Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 95c29f3cd1f6c08c6c0927868683392eea727ccb / . / ssl / ssl_lib.c
blob: eec32b2936af3f31c710071085fb79f606032d9d [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame^]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57/* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110/* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114 */
115/* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
117 *
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120 * license.
121 *
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
125 *
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
129 *
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
134 *
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139 * OTHERWISE. */
140
141#include <stdio.h>
142#include <assert.h>
143
144#include <openssl/dh.h>
145#include <openssl/engine.h>
146#include <openssl/lhash.h>
147#include <openssl/mem.h>
148#include <openssl/obj.h>
149#include <openssl/rand.h>
150#include <openssl/x509v3.h>
151
152#include "ssl_locl.h"
153
154SSL3_ENC_METHOD ssl3_undef_enc_method={
155 /* evil casts, but these functions are only called if there's a library bug */
156 (int (*)(SSL *,int))ssl_undefined_function,
157 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
158 ssl_undefined_function,
159 (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
160 (int (*)(SSL*, int))ssl_undefined_function,
161 (int (*)(SSL *, const char*, int, unsigned char *))ssl_undefined_function,
162 0, /* finish_mac_length */
163 (int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
164 NULL, /* client_finished_label */
165 0, /* client_finished_label_len */
166 NULL, /* server_finished_label */
167 0, /* server_finished_label_len */
168 (int (*)(int))ssl_undefined_function,
169 (int (*)(SSL *, unsigned char *, size_t, const char *,
170 size_t, const unsigned char *, size_t,
171 int use_context)) ssl_undefined_function,
172 };
173
174int SSL_clear(SSL *s)
175 {
176
177 if (s->method == NULL)
178 {
179 OPENSSL_PUT_ERROR(SSL, SSL_clear, SSL_R_NO_METHOD_SPECIFIED);
180 return(0);
181 }
182
183 if (ssl_clear_bad_session(s))
184 {
185 SSL_SESSION_free(s->session);
186 s->session=NULL;
187 }
188
189 s->error=0;
190 s->hit=0;
191 s->shutdown=0;
192
193#if 0 /* Disabled since version 1.10 of this file (early return not
194 * needed because SSL_clear is not called when doing renegotiation) */
195 /* This is set if we are doing dynamic renegotiation so keep
196 * the old cipher. It is sort of a SSL_clear_lite :-) */
197 if (s->renegotiate) return(1);
198#else
199 if (s->renegotiate)
200 {
201 OPENSSL_PUT_ERROR(SSL, SSL_clear, ERR_R_INTERNAL_ERROR);
202 return 0;
203 }
204#endif
205
206 s->type=0;
207
208 s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
209
210 s->version=s->method->version;
211 s->client_version=s->version;
212 s->rwstate=SSL_NOTHING;
213 s->rstate=SSL_ST_READ_HEADER;
214#if 0
215 s->read_ahead=s->ctx->read_ahead;
216#endif
217
218 if (s->init_buf != NULL)
219 {
220 BUF_MEM_free(s->init_buf);
221 s->init_buf=NULL;
222 }
223
224 ssl_clear_cipher_ctx(s);
225 ssl_clear_hash_ctx(&s->read_hash);
226 ssl_clear_hash_ctx(&s->write_hash);
227
228 s->first_packet=0;
229
230#if 1
231 /* Check to see if we were changed into a different method, if
232 * so, revert back if we are not doing session-id reuse. */
233 if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
234 {
235 s->method->ssl_free(s);
236 s->method=s->ctx->method;
237 if (!s->method->ssl_new(s))
238 return(0);
239 }
240 else
241#endif
242 s->method->ssl_clear(s);
243 return(1);
244 }
245
246/** Used to change an SSL_CTXs default SSL method type */
247int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
248 {
249 STACK_OF(SSL_CIPHER) *sk;
250
251 ctx->method=meth;
252
253 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
254 &(ctx->cipher_list_by_id),
255 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, ctx->cert);
256 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
257 {
258 OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_ssl_version, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
259 return(0);
260 }
261 return(1);
262 }
263
264SSL *SSL_new(SSL_CTX *ctx)
265 {
266 SSL *s;
267
268 if (ctx == NULL)
269 {
270 OPENSSL_PUT_ERROR(SSL, SSL_new, SSL_R_NULL_SSL_CTX);
271 return(NULL);
272 }
273 if (ctx->method == NULL)
274 {
275 OPENSSL_PUT_ERROR(SSL, SSL_new, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
276 return(NULL);
277 }
278
279 s=(SSL *)OPENSSL_malloc(sizeof(SSL));
280 if (s == NULL) goto err;
281 memset(s,0,sizeof(SSL));
282
283 s->options=ctx->options;
284 s->mode=ctx->mode;
285 s->max_cert_list=ctx->max_cert_list;
286
287 if (ctx->cert != NULL)
288 {
289 /* Earlier library versions used to copy the pointer to
290 * the CERT, not its contents; only when setting new
291 * parameters for the per-SSL copy, ssl_cert_new would be
292 * called (and the direct reference to the per-SSL_CTX
293 * settings would be lost, but those still were indirectly
294 * accessed for various purposes, and for that reason they
295 * used to be known as s->ctx->default_cert).
296 * Now we don't look at the SSL_CTX's CERT after having
297 * duplicated it once. */
298
299 s->cert = ssl_cert_dup(ctx->cert);
300 if (s->cert == NULL)
301 goto err;
302 }
303 else
304 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
305
306 s->read_ahead=ctx->read_ahead;
307 s->msg_callback=ctx->msg_callback;
308 s->msg_callback_arg=ctx->msg_callback_arg;
309 s->verify_mode=ctx->verify_mode;
310#if 0
311 s->verify_depth=ctx->verify_depth;
312#endif
313 s->sid_ctx_length=ctx->sid_ctx_length;
314 assert(s->sid_ctx_length <= sizeof s->sid_ctx);
315 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
316 s->verify_callback=ctx->default_verify_callback;
317 s->generate_session_id=ctx->generate_session_id;
318
319 s->param = X509_VERIFY_PARAM_new();
320 if (!s->param)
321 goto err;
322 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
323#if 0
324 s->purpose = ctx->purpose;
325 s->trust = ctx->trust;
326#endif
327 s->quiet_shutdown=ctx->quiet_shutdown;
328 s->max_send_fragment = ctx->max_send_fragment;
329
330 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
331 s->ctx=ctx;
332#ifndef OPENSSL_NO_TLSEXT
333 s->tlsext_debug_cb = 0;
334 s->tlsext_debug_arg = NULL;
335 s->tlsext_ticket_expected = 0;
336 s->tlsext_status_type = -1;
337 s->tlsext_status_expected = 0;
338 s->tlsext_ocsp_ids = NULL;
339 s->tlsext_ocsp_exts = NULL;
340 s->tlsext_ocsp_resp = NULL;
341 s->tlsext_ocsp_resplen = -1;
342 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
343 s->initial_ctx=ctx;
344#ifndef OPENSSL_NO_EC
345 if (ctx->tlsext_ecpointformatlist)
346 {
347 s->tlsext_ecpointformatlist =
348 BUF_memdup(ctx->tlsext_ecpointformatlist,
349 ctx->tlsext_ecpointformatlist_length);
350 if (!s->tlsext_ecpointformatlist)
351 goto err;
352 s->tlsext_ecpointformatlist_length =
353 ctx->tlsext_ecpointformatlist_length;
354 }
355 if (ctx->tlsext_ellipticcurvelist)
356 {
357 s->tlsext_ellipticcurvelist =
358 BUF_memdup(ctx->tlsext_ellipticcurvelist,
359 ctx->tlsext_ellipticcurvelist_length);
360 if (!s->tlsext_ellipticcurvelist)
361 goto err;
362 s->tlsext_ellipticcurvelist_length =
363 ctx->tlsext_ellipticcurvelist_length;
364 }
365#endif
366# ifndef OPENSSL_NO_NEXTPROTONEG
367 s->next_proto_negotiated = NULL;
368# endif
369
370 if (s->ctx->alpn_client_proto_list)
371 {
372 s->alpn_client_proto_list =
373 OPENSSL_malloc(s->ctx->alpn_client_proto_list_len);
374 if (s->alpn_client_proto_list == NULL)
375 goto err;
376 memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list,
377 s->ctx->alpn_client_proto_list_len);
378 s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
379 }
380#endif
381
382 s->verify_result=X509_V_OK;
383
384 s->method=ctx->method;
385
386 if (!s->method->ssl_new(s))
387 goto err;
388
389 s->references=1;
390 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
391
392 SSL_clear(s);
393
394 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
395
396#ifndef OPENSSL_NO_PSK
397 s->psk_client_callback=ctx->psk_client_callback;
398 s->psk_server_callback=ctx->psk_server_callback;
399#endif
400
401 return(s);
402err:
403 if (s != NULL)
404 {
405 if (s->cert != NULL)
406 ssl_cert_free(s->cert);
407 if (s->ctx != NULL)
408 SSL_CTX_free(s->ctx); /* decrement reference count */
409 OPENSSL_free(s);
410 }
411 OPENSSL_PUT_ERROR(SSL, SSL_new, ERR_R_MALLOC_FAILURE);
412 return(NULL);
413 }
414
415int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
416 unsigned int sid_ctx_len)
417 {
418 if(sid_ctx_len > sizeof ctx->sid_ctx)
419 {
420 OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_session_id_context, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
421 return 0;
422 }
423 ctx->sid_ctx_length=sid_ctx_len;
424 memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
425
426 return 1;
427 }
428
429int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
430 unsigned int sid_ctx_len)
431 {
432 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
433 {
434 OPENSSL_PUT_ERROR(SSL, SSL_set_session_id_context, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
435 return 0;
436 }
437 ssl->sid_ctx_length=sid_ctx_len;
438 memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
439
440 return 1;
441 }
442
443int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
444 {
445 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
446 ctx->generate_session_id = cb;
447 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
448 return 1;
449 }
450
451int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
452 {
453 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
454 ssl->generate_session_id = cb;
455 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
456 return 1;
457 }
458
459int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
460 unsigned int id_len)
461 {
462 /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
463 * we can "construct" a session to give us the desired check - ie. to
464 * find if there's a session in the hash table that would conflict with
465 * any new session built out of this id/id_len and the ssl_version in
466 * use by this SSL. */
467 SSL_SESSION r, *p;
468
469 if(id_len > sizeof r.session_id)
470 return 0;
471
472 r.ssl_version = ssl->version;
473 r.session_id_length = id_len;
474 memcpy(r.session_id, id, id_len);
475 /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
476 * callback is calling us to check the uniqueness of a shorter ID, it
477 * must be compared as a padded-out ID because that is what it will be
478 * converted to when the callback has finished choosing it. */
479 if((r.ssl_version == SSL2_VERSION) &&
480 (id_len < SSL2_SSL_SESSION_ID_LENGTH))
481 {
482 memset(r.session_id + id_len, 0,
483 SSL2_SSL_SESSION_ID_LENGTH - id_len);
484 r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
485 }
486
487 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
488 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
489 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
490 return (p != NULL);
491 }
492
493int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
494 {
495 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
496 }
497
498int SSL_set_purpose(SSL *s, int purpose)
499 {
500 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
501 }
502
503int SSL_CTX_set_trust(SSL_CTX *s, int trust)
504 {
505 return X509_VERIFY_PARAM_set_trust(s->param, trust);
506 }
507
508int SSL_set_trust(SSL *s, int trust)
509 {
510 return X509_VERIFY_PARAM_set_trust(s->param, trust);
511 }
512
513int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
514 {
515 return X509_VERIFY_PARAM_set1(ctx->param, vpm);
516 }
517
518int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
519 {
520 return X509_VERIFY_PARAM_set1(ssl->param, vpm);
521 }
522
523X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
524 {
525 return ctx->param;
526 }
527
528X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
529 {
530 return ssl->param;
531 }
532
533void SSL_certs_clear(SSL *s)
534 {
535 ssl_cert_clear_certs(s->cert);
536 }
537
538void SSL_free(SSL *s)
539 {
540 int i;
541
542 if(s == NULL)
543 return;
544
545 i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
546#ifdef REF_PRINT
547 REF_PRINT("SSL",s);
548#endif
549 if (i > 0) return;
550#ifdef REF_CHECK
551 if (i < 0)
552 {
553 fprintf(stderr,"SSL_free, bad reference count\n");
554 abort(); /* ok */
555 }
556#endif
557
558 if (s->param)
559 X509_VERIFY_PARAM_free(s->param);
560
561 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
562
563 if (s->bbio != NULL)
564 {
565 /* If the buffering BIO is in place, pop it off */
566 if (s->bbio == s->wbio)
567 {
568 s->wbio=BIO_pop(s->wbio);
569 }
570 BIO_free(s->bbio);
571 s->bbio=NULL;
572 }
573 if (s->rbio != NULL)
574 BIO_free_all(s->rbio);
575 if ((s->wbio != NULL) && (s->wbio != s->rbio))
576 BIO_free_all(s->wbio);
577
578 if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
579
580 /* add extra stuff */
581 if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
582 if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
583
584 /* Make the next call work :-) */
585 if (s->session != NULL)
586 {
587 ssl_clear_bad_session(s);
588 SSL_SESSION_free(s->session);
589 }
590
591 ssl_clear_cipher_ctx(s);
592 ssl_clear_hash_ctx(&s->read_hash);
593 ssl_clear_hash_ctx(&s->write_hash);
594
595 if (s->cert != NULL) ssl_cert_free(s->cert);
596 /* Free up if allocated */
597
598#ifndef OPENSSL_NO_TLSEXT
599 if (s->tlsext_hostname)
600 OPENSSL_free(s->tlsext_hostname);
601 if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
602#ifndef OPENSSL_NO_EC
603 if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
604 if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
605#endif /* OPENSSL_NO_EC */
606 if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input);
607 if (s->tlsext_ocsp_exts)
608 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
609 X509_EXTENSION_free);
610 /* TODO(fork): OCSP support */
611#if 0
612 if (s->tlsext_ocsp_ids)
613 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
614#endif
615 if (s->tlsext_ocsp_resp)
616 OPENSSL_free(s->tlsext_ocsp_resp);
617 if (s->alpn_client_proto_list)
618 OPENSSL_free(s->alpn_client_proto_list);
619#endif
620
621 if (s->client_CA != NULL)
622 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
623
624 if (s->method != NULL) s->method->ssl_free(s);
625
626 if (s->ctx) SSL_CTX_free(s->ctx);
627
628#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
629 if (s->next_proto_negotiated)
630 OPENSSL_free(s->next_proto_negotiated);
631#endif
632
633 if (s->srtp_profiles)
634 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
635
636#ifndef OPENSSL_NO_DANE
637 if (s->tlsa_record && s->tlsa_record!=(void *)-1)
638 OPENSSL_free(s->tlsa_record);
639#endif
640
641 OPENSSL_free(s);
642 }
643
644void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
645 {
646 /* If the output buffering BIO is still in place, remove it
647 */
648 if (s->bbio != NULL)
649 {
650 if (s->wbio == s->bbio)
651 {
652 s->wbio=s->wbio->next_bio;
653 s->bbio->next_bio=NULL;
654 }
655 }
656 if ((s->rbio != NULL) && (s->rbio != rbio))
657 BIO_free_all(s->rbio);
658 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
659 BIO_free_all(s->wbio);
660 s->rbio=rbio;
661 s->wbio=wbio;
662 }
663
664BIO *SSL_get_rbio(const SSL *s)
665 { return(s->rbio); }
666
667BIO *SSL_get_wbio(const SSL *s)
668 { return(s->wbio); }
669
670int SSL_get_fd(const SSL *s)
671 {
672 return(SSL_get_rfd(s));
673 }
674
675int SSL_get_rfd(const SSL *s)
676 {
677 int ret= -1;
678 BIO *b,*r;
679
680 b=SSL_get_rbio(s);
681 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
682 if (r != NULL)
683 BIO_get_fd(r,&ret);
684 return(ret);
685 }
686
687int SSL_get_wfd(const SSL *s)
688 {
689 int ret= -1;
690 BIO *b,*r;
691
692 b=SSL_get_wbio(s);
693 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
694 if (r != NULL)
695 BIO_get_fd(r,&ret);
696 return(ret);
697 }
698
699#ifndef OPENSSL_NO_SOCK
700int SSL_set_fd(SSL *s,int fd)
701 {
702 int ret=0;
703 BIO *bio=NULL;
704
705 bio=BIO_new(BIO_s_fd());
706
707 if (bio == NULL)
708 {
709 OPENSSL_PUT_ERROR(SSL, SSL_set_fd, ERR_R_BUF_LIB);
710 goto err;
711 }
712 BIO_set_fd(bio,fd,BIO_NOCLOSE);
713 SSL_set_bio(s,bio,bio);
714 ret=1;
715err:
716 return(ret);
717 }
718
719int SSL_set_wfd(SSL *s,int fd)
720 {
721 int ret=0;
722 BIO *bio=NULL;
723
724 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_FD)
725 || ((int)BIO_get_fd(s->rbio,NULL) != fd))
726 {
727 bio=BIO_new(BIO_s_fd());
728
729 if (bio == NULL)
730 {
731 OPENSSL_PUT_ERROR(SSL, SSL_set_wfd, ERR_R_BUF_LIB);
732 goto err;
733 }
734 BIO_set_fd(bio,fd,BIO_NOCLOSE);
735 SSL_set_bio(s,SSL_get_rbio(s),bio);
736 }
737 else
738 SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
739 ret=1;
740err:
741 return(ret);
742 }
743
744int SSL_set_rfd(SSL *s,int fd)
745 {
746 int ret=0;
747 BIO *bio=NULL;
748
749 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_FD)
750 || ((int)BIO_get_fd(s->wbio,NULL) != fd))
751 {
752 bio=BIO_new(BIO_s_fd());
753
754 if (bio == NULL)
755 {
756 OPENSSL_PUT_ERROR(SSL, SSL_set_rfd, ERR_R_BUF_LIB);
757 goto err;
758 }
759 BIO_set_fd(bio,fd,BIO_NOCLOSE);
760 SSL_set_bio(s,bio,SSL_get_wbio(s));
761 }
762 else
763 SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
764 ret=1;
765err:
766 return(ret);
767 }
768#endif
769
770
771/* return length of latest Finished message we sent, copy to 'buf' */
772size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
773 {
774 size_t ret = 0;
775
776 if (s->s3 != NULL)
777 {
778 ret = s->s3->tmp.finish_md_len;
779 if (count > ret)
780 count = ret;
781 memcpy(buf, s->s3->tmp.finish_md, count);
782 }
783 return ret;
784 }
785
786/* return length of latest Finished message we expected, copy to 'buf' */
787size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
788 {
789 size_t ret = 0;
790
791 if (s->s3 != NULL)
792 {
793 ret = s->s3->tmp.peer_finish_md_len;
794 if (count > ret)
795 count = ret;
796 memcpy(buf, s->s3->tmp.peer_finish_md, count);
797 }
798 return ret;
799 }
800
801
802int SSL_get_verify_mode(const SSL *s)
803 {
804 return(s->verify_mode);
805 }
806
807int SSL_get_verify_depth(const SSL *s)
808 {
809 return X509_VERIFY_PARAM_get_depth(s->param);
810 }
811
812int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
813 {
814 return(s->verify_callback);
815 }
816
817int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
818 {
819 return(ctx->verify_mode);
820 }
821
822int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
823 {
824 return X509_VERIFY_PARAM_get_depth(ctx->param);
825 }
826
827int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
828 {
829 return(ctx->default_verify_callback);
830 }
831
832void SSL_set_verify(SSL *s,int mode,
833 int (*callback)(int ok,X509_STORE_CTX *ctx))
834 {
835 s->verify_mode=mode;
836 if (callback != NULL)
837 s->verify_callback=callback;
838 }
839
840void SSL_set_verify_depth(SSL *s,int depth)
841 {
842 X509_VERIFY_PARAM_set_depth(s->param, depth);
843 }
844
845void SSL_set_read_ahead(SSL *s,int yes)
846 {
847 s->read_ahead=yes;
848 }
849
850int SSL_get_read_ahead(const SSL *s)
851 {
852 return(s->read_ahead);
853 }
854
855int SSL_pending(const SSL *s)
856 {
857 /* SSL_pending cannot work properly if read-ahead is enabled
858 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
859 * and it is impossible to fix since SSL_pending cannot report
860 * errors that may be observed while scanning the new data.
861 * (Note that SSL_pending() is often used as a boolean value,
862 * so we'd better not return -1.)
863 */
864 return(s->method->ssl_pending(s));
865 }
866
867X509 *SSL_get_peer_certificate(const SSL *s)
868 {
869 X509 *r;
870
871 if ((s == NULL) || (s->session == NULL))
872 r=NULL;
873 else
874 r=s->session->peer;
875
876 if (r == NULL) return(r);
877
878 CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
879
880 return(r);
881 }
882
883STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
884 {
885 STACK_OF(X509) *r;
886
887 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
888 r=NULL;
889 else
890 r=s->session->sess_cert->cert_chain;
891
892 /* If we are a client, cert_chain includes the peer's own
893 * certificate; if we are a server, it does not. */
894
895 return(r);
896 }
897
898/* Now in theory, since the calling process own 't' it should be safe to
899 * modify. We need to be able to read f without being hassled */
900void SSL_copy_session_id(SSL *t,const SSL *f)
901 {
902 CERT *tmp;
903
904 /* Do we need to to SSL locking? */
905 SSL_set_session(t,SSL_get_session(f));
906
907 /* what if we are setup as SSLv2 but want to talk SSLv3 or
908 * vice-versa */
909 if (t->method != f->method)
910 {
911 t->method->ssl_free(t); /* cleanup current */
912 t->method=f->method; /* change method */
913 t->method->ssl_new(t); /* setup new */
914 }
915
916 tmp=t->cert;
917 if (f->cert != NULL)
918 {
919 CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
920 t->cert=f->cert;
921 }
922 else
923 t->cert=NULL;
924 if (tmp != NULL) ssl_cert_free(tmp);
925 SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
926 }
927
928/* Fix this so it checks all the valid key/cert options */
929int SSL_CTX_check_private_key(const SSL_CTX *ctx)
930 {
931 if ( (ctx == NULL) ||
932 (ctx->cert == NULL) ||
933 (ctx->cert->key->x509 == NULL))
934 {
935 OPENSSL_PUT_ERROR(SSL, SSL_CTX_check_private_key, SSL_R_NO_CERTIFICATE_ASSIGNED);
936 return(0);
937 }
938 if (ctx->cert->key->privatekey == NULL)
939 {
940 OPENSSL_PUT_ERROR(SSL, SSL_CTX_check_private_key, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
941 return(0);
942 }
943 return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
944 }
945
946/* Fix this function so that it takes an optional type parameter */
947int SSL_check_private_key(const SSL *ssl)
948 {
949 if (ssl == NULL)
950 {
951 OPENSSL_PUT_ERROR(SSL, SSL_check_private_key, ERR_R_PASSED_NULL_PARAMETER);
952 return(0);
953 }
954 if (ssl->cert == NULL)
955 {
956 OPENSSL_PUT_ERROR(SSL, SSL_check_private_key, SSL_R_NO_CERTIFICATE_ASSIGNED);
957 return 0;
958 }
959 if (ssl->cert->key->x509 == NULL)
960 {
961 OPENSSL_PUT_ERROR(SSL, SSL_check_private_key, SSL_R_NO_CERTIFICATE_ASSIGNED);
962 return(0);
963 }
964 if (ssl->cert->key->privatekey == NULL)
965 {
966 OPENSSL_PUT_ERROR(SSL, SSL_check_private_key, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
967 return(0);
968 }
969 return(X509_check_private_key(ssl->cert->key->x509,
970 ssl->cert->key->privatekey));
971 }
972
973int SSL_accept(SSL *s)
974 {
975 if (s->handshake_func == 0)
976 /* Not properly initialized yet */
977 SSL_set_accept_state(s);
978
979 return(s->method->ssl_accept(s));
980 }
981
982int SSL_connect(SSL *s)
983 {
984 if (s->handshake_func == 0)
985 /* Not properly initialized yet */
986 SSL_set_connect_state(s);
987
988 return(s->method->ssl_connect(s));
989 }
990
991long SSL_get_default_timeout(const SSL *s)
992 {
993 return(s->method->get_timeout());
994 }
995
996int SSL_read(SSL *s,void *buf,int num)
997 {
998 if (s->handshake_func == 0)
999 {
1000 OPENSSL_PUT_ERROR(SSL, SSL_read, SSL_R_UNINITIALIZED);
1001 return -1;
1002 }
1003
1004 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
1005 {
1006 s->rwstate=SSL_NOTHING;
1007 return(0);
1008 }
1009 return(s->method->ssl_read(s,buf,num));
1010 }
1011
1012int SSL_peek(SSL *s,void *buf,int num)
1013 {
1014 if (s->handshake_func == 0)
1015 {
1016 OPENSSL_PUT_ERROR(SSL, SSL_peek, SSL_R_UNINITIALIZED);
1017 return -1;
1018 }
1019
1020 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
1021 {
1022 return(0);
1023 }
1024 return(s->method->ssl_peek(s,buf,num));
1025 }
1026
1027int SSL_write(SSL *s,const void *buf,int num)
1028 {
1029 if (s->handshake_func == 0)
1030 {
1031 OPENSSL_PUT_ERROR(SSL, SSL_write, SSL_R_UNINITIALIZED);
1032 return -1;
1033 }
1034
1035 if (s->shutdown & SSL_SENT_SHUTDOWN)
1036 {
1037 s->rwstate=SSL_NOTHING;
1038 OPENSSL_PUT_ERROR(SSL, SSL_write, SSL_R_PROTOCOL_IS_SHUTDOWN);
1039 return(-1);
1040 }
1041 return(s->method->ssl_write(s,buf,num));
1042 }
1043
1044int SSL_shutdown(SSL *s)
1045 {
1046 /* Note that this function behaves differently from what one might
1047 * expect. Return values are 0 for no success (yet),
1048 * 1 for success; but calling it once is usually not enough,
1049 * even if blocking I/O is used (see ssl3_shutdown).
1050 */
1051
1052 if (s->handshake_func == 0)
1053 {
1054 OPENSSL_PUT_ERROR(SSL, SSL_shutdown, SSL_R_UNINITIALIZED);
1055 return -1;
1056 }
1057
1058 if ((s != NULL) && !SSL_in_init(s))
1059 return(s->method->ssl_shutdown(s));
1060 else
1061 return(1);
1062 }
1063
1064int SSL_renegotiate(SSL *s)
1065 {
1066 if (s->renegotiate == 0)
1067 s->renegotiate=1;
1068
1069 s->new_session=1;
1070
1071 return(s->method->ssl_renegotiate(s));
1072 }
1073
1074int SSL_renegotiate_abbreviated(SSL *s)
1075 {
1076 if (s->renegotiate == 0)
1077 s->renegotiate=1;
1078
1079 s->new_session=0;
1080
1081 return(s->method->ssl_renegotiate(s));
1082 }
1083
1084int SSL_renegotiate_pending(SSL *s)
1085 {
1086 /* becomes true when negotiation is requested;
1087 * false again once a handshake has finished */
1088 return (s->renegotiate != 0);
1089 }
1090
1091long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
1092 {
1093 long l;
1094
1095 switch (cmd)
1096 {
1097 case SSL_CTRL_GET_READ_AHEAD:
1098 return(s->read_ahead);
1099 case SSL_CTRL_SET_READ_AHEAD:
1100 l=s->read_ahead;
1101 s->read_ahead=larg;
1102 return(l);
1103
1104 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1105 s->msg_callback_arg = parg;
1106 return 1;
1107
1108 case SSL_CTRL_OPTIONS:
1109 return(s->options|=larg);
1110 case SSL_CTRL_CLEAR_OPTIONS:
1111 return(s->options&=~larg);
1112 case SSL_CTRL_MODE:
1113 return(s->mode|=larg);
1114 case SSL_CTRL_CLEAR_MODE:
1115 return(s->mode &=~larg);
1116 case SSL_CTRL_GET_MAX_CERT_LIST:
1117 return(s->max_cert_list);
1118 case SSL_CTRL_SET_MAX_CERT_LIST:
1119 l=s->max_cert_list;
1120 s->max_cert_list=larg;
1121 return(l);
1122 case SSL_CTRL_SET_MTU:
1123#ifndef OPENSSL_NO_DTLS1
1124 if (larg < (long)dtls1_min_mtu())
1125 return 0;
1126#endif
1127
1128 if (SSL_IS_DTLS(s))
1129 {
1130 s->d1->mtu = larg;
1131 return larg;
1132 }
1133 return 0;
1134 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1135 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1136 return 0;
1137 s->max_send_fragment = larg;
1138 return 1;
1139 case SSL_CTRL_GET_RI_SUPPORT:
1140 if (s->s3)
1141 return s->s3->send_connection_binding;
1142 else return 0;
1143 case SSL_CTRL_CERT_FLAGS:
1144 return(s->cert->cert_flags|=larg);
1145 case SSL_CTRL_CLEAR_CERT_FLAGS:
1146 return(s->cert->cert_flags &=~larg);
1147
1148 case SSL_CTRL_GET_RAW_CIPHERLIST:
1149 if (parg)
1150 {
1151 if (s->cert->ciphers_raw == NULL)
1152 return 0;
1153 *(unsigned char **)parg = s->cert->ciphers_raw;
1154 return (int)s->cert->ciphers_rawlen;
1155 }
1156 else
1157 return ssl_put_cipher_by_char(s,NULL,NULL);
1158 default:
1159 return(s->method->ssl_ctrl(s,cmd,larg,parg));
1160 }
1161 }
1162
1163long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1164 {
1165 switch(cmd)
1166 {
1167 case SSL_CTRL_SET_MSG_CALLBACK:
1168 s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1169 return 1;
1170
1171 default:
1172 return(s->method->ssl_callback_ctrl(s,cmd,fp));
1173 }
1174 }
1175
1176LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
1177 {
1178 return ctx->sessions;
1179 }
1180
1181long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
1182 {
1183 long l;
1184
1185 switch (cmd)
1186 {
1187 case SSL_CTRL_GET_READ_AHEAD:
1188 return(ctx->read_ahead);
1189 case SSL_CTRL_SET_READ_AHEAD:
1190 l=ctx->read_ahead;
1191 ctx->read_ahead=larg;
1192 return(l);
1193
1194 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1195 ctx->msg_callback_arg = parg;
1196 return 1;
1197
1198 case SSL_CTRL_GET_MAX_CERT_LIST:
1199 return(ctx->max_cert_list);
1200 case SSL_CTRL_SET_MAX_CERT_LIST:
1201 l=ctx->max_cert_list;
1202 ctx->max_cert_list=larg;
1203 return(l);
1204
1205 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1206 l=ctx->session_cache_size;
1207 ctx->session_cache_size=larg;
1208 return(l);
1209 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1210 return(ctx->session_cache_size);
1211 case SSL_CTRL_SET_SESS_CACHE_MODE:
1212 l=ctx->session_cache_mode;
1213 ctx->session_cache_mode=larg;
1214 return(l);
1215 case SSL_CTRL_GET_SESS_CACHE_MODE:
1216 return(ctx->session_cache_mode);
1217
1218 case SSL_CTRL_SESS_NUMBER:
1219 return(lh_SSL_SESSION_num_items(ctx->sessions));
1220 case SSL_CTRL_SESS_CONNECT:
1221 return(ctx->stats.sess_connect);
1222 case SSL_CTRL_SESS_CONNECT_GOOD:
1223 return(ctx->stats.sess_connect_good);
1224 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1225 return(ctx->stats.sess_connect_renegotiate);
1226 case SSL_CTRL_SESS_ACCEPT:
1227 return(ctx->stats.sess_accept);
1228 case SSL_CTRL_SESS_ACCEPT_GOOD:
1229 return(ctx->stats.sess_accept_good);
1230 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1231 return(ctx->stats.sess_accept_renegotiate);
1232 case SSL_CTRL_SESS_HIT:
1233 return(ctx->stats.sess_hit);
1234 case SSL_CTRL_SESS_CB_HIT:
1235 return(ctx->stats.sess_cb_hit);
1236 case SSL_CTRL_SESS_MISSES:
1237 return(ctx->stats.sess_miss);
1238 case SSL_CTRL_SESS_TIMEOUTS:
1239 return(ctx->stats.sess_timeout);
1240 case SSL_CTRL_SESS_CACHE_FULL:
1241 return(ctx->stats.sess_cache_full);
1242 case SSL_CTRL_OPTIONS:
1243 return(ctx->options|=larg);
1244 case SSL_CTRL_CLEAR_OPTIONS:
1245 return(ctx->options&=~larg);
1246 case SSL_CTRL_MODE:
1247 return(ctx->mode|=larg);
1248 case SSL_CTRL_CLEAR_MODE:
1249 return(ctx->mode&=~larg);
1250 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1251 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1252 return 0;
1253 ctx->max_send_fragment = larg;
1254 return 1;
1255 case SSL_CTRL_CERT_FLAGS:
1256 return(ctx->cert->cert_flags|=larg);
1257 case SSL_CTRL_CLEAR_CERT_FLAGS:
1258 return(ctx->cert->cert_flags &=~larg);
1259 default:
1260 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
1261 }
1262 }
1263
1264long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1265 {
1266 switch(cmd)
1267 {
1268 case SSL_CTRL_SET_MSG_CALLBACK:
1269 ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1270 return 1;
1271
1272 default:
1273 return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
1274 }
1275 }
1276
1277int ssl_cipher_id_cmp(const void *in_a, const void *in_b)
1278 {
1279 long l;
1280 const SSL_CIPHER *a = in_a;
1281 const SSL_CIPHER *b = in_b;
1282 const long a_id = a->id;
1283 const long b_id = b->id;
1284
1285 l = a_id - b_id;
1286 if (l == 0L)
1287 return(0);
1288 else
1289 return((l > 0)?1:-1);
1290 }
1291
1292int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **ap, const SSL_CIPHER **bp)
1293 {
1294 long l;
1295 const long a_id = (*ap)->id;
1296 const long b_id = (*bp)->id;
1297
1298 l = a_id - b_id;
1299 if (l == 0)
1300 return(0);
1301 else
1302 return((l > 0)?1:-1);
1303 }
1304
1305/** return a STACK of the ciphers available for the SSL and in order of
1306 * preference */
1307STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
1308 {
1309 if (s != NULL)
1310 {
1311 if (s->cipher_list != NULL)
1312 {
1313 return(s->cipher_list);
1314 }
1315 else if ((s->ctx != NULL) &&
1316 (s->ctx->cipher_list != NULL))
1317 {
1318 return(s->ctx->cipher_list);
1319 }
1320 }
1321 return(NULL);
1322 }
1323
1324/** return a STACK of the ciphers available for the SSL and in order of
1325 * algorithm id */
1326STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
1327 {
1328 if (s != NULL)
1329 {
1330 if (s->cipher_list_by_id != NULL)
1331 {
1332 return(s->cipher_list_by_id);
1333 }
1334 else if ((s->ctx != NULL) &&
1335 (s->ctx->cipher_list_by_id != NULL))
1336 {
1337 return(s->ctx->cipher_list_by_id);
1338 }
1339 }
1340 return(NULL);
1341 }
1342
1343/** The old interface to get the same thing as SSL_get_ciphers() */
1344const char *SSL_get_cipher_list(const SSL *s,int n)
1345 {
1346 SSL_CIPHER *c;
1347 STACK_OF(SSL_CIPHER) *sk;
1348
1349 if (s == NULL) return(NULL);
1350 sk=SSL_get_ciphers(s);
1351 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1352 return(NULL);
1353 c=sk_SSL_CIPHER_value(sk,n);
1354 if (c == NULL) return(NULL);
1355 return(c->name);
1356 }
1357
1358/** specify the ciphers to be used by default by the SSL_CTX */
1359int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1360 {
1361 STACK_OF(SSL_CIPHER) *sk;
1362
1363 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
1364 &ctx->cipher_list_by_id,str, ctx->cert);
1365 /* ssl_create_cipher_list may return an empty stack if it
1366 * was unable to find a cipher matching the given rule string
1367 * (for example if the rule string specifies a cipher which
1368 * has been disabled). This is not an error as far as
1369 * ssl_create_cipher_list is concerned, and hence
1370 * ctx->cipher_list and ctx->cipher_list_by_id has been
1371 * updated. */
1372 if (sk == NULL)
1373 return 0;
1374 else if (sk_SSL_CIPHER_num(sk) == 0)
1375 {
1376 OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_cipher_list, SSL_R_NO_CIPHER_MATCH);
1377 return 0;
1378 }
1379 return 1;
1380 }
1381
1382/** specify the ciphers to be used by the SSL */
1383int SSL_set_cipher_list(SSL *s,const char *str)
1384 {
1385 STACK_OF(SSL_CIPHER) *sk;
1386
1387 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
1388 &s->cipher_list_by_id,str, s->cert);
1389 /* see comment in SSL_CTX_set_cipher_list */
1390 if (sk == NULL)
1391 return 0;
1392 else if (sk_SSL_CIPHER_num(sk) == 0)
1393 {
1394 OPENSSL_PUT_ERROR(SSL, SSL_set_cipher_list, SSL_R_NO_CIPHER_MATCH);
1395 return 0;
1396 }
1397 return 1;
1398 }
1399
1400/* works well for SSLv2, not so good for SSLv3 */
1401char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1402 {
1403 char *p;
1404 STACK_OF(SSL_CIPHER) *sk;
1405 SSL_CIPHER *c;
1406 int i;
1407
1408 if ((s->session == NULL) || (s->session->ciphers == NULL) ||
1409 (len < 2))
1410 return(NULL);
1411
1412 p=buf;
1413 sk=s->session->ciphers;
1414 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1415 {
1416 int n;
1417
1418 c=sk_SSL_CIPHER_value(sk,i);
1419 n=strlen(c->name);
1420 if (n+1 > len)
1421 {
1422 if (p != buf)
1423 --p;
1424 *p='\0';
1425 return buf;
1426 }
1427 strcpy(p,c->name);
1428 p+=n;
1429 *(p++)=':';
1430 len-=n+1;
1431 }
1432 p[-1]='\0';
1433 return(buf);
1434 }
1435
1436int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
1437 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1438 {
1439 int i,j=0;
1440 SSL_CIPHER *c;
1441 CERT *ct = s->cert;
1442 unsigned char *q;
1443 int no_scsv = s->renegotiate;
1444 /* Set disabled masks for this session */
1445 ssl_set_client_disabled(s);
1446
1447 if (sk == NULL) return(0);
1448 q=p;
1449
1450 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1451 {
1452 c=sk_SSL_CIPHER_value(sk,i);
1453 /* Skip disabled ciphers */
1454 if (c->algorithm_ssl & ct->mask_ssl ||
1455 c->algorithm_mkey & ct->mask_k ||
1456 c->algorithm_auth & ct->mask_a)
1457 continue;
1458#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
1459 if (c->id == SSL3_CK_SCSV)
1460 {
1461 if (no_scsv)
1462 continue;
1463 else
1464 no_scsv = 1;
1465 }
1466#endif
1467 j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
1468 p+=j;
1469 }
1470 /* If p == q, no ciphers and caller indicates an error. Otherwise
1471 * add SCSV if not renegotiating.
1472 */
1473 if (p != q && !no_scsv)
1474 {
1475 static SSL_CIPHER scsv =
1476 {
1477 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
1478 };
1479 j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p);
1480 p+=j;
1481#ifdef OPENSSL_RI_DEBUG
1482 fprintf(stderr, "SCSV sent by client\n");
1483#endif
1484 }
1485
1486 return(p-q);
1487 }
1488
1489STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
1490 STACK_OF(SSL_CIPHER) **skp)
1491 {
1492 const SSL_CIPHER *c;
1493 STACK_OF(SSL_CIPHER) *sk;
1494 int i,n;
1495 if (s->s3)
1496 s->s3->send_connection_binding = 0;
1497
1498 n=ssl_put_cipher_by_char(s,NULL,NULL);
1499 if ((num%n) != 0)
1500 {
1501 OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1502 return(NULL);
1503 }
1504 if ((skp == NULL) || (*skp == NULL))
1505 sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
1506 else
1507 {
1508 sk= *skp;
1509 sk_SSL_CIPHER_zero(sk);
1510 }
1511
1512 if (s->cert->ciphers_raw)
1513 OPENSSL_free(s->cert->ciphers_raw);
1514 s->cert->ciphers_raw = BUF_memdup(p, num);
1515 if (s->cert->ciphers_raw == NULL)
1516 {
1517 OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, ERR_R_MALLOC_FAILURE);
1518 goto err;
1519 }
1520 s->cert->ciphers_rawlen = (size_t)num;
1521
1522 for (i=0; i<num; i+=n)
1523 {
1524 /* Check for SCSV */
1525 if (s->s3 && (n != 3 || !p[0]) &&
1526 (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
1527 (p[n-1] == (SSL3_CK_SCSV & 0xff)))
1528 {
1529 /* SCSV fatal if renegotiating */
1530 if (s->renegotiate)
1531 {
1532 OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1533 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1534 goto err;
1535 }
1536 s->s3->send_connection_binding = 1;
1537 p += n;
1538#ifdef OPENSSL_RI_DEBUG
1539 fprintf(stderr, "SCSV received by server\n");
1540#endif
1541 continue;
1542 }
1543
1544 c=ssl_get_cipher_by_char(s,p);
1545 p+=n;
1546 if (c != NULL)
1547 {
1548 if (!sk_SSL_CIPHER_push(sk,c))
1549 {
1550 OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, ERR_R_MALLOC_FAILURE);
1551 goto err;
1552 }
1553 }
1554 }
1555
1556 if (skp != NULL)
1557 *skp=sk;
1558 return(sk);
1559err:
1560 if ((skp == NULL) || (*skp == NULL))
1561 sk_SSL_CIPHER_free(sk);
1562 return(NULL);
1563 }
1564
1565
1566#ifndef OPENSSL_NO_TLSEXT
1567/** return a servername extension value if provided in Client Hello, or NULL.
1568 * So far, only host_name types are defined (RFC 3546).
1569 */
1570
1571const char *SSL_get_servername(const SSL *s, const int type)
1572 {
1573 if (type != TLSEXT_NAMETYPE_host_name)
1574 return NULL;
1575
1576 return s->session && !s->tlsext_hostname ?
1577 s->session->tlsext_hostname :
1578 s->tlsext_hostname;
1579 }
1580
1581int SSL_get_servername_type(const SSL *s)
1582 {
1583 if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
1584 return TLSEXT_NAMETYPE_host_name;
1585 return -1;
1586 }
1587
1588/* SSL_select_next_proto implements the standard protocol selection. It is
1589 * expected that this function is called from the callback set by
1590 * SSL_CTX_set_next_proto_select_cb.
1591 *
1592 * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
1593 * strings. The length byte itself is not included in the length. A byte
1594 * string of length 0 is invalid. No byte string may be truncated.
1595 *
1596 * The current, but experimental algorithm for selecting the protocol is:
1597 *
1598 * 1) If the server doesn't support NPN then this is indicated to the
1599 * callback. In this case, the client application has to abort the connection
1600 * or have a default application level protocol.
1601 *
1602 * 2) If the server supports NPN, but advertises an empty list then the
1603 * client selects the first protcol in its list, but indicates via the
1604 * API that this fallback case was enacted.
1605 *
1606 * 3) Otherwise, the client finds the first protocol in the server's list
1607 * that it supports and selects this protocol. This is because it's
1608 * assumed that the server has better information about which protocol
1609 * a client should use.
1610 *
1611 * 4) If the client doesn't support any of the server's advertised
1612 * protocols, then this is treated the same as case 2.
1613 *
1614 * It returns either
1615 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1616 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1617 */
1618int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len)
1619 {
1620 unsigned int i, j;
1621 const unsigned char *result;
1622 int status = OPENSSL_NPN_UNSUPPORTED;
1623
1624 /* For each protocol in server preference order, see if we support it. */
1625 for (i = 0; i < server_len; )
1626 {
1627 for (j = 0; j < client_len; )
1628 {
1629 if (server[i] == client[j] &&
1630 memcmp(&server[i+1], &client[j+1], server[i]) == 0)
1631 {
1632 /* We found a match */
1633 result = &server[i];
1634 status = OPENSSL_NPN_NEGOTIATED;
1635 goto found;
1636 }
1637 j += client[j];
1638 j++;
1639 }
1640 i += server[i];
1641 i++;
1642 }
1643
1644 /* There's no overlap between our protocols and the server's list. */
1645 result = client;
1646 status = OPENSSL_NPN_NO_OVERLAP;
1647
1648 found:
1649 *out = (unsigned char *) result + 1;
1650 *outlen = result[0];
1651 return status;
1652 }
1653
1654# ifndef OPENSSL_NO_NEXTPROTONEG
1655/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
1656 * requested protocol for this connection and returns 0. If the client didn't
1657 * request any protocol, then *data is set to NULL.
1658 *
1659 * Note that the client can request any protocol it chooses. The value returned
1660 * from this function need not be a member of the list of supported protocols
1661 * provided by the callback.
1662 */
1663void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len)
1664 {
1665 *data = s->next_proto_negotiated;
1666 if (!*data) {
1667 *len = 0;
1668 } else {
1669 *len = s->next_proto_negotiated_len;
1670 }
1671}
1672
1673/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
1674 * TLS server needs a list of supported protocols for Next Protocol
1675 * Negotiation. The returned list must be in wire format. The list is returned
1676 * by setting |out| to point to it and |outlen| to its length. This memory will
1677 * not be modified, but one should assume that the SSL* keeps a reference to
1678 * it.
1679 *
1680 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no
1681 * such extension will be included in the ServerHello. */
1682void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1683 {
1684 ctx->next_protos_advertised_cb = cb;
1685 ctx->next_protos_advertised_cb_arg = arg;
1686 }
1687
1688/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
1689 * client needs to select a protocol from the server's provided list. |out|
1690 * must be set to point to the selected protocol (which may be within |in|).
1691 * The length of the protocol name must be written into |outlen|. The server's
1692 * advertised protocols are provided in |in| and |inlen|. The callback can
1693 * assume that |in| is syntactically valid.
1694 *
1695 * The client must select a protocol. It is fatal to the connection if this
1696 * callback returns a value other than SSL_TLSEXT_ERR_OK.
1697 */
1698void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1699 {
1700 ctx->next_proto_select_cb = cb;
1701 ctx->next_proto_select_cb_arg = arg;
1702 }
1703# endif
1704
1705int SSL_CTX_set_custom_cli_ext(SSL_CTX *ctx, unsigned short ext_type,
1706 custom_cli_ext_first_cb_fn fn1,
1707 custom_cli_ext_second_cb_fn fn2, void* arg)
1708 {
1709 size_t i;
1710 custom_cli_ext_record* record;
1711
1712 /* Check for duplicates */
1713 for (i=0; i < ctx->custom_cli_ext_records_count; i++)
1714 if (ext_type == ctx->custom_cli_ext_records[i].ext_type)
1715 return 0;
1716
1717 ctx->custom_cli_ext_records = OPENSSL_realloc(ctx->custom_cli_ext_records,
1718 (ctx->custom_cli_ext_records_count + 1) *
1719 sizeof(custom_cli_ext_record));
1720 if (!ctx->custom_cli_ext_records) {
1721 ctx->custom_cli_ext_records_count = 0;
1722 return 0;
1723 }
1724 ctx->custom_cli_ext_records_count++;
1725 record = &ctx->custom_cli_ext_records[ctx->custom_cli_ext_records_count - 1];
1726 record->ext_type = ext_type;
1727 record->fn1 = fn1;
1728 record->fn2 = fn2;
1729 record->arg = arg;
1730 return 1;
1731 }
1732
1733int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned short ext_type,
1734 custom_srv_ext_first_cb_fn fn1,
1735 custom_srv_ext_second_cb_fn fn2, void* arg)
1736 {
1737 size_t i;
1738 custom_srv_ext_record* record;
1739
1740 /* Check for duplicates */
1741 for (i=0; i < ctx->custom_srv_ext_records_count; i++)
1742 if (ext_type == ctx->custom_srv_ext_records[i].ext_type)
1743 return 0;
1744
1745 ctx->custom_srv_ext_records = OPENSSL_realloc(ctx->custom_srv_ext_records,
1746 (ctx->custom_srv_ext_records_count + 1) *
1747 sizeof(custom_srv_ext_record));
1748 if (!ctx->custom_srv_ext_records) {
1749 ctx->custom_srv_ext_records_count = 0;
1750 return 0;
1751 }
1752 ctx->custom_srv_ext_records_count++;
1753 record = &ctx->custom_srv_ext_records[ctx->custom_srv_ext_records_count - 1];
1754 record->ext_type = ext_type;
1755 record->fn1 = fn1;
1756 record->fn2 = fn2;
1757 record->arg = arg;
1758 return 1;
1759 }
1760
1761/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
1762 * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
1763 * length-prefixed strings).
1764 *
1765 * Returns 0 on success. */
1766int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
1767 unsigned protos_len)
1768 {
1769 if (ctx->alpn_client_proto_list)
1770 OPENSSL_free(ctx->alpn_client_proto_list);
1771
1772 ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len);
1773 if (!ctx->alpn_client_proto_list)
1774 return 1;
1775 memcpy(ctx->alpn_client_proto_list, protos, protos_len);
1776 ctx->alpn_client_proto_list_len = protos_len;
1777
1778 return 0;
1779 }
1780
1781/* SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
1782 * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
1783 * length-prefixed strings).
1784 *
1785 * Returns 0 on success. */
1786int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
1787 unsigned protos_len)
1788 {
1789 if (ssl->alpn_client_proto_list)
1790 OPENSSL_free(ssl->alpn_client_proto_list);
1791
1792 ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len);
1793 if (!ssl->alpn_client_proto_list)
1794 return 1;
1795 memcpy(ssl->alpn_client_proto_list, protos, protos_len);
1796 ssl->alpn_client_proto_list_len = protos_len;
1797
1798 return 0;
1799 }
1800
1801/* SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called
1802 * during ClientHello processing in order to select an ALPN protocol from the
1803 * client's list of offered protocols. */
1804void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
1805 int (*cb) (SSL *ssl,
1806 const unsigned char **out,
1807 unsigned char *outlen,
1808 const unsigned char *in,
1809 unsigned int inlen,
1810 void *arg),
1811 void *arg)
1812 {
1813 ctx->alpn_select_cb = cb;
1814 ctx->alpn_select_cb_arg = arg;
1815 }
1816
1817/* SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
1818 * On return it sets |*data| to point to |*len| bytes of protocol name (not
1819 * including the leading length-prefix byte). If the server didn't respond with
1820 * a negotiated protocol then |*len| will be zero. */
1821void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
1822 unsigned *len)
1823 {
1824 *data = NULL;
1825 if (ssl->s3)
1826 *data = ssl->s3->alpn_selected;
1827 if (*data == NULL)
1828 *len = 0;
1829 else
1830 *len = ssl->s3->alpn_selected_len;
1831 }
1832#endif /* !OPENSSL_NO_TLSEXT */
1833
1834int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1835 const char *label, size_t llen, const unsigned char *p, size_t plen,
1836 int use_context)
1837 {
1838 if (s->version < TLS1_VERSION)
1839 return -1;
1840
1841 return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
1842 llen, p, plen,
1843 use_context);
1844 }
1845
1846static uint32_t ssl_session_hash(const SSL_SESSION *a)
1847 {
1848 uint32_t hash = ((uint32_t) a->session_id[0]) ||
1849 ((uint32_t) a->session_id[1] << 8) ||
1850 ((uint32_t) a->session_id[2] << 16) ||
1851 ((uint32_t) a->session_id[3] << 24);
1852
1853 return hash;
1854 }
1855
1856/* NB: If this function (or indeed the hash function which uses a sort of
1857 * coarser function than this one) is changed, ensure
1858 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1859 * able to construct an SSL_SESSION that will collide with any existing session
1860 * with a matching session ID. */
1861static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
1862 {
1863 if (a->ssl_version != b->ssl_version)
1864 return(1);
1865 if (a->session_id_length != b->session_id_length)
1866 return(1);
1867 return(memcmp(a->session_id,b->session_id,a->session_id_length));
1868 }
1869
1870SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1871 {
1872 SSL_CTX *ret=NULL;
1873
1874 if (meth == NULL)
1875 {
1876 OPENSSL_PUT_ERROR(SSL, SSL_CTX_new, SSL_R_NULL_SSL_METHOD_PASSED);
1877 return(NULL);
1878 }
1879
1880#ifdef OPENSSL_FIPS
1881 if (FIPS_mode() && (meth->version < TLS1_VERSION))
1882 {
1883 OPENSSL_PUT_ERROR(SSL, SSL_CTX_new, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
1884 return NULL;
1885 }
1886#endif
1887
1888 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
1889 {
1890 OPENSSL_PUT_ERROR(SSL, SSL_CTX_new, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1891 goto err;
1892 }
1893 ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
1894 if (ret == NULL)
1895 goto err;
1896
1897 memset(ret,0,sizeof(SSL_CTX));
1898
1899 ret->method=meth;
1900
1901 ret->cert_store=NULL;
1902 ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
1903 ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1904 ret->session_cache_head=NULL;
1905 ret->session_cache_tail=NULL;
1906
1907 /* We take the system default */
1908 ret->session_timeout=meth->get_timeout();
1909
1910 ret->new_session_cb=0;
1911 ret->remove_session_cb=0;
1912 ret->get_session_cb=0;
1913 ret->generate_session_id=0;
1914
1915 memset((char *)&ret->stats,0,sizeof(ret->stats));
1916
1917 ret->references=1;
1918 ret->quiet_shutdown=0;
1919
1920/* ret->cipher=NULL;*/
1921/* ret->s2->challenge=NULL;
1922 ret->master_key=NULL;
1923 ret->key_arg=NULL;
1924 ret->s2->conn_id=NULL; */
1925
1926 ret->info_callback=NULL;
1927
1928 ret->app_verify_callback=0;
1929 ret->app_verify_arg=NULL;
1930
1931 ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
1932 ret->read_ahead=0;
1933 ret->msg_callback=0;
1934 ret->msg_callback_arg=NULL;
1935 ret->verify_mode=SSL_VERIFY_NONE;
1936#if 0
1937 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
1938#endif
1939 ret->sid_ctx_length=0;
1940 ret->default_verify_callback=NULL;
1941 if ((ret->cert=ssl_cert_new()) == NULL)
1942 goto err;
1943
1944 ret->default_passwd_callback=0;
1945 ret->default_passwd_callback_userdata=NULL;
1946 ret->client_cert_cb=0;
1947 ret->app_gen_cookie_cb=0;
1948 ret->app_verify_cookie_cb=0;
1949
1950 ret->sessions=lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
1951 if (ret->sessions == NULL) goto err;
1952 ret->cert_store=X509_STORE_new();
1953 if (ret->cert_store == NULL) goto err;
1954
1955 ssl_create_cipher_list(ret->method,
1956 &ret->cipher_list,&ret->cipher_list_by_id,
1957 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, ret->cert);
1958 if (ret->cipher_list == NULL
1959 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
1960 {
1961 OPENSSL_PUT_ERROR(SSL, SSL_CTX_new, SSL_R_LIBRARY_HAS_NO_CIPHERS);
1962 goto err2;
1963 }
1964
1965 ret->param = X509_VERIFY_PARAM_new();
1966 if (!ret->param)
1967 goto err;
1968
1969 ret->rsa_md5 = EVP_md5();
1970 ret->md5 = EVP_md5();
1971 ret->sha1 = EVP_sha1();
1972
1973 if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
1974 goto err;
1975
1976 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1977
1978 ret->extra_certs=NULL;
1979 /* No compression for DTLS */
1980 if (meth->version != DTLS1_VERSION)
1981 ret->comp_methods=SSL_COMP_get_compression_methods();
1982
1983 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1984
1985#ifndef OPENSSL_NO_TLSEXT
1986 ret->tlsext_servername_callback = 0;
1987 ret->tlsext_servername_arg = NULL;
1988 /* Setup RFC4507 ticket keys */
1989 if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
1990 || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
1991 || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
1992 ret->options |= SSL_OP_NO_TICKET;
1993
1994 ret->tlsext_status_cb = 0;
1995 ret->tlsext_status_arg = NULL;
1996
1997# ifndef OPENSSL_NO_NEXTPROTONEG
1998 ret->next_protos_advertised_cb = 0;
1999 ret->next_proto_select_cb = 0;
2000# endif
2001#endif
2002#ifndef OPENSSL_NO_PSK
2003 ret->psk_identity_hint=NULL;
2004 ret->psk_client_callback=NULL;
2005 ret->psk_server_callback=NULL;
2006#endif
2007 ret->custom_cli_ext_records = NULL;
2008 ret->custom_cli_ext_records_count = 0;
2009 ret->custom_srv_ext_records = NULL;
2010 ret->custom_srv_ext_records_count = 0;
2011#ifndef OPENSSL_NO_BUF_FREELISTS
2012 ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
2013 ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
2014 if (!ret->rbuf_freelist)
2015 goto err;
2016 ret->rbuf_freelist->chunklen = 0;
2017 ret->rbuf_freelist->len = 0;
2018 ret->rbuf_freelist->head = NULL;
2019 ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
2020 if (!ret->wbuf_freelist)
2021 {
2022 OPENSSL_free(ret->rbuf_freelist);
2023 goto err;
2024 }
2025 ret->wbuf_freelist->chunklen = 0;
2026 ret->wbuf_freelist->len = 0;
2027 ret->wbuf_freelist->head = NULL;
2028#endif
2029#ifndef OPENSSL_NO_ENGINE
2030 ret->client_cert_engine = NULL;
2031#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
2032#define eng_strx(x) #x
2033#define eng_str(x) eng_strx(x)
2034 /* Use specific client engine automatically... ignore errors */
2035 {
2036 ENGINE *eng;
2037 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
2038 if (!eng)
2039 {
2040 ERR_clear_error();
2041 ENGINE_load_builtin_engines();
2042 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
2043 }
2044 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
2045 ERR_clear_error();
2046 }
2047#endif
2048#endif
2049 /* Default is to connect to non-RI servers. When RI is more widely
2050 * deployed might change this.
2051 */
2052 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
2053
2054 return(ret);
2055err:
2056 OPENSSL_PUT_ERROR(SSL, SSL_CTX_new, ERR_R_MALLOC_FAILURE);
2057err2:
2058 if (ret != NULL) SSL_CTX_free(ret);
2059 return(NULL);
2060 }
2061
2062#if 0
2063static void SSL_COMP_free(SSL_COMP *comp)
2064 { OPENSSL_free(comp); }
2065#endif
2066
2067#ifndef OPENSSL_NO_BUF_FREELISTS
2068static void
2069ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
2070 {
2071 SSL3_BUF_FREELIST_ENTRY *ent, *next;
2072 for (ent = list->head; ent; ent = next)
2073 {
2074 next = ent->next;
2075 OPENSSL_free(ent);
2076 }
2077 OPENSSL_free(list);
2078 }
2079#endif
2080
2081void SSL_CTX_free(SSL_CTX *a)
2082 {
2083 int i;
2084
2085 if (a == NULL) return;
2086
2087 i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
2088#ifdef REF_PRINT
2089 REF_PRINT("SSL_CTX",a);
2090#endif
2091 if (i > 0) return;
2092#ifdef REF_CHECK
2093 if (i < 0)
2094 {
2095 fprintf(stderr,"SSL_CTX_free, bad reference count\n");
2096 abort(); /* ok */
2097 }
2098#endif
2099
2100 if (a->param)
2101 X509_VERIFY_PARAM_free(a->param);
2102
2103 /*
2104 * Free internal session cache. However: the remove_cb() may reference
2105 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
2106 * after the sessions were flushed.
2107 * As the ex_data handling routines might also touch the session cache,
2108 * the most secure solution seems to be: empty (flush) the cache, then
2109 * free ex_data, then finally free the cache.
2110 * (See ticket [openssl.org #212].)
2111 */
2112 if (a->sessions != NULL)
2113 SSL_CTX_flush_sessions(a,0);
2114
2115 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
2116
2117 if (a->sessions != NULL)
2118 lh_SSL_SESSION_free(a->sessions);
2119
2120 if (a->cert_store != NULL)
2121 X509_STORE_free(a->cert_store);
2122 if (a->cipher_list != NULL)
2123 sk_SSL_CIPHER_free(a->cipher_list);
2124 if (a->cipher_list_by_id != NULL)
2125 sk_SSL_CIPHER_free(a->cipher_list_by_id);
2126 if (a->cert != NULL)
2127 ssl_cert_free(a->cert);
2128 if (a->client_CA != NULL)
2129 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
2130 if (a->extra_certs != NULL)
2131 sk_X509_pop_free(a->extra_certs,X509_free);
2132#if 0 /* This should never be done, since it removes a global database */
2133 if (a->comp_methods != NULL)
2134 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
2135#else
2136 a->comp_methods = NULL;
2137#endif
2138
2139 if (a->srtp_profiles)
2140 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
2141
2142#ifndef OPENSSL_NO_PSK
2143 if (a->psk_identity_hint)
2144 OPENSSL_free(a->psk_identity_hint);
2145#endif
2146#ifndef OPENSSL_NO_TLSEXT
2147 OPENSSL_free(a->custom_cli_ext_records);
2148 OPENSSL_free(a->custom_srv_ext_records);
2149#endif
2150
2151 /* TODO(fork): remove. */
2152#if 0
2153#ifndef OPENSSL_NO_ENGINE
2154 if (a->client_cert_engine)
2155 ENGINE_finish(a->client_cert_engine);
2156#endif
2157#endif
2158
2159#ifndef OPENSSL_NO_BUF_FREELISTS
2160 if (a->wbuf_freelist)
2161 ssl_buf_freelist_free(a->wbuf_freelist);
2162 if (a->rbuf_freelist)
2163 ssl_buf_freelist_free(a->rbuf_freelist);
2164#endif
2165#ifndef OPENSSL_NO_TLSEXT
2166# ifndef OPENSSL_NO_EC
2167 if (a->tlsext_ecpointformatlist)
2168 OPENSSL_free(a->tlsext_ecpointformatlist);
2169 if (a->tlsext_ellipticcurvelist)
2170 OPENSSL_free(a->tlsext_ellipticcurvelist);
2171# endif /* OPENSSL_NO_EC */
2172 if (a->alpn_client_proto_list != NULL)
2173 OPENSSL_free(a->alpn_client_proto_list);
2174#endif
2175
2176 OPENSSL_free(a);
2177 }
2178
2179void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
2180 {
2181 ctx->default_passwd_callback=cb;
2182 }
2183
2184void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
2185 {
2186 ctx->default_passwd_callback_userdata=u;
2187 }
2188
2189void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
2190 {
2191 ctx->app_verify_callback=cb;
2192 ctx->app_verify_arg=arg;
2193 }
2194
2195void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
2196 {
2197 ctx->verify_mode=mode;
2198 ctx->default_verify_callback=cb;
2199 }
2200
2201void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
2202 {
2203 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2204 }
2205
2206void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg)
2207 {
2208 ssl_cert_set_cert_cb(c->cert, cb, arg);
2209 }
2210
2211void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg)
2212 {
2213 ssl_cert_set_cert_cb(s->cert, cb, arg);
2214 }
2215
2216void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2217 {
2218 CERT_PKEY *cpk;
2219 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
2220 int rsa_enc_export,dh_rsa_export,dh_dsa_export;
2221 int rsa_tmp_export,dh_tmp_export,kl;
2222 unsigned long mask_k,mask_a,emask_k,emask_a;
2223#ifndef OPENSSL_NO_ECDSA
2224 int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
2225#endif
2226#ifndef OPENSSL_NO_ECDH
2227 int have_ecdh_tmp, ecdh_ok;
2228#endif
2229#ifndef OPENSSL_NO_EC
2230 X509 *x = NULL;
2231 EVP_PKEY *ecc_pkey = NULL;
2232 int signature_nid = 0, pk_nid = 0, md_nid = 0;
2233#endif
2234 if (c == NULL) return;
2235
2236 kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
2237
2238#ifndef OPENSSL_NO_RSA
2239 rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
2240 rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
2241 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
2242#else
2243 rsa_tmp=rsa_tmp_export=0;
2244#endif
2245#ifndef OPENSSL_NO_DH
2246 dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
2247 dh_tmp_export=(c->dh_tmp_cb != NULL ||
2248 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
2249#else
2250 dh_tmp=dh_tmp_export=0;
2251#endif
2252
2253#ifndef OPENSSL_NO_ECDH
2254 have_ecdh_tmp=(c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto);
2255#endif
2256 cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
2257 rsa_enc= cpk->valid_flags & CERT_PKEY_VALID;
2258 rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2259 cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
2260 rsa_sign= cpk->valid_flags & CERT_PKEY_SIGN;
2261 cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
2262 dsa_sign= cpk->valid_flags & CERT_PKEY_SIGN;
2263 cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
2264 dh_rsa= cpk->valid_flags & CERT_PKEY_VALID;
2265 dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2266 cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
2267/* FIX THIS EAY EAY EAY */
2268 dh_dsa= cpk->valid_flags & CERT_PKEY_VALID;
2269 dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2270 cpk= &(c->pkeys[SSL_PKEY_ECC]);
2271#ifndef OPENSSL_NO_EC
2272 have_ecc_cert= cpk->valid_flags & CERT_PKEY_VALID;
2273#endif
2274 mask_k=0;
2275 mask_a=0;
2276 emask_k=0;
2277 emask_a=0;
2278
2279
2280
2281#ifdef CIPHER_DEBUG
2282 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
2283 rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
2284 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
2285#endif
2286
2287 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2288 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
2289 mask_k |= SSL_kGOST;
2290 mask_a |= SSL_aGOST01;
2291 }
2292 cpk = &(c->pkeys[SSL_PKEY_GOST94]);
2293 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
2294 mask_k |= SSL_kGOST;
2295 mask_a |= SSL_aGOST94;
2296 }
2297
2298 if (rsa_enc || (rsa_tmp && rsa_sign))
2299 mask_k|=SSL_kRSA;
2300 if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
2301 emask_k|=SSL_kRSA;
2302
2303#if 0
2304 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
2305 if ( (dh_tmp || dh_rsa || dh_dsa) &&
2306 (rsa_enc || rsa_sign || dsa_sign))
2307 mask_k|=SSL_kEDH;
2308 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
2309 (rsa_enc || rsa_sign || dsa_sign))
2310 emask_k|=SSL_kEDH;
2311#endif
2312
2313 if (dh_tmp_export)
2314 emask_k|=SSL_kEDH;
2315
2316 if (dh_tmp)
2317 mask_k|=SSL_kEDH;
2318
2319 if (dh_rsa) mask_k|=SSL_kDHr;
2320 if (dh_rsa_export) emask_k|=SSL_kDHr;
2321
2322 if (dh_dsa) mask_k|=SSL_kDHd;
2323 if (dh_dsa_export) emask_k|=SSL_kDHd;
2324
2325 if (emask_k & (SSL_kDHr|SSL_kDHd))
2326 mask_a |= SSL_aDH;
2327
2328 if (rsa_enc || rsa_sign)
2329 {
2330 mask_a|=SSL_aRSA;
2331 emask_a|=SSL_aRSA;
2332 }
2333
2334 if (dsa_sign)
2335 {
2336 mask_a|=SSL_aDSS;
2337 emask_a|=SSL_aDSS;
2338 }
2339
2340 mask_a|=SSL_aNULL;
2341 emask_a|=SSL_aNULL;
2342
2343 /* An ECC certificate may be usable for ECDH and/or
2344 * ECDSA cipher suites depending on the key usage extension.
2345 */
2346#ifndef OPENSSL_NO_EC
2347 if (have_ecc_cert)
2348 {
2349 cpk = &c->pkeys[SSL_PKEY_ECC];
2350 x = cpk->x509;
2351 /* This call populates extension flags (ex_flags) */
2352 X509_check_purpose(x, -1, 0);
2353 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2354 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
2355 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2356 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
2357 if (!(cpk->valid_flags & CERT_PKEY_SIGN))
2358 ecdsa_ok = 0;
2359 ecc_pkey = X509_get_pubkey(x);
2360 ecc_pkey_size = (ecc_pkey != NULL) ?
2361 EVP_PKEY_bits(ecc_pkey) : 0;
2362 EVP_PKEY_free(ecc_pkey);
2363 if ((x->sig_alg) && (x->sig_alg->algorithm))
2364 {
2365 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2366 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2367 }
2368#ifndef OPENSSL_NO_ECDH
2369 if (ecdh_ok)
2370 {
2371
2372 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
2373 {
2374 mask_k|=SSL_kECDHr;
2375 mask_a|=SSL_aECDH;
2376 if (ecc_pkey_size <= 163)
2377 {
2378 emask_k|=SSL_kECDHr;
2379 emask_a|=SSL_aECDH;
2380 }
2381 }
2382
2383 if (pk_nid == NID_X9_62_id_ecPublicKey)
2384 {
2385 mask_k|=SSL_kECDHe;
2386 mask_a|=SSL_aECDH;
2387 if (ecc_pkey_size <= 163)
2388 {
2389 emask_k|=SSL_kECDHe;
2390 emask_a|=SSL_aECDH;
2391 }
2392 }
2393 }
2394#endif
2395#ifndef OPENSSL_NO_ECDSA
2396 if (ecdsa_ok)
2397 {
2398 mask_a|=SSL_aECDSA;
2399 emask_a|=SSL_aECDSA;
2400 }
2401#endif
2402 }
2403#endif
2404
2405#ifndef OPENSSL_NO_ECDH
2406 if (have_ecdh_tmp)
2407 {
2408 mask_k|=SSL_kEECDH;
2409 emask_k|=SSL_kEECDH;
2410 }
2411#endif
2412
2413#ifndef OPENSSL_NO_PSK
2414 mask_k |= SSL_kPSK;
2415 mask_a |= SSL_aPSK;
2416 emask_k |= SSL_kPSK;
2417 emask_a |= SSL_aPSK;
2418#endif
2419
2420 c->mask_k=mask_k;
2421 c->mask_a=mask_a;
2422 c->export_mask_k=emask_k;
2423 c->export_mask_a=emask_a;
2424 c->valid=1;
2425 }
2426
2427/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
2428#define ku_reject(x, usage) \
2429 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
2430
2431#ifndef OPENSSL_NO_EC
2432
2433int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2434 {
2435 unsigned long alg_k, alg_a;
2436 EVP_PKEY *pkey = NULL;
2437 int keysize = 0;
2438 int signature_nid = 0, md_nid = 0, pk_nid = 0;
2439 const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
2440
2441 alg_k = cs->algorithm_mkey;
2442 alg_a = cs->algorithm_auth;
2443
2444 if (SSL_C_IS_EXPORT(cs))
2445 {
2446 /* ECDH key length in export ciphers must be <= 163 bits */
2447 pkey = X509_get_pubkey(x);
2448 if (pkey == NULL) return 0;
2449 keysize = EVP_PKEY_bits(pkey);
2450 EVP_PKEY_free(pkey);
2451 if (keysize > 163) return 0;
2452 }
2453
2454 /* This call populates the ex_flags field correctly */
2455 X509_check_purpose(x, -1, 0);
2456 if ((x->sig_alg) && (x->sig_alg->algorithm))
2457 {
2458 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2459 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2460 }
2461 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
2462 {
2463 /* key usage, if present, must allow key agreement */
2464 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
2465 {
2466 OPENSSL_PUT_ERROR(SSL, ssl_check_srvr_ecc_cert_and_alg, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2467 return 0;
2468 }
2469 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
2470 {
2471 /* signature alg must be ECDSA */
2472 if (pk_nid != NID_X9_62_id_ecPublicKey)
2473 {
2474 OPENSSL_PUT_ERROR(SSL, ssl_check_srvr_ecc_cert_and_alg, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2475 return 0;
2476 }
2477 }
2478 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION)
2479 {
2480 /* signature alg must be RSA */
2481
2482 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
2483 {
2484 OPENSSL_PUT_ERROR(SSL, ssl_check_srvr_ecc_cert_and_alg, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2485 return 0;
2486 }
2487 }
2488 }
2489 if (alg_a & SSL_aECDSA)
2490 {
2491 /* key usage, if present, must allow signing */
2492 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
2493 {
2494 OPENSSL_PUT_ERROR(SSL, ssl_check_srvr_ecc_cert_and_alg, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2495 return 0;
2496 }
2497 }
2498
2499 return 1; /* all checks are ok */
2500 }
2501
2502#endif
2503
2504static int ssl_get_server_cert_index(const SSL *s)
2505 {
2506 int idx;
2507 idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
2508 if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509)
2509 idx = SSL_PKEY_RSA_SIGN;
2510 if (idx == -1)
2511 OPENSSL_PUT_ERROR(SSL, ssl_get_server_cert_index, ERR_R_INTERNAL_ERROR);
2512 return idx;
2513 }
2514
2515CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
2516 {
2517 CERT *c;
2518 int i;
2519
2520 c = s->cert;
2521 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
2522
2523#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
2524 /* Broken protocol test: return last used certificate: which may
2525 * mismatch the one expected.
2526 */
2527 if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
2528 return c->key;
2529#endif
2530
2531 i = ssl_get_server_cert_index(s);
2532
2533 /* This may or may not be an error. */
2534 if (i < 0)
2535 return NULL;
2536
2537 /* May be NULL. */
2538 return &c->pkeys[i];
2539 }
2540
2541EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
2542 {
2543 unsigned long alg_a;
2544 CERT *c;
2545 int idx = -1;
2546
2547 alg_a = cipher->algorithm_auth;
2548 c=s->cert;
2549
2550#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
2551 /* Broken protocol test: use last key: which may
2552 * mismatch the one expected.
2553 */
2554 if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
2555 idx = c->key - c->pkeys;
2556 else
2557#endif
2558
2559 if ((alg_a & SSL_aDSS) &&
2560 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2561 idx = SSL_PKEY_DSA_SIGN;
2562 else if (alg_a & SSL_aRSA)
2563 {
2564 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2565 idx = SSL_PKEY_RSA_SIGN;
2566 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2567 idx = SSL_PKEY_RSA_ENC;
2568 }
2569 else if ((alg_a & SSL_aECDSA) &&
2570 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2571 idx = SSL_PKEY_ECC;
2572 if (idx == -1)
2573 {
2574 OPENSSL_PUT_ERROR(SSL, ssl_get_sign_pkey, ERR_R_INTERNAL_ERROR);
2575 return(NULL);
2576 }
2577 if (pmd)
2578 *pmd = c->pkeys[idx].digest;
2579 return c->pkeys[idx].privatekey;
2580 }
2581
2582#ifndef OPENSSL_NO_TLSEXT
2583unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length)
2584 {
2585 CERT *c;
2586 int i;
2587
2588 c = s->cert;
2589 i = ssl_get_server_cert_index(s);
2590
2591 if (i == -1)
2592 return NULL;
2593
2594 *authz_length = 0;
2595 if (c->pkeys[i].authz == NULL)
2596 return(NULL);
2597 *authz_length = c->pkeys[i].authz_length;
2598
2599 return c->pkeys[i].authz;
2600 }
2601
2602int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
2603 size_t *serverinfo_length)
2604 {
2605 CERT *c = NULL;
2606 int i = 0;
2607 *serverinfo_length = 0;
2608
2609 c = s->cert;
2610 i = ssl_get_server_cert_index(s);
2611
2612 if (i == -1)
2613 return 0;
2614 if (c->pkeys[i].serverinfo == NULL)
2615 return 0;
2616
2617 *serverinfo = c->pkeys[i].serverinfo;
2618 *serverinfo_length = c->pkeys[i].serverinfo_length;
2619 return 1;
2620 }
2621#endif
2622
2623void ssl_update_cache(SSL *s,int mode)
2624 {
2625 int i;
2626
2627 /* If the session_id_length is 0, we are not supposed to cache it,
2628 * and it would be rather hard to do anyway :-) */
2629 if (s->session->session_id_length == 0) return;
2630
2631 i=s->session_ctx->session_cache_mode;
2632 if ((i & mode) && (!s->hit)
2633 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2634 || SSL_CTX_add_session(s->session_ctx,s->session))
2635 && (s->session_ctx->new_session_cb != NULL))
2636 {
2637 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
2638 if (!s->session_ctx->new_session_cb(s,s->session))
2639 SSL_SESSION_free(s->session);
2640 }
2641
2642 /* auto flush every 255 connections */
2643 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2644 ((i & mode) == mode))
2645 {
2646 if ( (((mode & SSL_SESS_CACHE_CLIENT)
2647 ?s->session_ctx->stats.sess_connect_good
2648 :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff)
2649 {
2650 SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
2651 }
2652 }
2653 }
2654
2655const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
2656 {
2657 return ctx->method;
2658 }
2659
2660const SSL_METHOD *SSL_get_ssl_method(SSL *s)
2661 {
2662 return(s->method);
2663 }
2664
2665int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2666 {
2667 int conn= -1;
2668 int ret=1;
2669
2670 if (s->method != meth)
2671 {
2672 if (s->handshake_func != NULL)
2673 conn=(s->handshake_func == s->method->ssl_connect);
2674
2675 if (s->method->version == meth->version)
2676 s->method=meth;
2677 else
2678 {
2679 s->method->ssl_free(s);
2680 s->method=meth;
2681 ret=s->method->ssl_new(s);
2682 }
2683
2684 if (conn == 1)
2685 s->handshake_func=meth->ssl_connect;
2686 else if (conn == 0)
2687 s->handshake_func=meth->ssl_accept;
2688 }
2689 return(ret);
2690 }
2691
2692int SSL_get_error(const SSL *s,int i)
2693 {
2694 int reason;
2695 unsigned long l;
2696 BIO *bio;
2697
2698 if (i > 0) return(SSL_ERROR_NONE);
2699
2700 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2701 * etc, where we do encode the error */
2702 if ((l=ERR_peek_error()) != 0)
2703 {
2704 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2705 return(SSL_ERROR_SYSCALL);
2706 else
2707 return(SSL_ERROR_SSL);
2708 }
2709
2710 if ((i < 0) && SSL_want_read(s))
2711 {
2712 bio=SSL_get_rbio(s);
2713 if (BIO_should_read(bio))
2714 return(SSL_ERROR_WANT_READ);
2715 else if (BIO_should_write(bio))
2716 /* This one doesn't make too much sense ... We never try
2717 * to write to the rbio, and an application program where
2718 * rbio and wbio are separate couldn't even know what it
2719 * should wait for.
2720 * However if we ever set s->rwstate incorrectly
2721 * (so that we have SSL_want_read(s) instead of
2722 * SSL_want_write(s)) and rbio and wbio *are* the same,
2723 * this test works around that bug; so it might be safer
2724 * to keep it. */
2725 return(SSL_ERROR_WANT_WRITE);
2726 else if (BIO_should_io_special(bio))
2727 {
2728 reason=BIO_get_retry_reason(bio);
2729 if (reason == BIO_RR_CONNECT)
2730 return(SSL_ERROR_WANT_CONNECT);
2731 else if (reason == BIO_RR_ACCEPT)
2732 return(SSL_ERROR_WANT_ACCEPT);
2733 else
2734 return(SSL_ERROR_SYSCALL); /* unknown */
2735 }
2736 }
2737
2738 if ((i < 0) && SSL_want_write(s))
2739 {
2740 bio=SSL_get_wbio(s);
2741 if (BIO_should_write(bio))
2742 return(SSL_ERROR_WANT_WRITE);
2743 else if (BIO_should_read(bio))
2744 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
2745 return(SSL_ERROR_WANT_READ);
2746 else if (BIO_should_io_special(bio))
2747 {
2748 reason=BIO_get_retry_reason(bio);
2749 if (reason == BIO_RR_CONNECT)
2750 return(SSL_ERROR_WANT_CONNECT);
2751 else if (reason == BIO_RR_ACCEPT)
2752 return(SSL_ERROR_WANT_ACCEPT);
2753 else
2754 return(SSL_ERROR_SYSCALL);
2755 }
2756 }
2757 if ((i < 0) && SSL_want_x509_lookup(s))
2758 {
2759 return(SSL_ERROR_WANT_X509_LOOKUP);
2760 }
2761
2762 if (i == 0)
2763 {
2764 if (s->version == SSL2_VERSION)
2765 {
2766 /* assume it is the socket being closed */
2767 return(SSL_ERROR_ZERO_RETURN);
2768 }
2769 else
2770 {
2771 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2772 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2773 return(SSL_ERROR_ZERO_RETURN);
2774 }
2775 }
2776 return(SSL_ERROR_SYSCALL);
2777 }
2778
2779int SSL_do_handshake(SSL *s)
2780 {
2781 int ret=1;
2782
2783 if (s->handshake_func == NULL)
2784 {
2785 OPENSSL_PUT_ERROR(SSL, SSL_do_handshake, SSL_R_CONNECTION_TYPE_NOT_SET);
2786 return(-1);
2787 }
2788
2789 s->method->ssl_renegotiate_check(s);
2790
2791 if (SSL_in_init(s) || SSL_in_before(s))
2792 {
2793 ret=s->handshake_func(s);
2794 }
2795 return(ret);
2796 }
2797
2798/* For the next 2 functions, SSL_clear() sets shutdown and so
2799 * one of these calls will reset it */
2800void SSL_set_accept_state(SSL *s)
2801 {
2802 s->server=1;
2803 s->shutdown=0;
2804 s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
2805 s->handshake_func=s->method->ssl_accept;
2806 /* clear the current cipher */
2807 ssl_clear_cipher_ctx(s);
2808 ssl_clear_hash_ctx(&s->read_hash);
2809 ssl_clear_hash_ctx(&s->write_hash);
2810 }
2811
2812void SSL_set_connect_state(SSL *s)
2813 {
2814 s->server=0;
2815 s->shutdown=0;
2816 s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
2817 s->handshake_func=s->method->ssl_connect;
2818 /* clear the current cipher */
2819 ssl_clear_cipher_ctx(s);
2820 ssl_clear_hash_ctx(&s->read_hash);
2821 ssl_clear_hash_ctx(&s->write_hash);
2822 }
2823
2824int ssl_undefined_function(SSL *s)
2825 {
2826 OPENSSL_PUT_ERROR(SSL, ssl_undefined_function, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2827 return(0);
2828 }
2829
2830int ssl_undefined_void_function(void)
2831 {
2832 OPENSSL_PUT_ERROR(SSL, ssl_undefined_void_function, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2833 return(0);
2834 }
2835
2836int ssl_undefined_const_function(const SSL *s)
2837 {
2838 OPENSSL_PUT_ERROR(SSL, ssl_undefined_const_function, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2839 return(0);
2840 }
2841
2842SSL_METHOD *ssl_bad_method(int ver)
2843 {
2844 OPENSSL_PUT_ERROR(SSL, ssl_bad_method, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2845 return(NULL);
2846 }
2847
2848const char *SSL_get_version(const SSL *s)
2849 {
2850 if (s->version == TLS1_2_VERSION)
2851 return("TLSv1.2");
2852 else if (s->version == TLS1_1_VERSION)
2853 return("TLSv1.1");
2854 else if (s->version == TLS1_VERSION)
2855 return("TLSv1");
2856 else if (s->version == SSL3_VERSION)
2857 return("SSLv3");
2858 else if (s->version == SSL2_VERSION)
2859 return("SSLv2");
2860 else
2861 return("unknown");
2862 }
2863
2864void ssl_clear_cipher_ctx(SSL *s)
2865 {
2866 if (s->enc_read_ctx != NULL)
2867 {
2868 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
2869 OPENSSL_free(s->enc_read_ctx);
2870 s->enc_read_ctx=NULL;
2871 }
2872 if (s->enc_write_ctx != NULL)
2873 {
2874 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
2875 OPENSSL_free(s->enc_write_ctx);
2876 s->enc_write_ctx=NULL;
2877 }
2878 }
2879
2880X509 *SSL_get_certificate(const SSL *s)
2881 {
2882 if (s->cert != NULL)
2883 return(s->cert->key->x509);
2884 else
2885 return(NULL);
2886 }
2887
2888EVP_PKEY *SSL_get_privatekey(const SSL *s)
2889 {
2890 if (s->cert != NULL)
2891 return(s->cert->key->privatekey);
2892 else
2893 return(NULL);
2894 }
2895
2896X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
2897 {
2898 if (ctx->cert != NULL)
2899 return ctx->cert->key->x509;
2900 else
2901 return NULL;
2902 }
2903
2904EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
2905 {
2906 if (ctx->cert != NULL)
2907 return ctx->cert->key->privatekey;
2908 else
2909 return NULL ;
2910 }
2911
2912const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
2913 {
2914 if ((s->session != NULL) && (s->session->cipher != NULL))
2915 return(s->session->cipher);
2916 return(NULL);
2917 }
2918const void *SSL_get_current_compression(SSL *s)
2919 {
2920 return NULL;
2921 }
2922const void *SSL_get_current_expansion(SSL *s)
2923 {
2924 return NULL;
2925 }
2926
2927int ssl_init_wbio_buffer(SSL *s,int push)
2928 {
2929 BIO *bbio;
2930
2931 if (s->bbio == NULL)
2932 {
2933 bbio=BIO_new(BIO_f_buffer());
2934 if (bbio == NULL) return(0);
2935 s->bbio=bbio;
2936 }
2937 else
2938 {
2939 bbio=s->bbio;
2940 if (s->bbio == s->wbio)
2941 s->wbio=BIO_pop(s->wbio);
2942 }
2943 (void)BIO_reset(bbio);
2944/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2945 if (!BIO_set_read_buffer_size(bbio,1))
2946 {
2947 OPENSSL_PUT_ERROR(SSL, ssl_init_wbio_buffer, ERR_R_BUF_LIB);
2948 return(0);
2949 }
2950 if (push)
2951 {
2952 if (s->wbio != bbio)
2953 s->wbio=BIO_push(bbio,s->wbio);
2954 }
2955 else
2956 {
2957 if (s->wbio == bbio)
2958 s->wbio=BIO_pop(bbio);
2959 }
2960 return(1);
2961 }
2962
2963void ssl_free_wbio_buffer(SSL *s)
2964 {
2965 if (s->bbio == NULL) return;
2966
2967 if (s->bbio == s->wbio)
2968 {
2969 /* remove buffering */
2970 s->wbio=BIO_pop(s->wbio);
2971#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
2972 assert(s->wbio != NULL);
2973#endif
2974 }
2975 BIO_free(s->bbio);
2976 s->bbio=NULL;
2977 }
2978
2979void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
2980 {
2981 ctx->quiet_shutdown=mode;
2982 }
2983
2984int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2985 {
2986 return(ctx->quiet_shutdown);
2987 }
2988
2989void SSL_set_quiet_shutdown(SSL *s,int mode)
2990 {
2991 s->quiet_shutdown=mode;
2992 }
2993
2994int SSL_get_quiet_shutdown(const SSL *s)
2995 {
2996 return(s->quiet_shutdown);
2997 }
2998
2999void SSL_set_shutdown(SSL *s,int mode)
3000 {
3001 s->shutdown=mode;
3002 }
3003
3004int SSL_get_shutdown(const SSL *s)
3005 {
3006 return(s->shutdown);
3007 }
3008
3009int SSL_version(const SSL *s)
3010 {
3011 return(s->version);
3012 }
3013
3014SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
3015 {
3016 return(ssl->ctx);
3017 }
3018
3019SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
3020 {
3021 if (ssl->ctx == ctx)
3022 return ssl->ctx;
3023#ifndef OPENSSL_NO_TLSEXT
3024 if (ctx == NULL)
3025 ctx = ssl->initial_ctx;
3026#endif
3027 if (ssl->cert != NULL)
3028 ssl_cert_free(ssl->cert);
3029 ssl->cert = ssl_cert_dup(ctx->cert);
3030 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
3031 if (ssl->ctx != NULL)
3032 SSL_CTX_free(ssl->ctx); /* decrement reference count */
3033 ssl->ctx = ctx;
3034 return(ssl->ctx);
3035 }
3036
3037#ifndef OPENSSL_NO_STDIO
3038int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
3039 {
3040 return(X509_STORE_set_default_paths(ctx->cert_store));
3041 }
3042
3043int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
3044 const char *CApath)
3045 {
3046 return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
3047 }
3048#endif
3049
3050void SSL_set_info_callback(SSL *ssl,
3051 void (*cb)(const SSL *ssl,int type,int val))
3052 {
3053 ssl->info_callback=cb;
3054 }
3055
3056/* One compiler (Diab DCC) doesn't like argument names in returned
3057 function pointer. */
3058void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
3059 {
3060 return ssl->info_callback;
3061 }
3062
3063int SSL_state(const SSL *ssl)
3064 {
3065 return(ssl->state);
3066 }
3067
3068void SSL_set_state(SSL *ssl, int state)
3069 {
3070 ssl->state = state;
3071 }
3072
3073void SSL_set_verify_result(SSL *ssl,long arg)
3074 {
3075 ssl->verify_result=arg;
3076 }
3077
3078long SSL_get_verify_result(const SSL *ssl)
3079 {
3080 return(ssl->verify_result);
3081 }
3082
3083int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
3084 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
3085 {
3086 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
3087 new_func, dup_func, free_func);
3088 }
3089
3090int SSL_set_ex_data(SSL *s,int idx,void *arg)
3091 {
3092 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
3093 }
3094
3095void *SSL_get_ex_data(const SSL *s,int idx)
3096 {
3097 return(CRYPTO_get_ex_data(&s->ex_data,idx));
3098 }
3099
3100int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
3101 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
3102 {
3103 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
3104 new_func, dup_func, free_func);
3105 }
3106
3107int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
3108 {
3109 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
3110 }
3111
3112void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx)
3113 {
3114 return(CRYPTO_get_ex_data(&s->ex_data,idx));
3115 }
3116
3117int ssl_ok(SSL *s)
3118 {
3119 return(1);
3120 }
3121
3122X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
3123 {
3124 return(ctx->cert_store);
3125 }
3126
3127void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
3128 {
3129 if (ctx->cert_store != NULL)
3130 X509_STORE_free(ctx->cert_store);
3131 ctx->cert_store=store;
3132 }
3133
3134int SSL_want(const SSL *s)
3135 {
3136 return(s->rwstate);
3137 }
3138
3139/*!
3140 * \brief Set the callback for generating temporary RSA keys.
3141 * \param ctx the SSL context.
3142 * \param cb the callback
3143 */
3144
3145#ifndef OPENSSL_NO_RSA
3146void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
3147 int is_export,
3148 int keylength))
3149 {
3150 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3151 }
3152
3153void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
3154 int is_export,
3155 int keylength))
3156 {
3157 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3158 }
3159#endif
3160
3161#ifdef DOXYGEN
3162/*!
3163 * \brief The RSA temporary key callback function.
3164 * \param ssl the SSL session.
3165 * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
3166 * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
3167 * of the required key in bits.
3168 * \return the temporary RSA key.
3169 * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
3170 */
3171
3172RSA *cb(SSL *ssl,int is_export,int keylength)
3173 {}
3174#endif
3175
3176/*!
3177 * \brief Set the callback for generating temporary DH keys.
3178 * \param ctx the SSL context.
3179 * \param dh the callback
3180 */
3181
3182#ifndef OPENSSL_NO_DH
3183void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
3184 int keylength))
3185 {
3186 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3187 }
3188
3189void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
3190 int keylength))
3191 {
3192 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3193 }
3194#endif
3195
3196#ifndef OPENSSL_NO_ECDH
3197void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
3198 int keylength))
3199 {
3200 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3201 }
3202
3203void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
3204 int keylength))
3205 {
3206 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3207 }
3208#endif
3209
3210#ifndef OPENSSL_NO_PSK
3211int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
3212 {
3213 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
3214 {
3215 OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_psk_identity_hint, SSL_R_DATA_LENGTH_TOO_LONG);
3216 return 0;
3217 }
3218 if (ctx->psk_identity_hint != NULL)
3219 OPENSSL_free(ctx->psk_identity_hint);
3220 if (identity_hint != NULL)
3221 {
3222 ctx->psk_identity_hint = BUF_strdup(identity_hint);
3223 if (ctx->psk_identity_hint == NULL)
3224 return 0;
3225 }
3226 else
3227 ctx->psk_identity_hint = NULL;
3228 return 1;
3229 }
3230
3231int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
3232 {
3233 if (s == NULL)
3234 return 0;
3235
3236 if (s->session == NULL)
3237 return 1; /* session not created yet, ignored */
3238
3239 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
3240 {
3241 OPENSSL_PUT_ERROR(SSL, SSL_use_psk_identity_hint, SSL_R_DATA_LENGTH_TOO_LONG);
3242 return 0;
3243 }
3244 if (s->session->psk_identity_hint != NULL)
3245 OPENSSL_free(s->session->psk_identity_hint);
3246 if (identity_hint != NULL)
3247 {
3248 s->session->psk_identity_hint = BUF_strdup(identity_hint);
3249 if (s->session->psk_identity_hint == NULL)
3250 return 0;
3251 }
3252 else
3253 s->session->psk_identity_hint = NULL;
3254 return 1;
3255 }
3256
3257const char *SSL_get_psk_identity_hint(const SSL *s)
3258 {
3259 if (s == NULL || s->session == NULL)
3260 return NULL;
3261 return(s->session->psk_identity_hint);
3262 }
3263
3264const char *SSL_get_psk_identity(const SSL *s)
3265 {
3266 if (s == NULL || s->session == NULL)
3267 return NULL;
3268 return(s->session->psk_identity);
3269 }
3270
3271void SSL_set_psk_client_callback(SSL *s,
3272 unsigned int (*cb)(SSL *ssl, const char *hint,
3273 char *identity, unsigned int max_identity_len, unsigned char *psk,
3274 unsigned int max_psk_len))
3275 {
3276 s->psk_client_callback = cb;
3277 }
3278
3279void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
3280 unsigned int (*cb)(SSL *ssl, const char *hint,
3281 char *identity, unsigned int max_identity_len, unsigned char *psk,
3282 unsigned int max_psk_len))
3283 {
3284 ctx->psk_client_callback = cb;
3285 }
3286
3287void SSL_set_psk_server_callback(SSL *s,
3288 unsigned int (*cb)(SSL *ssl, const char *identity,
3289 unsigned char *psk, unsigned int max_psk_len))
3290 {
3291 s->psk_server_callback = cb;
3292 }
3293
3294void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
3295 unsigned int (*cb)(SSL *ssl, const char *identity,
3296 unsigned char *psk, unsigned int max_psk_len))
3297 {
3298 ctx->psk_server_callback = cb;
3299 }
3300#endif
3301
3302void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3303 {
3304 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3305 }
3306void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3307 {
3308 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3309 }
3310
3311/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
3312 * vairable, freeing EVP_MD_CTX previously stored in that variable, if
3313 * any. If EVP_MD pointer is passed, initializes ctx with this md
3314 * Returns newly allocated ctx;
3315 */
3316
3317EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md)
3318{
3319 ssl_clear_hash_ctx(hash);
3320 *hash = EVP_MD_CTX_create();
3321 if (md) EVP_DigestInit_ex(*hash,md,NULL);
3322 return *hash;
3323}
3324void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3325{
3326
3327 if (*hash) EVP_MD_CTX_destroy(*hash);
3328 *hash=NULL;
3329}
3330
3331void SSL_set_debug(SSL *s, int debug)
3332 {
3333 s->debug = debug;
3334 }
3335
3336int SSL_cache_hit(SSL *s)
3337 {
3338 return s->hit;
3339 }
3340
3341int SSL_is_server(SSL *s)
3342 {
3343 return s->server;
3344 }