blob: a7d5d5b22e505db2465e4206bf01688dbc7fc185 [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -07001/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57/* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110/* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114 */
115/* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
117 *
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120 * license.
121 *
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
125 *
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
129 *
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
134 *
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139 * OTHERWISE. */
140
Adam Langley95c29f32014-06-20 12:00:00 -0700141#include <assert.h>
David Benjaminf0ae1702015-04-07 23:05:04 -0400142#include <stdio.h>
143#include <string.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700144
David Benjamin39482a12014-07-20 13:30:15 -0400145#include <openssl/bytestring.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700146#include <openssl/dh.h>
David Benjaminf0ae1702015-04-07 23:05:04 -0400147#include <openssl/err.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700148#include <openssl/lhash.h>
149#include <openssl/mem.h>
150#include <openssl/obj.h>
151#include <openssl/rand.h>
152#include <openssl/x509v3.h>
153
David Benjamin2ee94aa2015-04-07 22:38:30 -0400154#include "internal.h"
David Benjamin546f1a52015-04-15 16:46:09 -0400155#include "../crypto/internal.h"
156
Adam Langley95c29f32014-06-20 12:00:00 -0700157
Adam Langleyfcf25832014-12-18 17:42:32 -0800158/* Some error codes are special. Ensure the make_errors.go script never
159 * regresses this. */
160OPENSSL_COMPILE_ASSERT(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ==
161 SSL_AD_NO_RENEGOTIATION + SSL_AD_REASON_OFFSET,
162 ssl_alert_reason_code_mismatch);
David Benjamine1136082014-09-20 12:28:58 -0400163
David Benjamin1d0a1942015-04-26 15:35:35 -0400164/* kMaxHandshakeSize is the maximum size, in bytes, of a handshake message. */
165static const size_t kMaxHandshakeSize = (1u << 24) - 1;
166
David Benjaminaa585132015-06-29 23:36:17 -0400167static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl =
168 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
169static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl_ctx =
170 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
David Benjamin9f33fc62015-04-15 17:29:53 -0400171
David Benjamin4831c332015-05-16 11:43:13 -0400172int SSL_clear(SSL *ssl) {
173 if (ssl->method == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400174 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_METHOD_SPECIFIED);
Adam Langleyfcf25832014-12-18 17:42:32 -0800175 return 0;
176 }
Adam Langley95c29f32014-06-20 12:00:00 -0700177
David Benjamin4831c332015-05-16 11:43:13 -0400178 if (ssl_clear_bad_session(ssl)) {
179 SSL_SESSION_free(ssl->session);
180 ssl->session = NULL;
Adam Langleyfcf25832014-12-18 17:42:32 -0800181 }
Adam Langley95c29f32014-06-20 12:00:00 -0700182
David Benjamin4831c332015-05-16 11:43:13 -0400183 ssl->hit = 0;
184 ssl->shutdown = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700185
David Benjamin4831c332015-05-16 11:43:13 -0400186 /* SSL_clear may be called before or after the |ssl| is initialized in either
Adam Langleyfcf25832014-12-18 17:42:32 -0800187 * accept or connect state. In the latter case, SSL_clear should preserve the
David Benjamin4831c332015-05-16 11:43:13 -0400188 * half and reset |ssl->state| accordingly. */
189 if (ssl->handshake_func != NULL) {
190 if (ssl->server) {
191 SSL_set_accept_state(ssl);
Adam Langleyfcf25832014-12-18 17:42:32 -0800192 } else {
David Benjamin4831c332015-05-16 11:43:13 -0400193 SSL_set_connect_state(ssl);
Adam Langleyfcf25832014-12-18 17:42:32 -0800194 }
195 } else {
David Benjamin4831c332015-05-16 11:43:13 -0400196 assert(ssl->state == 0);
Adam Langleyfcf25832014-12-18 17:42:32 -0800197 }
Adam Langley95c29f32014-06-20 12:00:00 -0700198
David Benjamin5f387e32015-05-15 22:05:42 -0400199 /* TODO(davidben): Some state on |ssl| is reset both in |SSL_new| and
David Benjamin62fd1622015-01-11 13:30:01 -0500200 * |SSL_clear| because it is per-connection state rather than configuration
David Benjamin4831c332015-05-16 11:43:13 -0400201 * state. Per-connection state should be on |ssl->s3| and |ssl->d1| so it is
David Benjamin62fd1622015-01-11 13:30:01 -0500202 * naturally reset at the right points between |SSL_new|, |SSL_clear|, and
203 * |ssl3_new|. */
204
David Benjamin4831c332015-05-16 11:43:13 -0400205 ssl->rwstate = SSL_NOTHING;
206 ssl->rstate = SSL_ST_READ_HEADER;
Adam Langley95c29f32014-06-20 12:00:00 -0700207
David Benjamin4831c332015-05-16 11:43:13 -0400208 BUF_MEM_free(ssl->init_buf);
209 ssl->init_buf = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700210
David Benjamin4831c332015-05-16 11:43:13 -0400211 ssl->packet = NULL;
212 ssl->packet_length = 0;
David Benjamin62fd1622015-01-11 13:30:01 -0500213
David Benjamin4831c332015-05-16 11:43:13 -0400214 ssl_clear_cipher_ctx(ssl);
Adam Langley95c29f32014-06-20 12:00:00 -0700215
David Benjamin4831c332015-05-16 11:43:13 -0400216 OPENSSL_free(ssl->next_proto_negotiated);
217 ssl->next_proto_negotiated = NULL;
218 ssl->next_proto_negotiated_len = 0;
David Benjamin62fd1622015-01-11 13:30:01 -0500219
David Benjamin4831c332015-05-16 11:43:13 -0400220 /* The ssl->d1->mtu is simultaneously configuration (preserved across
David Benjamin62fd1622015-01-11 13:30:01 -0500221 * clear) and connection-specific state (gets reset).
222 *
223 * TODO(davidben): Avoid this. */
224 unsigned mtu = 0;
David Benjamin4831c332015-05-16 11:43:13 -0400225 if (ssl->d1 != NULL) {
226 mtu = ssl->d1->mtu;
David Benjamin62fd1622015-01-11 13:30:01 -0500227 }
228
David Benjamin4831c332015-05-16 11:43:13 -0400229 ssl->method->ssl_free(ssl);
230 if (!ssl->method->ssl_new(ssl)) {
David Benjamin62fd1622015-01-11 13:30:01 -0500231 return 0;
232 }
David Benjamin4831c332015-05-16 11:43:13 -0400233 ssl->enc_method = ssl3_get_enc_method(ssl->version);
234 assert(ssl->enc_method != NULL);
David Benjamin62fd1622015-01-11 13:30:01 -0500235
David Benjamin4831c332015-05-16 11:43:13 -0400236 if (SSL_IS_DTLS(ssl) && (SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
237 ssl->d1->mtu = mtu;
David Benjamin62fd1622015-01-11 13:30:01 -0500238 }
239
David Benjamin4831c332015-05-16 11:43:13 -0400240 ssl->client_version = ssl->version;
Adam Langley95c29f32014-06-20 12:00:00 -0700241
Adam Langleyfcf25832014-12-18 17:42:32 -0800242 return 1;
243}
Adam Langley95c29f32014-06-20 12:00:00 -0700244
Adam Langleyfcf25832014-12-18 17:42:32 -0800245SSL *SSL_new(SSL_CTX *ctx) {
246 SSL *s;
Adam Langley95c29f32014-06-20 12:00:00 -0700247
Adam Langleyfcf25832014-12-18 17:42:32 -0800248 if (ctx == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400249 OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_CTX);
Adam Langleyfcf25832014-12-18 17:42:32 -0800250 return NULL;
251 }
252 if (ctx->method == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400253 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
Adam Langleyfcf25832014-12-18 17:42:32 -0800254 return NULL;
255 }
Adam Langley95c29f32014-06-20 12:00:00 -0700256
Adam Langleyfcf25832014-12-18 17:42:32 -0800257 s = (SSL *)OPENSSL_malloc(sizeof(SSL));
258 if (s == NULL) {
259 goto err;
260 }
261 memset(s, 0, sizeof(SSL));
Adam Langley95c29f32014-06-20 12:00:00 -0700262
Adam Langleyfcf25832014-12-18 17:42:32 -0800263 s->min_version = ctx->min_version;
264 s->max_version = ctx->max_version;
David Benjamin1eb367c2014-12-12 18:17:51 -0500265
Adam Langleyfcf25832014-12-18 17:42:32 -0800266 s->options = ctx->options;
267 s->mode = ctx->mode;
268 s->max_cert_list = ctx->max_cert_list;
Adam Langley95c29f32014-06-20 12:00:00 -0700269
David Benjamina5a3eeb2015-03-18 20:26:30 -0400270 s->cert = ssl_cert_dup(ctx->cert);
271 if (s->cert == NULL) {
272 goto err;
Adam Langleyfcf25832014-12-18 17:42:32 -0800273 }
Adam Langley95c29f32014-06-20 12:00:00 -0700274
Adam Langleyfcf25832014-12-18 17:42:32 -0800275 s->msg_callback = ctx->msg_callback;
276 s->msg_callback_arg = ctx->msg_callback_arg;
277 s->verify_mode = ctx->verify_mode;
278 s->sid_ctx_length = ctx->sid_ctx_length;
279 assert(s->sid_ctx_length <= sizeof s->sid_ctx);
280 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
281 s->verify_callback = ctx->default_verify_callback;
282 s->generate_session_id = ctx->generate_session_id;
Adam Langley95c29f32014-06-20 12:00:00 -0700283
Adam Langleyfcf25832014-12-18 17:42:32 -0800284 s->param = X509_VERIFY_PARAM_new();
285 if (!s->param) {
286 goto err;
287 }
288 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
289 s->quiet_shutdown = ctx->quiet_shutdown;
290 s->max_send_fragment = ctx->max_send_fragment;
Adam Langley95c29f32014-06-20 12:00:00 -0700291
Adam Langley0b5e3902015-05-15 13:08:38 -0700292 CRYPTO_refcount_inc(&ctx->references);
Adam Langleyfcf25832014-12-18 17:42:32 -0800293 s->ctx = ctx;
Adam Langleyfcf25832014-12-18 17:42:32 -0800294 s->tlsext_ticket_expected = 0;
Adam Langley0b5e3902015-05-15 13:08:38 -0700295 CRYPTO_refcount_inc(&ctx->references);
Adam Langleyfcf25832014-12-18 17:42:32 -0800296 s->initial_ctx = ctx;
297 if (ctx->tlsext_ecpointformatlist) {
298 s->tlsext_ecpointformatlist = BUF_memdup(
299 ctx->tlsext_ecpointformatlist, ctx->tlsext_ecpointformatlist_length);
300 if (!s->tlsext_ecpointformatlist) {
301 goto err;
302 }
303 s->tlsext_ecpointformatlist_length = ctx->tlsext_ecpointformatlist_length;
304 }
Adam Langley95c29f32014-06-20 12:00:00 -0700305
Adam Langleyfcf25832014-12-18 17:42:32 -0800306 if (ctx->tlsext_ellipticcurvelist) {
307 s->tlsext_ellipticcurvelist =
308 BUF_memdup(ctx->tlsext_ellipticcurvelist,
309 ctx->tlsext_ellipticcurvelist_length * 2);
310 if (!s->tlsext_ellipticcurvelist) {
311 goto err;
312 }
313 s->tlsext_ellipticcurvelist_length = ctx->tlsext_ellipticcurvelist_length;
314 }
315 s->next_proto_negotiated = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700316
Adam Langleyfcf25832014-12-18 17:42:32 -0800317 if (s->ctx->alpn_client_proto_list) {
318 s->alpn_client_proto_list = BUF_memdup(s->ctx->alpn_client_proto_list,
319 s->ctx->alpn_client_proto_list_len);
320 if (s->alpn_client_proto_list == NULL) {
321 goto err;
322 }
323 s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
324 }
Adam Langley95c29f32014-06-20 12:00:00 -0700325
Adam Langleyfcf25832014-12-18 17:42:32 -0800326 s->verify_result = X509_V_OK;
327 s->method = ctx->method;
Adam Langley95c29f32014-06-20 12:00:00 -0700328
Adam Langleyfcf25832014-12-18 17:42:32 -0800329 if (!s->method->ssl_new(s)) {
330 goto err;
331 }
332 s->enc_method = ssl3_get_enc_method(s->version);
333 assert(s->enc_method != NULL);
Adam Langley95c29f32014-06-20 12:00:00 -0700334
David Benjamin62fd1622015-01-11 13:30:01 -0500335 s->rwstate = SSL_NOTHING;
336 s->rstate = SSL_ST_READ_HEADER;
Adam Langley95c29f32014-06-20 12:00:00 -0700337
David Benjamin9f33fc62015-04-15 17:29:53 -0400338 CRYPTO_new_ex_data(&g_ex_data_class_ssl, s, &s->ex_data);
Adam Langley95c29f32014-06-20 12:00:00 -0700339
Adam Langleyfcf25832014-12-18 17:42:32 -0800340 s->psk_identity_hint = NULL;
341 if (ctx->psk_identity_hint) {
342 s->psk_identity_hint = BUF_strdup(ctx->psk_identity_hint);
343 if (s->psk_identity_hint == NULL) {
344 goto err;
345 }
346 }
347 s->psk_client_callback = ctx->psk_client_callback;
348 s->psk_server_callback = ctx->psk_server_callback;
Adam Langley95c29f32014-06-20 12:00:00 -0700349
David Benjamin02ddbfd2015-01-11 13:09:11 -0500350 s->tlsext_channel_id_enabled = ctx->tlsext_channel_id_enabled;
351 if (ctx->tlsext_channel_id_private) {
David Benjamin9a10f8f2015-05-05 22:22:40 -0400352 s->tlsext_channel_id_private =
353 EVP_PKEY_up_ref(ctx->tlsext_channel_id_private);
David Benjamin02ddbfd2015-01-11 13:09:11 -0500354 }
355
Adam Langleyfcf25832014-12-18 17:42:32 -0800356 s->signed_cert_timestamps_enabled = s->ctx->signed_cert_timestamps_enabled;
357 s->ocsp_stapling_enabled = s->ctx->ocsp_stapling_enabled;
HÃ¥vard Molland9169c962014-08-14 14:42:37 +0200358
Adam Langleyfcf25832014-12-18 17:42:32 -0800359 return s;
360
Adam Langley95c29f32014-06-20 12:00:00 -0700361err:
David Benjamin2755a3e2015-04-22 16:17:58 -0400362 SSL_free(s);
David Benjamin3570d732015-06-29 00:28:17 -0400363 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langley95c29f32014-06-20 12:00:00 -0700364
Adam Langleyfcf25832014-12-18 17:42:32 -0800365 return NULL;
366}
Adam Langley95c29f32014-06-20 12:00:00 -0700367
Adam Langleyfcf25832014-12-18 17:42:32 -0800368int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const uint8_t *sid_ctx,
369 unsigned int sid_ctx_len) {
370 if (sid_ctx_len > sizeof ctx->sid_ctx) {
David Benjamin3570d732015-06-29 00:28:17 -0400371 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
Adam Langleyfcf25832014-12-18 17:42:32 -0800372 return 0;
373 }
374 ctx->sid_ctx_length = sid_ctx_len;
375 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
Adam Langley95c29f32014-06-20 12:00:00 -0700376
Adam Langleyfcf25832014-12-18 17:42:32 -0800377 return 1;
378}
Adam Langley95c29f32014-06-20 12:00:00 -0700379
Adam Langleyfcf25832014-12-18 17:42:32 -0800380int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx,
381 unsigned int sid_ctx_len) {
382 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
David Benjamin3570d732015-06-29 00:28:17 -0400383 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
Adam Langleyfcf25832014-12-18 17:42:32 -0800384 return 0;
385 }
386 ssl->sid_ctx_length = sid_ctx_len;
387 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
Adam Langley95c29f32014-06-20 12:00:00 -0700388
Adam Langleyfcf25832014-12-18 17:42:32 -0800389 return 1;
390}
Adam Langley95c29f32014-06-20 12:00:00 -0700391
Adam Langleyfcf25832014-12-18 17:42:32 -0800392int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800393 ctx->generate_session_id = cb;
Adam Langleyfcf25832014-12-18 17:42:32 -0800394 return 1;
395}
Adam Langley95c29f32014-06-20 12:00:00 -0700396
Adam Langleyfcf25832014-12-18 17:42:32 -0800397int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800398 ssl->generate_session_id = cb;
Adam Langleyfcf25832014-12-18 17:42:32 -0800399 return 1;
400}
Adam Langley95c29f32014-06-20 12:00:00 -0700401
Adam Langleyfcf25832014-12-18 17:42:32 -0800402int SSL_has_matching_session_id(const SSL *ssl, const uint8_t *id,
403 unsigned int id_len) {
404 /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how we
405 * can "construct" a session to give us the desired check - ie. to find if
406 * there's a session in the hash table that would conflict with any new
407 * session built out of this id/id_len and the ssl_version in use by this
408 * SSL. */
409 SSL_SESSION r, *p;
Adam Langley95c29f32014-06-20 12:00:00 -0700410
Adam Langleyfcf25832014-12-18 17:42:32 -0800411 if (id_len > sizeof r.session_id) {
412 return 0;
413 }
Adam Langley95c29f32014-06-20 12:00:00 -0700414
Adam Langleyfcf25832014-12-18 17:42:32 -0800415 r.ssl_version = ssl->version;
416 r.session_id_length = id_len;
417 memcpy(r.session_id, id, id_len);
Adam Langley95c29f32014-06-20 12:00:00 -0700418
Adam Langley4bdb6e42015-05-15 15:29:21 -0700419 CRYPTO_MUTEX_lock_read(&ssl->ctx->lock);
Adam Langleyfcf25832014-12-18 17:42:32 -0800420 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
Adam Langley4bdb6e42015-05-15 15:29:21 -0700421 CRYPTO_MUTEX_unlock(&ssl->ctx->lock);
Adam Langleyfcf25832014-12-18 17:42:32 -0800422 return p != NULL;
423}
Adam Langley95c29f32014-06-20 12:00:00 -0700424
Adam Langleyfcf25832014-12-18 17:42:32 -0800425int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) {
426 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
427}
428
429int SSL_set_purpose(SSL *s, int purpose) {
430 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
431}
432
433int SSL_CTX_set_trust(SSL_CTX *s, int trust) {
434 return X509_VERIFY_PARAM_set_trust(s->param, trust);
435}
436
437int SSL_set_trust(SSL *s, int trust) {
438 return X509_VERIFY_PARAM_set_trust(s->param, trust);
439}
440
441int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) {
442 return X509_VERIFY_PARAM_set1(ctx->param, vpm);
443}
444
445int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) {
446 return X509_VERIFY_PARAM_set1(ssl->param, vpm);
447}
Adam Langley95c29f32014-06-20 12:00:00 -0700448
Adam Langley858a88d2014-06-20 12:00:00 -0700449void ssl_cipher_preference_list_free(
Adam Langleyfcf25832014-12-18 17:42:32 -0800450 struct ssl_cipher_preference_list_st *cipher_list) {
David Benjamin5d1ec732015-04-22 13:38:00 -0400451 if (cipher_list == NULL) {
452 return;
453 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800454 sk_SSL_CIPHER_free(cipher_list->ciphers);
455 OPENSSL_free(cipher_list->in_group_flags);
456 OPENSSL_free(cipher_list);
457}
Adam Langley858a88d2014-06-20 12:00:00 -0700458
Adam Langleyfcf25832014-12-18 17:42:32 -0800459struct ssl_cipher_preference_list_st *ssl_cipher_preference_list_dup(
460 struct ssl_cipher_preference_list_st *cipher_list) {
461 struct ssl_cipher_preference_list_st *ret = NULL;
462 size_t n = sk_SSL_CIPHER_num(cipher_list->ciphers);
Adam Langley858a88d2014-06-20 12:00:00 -0700463
Adam Langleyfcf25832014-12-18 17:42:32 -0800464 ret = OPENSSL_malloc(sizeof(struct ssl_cipher_preference_list_st));
465 if (!ret) {
466 goto err;
467 }
468
469 ret->ciphers = NULL;
470 ret->in_group_flags = NULL;
471 ret->ciphers = sk_SSL_CIPHER_dup(cipher_list->ciphers);
472 if (!ret->ciphers) {
473 goto err;
474 }
475 ret->in_group_flags = BUF_memdup(cipher_list->in_group_flags, n);
476 if (!ret->in_group_flags) {
477 goto err;
478 }
479
480 return ret;
Adam Langley858a88d2014-06-20 12:00:00 -0700481
482err:
David Benjamin2755a3e2015-04-22 16:17:58 -0400483 ssl_cipher_preference_list_free(ret);
Adam Langleyfcf25832014-12-18 17:42:32 -0800484 return NULL;
485}
Adam Langley858a88d2014-06-20 12:00:00 -0700486
Adam Langleyfcf25832014-12-18 17:42:32 -0800487struct ssl_cipher_preference_list_st *ssl_cipher_preference_list_from_ciphers(
David Benjamin60da0cd2015-05-03 15:21:28 -0400488 STACK_OF(SSL_CIPHER) *ciphers) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800489 struct ssl_cipher_preference_list_st *ret = NULL;
490 size_t n = sk_SSL_CIPHER_num(ciphers);
Adam Langley858a88d2014-06-20 12:00:00 -0700491
Adam Langleyfcf25832014-12-18 17:42:32 -0800492 ret = OPENSSL_malloc(sizeof(struct ssl_cipher_preference_list_st));
493 if (!ret) {
494 goto err;
495 }
496 ret->ciphers = NULL;
497 ret->in_group_flags = NULL;
498 ret->ciphers = sk_SSL_CIPHER_dup(ciphers);
499 if (!ret->ciphers) {
500 goto err;
501 }
502 ret->in_group_flags = OPENSSL_malloc(n);
503 if (!ret->in_group_flags) {
504 goto err;
505 }
506 memset(ret->in_group_flags, 0, n);
507 return ret;
Adam Langley858a88d2014-06-20 12:00:00 -0700508
509err:
David Benjamin2755a3e2015-04-22 16:17:58 -0400510 ssl_cipher_preference_list_free(ret);
Adam Langleyfcf25832014-12-18 17:42:32 -0800511 return NULL;
512}
Adam Langley858a88d2014-06-20 12:00:00 -0700513
Adam Langleyfcf25832014-12-18 17:42:32 -0800514X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) { return ctx->param; }
Adam Langley95c29f32014-06-20 12:00:00 -0700515
Adam Langleyfcf25832014-12-18 17:42:32 -0800516X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) { return ssl->param; }
Adam Langley95c29f32014-06-20 12:00:00 -0700517
David Benjamin7481d392015-07-05 19:38:46 -0400518void SSL_certs_clear(SSL *ssl) { ssl_cert_clear_certs(ssl->cert); }
Adam Langley95c29f32014-06-20 12:00:00 -0700519
David Benjamin4831c332015-05-16 11:43:13 -0400520void SSL_free(SSL *ssl) {
521 if (ssl == NULL) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800522 return;
523 }
Adam Langley95c29f32014-06-20 12:00:00 -0700524
David Benjamin4831c332015-05-16 11:43:13 -0400525 X509_VERIFY_PARAM_free(ssl->param);
Adam Langley95c29f32014-06-20 12:00:00 -0700526
David Benjamin4831c332015-05-16 11:43:13 -0400527 CRYPTO_free_ex_data(&g_ex_data_class_ssl, ssl, &ssl->ex_data);
Adam Langley95c29f32014-06-20 12:00:00 -0700528
David Benjamin4831c332015-05-16 11:43:13 -0400529 if (ssl->bbio != NULL) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800530 /* If the buffering BIO is in place, pop it off */
David Benjamin4831c332015-05-16 11:43:13 -0400531 if (ssl->bbio == ssl->wbio) {
532 ssl->wbio = BIO_pop(ssl->wbio);
Adam Langleyfcf25832014-12-18 17:42:32 -0800533 }
David Benjamin4831c332015-05-16 11:43:13 -0400534 BIO_free(ssl->bbio);
535 ssl->bbio = NULL;
Adam Langleyfcf25832014-12-18 17:42:32 -0800536 }
Adam Langley95c29f32014-06-20 12:00:00 -0700537
David Benjamin4831c332015-05-16 11:43:13 -0400538 int free_wbio = ssl->wbio != ssl->rbio;
539 BIO_free_all(ssl->rbio);
David Benjamin2755a3e2015-04-22 16:17:58 -0400540 if (free_wbio) {
David Benjamin4831c332015-05-16 11:43:13 -0400541 BIO_free_all(ssl->wbio);
Adam Langleyfcf25832014-12-18 17:42:32 -0800542 }
Adam Langley95c29f32014-06-20 12:00:00 -0700543
David Benjamin4831c332015-05-16 11:43:13 -0400544 BUF_MEM_free(ssl->init_buf);
Adam Langley95c29f32014-06-20 12:00:00 -0700545
Adam Langleyfcf25832014-12-18 17:42:32 -0800546 /* add extra stuff */
David Benjamin4831c332015-05-16 11:43:13 -0400547 ssl_cipher_preference_list_free(ssl->cipher_list);
548 sk_SSL_CIPHER_free(ssl->cipher_list_by_id);
Adam Langley95c29f32014-06-20 12:00:00 -0700549
David Benjamin4831c332015-05-16 11:43:13 -0400550 ssl_clear_bad_session(ssl);
551 SSL_SESSION_free(ssl->session);
Adam Langley95c29f32014-06-20 12:00:00 -0700552
David Benjamin4831c332015-05-16 11:43:13 -0400553 ssl_clear_cipher_ctx(ssl);
Adam Langley95c29f32014-06-20 12:00:00 -0700554
David Benjamin4831c332015-05-16 11:43:13 -0400555 ssl_cert_free(ssl->cert);
Adam Langley0289c732014-06-20 12:00:00 -0700556
David Benjamin4831c332015-05-16 11:43:13 -0400557 OPENSSL_free(ssl->tlsext_hostname);
558 SSL_CTX_free(ssl->initial_ctx);
559 OPENSSL_free(ssl->tlsext_ecpointformatlist);
560 OPENSSL_free(ssl->tlsext_ellipticcurvelist);
561 OPENSSL_free(ssl->alpn_client_proto_list);
562 EVP_PKEY_free(ssl->tlsext_channel_id_private);
563 OPENSSL_free(ssl->psk_identity_hint);
564 sk_X509_NAME_pop_free(ssl->client_CA, X509_NAME_free);
565 OPENSSL_free(ssl->next_proto_negotiated);
566 sk_SRTP_PROTECTION_PROFILE_free(ssl->srtp_profiles);
Adam Langley95c29f32014-06-20 12:00:00 -0700567
David Benjamin4831c332015-05-16 11:43:13 -0400568 if (ssl->method != NULL) {
569 ssl->method->ssl_free(ssl);
Adam Langleyfcf25832014-12-18 17:42:32 -0800570 }
David Benjamin4831c332015-05-16 11:43:13 -0400571 SSL_CTX_free(ssl->ctx);
Adam Langley95c29f32014-06-20 12:00:00 -0700572
David Benjamin4831c332015-05-16 11:43:13 -0400573 OPENSSL_free(ssl);
Adam Langleyfcf25832014-12-18 17:42:32 -0800574}
Adam Langley95c29f32014-06-20 12:00:00 -0700575
Adam Langleyfcf25832014-12-18 17:42:32 -0800576void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) {
577 /* If the output buffering BIO is still in place, remove it. */
578 if (s->bbio != NULL) {
579 if (s->wbio == s->bbio) {
580 s->wbio = s->wbio->next_bio;
581 s->bbio->next_bio = NULL;
582 }
583 }
Adam Langley95c29f32014-06-20 12:00:00 -0700584
David Benjamin2755a3e2015-04-22 16:17:58 -0400585 if (s->rbio != rbio) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800586 BIO_free_all(s->rbio);
587 }
David Benjamin2755a3e2015-04-22 16:17:58 -0400588 if (s->wbio != wbio && s->rbio != s->wbio) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800589 BIO_free_all(s->wbio);
590 }
591 s->rbio = rbio;
592 s->wbio = wbio;
593}
Adam Langley95c29f32014-06-20 12:00:00 -0700594
Adam Langleyfcf25832014-12-18 17:42:32 -0800595BIO *SSL_get_rbio(const SSL *s) { return s->rbio; }
Adam Langley95c29f32014-06-20 12:00:00 -0700596
Adam Langleyfcf25832014-12-18 17:42:32 -0800597BIO *SSL_get_wbio(const SSL *s) { return s->wbio; }
Adam Langley95c29f32014-06-20 12:00:00 -0700598
Adam Langleyfcf25832014-12-18 17:42:32 -0800599int SSL_get_fd(const SSL *s) { return SSL_get_rfd(s); }
Adam Langley95c29f32014-06-20 12:00:00 -0700600
Adam Langleyfcf25832014-12-18 17:42:32 -0800601int SSL_get_rfd(const SSL *s) {
602 int ret = -1;
603 BIO *b, *r;
Adam Langley95c29f32014-06-20 12:00:00 -0700604
Adam Langleyfcf25832014-12-18 17:42:32 -0800605 b = SSL_get_rbio(s);
606 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
607 if (r != NULL) {
608 BIO_get_fd(r, &ret);
609 }
610 return ret;
611}
Adam Langley95c29f32014-06-20 12:00:00 -0700612
Adam Langleyfcf25832014-12-18 17:42:32 -0800613int SSL_get_wfd(const SSL *s) {
614 int ret = -1;
615 BIO *b, *r;
Adam Langley95c29f32014-06-20 12:00:00 -0700616
Adam Langleyfcf25832014-12-18 17:42:32 -0800617 b = SSL_get_wbio(s);
618 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
619 if (r != NULL) {
620 BIO_get_fd(r, &ret);
621 }
Adam Langley95c29f32014-06-20 12:00:00 -0700622
Adam Langleyfcf25832014-12-18 17:42:32 -0800623 return ret;
624}
Adam Langley95c29f32014-06-20 12:00:00 -0700625
Adam Langleyfcf25832014-12-18 17:42:32 -0800626int SSL_set_fd(SSL *s, int fd) {
627 int ret = 0;
628 BIO *bio = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700629
Adam Langleyfcf25832014-12-18 17:42:32 -0800630 bio = BIO_new(BIO_s_fd());
Adam Langley95c29f32014-06-20 12:00:00 -0700631
Adam Langleyfcf25832014-12-18 17:42:32 -0800632 if (bio == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400633 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
Adam Langleyfcf25832014-12-18 17:42:32 -0800634 goto err;
635 }
636 BIO_set_fd(bio, fd, BIO_NOCLOSE);
637 SSL_set_bio(s, bio, bio);
638 ret = 1;
Adam Langley95c29f32014-06-20 12:00:00 -0700639
Adam Langley95c29f32014-06-20 12:00:00 -0700640err:
Adam Langleyfcf25832014-12-18 17:42:32 -0800641 return ret;
642}
Adam Langley95c29f32014-06-20 12:00:00 -0700643
Adam Langleyfcf25832014-12-18 17:42:32 -0800644int SSL_set_wfd(SSL *s, int fd) {
645 int ret = 0;
646 BIO *bio = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700647
Adam Langleyfcf25832014-12-18 17:42:32 -0800648 if (s->rbio == NULL || BIO_method_type(s->rbio) != BIO_TYPE_FD ||
649 (int)BIO_get_fd(s->rbio, NULL) != fd) {
650 bio = BIO_new(BIO_s_fd());
Adam Langley95c29f32014-06-20 12:00:00 -0700651
Adam Langleyfcf25832014-12-18 17:42:32 -0800652 if (bio == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400653 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
Adam Langleyfcf25832014-12-18 17:42:32 -0800654 goto err;
655 }
656 BIO_set_fd(bio, fd, BIO_NOCLOSE);
657 SSL_set_bio(s, SSL_get_rbio(s), bio);
658 } else {
659 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
660 }
661
662 ret = 1;
663
Adam Langley95c29f32014-06-20 12:00:00 -0700664err:
Adam Langleyfcf25832014-12-18 17:42:32 -0800665 return ret;
666}
Adam Langley95c29f32014-06-20 12:00:00 -0700667
Adam Langleyfcf25832014-12-18 17:42:32 -0800668int SSL_set_rfd(SSL *s, int fd) {
669 int ret = 0;
670 BIO *bio = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700671
Adam Langleyfcf25832014-12-18 17:42:32 -0800672 if (s->wbio == NULL || BIO_method_type(s->wbio) != BIO_TYPE_FD ||
673 (int)BIO_get_fd(s->wbio, NULL) != fd) {
674 bio = BIO_new(BIO_s_fd());
Adam Langley95c29f32014-06-20 12:00:00 -0700675
Adam Langleyfcf25832014-12-18 17:42:32 -0800676 if (bio == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400677 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
Adam Langleyfcf25832014-12-18 17:42:32 -0800678 goto err;
679 }
680 BIO_set_fd(bio, fd, BIO_NOCLOSE);
681 SSL_set_bio(s, bio, SSL_get_wbio(s));
682 } else {
683 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
684 }
685 ret = 1;
686
Adam Langley95c29f32014-06-20 12:00:00 -0700687err:
Adam Langleyfcf25832014-12-18 17:42:32 -0800688 return ret;
689}
Adam Langley95c29f32014-06-20 12:00:00 -0700690
691/* return length of latest Finished message we sent, copy to 'buf' */
Adam Langleyfcf25832014-12-18 17:42:32 -0800692size_t SSL_get_finished(const SSL *s, void *buf, size_t count) {
693 size_t ret = 0;
694
695 if (s->s3 != NULL) {
696 ret = s->s3->tmp.finish_md_len;
697 if (count > ret) {
698 count = ret;
699 }
700 memcpy(buf, s->s3->tmp.finish_md, count);
701 }
702
703 return ret;
704}
Adam Langley95c29f32014-06-20 12:00:00 -0700705
706/* return length of latest Finished message we expected, copy to 'buf' */
Adam Langleyfcf25832014-12-18 17:42:32 -0800707size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) {
708 size_t ret = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700709
Adam Langleyfcf25832014-12-18 17:42:32 -0800710 if (s->s3 != NULL) {
711 ret = s->s3->tmp.peer_finish_md_len;
712 if (count > ret) {
713 count = ret;
714 }
715 memcpy(buf, s->s3->tmp.peer_finish_md, count);
716 }
Adam Langley95c29f32014-06-20 12:00:00 -0700717
Adam Langleyfcf25832014-12-18 17:42:32 -0800718 return ret;
719}
Adam Langley95c29f32014-06-20 12:00:00 -0700720
Adam Langleyfcf25832014-12-18 17:42:32 -0800721int SSL_get_verify_mode(const SSL *s) { return s->verify_mode; }
Adam Langley95c29f32014-06-20 12:00:00 -0700722
Adam Langleyfcf25832014-12-18 17:42:32 -0800723int SSL_get_verify_depth(const SSL *s) {
724 return X509_VERIFY_PARAM_get_depth(s->param);
725}
Adam Langley95c29f32014-06-20 12:00:00 -0700726
Adam Langleyfcf25832014-12-18 17:42:32 -0800727int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) {
728 return s->verify_callback;
729}
Adam Langley95c29f32014-06-20 12:00:00 -0700730
Adam Langleyfcf25832014-12-18 17:42:32 -0800731int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) { return ctx->verify_mode; }
Adam Langley95c29f32014-06-20 12:00:00 -0700732
Adam Langleyfcf25832014-12-18 17:42:32 -0800733int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) {
734 return X509_VERIFY_PARAM_get_depth(ctx->param);
735}
Adam Langley95c29f32014-06-20 12:00:00 -0700736
Adam Langleyfcf25832014-12-18 17:42:32 -0800737int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) {
738 return ctx->default_verify_callback;
739}
Adam Langley95c29f32014-06-20 12:00:00 -0700740
Adam Langleyfcf25832014-12-18 17:42:32 -0800741void SSL_set_verify(SSL *s, int mode,
742 int (*callback)(int ok, X509_STORE_CTX *ctx)) {
743 s->verify_mode = mode;
744 if (callback != NULL) {
745 s->verify_callback = callback;
746 }
747}
Adam Langley95c29f32014-06-20 12:00:00 -0700748
Adam Langleyfcf25832014-12-18 17:42:32 -0800749void SSL_set_verify_depth(SSL *s, int depth) {
750 X509_VERIFY_PARAM_set_depth(s->param, depth);
751}
Adam Langley95c29f32014-06-20 12:00:00 -0700752
David Benjamin9a41d1b2015-05-16 01:30:09 -0400753int SSL_CTX_get_read_ahead(const SSL_CTX *ctx) { return 0; }
Adam Langley95c29f32014-06-20 12:00:00 -0700754
David Benjamin9a41d1b2015-05-16 01:30:09 -0400755int SSL_get_read_ahead(const SSL *s) { return 0; }
Adam Langley95c29f32014-06-20 12:00:00 -0700756
David Benjamin9a41d1b2015-05-16 01:30:09 -0400757void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { }
David Benjamin61ecccf2015-05-05 09:44:51 -0400758
David Benjamin9a41d1b2015-05-16 01:30:09 -0400759void SSL_set_read_ahead(SSL *s, int yes) { }
David Benjamin61ecccf2015-05-05 09:44:51 -0400760
Adam Langleyfcf25832014-12-18 17:42:32 -0800761int SSL_pending(const SSL *s) {
David Benjamin904dc722015-05-30 16:39:07 -0400762 if (s->rstate == SSL_ST_READ_BODY) {
763 return 0;
764 }
765
766 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length
767 : 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800768}
Adam Langley95c29f32014-06-20 12:00:00 -0700769
Adam Langleyfcf25832014-12-18 17:42:32 -0800770X509 *SSL_get_peer_certificate(const SSL *s) {
771 X509 *r;
Adam Langley95c29f32014-06-20 12:00:00 -0700772
Adam Langleyfcf25832014-12-18 17:42:32 -0800773 if (s == NULL || s->session == NULL) {
774 r = NULL;
775 } else {
776 r = s->session->peer;
777 }
Adam Langley95c29f32014-06-20 12:00:00 -0700778
Adam Langleyfcf25832014-12-18 17:42:32 -0800779 if (r == NULL) {
780 return NULL;
781 }
Adam Langley95c29f32014-06-20 12:00:00 -0700782
Adam Langleyfcf25832014-12-18 17:42:32 -0800783 return X509_up_ref(r);
784}
785
David Benjamin60da0cd2015-05-03 15:21:28 -0400786STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) {
787 STACK_OF(X509) *r;
Adam Langleyfcf25832014-12-18 17:42:32 -0800788
789 if (s == NULL || s->session == NULL || s->session->sess_cert == NULL) {
790 r = NULL;
791 } else {
792 r = s->session->sess_cert->cert_chain;
793 }
794
795 /* If we are a client, cert_chain includes the peer's own certificate; if we
796 * are a server, it does not. */
797 return r;
798}
Adam Langley95c29f32014-06-20 12:00:00 -0700799
Adam Langley95c29f32014-06-20 12:00:00 -0700800/* Fix this so it checks all the valid key/cert options */
Adam Langleyfcf25832014-12-18 17:42:32 -0800801int SSL_CTX_check_private_key(const SSL_CTX *ctx) {
David Benjamind1d80782015-07-05 11:54:09 -0400802 if (ctx == NULL || ctx->cert == NULL || ctx->cert->x509 == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400803 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
Adam Langleyfcf25832014-12-18 17:42:32 -0800804 return 0;
805 }
806
David Benjamind1d80782015-07-05 11:54:09 -0400807 if (ctx->cert->privatekey == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400808 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
Adam Langleyfcf25832014-12-18 17:42:32 -0800809 return 0;
810 }
811
David Benjamind1d80782015-07-05 11:54:09 -0400812 return X509_check_private_key(ctx->cert->x509, ctx->cert->privatekey);
Adam Langleyfcf25832014-12-18 17:42:32 -0800813}
Adam Langley95c29f32014-06-20 12:00:00 -0700814
815/* Fix this function so that it takes an optional type parameter */
Adam Langleyfcf25832014-12-18 17:42:32 -0800816int SSL_check_private_key(const SSL *ssl) {
817 if (ssl == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400818 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
Adam Langleyfcf25832014-12-18 17:42:32 -0800819 return 0;
820 }
Adam Langley95c29f32014-06-20 12:00:00 -0700821
Adam Langleyfcf25832014-12-18 17:42:32 -0800822 if (ssl->cert == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400823 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
Adam Langleyfcf25832014-12-18 17:42:32 -0800824 return 0;
825 }
Adam Langley95c29f32014-06-20 12:00:00 -0700826
David Benjamind1d80782015-07-05 11:54:09 -0400827 if (ssl->cert->x509 == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400828 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
Adam Langleyfcf25832014-12-18 17:42:32 -0800829 return 0;
830 }
David Benjamin0b145c22014-11-26 20:10:09 -0500831
David Benjamind1d80782015-07-05 11:54:09 -0400832 if (ssl->cert->privatekey == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400833 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
Adam Langleyfcf25832014-12-18 17:42:32 -0800834 return 0;
835 }
Adam Langley95c29f32014-06-20 12:00:00 -0700836
David Benjamind1d80782015-07-05 11:54:09 -0400837 return X509_check_private_key(ssl->cert->x509, ssl->cert->privatekey);
Adam Langleyfcf25832014-12-18 17:42:32 -0800838}
Adam Langley95c29f32014-06-20 12:00:00 -0700839
Adam Langleyfcf25832014-12-18 17:42:32 -0800840int SSL_accept(SSL *s) {
841 if (s->handshake_func == 0) {
842 /* Not properly initialized yet */
843 SSL_set_accept_state(s);
844 }
David Benjamin0b145c22014-11-26 20:10:09 -0500845
Adam Langleyfcf25832014-12-18 17:42:32 -0800846 if (s->handshake_func != s->method->ssl_accept) {
David Benjamin3570d732015-06-29 00:28:17 -0400847 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
Adam Langleyfcf25832014-12-18 17:42:32 -0800848 return -1;
849 }
Adam Langley95c29f32014-06-20 12:00:00 -0700850
Adam Langleyfcf25832014-12-18 17:42:32 -0800851 return s->handshake_func(s);
852}
Adam Langley95c29f32014-06-20 12:00:00 -0700853
Adam Langleyfcf25832014-12-18 17:42:32 -0800854int SSL_connect(SSL *s) {
855 if (s->handshake_func == 0) {
856 /* Not properly initialized yet */
857 SSL_set_connect_state(s);
858 }
Adam Langley95c29f32014-06-20 12:00:00 -0700859
Adam Langleyfcf25832014-12-18 17:42:32 -0800860 if (s->handshake_func != s->method->ssl_connect) {
David Benjamin3570d732015-06-29 00:28:17 -0400861 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
Adam Langleyfcf25832014-12-18 17:42:32 -0800862 return -1;
863 }
Adam Langley95c29f32014-06-20 12:00:00 -0700864
Adam Langleyfcf25832014-12-18 17:42:32 -0800865 return s->handshake_func(s);
866}
Adam Langley95c29f32014-06-20 12:00:00 -0700867
Adam Langleyfcf25832014-12-18 17:42:32 -0800868long SSL_get_default_timeout(const SSL *s) {
869 return SSL_DEFAULT_SESSION_TIMEOUT;
870}
Adam Langley95c29f32014-06-20 12:00:00 -0700871
Adam Langleyfcf25832014-12-18 17:42:32 -0800872int SSL_read(SSL *s, void *buf, int num) {
873 if (s->handshake_func == 0) {
David Benjamin3570d732015-06-29 00:28:17 -0400874 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
Adam Langleyfcf25832014-12-18 17:42:32 -0800875 return -1;
876 }
Adam Langley95c29f32014-06-20 12:00:00 -0700877
Adam Langleyfcf25832014-12-18 17:42:32 -0800878 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
879 s->rwstate = SSL_NOTHING;
880 return 0;
881 }
Adam Langley95c29f32014-06-20 12:00:00 -0700882
David Benjamin904dc722015-05-30 16:39:07 -0400883 ERR_clear_system_error();
884 return s->method->ssl_read_app_data(s, buf, num, 0);
Adam Langleyfcf25832014-12-18 17:42:32 -0800885}
Adam Langley95c29f32014-06-20 12:00:00 -0700886
Adam Langleyfcf25832014-12-18 17:42:32 -0800887int SSL_peek(SSL *s, void *buf, int num) {
888 if (s->handshake_func == 0) {
David Benjamin3570d732015-06-29 00:28:17 -0400889 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
Adam Langleyfcf25832014-12-18 17:42:32 -0800890 return -1;
891 }
Adam Langley95c29f32014-06-20 12:00:00 -0700892
Adam Langleyfcf25832014-12-18 17:42:32 -0800893 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
894 return 0;
895 }
Adam Langley95c29f32014-06-20 12:00:00 -0700896
David Benjamin904dc722015-05-30 16:39:07 -0400897 ERR_clear_system_error();
898 return s->method->ssl_read_app_data(s, buf, num, 1);
Adam Langleyfcf25832014-12-18 17:42:32 -0800899}
Adam Langley95c29f32014-06-20 12:00:00 -0700900
Adam Langleyfcf25832014-12-18 17:42:32 -0800901int SSL_write(SSL *s, const void *buf, int num) {
902 if (s->handshake_func == 0) {
David Benjamin3570d732015-06-29 00:28:17 -0400903 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
Adam Langleyfcf25832014-12-18 17:42:32 -0800904 return -1;
905 }
Adam Langley95c29f32014-06-20 12:00:00 -0700906
Adam Langleyfcf25832014-12-18 17:42:32 -0800907 if (s->shutdown & SSL_SENT_SHUTDOWN) {
908 s->rwstate = SSL_NOTHING;
David Benjamin3570d732015-06-29 00:28:17 -0400909 OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
Adam Langleyfcf25832014-12-18 17:42:32 -0800910 return -1;
911 }
Adam Langley95c29f32014-06-20 12:00:00 -0700912
David Benjamin904dc722015-05-30 16:39:07 -0400913 ERR_clear_system_error();
914 return s->method->ssl_write_app_data(s, buf, num);
Adam Langleyfcf25832014-12-18 17:42:32 -0800915}
Adam Langley95c29f32014-06-20 12:00:00 -0700916
Adam Langleyfcf25832014-12-18 17:42:32 -0800917int SSL_shutdown(SSL *s) {
918 /* Note that this function behaves differently from what one might expect.
919 * Return values are 0 for no success (yet), 1 for success; but calling it
920 * once is usually not enough, even if blocking I/O is used (see
921 * ssl3_shutdown). */
Adam Langley95c29f32014-06-20 12:00:00 -0700922
Adam Langleyfcf25832014-12-18 17:42:32 -0800923 if (s->handshake_func == 0) {
David Benjamin3570d732015-06-29 00:28:17 -0400924 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
Adam Langleyfcf25832014-12-18 17:42:32 -0800925 return -1;
926 }
Adam Langley95c29f32014-06-20 12:00:00 -0700927
David Benjamin904dc722015-05-30 16:39:07 -0400928 if (SSL_in_init(s)) {
929 return 1;
Adam Langleyfcf25832014-12-18 17:42:32 -0800930 }
Adam Langley95c29f32014-06-20 12:00:00 -0700931
David Benjamin904dc722015-05-30 16:39:07 -0400932 /* Do nothing if configured not to send a close_notify. */
933 if (s->quiet_shutdown) {
934 s->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;
935 return 1;
936 }
937
938 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
939 s->shutdown |= SSL_SENT_SHUTDOWN;
940 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
941
942 /* our shutdown alert has been sent now, and if it still needs to be
943 * written, s->s3->alert_dispatch will be true */
944 if (s->s3->alert_dispatch) {
945 return -1; /* return WANT_WRITE */
946 }
947 } else if (s->s3->alert_dispatch) {
948 /* resend it if not sent */
949 int ret = s->method->ssl_dispatch_alert(s);
950 if (ret == -1) {
951 /* we only get to return -1 here the 2nd/Nth invocation, we must have
952 * already signalled return 0 upon a previous invoation, return
953 * WANT_WRITE */
954 return ret;
955 }
956 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
957 /* If we are waiting for a close from our peer, we are closed */
958 s->method->ssl_read_close_notify(s);
959 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
960 return -1; /* return WANT_READ */
961 }
962 }
963
964 if (s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN) &&
965 !s->s3->alert_dispatch) {
966 return 1;
967 } else {
968 return 0;
969 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800970}
Adam Langley95c29f32014-06-20 12:00:00 -0700971
David Benjamin44d3eed2015-05-21 01:29:55 -0400972int SSL_renegotiate(SSL *ssl) {
973 /* Caller-initiated renegotiation is not supported. */
David Benjamin3570d732015-06-29 00:28:17 -0400974 OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
David Benjamin44d3eed2015-05-21 01:29:55 -0400975 return 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800976}
Adam Langley95c29f32014-06-20 12:00:00 -0700977
David Benjamin44d3eed2015-05-21 01:29:55 -0400978int SSL_renegotiate_pending(SSL *ssl) {
979 return SSL_in_init(ssl) && ssl->s3->initial_handshake_complete;
Adam Langleyfcf25832014-12-18 17:42:32 -0800980}
Adam Langley95c29f32014-06-20 12:00:00 -0700981
David Benjamin61ecccf2015-05-05 09:44:51 -0400982uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) {
983 ctx->options |= options;
984 return ctx->options;
985}
986
987uint32_t SSL_set_options(SSL *ssl, uint32_t options) {
988 ssl->options |= options;
989 return ssl->options;
990}
991
992uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options) {
993 ctx->options &= ~options;
994 return ctx->options;
995}
996
997uint32_t SSL_clear_options(SSL *ssl, uint32_t options) {
998 ssl->options &= ~options;
999 return ssl->options;
1000}
1001
1002uint32_t SSL_CTX_get_options(const SSL_CTX *ctx) { return ctx->options; }
1003
1004uint32_t SSL_get_options(const SSL *ssl) { return ssl->options; }
1005
1006uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode) {
1007 ctx->mode |= mode;
1008 return ctx->mode;
1009}
1010
1011uint32_t SSL_set_mode(SSL *ssl, uint32_t mode) {
1012 ssl->mode |= mode;
1013 return ssl->mode;
1014}
1015
1016uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode) {
1017 ctx->mode &= ~mode;
1018 return ctx->mode;
1019}
1020
1021uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode) {
1022 ssl->mode &= ~mode;
1023 return ssl->mode;
1024}
1025
1026uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx) { return ctx->mode; }
1027
1028uint32_t SSL_get_mode(const SSL *ssl) { return ssl->mode; }
1029
David Benjamin1d0a1942015-04-26 15:35:35 -04001030size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx) {
1031 return ctx->max_cert_list;
1032}
1033
1034void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, size_t max_cert_list) {
1035 if (max_cert_list > kMaxHandshakeSize) {
1036 max_cert_list = kMaxHandshakeSize;
1037 }
1038 ctx->max_cert_list = (uint32_t)max_cert_list;
1039}
1040
1041size_t SSL_get_max_cert_list(const SSL *ssl) {
1042 return ssl->max_cert_list;
1043}
1044
1045void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) {
1046 if (max_cert_list > kMaxHandshakeSize) {
1047 max_cert_list = kMaxHandshakeSize;
1048 }
1049 ssl->max_cert_list = (uint32_t)max_cert_list;
1050}
1051
1052void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) {
1053 if (max_send_fragment < 512) {
1054 max_send_fragment = 512;
1055 }
1056 if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
1057 max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1058 }
1059 ctx->max_send_fragment = (uint16_t)max_send_fragment;
1060}
1061
1062void SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) {
1063 if (max_send_fragment < 512) {
1064 max_send_fragment = 512;
1065 }
1066 if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
1067 max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1068 }
1069 ssl->max_send_fragment = (uint16_t)max_send_fragment;
1070}
1071
David Benjamincb9cf792015-05-05 09:46:14 -04001072int SSL_set_mtu(SSL *ssl, unsigned mtu) {
1073 if (!SSL_IS_DTLS(ssl) || mtu < dtls1_min_mtu()) {
1074 return 0;
Adam Langleyfcf25832014-12-18 17:42:32 -08001075 }
David Benjamincb9cf792015-05-05 09:46:14 -04001076 ssl->d1->mtu = mtu;
1077 return 1;
1078}
1079
1080int SSL_get_secure_renegotiation_support(const SSL *ssl) {
1081 return ssl->s3->send_connection_binding;
1082}
1083
1084long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) {
1085 return s->method->ssl_ctrl(s, cmd, larg, parg);
Adam Langleyfcf25832014-12-18 17:42:32 -08001086}
1087
Adam Langleyfcf25832014-12-18 17:42:32 -08001088LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; }
1089
David Benjamin71f7d3d2015-05-05 09:46:38 -04001090size_t SSL_CTX_sess_number(const SSL_CTX *ctx) {
1091 return lh_SSL_SESSION_num_items(ctx->sessions);
1092}
1093
1094unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, unsigned long size) {
1095 unsigned long ret = ctx->session_cache_size;
1096 ctx->session_cache_size = size;
1097 return ret;
1098}
1099
1100unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx) {
1101 return ctx->session_cache_size;
1102}
1103
1104int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode) {
1105 int ret = ctx->session_cache_mode;
1106 ctx->session_cache_mode = mode;
1107 return ret;
1108}
1109
1110int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx) {
1111 return ctx->session_cache_mode;
1112}
1113
Adam Langleyfcf25832014-12-18 17:42:32 -08001114long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) {
David Benjamin71f7d3d2015-05-05 09:46:38 -04001115 return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
Adam Langleyfcf25832014-12-18 17:42:32 -08001116}
1117
Adam Langleyfcf25832014-12-18 17:42:32 -08001118/* return a STACK of the ciphers available for the SSL and in order of
Adam Langley95c29f32014-06-20 12:00:00 -07001119 * preference */
David Benjamin60da0cd2015-05-03 15:21:28 -04001120STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) {
Adam Langleyfcf25832014-12-18 17:42:32 -08001121 if (s == NULL) {
1122 return NULL;
1123 }
Adam Langley0b5c1ac2014-06-20 12:00:00 -07001124
Adam Langleyfcf25832014-12-18 17:42:32 -08001125 if (s->cipher_list != NULL) {
1126 return s->cipher_list->ciphers;
1127 }
Adam Langley0b5c1ac2014-06-20 12:00:00 -07001128
Adam Langleyfcf25832014-12-18 17:42:32 -08001129 if (s->version >= TLS1_1_VERSION && s->ctx != NULL &&
1130 s->ctx->cipher_list_tls11 != NULL) {
1131 return s->ctx->cipher_list_tls11->ciphers;
1132 }
Adam Langley0b5c1ac2014-06-20 12:00:00 -07001133
Adam Langleyfcf25832014-12-18 17:42:32 -08001134 if (s->ctx != NULL && s->ctx->cipher_list != NULL) {
1135 return s->ctx->cipher_list->ciphers;
1136 }
Adam Langley0b5c1ac2014-06-20 12:00:00 -07001137
Adam Langleyfcf25832014-12-18 17:42:32 -08001138 return NULL;
1139}
Adam Langley95c29f32014-06-20 12:00:00 -07001140
Adam Langleyfcf25832014-12-18 17:42:32 -08001141/* return a STACK of the ciphers available for the SSL and in order of
Adam Langley95c29f32014-06-20 12:00:00 -07001142 * algorithm id */
David Benjamin60da0cd2015-05-03 15:21:28 -04001143STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) {
Adam Langleyfcf25832014-12-18 17:42:32 -08001144 if (s == NULL) {
1145 return NULL;
1146 }
Adam Langley95c29f32014-06-20 12:00:00 -07001147
Adam Langleyfcf25832014-12-18 17:42:32 -08001148 if (s->cipher_list_by_id != NULL) {
1149 return s->cipher_list_by_id;
1150 }
Adam Langley95c29f32014-06-20 12:00:00 -07001151
Adam Langleyfcf25832014-12-18 17:42:32 -08001152 if (s->ctx != NULL && s->ctx->cipher_list_by_id != NULL) {
1153 return s->ctx->cipher_list_by_id;
1154 }
Adam Langley95c29f32014-06-20 12:00:00 -07001155
Adam Langleyfcf25832014-12-18 17:42:32 -08001156 return NULL;
1157}
Adam Langley95c29f32014-06-20 12:00:00 -07001158
Adam Langleyfcf25832014-12-18 17:42:32 -08001159/* The old interface to get the same thing as SSL_get_ciphers() */
1160const char *SSL_get_cipher_list(const SSL *s, int n) {
1161 const SSL_CIPHER *c;
David Benjamin60da0cd2015-05-03 15:21:28 -04001162 STACK_OF(SSL_CIPHER) *sk;
Adam Langley0b5c1ac2014-06-20 12:00:00 -07001163
Adam Langleyfcf25832014-12-18 17:42:32 -08001164 if (s == NULL) {
1165 return NULL;
1166 }
Adam Langley95c29f32014-06-20 12:00:00 -07001167
Adam Langleyfcf25832014-12-18 17:42:32 -08001168 sk = SSL_get_ciphers(s);
1169 if (sk == NULL || n < 0 || (size_t)n >= sk_SSL_CIPHER_num(sk)) {
1170 return NULL;
1171 }
Adam Langley95c29f32014-06-20 12:00:00 -07001172
Adam Langleyfcf25832014-12-18 17:42:32 -08001173 c = sk_SSL_CIPHER_value(sk, n);
1174 if (c == NULL) {
1175 return NULL;
1176 }
Adam Langley95c29f32014-06-20 12:00:00 -07001177
Adam Langleyfcf25832014-12-18 17:42:32 -08001178 return c->name;
1179}
David Benjamin5491e3f2014-09-29 19:33:09 -04001180
Adam Langleyfcf25832014-12-18 17:42:32 -08001181/* specify the ciphers to be used by default by the SSL_CTX */
1182int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) {
1183 STACK_OF(SSL_CIPHER) *sk;
Adam Langley95c29f32014-06-20 12:00:00 -07001184
Adam Langleyfcf25832014-12-18 17:42:32 -08001185 sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
David Benjamin71f07942015-04-08 02:36:59 -04001186 &ctx->cipher_list_by_id, str);
Adam Langleyfcf25832014-12-18 17:42:32 -08001187 /* ssl_create_cipher_list may return an empty stack if it was unable to find
1188 * a cipher matching the given rule string (for example if the rule string
1189 * specifies a cipher which has been disabled). This is not an error as far
1190 * as ssl_create_cipher_list is concerned, and hence ctx->cipher_list and
1191 * ctx->cipher_list_by_id has been updated. */
1192 if (sk == NULL) {
1193 return 0;
1194 } else if (sk_SSL_CIPHER_num(sk) == 0) {
David Benjamin3570d732015-06-29 00:28:17 -04001195 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH);
Adam Langleyfcf25832014-12-18 17:42:32 -08001196 return 0;
1197 }
Adam Langley95c29f32014-06-20 12:00:00 -07001198
Adam Langleyfcf25832014-12-18 17:42:32 -08001199 return 1;
1200}
David Benjamin39482a12014-07-20 13:30:15 -04001201
Adam Langleyfcf25832014-12-18 17:42:32 -08001202int SSL_CTX_set_cipher_list_tls11(SSL_CTX *ctx, const char *str) {
1203 STACK_OF(SSL_CIPHER) *sk;
Adam Langley95c29f32014-06-20 12:00:00 -07001204
David Benjamin71f07942015-04-08 02:36:59 -04001205 sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list_tls11, NULL, str);
Adam Langleyfcf25832014-12-18 17:42:32 -08001206 if (sk == NULL) {
1207 return 0;
1208 } else if (sk_SSL_CIPHER_num(sk) == 0) {
David Benjamin3570d732015-06-29 00:28:17 -04001209 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH);
Adam Langleyfcf25832014-12-18 17:42:32 -08001210 return 0;
1211 }
David Benjamin9f2c0d72014-10-21 22:00:19 -04001212
Adam Langleyfcf25832014-12-18 17:42:32 -08001213 return 1;
1214}
Adam Langley95c29f32014-06-20 12:00:00 -07001215
Adam Langleyfcf25832014-12-18 17:42:32 -08001216/* specify the ciphers to be used by the SSL */
1217int SSL_set_cipher_list(SSL *s, const char *str) {
1218 STACK_OF(SSL_CIPHER) *sk;
Adam Langley95c29f32014-06-20 12:00:00 -07001219
Adam Langleyfcf25832014-12-18 17:42:32 -08001220 sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
David Benjamin71f07942015-04-08 02:36:59 -04001221 &s->cipher_list_by_id, str);
David Benjamin39482a12014-07-20 13:30:15 -04001222
Adam Langleyfcf25832014-12-18 17:42:32 -08001223 /* see comment in SSL_CTX_set_cipher_list */
1224 if (sk == NULL) {
1225 return 0;
1226 } else if (sk_SSL_CIPHER_num(sk) == 0) {
David Benjamin3570d732015-06-29 00:28:17 -04001227 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH);
Adam Langleyfcf25832014-12-18 17:42:32 -08001228 return 0;
1229 }
David Benjamin39482a12014-07-20 13:30:15 -04001230
Adam Langleyfcf25832014-12-18 17:42:32 -08001231 return 1;
1232}
Adam Langley95c29f32014-06-20 12:00:00 -07001233
Adam Langleyfcf25832014-12-18 17:42:32 -08001234int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, uint8_t *p) {
1235 size_t i;
1236 const SSL_CIPHER *c;
1237 CERT *ct = s->cert;
1238 uint8_t *q;
1239 /* Set disabled masks for this session */
1240 ssl_set_client_disabled(s);
Adam Langley29707792014-06-20 12:00:00 -07001241
Adam Langleyfcf25832014-12-18 17:42:32 -08001242 if (sk == NULL) {
1243 return 0;
1244 }
1245 q = p;
Adam Langley95c29f32014-06-20 12:00:00 -07001246
Adam Langleyfcf25832014-12-18 17:42:32 -08001247 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1248 c = sk_SSL_CIPHER_value(sk, i);
1249 /* Skip disabled ciphers */
1250 if (c->algorithm_ssl & ct->mask_ssl ||
1251 c->algorithm_mkey & ct->mask_k ||
1252 c->algorithm_auth & ct->mask_a) {
1253 continue;
1254 }
David Benjamina1c90a52015-05-30 17:03:14 -04001255 s2n(ssl_cipher_get_value(c), p);
Adam Langleyfcf25832014-12-18 17:42:32 -08001256 }
1257
1258 /* If all ciphers were disabled, return the error to the caller. */
1259 if (p == q) {
1260 return 0;
1261 }
1262
Adam Langley5021b222015-06-12 18:27:58 -07001263 /* For SSLv3, the SCSV is added. Otherwise the renegotiation extension is
1264 * added. */
1265 if (s->client_version == SSL3_VERSION &&
1266 !s->s3->initial_handshake_complete) {
Adam Langleyfcf25832014-12-18 17:42:32 -08001267 s2n(SSL3_CK_SCSV & 0xffff, p);
Adam Langley5021b222015-06-12 18:27:58 -07001268 /* The renegotiation extension is required to be at index zero. */
1269 s->s3->tmp.extensions.sent |= (1u << 0);
Adam Langleyfcf25832014-12-18 17:42:32 -08001270 }
1271
Adam Langley5f0efe02015-02-20 13:03:16 -08001272 if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
Adam Langleyfcf25832014-12-18 17:42:32 -08001273 s2n(SSL3_CK_FALLBACK_SCSV & 0xffff, p);
1274 }
1275
1276 return p - q;
1277}
1278
1279STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs) {
1280 CBS cipher_suites = *cbs;
1281 const SSL_CIPHER *c;
David Benjamin60da0cd2015-05-03 15:21:28 -04001282 STACK_OF(SSL_CIPHER) *sk;
Adam Langleyfcf25832014-12-18 17:42:32 -08001283
1284 if (s->s3) {
1285 s->s3->send_connection_binding = 0;
1286 }
1287
1288 if (CBS_len(&cipher_suites) % 2 != 0) {
David Benjamin3570d732015-06-29 00:28:17 -04001289 OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
Adam Langleyfcf25832014-12-18 17:42:32 -08001290 return NULL;
1291 }
1292
1293 sk = sk_SSL_CIPHER_new_null();
1294 if (sk == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -04001295 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langleyfcf25832014-12-18 17:42:32 -08001296 goto err;
1297 }
1298
Adam Langleyfcf25832014-12-18 17:42:32 -08001299 while (CBS_len(&cipher_suites) > 0) {
1300 uint16_t cipher_suite;
1301
1302 if (!CBS_get_u16(&cipher_suites, &cipher_suite)) {
David Benjamin3570d732015-06-29 00:28:17 -04001303 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
Adam Langleyfcf25832014-12-18 17:42:32 -08001304 goto err;
1305 }
1306
1307 /* Check for SCSV. */
1308 if (s->s3 && cipher_suite == (SSL3_CK_SCSV & 0xffff)) {
1309 /* SCSV is fatal if renegotiating. */
David Benjamin20f6e972015-05-15 21:51:49 -04001310 if (s->s3->initial_handshake_complete) {
David Benjamin3570d732015-06-29 00:28:17 -04001311 OPENSSL_PUT_ERROR(SSL, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
Adam Langleyfcf25832014-12-18 17:42:32 -08001312 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1313 goto err;
1314 }
1315 s->s3->send_connection_binding = 1;
1316 continue;
1317 }
1318
1319 /* Check for FALLBACK_SCSV. */
1320 if (s->s3 && cipher_suite == (SSL3_CK_FALLBACK_SCSV & 0xffff)) {
1321 uint16_t max_version = ssl3_get_max_server_version(s);
1322 if (SSL_IS_DTLS(s) ? (uint16_t)s->version > max_version
1323 : (uint16_t)s->version < max_version) {
David Benjamin3570d732015-06-29 00:28:17 -04001324 OPENSSL_PUT_ERROR(SSL, SSL_R_INAPPROPRIATE_FALLBACK);
Adam Langleyfcf25832014-12-18 17:42:32 -08001325 ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_INAPPROPRIATE_FALLBACK);
1326 goto err;
1327 }
1328 continue;
1329 }
1330
David Benjamina1c90a52015-05-30 17:03:14 -04001331 c = SSL_get_cipher_by_value(cipher_suite);
Adam Langleyfcf25832014-12-18 17:42:32 -08001332 if (c != NULL && !sk_SSL_CIPHER_push(sk, c)) {
David Benjamin3570d732015-06-29 00:28:17 -04001333 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langleyfcf25832014-12-18 17:42:32 -08001334 goto err;
1335 }
1336 }
1337
1338 return sk;
David Benjamin9f2c0d72014-10-21 22:00:19 -04001339
Adam Langley95c29f32014-06-20 12:00:00 -07001340err:
David Benjamin2755a3e2015-04-22 16:17:58 -04001341 sk_SSL_CIPHER_free(sk);
Adam Langleyfcf25832014-12-18 17:42:32 -08001342 return NULL;
1343}
Adam Langley95c29f32014-06-20 12:00:00 -07001344
1345
Adam Langleyfcf25832014-12-18 17:42:32 -08001346/* return a servername extension value if provided in Client Hello, or NULL. So
1347 * far, only host_name types are defined (RFC 3546). */
1348const char *SSL_get_servername(const SSL *s, const int type) {
1349 if (type != TLSEXT_NAMETYPE_host_name) {
1350 return NULL;
1351 }
Adam Langley95c29f32014-06-20 12:00:00 -07001352
Adam Langleyfcf25832014-12-18 17:42:32 -08001353 return s->session && !s->tlsext_hostname ? s->session->tlsext_hostname
1354 : s->tlsext_hostname;
1355}
Adam Langley95c29f32014-06-20 12:00:00 -07001356
Adam Langleyfcf25832014-12-18 17:42:32 -08001357int SSL_get_servername_type(const SSL *s) {
1358 if (s->session &&
1359 (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) {
1360 return TLSEXT_NAMETYPE_host_name;
1361 }
Adam Langley95c29f32014-06-20 12:00:00 -07001362
Adam Langleyfcf25832014-12-18 17:42:32 -08001363 return -1;
1364}
Adam Langley95c29f32014-06-20 12:00:00 -07001365
Adam Langleyfcf25832014-12-18 17:42:32 -08001366void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx) {
1367 ctx->signed_cert_timestamps_enabled = 1;
1368}
HÃ¥vard Molland9169c962014-08-14 14:42:37 +02001369
Adam Langleyfcf25832014-12-18 17:42:32 -08001370int SSL_enable_signed_cert_timestamps(SSL *ssl) {
1371 ssl->signed_cert_timestamps_enabled = 1;
1372 return 1;
1373}
HÃ¥vard Molland9169c962014-08-14 14:42:37 +02001374
Adam Langleyfcf25832014-12-18 17:42:32 -08001375void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) {
1376 ctx->ocsp_stapling_enabled = 1;
1377}
David Benjamin6c7aed02014-08-27 16:42:38 -04001378
Adam Langleyfcf25832014-12-18 17:42:32 -08001379int SSL_enable_ocsp_stapling(SSL *ssl) {
1380 ssl->ocsp_stapling_enabled = 1;
1381 return 1;
1382}
David Benjamin6c7aed02014-08-27 16:42:38 -04001383
Adam Langleyfcf25832014-12-18 17:42:32 -08001384void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out,
1385 size_t *out_len) {
1386 SSL_SESSION *session = ssl->session;
Adam Langley3cb50e02014-08-26 14:00:31 -07001387
Adam Langleyfcf25832014-12-18 17:42:32 -08001388 *out_len = 0;
1389 *out = NULL;
1390 if (ssl->server || !session || !session->tlsext_signed_cert_timestamp_list) {
1391 return;
1392 }
HÃ¥vard Molland9169c962014-08-14 14:42:37 +02001393
Adam Langleyfcf25832014-12-18 17:42:32 -08001394 *out = session->tlsext_signed_cert_timestamp_list;
1395 *out_len = session->tlsext_signed_cert_timestamp_list_length;
1396}
David Benjamin6c7aed02014-08-27 16:42:38 -04001397
Adam Langleyfcf25832014-12-18 17:42:32 -08001398void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out,
1399 size_t *out_len) {
1400 SSL_SESSION *session = ssl->session;
1401
1402 *out_len = 0;
1403 *out = NULL;
1404 if (ssl->server || !session || !session->ocsp_response) {
1405 return;
1406 }
1407 *out = session->ocsp_response;
1408 *out_len = session->ocsp_response_length;
1409}
David Benjamin6c7aed02014-08-27 16:42:38 -04001410
Adam Langley95c29f32014-06-20 12:00:00 -07001411/* SSL_select_next_proto implements the standard protocol selection. It is
1412 * expected that this function is called from the callback set by
1413 * SSL_CTX_set_next_proto_select_cb.
1414 *
1415 * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
1416 * strings. The length byte itself is not included in the length. A byte
1417 * string of length 0 is invalid. No byte string may be truncated.
1418 *
1419 * The current, but experimental algorithm for selecting the protocol is:
1420 *
1421 * 1) If the server doesn't support NPN then this is indicated to the
1422 * callback. In this case, the client application has to abort the connection
1423 * or have a default application level protocol.
1424 *
1425 * 2) If the server supports NPN, but advertises an empty list then the
1426 * client selects the first protcol in its list, but indicates via the
1427 * API that this fallback case was enacted.
1428 *
1429 * 3) Otherwise, the client finds the first protocol in the server's list
1430 * that it supports and selects this protocol. This is because it's
1431 * assumed that the server has better information about which protocol
1432 * a client should use.
1433 *
1434 * 4) If the client doesn't support any of the server's advertised
1435 * protocols, then this is treated the same as case 2.
1436 *
1437 * It returns either
1438 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1439 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1440 */
Adam Langleyfcf25832014-12-18 17:42:32 -08001441int SSL_select_next_proto(uint8_t **out, uint8_t *outlen, const uint8_t *server,
1442 unsigned int server_len, const uint8_t *client,
1443 unsigned int client_len) {
1444 unsigned int i, j;
1445 const uint8_t *result;
1446 int status = OPENSSL_NPN_UNSUPPORTED;
Adam Langley95c29f32014-06-20 12:00:00 -07001447
Adam Langleyfcf25832014-12-18 17:42:32 -08001448 /* For each protocol in server preference order, see if we support it. */
1449 for (i = 0; i < server_len;) {
1450 for (j = 0; j < client_len;) {
1451 if (server[i] == client[j] &&
1452 memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
1453 /* We found a match */
1454 result = &server[i];
1455 status = OPENSSL_NPN_NEGOTIATED;
1456 goto found;
1457 }
1458 j += client[j];
1459 j++;
1460 }
1461 i += server[i];
1462 i++;
1463 }
Adam Langley95c29f32014-06-20 12:00:00 -07001464
Adam Langleyfcf25832014-12-18 17:42:32 -08001465 /* There's no overlap between our protocols and the server's list. */
1466 result = client;
1467 status = OPENSSL_NPN_NO_OVERLAP;
Adam Langley95c29f32014-06-20 12:00:00 -07001468
Adam Langleyfcf25832014-12-18 17:42:32 -08001469found:
1470 *out = (uint8_t *)result + 1;
1471 *outlen = result[0];
1472 return status;
1473}
Adam Langley95c29f32014-06-20 12:00:00 -07001474
Adam Langley95c29f32014-06-20 12:00:00 -07001475/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
1476 * requested protocol for this connection and returns 0. If the client didn't
1477 * request any protocol, then *data is set to NULL.
1478 *
1479 * Note that the client can request any protocol it chooses. The value returned
1480 * from this function need not be a member of the list of supported protocols
Adam Langleyfcf25832014-12-18 17:42:32 -08001481 * provided by the callback. */
1482void SSL_get0_next_proto_negotiated(const SSL *s, const uint8_t **data,
1483 unsigned *len) {
1484 *data = s->next_proto_negotiated;
1485 if (!*data) {
1486 *len = 0;
1487 } else {
1488 *len = s->next_proto_negotiated_len;
1489 }
Adam Langley95c29f32014-06-20 12:00:00 -07001490}
1491
1492/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
1493 * TLS server needs a list of supported protocols for Next Protocol
1494 * Negotiation. The returned list must be in wire format. The list is returned
1495 * by setting |out| to point to it and |outlen| to its length. This memory will
1496 * not be modified, but one should assume that the SSL* keeps a reference to
1497 * it.
1498 *
Adam Langleyfcf25832014-12-18 17:42:32 -08001499 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise.
1500 * Otherwise, no such extension will be included in the ServerHello. */
1501void SSL_CTX_set_next_protos_advertised_cb(
1502 SSL_CTX *ctx,
1503 int (*cb)(SSL *ssl, const uint8_t **out, unsigned int *outlen, void *arg),
1504 void *arg) {
1505 ctx->next_protos_advertised_cb = cb;
1506 ctx->next_protos_advertised_cb_arg = arg;
1507}
Adam Langley95c29f32014-06-20 12:00:00 -07001508
1509/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
1510 * client needs to select a protocol from the server's provided list. |out|
1511 * must be set to point to the selected protocol (which may be within |in|).
1512 * The length of the protocol name must be written into |outlen|. The server's
1513 * advertised protocols are provided in |in| and |inlen|. The callback can
1514 * assume that |in| is syntactically valid.
1515 *
1516 * The client must select a protocol. It is fatal to the connection if this
1517 * callback returns a value other than SSL_TLSEXT_ERR_OK.
1518 */
Adam Langleyfcf25832014-12-18 17:42:32 -08001519void SSL_CTX_set_next_proto_select_cb(
1520 SSL_CTX *ctx, int (*cb)(SSL *s, uint8_t **out, uint8_t *outlen,
1521 const uint8_t *in, unsigned int inlen, void *arg),
1522 void *arg) {
1523 ctx->next_proto_select_cb = cb;
1524 ctx->next_proto_select_cb_arg = arg;
1525}
Adam Langley95c29f32014-06-20 12:00:00 -07001526
Adam Langleyfcf25832014-12-18 17:42:32 -08001527int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
1528 unsigned protos_len) {
David Benjamin2755a3e2015-04-22 16:17:58 -04001529 OPENSSL_free(ctx->alpn_client_proto_list);
Adam Langleyfcf25832014-12-18 17:42:32 -08001530 ctx->alpn_client_proto_list = BUF_memdup(protos, protos_len);
1531 if (!ctx->alpn_client_proto_list) {
1532 return 1;
1533 }
1534 ctx->alpn_client_proto_list_len = protos_len;
Adam Langley95c29f32014-06-20 12:00:00 -07001535
Adam Langleyfcf25832014-12-18 17:42:32 -08001536 return 0;
1537}
Adam Langley95c29f32014-06-20 12:00:00 -07001538
Adam Langleyfcf25832014-12-18 17:42:32 -08001539int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) {
David Benjamin2755a3e2015-04-22 16:17:58 -04001540 OPENSSL_free(ssl->alpn_client_proto_list);
Adam Langleyfcf25832014-12-18 17:42:32 -08001541 ssl->alpn_client_proto_list = BUF_memdup(protos, protos_len);
1542 if (!ssl->alpn_client_proto_list) {
1543 return 1;
1544 }
1545 ssl->alpn_client_proto_list_len = protos_len;
Adam Langley95c29f32014-06-20 12:00:00 -07001546
Adam Langleyfcf25832014-12-18 17:42:32 -08001547 return 0;
1548}
Adam Langley95c29f32014-06-20 12:00:00 -07001549
1550/* SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called
1551 * during ClientHello processing in order to select an ALPN protocol from the
1552 * client's list of offered protocols. */
Adam Langleyfcf25832014-12-18 17:42:32 -08001553void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
1554 int (*cb)(SSL *ssl, const uint8_t **out,
1555 uint8_t *outlen, const uint8_t *in,
1556 unsigned int inlen, void *arg),
1557 void *arg) {
1558 ctx->alpn_select_cb = cb;
1559 ctx->alpn_select_cb_arg = arg;
1560}
Adam Langley95c29f32014-06-20 12:00:00 -07001561
1562/* SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
1563 * On return it sets |*data| to point to |*len| bytes of protocol name (not
1564 * including the leading length-prefix byte). If the server didn't respond with
1565 * a negotiated protocol then |*len| will be zero. */
Adam Langleyfcf25832014-12-18 17:42:32 -08001566void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **data,
1567 unsigned *len) {
1568 *data = NULL;
1569 if (ssl->s3) {
1570 *data = ssl->s3->alpn_selected;
1571 }
1572 if (*data == NULL) {
1573 *len = 0;
1574 } else {
1575 *len = ssl->s3->alpn_selected_len;
1576 }
1577}
Adam Langley95c29f32014-06-20 12:00:00 -07001578
David Benjamincfd248b2015-04-03 11:02:24 -04001579int SSL_export_keying_material(SSL *s, uint8_t *out, size_t out_len,
1580 const char *label, size_t label_len,
1581 const uint8_t *context, size_t context_len,
1582 int use_context) {
Adam Langleyfcf25832014-12-18 17:42:32 -08001583 if (s->version < TLS1_VERSION) {
David Benjaminc565ebb2015-04-03 04:06:36 -04001584 return 0;
Adam Langleyfcf25832014-12-18 17:42:32 -08001585 }
Adam Langley95c29f32014-06-20 12:00:00 -07001586
David Benjamincfd248b2015-04-03 11:02:24 -04001587 return s->enc_method->export_keying_material(
1588 s, out, out_len, label, label_len, context, context_len, use_context);
Adam Langleyfcf25832014-12-18 17:42:32 -08001589}
Adam Langley95c29f32014-06-20 12:00:00 -07001590
Adam Langleyfcf25832014-12-18 17:42:32 -08001591static uint32_t ssl_session_hash(const SSL_SESSION *a) {
1592 uint32_t hash =
1593 ((uint32_t)a->session_id[0]) ||
1594 ((uint32_t)a->session_id[1] << 8) ||
1595 ((uint32_t)a->session_id[2] << 16) ||
1596 ((uint32_t)a->session_id[3] << 24);
Adam Langley95c29f32014-06-20 12:00:00 -07001597
Adam Langleyfcf25832014-12-18 17:42:32 -08001598 return hash;
1599}
Adam Langley95c29f32014-06-20 12:00:00 -07001600
1601/* NB: If this function (or indeed the hash function which uses a sort of
1602 * coarser function than this one) is changed, ensure
1603 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1604 * able to construct an SSL_SESSION that will collide with any existing session
1605 * with a matching session ID. */
Adam Langleyfcf25832014-12-18 17:42:32 -08001606static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
1607 if (a->ssl_version != b->ssl_version) {
1608 return 1;
1609 }
Adam Langley95c29f32014-06-20 12:00:00 -07001610
Adam Langleyfcf25832014-12-18 17:42:32 -08001611 if (a->session_id_length != b->session_id_length) {
1612 return 1;
1613 }
Adam Langley95c29f32014-06-20 12:00:00 -07001614
Adam Langleyfcf25832014-12-18 17:42:32 -08001615 return memcmp(a->session_id, b->session_id, a->session_id_length);
1616}
Adam Langley95c29f32014-06-20 12:00:00 -07001617
David Benjamin4831c332015-05-16 11:43:13 -04001618SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
Adam Langleyfcf25832014-12-18 17:42:32 -08001619 SSL_CTX *ret = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -07001620
David Benjamin4831c332015-05-16 11:43:13 -04001621 if (method == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -04001622 OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_METHOD_PASSED);
Adam Langleyfcf25832014-12-18 17:42:32 -08001623 return NULL;
1624 }
Adam Langley95c29f32014-06-20 12:00:00 -07001625
Adam Langleyfcf25832014-12-18 17:42:32 -08001626 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
David Benjamin3570d732015-06-29 00:28:17 -04001627 OPENSSL_PUT_ERROR(SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
Adam Langleyfcf25832014-12-18 17:42:32 -08001628 goto err;
1629 }
Adam Langley95c29f32014-06-20 12:00:00 -07001630
Adam Langleyfcf25832014-12-18 17:42:32 -08001631 ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
1632 if (ret == NULL) {
1633 goto err;
1634 }
Adam Langley95c29f32014-06-20 12:00:00 -07001635
Adam Langleyfcf25832014-12-18 17:42:32 -08001636 memset(ret, 0, sizeof(SSL_CTX));
Adam Langley95c29f32014-06-20 12:00:00 -07001637
David Benjamin4831c332015-05-16 11:43:13 -04001638 ret->method = method->method;
Adam Langley95c29f32014-06-20 12:00:00 -07001639
Adam Langley4bdb6e42015-05-15 15:29:21 -07001640 CRYPTO_MUTEX_init(&ret->lock);
1641
Adam Langleyfcf25832014-12-18 17:42:32 -08001642 ret->cert_store = NULL;
1643 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
1644 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1645 ret->session_cache_head = NULL;
1646 ret->session_cache_tail = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -07001647
Adam Langleyfcf25832014-12-18 17:42:32 -08001648 /* We take the system default */
1649 ret->session_timeout = SSL_DEFAULT_SESSION_TIMEOUT;
Adam Langley95c29f32014-06-20 12:00:00 -07001650
Adam Langleyfcf25832014-12-18 17:42:32 -08001651 ret->new_session_cb = 0;
1652 ret->remove_session_cb = 0;
1653 ret->get_session_cb = 0;
1654 ret->generate_session_id = 0;
Adam Langley95c29f32014-06-20 12:00:00 -07001655
Adam Langleyfcf25832014-12-18 17:42:32 -08001656 ret->references = 1;
1657 ret->quiet_shutdown = 0;
Adam Langley95c29f32014-06-20 12:00:00 -07001658
Adam Langleyfcf25832014-12-18 17:42:32 -08001659 ret->info_callback = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -07001660
Adam Langleyfcf25832014-12-18 17:42:32 -08001661 ret->app_verify_callback = 0;
1662 ret->app_verify_arg = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -07001663
Adam Langleyfcf25832014-12-18 17:42:32 -08001664 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
Adam Langleyfcf25832014-12-18 17:42:32 -08001665 ret->msg_callback = 0;
1666 ret->msg_callback_arg = NULL;
1667 ret->verify_mode = SSL_VERIFY_NONE;
1668 ret->sid_ctx_length = 0;
1669 ret->default_verify_callback = NULL;
1670 ret->cert = ssl_cert_new();
1671 if (ret->cert == NULL) {
1672 goto err;
1673 }
Adam Langley95c29f32014-06-20 12:00:00 -07001674
Adam Langleyfcf25832014-12-18 17:42:32 -08001675 ret->default_passwd_callback = 0;
1676 ret->default_passwd_callback_userdata = NULL;
1677 ret->client_cert_cb = 0;
Adam Langley95c29f32014-06-20 12:00:00 -07001678
Adam Langleyfcf25832014-12-18 17:42:32 -08001679 ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
1680 if (ret->sessions == NULL) {
1681 goto err;
1682 }
1683 ret->cert_store = X509_STORE_new();
1684 if (ret->cert_store == NULL) {
1685 goto err;
1686 }
Adam Langley95c29f32014-06-20 12:00:00 -07001687
Adam Langleyfcf25832014-12-18 17:42:32 -08001688 ssl_create_cipher_list(ret->method, &ret->cipher_list,
David Benjamin71f07942015-04-08 02:36:59 -04001689 &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
Adam Langleyfcf25832014-12-18 17:42:32 -08001690 if (ret->cipher_list == NULL ||
1691 sk_SSL_CIPHER_num(ret->cipher_list->ciphers) <= 0) {
David Benjamin3570d732015-06-29 00:28:17 -04001692 OPENSSL_PUT_ERROR(SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
Adam Langleyfcf25832014-12-18 17:42:32 -08001693 goto err2;
1694 }
Adam Langley95c29f32014-06-20 12:00:00 -07001695
Adam Langleyfcf25832014-12-18 17:42:32 -08001696 ret->param = X509_VERIFY_PARAM_new();
1697 if (!ret->param) {
1698 goto err;
1699 }
Adam Langley95c29f32014-06-20 12:00:00 -07001700
Adam Langleyfcf25832014-12-18 17:42:32 -08001701 ret->client_CA = sk_X509_NAME_new_null();
1702 if (ret->client_CA == NULL) {
1703 goto err;
1704 }
Adam Langley95c29f32014-06-20 12:00:00 -07001705
David Benjamin9f33fc62015-04-15 17:29:53 -04001706 CRYPTO_new_ex_data(&g_ex_data_class_ssl_ctx, ret, &ret->ex_data);
Adam Langley95c29f32014-06-20 12:00:00 -07001707
Adam Langleyfcf25832014-12-18 17:42:32 -08001708 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
David Benjamin422d3a42014-08-20 11:09:03 -04001709
Adam Langleyfcf25832014-12-18 17:42:32 -08001710 ret->tlsext_servername_callback = 0;
1711 ret->tlsext_servername_arg = NULL;
1712 /* Setup RFC4507 ticket keys */
1713 if (!RAND_bytes(ret->tlsext_tick_key_name, 16) ||
1714 !RAND_bytes(ret->tlsext_tick_hmac_key, 16) ||
1715 !RAND_bytes(ret->tlsext_tick_aes_key, 16)) {
1716 ret->options |= SSL_OP_NO_TICKET;
1717 }
Adam Langley95c29f32014-06-20 12:00:00 -07001718
Adam Langleyfcf25832014-12-18 17:42:32 -08001719 ret->next_protos_advertised_cb = 0;
1720 ret->next_proto_select_cb = 0;
1721 ret->psk_identity_hint = NULL;
1722 ret->psk_client_callback = NULL;
1723 ret->psk_server_callback = NULL;
1724
1725 /* Default is to connect to non-RI servers. When RI is more widely deployed
1726 * might change this. */
1727 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1728
1729 /* Lock the SSL_CTX to the specified version, for compatibility with legacy
1730 * uses of SSL_METHOD. */
David Benjamin4831c332015-05-16 11:43:13 -04001731 if (method->version != 0) {
1732 SSL_CTX_set_max_version(ret, method->version);
1733 SSL_CTX_set_min_version(ret, method->version);
Adam Langleyfcf25832014-12-18 17:42:32 -08001734 }
1735
1736 return ret;
1737
Adam Langley95c29f32014-06-20 12:00:00 -07001738err:
David Benjamin3570d732015-06-29 00:28:17 -04001739 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langley95c29f32014-06-20 12:00:00 -07001740err2:
David Benjamin2755a3e2015-04-22 16:17:58 -04001741 SSL_CTX_free(ret);
Adam Langleyfcf25832014-12-18 17:42:32 -08001742 return NULL;
1743}
Adam Langley95c29f32014-06-20 12:00:00 -07001744
David Benjamin4fcc2e22015-04-22 12:58:16 -04001745void SSL_CTX_free(SSL_CTX *ctx) {
1746 if (ctx == NULL ||
Adam Langley0b5e3902015-05-15 13:08:38 -07001747 !CRYPTO_refcount_dec_and_test_zero(&ctx->references)) {
Adam Langleyfcf25832014-12-18 17:42:32 -08001748 return;
1749 }
Adam Langley95c29f32014-06-20 12:00:00 -07001750
David Benjamin2755a3e2015-04-22 16:17:58 -04001751 X509_VERIFY_PARAM_free(ctx->param);
Adam Langley95c29f32014-06-20 12:00:00 -07001752
Adam Langleyfcf25832014-12-18 17:42:32 -08001753 /* Free internal session cache. However: the remove_cb() may reference the
1754 * ex_data of SSL_CTX, thus the ex_data store can only be removed after the
1755 * sessions were flushed. As the ex_data handling routines might also touch
1756 * the session cache, the most secure solution seems to be: empty (flush) the
1757 * cache, then free ex_data, then finally free the cache. (See ticket
1758 * [openssl.org #212].) */
David Benjamin2755a3e2015-04-22 16:17:58 -04001759 SSL_CTX_flush_sessions(ctx, 0);
Adam Langley95c29f32014-06-20 12:00:00 -07001760
David Benjamin4fcc2e22015-04-22 12:58:16 -04001761 CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data);
Adam Langley95c29f32014-06-20 12:00:00 -07001762
Adam Langley4bdb6e42015-05-15 15:29:21 -07001763 CRYPTO_MUTEX_cleanup(&ctx->lock);
David Benjamin2755a3e2015-04-22 16:17:58 -04001764 lh_SSL_SESSION_free(ctx->sessions);
1765 X509_STORE_free(ctx->cert_store);
1766 ssl_cipher_preference_list_free(ctx->cipher_list);
1767 sk_SSL_CIPHER_free(ctx->cipher_list_by_id);
1768 ssl_cipher_preference_list_free(ctx->cipher_list_tls11);
1769 ssl_cert_free(ctx->cert);
Adam Langley09505632015-07-30 18:10:13 -07001770 sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->client_custom_extensions,
1771 SSL_CUSTOM_EXTENSION_free);
1772 sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->server_custom_extensions,
1773 SSL_CUSTOM_EXTENSION_free);
David Benjamin2755a3e2015-04-22 16:17:58 -04001774 sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free);
David Benjamin2755a3e2015-04-22 16:17:58 -04001775 sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
1776 OPENSSL_free(ctx->psk_identity_hint);
1777 OPENSSL_free(ctx->tlsext_ecpointformatlist);
1778 OPENSSL_free(ctx->tlsext_ellipticcurvelist);
1779 OPENSSL_free(ctx->alpn_client_proto_list);
1780 EVP_PKEY_free(ctx->tlsext_channel_id_private);
1781 BIO_free(ctx->keylog_bio);
Adam Langley95c29f32014-06-20 12:00:00 -07001782
David Benjamin4fcc2e22015-04-22 12:58:16 -04001783 OPENSSL_free(ctx);
Adam Langleyfcf25832014-12-18 17:42:32 -08001784}
Adam Langley95c29f32014-06-20 12:00:00 -07001785
Adam Langleyfcf25832014-12-18 17:42:32 -08001786void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) {
1787 ctx->default_passwd_callback = cb;
1788}
Adam Langley95c29f32014-06-20 12:00:00 -07001789
Adam Langleyfcf25832014-12-18 17:42:32 -08001790void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) {
1791 ctx->default_passwd_callback_userdata = u;
1792}
Adam Langley95c29f32014-06-20 12:00:00 -07001793
Adam Langleyfcf25832014-12-18 17:42:32 -08001794void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
1795 int (*cb)(X509_STORE_CTX *, void *),
1796 void *arg) {
1797 ctx->app_verify_callback = cb;
1798 ctx->app_verify_arg = arg;
1799}
Adam Langley95c29f32014-06-20 12:00:00 -07001800
Adam Langleyfcf25832014-12-18 17:42:32 -08001801void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
1802 int (*cb)(int, X509_STORE_CTX *)) {
1803 ctx->verify_mode = mode;
1804 ctx->default_verify_callback = cb;
1805}
Adam Langley95c29f32014-06-20 12:00:00 -07001806
Adam Langleyfcf25832014-12-18 17:42:32 -08001807void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) {
1808 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
1809}
Adam Langley1258b6a2014-06-20 12:00:00 -07001810
David Benjamin7481d392015-07-05 19:38:46 -04001811void SSL_CTX_set_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, void *arg),
Adam Langleyfcf25832014-12-18 17:42:32 -08001812 void *arg) {
David Benjamin7481d392015-07-05 19:38:46 -04001813 ssl_cert_set_cert_cb(ctx->cert, cb, arg);
Adam Langleyfcf25832014-12-18 17:42:32 -08001814}
David Benjamin859ec3c2014-09-02 16:29:36 -04001815
David Benjamin7481d392015-07-05 19:38:46 -04001816void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), void *arg) {
1817 ssl_cert_set_cert_cb(ssl->cert, cb, arg);
Adam Langleyfcf25832014-12-18 17:42:32 -08001818}
Adam Langley95c29f32014-06-20 12:00:00 -07001819
David Benjamin107db582015-04-08 00:41:59 -04001820void ssl_get_compatible_server_ciphers(SSL *s, uint32_t *out_mask_k,
1821 uint32_t *out_mask_a) {
Adam Langleyfcf25832014-12-18 17:42:32 -08001822 CERT *c = s->cert;
David Benjamind1d80782015-07-05 11:54:09 -04001823 int have_rsa_cert = 0, dh_tmp;
David Benjamin107db582015-04-08 00:41:59 -04001824 uint32_t mask_k, mask_a;
David Benjamind1d80782015-07-05 11:54:09 -04001825 int have_ecc_cert = 0, ecdsa_ok;
Adam Langleyfcf25832014-12-18 17:42:32 -08001826 X509 *x;
Adam Langley95c29f32014-06-20 12:00:00 -07001827
Adam Langleyfcf25832014-12-18 17:42:32 -08001828 if (c == NULL) {
1829 /* TODO(davidben): Is this codepath possible? */
1830 *out_mask_k = 0;
1831 *out_mask_a = 0;
1832 return;
1833 }
Adam Langley95c29f32014-06-20 12:00:00 -07001834
Adam Langleyfcf25832014-12-18 17:42:32 -08001835 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
Adam Langley95c29f32014-06-20 12:00:00 -07001836
David Benjamind1d80782015-07-05 11:54:09 -04001837 if (s->cert->x509 != NULL && s->cert->privatekey != NULL) {
1838 if (s->cert->privatekey->type == EVP_PKEY_RSA) {
1839 have_rsa_cert = 1;
1840 } else if (s->cert->privatekey->type == EVP_PKEY_EC) {
1841 have_ecc_cert = 1;
1842 }
1843 }
Adam Langleyfcf25832014-12-18 17:42:32 -08001844 mask_k = 0;
1845 mask_a = 0;
David Benjaminf31e6812014-11-13 18:05:55 -05001846
Adam Langleyfcf25832014-12-18 17:42:32 -08001847 if (dh_tmp) {
David Benjamin7061e282015-03-19 11:10:48 -04001848 mask_k |= SSL_kDHE;
Adam Langleyfcf25832014-12-18 17:42:32 -08001849 }
David Benjaminbb20f522015-07-04 17:18:14 -04001850 if (have_rsa_cert) {
1851 mask_k |= SSL_kRSA;
Adam Langleyfcf25832014-12-18 17:42:32 -08001852 mask_a |= SSL_aRSA;
1853 }
Adam Langley95c29f32014-06-20 12:00:00 -07001854
Adam Langleyfcf25832014-12-18 17:42:32 -08001855 /* An ECC certificate may be usable for ECDSA cipher suites depending on the
1856 * key usage extension and on the client's curve preferences. */
1857 if (have_ecc_cert) {
David Benjamind1d80782015-07-05 11:54:09 -04001858 x = c->x509;
Adam Langleyfcf25832014-12-18 17:42:32 -08001859 /* This call populates extension flags (ex_flags). */
1860 X509_check_purpose(x, -1, 0);
1861 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE)
1862 ? (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE)
1863 : 1;
1864 if (!tls1_check_ec_cert(s, x)) {
1865 ecdsa_ok = 0;
1866 }
1867 if (ecdsa_ok) {
1868 mask_a |= SSL_aECDSA;
1869 }
1870 }
Adam Langley95c29f32014-06-20 12:00:00 -07001871
Adam Langleyfcf25832014-12-18 17:42:32 -08001872 /* If we are considering an ECC cipher suite that uses an ephemeral EC
1873 * key, check it. */
David Benjamindd978782015-04-24 15:20:13 -04001874 if (tls1_check_ec_tmp_key(s)) {
David Benjamin7061e282015-03-19 11:10:48 -04001875 mask_k |= SSL_kECDHE;
Adam Langleyfcf25832014-12-18 17:42:32 -08001876 }
Adam Langley95c29f32014-06-20 12:00:00 -07001877
Adam Langleyfcf25832014-12-18 17:42:32 -08001878 /* PSK requires a server callback. */
1879 if (s->psk_server_callback != NULL) {
1880 mask_k |= SSL_kPSK;
1881 mask_a |= SSL_aPSK;
1882 }
Adam Langley95c29f32014-06-20 12:00:00 -07001883
Adam Langleyfcf25832014-12-18 17:42:32 -08001884 *out_mask_k = mask_k;
1885 *out_mask_a = mask_a;
1886}
Adam Langley95c29f32014-06-20 12:00:00 -07001887
Adam Langleyfcf25832014-12-18 17:42:32 -08001888void ssl_update_cache(SSL *s, int mode) {
David Benjaminb6d0c6d2015-03-19 19:07:26 -04001889 /* Never cache sessions with empty session IDs. */
Adam Langleyfcf25832014-12-18 17:42:32 -08001890 if (s->session->session_id_length == 0) {
1891 return;
1892 }
Adam Langley95c29f32014-06-20 12:00:00 -07001893
David Benjamin95d31822015-06-15 19:53:32 -04001894 int has_new_session = !s->hit;
1895 if (!s->server && s->tlsext_ticket_expected) {
1896 /* A client may see new sessions on abbreviated handshakes if the server
1897 * decides to renew the ticket. Once the handshake is completed, it should
1898 * be inserted into the cache. */
1899 has_new_session = 1;
1900 }
1901
David Benjaminb6d0c6d2015-03-19 19:07:26 -04001902 SSL_CTX *ctx = s->initial_ctx;
David Benjamin95d31822015-06-15 19:53:32 -04001903 if ((ctx->session_cache_mode & mode) == mode && has_new_session &&
David Benjaminb6d0c6d2015-03-19 19:07:26 -04001904 ((ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) ||
1905 SSL_CTX_add_session(ctx, s->session)) &&
1906 ctx->new_session_cb != NULL) {
1907 /* Note: |new_session_cb| is called whether the internal session cache is
1908 * used or not. */
1909 if (!ctx->new_session_cb(s, SSL_SESSION_up_ref(s->session))) {
Adam Langleyfcf25832014-12-18 17:42:32 -08001910 SSL_SESSION_free(s->session);
1911 }
1912 }
Adam Langley95c29f32014-06-20 12:00:00 -07001913
David Benjaminb6d0c6d2015-03-19 19:07:26 -04001914 if (!(ctx->session_cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR) &&
1915 !(ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) &&
1916 (ctx->session_cache_mode & mode) == mode) {
1917 /* Automatically flush the internal session cache every 255 connections. */
1918 int flush_cache = 0;
Adam Langley4bdb6e42015-05-15 15:29:21 -07001919 CRYPTO_MUTEX_lock_write(&ctx->lock);
David Benjaminb6d0c6d2015-03-19 19:07:26 -04001920 ctx->handshakes_since_cache_flush++;
1921 if (ctx->handshakes_since_cache_flush >= 255) {
1922 flush_cache = 1;
1923 ctx->handshakes_since_cache_flush = 0;
1924 }
Adam Langley4bdb6e42015-05-15 15:29:21 -07001925 CRYPTO_MUTEX_unlock(&ctx->lock);
David Benjaminb6d0c6d2015-03-19 19:07:26 -04001926
1927 if (flush_cache) {
1928 SSL_CTX_flush_sessions(ctx, (unsigned long)time(NULL));
Adam Langleyfcf25832014-12-18 17:42:32 -08001929 }
1930 }
1931}
Adam Langley95c29f32014-06-20 12:00:00 -07001932
David Benjamin1a5c50f2015-03-11 16:22:37 -04001933int SSL_get_error(const SSL *s, int ret_code) {
Adam Langleyfcf25832014-12-18 17:42:32 -08001934 int reason;
David Benjamin1a5c50f2015-03-11 16:22:37 -04001935 uint32_t err;
Adam Langleyfcf25832014-12-18 17:42:32 -08001936 BIO *bio;
Adam Langley95c29f32014-06-20 12:00:00 -07001937
David Benjamin1a5c50f2015-03-11 16:22:37 -04001938 if (ret_code > 0) {
Adam Langleyfcf25832014-12-18 17:42:32 -08001939 return SSL_ERROR_NONE;
1940 }
Adam Langley95c29f32014-06-20 12:00:00 -07001941
Adam Langleyfcf25832014-12-18 17:42:32 -08001942 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
1943 * where we do encode the error */
David Benjamin1a5c50f2015-03-11 16:22:37 -04001944 err = ERR_peek_error();
1945 if (err != 0) {
1946 if (ERR_GET_LIB(err) == ERR_LIB_SYS) {
Adam Langleyfcf25832014-12-18 17:42:32 -08001947 return SSL_ERROR_SYSCALL;
1948 }
1949 return SSL_ERROR_SSL;
1950 }
Adam Langley95c29f32014-06-20 12:00:00 -07001951
David Benjamin1a5c50f2015-03-11 16:22:37 -04001952 if (ret_code == 0) {
David Benjamin9a38e922015-01-22 16:06:11 -05001953 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
1954 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) {
1955 /* The socket was cleanly shut down with a close_notify. */
1956 return SSL_ERROR_ZERO_RETURN;
1957 }
1958 /* An EOF was observed which violates the protocol, and the underlying
1959 * transport does not participate in the error queue. Bubble up to the
1960 * caller. */
1961 return SSL_ERROR_SYSCALL;
Adam Langleyfcf25832014-12-18 17:42:32 -08001962 }
Adam Langleyb2ce0582014-06-20 12:00:00 -07001963
Adam Langleyfcf25832014-12-18 17:42:32 -08001964 if (SSL_want_session(s)) {
1965 return SSL_ERROR_PENDING_SESSION;
1966 }
Adam Langley95c29f32014-06-20 12:00:00 -07001967
Adam Langleyfcf25832014-12-18 17:42:32 -08001968 if (SSL_want_certificate(s)) {
1969 return SSL_ERROR_PENDING_CERTIFICATE;
1970 }
Adam Langley95c29f32014-06-20 12:00:00 -07001971
Adam Langleyfcf25832014-12-18 17:42:32 -08001972 if (SSL_want_read(s)) {
1973 bio = SSL_get_rbio(s);
1974 if (BIO_should_read(bio)) {
1975 return SSL_ERROR_WANT_READ;
1976 }
Adam Langley95c29f32014-06-20 12:00:00 -07001977
Adam Langleyfcf25832014-12-18 17:42:32 -08001978 if (BIO_should_write(bio)) {
1979 /* This one doesn't make too much sense ... We never try to write to the
1980 * rbio, and an application program where rbio and wbio are separate
1981 * couldn't even know what it should wait for. However if we ever set
1982 * s->rwstate incorrectly (so that we have SSL_want_read(s) instead of
1983 * SSL_want_write(s)) and rbio and wbio *are* the same, this test works
1984 * around that bug; so it might be safer to keep it. */
1985 return SSL_ERROR_WANT_WRITE;
1986 }
Adam Langley95c29f32014-06-20 12:00:00 -07001987
Adam Langleyfcf25832014-12-18 17:42:32 -08001988 if (BIO_should_io_special(bio)) {
1989 reason = BIO_get_retry_reason(bio);
1990 if (reason == BIO_RR_CONNECT) {
1991 return SSL_ERROR_WANT_CONNECT;
1992 }
Adam Langley95c29f32014-06-20 12:00:00 -07001993
Adam Langleyfcf25832014-12-18 17:42:32 -08001994 if (reason == BIO_RR_ACCEPT) {
1995 return SSL_ERROR_WANT_ACCEPT;
1996 }
Adam Langley95c29f32014-06-20 12:00:00 -07001997
Adam Langleyfcf25832014-12-18 17:42:32 -08001998 return SSL_ERROR_SYSCALL; /* unknown */
1999 }
2000 }
Adam Langley95c29f32014-06-20 12:00:00 -07002001
Adam Langleyfcf25832014-12-18 17:42:32 -08002002 if (SSL_want_write(s)) {
2003 bio = SSL_get_wbio(s);
2004 if (BIO_should_write(bio)) {
2005 return SSL_ERROR_WANT_WRITE;
2006 }
Adam Langley95c29f32014-06-20 12:00:00 -07002007
Adam Langleyfcf25832014-12-18 17:42:32 -08002008 if (BIO_should_read(bio)) {
2009 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
2010 return SSL_ERROR_WANT_READ;
2011 }
Adam Langley95c29f32014-06-20 12:00:00 -07002012
Adam Langleyfcf25832014-12-18 17:42:32 -08002013 if (BIO_should_io_special(bio)) {
2014 reason = BIO_get_retry_reason(bio);
2015 if (reason == BIO_RR_CONNECT) {
2016 return SSL_ERROR_WANT_CONNECT;
2017 }
Adam Langley95c29f32014-06-20 12:00:00 -07002018
Adam Langleyfcf25832014-12-18 17:42:32 -08002019 if (reason == BIO_RR_ACCEPT) {
2020 return SSL_ERROR_WANT_ACCEPT;
2021 }
Adam Langley95c29f32014-06-20 12:00:00 -07002022
Adam Langleyfcf25832014-12-18 17:42:32 -08002023 return SSL_ERROR_SYSCALL;
2024 }
2025 }
Adam Langley95c29f32014-06-20 12:00:00 -07002026
Adam Langleyfcf25832014-12-18 17:42:32 -08002027 if (SSL_want_x509_lookup(s)) {
2028 return SSL_ERROR_WANT_X509_LOOKUP;
2029 }
Adam Langley95c29f32014-06-20 12:00:00 -07002030
Adam Langleyfcf25832014-12-18 17:42:32 -08002031 if (SSL_want_channel_id_lookup(s)) {
2032 return SSL_ERROR_WANT_CHANNEL_ID_LOOKUP;
2033 }
Adam Langley0f4746e2014-08-13 12:26:32 -07002034
David Benjaminb4d65fd2015-05-29 17:11:21 -04002035 if (SSL_want_private_key_operation(s)) {
2036 return SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
2037 }
2038
Adam Langleyfcf25832014-12-18 17:42:32 -08002039 return SSL_ERROR_SYSCALL;
2040}
Adam Langley0f4746e2014-08-13 12:26:32 -07002041
Adam Langleyfcf25832014-12-18 17:42:32 -08002042int SSL_do_handshake(SSL *s) {
2043 int ret = 1;
Adam Langley95c29f32014-06-20 12:00:00 -07002044
Adam Langleyfcf25832014-12-18 17:42:32 -08002045 if (s->handshake_func == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -04002046 OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
Adam Langleyfcf25832014-12-18 17:42:32 -08002047 return -1;
2048 }
Adam Langley95c29f32014-06-20 12:00:00 -07002049
Adam Langleyfcf25832014-12-18 17:42:32 -08002050 if (SSL_in_init(s)) {
2051 ret = s->handshake_func(s);
2052 }
2053 return ret;
2054}
Adam Langley95c29f32014-06-20 12:00:00 -07002055
David Benjamin4831c332015-05-16 11:43:13 -04002056void SSL_set_accept_state(SSL *ssl) {
2057 ssl->server = 1;
2058 ssl->shutdown = 0;
David Benjamin8ec88102015-05-15 23:40:13 -04002059 ssl->state = SSL_ST_ACCEPT;
David Benjamin4831c332015-05-16 11:43:13 -04002060 ssl->handshake_func = ssl->method->ssl_accept;
Adam Langleyfcf25832014-12-18 17:42:32 -08002061 /* clear the current cipher */
David Benjamin4831c332015-05-16 11:43:13 -04002062 ssl_clear_cipher_ctx(ssl);
Adam Langleyfcf25832014-12-18 17:42:32 -08002063}
Adam Langley95c29f32014-06-20 12:00:00 -07002064
David Benjamin4831c332015-05-16 11:43:13 -04002065void SSL_set_connect_state(SSL *ssl) {
2066 ssl->server = 0;
2067 ssl->shutdown = 0;
David Benjamin8ec88102015-05-15 23:40:13 -04002068 ssl->state = SSL_ST_CONNECT;
David Benjamin4831c332015-05-16 11:43:13 -04002069 ssl->handshake_func = ssl->method->ssl_connect;
Adam Langleyfcf25832014-12-18 17:42:32 -08002070 /* clear the current cipher */
David Benjamin4831c332015-05-16 11:43:13 -04002071 ssl_clear_cipher_ctx(ssl);
Adam Langleyfcf25832014-12-18 17:42:32 -08002072}
Adam Langley95c29f32014-06-20 12:00:00 -07002073
Adam Langleyfcf25832014-12-18 17:42:32 -08002074static const char *ssl_get_version(int version) {
2075 switch (version) {
2076 case TLS1_2_VERSION:
2077 return "TLSv1.2";
Adam Langley95c29f32014-06-20 12:00:00 -07002078
Adam Langleyfcf25832014-12-18 17:42:32 -08002079 case TLS1_1_VERSION:
2080 return "TLSv1.1";
Adam Langley95c29f32014-06-20 12:00:00 -07002081
Adam Langleyfcf25832014-12-18 17:42:32 -08002082 case TLS1_VERSION:
2083 return "TLSv1";
Adam Langley95c29f32014-06-20 12:00:00 -07002084
Adam Langleyfcf25832014-12-18 17:42:32 -08002085 case SSL3_VERSION:
2086 return "SSLv3";
Adam Langley95c29f32014-06-20 12:00:00 -07002087
David Benjamin1c722b72015-04-20 13:53:10 -04002088 case DTLS1_VERSION:
2089 return "DTLSv1";
2090
2091 case DTLS1_2_VERSION:
2092 return "DTLSv1.2";
2093
Adam Langleyfcf25832014-12-18 17:42:32 -08002094 default:
2095 return "unknown";
2096 }
2097}
Adam Langley95c29f32014-06-20 12:00:00 -07002098
Adam Langleyfcf25832014-12-18 17:42:32 -08002099const char *SSL_get_version(const SSL *s) {
2100 return ssl_get_version(s->version);
2101}
Adam Langley95c29f32014-06-20 12:00:00 -07002102
Adam Langleyfcf25832014-12-18 17:42:32 -08002103const char *SSL_SESSION_get_version(const SSL_SESSION *sess) {
2104 return ssl_get_version(sess->ssl_version);
2105}
Adam Langley95c29f32014-06-20 12:00:00 -07002106
Adam Langleyfcf25832014-12-18 17:42:32 -08002107void ssl_clear_cipher_ctx(SSL *s) {
David Benjamin31a07792015-03-03 14:20:26 -05002108 SSL_AEAD_CTX_free(s->aead_read_ctx);
2109 s->aead_read_ctx = NULL;
2110 SSL_AEAD_CTX_free(s->aead_write_ctx);
2111 s->aead_write_ctx = NULL;
Adam Langleyfcf25832014-12-18 17:42:32 -08002112}
Adam Langley95c29f32014-06-20 12:00:00 -07002113
Adam Langleyfcf25832014-12-18 17:42:32 -08002114X509 *SSL_get_certificate(const SSL *s) {
2115 if (s->cert != NULL) {
David Benjamind1d80782015-07-05 11:54:09 -04002116 return s->cert->x509;
Adam Langleyfcf25832014-12-18 17:42:32 -08002117 }
2118
2119 return NULL;
2120}
2121
2122EVP_PKEY *SSL_get_privatekey(const SSL *s) {
2123 if (s->cert != NULL) {
David Benjamind1d80782015-07-05 11:54:09 -04002124 return s->cert->privatekey;
Adam Langleyfcf25832014-12-18 17:42:32 -08002125 }
2126
2127 return NULL;
2128}
2129
2130X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) {
2131 if (ctx->cert != NULL) {
David Benjamind1d80782015-07-05 11:54:09 -04002132 return ctx->cert->x509;
Adam Langleyfcf25832014-12-18 17:42:32 -08002133 }
2134
2135 return NULL;
2136}
2137
2138EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) {
2139 if (ctx->cert != NULL) {
David Benjamind1d80782015-07-05 11:54:09 -04002140 return ctx->cert->privatekey;
Adam Langleyfcf25832014-12-18 17:42:32 -08002141 }
2142
2143 return NULL;
2144}
2145
2146const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) {
David Benjamina07c0fc2015-05-13 13:19:42 -04002147 if (s->aead_write_ctx == NULL) {
2148 return NULL;
Adam Langleyfcf25832014-12-18 17:42:32 -08002149 }
David Benjamina07c0fc2015-05-13 13:19:42 -04002150 return s->aead_write_ctx->cipher;
Adam Langleyfcf25832014-12-18 17:42:32 -08002151}
2152
Matt Braithwaite6a1275b2015-06-26 12:09:10 -07002153const COMP_METHOD *SSL_get_current_compression(SSL *s) { return NULL; }
Adam Langleyfcf25832014-12-18 17:42:32 -08002154
Matt Braithwaite6a1275b2015-06-26 12:09:10 -07002155const COMP_METHOD *SSL_get_current_expansion(SSL *s) { return NULL; }
Adam Langleyfcf25832014-12-18 17:42:32 -08002156
2157int ssl_init_wbio_buffer(SSL *s, int push) {
2158 BIO *bbio;
2159
2160 if (s->bbio == NULL) {
2161 bbio = BIO_new(BIO_f_buffer());
2162 if (bbio == NULL) {
2163 return 0;
2164 }
2165 s->bbio = bbio;
2166 } else {
2167 bbio = s->bbio;
2168 if (s->bbio == s->wbio) {
2169 s->wbio = BIO_pop(s->wbio);
2170 }
2171 }
2172
2173 BIO_reset(bbio);
2174 if (!BIO_set_read_buffer_size(bbio, 1)) {
David Benjamin3570d732015-06-29 00:28:17 -04002175 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
Adam Langleyfcf25832014-12-18 17:42:32 -08002176 return 0;
2177 }
2178
2179 if (push) {
2180 if (s->wbio != bbio) {
2181 s->wbio = BIO_push(bbio, s->wbio);
2182 }
2183 } else {
2184 if (s->wbio == bbio) {
2185 s->wbio = BIO_pop(bbio);
2186 }
2187 }
2188
2189 return 1;
2190}
2191
2192void ssl_free_wbio_buffer(SSL *s) {
2193 if (s->bbio == NULL) {
2194 return;
2195 }
2196
2197 if (s->bbio == s->wbio) {
2198 /* remove buffering */
2199 s->wbio = BIO_pop(s->wbio);
2200 }
2201
2202 BIO_free(s->bbio);
2203 s->bbio = NULL;
2204}
2205
2206void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) {
2207 ctx->quiet_shutdown = mode;
2208}
2209
2210int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) {
2211 return ctx->quiet_shutdown;
2212}
2213
2214void SSL_set_quiet_shutdown(SSL *s, int mode) { s->quiet_shutdown = mode; }
2215
2216int SSL_get_quiet_shutdown(const SSL *s) { return s->quiet_shutdown; }
2217
2218void SSL_set_shutdown(SSL *s, int mode) { s->shutdown = mode; }
2219
2220int SSL_get_shutdown(const SSL *s) { return s->shutdown; }
2221
2222int SSL_version(const SSL *s) { return s->version; }
2223
2224SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx; }
2225
2226SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) {
2227 if (ssl->ctx == ctx) {
2228 return ssl->ctx;
2229 }
2230
2231 if (ctx == NULL) {
2232 ctx = ssl->initial_ctx;
2233 }
2234
David Benjamin2755a3e2015-04-22 16:17:58 -04002235 ssl_cert_free(ssl->cert);
Adam Langleyfcf25832014-12-18 17:42:32 -08002236 ssl->cert = ssl_cert_dup(ctx->cert);
David Benjamin2755a3e2015-04-22 16:17:58 -04002237
Adam Langley0b5e3902015-05-15 13:08:38 -07002238 CRYPTO_refcount_inc(&ctx->references);
David Benjamin2755a3e2015-04-22 16:17:58 -04002239 SSL_CTX_free(ssl->ctx); /* decrement reference count */
Adam Langleyfcf25832014-12-18 17:42:32 -08002240 ssl->ctx = ctx;
2241
2242 ssl->sid_ctx_length = ctx->sid_ctx_length;
2243 assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
2244 memcpy(ssl->sid_ctx, ctx->sid_ctx, sizeof(ssl->sid_ctx));
2245
2246 return ssl->ctx;
2247}
2248
2249int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) {
2250 return X509_STORE_set_default_paths(ctx->cert_store);
2251}
Adam Langley95c29f32014-06-20 12:00:00 -07002252
2253int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
Adam Langleyfcf25832014-12-18 17:42:32 -08002254 const char *CApath) {
2255 return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);
2256}
Adam Langley95c29f32014-06-20 12:00:00 -07002257
2258void SSL_set_info_callback(SSL *ssl,
Adam Langleyfcf25832014-12-18 17:42:32 -08002259 void (*cb)(const SSL *ssl, int type, int val)) {
2260 ssl->info_callback = cb;
2261}
Adam Langley95c29f32014-06-20 12:00:00 -07002262
Adam Langleyfcf25832014-12-18 17:42:32 -08002263void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/, int /*type*/,
2264 int /*val*/) {
2265 return ssl->info_callback;
2266}
Adam Langley95c29f32014-06-20 12:00:00 -07002267
Adam Langleyfcf25832014-12-18 17:42:32 -08002268int SSL_state(const SSL *ssl) { return ssl->state; }
Adam Langley95c29f32014-06-20 12:00:00 -07002269
David Benjaminece089c2015-05-15 23:52:42 -04002270void SSL_set_state(SSL *ssl, int state) { }
Adam Langley95c29f32014-06-20 12:00:00 -07002271
Adam Langleyfcf25832014-12-18 17:42:32 -08002272void SSL_set_verify_result(SSL *ssl, long arg) { ssl->verify_result = arg; }
Adam Langley95c29f32014-06-20 12:00:00 -07002273
Adam Langleyfcf25832014-12-18 17:42:32 -08002274long SSL_get_verify_result(const SSL *ssl) { return ssl->verify_result; }
Adam Langley95c29f32014-06-20 12:00:00 -07002275
Adam Langleyfcf25832014-12-18 17:42:32 -08002276int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2277 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) {
David Benjamin9f33fc62015-04-15 17:29:53 -04002278 int index;
2279 if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl, &index, argl, argp,
2280 new_func, dup_func, free_func)) {
2281 return -1;
2282 }
2283 return index;
Adam Langleyfcf25832014-12-18 17:42:32 -08002284}
Adam Langley95c29f32014-06-20 12:00:00 -07002285
Adam Langleyfcf25832014-12-18 17:42:32 -08002286int SSL_set_ex_data(SSL *s, int idx, void *arg) {
2287 return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
2288}
Adam Langley95c29f32014-06-20 12:00:00 -07002289
Adam Langleyfcf25832014-12-18 17:42:32 -08002290void *SSL_get_ex_data(const SSL *s, int idx) {
2291 return CRYPTO_get_ex_data(&s->ex_data, idx);
2292}
Adam Langley95c29f32014-06-20 12:00:00 -07002293
Adam Langleyfcf25832014-12-18 17:42:32 -08002294int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2295 CRYPTO_EX_dup *dup_func,
2296 CRYPTO_EX_free *free_func) {
David Benjamin9f33fc62015-04-15 17:29:53 -04002297 int index;
2298 if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl_ctx, &index, argl, argp,
2299 new_func, dup_func, free_func)) {
2300 return -1;
2301 }
2302 return index;
Adam Langleyfcf25832014-12-18 17:42:32 -08002303}
Adam Langley95c29f32014-06-20 12:00:00 -07002304
Adam Langleyfcf25832014-12-18 17:42:32 -08002305int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) {
2306 return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
2307}
Adam Langley95c29f32014-06-20 12:00:00 -07002308
Adam Langleyfcf25832014-12-18 17:42:32 -08002309void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) {
2310 return CRYPTO_get_ex_data(&s->ex_data, idx);
2311}
Adam Langley95c29f32014-06-20 12:00:00 -07002312
Adam Langleyfcf25832014-12-18 17:42:32 -08002313X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
2314 return ctx->cert_store;
2315}
Adam Langley95c29f32014-06-20 12:00:00 -07002316
Adam Langleyfcf25832014-12-18 17:42:32 -08002317void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) {
David Benjamin2755a3e2015-04-22 16:17:58 -04002318 X509_STORE_free(ctx->cert_store);
Adam Langleyfcf25832014-12-18 17:42:32 -08002319 ctx->cert_store = store;
2320}
Adam Langley95c29f32014-06-20 12:00:00 -07002321
Adam Langleyfcf25832014-12-18 17:42:32 -08002322int SSL_want(const SSL *s) { return s->rwstate; }
Adam Langley95c29f32014-06-20 12:00:00 -07002323
Adam Langleyfcf25832014-12-18 17:42:32 -08002324void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
2325 RSA *(*cb)(SSL *ssl, int is_export,
2326 int keylength)) {
Adam Langleyfcf25832014-12-18 17:42:32 -08002327}
Adam Langley95c29f32014-06-20 12:00:00 -07002328
Adam Langleyfcf25832014-12-18 17:42:32 -08002329void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
2330 int keylength)) {
Adam Langleyfcf25832014-12-18 17:42:32 -08002331}
2332
2333void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
David Benjamin59015c32015-04-26 13:13:55 -04002334 DH *(*callback)(SSL *ssl, int is_export,
2335 int keylength)) {
2336 ctx->cert->dh_tmp_cb = callback;
Adam Langleyfcf25832014-12-18 17:42:32 -08002337}
2338
David Benjamin59015c32015-04-26 13:13:55 -04002339void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*callback)(SSL *ssl, int is_export,
2340 int keylength)) {
2341 ssl->cert->dh_tmp_cb = callback;
Adam Langleyfcf25832014-12-18 17:42:32 -08002342}
2343
2344void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
David Benjamindd978782015-04-24 15:20:13 -04002345 EC_KEY *(*callback)(SSL *ssl, int is_export,
2346 int keylength)) {
David Benjamin59015c32015-04-26 13:13:55 -04002347 ctx->cert->ecdh_tmp_cb = callback;
Adam Langleyfcf25832014-12-18 17:42:32 -08002348}
2349
2350void SSL_set_tmp_ecdh_callback(SSL *ssl,
David Benjamindd978782015-04-24 15:20:13 -04002351 EC_KEY *(*callback)(SSL *ssl, int is_export,
2352 int keylength)) {
David Benjamin59015c32015-04-26 13:13:55 -04002353 ssl->cert->ecdh_tmp_cb = callback;
Adam Langleyfcf25832014-12-18 17:42:32 -08002354}
2355
2356int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) {
2357 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
David Benjamin3570d732015-06-29 00:28:17 -04002358 OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
Adam Langleyfcf25832014-12-18 17:42:32 -08002359 return 0;
2360 }
2361
David Benjamin2755a3e2015-04-22 16:17:58 -04002362 OPENSSL_free(ctx->psk_identity_hint);
Adam Langleyfcf25832014-12-18 17:42:32 -08002363
2364 if (identity_hint != NULL) {
2365 ctx->psk_identity_hint = BUF_strdup(identity_hint);
2366 if (ctx->psk_identity_hint == NULL) {
2367 return 0;
Adam Langley95c29f32014-06-20 12:00:00 -07002368 }
Adam Langleyfcf25832014-12-18 17:42:32 -08002369 } else {
2370 ctx->psk_identity_hint = NULL;
2371 }
Adam Langley95c29f32014-06-20 12:00:00 -07002372
Adam Langleyfcf25832014-12-18 17:42:32 -08002373 return 1;
2374}
2375
2376int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) {
2377 if (s == NULL) {
2378 return 0;
2379 }
2380
2381 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
David Benjamin3570d732015-06-29 00:28:17 -04002382 OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
Adam Langleyfcf25832014-12-18 17:42:32 -08002383 return 0;
2384 }
2385
2386 /* Clear currently configured hint, if any. */
David Benjamin2755a3e2015-04-22 16:17:58 -04002387 OPENSSL_free(s->psk_identity_hint);
2388 s->psk_identity_hint = NULL;
Adam Langleyfcf25832014-12-18 17:42:32 -08002389
2390 if (identity_hint != NULL) {
2391 s->psk_identity_hint = BUF_strdup(identity_hint);
2392 if (s->psk_identity_hint == NULL) {
2393 return 0;
Adam Langley95c29f32014-06-20 12:00:00 -07002394 }
Adam Langleyfcf25832014-12-18 17:42:32 -08002395 }
Adam Langley95c29f32014-06-20 12:00:00 -07002396
Adam Langleyfcf25832014-12-18 17:42:32 -08002397 return 1;
2398}
Adam Langley95c29f32014-06-20 12:00:00 -07002399
Adam Langleyfcf25832014-12-18 17:42:32 -08002400const char *SSL_get_psk_identity_hint(const SSL *s) {
2401 if (s == NULL) {
2402 return NULL;
2403 }
2404 return s->psk_identity_hint;
2405}
Adam Langley95c29f32014-06-20 12:00:00 -07002406
Adam Langleyfcf25832014-12-18 17:42:32 -08002407const char *SSL_get_psk_identity(const SSL *s) {
2408 if (s == NULL || s->session == NULL) {
2409 return NULL;
2410 }
Adam Langley95c29f32014-06-20 12:00:00 -07002411
Adam Langleyfcf25832014-12-18 17:42:32 -08002412 return s->session->psk_identity;
2413}
Adam Langley95c29f32014-06-20 12:00:00 -07002414
Adam Langleyfcf25832014-12-18 17:42:32 -08002415void SSL_set_psk_client_callback(
2416 SSL *s, unsigned int (*cb)(SSL *ssl, const char *hint, char *identity,
2417 unsigned int max_identity_len, uint8_t *psk,
2418 unsigned int max_psk_len)) {
2419 s->psk_client_callback = cb;
2420}
Adam Langley95c29f32014-06-20 12:00:00 -07002421
Adam Langleyfcf25832014-12-18 17:42:32 -08002422void SSL_CTX_set_psk_client_callback(
2423 SSL_CTX *ctx, unsigned int (*cb)(SSL *ssl, const char *hint, char *identity,
2424 unsigned int max_identity_len,
2425 uint8_t *psk, unsigned int max_psk_len)) {
2426 ctx->psk_client_callback = cb;
2427}
Adam Langley95c29f32014-06-20 12:00:00 -07002428
Adam Langleyfcf25832014-12-18 17:42:32 -08002429void SSL_set_psk_server_callback(
2430 SSL *s, unsigned int (*cb)(SSL *ssl, const char *identity, uint8_t *psk,
2431 unsigned int max_psk_len)) {
2432 s->psk_server_callback = cb;
2433}
Adam Langley95c29f32014-06-20 12:00:00 -07002434
Adam Langleyfcf25832014-12-18 17:42:32 -08002435void SSL_CTX_set_psk_server_callback(
2436 SSL_CTX *ctx, unsigned int (*cb)(SSL *ssl, const char *identity,
2437 uint8_t *psk, unsigned int max_psk_len)) {
2438 ctx->psk_server_callback = cb;
2439}
Adam Langley95c29f32014-06-20 12:00:00 -07002440
Adam Langleyfcf25832014-12-18 17:42:32 -08002441void SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version) {
2442 ctx->min_version = version;
2443}
Adam Langley95c29f32014-06-20 12:00:00 -07002444
Adam Langleyfcf25832014-12-18 17:42:32 -08002445void SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version) {
2446 ctx->max_version = version;
2447}
Adam Langley0289c732014-06-20 12:00:00 -07002448
Adam Langleyfcf25832014-12-18 17:42:32 -08002449void SSL_set_min_version(SSL *ssl, uint16_t version) {
2450 ssl->min_version = version;
2451}
Adam Langley0289c732014-06-20 12:00:00 -07002452
Adam Langleyfcf25832014-12-18 17:42:32 -08002453void SSL_set_max_version(SSL *ssl, uint16_t version) {
2454 ssl->max_version = version;
2455}
Adam Langley95c29f32014-06-20 12:00:00 -07002456
Adam Langleyfcf25832014-12-18 17:42:32 -08002457void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
2458 void (*cb)(int write_p, int version,
2459 int content_type, const void *buf,
2460 size_t len, SSL *ssl, void *arg)) {
David Benjamin59015c32015-04-26 13:13:55 -04002461 ctx->msg_callback = cb;
Adam Langleyfcf25832014-12-18 17:42:32 -08002462}
David Benjamin61ecccf2015-05-05 09:44:51 -04002463
2464void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg) {
2465 ctx->msg_callback_arg = arg;
2466}
2467
Adam Langleyfcf25832014-12-18 17:42:32 -08002468void SSL_set_msg_callback(SSL *ssl,
2469 void (*cb)(int write_p, int version, int content_type,
2470 const void *buf, size_t len, SSL *ssl,
2471 void *arg)) {
David Benjamin59015c32015-04-26 13:13:55 -04002472 ssl->msg_callback = cb;
Adam Langleyfcf25832014-12-18 17:42:32 -08002473}
Adam Langley95c29f32014-06-20 12:00:00 -07002474
David Benjamin61ecccf2015-05-05 09:44:51 -04002475void SSL_set_msg_callback_arg(SSL *ssl, void *arg) {
2476 ssl->msg_callback_arg = arg;
2477}
2478
Adam Langleyfcf25832014-12-18 17:42:32 -08002479void SSL_CTX_set_keylog_bio(SSL_CTX *ctx, BIO *keylog_bio) {
David Benjamin2755a3e2015-04-22 16:17:58 -04002480 BIO_free(ctx->keylog_bio);
Adam Langleyfcf25832014-12-18 17:42:32 -08002481 ctx->keylog_bio = keylog_bio;
2482}
Adam Langley95c29f32014-06-20 12:00:00 -07002483
Adam Langleyfcf25832014-12-18 17:42:32 -08002484static int cbb_add_hex(CBB *cbb, const uint8_t *in, size_t in_len) {
2485 static const char hextable[] = "0123456789abcdef";
2486 uint8_t *out;
2487 size_t i;
Adam Langley95c29f32014-06-20 12:00:00 -07002488
Adam Langleyfcf25832014-12-18 17:42:32 -08002489 if (!CBB_add_space(cbb, &out, in_len * 2)) {
2490 return 0;
2491 }
Adam Langley95c29f32014-06-20 12:00:00 -07002492
Adam Langleyfcf25832014-12-18 17:42:32 -08002493 for (i = 0; i < in_len; i++) {
2494 *(out++) = (uint8_t)hextable[in[i] >> 4];
2495 *(out++) = (uint8_t)hextable[in[i] & 0xf];
2496 }
Adam Langley95c29f32014-06-20 12:00:00 -07002497
Adam Langleyfcf25832014-12-18 17:42:32 -08002498 return 1;
2499}
David Benjamin859ec3c2014-09-02 16:29:36 -04002500
2501int ssl_ctx_log_rsa_client_key_exchange(SSL_CTX *ctx,
Adam Langleyfcf25832014-12-18 17:42:32 -08002502 const uint8_t *encrypted_premaster,
2503 size_t encrypted_premaster_len,
2504 const uint8_t *premaster,
2505 size_t premaster_len) {
2506 BIO *bio = ctx->keylog_bio;
2507 CBB cbb;
2508 uint8_t *out;
2509 size_t out_len;
2510 int ret;
David Benjamin859ec3c2014-09-02 16:29:36 -04002511
Adam Langleyfcf25832014-12-18 17:42:32 -08002512 if (bio == NULL) {
2513 return 1;
2514 }
David Benjamin859ec3c2014-09-02 16:29:36 -04002515
Adam Langleyfcf25832014-12-18 17:42:32 -08002516 if (encrypted_premaster_len < 8) {
David Benjamin3570d732015-06-29 00:28:17 -04002517 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
Adam Langleyfcf25832014-12-18 17:42:32 -08002518 return 0;
2519 }
David Benjamin859ec3c2014-09-02 16:29:36 -04002520
David Benjamina8653202015-06-28 01:26:10 -04002521 CBB_zero(&cbb);
2522 if (!CBB_init(&cbb, 4 + 16 + 1 + premaster_len * 2 + 1) ||
2523 !CBB_add_bytes(&cbb, (const uint8_t *)"RSA ", 4) ||
Adam Langleyfcf25832014-12-18 17:42:32 -08002524 /* Only the first 8 bytes of the encrypted premaster secret are
2525 * logged. */
2526 !cbb_add_hex(&cbb, encrypted_premaster, 8) ||
2527 !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) ||
2528 !cbb_add_hex(&cbb, premaster, premaster_len) ||
2529 !CBB_add_bytes(&cbb, (const uint8_t *)"\n", 1) ||
2530 !CBB_finish(&cbb, &out, &out_len)) {
2531 CBB_cleanup(&cbb);
2532 return 0;
2533 }
David Benjamin859ec3c2014-09-02 16:29:36 -04002534
Adam Langley4bdb6e42015-05-15 15:29:21 -07002535 CRYPTO_MUTEX_lock_write(&ctx->lock);
Adam Langleyfcf25832014-12-18 17:42:32 -08002536 ret = BIO_write(bio, out, out_len) >= 0 && BIO_flush(bio);
Adam Langley4bdb6e42015-05-15 15:29:21 -07002537 CRYPTO_MUTEX_unlock(&ctx->lock);
David Benjamin859ec3c2014-09-02 16:29:36 -04002538
Adam Langleyfcf25832014-12-18 17:42:32 -08002539 OPENSSL_free(out);
2540 return ret;
Adam Langley95f22882014-06-20 12:00:00 -07002541}
2542
Adam Langleyfcf25832014-12-18 17:42:32 -08002543int ssl_ctx_log_master_secret(SSL_CTX *ctx, const uint8_t *client_random,
2544 size_t client_random_len, const uint8_t *master,
2545 size_t master_len) {
2546 BIO *bio = ctx->keylog_bio;
2547 CBB cbb;
2548 uint8_t *out;
2549 size_t out_len;
2550 int ret;
Adam Langleyadb739e2014-06-20 12:00:00 -07002551
Adam Langleyfcf25832014-12-18 17:42:32 -08002552 if (bio == NULL) {
2553 return 1;
2554 }
Adam Langleyadb739e2014-06-20 12:00:00 -07002555
Adam Langleyfcf25832014-12-18 17:42:32 -08002556 if (client_random_len != 32) {
David Benjamin3570d732015-06-29 00:28:17 -04002557 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
Adam Langleyfcf25832014-12-18 17:42:32 -08002558 return 0;
2559 }
Adam Langleyadb739e2014-06-20 12:00:00 -07002560
David Benjamina8653202015-06-28 01:26:10 -04002561 CBB_zero(&cbb);
2562 if (!CBB_init(&cbb, 14 + 64 + 1 + master_len * 2 + 1) ||
2563 !CBB_add_bytes(&cbb, (const uint8_t *)"CLIENT_RANDOM ", 14) ||
Adam Langleyfcf25832014-12-18 17:42:32 -08002564 !cbb_add_hex(&cbb, client_random, 32) ||
2565 !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) ||
2566 !cbb_add_hex(&cbb, master, master_len) ||
2567 !CBB_add_bytes(&cbb, (const uint8_t *)"\n", 1) ||
2568 !CBB_finish(&cbb, &out, &out_len)) {
2569 CBB_cleanup(&cbb);
2570 return 0;
2571 }
Adam Langleyadb739e2014-06-20 12:00:00 -07002572
Adam Langley4bdb6e42015-05-15 15:29:21 -07002573 CRYPTO_MUTEX_lock_write(&ctx->lock);
Adam Langleyfcf25832014-12-18 17:42:32 -08002574 ret = BIO_write(bio, out, out_len) >= 0 && BIO_flush(bio);
Adam Langley4bdb6e42015-05-15 15:29:21 -07002575 CRYPTO_MUTEX_unlock(&ctx->lock);
David Benjamine99e9122014-12-11 01:46:01 -05002576
Adam Langleyfcf25832014-12-18 17:42:32 -08002577 OPENSSL_free(out);
2578 return ret;
Adam Langley95c29f32014-06-20 12:00:00 -07002579}
2580
David Benjamined7c4752015-02-16 19:16:46 -05002581int SSL_in_false_start(const SSL *s) {
2582 return s->s3->tmp.in_false_start;
2583}
2584
Adam Langleyfcf25832014-12-18 17:42:32 -08002585int SSL_cutthrough_complete(const SSL *s) {
David Benjamined7c4752015-02-16 19:16:46 -05002586 return SSL_in_false_start(s);
Adam Langleyfcf25832014-12-18 17:42:32 -08002587}
Adam Langley95c29f32014-06-20 12:00:00 -07002588
Adam Langleyfcf25832014-12-18 17:42:32 -08002589void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size,
2590 size_t *ssl_session_size) {
2591 *ssl_size = sizeof(SSL);
2592 *ssl_ctx_size = sizeof(SSL_CTX);
2593 *ssl_session_size = sizeof(SSL_SESSION);
2594}
Feng Lu41aa3252014-11-21 22:47:56 -08002595
David Benjamined7c4752015-02-16 19:16:46 -05002596int ssl3_can_false_start(const SSL *s) {
David Benjamin195dc782015-02-19 13:27:05 -05002597 const SSL_CIPHER *const cipher = SSL_get_current_cipher(s);
Adam Langleyfcf25832014-12-18 17:42:32 -08002598
Adam Langleye631d962015-04-01 13:11:01 -07002599 /* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */
David Benjamin195dc782015-02-19 13:27:05 -05002600 return !SSL_IS_DTLS(s) &&
2601 SSL_version(s) >= TLS1_2_VERSION &&
2602 (s->s3->alpn_selected || s->s3->next_proto_neg_seen) &&
2603 cipher != NULL &&
Adam Langleye631d962015-04-01 13:11:01 -07002604 cipher->algorithm_mkey == SSL_kECDHE &&
David Benjamin195dc782015-02-19 13:27:05 -05002605 (cipher->algorithm_enc == SSL_AES128GCM ||
2606 cipher->algorithm_enc == SSL_AES256GCM ||
2607 cipher->algorithm_enc == SSL_CHACHA20POLY1305);
Adam Langleyfcf25832014-12-18 17:42:32 -08002608}
2609
2610const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version) {
2611 switch (version) {
2612 case SSL3_VERSION:
2613 return &SSLv3_enc_data;
2614
2615 case TLS1_VERSION:
2616 return &TLSv1_enc_data;
2617
David Benjamin9e13e1a2015-03-05 01:56:32 -05002618 case DTLS1_VERSION:
Adam Langleyfcf25832014-12-18 17:42:32 -08002619 case TLS1_1_VERSION:
2620 return &TLSv1_1_enc_data;
2621
David Benjamin9e13e1a2015-03-05 01:56:32 -05002622 case DTLS1_2_VERSION:
Adam Langleyfcf25832014-12-18 17:42:32 -08002623 case TLS1_2_VERSION:
2624 return &TLSv1_2_enc_data;
2625
Adam Langleyfcf25832014-12-18 17:42:32 -08002626 default:
2627 return NULL;
2628 }
2629}
2630
2631uint16_t ssl3_get_max_server_version(const SSL *s) {
2632 uint16_t max_version;
2633
2634 if (SSL_IS_DTLS(s)) {
2635 max_version = (s->max_version != 0) ? s->max_version : DTLS1_2_VERSION;
2636 if (!(s->options & SSL_OP_NO_DTLSv1_2) && DTLS1_2_VERSION >= max_version) {
2637 return DTLS1_2_VERSION;
2638 }
2639 if (!(s->options & SSL_OP_NO_DTLSv1) && DTLS1_VERSION >= max_version) {
2640 return DTLS1_VERSION;
2641 }
2642 return 0;
2643 }
2644
2645 max_version = (s->max_version != 0) ? s->max_version : TLS1_2_VERSION;
2646 if (!(s->options & SSL_OP_NO_TLSv1_2) && TLS1_2_VERSION <= max_version) {
2647 return TLS1_2_VERSION;
2648 }
2649 if (!(s->options & SSL_OP_NO_TLSv1_1) && TLS1_1_VERSION <= max_version) {
2650 return TLS1_1_VERSION;
2651 }
2652 if (!(s->options & SSL_OP_NO_TLSv1) && TLS1_VERSION <= max_version) {
2653 return TLS1_VERSION;
2654 }
2655 if (!(s->options & SSL_OP_NO_SSLv3) && SSL3_VERSION <= max_version) {
2656 return SSL3_VERSION;
2657 }
2658 return 0;
2659}
2660
2661uint16_t ssl3_get_mutual_version(SSL *s, uint16_t client_version) {
2662 uint16_t version = 0;
2663
2664 if (SSL_IS_DTLS(s)) {
2665 /* Clamp client_version to max_version. */
2666 if (s->max_version != 0 && client_version < s->max_version) {
2667 client_version = s->max_version;
2668 }
2669
2670 if (client_version <= DTLS1_2_VERSION && !(s->options & SSL_OP_NO_DTLSv1_2)) {
2671 version = DTLS1_2_VERSION;
2672 } else if (client_version <= DTLS1_VERSION &&
David Benjaminb18f0242015-03-10 18:30:08 -04002673 !(s->options & SSL_OP_NO_DTLSv1)) {
Adam Langleyfcf25832014-12-18 17:42:32 -08002674 version = DTLS1_VERSION;
2675 }
2676
2677 /* Check against min_version. */
2678 if (version != 0 && s->min_version != 0 && version > s->min_version) {
2679 return 0;
2680 }
2681 return version;
2682 } else {
2683 /* Clamp client_version to max_version. */
2684 if (s->max_version != 0 && client_version > s->max_version) {
2685 client_version = s->max_version;
2686 }
2687
2688 if (client_version >= TLS1_2_VERSION && !(s->options & SSL_OP_NO_TLSv1_2)) {
2689 version = TLS1_2_VERSION;
2690 } else if (client_version >= TLS1_1_VERSION &&
2691 !(s->options & SSL_OP_NO_TLSv1_1)) {
2692 version = TLS1_1_VERSION;
2693 } else if (client_version >= TLS1_VERSION && !(s->options & SSL_OP_NO_TLSv1)) {
2694 version = TLS1_VERSION;
2695 } else if (client_version >= SSL3_VERSION && !(s->options & SSL_OP_NO_SSLv3)) {
2696 version = SSL3_VERSION;
2697 }
2698
2699 /* Check against min_version. */
2700 if (version != 0 && s->min_version != 0 && version < s->min_version) {
2701 return 0;
2702 }
2703 return version;
2704 }
2705}
2706
2707uint16_t ssl3_get_max_client_version(SSL *s) {
David Benjamin123a8fd2015-04-26 14:16:41 -04002708 uint32_t options = s->options;
Adam Langleyfcf25832014-12-18 17:42:32 -08002709 uint16_t version = 0;
2710
2711 /* OpenSSL's API for controlling versions entails blacklisting individual
2712 * protocols. This has two problems. First, on the client, the protocol can
2713 * only express a contiguous range of versions. Second, a library consumer
2714 * trying to set a maximum version cannot disable protocol versions that get
2715 * added in a future version of the library.
2716 *
2717 * To account for both of these, OpenSSL interprets the client-side bitmask
2718 * as a min/max range by picking the lowest contiguous non-empty range of
2719 * enabled protocols. Note that this means it is impossible to set a maximum
2720 * version of TLS 1.2 in a future-proof way.
2721 *
2722 * By this scheme, the maximum version is the lowest version V such that V is
2723 * enabled and V+1 is disabled or unimplemented. */
2724 if (SSL_IS_DTLS(s)) {
2725 if (!(options & SSL_OP_NO_DTLSv1_2)) {
2726 version = DTLS1_2_VERSION;
2727 }
2728 if (!(options & SSL_OP_NO_DTLSv1) && (options & SSL_OP_NO_DTLSv1_2)) {
2729 version = DTLS1_VERSION;
2730 }
2731 if (s->max_version != 0 && version < s->max_version) {
2732 version = s->max_version;
2733 }
2734 } else {
2735 if (!(options & SSL_OP_NO_TLSv1_2)) {
2736 version = TLS1_2_VERSION;
2737 }
2738 if (!(options & SSL_OP_NO_TLSv1_1) && (options & SSL_OP_NO_TLSv1_2)) {
2739 version = TLS1_1_VERSION;
2740 }
2741 if (!(options & SSL_OP_NO_TLSv1) && (options & SSL_OP_NO_TLSv1_1)) {
2742 version = TLS1_VERSION;
2743 }
2744 if (!(options & SSL_OP_NO_SSLv3) && (options & SSL_OP_NO_TLSv1)) {
2745 version = SSL3_VERSION;
2746 }
2747 if (s->max_version != 0 && version > s->max_version) {
2748 version = s->max_version;
2749 }
2750 }
2751
2752 return version;
2753}
2754
2755int ssl3_is_version_enabled(SSL *s, uint16_t version) {
2756 if (SSL_IS_DTLS(s)) {
2757 if (s->max_version != 0 && version < s->max_version) {
2758 return 0;
2759 }
2760 if (s->min_version != 0 && version > s->min_version) {
2761 return 0;
2762 }
2763
2764 switch (version) {
2765 case DTLS1_VERSION:
2766 return !(s->options & SSL_OP_NO_DTLSv1);
2767
2768 case DTLS1_2_VERSION:
2769 return !(s->options & SSL_OP_NO_DTLSv1_2);
2770
2771 default:
2772 return 0;
2773 }
2774 } else {
2775 if (s->max_version != 0 && version > s->max_version) {
2776 return 0;
2777 }
2778 if (s->min_version != 0 && version < s->min_version) {
2779 return 0;
2780 }
2781
2782 switch (version) {
2783 case SSL3_VERSION:
2784 return !(s->options & SSL_OP_NO_SSLv3);
2785
2786 case TLS1_VERSION:
2787 return !(s->options & SSL_OP_NO_TLSv1);
2788
2789 case TLS1_1_VERSION:
2790 return !(s->options & SSL_OP_NO_TLSv1_1);
2791
2792 case TLS1_2_VERSION:
2793 return !(s->options & SSL_OP_NO_TLSv1_2);
2794
2795 default:
2796 return 0;
2797 }
2798 }
2799}
2800
David Benjaminea72bd02014-12-21 21:27:41 -05002801uint16_t ssl3_version_from_wire(SSL *s, uint16_t wire_version) {
2802 if (!SSL_IS_DTLS(s)) {
2803 return wire_version;
2804 }
2805
2806 uint16_t tls_version = ~wire_version;
2807 uint16_t version = tls_version + 0x0201;
2808 /* If either component overflowed, clamp it so comparisons still work. */
2809 if ((version >> 8) < (tls_version >> 8)) {
2810 version = 0xff00 | (version & 0xff);
2811 }
2812 if ((version & 0xff) < (tls_version & 0xff)) {
2813 version = (version & 0xff00) | 0xff;
2814 }
2815 /* DTLS 1.0 maps to TLS 1.1, not TLS 1.0. */
2816 if (version == TLS1_VERSION) {
2817 version = TLS1_1_VERSION;
2818 }
2819 return version;
2820}
2821
Adam Langleyfcf25832014-12-18 17:42:32 -08002822int SSL_cache_hit(SSL *s) { return s->hit; }
2823
2824int SSL_is_server(SSL *s) { return s->server; }
2825
Adam Langley524e7172015-02-20 16:04:00 -08002826void SSL_CTX_set_dos_protection_cb(
2827 SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)) {
2828 ctx->dos_protection_cb = cb;
2829}
2830
David Benjaminb16346b2015-04-08 19:16:58 -04002831void SSL_set_reject_peer_renegotiations(SSL *s, int reject) {
David Benjamin897e5e02015-05-12 17:03:54 -04002832 s->accept_peer_renegotiations = !reject;
David Benjaminb16346b2015-04-08 19:16:58 -04002833}
2834
Adam Langley3f92d212015-02-20 15:32:52 -08002835int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key,
2836 const RC4_KEY **write_key) {
2837 if (ssl->aead_read_ctx == NULL || ssl->aead_write_ctx == NULL) {
2838 return 0;
2839 }
2840
2841 return EVP_AEAD_CTX_get_rc4_state(&ssl->aead_read_ctx->ctx, read_key) &&
2842 EVP_AEAD_CTX_get_rc4_state(&ssl->aead_write_ctx->ctx, write_key);
2843}
David Benjaminda881e92015-04-26 14:45:04 -04002844
Adam Langleyaf0e32c2015-06-03 09:57:23 -07002845int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len,
2846 size_t max_out) {
2847 /* The tls-unique value is the first Finished message in the handshake, which
2848 * is the client's in a full handshake and the server's for a resumption. See
2849 * https://tools.ietf.org/html/rfc5929#section-3.1. */
2850 const uint8_t *finished = ssl->s3->previous_client_finished;
2851 size_t finished_len = ssl->s3->previous_client_finished_len;
2852 if (ssl->hit) {
2853 /* tls-unique is broken for resumed sessions unless EMS is used. */
2854 if (!ssl->session->extended_master_secret) {
2855 goto err;
2856 }
2857 finished = ssl->s3->previous_server_finished;
2858 finished_len = ssl->s3->previous_server_finished_len;
2859 }
2860
2861 if (!ssl->s3->initial_handshake_complete ||
2862 ssl->version < TLS1_VERSION) {
2863 goto err;
2864 }
2865
2866 *out_len = finished_len;
2867 if (finished_len > max_out) {
2868 *out_len = max_out;
2869 }
2870
2871 memcpy(out, finished, *out_len);
2872 return 1;
2873
2874err:
2875 *out_len = 0;
2876 memset(out, 0, max_out);
2877 return 0;
2878}
2879
David Benjaminda881e92015-04-26 14:45:04 -04002880int SSL_CTX_sess_connect(const SSL_CTX *ctx) { return 0; }
2881int SSL_CTX_sess_connect_good(const SSL_CTX *ctx) { return 0; }
2882int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx) { return 0; }
2883int SSL_CTX_sess_accept(const SSL_CTX *ctx) { return 0; }
2884int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx) { return 0; }
2885int SSL_CTX_sess_accept_good(const SSL_CTX *ctx) { return 0; }
2886int SSL_CTX_sess_hits(const SSL_CTX *ctx) { return 0; }
2887int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx) { return 0; }
2888int SSL_CTX_sess_misses(const SSL_CTX *ctx) { return 0; }
2889int SSL_CTX_sess_timeouts(const SSL_CTX *ctx) { return 0; }
2890int SSL_CTX_sess_cache_full(const SSL_CTX *ctx) { return 0; }