending on the key usage extension.
2085 */
2086 if (have_ecc_cert) {
2087 /* This call populates extension flags (ex_flags) */
2088 x = (c->pkeys[SSL_PKEY_ECC]).x509;
2089 X509_check_purpose(x, -1, 0);
2090 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2091 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
2092 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2093 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
2094 ecc_pkey = X509_get_pubkey(x);
2095 EVP_PKEY_free(ecc_pkey);
2096 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2097 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2098 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2099 }
2100 if (ecdh_ok) {
2101 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
2102 mask_k|=SSL_kECDHr;
2103 mask_a|=SSL_aECDH;
2104 }
2105 if (pk_nid == NID_X9_62_id_ecPublicKey) {
2106 mask_k|=SSL_kECDHe;
2107 mask_a|=SSL_aECDH;
2108 }
2109 }
2110 if (ecdsa_ok)
2111 mask_a|=SSL_aECDSA;
2112 }
2113
2114 if (have_ecdh_tmp) {
2115 mask_k|=SSL_kECDHE;
2116 }
2117
2118
2119 c->mask_k = mask_k;
2120 c->mask_a = mask_a;
2121 c->valid = 1;
2122}
2123
2124/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
2125#define ku_reject(x, usage) \
2126 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
2127
2128
2129int
2130ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2131{
2132 unsigned long alg_k, alg_a;
2133 int signature_nid = 0, md_nid = 0, pk_nid = 0;
2134 const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
2135
2136 alg_k = cs->algorithm_mkey;
2137 alg_a = cs->algorithm_auth;
2138
2139 /* This call populates the ex_flags field correctly */
2140 X509_check_purpose(x, -1, 0);
2141 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2142 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2143 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2144 }
2145 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
2146 /* key usage, if present, must allow key agreement */
2147 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
2148 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2149 SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2150 return (0);
2151 }
2152 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) <
2153 TLS1_2_VERSION) {
2154 /* signature alg must be ECDSA */
2155 if (pk_nid != NID_X9_62_id_ecPublicKey) {
2156 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2157 SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2158 return (0);
2159 }
2160 }
2161 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) <
2162 TLS1_2_VERSION) {
2163 /* signature alg must be RSA */
2164 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
2165 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2166 SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2167 return (0);
2168 }
2169 }
2170 }
2171 if (alg_a & SSL_aECDSA) {
2172 /* key usage, if present, must allow signing */
2173 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
2174 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2175 SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2176 return (0);
2177 }
2178 }
2179
2180 return (1);
2181 /* all checks are ok */
2182}
2183
2184
2185/* THIS NEEDS CLEANING UP */
2186CERT_PKEY *
2187ssl_get_server_send_pkey(const SSL *s)
2188{
2189 unsigned long alg_k, alg_a;
2190 CERT *c;
2191 int i;
2192
2193 c = s->cert;
2194 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
2195
2196 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2197 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2198
2199 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
2200 /*
2201 * We don't need to look at SSL_kECDHE
2202 * since no certificate is needed for
2203 * anon ECDH and for authenticated
2204 * ECDHE, the check for the auth
2205 * algorithm will set i correctly
2206 * NOTE: For ECDH-RSA, we need an ECC
2207 * not an RSA cert but for EECDH-RSA
2208 * we need an RSA cert. Placing the
2209 * checks for SSL_kECDH before RSA
2210 * checks ensures the correct cert is chosen.
2211 */
2212 i = SSL_PKEY_ECC;
2213 } else if (alg_a & SSL_aECDSA) {
2214 i = SSL_PKEY_ECC;
2215 } else if (alg_a & SSL_aDSS) {
2216 i = SSL_PKEY_DSA_SIGN;
2217 } else if (alg_a & SSL_aRSA) {
2218 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
2219 i = SSL_PKEY_RSA_SIGN;
2220 else
2221 i = SSL_PKEY_RSA_ENC;
2222 } else if (alg_a & SSL_aGOST01) {
2223 i = SSL_PKEY_GOST01;
2224 } else { /* if (alg_a & SSL_aNULL) */
2225 SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR);
2226 return (NULL);
2227 }
2228
2229 return (c->pkeys + i);
2230}
2231
2232X509 *
2233ssl_get_server_send_cert(const SSL *s)
2234{
2235 CERT_PKEY *cpk;
2236
2237 cpk = ssl_get_server_send_pkey(s);
2238 if (!cpk)
2239 return (NULL);
2240 return (cpk->x509);
2241}
2242
2243EVP_PKEY *
2244ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
2245{
2246 unsigned long alg_a;
2247 CERT *c;
2248 int idx = -1;
2249
2250 alg_a = cipher->algorithm_auth;
2251 c = s->cert;
2252
2253 if ((alg_a & SSL_aDSS) &&
2254 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2255 idx = SSL_PKEY_DSA_SIGN;
2256 else if (alg_a & SSL_aRSA) {
2257 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2258 idx = SSL_PKEY_RSA_SIGN;
2259 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2260 idx = SSL_PKEY_RSA_ENC;
2261 } else if ((alg_a & SSL_aECDSA) &&
2262 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2263 idx = SSL_PKEY_ECC;
2264 if (idx == -1) {
2265 SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
2266 return (NULL);
2267 }
2268 if (pmd)
2269 *pmd = c->pkeys[idx].digest;
2270 return (c->pkeys[idx].privatekey);
2271}
2272
2273DH *
2274ssl_get_auto_dh(SSL *s)
2275{
2276 CERT_PKEY *cpk;
2277 int keylen;
2278 DH *dhp;
2279
2280 if (s->cert->dh_tmp_auto == 2) {
2281 keylen = 1024;
2282 } else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
2283 keylen = 1024;
2284 if (s->s3->tmp.new_cipher->strength_bits == 256)
2285 keylen = 3072;
2286 } else {
2287 if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
2288 return (NULL);
2289 if (cpk->privatekey == NULL || cpk->privatekey->pkey.dh == NULL)
2290 return (NULL);
2291 keylen = EVP_PKEY_bits(cpk->privatekey);
2292 }
2293
2294 if ((dhp = DH_new()) == NULL)
2295 return (NULL);
2296
2297 dhp->g = BN_new();
2298 if (dhp->g != NULL)
2299 BN_set_word(dhp->g, 2);
2300
2301 if (keylen >= 8192)
2302 dhp->p = get_rfc3526_prime_8192(NULL);
2303 else if (keylen >= 4096)
2304 dhp->p = get_rfc3526_prime_4096(NULL);
2305 else if (keylen >= 3072)
2306 dhp->p = get_rfc3526_prime_3072(NULL);
2307 else if (keylen >= 2048)
2308 dhp->p = get_rfc3526_prime_2048(NULL);
2309 else if (keylen >= 1536)
2310 dhp->p = get_rfc3526_prime_1536(NULL);
2311 else
2312 dhp->p = get_rfc2409_prime_1024(NULL);
2313
2314 if (dhp->p == NULL || dhp->g == NULL) {
2315 DH_free(dhp);
2316 return (NULL);
2317 }
2318 return (dhp);
2319}
2320
2321void
2322ssl_update_cache(SSL *s, int mode)
2323{
2324 int i;
2325
2326 /*
2327 * If the session_id_length is 0, we are not supposed to cache it,
2328 * and it would be rather hard to do anyway :-)
2329 */
2330 if (s->session->session_id_length == 0)
2331 return;
2332
2333 i = s->session_ctx->session_cache_mode;
2334 if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2335 || SSL_CTX_add_session(s->session_ctx, s->session))
2336 && (s->session_ctx->new_session_cb != NULL)) {
2337 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2338 if (!s->session_ctx->new_session_cb(s, s->session))
2339 SSL_SESSION_free(s->session);
2340 }
2341
2342 /* auto flush every 255 connections */
2343 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2344 ((i & mode) == mode)) {
2345 if ((((mode & SSL_SESS_CACHE_CLIENT) ?
2346 s->session_ctx->stats.sess_connect_good :
2347 s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
2348 SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
2349 }
2350 }
2351}
2352
2353const SSL_METHOD *
2354SSL_get_ssl_method(SSL *s)
2355{
2356 return (s->method);
2357}
2358
2359int
2360SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2361{
2362 int conn = -1;
2363 int ret = 1;
2364
2365 if (s->method != meth) {
2366 if (s->handshake_func != NULL)
2367 conn = (s->handshake_func == s->method->ssl_connect);
2368
2369 if (s->method->version == meth->version)
2370 s->method = meth;
2371 else {
2372 s->method->ssl_free(s);
2373 s->method = meth;
2374 ret = s->method->ssl_new(s);
2375 }
2376
2377 if (conn == 1)
2378 s->handshake_func = meth->ssl_connect;
2379 else if (conn == 0)
2380 s->handshake_func = meth->ssl_accept;
2381 }
2382 return (ret);
2383}
2384
2385int
2386SSL_get_error(const SSL *s, int i)
2387{
2388 int reason;
2389 unsigned long l;
2390 BIO *bio;
2391
2392 if (i > 0)
2393 return (SSL_ERROR_NONE);
2394
2395 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2396 * etc, where we do encode the error */
2397 if ((l = ERR_peek_error()) != 0) {
2398 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2399 return (SSL_ERROR_SYSCALL);
2400 else
2401 return (SSL_ERROR_SSL);
2402 }
2403
2404 if ((i < 0) && SSL_want_read(s)) {
2405 bio = SSL_get_rbio(s);
2406 if (BIO_should_read(bio)) {
2407 return (SSL_ERROR_WANT_READ);
2408 } else if (BIO_should_write(bio)) {
2409 /*
2410 * This one doesn't make too much sense... We never
2411 * try to write to the rbio, and an application
2412 * program where rbio and wbio are separate couldn't
2413 * even know what it should wait for. However if we
2414 * ever set s->rwstate incorrectly (so that we have
2415 * SSL_want_read(s) instead of SSL_want_write(s))
2416 * and rbio and wbio *are* the same, this test works
2417 * around that bug; so it might be safer to keep it.
2418 */
2419 return (SSL_ERROR_WANT_WRITE);
2420 } else if (BIO_should_io_special(bio)) {
2421 reason = BIO_get_retry_reason(bio);
2422 if (reason == BIO_RR_CONNECT)
2423 return (SSL_ERROR_WANT_CONNECT);
2424 else if (reason == BIO_RR_ACCEPT)
2425 return (SSL_ERROR_WANT_ACCEPT);
2426 else
2427 return (SSL_ERROR_SYSCALL); /* unknown */
2428 }
2429 }
2430
2431 if ((i < 0) && SSL_want_write(s)) {
2432 bio = SSL_get_wbio(s);
2433 if (BIO_should_write(bio)) {
2434 return (SSL_ERROR_WANT_WRITE);
2435 } else if (BIO_should_read(bio)) {
2436 /*
2437 * See above (SSL_want_read(s) with
2438 * BIO_should_write(bio))
2439 */
2440 return (SSL_ERROR_WANT_READ);
2441 } else if (BIO_should_io_special(bio)) {
2442 reason = BIO_get_retry_reason(bio);
2443 if (reason == BIO_RR_CONNECT)
2444 return (SSL_ERROR_WANT_CONNECT);
2445 else if (reason == BIO_RR_ACCEPT)
2446 return (SSL_ERROR_WANT_ACCEPT);
2447 else
2448 return (SSL_ERROR_SYSCALL);
2449 }
2450 }
2451 if ((i < 0) && SSL_want_x509_lookup(s)) {
2452 return (SSL_ERROR_WANT_X509_LOOKUP);
2453 }
2454
2455 if (i == 0) {
2456 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2457 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2458 return (SSL_ERROR_ZERO_RETURN);
2459 }
2460 return (SSL_ERROR_SYSCALL);
2461}
2462
2463int
2464SSL_do_handshake(SSL *s)
2465{
2466 int ret = 1;
2467
2468 if (s->handshake_func == NULL) {
2469 SSLerr(SSL_F_SSL_DO_HANDSHAKE,
2470 SSL_R_CONNECTION_TYPE_NOT_SET);
2471 return (-1);
2472 }
2473
2474 s->method->ssl_renegotiate_check(s);
2475
2476 if (SSL_in_init(s) || SSL_in_before(s)) {
2477 ret = s->handshake_func(s);
2478 }
2479 return (ret);
2480}
2481
2482/*
2483 * For the next 2 functions, SSL_clear() sets shutdown and so
2484 * one of these calls will reset it
2485 */
2486void
2487SSL_set_accept_state(SSL *s)
2488{
2489 s->server = 1;
2490 s->shutdown = 0;
2491 s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2492 s->handshake_func = s->method->ssl_accept;
2493 /* clear the current cipher */
2494 ssl_clear_cipher_ctx(s);
2495 ssl_clear_hash_ctx(&s->read_hash);
2496 ssl_clear_hash_ctx(&s->write_hash);
2497}
2498
2499void
2500SSL_set_connect_state(SSL *s)
2501{
2502 s->server = 0;
2503 s->shutdown = 0;
2504 s->state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2505 s->handshake_func = s->method->ssl_connect;
2506 /* clear the current cipher */
2507 ssl_clear_cipher_ctx(s);
2508 ssl_clear_hash_ctx(&s->read_hash);
2509 ssl_clear_hash_ctx(&s->write_hash);
2510}
2511
2512int
2513ssl_undefined_function(SSL *s)
2514{
2515 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,
2516 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2517 return (0);
2518}
2519
2520int
2521ssl_undefined_void_function(void)
2522{
2523 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
2524 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2525 return (0);
2526}
2527
2528int
2529ssl_undefined_const_function(const SSL *s)
2530{
2531 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,
2532 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2533 return (0);
2534}
2535
2536SSL_METHOD *
2537ssl_bad_method(int ver)
2538{
2539 SSLerr(SSL_F_SSL_BAD_METHOD,
2540 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2541 return (NULL);
2542}
2543
2544const char *
2545ssl_version_string(int ver)
2546{
2547 switch (ver) {
2548 case DTLS1_BAD_VER:
2549 return (SSL_TXT_DTLS1_BAD);
2550 case DTLS1_VERSION:
2551 return (SSL_TXT_DTLS1);
2552 case SSL3_VERSION:
2553 return (SSL_TXT_SSLV3);
2554 case TLS1_VERSION:
2555 return (SSL_TXT_TLSV1);
2556 case TLS1_1_VERSION:
2557 return (SSL_TXT_TLSV1_1);
2558 case TLS1_2_VERSION:
2559 return (SSL_TXT_TLSV1_2);
2560 default:
2561 return ("unknown");
2562 }
2563}
2564
2565const char *
2566SSL_get_version(const SSL *s)
2567{
2568 return ssl_version_string(s->version);
2569}
2570
2571uint16_t
2572ssl_max_server_version(SSL *s)
2573{
2574 uint16_t max_version;
2575
2576 /*
2577 * The SSL method will be changed during version negotiation, as such
2578 * we want to use the SSL method from the context.
2579 */
2580 max_version = s->ctx->method->version;
2581
2582 if (SSL_IS_DTLS(s))
2583 return (DTLS1_VERSION);
2584
2585 if ((s->options & SSL_OP_NO_TLSv1_2) == 0 &&
2586 max_version >= TLS1_2_VERSION)
2587 return (TLS1_2_VERSION);
2588 if ((s->options & SSL_OP_NO_TLSv1_1) == 0 &&
2589 max_version >= TLS1_1_VERSION)
2590 return (TLS1_1_VERSION);
2591 if ((s->options & SSL_OP_NO_TLSv1) == 0 &&
2592 max_version >= TLS1_VERSION)
2593 return (TLS1_VERSION);
2594 if ((s->options & SSL_OP_NO_SSLv3) == 0 &&
2595 max_version >= SSL3_VERSION)
2596 return (SSL3_VERSION);
2597
2598 return (0);
2599}
2600
2601SSL *
2602SSL_dup(SSL *s)
2603{
2604 STACK_OF(X509_NAME) *sk;
2605 X509_NAME *xn;
2606 SSL *ret;
2607 int i;
2608
2609 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2610 return (NULL);
2611
2612 ret->version = s->version;
2613 ret->type = s->type;
2614 ret->method = s->method;
2615
2616 if (s->session != NULL) {
2617 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
2618 SSL_copy_session_id(ret, s);
2619 } else {
2620 /*
2621 * No session has been established yet, so we have to expect
2622 * that s->cert or ret->cert will be changed later --
2623 * they should not both point to the same object,
2624 * and thus we can't use SSL_copy_session_id.
2625 */
2626
2627 ret->method->ssl_free(ret);
2628 ret->method = s->method;
2629 ret->method->ssl_new(ret);
2630
2631 if (s->cert != NULL) {
2632 if (ret->cert != NULL) {
2633 ssl_cert_free(ret->cert);
2634 }
2635 ret->cert = ssl_cert_dup(s->cert);
2636 if (ret->cert == NULL)
2637 goto err;
2638 }
2639
2640 SSL_set_session_id_context(ret,
2641 s->sid_ctx, s->sid_ctx_length);
2642 }
2643
2644 ret->options = s->options;
2645 ret->mode = s->mode;
2646 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
2647 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
2648 ret->msg_callback = s->msg_callback;
2649 ret->msg_callback_arg = s->msg_callback_arg;
2650 SSL_set_verify(ret, SSL_get_verify_mode(s),
2651 SSL_get_verify_callback(s));
2652 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
2653 ret->generate_session_id = s->generate_session_id;
2654
2655 SSL_set_info_callback(ret, SSL_get_info_callback(s));
2656
2657 ret->debug = s->debug;
2658
2659 /* copy app data, a little dangerous perhaps */
2660 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
2661 &ret->ex_data, &s->ex_data))
2662 goto err;
2663
2664 /* setup rbio, and wbio */
2665 if (s->rbio != NULL) {
2666 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2667 goto err;
2668 }
2669 if (s->wbio != NULL) {
2670 if (s->wbio != s->rbio) {
2671 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2672 goto err;
2673 } else
2674 ret->wbio = ret->rbio;
2675 }
2676 ret->rwstate = s->rwstate;
2677 ret->in_handshake = s->in_handshake;
2678 ret->handshake_func = s->handshake_func;
2679 ret->server = s->server;
2680 ret->renegotiate = s->renegotiate;
2681 ret->new_session = s->new_session;
2682 ret->quiet_shutdown = s->quiet_shutdown;
2683 ret->shutdown = s->shutdown;
2684 /* SSL_dup does not really work at any state, though */
2685 ret->state=s->state;
2686 ret->rstate = s->rstate;
2687
2688 /*
2689 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
2690 * ret->init_off
2691 */
2692 ret->init_num = 0;
2693
2694 ret->hit = s->hit;
2695
2696 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2697
2698 /* dup the cipher_list and cipher_list_by_id stacks */
2699 if (s->cipher_list != NULL) {
2700 if ((ret->cipher_list =
2701 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2702 goto err;
2703 }
2704 if (s->cipher_list_by_id != NULL) {
2705 if ((ret->cipher_list_by_id =
2706 sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL)
2707 goto err;
2708 }
2709
2710 /* Dup the client_CA list */
2711 if (s->client_CA != NULL) {
2712 if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
2713 ret->client_CA = sk;
2714 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
2715 xn = sk_X509_NAME_value(sk, i);
2716 if (sk_X509_NAME_set(sk, i,
2717 X509_NAME_dup(xn)) == NULL) {
2718 X509_NAME_free(xn);
2719 goto err;
2720 }
2721 }
2722 }
2723
2724 if (0) {
2725err:
2726 if (ret != NULL)
2727 SSL_free(ret);
2728 ret = NULL;
2729 }
2730 return (ret);
2731}
2732
2733void
2734ssl_clear_cipher_ctx(SSL *s)
2735{
2736 EVP_CIPHER_CTX_free(s->enc_read_ctx);
2737 s->enc_read_ctx = NULL;
2738 EVP_CIPHER_CTX_free(s->enc_write_ctx);
2739 s->enc_write_ctx = NULL;
2740
2741 if (s->aead_read_ctx != NULL) {
2742 EVP_AEAD_CTX_cleanup(&s->aead_read_ctx->ctx);
2743 free(s->aead_read_ctx);
2744 s->aead_read_ctx = NULL;
2745 }
2746 if (s->aead_write_ctx != NULL) {
2747 EVP_AEAD_CTX_cleanup(&s->aead_write_ctx->ctx);
2748 free(s->aead_write_ctx);
2749 s->aead_write_ctx = NULL;
2750 }
2751
2752}
2753
2754/* Fix this function so that it takes an optional type parameter */
2755X509 *
2756SSL_get_certificate(const SSL *s)
2757{
2758 if (s->cert != NULL)
2759 return (s->cert->key->x509);
2760 else
2761 return (NULL);
2762}
2763
2764/* Fix this function so that it takes an optional type parameter */
2765EVP_PKEY *
2766SSL_get_privatekey(SSL *s)
2767{
2768 if (s->cert != NULL)
2769 return (s->cert->key->privatekey);
2770 else
2771 return (NULL);
2772}
2773
2774const SSL_CIPHER *
2775SSL_get_current_cipher(const SSL *s)
2776{
2777 if ((s->session != NULL) && (s->session->cipher != NULL))
2778 return (s->session->cipher);
2779 return (NULL);
2780}
2781const void *
2782SSL_get_current_compression(SSL *s)
2783{
2784 return (NULL);
2785}
2786
2787const void *
2788SSL_get_current_expansion(SSL *s)
2789{
2790 return (NULL);
2791}
2792
2793int
2794ssl_init_wbio_buffer(SSL *s, int push)
2795{
2796 BIO *bbio;
2797
2798 if (s->bbio == NULL) {
2799 bbio = BIO_new(BIO_f_buffer());
2800 if (bbio == NULL)
2801 return (0);
2802 s->bbio = bbio;
2803 } else {
2804 bbio = s->bbio;
2805 if (s->bbio == s->wbio)
2806 s->wbio = BIO_pop(s->wbio);
2807 }
2808 (void)BIO_reset(bbio);
2809/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2810 if (!BIO_set_read_buffer_size(bbio, 1)) {
2811 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,
2812 ERR_R_BUF_LIB);
2813 return (0);
2814 }
2815 if (push) {
2816 if (s->wbio != bbio)
2817 s->wbio = BIO_push(bbio, s->wbio);
2818 } else {
2819 if (s->wbio == bbio)
2820 s->wbio = BIO_pop(bbio);
2821 }
2822 return (1);
2823}
2824
2825void
2826ssl_free_wbio_buffer(SSL *s)
2827{
2828 if (s == NULL)
2829 return;
2830
2831 if (s->bbio == NULL)
2832 return;
2833
2834 if (s->bbio == s->wbio) {
2835 /* remove buffering */
2836 s->wbio = BIO_pop(s->wbio);
2837 }
2838 BIO_free(s->bbio);
2839 s->bbio = NULL;
2840}
2841
2842void
2843SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
2844{
2845 ctx->quiet_shutdown = mode;
2846}
2847
2848int
2849SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2850{
2851 return (ctx->quiet_shutdown);
2852}
2853
2854void
2855SSL_set_quiet_shutdown(SSL *s, int mode)
2856{
2857 s->quiet_shutdown = mode;
2858}
2859
2860int
2861SSL_get_quiet_shutdown(const SSL *s)
2862{
2863 return (s->quiet_shutdown);
2864}
2865
2866void
2867SSL_set_shutdown(SSL *s, int mode)
2868{
2869 s->shutdown = mode;
2870}
2871
2872int
2873SSL_get_shutdown(const SSL *s)
2874{
2875 return (s->shutdown);
2876}
2877
2878int
2879SSL_version(const SSL *s)
2880{
2881 return (s->version);
2882}
2883
2884SSL_CTX *
2885SSL_get_SSL_CTX(const SSL *ssl)
2886{
2887 return (ssl->ctx);
2888}
2889
2890SSL_CTX *
2891SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2892{
2893 if (ssl->ctx == ctx)
2894 return (ssl->ctx);
2895 if (ctx == NULL)
2896 ctx = ssl->initial_ctx;
2897 if (ssl->cert != NULL)
2898 ssl_cert_free(ssl->cert);
2899 ssl->cert = ssl_cert_dup(ctx->cert);
2900 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
2901 SSL_CTX_free(ssl->ctx); /* decrement reference count */
2902 ssl->ctx = ctx;
2903 return (ssl->ctx);
2904}
2905
2906int
2907SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
2908{
2909 return (X509_STORE_set_default_paths(ctx->cert_store));
2910}
2911
2912int
2913SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
2914 const char *CApath)
2915{
2916 return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
2917}
2918
2919int
2920SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len)
2921{
2922 return (X509_STORE_load_mem(ctx->cert_store, buf, len));
2923}
2924
2925void
2926SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
2927{
2928 ssl->info_callback = cb;
2929}
2930
2931void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
2932{
2933 return (ssl->info_callback);
2934}
2935
2936int
2937SSL_state(const SSL *ssl)
2938{
2939 return (ssl->state);
2940}
2941
2942void
2943SSL_set_state(SSL *ssl, int state)
2944{
2945 ssl->state = state;
2946}
2947
2948void
2949SSL_set_verify_result(SSL *ssl, long arg)
2950{
2951 ssl->verify_result = arg;
2952}
2953
2954long
2955SSL_get_verify_result(const SSL *ssl)
2956{
2957 return (ssl->verify_result);
2958}
2959
2960int
2961SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2962 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2963{
2964 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
2965 new_func, dup_func, free_func));
2966}
2967
2968int
2969SSL_set_ex_data(SSL *s, int idx, void *arg)
2970{
2971 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
2972}
2973
2974void *
2975SSL_get_ex_data(const SSL *s, int idx)
2976{
2977 return (CRYPTO_get_ex_data(&s->ex_data, idx));
2978}
2979
2980int
2981SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2982 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2983{
2984 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
2985 new_func, dup_func, free_func));
2986}
2987
2988int
2989SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
2990{
2991 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
2992}
2993
2994void *
2995SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
2996{
2997 return (CRYPTO_get_ex_data(&s->ex_data, idx));
2998}
2999
3000int
3001ssl_ok(SSL *s)
3002{
3003 return (1);
3004}
3005
3006X509_STORE *
3007SSL_CTX_get_cert_store(const SSL_CTX *ctx)
3008{
3009 return (ctx->cert_store);
3010}
3011
3012void
3013SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
3014{
3015 if (ctx->cert_store != NULL)
3016 X509_STORE_free(ctx->cert_store);
3017 ctx->cert_store = store;
3018}
3019
3020int
3021SSL_want(const SSL *s)
3022{
3023 return (s->rwstate);
3024}
3025
3026void
3027SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export,
3028 int keylength))
3029{
3030 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3031}
3032
3033void
3034SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
3035 int keylength))
3036{
3037 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3038}
3039
3040void
3041SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export,
3042 int keylength))
3043{
3044 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3045}
3046
3047void
3048SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
3049 int keylength))
3050{
3051 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3052}
3053
3054void
3055SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,
3056 int is_export, int keylength))
3057{
3058 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
3059 (void (*)(void))ecdh);
3060}
3061
3062void
3063SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
3064 int keylength))
3065{
3066 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3067}
3068
3069
3070void
3071SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version,
3072 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3073{
3074 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK,
3075 (void (*)(void))cb);
3076}
3077
3078void
3079SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
3080 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3081{
3082 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3083}
3084
3085/*
3086 * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
3087 * variable, freeing EVP_MD_CTX previously stored in that variable, if
3088 * any. If EVP_MD pointer is passed, initializes ctx with this md
3089 * Returns newly allocated ctx;
3090 */
3091EVP_MD_CTX *
3092ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
3093{
3094 ssl_clear_hash_ctx(hash);
3095 *hash = EVP_MD_CTX_create();
3096 if (*hash != NULL && md != NULL) {
3097 if (!EVP_DigestInit_ex(*hash, md, NULL)) {
3098 ssl_clear_hash_ctx(hash);
3099 return (NULL);
3100 }
3101 }
3102 return (*hash);
3103}
3104
3105void
3106ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3107{
3108 if (*hash)
3109 EVP_MD_CTX_destroy(*hash);
3110 *hash = NULL;
3111}
3112
3113void
3114SSL_set_debug(SSL *s, int debug)
3115{
3116 s->debug = debug;
3117}
3118
3119int
3120SSL_cache_hit(SSL *s)
3121{
3122 return (s->hit);
3123}
3124
3125IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 22:54:45 +0000