1c9496f6bSchristos /*
2*4724848cSchristos * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3*4724848cSchristos * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4c9496f6bSchristos * Copyright 2005 Nokia. All rights reserved.
5c9496f6bSchristos *
6*4724848cSchristos * Licensed under the OpenSSL license (the "License"). You may not use
7*4724848cSchristos * this file except in compliance with the License. You can obtain a copy
8*4724848cSchristos * in the file LICENSE in the source distribution or at
9*4724848cSchristos * https://www.openssl.org/source/license.html
10c9496f6bSchristos */
11c9496f6bSchristos
12c9496f6bSchristos #include <stdio.h>
13*4724848cSchristos #include "ssl_local.h"
14c9496f6bSchristos #include <openssl/objects.h>
15c9496f6bSchristos #include <openssl/x509v3.h>
16c9496f6bSchristos #include <openssl/rand.h>
17*4724848cSchristos #include <openssl/rand_drbg.h>
18c9496f6bSchristos #include <openssl/ocsp.h>
19c9496f6bSchristos #include <openssl/dh.h>
20c9496f6bSchristos #include <openssl/engine.h>
21*4724848cSchristos #include <openssl/async.h>
22*4724848cSchristos #include <openssl/ct.h>
23*4724848cSchristos #include "internal/cryptlib.h"
24*4724848cSchristos #include "internal/refcount.h"
25c9496f6bSchristos
26*4724848cSchristos const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
27*4724848cSchristos
ssl_undefined_function_1(SSL * ssl,SSL3_RECORD * r,size_t s,int t)28*4724848cSchristos static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t)
29*4724848cSchristos {
30*4724848cSchristos (void)r;
31*4724848cSchristos (void)s;
32*4724848cSchristos (void)t;
33*4724848cSchristos return ssl_undefined_function(ssl);
34*4724848cSchristos }
35*4724848cSchristos
ssl_undefined_function_2(SSL * ssl,SSL3_RECORD * r,unsigned char * s,int t)36*4724848cSchristos static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s,
37*4724848cSchristos int t)
38*4724848cSchristos {
39*4724848cSchristos (void)r;
40*4724848cSchristos (void)s;
41*4724848cSchristos (void)t;
42*4724848cSchristos return ssl_undefined_function(ssl);
43*4724848cSchristos }
44*4724848cSchristos
ssl_undefined_function_3(SSL * ssl,unsigned char * r,unsigned char * s,size_t t,size_t * u)45*4724848cSchristos static int ssl_undefined_function_3(SSL *ssl, unsigned char *r,
46*4724848cSchristos unsigned char *s, size_t t, size_t *u)
47*4724848cSchristos {
48*4724848cSchristos (void)r;
49*4724848cSchristos (void)s;
50*4724848cSchristos (void)t;
51*4724848cSchristos (void)u;
52*4724848cSchristos return ssl_undefined_function(ssl);
53*4724848cSchristos }
54*4724848cSchristos
ssl_undefined_function_4(SSL * ssl,int r)55*4724848cSchristos static int ssl_undefined_function_4(SSL *ssl, int r)
56*4724848cSchristos {
57*4724848cSchristos (void)r;
58*4724848cSchristos return ssl_undefined_function(ssl);
59*4724848cSchristos }
60*4724848cSchristos
ssl_undefined_function_5(SSL * ssl,const char * r,size_t s,unsigned char * t)61*4724848cSchristos static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s,
62*4724848cSchristos unsigned char *t)
63*4724848cSchristos {
64*4724848cSchristos (void)r;
65*4724848cSchristos (void)s;
66*4724848cSchristos (void)t;
67*4724848cSchristos return ssl_undefined_function(ssl);
68*4724848cSchristos }
69*4724848cSchristos
ssl_undefined_function_6(int r)70*4724848cSchristos static int ssl_undefined_function_6(int r)
71*4724848cSchristos {
72*4724848cSchristos (void)r;
73*4724848cSchristos return ssl_undefined_function(NULL);
74*4724848cSchristos }
75*4724848cSchristos
ssl_undefined_function_7(SSL * ssl,unsigned char * r,size_t s,const char * t,size_t u,const unsigned char * v,size_t w,int x)76*4724848cSchristos static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s,
77*4724848cSchristos const char *t, size_t u,
78*4724848cSchristos const unsigned char *v, size_t w, int x)
79*4724848cSchristos {
80*4724848cSchristos (void)r;
81*4724848cSchristos (void)s;
82*4724848cSchristos (void)t;
83*4724848cSchristos (void)u;
84*4724848cSchristos (void)v;
85*4724848cSchristos (void)w;
86*4724848cSchristos (void)x;
87*4724848cSchristos return ssl_undefined_function(ssl);
88*4724848cSchristos }
89c9496f6bSchristos
90c9496f6bSchristos SSL3_ENC_METHOD ssl3_undef_enc_method = {
91*4724848cSchristos ssl_undefined_function_1,
92*4724848cSchristos ssl_undefined_function_2,
93c9496f6bSchristos ssl_undefined_function,
94*4724848cSchristos ssl_undefined_function_3,
95*4724848cSchristos ssl_undefined_function_4,
96*4724848cSchristos ssl_undefined_function_5,
97c9496f6bSchristos NULL, /* client_finished_label */
98c9496f6bSchristos 0, /* client_finished_label_len */
99c9496f6bSchristos NULL, /* server_finished_label */
100c9496f6bSchristos 0, /* server_finished_label_len */
101*4724848cSchristos ssl_undefined_function_6,
102*4724848cSchristos ssl_undefined_function_7,
103c9496f6bSchristos };
104c9496f6bSchristos
105*4724848cSchristos struct ssl_async_args {
106*4724848cSchristos SSL *s;
107*4724848cSchristos void *buf;
108*4724848cSchristos size_t num;
109*4724848cSchristos enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
110*4724848cSchristos union {
111*4724848cSchristos int (*func_read) (SSL *, void *, size_t, size_t *);
112*4724848cSchristos int (*func_write) (SSL *, const void *, size_t, size_t *);
113*4724848cSchristos int (*func_other) (SSL *);
114*4724848cSchristos } f;
115*4724848cSchristos };
116*4724848cSchristos
117*4724848cSchristos static const struct {
118*4724848cSchristos uint8_t mtype;
119*4724848cSchristos uint8_t ord;
120*4724848cSchristos int nid;
121*4724848cSchristos } dane_mds[] = {
122*4724848cSchristos {
123*4724848cSchristos DANETLS_MATCHING_FULL, 0, NID_undef
124*4724848cSchristos },
125*4724848cSchristos {
126*4724848cSchristos DANETLS_MATCHING_2256, 1, NID_sha256
127*4724848cSchristos },
128*4724848cSchristos {
129*4724848cSchristos DANETLS_MATCHING_2512, 2, NID_sha512
130*4724848cSchristos },
131*4724848cSchristos };
132*4724848cSchristos
dane_ctx_enable(struct dane_ctx_st * dctx)133*4724848cSchristos static int dane_ctx_enable(struct dane_ctx_st *dctx)
134*4724848cSchristos {
135*4724848cSchristos const EVP_MD **mdevp;
136*4724848cSchristos uint8_t *mdord;
137*4724848cSchristos uint8_t mdmax = DANETLS_MATCHING_LAST;
138*4724848cSchristos int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */
139*4724848cSchristos size_t i;
140*4724848cSchristos
141*4724848cSchristos if (dctx->mdevp != NULL)
142*4724848cSchristos return 1;
143*4724848cSchristos
144*4724848cSchristos mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
145*4724848cSchristos mdord = OPENSSL_zalloc(n * sizeof(*mdord));
146*4724848cSchristos
147*4724848cSchristos if (mdord == NULL || mdevp == NULL) {
148*4724848cSchristos OPENSSL_free(mdord);
149*4724848cSchristos OPENSSL_free(mdevp);
150*4724848cSchristos SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
151*4724848cSchristos return 0;
152*4724848cSchristos }
153*4724848cSchristos
154*4724848cSchristos /* Install default entries */
155*4724848cSchristos for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
156*4724848cSchristos const EVP_MD *md;
157*4724848cSchristos
158*4724848cSchristos if (dane_mds[i].nid == NID_undef ||
159*4724848cSchristos (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
160*4724848cSchristos continue;
161*4724848cSchristos mdevp[dane_mds[i].mtype] = md;
162*4724848cSchristos mdord[dane_mds[i].mtype] = dane_mds[i].ord;
163*4724848cSchristos }
164*4724848cSchristos
165*4724848cSchristos dctx->mdevp = mdevp;
166*4724848cSchristos dctx->mdord = mdord;
167*4724848cSchristos dctx->mdmax = mdmax;
168*4724848cSchristos
169*4724848cSchristos return 1;
170*4724848cSchristos }
171*4724848cSchristos
dane_ctx_final(struct dane_ctx_st * dctx)172*4724848cSchristos static void dane_ctx_final(struct dane_ctx_st *dctx)
173*4724848cSchristos {
174*4724848cSchristos OPENSSL_free(dctx->mdevp);
175*4724848cSchristos dctx->mdevp = NULL;
176*4724848cSchristos
177*4724848cSchristos OPENSSL_free(dctx->mdord);
178*4724848cSchristos dctx->mdord = NULL;
179*4724848cSchristos dctx->mdmax = 0;
180*4724848cSchristos }
181*4724848cSchristos
tlsa_free(danetls_record * t)182*4724848cSchristos static void tlsa_free(danetls_record *t)
183*4724848cSchristos {
184*4724848cSchristos if (t == NULL)
185*4724848cSchristos return;
186*4724848cSchristos OPENSSL_free(t->data);
187*4724848cSchristos EVP_PKEY_free(t->spki);
188*4724848cSchristos OPENSSL_free(t);
189*4724848cSchristos }
190*4724848cSchristos
dane_final(SSL_DANE * dane)191*4724848cSchristos static void dane_final(SSL_DANE *dane)
192*4724848cSchristos {
193*4724848cSchristos sk_danetls_record_pop_free(dane->trecs, tlsa_free);
194*4724848cSchristos dane->trecs = NULL;
195*4724848cSchristos
196*4724848cSchristos sk_X509_pop_free(dane->certs, X509_free);
197*4724848cSchristos dane->certs = NULL;
198*4724848cSchristos
199*4724848cSchristos X509_free(dane->mcert);
200*4724848cSchristos dane->mcert = NULL;
201*4724848cSchristos dane->mtlsa = NULL;
202*4724848cSchristos dane->mdpth = -1;
203*4724848cSchristos dane->pdpth = -1;
204*4724848cSchristos }
205*4724848cSchristos
206*4724848cSchristos /*
207*4724848cSchristos * dane_copy - Copy dane configuration, sans verification state.
208*4724848cSchristos */
ssl_dane_dup(SSL * to,SSL * from)209*4724848cSchristos static int ssl_dane_dup(SSL *to, SSL *from)
210*4724848cSchristos {
211*4724848cSchristos int num;
212*4724848cSchristos int i;
213*4724848cSchristos
214*4724848cSchristos if (!DANETLS_ENABLED(&from->dane))
215*4724848cSchristos return 1;
216*4724848cSchristos
217*4724848cSchristos num = sk_danetls_record_num(from->dane.trecs);
218*4724848cSchristos dane_final(&to->dane);
219*4724848cSchristos to->dane.flags = from->dane.flags;
220*4724848cSchristos to->dane.dctx = &to->ctx->dane;
221*4724848cSchristos to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
222*4724848cSchristos
223*4724848cSchristos if (to->dane.trecs == NULL) {
224*4724848cSchristos SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
225*4724848cSchristos return 0;
226*4724848cSchristos }
227*4724848cSchristos
228*4724848cSchristos for (i = 0; i < num; ++i) {
229*4724848cSchristos danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
230*4724848cSchristos
231*4724848cSchristos if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
232*4724848cSchristos t->data, t->dlen) <= 0)
233*4724848cSchristos return 0;
234*4724848cSchristos }
235*4724848cSchristos return 1;
236*4724848cSchristos }
237*4724848cSchristos
dane_mtype_set(struct dane_ctx_st * dctx,const EVP_MD * md,uint8_t mtype,uint8_t ord)238*4724848cSchristos static int dane_mtype_set(struct dane_ctx_st *dctx,
239*4724848cSchristos const EVP_MD *md, uint8_t mtype, uint8_t ord)
240*4724848cSchristos {
241*4724848cSchristos int i;
242*4724848cSchristos
243*4724848cSchristos if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
244*4724848cSchristos SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
245*4724848cSchristos return 0;
246*4724848cSchristos }
247*4724848cSchristos
248*4724848cSchristos if (mtype > dctx->mdmax) {
249*4724848cSchristos const EVP_MD **mdevp;
250*4724848cSchristos uint8_t *mdord;
251*4724848cSchristos int n = ((int)mtype) + 1;
252*4724848cSchristos
253*4724848cSchristos mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
254*4724848cSchristos if (mdevp == NULL) {
255*4724848cSchristos SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
256*4724848cSchristos return -1;
257*4724848cSchristos }
258*4724848cSchristos dctx->mdevp = mdevp;
259*4724848cSchristos
260*4724848cSchristos mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
261*4724848cSchristos if (mdord == NULL) {
262*4724848cSchristos SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
263*4724848cSchristos return -1;
264*4724848cSchristos }
265*4724848cSchristos dctx->mdord = mdord;
266*4724848cSchristos
267*4724848cSchristos /* Zero-fill any gaps */
268*4724848cSchristos for (i = dctx->mdmax + 1; i < mtype; ++i) {
269*4724848cSchristos mdevp[i] = NULL;
270*4724848cSchristos mdord[i] = 0;
271*4724848cSchristos }
272*4724848cSchristos
273*4724848cSchristos dctx->mdmax = mtype;
274*4724848cSchristos }
275*4724848cSchristos
276*4724848cSchristos dctx->mdevp[mtype] = md;
277*4724848cSchristos /* Coerce ordinal of disabled matching types to 0 */
278*4724848cSchristos dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
279*4724848cSchristos
280*4724848cSchristos return 1;
281*4724848cSchristos }
282*4724848cSchristos
tlsa_md_get(SSL_DANE * dane,uint8_t mtype)283*4724848cSchristos static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
284*4724848cSchristos {
285*4724848cSchristos if (mtype > dane->dctx->mdmax)
286*4724848cSchristos return NULL;
287*4724848cSchristos return dane->dctx->mdevp[mtype];
288*4724848cSchristos }
289*4724848cSchristos
dane_tlsa_add(SSL_DANE * dane,uint8_t usage,uint8_t selector,uint8_t mtype,unsigned const char * data,size_t dlen)290*4724848cSchristos static int dane_tlsa_add(SSL_DANE *dane,
291*4724848cSchristos uint8_t usage,
292*4724848cSchristos uint8_t selector,
293*4724848cSchristos uint8_t mtype, unsigned const char *data, size_t dlen)
294*4724848cSchristos {
295*4724848cSchristos danetls_record *t;
296*4724848cSchristos const EVP_MD *md = NULL;
297*4724848cSchristos int ilen = (int)dlen;
298*4724848cSchristos int i;
299*4724848cSchristos int num;
300*4724848cSchristos
301*4724848cSchristos if (dane->trecs == NULL) {
302*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
303*4724848cSchristos return -1;
304*4724848cSchristos }
305*4724848cSchristos
306*4724848cSchristos if (ilen < 0 || dlen != (size_t)ilen) {
307*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
308*4724848cSchristos return 0;
309*4724848cSchristos }
310*4724848cSchristos
311*4724848cSchristos if (usage > DANETLS_USAGE_LAST) {
312*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
313*4724848cSchristos return 0;
314*4724848cSchristos }
315*4724848cSchristos
316*4724848cSchristos if (selector > DANETLS_SELECTOR_LAST) {
317*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);
318*4724848cSchristos return 0;
319*4724848cSchristos }
320*4724848cSchristos
321*4724848cSchristos if (mtype != DANETLS_MATCHING_FULL) {
322*4724848cSchristos md = tlsa_md_get(dane, mtype);
323*4724848cSchristos if (md == NULL) {
324*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
325*4724848cSchristos return 0;
326*4724848cSchristos }
327*4724848cSchristos }
328*4724848cSchristos
329*4724848cSchristos if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
330*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
331*4724848cSchristos return 0;
332*4724848cSchristos }
333*4724848cSchristos if (!data) {
334*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);
335*4724848cSchristos return 0;
336*4724848cSchristos }
337*4724848cSchristos
338*4724848cSchristos if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
339*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
340*4724848cSchristos return -1;
341*4724848cSchristos }
342*4724848cSchristos
343*4724848cSchristos t->usage = usage;
344*4724848cSchristos t->selector = selector;
345*4724848cSchristos t->mtype = mtype;
346*4724848cSchristos t->data = OPENSSL_malloc(dlen);
347*4724848cSchristos if (t->data == NULL) {
348*4724848cSchristos tlsa_free(t);
349*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
350*4724848cSchristos return -1;
351*4724848cSchristos }
352*4724848cSchristos memcpy(t->data, data, dlen);
353*4724848cSchristos t->dlen = dlen;
354*4724848cSchristos
355*4724848cSchristos /* Validate and cache full certificate or public key */
356*4724848cSchristos if (mtype == DANETLS_MATCHING_FULL) {
357*4724848cSchristos const unsigned char *p = data;
358*4724848cSchristos X509 *cert = NULL;
359*4724848cSchristos EVP_PKEY *pkey = NULL;
360*4724848cSchristos
361*4724848cSchristos switch (selector) {
362*4724848cSchristos case DANETLS_SELECTOR_CERT:
363*4724848cSchristos if (!d2i_X509(&cert, &p, ilen) || p < data ||
364*4724848cSchristos dlen != (size_t)(p - data)) {
365*4724848cSchristos tlsa_free(t);
366*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
367*4724848cSchristos return 0;
368*4724848cSchristos }
369*4724848cSchristos if (X509_get0_pubkey(cert) == NULL) {
370*4724848cSchristos tlsa_free(t);
371*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
372*4724848cSchristos return 0;
373*4724848cSchristos }
374*4724848cSchristos
375*4724848cSchristos if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
376*4724848cSchristos X509_free(cert);
377*4724848cSchristos break;
378*4724848cSchristos }
379*4724848cSchristos
380*4724848cSchristos /*
381*4724848cSchristos * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
382*4724848cSchristos * records that contain full certificates of trust-anchors that are
383*4724848cSchristos * not present in the wire chain. For usage PKIX-TA(0), we augment
384*4724848cSchristos * the chain with untrusted Full(0) certificates from DNS, in case
385*4724848cSchristos * they are missing from the chain.
386*4724848cSchristos */
387*4724848cSchristos if ((dane->certs == NULL &&
388*4724848cSchristos (dane->certs = sk_X509_new_null()) == NULL) ||
389*4724848cSchristos !sk_X509_push(dane->certs, cert)) {
390*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
391*4724848cSchristos X509_free(cert);
392*4724848cSchristos tlsa_free(t);
393*4724848cSchristos return -1;
394*4724848cSchristos }
395*4724848cSchristos break;
396*4724848cSchristos
397*4724848cSchristos case DANETLS_SELECTOR_SPKI:
398*4724848cSchristos if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
399*4724848cSchristos dlen != (size_t)(p - data)) {
400*4724848cSchristos tlsa_free(t);
401*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
402*4724848cSchristos return 0;
403*4724848cSchristos }
404*4724848cSchristos
405*4724848cSchristos /*
406*4724848cSchristos * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
407*4724848cSchristos * records that contain full bare keys of trust-anchors that are
408*4724848cSchristos * not present in the wire chain.
409*4724848cSchristos */
410*4724848cSchristos if (usage == DANETLS_USAGE_DANE_TA)
411*4724848cSchristos t->spki = pkey;
412*4724848cSchristos else
413*4724848cSchristos EVP_PKEY_free(pkey);
414*4724848cSchristos break;
415*4724848cSchristos }
416*4724848cSchristos }
417*4724848cSchristos
418*4724848cSchristos /*-
419*4724848cSchristos * Find the right insertion point for the new record.
420*4724848cSchristos *
421*4724848cSchristos * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that
422*4724848cSchristos * they can be processed first, as they require no chain building, and no
423*4724848cSchristos * expiration or hostname checks. Because DANE-EE(3) is numerically
424*4724848cSchristos * largest, this is accomplished via descending sort by "usage".
425*4724848cSchristos *
426*4724848cSchristos * We also sort in descending order by matching ordinal to simplify
427*4724848cSchristos * the implementation of digest agility in the verification code.
428*4724848cSchristos *
429*4724848cSchristos * The choice of order for the selector is not significant, so we
430*4724848cSchristos * use the same descending order for consistency.
431*4724848cSchristos */
432*4724848cSchristos num = sk_danetls_record_num(dane->trecs);
433*4724848cSchristos for (i = 0; i < num; ++i) {
434*4724848cSchristos danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
435*4724848cSchristos
436*4724848cSchristos if (rec->usage > usage)
437*4724848cSchristos continue;
438*4724848cSchristos if (rec->usage < usage)
439*4724848cSchristos break;
440*4724848cSchristos if (rec->selector > selector)
441*4724848cSchristos continue;
442*4724848cSchristos if (rec->selector < selector)
443*4724848cSchristos break;
444*4724848cSchristos if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
445*4724848cSchristos continue;
446*4724848cSchristos break;
447*4724848cSchristos }
448*4724848cSchristos
449*4724848cSchristos if (!sk_danetls_record_insert(dane->trecs, t, i)) {
450*4724848cSchristos tlsa_free(t);
451*4724848cSchristos SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
452*4724848cSchristos return -1;
453*4724848cSchristos }
454*4724848cSchristos dane->umask |= DANETLS_USAGE_BIT(usage);
455*4724848cSchristos
456*4724848cSchristos return 1;
457*4724848cSchristos }
458*4724848cSchristos
459*4724848cSchristos /*
460*4724848cSchristos * Return 0 if there is only one version configured and it was disabled
461*4724848cSchristos * at configure time. Return 1 otherwise.
462*4724848cSchristos */
ssl_check_allowed_versions(int min_version,int max_version)463*4724848cSchristos static int ssl_check_allowed_versions(int min_version, int max_version)
464*4724848cSchristos {
465*4724848cSchristos int minisdtls = 0, maxisdtls = 0;
466*4724848cSchristos
467*4724848cSchristos /* Figure out if we're doing DTLS versions or TLS versions */
468*4724848cSchristos if (min_version == DTLS1_BAD_VER
469*4724848cSchristos || min_version >> 8 == DTLS1_VERSION_MAJOR)
470*4724848cSchristos minisdtls = 1;
471*4724848cSchristos if (max_version == DTLS1_BAD_VER
472*4724848cSchristos || max_version >> 8 == DTLS1_VERSION_MAJOR)
473*4724848cSchristos maxisdtls = 1;
474*4724848cSchristos /* A wildcard version of 0 could be DTLS or TLS. */
475*4724848cSchristos if ((minisdtls && !maxisdtls && max_version != 0)
476*4724848cSchristos || (maxisdtls && !minisdtls && min_version != 0)) {
477*4724848cSchristos /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
478*4724848cSchristos return 0;
479*4724848cSchristos }
480*4724848cSchristos
481*4724848cSchristos if (minisdtls || maxisdtls) {
482*4724848cSchristos /* Do DTLS version checks. */
483*4724848cSchristos if (min_version == 0)
484*4724848cSchristos /* Ignore DTLS1_BAD_VER */
485*4724848cSchristos min_version = DTLS1_VERSION;
486*4724848cSchristos if (max_version == 0)
487*4724848cSchristos max_version = DTLS1_2_VERSION;
488*4724848cSchristos #ifdef OPENSSL_NO_DTLS1_2
489*4724848cSchristos if (max_version == DTLS1_2_VERSION)
490*4724848cSchristos max_version = DTLS1_VERSION;
491*4724848cSchristos #endif
492*4724848cSchristos #ifdef OPENSSL_NO_DTLS1
493*4724848cSchristos if (min_version == DTLS1_VERSION)
494*4724848cSchristos min_version = DTLS1_2_VERSION;
495*4724848cSchristos #endif
496*4724848cSchristos /* Done massaging versions; do the check. */
497*4724848cSchristos if (0
498*4724848cSchristos #ifdef OPENSSL_NO_DTLS1
499*4724848cSchristos || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
500*4724848cSchristos && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
501*4724848cSchristos #endif
502*4724848cSchristos #ifdef OPENSSL_NO_DTLS1_2
503*4724848cSchristos || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
504*4724848cSchristos && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
505*4724848cSchristos #endif
506*4724848cSchristos )
507*4724848cSchristos return 0;
508*4724848cSchristos } else {
509*4724848cSchristos /* Regular TLS version checks. */
510*4724848cSchristos if (min_version == 0)
511*4724848cSchristos min_version = SSL3_VERSION;
512*4724848cSchristos if (max_version == 0)
513*4724848cSchristos max_version = TLS1_3_VERSION;
514*4724848cSchristos #ifdef OPENSSL_NO_TLS1_3
515*4724848cSchristos if (max_version == TLS1_3_VERSION)
516*4724848cSchristos max_version = TLS1_2_VERSION;
517*4724848cSchristos #endif
518*4724848cSchristos #ifdef OPENSSL_NO_TLS1_2
519*4724848cSchristos if (max_version == TLS1_2_VERSION)
520*4724848cSchristos max_version = TLS1_1_VERSION;
521*4724848cSchristos #endif
522*4724848cSchristos #ifdef OPENSSL_NO_TLS1_1
523*4724848cSchristos if (max_version == TLS1_1_VERSION)
524*4724848cSchristos max_version = TLS1_VERSION;
525*4724848cSchristos #endif
526*4724848cSchristos #ifdef OPENSSL_NO_TLS1
527*4724848cSchristos if (max_version == TLS1_VERSION)
528*4724848cSchristos max_version = SSL3_VERSION;
529*4724848cSchristos #endif
530*4724848cSchristos #ifdef OPENSSL_NO_SSL3
531*4724848cSchristos if (min_version == SSL3_VERSION)
532*4724848cSchristos min_version = TLS1_VERSION;
533*4724848cSchristos #endif
534*4724848cSchristos #ifdef OPENSSL_NO_TLS1
535*4724848cSchristos if (min_version == TLS1_VERSION)
536*4724848cSchristos min_version = TLS1_1_VERSION;
537*4724848cSchristos #endif
538*4724848cSchristos #ifdef OPENSSL_NO_TLS1_1
539*4724848cSchristos if (min_version == TLS1_1_VERSION)
540*4724848cSchristos min_version = TLS1_2_VERSION;
541*4724848cSchristos #endif
542*4724848cSchristos #ifdef OPENSSL_NO_TLS1_2
543*4724848cSchristos if (min_version == TLS1_2_VERSION)
544*4724848cSchristos min_version = TLS1_3_VERSION;
545*4724848cSchristos #endif
546*4724848cSchristos /* Done massaging versions; do the check. */
547*4724848cSchristos if (0
548*4724848cSchristos #ifdef OPENSSL_NO_SSL3
549*4724848cSchristos || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
550*4724848cSchristos #endif
551*4724848cSchristos #ifdef OPENSSL_NO_TLS1
552*4724848cSchristos || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
553*4724848cSchristos #endif
554*4724848cSchristos #ifdef OPENSSL_NO_TLS1_1
555*4724848cSchristos || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
556*4724848cSchristos #endif
557*4724848cSchristos #ifdef OPENSSL_NO_TLS1_2
558*4724848cSchristos || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
559*4724848cSchristos #endif
560*4724848cSchristos #ifdef OPENSSL_NO_TLS1_3
561*4724848cSchristos || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
562*4724848cSchristos #endif
563*4724848cSchristos )
564*4724848cSchristos return 0;
565*4724848cSchristos }
566*4724848cSchristos return 1;
567*4724848cSchristos }
568*4724848cSchristos
clear_ciphers(SSL * s)569*4724848cSchristos static void clear_ciphers(SSL *s)
570*4724848cSchristos {
571*4724848cSchristos /* clear the current cipher */
572*4724848cSchristos ssl_clear_cipher_ctx(s);
573*4724848cSchristos ssl_clear_hash_ctx(&s->read_hash);
574*4724848cSchristos ssl_clear_hash_ctx(&s->write_hash);
575*4724848cSchristos }
576*4724848cSchristos
SSL_clear(SSL * s)577c9496f6bSchristos int SSL_clear(SSL *s)
578c9496f6bSchristos {
579c9496f6bSchristos if (s->method == NULL) {
580c9496f6bSchristos SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
581*4724848cSchristos return 0;
582c9496f6bSchristos }
583c9496f6bSchristos
584c9496f6bSchristos if (ssl_clear_bad_session(s)) {
585c9496f6bSchristos SSL_SESSION_free(s->session);
586c9496f6bSchristos s->session = NULL;
587c9496f6bSchristos }
588*4724848cSchristos SSL_SESSION_free(s->psksession);
589*4724848cSchristos s->psksession = NULL;
590*4724848cSchristos OPENSSL_free(s->psksession_id);
591*4724848cSchristos s->psksession_id = NULL;
592*4724848cSchristos s->psksession_id_len = 0;
593*4724848cSchristos s->hello_retry_request = 0;
594*4724848cSchristos s->sent_tickets = 0;
595c9496f6bSchristos
596c9496f6bSchristos s->error = 0;
597c9496f6bSchristos s->hit = 0;
598c9496f6bSchristos s->shutdown = 0;
599c9496f6bSchristos
600c9496f6bSchristos if (s->renegotiate) {
601c9496f6bSchristos SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
602c9496f6bSchristos return 0;
603c9496f6bSchristos }
604c9496f6bSchristos
605*4724848cSchristos ossl_statem_clear(s);
606c9496f6bSchristos
607c9496f6bSchristos s->version = s->method->version;
608c9496f6bSchristos s->client_version = s->version;
609c9496f6bSchristos s->rwstate = SSL_NOTHING;
610c9496f6bSchristos
611c9496f6bSchristos BUF_MEM_free(s->init_buf);
612c9496f6bSchristos s->init_buf = NULL;
613*4724848cSchristos clear_ciphers(s);
614c9496f6bSchristos s->first_packet = 0;
615*4724848cSchristos
616*4724848cSchristos s->key_update = SSL_KEY_UPDATE_NONE;
617*4724848cSchristos
618*4724848cSchristos EVP_MD_CTX_free(s->pha_dgst);
619*4724848cSchristos s->pha_dgst = NULL;
620*4724848cSchristos
621*4724848cSchristos /* Reset DANE verification result state */
622*4724848cSchristos s->dane.mdpth = -1;
623*4724848cSchristos s->dane.pdpth = -1;
624*4724848cSchristos X509_free(s->dane.mcert);
625*4724848cSchristos s->dane.mcert = NULL;
626*4724848cSchristos s->dane.mtlsa = NULL;
627*4724848cSchristos
628*4724848cSchristos /* Clear the verification result peername */
629*4724848cSchristos X509_VERIFY_PARAM_move_peername(s->param, NULL);
630*4724848cSchristos
631*4724848cSchristos /* Clear any shared connection state */
632*4724848cSchristos OPENSSL_free(s->shared_sigalgs);
633*4724848cSchristos s->shared_sigalgs = NULL;
634*4724848cSchristos s->shared_sigalgslen = 0;
635*4724848cSchristos
636c9496f6bSchristos /*
637c9496f6bSchristos * Check to see if we were changed into a different method, if so, revert
638*4724848cSchristos * back.
639c9496f6bSchristos */
640*4724848cSchristos if (s->method != s->ctx->method) {
641c9496f6bSchristos s->method->ssl_free(s);
642c9496f6bSchristos s->method = s->ctx->method;
643c9496f6bSchristos if (!s->method->ssl_new(s))
644*4724848cSchristos return 0;
645*4724848cSchristos } else {
646*4724848cSchristos if (!s->method->ssl_clear(s))
647*4724848cSchristos return 0;
648*4724848cSchristos }
649*4724848cSchristos
650*4724848cSchristos RECORD_LAYER_clear(&s->rlayer);
651*4724848cSchristos
652*4724848cSchristos return 1;
653c9496f6bSchristos }
654c9496f6bSchristos
655c9496f6bSchristos /** Used to change an SSL_CTXs default SSL method type */
SSL_CTX_set_ssl_version(SSL_CTX * ctx,const SSL_METHOD * meth)656c9496f6bSchristos int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
657c9496f6bSchristos {
658c9496f6bSchristos STACK_OF(SSL_CIPHER) *sk;
659c9496f6bSchristos
660c9496f6bSchristos ctx->method = meth;
661c9496f6bSchristos
662*4724848cSchristos if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) {
663*4724848cSchristos SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
664*4724848cSchristos return 0;
665*4724848cSchristos }
666*4724848cSchristos sk = ssl_create_cipher_list(ctx->method,
667*4724848cSchristos ctx->tls13_ciphersuites,
668*4724848cSchristos &(ctx->cipher_list),
669c9496f6bSchristos &(ctx->cipher_list_by_id),
670c9496f6bSchristos SSL_DEFAULT_CIPHER_LIST, ctx->cert);
671c9496f6bSchristos if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
672*4724848cSchristos SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
673*4724848cSchristos return 0;
674c9496f6bSchristos }
675*4724848cSchristos return 1;
676c9496f6bSchristos }
677c9496f6bSchristos
SSL_new(SSL_CTX * ctx)678c9496f6bSchristos SSL *SSL_new(SSL_CTX *ctx)
679c9496f6bSchristos {
680c9496f6bSchristos SSL *s;
681c9496f6bSchristos
682c9496f6bSchristos if (ctx == NULL) {
683c9496f6bSchristos SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
684*4724848cSchristos return NULL;
685c9496f6bSchristos }
686c9496f6bSchristos if (ctx->method == NULL) {
687c9496f6bSchristos SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
688*4724848cSchristos return NULL;
689c9496f6bSchristos }
690c9496f6bSchristos
691*4724848cSchristos s = OPENSSL_zalloc(sizeof(*s));
692c9496f6bSchristos if (s == NULL)
693c9496f6bSchristos goto err;
694c9496f6bSchristos
695*4724848cSchristos s->references = 1;
696*4724848cSchristos s->lock = CRYPTO_THREAD_lock_new();
697*4724848cSchristos if (s->lock == NULL) {
698*4724848cSchristos OPENSSL_free(s);
699*4724848cSchristos s = NULL;
700*4724848cSchristos goto err;
701*4724848cSchristos }
702*4724848cSchristos
703*4724848cSchristos RECORD_LAYER_init(&s->rlayer, s);
704c9496f6bSchristos
705c9496f6bSchristos s->options = ctx->options;
706*4724848cSchristos s->dane.flags = ctx->dane.flags;
707*4724848cSchristos s->min_proto_version = ctx->min_proto_version;
708*4724848cSchristos s->max_proto_version = ctx->max_proto_version;
709c9496f6bSchristos s->mode = ctx->mode;
710c9496f6bSchristos s->max_cert_list = ctx->max_cert_list;
711*4724848cSchristos s->max_early_data = ctx->max_early_data;
712*4724848cSchristos s->recv_max_early_data = ctx->recv_max_early_data;
713*4724848cSchristos s->num_tickets = ctx->num_tickets;
714*4724848cSchristos s->pha_enabled = ctx->pha_enabled;
715c9496f6bSchristos
716*4724848cSchristos /* Shallow copy of the ciphersuites stack */
717*4724848cSchristos s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
718*4724848cSchristos if (s->tls13_ciphersuites == NULL)
719*4724848cSchristos goto err;
720*4724848cSchristos
721c9496f6bSchristos /*
722c9496f6bSchristos * Earlier library versions used to copy the pointer to the CERT, not
723c9496f6bSchristos * its contents; only when setting new parameters for the per-SSL
724c9496f6bSchristos * copy, ssl_cert_new would be called (and the direct reference to
725c9496f6bSchristos * the per-SSL_CTX settings would be lost, but those still were
726c9496f6bSchristos * indirectly accessed for various purposes, and for that reason they
727c9496f6bSchristos * used to be known as s->ctx->default_cert). Now we don't look at the
728c9496f6bSchristos * SSL_CTX's CERT after having duplicated it once.
729c9496f6bSchristos */
730c9496f6bSchristos s->cert = ssl_cert_dup(ctx->cert);
731c9496f6bSchristos if (s->cert == NULL)
732c9496f6bSchristos goto err;
733c9496f6bSchristos
734*4724848cSchristos RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
735c9496f6bSchristos s->msg_callback = ctx->msg_callback;
736c9496f6bSchristos s->msg_callback_arg = ctx->msg_callback_arg;
737c9496f6bSchristos s->verify_mode = ctx->verify_mode;
738*4724848cSchristos s->not_resumable_session_cb = ctx->not_resumable_session_cb;
739*4724848cSchristos s->record_padding_cb = ctx->record_padding_cb;
740*4724848cSchristos s->record_padding_arg = ctx->record_padding_arg;
741*4724848cSchristos s->block_padding = ctx->block_padding;
742c9496f6bSchristos s->sid_ctx_length = ctx->sid_ctx_length;
743*4724848cSchristos if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
744*4724848cSchristos goto err;
745c9496f6bSchristos memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
746c9496f6bSchristos s->verify_callback = ctx->default_verify_callback;
747c9496f6bSchristos s->generate_session_id = ctx->generate_session_id;
748c9496f6bSchristos
749c9496f6bSchristos s->param = X509_VERIFY_PARAM_new();
750*4724848cSchristos if (s->param == NULL)
751c9496f6bSchristos goto err;
752c9496f6bSchristos X509_VERIFY_PARAM_inherit(s->param, ctx->param);
753c9496f6bSchristos s->quiet_shutdown = ctx->quiet_shutdown;
754c9496f6bSchristos
755*4724848cSchristos s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
756*4724848cSchristos s->max_send_fragment = ctx->max_send_fragment;
757*4724848cSchristos s->split_send_fragment = ctx->split_send_fragment;
758*4724848cSchristos s->max_pipelines = ctx->max_pipelines;
759*4724848cSchristos if (s->max_pipelines > 1)
760*4724848cSchristos RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
761*4724848cSchristos if (ctx->default_read_buf_len > 0)
762*4724848cSchristos SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
763*4724848cSchristos
764*4724848cSchristos SSL_CTX_up_ref(ctx);
765c9496f6bSchristos s->ctx = ctx;
766*4724848cSchristos s->ext.debug_cb = 0;
767*4724848cSchristos s->ext.debug_arg = NULL;
768*4724848cSchristos s->ext.ticket_expected = 0;
769*4724848cSchristos s->ext.status_type = ctx->ext.status_type;
770*4724848cSchristos s->ext.status_expected = 0;
771*4724848cSchristos s->ext.ocsp.ids = NULL;
772*4724848cSchristos s->ext.ocsp.exts = NULL;
773*4724848cSchristos s->ext.ocsp.resp = NULL;
774*4724848cSchristos s->ext.ocsp.resp_len = 0;
775*4724848cSchristos SSL_CTX_up_ref(ctx);
776*4724848cSchristos s->session_ctx = ctx;
777c9496f6bSchristos #ifndef OPENSSL_NO_EC
778*4724848cSchristos if (ctx->ext.ecpointformats) {
779*4724848cSchristos s->ext.ecpointformats =
780*4724848cSchristos OPENSSL_memdup(ctx->ext.ecpointformats,
781*4724848cSchristos ctx->ext.ecpointformats_len);
782*4724848cSchristos if (!s->ext.ecpointformats) {
783*4724848cSchristos s->ext.ecpointformats_len = 0;
784c9496f6bSchristos goto err;
785c9496f6bSchristos }
786*4724848cSchristos s->ext.ecpointformats_len =
787*4724848cSchristos ctx->ext.ecpointformats_len;
788*4724848cSchristos }
789*4724848cSchristos if (ctx->ext.supportedgroups) {
790*4724848cSchristos s->ext.supportedgroups =
791*4724848cSchristos OPENSSL_memdup(ctx->ext.supportedgroups,
792*4724848cSchristos ctx->ext.supportedgroups_len
793*4724848cSchristos * sizeof(*ctx->ext.supportedgroups));
794*4724848cSchristos if (!s->ext.supportedgroups) {
795*4724848cSchristos s->ext.supportedgroups_len = 0;
796c9496f6bSchristos goto err;
797*4724848cSchristos }
798*4724848cSchristos s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
799c9496f6bSchristos }
800c9496f6bSchristos #endif
801c9496f6bSchristos #ifndef OPENSSL_NO_NEXTPROTONEG
802*4724848cSchristos s->ext.npn = NULL;
803c9496f6bSchristos #endif
804c9496f6bSchristos
805*4724848cSchristos if (s->ctx->ext.alpn) {
806*4724848cSchristos s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
807*4724848cSchristos if (s->ext.alpn == NULL) {
808*4724848cSchristos s->ext.alpn_len = 0;
809c9496f6bSchristos goto err;
810c9496f6bSchristos }
811*4724848cSchristos memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
812*4724848cSchristos s->ext.alpn_len = s->ctx->ext.alpn_len;
813*4724848cSchristos }
814c9496f6bSchristos
815*4724848cSchristos s->verified_chain = NULL;
816c9496f6bSchristos s->verify_result = X509_V_OK;
817c9496f6bSchristos
818*4724848cSchristos s->default_passwd_callback = ctx->default_passwd_callback;
819*4724848cSchristos s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
820*4724848cSchristos
821c9496f6bSchristos s->method = ctx->method;
822c9496f6bSchristos
823*4724848cSchristos s->key_update = SSL_KEY_UPDATE_NONE;
824*4724848cSchristos
825*4724848cSchristos s->allow_early_data_cb = ctx->allow_early_data_cb;
826*4724848cSchristos s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
827*4724848cSchristos
828c9496f6bSchristos if (!s->method->ssl_new(s))
829c9496f6bSchristos goto err;
830c9496f6bSchristos
831c9496f6bSchristos s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
832c9496f6bSchristos
833*4724848cSchristos if (!SSL_clear(s))
834*4724848cSchristos goto err;
835c9496f6bSchristos
836*4724848cSchristos if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
837*4724848cSchristos goto err;
838c9496f6bSchristos
839c9496f6bSchristos #ifndef OPENSSL_NO_PSK
840c9496f6bSchristos s->psk_client_callback = ctx->psk_client_callback;
841c9496f6bSchristos s->psk_server_callback = ctx->psk_server_callback;
842c9496f6bSchristos #endif
843*4724848cSchristos s->psk_find_session_cb = ctx->psk_find_session_cb;
844*4724848cSchristos s->psk_use_session_cb = ctx->psk_use_session_cb;
845c9496f6bSchristos
846*4724848cSchristos s->job = NULL;
847*4724848cSchristos
848*4724848cSchristos #ifndef OPENSSL_NO_CT
849*4724848cSchristos if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
850*4724848cSchristos ctx->ct_validation_callback_arg))
851*4724848cSchristos goto err;
852*4724848cSchristos #endif
853*4724848cSchristos
854*4724848cSchristos return s;
855c9496f6bSchristos err:
856c9496f6bSchristos SSL_free(s);
857c9496f6bSchristos SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
858*4724848cSchristos return NULL;
859*4724848cSchristos }
860*4724848cSchristos
SSL_is_dtls(const SSL * s)861*4724848cSchristos int SSL_is_dtls(const SSL *s)
862*4724848cSchristos {
863*4724848cSchristos return SSL_IS_DTLS(s) ? 1 : 0;
864*4724848cSchristos }
865*4724848cSchristos
SSL_up_ref(SSL * s)866*4724848cSchristos int SSL_up_ref(SSL *s)
867*4724848cSchristos {
868*4724848cSchristos int i;
869*4724848cSchristos
870*4724848cSchristos if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)
871*4724848cSchristos return 0;
872*4724848cSchristos
873*4724848cSchristos REF_PRINT_COUNT("SSL", s);
874*4724848cSchristos REF_ASSERT_ISNT(i < 2);
875*4724848cSchristos return ((i > 1) ? 1 : 0);
876c9496f6bSchristos }
877c9496f6bSchristos
SSL_CTX_set_session_id_context(SSL_CTX * ctx,const unsigned char * sid_ctx,unsigned int sid_ctx_len)878c9496f6bSchristos int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
879c9496f6bSchristos unsigned int sid_ctx_len)
880c9496f6bSchristos {
881*4724848cSchristos if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
882c9496f6bSchristos SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
883c9496f6bSchristos SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
884c9496f6bSchristos return 0;
885c9496f6bSchristos }
886c9496f6bSchristos ctx->sid_ctx_length = sid_ctx_len;
887c9496f6bSchristos memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
888c9496f6bSchristos
889c9496f6bSchristos return 1;
890c9496f6bSchristos }
891c9496f6bSchristos
SSL_set_session_id_context(SSL * ssl,const unsigned char * sid_ctx,unsigned int sid_ctx_len)892c9496f6bSchristos int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
893c9496f6bSchristos unsigned int sid_ctx_len)
894c9496f6bSchristos {
895c9496f6bSchristos if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
896c9496f6bSchristos SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
897c9496f6bSchristos SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
898c9496f6bSchristos return 0;
899c9496f6bSchristos }
900c9496f6bSchristos ssl->sid_ctx_length = sid_ctx_len;
901c9496f6bSchristos memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
902c9496f6bSchristos
903c9496f6bSchristos return 1;
904c9496f6bSchristos }
905c9496f6bSchristos
SSL_CTX_set_generate_session_id(SSL_CTX * ctx,GEN_SESSION_CB cb)906c9496f6bSchristos int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
907c9496f6bSchristos {
908*4724848cSchristos CRYPTO_THREAD_write_lock(ctx->lock);
909c9496f6bSchristos ctx->generate_session_id = cb;
910*4724848cSchristos CRYPTO_THREAD_unlock(ctx->lock);
911c9496f6bSchristos return 1;
912c9496f6bSchristos }
913c9496f6bSchristos
SSL_set_generate_session_id(SSL * ssl,GEN_SESSION_CB cb)914c9496f6bSchristos int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
915c9496f6bSchristos {
916*4724848cSchristos CRYPTO_THREAD_write_lock(ssl->lock);
917c9496f6bSchristos ssl->generate_session_id = cb;
918*4724848cSchristos CRYPTO_THREAD_unlock(ssl->lock);
919c9496f6bSchristos return 1;
920c9496f6bSchristos }
921c9496f6bSchristos
SSL_has_matching_session_id(const SSL * ssl,const unsigned char * id,unsigned int id_len)922c9496f6bSchristos int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
923c9496f6bSchristos unsigned int id_len)
924c9496f6bSchristos {
925c9496f6bSchristos /*
926c9496f6bSchristos * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
927*4724848cSchristos * we can "construct" a session to give us the desired check - i.e. to
928c9496f6bSchristos * find if there's a session in the hash table that would conflict with
929c9496f6bSchristos * any new session built out of this id/id_len and the ssl_version in use
930c9496f6bSchristos * by this SSL.
931c9496f6bSchristos */
932c9496f6bSchristos SSL_SESSION r, *p;
933c9496f6bSchristos
934*4724848cSchristos if (id_len > sizeof(r.session_id))
935c9496f6bSchristos return 0;
936c9496f6bSchristos
937c9496f6bSchristos r.ssl_version = ssl->version;
938c9496f6bSchristos r.session_id_length = id_len;
939c9496f6bSchristos memcpy(r.session_id, id, id_len);
940c9496f6bSchristos
941*4724848cSchristos CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
942*4724848cSchristos p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
943*4724848cSchristos CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
944c9496f6bSchristos return (p != NULL);
945c9496f6bSchristos }
946c9496f6bSchristos
SSL_CTX_set_purpose(SSL_CTX * s,int purpose)947c9496f6bSchristos int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
948c9496f6bSchristos {
949c9496f6bSchristos return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
950c9496f6bSchristos }
951c9496f6bSchristos
SSL_set_purpose(SSL * s,int purpose)952c9496f6bSchristos int SSL_set_purpose(SSL *s, int purpose)
953c9496f6bSchristos {
954c9496f6bSchristos return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
955c9496f6bSchristos }
956c9496f6bSchristos
SSL_CTX_set_trust(SSL_CTX * s,int trust)957c9496f6bSchristos int SSL_CTX_set_trust(SSL_CTX *s, int trust)
958c9496f6bSchristos {
959c9496f6bSchristos return X509_VERIFY_PARAM_set_trust(s->param, trust);
960c9496f6bSchristos }
961c9496f6bSchristos
SSL_set_trust(SSL * s,int trust)962c9496f6bSchristos int SSL_set_trust(SSL *s, int trust)
963c9496f6bSchristos {
964c9496f6bSchristos return X509_VERIFY_PARAM_set_trust(s->param, trust);
965c9496f6bSchristos }
966c9496f6bSchristos
SSL_set1_host(SSL * s,const char * hostname)967*4724848cSchristos int SSL_set1_host(SSL *s, const char *hostname)
968*4724848cSchristos {
969*4724848cSchristos return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
970*4724848cSchristos }
971*4724848cSchristos
SSL_add1_host(SSL * s,const char * hostname)972*4724848cSchristos int SSL_add1_host(SSL *s, const char *hostname)
973*4724848cSchristos {
974*4724848cSchristos return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
975*4724848cSchristos }
976*4724848cSchristos
SSL_set_hostflags(SSL * s,unsigned int flags)977*4724848cSchristos void SSL_set_hostflags(SSL *s, unsigned int flags)
978*4724848cSchristos {
979*4724848cSchristos X509_VERIFY_PARAM_set_hostflags(s->param, flags);
980*4724848cSchristos }
981*4724848cSchristos
SSL_get0_peername(SSL * s)982*4724848cSchristos const char *SSL_get0_peername(SSL *s)
983*4724848cSchristos {
984*4724848cSchristos return X509_VERIFY_PARAM_get0_peername(s->param);
985*4724848cSchristos }
986*4724848cSchristos
SSL_CTX_dane_enable(SSL_CTX * ctx)987*4724848cSchristos int SSL_CTX_dane_enable(SSL_CTX *ctx)
988*4724848cSchristos {
989*4724848cSchristos return dane_ctx_enable(&ctx->dane);
990*4724848cSchristos }
991*4724848cSchristos
SSL_CTX_dane_set_flags(SSL_CTX * ctx,unsigned long flags)992*4724848cSchristos unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
993*4724848cSchristos {
994*4724848cSchristos unsigned long orig = ctx->dane.flags;
995*4724848cSchristos
996*4724848cSchristos ctx->dane.flags |= flags;
997*4724848cSchristos return orig;
998*4724848cSchristos }
999*4724848cSchristos
SSL_CTX_dane_clear_flags(SSL_CTX * ctx,unsigned long flags)1000*4724848cSchristos unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
1001*4724848cSchristos {
1002*4724848cSchristos unsigned long orig = ctx->dane.flags;
1003*4724848cSchristos
1004*4724848cSchristos ctx->dane.flags &= ~flags;
1005*4724848cSchristos return orig;
1006*4724848cSchristos }
1007*4724848cSchristos
SSL_dane_enable(SSL * s,const char * basedomain)1008*4724848cSchristos int SSL_dane_enable(SSL *s, const char *basedomain)
1009*4724848cSchristos {
1010*4724848cSchristos SSL_DANE *dane = &s->dane;
1011*4724848cSchristos
1012*4724848cSchristos if (s->ctx->dane.mdmax == 0) {
1013*4724848cSchristos SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
1014*4724848cSchristos return 0;
1015*4724848cSchristos }
1016*4724848cSchristos if (dane->trecs != NULL) {
1017*4724848cSchristos SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);
1018*4724848cSchristos return 0;
1019*4724848cSchristos }
1020*4724848cSchristos
1021*4724848cSchristos /*
1022*4724848cSchristos * Default SNI name. This rejects empty names, while set1_host below
1023*4724848cSchristos * accepts them and disables host name checks. To avoid side-effects with
1024*4724848cSchristos * invalid input, set the SNI name first.
1025*4724848cSchristos */
1026*4724848cSchristos if (s->ext.hostname == NULL) {
1027*4724848cSchristos if (!SSL_set_tlsext_host_name(s, basedomain)) {
1028*4724848cSchristos SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
1029*4724848cSchristos return -1;
1030*4724848cSchristos }
1031*4724848cSchristos }
1032*4724848cSchristos
1033*4724848cSchristos /* Primary RFC6125 reference identifier */
1034*4724848cSchristos if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
1035*4724848cSchristos SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
1036*4724848cSchristos return -1;
1037*4724848cSchristos }
1038*4724848cSchristos
1039*4724848cSchristos dane->mdpth = -1;
1040*4724848cSchristos dane->pdpth = -1;
1041*4724848cSchristos dane->dctx = &s->ctx->dane;
1042*4724848cSchristos dane->trecs = sk_danetls_record_new_null();
1043*4724848cSchristos
1044*4724848cSchristos if (dane->trecs == NULL) {
1045*4724848cSchristos SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);
1046*4724848cSchristos return -1;
1047*4724848cSchristos }
1048*4724848cSchristos return 1;
1049*4724848cSchristos }
1050*4724848cSchristos
SSL_dane_set_flags(SSL * ssl,unsigned long flags)1051*4724848cSchristos unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
1052*4724848cSchristos {
1053*4724848cSchristos unsigned long orig = ssl->dane.flags;
1054*4724848cSchristos
1055*4724848cSchristos ssl->dane.flags |= flags;
1056*4724848cSchristos return orig;
1057*4724848cSchristos }
1058*4724848cSchristos
SSL_dane_clear_flags(SSL * ssl,unsigned long flags)1059*4724848cSchristos unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
1060*4724848cSchristos {
1061*4724848cSchristos unsigned long orig = ssl->dane.flags;
1062*4724848cSchristos
1063*4724848cSchristos ssl->dane.flags &= ~flags;
1064*4724848cSchristos return orig;
1065*4724848cSchristos }
1066*4724848cSchristos
SSL_get0_dane_authority(SSL * s,X509 ** mcert,EVP_PKEY ** mspki)1067*4724848cSchristos int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
1068*4724848cSchristos {
1069*4724848cSchristos SSL_DANE *dane = &s->dane;
1070*4724848cSchristos
1071*4724848cSchristos if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
1072*4724848cSchristos return -1;
1073*4724848cSchristos if (dane->mtlsa) {
1074*4724848cSchristos if (mcert)
1075*4724848cSchristos *mcert = dane->mcert;
1076*4724848cSchristos if (mspki)
1077*4724848cSchristos *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
1078*4724848cSchristos }
1079*4724848cSchristos return dane->mdpth;
1080*4724848cSchristos }
1081*4724848cSchristos
SSL_get0_dane_tlsa(SSL * s,uint8_t * usage,uint8_t * selector,uint8_t * mtype,unsigned const char ** data,size_t * dlen)1082*4724848cSchristos int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
1083*4724848cSchristos uint8_t *mtype, unsigned const char **data, size_t *dlen)
1084*4724848cSchristos {
1085*4724848cSchristos SSL_DANE *dane = &s->dane;
1086*4724848cSchristos
1087*4724848cSchristos if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
1088*4724848cSchristos return -1;
1089*4724848cSchristos if (dane->mtlsa) {
1090*4724848cSchristos if (usage)
1091*4724848cSchristos *usage = dane->mtlsa->usage;
1092*4724848cSchristos if (selector)
1093*4724848cSchristos *selector = dane->mtlsa->selector;
1094*4724848cSchristos if (mtype)
1095*4724848cSchristos *mtype = dane->mtlsa->mtype;
1096*4724848cSchristos if (data)
1097*4724848cSchristos *data = dane->mtlsa->data;
1098*4724848cSchristos if (dlen)
1099*4724848cSchristos *dlen = dane->mtlsa->dlen;
1100*4724848cSchristos }
1101*4724848cSchristos return dane->mdpth;
1102*4724848cSchristos }
1103*4724848cSchristos
SSL_get0_dane(SSL * s)1104*4724848cSchristos SSL_DANE *SSL_get0_dane(SSL *s)
1105*4724848cSchristos {
1106*4724848cSchristos return &s->dane;
1107*4724848cSchristos }
1108*4724848cSchristos
SSL_dane_tlsa_add(SSL * s,uint8_t usage,uint8_t selector,uint8_t mtype,unsigned const char * data,size_t dlen)1109*4724848cSchristos int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
1110*4724848cSchristos uint8_t mtype, unsigned const char *data, size_t dlen)
1111*4724848cSchristos {
1112*4724848cSchristos return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
1113*4724848cSchristos }
1114*4724848cSchristos
SSL_CTX_dane_mtype_set(SSL_CTX * ctx,const EVP_MD * md,uint8_t mtype,uint8_t ord)1115*4724848cSchristos int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
1116*4724848cSchristos uint8_t ord)
1117*4724848cSchristos {
1118*4724848cSchristos return dane_mtype_set(&ctx->dane, md, mtype, ord);
1119*4724848cSchristos }
1120*4724848cSchristos
SSL_CTX_set1_param(SSL_CTX * ctx,X509_VERIFY_PARAM * vpm)1121c9496f6bSchristos int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
1122c9496f6bSchristos {
1123c9496f6bSchristos return X509_VERIFY_PARAM_set1(ctx->param, vpm);
1124c9496f6bSchristos }
1125c9496f6bSchristos
SSL_set1_param(SSL * ssl,X509_VERIFY_PARAM * vpm)1126c9496f6bSchristos int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
1127c9496f6bSchristos {
1128c9496f6bSchristos return X509_VERIFY_PARAM_set1(ssl->param, vpm);
1129c9496f6bSchristos }
1130c9496f6bSchristos
SSL_CTX_get0_param(SSL_CTX * ctx)1131c9496f6bSchristos X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
1132c9496f6bSchristos {
1133c9496f6bSchristos return ctx->param;
1134c9496f6bSchristos }
1135c9496f6bSchristos
SSL_get0_param(SSL * ssl)1136c9496f6bSchristos X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
1137c9496f6bSchristos {
1138c9496f6bSchristos return ssl->param;
1139c9496f6bSchristos }
1140c9496f6bSchristos
SSL_certs_clear(SSL * s)1141c9496f6bSchristos void SSL_certs_clear(SSL *s)
1142c9496f6bSchristos {
1143c9496f6bSchristos ssl_cert_clear_certs(s->cert);
1144c9496f6bSchristos }
1145c9496f6bSchristos
SSL_free(SSL * s)1146c9496f6bSchristos void SSL_free(SSL *s)
1147c9496f6bSchristos {
1148c9496f6bSchristos int i;
1149c9496f6bSchristos
1150c9496f6bSchristos if (s == NULL)
1151c9496f6bSchristos return;
1152*4724848cSchristos CRYPTO_DOWN_REF(&s->references, &i, s->lock);
1153*4724848cSchristos REF_PRINT_COUNT("SSL", s);
1154c9496f6bSchristos if (i > 0)
1155c9496f6bSchristos return;
1156*4724848cSchristos REF_ASSERT_ISNT(i < 0);
1157c9496f6bSchristos
1158c9496f6bSchristos X509_VERIFY_PARAM_free(s->param);
1159*4724848cSchristos dane_final(&s->dane);
1160c9496f6bSchristos CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
1161c9496f6bSchristos
1162*4724848cSchristos /* Ignore return value */
1163*4724848cSchristos ssl_free_wbio_buffer(s);
1164c9496f6bSchristos
1165*4724848cSchristos BIO_free_all(s->wbio);
1166*4724848cSchristos BIO_free_all(s->rbio);
1167*4724848cSchristos
1168c9496f6bSchristos BUF_MEM_free(s->init_buf);
1169c9496f6bSchristos
1170c9496f6bSchristos /* add extra stuff */
1171c9496f6bSchristos sk_SSL_CIPHER_free(s->cipher_list);
1172c9496f6bSchristos sk_SSL_CIPHER_free(s->cipher_list_by_id);
1173*4724848cSchristos sk_SSL_CIPHER_free(s->tls13_ciphersuites);
1174*4724848cSchristos sk_SSL_CIPHER_free(s->peer_ciphers);
1175c9496f6bSchristos
1176c9496f6bSchristos /* Make the next call work :-) */
1177c9496f6bSchristos if (s->session != NULL) {
1178c9496f6bSchristos ssl_clear_bad_session(s);
1179c9496f6bSchristos SSL_SESSION_free(s->session);
1180c9496f6bSchristos }
1181*4724848cSchristos SSL_SESSION_free(s->psksession);
1182*4724848cSchristos OPENSSL_free(s->psksession_id);
1183c9496f6bSchristos
1184*4724848cSchristos clear_ciphers(s);
1185c9496f6bSchristos
1186c9496f6bSchristos ssl_cert_free(s->cert);
1187*4724848cSchristos OPENSSL_free(s->shared_sigalgs);
1188c9496f6bSchristos /* Free up if allocated */
1189c9496f6bSchristos
1190*4724848cSchristos OPENSSL_free(s->ext.hostname);
1191*4724848cSchristos SSL_CTX_free(s->session_ctx);
1192c9496f6bSchristos #ifndef OPENSSL_NO_EC
1193*4724848cSchristos OPENSSL_free(s->ext.ecpointformats);
1194*4724848cSchristos OPENSSL_free(s->ext.peer_ecpointformats);
1195*4724848cSchristos OPENSSL_free(s->ext.supportedgroups);
1196*4724848cSchristos OPENSSL_free(s->ext.peer_supportedgroups);
1197c9496f6bSchristos #endif /* OPENSSL_NO_EC */
1198*4724848cSchristos sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
1199*4724848cSchristos #ifndef OPENSSL_NO_OCSP
1200*4724848cSchristos sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
1201c9496f6bSchristos #endif
1202*4724848cSchristos #ifndef OPENSSL_NO_CT
1203*4724848cSchristos SCT_LIST_free(s->scts);
1204*4724848cSchristos OPENSSL_free(s->ext.scts);
1205*4724848cSchristos #endif
1206*4724848cSchristos OPENSSL_free(s->ext.ocsp.resp);
1207*4724848cSchristos OPENSSL_free(s->ext.alpn);
1208*4724848cSchristos OPENSSL_free(s->ext.tls13_cookie);
1209*4724848cSchristos if (s->clienthello != NULL)
1210*4724848cSchristos OPENSSL_free(s->clienthello->pre_proc_exts);
1211*4724848cSchristos OPENSSL_free(s->clienthello);
1212*4724848cSchristos OPENSSL_free(s->pha_context);
1213*4724848cSchristos EVP_MD_CTX_free(s->pha_dgst);
1214c9496f6bSchristos
1215*4724848cSchristos sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
1216*4724848cSchristos sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
1217*4724848cSchristos
1218*4724848cSchristos sk_X509_pop_free(s->verified_chain, X509_free);
1219c9496f6bSchristos
1220c9496f6bSchristos if (s->method != NULL)
1221c9496f6bSchristos s->method->ssl_free(s);
1222c9496f6bSchristos
1223*4724848cSchristos RECORD_LAYER_release(&s->rlayer);
1224*4724848cSchristos
1225c9496f6bSchristos SSL_CTX_free(s->ctx);
1226c9496f6bSchristos
1227*4724848cSchristos ASYNC_WAIT_CTX_free(s->waitctx);
1228c9496f6bSchristos
1229*4724848cSchristos #if !defined(OPENSSL_NO_NEXTPROTONEG)
1230*4724848cSchristos OPENSSL_free(s->ext.npn);
1231c9496f6bSchristos #endif
1232c9496f6bSchristos
1233c9496f6bSchristos #ifndef OPENSSL_NO_SRTP
1234c9496f6bSchristos sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
1235c9496f6bSchristos #endif
1236c9496f6bSchristos
1237*4724848cSchristos CRYPTO_THREAD_lock_free(s->lock);
1238*4724848cSchristos
1239c9496f6bSchristos OPENSSL_free(s);
1240c9496f6bSchristos }
1241c9496f6bSchristos
SSL_set0_rbio(SSL * s,BIO * rbio)1242*4724848cSchristos void SSL_set0_rbio(SSL *s, BIO *rbio)
1243*4724848cSchristos {
1244*4724848cSchristos BIO_free_all(s->rbio);
1245*4724848cSchristos s->rbio = rbio;
1246*4724848cSchristos }
1247*4724848cSchristos
SSL_set0_wbio(SSL * s,BIO * wbio)1248*4724848cSchristos void SSL_set0_wbio(SSL *s, BIO *wbio)
1249*4724848cSchristos {
1250*4724848cSchristos /*
1251*4724848cSchristos * If the output buffering BIO is still in place, remove it
1252*4724848cSchristos */
1253*4724848cSchristos if (s->bbio != NULL)
1254*4724848cSchristos s->wbio = BIO_pop(s->wbio);
1255*4724848cSchristos
1256*4724848cSchristos BIO_free_all(s->wbio);
1257*4724848cSchristos s->wbio = wbio;
1258*4724848cSchristos
1259*4724848cSchristos /* Re-attach |bbio| to the new |wbio|. */
1260*4724848cSchristos if (s->bbio != NULL)
1261*4724848cSchristos s->wbio = BIO_push(s->bbio, s->wbio);
1262*4724848cSchristos }
1263*4724848cSchristos
SSL_set_bio(SSL * s,BIO * rbio,BIO * wbio)1264c9496f6bSchristos void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
1265c9496f6bSchristos {
1266c9496f6bSchristos /*
1267*4724848cSchristos * For historical reasons, this function has many different cases in
1268*4724848cSchristos * ownership handling.
1269c9496f6bSchristos */
1270*4724848cSchristos
1271*4724848cSchristos /* If nothing has changed, do nothing */
1272*4724848cSchristos if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
1273*4724848cSchristos return;
1274*4724848cSchristos
1275*4724848cSchristos /*
1276*4724848cSchristos * If the two arguments are equal then one fewer reference is granted by the
1277*4724848cSchristos * caller than we want to take
1278*4724848cSchristos */
1279*4724848cSchristos if (rbio != NULL && rbio == wbio)
1280*4724848cSchristos BIO_up_ref(rbio);
1281*4724848cSchristos
1282*4724848cSchristos /*
1283*4724848cSchristos * If only the wbio is changed only adopt one reference.
1284*4724848cSchristos */
1285*4724848cSchristos if (rbio == SSL_get_rbio(s)) {
1286*4724848cSchristos SSL_set0_wbio(s, wbio);
1287*4724848cSchristos return;
1288c9496f6bSchristos }
1289*4724848cSchristos /*
1290*4724848cSchristos * There is an asymmetry here for historical reasons. If only the rbio is
1291*4724848cSchristos * changed AND the rbio and wbio were originally different, then we only
1292*4724848cSchristos * adopt one reference.
1293*4724848cSchristos */
1294*4724848cSchristos if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
1295*4724848cSchristos SSL_set0_rbio(s, rbio);
1296*4724848cSchristos return;
1297c9496f6bSchristos }
1298*4724848cSchristos
1299*4724848cSchristos /* Otherwise, adopt both references. */
1300*4724848cSchristos SSL_set0_rbio(s, rbio);
1301*4724848cSchristos SSL_set0_wbio(s, wbio);
1302c9496f6bSchristos }
1303c9496f6bSchristos
SSL_get_rbio(const SSL * s)1304c9496f6bSchristos BIO *SSL_get_rbio(const SSL *s)
1305c9496f6bSchristos {
1306*4724848cSchristos return s->rbio;
1307c9496f6bSchristos }
1308c9496f6bSchristos
SSL_get_wbio(const SSL * s)1309c9496f6bSchristos BIO *SSL_get_wbio(const SSL *s)
1310c9496f6bSchristos {
1311*4724848cSchristos if (s->bbio != NULL) {
1312*4724848cSchristos /*
1313*4724848cSchristos * If |bbio| is active, the true caller-configured BIO is its
1314*4724848cSchristos * |next_bio|.
1315*4724848cSchristos */
1316*4724848cSchristos return BIO_next(s->bbio);
1317*4724848cSchristos }
1318*4724848cSchristos return s->wbio;
1319c9496f6bSchristos }
1320c9496f6bSchristos
SSL_get_fd(const SSL * s)1321c9496f6bSchristos int SSL_get_fd(const SSL *s)
1322c9496f6bSchristos {
1323*4724848cSchristos return SSL_get_rfd(s);
1324c9496f6bSchristos }
1325c9496f6bSchristos
SSL_get_rfd(const SSL * s)1326c9496f6bSchristos int SSL_get_rfd(const SSL *s)
1327c9496f6bSchristos {
1328c9496f6bSchristos int ret = -1;
1329c9496f6bSchristos BIO *b, *r;
1330c9496f6bSchristos
1331c9496f6bSchristos b = SSL_get_rbio(s);
1332c9496f6bSchristos r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
1333c9496f6bSchristos if (r != NULL)
1334c9496f6bSchristos BIO_get_fd(r, &ret);
1335*4724848cSchristos return ret;
1336c9496f6bSchristos }
1337c9496f6bSchristos
SSL_get_wfd(const SSL * s)1338c9496f6bSchristos int SSL_get_wfd(const SSL *s)
1339c9496f6bSchristos {
1340c9496f6bSchristos int ret = -1;
1341c9496f6bSchristos BIO *b, *r;
1342c9496f6bSchristos
1343c9496f6bSchristos b = SSL_get_wbio(s);
1344c9496f6bSchristos r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
1345c9496f6bSchristos if (r != NULL)
1346c9496f6bSchristos BIO_get_fd(r, &ret);
1347*4724848cSchristos return ret;
1348c9496f6bSchristos }
1349c9496f6bSchristos
1350c9496f6bSchristos #ifndef OPENSSL_NO_SOCK
SSL_set_fd(SSL * s,int fd)1351c9496f6bSchristos int SSL_set_fd(SSL *s, int fd)
1352c9496f6bSchristos {
1353c9496f6bSchristos int ret = 0;
1354c9496f6bSchristos BIO *bio = NULL;
1355c9496f6bSchristos
1356c9496f6bSchristos bio = BIO_new(BIO_s_socket());
1357c9496f6bSchristos
1358c9496f6bSchristos if (bio == NULL) {
1359c9496f6bSchristos SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
1360c9496f6bSchristos goto err;
1361c9496f6bSchristos }
1362c9496f6bSchristos BIO_set_fd(bio, fd, BIO_NOCLOSE);
1363c9496f6bSchristos SSL_set_bio(s, bio, bio);
1364c9496f6bSchristos ret = 1;
1365c9496f6bSchristos err:
1366*4724848cSchristos return ret;
1367c9496f6bSchristos }
1368c9496f6bSchristos
SSL_set_wfd(SSL * s,int fd)1369c9496f6bSchristos int SSL_set_wfd(SSL *s, int fd)
1370c9496f6bSchristos {
1371*4724848cSchristos BIO *rbio = SSL_get_rbio(s);
1372c9496f6bSchristos
1373*4724848cSchristos if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
1374*4724848cSchristos || (int)BIO_get_fd(rbio, NULL) != fd) {
1375*4724848cSchristos BIO *bio = BIO_new(BIO_s_socket());
1376c9496f6bSchristos
1377c9496f6bSchristos if (bio == NULL) {
1378c9496f6bSchristos SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
1379*4724848cSchristos return 0;
1380c9496f6bSchristos }
1381c9496f6bSchristos BIO_set_fd(bio, fd, BIO_NOCLOSE);
1382*4724848cSchristos SSL_set0_wbio(s, bio);
1383*4724848cSchristos } else {
1384*4724848cSchristos BIO_up_ref(rbio);
1385*4724848cSchristos SSL_set0_wbio(s, rbio);
1386*4724848cSchristos }
1387*4724848cSchristos return 1;
1388c9496f6bSchristos }
1389c9496f6bSchristos
SSL_set_rfd(SSL * s,int fd)1390c9496f6bSchristos int SSL_set_rfd(SSL *s, int fd)
1391c9496f6bSchristos {
1392*4724848cSchristos BIO *wbio = SSL_get_wbio(s);
1393c9496f6bSchristos
1394*4724848cSchristos if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
1395*4724848cSchristos || ((int)BIO_get_fd(wbio, NULL) != fd)) {
1396*4724848cSchristos BIO *bio = BIO_new(BIO_s_socket());
1397c9496f6bSchristos
1398c9496f6bSchristos if (bio == NULL) {
1399c9496f6bSchristos SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
1400*4724848cSchristos return 0;
1401c9496f6bSchristos }
1402c9496f6bSchristos BIO_set_fd(bio, fd, BIO_NOCLOSE);
1403*4724848cSchristos SSL_set0_rbio(s, bio);
1404*4724848cSchristos } else {
1405*4724848cSchristos BIO_up_ref(wbio);
1406*4724848cSchristos SSL_set0_rbio(s, wbio);
1407*4724848cSchristos }
1408*4724848cSchristos
1409*4724848cSchristos return 1;
1410c9496f6bSchristos }
1411c9496f6bSchristos #endif
1412c9496f6bSchristos
1413c9496f6bSchristos /* return length of latest Finished message we sent, copy to 'buf' */
SSL_get_finished(const SSL * s,void * buf,size_t count)1414c9496f6bSchristos size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
1415c9496f6bSchristos {
1416c9496f6bSchristos size_t ret = 0;
1417c9496f6bSchristos
1418c9496f6bSchristos if (s->s3 != NULL) {
1419c9496f6bSchristos ret = s->s3->tmp.finish_md_len;
1420c9496f6bSchristos if (count > ret)
1421c9496f6bSchristos count = ret;
1422c9496f6bSchristos memcpy(buf, s->s3->tmp.finish_md, count);
1423c9496f6bSchristos }
1424c9496f6bSchristos return ret;
1425c9496f6bSchristos }
1426c9496f6bSchristos
1427c9496f6bSchristos /* return length of latest Finished message we expected, copy to 'buf' */
SSL_get_peer_finished(const SSL * s,void * buf,size_t count)1428c9496f6bSchristos size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
1429c9496f6bSchristos {
1430c9496f6bSchristos size_t ret = 0;
1431c9496f6bSchristos
1432c9496f6bSchristos if (s->s3 != NULL) {
1433c9496f6bSchristos ret = s->s3->tmp.peer_finish_md_len;
1434c9496f6bSchristos if (count > ret)
1435c9496f6bSchristos count = ret;
1436c9496f6bSchristos memcpy(buf, s->s3->tmp.peer_finish_md, count);
1437c9496f6bSchristos }
1438c9496f6bSchristos return ret;
1439c9496f6bSchristos }
1440c9496f6bSchristos
SSL_get_verify_mode(const SSL * s)1441c9496f6bSchristos int SSL_get_verify_mode(const SSL *s)
1442c9496f6bSchristos {
1443*4724848cSchristos return s->verify_mode;
1444c9496f6bSchristos }
1445c9496f6bSchristos
SSL_get_verify_depth(const SSL * s)1446c9496f6bSchristos int SSL_get_verify_depth(const SSL *s)
1447c9496f6bSchristos {
1448c9496f6bSchristos return X509_VERIFY_PARAM_get_depth(s->param);
1449c9496f6bSchristos }
1450c9496f6bSchristos
SSL_get_verify_callback(const SSL * s)1451c9496f6bSchristos int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
1452*4724848cSchristos return s->verify_callback;
1453c9496f6bSchristos }
1454c9496f6bSchristos
SSL_CTX_get_verify_mode(const SSL_CTX * ctx)1455c9496f6bSchristos int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
1456c9496f6bSchristos {
1457*4724848cSchristos return ctx->verify_mode;
1458c9496f6bSchristos }
1459c9496f6bSchristos
SSL_CTX_get_verify_depth(const SSL_CTX * ctx)1460c9496f6bSchristos int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
1461c9496f6bSchristos {
1462c9496f6bSchristos return X509_VERIFY_PARAM_get_depth(ctx->param);
1463c9496f6bSchristos }
1464c9496f6bSchristos
SSL_CTX_get_verify_callback(const SSL_CTX * ctx)1465c9496f6bSchristos int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
1466*4724848cSchristos return ctx->default_verify_callback;
1467c9496f6bSchristos }
1468c9496f6bSchristos
SSL_set_verify(SSL * s,int mode,int (* callback)(int ok,X509_STORE_CTX * ctx))1469c9496f6bSchristos void SSL_set_verify(SSL *s, int mode,
1470c9496f6bSchristos int (*callback) (int ok, X509_STORE_CTX *ctx))
1471c9496f6bSchristos {
1472c9496f6bSchristos s->verify_mode = mode;
1473c9496f6bSchristos if (callback != NULL)
1474c9496f6bSchristos s->verify_callback = callback;
1475c9496f6bSchristos }
1476c9496f6bSchristos
SSL_set_verify_depth(SSL * s,int depth)1477c9496f6bSchristos void SSL_set_verify_depth(SSL *s, int depth)
1478c9496f6bSchristos {
1479c9496f6bSchristos X509_VERIFY_PARAM_set_depth(s->param, depth);
1480c9496f6bSchristos }
1481c9496f6bSchristos
SSL_set_read_ahead(SSL * s,int yes)1482c9496f6bSchristos void SSL_set_read_ahead(SSL *s, int yes)
1483c9496f6bSchristos {
1484*4724848cSchristos RECORD_LAYER_set_read_ahead(&s->rlayer, yes);
1485c9496f6bSchristos }
1486c9496f6bSchristos
SSL_get_read_ahead(const SSL * s)1487c9496f6bSchristos int SSL_get_read_ahead(const SSL *s)
1488c9496f6bSchristos {
1489*4724848cSchristos return RECORD_LAYER_get_read_ahead(&s->rlayer);
1490c9496f6bSchristos }
1491c9496f6bSchristos
SSL_pending(const SSL * s)1492c9496f6bSchristos int SSL_pending(const SSL *s)
1493c9496f6bSchristos {
1494*4724848cSchristos size_t pending = s->method->ssl_pending(s);
1495*4724848cSchristos
1496c9496f6bSchristos /*
1497c9496f6bSchristos * SSL_pending cannot work properly if read-ahead is enabled
1498c9496f6bSchristos * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
1499c9496f6bSchristos * impossible to fix since SSL_pending cannot report errors that may be
1500c9496f6bSchristos * observed while scanning the new data. (Note that SSL_pending() is
1501c9496f6bSchristos * often used as a boolean value, so we'd better not return -1.)
1502*4724848cSchristos *
1503*4724848cSchristos * SSL_pending also cannot work properly if the value >INT_MAX. In that case
1504*4724848cSchristos * we just return INT_MAX.
1505c9496f6bSchristos */
1506*4724848cSchristos return pending < INT_MAX ? (int)pending : INT_MAX;
1507*4724848cSchristos }
1508*4724848cSchristos
SSL_has_pending(const SSL * s)1509*4724848cSchristos int SSL_has_pending(const SSL *s)
1510*4724848cSchristos {
1511*4724848cSchristos /*
1512*4724848cSchristos * Similar to SSL_pending() but returns a 1 to indicate that we have
1513*4724848cSchristos * processed or unprocessed data available or 0 otherwise (as opposed to the
1514*4724848cSchristos * number of bytes available). Unlike SSL_pending() this will take into
1515*4724848cSchristos * account read_ahead data. A 1 return simply indicates that we have data.
1516*4724848cSchristos * That data may not result in any application data, or we may fail to parse
1517*4724848cSchristos * the records for some reason.
1518*4724848cSchristos */
1519*4724848cSchristos
1520*4724848cSchristos /* Check buffered app data if any first */
1521*4724848cSchristos if (SSL_IS_DTLS(s)) {
1522*4724848cSchristos DTLS1_RECORD_DATA *rdata;
1523*4724848cSchristos pitem *item, *iter;
1524*4724848cSchristos
1525*4724848cSchristos iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q);
1526*4724848cSchristos while ((item = pqueue_next(&iter)) != NULL) {
1527*4724848cSchristos rdata = item->data;
1528*4724848cSchristos if (rdata->rrec.length > 0)
1529*4724848cSchristos return 1;
1530*4724848cSchristos }
1531*4724848cSchristos }
1532*4724848cSchristos
1533*4724848cSchristos if (RECORD_LAYER_processed_read_pending(&s->rlayer))
1534*4724848cSchristos return 1;
1535*4724848cSchristos
1536*4724848cSchristos return RECORD_LAYER_read_pending(&s->rlayer);
1537c9496f6bSchristos }
1538c9496f6bSchristos
SSL_get_peer_certificate(const SSL * s)1539c9496f6bSchristos X509 *SSL_get_peer_certificate(const SSL *s)
1540c9496f6bSchristos {
1541c9496f6bSchristos X509 *r;
1542c9496f6bSchristos
1543c9496f6bSchristos if ((s == NULL) || (s->session == NULL))
1544c9496f6bSchristos r = NULL;
1545c9496f6bSchristos else
1546c9496f6bSchristos r = s->session->peer;
1547c9496f6bSchristos
1548c9496f6bSchristos if (r == NULL)
1549*4724848cSchristos return r;
1550c9496f6bSchristos
1551*4724848cSchristos X509_up_ref(r);
1552c9496f6bSchristos
1553*4724848cSchristos return r;
1554c9496f6bSchristos }
1555c9496f6bSchristos
STACK_OF(X509)1556c9496f6bSchristos STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
1557c9496f6bSchristos {
1558c9496f6bSchristos STACK_OF(X509) *r;
1559c9496f6bSchristos
1560*4724848cSchristos if ((s == NULL) || (s->session == NULL))
1561c9496f6bSchristos r = NULL;
1562c9496f6bSchristos else
1563*4724848cSchristos r = s->session->peer_chain;
1564c9496f6bSchristos
1565c9496f6bSchristos /*
1566c9496f6bSchristos * If we are a client, cert_chain includes the peer's own certificate; if
1567c9496f6bSchristos * we are a server, it does not.
1568c9496f6bSchristos */
1569c9496f6bSchristos
1570*4724848cSchristos return r;
1571c9496f6bSchristos }
1572c9496f6bSchristos
1573c9496f6bSchristos /*
1574c9496f6bSchristos * Now in theory, since the calling process own 't' it should be safe to
1575c9496f6bSchristos * modify. We need to be able to read f without being hassled
1576c9496f6bSchristos */
SSL_copy_session_id(SSL * t,const SSL * f)1577*4724848cSchristos int SSL_copy_session_id(SSL *t, const SSL *f)
1578c9496f6bSchristos {
1579*4724848cSchristos int i;
1580c9496f6bSchristos /* Do we need to to SSL locking? */
1581*4724848cSchristos if (!SSL_set_session(t, SSL_get_session(f))) {
1582*4724848cSchristos return 0;
1583c9496f6bSchristos }
1584c9496f6bSchristos
1585*4724848cSchristos /*
1586*4724848cSchristos * what if we are setup for one protocol version but want to talk another
1587*4724848cSchristos */
1588*4724848cSchristos if (t->method != f->method) {
1589*4724848cSchristos t->method->ssl_free(t);
1590*4724848cSchristos t->method = f->method;
1591*4724848cSchristos if (t->method->ssl_new(t) == 0)
1592*4724848cSchristos return 0;
1593*4724848cSchristos }
1594*4724848cSchristos
1595*4724848cSchristos CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock);
1596*4724848cSchristos ssl_cert_free(t->cert);
1597c9496f6bSchristos t->cert = f->cert;
1598*4724848cSchristos if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) {
1599*4724848cSchristos return 0;
1600*4724848cSchristos }
1601*4724848cSchristos
1602*4724848cSchristos return 1;
1603c9496f6bSchristos }
1604c9496f6bSchristos
1605c9496f6bSchristos /* Fix this so it checks all the valid key/cert options */
SSL_CTX_check_private_key(const SSL_CTX * ctx)1606c9496f6bSchristos int SSL_CTX_check_private_key(const SSL_CTX *ctx)
1607c9496f6bSchristos {
1608*4724848cSchristos if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
1609*4724848cSchristos SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
1610*4724848cSchristos return 0;
1611c9496f6bSchristos }
1612c9496f6bSchristos if (ctx->cert->key->privatekey == NULL) {
1613*4724848cSchristos SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
1614*4724848cSchristos return 0;
1615c9496f6bSchristos }
1616*4724848cSchristos return X509_check_private_key
1617*4724848cSchristos (ctx->cert->key->x509, ctx->cert->key->privatekey);
1618c9496f6bSchristos }
1619c9496f6bSchristos
1620c9496f6bSchristos /* Fix this function so that it takes an optional type parameter */
SSL_check_private_key(const SSL * ssl)1621c9496f6bSchristos int SSL_check_private_key(const SSL *ssl)
1622c9496f6bSchristos {
1623c9496f6bSchristos if (ssl == NULL) {
1624c9496f6bSchristos SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
1625c9496f6bSchristos return 0;
1626c9496f6bSchristos }
1627c9496f6bSchristos if (ssl->cert->key->x509 == NULL) {
1628c9496f6bSchristos SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
1629*4724848cSchristos return 0;
1630c9496f6bSchristos }
1631c9496f6bSchristos if (ssl->cert->key->privatekey == NULL) {
1632c9496f6bSchristos SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
1633*4724848cSchristos return 0;
1634c9496f6bSchristos }
1635*4724848cSchristos return X509_check_private_key(ssl->cert->key->x509,
1636*4724848cSchristos ssl->cert->key->privatekey);
1637*4724848cSchristos }
1638*4724848cSchristos
SSL_waiting_for_async(SSL * s)1639*4724848cSchristos int SSL_waiting_for_async(SSL *s)
1640*4724848cSchristos {
1641*4724848cSchristos if (s->job)
1642*4724848cSchristos return 1;
1643*4724848cSchristos
1644*4724848cSchristos return 0;
1645*4724848cSchristos }
1646*4724848cSchristos
SSL_get_all_async_fds(SSL * s,OSSL_ASYNC_FD * fds,size_t * numfds)1647*4724848cSchristos int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
1648*4724848cSchristos {
1649*4724848cSchristos ASYNC_WAIT_CTX *ctx = s->waitctx;
1650*4724848cSchristos
1651*4724848cSchristos if (ctx == NULL)
1652*4724848cSchristos return 0;
1653*4724848cSchristos return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
1654*4724848cSchristos }
1655*4724848cSchristos
SSL_get_changed_async_fds(SSL * s,OSSL_ASYNC_FD * addfd,size_t * numaddfds,OSSL_ASYNC_FD * delfd,size_t * numdelfds)1656*4724848cSchristos int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
1657*4724848cSchristos OSSL_ASYNC_FD *delfd, size_t *numdelfds)
1658*4724848cSchristos {
1659*4724848cSchristos ASYNC_WAIT_CTX *ctx = s->waitctx;
1660*4724848cSchristos
1661*4724848cSchristos if (ctx == NULL)
1662*4724848cSchristos return 0;
1663*4724848cSchristos return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
1664*4724848cSchristos numdelfds);
1665c9496f6bSchristos }
1666c9496f6bSchristos
SSL_accept(SSL * s)1667c9496f6bSchristos int SSL_accept(SSL *s)
1668c9496f6bSchristos {
1669*4724848cSchristos if (s->handshake_func == NULL) {
1670c9496f6bSchristos /* Not properly initialized yet */
1671c9496f6bSchristos SSL_set_accept_state(s);
1672*4724848cSchristos }
1673c9496f6bSchristos
1674*4724848cSchristos return SSL_do_handshake(s);
1675c9496f6bSchristos }
1676c9496f6bSchristos
SSL_connect(SSL * s)1677c9496f6bSchristos int SSL_connect(SSL *s)
1678c9496f6bSchristos {
1679*4724848cSchristos if (s->handshake_func == NULL) {
1680c9496f6bSchristos /* Not properly initialized yet */
1681c9496f6bSchristos SSL_set_connect_state(s);
1682*4724848cSchristos }
1683c9496f6bSchristos
1684*4724848cSchristos return SSL_do_handshake(s);
1685c9496f6bSchristos }
1686c9496f6bSchristos
SSL_get_default_timeout(const SSL * s)1687c9496f6bSchristos long SSL_get_default_timeout(const SSL *s)
1688c9496f6bSchristos {
1689*4724848cSchristos return s->method->get_timeout();
1690c9496f6bSchristos }
1691c9496f6bSchristos
ssl_start_async_job(SSL * s,struct ssl_async_args * args,int (* func)(void *))1692*4724848cSchristos static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
1693*4724848cSchristos int (*func) (void *))
1694c9496f6bSchristos {
1695*4724848cSchristos int ret;
1696*4724848cSchristos if (s->waitctx == NULL) {
1697*4724848cSchristos s->waitctx = ASYNC_WAIT_CTX_new();
1698*4724848cSchristos if (s->waitctx == NULL)
1699*4724848cSchristos return -1;
1700*4724848cSchristos }
1701*4724848cSchristos
1702*4724848cSchristos s->rwstate = SSL_NOTHING;
1703*4724848cSchristos switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
1704*4724848cSchristos sizeof(struct ssl_async_args))) {
1705*4724848cSchristos case ASYNC_ERR:
1706*4724848cSchristos s->rwstate = SSL_NOTHING;
1707*4724848cSchristos SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
1708*4724848cSchristos return -1;
1709*4724848cSchristos case ASYNC_PAUSE:
1710*4724848cSchristos s->rwstate = SSL_ASYNC_PAUSED;
1711*4724848cSchristos return -1;
1712*4724848cSchristos case ASYNC_NO_JOBS:
1713*4724848cSchristos s->rwstate = SSL_ASYNC_NO_JOBS;
1714*4724848cSchristos return -1;
1715*4724848cSchristos case ASYNC_FINISH:
1716*4724848cSchristos s->job = NULL;
1717*4724848cSchristos return ret;
1718*4724848cSchristos default:
1719*4724848cSchristos s->rwstate = SSL_NOTHING;
1720*4724848cSchristos SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
1721*4724848cSchristos /* Shouldn't happen */
1722*4724848cSchristos return -1;
1723*4724848cSchristos }
1724*4724848cSchristos }
1725*4724848cSchristos
ssl_io_intern(void * vargs)1726*4724848cSchristos static int ssl_io_intern(void *vargs)
1727*4724848cSchristos {
1728*4724848cSchristos struct ssl_async_args *args;
1729*4724848cSchristos SSL *s;
1730*4724848cSchristos void *buf;
1731*4724848cSchristos size_t num;
1732*4724848cSchristos
1733*4724848cSchristos args = (struct ssl_async_args *)vargs;
1734*4724848cSchristos s = args->s;
1735*4724848cSchristos buf = args->buf;
1736*4724848cSchristos num = args->num;
1737*4724848cSchristos switch (args->type) {
1738*4724848cSchristos case READFUNC:
1739*4724848cSchristos return args->f.func_read(s, buf, num, &s->asyncrw);
1740*4724848cSchristos case WRITEFUNC:
1741*4724848cSchristos return args->f.func_write(s, buf, num, &s->asyncrw);
1742*4724848cSchristos case OTHERFUNC:
1743*4724848cSchristos return args->f.func_other(s);
1744*4724848cSchristos }
1745*4724848cSchristos return -1;
1746*4724848cSchristos }
1747*4724848cSchristos
ssl_read_internal(SSL * s,void * buf,size_t num,size_t * readbytes)1748*4724848cSchristos int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
1749*4724848cSchristos {
1750*4724848cSchristos if (s->handshake_func == NULL) {
1751*4724848cSchristos SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED);
1752c9496f6bSchristos return -1;
1753c9496f6bSchristos }
1754c9496f6bSchristos
1755c9496f6bSchristos if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1756c9496f6bSchristos s->rwstate = SSL_NOTHING;
1757*4724848cSchristos return 0;
1758c9496f6bSchristos }
1759c9496f6bSchristos
1760*4724848cSchristos if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
1761*4724848cSchristos || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
1762*4724848cSchristos SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1763*4724848cSchristos return 0;
1764*4724848cSchristos }
1765*4724848cSchristos /*
1766*4724848cSchristos * If we are a client and haven't received the ServerHello etc then we
1767*4724848cSchristos * better do that
1768*4724848cSchristos */
1769*4724848cSchristos ossl_statem_check_finish_init(s, 0);
1770*4724848cSchristos
1771*4724848cSchristos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
1772*4724848cSchristos struct ssl_async_args args;
1773*4724848cSchristos int ret;
1774*4724848cSchristos
1775*4724848cSchristos args.s = s;
1776*4724848cSchristos args.buf = buf;
1777*4724848cSchristos args.num = num;
1778*4724848cSchristos args.type = READFUNC;
1779*4724848cSchristos args.f.func_read = s->method->ssl_read;
1780*4724848cSchristos
1781*4724848cSchristos ret = ssl_start_async_job(s, &args, ssl_io_intern);
1782*4724848cSchristos *readbytes = s->asyncrw;
1783*4724848cSchristos return ret;
1784*4724848cSchristos } else {
1785*4724848cSchristos return s->method->ssl_read(s, buf, num, readbytes);
1786*4724848cSchristos }
1787*4724848cSchristos }
1788*4724848cSchristos
SSL_read(SSL * s,void * buf,int num)1789*4724848cSchristos int SSL_read(SSL *s, void *buf, int num)
1790c9496f6bSchristos {
1791*4724848cSchristos int ret;
1792*4724848cSchristos size_t readbytes;
1793*4724848cSchristos
1794*4724848cSchristos if (num < 0) {
1795*4724848cSchristos SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
1796*4724848cSchristos return -1;
1797*4724848cSchristos }
1798*4724848cSchristos
1799*4724848cSchristos ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
1800*4724848cSchristos
1801*4724848cSchristos /*
1802*4724848cSchristos * The cast is safe here because ret should be <= INT_MAX because num is
1803*4724848cSchristos * <= INT_MAX
1804*4724848cSchristos */
1805*4724848cSchristos if (ret > 0)
1806*4724848cSchristos ret = (int)readbytes;
1807*4724848cSchristos
1808*4724848cSchristos return ret;
1809*4724848cSchristos }
1810*4724848cSchristos
SSL_read_ex(SSL * s,void * buf,size_t num,size_t * readbytes)1811*4724848cSchristos int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
1812*4724848cSchristos {
1813*4724848cSchristos int ret = ssl_read_internal(s, buf, num, readbytes);
1814*4724848cSchristos
1815*4724848cSchristos if (ret < 0)
1816*4724848cSchristos ret = 0;
1817*4724848cSchristos return ret;
1818*4724848cSchristos }
1819*4724848cSchristos
SSL_read_early_data(SSL * s,void * buf,size_t num,size_t * readbytes)1820*4724848cSchristos int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
1821*4724848cSchristos {
1822*4724848cSchristos int ret;
1823*4724848cSchristos
1824*4724848cSchristos if (!s->server) {
1825*4724848cSchristos SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1826*4724848cSchristos return SSL_READ_EARLY_DATA_ERROR;
1827*4724848cSchristos }
1828*4724848cSchristos
1829*4724848cSchristos switch (s->early_data_state) {
1830*4724848cSchristos case SSL_EARLY_DATA_NONE:
1831*4724848cSchristos if (!SSL_in_before(s)) {
1832*4724848cSchristos SSLerr(SSL_F_SSL_READ_EARLY_DATA,
1833*4724848cSchristos ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1834*4724848cSchristos return SSL_READ_EARLY_DATA_ERROR;
1835*4724848cSchristos }
1836*4724848cSchristos /* fall through */
1837*4724848cSchristos
1838*4724848cSchristos case SSL_EARLY_DATA_ACCEPT_RETRY:
1839*4724848cSchristos s->early_data_state = SSL_EARLY_DATA_ACCEPTING;
1840*4724848cSchristos ret = SSL_accept(s);
1841*4724848cSchristos if (ret <= 0) {
1842*4724848cSchristos /* NBIO or error */
1843*4724848cSchristos s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
1844*4724848cSchristos return SSL_READ_EARLY_DATA_ERROR;
1845*4724848cSchristos }
1846*4724848cSchristos /* fall through */
1847*4724848cSchristos
1848*4724848cSchristos case SSL_EARLY_DATA_READ_RETRY:
1849*4724848cSchristos if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
1850*4724848cSchristos s->early_data_state = SSL_EARLY_DATA_READING;
1851*4724848cSchristos ret = SSL_read_ex(s, buf, num, readbytes);
1852*4724848cSchristos /*
1853*4724848cSchristos * State machine will update early_data_state to
1854*4724848cSchristos * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
1855*4724848cSchristos * message
1856*4724848cSchristos */
1857*4724848cSchristos if (ret > 0 || (ret <= 0 && s->early_data_state
1858*4724848cSchristos != SSL_EARLY_DATA_FINISHED_READING)) {
1859*4724848cSchristos s->early_data_state = SSL_EARLY_DATA_READ_RETRY;
1860*4724848cSchristos return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
1861*4724848cSchristos : SSL_READ_EARLY_DATA_ERROR;
1862*4724848cSchristos }
1863*4724848cSchristos } else {
1864*4724848cSchristos s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
1865*4724848cSchristos }
1866*4724848cSchristos *readbytes = 0;
1867*4724848cSchristos return SSL_READ_EARLY_DATA_FINISH;
1868*4724848cSchristos
1869*4724848cSchristos default:
1870*4724848cSchristos SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1871*4724848cSchristos return SSL_READ_EARLY_DATA_ERROR;
1872*4724848cSchristos }
1873*4724848cSchristos }
1874*4724848cSchristos
SSL_get_early_data_status(const SSL * s)1875*4724848cSchristos int SSL_get_early_data_status(const SSL *s)
1876*4724848cSchristos {
1877*4724848cSchristos return s->ext.early_data;
1878*4724848cSchristos }
1879*4724848cSchristos
ssl_peek_internal(SSL * s,void * buf,size_t num,size_t * readbytes)1880*4724848cSchristos static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
1881*4724848cSchristos {
1882*4724848cSchristos if (s->handshake_func == NULL) {
1883*4724848cSchristos SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED);
1884c9496f6bSchristos return -1;
1885c9496f6bSchristos }
1886c9496f6bSchristos
1887c9496f6bSchristos if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1888*4724848cSchristos return 0;
1889c9496f6bSchristos }
1890*4724848cSchristos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
1891*4724848cSchristos struct ssl_async_args args;
1892*4724848cSchristos int ret;
1893*4724848cSchristos
1894*4724848cSchristos args.s = s;
1895*4724848cSchristos args.buf = buf;
1896*4724848cSchristos args.num = num;
1897*4724848cSchristos args.type = READFUNC;
1898*4724848cSchristos args.f.func_read = s->method->ssl_peek;
1899*4724848cSchristos
1900*4724848cSchristos ret = ssl_start_async_job(s, &args, ssl_io_intern);
1901*4724848cSchristos *readbytes = s->asyncrw;
1902*4724848cSchristos return ret;
1903*4724848cSchristos } else {
1904*4724848cSchristos return s->method->ssl_peek(s, buf, num, readbytes);
1905*4724848cSchristos }
1906c9496f6bSchristos }
1907c9496f6bSchristos
SSL_peek(SSL * s,void * buf,int num)1908*4724848cSchristos int SSL_peek(SSL *s, void *buf, int num)
1909c9496f6bSchristos {
1910*4724848cSchristos int ret;
1911*4724848cSchristos size_t readbytes;
1912*4724848cSchristos
1913*4724848cSchristos if (num < 0) {
1914*4724848cSchristos SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
1915*4724848cSchristos return -1;
1916*4724848cSchristos }
1917*4724848cSchristos
1918*4724848cSchristos ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
1919*4724848cSchristos
1920*4724848cSchristos /*
1921*4724848cSchristos * The cast is safe here because ret should be <= INT_MAX because num is
1922*4724848cSchristos * <= INT_MAX
1923*4724848cSchristos */
1924*4724848cSchristos if (ret > 0)
1925*4724848cSchristos ret = (int)readbytes;
1926*4724848cSchristos
1927*4724848cSchristos return ret;
1928*4724848cSchristos }
1929*4724848cSchristos
1930*4724848cSchristos
SSL_peek_ex(SSL * s,void * buf,size_t num,size_t * readbytes)1931*4724848cSchristos int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
1932*4724848cSchristos {
1933*4724848cSchristos int ret = ssl_peek_internal(s, buf, num, readbytes);
1934*4724848cSchristos
1935*4724848cSchristos if (ret < 0)
1936*4724848cSchristos ret = 0;
1937*4724848cSchristos return ret;
1938*4724848cSchristos }
1939*4724848cSchristos
ssl_write_internal(SSL * s,const void * buf,size_t num,size_t * written)1940*4724848cSchristos int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
1941*4724848cSchristos {
1942*4724848cSchristos if (s->handshake_func == NULL) {
1943*4724848cSchristos SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED);
1944c9496f6bSchristos return -1;
1945c9496f6bSchristos }
1946c9496f6bSchristos
1947c9496f6bSchristos if (s->shutdown & SSL_SENT_SHUTDOWN) {
1948c9496f6bSchristos s->rwstate = SSL_NOTHING;
1949*4724848cSchristos SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN);
1950*4724848cSchristos return -1;
1951c9496f6bSchristos }
1952*4724848cSchristos
1953*4724848cSchristos if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
1954*4724848cSchristos || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
1955*4724848cSchristos || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
1956*4724848cSchristos SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1957*4724848cSchristos return 0;
1958*4724848cSchristos }
1959*4724848cSchristos /* If we are a client and haven't sent the Finished we better do that */
1960*4724848cSchristos ossl_statem_check_finish_init(s, 1);
1961*4724848cSchristos
1962*4724848cSchristos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
1963*4724848cSchristos int ret;
1964*4724848cSchristos struct ssl_async_args args;
1965*4724848cSchristos
1966*4724848cSchristos args.s = s;
1967*4724848cSchristos args.buf = (void *)buf;
1968*4724848cSchristos args.num = num;
1969*4724848cSchristos args.type = WRITEFUNC;
1970*4724848cSchristos args.f.func_write = s->method->ssl_write;
1971*4724848cSchristos
1972*4724848cSchristos ret = ssl_start_async_job(s, &args, ssl_io_intern);
1973*4724848cSchristos *written = s->asyncrw;
1974*4724848cSchristos return ret;
1975*4724848cSchristos } else {
1976*4724848cSchristos return s->method->ssl_write(s, buf, num, written);
1977*4724848cSchristos }
1978*4724848cSchristos }
1979*4724848cSchristos
SSL_write(SSL * s,const void * buf,int num)1980*4724848cSchristos int SSL_write(SSL *s, const void *buf, int num)
1981*4724848cSchristos {
1982*4724848cSchristos int ret;
1983*4724848cSchristos size_t written;
1984*4724848cSchristos
1985*4724848cSchristos if (num < 0) {
1986*4724848cSchristos SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH);
1987*4724848cSchristos return -1;
1988*4724848cSchristos }
1989*4724848cSchristos
1990*4724848cSchristos ret = ssl_write_internal(s, buf, (size_t)num, &written);
1991*4724848cSchristos
1992*4724848cSchristos /*
1993*4724848cSchristos * The cast is safe here because ret should be <= INT_MAX because num is
1994*4724848cSchristos * <= INT_MAX
1995*4724848cSchristos */
1996*4724848cSchristos if (ret > 0)
1997*4724848cSchristos ret = (int)written;
1998*4724848cSchristos
1999*4724848cSchristos return ret;
2000*4724848cSchristos }
2001*4724848cSchristos
SSL_write_ex(SSL * s,const void * buf,size_t num,size_t * written)2002*4724848cSchristos int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
2003*4724848cSchristos {
2004*4724848cSchristos int ret = ssl_write_internal(s, buf, num, written);
2005*4724848cSchristos
2006*4724848cSchristos if (ret < 0)
2007*4724848cSchristos ret = 0;
2008*4724848cSchristos return ret;
2009*4724848cSchristos }
2010*4724848cSchristos
SSL_write_early_data(SSL * s,const void * buf,size_t num,size_t * written)2011*4724848cSchristos int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
2012*4724848cSchristos {
2013*4724848cSchristos int ret, early_data_state;
2014*4724848cSchristos size_t writtmp;
2015*4724848cSchristos uint32_t partialwrite;
2016*4724848cSchristos
2017*4724848cSchristos switch (s->early_data_state) {
2018*4724848cSchristos case SSL_EARLY_DATA_NONE:
2019*4724848cSchristos if (s->server
2020*4724848cSchristos || !SSL_in_before(s)
2021*4724848cSchristos || ((s->session == NULL || s->session->ext.max_early_data == 0)
2022*4724848cSchristos && (s->psk_use_session_cb == NULL))) {
2023*4724848cSchristos SSLerr(SSL_F_SSL_WRITE_EARLY_DATA,
2024*4724848cSchristos ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2025*4724848cSchristos return 0;
2026*4724848cSchristos }
2027*4724848cSchristos /* fall through */
2028*4724848cSchristos
2029*4724848cSchristos case SSL_EARLY_DATA_CONNECT_RETRY:
2030*4724848cSchristos s->early_data_state = SSL_EARLY_DATA_CONNECTING;
2031*4724848cSchristos ret = SSL_connect(s);
2032*4724848cSchristos if (ret <= 0) {
2033*4724848cSchristos /* NBIO or error */
2034*4724848cSchristos s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
2035*4724848cSchristos return 0;
2036*4724848cSchristos }
2037*4724848cSchristos /* fall through */
2038*4724848cSchristos
2039*4724848cSchristos case SSL_EARLY_DATA_WRITE_RETRY:
2040*4724848cSchristos s->early_data_state = SSL_EARLY_DATA_WRITING;
2041*4724848cSchristos /*
2042*4724848cSchristos * We disable partial write for early data because we don't keep track
2043*4724848cSchristos * of how many bytes we've written between the SSL_write_ex() call and
2044*4724848cSchristos * the flush if the flush needs to be retried)
2045*4724848cSchristos */
2046*4724848cSchristos partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
2047*4724848cSchristos s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
2048*4724848cSchristos ret = SSL_write_ex(s, buf, num, &writtmp);
2049*4724848cSchristos s->mode |= partialwrite;
2050*4724848cSchristos if (!ret) {
2051*4724848cSchristos s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
2052*4724848cSchristos return ret;
2053*4724848cSchristos }
2054*4724848cSchristos s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
2055*4724848cSchristos /* fall through */
2056*4724848cSchristos
2057*4724848cSchristos case SSL_EARLY_DATA_WRITE_FLUSH:
2058*4724848cSchristos /* The buffering BIO is still in place so we need to flush it */
2059*4724848cSchristos if (statem_flush(s) != 1)
2060*4724848cSchristos return 0;
2061*4724848cSchristos *written = num;
2062*4724848cSchristos s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
2063*4724848cSchristos return 1;
2064*4724848cSchristos
2065*4724848cSchristos case SSL_EARLY_DATA_FINISHED_READING:
2066*4724848cSchristos case SSL_EARLY_DATA_READ_RETRY:
2067*4724848cSchristos early_data_state = s->early_data_state;
2068*4724848cSchristos /* We are a server writing to an unauthenticated client */
2069*4724848cSchristos s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
2070*4724848cSchristos ret = SSL_write_ex(s, buf, num, written);
2071*4724848cSchristos /* The buffering BIO is still in place */
2072*4724848cSchristos if (ret)
2073*4724848cSchristos (void)BIO_flush(s->wbio);
2074*4724848cSchristos s->early_data_state = early_data_state;
2075*4724848cSchristos return ret;
2076*4724848cSchristos
2077*4724848cSchristos default:
2078*4724848cSchristos SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2079*4724848cSchristos return 0;
2080*4724848cSchristos }
2081c9496f6bSchristos }
2082c9496f6bSchristos
SSL_shutdown(SSL * s)2083c9496f6bSchristos int SSL_shutdown(SSL *s)
2084c9496f6bSchristos {
2085c9496f6bSchristos /*
2086c9496f6bSchristos * Note that this function behaves differently from what one might
2087c9496f6bSchristos * expect. Return values are 0 for no success (yet), 1 for success; but
2088c9496f6bSchristos * calling it once is usually not enough, even if blocking I/O is used
2089c9496f6bSchristos * (see ssl3_shutdown).
2090c9496f6bSchristos */
2091c9496f6bSchristos
2092*4724848cSchristos if (s->handshake_func == NULL) {
2093c9496f6bSchristos SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
2094c9496f6bSchristos return -1;
2095c9496f6bSchristos }
2096c9496f6bSchristos
2097c9496f6bSchristos if (!SSL_in_init(s)) {
2098*4724848cSchristos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
2099*4724848cSchristos struct ssl_async_args args;
2100*4724848cSchristos
2101*4724848cSchristos memset(&args, 0, sizeof(args));
2102*4724848cSchristos args.s = s;
2103*4724848cSchristos args.type = OTHERFUNC;
2104*4724848cSchristos args.f.func_other = s->method->ssl_shutdown;
2105*4724848cSchristos
2106*4724848cSchristos return ssl_start_async_job(s, &args, ssl_io_intern);
2107*4724848cSchristos } else {
2108c9496f6bSchristos return s->method->ssl_shutdown(s);
2109*4724848cSchristos }
2110c9496f6bSchristos } else {
2111c9496f6bSchristos SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
2112c9496f6bSchristos return -1;
2113c9496f6bSchristos }
2114c9496f6bSchristos }
2115c9496f6bSchristos
SSL_key_update(SSL * s,int updatetype)2116*4724848cSchristos int SSL_key_update(SSL *s, int updatetype)
2117*4724848cSchristos {
2118*4724848cSchristos /*
2119*4724848cSchristos * TODO(TLS1.3): How will applications know whether TLSv1.3 has been
2120*4724848cSchristos * negotiated, and that it is appropriate to call SSL_key_update() instead
2121*4724848cSchristos * of SSL_renegotiate().
2122*4724848cSchristos */
2123*4724848cSchristos if (!SSL_IS_TLS13(s)) {
2124*4724848cSchristos SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION);
2125*4724848cSchristos return 0;
2126*4724848cSchristos }
2127*4724848cSchristos
2128*4724848cSchristos if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
2129*4724848cSchristos && updatetype != SSL_KEY_UPDATE_REQUESTED) {
2130*4724848cSchristos SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE);
2131*4724848cSchristos return 0;
2132*4724848cSchristos }
2133*4724848cSchristos
2134*4724848cSchristos if (!SSL_is_init_finished(s)) {
2135*4724848cSchristos SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT);
2136*4724848cSchristos return 0;
2137*4724848cSchristos }
2138*4724848cSchristos
2139*4724848cSchristos if (RECORD_LAYER_write_pending(&s->rlayer)) {
2140*4724848cSchristos SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_BAD_WRITE_RETRY);
2141*4724848cSchristos return 0;
2142*4724848cSchristos }
2143*4724848cSchristos
2144*4724848cSchristos ossl_statem_set_in_init(s, 1);
2145*4724848cSchristos s->key_update = updatetype;
2146*4724848cSchristos return 1;
2147*4724848cSchristos }
2148*4724848cSchristos
SSL_get_key_update_type(const SSL * s)2149*4724848cSchristos int SSL_get_key_update_type(const SSL *s)
2150*4724848cSchristos {
2151*4724848cSchristos return s->key_update;
2152*4724848cSchristos }
2153*4724848cSchristos
SSL_renegotiate(SSL * s)2154c9496f6bSchristos int SSL_renegotiate(SSL *s)
2155c9496f6bSchristos {
2156*4724848cSchristos if (SSL_IS_TLS13(s)) {
2157*4724848cSchristos SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION);
2158*4724848cSchristos return 0;
2159*4724848cSchristos }
2160c9496f6bSchristos
2161*4724848cSchristos if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
2162*4724848cSchristos SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION);
2163*4724848cSchristos return 0;
2164*4724848cSchristos }
2165*4724848cSchristos
2166*4724848cSchristos s->renegotiate = 1;
2167c9496f6bSchristos s->new_session = 1;
2168c9496f6bSchristos
2169*4724848cSchristos return s->method->ssl_renegotiate(s);
2170c9496f6bSchristos }
2171c9496f6bSchristos
SSL_renegotiate_abbreviated(SSL * s)2172c9496f6bSchristos int SSL_renegotiate_abbreviated(SSL *s)
2173c9496f6bSchristos {
2174*4724848cSchristos if (SSL_IS_TLS13(s)) {
2175*4724848cSchristos SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION);
2176*4724848cSchristos return 0;
2177c9496f6bSchristos }
2178c9496f6bSchristos
2179*4724848cSchristos if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
2180*4724848cSchristos SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION);
2181*4724848cSchristos return 0;
2182*4724848cSchristos }
2183*4724848cSchristos
2184*4724848cSchristos s->renegotiate = 1;
2185*4724848cSchristos s->new_session = 0;
2186*4724848cSchristos
2187*4724848cSchristos return s->method->ssl_renegotiate(s);
2188*4724848cSchristos }
2189*4724848cSchristos
SSL_renegotiate_pending(const SSL * s)2190*4724848cSchristos int SSL_renegotiate_pending(const SSL *s)
2191c9496f6bSchristos {
2192c9496f6bSchristos /*
2193c9496f6bSchristos * becomes true when negotiation is requested; false again once a
2194c9496f6bSchristos * handshake has finished
2195c9496f6bSchristos */
2196c9496f6bSchristos return (s->renegotiate != 0);
2197c9496f6bSchristos }
2198c9496f6bSchristos
SSL_ctrl(SSL * s,int cmd,long larg,void * parg)2199c9496f6bSchristos long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
2200c9496f6bSchristos {
2201c9496f6bSchristos long l;
2202c9496f6bSchristos
2203c9496f6bSchristos switch (cmd) {
2204c9496f6bSchristos case SSL_CTRL_GET_READ_AHEAD:
2205*4724848cSchristos return RECORD_LAYER_get_read_ahead(&s->rlayer);
2206c9496f6bSchristos case SSL_CTRL_SET_READ_AHEAD:
2207*4724848cSchristos l = RECORD_LAYER_get_read_ahead(&s->rlayer);
2208*4724848cSchristos RECORD_LAYER_set_read_ahead(&s->rlayer, larg);
2209*4724848cSchristos return l;
2210c9496f6bSchristos
2211c9496f6bSchristos case SSL_CTRL_SET_MSG_CALLBACK_ARG:
2212c9496f6bSchristos s->msg_callback_arg = parg;
2213c9496f6bSchristos return 1;
2214c9496f6bSchristos
2215c9496f6bSchristos case SSL_CTRL_MODE:
2216c9496f6bSchristos return (s->mode |= larg);
2217c9496f6bSchristos case SSL_CTRL_CLEAR_MODE:
2218c9496f6bSchristos return (s->mode &= ~larg);
2219c9496f6bSchristos case SSL_CTRL_GET_MAX_CERT_LIST:
2220*4724848cSchristos return (long)s->max_cert_list;
2221c9496f6bSchristos case SSL_CTRL_SET_MAX_CERT_LIST:
2222*4724848cSchristos if (larg < 0)
2223*4724848cSchristos return 0;
2224*4724848cSchristos l = (long)s->max_cert_list;
2225*4724848cSchristos s->max_cert_list = (size_t)larg;
2226*4724848cSchristos return l;
2227c9496f6bSchristos case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
2228c9496f6bSchristos if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
2229c9496f6bSchristos return 0;
2230c9496f6bSchristos s->max_send_fragment = larg;
2231*4724848cSchristos if (s->max_send_fragment < s->split_send_fragment)
2232*4724848cSchristos s->split_send_fragment = s->max_send_fragment;
2233*4724848cSchristos return 1;
2234*4724848cSchristos case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
2235*4724848cSchristos if ((size_t)larg > s->max_send_fragment || larg == 0)
2236*4724848cSchristos return 0;
2237*4724848cSchristos s->split_send_fragment = larg;
2238*4724848cSchristos return 1;
2239*4724848cSchristos case SSL_CTRL_SET_MAX_PIPELINES:
2240*4724848cSchristos if (larg < 1 || larg > SSL_MAX_PIPELINES)
2241*4724848cSchristos return 0;
2242*4724848cSchristos s->max_pipelines = larg;
2243*4724848cSchristos if (larg > 1)
2244*4724848cSchristos RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
2245c9496f6bSchristos return 1;
2246c9496f6bSchristos case SSL_CTRL_GET_RI_SUPPORT:
2247c9496f6bSchristos if (s->s3)
2248c9496f6bSchristos return s->s3->send_connection_binding;
2249c9496f6bSchristos else
2250c9496f6bSchristos return 0;
2251c9496f6bSchristos case SSL_CTRL_CERT_FLAGS:
2252c9496f6bSchristos return (s->cert->cert_flags |= larg);
2253c9496f6bSchristos case SSL_CTRL_CLEAR_CERT_FLAGS:
2254c9496f6bSchristos return (s->cert->cert_flags &= ~larg);
2255c9496f6bSchristos
2256c9496f6bSchristos case SSL_CTRL_GET_RAW_CIPHERLIST:
2257c9496f6bSchristos if (parg) {
2258*4724848cSchristos if (s->s3->tmp.ciphers_raw == NULL)
2259c9496f6bSchristos return 0;
2260*4724848cSchristos *(unsigned char **)parg = s->s3->tmp.ciphers_raw;
2261*4724848cSchristos return (int)s->s3->tmp.ciphers_rawlen;
2262*4724848cSchristos } else {
2263*4724848cSchristos return TLS_CIPHER_LEN;
2264*4724848cSchristos }
2265*4724848cSchristos case SSL_CTRL_GET_EXTMS_SUPPORT:
2266*4724848cSchristos if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
2267*4724848cSchristos return -1;
2268*4724848cSchristos if (s->session->flags & SSL_SESS_FLAG_EXTMS)
2269*4724848cSchristos return 1;
2270*4724848cSchristos else
2271*4724848cSchristos return 0;
2272*4724848cSchristos case SSL_CTRL_SET_MIN_PROTO_VERSION:
2273*4724848cSchristos return ssl_check_allowed_versions(larg, s->max_proto_version)
2274*4724848cSchristos && ssl_set_version_bound(s->ctx->method->version, (int)larg,
2275*4724848cSchristos &s->min_proto_version);
2276*4724848cSchristos case SSL_CTRL_GET_MIN_PROTO_VERSION:
2277*4724848cSchristos return s->min_proto_version;
2278*4724848cSchristos case SSL_CTRL_SET_MAX_PROTO_VERSION:
2279*4724848cSchristos return ssl_check_allowed_versions(s->min_proto_version, larg)
2280*4724848cSchristos && ssl_set_version_bound(s->ctx->method->version, (int)larg,
2281*4724848cSchristos &s->max_proto_version);
2282*4724848cSchristos case SSL_CTRL_GET_MAX_PROTO_VERSION:
2283*4724848cSchristos return s->max_proto_version;
2284c9496f6bSchristos default:
2285*4724848cSchristos return s->method->ssl_ctrl(s, cmd, larg, parg);
2286c9496f6bSchristos }
2287c9496f6bSchristos }
2288c9496f6bSchristos
SSL_callback_ctrl(SSL * s,int cmd,void (* fp)(void))2289c9496f6bSchristos long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
2290c9496f6bSchristos {
2291c9496f6bSchristos switch (cmd) {
2292c9496f6bSchristos case SSL_CTRL_SET_MSG_CALLBACK:
2293c9496f6bSchristos s->msg_callback = (void (*)
2294c9496f6bSchristos (int write_p, int version, int content_type,
2295c9496f6bSchristos const void *buf, size_t len, SSL *ssl,
2296c9496f6bSchristos void *arg))(fp);
2297c9496f6bSchristos return 1;
2298c9496f6bSchristos
2299c9496f6bSchristos default:
2300*4724848cSchristos return s->method->ssl_callback_ctrl(s, cmd, fp);
2301c9496f6bSchristos }
2302c9496f6bSchristos }
2303c9496f6bSchristos
LHASH_OF(SSL_SESSION)2304c9496f6bSchristos LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
2305c9496f6bSchristos {
2306c9496f6bSchristos return ctx->sessions;
2307c9496f6bSchristos }
2308c9496f6bSchristos
SSL_CTX_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)2309c9496f6bSchristos long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2310c9496f6bSchristos {
2311c9496f6bSchristos long l;
2312c9496f6bSchristos /* For some cases with ctx == NULL perform syntax checks */
2313c9496f6bSchristos if (ctx == NULL) {
2314c9496f6bSchristos switch (cmd) {
2315c9496f6bSchristos #ifndef OPENSSL_NO_EC
2316*4724848cSchristos case SSL_CTRL_SET_GROUPS_LIST:
2317*4724848cSchristos return tls1_set_groups_list(NULL, NULL, parg);
2318c9496f6bSchristos #endif
2319c9496f6bSchristos case SSL_CTRL_SET_SIGALGS_LIST:
2320c9496f6bSchristos case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
2321c9496f6bSchristos return tls1_set_sigalgs_list(NULL, parg, 0);
2322c9496f6bSchristos default:
2323c9496f6bSchristos return 0;
2324c9496f6bSchristos }
2325c9496f6bSchristos }
2326c9496f6bSchristos
2327c9496f6bSchristos switch (cmd) {
2328c9496f6bSchristos case SSL_CTRL_GET_READ_AHEAD:
2329*4724848cSchristos return ctx->read_ahead;
2330c9496f6bSchristos case SSL_CTRL_SET_READ_AHEAD:
2331c9496f6bSchristos l = ctx->read_ahead;
2332c9496f6bSchristos ctx->read_ahead = larg;
2333*4724848cSchristos return l;
2334c9496f6bSchristos
2335c9496f6bSchristos case SSL_CTRL_SET_MSG_CALLBACK_ARG:
2336c9496f6bSchristos ctx->msg_callback_arg = parg;
2337c9496f6bSchristos return 1;
2338c9496f6bSchristos
2339c9496f6bSchristos case SSL_CTRL_GET_MAX_CERT_LIST:
2340*4724848cSchristos return (long)ctx->max_cert_list;
2341c9496f6bSchristos case SSL_CTRL_SET_MAX_CERT_LIST:
2342*4724848cSchristos if (larg < 0)
2343*4724848cSchristos return 0;
2344*4724848cSchristos l = (long)ctx->max_cert_list;
2345*4724848cSchristos ctx->max_cert_list = (size_t)larg;
2346*4724848cSchristos return l;
2347c9496f6bSchristos
2348c9496f6bSchristos case SSL_CTRL_SET_SESS_CACHE_SIZE:
2349*4724848cSchristos if (larg < 0)
2350*4724848cSchristos return 0;
2351*4724848cSchristos l = (long)ctx->session_cache_size;
2352*4724848cSchristos ctx->session_cache_size = (size_t)larg;
2353*4724848cSchristos return l;
2354c9496f6bSchristos case SSL_CTRL_GET_SESS_CACHE_SIZE:
2355*4724848cSchristos return (long)ctx->session_cache_size;
2356c9496f6bSchristos case SSL_CTRL_SET_SESS_CACHE_MODE:
2357c9496f6bSchristos l = ctx->session_cache_mode;
2358c9496f6bSchristos ctx->session_cache_mode = larg;
2359*4724848cSchristos return l;
2360c9496f6bSchristos case SSL_CTRL_GET_SESS_CACHE_MODE:
2361*4724848cSchristos return ctx->session_cache_mode;
2362c9496f6bSchristos
2363c9496f6bSchristos case SSL_CTRL_SESS_NUMBER:
2364*4724848cSchristos return lh_SSL_SESSION_num_items(ctx->sessions);
2365c9496f6bSchristos case SSL_CTRL_SESS_CONNECT:
2366*4724848cSchristos return tsan_load(&ctx->stats.sess_connect);
2367c9496f6bSchristos case SSL_CTRL_SESS_CONNECT_GOOD:
2368*4724848cSchristos return tsan_load(&ctx->stats.sess_connect_good);
2369c9496f6bSchristos case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
2370*4724848cSchristos return tsan_load(&ctx->stats.sess_connect_renegotiate);
2371c9496f6bSchristos case SSL_CTRL_SESS_ACCEPT:
2372*4724848cSchristos return tsan_load(&ctx->stats.sess_accept);
2373c9496f6bSchristos case SSL_CTRL_SESS_ACCEPT_GOOD:
2374*4724848cSchristos return tsan_load(&ctx->stats.sess_accept_good);
2375c9496f6bSchristos case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
2376*4724848cSchristos return tsan_load(&ctx->stats.sess_accept_renegotiate);
2377c9496f6bSchristos case SSL_CTRL_SESS_HIT:
2378*4724848cSchristos return tsan_load(&ctx->stats.sess_hit);
2379c9496f6bSchristos case SSL_CTRL_SESS_CB_HIT:
2380*4724848cSchristos return tsan_load(&ctx->stats.sess_cb_hit);
2381c9496f6bSchristos case SSL_CTRL_SESS_MISSES:
2382*4724848cSchristos return tsan_load(&ctx->stats.sess_miss);
2383c9496f6bSchristos case SSL_CTRL_SESS_TIMEOUTS:
2384*4724848cSchristos return tsan_load(&ctx->stats.sess_timeout);
2385c9496f6bSchristos case SSL_CTRL_SESS_CACHE_FULL:
2386*4724848cSchristos return tsan_load(&ctx->stats.sess_cache_full);
2387c9496f6bSchristos case SSL_CTRL_MODE:
2388c9496f6bSchristos return (ctx->mode |= larg);
2389c9496f6bSchristos case SSL_CTRL_CLEAR_MODE:
2390c9496f6bSchristos return (ctx->mode &= ~larg);
2391c9496f6bSchristos case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
2392c9496f6bSchristos if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
2393c9496f6bSchristos return 0;
2394c9496f6bSchristos ctx->max_send_fragment = larg;
2395*4724848cSchristos if (ctx->max_send_fragment < ctx->split_send_fragment)
2396*4724848cSchristos ctx->split_send_fragment = ctx->max_send_fragment;
2397*4724848cSchristos return 1;
2398*4724848cSchristos case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
2399*4724848cSchristos if ((size_t)larg > ctx->max_send_fragment || larg == 0)
2400*4724848cSchristos return 0;
2401*4724848cSchristos ctx->split_send_fragment = larg;
2402*4724848cSchristos return 1;
2403*4724848cSchristos case SSL_CTRL_SET_MAX_PIPELINES:
2404*4724848cSchristos if (larg < 1 || larg > SSL_MAX_PIPELINES)
2405*4724848cSchristos return 0;
2406*4724848cSchristos ctx->max_pipelines = larg;
2407c9496f6bSchristos return 1;
2408c9496f6bSchristos case SSL_CTRL_CERT_FLAGS:
2409c9496f6bSchristos return (ctx->cert->cert_flags |= larg);
2410c9496f6bSchristos case SSL_CTRL_CLEAR_CERT_FLAGS:
2411c9496f6bSchristos return (ctx->cert->cert_flags &= ~larg);
2412*4724848cSchristos case SSL_CTRL_SET_MIN_PROTO_VERSION:
2413*4724848cSchristos return ssl_check_allowed_versions(larg, ctx->max_proto_version)
2414*4724848cSchristos && ssl_set_version_bound(ctx->method->version, (int)larg,
2415*4724848cSchristos &ctx->min_proto_version);
2416*4724848cSchristos case SSL_CTRL_GET_MIN_PROTO_VERSION:
2417*4724848cSchristos return ctx->min_proto_version;
2418*4724848cSchristos case SSL_CTRL_SET_MAX_PROTO_VERSION:
2419*4724848cSchristos return ssl_check_allowed_versions(ctx->min_proto_version, larg)
2420*4724848cSchristos && ssl_set_version_bound(ctx->method->version, (int)larg,
2421*4724848cSchristos &ctx->max_proto_version);
2422*4724848cSchristos case SSL_CTRL_GET_MAX_PROTO_VERSION:
2423*4724848cSchristos return ctx->max_proto_version;
2424c9496f6bSchristos default:
2425*4724848cSchristos return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
2426c9496f6bSchristos }
2427c9496f6bSchristos }
2428c9496f6bSchristos
SSL_CTX_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))2429c9496f6bSchristos long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
2430c9496f6bSchristos {
2431c9496f6bSchristos switch (cmd) {
2432c9496f6bSchristos case SSL_CTRL_SET_MSG_CALLBACK:
2433c9496f6bSchristos ctx->msg_callback = (void (*)
2434c9496f6bSchristos (int write_p, int version, int content_type,
2435c9496f6bSchristos const void *buf, size_t len, SSL *ssl,
2436c9496f6bSchristos void *arg))(fp);
2437c9496f6bSchristos return 1;
2438c9496f6bSchristos
2439c9496f6bSchristos default:
2440*4724848cSchristos return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
2441c9496f6bSchristos }
2442c9496f6bSchristos }
2443c9496f6bSchristos
ssl_cipher_id_cmp(const SSL_CIPHER * a,const SSL_CIPHER * b)2444c9496f6bSchristos int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
2445c9496f6bSchristos {
2446*4724848cSchristos if (a->id > b->id)
2447*4724848cSchristos return 1;
2448*4724848cSchristos if (a->id < b->id)
2449*4724848cSchristos return -1;
2450*4724848cSchristos return 0;
2451c9496f6bSchristos }
2452c9496f6bSchristos
ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const * ap,const SSL_CIPHER * const * bp)2453c9496f6bSchristos int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
2454c9496f6bSchristos const SSL_CIPHER *const *bp)
2455c9496f6bSchristos {
2456*4724848cSchristos if ((*ap)->id > (*bp)->id)
2457*4724848cSchristos return 1;
2458*4724848cSchristos if ((*ap)->id < (*bp)->id)
2459*4724848cSchristos return -1;
2460*4724848cSchristos return 0;
2461c9496f6bSchristos }
2462c9496f6bSchristos
2463c9496f6bSchristos /** return a STACK of the ciphers available for the SSL and in order of
2464c9496f6bSchristos * preference */
STACK_OF(SSL_CIPHER)2465c9496f6bSchristos STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
2466c9496f6bSchristos {
2467c9496f6bSchristos if (s != NULL) {
2468c9496f6bSchristos if (s->cipher_list != NULL) {
2469*4724848cSchristos return s->cipher_list;
2470c9496f6bSchristos } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
2471*4724848cSchristos return s->ctx->cipher_list;
2472c9496f6bSchristos }
2473c9496f6bSchristos }
2474*4724848cSchristos return NULL;
2475*4724848cSchristos }
2476*4724848cSchristos
STACK_OF(SSL_CIPHER)2477*4724848cSchristos STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
2478*4724848cSchristos {
2479*4724848cSchristos if ((s == NULL) || !s->server)
2480*4724848cSchristos return NULL;
2481*4724848cSchristos return s->peer_ciphers;
2482*4724848cSchristos }
2483*4724848cSchristos
STACK_OF(SSL_CIPHER)2484*4724848cSchristos STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
2485*4724848cSchristos {
2486*4724848cSchristos STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
2487*4724848cSchristos int i;
2488*4724848cSchristos
2489*4724848cSchristos ciphers = SSL_get_ciphers(s);
2490*4724848cSchristos if (!ciphers)
2491*4724848cSchristos return NULL;
2492*4724848cSchristos if (!ssl_set_client_disabled(s))
2493*4724848cSchristos return NULL;
2494*4724848cSchristos for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
2495*4724848cSchristos const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
2496*4724848cSchristos if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
2497*4724848cSchristos if (!sk)
2498*4724848cSchristos sk = sk_SSL_CIPHER_new_null();
2499*4724848cSchristos if (!sk)
2500*4724848cSchristos return NULL;
2501*4724848cSchristos if (!sk_SSL_CIPHER_push(sk, c)) {
2502*4724848cSchristos sk_SSL_CIPHER_free(sk);
2503*4724848cSchristos return NULL;
2504*4724848cSchristos }
2505*4724848cSchristos }
2506*4724848cSchristos }
2507*4724848cSchristos return sk;
2508c9496f6bSchristos }
2509c9496f6bSchristos
2510c9496f6bSchristos /** return a STACK of the ciphers available for the SSL and in order of
2511c9496f6bSchristos * algorithm id */
STACK_OF(SSL_CIPHER)2512c9496f6bSchristos STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
2513c9496f6bSchristos {
2514c9496f6bSchristos if (s != NULL) {
2515c9496f6bSchristos if (s->cipher_list_by_id != NULL) {
2516*4724848cSchristos return s->cipher_list_by_id;
2517c9496f6bSchristos } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
2518*4724848cSchristos return s->ctx->cipher_list_by_id;
2519c9496f6bSchristos }
2520c9496f6bSchristos }
2521*4724848cSchristos return NULL;
2522c9496f6bSchristos }
2523c9496f6bSchristos
2524c9496f6bSchristos /** The old interface to get the same thing as SSL_get_ciphers() */
SSL_get_cipher_list(const SSL * s,int n)2525c9496f6bSchristos const char *SSL_get_cipher_list(const SSL *s, int n)
2526c9496f6bSchristos {
2527*4724848cSchristos const SSL_CIPHER *c;
2528c9496f6bSchristos STACK_OF(SSL_CIPHER) *sk;
2529c9496f6bSchristos
2530c9496f6bSchristos if (s == NULL)
2531*4724848cSchristos return NULL;
2532c9496f6bSchristos sk = SSL_get_ciphers(s);
2533c9496f6bSchristos if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
2534*4724848cSchristos return NULL;
2535c9496f6bSchristos c = sk_SSL_CIPHER_value(sk, n);
2536c9496f6bSchristos if (c == NULL)
2537*4724848cSchristos return NULL;
2538*4724848cSchristos return c->name;
2539*4724848cSchristos }
2540*4724848cSchristos
2541*4724848cSchristos /** return a STACK of the ciphers available for the SSL_CTX and in order of
2542*4724848cSchristos * preference */
STACK_OF(SSL_CIPHER)2543*4724848cSchristos STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
2544*4724848cSchristos {
2545*4724848cSchristos if (ctx != NULL)
2546*4724848cSchristos return ctx->cipher_list;
2547*4724848cSchristos return NULL;
2548*4724848cSchristos }
2549*4724848cSchristos
2550*4724848cSchristos /*
2551*4724848cSchristos * Distinguish between ciphers controlled by set_ciphersuite() and
2552*4724848cSchristos * set_cipher_list() when counting.
2553*4724848cSchristos */
cipher_list_tls12_num(STACK_OF (SSL_CIPHER)* sk)2554*4724848cSchristos static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
2555*4724848cSchristos {
2556*4724848cSchristos int i, num = 0;
2557*4724848cSchristos const SSL_CIPHER *c;
2558*4724848cSchristos
2559*4724848cSchristos if (sk == NULL)
2560*4724848cSchristos return 0;
2561*4724848cSchristos for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
2562*4724848cSchristos c = sk_SSL_CIPHER_value(sk, i);
2563*4724848cSchristos if (c->min_tls >= TLS1_3_VERSION)
2564*4724848cSchristos continue;
2565*4724848cSchristos num++;
2566*4724848cSchristos }
2567*4724848cSchristos return num;
2568c9496f6bSchristos }
2569c9496f6bSchristos
2570c9496f6bSchristos /** specify the ciphers to be used by default by the SSL_CTX */
SSL_CTX_set_cipher_list(SSL_CTX * ctx,const char * str)2571c9496f6bSchristos int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
2572c9496f6bSchristos {
2573c9496f6bSchristos STACK_OF(SSL_CIPHER) *sk;
2574c9496f6bSchristos
2575*4724848cSchristos sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites,
2576*4724848cSchristos &ctx->cipher_list, &ctx->cipher_list_by_id, str,
2577*4724848cSchristos ctx->cert);
2578c9496f6bSchristos /*
2579c9496f6bSchristos * ssl_create_cipher_list may return an empty stack if it was unable to
2580c9496f6bSchristos * find a cipher matching the given rule string (for example if the rule
2581c9496f6bSchristos * string specifies a cipher which has been disabled). This is not an
2582c9496f6bSchristos * error as far as ssl_create_cipher_list is concerned, and hence
2583c9496f6bSchristos * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
2584c9496f6bSchristos */
2585c9496f6bSchristos if (sk == NULL)
2586c9496f6bSchristos return 0;
2587*4724848cSchristos else if (cipher_list_tls12_num(sk) == 0) {
2588c9496f6bSchristos SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
2589c9496f6bSchristos return 0;
2590c9496f6bSchristos }
2591c9496f6bSchristos return 1;
2592c9496f6bSchristos }
2593c9496f6bSchristos
2594c9496f6bSchristos /** specify the ciphers to be used by the SSL */
SSL_set_cipher_list(SSL * s,const char * str)2595c9496f6bSchristos int SSL_set_cipher_list(SSL *s, const char *str)
2596c9496f6bSchristos {
2597c9496f6bSchristos STACK_OF(SSL_CIPHER) *sk;
2598c9496f6bSchristos
2599*4724848cSchristos sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites,
2600*4724848cSchristos &s->cipher_list, &s->cipher_list_by_id, str,
2601*4724848cSchristos s->cert);
2602c9496f6bSchristos /* see comment in SSL_CTX_set_cipher_list */
2603c9496f6bSchristos if (sk == NULL)
2604c9496f6bSchristos return 0;
2605*4724848cSchristos else if (cipher_list_tls12_num(sk) == 0) {
2606c9496f6bSchristos SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
2607c9496f6bSchristos return 0;
2608c9496f6bSchristos }
2609c9496f6bSchristos return 1;
2610c9496f6bSchristos }
2611c9496f6bSchristos
SSL_get_shared_ciphers(const SSL * s,char * buf,int size)2612*4724848cSchristos char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
2613c9496f6bSchristos {
2614c9496f6bSchristos char *p;
2615*4724848cSchristos STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
2616*4724848cSchristos const SSL_CIPHER *c;
2617c9496f6bSchristos int i;
2618c9496f6bSchristos
2619*4724848cSchristos if (!s->server
2620*4724848cSchristos || s->peer_ciphers == NULL
2621*4724848cSchristos || size < 2)
2622c9496f6bSchristos return NULL;
2623c9496f6bSchristos
2624*4724848cSchristos p = buf;
2625*4724848cSchristos clntsk = s->peer_ciphers;
2626*4724848cSchristos srvrsk = SSL_get_ciphers(s);
2627*4724848cSchristos if (clntsk == NULL || srvrsk == NULL)
2628*4724848cSchristos return NULL;
2629*4724848cSchristos
2630*4724848cSchristos if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
2631*4724848cSchristos return NULL;
2632*4724848cSchristos
2633*4724848cSchristos for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
2634c9496f6bSchristos int n;
2635c9496f6bSchristos
2636*4724848cSchristos c = sk_SSL_CIPHER_value(clntsk, i);
2637*4724848cSchristos if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
2638*4724848cSchristos continue;
2639*4724848cSchristos
2640c9496f6bSchristos n = strlen(c->name);
2641*4724848cSchristos if (n + 1 > size) {
2642c9496f6bSchristos if (p != buf)
2643c9496f6bSchristos --p;
2644c9496f6bSchristos *p = '\0';
2645c9496f6bSchristos return buf;
2646c9496f6bSchristos }
2647c9496f6bSchristos strcpy(p, c->name);
2648c9496f6bSchristos p += n;
2649c9496f6bSchristos *(p++) = ':';
2650*4724848cSchristos size -= n + 1;
2651c9496f6bSchristos }
2652c9496f6bSchristos p[-1] = '\0';
2653*4724848cSchristos return buf;
2654c9496f6bSchristos }
2655c9496f6bSchristos
2656*4724848cSchristos /**
2657*4724848cSchristos * Return the requested servername (SNI) value. Note that the behaviour varies
2658*4724848cSchristos * depending on:
2659*4724848cSchristos * - whether this is called by the client or the server,
2660*4724848cSchristos * - if we are before or during/after the handshake,
2661*4724848cSchristos * - if a resumption or normal handshake is being attempted/has occurred
2662*4724848cSchristos * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3
2663*4724848cSchristos *
2664*4724848cSchristos * Note that only the host_name type is defined (RFC 3546).
2665c9496f6bSchristos */
SSL_get_servername(const SSL * s,const int type)2666c9496f6bSchristos const char *SSL_get_servername(const SSL *s, const int type)
2667c9496f6bSchristos {
2668*4724848cSchristos /*
2669*4724848cSchristos * If we don't know if we are the client or the server yet then we assume
2670*4724848cSchristos * client.
2671*4724848cSchristos */
2672*4724848cSchristos int server = s->handshake_func == NULL ? 0 : s->server;
2673c9496f6bSchristos if (type != TLSEXT_NAMETYPE_host_name)
2674c9496f6bSchristos return NULL;
2675c9496f6bSchristos
2676*4724848cSchristos if (server) {
2677*4724848cSchristos /**
2678*4724848cSchristos * Server side
2679*4724848cSchristos * In TLSv1.3 on the server SNI is not associated with the session
2680*4724848cSchristos * but in TLSv1.2 or below it is.
2681*4724848cSchristos *
2682*4724848cSchristos * Before the handshake:
2683*4724848cSchristos * - return NULL
2684*4724848cSchristos *
2685*4724848cSchristos * During/after the handshake (TLSv1.2 or below resumption occurred):
2686*4724848cSchristos * - If a servername was accepted by the server in the original
2687*4724848cSchristos * handshake then it will return that servername, or NULL otherwise.
2688*4724848cSchristos *
2689*4724848cSchristos * During/after the handshake (TLSv1.2 or below resumption did not occur):
2690*4724848cSchristos * - The function will return the servername requested by the client in
2691*4724848cSchristos * this handshake or NULL if none was requested.
2692*4724848cSchristos */
2693*4724848cSchristos if (s->hit && !SSL_IS_TLS13(s))
2694*4724848cSchristos return s->session->ext.hostname;
2695*4724848cSchristos } else {
2696*4724848cSchristos /**
2697*4724848cSchristos * Client side
2698*4724848cSchristos *
2699*4724848cSchristos * Before the handshake:
2700*4724848cSchristos * - If a servername has been set via a call to
2701*4724848cSchristos * SSL_set_tlsext_host_name() then it will return that servername
2702*4724848cSchristos * - If one has not been set, but a TLSv1.2 resumption is being
2703*4724848cSchristos * attempted and the session from the original handshake had a
2704*4724848cSchristos * servername accepted by the server then it will return that
2705*4724848cSchristos * servername
2706*4724848cSchristos * - Otherwise it returns NULL
2707*4724848cSchristos *
2708*4724848cSchristos * During/after the handshake (TLSv1.2 or below resumption occurred):
2709*4724848cSchristos * - If the session from the original handshake had a servername accepted
2710*4724848cSchristos * by the server then it will return that servername.
2711*4724848cSchristos * - Otherwise it returns the servername set via
2712*4724848cSchristos * SSL_set_tlsext_host_name() (or NULL if it was not called).
2713*4724848cSchristos *
2714*4724848cSchristos * During/after the handshake (TLSv1.2 or below resumption did not occur):
2715*4724848cSchristos * - It will return the servername set via SSL_set_tlsext_host_name()
2716*4724848cSchristos * (or NULL if it was not called).
2717*4724848cSchristos */
2718*4724848cSchristos if (SSL_in_before(s)) {
2719*4724848cSchristos if (s->ext.hostname == NULL
2720*4724848cSchristos && s->session != NULL
2721*4724848cSchristos && s->session->ssl_version != TLS1_3_VERSION)
2722*4724848cSchristos return s->session->ext.hostname;
2723*4724848cSchristos } else {
2724*4724848cSchristos if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL)
2725*4724848cSchristos return s->session->ext.hostname;
2726*4724848cSchristos }
2727*4724848cSchristos }
2728*4724848cSchristos
2729*4724848cSchristos return s->ext.hostname;
2730c9496f6bSchristos }
2731c9496f6bSchristos
SSL_get_servername_type(const SSL * s)2732c9496f6bSchristos int SSL_get_servername_type(const SSL *s)
2733c9496f6bSchristos {
2734*4724848cSchristos if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL)
2735c9496f6bSchristos return TLSEXT_NAMETYPE_host_name;
2736c9496f6bSchristos return -1;
2737c9496f6bSchristos }
2738c9496f6bSchristos
2739c9496f6bSchristos /*
2740c9496f6bSchristos * SSL_select_next_proto implements the standard protocol selection. It is
2741c9496f6bSchristos * expected that this function is called from the callback set by
2742c9496f6bSchristos * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
2743c9496f6bSchristos * vector of 8-bit, length prefixed byte strings. The length byte itself is
2744c9496f6bSchristos * not included in the length. A byte string of length 0 is invalid. No byte
2745c9496f6bSchristos * string may be truncated. The current, but experimental algorithm for
2746c9496f6bSchristos * selecting the protocol is: 1) If the server doesn't support NPN then this
2747c9496f6bSchristos * is indicated to the callback. In this case, the client application has to
2748c9496f6bSchristos * abort the connection or have a default application level protocol. 2) If
2749c9496f6bSchristos * the server supports NPN, but advertises an empty list then the client
2750*4724848cSchristos * selects the first protocol in its list, but indicates via the API that this
2751c9496f6bSchristos * fallback case was enacted. 3) Otherwise, the client finds the first
2752c9496f6bSchristos * protocol in the server's list that it supports and selects this protocol.
2753c9496f6bSchristos * This is because it's assumed that the server has better information about
2754c9496f6bSchristos * which protocol a client should use. 4) If the client doesn't support any
2755c9496f6bSchristos * of the server's advertised protocols, then this is treated the same as
2756c9496f6bSchristos * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
2757c9496f6bSchristos * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
2758c9496f6bSchristos */
SSL_select_next_proto(unsigned char ** out,unsigned char * outlen,const unsigned char * server,unsigned int server_len,const unsigned char * client,unsigned int client_len)2759c9496f6bSchristos int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
2760c9496f6bSchristos const unsigned char *server,
2761c9496f6bSchristos unsigned int server_len,
2762*4724848cSchristos const unsigned char *client, unsigned int client_len)
2763c9496f6bSchristos {
2764c9496f6bSchristos unsigned int i, j;
2765c9496f6bSchristos const unsigned char *result;
2766c9496f6bSchristos int status = OPENSSL_NPN_UNSUPPORTED;
2767c9496f6bSchristos
2768c9496f6bSchristos /*
2769c9496f6bSchristos * For each protocol in server preference order, see if we support it.
2770c9496f6bSchristos */
2771c9496f6bSchristos for (i = 0; i < server_len;) {
2772c9496f6bSchristos for (j = 0; j < client_len;) {
2773c9496f6bSchristos if (server[i] == client[j] &&
2774c9496f6bSchristos memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
2775c9496f6bSchristos /* We found a match */
2776c9496f6bSchristos result = &server[i];
2777c9496f6bSchristos status = OPENSSL_NPN_NEGOTIATED;
2778c9496f6bSchristos goto found;
2779c9496f6bSchristos }
2780c9496f6bSchristos j += client[j];
2781c9496f6bSchristos j++;
2782c9496f6bSchristos }
2783c9496f6bSchristos i += server[i];
2784c9496f6bSchristos i++;
2785c9496f6bSchristos }
2786c9496f6bSchristos
2787c9496f6bSchristos /* There's no overlap between our protocols and the server's list. */
2788c9496f6bSchristos result = client;
2789c9496f6bSchristos status = OPENSSL_NPN_NO_OVERLAP;
2790c9496f6bSchristos
2791c9496f6bSchristos found:
2792c9496f6bSchristos *out = (unsigned char *)result + 1;
2793c9496f6bSchristos *outlen = result[0];
2794c9496f6bSchristos return status;
2795c9496f6bSchristos }
2796c9496f6bSchristos
2797c9496f6bSchristos #ifndef OPENSSL_NO_NEXTPROTONEG
2798c9496f6bSchristos /*
2799c9496f6bSchristos * SSL_get0_next_proto_negotiated sets *data and *len to point to the
2800c9496f6bSchristos * client's requested protocol for this connection and returns 0. If the
2801c9496f6bSchristos * client didn't request any protocol, then *data is set to NULL. Note that
2802c9496f6bSchristos * the client can request any protocol it chooses. The value returned from
2803c9496f6bSchristos * this function need not be a member of the list of supported protocols
2804c9496f6bSchristos * provided by the callback.
2805c9496f6bSchristos */
SSL_get0_next_proto_negotiated(const SSL * s,const unsigned char ** data,unsigned * len)2806c9496f6bSchristos void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
2807c9496f6bSchristos unsigned *len)
2808c9496f6bSchristos {
2809*4724848cSchristos *data = s->ext.npn;
2810c9496f6bSchristos if (!*data) {
2811c9496f6bSchristos *len = 0;
2812c9496f6bSchristos } else {
2813*4724848cSchristos *len = (unsigned int)s->ext.npn_len;
2814c9496f6bSchristos }
2815c9496f6bSchristos }
2816c9496f6bSchristos
2817c9496f6bSchristos /*
2818*4724848cSchristos * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
2819c9496f6bSchristos * a TLS server needs a list of supported protocols for Next Protocol
2820c9496f6bSchristos * Negotiation. The returned list must be in wire format. The list is
2821c9496f6bSchristos * returned by setting |out| to point to it and |outlen| to its length. This
2822c9496f6bSchristos * memory will not be modified, but one should assume that the SSL* keeps a
2823c9496f6bSchristos * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
2824c9496f6bSchristos * wishes to advertise. Otherwise, no such extension will be included in the
2825c9496f6bSchristos * ServerHello.
2826c9496f6bSchristos */
SSL_CTX_set_npn_advertised_cb(SSL_CTX * ctx,SSL_CTX_npn_advertised_cb_func cb,void * arg)2827*4724848cSchristos void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
2828*4724848cSchristos SSL_CTX_npn_advertised_cb_func cb,
2829*4724848cSchristos void *arg)
2830c9496f6bSchristos {
2831*4724848cSchristos ctx->ext.npn_advertised_cb = cb;
2832*4724848cSchristos ctx->ext.npn_advertised_cb_arg = arg;
2833c9496f6bSchristos }
2834c9496f6bSchristos
2835c9496f6bSchristos /*
2836c9496f6bSchristos * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
2837c9496f6bSchristos * client needs to select a protocol from the server's provided list. |out|
2838c9496f6bSchristos * must be set to point to the selected protocol (which may be within |in|).
2839c9496f6bSchristos * The length of the protocol name must be written into |outlen|. The
2840c9496f6bSchristos * server's advertised protocols are provided in |in| and |inlen|. The
2841c9496f6bSchristos * callback can assume that |in| is syntactically valid. The client must
2842c9496f6bSchristos * select a protocol. It is fatal to the connection if this callback returns
2843c9496f6bSchristos * a value other than SSL_TLSEXT_ERR_OK.
2844c9496f6bSchristos */
SSL_CTX_set_npn_select_cb(SSL_CTX * ctx,SSL_CTX_npn_select_cb_func cb,void * arg)2845*4724848cSchristos void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
2846*4724848cSchristos SSL_CTX_npn_select_cb_func cb,
2847*4724848cSchristos void *arg)
2848c9496f6bSchristos {
2849*4724848cSchristos ctx->ext.npn_select_cb = cb;
2850*4724848cSchristos ctx->ext.npn_select_cb_arg = arg;
2851c9496f6bSchristos }
2852c9496f6bSchristos #endif
2853c9496f6bSchristos
alpn_value_ok(const unsigned char * protos,unsigned int protos_len)2854*4724848cSchristos static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len)
2855*4724848cSchristos {
2856*4724848cSchristos unsigned int idx;
2857*4724848cSchristos
2858*4724848cSchristos if (protos_len < 2 || protos == NULL)
2859*4724848cSchristos return 0;
2860*4724848cSchristos
2861*4724848cSchristos for (idx = 0; idx < protos_len; idx += protos[idx] + 1) {
2862*4724848cSchristos if (protos[idx] == 0)
2863*4724848cSchristos return 0;
2864*4724848cSchristos }
2865*4724848cSchristos return idx == protos_len;
2866*4724848cSchristos }
2867c9496f6bSchristos /*
2868c9496f6bSchristos * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
2869c9496f6bSchristos * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
2870c9496f6bSchristos * length-prefixed strings). Returns 0 on success.
2871c9496f6bSchristos */
SSL_CTX_set_alpn_protos(SSL_CTX * ctx,const unsigned char * protos,unsigned int protos_len)2872c9496f6bSchristos int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
2873*4724848cSchristos unsigned int protos_len)
2874c9496f6bSchristos {
2875*4724848cSchristos unsigned char *alpn;
2876c9496f6bSchristos
2877*4724848cSchristos if (protos_len == 0 || protos == NULL) {
2878*4724848cSchristos OPENSSL_free(ctx->ext.alpn);
2879*4724848cSchristos ctx->ext.alpn = NULL;
2880*4724848cSchristos ctx->ext.alpn_len = 0;
2881*4724848cSchristos return 0;
2882*4724848cSchristos }
2883*4724848cSchristos /* Not valid per RFC */
2884*4724848cSchristos if (!alpn_value_ok(protos, protos_len))
2885c9496f6bSchristos return 1;
2886*4724848cSchristos
2887*4724848cSchristos alpn = OPENSSL_memdup(protos, protos_len);
2888*4724848cSchristos if (alpn == NULL) {
2889*4724848cSchristos SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
2890*4724848cSchristos return 1;
2891*4724848cSchristos }
2892*4724848cSchristos OPENSSL_free(ctx->ext.alpn);
2893*4724848cSchristos ctx->ext.alpn = alpn;
2894*4724848cSchristos ctx->ext.alpn_len = protos_len;
2895c9496f6bSchristos
2896c9496f6bSchristos return 0;
2897c9496f6bSchristos }
2898c9496f6bSchristos
2899c9496f6bSchristos /*
2900c9496f6bSchristos * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
2901c9496f6bSchristos * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
2902c9496f6bSchristos * length-prefixed strings). Returns 0 on success.
2903c9496f6bSchristos */
SSL_set_alpn_protos(SSL * ssl,const unsigned char * protos,unsigned int protos_len)2904c9496f6bSchristos int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
2905*4724848cSchristos unsigned int protos_len)
2906c9496f6bSchristos {
2907*4724848cSchristos unsigned char *alpn;
2908c9496f6bSchristos
2909*4724848cSchristos if (protos_len == 0 || protos == NULL) {
2910*4724848cSchristos OPENSSL_free(ssl->ext.alpn);
2911*4724848cSchristos ssl->ext.alpn = NULL;
2912*4724848cSchristos ssl->ext.alpn_len = 0;
2913*4724848cSchristos return 0;
2914*4724848cSchristos }
2915*4724848cSchristos /* Not valid per RFC */
2916*4724848cSchristos if (!alpn_value_ok(protos, protos_len))
2917c9496f6bSchristos return 1;
2918*4724848cSchristos
2919*4724848cSchristos alpn = OPENSSL_memdup(protos, protos_len);
2920*4724848cSchristos if (alpn == NULL) {
2921*4724848cSchristos SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
2922*4724848cSchristos return 1;
2923*4724848cSchristos }
2924*4724848cSchristos OPENSSL_free(ssl->ext.alpn);
2925*4724848cSchristos ssl->ext.alpn = alpn;
2926*4724848cSchristos ssl->ext.alpn_len = protos_len;
2927c9496f6bSchristos
2928c9496f6bSchristos return 0;
2929c9496f6bSchristos }
2930c9496f6bSchristos
2931c9496f6bSchristos /*
2932c9496f6bSchristos * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
2933c9496f6bSchristos * called during ClientHello processing in order to select an ALPN protocol
2934c9496f6bSchristos * from the client's list of offered protocols.
2935c9496f6bSchristos */
SSL_CTX_set_alpn_select_cb(SSL_CTX * ctx,SSL_CTX_alpn_select_cb_func cb,void * arg)2936c9496f6bSchristos void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
2937*4724848cSchristos SSL_CTX_alpn_select_cb_func cb,
2938*4724848cSchristos void *arg)
2939c9496f6bSchristos {
2940*4724848cSchristos ctx->ext.alpn_select_cb = cb;
2941*4724848cSchristos ctx->ext.alpn_select_cb_arg = arg;
2942c9496f6bSchristos }
2943c9496f6bSchristos
2944c9496f6bSchristos /*
2945*4724848cSchristos * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
2946*4724848cSchristos * On return it sets |*data| to point to |*len| bytes of protocol name
2947c9496f6bSchristos * (not including the leading length-prefix byte). If the server didn't
2948c9496f6bSchristos * respond with a negotiated protocol then |*len| will be zero.
2949c9496f6bSchristos */
SSL_get0_alpn_selected(const SSL * ssl,const unsigned char ** data,unsigned int * len)2950c9496f6bSchristos void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
2951*4724848cSchristos unsigned int *len)
2952c9496f6bSchristos {
2953c9496f6bSchristos *data = NULL;
2954c9496f6bSchristos if (ssl->s3)
2955c9496f6bSchristos *data = ssl->s3->alpn_selected;
2956c9496f6bSchristos if (*data == NULL)
2957c9496f6bSchristos *len = 0;
2958c9496f6bSchristos else
2959*4724848cSchristos *len = (unsigned int)ssl->s3->alpn_selected_len;
2960c9496f6bSchristos }
2961c9496f6bSchristos
SSL_export_keying_material(SSL * s,unsigned char * out,size_t olen,const char * label,size_t llen,const unsigned char * context,size_t contextlen,int use_context)2962c9496f6bSchristos int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
2963c9496f6bSchristos const char *label, size_t llen,
2964*4724848cSchristos const unsigned char *context, size_t contextlen,
2965c9496f6bSchristos int use_context)
2966c9496f6bSchristos {
2967*4724848cSchristos if (s->session == NULL
2968*4724848cSchristos || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER))
2969c9496f6bSchristos return -1;
2970c9496f6bSchristos
2971c9496f6bSchristos return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
2972*4724848cSchristos llen, context,
2973*4724848cSchristos contextlen, use_context);
2974*4724848cSchristos }
2975*4724848cSchristos
SSL_export_keying_material_early(SSL * s,unsigned char * out,size_t olen,const char * label,size_t llen,const unsigned char * context,size_t contextlen)2976*4724848cSchristos int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
2977*4724848cSchristos const char *label, size_t llen,
2978*4724848cSchristos const unsigned char *context,
2979*4724848cSchristos size_t contextlen)
2980*4724848cSchristos {
2981*4724848cSchristos if (s->version != TLS1_3_VERSION)
2982*4724848cSchristos return 0;
2983*4724848cSchristos
2984*4724848cSchristos return tls13_export_keying_material_early(s, out, olen, label, llen,
2985*4724848cSchristos context, contextlen);
2986c9496f6bSchristos }
2987c9496f6bSchristos
ssl_session_hash(const SSL_SESSION * a)2988c9496f6bSchristos static unsigned long ssl_session_hash(const SSL_SESSION *a)
2989c9496f6bSchristos {
2990*4724848cSchristos const unsigned char *session_id = a->session_id;
2991c9496f6bSchristos unsigned long l;
2992*4724848cSchristos unsigned char tmp_storage[4];
2993*4724848cSchristos
2994*4724848cSchristos if (a->session_id_length < sizeof(tmp_storage)) {
2995*4724848cSchristos memset(tmp_storage, 0, sizeof(tmp_storage));
2996*4724848cSchristos memcpy(tmp_storage, a->session_id, a->session_id_length);
2997*4724848cSchristos session_id = tmp_storage;
2998*4724848cSchristos }
2999c9496f6bSchristos
3000c9496f6bSchristos l = (unsigned long)
3001*4724848cSchristos ((unsigned long)session_id[0]) |
3002*4724848cSchristos ((unsigned long)session_id[1] << 8L) |
3003*4724848cSchristos ((unsigned long)session_id[2] << 16L) |
3004*4724848cSchristos ((unsigned long)session_id[3] << 24L);
3005*4724848cSchristos return l;
3006c9496f6bSchristos }
3007c9496f6bSchristos
3008c9496f6bSchristos /*
3009c9496f6bSchristos * NB: If this function (or indeed the hash function which uses a sort of
3010c9496f6bSchristos * coarser function than this one) is changed, ensure
3011c9496f6bSchristos * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
3012c9496f6bSchristos * being able to construct an SSL_SESSION that will collide with any existing
3013c9496f6bSchristos * session with a matching session ID.
3014c9496f6bSchristos */
ssl_session_cmp(const SSL_SESSION * a,const SSL_SESSION * b)3015c9496f6bSchristos static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
3016c9496f6bSchristos {
3017c9496f6bSchristos if (a->ssl_version != b->ssl_version)
3018*4724848cSchristos return 1;
3019c9496f6bSchristos if (a->session_id_length != b->session_id_length)
3020*4724848cSchristos return 1;
3021*4724848cSchristos return memcmp(a->session_id, b->session_id, a->session_id_length);
3022c9496f6bSchristos }
3023c9496f6bSchristos
3024c9496f6bSchristos /*
3025c9496f6bSchristos * These wrapper functions should remain rather than redeclaring
3026c9496f6bSchristos * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
3027c9496f6bSchristos * variable. The reason is that the functions aren't static, they're exposed
3028c9496f6bSchristos * via ssl.h.
3029c9496f6bSchristos */
3030c9496f6bSchristos
SSL_CTX_new(const SSL_METHOD * meth)3031c9496f6bSchristos SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
3032c9496f6bSchristos {
3033c9496f6bSchristos SSL_CTX *ret = NULL;
3034c9496f6bSchristos
3035c9496f6bSchristos if (meth == NULL) {
3036c9496f6bSchristos SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
3037c9496f6bSchristos return NULL;
3038c9496f6bSchristos }
3039*4724848cSchristos
3040*4724848cSchristos if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
3041*4724848cSchristos return NULL;
3042c9496f6bSchristos
3043c9496f6bSchristos if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
3044c9496f6bSchristos SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
3045c9496f6bSchristos goto err;
3046c9496f6bSchristos }
3047*4724848cSchristos ret = OPENSSL_zalloc(sizeof(*ret));
3048c9496f6bSchristos if (ret == NULL)
3049c9496f6bSchristos goto err;
3050c9496f6bSchristos
3051c9496f6bSchristos ret->method = meth;
3052*4724848cSchristos ret->min_proto_version = 0;
3053*4724848cSchristos ret->max_proto_version = 0;
3054*4724848cSchristos ret->mode = SSL_MODE_AUTO_RETRY;
3055c9496f6bSchristos ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
3056c9496f6bSchristos ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
3057*4724848cSchristos /* We take the system default. */
3058c9496f6bSchristos ret->session_timeout = meth->get_timeout();
3059c9496f6bSchristos ret->references = 1;
3060*4724848cSchristos ret->lock = CRYPTO_THREAD_lock_new();
3061*4724848cSchristos if (ret->lock == NULL) {
3062*4724848cSchristos SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
3063*4724848cSchristos OPENSSL_free(ret);
3064*4724848cSchristos return NULL;
3065*4724848cSchristos }
3066c9496f6bSchristos ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
3067c9496f6bSchristos ret->verify_mode = SSL_VERIFY_NONE;
3068c9496f6bSchristos if ((ret->cert = ssl_cert_new()) == NULL)
3069c9496f6bSchristos goto err;
3070c9496f6bSchristos
3071*4724848cSchristos ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
3072c9496f6bSchristos if (ret->sessions == NULL)
3073c9496f6bSchristos goto err;
3074c9496f6bSchristos ret->cert_store = X509_STORE_new();
3075c9496f6bSchristos if (ret->cert_store == NULL)
3076c9496f6bSchristos goto err;
3077*4724848cSchristos #ifndef OPENSSL_NO_CT
3078*4724848cSchristos ret->ctlog_store = CTLOG_STORE_new();
3079*4724848cSchristos if (ret->ctlog_store == NULL)
3080*4724848cSchristos goto err;
3081*4724848cSchristos #endif
3082c9496f6bSchristos
3083*4724848cSchristos if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES))
3084*4724848cSchristos goto err;
3085*4724848cSchristos
3086*4724848cSchristos if (!ssl_create_cipher_list(ret->method,
3087*4724848cSchristos ret->tls13_ciphersuites,
3088c9496f6bSchristos &ret->cipher_list, &ret->cipher_list_by_id,
3089*4724848cSchristos SSL_DEFAULT_CIPHER_LIST, ret->cert)
3090*4724848cSchristos || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
3091c9496f6bSchristos SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
3092c9496f6bSchristos goto err2;
3093c9496f6bSchristos }
3094c9496f6bSchristos
3095c9496f6bSchristos ret->param = X509_VERIFY_PARAM_new();
3096*4724848cSchristos if (ret->param == NULL)
3097c9496f6bSchristos goto err;
3098c9496f6bSchristos
3099c9496f6bSchristos if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
3100c9496f6bSchristos SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
3101c9496f6bSchristos goto err2;
3102c9496f6bSchristos }
3103c9496f6bSchristos if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
3104c9496f6bSchristos SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
3105c9496f6bSchristos goto err2;
3106c9496f6bSchristos }
3107c9496f6bSchristos
3108*4724848cSchristos if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
3109c9496f6bSchristos goto err;
3110c9496f6bSchristos
3111*4724848cSchristos if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL)
3112*4724848cSchristos goto err;
3113c9496f6bSchristos
3114*4724848cSchristos if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
3115*4724848cSchristos goto err;
3116*4724848cSchristos
3117*4724848cSchristos if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
3118*4724848cSchristos goto err;
3119*4724848cSchristos
3120c9496f6bSchristos /* No compression for DTLS */
3121c9496f6bSchristos if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
3122c9496f6bSchristos ret->comp_methods = SSL_COMP_get_compression_methods();
3123c9496f6bSchristos
3124c9496f6bSchristos ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
3125*4724848cSchristos ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
3126c9496f6bSchristos
3127*4724848cSchristos /* Setup RFC5077 ticket keys */
3128*4724848cSchristos if ((RAND_bytes(ret->ext.tick_key_name,
3129*4724848cSchristos sizeof(ret->ext.tick_key_name)) <= 0)
3130*4724848cSchristos || (RAND_priv_bytes(ret->ext.secure->tick_hmac_key,
3131*4724848cSchristos sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
3132*4724848cSchristos || (RAND_priv_bytes(ret->ext.secure->tick_aes_key,
3133*4724848cSchristos sizeof(ret->ext.secure->tick_aes_key)) <= 0))
3134c9496f6bSchristos ret->options |= SSL_OP_NO_TICKET;
3135c9496f6bSchristos
3136*4724848cSchristos if (RAND_priv_bytes(ret->ext.cookie_hmac_key,
3137*4724848cSchristos sizeof(ret->ext.cookie_hmac_key)) <= 0)
3138*4724848cSchristos goto err;
3139c9496f6bSchristos
3140c9496f6bSchristos #ifndef OPENSSL_NO_SRP
3141*4724848cSchristos if (!SSL_CTX_SRP_CTX_init(ret))
3142c9496f6bSchristos goto err;
3143c9496f6bSchristos #endif
3144c9496f6bSchristos #ifndef OPENSSL_NO_ENGINE
3145c9496f6bSchristos # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
3146c9496f6bSchristos # define eng_strx(x) #x
3147c9496f6bSchristos # define eng_str(x) eng_strx(x)
3148c9496f6bSchristos /* Use specific client engine automatically... ignore errors */
3149c9496f6bSchristos {
3150c9496f6bSchristos ENGINE *eng;
3151c9496f6bSchristos eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
3152c9496f6bSchristos if (!eng) {
3153c9496f6bSchristos ERR_clear_error();
3154c9496f6bSchristos ENGINE_load_builtin_engines();
3155c9496f6bSchristos eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
3156c9496f6bSchristos }
3157c9496f6bSchristos if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
3158c9496f6bSchristos ERR_clear_error();
3159c9496f6bSchristos }
3160c9496f6bSchristos # endif
3161c9496f6bSchristos #endif
3162c9496f6bSchristos /*
3163c9496f6bSchristos * Default is to connect to non-RI servers. When RI is more widely
3164c9496f6bSchristos * deployed might change this.
3165c9496f6bSchristos */
3166c9496f6bSchristos ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
3167*4724848cSchristos /*
3168*4724848cSchristos * Disable compression by default to prevent CRIME. Applications can
3169*4724848cSchristos * re-enable compression by configuring
3170*4724848cSchristos * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
3171*4724848cSchristos * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
3172*4724848cSchristos * middlebox compatibility by default. This may be disabled by default in
3173*4724848cSchristos * a later OpenSSL version.
3174*4724848cSchristos */
3175*4724848cSchristos ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
3176*4724848cSchristos
3177*4724848cSchristos ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
3178c9496f6bSchristos
3179c9496f6bSchristos /*
3180*4724848cSchristos * We cannot usefully set a default max_early_data here (which gets
3181*4724848cSchristos * propagated in SSL_new(), for the following reason: setting the
3182*4724848cSchristos * SSL field causes tls_construct_stoc_early_data() to tell the
3183*4724848cSchristos * client that early data will be accepted when constructing a TLS 1.3
3184*4724848cSchristos * session ticket, and the client will accordingly send us early data
3185*4724848cSchristos * when using that ticket (if the client has early data to send).
3186*4724848cSchristos * However, in order for the early data to actually be consumed by
3187*4724848cSchristos * the application, the application must also have calls to
3188*4724848cSchristos * SSL_read_early_data(); otherwise we'll just skip past the early data
3189*4724848cSchristos * and ignore it. So, since the application must add calls to
3190*4724848cSchristos * SSL_read_early_data(), we also require them to add
3191*4724848cSchristos * calls to SSL_CTX_set_max_early_data() in order to use early data,
3192*4724848cSchristos * eliminating the bandwidth-wasting early data in the case described
3193*4724848cSchristos * above.
3194c9496f6bSchristos */
3195*4724848cSchristos ret->max_early_data = 0;
3196c9496f6bSchristos
3197*4724848cSchristos /*
3198*4724848cSchristos * Default recv_max_early_data is a fully loaded single record. Could be
3199*4724848cSchristos * split across multiple records in practice. We set this differently to
3200*4724848cSchristos * max_early_data so that, in the default case, we do not advertise any
3201*4724848cSchristos * support for early_data, but if a client were to send us some (e.g.
3202*4724848cSchristos * because of an old, stale ticket) then we will tolerate it and skip over
3203*4724848cSchristos * it.
3204*4724848cSchristos */
3205*4724848cSchristos ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
3206*4724848cSchristos
3207*4724848cSchristos /* By default we send two session tickets automatically in TLSv1.3 */
3208*4724848cSchristos ret->num_tickets = 2;
3209*4724848cSchristos
3210*4724848cSchristos ssl_ctx_system_config(ret);
3211*4724848cSchristos
3212*4724848cSchristos return ret;
3213c9496f6bSchristos err:
3214c9496f6bSchristos SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
3215c9496f6bSchristos err2:
3216c9496f6bSchristos SSL_CTX_free(ret);
3217*4724848cSchristos return NULL;
3218c9496f6bSchristos }
3219c9496f6bSchristos
SSL_CTX_up_ref(SSL_CTX * ctx)3220*4724848cSchristos int SSL_CTX_up_ref(SSL_CTX *ctx)
3221c9496f6bSchristos {
3222*4724848cSchristos int i;
3223c9496f6bSchristos
3224*4724848cSchristos if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
3225*4724848cSchristos return 0;
3226*4724848cSchristos
3227*4724848cSchristos REF_PRINT_COUNT("SSL_CTX", ctx);
3228*4724848cSchristos REF_ASSERT_ISNT(i < 2);
3229*4724848cSchristos return ((i > 1) ? 1 : 0);
3230c9496f6bSchristos }
3231c9496f6bSchristos
SSL_CTX_free(SSL_CTX * a)3232c9496f6bSchristos void SSL_CTX_free(SSL_CTX *a)
3233c9496f6bSchristos {
3234c9496f6bSchristos int i;
3235c9496f6bSchristos
3236c9496f6bSchristos if (a == NULL)
3237c9496f6bSchristos return;
3238c9496f6bSchristos
3239*4724848cSchristos CRYPTO_DOWN_REF(&a->references, &i, a->lock);
3240*4724848cSchristos REF_PRINT_COUNT("SSL_CTX", a);
3241c9496f6bSchristos if (i > 0)
3242c9496f6bSchristos return;
3243*4724848cSchristos REF_ASSERT_ISNT(i < 0);
3244c9496f6bSchristos
3245c9496f6bSchristos X509_VERIFY_PARAM_free(a->param);
3246*4724848cSchristos dane_ctx_final(&a->dane);
3247c9496f6bSchristos
3248c9496f6bSchristos /*
3249c9496f6bSchristos * Free internal session cache. However: the remove_cb() may reference
3250c9496f6bSchristos * the ex_data of SSL_CTX, thus the ex_data store can only be removed
3251c9496f6bSchristos * after the sessions were flushed.
3252c9496f6bSchristos * As the ex_data handling routines might also touch the session cache,
3253c9496f6bSchristos * the most secure solution seems to be: empty (flush) the cache, then
3254c9496f6bSchristos * free ex_data, then finally free the cache.
3255c9496f6bSchristos * (See ticket [openssl.org #212].)
3256c9496f6bSchristos */
3257c9496f6bSchristos if (a->sessions != NULL)
3258c9496f6bSchristos SSL_CTX_flush_sessions(a, 0);
3259c9496f6bSchristos
3260c9496f6bSchristos CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
3261c9496f6bSchristos lh_SSL_SESSION_free(a->sessions);
3262c9496f6bSchristos X509_STORE_free(a->cert_store);
3263*4724848cSchristos #ifndef OPENSSL_NO_CT
3264*4724848cSchristos CTLOG_STORE_free(a->ctlog_store);
3265*4724848cSchristos #endif
3266c9496f6bSchristos sk_SSL_CIPHER_free(a->cipher_list);
3267c9496f6bSchristos sk_SSL_CIPHER_free(a->cipher_list_by_id);
3268*4724848cSchristos sk_SSL_CIPHER_free(a->tls13_ciphersuites);
3269c9496f6bSchristos ssl_cert_free(a->cert);
3270*4724848cSchristos sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
3271*4724848cSchristos sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
3272c9496f6bSchristos sk_X509_pop_free(a->extra_certs, X509_free);
3273c9496f6bSchristos a->comp_methods = NULL;
3274c9496f6bSchristos #ifndef OPENSSL_NO_SRTP
3275c9496f6bSchristos sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
3276c9496f6bSchristos #endif
3277c9496f6bSchristos #ifndef OPENSSL_NO_SRP
3278c9496f6bSchristos SSL_CTX_SRP_CTX_free(a);
3279c9496f6bSchristos #endif
3280c9496f6bSchristos #ifndef OPENSSL_NO_ENGINE
3281c9496f6bSchristos ENGINE_finish(a->client_cert_engine);
3282c9496f6bSchristos #endif
3283c9496f6bSchristos
3284c9496f6bSchristos #ifndef OPENSSL_NO_EC
3285*4724848cSchristos OPENSSL_free(a->ext.ecpointformats);
3286*4724848cSchristos OPENSSL_free(a->ext.supportedgroups);
3287c9496f6bSchristos #endif
3288*4724848cSchristos OPENSSL_free(a->ext.alpn);
3289*4724848cSchristos OPENSSL_secure_free(a->ext.secure);
3290*4724848cSchristos
3291*4724848cSchristos CRYPTO_THREAD_lock_free(a->lock);
3292c9496f6bSchristos
3293c9496f6bSchristos OPENSSL_free(a);
3294c9496f6bSchristos }
3295c9496f6bSchristos
SSL_CTX_set_default_passwd_cb(SSL_CTX * ctx,pem_password_cb * cb)3296c9496f6bSchristos void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
3297c9496f6bSchristos {
3298c9496f6bSchristos ctx->default_passwd_callback = cb;
3299c9496f6bSchristos }
3300c9496f6bSchristos
SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX * ctx,void * u)3301c9496f6bSchristos void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
3302c9496f6bSchristos {
3303c9496f6bSchristos ctx->default_passwd_callback_userdata = u;
3304c9496f6bSchristos }
3305c9496f6bSchristos
SSL_CTX_get_default_passwd_cb(SSL_CTX * ctx)3306*4724848cSchristos pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
3307*4724848cSchristos {
3308*4724848cSchristos return ctx->default_passwd_callback;
3309*4724848cSchristos }
3310*4724848cSchristos
SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX * ctx)3311*4724848cSchristos void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
3312*4724848cSchristos {
3313*4724848cSchristos return ctx->default_passwd_callback_userdata;
3314*4724848cSchristos }
3315*4724848cSchristos
SSL_set_default_passwd_cb(SSL * s,pem_password_cb * cb)3316*4724848cSchristos void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
3317*4724848cSchristos {
3318*4724848cSchristos s->default_passwd_callback = cb;
3319*4724848cSchristos }
3320*4724848cSchristos
SSL_set_default_passwd_cb_userdata(SSL * s,void * u)3321*4724848cSchristos void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
3322*4724848cSchristos {
3323*4724848cSchristos s->default_passwd_callback_userdata = u;
3324*4724848cSchristos }
3325*4724848cSchristos
SSL_get_default_passwd_cb(SSL * s)3326*4724848cSchristos pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
3327*4724848cSchristos {
3328*4724848cSchristos return s->default_passwd_callback;
3329*4724848cSchristos }
3330*4724848cSchristos
SSL_get_default_passwd_cb_userdata(SSL * s)3331*4724848cSchristos void *SSL_get_default_passwd_cb_userdata(SSL *s)
3332*4724848cSchristos {
3333*4724848cSchristos return s->default_passwd_callback_userdata;
3334*4724848cSchristos }
3335*4724848cSchristos
SSL_CTX_set_cert_verify_callback(SSL_CTX * ctx,int (* cb)(X509_STORE_CTX *,void *),void * arg)3336c9496f6bSchristos void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
3337c9496f6bSchristos int (*cb) (X509_STORE_CTX *, void *),
3338c9496f6bSchristos void *arg)
3339c9496f6bSchristos {
3340c9496f6bSchristos ctx->app_verify_callback = cb;
3341c9496f6bSchristos ctx->app_verify_arg = arg;
3342c9496f6bSchristos }
3343c9496f6bSchristos
SSL_CTX_set_verify(SSL_CTX * ctx,int mode,int (* cb)(int,X509_STORE_CTX *))3344c9496f6bSchristos void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
3345c9496f6bSchristos int (*cb) (int, X509_STORE_CTX *))
3346c9496f6bSchristos {
3347c9496f6bSchristos ctx->verify_mode = mode;
3348c9496f6bSchristos ctx->default_verify_callback = cb;
3349c9496f6bSchristos }
3350c9496f6bSchristos
SSL_CTX_set_verify_depth(SSL_CTX * ctx,int depth)3351c9496f6bSchristos void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
3352c9496f6bSchristos {
3353c9496f6bSchristos X509_VERIFY_PARAM_set_depth(ctx->param, depth);
3354c9496f6bSchristos }
3355c9496f6bSchristos
SSL_CTX_set_cert_cb(SSL_CTX * c,int (* cb)(SSL * ssl,void * arg),void * arg)3356*4724848cSchristos void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
3357c9496f6bSchristos {
3358c9496f6bSchristos ssl_cert_set_cert_cb(c->cert, cb, arg);
3359c9496f6bSchristos }
3360c9496f6bSchristos
SSL_set_cert_cb(SSL * s,int (* cb)(SSL * ssl,void * arg),void * arg)3361c9496f6bSchristos void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
3362c9496f6bSchristos {
3363c9496f6bSchristos ssl_cert_set_cert_cb(s->cert, cb, arg);
3364c9496f6bSchristos }
3365c9496f6bSchristos
ssl_set_masks(SSL * s)3366*4724848cSchristos void ssl_set_masks(SSL *s)
3367c9496f6bSchristos {
3368*4724848cSchristos CERT *c = s->cert;
3369*4724848cSchristos uint32_t *pvalid = s->s3->tmp.valid_flags;
3370*4724848cSchristos int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
3371*4724848cSchristos unsigned long mask_k, mask_a;
3372c9496f6bSchristos #ifndef OPENSSL_NO_EC
3373*4724848cSchristos int have_ecc_cert, ecdsa_ok;
3374c9496f6bSchristos #endif
3375c9496f6bSchristos if (c == NULL)
3376c9496f6bSchristos return;
3377c9496f6bSchristos
3378c9496f6bSchristos #ifndef OPENSSL_NO_DH
3379*4724848cSchristos dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
3380c9496f6bSchristos #else
3381*4724848cSchristos dh_tmp = 0;
3382c9496f6bSchristos #endif
3383c9496f6bSchristos
3384*4724848cSchristos rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
3385*4724848cSchristos rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
3386*4724848cSchristos dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
3387c9496f6bSchristos #ifndef OPENSSL_NO_EC
3388*4724848cSchristos have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
3389c9496f6bSchristos #endif
3390c9496f6bSchristos mask_k = 0;
3391c9496f6bSchristos mask_a = 0;
3392c9496f6bSchristos
3393c9496f6bSchristos #ifdef CIPHER_DEBUG
3394*4724848cSchristos fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",
3395*4724848cSchristos dh_tmp, rsa_enc, rsa_sign, dsa_sign);
3396c9496f6bSchristos #endif
3397c9496f6bSchristos
3398*4724848cSchristos #ifndef OPENSSL_NO_GOST
3399*4724848cSchristos if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
3400*4724848cSchristos mask_k |= SSL_kGOST;
3401*4724848cSchristos mask_a |= SSL_aGOST12;
3402*4724848cSchristos }
3403*4724848cSchristos if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
3404*4724848cSchristos mask_k |= SSL_kGOST;
3405*4724848cSchristos mask_a |= SSL_aGOST12;
3406*4724848cSchristos }
3407*4724848cSchristos if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
3408c9496f6bSchristos mask_k |= SSL_kGOST;
3409c9496f6bSchristos mask_a |= SSL_aGOST01;
3410c9496f6bSchristos }
3411c9496f6bSchristos #endif
3412c9496f6bSchristos
3413*4724848cSchristos if (rsa_enc)
3414*4724848cSchristos mask_k |= SSL_kRSA;
3415c9496f6bSchristos
3416c9496f6bSchristos if (dh_tmp)
3417*4724848cSchristos mask_k |= SSL_kDHE;
3418c9496f6bSchristos
3419*4724848cSchristos /*
3420*4724848cSchristos * If we only have an RSA-PSS certificate allow RSA authentication
3421*4724848cSchristos * if TLS 1.2 and peer supports it.
3422*4724848cSchristos */
3423c9496f6bSchristos
3424*4724848cSchristos if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
3425*4724848cSchristos && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
3426*4724848cSchristos && TLS1_get_version(s) == TLS1_2_VERSION))
3427c9496f6bSchristos mask_a |= SSL_aRSA;
3428c9496f6bSchristos
3429c9496f6bSchristos if (dsa_sign) {
3430c9496f6bSchristos mask_a |= SSL_aDSS;
3431c9496f6bSchristos }
3432c9496f6bSchristos
3433c9496f6bSchristos mask_a |= SSL_aNULL;
3434c9496f6bSchristos
3435c9496f6bSchristos /*
3436c9496f6bSchristos * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
3437c9496f6bSchristos * depending on the key usage extension.
3438c9496f6bSchristos */
3439c9496f6bSchristos #ifndef OPENSSL_NO_EC
3440c9496f6bSchristos if (have_ecc_cert) {
3441*4724848cSchristos uint32_t ex_kusage;
3442*4724848cSchristos ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
3443*4724848cSchristos ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
3444*4724848cSchristos if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
3445c9496f6bSchristos ecdsa_ok = 0;
3446*4724848cSchristos if (ecdsa_ok)
3447c9496f6bSchristos mask_a |= SSL_aECDSA;
3448c9496f6bSchristos }
3449*4724848cSchristos /* Allow Ed25519 for TLS 1.2 if peer supports it */
3450*4724848cSchristos if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
3451*4724848cSchristos && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
3452*4724848cSchristos && TLS1_get_version(s) == TLS1_2_VERSION)
3453*4724848cSchristos mask_a |= SSL_aECDSA;
3454*4724848cSchristos
3455*4724848cSchristos /* Allow Ed448 for TLS 1.2 if peer supports it */
3456*4724848cSchristos if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
3457*4724848cSchristos && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
3458*4724848cSchristos && TLS1_get_version(s) == TLS1_2_VERSION)
3459*4724848cSchristos mask_a |= SSL_aECDSA;
3460c9496f6bSchristos #endif
3461c9496f6bSchristos
3462*4724848cSchristos #ifndef OPENSSL_NO_EC
3463*4724848cSchristos mask_k |= SSL_kECDHE;
3464c9496f6bSchristos #endif
3465c9496f6bSchristos
3466c9496f6bSchristos #ifndef OPENSSL_NO_PSK
3467c9496f6bSchristos mask_k |= SSL_kPSK;
3468c9496f6bSchristos mask_a |= SSL_aPSK;
3469*4724848cSchristos if (mask_k & SSL_kRSA)
3470*4724848cSchristos mask_k |= SSL_kRSAPSK;
3471*4724848cSchristos if (mask_k & SSL_kDHE)
3472*4724848cSchristos mask_k |= SSL_kDHEPSK;
3473*4724848cSchristos if (mask_k & SSL_kECDHE)
3474*4724848cSchristos mask_k |= SSL_kECDHEPSK;
3475c9496f6bSchristos #endif
3476c9496f6bSchristos
3477*4724848cSchristos s->s3->tmp.mask_k = mask_k;
3478*4724848cSchristos s->s3->tmp.mask_a = mask_a;
3479c9496f6bSchristos }
3480c9496f6bSchristos
3481c9496f6bSchristos #ifndef OPENSSL_NO_EC
3482c9496f6bSchristos
ssl_check_srvr_ecc_cert_and_alg(X509 * x,SSL * s)3483c9496f6bSchristos int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
3484c9496f6bSchristos {
3485*4724848cSchristos if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
3486c9496f6bSchristos /* key usage, if present, must allow signing */
3487*4724848cSchristos if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
3488c9496f6bSchristos SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
3489c9496f6bSchristos SSL_R_ECC_CERT_NOT_FOR_SIGNING);
3490c9496f6bSchristos return 0;
3491c9496f6bSchristos }
3492c9496f6bSchristos }
3493c9496f6bSchristos return 1; /* all checks are ok */
3494c9496f6bSchristos }
3495c9496f6bSchristos
3496c9496f6bSchristos #endif
3497c9496f6bSchristos
ssl_get_server_cert_serverinfo(SSL * s,const unsigned char ** serverinfo,size_t * serverinfo_length)3498c9496f6bSchristos int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
3499c9496f6bSchristos size_t *serverinfo_length)
3500c9496f6bSchristos {
3501*4724848cSchristos CERT_PKEY *cpk = s->s3->tmp.cert;
3502c9496f6bSchristos *serverinfo_length = 0;
3503c9496f6bSchristos
3504*4724848cSchristos if (cpk == NULL || cpk->serverinfo == NULL)
3505c9496f6bSchristos return 0;
3506c9496f6bSchristos
3507*4724848cSchristos *serverinfo = cpk->serverinfo;
3508*4724848cSchristos *serverinfo_length = cpk->serverinfo_length;
3509c9496f6bSchristos return 1;
3510c9496f6bSchristos }
3511c9496f6bSchristos
ssl_update_cache(SSL * s,int mode)3512c9496f6bSchristos void ssl_update_cache(SSL *s, int mode)
3513c9496f6bSchristos {
3514c9496f6bSchristos int i;
3515c9496f6bSchristos
3516c9496f6bSchristos /*
3517c9496f6bSchristos * If the session_id_length is 0, we are not supposed to cache it, and it
3518c9496f6bSchristos * would be rather hard to do anyway :-)
3519c9496f6bSchristos */
3520c9496f6bSchristos if (s->session->session_id_length == 0)
3521c9496f6bSchristos return;
3522c9496f6bSchristos
3523*4724848cSchristos /*
3524*4724848cSchristos * If sid_ctx_length is 0 there is no specific application context
3525*4724848cSchristos * associated with this session, so when we try to resume it and
3526*4724848cSchristos * SSL_VERIFY_PEER is requested to verify the client identity, we have no
3527*4724848cSchristos * indication that this is actually a session for the proper application
3528*4724848cSchristos * context, and the *handshake* will fail, not just the resumption attempt.
3529*4724848cSchristos * Do not cache (on the server) these sessions that are not resumable
3530*4724848cSchristos * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
3531*4724848cSchristos */
3532*4724848cSchristos if (s->server && s->session->sid_ctx_length == 0
3533*4724848cSchristos && (s->verify_mode & SSL_VERIFY_PEER) != 0)
3534*4724848cSchristos return;
3535*4724848cSchristos
3536c9496f6bSchristos i = s->session_ctx->session_cache_mode;
3537*4724848cSchristos if ((i & mode) != 0
3538*4724848cSchristos && (!s->hit || SSL_IS_TLS13(s))) {
3539*4724848cSchristos /*
3540*4724848cSchristos * Add the session to the internal cache. In server side TLSv1.3 we
3541*4724848cSchristos * normally don't do this because by default it's a full stateless ticket
3542*4724848cSchristos * with only a dummy session id so there is no reason to cache it,
3543*4724848cSchristos * unless:
3544*4724848cSchristos * - we are doing early_data, in which case we cache so that we can
3545*4724848cSchristos * detect replays
3546*4724848cSchristos * - the application has set a remove_session_cb so needs to know about
3547*4724848cSchristos * session timeout events
3548*4724848cSchristos * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
3549*4724848cSchristos */
3550*4724848cSchristos if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
3551*4724848cSchristos && (!SSL_IS_TLS13(s)
3552*4724848cSchristos || !s->server
3553*4724848cSchristos || (s->max_early_data > 0
3554*4724848cSchristos && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
3555*4724848cSchristos || s->session_ctx->remove_session_cb != NULL
3556*4724848cSchristos || (s->options & SSL_OP_NO_TICKET) != 0))
3557*4724848cSchristos SSL_CTX_add_session(s->session_ctx, s->session);
3558*4724848cSchristos
3559*4724848cSchristos /*
3560*4724848cSchristos * Add the session to the external cache. We do this even in server side
3561*4724848cSchristos * TLSv1.3 without early data because some applications just want to
3562*4724848cSchristos * know about the creation of a session and aren't doing a full cache.
3563*4724848cSchristos */
3564*4724848cSchristos if (s->session_ctx->new_session_cb != NULL) {
3565*4724848cSchristos SSL_SESSION_up_ref(s->session);
3566c9496f6bSchristos if (!s->session_ctx->new_session_cb(s, s->session))
3567c9496f6bSchristos SSL_SESSION_free(s->session);
3568c9496f6bSchristos }
3569*4724848cSchristos }
3570c9496f6bSchristos
3571c9496f6bSchristos /* auto flush every 255 connections */
3572c9496f6bSchristos if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
3573*4724848cSchristos TSAN_QUALIFIER int *stat;
3574*4724848cSchristos if (mode & SSL_SESS_CACHE_CLIENT)
3575*4724848cSchristos stat = &s->session_ctx->stats.sess_connect_good;
3576*4724848cSchristos else
3577*4724848cSchristos stat = &s->session_ctx->stats.sess_accept_good;
3578*4724848cSchristos if ((tsan_load(stat) & 0xff) == 0xff)
3579c9496f6bSchristos SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
3580c9496f6bSchristos }
3581c9496f6bSchristos }
3582c9496f6bSchristos
SSL_CTX_get_ssl_method(const SSL_CTX * ctx)3583*4724848cSchristos const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
3584c9496f6bSchristos {
3585c9496f6bSchristos return ctx->method;
3586c9496f6bSchristos }
3587c9496f6bSchristos
SSL_get_ssl_method(const SSL * s)3588*4724848cSchristos const SSL_METHOD *SSL_get_ssl_method(const SSL *s)
3589c9496f6bSchristos {
3590*4724848cSchristos return s->method;
3591c9496f6bSchristos }
3592c9496f6bSchristos
SSL_set_ssl_method(SSL * s,const SSL_METHOD * meth)3593c9496f6bSchristos int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
3594c9496f6bSchristos {
3595c9496f6bSchristos int ret = 1;
3596c9496f6bSchristos
3597c9496f6bSchristos if (s->method != meth) {
3598*4724848cSchristos const SSL_METHOD *sm = s->method;
3599*4724848cSchristos int (*hf) (SSL *) = s->handshake_func;
3600c9496f6bSchristos
3601*4724848cSchristos if (sm->version == meth->version)
3602c9496f6bSchristos s->method = meth;
3603c9496f6bSchristos else {
3604*4724848cSchristos sm->ssl_free(s);
3605c9496f6bSchristos s->method = meth;
3606c9496f6bSchristos ret = s->method->ssl_new(s);
3607c9496f6bSchristos }
3608c9496f6bSchristos
3609*4724848cSchristos if (hf == sm->ssl_connect)
3610c9496f6bSchristos s->handshake_func = meth->ssl_connect;
3611*4724848cSchristos else if (hf == sm->ssl_accept)
3612c9496f6bSchristos s->handshake_func = meth->ssl_accept;
3613c9496f6bSchristos }
3614*4724848cSchristos return ret;
3615c9496f6bSchristos }
3616c9496f6bSchristos
SSL_get_error(const SSL * s,int i)3617c9496f6bSchristos int SSL_get_error(const SSL *s, int i)
3618c9496f6bSchristos {
3619c9496f6bSchristos int reason;
3620c9496f6bSchristos unsigned long l;
3621c9496f6bSchristos BIO *bio;
3622c9496f6bSchristos
3623c9496f6bSchristos if (i > 0)
3624*4724848cSchristos return SSL_ERROR_NONE;
3625c9496f6bSchristos
3626c9496f6bSchristos /*
3627c9496f6bSchristos * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
3628c9496f6bSchristos * where we do encode the error
3629c9496f6bSchristos */
3630c9496f6bSchristos if ((l = ERR_peek_error()) != 0) {
3631c9496f6bSchristos if (ERR_GET_LIB(l) == ERR_LIB_SYS)
3632*4724848cSchristos return SSL_ERROR_SYSCALL;
3633c9496f6bSchristos else
3634*4724848cSchristos return SSL_ERROR_SSL;
3635c9496f6bSchristos }
3636c9496f6bSchristos
3637*4724848cSchristos if (SSL_want_read(s)) {
3638c9496f6bSchristos bio = SSL_get_rbio(s);
3639c9496f6bSchristos if (BIO_should_read(bio))
3640*4724848cSchristos return SSL_ERROR_WANT_READ;
3641c9496f6bSchristos else if (BIO_should_write(bio))
3642c9496f6bSchristos /*
3643c9496f6bSchristos * This one doesn't make too much sense ... We never try to write
3644c9496f6bSchristos * to the rbio, and an application program where rbio and wbio
3645c9496f6bSchristos * are separate couldn't even know what it should wait for.
3646c9496f6bSchristos * However if we ever set s->rwstate incorrectly (so that we have
3647c9496f6bSchristos * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
3648c9496f6bSchristos * wbio *are* the same, this test works around that bug; so it
3649c9496f6bSchristos * might be safer to keep it.
3650c9496f6bSchristos */
3651*4724848cSchristos return SSL_ERROR_WANT_WRITE;
3652c9496f6bSchristos else if (BIO_should_io_special(bio)) {
3653c9496f6bSchristos reason = BIO_get_retry_reason(bio);
3654c9496f6bSchristos if (reason == BIO_RR_CONNECT)
3655*4724848cSchristos return SSL_ERROR_WANT_CONNECT;
3656c9496f6bSchristos else if (reason == BIO_RR_ACCEPT)
3657*4724848cSchristos return SSL_ERROR_WANT_ACCEPT;
3658c9496f6bSchristos else
3659*4724848cSchristos return SSL_ERROR_SYSCALL; /* unknown */
3660c9496f6bSchristos }
3661c9496f6bSchristos }
3662c9496f6bSchristos
3663*4724848cSchristos if (SSL_want_write(s)) {
3664*4724848cSchristos /* Access wbio directly - in order to use the buffered bio if present */
3665*4724848cSchristos bio = s->wbio;
3666c9496f6bSchristos if (BIO_should_write(bio))
3667*4724848cSchristos return SSL_ERROR_WANT_WRITE;
3668c9496f6bSchristos else if (BIO_should_read(bio))
3669c9496f6bSchristos /*
3670c9496f6bSchristos * See above (SSL_want_read(s) with BIO_should_write(bio))
3671c9496f6bSchristos */
3672*4724848cSchristos return SSL_ERROR_WANT_READ;
3673c9496f6bSchristos else if (BIO_should_io_special(bio)) {
3674c9496f6bSchristos reason = BIO_get_retry_reason(bio);
3675c9496f6bSchristos if (reason == BIO_RR_CONNECT)
3676*4724848cSchristos return SSL_ERROR_WANT_CONNECT;
3677c9496f6bSchristos else if (reason == BIO_RR_ACCEPT)
3678*4724848cSchristos return SSL_ERROR_WANT_ACCEPT;
3679c9496f6bSchristos else
3680*4724848cSchristos return SSL_ERROR_SYSCALL;
3681c9496f6bSchristos }
3682c9496f6bSchristos }
3683*4724848cSchristos if (SSL_want_x509_lookup(s))
3684*4724848cSchristos return SSL_ERROR_WANT_X509_LOOKUP;
3685*4724848cSchristos if (SSL_want_async(s))
3686*4724848cSchristos return SSL_ERROR_WANT_ASYNC;
3687*4724848cSchristos if (SSL_want_async_job(s))
3688*4724848cSchristos return SSL_ERROR_WANT_ASYNC_JOB;
3689*4724848cSchristos if (SSL_want_client_hello_cb(s))
3690*4724848cSchristos return SSL_ERROR_WANT_CLIENT_HELLO_CB;
3691c9496f6bSchristos
3692c9496f6bSchristos if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
3693c9496f6bSchristos (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
3694*4724848cSchristos return SSL_ERROR_ZERO_RETURN;
3695*4724848cSchristos
3696*4724848cSchristos return SSL_ERROR_SYSCALL;
3697c9496f6bSchristos }
3698*4724848cSchristos
ssl_do_handshake_intern(void * vargs)3699*4724848cSchristos static int ssl_do_handshake_intern(void *vargs)
3700*4724848cSchristos {
3701*4724848cSchristos struct ssl_async_args *args;
3702*4724848cSchristos SSL *s;
3703*4724848cSchristos
3704*4724848cSchristos args = (struct ssl_async_args *)vargs;
3705*4724848cSchristos s = args->s;
3706*4724848cSchristos
3707*4724848cSchristos return s->handshake_func(s);
3708c9496f6bSchristos }
3709c9496f6bSchristos
SSL_do_handshake(SSL * s)3710c9496f6bSchristos int SSL_do_handshake(SSL *s)
3711c9496f6bSchristos {
3712c9496f6bSchristos int ret = 1;
3713c9496f6bSchristos
3714c9496f6bSchristos if (s->handshake_func == NULL) {
3715c9496f6bSchristos SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
3716*4724848cSchristos return -1;
3717c9496f6bSchristos }
3718c9496f6bSchristos
3719*4724848cSchristos ossl_statem_check_finish_init(s, -1);
3720*4724848cSchristos
3721*4724848cSchristos s->method->ssl_renegotiate_check(s, 0);
3722c9496f6bSchristos
3723c9496f6bSchristos if (SSL_in_init(s) || SSL_in_before(s)) {
3724*4724848cSchristos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
3725*4724848cSchristos struct ssl_async_args args;
3726*4724848cSchristos
3727*4724848cSchristos memset(&args, 0, sizeof(args));
3728*4724848cSchristos args.s = s;
3729*4724848cSchristos
3730*4724848cSchristos ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
3731*4724848cSchristos } else {
3732c9496f6bSchristos ret = s->handshake_func(s);
3733c9496f6bSchristos }
3734*4724848cSchristos }
3735*4724848cSchristos return ret;
3736c9496f6bSchristos }
3737c9496f6bSchristos
SSL_set_accept_state(SSL * s)3738c9496f6bSchristos void SSL_set_accept_state(SSL *s)
3739c9496f6bSchristos {
3740c9496f6bSchristos s->server = 1;
3741c9496f6bSchristos s->shutdown = 0;
3742*4724848cSchristos ossl_statem_clear(s);
3743c9496f6bSchristos s->handshake_func = s->method->ssl_accept;
3744*4724848cSchristos clear_ciphers(s);
3745c9496f6bSchristos }
3746c9496f6bSchristos
SSL_set_connect_state(SSL * s)3747c9496f6bSchristos void SSL_set_connect_state(SSL *s)
3748c9496f6bSchristos {
3749c9496f6bSchristos s->server = 0;
3750c9496f6bSchristos s->shutdown = 0;
3751*4724848cSchristos ossl_statem_clear(s);
3752c9496f6bSchristos s->handshake_func = s->method->ssl_connect;
3753*4724848cSchristos clear_ciphers(s);
3754c9496f6bSchristos }
3755c9496f6bSchristos
ssl_undefined_function(SSL * s)3756c9496f6bSchristos int ssl_undefined_function(SSL *s)
3757c9496f6bSchristos {
3758c9496f6bSchristos SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3759*4724848cSchristos return 0;
3760c9496f6bSchristos }
3761c9496f6bSchristos
ssl_undefined_void_function(void)3762c9496f6bSchristos int ssl_undefined_void_function(void)
3763c9496f6bSchristos {
3764c9496f6bSchristos SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
3765c9496f6bSchristos ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3766*4724848cSchristos return 0;
3767c9496f6bSchristos }
3768c9496f6bSchristos
ssl_undefined_const_function(const SSL * s)3769c9496f6bSchristos int ssl_undefined_const_function(const SSL *s)
3770c9496f6bSchristos {
3771*4724848cSchristos return 0;
3772c9496f6bSchristos }
3773c9496f6bSchristos
ssl_bad_method(int ver)3774*4724848cSchristos const SSL_METHOD *ssl_bad_method(int ver)
3775c9496f6bSchristos {
3776c9496f6bSchristos SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3777*4724848cSchristos return NULL;
3778*4724848cSchristos }
3779*4724848cSchristos
ssl_protocol_to_string(int version)3780*4724848cSchristos const char *ssl_protocol_to_string(int version)
3781*4724848cSchristos {
3782*4724848cSchristos switch(version)
3783*4724848cSchristos {
3784*4724848cSchristos case TLS1_3_VERSION:
3785*4724848cSchristos return "TLSv1.3";
3786*4724848cSchristos
3787*4724848cSchristos case TLS1_2_VERSION:
3788*4724848cSchristos return "TLSv1.2";
3789*4724848cSchristos
3790*4724848cSchristos case TLS1_1_VERSION:
3791*4724848cSchristos return "TLSv1.1";
3792*4724848cSchristos
3793*4724848cSchristos case TLS1_VERSION:
3794*4724848cSchristos return "TLSv1";
3795*4724848cSchristos
3796*4724848cSchristos case SSL3_VERSION:
3797*4724848cSchristos return "SSLv3";
3798*4724848cSchristos
3799*4724848cSchristos case DTLS1_BAD_VER:
3800*4724848cSchristos return "DTLSv0.9";
3801*4724848cSchristos
3802*4724848cSchristos case DTLS1_VERSION:
3803*4724848cSchristos return "DTLSv1";
3804*4724848cSchristos
3805*4724848cSchristos case DTLS1_2_VERSION:
3806*4724848cSchristos return "DTLSv1.2";
3807*4724848cSchristos
3808*4724848cSchristos default:
3809*4724848cSchristos return "unknown";
3810*4724848cSchristos }
3811c9496f6bSchristos }
3812c9496f6bSchristos
SSL_get_version(const SSL * s)3813c9496f6bSchristos const char *SSL_get_version(const SSL *s)
3814c9496f6bSchristos {
3815*4724848cSchristos return ssl_protocol_to_string(s->version);
3816*4724848cSchristos }
3817*4724848cSchristos
dup_ca_names(STACK_OF (X509_NAME)** dst,STACK_OF (X509_NAME)* src)3818*4724848cSchristos static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
3819*4724848cSchristos {
3820*4724848cSchristos STACK_OF(X509_NAME) *sk;
3821*4724848cSchristos X509_NAME *xn;
3822*4724848cSchristos int i;
3823*4724848cSchristos
3824*4724848cSchristos if (src == NULL) {
3825*4724848cSchristos *dst = NULL;
3826*4724848cSchristos return 1;
3827*4724848cSchristos }
3828*4724848cSchristos
3829*4724848cSchristos if ((sk = sk_X509_NAME_new_null()) == NULL)
3830*4724848cSchristos return 0;
3831*4724848cSchristos for (i = 0; i < sk_X509_NAME_num(src); i++) {
3832*4724848cSchristos xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
3833*4724848cSchristos if (xn == NULL) {
3834*4724848cSchristos sk_X509_NAME_pop_free(sk, X509_NAME_free);
3835*4724848cSchristos return 0;
3836*4724848cSchristos }
3837*4724848cSchristos if (sk_X509_NAME_insert(sk, xn, i) == 0) {
3838*4724848cSchristos X509_NAME_free(xn);
3839*4724848cSchristos sk_X509_NAME_pop_free(sk, X509_NAME_free);
3840*4724848cSchristos return 0;
3841*4724848cSchristos }
3842*4724848cSchristos }
3843*4724848cSchristos *dst = sk;
3844*4724848cSchristos
3845*4724848cSchristos return 1;
3846c9496f6bSchristos }
3847c9496f6bSchristos
SSL_dup(SSL * s)3848c9496f6bSchristos SSL *SSL_dup(SSL *s)
3849c9496f6bSchristos {
3850c9496f6bSchristos SSL *ret;
3851c9496f6bSchristos int i;
3852c9496f6bSchristos
3853*4724848cSchristos /* If we're not quiescent, just up_ref! */
3854*4724848cSchristos if (!SSL_in_init(s) || !SSL_in_before(s)) {
3855*4724848cSchristos CRYPTO_UP_REF(&s->references, &i, s->lock);
3856*4724848cSchristos return s;
3857*4724848cSchristos }
3858c9496f6bSchristos
3859*4724848cSchristos /*
3860*4724848cSchristos * Otherwise, copy configuration state, and session if set.
3861*4724848cSchristos */
3862*4724848cSchristos if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
3863*4724848cSchristos return NULL;
3864c9496f6bSchristos
3865c9496f6bSchristos if (s->session != NULL) {
3866*4724848cSchristos /*
3867*4724848cSchristos * Arranges to share the same session via up_ref. This "copies"
3868*4724848cSchristos * session-id, SSL_METHOD, sid_ctx, and 'cert'
3869*4724848cSchristos */
3870*4724848cSchristos if (!SSL_copy_session_id(ret, s))
3871*4724848cSchristos goto err;
3872c9496f6bSchristos } else {
3873c9496f6bSchristos /*
3874c9496f6bSchristos * No session has been established yet, so we have to expect that
3875c9496f6bSchristos * s->cert or ret->cert will be changed later -- they should not both
3876c9496f6bSchristos * point to the same object, and thus we can't use
3877c9496f6bSchristos * SSL_copy_session_id.
3878c9496f6bSchristos */
3879*4724848cSchristos if (!SSL_set_ssl_method(ret, s->method))
3880*4724848cSchristos goto err;
3881c9496f6bSchristos
3882c9496f6bSchristos if (s->cert != NULL) {
3883c9496f6bSchristos ssl_cert_free(ret->cert);
3884c9496f6bSchristos ret->cert = ssl_cert_dup(s->cert);
3885c9496f6bSchristos if (ret->cert == NULL)
3886c9496f6bSchristos goto err;
3887c9496f6bSchristos }
3888c9496f6bSchristos
3889*4724848cSchristos if (!SSL_set_session_id_context(ret, s->sid_ctx,
3890*4724848cSchristos (int)s->sid_ctx_length))
3891*4724848cSchristos goto err;
3892c9496f6bSchristos }
3893c9496f6bSchristos
3894*4724848cSchristos if (!ssl_dane_dup(ret, s))
3895*4724848cSchristos goto err;
3896*4724848cSchristos ret->version = s->version;
3897c9496f6bSchristos ret->options = s->options;
3898*4724848cSchristos ret->min_proto_version = s->min_proto_version;
3899*4724848cSchristos ret->max_proto_version = s->max_proto_version;
3900c9496f6bSchristos ret->mode = s->mode;
3901c9496f6bSchristos SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
3902c9496f6bSchristos SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
3903c9496f6bSchristos ret->msg_callback = s->msg_callback;
3904c9496f6bSchristos ret->msg_callback_arg = s->msg_callback_arg;
3905c9496f6bSchristos SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
3906c9496f6bSchristos SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
3907c9496f6bSchristos ret->generate_session_id = s->generate_session_id;
3908c9496f6bSchristos
3909c9496f6bSchristos SSL_set_info_callback(ret, SSL_get_info_callback(s));
3910c9496f6bSchristos
3911c9496f6bSchristos /* copy app data, a little dangerous perhaps */
3912c9496f6bSchristos if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
3913c9496f6bSchristos goto err;
3914c9496f6bSchristos
3915c9496f6bSchristos ret->server = s->server;
3916*4724848cSchristos if (s->handshake_func) {
3917*4724848cSchristos if (s->server)
3918*4724848cSchristos SSL_set_accept_state(ret);
3919*4724848cSchristos else
3920*4724848cSchristos SSL_set_connect_state(ret);
3921*4724848cSchristos }
3922c9496f6bSchristos ret->shutdown = s->shutdown;
3923c9496f6bSchristos ret->hit = s->hit;
3924c9496f6bSchristos
3925*4724848cSchristos ret->default_passwd_callback = s->default_passwd_callback;
3926*4724848cSchristos ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata;
3927*4724848cSchristos
3928c9496f6bSchristos X509_VERIFY_PARAM_inherit(ret->param, s->param);
3929c9496f6bSchristos
3930c9496f6bSchristos /* dup the cipher_list and cipher_list_by_id stacks */
3931c9496f6bSchristos if (s->cipher_list != NULL) {
3932c9496f6bSchristos if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
3933c9496f6bSchristos goto err;
3934c9496f6bSchristos }
3935c9496f6bSchristos if (s->cipher_list_by_id != NULL)
3936c9496f6bSchristos if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
3937c9496f6bSchristos == NULL)
3938c9496f6bSchristos goto err;
3939c9496f6bSchristos
3940c9496f6bSchristos /* Dup the client_CA list */
3941*4724848cSchristos if (!dup_ca_names(&ret->ca_names, s->ca_names)
3942*4724848cSchristos || !dup_ca_names(&ret->client_ca_names, s->client_ca_names))
3943c9496f6bSchristos goto err;
3944c9496f6bSchristos
3945*4724848cSchristos return ret;
3946*4724848cSchristos
3947c9496f6bSchristos err:
3948c9496f6bSchristos SSL_free(ret);
3949*4724848cSchristos return NULL;
3950c9496f6bSchristos }
3951c9496f6bSchristos
ssl_clear_cipher_ctx(SSL * s)3952c9496f6bSchristos void ssl_clear_cipher_ctx(SSL *s)
3953c9496f6bSchristos {
3954c9496f6bSchristos if (s->enc_read_ctx != NULL) {
3955*4724848cSchristos EVP_CIPHER_CTX_free(s->enc_read_ctx);
3956c9496f6bSchristos s->enc_read_ctx = NULL;
3957c9496f6bSchristos }
3958c9496f6bSchristos if (s->enc_write_ctx != NULL) {
3959*4724848cSchristos EVP_CIPHER_CTX_free(s->enc_write_ctx);
3960c9496f6bSchristos s->enc_write_ctx = NULL;
3961c9496f6bSchristos }
3962c9496f6bSchristos #ifndef OPENSSL_NO_COMP
3963c9496f6bSchristos COMP_CTX_free(s->expand);
3964c9496f6bSchristos s->expand = NULL;
3965c9496f6bSchristos COMP_CTX_free(s->compress);
3966c9496f6bSchristos s->compress = NULL;
3967c9496f6bSchristos #endif
3968c9496f6bSchristos }
3969c9496f6bSchristos
SSL_get_certificate(const SSL * s)3970c9496f6bSchristos X509 *SSL_get_certificate(const SSL *s)
3971c9496f6bSchristos {
3972c9496f6bSchristos if (s->cert != NULL)
3973*4724848cSchristos return s->cert->key->x509;
3974c9496f6bSchristos else
3975*4724848cSchristos return NULL;
3976c9496f6bSchristos }
3977c9496f6bSchristos
SSL_get_privatekey(const SSL * s)3978c9496f6bSchristos EVP_PKEY *SSL_get_privatekey(const SSL *s)
3979c9496f6bSchristos {
3980c9496f6bSchristos if (s->cert != NULL)
3981*4724848cSchristos return s->cert->key->privatekey;
3982c9496f6bSchristos else
3983*4724848cSchristos return NULL;
3984c9496f6bSchristos }
3985c9496f6bSchristos
SSL_CTX_get0_certificate(const SSL_CTX * ctx)3986c9496f6bSchristos X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
3987c9496f6bSchristos {
3988c9496f6bSchristos if (ctx->cert != NULL)
3989c9496f6bSchristos return ctx->cert->key->x509;
3990c9496f6bSchristos else
3991c9496f6bSchristos return NULL;
3992c9496f6bSchristos }
3993c9496f6bSchristos
SSL_CTX_get0_privatekey(const SSL_CTX * ctx)3994c9496f6bSchristos EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
3995c9496f6bSchristos {
3996c9496f6bSchristos if (ctx->cert != NULL)
3997c9496f6bSchristos return ctx->cert->key->privatekey;
3998c9496f6bSchristos else
3999c9496f6bSchristos return NULL;
4000c9496f6bSchristos }
4001c9496f6bSchristos
SSL_get_current_cipher(const SSL * s)4002c9496f6bSchristos const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
4003c9496f6bSchristos {
4004c9496f6bSchristos if ((s->session != NULL) && (s->session->cipher != NULL))
4005*4724848cSchristos return s->session->cipher;
4006c9496f6bSchristos return NULL;
4007c9496f6bSchristos }
4008c9496f6bSchristos
SSL_get_pending_cipher(const SSL * s)4009*4724848cSchristos const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
4010c9496f6bSchristos {
4011*4724848cSchristos return s->s3->tmp.new_cipher;
4012c9496f6bSchristos }
4013*4724848cSchristos
SSL_get_current_compression(const SSL * s)4014*4724848cSchristos const COMP_METHOD *SSL_get_current_compression(const SSL *s)
4015*4724848cSchristos {
4016*4724848cSchristos #ifndef OPENSSL_NO_COMP
4017*4724848cSchristos return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
4018c9496f6bSchristos #else
4019*4724848cSchristos return NULL;
4020c9496f6bSchristos #endif
4021*4724848cSchristos }
4022c9496f6bSchristos
SSL_get_current_expansion(const SSL * s)4023*4724848cSchristos const COMP_METHOD *SSL_get_current_expansion(const SSL *s)
4024*4724848cSchristos {
4025*4724848cSchristos #ifndef OPENSSL_NO_COMP
4026*4724848cSchristos return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
4027*4724848cSchristos #else
4028*4724848cSchristos return NULL;
4029*4724848cSchristos #endif
4030*4724848cSchristos }
4031*4724848cSchristos
ssl_init_wbio_buffer(SSL * s)4032*4724848cSchristos int ssl_init_wbio_buffer(SSL *s)
4033c9496f6bSchristos {
4034c9496f6bSchristos BIO *bbio;
4035c9496f6bSchristos
4036*4724848cSchristos if (s->bbio != NULL) {
4037*4724848cSchristos /* Already buffered. */
4038*4724848cSchristos return 1;
4039*4724848cSchristos }
4040*4724848cSchristos
4041c9496f6bSchristos bbio = BIO_new(BIO_f_buffer());
4042*4724848cSchristos if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
4043*4724848cSchristos BIO_free(bbio);
4044c9496f6bSchristos SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
4045*4724848cSchristos return 0;
4046c9496f6bSchristos }
4047*4724848cSchristos s->bbio = bbio;
4048c9496f6bSchristos s->wbio = BIO_push(bbio, s->wbio);
4049*4724848cSchristos
4050*4724848cSchristos return 1;
4051c9496f6bSchristos }
4052c9496f6bSchristos
ssl_free_wbio_buffer(SSL * s)4053*4724848cSchristos int ssl_free_wbio_buffer(SSL *s)
4054c9496f6bSchristos {
4055*4724848cSchristos /* callers ensure s is never null */
4056c9496f6bSchristos if (s->bbio == NULL)
4057*4724848cSchristos return 1;
4058c9496f6bSchristos
4059c9496f6bSchristos s->wbio = BIO_pop(s->wbio);
4060c9496f6bSchristos BIO_free(s->bbio);
4061c9496f6bSchristos s->bbio = NULL;
4062*4724848cSchristos
4063*4724848cSchristos return 1;
4064c9496f6bSchristos }
4065c9496f6bSchristos
SSL_CTX_set_quiet_shutdown(SSL_CTX * ctx,int mode)4066c9496f6bSchristos void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
4067c9496f6bSchristos {
4068c9496f6bSchristos ctx->quiet_shutdown = mode;
4069c9496f6bSchristos }
4070c9496f6bSchristos
SSL_CTX_get_quiet_shutdown(const SSL_CTX * ctx)4071c9496f6bSchristos int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
4072c9496f6bSchristos {
4073*4724848cSchristos return ctx->quiet_shutdown;
4074c9496f6bSchristos }
4075c9496f6bSchristos
SSL_set_quiet_shutdown(SSL * s,int mode)4076c9496f6bSchristos void SSL_set_quiet_shutdown(SSL *s, int mode)
4077c9496f6bSchristos {
4078c9496f6bSchristos s->quiet_shutdown = mode;
4079c9496f6bSchristos }
4080c9496f6bSchristos
SSL_get_quiet_shutdown(const SSL * s)4081c9496f6bSchristos int SSL_get_quiet_shutdown(const SSL *s)
4082c9496f6bSchristos {
4083*4724848cSchristos return s->quiet_shutdown;
4084c9496f6bSchristos }
4085c9496f6bSchristos
SSL_set_shutdown(SSL * s,int mode)4086c9496f6bSchristos void SSL_set_shutdown(SSL *s, int mode)
4087c9496f6bSchristos {
4088c9496f6bSchristos s->shutdown = mode;
4089c9496f6bSchristos }
4090c9496f6bSchristos
SSL_get_shutdown(const SSL * s)4091c9496f6bSchristos int SSL_get_shutdown(const SSL *s)
4092c9496f6bSchristos {
4093*4724848cSchristos return s->shutdown;
4094c9496f6bSchristos }
4095c9496f6bSchristos
SSL_version(const SSL * s)4096c9496f6bSchristos int SSL_version(const SSL *s)
4097c9496f6bSchristos {
4098*4724848cSchristos return s->version;
4099*4724848cSchristos }
4100*4724848cSchristos
SSL_client_version(const SSL * s)4101*4724848cSchristos int SSL_client_version(const SSL *s)
4102*4724848cSchristos {
4103*4724848cSchristos return s->client_version;
4104c9496f6bSchristos }
4105c9496f6bSchristos
SSL_get_SSL_CTX(const SSL * ssl)4106c9496f6bSchristos SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
4107c9496f6bSchristos {
4108*4724848cSchristos return ssl->ctx;
4109c9496f6bSchristos }
4110c9496f6bSchristos
SSL_set_SSL_CTX(SSL * ssl,SSL_CTX * ctx)4111c9496f6bSchristos SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
4112c9496f6bSchristos {
4113*4724848cSchristos CERT *new_cert;
4114c9496f6bSchristos if (ssl->ctx == ctx)
4115c9496f6bSchristos return ssl->ctx;
4116c9496f6bSchristos if (ctx == NULL)
4117*4724848cSchristos ctx = ssl->session_ctx;
4118*4724848cSchristos new_cert = ssl_cert_dup(ctx->cert);
4119*4724848cSchristos if (new_cert == NULL) {
4120*4724848cSchristos return NULL;
4121c9496f6bSchristos }
4122*4724848cSchristos
4123*4724848cSchristos if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) {
4124*4724848cSchristos ssl_cert_free(new_cert);
4125*4724848cSchristos return NULL;
4126c9496f6bSchristos }
4127c9496f6bSchristos
4128*4724848cSchristos ssl_cert_free(ssl->cert);
4129*4724848cSchristos ssl->cert = new_cert;
4130*4724848cSchristos
4131c9496f6bSchristos /*
4132c9496f6bSchristos * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
4133c9496f6bSchristos * so setter APIs must prevent invalid lengths from entering the system.
4134c9496f6bSchristos */
4135*4724848cSchristos if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)))
4136*4724848cSchristos return NULL;
4137c9496f6bSchristos
4138c9496f6bSchristos /*
4139c9496f6bSchristos * If the session ID context matches that of the parent SSL_CTX,
4140c9496f6bSchristos * inherit it from the new SSL_CTX as well. If however the context does
4141c9496f6bSchristos * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
4142c9496f6bSchristos * leave it unchanged.
4143c9496f6bSchristos */
4144c9496f6bSchristos if ((ssl->ctx != NULL) &&
4145c9496f6bSchristos (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
4146c9496f6bSchristos (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
4147c9496f6bSchristos ssl->sid_ctx_length = ctx->sid_ctx_length;
4148c9496f6bSchristos memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
4149c9496f6bSchristos }
4150c9496f6bSchristos
4151*4724848cSchristos SSL_CTX_up_ref(ctx);
4152c9496f6bSchristos SSL_CTX_free(ssl->ctx); /* decrement reference count */
4153c9496f6bSchristos ssl->ctx = ctx;
4154c9496f6bSchristos
4155*4724848cSchristos return ssl->ctx;
4156c9496f6bSchristos }
4157c9496f6bSchristos
SSL_CTX_set_default_verify_paths(SSL_CTX * ctx)4158c9496f6bSchristos int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
4159c9496f6bSchristos {
4160*4724848cSchristos return X509_STORE_set_default_paths(ctx->cert_store);
4161*4724848cSchristos }
4162*4724848cSchristos
SSL_CTX_set_default_verify_dir(SSL_CTX * ctx)4163*4724848cSchristos int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
4164*4724848cSchristos {
4165*4724848cSchristos X509_LOOKUP *lookup;
4166*4724848cSchristos
4167*4724848cSchristos lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
4168*4724848cSchristos if (lookup == NULL)
4169*4724848cSchristos return 0;
4170*4724848cSchristos X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
4171*4724848cSchristos
4172*4724848cSchristos /* Clear any errors if the default directory does not exist */
4173*4724848cSchristos ERR_clear_error();
4174*4724848cSchristos
4175*4724848cSchristos return 1;
4176*4724848cSchristos }
4177*4724848cSchristos
SSL_CTX_set_default_verify_file(SSL_CTX * ctx)4178*4724848cSchristos int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
4179*4724848cSchristos {
4180*4724848cSchristos X509_LOOKUP *lookup;
4181*4724848cSchristos
4182*4724848cSchristos lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
4183*4724848cSchristos if (lookup == NULL)
4184*4724848cSchristos return 0;
4185*4724848cSchristos
4186*4724848cSchristos X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
4187*4724848cSchristos
4188*4724848cSchristos /* Clear any errors if the default file does not exist */
4189*4724848cSchristos ERR_clear_error();
4190*4724848cSchristos
4191*4724848cSchristos return 1;
4192c9496f6bSchristos }
4193c9496f6bSchristos
SSL_CTX_load_verify_locations(SSL_CTX * ctx,const char * CAfile,const char * CApath)4194c9496f6bSchristos int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
4195c9496f6bSchristos const char *CApath)
4196c9496f6bSchristos {
4197*4724848cSchristos return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);
4198c9496f6bSchristos }
4199c9496f6bSchristos
SSL_set_info_callback(SSL * ssl,void (* cb)(const SSL * ssl,int type,int val))4200c9496f6bSchristos void SSL_set_info_callback(SSL *ssl,
4201c9496f6bSchristos void (*cb) (const SSL *ssl, int type, int val))
4202c9496f6bSchristos {
4203c9496f6bSchristos ssl->info_callback = cb;
4204c9496f6bSchristos }
4205c9496f6bSchristos
4206c9496f6bSchristos /*
4207c9496f6bSchristos * One compiler (Diab DCC) doesn't like argument names in returned function
4208c9496f6bSchristos * pointer.
4209c9496f6bSchristos */
SSL_get_info_callback(const SSL * ssl)4210c9496f6bSchristos void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
4211c9496f6bSchristos int /* type */ ,
4212c9496f6bSchristos int /* val */ ) {
4213c9496f6bSchristos return ssl->info_callback;
4214c9496f6bSchristos }
4215c9496f6bSchristos
SSL_set_verify_result(SSL * ssl,long arg)4216c9496f6bSchristos void SSL_set_verify_result(SSL *ssl, long arg)
4217c9496f6bSchristos {
4218c9496f6bSchristos ssl->verify_result = arg;
4219c9496f6bSchristos }
4220c9496f6bSchristos
SSL_get_verify_result(const SSL * ssl)4221c9496f6bSchristos long SSL_get_verify_result(const SSL *ssl)
4222c9496f6bSchristos {
4223*4724848cSchristos return ssl->verify_result;
4224c9496f6bSchristos }
4225c9496f6bSchristos
SSL_get_client_random(const SSL * ssl,unsigned char * out,size_t outlen)4226*4724848cSchristos size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
4227c9496f6bSchristos {
4228*4724848cSchristos if (outlen == 0)
4229*4724848cSchristos return sizeof(ssl->s3->client_random);
4230*4724848cSchristos if (outlen > sizeof(ssl->s3->client_random))
4231*4724848cSchristos outlen = sizeof(ssl->s3->client_random);
4232*4724848cSchristos memcpy(out, ssl->s3->client_random, outlen);
4233*4724848cSchristos return outlen;
4234c9496f6bSchristos }
4235c9496f6bSchristos
SSL_get_server_random(const SSL * ssl,unsigned char * out,size_t outlen)4236*4724848cSchristos size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
4237*4724848cSchristos {
4238*4724848cSchristos if (outlen == 0)
4239*4724848cSchristos return sizeof(ssl->s3->server_random);
4240*4724848cSchristos if (outlen > sizeof(ssl->s3->server_random))
4241*4724848cSchristos outlen = sizeof(ssl->s3->server_random);
4242*4724848cSchristos memcpy(out, ssl->s3->server_random, outlen);
4243*4724848cSchristos return outlen;
4244*4724848cSchristos }
4245*4724848cSchristos
SSL_SESSION_get_master_key(const SSL_SESSION * session,unsigned char * out,size_t outlen)4246*4724848cSchristos size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
4247*4724848cSchristos unsigned char *out, size_t outlen)
4248*4724848cSchristos {
4249*4724848cSchristos if (outlen == 0)
4250*4724848cSchristos return session->master_key_length;
4251*4724848cSchristos if (outlen > session->master_key_length)
4252*4724848cSchristos outlen = session->master_key_length;
4253*4724848cSchristos memcpy(out, session->master_key, outlen);
4254*4724848cSchristos return outlen;
4255*4724848cSchristos }
4256*4724848cSchristos
SSL_SESSION_set1_master_key(SSL_SESSION * sess,const unsigned char * in,size_t len)4257*4724848cSchristos int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
4258*4724848cSchristos size_t len)
4259*4724848cSchristos {
4260*4724848cSchristos if (len > sizeof(sess->master_key))
4261*4724848cSchristos return 0;
4262*4724848cSchristos
4263*4724848cSchristos memcpy(sess->master_key, in, len);
4264*4724848cSchristos sess->master_key_length = len;
4265*4724848cSchristos return 1;
4266*4724848cSchristos }
4267*4724848cSchristos
4268*4724848cSchristos
SSL_set_ex_data(SSL * s,int idx,void * arg)4269c9496f6bSchristos int SSL_set_ex_data(SSL *s, int idx, void *arg)
4270c9496f6bSchristos {
4271*4724848cSchristos return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
4272c9496f6bSchristos }
4273c9496f6bSchristos
SSL_get_ex_data(const SSL * s,int idx)4274c9496f6bSchristos void *SSL_get_ex_data(const SSL *s, int idx)
4275c9496f6bSchristos {
4276*4724848cSchristos return CRYPTO_get_ex_data(&s->ex_data, idx);
4277c9496f6bSchristos }
4278c9496f6bSchristos
SSL_CTX_set_ex_data(SSL_CTX * s,int idx,void * arg)4279c9496f6bSchristos int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
4280c9496f6bSchristos {
4281*4724848cSchristos return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
4282c9496f6bSchristos }
4283c9496f6bSchristos
SSL_CTX_get_ex_data(const SSL_CTX * s,int idx)4284c9496f6bSchristos void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
4285c9496f6bSchristos {
4286*4724848cSchristos return CRYPTO_get_ex_data(&s->ex_data, idx);
4287c9496f6bSchristos }
4288c9496f6bSchristos
SSL_CTX_get_cert_store(const SSL_CTX * ctx)4289c9496f6bSchristos X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
4290c9496f6bSchristos {
4291*4724848cSchristos return ctx->cert_store;
4292c9496f6bSchristos }
4293c9496f6bSchristos
SSL_CTX_set_cert_store(SSL_CTX * ctx,X509_STORE * store)4294c9496f6bSchristos void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
4295c9496f6bSchristos {
4296c9496f6bSchristos X509_STORE_free(ctx->cert_store);
4297c9496f6bSchristos ctx->cert_store = store;
4298c9496f6bSchristos }
4299c9496f6bSchristos
SSL_CTX_set1_cert_store(SSL_CTX * ctx,X509_STORE * store)4300*4724848cSchristos void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
4301*4724848cSchristos {
4302*4724848cSchristos if (store != NULL)
4303*4724848cSchristos X509_STORE_up_ref(store);
4304*4724848cSchristos SSL_CTX_set_cert_store(ctx, store);
4305*4724848cSchristos }
4306*4724848cSchristos
SSL_want(const SSL * s)4307c9496f6bSchristos int SSL_want(const SSL *s)
4308c9496f6bSchristos {
4309*4724848cSchristos return s->rwstate;
4310c9496f6bSchristos }
4311c9496f6bSchristos
4312c9496f6bSchristos /**
4313c9496f6bSchristos * \brief Set the callback for generating temporary DH keys.
4314c9496f6bSchristos * \param ctx the SSL context.
4315c9496f6bSchristos * \param dh the callback
4316c9496f6bSchristos */
4317c9496f6bSchristos
4318c9496f6bSchristos #ifndef OPENSSL_NO_DH
SSL_CTX_set_tmp_dh_callback(SSL_CTX * ctx,DH * (* dh)(SSL * ssl,int is_export,int keylength))4319c9496f6bSchristos void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
4320c9496f6bSchristos DH *(*dh) (SSL *ssl, int is_export,
4321c9496f6bSchristos int keylength))
4322c9496f6bSchristos {
4323c9496f6bSchristos SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
4324c9496f6bSchristos }
4325c9496f6bSchristos
SSL_set_tmp_dh_callback(SSL * ssl,DH * (* dh)(SSL * ssl,int is_export,int keylength))4326c9496f6bSchristos void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
4327c9496f6bSchristos int keylength))
4328c9496f6bSchristos {
4329c9496f6bSchristos SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
4330c9496f6bSchristos }
4331c9496f6bSchristos #endif
4332c9496f6bSchristos
4333c9496f6bSchristos #ifndef OPENSSL_NO_PSK
SSL_CTX_use_psk_identity_hint(SSL_CTX * ctx,const char * identity_hint)4334c9496f6bSchristos int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
4335c9496f6bSchristos {
4336c9496f6bSchristos if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
4337*4724848cSchristos SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
4338c9496f6bSchristos return 0;
4339c9496f6bSchristos }
4340*4724848cSchristos OPENSSL_free(ctx->cert->psk_identity_hint);
4341c9496f6bSchristos if (identity_hint != NULL) {
4342*4724848cSchristos ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
4343*4724848cSchristos if (ctx->cert->psk_identity_hint == NULL)
4344c9496f6bSchristos return 0;
4345c9496f6bSchristos } else
4346*4724848cSchristos ctx->cert->psk_identity_hint = NULL;
4347c9496f6bSchristos return 1;
4348c9496f6bSchristos }
4349c9496f6bSchristos
SSL_use_psk_identity_hint(SSL * s,const char * identity_hint)4350c9496f6bSchristos int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
4351c9496f6bSchristos {
4352c9496f6bSchristos if (s == NULL)
4353c9496f6bSchristos return 0;
4354c9496f6bSchristos
4355c9496f6bSchristos if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
4356c9496f6bSchristos SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
4357c9496f6bSchristos return 0;
4358c9496f6bSchristos }
4359*4724848cSchristos OPENSSL_free(s->cert->psk_identity_hint);
4360c9496f6bSchristos if (identity_hint != NULL) {
4361*4724848cSchristos s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
4362*4724848cSchristos if (s->cert->psk_identity_hint == NULL)
4363c9496f6bSchristos return 0;
4364c9496f6bSchristos } else
4365*4724848cSchristos s->cert->psk_identity_hint = NULL;
4366c9496f6bSchristos return 1;
4367c9496f6bSchristos }
4368c9496f6bSchristos
SSL_get_psk_identity_hint(const SSL * s)4369c9496f6bSchristos const char *SSL_get_psk_identity_hint(const SSL *s)
4370c9496f6bSchristos {
4371c9496f6bSchristos if (s == NULL || s->session == NULL)
4372c9496f6bSchristos return NULL;
4373*4724848cSchristos return s->session->psk_identity_hint;
4374c9496f6bSchristos }
4375c9496f6bSchristos
SSL_get_psk_identity(const SSL * s)4376c9496f6bSchristos const char *SSL_get_psk_identity(const SSL *s)
4377c9496f6bSchristos {
4378c9496f6bSchristos if (s == NULL || s->session == NULL)
4379c9496f6bSchristos return NULL;
4380*4724848cSchristos return s->session->psk_identity;
4381c9496f6bSchristos }
4382c9496f6bSchristos
SSL_set_psk_client_callback(SSL * s,SSL_psk_client_cb_func cb)4383*4724848cSchristos void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
4384c9496f6bSchristos {
4385c9496f6bSchristos s->psk_client_callback = cb;
4386c9496f6bSchristos }
4387c9496f6bSchristos
SSL_CTX_set_psk_client_callback(SSL_CTX * ctx,SSL_psk_client_cb_func cb)4388*4724848cSchristos void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
4389c9496f6bSchristos {
4390c9496f6bSchristos ctx->psk_client_callback = cb;
4391c9496f6bSchristos }
4392c9496f6bSchristos
SSL_set_psk_server_callback(SSL * s,SSL_psk_server_cb_func cb)4393*4724848cSchristos void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
4394c9496f6bSchristos {
4395c9496f6bSchristos s->psk_server_callback = cb;
4396c9496f6bSchristos }
4397c9496f6bSchristos
SSL_CTX_set_psk_server_callback(SSL_CTX * ctx,SSL_psk_server_cb_func cb)4398*4724848cSchristos void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
4399c9496f6bSchristos {
4400c9496f6bSchristos ctx->psk_server_callback = cb;
4401c9496f6bSchristos }
4402c9496f6bSchristos #endif
4403c9496f6bSchristos
SSL_set_psk_find_session_callback(SSL * s,SSL_psk_find_session_cb_func cb)4404*4724848cSchristos void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
4405*4724848cSchristos {
4406*4724848cSchristos s->psk_find_session_cb = cb;
4407*4724848cSchristos }
4408*4724848cSchristos
SSL_CTX_set_psk_find_session_callback(SSL_CTX * ctx,SSL_psk_find_session_cb_func cb)4409*4724848cSchristos void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
4410*4724848cSchristos SSL_psk_find_session_cb_func cb)
4411*4724848cSchristos {
4412*4724848cSchristos ctx->psk_find_session_cb = cb;
4413*4724848cSchristos }
4414*4724848cSchristos
SSL_set_psk_use_session_callback(SSL * s,SSL_psk_use_session_cb_func cb)4415*4724848cSchristos void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
4416*4724848cSchristos {
4417*4724848cSchristos s->psk_use_session_cb = cb;
4418*4724848cSchristos }
4419*4724848cSchristos
SSL_CTX_set_psk_use_session_callback(SSL_CTX * ctx,SSL_psk_use_session_cb_func cb)4420*4724848cSchristos void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
4421*4724848cSchristos SSL_psk_use_session_cb_func cb)
4422*4724848cSchristos {
4423*4724848cSchristos ctx->psk_use_session_cb = cb;
4424*4724848cSchristos }
4425*4724848cSchristos
SSL_CTX_set_msg_callback(SSL_CTX * ctx,void (* cb)(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg))4426c9496f6bSchristos void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
4427c9496f6bSchristos void (*cb) (int write_p, int version,
4428c9496f6bSchristos int content_type, const void *buf,
4429c9496f6bSchristos size_t len, SSL *ssl, void *arg))
4430c9496f6bSchristos {
4431c9496f6bSchristos SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
4432c9496f6bSchristos }
4433c9496f6bSchristos
SSL_set_msg_callback(SSL * ssl,void (* cb)(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg))4434c9496f6bSchristos void SSL_set_msg_callback(SSL *ssl,
4435c9496f6bSchristos void (*cb) (int write_p, int version,
4436c9496f6bSchristos int content_type, const void *buf,
4437c9496f6bSchristos size_t len, SSL *ssl, void *arg))
4438c9496f6bSchristos {
4439c9496f6bSchristos SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
4440c9496f6bSchristos }
4441c9496f6bSchristos
SSL_CTX_set_not_resumable_session_callback(SSL_CTX * ctx,int (* cb)(SSL * ssl,int is_forward_secure))4442*4724848cSchristos void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
4443*4724848cSchristos int (*cb) (SSL *ssl,
4444*4724848cSchristos int
4445*4724848cSchristos is_forward_secure))
4446*4724848cSchristos {
4447*4724848cSchristos SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
4448*4724848cSchristos (void (*)(void))cb);
4449*4724848cSchristos }
4450*4724848cSchristos
SSL_set_not_resumable_session_callback(SSL * ssl,int (* cb)(SSL * ssl,int is_forward_secure))4451*4724848cSchristos void SSL_set_not_resumable_session_callback(SSL *ssl,
4452*4724848cSchristos int (*cb) (SSL *ssl,
4453*4724848cSchristos int is_forward_secure))
4454*4724848cSchristos {
4455*4724848cSchristos SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
4456*4724848cSchristos (void (*)(void))cb);
4457*4724848cSchristos }
4458*4724848cSchristos
SSL_CTX_set_record_padding_callback(SSL_CTX * ctx,size_t (* cb)(SSL * ssl,int type,size_t len,void * arg))4459*4724848cSchristos void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
4460*4724848cSchristos size_t (*cb) (SSL *ssl, int type,
4461*4724848cSchristos size_t len, void *arg))
4462*4724848cSchristos {
4463*4724848cSchristos ctx->record_padding_cb = cb;
4464*4724848cSchristos }
4465*4724848cSchristos
SSL_CTX_set_record_padding_callback_arg(SSL_CTX * ctx,void * arg)4466*4724848cSchristos void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
4467*4724848cSchristos {
4468*4724848cSchristos ctx->record_padding_arg = arg;
4469*4724848cSchristos }
4470*4724848cSchristos
SSL_CTX_get_record_padding_callback_arg(const SSL_CTX * ctx)4471*4724848cSchristos void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx)
4472*4724848cSchristos {
4473*4724848cSchristos return ctx->record_padding_arg;
4474*4724848cSchristos }
4475*4724848cSchristos
SSL_CTX_set_block_padding(SSL_CTX * ctx,size_t block_size)4476*4724848cSchristos int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
4477*4724848cSchristos {
4478*4724848cSchristos /* block size of 0 or 1 is basically no padding */
4479*4724848cSchristos if (block_size == 1)
4480*4724848cSchristos ctx->block_padding = 0;
4481*4724848cSchristos else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
4482*4724848cSchristos ctx->block_padding = block_size;
4483*4724848cSchristos else
4484*4724848cSchristos return 0;
4485*4724848cSchristos return 1;
4486*4724848cSchristos }
4487*4724848cSchristos
SSL_set_record_padding_callback(SSL * ssl,size_t (* cb)(SSL * ssl,int type,size_t len,void * arg))4488*4724848cSchristos void SSL_set_record_padding_callback(SSL *ssl,
4489*4724848cSchristos size_t (*cb) (SSL *ssl, int type,
4490*4724848cSchristos size_t len, void *arg))
4491*4724848cSchristos {
4492*4724848cSchristos ssl->record_padding_cb = cb;
4493*4724848cSchristos }
4494*4724848cSchristos
SSL_set_record_padding_callback_arg(SSL * ssl,void * arg)4495*4724848cSchristos void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
4496*4724848cSchristos {
4497*4724848cSchristos ssl->record_padding_arg = arg;
4498*4724848cSchristos }
4499*4724848cSchristos
SSL_get_record_padding_callback_arg(const SSL * ssl)4500*4724848cSchristos void *SSL_get_record_padding_callback_arg(const SSL *ssl)
4501*4724848cSchristos {
4502*4724848cSchristos return ssl->record_padding_arg;
4503*4724848cSchristos }
4504*4724848cSchristos
SSL_set_block_padding(SSL * ssl,size_t block_size)4505*4724848cSchristos int SSL_set_block_padding(SSL *ssl, size_t block_size)
4506*4724848cSchristos {
4507*4724848cSchristos /* block size of 0 or 1 is basically no padding */
4508*4724848cSchristos if (block_size == 1)
4509*4724848cSchristos ssl->block_padding = 0;
4510*4724848cSchristos else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
4511*4724848cSchristos ssl->block_padding = block_size;
4512*4724848cSchristos else
4513*4724848cSchristos return 0;
4514*4724848cSchristos return 1;
4515*4724848cSchristos }
4516*4724848cSchristos
SSL_set_num_tickets(SSL * s,size_t num_tickets)4517*4724848cSchristos int SSL_set_num_tickets(SSL *s, size_t num_tickets)
4518*4724848cSchristos {
4519*4724848cSchristos s->num_tickets = num_tickets;
4520*4724848cSchristos
4521*4724848cSchristos return 1;
4522*4724848cSchristos }
4523*4724848cSchristos
SSL_get_num_tickets(const SSL * s)4524*4724848cSchristos size_t SSL_get_num_tickets(const SSL *s)
4525*4724848cSchristos {
4526*4724848cSchristos return s->num_tickets;
4527*4724848cSchristos }
4528*4724848cSchristos
SSL_CTX_set_num_tickets(SSL_CTX * ctx,size_t num_tickets)4529*4724848cSchristos int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
4530*4724848cSchristos {
4531*4724848cSchristos ctx->num_tickets = num_tickets;
4532*4724848cSchristos
4533*4724848cSchristos return 1;
4534*4724848cSchristos }
4535*4724848cSchristos
SSL_CTX_get_num_tickets(const SSL_CTX * ctx)4536*4724848cSchristos size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
4537*4724848cSchristos {
4538*4724848cSchristos return ctx->num_tickets;
4539*4724848cSchristos }
4540*4724848cSchristos
4541c9496f6bSchristos /*
4542c9496f6bSchristos * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
4543*4724848cSchristos * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
4544*4724848cSchristos * If EVP_MD pointer is passed, initializes ctx with this |md|.
4545*4724848cSchristos * Returns the newly allocated ctx;
4546c9496f6bSchristos */
4547c9496f6bSchristos
ssl_replace_hash(EVP_MD_CTX ** hash,const EVP_MD * md)4548c9496f6bSchristos EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
4549c9496f6bSchristos {
4550c9496f6bSchristos ssl_clear_hash_ctx(hash);
4551*4724848cSchristos *hash = EVP_MD_CTX_new();
4552c9496f6bSchristos if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
4553*4724848cSchristos EVP_MD_CTX_free(*hash);
4554c9496f6bSchristos *hash = NULL;
4555c9496f6bSchristos return NULL;
4556c9496f6bSchristos }
4557c9496f6bSchristos return *hash;
4558c9496f6bSchristos }
4559c9496f6bSchristos
ssl_clear_hash_ctx(EVP_MD_CTX ** hash)4560c9496f6bSchristos void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
4561c9496f6bSchristos {
4562c9496f6bSchristos
4563*4724848cSchristos EVP_MD_CTX_free(*hash);
4564c9496f6bSchristos *hash = NULL;
4565c9496f6bSchristos }
4566c9496f6bSchristos
4567*4724848cSchristos /* Retrieve handshake hashes */
ssl_handshake_hash(SSL * s,unsigned char * out,size_t outlen,size_t * hashlen)4568*4724848cSchristos int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
4569*4724848cSchristos size_t *hashlen)
4570c9496f6bSchristos {
4571*4724848cSchristos EVP_MD_CTX *ctx = NULL;
4572*4724848cSchristos EVP_MD_CTX *hdgst = s->s3->handshake_dgst;
4573*4724848cSchristos int hashleni = EVP_MD_CTX_size(hdgst);
4574*4724848cSchristos int ret = 0;
4575*4724848cSchristos
4576*4724848cSchristos if (hashleni < 0 || (size_t)hashleni > outlen) {
4577*4724848cSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
4578*4724848cSchristos ERR_R_INTERNAL_ERROR);
4579*4724848cSchristos goto err;
4580c9496f6bSchristos }
4581c9496f6bSchristos
4582*4724848cSchristos ctx = EVP_MD_CTX_new();
4583*4724848cSchristos if (ctx == NULL) {
4584*4724848cSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
4585*4724848cSchristos ERR_R_INTERNAL_ERROR);
4586*4724848cSchristos goto err;
4587*4724848cSchristos }
4588*4724848cSchristos
4589*4724848cSchristos if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
4590*4724848cSchristos || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
4591*4724848cSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
4592*4724848cSchristos ERR_R_INTERNAL_ERROR);
4593*4724848cSchristos goto err;
4594*4724848cSchristos }
4595*4724848cSchristos
4596*4724848cSchristos *hashlen = hashleni;
4597*4724848cSchristos
4598*4724848cSchristos ret = 1;
4599*4724848cSchristos err:
4600*4724848cSchristos EVP_MD_CTX_free(ctx);
4601*4724848cSchristos return ret;
4602*4724848cSchristos }
4603*4724848cSchristos
SSL_session_reused(const SSL * s)4604*4724848cSchristos int SSL_session_reused(const SSL *s)
4605c9496f6bSchristos {
4606c9496f6bSchristos return s->hit;
4607c9496f6bSchristos }
4608c9496f6bSchristos
SSL_is_server(const SSL * s)4609*4724848cSchristos int SSL_is_server(const SSL *s)
4610c9496f6bSchristos {
4611c9496f6bSchristos return s->server;
4612c9496f6bSchristos }
4613c9496f6bSchristos
4614*4724848cSchristos #if OPENSSL_API_COMPAT < 0x10100000L
SSL_set_debug(SSL * s,int debug)4615*4724848cSchristos void SSL_set_debug(SSL *s, int debug)
4616*4724848cSchristos {
4617*4724848cSchristos /* Old function was do-nothing anyway... */
4618*4724848cSchristos (void)s;
4619*4724848cSchristos (void)debug;
4620*4724848cSchristos }
4621c9496f6bSchristos #endif
4622c9496f6bSchristos
SSL_set_security_level(SSL * s,int level)4623*4724848cSchristos void SSL_set_security_level(SSL *s, int level)
4624*4724848cSchristos {
4625*4724848cSchristos s->cert->sec_level = level;
4626*4724848cSchristos }
4627*4724848cSchristos
SSL_get_security_level(const SSL * s)4628*4724848cSchristos int SSL_get_security_level(const SSL *s)
4629*4724848cSchristos {
4630*4724848cSchristos return s->cert->sec_level;
4631*4724848cSchristos }
4632*4724848cSchristos
SSL_set_security_callback(SSL * s,int (* cb)(const SSL * s,const SSL_CTX * ctx,int op,int bits,int nid,void * other,void * ex))4633*4724848cSchristos void SSL_set_security_callback(SSL *s,
4634*4724848cSchristos int (*cb) (const SSL *s, const SSL_CTX *ctx,
4635*4724848cSchristos int op, int bits, int nid,
4636*4724848cSchristos void *other, void *ex))
4637*4724848cSchristos {
4638*4724848cSchristos s->cert->sec_cb = cb;
4639*4724848cSchristos }
4640*4724848cSchristos
SSL_get_security_callback(const SSL * s)4641*4724848cSchristos int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
4642*4724848cSchristos const SSL_CTX *ctx, int op,
4643*4724848cSchristos int bits, int nid, void *other,
4644*4724848cSchristos void *ex) {
4645*4724848cSchristos return s->cert->sec_cb;
4646*4724848cSchristos }
4647*4724848cSchristos
SSL_set0_security_ex_data(SSL * s,void * ex)4648*4724848cSchristos void SSL_set0_security_ex_data(SSL *s, void *ex)
4649*4724848cSchristos {
4650*4724848cSchristos s->cert->sec_ex = ex;
4651*4724848cSchristos }
4652*4724848cSchristos
SSL_get0_security_ex_data(const SSL * s)4653*4724848cSchristos void *SSL_get0_security_ex_data(const SSL *s)
4654*4724848cSchristos {
4655*4724848cSchristos return s->cert->sec_ex;
4656*4724848cSchristos }
4657*4724848cSchristos
SSL_CTX_set_security_level(SSL_CTX * ctx,int level)4658*4724848cSchristos void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
4659*4724848cSchristos {
4660*4724848cSchristos ctx->cert->sec_level = level;
4661*4724848cSchristos }
4662*4724848cSchristos
SSL_CTX_get_security_level(const SSL_CTX * ctx)4663*4724848cSchristos int SSL_CTX_get_security_level(const SSL_CTX *ctx)
4664*4724848cSchristos {
4665*4724848cSchristos return ctx->cert->sec_level;
4666*4724848cSchristos }
4667*4724848cSchristos
SSL_CTX_set_security_callback(SSL_CTX * ctx,int (* cb)(const SSL * s,const SSL_CTX * ctx,int op,int bits,int nid,void * other,void * ex))4668*4724848cSchristos void SSL_CTX_set_security_callback(SSL_CTX *ctx,
4669*4724848cSchristos int (*cb) (const SSL *s, const SSL_CTX *ctx,
4670*4724848cSchristos int op, int bits, int nid,
4671*4724848cSchristos void *other, void *ex))
4672*4724848cSchristos {
4673*4724848cSchristos ctx->cert->sec_cb = cb;
4674*4724848cSchristos }
4675*4724848cSchristos
SSL_CTX_get_security_callback(const SSL_CTX * ctx)4676*4724848cSchristos int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
4677*4724848cSchristos const SSL_CTX *ctx,
4678*4724848cSchristos int op, int bits,
4679*4724848cSchristos int nid,
4680*4724848cSchristos void *other,
4681*4724848cSchristos void *ex) {
4682*4724848cSchristos return ctx->cert->sec_cb;
4683*4724848cSchristos }
4684*4724848cSchristos
SSL_CTX_set0_security_ex_data(SSL_CTX * ctx,void * ex)4685*4724848cSchristos void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
4686*4724848cSchristos {
4687*4724848cSchristos ctx->cert->sec_ex = ex;
4688*4724848cSchristos }
4689*4724848cSchristos
SSL_CTX_get0_security_ex_data(const SSL_CTX * ctx)4690*4724848cSchristos void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
4691*4724848cSchristos {
4692*4724848cSchristos return ctx->cert->sec_ex;
4693*4724848cSchristos }
4694*4724848cSchristos
4695*4724848cSchristos /*
4696*4724848cSchristos * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
4697*4724848cSchristos * can return unsigned long, instead of the generic long return value from the
4698*4724848cSchristos * control interface.
4699*4724848cSchristos */
SSL_CTX_get_options(const SSL_CTX * ctx)4700*4724848cSchristos unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
4701*4724848cSchristos {
4702*4724848cSchristos return ctx->options;
4703*4724848cSchristos }
4704*4724848cSchristos
SSL_get_options(const SSL * s)4705*4724848cSchristos unsigned long SSL_get_options(const SSL *s)
4706*4724848cSchristos {
4707*4724848cSchristos return s->options;
4708*4724848cSchristos }
4709*4724848cSchristos
SSL_CTX_set_options(SSL_CTX * ctx,unsigned long op)4710*4724848cSchristos unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
4711*4724848cSchristos {
4712*4724848cSchristos return ctx->options |= op;
4713*4724848cSchristos }
4714*4724848cSchristos
SSL_set_options(SSL * s,unsigned long op)4715*4724848cSchristos unsigned long SSL_set_options(SSL *s, unsigned long op)
4716*4724848cSchristos {
4717*4724848cSchristos return s->options |= op;
4718*4724848cSchristos }
4719*4724848cSchristos
SSL_CTX_clear_options(SSL_CTX * ctx,unsigned long op)4720*4724848cSchristos unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
4721*4724848cSchristos {
4722*4724848cSchristos return ctx->options &= ~op;
4723*4724848cSchristos }
4724*4724848cSchristos
SSL_clear_options(SSL * s,unsigned long op)4725*4724848cSchristos unsigned long SSL_clear_options(SSL *s, unsigned long op)
4726*4724848cSchristos {
4727*4724848cSchristos return s->options &= ~op;
4728*4724848cSchristos }
4729*4724848cSchristos
STACK_OF(X509)4730*4724848cSchristos STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
4731*4724848cSchristos {
4732*4724848cSchristos return s->verified_chain;
4733*4724848cSchristos }
4734*4724848cSchristos
4735c9496f6bSchristos IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
4736*4724848cSchristos
4737*4724848cSchristos #ifndef OPENSSL_NO_CT
4738*4724848cSchristos
4739*4724848cSchristos /*
4740*4724848cSchristos * Moves SCTs from the |src| stack to the |dst| stack.
4741*4724848cSchristos * The source of each SCT will be set to |origin|.
4742*4724848cSchristos * If |dst| points to a NULL pointer, a new stack will be created and owned by
4743*4724848cSchristos * the caller.
4744*4724848cSchristos * Returns the number of SCTs moved, or a negative integer if an error occurs.
4745*4724848cSchristos */
ct_move_scts(STACK_OF (SCT)** dst,STACK_OF (SCT)* src,sct_source_t origin)4746*4724848cSchristos static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
4747*4724848cSchristos sct_source_t origin)
4748*4724848cSchristos {
4749*4724848cSchristos int scts_moved = 0;
4750*4724848cSchristos SCT *sct = NULL;
4751*4724848cSchristos
4752*4724848cSchristos if (*dst == NULL) {
4753*4724848cSchristos *dst = sk_SCT_new_null();
4754*4724848cSchristos if (*dst == NULL) {
4755*4724848cSchristos SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE);
4756*4724848cSchristos goto err;
4757*4724848cSchristos }
4758*4724848cSchristos }
4759*4724848cSchristos
4760*4724848cSchristos while ((sct = sk_SCT_pop(src)) != NULL) {
4761*4724848cSchristos if (SCT_set_source(sct, origin) != 1)
4762*4724848cSchristos goto err;
4763*4724848cSchristos
4764*4724848cSchristos if (sk_SCT_push(*dst, sct) <= 0)
4765*4724848cSchristos goto err;
4766*4724848cSchristos scts_moved += 1;
4767*4724848cSchristos }
4768*4724848cSchristos
4769*4724848cSchristos return scts_moved;
4770*4724848cSchristos err:
4771*4724848cSchristos if (sct != NULL)
4772*4724848cSchristos sk_SCT_push(src, sct); /* Put the SCT back */
4773*4724848cSchristos return -1;
4774*4724848cSchristos }
4775*4724848cSchristos
4776*4724848cSchristos /*
4777*4724848cSchristos * Look for data collected during ServerHello and parse if found.
4778*4724848cSchristos * Returns the number of SCTs extracted.
4779*4724848cSchristos */
ct_extract_tls_extension_scts(SSL * s)4780*4724848cSchristos static int ct_extract_tls_extension_scts(SSL *s)
4781*4724848cSchristos {
4782*4724848cSchristos int scts_extracted = 0;
4783*4724848cSchristos
4784*4724848cSchristos if (s->ext.scts != NULL) {
4785*4724848cSchristos const unsigned char *p = s->ext.scts;
4786*4724848cSchristos STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
4787*4724848cSchristos
4788*4724848cSchristos scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
4789*4724848cSchristos
4790*4724848cSchristos SCT_LIST_free(scts);
4791*4724848cSchristos }
4792*4724848cSchristos
4793*4724848cSchristos return scts_extracted;
4794*4724848cSchristos }
4795*4724848cSchristos
4796*4724848cSchristos /*
4797*4724848cSchristos * Checks for an OCSP response and then attempts to extract any SCTs found if it
4798*4724848cSchristos * contains an SCT X509 extension. They will be stored in |s->scts|.
4799*4724848cSchristos * Returns:
4800*4724848cSchristos * - The number of SCTs extracted, assuming an OCSP response exists.
4801*4724848cSchristos * - 0 if no OCSP response exists or it contains no SCTs.
4802*4724848cSchristos * - A negative integer if an error occurs.
4803*4724848cSchristos */
ct_extract_ocsp_response_scts(SSL * s)4804*4724848cSchristos static int ct_extract_ocsp_response_scts(SSL *s)
4805*4724848cSchristos {
4806*4724848cSchristos # ifndef OPENSSL_NO_OCSP
4807*4724848cSchristos int scts_extracted = 0;
4808*4724848cSchristos const unsigned char *p;
4809*4724848cSchristos OCSP_BASICRESP *br = NULL;
4810*4724848cSchristos OCSP_RESPONSE *rsp = NULL;
4811*4724848cSchristos STACK_OF(SCT) *scts = NULL;
4812*4724848cSchristos int i;
4813*4724848cSchristos
4814*4724848cSchristos if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
4815*4724848cSchristos goto err;
4816*4724848cSchristos
4817*4724848cSchristos p = s->ext.ocsp.resp;
4818*4724848cSchristos rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
4819*4724848cSchristos if (rsp == NULL)
4820*4724848cSchristos goto err;
4821*4724848cSchristos
4822*4724848cSchristos br = OCSP_response_get1_basic(rsp);
4823*4724848cSchristos if (br == NULL)
4824*4724848cSchristos goto err;
4825*4724848cSchristos
4826*4724848cSchristos for (i = 0; i < OCSP_resp_count(br); ++i) {
4827*4724848cSchristos OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
4828*4724848cSchristos
4829*4724848cSchristos if (single == NULL)
4830*4724848cSchristos continue;
4831*4724848cSchristos
4832*4724848cSchristos scts =
4833*4724848cSchristos OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
4834*4724848cSchristos scts_extracted =
4835*4724848cSchristos ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
4836*4724848cSchristos if (scts_extracted < 0)
4837*4724848cSchristos goto err;
4838*4724848cSchristos }
4839*4724848cSchristos err:
4840*4724848cSchristos SCT_LIST_free(scts);
4841*4724848cSchristos OCSP_BASICRESP_free(br);
4842*4724848cSchristos OCSP_RESPONSE_free(rsp);
4843*4724848cSchristos return scts_extracted;
4844*4724848cSchristos # else
4845*4724848cSchristos /* Behave as if no OCSP response exists */
4846*4724848cSchristos return 0;
4847*4724848cSchristos # endif
4848*4724848cSchristos }
4849*4724848cSchristos
4850*4724848cSchristos /*
4851*4724848cSchristos * Attempts to extract SCTs from the peer certificate.
4852*4724848cSchristos * Return the number of SCTs extracted, or a negative integer if an error
4853*4724848cSchristos * occurs.
4854*4724848cSchristos */
ct_extract_x509v3_extension_scts(SSL * s)4855*4724848cSchristos static int ct_extract_x509v3_extension_scts(SSL *s)
4856*4724848cSchristos {
4857*4724848cSchristos int scts_extracted = 0;
4858*4724848cSchristos X509 *cert = s->session != NULL ? s->session->peer : NULL;
4859*4724848cSchristos
4860*4724848cSchristos if (cert != NULL) {
4861*4724848cSchristos STACK_OF(SCT) *scts =
4862*4724848cSchristos X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
4863*4724848cSchristos
4864*4724848cSchristos scts_extracted =
4865*4724848cSchristos ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
4866*4724848cSchristos
4867*4724848cSchristos SCT_LIST_free(scts);
4868*4724848cSchristos }
4869*4724848cSchristos
4870*4724848cSchristos return scts_extracted;
4871*4724848cSchristos }
4872*4724848cSchristos
4873*4724848cSchristos /*
4874*4724848cSchristos * Attempts to find all received SCTs by checking TLS extensions, the OCSP
4875*4724848cSchristos * response (if it exists) and X509v3 extensions in the certificate.
4876*4724848cSchristos * Returns NULL if an error occurs.
4877*4724848cSchristos */
STACK_OF(SCT)4878*4724848cSchristos const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
4879*4724848cSchristos {
4880*4724848cSchristos if (!s->scts_parsed) {
4881*4724848cSchristos if (ct_extract_tls_extension_scts(s) < 0 ||
4882*4724848cSchristos ct_extract_ocsp_response_scts(s) < 0 ||
4883*4724848cSchristos ct_extract_x509v3_extension_scts(s) < 0)
4884*4724848cSchristos goto err;
4885*4724848cSchristos
4886*4724848cSchristos s->scts_parsed = 1;
4887*4724848cSchristos }
4888*4724848cSchristos return s->scts;
4889*4724848cSchristos err:
4890*4724848cSchristos return NULL;
4891*4724848cSchristos }
4892*4724848cSchristos
ct_permissive(const CT_POLICY_EVAL_CTX * ctx,const STACK_OF (SCT)* scts,void * unused_arg)4893*4724848cSchristos static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
4894*4724848cSchristos const STACK_OF(SCT) *scts, void *unused_arg)
4895*4724848cSchristos {
4896*4724848cSchristos return 1;
4897*4724848cSchristos }
4898*4724848cSchristos
ct_strict(const CT_POLICY_EVAL_CTX * ctx,const STACK_OF (SCT)* scts,void * unused_arg)4899*4724848cSchristos static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
4900*4724848cSchristos const STACK_OF(SCT) *scts, void *unused_arg)
4901*4724848cSchristos {
4902*4724848cSchristos int count = scts != NULL ? sk_SCT_num(scts) : 0;
4903*4724848cSchristos int i;
4904*4724848cSchristos
4905*4724848cSchristos for (i = 0; i < count; ++i) {
4906*4724848cSchristos SCT *sct = sk_SCT_value(scts, i);
4907*4724848cSchristos int status = SCT_get_validation_status(sct);
4908*4724848cSchristos
4909*4724848cSchristos if (status == SCT_VALIDATION_STATUS_VALID)
4910*4724848cSchristos return 1;
4911*4724848cSchristos }
4912*4724848cSchristos SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS);
4913*4724848cSchristos return 0;
4914*4724848cSchristos }
4915*4724848cSchristos
SSL_set_ct_validation_callback(SSL * s,ssl_ct_validation_cb callback,void * arg)4916*4724848cSchristos int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
4917*4724848cSchristos void *arg)
4918*4724848cSchristos {
4919*4724848cSchristos /*
4920*4724848cSchristos * Since code exists that uses the custom extension handler for CT, look
4921*4724848cSchristos * for this and throw an error if they have already registered to use CT.
4922*4724848cSchristos */
4923*4724848cSchristos if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
4924*4724848cSchristos TLSEXT_TYPE_signed_certificate_timestamp))
4925*4724848cSchristos {
4926*4724848cSchristos SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
4927*4724848cSchristos SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
4928*4724848cSchristos return 0;
4929*4724848cSchristos }
4930*4724848cSchristos
4931*4724848cSchristos if (callback != NULL) {
4932*4724848cSchristos /*
4933*4724848cSchristos * If we are validating CT, then we MUST accept SCTs served via OCSP
4934*4724848cSchristos */
4935*4724848cSchristos if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
4936*4724848cSchristos return 0;
4937*4724848cSchristos }
4938*4724848cSchristos
4939*4724848cSchristos s->ct_validation_callback = callback;
4940*4724848cSchristos s->ct_validation_callback_arg = arg;
4941*4724848cSchristos
4942*4724848cSchristos return 1;
4943*4724848cSchristos }
4944*4724848cSchristos
SSL_CTX_set_ct_validation_callback(SSL_CTX * ctx,ssl_ct_validation_cb callback,void * arg)4945*4724848cSchristos int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
4946*4724848cSchristos ssl_ct_validation_cb callback, void *arg)
4947*4724848cSchristos {
4948*4724848cSchristos /*
4949*4724848cSchristos * Since code exists that uses the custom extension handler for CT, look for
4950*4724848cSchristos * this and throw an error if they have already registered to use CT.
4951*4724848cSchristos */
4952*4724848cSchristos if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
4953*4724848cSchristos TLSEXT_TYPE_signed_certificate_timestamp))
4954*4724848cSchristos {
4955*4724848cSchristos SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
4956*4724848cSchristos SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
4957*4724848cSchristos return 0;
4958*4724848cSchristos }
4959*4724848cSchristos
4960*4724848cSchristos ctx->ct_validation_callback = callback;
4961*4724848cSchristos ctx->ct_validation_callback_arg = arg;
4962*4724848cSchristos return 1;
4963*4724848cSchristos }
4964*4724848cSchristos
SSL_ct_is_enabled(const SSL * s)4965*4724848cSchristos int SSL_ct_is_enabled(const SSL *s)
4966*4724848cSchristos {
4967*4724848cSchristos return s->ct_validation_callback != NULL;
4968*4724848cSchristos }
4969*4724848cSchristos
SSL_CTX_ct_is_enabled(const SSL_CTX * ctx)4970*4724848cSchristos int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
4971*4724848cSchristos {
4972*4724848cSchristos return ctx->ct_validation_callback != NULL;
4973*4724848cSchristos }
4974*4724848cSchristos
ssl_validate_ct(SSL * s)4975*4724848cSchristos int ssl_validate_ct(SSL *s)
4976*4724848cSchristos {
4977*4724848cSchristos int ret = 0;
4978*4724848cSchristos X509 *cert = s->session != NULL ? s->session->peer : NULL;
4979*4724848cSchristos X509 *issuer;
4980*4724848cSchristos SSL_DANE *dane = &s->dane;
4981*4724848cSchristos CT_POLICY_EVAL_CTX *ctx = NULL;
4982*4724848cSchristos const STACK_OF(SCT) *scts;
4983*4724848cSchristos
4984*4724848cSchristos /*
4985*4724848cSchristos * If no callback is set, the peer is anonymous, or its chain is invalid,
4986*4724848cSchristos * skip SCT validation - just return success. Applications that continue
4987*4724848cSchristos * handshakes without certificates, with unverified chains, or pinned leaf
4988*4724848cSchristos * certificates are outside the scope of the WebPKI and CT.
4989*4724848cSchristos *
4990*4724848cSchristos * The above exclusions notwithstanding the vast majority of peers will
4991*4724848cSchristos * have rather ordinary certificate chains validated by typical
4992*4724848cSchristos * applications that perform certificate verification and therefore will
4993*4724848cSchristos * process SCTs when enabled.
4994*4724848cSchristos */
4995*4724848cSchristos if (s->ct_validation_callback == NULL || cert == NULL ||
4996*4724848cSchristos s->verify_result != X509_V_OK ||
4997*4724848cSchristos s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
4998*4724848cSchristos return 1;
4999*4724848cSchristos
5000*4724848cSchristos /*
5001*4724848cSchristos * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
5002*4724848cSchristos * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2
5003*4724848cSchristos */
5004*4724848cSchristos if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
5005*4724848cSchristos switch (dane->mtlsa->usage) {
5006*4724848cSchristos case DANETLS_USAGE_DANE_TA:
5007*4724848cSchristos case DANETLS_USAGE_DANE_EE:
5008*4724848cSchristos return 1;
5009*4724848cSchristos }
5010*4724848cSchristos }
5011*4724848cSchristos
5012*4724848cSchristos ctx = CT_POLICY_EVAL_CTX_new();
5013*4724848cSchristos if (ctx == NULL) {
5014*4724848cSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT,
5015*4724848cSchristos ERR_R_MALLOC_FAILURE);
5016*4724848cSchristos goto end;
5017*4724848cSchristos }
5018*4724848cSchristos
5019*4724848cSchristos issuer = sk_X509_value(s->verified_chain, 1);
5020*4724848cSchristos CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
5021*4724848cSchristos CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
5022*4724848cSchristos CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
5023*4724848cSchristos CT_POLICY_EVAL_CTX_set_time(
5024*4724848cSchristos ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
5025*4724848cSchristos
5026*4724848cSchristos scts = SSL_get0_peer_scts(s);
5027*4724848cSchristos
5028*4724848cSchristos /*
5029*4724848cSchristos * This function returns success (> 0) only when all the SCTs are valid, 0
5030*4724848cSchristos * when some are invalid, and < 0 on various internal errors (out of
5031*4724848cSchristos * memory, etc.). Having some, or even all, invalid SCTs is not sufficient
5032*4724848cSchristos * reason to abort the handshake, that decision is up to the callback.
5033*4724848cSchristos * Therefore, we error out only in the unexpected case that the return
5034*4724848cSchristos * value is negative.
5035*4724848cSchristos *
5036*4724848cSchristos * XXX: One might well argue that the return value of this function is an
5037*4724848cSchristos * unfortunate design choice. Its job is only to determine the validation
5038*4724848cSchristos * status of each of the provided SCTs. So long as it correctly separates
5039*4724848cSchristos * the wheat from the chaff it should return success. Failure in this case
5040*4724848cSchristos * ought to correspond to an inability to carry out its duties.
5041*4724848cSchristos */
5042*4724848cSchristos if (SCT_LIST_validate(scts, ctx) < 0) {
5043*4724848cSchristos SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
5044*4724848cSchristos SSL_R_SCT_VERIFICATION_FAILED);
5045*4724848cSchristos goto end;
5046*4724848cSchristos }
5047*4724848cSchristos
5048*4724848cSchristos ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
5049*4724848cSchristos if (ret < 0)
5050*4724848cSchristos ret = 0; /* This function returns 0 on failure */
5051*4724848cSchristos if (!ret)
5052*4724848cSchristos SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
5053*4724848cSchristos SSL_R_CALLBACK_FAILED);
5054*4724848cSchristos
5055*4724848cSchristos end:
5056*4724848cSchristos CT_POLICY_EVAL_CTX_free(ctx);
5057*4724848cSchristos /*
5058*4724848cSchristos * With SSL_VERIFY_NONE the session may be cached and re-used despite a
5059*4724848cSchristos * failure return code here. Also the application may wish the complete
5060*4724848cSchristos * the handshake, and then disconnect cleanly at a higher layer, after
5061*4724848cSchristos * checking the verification status of the completed connection.
5062*4724848cSchristos *
5063*4724848cSchristos * We therefore force a certificate verification failure which will be
5064*4724848cSchristos * visible via SSL_get_verify_result() and cached as part of any resumed
5065*4724848cSchristos * session.
5066*4724848cSchristos *
5067*4724848cSchristos * Note: the permissive callback is for information gathering only, always
5068*4724848cSchristos * returns success, and does not affect verification status. Only the
5069*4724848cSchristos * strict callback or a custom application-specified callback can trigger
5070*4724848cSchristos * connection failure or record a verification error.
5071*4724848cSchristos */
5072*4724848cSchristos if (ret <= 0)
5073*4724848cSchristos s->verify_result = X509_V_ERR_NO_VALID_SCTS;
5074*4724848cSchristos return ret;
5075*4724848cSchristos }
5076*4724848cSchristos
SSL_CTX_enable_ct(SSL_CTX * ctx,int validation_mode)5077*4724848cSchristos int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
5078*4724848cSchristos {
5079*4724848cSchristos switch (validation_mode) {
5080*4724848cSchristos default:
5081*4724848cSchristos SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
5082*4724848cSchristos return 0;
5083*4724848cSchristos case SSL_CT_VALIDATION_PERMISSIVE:
5084*4724848cSchristos return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
5085*4724848cSchristos case SSL_CT_VALIDATION_STRICT:
5086*4724848cSchristos return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
5087*4724848cSchristos }
5088*4724848cSchristos }
5089*4724848cSchristos
SSL_enable_ct(SSL * s,int validation_mode)5090*4724848cSchristos int SSL_enable_ct(SSL *s, int validation_mode)
5091*4724848cSchristos {
5092*4724848cSchristos switch (validation_mode) {
5093*4724848cSchristos default:
5094*4724848cSchristos SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
5095*4724848cSchristos return 0;
5096*4724848cSchristos case SSL_CT_VALIDATION_PERMISSIVE:
5097*4724848cSchristos return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
5098*4724848cSchristos case SSL_CT_VALIDATION_STRICT:
5099*4724848cSchristos return SSL_set_ct_validation_callback(s, ct_strict, NULL);
5100*4724848cSchristos }
5101*4724848cSchristos }
5102*4724848cSchristos
SSL_CTX_set_default_ctlog_list_file(SSL_CTX * ctx)5103*4724848cSchristos int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
5104*4724848cSchristos {
5105*4724848cSchristos return CTLOG_STORE_load_default_file(ctx->ctlog_store);
5106*4724848cSchristos }
5107*4724848cSchristos
SSL_CTX_set_ctlog_list_file(SSL_CTX * ctx,const char * path)5108*4724848cSchristos int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
5109*4724848cSchristos {
5110*4724848cSchristos return CTLOG_STORE_load_file(ctx->ctlog_store, path);
5111*4724848cSchristos }
5112*4724848cSchristos
SSL_CTX_set0_ctlog_store(SSL_CTX * ctx,CTLOG_STORE * logs)5113*4724848cSchristos void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
5114*4724848cSchristos {
5115*4724848cSchristos CTLOG_STORE_free(ctx->ctlog_store);
5116*4724848cSchristos ctx->ctlog_store = logs;
5117*4724848cSchristos }
5118*4724848cSchristos
SSL_CTX_get0_ctlog_store(const SSL_CTX * ctx)5119*4724848cSchristos const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
5120*4724848cSchristos {
5121*4724848cSchristos return ctx->ctlog_store;
5122*4724848cSchristos }
5123*4724848cSchristos
5124*4724848cSchristos #endif /* OPENSSL_NO_CT */
5125*4724848cSchristos
SSL_CTX_set_client_hello_cb(SSL_CTX * c,SSL_client_hello_cb_fn cb,void * arg)5126*4724848cSchristos void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
5127*4724848cSchristos void *arg)
5128*4724848cSchristos {
5129*4724848cSchristos c->client_hello_cb = cb;
5130*4724848cSchristos c->client_hello_cb_arg = arg;
5131*4724848cSchristos }
5132*4724848cSchristos
SSL_client_hello_isv2(SSL * s)5133*4724848cSchristos int SSL_client_hello_isv2(SSL *s)
5134*4724848cSchristos {
5135*4724848cSchristos if (s->clienthello == NULL)
5136*4724848cSchristos return 0;
5137*4724848cSchristos return s->clienthello->isv2;
5138*4724848cSchristos }
5139*4724848cSchristos
SSL_client_hello_get0_legacy_version(SSL * s)5140*4724848cSchristos unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
5141*4724848cSchristos {
5142*4724848cSchristos if (s->clienthello == NULL)
5143*4724848cSchristos return 0;
5144*4724848cSchristos return s->clienthello->legacy_version;
5145*4724848cSchristos }
5146*4724848cSchristos
SSL_client_hello_get0_random(SSL * s,const unsigned char ** out)5147*4724848cSchristos size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
5148*4724848cSchristos {
5149*4724848cSchristos if (s->clienthello == NULL)
5150*4724848cSchristos return 0;
5151*4724848cSchristos if (out != NULL)
5152*4724848cSchristos *out = s->clienthello->random;
5153*4724848cSchristos return SSL3_RANDOM_SIZE;
5154*4724848cSchristos }
5155*4724848cSchristos
SSL_client_hello_get0_session_id(SSL * s,const unsigned char ** out)5156*4724848cSchristos size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
5157*4724848cSchristos {
5158*4724848cSchristos if (s->clienthello == NULL)
5159*4724848cSchristos return 0;
5160*4724848cSchristos if (out != NULL)
5161*4724848cSchristos *out = s->clienthello->session_id;
5162*4724848cSchristos return s->clienthello->session_id_len;
5163*4724848cSchristos }
5164*4724848cSchristos
SSL_client_hello_get0_ciphers(SSL * s,const unsigned char ** out)5165*4724848cSchristos size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
5166*4724848cSchristos {
5167*4724848cSchristos if (s->clienthello == NULL)
5168*4724848cSchristos return 0;
5169*4724848cSchristos if (out != NULL)
5170*4724848cSchristos *out = PACKET_data(&s->clienthello->ciphersuites);
5171*4724848cSchristos return PACKET_remaining(&s->clienthello->ciphersuites);
5172*4724848cSchristos }
5173*4724848cSchristos
SSL_client_hello_get0_compression_methods(SSL * s,const unsigned char ** out)5174*4724848cSchristos size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
5175*4724848cSchristos {
5176*4724848cSchristos if (s->clienthello == NULL)
5177*4724848cSchristos return 0;
5178*4724848cSchristos if (out != NULL)
5179*4724848cSchristos *out = s->clienthello->compressions;
5180*4724848cSchristos return s->clienthello->compressions_len;
5181*4724848cSchristos }
5182*4724848cSchristos
SSL_client_hello_get1_extensions_present(SSL * s,int ** out,size_t * outlen)5183*4724848cSchristos int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
5184*4724848cSchristos {
5185*4724848cSchristos RAW_EXTENSION *ext;
5186*4724848cSchristos int *present;
5187*4724848cSchristos size_t num = 0, i;
5188*4724848cSchristos
5189*4724848cSchristos if (s->clienthello == NULL || out == NULL || outlen == NULL)
5190*4724848cSchristos return 0;
5191*4724848cSchristos for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
5192*4724848cSchristos ext = s->clienthello->pre_proc_exts + i;
5193*4724848cSchristos if (ext->present)
5194*4724848cSchristos num++;
5195*4724848cSchristos }
5196*4724848cSchristos if (num == 0) {
5197*4724848cSchristos *out = NULL;
5198*4724848cSchristos *outlen = 0;
5199*4724848cSchristos return 1;
5200*4724848cSchristos }
5201*4724848cSchristos if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) {
5202*4724848cSchristos SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT,
5203*4724848cSchristos ERR_R_MALLOC_FAILURE);
5204*4724848cSchristos return 0;
5205*4724848cSchristos }
5206*4724848cSchristos for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
5207*4724848cSchristos ext = s->clienthello->pre_proc_exts + i;
5208*4724848cSchristos if (ext->present) {
5209*4724848cSchristos if (ext->received_order >= num)
5210*4724848cSchristos goto err;
5211*4724848cSchristos present[ext->received_order] = ext->type;
5212*4724848cSchristos }
5213*4724848cSchristos }
5214*4724848cSchristos *out = present;
5215*4724848cSchristos *outlen = num;
5216*4724848cSchristos return 1;
5217*4724848cSchristos err:
5218*4724848cSchristos OPENSSL_free(present);
5219*4724848cSchristos return 0;
5220*4724848cSchristos }
5221*4724848cSchristos
SSL_client_hello_get0_ext(SSL * s,unsigned int type,const unsigned char ** out,size_t * outlen)5222*4724848cSchristos int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
5223*4724848cSchristos size_t *outlen)
5224*4724848cSchristos {
5225*4724848cSchristos size_t i;
5226*4724848cSchristos RAW_EXTENSION *r;
5227*4724848cSchristos
5228*4724848cSchristos if (s->clienthello == NULL)
5229*4724848cSchristos return 0;
5230*4724848cSchristos for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) {
5231*4724848cSchristos r = s->clienthello->pre_proc_exts + i;
5232*4724848cSchristos if (r->present && r->type == type) {
5233*4724848cSchristos if (out != NULL)
5234*4724848cSchristos *out = PACKET_data(&r->data);
5235*4724848cSchristos if (outlen != NULL)
5236*4724848cSchristos *outlen = PACKET_remaining(&r->data);
5237*4724848cSchristos return 1;
5238*4724848cSchristos }
5239*4724848cSchristos }
5240*4724848cSchristos return 0;
5241*4724848cSchristos }
5242*4724848cSchristos
SSL_free_buffers(SSL * ssl)5243*4724848cSchristos int SSL_free_buffers(SSL *ssl)
5244*4724848cSchristos {
5245*4724848cSchristos RECORD_LAYER *rl = &ssl->rlayer;
5246*4724848cSchristos
5247*4724848cSchristos if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
5248*4724848cSchristos return 0;
5249*4724848cSchristos
5250*4724848cSchristos RECORD_LAYER_release(rl);
5251*4724848cSchristos return 1;
5252*4724848cSchristos }
5253*4724848cSchristos
SSL_alloc_buffers(SSL * ssl)5254*4724848cSchristos int SSL_alloc_buffers(SSL *ssl)
5255*4724848cSchristos {
5256*4724848cSchristos return ssl3_setup_buffers(ssl);
5257*4724848cSchristos }
5258*4724848cSchristos
SSL_CTX_set_keylog_callback(SSL_CTX * ctx,SSL_CTX_keylog_cb_func cb)5259*4724848cSchristos void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
5260*4724848cSchristos {
5261*4724848cSchristos ctx->keylog_callback = cb;
5262*4724848cSchristos }
5263*4724848cSchristos
SSL_CTX_get_keylog_callback(const SSL_CTX * ctx)5264*4724848cSchristos SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
5265*4724848cSchristos {
5266*4724848cSchristos return ctx->keylog_callback;
5267*4724848cSchristos }
5268*4724848cSchristos
nss_keylog_int(const char * prefix,SSL * ssl,const uint8_t * parameter_1,size_t parameter_1_len,const uint8_t * parameter_2,size_t parameter_2_len)5269*4724848cSchristos static int nss_keylog_int(const char *prefix,
5270*4724848cSchristos SSL *ssl,
5271*4724848cSchristos const uint8_t *parameter_1,
5272*4724848cSchristos size_t parameter_1_len,
5273*4724848cSchristos const uint8_t *parameter_2,
5274*4724848cSchristos size_t parameter_2_len)
5275*4724848cSchristos {
5276*4724848cSchristos char *out = NULL;
5277*4724848cSchristos char *cursor = NULL;
5278*4724848cSchristos size_t out_len = 0;
5279*4724848cSchristos size_t i;
5280*4724848cSchristos size_t prefix_len;
5281*4724848cSchristos
5282*4724848cSchristos if (ssl->ctx->keylog_callback == NULL)
5283*4724848cSchristos return 1;
5284*4724848cSchristos
5285*4724848cSchristos /*
5286*4724848cSchristos * Our output buffer will contain the following strings, rendered with
5287*4724848cSchristos * space characters in between, terminated by a NULL character: first the
5288*4724848cSchristos * prefix, then the first parameter, then the second parameter. The
5289*4724848cSchristos * meaning of each parameter depends on the specific key material being
5290*4724848cSchristos * logged. Note that the first and second parameters are encoded in
5291*4724848cSchristos * hexadecimal, so we need a buffer that is twice their lengths.
5292*4724848cSchristos */
5293*4724848cSchristos prefix_len = strlen(prefix);
5294*4724848cSchristos out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
5295*4724848cSchristos if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
5296*4724848cSchristos SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
5297*4724848cSchristos ERR_R_MALLOC_FAILURE);
5298*4724848cSchristos return 0;
5299*4724848cSchristos }
5300*4724848cSchristos
5301*4724848cSchristos strcpy(cursor, prefix);
5302*4724848cSchristos cursor += prefix_len;
5303*4724848cSchristos *cursor++ = ' ';
5304*4724848cSchristos
5305*4724848cSchristos for (i = 0; i < parameter_1_len; i++) {
5306*4724848cSchristos sprintf(cursor, "%02x", parameter_1[i]);
5307*4724848cSchristos cursor += 2;
5308*4724848cSchristos }
5309*4724848cSchristos *cursor++ = ' ';
5310*4724848cSchristos
5311*4724848cSchristos for (i = 0; i < parameter_2_len; i++) {
5312*4724848cSchristos sprintf(cursor, "%02x", parameter_2[i]);
5313*4724848cSchristos cursor += 2;
5314*4724848cSchristos }
5315*4724848cSchristos *cursor = '\0';
5316*4724848cSchristos
5317*4724848cSchristos ssl->ctx->keylog_callback(ssl, (const char *)out);
5318*4724848cSchristos OPENSSL_clear_free(out, out_len);
5319*4724848cSchristos return 1;
5320*4724848cSchristos
5321*4724848cSchristos }
5322*4724848cSchristos
ssl_log_rsa_client_key_exchange(SSL * ssl,const uint8_t * encrypted_premaster,size_t encrypted_premaster_len,const uint8_t * premaster,size_t premaster_len)5323*4724848cSchristos int ssl_log_rsa_client_key_exchange(SSL *ssl,
5324*4724848cSchristos const uint8_t *encrypted_premaster,
5325*4724848cSchristos size_t encrypted_premaster_len,
5326*4724848cSchristos const uint8_t *premaster,
5327*4724848cSchristos size_t premaster_len)
5328*4724848cSchristos {
5329*4724848cSchristos if (encrypted_premaster_len < 8) {
5330*4724848cSchristos SSLfatal(ssl, SSL_AD_INTERNAL_ERROR,
5331*4724848cSchristos SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
5332*4724848cSchristos return 0;
5333*4724848cSchristos }
5334*4724848cSchristos
5335*4724848cSchristos /* We only want the first 8 bytes of the encrypted premaster as a tag. */
5336*4724848cSchristos return nss_keylog_int("RSA",
5337*4724848cSchristos ssl,
5338*4724848cSchristos encrypted_premaster,
5339*4724848cSchristos 8,
5340*4724848cSchristos premaster,
5341*4724848cSchristos premaster_len);
5342*4724848cSchristos }
5343*4724848cSchristos
ssl_log_secret(SSL * ssl,const char * label,const uint8_t * secret,size_t secret_len)5344*4724848cSchristos int ssl_log_secret(SSL *ssl,
5345*4724848cSchristos const char *label,
5346*4724848cSchristos const uint8_t *secret,
5347*4724848cSchristos size_t secret_len)
5348*4724848cSchristos {
5349*4724848cSchristos return nss_keylog_int(label,
5350*4724848cSchristos ssl,
5351*4724848cSchristos ssl->s3->client_random,
5352*4724848cSchristos SSL3_RANDOM_SIZE,
5353*4724848cSchristos secret,
5354*4724848cSchristos secret_len);
5355*4724848cSchristos }
5356*4724848cSchristos
5357*4724848cSchristos #define SSLV2_CIPHER_LEN 3
5358*4724848cSchristos
ssl_cache_cipherlist(SSL * s,PACKET * cipher_suites,int sslv2format)5359*4724848cSchristos int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
5360*4724848cSchristos {
5361*4724848cSchristos int n;
5362*4724848cSchristos
5363*4724848cSchristos n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
5364*4724848cSchristos
5365*4724848cSchristos if (PACKET_remaining(cipher_suites) == 0) {
5366*4724848cSchristos SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST,
5367*4724848cSchristos SSL_R_NO_CIPHERS_SPECIFIED);
5368*4724848cSchristos return 0;
5369*4724848cSchristos }
5370*4724848cSchristos
5371*4724848cSchristos if (PACKET_remaining(cipher_suites) % n != 0) {
5372*4724848cSchristos SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
5373*4724848cSchristos SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
5374*4724848cSchristos return 0;
5375*4724848cSchristos }
5376*4724848cSchristos
5377*4724848cSchristos OPENSSL_free(s->s3->tmp.ciphers_raw);
5378*4724848cSchristos s->s3->tmp.ciphers_raw = NULL;
5379*4724848cSchristos s->s3->tmp.ciphers_rawlen = 0;
5380*4724848cSchristos
5381*4724848cSchristos if (sslv2format) {
5382*4724848cSchristos size_t numciphers = PACKET_remaining(cipher_suites) / n;
5383*4724848cSchristos PACKET sslv2ciphers = *cipher_suites;
5384*4724848cSchristos unsigned int leadbyte;
5385*4724848cSchristos unsigned char *raw;
5386*4724848cSchristos
5387*4724848cSchristos /*
5388*4724848cSchristos * We store the raw ciphers list in SSLv3+ format so we need to do some
5389*4724848cSchristos * preprocessing to convert the list first. If there are any SSLv2 only
5390*4724848cSchristos * ciphersuites with a non-zero leading byte then we are going to
5391*4724848cSchristos * slightly over allocate because we won't store those. But that isn't a
5392*4724848cSchristos * problem.
5393*4724848cSchristos */
5394*4724848cSchristos raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
5395*4724848cSchristos s->s3->tmp.ciphers_raw = raw;
5396*4724848cSchristos if (raw == NULL) {
5397*4724848cSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
5398*4724848cSchristos ERR_R_MALLOC_FAILURE);
5399*4724848cSchristos return 0;
5400*4724848cSchristos }
5401*4724848cSchristos for (s->s3->tmp.ciphers_rawlen = 0;
5402*4724848cSchristos PACKET_remaining(&sslv2ciphers) > 0;
5403*4724848cSchristos raw += TLS_CIPHER_LEN) {
5404*4724848cSchristos if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
5405*4724848cSchristos || (leadbyte == 0
5406*4724848cSchristos && !PACKET_copy_bytes(&sslv2ciphers, raw,
5407*4724848cSchristos TLS_CIPHER_LEN))
5408*4724848cSchristos || (leadbyte != 0
5409*4724848cSchristos && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
5410*4724848cSchristos SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
5411*4724848cSchristos SSL_R_BAD_PACKET);
5412*4724848cSchristos OPENSSL_free(s->s3->tmp.ciphers_raw);
5413*4724848cSchristos s->s3->tmp.ciphers_raw = NULL;
5414*4724848cSchristos s->s3->tmp.ciphers_rawlen = 0;
5415*4724848cSchristos return 0;
5416*4724848cSchristos }
5417*4724848cSchristos if (leadbyte == 0)
5418*4724848cSchristos s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN;
5419*4724848cSchristos }
5420*4724848cSchristos } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw,
5421*4724848cSchristos &s->s3->tmp.ciphers_rawlen)) {
5422*4724848cSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
5423*4724848cSchristos ERR_R_INTERNAL_ERROR);
5424*4724848cSchristos return 0;
5425*4724848cSchristos }
5426*4724848cSchristos return 1;
5427*4724848cSchristos }
5428*4724848cSchristos
SSL_bytes_to_cipher_list(SSL * s,const unsigned char * bytes,size_t len,int isv2format,STACK_OF (SSL_CIPHER)** sk,STACK_OF (SSL_CIPHER)** scsvs)5429*4724848cSchristos int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
5430*4724848cSchristos int isv2format, STACK_OF(SSL_CIPHER) **sk,
5431*4724848cSchristos STACK_OF(SSL_CIPHER) **scsvs)
5432*4724848cSchristos {
5433*4724848cSchristos PACKET pkt;
5434*4724848cSchristos
5435*4724848cSchristos if (!PACKET_buf_init(&pkt, bytes, len))
5436*4724848cSchristos return 0;
5437*4724848cSchristos return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0);
5438*4724848cSchristos }
5439*4724848cSchristos
bytes_to_cipher_list(SSL * s,PACKET * cipher_suites,STACK_OF (SSL_CIPHER)** skp,STACK_OF (SSL_CIPHER)** scsvs_out,int sslv2format,int fatal)5440*4724848cSchristos int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
5441*4724848cSchristos STACK_OF(SSL_CIPHER) **skp,
5442*4724848cSchristos STACK_OF(SSL_CIPHER) **scsvs_out,
5443*4724848cSchristos int sslv2format, int fatal)
5444*4724848cSchristos {
5445*4724848cSchristos const SSL_CIPHER *c;
5446*4724848cSchristos STACK_OF(SSL_CIPHER) *sk = NULL;
5447*4724848cSchristos STACK_OF(SSL_CIPHER) *scsvs = NULL;
5448*4724848cSchristos int n;
5449*4724848cSchristos /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
5450*4724848cSchristos unsigned char cipher[SSLV2_CIPHER_LEN];
5451*4724848cSchristos
5452*4724848cSchristos n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
5453*4724848cSchristos
5454*4724848cSchristos if (PACKET_remaining(cipher_suites) == 0) {
5455*4724848cSchristos if (fatal)
5456*4724848cSchristos SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST,
5457*4724848cSchristos SSL_R_NO_CIPHERS_SPECIFIED);
5458*4724848cSchristos else
5459*4724848cSchristos SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
5460*4724848cSchristos return 0;
5461*4724848cSchristos }
5462*4724848cSchristos
5463*4724848cSchristos if (PACKET_remaining(cipher_suites) % n != 0) {
5464*4724848cSchristos if (fatal)
5465*4724848cSchristos SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
5466*4724848cSchristos SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
5467*4724848cSchristos else
5468*4724848cSchristos SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,
5469*4724848cSchristos SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
5470*4724848cSchristos return 0;
5471*4724848cSchristos }
5472*4724848cSchristos
5473*4724848cSchristos sk = sk_SSL_CIPHER_new_null();
5474*4724848cSchristos scsvs = sk_SSL_CIPHER_new_null();
5475*4724848cSchristos if (sk == NULL || scsvs == NULL) {
5476*4724848cSchristos if (fatal)
5477*4724848cSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
5478*4724848cSchristos ERR_R_MALLOC_FAILURE);
5479*4724848cSchristos else
5480*4724848cSchristos SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
5481*4724848cSchristos goto err;
5482*4724848cSchristos }
5483*4724848cSchristos
5484*4724848cSchristos while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
5485*4724848cSchristos /*
5486*4724848cSchristos * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
5487*4724848cSchristos * first byte set to zero, while true SSLv2 ciphers have a non-zero
5488*4724848cSchristos * first byte. We don't support any true SSLv2 ciphers, so skip them.
5489*4724848cSchristos */
5490*4724848cSchristos if (sslv2format && cipher[0] != '\0')
5491*4724848cSchristos continue;
5492*4724848cSchristos
5493*4724848cSchristos /* For SSLv2-compat, ignore leading 0-byte. */
5494*4724848cSchristos c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
5495*4724848cSchristos if (c != NULL) {
5496*4724848cSchristos if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
5497*4724848cSchristos (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
5498*4724848cSchristos if (fatal)
5499*4724848cSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR,
5500*4724848cSchristos SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
5501*4724848cSchristos else
5502*4724848cSchristos SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
5503*4724848cSchristos goto err;
5504*4724848cSchristos }
5505*4724848cSchristos }
5506*4724848cSchristos }
5507*4724848cSchristos if (PACKET_remaining(cipher_suites) > 0) {
5508*4724848cSchristos if (fatal)
5509*4724848cSchristos SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
5510*4724848cSchristos SSL_R_BAD_LENGTH);
5511*4724848cSchristos else
5512*4724848cSchristos SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);
5513*4724848cSchristos goto err;
5514*4724848cSchristos }
5515*4724848cSchristos
5516*4724848cSchristos if (skp != NULL)
5517*4724848cSchristos *skp = sk;
5518*4724848cSchristos else
5519*4724848cSchristos sk_SSL_CIPHER_free(sk);
5520*4724848cSchristos if (scsvs_out != NULL)
5521*4724848cSchristos *scsvs_out = scsvs;
5522*4724848cSchristos else
5523*4724848cSchristos sk_SSL_CIPHER_free(scsvs);
5524*4724848cSchristos return 1;
5525*4724848cSchristos err:
5526*4724848cSchristos sk_SSL_CIPHER_free(sk);
5527*4724848cSchristos sk_SSL_CIPHER_free(scsvs);
5528*4724848cSchristos return 0;
5529*4724848cSchristos }
5530*4724848cSchristos
SSL_CTX_set_max_early_data(SSL_CTX * ctx,uint32_t max_early_data)5531*4724848cSchristos int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
5532*4724848cSchristos {
5533*4724848cSchristos ctx->max_early_data = max_early_data;
5534*4724848cSchristos
5535*4724848cSchristos return 1;
5536*4724848cSchristos }
5537*4724848cSchristos
SSL_CTX_get_max_early_data(const SSL_CTX * ctx)5538*4724848cSchristos uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
5539*4724848cSchristos {
5540*4724848cSchristos return ctx->max_early_data;
5541*4724848cSchristos }
5542*4724848cSchristos
SSL_set_max_early_data(SSL * s,uint32_t max_early_data)5543*4724848cSchristos int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
5544*4724848cSchristos {
5545*4724848cSchristos s->max_early_data = max_early_data;
5546*4724848cSchristos
5547*4724848cSchristos return 1;
5548*4724848cSchristos }
5549*4724848cSchristos
SSL_get_max_early_data(const SSL * s)5550*4724848cSchristos uint32_t SSL_get_max_early_data(const SSL *s)
5551*4724848cSchristos {
5552*4724848cSchristos return s->max_early_data;
5553*4724848cSchristos }
5554*4724848cSchristos
SSL_CTX_set_recv_max_early_data(SSL_CTX * ctx,uint32_t recv_max_early_data)5555*4724848cSchristos int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
5556*4724848cSchristos {
5557*4724848cSchristos ctx->recv_max_early_data = recv_max_early_data;
5558*4724848cSchristos
5559*4724848cSchristos return 1;
5560*4724848cSchristos }
5561*4724848cSchristos
SSL_CTX_get_recv_max_early_data(const SSL_CTX * ctx)5562*4724848cSchristos uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
5563*4724848cSchristos {
5564*4724848cSchristos return ctx->recv_max_early_data;
5565*4724848cSchristos }
5566*4724848cSchristos
SSL_set_recv_max_early_data(SSL * s,uint32_t recv_max_early_data)5567*4724848cSchristos int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)
5568*4724848cSchristos {
5569*4724848cSchristos s->recv_max_early_data = recv_max_early_data;
5570*4724848cSchristos
5571*4724848cSchristos return 1;
5572*4724848cSchristos }
5573*4724848cSchristos
SSL_get_recv_max_early_data(const SSL * s)5574*4724848cSchristos uint32_t SSL_get_recv_max_early_data(const SSL *s)
5575*4724848cSchristos {
5576*4724848cSchristos return s->recv_max_early_data;
5577*4724848cSchristos }
5578*4724848cSchristos
ssl_get_max_send_fragment(const SSL * ssl)5579*4724848cSchristos __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl)
5580*4724848cSchristos {
5581*4724848cSchristos /* Return any active Max Fragment Len extension */
5582*4724848cSchristos if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session))
5583*4724848cSchristos return GET_MAX_FRAGMENT_LENGTH(ssl->session);
5584*4724848cSchristos
5585*4724848cSchristos /* return current SSL connection setting */
5586*4724848cSchristos return ssl->max_send_fragment;
5587*4724848cSchristos }
5588*4724848cSchristos
ssl_get_split_send_fragment(const SSL * ssl)5589*4724848cSchristos __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl)
5590*4724848cSchristos {
5591*4724848cSchristos /* Return a value regarding an active Max Fragment Len extension */
5592*4724848cSchristos if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)
5593*4724848cSchristos && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session))
5594*4724848cSchristos return GET_MAX_FRAGMENT_LENGTH(ssl->session);
5595*4724848cSchristos
5596*4724848cSchristos /* else limit |split_send_fragment| to current |max_send_fragment| */
5597*4724848cSchristos if (ssl->split_send_fragment > ssl->max_send_fragment)
5598*4724848cSchristos return ssl->max_send_fragment;
5599*4724848cSchristos
5600*4724848cSchristos /* return current SSL connection setting */
5601*4724848cSchristos return ssl->split_send_fragment;
5602*4724848cSchristos }
5603*4724848cSchristos
SSL_stateless(SSL * s)5604*4724848cSchristos int SSL_stateless(SSL *s)
5605*4724848cSchristos {
5606*4724848cSchristos int ret;
5607*4724848cSchristos
5608*4724848cSchristos /* Ensure there is no state left over from a previous invocation */
5609*4724848cSchristos if (!SSL_clear(s))
5610*4724848cSchristos return 0;
5611*4724848cSchristos
5612*4724848cSchristos ERR_clear_error();
5613*4724848cSchristos
5614*4724848cSchristos s->s3->flags |= TLS1_FLAGS_STATELESS;
5615*4724848cSchristos ret = SSL_accept(s);
5616*4724848cSchristos s->s3->flags &= ~TLS1_FLAGS_STATELESS;
5617*4724848cSchristos
5618*4724848cSchristos if (ret > 0 && s->ext.cookieok)
5619*4724848cSchristos return 1;
5620*4724848cSchristos
5621*4724848cSchristos if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s))
5622*4724848cSchristos return 0;
5623*4724848cSchristos
5624*4724848cSchristos return -1;
5625*4724848cSchristos }
5626*4724848cSchristos
SSL_CTX_set_post_handshake_auth(SSL_CTX * ctx,int val)5627*4724848cSchristos void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
5628*4724848cSchristos {
5629*4724848cSchristos ctx->pha_enabled = val;
5630*4724848cSchristos }
5631*4724848cSchristos
SSL_set_post_handshake_auth(SSL * ssl,int val)5632*4724848cSchristos void SSL_set_post_handshake_auth(SSL *ssl, int val)
5633*4724848cSchristos {
5634*4724848cSchristos ssl->pha_enabled = val;
5635*4724848cSchristos }
5636*4724848cSchristos
SSL_verify_client_post_handshake(SSL * ssl)5637*4724848cSchristos int SSL_verify_client_post_handshake(SSL *ssl)
5638*4724848cSchristos {
5639*4724848cSchristos if (!SSL_IS_TLS13(ssl)) {
5640*4724848cSchristos SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION);
5641*4724848cSchristos return 0;
5642*4724848cSchristos }
5643*4724848cSchristos if (!ssl->server) {
5644*4724848cSchristos SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER);
5645*4724848cSchristos return 0;
5646*4724848cSchristos }
5647*4724848cSchristos
5648*4724848cSchristos if (!SSL_is_init_finished(ssl)) {
5649*4724848cSchristos SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT);
5650*4724848cSchristos return 0;
5651*4724848cSchristos }
5652*4724848cSchristos
5653*4724848cSchristos switch (ssl->post_handshake_auth) {
5654*4724848cSchristos case SSL_PHA_NONE:
5655*4724848cSchristos SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED);
5656*4724848cSchristos return 0;
5657*4724848cSchristos default:
5658*4724848cSchristos case SSL_PHA_EXT_SENT:
5659*4724848cSchristos SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR);
5660*4724848cSchristos return 0;
5661*4724848cSchristos case SSL_PHA_EXT_RECEIVED:
5662*4724848cSchristos break;
5663*4724848cSchristos case SSL_PHA_REQUEST_PENDING:
5664*4724848cSchristos SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING);
5665*4724848cSchristos return 0;
5666*4724848cSchristos case SSL_PHA_REQUESTED:
5667*4724848cSchristos SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT);
5668*4724848cSchristos return 0;
5669*4724848cSchristos }
5670*4724848cSchristos
5671*4724848cSchristos ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
5672*4724848cSchristos
5673*4724848cSchristos /* checks verify_mode and algorithm_auth */
5674*4724848cSchristos if (!send_certificate_request(ssl)) {
5675*4724848cSchristos ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
5676*4724848cSchristos SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG);
5677*4724848cSchristos return 0;
5678*4724848cSchristos }
5679*4724848cSchristos
5680*4724848cSchristos ossl_statem_set_in_init(ssl, 1);
5681*4724848cSchristos return 1;
5682*4724848cSchristos }
5683*4724848cSchristos
SSL_CTX_set_session_ticket_cb(SSL_CTX * ctx,SSL_CTX_generate_session_ticket_fn gen_cb,SSL_CTX_decrypt_session_ticket_fn dec_cb,void * arg)5684*4724848cSchristos int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
5685*4724848cSchristos SSL_CTX_generate_session_ticket_fn gen_cb,
5686*4724848cSchristos SSL_CTX_decrypt_session_ticket_fn dec_cb,
5687*4724848cSchristos void *arg)
5688*4724848cSchristos {
5689*4724848cSchristos ctx->generate_ticket_cb = gen_cb;
5690*4724848cSchristos ctx->decrypt_ticket_cb = dec_cb;
5691*4724848cSchristos ctx->ticket_cb_data = arg;
5692*4724848cSchristos return 1;
5693*4724848cSchristos }
5694*4724848cSchristos
SSL_CTX_set_allow_early_data_cb(SSL_CTX * ctx,SSL_allow_early_data_cb_fn cb,void * arg)5695*4724848cSchristos void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
5696*4724848cSchristos SSL_allow_early_data_cb_fn cb,
5697*4724848cSchristos void *arg)
5698*4724848cSchristos {
5699*4724848cSchristos ctx->allow_early_data_cb = cb;
5700*4724848cSchristos ctx->allow_early_data_cb_data = arg;
5701*4724848cSchristos }
5702*4724848cSchristos
SSL_set_allow_early_data_cb(SSL * s,SSL_allow_early_data_cb_fn cb,void * arg)5703*4724848cSchristos void SSL_set_allow_early_data_cb(SSL *s,
5704*4724848cSchristos SSL_allow_early_data_cb_fn cb,
5705*4724848cSchristos void *arg)
5706*4724848cSchristos {
5707*4724848cSchristos s->allow_early_data_cb = cb;
5708*4724848cSchristos s->allow_early_data_cb_data = arg;
5709*4724848cSchristos }
5710