summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c3694
1 files changed, 0 insertions, 3694 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index b1169b0242..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,3694 +0,0 @@
1/* $OpenBSD: ssl_lib.c,v 1.311 2023/07/08 16:40:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#include <arpa/inet.h>
144#include <sys/socket.h>
145#include <netinet/in.h>
146
147#include <limits.h>
148#include <stdio.h>
149
150#include <openssl/dh.h>
151#include <openssl/lhash.h>
152#include <openssl/objects.h>
153#include <openssl/ocsp.h>
154#include <openssl/opensslconf.h>
155#include <openssl/x509v3.h>
156
157#ifndef OPENSSL_NO_ENGINE
158#include <openssl/engine.h>
159#endif
160
161#include "bytestring.h"
162#include "dtls_local.h"
163#include "ssl_local.h"
164#include "ssl_sigalgs.h"
165#include "ssl_tlsext.h"
166#include "tls12_internal.h"
167
168const char *SSL_version_str = OPENSSL_VERSION_TEXT;
169
170int
171SSL_clear(SSL *s)
172{
173 if (s->method == NULL) {
174 SSLerror(s, SSL_R_NO_METHOD_SPECIFIED);
175 return (0);
176 }
177
178 if (ssl_clear_bad_session(s)) {
179 SSL_SESSION_free(s->session);
180 s->session = NULL;
181 }
182
183 s->error = 0;
184 s->hit = 0;
185 s->shutdown = 0;
186
187 if (s->renegotiate) {
188 SSLerror(s, ERR_R_INTERNAL_ERROR);
189 return (0);
190 }
191
192 s->version = s->method->version;
193 s->client_version = s->version;
194 s->rwstate = SSL_NOTHING;
195 s->rstate = SSL_ST_READ_HEADER;
196
197 tls13_ctx_free(s->tls13);
198 s->tls13 = NULL;
199
200 ssl3_release_init_buffer(s);
201
202 ssl_clear_cipher_state(s);
203
204 s->first_packet = 0;
205
206 /*
207 * Check to see if we were changed into a different method, if
208 * so, revert back if we are not doing session-id reuse.
209 */
210 if (!s->in_handshake && (s->session == NULL) &&
211 (s->method != s->ctx->method)) {
212 s->method->ssl_free(s);
213 s->method = s->ctx->method;
214 if (!s->method->ssl_new(s))
215 return (0);
216 } else
217 s->method->ssl_clear(s);
218
219 return (1);
220}
221LSSL_ALIAS(SSL_clear);
222
223/* Used to change an SSL_CTXs default SSL method type */
224int
225SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
226{
227 STACK_OF(SSL_CIPHER) *ciphers;
228
229 ctx->method = meth;
230
231 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
232 ctx->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST,
233 ctx->cert);
234 if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) {
235 SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
236 return (0);
237 }
238 return (1);
239}
240LSSL_ALIAS(SSL_CTX_set_ssl_version);
241
242SSL *
243SSL_new(SSL_CTX *ctx)
244{
245 SSL *s;
246 CBS cbs;
247
248 if (ctx == NULL) {
249 SSLerrorx(SSL_R_NULL_SSL_CTX);
250 return (NULL);
251 }
252 if (ctx->method == NULL) {
253 SSLerrorx(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
254 return (NULL);
255 }
256
257 if ((s = calloc(1, sizeof(*s))) == NULL)
258 goto err;
259
260 if ((s->rl = tls12_record_layer_new()) == NULL)
261 goto err;
262
263 s->min_tls_version = ctx->min_tls_version;
264 s->max_tls_version = ctx->max_tls_version;
265 s->min_proto_version = ctx->min_proto_version;
266 s->max_proto_version = ctx->max_proto_version;
267
268 s->options = ctx->options;
269 s->mode = ctx->mode;
270 s->max_cert_list = ctx->max_cert_list;
271 s->num_tickets = ctx->num_tickets;
272
273 if ((s->cert = ssl_cert_dup(ctx->cert)) == NULL)
274 goto err;
275
276 s->read_ahead = ctx->read_ahead;
277 s->msg_callback = ctx->msg_callback;
278 s->msg_callback_arg = ctx->msg_callback_arg;
279 s->verify_mode = ctx->verify_mode;
280 s->sid_ctx_length = ctx->sid_ctx_length;
281 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
282 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
283 s->verify_callback = ctx->default_verify_callback;
284 s->generate_session_id = ctx->generate_session_id;
285
286 s->param = X509_VERIFY_PARAM_new();
287 if (!s->param)
288 goto err;
289 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
290 s->quiet_shutdown = ctx->quiet_shutdown;
291 s->max_send_fragment = ctx->max_send_fragment;
292
293 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
294 s->ctx = ctx;
295 s->tlsext_debug_cb = 0;
296 s->tlsext_debug_arg = NULL;
297 s->tlsext_ticket_expected = 0;
298 s->tlsext_status_type = -1;
299 s->tlsext_status_expected = 0;
300 s->tlsext_ocsp_ids = NULL;
301 s->tlsext_ocsp_exts = NULL;
302 s->tlsext_ocsp_resp = NULL;
303 s->tlsext_ocsp_resp_len = 0;
304 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
305 s->initial_ctx = ctx;
306
307 if (!tlsext_randomize_build_order(s))
308 goto err;
309
310 if (ctx->tlsext_ecpointformatlist != NULL) {
311 s->tlsext_ecpointformatlist =
312 calloc(ctx->tlsext_ecpointformatlist_length,
313 sizeof(ctx->tlsext_ecpointformatlist[0]));
314 if (s->tlsext_ecpointformatlist == NULL)
315 goto err;
316 memcpy(s->tlsext_ecpointformatlist,
317 ctx->tlsext_ecpointformatlist,
318 ctx->tlsext_ecpointformatlist_length *
319 sizeof(ctx->tlsext_ecpointformatlist[0]));
320 s->tlsext_ecpointformatlist_length =
321 ctx->tlsext_ecpointformatlist_length;
322 }
323 if (ctx->tlsext_supportedgroups != NULL) {
324 s->tlsext_supportedgroups =
325 calloc(ctx->tlsext_supportedgroups_length,
326 sizeof(ctx->tlsext_supportedgroups[0]));
327 if (s->tlsext_supportedgroups == NULL)
328 goto err;
329 memcpy(s->tlsext_supportedgroups,
330 ctx->tlsext_supportedgroups,
331 ctx->tlsext_supportedgroups_length *
332 sizeof(ctx->tlsext_supportedgroups[0]));
333 s->tlsext_supportedgroups_length =
334 ctx->tlsext_supportedgroups_length;
335 }
336
337 CBS_init(&cbs, ctx->alpn_client_proto_list,
338 ctx->alpn_client_proto_list_len);
339 if (!CBS_stow(&cbs, &s->alpn_client_proto_list,
340 &s->alpn_client_proto_list_len))
341 goto err;
342
343 s->verify_result = X509_V_OK;
344
345 s->method = ctx->method;
346 s->quic_method = ctx->quic_method;
347
348 if (!s->method->ssl_new(s))
349 goto err;
350
351 s->references = 1;
352 s->server = ctx->method->server;
353
354 SSL_clear(s);
355
356 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
357
358 return (s);
359
360 err:
361 SSL_free(s);
362 SSLerrorx(ERR_R_MALLOC_FAILURE);
363 return (NULL);
364}
365LSSL_ALIAS(SSL_new);
366
367int
368SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
369 unsigned int sid_ctx_len)
370{
371 if (sid_ctx_len > sizeof ctx->sid_ctx) {
372 SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
373 return (0);
374 }
375 ctx->sid_ctx_length = sid_ctx_len;
376 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
377
378 return (1);
379}
380LSSL_ALIAS(SSL_CTX_set_session_id_context);
381
382int
383SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
384 unsigned int sid_ctx_len)
385{
386 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
387 SSLerror(ssl, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
388 return (0);
389 }
390 ssl->sid_ctx_length = sid_ctx_len;
391 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
392
393 return (1);
394}
395LSSL_ALIAS(SSL_set_session_id_context);
396
397int
398SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
399{
400 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
401 ctx->generate_session_id = cb;
402 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
403 return (1);
404}
405LSSL_ALIAS(SSL_CTX_set_generate_session_id);
406
407int
408SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
409{
410 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
411 ssl->generate_session_id = cb;
412 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
413 return (1);
414}
415LSSL_ALIAS(SSL_set_generate_session_id);
416
417int
418SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
419 unsigned int id_len)
420{
421 /*
422 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
423 * shows how we can "construct" a session to give us the desired
424 * check - ie. to find if there's a session in the hash table
425 * that would conflict with any new session built out of this
426 * id/id_len and the ssl_version in use by this SSL.
427 */
428 SSL_SESSION r, *p;
429
430 if (id_len > sizeof r.session_id)
431 return (0);
432
433 r.ssl_version = ssl->version;
434 r.session_id_length = id_len;
435 memcpy(r.session_id, id, id_len);
436
437 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
438 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
439 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
440 return (p != NULL);
441}
442LSSL_ALIAS(SSL_has_matching_session_id);
443
444int
445SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
446{
447 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
448}
449LSSL_ALIAS(SSL_CTX_set_purpose);
450
451int
452SSL_set_purpose(SSL *s, int purpose)
453{
454 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
455}
456LSSL_ALIAS(SSL_set_purpose);
457
458int
459SSL_CTX_set_trust(SSL_CTX *s, int trust)
460{
461 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
462}
463LSSL_ALIAS(SSL_CTX_set_trust);
464
465int
466SSL_set_trust(SSL *s, int trust)
467{
468 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
469}
470LSSL_ALIAS(SSL_set_trust);
471
472int
473SSL_set1_host(SSL *s, const char *hostname)
474{
475 struct in_addr ina;
476 struct in6_addr in6a;
477
478 if (hostname != NULL && *hostname != '\0' &&
479 (inet_pton(AF_INET, hostname, &ina) == 1 ||
480 inet_pton(AF_INET6, hostname, &in6a) == 1))
481 return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname);
482 else
483 return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
484}
485LSSL_ALIAS(SSL_set1_host);
486
487void
488SSL_set_hostflags(SSL *s, unsigned int flags)
489{
490 X509_VERIFY_PARAM_set_hostflags(s->param, flags);
491}
492LSSL_ALIAS(SSL_set_hostflags);
493
494const char *
495SSL_get0_peername(SSL *s)
496{
497 return X509_VERIFY_PARAM_get0_peername(s->param);
498}
499LSSL_ALIAS(SSL_get0_peername);
500
501X509_VERIFY_PARAM *
502SSL_CTX_get0_param(SSL_CTX *ctx)
503{
504 return (ctx->param);
505}
506LSSL_ALIAS(SSL_CTX_get0_param);
507
508int
509SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
510{
511 return (X509_VERIFY_PARAM_set1(ctx->param, vpm));
512}
513LSSL_ALIAS(SSL_CTX_set1_param);
514
515X509_VERIFY_PARAM *
516SSL_get0_param(SSL *ssl)
517{
518 return (ssl->param);
519}
520LSSL_ALIAS(SSL_get0_param);
521
522int
523SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
524{
525 return (X509_VERIFY_PARAM_set1(ssl->param, vpm));
526}
527LSSL_ALIAS(SSL_set1_param);
528
529void
530SSL_free(SSL *s)
531{
532 int i;
533
534 if (s == NULL)
535 return;
536
537 i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
538 if (i > 0)
539 return;
540
541 X509_VERIFY_PARAM_free(s->param);
542
543 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
544
545 if (s->bbio != NULL) {
546 /* If the buffering BIO is in place, pop it off */
547 if (s->bbio == s->wbio) {
548 s->wbio = BIO_pop(s->wbio);
549 }
550 BIO_free(s->bbio);
551 s->bbio = NULL;
552 }
553
554 if (s->rbio != s->wbio)
555 BIO_free_all(s->rbio);
556 BIO_free_all(s->wbio);
557
558 tls13_ctx_free(s->tls13);
559
560 ssl3_release_init_buffer(s);
561
562 sk_SSL_CIPHER_free(s->cipher_list);
563 sk_SSL_CIPHER_free(s->cipher_list_tls13);
564
565 /* Make the next call work :-) */
566 if (s->session != NULL) {
567 ssl_clear_bad_session(s);
568 SSL_SESSION_free(s->session);
569 }
570
571 ssl_clear_cipher_state(s);
572
573 ssl_cert_free(s->cert);
574
575 free(s->tlsext_build_order);
576
577 free(s->tlsext_hostname);
578 SSL_CTX_free(s->initial_ctx);
579
580 free(s->tlsext_ecpointformatlist);
581 free(s->tlsext_supportedgroups);
582
583 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
584 X509_EXTENSION_free);
585 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
586 free(s->tlsext_ocsp_resp);
587
588 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
589
590 if (s->method != NULL)
591 s->method->ssl_free(s);
592
593 SSL_CTX_free(s->ctx);
594
595 free(s->alpn_client_proto_list);
596
597 free(s->quic_transport_params);
598
599#ifndef OPENSSL_NO_SRTP
600 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
601#endif
602
603 tls12_record_layer_free(s->rl);
604
605 free(s);
606}
607LSSL_ALIAS(SSL_free);
608
609int
610SSL_up_ref(SSL *s)
611{
612 int refs = CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL);
613 return (refs > 1) ? 1 : 0;
614}
615LSSL_ALIAS(SSL_up_ref);
616
617void
618SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
619{
620 /* If the output buffering BIO is still in place, remove it */
621 if (s->bbio != NULL) {
622 if (s->wbio == s->bbio) {
623 s->wbio = BIO_next(s->wbio);
624 BIO_set_next(s->bbio, NULL);
625 }
626 }
627
628 if (s->rbio != rbio && s->rbio != s->wbio)
629 BIO_free_all(s->rbio);
630 if (s->wbio != wbio)
631 BIO_free_all(s->wbio);
632 s->rbio = rbio;
633 s->wbio = wbio;
634}
635LSSL_ALIAS(SSL_set_bio);
636
637BIO *
638SSL_get_rbio(const SSL *s)
639{
640 return (s->rbio);
641}
642LSSL_ALIAS(SSL_get_rbio);
643
644void
645SSL_set0_rbio(SSL *s, BIO *rbio)
646{
647 BIO_free_all(s->rbio);
648 s->rbio = rbio;
649}
650LSSL_ALIAS(SSL_set0_rbio);
651
652BIO *
653SSL_get_wbio(const SSL *s)
654{
655 return (s->wbio);
656}
657LSSL_ALIAS(SSL_get_wbio);
658
659int
660SSL_get_fd(const SSL *s)
661{
662 return (SSL_get_rfd(s));
663}
664LSSL_ALIAS(SSL_get_fd);
665
666int
667SSL_get_rfd(const SSL *s)
668{
669 int ret = -1;
670 BIO *b, *r;
671
672 b = SSL_get_rbio(s);
673 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
674 if (r != NULL)
675 BIO_get_fd(r, &ret);
676 return (ret);
677}
678LSSL_ALIAS(SSL_get_rfd);
679
680int
681SSL_get_wfd(const SSL *s)
682{
683 int ret = -1;
684 BIO *b, *r;
685
686 b = SSL_get_wbio(s);
687 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
688 if (r != NULL)
689 BIO_get_fd(r, &ret);
690 return (ret);
691}
692LSSL_ALIAS(SSL_get_wfd);
693
694int
695SSL_set_fd(SSL *s, int fd)
696{
697 int ret = 0;
698 BIO *bio = NULL;
699
700 bio = BIO_new(BIO_s_socket());
701
702 if (bio == NULL) {
703 SSLerror(s, ERR_R_BUF_LIB);
704 goto err;
705 }
706 BIO_set_fd(bio, fd, BIO_NOCLOSE);
707 SSL_set_bio(s, bio, bio);
708 ret = 1;
709 err:
710 return (ret);
711}
712LSSL_ALIAS(SSL_set_fd);
713
714int
715SSL_set_wfd(SSL *s, int fd)
716{
717 int ret = 0;
718 BIO *bio = NULL;
719
720 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
721 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
722 bio = BIO_new(BIO_s_socket());
723
724 if (bio == NULL) {
725 SSLerror(s, ERR_R_BUF_LIB);
726 goto err;
727 }
728 BIO_set_fd(bio, fd, BIO_NOCLOSE);
729 SSL_set_bio(s, SSL_get_rbio(s), bio);
730 } else
731 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
732 ret = 1;
733 err:
734 return (ret);
735}
736LSSL_ALIAS(SSL_set_wfd);
737
738int
739SSL_set_rfd(SSL *s, int fd)
740{
741 int ret = 0;
742 BIO *bio = NULL;
743
744 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
745 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
746 bio = BIO_new(BIO_s_socket());
747
748 if (bio == NULL) {
749 SSLerror(s, ERR_R_BUF_LIB);
750 goto err;
751 }
752 BIO_set_fd(bio, fd, BIO_NOCLOSE);
753 SSL_set_bio(s, bio, SSL_get_wbio(s));
754 } else
755 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
756 ret = 1;
757 err:
758 return (ret);
759}
760LSSL_ALIAS(SSL_set_rfd);
761
762
763/* return length of latest Finished message we sent, copy to 'buf' */
764size_t
765SSL_get_finished(const SSL *s, void *buf, size_t count)
766{
767 size_t ret;
768
769 ret = s->s3->hs.finished_len;
770 if (count > ret)
771 count = ret;
772 memcpy(buf, s->s3->hs.finished, count);
773 return (ret);
774}
775LSSL_ALIAS(SSL_get_finished);
776
777/* return length of latest Finished message we expected, copy to 'buf' */
778size_t
779SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
780{
781 size_t ret;
782
783 ret = s->s3->hs.peer_finished_len;
784 if (count > ret)
785 count = ret;
786 memcpy(buf, s->s3->hs.peer_finished, count);
787 return (ret);
788}
789LSSL_ALIAS(SSL_get_peer_finished);
790
791
792int
793SSL_get_verify_mode(const SSL *s)
794{
795 return (s->verify_mode);
796}
797LSSL_ALIAS(SSL_get_verify_mode);
798
799int
800SSL_get_verify_depth(const SSL *s)
801{
802 return (X509_VERIFY_PARAM_get_depth(s->param));
803}
804LSSL_ALIAS(SSL_get_verify_depth);
805
806int
807(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
808{
809 return (s->verify_callback);
810}
811LSSL_ALIAS(SSL_get_verify_callback);
812
813void
814SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
815{
816 ctx->keylog_callback = cb;
817}
818LSSL_ALIAS(SSL_CTX_set_keylog_callback);
819
820SSL_CTX_keylog_cb_func
821SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
822{
823 return (ctx->keylog_callback);
824}
825LSSL_ALIAS(SSL_CTX_get_keylog_callback);
826
827int
828SSL_set_num_tickets(SSL *s, size_t num_tickets)
829{
830 s->num_tickets = num_tickets;
831
832 return 1;
833}
834LSSL_ALIAS(SSL_set_num_tickets);
835
836size_t
837SSL_get_num_tickets(const SSL *s)
838{
839 return s->num_tickets;
840}
841LSSL_ALIAS(SSL_get_num_tickets);
842
843int
844SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
845{
846 ctx->num_tickets = num_tickets;
847
848 return 1;
849}
850LSSL_ALIAS(SSL_CTX_set_num_tickets);
851
852size_t
853SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
854{
855 return ctx->num_tickets;
856}
857LSSL_ALIAS(SSL_CTX_get_num_tickets);
858
859int
860SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
861{
862 return (ctx->verify_mode);
863}
864LSSL_ALIAS(SSL_CTX_get_verify_mode);
865
866int
867SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
868{
869 return (X509_VERIFY_PARAM_get_depth(ctx->param));
870}
871LSSL_ALIAS(SSL_CTX_get_verify_depth);
872
873int
874(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
875{
876 return (ctx->default_verify_callback);
877}
878LSSL_ALIAS(SSL_CTX_get_verify_callback);
879
880void
881SSL_set_verify(SSL *s, int mode,
882 int (*callback)(int ok, X509_STORE_CTX *ctx))
883{
884 s->verify_mode = mode;
885 if (callback != NULL)
886 s->verify_callback = callback;
887}
888LSSL_ALIAS(SSL_set_verify);
889
890void
891SSL_set_verify_depth(SSL *s, int depth)
892{
893 X509_VERIFY_PARAM_set_depth(s->param, depth);
894}
895LSSL_ALIAS(SSL_set_verify_depth);
896
897void
898SSL_set_read_ahead(SSL *s, int yes)
899{
900 s->read_ahead = yes;
901}
902LSSL_ALIAS(SSL_set_read_ahead);
903
904int
905SSL_get_read_ahead(const SSL *s)
906{
907 return (s->read_ahead);
908}
909LSSL_ALIAS(SSL_get_read_ahead);
910
911int
912SSL_pending(const SSL *s)
913{
914 return (s->method->ssl_pending(s));
915}
916LSSL_ALIAS(SSL_pending);
917
918X509 *
919SSL_get_peer_certificate(const SSL *s)
920{
921 X509 *cert;
922
923 if (s == NULL || s->session == NULL)
924 return NULL;
925
926 if ((cert = s->session->peer_cert) == NULL)
927 return NULL;
928
929 X509_up_ref(cert);
930
931 return cert;
932}
933LSSL_ALIAS(SSL_get_peer_certificate);
934
935STACK_OF(X509) *
936SSL_get_peer_cert_chain(const SSL *s)
937{
938 if (s == NULL)
939 return NULL;
940
941 /*
942 * Achtung! Due to API inconsistency, a client includes the peer's leaf
943 * certificate in the peer certificate chain, while a server does not.
944 */
945 if (!s->server)
946 return s->s3->hs.peer_certs;
947
948 return s->s3->hs.peer_certs_no_leaf;
949}
950LSSL_ALIAS(SSL_get_peer_cert_chain);
951
952STACK_OF(X509) *
953SSL_get0_verified_chain(const SSL *s)
954{
955 if (s->s3 == NULL)
956 return NULL;
957 return s->s3->hs.verified_chain;
958}
959LSSL_ALIAS(SSL_get0_verified_chain);
960
961/*
962 * Now in theory, since the calling process own 't' it should be safe to
963 * modify. We need to be able to read f without being hassled
964 */
965int
966SSL_copy_session_id(SSL *t, const SSL *f)
967{
968 SSL_CERT *tmp;
969
970 /* Do we need to do SSL locking? */
971 if (!SSL_set_session(t, SSL_get_session(f)))
972 return 0;
973
974 /* What if we are set up for one protocol but want to talk another? */
975 if (t->method != f->method) {
976 t->method->ssl_free(t);
977 t->method = f->method;
978 if (!t->method->ssl_new(t))
979 return 0;
980 }
981
982 tmp = t->cert;
983 if (f->cert != NULL) {
984 CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
985 t->cert = f->cert;
986 } else
987 t->cert = NULL;
988 ssl_cert_free(tmp);
989
990 if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length))
991 return 0;
992
993 return 1;
994}
995LSSL_ALIAS(SSL_copy_session_id);
996
997/* Fix this so it checks all the valid key/cert options */
998int
999SSL_CTX_check_private_key(const SSL_CTX *ctx)
1000{
1001 if ((ctx == NULL) || (ctx->cert == NULL) ||
1002 (ctx->cert->key->x509 == NULL)) {
1003 SSLerrorx(SSL_R_NO_CERTIFICATE_ASSIGNED);
1004 return (0);
1005 }
1006 if (ctx->cert->key->privatekey == NULL) {
1007 SSLerrorx(SSL_R_NO_PRIVATE_KEY_ASSIGNED);
1008 return (0);
1009 }
1010 return (X509_check_private_key(ctx->cert->key->x509,
1011 ctx->cert->key->privatekey));
1012}
1013LSSL_ALIAS(SSL_CTX_check_private_key);
1014
1015/* Fix this function so that it takes an optional type parameter */
1016int
1017SSL_check_private_key(const SSL *ssl)
1018{
1019 if (ssl == NULL) {
1020 SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
1021 return (0);
1022 }
1023 if (ssl->cert == NULL) {
1024 SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED);
1025 return (0);
1026 }
1027 if (ssl->cert->key->x509 == NULL) {
1028 SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED);
1029 return (0);
1030 }
1031 if (ssl->cert->key->privatekey == NULL) {
1032 SSLerror(ssl, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
1033 return (0);
1034 }
1035 return (X509_check_private_key(ssl->cert->key->x509,
1036 ssl->cert->key->privatekey));
1037}
1038LSSL_ALIAS(SSL_check_private_key);
1039
1040int
1041SSL_accept(SSL *s)
1042{
1043 if (s->handshake_func == NULL)
1044 SSL_set_accept_state(s); /* Not properly initialized yet */
1045
1046 return (s->method->ssl_accept(s));
1047}
1048LSSL_ALIAS(SSL_accept);
1049
1050int
1051SSL_connect(SSL *s)
1052{
1053 if (s->handshake_func == NULL)
1054 SSL_set_connect_state(s); /* Not properly initialized yet */
1055
1056 return (s->method->ssl_connect(s));
1057}
1058LSSL_ALIAS(SSL_connect);
1059
1060int
1061SSL_is_dtls(const SSL *s)
1062{
1063 return s->method->dtls;
1064}
1065LSSL_ALIAS(SSL_is_dtls);
1066
1067int
1068SSL_is_server(const SSL *s)
1069{
1070 return s->server;
1071}
1072LSSL_ALIAS(SSL_is_server);
1073
1074static long
1075ssl_get_default_timeout()
1076{
1077 /*
1078 * 2 hours, the 24 hours mentioned in the TLSv1 spec
1079 * is way too long for http, the cache would over fill.
1080 */
1081 return (2 * 60 * 60);
1082}
1083
1084long
1085SSL_get_default_timeout(const SSL *s)
1086{
1087 return (ssl_get_default_timeout());
1088}
1089LSSL_ALIAS(SSL_get_default_timeout);
1090
1091int
1092SSL_read(SSL *s, void *buf, int num)
1093{
1094 if (num < 0) {
1095 SSLerror(s, SSL_R_BAD_LENGTH);
1096 return -1;
1097 }
1098
1099 if (SSL_is_quic(s)) {
1100 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1101 return (-1);
1102 }
1103
1104 if (s->handshake_func == NULL) {
1105 SSLerror(s, SSL_R_UNINITIALIZED);
1106 return (-1);
1107 }
1108
1109 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1110 s->rwstate = SSL_NOTHING;
1111 return (0);
1112 }
1113 return ssl3_read(s, buf, num);
1114}
1115LSSL_ALIAS(SSL_read);
1116
1117int
1118SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read)
1119{
1120 int ret;
1121
1122 /* We simply don't bother supporting enormous reads */
1123 if (num > INT_MAX) {
1124 SSLerror(s, SSL_R_BAD_LENGTH);
1125 return 0;
1126 }
1127
1128 ret = SSL_read(s, buf, (int)num);
1129 if (ret < 0)
1130 ret = 0;
1131 *bytes_read = ret;
1132
1133 return ret > 0;
1134}
1135LSSL_ALIAS(SSL_read_ex);
1136
1137int
1138SSL_peek(SSL *s, void *buf, int num)
1139{
1140 if (num < 0) {
1141 SSLerror(s, SSL_R_BAD_LENGTH);
1142 return -1;
1143 }
1144
1145 if (SSL_is_quic(s)) {
1146 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1147 return (-1);
1148 }
1149
1150 if (s->handshake_func == NULL) {
1151 SSLerror(s, SSL_R_UNINITIALIZED);
1152 return (-1);
1153 }
1154
1155 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1156 return (0);
1157 }
1158 return ssl3_peek(s, buf, num);
1159}
1160LSSL_ALIAS(SSL_peek);
1161
1162int
1163SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked)
1164{
1165 int ret;
1166
1167 /* We simply don't bother supporting enormous peeks */
1168 if (num > INT_MAX) {
1169 SSLerror(s, SSL_R_BAD_LENGTH);
1170 return 0;
1171 }
1172
1173 ret = SSL_peek(s, buf, (int)num);
1174 if (ret < 0)
1175 ret = 0;
1176 *bytes_peeked = ret;
1177
1178 return ret > 0;
1179}
1180LSSL_ALIAS(SSL_peek_ex);
1181
1182int
1183SSL_write(SSL *s, const void *buf, int num)
1184{
1185 if (num < 0) {
1186 SSLerror(s, SSL_R_BAD_LENGTH);
1187 return -1;
1188 }
1189
1190 if (SSL_is_quic(s)) {
1191 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1192 return (-1);
1193 }
1194
1195 if (s->handshake_func == NULL) {
1196 SSLerror(s, SSL_R_UNINITIALIZED);
1197 return (-1);
1198 }
1199
1200 if (s->shutdown & SSL_SENT_SHUTDOWN) {
1201 s->rwstate = SSL_NOTHING;
1202 SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN);
1203 return (-1);
1204 }
1205 return ssl3_write(s, buf, num);
1206}
1207LSSL_ALIAS(SSL_write);
1208
1209int
1210SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written)
1211{
1212 int ret;
1213
1214 /* We simply don't bother supporting enormous writes */
1215 if (num > INT_MAX) {
1216 SSLerror(s, SSL_R_BAD_LENGTH);
1217 return 0;
1218 }
1219
1220 if (num == 0) {
1221 /* This API is special */
1222 bytes_written = 0;
1223 return 1;
1224 }
1225
1226 ret = SSL_write(s, buf, (int)num);
1227 if (ret < 0)
1228 ret = 0;
1229 *bytes_written = ret;
1230
1231 return ret > 0;
1232}
1233LSSL_ALIAS(SSL_write_ex);
1234
1235uint32_t
1236SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
1237{
1238 return 0;
1239}
1240LSSL_ALIAS(SSL_CTX_get_max_early_data);
1241
1242int
1243SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
1244{
1245 return 1;
1246}
1247LSSL_ALIAS(SSL_CTX_set_max_early_data);
1248
1249uint32_t
1250SSL_get_max_early_data(const SSL *s)
1251{
1252 return 0;
1253}
1254LSSL_ALIAS(SSL_get_max_early_data);
1255
1256int
1257SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
1258{
1259 return 1;
1260}
1261LSSL_ALIAS(SSL_set_max_early_data);
1262
1263int
1264SSL_get_early_data_status(const SSL *s)
1265{
1266 return SSL_EARLY_DATA_REJECTED;
1267}
1268LSSL_ALIAS(SSL_get_early_data_status);
1269
1270int
1271SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
1272{
1273 *readbytes = 0;
1274
1275 if (!s->server) {
1276 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1277 return SSL_READ_EARLY_DATA_ERROR;
1278 }
1279
1280 return SSL_READ_EARLY_DATA_FINISH;
1281}
1282LSSL_ALIAS(SSL_read_early_data);
1283
1284int
1285SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
1286{
1287 *written = 0;
1288 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1289 return 0;
1290}
1291LSSL_ALIAS(SSL_write_early_data);
1292
1293int
1294SSL_shutdown(SSL *s)
1295{
1296 /*
1297 * Note that this function behaves differently from what one might
1298 * expect. Return values are 0 for no success (yet),
1299 * 1 for success; but calling it once is usually not enough,
1300 * even if blocking I/O is used (see ssl3_shutdown).
1301 */
1302
1303 if (s->handshake_func == NULL) {
1304 SSLerror(s, SSL_R_UNINITIALIZED);
1305 return (-1);
1306 }
1307
1308 if (s != NULL && !SSL_in_init(s))
1309 return (s->method->ssl_shutdown(s));
1310
1311 return (1);
1312}
1313LSSL_ALIAS(SSL_shutdown);
1314
1315int
1316SSL_renegotiate(SSL *s)
1317{
1318 if (s->renegotiate == 0)
1319 s->renegotiate = 1;
1320
1321 s->new_session = 1;
1322
1323 return (s->method->ssl_renegotiate(s));
1324}
1325LSSL_ALIAS(SSL_renegotiate);
1326
1327int
1328SSL_renegotiate_abbreviated(SSL *s)
1329{
1330 if (s->renegotiate == 0)
1331 s->renegotiate = 1;
1332
1333 s->new_session = 0;
1334
1335 return (s->method->ssl_renegotiate(s));
1336}
1337LSSL_ALIAS(SSL_renegotiate_abbreviated);
1338
1339int
1340SSL_renegotiate_pending(SSL *s)
1341{
1342 /*
1343 * Becomes true when negotiation is requested;
1344 * false again once a handshake has finished.
1345 */
1346 return (s->renegotiate != 0);
1347}
1348LSSL_ALIAS(SSL_renegotiate_pending);
1349
1350long
1351SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1352{
1353 long l;
1354
1355 switch (cmd) {
1356 case SSL_CTRL_GET_READ_AHEAD:
1357 return (s->read_ahead);
1358 case SSL_CTRL_SET_READ_AHEAD:
1359 l = s->read_ahead;
1360 s->read_ahead = larg;
1361 return (l);
1362
1363 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1364 s->msg_callback_arg = parg;
1365 return (1);
1366
1367 case SSL_CTRL_OPTIONS:
1368 return (s->options|=larg);
1369 case SSL_CTRL_CLEAR_OPTIONS:
1370 return (s->options&=~larg);
1371 case SSL_CTRL_MODE:
1372 return (s->mode|=larg);
1373 case SSL_CTRL_CLEAR_MODE:
1374 return (s->mode &=~larg);
1375 case SSL_CTRL_GET_MAX_CERT_LIST:
1376 return (s->max_cert_list);
1377 case SSL_CTRL_SET_MAX_CERT_LIST:
1378 l = s->max_cert_list;
1379 s->max_cert_list = larg;
1380 return (l);
1381 case SSL_CTRL_SET_MTU:
1382#ifndef OPENSSL_NO_DTLS1
1383 if (larg < (long)dtls1_min_mtu())
1384 return (0);
1385#endif
1386 if (SSL_is_dtls(s)) {
1387 s->d1->mtu = larg;
1388 return (larg);
1389 }
1390 return (0);
1391 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1392 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1393 return (0);
1394 s->max_send_fragment = larg;
1395 return (1);
1396 case SSL_CTRL_GET_RI_SUPPORT:
1397 if (s->s3)
1398 return (s->s3->send_connection_binding);
1399 else return (0);
1400 default:
1401 if (SSL_is_dtls(s))
1402 return dtls1_ctrl(s, cmd, larg, parg);
1403 return ssl3_ctrl(s, cmd, larg, parg);
1404 }
1405}
1406LSSL_ALIAS(SSL_ctrl);
1407
1408long
1409SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1410{
1411 switch (cmd) {
1412 case SSL_CTRL_SET_MSG_CALLBACK:
1413 s->msg_callback = (ssl_msg_callback_fn *)(fp);
1414 return (1);
1415
1416 default:
1417 return (ssl3_callback_ctrl(s, cmd, fp));
1418 }
1419}
1420LSSL_ALIAS(SSL_callback_ctrl);
1421
1422struct lhash_st_SSL_SESSION *
1423SSL_CTX_sessions(SSL_CTX *ctx)
1424{
1425 return (ctx->sessions);
1426}
1427LSSL_ALIAS(SSL_CTX_sessions);
1428
1429long
1430SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1431{
1432 long l;
1433
1434 switch (cmd) {
1435 case SSL_CTRL_GET_READ_AHEAD:
1436 return (ctx->read_ahead);
1437 case SSL_CTRL_SET_READ_AHEAD:
1438 l = ctx->read_ahead;
1439 ctx->read_ahead = larg;
1440 return (l);
1441
1442 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1443 ctx->msg_callback_arg = parg;
1444 return (1);
1445
1446 case SSL_CTRL_GET_MAX_CERT_LIST:
1447 return (ctx->max_cert_list);
1448 case SSL_CTRL_SET_MAX_CERT_LIST:
1449 l = ctx->max_cert_list;
1450 ctx->max_cert_list = larg;
1451 return (l);
1452
1453 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1454 l = ctx->session_cache_size;
1455 ctx->session_cache_size = larg;
1456 return (l);
1457 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1458 return (ctx->session_cache_size);
1459 case SSL_CTRL_SET_SESS_CACHE_MODE:
1460 l = ctx->session_cache_mode;
1461 ctx->session_cache_mode = larg;
1462 return (l);
1463 case SSL_CTRL_GET_SESS_CACHE_MODE:
1464 return (ctx->session_cache_mode);
1465
1466 case SSL_CTRL_SESS_NUMBER:
1467 return (lh_SSL_SESSION_num_items(ctx->sessions));
1468 case SSL_CTRL_SESS_CONNECT:
1469 return (ctx->stats.sess_connect);
1470 case SSL_CTRL_SESS_CONNECT_GOOD:
1471 return (ctx->stats.sess_connect_good);
1472 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1473 return (ctx->stats.sess_connect_renegotiate);
1474 case SSL_CTRL_SESS_ACCEPT:
1475 return (ctx->stats.sess_accept);
1476 case SSL_CTRL_SESS_ACCEPT_GOOD:
1477 return (ctx->stats.sess_accept_good);
1478 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1479 return (ctx->stats.sess_accept_renegotiate);
1480 case SSL_CTRL_SESS_HIT:
1481 return (ctx->stats.sess_hit);
1482 case SSL_CTRL_SESS_CB_HIT:
1483 return (ctx->stats.sess_cb_hit);
1484 case SSL_CTRL_SESS_MISSES:
1485 return (ctx->stats.sess_miss);
1486 case SSL_CTRL_SESS_TIMEOUTS:
1487 return (ctx->stats.sess_timeout);
1488 case SSL_CTRL_SESS_CACHE_FULL:
1489 return (ctx->stats.sess_cache_full);
1490 case SSL_CTRL_OPTIONS:
1491 return (ctx->options|=larg);
1492 case SSL_CTRL_CLEAR_OPTIONS:
1493 return (ctx->options&=~larg);
1494 case SSL_CTRL_MODE:
1495 return (ctx->mode|=larg);
1496 case SSL_CTRL_CLEAR_MODE:
1497 return (ctx->mode&=~larg);
1498 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1499 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1500 return (0);
1501 ctx->max_send_fragment = larg;
1502 return (1);
1503 default:
1504 return (ssl3_ctx_ctrl(ctx, cmd, larg, parg));
1505 }
1506}
1507LSSL_ALIAS(SSL_CTX_ctrl);
1508
1509long
1510SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1511{
1512 switch (cmd) {
1513 case SSL_CTRL_SET_MSG_CALLBACK:
1514 ctx->msg_callback = (ssl_msg_callback_fn *)fp;
1515 return (1);
1516
1517 default:
1518 return (ssl3_ctx_callback_ctrl(ctx, cmd, fp));
1519 }
1520}
1521LSSL_ALIAS(SSL_CTX_callback_ctrl);
1522
1523int
1524ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1525{
1526 long l;
1527
1528 l = a->id - b->id;
1529 if (l == 0L)
1530 return (0);
1531 else
1532 return ((l > 0) ? 1:-1);
1533}
1534
1535STACK_OF(SSL_CIPHER) *
1536SSL_get_ciphers(const SSL *s)
1537{
1538 if (s == NULL)
1539 return (NULL);
1540 if (s->cipher_list != NULL)
1541 return (s->cipher_list);
1542
1543 return (s->ctx->cipher_list);
1544}
1545LSSL_ALIAS(SSL_get_ciphers);
1546
1547STACK_OF(SSL_CIPHER) *
1548SSL_get_client_ciphers(const SSL *s)
1549{
1550 if (s == NULL || s->session == NULL || !s->server)
1551 return NULL;
1552 return s->session->ciphers;
1553}
1554LSSL_ALIAS(SSL_get_client_ciphers);
1555
1556STACK_OF(SSL_CIPHER) *
1557SSL_get1_supported_ciphers(SSL *s)
1558{
1559 STACK_OF(SSL_CIPHER) *supported_ciphers = NULL, *ciphers;
1560 SSL_CIPHER *cipher;
1561 uint16_t min_vers, max_vers;
1562 int i;
1563
1564 if (s == NULL)
1565 return NULL;
1566 if (!ssl_supported_tls_version_range(s, &min_vers, &max_vers))
1567 return NULL;
1568 if ((ciphers = SSL_get_ciphers(s)) == NULL)
1569 return NULL;
1570 if ((supported_ciphers = sk_SSL_CIPHER_new_null()) == NULL)
1571 return NULL;
1572
1573 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1574 if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
1575 goto err;
1576 if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers,
1577 max_vers))
1578 continue;
1579 if (!ssl_security_supported_cipher(s, cipher))
1580 continue;
1581 if (!sk_SSL_CIPHER_push(supported_ciphers, cipher))
1582 goto err;
1583 }
1584
1585 if (sk_SSL_CIPHER_num(supported_ciphers) > 0)
1586 return supported_ciphers;
1587
1588 err:
1589 sk_SSL_CIPHER_free(supported_ciphers);
1590 return NULL;
1591}
1592LSSL_ALIAS(SSL_get1_supported_ciphers);
1593
1594/* See if we have any ECC cipher suites. */
1595int
1596ssl_has_ecc_ciphers(SSL *s)
1597{
1598 STACK_OF(SSL_CIPHER) *ciphers;
1599 unsigned long alg_k, alg_a;
1600 SSL_CIPHER *cipher;
1601 int i;
1602
1603 if ((ciphers = SSL_get_ciphers(s)) == NULL)
1604 return 0;
1605
1606 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1607 cipher = sk_SSL_CIPHER_value(ciphers, i);
1608
1609 alg_k = cipher->algorithm_mkey;
1610 alg_a = cipher->algorithm_auth;
1611
1612 if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))
1613 return 1;
1614 }
1615
1616 return 0;
1617}
1618
1619/* The old interface to get the same thing as SSL_get_ciphers(). */
1620const char *
1621SSL_get_cipher_list(const SSL *s, int n)
1622{
1623 STACK_OF(SSL_CIPHER) *ciphers;
1624 const SSL_CIPHER *cipher;
1625
1626 if ((ciphers = SSL_get_ciphers(s)) == NULL)
1627 return (NULL);
1628 if ((cipher = sk_SSL_CIPHER_value(ciphers, n)) == NULL)
1629 return (NULL);
1630
1631 return (cipher->name);
1632}
1633LSSL_ALIAS(SSL_get_cipher_list);
1634
1635STACK_OF(SSL_CIPHER) *
1636SSL_CTX_get_ciphers(const SSL_CTX *ctx)
1637{
1638 if (ctx == NULL)
1639 return NULL;
1640 return ctx->cipher_list;
1641}
1642LSSL_ALIAS(SSL_CTX_get_ciphers);
1643
1644/* Specify the ciphers to be used by default by the SSL_CTX. */
1645int
1646SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1647{
1648 STACK_OF(SSL_CIPHER) *ciphers;
1649
1650 /*
1651 * ssl_create_cipher_list may return an empty stack if it was unable to
1652 * find a cipher matching the given rule string (for example if the
1653 * rule string specifies a cipher which has been disabled). This is not
1654 * an error as far as ssl_create_cipher_list is concerned, and hence
1655 * ctx->cipher_list has been updated.
1656 */
1657 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1658 ctx->cipher_list_tls13, str, ctx->cert);
1659 if (ciphers == NULL) {
1660 return (0);
1661 } else if (sk_SSL_CIPHER_num(ciphers) == 0) {
1662 SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1663 return (0);
1664 }
1665 return (1);
1666}
1667LSSL_ALIAS(SSL_CTX_set_cipher_list);
1668
1669int
1670SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
1671{
1672 if (!ssl_parse_ciphersuites(&ctx->cipher_list_tls13, str)) {
1673 SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1674 return 0;
1675 }
1676 if (!ssl_merge_cipherlists(ctx->cipher_list,
1677 ctx->cipher_list_tls13, &ctx->cipher_list))
1678 return 0;
1679
1680 return 1;
1681}
1682LSSL_ALIAS(SSL_CTX_set_ciphersuites);
1683
1684/* Specify the ciphers to be used by the SSL. */
1685int
1686SSL_set_cipher_list(SSL *s, const char *str)
1687{
1688 STACK_OF(SSL_CIPHER) *ciphers, *ciphers_tls13;
1689
1690 if ((ciphers_tls13 = s->cipher_list_tls13) == NULL)
1691 ciphers_tls13 = s->ctx->cipher_list_tls13;
1692
1693 /* See comment in SSL_CTX_set_cipher_list. */
1694 ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1695 ciphers_tls13, str, s->cert);
1696 if (ciphers == NULL) {
1697 return (0);
1698 } else if (sk_SSL_CIPHER_num(ciphers) == 0) {
1699 SSLerror(s, SSL_R_NO_CIPHER_MATCH);
1700 return (0);
1701 }
1702 return (1);
1703}
1704LSSL_ALIAS(SSL_set_cipher_list);
1705
1706int
1707SSL_set_ciphersuites(SSL *s, const char *str)
1708{
1709 STACK_OF(SSL_CIPHER) *ciphers;
1710
1711 if ((ciphers = s->cipher_list) == NULL)
1712 ciphers = s->ctx->cipher_list;
1713
1714 if (!ssl_parse_ciphersuites(&s->cipher_list_tls13, str)) {
1715 SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1716 return (0);
1717 }
1718 if (!ssl_merge_cipherlists(ciphers, s->cipher_list_tls13,
1719 &s->cipher_list))
1720 return 0;
1721
1722 return 1;
1723}
1724LSSL_ALIAS(SSL_set_ciphersuites);
1725
1726char *
1727SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1728{
1729 STACK_OF(SSL_CIPHER) *client_ciphers, *server_ciphers;
1730 const SSL_CIPHER *cipher;
1731 size_t curlen = 0;
1732 char *end;
1733 int i;
1734
1735 if (!s->server || s->session == NULL || len < 2)
1736 return NULL;
1737
1738 if ((client_ciphers = s->session->ciphers) == NULL)
1739 return NULL;
1740 if ((server_ciphers = SSL_get_ciphers(s)) == NULL)
1741 return NULL;
1742 if (sk_SSL_CIPHER_num(client_ciphers) == 0 ||
1743 sk_SSL_CIPHER_num(server_ciphers) == 0)
1744 return NULL;
1745
1746 buf[0] = '\0';
1747 for (i = 0; i < sk_SSL_CIPHER_num(client_ciphers); i++) {
1748 cipher = sk_SSL_CIPHER_value(client_ciphers, i);
1749
1750 if (sk_SSL_CIPHER_find(server_ciphers, cipher) < 0)
1751 continue;
1752
1753 end = buf + curlen;
1754 if (strlcat(buf, cipher->name, len) >= len ||
1755 (curlen = strlcat(buf, ":", len)) >= len) {
1756 /* remove truncated cipher from list */
1757 *end = '\0';
1758 break;
1759 }
1760 }
1761 /* remove trailing colon */
1762 if ((end = strrchr(buf, ':')) != NULL)
1763 *end = '\0';
1764 return buf;
1765}
1766LSSL_ALIAS(SSL_get_shared_ciphers);
1767
1768/*
1769 * Return a servername extension value if provided in Client Hello, or NULL.
1770 * So far, only host_name types are defined (RFC 3546).
1771 */
1772const char *
1773SSL_get_servername(const SSL *s, const int type)
1774{
1775 if (type != TLSEXT_NAMETYPE_host_name)
1776 return (NULL);
1777
1778 return (s->session && !s->tlsext_hostname ?
1779 s->session->tlsext_hostname :
1780 s->tlsext_hostname);
1781}
1782LSSL_ALIAS(SSL_get_servername);
1783
1784int
1785SSL_get_servername_type(const SSL *s)
1786{
1787 if (s->session &&
1788 (!s->tlsext_hostname ?
1789 s->session->tlsext_hostname : s->tlsext_hostname))
1790 return (TLSEXT_NAMETYPE_host_name);
1791 return (-1);
1792}
1793LSSL_ALIAS(SSL_get_servername_type);
1794
1795/*
1796 * SSL_select_next_proto implements standard protocol selection. It is
1797 * expected that this function is called from the callback set by
1798 * SSL_CTX_set_alpn_select_cb.
1799 *
1800 * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
1801 * strings. The length byte itself is not included in the length. A byte
1802 * string of length 0 is invalid. No byte string may be truncated.
1803 *
1804 * It returns either:
1805 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1806 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1807 */
1808int
1809SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1810 const unsigned char *server, unsigned int server_len,
1811 const unsigned char *client, unsigned int client_len)
1812{
1813 unsigned int i, j;
1814 const unsigned char *result;
1815 int status = OPENSSL_NPN_UNSUPPORTED;
1816
1817 /*
1818 * For each protocol in server preference order,
1819 * see if we support it.
1820 */
1821 for (i = 0; i < server_len; ) {
1822 for (j = 0; j < client_len; ) {
1823 if (server[i] == client[j] &&
1824 memcmp(&server[i + 1],
1825 &client[j + 1], server[i]) == 0) {
1826 /* We found a match */
1827 result = &server[i];
1828 status = OPENSSL_NPN_NEGOTIATED;
1829 goto found;
1830 }
1831 j += client[j];
1832 j++;
1833 }
1834 i += server[i];
1835 i++;
1836 }
1837
1838 /* There's no overlap between our protocols and the server's list. */
1839 result = client;
1840 status = OPENSSL_NPN_NO_OVERLAP;
1841
1842 found:
1843 *out = (unsigned char *) result + 1;
1844 *outlen = result[0];
1845 return (status);
1846}
1847LSSL_ALIAS(SSL_select_next_proto);
1848
1849/* SSL_get0_next_proto_negotiated is deprecated. */
1850void
1851SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
1852 unsigned int *len)
1853{
1854 *data = NULL;
1855 *len = 0;
1856}
1857LSSL_ALIAS(SSL_get0_next_proto_negotiated);
1858
1859/* SSL_CTX_set_next_protos_advertised_cb is deprecated. */
1860void
1861SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
1862 const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1863{
1864}
1865LSSL_ALIAS(SSL_CTX_set_next_protos_advertised_cb);
1866
1867/* SSL_CTX_set_next_proto_select_cb is deprecated. */
1868void
1869SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1870 unsigned char **out, unsigned char *outlen, const unsigned char *in,
1871 unsigned int inlen, void *arg), void *arg)
1872{
1873}
1874LSSL_ALIAS(SSL_CTX_set_next_proto_select_cb);
1875
1876/*
1877 * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
1878 * protocols, which must be in wire-format (i.e. a series of non-empty,
1879 * 8-bit length-prefixed strings). Returns 0 on success.
1880 */
1881int
1882SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
1883 unsigned int protos_len)
1884{
1885 CBS cbs;
1886 int failed = 1;
1887
1888 if (protos == NULL)
1889 protos_len = 0;
1890
1891 CBS_init(&cbs, protos, protos_len);
1892
1893 if (protos_len > 0) {
1894 if (!tlsext_alpn_check_format(&cbs))
1895 goto err;
1896 }
1897
1898 if (!CBS_stow(&cbs, &ctx->alpn_client_proto_list,
1899 &ctx->alpn_client_proto_list_len))
1900 goto err;
1901
1902 failed = 0;
1903
1904 err:
1905 /* NOTE: Return values are the reverse of what you expect. */
1906 return failed;
1907}
1908LSSL_ALIAS(SSL_CTX_set_alpn_protos);
1909
1910/*
1911 * SSL_set_alpn_protos sets the ALPN protocol list to the specified
1912 * protocols, which must be in wire-format (i.e. a series of non-empty,
1913 * 8-bit length-prefixed strings). Returns 0 on success.
1914 */
1915int
1916SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
1917 unsigned int protos_len)
1918{
1919 CBS cbs;
1920 int failed = 1;
1921
1922 if (protos == NULL)
1923 protos_len = 0;
1924
1925 CBS_init(&cbs, protos, protos_len);
1926
1927 if (protos_len > 0) {
1928 if (!tlsext_alpn_check_format(&cbs))
1929 goto err;
1930 }
1931
1932 if (!CBS_stow(&cbs, &ssl->alpn_client_proto_list,
1933 &ssl->alpn_client_proto_list_len))
1934 goto err;
1935
1936 failed = 0;
1937
1938 err:
1939 /* NOTE: Return values are the reverse of what you expect. */
1940 return failed;
1941}
1942LSSL_ALIAS(SSL_set_alpn_protos);
1943
1944/*
1945 * SSL_CTX_set_alpn_select_cb sets a callback function that is called during
1946 * ClientHello processing in order to select an ALPN protocol from the
1947 * client's list of offered protocols.
1948 */
1949void
1950SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
1951 int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
1952 const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1953{
1954 ctx->alpn_select_cb = cb;
1955 ctx->alpn_select_cb_arg = arg;
1956}
1957LSSL_ALIAS(SSL_CTX_set_alpn_select_cb);
1958
1959/*
1960 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
1961 * it sets data to point to len bytes of protocol name (not including the
1962 * leading length-prefix byte). If the server didn't respond with* a negotiated
1963 * protocol then len will be zero.
1964 */
1965void
1966SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
1967 unsigned int *len)
1968{
1969 *data = ssl->s3->alpn_selected;
1970 *len = ssl->s3->alpn_selected_len;
1971}
1972LSSL_ALIAS(SSL_get0_alpn_selected);
1973
1974void
1975SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
1976{
1977 return;
1978}
1979LSSL_ALIAS(SSL_set_psk_use_session_callback);
1980
1981int
1982SSL_export_keying_material(SSL *s, unsigned char *out, size_t out_len,
1983 const char *label, size_t label_len, const unsigned char *context,
1984 size_t context_len, int use_context)
1985{
1986 if (s->tls13 != NULL && s->version == TLS1_3_VERSION) {
1987 if (!use_context) {
1988 context = NULL;
1989 context_len = 0;
1990 }
1991 return tls13_exporter(s->tls13, label, label_len, context,
1992 context_len, out, out_len);
1993 }
1994
1995 return tls12_exporter(s, label, label_len, context, context_len,
1996 use_context, out, out_len);
1997}
1998LSSL_ALIAS(SSL_export_keying_material);
1999
2000static unsigned long
2001ssl_session_hash(const SSL_SESSION *a)
2002{
2003 unsigned long l;
2004
2005 l = (unsigned long)
2006 ((unsigned int) a->session_id[0] )|
2007 ((unsigned int) a->session_id[1]<< 8L)|
2008 ((unsigned long)a->session_id[2]<<16L)|
2009 ((unsigned long)a->session_id[3]<<24L);
2010 return (l);
2011}
2012
2013/*
2014 * NB: If this function (or indeed the hash function which uses a sort of
2015 * coarser function than this one) is changed, ensure
2016 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
2017 * able to construct an SSL_SESSION that will collide with any existing session
2018 * with a matching session ID.
2019 */
2020static int
2021ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
2022{
2023 if (a->ssl_version != b->ssl_version)
2024 return (1);
2025 if (a->session_id_length != b->session_id_length)
2026 return (1);
2027 if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)
2028 return (1);
2029 return (0);
2030}
2031
2032/*
2033 * These wrapper functions should remain rather than redeclaring
2034 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
2035 * variable. The reason is that the functions aren't static, they're exposed via
2036 * ssl.h.
2037 */
2038static unsigned long
2039ssl_session_LHASH_HASH(const void *arg)
2040{
2041 const SSL_SESSION *a = arg;
2042
2043 return ssl_session_hash(a);
2044}
2045
2046static int
2047ssl_session_LHASH_COMP(const void *arg1, const void *arg2)
2048{
2049 const SSL_SESSION *a = arg1;
2050 const SSL_SESSION *b = arg2;
2051
2052 return ssl_session_cmp(a, b);
2053}
2054
2055SSL_CTX *
2056SSL_CTX_new(const SSL_METHOD *meth)
2057{
2058 SSL_CTX *ret;
2059
2060 if (!OPENSSL_init_ssl(0, NULL)) {
2061 SSLerrorx(SSL_R_LIBRARY_BUG);
2062 return (NULL);
2063 }
2064
2065 if (meth == NULL) {
2066 SSLerrorx(SSL_R_NULL_SSL_METHOD_PASSED);
2067 return (NULL);
2068 }
2069
2070 if ((ret = calloc(1, sizeof(*ret))) == NULL) {
2071 SSLerrorx(ERR_R_MALLOC_FAILURE);
2072 return (NULL);
2073 }
2074
2075 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
2076 SSLerrorx(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
2077 goto err;
2078 }
2079
2080 ret->method = meth;
2081 ret->min_tls_version = meth->min_tls_version;
2082 ret->max_tls_version = meth->max_tls_version;
2083 ret->min_proto_version = 0;
2084 ret->max_proto_version = 0;
2085 ret->mode = SSL_MODE_AUTO_RETRY;
2086
2087 ret->cert_store = NULL;
2088 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
2089 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
2090 ret->session_cache_head = NULL;
2091 ret->session_cache_tail = NULL;
2092
2093 /* We take the system default */
2094 ret->session_timeout = ssl_get_default_timeout();
2095
2096 ret->new_session_cb = 0;
2097 ret->remove_session_cb = 0;
2098 ret->get_session_cb = 0;
2099 ret->generate_session_id = 0;
2100
2101 memset((char *)&ret->stats, 0, sizeof(ret->stats));
2102
2103 ret->references = 1;
2104 ret->quiet_shutdown = 0;
2105
2106 ret->info_callback = NULL;
2107
2108 ret->app_verify_callback = 0;
2109 ret->app_verify_arg = NULL;
2110
2111 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
2112 ret->read_ahead = 0;
2113 ret->msg_callback = 0;
2114 ret->msg_callback_arg = NULL;
2115 ret->verify_mode = SSL_VERIFY_NONE;
2116 ret->sid_ctx_length = 0;
2117 ret->default_verify_callback = NULL;
2118
2119 if ((ret->cert = ssl_cert_new()) == NULL)
2120 goto err;
2121
2122 ret->default_passwd_callback = 0;
2123 ret->default_passwd_callback_userdata = NULL;
2124 ret->client_cert_cb = 0;
2125 ret->app_gen_cookie_cb = 0;
2126 ret->app_verify_cookie_cb = 0;
2127
2128 ret->sessions = lh_SSL_SESSION_new();
2129 if (ret->sessions == NULL)
2130 goto err;
2131 ret->cert_store = X509_STORE_new();
2132 if (ret->cert_store == NULL)
2133 goto err;
2134
2135 ssl_create_cipher_list(ret->method, &ret->cipher_list,
2136 NULL, SSL_DEFAULT_CIPHER_LIST, ret->cert);
2137 if (ret->cipher_list == NULL ||
2138 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
2139 SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS);
2140 goto err2;
2141 }
2142
2143 ret->param = X509_VERIFY_PARAM_new();
2144 if (!ret->param)
2145 goto err;
2146
2147 if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
2148 goto err;
2149
2150 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
2151
2152 ret->extra_certs = NULL;
2153
2154 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
2155
2156 ret->tlsext_servername_callback = 0;
2157 ret->tlsext_servername_arg = NULL;
2158
2159 /* Setup RFC4507 ticket keys */
2160 arc4random_buf(ret->tlsext_tick_key_name, 16);
2161 arc4random_buf(ret->tlsext_tick_hmac_key, 16);
2162 arc4random_buf(ret->tlsext_tick_aes_key, 16);
2163
2164 ret->tlsext_status_cb = 0;
2165 ret->tlsext_status_arg = NULL;
2166
2167#ifndef OPENSSL_NO_ENGINE
2168 ret->client_cert_engine = NULL;
2169#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
2170#define eng_strx(x) #x
2171#define eng_str(x) eng_strx(x)
2172 /* Use specific client engine automatically... ignore errors */
2173 {
2174 ENGINE *eng;
2175 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
2176 if (!eng) {
2177 ERR_clear_error();
2178 ENGINE_load_builtin_engines();
2179 eng = ENGINE_by_id(eng_str(
2180 OPENSSL_SSL_CLIENT_ENGINE_AUTO));
2181 }
2182 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
2183 ERR_clear_error();
2184 }
2185#endif
2186#endif
2187 /*
2188 * Default is to connect to non-RI servers. When RI is more widely
2189 * deployed might change this.
2190 */
2191 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
2192
2193 return (ret);
2194 err:
2195 SSLerrorx(ERR_R_MALLOC_FAILURE);
2196 err2:
2197 SSL_CTX_free(ret);
2198 return (NULL);
2199}
2200LSSL_ALIAS(SSL_CTX_new);
2201
2202void
2203SSL_CTX_free(SSL_CTX *ctx)
2204{
2205 int i;
2206
2207 if (ctx == NULL)
2208 return;
2209
2210 i = CRYPTO_add(&ctx->references, -1, CRYPTO_LOCK_SSL_CTX);
2211 if (i > 0)
2212 return;
2213
2214 X509_VERIFY_PARAM_free(ctx->param);
2215
2216 /*
2217 * Free internal session cache. However: the remove_cb() may reference
2218 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
2219 * after the sessions were flushed.
2220 * As the ex_data handling routines might also touch the session cache,
2221 * the most secure solution seems to be: empty (flush) the cache, then
2222 * free ex_data, then finally free the cache.
2223 * (See ticket [openssl.org #212].)
2224 */
2225 if (ctx->sessions != NULL)
2226 SSL_CTX_flush_sessions(ctx, 0);
2227
2228 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ctx, &ctx->ex_data);
2229
2230 lh_SSL_SESSION_free(ctx->sessions);
2231
2232 X509_STORE_free(ctx->cert_store);
2233 sk_SSL_CIPHER_free(ctx->cipher_list);
2234 sk_SSL_CIPHER_free(ctx->cipher_list_tls13);
2235 ssl_cert_free(ctx->cert);
2236 sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free);
2237 sk_X509_pop_free(ctx->extra_certs, X509_free);
2238
2239#ifndef OPENSSL_NO_SRTP
2240 if (ctx->srtp_profiles)
2241 sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
2242#endif
2243
2244#ifndef OPENSSL_NO_ENGINE
2245 ENGINE_finish(ctx->client_cert_engine);
2246#endif
2247
2248 free(ctx->tlsext_ecpointformatlist);
2249 free(ctx->tlsext_supportedgroups);
2250
2251 free(ctx->alpn_client_proto_list);
2252
2253 free(ctx);
2254}
2255LSSL_ALIAS(SSL_CTX_free);
2256
2257int
2258SSL_CTX_up_ref(SSL_CTX *ctx)
2259{
2260 int refs = CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
2261 return ((refs > 1) ? 1 : 0);
2262}
2263LSSL_ALIAS(SSL_CTX_up_ref);
2264
2265pem_password_cb *
2266SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
2267{
2268 return (ctx->default_passwd_callback);
2269}
2270LSSL_ALIAS(SSL_CTX_get_default_passwd_cb);
2271
2272void
2273SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
2274{
2275 ctx->default_passwd_callback = cb;
2276}
2277LSSL_ALIAS(SSL_CTX_set_default_passwd_cb);
2278
2279void *
2280SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
2281{
2282 return ctx->default_passwd_callback_userdata;
2283}
2284LSSL_ALIAS(SSL_CTX_get_default_passwd_cb_userdata);
2285
2286void
2287SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
2288{
2289 ctx->default_passwd_callback_userdata = u;
2290}
2291LSSL_ALIAS(SSL_CTX_set_default_passwd_cb_userdata);
2292
2293void
2294SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
2295 int (*cb)(X509_STORE_CTX *, void *), void *arg)
2296{
2297 ctx->app_verify_callback = cb;
2298 ctx->app_verify_arg = arg;
2299}
2300LSSL_ALIAS(SSL_CTX_set_cert_verify_callback);
2301
2302void
2303SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
2304{
2305 ctx->verify_mode = mode;
2306 ctx->default_verify_callback = cb;
2307}
2308LSSL_ALIAS(SSL_CTX_set_verify);
2309
2310void
2311SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
2312{
2313 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2314}
2315LSSL_ALIAS(SSL_CTX_set_verify_depth);
2316
2317void
2318ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher)
2319{
2320 unsigned long mask_a, mask_k;
2321 SSL_CERT_PKEY *cpk;
2322
2323 if (c == NULL)
2324 return;
2325
2326 mask_a = SSL_aNULL | SSL_aTLS1_3;
2327 mask_k = SSL_kECDHE | SSL_kTLS1_3;
2328
2329 if (c->dhe_params != NULL || c->dhe_params_cb != NULL ||
2330 c->dhe_params_auto != 0)
2331 mask_k |= SSL_kDHE;
2332
2333 cpk = &(c->pkeys[SSL_PKEY_ECC]);
2334 if (cpk->x509 != NULL && cpk->privatekey != NULL) {
2335 /* Key usage, if present, must allow signing. */
2336 if (X509_get_key_usage(cpk->x509) & X509v3_KU_DIGITAL_SIGNATURE)
2337 mask_a |= SSL_aECDSA;
2338 }
2339
2340 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2341 if (cpk->x509 != NULL && cpk->privatekey != NULL) {
2342 mask_k |= SSL_kGOST;
2343 mask_a |= SSL_aGOST01;
2344 }
2345
2346 cpk = &(c->pkeys[SSL_PKEY_RSA]);
2347 if (cpk->x509 != NULL && cpk->privatekey != NULL) {
2348 mask_a |= SSL_aRSA;
2349 mask_k |= SSL_kRSA;
2350 }
2351
2352 c->mask_k = mask_k;
2353 c->mask_a = mask_a;
2354 c->valid = 1;
2355}
2356
2357/* See if this handshake is using an ECC cipher suite. */
2358int
2359ssl_using_ecc_cipher(SSL *s)
2360{
2361 unsigned long alg_a, alg_k;
2362
2363 alg_a = s->s3->hs.cipher->algorithm_auth;
2364 alg_k = s->s3->hs.cipher->algorithm_mkey;
2365
2366 return s->session->tlsext_ecpointformatlist != NULL &&
2367 s->session->tlsext_ecpointformatlist_length > 0 &&
2368 ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA));
2369}
2370
2371int
2372ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x)
2373{
2374 const SSL_CIPHER *cs = s->s3->hs.cipher;
2375 unsigned long alg_a;
2376
2377 alg_a = cs->algorithm_auth;
2378
2379 if (alg_a & SSL_aECDSA) {
2380 /* Key usage, if present, must allow signing. */
2381 if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
2382 SSLerror(s, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2383 return (0);
2384 }
2385 }
2386
2387 return (1);
2388}
2389
2390SSL_CERT_PKEY *
2391ssl_get_server_send_pkey(const SSL *s)
2392{
2393 unsigned long alg_a;
2394 SSL_CERT *c;
2395 int i;
2396
2397 c = s->cert;
2398 ssl_set_cert_masks(c, s->s3->hs.cipher);
2399
2400 alg_a = s->s3->hs.cipher->algorithm_auth;
2401
2402 if (alg_a & SSL_aECDSA) {
2403 i = SSL_PKEY_ECC;
2404 } else if (alg_a & SSL_aRSA) {
2405 i = SSL_PKEY_RSA;
2406 } else if (alg_a & SSL_aGOST01) {
2407 i = SSL_PKEY_GOST01;
2408 } else { /* if (alg_a & SSL_aNULL) */
2409 SSLerror(s, ERR_R_INTERNAL_ERROR);
2410 return (NULL);
2411 }
2412
2413 return (c->pkeys + i);
2414}
2415
2416EVP_PKEY *
2417ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd,
2418 const struct ssl_sigalg **sap)
2419{
2420 const struct ssl_sigalg *sigalg = NULL;
2421 EVP_PKEY *pkey = NULL;
2422 unsigned long alg_a;
2423 SSL_CERT *c;
2424 int idx = -1;
2425
2426 alg_a = cipher->algorithm_auth;
2427 c = s->cert;
2428
2429 if (alg_a & SSL_aRSA) {
2430 idx = SSL_PKEY_RSA;
2431 } else if ((alg_a & SSL_aECDSA) &&
2432 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2433 idx = SSL_PKEY_ECC;
2434 if (idx == -1) {
2435 SSLerror(s, ERR_R_INTERNAL_ERROR);
2436 return (NULL);
2437 }
2438
2439 pkey = c->pkeys[idx].privatekey;
2440 if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) {
2441 SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
2442 return (NULL);
2443 }
2444 *pmd = sigalg->md();
2445 *sap = sigalg;
2446
2447 return (pkey);
2448}
2449
2450size_t
2451ssl_dhe_params_auto_key_bits(SSL *s)
2452{
2453 SSL_CERT_PKEY *cpk;
2454 int key_bits;
2455
2456 if (s->cert->dhe_params_auto == 2) {
2457 key_bits = 1024;
2458 } else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) {
2459 key_bits = 1024;
2460 if (s->s3->hs.cipher->strength_bits == 256)
2461 key_bits = 3072;
2462 } else {
2463 if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
2464 return 0;
2465 if (cpk->privatekey == NULL ||
2466 EVP_PKEY_get0_RSA(cpk->privatekey) == NULL)
2467 return 0;
2468 if ((key_bits = EVP_PKEY_bits(cpk->privatekey)) <= 0)
2469 return 0;
2470 }
2471
2472 return key_bits;
2473}
2474
2475static int
2476ssl_should_update_external_cache(SSL *s, int mode)
2477{
2478 int cache_mode;
2479
2480 cache_mode = s->session_ctx->session_cache_mode;
2481
2482 /* Don't cache if mode says not to */
2483 if ((cache_mode & mode) == 0)
2484 return 0;
2485
2486 /* if it is not already cached, cache it */
2487 if (!s->hit)
2488 return 1;
2489
2490 /* If it's TLS 1.3, do it to match OpenSSL */
2491 if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION)
2492 return 1;
2493
2494 return 0;
2495}
2496
2497static int
2498ssl_should_update_internal_cache(SSL *s, int mode)
2499{
2500 int cache_mode;
2501
2502 cache_mode = s->session_ctx->session_cache_mode;
2503
2504 /* Don't cache if mode says not to */
2505 if ((cache_mode & mode) == 0)
2506 return 0;
2507
2508 /* If it is already cached, don't cache it again */
2509 if (s->hit)
2510 return 0;
2511
2512 if ((cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0)
2513 return 0;
2514
2515 /* If we are lesser than TLS 1.3, Cache it. */
2516 if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
2517 return 1;
2518
2519 /* Below this we consider TLS 1.3 or later */
2520
2521 /* If it's not a server, add it? OpenSSL does this. */
2522 if (!s->server)
2523 return 1;
2524
2525 /* XXX if we support early data / PSK need to add */
2526
2527 /*
2528 * If we have the remove session callback, we will want
2529 * to know about this even if it's a stateless ticket
2530 * from 1.3 so we can know when it is removed.
2531 */
2532 if (s->session_ctx->remove_session_cb != NULL)
2533 return 1;
2534
2535 /* If we have set OP_NO_TICKET, cache it. */
2536 if ((s->options & SSL_OP_NO_TICKET) != 0)
2537 return 1;
2538
2539 /* Otherwise do not cache */
2540 return 0;
2541}
2542
2543void
2544ssl_update_cache(SSL *s, int mode)
2545{
2546 int cache_mode, do_callback;
2547
2548 if (s->session->session_id_length == 0)
2549 return;
2550
2551 cache_mode = s->session_ctx->session_cache_mode;
2552 do_callback = ssl_should_update_external_cache(s, mode);
2553
2554 if (ssl_should_update_internal_cache(s, mode)) {
2555 /*
2556 * XXX should we fail if the add to the internal cache
2557 * fails? OpenSSL doesn't care..
2558 */
2559 (void) SSL_CTX_add_session(s->session_ctx, s->session);
2560 }
2561
2562 /*
2563 * Update the "external cache" by calling the new session
2564 * callback if present, even with TLS 1.3 without early data
2565 * "because some application just want to know about the
2566 * creation of a session and aren't doing a full cache".
2567 * Apparently, if they are doing a full cache, they'll have
2568 * some fun, but we endeavour to give application writers the
2569 * same glorious experience they expect from OpenSSL which
2570 * does it this way.
2571 */
2572 if (do_callback && s->session_ctx->new_session_cb != NULL) {
2573 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2574 if (!s->session_ctx->new_session_cb(s, s->session))
2575 SSL_SESSION_free(s->session);
2576 }
2577
2578 /* Auto flush every 255 connections. */
2579 if (!(cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR) &&
2580 (cache_mode & mode) != 0) {
2581 int connections;
2582 if (mode & SSL_SESS_CACHE_CLIENT)
2583 connections = s->session_ctx->stats.sess_connect_good;
2584 else
2585 connections = s->session_ctx->stats.sess_accept_good;
2586 if ((connections & 0xff) == 0xff)
2587 SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
2588 }
2589}
2590
2591const SSL_METHOD *
2592SSL_get_ssl_method(SSL *s)
2593{
2594 return (s->method);
2595}
2596LSSL_ALIAS(SSL_get_ssl_method);
2597
2598int
2599SSL_set_ssl_method(SSL *s, const SSL_METHOD *method)
2600{
2601 int (*handshake_func)(SSL *) = NULL;
2602 int ret = 1;
2603
2604 if (s->method == method)
2605 return (ret);
2606
2607 if (s->handshake_func == s->method->ssl_connect)
2608 handshake_func = method->ssl_connect;
2609 else if (s->handshake_func == s->method->ssl_accept)
2610 handshake_func = method->ssl_accept;
2611
2612 if (s->method->version == method->version) {
2613 s->method = method;
2614 } else {
2615 s->method->ssl_free(s);
2616 s->method = method;
2617 ret = s->method->ssl_new(s);
2618 }
2619 s->handshake_func = handshake_func;
2620
2621 return (ret);
2622}
2623LSSL_ALIAS(SSL_set_ssl_method);
2624
2625int
2626SSL_get_error(const SSL *s, int i)
2627{
2628 unsigned long l;
2629 int reason;
2630 BIO *bio;
2631
2632 if (i > 0)
2633 return (SSL_ERROR_NONE);
2634
2635 /*
2636 * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2637 * etc, where we do encode the error.
2638 */
2639 if ((l = ERR_peek_error()) != 0) {
2640 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2641 return (SSL_ERROR_SYSCALL);
2642 else
2643 return (SSL_ERROR_SSL);
2644 }
2645
2646 if (SSL_want_read(s)) {
2647 bio = SSL_get_rbio(s);
2648 if (BIO_should_read(bio)) {
2649 return (SSL_ERROR_WANT_READ);
2650 } else if (BIO_should_write(bio)) {
2651 /*
2652 * This one doesn't make too much sense... We never
2653 * try to write to the rbio, and an application
2654 * program where rbio and wbio are separate couldn't
2655 * even know what it should wait for. However if we
2656 * ever set s->rwstate incorrectly (so that we have
2657 * SSL_want_read(s) instead of SSL_want_write(s))
2658 * and rbio and wbio *are* the same, this test works
2659 * around that bug; so it might be safer to keep it.
2660 */
2661 return (SSL_ERROR_WANT_WRITE);
2662 } else if (BIO_should_io_special(bio)) {
2663 reason = BIO_get_retry_reason(bio);
2664 if (reason == BIO_RR_CONNECT)
2665 return (SSL_ERROR_WANT_CONNECT);
2666 else if (reason == BIO_RR_ACCEPT)
2667 return (SSL_ERROR_WANT_ACCEPT);
2668 else
2669 return (SSL_ERROR_SYSCALL); /* unknown */
2670 }
2671 }
2672
2673 if (SSL_want_write(s)) {
2674 bio = SSL_get_wbio(s);
2675 if (BIO_should_write(bio)) {
2676 return (SSL_ERROR_WANT_WRITE);
2677 } else if (BIO_should_read(bio)) {
2678 /*
2679 * See above (SSL_want_read(s) with
2680 * BIO_should_write(bio))
2681 */
2682 return (SSL_ERROR_WANT_READ);
2683 } else if (BIO_should_io_special(bio)) {
2684 reason = BIO_get_retry_reason(bio);
2685 if (reason == BIO_RR_CONNECT)
2686 return (SSL_ERROR_WANT_CONNECT);
2687 else if (reason == BIO_RR_ACCEPT)
2688 return (SSL_ERROR_WANT_ACCEPT);
2689 else
2690 return (SSL_ERROR_SYSCALL);
2691 }
2692 }
2693
2694 if (SSL_want_x509_lookup(s))
2695 return (SSL_ERROR_WANT_X509_LOOKUP);
2696
2697 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2698 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2699 return (SSL_ERROR_ZERO_RETURN);
2700
2701 return (SSL_ERROR_SYSCALL);
2702}
2703LSSL_ALIAS(SSL_get_error);
2704
2705int
2706SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method)
2707{
2708 if (ctx->method->dtls)
2709 return 0;
2710
2711 ctx->quic_method = quic_method;
2712
2713 return 1;
2714}
2715LSSL_ALIAS(SSL_CTX_set_quic_method);
2716
2717int
2718SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method)
2719{
2720 if (ssl->method->dtls)
2721 return 0;
2722
2723 ssl->quic_method = quic_method;
2724
2725 return 1;
2726}
2727LSSL_ALIAS(SSL_set_quic_method);
2728
2729size_t
2730SSL_quic_max_handshake_flight_len(const SSL *ssl,
2731 enum ssl_encryption_level_t level)
2732{
2733 size_t flight_len;
2734
2735 /* Limit flights to 16K when there are no large certificate messages. */
2736 flight_len = 16384;
2737
2738 switch (level) {
2739 case ssl_encryption_initial:
2740 return flight_len;
2741
2742 case ssl_encryption_early_data:
2743 /* QUIC does not send EndOfEarlyData. */
2744 return 0;
2745
2746 case ssl_encryption_handshake:
2747 if (ssl->server) {
2748 /*
2749 * Servers may receive Certificate message if configured
2750 * to request client certificates.
2751 */
2752 if ((SSL_get_verify_mode(ssl) & SSL_VERIFY_PEER) != 0 &&
2753 ssl->max_cert_list > flight_len)
2754 flight_len = ssl->max_cert_list;
2755 } else {
2756 /*
2757 * Clients may receive both Certificate message and a
2758 * CertificateRequest message.
2759 */
2760 if (ssl->max_cert_list * 2 > flight_len)
2761 flight_len = ssl->max_cert_list * 2;
2762 }
2763 return flight_len;
2764 case ssl_encryption_application:
2765 /*
2766 * Note there is not actually a bound on the number of
2767 * NewSessionTickets one may send in a row. This level may need
2768 * more involved flow control.
2769 */
2770 return flight_len;
2771 }
2772
2773 return 0;
2774}
2775LSSL_ALIAS(SSL_quic_max_handshake_flight_len);
2776
2777enum ssl_encryption_level_t
2778SSL_quic_read_level(const SSL *ssl)
2779{
2780 return ssl->s3->hs.tls13.quic_read_level;
2781}
2782LSSL_ALIAS(SSL_quic_read_level);
2783
2784enum ssl_encryption_level_t
2785SSL_quic_write_level(const SSL *ssl)
2786{
2787 return ssl->s3->hs.tls13.quic_write_level;
2788}
2789LSSL_ALIAS(SSL_quic_write_level);
2790
2791int
2792SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
2793 const uint8_t *data, size_t len)
2794{
2795 if (!SSL_is_quic(ssl)) {
2796 SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2797 return 0;
2798 }
2799
2800 if (level != SSL_quic_read_level(ssl)) {
2801 SSLerror(ssl, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED);
2802 return 0;
2803 }
2804
2805 if (ssl->s3->hs.tls13.quic_read_buffer == NULL) {
2806 ssl->s3->hs.tls13.quic_read_buffer = tls_buffer_new(0);
2807 if (ssl->s3->hs.tls13.quic_read_buffer == NULL) {
2808 SSLerror(ssl, ERR_R_MALLOC_FAILURE);
2809 return 0;
2810 }
2811 }
2812
2813 /* XXX - note that this does not currently downsize. */
2814 tls_buffer_set_capacity_limit(ssl->s3->hs.tls13.quic_read_buffer,
2815 SSL_quic_max_handshake_flight_len(ssl, level));
2816
2817 /*
2818 * XXX - an append that fails due to exceeding capacity should set
2819 * SSL_R_EXCESSIVE_MESSAGE_SIZE.
2820 */
2821 return tls_buffer_append(ssl->s3->hs.tls13.quic_read_buffer, data, len);
2822}
2823LSSL_ALIAS(SSL_provide_quic_data);
2824
2825int
2826SSL_process_quic_post_handshake(SSL *ssl)
2827{
2828 /* XXX - this needs to run PHH received. */
2829 return 1;
2830}
2831LSSL_ALIAS(SSL_process_quic_post_handshake);
2832
2833int
2834SSL_do_handshake(SSL *s)
2835{
2836 if (s->handshake_func == NULL) {
2837 SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET);
2838 return (-1);
2839 }
2840
2841 s->method->ssl_renegotiate_check(s);
2842
2843 if (!SSL_in_init(s) && !SSL_in_before(s))
2844 return 1;
2845
2846 return s->handshake_func(s);
2847}
2848LSSL_ALIAS(SSL_do_handshake);
2849
2850/*
2851 * For the next 2 functions, SSL_clear() sets shutdown and so
2852 * one of these calls will reset it
2853 */
2854void
2855SSL_set_accept_state(SSL *s)
2856{
2857 s->server = 1;
2858 s->shutdown = 0;
2859 s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2860 s->handshake_func = s->method->ssl_accept;
2861 ssl_clear_cipher_state(s);
2862}
2863LSSL_ALIAS(SSL_set_accept_state);
2864
2865void
2866SSL_set_connect_state(SSL *s)
2867{
2868 s->server = 0;
2869 s->shutdown = 0;
2870 s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2871 s->handshake_func = s->method->ssl_connect;
2872 ssl_clear_cipher_state(s);
2873}
2874LSSL_ALIAS(SSL_set_connect_state);
2875
2876int
2877ssl_undefined_function(SSL *s)
2878{
2879 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2880 return (0);
2881}
2882
2883int
2884ssl_undefined_void_function(void)
2885{
2886 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2887 return (0);
2888}
2889
2890int
2891ssl_undefined_const_function(const SSL *s)
2892{
2893 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2894 return (0);
2895}
2896
2897const char *
2898ssl_version_string(int ver)
2899{
2900 switch (ver) {
2901 case TLS1_VERSION:
2902 return (SSL_TXT_TLSV1);
2903 case TLS1_1_VERSION:
2904 return (SSL_TXT_TLSV1_1);
2905 case TLS1_2_VERSION:
2906 return (SSL_TXT_TLSV1_2);
2907 case TLS1_3_VERSION:
2908 return (SSL_TXT_TLSV1_3);
2909 case DTLS1_VERSION:
2910 return (SSL_TXT_DTLS1);
2911 case DTLS1_2_VERSION:
2912 return (SSL_TXT_DTLS1_2);
2913 default:
2914 return ("unknown");
2915 }
2916}
2917
2918const char *
2919SSL_get_version(const SSL *s)
2920{
2921 return ssl_version_string(s->version);
2922}
2923LSSL_ALIAS(SSL_get_version);
2924
2925SSL *
2926SSL_dup(SSL *s)
2927{
2928 STACK_OF(X509_NAME) *sk;
2929 X509_NAME *xn;
2930 SSL *ret;
2931 int i;
2932
2933 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2934 goto err;
2935
2936 ret->version = s->version;
2937 ret->method = s->method;
2938
2939 if (s->session != NULL) {
2940 if (!SSL_copy_session_id(ret, s))
2941 goto err;
2942 } else {
2943 /*
2944 * No session has been established yet, so we have to expect
2945 * that s->cert or ret->cert will be changed later --
2946 * they should not both point to the same object,
2947 * and thus we can't use SSL_copy_session_id.
2948 */
2949
2950 ret->method->ssl_free(ret);
2951 ret->method = s->method;
2952 ret->method->ssl_new(ret);
2953
2954 ssl_cert_free(ret->cert);
2955 if ((ret->cert = ssl_cert_dup(s->cert)) == NULL)
2956 goto err;
2957
2958 if (!SSL_set_session_id_context(ret, s->sid_ctx,
2959 s->sid_ctx_length))
2960 goto err;
2961 }
2962
2963 ret->options = s->options;
2964 ret->mode = s->mode;
2965 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
2966 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
2967 ret->msg_callback = s->msg_callback;
2968 ret->msg_callback_arg = s->msg_callback_arg;
2969 SSL_set_verify(ret, SSL_get_verify_mode(s),
2970 SSL_get_verify_callback(s));
2971 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
2972 ret->generate_session_id = s->generate_session_id;
2973
2974 SSL_set_info_callback(ret, SSL_get_info_callback(s));
2975
2976 ret->debug = s->debug;
2977
2978 /* copy app data, a little dangerous perhaps */
2979 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
2980 &ret->ex_data, &s->ex_data))
2981 goto err;
2982
2983 /* setup rbio, and wbio */
2984 if (s->rbio != NULL) {
2985 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2986 goto err;
2987 }
2988 if (s->wbio != NULL) {
2989 if (s->wbio != s->rbio) {
2990 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2991 goto err;
2992 } else
2993 ret->wbio = ret->rbio;
2994 }
2995 ret->rwstate = s->rwstate;
2996 ret->in_handshake = s->in_handshake;
2997 ret->handshake_func = s->handshake_func;
2998 ret->server = s->server;
2999 ret->renegotiate = s->renegotiate;
3000 ret->new_session = s->new_session;
3001 ret->quiet_shutdown = s->quiet_shutdown;
3002 ret->shutdown = s->shutdown;
3003 /* SSL_dup does not really work at any state, though */
3004 ret->s3->hs.state = s->s3->hs.state;
3005 ret->rstate = s->rstate;
3006
3007 /*
3008 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
3009 * ret->init_off
3010 */
3011 ret->init_num = 0;
3012
3013 ret->hit = s->hit;
3014
3015 X509_VERIFY_PARAM_inherit(ret->param, s->param);
3016
3017 if (s->cipher_list != NULL) {
3018 if ((ret->cipher_list =
3019 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
3020 goto err;
3021 }
3022 if (s->cipher_list_tls13 != NULL) {
3023 if ((ret->cipher_list_tls13 =
3024 sk_SSL_CIPHER_dup(s->cipher_list_tls13)) == NULL)
3025 goto err;
3026 }
3027
3028 /* Dup the client_CA list */
3029 if (s->client_CA != NULL) {
3030 if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
3031 ret->client_CA = sk;
3032 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
3033 xn = sk_X509_NAME_value(sk, i);
3034 if (sk_X509_NAME_set(sk, i,
3035 X509_NAME_dup(xn)) == NULL) {
3036 X509_NAME_free(xn);
3037 goto err;
3038 }
3039 }
3040 }
3041
3042 return ret;
3043 err:
3044 SSL_free(ret);
3045 return NULL;
3046}
3047LSSL_ALIAS(SSL_dup);
3048
3049void
3050ssl_clear_cipher_state(SSL *s)
3051{
3052 tls12_record_layer_clear_read_state(s->rl);
3053 tls12_record_layer_clear_write_state(s->rl);
3054}
3055
3056void
3057ssl_info_callback(const SSL *s, int type, int value)
3058{
3059 ssl_info_callback_fn *cb;
3060
3061 if ((cb = s->info_callback) == NULL)
3062 cb = s->ctx->info_callback;
3063 if (cb != NULL)
3064 cb(s, type, value);
3065}
3066
3067void
3068ssl_msg_callback(SSL *s, int is_write, int content_type,
3069 const void *msg_buf, size_t msg_len)
3070{
3071 if (s->msg_callback == NULL)
3072 return;
3073
3074 s->msg_callback(is_write, s->version, content_type,
3075 msg_buf, msg_len, s, s->msg_callback_arg);
3076}
3077
3078void
3079ssl_msg_callback_cbs(SSL *s, int is_write, int content_type, CBS *cbs)
3080{
3081 ssl_msg_callback(s, is_write, content_type, CBS_data(cbs), CBS_len(cbs));
3082}
3083
3084/* Fix this function so that it takes an optional type parameter */
3085X509 *
3086SSL_get_certificate(const SSL *s)
3087{
3088 return (s->cert->key->x509);
3089}
3090LSSL_ALIAS(SSL_get_certificate);
3091
3092/* Fix this function so that it takes an optional type parameter */
3093EVP_PKEY *
3094SSL_get_privatekey(const SSL *s)
3095{
3096 return (s->cert->key->privatekey);
3097}
3098LSSL_ALIAS(SSL_get_privatekey);
3099
3100const SSL_CIPHER *
3101SSL_get_current_cipher(const SSL *s)
3102{
3103 if ((s->session != NULL) && (s->session->cipher != NULL))
3104 return (s->session->cipher);
3105 return (NULL);
3106}
3107LSSL_ALIAS(SSL_get_current_cipher);
3108const void *
3109SSL_get_current_compression(SSL *s)
3110{
3111 return (NULL);
3112}
3113LSSL_ALIAS(SSL_get_current_compression);
3114
3115const void *
3116SSL_get_current_expansion(SSL *s)
3117{
3118 return (NULL);
3119}
3120LSSL_ALIAS(SSL_get_current_expansion);
3121
3122size_t
3123SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out)
3124{
3125 size_t len = sizeof(s->s3->client_random);
3126
3127 if (out == NULL)
3128 return len;
3129
3130 if (len > max_out)
3131 len = max_out;
3132
3133 memcpy(out, s->s3->client_random, len);
3134
3135 return len;
3136}
3137LSSL_ALIAS(SSL_get_client_random);
3138
3139size_t
3140SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out)
3141{
3142 size_t len = sizeof(s->s3->server_random);
3143
3144 if (out == NULL)
3145 return len;
3146
3147 if (len > max_out)
3148 len = max_out;
3149
3150 memcpy(out, s->s3->server_random, len);
3151
3152 return len;
3153}
3154LSSL_ALIAS(SSL_get_server_random);
3155
3156int
3157ssl_init_wbio_buffer(SSL *s, int push)
3158{
3159 BIO *bbio;
3160
3161 if (s->bbio == NULL) {
3162 bbio = BIO_new(BIO_f_buffer());
3163 if (bbio == NULL)
3164 return (0);
3165 s->bbio = bbio;
3166 } else {
3167 bbio = s->bbio;
3168 if (s->bbio == s->wbio)
3169 s->wbio = BIO_pop(s->wbio);
3170 }
3171 (void)BIO_reset(bbio);
3172/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
3173 if (!BIO_set_read_buffer_size(bbio, 1)) {
3174 SSLerror(s, ERR_R_BUF_LIB);
3175 return (0);
3176 }
3177 if (push) {
3178 if (s->wbio != bbio)
3179 s->wbio = BIO_push(bbio, s->wbio);
3180 } else {
3181 if (s->wbio == bbio)
3182 s->wbio = BIO_pop(bbio);
3183 }
3184 return (1);
3185}
3186
3187void
3188ssl_free_wbio_buffer(SSL *s)
3189{
3190 if (s == NULL)
3191 return;
3192
3193 if (s->bbio == NULL)
3194 return;
3195
3196 if (s->bbio == s->wbio) {
3197 /* remove buffering */
3198 s->wbio = BIO_pop(s->wbio);
3199 }
3200 BIO_free(s->bbio);
3201 s->bbio = NULL;
3202}
3203
3204void
3205SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
3206{
3207 ctx->quiet_shutdown = mode;
3208}
3209LSSL_ALIAS(SSL_CTX_set_quiet_shutdown);
3210
3211int
3212SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
3213{
3214 return (ctx->quiet_shutdown);
3215}
3216LSSL_ALIAS(SSL_CTX_get_quiet_shutdown);
3217
3218void
3219SSL_set_quiet_shutdown(SSL *s, int mode)
3220{
3221 s->quiet_shutdown = mode;
3222}
3223LSSL_ALIAS(SSL_set_quiet_shutdown);
3224
3225int
3226SSL_get_quiet_shutdown(const SSL *s)
3227{
3228 return (s->quiet_shutdown);
3229}
3230LSSL_ALIAS(SSL_get_quiet_shutdown);
3231
3232void
3233SSL_set_shutdown(SSL *s, int mode)
3234{
3235 s->shutdown = mode;
3236}
3237LSSL_ALIAS(SSL_set_shutdown);
3238
3239int
3240SSL_get_shutdown(const SSL *s)
3241{
3242 return (s->shutdown);
3243}
3244LSSL_ALIAS(SSL_get_shutdown);
3245
3246int
3247SSL_version(const SSL *s)
3248{
3249 return (s->version);
3250}
3251LSSL_ALIAS(SSL_version);
3252
3253SSL_CTX *
3254SSL_get_SSL_CTX(const SSL *ssl)
3255{
3256 return (ssl->ctx);
3257}
3258LSSL_ALIAS(SSL_get_SSL_CTX);
3259
3260SSL_CTX *
3261SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
3262{
3263 SSL_CERT *new_cert;
3264
3265 if (ctx == NULL)
3266 ctx = ssl->initial_ctx;
3267 if (ssl->ctx == ctx)
3268 return (ssl->ctx);
3269
3270 if ((new_cert = ssl_cert_dup(ctx->cert)) == NULL)
3271 return NULL;
3272 ssl_cert_free(ssl->cert);
3273 ssl->cert = new_cert;
3274
3275 SSL_CTX_up_ref(ctx);
3276 SSL_CTX_free(ssl->ctx); /* decrement reference count */
3277 ssl->ctx = ctx;
3278
3279 return (ssl->ctx);
3280}
3281LSSL_ALIAS(SSL_set_SSL_CTX);
3282
3283int
3284SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
3285{
3286 return (X509_STORE_set_default_paths(ctx->cert_store));
3287}
3288LSSL_ALIAS(SSL_CTX_set_default_verify_paths);
3289
3290int
3291SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
3292 const char *CApath)
3293{
3294 return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
3295}
3296LSSL_ALIAS(SSL_CTX_load_verify_locations);
3297
3298int
3299SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len)
3300{
3301 return (X509_STORE_load_mem(ctx->cert_store, buf, len));
3302}
3303LSSL_ALIAS(SSL_CTX_load_verify_mem);
3304
3305void
3306SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
3307{
3308 ssl->info_callback = cb;
3309}
3310LSSL_ALIAS(SSL_set_info_callback);
3311
3312void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
3313{
3314 return (ssl->info_callback);
3315}
3316
3317int
3318SSL_state(const SSL *ssl)
3319{
3320 return (ssl->s3->hs.state);
3321}
3322LSSL_ALIAS(SSL_state);
3323
3324void
3325SSL_set_state(SSL *ssl, int state)
3326{
3327 ssl->s3->hs.state = state;
3328}
3329LSSL_ALIAS(SSL_set_state);
3330
3331void
3332SSL_set_verify_result(SSL *ssl, long arg)
3333{
3334 ssl->verify_result = arg;
3335}
3336LSSL_ALIAS(SSL_set_verify_result);
3337
3338long
3339SSL_get_verify_result(const SSL *ssl)
3340{
3341 return (ssl->verify_result);
3342}
3343LSSL_ALIAS(SSL_get_verify_result);
3344
3345int
3346SSL_verify_client_post_handshake(SSL *ssl)
3347{
3348 return 0;
3349}
3350LSSL_ALIAS(SSL_verify_client_post_handshake);
3351
3352void
3353SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
3354{
3355 return;
3356}
3357LSSL_ALIAS(SSL_CTX_set_post_handshake_auth);
3358
3359void
3360SSL_set_post_handshake_auth(SSL *ssl, int val)
3361{
3362 return;
3363}
3364LSSL_ALIAS(SSL_set_post_handshake_auth);
3365
3366int
3367SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
3368 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
3369{
3370 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
3371 new_func, dup_func, free_func));
3372}
3373LSSL_ALIAS(SSL_get_ex_new_index);
3374
3375int
3376SSL_set_ex_data(SSL *s, int idx, void *arg)
3377{
3378 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3379}
3380LSSL_ALIAS(SSL_set_ex_data);
3381
3382void *
3383SSL_get_ex_data(const SSL *s, int idx)
3384{
3385 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3386}
3387LSSL_ALIAS(SSL_get_ex_data);
3388
3389int
3390SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
3391 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
3392{
3393 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
3394 new_func, dup_func, free_func));
3395}
3396LSSL_ALIAS(SSL_CTX_get_ex_new_index);
3397
3398int
3399SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
3400{
3401 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3402}
3403LSSL_ALIAS(SSL_CTX_set_ex_data);
3404
3405void *
3406SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
3407{
3408 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3409}
3410LSSL_ALIAS(SSL_CTX_get_ex_data);
3411
3412int
3413ssl_ok(SSL *s)
3414{
3415 return (1);
3416}
3417
3418X509_STORE *
3419SSL_CTX_get_cert_store(const SSL_CTX *ctx)
3420{
3421 return (ctx->cert_store);
3422}
3423LSSL_ALIAS(SSL_CTX_get_cert_store);
3424
3425void
3426SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
3427{
3428 X509_STORE_free(ctx->cert_store);
3429 ctx->cert_store = store;
3430}
3431LSSL_ALIAS(SSL_CTX_set_cert_store);
3432
3433X509 *
3434SSL_CTX_get0_certificate(const SSL_CTX *ctx)
3435{
3436 if (ctx->cert == NULL)
3437 return NULL;
3438
3439 return ctx->cert->key->x509;
3440}
3441LSSL_ALIAS(SSL_CTX_get0_certificate);
3442
3443EVP_PKEY *
3444SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
3445{
3446 if (ctx->cert == NULL)
3447 return NULL;
3448
3449 return ctx->cert->key->privatekey;
3450}
3451LSSL_ALIAS(SSL_CTX_get0_privatekey);
3452
3453int
3454SSL_want(const SSL *s)
3455{
3456 return (s->rwstate);
3457}
3458LSSL_ALIAS(SSL_want);
3459
3460void
3461SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export,
3462 int keylength))
3463{
3464 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3465}
3466LSSL_ALIAS(SSL_CTX_set_tmp_rsa_callback);
3467
3468void
3469SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
3470 int keylength))
3471{
3472 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3473}
3474LSSL_ALIAS(SSL_set_tmp_rsa_callback);
3475
3476void
3477SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export,
3478 int keylength))
3479{
3480 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3481}
3482LSSL_ALIAS(SSL_CTX_set_tmp_dh_callback);
3483
3484void
3485SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
3486 int keylength))
3487{
3488 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3489}
3490LSSL_ALIAS(SSL_set_tmp_dh_callback);
3491
3492void
3493SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,
3494 int is_export, int keylength))
3495{
3496 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
3497 (void (*)(void))ecdh);
3498}
3499LSSL_ALIAS(SSL_CTX_set_tmp_ecdh_callback);
3500
3501void
3502SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
3503 int keylength))
3504{
3505 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3506}
3507LSSL_ALIAS(SSL_set_tmp_ecdh_callback);
3508
3509
3510void
3511SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version,
3512 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3513{
3514 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK,
3515 (void (*)(void))cb);
3516}
3517LSSL_ALIAS(SSL_CTX_set_msg_callback);
3518
3519void
3520SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
3521 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3522{
3523 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3524}
3525LSSL_ALIAS(SSL_set_msg_callback);
3526
3527void
3528SSL_set_debug(SSL *s, int debug)
3529{
3530 s->debug = debug;
3531}
3532LSSL_ALIAS(SSL_set_debug);
3533
3534int
3535SSL_cache_hit(SSL *s)
3536{
3537 return (s->hit);
3538}
3539LSSL_ALIAS(SSL_cache_hit);
3540
3541int
3542SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
3543{
3544 return ctx->min_proto_version;
3545}
3546LSSL_ALIAS(SSL_CTX_get_min_proto_version);
3547
3548int
3549SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version)
3550{
3551 return ssl_version_set_min(ctx->method, version,
3552 ctx->max_tls_version, &ctx->min_tls_version,
3553 &ctx->min_proto_version);
3554}
3555LSSL_ALIAS(SSL_CTX_set_min_proto_version);
3556
3557int
3558SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
3559{
3560 return ctx->max_proto_version;
3561}
3562LSSL_ALIAS(SSL_CTX_get_max_proto_version);
3563
3564int
3565SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version)
3566{
3567 return ssl_version_set_max(ctx->method, version,
3568 ctx->min_tls_version, &ctx->max_tls_version,
3569 &ctx->max_proto_version);
3570}
3571LSSL_ALIAS(SSL_CTX_set_max_proto_version);
3572
3573int
3574SSL_get_min_proto_version(SSL *ssl)
3575{
3576 return ssl->min_proto_version;
3577}
3578LSSL_ALIAS(SSL_get_min_proto_version);
3579
3580int
3581SSL_set_min_proto_version(SSL *ssl, uint16_t version)
3582{
3583 return ssl_version_set_min(ssl->method, version,
3584 ssl->max_tls_version, &ssl->min_tls_version,
3585 &ssl->min_proto_version);
3586}
3587LSSL_ALIAS(SSL_set_min_proto_version);
3588int
3589SSL_get_max_proto_version(SSL *ssl)
3590{
3591 return ssl->max_proto_version;
3592}
3593LSSL_ALIAS(SSL_get_max_proto_version);
3594
3595int
3596SSL_set_max_proto_version(SSL *ssl, uint16_t version)
3597{
3598 return ssl_version_set_max(ssl->method, version,
3599 ssl->min_tls_version, &ssl->max_tls_version,
3600 &ssl->max_proto_version);
3601}
3602LSSL_ALIAS(SSL_set_max_proto_version);
3603
3604const SSL_METHOD *
3605SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
3606{
3607 return ctx->method;
3608}
3609LSSL_ALIAS(SSL_CTX_get_ssl_method);
3610
3611int
3612SSL_CTX_get_security_level(const SSL_CTX *ctx)
3613{
3614 return ctx->cert->security_level;
3615}
3616LSSL_ALIAS(SSL_CTX_get_security_level);
3617
3618void
3619SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
3620{
3621 ctx->cert->security_level = level;
3622}
3623LSSL_ALIAS(SSL_CTX_set_security_level);
3624
3625int
3626SSL_get_security_level(const SSL *ssl)
3627{
3628 return ssl->cert->security_level;
3629}
3630LSSL_ALIAS(SSL_get_security_level);
3631
3632void
3633SSL_set_security_level(SSL *ssl, int level)
3634{
3635 ssl->cert->security_level = level;
3636}
3637LSSL_ALIAS(SSL_set_security_level);
3638
3639int
3640SSL_is_quic(const SSL *ssl)
3641{
3642 return ssl->quic_method != NULL;
3643}
3644LSSL_ALIAS(SSL_is_quic);
3645
3646int
3647SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
3648 size_t params_len)
3649{
3650 freezero(ssl->quic_transport_params,
3651 ssl->quic_transport_params_len);
3652 ssl->quic_transport_params = NULL;
3653 ssl->quic_transport_params_len = 0;
3654
3655 if ((ssl->quic_transport_params = malloc(params_len)) == NULL)
3656 return 0;
3657
3658 memcpy(ssl->quic_transport_params, params, params_len);
3659 ssl->quic_transport_params_len = params_len;
3660
3661 return 1;
3662}
3663LSSL_ALIAS(SSL_set_quic_transport_params);
3664
3665void
3666SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params,
3667 size_t *out_params_len)
3668{
3669 *out_params = ssl->s3->peer_quic_transport_params;
3670 *out_params_len = ssl->s3->peer_quic_transport_params_len;
3671}
3672LSSL_ALIAS(SSL_get_peer_quic_transport_params);
3673
3674void
3675SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy)
3676{
3677 /* Not supported. */
3678}
3679LSSL_ALIAS(SSL_set_quic_use_legacy_codepoint);
3680
3681static int
3682ssl_cipher_id_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
3683{
3684 SSL_CIPHER const *a = a_;
3685 SSL_CIPHER const *b = b_;
3686 return ssl_cipher_id_cmp(a, b);
3687}
3688
3689SSL_CIPHER *
3690OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num)
3691{
3692 return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER),
3693 ssl_cipher_id_cmp_BSEARCH_CMP_FN);
3694}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-02-12 22:29:33 +0000