summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c437
1 files changed, 327 insertions, 110 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 1fe85b6cb7..df307a80c5 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -57,22 +57,73 @@
57 * copied and put under another distribution licence 57 * copied and put under another distribution licence
58 * [including the GNU Public Licence.] 58 * [including the GNU Public Licence.]
59 */ 59 */
60/* ====================================================================
61 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
62 *
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
65 * are met:
66 *
67 * 1. Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 *
70 * 2. Redistributions in binary form must reproduce the above copyright
71 * notice, this list of conditions and the following disclaimer in
72 * the documentation and/or other materials provided with the
73 * distribution.
74 *
75 * 3. All advertising materials mentioning features or use of this
76 * software must display the following acknowledgment:
77 * "This product includes software developed by the OpenSSL Project
78 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
79 *
80 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
81 * endorse or promote products derived from this software without
82 * prior written permission. For written permission, please contact
83 * openssl-core@openssl.org.
84 *
85 * 5. Products derived from this software may not be called "OpenSSL"
86 * nor may "OpenSSL" appear in their names without prior written
87 * permission of the OpenSSL Project.
88 *
89 * 6. Redistributions of any form whatsoever must retain the following
90 * acknowledgment:
91 * "This product includes software developed by the OpenSSL Project
92 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
93 *
94 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
95 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
97 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
98 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
99 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
100 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
101 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
102 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
103 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
104 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
105 * OF THE POSSIBILITY OF SUCH DAMAGE.
106 * ====================================================================
107 *
108 * This product includes cryptographic software written by Eric Young
109 * (eay@cryptsoft.com). This product includes software written by Tim
110 * Hudson (tjh@cryptsoft.com).
111 *
112 */
60 113
61 114
62#include <assert.h> 115#ifdef REF_CHECK
116# include <assert.h>
117#endif
63#include <stdio.h> 118#include <stdio.h>
64#include <openssl/objects.h> 119#include <openssl/objects.h>
65#include <openssl/lhash.h> 120#include <openssl/lhash.h>
66#include <openssl/x509v3.h> 121#include <openssl/x509v3.h>
67#include "ssl_locl.h" 122#include "ssl_locl.h"
123#include "kssl_lcl.h"
68 124
69const char *SSL_version_str=OPENSSL_VERSION_TEXT; 125const char *SSL_version_str=OPENSSL_VERSION_TEXT;
70 126
71static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
72static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
73static int ssl_meth_num=0;
74static int ssl_ctx_meth_num=0;
75
76OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={ 127OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
77 /* evil casts, but these functions are only called if there's a library bug */ 128 /* evil casts, but these functions are only called if there's a library bug */
78 (int (*)(SSL *,int))ssl_undefined_function, 129 (int (*)(SSL *,int))ssl_undefined_function,
@@ -85,7 +136,6 @@ OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
85 136
86int SSL_clear(SSL *s) 137int SSL_clear(SSL *s)
87 { 138 {
88 int state;
89 139
90 if (s->method == NULL) 140 if (s->method == NULL)
91 { 141 {
@@ -93,6 +143,12 @@ int SSL_clear(SSL *s)
93 return(0); 143 return(0);
94 } 144 }
95 145
146 if (ssl_clear_bad_session(s))
147 {
148 SSL_SESSION_free(s->session);
149 s->session=NULL;
150 }
151
96 s->error=0; 152 s->error=0;
97 s->hit=0; 153 s->hit=0;
98 s->shutdown=0; 154 s->shutdown=0;
@@ -105,12 +161,11 @@ int SSL_clear(SSL *s)
105#else 161#else
106 if (s->new_session) 162 if (s->new_session)
107 { 163 {
108 SSLerr(SSL_F_SSL_CLEAR,SSL_R_INTERNAL_ERROR); 164 SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
109 return 0; 165 return 0;
110 } 166 }
111#endif 167#endif
112 168
113 state=s->state; /* Keep to check if we throw away the session-id */
114 s->type=0; 169 s->type=0;
115 170
116 s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); 171 s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
@@ -131,18 +186,12 @@ int SSL_clear(SSL *s)
131 186
132 ssl_clear_cipher_ctx(s); 187 ssl_clear_cipher_ctx(s);
133 188
134 if (ssl_clear_bad_session(s))
135 {
136 SSL_SESSION_free(s->session);
137 s->session=NULL;
138 }
139
140 s->first_packet=0; 189 s->first_packet=0;
141 190
142#if 1 191#if 1
143 /* Check to see if we were changed into a different method, if 192 /* Check to see if we were changed into a different method, if
144 * so, revert back if we are not doing session-id reuse. */ 193 * so, revert back if we are not doing session-id reuse. */
145 if ((s->session == NULL) && (s->method != s->ctx->method)) 194 if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
146 { 195 {
147 s->method->ssl_free(s); 196 s->method->ssl_free(s);
148 s->method=s->ctx->method; 197 s->method=s->ctx->method;
@@ -191,6 +240,14 @@ SSL *SSL_new(SSL_CTX *ctx)
191 if (s == NULL) goto err; 240 if (s == NULL) goto err;
192 memset(s,0,sizeof(SSL)); 241 memset(s,0,sizeof(SSL));
193 242
243#ifndef OPENSSL_NO_KRB5
244 s->kssl_ctx = kssl_ctx_new();
245#endif /* OPENSSL_NO_KRB5 */
246
247 s->options=ctx->options;
248 s->mode=ctx->mode;
249 s->max_cert_list=ctx->max_cert_list;
250
194 if (ctx->cert != NULL) 251 if (ctx->cert != NULL)
195 { 252 {
196 /* Earlier library versions used to copy the pointer to 253 /* Earlier library versions used to copy the pointer to
@@ -209,13 +266,20 @@ SSL *SSL_new(SSL_CTX *ctx)
209 } 266 }
210 else 267 else
211 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ 268 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
212 s->sid_ctx_length=ctx->sid_ctx_length; 269
213 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); 270 s->read_ahead=ctx->read_ahead;
271 s->msg_callback=ctx->msg_callback;
272 s->msg_callback_arg=ctx->msg_callback_arg;
214 s->verify_mode=ctx->verify_mode; 273 s->verify_mode=ctx->verify_mode;
215 s->verify_depth=ctx->verify_depth; 274 s->verify_depth=ctx->verify_depth;
275 s->sid_ctx_length=ctx->sid_ctx_length;
276 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
216 s->verify_callback=ctx->default_verify_callback; 277 s->verify_callback=ctx->default_verify_callback;
278 s->generate_session_id=ctx->generate_session_id;
217 s->purpose = ctx->purpose; 279 s->purpose = ctx->purpose;
218 s->trust = ctx->trust; 280 s->trust = ctx->trust;
281 s->quiet_shutdown=ctx->quiet_shutdown;
282
219 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 283 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
220 s->ctx=ctx; 284 s->ctx=ctx;
221 285
@@ -226,15 +290,12 @@ SSL *SSL_new(SSL_CTX *ctx)
226 if (!s->method->ssl_new(s)) 290 if (!s->method->ssl_new(s))
227 goto err; 291 goto err;
228 292
229 s->quiet_shutdown=ctx->quiet_shutdown;
230 s->references=1; 293 s->references=1;
231 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; 294 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
232 s->options=ctx->options; 295
233 s->mode=ctx->mode;
234 s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */
235 SSL_clear(s); 296 SSL_clear(s);
236 297
237 CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data); 298 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
238 299
239 return(s); 300 return(s);
240err: 301err:
@@ -278,45 +339,71 @@ int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
278 return 1; 339 return 1;
279 } 340 }
280 341
281int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) 342int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
282{ 343 {
283 if(X509_PURPOSE_get_by_id(purpose) == -1) { 344 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
284 SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE); 345 ctx->generate_session_id = cb;
285 return 0; 346 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
347 return 1;
286 } 348 }
287 s->purpose = purpose; 349
350int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
351 {
352 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
353 ssl->generate_session_id = cb;
354 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
288 return 1; 355 return 1;
289} 356 }
357
358int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
359 unsigned int id_len)
360 {
361 /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
362 * we can "construct" a session to give us the desired check - ie. to
363 * find if there's a session in the hash table that would conflict with
364 * any new session built out of this id/id_len and the ssl_version in
365 * use by this SSL. */
366 SSL_SESSION r, *p;
367 r.ssl_version = ssl->version;
368 r.session_id_length = id_len;
369 memcpy(r.session_id, id, id_len);
370 /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
371 * callback is calling us to check the uniqueness of a shorter ID, it
372 * must be compared as a padded-out ID because that is what it will be
373 * converted to when the callback has finished choosing it. */
374 if((r.ssl_version == SSL2_VERSION) &&
375 (id_len < SSL2_SSL_SESSION_ID_LENGTH))
376 {
377 memset(r.session_id + id_len, 0,
378 SSL2_SSL_SESSION_ID_LENGTH - id_len);
379 r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
380 }
381
382 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
383 p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
384 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
385 return (p != NULL);
386 }
387
388int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
389 {
390 return X509_PURPOSE_set(&s->purpose, purpose);
391 }
290 392
291int SSL_set_purpose(SSL *s, int purpose) 393int SSL_set_purpose(SSL *s, int purpose)
292{ 394 {
293 if(X509_PURPOSE_get_by_id(purpose) == -1) { 395 return X509_PURPOSE_set(&s->purpose, purpose);
294 SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
295 return 0;
296 } 396 }
297 s->purpose = purpose; 397
298 return 1;
299}
300
301int SSL_CTX_set_trust(SSL_CTX *s, int trust) 398int SSL_CTX_set_trust(SSL_CTX *s, int trust)
302{ 399 {
303 if(X509_TRUST_get_by_id(trust) == -1) { 400 return X509_TRUST_set(&s->trust, trust);
304 SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST);
305 return 0;
306 } 401 }
307 s->trust = trust;
308 return 1;
309}
310 402
311int SSL_set_trust(SSL *s, int trust) 403int SSL_set_trust(SSL *s, int trust)
312{ 404 {
313 if(X509_TRUST_get_by_id(trust) == -1) { 405 return X509_TRUST_set(&s->trust, trust);
314 SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST);
315 return 0;
316 } 406 }
317 s->trust = trust;
318 return 1;
319}
320 407
321void SSL_free(SSL *s) 408void SSL_free(SSL *s)
322 { 409 {
@@ -338,7 +425,7 @@ void SSL_free(SSL *s)
338 } 425 }
339#endif 426#endif
340 427
341 CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data); 428 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
342 429
343 if (s->bbio != NULL) 430 if (s->bbio != NULL)
344 { 431 {
@@ -411,6 +498,11 @@ BIO *SSL_get_wbio(SSL *s)
411 498
412int SSL_get_fd(SSL *s) 499int SSL_get_fd(SSL *s)
413 { 500 {
501 return(SSL_get_rfd(s));
502 }
503
504int SSL_get_rfd(SSL *s)
505 {
414 int ret= -1; 506 int ret= -1;
415 BIO *b,*r; 507 BIO *b,*r;
416 508
@@ -421,7 +513,19 @@ int SSL_get_fd(SSL *s)
421 return(ret); 513 return(ret);
422 } 514 }
423 515
424#ifndef NO_SOCK 516int SSL_get_wfd(SSL *s)
517 {
518 int ret= -1;
519 BIO *b,*r;
520
521 b=SSL_get_wbio(s);
522 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
523 if (r != NULL)
524 BIO_get_fd(r,&ret);
525 return(ret);
526 }
527
528#ifndef OPENSSL_NO_SOCK
425int SSL_set_fd(SSL *s,int fd) 529int SSL_set_fd(SSL *s,int fd)
426 { 530 {
427 int ret=0; 531 int ret=0;
@@ -576,6 +680,13 @@ int SSL_get_read_ahead(SSL *s)
576 680
577int SSL_pending(SSL *s) 681int SSL_pending(SSL *s)
578 { 682 {
683 /* SSL_pending cannot work properly if read-ahead is enabled
684 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
685 * and it is impossible to fix since SSL_pending cannot report
686 * errors that may be observed while scanning the new data.
687 * (Note that SSL_pending() is often used as a boolean value,
688 * so we'd better not return -1.)
689 */
579 return(s->method->ssl_pending(s)); 690 return(s->method->ssl_pending(s));
580 } 691 }
581 692
@@ -778,11 +889,21 @@ int SSL_shutdown(SSL *s)
778 889
779int SSL_renegotiate(SSL *s) 890int SSL_renegotiate(SSL *s)
780 { 891 {
781 s->new_session=1; 892 if (s->new_session == 0)
893 {
894 s->new_session=1;
895 }
782 return(s->method->ssl_renegotiate(s)); 896 return(s->method->ssl_renegotiate(s));
783 } 897 }
784 898
785long SSL_ctrl(SSL *s,int cmd,long larg,char *parg) 899int SSL_renegotiate_pending(SSL *s)
900 {
901 /* becomes true when negotiation is requested;
902 * false again once a handshake has finished */
903 return (s->new_session != 0);
904 }
905
906long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
786 { 907 {
787 long l; 908 long l;
788 909
@@ -794,10 +915,21 @@ long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
794 l=s->read_ahead; 915 l=s->read_ahead;
795 s->read_ahead=larg; 916 s->read_ahead=larg;
796 return(l); 917 return(l);
918
919 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
920 s->msg_callback_arg = parg;
921 return 1;
922
797 case SSL_CTRL_OPTIONS: 923 case SSL_CTRL_OPTIONS:
798 return(s->options|=larg); 924 return(s->options|=larg);
799 case SSL_CTRL_MODE: 925 case SSL_CTRL_MODE:
800 return(s->mode|=larg); 926 return(s->mode|=larg);
927 case SSL_CTRL_GET_MAX_CERT_LIST:
928 return(s->max_cert_list);
929 case SSL_CTRL_SET_MAX_CERT_LIST:
930 l=s->max_cert_list;
931 s->max_cert_list=larg;
932 return(l);
801 default: 933 default:
802 return(s->method->ssl_ctrl(s,cmd,larg,parg)); 934 return(s->method->ssl_ctrl(s,cmd,larg,parg));
803 } 935 }
@@ -807,6 +939,10 @@ long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)())
807 { 939 {
808 switch(cmd) 940 switch(cmd)
809 { 941 {
942 case SSL_CTRL_SET_MSG_CALLBACK:
943 s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
944 return 1;
945
810 default: 946 default:
811 return(s->method->ssl_callback_ctrl(s,cmd,fp)); 947 return(s->method->ssl_callback_ctrl(s,cmd,fp));
812 } 948 }
@@ -817,7 +953,7 @@ struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
817 return ctx->sessions; 953 return ctx->sessions;
818 } 954 }
819 955
820long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg) 956long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
821 { 957 {
822 long l; 958 long l;
823 959
@@ -829,6 +965,17 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg)
829 l=ctx->read_ahead; 965 l=ctx->read_ahead;
830 ctx->read_ahead=larg; 966 ctx->read_ahead=larg;
831 return(l); 967 return(l);
968
969 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
970 ctx->msg_callback_arg = parg;
971 return 1;
972
973 case SSL_CTRL_GET_MAX_CERT_LIST:
974 return(ctx->max_cert_list);
975 case SSL_CTRL_SET_MAX_CERT_LIST:
976 l=ctx->max_cert_list;
977 ctx->max_cert_list=larg;
978 return(l);
832 979
833 case SSL_CTRL_SET_SESS_CACHE_SIZE: 980 case SSL_CTRL_SET_SESS_CACHE_SIZE:
834 l=ctx->session_cache_size; 981 l=ctx->session_cache_size;
@@ -880,6 +1027,10 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
880 { 1027 {
881 switch(cmd) 1028 switch(cmd)
882 { 1029 {
1030 case SSL_CTRL_SET_MSG_CALLBACK:
1031 ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1032 return 1;
1033
883 default: 1034 default:
884 return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); 1035 return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
885 } 1036 }
@@ -1018,6 +1169,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
1018 int i,j=0; 1169 int i,j=0;
1019 SSL_CIPHER *c; 1170 SSL_CIPHER *c;
1020 unsigned char *q; 1171 unsigned char *q;
1172#ifndef OPENSSL_NO_KRB5
1173 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
1174#endif /* OPENSSL_NO_KRB5 */
1021 1175
1022 if (sk == NULL) return(0); 1176 if (sk == NULL) return(0);
1023 q=p; 1177 q=p;
@@ -1025,6 +1179,10 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
1025 for (i=0; i<sk_SSL_CIPHER_num(sk); i++) 1179 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1026 { 1180 {
1027 c=sk_SSL_CIPHER_value(sk,i); 1181 c=sk_SSL_CIPHER_value(sk,i);
1182#ifndef OPENSSL_NO_KRB5
1183 if ((c->algorithms & SSL_KRB5) && nokrb5)
1184 continue;
1185#endif /* OPENSSL_NO_KRB5 */
1028 j=ssl_put_cipher_by_char(s,c,p); 1186 j=ssl_put_cipher_by_char(s,c,p);
1029 p+=j; 1187 p+=j;
1030 } 1188 }
@@ -1087,6 +1245,11 @@ unsigned long SSL_SESSION_hash(SSL_SESSION *a)
1087 return(l); 1245 return(l);
1088 } 1246 }
1089 1247
1248/* NB: If this function (or indeed the hash function which uses a sort of
1249 * coarser function than this one) is changed, ensure
1250 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1251 * able to construct an SSL_SESSION that will collide with any existing session
1252 * with a matching session ID. */
1090int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b) 1253int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b)
1091 { 1254 {
1092 if (a->ssl_version != b->ssl_version) 1255 if (a->ssl_version != b->ssl_version)
@@ -1096,6 +1259,13 @@ int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b)
1096 return(memcmp(a->session_id,b->session_id,a->session_id_length)); 1259 return(memcmp(a->session_id,b->session_id,a->session_id_length));
1097 } 1260 }
1098 1261
1262/* These wrapper functions should remain rather than redeclaring
1263 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1264 * variable. The reason is that the functions aren't static, they're exposed via
1265 * ssl.h. */
1266static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *)
1267static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *)
1268
1099SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) 1269SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
1100 { 1270 {
1101 SSL_CTX *ret=NULL; 1271 SSL_CTX *ret=NULL;
@@ -1128,9 +1298,10 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
1128 /* We take the system default */ 1298 /* We take the system default */
1129 ret->session_timeout=meth->get_timeout(); 1299 ret->session_timeout=meth->get_timeout();
1130 1300
1131 ret->new_session_cb=NULL; 1301 ret->new_session_cb=0;
1132 ret->remove_session_cb=NULL; 1302 ret->remove_session_cb=0;
1133 ret->get_session_cb=NULL; 1303 ret->get_session_cb=0;
1304 ret->generate_session_id=0;
1134 1305
1135 memset((char *)&ret->stats,0,sizeof(ret->stats)); 1306 memset((char *)&ret->stats,0,sizeof(ret->stats));
1136 1307
@@ -1145,21 +1316,26 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
1145 1316
1146 ret->info_callback=NULL; 1317 ret->info_callback=NULL;
1147 1318
1148 ret->app_verify_callback=NULL; 1319 ret->app_verify_callback=0;
1149 ret->app_verify_arg=NULL; 1320 ret->app_verify_arg=NULL;
1150 1321
1322 ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
1151 ret->read_ahead=0; 1323 ret->read_ahead=0;
1324 ret->msg_callback=0;
1325 ret->msg_callback_arg=NULL;
1152 ret->verify_mode=SSL_VERIFY_NONE; 1326 ret->verify_mode=SSL_VERIFY_NONE;
1153 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ 1327 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
1328 ret->sid_ctx_length=0;
1154 ret->default_verify_callback=NULL; 1329 ret->default_verify_callback=NULL;
1155 if ((ret->cert=ssl_cert_new()) == NULL) 1330 if ((ret->cert=ssl_cert_new()) == NULL)
1156 goto err; 1331 goto err;
1157 1332
1158 ret->default_passwd_callback=NULL; 1333 ret->default_passwd_callback=0;
1159 ret->default_passwd_callback_userdata=NULL; 1334 ret->default_passwd_callback_userdata=NULL;
1160 ret->client_cert_cb=NULL; 1335 ret->client_cert_cb=0;
1161 1336
1162 ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp); 1337 ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
1338 LHASH_COMP_FN(SSL_SESSION_cmp));
1163 if (ret->sessions == NULL) goto err; 1339 if (ret->sessions == NULL) goto err;
1164 ret->cert_store=X509_STORE_new(); 1340 ret->cert_store=X509_STORE_new();
1165 if (ret->cert_store == NULL) goto err; 1341 if (ret->cert_store == NULL) goto err;
@@ -1193,7 +1369,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
1193 if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) 1369 if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
1194 goto err; 1370 goto err;
1195 1371
1196 CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data); 1372 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1197 1373
1198 ret->extra_certs=NULL; 1374 ret->extra_certs=NULL;
1199 ret->comp_methods=SSL_COMP_get_compression_methods(); 1375 ret->comp_methods=SSL_COMP_get_compression_methods();
@@ -1206,8 +1382,10 @@ err2:
1206 return(NULL); 1382 return(NULL);
1207 } 1383 }
1208 1384
1385#if 0
1209static void SSL_COMP_free(SSL_COMP *comp) 1386static void SSL_COMP_free(SSL_COMP *comp)
1210 { OPENSSL_free(comp); } 1387 { OPENSSL_free(comp); }
1388#endif
1211 1389
1212void SSL_CTX_free(SSL_CTX *a) 1390void SSL_CTX_free(SSL_CTX *a)
1213 { 1391 {
@@ -1227,7 +1405,7 @@ void SSL_CTX_free(SSL_CTX *a)
1227 abort(); /* ok */ 1405 abort(); /* ok */
1228 } 1406 }
1229#endif 1407#endif
1230 CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data); 1408 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1231 1409
1232 if (a->sessions != NULL) 1410 if (a->sessions != NULL)
1233 { 1411 {
@@ -1246,8 +1424,12 @@ void SSL_CTX_free(SSL_CTX *a)
1246 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); 1424 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
1247 if (a->extra_certs != NULL) 1425 if (a->extra_certs != NULL)
1248 sk_X509_pop_free(a->extra_certs,X509_free); 1426 sk_X509_pop_free(a->extra_certs,X509_free);
1427#if 0 /* This should never be done, since it removes a global database */
1249 if (a->comp_methods != NULL) 1428 if (a->comp_methods != NULL)
1250 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); 1429 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
1430#else
1431 a->comp_methods = NULL;
1432#endif
1251 OPENSSL_free(a); 1433 OPENSSL_free(a);
1252 } 1434 }
1253 1435
@@ -1261,23 +1443,16 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
1261 ctx->default_passwd_callback_userdata=u; 1443 ctx->default_passwd_callback_userdata=u;
1262 } 1444 }
1263 1445
1264void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg) 1446void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
1265 { 1447 {
1266 /* now
1267 * int (*cb)(X509_STORE_CTX *),
1268 * but should be
1269 * int (*cb)(X509_STORE_CTX *, void *arg)
1270 */
1271 ctx->app_verify_callback=cb; 1448 ctx->app_verify_callback=cb;
1272 ctx->app_verify_arg=arg; /* never used */ 1449 ctx->app_verify_arg=arg;
1273 } 1450 }
1274 1451
1275void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) 1452void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
1276 { 1453 {
1277 ctx->verify_mode=mode; 1454 ctx->verify_mode=mode;
1278 ctx->default_verify_callback=cb; 1455 ctx->default_verify_callback=cb;
1279 /* This needs cleaning up EAY EAY EAY */
1280 X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
1281 } 1456 }
1282 1457
1283void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) 1458void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
@@ -1297,14 +1472,14 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
1297 1472
1298 kl=SSL_C_EXPORT_PKEYLENGTH(cipher); 1473 kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1299 1474
1300#ifndef NO_RSA 1475#ifndef OPENSSL_NO_RSA
1301 rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); 1476 rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
1302 rsa_tmp_export=(c->rsa_tmp_cb != NULL || 1477 rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
1303 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); 1478 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
1304#else 1479#else
1305 rsa_tmp=rsa_tmp_export=0; 1480 rsa_tmp=rsa_tmp_export=0;
1306#endif 1481#endif
1307#ifndef NO_DH 1482#ifndef OPENSSL_NO_DH
1308 dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); 1483 dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
1309 dh_tmp_export=(c->dh_tmp_cb != NULL || 1484 dh_tmp_export=(c->dh_tmp_cb != NULL ||
1310 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); 1485 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
@@ -1378,6 +1553,11 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
1378 mask|=SSL_aNULL; 1553 mask|=SSL_aNULL;
1379 emask|=SSL_aNULL; 1554 emask|=SSL_aNULL;
1380 1555
1556#ifndef OPENSSL_NO_KRB5
1557 mask|=SSL_kKRB5|SSL_aKRB5;
1558 emask|=SSL_kKRB5|SSL_aKRB5;
1559#endif
1560
1381 c->mask=mask; 1561 c->mask=mask;
1382 c->export_mask=emask; 1562 c->export_mask=emask;
1383 c->valid=1; 1563 c->valid=1;
@@ -1410,9 +1590,14 @@ X509 *ssl_get_server_send_cert(SSL *s)
1410 else 1590 else
1411 i=SSL_PKEY_RSA_ENC; 1591 i=SSL_PKEY_RSA_ENC;
1412 } 1592 }
1593 else if (kalg & SSL_aKRB5)
1594 {
1595 /* VRS something else here? */
1596 return(NULL);
1597 }
1413 else /* if (kalg & SSL_aNULL) */ 1598 else /* if (kalg & SSL_aNULL) */
1414 { 1599 {
1415 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR); 1600 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
1416 return(NULL); 1601 return(NULL);
1417 } 1602 }
1418 if (c->pkeys[i].x509 == NULL) return(NULL); 1603 if (c->pkeys[i].x509 == NULL) return(NULL);
@@ -1441,7 +1626,7 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
1441 } 1626 }
1442 else /* if (alg & SSL_aNULL) */ 1627 else /* if (alg & SSL_aNULL) */
1443 { 1628 {
1444 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR); 1629 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
1445 return(NULL); 1630 return(NULL);
1446 } 1631 }
1447 } 1632 }
@@ -1454,9 +1639,10 @@ void ssl_update_cache(SSL *s,int mode)
1454 * and it would be rather hard to do anyway :-) */ 1639 * and it would be rather hard to do anyway :-) */
1455 if (s->session->session_id_length == 0) return; 1640 if (s->session->session_id_length == 0) return;
1456 1641
1457 if ((s->ctx->session_cache_mode & mode) 1642 i=s->ctx->session_cache_mode;
1458 && (!s->hit) 1643 if ((i & mode) && (!s->hit)
1459 && SSL_CTX_add_session(s->ctx,s->session) 1644 && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
1645 || SSL_CTX_add_session(s->ctx,s->session))
1460 && (s->ctx->new_session_cb != NULL)) 1646 && (s->ctx->new_session_cb != NULL))
1461 { 1647 {
1462 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); 1648 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
@@ -1465,7 +1651,6 @@ void ssl_update_cache(SSL *s,int mode)
1465 } 1651 }
1466 1652
1467 /* auto flush every 255 connections */ 1653 /* auto flush every 255 connections */
1468 i=s->ctx->session_cache_mode;
1469 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && 1654 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
1470 ((i & mode) == mode)) 1655 ((i & mode) == mode))
1471 { 1656 {
@@ -1549,6 +1734,8 @@ int SSL_get_error(SSL *s,int i)
1549 reason=BIO_get_retry_reason(bio); 1734 reason=BIO_get_retry_reason(bio);
1550 if (reason == BIO_RR_CONNECT) 1735 if (reason == BIO_RR_CONNECT)
1551 return(SSL_ERROR_WANT_CONNECT); 1736 return(SSL_ERROR_WANT_CONNECT);
1737 else if (reason == BIO_RR_ACCEPT)
1738 return(SSL_ERROR_WANT_ACCEPT);
1552 else 1739 else
1553 return(SSL_ERROR_SYSCALL); /* unknown */ 1740 return(SSL_ERROR_SYSCALL); /* unknown */
1554 } 1741 }
@@ -1567,6 +1754,8 @@ int SSL_get_error(SSL *s,int i)
1567 reason=BIO_get_retry_reason(bio); 1754 reason=BIO_get_retry_reason(bio);
1568 if (reason == BIO_RR_CONNECT) 1755 if (reason == BIO_RR_CONNECT)
1569 return(SSL_ERROR_WANT_CONNECT); 1756 return(SSL_ERROR_WANT_CONNECT);
1757 else if (reason == BIO_RR_ACCEPT)
1758 return(SSL_ERROR_WANT_ACCEPT);
1570 else 1759 else
1571 return(SSL_ERROR_SYSCALL); 1760 return(SSL_ERROR_SYSCALL);
1572 } 1761 }
@@ -1667,7 +1856,11 @@ SSL *SSL_dup(SSL *s)
1667 1856
1668 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) 1857 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
1669 return(NULL); 1858 return(NULL);
1670 1859
1860 ret->version = s->version;
1861 ret->type = s->type;
1862 ret->method = s->method;
1863
1671 if (s->session != NULL) 1864 if (s->session != NULL)
1672 { 1865 {
1673 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ 1866 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
@@ -1698,18 +1891,23 @@ SSL *SSL_dup(SSL *s)
1698 s->sid_ctx, s->sid_ctx_length); 1891 s->sid_ctx, s->sid_ctx_length);
1699 } 1892 }
1700 1893
1894 ret->options=s->options;
1895 ret->mode=s->mode;
1896 SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
1701 SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); 1897 SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
1898 ret->msg_callback = s->msg_callback;
1899 ret->msg_callback_arg = s->msg_callback_arg;
1702 SSL_set_verify(ret,SSL_get_verify_mode(s), 1900 SSL_set_verify(ret,SSL_get_verify_mode(s),
1703 SSL_get_verify_callback(s)); 1901 SSL_get_verify_callback(s));
1704 SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); 1902 SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
1903 ret->generate_session_id = s->generate_session_id;
1705 1904
1706 SSL_set_info_callback(ret,SSL_get_info_callback(s)); 1905 SSL_set_info_callback(ret,SSL_get_info_callback(s));
1707 1906
1708 ret->debug=s->debug; 1907 ret->debug=s->debug;
1709 ret->options=s->options;
1710 1908
1711 /* copy app data, a little dangerous perhaps */ 1909 /* copy app data, a little dangerous perhaps */
1712 if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data)) 1910 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
1713 goto err; 1911 goto err;
1714 1912
1715 /* setup rbio, and wbio */ 1913 /* setup rbio, and wbio */
@@ -1728,6 +1926,19 @@ SSL *SSL_dup(SSL *s)
1728 else 1926 else
1729 ret->wbio=ret->rbio; 1927 ret->wbio=ret->rbio;
1730 } 1928 }
1929 ret->rwstate = s->rwstate;
1930 ret->in_handshake = s->in_handshake;
1931 ret->handshake_func = s->handshake_func;
1932 ret->server = s->server;
1933 ret->new_session = s->new_session;
1934 ret->quiet_shutdown = s->quiet_shutdown;
1935 ret->shutdown=s->shutdown;
1936 ret->state=s->state; /* SSL_dup does not really work at any state, though */
1937 ret->rstate=s->rstate;
1938 ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
1939 ret->hit=s->hit;
1940 ret->purpose=s->purpose;
1941 ret->trust=s->trust;
1731 1942
1732 /* dup the cipher_list and cipher_list_by_id stacks */ 1943 /* dup the cipher_list and cipher_list_by_id stacks */
1733 if (s->cipher_list != NULL) 1944 if (s->cipher_list != NULL)
@@ -1756,11 +1967,6 @@ SSL *SSL_dup(SSL *s)
1756 } 1967 }
1757 } 1968 }
1758 1969
1759 ret->shutdown=s->shutdown;
1760 ret->state=s->state;
1761 ret->handshake_func=s->handshake_func;
1762 ret->server=s->server;
1763
1764 if (0) 1970 if (0)
1765 { 1971 {
1766err: 1972err:
@@ -1913,7 +2119,7 @@ SSL_CTX *SSL_get_SSL_CTX(SSL *ssl)
1913 return(ssl->ctx); 2119 return(ssl->ctx);
1914 } 2120 }
1915 2121
1916#ifndef NO_STDIO 2122#ifndef OPENSSL_NO_STDIO
1917int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 2123int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
1918 { 2124 {
1919 return(X509_STORE_set_default_paths(ctx->cert_store)); 2125 return(X509_STORE_set_default_paths(ctx->cert_store));
@@ -1926,14 +2132,15 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1926 } 2132 }
1927#endif 2133#endif
1928 2134
1929void SSL_set_info_callback(SSL *ssl,void (*cb)()) 2135void SSL_set_info_callback(SSL *ssl,
2136 void (*cb)(const SSL *ssl,int type,int val))
1930 { 2137 {
1931 ssl->info_callback=cb; 2138 ssl->info_callback=cb;
1932 } 2139 }
1933 2140
1934void (*SSL_get_info_callback(SSL *ssl))(void) 2141void (*SSL_get_info_callback(SSL *ssl))(const SSL *ssl,int type,int val)
1935 { 2142 {
1936 return((void (*)())ssl->info_callback); 2143 return ssl->info_callback;
1937 } 2144 }
1938 2145
1939int SSL_state(SSL *ssl) 2146int SSL_state(SSL *ssl)
@@ -1954,9 +2161,8 @@ long SSL_get_verify_result(SSL *ssl)
1954int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, 2161int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
1955 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) 2162 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
1956 { 2163 {
1957 ssl_meth_num++; 2164 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
1958 return(CRYPTO_get_ex_new_index(ssl_meth_num-1, 2165 new_func, dup_func, free_func);
1959 &ssl_meth,argl,argp,new_func,dup_func,free_func));
1960 } 2166 }
1961 2167
1962int SSL_set_ex_data(SSL *s,int idx,void *arg) 2168int SSL_set_ex_data(SSL *s,int idx,void *arg)
@@ -1972,9 +2178,8 @@ void *SSL_get_ex_data(SSL *s,int idx)
1972int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, 2178int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
1973 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) 2179 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
1974 { 2180 {
1975 ssl_ctx_meth_num++; 2181 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
1976 return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1, 2182 new_func, dup_func, free_func);
1977 &ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
1978 } 2183 }
1979 2184
1980int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) 2185int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
@@ -2015,7 +2220,7 @@ int SSL_want(SSL *s)
2015 * \param cb the callback 2220 * \param cb the callback
2016 */ 2221 */
2017 2222
2018#ifndef NO_RSA 2223#ifndef OPENSSL_NO_RSA
2019void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, 2224void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
2020 int is_export, 2225 int is_export,
2021 int keylength)) 2226 int keylength))
@@ -2052,21 +2257,33 @@ RSA *cb(SSL *ssl,int is_export,int keylength)
2052 * \param dh the callback 2257 * \param dh the callback
2053 */ 2258 */
2054 2259
2055#ifndef NO_DH 2260#ifndef OPENSSL_NO_DH
2056void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, 2261void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
2057 int keylength)) 2262 int keylength))
2058 { 2263 {
2059 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); 2264 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
2060 } 2265 }
2061 2266
2062void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, 2267void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
2063 int keylength)) 2268 int keylength))
2064 { 2269 {
2065 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); 2270 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
2066 } 2271 }
2067#endif 2272#endif
2068 2273
2069#if defined(_WINDLL) && defined(WIN16) 2274
2275void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
2276 {
2277 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
2278 }
2279void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
2280 {
2281 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
2282 }
2283
2284
2285
2286#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
2070#include "../crypto/bio/bss_file.c" 2287#include "../crypto/bio/bss_file.c"
2071#endif 2288#endif
2072 2289
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 11:35:46 +0000