ssl_lib.c revision 298998
1280297Sjkim/* 2280297Sjkim * ! \file ssl/ssl_lib.c \brief Version independent SSL functions. 355714Skris */ 455714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 555714Skris * All rights reserved. 655714Skris * 755714Skris * This package is an SSL implementation written 855714Skris * by Eric Young (eay@cryptsoft.com). 955714Skris * The implementation was written so as to conform with Netscapes SSL. 10280297Sjkim * 1155714Skris * This library is free for commercial and non-commercial use as long as 1255714Skris * the following conditions are aheared to. The following conditions 1355714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1455714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1555714Skris * included with this distribution is covered by the same copyright terms 1655714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 17280297Sjkim * 1855714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1955714Skris * the code are not to be removed. 2055714Skris * If this package is used in a product, Eric Young should be given attribution 2155714Skris * as the author of the parts of the library used. 2255714Skris * This can be in the form of a textual message at program startup or 2355714Skris * in documentation (online or textual) provided with the package. 24280297Sjkim * 2555714Skris * Redistribution and use in source and binary forms, with or without 2655714Skris * modification, are permitted provided that the following conditions 2755714Skris * are met: 2855714Skris * 1. Redistributions of source code must retain the copyright 2955714Skris * notice, this list of conditions and the following disclaimer. 3055714Skris * 2. Redistributions in binary form must reproduce the above copyright 3155714Skris * notice, this list of conditions and the following disclaimer in the 3255714Skris * documentation and/or other materials provided with the distribution. 3355714Skris * 3. All advertising materials mentioning features or use of this software 3455714Skris * must display the following acknowledgement: 3555714Skris * "This product includes cryptographic software written by 3655714Skris * Eric Young (eay@cryptsoft.com)" 3755714Skris * The word 'cryptographic' can be left out if the rouines from the library 3855714Skris * being used are not cryptographic related :-). 39280297Sjkim * 4. If you include any Windows specific code (or a derivative thereof) from 4055714Skris * the apps directory (application code) you must include an acknowledgement: 4155714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 42280297Sjkim * 4355714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4455714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4555714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4655714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4755714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4855714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4955714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 5055714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 5155714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5255714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5355714Skris * SUCH DAMAGE. 54280297Sjkim * 5555714Skris * The licence and distribution terms for any publically available version or 5655714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5755714Skris * copied and put under another distribution licence 5855714Skris * [including the GNU Public Licence.] 5955714Skris */ 60109998Smarkm/* ==================================================================== 61238405Sjkim * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 62109998Smarkm * 63109998Smarkm * Redistribution and use in source and binary forms, with or without 64109998Smarkm * modification, are permitted provided that the following conditions 65109998Smarkm * are met: 66109998Smarkm * 67109998Smarkm * 1. Redistributions of source code must retain the above copyright 68280297Sjkim * notice, this list of conditions and the following disclaimer. 69109998Smarkm * 70109998Smarkm * 2. Redistributions in binary form must reproduce the above copyright 71109998Smarkm * notice, this list of conditions and the following disclaimer in 72109998Smarkm * the documentation and/or other materials provided with the 73109998Smarkm * distribution. 74109998Smarkm * 75109998Smarkm * 3. All advertising materials mentioning features or use of this 76109998Smarkm * software must display the following acknowledgment: 77109998Smarkm * "This product includes software developed by the OpenSSL Project 78109998Smarkm * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 79109998Smarkm * 80109998Smarkm * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 81109998Smarkm * endorse or promote products derived from this software without 82109998Smarkm * prior written permission. For written permission, please contact 83109998Smarkm * openssl-core@openssl.org. 84109998Smarkm * 85109998Smarkm * 5. Products derived from this software may not be called "OpenSSL" 86109998Smarkm * nor may "OpenSSL" appear in their names without prior written 87109998Smarkm * permission of the OpenSSL Project. 88109998Smarkm * 89109998Smarkm * 6. Redistributions of any form whatsoever must retain the following 90109998Smarkm * acknowledgment: 91109998Smarkm * "This product includes software developed by the OpenSSL Project 92109998Smarkm * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 93109998Smarkm * 94109998Smarkm * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 95109998Smarkm * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96109998Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 97109998Smarkm * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 98109998Smarkm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 99109998Smarkm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 100109998Smarkm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 101109998Smarkm * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 102109998Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 103109998Smarkm * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 104109998Smarkm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 105109998Smarkm * OF THE POSSIBILITY OF SUCH DAMAGE. 106109998Smarkm * ==================================================================== 107109998Smarkm * 108109998Smarkm * This product includes cryptographic software written by Eric Young 109109998Smarkm * (eay@cryptsoft.com). This product includes software written by Tim 110109998Smarkm * Hudson (tjh@cryptsoft.com). 111109998Smarkm * 112109998Smarkm */ 113160814Ssimon/* ==================================================================== 114160814Ssimon * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 115280297Sjkim * ECC cipher suite support in OpenSSL originally developed by 116160814Ssimon * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 117160814Ssimon */ 118238405Sjkim/* ==================================================================== 119238405Sjkim * Copyright 2005 Nokia. All rights reserved. 120238405Sjkim * 121238405Sjkim * The portions of the attached software ("Contribution") is developed by 122238405Sjkim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 123238405Sjkim * license. 124238405Sjkim * 125238405Sjkim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 126238405Sjkim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 127238405Sjkim * support (see RFC 4279) to OpenSSL. 128238405Sjkim * 129238405Sjkim * No patent licenses or other rights except those expressly stated in 130238405Sjkim * the OpenSSL open source license shall be deemed granted or received 131238405Sjkim * expressly, by implication, estoppel, or otherwise. 132238405Sjkim * 133238405Sjkim * No assurances are provided by Nokia that the Contribution does not 134238405Sjkim * infringe the patent or other intellectual property rights of any third 135238405Sjkim * party or that the license provides you with all the necessary rights 136238405Sjkim * to make use of the Contribution. 137238405Sjkim * 138238405Sjkim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 139238405Sjkim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 140238405Sjkim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 141238405Sjkim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 142238405Sjkim * OTHERWISE. 143238405Sjkim */ 14455714Skris 145109998Smarkm#ifdef REF_CHECK 146280297Sjkim# include <assert.h> 147109998Smarkm#endif 14855714Skris#include <stdio.h> 149109998Smarkm#include "ssl_locl.h" 150109998Smarkm#include "kssl_lcl.h" 15155714Skris#include <openssl/objects.h> 15255714Skris#include <openssl/lhash.h> 15359191Skris#include <openssl/x509v3.h> 154194206Ssimon#include <openssl/rand.h> 155194206Ssimon#include <openssl/ocsp.h> 156160814Ssimon#ifndef OPENSSL_NO_DH 157280297Sjkim# include <openssl/dh.h> 158160814Ssimon#endif 159194206Ssimon#ifndef OPENSSL_NO_ENGINE 160280297Sjkim# include <openssl/engine.h> 161194206Ssimon#endif 16255714Skris 163280297Sjkimconst char *SSL_version_str = OPENSSL_VERSION_TEXT; 16455714Skris 165280297SjkimSSL3_ENC_METHOD ssl3_undef_enc_method = { 166280297Sjkim /* 167280297Sjkim * evil casts, but these functions are only called if there's a library 168280297Sjkim * bug 169280297Sjkim */ 170280297Sjkim (int (*)(SSL *, int))ssl_undefined_function, 171280297Sjkim (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, 172280297Sjkim ssl_undefined_function, 173280297Sjkim (int (*)(SSL *, unsigned char *, unsigned char *, int)) 174280297Sjkim ssl_undefined_function, 175280297Sjkim (int (*)(SSL *, int))ssl_undefined_function, 176280297Sjkim (int (*)(SSL *, const char *, int, unsigned char *)) 177280297Sjkim ssl_undefined_function, 178280297Sjkim 0, /* finish_mac_length */ 179280297Sjkim (int (*)(SSL *, int, unsigned char *))ssl_undefined_function, 180280297Sjkim NULL, /* client_finished_label */ 181280297Sjkim 0, /* client_finished_label_len */ 182280297Sjkim NULL, /* server_finished_label */ 183280297Sjkim 0, /* server_finished_label_len */ 184280297Sjkim (int (*)(int))ssl_undefined_function, 185280297Sjkim (int (*)(SSL *, unsigned char *, size_t, const char *, 186280297Sjkim size_t, const unsigned char *, size_t, 187280297Sjkim int use_context))ssl_undefined_function, 188280297Sjkim}; 18955714Skris 19055714Skrisint SSL_clear(SSL *s) 191280297Sjkim{ 19255714Skris 193280297Sjkim if (s->method == NULL) { 194280297Sjkim SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); 195280297Sjkim return (0); 196280297Sjkim } 19755714Skris 198280297Sjkim if (ssl_clear_bad_session(s)) { 199280297Sjkim SSL_SESSION_free(s->session); 200280297Sjkim s->session = NULL; 201280297Sjkim } 202100928Snectar 203280297Sjkim s->error = 0; 204280297Sjkim s->hit = 0; 205280297Sjkim s->shutdown = 0; 20655714Skris 207280297Sjkim#if 0 208280297Sjkim /* 209280297Sjkim * Disabled since version 1.10 of this file (early return not 210280297Sjkim * needed because SSL_clear is not called when doing renegotiation) 211280297Sjkim */ 212280297Sjkim /* 213280297Sjkim * This is set if we are doing dynamic renegotiation so keep 214280297Sjkim * the old cipher. It is sort of a SSL_clear_lite :-) 215280297Sjkim */ 216280297Sjkim if (s->renegotiate) 217280297Sjkim return (1); 21859191Skris#else 219280297Sjkim if (s->renegotiate) { 220280297Sjkim SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); 221280297Sjkim return 0; 222280297Sjkim } 22355714Skris#endif 22455714Skris 225280297Sjkim s->type = 0; 22655714Skris 227280297Sjkim s->state = SSL_ST_BEFORE | ((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); 22855714Skris 229280297Sjkim s->version = s->method->version; 230280297Sjkim s->client_version = s->version; 231280297Sjkim s->rwstate = SSL_NOTHING; 232280297Sjkim s->rstate = SSL_ST_READ_HEADER; 23372613Skris#if 0 234280297Sjkim s->read_ahead = s->ctx->read_ahead; 23572613Skris#endif 23655714Skris 237280297Sjkim if (s->init_buf != NULL) { 238280297Sjkim BUF_MEM_free(s->init_buf); 239280297Sjkim s->init_buf = NULL; 240280297Sjkim } 24155714Skris 242280297Sjkim ssl_clear_cipher_ctx(s); 243280297Sjkim ssl_clear_hash_ctx(&s->read_hash); 244280297Sjkim ssl_clear_hash_ctx(&s->write_hash); 24555714Skris 246280297Sjkim s->first_packet = 0; 247298998Sjkim#ifndef OPENSSL_NO_TLSEXT 248298998Sjkim if (s->cert != NULL) { 249298998Sjkim if (s->cert->alpn_proposed) { 250298998Sjkim OPENSSL_free(s->cert->alpn_proposed); 251298998Sjkim s->cert->alpn_proposed = NULL; 252298998Sjkim } 253298998Sjkim s->cert->alpn_proposed_len = 0; 254298998Sjkim s->cert->alpn_sent = 0; 255298998Sjkim } 256298998Sjkim#endif 25755714Skris#if 1 258280297Sjkim /* 259280297Sjkim * Check to see if we were changed into a different method, if so, revert 260280297Sjkim * back if we are not doing session-id reuse. 261280297Sjkim */ 262280297Sjkim if (!s->in_handshake && (s->session == NULL) 263280297Sjkim && (s->method != s->ctx->method)) { 264280297Sjkim s->method->ssl_free(s); 265280297Sjkim s->method = s->ctx->method; 266280297Sjkim if (!s->method->ssl_new(s)) 267280297Sjkim return (0); 268280297Sjkim } else 26955714Skris#endif 270280297Sjkim s->method->ssl_clear(s); 271280297Sjkim return (1); 272280297Sjkim} 27355714Skris 27455714Skris/** Used to change an SSL_CTXs default SSL method type */ 275280297Sjkimint SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) 276280297Sjkim{ 277280297Sjkim STACK_OF(SSL_CIPHER) *sk; 27855714Skris 279280297Sjkim ctx->method = meth; 28055714Skris 281280297Sjkim sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), 282280297Sjkim &(ctx->cipher_list_by_id), 283280297Sjkim meth->version == 284280297Sjkim SSL2_VERSION ? "SSLv2" : 285290207Sjkim SSL_DEFAULT_CIPHER_LIST, ctx->cert); 286280297Sjkim if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { 287280297Sjkim SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, 288280297Sjkim SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 289280297Sjkim return (0); 290280297Sjkim } 291280297Sjkim return (1); 292280297Sjkim} 29355714Skris 29455714SkrisSSL *SSL_new(SSL_CTX *ctx) 295280297Sjkim{ 296280297Sjkim SSL *s; 29755714Skris 298280297Sjkim if (ctx == NULL) { 299280297Sjkim SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); 300280297Sjkim return (NULL); 301280297Sjkim } 302280297Sjkim if (ctx->method == NULL) { 303280297Sjkim SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 304280297Sjkim return (NULL); 305280297Sjkim } 30655714Skris 307280297Sjkim s = (SSL *)OPENSSL_malloc(sizeof(SSL)); 308280297Sjkim if (s == NULL) 309280297Sjkim goto err; 310280297Sjkim memset(s, 0, sizeof(SSL)); 31155714Skris 312280297Sjkim#ifndef OPENSSL_NO_KRB5 313280297Sjkim s->kssl_ctx = kssl_ctx_new(); 314280297Sjkim#endif /* OPENSSL_NO_KRB5 */ 315109998Smarkm 316280297Sjkim s->options = ctx->options; 317280297Sjkim s->mode = ctx->mode; 318280297Sjkim s->max_cert_list = ctx->max_cert_list; 319291719Sjkim s->references = 1; 320109998Smarkm 321280297Sjkim if (ctx->cert != NULL) { 322280297Sjkim /* 323280297Sjkim * Earlier library versions used to copy the pointer to the CERT, not 324280297Sjkim * its contents; only when setting new parameters for the per-SSL 325280297Sjkim * copy, ssl_cert_new would be called (and the direct reference to 326280297Sjkim * the per-SSL_CTX settings would be lost, but those still were 327280297Sjkim * indirectly accessed for various purposes, and for that reason they 328280297Sjkim * used to be known as s->ctx->default_cert). Now we don't look at the 329280297Sjkim * SSL_CTX's CERT after having duplicated it once. 330280297Sjkim */ 33155714Skris 332280297Sjkim s->cert = ssl_cert_dup(ctx->cert); 333280297Sjkim if (s->cert == NULL) 334280297Sjkim goto err; 335280297Sjkim } else 336280297Sjkim s->cert = NULL; /* Cannot really happen (see SSL_CTX_new) */ 337109998Smarkm 338280297Sjkim s->read_ahead = ctx->read_ahead; 339280297Sjkim s->msg_callback = ctx->msg_callback; 340280297Sjkim s->msg_callback_arg = ctx->msg_callback_arg; 341280297Sjkim s->verify_mode = ctx->verify_mode; 342160814Ssimon#if 0 343280297Sjkim s->verify_depth = ctx->verify_depth; 344160814Ssimon#endif 345280297Sjkim s->sid_ctx_length = ctx->sid_ctx_length; 346280297Sjkim OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); 347280297Sjkim memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); 348280297Sjkim s->verify_callback = ctx->default_verify_callback; 349280297Sjkim s->generate_session_id = ctx->generate_session_id; 350160814Ssimon 351280297Sjkim s->param = X509_VERIFY_PARAM_new(); 352280297Sjkim if (!s->param) 353280297Sjkim goto err; 354280297Sjkim X509_VERIFY_PARAM_inherit(s->param, ctx->param); 355160814Ssimon#if 0 356280297Sjkim s->purpose = ctx->purpose; 357280297Sjkim s->trust = ctx->trust; 358160814Ssimon#endif 359280297Sjkim s->quiet_shutdown = ctx->quiet_shutdown; 360280297Sjkim s->max_send_fragment = ctx->max_send_fragment; 361109998Smarkm 362280297Sjkim CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 363280297Sjkim s->ctx = ctx; 364194206Ssimon#ifndef OPENSSL_NO_TLSEXT 365280297Sjkim s->tlsext_debug_cb = 0; 366280297Sjkim s->tlsext_debug_arg = NULL; 367280297Sjkim s->tlsext_ticket_expected = 0; 368280297Sjkim s->tlsext_status_type = -1; 369280297Sjkim s->tlsext_status_expected = 0; 370280297Sjkim s->tlsext_ocsp_ids = NULL; 371280297Sjkim s->tlsext_ocsp_exts = NULL; 372280297Sjkim s->tlsext_ocsp_resp = NULL; 373280297Sjkim s->tlsext_ocsp_resplen = -1; 374280297Sjkim CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 375280297Sjkim s->initial_ctx = ctx; 376290207Sjkim# ifndef OPENSSL_NO_EC 377290207Sjkim if (ctx->tlsext_ecpointformatlist) { 378290207Sjkim s->tlsext_ecpointformatlist = 379290207Sjkim BUF_memdup(ctx->tlsext_ecpointformatlist, 380290207Sjkim ctx->tlsext_ecpointformatlist_length); 381290207Sjkim if (!s->tlsext_ecpointformatlist) 382290207Sjkim goto err; 383290207Sjkim s->tlsext_ecpointformatlist_length = 384290207Sjkim ctx->tlsext_ecpointformatlist_length; 385290207Sjkim } 386290207Sjkim if (ctx->tlsext_ellipticcurvelist) { 387290207Sjkim s->tlsext_ellipticcurvelist = 388290207Sjkim BUF_memdup(ctx->tlsext_ellipticcurvelist, 389290207Sjkim ctx->tlsext_ellipticcurvelist_length); 390290207Sjkim if (!s->tlsext_ellipticcurvelist) 391290207Sjkim goto err; 392290207Sjkim s->tlsext_ellipticcurvelist_length = 393290207Sjkim ctx->tlsext_ellipticcurvelist_length; 394290207Sjkim } 395290207Sjkim# endif 396238405Sjkim# ifndef OPENSSL_NO_NEXTPROTONEG 397280297Sjkim s->next_proto_negotiated = NULL; 398238405Sjkim# endif 399290207Sjkim 400290207Sjkim if (s->ctx->alpn_client_proto_list) { 401290207Sjkim s->alpn_client_proto_list = 402290207Sjkim OPENSSL_malloc(s->ctx->alpn_client_proto_list_len); 403290207Sjkim if (s->alpn_client_proto_list == NULL) 404290207Sjkim goto err; 405290207Sjkim memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list, 406290207Sjkim s->ctx->alpn_client_proto_list_len); 407290207Sjkim s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len; 408290207Sjkim } 409194206Ssimon#endif 410238405Sjkim 411280297Sjkim s->verify_result = X509_V_OK; 41255714Skris 413280297Sjkim s->method = ctx->method; 41455714Skris 415280297Sjkim if (!s->method->ssl_new(s)) 416280297Sjkim goto err; 41755714Skris 418280297Sjkim s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; 419109998Smarkm 420280297Sjkim SSL_clear(s); 42155714Skris 422280297Sjkim CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 42355714Skris 424238405Sjkim#ifndef OPENSSL_NO_PSK 425280297Sjkim s->psk_client_callback = ctx->psk_client_callback; 426280297Sjkim s->psk_server_callback = ctx->psk_server_callback; 427238405Sjkim#endif 428238405Sjkim 429280297Sjkim return (s); 430280297Sjkim err: 431280297Sjkim if (s != NULL) 432280297Sjkim SSL_free(s); 433280297Sjkim SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); 434280297Sjkim return (NULL); 435280297Sjkim} 43655714Skris 437280297Sjkimint SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, 438280297Sjkim unsigned int sid_ctx_len) 439280297Sjkim{ 440280297Sjkim if (sid_ctx_len > sizeof ctx->sid_ctx) { 441280297Sjkim SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, 442280297Sjkim SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 443280297Sjkim return 0; 444280297Sjkim } 445280297Sjkim ctx->sid_ctx_length = sid_ctx_len; 446280297Sjkim memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); 44755714Skris 44855714Skris return 1; 449280297Sjkim} 450280297Sjkim 451280297Sjkimint SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, 452280297Sjkim unsigned int sid_ctx_len) 453280297Sjkim{ 454280297Sjkim if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 455280297Sjkim SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, 456280297Sjkim SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 457280297Sjkim return 0; 45855714Skris } 459280297Sjkim ssl->sid_ctx_length = sid_ctx_len; 460280297Sjkim memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); 46155714Skris 46255714Skris return 1; 463280297Sjkim} 46455714Skris 465109998Smarkmint SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) 466280297Sjkim{ 467280297Sjkim CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 468280297Sjkim ctx->generate_session_id = cb; 469280297Sjkim CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 470280297Sjkim return 1; 471280297Sjkim} 472109998Smarkm 473109998Smarkmint SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) 474280297Sjkim{ 475280297Sjkim CRYPTO_w_lock(CRYPTO_LOCK_SSL); 476280297Sjkim ssl->generate_session_id = cb; 477280297Sjkim CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 478280297Sjkim return 1; 479280297Sjkim} 48059191Skris 481109998Smarkmint SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 482280297Sjkim unsigned int id_len) 483280297Sjkim{ 484280297Sjkim /* 485280297Sjkim * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how 486280297Sjkim * we can "construct" a session to give us the desired check - ie. to 487280297Sjkim * find if there's a session in the hash table that would conflict with 488280297Sjkim * any new session built out of this id/id_len and the ssl_version in use 489280297Sjkim * by this SSL. 490280297Sjkim */ 491280297Sjkim SSL_SESSION r, *p; 492109998Smarkm 493280297Sjkim if (id_len > sizeof r.session_id) 494280297Sjkim return 0; 495109998Smarkm 496280297Sjkim r.ssl_version = ssl->version; 497280297Sjkim r.session_id_length = id_len; 498280297Sjkim memcpy(r.session_id, id, id_len); 499280297Sjkim /* 500280297Sjkim * NB: SSLv2 always uses a fixed 16-byte session ID, so even if a 501280297Sjkim * callback is calling us to check the uniqueness of a shorter ID, it 502280297Sjkim * must be compared as a padded-out ID because that is what it will be 503280297Sjkim * converted to when the callback has finished choosing it. 504280297Sjkim */ 505280297Sjkim if ((r.ssl_version == SSL2_VERSION) && 506280297Sjkim (id_len < SSL2_SSL_SESSION_ID_LENGTH)) { 507280297Sjkim memset(r.session_id + id_len, 0, SSL2_SSL_SESSION_ID_LENGTH - id_len); 508280297Sjkim r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; 509280297Sjkim } 510109998Smarkm 511280297Sjkim CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 512280297Sjkim p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); 513280297Sjkim CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 514280297Sjkim return (p != NULL); 515280297Sjkim} 516109998Smarkm 517109998Smarkmint SSL_CTX_set_purpose(SSL_CTX *s, int purpose) 518280297Sjkim{ 519280297Sjkim return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 520280297Sjkim} 521109998Smarkm 522109998Smarkmint SSL_set_purpose(SSL *s, int purpose) 523280297Sjkim{ 524280297Sjkim return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 525280297Sjkim} 526109998Smarkm 52759191Skrisint SSL_CTX_set_trust(SSL_CTX *s, int trust) 528280297Sjkim{ 529280297Sjkim return X509_VERIFY_PARAM_set_trust(s->param, trust); 530280297Sjkim} 53159191Skris 53259191Skrisint SSL_set_trust(SSL *s, int trust) 533280297Sjkim{ 534280297Sjkim return X509_VERIFY_PARAM_set_trust(s->param, trust); 535280297Sjkim} 53659191Skris 537238405Sjkimint SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) 538280297Sjkim{ 539280297Sjkim return X509_VERIFY_PARAM_set1(ctx->param, vpm); 540280297Sjkim} 541238405Sjkim 542238405Sjkimint SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) 543280297Sjkim{ 544280297Sjkim return X509_VERIFY_PARAM_set1(ssl->param, vpm); 545280297Sjkim} 546238405Sjkim 547290207SjkimX509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) 548290207Sjkim{ 549290207Sjkim return ctx->param; 550290207Sjkim} 551290207Sjkim 552290207SjkimX509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) 553290207Sjkim{ 554290207Sjkim return ssl->param; 555290207Sjkim} 556290207Sjkim 557290207Sjkimvoid SSL_certs_clear(SSL *s) 558290207Sjkim{ 559290207Sjkim ssl_cert_clear_certs(s->cert); 560290207Sjkim} 561290207Sjkim 56255714Skrisvoid SSL_free(SSL *s) 563280297Sjkim{ 564280297Sjkim int i; 56555714Skris 566280297Sjkim if (s == NULL) 567280297Sjkim return; 56855714Skris 569280297Sjkim i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); 57055714Skris#ifdef REF_PRINT 571280297Sjkim REF_PRINT("SSL", s); 57255714Skris#endif 573280297Sjkim if (i > 0) 574280297Sjkim return; 57555714Skris#ifdef REF_CHECK 576280297Sjkim if (i < 0) { 577280297Sjkim fprintf(stderr, "SSL_free, bad reference count\n"); 578280297Sjkim abort(); /* ok */ 579280297Sjkim } 58055714Skris#endif 58155714Skris 582280297Sjkim if (s->param) 583280297Sjkim X509_VERIFY_PARAM_free(s->param); 584160814Ssimon 585280297Sjkim CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 58655714Skris 587280297Sjkim if (s->bbio != NULL) { 588280297Sjkim /* If the buffering BIO is in place, pop it off */ 589280297Sjkim if (s->bbio == s->wbio) { 590280297Sjkim s->wbio = BIO_pop(s->wbio); 591280297Sjkim } 592280297Sjkim BIO_free(s->bbio); 593280297Sjkim s->bbio = NULL; 594280297Sjkim } 595280297Sjkim if (s->rbio != NULL) 596280297Sjkim BIO_free_all(s->rbio); 597280297Sjkim if ((s->wbio != NULL) && (s->wbio != s->rbio)) 598280297Sjkim BIO_free_all(s->wbio); 59955714Skris 600280297Sjkim if (s->init_buf != NULL) 601280297Sjkim BUF_MEM_free(s->init_buf); 60255714Skris 603280297Sjkim /* add extra stuff */ 604280297Sjkim if (s->cipher_list != NULL) 605280297Sjkim sk_SSL_CIPHER_free(s->cipher_list); 606280297Sjkim if (s->cipher_list_by_id != NULL) 607280297Sjkim sk_SSL_CIPHER_free(s->cipher_list_by_id); 60855714Skris 609280297Sjkim /* Make the next call work :-) */ 610280297Sjkim if (s->session != NULL) { 611280297Sjkim ssl_clear_bad_session(s); 612280297Sjkim SSL_SESSION_free(s->session); 613280297Sjkim } 61455714Skris 615280297Sjkim ssl_clear_cipher_ctx(s); 616280297Sjkim ssl_clear_hash_ctx(&s->read_hash); 617280297Sjkim ssl_clear_hash_ctx(&s->write_hash); 61855714Skris 619280297Sjkim if (s->cert != NULL) 620280297Sjkim ssl_cert_free(s->cert); 621280297Sjkim /* Free up if allocated */ 62255714Skris 623194206Ssimon#ifndef OPENSSL_NO_TLSEXT 624280297Sjkim if (s->tlsext_hostname) 625280297Sjkim OPENSSL_free(s->tlsext_hostname); 626280297Sjkim if (s->initial_ctx) 627280297Sjkim SSL_CTX_free(s->initial_ctx); 628280297Sjkim# ifndef OPENSSL_NO_EC 629280297Sjkim if (s->tlsext_ecpointformatlist) 630280297Sjkim OPENSSL_free(s->tlsext_ecpointformatlist); 631280297Sjkim if (s->tlsext_ellipticcurvelist) 632280297Sjkim OPENSSL_free(s->tlsext_ellipticcurvelist); 633280297Sjkim# endif /* OPENSSL_NO_EC */ 634280297Sjkim if (s->tlsext_opaque_prf_input) 635280297Sjkim OPENSSL_free(s->tlsext_opaque_prf_input); 636280297Sjkim if (s->tlsext_ocsp_exts) 637280297Sjkim sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); 638280297Sjkim if (s->tlsext_ocsp_ids) 639280297Sjkim sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 640280297Sjkim if (s->tlsext_ocsp_resp) 641280297Sjkim OPENSSL_free(s->tlsext_ocsp_resp); 642290207Sjkim if (s->alpn_client_proto_list) 643290207Sjkim OPENSSL_free(s->alpn_client_proto_list); 644194206Ssimon#endif 645238405Sjkim 646280297Sjkim if (s->client_CA != NULL) 647280297Sjkim sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); 64855714Skris 649280297Sjkim if (s->method != NULL) 650280297Sjkim s->method->ssl_free(s); 65155714Skris 652280297Sjkim if (s->ctx) 653280297Sjkim SSL_CTX_free(s->ctx); 654205128Ssimon 655280297Sjkim#ifndef OPENSSL_NO_KRB5 656280297Sjkim if (s->kssl_ctx != NULL) 657280297Sjkim kssl_ctx_free(s->kssl_ctx); 658280297Sjkim#endif /* OPENSSL_NO_KRB5 */ 659120631Snectar 660238405Sjkim#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 661280297Sjkim if (s->next_proto_negotiated) 662280297Sjkim OPENSSL_free(s->next_proto_negotiated); 663238405Sjkim#endif 664238405Sjkim 665246772Sjkim#ifndef OPENSSL_NO_SRTP 666280297Sjkim if (s->srtp_profiles) 667280297Sjkim sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); 668246772Sjkim#endif 669238405Sjkim 670280297Sjkim OPENSSL_free(s); 671280297Sjkim} 67255714Skris 673280297Sjkimvoid SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) 674280297Sjkim{ 675280297Sjkim /* 676280297Sjkim * If the output buffering BIO is still in place, remove it 677280297Sjkim */ 678280297Sjkim if (s->bbio != NULL) { 679280297Sjkim if (s->wbio == s->bbio) { 680280297Sjkim s->wbio = s->wbio->next_bio; 681280297Sjkim s->bbio->next_bio = NULL; 682280297Sjkim } 683280297Sjkim } 684280297Sjkim if ((s->rbio != NULL) && (s->rbio != rbio)) 685280297Sjkim BIO_free_all(s->rbio); 686280297Sjkim if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) 687280297Sjkim BIO_free_all(s->wbio); 688280297Sjkim s->rbio = rbio; 689280297Sjkim s->wbio = wbio; 690280297Sjkim} 69155714Skris 692160814SsimonBIO *SSL_get_rbio(const SSL *s) 693280297Sjkim{ 694280297Sjkim return (s->rbio); 695280297Sjkim} 69655714Skris 697160814SsimonBIO *SSL_get_wbio(const SSL *s) 698280297Sjkim{ 699280297Sjkim return (s->wbio); 700280297Sjkim} 70155714Skris 702160814Ssimonint SSL_get_fd(const SSL *s) 703280297Sjkim{ 704280297Sjkim return (SSL_get_rfd(s)); 705280297Sjkim} 70689837Skris 707160814Ssimonint SSL_get_rfd(const SSL *s) 708280297Sjkim{ 709280297Sjkim int ret = -1; 710280297Sjkim BIO *b, *r; 71155714Skris 712280297Sjkim b = SSL_get_rbio(s); 713280297Sjkim r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 714280297Sjkim if (r != NULL) 715280297Sjkim BIO_get_fd(r, &ret); 716280297Sjkim return (ret); 717280297Sjkim} 71855714Skris 719160814Ssimonint SSL_get_wfd(const SSL *s) 720280297Sjkim{ 721280297Sjkim int ret = -1; 722280297Sjkim BIO *b, *r; 72389837Skris 724280297Sjkim b = SSL_get_wbio(s); 725280297Sjkim r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 726280297Sjkim if (r != NULL) 727280297Sjkim BIO_get_fd(r, &ret); 728280297Sjkim return (ret); 729280297Sjkim} 73089837Skris 731109998Smarkm#ifndef OPENSSL_NO_SOCK 732280297Sjkimint SSL_set_fd(SSL *s, int fd) 733280297Sjkim{ 734280297Sjkim int ret = 0; 735280297Sjkim BIO *bio = NULL; 73655714Skris 737280297Sjkim bio = BIO_new(BIO_s_socket()); 73855714Skris 739280297Sjkim if (bio == NULL) { 740280297Sjkim SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); 741280297Sjkim goto err; 742280297Sjkim } 743280297Sjkim BIO_set_fd(bio, fd, BIO_NOCLOSE); 744280297Sjkim SSL_set_bio(s, bio, bio); 745280297Sjkim ret = 1; 746280297Sjkim err: 747280297Sjkim return (ret); 748280297Sjkim} 74955714Skris 750280297Sjkimint SSL_set_wfd(SSL *s, int fd) 751280297Sjkim{ 752280297Sjkim int ret = 0; 753280297Sjkim BIO *bio = NULL; 75455714Skris 755280297Sjkim if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) 756280297Sjkim || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { 757280297Sjkim bio = BIO_new(BIO_s_socket()); 75855714Skris 759280297Sjkim if (bio == NULL) { 760280297Sjkim SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); 761280297Sjkim goto err; 762280297Sjkim } 763280297Sjkim BIO_set_fd(bio, fd, BIO_NOCLOSE); 764280297Sjkim SSL_set_bio(s, SSL_get_rbio(s), bio); 765280297Sjkim } else 766280297Sjkim SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); 767280297Sjkim ret = 1; 768280297Sjkim err: 769280297Sjkim return (ret); 770280297Sjkim} 77155714Skris 772280297Sjkimint SSL_set_rfd(SSL *s, int fd) 773280297Sjkim{ 774280297Sjkim int ret = 0; 775280297Sjkim BIO *bio = NULL; 77655714Skris 777280297Sjkim if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) 778280297Sjkim || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { 779280297Sjkim bio = BIO_new(BIO_s_socket()); 78055714Skris 781280297Sjkim if (bio == NULL) { 782280297Sjkim SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); 783280297Sjkim goto err; 784280297Sjkim } 785280297Sjkim BIO_set_fd(bio, fd, BIO_NOCLOSE); 786280297Sjkim SSL_set_bio(s, bio, SSL_get_wbio(s)); 787280297Sjkim } else 788280297Sjkim SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); 789280297Sjkim ret = 1; 790280297Sjkim err: 791280297Sjkim return (ret); 792280297Sjkim} 79355714Skris#endif 79455714Skris 79559191Skris/* return length of latest Finished message we sent, copy to 'buf' */ 796160814Ssimonsize_t SSL_get_finished(const SSL *s, void *buf, size_t count) 797280297Sjkim{ 798280297Sjkim size_t ret = 0; 79959191Skris 800280297Sjkim if (s->s3 != NULL) { 801280297Sjkim ret = s->s3->tmp.finish_md_len; 802280297Sjkim if (count > ret) 803280297Sjkim count = ret; 804280297Sjkim memcpy(buf, s->s3->tmp.finish_md, count); 805280297Sjkim } 806280297Sjkim return ret; 807280297Sjkim} 808280297Sjkim 80959191Skris/* return length of latest Finished message we expected, copy to 'buf' */ 810160814Ssimonsize_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) 811280297Sjkim{ 812280297Sjkim size_t ret = 0; 81359191Skris 814280297Sjkim if (s->s3 != NULL) { 815280297Sjkim ret = s->s3->tmp.peer_finish_md_len; 816280297Sjkim if (count > ret) 817280297Sjkim count = ret; 818280297Sjkim memcpy(buf, s->s3->tmp.peer_finish_md, count); 819280297Sjkim } 820280297Sjkim return ret; 821280297Sjkim} 82259191Skris 823160814Ssimonint SSL_get_verify_mode(const SSL *s) 824280297Sjkim{ 825280297Sjkim return (s->verify_mode); 826280297Sjkim} 82755714Skris 828160814Ssimonint SSL_get_verify_depth(const SSL *s) 829280297Sjkim{ 830280297Sjkim return X509_VERIFY_PARAM_get_depth(s->param); 831280297Sjkim} 83255714Skris 833280297Sjkimint (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) { 834280297Sjkim return (s->verify_callback); 835280297Sjkim} 83655714Skris 837160814Ssimonint SSL_CTX_get_verify_mode(const SSL_CTX *ctx) 838280297Sjkim{ 839280297Sjkim return (ctx->verify_mode); 840280297Sjkim} 84155714Skris 842160814Ssimonint SSL_CTX_get_verify_depth(const SSL_CTX *ctx) 843280297Sjkim{ 844280297Sjkim return X509_VERIFY_PARAM_get_depth(ctx->param); 845280297Sjkim} 84655714Skris 847280297Sjkimint (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) { 848280297Sjkim return (ctx->default_verify_callback); 849280297Sjkim} 85055714Skris 851280297Sjkimvoid SSL_set_verify(SSL *s, int mode, 852280297Sjkim int (*callback) (int ok, X509_STORE_CTX *ctx)) 853280297Sjkim{ 854280297Sjkim s->verify_mode = mode; 855280297Sjkim if (callback != NULL) 856280297Sjkim s->verify_callback = callback; 857280297Sjkim} 85855714Skris 859280297Sjkimvoid SSL_set_verify_depth(SSL *s, int depth) 860280297Sjkim{ 861280297Sjkim X509_VERIFY_PARAM_set_depth(s->param, depth); 862280297Sjkim} 86355714Skris 864280297Sjkimvoid SSL_set_read_ahead(SSL *s, int yes) 865280297Sjkim{ 866280297Sjkim s->read_ahead = yes; 867280297Sjkim} 86855714Skris 869160814Ssimonint SSL_get_read_ahead(const SSL *s) 870280297Sjkim{ 871280297Sjkim return (s->read_ahead); 872280297Sjkim} 87355714Skris 874160814Ssimonint SSL_pending(const SSL *s) 875280297Sjkim{ 876280297Sjkim /* 877280297Sjkim * SSL_pending cannot work properly if read-ahead is enabled 878280297Sjkim * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is 879280297Sjkim * impossible to fix since SSL_pending cannot report errors that may be 880280297Sjkim * observed while scanning the new data. (Note that SSL_pending() is 881280297Sjkim * often used as a boolean value, so we'd better not return -1.) 882280297Sjkim */ 883280297Sjkim return (s->method->ssl_pending(s)); 884280297Sjkim} 88555714Skris 886160814SsimonX509 *SSL_get_peer_certificate(const SSL *s) 887280297Sjkim{ 888280297Sjkim X509 *r; 88955714Skris 890280297Sjkim if ((s == NULL) || (s->session == NULL)) 891280297Sjkim r = NULL; 892280297Sjkim else 893280297Sjkim r = s->session->peer; 89455714Skris 895280297Sjkim if (r == NULL) 896280297Sjkim return (r); 89755714Skris 898280297Sjkim CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509); 89955714Skris 900280297Sjkim return (r); 901280297Sjkim} 902280297Sjkim 903160814SsimonSTACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) 904280297Sjkim{ 905280297Sjkim STACK_OF(X509) *r; 90655714Skris 907280297Sjkim if ((s == NULL) || (s->session == NULL) 908280297Sjkim || (s->session->sess_cert == NULL)) 909280297Sjkim r = NULL; 910280297Sjkim else 911280297Sjkim r = s->session->sess_cert->cert_chain; 91255714Skris 913280297Sjkim /* 914280297Sjkim * If we are a client, cert_chain includes the peer's own certificate; if 915280297Sjkim * we are a server, it does not. 916280297Sjkim */ 91755714Skris 918280297Sjkim return (r); 919280297Sjkim} 92055714Skris 921280297Sjkim/* 922280297Sjkim * Now in theory, since the calling process own 't' it should be safe to 923280297Sjkim * modify. We need to be able to read f without being hassled 924280297Sjkim */ 925280297Sjkimvoid SSL_copy_session_id(SSL *t, const SSL *f) 926280297Sjkim{ 927280297Sjkim CERT *tmp; 92855714Skris 929280297Sjkim /* Do we need to to SSL locking? */ 930280297Sjkim SSL_set_session(t, SSL_get_session(f)); 93155714Skris 932280297Sjkim /* 933280297Sjkim * what if we are setup as SSLv2 but want to talk SSLv3 or vice-versa 934280297Sjkim */ 935280297Sjkim if (t->method != f->method) { 936280297Sjkim t->method->ssl_free(t); /* cleanup current */ 937280297Sjkim t->method = f->method; /* change method */ 938280297Sjkim t->method->ssl_new(t); /* setup new */ 939280297Sjkim } 940280297Sjkim 941280297Sjkim tmp = t->cert; 942280297Sjkim if (f->cert != NULL) { 943280297Sjkim CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); 944280297Sjkim t->cert = f->cert; 945280297Sjkim } else 946280297Sjkim t->cert = NULL; 947280297Sjkim if (tmp != NULL) 948280297Sjkim ssl_cert_free(tmp); 949280297Sjkim SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length); 950280297Sjkim} 951280297Sjkim 95255714Skris/* Fix this so it checks all the valid key/cert options */ 953160814Ssimonint SSL_CTX_check_private_key(const SSL_CTX *ctx) 954280297Sjkim{ 955280297Sjkim if ((ctx == NULL) || 956280297Sjkim (ctx->cert == NULL) || (ctx->cert->key->x509 == NULL)) { 957280297Sjkim SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, 958280297Sjkim SSL_R_NO_CERTIFICATE_ASSIGNED); 959280297Sjkim return (0); 960280297Sjkim } 961280297Sjkim if (ctx->cert->key->privatekey == NULL) { 962280297Sjkim SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, 963280297Sjkim SSL_R_NO_PRIVATE_KEY_ASSIGNED); 964280297Sjkim return (0); 965280297Sjkim } 966280297Sjkim return (X509_check_private_key 967280297Sjkim (ctx->cert->key->x509, ctx->cert->key->privatekey)); 968280297Sjkim} 96955714Skris 97055714Skris/* Fix this function so that it takes an optional type parameter */ 971160814Ssimonint SSL_check_private_key(const SSL *ssl) 972280297Sjkim{ 973280297Sjkim if (ssl == NULL) { 974280297Sjkim SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); 975280297Sjkim return (0); 976280297Sjkim } 977280297Sjkim if (ssl->cert == NULL) { 978280297Sjkim SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); 979280297Sjkim return 0; 980280297Sjkim } 981280297Sjkim if (ssl->cert->key->x509 == NULL) { 982280297Sjkim SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); 983280297Sjkim return (0); 984280297Sjkim } 985280297Sjkim if (ssl->cert->key->privatekey == NULL) { 986280297Sjkim SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 987280297Sjkim return (0); 988280297Sjkim } 989280297Sjkim return (X509_check_private_key(ssl->cert->key->x509, 990280297Sjkim ssl->cert->key->privatekey)); 991280297Sjkim} 99255714Skris 99355714Skrisint SSL_accept(SSL *s) 994280297Sjkim{ 995280297Sjkim if (s->handshake_func == 0) 996280297Sjkim /* Not properly initialized yet */ 997280297Sjkim SSL_set_accept_state(s); 99855714Skris 999280297Sjkim return (s->method->ssl_accept(s)); 1000280297Sjkim} 100155714Skris 100255714Skrisint SSL_connect(SSL *s) 1003280297Sjkim{ 1004280297Sjkim if (s->handshake_func == 0) 1005280297Sjkim /* Not properly initialized yet */ 1006280297Sjkim SSL_set_connect_state(s); 100755714Skris 1008280297Sjkim return (s->method->ssl_connect(s)); 1009280297Sjkim} 101055714Skris 1011160814Ssimonlong SSL_get_default_timeout(const SSL *s) 1012280297Sjkim{ 1013280297Sjkim return (s->method->get_timeout()); 1014280297Sjkim} 101555714Skris 1016280297Sjkimint SSL_read(SSL *s, void *buf, int num) 1017280297Sjkim{ 1018280297Sjkim if (s->handshake_func == 0) { 1019280297Sjkim SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); 1020280297Sjkim return -1; 1021280297Sjkim } 102255714Skris 1023280297Sjkim if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1024280297Sjkim s->rwstate = SSL_NOTHING; 1025280297Sjkim return (0); 1026280297Sjkim } 1027280297Sjkim return (s->method->ssl_read(s, buf, num)); 1028280297Sjkim} 102955714Skris 1030280297Sjkimint SSL_peek(SSL *s, void *buf, int num) 1031280297Sjkim{ 1032280297Sjkim if (s->handshake_func == 0) { 1033280297Sjkim SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); 1034280297Sjkim return -1; 1035280297Sjkim } 103676866Skris 1037280297Sjkim if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1038280297Sjkim return (0); 1039280297Sjkim } 1040280297Sjkim return (s->method->ssl_peek(s, buf, num)); 1041280297Sjkim} 104255714Skris 1043280297Sjkimint SSL_write(SSL *s, const void *buf, int num) 1044280297Sjkim{ 1045280297Sjkim if (s->handshake_func == 0) { 1046280297Sjkim SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); 1047280297Sjkim return -1; 1048280297Sjkim } 104955714Skris 1050280297Sjkim if (s->shutdown & SSL_SENT_SHUTDOWN) { 1051280297Sjkim s->rwstate = SSL_NOTHING; 1052280297Sjkim SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); 1053280297Sjkim return (-1); 1054280297Sjkim } 1055280297Sjkim return (s->method->ssl_write(s, buf, num)); 1056280297Sjkim} 105755714Skris 105855714Skrisint SSL_shutdown(SSL *s) 1059280297Sjkim{ 1060280297Sjkim /* 1061280297Sjkim * Note that this function behaves differently from what one might 1062280297Sjkim * expect. Return values are 0 for no success (yet), 1 for success; but 1063280297Sjkim * calling it once is usually not enough, even if blocking I/O is used 1064280297Sjkim * (see ssl3_shutdown). 1065280297Sjkim */ 106655714Skris 1067280297Sjkim if (s->handshake_func == 0) { 1068280297Sjkim SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); 1069280297Sjkim return -1; 1070280297Sjkim } 107155714Skris 1072296279Sjkim if (!SSL_in_init(s)) { 1073296279Sjkim return s->method->ssl_shutdown(s); 1074296279Sjkim } else { 1075296279Sjkim SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT); 1076296279Sjkim return -1; 1077296279Sjkim } 1078280297Sjkim} 107955714Skris 108055714Skrisint SSL_renegotiate(SSL *s) 1081280297Sjkim{ 1082280297Sjkim if (s->renegotiate == 0) 1083280297Sjkim s->renegotiate = 1; 1084238405Sjkim 1085280297Sjkim s->new_session = 1; 1086238405Sjkim 1087280297Sjkim return (s->method->ssl_renegotiate(s)); 1088280297Sjkim} 108955714Skris 1090238405Sjkimint SSL_renegotiate_abbreviated(SSL *s) 1091280297Sjkim{ 1092280297Sjkim if (s->renegotiate == 0) 1093280297Sjkim s->renegotiate = 1; 1094238405Sjkim 1095280297Sjkim s->new_session = 0; 1096238405Sjkim 1097280297Sjkim return (s->method->ssl_renegotiate(s)); 1098280297Sjkim} 1099238405Sjkim 1100109998Smarkmint SSL_renegotiate_pending(SSL *s) 1101280297Sjkim{ 1102280297Sjkim /* 1103280297Sjkim * becomes true when negotiation is requested; false again once a 1104280297Sjkim * handshake has finished 1105280297Sjkim */ 1106280297Sjkim return (s->renegotiate != 0); 1107280297Sjkim} 1108109998Smarkm 1109280297Sjkimlong SSL_ctrl(SSL *s, int cmd, long larg, void *parg) 1110280297Sjkim{ 1111280297Sjkim long l; 111255714Skris 1113280297Sjkim switch (cmd) { 1114280297Sjkim case SSL_CTRL_GET_READ_AHEAD: 1115280297Sjkim return (s->read_ahead); 1116280297Sjkim case SSL_CTRL_SET_READ_AHEAD: 1117280297Sjkim l = s->read_ahead; 1118280297Sjkim s->read_ahead = larg; 1119280297Sjkim return (l); 1120109998Smarkm 1121280297Sjkim case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1122280297Sjkim s->msg_callback_arg = parg; 1123280297Sjkim return 1; 1124109998Smarkm 1125280297Sjkim case SSL_CTRL_OPTIONS: 1126280297Sjkim return (s->options |= larg); 1127280297Sjkim case SSL_CTRL_CLEAR_OPTIONS: 1128280297Sjkim return (s->options &= ~larg); 1129280297Sjkim case SSL_CTRL_MODE: 1130280297Sjkim return (s->mode |= larg); 1131280297Sjkim case SSL_CTRL_CLEAR_MODE: 1132280297Sjkim return (s->mode &= ~larg); 1133280297Sjkim case SSL_CTRL_GET_MAX_CERT_LIST: 1134280297Sjkim return (s->max_cert_list); 1135280297Sjkim case SSL_CTRL_SET_MAX_CERT_LIST: 1136280297Sjkim l = s->max_cert_list; 1137280297Sjkim s->max_cert_list = larg; 1138280297Sjkim return (l); 1139280297Sjkim case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1140280297Sjkim if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1141280297Sjkim return 0; 1142280297Sjkim s->max_send_fragment = larg; 1143280297Sjkim return 1; 1144280297Sjkim case SSL_CTRL_GET_RI_SUPPORT: 1145280297Sjkim if (s->s3) 1146280297Sjkim return s->s3->send_connection_binding; 1147280297Sjkim else 1148280297Sjkim return 0; 1149290207Sjkim case SSL_CTRL_CERT_FLAGS: 1150290207Sjkim return (s->cert->cert_flags |= larg); 1151290207Sjkim case SSL_CTRL_CLEAR_CERT_FLAGS: 1152290207Sjkim return (s->cert->cert_flags &= ~larg); 1153290207Sjkim 1154290207Sjkim case SSL_CTRL_GET_RAW_CIPHERLIST: 1155290207Sjkim if (parg) { 1156290207Sjkim if (s->cert->ciphers_raw == NULL) 1157290207Sjkim return 0; 1158290207Sjkim *(unsigned char **)parg = s->cert->ciphers_raw; 1159290207Sjkim return (int)s->cert->ciphers_rawlen; 1160290207Sjkim } else 1161290207Sjkim return ssl_put_cipher_by_char(s, NULL, NULL); 1162280297Sjkim default: 1163280297Sjkim return (s->method->ssl_ctrl(s, cmd, larg, parg)); 1164280297Sjkim } 1165280297Sjkim} 116655714Skris 1167280297Sjkimlong SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) 1168280297Sjkim{ 1169280297Sjkim switch (cmd) { 1170280297Sjkim case SSL_CTRL_SET_MSG_CALLBACK: 1171280297Sjkim s->msg_callback = (void (*) 1172280297Sjkim (int write_p, int version, int content_type, 1173280297Sjkim const void *buf, size_t len, SSL *ssl, 1174280297Sjkim void *arg))(fp); 1175280297Sjkim return 1; 117659191Skris 1177280297Sjkim default: 1178280297Sjkim return (s->method->ssl_callback_ctrl(s, cmd, fp)); 1179280297Sjkim } 1180280297Sjkim} 1181280297Sjkim 1182238405SjkimLHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) 1183280297Sjkim{ 1184280297Sjkim return ctx->sessions; 1185280297Sjkim} 118659191Skris 1187280297Sjkimlong SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 1188280297Sjkim{ 1189280297Sjkim long l; 1190290207Sjkim /* For some cases with ctx == NULL perform syntax checks */ 1191290207Sjkim if (ctx == NULL) { 1192290207Sjkim switch (cmd) { 1193290207Sjkim#ifndef OPENSSL_NO_EC 1194290207Sjkim case SSL_CTRL_SET_CURVES_LIST: 1195290207Sjkim return tls1_set_curves_list(NULL, NULL, parg); 1196290207Sjkim#endif 1197290207Sjkim case SSL_CTRL_SET_SIGALGS_LIST: 1198290207Sjkim case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: 1199290207Sjkim return tls1_set_sigalgs_list(NULL, parg, 0); 1200290207Sjkim default: 1201290207Sjkim return 0; 1202290207Sjkim } 1203290207Sjkim } 120455714Skris 1205280297Sjkim switch (cmd) { 1206280297Sjkim case SSL_CTRL_GET_READ_AHEAD: 1207280297Sjkim return (ctx->read_ahead); 1208280297Sjkim case SSL_CTRL_SET_READ_AHEAD: 1209280297Sjkim l = ctx->read_ahead; 1210280297Sjkim ctx->read_ahead = larg; 1211280297Sjkim return (l); 121255714Skris 1213280297Sjkim case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1214280297Sjkim ctx->msg_callback_arg = parg; 1215280297Sjkim return 1; 1216109998Smarkm 1217280297Sjkim case SSL_CTRL_GET_MAX_CERT_LIST: 1218280297Sjkim return (ctx->max_cert_list); 1219280297Sjkim case SSL_CTRL_SET_MAX_CERT_LIST: 1220280297Sjkim l = ctx->max_cert_list; 1221280297Sjkim ctx->max_cert_list = larg; 1222280297Sjkim return (l); 122355714Skris 1224280297Sjkim case SSL_CTRL_SET_SESS_CACHE_SIZE: 1225280297Sjkim l = ctx->session_cache_size; 1226280297Sjkim ctx->session_cache_size = larg; 1227280297Sjkim return (l); 1228280297Sjkim case SSL_CTRL_GET_SESS_CACHE_SIZE: 1229280297Sjkim return (ctx->session_cache_size); 1230280297Sjkim case SSL_CTRL_SET_SESS_CACHE_MODE: 1231280297Sjkim l = ctx->session_cache_mode; 1232280297Sjkim ctx->session_cache_mode = larg; 1233280297Sjkim return (l); 1234280297Sjkim case SSL_CTRL_GET_SESS_CACHE_MODE: 1235280297Sjkim return (ctx->session_cache_mode); 123655714Skris 1237280297Sjkim case SSL_CTRL_SESS_NUMBER: 1238280297Sjkim return (lh_SSL_SESSION_num_items(ctx->sessions)); 1239280297Sjkim case SSL_CTRL_SESS_CONNECT: 1240280297Sjkim return (ctx->stats.sess_connect); 1241280297Sjkim case SSL_CTRL_SESS_CONNECT_GOOD: 1242280297Sjkim return (ctx->stats.sess_connect_good); 1243280297Sjkim case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: 1244280297Sjkim return (ctx->stats.sess_connect_renegotiate); 1245280297Sjkim case SSL_CTRL_SESS_ACCEPT: 1246280297Sjkim return (ctx->stats.sess_accept); 1247280297Sjkim case SSL_CTRL_SESS_ACCEPT_GOOD: 1248280297Sjkim return (ctx->stats.sess_accept_good); 1249280297Sjkim case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: 1250280297Sjkim return (ctx->stats.sess_accept_renegotiate); 1251280297Sjkim case SSL_CTRL_SESS_HIT: 1252280297Sjkim return (ctx->stats.sess_hit); 1253280297Sjkim case SSL_CTRL_SESS_CB_HIT: 1254280297Sjkim return (ctx->stats.sess_cb_hit); 1255280297Sjkim case SSL_CTRL_SESS_MISSES: 1256280297Sjkim return (ctx->stats.sess_miss); 1257280297Sjkim case SSL_CTRL_SESS_TIMEOUTS: 1258280297Sjkim return (ctx->stats.sess_timeout); 1259280297Sjkim case SSL_CTRL_SESS_CACHE_FULL: 1260280297Sjkim return (ctx->stats.sess_cache_full); 1261280297Sjkim case SSL_CTRL_OPTIONS: 1262280297Sjkim return (ctx->options |= larg); 1263280297Sjkim case SSL_CTRL_CLEAR_OPTIONS: 1264280297Sjkim return (ctx->options &= ~larg); 1265280297Sjkim case SSL_CTRL_MODE: 1266280297Sjkim return (ctx->mode |= larg); 1267280297Sjkim case SSL_CTRL_CLEAR_MODE: 1268280297Sjkim return (ctx->mode &= ~larg); 1269280297Sjkim case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1270280297Sjkim if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1271280297Sjkim return 0; 1272280297Sjkim ctx->max_send_fragment = larg; 1273280297Sjkim return 1; 1274290207Sjkim case SSL_CTRL_CERT_FLAGS: 1275290207Sjkim return (ctx->cert->cert_flags |= larg); 1276290207Sjkim case SSL_CTRL_CLEAR_CERT_FLAGS: 1277290207Sjkim return (ctx->cert->cert_flags &= ~larg); 1278280297Sjkim default: 1279280297Sjkim return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); 1280280297Sjkim } 1281280297Sjkim} 1282109998Smarkm 1283280297Sjkimlong SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) 1284280297Sjkim{ 1285280297Sjkim switch (cmd) { 1286280297Sjkim case SSL_CTRL_SET_MSG_CALLBACK: 1287280297Sjkim ctx->msg_callback = (void (*) 1288280297Sjkim (int write_p, int version, int content_type, 1289280297Sjkim const void *buf, size_t len, SSL *ssl, 1290280297Sjkim void *arg))(fp); 1291280297Sjkim return 1; 129259191Skris 1293280297Sjkim default: 1294280297Sjkim return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp)); 1295280297Sjkim } 1296280297Sjkim} 1297280297Sjkim 129868651Skrisint ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) 1299280297Sjkim{ 1300280297Sjkim long l; 130155714Skris 1302280297Sjkim l = a->id - b->id; 1303280297Sjkim if (l == 0L) 1304280297Sjkim return (0); 1305280297Sjkim else 1306280297Sjkim return ((l > 0) ? 1 : -1); 1307280297Sjkim} 130855714Skris 1309280297Sjkimint ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, 1310280297Sjkim const SSL_CIPHER *const *bp) 1311280297Sjkim{ 1312280297Sjkim long l; 131355714Skris 1314280297Sjkim l = (*ap)->id - (*bp)->id; 1315280297Sjkim if (l == 0L) 1316280297Sjkim return (0); 1317280297Sjkim else 1318280297Sjkim return ((l > 0) ? 1 : -1); 1319280297Sjkim} 132055714Skris 132155714Skris/** return a STACK of the ciphers available for the SSL and in order of 132255714Skris * preference */ 1323160814SsimonSTACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) 1324280297Sjkim{ 1325280297Sjkim if (s != NULL) { 1326280297Sjkim if (s->cipher_list != NULL) { 1327280297Sjkim return (s->cipher_list); 1328280297Sjkim } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) { 1329280297Sjkim return (s->ctx->cipher_list); 1330280297Sjkim } 1331280297Sjkim } 1332280297Sjkim return (NULL); 1333280297Sjkim} 133455714Skris 133555714Skris/** return a STACK of the ciphers available for the SSL and in order of 133655714Skris * algorithm id */ 133755714SkrisSTACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) 1338280297Sjkim{ 1339280297Sjkim if (s != NULL) { 1340280297Sjkim if (s->cipher_list_by_id != NULL) { 1341280297Sjkim return (s->cipher_list_by_id); 1342280297Sjkim } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) { 1343280297Sjkim return (s->ctx->cipher_list_by_id); 1344280297Sjkim } 1345280297Sjkim } 1346280297Sjkim return (NULL); 1347280297Sjkim} 134855714Skris 134955714Skris/** The old interface to get the same thing as SSL_get_ciphers() */ 1350280297Sjkimconst char *SSL_get_cipher_list(const SSL *s, int n) 1351280297Sjkim{ 1352280297Sjkim SSL_CIPHER *c; 1353280297Sjkim STACK_OF(SSL_CIPHER) *sk; 135455714Skris 1355280297Sjkim if (s == NULL) 1356280297Sjkim return (NULL); 1357280297Sjkim sk = SSL_get_ciphers(s); 1358280297Sjkim if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) 1359280297Sjkim return (NULL); 1360280297Sjkim c = sk_SSL_CIPHER_value(sk, n); 1361280297Sjkim if (c == NULL) 1362280297Sjkim return (NULL); 1363280297Sjkim return (c->name); 1364280297Sjkim} 136555714Skris 136659191Skris/** specify the ciphers to be used by default by the SSL_CTX */ 136759191Skrisint SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) 1368280297Sjkim{ 1369280297Sjkim STACK_OF(SSL_CIPHER) *sk; 137055714Skris 1371280297Sjkim sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 1372290207Sjkim &ctx->cipher_list_by_id, str, ctx->cert); 1373280297Sjkim /* 1374280297Sjkim * ssl_create_cipher_list may return an empty stack if it was unable to 1375280297Sjkim * find a cipher matching the given rule string (for example if the rule 1376280297Sjkim * string specifies a cipher which has been disabled). This is not an 1377280297Sjkim * error as far as ssl_create_cipher_list is concerned, and hence 1378280297Sjkim * ctx->cipher_list and ctx->cipher_list_by_id has been updated. 1379280297Sjkim */ 1380280297Sjkim if (sk == NULL) 1381280297Sjkim return 0; 1382280297Sjkim else if (sk_SSL_CIPHER_num(sk) == 0) { 1383280297Sjkim SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1384280297Sjkim return 0; 1385280297Sjkim } 1386280297Sjkim return 1; 1387280297Sjkim} 1388280297Sjkim 138955714Skris/** specify the ciphers to be used by the SSL */ 1390280297Sjkimint SSL_set_cipher_list(SSL *s, const char *str) 1391280297Sjkim{ 1392280297Sjkim STACK_OF(SSL_CIPHER) *sk; 139355714Skris 1394280297Sjkim sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, 1395290207Sjkim &s->cipher_list_by_id, str, s->cert); 1396280297Sjkim /* see comment in SSL_CTX_set_cipher_list */ 1397280297Sjkim if (sk == NULL) 1398280297Sjkim return 0; 1399280297Sjkim else if (sk_SSL_CIPHER_num(sk) == 0) { 1400280297Sjkim SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1401280297Sjkim return 0; 1402280297Sjkim } 1403280297Sjkim return 1; 1404280297Sjkim} 1405280297Sjkim 140655714Skris/* works well for SSLv2, not so good for SSLv3 */ 1407280297Sjkimchar *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) 1408280297Sjkim{ 1409280297Sjkim char *p; 1410280297Sjkim STACK_OF(SSL_CIPHER) *sk; 1411280297Sjkim SSL_CIPHER *c; 1412280297Sjkim int i; 141355714Skris 1414280297Sjkim if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) 1415280297Sjkim return (NULL); 141655714Skris 1417280297Sjkim p = buf; 1418280297Sjkim sk = s->session->ciphers; 1419267256Sjkim 1420280297Sjkim if (sk_SSL_CIPHER_num(sk) == 0) 1421280297Sjkim return NULL; 1422267256Sjkim 1423280297Sjkim for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { 1424280297Sjkim int n; 1425172429Ssimon 1426280297Sjkim c = sk_SSL_CIPHER_value(sk, i); 1427280297Sjkim n = strlen(c->name); 1428280297Sjkim if (n + 1 > len) { 1429280297Sjkim if (p != buf) 1430280297Sjkim --p; 1431280297Sjkim *p = '\0'; 1432280297Sjkim return buf; 1433280297Sjkim } 1434280297Sjkim strcpy(p, c->name); 1435280297Sjkim p += n; 1436280297Sjkim *(p++) = ':'; 1437280297Sjkim len -= n + 1; 1438280297Sjkim } 1439280297Sjkim p[-1] = '\0'; 1440280297Sjkim return (buf); 1441280297Sjkim} 144255714Skris 1443280297Sjkimint ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, 1444280297Sjkim unsigned char *p, 1445280297Sjkim int (*put_cb) (const SSL_CIPHER *, 1446280297Sjkim unsigned char *)) 1447280297Sjkim{ 1448280297Sjkim int i, j = 0; 1449280297Sjkim SSL_CIPHER *c; 1450290207Sjkim CERT *ct = s->cert; 1451280297Sjkim unsigned char *q; 1452290207Sjkim int empty_reneg_info_scsv = !s->renegotiate; 1453290207Sjkim /* Set disabled masks for this session */ 1454290207Sjkim ssl_set_client_disabled(s); 145555714Skris 1456280297Sjkim if (sk == NULL) 1457280297Sjkim return (0); 1458280297Sjkim q = p; 1459280297Sjkim if (put_cb == NULL) 1460280297Sjkim put_cb = s->method->put_cipher_by_char; 146155714Skris 1462280297Sjkim for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { 1463280297Sjkim c = sk_SSL_CIPHER_value(sk, i); 1464290207Sjkim /* Skip disabled ciphers */ 1465290207Sjkim if (c->algorithm_ssl & ct->mask_ssl || 1466290207Sjkim c->algorithm_mkey & ct->mask_k || c->algorithm_auth & ct->mask_a) 1467280297Sjkim continue; 1468290207Sjkim#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL 1469290207Sjkim if (c->id == SSL3_CK_SCSV) { 1470290207Sjkim if (!empty_reneg_info_scsv) 1471290207Sjkim continue; 1472290207Sjkim else 1473290207Sjkim empty_reneg_info_scsv = 0; 1474290207Sjkim } 1475290207Sjkim#endif 1476280297Sjkim j = put_cb(c, p); 1477280297Sjkim p += j; 1478280297Sjkim } 1479280297Sjkim /* 1480280297Sjkim * If p == q, no ciphers; caller indicates an error. Otherwise, add 1481280297Sjkim * applicable SCSVs. 1482280297Sjkim */ 1483280297Sjkim if (p != q) { 1484290207Sjkim if (empty_reneg_info_scsv) { 1485280297Sjkim static SSL_CIPHER scsv = { 1486280297Sjkim 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 1487280297Sjkim }; 1488280297Sjkim j = put_cb(&scsv, p); 1489280297Sjkim p += j; 1490205128Ssimon#ifdef OPENSSL_RI_DEBUG 1491280297Sjkim fprintf(stderr, 1492280297Sjkim "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n"); 1493205128Ssimon#endif 1494280297Sjkim } 1495280297Sjkim if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) { 1496280297Sjkim static SSL_CIPHER scsv = { 1497280297Sjkim 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 1498280297Sjkim }; 1499280297Sjkim j = put_cb(&scsv, p); 1500280297Sjkim p += j; 1501280297Sjkim } 1502280297Sjkim } 1503273144Sjkim 1504280297Sjkim return (p - q); 1505280297Sjkim} 150655714Skris 1507280297SjkimSTACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, 1508280297Sjkim int num, 1509280297Sjkim STACK_OF(SSL_CIPHER) **skp) 1510280297Sjkim{ 1511280297Sjkim const SSL_CIPHER *c; 1512280297Sjkim STACK_OF(SSL_CIPHER) *sk; 1513280297Sjkim int i, n; 1514273144Sjkim 1515280297Sjkim if (s->s3) 1516280297Sjkim s->s3->send_connection_binding = 0; 151755714Skris 1518280297Sjkim n = ssl_put_cipher_by_char(s, NULL, NULL); 1519280297Sjkim if (n == 0 || (num % n) != 0) { 1520280297Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, 1521280297Sjkim SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 1522280297Sjkim return (NULL); 1523280297Sjkim } 1524284283Sjkim if ((skp == NULL) || (*skp == NULL)) { 1525280297Sjkim sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */ 1526284283Sjkim if(sk == NULL) { 1527284283Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1528284283Sjkim return NULL; 1529284283Sjkim } 1530284283Sjkim } else { 1531280297Sjkim sk = *skp; 1532280297Sjkim sk_SSL_CIPHER_zero(sk); 1533280297Sjkim } 153455714Skris 1535290207Sjkim if (s->cert->ciphers_raw) 1536290207Sjkim OPENSSL_free(s->cert->ciphers_raw); 1537290207Sjkim s->cert->ciphers_raw = BUF_memdup(p, num); 1538290207Sjkim if (s->cert->ciphers_raw == NULL) { 1539290207Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1540290207Sjkim goto err; 1541290207Sjkim } 1542290207Sjkim s->cert->ciphers_rawlen = (size_t)num; 1543290207Sjkim 1544280297Sjkim for (i = 0; i < num; i += n) { 1545280297Sjkim /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ 1546280297Sjkim if (s->s3 && (n != 3 || !p[0]) && 1547280297Sjkim (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && 1548280297Sjkim (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { 1549280297Sjkim /* SCSV fatal if renegotiating */ 1550280297Sjkim if (s->renegotiate) { 1551280297Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, 1552280297Sjkim SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); 1553280297Sjkim ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1554280297Sjkim goto err; 1555280297Sjkim } 1556280297Sjkim s->s3->send_connection_binding = 1; 1557280297Sjkim p += n; 1558205128Ssimon#ifdef OPENSSL_RI_DEBUG 1559280297Sjkim fprintf(stderr, "SCSV received by server\n"); 1560205128Ssimon#endif 1561280297Sjkim continue; 1562280297Sjkim } 1563205128Ssimon 1564280297Sjkim /* Check for TLS_FALLBACK_SCSV */ 1565280297Sjkim if ((n != 3 || !p[0]) && 1566280297Sjkim (p[n - 2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) && 1567280297Sjkim (p[n - 1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) { 1568280297Sjkim /* 1569280297Sjkim * The SCSV indicates that the client previously tried a higher 1570280297Sjkim * version. Fail if the current version is an unexpected 1571280297Sjkim * downgrade. 1572280297Sjkim */ 1573280297Sjkim if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) { 1574280297Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, 1575280297Sjkim SSL_R_INAPPROPRIATE_FALLBACK); 1576280297Sjkim if (s->s3) 1577280297Sjkim ssl3_send_alert(s, SSL3_AL_FATAL, 1578280297Sjkim SSL_AD_INAPPROPRIATE_FALLBACK); 1579280297Sjkim goto err; 1580280297Sjkim } 1581280297Sjkim p += n; 1582280297Sjkim continue; 1583280297Sjkim } 1584273144Sjkim 1585280297Sjkim c = ssl_get_cipher_by_char(s, p); 1586280297Sjkim p += n; 1587280297Sjkim if (c != NULL) { 1588280297Sjkim if (!sk_SSL_CIPHER_push(sk, c)) { 1589280297Sjkim SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1590280297Sjkim goto err; 1591280297Sjkim } 1592280297Sjkim } 1593280297Sjkim } 159455714Skris 1595280297Sjkim if (skp != NULL) 1596280297Sjkim *skp = sk; 1597280297Sjkim return (sk); 1598280297Sjkim err: 1599280297Sjkim if ((skp == NULL) || (*skp == NULL)) 1600280297Sjkim sk_SSL_CIPHER_free(sk); 1601280297Sjkim return (NULL); 1602280297Sjkim} 160355714Skris 1604194206Ssimon#ifndef OPENSSL_NO_TLSEXT 1605194206Ssimon/** return a servername extension value if provided in Client Hello, or NULL. 1606194206Ssimon * So far, only host_name types are defined (RFC 3546). 1607194206Ssimon */ 1608194206Ssimon 1609194206Ssimonconst char *SSL_get_servername(const SSL *s, const int type) 1610280297Sjkim{ 1611280297Sjkim if (type != TLSEXT_NAMETYPE_host_name) 1612280297Sjkim return NULL; 1613194206Ssimon 1614280297Sjkim return s->session && !s->tlsext_hostname ? 1615280297Sjkim s->session->tlsext_hostname : s->tlsext_hostname; 1616280297Sjkim} 1617194206Ssimon 1618194206Ssimonint SSL_get_servername_type(const SSL *s) 1619280297Sjkim{ 1620280297Sjkim if (s->session 1621280297Sjkim && (!s->tlsext_hostname ? s->session-> 1622280297Sjkim tlsext_hostname : s->tlsext_hostname)) 1623280297Sjkim return TLSEXT_NAMETYPE_host_name; 1624280297Sjkim return -1; 1625280297Sjkim} 1626238405Sjkim 1627280297Sjkim/* 1628280297Sjkim * SSL_select_next_proto implements the standard protocol selection. It is 1629238405Sjkim * expected that this function is called from the callback set by 1630280297Sjkim * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a 1631280297Sjkim * vector of 8-bit, length prefixed byte strings. The length byte itself is 1632280297Sjkim * not included in the length. A byte string of length 0 is invalid. No byte 1633280297Sjkim * string may be truncated. The current, but experimental algorithm for 1634280297Sjkim * selecting the protocol is: 1) If the server doesn't support NPN then this 1635280297Sjkim * is indicated to the callback. In this case, the client application has to 1636280297Sjkim * abort the connection or have a default application level protocol. 2) If 1637280297Sjkim * the server supports NPN, but advertises an empty list then the client 1638280297Sjkim * selects the first protcol in its list, but indicates via the API that this 1639280297Sjkim * fallback case was enacted. 3) Otherwise, the client finds the first 1640280297Sjkim * protocol in the server's list that it supports and selects this protocol. 1641280297Sjkim * This is because it's assumed that the server has better information about 1642280297Sjkim * which protocol a client should use. 4) If the client doesn't support any 1643280297Sjkim * of the server's advertised protocols, then this is treated the same as 1644280297Sjkim * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was 1645280297Sjkim * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. 1646238405Sjkim */ 1647280297Sjkimint SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 1648280297Sjkim const unsigned char *server, 1649280297Sjkim unsigned int server_len, 1650280297Sjkim const unsigned char *client, 1651280297Sjkim unsigned int client_len) 1652280297Sjkim{ 1653280297Sjkim unsigned int i, j; 1654280297Sjkim const unsigned char *result; 1655280297Sjkim int status = OPENSSL_NPN_UNSUPPORTED; 1656238405Sjkim 1657280297Sjkim /* 1658280297Sjkim * For each protocol in server preference order, see if we support it. 1659280297Sjkim */ 1660280297Sjkim for (i = 0; i < server_len;) { 1661280297Sjkim for (j = 0; j < client_len;) { 1662280297Sjkim if (server[i] == client[j] && 1663280297Sjkim memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { 1664280297Sjkim /* We found a match */ 1665280297Sjkim result = &server[i]; 1666280297Sjkim status = OPENSSL_NPN_NEGOTIATED; 1667280297Sjkim goto found; 1668280297Sjkim } 1669280297Sjkim j += client[j]; 1670280297Sjkim j++; 1671280297Sjkim } 1672280297Sjkim i += server[i]; 1673280297Sjkim i++; 1674280297Sjkim } 1675238405Sjkim 1676280297Sjkim /* There's no overlap between our protocols and the server's list. */ 1677280297Sjkim result = client; 1678280297Sjkim status = OPENSSL_NPN_NO_OVERLAP; 1679238405Sjkim 1680280297Sjkim found: 1681280297Sjkim *out = (unsigned char *)result + 1; 1682280297Sjkim *outlen = result[0]; 1683280297Sjkim return status; 1684280297Sjkim} 1685238405Sjkim 1686290207Sjkim# ifndef OPENSSL_NO_NEXTPROTONEG 1687280297Sjkim/* 1688280297Sjkim * SSL_get0_next_proto_negotiated sets *data and *len to point to the 1689280297Sjkim * client's requested protocol for this connection and returns 0. If the 1690280297Sjkim * client didn't request any protocol, then *data is set to NULL. Note that 1691280297Sjkim * the client can request any protocol it chooses. The value returned from 1692280297Sjkim * this function need not be a member of the list of supported protocols 1693238405Sjkim * provided by the callback. 1694238405Sjkim */ 1695280297Sjkimvoid SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, 1696280297Sjkim unsigned *len) 1697280297Sjkim{ 1698280297Sjkim *data = s->next_proto_negotiated; 1699280297Sjkim if (!*data) { 1700280297Sjkim *len = 0; 1701280297Sjkim } else { 1702280297Sjkim *len = s->next_proto_negotiated_len; 1703280297Sjkim } 1704238405Sjkim} 1705238405Sjkim 1706280297Sjkim/* 1707280297Sjkim * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when 1708280297Sjkim * a TLS server needs a list of supported protocols for Next Protocol 1709280297Sjkim * Negotiation. The returned list must be in wire format. The list is 1710280297Sjkim * returned by setting |out| to point to it and |outlen| to its length. This 1711280297Sjkim * memory will not be modified, but one should assume that the SSL* keeps a 1712280297Sjkim * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it 1713280297Sjkim * wishes to advertise. Otherwise, no such extension will be included in the 1714280297Sjkim * ServerHello. 1715280297Sjkim */ 1716280297Sjkimvoid SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, 1717280297Sjkim int (*cb) (SSL *ssl, 1718280297Sjkim const unsigned char 1719280297Sjkim **out, 1720280297Sjkim unsigned int *outlen, 1721280297Sjkim void *arg), void *arg) 1722280297Sjkim{ 1723280297Sjkim ctx->next_protos_advertised_cb = cb; 1724280297Sjkim ctx->next_protos_advertised_cb_arg = arg; 1725280297Sjkim} 1726238405Sjkim 1727280297Sjkim/* 1728280297Sjkim * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a 1729238405Sjkim * client needs to select a protocol from the server's provided list. |out| 1730238405Sjkim * must be set to point to the selected protocol (which may be within |in|). 1731280297Sjkim * The length of the protocol name must be written into |outlen|. The 1732280297Sjkim * server's advertised protocols are provided in |in| and |inlen|. The 1733280297Sjkim * callback can assume that |in| is syntactically valid. The client must 1734280297Sjkim * select a protocol. It is fatal to the connection if this callback returns 1735280297Sjkim * a value other than SSL_TLSEXT_ERR_OK. 1736238405Sjkim */ 1737280297Sjkimvoid SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, 1738280297Sjkim int (*cb) (SSL *s, unsigned char **out, 1739280297Sjkim unsigned char *outlen, 1740280297Sjkim const unsigned char *in, 1741280297Sjkim unsigned int inlen, 1742280297Sjkim void *arg), void *arg) 1743280297Sjkim{ 1744280297Sjkim ctx->next_proto_select_cb = cb; 1745280297Sjkim ctx->next_proto_select_cb_arg = arg; 1746280297Sjkim} 1747238405Sjkim# endif 1748194206Ssimon 1749290207Sjkim/* 1750290207Sjkim * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. 1751290207Sjkim * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit 1752290207Sjkim * length-prefixed strings). Returns 0 on success. 1753290207Sjkim */ 1754290207Sjkimint SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, 1755290207Sjkim unsigned protos_len) 1756290207Sjkim{ 1757290207Sjkim if (ctx->alpn_client_proto_list) 1758290207Sjkim OPENSSL_free(ctx->alpn_client_proto_list); 1759290207Sjkim 1760290207Sjkim ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len); 1761290207Sjkim if (!ctx->alpn_client_proto_list) 1762290207Sjkim return 1; 1763290207Sjkim memcpy(ctx->alpn_client_proto_list, protos, protos_len); 1764290207Sjkim ctx->alpn_client_proto_list_len = protos_len; 1765290207Sjkim 1766290207Sjkim return 0; 1767290207Sjkim} 1768290207Sjkim 1769290207Sjkim/* 1770290207Sjkim * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|. 1771290207Sjkim * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit 1772290207Sjkim * length-prefixed strings). Returns 0 on success. 1773290207Sjkim */ 1774290207Sjkimint SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, 1775290207Sjkim unsigned protos_len) 1776290207Sjkim{ 1777290207Sjkim if (ssl->alpn_client_proto_list) 1778290207Sjkim OPENSSL_free(ssl->alpn_client_proto_list); 1779290207Sjkim 1780290207Sjkim ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len); 1781290207Sjkim if (!ssl->alpn_client_proto_list) 1782290207Sjkim return 1; 1783290207Sjkim memcpy(ssl->alpn_client_proto_list, protos, protos_len); 1784290207Sjkim ssl->alpn_client_proto_list_len = protos_len; 1785290207Sjkim 1786290207Sjkim return 0; 1787290207Sjkim} 1788290207Sjkim 1789290207Sjkim/* 1790290207Sjkim * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is 1791290207Sjkim * called during ClientHello processing in order to select an ALPN protocol 1792290207Sjkim * from the client's list of offered protocols. 1793290207Sjkim */ 1794290207Sjkimvoid SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, 1795290207Sjkim int (*cb) (SSL *ssl, 1796290207Sjkim const unsigned char **out, 1797290207Sjkim unsigned char *outlen, 1798290207Sjkim const unsigned char *in, 1799290207Sjkim unsigned int inlen, 1800290207Sjkim void *arg), void *arg) 1801290207Sjkim{ 1802290207Sjkim ctx->alpn_select_cb = cb; 1803290207Sjkim ctx->alpn_select_cb_arg = arg; 1804290207Sjkim} 1805290207Sjkim 1806290207Sjkim/* 1807290207Sjkim * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from 1808290207Sjkim * |ssl|. On return it sets |*data| to point to |*len| bytes of protocol name 1809290207Sjkim * (not including the leading length-prefix byte). If the server didn't 1810290207Sjkim * respond with a negotiated protocol then |*len| will be zero. 1811290207Sjkim */ 1812290207Sjkimvoid SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, 1813290207Sjkim unsigned *len) 1814290207Sjkim{ 1815290207Sjkim *data = NULL; 1816290207Sjkim if (ssl->s3) 1817290207Sjkim *data = ssl->s3->alpn_selected; 1818290207Sjkim if (*data == NULL) 1819290207Sjkim *len = 0; 1820290207Sjkim else 1821290207Sjkim *len = ssl->s3->alpn_selected_len; 1822290207Sjkim} 1823290207Sjkim 1824290207Sjkim#endif /* !OPENSSL_NO_TLSEXT */ 1825290207Sjkim 1826238405Sjkimint SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1827280297Sjkim const char *label, size_t llen, 1828280297Sjkim const unsigned char *p, size_t plen, 1829280297Sjkim int use_context) 1830280297Sjkim{ 1831280297Sjkim if (s->version < TLS1_VERSION) 1832280297Sjkim return -1; 1833238405Sjkim 1834280297Sjkim return s->method->ssl3_enc->export_keying_material(s, out, olen, label, 1835280297Sjkim llen, p, plen, 1836280297Sjkim use_context); 1837280297Sjkim} 1838238405Sjkim 1839238405Sjkimstatic unsigned long ssl_session_hash(const SSL_SESSION *a) 1840280297Sjkim{ 1841280297Sjkim unsigned long l; 184255714Skris 1843280297Sjkim l = (unsigned long) 1844280297Sjkim ((unsigned int)a->session_id[0]) | 1845280297Sjkim ((unsigned int)a->session_id[1] << 8L) | 1846280297Sjkim ((unsigned long)a->session_id[2] << 16L) | 1847280297Sjkim ((unsigned long)a->session_id[3] << 24L); 1848280297Sjkim return (l); 1849280297Sjkim} 185055714Skris 1851280297Sjkim/* 1852280297Sjkim * NB: If this function (or indeed the hash function which uses a sort of 1853109998Smarkm * coarser function than this one) is changed, ensure 1854280297Sjkim * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on 1855280297Sjkim * being able to construct an SSL_SESSION that will collide with any existing 1856280297Sjkim * session with a matching session ID. 1857280297Sjkim */ 1858280297Sjkimstatic int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) 1859280297Sjkim{ 1860280297Sjkim if (a->ssl_version != b->ssl_version) 1861280297Sjkim return (1); 1862280297Sjkim if (a->session_id_length != b->session_id_length) 1863280297Sjkim return (1); 1864280297Sjkim return (memcmp(a->session_id, b->session_id, a->session_id_length)); 1865280297Sjkim} 186655714Skris 1867280297Sjkim/* 1868280297Sjkim * These wrapper functions should remain rather than redeclaring 1869109998Smarkm * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each 1870280297Sjkim * variable. The reason is that the functions aren't static, they're exposed 1871280297Sjkim * via ssl.h. 1872280297Sjkim */ 1873238405Sjkimstatic IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) 1874238405Sjkimstatic IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) 1875109998Smarkm 1876238405SjkimSSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) 1877280297Sjkim{ 1878280297Sjkim SSL_CTX *ret = NULL; 1879238405Sjkim 1880280297Sjkim if (meth == NULL) { 1881280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); 1882280297Sjkim return (NULL); 1883280297Sjkim } 1884194206Ssimon#ifdef OPENSSL_FIPS 1885280297Sjkim if (FIPS_mode() && (meth->version < TLS1_VERSION)) { 1886280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 1887280297Sjkim return NULL; 1888280297Sjkim } 1889194206Ssimon#endif 1890194206Ssimon 1891280297Sjkim if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 1892280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 1893280297Sjkim goto err; 1894280297Sjkim } 1895280297Sjkim ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); 1896280297Sjkim if (ret == NULL) 1897280297Sjkim goto err; 189855714Skris 1899280297Sjkim memset(ret, 0, sizeof(SSL_CTX)); 190055714Skris 1901280297Sjkim ret->method = meth; 190255714Skris 1903280297Sjkim ret->cert_store = NULL; 1904280297Sjkim ret->session_cache_mode = SSL_SESS_CACHE_SERVER; 1905280297Sjkim ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 1906280297Sjkim ret->session_cache_head = NULL; 1907280297Sjkim ret->session_cache_tail = NULL; 190855714Skris 1909280297Sjkim /* We take the system default */ 1910280297Sjkim ret->session_timeout = meth->get_timeout(); 191155714Skris 1912280297Sjkim ret->new_session_cb = 0; 1913280297Sjkim ret->remove_session_cb = 0; 1914280297Sjkim ret->get_session_cb = 0; 1915280297Sjkim ret->generate_session_id = 0; 191655714Skris 1917280297Sjkim memset((char *)&ret->stats, 0, sizeof(ret->stats)); 191855714Skris 1919280297Sjkim ret->references = 1; 1920280297Sjkim ret->quiet_shutdown = 0; 192155714Skris 1922280297Sjkim/* ret->cipher=NULL;*/ 1923280297Sjkim/*- 1924280297Sjkim ret->s2->challenge=NULL; 1925280297Sjkim ret->master_key=NULL; 1926280297Sjkim ret->key_arg=NULL; 1927280297Sjkim ret->s2->conn_id=NULL; */ 192855714Skris 1929280297Sjkim ret->info_callback = NULL; 193055714Skris 1931280297Sjkim ret->app_verify_callback = 0; 1932280297Sjkim ret->app_verify_arg = NULL; 193355714Skris 1934280297Sjkim ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; 1935280297Sjkim ret->read_ahead = 0; 1936280297Sjkim ret->msg_callback = 0; 1937280297Sjkim ret->msg_callback_arg = NULL; 1938280297Sjkim ret->verify_mode = SSL_VERIFY_NONE; 1939160814Ssimon#if 0 1940280297Sjkim ret->verify_depth = -1; /* Don't impose a limit (but x509_lu.c does) */ 1941160814Ssimon#endif 1942280297Sjkim ret->sid_ctx_length = 0; 1943280297Sjkim ret->default_verify_callback = NULL; 1944280297Sjkim if ((ret->cert = ssl_cert_new()) == NULL) 1945280297Sjkim goto err; 194655714Skris 1947280297Sjkim ret->default_passwd_callback = 0; 1948280297Sjkim ret->default_passwd_callback_userdata = NULL; 1949280297Sjkim ret->client_cert_cb = 0; 1950280297Sjkim ret->app_gen_cookie_cb = 0; 1951280297Sjkim ret->app_verify_cookie_cb = 0; 195255714Skris 1953280297Sjkim ret->sessions = lh_SSL_SESSION_new(); 1954280297Sjkim if (ret->sessions == NULL) 1955280297Sjkim goto err; 1956280297Sjkim ret->cert_store = X509_STORE_new(); 1957280297Sjkim if (ret->cert_store == NULL) 1958280297Sjkim goto err; 195955714Skris 1960280297Sjkim ssl_create_cipher_list(ret->method, 1961280297Sjkim &ret->cipher_list, &ret->cipher_list_by_id, 1962280297Sjkim meth->version == 1963290207Sjkim SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, 1964290207Sjkim ret->cert); 1965280297Sjkim if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { 1966280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); 1967280297Sjkim goto err2; 1968280297Sjkim } 196955714Skris 1970280297Sjkim ret->param = X509_VERIFY_PARAM_new(); 1971280297Sjkim if (!ret->param) 1972280297Sjkim goto err; 1973160814Ssimon 1974280297Sjkim if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) { 1975280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); 1976280297Sjkim goto err2; 1977280297Sjkim } 1978280297Sjkim if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { 1979280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); 1980280297Sjkim goto err2; 1981280297Sjkim } 1982280297Sjkim if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { 1983280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); 1984280297Sjkim goto err2; 1985280297Sjkim } 198655714Skris 1987280297Sjkim if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) 1988280297Sjkim goto err; 198955714Skris 1990280297Sjkim CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); 199155714Skris 1992280297Sjkim ret->extra_certs = NULL; 1993280297Sjkim /* No compression for DTLS */ 1994291719Sjkim if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)) 1995280297Sjkim ret->comp_methods = SSL_COMP_get_compression_methods(); 199655714Skris 1997280297Sjkim ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1998238405Sjkim 1999194206Ssimon#ifndef OPENSSL_NO_TLSEXT 2000280297Sjkim ret->tlsext_servername_callback = 0; 2001280297Sjkim ret->tlsext_servername_arg = NULL; 2002280297Sjkim /* Setup RFC4507 ticket keys */ 2003280297Sjkim if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) 2004280297Sjkim || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) 2005280297Sjkim || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) 2006280297Sjkim ret->options |= SSL_OP_NO_TICKET; 2007194206Ssimon 2008280297Sjkim ret->tlsext_status_cb = 0; 2009280297Sjkim ret->tlsext_status_arg = NULL; 2010194206Ssimon 2011238405Sjkim# ifndef OPENSSL_NO_NEXTPROTONEG 2012280297Sjkim ret->next_protos_advertised_cb = 0; 2013280297Sjkim ret->next_proto_select_cb = 0; 2014238405Sjkim# endif 2015194206Ssimon#endif 2016238405Sjkim#ifndef OPENSSL_NO_PSK 2017280297Sjkim ret->psk_identity_hint = NULL; 2018280297Sjkim ret->psk_client_callback = NULL; 2019280297Sjkim ret->psk_server_callback = NULL; 2020238405Sjkim#endif 2021238405Sjkim#ifndef OPENSSL_NO_SRP 2022280297Sjkim SSL_CTX_SRP_CTX_init(ret); 2023238405Sjkim#endif 2024238405Sjkim#ifndef OPENSSL_NO_BUF_FREELISTS 2025280297Sjkim ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; 2026280297Sjkim ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); 2027280297Sjkim if (!ret->rbuf_freelist) 2028280297Sjkim goto err; 2029280297Sjkim ret->rbuf_freelist->chunklen = 0; 2030280297Sjkim ret->rbuf_freelist->len = 0; 2031280297Sjkim ret->rbuf_freelist->head = NULL; 2032280297Sjkim ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); 2033280297Sjkim if (!ret->wbuf_freelist) { 2034280297Sjkim OPENSSL_free(ret->rbuf_freelist); 2035280297Sjkim goto err; 2036280297Sjkim } 2037280297Sjkim ret->wbuf_freelist->chunklen = 0; 2038280297Sjkim ret->wbuf_freelist->len = 0; 2039280297Sjkim ret->wbuf_freelist->head = NULL; 2040238405Sjkim#endif 2041194206Ssimon#ifndef OPENSSL_NO_ENGINE 2042280297Sjkim ret->client_cert_engine = NULL; 2043280297Sjkim# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO 2044280297Sjkim# define eng_strx(x) #x 2045280297Sjkim# define eng_str(x) eng_strx(x) 2046280297Sjkim /* Use specific client engine automatically... ignore errors */ 2047280297Sjkim { 2048280297Sjkim ENGINE *eng; 2049280297Sjkim eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 2050280297Sjkim if (!eng) { 2051280297Sjkim ERR_clear_error(); 2052280297Sjkim ENGINE_load_builtin_engines(); 2053280297Sjkim eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 2054280297Sjkim } 2055280297Sjkim if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) 2056280297Sjkim ERR_clear_error(); 2057280297Sjkim } 2058280297Sjkim# endif 2059194206Ssimon#endif 2060280297Sjkim /* 2061280297Sjkim * Default is to connect to non-RI servers. When RI is more widely 2062280297Sjkim * deployed might change this. 2063280297Sjkim */ 2064280297Sjkim ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; 2065194206Ssimon 2066296279Sjkim /* 2067296279Sjkim * Disable SSLv2 by default, callers that want to enable SSLv2 will have to 2068296279Sjkim * explicitly clear this option via either of SSL_CTX_clear_options() or 2069296279Sjkim * SSL_clear_options(). 2070296279Sjkim */ 2071296279Sjkim ret->options |= SSL_OP_NO_SSLv2; 2072296279Sjkim 2073280297Sjkim return (ret); 2074280297Sjkim err: 2075280297Sjkim SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); 2076280297Sjkim err2: 2077280297Sjkim if (ret != NULL) 2078280297Sjkim SSL_CTX_free(ret); 2079280297Sjkim return (NULL); 2080280297Sjkim} 208155714Skris 2082109998Smarkm#if 0 208355714Skrisstatic void SSL_COMP_free(SSL_COMP *comp) 2084280297Sjkim{ 2085280297Sjkim OPENSSL_free(comp); 2086280297Sjkim} 2087109998Smarkm#endif 208855714Skris 2089238405Sjkim#ifndef OPENSSL_NO_BUF_FREELISTS 2090280297Sjkimstatic void ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) 2091280297Sjkim{ 2092280297Sjkim SSL3_BUF_FREELIST_ENTRY *ent, *next; 2093280297Sjkim for (ent = list->head; ent; ent = next) { 2094280297Sjkim next = ent->next; 2095280297Sjkim OPENSSL_free(ent); 2096280297Sjkim } 2097280297Sjkim OPENSSL_free(list); 2098280297Sjkim} 2099238405Sjkim#endif 2100238405Sjkim 210155714Skrisvoid SSL_CTX_free(SSL_CTX *a) 2102280297Sjkim{ 2103280297Sjkim int i; 210455714Skris 2105280297Sjkim if (a == NULL) 2106280297Sjkim return; 210755714Skris 2108280297Sjkim i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX); 210955714Skris#ifdef REF_PRINT 2110280297Sjkim REF_PRINT("SSL_CTX", a); 211155714Skris#endif 2112280297Sjkim if (i > 0) 2113280297Sjkim return; 211455714Skris#ifdef REF_CHECK 2115280297Sjkim if (i < 0) { 2116280297Sjkim fprintf(stderr, "SSL_CTX_free, bad reference count\n"); 2117280297Sjkim abort(); /* ok */ 2118280297Sjkim } 211955714Skris#endif 212055714Skris 2121280297Sjkim if (a->param) 2122280297Sjkim X509_VERIFY_PARAM_free(a->param); 2123160814Ssimon 2124280297Sjkim /* 2125280297Sjkim * Free internal session cache. However: the remove_cb() may reference 2126280297Sjkim * the ex_data of SSL_CTX, thus the ex_data store can only be removed 2127280297Sjkim * after the sessions were flushed. 2128280297Sjkim * As the ex_data handling routines might also touch the session cache, 2129280297Sjkim * the most secure solution seems to be: empty (flush) the cache, then 2130280297Sjkim * free ex_data, then finally free the cache. 2131280297Sjkim * (See ticket [openssl.org #212].) 2132280297Sjkim */ 2133280297Sjkim if (a->sessions != NULL) 2134280297Sjkim SSL_CTX_flush_sessions(a, 0); 2135109998Smarkm 2136280297Sjkim CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); 2137109998Smarkm 2138280297Sjkim if (a->sessions != NULL) 2139280297Sjkim lh_SSL_SESSION_free(a->sessions); 2140109998Smarkm 2141280297Sjkim if (a->cert_store != NULL) 2142280297Sjkim X509_STORE_free(a->cert_store); 2143280297Sjkim if (a->cipher_list != NULL) 2144280297Sjkim sk_SSL_CIPHER_free(a->cipher_list); 2145280297Sjkim if (a->cipher_list_by_id != NULL) 2146280297Sjkim sk_SSL_CIPHER_free(a->cipher_list_by_id); 2147280297Sjkim if (a->cert != NULL) 2148280297Sjkim ssl_cert_free(a->cert); 2149280297Sjkim if (a->client_CA != NULL) 2150280297Sjkim sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); 2151280297Sjkim if (a->extra_certs != NULL) 2152280297Sjkim sk_X509_pop_free(a->extra_certs, X509_free); 2153280297Sjkim#if 0 /* This should never be done, since it 2154280297Sjkim * removes a global database */ 2155280297Sjkim if (a->comp_methods != NULL) 2156280297Sjkim sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free); 2157109998Smarkm#else 2158280297Sjkim a->comp_methods = NULL; 2159109998Smarkm#endif 2160238405Sjkim 2161246772Sjkim#ifndef OPENSSL_NO_SRTP 2162280297Sjkim if (a->srtp_profiles) 2163280297Sjkim sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); 2164246772Sjkim#endif 2165238405Sjkim 2166238405Sjkim#ifndef OPENSSL_NO_PSK 2167280297Sjkim if (a->psk_identity_hint) 2168280297Sjkim OPENSSL_free(a->psk_identity_hint); 2169238405Sjkim#endif 2170238405Sjkim#ifndef OPENSSL_NO_SRP 2171280297Sjkim SSL_CTX_SRP_CTX_free(a); 2172238405Sjkim#endif 2173194206Ssimon#ifndef OPENSSL_NO_ENGINE 2174280297Sjkim if (a->client_cert_engine) 2175280297Sjkim ENGINE_finish(a->client_cert_engine); 2176194206Ssimon#endif 2177238405Sjkim 2178238405Sjkim#ifndef OPENSSL_NO_BUF_FREELISTS 2179280297Sjkim if (a->wbuf_freelist) 2180280297Sjkim ssl_buf_freelist_free(a->wbuf_freelist); 2181280297Sjkim if (a->rbuf_freelist) 2182280297Sjkim ssl_buf_freelist_free(a->rbuf_freelist); 2183238405Sjkim#endif 2184290207Sjkim#ifndef OPENSSL_NO_TLSEXT 2185290207Sjkim# ifndef OPENSSL_NO_EC 2186290207Sjkim if (a->tlsext_ecpointformatlist) 2187290207Sjkim OPENSSL_free(a->tlsext_ecpointformatlist); 2188290207Sjkim if (a->tlsext_ellipticcurvelist) 2189290207Sjkim OPENSSL_free(a->tlsext_ellipticcurvelist); 2190290207Sjkim# endif /* OPENSSL_NO_EC */ 2191290207Sjkim if (a->alpn_client_proto_list != NULL) 2192290207Sjkim OPENSSL_free(a->alpn_client_proto_list); 2193290207Sjkim#endif 2194238405Sjkim 2195280297Sjkim OPENSSL_free(a); 2196280297Sjkim} 219755714Skris 219855714Skrisvoid SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) 2199280297Sjkim{ 2200280297Sjkim ctx->default_passwd_callback = cb; 2201280297Sjkim} 220255714Skris 2203280297Sjkimvoid SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 2204280297Sjkim{ 2205280297Sjkim ctx->default_passwd_callback_userdata = u; 2206280297Sjkim} 220755714Skris 2208280297Sjkimvoid SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 2209280297Sjkim int (*cb) (X509_STORE_CTX *, void *), 2210280297Sjkim void *arg) 2211280297Sjkim{ 2212280297Sjkim ctx->app_verify_callback = cb; 2213280297Sjkim ctx->app_verify_arg = arg; 2214280297Sjkim} 221555714Skris 2216280297Sjkimvoid SSL_CTX_set_verify(SSL_CTX *ctx, int mode, 2217280297Sjkim int (*cb) (int, X509_STORE_CTX *)) 2218280297Sjkim{ 2219280297Sjkim ctx->verify_mode = mode; 2220280297Sjkim ctx->default_verify_callback = cb; 2221280297Sjkim} 222255714Skris 2223280297Sjkimvoid SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) 2224280297Sjkim{ 2225280297Sjkim X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2226280297Sjkim} 222755714Skris 2228290207Sjkimvoid SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), 2229290207Sjkim void *arg) 2230290207Sjkim{ 2231290207Sjkim ssl_cert_set_cert_cb(c->cert, cb, arg); 2232290207Sjkim} 2233290207Sjkim 2234290207Sjkimvoid SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) 2235290207Sjkim{ 2236290207Sjkim ssl_cert_set_cert_cb(s->cert, cb, arg); 2237290207Sjkim} 2238290207Sjkim 2239238405Sjkimvoid ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) 2240280297Sjkim{ 2241280297Sjkim CERT_PKEY *cpk; 2242280297Sjkim int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; 2243280297Sjkim int rsa_enc_export, dh_rsa_export, dh_dsa_export; 2244280297Sjkim int rsa_tmp_export, dh_tmp_export, kl; 2245280297Sjkim unsigned long mask_k, mask_a, emask_k, emask_a; 2246280297Sjkim#ifndef OPENSSL_NO_ECDSA 2247280297Sjkim int have_ecc_cert, ecdsa_ok, ecc_pkey_size; 2248280297Sjkim#endif 2249160814Ssimon#ifndef OPENSSL_NO_ECDH 2250280297Sjkim int have_ecdh_tmp, ecdh_ok; 2251160814Ssimon#endif 2252280297Sjkim#ifndef OPENSSL_NO_EC 2253280297Sjkim X509 *x = NULL; 2254280297Sjkim EVP_PKEY *ecc_pkey = NULL; 2255280297Sjkim int signature_nid = 0, pk_nid = 0, md_nid = 0; 2256280297Sjkim#endif 2257280297Sjkim if (c == NULL) 2258280297Sjkim return; 225955714Skris 2260280297Sjkim kl = SSL_C_EXPORT_PKEYLENGTH(cipher); 226155714Skris 2262109998Smarkm#ifndef OPENSSL_NO_RSA 2263280297Sjkim rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); 2264280297Sjkim rsa_tmp_export = (c->rsa_tmp_cb != NULL || 2265280297Sjkim (rsa_tmp && RSA_size(c->rsa_tmp) * 8 <= kl)); 226655714Skris#else 2267280297Sjkim rsa_tmp = rsa_tmp_export = 0; 226855714Skris#endif 2269109998Smarkm#ifndef OPENSSL_NO_DH 2270280297Sjkim dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); 2271280297Sjkim dh_tmp_export = (c->dh_tmp_cb != NULL || 2272280297Sjkim (dh_tmp && DH_size(c->dh_tmp) * 8 <= kl)); 227355714Skris#else 2274280297Sjkim dh_tmp = dh_tmp_export = 0; 227555714Skris#endif 227655714Skris 2277160814Ssimon#ifndef OPENSSL_NO_ECDH 2278290207Sjkim have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto); 2279160814Ssimon#endif 2280280297Sjkim cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); 2281290207Sjkim rsa_enc = cpk->valid_flags & CERT_PKEY_VALID; 2282280297Sjkim rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); 2283280297Sjkim cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); 2284290207Sjkim rsa_sign = cpk->valid_flags & CERT_PKEY_SIGN; 2285280297Sjkim cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); 2286290207Sjkim dsa_sign = cpk->valid_flags & CERT_PKEY_SIGN; 2287280297Sjkim cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); 2288290207Sjkim dh_rsa = cpk->valid_flags & CERT_PKEY_VALID; 2289280297Sjkim dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); 2290280297Sjkim cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); 229155714Skris/* FIX THIS EAY EAY EAY */ 2292290207Sjkim dh_dsa = cpk->valid_flags & CERT_PKEY_VALID; 2293280297Sjkim dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); 2294280297Sjkim cpk = &(c->pkeys[SSL_PKEY_ECC]); 2295280297Sjkim#ifndef OPENSSL_NO_EC 2296290207Sjkim have_ecc_cert = cpk->valid_flags & CERT_PKEY_VALID; 2297280297Sjkim#endif 2298280297Sjkim mask_k = 0; 2299280297Sjkim mask_a = 0; 2300280297Sjkim emask_k = 0; 2301280297Sjkim emask_a = 0; 230255714Skris 230355714Skris#ifdef CIPHER_DEBUG 2304280297Sjkim fprintf(stderr, 2305280297Sjkim "rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", 2306280297Sjkim rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, rsa_enc, 2307280297Sjkim rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); 230855714Skris#endif 230955714Skris 2310280297Sjkim cpk = &(c->pkeys[SSL_PKEY_GOST01]); 2311280297Sjkim if (cpk->x509 != NULL && cpk->privatekey != NULL) { 2312280297Sjkim mask_k |= SSL_kGOST; 2313280297Sjkim mask_a |= SSL_aGOST01; 2314280297Sjkim } 2315280297Sjkim cpk = &(c->pkeys[SSL_PKEY_GOST94]); 2316280297Sjkim if (cpk->x509 != NULL && cpk->privatekey != NULL) { 2317280297Sjkim mask_k |= SSL_kGOST; 2318280297Sjkim mask_a |= SSL_aGOST94; 2319280297Sjkim } 232055714Skris 2321280297Sjkim if (rsa_enc || (rsa_tmp && rsa_sign)) 2322280297Sjkim mask_k |= SSL_kRSA; 2323280297Sjkim if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) 2324280297Sjkim emask_k |= SSL_kRSA; 2325280297Sjkim 232655714Skris#if 0 2327280297Sjkim /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ 2328280297Sjkim if ((dh_tmp || dh_rsa || dh_dsa) && (rsa_enc || rsa_sign || dsa_sign)) 2329280297Sjkim mask_k |= SSL_kEDH; 2330280297Sjkim if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && 2331280297Sjkim (rsa_enc || rsa_sign || dsa_sign)) 2332280297Sjkim emask_k |= SSL_kEDH; 233355714Skris#endif 233455714Skris 2335280297Sjkim if (dh_tmp_export) 2336280297Sjkim emask_k |= SSL_kEDH; 233755714Skris 2338280297Sjkim if (dh_tmp) 2339280297Sjkim mask_k |= SSL_kEDH; 234055714Skris 2341280297Sjkim if (dh_rsa) 2342280297Sjkim mask_k |= SSL_kDHr; 2343280297Sjkim if (dh_rsa_export) 2344280297Sjkim emask_k |= SSL_kDHr; 234555714Skris 2346280297Sjkim if (dh_dsa) 2347280297Sjkim mask_k |= SSL_kDHd; 2348280297Sjkim if (dh_dsa_export) 2349280297Sjkim emask_k |= SSL_kDHd; 235055714Skris 2351290207Sjkim if (mask_k & (SSL_kDHr | SSL_kDHd)) 2352290207Sjkim mask_a |= SSL_aDH; 2353290207Sjkim 2354280297Sjkim if (rsa_enc || rsa_sign) { 2355280297Sjkim mask_a |= SSL_aRSA; 2356280297Sjkim emask_a |= SSL_aRSA; 2357280297Sjkim } 235855714Skris 2359280297Sjkim if (dsa_sign) { 2360280297Sjkim mask_a |= SSL_aDSS; 2361280297Sjkim emask_a |= SSL_aDSS; 2362280297Sjkim } 236355714Skris 2364280297Sjkim mask_a |= SSL_aNULL; 2365280297Sjkim emask_a |= SSL_aNULL; 236655714Skris 2367109998Smarkm#ifndef OPENSSL_NO_KRB5 2368280297Sjkim mask_k |= SSL_kKRB5; 2369280297Sjkim mask_a |= SSL_aKRB5; 2370280297Sjkim emask_k |= SSL_kKRB5; 2371280297Sjkim emask_a |= SSL_aKRB5; 2372109998Smarkm#endif 2373109998Smarkm 2374280297Sjkim /* 2375280297Sjkim * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites 2376280297Sjkim * depending on the key usage extension. 2377280297Sjkim */ 2378280297Sjkim#ifndef OPENSSL_NO_EC 2379280297Sjkim if (have_ecc_cert) { 2380290207Sjkim cpk = &c->pkeys[SSL_PKEY_ECC]; 2381290207Sjkim x = cpk->x509; 2382280297Sjkim /* This call populates extension flags (ex_flags) */ 2383280297Sjkim X509_check_purpose(x, -1, 0); 2384290207Sjkim# ifndef OPENSSL_NO_ECDH 2385280297Sjkim ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2386280297Sjkim (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; 2387290207Sjkim# endif 2388280297Sjkim ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2389280297Sjkim (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; 2390290207Sjkim if (!(cpk->valid_flags & CERT_PKEY_SIGN)) 2391290207Sjkim ecdsa_ok = 0; 2392280297Sjkim ecc_pkey = X509_get_pubkey(x); 2393280297Sjkim ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0; 2394280297Sjkim EVP_PKEY_free(ecc_pkey); 2395280297Sjkim if ((x->sig_alg) && (x->sig_alg->algorithm)) { 2396280297Sjkim signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2397280297Sjkim OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2398280297Sjkim } 2399290207Sjkim# ifndef OPENSSL_NO_ECDH 2400280297Sjkim if (ecdh_ok) { 2401238405Sjkim 2402280297Sjkim if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { 2403280297Sjkim mask_k |= SSL_kECDHr; 2404280297Sjkim mask_a |= SSL_aECDH; 2405280297Sjkim if (ecc_pkey_size <= 163) { 2406280297Sjkim emask_k |= SSL_kECDHr; 2407280297Sjkim emask_a |= SSL_aECDH; 2408280297Sjkim } 2409280297Sjkim } 2410238405Sjkim 2411280297Sjkim if (pk_nid == NID_X9_62_id_ecPublicKey) { 2412280297Sjkim mask_k |= SSL_kECDHe; 2413280297Sjkim mask_a |= SSL_aECDH; 2414280297Sjkim if (ecc_pkey_size <= 163) { 2415280297Sjkim emask_k |= SSL_kECDHe; 2416280297Sjkim emask_a |= SSL_aECDH; 2417280297Sjkim } 2418280297Sjkim } 2419280297Sjkim } 2420290207Sjkim# endif 2421290207Sjkim# ifndef OPENSSL_NO_ECDSA 2422280297Sjkim if (ecdsa_ok) { 2423280297Sjkim mask_a |= SSL_aECDSA; 2424280297Sjkim emask_a |= SSL_aECDSA; 2425280297Sjkim } 2426290207Sjkim# endif 2427280297Sjkim } 2428280297Sjkim#endif 2429290207Sjkim 2430160814Ssimon#ifndef OPENSSL_NO_ECDH 2431280297Sjkim if (have_ecdh_tmp) { 2432280297Sjkim mask_k |= SSL_kEECDH; 2433280297Sjkim emask_k |= SSL_kEECDH; 2434280297Sjkim } 2435160814Ssimon#endif 2436238405Sjkim 2437238405Sjkim#ifndef OPENSSL_NO_PSK 2438280297Sjkim mask_k |= SSL_kPSK; 2439280297Sjkim mask_a |= SSL_aPSK; 2440280297Sjkim emask_k |= SSL_kPSK; 2441280297Sjkim emask_a |= SSL_aPSK; 2442238405Sjkim#endif 2443238405Sjkim 2444280297Sjkim c->mask_k = mask_k; 2445280297Sjkim c->mask_a = mask_a; 2446280297Sjkim c->export_mask_k = emask_k; 2447280297Sjkim c->export_mask_a = emask_a; 2448280297Sjkim c->valid = 1; 2449280297Sjkim} 245055714Skris 2451160814Ssimon/* This handy macro borrowed from crypto/x509v3/v3_purp.c */ 2452160814Ssimon#define ku_reject(x, usage) \ 2453280297Sjkim (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) 2454160814Ssimon 2455238405Sjkim#ifndef OPENSSL_NO_EC 2456238405Sjkim 2457238405Sjkimint ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 2458280297Sjkim{ 2459280297Sjkim unsigned long alg_k, alg_a; 2460280297Sjkim EVP_PKEY *pkey = NULL; 2461280297Sjkim int keysize = 0; 2462280297Sjkim int signature_nid = 0, md_nid = 0, pk_nid = 0; 2463280297Sjkim const SSL_CIPHER *cs = s->s3->tmp.new_cipher; 2464160814Ssimon 2465280297Sjkim alg_k = cs->algorithm_mkey; 2466280297Sjkim alg_a = cs->algorithm_auth; 2467238405Sjkim 2468280297Sjkim if (SSL_C_IS_EXPORT(cs)) { 2469280297Sjkim /* ECDH key length in export ciphers must be <= 163 bits */ 2470280297Sjkim pkey = X509_get_pubkey(x); 2471280297Sjkim if (pkey == NULL) 2472280297Sjkim return 0; 2473280297Sjkim keysize = EVP_PKEY_bits(pkey); 2474280297Sjkim EVP_PKEY_free(pkey); 2475280297Sjkim if (keysize > 163) 2476280297Sjkim return 0; 2477280297Sjkim } 2478160814Ssimon 2479280297Sjkim /* This call populates the ex_flags field correctly */ 2480280297Sjkim X509_check_purpose(x, -1, 0); 2481280297Sjkim if ((x->sig_alg) && (x->sig_alg->algorithm)) { 2482280297Sjkim signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2483280297Sjkim OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2484280297Sjkim } 2485280297Sjkim if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { 2486280297Sjkim /* key usage, if present, must allow key agreement */ 2487280297Sjkim if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { 2488280297Sjkim SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 2489280297Sjkim SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); 2490280297Sjkim return 0; 2491280297Sjkim } 2492280297Sjkim if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { 2493280297Sjkim /* signature alg must be ECDSA */ 2494280297Sjkim if (pk_nid != NID_X9_62_id_ecPublicKey) { 2495280297Sjkim SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 2496280297Sjkim SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); 2497280297Sjkim return 0; 2498280297Sjkim } 2499280297Sjkim } 2500280297Sjkim if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { 2501280297Sjkim /* signature alg must be RSA */ 2502238405Sjkim 2503280297Sjkim if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { 2504280297Sjkim SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 2505280297Sjkim SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); 2506280297Sjkim return 0; 2507280297Sjkim } 2508280297Sjkim } 2509280297Sjkim } 2510280297Sjkim if (alg_a & SSL_aECDSA) { 2511280297Sjkim /* key usage, if present, must allow signing */ 2512280297Sjkim if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { 2513280297Sjkim SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 2514280297Sjkim SSL_R_ECC_CERT_NOT_FOR_SIGNING); 2515280297Sjkim return 0; 2516280297Sjkim } 2517280297Sjkim } 2518160814Ssimon 2519280297Sjkim return 1; /* all checks are ok */ 2520280297Sjkim} 2521160814Ssimon 2522238405Sjkim#endif 2523238405Sjkim 2524290207Sjkimstatic int ssl_get_server_cert_index(const SSL *s) 2525290207Sjkim{ 2526290207Sjkim int idx; 2527290207Sjkim idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); 2528290207Sjkim if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509) 2529290207Sjkim idx = SSL_PKEY_RSA_SIGN; 2530290207Sjkim if (idx == -1) 2531290207Sjkim SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX, ERR_R_INTERNAL_ERROR); 2532290207Sjkim return idx; 2533290207Sjkim} 2534290207Sjkim 2535246772SjkimCERT_PKEY *ssl_get_server_send_pkey(const SSL *s) 2536280297Sjkim{ 2537280297Sjkim CERT *c; 2538280297Sjkim int i; 253955714Skris 2540280297Sjkim c = s->cert; 2541290207Sjkim if (!s->s3 || !s->s3->tmp.new_cipher) 2542290207Sjkim return NULL; 2543280297Sjkim ssl_set_cert_masks(c, s->s3->tmp.new_cipher); 254455714Skris 2545290207Sjkim#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL 2546290207Sjkim /* 2547290207Sjkim * Broken protocol test: return last used certificate: which may mismatch 2548290207Sjkim * the one expected. 2549290207Sjkim */ 2550290207Sjkim if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) 2551290207Sjkim return c->key; 2552290207Sjkim#endif 2553160814Ssimon 2554290207Sjkim i = ssl_get_server_cert_index(s); 255555714Skris 2556290207Sjkim /* This may or may not be an error. */ 2557290207Sjkim if (i < 0) 2558290207Sjkim return NULL; 2559280297Sjkim 2560290207Sjkim /* May be NULL. */ 2561290207Sjkim return &c->pkeys[i]; 2562280297Sjkim} 2563280297Sjkim 2564280297SjkimEVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, 2565280297Sjkim const EVP_MD **pmd) 2566280297Sjkim{ 2567280297Sjkim unsigned long alg_a; 2568280297Sjkim CERT *c; 2569280297Sjkim int idx = -1; 257055714Skris 2571280297Sjkim alg_a = cipher->algorithm_auth; 2572280297Sjkim c = s->cert; 257355714Skris 2574290207Sjkim#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL 2575290207Sjkim /* 2576290207Sjkim * Broken protocol test: use last key: which may mismatch the one 2577290207Sjkim * expected. 2578290207Sjkim */ 2579290207Sjkim if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) 2580290207Sjkim idx = c->key - c->pkeys; 2581290207Sjkim else 2582290207Sjkim#endif 2583290207Sjkim 2584280297Sjkim if ((alg_a & SSL_aDSS) && 2585290207Sjkim (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) 2586280297Sjkim idx = SSL_PKEY_DSA_SIGN; 2587280297Sjkim else if (alg_a & SSL_aRSA) { 2588280297Sjkim if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) 2589280297Sjkim idx = SSL_PKEY_RSA_SIGN; 2590280297Sjkim else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) 2591280297Sjkim idx = SSL_PKEY_RSA_ENC; 2592280297Sjkim } else if ((alg_a & SSL_aECDSA) && 2593280297Sjkim (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) 2594280297Sjkim idx = SSL_PKEY_ECC; 2595280297Sjkim if (idx == -1) { 2596280297Sjkim SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); 2597280297Sjkim return (NULL); 2598280297Sjkim } 2599280297Sjkim if (pmd) 2600280297Sjkim *pmd = c->pkeys[idx].digest; 2601280297Sjkim return c->pkeys[idx].privatekey; 2602280297Sjkim} 260355714Skris 2604290207Sjkim#ifndef OPENSSL_NO_TLSEXT 2605290207Sjkimint ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, 2606290207Sjkim size_t *serverinfo_length) 2607290207Sjkim{ 2608290207Sjkim CERT *c = NULL; 2609290207Sjkim int i = 0; 2610290207Sjkim *serverinfo_length = 0; 2611290207Sjkim 2612290207Sjkim c = s->cert; 2613290207Sjkim i = ssl_get_server_cert_index(s); 2614290207Sjkim 2615290207Sjkim if (i == -1) 2616290207Sjkim return 0; 2617290207Sjkim if (c->pkeys[i].serverinfo == NULL) 2618290207Sjkim return 0; 2619290207Sjkim 2620290207Sjkim *serverinfo = c->pkeys[i].serverinfo; 2621290207Sjkim *serverinfo_length = c->pkeys[i].serverinfo_length; 2622290207Sjkim return 1; 2623290207Sjkim} 2624290207Sjkim#endif 2625290207Sjkim 2626280297Sjkimvoid ssl_update_cache(SSL *s, int mode) 2627280297Sjkim{ 2628280297Sjkim int i; 262955714Skris 2630280297Sjkim /* 2631280297Sjkim * If the session_id_length is 0, we are not supposed to cache it, and it 2632280297Sjkim * would be rather hard to do anyway :-) 2633280297Sjkim */ 2634280297Sjkim if (s->session->session_id_length == 0) 2635280297Sjkim return; 263655714Skris 2637280297Sjkim i = s->session_ctx->session_cache_mode; 2638280297Sjkim if ((i & mode) && (!s->hit) 2639280297Sjkim && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) 2640280297Sjkim || SSL_CTX_add_session(s->session_ctx, s->session)) 2641280297Sjkim && (s->session_ctx->new_session_cb != NULL)) { 2642280297Sjkim CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); 2643280297Sjkim if (!s->session_ctx->new_session_cb(s, s->session)) 2644280297Sjkim SSL_SESSION_free(s->session); 2645280297Sjkim } 264655714Skris 2647280297Sjkim /* auto flush every 255 connections */ 2648280297Sjkim if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { 2649280297Sjkim if ((((mode & SSL_SESS_CACHE_CLIENT) 2650280297Sjkim ? s->session_ctx->stats.sess_connect_good 2651280297Sjkim : s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { 2652280297Sjkim SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL)); 2653280297Sjkim } 2654280297Sjkim } 2655280297Sjkim} 265655714Skris 2657290207Sjkimconst SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) 2658290207Sjkim{ 2659290207Sjkim return ctx->method; 2660290207Sjkim} 2661290207Sjkim 2662238405Sjkimconst SSL_METHOD *SSL_get_ssl_method(SSL *s) 2663280297Sjkim{ 2664280297Sjkim return (s->method); 2665280297Sjkim} 266655714Skris 2667238405Sjkimint SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) 2668280297Sjkim{ 2669280297Sjkim int conn = -1; 2670280297Sjkim int ret = 1; 267155714Skris 2672280297Sjkim if (s->method != meth) { 2673280297Sjkim if (s->handshake_func != NULL) 2674280297Sjkim conn = (s->handshake_func == s->method->ssl_connect); 267555714Skris 2676280297Sjkim if (s->method->version == meth->version) 2677280297Sjkim s->method = meth; 2678280297Sjkim else { 2679280297Sjkim s->method->ssl_free(s); 2680280297Sjkim s->method = meth; 2681280297Sjkim ret = s->method->ssl_new(s); 2682280297Sjkim } 268355714Skris 2684280297Sjkim if (conn == 1) 2685280297Sjkim s->handshake_func = meth->ssl_connect; 2686280297Sjkim else if (conn == 0) 2687280297Sjkim s->handshake_func = meth->ssl_accept; 2688280297Sjkim } 2689280297Sjkim return (ret); 2690280297Sjkim} 269155714Skris 2692280297Sjkimint SSL_get_error(const SSL *s, int i) 2693280297Sjkim{ 2694280297Sjkim int reason; 2695280297Sjkim unsigned long l; 2696280297Sjkim BIO *bio; 269755714Skris 2698280297Sjkim if (i > 0) 2699280297Sjkim return (SSL_ERROR_NONE); 270055714Skris 2701280297Sjkim /* 2702280297Sjkim * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc, 2703280297Sjkim * where we do encode the error 2704280297Sjkim */ 2705280297Sjkim if ((l = ERR_peek_error()) != 0) { 2706280297Sjkim if (ERR_GET_LIB(l) == ERR_LIB_SYS) 2707280297Sjkim return (SSL_ERROR_SYSCALL); 2708280297Sjkim else 2709280297Sjkim return (SSL_ERROR_SSL); 2710280297Sjkim } 271155714Skris 2712280297Sjkim if ((i < 0) && SSL_want_read(s)) { 2713280297Sjkim bio = SSL_get_rbio(s); 2714280297Sjkim if (BIO_should_read(bio)) 2715280297Sjkim return (SSL_ERROR_WANT_READ); 2716280297Sjkim else if (BIO_should_write(bio)) 2717280297Sjkim /* 2718280297Sjkim * This one doesn't make too much sense ... We never try to write 2719280297Sjkim * to the rbio, and an application program where rbio and wbio 2720280297Sjkim * are separate couldn't even know what it should wait for. 2721280297Sjkim * However if we ever set s->rwstate incorrectly (so that we have 2722280297Sjkim * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and 2723280297Sjkim * wbio *are* the same, this test works around that bug; so it 2724280297Sjkim * might be safer to keep it. 2725280297Sjkim */ 2726280297Sjkim return (SSL_ERROR_WANT_WRITE); 2727280297Sjkim else if (BIO_should_io_special(bio)) { 2728280297Sjkim reason = BIO_get_retry_reason(bio); 2729280297Sjkim if (reason == BIO_RR_CONNECT) 2730280297Sjkim return (SSL_ERROR_WANT_CONNECT); 2731280297Sjkim else if (reason == BIO_RR_ACCEPT) 2732280297Sjkim return (SSL_ERROR_WANT_ACCEPT); 2733280297Sjkim else 2734280297Sjkim return (SSL_ERROR_SYSCALL); /* unknown */ 2735280297Sjkim } 2736280297Sjkim } 273755714Skris 2738280297Sjkim if ((i < 0) && SSL_want_write(s)) { 2739280297Sjkim bio = SSL_get_wbio(s); 2740280297Sjkim if (BIO_should_write(bio)) 2741280297Sjkim return (SSL_ERROR_WANT_WRITE); 2742280297Sjkim else if (BIO_should_read(bio)) 2743280297Sjkim /* 2744280297Sjkim * See above (SSL_want_read(s) with BIO_should_write(bio)) 2745280297Sjkim */ 2746280297Sjkim return (SSL_ERROR_WANT_READ); 2747280297Sjkim else if (BIO_should_io_special(bio)) { 2748280297Sjkim reason = BIO_get_retry_reason(bio); 2749280297Sjkim if (reason == BIO_RR_CONNECT) 2750280297Sjkim return (SSL_ERROR_WANT_CONNECT); 2751280297Sjkim else if (reason == BIO_RR_ACCEPT) 2752280297Sjkim return (SSL_ERROR_WANT_ACCEPT); 2753280297Sjkim else 2754280297Sjkim return (SSL_ERROR_SYSCALL); 2755280297Sjkim } 2756280297Sjkim } 2757280297Sjkim if ((i < 0) && SSL_want_x509_lookup(s)) { 2758280297Sjkim return (SSL_ERROR_WANT_X509_LOOKUP); 2759280297Sjkim } 276055714Skris 2761280297Sjkim if (i == 0) { 2762280297Sjkim if (s->version == SSL2_VERSION) { 2763280297Sjkim /* assume it is the socket being closed */ 2764280297Sjkim return (SSL_ERROR_ZERO_RETURN); 2765280297Sjkim } else { 2766280297Sjkim if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && 2767280297Sjkim (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) 2768280297Sjkim return (SSL_ERROR_ZERO_RETURN); 2769280297Sjkim } 2770280297Sjkim } 2771280297Sjkim return (SSL_ERROR_SYSCALL); 2772280297Sjkim} 277355714Skris 277455714Skrisint SSL_do_handshake(SSL *s) 2775280297Sjkim{ 2776280297Sjkim int ret = 1; 277755714Skris 2778280297Sjkim if (s->handshake_func == NULL) { 2779280297Sjkim SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); 2780280297Sjkim return (-1); 2781280297Sjkim } 278255714Skris 2783280297Sjkim s->method->ssl_renegotiate_check(s); 278455714Skris 2785280297Sjkim if (SSL_in_init(s) || SSL_in_before(s)) { 2786280297Sjkim ret = s->handshake_func(s); 2787280297Sjkim } 2788280297Sjkim return (ret); 2789280297Sjkim} 279055714Skris 2791280297Sjkim/* 2792280297Sjkim * For the next 2 functions, SSL_clear() sets shutdown and so one of these 2793280297Sjkim * calls will reset it 2794280297Sjkim */ 279555714Skrisvoid SSL_set_accept_state(SSL *s) 2796280297Sjkim{ 2797280297Sjkim s->server = 1; 2798280297Sjkim s->shutdown = 0; 2799280297Sjkim s->state = SSL_ST_ACCEPT | SSL_ST_BEFORE; 2800280297Sjkim s->handshake_func = s->method->ssl_accept; 2801280297Sjkim /* clear the current cipher */ 2802280297Sjkim ssl_clear_cipher_ctx(s); 2803280297Sjkim ssl_clear_hash_ctx(&s->read_hash); 2804280297Sjkim ssl_clear_hash_ctx(&s->write_hash); 2805280297Sjkim} 280655714Skris 280755714Skrisvoid SSL_set_connect_state(SSL *s) 2808280297Sjkim{ 2809280297Sjkim s->server = 0; 2810280297Sjkim s->shutdown = 0; 2811280297Sjkim s->state = SSL_ST_CONNECT | SSL_ST_BEFORE; 2812280297Sjkim s->handshake_func = s->method->ssl_connect; 2813280297Sjkim /* clear the current cipher */ 2814280297Sjkim ssl_clear_cipher_ctx(s); 2815280297Sjkim ssl_clear_hash_ctx(&s->read_hash); 2816280297Sjkim ssl_clear_hash_ctx(&s->write_hash); 2817280297Sjkim} 281855714Skris 281955714Skrisint ssl_undefined_function(SSL *s) 2820280297Sjkim{ 2821280297Sjkim SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2822280297Sjkim return (0); 2823280297Sjkim} 282455714Skris 2825160814Ssimonint ssl_undefined_void_function(void) 2826280297Sjkim{ 2827280297Sjkim SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, 2828280297Sjkim ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2829280297Sjkim return (0); 2830280297Sjkim} 2831160814Ssimon 2832160814Ssimonint ssl_undefined_const_function(const SSL *s) 2833280297Sjkim{ 2834280297Sjkim SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, 2835280297Sjkim ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2836280297Sjkim return (0); 2837280297Sjkim} 2838160814Ssimon 283955714SkrisSSL_METHOD *ssl_bad_method(int ver) 2840280297Sjkim{ 2841280297Sjkim SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2842280297Sjkim return (NULL); 2843280297Sjkim} 284455714Skris 2845160814Ssimonconst char *SSL_get_version(const SSL *s) 2846280297Sjkim{ 2847280297Sjkim if (s->version == TLS1_2_VERSION) 2848280297Sjkim return ("TLSv1.2"); 2849280297Sjkim else if (s->version == TLS1_1_VERSION) 2850280297Sjkim return ("TLSv1.1"); 2851280297Sjkim else if (s->version == TLS1_VERSION) 2852280297Sjkim return ("TLSv1"); 2853280297Sjkim else if (s->version == SSL3_VERSION) 2854280297Sjkim return ("SSLv3"); 2855280297Sjkim else if (s->version == SSL2_VERSION) 2856280297Sjkim return ("SSLv2"); 2857290207Sjkim else if (s->version == DTLS1_BAD_VER) 2858290207Sjkim return ("DTLSv0.9"); 2859290207Sjkim else if (s->version == DTLS1_VERSION) 2860290207Sjkim return ("DTLSv1"); 2861290207Sjkim else if (s->version == DTLS1_2_VERSION) 2862290207Sjkim return ("DTLSv1.2"); 2863280297Sjkim else 2864280297Sjkim return ("unknown"); 2865280297Sjkim} 286655714Skris 286755714SkrisSSL *SSL_dup(SSL *s) 2868280297Sjkim{ 2869280297Sjkim STACK_OF(X509_NAME) *sk; 2870280297Sjkim X509_NAME *xn; 2871280297Sjkim SSL *ret; 2872280297Sjkim int i; 2873109998Smarkm 2874280297Sjkim if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) 2875280297Sjkim return (NULL); 2876109998Smarkm 2877280297Sjkim ret->version = s->version; 2878280297Sjkim ret->type = s->type; 2879280297Sjkim ret->method = s->method; 288055714Skris 2881280297Sjkim if (s->session != NULL) { 2882280297Sjkim /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ 2883280297Sjkim SSL_copy_session_id(ret, s); 2884280297Sjkim } else { 2885280297Sjkim /* 2886280297Sjkim * No session has been established yet, so we have to expect that 2887280297Sjkim * s->cert or ret->cert will be changed later -- they should not both 2888280297Sjkim * point to the same object, and thus we can't use 2889280297Sjkim * SSL_copy_session_id. 2890280297Sjkim */ 289155714Skris 2892280297Sjkim ret->method->ssl_free(ret); 2893280297Sjkim ret->method = s->method; 2894280297Sjkim ret->method->ssl_new(ret); 289555714Skris 2896280297Sjkim if (s->cert != NULL) { 2897280297Sjkim if (ret->cert != NULL) { 2898280297Sjkim ssl_cert_free(ret->cert); 2899280297Sjkim } 2900280297Sjkim ret->cert = ssl_cert_dup(s->cert); 2901280297Sjkim if (ret->cert == NULL) 2902280297Sjkim goto err; 2903280297Sjkim } 290455714Skris 2905280297Sjkim SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length); 2906280297Sjkim } 290755714Skris 2908280297Sjkim ret->options = s->options; 2909280297Sjkim ret->mode = s->mode; 2910280297Sjkim SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); 2911280297Sjkim SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); 2912280297Sjkim ret->msg_callback = s->msg_callback; 2913280297Sjkim ret->msg_callback_arg = s->msg_callback_arg; 2914280297Sjkim SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s)); 2915280297Sjkim SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); 2916280297Sjkim ret->generate_session_id = s->generate_session_id; 291755714Skris 2918280297Sjkim SSL_set_info_callback(ret, SSL_get_info_callback(s)); 291955714Skris 2920280297Sjkim ret->debug = s->debug; 2921160814Ssimon 2922280297Sjkim /* copy app data, a little dangerous perhaps */ 2923280297Sjkim if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) 2924280297Sjkim goto err; 292555714Skris 2926280297Sjkim /* setup rbio, and wbio */ 2927280297Sjkim if (s->rbio != NULL) { 2928280297Sjkim if (!BIO_dup_state(s->rbio, (char *)&ret->rbio)) 2929280297Sjkim goto err; 2930280297Sjkim } 2931280297Sjkim if (s->wbio != NULL) { 2932280297Sjkim if (s->wbio != s->rbio) { 2933280297Sjkim if (!BIO_dup_state(s->wbio, (char *)&ret->wbio)) 2934280297Sjkim goto err; 2935280297Sjkim } else 2936280297Sjkim ret->wbio = ret->rbio; 2937280297Sjkim } 2938280297Sjkim ret->rwstate = s->rwstate; 2939280297Sjkim ret->in_handshake = s->in_handshake; 2940280297Sjkim ret->handshake_func = s->handshake_func; 2941280297Sjkim ret->server = s->server; 2942280297Sjkim ret->renegotiate = s->renegotiate; 2943280297Sjkim ret->new_session = s->new_session; 2944280297Sjkim ret->quiet_shutdown = s->quiet_shutdown; 2945280297Sjkim ret->shutdown = s->shutdown; 2946280297Sjkim ret->state = s->state; /* SSL_dup does not really work at any state, 2947280297Sjkim * though */ 2948280297Sjkim ret->rstate = s->rstate; 2949280297Sjkim ret->init_num = 0; /* would have to copy ret->init_buf, 2950280297Sjkim * ret->init_msg, ret->init_num, 2951280297Sjkim * ret->init_off */ 2952280297Sjkim ret->hit = s->hit; 295355714Skris 2954280297Sjkim X509_VERIFY_PARAM_inherit(ret->param, s->param); 295555714Skris 2956280297Sjkim /* dup the cipher_list and cipher_list_by_id stacks */ 2957280297Sjkim if (s->cipher_list != NULL) { 2958280297Sjkim if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) 2959280297Sjkim goto err; 2960280297Sjkim } 2961280297Sjkim if (s->cipher_list_by_id != NULL) 2962280297Sjkim if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) 2963280297Sjkim == NULL) 2964280297Sjkim goto err; 2965280297Sjkim 2966280297Sjkim /* Dup the client_CA list */ 2967280297Sjkim if (s->client_CA != NULL) { 2968280297Sjkim if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) 2969280297Sjkim goto err; 2970280297Sjkim ret->client_CA = sk; 2971280297Sjkim for (i = 0; i < sk_X509_NAME_num(sk); i++) { 2972280297Sjkim xn = sk_X509_NAME_value(sk, i); 2973280297Sjkim if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { 2974280297Sjkim X509_NAME_free(xn); 2975280297Sjkim goto err; 2976280297Sjkim } 2977280297Sjkim } 2978280297Sjkim } 2979280297Sjkim 2980280297Sjkim if (0) { 2981280297Sjkim err: 2982280297Sjkim if (ret != NULL) 2983280297Sjkim SSL_free(ret); 2984280297Sjkim ret = NULL; 2985280297Sjkim } 2986280297Sjkim return (ret); 2987280297Sjkim} 2988280297Sjkim 298955714Skrisvoid ssl_clear_cipher_ctx(SSL *s) 2990280297Sjkim{ 2991280297Sjkim if (s->enc_read_ctx != NULL) { 2992280297Sjkim EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); 2993280297Sjkim OPENSSL_free(s->enc_read_ctx); 2994280297Sjkim s->enc_read_ctx = NULL; 2995280297Sjkim } 2996280297Sjkim if (s->enc_write_ctx != NULL) { 2997280297Sjkim EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); 2998280297Sjkim OPENSSL_free(s->enc_write_ctx); 2999280297Sjkim s->enc_write_ctx = NULL; 3000280297Sjkim } 3001160814Ssimon#ifndef OPENSSL_NO_COMP 3002280297Sjkim if (s->expand != NULL) { 3003280297Sjkim COMP_CTX_free(s->expand); 3004280297Sjkim s->expand = NULL; 3005280297Sjkim } 3006280297Sjkim if (s->compress != NULL) { 3007280297Sjkim COMP_CTX_free(s->compress); 3008280297Sjkim s->compress = NULL; 3009280297Sjkim } 3010160814Ssimon#endif 3011280297Sjkim} 301255714Skris 3013160814SsimonX509 *SSL_get_certificate(const SSL *s) 3014280297Sjkim{ 3015280297Sjkim if (s->cert != NULL) 3016280297Sjkim return (s->cert->key->x509); 3017280297Sjkim else 3018280297Sjkim return (NULL); 3019280297Sjkim} 302055714Skris 3021290207SjkimEVP_PKEY *SSL_get_privatekey(const SSL *s) 3022280297Sjkim{ 3023280297Sjkim if (s->cert != NULL) 3024280297Sjkim return (s->cert->key->privatekey); 3025280297Sjkim else 3026280297Sjkim return (NULL); 3027280297Sjkim} 302855714Skris 3029290207SjkimX509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) 3030290207Sjkim{ 3031290207Sjkim if (ctx->cert != NULL) 3032290207Sjkim return ctx->cert->key->x509; 3033290207Sjkim else 3034290207Sjkim return NULL; 3035290207Sjkim} 3036290207Sjkim 3037290207SjkimEVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) 3038290207Sjkim{ 3039290207Sjkim if (ctx->cert != NULL) 3040290207Sjkim return ctx->cert->key->privatekey; 3041290207Sjkim else 3042290207Sjkim return NULL; 3043290207Sjkim} 3044290207Sjkim 3045238405Sjkimconst SSL_CIPHER *SSL_get_current_cipher(const SSL *s) 3046280297Sjkim{ 3047280297Sjkim if ((s->session != NULL) && (s->session->cipher != NULL)) 3048280297Sjkim return (s->session->cipher); 3049280297Sjkim return (NULL); 3050280297Sjkim} 3051280297Sjkim 3052160814Ssimon#ifdef OPENSSL_NO_COMP 3053160814Ssimonconst void *SSL_get_current_compression(SSL *s) 3054280297Sjkim{ 3055280297Sjkim return NULL; 3056280297Sjkim} 3057280297Sjkim 3058160814Ssimonconst void *SSL_get_current_expansion(SSL *s) 3059280297Sjkim{ 3060280297Sjkim return NULL; 3061280297Sjkim} 3062160814Ssimon#else 306355714Skris 3064160814Ssimonconst COMP_METHOD *SSL_get_current_compression(SSL *s) 3065280297Sjkim{ 3066280297Sjkim if (s->compress != NULL) 3067280297Sjkim return (s->compress->meth); 3068280297Sjkim return (NULL); 3069280297Sjkim} 3070160814Ssimon 3071160814Ssimonconst COMP_METHOD *SSL_get_current_expansion(SSL *s) 3072280297Sjkim{ 3073280297Sjkim if (s->expand != NULL) 3074280297Sjkim return (s->expand->meth); 3075280297Sjkim return (NULL); 3076280297Sjkim} 3077160814Ssimon#endif 3078160814Ssimon 3079280297Sjkimint ssl_init_wbio_buffer(SSL *s, int push) 3080280297Sjkim{ 3081280297Sjkim BIO *bbio; 308255714Skris 3083280297Sjkim if (s->bbio == NULL) { 3084280297Sjkim bbio = BIO_new(BIO_f_buffer()); 3085280297Sjkim if (bbio == NULL) 3086280297Sjkim return (0); 3087280297Sjkim s->bbio = bbio; 3088280297Sjkim } else { 3089280297Sjkim bbio = s->bbio; 3090280297Sjkim if (s->bbio == s->wbio) 3091280297Sjkim s->wbio = BIO_pop(s->wbio); 3092280297Sjkim } 3093280297Sjkim (void)BIO_reset(bbio); 3094280297Sjkim/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ 3095280297Sjkim if (!BIO_set_read_buffer_size(bbio, 1)) { 3096280297Sjkim SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); 3097280297Sjkim return (0); 3098280297Sjkim } 3099280297Sjkim if (push) { 3100280297Sjkim if (s->wbio != bbio) 3101280297Sjkim s->wbio = BIO_push(bbio, s->wbio); 3102280297Sjkim } else { 3103280297Sjkim if (s->wbio == bbio) 3104280297Sjkim s->wbio = BIO_pop(bbio); 3105280297Sjkim } 3106280297Sjkim return (1); 3107280297Sjkim} 310855714Skris 310955714Skrisvoid ssl_free_wbio_buffer(SSL *s) 3110280297Sjkim{ 3111280297Sjkim if (s->bbio == NULL) 3112280297Sjkim return; 311355714Skris 3114280297Sjkim if (s->bbio == s->wbio) { 3115280297Sjkim /* remove buffering */ 3116280297Sjkim s->wbio = BIO_pop(s->wbio); 3117280297Sjkim#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids 3118280297Sjkim * adding one more preprocessor symbol */ 3119280297Sjkim assert(s->wbio != NULL); 3120238405Sjkim#endif 3121280297Sjkim } 3122280297Sjkim BIO_free(s->bbio); 3123280297Sjkim s->bbio = NULL; 3124280297Sjkim} 312555714Skris 3126280297Sjkimvoid SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) 3127280297Sjkim{ 3128280297Sjkim ctx->quiet_shutdown = mode; 3129280297Sjkim} 3130280297Sjkim 3131160814Ssimonint SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) 3132280297Sjkim{ 3133280297Sjkim return (ctx->quiet_shutdown); 3134280297Sjkim} 313555714Skris 3136280297Sjkimvoid SSL_set_quiet_shutdown(SSL *s, int mode) 3137280297Sjkim{ 3138280297Sjkim s->quiet_shutdown = mode; 3139280297Sjkim} 314055714Skris 3141160814Ssimonint SSL_get_quiet_shutdown(const SSL *s) 3142280297Sjkim{ 3143280297Sjkim return (s->quiet_shutdown); 3144280297Sjkim} 314555714Skris 3146280297Sjkimvoid SSL_set_shutdown(SSL *s, int mode) 3147280297Sjkim{ 3148280297Sjkim s->shutdown = mode; 3149280297Sjkim} 315055714Skris 3151160814Ssimonint SSL_get_shutdown(const SSL *s) 3152280297Sjkim{ 3153280297Sjkim return (s->shutdown); 3154280297Sjkim} 315555714Skris 3156160814Ssimonint SSL_version(const SSL *s) 3157280297Sjkim{ 3158280297Sjkim return (s->version); 3159280297Sjkim} 316055714Skris 3161160814SsimonSSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) 3162280297Sjkim{ 3163280297Sjkim return (ssl->ctx); 3164280297Sjkim} 316555714Skris 3166280297SjkimSSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) 3167280297Sjkim{ 3168280297Sjkim CERT *ocert = ssl->cert; 3169280297Sjkim if (ssl->ctx == ctx) 3170280297Sjkim return ssl->ctx; 3171194206Ssimon#ifndef OPENSSL_NO_TLSEXT 3172280297Sjkim if (ctx == NULL) 3173280297Sjkim ctx = ssl->initial_ctx; 3174194206Ssimon#endif 3175280297Sjkim ssl->cert = ssl_cert_dup(ctx->cert); 3176290207Sjkim if (ocert) { 3177290207Sjkim /* Preserve any already negotiated parameters */ 3178290207Sjkim if (ssl->server) { 3179290207Sjkim ssl->cert->peer_sigalgs = ocert->peer_sigalgs; 3180290207Sjkim ssl->cert->peer_sigalgslen = ocert->peer_sigalgslen; 3181290207Sjkim ocert->peer_sigalgs = NULL; 3182290207Sjkim ssl->cert->ciphers_raw = ocert->ciphers_raw; 3183290207Sjkim ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen; 3184290207Sjkim ocert->ciphers_raw = NULL; 3185280297Sjkim } 3186298998Sjkim#ifndef OPENSSL_NO_TLSEXT 3187298998Sjkim ssl->cert->alpn_proposed = ocert->alpn_proposed; 3188298998Sjkim ssl->cert->alpn_proposed_len = ocert->alpn_proposed_len; 3189298998Sjkim ocert->alpn_proposed = NULL; 3190298998Sjkim ssl->cert->alpn_sent = ocert->alpn_sent; 3191298998Sjkim#endif 3192280297Sjkim ssl_cert_free(ocert); 3193280297Sjkim } 3194276861Sjkim 3195280297Sjkim /* 3196280297Sjkim * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), 3197280297Sjkim * so setter APIs must prevent invalid lengths from entering the system. 3198280297Sjkim */ 3199280297Sjkim OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)); 3200276861Sjkim 3201280297Sjkim /* 3202280297Sjkim * If the session ID context matches that of the parent SSL_CTX, 3203280297Sjkim * inherit it from the new SSL_CTX as well. If however the context does 3204280297Sjkim * not match (i.e., it was set per-ssl with SSL_set_session_id_context), 3205280297Sjkim * leave it unchanged. 3206280297Sjkim */ 3207280297Sjkim if ((ssl->ctx != NULL) && 3208280297Sjkim (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && 3209280297Sjkim (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) { 3210280297Sjkim ssl->sid_ctx_length = ctx->sid_ctx_length; 3211280297Sjkim memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); 3212280297Sjkim } 3213276861Sjkim 3214280297Sjkim CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 3215280297Sjkim if (ssl->ctx != NULL) 3216280297Sjkim SSL_CTX_free(ssl->ctx); /* decrement reference count */ 3217280297Sjkim ssl->ctx = ctx; 3218276861Sjkim 3219280297Sjkim return (ssl->ctx); 3220280297Sjkim} 3221194206Ssimon 3222109998Smarkm#ifndef OPENSSL_NO_STDIO 322355714Skrisint SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 3224280297Sjkim{ 3225280297Sjkim return (X509_STORE_set_default_paths(ctx->cert_store)); 3226280297Sjkim} 322755714Skris 322855714Skrisint SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 3229280297Sjkim const char *CApath) 3230280297Sjkim{ 3231280297Sjkim return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); 3232280297Sjkim} 323355714Skris#endif 323455714Skris 3235109998Smarkmvoid SSL_set_info_callback(SSL *ssl, 3236280297Sjkim void (*cb) (const SSL *ssl, int type, int val)) 3237280297Sjkim{ 3238280297Sjkim ssl->info_callback = cb; 3239280297Sjkim} 324055714Skris 3241280297Sjkim/* 3242280297Sjkim * One compiler (Diab DCC) doesn't like argument names in returned function 3243280297Sjkim * pointer. 3244280297Sjkim */ 3245280297Sjkimvoid (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ , 3246280297Sjkim int /* type */ , 3247280297Sjkim int /* val */ ) { 3248280297Sjkim return ssl->info_callback; 3249280297Sjkim} 325055714Skris 3251160814Ssimonint SSL_state(const SSL *ssl) 3252280297Sjkim{ 3253280297Sjkim return (ssl->state); 3254280297Sjkim} 325555714Skris 3256238405Sjkimvoid SSL_set_state(SSL *ssl, int state) 3257280297Sjkim{ 3258280297Sjkim ssl->state = state; 3259280297Sjkim} 3260238405Sjkim 3261280297Sjkimvoid SSL_set_verify_result(SSL *ssl, long arg) 3262280297Sjkim{ 3263280297Sjkim ssl->verify_result = arg; 3264280297Sjkim} 326555714Skris 3266160814Ssimonlong SSL_get_verify_result(const SSL *ssl) 3267280297Sjkim{ 3268280297Sjkim return (ssl->verify_result); 3269280297Sjkim} 327055714Skris 3271280297Sjkimint SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 3272280297Sjkim CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 3273280297Sjkim{ 3274280297Sjkim return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, 3275280297Sjkim new_func, dup_func, free_func); 3276280297Sjkim} 327755714Skris 3278280297Sjkimint SSL_set_ex_data(SSL *s, int idx, void *arg) 3279280297Sjkim{ 3280280297Sjkim return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); 3281280297Sjkim} 328255714Skris 3283280297Sjkimvoid *SSL_get_ex_data(const SSL *s, int idx) 3284280297Sjkim{ 3285280297Sjkim return (CRYPTO_get_ex_data(&s->ex_data, idx)); 3286280297Sjkim} 328755714Skris 3288280297Sjkimint SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 3289280297Sjkim CRYPTO_EX_dup *dup_func, 3290280297Sjkim CRYPTO_EX_free *free_func) 3291280297Sjkim{ 3292280297Sjkim return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, 3293280297Sjkim new_func, dup_func, free_func); 3294280297Sjkim} 329555714Skris 3296280297Sjkimint SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) 3297280297Sjkim{ 3298280297Sjkim return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); 3299280297Sjkim} 330055714Skris 3301280297Sjkimvoid *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) 3302280297Sjkim{ 3303280297Sjkim return (CRYPTO_get_ex_data(&s->ex_data, idx)); 3304280297Sjkim} 330555714Skris 330655714Skrisint ssl_ok(SSL *s) 3307280297Sjkim{ 3308280297Sjkim return (1); 3309280297Sjkim} 331055714Skris 3311160814SsimonX509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) 3312280297Sjkim{ 3313280297Sjkim return (ctx->cert_store); 3314280297Sjkim} 331555714Skris 3316280297Sjkimvoid SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) 3317280297Sjkim{ 3318280297Sjkim if (ctx->cert_store != NULL) 3319280297Sjkim X509_STORE_free(ctx->cert_store); 3320280297Sjkim ctx->cert_store = store; 3321280297Sjkim} 332255714Skris 3323160814Ssimonint SSL_want(const SSL *s) 3324280297Sjkim{ 3325280297Sjkim return (s->rwstate); 3326280297Sjkim} 332755714Skris 3328280297Sjkim/** 332955714Skris * \brief Set the callback for generating temporary RSA keys. 333055714Skris * \param ctx the SSL context. 333155714Skris * \param cb the callback 333255714Skris */ 333355714Skris 3334109998Smarkm#ifndef OPENSSL_NO_RSA 3335280297Sjkimvoid SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb) (SSL *ssl, 3336280297Sjkim int is_export, 3337280297Sjkim int keylength)) 3338280297Sjkim{ 3339280297Sjkim SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); 3340280297Sjkim} 334155714Skris 3342280297Sjkimvoid SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb) (SSL *ssl, 3343280297Sjkim int is_export, 3344280297Sjkim int keylength)) 3345280297Sjkim{ 3346280297Sjkim SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); 3347280297Sjkim} 334855714Skris#endif 334955714Skris 335055714Skris#ifdef DOXYGEN 3351280297Sjkim/** 335255714Skris * \brief The RSA temporary key callback function. 335355714Skris * \param ssl the SSL session. 335455714Skris * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite. 335555714Skris * \param keylength if \c is_export is \c TRUE, then \c keylength is the size 335655714Skris * of the required key in bits. 335755714Skris * \return the temporary RSA key. 335855714Skris * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback 335955714Skris */ 336055714Skris 3361280297SjkimRSA *cb(SSL *ssl, int is_export, int keylength) 3362280297Sjkim{ 3363280297Sjkim} 336455714Skris#endif 336555714Skris 3366280297Sjkim/** 336755714Skris * \brief Set the callback for generating temporary DH keys. 336855714Skris * \param ctx the SSL context. 336955714Skris * \param dh the callback 337055714Skris */ 337155714Skris 3372109998Smarkm#ifndef OPENSSL_NO_DH 3373280297Sjkimvoid SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 3374280297Sjkim DH *(*dh) (SSL *ssl, int is_export, 3375280297Sjkim int keylength)) 3376280297Sjkim{ 3377280297Sjkim SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); 3378280297Sjkim} 337955714Skris 3380280297Sjkimvoid SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, 3381280297Sjkim int keylength)) 3382280297Sjkim{ 3383280297Sjkim SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); 3384280297Sjkim} 338555714Skris#endif 338655714Skris 3387160814Ssimon#ifndef OPENSSL_NO_ECDH 3388280297Sjkimvoid SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, 3389280297Sjkim EC_KEY *(*ecdh) (SSL *ssl, int is_export, 3390280297Sjkim int keylength)) 3391280297Sjkim{ 3392280297Sjkim SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, 3393280297Sjkim (void (*)(void))ecdh); 3394280297Sjkim} 3395109998Smarkm 3396280297Sjkimvoid SSL_set_tmp_ecdh_callback(SSL *ssl, 3397280297Sjkim EC_KEY *(*ecdh) (SSL *ssl, int is_export, 3398280297Sjkim int keylength)) 3399280297Sjkim{ 3400280297Sjkim SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh); 3401280297Sjkim} 3402160814Ssimon#endif 3403160814Ssimon 3404238405Sjkim#ifndef OPENSSL_NO_PSK 3405238405Sjkimint SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) 3406280297Sjkim{ 3407280297Sjkim if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 3408280297Sjkim SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, 3409280297Sjkim SSL_R_DATA_LENGTH_TOO_LONG); 3410280297Sjkim return 0; 3411280297Sjkim } 3412280297Sjkim if (ctx->psk_identity_hint != NULL) 3413280297Sjkim OPENSSL_free(ctx->psk_identity_hint); 3414280297Sjkim if (identity_hint != NULL) { 3415280297Sjkim ctx->psk_identity_hint = BUF_strdup(identity_hint); 3416280297Sjkim if (ctx->psk_identity_hint == NULL) 3417280297Sjkim return 0; 3418280297Sjkim } else 3419280297Sjkim ctx->psk_identity_hint = NULL; 3420280297Sjkim return 1; 3421280297Sjkim} 3422160814Ssimon 3423238405Sjkimint SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) 3424280297Sjkim{ 3425280297Sjkim if (s == NULL) 3426280297Sjkim return 0; 3427238405Sjkim 3428280297Sjkim if (s->session == NULL) 3429280297Sjkim return 1; /* session not created yet, ignored */ 3430238405Sjkim 3431280297Sjkim if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 3432280297Sjkim SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); 3433280297Sjkim return 0; 3434280297Sjkim } 3435280297Sjkim if (s->session->psk_identity_hint != NULL) 3436280297Sjkim OPENSSL_free(s->session->psk_identity_hint); 3437280297Sjkim if (identity_hint != NULL) { 3438280297Sjkim s->session->psk_identity_hint = BUF_strdup(identity_hint); 3439280297Sjkim if (s->session->psk_identity_hint == NULL) 3440280297Sjkim return 0; 3441280297Sjkim } else 3442280297Sjkim s->session->psk_identity_hint = NULL; 3443280297Sjkim return 1; 3444280297Sjkim} 3445238405Sjkim 3446238405Sjkimconst char *SSL_get_psk_identity_hint(const SSL *s) 3447280297Sjkim{ 3448280297Sjkim if (s == NULL || s->session == NULL) 3449280297Sjkim return NULL; 3450280297Sjkim return (s->session->psk_identity_hint); 3451280297Sjkim} 3452238405Sjkim 3453238405Sjkimconst char *SSL_get_psk_identity(const SSL *s) 3454280297Sjkim{ 3455280297Sjkim if (s == NULL || s->session == NULL) 3456280297Sjkim return NULL; 3457280297Sjkim return (s->session->psk_identity); 3458280297Sjkim} 3459238405Sjkim 3460238405Sjkimvoid SSL_set_psk_client_callback(SSL *s, 3461280297Sjkim unsigned int (*cb) (SSL *ssl, 3462280297Sjkim const char *hint, 3463280297Sjkim char *identity, 3464280297Sjkim unsigned int 3465280297Sjkim max_identity_len, 3466280297Sjkim unsigned char *psk, 3467280297Sjkim unsigned int 3468280297Sjkim max_psk_len)) 3469280297Sjkim{ 3470280297Sjkim s->psk_client_callback = cb; 3471280297Sjkim} 3472238405Sjkim 3473238405Sjkimvoid SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 3474280297Sjkim unsigned int (*cb) (SSL *ssl, 3475280297Sjkim const char *hint, 3476280297Sjkim char *identity, 3477280297Sjkim unsigned int 3478280297Sjkim max_identity_len, 3479280297Sjkim unsigned char *psk, 3480280297Sjkim unsigned int 3481280297Sjkim max_psk_len)) 3482280297Sjkim{ 3483280297Sjkim ctx->psk_client_callback = cb; 3484280297Sjkim} 3485238405Sjkim 3486238405Sjkimvoid SSL_set_psk_server_callback(SSL *s, 3487280297Sjkim unsigned int (*cb) (SSL *ssl, 3488280297Sjkim const char *identity, 3489280297Sjkim unsigned char *psk, 3490280297Sjkim unsigned int 3491280297Sjkim max_psk_len)) 3492280297Sjkim{ 3493280297Sjkim s->psk_server_callback = cb; 3494280297Sjkim} 3495238405Sjkim 3496238405Sjkimvoid SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 3497280297Sjkim unsigned int (*cb) (SSL *ssl, 3498280297Sjkim const char *identity, 3499280297Sjkim unsigned char *psk, 3500280297Sjkim unsigned int 3501280297Sjkim max_psk_len)) 3502280297Sjkim{ 3503280297Sjkim ctx->psk_server_callback = cb; 3504280297Sjkim} 3505238405Sjkim#endif 3506238405Sjkim 3507280297Sjkimvoid SSL_CTX_set_msg_callback(SSL_CTX *ctx, 3508280297Sjkim void (*cb) (int write_p, int version, 3509280297Sjkim int content_type, const void *buf, 3510280297Sjkim size_t len, SSL *ssl, void *arg)) 3511280297Sjkim{ 3512280297Sjkim SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3513280297Sjkim} 3514109998Smarkm 3515280297Sjkimvoid SSL_set_msg_callback(SSL *ssl, 3516280297Sjkim void (*cb) (int write_p, int version, 3517280297Sjkim int content_type, const void *buf, 3518280297Sjkim size_t len, SSL *ssl, void *arg)) 3519280297Sjkim{ 3520280297Sjkim SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3521280297Sjkim} 3522280297Sjkim 3523280297Sjkim/* 3524280297Sjkim * Allocates new EVP_MD_CTX and sets pointer to it into given pointer 3525280297Sjkim * vairable, freeing EVP_MD_CTX previously stored in that variable, if any. 3526280297Sjkim * If EVP_MD pointer is passed, initializes ctx with this md Returns newly 3527280297Sjkim * allocated ctx; 3528238405Sjkim */ 3529109998Smarkm 3530280297SjkimEVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) 3531238405Sjkim{ 3532280297Sjkim ssl_clear_hash_ctx(hash); 3533280297Sjkim *hash = EVP_MD_CTX_create(); 3534291719Sjkim if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) { 3535291719Sjkim EVP_MD_CTX_destroy(*hash); 3536291719Sjkim *hash = NULL; 3537291719Sjkim return NULL; 3538291719Sjkim } 3539280297Sjkim return *hash; 3540238405Sjkim} 3541280297Sjkim 3542280297Sjkimvoid ssl_clear_hash_ctx(EVP_MD_CTX **hash) 3543238405Sjkim{ 3544109998Smarkm 3545280297Sjkim if (*hash) 3546280297Sjkim EVP_MD_CTX_destroy(*hash); 3547280297Sjkim *hash = NULL; 3548238405Sjkim} 3549238405Sjkim 3550238405Sjkimvoid SSL_set_debug(SSL *s, int debug) 3551280297Sjkim{ 3552280297Sjkim s->debug = debug; 3553280297Sjkim} 3554238405Sjkim 3555238405Sjkimint SSL_cache_hit(SSL *s) 3556280297Sjkim{ 3557280297Sjkim return s->hit; 3558280297Sjkim} 3559238405Sjkim 3560290207Sjkimint SSL_is_server(SSL *s) 3561290207Sjkim{ 3562290207Sjkim return s->server; 3563290207Sjkim} 3564290207Sjkim 3565109998Smarkm#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16) 3566280297Sjkim# include "../crypto/bio/bss_file.c" 356755714Skris#endif 356855714Skris 356955714SkrisIMPLEMENT_STACK_OF(SSL_CIPHER) 357055714SkrisIMPLEMENT_STACK_OF(SSL_COMP) 3571280297SjkimIMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); 3572