ssl_lib.c revision 1.298
1/* $OpenBSD: ssl_lib.c,v 1.298 2022/07/20 14:08:49 tb Exp $ */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58/* ==================================================================== 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111/* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * ECC cipher suite support in OpenSSL originally developed by 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115 */ 116/* ==================================================================== 117 * Copyright 2005 Nokia. All rights reserved. 118 * 119 * The portions of the attached software ("Contribution") is developed by 120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 121 * license. 122 * 123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 125 * support (see RFC 4279) to OpenSSL. 126 * 127 * No patent licenses or other rights except those expressly stated in 128 * the OpenSSL open source license shall be deemed granted or received 129 * expressly, by implication, estoppel, or otherwise. 130 * 131 * No assurances are provided by Nokia that the Contribution does not 132 * infringe the patent or other intellectual property rights of any third 133 * party or that the license provides you with all the necessary rights 134 * to make use of the Contribution. 135 * 136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 140 * OTHERWISE. 141 */ 142 143#include <arpa/inet.h> 144#include <sys/socket.h> 145#include <netinet/in.h> 146 147#include <limits.h> 148#include <stdio.h> 149 150#include <openssl/dh.h> 151#include <openssl/lhash.h> 152#include <openssl/objects.h> 153#include <openssl/ocsp.h> 154#include <openssl/opensslconf.h> 155#include <openssl/x509v3.h> 156 157#ifndef OPENSSL_NO_ENGINE 158#include <openssl/engine.h> 159#endif 160 161#include "bytestring.h" 162#include "dtls_locl.h" 163#include "ssl_locl.h" 164#include "ssl_sigalgs.h" 165#include "ssl_tlsext.h" 166 167const char *SSL_version_str = OPENSSL_VERSION_TEXT; 168 169int 170SSL_clear(SSL *s) 171{ 172 if (s->method == NULL) { 173 SSLerror(s, SSL_R_NO_METHOD_SPECIFIED); 174 return (0); 175 } 176 177 if (ssl_clear_bad_session(s)) { 178 SSL_SESSION_free(s->session); 179 s->session = NULL; 180 } 181 182 s->error = 0; 183 s->internal->hit = 0; 184 s->internal->shutdown = 0; 185 186 if (s->internal->renegotiate) { 187 SSLerror(s, ERR_R_INTERNAL_ERROR); 188 return (0); 189 } 190 191 s->version = s->method->version; 192 s->client_version = s->version; 193 s->internal->rwstate = SSL_NOTHING; 194 s->internal->rstate = SSL_ST_READ_HEADER; 195 196 tls13_ctx_free(s->internal->tls13); 197 s->internal->tls13 = NULL; 198 199 ssl3_release_init_buffer(s); 200 201 ssl_clear_cipher_state(s); 202 203 s->internal->first_packet = 0; 204 205 /* 206 * Check to see if we were changed into a different method, if 207 * so, revert back if we are not doing session-id reuse. 208 */ 209 if (!s->internal->in_handshake && (s->session == NULL) && 210 (s->method != s->ctx->method)) { 211 s->method->ssl_free(s); 212 s->method = s->ctx->method; 213 if (!s->method->ssl_new(s)) 214 return (0); 215 } else 216 s->method->ssl_clear(s); 217 218 return (1); 219} 220 221/* Used to change an SSL_CTXs default SSL method type */ 222int 223SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) 224{ 225 STACK_OF(SSL_CIPHER) *ciphers; 226 227 ctx->method = meth; 228 229 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 230 ctx->internal->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST, 231 ctx->internal->cert); 232 if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) { 233 SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 234 return (0); 235 } 236 return (1); 237} 238 239SSL * 240SSL_new(SSL_CTX *ctx) 241{ 242 SSL *s; 243 244 if (ctx == NULL) { 245 SSLerrorx(SSL_R_NULL_SSL_CTX); 246 return (NULL); 247 } 248 if (ctx->method == NULL) { 249 SSLerrorx(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 250 return (NULL); 251 } 252 253 if ((s = calloc(1, sizeof(*s))) == NULL) 254 goto err; 255 if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL) 256 goto err; 257 258 if ((s->internal->rl = tls12_record_layer_new()) == NULL) 259 goto err; 260 261 s->internal->min_tls_version = ctx->internal->min_tls_version; 262 s->internal->max_tls_version = ctx->internal->max_tls_version; 263 s->internal->min_proto_version = ctx->internal->min_proto_version; 264 s->internal->max_proto_version = ctx->internal->max_proto_version; 265 266 s->internal->options = ctx->internal->options; 267 s->internal->mode = ctx->internal->mode; 268 s->internal->max_cert_list = ctx->internal->max_cert_list; 269 s->internal->num_tickets = ctx->internal->num_tickets; 270 271 if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL) 272 goto err; 273 274 s->internal->read_ahead = ctx->internal->read_ahead; 275 s->internal->msg_callback = ctx->internal->msg_callback; 276 s->internal->msg_callback_arg = ctx->internal->msg_callback_arg; 277 s->verify_mode = ctx->verify_mode; 278 s->sid_ctx_length = ctx->sid_ctx_length; 279 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); 280 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); 281 s->internal->verify_callback = ctx->internal->default_verify_callback; 282 s->internal->generate_session_id = ctx->internal->generate_session_id; 283 284 s->param = X509_VERIFY_PARAM_new(); 285 if (!s->param) 286 goto err; 287 X509_VERIFY_PARAM_inherit(s->param, ctx->param); 288 s->internal->quiet_shutdown = ctx->internal->quiet_shutdown; 289 s->max_send_fragment = ctx->internal->max_send_fragment; 290 291 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 292 s->ctx = ctx; 293 s->internal->tlsext_debug_cb = 0; 294 s->internal->tlsext_debug_arg = NULL; 295 s->internal->tlsext_ticket_expected = 0; 296 s->tlsext_status_type = -1; 297 s->internal->tlsext_status_expected = 0; 298 s->internal->tlsext_ocsp_ids = NULL; 299 s->internal->tlsext_ocsp_exts = NULL; 300 s->internal->tlsext_ocsp_resp = NULL; 301 s->internal->tlsext_ocsp_resp_len = 0; 302 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 303 s->initial_ctx = ctx; 304 305 if (ctx->internal->tlsext_ecpointformatlist != NULL) { 306 s->internal->tlsext_ecpointformatlist = 307 calloc(ctx->internal->tlsext_ecpointformatlist_length, 308 sizeof(ctx->internal->tlsext_ecpointformatlist[0])); 309 if (s->internal->tlsext_ecpointformatlist == NULL) 310 goto err; 311 memcpy(s->internal->tlsext_ecpointformatlist, 312 ctx->internal->tlsext_ecpointformatlist, 313 ctx->internal->tlsext_ecpointformatlist_length * 314 sizeof(ctx->internal->tlsext_ecpointformatlist[0])); 315 s->internal->tlsext_ecpointformatlist_length = 316 ctx->internal->tlsext_ecpointformatlist_length; 317 } 318 if (ctx->internal->tlsext_supportedgroups != NULL) { 319 s->internal->tlsext_supportedgroups = 320 calloc(ctx->internal->tlsext_supportedgroups_length, 321 sizeof(ctx->internal->tlsext_supportedgroups[0])); 322 if (s->internal->tlsext_supportedgroups == NULL) 323 goto err; 324 memcpy(s->internal->tlsext_supportedgroups, 325 ctx->internal->tlsext_supportedgroups, 326 ctx->internal->tlsext_supportedgroups_length * 327 sizeof(ctx->internal->tlsext_supportedgroups[0])); 328 s->internal->tlsext_supportedgroups_length = 329 ctx->internal->tlsext_supportedgroups_length; 330 } 331 332 if (s->ctx->internal->alpn_client_proto_list != NULL) { 333 s->internal->alpn_client_proto_list = 334 malloc(s->ctx->internal->alpn_client_proto_list_len); 335 if (s->internal->alpn_client_proto_list == NULL) 336 goto err; 337 memcpy(s->internal->alpn_client_proto_list, 338 s->ctx->internal->alpn_client_proto_list, 339 s->ctx->internal->alpn_client_proto_list_len); 340 s->internal->alpn_client_proto_list_len = 341 s->ctx->internal->alpn_client_proto_list_len; 342 } 343 344 s->verify_result = X509_V_OK; 345 346 s->method = ctx->method; 347 348 if (!s->method->ssl_new(s)) 349 goto err; 350 351 s->references = 1; 352 s->server = ctx->method->server; 353 354 SSL_clear(s); 355 356 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data); 357 358 return (s); 359 360 err: 361 SSL_free(s); 362 SSLerrorx(ERR_R_MALLOC_FAILURE); 363 return (NULL); 364} 365 366int 367SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, 368 unsigned int sid_ctx_len) 369{ 370 if (sid_ctx_len > sizeof ctx->sid_ctx) { 371 SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 372 return (0); 373 } 374 ctx->sid_ctx_length = sid_ctx_len; 375 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); 376 377 return (1); 378} 379 380int 381SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, 382 unsigned int sid_ctx_len) 383{ 384 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 385 SSLerror(ssl, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 386 return (0); 387 } 388 ssl->sid_ctx_length = sid_ctx_len; 389 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); 390 391 return (1); 392} 393 394int 395SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) 396{ 397 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 398 ctx->internal->generate_session_id = cb; 399 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 400 return (1); 401} 402 403int 404SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) 405{ 406 CRYPTO_w_lock(CRYPTO_LOCK_SSL); 407 ssl->internal->generate_session_id = cb; 408 CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 409 return (1); 410} 411 412int 413SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 414 unsigned int id_len) 415{ 416 /* 417 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp 418 * shows how we can "construct" a session to give us the desired 419 * check - ie. to find if there's a session in the hash table 420 * that would conflict with any new session built out of this 421 * id/id_len and the ssl_version in use by this SSL. 422 */ 423 SSL_SESSION r, *p; 424 425 if (id_len > sizeof r.session_id) 426 return (0); 427 428 r.ssl_version = ssl->version; 429 r.session_id_length = id_len; 430 memcpy(r.session_id, id, id_len); 431 432 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 433 p = lh_SSL_SESSION_retrieve(ssl->ctx->internal->sessions, &r); 434 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 435 return (p != NULL); 436} 437 438int 439SSL_CTX_set_purpose(SSL_CTX *s, int purpose) 440{ 441 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); 442} 443 444int 445SSL_set_purpose(SSL *s, int purpose) 446{ 447 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); 448} 449 450int 451SSL_CTX_set_trust(SSL_CTX *s, int trust) 452{ 453 return (X509_VERIFY_PARAM_set_trust(s->param, trust)); 454} 455 456int 457SSL_set_trust(SSL *s, int trust) 458{ 459 return (X509_VERIFY_PARAM_set_trust(s->param, trust)); 460} 461 462int 463SSL_set1_host(SSL *s, const char *hostname) 464{ 465 struct in_addr ina; 466 struct in6_addr in6a; 467 468 if (hostname != NULL && *hostname != '\0' && 469 (inet_pton(AF_INET, hostname, &ina) == 1 || 470 inet_pton(AF_INET6, hostname, &in6a) == 1)) 471 return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname); 472 else 473 return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); 474} 475 476void 477SSL_set_hostflags(SSL *s, unsigned int flags) 478{ 479 X509_VERIFY_PARAM_set_hostflags(s->param, flags); 480} 481 482const char * 483SSL_get0_peername(SSL *s) 484{ 485 return X509_VERIFY_PARAM_get0_peername(s->param); 486} 487 488X509_VERIFY_PARAM * 489SSL_CTX_get0_param(SSL_CTX *ctx) 490{ 491 return (ctx->param); 492} 493 494int 495SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) 496{ 497 return (X509_VERIFY_PARAM_set1(ctx->param, vpm)); 498} 499 500X509_VERIFY_PARAM * 501SSL_get0_param(SSL *ssl) 502{ 503 return (ssl->param); 504} 505 506int 507SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) 508{ 509 return (X509_VERIFY_PARAM_set1(ssl->param, vpm)); 510} 511 512void 513SSL_free(SSL *s) 514{ 515 int i; 516 517 if (s == NULL) 518 return; 519 520 i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); 521 if (i > 0) 522 return; 523 524 X509_VERIFY_PARAM_free(s->param); 525 526 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data); 527 528 if (s->bbio != NULL) { 529 /* If the buffering BIO is in place, pop it off */ 530 if (s->bbio == s->wbio) { 531 s->wbio = BIO_pop(s->wbio); 532 } 533 BIO_free(s->bbio); 534 s->bbio = NULL; 535 } 536 537 if (s->rbio != s->wbio) 538 BIO_free_all(s->rbio); 539 BIO_free_all(s->wbio); 540 541 tls13_ctx_free(s->internal->tls13); 542 543 ssl3_release_init_buffer(s); 544 545 sk_SSL_CIPHER_free(s->cipher_list); 546 sk_SSL_CIPHER_free(s->internal->cipher_list_tls13); 547 548 /* Make the next call work :-) */ 549 if (s->session != NULL) { 550 ssl_clear_bad_session(s); 551 SSL_SESSION_free(s->session); 552 } 553 554 ssl_clear_cipher_state(s); 555 556 ssl_cert_free(s->cert); 557 558 free(s->tlsext_hostname); 559 SSL_CTX_free(s->initial_ctx); 560 561 free(s->internal->tlsext_ecpointformatlist); 562 free(s->internal->tlsext_supportedgroups); 563 564 sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts, 565 X509_EXTENSION_free); 566 sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free); 567 free(s->internal->tlsext_ocsp_resp); 568 569 sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free); 570 571 if (s->method != NULL) 572 s->method->ssl_free(s); 573 574 SSL_CTX_free(s->ctx); 575 576 free(s->internal->alpn_client_proto_list); 577 578 free(s->internal->quic_transport_params); 579 580#ifndef OPENSSL_NO_SRTP 581 sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles); 582#endif 583 584 tls12_record_layer_free(s->internal->rl); 585 586 free(s->internal); 587 free(s); 588} 589 590int 591SSL_up_ref(SSL *s) 592{ 593 int refs = CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL); 594 return (refs > 1) ? 1 : 0; 595} 596 597void 598SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) 599{ 600 /* If the output buffering BIO is still in place, remove it */ 601 if (s->bbio != NULL) { 602 if (s->wbio == s->bbio) { 603 s->wbio = BIO_next(s->wbio); 604 BIO_set_next(s->bbio, NULL); 605 } 606 } 607 608 if (s->rbio != rbio && s->rbio != s->wbio) 609 BIO_free_all(s->rbio); 610 if (s->wbio != wbio) 611 BIO_free_all(s->wbio); 612 s->rbio = rbio; 613 s->wbio = wbio; 614} 615 616BIO * 617SSL_get_rbio(const SSL *s) 618{ 619 return (s->rbio); 620} 621 622void 623SSL_set0_rbio(SSL *s, BIO *rbio) 624{ 625 BIO_free_all(s->rbio); 626 s->rbio = rbio; 627} 628 629BIO * 630SSL_get_wbio(const SSL *s) 631{ 632 return (s->wbio); 633} 634 635int 636SSL_get_fd(const SSL *s) 637{ 638 return (SSL_get_rfd(s)); 639} 640 641int 642SSL_get_rfd(const SSL *s) 643{ 644 int ret = -1; 645 BIO *b, *r; 646 647 b = SSL_get_rbio(s); 648 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 649 if (r != NULL) 650 BIO_get_fd(r, &ret); 651 return (ret); 652} 653 654int 655SSL_get_wfd(const SSL *s) 656{ 657 int ret = -1; 658 BIO *b, *r; 659 660 b = SSL_get_wbio(s); 661 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 662 if (r != NULL) 663 BIO_get_fd(r, &ret); 664 return (ret); 665} 666 667int 668SSL_set_fd(SSL *s, int fd) 669{ 670 int ret = 0; 671 BIO *bio = NULL; 672 673 bio = BIO_new(BIO_s_socket()); 674 675 if (bio == NULL) { 676 SSLerror(s, ERR_R_BUF_LIB); 677 goto err; 678 } 679 BIO_set_fd(bio, fd, BIO_NOCLOSE); 680 SSL_set_bio(s, bio, bio); 681 ret = 1; 682 err: 683 return (ret); 684} 685 686int 687SSL_set_wfd(SSL *s, int fd) 688{ 689 int ret = 0; 690 BIO *bio = NULL; 691 692 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) 693 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { 694 bio = BIO_new(BIO_s_socket()); 695 696 if (bio == NULL) { 697 SSLerror(s, ERR_R_BUF_LIB); 698 goto err; 699 } 700 BIO_set_fd(bio, fd, BIO_NOCLOSE); 701 SSL_set_bio(s, SSL_get_rbio(s), bio); 702 } else 703 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); 704 ret = 1; 705 err: 706 return (ret); 707} 708 709int 710SSL_set_rfd(SSL *s, int fd) 711{ 712 int ret = 0; 713 BIO *bio = NULL; 714 715 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) 716 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { 717 bio = BIO_new(BIO_s_socket()); 718 719 if (bio == NULL) { 720 SSLerror(s, ERR_R_BUF_LIB); 721 goto err; 722 } 723 BIO_set_fd(bio, fd, BIO_NOCLOSE); 724 SSL_set_bio(s, bio, SSL_get_wbio(s)); 725 } else 726 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); 727 ret = 1; 728 err: 729 return (ret); 730} 731 732 733/* return length of latest Finished message we sent, copy to 'buf' */ 734size_t 735SSL_get_finished(const SSL *s, void *buf, size_t count) 736{ 737 size_t ret; 738 739 ret = s->s3->hs.finished_len; 740 if (count > ret) 741 count = ret; 742 memcpy(buf, s->s3->hs.finished, count); 743 return (ret); 744} 745 746/* return length of latest Finished message we expected, copy to 'buf' */ 747size_t 748SSL_get_peer_finished(const SSL *s, void *buf, size_t count) 749{ 750 size_t ret; 751 752 ret = s->s3->hs.peer_finished_len; 753 if (count > ret) 754 count = ret; 755 memcpy(buf, s->s3->hs.peer_finished, count); 756 return (ret); 757} 758 759 760int 761SSL_get_verify_mode(const SSL *s) 762{ 763 return (s->verify_mode); 764} 765 766int 767SSL_get_verify_depth(const SSL *s) 768{ 769 return (X509_VERIFY_PARAM_get_depth(s->param)); 770} 771 772int 773(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) 774{ 775 return (s->internal->verify_callback); 776} 777 778void 779SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) 780{ 781 ctx->internal->keylog_callback = cb; 782} 783 784SSL_CTX_keylog_cb_func 785SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) 786{ 787 return (ctx->internal->keylog_callback); 788} 789 790int 791SSL_set_num_tickets(SSL *s, size_t num_tickets) 792{ 793 s->internal->num_tickets = num_tickets; 794 795 return 1; 796} 797 798size_t 799SSL_get_num_tickets(const SSL *s) 800{ 801 return s->internal->num_tickets; 802} 803 804int 805SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) 806{ 807 ctx->internal->num_tickets = num_tickets; 808 809 return 1; 810} 811 812size_t 813SSL_CTX_get_num_tickets(const SSL_CTX *ctx) 814{ 815 return ctx->internal->num_tickets; 816} 817 818int 819SSL_CTX_get_verify_mode(const SSL_CTX *ctx) 820{ 821 return (ctx->verify_mode); 822} 823 824int 825SSL_CTX_get_verify_depth(const SSL_CTX *ctx) 826{ 827 return (X509_VERIFY_PARAM_get_depth(ctx->param)); 828} 829 830int 831(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) 832{ 833 return (ctx->internal->default_verify_callback); 834} 835 836void 837SSL_set_verify(SSL *s, int mode, 838 int (*callback)(int ok, X509_STORE_CTX *ctx)) 839{ 840 s->verify_mode = mode; 841 if (callback != NULL) 842 s->internal->verify_callback = callback; 843} 844 845void 846SSL_set_verify_depth(SSL *s, int depth) 847{ 848 X509_VERIFY_PARAM_set_depth(s->param, depth); 849} 850 851void 852SSL_set_read_ahead(SSL *s, int yes) 853{ 854 s->internal->read_ahead = yes; 855} 856 857int 858SSL_get_read_ahead(const SSL *s) 859{ 860 return (s->internal->read_ahead); 861} 862 863int 864SSL_pending(const SSL *s) 865{ 866 return (s->method->ssl_pending(s)); 867} 868 869X509 * 870SSL_get_peer_certificate(const SSL *s) 871{ 872 X509 *cert; 873 874 if (s == NULL || s->session == NULL) 875 return NULL; 876 877 if ((cert = s->session->peer_cert) == NULL) 878 return NULL; 879 880 X509_up_ref(cert); 881 882 return cert; 883} 884 885STACK_OF(X509) * 886SSL_get_peer_cert_chain(const SSL *s) 887{ 888 if (s == NULL || s->session == NULL) 889 return NULL; 890 891 /* 892 * If we are a client, cert_chain includes the peer's own 893 * certificate; if we are a server, it does not. 894 */ 895 return s->session->cert_chain; 896} 897 898STACK_OF(X509) * 899SSL_get0_verified_chain(const SSL *s) 900{ 901 return s->internal->verified_chain; 902} 903 904/* 905 * Now in theory, since the calling process own 't' it should be safe to 906 * modify. We need to be able to read f without being hassled 907 */ 908int 909SSL_copy_session_id(SSL *t, const SSL *f) 910{ 911 SSL_CERT *tmp; 912 913 /* Do we need to do SSL locking? */ 914 if (!SSL_set_session(t, SSL_get_session(f))) 915 return 0; 916 917 /* What if we are set up for one protocol but want to talk another? */ 918 if (t->method != f->method) { 919 t->method->ssl_free(t); 920 t->method = f->method; 921 if (!t->method->ssl_new(t)) 922 return 0; 923 } 924 925 tmp = t->cert; 926 if (f->cert != NULL) { 927 CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); 928 t->cert = f->cert; 929 } else 930 t->cert = NULL; 931 ssl_cert_free(tmp); 932 933 if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) 934 return 0; 935 936 return 1; 937} 938 939/* Fix this so it checks all the valid key/cert options */ 940int 941SSL_CTX_check_private_key(const SSL_CTX *ctx) 942{ 943 if ((ctx == NULL) || (ctx->internal->cert == NULL) || 944 (ctx->internal->cert->key->x509 == NULL)) { 945 SSLerrorx(SSL_R_NO_CERTIFICATE_ASSIGNED); 946 return (0); 947 } 948 if (ctx->internal->cert->key->privatekey == NULL) { 949 SSLerrorx(SSL_R_NO_PRIVATE_KEY_ASSIGNED); 950 return (0); 951 } 952 return (X509_check_private_key(ctx->internal->cert->key->x509, 953 ctx->internal->cert->key->privatekey)); 954} 955 956/* Fix this function so that it takes an optional type parameter */ 957int 958SSL_check_private_key(const SSL *ssl) 959{ 960 if (ssl == NULL) { 961 SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); 962 return (0); 963 } 964 if (ssl->cert == NULL) { 965 SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED); 966 return (0); 967 } 968 if (ssl->cert->key->x509 == NULL) { 969 SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED); 970 return (0); 971 } 972 if (ssl->cert->key->privatekey == NULL) { 973 SSLerror(ssl, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 974 return (0); 975 } 976 return (X509_check_private_key(ssl->cert->key->x509, 977 ssl->cert->key->privatekey)); 978} 979 980int 981SSL_accept(SSL *s) 982{ 983 if (s->internal->handshake_func == NULL) 984 SSL_set_accept_state(s); /* Not properly initialized yet */ 985 986 return (s->method->ssl_accept(s)); 987} 988 989int 990SSL_connect(SSL *s) 991{ 992 if (s->internal->handshake_func == NULL) 993 SSL_set_connect_state(s); /* Not properly initialized yet */ 994 995 return (s->method->ssl_connect(s)); 996} 997 998int 999SSL_is_dtls(const SSL *s) 1000{ 1001 return s->method->dtls; 1002} 1003 1004int 1005SSL_is_server(const SSL *s) 1006{ 1007 return s->server; 1008} 1009 1010static long 1011ssl_get_default_timeout() 1012{ 1013 /* 1014 * 2 hours, the 24 hours mentioned in the TLSv1 spec 1015 * is way too long for http, the cache would over fill. 1016 */ 1017 return (2 * 60 * 60); 1018} 1019 1020long 1021SSL_get_default_timeout(const SSL *s) 1022{ 1023 return (ssl_get_default_timeout()); 1024} 1025 1026int 1027SSL_read(SSL *s, void *buf, int num) 1028{ 1029 if (num < 0) { 1030 SSLerror(s, SSL_R_BAD_LENGTH); 1031 return -1; 1032 } 1033 1034 if (s->internal->handshake_func == NULL) { 1035 SSLerror(s, SSL_R_UNINITIALIZED); 1036 return (-1); 1037 } 1038 1039 if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { 1040 s->internal->rwstate = SSL_NOTHING; 1041 return (0); 1042 } 1043 return ssl3_read(s, buf, num); 1044} 1045 1046int 1047SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read) 1048{ 1049 int ret; 1050 1051 /* We simply don't bother supporting enormous reads */ 1052 if (num > INT_MAX) { 1053 SSLerror(s, SSL_R_BAD_LENGTH); 1054 return 0; 1055 } 1056 1057 ret = SSL_read(s, buf, (int)num); 1058 if (ret < 0) 1059 ret = 0; 1060 *bytes_read = ret; 1061 1062 return ret > 0; 1063} 1064 1065int 1066SSL_peek(SSL *s, void *buf, int num) 1067{ 1068 if (num < 0) { 1069 SSLerror(s, SSL_R_BAD_LENGTH); 1070 return -1; 1071 } 1072 1073 if (s->internal->handshake_func == NULL) { 1074 SSLerror(s, SSL_R_UNINITIALIZED); 1075 return (-1); 1076 } 1077 1078 if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { 1079 return (0); 1080 } 1081 return ssl3_peek(s, buf, num); 1082} 1083 1084int 1085SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked) 1086{ 1087 int ret; 1088 1089 /* We simply don't bother supporting enormous peeks */ 1090 if (num > INT_MAX) { 1091 SSLerror(s, SSL_R_BAD_LENGTH); 1092 return 0; 1093 } 1094 1095 ret = SSL_peek(s, buf, (int)num); 1096 if (ret < 0) 1097 ret = 0; 1098 *bytes_peeked = ret; 1099 1100 return ret > 0; 1101} 1102 1103int 1104SSL_write(SSL *s, const void *buf, int num) 1105{ 1106 if (num < 0) { 1107 SSLerror(s, SSL_R_BAD_LENGTH); 1108 return -1; 1109 } 1110 1111 if (s->internal->handshake_func == NULL) { 1112 SSLerror(s, SSL_R_UNINITIALIZED); 1113 return (-1); 1114 } 1115 1116 if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { 1117 s->internal->rwstate = SSL_NOTHING; 1118 SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN); 1119 return (-1); 1120 } 1121 return ssl3_write(s, buf, num); 1122} 1123 1124int 1125SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written) 1126{ 1127 int ret; 1128 1129 /* We simply don't bother supporting enormous writes */ 1130 if (num > INT_MAX) { 1131 SSLerror(s, SSL_R_BAD_LENGTH); 1132 return 0; 1133 } 1134 1135 if (num == 0) { 1136 /* This API is special */ 1137 bytes_written = 0; 1138 return 1; 1139 } 1140 1141 ret = SSL_write(s, buf, (int)num); 1142 if (ret < 0) 1143 ret = 0; 1144 *bytes_written = ret; 1145 1146 return ret > 0; 1147} 1148 1149uint32_t 1150SSL_CTX_get_max_early_data(const SSL_CTX *ctx) 1151{ 1152 return 0; 1153} 1154 1155int 1156SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data) 1157{ 1158 return 1; 1159} 1160 1161uint32_t 1162SSL_get_max_early_data(const SSL *s) 1163{ 1164 return 0; 1165} 1166 1167int 1168SSL_set_max_early_data(SSL *s, uint32_t max_early_data) 1169{ 1170 return 1; 1171} 1172 1173int 1174SSL_get_early_data_status(const SSL *s) 1175{ 1176 return SSL_EARLY_DATA_REJECTED; 1177} 1178 1179int 1180SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) 1181{ 1182 *readbytes = 0; 1183 1184 if (!s->server) { 1185 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1186 return SSL_READ_EARLY_DATA_ERROR; 1187 } 1188 1189 return SSL_READ_EARLY_DATA_FINISH; 1190} 1191 1192int 1193SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) 1194{ 1195 *written = 0; 1196 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1197 return 0; 1198} 1199 1200int 1201SSL_shutdown(SSL *s) 1202{ 1203 /* 1204 * Note that this function behaves differently from what one might 1205 * expect. Return values are 0 for no success (yet), 1206 * 1 for success; but calling it once is usually not enough, 1207 * even if blocking I/O is used (see ssl3_shutdown). 1208 */ 1209 1210 if (s->internal->handshake_func == NULL) { 1211 SSLerror(s, SSL_R_UNINITIALIZED); 1212 return (-1); 1213 } 1214 1215 if (s != NULL && !SSL_in_init(s)) 1216 return (s->method->ssl_shutdown(s)); 1217 1218 return (1); 1219} 1220 1221int 1222SSL_renegotiate(SSL *s) 1223{ 1224 if (s->internal->renegotiate == 0) 1225 s->internal->renegotiate = 1; 1226 1227 s->internal->new_session = 1; 1228 1229 return (s->method->ssl_renegotiate(s)); 1230} 1231 1232int 1233SSL_renegotiate_abbreviated(SSL *s) 1234{ 1235 if (s->internal->renegotiate == 0) 1236 s->internal->renegotiate = 1; 1237 1238 s->internal->new_session = 0; 1239 1240 return (s->method->ssl_renegotiate(s)); 1241} 1242 1243int 1244SSL_renegotiate_pending(SSL *s) 1245{ 1246 /* 1247 * Becomes true when negotiation is requested; 1248 * false again once a handshake has finished. 1249 */ 1250 return (s->internal->renegotiate != 0); 1251} 1252 1253long 1254SSL_ctrl(SSL *s, int cmd, long larg, void *parg) 1255{ 1256 long l; 1257 1258 switch (cmd) { 1259 case SSL_CTRL_GET_READ_AHEAD: 1260 return (s->internal->read_ahead); 1261 case SSL_CTRL_SET_READ_AHEAD: 1262 l = s->internal->read_ahead; 1263 s->internal->read_ahead = larg; 1264 return (l); 1265 1266 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1267 s->internal->msg_callback_arg = parg; 1268 return (1); 1269 1270 case SSL_CTRL_OPTIONS: 1271 return (s->internal->options|=larg); 1272 case SSL_CTRL_CLEAR_OPTIONS: 1273 return (s->internal->options&=~larg); 1274 case SSL_CTRL_MODE: 1275 return (s->internal->mode|=larg); 1276 case SSL_CTRL_CLEAR_MODE: 1277 return (s->internal->mode &=~larg); 1278 case SSL_CTRL_GET_MAX_CERT_LIST: 1279 return (s->internal->max_cert_list); 1280 case SSL_CTRL_SET_MAX_CERT_LIST: 1281 l = s->internal->max_cert_list; 1282 s->internal->max_cert_list = larg; 1283 return (l); 1284 case SSL_CTRL_SET_MTU: 1285#ifndef OPENSSL_NO_DTLS1 1286 if (larg < (long)dtls1_min_mtu()) 1287 return (0); 1288#endif 1289 if (SSL_is_dtls(s)) { 1290 s->d1->mtu = larg; 1291 return (larg); 1292 } 1293 return (0); 1294 case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1295 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1296 return (0); 1297 s->max_send_fragment = larg; 1298 return (1); 1299 case SSL_CTRL_GET_RI_SUPPORT: 1300 if (s->s3) 1301 return (s->s3->send_connection_binding); 1302 else return (0); 1303 default: 1304 if (SSL_is_dtls(s)) 1305 return dtls1_ctrl(s, cmd, larg, parg); 1306 return ssl3_ctrl(s, cmd, larg, parg); 1307 } 1308} 1309 1310long 1311SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 1312{ 1313 switch (cmd) { 1314 case SSL_CTRL_SET_MSG_CALLBACK: 1315 s->internal->msg_callback = (ssl_msg_callback_fn *)(fp); 1316 return (1); 1317 1318 default: 1319 return (ssl3_callback_ctrl(s, cmd, fp)); 1320 } 1321} 1322 1323struct lhash_st_SSL_SESSION * 1324SSL_CTX_sessions(SSL_CTX *ctx) 1325{ 1326 return (ctx->internal->sessions); 1327} 1328 1329long 1330SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 1331{ 1332 long l; 1333 1334 switch (cmd) { 1335 case SSL_CTRL_GET_READ_AHEAD: 1336 return (ctx->internal->read_ahead); 1337 case SSL_CTRL_SET_READ_AHEAD: 1338 l = ctx->internal->read_ahead; 1339 ctx->internal->read_ahead = larg; 1340 return (l); 1341 1342 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1343 ctx->internal->msg_callback_arg = parg; 1344 return (1); 1345 1346 case SSL_CTRL_GET_MAX_CERT_LIST: 1347 return (ctx->internal->max_cert_list); 1348 case SSL_CTRL_SET_MAX_CERT_LIST: 1349 l = ctx->internal->max_cert_list; 1350 ctx->internal->max_cert_list = larg; 1351 return (l); 1352 1353 case SSL_CTRL_SET_SESS_CACHE_SIZE: 1354 l = ctx->internal->session_cache_size; 1355 ctx->internal->session_cache_size = larg; 1356 return (l); 1357 case SSL_CTRL_GET_SESS_CACHE_SIZE: 1358 return (ctx->internal->session_cache_size); 1359 case SSL_CTRL_SET_SESS_CACHE_MODE: 1360 l = ctx->internal->session_cache_mode; 1361 ctx->internal->session_cache_mode = larg; 1362 return (l); 1363 case SSL_CTRL_GET_SESS_CACHE_MODE: 1364 return (ctx->internal->session_cache_mode); 1365 1366 case SSL_CTRL_SESS_NUMBER: 1367 return (lh_SSL_SESSION_num_items(ctx->internal->sessions)); 1368 case SSL_CTRL_SESS_CONNECT: 1369 return (ctx->internal->stats.sess_connect); 1370 case SSL_CTRL_SESS_CONNECT_GOOD: 1371 return (ctx->internal->stats.sess_connect_good); 1372 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: 1373 return (ctx->internal->stats.sess_connect_renegotiate); 1374 case SSL_CTRL_SESS_ACCEPT: 1375 return (ctx->internal->stats.sess_accept); 1376 case SSL_CTRL_SESS_ACCEPT_GOOD: 1377 return (ctx->internal->stats.sess_accept_good); 1378 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: 1379 return (ctx->internal->stats.sess_accept_renegotiate); 1380 case SSL_CTRL_SESS_HIT: 1381 return (ctx->internal->stats.sess_hit); 1382 case SSL_CTRL_SESS_CB_HIT: 1383 return (ctx->internal->stats.sess_cb_hit); 1384 case SSL_CTRL_SESS_MISSES: 1385 return (ctx->internal->stats.sess_miss); 1386 case SSL_CTRL_SESS_TIMEOUTS: 1387 return (ctx->internal->stats.sess_timeout); 1388 case SSL_CTRL_SESS_CACHE_FULL: 1389 return (ctx->internal->stats.sess_cache_full); 1390 case SSL_CTRL_OPTIONS: 1391 return (ctx->internal->options|=larg); 1392 case SSL_CTRL_CLEAR_OPTIONS: 1393 return (ctx->internal->options&=~larg); 1394 case SSL_CTRL_MODE: 1395 return (ctx->internal->mode|=larg); 1396 case SSL_CTRL_CLEAR_MODE: 1397 return (ctx->internal->mode&=~larg); 1398 case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1399 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1400 return (0); 1401 ctx->internal->max_send_fragment = larg; 1402 return (1); 1403 default: 1404 return (ssl3_ctx_ctrl(ctx, cmd, larg, parg)); 1405 } 1406} 1407 1408long 1409SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 1410{ 1411 switch (cmd) { 1412 case SSL_CTRL_SET_MSG_CALLBACK: 1413 ctx->internal->msg_callback = (ssl_msg_callback_fn *)fp; 1414 return (1); 1415 1416 default: 1417 return (ssl3_ctx_callback_ctrl(ctx, cmd, fp)); 1418 } 1419} 1420 1421int 1422ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) 1423{ 1424 long l; 1425 1426 l = a->id - b->id; 1427 if (l == 0L) 1428 return (0); 1429 else 1430 return ((l > 0) ? 1:-1); 1431} 1432 1433STACK_OF(SSL_CIPHER) * 1434SSL_get_ciphers(const SSL *s) 1435{ 1436 if (s == NULL) 1437 return (NULL); 1438 if (s->cipher_list != NULL) 1439 return (s->cipher_list); 1440 1441 return (s->ctx->cipher_list); 1442} 1443 1444STACK_OF(SSL_CIPHER) * 1445SSL_get_client_ciphers(const SSL *s) 1446{ 1447 if (s == NULL || s->session == NULL || !s->server) 1448 return NULL; 1449 return s->session->ciphers; 1450} 1451 1452STACK_OF(SSL_CIPHER) * 1453SSL_get1_supported_ciphers(SSL *s) 1454{ 1455 STACK_OF(SSL_CIPHER) *supported_ciphers = NULL, *ciphers; 1456 SSL_CIPHER *cipher; 1457 uint16_t min_vers, max_vers; 1458 int i; 1459 1460 if (s == NULL) 1461 return NULL; 1462 if (!ssl_supported_tls_version_range(s, &min_vers, &max_vers)) 1463 return NULL; 1464 if ((ciphers = SSL_get_ciphers(s)) == NULL) 1465 return NULL; 1466 if ((supported_ciphers = sk_SSL_CIPHER_new_null()) == NULL) 1467 return NULL; 1468 1469 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 1470 if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) 1471 goto err; 1472 if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers, 1473 max_vers)) 1474 continue; 1475 if (!ssl_security_supported_cipher(s, cipher)) 1476 continue; 1477 if (!sk_SSL_CIPHER_push(supported_ciphers, cipher)) 1478 goto err; 1479 } 1480 1481 if (sk_SSL_CIPHER_num(supported_ciphers) > 0) 1482 return supported_ciphers; 1483 1484 err: 1485 sk_SSL_CIPHER_free(supported_ciphers); 1486 return NULL; 1487} 1488 1489/* See if we have any ECC cipher suites. */ 1490int 1491ssl_has_ecc_ciphers(SSL *s) 1492{ 1493 STACK_OF(SSL_CIPHER) *ciphers; 1494 unsigned long alg_k, alg_a; 1495 SSL_CIPHER *cipher; 1496 int i; 1497 1498 if ((ciphers = SSL_get_ciphers(s)) == NULL) 1499 return 0; 1500 1501 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 1502 cipher = sk_SSL_CIPHER_value(ciphers, i); 1503 1504 alg_k = cipher->algorithm_mkey; 1505 alg_a = cipher->algorithm_auth; 1506 1507 if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) 1508 return 1; 1509 } 1510 1511 return 0; 1512} 1513 1514/* The old interface to get the same thing as SSL_get_ciphers(). */ 1515const char * 1516SSL_get_cipher_list(const SSL *s, int n) 1517{ 1518 STACK_OF(SSL_CIPHER) *ciphers; 1519 const SSL_CIPHER *cipher; 1520 1521 if ((ciphers = SSL_get_ciphers(s)) == NULL) 1522 return (NULL); 1523 if ((cipher = sk_SSL_CIPHER_value(ciphers, n)) == NULL) 1524 return (NULL); 1525 1526 return (cipher->name); 1527} 1528 1529STACK_OF(SSL_CIPHER) * 1530SSL_CTX_get_ciphers(const SSL_CTX *ctx) 1531{ 1532 if (ctx == NULL) 1533 return NULL; 1534 return ctx->cipher_list; 1535} 1536 1537/* Specify the ciphers to be used by default by the SSL_CTX. */ 1538int 1539SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) 1540{ 1541 STACK_OF(SSL_CIPHER) *ciphers; 1542 1543 /* 1544 * ssl_create_cipher_list may return an empty stack if it was unable to 1545 * find a cipher matching the given rule string (for example if the 1546 * rule string specifies a cipher which has been disabled). This is not 1547 * an error as far as ssl_create_cipher_list is concerned, and hence 1548 * ctx->cipher_list has been updated. 1549 */ 1550 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 1551 ctx->internal->cipher_list_tls13, str, ctx->internal->cert); 1552 if (ciphers == NULL) { 1553 return (0); 1554 } else if (sk_SSL_CIPHER_num(ciphers) == 0) { 1555 SSLerrorx(SSL_R_NO_CIPHER_MATCH); 1556 return (0); 1557 } 1558 return (1); 1559} 1560 1561int 1562SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) 1563{ 1564 if (!ssl_parse_ciphersuites(&ctx->internal->cipher_list_tls13, str)) { 1565 SSLerrorx(SSL_R_NO_CIPHER_MATCH); 1566 return 0; 1567 } 1568 if (!ssl_merge_cipherlists(ctx->cipher_list, 1569 ctx->internal->cipher_list_tls13, &ctx->cipher_list)) 1570 return 0; 1571 1572 return 1; 1573} 1574 1575/* Specify the ciphers to be used by the SSL. */ 1576int 1577SSL_set_cipher_list(SSL *s, const char *str) 1578{ 1579 STACK_OF(SSL_CIPHER) *ciphers, *ciphers_tls13; 1580 1581 if ((ciphers_tls13 = s->internal->cipher_list_tls13) == NULL) 1582 ciphers_tls13 = s->ctx->internal->cipher_list_tls13; 1583 1584 /* See comment in SSL_CTX_set_cipher_list. */ 1585 ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, 1586 ciphers_tls13, str, s->cert); 1587 if (ciphers == NULL) { 1588 return (0); 1589 } else if (sk_SSL_CIPHER_num(ciphers) == 0) { 1590 SSLerror(s, SSL_R_NO_CIPHER_MATCH); 1591 return (0); 1592 } 1593 return (1); 1594} 1595 1596int 1597SSL_set_ciphersuites(SSL *s, const char *str) 1598{ 1599 STACK_OF(SSL_CIPHER) *ciphers; 1600 1601 if ((ciphers = s->cipher_list) == NULL) 1602 ciphers = s->ctx->cipher_list; 1603 1604 if (!ssl_parse_ciphersuites(&s->internal->cipher_list_tls13, str)) { 1605 SSLerrorx(SSL_R_NO_CIPHER_MATCH); 1606 return (0); 1607 } 1608 if (!ssl_merge_cipherlists(ciphers, s->internal->cipher_list_tls13, 1609 &s->cipher_list)) 1610 return 0; 1611 1612 return 1; 1613} 1614 1615char * 1616SSL_get_shared_ciphers(const SSL *s, char *buf, int len) 1617{ 1618 STACK_OF(SSL_CIPHER) *client_ciphers, *server_ciphers; 1619 const SSL_CIPHER *cipher; 1620 size_t curlen = 0; 1621 char *end; 1622 int i; 1623 1624 if (!s->server || s->session == NULL || len < 2) 1625 return NULL; 1626 1627 if ((client_ciphers = s->session->ciphers) == NULL) 1628 return NULL; 1629 if ((server_ciphers = SSL_get_ciphers(s)) == NULL) 1630 return NULL; 1631 if (sk_SSL_CIPHER_num(client_ciphers) == 0 || 1632 sk_SSL_CIPHER_num(server_ciphers) == 0) 1633 return NULL; 1634 1635 buf[0] = '\0'; 1636 for (i = 0; i < sk_SSL_CIPHER_num(client_ciphers); i++) { 1637 cipher = sk_SSL_CIPHER_value(client_ciphers, i); 1638 1639 if (sk_SSL_CIPHER_find(server_ciphers, cipher) < 0) 1640 continue; 1641 1642 end = buf + curlen; 1643 if (strlcat(buf, cipher->name, len) >= len || 1644 (curlen = strlcat(buf, ":", len)) >= len) { 1645 /* remove truncated cipher from list */ 1646 *end = '\0'; 1647 break; 1648 } 1649 } 1650 /* remove trailing colon */ 1651 if ((end = strrchr(buf, ':')) != NULL) 1652 *end = '\0'; 1653 return buf; 1654} 1655 1656/* 1657 * Return a servername extension value if provided in Client Hello, or NULL. 1658 * So far, only host_name types are defined (RFC 3546). 1659 */ 1660const char * 1661SSL_get_servername(const SSL *s, const int type) 1662{ 1663 if (type != TLSEXT_NAMETYPE_host_name) 1664 return (NULL); 1665 1666 return (s->session && !s->tlsext_hostname ? 1667 s->session->tlsext_hostname : 1668 s->tlsext_hostname); 1669} 1670 1671int 1672SSL_get_servername_type(const SSL *s) 1673{ 1674 if (s->session && 1675 (!s->tlsext_hostname ? 1676 s->session->tlsext_hostname : s->tlsext_hostname)) 1677 return (TLSEXT_NAMETYPE_host_name); 1678 return (-1); 1679} 1680 1681/* 1682 * SSL_select_next_proto implements standard protocol selection. It is 1683 * expected that this function is called from the callback set by 1684 * SSL_CTX_set_alpn_select_cb. 1685 * 1686 * The protocol data is assumed to be a vector of 8-bit, length prefixed byte 1687 * strings. The length byte itself is not included in the length. A byte 1688 * string of length 0 is invalid. No byte string may be truncated. 1689 * 1690 * It returns either: 1691 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or 1692 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. 1693 */ 1694int 1695SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 1696 const unsigned char *server, unsigned int server_len, 1697 const unsigned char *client, unsigned int client_len) 1698{ 1699 unsigned int i, j; 1700 const unsigned char *result; 1701 int status = OPENSSL_NPN_UNSUPPORTED; 1702 1703 /* 1704 * For each protocol in server preference order, 1705 * see if we support it. 1706 */ 1707 for (i = 0; i < server_len; ) { 1708 for (j = 0; j < client_len; ) { 1709 if (server[i] == client[j] && 1710 memcmp(&server[i + 1], 1711 &client[j + 1], server[i]) == 0) { 1712 /* We found a match */ 1713 result = &server[i]; 1714 status = OPENSSL_NPN_NEGOTIATED; 1715 goto found; 1716 } 1717 j += client[j]; 1718 j++; 1719 } 1720 i += server[i]; 1721 i++; 1722 } 1723 1724 /* There's no overlap between our protocols and the server's list. */ 1725 result = client; 1726 status = OPENSSL_NPN_NO_OVERLAP; 1727 1728 found: 1729 *out = (unsigned char *) result + 1; 1730 *outlen = result[0]; 1731 return (status); 1732} 1733 1734/* SSL_get0_next_proto_negotiated is deprecated. */ 1735void 1736SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, 1737 unsigned int *len) 1738{ 1739 *data = NULL; 1740 *len = 0; 1741} 1742 1743/* SSL_CTX_set_next_protos_advertised_cb is deprecated. */ 1744void 1745SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, 1746 const unsigned char **out, unsigned int *outlen, void *arg), void *arg) 1747{ 1748} 1749 1750/* SSL_CTX_set_next_proto_select_cb is deprecated. */ 1751void 1752SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, 1753 unsigned char **out, unsigned char *outlen, const unsigned char *in, 1754 unsigned int inlen, void *arg), void *arg) 1755{ 1756} 1757 1758/* 1759 * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified 1760 * protocols, which must be in wire-format (i.e. a series of non-empty, 1761 * 8-bit length-prefixed strings). Returns 0 on success. 1762 */ 1763int 1764SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, 1765 unsigned int protos_len) 1766{ 1767 CBS cbs; 1768 int failed = 1; 1769 1770 if (protos == NULL) 1771 protos_len = 0; 1772 1773 CBS_init(&cbs, protos, protos_len); 1774 1775 if (protos_len > 0) { 1776 if (!tlsext_alpn_check_format(&cbs)) 1777 goto err; 1778 } 1779 1780 if (!CBS_stow(&cbs, &ctx->internal->alpn_client_proto_list, 1781 &ctx->internal->alpn_client_proto_list_len)) 1782 goto err; 1783 1784 failed = 0; 1785 1786 err: 1787 /* NOTE: Return values are the reverse of what you expect. */ 1788 return failed; 1789} 1790 1791/* 1792 * SSL_set_alpn_protos sets the ALPN protocol list to the specified 1793 * protocols, which must be in wire-format (i.e. a series of non-empty, 1794 * 8-bit length-prefixed strings). Returns 0 on success. 1795 */ 1796int 1797SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, 1798 unsigned int protos_len) 1799{ 1800 CBS cbs; 1801 int failed = 1; 1802 1803 if (protos == NULL) 1804 protos_len = 0; 1805 1806 CBS_init(&cbs, protos, protos_len); 1807 1808 if (protos_len > 0) { 1809 if (!tlsext_alpn_check_format(&cbs)) 1810 goto err; 1811 } 1812 1813 if (!CBS_stow(&cbs, &ssl->internal->alpn_client_proto_list, 1814 &ssl->internal->alpn_client_proto_list_len)) 1815 goto err; 1816 1817 failed = 0; 1818 1819 err: 1820 /* NOTE: Return values are the reverse of what you expect. */ 1821 return failed; 1822} 1823 1824/* 1825 * SSL_CTX_set_alpn_select_cb sets a callback function that is called during 1826 * ClientHello processing in order to select an ALPN protocol from the 1827 * client's list of offered protocols. 1828 */ 1829void 1830SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx, 1831 int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen, 1832 const unsigned char *in, unsigned int inlen, void *arg), void *arg) 1833{ 1834 ctx->internal->alpn_select_cb = cb; 1835 ctx->internal->alpn_select_cb_arg = arg; 1836} 1837 1838/* 1839 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return 1840 * it sets data to point to len bytes of protocol name (not including the 1841 * leading length-prefix byte). If the server didn't respond with* a negotiated 1842 * protocol then len will be zero. 1843 */ 1844void 1845SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, 1846 unsigned int *len) 1847{ 1848 *data = ssl->s3->alpn_selected; 1849 *len = ssl->s3->alpn_selected_len; 1850} 1851 1852void 1853SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb) 1854{ 1855 return; 1856} 1857 1858int 1859SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1860 const char *label, size_t llen, const unsigned char *p, size_t plen, 1861 int use_context) 1862{ 1863 if (s->internal->tls13 != NULL && s->version == TLS1_3_VERSION) { 1864 if (!use_context) { 1865 p = NULL; 1866 plen = 0; 1867 } 1868 return tls13_exporter(s->internal->tls13, label, llen, p, plen, 1869 out, olen); 1870 } 1871 1872 return (tls1_export_keying_material(s, out, olen, label, llen, p, plen, 1873 use_context)); 1874} 1875 1876static unsigned long 1877ssl_session_hash(const SSL_SESSION *a) 1878{ 1879 unsigned long l; 1880 1881 l = (unsigned long) 1882 ((unsigned int) a->session_id[0] )| 1883 ((unsigned int) a->session_id[1]<< 8L)| 1884 ((unsigned long)a->session_id[2]<<16L)| 1885 ((unsigned long)a->session_id[3]<<24L); 1886 return (l); 1887} 1888 1889/* 1890 * NB: If this function (or indeed the hash function which uses a sort of 1891 * coarser function than this one) is changed, ensure 1892 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being 1893 * able to construct an SSL_SESSION that will collide with any existing session 1894 * with a matching session ID. 1895 */ 1896static int 1897ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) 1898{ 1899 if (a->ssl_version != b->ssl_version) 1900 return (1); 1901 if (a->session_id_length != b->session_id_length) 1902 return (1); 1903 if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0) 1904 return (1); 1905 return (0); 1906} 1907 1908/* 1909 * These wrapper functions should remain rather than redeclaring 1910 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each 1911 * variable. The reason is that the functions aren't static, they're exposed via 1912 * ssl.h. 1913 */ 1914static unsigned long 1915ssl_session_LHASH_HASH(const void *arg) 1916{ 1917 const SSL_SESSION *a = arg; 1918 1919 return ssl_session_hash(a); 1920} 1921 1922static int 1923ssl_session_LHASH_COMP(const void *arg1, const void *arg2) 1924{ 1925 const SSL_SESSION *a = arg1; 1926 const SSL_SESSION *b = arg2; 1927 1928 return ssl_session_cmp(a, b); 1929} 1930 1931SSL_CTX * 1932SSL_CTX_new(const SSL_METHOD *meth) 1933{ 1934 SSL_CTX *ret; 1935 1936 if (!OPENSSL_init_ssl(0, NULL)) { 1937 SSLerrorx(SSL_R_LIBRARY_BUG); 1938 return (NULL); 1939 } 1940 1941 if (meth == NULL) { 1942 SSLerrorx(SSL_R_NULL_SSL_METHOD_PASSED); 1943 return (NULL); 1944 } 1945 1946 if ((ret = calloc(1, sizeof(*ret))) == NULL) { 1947 SSLerrorx(ERR_R_MALLOC_FAILURE); 1948 return (NULL); 1949 } 1950 if ((ret->internal = calloc(1, sizeof(*ret->internal))) == NULL) { 1951 free(ret); 1952 SSLerrorx(ERR_R_MALLOC_FAILURE); 1953 return (NULL); 1954 } 1955 1956 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 1957 SSLerrorx(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 1958 goto err; 1959 } 1960 1961 ret->method = meth; 1962 ret->internal->min_tls_version = meth->min_tls_version; 1963 ret->internal->max_tls_version = meth->max_tls_version; 1964 ret->internal->min_proto_version = 0; 1965 ret->internal->max_proto_version = 0; 1966 ret->internal->mode = SSL_MODE_AUTO_RETRY; 1967 1968 ret->cert_store = NULL; 1969 ret->internal->session_cache_mode = SSL_SESS_CACHE_SERVER; 1970 ret->internal->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 1971 ret->internal->session_cache_head = NULL; 1972 ret->internal->session_cache_tail = NULL; 1973 1974 /* We take the system default */ 1975 ret->session_timeout = ssl_get_default_timeout(); 1976 1977 ret->internal->new_session_cb = 0; 1978 ret->internal->remove_session_cb = 0; 1979 ret->internal->get_session_cb = 0; 1980 ret->internal->generate_session_id = 0; 1981 1982 memset((char *)&ret->internal->stats, 0, sizeof(ret->internal->stats)); 1983 1984 ret->references = 1; 1985 ret->internal->quiet_shutdown = 0; 1986 1987 ret->internal->info_callback = NULL; 1988 1989 ret->internal->app_verify_callback = 0; 1990 ret->internal->app_verify_arg = NULL; 1991 1992 ret->internal->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; 1993 ret->internal->read_ahead = 0; 1994 ret->internal->msg_callback = 0; 1995 ret->internal->msg_callback_arg = NULL; 1996 ret->verify_mode = SSL_VERIFY_NONE; 1997 ret->sid_ctx_length = 0; 1998 ret->internal->default_verify_callback = NULL; 1999 2000 if ((ret->internal->cert = ssl_cert_new()) == NULL) 2001 goto err; 2002 2003 ret->default_passwd_callback = 0; 2004 ret->default_passwd_callback_userdata = NULL; 2005 ret->internal->client_cert_cb = 0; 2006 ret->internal->app_gen_cookie_cb = 0; 2007 ret->internal->app_verify_cookie_cb = 0; 2008 2009 ret->internal->sessions = lh_SSL_SESSION_new(); 2010 if (ret->internal->sessions == NULL) 2011 goto err; 2012 ret->cert_store = X509_STORE_new(); 2013 if (ret->cert_store == NULL) 2014 goto err; 2015 2016 ssl_create_cipher_list(ret->method, &ret->cipher_list, 2017 NULL, SSL_DEFAULT_CIPHER_LIST, ret->internal->cert); 2018 if (ret->cipher_list == NULL || 2019 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { 2020 SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS); 2021 goto err2; 2022 } 2023 2024 ret->param = X509_VERIFY_PARAM_new(); 2025 if (!ret->param) 2026 goto err; 2027 2028 if ((ret->internal->client_CA = sk_X509_NAME_new_null()) == NULL) 2029 goto err; 2030 2031 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->internal->ex_data); 2032 2033 ret->extra_certs = NULL; 2034 2035 ret->internal->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 2036 2037 ret->internal->tlsext_servername_callback = 0; 2038 ret->internal->tlsext_servername_arg = NULL; 2039 2040 /* Setup RFC4507 ticket keys */ 2041 arc4random_buf(ret->internal->tlsext_tick_key_name, 16); 2042 arc4random_buf(ret->internal->tlsext_tick_hmac_key, 16); 2043 arc4random_buf(ret->internal->tlsext_tick_aes_key, 16); 2044 2045 ret->internal->tlsext_status_cb = 0; 2046 ret->internal->tlsext_status_arg = NULL; 2047 2048#ifndef OPENSSL_NO_ENGINE 2049 ret->internal->client_cert_engine = NULL; 2050#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO 2051#define eng_strx(x) #x 2052#define eng_str(x) eng_strx(x) 2053 /* Use specific client engine automatically... ignore errors */ 2054 { 2055 ENGINE *eng; 2056 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 2057 if (!eng) { 2058 ERR_clear_error(); 2059 ENGINE_load_builtin_engines(); 2060 eng = ENGINE_by_id(eng_str( 2061 OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 2062 } 2063 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) 2064 ERR_clear_error(); 2065 } 2066#endif 2067#endif 2068 /* 2069 * Default is to connect to non-RI servers. When RI is more widely 2070 * deployed might change this. 2071 */ 2072 ret->internal->options |= SSL_OP_LEGACY_SERVER_CONNECT; 2073 2074 return (ret); 2075 err: 2076 SSLerrorx(ERR_R_MALLOC_FAILURE); 2077 err2: 2078 SSL_CTX_free(ret); 2079 return (NULL); 2080} 2081 2082void 2083SSL_CTX_free(SSL_CTX *ctx) 2084{ 2085 int i; 2086 2087 if (ctx == NULL) 2088 return; 2089 2090 i = CRYPTO_add(&ctx->references, -1, CRYPTO_LOCK_SSL_CTX); 2091 if (i > 0) 2092 return; 2093 2094 X509_VERIFY_PARAM_free(ctx->param); 2095 2096 /* 2097 * Free internal session cache. However: the remove_cb() may reference 2098 * the ex_data of SSL_CTX, thus the ex_data store can only be removed 2099 * after the sessions were flushed. 2100 * As the ex_data handling routines might also touch the session cache, 2101 * the most secure solution seems to be: empty (flush) the cache, then 2102 * free ex_data, then finally free the cache. 2103 * (See ticket [openssl.org #212].) 2104 */ 2105 if (ctx->internal->sessions != NULL) 2106 SSL_CTX_flush_sessions(ctx, 0); 2107 2108 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ctx, &ctx->internal->ex_data); 2109 2110 lh_SSL_SESSION_free(ctx->internal->sessions); 2111 2112 X509_STORE_free(ctx->cert_store); 2113 sk_SSL_CIPHER_free(ctx->cipher_list); 2114 sk_SSL_CIPHER_free(ctx->internal->cipher_list_tls13); 2115 ssl_cert_free(ctx->internal->cert); 2116 sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free); 2117 sk_X509_pop_free(ctx->extra_certs, X509_free); 2118 2119#ifndef OPENSSL_NO_SRTP 2120 if (ctx->internal->srtp_profiles) 2121 sk_SRTP_PROTECTION_PROFILE_free(ctx->internal->srtp_profiles); 2122#endif 2123 2124#ifndef OPENSSL_NO_ENGINE 2125 ENGINE_finish(ctx->internal->client_cert_engine); 2126#endif 2127 2128 free(ctx->internal->tlsext_ecpointformatlist); 2129 free(ctx->internal->tlsext_supportedgroups); 2130 2131 free(ctx->internal->alpn_client_proto_list); 2132 2133 free(ctx->internal); 2134 free(ctx); 2135} 2136 2137int 2138SSL_CTX_up_ref(SSL_CTX *ctx) 2139{ 2140 int refs = CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 2141 return ((refs > 1) ? 1 : 0); 2142} 2143 2144pem_password_cb * 2145SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) 2146{ 2147 return (ctx->default_passwd_callback); 2148} 2149 2150void 2151SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) 2152{ 2153 ctx->default_passwd_callback = cb; 2154} 2155 2156void * 2157SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) 2158{ 2159 return ctx->default_passwd_callback_userdata; 2160} 2161 2162void 2163SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 2164{ 2165 ctx->default_passwd_callback_userdata = u; 2166} 2167 2168void 2169SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 2170 int (*cb)(X509_STORE_CTX *, void *), void *arg) 2171{ 2172 ctx->internal->app_verify_callback = cb; 2173 ctx->internal->app_verify_arg = arg; 2174} 2175 2176void 2177SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) 2178{ 2179 ctx->verify_mode = mode; 2180 ctx->internal->default_verify_callback = cb; 2181} 2182 2183void 2184SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) 2185{ 2186 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2187} 2188 2189void 2190ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher) 2191{ 2192 unsigned long mask_a, mask_k; 2193 SSL_CERT_PKEY *cpk; 2194 2195 if (c == NULL) 2196 return; 2197 2198 mask_a = SSL_aNULL | SSL_aTLS1_3; 2199 mask_k = SSL_kECDHE | SSL_kTLS1_3; 2200 2201 if (c->dhe_params != NULL || c->dhe_params_cb != NULL || 2202 c->dhe_params_auto != 0) 2203 mask_k |= SSL_kDHE; 2204 2205 cpk = &(c->pkeys[SSL_PKEY_ECC]); 2206 if (cpk->x509 != NULL && cpk->privatekey != NULL) { 2207 /* Key usage, if present, must allow signing. */ 2208 if (X509_get_key_usage(cpk->x509) & X509v3_KU_DIGITAL_SIGNATURE) 2209 mask_a |= SSL_aECDSA; 2210 } 2211 2212 cpk = &(c->pkeys[SSL_PKEY_GOST01]); 2213 if (cpk->x509 != NULL && cpk->privatekey != NULL) { 2214 mask_k |= SSL_kGOST; 2215 mask_a |= SSL_aGOST01; 2216 } 2217 2218 cpk = &(c->pkeys[SSL_PKEY_RSA]); 2219 if (cpk->x509 != NULL && cpk->privatekey != NULL) { 2220 mask_a |= SSL_aRSA; 2221 mask_k |= SSL_kRSA; 2222 } 2223 2224 c->mask_k = mask_k; 2225 c->mask_a = mask_a; 2226 c->valid = 1; 2227} 2228 2229/* See if this handshake is using an ECC cipher suite. */ 2230int 2231ssl_using_ecc_cipher(SSL *s) 2232{ 2233 unsigned long alg_a, alg_k; 2234 2235 alg_a = s->s3->hs.cipher->algorithm_auth; 2236 alg_k = s->s3->hs.cipher->algorithm_mkey; 2237 2238 return s->session->tlsext_ecpointformatlist != NULL && 2239 s->session->tlsext_ecpointformatlist_length > 0 && 2240 ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)); 2241} 2242 2243int 2244ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x) 2245{ 2246 const SSL_CIPHER *cs = s->s3->hs.cipher; 2247 unsigned long alg_a; 2248 2249 alg_a = cs->algorithm_auth; 2250 2251 if (alg_a & SSL_aECDSA) { 2252 /* Key usage, if present, must allow signing. */ 2253 if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) { 2254 SSLerror(s, SSL_R_ECC_CERT_NOT_FOR_SIGNING); 2255 return (0); 2256 } 2257 } 2258 2259 return (1); 2260} 2261 2262SSL_CERT_PKEY * 2263ssl_get_server_send_pkey(const SSL *s) 2264{ 2265 unsigned long alg_a; 2266 SSL_CERT *c; 2267 int i; 2268 2269 c = s->cert; 2270 ssl_set_cert_masks(c, s->s3->hs.cipher); 2271 2272 alg_a = s->s3->hs.cipher->algorithm_auth; 2273 2274 if (alg_a & SSL_aECDSA) { 2275 i = SSL_PKEY_ECC; 2276 } else if (alg_a & SSL_aRSA) { 2277 i = SSL_PKEY_RSA; 2278 } else if (alg_a & SSL_aGOST01) { 2279 i = SSL_PKEY_GOST01; 2280 } else { /* if (alg_a & SSL_aNULL) */ 2281 SSLerror(s, ERR_R_INTERNAL_ERROR); 2282 return (NULL); 2283 } 2284 2285 return (c->pkeys + i); 2286} 2287 2288EVP_PKEY * 2289ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd, 2290 const struct ssl_sigalg **sap) 2291{ 2292 const struct ssl_sigalg *sigalg = NULL; 2293 EVP_PKEY *pkey = NULL; 2294 unsigned long alg_a; 2295 SSL_CERT *c; 2296 int idx = -1; 2297 2298 alg_a = cipher->algorithm_auth; 2299 c = s->cert; 2300 2301 if (alg_a & SSL_aRSA) { 2302 idx = SSL_PKEY_RSA; 2303 } else if ((alg_a & SSL_aECDSA) && 2304 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) 2305 idx = SSL_PKEY_ECC; 2306 if (idx == -1) { 2307 SSLerror(s, ERR_R_INTERNAL_ERROR); 2308 return (NULL); 2309 } 2310 2311 pkey = c->pkeys[idx].privatekey; 2312 if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { 2313 SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); 2314 return (NULL); 2315 } 2316 *pmd = sigalg->md(); 2317 *sap = sigalg; 2318 2319 return (pkey); 2320} 2321 2322size_t 2323ssl_dhe_params_auto_key_bits(SSL *s) 2324{ 2325 SSL_CERT_PKEY *cpk; 2326 int key_bits; 2327 2328 if (s->cert->dhe_params_auto == 2) { 2329 key_bits = 1024; 2330 } else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) { 2331 key_bits = 1024; 2332 if (s->s3->hs.cipher->strength_bits == 256) 2333 key_bits = 3072; 2334 } else { 2335 if ((cpk = ssl_get_server_send_pkey(s)) == NULL) 2336 return 0; 2337 if (cpk->privatekey == NULL || 2338 EVP_PKEY_get0_RSA(cpk->privatekey) == NULL) 2339 return 0; 2340 if ((key_bits = EVP_PKEY_bits(cpk->privatekey)) <= 0) 2341 return 0; 2342 } 2343 2344 return key_bits; 2345} 2346 2347static int 2348ssl_should_update_external_cache(SSL *s, int mode) 2349{ 2350 int cache_mode; 2351 2352 cache_mode = s->session_ctx->internal->session_cache_mode; 2353 2354 /* Don't cache if mode says not to */ 2355 if ((cache_mode & mode) == 0) 2356 return 0; 2357 2358 /* if it is not already cached, cache it */ 2359 if (!s->internal->hit) 2360 return 1; 2361 2362 /* If it's TLS 1.3, do it to match OpenSSL */ 2363 if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) 2364 return 1; 2365 2366 return 0; 2367} 2368 2369static int 2370ssl_should_update_internal_cache(SSL *s, int mode) 2371{ 2372 int cache_mode; 2373 2374 cache_mode = s->session_ctx->internal->session_cache_mode; 2375 2376 /* Don't cache if mode says not to */ 2377 if ((cache_mode & mode) == 0) 2378 return 0; 2379 2380 /* If it is already cached, don't cache it again */ 2381 if (s->internal->hit) 2382 return 0; 2383 2384 if ((cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0) 2385 return 0; 2386 2387 /* If we are lesser than TLS 1.3, Cache it. */ 2388 if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) 2389 return 1; 2390 2391 /* Below this we consider TLS 1.3 or later */ 2392 2393 /* If it's not a server, add it? OpenSSL does this. */ 2394 if (!s->server) 2395 return 1; 2396 2397 /* XXX if we support early data / PSK need to add */ 2398 2399 /* 2400 * If we have the remove session callback, we will want 2401 * to know about this even if it's a stateless ticket 2402 * from 1.3 so we can know when it is removed. 2403 */ 2404 if (s->session_ctx->internal->remove_session_cb != NULL) 2405 return 1; 2406 2407 /* If we have set OP_NO_TICKET, cache it. */ 2408 if ((s->internal->options & SSL_OP_NO_TICKET) != 0) 2409 return 1; 2410 2411 /* Otherwise do not cache */ 2412 return 0; 2413} 2414 2415void 2416ssl_update_cache(SSL *s, int mode) 2417{ 2418 int cache_mode, do_callback; 2419 2420 if (s->session->session_id_length == 0) 2421 return; 2422 2423 cache_mode = s->session_ctx->internal->session_cache_mode; 2424 do_callback = ssl_should_update_external_cache(s, mode); 2425 2426 if (ssl_should_update_internal_cache(s, mode)) { 2427 /* 2428 * XXX should we fail if the add to the internal cache 2429 * fails? OpenSSL doesn't care.. 2430 */ 2431 (void) SSL_CTX_add_session(s->session_ctx, s->session); 2432 } 2433 2434 /* 2435 * Update the "external cache" by calling the new session 2436 * callback if present, even with TLS 1.3 without early data 2437 * "because some application just want to know about the 2438 * creation of a session and aren't doing a full cache". 2439 * Apparently, if they are doing a full cache, they'll have 2440 * some fun, but we endeavour to give application writers the 2441 * same glorious experience they expect from OpenSSL which 2442 * does it this way. 2443 */ 2444 if (do_callback && s->session_ctx->internal->new_session_cb != NULL) { 2445 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); 2446 if (!s->session_ctx->internal->new_session_cb(s, s->session)) 2447 SSL_SESSION_free(s->session); 2448 } 2449 2450 /* Auto flush every 255 connections. */ 2451 if (!(cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR) && 2452 (cache_mode & mode) != 0) { 2453 int connections; 2454 if (mode & SSL_SESS_CACHE_CLIENT) 2455 connections = s->session_ctx->internal->stats.sess_connect_good; 2456 else 2457 connections = s->session_ctx->internal->stats.sess_accept_good; 2458 if ((connections & 0xff) == 0xff) 2459 SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); 2460 } 2461} 2462 2463const SSL_METHOD * 2464SSL_get_ssl_method(SSL *s) 2465{ 2466 return (s->method); 2467} 2468 2469int 2470SSL_set_ssl_method(SSL *s, const SSL_METHOD *method) 2471{ 2472 int (*handshake_func)(SSL *) = NULL; 2473 int ret = 1; 2474 2475 if (s->method == method) 2476 return (ret); 2477 2478 if (s->internal->handshake_func == s->method->ssl_connect) 2479 handshake_func = method->ssl_connect; 2480 else if (s->internal->handshake_func == s->method->ssl_accept) 2481 handshake_func = method->ssl_accept; 2482 2483 if (s->method->version == method->version) { 2484 s->method = method; 2485 } else { 2486 s->method->ssl_free(s); 2487 s->method = method; 2488 ret = s->method->ssl_new(s); 2489 } 2490 s->internal->handshake_func = handshake_func; 2491 2492 return (ret); 2493} 2494 2495int 2496SSL_get_error(const SSL *s, int i) 2497{ 2498 unsigned long l; 2499 int reason; 2500 BIO *bio; 2501 2502 if (i > 0) 2503 return (SSL_ERROR_NONE); 2504 2505 /* 2506 * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake 2507 * etc, where we do encode the error. 2508 */ 2509 if ((l = ERR_peek_error()) != 0) { 2510 if (ERR_GET_LIB(l) == ERR_LIB_SYS) 2511 return (SSL_ERROR_SYSCALL); 2512 else 2513 return (SSL_ERROR_SSL); 2514 } 2515 2516 if (SSL_want_read(s)) { 2517 bio = SSL_get_rbio(s); 2518 if (BIO_should_read(bio)) { 2519 return (SSL_ERROR_WANT_READ); 2520 } else if (BIO_should_write(bio)) { 2521 /* 2522 * This one doesn't make too much sense... We never 2523 * try to write to the rbio, and an application 2524 * program where rbio and wbio are separate couldn't 2525 * even know what it should wait for. However if we 2526 * ever set s->internal->rwstate incorrectly (so that we have 2527 * SSL_want_read(s) instead of SSL_want_write(s)) 2528 * and rbio and wbio *are* the same, this test works 2529 * around that bug; so it might be safer to keep it. 2530 */ 2531 return (SSL_ERROR_WANT_WRITE); 2532 } else if (BIO_should_io_special(bio)) { 2533 reason = BIO_get_retry_reason(bio); 2534 if (reason == BIO_RR_CONNECT) 2535 return (SSL_ERROR_WANT_CONNECT); 2536 else if (reason == BIO_RR_ACCEPT) 2537 return (SSL_ERROR_WANT_ACCEPT); 2538 else 2539 return (SSL_ERROR_SYSCALL); /* unknown */ 2540 } 2541 } 2542 2543 if (SSL_want_write(s)) { 2544 bio = SSL_get_wbio(s); 2545 if (BIO_should_write(bio)) { 2546 return (SSL_ERROR_WANT_WRITE); 2547 } else if (BIO_should_read(bio)) { 2548 /* 2549 * See above (SSL_want_read(s) with 2550 * BIO_should_write(bio)) 2551 */ 2552 return (SSL_ERROR_WANT_READ); 2553 } else if (BIO_should_io_special(bio)) { 2554 reason = BIO_get_retry_reason(bio); 2555 if (reason == BIO_RR_CONNECT) 2556 return (SSL_ERROR_WANT_CONNECT); 2557 else if (reason == BIO_RR_ACCEPT) 2558 return (SSL_ERROR_WANT_ACCEPT); 2559 else 2560 return (SSL_ERROR_SYSCALL); 2561 } 2562 } 2563 2564 if (SSL_want_x509_lookup(s)) 2565 return (SSL_ERROR_WANT_X509_LOOKUP); 2566 2567 if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && 2568 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) 2569 return (SSL_ERROR_ZERO_RETURN); 2570 2571 return (SSL_ERROR_SYSCALL); 2572} 2573 2574int 2575SSL_do_handshake(SSL *s) 2576{ 2577 if (s->internal->handshake_func == NULL) { 2578 SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET); 2579 return (-1); 2580 } 2581 2582 s->method->ssl_renegotiate_check(s); 2583 2584 if (!SSL_in_init(s) && !SSL_in_before(s)) 2585 return 1; 2586 2587 return s->internal->handshake_func(s); 2588} 2589 2590/* 2591 * For the next 2 functions, SSL_clear() sets shutdown and so 2592 * one of these calls will reset it 2593 */ 2594void 2595SSL_set_accept_state(SSL *s) 2596{ 2597 s->server = 1; 2598 s->internal->shutdown = 0; 2599 s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE; 2600 s->internal->handshake_func = s->method->ssl_accept; 2601 ssl_clear_cipher_state(s); 2602} 2603 2604void 2605SSL_set_connect_state(SSL *s) 2606{ 2607 s->server = 0; 2608 s->internal->shutdown = 0; 2609 s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE; 2610 s->internal->handshake_func = s->method->ssl_connect; 2611 ssl_clear_cipher_state(s); 2612} 2613 2614int 2615ssl_undefined_function(SSL *s) 2616{ 2617 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2618 return (0); 2619} 2620 2621int 2622ssl_undefined_void_function(void) 2623{ 2624 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2625 return (0); 2626} 2627 2628int 2629ssl_undefined_const_function(const SSL *s) 2630{ 2631 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2632 return (0); 2633} 2634 2635const char * 2636ssl_version_string(int ver) 2637{ 2638 switch (ver) { 2639 case TLS1_VERSION: 2640 return (SSL_TXT_TLSV1); 2641 case TLS1_1_VERSION: 2642 return (SSL_TXT_TLSV1_1); 2643 case TLS1_2_VERSION: 2644 return (SSL_TXT_TLSV1_2); 2645 case TLS1_3_VERSION: 2646 return (SSL_TXT_TLSV1_3); 2647 case DTLS1_VERSION: 2648 return (SSL_TXT_DTLS1); 2649 case DTLS1_2_VERSION: 2650 return (SSL_TXT_DTLS1_2); 2651 default: 2652 return ("unknown"); 2653 } 2654} 2655 2656const char * 2657SSL_get_version(const SSL *s) 2658{ 2659 return ssl_version_string(s->version); 2660} 2661 2662SSL * 2663SSL_dup(SSL *s) 2664{ 2665 STACK_OF(X509_NAME) *sk; 2666 X509_NAME *xn; 2667 SSL *ret; 2668 int i; 2669 2670 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) 2671 goto err; 2672 2673 ret->version = s->version; 2674 ret->method = s->method; 2675 2676 if (s->session != NULL) { 2677 if (!SSL_copy_session_id(ret, s)) 2678 goto err; 2679 } else { 2680 /* 2681 * No session has been established yet, so we have to expect 2682 * that s->cert or ret->cert will be changed later -- 2683 * they should not both point to the same object, 2684 * and thus we can't use SSL_copy_session_id. 2685 */ 2686 2687 ret->method->ssl_free(ret); 2688 ret->method = s->method; 2689 ret->method->ssl_new(ret); 2690 2691 ssl_cert_free(ret->cert); 2692 if ((ret->cert = ssl_cert_dup(s->cert)) == NULL) 2693 goto err; 2694 2695 if (!SSL_set_session_id_context(ret, s->sid_ctx, 2696 s->sid_ctx_length)) 2697 goto err; 2698 } 2699 2700 ret->internal->options = s->internal->options; 2701 ret->internal->mode = s->internal->mode; 2702 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); 2703 SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); 2704 ret->internal->msg_callback = s->internal->msg_callback; 2705 ret->internal->msg_callback_arg = s->internal->msg_callback_arg; 2706 SSL_set_verify(ret, SSL_get_verify_mode(s), 2707 SSL_get_verify_callback(s)); 2708 SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); 2709 ret->internal->generate_session_id = s->internal->generate_session_id; 2710 2711 SSL_set_info_callback(ret, SSL_get_info_callback(s)); 2712 2713 ret->internal->debug = s->internal->debug; 2714 2715 /* copy app data, a little dangerous perhaps */ 2716 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, 2717 &ret->internal->ex_data, &s->internal->ex_data)) 2718 goto err; 2719 2720 /* setup rbio, and wbio */ 2721 if (s->rbio != NULL) { 2722 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) 2723 goto err; 2724 } 2725 if (s->wbio != NULL) { 2726 if (s->wbio != s->rbio) { 2727 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) 2728 goto err; 2729 } else 2730 ret->wbio = ret->rbio; 2731 } 2732 ret->internal->rwstate = s->internal->rwstate; 2733 ret->internal->in_handshake = s->internal->in_handshake; 2734 ret->internal->handshake_func = s->internal->handshake_func; 2735 ret->server = s->server; 2736 ret->internal->renegotiate = s->internal->renegotiate; 2737 ret->internal->new_session = s->internal->new_session; 2738 ret->internal->quiet_shutdown = s->internal->quiet_shutdown; 2739 ret->internal->shutdown = s->internal->shutdown; 2740 /* SSL_dup does not really work at any state, though */ 2741 ret->s3->hs.state = s->s3->hs.state; 2742 ret->internal->rstate = s->internal->rstate; 2743 2744 /* 2745 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, 2746 * ret->init_off 2747 */ 2748 ret->internal->init_num = 0; 2749 2750 ret->internal->hit = s->internal->hit; 2751 2752 X509_VERIFY_PARAM_inherit(ret->param, s->param); 2753 2754 if (s->cipher_list != NULL) { 2755 if ((ret->cipher_list = 2756 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) 2757 goto err; 2758 } 2759 if (s->internal->cipher_list_tls13 != NULL) { 2760 if ((ret->internal->cipher_list_tls13 = 2761 sk_SSL_CIPHER_dup(s->internal->cipher_list_tls13)) == NULL) 2762 goto err; 2763 } 2764 2765 /* Dup the client_CA list */ 2766 if (s->internal->client_CA != NULL) { 2767 if ((sk = sk_X509_NAME_dup(s->internal->client_CA)) == NULL) goto err; 2768 ret->internal->client_CA = sk; 2769 for (i = 0; i < sk_X509_NAME_num(sk); i++) { 2770 xn = sk_X509_NAME_value(sk, i); 2771 if (sk_X509_NAME_set(sk, i, 2772 X509_NAME_dup(xn)) == NULL) { 2773 X509_NAME_free(xn); 2774 goto err; 2775 } 2776 } 2777 } 2778 2779 return ret; 2780 err: 2781 SSL_free(ret); 2782 return NULL; 2783} 2784 2785void 2786ssl_clear_cipher_state(SSL *s) 2787{ 2788 tls12_record_layer_clear_read_state(s->internal->rl); 2789 tls12_record_layer_clear_write_state(s->internal->rl); 2790} 2791 2792void 2793ssl_info_callback(const SSL *s, int type, int value) 2794{ 2795 ssl_info_callback_fn *cb; 2796 2797 if ((cb = s->internal->info_callback) == NULL) 2798 cb = s->ctx->internal->info_callback; 2799 if (cb != NULL) 2800 cb(s, type, value); 2801} 2802 2803void 2804ssl_msg_callback(SSL *s, int is_write, int content_type, 2805 const void *msg_buf, size_t msg_len) 2806{ 2807 if (s->internal->msg_callback != NULL) 2808 s->internal->msg_callback(is_write, s->version, content_type, 2809 msg_buf, msg_len, s, s->internal->msg_callback_arg); 2810} 2811 2812/* Fix this function so that it takes an optional type parameter */ 2813X509 * 2814SSL_get_certificate(const SSL *s) 2815{ 2816 return (s->cert->key->x509); 2817} 2818 2819/* Fix this function so that it takes an optional type parameter */ 2820EVP_PKEY * 2821SSL_get_privatekey(const SSL *s) 2822{ 2823 return (s->cert->key->privatekey); 2824} 2825 2826const SSL_CIPHER * 2827SSL_get_current_cipher(const SSL *s) 2828{ 2829 if ((s->session != NULL) && (s->session->cipher != NULL)) 2830 return (s->session->cipher); 2831 return (NULL); 2832} 2833const void * 2834SSL_get_current_compression(SSL *s) 2835{ 2836 return (NULL); 2837} 2838 2839const void * 2840SSL_get_current_expansion(SSL *s) 2841{ 2842 return (NULL); 2843} 2844 2845size_t 2846SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out) 2847{ 2848 size_t len = sizeof(s->s3->client_random); 2849 2850 if (out == NULL) 2851 return len; 2852 2853 if (len > max_out) 2854 len = max_out; 2855 2856 memcpy(out, s->s3->client_random, len); 2857 2858 return len; 2859} 2860 2861size_t 2862SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out) 2863{ 2864 size_t len = sizeof(s->s3->server_random); 2865 2866 if (out == NULL) 2867 return len; 2868 2869 if (len > max_out) 2870 len = max_out; 2871 2872 memcpy(out, s->s3->server_random, len); 2873 2874 return len; 2875} 2876 2877int 2878ssl_init_wbio_buffer(SSL *s, int push) 2879{ 2880 BIO *bbio; 2881 2882 if (s->bbio == NULL) { 2883 bbio = BIO_new(BIO_f_buffer()); 2884 if (bbio == NULL) 2885 return (0); 2886 s->bbio = bbio; 2887 } else { 2888 bbio = s->bbio; 2889 if (s->bbio == s->wbio) 2890 s->wbio = BIO_pop(s->wbio); 2891 } 2892 (void)BIO_reset(bbio); 2893/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ 2894 if (!BIO_set_read_buffer_size(bbio, 1)) { 2895 SSLerror(s, ERR_R_BUF_LIB); 2896 return (0); 2897 } 2898 if (push) { 2899 if (s->wbio != bbio) 2900 s->wbio = BIO_push(bbio, s->wbio); 2901 } else { 2902 if (s->wbio == bbio) 2903 s->wbio = BIO_pop(bbio); 2904 } 2905 return (1); 2906} 2907 2908void 2909ssl_free_wbio_buffer(SSL *s) 2910{ 2911 if (s == NULL) 2912 return; 2913 2914 if (s->bbio == NULL) 2915 return; 2916 2917 if (s->bbio == s->wbio) { 2918 /* remove buffering */ 2919 s->wbio = BIO_pop(s->wbio); 2920 } 2921 BIO_free(s->bbio); 2922 s->bbio = NULL; 2923} 2924 2925void 2926SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) 2927{ 2928 ctx->internal->quiet_shutdown = mode; 2929} 2930 2931int 2932SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) 2933{ 2934 return (ctx->internal->quiet_shutdown); 2935} 2936 2937void 2938SSL_set_quiet_shutdown(SSL *s, int mode) 2939{ 2940 s->internal->quiet_shutdown = mode; 2941} 2942 2943int 2944SSL_get_quiet_shutdown(const SSL *s) 2945{ 2946 return (s->internal->quiet_shutdown); 2947} 2948 2949void 2950SSL_set_shutdown(SSL *s, int mode) 2951{ 2952 s->internal->shutdown = mode; 2953} 2954 2955int 2956SSL_get_shutdown(const SSL *s) 2957{ 2958 return (s->internal->shutdown); 2959} 2960 2961int 2962SSL_version(const SSL *s) 2963{ 2964 return (s->version); 2965} 2966 2967SSL_CTX * 2968SSL_get_SSL_CTX(const SSL *ssl) 2969{ 2970 return (ssl->ctx); 2971} 2972 2973SSL_CTX * 2974SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) 2975{ 2976 SSL_CERT *new_cert; 2977 2978 if (ctx == NULL) 2979 ctx = ssl->initial_ctx; 2980 if (ssl->ctx == ctx) 2981 return (ssl->ctx); 2982 2983 if ((new_cert = ssl_cert_dup(ctx->internal->cert)) == NULL) 2984 return NULL; 2985 ssl_cert_free(ssl->cert); 2986 ssl->cert = new_cert; 2987 2988 SSL_CTX_up_ref(ctx); 2989 SSL_CTX_free(ssl->ctx); /* decrement reference count */ 2990 ssl->ctx = ctx; 2991 2992 return (ssl->ctx); 2993} 2994 2995int 2996SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 2997{ 2998 return (X509_STORE_set_default_paths(ctx->cert_store)); 2999} 3000 3001int 3002SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 3003 const char *CApath) 3004{ 3005 return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); 3006} 3007 3008int 3009SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len) 3010{ 3011 return (X509_STORE_load_mem(ctx->cert_store, buf, len)); 3012} 3013 3014void 3015SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val)) 3016{ 3017 ssl->internal->info_callback = cb; 3018} 3019 3020void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val) 3021{ 3022 return (ssl->internal->info_callback); 3023} 3024 3025int 3026SSL_state(const SSL *ssl) 3027{ 3028 return (ssl->s3->hs.state); 3029} 3030 3031void 3032SSL_set_state(SSL *ssl, int state) 3033{ 3034 ssl->s3->hs.state = state; 3035} 3036 3037void 3038SSL_set_verify_result(SSL *ssl, long arg) 3039{ 3040 ssl->verify_result = arg; 3041} 3042 3043long 3044SSL_get_verify_result(const SSL *ssl) 3045{ 3046 return (ssl->verify_result); 3047} 3048 3049int 3050SSL_verify_client_post_handshake(SSL *ssl) 3051{ 3052 return 0; 3053} 3054 3055void 3056SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val) 3057{ 3058 return; 3059} 3060 3061void 3062SSL_set_post_handshake_auth(SSL *ssl, int val) 3063{ 3064 return; 3065} 3066 3067int 3068SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 3069 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 3070{ 3071 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, 3072 new_func, dup_func, free_func)); 3073} 3074 3075int 3076SSL_set_ex_data(SSL *s, int idx, void *arg) 3077{ 3078 return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg)); 3079} 3080 3081void * 3082SSL_get_ex_data(const SSL *s, int idx) 3083{ 3084 return (CRYPTO_get_ex_data(&s->internal->ex_data, idx)); 3085} 3086 3087int 3088SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 3089 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 3090{ 3091 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, 3092 new_func, dup_func, free_func)); 3093} 3094 3095int 3096SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) 3097{ 3098 return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg)); 3099} 3100 3101void * 3102SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) 3103{ 3104 return (CRYPTO_get_ex_data(&s->internal->ex_data, idx)); 3105} 3106 3107int 3108ssl_ok(SSL *s) 3109{ 3110 return (1); 3111} 3112 3113X509_STORE * 3114SSL_CTX_get_cert_store(const SSL_CTX *ctx) 3115{ 3116 return (ctx->cert_store); 3117} 3118 3119void 3120SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) 3121{ 3122 X509_STORE_free(ctx->cert_store); 3123 ctx->cert_store = store; 3124} 3125 3126X509 * 3127SSL_CTX_get0_certificate(const SSL_CTX *ctx) 3128{ 3129 if (ctx->internal->cert == NULL) 3130 return NULL; 3131 3132 return ctx->internal->cert->key->x509; 3133} 3134 3135EVP_PKEY * 3136SSL_CTX_get0_privatekey(const SSL_CTX *ctx) 3137{ 3138 if (ctx->internal->cert == NULL) 3139 return NULL; 3140 3141 return ctx->internal->cert->key->privatekey; 3142} 3143 3144int 3145SSL_want(const SSL *s) 3146{ 3147 return (s->internal->rwstate); 3148} 3149 3150void 3151SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, 3152 int keylength)) 3153{ 3154 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); 3155} 3156 3157void 3158SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, 3159 int keylength)) 3160{ 3161 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); 3162} 3163 3164void 3165SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, 3166 int keylength)) 3167{ 3168 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); 3169} 3170 3171void 3172SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, 3173 int keylength)) 3174{ 3175 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); 3176} 3177 3178void 3179SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, 3180 int is_export, int keylength)) 3181{ 3182 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, 3183 (void (*)(void))ecdh); 3184} 3185 3186void 3187SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, 3188 int keylength)) 3189{ 3190 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); 3191} 3192 3193 3194void 3195SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, 3196 int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3197{ 3198 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, 3199 (void (*)(void))cb); 3200} 3201 3202void 3203SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, 3204 int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3205{ 3206 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3207} 3208 3209void 3210SSL_set_debug(SSL *s, int debug) 3211{ 3212 s->internal->debug = debug; 3213} 3214 3215int 3216SSL_cache_hit(SSL *s) 3217{ 3218 return (s->internal->hit); 3219} 3220 3221int 3222SSL_CTX_get_min_proto_version(SSL_CTX *ctx) 3223{ 3224 return ctx->internal->min_proto_version; 3225} 3226 3227int 3228SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) 3229{ 3230 return ssl_version_set_min(ctx->method, version, 3231 ctx->internal->max_tls_version, &ctx->internal->min_tls_version, 3232 &ctx->internal->min_proto_version); 3233} 3234 3235int 3236SSL_CTX_get_max_proto_version(SSL_CTX *ctx) 3237{ 3238 return ctx->internal->max_proto_version; 3239} 3240 3241int 3242SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) 3243{ 3244 return ssl_version_set_max(ctx->method, version, 3245 ctx->internal->min_tls_version, &ctx->internal->max_tls_version, 3246 &ctx->internal->max_proto_version); 3247} 3248 3249int 3250SSL_get_min_proto_version(SSL *ssl) 3251{ 3252 return ssl->internal->min_proto_version; 3253} 3254 3255int 3256SSL_set_min_proto_version(SSL *ssl, uint16_t version) 3257{ 3258 return ssl_version_set_min(ssl->method, version, 3259 ssl->internal->max_tls_version, &ssl->internal->min_tls_version, 3260 &ssl->internal->min_proto_version); 3261} 3262int 3263SSL_get_max_proto_version(SSL *ssl) 3264{ 3265 return ssl->internal->max_proto_version; 3266} 3267 3268int 3269SSL_set_max_proto_version(SSL *ssl, uint16_t version) 3270{ 3271 return ssl_version_set_max(ssl->method, version, 3272 ssl->internal->min_tls_version, &ssl->internal->max_tls_version, 3273 &ssl->internal->max_proto_version); 3274} 3275 3276const SSL_METHOD * 3277SSL_CTX_get_ssl_method(const SSL_CTX *ctx) 3278{ 3279 return ctx->method; 3280} 3281 3282int 3283SSL_CTX_get_security_level(const SSL_CTX *ctx) 3284{ 3285 return ctx->internal->cert->security_level; 3286} 3287 3288void 3289SSL_CTX_set_security_level(SSL_CTX *ctx, int level) 3290{ 3291 ctx->internal->cert->security_level = level; 3292} 3293 3294int 3295SSL_get_security_level(const SSL *ssl) 3296{ 3297 return ssl->cert->security_level; 3298} 3299 3300void 3301SSL_set_security_level(SSL *ssl, int level) 3302{ 3303 ssl->cert->security_level = level; 3304} 3305 3306static int 3307ssl_cipher_id_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) 3308{ 3309 SSL_CIPHER const *a = a_; 3310 SSL_CIPHER const *b = b_; 3311 return ssl_cipher_id_cmp(a, b); 3312} 3313 3314SSL_CIPHER * 3315OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num) 3316{ 3317 return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER), 3318 ssl_cipher_id_cmp_BSEARCH_CMP_FN); 3319} 3320 3321int 3322SSL_is_quic(const SSL *ssl) 3323{ 3324 return ssl->quic_method != NULL; 3325} 3326 3327int 3328SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, 3329 size_t params_len) 3330{ 3331 freezero(ssl->internal->quic_transport_params, 3332 ssl->internal->quic_transport_params_len); 3333 ssl->internal->quic_transport_params = NULL; 3334 ssl->internal->quic_transport_params_len = 0; 3335 3336 if ((ssl->internal->quic_transport_params = malloc(params_len)) == NULL) 3337 return 0; 3338 3339 memcpy(ssl->internal->quic_transport_params, params, params_len); 3340 ssl->internal->quic_transport_params_len = params_len; 3341 3342 return 1; 3343} 3344 3345void 3346SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params, 3347 size_t *out_params_len) 3348{ 3349 *out_params = ssl->s3->peer_quic_transport_params; 3350 *out_params_len = ssl->s3->peer_quic_transport_params_len; 3351} 3352