Lines Matching defs:s
16 * Copyright remains Eric Young's, and as such any Copyright notices in
165 SSL_clear(SSL *s)
167 if (s->method == NULL) {
168 SSLerror(s, SSL_R_NO_METHOD_SPECIFIED);
172 if (ssl_clear_bad_session(s)) {
173 SSL_SESSION_free(s->session);
174 s->session = NULL;
177 s->error = 0;
178 s->hit = 0;
179 s->shutdown = 0;
181 if (s->renegotiate) {
182 SSLerror(s, ERR_R_INTERNAL_ERROR);
186 s->version = s->method->version;
187 s->client_version = s->version;
188 s->rwstate = SSL_NOTHING;
189 s->rstate = SSL_ST_READ_HEADER;
191 tls13_ctx_free(s->tls13);
192 s->tls13 = NULL;
194 ssl3_release_init_buffer(s);
196 ssl_clear_cipher_state(s);
198 s->first_packet = 0;
204 if (!s->in_handshake && (s->session == NULL) &&
205 (s->method != s->ctx->method)) {
206 s->method->ssl_free(s);
207 s->method = s->ctx->method;
208 if (!s->method->ssl_new(s))
211 s->method->ssl_clear(s);
239 SSL *s;
251 if ((s = calloc(1, sizeof(*s))) == NULL)
254 if ((s->rl = tls12_record_layer_new()) == NULL)
257 s->min_tls_version = ctx->min_tls_version;
258 s->max_tls_version = ctx->max_tls_version;
259 s->min_proto_version = ctx->min_proto_version;
260 s->max_proto_version = ctx->max_proto_version;
262 s->options = ctx->options;
263 s->mode = ctx->mode;
264 s->max_cert_list = ctx->max_cert_list;
265 s->num_tickets = ctx->num_tickets;
267 if ((s->cert = ssl_cert_dup(ctx->cert)) == NULL)
270 s->read_ahead = ctx->read_ahead;
271 s->msg_callback = ctx->msg_callback;
272 s->msg_callback_arg = ctx->msg_callback_arg;
273 s->verify_mode = ctx->verify_mode;
274 s->sid_ctx_length = ctx->sid_ctx_length;
275 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
276 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
277 s->verify_callback = ctx->default_verify_callback;
278 s->generate_session_id = ctx->generate_session_id;
280 s->param = X509_VERIFY_PARAM_new();
281 if (!s->param)
283 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
284 s->quiet_shutdown = ctx->quiet_shutdown;
285 s->max_send_fragment = ctx->max_send_fragment;
288 s->ctx = ctx;
289 s->tlsext_debug_cb = NULL;
290 s->tlsext_debug_arg = NULL;
291 s->tlsext_ticket_expected = 0;
292 s->tlsext_status_type = -1;
293 s->tlsext_status_expected = 0;
294 s->tlsext_ocsp_ids = NULL;
295 s->tlsext_ocsp_exts = NULL;
296 s->tlsext_ocsp_resp = NULL;
297 s->tlsext_ocsp_resp_len = 0;
299 s->initial_ctx = ctx;
301 if (!tlsext_randomize_build_order(s))
305 s->tlsext_ecpointformatlist =
308 if (s->tlsext_ecpointformatlist == NULL)
310 memcpy(s->tlsext_ecpointformatlist,
314 s->tlsext_ecpointformatlist_length =
318 s->tlsext_supportedgroups =
321 if (s->tlsext_supportedgroups == NULL)
323 memcpy(s->tlsext_supportedgroups,
327 s->tlsext_supportedgroups_length =
333 if (!CBS_stow(&cbs, &s->alpn_client_proto_list,
334 &s->alpn_client_proto_list_len))
337 s->verify_result = X509_V_OK;
339 s->method = ctx->method;
340 s->quic_method = ctx->quic_method;
342 if (!s->method->ssl_new(s))
345 s->references = 1;
346 s->server = ctx->method->server;
348 SSL_clear(s);
350 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
352 return (s);
355 SSL_free(s);
418 * check - ie. to find if there's a session in the hash table
439 SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
441 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
446 SSL_set_purpose(SSL *s, int purpose)
448 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
453 SSL_CTX_set_trust(SSL_CTX *s, int trust)
455 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
460 SSL_set_trust(SSL *s, int trust)
462 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
467 SSL_set1_host(SSL *s, const char *hostname)
475 return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname);
477 return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
482 SSL_set_hostflags(SSL *s, unsigned int flags)
484 X509_VERIFY_PARAM_set_hostflags(s->param, flags);
489 SSL_get0_peername(SSL *s)
491 return X509_VERIFY_PARAM_get0_peername(s->param);
524 SSL_free(SSL *s)
528 if (s == NULL)
531 i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
535 X509_VERIFY_PARAM_free(s->param);
537 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
539 if (s->bbio != NULL) {
541 if (s->bbio == s->wbio) {
542 s->wbio = BIO_pop(s->wbio);
544 BIO_free(s->bbio);
545 s->bbio = NULL;
548 if (s->rbio != s->wbio)
549 BIO_free_all(s->rbio);
550 BIO_free_all(s->wbio);
552 tls13_ctx_free(s->tls13);
554 ssl3_release_init_buffer(s);
556 sk_SSL_CIPHER_free(s->cipher_list);
557 sk_SSL_CIPHER_free(s->cipher_list_tls13);
560 if (s->session != NULL) {
561 ssl_clear_bad_session(s);
562 SSL_SESSION_free(s->session);
565 ssl_clear_cipher_state(s);
567 ssl_cert_free(s->cert);
569 free(s->tlsext_build_order);
571 free(s->tlsext_hostname);
572 SSL_CTX_free(s->initial_ctx);
574 free(s->tlsext_ecpointformatlist);
575 free(s->tlsext_supportedgroups);
577 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
579 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
580 free(s->tlsext_ocsp_resp);
582 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
584 if (s->method != NULL)
585 s->method->ssl_free(s);
587 SSL_CTX_free(s->ctx);
589 free(s->alpn_client_proto_list);
591 free(s->quic_transport_params);
594 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
597 tls12_record_layer_free(s->rl);
599 free(s);
604 SSL_up_ref(SSL *s)
606 return CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL) > 1;
611 SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
614 if (s->bbio != NULL) {
615 if (s->wbio == s->bbio) {
616 s->wbio = BIO_next(s->wbio);
617 BIO_set_next(s->bbio, NULL);
621 if (s->rbio != rbio && s->rbio != s->wbio)
622 BIO_free_all(s->rbio);
623 if (s->wbio != wbio)
624 BIO_free_all(s->wbio);
625 s->rbio = rbio;
626 s->wbio = wbio;
631 SSL_get_rbio(const SSL *s)
633 return (s->rbio);
638 SSL_set0_rbio(SSL *s, BIO *rbio)
640 BIO_free_all(s->rbio);
641 s->rbio = rbio;
646 SSL_get_wbio(const SSL *s)
648 return (s->wbio);
653 SSL_get_fd(const SSL *s)
655 return (SSL_get_rfd(s));
660 SSL_get_rfd(const SSL *s)
665 b = SSL_get_rbio(s);
674 SSL_get_wfd(const SSL *s)
679 b = SSL_get_wbio(s);
688 SSL_set_fd(SSL *s, int fd)
696 SSLerror(s, ERR_R_BUF_LIB);
700 SSL_set_bio(s, bio, bio);
708 SSL_set_wfd(SSL *s, int fd)
713 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
714 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
718 SSLerror(s, ERR_R_BUF_LIB);
722 SSL_set_bio(s, SSL_get_rbio(s), bio);
724 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
732 SSL_set_rfd(SSL *s, int fd)
737 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
738 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
742 SSLerror(s, ERR_R_BUF_LIB);
746 SSL_set_bio(s, bio, SSL_get_wbio(s));
748 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
758 SSL_get_finished(const SSL *s, void *buf, size_t count)
762 ret = s->s3->hs.finished_len;
765 memcpy(buf, s->s3->hs.finished, count);
772 SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
776 ret = s->s3->hs.peer_finished_len;
779 memcpy(buf, s->s3->hs.peer_finished, count);
786 SSL_get_verify_mode(const SSL *s)
788 return (s->verify_mode);
793 SSL_get_verify_depth(const SSL *s)
795 return (X509_VERIFY_PARAM_get_depth(s->param));
800 (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
802 return (s->verify_callback);
821 SSL_set_num_tickets(SSL *s, size_t num_tickets)
823 s->num_tickets = num_tickets;
830 SSL_get_num_tickets(const SSL *s)
832 return s->num_tickets;
874 SSL_set_verify(SSL *s, int mode,
877 s->verify_mode = mode;
879 s->verify_callback = callback;
884 SSL_set_verify_depth(SSL *s, int depth)
886 X509_VERIFY_PARAM_set_depth(s->param, depth);
891 SSL_set_read_ahead(SSL *s, int yes)
893 s->read_ahead = yes;
898 SSL_get_read_ahead(const SSL *s)
900 return (s->read_ahead);
905 SSL_pending(const SSL *s)
907 return (s->method->ssl_pending(s));
912 SSL_get_peer_certificate(const SSL *s)
916 if (s == NULL || s->session == NULL)
919 if ((cert = s->session->peer_cert) == NULL)
929 SSL_get_peer_cert_chain(const SSL *s)
931 if (s == NULL)
935 * Achtung! Due to API inconsistency, a client includes the peer's leaf
938 if (!s->server)
939 return s->s3->hs.peer_certs;
941 return s->s3->hs.peer_certs_no_leaf;
946 SSL_get0_verified_chain(const SSL *s)
948 if (s->s3 == NULL)
950 return s->s3->hs.verified_chain;
1034 SSL_accept(SSL *s)
1036 if (s->handshake_func == NULL)
1037 SSL_set_accept_state(s); /* Not properly initialized yet */
1039 return (s->method->ssl_accept(s));
1044 SSL_connect(SSL *s)
1046 if (s->handshake_func == NULL)
1047 SSL_set_connect_state(s); /* Not properly initialized yet */
1049 return (s->method->ssl_connect(s));
1054 SSL_is_dtls(const SSL *s)
1056 return s->method->dtls;
1061 SSL_is_server(const SSL *s)
1063 return s->server;
1078 SSL_get_default_timeout(const SSL *s)
1085 SSL_read(SSL *s, void *buf, int num)
1088 SSLerror(s, SSL_R_BAD_LENGTH);
1092 if (SSL_is_quic(s)) {
1093 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1097 if (s->handshake_func == NULL) {
1098 SSLerror(s, SSL_R_UNINITIALIZED);
1102 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1103 s->rwstate = SSL_NOTHING;
1106 return ssl3_read(s, buf, num);
1111 SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read)
1117 SSLerror(s, SSL_R_BAD_LENGTH);
1121 ret = SSL_read(s, buf, (int)num);
1131 SSL_peek(SSL *s, void *buf, int num)
1134 SSLerror(s, SSL_R_BAD_LENGTH);
1138 if (SSL_is_quic(s)) {
1139 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1143 if (s->handshake_func == NULL) {
1144 SSLerror(s, SSL_R_UNINITIALIZED);
1148 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1151 return ssl3_peek(s, buf, num);
1156 SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked)
1162 SSLerror(s, SSL_R_BAD_LENGTH);
1166 ret = SSL_peek(s, buf, (int)num);
1176 SSL_write(SSL *s, const void *buf, int num)
1179 SSLerror(s, SSL_R_BAD_LENGTH);
1183 if (SSL_is_quic(s)) {
1184 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1188 if (s->handshake_func == NULL) {
1189 SSLerror(s, SSL_R_UNINITIALIZED);
1193 if (s->shutdown & SSL_SENT_SHUTDOWN) {
1194 s->rwstate = SSL_NOTHING;
1195 SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN);
1198 return ssl3_write(s, buf, num);
1203 SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written)
1209 SSLerror(s, SSL_R_BAD_LENGTH);
1219 ret = SSL_write(s, buf, (int)num);
1243 SSL_get_max_early_data(const SSL *s)
1250 SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
1257 SSL_get_early_data_status(const SSL *s)
1264 SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
1268 if (!s->server) {
1269 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1278 SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
1281 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1287 SSL_shutdown(SSL *s)
1296 if (s->handshake_func == NULL) {
1297 SSLerror(s, SSL_R_UNINITIALIZED);
1301 if (s != NULL && !SSL_in_init(s))
1302 return (s->method->ssl_shutdown(s));
1309 SSL_renegotiate(SSL *s)
1311 if (s->renegotiate == 0)
1312 s->renegotiate = 1;
1314 s->new_session = 1;
1316 return (s->method->ssl_renegotiate(s));
1321 SSL_renegotiate_abbreviated(SSL *s)
1323 if (s->renegotiate == 0)
1324 s->renegotiate = 1;
1326 s->new_session = 0;
1328 return (s->method->ssl_renegotiate(s));
1333 SSL_renegotiate_pending(SSL *s)
1339 return (s->renegotiate != 0);
1344 SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1350 return (s->read_ahead);
1352 l = s->read_ahead;
1353 s->read_ahead = larg;
1357 s->msg_callback_arg = parg;
1361 return (s->options|=larg);
1363 return (s->options&=~larg);
1365 return (s->mode|=larg);
1367 return (s->mode &=~larg);
1369 return (s->max_cert_list);
1371 l = s->max_cert_list;
1372 s->max_cert_list = larg;
1377 if (SSL_is_dtls(s)) {
1378 s->d1->mtu = larg;
1385 s->max_send_fragment = larg;
1388 if (s->s3)
1389 return (s->s3->send_connection_binding);
1392 if (SSL_is_dtls(s))
1393 return dtls1_ctrl(s, cmd, larg, parg);
1394 return ssl3_ctrl(s, cmd, larg, parg);
1400 SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1404 s->msg_callback = (ssl_msg_callback_fn *)(fp);
1408 return (ssl3_callback_ctrl(s, cmd, fp));
1515 SSL_get_ciphers(const SSL *s)
1517 if (s == NULL)
1519 if (s->cipher_list != NULL)
1520 return (s->cipher_list);
1522 return (s->ctx->cipher_list);
1527 SSL_get_client_ciphers(const SSL *s)
1529 if (s == NULL || !s->server)
1531 return s->s3->hs.client_ciphers;
1536 SSL_get1_supported_ciphers(SSL *s)
1543 if (s == NULL)
1545 if (!ssl_supported_tls_version_range(s, &min_vers, &max_vers))
1547 if ((ciphers = SSL_get_ciphers(s)) == NULL)
1558 if (!ssl_security_supported_cipher(s, cipher))
1575 ssl_has_ecc_ciphers(SSL *s)
1582 if ((ciphers = SSL_get_ciphers(s)) == NULL)
1600 SSL_get_cipher_list(const SSL *s, int n)
1605 if ((ciphers = SSL_get_ciphers(s)) == NULL)
1665 SSL_set_cipher_list(SSL *s, const char *str)
1669 if ((ciphers_tls13 = s->cipher_list_tls13) == NULL)
1670 ciphers_tls13 = s->ctx->cipher_list_tls13;
1673 ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1674 ciphers_tls13, str, s->cert);
1678 SSLerror(s, SSL_R_NO_CIPHER_MATCH);
1686 SSL_set_ciphersuites(SSL *s, const char *str)
1690 if ((ciphers = s->cipher_list) == NULL)
1691 ciphers = s->ctx->cipher_list;
1693 if (!ssl_parse_ciphersuites(&s->cipher_list_tls13, str)) {
1697 if (!ssl_merge_cipherlists(ciphers, s->cipher_list_tls13,
1698 &s->cipher_list))
1706 SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1714 if (!s->server || len < 2)
1717 if ((client_ciphers = s->s3->hs.client_ciphers) == NULL)
1719 if ((server_ciphers = SSL_get_ciphers(s)) == NULL)
1752 SSL_get_servername(const SSL *s, const int type)
1757 return (s->session && !s->tlsext_hostname ?
1758 s->session->tlsext_hostname :
1759 s->tlsext_hostname);
1764 SSL_get_servername_type(const SSL *s)
1766 if (s->session &&
1767 (!s->tlsext_hostname ?
1768 s->session->tlsext_hostname : s->tlsext_hostname))
1807 * NPN's "opportunistic" protocol selection (see security considerations
1809 * of this API. For ALPN it's the callback's responsibility to fail on
1857 SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
1875 SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1953 * client's list of offered protocols.
1981 SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
1988 SSL_export_keying_material(SSL *s, unsigned char *out, size_t out_len,
1992 if (s->tls13 != NULL && s->version == TLS1_3_VERSION) {
1997 return tls13_exporter(s->tls13, label, label_len, context,
2001 return tls12_exporter(s, label, label_len, context, context_len,
2334 ssl_using_ecc_cipher(SSL *s)
2338 alg_a = s->s3->hs.cipher->algorithm_auth;
2339 alg_k = s->s3->hs.cipher->algorithm_mkey;
2341 return s->session->tlsext_ecpointformatlist != NULL &&
2342 s->session->tlsext_ecpointformatlist_length > 0 &&
2347 ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x)
2349 const SSL_CIPHER *cs = s->s3->hs.cipher;
2357 SSLerror(s, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2366 ssl_get_server_send_pkey(const SSL *s)
2372 c = s->cert;
2373 ssl_set_cert_masks(c, s->s3->hs.cipher);
2375 alg_a = s->s3->hs.cipher->algorithm_auth;
2382 SSLerror(s, ERR_R_INTERNAL_ERROR);
2390 ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd,
2400 c = s->cert;
2408 SSLerror(s, ERR_R_INTERNAL_ERROR);
2413 if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) {
2414 SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
2424 ssl_dhe_params_auto_key_bits(SSL *s)
2429 if (s->cert->dhe_params_auto == 2) {
2431 } else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) {
2433 if (s->s3->hs.cipher->strength_bits == 256)
2436 if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
2449 ssl_should_update_external_cache(SSL *s, int mode)
2453 cache_mode = s->session_ctx->session_cache_mode;
2460 if (!s->hit)
2463 /* If it's TLS 1.3, do it to match OpenSSL */
2464 if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION)
2471 ssl_should_update_internal_cache(SSL *s, int mode)
2475 cache_mode = s->session_ctx->session_cache_mode;
2482 if (s->hit)
2489 if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
2494 /* If it's not a server, add it? OpenSSL does this. */
2495 if (!s->server)
2502 * to know about this even if it's a stateless ticket
2505 if (s->session_ctx->remove_session_cb != NULL)
2509 if ((s->options & SSL_OP_NO_TICKET) != 0)
2517 ssl_update_cache(SSL *s, int mode)
2521 if (s->session->session_id_length == 0)
2524 cache_mode = s->session_ctx->session_cache_mode;
2525 do_callback = ssl_should_update_external_cache(s, mode);
2527 if (ssl_should_update_internal_cache(s, mode)) {
2532 (void) SSL_CTX_add_session(s->session_ctx, s->session);
2545 if (do_callback && s->session_ctx->new_session_cb != NULL) {
2546 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2547 if (!s->session_ctx->new_session_cb(s, s->session))
2548 SSL_SESSION_free(s->session);
2556 connections = s->session_ctx->stats.sess_connect_good;
2558 connections = s->session_ctx->stats.sess_accept_good;
2560 SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
2565 SSL_get_ssl_method(SSL *s)
2567 return (s->method);
2572 SSL_set_ssl_method(SSL *s, const SSL_METHOD *method)
2577 if (s->method == method)
2580 if (s->handshake_func == s->method->ssl_connect)
2582 else if (s->handshake_func == s->method->ssl_accept)
2585 if (s->method->version == method->version) {
2586 s->method = method;
2588 s->method->ssl_free(s);
2589 s->method = method;
2590 ret = s->method->ssl_new(s);
2592 s->handshake_func = handshake_func;
2599 SSL_get_error(const SSL *s, int i)
2619 if (SSL_want_read(s)) {
2620 bio = SSL_get_rbio(s);
2629 * ever set s->rwstate incorrectly (so that we have
2630 * SSL_want_read(s) instead of SSL_want_write(s))
2646 if (SSL_want_write(s)) {
2647 bio = SSL_get_wbio(s);
2652 * See above (SSL_want_read(s) with
2667 if (SSL_want_x509_lookup(s))
2670 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2671 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2807 SSL_do_handshake(SSL *s)
2809 if (s->handshake_func == NULL) {
2810 SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET);
2814 s->method->ssl_renegotiate_check(s);
2816 if (!SSL_in_init(s) && !SSL_in_before(s))
2819 return s->handshake_func(s);
2828 SSL_set_accept_state(SSL *s)
2830 s->server = 1;
2831 s->shutdown = 0;
2832 s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2833 s->handshake_func = s->method->ssl_accept;
2834 ssl_clear_cipher_state(s);
2839 SSL_set_connect_state(SSL *s)
2841 s->server = 0;
2842 s->shutdown = 0;
2843 s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2844 s->handshake_func = s->method->ssl_connect;
2845 ssl_clear_cipher_state(s);
2850 ssl_undefined_function(SSL *s)
2852 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2864 ssl_undefined_const_function(const SSL *s)
2866 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2892 SSL_get_version(const SSL *s)
2894 return ssl_version_string(s->version);
2899 SSL_dup(SSL *s)
2906 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2909 ret->version = s->version;
2910 ret->method = s->method;
2912 if (s->session != NULL) {
2913 if (!SSL_copy_session_id(ret, s))
2918 * that s->cert or ret->cert will be changed later --
2924 ret->method = s->method;
2928 if ((ret->cert = ssl_cert_dup(s->cert)) == NULL)
2931 if (!SSL_set_session_id_context(ret, s->sid_ctx,
2932 s->sid_ctx_length))
2936 ret->options = s->options;
2937 ret->mode = s->mode;
2938 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
2939 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
2940 ret->msg_callback = s->msg_callback;
2941 ret->msg_callback_arg = s->msg_callback_arg;
2942 SSL_set_verify(ret, SSL_get_verify_mode(s),
2943 SSL_get_verify_callback(s));
2944 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
2945 ret->generate_session_id = s->generate_session_id;
2947 SSL_set_info_callback(ret, SSL_get_info_callback(s));
2951 &ret->ex_data, &s->ex_data))
2955 if (s->rbio != NULL) {
2956 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2959 if (s->wbio != NULL) {
2960 if (s->wbio != s->rbio) {
2961 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2966 ret->rwstate = s->rwstate;
2967 ret->in_handshake = s->in_handshake;
2968 ret->handshake_func = s->handshake_func;
2969 ret->server = s->server;
2970 ret->renegotiate = s->renegotiate;
2971 ret->new_session = s->new_session;
2972 ret->quiet_shutdown = s->quiet_shutdown;
2973 ret->shutdown = s->shutdown;
2975 ret->s3->hs.state = s->s3->hs.state;
2976 ret->rstate = s->rstate;
2984 ret->hit = s->hit;
2986 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2988 if (s->cipher_list != NULL) {
2990 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2993 if (s->cipher_list_tls13 != NULL) {
2995 sk_SSL_CIPHER_dup(s->cipher_list_tls13)) == NULL)
3000 if (s->client_CA != NULL) {
3001 if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
3021 ssl_clear_cipher_state(SSL *s)
3023 tls12_record_layer_clear_read_state(s->rl);
3024 tls12_record_layer_clear_write_state(s->rl);
3028 ssl_info_callback(const SSL *s, int type, int value)
3032 if ((cb = s->info_callback) == NULL)
3033 cb = s->ctx->info_callback;
3035 cb(s, type, value);
3039 ssl_msg_callback(SSL *s, int is_write, int content_type,
3042 if (s->msg_callback == NULL)
3045 s->msg_callback(is_write, s->version, content_type,
3046 msg_buf, msg_len, s, s->msg_callback_arg);
3050 ssl_msg_callback_cbs(SSL *s, int is_write, int content_type, CBS *cbs)
3052 ssl_msg_callback(s, is_write, content_type, CBS_data(cbs), CBS_len(cbs));
3057 SSL_get_certificate(const SSL *s)
3059 return (s->cert->key->x509);
3065 SSL_get_privatekey(const SSL *s)
3067 return (s->cert->key->privatekey);
3072 SSL_get_current_cipher(const SSL *s)
3074 return s->s3->hs.cipher;
3079 SSL_get_current_compression(SSL *s)
3086 SSL_get_current_expansion(SSL *s)
3093 SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out)
3095 size_t len = sizeof(s->s3->client_random);
3103 memcpy(out, s->s3->client_random, len);
3110 SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out)
3112 size_t len = sizeof(s->s3->server_random);
3120 memcpy(out, s->s3->server_random, len);
3127 ssl_init_wbio_buffer(SSL *s, int push)
3131 if (s->bbio == NULL) {
3135 s->bbio = bbio;
3137 bbio = s->bbio;
3138 if (s->bbio == s->wbio)
3139 s->wbio = BIO_pop(s->wbio);
3144 SSLerror(s, ERR_R_BUF_LIB);
3148 if (s->wbio != bbio)
3149 s->wbio = BIO_push(bbio, s->wbio);
3151 if (s->wbio == bbio)
3152 s->wbio = BIO_pop(bbio);
3158 ssl_free_wbio_buffer(SSL *s)
3160 if (s == NULL)
3163 if (s->bbio == NULL)
3166 if (s->bbio == s->wbio) {
3168 s->wbio = BIO_pop(s->wbio);
3170 BIO_free(s->bbio);
3171 s->bbio = NULL;
3189 SSL_set_quiet_shutdown(SSL *s, int mode)
3191 s->quiet_shutdown = mode;
3196 SSL_get_quiet_shutdown(const SSL *s)
3198 return (s->quiet_shutdown);
3203 SSL_set_shutdown(SSL *s, int mode)
3205 s->shutdown = mode;
3210 SSL_get_shutdown(const SSL *s)
3212 return (s->shutdown);
3217 SSL_version(const SSL *s)
3219 return (s->version);
3347 SSL_set_ex_data(SSL *s, int idx, void *arg)
3349 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3354 SSL_get_ex_data(const SSL *s, int idx)
3356 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3370 SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
3372 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3377 SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
3379 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3384 ssl_ok(SSL *s)
3435 SSL_want(const SSL *s)
3437 return (s->rwstate);
3509 SSL_cache_hit(SSL *s)
3511 return (s->hit);