1280297Sjkim/* 2280297Sjkim * ! \file ssl/ssl_lib.c \brief Version independent SSL functions. 355714Skris */ 455714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 555714Skris * All rights reserved. 655714Skris * 755714Skris * This package is an SSL implementation written 855714Skris * by Eric Young (eay@cryptsoft.com). 955714Skris * The implementation was written so as to conform with Netscapes SSL. 10280297Sjkim * 1155714Skris * This library is free for commercial and non-commercial use as long as 1255714Skris * the following conditions are aheared to. The following conditions 1355714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1455714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1555714Skris * included with this distribution is covered by the same copyright terms 1655714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 17280297Sjkim * 1855714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1955714Skris * the code are not to be removed. 2055714Skris * If this package is used in a product, Eric Young should be given attribution 2155714Skris * as the author of the parts of the library used. 2255714Skris * This can be in the form of a textual message at program startup or 2355714Skris * in documentation (online or textual) provided with the package. 24280297Sjkim * 2555714Skris * Redistribution and use in source and binary forms, with or without 2655714Skris * modification, are permitted provided that the following conditions 2755714Skris * are met: 2855714Skris * 1. Redistributions of source code must retain the copyright 2955714Skris * notice, this list of conditions and the following disclaimer. 3055714Skris * 2. Redistributions in binary form must reproduce the above copyright 3155714Skris * notice, this list of conditions and the following disclaimer in the 3255714Skris * documentation and/or other materials provided with the distribution. 3355714Skris * 3. All advertising materials mentioning features or use of this software 3455714Skris * must display the following acknowledgement: 3555714Skris * "This product includes cryptographic software written by 3655714Skris * Eric Young (eay@cryptsoft.com)" 3755714Skris * The word 'cryptographic' can be left out if the rouines from the library 3855714Skris * being used are not cryptographic related :-). 39280297Sjkim * 4. If you include any Windows specific code (or a derivative thereof) from 4055714Skris * the apps directory (application code) you must include an acknowledgement: 4155714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 42280297Sjkim * 4355714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4455714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4555714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4655714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4755714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4855714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4955714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 5055714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 5155714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5255714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5355714Skris * SUCH DAMAGE. 54280297Sjkim * 5555714Skris * The licence and distribution terms for any publically available version or 5655714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5755714Skris * copied and put under another distribution licence 5855714Skris * [including the GNU Public Licence.] 5955714Skris */ 60109998Smarkm/* ==================================================================== 61337982Sjkim * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. 62109998Smarkm * 63109998Smarkm * Redistribution and use in source and binary forms, with or without 64109998Smarkm * modification, are permitted provided that the following conditions 65109998Smarkm * are met: 66109998Smarkm * 67109998Smarkm * 1. Redistributions of source code must retain the above copyright 68280297Sjkim * notice, this list of conditions and the following disclaimer. 69109998Smarkm * 70109998Smarkm * 2. Redistributions in binary form must reproduce the above copyright 71109998Smarkm * notice, this list of conditions and the following disclaimer in 72109998Smarkm * the documentation and/or other materials provided with the 73109998Smarkm * distribution. 74109998Smarkm * 75109998Smarkm * 3. All advertising materials mentioning features or use of this 76109998Smarkm * software must display the following acknowledgment: 77109998Smarkm * "This product includes software developed by the OpenSSL Project 78109998Smarkm * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 79109998Smarkm * 80109998Smarkm * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 81109998Smarkm * endorse or promote products derived from this software without 82109998Smarkm * prior written permission. For written permission, please contact 83109998Smarkm * openssl-core@openssl.org. 84109998Smarkm * 85109998Smarkm * 5. Products derived from this software may not be called "OpenSSL" 86109998Smarkm * nor may "OpenSSL" appear in their names without prior written 87109998Smarkm * permission of the OpenSSL Project. 88109998Smarkm * 89109998Smarkm * 6. Redistributions of any form whatsoever must retain the following 90109998Smarkm * acknowledgment: 91109998Smarkm * "This product includes software developed by the OpenSSL Project 92109998Smarkm * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 93109998Smarkm * 94109998Smarkm * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 95109998Smarkm * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96109998Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 97109998Smarkm * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 98109998Smarkm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 99109998Smarkm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 100109998Smarkm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 101109998Smarkm * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 102109998Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 103109998Smarkm * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 104109998Smarkm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 105109998Smarkm * OF THE POSSIBILITY OF SUCH DAMAGE. 106109998Smarkm * ==================================================================== 107109998Smarkm * 108109998Smarkm * This product includes cryptographic software written by Eric Young 109109998Smarkm * (eay@cryptsoft.com). This product includes software written by Tim 110109998Smarkm * Hudson (tjh@cryptsoft.com). 111109998Smarkm * 112109998Smarkm */ 113160814Ssimon/* ==================================================================== 114160814Ssimon * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 115280297Sjkim * ECC cipher suite support in OpenSSL originally developed by 116160814Ssimon * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 117160814Ssimon */ 118238405Sjkim/* ==================================================================== 119238405Sjkim * Copyright 2005 Nokia. All rights reserved. 120238405Sjkim * 121238405Sjkim * The portions of the attached software ("Contribution") is developed by 122238405Sjkim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 123238405Sjkim * license. 124238405Sjkim * 125238405Sjkim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 126238405Sjkim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 127238405Sjkim * support (see RFC 4279) to OpenSSL. 128238405Sjkim * 129238405Sjkim * No patent licenses or other rights except those expressly stated in 130238405Sjkim * the OpenSSL open source license shall be deemed granted or received 131238405Sjkim * expressly, by implication, estoppel, or otherwise. 132238405Sjkim * 133238405Sjkim * No assurances are provided by Nokia that the Contribution does not 134238405Sjkim * infringe the patent or other intellectual property rights of any third 135238405Sjkim * party or that the license provides you with all the necessary rights 136238405Sjkim * to make use of the Contribution. 137238405Sjkim * 138238405Sjkim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 139238405Sjkim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 140238405Sjkim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 141238405Sjkim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 142238405Sjkim * OTHERWISE. 143238405Sjkim */ 14455714Skris 145109998Smarkm#ifdef REF_CHECK 146280297Sjkim# include <assert.h> 147109998Smarkm#endif 14855714Skris#include <stdio.h> 149109998Smarkm#include "ssl_locl.h" 150109998Smarkm#include "kssl_lcl.h" 15155714Skris#include <openssl/objects.h> 15255714Skris#include <openssl/lhash.h> 15359191Skris#include <openssl/x509v3.h> 154194206Ssimon#include <openssl/rand.h> 155194206Ssimon#include <openssl/ocsp.h> 156160814Ssimon#ifndef OPENSSL_NO_DH 157280297Sjkim# include <openssl/dh.h> 158160814Ssimon#endif 159194206Ssimon#ifndef OPENSSL_NO_ENGINE 160280297Sjkim# include <openssl/engine.h> 161194206Ssimon#endif 16255714Skris 163280297Sjkimconst char *SSL_version_str = OPENSSL_VERSION_TEXT; 16455714Skris 165280297SjkimSSL3_ENC_METHOD ssl3_undef_enc_method = { 166280297Sjkim /* 167280297Sjkim * evil casts, but these functions are only called if there's a library 168280297Sjkim * bug 169280297Sjkim */ 170280297Sjkim (int (*)(SSL *, int))ssl_undefined_function, 171280297Sjkim (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, 172280297Sjkim ssl_undefined_function, 173280297Sjkim (int (*)(SSL *, unsigned char *, unsigned char *, int)) 174280297Sjkim ssl_undefined_function, 175280297Sjkim (int (*)(SSL *, int))ssl_undefined_function, 176280297Sjkim (int (*)(SSL *, const char *, int, unsigned char *)) 177280297Sjkim ssl_undefined_function, 178280297Sjkim 0, /* finish_mac_length */ 179280297Sjkim (int (*)(SSL *, int, unsigned char *))ssl_undefined_function, 180280297Sjkim NULL, /* client_finished_label */ 181280297Sjkim 0, /* client_finished_label_len */ 182280297Sjkim NULL, /* server_finished_label */ 183280297Sjkim 0, /* server_finished_label_len */ 184280297Sjkim (int (*)(int))ssl_undefined_function, 185280297Sjkim (int (*)(SSL *, unsigned char *, size_t, const char *, 186280297Sjkim size_t, const unsigned char *, size_t, 187280297Sjkim int use_context))ssl_undefined_function, 188280297Sjkim}; 18955714Skris 19055714Skrisint SSL_clear(SSL *s) 191280297Sjkim{ 19255714Skris 193280297Sjkim if (s->method == NULL) { 194280297Sjkim SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); 195280297Sjkim return (0); 196280297Sjkim } 19755714Skris 198280297Sjkim if (ssl_clear_bad_session(s)) { 199280297Sjkim SSL_SESSION_free(s->session); 200280297Sjkim s->session = NULL; 201280297Sjkim } 202100928Snectar 203280297Sjkim s->error = 0; 204280297Sjkim s->hit = 0; 205280297Sjkim s->shutdown = 0; 20655714Skris 207280297Sjkim#if 0 208280297Sjkim /* 209280297Sjkim * Disabled since version 1.10 of this file (early return not 210280297Sjkim * needed because SSL_clear is not called when doing renegotiation) 211280297Sjkim */ 212280297Sjkim /* 213280297Sjkim * This is set if we are doing dynamic renegotiation so keep 214280297Sjkim * the old cipher. It is sort of a SSL_clear_lite :-) 215280297Sjkim */ 216280297Sjkim if (s->renegotiate) 217280297Sjkim return (1); 21859191Skris#else 219280297Sjkim if (s->renegotiate) { 220280297Sjkim SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); 221280297Sjkim return 0; 222280297Sjkim } 22355714Skris#endif 22455714Skris 225280297Sjkim s->type = 0; 22655714Skris 227280297Sjkim s->state = SSL_ST_BEFORE | ((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); 22855714Skris 229280297Sjkim s->version = s->method->version; 230280297Sjkim s->client_version = s->version; 231280297Sjkim s->rwstate = SSL_NOTHING; 232280297Sjkim s->rstate = SSL_ST_READ_HEADER; 23372613Skris#if 0 234280297Sjkim s->read_ahead = s->ctx->read_ahead; 23572613Skris#endif 23655714Skris 237280297Sjkim if (s->init_buf != NULL) { 238280297Sjkim BUF_MEM_free(s->init_buf); 239280297Sjkim s->init_buf = NULL; 240280297Sjkim } 24155714Skris 242280297Sjkim ssl_clear_cipher_ctx(s); 243280297Sjkim ssl_clear_hash_ctx(&s->read_hash); 244280297Sjkim ssl_clear_hash_ctx(&s->write_hash); 24555714Skris 246280297Sjkim s->first_packet = 0; 247298998Sjkim#ifndef OPENSSL_NO_TLSEXT 248298998Sjkim if (s->cert != NULL) { 249298998Sjkim if (s->cert->alpn_proposed) { 250298998Sjkim OPENSSL_free(s->cert->alpn_proposed); 251298998Sjkim s->cert->alpn_proposed = NULL; 252298998Sjkim } 253298998Sjkim s->cert->alpn_proposed_len = 0; 254298998Sjkim s->cert->alpn_sent = 0; 255298998Sjkim } 256298998Sjkim#endif 25755714Skris#if 1 258280297Sjkim /* 259280297Sjkim * Check to see if we were changed into a different method, if so, revert 260280297Sjkim * back if we are not doing session-id reuse. 261280297Sjkim */ 262280297Sjkim if (!s->in_handshake && (s->session == NULL) 263280297Sjkim && (s->method != s->ctx->method)) { 264280297Sjkim s->method->ssl_free(s); 265280297Sjkim s->method = s->ctx->method; 266280297Sjkim if (!s->method->ssl_new(s)) 267280297Sjkim return (0); 268280297Sjkim } else 26955714Skris#endif 270280297Sjkim s->method->ssl_clear(s); 271280297Sjkim return (1); 272280297Sjkim} 27355714Skris 27455714Skris/** Used to change an SSL_CTXs default SSL method type */ 275280297Sjkimint SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) 276280297Sjkim{ 277280297Sjkim STACK_OF(SSL_CIPHER) *sk; 27855714Skris 279280297Sjkim ctx->method = meth; 28055714Skris 281280297Sjkim sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), 282280297Sjkim &(ctx->cipher_list_by_id), 283280297Sjkim meth->version == 284280297Sjkim SSL2_VERSION ? "SSLv2" : 285290207Sjkim SSL_DEFAULT_CIPHER_LIST, ctx->cert); 286280297Sjkim if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { 287280297Sjkim SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, 288280297Sjkim SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 289280297Sjkim return (0); 290280297Sjkim } 291280297Sjkim return (1); 292280297Sjkim} 29355714Skris 29455714SkrisSSL *SSL_new(SSL_CTX *ctx) 295280297Sjkim{ 296280297Sjkim SSL *s; 29755714Skris 298280297Sjkim if (ctx == NULL) { 299280297Sjkim SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); 300280297Sjkim return (NULL); 301280297Sjkim } 302280297Sjkim if (ctx->method == NULL) { 303280297Sjkim SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 304280297Sjkim return (NULL); 305280297Sjkim } 30655714Skris 307280297Sjkim s = (SSL *)OPENSSL_malloc(sizeof(SSL)); 308280297Sjkim if (s == NULL) 309280297Sjkim goto err; 310280297Sjkim memset(s, 0, sizeof(SSL)); 31155714Skris 312280297Sjkim#ifndef OPENSSL_NO_KRB5 313280297Sjkim s->kssl_ctx = kssl_ctx_new(); 314280297Sjkim#endif /* OPENSSL_NO_KRB5 */ 315109998Smarkm 316280297Sjkim s->options = ctx->options; 317280297Sjkim s->mode = ctx->mode; 318280297Sjkim s->max_cert_list = ctx->max_cert_list; 319291719Sjkim s->references = 1; 320109998Smarkm 321280297Sjkim if (ctx->cert != NULL) { 322280297Sjkim /* 323280297Sjkim * Earlier library versions used to copy the pointer to the CERT, not 324280297Sjkim * its contents; only when setting new parameters for the per-SSL 325280297Sjkim * copy, ssl_cert_new would be called (and the direct reference to 326280297Sjkim * the per-SSL_CTX settings would be lost, but those still were 327280297Sjkim * indirectly accessed for various purposes, and for that reason they 328280297Sjkim * used to be known as s->ctx->default_cert). Now we don't look at the 329280297Sjkim * SSL_CTX's CERT after having duplicated it once. 330280297Sjkim */ 33155714Skris 332280297Sjkim s->cert = ssl_cert_dup(ctx->cert); 333280297Sjkim if (s->cert == NULL) 334280297Sjkim goto err; 335280297Sjkim } else 336280297Sjkim s->cert = NULL; /* Cannot really happen (see SSL_CTX_new) */ 337109998Smarkm 338280297Sjkim s->read_ahead = ctx->read_ahead; 339280297Sjkim s->msg_callback = ctx->msg_callback; 340280297Sjkim s->msg_callback_arg = ctx->msg_callback_arg; 341280297Sjkim s->verify_mode = ctx->verify_mode; 342160814Ssimon#if 0 343280297Sjkim s->verify_depth = ctx->verify_depth; 344160814Ssimon#endif 345280297Sjkim s->sid_ctx_length = ctx->sid_ctx_length; 346331638Sjkim OPENSSL_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)); 347280297Sjkim memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); 348280297Sjkim s->verify_callback = ctx->default_verify_callback; 349280297Sjkim s->generate_session_id = ctx->generate_session_id; 350160814Ssimon 351280297Sjkim s->param = X509_VERIFY_PARAM_new(); 352280297Sjkim if (!s->param) 353280297Sjkim goto err; 354280297Sjkim X509_VERIFY_PARAM_inherit(s->param, ctx->param); 355160814Ssimon#if 0 356280297Sjkim s->purpose = ctx->purpose; 357280297Sjkim s->trust = ctx->trust; 358160814Ssimon#endif 359280297Sjkim s->quiet_shutdown = ctx->quiet_shutdown; 360280297Sjkim s->max_send_fragment = ctx->max_send_fragment; 361109998Smarkm 362280297Sjkim CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 363280297Sjkim s->ctx = ctx; 364194206Ssimon#ifndef OPENSSL_NO_TLSEXT 365280297Sjkim s->tlsext_debug_cb = 0; 366280297Sjkim s->tlsext_debug_arg = NULL; 367280297Sjkim s->tlsext_ticket_expected = 0; 368280297Sjkim s->tlsext_status_type = -1; 369280297Sjkim s->tlsext_status_expected = 0; 370280297Sjkim s->tlsext_ocsp_ids = NULL; 371280297Sjkim s->tlsext_ocsp_exts = NULL; 372280297Sjkim s->tlsext_ocsp_resp = NULL; 373280297Sjkim s->tlsext_ocsp_resplen = -1; 374280297Sjkim CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 375280297Sjkim s->initial_ctx = ctx; 376290207Sjkim# ifndef OPENSSL_NO_EC 377290207Sjkim if (ctx->tlsext_ecpointformatlist) { 378290207Sjkim s->tlsext_ecpointformatlist = 379290207Sjkim BUF_memdup(ctx->tlsext_ecpointformatlist, 380290207Sjkim ctx->tlsext_ecpointformatlist_length); 381290207Sjkim if (!s->tlsext_ecpointformatlist) 382290207Sjkim goto err; 383290207Sjkim s->tlsext_ecpointformatlist_length = 384290207Sjkim ctx->tlsext_ecpointformatlist_length; 385290207Sjkim } 386290207Sjkim if (ctx->tlsext_ellipticcurvelist) { 387290207Sjkim s->tlsext_ellipticcurvelist = 388290207Sjkim BUF_memdup(ctx->tlsext_ellipticcurvelist, 389290207Sjkim ctx->tlsext_ellipticcurvelist_length); 390290207Sjkim if (!s->tlsext_ellipticcurvelist) 391290207Sjkim goto err; 392290207Sjkim s->tlsext_ellipticcurvelist_length = 393290207Sjkim ctx->tlsext_ellipticcurvelist_length; 394290207Sjkim } 395290207Sjkim# endif 396238405Sjkim# ifndef OPENSSL_NO_NEXTPROTONEG 397280297Sjkim s->next_proto_negotiated = NULL; 398238405Sjkim# endif 399290207Sjkim 400290207Sjkim if (s->ctx->alpn_client_proto_list) { 401290207Sjkim s->alpn_client_proto_list = 402290207Sjkim OPENSSL_malloc(s->ctx->alpn_client_proto_list_len); 403290207Sjkim if (s->alpn_client_proto_list == NULL) 404290207Sjkim goto err; 405290207Sjkim memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list, 406290207Sjkim s->ctx->alpn_client_proto_list_len); 407290207Sjkim s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len; 408290207Sjkim } 409194206Ssimon#endif 410238405Sjkim 411280297Sjkim s->verify_result = X509_V_OK; 41255714Skris 413280297Sjkim s->method = ctx->method; 41455714Skris 415280297Sjkim if (!s->method->ssl_new(s)) 416280297Sjkim goto err; 41755714Skris 418280297Sjkim s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; 419109998Smarkm 420280297Sjkim SSL_clear(s); 42155714Skris 422280297Sjkim CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 42355714Skris 424238405Sjkim#ifndef OPENSSL_NO_PSK 425280297Sjkim s->psk_client_callback = ctx->psk_client_callback; 426280297Sjkim s->psk_server_callback = ctx->psk_server_callback; 427238405Sjkim#endif 428238405Sjkim 429280297Sjkim return (s); 430280297Sjkim err: 431280297Sjkim if (s != NULL) 432280297Sjkim SSL_free(s); 433280297Sjkim SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); 434280297Sjkim return (NULL); 435280297Sjkim} 43655714Skris 437280297Sjkimint SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, 438280297Sjkim unsigned int sid_ctx_len) 439280297Sjkim{ 440331638Sjkim if (sid_ctx_len > sizeof(ctx->sid_ctx)) { 441280297Sjkim SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, 442280297Sjkim SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 443280297Sjkim return 0; 444280297Sjkim } 445280297Sjkim ctx->sid_ctx_length = sid_ctx_len; 446280297Sjkim memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); 44755714Skris 44855714Skris return 1; 449280297Sjkim} 450280297Sjkim 451280297Sjkimint SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, 452280297Sjkim unsigned int sid_ctx_len) 453280297Sjkim{ 454280297Sjkim if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 455280297Sjkim SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, 456280297Sjkim SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 457280297Sjkim return 0; 45855714Skris } 459280297Sjkim ssl->sid_ctx_length = sid_ctx_len; 460280297Sjkim memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); 46155714Skris 46255714Skris return 1; 463280297Sjkim} 46455714Skris 465109998Smarkmint SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) 466280297Sjkim{ 467280297Sjkim CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 468280297Sjkim ctx->generate_session_id = cb; 469280297Sjkim CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 470280297Sjkim return 1; 471280297Sjkim} 472109998Smarkm 473109998Smarkmint SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) 474280297Sjkim{ 475280297Sjkim CRYPTO_w_lock(CRYPTO_LOCK_SSL); 476280297Sjkim ssl->generate_session_id = cb; 477280297Sjkim CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 478280297Sjkim return 1; 479280297Sjkim} 48059191Skris 481109998Smarkmint SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 482280297Sjkim unsigned int id_len) 483280297Sjkim{ 484280297Sjkim /* 485280297Sjkim * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how 486280297Sjkim * we can "construct" a session to give us the desired check - ie. to 487280297Sjkim * find if there's a session in the hash table that would conflict with 488280297Sjkim * any new session built out of this id/id_len and the ssl_version in use 489280297Sjkim * by this SSL. 490280297Sjkim */ 491280297Sjkim SSL_SESSION r, *p; 492109998Smarkm 493331638Sjkim if (id_len > sizeof(r.session_id)) 494280297Sjkim return 0; 495109998Smarkm 496280297Sjkim r.ssl_version = ssl->version; 497280297Sjkim r.session_id_length = id_len; 498280297Sjkim memcpy(r.session_id, id, id_len); 499280297Sjkim /* 500280297Sjkim * NB: SSLv2 always uses a fixed 16-byte session ID, so even if a 501280297Sjkim * callback is calling us to check the uniqueness of a shorter ID, it 502280297Sjkim * must be compared as a padded-out ID because that is what it will be 503280297Sjkim * converted to when the callback has finished choosing it. 504280297Sjkim */ 505280297Sjkim if ((r.ssl_version == SSL2_VERSION) && 506280297Sjkim (id_len < SSL2_SSL_SESSION_ID_LENGTH)) { 507280297Sjkim memset(r.session_id + id_len, 0, SSL2_SSL_SESSION_ID_LENGTH - id_len); 508280297Sjkim r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; 509280297Sjkim } 510109998Smarkm 511280297Sjkim CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 512280297Sjkim p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); 513280297Sjkim CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 514280297Sjkim return (p != NULL); 515280297Sjkim} 516109998Smarkm 517109998Smarkmint SSL_CTX_set_purpose(SSL_CTX *s, int purpose) 518280297Sjkim{ 519280297Sjkim return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 520280297Sjkim} 521109998Smarkm 522109998Smarkmint SSL_set_purpose(SSL *s, int purpose) 523280297Sjkim{ 524280297Sjkim return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 525280297Sjkim} 526109998Smarkm 52759191Skrisint SSL_CTX_set_trust(SSL_CTX *s, int trust) 528280297Sjkim{ 529280297Sjkim return X509_VERIFY_PARAM_set_trust(s->param, trust); 530280297Sjkim} 53159191Skris 53259191Skrisint SSL_set_trust(SSL *s, int trust) 533280297Sjkim{ 534280297Sjkim return X509_VERIFY_PARAM_set_trust(s->param, trust); 535280297Sjkim} 53659191Skris 537238405Sjkimint SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) 538280297Sjkim{ 539280297Sjkim return X509_VERIFY_PARAM_set1(ctx->param, vpm); 540280297Sjkim} 541238405Sjkim 542238405Sjkimint SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) 543280297Sjkim{ 544280297Sjkim return X509_VERIFY_PARAM_set1(ssl->param, vpm); 545280297Sjkim} 546238405Sjkim 547290207SjkimX509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) 548290207Sjkim{ 549290207Sjkim return ctx->param; 550290207Sjkim} 551290207Sjkim 552290207SjkimX509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) 553290207Sjkim{ 554290207Sjkim return ssl->param; 555290207Sjkim} 556290207Sjkim 557290207Sjkimvoid SSL_certs_clear(SSL *s) 558290207Sjkim{ 559290207Sjkim ssl_cert_clear_certs(s->cert); 560290207Sjkim} 561290207Sjkim 56255714Skrisvoid SSL_free(SSL *s) 563280297Sjkim{ 564280297Sjkim int i; 56555714Skris 566280297Sjkim if (s == NULL) 567280297Sjkim return; 56855714Skris 569280297Sjkim i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); 57055714Skris#ifdef REF_PRINT 571280297Sjkim REF_PRINT("SSL", s); 57255714Skris#endif 573280297Sjkim if (i > 0) 574280297Sjkim return; 57555714Skris#ifdef REF_CHECK 576280297Sjkim if (i < 0) { 577280297Sjkim fprintf(stderr, "SSL_free, bad reference count\n"); 578280297Sjkim abort(); /* ok */ 579280297Sjkim } 58055714Skris#endif 58155714Skris 582280297Sjkim if (s->param) 583280297Sjkim X509_VERIFY_PARAM_free(s->param); 584160814Ssimon 585280297Sjkim CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 58655714Skris 587280297Sjkim if (s->bbio != NULL) { 588280297Sjkim /* If the buffering BIO is in place, pop it off */ 589280297Sjkim if (s->bbio == s->wbio) { 590280297Sjkim s->wbio = BIO_pop(s->wbio); 591280297Sjkim } 592280297Sjkim BIO_free(s->bbio); 593280297Sjkim s->bbio = NULL; 594280297Sjkim } 595280297Sjkim if (s->rbio != NULL) 596280297Sjkim BIO_free_all(s->rbio); 597280297Sjkim if ((s->wbio != NULL) && (s->wbio != s->rbio)) 598280297Sjkim BIO_free_all(s->wbio); 59955714Skris 600280297Sjkim if (s->init_buf != NULL) 601280297Sjkim BUF_MEM_free(s->init_buf); 60255714Skris 603280297Sjkim /* add extra stuff */ 604280297Sjkim if (s->cipher_list != NULL) 605280297Sjkim sk_SSL_CIPHER_free(s->cipher_list); 606280297Sjkim if (s->cipher_list_by_id != NULL) 607280297Sjkim sk_SSL_CIPHER_free(s->cipher_list_by_id); 60855714Skris 609280297Sjkim /* Make the next call work :-) */ 610280297Sjkim if (s->session != NULL) { 611280297Sjkim ssl_clear_bad_session(s); 612280297Sjkim SSL_SESSION_free(s->session); 613280297Sjkim } 61455714Skris 615280297Sjkim ssl_clear_cipher_ctx(s); 616280297Sjkim ssl_clear_hash_ctx(&s->read_hash); 617280297Sjkim ssl_clear_hash_ctx(&s->write_hash); 61855714Skris 619280297Sjkim if (s->cert != NULL) 620280297Sjkim ssl_cert_free(s->cert); 621280297Sjkim /* Free up if allocated */ 62255714Skris 623194206Ssimon#ifndef OPENSSL_NO_TLSEXT 624280297Sjkim if (s->tlsext_hostname) 625280297Sjkim OPENSSL_free(s->tlsext_hostname); 626280297Sjkim if (s->initial_ctx) 627280297Sjkim SSL_CTX_free(s->initial_ctx); 628280297Sjkim# ifndef OPENSSL_NO_EC 629280297Sjkim if (s->tlsext_ecpointformatlist) 630280297Sjkim OPENSSL_free(s->tlsext_ecpointformatlist); 631280297Sjkim if (s->tlsext_ellipticcurvelist) 632280297Sjkim OPENSSL_free(s->tlsext_ellipticcurvelist); 633280297Sjkim# endif /* OPENSSL_NO_EC */ 634280297Sjkim if (s->tlsext_opaque_prf_input) 635280297Sjkim OPENSSL_free(s->tlsext_opaque_prf_input); 636280297Sjkim if (s->tlsext_ocsp_exts) 637280297Sjkim sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); 638280297Sjkim if (s->tlsext_ocsp_ids) 639280297Sjkim sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 640280297Sjkim if (s->tlsext_ocsp_resp) 641280297Sjkim OPENSSL_free(s->tlsext_ocsp_resp); 642290207Sjkim if (s->alpn_client_proto_list) 643290207Sjkim OPENSSL_free(s->alpn_client_proto_list); 644194206Ssimon#endif 645238405Sjkim 646280297Sjkim if (s->client_CA != NULL) 647280297Sjkim sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); 64855714Skris 649280297Sjkim if (s->method != NULL) 650280297Sjkim s->method->ssl_free(s); 65155714Skris 652280297Sjkim if (s->ctx) 653280297Sjkim SSL_CTX_free(s->ctx); 654205128Ssimon 655280297Sjkim#ifndef OPENSSL_NO_KRB5 656280297Sjkim if (s->kssl_ctx != NULL) 657280297Sjkim kssl_ctx_free(s->kssl_ctx); 658280297Sjkim#endif /* OPENSSL_NO_KRB5 */ 659120631Snectar 660238405Sjkim#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 661280297Sjkim if (s->next_proto_negotiated) 662280297Sjkim OPENSSL_free(s->next_proto_negotiated); 663238405Sjkim#endif 664238405Sjkim 665246772Sjkim#ifndef OPENSSL_NO_SRTP 666280297Sjkim if (s->srtp_profiles) 667280297Sjkim sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); 668246772Sjkim#endif 669238405Sjkim 670280297Sjkim OPENSSL_free(s); 671280297Sjkim} 67255714Skris 673280297Sjkimvoid SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) 674280297Sjkim{ 675280297Sjkim /* 676280297Sjkim * If the output buffering BIO is still in place, remove it 677280297Sjkim */ 678280297Sjkim if (s->bbio != NULL) { 679280297Sjkim if (s->wbio == s->bbio) { 680280297Sjkim s->wbio = s->wbio->next_bio; 681280297Sjkim s->bbio->next_bio = NULL; 682280297Sjkim } 683280297Sjkim } 684280297Sjkim if ((s->rbio != NULL) && (s->rbio != rbio)) 685280297Sjkim BIO_free_all(s->rbio); 686280297Sjkim if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) 687280297Sjkim BIO_free_all(s->wbio); 688280297Sjkim s->rbio = rbio; 689280297Sjkim s->wbio = wbio; 690280297Sjkim} 69155714Skris 692160814SsimonBIO *SSL_get_rbio(const SSL *s) 693280297Sjkim{ 694280297Sjkim return (s->rbio); 695280297Sjkim} 69655714Skris 697160814SsimonBIO *SSL_get_wbio(const SSL *s) 698280297Sjkim{ 699280297Sjkim return (s->wbio); 700280297Sjkim} 70155714Skris 702160814Ssimonint SSL_get_fd(const SSL *s) 703280297Sjkim{ 704280297Sjkim return (SSL_get_rfd(s)); 705280297Sjkim} 70689837Skris 707160814Ssimonint SSL_get_rfd(const SSL *s) 708280297Sjkim{ 709280297Sjkim int ret = -1; 710280297Sjkim BIO *b, *r; 71155714Skris 712280297Sjkim b = SSL_get_rbio(s); 713280297Sjkim r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 714280297Sjkim if (r != NULL) 715280297Sjkim BIO_get_fd(r, &ret); 716280297Sjkim return (ret); 717280297Sjkim} 71855714Skris 719160814Ssimonint SSL_get_wfd(const SSL *s) 720280297Sjkim{ 721280297Sjkim int ret = -1; 722280297Sjkim BIO *b, *r; 72389837Skris 724280297Sjkim b = SSL_get_wbio(s); 725280297Sjkim r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 726280297Sjkim if (r != NULL) 727280297Sjkim BIO_get_fd(r, &ret); 728280297Sjkim return (ret); 729280297Sjkim} 73089837Skris 731109998Smarkm#ifndef OPENSSL_NO_SOCK 732280297Sjkimint SSL_set_fd(SSL *s, int fd) 733280297Sjkim{ 734280297Sjkim int ret = 0; 735280297Sjkim BIO *bio = NULL; 73655714Skris 737280297Sjkim bio = BIO_new(BIO_s_socket()); 73855714Skris 739280297Sjkim if (bio == NULL) { 740280297Sjkim SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); 741280297Sjkim goto err; 742280297Sjkim } 743280297Sjkim BIO_set_fd(bio, fd, BIO_NOCLOSE); 744280297Sjkim SSL_set_bio(s, bio, bio); 745280297Sjkim ret = 1; 746280297Sjkim err: 747280297Sjkim return (ret); 748280297Sjkim} 74955714Skris 750280297Sjkimint SSL_set_wfd(SSL *s, int fd) 751280297Sjkim{ 752280297Sjkim int ret = 0; 753280297Sjkim BIO *bio = NULL; 75455714Skris 755280297Sjkim if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) 756280297Sjkim || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { 757280297Sjkim bio = BIO_new(BIO_s_socket()); 75855714Skris 759280297Sjkim if (bio == NULL) { 760280297Sjkim SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); 761280297Sjkim goto err; 762280297Sjkim } 763280297Sjkim BIO_set_fd(bio, fd, BIO_NOCLOSE); 764280297Sjkim SSL_set_bio(s, SSL_get_rbio(s), bio); 765280297Sjkim } else 766280297Sjkim SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); 767280297Sjkim ret = 1; 768280297Sjkim err: 769280297Sjkim return (ret); 770280297Sjkim} 77155714Skris 772280297Sjkimint SSL_set_rfd(SSL *s, int fd) 773280297Sjkim{ 774280297Sjkim int ret = 0; 775280297Sjkim BIO *bio = NULL; 77655714Skris 777280297Sjkim if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) 778280297Sjkim || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { 779280297Sjkim bio = BIO_new(BIO_s_socket()); 78055714Skris 781280297Sjkim if (bio == NULL) { 782280297Sjkim SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); 783280297Sjkim goto err; 784280297Sjkim } 785280297Sjkim BIO_set_fd(bio, fd, BIO_NOCLOSE); 786280297Sjkim SSL_set_bio(s, bio, SSL_get_wbio(s)); 787280297Sjkim } else 788280297Sjkim SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); 789280297Sjkim ret = 1; 790280297Sjkim err: 791280297Sjkim return (ret); 792280297Sjkim} 79355714Skris#endif 79455714Skris 79559191Skris/* return length of latest Finished message we sent, copy to 'buf' */ 796160814Ssimonsize_t SSL_get_finished(const SSL *s, void *buf, size_t count) 797280297Sjkim{ 798280297Sjkim size_t ret = 0; 79959191Skris 800280297Sjkim if (s->s3 != NULL) { 801280297Sjkim ret = s->s3->tmp.finish_md_len; 802280297Sjkim if (count > ret) 803280297Sjkim count = ret; 804280297Sjkim memcpy(buf, s->s3->tmp.finish_md, count); 805280297Sjkim } 806280297Sjkim return ret; 807280297Sjkim} 808280297Sjkim 80959191Skris/* return length of latest Finished message we expected, copy to 'buf' */ 810160814Ssimonsize_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) 811280297Sjkim{ 812280297Sjkim size_t ret = 0; 81359191Skris 814280297Sjkim if (s->s3 != NULL) { 815280297Sjkim ret = s->s3->tmp.peer_finish_md_len; 816280297Sjkim if (count > ret) 817280297Sjkim count = ret; 818280297Sjkim memcpy(buf, s->s3->tmp.peer_finish_md, count); 819280297Sjkim } 820280297Sjkim return ret; 821280297Sjkim} 82259191Skris 823160814Ssimonint SSL_get_verify_mode(const SSL *s) 824280297Sjkim{ 825280297Sjkim return (s->verify_mode); 826280297Sjkim} 82755714Skris 828160814Ssimonint SSL_get_verify_depth(const SSL *s) 829280297Sjkim{ 830280297Sjkim return X509_VERIFY_PARAM_get_depth(s->param); 831280297Sjkim} 83255714Skris 833280297Sjkimint (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) { 834280297Sjkim return (s->verify_callback); 835280297Sjkim} 83655714Skris 837160814Ssimonint SSL_CTX_get_verify_mode(const SSL_CTX *ctx) 838280297Sjkim{ 839280297Sjkim return (ctx->verify_mode); 840280297Sjkim} 84155714Skris 842160814Ssimonint SSL_CTX_get_verify_depth(const SSL_CTX *ctx) 843280297Sjkim{ 844280297Sjkim return X509_VERIFY_PARAM_get_depth(ctx->param); 845280297Sjkim} 84655714Skris 847280297Sjkimint (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) { 848280297Sjkim return (ctx->default_verify_callback); 849280297Sjkim} 85055714Skris 851280297Sjkimvoid SSL_set_verify(SSL *s, int mode, 852280297Sjkim int (*callback) (int ok, X509_STORE_CTX *ctx)) 853280297Sjkim{ 854280297Sjkim s->verify_mode = mode; 855280297Sjkim if (callback != NULL) 856280297Sjkim s->verify_callback = callback; 857280297Sjkim} 85855714Skris 859280297Sjkimvoid SSL_set_verify_depth(SSL *s, int depth) 860280297Sjkim{ 861280297Sjkim X509_VERIFY_PARAM_set_depth(s->param, depth); 862280297Sjkim} 86355714Skris 864280297Sjkimvoid SSL_set_read_ahead(SSL *s, int yes) 865280297Sjkim{ 866280297Sjkim s->read_ahead = yes; 867280297Sjkim} 86855714Skris 869160814Ssimonint SSL_get_read_ahead(const SSL *s) 870280297Sjkim{ 871280297Sjkim return (s->read_ahead); 872280297Sjkim} 87355714Skris 874160814Ssimonint SSL_pending(const SSL *s) 875280297Sjkim{ 876280297Sjkim /* 877280297Sjkim * SSL_pending cannot work properly if read-ahead is enabled 878280297Sjkim * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is 879280297Sjkim * impossible to fix since SSL_pending cannot report errors that may be 880280297Sjkim * observed while scanning the new data. (Note that SSL_pending() is 881280297Sjkim * often used as a boolean value, so we'd better not return -1.) 882280297Sjkim */ 883280297Sjkim return (s->method->ssl_pending(s)); 884280297Sjkim} 88555714Skris 886160814SsimonX509 *SSL_get_peer_certificate(const SSL *s) 887280297Sjkim{ 888280297Sjkim X509 *r; 88955714Skris 890280297Sjkim if ((s == NULL) || (s->session == NULL)) 891280297Sjkim r = NULL; 892280297Sjkim else 893280297Sjkim r = s->session->peer; 89455714Skris 895280297Sjkim if (r == NULL) 896280297Sjkim return (r); 89755714Skris 898280297Sjkim CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509); 89955714Skris 900280297Sjkim return (r); 901280297Sjkim} 902280297Sjkim 903160814SsimonSTACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) 904280297Sjkim{ 905280297Sjkim STACK_OF(X509) *r; 90655714Skris 907280297Sjkim if ((s == NULL) || (s->session == NULL) 908280297Sjkim || (s->session->sess_cert == NULL)) 909280297Sjkim r = NULL; 910280297Sjkim else 911280297Sjkim r = s->session->sess_cert->cert_chain; 91255714Skris 913280297Sjkim /* 914280297Sjkim * If we are a client, cert_chain includes the peer's own certificate; if 915280297Sjkim * we are a server, it does not. 916280297Sjkim */ 91755714Skris 918280297Sjkim return (r); 919280297Sjkim} 92055714Skris 921280297Sjkim/* 922280297Sjkim * Now in theory, since the calling process own 't' it should be safe to 923280297Sjkim * modify. We need to be able to read f without being hassled 924280297Sjkim */ 925280297Sjkimvoid SSL_copy_session_id(SSL *t, const SSL *f) 926280297Sjkim{ 927280297Sjkim CERT *tmp; 92855714Skris 929280297Sjkim /* Do we need to to SSL locking? */ 930280297Sjkim SSL_set_session(t, SSL_get_session(f)); 93155714Skris 932280297Sjkim /* 933280297Sjkim * what if we are setup as SSLv2 but want to talk SSLv3 or vice-versa 934280297Sjkim */ 935280297Sjkim if (t->method != f->method) { 936280297Sjkim t->method->ssl_free(t); /* cleanup current */ 937280297Sjkim t->method = f->method; /* change method */ 938280297Sjkim t->method->ssl_new(t); /* setup new */ 939280297Sjkim } 940280297Sjkim 941280297Sjkim tmp = t->cert; 942280297Sjkim if (f->cert != NULL) { 943280297Sjkim CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); 944280297Sjkim t->cert = f->cert; 945280297Sjkim } else 946280297Sjkim t->cert = NULL; 947280297Sjkim if (tmp != NULL) 948280297Sjkim ssl_cert_free(tmp); 949280297Sjkim SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length); 950280297Sjkim} 951280297Sjkim 95255714Skris/* Fix this so it checks all the valid key/cert options */ 953160814Ssimonint SSL_CTX_check_private_key(const SSL_CTX *ctx) 954280297Sjkim{ 955280297Sjkim if ((ctx == NULL) || 956280297Sjkim (ctx->cert == NULL) || (ctx->cert->key->x509 == NULL)) { 957280297Sjkim SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, 958280297Sjkim SSL_R_NO_CERTIFICATE_ASSIGNED); 959280297Sjkim return (0); 960280297Sjkim } 961280297Sjkim if (ctx->cert->key->privatekey == NULL) { 962280297Sjkim SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, 963280297Sjkim SSL_R_NO_PRIVATE_KEY_ASSIGNED); 964280297Sjkim return (0); 965280297Sjkim } 966280297Sjkim return (X509_check_private_key 967280297Sjkim (ctx->cert->key->x509, ctx->cert->key->privatekey)); 968280297Sjkim} 96955714Skris 97055714Skris/* Fix this function so that it takes an optional type parameter */ 971160814Ssimonint SSL_check_private_key(const SSL *ssl) 972280297Sjkim{ 973280297Sjkim if (ssl == NULL) { 974280297Sjkim SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); 975280297Sjkim return (0); 976280297Sjkim } 977280297Sjkim if (ssl->cert == NULL) { 978280297Sjkim SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); 979280297Sjkim return 0; 980280297Sjkim } 981280297Sjkim if (ssl->cert->key->x509 == NULL) { 982280297Sjkim SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); 983280297Sjkim return (0); 984280297Sjkim } 985280297Sjkim if (ssl->cert->key->privatekey == NULL) { 986280297Sjkim SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 987280297Sjkim return (0); 988280297Sjkim } 989280297Sjkim return (X509_check_private_key(ssl->cert->key->x509, 990280297Sjkim ssl->cert->key->privatekey)); 991280297Sjkim} 99255714Skris 99355714Skrisint SSL_accept(SSL *s) 994280297Sjkim{ 995280297Sjkim if (s->handshake_func == 0) 996280297Sjkim /* Not properly initialized yet */ 997280297Sjkim SSL_set_accept_state(s); 99855714Skris 999280297Sjkim return (s->method->ssl_accept(s)); 1000280297Sjkim} 100155714Skris 100255714Skrisint SSL_connect(SSL *s) 1003280297Sjkim{ 1004280297Sjkim if (s->handshake_func == 0) 1005280297Sjkim /* Not properly initialized yet */ 1006280297Sjkim SSL_set_connect_state(s); 100755714Skris 1008280297Sjkim return (s->method->ssl_connect(s)); 1009280297Sjkim} 101055714Skris 1011160814Ssimonlong SSL_get_default_timeout(const SSL *s) 1012280297Sjkim{ 1013280297Sjkim return (s->method->get_timeout()); 1014280297Sjkim} 101555714Skris 1016280297Sjkimint SSL_read(SSL *s, void *buf, int num) 1017280297Sjkim{ 1018280297Sjkim if (s->handshake_func == 0) { 1019280297Sjkim SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); 1020280297Sjkim return -1; 1021280297Sjkim } 102255714Skris 1023280297Sjkim if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1024280297Sjkim s->rwstate = SSL_NOTHING; 1025280297Sjkim return (0); 1026280297Sjkim } 1027280297Sjkim return (s->method->ssl_read(s, buf, num)); 1028280297Sjkim} 102955714Skris 1030280297Sjkimint SSL_peek(SSL *s, void *buf, int num) 1031280297Sjkim{ 1032280297Sjkim if (s->handshake_func == 0) { 1033280297Sjkim SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); 1034280297Sjkim return -1; 1035280297Sjkim } 103676866Skris 1037280297Sjkim if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1038280297Sjkim return (0); 1039280297Sjkim } 1040280297Sjkim return (s->method->ssl_peek(s, buf, num)); 1041280297Sjkim} 104255714Skris 1043280297Sjkimint SSL_write(SSL *s, const void *buf, int num) 1044280297Sjkim{ 1045280297Sjkim if (s->handshake_func == 0) { 1046280297Sjkim SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); 1047280297Sjkim return -1; 1048280297Sjkim } 104955714Skris 1050280297Sjkim if (s->shutdown & SSL_SENT_SHUTDOWN) { 1051280297Sjkim s->rwstate = SSL_NOTHING; 1052280297Sjkim SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); 1053280297Sjkim return (-1); 1054280297Sjkim } 1055280297Sjkim return (s->method->ssl_write(s, buf, num)); 1056280297Sjkim} 105755714Skris 105855714Skrisint SSL_shutdown(SSL *s) 1059280297Sjkim{ 1060280297Sjkim /* 1061280297Sjkim * Note that this function behaves differently from what one might 1062280297Sjkim * expect. Return values are 0 for no success (yet), 1 for success; but 1063280297Sjkim * calling it once is usually not enough, even if blocking I/O is used 1064280297Sjkim * (see ssl3_shutdown). 1065280297Sjkim */ 106655714Skris 1067280297Sjkim if (s->handshake_func == 0) { 1068280297Sjkim SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); 1069280297Sjkim return -1; 1070280297Sjkim } 107155714Skris 1072296279Sjkim if (!SSL_in_init(s)) { 1073296279Sjkim return s->method->ssl_shutdown(s); 1074296279Sjkim } else { 1075296279Sjkim SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT); 1076296279Sjkim return -1; 1077296279Sjkim } 1078280297Sjkim} 107955714Skris 108055714Skrisint SSL_renegotiate(SSL *s) 1081280297Sjkim{ 1082280297Sjkim if (s->renegotiate == 0) 1083280297Sjkim s->renegotiate = 1; 1084238405Sjkim 1085280297Sjkim s->new_session = 1; 1086238405Sjkim 1087280297Sjkim return (s->method->ssl_renegotiate(s)); 1088280297Sjkim} 108955714Skris 1090238405Sjkimint SSL_renegotiate_abbreviated(SSL *s) 1091280297Sjkim{ 1092280297Sjkim if (s->renegotiate == 0) 1093280297Sjkim s->renegotiate = 1; 1094238405Sjkim 1095280297Sjkim s->new_session = 0; 1096238405Sjkim 1097280297Sjkim return (s->method->ssl_renegotiate(s)); 1098280297Sjkim} 1099238405Sjkim 1100109998Smarkmint SSL_renegotiate_pending(SSL *s) 1101280297Sjkim{ 1102280297Sjkim /* 1103280297Sjkim * becomes true when negotiation is requested; false again once a 1104280297Sjkim * handshake has finished 1105280297Sjkim */ 1106280297Sjkim return (s->renegotiate != 0); 1107280297Sjkim} 1108109998Smarkm 1109280297Sjkimlong SSL_ctrl(SSL *s, int cmd, long larg, void *parg) 1110280297Sjkim{ 1111280297Sjkim long l; 111255714Skris 1113280297Sjkim switch (cmd) { 1114280297Sjkim case SSL_CTRL_GET_READ_AHEAD: 1115280297Sjkim return (s->read_ahead); 1116280297Sjkim case SSL_CTRL_SET_READ_AHEAD: 1117280297Sjkim l = s->read_ahead; 1118280297Sjkim s->read_ahead = larg; 1119280297Sjkim return (l); 1120109998Smarkm 1121280297Sjkim case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1122280297Sjkim s->msg_callback_arg = parg; 1123280297Sjkim return 1; 1124109998Smarkm 1125280297Sjkim case SSL_CTRL_OPTIONS: 1126280297Sjkim return (s->options |= larg); 1127280297Sjkim case SSL_CTRL_CLEAR_OPTIONS: 1128280297Sjkim return (s->options &= ~larg); 1129280297Sjkim case SSL_CTRL_MODE: 1130280297Sjkim return (s->mode |= larg); 1131280297Sjkim case SSL_CTRL_CLEAR_MODE: 1132280297Sjkim return (s->mode &= ~larg); 1133280297Sjkim case SSL_CTRL_GET_MAX_CERT_LIST: 1134280297Sjkim return (s->max_cert_list); 1135280297Sjkim case SSL_CTRL_SET_MAX_CERT_LIST: 1136280297Sjkim l = s->max_cert_list; 1137280297Sjkim s->max_cert_list = larg; 1138280297Sjkim return (l); 1139280297Sjkim case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1140280297Sjkim if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1141280297Sjkim return 0; 1142280297Sjkim s->max_send_fragment = larg; 1143280297Sjkim return 1; 1144280297Sjkim case SSL_CTRL_GET_RI_SUPPORT: 1145280297Sjkim if (s->s3) 1146280297Sjkim return s->s3->send_connection_binding; 1147280297Sjkim else 1148280297Sjkim return 0; 1149290207Sjkim case SSL_CTRL_CERT_FLAGS: 1150290207Sjkim return (s->cert->cert_flags |= larg); 1151290207Sjkim case SSL_CTRL_CLEAR_CERT_FLAGS: 1152290207Sjkim return (s->cert->cert_flags &= ~larg); 1153290207Sjkim 1154290207Sjkim case SSL_CTRL_GET_RAW_CIPHERLIST: 1155290207Sjkim if (parg) { 1156290207Sjkim if (s->cert->ciphers_raw == NULL) 1157290207Sjkim return 0; 1158290207Sjkim *(unsigned char **)parg = s->cert->ciphers_raw; 1159290207Sjkim return (int)s->cert->ciphers_rawlen; 1160290207Sjkim } else 1161290207Sjkim return ssl_put_cipher_by_char(s, NULL, NULL); 1162280297Sjkim default: 1163280297Sjkim return (s->method->ssl_ctrl(s, cmd, larg, parg)); 1164280297Sjkim } 1165280297Sjkim} 116655714Skris 1167280297Sjkimlong SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) 1168280297Sjkim{ 1169280297Sjkim switch (cmd) { 1170280297Sjkim case SSL_CTRL_SET_MSG_CALLBACK: 1171280297Sjkim s->msg_callback = (void (*) 1172280297Sjkim (int write_p, int version, int content_type, 1173280297Sjkim const void *buf, size_t len, SSL *ssl, 1174280297Sjkim void *arg))(fp); 1175280297Sjkim return 1; 117659191Skris 1177280297Sjkim default: 1178280297Sjkim return (s->method->ssl_callback_ctrl(s, cmd, fp)); 1179280297Sjkim } 1180280297Sjkim} 1181280297Sjkim 1182238405SjkimLHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) 1183280297Sjkim{ 1184280297Sjkim return ctx->sessions; 1185280297Sjkim} 118659191Skris 1187280297Sjkimlong SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 1188280297Sjkim{ 1189280297Sjkim long l; 1190290207Sjkim /* For some cases with ctx == NULL perform syntax checks */ 1191290207Sjkim if (ctx == NULL) { 1192290207Sjkim switch (cmd) { 1193290207Sjkim#ifndef OPENSSL_NO_EC 1194290207Sjkim case SSL_CTRL_SET_CURVES_LIST: 1195290207Sjkim return tls1_set_curves_list(NULL, NULL, parg); 1196290207Sjkim#endif 1197290207Sjkim case SSL_CTRL_SET_SIGALGS_LIST: 1198290207Sjkim case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: 1199290207Sjkim return tls1_set_sigalgs_list(NULL, parg, 0); 1200290207Sjkim default: 1201290207Sjkim return 0; 1202290207Sjkim } 1203290207Sjkim } 120455714Skris 1205280297Sjkim switch (cmd) { 1206280297Sjkim case SSL_CTRL_GET_READ_AHEAD: 1207280297Sjkim return (ctx->read_ahead); 1208280297Sjkim case SSL_CTRL_SET_READ_AHEAD: 1209280297Sjkim l = ctx->read_ahead; 1210280297Sjkim ctx->read_ahead = larg; 1211280297Sjkim return (l); 121255714Skris 1213280297Sjkim case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1214280297Sjkim ctx->msg_callback_arg = parg; 1215280297Sjkim return 1; 1216109998Smarkm 1217280297Sjkim case SSL_CTRL_GET_MAX_CERT_LIST: 1218280297Sjkim return (ctx->max_cert_list); 1219280297Sjkim case SSL_CTRL_SET_MAX_CERT_LIST: 1220280297Sjkim l = ctx->max_cert_list; 1221280297Sjkim ctx->max_cert_list = larg; 1222280297Sjkim return (l); 122355714Skris 1224280297Sjkim case SSL_CTRL_SET_SESS_CACHE_SIZE: 1225280297Sjkim l = ctx->session_cache_size; 1226280297Sjkim ctx->session_cache_size = larg; 1227280297Sjkim return (l); 1228280297Sjkim case SSL_CTRL_GET_SESS_CACHE_SIZE: 1229280297Sjkim return (ctx->session_cache_size); 1230280297Sjkim case SSL_CTRL_SET_SESS_CACHE_MODE: 1231280297Sjkim l = ctx->session_cache_mode; 1232280297Sjkim ctx->session_cache_mode = larg; 1233280297Sjkim return (l); 1234280297Sjkim case SSL_CTRL_GET_SESS_CACHE_MODE: 1235280297Sjkim return (ctx->session_cache_mode); 123655714Skris 1237280297Sjkim case SSL_CTRL_SESS_NUMBER: 1238280297Sjkim return (lh_SSL_SESSION_num_items(ctx->sessions)); 1239280297Sjkim case SSL_CTRL_SESS_CONNECT: 1240280297Sjkim return (ctx->stats.sess_connect); 1241280297Sjkim case SSL_CTRL_SESS_CONNECT_GOOD: 1242280297Sjkim return (ctx->stats.sess_connect_good); 1243280297Sjkim case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: 1244280297Sjkim return (ctx->stats.sess_connect_renegotiate); 1245280297Sjkim case SSL_CTRL_SESS_ACCEPT: 1246280297Sjkim return (ctx->stats.sess_accept); 1247280297Sjkim case SSL_CTRL_SESS_ACCEPT_GOOD: 1248280297Sjkim return (ctx->stats.sess_accept_good); 1249280297Sjkim case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: 1250280297Sjkim return (ctx->stats.sess_accept_renegotiate); 1251280297Sjkim case SSL_CTRL_SESS_HIT: 1252280297Sjkim return (ctx->stats.sess_hit); 1253280297Sjkim case SSL_CTRL_SESS_CB_HIT: 1254280297Sjkim return (ctx->stats.sess_cb_hit); 1255280297Sjkim case SSL_CTRL_SESS_MISSES: 1256280297Sjkim return (ctx->stats.sess_miss); 1257280297Sjkim case SSL_CTRL_SESS_TIMEOUTS: 1258280297Sjkim return (ctx->stats.sess_timeout); 1259280297Sjkim case SSL_CTRL_SESS_CACHE_FULL: 1260280297Sjkim return (ctx->stats.sess_cache_full); 1261280297Sjkim case SSL_CTRL_OPTIONS: 1262280297Sjkim return (ctx->options |= larg); 1263280297Sjkim case SSL_CTRL_CLEAR_OPTIONS: 1264280297Sjkim return (ctx->options &= ~larg); 1265280297Sjkim case SSL_CTRL_MODE: 1266280297Sjkim return (ctx->mode |= larg); 1267280297Sjkim case SSL_CTRL_CLEAR_MODE: 1268280297Sjkim return (ctx->mode &= ~larg); 1269280297Sjkim case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1270280297Sjkim if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1271280297Sjkim return 0; 1272280297Sjkim ctx->max_send_fragment = larg; 1273280297Sjkim return 1; 1274290207Sjkim case SSL_CTRL_CERT_FLAGS: 1275290207Sjkim return (ctx->cert->cert_flags |= larg); 1276290207Sjkim case SSL_CTRL_CLEAR_CERT_FLAGS: 1277290207Sjkim return (ctx->cert->cert_flags &= ~larg); 1278280297Sjkim default: 1279280297Sjkim return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); 1280280297Sjkim } 1281280297Sjkim} 1282109998Smarkm 1283280297Sjkimlong SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) 1284280297Sjkim{ 1285280297Sjkim switch (cmd) { 1286280297Sjkim case SSL_CTRL_SET_MSG_CALLBACK: 1287280297Sjkim ctx->msg_callback = (void (*) 1288280297Sjkim (int write_p, int version, int content_type, 1289280297Sjkim const void *buf, size_t len, SSL *ssl, 1290280297Sjkim void *arg))(fp); 1291280297Sjkim return 1; 129259191Skris 1293280297Sjkim default: 1294280297Sjkim return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp)); 1295280297Sjkim } 1296280297Sjkim} 1297280297Sjkim 129868651Skrisint ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) 1299280297Sjkim{ 1300280297Sjkim long l; 130155714Skris 1302280297Sjkim l = a->id - b->id; 1303280297Sjkim if (l == 0L) 1304280297Sjkim return (0); 1305280297Sjkim else 1306280297Sjkim return ((l > 0) ? 1 : -1); 1307280297Sjkim} 130855714Skris 1309280297Sjkimint ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, 1310280297Sjkim const SSL_CIPHER *const *bp) 1311280297Sjkim{ 1312280297Sjkim long l; 131355714Skris 1314280297Sjkim l = (*ap)->id - (*bp)->id; 1315280297Sjkim if (l == 0L) 1316280297Sjkim return (0); 1317280297Sjkim else 1318280297Sjkim return ((l > 0) ? 1 : -1); 1319280297Sjkim} 132055714Skris 132155714Skris/** return a STACK of the ciphers available for the SSL and in order of 132255714Skris * preference */ 1323160814SsimonSTACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) 1324280297Sjkim{ 1325280297Sjkim if (s != NULL) { 1326280297Sjkim if (s->cipher_list != NULL) { 1327280297Sjkim return (s->cipher_list); 1328280297Sjkim } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) { 1329280297Sjkim return (s->ctx->cipher_list); 1330280297Sjkim } 1331280297Sjkim } 1332280297Sjkim return (NULL); 1333280297Sjkim} 133455714Skris 133555714Skris/** return a STACK of the ciphers available for the SSL and in order of 133655714Skris * algorithm id */ 133755714SkrisSTACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) 1338280297Sjkim{ 1339280297Sjkim if (s != NULL) { 1340280297Sjkim if (s->cipher_list_by_id != NULL) { 1341280297Sjkim return (s->cipher_list_by_id); 1342280297Sjkim } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) { 1343280297Sjkim return (s->ctx->cipher_list_by_id); 1344280297Sjkim } 1345280297Sjkim } 1346280297Sjkim return (NULL); 1347280297Sjkim} 134855714Skris 134955714Skris/** The old interface to get the same thing as SSL_get_ciphers() */ 1350280297Sjkimconst char *SSL_get_cipher_list(const SSL *s, int n) 1351280297Sjkim{ 1352280297Sjkim SSL_CIPHER *c; 1353280297Sjkim STACK_OF(SSL_CIPHER) *sk; 135455714Skris 1355280297Sjkim if (s == NULL) 1356280297Sjkim return (NULL); 1357280297Sjkim sk = SSL_get_ciphers(s); 1358280297Sjkim if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) 1359280297Sjkim return (NULL); 1360280297Sjkim c = sk_SSL_CIPHER_value(sk, n); 1361280297Sjkim if (c == NULL) 1362280297Sjkim return (NULL); 1363280297Sjkim return (c->name); 1364280297Sjkim} 136555714Skris 136659191Skris/** specify the ciphers to be used by default by the SSL_CTX */ 136759191Skrisint SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) 1368280297Sjkim{ 1369280297Sjkim STACK_OF(SSL_CIPHER) *sk; 137055714Skris 1371280297Sjkim sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 1372290207Sjkim &ctx->cipher_list_by_id, str, ctx->cert); 1373280297Sjkim /* 1374280297Sjkim * ssl_create_cipher_list may return an empty stack if it was unable to 1375280297Sjkim * find a cipher matching the given rule string (for example if the rule 1376280297Sjkim * string specifies a cipher which has been disabled). This is not an 1377280297Sjkim * error as far as ssl_create_cipher_list is concerned, and hence 1378280297Sjkim * ctx->cipher_list and ctx->cipher_list_by_id has been updated. 1379280297Sjkim */ 1380280297Sjkim if (sk == NULL) 1381280297Sjkim return 0; 1382280297Sjkim else if (sk_SSL_CIPHER_num(sk) == 0) { 1383280297Sjkim SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1384280297Sjkim return 0; 1385280297Sjkim } 1386280297Sjkim return 1; 1387280297Sjkim} 1388280297Sjkim 138955714Skris/** specify the ciphers to be used by the SSL */ 1390280297Sjkimint SSL_set_cipher_list(SSL *s, const char *str) 1391280297Sjkim{ 1392280297Sjkim STACK_OF(SSL_CIPHER) *sk; 139355714Skris 1394280297Sjkim sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, 1395290207Sjkim &s->cipher_list_by_id, str, s->cert); 1396280297Sjkim /* see comment in SSL_CTX_set_cipher_list */ 1397280297Sjkim if (sk == NULL) 1398280297Sjkim return 0; 1399280297Sjkim else if (sk_SSL_CIPHER_num(sk) == 0) { 1400280297Sjkim SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1401280297Sjkim return 0; 1402280297Sjkim } 1403280297Sjkim return 1; 1404280297Sjkim} 1405280297Sjkim 140655714Skris/* works well for SSLv2, not so good for SSLv3 */ 1407337982Sjkimchar *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) 1408280297Sjkim{ 1409280297Sjkim char *p; 1410337982Sjkim STACK_OF(SSL_CIPHER) *clntsk, *srvrsk; 1411280297Sjkim SSL_CIPHER *c; 1412280297Sjkim int i; 141355714Skris 1414337982Sjkim if (!s->server 1415337982Sjkim || s->session == NULL 1416337982Sjkim || s->session->ciphers == NULL 1417337982Sjkim || size < 2) 1418337982Sjkim return NULL; 141955714Skris 1420280297Sjkim p = buf; 1421337982Sjkim clntsk = s->session->ciphers; 1422337982Sjkim srvrsk = SSL_get_ciphers(s); 1423337982Sjkim if (clntsk == NULL || srvrsk == NULL) 1424337982Sjkim return NULL; 1425267256Sjkim 1426337982Sjkim if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0) 1427280297Sjkim return NULL; 1428267256Sjkim 1429337982Sjkim for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) { 1430280297Sjkim int n; 1431172429Ssimon 1432337982Sjkim c = sk_SSL_CIPHER_value(clntsk, i); 1433337982Sjkim if (sk_SSL_CIPHER_find(srvrsk, c) < 0) 1434337982Sjkim continue; 1435337982Sjkim 1436280297Sjkim n = strlen(c->name); 1437337982Sjkim if (n + 1 > size) { 1438280297Sjkim if (p != buf) 1439280297Sjkim --p; 1440280297Sjkim *p = '\0'; 1441280297Sjkim return buf; 1442280297Sjkim } 1443280297Sjkim strcpy(p, c->name); 1444280297Sjkim p += n; 1445280297Sjkim *(p++) = ':'; 1446337982Sjkim size -= n + 1; 1447280297Sjkim } 1448280297Sjkim p[-1] = '\0'; 1449280297Sjkim return (buf); 1450280297Sjkim} 145155714Skris 1452280297Sjkimint ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, 1453280297Sjkim unsigned char *p, 1454280297Sjkim int (*put_cb) (const SSL_CIPHER *, 1455280297Sjkim unsigned char *)) 1456280297Sjkim{ 1457280297Sjkim int i, j = 0; 1458280297Sjkim SSL_CIPHER *c; 1459290207Sjkim CERT *ct = s->cert; 1460280297Sjkim unsigned char *q; 1461290207Sjkim int empty_reneg_info_scsv = !s->renegotiate; 1462290207Sjkim /* Set disabled masks for this session */ 1463290207Sjkim ssl_set_client_disabled(s); 146455714Skris 1465280297Sjkim if (sk == NULL) 1466280297Sjkim return (0); 1467280297Sjkim q = p; 1468280297Sjkim if (put_cb == NULL) 1469280297Sjkim put_cb = s->method->put_cipher_by_char; 147055714Skris 1471280297Sjkim for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { 1472280297Sjkim c = sk_SSL_CIPHER_value(sk, i); 1473290207Sjkim /* Skip disabled ciphers */ 1474290207Sjkim if (c->algorithm_ssl & ct->mask_ssl || 1475290207Sjkim c->algorithm_mkey & ct->mask_k || c->algorithm_auth & ct->mask_a) 1476280297Sjkim continue; 1477290207Sjkim#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL 1478290207Sjkim if (c->id == SSL3_CK_SCSV) { 1479290207Sjkim if (!empty_reneg_info_scsv) 1480290207Sjkim continue; 1481290207Sjkim else 1482290207Sjkim empty_reneg_info_scsv = 0; 1483290207Sjkim } 1484290207Sjkim#endif 1485280297Sjkim j = put_cb(c, p); 1486280297Sjkim p += j; 1487280297Sjkim } 1488280297Sjkim /* 1489280297Sjkim * If p == q, no ciphers; caller indicates an error. Otherwise, add 1490280297Sjkim * applicable SCSVs. 1491280297Sjkim */ 1492280297Sjkim if (p != q) { 1493290207Sjkim if (empty_reneg_info_scsv) { 1494280297Sjkim static SSL_CIPHER scsv = { 1495280297Sjkim 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 1496280297Sjkim }; 1497280297Sjkim j = put_cb(&scsv, p); 1498280297Sjkim p += j; 1499205128Ssimon#ifdef OPENSSL_RI_DEBUG 1500280297Sjkim fprintf(stderr, 1501280297Sjkim "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n"); 1502205128Ssimon#endif 1503280297Sjkim } 1504280297Sjkim if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) { 1505280297Sjkim static SSL_CIPHER scsv = { 1506280297Sjkim 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 1507280297Sjkim }; 1508280297Sjkim j = put_cb(&scsv, p); 1509280297Sjkim p += j; 1510280297Sjkim } 1511280297Sjkim } 1512273144Sjkim 1513280297Sjkim return (p - q); 1514280297Sjkim} 151555714Skris 1516280297SjkimSTACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, 1517280297Sjkim int num, 1518280297Sjkim STACK_OF(SSL_CIPHER) **skp) 1519280297Sjkim{ 1520280297Sjkim const SSL_CIPHER *c; 1521280297Sjkim STACK_OF(SSL_CIPHER) *sk; 1522280297Sjkim int i, n; 1523273144Sjkim 1524280297Sjkim if (s->s3) 1525280297Sjkim s->s3->send_connection_binding = 0; 152655714Skris 1527280297Sjkim n = ssl_put_cipher_by_char(s, NULL, NULL); 1528280297Sjkim if (n == 0 || (num % n) != 0) { 1529280297Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, 1530280297Sjkim SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 1531280297Sjkim return (NULL); 1532280297Sjkim } 1533284283Sjkim if ((skp == NULL) || (*skp == NULL)) { 1534280297Sjkim sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */ 1535284283Sjkim if(sk == NULL) { 1536284283Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1537284283Sjkim return NULL; 1538284283Sjkim } 1539284283Sjkim } else { 1540280297Sjkim sk = *skp; 1541280297Sjkim sk_SSL_CIPHER_zero(sk); 1542280297Sjkim } 154355714Skris 1544290207Sjkim if (s->cert->ciphers_raw) 1545290207Sjkim OPENSSL_free(s->cert->ciphers_raw); 1546290207Sjkim s->cert->ciphers_raw = BUF_memdup(p, num); 1547290207Sjkim if (s->cert->ciphers_raw == NULL) { 1548290207Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1549290207Sjkim goto err; 1550290207Sjkim } 1551290207Sjkim s->cert->ciphers_rawlen = (size_t)num; 1552290207Sjkim 1553280297Sjkim for (i = 0; i < num; i += n) { 1554280297Sjkim /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ 1555280297Sjkim if (s->s3 && (n != 3 || !p[0]) && 1556280297Sjkim (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && 1557280297Sjkim (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { 1558280297Sjkim /* SCSV fatal if renegotiating */ 1559280297Sjkim if (s->renegotiate) { 1560280297Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, 1561280297Sjkim SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); 1562280297Sjkim ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1563280297Sjkim goto err; 1564280297Sjkim } 1565280297Sjkim s->s3->send_connection_binding = 1; 1566280297Sjkim p += n; 1567205128Ssimon#ifdef OPENSSL_RI_DEBUG 1568280297Sjkim fprintf(stderr, "SCSV received by server\n"); 1569205128Ssimon#endif 1570280297Sjkim continue; 1571280297Sjkim } 1572205128Ssimon 1573280297Sjkim /* Check for TLS_FALLBACK_SCSV */ 1574280297Sjkim if ((n != 3 || !p[0]) && 1575280297Sjkim (p[n - 2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) && 1576280297Sjkim (p[n - 1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) { 1577280297Sjkim /* 1578280297Sjkim * The SCSV indicates that the client previously tried a higher 1579280297Sjkim * version. Fail if the current version is an unexpected 1580280297Sjkim * downgrade. 1581280297Sjkim */ 1582280297Sjkim if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) { 1583280297Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, 1584280297Sjkim SSL_R_INAPPROPRIATE_FALLBACK); 1585280297Sjkim if (s->s3) 1586280297Sjkim ssl3_send_alert(s, SSL3_AL_FATAL, 1587280297Sjkim SSL_AD_INAPPROPRIATE_FALLBACK); 1588280297Sjkim goto err; 1589280297Sjkim } 1590280297Sjkim p += n; 1591280297Sjkim continue; 1592280297Sjkim } 1593273144Sjkim 1594280297Sjkim c = ssl_get_cipher_by_char(s, p); 1595280297Sjkim p += n; 1596280297Sjkim if (c != NULL) { 1597280297Sjkim if (!sk_SSL_CIPHER_push(sk, c)) { 1598280297Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1599280297Sjkim goto err; 1600280297Sjkim } 1601280297Sjkim } 1602280297Sjkim } 160355714Skris 1604280297Sjkim if (skp != NULL) 1605280297Sjkim *skp = sk; 1606280297Sjkim return (sk); 1607280297Sjkim err: 1608280297Sjkim if ((skp == NULL) || (*skp == NULL)) 1609280297Sjkim sk_SSL_CIPHER_free(sk); 1610280297Sjkim return (NULL); 1611280297Sjkim} 161255714Skris 1613194206Ssimon#ifndef OPENSSL_NO_TLSEXT 1614194206Ssimon/** return a servername extension value if provided in Client Hello, or NULL. 1615194206Ssimon * So far, only host_name types are defined (RFC 3546). 1616194206Ssimon */ 1617194206Ssimon 1618194206Ssimonconst char *SSL_get_servername(const SSL *s, const int type) 1619280297Sjkim{ 1620280297Sjkim if (type != TLSEXT_NAMETYPE_host_name) 1621280297Sjkim return NULL; 1622194206Ssimon 1623280297Sjkim return s->session && !s->tlsext_hostname ? 1624280297Sjkim s->session->tlsext_hostname : s->tlsext_hostname; 1625280297Sjkim} 1626194206Ssimon 1627194206Ssimonint SSL_get_servername_type(const SSL *s) 1628280297Sjkim{ 1629280297Sjkim if (s->session 1630280297Sjkim && (!s->tlsext_hostname ? s->session-> 1631280297Sjkim tlsext_hostname : s->tlsext_hostname)) 1632280297Sjkim return TLSEXT_NAMETYPE_host_name; 1633280297Sjkim return -1; 1634280297Sjkim} 1635238405Sjkim 1636280297Sjkim/* 1637280297Sjkim * SSL_select_next_proto implements the standard protocol selection. It is 1638238405Sjkim * expected that this function is called from the callback set by 1639280297Sjkim * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a 1640280297Sjkim * vector of 8-bit, length prefixed byte strings. The length byte itself is 1641280297Sjkim * not included in the length. A byte string of length 0 is invalid. No byte 1642280297Sjkim * string may be truncated. The current, but experimental algorithm for 1643280297Sjkim * selecting the protocol is: 1) If the server doesn't support NPN then this 1644280297Sjkim * is indicated to the callback. In this case, the client application has to 1645280297Sjkim * abort the connection or have a default application level protocol. 2) If 1646280297Sjkim * the server supports NPN, but advertises an empty list then the client 1647280297Sjkim * selects the first protcol in its list, but indicates via the API that this 1648280297Sjkim * fallback case was enacted. 3) Otherwise, the client finds the first 1649280297Sjkim * protocol in the server's list that it supports and selects this protocol. 1650280297Sjkim * This is because it's assumed that the server has better information about 1651280297Sjkim * which protocol a client should use. 4) If the client doesn't support any 1652280297Sjkim * of the server's advertised protocols, then this is treated the same as 1653280297Sjkim * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was 1654280297Sjkim * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. 1655238405Sjkim */ 1656280297Sjkimint SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 1657280297Sjkim const unsigned char *server, 1658280297Sjkim unsigned int server_len, 1659280297Sjkim const unsigned char *client, 1660280297Sjkim unsigned int client_len) 1661280297Sjkim{ 1662280297Sjkim unsigned int i, j; 1663280297Sjkim const unsigned char *result; 1664280297Sjkim int status = OPENSSL_NPN_UNSUPPORTED; 1665238405Sjkim 1666280297Sjkim /* 1667280297Sjkim * For each protocol in server preference order, see if we support it. 1668280297Sjkim */ 1669280297Sjkim for (i = 0; i < server_len;) { 1670280297Sjkim for (j = 0; j < client_len;) { 1671280297Sjkim if (server[i] == client[j] && 1672280297Sjkim memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { 1673280297Sjkim /* We found a match */ 1674280297Sjkim result = &server[i]; 1675280297Sjkim status = OPENSSL_NPN_NEGOTIATED; 1676280297Sjkim goto found; 1677280297Sjkim } 1678280297Sjkim j += client[j]; 1679280297Sjkim j++; 1680280297Sjkim } 1681280297Sjkim i += server[i]; 1682280297Sjkim i++; 1683280297Sjkim } 1684238405Sjkim 1685280297Sjkim /* There's no overlap between our protocols and the server's list. */ 1686280297Sjkim result = client; 1687280297Sjkim status = OPENSSL_NPN_NO_OVERLAP; 1688238405Sjkim 1689280297Sjkim found: 1690280297Sjkim *out = (unsigned char *)result + 1; 1691280297Sjkim *outlen = result[0]; 1692280297Sjkim return status; 1693280297Sjkim} 1694238405Sjkim 1695290207Sjkim# ifndef OPENSSL_NO_NEXTPROTONEG 1696280297Sjkim/* 1697280297Sjkim * SSL_get0_next_proto_negotiated sets *data and *len to point to the 1698280297Sjkim * client's requested protocol for this connection and returns 0. If the 1699280297Sjkim * client didn't request any protocol, then *data is set to NULL. Note that 1700280297Sjkim * the client can request any protocol it chooses. The value returned from 1701280297Sjkim * this function need not be a member of the list of supported protocols 1702238405Sjkim * provided by the callback. 1703238405Sjkim */ 1704280297Sjkimvoid SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, 1705280297Sjkim unsigned *len) 1706280297Sjkim{ 1707280297Sjkim *data = s->next_proto_negotiated; 1708280297Sjkim if (!*data) { 1709280297Sjkim *len = 0; 1710280297Sjkim } else { 1711280297Sjkim *len = s->next_proto_negotiated_len; 1712280297Sjkim } 1713238405Sjkim} 1714238405Sjkim 1715280297Sjkim/* 1716280297Sjkim * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when 1717280297Sjkim * a TLS server needs a list of supported protocols for Next Protocol 1718280297Sjkim * Negotiation. The returned list must be in wire format. The list is 1719280297Sjkim * returned by setting |out| to point to it and |outlen| to its length. This 1720280297Sjkim * memory will not be modified, but one should assume that the SSL* keeps a 1721280297Sjkim * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it 1722280297Sjkim * wishes to advertise. Otherwise, no such extension will be included in the 1723280297Sjkim * ServerHello. 1724280297Sjkim */ 1725280297Sjkimvoid SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, 1726280297Sjkim int (*cb) (SSL *ssl, 1727280297Sjkim const unsigned char 1728280297Sjkim **out, 1729280297Sjkim unsigned int *outlen, 1730280297Sjkim void *arg), void *arg) 1731280297Sjkim{ 1732280297Sjkim ctx->next_protos_advertised_cb = cb; 1733280297Sjkim ctx->next_protos_advertised_cb_arg = arg; 1734280297Sjkim} 1735238405Sjkim 1736280297Sjkim/* 1737280297Sjkim * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a 1738238405Sjkim * client needs to select a protocol from the server's provided list. |out| 1739238405Sjkim * must be set to point to the selected protocol (which may be within |in|). 1740280297Sjkim * The length of the protocol name must be written into |outlen|. The 1741280297Sjkim * server's advertised protocols are provided in |in| and |inlen|. The 1742280297Sjkim * callback can assume that |in| is syntactically valid. The client must 1743280297Sjkim * select a protocol. It is fatal to the connection if this callback returns 1744280297Sjkim * a value other than SSL_TLSEXT_ERR_OK. 1745238405Sjkim */ 1746280297Sjkimvoid SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, 1747280297Sjkim int (*cb) (SSL *s, unsigned char **out, 1748280297Sjkim unsigned char *outlen, 1749280297Sjkim const unsigned char *in, 1750280297Sjkim unsigned int inlen, 1751280297Sjkim void *arg), void *arg) 1752280297Sjkim{ 1753280297Sjkim ctx->next_proto_select_cb = cb; 1754280297Sjkim ctx->next_proto_select_cb_arg = arg; 1755280297Sjkim} 1756238405Sjkim# endif 1757194206Ssimon 1758290207Sjkim/* 1759290207Sjkim * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. 1760290207Sjkim * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit 1761290207Sjkim * length-prefixed strings). Returns 0 on success. 1762290207Sjkim */ 1763290207Sjkimint SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, 1764290207Sjkim unsigned protos_len) 1765290207Sjkim{ 1766290207Sjkim if (ctx->alpn_client_proto_list) 1767290207Sjkim OPENSSL_free(ctx->alpn_client_proto_list); 1768290207Sjkim 1769290207Sjkim ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len); 1770290207Sjkim if (!ctx->alpn_client_proto_list) 1771290207Sjkim return 1; 1772290207Sjkim memcpy(ctx->alpn_client_proto_list, protos, protos_len); 1773290207Sjkim ctx->alpn_client_proto_list_len = protos_len; 1774290207Sjkim 1775290207Sjkim return 0; 1776290207Sjkim} 1777290207Sjkim 1778290207Sjkim/* 1779290207Sjkim * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|. 1780290207Sjkim * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit 1781290207Sjkim * length-prefixed strings). Returns 0 on success. 1782290207Sjkim */ 1783290207Sjkimint SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, 1784290207Sjkim unsigned protos_len) 1785290207Sjkim{ 1786290207Sjkim if (ssl->alpn_client_proto_list) 1787290207Sjkim OPENSSL_free(ssl->alpn_client_proto_list); 1788290207Sjkim 1789290207Sjkim ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len); 1790290207Sjkim if (!ssl->alpn_client_proto_list) 1791290207Sjkim return 1; 1792290207Sjkim memcpy(ssl->alpn_client_proto_list, protos, protos_len); 1793290207Sjkim ssl->alpn_client_proto_list_len = protos_len; 1794290207Sjkim 1795290207Sjkim return 0; 1796290207Sjkim} 1797290207Sjkim 1798290207Sjkim/* 1799290207Sjkim * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is 1800290207Sjkim * called during ClientHello processing in order to select an ALPN protocol 1801290207Sjkim * from the client's list of offered protocols. 1802290207Sjkim */ 1803290207Sjkimvoid SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, 1804290207Sjkim int (*cb) (SSL *ssl, 1805290207Sjkim const unsigned char **out, 1806290207Sjkim unsigned char *outlen, 1807290207Sjkim const unsigned char *in, 1808290207Sjkim unsigned int inlen, 1809290207Sjkim void *arg), void *arg) 1810290207Sjkim{ 1811290207Sjkim ctx->alpn_select_cb = cb; 1812290207Sjkim ctx->alpn_select_cb_arg = arg; 1813290207Sjkim} 1814290207Sjkim 1815290207Sjkim/* 1816290207Sjkim * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from 1817290207Sjkim * |ssl|. On return it sets |*data| to point to |*len| bytes of protocol name 1818290207Sjkim * (not including the leading length-prefix byte). If the server didn't 1819290207Sjkim * respond with a negotiated protocol then |*len| will be zero. 1820290207Sjkim */ 1821290207Sjkimvoid SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, 1822290207Sjkim unsigned *len) 1823290207Sjkim{ 1824290207Sjkim *data = NULL; 1825290207Sjkim if (ssl->s3) 1826290207Sjkim *data = ssl->s3->alpn_selected; 1827290207Sjkim if (*data == NULL) 1828290207Sjkim *len = 0; 1829290207Sjkim else 1830290207Sjkim *len = ssl->s3->alpn_selected_len; 1831290207Sjkim} 1832290207Sjkim 1833290207Sjkim#endif /* !OPENSSL_NO_TLSEXT */ 1834290207Sjkim 1835238405Sjkimint SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1836280297Sjkim const char *label, size_t llen, 1837325337Sjkim const unsigned char *context, size_t contextlen, 1838280297Sjkim int use_context) 1839280297Sjkim{ 1840306195Sjkim if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER) 1841280297Sjkim return -1; 1842238405Sjkim 1843280297Sjkim return s->method->ssl3_enc->export_keying_material(s, out, olen, label, 1844325337Sjkim llen, context, 1845325337Sjkim contextlen, use_context); 1846280297Sjkim} 1847238405Sjkim 1848238405Sjkimstatic unsigned long ssl_session_hash(const SSL_SESSION *a) 1849280297Sjkim{ 1850325335Sjkim const unsigned char *session_id = a->session_id; 1851280297Sjkim unsigned long l; 1852325335Sjkim unsigned char tmp_storage[4]; 185355714Skris 1854325335Sjkim if (a->session_id_length < sizeof(tmp_storage)) { 1855325335Sjkim memset(tmp_storage, 0, sizeof(tmp_storage)); 1856325335Sjkim memcpy(tmp_storage, a->session_id, a->session_id_length); 1857325335Sjkim session_id = tmp_storage; 1858325335Sjkim } 1859325335Sjkim 1860280297Sjkim l = (unsigned long) 1861325335Sjkim ((unsigned long)session_id[0]) | 1862325335Sjkim ((unsigned long)session_id[1] << 8L) | 1863325335Sjkim ((unsigned long)session_id[2] << 16L) | 1864325335Sjkim ((unsigned long)session_id[3] << 24L); 1865280297Sjkim return (l); 1866280297Sjkim} 186755714Skris 1868280297Sjkim/* 1869280297Sjkim * NB: If this function (or indeed the hash function which uses a sort of 1870109998Smarkm * coarser function than this one) is changed, ensure 1871280297Sjkim * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on 1872280297Sjkim * being able to construct an SSL_SESSION that will collide with any existing 1873280297Sjkim * session with a matching session ID. 1874280297Sjkim */ 1875280297Sjkimstatic int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) 1876280297Sjkim{ 1877280297Sjkim if (a->ssl_version != b->ssl_version) 1878280297Sjkim return (1); 1879280297Sjkim if (a->session_id_length != b->session_id_length) 1880280297Sjkim return (1); 1881280297Sjkim return (memcmp(a->session_id, b->session_id, a->session_id_length)); 1882280297Sjkim} 188355714Skris 1884280297Sjkim/* 1885280297Sjkim * These wrapper functions should remain rather than redeclaring 1886109998Smarkm * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each 1887280297Sjkim * variable. The reason is that the functions aren't static, they're exposed 1888280297Sjkim * via ssl.h. 1889280297Sjkim */ 1890238405Sjkimstatic IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) 1891238405Sjkimstatic IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) 1892109998Smarkm 1893238405SjkimSSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) 1894280297Sjkim{ 1895280297Sjkim SSL_CTX *ret = NULL; 1896238405Sjkim 1897280297Sjkim if (meth == NULL) { 1898280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); 1899280297Sjkim return (NULL); 1900280297Sjkim } 1901194206Ssimon#ifdef OPENSSL_FIPS 1902280297Sjkim if (FIPS_mode() && (meth->version < TLS1_VERSION)) { 1903280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 1904280297Sjkim return NULL; 1905280297Sjkim } 1906194206Ssimon#endif 1907194206Ssimon 1908280297Sjkim if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 1909280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 1910280297Sjkim goto err; 1911280297Sjkim } 1912280297Sjkim ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); 1913280297Sjkim if (ret == NULL) 1914280297Sjkim goto err; 191555714Skris 1916280297Sjkim memset(ret, 0, sizeof(SSL_CTX)); 191755714Skris 1918280297Sjkim ret->method = meth; 191955714Skris 1920280297Sjkim ret->cert_store = NULL; 1921280297Sjkim ret->session_cache_mode = SSL_SESS_CACHE_SERVER; 1922280297Sjkim ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 1923280297Sjkim ret->session_cache_head = NULL; 1924280297Sjkim ret->session_cache_tail = NULL; 192555714Skris 1926280297Sjkim /* We take the system default */ 1927280297Sjkim ret->session_timeout = meth->get_timeout(); 192855714Skris 1929280297Sjkim ret->new_session_cb = 0; 1930280297Sjkim ret->remove_session_cb = 0; 1931280297Sjkim ret->get_session_cb = 0; 1932280297Sjkim ret->generate_session_id = 0; 193355714Skris 1934280297Sjkim memset((char *)&ret->stats, 0, sizeof(ret->stats)); 193555714Skris 1936280297Sjkim ret->references = 1; 1937280297Sjkim ret->quiet_shutdown = 0; 193855714Skris 1939280297Sjkim/* ret->cipher=NULL;*/ 1940280297Sjkim/*- 1941280297Sjkim ret->s2->challenge=NULL; 1942280297Sjkim ret->master_key=NULL; 1943280297Sjkim ret->key_arg=NULL; 1944280297Sjkim ret->s2->conn_id=NULL; */ 194555714Skris 1946280297Sjkim ret->info_callback = NULL; 194755714Skris 1948280297Sjkim ret->app_verify_callback = 0; 1949280297Sjkim ret->app_verify_arg = NULL; 195055714Skris 1951280297Sjkim ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; 1952280297Sjkim ret->read_ahead = 0; 1953280297Sjkim ret->msg_callback = 0; 1954280297Sjkim ret->msg_callback_arg = NULL; 1955280297Sjkim ret->verify_mode = SSL_VERIFY_NONE; 1956160814Ssimon#if 0 1957280297Sjkim ret->verify_depth = -1; /* Don't impose a limit (but x509_lu.c does) */ 1958160814Ssimon#endif 1959280297Sjkim ret->sid_ctx_length = 0; 1960280297Sjkim ret->default_verify_callback = NULL; 1961280297Sjkim if ((ret->cert = ssl_cert_new()) == NULL) 1962280297Sjkim goto err; 196355714Skris 1964280297Sjkim ret->default_passwd_callback = 0; 1965280297Sjkim ret->default_passwd_callback_userdata = NULL; 1966280297Sjkim ret->client_cert_cb = 0; 1967280297Sjkim ret->app_gen_cookie_cb = 0; 1968280297Sjkim ret->app_verify_cookie_cb = 0; 196955714Skris 1970280297Sjkim ret->sessions = lh_SSL_SESSION_new(); 1971280297Sjkim if (ret->sessions == NULL) 1972280297Sjkim goto err; 1973280297Sjkim ret->cert_store = X509_STORE_new(); 1974280297Sjkim if (ret->cert_store == NULL) 1975280297Sjkim goto err; 197655714Skris 1977280297Sjkim ssl_create_cipher_list(ret->method, 1978280297Sjkim &ret->cipher_list, &ret->cipher_list_by_id, 1979280297Sjkim meth->version == 1980290207Sjkim SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, 1981290207Sjkim ret->cert); 1982280297Sjkim if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { 1983280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); 1984280297Sjkim goto err2; 1985280297Sjkim } 198655714Skris 1987280297Sjkim ret->param = X509_VERIFY_PARAM_new(); 1988280297Sjkim if (!ret->param) 1989280297Sjkim goto err; 1990160814Ssimon 1991280297Sjkim if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) { 1992280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); 1993280297Sjkim goto err2; 1994280297Sjkim } 1995280297Sjkim if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { 1996280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); 1997280297Sjkim goto err2; 1998280297Sjkim } 1999280297Sjkim if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { 2000280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); 2001280297Sjkim goto err2; 2002280297Sjkim } 200355714Skris 2004280297Sjkim if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) 2005280297Sjkim goto err; 200655714Skris 2007280297Sjkim CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); 200855714Skris 2009280297Sjkim ret->extra_certs = NULL; 2010280297Sjkim /* No compression for DTLS */ 2011291719Sjkim if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)) 2012280297Sjkim ret->comp_methods = SSL_COMP_get_compression_methods(); 201355714Skris 2014280297Sjkim ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 2015238405Sjkim 2016194206Ssimon#ifndef OPENSSL_NO_TLSEXT 2017280297Sjkim ret->tlsext_servername_callback = 0; 2018280297Sjkim ret->tlsext_servername_arg = NULL; 2019280297Sjkim /* Setup RFC4507 ticket keys */ 2020306195Sjkim if ((RAND_bytes(ret->tlsext_tick_key_name, 16) <= 0) 2021280297Sjkim || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) 2022280297Sjkim || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) 2023280297Sjkim ret->options |= SSL_OP_NO_TICKET; 2024194206Ssimon 2025280297Sjkim ret->tlsext_status_cb = 0; 2026280297Sjkim ret->tlsext_status_arg = NULL; 2027194206Ssimon 2028238405Sjkim# ifndef OPENSSL_NO_NEXTPROTONEG 2029280297Sjkim ret->next_protos_advertised_cb = 0; 2030280297Sjkim ret->next_proto_select_cb = 0; 2031238405Sjkim# endif 2032194206Ssimon#endif 2033238405Sjkim#ifndef OPENSSL_NO_PSK 2034280297Sjkim ret->psk_identity_hint = NULL; 2035280297Sjkim ret->psk_client_callback = NULL; 2036280297Sjkim ret->psk_server_callback = NULL; 2037238405Sjkim#endif 2038238405Sjkim#ifndef OPENSSL_NO_SRP 2039280297Sjkim SSL_CTX_SRP_CTX_init(ret); 2040238405Sjkim#endif 2041238405Sjkim#ifndef OPENSSL_NO_BUF_FREELISTS 2042280297Sjkim ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; 2043280297Sjkim ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); 2044280297Sjkim if (!ret->rbuf_freelist) 2045280297Sjkim goto err; 2046280297Sjkim ret->rbuf_freelist->chunklen = 0; 2047280297Sjkim ret->rbuf_freelist->len = 0; 2048280297Sjkim ret->rbuf_freelist->head = NULL; 2049280297Sjkim ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); 2050312826Sjkim if (!ret->wbuf_freelist) 2051280297Sjkim goto err; 2052280297Sjkim ret->wbuf_freelist->chunklen = 0; 2053280297Sjkim ret->wbuf_freelist->len = 0; 2054280297Sjkim ret->wbuf_freelist->head = NULL; 2055238405Sjkim#endif 2056194206Ssimon#ifndef OPENSSL_NO_ENGINE 2057280297Sjkim ret->client_cert_engine = NULL; 2058280297Sjkim# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO 2059280297Sjkim# define eng_strx(x) #x 2060280297Sjkim# define eng_str(x) eng_strx(x) 2061280297Sjkim /* Use specific client engine automatically... ignore errors */ 2062280297Sjkim { 2063280297Sjkim ENGINE *eng; 2064280297Sjkim eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 2065280297Sjkim if (!eng) { 2066280297Sjkim ERR_clear_error(); 2067280297Sjkim ENGINE_load_builtin_engines(); 2068280297Sjkim eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 2069280297Sjkim } 2070280297Sjkim if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) 2071280297Sjkim ERR_clear_error(); 2072280297Sjkim } 2073280297Sjkim# endif 2074194206Ssimon#endif 2075280297Sjkim /* 2076280297Sjkim * Default is to connect to non-RI servers. When RI is more widely 2077280297Sjkim * deployed might change this. 2078280297Sjkim */ 2079280297Sjkim ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; 2080194206Ssimon 2081296279Sjkim /* 2082296279Sjkim * Disable SSLv2 by default, callers that want to enable SSLv2 will have to 2083296279Sjkim * explicitly clear this option via either of SSL_CTX_clear_options() or 2084296279Sjkim * SSL_clear_options(). 2085296279Sjkim */ 2086296279Sjkim ret->options |= SSL_OP_NO_SSLv2; 2087296279Sjkim 2088280297Sjkim return (ret); 2089280297Sjkim err: 2090280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); 2091280297Sjkim err2: 2092280297Sjkim if (ret != NULL) 2093280297Sjkim SSL_CTX_free(ret); 2094280297Sjkim return (NULL); 2095280297Sjkim} 209655714Skris 2097109998Smarkm#if 0 209855714Skrisstatic void SSL_COMP_free(SSL_COMP *comp) 2099280297Sjkim{ 2100280297Sjkim OPENSSL_free(comp); 2101280297Sjkim} 2102109998Smarkm#endif 210355714Skris 2104238405Sjkim#ifndef OPENSSL_NO_BUF_FREELISTS 2105280297Sjkimstatic void ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) 2106280297Sjkim{ 2107280297Sjkim SSL3_BUF_FREELIST_ENTRY *ent, *next; 2108280297Sjkim for (ent = list->head; ent; ent = next) { 2109280297Sjkim next = ent->next; 2110280297Sjkim OPENSSL_free(ent); 2111280297Sjkim } 2112280297Sjkim OPENSSL_free(list); 2113280297Sjkim} 2114238405Sjkim#endif 2115238405Sjkim 211655714Skrisvoid SSL_CTX_free(SSL_CTX *a) 2117280297Sjkim{ 2118280297Sjkim int i; 211955714Skris 2120280297Sjkim if (a == NULL) 2121280297Sjkim return; 212255714Skris 2123280297Sjkim i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX); 212455714Skris#ifdef REF_PRINT 2125280297Sjkim REF_PRINT("SSL_CTX", a); 212655714Skris#endif 2127280297Sjkim if (i > 0) 2128280297Sjkim return; 212955714Skris#ifdef REF_CHECK 2130280297Sjkim if (i < 0) { 2131280297Sjkim fprintf(stderr, "SSL_CTX_free, bad reference count\n"); 2132280297Sjkim abort(); /* ok */ 2133280297Sjkim } 213455714Skris#endif 213555714Skris 2136280297Sjkim if (a->param) 2137280297Sjkim X509_VERIFY_PARAM_free(a->param); 2138160814Ssimon 2139280297Sjkim /* 2140280297Sjkim * Free internal session cache. However: the remove_cb() may reference 2141280297Sjkim * the ex_data of SSL_CTX, thus the ex_data store can only be removed 2142280297Sjkim * after the sessions were flushed. 2143280297Sjkim * As the ex_data handling routines might also touch the session cache, 2144280297Sjkim * the most secure solution seems to be: empty (flush) the cache, then 2145280297Sjkim * free ex_data, then finally free the cache. 2146280297Sjkim * (See ticket [openssl.org #212].) 2147280297Sjkim */ 2148280297Sjkim if (a->sessions != NULL) 2149280297Sjkim SSL_CTX_flush_sessions(a, 0); 2150109998Smarkm 2151280297Sjkim CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); 2152109998Smarkm 2153280297Sjkim if (a->sessions != NULL) 2154280297Sjkim lh_SSL_SESSION_free(a->sessions); 2155109998Smarkm 2156280297Sjkim if (a->cert_store != NULL) 2157280297Sjkim X509_STORE_free(a->cert_store); 2158280297Sjkim if (a->cipher_list != NULL) 2159280297Sjkim sk_SSL_CIPHER_free(a->cipher_list); 2160280297Sjkim if (a->cipher_list_by_id != NULL) 2161280297Sjkim sk_SSL_CIPHER_free(a->cipher_list_by_id); 2162280297Sjkim if (a->cert != NULL) 2163280297Sjkim ssl_cert_free(a->cert); 2164280297Sjkim if (a->client_CA != NULL) 2165280297Sjkim sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); 2166280297Sjkim if (a->extra_certs != NULL) 2167280297Sjkim sk_X509_pop_free(a->extra_certs, X509_free); 2168280297Sjkim#if 0 /* This should never be done, since it 2169280297Sjkim * removes a global database */ 2170280297Sjkim if (a->comp_methods != NULL) 2171280297Sjkim sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free); 2172109998Smarkm#else 2173280297Sjkim a->comp_methods = NULL; 2174109998Smarkm#endif 2175238405Sjkim 2176246772Sjkim#ifndef OPENSSL_NO_SRTP 2177280297Sjkim if (a->srtp_profiles) 2178280297Sjkim sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); 2179246772Sjkim#endif 2180238405Sjkim 2181238405Sjkim#ifndef OPENSSL_NO_PSK 2182280297Sjkim if (a->psk_identity_hint) 2183280297Sjkim OPENSSL_free(a->psk_identity_hint); 2184238405Sjkim#endif 2185238405Sjkim#ifndef OPENSSL_NO_SRP 2186280297Sjkim SSL_CTX_SRP_CTX_free(a); 2187238405Sjkim#endif 2188194206Ssimon#ifndef OPENSSL_NO_ENGINE 2189280297Sjkim if (a->client_cert_engine) 2190280297Sjkim ENGINE_finish(a->client_cert_engine); 2191194206Ssimon#endif 2192238405Sjkim 2193238405Sjkim#ifndef OPENSSL_NO_BUF_FREELISTS 2194280297Sjkim if (a->wbuf_freelist) 2195280297Sjkim ssl_buf_freelist_free(a->wbuf_freelist); 2196280297Sjkim if (a->rbuf_freelist) 2197280297Sjkim ssl_buf_freelist_free(a->rbuf_freelist); 2198238405Sjkim#endif 2199290207Sjkim#ifndef OPENSSL_NO_TLSEXT 2200290207Sjkim# ifndef OPENSSL_NO_EC 2201290207Sjkim if (a->tlsext_ecpointformatlist) 2202290207Sjkim OPENSSL_free(a->tlsext_ecpointformatlist); 2203290207Sjkim if (a->tlsext_ellipticcurvelist) 2204290207Sjkim OPENSSL_free(a->tlsext_ellipticcurvelist); 2205290207Sjkim# endif /* OPENSSL_NO_EC */ 2206290207Sjkim if (a->alpn_client_proto_list != NULL) 2207290207Sjkim OPENSSL_free(a->alpn_client_proto_list); 2208290207Sjkim#endif 2209238405Sjkim 2210280297Sjkim OPENSSL_free(a); 2211280297Sjkim} 221255714Skris 221355714Skrisvoid SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) 2214280297Sjkim{ 2215280297Sjkim ctx->default_passwd_callback = cb; 2216280297Sjkim} 221755714Skris 2218280297Sjkimvoid SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 2219280297Sjkim{ 2220280297Sjkim ctx->default_passwd_callback_userdata = u; 2221280297Sjkim} 222255714Skris 2223280297Sjkimvoid SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 2224280297Sjkim int (*cb) (X509_STORE_CTX *, void *), 2225280297Sjkim void *arg) 2226280297Sjkim{ 2227280297Sjkim ctx->app_verify_callback = cb; 2228280297Sjkim ctx->app_verify_arg = arg; 2229280297Sjkim} 223055714Skris 2231280297Sjkimvoid SSL_CTX_set_verify(SSL_CTX *ctx, int mode, 2232280297Sjkim int (*cb) (int, X509_STORE_CTX *)) 2233280297Sjkim{ 2234280297Sjkim ctx->verify_mode = mode; 2235280297Sjkim ctx->default_verify_callback = cb; 2236280297Sjkim} 223755714Skris 2238280297Sjkimvoid SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) 2239280297Sjkim{ 2240280297Sjkim X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2241280297Sjkim} 224255714Skris 2243290207Sjkimvoid SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), 2244290207Sjkim void *arg) 2245290207Sjkim{ 2246290207Sjkim ssl_cert_set_cert_cb(c->cert, cb, arg); 2247290207Sjkim} 2248290207Sjkim 2249290207Sjkimvoid SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) 2250290207Sjkim{ 2251290207Sjkim ssl_cert_set_cert_cb(s->cert, cb, arg); 2252290207Sjkim} 2253290207Sjkim 2254238405Sjkimvoid ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) 2255280297Sjkim{ 2256280297Sjkim CERT_PKEY *cpk; 2257280297Sjkim int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; 2258280297Sjkim int rsa_enc_export, dh_rsa_export, dh_dsa_export; 2259280297Sjkim int rsa_tmp_export, dh_tmp_export, kl; 2260280297Sjkim unsigned long mask_k, mask_a, emask_k, emask_a; 2261280297Sjkim#ifndef OPENSSL_NO_ECDSA 2262340704Sjkim int have_ecc_cert, ecdsa_ok; 2263280297Sjkim#endif 2264160814Ssimon#ifndef OPENSSL_NO_ECDH 2265340704Sjkim int have_ecdh_tmp, ecdh_ok, ecc_pkey_size; 2266160814Ssimon#endif 2267280297Sjkim#ifndef OPENSSL_NO_EC 2268280297Sjkim X509 *x = NULL; 2269280297Sjkim EVP_PKEY *ecc_pkey = NULL; 2270280297Sjkim int signature_nid = 0, pk_nid = 0, md_nid = 0; 2271280297Sjkim#endif 2272280297Sjkim if (c == NULL) 2273280297Sjkim return; 227455714Skris 2275280297Sjkim kl = SSL_C_EXPORT_PKEYLENGTH(cipher); 227655714Skris 2277109998Smarkm#ifndef OPENSSL_NO_RSA 2278280297Sjkim rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); 2279280297Sjkim rsa_tmp_export = (c->rsa_tmp_cb != NULL || 2280280297Sjkim (rsa_tmp && RSA_size(c->rsa_tmp) * 8 <= kl)); 228155714Skris#else 2282280297Sjkim rsa_tmp = rsa_tmp_export = 0; 228355714Skris#endif 2284109998Smarkm#ifndef OPENSSL_NO_DH 2285280297Sjkim dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); 2286280297Sjkim dh_tmp_export = (c->dh_tmp_cb != NULL || 2287280297Sjkim (dh_tmp && DH_size(c->dh_tmp) * 8 <= kl)); 228855714Skris#else 2289280297Sjkim dh_tmp = dh_tmp_export = 0; 229055714Skris#endif 229155714Skris 2292160814Ssimon#ifndef OPENSSL_NO_ECDH 2293290207Sjkim have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto); 2294160814Ssimon#endif 2295280297Sjkim cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); 2296290207Sjkim rsa_enc = cpk->valid_flags & CERT_PKEY_VALID; 2297280297Sjkim rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); 2298280297Sjkim cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); 2299290207Sjkim rsa_sign = cpk->valid_flags & CERT_PKEY_SIGN; 2300280297Sjkim cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); 2301290207Sjkim dsa_sign = cpk->valid_flags & CERT_PKEY_SIGN; 2302280297Sjkim cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); 2303290207Sjkim dh_rsa = cpk->valid_flags & CERT_PKEY_VALID; 2304280297Sjkim dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); 2305280297Sjkim cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); 230655714Skris/* FIX THIS EAY EAY EAY */ 2307290207Sjkim dh_dsa = cpk->valid_flags & CERT_PKEY_VALID; 2308280297Sjkim dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); 2309280297Sjkim cpk = &(c->pkeys[SSL_PKEY_ECC]); 2310280297Sjkim#ifndef OPENSSL_NO_EC 2311290207Sjkim have_ecc_cert = cpk->valid_flags & CERT_PKEY_VALID; 2312280297Sjkim#endif 2313280297Sjkim mask_k = 0; 2314280297Sjkim mask_a = 0; 2315280297Sjkim emask_k = 0; 2316280297Sjkim emask_a = 0; 231755714Skris 231855714Skris#ifdef CIPHER_DEBUG 2319280297Sjkim fprintf(stderr, 2320280297Sjkim "rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", 2321280297Sjkim rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, rsa_enc, 2322280297Sjkim rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); 232355714Skris#endif 232455714Skris 2325280297Sjkim cpk = &(c->pkeys[SSL_PKEY_GOST01]); 2326280297Sjkim if (cpk->x509 != NULL && cpk->privatekey != NULL) { 2327280297Sjkim mask_k |= SSL_kGOST; 2328280297Sjkim mask_a |= SSL_aGOST01; 2329280297Sjkim } 2330280297Sjkim cpk = &(c->pkeys[SSL_PKEY_GOST94]); 2331280297Sjkim if (cpk->x509 != NULL && cpk->privatekey != NULL) { 2332280297Sjkim mask_k |= SSL_kGOST; 2333280297Sjkim mask_a |= SSL_aGOST94; 2334280297Sjkim } 233555714Skris 2336280297Sjkim if (rsa_enc || (rsa_tmp && rsa_sign)) 2337280297Sjkim mask_k |= SSL_kRSA; 2338280297Sjkim if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) 2339280297Sjkim emask_k |= SSL_kRSA; 2340280297Sjkim 234155714Skris#if 0 2342280297Sjkim /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ 2343280297Sjkim if ((dh_tmp || dh_rsa || dh_dsa) && (rsa_enc || rsa_sign || dsa_sign)) 2344280297Sjkim mask_k |= SSL_kEDH; 2345280297Sjkim if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && 2346280297Sjkim (rsa_enc || rsa_sign || dsa_sign)) 2347280297Sjkim emask_k |= SSL_kEDH; 234855714Skris#endif 234955714Skris 2350280297Sjkim if (dh_tmp_export) 2351280297Sjkim emask_k |= SSL_kEDH; 235255714Skris 2353280297Sjkim if (dh_tmp) 2354280297Sjkim mask_k |= SSL_kEDH; 235555714Skris 2356280297Sjkim if (dh_rsa) 2357280297Sjkim mask_k |= SSL_kDHr; 2358280297Sjkim if (dh_rsa_export) 2359280297Sjkim emask_k |= SSL_kDHr; 236055714Skris 2361280297Sjkim if (dh_dsa) 2362280297Sjkim mask_k |= SSL_kDHd; 2363280297Sjkim if (dh_dsa_export) 2364280297Sjkim emask_k |= SSL_kDHd; 236555714Skris 2366290207Sjkim if (mask_k & (SSL_kDHr | SSL_kDHd)) 2367290207Sjkim mask_a |= SSL_aDH; 2368290207Sjkim 2369280297Sjkim if (rsa_enc || rsa_sign) { 2370280297Sjkim mask_a |= SSL_aRSA; 2371280297Sjkim emask_a |= SSL_aRSA; 2372280297Sjkim } 237355714Skris 2374280297Sjkim if (dsa_sign) { 2375280297Sjkim mask_a |= SSL_aDSS; 2376280297Sjkim emask_a |= SSL_aDSS; 2377280297Sjkim } 237855714Skris 2379280297Sjkim mask_a |= SSL_aNULL; 2380280297Sjkim emask_a |= SSL_aNULL; 238155714Skris 2382109998Smarkm#ifndef OPENSSL_NO_KRB5 2383280297Sjkim mask_k |= SSL_kKRB5; 2384280297Sjkim mask_a |= SSL_aKRB5; 2385280297Sjkim emask_k |= SSL_kKRB5; 2386280297Sjkim emask_a |= SSL_aKRB5; 2387109998Smarkm#endif 2388109998Smarkm 2389280297Sjkim /* 2390280297Sjkim * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites 2391280297Sjkim * depending on the key usage extension. 2392280297Sjkim */ 2393280297Sjkim#ifndef OPENSSL_NO_EC 2394280297Sjkim if (have_ecc_cert) { 2395290207Sjkim cpk = &c->pkeys[SSL_PKEY_ECC]; 2396290207Sjkim x = cpk->x509; 2397280297Sjkim /* This call populates extension flags (ex_flags) */ 2398280297Sjkim X509_check_purpose(x, -1, 0); 2399290207Sjkim# ifndef OPENSSL_NO_ECDH 2400280297Sjkim ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2401280297Sjkim (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; 2402290207Sjkim# endif 2403280297Sjkim ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2404280297Sjkim (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; 2405290207Sjkim if (!(cpk->valid_flags & CERT_PKEY_SIGN)) 2406290207Sjkim ecdsa_ok = 0; 2407280297Sjkim ecc_pkey = X509_get_pubkey(x); 2408340704Sjkim# ifndef OPENSSL_NO_ECDH 2409280297Sjkim ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0; 2410340704Sjkim# endif 2411280297Sjkim EVP_PKEY_free(ecc_pkey); 2412280297Sjkim if ((x->sig_alg) && (x->sig_alg->algorithm)) { 2413280297Sjkim signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2414280297Sjkim OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2415280297Sjkim } 2416290207Sjkim# ifndef OPENSSL_NO_ECDH 2417280297Sjkim if (ecdh_ok) { 2418238405Sjkim 2419280297Sjkim if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { 2420280297Sjkim mask_k |= SSL_kECDHr; 2421280297Sjkim mask_a |= SSL_aECDH; 2422280297Sjkim if (ecc_pkey_size <= 163) { 2423280297Sjkim emask_k |= SSL_kECDHr; 2424280297Sjkim emask_a |= SSL_aECDH; 2425280297Sjkim } 2426280297Sjkim } 2427238405Sjkim 2428280297Sjkim if (pk_nid == NID_X9_62_id_ecPublicKey) { 2429280297Sjkim mask_k |= SSL_kECDHe; 2430280297Sjkim mask_a |= SSL_aECDH; 2431280297Sjkim if (ecc_pkey_size <= 163) { 2432280297Sjkim emask_k |= SSL_kECDHe; 2433280297Sjkim emask_a |= SSL_aECDH; 2434280297Sjkim } 2435280297Sjkim } 2436280297Sjkim } 2437290207Sjkim# endif 2438290207Sjkim# ifndef OPENSSL_NO_ECDSA 2439280297Sjkim if (ecdsa_ok) { 2440280297Sjkim mask_a |= SSL_aECDSA; 2441280297Sjkim emask_a |= SSL_aECDSA; 2442280297Sjkim } 2443290207Sjkim# endif 2444280297Sjkim } 2445280297Sjkim#endif 2446290207Sjkim 2447160814Ssimon#ifndef OPENSSL_NO_ECDH 2448280297Sjkim if (have_ecdh_tmp) { 2449280297Sjkim mask_k |= SSL_kEECDH; 2450280297Sjkim emask_k |= SSL_kEECDH; 2451280297Sjkim } 2452160814Ssimon#endif 2453238405Sjkim 2454238405Sjkim#ifndef OPENSSL_NO_PSK 2455280297Sjkim mask_k |= SSL_kPSK; 2456280297Sjkim mask_a |= SSL_aPSK; 2457280297Sjkim emask_k |= SSL_kPSK; 2458280297Sjkim emask_a |= SSL_aPSK; 2459238405Sjkim#endif 2460238405Sjkim 2461280297Sjkim c->mask_k = mask_k; 2462280297Sjkim c->mask_a = mask_a; 2463280297Sjkim c->export_mask_k = emask_k; 2464280297Sjkim c->export_mask_a = emask_a; 2465280297Sjkim c->valid = 1; 2466280297Sjkim} 246755714Skris 2468160814Ssimon/* This handy macro borrowed from crypto/x509v3/v3_purp.c */ 2469160814Ssimon#define ku_reject(x, usage) \ 2470280297Sjkim (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) 2471160814Ssimon 2472340704Sjkim#ifndef OPENSSL_NO_ECDH 2473238405Sjkim 2474238405Sjkimint ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 2475280297Sjkim{ 2476280297Sjkim unsigned long alg_k, alg_a; 2477280297Sjkim EVP_PKEY *pkey = NULL; 2478280297Sjkim int keysize = 0; 2479280297Sjkim int signature_nid = 0, md_nid = 0, pk_nid = 0; 2480280297Sjkim const SSL_CIPHER *cs = s->s3->tmp.new_cipher; 2481160814Ssimon 2482280297Sjkim alg_k = cs->algorithm_mkey; 2483280297Sjkim alg_a = cs->algorithm_auth; 2484238405Sjkim 2485280297Sjkim if (SSL_C_IS_EXPORT(cs)) { 2486280297Sjkim /* ECDH key length in export ciphers must be <= 163 bits */ 2487280297Sjkim pkey = X509_get_pubkey(x); 2488280297Sjkim if (pkey == NULL) 2489280297Sjkim return 0; 2490280297Sjkim keysize = EVP_PKEY_bits(pkey); 2491280297Sjkim EVP_PKEY_free(pkey); 2492280297Sjkim if (keysize > 163) 2493280297Sjkim return 0; 2494280297Sjkim } 2495160814Ssimon 2496280297Sjkim /* This call populates the ex_flags field correctly */ 2497280297Sjkim X509_check_purpose(x, -1, 0); 2498280297Sjkim if ((x->sig_alg) && (x->sig_alg->algorithm)) { 2499280297Sjkim signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2500280297Sjkim OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2501280297Sjkim } 2502280297Sjkim if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { 2503280297Sjkim /* key usage, if present, must allow key agreement */ 2504280297Sjkim if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { 2505280297Sjkim SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 2506280297Sjkim SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); 2507280297Sjkim return 0; 2508280297Sjkim } 2509280297Sjkim if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { 2510280297Sjkim /* signature alg must be ECDSA */ 2511280297Sjkim if (pk_nid != NID_X9_62_id_ecPublicKey) { 2512280297Sjkim SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 2513280297Sjkim SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); 2514280297Sjkim return 0; 2515280297Sjkim } 2516280297Sjkim } 2517280297Sjkim if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { 2518280297Sjkim /* signature alg must be RSA */ 2519238405Sjkim 2520280297Sjkim if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { 2521280297Sjkim SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 2522280297Sjkim SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); 2523280297Sjkim return 0; 2524280297Sjkim } 2525280297Sjkim } 2526280297Sjkim } 2527280297Sjkim if (alg_a & SSL_aECDSA) { 2528280297Sjkim /* key usage, if present, must allow signing */ 2529280297Sjkim if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { 2530280297Sjkim SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 2531280297Sjkim SSL_R_ECC_CERT_NOT_FOR_SIGNING); 2532280297Sjkim return 0; 2533280297Sjkim } 2534280297Sjkim } 2535160814Ssimon 2536280297Sjkim return 1; /* all checks are ok */ 2537280297Sjkim} 2538160814Ssimon 2539238405Sjkim#endif 2540238405Sjkim 2541290207Sjkimstatic int ssl_get_server_cert_index(const SSL *s) 2542290207Sjkim{ 2543290207Sjkim int idx; 2544290207Sjkim idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); 2545290207Sjkim if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509) 2546290207Sjkim idx = SSL_PKEY_RSA_SIGN; 2547290207Sjkim if (idx == -1) 2548290207Sjkim SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX, ERR_R_INTERNAL_ERROR); 2549290207Sjkim return idx; 2550290207Sjkim} 2551290207Sjkim 2552246772SjkimCERT_PKEY *ssl_get_server_send_pkey(const SSL *s) 2553280297Sjkim{ 2554280297Sjkim CERT *c; 2555280297Sjkim int i; 255655714Skris 2557280297Sjkim c = s->cert; 2558290207Sjkim if (!s->s3 || !s->s3->tmp.new_cipher) 2559290207Sjkim return NULL; 2560280297Sjkim ssl_set_cert_masks(c, s->s3->tmp.new_cipher); 256155714Skris 2562290207Sjkim#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL 2563290207Sjkim /* 2564290207Sjkim * Broken protocol test: return last used certificate: which may mismatch 2565290207Sjkim * the one expected. 2566290207Sjkim */ 2567290207Sjkim if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) 2568290207Sjkim return c->key; 2569290207Sjkim#endif 2570160814Ssimon 2571290207Sjkim i = ssl_get_server_cert_index(s); 257255714Skris 2573290207Sjkim /* This may or may not be an error. */ 2574290207Sjkim if (i < 0) 2575290207Sjkim return NULL; 2576280297Sjkim 2577290207Sjkim /* May be NULL. */ 2578290207Sjkim return &c->pkeys[i]; 2579280297Sjkim} 2580280297Sjkim 2581280297SjkimEVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, 2582280297Sjkim const EVP_MD **pmd) 2583280297Sjkim{ 2584280297Sjkim unsigned long alg_a; 2585280297Sjkim CERT *c; 2586280297Sjkim int idx = -1; 258755714Skris 2588280297Sjkim alg_a = cipher->algorithm_auth; 2589280297Sjkim c = s->cert; 259055714Skris 2591290207Sjkim#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL 2592290207Sjkim /* 2593290207Sjkim * Broken protocol test: use last key: which may mismatch the one 2594290207Sjkim * expected. 2595290207Sjkim */ 2596290207Sjkim if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) 2597290207Sjkim idx = c->key - c->pkeys; 2598290207Sjkim else 2599290207Sjkim#endif 2600290207Sjkim 2601280297Sjkim if ((alg_a & SSL_aDSS) && 2602290207Sjkim (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) 2603280297Sjkim idx = SSL_PKEY_DSA_SIGN; 2604280297Sjkim else if (alg_a & SSL_aRSA) { 2605280297Sjkim if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) 2606280297Sjkim idx = SSL_PKEY_RSA_SIGN; 2607280297Sjkim else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) 2608280297Sjkim idx = SSL_PKEY_RSA_ENC; 2609280297Sjkim } else if ((alg_a & SSL_aECDSA) && 2610280297Sjkim (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) 2611280297Sjkim idx = SSL_PKEY_ECC; 2612280297Sjkim if (idx == -1) { 2613280297Sjkim SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); 2614280297Sjkim return (NULL); 2615280297Sjkim } 2616280297Sjkim if (pmd) 2617280297Sjkim *pmd = c->pkeys[idx].digest; 2618280297Sjkim return c->pkeys[idx].privatekey; 2619280297Sjkim} 262055714Skris 2621290207Sjkim#ifndef OPENSSL_NO_TLSEXT 2622290207Sjkimint ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, 2623290207Sjkim size_t *serverinfo_length) 2624290207Sjkim{ 2625290207Sjkim CERT *c = NULL; 2626290207Sjkim int i = 0; 2627290207Sjkim *serverinfo_length = 0; 2628290207Sjkim 2629290207Sjkim c = s->cert; 2630290207Sjkim i = ssl_get_server_cert_index(s); 2631290207Sjkim 2632290207Sjkim if (i == -1) 2633290207Sjkim return 0; 2634290207Sjkim if (c->pkeys[i].serverinfo == NULL) 2635290207Sjkim return 0; 2636290207Sjkim 2637290207Sjkim *serverinfo = c->pkeys[i].serverinfo; 2638290207Sjkim *serverinfo_length = c->pkeys[i].serverinfo_length; 2639290207Sjkim return 1; 2640290207Sjkim} 2641290207Sjkim#endif 2642290207Sjkim 2643280297Sjkimvoid ssl_update_cache(SSL *s, int mode) 2644280297Sjkim{ 2645280297Sjkim int i; 264655714Skris 2647280297Sjkim /* 2648280297Sjkim * If the session_id_length is 0, we are not supposed to cache it, and it 2649280297Sjkim * would be rather hard to do anyway :-) 2650280297Sjkim */ 2651280297Sjkim if (s->session->session_id_length == 0) 2652280297Sjkim return; 265355714Skris 2654280297Sjkim i = s->session_ctx->session_cache_mode; 2655280297Sjkim if ((i & mode) && (!s->hit) 2656280297Sjkim && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) 2657280297Sjkim || SSL_CTX_add_session(s->session_ctx, s->session)) 2658280297Sjkim && (s->session_ctx->new_session_cb != NULL)) { 2659280297Sjkim CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); 2660280297Sjkim if (!s->session_ctx->new_session_cb(s, s->session)) 2661280297Sjkim SSL_SESSION_free(s->session); 2662280297Sjkim } 266355714Skris 2664280297Sjkim /* auto flush every 255 connections */ 2665280297Sjkim if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { 2666280297Sjkim if ((((mode & SSL_SESS_CACHE_CLIENT) 2667280297Sjkim ? s->session_ctx->stats.sess_connect_good 2668280297Sjkim : s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { 2669280297Sjkim SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL)); 2670280297Sjkim } 2671280297Sjkim } 2672280297Sjkim} 267355714Skris 2674290207Sjkimconst SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) 2675290207Sjkim{ 2676290207Sjkim return ctx->method; 2677290207Sjkim} 2678290207Sjkim 2679238405Sjkimconst SSL_METHOD *SSL_get_ssl_method(SSL *s) 2680280297Sjkim{ 2681280297Sjkim return (s->method); 2682280297Sjkim} 268355714Skris 2684238405Sjkimint SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) 2685280297Sjkim{ 2686280297Sjkim int conn = -1; 2687280297Sjkim int ret = 1; 268855714Skris 2689280297Sjkim if (s->method != meth) { 2690280297Sjkim if (s->handshake_func != NULL) 2691280297Sjkim conn = (s->handshake_func == s->method->ssl_connect); 269255714Skris 2693280297Sjkim if (s->method->version == meth->version) 2694280297Sjkim s->method = meth; 2695280297Sjkim else { 2696280297Sjkim s->method->ssl_free(s); 2697280297Sjkim s->method = meth; 2698280297Sjkim ret = s->method->ssl_new(s); 2699280297Sjkim } 270055714Skris 2701280297Sjkim if (conn == 1) 2702280297Sjkim s->handshake_func = meth->ssl_connect; 2703280297Sjkim else if (conn == 0) 2704280297Sjkim s->handshake_func = meth->ssl_accept; 2705280297Sjkim } 2706280297Sjkim return (ret); 2707280297Sjkim} 270855714Skris 2709280297Sjkimint SSL_get_error(const SSL *s, int i) 2710280297Sjkim{ 2711280297Sjkim int reason; 2712280297Sjkim unsigned long l; 2713280297Sjkim BIO *bio; 271455714Skris 2715280297Sjkim if (i > 0) 2716280297Sjkim return (SSL_ERROR_NONE); 271755714Skris 2718280297Sjkim /* 2719280297Sjkim * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc, 2720280297Sjkim * where we do encode the error 2721280297Sjkim */ 2722280297Sjkim if ((l = ERR_peek_error()) != 0) { 2723280297Sjkim if (ERR_GET_LIB(l) == ERR_LIB_SYS) 2724280297Sjkim return (SSL_ERROR_SYSCALL); 2725280297Sjkim else 2726280297Sjkim return (SSL_ERROR_SSL); 2727280297Sjkim } 272855714Skris 2729280297Sjkim if ((i < 0) && SSL_want_read(s)) { 2730280297Sjkim bio = SSL_get_rbio(s); 2731280297Sjkim if (BIO_should_read(bio)) 2732280297Sjkim return (SSL_ERROR_WANT_READ); 2733280297Sjkim else if (BIO_should_write(bio)) 2734280297Sjkim /* 2735280297Sjkim * This one doesn't make too much sense ... We never try to write 2736280297Sjkim * to the rbio, and an application program where rbio and wbio 2737280297Sjkim * are separate couldn't even know what it should wait for. 2738280297Sjkim * However if we ever set s->rwstate incorrectly (so that we have 2739280297Sjkim * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and 2740280297Sjkim * wbio *are* the same, this test works around that bug; so it 2741280297Sjkim * might be safer to keep it. 2742280297Sjkim */ 2743280297Sjkim return (SSL_ERROR_WANT_WRITE); 2744280297Sjkim else if (BIO_should_io_special(bio)) { 2745280297Sjkim reason = BIO_get_retry_reason(bio); 2746280297Sjkim if (reason == BIO_RR_CONNECT) 2747280297Sjkim return (SSL_ERROR_WANT_CONNECT); 2748280297Sjkim else if (reason == BIO_RR_ACCEPT) 2749280297Sjkim return (SSL_ERROR_WANT_ACCEPT); 2750280297Sjkim else 2751280297Sjkim return (SSL_ERROR_SYSCALL); /* unknown */ 2752280297Sjkim } 2753280297Sjkim } 275455714Skris 2755280297Sjkim if ((i < 0) && SSL_want_write(s)) { 2756280297Sjkim bio = SSL_get_wbio(s); 2757280297Sjkim if (BIO_should_write(bio)) 2758280297Sjkim return (SSL_ERROR_WANT_WRITE); 2759280297Sjkim else if (BIO_should_read(bio)) 2760280297Sjkim /* 2761280297Sjkim * See above (SSL_want_read(s) with BIO_should_write(bio)) 2762280297Sjkim */ 2763280297Sjkim return (SSL_ERROR_WANT_READ); 2764280297Sjkim else if (BIO_should_io_special(bio)) { 2765280297Sjkim reason = BIO_get_retry_reason(bio); 2766280297Sjkim if (reason == BIO_RR_CONNECT) 2767280297Sjkim return (SSL_ERROR_WANT_CONNECT); 2768280297Sjkim else if (reason == BIO_RR_ACCEPT) 2769280297Sjkim return (SSL_ERROR_WANT_ACCEPT); 2770280297Sjkim else 2771280297Sjkim return (SSL_ERROR_SYSCALL); 2772280297Sjkim } 2773280297Sjkim } 2774280297Sjkim if ((i < 0) && SSL_want_x509_lookup(s)) { 2775280297Sjkim return (SSL_ERROR_WANT_X509_LOOKUP); 2776280297Sjkim } 277755714Skris 2778280297Sjkim if (i == 0) { 2779280297Sjkim if (s->version == SSL2_VERSION) { 2780280297Sjkim /* assume it is the socket being closed */ 2781280297Sjkim return (SSL_ERROR_ZERO_RETURN); 2782280297Sjkim } else { 2783280297Sjkim if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && 2784280297Sjkim (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) 2785280297Sjkim return (SSL_ERROR_ZERO_RETURN); 2786280297Sjkim } 2787280297Sjkim } 2788280297Sjkim return (SSL_ERROR_SYSCALL); 2789280297Sjkim} 279055714Skris 279155714Skrisint SSL_do_handshake(SSL *s) 2792280297Sjkim{ 2793280297Sjkim int ret = 1; 279455714Skris 2795280297Sjkim if (s->handshake_func == NULL) { 2796280297Sjkim SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); 2797280297Sjkim return (-1); 2798280297Sjkim } 279955714Skris 2800280297Sjkim s->method->ssl_renegotiate_check(s); 280155714Skris 2802280297Sjkim if (SSL_in_init(s) || SSL_in_before(s)) { 2803280297Sjkim ret = s->handshake_func(s); 2804280297Sjkim } 2805280297Sjkim return (ret); 2806280297Sjkim} 280755714Skris 2808280297Sjkim/* 2809280297Sjkim * For the next 2 functions, SSL_clear() sets shutdown and so one of these 2810280297Sjkim * calls will reset it 2811280297Sjkim */ 281255714Skrisvoid SSL_set_accept_state(SSL *s) 2813280297Sjkim{ 2814280297Sjkim s->server = 1; 2815280297Sjkim s->shutdown = 0; 2816280297Sjkim s->state = SSL_ST_ACCEPT | SSL_ST_BEFORE; 2817280297Sjkim s->handshake_func = s->method->ssl_accept; 2818280297Sjkim /* clear the current cipher */ 2819280297Sjkim ssl_clear_cipher_ctx(s); 2820280297Sjkim ssl_clear_hash_ctx(&s->read_hash); 2821280297Sjkim ssl_clear_hash_ctx(&s->write_hash); 2822280297Sjkim} 282355714Skris 282455714Skrisvoid SSL_set_connect_state(SSL *s) 2825280297Sjkim{ 2826280297Sjkim s->server = 0; 2827280297Sjkim s->shutdown = 0; 2828280297Sjkim s->state = SSL_ST_CONNECT | SSL_ST_BEFORE; 2829280297Sjkim s->handshake_func = s->method->ssl_connect; 2830280297Sjkim /* clear the current cipher */ 2831280297Sjkim ssl_clear_cipher_ctx(s); 2832280297Sjkim ssl_clear_hash_ctx(&s->read_hash); 2833280297Sjkim ssl_clear_hash_ctx(&s->write_hash); 2834280297Sjkim} 283555714Skris 283655714Skrisint ssl_undefined_function(SSL *s) 2837280297Sjkim{ 2838280297Sjkim SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2839280297Sjkim return (0); 2840280297Sjkim} 284155714Skris 2842160814Ssimonint ssl_undefined_void_function(void) 2843280297Sjkim{ 2844280297Sjkim SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, 2845280297Sjkim ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2846280297Sjkim return (0); 2847280297Sjkim} 2848160814Ssimon 2849160814Ssimonint ssl_undefined_const_function(const SSL *s) 2850280297Sjkim{ 2851280297Sjkim SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, 2852280297Sjkim ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2853280297Sjkim return (0); 2854280297Sjkim} 2855160814Ssimon 285655714SkrisSSL_METHOD *ssl_bad_method(int ver) 2857280297Sjkim{ 2858280297Sjkim SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2859280297Sjkim return (NULL); 2860280297Sjkim} 286155714Skris 2862160814Ssimonconst char *SSL_get_version(const SSL *s) 2863280297Sjkim{ 2864280297Sjkim if (s->version == TLS1_2_VERSION) 2865280297Sjkim return ("TLSv1.2"); 2866280297Sjkim else if (s->version == TLS1_1_VERSION) 2867280297Sjkim return ("TLSv1.1"); 2868280297Sjkim else if (s->version == TLS1_VERSION) 2869280297Sjkim return ("TLSv1"); 2870280297Sjkim else if (s->version == SSL3_VERSION) 2871280297Sjkim return ("SSLv3"); 2872280297Sjkim else if (s->version == SSL2_VERSION) 2873280297Sjkim return ("SSLv2"); 2874290207Sjkim else if (s->version == DTLS1_BAD_VER) 2875290207Sjkim return ("DTLSv0.9"); 2876290207Sjkim else if (s->version == DTLS1_VERSION) 2877290207Sjkim return ("DTLSv1"); 2878290207Sjkim else if (s->version == DTLS1_2_VERSION) 2879290207Sjkim return ("DTLSv1.2"); 2880280297Sjkim else 2881280297Sjkim return ("unknown"); 2882280297Sjkim} 288355714Skris 288455714SkrisSSL *SSL_dup(SSL *s) 2885280297Sjkim{ 2886280297Sjkim STACK_OF(X509_NAME) *sk; 2887280297Sjkim X509_NAME *xn; 2888280297Sjkim SSL *ret; 2889280297Sjkim int i; 2890109998Smarkm 2891280297Sjkim if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) 2892280297Sjkim return (NULL); 2893109998Smarkm 2894280297Sjkim ret->version = s->version; 2895280297Sjkim ret->type = s->type; 2896280297Sjkim ret->method = s->method; 289755714Skris 2898280297Sjkim if (s->session != NULL) { 2899280297Sjkim /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ 2900280297Sjkim SSL_copy_session_id(ret, s); 2901280297Sjkim } else { 2902280297Sjkim /* 2903280297Sjkim * No session has been established yet, so we have to expect that 2904280297Sjkim * s->cert or ret->cert will be changed later -- they should not both 2905280297Sjkim * point to the same object, and thus we can't use 2906280297Sjkim * SSL_copy_session_id. 2907280297Sjkim */ 290855714Skris 2909280297Sjkim ret->method->ssl_free(ret); 2910280297Sjkim ret->method = s->method; 2911280297Sjkim ret->method->ssl_new(ret); 291255714Skris 2913280297Sjkim if (s->cert != NULL) { 2914280297Sjkim if (ret->cert != NULL) { 2915280297Sjkim ssl_cert_free(ret->cert); 2916280297Sjkim } 2917280297Sjkim ret->cert = ssl_cert_dup(s->cert); 2918280297Sjkim if (ret->cert == NULL) 2919280297Sjkim goto err; 2920280297Sjkim } 292155714Skris 2922280297Sjkim SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length); 2923280297Sjkim } 292455714Skris 2925280297Sjkim ret->options = s->options; 2926280297Sjkim ret->mode = s->mode; 2927280297Sjkim SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); 2928280297Sjkim SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); 2929280297Sjkim ret->msg_callback = s->msg_callback; 2930280297Sjkim ret->msg_callback_arg = s->msg_callback_arg; 2931280297Sjkim SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s)); 2932280297Sjkim SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); 2933280297Sjkim ret->generate_session_id = s->generate_session_id; 293455714Skris 2935280297Sjkim SSL_set_info_callback(ret, SSL_get_info_callback(s)); 293655714Skris 2937280297Sjkim ret->debug = s->debug; 2938160814Ssimon 2939280297Sjkim /* copy app data, a little dangerous perhaps */ 2940280297Sjkim if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) 2941280297Sjkim goto err; 294255714Skris 2943280297Sjkim /* setup rbio, and wbio */ 2944280297Sjkim if (s->rbio != NULL) { 2945280297Sjkim if (!BIO_dup_state(s->rbio, (char *)&ret->rbio)) 2946280297Sjkim goto err; 2947280297Sjkim } 2948280297Sjkim if (s->wbio != NULL) { 2949280297Sjkim if (s->wbio != s->rbio) { 2950280297Sjkim if (!BIO_dup_state(s->wbio, (char *)&ret->wbio)) 2951280297Sjkim goto err; 2952280297Sjkim } else 2953280297Sjkim ret->wbio = ret->rbio; 2954280297Sjkim } 2955280297Sjkim ret->rwstate = s->rwstate; 2956280297Sjkim ret->in_handshake = s->in_handshake; 2957280297Sjkim ret->handshake_func = s->handshake_func; 2958280297Sjkim ret->server = s->server; 2959280297Sjkim ret->renegotiate = s->renegotiate; 2960280297Sjkim ret->new_session = s->new_session; 2961280297Sjkim ret->quiet_shutdown = s->quiet_shutdown; 2962280297Sjkim ret->shutdown = s->shutdown; 2963280297Sjkim ret->state = s->state; /* SSL_dup does not really work at any state, 2964280297Sjkim * though */ 2965280297Sjkim ret->rstate = s->rstate; 2966280297Sjkim ret->init_num = 0; /* would have to copy ret->init_buf, 2967280297Sjkim * ret->init_msg, ret->init_num, 2968280297Sjkim * ret->init_off */ 2969280297Sjkim ret->hit = s->hit; 297055714Skris 2971280297Sjkim X509_VERIFY_PARAM_inherit(ret->param, s->param); 297255714Skris 2973280297Sjkim /* dup the cipher_list and cipher_list_by_id stacks */ 2974280297Sjkim if (s->cipher_list != NULL) { 2975280297Sjkim if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) 2976280297Sjkim goto err; 2977280297Sjkim } 2978280297Sjkim if (s->cipher_list_by_id != NULL) 2979280297Sjkim if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) 2980280297Sjkim == NULL) 2981280297Sjkim goto err; 2982280297Sjkim 2983280297Sjkim /* Dup the client_CA list */ 2984280297Sjkim if (s->client_CA != NULL) { 2985280297Sjkim if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) 2986280297Sjkim goto err; 2987280297Sjkim ret->client_CA = sk; 2988280297Sjkim for (i = 0; i < sk_X509_NAME_num(sk); i++) { 2989280297Sjkim xn = sk_X509_NAME_value(sk, i); 2990280297Sjkim if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { 2991280297Sjkim X509_NAME_free(xn); 2992280297Sjkim goto err; 2993280297Sjkim } 2994280297Sjkim } 2995280297Sjkim } 2996280297Sjkim 2997280297Sjkim if (0) { 2998280297Sjkim err: 2999280297Sjkim if (ret != NULL) 3000280297Sjkim SSL_free(ret); 3001280297Sjkim ret = NULL; 3002280297Sjkim } 3003280297Sjkim return (ret); 3004280297Sjkim} 3005280297Sjkim 300655714Skrisvoid ssl_clear_cipher_ctx(SSL *s) 3007280297Sjkim{ 3008280297Sjkim if (s->enc_read_ctx != NULL) { 3009280297Sjkim EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); 3010280297Sjkim OPENSSL_free(s->enc_read_ctx); 3011280297Sjkim s->enc_read_ctx = NULL; 3012280297Sjkim } 3013280297Sjkim if (s->enc_write_ctx != NULL) { 3014280297Sjkim EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); 3015280297Sjkim OPENSSL_free(s->enc_write_ctx); 3016280297Sjkim s->enc_write_ctx = NULL; 3017280297Sjkim } 3018160814Ssimon#ifndef OPENSSL_NO_COMP 3019280297Sjkim if (s->expand != NULL) { 3020280297Sjkim COMP_CTX_free(s->expand); 3021280297Sjkim s->expand = NULL; 3022280297Sjkim } 3023280297Sjkim if (s->compress != NULL) { 3024280297Sjkim COMP_CTX_free(s->compress); 3025280297Sjkim s->compress = NULL; 3026280297Sjkim } 3027160814Ssimon#endif 3028280297Sjkim} 302955714Skris 3030160814SsimonX509 *SSL_get_certificate(const SSL *s) 3031280297Sjkim{ 3032280297Sjkim if (s->cert != NULL) 3033280297Sjkim return (s->cert->key->x509); 3034280297Sjkim else 3035280297Sjkim return (NULL); 3036280297Sjkim} 303755714Skris 3038290207SjkimEVP_PKEY *SSL_get_privatekey(const SSL *s) 3039280297Sjkim{ 3040280297Sjkim if (s->cert != NULL) 3041280297Sjkim return (s->cert->key->privatekey); 3042280297Sjkim else 3043280297Sjkim return (NULL); 3044280297Sjkim} 304555714Skris 3046290207SjkimX509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) 3047290207Sjkim{ 3048290207Sjkim if (ctx->cert != NULL) 3049290207Sjkim return ctx->cert->key->x509; 3050290207Sjkim else 3051290207Sjkim return NULL; 3052290207Sjkim} 3053290207Sjkim 3054290207SjkimEVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) 3055290207Sjkim{ 3056290207Sjkim if (ctx->cert != NULL) 3057290207Sjkim return ctx->cert->key->privatekey; 3058290207Sjkim else 3059290207Sjkim return NULL; 3060290207Sjkim} 3061290207Sjkim 3062238405Sjkimconst SSL_CIPHER *SSL_get_current_cipher(const SSL *s) 3063280297Sjkim{ 3064280297Sjkim if ((s->session != NULL) && (s->session->cipher != NULL)) 3065280297Sjkim return (s->session->cipher); 3066280297Sjkim return (NULL); 3067280297Sjkim} 3068280297Sjkim 3069160814Ssimon#ifdef OPENSSL_NO_COMP 3070306195Sjkimconst COMP_METHOD *SSL_get_current_compression(SSL *s) 3071280297Sjkim{ 3072280297Sjkim return NULL; 3073280297Sjkim} 3074280297Sjkim 3075306195Sjkimconst COMP_METHOD *SSL_get_current_expansion(SSL *s) 3076280297Sjkim{ 3077280297Sjkim return NULL; 3078280297Sjkim} 3079160814Ssimon#else 308055714Skris 3081160814Ssimonconst COMP_METHOD *SSL_get_current_compression(SSL *s) 3082280297Sjkim{ 3083280297Sjkim if (s->compress != NULL) 3084280297Sjkim return (s->compress->meth); 3085280297Sjkim return (NULL); 3086280297Sjkim} 3087160814Ssimon 3088160814Ssimonconst COMP_METHOD *SSL_get_current_expansion(SSL *s) 3089280297Sjkim{ 3090280297Sjkim if (s->expand != NULL) 3091280297Sjkim return (s->expand->meth); 3092280297Sjkim return (NULL); 3093280297Sjkim} 3094160814Ssimon#endif 3095160814Ssimon 3096280297Sjkimint ssl_init_wbio_buffer(SSL *s, int push) 3097280297Sjkim{ 3098280297Sjkim BIO *bbio; 309955714Skris 3100280297Sjkim if (s->bbio == NULL) { 3101280297Sjkim bbio = BIO_new(BIO_f_buffer()); 3102280297Sjkim if (bbio == NULL) 3103280297Sjkim return (0); 3104280297Sjkim s->bbio = bbio; 3105280297Sjkim } else { 3106280297Sjkim bbio = s->bbio; 3107280297Sjkim if (s->bbio == s->wbio) 3108280297Sjkim s->wbio = BIO_pop(s->wbio); 3109280297Sjkim } 3110280297Sjkim (void)BIO_reset(bbio); 3111280297Sjkim/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ 3112280297Sjkim if (!BIO_set_read_buffer_size(bbio, 1)) { 3113280297Sjkim SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); 3114280297Sjkim return (0); 3115280297Sjkim } 3116280297Sjkim if (push) { 3117280297Sjkim if (s->wbio != bbio) 3118280297Sjkim s->wbio = BIO_push(bbio, s->wbio); 3119280297Sjkim } else { 3120280297Sjkim if (s->wbio == bbio) 3121280297Sjkim s->wbio = BIO_pop(bbio); 3122280297Sjkim } 3123280297Sjkim return (1); 3124280297Sjkim} 312555714Skris 312655714Skrisvoid ssl_free_wbio_buffer(SSL *s) 3127280297Sjkim{ 3128280297Sjkim if (s->bbio == NULL) 3129280297Sjkim return; 313055714Skris 3131280297Sjkim if (s->bbio == s->wbio) { 3132280297Sjkim /* remove buffering */ 3133280297Sjkim s->wbio = BIO_pop(s->wbio); 3134280297Sjkim#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids 3135280297Sjkim * adding one more preprocessor symbol */ 3136280297Sjkim assert(s->wbio != NULL); 3137238405Sjkim#endif 3138280297Sjkim } 3139280297Sjkim BIO_free(s->bbio); 3140280297Sjkim s->bbio = NULL; 3141280297Sjkim} 314255714Skris 3143280297Sjkimvoid SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) 3144280297Sjkim{ 3145280297Sjkim ctx->quiet_shutdown = mode; 3146280297Sjkim} 3147280297Sjkim 3148160814Ssimonint SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) 3149280297Sjkim{ 3150280297Sjkim return (ctx->quiet_shutdown); 3151280297Sjkim} 315255714Skris 3153280297Sjkimvoid SSL_set_quiet_shutdown(SSL *s, int mode) 3154280297Sjkim{ 3155280297Sjkim s->quiet_shutdown = mode; 3156280297Sjkim} 315755714Skris 3158160814Ssimonint SSL_get_quiet_shutdown(const SSL *s) 3159280297Sjkim{ 3160280297Sjkim return (s->quiet_shutdown); 3161280297Sjkim} 316255714Skris 3163280297Sjkimvoid SSL_set_shutdown(SSL *s, int mode) 3164280297Sjkim{ 3165280297Sjkim s->shutdown = mode; 3166280297Sjkim} 316755714Skris 3168160814Ssimonint SSL_get_shutdown(const SSL *s) 3169280297Sjkim{ 3170280297Sjkim return (s->shutdown); 3171280297Sjkim} 317255714Skris 3173160814Ssimonint SSL_version(const SSL *s) 3174280297Sjkim{ 3175280297Sjkim return (s->version); 3176280297Sjkim} 317755714Skris 3178160814SsimonSSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) 3179280297Sjkim{ 3180280297Sjkim return (ssl->ctx); 3181280297Sjkim} 318255714Skris 3183280297SjkimSSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) 3184280297Sjkim{ 3185280297Sjkim CERT *ocert = ssl->cert; 3186280297Sjkim if (ssl->ctx == ctx) 3187280297Sjkim return ssl->ctx; 3188194206Ssimon#ifndef OPENSSL_NO_TLSEXT 3189280297Sjkim if (ctx == NULL) 3190280297Sjkim ctx = ssl->initial_ctx; 3191194206Ssimon#endif 3192280297Sjkim ssl->cert = ssl_cert_dup(ctx->cert); 3193290207Sjkim if (ocert) { 3194325337Sjkim int i; 3195290207Sjkim /* Preserve any already negotiated parameters */ 3196290207Sjkim if (ssl->server) { 3197290207Sjkim ssl->cert->peer_sigalgs = ocert->peer_sigalgs; 3198290207Sjkim ssl->cert->peer_sigalgslen = ocert->peer_sigalgslen; 3199290207Sjkim ocert->peer_sigalgs = NULL; 3200290207Sjkim ssl->cert->ciphers_raw = ocert->ciphers_raw; 3201290207Sjkim ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen; 3202290207Sjkim ocert->ciphers_raw = NULL; 3203280297Sjkim } 3204325337Sjkim for (i = 0; i < SSL_PKEY_NUM; i++) { 3205325337Sjkim ssl->cert->pkeys[i].digest = ocert->pkeys[i].digest; 3206325337Sjkim } 3207298998Sjkim#ifndef OPENSSL_NO_TLSEXT 3208298998Sjkim ssl->cert->alpn_proposed = ocert->alpn_proposed; 3209298998Sjkim ssl->cert->alpn_proposed_len = ocert->alpn_proposed_len; 3210298998Sjkim ocert->alpn_proposed = NULL; 3211298998Sjkim ssl->cert->alpn_sent = ocert->alpn_sent; 3212325335Sjkim 3213325335Sjkim if (!custom_exts_copy_flags(&ssl->cert->srv_ext, &ocert->srv_ext)) 3214325335Sjkim return NULL; 3215298998Sjkim#endif 3216280297Sjkim ssl_cert_free(ocert); 3217280297Sjkim } 3218276861Sjkim 3219280297Sjkim /* 3220280297Sjkim * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), 3221280297Sjkim * so setter APIs must prevent invalid lengths from entering the system. 3222280297Sjkim */ 3223280297Sjkim OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)); 3224276861Sjkim 3225280297Sjkim /* 3226280297Sjkim * If the session ID context matches that of the parent SSL_CTX, 3227280297Sjkim * inherit it from the new SSL_CTX as well. If however the context does 3228280297Sjkim * not match (i.e., it was set per-ssl with SSL_set_session_id_context), 3229280297Sjkim * leave it unchanged. 3230280297Sjkim */ 3231280297Sjkim if ((ssl->ctx != NULL) && 3232280297Sjkim (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && 3233280297Sjkim (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) { 3234280297Sjkim ssl->sid_ctx_length = ctx->sid_ctx_length; 3235280297Sjkim memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); 3236280297Sjkim } 3237276861Sjkim 3238280297Sjkim CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 3239280297Sjkim if (ssl->ctx != NULL) 3240280297Sjkim SSL_CTX_free(ssl->ctx); /* decrement reference count */ 3241280297Sjkim ssl->ctx = ctx; 3242276861Sjkim 3243280297Sjkim return (ssl->ctx); 3244280297Sjkim} 3245194206Ssimon 3246109998Smarkm#ifndef OPENSSL_NO_STDIO 324755714Skrisint SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 3248280297Sjkim{ 3249280297Sjkim return (X509_STORE_set_default_paths(ctx->cert_store)); 3250280297Sjkim} 325155714Skris 325255714Skrisint SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 3253280297Sjkim const char *CApath) 3254280297Sjkim{ 3255280297Sjkim return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); 3256280297Sjkim} 325755714Skris#endif 325855714Skris 3259109998Smarkmvoid SSL_set_info_callback(SSL *ssl, 3260280297Sjkim void (*cb) (const SSL *ssl, int type, int val)) 3261280297Sjkim{ 3262280297Sjkim ssl->info_callback = cb; 3263280297Sjkim} 326455714Skris 3265280297Sjkim/* 3266280297Sjkim * One compiler (Diab DCC) doesn't like argument names in returned function 3267280297Sjkim * pointer. 3268280297Sjkim */ 3269280297Sjkimvoid (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ , 3270280297Sjkim int /* type */ , 3271280297Sjkim int /* val */ ) { 3272280297Sjkim return ssl->info_callback; 3273280297Sjkim} 327455714Skris 3275160814Ssimonint SSL_state(const SSL *ssl) 3276280297Sjkim{ 3277280297Sjkim return (ssl->state); 3278280297Sjkim} 327955714Skris 3280238405Sjkimvoid SSL_set_state(SSL *ssl, int state) 3281280297Sjkim{ 3282280297Sjkim ssl->state = state; 3283280297Sjkim} 3284238405Sjkim 3285280297Sjkimvoid SSL_set_verify_result(SSL *ssl, long arg) 3286280297Sjkim{ 3287280297Sjkim ssl->verify_result = arg; 3288280297Sjkim} 328955714Skris 3290160814Ssimonlong SSL_get_verify_result(const SSL *ssl) 3291280297Sjkim{ 3292280297Sjkim return (ssl->verify_result); 3293280297Sjkim} 329455714Skris 3295280297Sjkimint SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 3296280297Sjkim CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 3297280297Sjkim{ 3298280297Sjkim return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, 3299280297Sjkim new_func, dup_func, free_func); 3300280297Sjkim} 330155714Skris 3302280297Sjkimint SSL_set_ex_data(SSL *s, int idx, void *arg) 3303280297Sjkim{ 3304280297Sjkim return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); 3305280297Sjkim} 330655714Skris 3307280297Sjkimvoid *SSL_get_ex_data(const SSL *s, int idx) 3308280297Sjkim{ 3309280297Sjkim return (CRYPTO_get_ex_data(&s->ex_data, idx)); 3310280297Sjkim} 331155714Skris 3312280297Sjkimint SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 3313280297Sjkim CRYPTO_EX_dup *dup_func, 3314280297Sjkim CRYPTO_EX_free *free_func) 3315280297Sjkim{ 3316280297Sjkim return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, 3317280297Sjkim new_func, dup_func, free_func); 3318280297Sjkim} 331955714Skris 3320280297Sjkimint SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) 3321280297Sjkim{ 3322280297Sjkim return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); 3323280297Sjkim} 332455714Skris 3325280297Sjkimvoid *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) 3326280297Sjkim{ 3327280297Sjkim return (CRYPTO_get_ex_data(&s->ex_data, idx)); 3328280297Sjkim} 332955714Skris 333055714Skrisint ssl_ok(SSL *s) 3331280297Sjkim{ 3332280297Sjkim return (1); 3333280297Sjkim} 333455714Skris 3335160814SsimonX509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) 3336280297Sjkim{ 3337280297Sjkim return (ctx->cert_store); 3338280297Sjkim} 333955714Skris 3340280297Sjkimvoid SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) 3341280297Sjkim{ 3342280297Sjkim if (ctx->cert_store != NULL) 3343280297Sjkim X509_STORE_free(ctx->cert_store); 3344280297Sjkim ctx->cert_store = store; 3345280297Sjkim} 334655714Skris 3347160814Ssimonint SSL_want(const SSL *s) 3348280297Sjkim{ 3349280297Sjkim return (s->rwstate); 3350280297Sjkim} 335155714Skris 3352280297Sjkim/** 335355714Skris * \brief Set the callback for generating temporary RSA keys. 335455714Skris * \param ctx the SSL context. 335555714Skris * \param cb the callback 335655714Skris */ 335755714Skris 3358109998Smarkm#ifndef OPENSSL_NO_RSA 3359280297Sjkimvoid SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb) (SSL *ssl, 3360280297Sjkim int is_export, 3361280297Sjkim int keylength)) 3362280297Sjkim{ 3363280297Sjkim SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); 3364280297Sjkim} 336555714Skris 3366280297Sjkimvoid SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb) (SSL *ssl, 3367280297Sjkim int is_export, 3368280297Sjkim int keylength)) 3369280297Sjkim{ 3370280297Sjkim SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); 3371280297Sjkim} 337255714Skris#endif 337355714Skris 337455714Skris#ifdef DOXYGEN 3375280297Sjkim/** 337655714Skris * \brief The RSA temporary key callback function. 337755714Skris * \param ssl the SSL session. 337855714Skris * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite. 337955714Skris * \param keylength if \c is_export is \c TRUE, then \c keylength is the size 338055714Skris * of the required key in bits. 338155714Skris * \return the temporary RSA key. 338255714Skris * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback 338355714Skris */ 338455714Skris 3385280297SjkimRSA *cb(SSL *ssl, int is_export, int keylength) 3386280297Sjkim{ 3387280297Sjkim} 338855714Skris#endif 338955714Skris 3390280297Sjkim/** 339155714Skris * \brief Set the callback for generating temporary DH keys. 339255714Skris * \param ctx the SSL context. 339355714Skris * \param dh the callback 339455714Skris */ 339555714Skris 3396109998Smarkm#ifndef OPENSSL_NO_DH 3397280297Sjkimvoid SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 3398280297Sjkim DH *(*dh) (SSL *ssl, int is_export, 3399280297Sjkim int keylength)) 3400280297Sjkim{ 3401280297Sjkim SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); 3402280297Sjkim} 340355714Skris 3404280297Sjkimvoid SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, 3405280297Sjkim int keylength)) 3406280297Sjkim{ 3407280297Sjkim SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); 3408280297Sjkim} 340955714Skris#endif 341055714Skris 3411160814Ssimon#ifndef OPENSSL_NO_ECDH 3412280297Sjkimvoid SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, 3413280297Sjkim EC_KEY *(*ecdh) (SSL *ssl, int is_export, 3414280297Sjkim int keylength)) 3415280297Sjkim{ 3416280297Sjkim SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, 3417280297Sjkim (void (*)(void))ecdh); 3418280297Sjkim} 3419109998Smarkm 3420280297Sjkimvoid SSL_set_tmp_ecdh_callback(SSL *ssl, 3421280297Sjkim EC_KEY *(*ecdh) (SSL *ssl, int is_export, 3422280297Sjkim int keylength)) 3423280297Sjkim{ 3424280297Sjkim SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh); 3425280297Sjkim} 3426160814Ssimon#endif 3427160814Ssimon 3428238405Sjkim#ifndef OPENSSL_NO_PSK 3429238405Sjkimint SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) 3430280297Sjkim{ 3431280297Sjkim if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 3432280297Sjkim SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, 3433280297Sjkim SSL_R_DATA_LENGTH_TOO_LONG); 3434280297Sjkim return 0; 3435280297Sjkim } 3436280297Sjkim if (ctx->psk_identity_hint != NULL) 3437280297Sjkim OPENSSL_free(ctx->psk_identity_hint); 3438280297Sjkim if (identity_hint != NULL) { 3439280297Sjkim ctx->psk_identity_hint = BUF_strdup(identity_hint); 3440280297Sjkim if (ctx->psk_identity_hint == NULL) 3441280297Sjkim return 0; 3442280297Sjkim } else 3443280297Sjkim ctx->psk_identity_hint = NULL; 3444280297Sjkim return 1; 3445280297Sjkim} 3446160814Ssimon 3447238405Sjkimint SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) 3448280297Sjkim{ 3449280297Sjkim if (s == NULL) 3450280297Sjkim return 0; 3451238405Sjkim 3452280297Sjkim if (s->session == NULL) 3453280297Sjkim return 1; /* session not created yet, ignored */ 3454238405Sjkim 3455280297Sjkim if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 3456280297Sjkim SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); 3457280297Sjkim return 0; 3458280297Sjkim } 3459280297Sjkim if (s->session->psk_identity_hint != NULL) 3460280297Sjkim OPENSSL_free(s->session->psk_identity_hint); 3461280297Sjkim if (identity_hint != NULL) { 3462280297Sjkim s->session->psk_identity_hint = BUF_strdup(identity_hint); 3463280297Sjkim if (s->session->psk_identity_hint == NULL) 3464280297Sjkim return 0; 3465280297Sjkim } else 3466280297Sjkim s->session->psk_identity_hint = NULL; 3467280297Sjkim return 1; 3468280297Sjkim} 3469238405Sjkim 3470238405Sjkimconst char *SSL_get_psk_identity_hint(const SSL *s) 3471280297Sjkim{ 3472280297Sjkim if (s == NULL || s->session == NULL) 3473280297Sjkim return NULL; 3474280297Sjkim return (s->session->psk_identity_hint); 3475280297Sjkim} 3476238405Sjkim 3477238405Sjkimconst char *SSL_get_psk_identity(const SSL *s) 3478280297Sjkim{ 3479280297Sjkim if (s == NULL || s->session == NULL) 3480280297Sjkim return NULL; 3481280297Sjkim return (s->session->psk_identity); 3482280297Sjkim} 3483238405Sjkim 3484238405Sjkimvoid SSL_set_psk_client_callback(SSL *s, 3485280297Sjkim unsigned int (*cb) (SSL *ssl, 3486280297Sjkim const char *hint, 3487280297Sjkim char *identity, 3488280297Sjkim unsigned int 3489280297Sjkim max_identity_len, 3490280297Sjkim unsigned char *psk, 3491280297Sjkim unsigned int 3492280297Sjkim max_psk_len)) 3493280297Sjkim{ 3494280297Sjkim s->psk_client_callback = cb; 3495280297Sjkim} 3496238405Sjkim 3497238405Sjkimvoid SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 3498280297Sjkim unsigned int (*cb) (SSL *ssl, 3499280297Sjkim const char *hint, 3500280297Sjkim char *identity, 3501280297Sjkim unsigned int 3502280297Sjkim max_identity_len, 3503280297Sjkim unsigned char *psk, 3504280297Sjkim unsigned int 3505280297Sjkim max_psk_len)) 3506280297Sjkim{ 3507280297Sjkim ctx->psk_client_callback = cb; 3508280297Sjkim} 3509238405Sjkim 3510238405Sjkimvoid SSL_set_psk_server_callback(SSL *s, 3511280297Sjkim unsigned int (*cb) (SSL *ssl, 3512280297Sjkim const char *identity, 3513280297Sjkim unsigned char *psk, 3514280297Sjkim unsigned int 3515280297Sjkim max_psk_len)) 3516280297Sjkim{ 3517280297Sjkim s->psk_server_callback = cb; 3518280297Sjkim} 3519238405Sjkim 3520238405Sjkimvoid SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 3521280297Sjkim unsigned int (*cb) (SSL *ssl, 3522280297Sjkim const char *identity, 3523280297Sjkim unsigned char *psk, 3524280297Sjkim unsigned int 3525280297Sjkim max_psk_len)) 3526280297Sjkim{ 3527280297Sjkim ctx->psk_server_callback = cb; 3528280297Sjkim} 3529238405Sjkim#endif 3530238405Sjkim 3531280297Sjkimvoid SSL_CTX_set_msg_callback(SSL_CTX *ctx, 3532280297Sjkim void (*cb) (int write_p, int version, 3533280297Sjkim int content_type, const void *buf, 3534280297Sjkim size_t len, SSL *ssl, void *arg)) 3535280297Sjkim{ 3536280297Sjkim SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3537280297Sjkim} 3538109998Smarkm 3539280297Sjkimvoid SSL_set_msg_callback(SSL *ssl, 3540280297Sjkim void (*cb) (int write_p, int version, 3541280297Sjkim int content_type, const void *buf, 3542280297Sjkim size_t len, SSL *ssl, void *arg)) 3543280297Sjkim{ 3544280297Sjkim SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3545280297Sjkim} 3546280297Sjkim 3547280297Sjkim/* 3548280297Sjkim * Allocates new EVP_MD_CTX and sets pointer to it into given pointer 3549280297Sjkim * vairable, freeing EVP_MD_CTX previously stored in that variable, if any. 3550280297Sjkim * If EVP_MD pointer is passed, initializes ctx with this md Returns newly 3551280297Sjkim * allocated ctx; 3552238405Sjkim */ 3553109998Smarkm 3554280297SjkimEVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) 3555238405Sjkim{ 3556280297Sjkim ssl_clear_hash_ctx(hash); 3557280297Sjkim *hash = EVP_MD_CTX_create(); 3558291719Sjkim if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) { 3559291719Sjkim EVP_MD_CTX_destroy(*hash); 3560291719Sjkim *hash = NULL; 3561291719Sjkim return NULL; 3562291719Sjkim } 3563280297Sjkim return *hash; 3564238405Sjkim} 3565280297Sjkim 3566280297Sjkimvoid ssl_clear_hash_ctx(EVP_MD_CTX **hash) 3567238405Sjkim{ 3568109998Smarkm 3569280297Sjkim if (*hash) 3570280297Sjkim EVP_MD_CTX_destroy(*hash); 3571280297Sjkim *hash = NULL; 3572238405Sjkim} 3573238405Sjkim 3574238405Sjkimvoid SSL_set_debug(SSL *s, int debug) 3575280297Sjkim{ 3576280297Sjkim s->debug = debug; 3577280297Sjkim} 3578238405Sjkim 3579238405Sjkimint SSL_cache_hit(SSL *s) 3580280297Sjkim{ 3581280297Sjkim return s->hit; 3582280297Sjkim} 3583238405Sjkim 3584290207Sjkimint SSL_is_server(SSL *s) 3585290207Sjkim{ 3586290207Sjkim return s->server; 3587290207Sjkim} 3588290207Sjkim 3589109998Smarkm#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16) 3590280297Sjkim# include "../crypto/bio/bss_file.c" 359155714Skris#endif 359255714Skris 359355714SkrisIMPLEMENT_STACK_OF(SSL_CIPHER) 359455714SkrisIMPLEMENT_STACK_OF(SSL_COMP) 3595280297SjkimIMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); 3596