ssl_lib.c revision 296279
1280297Sjkim/* 2280297Sjkim * ! \file ssl/ssl_lib.c \brief Version independent SSL functions. 355714Skris */ 455714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 555714Skris * All rights reserved. 655714Skris * 755714Skris * This package is an SSL implementation written 855714Skris * by Eric Young (eay@cryptsoft.com). 955714Skris * The implementation was written so as to conform with Netscapes SSL. 10280297Sjkim * 1155714Skris * This library is free for commercial and non-commercial use as long as 1255714Skris * the following conditions are aheared to. The following conditions 1355714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1455714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1555714Skris * included with this distribution is covered by the same copyright terms 1655714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 17280297Sjkim * 1855714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1955714Skris * the code are not to be removed. 2055714Skris * If this package is used in a product, Eric Young should be given attribution 2155714Skris * as the author of the parts of the library used. 2255714Skris * This can be in the form of a textual message at program startup or 2355714Skris * in documentation (online or textual) provided with the package. 24280297Sjkim * 2555714Skris * Redistribution and use in source and binary forms, with or without 2655714Skris * modification, are permitted provided that the following conditions 2755714Skris * are met: 2855714Skris * 1. Redistributions of source code must retain the copyright 2955714Skris * notice, this list of conditions and the following disclaimer. 3055714Skris * 2. Redistributions in binary form must reproduce the above copyright 3155714Skris * notice, this list of conditions and the following disclaimer in the 3255714Skris * documentation and/or other materials provided with the distribution. 3355714Skris * 3. All advertising materials mentioning features or use of this software 3455714Skris * must display the following acknowledgement: 3555714Skris * "This product includes cryptographic software written by 3655714Skris * Eric Young (eay@cryptsoft.com)" 3755714Skris * The word 'cryptographic' can be left out if the rouines from the library 3855714Skris * being used are not cryptographic related :-). 39280297Sjkim * 4. If you include any Windows specific code (or a derivative thereof) from 4055714Skris * the apps directory (application code) you must include an acknowledgement: 4155714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 42280297Sjkim * 4355714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4455714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4555714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4655714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4755714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4855714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4955714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 5055714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 5155714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5255714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5355714Skris * SUCH DAMAGE. 54280297Sjkim * 5555714Skris * The licence and distribution terms for any publically available version or 5655714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5755714Skris * copied and put under another distribution licence 5855714Skris * [including the GNU Public Licence.] 5955714Skris */ 60109998Smarkm/* ==================================================================== 61238405Sjkim * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 62109998Smarkm * 63109998Smarkm * Redistribution and use in source and binary forms, with or without 64109998Smarkm * modification, are permitted provided that the following conditions 65109998Smarkm * are met: 66109998Smarkm * 67109998Smarkm * 1. Redistributions of source code must retain the above copyright 68280297Sjkim * notice, this list of conditions and the following disclaimer. 69109998Smarkm * 70109998Smarkm * 2. Redistributions in binary form must reproduce the above copyright 71109998Smarkm * notice, this list of conditions and the following disclaimer in 72109998Smarkm * the documentation and/or other materials provided with the 73109998Smarkm * distribution. 74109998Smarkm * 75109998Smarkm * 3. All advertising materials mentioning features or use of this 76109998Smarkm * software must display the following acknowledgment: 77109998Smarkm * "This product includes software developed by the OpenSSL Project 78109998Smarkm * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 79109998Smarkm * 80109998Smarkm * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 81109998Smarkm * endorse or promote products derived from this software without 82109998Smarkm * prior written permission. For written permission, please contact 83109998Smarkm * openssl-core@openssl.org. 84109998Smarkm * 85109998Smarkm * 5. Products derived from this software may not be called "OpenSSL" 86109998Smarkm * nor may "OpenSSL" appear in their names without prior written 87109998Smarkm * permission of the OpenSSL Project. 88109998Smarkm * 89109998Smarkm * 6. Redistributions of any form whatsoever must retain the following 90109998Smarkm * acknowledgment: 91109998Smarkm * "This product includes software developed by the OpenSSL Project 92109998Smarkm * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 93109998Smarkm * 94109998Smarkm * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 95109998Smarkm * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96109998Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 97109998Smarkm * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 98109998Smarkm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 99109998Smarkm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 100109998Smarkm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 101109998Smarkm * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 102109998Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 103109998Smarkm * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 104109998Smarkm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 105109998Smarkm * OF THE POSSIBILITY OF SUCH DAMAGE. 106109998Smarkm * ==================================================================== 107109998Smarkm * 108109998Smarkm * This product includes cryptographic software written by Eric Young 109109998Smarkm * (eay@cryptsoft.com). This product includes software written by Tim 110109998Smarkm * Hudson (tjh@cryptsoft.com). 111109998Smarkm * 112109998Smarkm */ 113160814Ssimon/* ==================================================================== 114160814Ssimon * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 115280297Sjkim * ECC cipher suite support in OpenSSL originally developed by 116160814Ssimon * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 117160814Ssimon */ 118238405Sjkim/* ==================================================================== 119238405Sjkim * Copyright 2005 Nokia. All rights reserved. 120238405Sjkim * 121238405Sjkim * The portions of the attached software ("Contribution") is developed by 122238405Sjkim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 123238405Sjkim * license. 124238405Sjkim * 125238405Sjkim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 126238405Sjkim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 127238405Sjkim * support (see RFC 4279) to OpenSSL. 128238405Sjkim * 129238405Sjkim * No patent licenses or other rights except those expressly stated in 130238405Sjkim * the OpenSSL open source license shall be deemed granted or received 131238405Sjkim * expressly, by implication, estoppel, or otherwise. 132238405Sjkim * 133238405Sjkim * No assurances are provided by Nokia that the Contribution does not 134238405Sjkim * infringe the patent or other intellectual property rights of any third 135238405Sjkim * party or that the license provides you with all the necessary rights 136238405Sjkim * to make use of the Contribution. 137238405Sjkim * 138238405Sjkim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 139238405Sjkim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 140238405Sjkim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 141238405Sjkim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 142238405Sjkim * OTHERWISE. 143238405Sjkim */ 14455714Skris 145109998Smarkm#ifdef REF_CHECK 146280297Sjkim# include <assert.h> 147109998Smarkm#endif 14855714Skris#include <stdio.h> 149109998Smarkm#include "ssl_locl.h" 150109998Smarkm#include "kssl_lcl.h" 15155714Skris#include <openssl/objects.h> 15255714Skris#include <openssl/lhash.h> 15359191Skris#include <openssl/x509v3.h> 154194206Ssimon#include <openssl/rand.h> 155194206Ssimon#include <openssl/ocsp.h> 156160814Ssimon#ifndef OPENSSL_NO_DH 157280297Sjkim# include <openssl/dh.h> 158160814Ssimon#endif 159194206Ssimon#ifndef OPENSSL_NO_ENGINE 160280297Sjkim# include <openssl/engine.h> 161194206Ssimon#endif 16255714Skris 163280297Sjkimconst char *SSL_version_str = OPENSSL_VERSION_TEXT; 16455714Skris 165280297SjkimSSL3_ENC_METHOD ssl3_undef_enc_method = { 166280297Sjkim /* 167280297Sjkim * evil casts, but these functions are only called if there's a library 168280297Sjkim * bug 169280297Sjkim */ 170280297Sjkim (int (*)(SSL *, int))ssl_undefined_function, 171280297Sjkim (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, 172280297Sjkim ssl_undefined_function, 173280297Sjkim (int (*)(SSL *, unsigned char *, unsigned char *, int)) 174280297Sjkim ssl_undefined_function, 175280297Sjkim (int (*)(SSL *, int))ssl_undefined_function, 176280297Sjkim (int (*)(SSL *, const char *, int, unsigned char *)) 177280297Sjkim ssl_undefined_function, 178280297Sjkim 0, /* finish_mac_length */ 179280297Sjkim (int (*)(SSL *, int, unsigned char *))ssl_undefined_function, 180280297Sjkim NULL, /* client_finished_label */ 181280297Sjkim 0, /* client_finished_label_len */ 182280297Sjkim NULL, /* server_finished_label */ 183280297Sjkim 0, /* server_finished_label_len */ 184280297Sjkim (int (*)(int))ssl_undefined_function, 185280297Sjkim (int (*)(SSL *, unsigned char *, size_t, const char *, 186280297Sjkim size_t, const unsigned char *, size_t, 187280297Sjkim int use_context))ssl_undefined_function, 188280297Sjkim}; 18955714Skris 19055714Skrisint SSL_clear(SSL *s) 191280297Sjkim{ 19255714Skris 193280297Sjkim if (s->method == NULL) { 194280297Sjkim SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); 195280297Sjkim return (0); 196280297Sjkim } 19755714Skris 198280297Sjkim if (ssl_clear_bad_session(s)) { 199280297Sjkim SSL_SESSION_free(s->session); 200280297Sjkim s->session = NULL; 201280297Sjkim } 202100928Snectar 203280297Sjkim s->error = 0; 204280297Sjkim s->hit = 0; 205280297Sjkim s->shutdown = 0; 20655714Skris 207280297Sjkim#if 0 208280297Sjkim /* 209280297Sjkim * Disabled since version 1.10 of this file (early return not 210280297Sjkim * needed because SSL_clear is not called when doing renegotiation) 211280297Sjkim */ 212280297Sjkim /* 213280297Sjkim * This is set if we are doing dynamic renegotiation so keep 214280297Sjkim * the old cipher. It is sort of a SSL_clear_lite :-) 215280297Sjkim */ 216280297Sjkim if (s->renegotiate) 217280297Sjkim return (1); 21859191Skris#else 219280297Sjkim if (s->renegotiate) { 220280297Sjkim SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); 221280297Sjkim return 0; 222280297Sjkim } 22355714Skris#endif 22455714Skris 225280297Sjkim s->type = 0; 22655714Skris 227280297Sjkim s->state = SSL_ST_BEFORE | ((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); 22855714Skris 229280297Sjkim s->version = s->method->version; 230280297Sjkim s->client_version = s->version; 231280297Sjkim s->rwstate = SSL_NOTHING; 232280297Sjkim s->rstate = SSL_ST_READ_HEADER; 23372613Skris#if 0 234280297Sjkim s->read_ahead = s->ctx->read_ahead; 23572613Skris#endif 23655714Skris 237280297Sjkim if (s->init_buf != NULL) { 238280297Sjkim BUF_MEM_free(s->init_buf); 239280297Sjkim s->init_buf = NULL; 240280297Sjkim } 24155714Skris 242280297Sjkim ssl_clear_cipher_ctx(s); 243280297Sjkim ssl_clear_hash_ctx(&s->read_hash); 244280297Sjkim ssl_clear_hash_ctx(&s->write_hash); 24555714Skris 246280297Sjkim s->first_packet = 0; 24755714Skris 24855714Skris#if 1 249280297Sjkim /* 250280297Sjkim * Check to see if we were changed into a different method, if so, revert 251280297Sjkim * back if we are not doing session-id reuse. 252280297Sjkim */ 253280297Sjkim if (!s->in_handshake && (s->session == NULL) 254280297Sjkim && (s->method != s->ctx->method)) { 255280297Sjkim s->method->ssl_free(s); 256280297Sjkim s->method = s->ctx->method; 257280297Sjkim if (!s->method->ssl_new(s)) 258280297Sjkim return (0); 259280297Sjkim } else 26055714Skris#endif 261280297Sjkim s->method->ssl_clear(s); 262280297Sjkim return (1); 263280297Sjkim} 26455714Skris 26555714Skris/** Used to change an SSL_CTXs default SSL method type */ 266280297Sjkimint SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) 267280297Sjkim{ 268280297Sjkim STACK_OF(SSL_CIPHER) *sk; 26955714Skris 270280297Sjkim ctx->method = meth; 27155714Skris 272280297Sjkim sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), 273280297Sjkim &(ctx->cipher_list_by_id), 274280297Sjkim meth->version == 275280297Sjkim SSL2_VERSION ? "SSLv2" : 276290207Sjkim SSL_DEFAULT_CIPHER_LIST, ctx->cert); 277280297Sjkim if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { 278280297Sjkim SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, 279280297Sjkim SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 280280297Sjkim return (0); 281280297Sjkim } 282280297Sjkim return (1); 283280297Sjkim} 28455714Skris 28555714SkrisSSL *SSL_new(SSL_CTX *ctx) 286280297Sjkim{ 287280297Sjkim SSL *s; 28855714Skris 289280297Sjkim if (ctx == NULL) { 290280297Sjkim SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); 291280297Sjkim return (NULL); 292280297Sjkim } 293280297Sjkim if (ctx->method == NULL) { 294280297Sjkim SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 295280297Sjkim return (NULL); 296280297Sjkim } 29755714Skris 298280297Sjkim s = (SSL *)OPENSSL_malloc(sizeof(SSL)); 299280297Sjkim if (s == NULL) 300280297Sjkim goto err; 301280297Sjkim memset(s, 0, sizeof(SSL)); 30255714Skris 303280297Sjkim#ifndef OPENSSL_NO_KRB5 304280297Sjkim s->kssl_ctx = kssl_ctx_new(); 305280297Sjkim#endif /* OPENSSL_NO_KRB5 */ 306109998Smarkm 307280297Sjkim s->options = ctx->options; 308280297Sjkim s->mode = ctx->mode; 309280297Sjkim s->max_cert_list = ctx->max_cert_list; 310291719Sjkim s->references = 1; 311109998Smarkm 312280297Sjkim if (ctx->cert != NULL) { 313280297Sjkim /* 314280297Sjkim * Earlier library versions used to copy the pointer to the CERT, not 315280297Sjkim * its contents; only when setting new parameters for the per-SSL 316280297Sjkim * copy, ssl_cert_new would be called (and the direct reference to 317280297Sjkim * the per-SSL_CTX settings would be lost, but those still were 318280297Sjkim * indirectly accessed for various purposes, and for that reason they 319280297Sjkim * used to be known as s->ctx->default_cert). Now we don't look at the 320280297Sjkim * SSL_CTX's CERT after having duplicated it once. 321280297Sjkim */ 32255714Skris 323280297Sjkim s->cert = ssl_cert_dup(ctx->cert); 324280297Sjkim if (s->cert == NULL) 325280297Sjkim goto err; 326280297Sjkim } else 327280297Sjkim s->cert = NULL; /* Cannot really happen (see SSL_CTX_new) */ 328109998Smarkm 329280297Sjkim s->read_ahead = ctx->read_ahead; 330280297Sjkim s->msg_callback = ctx->msg_callback; 331280297Sjkim s->msg_callback_arg = ctx->msg_callback_arg; 332280297Sjkim s->verify_mode = ctx->verify_mode; 333160814Ssimon#if 0 334280297Sjkim s->verify_depth = ctx->verify_depth; 335160814Ssimon#endif 336280297Sjkim s->sid_ctx_length = ctx->sid_ctx_length; 337280297Sjkim OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); 338280297Sjkim memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); 339280297Sjkim s->verify_callback = ctx->default_verify_callback; 340280297Sjkim s->generate_session_id = ctx->generate_session_id; 341160814Ssimon 342280297Sjkim s->param = X509_VERIFY_PARAM_new(); 343280297Sjkim if (!s->param) 344280297Sjkim goto err; 345280297Sjkim X509_VERIFY_PARAM_inherit(s->param, ctx->param); 346160814Ssimon#if 0 347280297Sjkim s->purpose = ctx->purpose; 348280297Sjkim s->trust = ctx->trust; 349160814Ssimon#endif 350280297Sjkim s->quiet_shutdown = ctx->quiet_shutdown; 351280297Sjkim s->max_send_fragment = ctx->max_send_fragment; 352109998Smarkm 353280297Sjkim CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 354280297Sjkim s->ctx = ctx; 355194206Ssimon#ifndef OPENSSL_NO_TLSEXT 356280297Sjkim s->tlsext_debug_cb = 0; 357280297Sjkim s->tlsext_debug_arg = NULL; 358280297Sjkim s->tlsext_ticket_expected = 0; 359280297Sjkim s->tlsext_status_type = -1; 360280297Sjkim s->tlsext_status_expected = 0; 361280297Sjkim s->tlsext_ocsp_ids = NULL; 362280297Sjkim s->tlsext_ocsp_exts = NULL; 363280297Sjkim s->tlsext_ocsp_resp = NULL; 364280297Sjkim s->tlsext_ocsp_resplen = -1; 365280297Sjkim CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 366280297Sjkim s->initial_ctx = ctx; 367290207Sjkim# ifndef OPENSSL_NO_EC 368290207Sjkim if (ctx->tlsext_ecpointformatlist) { 369290207Sjkim s->tlsext_ecpointformatlist = 370290207Sjkim BUF_memdup(ctx->tlsext_ecpointformatlist, 371290207Sjkim ctx->tlsext_ecpointformatlist_length); 372290207Sjkim if (!s->tlsext_ecpointformatlist) 373290207Sjkim goto err; 374290207Sjkim s->tlsext_ecpointformatlist_length = 375290207Sjkim ctx->tlsext_ecpointformatlist_length; 376290207Sjkim } 377290207Sjkim if (ctx->tlsext_ellipticcurvelist) { 378290207Sjkim s->tlsext_ellipticcurvelist = 379290207Sjkim BUF_memdup(ctx->tlsext_ellipticcurvelist, 380290207Sjkim ctx->tlsext_ellipticcurvelist_length); 381290207Sjkim if (!s->tlsext_ellipticcurvelist) 382290207Sjkim goto err; 383290207Sjkim s->tlsext_ellipticcurvelist_length = 384290207Sjkim ctx->tlsext_ellipticcurvelist_length; 385290207Sjkim } 386290207Sjkim# endif 387238405Sjkim# ifndef OPENSSL_NO_NEXTPROTONEG 388280297Sjkim s->next_proto_negotiated = NULL; 389238405Sjkim# endif 390290207Sjkim 391290207Sjkim if (s->ctx->alpn_client_proto_list) { 392290207Sjkim s->alpn_client_proto_list = 393290207Sjkim OPENSSL_malloc(s->ctx->alpn_client_proto_list_len); 394290207Sjkim if (s->alpn_client_proto_list == NULL) 395290207Sjkim goto err; 396290207Sjkim memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list, 397290207Sjkim s->ctx->alpn_client_proto_list_len); 398290207Sjkim s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len; 399290207Sjkim } 400194206Ssimon#endif 401238405Sjkim 402280297Sjkim s->verify_result = X509_V_OK; 40355714Skris 404280297Sjkim s->method = ctx->method; 40555714Skris 406280297Sjkim if (!s->method->ssl_new(s)) 407280297Sjkim goto err; 40855714Skris 409280297Sjkim s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; 410109998Smarkm 411280297Sjkim SSL_clear(s); 41255714Skris 413280297Sjkim CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 41455714Skris 415238405Sjkim#ifndef OPENSSL_NO_PSK 416280297Sjkim s->psk_client_callback = ctx->psk_client_callback; 417280297Sjkim s->psk_server_callback = ctx->psk_server_callback; 418238405Sjkim#endif 419238405Sjkim 420280297Sjkim return (s); 421280297Sjkim err: 422280297Sjkim if (s != NULL) 423280297Sjkim SSL_free(s); 424280297Sjkim SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); 425280297Sjkim return (NULL); 426280297Sjkim} 42755714Skris 428280297Sjkimint SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, 429280297Sjkim unsigned int sid_ctx_len) 430280297Sjkim{ 431280297Sjkim if (sid_ctx_len > sizeof ctx->sid_ctx) { 432280297Sjkim SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, 433280297Sjkim SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 434280297Sjkim return 0; 435280297Sjkim } 436280297Sjkim ctx->sid_ctx_length = sid_ctx_len; 437280297Sjkim memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); 43855714Skris 43955714Skris return 1; 440280297Sjkim} 441280297Sjkim 442280297Sjkimint SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, 443280297Sjkim unsigned int sid_ctx_len) 444280297Sjkim{ 445280297Sjkim if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 446280297Sjkim SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, 447280297Sjkim SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 448280297Sjkim return 0; 44955714Skris } 450280297Sjkim ssl->sid_ctx_length = sid_ctx_len; 451280297Sjkim memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); 45255714Skris 45355714Skris return 1; 454280297Sjkim} 45555714Skris 456109998Smarkmint SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) 457280297Sjkim{ 458280297Sjkim CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 459280297Sjkim ctx->generate_session_id = cb; 460280297Sjkim CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 461280297Sjkim return 1; 462280297Sjkim} 463109998Smarkm 464109998Smarkmint SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) 465280297Sjkim{ 466280297Sjkim CRYPTO_w_lock(CRYPTO_LOCK_SSL); 467280297Sjkim ssl->generate_session_id = cb; 468280297Sjkim CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 469280297Sjkim return 1; 470280297Sjkim} 47159191Skris 472109998Smarkmint SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 473280297Sjkim unsigned int id_len) 474280297Sjkim{ 475280297Sjkim /* 476280297Sjkim * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how 477280297Sjkim * we can "construct" a session to give us the desired check - ie. to 478280297Sjkim * find if there's a session in the hash table that would conflict with 479280297Sjkim * any new session built out of this id/id_len and the ssl_version in use 480280297Sjkim * by this SSL. 481280297Sjkim */ 482280297Sjkim SSL_SESSION r, *p; 483109998Smarkm 484280297Sjkim if (id_len > sizeof r.session_id) 485280297Sjkim return 0; 486109998Smarkm 487280297Sjkim r.ssl_version = ssl->version; 488280297Sjkim r.session_id_length = id_len; 489280297Sjkim memcpy(r.session_id, id, id_len); 490280297Sjkim /* 491280297Sjkim * NB: SSLv2 always uses a fixed 16-byte session ID, so even if a 492280297Sjkim * callback is calling us to check the uniqueness of a shorter ID, it 493280297Sjkim * must be compared as a padded-out ID because that is what it will be 494280297Sjkim * converted to when the callback has finished choosing it. 495280297Sjkim */ 496280297Sjkim if ((r.ssl_version == SSL2_VERSION) && 497280297Sjkim (id_len < SSL2_SSL_SESSION_ID_LENGTH)) { 498280297Sjkim memset(r.session_id + id_len, 0, SSL2_SSL_SESSION_ID_LENGTH - id_len); 499280297Sjkim r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; 500280297Sjkim } 501109998Smarkm 502280297Sjkim CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 503280297Sjkim p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); 504280297Sjkim CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 505280297Sjkim return (p != NULL); 506280297Sjkim} 507109998Smarkm 508109998Smarkmint SSL_CTX_set_purpose(SSL_CTX *s, int purpose) 509280297Sjkim{ 510280297Sjkim return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 511280297Sjkim} 512109998Smarkm 513109998Smarkmint SSL_set_purpose(SSL *s, int purpose) 514280297Sjkim{ 515280297Sjkim return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 516280297Sjkim} 517109998Smarkm 51859191Skrisint SSL_CTX_set_trust(SSL_CTX *s, int trust) 519280297Sjkim{ 520280297Sjkim return X509_VERIFY_PARAM_set_trust(s->param, trust); 521280297Sjkim} 52259191Skris 52359191Skrisint SSL_set_trust(SSL *s, int trust) 524280297Sjkim{ 525280297Sjkim return X509_VERIFY_PARAM_set_trust(s->param, trust); 526280297Sjkim} 52759191Skris 528238405Sjkimint SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) 529280297Sjkim{ 530280297Sjkim return X509_VERIFY_PARAM_set1(ctx->param, vpm); 531280297Sjkim} 532238405Sjkim 533238405Sjkimint SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) 534280297Sjkim{ 535280297Sjkim return X509_VERIFY_PARAM_set1(ssl->param, vpm); 536280297Sjkim} 537238405Sjkim 538290207SjkimX509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) 539290207Sjkim{ 540290207Sjkim return ctx->param; 541290207Sjkim} 542290207Sjkim 543290207SjkimX509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) 544290207Sjkim{ 545290207Sjkim return ssl->param; 546290207Sjkim} 547290207Sjkim 548290207Sjkimvoid SSL_certs_clear(SSL *s) 549290207Sjkim{ 550290207Sjkim ssl_cert_clear_certs(s->cert); 551290207Sjkim} 552290207Sjkim 55355714Skrisvoid SSL_free(SSL *s) 554280297Sjkim{ 555280297Sjkim int i; 55655714Skris 557280297Sjkim if (s == NULL) 558280297Sjkim return; 55955714Skris 560280297Sjkim i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); 56155714Skris#ifdef REF_PRINT 562280297Sjkim REF_PRINT("SSL", s); 56355714Skris#endif 564280297Sjkim if (i > 0) 565280297Sjkim return; 56655714Skris#ifdef REF_CHECK 567280297Sjkim if (i < 0) { 568280297Sjkim fprintf(stderr, "SSL_free, bad reference count\n"); 569280297Sjkim abort(); /* ok */ 570280297Sjkim } 57155714Skris#endif 57255714Skris 573280297Sjkim if (s->param) 574280297Sjkim X509_VERIFY_PARAM_free(s->param); 575160814Ssimon 576280297Sjkim CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 57755714Skris 578280297Sjkim if (s->bbio != NULL) { 579280297Sjkim /* If the buffering BIO is in place, pop it off */ 580280297Sjkim if (s->bbio == s->wbio) { 581280297Sjkim s->wbio = BIO_pop(s->wbio); 582280297Sjkim } 583280297Sjkim BIO_free(s->bbio); 584280297Sjkim s->bbio = NULL; 585280297Sjkim } 586280297Sjkim if (s->rbio != NULL) 587280297Sjkim BIO_free_all(s->rbio); 588280297Sjkim if ((s->wbio != NULL) && (s->wbio != s->rbio)) 589280297Sjkim BIO_free_all(s->wbio); 59055714Skris 591280297Sjkim if (s->init_buf != NULL) 592280297Sjkim BUF_MEM_free(s->init_buf); 59355714Skris 594280297Sjkim /* add extra stuff */ 595280297Sjkim if (s->cipher_list != NULL) 596280297Sjkim sk_SSL_CIPHER_free(s->cipher_list); 597280297Sjkim if (s->cipher_list_by_id != NULL) 598280297Sjkim sk_SSL_CIPHER_free(s->cipher_list_by_id); 59955714Skris 600280297Sjkim /* Make the next call work :-) */ 601280297Sjkim if (s->session != NULL) { 602280297Sjkim ssl_clear_bad_session(s); 603280297Sjkim SSL_SESSION_free(s->session); 604280297Sjkim } 60555714Skris 606280297Sjkim ssl_clear_cipher_ctx(s); 607280297Sjkim ssl_clear_hash_ctx(&s->read_hash); 608280297Sjkim ssl_clear_hash_ctx(&s->write_hash); 60955714Skris 610280297Sjkim if (s->cert != NULL) 611280297Sjkim ssl_cert_free(s->cert); 612280297Sjkim /* Free up if allocated */ 61355714Skris 614194206Ssimon#ifndef OPENSSL_NO_TLSEXT 615280297Sjkim if (s->tlsext_hostname) 616280297Sjkim OPENSSL_free(s->tlsext_hostname); 617280297Sjkim if (s->initial_ctx) 618280297Sjkim SSL_CTX_free(s->initial_ctx); 619280297Sjkim# ifndef OPENSSL_NO_EC 620280297Sjkim if (s->tlsext_ecpointformatlist) 621280297Sjkim OPENSSL_free(s->tlsext_ecpointformatlist); 622280297Sjkim if (s->tlsext_ellipticcurvelist) 623280297Sjkim OPENSSL_free(s->tlsext_ellipticcurvelist); 624280297Sjkim# endif /* OPENSSL_NO_EC */ 625280297Sjkim if (s->tlsext_opaque_prf_input) 626280297Sjkim OPENSSL_free(s->tlsext_opaque_prf_input); 627280297Sjkim if (s->tlsext_ocsp_exts) 628280297Sjkim sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); 629280297Sjkim if (s->tlsext_ocsp_ids) 630280297Sjkim sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 631280297Sjkim if (s->tlsext_ocsp_resp) 632280297Sjkim OPENSSL_free(s->tlsext_ocsp_resp); 633290207Sjkim if (s->alpn_client_proto_list) 634290207Sjkim OPENSSL_free(s->alpn_client_proto_list); 635194206Ssimon#endif 636238405Sjkim 637280297Sjkim if (s->client_CA != NULL) 638280297Sjkim sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); 63955714Skris 640280297Sjkim if (s->method != NULL) 641280297Sjkim s->method->ssl_free(s); 64255714Skris 643280297Sjkim if (s->ctx) 644280297Sjkim SSL_CTX_free(s->ctx); 645205128Ssimon 646280297Sjkim#ifndef OPENSSL_NO_KRB5 647280297Sjkim if (s->kssl_ctx != NULL) 648280297Sjkim kssl_ctx_free(s->kssl_ctx); 649280297Sjkim#endif /* OPENSSL_NO_KRB5 */ 650120631Snectar 651238405Sjkim#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 652280297Sjkim if (s->next_proto_negotiated) 653280297Sjkim OPENSSL_free(s->next_proto_negotiated); 654238405Sjkim#endif 655238405Sjkim 656246772Sjkim#ifndef OPENSSL_NO_SRTP 657280297Sjkim if (s->srtp_profiles) 658280297Sjkim sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); 659246772Sjkim#endif 660238405Sjkim 661280297Sjkim OPENSSL_free(s); 662280297Sjkim} 66355714Skris 664280297Sjkimvoid SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) 665280297Sjkim{ 666280297Sjkim /* 667280297Sjkim * If the output buffering BIO is still in place, remove it 668280297Sjkim */ 669280297Sjkim if (s->bbio != NULL) { 670280297Sjkim if (s->wbio == s->bbio) { 671280297Sjkim s->wbio = s->wbio->next_bio; 672280297Sjkim s->bbio->next_bio = NULL; 673280297Sjkim } 674280297Sjkim } 675280297Sjkim if ((s->rbio != NULL) && (s->rbio != rbio)) 676280297Sjkim BIO_free_all(s->rbio); 677280297Sjkim if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) 678280297Sjkim BIO_free_all(s->wbio); 679280297Sjkim s->rbio = rbio; 680280297Sjkim s->wbio = wbio; 681280297Sjkim} 68255714Skris 683160814SsimonBIO *SSL_get_rbio(const SSL *s) 684280297Sjkim{ 685280297Sjkim return (s->rbio); 686280297Sjkim} 68755714Skris 688160814SsimonBIO *SSL_get_wbio(const SSL *s) 689280297Sjkim{ 690280297Sjkim return (s->wbio); 691280297Sjkim} 69255714Skris 693160814Ssimonint SSL_get_fd(const SSL *s) 694280297Sjkim{ 695280297Sjkim return (SSL_get_rfd(s)); 696280297Sjkim} 69789837Skris 698160814Ssimonint SSL_get_rfd(const SSL *s) 699280297Sjkim{ 700280297Sjkim int ret = -1; 701280297Sjkim BIO *b, *r; 70255714Skris 703280297Sjkim b = SSL_get_rbio(s); 704280297Sjkim r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 705280297Sjkim if (r != NULL) 706280297Sjkim BIO_get_fd(r, &ret); 707280297Sjkim return (ret); 708280297Sjkim} 70955714Skris 710160814Ssimonint SSL_get_wfd(const SSL *s) 711280297Sjkim{ 712280297Sjkim int ret = -1; 713280297Sjkim BIO *b, *r; 71489837Skris 715280297Sjkim b = SSL_get_wbio(s); 716280297Sjkim r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 717280297Sjkim if (r != NULL) 718280297Sjkim BIO_get_fd(r, &ret); 719280297Sjkim return (ret); 720280297Sjkim} 72189837Skris 722109998Smarkm#ifndef OPENSSL_NO_SOCK 723280297Sjkimint SSL_set_fd(SSL *s, int fd) 724280297Sjkim{ 725280297Sjkim int ret = 0; 726280297Sjkim BIO *bio = NULL; 72755714Skris 728280297Sjkim bio = BIO_new(BIO_s_socket()); 72955714Skris 730280297Sjkim if (bio == NULL) { 731280297Sjkim SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); 732280297Sjkim goto err; 733280297Sjkim } 734280297Sjkim BIO_set_fd(bio, fd, BIO_NOCLOSE); 735280297Sjkim SSL_set_bio(s, bio, bio); 736280297Sjkim ret = 1; 737280297Sjkim err: 738280297Sjkim return (ret); 739280297Sjkim} 74055714Skris 741280297Sjkimint SSL_set_wfd(SSL *s, int fd) 742280297Sjkim{ 743280297Sjkim int ret = 0; 744280297Sjkim BIO *bio = NULL; 74555714Skris 746280297Sjkim if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) 747280297Sjkim || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { 748280297Sjkim bio = BIO_new(BIO_s_socket()); 74955714Skris 750280297Sjkim if (bio == NULL) { 751280297Sjkim SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); 752280297Sjkim goto err; 753280297Sjkim } 754280297Sjkim BIO_set_fd(bio, fd, BIO_NOCLOSE); 755280297Sjkim SSL_set_bio(s, SSL_get_rbio(s), bio); 756280297Sjkim } else 757280297Sjkim SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); 758280297Sjkim ret = 1; 759280297Sjkim err: 760280297Sjkim return (ret); 761280297Sjkim} 76255714Skris 763280297Sjkimint SSL_set_rfd(SSL *s, int fd) 764280297Sjkim{ 765280297Sjkim int ret = 0; 766280297Sjkim BIO *bio = NULL; 76755714Skris 768280297Sjkim if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) 769280297Sjkim || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { 770280297Sjkim bio = BIO_new(BIO_s_socket()); 77155714Skris 772280297Sjkim if (bio == NULL) { 773280297Sjkim SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); 774280297Sjkim goto err; 775280297Sjkim } 776280297Sjkim BIO_set_fd(bio, fd, BIO_NOCLOSE); 777280297Sjkim SSL_set_bio(s, bio, SSL_get_wbio(s)); 778280297Sjkim } else 779280297Sjkim SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); 780280297Sjkim ret = 1; 781280297Sjkim err: 782280297Sjkim return (ret); 783280297Sjkim} 78455714Skris#endif 78555714Skris 78659191Skris/* return length of latest Finished message we sent, copy to 'buf' */ 787160814Ssimonsize_t SSL_get_finished(const SSL *s, void *buf, size_t count) 788280297Sjkim{ 789280297Sjkim size_t ret = 0; 79059191Skris 791280297Sjkim if (s->s3 != NULL) { 792280297Sjkim ret = s->s3->tmp.finish_md_len; 793280297Sjkim if (count > ret) 794280297Sjkim count = ret; 795280297Sjkim memcpy(buf, s->s3->tmp.finish_md, count); 796280297Sjkim } 797280297Sjkim return ret; 798280297Sjkim} 799280297Sjkim 80059191Skris/* return length of latest Finished message we expected, copy to 'buf' */ 801160814Ssimonsize_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) 802280297Sjkim{ 803280297Sjkim size_t ret = 0; 80459191Skris 805280297Sjkim if (s->s3 != NULL) { 806280297Sjkim ret = s->s3->tmp.peer_finish_md_len; 807280297Sjkim if (count > ret) 808280297Sjkim count = ret; 809280297Sjkim memcpy(buf, s->s3->tmp.peer_finish_md, count); 810280297Sjkim } 811280297Sjkim return ret; 812280297Sjkim} 81359191Skris 814160814Ssimonint SSL_get_verify_mode(const SSL *s) 815280297Sjkim{ 816280297Sjkim return (s->verify_mode); 817280297Sjkim} 81855714Skris 819160814Ssimonint SSL_get_verify_depth(const SSL *s) 820280297Sjkim{ 821280297Sjkim return X509_VERIFY_PARAM_get_depth(s->param); 822280297Sjkim} 82355714Skris 824280297Sjkimint (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) { 825280297Sjkim return (s->verify_callback); 826280297Sjkim} 82755714Skris 828160814Ssimonint SSL_CTX_get_verify_mode(const SSL_CTX *ctx) 829280297Sjkim{ 830280297Sjkim return (ctx->verify_mode); 831280297Sjkim} 83255714Skris 833160814Ssimonint SSL_CTX_get_verify_depth(const SSL_CTX *ctx) 834280297Sjkim{ 835280297Sjkim return X509_VERIFY_PARAM_get_depth(ctx->param); 836280297Sjkim} 83755714Skris 838280297Sjkimint (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) { 839280297Sjkim return (ctx->default_verify_callback); 840280297Sjkim} 84155714Skris 842280297Sjkimvoid SSL_set_verify(SSL *s, int mode, 843280297Sjkim int (*callback) (int ok, X509_STORE_CTX *ctx)) 844280297Sjkim{ 845280297Sjkim s->verify_mode = mode; 846280297Sjkim if (callback != NULL) 847280297Sjkim s->verify_callback = callback; 848280297Sjkim} 84955714Skris 850280297Sjkimvoid SSL_set_verify_depth(SSL *s, int depth) 851280297Sjkim{ 852280297Sjkim X509_VERIFY_PARAM_set_depth(s->param, depth); 853280297Sjkim} 85455714Skris 855280297Sjkimvoid SSL_set_read_ahead(SSL *s, int yes) 856280297Sjkim{ 857280297Sjkim s->read_ahead = yes; 858280297Sjkim} 85955714Skris 860160814Ssimonint SSL_get_read_ahead(const SSL *s) 861280297Sjkim{ 862280297Sjkim return (s->read_ahead); 863280297Sjkim} 86455714Skris 865160814Ssimonint SSL_pending(const SSL *s) 866280297Sjkim{ 867280297Sjkim /* 868280297Sjkim * SSL_pending cannot work properly if read-ahead is enabled 869280297Sjkim * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is 870280297Sjkim * impossible to fix since SSL_pending cannot report errors that may be 871280297Sjkim * observed while scanning the new data. (Note that SSL_pending() is 872280297Sjkim * often used as a boolean value, so we'd better not return -1.) 873280297Sjkim */ 874280297Sjkim return (s->method->ssl_pending(s)); 875280297Sjkim} 87655714Skris 877160814SsimonX509 *SSL_get_peer_certificate(const SSL *s) 878280297Sjkim{ 879280297Sjkim X509 *r; 88055714Skris 881280297Sjkim if ((s == NULL) || (s->session == NULL)) 882280297Sjkim r = NULL; 883280297Sjkim else 884280297Sjkim r = s->session->peer; 88555714Skris 886280297Sjkim if (r == NULL) 887280297Sjkim return (r); 88855714Skris 889280297Sjkim CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509); 89055714Skris 891280297Sjkim return (r); 892280297Sjkim} 893280297Sjkim 894160814SsimonSTACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) 895280297Sjkim{ 896280297Sjkim STACK_OF(X509) *r; 89755714Skris 898280297Sjkim if ((s == NULL) || (s->session == NULL) 899280297Sjkim || (s->session->sess_cert == NULL)) 900280297Sjkim r = NULL; 901280297Sjkim else 902280297Sjkim r = s->session->sess_cert->cert_chain; 90355714Skris 904280297Sjkim /* 905280297Sjkim * If we are a client, cert_chain includes the peer's own certificate; if 906280297Sjkim * we are a server, it does not. 907280297Sjkim */ 90855714Skris 909280297Sjkim return (r); 910280297Sjkim} 91155714Skris 912280297Sjkim/* 913280297Sjkim * Now in theory, since the calling process own 't' it should be safe to 914280297Sjkim * modify. We need to be able to read f without being hassled 915280297Sjkim */ 916280297Sjkimvoid SSL_copy_session_id(SSL *t, const SSL *f) 917280297Sjkim{ 918280297Sjkim CERT *tmp; 91955714Skris 920280297Sjkim /* Do we need to to SSL locking? */ 921280297Sjkim SSL_set_session(t, SSL_get_session(f)); 92255714Skris 923280297Sjkim /* 924280297Sjkim * what if we are setup as SSLv2 but want to talk SSLv3 or vice-versa 925280297Sjkim */ 926280297Sjkim if (t->method != f->method) { 927280297Sjkim t->method->ssl_free(t); /* cleanup current */ 928280297Sjkim t->method = f->method; /* change method */ 929280297Sjkim t->method->ssl_new(t); /* setup new */ 930280297Sjkim } 931280297Sjkim 932280297Sjkim tmp = t->cert; 933280297Sjkim if (f->cert != NULL) { 934280297Sjkim CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); 935280297Sjkim t->cert = f->cert; 936280297Sjkim } else 937280297Sjkim t->cert = NULL; 938280297Sjkim if (tmp != NULL) 939280297Sjkim ssl_cert_free(tmp); 940280297Sjkim SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length); 941280297Sjkim} 942280297Sjkim 94355714Skris/* Fix this so it checks all the valid key/cert options */ 944160814Ssimonint SSL_CTX_check_private_key(const SSL_CTX *ctx) 945280297Sjkim{ 946280297Sjkim if ((ctx == NULL) || 947280297Sjkim (ctx->cert == NULL) || (ctx->cert->key->x509 == NULL)) { 948280297Sjkim SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, 949280297Sjkim SSL_R_NO_CERTIFICATE_ASSIGNED); 950280297Sjkim return (0); 951280297Sjkim } 952280297Sjkim if (ctx->cert->key->privatekey == NULL) { 953280297Sjkim SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, 954280297Sjkim SSL_R_NO_PRIVATE_KEY_ASSIGNED); 955280297Sjkim return (0); 956280297Sjkim } 957280297Sjkim return (X509_check_private_key 958280297Sjkim (ctx->cert->key->x509, ctx->cert->key->privatekey)); 959280297Sjkim} 96055714Skris 96155714Skris/* Fix this function so that it takes an optional type parameter */ 962160814Ssimonint SSL_check_private_key(const SSL *ssl) 963280297Sjkim{ 964280297Sjkim if (ssl == NULL) { 965280297Sjkim SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); 966280297Sjkim return (0); 967280297Sjkim } 968280297Sjkim if (ssl->cert == NULL) { 969280297Sjkim SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); 970280297Sjkim return 0; 971280297Sjkim } 972280297Sjkim if (ssl->cert->key->x509 == NULL) { 973280297Sjkim SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); 974280297Sjkim return (0); 975280297Sjkim } 976280297Sjkim if (ssl->cert->key->privatekey == NULL) { 977280297Sjkim SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 978280297Sjkim return (0); 979280297Sjkim } 980280297Sjkim return (X509_check_private_key(ssl->cert->key->x509, 981280297Sjkim ssl->cert->key->privatekey)); 982280297Sjkim} 98355714Skris 98455714Skrisint SSL_accept(SSL *s) 985280297Sjkim{ 986280297Sjkim if (s->handshake_func == 0) 987280297Sjkim /* Not properly initialized yet */ 988280297Sjkim SSL_set_accept_state(s); 98955714Skris 990280297Sjkim return (s->method->ssl_accept(s)); 991280297Sjkim} 99255714Skris 99355714Skrisint SSL_connect(SSL *s) 994280297Sjkim{ 995280297Sjkim if (s->handshake_func == 0) 996280297Sjkim /* Not properly initialized yet */ 997280297Sjkim SSL_set_connect_state(s); 99855714Skris 999280297Sjkim return (s->method->ssl_connect(s)); 1000280297Sjkim} 100155714Skris 1002160814Ssimonlong SSL_get_default_timeout(const SSL *s) 1003280297Sjkim{ 1004280297Sjkim return (s->method->get_timeout()); 1005280297Sjkim} 100655714Skris 1007280297Sjkimint SSL_read(SSL *s, void *buf, int num) 1008280297Sjkim{ 1009280297Sjkim if (s->handshake_func == 0) { 1010280297Sjkim SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); 1011280297Sjkim return -1; 1012280297Sjkim } 101355714Skris 1014280297Sjkim if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1015280297Sjkim s->rwstate = SSL_NOTHING; 1016280297Sjkim return (0); 1017280297Sjkim } 1018280297Sjkim return (s->method->ssl_read(s, buf, num)); 1019280297Sjkim} 102055714Skris 1021280297Sjkimint SSL_peek(SSL *s, void *buf, int num) 1022280297Sjkim{ 1023280297Sjkim if (s->handshake_func == 0) { 1024280297Sjkim SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); 1025280297Sjkim return -1; 1026280297Sjkim } 102776866Skris 1028280297Sjkim if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1029280297Sjkim return (0); 1030280297Sjkim } 1031280297Sjkim return (s->method->ssl_peek(s, buf, num)); 1032280297Sjkim} 103355714Skris 1034280297Sjkimint SSL_write(SSL *s, const void *buf, int num) 1035280297Sjkim{ 1036280297Sjkim if (s->handshake_func == 0) { 1037280297Sjkim SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); 1038280297Sjkim return -1; 1039280297Sjkim } 104055714Skris 1041280297Sjkim if (s->shutdown & SSL_SENT_SHUTDOWN) { 1042280297Sjkim s->rwstate = SSL_NOTHING; 1043280297Sjkim SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); 1044280297Sjkim return (-1); 1045280297Sjkim } 1046280297Sjkim return (s->method->ssl_write(s, buf, num)); 1047280297Sjkim} 104855714Skris 104955714Skrisint SSL_shutdown(SSL *s) 1050280297Sjkim{ 1051280297Sjkim /* 1052280297Sjkim * Note that this function behaves differently from what one might 1053280297Sjkim * expect. Return values are 0 for no success (yet), 1 for success; but 1054280297Sjkim * calling it once is usually not enough, even if blocking I/O is used 1055280297Sjkim * (see ssl3_shutdown). 1056280297Sjkim */ 105755714Skris 1058280297Sjkim if (s->handshake_func == 0) { 1059280297Sjkim SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); 1060280297Sjkim return -1; 1061280297Sjkim } 106255714Skris 1063296279Sjkim if (!SSL_in_init(s)) { 1064296279Sjkim return s->method->ssl_shutdown(s); 1065296279Sjkim } else { 1066296279Sjkim SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT); 1067296279Sjkim return -1; 1068296279Sjkim } 1069280297Sjkim} 107055714Skris 107155714Skrisint SSL_renegotiate(SSL *s) 1072280297Sjkim{ 1073280297Sjkim if (s->renegotiate == 0) 1074280297Sjkim s->renegotiate = 1; 1075238405Sjkim 1076280297Sjkim s->new_session = 1; 1077238405Sjkim 1078280297Sjkim return (s->method->ssl_renegotiate(s)); 1079280297Sjkim} 108055714Skris 1081238405Sjkimint SSL_renegotiate_abbreviated(SSL *s) 1082280297Sjkim{ 1083280297Sjkim if (s->renegotiate == 0) 1084280297Sjkim s->renegotiate = 1; 1085238405Sjkim 1086280297Sjkim s->new_session = 0; 1087238405Sjkim 1088280297Sjkim return (s->method->ssl_renegotiate(s)); 1089280297Sjkim} 1090238405Sjkim 1091109998Smarkmint SSL_renegotiate_pending(SSL *s) 1092280297Sjkim{ 1093280297Sjkim /* 1094280297Sjkim * becomes true when negotiation is requested; false again once a 1095280297Sjkim * handshake has finished 1096280297Sjkim */ 1097280297Sjkim return (s->renegotiate != 0); 1098280297Sjkim} 1099109998Smarkm 1100280297Sjkimlong SSL_ctrl(SSL *s, int cmd, long larg, void *parg) 1101280297Sjkim{ 1102280297Sjkim long l; 110355714Skris 1104280297Sjkim switch (cmd) { 1105280297Sjkim case SSL_CTRL_GET_READ_AHEAD: 1106280297Sjkim return (s->read_ahead); 1107280297Sjkim case SSL_CTRL_SET_READ_AHEAD: 1108280297Sjkim l = s->read_ahead; 1109280297Sjkim s->read_ahead = larg; 1110280297Sjkim return (l); 1111109998Smarkm 1112280297Sjkim case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1113280297Sjkim s->msg_callback_arg = parg; 1114280297Sjkim return 1; 1115109998Smarkm 1116280297Sjkim case SSL_CTRL_OPTIONS: 1117280297Sjkim return (s->options |= larg); 1118280297Sjkim case SSL_CTRL_CLEAR_OPTIONS: 1119280297Sjkim return (s->options &= ~larg); 1120280297Sjkim case SSL_CTRL_MODE: 1121280297Sjkim return (s->mode |= larg); 1122280297Sjkim case SSL_CTRL_CLEAR_MODE: 1123280297Sjkim return (s->mode &= ~larg); 1124280297Sjkim case SSL_CTRL_GET_MAX_CERT_LIST: 1125280297Sjkim return (s->max_cert_list); 1126280297Sjkim case SSL_CTRL_SET_MAX_CERT_LIST: 1127280297Sjkim l = s->max_cert_list; 1128280297Sjkim s->max_cert_list = larg; 1129280297Sjkim return (l); 1130280297Sjkim case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1131280297Sjkim if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1132280297Sjkim return 0; 1133280297Sjkim s->max_send_fragment = larg; 1134280297Sjkim return 1; 1135280297Sjkim case SSL_CTRL_GET_RI_SUPPORT: 1136280297Sjkim if (s->s3) 1137280297Sjkim return s->s3->send_connection_binding; 1138280297Sjkim else 1139280297Sjkim return 0; 1140290207Sjkim case SSL_CTRL_CERT_FLAGS: 1141290207Sjkim return (s->cert->cert_flags |= larg); 1142290207Sjkim case SSL_CTRL_CLEAR_CERT_FLAGS: 1143290207Sjkim return (s->cert->cert_flags &= ~larg); 1144290207Sjkim 1145290207Sjkim case SSL_CTRL_GET_RAW_CIPHERLIST: 1146290207Sjkim if (parg) { 1147290207Sjkim if (s->cert->ciphers_raw == NULL) 1148290207Sjkim return 0; 1149290207Sjkim *(unsigned char **)parg = s->cert->ciphers_raw; 1150290207Sjkim return (int)s->cert->ciphers_rawlen; 1151290207Sjkim } else 1152290207Sjkim return ssl_put_cipher_by_char(s, NULL, NULL); 1153280297Sjkim default: 1154280297Sjkim return (s->method->ssl_ctrl(s, cmd, larg, parg)); 1155280297Sjkim } 1156280297Sjkim} 115755714Skris 1158280297Sjkimlong SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) 1159280297Sjkim{ 1160280297Sjkim switch (cmd) { 1161280297Sjkim case SSL_CTRL_SET_MSG_CALLBACK: 1162280297Sjkim s->msg_callback = (void (*) 1163280297Sjkim (int write_p, int version, int content_type, 1164280297Sjkim const void *buf, size_t len, SSL *ssl, 1165280297Sjkim void *arg))(fp); 1166280297Sjkim return 1; 116759191Skris 1168280297Sjkim default: 1169280297Sjkim return (s->method->ssl_callback_ctrl(s, cmd, fp)); 1170280297Sjkim } 1171280297Sjkim} 1172280297Sjkim 1173238405SjkimLHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) 1174280297Sjkim{ 1175280297Sjkim return ctx->sessions; 1176280297Sjkim} 117759191Skris 1178280297Sjkimlong SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 1179280297Sjkim{ 1180280297Sjkim long l; 1181290207Sjkim /* For some cases with ctx == NULL perform syntax checks */ 1182290207Sjkim if (ctx == NULL) { 1183290207Sjkim switch (cmd) { 1184290207Sjkim#ifndef OPENSSL_NO_EC 1185290207Sjkim case SSL_CTRL_SET_CURVES_LIST: 1186290207Sjkim return tls1_set_curves_list(NULL, NULL, parg); 1187290207Sjkim#endif 1188290207Sjkim case SSL_CTRL_SET_SIGALGS_LIST: 1189290207Sjkim case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: 1190290207Sjkim return tls1_set_sigalgs_list(NULL, parg, 0); 1191290207Sjkim default: 1192290207Sjkim return 0; 1193290207Sjkim } 1194290207Sjkim } 119555714Skris 1196280297Sjkim switch (cmd) { 1197280297Sjkim case SSL_CTRL_GET_READ_AHEAD: 1198280297Sjkim return (ctx->read_ahead); 1199280297Sjkim case SSL_CTRL_SET_READ_AHEAD: 1200280297Sjkim l = ctx->read_ahead; 1201280297Sjkim ctx->read_ahead = larg; 1202280297Sjkim return (l); 120355714Skris 1204280297Sjkim case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1205280297Sjkim ctx->msg_callback_arg = parg; 1206280297Sjkim return 1; 1207109998Smarkm 1208280297Sjkim case SSL_CTRL_GET_MAX_CERT_LIST: 1209280297Sjkim return (ctx->max_cert_list); 1210280297Sjkim case SSL_CTRL_SET_MAX_CERT_LIST: 1211280297Sjkim l = ctx->max_cert_list; 1212280297Sjkim ctx->max_cert_list = larg; 1213280297Sjkim return (l); 121455714Skris 1215280297Sjkim case SSL_CTRL_SET_SESS_CACHE_SIZE: 1216280297Sjkim l = ctx->session_cache_size; 1217280297Sjkim ctx->session_cache_size = larg; 1218280297Sjkim return (l); 1219280297Sjkim case SSL_CTRL_GET_SESS_CACHE_SIZE: 1220280297Sjkim return (ctx->session_cache_size); 1221280297Sjkim case SSL_CTRL_SET_SESS_CACHE_MODE: 1222280297Sjkim l = ctx->session_cache_mode; 1223280297Sjkim ctx->session_cache_mode = larg; 1224280297Sjkim return (l); 1225280297Sjkim case SSL_CTRL_GET_SESS_CACHE_MODE: 1226280297Sjkim return (ctx->session_cache_mode); 122755714Skris 1228280297Sjkim case SSL_CTRL_SESS_NUMBER: 1229280297Sjkim return (lh_SSL_SESSION_num_items(ctx->sessions)); 1230280297Sjkim case SSL_CTRL_SESS_CONNECT: 1231280297Sjkim return (ctx->stats.sess_connect); 1232280297Sjkim case SSL_CTRL_SESS_CONNECT_GOOD: 1233280297Sjkim return (ctx->stats.sess_connect_good); 1234280297Sjkim case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: 1235280297Sjkim return (ctx->stats.sess_connect_renegotiate); 1236280297Sjkim case SSL_CTRL_SESS_ACCEPT: 1237280297Sjkim return (ctx->stats.sess_accept); 1238280297Sjkim case SSL_CTRL_SESS_ACCEPT_GOOD: 1239280297Sjkim return (ctx->stats.sess_accept_good); 1240280297Sjkim case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: 1241280297Sjkim return (ctx->stats.sess_accept_renegotiate); 1242280297Sjkim case SSL_CTRL_SESS_HIT: 1243280297Sjkim return (ctx->stats.sess_hit); 1244280297Sjkim case SSL_CTRL_SESS_CB_HIT: 1245280297Sjkim return (ctx->stats.sess_cb_hit); 1246280297Sjkim case SSL_CTRL_SESS_MISSES: 1247280297Sjkim return (ctx->stats.sess_miss); 1248280297Sjkim case SSL_CTRL_SESS_TIMEOUTS: 1249280297Sjkim return (ctx->stats.sess_timeout); 1250280297Sjkim case SSL_CTRL_SESS_CACHE_FULL: 1251280297Sjkim return (ctx->stats.sess_cache_full); 1252280297Sjkim case SSL_CTRL_OPTIONS: 1253280297Sjkim return (ctx->options |= larg); 1254280297Sjkim case SSL_CTRL_CLEAR_OPTIONS: 1255280297Sjkim return (ctx->options &= ~larg); 1256280297Sjkim case SSL_CTRL_MODE: 1257280297Sjkim return (ctx->mode |= larg); 1258280297Sjkim case SSL_CTRL_CLEAR_MODE: 1259280297Sjkim return (ctx->mode &= ~larg); 1260280297Sjkim case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1261280297Sjkim if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1262280297Sjkim return 0; 1263280297Sjkim ctx->max_send_fragment = larg; 1264280297Sjkim return 1; 1265290207Sjkim case SSL_CTRL_CERT_FLAGS: 1266290207Sjkim return (ctx->cert->cert_flags |= larg); 1267290207Sjkim case SSL_CTRL_CLEAR_CERT_FLAGS: 1268290207Sjkim return (ctx->cert->cert_flags &= ~larg); 1269280297Sjkim default: 1270280297Sjkim return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); 1271280297Sjkim } 1272280297Sjkim} 1273109998Smarkm 1274280297Sjkimlong SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) 1275280297Sjkim{ 1276280297Sjkim switch (cmd) { 1277280297Sjkim case SSL_CTRL_SET_MSG_CALLBACK: 1278280297Sjkim ctx->msg_callback = (void (*) 1279280297Sjkim (int write_p, int version, int content_type, 1280280297Sjkim const void *buf, size_t len, SSL *ssl, 1281280297Sjkim void *arg))(fp); 1282280297Sjkim return 1; 128359191Skris 1284280297Sjkim default: 1285280297Sjkim return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp)); 1286280297Sjkim } 1287280297Sjkim} 1288280297Sjkim 128968651Skrisint ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) 1290280297Sjkim{ 1291280297Sjkim long l; 129255714Skris 1293280297Sjkim l = a->id - b->id; 1294280297Sjkim if (l == 0L) 1295280297Sjkim return (0); 1296280297Sjkim else 1297280297Sjkim return ((l > 0) ? 1 : -1); 1298280297Sjkim} 129955714Skris 1300280297Sjkimint ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, 1301280297Sjkim const SSL_CIPHER *const *bp) 1302280297Sjkim{ 1303280297Sjkim long l; 130455714Skris 1305280297Sjkim l = (*ap)->id - (*bp)->id; 1306280297Sjkim if (l == 0L) 1307280297Sjkim return (0); 1308280297Sjkim else 1309280297Sjkim return ((l > 0) ? 1 : -1); 1310280297Sjkim} 131155714Skris 131255714Skris/** return a STACK of the ciphers available for the SSL and in order of 131355714Skris * preference */ 1314160814SsimonSTACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) 1315280297Sjkim{ 1316280297Sjkim if (s != NULL) { 1317280297Sjkim if (s->cipher_list != NULL) { 1318280297Sjkim return (s->cipher_list); 1319280297Sjkim } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) { 1320280297Sjkim return (s->ctx->cipher_list); 1321280297Sjkim } 1322280297Sjkim } 1323280297Sjkim return (NULL); 1324280297Sjkim} 132555714Skris 132655714Skris/** return a STACK of the ciphers available for the SSL and in order of 132755714Skris * algorithm id */ 132855714SkrisSTACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) 1329280297Sjkim{ 1330280297Sjkim if (s != NULL) { 1331280297Sjkim if (s->cipher_list_by_id != NULL) { 1332280297Sjkim return (s->cipher_list_by_id); 1333280297Sjkim } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) { 1334280297Sjkim return (s->ctx->cipher_list_by_id); 1335280297Sjkim } 1336280297Sjkim } 1337280297Sjkim return (NULL); 1338280297Sjkim} 133955714Skris 134055714Skris/** The old interface to get the same thing as SSL_get_ciphers() */ 1341280297Sjkimconst char *SSL_get_cipher_list(const SSL *s, int n) 1342280297Sjkim{ 1343280297Sjkim SSL_CIPHER *c; 1344280297Sjkim STACK_OF(SSL_CIPHER) *sk; 134555714Skris 1346280297Sjkim if (s == NULL) 1347280297Sjkim return (NULL); 1348280297Sjkim sk = SSL_get_ciphers(s); 1349280297Sjkim if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) 1350280297Sjkim return (NULL); 1351280297Sjkim c = sk_SSL_CIPHER_value(sk, n); 1352280297Sjkim if (c == NULL) 1353280297Sjkim return (NULL); 1354280297Sjkim return (c->name); 1355280297Sjkim} 135655714Skris 135759191Skris/** specify the ciphers to be used by default by the SSL_CTX */ 135859191Skrisint SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) 1359280297Sjkim{ 1360280297Sjkim STACK_OF(SSL_CIPHER) *sk; 136155714Skris 1362280297Sjkim sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 1363290207Sjkim &ctx->cipher_list_by_id, str, ctx->cert); 1364280297Sjkim /* 1365280297Sjkim * ssl_create_cipher_list may return an empty stack if it was unable to 1366280297Sjkim * find a cipher matching the given rule string (for example if the rule 1367280297Sjkim * string specifies a cipher which has been disabled). This is not an 1368280297Sjkim * error as far as ssl_create_cipher_list is concerned, and hence 1369280297Sjkim * ctx->cipher_list and ctx->cipher_list_by_id has been updated. 1370280297Sjkim */ 1371280297Sjkim if (sk == NULL) 1372280297Sjkim return 0; 1373280297Sjkim else if (sk_SSL_CIPHER_num(sk) == 0) { 1374280297Sjkim SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1375280297Sjkim return 0; 1376280297Sjkim } 1377280297Sjkim return 1; 1378280297Sjkim} 1379280297Sjkim 138055714Skris/** specify the ciphers to be used by the SSL */ 1381280297Sjkimint SSL_set_cipher_list(SSL *s, const char *str) 1382280297Sjkim{ 1383280297Sjkim STACK_OF(SSL_CIPHER) *sk; 138455714Skris 1385280297Sjkim sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, 1386290207Sjkim &s->cipher_list_by_id, str, s->cert); 1387280297Sjkim /* see comment in SSL_CTX_set_cipher_list */ 1388280297Sjkim if (sk == NULL) 1389280297Sjkim return 0; 1390280297Sjkim else if (sk_SSL_CIPHER_num(sk) == 0) { 1391280297Sjkim SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1392280297Sjkim return 0; 1393280297Sjkim } 1394280297Sjkim return 1; 1395280297Sjkim} 1396280297Sjkim 139755714Skris/* works well for SSLv2, not so good for SSLv3 */ 1398280297Sjkimchar *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) 1399280297Sjkim{ 1400280297Sjkim char *p; 1401280297Sjkim STACK_OF(SSL_CIPHER) *sk; 1402280297Sjkim SSL_CIPHER *c; 1403280297Sjkim int i; 140455714Skris 1405280297Sjkim if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) 1406280297Sjkim return (NULL); 140755714Skris 1408280297Sjkim p = buf; 1409280297Sjkim sk = s->session->ciphers; 1410267256Sjkim 1411280297Sjkim if (sk_SSL_CIPHER_num(sk) == 0) 1412280297Sjkim return NULL; 1413267256Sjkim 1414280297Sjkim for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { 1415280297Sjkim int n; 1416172429Ssimon 1417280297Sjkim c = sk_SSL_CIPHER_value(sk, i); 1418280297Sjkim n = strlen(c->name); 1419280297Sjkim if (n + 1 > len) { 1420280297Sjkim if (p != buf) 1421280297Sjkim --p; 1422280297Sjkim *p = '\0'; 1423280297Sjkim return buf; 1424280297Sjkim } 1425280297Sjkim strcpy(p, c->name); 1426280297Sjkim p += n; 1427280297Sjkim *(p++) = ':'; 1428280297Sjkim len -= n + 1; 1429280297Sjkim } 1430280297Sjkim p[-1] = '\0'; 1431280297Sjkim return (buf); 1432280297Sjkim} 143355714Skris 1434280297Sjkimint ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, 1435280297Sjkim unsigned char *p, 1436280297Sjkim int (*put_cb) (const SSL_CIPHER *, 1437280297Sjkim unsigned char *)) 1438280297Sjkim{ 1439280297Sjkim int i, j = 0; 1440280297Sjkim SSL_CIPHER *c; 1441290207Sjkim CERT *ct = s->cert; 1442280297Sjkim unsigned char *q; 1443290207Sjkim int empty_reneg_info_scsv = !s->renegotiate; 1444290207Sjkim /* Set disabled masks for this session */ 1445290207Sjkim ssl_set_client_disabled(s); 144655714Skris 1447280297Sjkim if (sk == NULL) 1448280297Sjkim return (0); 1449280297Sjkim q = p; 1450280297Sjkim if (put_cb == NULL) 1451280297Sjkim put_cb = s->method->put_cipher_by_char; 145255714Skris 1453280297Sjkim for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { 1454280297Sjkim c = sk_SSL_CIPHER_value(sk, i); 1455290207Sjkim /* Skip disabled ciphers */ 1456290207Sjkim if (c->algorithm_ssl & ct->mask_ssl || 1457290207Sjkim c->algorithm_mkey & ct->mask_k || c->algorithm_auth & ct->mask_a) 1458280297Sjkim continue; 1459290207Sjkim#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL 1460290207Sjkim if (c->id == SSL3_CK_SCSV) { 1461290207Sjkim if (!empty_reneg_info_scsv) 1462290207Sjkim continue; 1463290207Sjkim else 1464290207Sjkim empty_reneg_info_scsv = 0; 1465290207Sjkim } 1466290207Sjkim#endif 1467280297Sjkim j = put_cb(c, p); 1468280297Sjkim p += j; 1469280297Sjkim } 1470280297Sjkim /* 1471280297Sjkim * If p == q, no ciphers; caller indicates an error. Otherwise, add 1472280297Sjkim * applicable SCSVs. 1473280297Sjkim */ 1474280297Sjkim if (p != q) { 1475290207Sjkim if (empty_reneg_info_scsv) { 1476280297Sjkim static SSL_CIPHER scsv = { 1477280297Sjkim 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 1478280297Sjkim }; 1479280297Sjkim j = put_cb(&scsv, p); 1480280297Sjkim p += j; 1481205128Ssimon#ifdef OPENSSL_RI_DEBUG 1482280297Sjkim fprintf(stderr, 1483280297Sjkim "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n"); 1484205128Ssimon#endif 1485280297Sjkim } 1486280297Sjkim if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) { 1487280297Sjkim static SSL_CIPHER scsv = { 1488280297Sjkim 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 1489280297Sjkim }; 1490280297Sjkim j = put_cb(&scsv, p); 1491280297Sjkim p += j; 1492280297Sjkim } 1493280297Sjkim } 1494273144Sjkim 1495280297Sjkim return (p - q); 1496280297Sjkim} 149755714Skris 1498280297SjkimSTACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, 1499280297Sjkim int num, 1500280297Sjkim STACK_OF(SSL_CIPHER) **skp) 1501280297Sjkim{ 1502280297Sjkim const SSL_CIPHER *c; 1503280297Sjkim STACK_OF(SSL_CIPHER) *sk; 1504280297Sjkim int i, n; 1505273144Sjkim 1506280297Sjkim if (s->s3) 1507280297Sjkim s->s3->send_connection_binding = 0; 150855714Skris 1509280297Sjkim n = ssl_put_cipher_by_char(s, NULL, NULL); 1510280297Sjkim if (n == 0 || (num % n) != 0) { 1511280297Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, 1512280297Sjkim SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 1513280297Sjkim return (NULL); 1514280297Sjkim } 1515284283Sjkim if ((skp == NULL) || (*skp == NULL)) { 1516280297Sjkim sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */ 1517284283Sjkim if(sk == NULL) { 1518284283Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1519284283Sjkim return NULL; 1520284283Sjkim } 1521284283Sjkim } else { 1522280297Sjkim sk = *skp; 1523280297Sjkim sk_SSL_CIPHER_zero(sk); 1524280297Sjkim } 152555714Skris 1526290207Sjkim if (s->cert->ciphers_raw) 1527290207Sjkim OPENSSL_free(s->cert->ciphers_raw); 1528290207Sjkim s->cert->ciphers_raw = BUF_memdup(p, num); 1529290207Sjkim if (s->cert->ciphers_raw == NULL) { 1530290207Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1531290207Sjkim goto err; 1532290207Sjkim } 1533290207Sjkim s->cert->ciphers_rawlen = (size_t)num; 1534290207Sjkim 1535280297Sjkim for (i = 0; i < num; i += n) { 1536280297Sjkim /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ 1537280297Sjkim if (s->s3 && (n != 3 || !p[0]) && 1538280297Sjkim (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && 1539280297Sjkim (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { 1540280297Sjkim /* SCSV fatal if renegotiating */ 1541280297Sjkim if (s->renegotiate) { 1542280297Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, 1543280297Sjkim SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); 1544280297Sjkim ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1545280297Sjkim goto err; 1546280297Sjkim } 1547280297Sjkim s->s3->send_connection_binding = 1; 1548280297Sjkim p += n; 1549205128Ssimon#ifdef OPENSSL_RI_DEBUG 1550280297Sjkim fprintf(stderr, "SCSV received by server\n"); 1551205128Ssimon#endif 1552280297Sjkim continue; 1553280297Sjkim } 1554205128Ssimon 1555280297Sjkim /* Check for TLS_FALLBACK_SCSV */ 1556280297Sjkim if ((n != 3 || !p[0]) && 1557280297Sjkim (p[n - 2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) && 1558280297Sjkim (p[n - 1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) { 1559280297Sjkim /* 1560280297Sjkim * The SCSV indicates that the client previously tried a higher 1561280297Sjkim * version. Fail if the current version is an unexpected 1562280297Sjkim * downgrade. 1563280297Sjkim */ 1564280297Sjkim if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) { 1565280297Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, 1566280297Sjkim SSL_R_INAPPROPRIATE_FALLBACK); 1567280297Sjkim if (s->s3) 1568280297Sjkim ssl3_send_alert(s, SSL3_AL_FATAL, 1569280297Sjkim SSL_AD_INAPPROPRIATE_FALLBACK); 1570280297Sjkim goto err; 1571280297Sjkim } 1572280297Sjkim p += n; 1573280297Sjkim continue; 1574280297Sjkim } 1575273144Sjkim 1576280297Sjkim c = ssl_get_cipher_by_char(s, p); 1577280297Sjkim p += n; 1578280297Sjkim if (c != NULL) { 1579280297Sjkim if (!sk_SSL_CIPHER_push(sk, c)) { 1580280297Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1581280297Sjkim goto err; 1582280297Sjkim } 1583280297Sjkim } 1584280297Sjkim } 158555714Skris 1586280297Sjkim if (skp != NULL) 1587280297Sjkim *skp = sk; 1588280297Sjkim return (sk); 1589280297Sjkim err: 1590280297Sjkim if ((skp == NULL) || (*skp == NULL)) 1591280297Sjkim sk_SSL_CIPHER_free(sk); 1592280297Sjkim return (NULL); 1593280297Sjkim} 159455714Skris 1595194206Ssimon#ifndef OPENSSL_NO_TLSEXT 1596194206Ssimon/** return a servername extension value if provided in Client Hello, or NULL. 1597194206Ssimon * So far, only host_name types are defined (RFC 3546). 1598194206Ssimon */ 1599194206Ssimon 1600194206Ssimonconst char *SSL_get_servername(const SSL *s, const int type) 1601280297Sjkim{ 1602280297Sjkim if (type != TLSEXT_NAMETYPE_host_name) 1603280297Sjkim return NULL; 1604194206Ssimon 1605280297Sjkim return s->session && !s->tlsext_hostname ? 1606280297Sjkim s->session->tlsext_hostname : s->tlsext_hostname; 1607280297Sjkim} 1608194206Ssimon 1609194206Ssimonint SSL_get_servername_type(const SSL *s) 1610280297Sjkim{ 1611280297Sjkim if (s->session 1612280297Sjkim && (!s->tlsext_hostname ? s->session-> 1613280297Sjkim tlsext_hostname : s->tlsext_hostname)) 1614280297Sjkim return TLSEXT_NAMETYPE_host_name; 1615280297Sjkim return -1; 1616280297Sjkim} 1617238405Sjkim 1618280297Sjkim/* 1619280297Sjkim * SSL_select_next_proto implements the standard protocol selection. It is 1620238405Sjkim * expected that this function is called from the callback set by 1621280297Sjkim * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a 1622280297Sjkim * vector of 8-bit, length prefixed byte strings. The length byte itself is 1623280297Sjkim * not included in the length. A byte string of length 0 is invalid. No byte 1624280297Sjkim * string may be truncated. The current, but experimental algorithm for 1625280297Sjkim * selecting the protocol is: 1) If the server doesn't support NPN then this 1626280297Sjkim * is indicated to the callback. In this case, the client application has to 1627280297Sjkim * abort the connection or have a default application level protocol. 2) If 1628280297Sjkim * the server supports NPN, but advertises an empty list then the client 1629280297Sjkim * selects the first protcol in its list, but indicates via the API that this 1630280297Sjkim * fallback case was enacted. 3) Otherwise, the client finds the first 1631280297Sjkim * protocol in the server's list that it supports and selects this protocol. 1632280297Sjkim * This is because it's assumed that the server has better information about 1633280297Sjkim * which protocol a client should use. 4) If the client doesn't support any 1634280297Sjkim * of the server's advertised protocols, then this is treated the same as 1635280297Sjkim * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was 1636280297Sjkim * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. 1637238405Sjkim */ 1638280297Sjkimint SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 1639280297Sjkim const unsigned char *server, 1640280297Sjkim unsigned int server_len, 1641280297Sjkim const unsigned char *client, 1642280297Sjkim unsigned int client_len) 1643280297Sjkim{ 1644280297Sjkim unsigned int i, j; 1645280297Sjkim const unsigned char *result; 1646280297Sjkim int status = OPENSSL_NPN_UNSUPPORTED; 1647238405Sjkim 1648280297Sjkim /* 1649280297Sjkim * For each protocol in server preference order, see if we support it. 1650280297Sjkim */ 1651280297Sjkim for (i = 0; i < server_len;) { 1652280297Sjkim for (j = 0; j < client_len;) { 1653280297Sjkim if (server[i] == client[j] && 1654280297Sjkim memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { 1655280297Sjkim /* We found a match */ 1656280297Sjkim result = &server[i]; 1657280297Sjkim status = OPENSSL_NPN_NEGOTIATED; 1658280297Sjkim goto found; 1659280297Sjkim } 1660280297Sjkim j += client[j]; 1661280297Sjkim j++; 1662280297Sjkim } 1663280297Sjkim i += server[i]; 1664280297Sjkim i++; 1665280297Sjkim } 1666238405Sjkim 1667280297Sjkim /* There's no overlap between our protocols and the server's list. */ 1668280297Sjkim result = client; 1669280297Sjkim status = OPENSSL_NPN_NO_OVERLAP; 1670238405Sjkim 1671280297Sjkim found: 1672280297Sjkim *out = (unsigned char *)result + 1; 1673280297Sjkim *outlen = result[0]; 1674280297Sjkim return status; 1675280297Sjkim} 1676238405Sjkim 1677290207Sjkim# ifndef OPENSSL_NO_NEXTPROTONEG 1678280297Sjkim/* 1679280297Sjkim * SSL_get0_next_proto_negotiated sets *data and *len to point to the 1680280297Sjkim * client's requested protocol for this connection and returns 0. If the 1681280297Sjkim * client didn't request any protocol, then *data is set to NULL. Note that 1682280297Sjkim * the client can request any protocol it chooses. The value returned from 1683280297Sjkim * this function need not be a member of the list of supported protocols 1684238405Sjkim * provided by the callback. 1685238405Sjkim */ 1686280297Sjkimvoid SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, 1687280297Sjkim unsigned *len) 1688280297Sjkim{ 1689280297Sjkim *data = s->next_proto_negotiated; 1690280297Sjkim if (!*data) { 1691280297Sjkim *len = 0; 1692280297Sjkim } else { 1693280297Sjkim *len = s->next_proto_negotiated_len; 1694280297Sjkim } 1695238405Sjkim} 1696238405Sjkim 1697280297Sjkim/* 1698280297Sjkim * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when 1699280297Sjkim * a TLS server needs a list of supported protocols for Next Protocol 1700280297Sjkim * Negotiation. The returned list must be in wire format. The list is 1701280297Sjkim * returned by setting |out| to point to it and |outlen| to its length. This 1702280297Sjkim * memory will not be modified, but one should assume that the SSL* keeps a 1703280297Sjkim * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it 1704280297Sjkim * wishes to advertise. Otherwise, no such extension will be included in the 1705280297Sjkim * ServerHello. 1706280297Sjkim */ 1707280297Sjkimvoid SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, 1708280297Sjkim int (*cb) (SSL *ssl, 1709280297Sjkim const unsigned char 1710280297Sjkim **out, 1711280297Sjkim unsigned int *outlen, 1712280297Sjkim void *arg), void *arg) 1713280297Sjkim{ 1714280297Sjkim ctx->next_protos_advertised_cb = cb; 1715280297Sjkim ctx->next_protos_advertised_cb_arg = arg; 1716280297Sjkim} 1717238405Sjkim 1718280297Sjkim/* 1719280297Sjkim * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a 1720238405Sjkim * client needs to select a protocol from the server's provided list. |out| 1721238405Sjkim * must be set to point to the selected protocol (which may be within |in|). 1722280297Sjkim * The length of the protocol name must be written into |outlen|. The 1723280297Sjkim * server's advertised protocols are provided in |in| and |inlen|. The 1724280297Sjkim * callback can assume that |in| is syntactically valid. The client must 1725280297Sjkim * select a protocol. It is fatal to the connection if this callback returns 1726280297Sjkim * a value other than SSL_TLSEXT_ERR_OK. 1727238405Sjkim */ 1728280297Sjkimvoid SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, 1729280297Sjkim int (*cb) (SSL *s, unsigned char **out, 1730280297Sjkim unsigned char *outlen, 1731280297Sjkim const unsigned char *in, 1732280297Sjkim unsigned int inlen, 1733280297Sjkim void *arg), void *arg) 1734280297Sjkim{ 1735280297Sjkim ctx->next_proto_select_cb = cb; 1736280297Sjkim ctx->next_proto_select_cb_arg = arg; 1737280297Sjkim} 1738238405Sjkim# endif 1739194206Ssimon 1740290207Sjkim/* 1741290207Sjkim * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. 1742290207Sjkim * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit 1743290207Sjkim * length-prefixed strings). Returns 0 on success. 1744290207Sjkim */ 1745290207Sjkimint SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, 1746290207Sjkim unsigned protos_len) 1747290207Sjkim{ 1748290207Sjkim if (ctx->alpn_client_proto_list) 1749290207Sjkim OPENSSL_free(ctx->alpn_client_proto_list); 1750290207Sjkim 1751290207Sjkim ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len); 1752290207Sjkim if (!ctx->alpn_client_proto_list) 1753290207Sjkim return 1; 1754290207Sjkim memcpy(ctx->alpn_client_proto_list, protos, protos_len); 1755290207Sjkim ctx->alpn_client_proto_list_len = protos_len; 1756290207Sjkim 1757290207Sjkim return 0; 1758290207Sjkim} 1759290207Sjkim 1760290207Sjkim/* 1761290207Sjkim * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|. 1762290207Sjkim * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit 1763290207Sjkim * length-prefixed strings). Returns 0 on success. 1764290207Sjkim */ 1765290207Sjkimint SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, 1766290207Sjkim unsigned protos_len) 1767290207Sjkim{ 1768290207Sjkim if (ssl->alpn_client_proto_list) 1769290207Sjkim OPENSSL_free(ssl->alpn_client_proto_list); 1770290207Sjkim 1771290207Sjkim ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len); 1772290207Sjkim if (!ssl->alpn_client_proto_list) 1773290207Sjkim return 1; 1774290207Sjkim memcpy(ssl->alpn_client_proto_list, protos, protos_len); 1775290207Sjkim ssl->alpn_client_proto_list_len = protos_len; 1776290207Sjkim 1777290207Sjkim return 0; 1778290207Sjkim} 1779290207Sjkim 1780290207Sjkim/* 1781290207Sjkim * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is 1782290207Sjkim * called during ClientHello processing in order to select an ALPN protocol 1783290207Sjkim * from the client's list of offered protocols. 1784290207Sjkim */ 1785290207Sjkimvoid SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, 1786290207Sjkim int (*cb) (SSL *ssl, 1787290207Sjkim const unsigned char **out, 1788290207Sjkim unsigned char *outlen, 1789290207Sjkim const unsigned char *in, 1790290207Sjkim unsigned int inlen, 1791290207Sjkim void *arg), void *arg) 1792290207Sjkim{ 1793290207Sjkim ctx->alpn_select_cb = cb; 1794290207Sjkim ctx->alpn_select_cb_arg = arg; 1795290207Sjkim} 1796290207Sjkim 1797290207Sjkim/* 1798290207Sjkim * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from 1799290207Sjkim * |ssl|. On return it sets |*data| to point to |*len| bytes of protocol name 1800290207Sjkim * (not including the leading length-prefix byte). If the server didn't 1801290207Sjkim * respond with a negotiated protocol then |*len| will be zero. 1802290207Sjkim */ 1803290207Sjkimvoid SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, 1804290207Sjkim unsigned *len) 1805290207Sjkim{ 1806290207Sjkim *data = NULL; 1807290207Sjkim if (ssl->s3) 1808290207Sjkim *data = ssl->s3->alpn_selected; 1809290207Sjkim if (*data == NULL) 1810290207Sjkim *len = 0; 1811290207Sjkim else 1812290207Sjkim *len = ssl->s3->alpn_selected_len; 1813290207Sjkim} 1814290207Sjkim 1815290207Sjkim#endif /* !OPENSSL_NO_TLSEXT */ 1816290207Sjkim 1817238405Sjkimint SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1818280297Sjkim const char *label, size_t llen, 1819280297Sjkim const unsigned char *p, size_t plen, 1820280297Sjkim int use_context) 1821280297Sjkim{ 1822280297Sjkim if (s->version < TLS1_VERSION) 1823280297Sjkim return -1; 1824238405Sjkim 1825280297Sjkim return s->method->ssl3_enc->export_keying_material(s, out, olen, label, 1826280297Sjkim llen, p, plen, 1827280297Sjkim use_context); 1828280297Sjkim} 1829238405Sjkim 1830238405Sjkimstatic unsigned long ssl_session_hash(const SSL_SESSION *a) 1831280297Sjkim{ 1832280297Sjkim unsigned long l; 183355714Skris 1834280297Sjkim l = (unsigned long) 1835280297Sjkim ((unsigned int)a->session_id[0]) | 1836280297Sjkim ((unsigned int)a->session_id[1] << 8L) | 1837280297Sjkim ((unsigned long)a->session_id[2] << 16L) | 1838280297Sjkim ((unsigned long)a->session_id[3] << 24L); 1839280297Sjkim return (l); 1840280297Sjkim} 184155714Skris 1842280297Sjkim/* 1843280297Sjkim * NB: If this function (or indeed the hash function which uses a sort of 1844109998Smarkm * coarser function than this one) is changed, ensure 1845280297Sjkim * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on 1846280297Sjkim * being able to construct an SSL_SESSION that will collide with any existing 1847280297Sjkim * session with a matching session ID. 1848280297Sjkim */ 1849280297Sjkimstatic int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) 1850280297Sjkim{ 1851280297Sjkim if (a->ssl_version != b->ssl_version) 1852280297Sjkim return (1); 1853280297Sjkim if (a->session_id_length != b->session_id_length) 1854280297Sjkim return (1); 1855280297Sjkim return (memcmp(a->session_id, b->session_id, a->session_id_length)); 1856280297Sjkim} 185755714Skris 1858280297Sjkim/* 1859280297Sjkim * These wrapper functions should remain rather than redeclaring 1860109998Smarkm * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each 1861280297Sjkim * variable. The reason is that the functions aren't static, they're exposed 1862280297Sjkim * via ssl.h. 1863280297Sjkim */ 1864238405Sjkimstatic IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) 1865238405Sjkimstatic IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) 1866109998Smarkm 1867238405SjkimSSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) 1868280297Sjkim{ 1869280297Sjkim SSL_CTX *ret = NULL; 1870238405Sjkim 1871280297Sjkim if (meth == NULL) { 1872280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); 1873280297Sjkim return (NULL); 1874280297Sjkim } 1875194206Ssimon#ifdef OPENSSL_FIPS 1876280297Sjkim if (FIPS_mode() && (meth->version < TLS1_VERSION)) { 1877280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 1878280297Sjkim return NULL; 1879280297Sjkim } 1880194206Ssimon#endif 1881194206Ssimon 1882280297Sjkim if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 1883280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 1884280297Sjkim goto err; 1885280297Sjkim } 1886280297Sjkim ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); 1887280297Sjkim if (ret == NULL) 1888280297Sjkim goto err; 188955714Skris 1890280297Sjkim memset(ret, 0, sizeof(SSL_CTX)); 189155714Skris 1892280297Sjkim ret->method = meth; 189355714Skris 1894280297Sjkim ret->cert_store = NULL; 1895280297Sjkim ret->session_cache_mode = SSL_SESS_CACHE_SERVER; 1896280297Sjkim ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 1897280297Sjkim ret->session_cache_head = NULL; 1898280297Sjkim ret->session_cache_tail = NULL; 189955714Skris 1900280297Sjkim /* We take the system default */ 1901280297Sjkim ret->session_timeout = meth->get_timeout(); 190255714Skris 1903280297Sjkim ret->new_session_cb = 0; 1904280297Sjkim ret->remove_session_cb = 0; 1905280297Sjkim ret->get_session_cb = 0; 1906280297Sjkim ret->generate_session_id = 0; 190755714Skris 1908280297Sjkim memset((char *)&ret->stats, 0, sizeof(ret->stats)); 190955714Skris 1910280297Sjkim ret->references = 1; 1911280297Sjkim ret->quiet_shutdown = 0; 191255714Skris 1913280297Sjkim/* ret->cipher=NULL;*/ 1914280297Sjkim/*- 1915280297Sjkim ret->s2->challenge=NULL; 1916280297Sjkim ret->master_key=NULL; 1917280297Sjkim ret->key_arg=NULL; 1918280297Sjkim ret->s2->conn_id=NULL; */ 191955714Skris 1920280297Sjkim ret->info_callback = NULL; 192155714Skris 1922280297Sjkim ret->app_verify_callback = 0; 1923280297Sjkim ret->app_verify_arg = NULL; 192455714Skris 1925280297Sjkim ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; 1926280297Sjkim ret->read_ahead = 0; 1927280297Sjkim ret->msg_callback = 0; 1928280297Sjkim ret->msg_callback_arg = NULL; 1929280297Sjkim ret->verify_mode = SSL_VERIFY_NONE; 1930160814Ssimon#if 0 1931280297Sjkim ret->verify_depth = -1; /* Don't impose a limit (but x509_lu.c does) */ 1932160814Ssimon#endif 1933280297Sjkim ret->sid_ctx_length = 0; 1934280297Sjkim ret->default_verify_callback = NULL; 1935280297Sjkim if ((ret->cert = ssl_cert_new()) == NULL) 1936280297Sjkim goto err; 193755714Skris 1938280297Sjkim ret->default_passwd_callback = 0; 1939280297Sjkim ret->default_passwd_callback_userdata = NULL; 1940280297Sjkim ret->client_cert_cb = 0; 1941280297Sjkim ret->app_gen_cookie_cb = 0; 1942280297Sjkim ret->app_verify_cookie_cb = 0; 194355714Skris 1944280297Sjkim ret->sessions = lh_SSL_SESSION_new(); 1945280297Sjkim if (ret->sessions == NULL) 1946280297Sjkim goto err; 1947280297Sjkim ret->cert_store = X509_STORE_new(); 1948280297Sjkim if (ret->cert_store == NULL) 1949280297Sjkim goto err; 195055714Skris 1951280297Sjkim ssl_create_cipher_list(ret->method, 1952280297Sjkim &ret->cipher_list, &ret->cipher_list_by_id, 1953280297Sjkim meth->version == 1954290207Sjkim SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, 1955290207Sjkim ret->cert); 1956280297Sjkim if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { 1957280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); 1958280297Sjkim goto err2; 1959280297Sjkim } 196055714Skris 1961280297Sjkim ret->param = X509_VERIFY_PARAM_new(); 1962280297Sjkim if (!ret->param) 1963280297Sjkim goto err; 1964160814Ssimon 1965280297Sjkim if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) { 1966280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); 1967280297Sjkim goto err2; 1968280297Sjkim } 1969280297Sjkim if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { 1970280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); 1971280297Sjkim goto err2; 1972280297Sjkim } 1973280297Sjkim if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { 1974280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); 1975280297Sjkim goto err2; 1976280297Sjkim } 197755714Skris 1978280297Sjkim if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) 1979280297Sjkim goto err; 198055714Skris 1981280297Sjkim CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); 198255714Skris 1983280297Sjkim ret->extra_certs = NULL; 1984280297Sjkim /* No compression for DTLS */ 1985291719Sjkim if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)) 1986280297Sjkim ret->comp_methods = SSL_COMP_get_compression_methods(); 198755714Skris 1988280297Sjkim ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1989238405Sjkim 1990194206Ssimon#ifndef OPENSSL_NO_TLSEXT 1991280297Sjkim ret->tlsext_servername_callback = 0; 1992280297Sjkim ret->tlsext_servername_arg = NULL; 1993280297Sjkim /* Setup RFC4507 ticket keys */ 1994280297Sjkim if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) 1995280297Sjkim || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) 1996280297Sjkim || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) 1997280297Sjkim ret->options |= SSL_OP_NO_TICKET; 1998194206Ssimon 1999280297Sjkim ret->tlsext_status_cb = 0; 2000280297Sjkim ret->tlsext_status_arg = NULL; 2001194206Ssimon 2002238405Sjkim# ifndef OPENSSL_NO_NEXTPROTONEG 2003280297Sjkim ret->next_protos_advertised_cb = 0; 2004280297Sjkim ret->next_proto_select_cb = 0; 2005238405Sjkim# endif 2006194206Ssimon#endif 2007238405Sjkim#ifndef OPENSSL_NO_PSK 2008280297Sjkim ret->psk_identity_hint = NULL; 2009280297Sjkim ret->psk_client_callback = NULL; 2010280297Sjkim ret->psk_server_callback = NULL; 2011238405Sjkim#endif 2012238405Sjkim#ifndef OPENSSL_NO_SRP 2013280297Sjkim SSL_CTX_SRP_CTX_init(ret); 2014238405Sjkim#endif 2015238405Sjkim#ifndef OPENSSL_NO_BUF_FREELISTS 2016280297Sjkim ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; 2017280297Sjkim ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); 2018280297Sjkim if (!ret->rbuf_freelist) 2019280297Sjkim goto err; 2020280297Sjkim ret->rbuf_freelist->chunklen = 0; 2021280297Sjkim ret->rbuf_freelist->len = 0; 2022280297Sjkim ret->rbuf_freelist->head = NULL; 2023280297Sjkim ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); 2024280297Sjkim if (!ret->wbuf_freelist) { 2025280297Sjkim OPENSSL_free(ret->rbuf_freelist); 2026280297Sjkim goto err; 2027280297Sjkim } 2028280297Sjkim ret->wbuf_freelist->chunklen = 0; 2029280297Sjkim ret->wbuf_freelist->len = 0; 2030280297Sjkim ret->wbuf_freelist->head = NULL; 2031238405Sjkim#endif 2032194206Ssimon#ifndef OPENSSL_NO_ENGINE 2033280297Sjkim ret->client_cert_engine = NULL; 2034280297Sjkim# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO 2035280297Sjkim# define eng_strx(x) #x 2036280297Sjkim# define eng_str(x) eng_strx(x) 2037280297Sjkim /* Use specific client engine automatically... ignore errors */ 2038280297Sjkim { 2039280297Sjkim ENGINE *eng; 2040280297Sjkim eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 2041280297Sjkim if (!eng) { 2042280297Sjkim ERR_clear_error(); 2043280297Sjkim ENGINE_load_builtin_engines(); 2044280297Sjkim eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 2045280297Sjkim } 2046280297Sjkim if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) 2047280297Sjkim ERR_clear_error(); 2048280297Sjkim } 2049280297Sjkim# endif 2050194206Ssimon#endif 2051280297Sjkim /* 2052280297Sjkim * Default is to connect to non-RI servers. When RI is more widely 2053280297Sjkim * deployed might change this. 2054280297Sjkim */ 2055280297Sjkim ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; 2056194206Ssimon 2057296279Sjkim /* 2058296279Sjkim * Disable SSLv2 by default, callers that want to enable SSLv2 will have to 2059296279Sjkim * explicitly clear this option via either of SSL_CTX_clear_options() or 2060296279Sjkim * SSL_clear_options(). 2061296279Sjkim */ 2062296279Sjkim ret->options |= SSL_OP_NO_SSLv2; 2063296279Sjkim 2064280297Sjkim return (ret); 2065280297Sjkim err: 2066280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); 2067280297Sjkim err2: 2068280297Sjkim if (ret != NULL) 2069280297Sjkim SSL_CTX_free(ret); 2070280297Sjkim return (NULL); 2071280297Sjkim} 207255714Skris 2073109998Smarkm#if 0 207455714Skrisstatic void SSL_COMP_free(SSL_COMP *comp) 2075280297Sjkim{ 2076280297Sjkim OPENSSL_free(comp); 2077280297Sjkim} 2078109998Smarkm#endif 207955714Skris 2080238405Sjkim#ifndef OPENSSL_NO_BUF_FREELISTS 2081280297Sjkimstatic void ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) 2082280297Sjkim{ 2083280297Sjkim SSL3_BUF_FREELIST_ENTRY *ent, *next; 2084280297Sjkim for (ent = list->head; ent; ent = next) { 2085280297Sjkim next = ent->next; 2086280297Sjkim OPENSSL_free(ent); 2087280297Sjkim } 2088280297Sjkim OPENSSL_free(list); 2089280297Sjkim} 2090238405Sjkim#endif 2091238405Sjkim 209255714Skrisvoid SSL_CTX_free(SSL_CTX *a) 2093280297Sjkim{ 2094280297Sjkim int i; 209555714Skris 2096280297Sjkim if (a == NULL) 2097280297Sjkim return; 209855714Skris 2099280297Sjkim i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX); 210055714Skris#ifdef REF_PRINT 2101280297Sjkim REF_PRINT("SSL_CTX", a); 210255714Skris#endif 2103280297Sjkim if (i > 0) 2104280297Sjkim return; 210555714Skris#ifdef REF_CHECK 2106280297Sjkim if (i < 0) { 2107280297Sjkim fprintf(stderr, "SSL_CTX_free, bad reference count\n"); 2108280297Sjkim abort(); /* ok */ 2109280297Sjkim } 211055714Skris#endif 211155714Skris 2112280297Sjkim if (a->param) 2113280297Sjkim X509_VERIFY_PARAM_free(a->param); 2114160814Ssimon 2115280297Sjkim /* 2116280297Sjkim * Free internal session cache. However: the remove_cb() may reference 2117280297Sjkim * the ex_data of SSL_CTX, thus the ex_data store can only be removed 2118280297Sjkim * after the sessions were flushed. 2119280297Sjkim * As the ex_data handling routines might also touch the session cache, 2120280297Sjkim * the most secure solution seems to be: empty (flush) the cache, then 2121280297Sjkim * free ex_data, then finally free the cache. 2122280297Sjkim * (See ticket [openssl.org #212].) 2123280297Sjkim */ 2124280297Sjkim if (a->sessions != NULL) 2125280297Sjkim SSL_CTX_flush_sessions(a, 0); 2126109998Smarkm 2127280297Sjkim CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); 2128109998Smarkm 2129280297Sjkim if (a->sessions != NULL) 2130280297Sjkim lh_SSL_SESSION_free(a->sessions); 2131109998Smarkm 2132280297Sjkim if (a->cert_store != NULL) 2133280297Sjkim X509_STORE_free(a->cert_store); 2134280297Sjkim if (a->cipher_list != NULL) 2135280297Sjkim sk_SSL_CIPHER_free(a->cipher_list); 2136280297Sjkim if (a->cipher_list_by_id != NULL) 2137280297Sjkim sk_SSL_CIPHER_free(a->cipher_list_by_id); 2138280297Sjkim if (a->cert != NULL) 2139280297Sjkim ssl_cert_free(a->cert); 2140280297Sjkim if (a->client_CA != NULL) 2141280297Sjkim sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); 2142280297Sjkim if (a->extra_certs != NULL) 2143280297Sjkim sk_X509_pop_free(a->extra_certs, X509_free); 2144280297Sjkim#if 0 /* This should never be done, since it 2145280297Sjkim * removes a global database */ 2146280297Sjkim if (a->comp_methods != NULL) 2147280297Sjkim sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free); 2148109998Smarkm#else 2149280297Sjkim a->comp_methods = NULL; 2150109998Smarkm#endif 2151238405Sjkim 2152246772Sjkim#ifndef OPENSSL_NO_SRTP 2153280297Sjkim if (a->srtp_profiles) 2154280297Sjkim sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); 2155246772Sjkim#endif 2156238405Sjkim 2157238405Sjkim#ifndef OPENSSL_NO_PSK 2158280297Sjkim if (a->psk_identity_hint) 2159280297Sjkim OPENSSL_free(a->psk_identity_hint); 2160238405Sjkim#endif 2161238405Sjkim#ifndef OPENSSL_NO_SRP 2162280297Sjkim SSL_CTX_SRP_CTX_free(a); 2163238405Sjkim#endif 2164194206Ssimon#ifndef OPENSSL_NO_ENGINE 2165280297Sjkim if (a->client_cert_engine) 2166280297Sjkim ENGINE_finish(a->client_cert_engine); 2167194206Ssimon#endif 2168238405Sjkim 2169238405Sjkim#ifndef OPENSSL_NO_BUF_FREELISTS 2170280297Sjkim if (a->wbuf_freelist) 2171280297Sjkim ssl_buf_freelist_free(a->wbuf_freelist); 2172280297Sjkim if (a->rbuf_freelist) 2173280297Sjkim ssl_buf_freelist_free(a->rbuf_freelist); 2174238405Sjkim#endif 2175290207Sjkim#ifndef OPENSSL_NO_TLSEXT 2176290207Sjkim# ifndef OPENSSL_NO_EC 2177290207Sjkim if (a->tlsext_ecpointformatlist) 2178290207Sjkim OPENSSL_free(a->tlsext_ecpointformatlist); 2179290207Sjkim if (a->tlsext_ellipticcurvelist) 2180290207Sjkim OPENSSL_free(a->tlsext_ellipticcurvelist); 2181290207Sjkim# endif /* OPENSSL_NO_EC */ 2182290207Sjkim if (a->alpn_client_proto_list != NULL) 2183290207Sjkim OPENSSL_free(a->alpn_client_proto_list); 2184290207Sjkim#endif 2185238405Sjkim 2186280297Sjkim OPENSSL_free(a); 2187280297Sjkim} 218855714Skris 218955714Skrisvoid SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) 2190280297Sjkim{ 2191280297Sjkim ctx->default_passwd_callback = cb; 2192280297Sjkim} 219355714Skris 2194280297Sjkimvoid SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 2195280297Sjkim{ 2196280297Sjkim ctx->default_passwd_callback_userdata = u; 2197280297Sjkim} 219855714Skris 2199280297Sjkimvoid SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 2200280297Sjkim int (*cb) (X509_STORE_CTX *, void *), 2201280297Sjkim void *arg) 2202280297Sjkim{ 2203280297Sjkim ctx->app_verify_callback = cb; 2204280297Sjkim ctx->app_verify_arg = arg; 2205280297Sjkim} 220655714Skris 2207280297Sjkimvoid SSL_CTX_set_verify(SSL_CTX *ctx, int mode, 2208280297Sjkim int (*cb) (int, X509_STORE_CTX *)) 2209280297Sjkim{ 2210280297Sjkim ctx->verify_mode = mode; 2211280297Sjkim ctx->default_verify_callback = cb; 2212280297Sjkim} 221355714Skris 2214280297Sjkimvoid SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) 2215280297Sjkim{ 2216280297Sjkim X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2217280297Sjkim} 221855714Skris 2219290207Sjkimvoid SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), 2220290207Sjkim void *arg) 2221290207Sjkim{ 2222290207Sjkim ssl_cert_set_cert_cb(c->cert, cb, arg); 2223290207Sjkim} 2224290207Sjkim 2225290207Sjkimvoid SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) 2226290207Sjkim{ 2227290207Sjkim ssl_cert_set_cert_cb(s->cert, cb, arg); 2228290207Sjkim} 2229290207Sjkim 2230238405Sjkimvoid ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) 2231280297Sjkim{ 2232280297Sjkim CERT_PKEY *cpk; 2233280297Sjkim int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; 2234280297Sjkim int rsa_enc_export, dh_rsa_export, dh_dsa_export; 2235280297Sjkim int rsa_tmp_export, dh_tmp_export, kl; 2236280297Sjkim unsigned long mask_k, mask_a, emask_k, emask_a; 2237280297Sjkim#ifndef OPENSSL_NO_ECDSA 2238280297Sjkim int have_ecc_cert, ecdsa_ok, ecc_pkey_size; 2239280297Sjkim#endif 2240160814Ssimon#ifndef OPENSSL_NO_ECDH 2241280297Sjkim int have_ecdh_tmp, ecdh_ok; 2242160814Ssimon#endif 2243280297Sjkim#ifndef OPENSSL_NO_EC 2244280297Sjkim X509 *x = NULL; 2245280297Sjkim EVP_PKEY *ecc_pkey = NULL; 2246280297Sjkim int signature_nid = 0, pk_nid = 0, md_nid = 0; 2247280297Sjkim#endif 2248280297Sjkim if (c == NULL) 2249280297Sjkim return; 225055714Skris 2251280297Sjkim kl = SSL_C_EXPORT_PKEYLENGTH(cipher); 225255714Skris 2253109998Smarkm#ifndef OPENSSL_NO_RSA 2254280297Sjkim rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); 2255280297Sjkim rsa_tmp_export = (c->rsa_tmp_cb != NULL || 2256280297Sjkim (rsa_tmp && RSA_size(c->rsa_tmp) * 8 <= kl)); 225755714Skris#else 2258280297Sjkim rsa_tmp = rsa_tmp_export = 0; 225955714Skris#endif 2260109998Smarkm#ifndef OPENSSL_NO_DH 2261280297Sjkim dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); 2262280297Sjkim dh_tmp_export = (c->dh_tmp_cb != NULL || 2263280297Sjkim (dh_tmp && DH_size(c->dh_tmp) * 8 <= kl)); 226455714Skris#else 2265280297Sjkim dh_tmp = dh_tmp_export = 0; 226655714Skris#endif 226755714Skris 2268160814Ssimon#ifndef OPENSSL_NO_ECDH 2269290207Sjkim have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto); 2270160814Ssimon#endif 2271280297Sjkim cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); 2272290207Sjkim rsa_enc = cpk->valid_flags & CERT_PKEY_VALID; 2273280297Sjkim rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); 2274280297Sjkim cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); 2275290207Sjkim rsa_sign = cpk->valid_flags & CERT_PKEY_SIGN; 2276280297Sjkim cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); 2277290207Sjkim dsa_sign = cpk->valid_flags & CERT_PKEY_SIGN; 2278280297Sjkim cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); 2279290207Sjkim dh_rsa = cpk->valid_flags & CERT_PKEY_VALID; 2280280297Sjkim dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); 2281280297Sjkim cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); 228255714Skris/* FIX THIS EAY EAY EAY */ 2283290207Sjkim dh_dsa = cpk->valid_flags & CERT_PKEY_VALID; 2284280297Sjkim dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); 2285280297Sjkim cpk = &(c->pkeys[SSL_PKEY_ECC]); 2286280297Sjkim#ifndef OPENSSL_NO_EC 2287290207Sjkim have_ecc_cert = cpk->valid_flags & CERT_PKEY_VALID; 2288280297Sjkim#endif 2289280297Sjkim mask_k = 0; 2290280297Sjkim mask_a = 0; 2291280297Sjkim emask_k = 0; 2292280297Sjkim emask_a = 0; 229355714Skris 229455714Skris#ifdef CIPHER_DEBUG 2295280297Sjkim fprintf(stderr, 2296280297Sjkim "rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", 2297280297Sjkim rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, rsa_enc, 2298280297Sjkim rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); 229955714Skris#endif 230055714Skris 2301280297Sjkim cpk = &(c->pkeys[SSL_PKEY_GOST01]); 2302280297Sjkim if (cpk->x509 != NULL && cpk->privatekey != NULL) { 2303280297Sjkim mask_k |= SSL_kGOST; 2304280297Sjkim mask_a |= SSL_aGOST01; 2305280297Sjkim } 2306280297Sjkim cpk = &(c->pkeys[SSL_PKEY_GOST94]); 2307280297Sjkim if (cpk->x509 != NULL && cpk->privatekey != NULL) { 2308280297Sjkim mask_k |= SSL_kGOST; 2309280297Sjkim mask_a |= SSL_aGOST94; 2310280297Sjkim } 231155714Skris 2312280297Sjkim if (rsa_enc || (rsa_tmp && rsa_sign)) 2313280297Sjkim mask_k |= SSL_kRSA; 2314280297Sjkim if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) 2315280297Sjkim emask_k |= SSL_kRSA; 2316280297Sjkim 231755714Skris#if 0 2318280297Sjkim /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ 2319280297Sjkim if ((dh_tmp || dh_rsa || dh_dsa) && (rsa_enc || rsa_sign || dsa_sign)) 2320280297Sjkim mask_k |= SSL_kEDH; 2321280297Sjkim if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && 2322280297Sjkim (rsa_enc || rsa_sign || dsa_sign)) 2323280297Sjkim emask_k |= SSL_kEDH; 232455714Skris#endif 232555714Skris 2326280297Sjkim if (dh_tmp_export) 2327280297Sjkim emask_k |= SSL_kEDH; 232855714Skris 2329280297Sjkim if (dh_tmp) 2330280297Sjkim mask_k |= SSL_kEDH; 233155714Skris 2332280297Sjkim if (dh_rsa) 2333280297Sjkim mask_k |= SSL_kDHr; 2334280297Sjkim if (dh_rsa_export) 2335280297Sjkim emask_k |= SSL_kDHr; 233655714Skris 2337280297Sjkim if (dh_dsa) 2338280297Sjkim mask_k |= SSL_kDHd; 2339280297Sjkim if (dh_dsa_export) 2340280297Sjkim emask_k |= SSL_kDHd; 234155714Skris 2342290207Sjkim if (mask_k & (SSL_kDHr | SSL_kDHd)) 2343290207Sjkim mask_a |= SSL_aDH; 2344290207Sjkim 2345280297Sjkim if (rsa_enc || rsa_sign) { 2346280297Sjkim mask_a |= SSL_aRSA; 2347280297Sjkim emask_a |= SSL_aRSA; 2348280297Sjkim } 234955714Skris 2350280297Sjkim if (dsa_sign) { 2351280297Sjkim mask_a |= SSL_aDSS; 2352280297Sjkim emask_a |= SSL_aDSS; 2353280297Sjkim } 235455714Skris 2355280297Sjkim mask_a |= SSL_aNULL; 2356280297Sjkim emask_a |= SSL_aNULL; 235755714Skris 2358109998Smarkm#ifndef OPENSSL_NO_KRB5 2359280297Sjkim mask_k |= SSL_kKRB5; 2360280297Sjkim mask_a |= SSL_aKRB5; 2361280297Sjkim emask_k |= SSL_kKRB5; 2362280297Sjkim emask_a |= SSL_aKRB5; 2363109998Smarkm#endif 2364109998Smarkm 2365280297Sjkim /* 2366280297Sjkim * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites 2367280297Sjkim * depending on the key usage extension. 2368280297Sjkim */ 2369280297Sjkim#ifndef OPENSSL_NO_EC 2370280297Sjkim if (have_ecc_cert) { 2371290207Sjkim cpk = &c->pkeys[SSL_PKEY_ECC]; 2372290207Sjkim x = cpk->x509; 2373280297Sjkim /* This call populates extension flags (ex_flags) */ 2374280297Sjkim X509_check_purpose(x, -1, 0); 2375290207Sjkim# ifndef OPENSSL_NO_ECDH 2376280297Sjkim ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2377280297Sjkim (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; 2378290207Sjkim# endif 2379280297Sjkim ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2380280297Sjkim (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; 2381290207Sjkim if (!(cpk->valid_flags & CERT_PKEY_SIGN)) 2382290207Sjkim ecdsa_ok = 0; 2383280297Sjkim ecc_pkey = X509_get_pubkey(x); 2384280297Sjkim ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0; 2385280297Sjkim EVP_PKEY_free(ecc_pkey); 2386280297Sjkim if ((x->sig_alg) && (x->sig_alg->algorithm)) { 2387280297Sjkim signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2388280297Sjkim OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2389280297Sjkim } 2390290207Sjkim# ifndef OPENSSL_NO_ECDH 2391280297Sjkim if (ecdh_ok) { 2392238405Sjkim 2393280297Sjkim if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { 2394280297Sjkim mask_k |= SSL_kECDHr; 2395280297Sjkim mask_a |= SSL_aECDH; 2396280297Sjkim if (ecc_pkey_size <= 163) { 2397280297Sjkim emask_k |= SSL_kECDHr; 2398280297Sjkim emask_a |= SSL_aECDH; 2399280297Sjkim } 2400280297Sjkim } 2401238405Sjkim 2402280297Sjkim if (pk_nid == NID_X9_62_id_ecPublicKey) { 2403280297Sjkim mask_k |= SSL_kECDHe; 2404280297Sjkim mask_a |= SSL_aECDH; 2405280297Sjkim if (ecc_pkey_size <= 163) { 2406280297Sjkim emask_k |= SSL_kECDHe; 2407280297Sjkim emask_a |= SSL_aECDH; 2408280297Sjkim } 2409280297Sjkim } 2410280297Sjkim } 2411290207Sjkim# endif 2412290207Sjkim# ifndef OPENSSL_NO_ECDSA 2413280297Sjkim if (ecdsa_ok) { 2414280297Sjkim mask_a |= SSL_aECDSA; 2415280297Sjkim emask_a |= SSL_aECDSA; 2416280297Sjkim } 2417290207Sjkim# endif 2418280297Sjkim } 2419280297Sjkim#endif 2420290207Sjkim 2421160814Ssimon#ifndef OPENSSL_NO_ECDH 2422280297Sjkim if (have_ecdh_tmp) { 2423280297Sjkim mask_k |= SSL_kEECDH; 2424280297Sjkim emask_k |= SSL_kEECDH; 2425280297Sjkim } 2426160814Ssimon#endif 2427238405Sjkim 2428238405Sjkim#ifndef OPENSSL_NO_PSK 2429280297Sjkim mask_k |= SSL_kPSK; 2430280297Sjkim mask_a |= SSL_aPSK; 2431280297Sjkim emask_k |= SSL_kPSK; 2432280297Sjkim emask_a |= SSL_aPSK; 2433238405Sjkim#endif 2434238405Sjkim 2435280297Sjkim c->mask_k = mask_k; 2436280297Sjkim c->mask_a = mask_a; 2437280297Sjkim c->export_mask_k = emask_k; 2438280297Sjkim c->export_mask_a = emask_a; 2439280297Sjkim c->valid = 1; 2440280297Sjkim} 244155714Skris 2442160814Ssimon/* This handy macro borrowed from crypto/x509v3/v3_purp.c */ 2443160814Ssimon#define ku_reject(x, usage) \ 2444280297Sjkim (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) 2445160814Ssimon 2446238405Sjkim#ifndef OPENSSL_NO_EC 2447238405Sjkim 2448238405Sjkimint ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 2449280297Sjkim{ 2450280297Sjkim unsigned long alg_k, alg_a; 2451280297Sjkim EVP_PKEY *pkey = NULL; 2452280297Sjkim int keysize = 0; 2453280297Sjkim int signature_nid = 0, md_nid = 0, pk_nid = 0; 2454280297Sjkim const SSL_CIPHER *cs = s->s3->tmp.new_cipher; 2455160814Ssimon 2456280297Sjkim alg_k = cs->algorithm_mkey; 2457280297Sjkim alg_a = cs->algorithm_auth; 2458238405Sjkim 2459280297Sjkim if (SSL_C_IS_EXPORT(cs)) { 2460280297Sjkim /* ECDH key length in export ciphers must be <= 163 bits */ 2461280297Sjkim pkey = X509_get_pubkey(x); 2462280297Sjkim if (pkey == NULL) 2463280297Sjkim return 0; 2464280297Sjkim keysize = EVP_PKEY_bits(pkey); 2465280297Sjkim EVP_PKEY_free(pkey); 2466280297Sjkim if (keysize > 163) 2467280297Sjkim return 0; 2468280297Sjkim } 2469160814Ssimon 2470280297Sjkim /* This call populates the ex_flags field correctly */ 2471280297Sjkim X509_check_purpose(x, -1, 0); 2472280297Sjkim if ((x->sig_alg) && (x->sig_alg->algorithm)) { 2473280297Sjkim signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2474280297Sjkim OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2475280297Sjkim } 2476280297Sjkim if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { 2477280297Sjkim /* key usage, if present, must allow key agreement */ 2478280297Sjkim if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { 2479280297Sjkim SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 2480280297Sjkim SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); 2481280297Sjkim return 0; 2482280297Sjkim } 2483280297Sjkim if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { 2484280297Sjkim /* signature alg must be ECDSA */ 2485280297Sjkim if (pk_nid != NID_X9_62_id_ecPublicKey) { 2486280297Sjkim SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 2487280297Sjkim SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); 2488280297Sjkim return 0; 2489280297Sjkim } 2490280297Sjkim } 2491280297Sjkim if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { 2492280297Sjkim /* signature alg must be RSA */ 2493238405Sjkim 2494280297Sjkim if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { 2495280297Sjkim SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 2496280297Sjkim SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); 2497280297Sjkim return 0; 2498280297Sjkim } 2499280297Sjkim } 2500280297Sjkim } 2501280297Sjkim if (alg_a & SSL_aECDSA) { 2502280297Sjkim /* key usage, if present, must allow signing */ 2503280297Sjkim if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { 2504280297Sjkim SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 2505280297Sjkim SSL_R_ECC_CERT_NOT_FOR_SIGNING); 2506280297Sjkim return 0; 2507280297Sjkim } 2508280297Sjkim } 2509160814Ssimon 2510280297Sjkim return 1; /* all checks are ok */ 2511280297Sjkim} 2512160814Ssimon 2513238405Sjkim#endif 2514238405Sjkim 2515290207Sjkimstatic int ssl_get_server_cert_index(const SSL *s) 2516290207Sjkim{ 2517290207Sjkim int idx; 2518290207Sjkim idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); 2519290207Sjkim if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509) 2520290207Sjkim idx = SSL_PKEY_RSA_SIGN; 2521290207Sjkim if (idx == -1) 2522290207Sjkim SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX, ERR_R_INTERNAL_ERROR); 2523290207Sjkim return idx; 2524290207Sjkim} 2525290207Sjkim 2526246772SjkimCERT_PKEY *ssl_get_server_send_pkey(const SSL *s) 2527280297Sjkim{ 2528280297Sjkim CERT *c; 2529280297Sjkim int i; 253055714Skris 2531280297Sjkim c = s->cert; 2532290207Sjkim if (!s->s3 || !s->s3->tmp.new_cipher) 2533290207Sjkim return NULL; 2534280297Sjkim ssl_set_cert_masks(c, s->s3->tmp.new_cipher); 253555714Skris 2536290207Sjkim#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL 2537290207Sjkim /* 2538290207Sjkim * Broken protocol test: return last used certificate: which may mismatch 2539290207Sjkim * the one expected. 2540290207Sjkim */ 2541290207Sjkim if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) 2542290207Sjkim return c->key; 2543290207Sjkim#endif 2544160814Ssimon 2545290207Sjkim i = ssl_get_server_cert_index(s); 254655714Skris 2547290207Sjkim /* This may or may not be an error. */ 2548290207Sjkim if (i < 0) 2549290207Sjkim return NULL; 2550280297Sjkim 2551290207Sjkim /* May be NULL. */ 2552290207Sjkim return &c->pkeys[i]; 2553280297Sjkim} 2554280297Sjkim 2555280297SjkimEVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, 2556280297Sjkim const EVP_MD **pmd) 2557280297Sjkim{ 2558280297Sjkim unsigned long alg_a; 2559280297Sjkim CERT *c; 2560280297Sjkim int idx = -1; 256155714Skris 2562280297Sjkim alg_a = cipher->algorithm_auth; 2563280297Sjkim c = s->cert; 256455714Skris 2565290207Sjkim#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL 2566290207Sjkim /* 2567290207Sjkim * Broken protocol test: use last key: which may mismatch the one 2568290207Sjkim * expected. 2569290207Sjkim */ 2570290207Sjkim if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) 2571290207Sjkim idx = c->key - c->pkeys; 2572290207Sjkim else 2573290207Sjkim#endif 2574290207Sjkim 2575280297Sjkim if ((alg_a & SSL_aDSS) && 2576290207Sjkim (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) 2577280297Sjkim idx = SSL_PKEY_DSA_SIGN; 2578280297Sjkim else if (alg_a & SSL_aRSA) { 2579280297Sjkim if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) 2580280297Sjkim idx = SSL_PKEY_RSA_SIGN; 2581280297Sjkim else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) 2582280297Sjkim idx = SSL_PKEY_RSA_ENC; 2583280297Sjkim } else if ((alg_a & SSL_aECDSA) && 2584280297Sjkim (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) 2585280297Sjkim idx = SSL_PKEY_ECC; 2586280297Sjkim if (idx == -1) { 2587280297Sjkim SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); 2588280297Sjkim return (NULL); 2589280297Sjkim } 2590280297Sjkim if (pmd) 2591280297Sjkim *pmd = c->pkeys[idx].digest; 2592280297Sjkim return c->pkeys[idx].privatekey; 2593280297Sjkim} 259455714Skris 2595290207Sjkim#ifndef OPENSSL_NO_TLSEXT 2596290207Sjkimint ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, 2597290207Sjkim size_t *serverinfo_length) 2598290207Sjkim{ 2599290207Sjkim CERT *c = NULL; 2600290207Sjkim int i = 0; 2601290207Sjkim *serverinfo_length = 0; 2602290207Sjkim 2603290207Sjkim c = s->cert; 2604290207Sjkim i = ssl_get_server_cert_index(s); 2605290207Sjkim 2606290207Sjkim if (i == -1) 2607290207Sjkim return 0; 2608290207Sjkim if (c->pkeys[i].serverinfo == NULL) 2609290207Sjkim return 0; 2610290207Sjkim 2611290207Sjkim *serverinfo = c->pkeys[i].serverinfo; 2612290207Sjkim *serverinfo_length = c->pkeys[i].serverinfo_length; 2613290207Sjkim return 1; 2614290207Sjkim} 2615290207Sjkim#endif 2616290207Sjkim 2617280297Sjkimvoid ssl_update_cache(SSL *s, int mode) 2618280297Sjkim{ 2619280297Sjkim int i; 262055714Skris 2621280297Sjkim /* 2622280297Sjkim * If the session_id_length is 0, we are not supposed to cache it, and it 2623280297Sjkim * would be rather hard to do anyway :-) 2624280297Sjkim */ 2625280297Sjkim if (s->session->session_id_length == 0) 2626280297Sjkim return; 262755714Skris 2628280297Sjkim i = s->session_ctx->session_cache_mode; 2629280297Sjkim if ((i & mode) && (!s->hit) 2630280297Sjkim && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) 2631280297Sjkim || SSL_CTX_add_session(s->session_ctx, s->session)) 2632280297Sjkim && (s->session_ctx->new_session_cb != NULL)) { 2633280297Sjkim CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); 2634280297Sjkim if (!s->session_ctx->new_session_cb(s, s->session)) 2635280297Sjkim SSL_SESSION_free(s->session); 2636280297Sjkim } 263755714Skris 2638280297Sjkim /* auto flush every 255 connections */ 2639280297Sjkim if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { 2640280297Sjkim if ((((mode & SSL_SESS_CACHE_CLIENT) 2641280297Sjkim ? s->session_ctx->stats.sess_connect_good 2642280297Sjkim : s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { 2643280297Sjkim SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL)); 2644280297Sjkim } 2645280297Sjkim } 2646280297Sjkim} 264755714Skris 2648290207Sjkimconst SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) 2649290207Sjkim{ 2650290207Sjkim return ctx->method; 2651290207Sjkim} 2652290207Sjkim 2653238405Sjkimconst SSL_METHOD *SSL_get_ssl_method(SSL *s) 2654280297Sjkim{ 2655280297Sjkim return (s->method); 2656280297Sjkim} 265755714Skris 2658238405Sjkimint SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) 2659280297Sjkim{ 2660280297Sjkim int conn = -1; 2661280297Sjkim int ret = 1; 266255714Skris 2663280297Sjkim if (s->method != meth) { 2664280297Sjkim if (s->handshake_func != NULL) 2665280297Sjkim conn = (s->handshake_func == s->method->ssl_connect); 266655714Skris 2667280297Sjkim if (s->method->version == meth->version) 2668280297Sjkim s->method = meth; 2669280297Sjkim else { 2670280297Sjkim s->method->ssl_free(s); 2671280297Sjkim s->method = meth; 2672280297Sjkim ret = s->method->ssl_new(s); 2673280297Sjkim } 267455714Skris 2675280297Sjkim if (conn == 1) 2676280297Sjkim s->handshake_func = meth->ssl_connect; 2677280297Sjkim else if (conn == 0) 2678280297Sjkim s->handshake_func = meth->ssl_accept; 2679280297Sjkim } 2680280297Sjkim return (ret); 2681280297Sjkim} 268255714Skris 2683280297Sjkimint SSL_get_error(const SSL *s, int i) 2684280297Sjkim{ 2685280297Sjkim int reason; 2686280297Sjkim unsigned long l; 2687280297Sjkim BIO *bio; 268855714Skris 2689280297Sjkim if (i > 0) 2690280297Sjkim return (SSL_ERROR_NONE); 269155714Skris 2692280297Sjkim /* 2693280297Sjkim * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc, 2694280297Sjkim * where we do encode the error 2695280297Sjkim */ 2696280297Sjkim if ((l = ERR_peek_error()) != 0) { 2697280297Sjkim if (ERR_GET_LIB(l) == ERR_LIB_SYS) 2698280297Sjkim return (SSL_ERROR_SYSCALL); 2699280297Sjkim else 2700280297Sjkim return (SSL_ERROR_SSL); 2701280297Sjkim } 270255714Skris 2703280297Sjkim if ((i < 0) && SSL_want_read(s)) { 2704280297Sjkim bio = SSL_get_rbio(s); 2705280297Sjkim if (BIO_should_read(bio)) 2706280297Sjkim return (SSL_ERROR_WANT_READ); 2707280297Sjkim else if (BIO_should_write(bio)) 2708280297Sjkim /* 2709280297Sjkim * This one doesn't make too much sense ... We never try to write 2710280297Sjkim * to the rbio, and an application program where rbio and wbio 2711280297Sjkim * are separate couldn't even know what it should wait for. 2712280297Sjkim * However if we ever set s->rwstate incorrectly (so that we have 2713280297Sjkim * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and 2714280297Sjkim * wbio *are* the same, this test works around that bug; so it 2715280297Sjkim * might be safer to keep it. 2716280297Sjkim */ 2717280297Sjkim return (SSL_ERROR_WANT_WRITE); 2718280297Sjkim else if (BIO_should_io_special(bio)) { 2719280297Sjkim reason = BIO_get_retry_reason(bio); 2720280297Sjkim if (reason == BIO_RR_CONNECT) 2721280297Sjkim return (SSL_ERROR_WANT_CONNECT); 2722280297Sjkim else if (reason == BIO_RR_ACCEPT) 2723280297Sjkim return (SSL_ERROR_WANT_ACCEPT); 2724280297Sjkim else 2725280297Sjkim return (SSL_ERROR_SYSCALL); /* unknown */ 2726280297Sjkim } 2727280297Sjkim } 272855714Skris 2729280297Sjkim if ((i < 0) && SSL_want_write(s)) { 2730280297Sjkim bio = SSL_get_wbio(s); 2731280297Sjkim if (BIO_should_write(bio)) 2732280297Sjkim return (SSL_ERROR_WANT_WRITE); 2733280297Sjkim else if (BIO_should_read(bio)) 2734280297Sjkim /* 2735280297Sjkim * See above (SSL_want_read(s) with BIO_should_write(bio)) 2736280297Sjkim */ 2737280297Sjkim return (SSL_ERROR_WANT_READ); 2738280297Sjkim else if (BIO_should_io_special(bio)) { 2739280297Sjkim reason = BIO_get_retry_reason(bio); 2740280297Sjkim if (reason == BIO_RR_CONNECT) 2741280297Sjkim return (SSL_ERROR_WANT_CONNECT); 2742280297Sjkim else if (reason == BIO_RR_ACCEPT) 2743280297Sjkim return (SSL_ERROR_WANT_ACCEPT); 2744280297Sjkim else 2745280297Sjkim return (SSL_ERROR_SYSCALL); 2746280297Sjkim } 2747280297Sjkim } 2748280297Sjkim if ((i < 0) && SSL_want_x509_lookup(s)) { 2749280297Sjkim return (SSL_ERROR_WANT_X509_LOOKUP); 2750280297Sjkim } 275155714Skris 2752280297Sjkim if (i == 0) { 2753280297Sjkim if (s->version == SSL2_VERSION) { 2754280297Sjkim /* assume it is the socket being closed */ 2755280297Sjkim return (SSL_ERROR_ZERO_RETURN); 2756280297Sjkim } else { 2757280297Sjkim if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && 2758280297Sjkim (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) 2759280297Sjkim return (SSL_ERROR_ZERO_RETURN); 2760280297Sjkim } 2761280297Sjkim } 2762280297Sjkim return (SSL_ERROR_SYSCALL); 2763280297Sjkim} 276455714Skris 276555714Skrisint SSL_do_handshake(SSL *s) 2766280297Sjkim{ 2767280297Sjkim int ret = 1; 276855714Skris 2769280297Sjkim if (s->handshake_func == NULL) { 2770280297Sjkim SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); 2771280297Sjkim return (-1); 2772280297Sjkim } 277355714Skris 2774280297Sjkim s->method->ssl_renegotiate_check(s); 277555714Skris 2776280297Sjkim if (SSL_in_init(s) || SSL_in_before(s)) { 2777280297Sjkim ret = s->handshake_func(s); 2778280297Sjkim } 2779280297Sjkim return (ret); 2780280297Sjkim} 278155714Skris 2782280297Sjkim/* 2783280297Sjkim * For the next 2 functions, SSL_clear() sets shutdown and so one of these 2784280297Sjkim * calls will reset it 2785280297Sjkim */ 278655714Skrisvoid SSL_set_accept_state(SSL *s) 2787280297Sjkim{ 2788280297Sjkim s->server = 1; 2789280297Sjkim s->shutdown = 0; 2790280297Sjkim s->state = SSL_ST_ACCEPT | SSL_ST_BEFORE; 2791280297Sjkim s->handshake_func = s->method->ssl_accept; 2792280297Sjkim /* clear the current cipher */ 2793280297Sjkim ssl_clear_cipher_ctx(s); 2794280297Sjkim ssl_clear_hash_ctx(&s->read_hash); 2795280297Sjkim ssl_clear_hash_ctx(&s->write_hash); 2796280297Sjkim} 279755714Skris 279855714Skrisvoid SSL_set_connect_state(SSL *s) 2799280297Sjkim{ 2800280297Sjkim s->server = 0; 2801280297Sjkim s->shutdown = 0; 2802280297Sjkim s->state = SSL_ST_CONNECT | SSL_ST_BEFORE; 2803280297Sjkim s->handshake_func = s->method->ssl_connect; 2804280297Sjkim /* clear the current cipher */ 2805280297Sjkim ssl_clear_cipher_ctx(s); 2806280297Sjkim ssl_clear_hash_ctx(&s->read_hash); 2807280297Sjkim ssl_clear_hash_ctx(&s->write_hash); 2808280297Sjkim} 280955714Skris 281055714Skrisint ssl_undefined_function(SSL *s) 2811280297Sjkim{ 2812280297Sjkim SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2813280297Sjkim return (0); 2814280297Sjkim} 281555714Skris 2816160814Ssimonint ssl_undefined_void_function(void) 2817280297Sjkim{ 2818280297Sjkim SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, 2819280297Sjkim ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2820280297Sjkim return (0); 2821280297Sjkim} 2822160814Ssimon 2823160814Ssimonint ssl_undefined_const_function(const SSL *s) 2824280297Sjkim{ 2825280297Sjkim SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, 2826280297Sjkim ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2827280297Sjkim return (0); 2828280297Sjkim} 2829160814Ssimon 283055714SkrisSSL_METHOD *ssl_bad_method(int ver) 2831280297Sjkim{ 2832280297Sjkim SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2833280297Sjkim return (NULL); 2834280297Sjkim} 283555714Skris 2836160814Ssimonconst char *SSL_get_version(const SSL *s) 2837280297Sjkim{ 2838280297Sjkim if (s->version == TLS1_2_VERSION) 2839280297Sjkim return ("TLSv1.2"); 2840280297Sjkim else if (s->version == TLS1_1_VERSION) 2841280297Sjkim return ("TLSv1.1"); 2842280297Sjkim else if (s->version == TLS1_VERSION) 2843280297Sjkim return ("TLSv1"); 2844280297Sjkim else if (s->version == SSL3_VERSION) 2845280297Sjkim return ("SSLv3"); 2846280297Sjkim else if (s->version == SSL2_VERSION) 2847280297Sjkim return ("SSLv2"); 2848290207Sjkim else if (s->version == DTLS1_BAD_VER) 2849290207Sjkim return ("DTLSv0.9"); 2850290207Sjkim else if (s->version == DTLS1_VERSION) 2851290207Sjkim return ("DTLSv1"); 2852290207Sjkim else if (s->version == DTLS1_2_VERSION) 2853290207Sjkim return ("DTLSv1.2"); 2854280297Sjkim else 2855280297Sjkim return ("unknown"); 2856280297Sjkim} 285755714Skris 285855714SkrisSSL *SSL_dup(SSL *s) 2859280297Sjkim{ 2860280297Sjkim STACK_OF(X509_NAME) *sk; 2861280297Sjkim X509_NAME *xn; 2862280297Sjkim SSL *ret; 2863280297Sjkim int i; 2864109998Smarkm 2865280297Sjkim if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) 2866280297Sjkim return (NULL); 2867109998Smarkm 2868280297Sjkim ret->version = s->version; 2869280297Sjkim ret->type = s->type; 2870280297Sjkim ret->method = s->method; 287155714Skris 2872280297Sjkim if (s->session != NULL) { 2873280297Sjkim /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ 2874280297Sjkim SSL_copy_session_id(ret, s); 2875280297Sjkim } else { 2876280297Sjkim /* 2877280297Sjkim * No session has been established yet, so we have to expect that 2878280297Sjkim * s->cert or ret->cert will be changed later -- they should not both 2879280297Sjkim * point to the same object, and thus we can't use 2880280297Sjkim * SSL_copy_session_id. 2881280297Sjkim */ 288255714Skris 2883280297Sjkim ret->method->ssl_free(ret); 2884280297Sjkim ret->method = s->method; 2885280297Sjkim ret->method->ssl_new(ret); 288655714Skris 2887280297Sjkim if (s->cert != NULL) { 2888280297Sjkim if (ret->cert != NULL) { 2889280297Sjkim ssl_cert_free(ret->cert); 2890280297Sjkim } 2891280297Sjkim ret->cert = ssl_cert_dup(s->cert); 2892280297Sjkim if (ret->cert == NULL) 2893280297Sjkim goto err; 2894280297Sjkim } 289555714Skris 2896280297Sjkim SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length); 2897280297Sjkim } 289855714Skris 2899280297Sjkim ret->options = s->options; 2900280297Sjkim ret->mode = s->mode; 2901280297Sjkim SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); 2902280297Sjkim SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); 2903280297Sjkim ret->msg_callback = s->msg_callback; 2904280297Sjkim ret->msg_callback_arg = s->msg_callback_arg; 2905280297Sjkim SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s)); 2906280297Sjkim SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); 2907280297Sjkim ret->generate_session_id = s->generate_session_id; 290855714Skris 2909280297Sjkim SSL_set_info_callback(ret, SSL_get_info_callback(s)); 291055714Skris 2911280297Sjkim ret->debug = s->debug; 2912160814Ssimon 2913280297Sjkim /* copy app data, a little dangerous perhaps */ 2914280297Sjkim if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) 2915280297Sjkim goto err; 291655714Skris 2917280297Sjkim /* setup rbio, and wbio */ 2918280297Sjkim if (s->rbio != NULL) { 2919280297Sjkim if (!BIO_dup_state(s->rbio, (char *)&ret->rbio)) 2920280297Sjkim goto err; 2921280297Sjkim } 2922280297Sjkim if (s->wbio != NULL) { 2923280297Sjkim if (s->wbio != s->rbio) { 2924280297Sjkim if (!BIO_dup_state(s->wbio, (char *)&ret->wbio)) 2925280297Sjkim goto err; 2926280297Sjkim } else 2927280297Sjkim ret->wbio = ret->rbio; 2928280297Sjkim } 2929280297Sjkim ret->rwstate = s->rwstate; 2930280297Sjkim ret->in_handshake = s->in_handshake; 2931280297Sjkim ret->handshake_func = s->handshake_func; 2932280297Sjkim ret->server = s->server; 2933280297Sjkim ret->renegotiate = s->renegotiate; 2934280297Sjkim ret->new_session = s->new_session; 2935280297Sjkim ret->quiet_shutdown = s->quiet_shutdown; 2936280297Sjkim ret->shutdown = s->shutdown; 2937280297Sjkim ret->state = s->state; /* SSL_dup does not really work at any state, 2938280297Sjkim * though */ 2939280297Sjkim ret->rstate = s->rstate; 2940280297Sjkim ret->init_num = 0; /* would have to copy ret->init_buf, 2941280297Sjkim * ret->init_msg, ret->init_num, 2942280297Sjkim * ret->init_off */ 2943280297Sjkim ret->hit = s->hit; 294455714Skris 2945280297Sjkim X509_VERIFY_PARAM_inherit(ret->param, s->param); 294655714Skris 2947280297Sjkim /* dup the cipher_list and cipher_list_by_id stacks */ 2948280297Sjkim if (s->cipher_list != NULL) { 2949280297Sjkim if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) 2950280297Sjkim goto err; 2951280297Sjkim } 2952280297Sjkim if (s->cipher_list_by_id != NULL) 2953280297Sjkim if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) 2954280297Sjkim == NULL) 2955280297Sjkim goto err; 2956280297Sjkim 2957280297Sjkim /* Dup the client_CA list */ 2958280297Sjkim if (s->client_CA != NULL) { 2959280297Sjkim if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) 2960280297Sjkim goto err; 2961280297Sjkim ret->client_CA = sk; 2962280297Sjkim for (i = 0; i < sk_X509_NAME_num(sk); i++) { 2963280297Sjkim xn = sk_X509_NAME_value(sk, i); 2964280297Sjkim if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { 2965280297Sjkim X509_NAME_free(xn); 2966280297Sjkim goto err; 2967280297Sjkim } 2968280297Sjkim } 2969280297Sjkim } 2970280297Sjkim 2971280297Sjkim if (0) { 2972280297Sjkim err: 2973280297Sjkim if (ret != NULL) 2974280297Sjkim SSL_free(ret); 2975280297Sjkim ret = NULL; 2976280297Sjkim } 2977280297Sjkim return (ret); 2978280297Sjkim} 2979280297Sjkim 298055714Skrisvoid ssl_clear_cipher_ctx(SSL *s) 2981280297Sjkim{ 2982280297Sjkim if (s->enc_read_ctx != NULL) { 2983280297Sjkim EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); 2984280297Sjkim OPENSSL_free(s->enc_read_ctx); 2985280297Sjkim s->enc_read_ctx = NULL; 2986280297Sjkim } 2987280297Sjkim if (s->enc_write_ctx != NULL) { 2988280297Sjkim EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); 2989280297Sjkim OPENSSL_free(s->enc_write_ctx); 2990280297Sjkim s->enc_write_ctx = NULL; 2991280297Sjkim } 2992160814Ssimon#ifndef OPENSSL_NO_COMP 2993280297Sjkim if (s->expand != NULL) { 2994280297Sjkim COMP_CTX_free(s->expand); 2995280297Sjkim s->expand = NULL; 2996280297Sjkim } 2997280297Sjkim if (s->compress != NULL) { 2998280297Sjkim COMP_CTX_free(s->compress); 2999280297Sjkim s->compress = NULL; 3000280297Sjkim } 3001160814Ssimon#endif 3002280297Sjkim} 300355714Skris 3004160814SsimonX509 *SSL_get_certificate(const SSL *s) 3005280297Sjkim{ 3006280297Sjkim if (s->cert != NULL) 3007280297Sjkim return (s->cert->key->x509); 3008280297Sjkim else 3009280297Sjkim return (NULL); 3010280297Sjkim} 301155714Skris 3012290207SjkimEVP_PKEY *SSL_get_privatekey(const SSL *s) 3013280297Sjkim{ 3014280297Sjkim if (s->cert != NULL) 3015280297Sjkim return (s->cert->key->privatekey); 3016280297Sjkim else 3017280297Sjkim return (NULL); 3018280297Sjkim} 301955714Skris 3020290207SjkimX509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) 3021290207Sjkim{ 3022290207Sjkim if (ctx->cert != NULL) 3023290207Sjkim return ctx->cert->key->x509; 3024290207Sjkim else 3025290207Sjkim return NULL; 3026290207Sjkim} 3027290207Sjkim 3028290207SjkimEVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) 3029290207Sjkim{ 3030290207Sjkim if (ctx->cert != NULL) 3031290207Sjkim return ctx->cert->key->privatekey; 3032290207Sjkim else 3033290207Sjkim return NULL; 3034290207Sjkim} 3035290207Sjkim 3036238405Sjkimconst SSL_CIPHER *SSL_get_current_cipher(const SSL *s) 3037280297Sjkim{ 3038280297Sjkim if ((s->session != NULL) && (s->session->cipher != NULL)) 3039280297Sjkim return (s->session->cipher); 3040280297Sjkim return (NULL); 3041280297Sjkim} 3042280297Sjkim 3043160814Ssimon#ifdef OPENSSL_NO_COMP 3044160814Ssimonconst void *SSL_get_current_compression(SSL *s) 3045280297Sjkim{ 3046280297Sjkim return NULL; 3047280297Sjkim} 3048280297Sjkim 3049160814Ssimonconst void *SSL_get_current_expansion(SSL *s) 3050280297Sjkim{ 3051280297Sjkim return NULL; 3052280297Sjkim} 3053160814Ssimon#else 305455714Skris 3055160814Ssimonconst COMP_METHOD *SSL_get_current_compression(SSL *s) 3056280297Sjkim{ 3057280297Sjkim if (s->compress != NULL) 3058280297Sjkim return (s->compress->meth); 3059280297Sjkim return (NULL); 3060280297Sjkim} 3061160814Ssimon 3062160814Ssimonconst COMP_METHOD *SSL_get_current_expansion(SSL *s) 3063280297Sjkim{ 3064280297Sjkim if (s->expand != NULL) 3065280297Sjkim return (s->expand->meth); 3066280297Sjkim return (NULL); 3067280297Sjkim} 3068160814Ssimon#endif 3069160814Ssimon 3070280297Sjkimint ssl_init_wbio_buffer(SSL *s, int push) 3071280297Sjkim{ 3072280297Sjkim BIO *bbio; 307355714Skris 3074280297Sjkim if (s->bbio == NULL) { 3075280297Sjkim bbio = BIO_new(BIO_f_buffer()); 3076280297Sjkim if (bbio == NULL) 3077280297Sjkim return (0); 3078280297Sjkim s->bbio = bbio; 3079280297Sjkim } else { 3080280297Sjkim bbio = s->bbio; 3081280297Sjkim if (s->bbio == s->wbio) 3082280297Sjkim s->wbio = BIO_pop(s->wbio); 3083280297Sjkim } 3084280297Sjkim (void)BIO_reset(bbio); 3085280297Sjkim/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ 3086280297Sjkim if (!BIO_set_read_buffer_size(bbio, 1)) { 3087280297Sjkim SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); 3088280297Sjkim return (0); 3089280297Sjkim } 3090280297Sjkim if (push) { 3091280297Sjkim if (s->wbio != bbio) 3092280297Sjkim s->wbio = BIO_push(bbio, s->wbio); 3093280297Sjkim } else { 3094280297Sjkim if (s->wbio == bbio) 3095280297Sjkim s->wbio = BIO_pop(bbio); 3096280297Sjkim } 3097280297Sjkim return (1); 3098280297Sjkim} 309955714Skris 310055714Skrisvoid ssl_free_wbio_buffer(SSL *s) 3101280297Sjkim{ 3102280297Sjkim if (s->bbio == NULL) 3103280297Sjkim return; 310455714Skris 3105280297Sjkim if (s->bbio == s->wbio) { 3106280297Sjkim /* remove buffering */ 3107280297Sjkim s->wbio = BIO_pop(s->wbio); 3108280297Sjkim#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids 3109280297Sjkim * adding one more preprocessor symbol */ 3110280297Sjkim assert(s->wbio != NULL); 3111238405Sjkim#endif 3112280297Sjkim } 3113280297Sjkim BIO_free(s->bbio); 3114280297Sjkim s->bbio = NULL; 3115280297Sjkim} 311655714Skris 3117280297Sjkimvoid SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) 3118280297Sjkim{ 3119280297Sjkim ctx->quiet_shutdown = mode; 3120280297Sjkim} 3121280297Sjkim 3122160814Ssimonint SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) 3123280297Sjkim{ 3124280297Sjkim return (ctx->quiet_shutdown); 3125280297Sjkim} 312655714Skris 3127280297Sjkimvoid SSL_set_quiet_shutdown(SSL *s, int mode) 3128280297Sjkim{ 3129280297Sjkim s->quiet_shutdown = mode; 3130280297Sjkim} 313155714Skris 3132160814Ssimonint SSL_get_quiet_shutdown(const SSL *s) 3133280297Sjkim{ 3134280297Sjkim return (s->quiet_shutdown); 3135280297Sjkim} 313655714Skris 3137280297Sjkimvoid SSL_set_shutdown(SSL *s, int mode) 3138280297Sjkim{ 3139280297Sjkim s->shutdown = mode; 3140280297Sjkim} 314155714Skris 3142160814Ssimonint SSL_get_shutdown(const SSL *s) 3143280297Sjkim{ 3144280297Sjkim return (s->shutdown); 3145280297Sjkim} 314655714Skris 3147160814Ssimonint SSL_version(const SSL *s) 3148280297Sjkim{ 3149280297Sjkim return (s->version); 3150280297Sjkim} 315155714Skris 3152160814SsimonSSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) 3153280297Sjkim{ 3154280297Sjkim return (ssl->ctx); 3155280297Sjkim} 315655714Skris 3157280297SjkimSSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) 3158280297Sjkim{ 3159280297Sjkim CERT *ocert = ssl->cert; 3160280297Sjkim if (ssl->ctx == ctx) 3161280297Sjkim return ssl->ctx; 3162194206Ssimon#ifndef OPENSSL_NO_TLSEXT 3163280297Sjkim if (ctx == NULL) 3164280297Sjkim ctx = ssl->initial_ctx; 3165194206Ssimon#endif 3166280297Sjkim ssl->cert = ssl_cert_dup(ctx->cert); 3167290207Sjkim if (ocert) { 3168290207Sjkim /* Preserve any already negotiated parameters */ 3169290207Sjkim if (ssl->server) { 3170290207Sjkim ssl->cert->peer_sigalgs = ocert->peer_sigalgs; 3171290207Sjkim ssl->cert->peer_sigalgslen = ocert->peer_sigalgslen; 3172290207Sjkim ocert->peer_sigalgs = NULL; 3173290207Sjkim ssl->cert->ciphers_raw = ocert->ciphers_raw; 3174290207Sjkim ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen; 3175290207Sjkim ocert->ciphers_raw = NULL; 3176280297Sjkim } 3177280297Sjkim ssl_cert_free(ocert); 3178280297Sjkim } 3179276861Sjkim 3180280297Sjkim /* 3181280297Sjkim * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), 3182280297Sjkim * so setter APIs must prevent invalid lengths from entering the system. 3183280297Sjkim */ 3184280297Sjkim OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)); 3185276861Sjkim 3186280297Sjkim /* 3187280297Sjkim * If the session ID context matches that of the parent SSL_CTX, 3188280297Sjkim * inherit it from the new SSL_CTX as well. If however the context does 3189280297Sjkim * not match (i.e., it was set per-ssl with SSL_set_session_id_context), 3190280297Sjkim * leave it unchanged. 3191280297Sjkim */ 3192280297Sjkim if ((ssl->ctx != NULL) && 3193280297Sjkim (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && 3194280297Sjkim (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) { 3195280297Sjkim ssl->sid_ctx_length = ctx->sid_ctx_length; 3196280297Sjkim memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); 3197280297Sjkim } 3198276861Sjkim 3199280297Sjkim CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 3200280297Sjkim if (ssl->ctx != NULL) 3201280297Sjkim SSL_CTX_free(ssl->ctx); /* decrement reference count */ 3202280297Sjkim ssl->ctx = ctx; 3203276861Sjkim 3204280297Sjkim return (ssl->ctx); 3205280297Sjkim} 3206194206Ssimon 3207109998Smarkm#ifndef OPENSSL_NO_STDIO 320855714Skrisint SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 3209280297Sjkim{ 3210280297Sjkim return (X509_STORE_set_default_paths(ctx->cert_store)); 3211280297Sjkim} 321255714Skris 321355714Skrisint SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 3214280297Sjkim const char *CApath) 3215280297Sjkim{ 3216280297Sjkim return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); 3217280297Sjkim} 321855714Skris#endif 321955714Skris 3220109998Smarkmvoid SSL_set_info_callback(SSL *ssl, 3221280297Sjkim void (*cb) (const SSL *ssl, int type, int val)) 3222280297Sjkim{ 3223280297Sjkim ssl->info_callback = cb; 3224280297Sjkim} 322555714Skris 3226280297Sjkim/* 3227280297Sjkim * One compiler (Diab DCC) doesn't like argument names in returned function 3228280297Sjkim * pointer. 3229280297Sjkim */ 3230280297Sjkimvoid (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ , 3231280297Sjkim int /* type */ , 3232280297Sjkim int /* val */ ) { 3233280297Sjkim return ssl->info_callback; 3234280297Sjkim} 323555714Skris 3236160814Ssimonint SSL_state(const SSL *ssl) 3237280297Sjkim{ 3238280297Sjkim return (ssl->state); 3239280297Sjkim} 324055714Skris 3241238405Sjkimvoid SSL_set_state(SSL *ssl, int state) 3242280297Sjkim{ 3243280297Sjkim ssl->state = state; 3244280297Sjkim} 3245238405Sjkim 3246280297Sjkimvoid SSL_set_verify_result(SSL *ssl, long arg) 3247280297Sjkim{ 3248280297Sjkim ssl->verify_result = arg; 3249280297Sjkim} 325055714Skris 3251160814Ssimonlong SSL_get_verify_result(const SSL *ssl) 3252280297Sjkim{ 3253280297Sjkim return (ssl->verify_result); 3254280297Sjkim} 325555714Skris 3256280297Sjkimint SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 3257280297Sjkim CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 3258280297Sjkim{ 3259280297Sjkim return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, 3260280297Sjkim new_func, dup_func, free_func); 3261280297Sjkim} 326255714Skris 3263280297Sjkimint SSL_set_ex_data(SSL *s, int idx, void *arg) 3264280297Sjkim{ 3265280297Sjkim return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); 3266280297Sjkim} 326755714Skris 3268280297Sjkimvoid *SSL_get_ex_data(const SSL *s, int idx) 3269280297Sjkim{ 3270280297Sjkim return (CRYPTO_get_ex_data(&s->ex_data, idx)); 3271280297Sjkim} 327255714Skris 3273280297Sjkimint SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 3274280297Sjkim CRYPTO_EX_dup *dup_func, 3275280297Sjkim CRYPTO_EX_free *free_func) 3276280297Sjkim{ 3277280297Sjkim return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, 3278280297Sjkim new_func, dup_func, free_func); 3279280297Sjkim} 328055714Skris 3281280297Sjkimint SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) 3282280297Sjkim{ 3283280297Sjkim return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); 3284280297Sjkim} 328555714Skris 3286280297Sjkimvoid *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) 3287280297Sjkim{ 3288280297Sjkim return (CRYPTO_get_ex_data(&s->ex_data, idx)); 3289280297Sjkim} 329055714Skris 329155714Skrisint ssl_ok(SSL *s) 3292280297Sjkim{ 3293280297Sjkim return (1); 3294280297Sjkim} 329555714Skris 3296160814SsimonX509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) 3297280297Sjkim{ 3298280297Sjkim return (ctx->cert_store); 3299280297Sjkim} 330055714Skris 3301280297Sjkimvoid SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) 3302280297Sjkim{ 3303280297Sjkim if (ctx->cert_store != NULL) 3304280297Sjkim X509_STORE_free(ctx->cert_store); 3305280297Sjkim ctx->cert_store = store; 3306280297Sjkim} 330755714Skris 3308160814Ssimonint SSL_want(const SSL *s) 3309280297Sjkim{ 3310280297Sjkim return (s->rwstate); 3311280297Sjkim} 331255714Skris 3313280297Sjkim/** 331455714Skris * \brief Set the callback for generating temporary RSA keys. 331555714Skris * \param ctx the SSL context. 331655714Skris * \param cb the callback 331755714Skris */ 331855714Skris 3319109998Smarkm#ifndef OPENSSL_NO_RSA 3320280297Sjkimvoid SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb) (SSL *ssl, 3321280297Sjkim int is_export, 3322280297Sjkim int keylength)) 3323280297Sjkim{ 3324280297Sjkim SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); 3325280297Sjkim} 332655714Skris 3327280297Sjkimvoid SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb) (SSL *ssl, 3328280297Sjkim int is_export, 3329280297Sjkim int keylength)) 3330280297Sjkim{ 3331280297Sjkim SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); 3332280297Sjkim} 333355714Skris#endif 333455714Skris 333555714Skris#ifdef DOXYGEN 3336280297Sjkim/** 333755714Skris * \brief The RSA temporary key callback function. 333855714Skris * \param ssl the SSL session. 333955714Skris * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite. 334055714Skris * \param keylength if \c is_export is \c TRUE, then \c keylength is the size 334155714Skris * of the required key in bits. 334255714Skris * \return the temporary RSA key. 334355714Skris * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback 334455714Skris */ 334555714Skris 3346280297SjkimRSA *cb(SSL *ssl, int is_export, int keylength) 3347280297Sjkim{ 3348280297Sjkim} 334955714Skris#endif 335055714Skris 3351280297Sjkim/** 335255714Skris * \brief Set the callback for generating temporary DH keys. 335355714Skris * \param ctx the SSL context. 335455714Skris * \param dh the callback 335555714Skris */ 335655714Skris 3357109998Smarkm#ifndef OPENSSL_NO_DH 3358280297Sjkimvoid SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 3359280297Sjkim DH *(*dh) (SSL *ssl, int is_export, 3360280297Sjkim int keylength)) 3361280297Sjkim{ 3362280297Sjkim SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); 3363280297Sjkim} 336455714Skris 3365280297Sjkimvoid SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, 3366280297Sjkim int keylength)) 3367280297Sjkim{ 3368280297Sjkim SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); 3369280297Sjkim} 337055714Skris#endif 337155714Skris 3372160814Ssimon#ifndef OPENSSL_NO_ECDH 3373280297Sjkimvoid SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, 3374280297Sjkim EC_KEY *(*ecdh) (SSL *ssl, int is_export, 3375280297Sjkim int keylength)) 3376280297Sjkim{ 3377280297Sjkim SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, 3378280297Sjkim (void (*)(void))ecdh); 3379280297Sjkim} 3380109998Smarkm 3381280297Sjkimvoid SSL_set_tmp_ecdh_callback(SSL *ssl, 3382280297Sjkim EC_KEY *(*ecdh) (SSL *ssl, int is_export, 3383280297Sjkim int keylength)) 3384280297Sjkim{ 3385280297Sjkim SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh); 3386280297Sjkim} 3387160814Ssimon#endif 3388160814Ssimon 3389238405Sjkim#ifndef OPENSSL_NO_PSK 3390238405Sjkimint SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) 3391280297Sjkim{ 3392280297Sjkim if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 3393280297Sjkim SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, 3394280297Sjkim SSL_R_DATA_LENGTH_TOO_LONG); 3395280297Sjkim return 0; 3396280297Sjkim } 3397280297Sjkim if (ctx->psk_identity_hint != NULL) 3398280297Sjkim OPENSSL_free(ctx->psk_identity_hint); 3399280297Sjkim if (identity_hint != NULL) { 3400280297Sjkim ctx->psk_identity_hint = BUF_strdup(identity_hint); 3401280297Sjkim if (ctx->psk_identity_hint == NULL) 3402280297Sjkim return 0; 3403280297Sjkim } else 3404280297Sjkim ctx->psk_identity_hint = NULL; 3405280297Sjkim return 1; 3406280297Sjkim} 3407160814Ssimon 3408238405Sjkimint SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) 3409280297Sjkim{ 3410280297Sjkim if (s == NULL) 3411280297Sjkim return 0; 3412238405Sjkim 3413280297Sjkim if (s->session == NULL) 3414280297Sjkim return 1; /* session not created yet, ignored */ 3415238405Sjkim 3416280297Sjkim if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 3417280297Sjkim SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); 3418280297Sjkim return 0; 3419280297Sjkim } 3420280297Sjkim if (s->session->psk_identity_hint != NULL) 3421280297Sjkim OPENSSL_free(s->session->psk_identity_hint); 3422280297Sjkim if (identity_hint != NULL) { 3423280297Sjkim s->session->psk_identity_hint = BUF_strdup(identity_hint); 3424280297Sjkim if (s->session->psk_identity_hint == NULL) 3425280297Sjkim return 0; 3426280297Sjkim } else 3427280297Sjkim s->session->psk_identity_hint = NULL; 3428280297Sjkim return 1; 3429280297Sjkim} 3430238405Sjkim 3431238405Sjkimconst char *SSL_get_psk_identity_hint(const SSL *s) 3432280297Sjkim{ 3433280297Sjkim if (s == NULL || s->session == NULL) 3434280297Sjkim return NULL; 3435280297Sjkim return (s->session->psk_identity_hint); 3436280297Sjkim} 3437238405Sjkim 3438238405Sjkimconst char *SSL_get_psk_identity(const SSL *s) 3439280297Sjkim{ 3440280297Sjkim if (s == NULL || s->session == NULL) 3441280297Sjkim return NULL; 3442280297Sjkim return (s->session->psk_identity); 3443280297Sjkim} 3444238405Sjkim 3445238405Sjkimvoid SSL_set_psk_client_callback(SSL *s, 3446280297Sjkim unsigned int (*cb) (SSL *ssl, 3447280297Sjkim const char *hint, 3448280297Sjkim char *identity, 3449280297Sjkim unsigned int 3450280297Sjkim max_identity_len, 3451280297Sjkim unsigned char *psk, 3452280297Sjkim unsigned int 3453280297Sjkim max_psk_len)) 3454280297Sjkim{ 3455280297Sjkim s->psk_client_callback = cb; 3456280297Sjkim} 3457238405Sjkim 3458238405Sjkimvoid SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 3459280297Sjkim unsigned int (*cb) (SSL *ssl, 3460280297Sjkim const char *hint, 3461280297Sjkim char *identity, 3462280297Sjkim unsigned int 3463280297Sjkim max_identity_len, 3464280297Sjkim unsigned char *psk, 3465280297Sjkim unsigned int 3466280297Sjkim max_psk_len)) 3467280297Sjkim{ 3468280297Sjkim ctx->psk_client_callback = cb; 3469280297Sjkim} 3470238405Sjkim 3471238405Sjkimvoid SSL_set_psk_server_callback(SSL *s, 3472280297Sjkim unsigned int (*cb) (SSL *ssl, 3473280297Sjkim const char *identity, 3474280297Sjkim unsigned char *psk, 3475280297Sjkim unsigned int 3476280297Sjkim max_psk_len)) 3477280297Sjkim{ 3478280297Sjkim s->psk_server_callback = cb; 3479280297Sjkim} 3480238405Sjkim 3481238405Sjkimvoid SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 3482280297Sjkim unsigned int (*cb) (SSL *ssl, 3483280297Sjkim const char *identity, 3484280297Sjkim unsigned char *psk, 3485280297Sjkim unsigned int 3486280297Sjkim max_psk_len)) 3487280297Sjkim{ 3488280297Sjkim ctx->psk_server_callback = cb; 3489280297Sjkim} 3490238405Sjkim#endif 3491238405Sjkim 3492280297Sjkimvoid SSL_CTX_set_msg_callback(SSL_CTX *ctx, 3493280297Sjkim void (*cb) (int write_p, int version, 3494280297Sjkim int content_type, const void *buf, 3495280297Sjkim size_t len, SSL *ssl, void *arg)) 3496280297Sjkim{ 3497280297Sjkim SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3498280297Sjkim} 3499109998Smarkm 3500280297Sjkimvoid SSL_set_msg_callback(SSL *ssl, 3501280297Sjkim void (*cb) (int write_p, int version, 3502280297Sjkim int content_type, const void *buf, 3503280297Sjkim size_t len, SSL *ssl, void *arg)) 3504280297Sjkim{ 3505280297Sjkim SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3506280297Sjkim} 3507280297Sjkim 3508280297Sjkim/* 3509280297Sjkim * Allocates new EVP_MD_CTX and sets pointer to it into given pointer 3510280297Sjkim * vairable, freeing EVP_MD_CTX previously stored in that variable, if any. 3511280297Sjkim * If EVP_MD pointer is passed, initializes ctx with this md Returns newly 3512280297Sjkim * allocated ctx; 3513238405Sjkim */ 3514109998Smarkm 3515280297SjkimEVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) 3516238405Sjkim{ 3517280297Sjkim ssl_clear_hash_ctx(hash); 3518280297Sjkim *hash = EVP_MD_CTX_create(); 3519291719Sjkim if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) { 3520291719Sjkim EVP_MD_CTX_destroy(*hash); 3521291719Sjkim *hash = NULL; 3522291719Sjkim return NULL; 3523291719Sjkim } 3524280297Sjkim return *hash; 3525238405Sjkim} 3526280297Sjkim 3527280297Sjkimvoid ssl_clear_hash_ctx(EVP_MD_CTX **hash) 3528238405Sjkim{ 3529109998Smarkm 3530280297Sjkim if (*hash) 3531280297Sjkim EVP_MD_CTX_destroy(*hash); 3532280297Sjkim *hash = NULL; 3533238405Sjkim} 3534238405Sjkim 3535238405Sjkimvoid SSL_set_debug(SSL *s, int debug) 3536280297Sjkim{ 3537280297Sjkim s->debug = debug; 3538280297Sjkim} 3539238405Sjkim 3540238405Sjkimint SSL_cache_hit(SSL *s) 3541280297Sjkim{ 3542280297Sjkim return s->hit; 3543280297Sjkim} 3544238405Sjkim 3545290207Sjkimint SSL_is_server(SSL *s) 3546290207Sjkim{ 3547290207Sjkim return s->server; 3548290207Sjkim} 3549290207Sjkim 3550109998Smarkm#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16) 3551280297Sjkim# include "../crypto/bio/bss_file.c" 355255714Skris#endif 355355714Skris 355455714SkrisIMPLEMENT_STACK_OF(SSL_CIPHER) 355555714SkrisIMPLEMENT_STACK_OF(SSL_COMP) 3556280297SjkimIMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); 3557