19cef71b6Sspz /* 2b46c97feSchristos * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3e0ea3921Schristos * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4e0ea3921Schristos * Copyright 2005 Nokia. All rights reserved. 55af53050Schristos * 68fbed61eSchristos * Licensed under the Apache License 2.0 (the "License"). You may not use 75af53050Schristos * this file except in compliance with the License. You can obtain a copy 85af53050Schristos * in the file LICENSE in the source distribution or at 95af53050Schristos * https://www.openssl.org/source/license.html 10a89c9211Schristos */ 115af53050Schristos 12a89c9211Schristos #include <stdio.h> 1352629741Schristos #include "ssl_local.h" 148fbed61eSchristos #include "e_os.h" 15a89c9211Schristos #include <openssl/objects.h> 16a89c9211Schristos #include <openssl/x509v3.h> 17a89c9211Schristos #include <openssl/rand.h> 18a89c9211Schristos #include <openssl/ocsp.h> 19a89c9211Schristos #include <openssl/dh.h> 20a89c9211Schristos #include <openssl/engine.h> 215af53050Schristos #include <openssl/async.h> 225af53050Schristos #include <openssl/ct.h> 238fbed61eSchristos #include <openssl/trace.h> 24e0ea3921Schristos #include "internal/cryptlib.h" 25e0ea3921Schristos #include "internal/refcount.h" 268fbed61eSchristos #include "internal/ktls.h" 27a89c9211Schristos 288fbed61eSchristos static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t, 298fbed61eSchristos SSL_MAC_BUF *mac, size_t macsize) 3078327f04Schristos { 3178327f04Schristos return ssl_undefined_function(ssl); 3278327f04Schristos } 3378327f04Schristos 3478327f04Schristos static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s, 3578327f04Schristos int t) 3678327f04Schristos { 3778327f04Schristos return ssl_undefined_function(ssl); 3878327f04Schristos } 3978327f04Schristos 4078327f04Schristos static int ssl_undefined_function_3(SSL *ssl, unsigned char *r, 41e0ea3921Schristos unsigned char *s, size_t t, size_t *u) 4278327f04Schristos { 4378327f04Schristos return ssl_undefined_function(ssl); 4478327f04Schristos } 4578327f04Schristos 4678327f04Schristos static int ssl_undefined_function_4(SSL *ssl, int r) 4778327f04Schristos { 4878327f04Schristos return ssl_undefined_function(ssl); 4978327f04Schristos } 5078327f04Schristos 51e0ea3921Schristos static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s, 5278327f04Schristos unsigned char *t) 5378327f04Schristos { 5478327f04Schristos return ssl_undefined_function(ssl); 5578327f04Schristos } 5678327f04Schristos 5778327f04Schristos static int ssl_undefined_function_6(int r) 5878327f04Schristos { 5978327f04Schristos return ssl_undefined_function(NULL); 6078327f04Schristos } 6178327f04Schristos 6278327f04Schristos static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s, 6378327f04Schristos const char *t, size_t u, 6478327f04Schristos const unsigned char *v, size_t w, int x) 6578327f04Schristos { 6678327f04Schristos return ssl_undefined_function(ssl); 6778327f04Schristos } 6878327f04Schristos 69a89c9211Schristos SSL3_ENC_METHOD ssl3_undef_enc_method = { 7078327f04Schristos ssl_undefined_function_1, 7178327f04Schristos ssl_undefined_function_2, 72a89c9211Schristos ssl_undefined_function, 7378327f04Schristos ssl_undefined_function_3, 7478327f04Schristos ssl_undefined_function_4, 7578327f04Schristos ssl_undefined_function_5, 76a89c9211Schristos NULL, /* client_finished_label */ 77a89c9211Schristos 0, /* client_finished_label_len */ 78a89c9211Schristos NULL, /* server_finished_label */ 79a89c9211Schristos 0, /* server_finished_label_len */ 8078327f04Schristos ssl_undefined_function_6, 8178327f04Schristos ssl_undefined_function_7, 82a89c9211Schristos }; 83a89c9211Schristos 845af53050Schristos struct ssl_async_args { 855af53050Schristos SSL *s; 865af53050Schristos void *buf; 87e0ea3921Schristos size_t num; 885af53050Schristos enum { READFUNC, WRITEFUNC, OTHERFUNC } type; 895af53050Schristos union { 90e0ea3921Schristos int (*func_read) (SSL *, void *, size_t, size_t *); 91e0ea3921Schristos int (*func_write) (SSL *, const void *, size_t, size_t *); 925af53050Schristos int (*func_other) (SSL *); 935af53050Schristos } f; 945af53050Schristos }; 955af53050Schristos 965af53050Schristos static const struct { 975af53050Schristos uint8_t mtype; 985af53050Schristos uint8_t ord; 995af53050Schristos int nid; 1005af53050Schristos } dane_mds[] = { 1015af53050Schristos { 1025af53050Schristos DANETLS_MATCHING_FULL, 0, NID_undef 1035af53050Schristos }, 1045af53050Schristos { 1055af53050Schristos DANETLS_MATCHING_2256, 1, NID_sha256 1065af53050Schristos }, 1075af53050Schristos { 1085af53050Schristos DANETLS_MATCHING_2512, 2, NID_sha512 1095af53050Schristos }, 1105af53050Schristos }; 1115af53050Schristos 1125af53050Schristos static int dane_ctx_enable(struct dane_ctx_st *dctx) 1135af53050Schristos { 1145af53050Schristos const EVP_MD **mdevp; 1155af53050Schristos uint8_t *mdord; 1165af53050Schristos uint8_t mdmax = DANETLS_MATCHING_LAST; 1175af53050Schristos int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */ 1185af53050Schristos size_t i; 1195af53050Schristos 1205af53050Schristos if (dctx->mdevp != NULL) 1215af53050Schristos return 1; 1225af53050Schristos 1235af53050Schristos mdevp = OPENSSL_zalloc(n * sizeof(*mdevp)); 1245af53050Schristos mdord = OPENSSL_zalloc(n * sizeof(*mdord)); 1255af53050Schristos 1265af53050Schristos if (mdord == NULL || mdevp == NULL) { 1275af53050Schristos OPENSSL_free(mdord); 1285af53050Schristos OPENSSL_free(mdevp); 1298fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 1305af53050Schristos return 0; 1315af53050Schristos } 1325af53050Schristos 1335af53050Schristos /* Install default entries */ 1345af53050Schristos for (i = 0; i < OSSL_NELEM(dane_mds); ++i) { 1355af53050Schristos const EVP_MD *md; 1365af53050Schristos 1375af53050Schristos if (dane_mds[i].nid == NID_undef || 1385af53050Schristos (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL) 1395af53050Schristos continue; 1405af53050Schristos mdevp[dane_mds[i].mtype] = md; 1415af53050Schristos mdord[dane_mds[i].mtype] = dane_mds[i].ord; 1425af53050Schristos } 1435af53050Schristos 1445af53050Schristos dctx->mdevp = mdevp; 1455af53050Schristos dctx->mdord = mdord; 1465af53050Schristos dctx->mdmax = mdmax; 1475af53050Schristos 1485af53050Schristos return 1; 1495af53050Schristos } 1505af53050Schristos 1515af53050Schristos static void dane_ctx_final(struct dane_ctx_st *dctx) 1525af53050Schristos { 1535af53050Schristos OPENSSL_free(dctx->mdevp); 1545af53050Schristos dctx->mdevp = NULL; 1555af53050Schristos 1565af53050Schristos OPENSSL_free(dctx->mdord); 1575af53050Schristos dctx->mdord = NULL; 1585af53050Schristos dctx->mdmax = 0; 1595af53050Schristos } 1605af53050Schristos 1615af53050Schristos static void tlsa_free(danetls_record *t) 1625af53050Schristos { 1635af53050Schristos if (t == NULL) 1645af53050Schristos return; 1655af53050Schristos OPENSSL_free(t->data); 1665af53050Schristos EVP_PKEY_free(t->spki); 1675af53050Schristos OPENSSL_free(t); 1685af53050Schristos } 1695af53050Schristos 1705af53050Schristos static void dane_final(SSL_DANE *dane) 1715af53050Schristos { 1725af53050Schristos sk_danetls_record_pop_free(dane->trecs, tlsa_free); 1735af53050Schristos dane->trecs = NULL; 1745af53050Schristos 1755af53050Schristos sk_X509_pop_free(dane->certs, X509_free); 1765af53050Schristos dane->certs = NULL; 1775af53050Schristos 1785af53050Schristos X509_free(dane->mcert); 1795af53050Schristos dane->mcert = NULL; 1805af53050Schristos dane->mtlsa = NULL; 1815af53050Schristos dane->mdpth = -1; 1825af53050Schristos dane->pdpth = -1; 1835af53050Schristos } 1845af53050Schristos 1855af53050Schristos /* 1865af53050Schristos * dane_copy - Copy dane configuration, sans verification state. 1875af53050Schristos */ 1885af53050Schristos static int ssl_dane_dup(SSL *to, SSL *from) 1895af53050Schristos { 1905af53050Schristos int num; 1915af53050Schristos int i; 1925af53050Schristos 1935af53050Schristos if (!DANETLS_ENABLED(&from->dane)) 1945af53050Schristos return 1; 1955af53050Schristos 196e0ea3921Schristos num = sk_danetls_record_num(from->dane.trecs); 1975af53050Schristos dane_final(&to->dane); 1985af53050Schristos to->dane.flags = from->dane.flags; 1995af53050Schristos to->dane.dctx = &to->ctx->dane; 200e0ea3921Schristos to->dane.trecs = sk_danetls_record_new_reserve(NULL, num); 2015af53050Schristos 2025af53050Schristos if (to->dane.trecs == NULL) { 2038fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 2045af53050Schristos return 0; 2055af53050Schristos } 2065af53050Schristos 2075af53050Schristos for (i = 0; i < num; ++i) { 2085af53050Schristos danetls_record *t = sk_danetls_record_value(from->dane.trecs, i); 2095af53050Schristos 2105af53050Schristos if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype, 2115af53050Schristos t->data, t->dlen) <= 0) 2125af53050Schristos return 0; 2135af53050Schristos } 2145af53050Schristos return 1; 2155af53050Schristos } 2165af53050Schristos 2175af53050Schristos static int dane_mtype_set(struct dane_ctx_st *dctx, 2185af53050Schristos const EVP_MD *md, uint8_t mtype, uint8_t ord) 2195af53050Schristos { 2205af53050Schristos int i; 2215af53050Schristos 2225af53050Schristos if (mtype == DANETLS_MATCHING_FULL && md != NULL) { 2238fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL); 2245af53050Schristos return 0; 2255af53050Schristos } 2265af53050Schristos 2275af53050Schristos if (mtype > dctx->mdmax) { 2285af53050Schristos const EVP_MD **mdevp; 2295af53050Schristos uint8_t *mdord; 2305af53050Schristos int n = ((int)mtype) + 1; 2315af53050Schristos 2325af53050Schristos mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp)); 2335af53050Schristos if (mdevp == NULL) { 2348fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 2355af53050Schristos return -1; 2365af53050Schristos } 2375af53050Schristos dctx->mdevp = mdevp; 2385af53050Schristos 2395af53050Schristos mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord)); 2405af53050Schristos if (mdord == NULL) { 2418fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 2425af53050Schristos return -1; 2435af53050Schristos } 2445af53050Schristos dctx->mdord = mdord; 2455af53050Schristos 2465af53050Schristos /* Zero-fill any gaps */ 2475af53050Schristos for (i = dctx->mdmax + 1; i < mtype; ++i) { 2485af53050Schristos mdevp[i] = NULL; 2495af53050Schristos mdord[i] = 0; 2505af53050Schristos } 2515af53050Schristos 2525af53050Schristos dctx->mdmax = mtype; 2535af53050Schristos } 2545af53050Schristos 2555af53050Schristos dctx->mdevp[mtype] = md; 2565af53050Schristos /* Coerce ordinal of disabled matching types to 0 */ 2575af53050Schristos dctx->mdord[mtype] = (md == NULL) ? 0 : ord; 2585af53050Schristos 2595af53050Schristos return 1; 2605af53050Schristos } 2615af53050Schristos 2625af53050Schristos static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype) 2635af53050Schristos { 2645af53050Schristos if (mtype > dane->dctx->mdmax) 2655af53050Schristos return NULL; 2665af53050Schristos return dane->dctx->mdevp[mtype]; 2675af53050Schristos } 2685af53050Schristos 2695af53050Schristos static int dane_tlsa_add(SSL_DANE *dane, 2705af53050Schristos uint8_t usage, 2715af53050Schristos uint8_t selector, 2728fbed61eSchristos uint8_t mtype, const unsigned char *data, size_t dlen) 2735af53050Schristos { 2745af53050Schristos danetls_record *t; 2755af53050Schristos const EVP_MD *md = NULL; 2765af53050Schristos int ilen = (int)dlen; 2775af53050Schristos int i; 2785af53050Schristos int num; 2795af53050Schristos 2805af53050Schristos if (dane->trecs == NULL) { 2818fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_NOT_ENABLED); 2825af53050Schristos return -1; 2835af53050Schristos } 2845af53050Schristos 2855af53050Schristos if (ilen < 0 || dlen != (size_t)ilen) { 2868fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DATA_LENGTH); 2875af53050Schristos return 0; 2885af53050Schristos } 2895af53050Schristos 2905af53050Schristos if (usage > DANETLS_USAGE_LAST) { 2918fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE); 2925af53050Schristos return 0; 2935af53050Schristos } 2945af53050Schristos 2955af53050Schristos if (selector > DANETLS_SELECTOR_LAST) { 2968fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_SELECTOR); 2975af53050Schristos return 0; 2985af53050Schristos } 2995af53050Schristos 3005af53050Schristos if (mtype != DANETLS_MATCHING_FULL) { 3015af53050Schristos md = tlsa_md_get(dane, mtype); 3025af53050Schristos if (md == NULL) { 3038fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE); 3045af53050Schristos return 0; 3055af53050Schristos } 3065af53050Schristos } 3075af53050Schristos 3088fbed61eSchristos if (md != NULL && dlen != (size_t)EVP_MD_get_size(md)) { 3098fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH); 3105af53050Schristos return 0; 3115af53050Schristos } 3125af53050Schristos if (!data) { 3138fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_NULL_DATA); 3145af53050Schristos return 0; 3155af53050Schristos } 3165af53050Schristos 3175af53050Schristos if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) { 3188fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 3195af53050Schristos return -1; 3205af53050Schristos } 3215af53050Schristos 3225af53050Schristos t->usage = usage; 3235af53050Schristos t->selector = selector; 3245af53050Schristos t->mtype = mtype; 325e0ea3921Schristos t->data = OPENSSL_malloc(dlen); 3265af53050Schristos if (t->data == NULL) { 3275af53050Schristos tlsa_free(t); 3288fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 3295af53050Schristos return -1; 3305af53050Schristos } 331e0ea3921Schristos memcpy(t->data, data, dlen); 332e0ea3921Schristos t->dlen = dlen; 3335af53050Schristos 3345af53050Schristos /* Validate and cache full certificate or public key */ 3355af53050Schristos if (mtype == DANETLS_MATCHING_FULL) { 3365af53050Schristos const unsigned char *p = data; 3375af53050Schristos X509 *cert = NULL; 3385af53050Schristos EVP_PKEY *pkey = NULL; 3395af53050Schristos 3405af53050Schristos switch (selector) { 3415af53050Schristos case DANETLS_SELECTOR_CERT: 342e0ea3921Schristos if (!d2i_X509(&cert, &p, ilen) || p < data || 3435af53050Schristos dlen != (size_t)(p - data)) { 344b46c97feSchristos X509_free(cert); 3455af53050Schristos tlsa_free(t); 3468fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE); 3475af53050Schristos return 0; 3485af53050Schristos } 3495af53050Schristos if (X509_get0_pubkey(cert) == NULL) { 350b46c97feSchristos X509_free(cert); 3515af53050Schristos tlsa_free(t); 3528fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE); 3535af53050Schristos return 0; 3545af53050Schristos } 3555af53050Schristos 3565af53050Schristos if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) { 357b46c97feSchristos /* 358b46c97feSchristos * The Full(0) certificate decodes to a seemingly valid X.509 359b46c97feSchristos * object with a plausible key, so the TLSA record is well 360b46c97feSchristos * formed. However, we don't actually need the certifiate for 361b46c97feSchristos * usages PKIX-EE(1) or DANE-EE(3), because at least the EE 362b46c97feSchristos * certificate is always presented by the peer. We discard the 363b46c97feSchristos * certificate, and just use the TLSA data as an opaque blob 364b46c97feSchristos * for matching the raw presented DER octets. 365b46c97feSchristos * 366b46c97feSchristos * DO NOT FREE `t` here, it will be added to the TLSA record 367b46c97feSchristos * list below! 368b46c97feSchristos */ 3695af53050Schristos X509_free(cert); 3705af53050Schristos break; 3715af53050Schristos } 3725af53050Schristos 3735af53050Schristos /* 3745af53050Schristos * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA 3755af53050Schristos * records that contain full certificates of trust-anchors that are 3765af53050Schristos * not present in the wire chain. For usage PKIX-TA(0), we augment 3775af53050Schristos * the chain with untrusted Full(0) certificates from DNS, in case 3785af53050Schristos * they are missing from the chain. 3795af53050Schristos */ 3805af53050Schristos if ((dane->certs == NULL && 3815af53050Schristos (dane->certs = sk_X509_new_null()) == NULL) || 3825af53050Schristos !sk_X509_push(dane->certs, cert)) { 3838fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 3845af53050Schristos X509_free(cert); 3855af53050Schristos tlsa_free(t); 3865af53050Schristos return -1; 3875af53050Schristos } 3885af53050Schristos break; 3895af53050Schristos 3905af53050Schristos case DANETLS_SELECTOR_SPKI: 391e0ea3921Schristos if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data || 3925af53050Schristos dlen != (size_t)(p - data)) { 393b46c97feSchristos EVP_PKEY_free(pkey); 3945af53050Schristos tlsa_free(t); 3958fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY); 3965af53050Schristos return 0; 3975af53050Schristos } 3985af53050Schristos 3995af53050Schristos /* 4005af53050Schristos * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA 4015af53050Schristos * records that contain full bare keys of trust-anchors that are 4025af53050Schristos * not present in the wire chain. 4035af53050Schristos */ 4045af53050Schristos if (usage == DANETLS_USAGE_DANE_TA) 4055af53050Schristos t->spki = pkey; 4065af53050Schristos else 4075af53050Schristos EVP_PKEY_free(pkey); 4085af53050Schristos break; 4095af53050Schristos } 4105af53050Schristos } 4115af53050Schristos 4125af53050Schristos /*- 4135af53050Schristos * Find the right insertion point for the new record. 4145af53050Schristos * 4155af53050Schristos * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that 4165af53050Schristos * they can be processed first, as they require no chain building, and no 4175af53050Schristos * expiration or hostname checks. Because DANE-EE(3) is numerically 4185af53050Schristos * largest, this is accomplished via descending sort by "usage". 4195af53050Schristos * 4205af53050Schristos * We also sort in descending order by matching ordinal to simplify 4215af53050Schristos * the implementation of digest agility in the verification code. 4225af53050Schristos * 4235af53050Schristos * The choice of order for the selector is not significant, so we 4245af53050Schristos * use the same descending order for consistency. 4255af53050Schristos */ 4265af53050Schristos num = sk_danetls_record_num(dane->trecs); 4275af53050Schristos for (i = 0; i < num; ++i) { 4285af53050Schristos danetls_record *rec = sk_danetls_record_value(dane->trecs, i); 4295af53050Schristos 4305af53050Schristos if (rec->usage > usage) 4315af53050Schristos continue; 4325af53050Schristos if (rec->usage < usage) 4335af53050Schristos break; 4345af53050Schristos if (rec->selector > selector) 4355af53050Schristos continue; 4365af53050Schristos if (rec->selector < selector) 4375af53050Schristos break; 4385af53050Schristos if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype]) 4395af53050Schristos continue; 4405af53050Schristos break; 4415af53050Schristos } 4425af53050Schristos 4435af53050Schristos if (!sk_danetls_record_insert(dane->trecs, t, i)) { 4445af53050Schristos tlsa_free(t); 4458fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 4465af53050Schristos return -1; 4475af53050Schristos } 4485af53050Schristos dane->umask |= DANETLS_USAGE_BIT(usage); 4495af53050Schristos 4505af53050Schristos return 1; 4515af53050Schristos } 4525af53050Schristos 4535af53050Schristos /* 4545af53050Schristos * Return 0 if there is only one version configured and it was disabled 4555af53050Schristos * at configure time. Return 1 otherwise. 4565af53050Schristos */ 4575af53050Schristos static int ssl_check_allowed_versions(int min_version, int max_version) 4585af53050Schristos { 4595af53050Schristos int minisdtls = 0, maxisdtls = 0; 4605af53050Schristos 4615af53050Schristos /* Figure out if we're doing DTLS versions or TLS versions */ 4625af53050Schristos if (min_version == DTLS1_BAD_VER 4635af53050Schristos || min_version >> 8 == DTLS1_VERSION_MAJOR) 4645af53050Schristos minisdtls = 1; 4655af53050Schristos if (max_version == DTLS1_BAD_VER 4665af53050Schristos || max_version >> 8 == DTLS1_VERSION_MAJOR) 4675af53050Schristos maxisdtls = 1; 4685af53050Schristos /* A wildcard version of 0 could be DTLS or TLS. */ 4695af53050Schristos if ((minisdtls && !maxisdtls && max_version != 0) 4705af53050Schristos || (maxisdtls && !minisdtls && min_version != 0)) { 4715af53050Schristos /* Mixing DTLS and TLS versions will lead to sadness; deny it. */ 4725af53050Schristos return 0; 4735af53050Schristos } 4745af53050Schristos 4755af53050Schristos if (minisdtls || maxisdtls) { 4765af53050Schristos /* Do DTLS version checks. */ 4775af53050Schristos if (min_version == 0) 4785af53050Schristos /* Ignore DTLS1_BAD_VER */ 4795af53050Schristos min_version = DTLS1_VERSION; 4805af53050Schristos if (max_version == 0) 4815af53050Schristos max_version = DTLS1_2_VERSION; 4825af53050Schristos #ifdef OPENSSL_NO_DTLS1_2 4835af53050Schristos if (max_version == DTLS1_2_VERSION) 4845af53050Schristos max_version = DTLS1_VERSION; 4855af53050Schristos #endif 4865af53050Schristos #ifdef OPENSSL_NO_DTLS1 4875af53050Schristos if (min_version == DTLS1_VERSION) 4885af53050Schristos min_version = DTLS1_2_VERSION; 4895af53050Schristos #endif 4905af53050Schristos /* Done massaging versions; do the check. */ 4915af53050Schristos if (0 4925af53050Schristos #ifdef OPENSSL_NO_DTLS1 4935af53050Schristos || (DTLS_VERSION_GE(min_version, DTLS1_VERSION) 4945af53050Schristos && DTLS_VERSION_GE(DTLS1_VERSION, max_version)) 4955af53050Schristos #endif 4965af53050Schristos #ifdef OPENSSL_NO_DTLS1_2 4975af53050Schristos || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION) 4985af53050Schristos && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version)) 4995af53050Schristos #endif 5005af53050Schristos ) 5015af53050Schristos return 0; 5025af53050Schristos } else { 5035af53050Schristos /* Regular TLS version checks. */ 5045af53050Schristos if (min_version == 0) 5055af53050Schristos min_version = SSL3_VERSION; 5065af53050Schristos if (max_version == 0) 507e0ea3921Schristos max_version = TLS1_3_VERSION; 508e0ea3921Schristos #ifdef OPENSSL_NO_TLS1_3 509e0ea3921Schristos if (max_version == TLS1_3_VERSION) 5105af53050Schristos max_version = TLS1_2_VERSION; 511e0ea3921Schristos #endif 5125af53050Schristos #ifdef OPENSSL_NO_TLS1_2 5135af53050Schristos if (max_version == TLS1_2_VERSION) 5145af53050Schristos max_version = TLS1_1_VERSION; 5155af53050Schristos #endif 5165af53050Schristos #ifdef OPENSSL_NO_TLS1_1 5175af53050Schristos if (max_version == TLS1_1_VERSION) 5185af53050Schristos max_version = TLS1_VERSION; 5195af53050Schristos #endif 5205af53050Schristos #ifdef OPENSSL_NO_TLS1 5215af53050Schristos if (max_version == TLS1_VERSION) 5225af53050Schristos max_version = SSL3_VERSION; 5235af53050Schristos #endif 5245af53050Schristos #ifdef OPENSSL_NO_SSL3 5255af53050Schristos if (min_version == SSL3_VERSION) 5265af53050Schristos min_version = TLS1_VERSION; 5275af53050Schristos #endif 5285af53050Schristos #ifdef OPENSSL_NO_TLS1 5295af53050Schristos if (min_version == TLS1_VERSION) 5305af53050Schristos min_version = TLS1_1_VERSION; 5315af53050Schristos #endif 5325af53050Schristos #ifdef OPENSSL_NO_TLS1_1 5335af53050Schristos if (min_version == TLS1_1_VERSION) 5345af53050Schristos min_version = TLS1_2_VERSION; 5355af53050Schristos #endif 536e0ea3921Schristos #ifdef OPENSSL_NO_TLS1_2 537e0ea3921Schristos if (min_version == TLS1_2_VERSION) 538e0ea3921Schristos min_version = TLS1_3_VERSION; 539e0ea3921Schristos #endif 5405af53050Schristos /* Done massaging versions; do the check. */ 5415af53050Schristos if (0 5425af53050Schristos #ifdef OPENSSL_NO_SSL3 5435af53050Schristos || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version) 5445af53050Schristos #endif 5455af53050Schristos #ifdef OPENSSL_NO_TLS1 5465af53050Schristos || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version) 5475af53050Schristos #endif 5485af53050Schristos #ifdef OPENSSL_NO_TLS1_1 5495af53050Schristos || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version) 5505af53050Schristos #endif 5515af53050Schristos #ifdef OPENSSL_NO_TLS1_2 5525af53050Schristos || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version) 5535af53050Schristos #endif 554e0ea3921Schristos #ifdef OPENSSL_NO_TLS1_3 555e0ea3921Schristos || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version) 556e0ea3921Schristos #endif 5575af53050Schristos ) 5585af53050Schristos return 0; 5595af53050Schristos } 5605af53050Schristos return 1; 5615af53050Schristos } 5625af53050Schristos 5638fbed61eSchristos #if defined(__TANDEM) && defined(OPENSSL_VPROC) 5648fbed61eSchristos /* 5658fbed61eSchristos * Define a VPROC function for HP NonStop build ssl library. 5668fbed61eSchristos * This is used by platform version identification tools. 5678fbed61eSchristos * Do not inline this procedure or make it static. 5688fbed61eSchristos */ 5698fbed61eSchristos # define OPENSSL_VPROC_STRING_(x) x##_SSL 5708fbed61eSchristos # define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x) 5718fbed61eSchristos # define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC) 5728fbed61eSchristos void OPENSSL_VPROC_FUNC(void) {} 5738fbed61eSchristos #endif 5748fbed61eSchristos 5758fbed61eSchristos 5765af53050Schristos static void clear_ciphers(SSL *s) 5775af53050Schristos { 5785af53050Schristos /* clear the current cipher */ 5795af53050Schristos ssl_clear_cipher_ctx(s); 5805af53050Schristos ssl_clear_hash_ctx(&s->read_hash); 5815af53050Schristos ssl_clear_hash_ctx(&s->write_hash); 5825af53050Schristos } 5835af53050Schristos 584a89c9211Schristos int SSL_clear(SSL *s) 585a89c9211Schristos { 5869cef71b6Sspz if (s->method == NULL) { 5878fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_NO_METHOD_SPECIFIED); 588e0ea3921Schristos return 0; 589a89c9211Schristos } 590a89c9211Schristos 5919cef71b6Sspz if (ssl_clear_bad_session(s)) { 592a89c9211Schristos SSL_SESSION_free(s->session); 593a89c9211Schristos s->session = NULL; 594a89c9211Schristos } 595e0ea3921Schristos SSL_SESSION_free(s->psksession); 596e0ea3921Schristos s->psksession = NULL; 597e0ea3921Schristos OPENSSL_free(s->psksession_id); 598e0ea3921Schristos s->psksession_id = NULL; 599e0ea3921Schristos s->psksession_id_len = 0; 6008dcce544Schristos s->hello_retry_request = SSL_HRR_NONE; 601e0ea3921Schristos s->sent_tickets = 0; 602a89c9211Schristos 603a89c9211Schristos s->error = 0; 604a89c9211Schristos s->hit = 0; 605a89c9211Schristos s->shutdown = 0; 606a89c9211Schristos 6079cef71b6Sspz if (s->renegotiate) { 6088fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); 609a89c9211Schristos return 0; 610a89c9211Schristos } 611a89c9211Schristos 6125af53050Schristos ossl_statem_clear(s); 613a89c9211Schristos 614a89c9211Schristos s->version = s->method->version; 615a89c9211Schristos s->client_version = s->version; 616a89c9211Schristos s->rwstate = SSL_NOTHING; 617a89c9211Schristos 618a89c9211Schristos BUF_MEM_free(s->init_buf); 619a89c9211Schristos s->init_buf = NULL; 6205af53050Schristos clear_ciphers(s); 621a89c9211Schristos s->first_packet = 0; 6225af53050Schristos 623e0ea3921Schristos s->key_update = SSL_KEY_UPDATE_NONE; 624e0ea3921Schristos 625e0ea3921Schristos EVP_MD_CTX_free(s->pha_dgst); 626e0ea3921Schristos s->pha_dgst = NULL; 627e0ea3921Schristos 6285af53050Schristos /* Reset DANE verification result state */ 6295af53050Schristos s->dane.mdpth = -1; 6305af53050Schristos s->dane.pdpth = -1; 6315af53050Schristos X509_free(s->dane.mcert); 6325af53050Schristos s->dane.mcert = NULL; 6335af53050Schristos s->dane.mtlsa = NULL; 6345af53050Schristos 6355af53050Schristos /* Clear the verification result peername */ 6365af53050Schristos X509_VERIFY_PARAM_move_peername(s->param, NULL); 6375af53050Schristos 638403eeac4Schristos /* Clear any shared connection state */ 639403eeac4Schristos OPENSSL_free(s->shared_sigalgs); 640403eeac4Schristos s->shared_sigalgs = NULL; 641403eeac4Schristos s->shared_sigalgslen = 0; 642403eeac4Schristos 6439cef71b6Sspz /* 6449cef71b6Sspz * Check to see if we were changed into a different method, if so, revert 645e0ea3921Schristos * back. 6469cef71b6Sspz */ 647e0ea3921Schristos if (s->method != s->ctx->method) { 648a89c9211Schristos s->method->ssl_free(s); 649a89c9211Schristos s->method = s->ctx->method; 650a89c9211Schristos if (!s->method->ssl_new(s)) 651e0ea3921Schristos return 0; 652e0ea3921Schristos } else { 653e0ea3921Schristos if (!s->method->ssl_clear(s)) 654e0ea3921Schristos return 0; 655e0ea3921Schristos } 6565af53050Schristos 6575af53050Schristos RECORD_LAYER_clear(&s->rlayer); 6585af53050Schristos 659e0ea3921Schristos return 1; 660a89c9211Schristos } 661a89c9211Schristos 6628fbed61eSchristos #ifndef OPENSSL_NO_DEPRECATED_3_0 663a89c9211Schristos /** Used to change an SSL_CTXs default SSL method type */ 664a89c9211Schristos int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) 665a89c9211Schristos { 666a89c9211Schristos STACK_OF(SSL_CIPHER) *sk; 667a89c9211Schristos 668a89c9211Schristos ctx->method = meth; 669a89c9211Schristos 6708fbed61eSchristos if (!SSL_CTX_set_ciphersuites(ctx, OSSL_default_ciphersuites())) { 6718fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 672bf8eace1Schristos return 0; 673bf8eace1Schristos } 6748fbed61eSchristos sk = ssl_create_cipher_list(ctx, 675e0ea3921Schristos ctx->tls13_ciphersuites, 676e0ea3921Schristos &(ctx->cipher_list), 677a89c9211Schristos &(ctx->cipher_list_by_id), 6788fbed61eSchristos OSSL_default_cipher_list(), ctx->cert); 6799cef71b6Sspz if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { 6808fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 681e0ea3921Schristos return 0; 682a89c9211Schristos } 683e0ea3921Schristos return 1; 684a89c9211Schristos } 6858fbed61eSchristos #endif 686a89c9211Schristos 687a89c9211Schristos SSL *SSL_new(SSL_CTX *ctx) 688a89c9211Schristos { 689a89c9211Schristos SSL *s; 690a89c9211Schristos 6919cef71b6Sspz if (ctx == NULL) { 6928fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_CTX); 693e0ea3921Schristos return NULL; 694a89c9211Schristos } 6959cef71b6Sspz if (ctx->method == NULL) { 6968fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 697e0ea3921Schristos return NULL; 698a89c9211Schristos } 699a89c9211Schristos 7005af53050Schristos s = OPENSSL_zalloc(sizeof(*s)); 7019cef71b6Sspz if (s == NULL) 7029cef71b6Sspz goto err; 703a89c9211Schristos 704e0ea3921Schristos s->references = 1; 7055af53050Schristos s->lock = CRYPTO_THREAD_lock_new(); 7065af53050Schristos if (s->lock == NULL) { 7075af53050Schristos OPENSSL_free(s); 708e0ea3921Schristos s = NULL; 709e0ea3921Schristos goto err; 7105af53050Schristos } 7115af53050Schristos 7125af53050Schristos RECORD_LAYER_init(&s->rlayer, s); 713a89c9211Schristos 714a89c9211Schristos s->options = ctx->options; 7155af53050Schristos s->dane.flags = ctx->dane.flags; 7165af53050Schristos s->min_proto_version = ctx->min_proto_version; 7175af53050Schristos s->max_proto_version = ctx->max_proto_version; 718a89c9211Schristos s->mode = ctx->mode; 719a89c9211Schristos s->max_cert_list = ctx->max_cert_list; 720e0ea3921Schristos s->max_early_data = ctx->max_early_data; 721e0ea3921Schristos s->recv_max_early_data = ctx->recv_max_early_data; 722e0ea3921Schristos s->num_tickets = ctx->num_tickets; 723e0ea3921Schristos s->pha_enabled = ctx->pha_enabled; 724e0ea3921Schristos 725e0ea3921Schristos /* Shallow copy of the ciphersuites stack */ 726e0ea3921Schristos s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites); 727e0ea3921Schristos if (s->tls13_ciphersuites == NULL) 728e0ea3921Schristos goto err; 729a89c9211Schristos 7309cef71b6Sspz /* 7319cef71b6Sspz * Earlier library versions used to copy the pointer to the CERT, not 7329cef71b6Sspz * its contents; only when setting new parameters for the per-SSL 7339cef71b6Sspz * copy, ssl_cert_new would be called (and the direct reference to 7349cef71b6Sspz * the per-SSL_CTX settings would be lost, but those still were 7359cef71b6Sspz * indirectly accessed for various purposes, and for that reason they 7369cef71b6Sspz * used to be known as s->ctx->default_cert). Now we don't look at the 7379cef71b6Sspz * SSL_CTX's CERT after having duplicated it once. 7389cef71b6Sspz */ 739a89c9211Schristos s->cert = ssl_cert_dup(ctx->cert); 740a89c9211Schristos if (s->cert == NULL) 741a89c9211Schristos goto err; 742a89c9211Schristos 7435af53050Schristos RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead); 744a89c9211Schristos s->msg_callback = ctx->msg_callback; 745a89c9211Schristos s->msg_callback_arg = ctx->msg_callback_arg; 746a89c9211Schristos s->verify_mode = ctx->verify_mode; 7475af53050Schristos s->not_resumable_session_cb = ctx->not_resumable_session_cb; 748e0ea3921Schristos s->record_padding_cb = ctx->record_padding_cb; 749e0ea3921Schristos s->record_padding_arg = ctx->record_padding_arg; 750e0ea3921Schristos s->block_padding = ctx->block_padding; 751a89c9211Schristos s->sid_ctx_length = ctx->sid_ctx_length; 752e0ea3921Schristos if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx))) 753e0ea3921Schristos goto err; 754a89c9211Schristos memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); 755a89c9211Schristos s->verify_callback = ctx->default_verify_callback; 756a89c9211Schristos s->generate_session_id = ctx->generate_session_id; 757a89c9211Schristos 758a89c9211Schristos s->param = X509_VERIFY_PARAM_new(); 7595af53050Schristos if (s->param == NULL) 760a89c9211Schristos goto err; 761a89c9211Schristos X509_VERIFY_PARAM_inherit(s->param, ctx->param); 762a89c9211Schristos s->quiet_shutdown = ctx->quiet_shutdown; 763e0ea3921Schristos 764e0ea3921Schristos s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode; 765a89c9211Schristos s->max_send_fragment = ctx->max_send_fragment; 7665af53050Schristos s->split_send_fragment = ctx->split_send_fragment; 7675af53050Schristos s->max_pipelines = ctx->max_pipelines; 7685af53050Schristos if (s->max_pipelines > 1) 7695af53050Schristos RECORD_LAYER_set_read_ahead(&s->rlayer, 1); 7705af53050Schristos if (ctx->default_read_buf_len > 0) 7715af53050Schristos SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len); 772a89c9211Schristos 7735af53050Schristos SSL_CTX_up_ref(ctx); 774a89c9211Schristos s->ctx = ctx; 775e0ea3921Schristos s->ext.debug_cb = 0; 776e0ea3921Schristos s->ext.debug_arg = NULL; 777e0ea3921Schristos s->ext.ticket_expected = 0; 778e0ea3921Schristos s->ext.status_type = ctx->ext.status_type; 779e0ea3921Schristos s->ext.status_expected = 0; 780e0ea3921Schristos s->ext.ocsp.ids = NULL; 781e0ea3921Schristos s->ext.ocsp.exts = NULL; 782e0ea3921Schristos s->ext.ocsp.resp = NULL; 783e0ea3921Schristos s->ext.ocsp.resp_len = 0; 7845af53050Schristos SSL_CTX_up_ref(ctx); 7855af53050Schristos s->session_ctx = ctx; 786e0ea3921Schristos if (ctx->ext.ecpointformats) { 787e0ea3921Schristos s->ext.ecpointformats = 788e0ea3921Schristos OPENSSL_memdup(ctx->ext.ecpointformats, 789e0ea3921Schristos ctx->ext.ecpointformats_len); 790542270d5Schristos if (!s->ext.ecpointformats) { 791542270d5Schristos s->ext.ecpointformats_len = 0; 79231b855a0Sspz goto err; 793542270d5Schristos } 794e0ea3921Schristos s->ext.ecpointformats_len = 795e0ea3921Schristos ctx->ext.ecpointformats_len; 79631b855a0Sspz } 797e0ea3921Schristos if (ctx->ext.supportedgroups) { 798e0ea3921Schristos s->ext.supportedgroups = 799e0ea3921Schristos OPENSSL_memdup(ctx->ext.supportedgroups, 800e0ea3921Schristos ctx->ext.supportedgroups_len 801e0ea3921Schristos * sizeof(*ctx->ext.supportedgroups)); 802542270d5Schristos if (!s->ext.supportedgroups) { 803542270d5Schristos s->ext.supportedgroups_len = 0; 80431b855a0Sspz goto err; 805542270d5Schristos } 806e0ea3921Schristos s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; 80731b855a0Sspz } 8088fbed61eSchristos 80932daad53Schristos #ifndef OPENSSL_NO_NEXTPROTONEG 810e0ea3921Schristos s->ext.npn = NULL; 81132daad53Schristos #endif 81231b855a0Sspz 813e0ea3921Schristos if (s->ctx->ext.alpn) { 814e0ea3921Schristos s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len); 815542270d5Schristos if (s->ext.alpn == NULL) { 816542270d5Schristos s->ext.alpn_len = 0; 81731b855a0Sspz goto err; 818542270d5Schristos } 819e0ea3921Schristos memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len); 820e0ea3921Schristos s->ext.alpn_len = s->ctx->ext.alpn_len; 82131b855a0Sspz } 822a89c9211Schristos 8235af53050Schristos s->verified_chain = NULL; 824a89c9211Schristos s->verify_result = X509_V_OK; 825a89c9211Schristos 8265af53050Schristos s->default_passwd_callback = ctx->default_passwd_callback; 8275af53050Schristos s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata; 8285af53050Schristos 829a89c9211Schristos s->method = ctx->method; 830a89c9211Schristos 831e0ea3921Schristos s->key_update = SSL_KEY_UPDATE_NONE; 832e0ea3921Schristos 833e0ea3921Schristos s->allow_early_data_cb = ctx->allow_early_data_cb; 834e0ea3921Schristos s->allow_early_data_cb_data = ctx->allow_early_data_cb_data; 835e0ea3921Schristos 836a89c9211Schristos if (!s->method->ssl_new(s)) 837a89c9211Schristos goto err; 838a89c9211Schristos 839a89c9211Schristos s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; 840a89c9211Schristos 8415af53050Schristos if (!SSL_clear(s)) 8425af53050Schristos goto err; 843a89c9211Schristos 8445af53050Schristos if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data)) 8455af53050Schristos goto err; 846a89c9211Schristos 847a89c9211Schristos #ifndef OPENSSL_NO_PSK 848a89c9211Schristos s->psk_client_callback = ctx->psk_client_callback; 849a89c9211Schristos s->psk_server_callback = ctx->psk_server_callback; 850a89c9211Schristos #endif 851e0ea3921Schristos s->psk_find_session_cb = ctx->psk_find_session_cb; 852e0ea3921Schristos s->psk_use_session_cb = ctx->psk_use_session_cb; 853a89c9211Schristos 8548fbed61eSchristos s->async_cb = ctx->async_cb; 8558fbed61eSchristos s->async_cb_arg = ctx->async_cb_arg; 8568fbed61eSchristos 8575af53050Schristos s->job = NULL; 8585af53050Schristos 8595af53050Schristos #ifndef OPENSSL_NO_CT 8605af53050Schristos if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback, 8615af53050Schristos ctx->ct_validation_callback_arg)) 8625af53050Schristos goto err; 8635af53050Schristos #endif 8645af53050Schristos 8655af53050Schristos return s; 866a89c9211Schristos err: 867805debc4Sspz SSL_free(s); 8688fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 8695af53050Schristos return NULL; 8705af53050Schristos } 8715af53050Schristos 8725af53050Schristos int SSL_is_dtls(const SSL *s) 8735af53050Schristos { 8745af53050Schristos return SSL_IS_DTLS(s) ? 1 : 0; 8755af53050Schristos } 8765af53050Schristos 8775af53050Schristos int SSL_up_ref(SSL *s) 8785af53050Schristos { 8795af53050Schristos int i; 8805af53050Schristos 881e0ea3921Schristos if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0) 8825af53050Schristos return 0; 8835af53050Schristos 8845af53050Schristos REF_PRINT_COUNT("SSL", s); 8855af53050Schristos REF_ASSERT_ISNT(i < 2); 8865af53050Schristos return ((i > 1) ? 1 : 0); 887a89c9211Schristos } 888a89c9211Schristos 889a89c9211Schristos int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, 890a89c9211Schristos unsigned int sid_ctx_len) 891a89c9211Schristos { 892403eeac4Schristos if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 8938fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 894a89c9211Schristos return 0; 895a89c9211Schristos } 896a89c9211Schristos ctx->sid_ctx_length = sid_ctx_len; 897a89c9211Schristos memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); 898a89c9211Schristos 899a89c9211Schristos return 1; 900a89c9211Schristos } 901a89c9211Schristos 902a89c9211Schristos int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, 903a89c9211Schristos unsigned int sid_ctx_len) 904a89c9211Schristos { 9059cef71b6Sspz if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 9068fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 907a89c9211Schristos return 0; 908a89c9211Schristos } 909a89c9211Schristos ssl->sid_ctx_length = sid_ctx_len; 910a89c9211Schristos memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); 911a89c9211Schristos 912a89c9211Schristos return 1; 913a89c9211Schristos } 914a89c9211Schristos 915a89c9211Schristos int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) 916a89c9211Schristos { 9178fbed61eSchristos if (!CRYPTO_THREAD_write_lock(ctx->lock)) 9188fbed61eSchristos return 0; 919a89c9211Schristos ctx->generate_session_id = cb; 9205af53050Schristos CRYPTO_THREAD_unlock(ctx->lock); 921a89c9211Schristos return 1; 922a89c9211Schristos } 923a89c9211Schristos 924a89c9211Schristos int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) 925a89c9211Schristos { 9268fbed61eSchristos if (!CRYPTO_THREAD_write_lock(ssl->lock)) 9278fbed61eSchristos return 0; 928a89c9211Schristos ssl->generate_session_id = cb; 9295af53050Schristos CRYPTO_THREAD_unlock(ssl->lock); 930a89c9211Schristos return 1; 931a89c9211Schristos } 932a89c9211Schristos 933a89c9211Schristos int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 934a89c9211Schristos unsigned int id_len) 935a89c9211Schristos { 9369cef71b6Sspz /* 9379cef71b6Sspz * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how 9385af53050Schristos * we can "construct" a session to give us the desired check - i.e. to 939a89c9211Schristos * find if there's a session in the hash table that would conflict with 9409cef71b6Sspz * any new session built out of this id/id_len and the ssl_version in use 9419cef71b6Sspz * by this SSL. 9429cef71b6Sspz */ 943a89c9211Schristos SSL_SESSION r, *p; 944a89c9211Schristos 94578327f04Schristos if (id_len > sizeof(r.session_id)) 946a89c9211Schristos return 0; 947a89c9211Schristos 948a89c9211Schristos r.ssl_version = ssl->version; 949a89c9211Schristos r.session_id_length = id_len; 950a89c9211Schristos memcpy(r.session_id, id, id_len); 951a89c9211Schristos 9528fbed61eSchristos if (!CRYPTO_THREAD_read_lock(ssl->session_ctx->lock)) 9538fbed61eSchristos return 0; 9545af53050Schristos p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r); 9555af53050Schristos CRYPTO_THREAD_unlock(ssl->session_ctx->lock); 956a89c9211Schristos return (p != NULL); 957a89c9211Schristos } 958a89c9211Schristos 959a89c9211Schristos int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) 960a89c9211Schristos { 961a89c9211Schristos return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 962a89c9211Schristos } 963a89c9211Schristos 964a89c9211Schristos int SSL_set_purpose(SSL *s, int purpose) 965a89c9211Schristos { 966a89c9211Schristos return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 967a89c9211Schristos } 968a89c9211Schristos 969a89c9211Schristos int SSL_CTX_set_trust(SSL_CTX *s, int trust) 970a89c9211Schristos { 971a89c9211Schristos return X509_VERIFY_PARAM_set_trust(s->param, trust); 972a89c9211Schristos } 973a89c9211Schristos 974a89c9211Schristos int SSL_set_trust(SSL *s, int trust) 975a89c9211Schristos { 976a89c9211Schristos return X509_VERIFY_PARAM_set_trust(s->param, trust); 977a89c9211Schristos } 978a89c9211Schristos 9795af53050Schristos int SSL_set1_host(SSL *s, const char *hostname) 9805af53050Schristos { 9818fbed61eSchristos /* If a hostname is provided and parses as an IP address, 9828fbed61eSchristos * treat it as such. */ 9838fbed61eSchristos if (hostname && X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname) == 1) 9848fbed61eSchristos return 1; 9858fbed61eSchristos 9865af53050Schristos return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); 9875af53050Schristos } 9885af53050Schristos 9895af53050Schristos int SSL_add1_host(SSL *s, const char *hostname) 9905af53050Schristos { 9918fbed61eSchristos /* If a hostname is provided and parses as an IP address, 9928fbed61eSchristos * treat it as such. */ 9938fbed61eSchristos if (hostname) 9948fbed61eSchristos { 9958fbed61eSchristos ASN1_OCTET_STRING *ip; 9968fbed61eSchristos char *old_ip; 9978fbed61eSchristos 9988fbed61eSchristos ip = a2i_IPADDRESS(hostname); 9998fbed61eSchristos if (ip) { 10008fbed61eSchristos /* We didn't want it; only to check if it *is* an IP address */ 10018fbed61eSchristos ASN1_OCTET_STRING_free(ip); 10028fbed61eSchristos 10038fbed61eSchristos old_ip = X509_VERIFY_PARAM_get1_ip_asc(s->param); 10048fbed61eSchristos if (old_ip) 10058fbed61eSchristos { 10068fbed61eSchristos OPENSSL_free(old_ip); 10078fbed61eSchristos /* There can be only one IP address */ 10088fbed61eSchristos return 0; 10098fbed61eSchristos } 10108fbed61eSchristos 10118fbed61eSchristos return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname); 10128fbed61eSchristos } 10138fbed61eSchristos } 10148fbed61eSchristos 10155af53050Schristos return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0); 10165af53050Schristos } 10175af53050Schristos 10185af53050Schristos void SSL_set_hostflags(SSL *s, unsigned int flags) 10195af53050Schristos { 10205af53050Schristos X509_VERIFY_PARAM_set_hostflags(s->param, flags); 10215af53050Schristos } 10225af53050Schristos 10235af53050Schristos const char *SSL_get0_peername(SSL *s) 10245af53050Schristos { 10255af53050Schristos return X509_VERIFY_PARAM_get0_peername(s->param); 10265af53050Schristos } 10275af53050Schristos 10285af53050Schristos int SSL_CTX_dane_enable(SSL_CTX *ctx) 10295af53050Schristos { 10305af53050Schristos return dane_ctx_enable(&ctx->dane); 10315af53050Schristos } 10325af53050Schristos 10335af53050Schristos unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags) 10345af53050Schristos { 10355af53050Schristos unsigned long orig = ctx->dane.flags; 10365af53050Schristos 10375af53050Schristos ctx->dane.flags |= flags; 10385af53050Schristos return orig; 10395af53050Schristos } 10405af53050Schristos 10415af53050Schristos unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags) 10425af53050Schristos { 10435af53050Schristos unsigned long orig = ctx->dane.flags; 10445af53050Schristos 10455af53050Schristos ctx->dane.flags &= ~flags; 10465af53050Schristos return orig; 10475af53050Schristos } 10485af53050Schristos 10495af53050Schristos int SSL_dane_enable(SSL *s, const char *basedomain) 10505af53050Schristos { 10515af53050Schristos SSL_DANE *dane = &s->dane; 10525af53050Schristos 10535af53050Schristos if (s->ctx->dane.mdmax == 0) { 10548fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_CONTEXT_NOT_DANE_ENABLED); 10555af53050Schristos return 0; 10565af53050Schristos } 10575af53050Schristos if (dane->trecs != NULL) { 10588fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_ALREADY_ENABLED); 10595af53050Schristos return 0; 10605af53050Schristos } 10615af53050Schristos 10625af53050Schristos /* 10635af53050Schristos * Default SNI name. This rejects empty names, while set1_host below 10645af53050Schristos * accepts them and disables host name checks. To avoid side-effects with 10655af53050Schristos * invalid input, set the SNI name first. 10665af53050Schristos */ 1067e0ea3921Schristos if (s->ext.hostname == NULL) { 10685af53050Schristos if (!SSL_set_tlsext_host_name(s, basedomain)) { 10698fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); 10705af53050Schristos return -1; 10715af53050Schristos } 10725af53050Schristos } 10735af53050Schristos 10745af53050Schristos /* Primary RFC6125 reference identifier */ 10755af53050Schristos if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) { 10768fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); 10775af53050Schristos return -1; 10785af53050Schristos } 10795af53050Schristos 10805af53050Schristos dane->mdpth = -1; 10815af53050Schristos dane->pdpth = -1; 10825af53050Schristos dane->dctx = &s->ctx->dane; 10835af53050Schristos dane->trecs = sk_danetls_record_new_null(); 10845af53050Schristos 10855af53050Schristos if (dane->trecs == NULL) { 10868fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 10875af53050Schristos return -1; 10885af53050Schristos } 10895af53050Schristos return 1; 10905af53050Schristos } 10915af53050Schristos 10925af53050Schristos unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags) 10935af53050Schristos { 10945af53050Schristos unsigned long orig = ssl->dane.flags; 10955af53050Schristos 10965af53050Schristos ssl->dane.flags |= flags; 10975af53050Schristos return orig; 10985af53050Schristos } 10995af53050Schristos 11005af53050Schristos unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags) 11015af53050Schristos { 11025af53050Schristos unsigned long orig = ssl->dane.flags; 11035af53050Schristos 11045af53050Schristos ssl->dane.flags &= ~flags; 11055af53050Schristos return orig; 11065af53050Schristos } 11075af53050Schristos 11085af53050Schristos int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki) 11095af53050Schristos { 11105af53050Schristos SSL_DANE *dane = &s->dane; 11115af53050Schristos 11125af53050Schristos if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK) 11135af53050Schristos return -1; 11145af53050Schristos if (dane->mtlsa) { 11155af53050Schristos if (mcert) 11165af53050Schristos *mcert = dane->mcert; 11175af53050Schristos if (mspki) 11185af53050Schristos *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL; 11195af53050Schristos } 11205af53050Schristos return dane->mdpth; 11215af53050Schristos } 11225af53050Schristos 11235af53050Schristos int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, 11248fbed61eSchristos uint8_t *mtype, const unsigned char **data, size_t *dlen) 11255af53050Schristos { 11265af53050Schristos SSL_DANE *dane = &s->dane; 11275af53050Schristos 11285af53050Schristos if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK) 11295af53050Schristos return -1; 11305af53050Schristos if (dane->mtlsa) { 11315af53050Schristos if (usage) 11325af53050Schristos *usage = dane->mtlsa->usage; 11335af53050Schristos if (selector) 11345af53050Schristos *selector = dane->mtlsa->selector; 11355af53050Schristos if (mtype) 11365af53050Schristos *mtype = dane->mtlsa->mtype; 11375af53050Schristos if (data) 11385af53050Schristos *data = dane->mtlsa->data; 11395af53050Schristos if (dlen) 11405af53050Schristos *dlen = dane->mtlsa->dlen; 11415af53050Schristos } 11425af53050Schristos return dane->mdpth; 11435af53050Schristos } 11445af53050Schristos 11455af53050Schristos SSL_DANE *SSL_get0_dane(SSL *s) 11465af53050Schristos { 11475af53050Schristos return &s->dane; 11485af53050Schristos } 11495af53050Schristos 11505af53050Schristos int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, 11518fbed61eSchristos uint8_t mtype, const unsigned char *data, size_t dlen) 11525af53050Schristos { 11535af53050Schristos return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen); 11545af53050Schristos } 11555af53050Schristos 11565af53050Schristos int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, 11575af53050Schristos uint8_t ord) 11585af53050Schristos { 11595af53050Schristos return dane_mtype_set(&ctx->dane, md, mtype, ord); 11605af53050Schristos } 11615af53050Schristos 1162a89c9211Schristos int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) 1163a89c9211Schristos { 1164a89c9211Schristos return X509_VERIFY_PARAM_set1(ctx->param, vpm); 1165a89c9211Schristos } 1166a89c9211Schristos 1167a89c9211Schristos int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) 1168a89c9211Schristos { 1169a89c9211Schristos return X509_VERIFY_PARAM_set1(ssl->param, vpm); 1170a89c9211Schristos } 1171a89c9211Schristos 117231b855a0Sspz X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) 117331b855a0Sspz { 117431b855a0Sspz return ctx->param; 117531b855a0Sspz } 117631b855a0Sspz 117731b855a0Sspz X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) 117831b855a0Sspz { 117931b855a0Sspz return ssl->param; 118031b855a0Sspz } 118131b855a0Sspz 118231b855a0Sspz void SSL_certs_clear(SSL *s) 118331b855a0Sspz { 118431b855a0Sspz ssl_cert_clear_certs(s->cert); 118531b855a0Sspz } 118631b855a0Sspz 1187a89c9211Schristos void SSL_free(SSL *s) 1188a89c9211Schristos { 1189a89c9211Schristos int i; 1190a89c9211Schristos 1191a89c9211Schristos if (s == NULL) 1192a89c9211Schristos return; 1193e0ea3921Schristos CRYPTO_DOWN_REF(&s->references, &i, s->lock); 11945af53050Schristos REF_PRINT_COUNT("SSL", s); 11959cef71b6Sspz if (i > 0) 11969cef71b6Sspz return; 11975af53050Schristos REF_ASSERT_ISNT(i < 0); 1198a89c9211Schristos 1199a89c9211Schristos X509_VERIFY_PARAM_free(s->param); 12005af53050Schristos dane_final(&s->dane); 1201a89c9211Schristos CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 1202a89c9211Schristos 12038fbed61eSchristos RECORD_LAYER_release(&s->rlayer); 12048fbed61eSchristos 1205e0ea3921Schristos /* Ignore return value */ 12065af53050Schristos ssl_free_wbio_buffer(s); 1207a89c9211Schristos 12085af53050Schristos BIO_free_all(s->wbio); 12098fbed61eSchristos s->wbio = NULL; 12105af53050Schristos BIO_free_all(s->rbio); 12118fbed61eSchristos s->rbio = NULL; 12125af53050Schristos 12139cef71b6Sspz BUF_MEM_free(s->init_buf); 1214a89c9211Schristos 1215a89c9211Schristos /* add extra stuff */ 12169cef71b6Sspz sk_SSL_CIPHER_free(s->cipher_list); 12179cef71b6Sspz sk_SSL_CIPHER_free(s->cipher_list_by_id); 1218e0ea3921Schristos sk_SSL_CIPHER_free(s->tls13_ciphersuites); 1219403eeac4Schristos sk_SSL_CIPHER_free(s->peer_ciphers); 1220a89c9211Schristos 1221a89c9211Schristos /* Make the next call work :-) */ 12229cef71b6Sspz if (s->session != NULL) { 1223a89c9211Schristos ssl_clear_bad_session(s); 1224a89c9211Schristos SSL_SESSION_free(s->session); 1225a89c9211Schristos } 1226e0ea3921Schristos SSL_SESSION_free(s->psksession); 1227e0ea3921Schristos OPENSSL_free(s->psksession_id); 1228a89c9211Schristos 12299cef71b6Sspz ssl_cert_free(s->cert); 1230403eeac4Schristos OPENSSL_free(s->shared_sigalgs); 1231a89c9211Schristos /* Free up if allocated */ 1232a89c9211Schristos 1233e0ea3921Schristos OPENSSL_free(s->ext.hostname); 12345af53050Schristos SSL_CTX_free(s->session_ctx); 1235e0ea3921Schristos OPENSSL_free(s->ext.ecpointformats); 1236403eeac4Schristos OPENSSL_free(s->ext.peer_ecpointformats); 1237e0ea3921Schristos OPENSSL_free(s->ext.supportedgroups); 1238403eeac4Schristos OPENSSL_free(s->ext.peer_supportedgroups); 1239e0ea3921Schristos sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free); 12405af53050Schristos #ifndef OPENSSL_NO_OCSP 1241e0ea3921Schristos sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free); 1242a89c9211Schristos #endif 12435af53050Schristos #ifndef OPENSSL_NO_CT 12445af53050Schristos SCT_LIST_free(s->scts); 1245e0ea3921Schristos OPENSSL_free(s->ext.scts); 12465af53050Schristos #endif 1247e0ea3921Schristos OPENSSL_free(s->ext.ocsp.resp); 1248e0ea3921Schristos OPENSSL_free(s->ext.alpn); 1249e0ea3921Schristos OPENSSL_free(s->ext.tls13_cookie); 12504a7cf967Schristos if (s->clienthello != NULL) 12514a7cf967Schristos OPENSSL_free(s->clienthello->pre_proc_exts); 1252e0ea3921Schristos OPENSSL_free(s->clienthello); 1253e0ea3921Schristos OPENSSL_free(s->pha_context); 1254e0ea3921Schristos EVP_MD_CTX_free(s->pha_dgst); 1255a89c9211Schristos 1256e0ea3921Schristos sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free); 1257bf8eace1Schristos sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free); 1258a89c9211Schristos 12595af53050Schristos sk_X509_pop_free(s->verified_chain, X509_free); 12605af53050Schristos 12619cef71b6Sspz if (s->method != NULL) 12629cef71b6Sspz s->method->ssl_free(s); 1263a89c9211Schristos 1264b46c97feSchristos /* 1265b46c97feSchristos * Must occur after s->method->ssl_free(). The DTLS sent_messages queue 1266b46c97feSchristos * may reference the EVP_CIPHER_CTX/EVP_MD_CTX that are freed here. 1267b46c97feSchristos */ 1268b46c97feSchristos clear_ciphers(s); 1269b46c97feSchristos 12709cef71b6Sspz SSL_CTX_free(s->ctx); 1271cef2ee70Schristos 12725af53050Schristos ASYNC_WAIT_CTX_free(s->waitctx); 1273a89c9211Schristos 12745af53050Schristos #if !defined(OPENSSL_NO_NEXTPROTONEG) 1275e0ea3921Schristos OPENSSL_free(s->ext.npn); 127632daad53Schristos #endif 127732daad53Schristos 12785f71164aSchristos #ifndef OPENSSL_NO_SRTP 127932daad53Schristos sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); 12805f71164aSchristos #endif 128132daad53Schristos 12825af53050Schristos CRYPTO_THREAD_lock_free(s->lock); 12835af53050Schristos 1284a89c9211Schristos OPENSSL_free(s); 1285a89c9211Schristos } 1286a89c9211Schristos 12875af53050Schristos void SSL_set0_rbio(SSL *s, BIO *rbio) 12885af53050Schristos { 12895af53050Schristos BIO_free_all(s->rbio); 12905af53050Schristos s->rbio = rbio; 12915af53050Schristos } 12925af53050Schristos 12935af53050Schristos void SSL_set0_wbio(SSL *s, BIO *wbio) 12945af53050Schristos { 12955af53050Schristos /* 12965af53050Schristos * If the output buffering BIO is still in place, remove it 12975af53050Schristos */ 12985af53050Schristos if (s->bbio != NULL) 12995af53050Schristos s->wbio = BIO_pop(s->wbio); 13005af53050Schristos 13015af53050Schristos BIO_free_all(s->wbio); 13025af53050Schristos s->wbio = wbio; 13035af53050Schristos 13045af53050Schristos /* Re-attach |bbio| to the new |wbio|. */ 13055af53050Schristos if (s->bbio != NULL) 13065af53050Schristos s->wbio = BIO_push(s->bbio, s->wbio); 13075af53050Schristos } 13085af53050Schristos 1309a89c9211Schristos void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) 1310a89c9211Schristos { 13119cef71b6Sspz /* 13125af53050Schristos * For historical reasons, this function has many different cases in 13135af53050Schristos * ownership handling. 1314a89c9211Schristos */ 13155af53050Schristos 13165af53050Schristos /* If nothing has changed, do nothing */ 13175af53050Schristos if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s)) 13185af53050Schristos return; 13195af53050Schristos 13205af53050Schristos /* 13215af53050Schristos * If the two arguments are equal then one fewer reference is granted by the 13225af53050Schristos * caller than we want to take 13235af53050Schristos */ 13245af53050Schristos if (rbio != NULL && rbio == wbio) 13255af53050Schristos BIO_up_ref(rbio); 13265af53050Schristos 13275af53050Schristos /* 13285af53050Schristos * If only the wbio is changed only adopt one reference. 13295af53050Schristos */ 13305af53050Schristos if (rbio == SSL_get_rbio(s)) { 13315af53050Schristos SSL_set0_wbio(s, wbio); 13325af53050Schristos return; 1333a89c9211Schristos } 13345af53050Schristos /* 13355af53050Schristos * There is an asymmetry here for historical reasons. If only the rbio is 13365af53050Schristos * changed AND the rbio and wbio were originally different, then we only 13375af53050Schristos * adopt one reference. 13385af53050Schristos */ 13395af53050Schristos if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) { 13405af53050Schristos SSL_set0_rbio(s, rbio); 13415af53050Schristos return; 1342a89c9211Schristos } 13435af53050Schristos 13445af53050Schristos /* Otherwise, adopt both references. */ 13455af53050Schristos SSL_set0_rbio(s, rbio); 13465af53050Schristos SSL_set0_wbio(s, wbio); 1347a89c9211Schristos } 1348a89c9211Schristos 1349a89c9211Schristos BIO *SSL_get_rbio(const SSL *s) 13509cef71b6Sspz { 13515af53050Schristos return s->rbio; 13529cef71b6Sspz } 1353a89c9211Schristos 1354a89c9211Schristos BIO *SSL_get_wbio(const SSL *s) 13559cef71b6Sspz { 13565af53050Schristos if (s->bbio != NULL) { 13575af53050Schristos /* 13585af53050Schristos * If |bbio| is active, the true caller-configured BIO is its 13595af53050Schristos * |next_bio|. 13605af53050Schristos */ 13615af53050Schristos return BIO_next(s->bbio); 13625af53050Schristos } 13635af53050Schristos return s->wbio; 13649cef71b6Sspz } 1365a89c9211Schristos 1366a89c9211Schristos int SSL_get_fd(const SSL *s) 1367a89c9211Schristos { 13685af53050Schristos return SSL_get_rfd(s); 1369a89c9211Schristos } 1370a89c9211Schristos 1371a89c9211Schristos int SSL_get_rfd(const SSL *s) 1372a89c9211Schristos { 1373a89c9211Schristos int ret = -1; 1374a89c9211Schristos BIO *b, *r; 1375a89c9211Schristos 1376a89c9211Schristos b = SSL_get_rbio(s); 1377a89c9211Schristos r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 1378a89c9211Schristos if (r != NULL) 1379a89c9211Schristos BIO_get_fd(r, &ret); 1380e0ea3921Schristos return ret; 1381a89c9211Schristos } 1382a89c9211Schristos 1383a89c9211Schristos int SSL_get_wfd(const SSL *s) 1384a89c9211Schristos { 1385a89c9211Schristos int ret = -1; 1386a89c9211Schristos BIO *b, *r; 1387a89c9211Schristos 1388a89c9211Schristos b = SSL_get_wbio(s); 1389a89c9211Schristos r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 1390a89c9211Schristos if (r != NULL) 1391a89c9211Schristos BIO_get_fd(r, &ret); 1392e0ea3921Schristos return ret; 1393a89c9211Schristos } 1394a89c9211Schristos 1395a89c9211Schristos #ifndef OPENSSL_NO_SOCK 1396a89c9211Schristos int SSL_set_fd(SSL *s, int fd) 1397a89c9211Schristos { 1398a89c9211Schristos int ret = 0; 1399a89c9211Schristos BIO *bio = NULL; 1400a89c9211Schristos 1401a89c9211Schristos bio = BIO_new(BIO_s_socket()); 1402a89c9211Schristos 14039cef71b6Sspz if (bio == NULL) { 14048fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 1405a89c9211Schristos goto err; 1406a89c9211Schristos } 1407a89c9211Schristos BIO_set_fd(bio, fd, BIO_NOCLOSE); 1408a89c9211Schristos SSL_set_bio(s, bio, bio); 14098fbed61eSchristos #ifndef OPENSSL_NO_KTLS 14108fbed61eSchristos /* 14118fbed61eSchristos * The new socket is created successfully regardless of ktls_enable. 14128fbed61eSchristos * ktls_enable doesn't change any functionality of the socket, except 14138fbed61eSchristos * changing the setsockopt to enable the processing of ktls_start. 14148fbed61eSchristos * Thus, it is not a problem to call it for non-TLS sockets. 14158fbed61eSchristos */ 14168fbed61eSchristos ktls_enable(fd); 14178fbed61eSchristos #endif /* OPENSSL_NO_KTLS */ 1418a89c9211Schristos ret = 1; 1419a89c9211Schristos err: 1420e0ea3921Schristos return ret; 1421a89c9211Schristos } 1422a89c9211Schristos 1423a89c9211Schristos int SSL_set_wfd(SSL *s, int fd) 1424a89c9211Schristos { 14255af53050Schristos BIO *rbio = SSL_get_rbio(s); 1426a89c9211Schristos 14275af53050Schristos if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET 14285af53050Schristos || (int)BIO_get_fd(rbio, NULL) != fd) { 14295af53050Schristos BIO *bio = BIO_new(BIO_s_socket()); 1430a89c9211Schristos 14319cef71b6Sspz if (bio == NULL) { 14328fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 14335af53050Schristos return 0; 14349cef71b6Sspz } 1435a89c9211Schristos BIO_set_fd(bio, fd, BIO_NOCLOSE); 14365af53050Schristos SSL_set0_wbio(s, bio); 14378fbed61eSchristos #ifndef OPENSSL_NO_KTLS 14388fbed61eSchristos /* 14398fbed61eSchristos * The new socket is created successfully regardless of ktls_enable. 14408fbed61eSchristos * ktls_enable doesn't change any functionality of the socket, except 14418fbed61eSchristos * changing the setsockopt to enable the processing of ktls_start. 14428fbed61eSchristos * Thus, it is not a problem to call it for non-TLS sockets. 14438fbed61eSchristos */ 14448fbed61eSchristos ktls_enable(fd); 14458fbed61eSchristos #endif /* OPENSSL_NO_KTLS */ 14465af53050Schristos } else { 14475af53050Schristos BIO_up_ref(rbio); 14485af53050Schristos SSL_set0_wbio(s, rbio); 14495af53050Schristos } 14505af53050Schristos return 1; 1451a89c9211Schristos } 1452a89c9211Schristos 1453a89c9211Schristos int SSL_set_rfd(SSL *s, int fd) 1454a89c9211Schristos { 14555af53050Schristos BIO *wbio = SSL_get_wbio(s); 1456a89c9211Schristos 14575af53050Schristos if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET 14585af53050Schristos || ((int)BIO_get_fd(wbio, NULL) != fd)) { 14595af53050Schristos BIO *bio = BIO_new(BIO_s_socket()); 1460a89c9211Schristos 14619cef71b6Sspz if (bio == NULL) { 14628fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 14635af53050Schristos return 0; 1464a89c9211Schristos } 1465a89c9211Schristos BIO_set_fd(bio, fd, BIO_NOCLOSE); 14665af53050Schristos SSL_set0_rbio(s, bio); 14675af53050Schristos } else { 14685af53050Schristos BIO_up_ref(wbio); 14695af53050Schristos SSL_set0_rbio(s, wbio); 14705af53050Schristos } 14715af53050Schristos 14725af53050Schristos return 1; 1473a89c9211Schristos } 1474a89c9211Schristos #endif 1475a89c9211Schristos 1476a89c9211Schristos /* return length of latest Finished message we sent, copy to 'buf' */ 1477a89c9211Schristos size_t SSL_get_finished(const SSL *s, void *buf, size_t count) 1478a89c9211Schristos { 1479a89c9211Schristos size_t ret = 0; 1480a89c9211Schristos 14818fbed61eSchristos ret = s->s3.tmp.finish_md_len; 1482a89c9211Schristos if (count > ret) 1483a89c9211Schristos count = ret; 14848fbed61eSchristos memcpy(buf, s->s3.tmp.finish_md, count); 1485a89c9211Schristos return ret; 1486a89c9211Schristos } 1487a89c9211Schristos 1488a89c9211Schristos /* return length of latest Finished message we expected, copy to 'buf' */ 1489a89c9211Schristos size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) 1490a89c9211Schristos { 1491a89c9211Schristos size_t ret = 0; 1492a89c9211Schristos 14938fbed61eSchristos ret = s->s3.tmp.peer_finish_md_len; 1494a89c9211Schristos if (count > ret) 1495a89c9211Schristos count = ret; 14968fbed61eSchristos memcpy(buf, s->s3.tmp.peer_finish_md, count); 1497a89c9211Schristos return ret; 1498a89c9211Schristos } 1499a89c9211Schristos 1500a89c9211Schristos int SSL_get_verify_mode(const SSL *s) 1501a89c9211Schristos { 1502e0ea3921Schristos return s->verify_mode; 1503a89c9211Schristos } 1504a89c9211Schristos 1505a89c9211Schristos int SSL_get_verify_depth(const SSL *s) 1506a89c9211Schristos { 1507a89c9211Schristos return X509_VERIFY_PARAM_get_depth(s->param); 1508a89c9211Schristos } 1509a89c9211Schristos 15109cef71b6Sspz int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) { 1511e0ea3921Schristos return s->verify_callback; 1512a89c9211Schristos } 1513a89c9211Schristos 1514a89c9211Schristos int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) 1515a89c9211Schristos { 1516e0ea3921Schristos return ctx->verify_mode; 1517a89c9211Schristos } 1518a89c9211Schristos 1519a89c9211Schristos int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) 1520a89c9211Schristos { 1521a89c9211Schristos return X509_VERIFY_PARAM_get_depth(ctx->param); 1522a89c9211Schristos } 1523a89c9211Schristos 15249cef71b6Sspz int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) { 1525e0ea3921Schristos return ctx->default_verify_callback; 1526a89c9211Schristos } 1527a89c9211Schristos 1528a89c9211Schristos void SSL_set_verify(SSL *s, int mode, 1529a89c9211Schristos int (*callback) (int ok, X509_STORE_CTX *ctx)) 1530a89c9211Schristos { 1531a89c9211Schristos s->verify_mode = mode; 1532a89c9211Schristos if (callback != NULL) 1533a89c9211Schristos s->verify_callback = callback; 1534a89c9211Schristos } 1535a89c9211Schristos 1536a89c9211Schristos void SSL_set_verify_depth(SSL *s, int depth) 1537a89c9211Schristos { 1538a89c9211Schristos X509_VERIFY_PARAM_set_depth(s->param, depth); 1539a89c9211Schristos } 1540a89c9211Schristos 1541a89c9211Schristos void SSL_set_read_ahead(SSL *s, int yes) 1542a89c9211Schristos { 15435af53050Schristos RECORD_LAYER_set_read_ahead(&s->rlayer, yes); 1544a89c9211Schristos } 1545a89c9211Schristos 1546a89c9211Schristos int SSL_get_read_ahead(const SSL *s) 1547a89c9211Schristos { 15485af53050Schristos return RECORD_LAYER_get_read_ahead(&s->rlayer); 1549a89c9211Schristos } 1550a89c9211Schristos 1551a89c9211Schristos int SSL_pending(const SSL *s) 1552a89c9211Schristos { 1553e0ea3921Schristos size_t pending = s->method->ssl_pending(s); 1554e0ea3921Schristos 15559cef71b6Sspz /* 15569cef71b6Sspz * SSL_pending cannot work properly if read-ahead is enabled 15579cef71b6Sspz * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is 15589cef71b6Sspz * impossible to fix since SSL_pending cannot report errors that may be 15599cef71b6Sspz * observed while scanning the new data. (Note that SSL_pending() is 15609cef71b6Sspz * often used as a boolean value, so we'd better not return -1.) 1561e0ea3921Schristos * 1562e0ea3921Schristos * SSL_pending also cannot work properly if the value >INT_MAX. In that case 1563e0ea3921Schristos * we just return INT_MAX. 1564a89c9211Schristos */ 1565e0ea3921Schristos return pending < INT_MAX ? (int)pending : INT_MAX; 1566a89c9211Schristos } 1567a89c9211Schristos 15685af53050Schristos int SSL_has_pending(const SSL *s) 15695af53050Schristos { 15705af53050Schristos /* 15715af53050Schristos * Similar to SSL_pending() but returns a 1 to indicate that we have 1572be43b372Schristos * processed or unprocessed data available or 0 otherwise (as opposed to the 1573be43b372Schristos * number of bytes available). Unlike SSL_pending() this will take into 1574be43b372Schristos * account read_ahead data. A 1 return simply indicates that we have data. 1575be43b372Schristos * That data may not result in any application data, or we may fail to parse 1576be43b372Schristos * the records for some reason. 15775af53050Schristos */ 1578be43b372Schristos 1579be43b372Schristos /* Check buffered app data if any first */ 1580be43b372Schristos if (SSL_IS_DTLS(s)) { 1581be43b372Schristos DTLS1_RECORD_DATA *rdata; 1582be43b372Schristos pitem *item, *iter; 1583be43b372Schristos 1584be43b372Schristos iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q); 1585be43b372Schristos while ((item = pqueue_next(&iter)) != NULL) { 1586be43b372Schristos rdata = item->data; 1587be43b372Schristos if (rdata->rrec.length > 0) 1588be43b372Schristos return 1; 1589be43b372Schristos } 1590be43b372Schristos } 1591be43b372Schristos 15925af53050Schristos if (RECORD_LAYER_processed_read_pending(&s->rlayer)) 15935af53050Schristos return 1; 15945af53050Schristos 15955af53050Schristos return RECORD_LAYER_read_pending(&s->rlayer); 15965af53050Schristos } 15975af53050Schristos 15988fbed61eSchristos X509 *SSL_get1_peer_certificate(const SSL *s) 1599a89c9211Schristos { 16008fbed61eSchristos X509 *r = SSL_get0_peer_certificate(s); 1601a89c9211Schristos 16028fbed61eSchristos if (r != NULL) 16035af53050Schristos X509_up_ref(r); 1604a89c9211Schristos 1605e0ea3921Schristos return r; 1606a89c9211Schristos } 1607a89c9211Schristos 16088fbed61eSchristos X509 *SSL_get0_peer_certificate(const SSL *s) 16098fbed61eSchristos { 16108fbed61eSchristos if ((s == NULL) || (s->session == NULL)) 16118fbed61eSchristos return NULL; 16128fbed61eSchristos else 16138fbed61eSchristos return s->session->peer; 16148fbed61eSchristos } 16158fbed61eSchristos 1616a89c9211Schristos STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) 1617a89c9211Schristos { 1618a89c9211Schristos STACK_OF(X509) *r; 1619a89c9211Schristos 16205af53050Schristos if ((s == NULL) || (s->session == NULL)) 1621a89c9211Schristos r = NULL; 1622a89c9211Schristos else 16235af53050Schristos r = s->session->peer_chain; 1624a89c9211Schristos 16259cef71b6Sspz /* 16269cef71b6Sspz * If we are a client, cert_chain includes the peer's own certificate; if 16279cef71b6Sspz * we are a server, it does not. 16289cef71b6Sspz */ 1629a89c9211Schristos 1630e0ea3921Schristos return r; 1631a89c9211Schristos } 1632a89c9211Schristos 16339cef71b6Sspz /* 16349cef71b6Sspz * Now in theory, since the calling process own 't' it should be safe to 16359cef71b6Sspz * modify. We need to be able to read f without being hassled 16369cef71b6Sspz */ 16375af53050Schristos int SSL_copy_session_id(SSL *t, const SSL *f) 1638a89c9211Schristos { 16395af53050Schristos int i; 16408fbed61eSchristos /* Do we need to do SSL locking? */ 16415af53050Schristos if (!SSL_set_session(t, SSL_get_session(f))) { 16425af53050Schristos return 0; 1643a89c9211Schristos } 1644a89c9211Schristos 16455af53050Schristos /* 16465af53050Schristos * what if we are setup for one protocol version but want to talk another 16475af53050Schristos */ 16485af53050Schristos if (t->method != f->method) { 16495af53050Schristos t->method->ssl_free(t); 16505af53050Schristos t->method = f->method; 16515af53050Schristos if (t->method->ssl_new(t) == 0) 16525af53050Schristos return 0; 16535af53050Schristos } 16545af53050Schristos 1655e0ea3921Schristos CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock); 16565af53050Schristos ssl_cert_free(t->cert); 1657a89c9211Schristos t->cert = f->cert; 1658e0ea3921Schristos if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) { 16595af53050Schristos return 0; 16605af53050Schristos } 16615af53050Schristos 16625af53050Schristos return 1; 1663a89c9211Schristos } 1664a89c9211Schristos 1665a89c9211Schristos /* Fix this so it checks all the valid key/cert options */ 1666a89c9211Schristos int SSL_CTX_check_private_key(const SSL_CTX *ctx) 1667a89c9211Schristos { 16685af53050Schristos if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) { 16698fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED); 1670e0ea3921Schristos return 0; 1671a89c9211Schristos } 16729cef71b6Sspz if (ctx->cert->key->privatekey == NULL) { 16738fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 1674e0ea3921Schristos return 0; 1675a89c9211Schristos } 1676e0ea3921Schristos return X509_check_private_key 1677e0ea3921Schristos (ctx->cert->key->x509, ctx->cert->key->privatekey); 1678a89c9211Schristos } 1679a89c9211Schristos 1680a89c9211Schristos /* Fix this function so that it takes an optional type parameter */ 1681a89c9211Schristos int SSL_check_private_key(const SSL *ssl) 1682a89c9211Schristos { 16839cef71b6Sspz if (ssl == NULL) { 16848fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 1685e0ea3921Schristos return 0; 1686a89c9211Schristos } 16879cef71b6Sspz if (ssl->cert->key->x509 == NULL) { 16888fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED); 1689e0ea3921Schristos return 0; 1690a89c9211Schristos } 16919cef71b6Sspz if (ssl->cert->key->privatekey == NULL) { 16928fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 1693e0ea3921Schristos return 0; 1694a89c9211Schristos } 1695e0ea3921Schristos return X509_check_private_key(ssl->cert->key->x509, 1696e0ea3921Schristos ssl->cert->key->privatekey); 1697a89c9211Schristos } 1698a89c9211Schristos 16995af53050Schristos int SSL_waiting_for_async(SSL *s) 17005af53050Schristos { 17015af53050Schristos if (s->job) 17025af53050Schristos return 1; 17035af53050Schristos 17045af53050Schristos return 0; 17055af53050Schristos } 17065af53050Schristos 17075af53050Schristos int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds) 17085af53050Schristos { 17095af53050Schristos ASYNC_WAIT_CTX *ctx = s->waitctx; 17105af53050Schristos 17115af53050Schristos if (ctx == NULL) 17125af53050Schristos return 0; 17135af53050Schristos return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds); 17145af53050Schristos } 17155af53050Schristos 17165af53050Schristos int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, 17175af53050Schristos OSSL_ASYNC_FD *delfd, size_t *numdelfds) 17185af53050Schristos { 17195af53050Schristos ASYNC_WAIT_CTX *ctx = s->waitctx; 17205af53050Schristos 17215af53050Schristos if (ctx == NULL) 17225af53050Schristos return 0; 17235af53050Schristos return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd, 17245af53050Schristos numdelfds); 17255af53050Schristos } 17265af53050Schristos 17278fbed61eSchristos int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback) 17288fbed61eSchristos { 17298fbed61eSchristos ctx->async_cb = callback; 17308fbed61eSchristos return 1; 17318fbed61eSchristos } 17328fbed61eSchristos 17338fbed61eSchristos int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg) 17348fbed61eSchristos { 17358fbed61eSchristos ctx->async_cb_arg = arg; 17368fbed61eSchristos return 1; 17378fbed61eSchristos } 17388fbed61eSchristos 17398fbed61eSchristos int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback) 17408fbed61eSchristos { 17418fbed61eSchristos s->async_cb = callback; 17428fbed61eSchristos return 1; 17438fbed61eSchristos } 17448fbed61eSchristos 17458fbed61eSchristos int SSL_set_async_callback_arg(SSL *s, void *arg) 17468fbed61eSchristos { 17478fbed61eSchristos s->async_cb_arg = arg; 17488fbed61eSchristos return 1; 17498fbed61eSchristos } 17508fbed61eSchristos 17518fbed61eSchristos int SSL_get_async_status(SSL *s, int *status) 17528fbed61eSchristos { 17538fbed61eSchristos ASYNC_WAIT_CTX *ctx = s->waitctx; 17548fbed61eSchristos 17558fbed61eSchristos if (ctx == NULL) 17568fbed61eSchristos return 0; 17578fbed61eSchristos *status = ASYNC_WAIT_CTX_get_status(ctx); 17588fbed61eSchristos return 1; 17598fbed61eSchristos } 17608fbed61eSchristos 1761a89c9211Schristos int SSL_accept(SSL *s) 1762a89c9211Schristos { 17635af53050Schristos if (s->handshake_func == NULL) { 1764a89c9211Schristos /* Not properly initialized yet */ 1765a89c9211Schristos SSL_set_accept_state(s); 17665af53050Schristos } 1767a89c9211Schristos 17685af53050Schristos return SSL_do_handshake(s); 1769a89c9211Schristos } 1770a89c9211Schristos 1771a89c9211Schristos int SSL_connect(SSL *s) 1772a89c9211Schristos { 17735af53050Schristos if (s->handshake_func == NULL) { 1774a89c9211Schristos /* Not properly initialized yet */ 1775a89c9211Schristos SSL_set_connect_state(s); 17765af53050Schristos } 1777a89c9211Schristos 17785af53050Schristos return SSL_do_handshake(s); 1779a89c9211Schristos } 1780a89c9211Schristos 1781a89c9211Schristos long SSL_get_default_timeout(const SSL *s) 1782a89c9211Schristos { 1783e0ea3921Schristos return s->method->get_timeout(); 1784a89c9211Schristos } 1785a89c9211Schristos 17868fbed61eSchristos static int ssl_async_wait_ctx_cb(void *arg) 17878fbed61eSchristos { 17888fbed61eSchristos SSL *s = (SSL *)arg; 17898fbed61eSchristos 17908fbed61eSchristos return s->async_cb(s, s->async_cb_arg); 17918fbed61eSchristos } 17928fbed61eSchristos 17935af53050Schristos static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, 17945af53050Schristos int (*func) (void *)) 17955af53050Schristos { 17965af53050Schristos int ret; 17975af53050Schristos if (s->waitctx == NULL) { 17985af53050Schristos s->waitctx = ASYNC_WAIT_CTX_new(); 17995af53050Schristos if (s->waitctx == NULL) 18005af53050Schristos return -1; 18018fbed61eSchristos if (s->async_cb != NULL 18028fbed61eSchristos && !ASYNC_WAIT_CTX_set_callback 18038fbed61eSchristos (s->waitctx, ssl_async_wait_ctx_cb, s)) 18048fbed61eSchristos return -1; 18055af53050Schristos } 1806fb48e4b2Schristos 1807fb48e4b2Schristos s->rwstate = SSL_NOTHING; 18085af53050Schristos switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args, 18095af53050Schristos sizeof(struct ssl_async_args))) { 18105af53050Schristos case ASYNC_ERR: 18115af53050Schristos s->rwstate = SSL_NOTHING; 18128fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_INIT_ASYNC); 18135af53050Schristos return -1; 18145af53050Schristos case ASYNC_PAUSE: 18155af53050Schristos s->rwstate = SSL_ASYNC_PAUSED; 18165af53050Schristos return -1; 18175af53050Schristos case ASYNC_NO_JOBS: 18185af53050Schristos s->rwstate = SSL_ASYNC_NO_JOBS; 18195af53050Schristos return -1; 18205af53050Schristos case ASYNC_FINISH: 18215af53050Schristos s->job = NULL; 18225af53050Schristos return ret; 18235af53050Schristos default: 18245af53050Schristos s->rwstate = SSL_NOTHING; 18258fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); 18265af53050Schristos /* Shouldn't happen */ 18275af53050Schristos return -1; 18285af53050Schristos } 18295af53050Schristos } 18305af53050Schristos 18315af53050Schristos static int ssl_io_intern(void *vargs) 18325af53050Schristos { 18335af53050Schristos struct ssl_async_args *args; 18345af53050Schristos SSL *s; 18355af53050Schristos void *buf; 1836e0ea3921Schristos size_t num; 18375af53050Schristos 18385af53050Schristos args = (struct ssl_async_args *)vargs; 18395af53050Schristos s = args->s; 18405af53050Schristos buf = args->buf; 18415af53050Schristos num = args->num; 18425af53050Schristos switch (args->type) { 18435af53050Schristos case READFUNC: 1844e0ea3921Schristos return args->f.func_read(s, buf, num, &s->asyncrw); 18455af53050Schristos case WRITEFUNC: 1846e0ea3921Schristos return args->f.func_write(s, buf, num, &s->asyncrw); 18475af53050Schristos case OTHERFUNC: 18485af53050Schristos return args->f.func_other(s); 18495af53050Schristos } 18505af53050Schristos return -1; 18515af53050Schristos } 18525af53050Schristos 1853e0ea3921Schristos int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes) 1854a89c9211Schristos { 18555af53050Schristos if (s->handshake_func == NULL) { 18568fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 1857a89c9211Schristos return -1; 1858a89c9211Schristos } 1859a89c9211Schristos 18609cef71b6Sspz if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1861a89c9211Schristos s->rwstate = SSL_NOTHING; 1862e0ea3921Schristos return 0; 1863a89c9211Schristos } 18645af53050Schristos 1865e0ea3921Schristos if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY 1866e0ea3921Schristos || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) { 18678fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1868e0ea3921Schristos return 0; 1869e0ea3921Schristos } 1870e0ea3921Schristos /* 1871e0ea3921Schristos * If we are a client and haven't received the ServerHello etc then we 1872e0ea3921Schristos * better do that 1873e0ea3921Schristos */ 1874e0ea3921Schristos ossl_statem_check_finish_init(s, 0); 1875e0ea3921Schristos 18765af53050Schristos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { 18775af53050Schristos struct ssl_async_args args; 1878e0ea3921Schristos int ret; 18795af53050Schristos 18805af53050Schristos args.s = s; 18815af53050Schristos args.buf = buf; 18825af53050Schristos args.num = num; 18835af53050Schristos args.type = READFUNC; 18845af53050Schristos args.f.func_read = s->method->ssl_read; 18855af53050Schristos 1886e0ea3921Schristos ret = ssl_start_async_job(s, &args, ssl_io_intern); 1887e0ea3921Schristos *readbytes = s->asyncrw; 1888e0ea3921Schristos return ret; 18895af53050Schristos } else { 1890e0ea3921Schristos return s->method->ssl_read(s, buf, num, readbytes); 18915af53050Schristos } 1892a89c9211Schristos } 1893a89c9211Schristos 1894e0ea3921Schristos int SSL_read(SSL *s, void *buf, int num) 1895e0ea3921Schristos { 1896e0ea3921Schristos int ret; 1897e0ea3921Schristos size_t readbytes; 1898e0ea3921Schristos 1899e0ea3921Schristos if (num < 0) { 19008fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH); 1901e0ea3921Schristos return -1; 1902e0ea3921Schristos } 1903e0ea3921Schristos 1904e0ea3921Schristos ret = ssl_read_internal(s, buf, (size_t)num, &readbytes); 1905e0ea3921Schristos 1906e0ea3921Schristos /* 1907e0ea3921Schristos * The cast is safe here because ret should be <= INT_MAX because num is 1908e0ea3921Schristos * <= INT_MAX 1909e0ea3921Schristos */ 1910e0ea3921Schristos if (ret > 0) 1911e0ea3921Schristos ret = (int)readbytes; 1912e0ea3921Schristos 1913e0ea3921Schristos return ret; 1914e0ea3921Schristos } 1915e0ea3921Schristos 1916e0ea3921Schristos int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes) 1917e0ea3921Schristos { 1918e0ea3921Schristos int ret = ssl_read_internal(s, buf, num, readbytes); 1919e0ea3921Schristos 1920e0ea3921Schristos if (ret < 0) 1921e0ea3921Schristos ret = 0; 1922e0ea3921Schristos return ret; 1923e0ea3921Schristos } 1924e0ea3921Schristos 1925e0ea3921Schristos int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) 1926e0ea3921Schristos { 1927e0ea3921Schristos int ret; 1928e0ea3921Schristos 1929e0ea3921Schristos if (!s->server) { 19308fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1931e0ea3921Schristos return SSL_READ_EARLY_DATA_ERROR; 1932e0ea3921Schristos } 1933e0ea3921Schristos 1934e0ea3921Schristos switch (s->early_data_state) { 1935e0ea3921Schristos case SSL_EARLY_DATA_NONE: 1936e0ea3921Schristos if (!SSL_in_before(s)) { 19378fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1938e0ea3921Schristos return SSL_READ_EARLY_DATA_ERROR; 1939e0ea3921Schristos } 1940e0ea3921Schristos /* fall through */ 1941e0ea3921Schristos 1942e0ea3921Schristos case SSL_EARLY_DATA_ACCEPT_RETRY: 1943e0ea3921Schristos s->early_data_state = SSL_EARLY_DATA_ACCEPTING; 1944e0ea3921Schristos ret = SSL_accept(s); 1945e0ea3921Schristos if (ret <= 0) { 1946e0ea3921Schristos /* NBIO or error */ 1947e0ea3921Schristos s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY; 1948e0ea3921Schristos return SSL_READ_EARLY_DATA_ERROR; 1949e0ea3921Schristos } 1950e0ea3921Schristos /* fall through */ 1951e0ea3921Schristos 1952e0ea3921Schristos case SSL_EARLY_DATA_READ_RETRY: 1953e0ea3921Schristos if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) { 1954e0ea3921Schristos s->early_data_state = SSL_EARLY_DATA_READING; 1955e0ea3921Schristos ret = SSL_read_ex(s, buf, num, readbytes); 1956e0ea3921Schristos /* 1957e0ea3921Schristos * State machine will update early_data_state to 1958e0ea3921Schristos * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData 1959e0ea3921Schristos * message 1960e0ea3921Schristos */ 1961e0ea3921Schristos if (ret > 0 || (ret <= 0 && s->early_data_state 1962e0ea3921Schristos != SSL_EARLY_DATA_FINISHED_READING)) { 1963e0ea3921Schristos s->early_data_state = SSL_EARLY_DATA_READ_RETRY; 1964e0ea3921Schristos return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS 1965e0ea3921Schristos : SSL_READ_EARLY_DATA_ERROR; 1966e0ea3921Schristos } 1967e0ea3921Schristos } else { 1968e0ea3921Schristos s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; 1969e0ea3921Schristos } 1970e0ea3921Schristos *readbytes = 0; 1971e0ea3921Schristos return SSL_READ_EARLY_DATA_FINISH; 1972e0ea3921Schristos 1973e0ea3921Schristos default: 19748fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1975e0ea3921Schristos return SSL_READ_EARLY_DATA_ERROR; 1976e0ea3921Schristos } 1977e0ea3921Schristos } 1978e0ea3921Schristos 1979e0ea3921Schristos int SSL_get_early_data_status(const SSL *s) 1980e0ea3921Schristos { 1981e0ea3921Schristos return s->ext.early_data; 1982e0ea3921Schristos } 1983e0ea3921Schristos 1984e0ea3921Schristos static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes) 1985a89c9211Schristos { 19865af53050Schristos if (s->handshake_func == NULL) { 19878fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 1988a89c9211Schristos return -1; 1989a89c9211Schristos } 1990a89c9211Schristos 19919cef71b6Sspz if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1992e0ea3921Schristos return 0; 1993a89c9211Schristos } 19945af53050Schristos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { 19955af53050Schristos struct ssl_async_args args; 1996e0ea3921Schristos int ret; 19975af53050Schristos 19985af53050Schristos args.s = s; 19995af53050Schristos args.buf = buf; 20005af53050Schristos args.num = num; 20015af53050Schristos args.type = READFUNC; 20025af53050Schristos args.f.func_read = s->method->ssl_peek; 20035af53050Schristos 2004e0ea3921Schristos ret = ssl_start_async_job(s, &args, ssl_io_intern); 2005e0ea3921Schristos *readbytes = s->asyncrw; 2006e0ea3921Schristos return ret; 20075af53050Schristos } else { 2008e0ea3921Schristos return s->method->ssl_peek(s, buf, num, readbytes); 20095af53050Schristos } 2010a89c9211Schristos } 2011a89c9211Schristos 2012e0ea3921Schristos int SSL_peek(SSL *s, void *buf, int num) 2013e0ea3921Schristos { 2014e0ea3921Schristos int ret; 2015e0ea3921Schristos size_t readbytes; 2016e0ea3921Schristos 2017e0ea3921Schristos if (num < 0) { 20188fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH); 2019e0ea3921Schristos return -1; 2020e0ea3921Schristos } 2021e0ea3921Schristos 2022e0ea3921Schristos ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes); 2023e0ea3921Schristos 2024e0ea3921Schristos /* 2025e0ea3921Schristos * The cast is safe here because ret should be <= INT_MAX because num is 2026e0ea3921Schristos * <= INT_MAX 2027e0ea3921Schristos */ 2028e0ea3921Schristos if (ret > 0) 2029e0ea3921Schristos ret = (int)readbytes; 2030e0ea3921Schristos 2031e0ea3921Schristos return ret; 2032e0ea3921Schristos } 2033e0ea3921Schristos 2034e0ea3921Schristos 2035e0ea3921Schristos int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes) 2036e0ea3921Schristos { 2037e0ea3921Schristos int ret = ssl_peek_internal(s, buf, num, readbytes); 2038e0ea3921Schristos 2039e0ea3921Schristos if (ret < 0) 2040e0ea3921Schristos ret = 0; 2041e0ea3921Schristos return ret; 2042e0ea3921Schristos } 2043e0ea3921Schristos 2044e0ea3921Schristos int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) 2045a89c9211Schristos { 20465af53050Schristos if (s->handshake_func == NULL) { 20478fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 2048a89c9211Schristos return -1; 2049a89c9211Schristos } 2050a89c9211Schristos 20519cef71b6Sspz if (s->shutdown & SSL_SENT_SHUTDOWN) { 2052a89c9211Schristos s->rwstate = SSL_NOTHING; 20538fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN); 2054e0ea3921Schristos return -1; 2055a89c9211Schristos } 20565af53050Schristos 2057e0ea3921Schristos if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY 2058e0ea3921Schristos || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY 2059e0ea3921Schristos || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) { 20608fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2061e0ea3921Schristos return 0; 2062e0ea3921Schristos } 2063e0ea3921Schristos /* If we are a client and haven't sent the Finished we better do that */ 2064e0ea3921Schristos ossl_statem_check_finish_init(s, 1); 2065e0ea3921Schristos 20665af53050Schristos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { 2067e0ea3921Schristos int ret; 20685af53050Schristos struct ssl_async_args args; 20695af53050Schristos 20705af53050Schristos args.s = s; 20715af53050Schristos args.buf = (void *)buf; 20725af53050Schristos args.num = num; 20735af53050Schristos args.type = WRITEFUNC; 20745af53050Schristos args.f.func_write = s->method->ssl_write; 20755af53050Schristos 2076e0ea3921Schristos ret = ssl_start_async_job(s, &args, ssl_io_intern); 2077e0ea3921Schristos *written = s->asyncrw; 2078e0ea3921Schristos return ret; 20795af53050Schristos } else { 2080e0ea3921Schristos return s->method->ssl_write(s, buf, num, written); 2081e0ea3921Schristos } 2082e0ea3921Schristos } 2083e0ea3921Schristos 20848fbed61eSchristos ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags) 20858fbed61eSchristos { 20868fbed61eSchristos ossl_ssize_t ret; 20878fbed61eSchristos 20888fbed61eSchristos if (s->handshake_func == NULL) { 20898fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 20908fbed61eSchristos return -1; 20918fbed61eSchristos } 20928fbed61eSchristos 20938fbed61eSchristos if (s->shutdown & SSL_SENT_SHUTDOWN) { 20948fbed61eSchristos s->rwstate = SSL_NOTHING; 20958fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN); 20968fbed61eSchristos return -1; 20978fbed61eSchristos } 20988fbed61eSchristos 20998fbed61eSchristos if (!BIO_get_ktls_send(s->wbio)) { 21008fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 21018fbed61eSchristos return -1; 21028fbed61eSchristos } 21038fbed61eSchristos 21048fbed61eSchristos /* If we have an alert to send, lets send it */ 21058fbed61eSchristos if (s->s3.alert_dispatch) { 21068fbed61eSchristos ret = (ossl_ssize_t)s->method->ssl_dispatch_alert(s); 21078fbed61eSchristos if (ret <= 0) { 21088fbed61eSchristos /* SSLfatal() already called if appropriate */ 21098fbed61eSchristos return ret; 21108fbed61eSchristos } 21118fbed61eSchristos /* if it went, fall through and send more stuff */ 21128fbed61eSchristos } 21138fbed61eSchristos 21148fbed61eSchristos s->rwstate = SSL_WRITING; 21158fbed61eSchristos if (BIO_flush(s->wbio) <= 0) { 21168fbed61eSchristos if (!BIO_should_retry(s->wbio)) { 21178fbed61eSchristos s->rwstate = SSL_NOTHING; 21188fbed61eSchristos } else { 21198fbed61eSchristos #ifdef EAGAIN 21208fbed61eSchristos set_sys_error(EAGAIN); 21218fbed61eSchristos #endif 21228fbed61eSchristos } 21238fbed61eSchristos return -1; 21248fbed61eSchristos } 21258fbed61eSchristos 21268fbed61eSchristos #ifdef OPENSSL_NO_KTLS 21278fbed61eSchristos ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR, 21288fbed61eSchristos "can't call ktls_sendfile(), ktls disabled"); 21298fbed61eSchristos return -1; 21308fbed61eSchristos #else 21318fbed61eSchristos ret = ktls_sendfile(SSL_get_wfd(s), fd, offset, size, flags); 21328fbed61eSchristos if (ret < 0) { 21338fbed61eSchristos #if defined(EAGAIN) && defined(EINTR) && defined(EBUSY) 21348fbed61eSchristos if ((get_last_sys_error() == EAGAIN) || 21358fbed61eSchristos (get_last_sys_error() == EINTR) || 21368fbed61eSchristos (get_last_sys_error() == EBUSY)) 21378fbed61eSchristos BIO_set_retry_write(s->wbio); 21388fbed61eSchristos else 21398fbed61eSchristos #endif 21408fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 21418fbed61eSchristos return ret; 21428fbed61eSchristos } 21438fbed61eSchristos s->rwstate = SSL_NOTHING; 21448fbed61eSchristos return ret; 21458fbed61eSchristos #endif 21468fbed61eSchristos } 21478fbed61eSchristos 2148e0ea3921Schristos int SSL_write(SSL *s, const void *buf, int num) 2149e0ea3921Schristos { 2150e0ea3921Schristos int ret; 2151e0ea3921Schristos size_t written; 2152e0ea3921Schristos 2153e0ea3921Schristos if (num < 0) { 21548fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH); 2155e0ea3921Schristos return -1; 2156e0ea3921Schristos } 2157e0ea3921Schristos 2158e0ea3921Schristos ret = ssl_write_internal(s, buf, (size_t)num, &written); 2159e0ea3921Schristos 2160e0ea3921Schristos /* 2161e0ea3921Schristos * The cast is safe here because ret should be <= INT_MAX because num is 2162e0ea3921Schristos * <= INT_MAX 2163e0ea3921Schristos */ 2164e0ea3921Schristos if (ret > 0) 2165e0ea3921Schristos ret = (int)written; 2166e0ea3921Schristos 2167e0ea3921Schristos return ret; 2168e0ea3921Schristos } 2169e0ea3921Schristos 2170e0ea3921Schristos int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written) 2171e0ea3921Schristos { 2172e0ea3921Schristos int ret = ssl_write_internal(s, buf, num, written); 2173e0ea3921Schristos 2174e0ea3921Schristos if (ret < 0) 2175e0ea3921Schristos ret = 0; 2176e0ea3921Schristos return ret; 2177e0ea3921Schristos } 2178e0ea3921Schristos 2179e0ea3921Schristos int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) 2180e0ea3921Schristos { 2181e0ea3921Schristos int ret, early_data_state; 2182e0ea3921Schristos size_t writtmp; 2183e0ea3921Schristos uint32_t partialwrite; 2184e0ea3921Schristos 2185e0ea3921Schristos switch (s->early_data_state) { 2186e0ea3921Schristos case SSL_EARLY_DATA_NONE: 2187e0ea3921Schristos if (s->server 2188e0ea3921Schristos || !SSL_in_before(s) 2189e0ea3921Schristos || ((s->session == NULL || s->session->ext.max_early_data == 0) 2190e0ea3921Schristos && (s->psk_use_session_cb == NULL))) { 21918fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2192e0ea3921Schristos return 0; 2193e0ea3921Schristos } 2194e0ea3921Schristos /* fall through */ 2195e0ea3921Schristos 2196e0ea3921Schristos case SSL_EARLY_DATA_CONNECT_RETRY: 2197e0ea3921Schristos s->early_data_state = SSL_EARLY_DATA_CONNECTING; 2198e0ea3921Schristos ret = SSL_connect(s); 2199e0ea3921Schristos if (ret <= 0) { 2200e0ea3921Schristos /* NBIO or error */ 2201e0ea3921Schristos s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY; 2202e0ea3921Schristos return 0; 2203e0ea3921Schristos } 2204e0ea3921Schristos /* fall through */ 2205e0ea3921Schristos 2206e0ea3921Schristos case SSL_EARLY_DATA_WRITE_RETRY: 2207e0ea3921Schristos s->early_data_state = SSL_EARLY_DATA_WRITING; 2208e0ea3921Schristos /* 2209e0ea3921Schristos * We disable partial write for early data because we don't keep track 2210e0ea3921Schristos * of how many bytes we've written between the SSL_write_ex() call and 2211e0ea3921Schristos * the flush if the flush needs to be retried) 2212e0ea3921Schristos */ 2213e0ea3921Schristos partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE; 2214e0ea3921Schristos s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE; 2215e0ea3921Schristos ret = SSL_write_ex(s, buf, num, &writtmp); 2216e0ea3921Schristos s->mode |= partialwrite; 2217e0ea3921Schristos if (!ret) { 2218e0ea3921Schristos s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; 2219e0ea3921Schristos return ret; 2220e0ea3921Schristos } 2221e0ea3921Schristos s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH; 2222e0ea3921Schristos /* fall through */ 2223e0ea3921Schristos 2224e0ea3921Schristos case SSL_EARLY_DATA_WRITE_FLUSH: 2225e0ea3921Schristos /* The buffering BIO is still in place so we need to flush it */ 2226e0ea3921Schristos if (statem_flush(s) != 1) 2227e0ea3921Schristos return 0; 2228e0ea3921Schristos *written = num; 2229e0ea3921Schristos s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; 2230e0ea3921Schristos return 1; 2231e0ea3921Schristos 2232e0ea3921Schristos case SSL_EARLY_DATA_FINISHED_READING: 2233e0ea3921Schristos case SSL_EARLY_DATA_READ_RETRY: 2234e0ea3921Schristos early_data_state = s->early_data_state; 2235e0ea3921Schristos /* We are a server writing to an unauthenticated client */ 2236e0ea3921Schristos s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING; 2237e0ea3921Schristos ret = SSL_write_ex(s, buf, num, written); 2238e0ea3921Schristos /* The buffering BIO is still in place */ 2239e0ea3921Schristos if (ret) 2240e0ea3921Schristos (void)BIO_flush(s->wbio); 2241e0ea3921Schristos s->early_data_state = early_data_state; 2242e0ea3921Schristos return ret; 2243e0ea3921Schristos 2244e0ea3921Schristos default: 22458fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2246e0ea3921Schristos return 0; 22475af53050Schristos } 2248a89c9211Schristos } 2249a89c9211Schristos 2250a89c9211Schristos int SSL_shutdown(SSL *s) 2251a89c9211Schristos { 22529cef71b6Sspz /* 22539cef71b6Sspz * Note that this function behaves differently from what one might 22549cef71b6Sspz * expect. Return values are 0 for no success (yet), 1 for success; but 22559cef71b6Sspz * calling it once is usually not enough, even if blocking I/O is used 22569cef71b6Sspz * (see ssl3_shutdown). 2257a89c9211Schristos */ 2258a89c9211Schristos 22595af53050Schristos if (s->handshake_func == NULL) { 22608fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 2261a89c9211Schristos return -1; 2262a89c9211Schristos } 2263a89c9211Schristos 226431b855a0Sspz if (!SSL_in_init(s)) { 22655af53050Schristos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { 22665af53050Schristos struct ssl_async_args args; 22675af53050Schristos 2268be43b372Schristos memset(&args, 0, sizeof(args)); 22695af53050Schristos args.s = s; 22705af53050Schristos args.type = OTHERFUNC; 22715af53050Schristos args.f.func_other = s->method->ssl_shutdown; 22725af53050Schristos 22735af53050Schristos return ssl_start_async_job(s, &args, ssl_io_intern); 22745af53050Schristos } else { 227531b855a0Sspz return s->method->ssl_shutdown(s); 22765af53050Schristos } 227731b855a0Sspz } else { 22788fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT); 227931b855a0Sspz return -1; 228031b855a0Sspz } 2281a89c9211Schristos } 2282a89c9211Schristos 2283e0ea3921Schristos int SSL_key_update(SSL *s, int updatetype) 2284e0ea3921Schristos { 2285e0ea3921Schristos if (!SSL_IS_TLS13(s)) { 22868fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION); 2287e0ea3921Schristos return 0; 2288e0ea3921Schristos } 2289e0ea3921Schristos 2290e0ea3921Schristos if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED 2291e0ea3921Schristos && updatetype != SSL_KEY_UPDATE_REQUESTED) { 22928fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_KEY_UPDATE_TYPE); 2293e0ea3921Schristos return 0; 2294e0ea3921Schristos } 2295e0ea3921Schristos 2296e0ea3921Schristos if (!SSL_is_init_finished(s)) { 22978fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT); 2298e0ea3921Schristos return 0; 2299e0ea3921Schristos } 2300e0ea3921Schristos 2301fb48e4b2Schristos if (RECORD_LAYER_write_pending(&s->rlayer)) { 23028fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY); 2303fb48e4b2Schristos return 0; 2304fb48e4b2Schristos } 2305fb48e4b2Schristos 2306e0ea3921Schristos ossl_statem_set_in_init(s, 1); 2307e0ea3921Schristos s->key_update = updatetype; 2308e0ea3921Schristos return 1; 2309e0ea3921Schristos } 2310e0ea3921Schristos 231165b9e620Schristos int SSL_get_key_update_type(const SSL *s) 2312e0ea3921Schristos { 2313e0ea3921Schristos return s->key_update; 2314e0ea3921Schristos } 2315e0ea3921Schristos 23168fbed61eSchristos /* 23178fbed61eSchristos * Can we accept a renegotiation request? If yes, set the flag and 23188fbed61eSchristos * return 1 if yes. If not, raise error and return 0. 23198fbed61eSchristos */ 23208fbed61eSchristos static int can_renegotiate(const SSL *s) 2321a89c9211Schristos { 2322e0ea3921Schristos if (SSL_IS_TLS13(s)) { 23238fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION); 2324e0ea3921Schristos return 0; 2325e0ea3921Schristos } 2326e0ea3921Schristos 23278fbed61eSchristos if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) { 23288fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION); 232978327f04Schristos return 0; 233078327f04Schristos } 233178327f04Schristos 23328fbed61eSchristos return 1; 23338fbed61eSchristos } 23348fbed61eSchristos 23358fbed61eSchristos int SSL_renegotiate(SSL *s) 23368fbed61eSchristos { 23378fbed61eSchristos if (!can_renegotiate(s)) 23388fbed61eSchristos return 0; 23398fbed61eSchristos 23404e3dcb23Sspz s->renegotiate = 1; 2341a89c9211Schristos s->new_session = 1; 2342e0ea3921Schristos return s->method->ssl_renegotiate(s); 2343a89c9211Schristos } 23444e3dcb23Sspz 23454e3dcb23Sspz int SSL_renegotiate_abbreviated(SSL *s) 23464e3dcb23Sspz { 23478fbed61eSchristos if (!can_renegotiate(s)) 2348e0ea3921Schristos return 0; 234978327f04Schristos 23504e3dcb23Sspz s->renegotiate = 1; 23514e3dcb23Sspz s->new_session = 0; 2352e0ea3921Schristos return s->method->ssl_renegotiate(s); 2353a89c9211Schristos } 2354a89c9211Schristos 235565b9e620Schristos int SSL_renegotiate_pending(const SSL *s) 2356a89c9211Schristos { 23579cef71b6Sspz /* 23589cef71b6Sspz * becomes true when negotiation is requested; false again once a 23599cef71b6Sspz * handshake has finished 23609cef71b6Sspz */ 23614e3dcb23Sspz return (s->renegotiate != 0); 2362a89c9211Schristos } 2363a89c9211Schristos 23648fbed61eSchristos int SSL_new_session_ticket(SSL *s) 23658fbed61eSchristos { 23668fbed61eSchristos /* If we are in init because we're sending tickets, okay to send more. */ 23678fbed61eSchristos if ((SSL_in_init(s) && s->ext.extra_tickets_expected == 0) 23688fbed61eSchristos || SSL_IS_FIRST_HANDSHAKE(s) || !s->server 23698fbed61eSchristos || !SSL_IS_TLS13(s)) 23708fbed61eSchristos return 0; 23718fbed61eSchristos s->ext.extra_tickets_expected++; 23728fbed61eSchristos if (!RECORD_LAYER_write_pending(&s->rlayer) && !SSL_in_init(s)) 23738fbed61eSchristos ossl_statem_set_in_init(s, 1); 23748fbed61eSchristos return 1; 23758fbed61eSchristos } 23768fbed61eSchristos 2377a89c9211Schristos long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) 2378a89c9211Schristos { 2379a89c9211Schristos long l; 2380a89c9211Schristos 23819cef71b6Sspz switch (cmd) { 2382a89c9211Schristos case SSL_CTRL_GET_READ_AHEAD: 2383e0ea3921Schristos return RECORD_LAYER_get_read_ahead(&s->rlayer); 2384a89c9211Schristos case SSL_CTRL_SET_READ_AHEAD: 23855af53050Schristos l = RECORD_LAYER_get_read_ahead(&s->rlayer); 23865af53050Schristos RECORD_LAYER_set_read_ahead(&s->rlayer, larg); 2387e0ea3921Schristos return l; 2388a89c9211Schristos 2389a89c9211Schristos case SSL_CTRL_SET_MSG_CALLBACK_ARG: 2390a89c9211Schristos s->msg_callback_arg = parg; 2391a89c9211Schristos return 1; 2392a89c9211Schristos 2393a89c9211Schristos case SSL_CTRL_MODE: 2394a89c9211Schristos return (s->mode |= larg); 2395cef2ee70Schristos case SSL_CTRL_CLEAR_MODE: 2396cef2ee70Schristos return (s->mode &= ~larg); 2397a89c9211Schristos case SSL_CTRL_GET_MAX_CERT_LIST: 2398e0ea3921Schristos return (long)s->max_cert_list; 2399a89c9211Schristos case SSL_CTRL_SET_MAX_CERT_LIST: 2400e0ea3921Schristos if (larg < 0) 2401e0ea3921Schristos return 0; 2402e0ea3921Schristos l = (long)s->max_cert_list; 2403e0ea3921Schristos s->max_cert_list = (size_t)larg; 2404e0ea3921Schristos return l; 2405a89c9211Schristos case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 2406a89c9211Schristos if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 2407a89c9211Schristos return 0; 24088fbed61eSchristos #ifndef OPENSSL_NO_KTLS 24098fbed61eSchristos if (s->wbio != NULL && BIO_get_ktls_send(s->wbio)) 24108fbed61eSchristos return 0; 24118fbed61eSchristos #endif /* OPENSSL_NO_KTLS */ 2412a89c9211Schristos s->max_send_fragment = larg; 24135af53050Schristos if (s->max_send_fragment < s->split_send_fragment) 24145af53050Schristos s->split_send_fragment = s->max_send_fragment; 24155af53050Schristos return 1; 24165af53050Schristos case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: 2417e0ea3921Schristos if ((size_t)larg > s->max_send_fragment || larg == 0) 24185af53050Schristos return 0; 24195af53050Schristos s->split_send_fragment = larg; 24205af53050Schristos return 1; 24215af53050Schristos case SSL_CTRL_SET_MAX_PIPELINES: 24225af53050Schristos if (larg < 1 || larg > SSL_MAX_PIPELINES) 24235af53050Schristos return 0; 24245af53050Schristos s->max_pipelines = larg; 24255af53050Schristos if (larg > 1) 24265af53050Schristos RECORD_LAYER_set_read_ahead(&s->rlayer, 1); 2427a89c9211Schristos return 1; 2428cef2ee70Schristos case SSL_CTRL_GET_RI_SUPPORT: 24298fbed61eSchristos return s->s3.send_connection_binding; 24308fbed61eSchristos case SSL_CTRL_SET_RETRY_VERIFY: 24318fbed61eSchristos s->rwstate = SSL_RETRY_VERIFY; 24328fbed61eSchristos return 1; 243331b855a0Sspz case SSL_CTRL_CERT_FLAGS: 243431b855a0Sspz return (s->cert->cert_flags |= larg); 243531b855a0Sspz case SSL_CTRL_CLEAR_CERT_FLAGS: 243631b855a0Sspz return (s->cert->cert_flags &= ~larg); 243731b855a0Sspz 243831b855a0Sspz case SSL_CTRL_GET_RAW_CIPHERLIST: 243931b855a0Sspz if (parg) { 24408fbed61eSchristos if (s->s3.tmp.ciphers_raw == NULL) 244131b855a0Sspz return 0; 24428fbed61eSchristos *(unsigned char **)parg = s->s3.tmp.ciphers_raw; 24438fbed61eSchristos return (int)s->s3.tmp.ciphers_rawlen; 24445af53050Schristos } else { 24455af53050Schristos return TLS_CIPHER_LEN; 24465af53050Schristos } 24475af53050Schristos case SSL_CTRL_GET_EXTMS_SUPPORT: 24485af53050Schristos if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s)) 24495af53050Schristos return -1; 24505af53050Schristos if (s->session->flags & SSL_SESS_FLAG_EXTMS) 24515af53050Schristos return 1; 24525af53050Schristos else 24535af53050Schristos return 0; 24545af53050Schristos case SSL_CTRL_SET_MIN_PROTO_VERSION: 24555af53050Schristos return ssl_check_allowed_versions(larg, s->max_proto_version) 24565af53050Schristos && ssl_set_version_bound(s->ctx->method->version, (int)larg, 24575af53050Schristos &s->min_proto_version); 24585af53050Schristos case SSL_CTRL_GET_MIN_PROTO_VERSION: 24595af53050Schristos return s->min_proto_version; 24605af53050Schristos case SSL_CTRL_SET_MAX_PROTO_VERSION: 24615af53050Schristos return ssl_check_allowed_versions(s->min_proto_version, larg) 24625af53050Schristos && ssl_set_version_bound(s->ctx->method->version, (int)larg, 24635af53050Schristos &s->max_proto_version); 24645af53050Schristos case SSL_CTRL_GET_MAX_PROTO_VERSION: 24655af53050Schristos return s->max_proto_version; 2466a89c9211Schristos default: 2467e0ea3921Schristos return s->method->ssl_ctrl(s, cmd, larg, parg); 2468a89c9211Schristos } 2469a89c9211Schristos } 2470a89c9211Schristos 2471a89c9211Schristos long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) 2472a89c9211Schristos { 24739cef71b6Sspz switch (cmd) { 2474a89c9211Schristos case SSL_CTRL_SET_MSG_CALLBACK: 24759cef71b6Sspz s->msg_callback = (void (*) 24769cef71b6Sspz (int write_p, int version, int content_type, 24779cef71b6Sspz const void *buf, size_t len, SSL *ssl, 24789cef71b6Sspz void *arg))(fp); 2479a89c9211Schristos return 1; 2480a89c9211Schristos 2481a89c9211Schristos default: 2482e0ea3921Schristos return s->method->ssl_callback_ctrl(s, cmd, fp); 2483a89c9211Schristos } 2484a89c9211Schristos } 2485a89c9211Schristos 2486a89c9211Schristos LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) 2487a89c9211Schristos { 2488a89c9211Schristos return ctx->sessions; 2489a89c9211Schristos } 2490a89c9211Schristos 24918fbed61eSchristos static int ssl_tsan_load(SSL_CTX *ctx, TSAN_QUALIFIER int *stat) 24928fbed61eSchristos { 24938fbed61eSchristos int res = 0; 24948fbed61eSchristos 24958fbed61eSchristos if (ssl_tsan_lock(ctx)) { 24968fbed61eSchristos res = tsan_load(stat); 24978fbed61eSchristos ssl_tsan_unlock(ctx); 24988fbed61eSchristos } 24998fbed61eSchristos return res; 25008fbed61eSchristos } 25018fbed61eSchristos 2502a89c9211Schristos long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 2503a89c9211Schristos { 2504a89c9211Schristos long l; 250531b855a0Sspz /* For some cases with ctx == NULL perform syntax checks */ 250631b855a0Sspz if (ctx == NULL) { 250731b855a0Sspz switch (cmd) { 2508e0ea3921Schristos case SSL_CTRL_SET_GROUPS_LIST: 25098fbed61eSchristos return tls1_set_groups_list(ctx, NULL, NULL, parg); 251031b855a0Sspz case SSL_CTRL_SET_SIGALGS_LIST: 251131b855a0Sspz case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: 251231b855a0Sspz return tls1_set_sigalgs_list(NULL, parg, 0); 251331b855a0Sspz default: 251431b855a0Sspz return 0; 251531b855a0Sspz } 251631b855a0Sspz } 2517a89c9211Schristos 25189cef71b6Sspz switch (cmd) { 2519a89c9211Schristos case SSL_CTRL_GET_READ_AHEAD: 2520e0ea3921Schristos return ctx->read_ahead; 2521a89c9211Schristos case SSL_CTRL_SET_READ_AHEAD: 2522a89c9211Schristos l = ctx->read_ahead; 2523a89c9211Schristos ctx->read_ahead = larg; 2524e0ea3921Schristos return l; 2525a89c9211Schristos 2526a89c9211Schristos case SSL_CTRL_SET_MSG_CALLBACK_ARG: 2527a89c9211Schristos ctx->msg_callback_arg = parg; 2528a89c9211Schristos return 1; 2529a89c9211Schristos 2530a89c9211Schristos case SSL_CTRL_GET_MAX_CERT_LIST: 2531e0ea3921Schristos return (long)ctx->max_cert_list; 2532a89c9211Schristos case SSL_CTRL_SET_MAX_CERT_LIST: 2533e0ea3921Schristos if (larg < 0) 2534e0ea3921Schristos return 0; 2535e0ea3921Schristos l = (long)ctx->max_cert_list; 2536e0ea3921Schristos ctx->max_cert_list = (size_t)larg; 2537e0ea3921Schristos return l; 2538a89c9211Schristos 2539a89c9211Schristos case SSL_CTRL_SET_SESS_CACHE_SIZE: 2540e0ea3921Schristos if (larg < 0) 2541e0ea3921Schristos return 0; 2542e0ea3921Schristos l = (long)ctx->session_cache_size; 2543e0ea3921Schristos ctx->session_cache_size = (size_t)larg; 2544e0ea3921Schristos return l; 2545a89c9211Schristos case SSL_CTRL_GET_SESS_CACHE_SIZE: 2546e0ea3921Schristos return (long)ctx->session_cache_size; 2547a89c9211Schristos case SSL_CTRL_SET_SESS_CACHE_MODE: 2548a89c9211Schristos l = ctx->session_cache_mode; 2549a89c9211Schristos ctx->session_cache_mode = larg; 2550e0ea3921Schristos return l; 2551a89c9211Schristos case SSL_CTRL_GET_SESS_CACHE_MODE: 2552e0ea3921Schristos return ctx->session_cache_mode; 2553a89c9211Schristos 2554a89c9211Schristos case SSL_CTRL_SESS_NUMBER: 2555e0ea3921Schristos return lh_SSL_SESSION_num_items(ctx->sessions); 2556a89c9211Schristos case SSL_CTRL_SESS_CONNECT: 25578fbed61eSchristos return ssl_tsan_load(ctx, &ctx->stats.sess_connect); 2558a89c9211Schristos case SSL_CTRL_SESS_CONNECT_GOOD: 25598fbed61eSchristos return ssl_tsan_load(ctx, &ctx->stats.sess_connect_good); 2560a89c9211Schristos case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: 25618fbed61eSchristos return ssl_tsan_load(ctx, &ctx->stats.sess_connect_renegotiate); 2562a89c9211Schristos case SSL_CTRL_SESS_ACCEPT: 25638fbed61eSchristos return ssl_tsan_load(ctx, &ctx->stats.sess_accept); 2564a89c9211Schristos case SSL_CTRL_SESS_ACCEPT_GOOD: 25658fbed61eSchristos return ssl_tsan_load(ctx, &ctx->stats.sess_accept_good); 2566a89c9211Schristos case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: 25678fbed61eSchristos return ssl_tsan_load(ctx, &ctx->stats.sess_accept_renegotiate); 2568a89c9211Schristos case SSL_CTRL_SESS_HIT: 25698fbed61eSchristos return ssl_tsan_load(ctx, &ctx->stats.sess_hit); 2570a89c9211Schristos case SSL_CTRL_SESS_CB_HIT: 25718fbed61eSchristos return ssl_tsan_load(ctx, &ctx->stats.sess_cb_hit); 2572a89c9211Schristos case SSL_CTRL_SESS_MISSES: 25738fbed61eSchristos return ssl_tsan_load(ctx, &ctx->stats.sess_miss); 2574a89c9211Schristos case SSL_CTRL_SESS_TIMEOUTS: 25758fbed61eSchristos return ssl_tsan_load(ctx, &ctx->stats.sess_timeout); 2576a89c9211Schristos case SSL_CTRL_SESS_CACHE_FULL: 25778fbed61eSchristos return ssl_tsan_load(ctx, &ctx->stats.sess_cache_full); 2578a89c9211Schristos case SSL_CTRL_MODE: 2579a89c9211Schristos return (ctx->mode |= larg); 2580cef2ee70Schristos case SSL_CTRL_CLEAR_MODE: 2581cef2ee70Schristos return (ctx->mode &= ~larg); 2582a89c9211Schristos case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 2583a89c9211Schristos if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 2584a89c9211Schristos return 0; 2585a89c9211Schristos ctx->max_send_fragment = larg; 25865af53050Schristos if (ctx->max_send_fragment < ctx->split_send_fragment) 25875af53050Schristos ctx->split_send_fragment = ctx->max_send_fragment; 25885af53050Schristos return 1; 25895af53050Schristos case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: 2590e0ea3921Schristos if ((size_t)larg > ctx->max_send_fragment || larg == 0) 25915af53050Schristos return 0; 25925af53050Schristos ctx->split_send_fragment = larg; 25935af53050Schristos return 1; 25945af53050Schristos case SSL_CTRL_SET_MAX_PIPELINES: 25955af53050Schristos if (larg < 1 || larg > SSL_MAX_PIPELINES) 25965af53050Schristos return 0; 25975af53050Schristos ctx->max_pipelines = larg; 2598a89c9211Schristos return 1; 259931b855a0Sspz case SSL_CTRL_CERT_FLAGS: 260031b855a0Sspz return (ctx->cert->cert_flags |= larg); 260131b855a0Sspz case SSL_CTRL_CLEAR_CERT_FLAGS: 260231b855a0Sspz return (ctx->cert->cert_flags &= ~larg); 26035af53050Schristos case SSL_CTRL_SET_MIN_PROTO_VERSION: 26045af53050Schristos return ssl_check_allowed_versions(larg, ctx->max_proto_version) 26055af53050Schristos && ssl_set_version_bound(ctx->method->version, (int)larg, 26065af53050Schristos &ctx->min_proto_version); 26075af53050Schristos case SSL_CTRL_GET_MIN_PROTO_VERSION: 26085af53050Schristos return ctx->min_proto_version; 26095af53050Schristos case SSL_CTRL_SET_MAX_PROTO_VERSION: 26105af53050Schristos return ssl_check_allowed_versions(ctx->min_proto_version, larg) 26115af53050Schristos && ssl_set_version_bound(ctx->method->version, (int)larg, 26125af53050Schristos &ctx->max_proto_version); 26135af53050Schristos case SSL_CTRL_GET_MAX_PROTO_VERSION: 26145af53050Schristos return ctx->max_proto_version; 2615a89c9211Schristos default: 2616e0ea3921Schristos return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg); 2617a89c9211Schristos } 2618a89c9211Schristos } 2619a89c9211Schristos 2620a89c9211Schristos long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) 2621a89c9211Schristos { 26229cef71b6Sspz switch (cmd) { 2623a89c9211Schristos case SSL_CTRL_SET_MSG_CALLBACK: 26249cef71b6Sspz ctx->msg_callback = (void (*) 26259cef71b6Sspz (int write_p, int version, int content_type, 26269cef71b6Sspz const void *buf, size_t len, SSL *ssl, 26279cef71b6Sspz void *arg))(fp); 2628a89c9211Schristos return 1; 2629a89c9211Schristos 2630a89c9211Schristos default: 2631e0ea3921Schristos return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp); 2632a89c9211Schristos } 2633a89c9211Schristos } 2634a89c9211Schristos 2635a89c9211Schristos int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) 2636a89c9211Schristos { 26375af53050Schristos if (a->id > b->id) 26385af53050Schristos return 1; 26395af53050Schristos if (a->id < b->id) 26405af53050Schristos return -1; 26415af53050Schristos return 0; 2642a89c9211Schristos } 2643a89c9211Schristos 2644a89c9211Schristos int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, 2645a89c9211Schristos const SSL_CIPHER *const *bp) 2646a89c9211Schristos { 26475af53050Schristos if ((*ap)->id > (*bp)->id) 26485af53050Schristos return 1; 26495af53050Schristos if ((*ap)->id < (*bp)->id) 26505af53050Schristos return -1; 26515af53050Schristos return 0; 2652a89c9211Schristos } 2653a89c9211Schristos 2654a89c9211Schristos /** return a STACK of the ciphers available for the SSL and in order of 2655a89c9211Schristos * preference */ 2656a89c9211Schristos STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) 2657a89c9211Schristos { 26589cef71b6Sspz if (s != NULL) { 26599cef71b6Sspz if (s->cipher_list != NULL) { 2660e0ea3921Schristos return s->cipher_list; 26619cef71b6Sspz } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) { 2662e0ea3921Schristos return s->ctx->cipher_list; 2663a89c9211Schristos } 2664a89c9211Schristos } 2665e0ea3921Schristos return NULL; 2666a89c9211Schristos } 2667a89c9211Schristos 26685af53050Schristos STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s) 26695af53050Schristos { 2670403eeac4Schristos if ((s == NULL) || !s->server) 26715af53050Schristos return NULL; 2672403eeac4Schristos return s->peer_ciphers; 26735af53050Schristos } 26745af53050Schristos 26755af53050Schristos STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) 26765af53050Schristos { 26775af53050Schristos STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers; 26785af53050Schristos int i; 2679e0ea3921Schristos 26805af53050Schristos ciphers = SSL_get_ciphers(s); 26815af53050Schristos if (!ciphers) 26825af53050Schristos return NULL; 2683e0ea3921Schristos if (!ssl_set_client_disabled(s)) 2684e0ea3921Schristos return NULL; 26855af53050Schristos for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 26865af53050Schristos const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); 26875af53050Schristos if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) { 26885af53050Schristos if (!sk) 26895af53050Schristos sk = sk_SSL_CIPHER_new_null(); 26905af53050Schristos if (!sk) 26915af53050Schristos return NULL; 26925af53050Schristos if (!sk_SSL_CIPHER_push(sk, c)) { 26935af53050Schristos sk_SSL_CIPHER_free(sk); 26945af53050Schristos return NULL; 26955af53050Schristos } 26965af53050Schristos } 26975af53050Schristos } 26985af53050Schristos return sk; 26995af53050Schristos } 27005af53050Schristos 2701a89c9211Schristos /** return a STACK of the ciphers available for the SSL and in order of 2702a89c9211Schristos * algorithm id */ 2703a89c9211Schristos STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) 2704a89c9211Schristos { 27059cef71b6Sspz if (s != NULL) { 27069cef71b6Sspz if (s->cipher_list_by_id != NULL) { 2707e0ea3921Schristos return s->cipher_list_by_id; 27089cef71b6Sspz } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) { 2709e0ea3921Schristos return s->ctx->cipher_list_by_id; 2710a89c9211Schristos } 2711a89c9211Schristos } 2712e0ea3921Schristos return NULL; 2713a89c9211Schristos } 2714a89c9211Schristos 2715a89c9211Schristos /** The old interface to get the same thing as SSL_get_ciphers() */ 2716a89c9211Schristos const char *SSL_get_cipher_list(const SSL *s, int n) 2717a89c9211Schristos { 27185af53050Schristos const SSL_CIPHER *c; 2719a89c9211Schristos STACK_OF(SSL_CIPHER) *sk; 2720a89c9211Schristos 27219cef71b6Sspz if (s == NULL) 2722e0ea3921Schristos return NULL; 2723a89c9211Schristos sk = SSL_get_ciphers(s); 2724a89c9211Schristos if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) 2725e0ea3921Schristos return NULL; 2726a89c9211Schristos c = sk_SSL_CIPHER_value(sk, n); 27279cef71b6Sspz if (c == NULL) 2728e0ea3921Schristos return NULL; 2729e0ea3921Schristos return c->name; 2730a89c9211Schristos } 2731a89c9211Schristos 27325af53050Schristos /** return a STACK of the ciphers available for the SSL_CTX and in order of 27335af53050Schristos * preference */ 27345af53050Schristos STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) 27355af53050Schristos { 27365af53050Schristos if (ctx != NULL) 27375af53050Schristos return ctx->cipher_list; 27385af53050Schristos return NULL; 27395af53050Schristos } 27405af53050Schristos 274165b9e620Schristos /* 274265b9e620Schristos * Distinguish between ciphers controlled by set_ciphersuite() and 274365b9e620Schristos * set_cipher_list() when counting. 274465b9e620Schristos */ 274565b9e620Schristos static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk) 274665b9e620Schristos { 274765b9e620Schristos int i, num = 0; 274865b9e620Schristos const SSL_CIPHER *c; 274965b9e620Schristos 275065b9e620Schristos if (sk == NULL) 275165b9e620Schristos return 0; 275265b9e620Schristos for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { 275365b9e620Schristos c = sk_SSL_CIPHER_value(sk, i); 275465b9e620Schristos if (c->min_tls >= TLS1_3_VERSION) 275565b9e620Schristos continue; 275665b9e620Schristos num++; 275765b9e620Schristos } 275865b9e620Schristos return num; 275965b9e620Schristos } 276065b9e620Schristos 2761a89c9211Schristos /** specify the ciphers to be used by default by the SSL_CTX */ 2762a89c9211Schristos int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) 2763a89c9211Schristos { 2764a89c9211Schristos STACK_OF(SSL_CIPHER) *sk; 2765a89c9211Schristos 27668fbed61eSchristos sk = ssl_create_cipher_list(ctx, ctx->tls13_ciphersuites, 2767e0ea3921Schristos &ctx->cipher_list, &ctx->cipher_list_by_id, str, 2768e0ea3921Schristos ctx->cert); 27699cef71b6Sspz /* 27709cef71b6Sspz * ssl_create_cipher_list may return an empty stack if it was unable to 27719cef71b6Sspz * find a cipher matching the given rule string (for example if the rule 27729cef71b6Sspz * string specifies a cipher which has been disabled). This is not an 27739cef71b6Sspz * error as far as ssl_create_cipher_list is concerned, and hence 27749cef71b6Sspz * ctx->cipher_list and ctx->cipher_list_by_id has been updated. 27759cef71b6Sspz */ 2776a89c9211Schristos if (sk == NULL) 2777a89c9211Schristos return 0; 277865b9e620Schristos else if (cipher_list_tls12_num(sk) == 0) { 27798fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH); 2780a89c9211Schristos return 0; 2781a89c9211Schristos } 2782a89c9211Schristos return 1; 2783a89c9211Schristos } 2784a89c9211Schristos 2785a89c9211Schristos /** specify the ciphers to be used by the SSL */ 2786a89c9211Schristos int SSL_set_cipher_list(SSL *s, const char *str) 2787a89c9211Schristos { 2788a89c9211Schristos STACK_OF(SSL_CIPHER) *sk; 2789a89c9211Schristos 27908fbed61eSchristos sk = ssl_create_cipher_list(s->ctx, s->tls13_ciphersuites, 2791e0ea3921Schristos &s->cipher_list, &s->cipher_list_by_id, str, 2792e0ea3921Schristos s->cert); 2793a89c9211Schristos /* see comment in SSL_CTX_set_cipher_list */ 2794a89c9211Schristos if (sk == NULL) 2795a89c9211Schristos return 0; 279665b9e620Schristos else if (cipher_list_tls12_num(sk) == 0) { 27978fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH); 2798a89c9211Schristos return 0; 2799a89c9211Schristos } 2800a89c9211Schristos return 1; 2801a89c9211Schristos } 2802a89c9211Schristos 28032500041cSchristos char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) 2804a89c9211Schristos { 2805a89c9211Schristos char *p; 28062500041cSchristos STACK_OF(SSL_CIPHER) *clntsk, *srvrsk; 28075af53050Schristos const SSL_CIPHER *c; 2808a89c9211Schristos int i; 2809a89c9211Schristos 28102500041cSchristos if (!s->server 2811403eeac4Schristos || s->peer_ciphers == NULL 28122500041cSchristos || size < 2) 2813e599299fSchristos return NULL; 2814e599299fSchristos 28152500041cSchristos p = buf; 2816403eeac4Schristos clntsk = s->peer_ciphers; 28172500041cSchristos srvrsk = SSL_get_ciphers(s); 28182500041cSchristos if (clntsk == NULL || srvrsk == NULL) 28192500041cSchristos return NULL; 28202500041cSchristos 28212500041cSchristos if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0) 28222500041cSchristos return NULL; 28232500041cSchristos 28242500041cSchristos for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) { 2825a89c9211Schristos int n; 2826a89c9211Schristos 28272500041cSchristos c = sk_SSL_CIPHER_value(clntsk, i); 28282500041cSchristos if (sk_SSL_CIPHER_find(srvrsk, c) < 0) 28292500041cSchristos continue; 28302500041cSchristos 28318dcce544Schristos n = OPENSSL_strnlen(c->name, size); 28328dcce544Schristos if (n >= size) { 2833a89c9211Schristos if (p != buf) 2834a89c9211Schristos --p; 2835a89c9211Schristos *p = '\0'; 2836a89c9211Schristos return buf; 2837a89c9211Schristos } 28388dcce544Schristos memcpy(p, c->name, n); 2839a89c9211Schristos p += n; 2840a89c9211Schristos *(p++) = ':'; 28412500041cSchristos size -= n + 1; 2842a89c9211Schristos } 2843a89c9211Schristos p[-1] = '\0'; 2844e0ea3921Schristos return buf; 2845a89c9211Schristos } 2846a89c9211Schristos 284752629741Schristos /** 284852629741Schristos * Return the requested servername (SNI) value. Note that the behaviour varies 284952629741Schristos * depending on: 285052629741Schristos * - whether this is called by the client or the server, 285152629741Schristos * - if we are before or during/after the handshake, 285252629741Schristos * - if a resumption or normal handshake is being attempted/has occurred 285352629741Schristos * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3 285452629741Schristos * 285552629741Schristos * Note that only the host_name type is defined (RFC 3546). 2856a89c9211Schristos */ 2857a89c9211Schristos const char *SSL_get_servername(const SSL *s, const int type) 2858a89c9211Schristos { 285952629741Schristos /* 286052629741Schristos * If we don't know if we are the client or the server yet then we assume 286152629741Schristos * client. 286252629741Schristos */ 286352629741Schristos int server = s->handshake_func == NULL ? 0 : s->server; 2864a89c9211Schristos if (type != TLSEXT_NAMETYPE_host_name) 2865a89c9211Schristos return NULL; 2866a89c9211Schristos 286752629741Schristos if (server) { 286852629741Schristos /** 286952629741Schristos * Server side 287052629741Schristos * In TLSv1.3 on the server SNI is not associated with the session 287152629741Schristos * but in TLSv1.2 or below it is. 287252629741Schristos * 287352629741Schristos * Before the handshake: 287452629741Schristos * - return NULL 287552629741Schristos * 287652629741Schristos * During/after the handshake (TLSv1.2 or below resumption occurred): 287752629741Schristos * - If a servername was accepted by the server in the original 287852629741Schristos * handshake then it will return that servername, or NULL otherwise. 287952629741Schristos * 288052629741Schristos * During/after the handshake (TLSv1.2 or below resumption did not occur): 288152629741Schristos * - The function will return the servername requested by the client in 288252629741Schristos * this handshake or NULL if none was requested. 2883e0ea3921Schristos */ 288452629741Schristos if (s->hit && !SSL_IS_TLS13(s)) 2885e0ea3921Schristos return s->session->ext.hostname; 288652629741Schristos } else { 288752629741Schristos /** 288852629741Schristos * Client side 288952629741Schristos * 289052629741Schristos * Before the handshake: 289152629741Schristos * - If a servername has been set via a call to 289252629741Schristos * SSL_set_tlsext_host_name() then it will return that servername 289352629741Schristos * - If one has not been set, but a TLSv1.2 resumption is being 289452629741Schristos * attempted and the session from the original handshake had a 289552629741Schristos * servername accepted by the server then it will return that 289652629741Schristos * servername 289752629741Schristos * - Otherwise it returns NULL 289852629741Schristos * 289952629741Schristos * During/after the handshake (TLSv1.2 or below resumption occurred): 29004a7cf967Schristos * - If the session from the original handshake had a servername accepted 290152629741Schristos * by the server then it will return that servername. 290252629741Schristos * - Otherwise it returns the servername set via 290352629741Schristos * SSL_set_tlsext_host_name() (or NULL if it was not called). 290452629741Schristos * 290552629741Schristos * During/after the handshake (TLSv1.2 or below resumption did not occur): 290652629741Schristos * - It will return the servername set via SSL_set_tlsext_host_name() 290752629741Schristos * (or NULL if it was not called). 290852629741Schristos */ 290952629741Schristos if (SSL_in_before(s)) { 291052629741Schristos if (s->ext.hostname == NULL 291152629741Schristos && s->session != NULL 291252629741Schristos && s->session->ssl_version != TLS1_3_VERSION) 291352629741Schristos return s->session->ext.hostname; 291452629741Schristos } else { 291552629741Schristos if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL) 291652629741Schristos return s->session->ext.hostname; 291752629741Schristos } 291852629741Schristos } 291952629741Schristos 2920e0ea3921Schristos return s->ext.hostname; 2921a89c9211Schristos } 2922a89c9211Schristos 2923a89c9211Schristos int SSL_get_servername_type(const SSL *s) 2924a89c9211Schristos { 292552629741Schristos if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL) 2926a89c9211Schristos return TLSEXT_NAMETYPE_host_name; 2927a89c9211Schristos return -1; 2928a89c9211Schristos } 292932daad53Schristos 29309cef71b6Sspz /* 29319cef71b6Sspz * SSL_select_next_proto implements the standard protocol selection. It is 293232daad53Schristos * expected that this function is called from the callback set by 29339cef71b6Sspz * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a 29349cef71b6Sspz * vector of 8-bit, length prefixed byte strings. The length byte itself is 29359cef71b6Sspz * not included in the length. A byte string of length 0 is invalid. No byte 29369cef71b6Sspz * string may be truncated. The current, but experimental algorithm for 29379cef71b6Sspz * selecting the protocol is: 1) If the server doesn't support NPN then this 29389cef71b6Sspz * is indicated to the callback. In this case, the client application has to 29399cef71b6Sspz * abort the connection or have a default application level protocol. 2) If 29409cef71b6Sspz * the server supports NPN, but advertises an empty list then the client 29415af53050Schristos * selects the first protocol in its list, but indicates via the API that this 29429cef71b6Sspz * fallback case was enacted. 3) Otherwise, the client finds the first 29439cef71b6Sspz * protocol in the server's list that it supports and selects this protocol. 29449cef71b6Sspz * This is because it's assumed that the server has better information about 29459cef71b6Sspz * which protocol a client should use. 4) If the client doesn't support any 29469cef71b6Sspz * of the server's advertised protocols, then this is treated the same as 29479cef71b6Sspz * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was 29489cef71b6Sspz * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. 294932daad53Schristos */ 29509cef71b6Sspz int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 29519cef71b6Sspz const unsigned char *server, 29529cef71b6Sspz unsigned int server_len, 29535af53050Schristos const unsigned char *client, unsigned int client_len) 295432daad53Schristos { 2955*7d9ffdb3Schristos PACKET cpkt, csubpkt, spkt, ssubpkt; 2956*7d9ffdb3Schristos 2957*7d9ffdb3Schristos if (!PACKET_buf_init(&cpkt, client, client_len) 2958*7d9ffdb3Schristos || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) 2959*7d9ffdb3Schristos || PACKET_remaining(&csubpkt) == 0) { 2960*7d9ffdb3Schristos *out = NULL; 2961*7d9ffdb3Schristos *outlen = 0; 2962*7d9ffdb3Schristos return OPENSSL_NPN_NO_OVERLAP; 2963*7d9ffdb3Schristos } 2964*7d9ffdb3Schristos 2965*7d9ffdb3Schristos /* 2966*7d9ffdb3Schristos * Set the default opportunistic protocol. Will be overwritten if we find 2967*7d9ffdb3Schristos * a match. 2968*7d9ffdb3Schristos */ 2969*7d9ffdb3Schristos *out = (unsigned char *)PACKET_data(&csubpkt); 2970*7d9ffdb3Schristos *outlen = (unsigned char)PACKET_remaining(&csubpkt); 297132daad53Schristos 29729cef71b6Sspz /* 29739cef71b6Sspz * For each protocol in server preference order, see if we support it. 29749cef71b6Sspz */ 2975*7d9ffdb3Schristos if (PACKET_buf_init(&spkt, server, server_len)) { 2976*7d9ffdb3Schristos while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) { 2977*7d9ffdb3Schristos if (PACKET_remaining(&ssubpkt) == 0) 2978*7d9ffdb3Schristos continue; /* Invalid - ignore it */ 2979*7d9ffdb3Schristos if (PACKET_buf_init(&cpkt, client, client_len)) { 2980*7d9ffdb3Schristos while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) { 2981*7d9ffdb3Schristos if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt), 2982*7d9ffdb3Schristos PACKET_remaining(&ssubpkt))) { 298332daad53Schristos /* We found a match */ 2984*7d9ffdb3Schristos *out = (unsigned char *)PACKET_data(&ssubpkt); 2985*7d9ffdb3Schristos *outlen = (unsigned char)PACKET_remaining(&ssubpkt); 2986*7d9ffdb3Schristos return OPENSSL_NPN_NEGOTIATED; 298732daad53Schristos } 298832daad53Schristos } 2989*7d9ffdb3Schristos /* Ignore spurious trailing bytes in the client list */ 2990*7d9ffdb3Schristos } else { 2991*7d9ffdb3Schristos /* This should never happen */ 2992*7d9ffdb3Schristos return OPENSSL_NPN_NO_OVERLAP; 2993*7d9ffdb3Schristos } 2994*7d9ffdb3Schristos } 2995*7d9ffdb3Schristos /* Ignore spurious trailing bytes in the server list */ 299632daad53Schristos } 299732daad53Schristos 2998*7d9ffdb3Schristos /* 2999*7d9ffdb3Schristos * There's no overlap between our protocols and the server's list. We use 3000*7d9ffdb3Schristos * the default opportunistic protocol selected earlier 3001*7d9ffdb3Schristos */ 3002*7d9ffdb3Schristos return OPENSSL_NPN_NO_OVERLAP; 300332daad53Schristos } 300432daad53Schristos 300531b855a0Sspz #ifndef OPENSSL_NO_NEXTPROTONEG 30069cef71b6Sspz /* 30079cef71b6Sspz * SSL_get0_next_proto_negotiated sets *data and *len to point to the 30089cef71b6Sspz * client's requested protocol for this connection and returns 0. If the 30099cef71b6Sspz * client didn't request any protocol, then *data is set to NULL. Note that 30109cef71b6Sspz * the client can request any protocol it chooses. The value returned from 30119cef71b6Sspz * this function need not be a member of the list of supported protocols 301232daad53Schristos * provided by the callback. 301332daad53Schristos */ 30149cef71b6Sspz void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, 30159cef71b6Sspz unsigned *len) 301632daad53Schristos { 3017e0ea3921Schristos *data = s->ext.npn; 30188fbed61eSchristos if (*data == NULL) { 301932daad53Schristos *len = 0; 302032daad53Schristos } else { 3021e0ea3921Schristos *len = (unsigned int)s->ext.npn_len; 302232daad53Schristos } 302332daad53Schristos } 302432daad53Schristos 30259cef71b6Sspz /* 3026e0ea3921Schristos * SSL_CTX_set_npn_advertised_cb sets a callback that is called when 30279cef71b6Sspz * a TLS server needs a list of supported protocols for Next Protocol 30289cef71b6Sspz * Negotiation. The returned list must be in wire format. The list is 30299cef71b6Sspz * returned by setting |out| to point to it and |outlen| to its length. This 30309cef71b6Sspz * memory will not be modified, but one should assume that the SSL* keeps a 30319cef71b6Sspz * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it 30329cef71b6Sspz * wishes to advertise. Otherwise, no such extension will be included in the 30339cef71b6Sspz * ServerHello. 30349cef71b6Sspz */ 3035e0ea3921Schristos void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx, 3036e0ea3921Schristos SSL_CTX_npn_advertised_cb_func cb, 3037e0ea3921Schristos void *arg) 303832daad53Schristos { 3039e0ea3921Schristos ctx->ext.npn_advertised_cb = cb; 3040e0ea3921Schristos ctx->ext.npn_advertised_cb_arg = arg; 304132daad53Schristos } 304232daad53Schristos 30439cef71b6Sspz /* 30449cef71b6Sspz * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a 304532daad53Schristos * client needs to select a protocol from the server's provided list. |out| 304632daad53Schristos * must be set to point to the selected protocol (which may be within |in|). 30479cef71b6Sspz * The length of the protocol name must be written into |outlen|. The 30489cef71b6Sspz * server's advertised protocols are provided in |in| and |inlen|. The 30499cef71b6Sspz * callback can assume that |in| is syntactically valid. The client must 30509cef71b6Sspz * select a protocol. It is fatal to the connection if this callback returns 30519cef71b6Sspz * a value other than SSL_TLSEXT_ERR_OK. 305232daad53Schristos */ 3053e0ea3921Schristos void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx, 3054e0ea3921Schristos SSL_CTX_npn_select_cb_func cb, 3055e0ea3921Schristos void *arg) 305632daad53Schristos { 3057e0ea3921Schristos ctx->ext.npn_select_cb = cb; 3058e0ea3921Schristos ctx->ext.npn_select_cb_arg = arg; 305932daad53Schristos } 3060a89c9211Schristos #endif 306131b855a0Sspz 3062fb48e4b2Schristos static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len) 3063fb48e4b2Schristos { 3064fb48e4b2Schristos unsigned int idx; 3065fb48e4b2Schristos 3066fb48e4b2Schristos if (protos_len < 2 || protos == NULL) 3067fb48e4b2Schristos return 0; 3068fb48e4b2Schristos 3069fb48e4b2Schristos for (idx = 0; idx < protos_len; idx += protos[idx] + 1) { 3070fb48e4b2Schristos if (protos[idx] == 0) 3071fb48e4b2Schristos return 0; 3072fb48e4b2Schristos } 3073fb48e4b2Schristos return idx == protos_len; 3074fb48e4b2Schristos } 307531b855a0Sspz /* 307631b855a0Sspz * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. 307731b855a0Sspz * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit 307831b855a0Sspz * length-prefixed strings). Returns 0 on success. 307931b855a0Sspz */ 308031b855a0Sspz int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, 30815af53050Schristos unsigned int protos_len) 308231b855a0Sspz { 3083fb48e4b2Schristos unsigned char *alpn; 3084fb48e4b2Schristos 3085fb48e4b2Schristos if (protos_len == 0 || protos == NULL) { 3086e0ea3921Schristos OPENSSL_free(ctx->ext.alpn); 3087fb48e4b2Schristos ctx->ext.alpn = NULL; 3088542270d5Schristos ctx->ext.alpn_len = 0; 3089fb48e4b2Schristos return 0; 3090fb48e4b2Schristos } 3091fb48e4b2Schristos /* Not valid per RFC */ 3092fb48e4b2Schristos if (!alpn_value_ok(protos, protos_len)) 3093fb48e4b2Schristos return 1; 3094fb48e4b2Schristos 3095fb48e4b2Schristos alpn = OPENSSL_memdup(protos, protos_len); 3096fb48e4b2Schristos if (alpn == NULL) { 30978fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 309831b855a0Sspz return 1; 30995af53050Schristos } 3100fb48e4b2Schristos OPENSSL_free(ctx->ext.alpn); 3101fb48e4b2Schristos ctx->ext.alpn = alpn; 3102e0ea3921Schristos ctx->ext.alpn_len = protos_len; 310331b855a0Sspz 310431b855a0Sspz return 0; 310531b855a0Sspz } 310631b855a0Sspz 310731b855a0Sspz /* 310831b855a0Sspz * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|. 310931b855a0Sspz * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit 311031b855a0Sspz * length-prefixed strings). Returns 0 on success. 311131b855a0Sspz */ 311231b855a0Sspz int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, 31135af53050Schristos unsigned int protos_len) 311431b855a0Sspz { 3115fb48e4b2Schristos unsigned char *alpn; 3116fb48e4b2Schristos 3117fb48e4b2Schristos if (protos_len == 0 || protos == NULL) { 3118e0ea3921Schristos OPENSSL_free(ssl->ext.alpn); 3119fb48e4b2Schristos ssl->ext.alpn = NULL; 3120542270d5Schristos ssl->ext.alpn_len = 0; 3121fb48e4b2Schristos return 0; 3122fb48e4b2Schristos } 3123fb48e4b2Schristos /* Not valid per RFC */ 3124fb48e4b2Schristos if (!alpn_value_ok(protos, protos_len)) 3125fb48e4b2Schristos return 1; 3126fb48e4b2Schristos 3127fb48e4b2Schristos alpn = OPENSSL_memdup(protos, protos_len); 3128fb48e4b2Schristos if (alpn == NULL) { 31298fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 313031b855a0Sspz return 1; 31315af53050Schristos } 3132fb48e4b2Schristos OPENSSL_free(ssl->ext.alpn); 3133fb48e4b2Schristos ssl->ext.alpn = alpn; 3134e0ea3921Schristos ssl->ext.alpn_len = protos_len; 313531b855a0Sspz 313631b855a0Sspz return 0; 313731b855a0Sspz } 313831b855a0Sspz 313931b855a0Sspz /* 314031b855a0Sspz * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is 314131b855a0Sspz * called during ClientHello processing in order to select an ALPN protocol 314231b855a0Sspz * from the client's list of offered protocols. 314331b855a0Sspz */ 314431b855a0Sspz void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, 3145e0ea3921Schristos SSL_CTX_alpn_select_cb_func cb, 3146e0ea3921Schristos void *arg) 314731b855a0Sspz { 3148e0ea3921Schristos ctx->ext.alpn_select_cb = cb; 3149e0ea3921Schristos ctx->ext.alpn_select_cb_arg = arg; 315031b855a0Sspz } 315131b855a0Sspz 315231b855a0Sspz /* 31535af53050Schristos * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|. 31545af53050Schristos * On return it sets |*data| to point to |*len| bytes of protocol name 315531b855a0Sspz * (not including the leading length-prefix byte). If the server didn't 315631b855a0Sspz * respond with a negotiated protocol then |*len| will be zero. 315731b855a0Sspz */ 315831b855a0Sspz void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, 31595af53050Schristos unsigned int *len) 316031b855a0Sspz { 31618fbed61eSchristos *data = ssl->s3.alpn_selected; 316231b855a0Sspz if (*data == NULL) 316331b855a0Sspz *len = 0; 316431b855a0Sspz else 31658fbed61eSchristos *len = (unsigned int)ssl->s3.alpn_selected_len; 316631b855a0Sspz } 316731b855a0Sspz 316832daad53Schristos int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 31699cef71b6Sspz const char *label, size_t llen, 31705af53050Schristos const unsigned char *context, size_t contextlen, 317132daad53Schristos int use_context) 317232daad53Schristos { 31734a7cf967Schristos if (s->session == NULL 31744a7cf967Schristos || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)) 317532daad53Schristos return -1; 317632daad53Schristos 317732daad53Schristos return s->method->ssl3_enc->export_keying_material(s, out, olen, label, 31785af53050Schristos llen, context, 31795af53050Schristos contextlen, use_context); 318032daad53Schristos } 3181a89c9211Schristos 3182e0ea3921Schristos int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, 3183e0ea3921Schristos const char *label, size_t llen, 3184e0ea3921Schristos const unsigned char *context, 3185e0ea3921Schristos size_t contextlen) 3186e0ea3921Schristos { 3187e0ea3921Schristos if (s->version != TLS1_3_VERSION) 3188e0ea3921Schristos return 0; 3189e0ea3921Schristos 3190e0ea3921Schristos return tls13_export_keying_material_early(s, out, olen, label, llen, 3191e0ea3921Schristos context, contextlen); 3192e0ea3921Schristos } 3193e0ea3921Schristos 3194a89c9211Schristos static unsigned long ssl_session_hash(const SSL_SESSION *a) 3195a89c9211Schristos { 31965af53050Schristos const unsigned char *session_id = a->session_id; 3197a89c9211Schristos unsigned long l; 31985af53050Schristos unsigned char tmp_storage[4]; 31995af53050Schristos 32005af53050Schristos if (a->session_id_length < sizeof(tmp_storage)) { 32015af53050Schristos memset(tmp_storage, 0, sizeof(tmp_storage)); 32025af53050Schristos memcpy(tmp_storage, a->session_id, a->session_id_length); 32035af53050Schristos session_id = tmp_storage; 32045af53050Schristos } 3205a89c9211Schristos 3206a89c9211Schristos l = (unsigned long) 32075af53050Schristos ((unsigned long)session_id[0]) | 32085af53050Schristos ((unsigned long)session_id[1] << 8L) | 32095af53050Schristos ((unsigned long)session_id[2] << 16L) | 32105af53050Schristos ((unsigned long)session_id[3] << 24L); 3211e0ea3921Schristos return l; 3212a89c9211Schristos } 3213a89c9211Schristos 32149cef71b6Sspz /* 32159cef71b6Sspz * NB: If this function (or indeed the hash function which uses a sort of 3216a89c9211Schristos * coarser function than this one) is changed, ensure 32179cef71b6Sspz * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on 32189cef71b6Sspz * being able to construct an SSL_SESSION that will collide with any existing 32199cef71b6Sspz * session with a matching session ID. 32209cef71b6Sspz */ 3221a89c9211Schristos static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) 3222a89c9211Schristos { 3223a89c9211Schristos if (a->ssl_version != b->ssl_version) 3224e0ea3921Schristos return 1; 3225a89c9211Schristos if (a->session_id_length != b->session_id_length) 3226e0ea3921Schristos return 1; 3227e0ea3921Schristos return memcmp(a->session_id, b->session_id, a->session_id_length); 3228a89c9211Schristos } 3229a89c9211Schristos 32309cef71b6Sspz /* 32319cef71b6Sspz * These wrapper functions should remain rather than redeclaring 3232a89c9211Schristos * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each 32339cef71b6Sspz * variable. The reason is that the functions aren't static, they're exposed 32349cef71b6Sspz * via ssl.h. 32359cef71b6Sspz */ 3236a89c9211Schristos 32378fbed61eSchristos SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, 32388fbed61eSchristos const SSL_METHOD *meth) 3239a89c9211Schristos { 3240a89c9211Schristos SSL_CTX *ret = NULL; 3241a89c9211Schristos 32429cef71b6Sspz if (meth == NULL) { 32438fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_METHOD_PASSED); 3244e0ea3921Schristos return NULL; 3245a89c9211Schristos } 32465af53050Schristos 32475af53050Schristos if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) 32485af53050Schristos return NULL; 32495af53050Schristos 32509cef71b6Sspz if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 32518fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 3252a89c9211Schristos goto err; 3253a89c9211Schristos } 32545af53050Schristos ret = OPENSSL_zalloc(sizeof(*ret)); 3255a89c9211Schristos if (ret == NULL) 3256a89c9211Schristos goto err; 3257a89c9211Schristos 32588fbed61eSchristos /* Init the reference counting before any call to SSL_CTX_free */ 32598fbed61eSchristos ret->references = 1; 32608fbed61eSchristos ret->lock = CRYPTO_THREAD_lock_new(); 32618fbed61eSchristos if (ret->lock == NULL) { 32628fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 32638fbed61eSchristos OPENSSL_free(ret); 32648fbed61eSchristos return NULL; 32658fbed61eSchristos } 32668fbed61eSchristos 32678fbed61eSchristos #ifdef TSAN_REQUIRES_LOCKING 32688fbed61eSchristos ret->tsan_lock = CRYPTO_THREAD_lock_new(); 32698fbed61eSchristos if (ret->tsan_lock == NULL) { 32708fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 32718fbed61eSchristos goto err; 32728fbed61eSchristos } 32738fbed61eSchristos #endif 32748fbed61eSchristos 32758fbed61eSchristos ret->libctx = libctx; 32768fbed61eSchristos if (propq != NULL) { 32778fbed61eSchristos ret->propq = OPENSSL_strdup(propq); 32788fbed61eSchristos if (ret->propq == NULL) 32798fbed61eSchristos goto err; 32808fbed61eSchristos } 32818fbed61eSchristos 3282a89c9211Schristos ret->method = meth; 32835af53050Schristos ret->min_proto_version = 0; 32845af53050Schristos ret->max_proto_version = 0; 3285e0ea3921Schristos ret->mode = SSL_MODE_AUTO_RETRY; 3286a89c9211Schristos ret->session_cache_mode = SSL_SESS_CACHE_SERVER; 3287a89c9211Schristos ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 32885af53050Schristos /* We take the system default. */ 3289a89c9211Schristos ret->session_timeout = meth->get_timeout(); 3290a89c9211Schristos ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; 3291a89c9211Schristos ret->verify_mode = SSL_VERIFY_NONE; 3292a89c9211Schristos if ((ret->cert = ssl_cert_new()) == NULL) 3293a89c9211Schristos goto err; 3294a89c9211Schristos 32955af53050Schristos ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp); 32969cef71b6Sspz if (ret->sessions == NULL) 32979cef71b6Sspz goto err; 3298a89c9211Schristos ret->cert_store = X509_STORE_new(); 32999cef71b6Sspz if (ret->cert_store == NULL) 33009cef71b6Sspz goto err; 33015af53050Schristos #ifndef OPENSSL_NO_CT 33028fbed61eSchristos ret->ctlog_store = CTLOG_STORE_new_ex(libctx, propq); 33035af53050Schristos if (ret->ctlog_store == NULL) 33045af53050Schristos goto err; 33055af53050Schristos #endif 3306e0ea3921Schristos 33078fbed61eSchristos /* initialize cipher/digest methods table */ 33088fbed61eSchristos if (!ssl_load_ciphers(ret)) 33098fbed61eSchristos goto err2; 33108fbed61eSchristos /* initialise sig algs */ 33118fbed61eSchristos if (!ssl_setup_sig_algs(ret)) 33128fbed61eSchristos goto err2; 33138fbed61eSchristos 33148fbed61eSchristos 33158fbed61eSchristos if (!ssl_load_groups(ret)) 33168fbed61eSchristos goto err2; 33178fbed61eSchristos 33188fbed61eSchristos if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) 3319e0ea3921Schristos goto err; 3320e0ea3921Schristos 33218fbed61eSchristos if (!ssl_create_cipher_list(ret, 3322e0ea3921Schristos ret->tls13_ciphersuites, 3323a89c9211Schristos &ret->cipher_list, &ret->cipher_list_by_id, 33248fbed61eSchristos OSSL_default_cipher_list(), ret->cert) 33255af53050Schristos || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { 33268fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); 3327a89c9211Schristos goto err2; 3328a89c9211Schristos } 3329a89c9211Schristos 3330a89c9211Schristos ret->param = X509_VERIFY_PARAM_new(); 33315af53050Schristos if (ret->param == NULL) 3332a89c9211Schristos goto err; 3333a89c9211Schristos 33348fbed61eSchristos /* 33358fbed61eSchristos * If these aren't available from the provider we'll get NULL returns. 33368fbed61eSchristos * That's fine but will cause errors later if SSLv3 is negotiated 33378fbed61eSchristos */ 33388fbed61eSchristos ret->md5 = ssl_evp_md_fetch(libctx, NID_md5, propq); 33398fbed61eSchristos ret->sha1 = ssl_evp_md_fetch(libctx, NID_sha1, propq); 3340a89c9211Schristos 3341e0ea3921Schristos if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) 3342a89c9211Schristos goto err; 3343a89c9211Schristos 3344bf8eace1Schristos if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL) 3345bf8eace1Schristos goto err; 3346bf8eace1Schristos 33475af53050Schristos if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data)) 33485af53050Schristos goto err; 3349a89c9211Schristos 3350e0ea3921Schristos if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL) 3351e0ea3921Schristos goto err; 3352e0ea3921Schristos 33536d192628Schristos /* No compression for DTLS */ 335431b855a0Sspz if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)) 3355a89c9211Schristos ret->comp_methods = SSL_COMP_get_compression_methods(); 3356a89c9211Schristos 3357a89c9211Schristos ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 33585af53050Schristos ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 3359a89c9211Schristos 33605af53050Schristos /* Setup RFC5077 ticket keys */ 33618fbed61eSchristos if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name, 33628fbed61eSchristos sizeof(ret->ext.tick_key_name), 0) <= 0) 33638fbed61eSchristos || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key, 33648fbed61eSchristos sizeof(ret->ext.secure->tick_hmac_key), 0) <= 0) 33658fbed61eSchristos || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key, 33668fbed61eSchristos sizeof(ret->ext.secure->tick_aes_key), 0) <= 0)) 3367a89c9211Schristos ret->options |= SSL_OP_NO_TICKET; 3368a89c9211Schristos 33698fbed61eSchristos if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key, 33708fbed61eSchristos sizeof(ret->ext.cookie_hmac_key), 0) <= 0) 3371e0ea3921Schristos goto err; 3372e0ea3921Schristos 33734e3dcb23Sspz #ifndef OPENSSL_NO_SRP 33748fbed61eSchristos if (!ssl_ctx_srp_ctx_init_intern(ret)) 3375a89c9211Schristos goto err; 3376a89c9211Schristos #endif 3377a89c9211Schristos #ifndef OPENSSL_NO_ENGINE 3378a89c9211Schristos # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO 3379a89c9211Schristos # define eng_strx(x) #x 3380a89c9211Schristos # define eng_str(x) eng_strx(x) 3381a89c9211Schristos /* Use specific client engine automatically... ignore errors */ 3382a89c9211Schristos { 3383a89c9211Schristos ENGINE *eng; 3384a89c9211Schristos eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 33859cef71b6Sspz if (!eng) { 3386a89c9211Schristos ERR_clear_error(); 3387a89c9211Schristos ENGINE_load_builtin_engines(); 3388a89c9211Schristos eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 3389a89c9211Schristos } 3390a89c9211Schristos if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) 3391a89c9211Schristos ERR_clear_error(); 3392a89c9211Schristos } 3393a89c9211Schristos # endif 3394a89c9211Schristos #endif 33959cef71b6Sspz /* 33965af53050Schristos * Disable compression by default to prevent CRIME. Applications can 33975af53050Schristos * re-enable compression by configuring 33985af53050Schristos * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION); 3399e0ea3921Schristos * or by using the SSL_CONF library. Similarly we also enable TLSv1.3 3400e0ea3921Schristos * middlebox compatibility by default. This may be disabled by default in 3401e0ea3921Schristos * a later OpenSSL version. 3402338c2544Schristos */ 3403e0ea3921Schristos ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT; 3404338c2544Schristos 3405e0ea3921Schristos ret->ext.status_type = TLSEXT_STATUSTYPE_nothing; 3406e0ea3921Schristos 3407e0ea3921Schristos /* 3408e0ea3921Schristos * We cannot usefully set a default max_early_data here (which gets 3409e0ea3921Schristos * propagated in SSL_new(), for the following reason: setting the 3410e0ea3921Schristos * SSL field causes tls_construct_stoc_early_data() to tell the 3411e0ea3921Schristos * client that early data will be accepted when constructing a TLS 1.3 3412e0ea3921Schristos * session ticket, and the client will accordingly send us early data 3413e0ea3921Schristos * when using that ticket (if the client has early data to send). 3414e0ea3921Schristos * However, in order for the early data to actually be consumed by 3415e0ea3921Schristos * the application, the application must also have calls to 3416e0ea3921Schristos * SSL_read_early_data(); otherwise we'll just skip past the early data 3417e0ea3921Schristos * and ignore it. So, since the application must add calls to 3418e0ea3921Schristos * SSL_read_early_data(), we also require them to add 3419e0ea3921Schristos * calls to SSL_CTX_set_max_early_data() in order to use early data, 3420e0ea3921Schristos * eliminating the bandwidth-wasting early data in the case described 3421e0ea3921Schristos * above. 3422e0ea3921Schristos */ 3423e0ea3921Schristos ret->max_early_data = 0; 3424e0ea3921Schristos 3425e0ea3921Schristos /* 3426e0ea3921Schristos * Default recv_max_early_data is a fully loaded single record. Could be 3427e0ea3921Schristos * split across multiple records in practice. We set this differently to 3428e0ea3921Schristos * max_early_data so that, in the default case, we do not advertise any 3429e0ea3921Schristos * support for early_data, but if a client were to send us some (e.g. 3430e0ea3921Schristos * because of an old, stale ticket) then we will tolerate it and skip over 3431e0ea3921Schristos * it. 3432e0ea3921Schristos */ 3433e0ea3921Schristos ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH; 3434e0ea3921Schristos 3435e0ea3921Schristos /* By default we send two session tickets automatically in TLSv1.3 */ 3436e0ea3921Schristos ret->num_tickets = 2; 3437e0ea3921Schristos 3438e0ea3921Schristos ssl_ctx_system_config(ret); 34395af53050Schristos 34405af53050Schristos return ret; 3441a89c9211Schristos err: 34428fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 3443a89c9211Schristos err2: 34449cef71b6Sspz SSL_CTX_free(ret); 34455af53050Schristos return NULL; 3446a89c9211Schristos } 3447a89c9211Schristos 34488fbed61eSchristos SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) 34498fbed61eSchristos { 34508fbed61eSchristos return SSL_CTX_new_ex(NULL, NULL, meth); 34518fbed61eSchristos } 34528fbed61eSchristos 34535af53050Schristos int SSL_CTX_up_ref(SSL_CTX *ctx) 34549cef71b6Sspz { 34555af53050Schristos int i; 3456a89c9211Schristos 3457e0ea3921Schristos if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0) 34585af53050Schristos return 0; 34595af53050Schristos 34605af53050Schristos REF_PRINT_COUNT("SSL_CTX", ctx); 34615af53050Schristos REF_ASSERT_ISNT(i < 2); 34625af53050Schristos return ((i > 1) ? 1 : 0); 3463a89c9211Schristos } 3464a89c9211Schristos 3465a89c9211Schristos void SSL_CTX_free(SSL_CTX *a) 3466a89c9211Schristos { 3467a89c9211Schristos int i; 34688fbed61eSchristos size_t j; 3469a89c9211Schristos 34709cef71b6Sspz if (a == NULL) 34719cef71b6Sspz return; 3472a89c9211Schristos 3473e0ea3921Schristos CRYPTO_DOWN_REF(&a->references, &i, a->lock); 34745af53050Schristos REF_PRINT_COUNT("SSL_CTX", a); 34759cef71b6Sspz if (i > 0) 34769cef71b6Sspz return; 34775af53050Schristos REF_ASSERT_ISNT(i < 0); 3478a89c9211Schristos 3479a89c9211Schristos X509_VERIFY_PARAM_free(a->param); 34805af53050Schristos dane_ctx_final(&a->dane); 3481a89c9211Schristos 3482a89c9211Schristos /* 3483a89c9211Schristos * Free internal session cache. However: the remove_cb() may reference 3484a89c9211Schristos * the ex_data of SSL_CTX, thus the ex_data store can only be removed 3485a89c9211Schristos * after the sessions were flushed. 3486a89c9211Schristos * As the ex_data handling routines might also touch the session cache, 3487a89c9211Schristos * the most secure solution seems to be: empty (flush) the cache, then 3488a89c9211Schristos * free ex_data, then finally free the cache. 3489a89c9211Schristos * (See ticket [openssl.org #212].) 3490a89c9211Schristos */ 3491a89c9211Schristos if (a->sessions != NULL) 3492a89c9211Schristos SSL_CTX_flush_sessions(a, 0); 3493a89c9211Schristos 3494a89c9211Schristos CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); 3495a89c9211Schristos lh_SSL_SESSION_free(a->sessions); 3496a89c9211Schristos X509_STORE_free(a->cert_store); 34975af53050Schristos #ifndef OPENSSL_NO_CT 34985af53050Schristos CTLOG_STORE_free(a->ctlog_store); 34995af53050Schristos #endif 3500a89c9211Schristos sk_SSL_CIPHER_free(a->cipher_list); 3501a89c9211Schristos sk_SSL_CIPHER_free(a->cipher_list_by_id); 3502e0ea3921Schristos sk_SSL_CIPHER_free(a->tls13_ciphersuites); 3503a89c9211Schristos ssl_cert_free(a->cert); 3504e0ea3921Schristos sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free); 3505bf8eace1Schristos sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free); 3506a89c9211Schristos sk_X509_pop_free(a->extra_certs, X509_free); 3507a89c9211Schristos a->comp_methods = NULL; 35085f71164aSchristos #ifndef OPENSSL_NO_SRTP 350932daad53Schristos sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); 35105f71164aSchristos #endif 35114e3dcb23Sspz #ifndef OPENSSL_NO_SRP 35128fbed61eSchristos ssl_ctx_srp_ctx_free_intern(a); 35134e3dcb23Sspz #endif 3514a89c9211Schristos #ifndef OPENSSL_NO_ENGINE 35158fbed61eSchristos tls_engine_finish(a->client_cert_engine); 3516a89c9211Schristos #endif 3517a89c9211Schristos 3518e0ea3921Schristos OPENSSL_free(a->ext.ecpointformats); 3519e0ea3921Schristos OPENSSL_free(a->ext.supportedgroups); 35208fbed61eSchristos OPENSSL_free(a->ext.supported_groups_default); 3521e0ea3921Schristos OPENSSL_free(a->ext.alpn); 3522e0ea3921Schristos OPENSSL_secure_free(a->ext.secure); 35235af53050Schristos 35248fbed61eSchristos ssl_evp_md_free(a->md5); 35258fbed61eSchristos ssl_evp_md_free(a->sha1); 35268fbed61eSchristos 35278fbed61eSchristos for (j = 0; j < SSL_ENC_NUM_IDX; j++) 35288fbed61eSchristos ssl_evp_cipher_free(a->ssl_cipher_methods[j]); 35298fbed61eSchristos for (j = 0; j < SSL_MD_NUM_IDX; j++) 35308fbed61eSchristos ssl_evp_md_free(a->ssl_digest_methods[j]); 35318fbed61eSchristos for (j = 0; j < a->group_list_len; j++) { 35328fbed61eSchristos OPENSSL_free(a->group_list[j].tlsname); 35338fbed61eSchristos OPENSSL_free(a->group_list[j].realname); 35348fbed61eSchristos OPENSSL_free(a->group_list[j].algorithm); 35358fbed61eSchristos } 35368fbed61eSchristos OPENSSL_free(a->group_list); 35378fbed61eSchristos 35388fbed61eSchristos OPENSSL_free(a->sigalg_lookup_cache); 35398fbed61eSchristos 35405af53050Schristos CRYPTO_THREAD_lock_free(a->lock); 35418fbed61eSchristos #ifdef TSAN_REQUIRES_LOCKING 35428fbed61eSchristos CRYPTO_THREAD_lock_free(a->tsan_lock); 35438fbed61eSchristos #endif 35448fbed61eSchristos 35458fbed61eSchristos OPENSSL_free(a->propq); 3546a89c9211Schristos 3547a89c9211Schristos OPENSSL_free(a); 3548a89c9211Schristos } 3549a89c9211Schristos 3550a89c9211Schristos void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) 3551a89c9211Schristos { 3552a89c9211Schristos ctx->default_passwd_callback = cb; 3553a89c9211Schristos } 3554a89c9211Schristos 3555a89c9211Schristos void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 3556a89c9211Schristos { 3557a89c9211Schristos ctx->default_passwd_callback_userdata = u; 3558a89c9211Schristos } 3559a89c9211Schristos 35605af53050Schristos pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) 35615af53050Schristos { 35625af53050Schristos return ctx->default_passwd_callback; 35635af53050Schristos } 35645af53050Schristos 35655af53050Schristos void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) 35665af53050Schristos { 35675af53050Schristos return ctx->default_passwd_callback_userdata; 35685af53050Schristos } 35695af53050Schristos 35705af53050Schristos void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb) 35715af53050Schristos { 35725af53050Schristos s->default_passwd_callback = cb; 35735af53050Schristos } 35745af53050Schristos 35755af53050Schristos void SSL_set_default_passwd_cb_userdata(SSL *s, void *u) 35765af53050Schristos { 35775af53050Schristos s->default_passwd_callback_userdata = u; 35785af53050Schristos } 35795af53050Schristos 35805af53050Schristos pem_password_cb *SSL_get_default_passwd_cb(SSL *s) 35815af53050Schristos { 35825af53050Schristos return s->default_passwd_callback; 35835af53050Schristos } 35845af53050Schristos 35855af53050Schristos void *SSL_get_default_passwd_cb_userdata(SSL *s) 35865af53050Schristos { 35875af53050Schristos return s->default_passwd_callback_userdata; 35885af53050Schristos } 35895af53050Schristos 35909cef71b6Sspz void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 35919cef71b6Sspz int (*cb) (X509_STORE_CTX *, void *), 35929cef71b6Sspz void *arg) 3593a89c9211Schristos { 3594a89c9211Schristos ctx->app_verify_callback = cb; 3595a89c9211Schristos ctx->app_verify_arg = arg; 3596a89c9211Schristos } 3597a89c9211Schristos 35989cef71b6Sspz void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, 35999cef71b6Sspz int (*cb) (int, X509_STORE_CTX *)) 3600a89c9211Schristos { 3601a89c9211Schristos ctx->verify_mode = mode; 3602a89c9211Schristos ctx->default_verify_callback = cb; 3603a89c9211Schristos } 3604a89c9211Schristos 3605a89c9211Schristos void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) 3606a89c9211Schristos { 3607a89c9211Schristos X509_VERIFY_PARAM_set_depth(ctx->param, depth); 3608a89c9211Schristos } 3609a89c9211Schristos 36105af53050Schristos void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg) 361131b855a0Sspz { 361231b855a0Sspz ssl_cert_set_cert_cb(c->cert, cb, arg); 361331b855a0Sspz } 361431b855a0Sspz 361531b855a0Sspz void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) 361631b855a0Sspz { 361731b855a0Sspz ssl_cert_set_cert_cb(s->cert, cb, arg); 361831b855a0Sspz } 361931b855a0Sspz 36205af53050Schristos void ssl_set_masks(SSL *s) 3621a89c9211Schristos { 36225af53050Schristos CERT *c = s->cert; 36238fbed61eSchristos uint32_t *pvalid = s->s3.tmp.valid_flags; 36245af53050Schristos int rsa_enc, rsa_sign, dh_tmp, dsa_sign; 36255af53050Schristos unsigned long mask_k, mask_a; 36265af53050Schristos int have_ecc_cert, ecdsa_ok; 36278fbed61eSchristos 36289cef71b6Sspz if (c == NULL) 36299cef71b6Sspz return; 3630a89c9211Schristos 36318fbed61eSchristos dh_tmp = (c->dh_tmp != NULL 36328fbed61eSchristos || c->dh_tmp_cb != NULL 36338fbed61eSchristos || c->dh_tmp_auto); 3634a89c9211Schristos 3635e0ea3921Schristos rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; 3636e0ea3921Schristos rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; 3637e0ea3921Schristos dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID; 36385af53050Schristos have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; 3639a89c9211Schristos mask_k = 0; 3640a89c9211Schristos mask_a = 0; 3641a89c9211Schristos 36428fbed61eSchristos OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n", 36435af53050Schristos dh_tmp, rsa_enc, rsa_sign, dsa_sign); 3644a89c9211Schristos 36455af53050Schristos #ifndef OPENSSL_NO_GOST 3646e0ea3921Schristos if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) { 36478fbed61eSchristos mask_k |= SSL_kGOST | SSL_kGOST18; 36485af53050Schristos mask_a |= SSL_aGOST12; 36495af53050Schristos } 3650e0ea3921Schristos if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) { 36518fbed61eSchristos mask_k |= SSL_kGOST | SSL_kGOST18; 36525af53050Schristos mask_a |= SSL_aGOST12; 36535af53050Schristos } 3654e0ea3921Schristos if (ssl_has_cert(s, SSL_PKEY_GOST01)) { 3655a89c9211Schristos mask_k |= SSL_kGOST; 3656a89c9211Schristos mask_a |= SSL_aGOST01; 3657a89c9211Schristos } 3658a89c9211Schristos #endif 3659a89c9211Schristos 36605af53050Schristos if (rsa_enc) 36615af53050Schristos mask_k |= SSL_kRSA; 3662a89c9211Schristos 3663a89c9211Schristos if (dh_tmp) 36645af53050Schristos mask_k |= SSL_kDHE; 366531b855a0Sspz 3666e0ea3921Schristos /* 3667e0ea3921Schristos * If we only have an RSA-PSS certificate allow RSA authentication 3668e0ea3921Schristos * if TLS 1.2 and peer supports it. 3669e0ea3921Schristos */ 3670e0ea3921Schristos 3671e0ea3921Schristos if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN) 3672e0ea3921Schristos && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN 3673e0ea3921Schristos && TLS1_get_version(s) == TLS1_2_VERSION)) 3674a89c9211Schristos mask_a |= SSL_aRSA; 3675a89c9211Schristos 36769cef71b6Sspz if (dsa_sign) { 3677a89c9211Schristos mask_a |= SSL_aDSS; 3678a89c9211Schristos } 3679a89c9211Schristos 3680a89c9211Schristos mask_a |= SSL_aNULL; 3681a89c9211Schristos 36829cef71b6Sspz /* 36839cef71b6Sspz * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites 36849cef71b6Sspz * depending on the key usage extension. 3685a89c9211Schristos */ 36869cef71b6Sspz if (have_ecc_cert) { 36875af53050Schristos uint32_t ex_kusage; 3688e0ea3921Schristos ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509); 36895af53050Schristos ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE; 36905af53050Schristos if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN)) 369131b855a0Sspz ecdsa_ok = 0; 36925af53050Schristos if (ecdsa_ok) 3693a89c9211Schristos mask_a |= SSL_aECDSA; 3694a89c9211Schristos } 3695e0ea3921Schristos /* Allow Ed25519 for TLS 1.2 if peer supports it */ 3696e0ea3921Schristos if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519) 3697e0ea3921Schristos && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN 3698e0ea3921Schristos && TLS1_get_version(s) == TLS1_2_VERSION) 3699e0ea3921Schristos mask_a |= SSL_aECDSA; 3700e0ea3921Schristos 3701e0ea3921Schristos /* Allow Ed448 for TLS 1.2 if peer supports it */ 3702e0ea3921Schristos if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448) 3703e0ea3921Schristos && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN 3704e0ea3921Schristos && TLS1_get_version(s) == TLS1_2_VERSION) 3705e0ea3921Schristos mask_a |= SSL_aECDSA; 370631b855a0Sspz 37075af53050Schristos mask_k |= SSL_kECDHE; 3708a89c9211Schristos 3709a89c9211Schristos #ifndef OPENSSL_NO_PSK 3710a89c9211Schristos mask_k |= SSL_kPSK; 3711a89c9211Schristos mask_a |= SSL_aPSK; 37125af53050Schristos if (mask_k & SSL_kRSA) 37135af53050Schristos mask_k |= SSL_kRSAPSK; 37145af53050Schristos if (mask_k & SSL_kDHE) 37155af53050Schristos mask_k |= SSL_kDHEPSK; 37165af53050Schristos if (mask_k & SSL_kECDHE) 37175af53050Schristos mask_k |= SSL_kECDHEPSK; 3718a89c9211Schristos #endif 3719a89c9211Schristos 37208fbed61eSchristos s->s3.tmp.mask_k = mask_k; 37218fbed61eSchristos s->s3.tmp.mask_a = mask_a; 3722a89c9211Schristos } 3723a89c9211Schristos 37244e3dcb23Sspz int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 3725a89c9211Schristos { 37268fbed61eSchristos if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) { 3727a89c9211Schristos /* key usage, if present, must allow signing */ 37285af53050Schristos if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) { 37298fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING); 3730a89c9211Schristos return 0; 3731a89c9211Schristos } 3732a89c9211Schristos } 3733a89c9211Schristos return 1; /* all checks are ok */ 3734a89c9211Schristos } 3735a89c9211Schristos 373631b855a0Sspz int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, 373731b855a0Sspz size_t *serverinfo_length) 373831b855a0Sspz { 37398fbed61eSchristos CERT_PKEY *cpk = s->s3.tmp.cert; 374031b855a0Sspz *serverinfo_length = 0; 374131b855a0Sspz 3742e0ea3921Schristos if (cpk == NULL || cpk->serverinfo == NULL) 374331b855a0Sspz return 0; 374431b855a0Sspz 3745e0ea3921Schristos *serverinfo = cpk->serverinfo; 3746e0ea3921Schristos *serverinfo_length = cpk->serverinfo_length; 374731b855a0Sspz return 1; 374831b855a0Sspz } 374931b855a0Sspz 3750a89c9211Schristos void ssl_update_cache(SSL *s, int mode) 3751a89c9211Schristos { 3752a89c9211Schristos int i; 3753a89c9211Schristos 37549cef71b6Sspz /* 37559cef71b6Sspz * If the session_id_length is 0, we are not supposed to cache it, and it 3756b46c97feSchristos * would be rather hard to do anyway :-). Also if the session has already 3757b46c97feSchristos * been marked as not_resumable we should not cache it for later reuse. 37589cef71b6Sspz */ 3759b46c97feSchristos if (s->session->session_id_length == 0 || s->session->not_resumable) 37609cef71b6Sspz return; 3761a89c9211Schristos 376278327f04Schristos /* 376378327f04Schristos * If sid_ctx_length is 0 there is no specific application context 376478327f04Schristos * associated with this session, so when we try to resume it and 37652500041cSchristos * SSL_VERIFY_PEER is requested to verify the client identity, we have no 37662500041cSchristos * indication that this is actually a session for the proper application 37672500041cSchristos * context, and the *handshake* will fail, not just the resumption attempt. 37682500041cSchristos * Do not cache (on the server) these sessions that are not resumable 37692500041cSchristos * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set). 377078327f04Schristos */ 37712500041cSchristos if (s->server && s->session->sid_ctx_length == 0 377278327f04Schristos && (s->verify_mode & SSL_VERIFY_PEER) != 0) 377378327f04Schristos return; 377478327f04Schristos 3775a89c9211Schristos i = s->session_ctx->session_cache_mode; 3776e0ea3921Schristos if ((i & mode) != 0 3777e0ea3921Schristos && (!s->hit || SSL_IS_TLS13(s))) { 3778e0ea3921Schristos /* 3779e0ea3921Schristos * Add the session to the internal cache. In server side TLSv1.3 we 3780e0ea3921Schristos * normally don't do this because by default it's a full stateless ticket 3781e0ea3921Schristos * with only a dummy session id so there is no reason to cache it, 3782e0ea3921Schristos * unless: 3783e0ea3921Schristos * - we are doing early_data, in which case we cache so that we can 3784e0ea3921Schristos * detect replays 3785e0ea3921Schristos * - the application has set a remove_session_cb so needs to know about 3786e0ea3921Schristos * session timeout events 3787e0ea3921Schristos * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket 3788e0ea3921Schristos */ 3789e0ea3921Schristos if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0 3790e0ea3921Schristos && (!SSL_IS_TLS13(s) 3791e0ea3921Schristos || !s->server 3792e0ea3921Schristos || (s->max_early_data > 0 3793e0ea3921Schristos && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0) 3794e0ea3921Schristos || s->session_ctx->remove_session_cb != NULL 3795e0ea3921Schristos || (s->options & SSL_OP_NO_TICKET) != 0)) 3796e0ea3921Schristos SSL_CTX_add_session(s->session_ctx, s->session); 3797e0ea3921Schristos 3798e0ea3921Schristos /* 3799e0ea3921Schristos * Add the session to the external cache. We do this even in server side 3800e0ea3921Schristos * TLSv1.3 without early data because some applications just want to 3801e0ea3921Schristos * know about the creation of a session and aren't doing a full cache. 3802e0ea3921Schristos */ 3803e0ea3921Schristos if (s->session_ctx->new_session_cb != NULL) { 38045af53050Schristos SSL_SESSION_up_ref(s->session); 3805a89c9211Schristos if (!s->session_ctx->new_session_cb(s, s->session)) 3806a89c9211Schristos SSL_SESSION_free(s->session); 3807a89c9211Schristos } 3808e0ea3921Schristos } 3809a89c9211Schristos 3810a89c9211Schristos /* auto flush every 255 connections */ 38119cef71b6Sspz if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { 3812e0ea3921Schristos TSAN_QUALIFIER int *stat; 38138fbed61eSchristos 3814e0ea3921Schristos if (mode & SSL_SESS_CACHE_CLIENT) 3815e0ea3921Schristos stat = &s->session_ctx->stats.sess_connect_good; 3816e0ea3921Schristos else 3817e0ea3921Schristos stat = &s->session_ctx->stats.sess_accept_good; 38188fbed61eSchristos if ((ssl_tsan_load(s->session_ctx, stat) & 0xff) == 0xff) 3819a89c9211Schristos SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL)); 3820a89c9211Schristos } 3821a89c9211Schristos } 3822a89c9211Schristos 382365b9e620Schristos const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx) 382431b855a0Sspz { 382531b855a0Sspz return ctx->method; 382631b855a0Sspz } 382731b855a0Sspz 382865b9e620Schristos const SSL_METHOD *SSL_get_ssl_method(const SSL *s) 3829a89c9211Schristos { 3830e0ea3921Schristos return s->method; 3831a89c9211Schristos } 3832a89c9211Schristos 3833a89c9211Schristos int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) 3834a89c9211Schristos { 3835a89c9211Schristos int ret = 1; 3836a89c9211Schristos 38379cef71b6Sspz if (s->method != meth) { 38385af53050Schristos const SSL_METHOD *sm = s->method; 38395af53050Schristos int (*hf) (SSL *) = s->handshake_func; 3840a89c9211Schristos 38415af53050Schristos if (sm->version == meth->version) 3842a89c9211Schristos s->method = meth; 38439cef71b6Sspz else { 38445af53050Schristos sm->ssl_free(s); 3845a89c9211Schristos s->method = meth; 3846a89c9211Schristos ret = s->method->ssl_new(s); 3847a89c9211Schristos } 3848a89c9211Schristos 38495af53050Schristos if (hf == sm->ssl_connect) 3850a89c9211Schristos s->handshake_func = meth->ssl_connect; 38515af53050Schristos else if (hf == sm->ssl_accept) 3852a89c9211Schristos s->handshake_func = meth->ssl_accept; 3853a89c9211Schristos } 3854e0ea3921Schristos return ret; 3855a89c9211Schristos } 3856a89c9211Schristos 3857a89c9211Schristos int SSL_get_error(const SSL *s, int i) 3858a89c9211Schristos { 3859a89c9211Schristos int reason; 3860a89c9211Schristos unsigned long l; 3861a89c9211Schristos BIO *bio; 3862a89c9211Schristos 38639cef71b6Sspz if (i > 0) 3864e0ea3921Schristos return SSL_ERROR_NONE; 3865a89c9211Schristos 38669cef71b6Sspz /* 38679cef71b6Sspz * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc, 38689cef71b6Sspz * where we do encode the error 38699cef71b6Sspz */ 38709cef71b6Sspz if ((l = ERR_peek_error()) != 0) { 3871a89c9211Schristos if (ERR_GET_LIB(l) == ERR_LIB_SYS) 3872e0ea3921Schristos return SSL_ERROR_SYSCALL; 3873a89c9211Schristos else 3874e0ea3921Schristos return SSL_ERROR_SSL; 3875a89c9211Schristos } 3876a89c9211Schristos 38775af53050Schristos if (SSL_want_read(s)) { 3878a89c9211Schristos bio = SSL_get_rbio(s); 3879a89c9211Schristos if (BIO_should_read(bio)) 3880e0ea3921Schristos return SSL_ERROR_WANT_READ; 3881a89c9211Schristos else if (BIO_should_write(bio)) 38829cef71b6Sspz /* 38839cef71b6Sspz * This one doesn't make too much sense ... We never try to write 38849cef71b6Sspz * to the rbio, and an application program where rbio and wbio 38859cef71b6Sspz * are separate couldn't even know what it should wait for. 38869cef71b6Sspz * However if we ever set s->rwstate incorrectly (so that we have 38879cef71b6Sspz * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and 38889cef71b6Sspz * wbio *are* the same, this test works around that bug; so it 38899cef71b6Sspz * might be safer to keep it. 38909cef71b6Sspz */ 3891e0ea3921Schristos return SSL_ERROR_WANT_WRITE; 38929cef71b6Sspz else if (BIO_should_io_special(bio)) { 3893a89c9211Schristos reason = BIO_get_retry_reason(bio); 3894a89c9211Schristos if (reason == BIO_RR_CONNECT) 3895e0ea3921Schristos return SSL_ERROR_WANT_CONNECT; 3896a89c9211Schristos else if (reason == BIO_RR_ACCEPT) 3897e0ea3921Schristos return SSL_ERROR_WANT_ACCEPT; 3898a89c9211Schristos else 3899e0ea3921Schristos return SSL_ERROR_SYSCALL; /* unknown */ 3900a89c9211Schristos } 3901a89c9211Schristos } 3902a89c9211Schristos 39035af53050Schristos if (SSL_want_write(s)) { 3904e0ea3921Schristos /* Access wbio directly - in order to use the buffered bio if present */ 39055af53050Schristos bio = s->wbio; 3906a89c9211Schristos if (BIO_should_write(bio)) 3907e0ea3921Schristos return SSL_ERROR_WANT_WRITE; 3908a89c9211Schristos else if (BIO_should_read(bio)) 39099cef71b6Sspz /* 39109cef71b6Sspz * See above (SSL_want_read(s) with BIO_should_write(bio)) 39119cef71b6Sspz */ 3912e0ea3921Schristos return SSL_ERROR_WANT_READ; 39139cef71b6Sspz else if (BIO_should_io_special(bio)) { 3914a89c9211Schristos reason = BIO_get_retry_reason(bio); 3915a89c9211Schristos if (reason == BIO_RR_CONNECT) 3916e0ea3921Schristos return SSL_ERROR_WANT_CONNECT; 3917a89c9211Schristos else if (reason == BIO_RR_ACCEPT) 3918e0ea3921Schristos return SSL_ERROR_WANT_ACCEPT; 3919a89c9211Schristos else 3920e0ea3921Schristos return SSL_ERROR_SYSCALL; 3921a89c9211Schristos } 3922a89c9211Schristos } 3923e0ea3921Schristos if (SSL_want_x509_lookup(s)) 3924e0ea3921Schristos return SSL_ERROR_WANT_X509_LOOKUP; 39258fbed61eSchristos if (SSL_want_retry_verify(s)) 39268fbed61eSchristos return SSL_ERROR_WANT_RETRY_VERIFY; 3927e0ea3921Schristos if (SSL_want_async(s)) 39285af53050Schristos return SSL_ERROR_WANT_ASYNC; 3929e0ea3921Schristos if (SSL_want_async_job(s)) 39305af53050Schristos return SSL_ERROR_WANT_ASYNC_JOB; 3931e0ea3921Schristos if (SSL_want_client_hello_cb(s)) 3932e0ea3921Schristos return SSL_ERROR_WANT_CLIENT_HELLO_CB; 3933a89c9211Schristos 3934a89c9211Schristos if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && 39358fbed61eSchristos (s->s3.warn_alert == SSL_AD_CLOSE_NOTIFY)) 3936e0ea3921Schristos return SSL_ERROR_ZERO_RETURN; 3937e0ea3921Schristos 3938e0ea3921Schristos return SSL_ERROR_SYSCALL; 3939a89c9211Schristos } 3940a89c9211Schristos 39415af53050Schristos static int ssl_do_handshake_intern(void *vargs) 39425af53050Schristos { 39435af53050Schristos struct ssl_async_args *args; 39445af53050Schristos SSL *s; 39455af53050Schristos 39465af53050Schristos args = (struct ssl_async_args *)vargs; 39475af53050Schristos s = args->s; 39485af53050Schristos 39495af53050Schristos return s->handshake_func(s); 39505af53050Schristos } 39515af53050Schristos 3952a89c9211Schristos int SSL_do_handshake(SSL *s) 3953a89c9211Schristos { 3954a89c9211Schristos int ret = 1; 3955a89c9211Schristos 39569cef71b6Sspz if (s->handshake_func == NULL) { 39578fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET); 39585af53050Schristos return -1; 3959a89c9211Schristos } 3960a89c9211Schristos 3961e0ea3921Schristos ossl_statem_check_finish_init(s, -1); 3962e0ea3921Schristos 3963e0ea3921Schristos s->method->ssl_renegotiate_check(s, 0); 3964a89c9211Schristos 39659cef71b6Sspz if (SSL_in_init(s) || SSL_in_before(s)) { 39665af53050Schristos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { 39675af53050Schristos struct ssl_async_args args; 39685af53050Schristos 3969be43b372Schristos memset(&args, 0, sizeof(args)); 39705af53050Schristos args.s = s; 39715af53050Schristos 39725af53050Schristos ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern); 39735af53050Schristos } else { 3974a89c9211Schristos ret = s->handshake_func(s); 3975a89c9211Schristos } 39765af53050Schristos } 39775af53050Schristos return ret; 3978a89c9211Schristos } 3979a89c9211Schristos 3980a89c9211Schristos void SSL_set_accept_state(SSL *s) 3981a89c9211Schristos { 3982a89c9211Schristos s->server = 1; 3983a89c9211Schristos s->shutdown = 0; 39845af53050Schristos ossl_statem_clear(s); 3985a89c9211Schristos s->handshake_func = s->method->ssl_accept; 39865af53050Schristos clear_ciphers(s); 3987a89c9211Schristos } 3988a89c9211Schristos 3989a89c9211Schristos void SSL_set_connect_state(SSL *s) 3990a89c9211Schristos { 3991a89c9211Schristos s->server = 0; 3992a89c9211Schristos s->shutdown = 0; 39935af53050Schristos ossl_statem_clear(s); 3994a89c9211Schristos s->handshake_func = s->method->ssl_connect; 39955af53050Schristos clear_ciphers(s); 3996a89c9211Schristos } 3997a89c9211Schristos 3998a89c9211Schristos int ssl_undefined_function(SSL *s) 3999a89c9211Schristos { 40008fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 4001e0ea3921Schristos return 0; 4002a89c9211Schristos } 4003a89c9211Schristos 4004a89c9211Schristos int ssl_undefined_void_function(void) 4005a89c9211Schristos { 40068fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 4007e0ea3921Schristos return 0; 4008a89c9211Schristos } 4009a89c9211Schristos 4010a89c9211Schristos int ssl_undefined_const_function(const SSL *s) 4011a89c9211Schristos { 4012e0ea3921Schristos return 0; 4013a89c9211Schristos } 4014a89c9211Schristos 40155af53050Schristos const SSL_METHOD *ssl_bad_method(int ver) 4016a89c9211Schristos { 40178fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 4018e0ea3921Schristos return NULL; 4019a89c9211Schristos } 4020a89c9211Schristos 40215af53050Schristos const char *ssl_protocol_to_string(int version) 4022a89c9211Schristos { 4023e0ea3921Schristos switch(version) 4024e0ea3921Schristos { 4025e0ea3921Schristos case TLS1_3_VERSION: 4026e0ea3921Schristos return "TLSv1.3"; 4027e0ea3921Schristos 4028e0ea3921Schristos case TLS1_2_VERSION: 40295af53050Schristos return "TLSv1.2"; 4030e0ea3921Schristos 4031e0ea3921Schristos case TLS1_1_VERSION: 40325af53050Schristos return "TLSv1.1"; 4033e0ea3921Schristos 4034e0ea3921Schristos case TLS1_VERSION: 40355af53050Schristos return "TLSv1"; 4036e0ea3921Schristos 4037e0ea3921Schristos case SSL3_VERSION: 40385af53050Schristos return "SSLv3"; 4039e0ea3921Schristos 4040e0ea3921Schristos case DTLS1_BAD_VER: 40415af53050Schristos return "DTLSv0.9"; 4042e0ea3921Schristos 4043e0ea3921Schristos case DTLS1_VERSION: 40445af53050Schristos return "DTLSv1"; 4045e0ea3921Schristos 4046e0ea3921Schristos case DTLS1_2_VERSION: 40475af53050Schristos return "DTLSv1.2"; 4048e0ea3921Schristos 4049e0ea3921Schristos default: 4050e0ea3921Schristos return "unknown"; 4051e0ea3921Schristos } 4052a89c9211Schristos } 4053a89c9211Schristos 40545af53050Schristos const char *SSL_get_version(const SSL *s) 40555af53050Schristos { 40565af53050Schristos return ssl_protocol_to_string(s->version); 40575af53050Schristos } 40585af53050Schristos 4059bf8eace1Schristos static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src) 4060a89c9211Schristos { 4061a89c9211Schristos STACK_OF(X509_NAME) *sk; 4062a89c9211Schristos X509_NAME *xn; 4063bf8eace1Schristos int i; 4064bf8eace1Schristos 4065bf8eace1Schristos if (src == NULL) { 4066bf8eace1Schristos *dst = NULL; 4067bf8eace1Schristos return 1; 4068bf8eace1Schristos } 4069bf8eace1Schristos 4070bf8eace1Schristos if ((sk = sk_X509_NAME_new_null()) == NULL) 4071bf8eace1Schristos return 0; 4072bf8eace1Schristos for (i = 0; i < sk_X509_NAME_num(src); i++) { 4073bf8eace1Schristos xn = X509_NAME_dup(sk_X509_NAME_value(src, i)); 4074bf8eace1Schristos if (xn == NULL) { 4075bf8eace1Schristos sk_X509_NAME_pop_free(sk, X509_NAME_free); 4076bf8eace1Schristos return 0; 4077bf8eace1Schristos } 4078bf8eace1Schristos if (sk_X509_NAME_insert(sk, xn, i) == 0) { 4079bf8eace1Schristos X509_NAME_free(xn); 4080bf8eace1Schristos sk_X509_NAME_pop_free(sk, X509_NAME_free); 4081bf8eace1Schristos return 0; 4082bf8eace1Schristos } 4083bf8eace1Schristos } 4084bf8eace1Schristos *dst = sk; 4085bf8eace1Schristos 4086bf8eace1Schristos return 1; 4087bf8eace1Schristos } 4088bf8eace1Schristos 4089bf8eace1Schristos SSL *SSL_dup(SSL *s) 4090bf8eace1Schristos { 4091a89c9211Schristos SSL *ret; 4092a89c9211Schristos int i; 4093a89c9211Schristos 40945af53050Schristos /* If we're not quiescent, just up_ref! */ 40955af53050Schristos if (!SSL_in_init(s) || !SSL_in_before(s)) { 4096e0ea3921Schristos CRYPTO_UP_REF(&s->references, &i, s->lock); 40975af53050Schristos return s; 40985af53050Schristos } 40995af53050Schristos 41005af53050Schristos /* 41015af53050Schristos * Otherwise, copy configuration state, and session if set. 41025af53050Schristos */ 4103a89c9211Schristos if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) 4104e0ea3921Schristos return NULL; 4105a89c9211Schristos 41069cef71b6Sspz if (s->session != NULL) { 41075af53050Schristos /* 41085af53050Schristos * Arranges to share the same session via up_ref. This "copies" 41095af53050Schristos * session-id, SSL_METHOD, sid_ctx, and 'cert' 41105af53050Schristos */ 41115af53050Schristos if (!SSL_copy_session_id(ret, s)) 41125af53050Schristos goto err; 41139cef71b6Sspz } else { 41149cef71b6Sspz /* 41159cef71b6Sspz * No session has been established yet, so we have to expect that 41169cef71b6Sspz * s->cert or ret->cert will be changed later -- they should not both 41179cef71b6Sspz * point to the same object, and thus we can't use 41189cef71b6Sspz * SSL_copy_session_id. 41199cef71b6Sspz */ 41205af53050Schristos if (!SSL_set_ssl_method(ret, s->method)) 41215af53050Schristos goto err; 4122a89c9211Schristos 41239cef71b6Sspz if (s->cert != NULL) { 4124a89c9211Schristos ssl_cert_free(ret->cert); 4125a89c9211Schristos ret->cert = ssl_cert_dup(s->cert); 4126a89c9211Schristos if (ret->cert == NULL) 4127a89c9211Schristos goto err; 4128a89c9211Schristos } 4129a89c9211Schristos 4130e0ea3921Schristos if (!SSL_set_session_id_context(ret, s->sid_ctx, 4131e0ea3921Schristos (int)s->sid_ctx_length)) 41325af53050Schristos goto err; 4133a89c9211Schristos } 4134a89c9211Schristos 41355af53050Schristos if (!ssl_dane_dup(ret, s)) 41365af53050Schristos goto err; 41375af53050Schristos ret->version = s->version; 4138a89c9211Schristos ret->options = s->options; 41394a7cf967Schristos ret->min_proto_version = s->min_proto_version; 41404a7cf967Schristos ret->max_proto_version = s->max_proto_version; 4141a89c9211Schristos ret->mode = s->mode; 4142a89c9211Schristos SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); 4143a89c9211Schristos SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); 4144a89c9211Schristos ret->msg_callback = s->msg_callback; 4145a89c9211Schristos ret->msg_callback_arg = s->msg_callback_arg; 41469cef71b6Sspz SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s)); 4147a89c9211Schristos SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); 4148a89c9211Schristos ret->generate_session_id = s->generate_session_id; 4149a89c9211Schristos 4150a89c9211Schristos SSL_set_info_callback(ret, SSL_get_info_callback(s)); 4151a89c9211Schristos 4152a89c9211Schristos /* copy app data, a little dangerous perhaps */ 4153a89c9211Schristos if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) 4154a89c9211Schristos goto err; 4155a89c9211Schristos 4156a89c9211Schristos ret->server = s->server; 41575af53050Schristos if (s->handshake_func) { 41585af53050Schristos if (s->server) 41595af53050Schristos SSL_set_accept_state(ret); 41605af53050Schristos else 41615af53050Schristos SSL_set_connect_state(ret); 41625af53050Schristos } 4163a89c9211Schristos ret->shutdown = s->shutdown; 4164a89c9211Schristos ret->hit = s->hit; 4165a89c9211Schristos 41665af53050Schristos ret->default_passwd_callback = s->default_passwd_callback; 41675af53050Schristos ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata; 41685af53050Schristos 4169a89c9211Schristos X509_VERIFY_PARAM_inherit(ret->param, s->param); 4170a89c9211Schristos 4171a89c9211Schristos /* dup the cipher_list and cipher_list_by_id stacks */ 41729cef71b6Sspz if (s->cipher_list != NULL) { 4173a89c9211Schristos if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) 4174a89c9211Schristos goto err; 4175a89c9211Schristos } 4176a89c9211Schristos if (s->cipher_list_by_id != NULL) 4177a89c9211Schristos if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) 4178a89c9211Schristos == NULL) 4179a89c9211Schristos goto err; 4180a89c9211Schristos 4181a89c9211Schristos /* Dup the client_CA list */ 4182bf8eace1Schristos if (!dup_ca_names(&ret->ca_names, s->ca_names) 4183bf8eace1Schristos || !dup_ca_names(&ret->client_ca_names, s->client_ca_names)) 41849cef71b6Sspz goto err; 4185bf8eace1Schristos 41865af53050Schristos return ret; 4187a89c9211Schristos 4188a89c9211Schristos err: 41899cef71b6Sspz SSL_free(ret); 41905af53050Schristos return NULL; 4191a89c9211Schristos } 4192a89c9211Schristos 4193a89c9211Schristos void ssl_clear_cipher_ctx(SSL *s) 4194a89c9211Schristos { 41959cef71b6Sspz if (s->enc_read_ctx != NULL) { 41965af53050Schristos EVP_CIPHER_CTX_free(s->enc_read_ctx); 4197a89c9211Schristos s->enc_read_ctx = NULL; 4198a89c9211Schristos } 41999cef71b6Sspz if (s->enc_write_ctx != NULL) { 42005af53050Schristos EVP_CIPHER_CTX_free(s->enc_write_ctx); 4201a89c9211Schristos s->enc_write_ctx = NULL; 4202a89c9211Schristos } 4203a89c9211Schristos #ifndef OPENSSL_NO_COMP 4204a89c9211Schristos COMP_CTX_free(s->expand); 4205a89c9211Schristos s->expand = NULL; 4206a89c9211Schristos COMP_CTX_free(s->compress); 4207a89c9211Schristos s->compress = NULL; 4208a89c9211Schristos #endif 4209a89c9211Schristos } 4210a89c9211Schristos 4211a89c9211Schristos X509 *SSL_get_certificate(const SSL *s) 4212a89c9211Schristos { 42136d192628Schristos if (s->cert != NULL) 4214e0ea3921Schristos return s->cert->key->x509; 4215a89c9211Schristos else 4216e0ea3921Schristos return NULL; 4217a89c9211Schristos } 4218a89c9211Schristos 421931b855a0Sspz EVP_PKEY *SSL_get_privatekey(const SSL *s) 4220a89c9211Schristos { 4221a89c9211Schristos if (s->cert != NULL) 4222e0ea3921Schristos return s->cert->key->privatekey; 4223a89c9211Schristos else 4224e0ea3921Schristos return NULL; 4225a89c9211Schristos } 4226a89c9211Schristos 422731b855a0Sspz X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) 422831b855a0Sspz { 422931b855a0Sspz if (ctx->cert != NULL) 423031b855a0Sspz return ctx->cert->key->x509; 423131b855a0Sspz else 423231b855a0Sspz return NULL; 423331b855a0Sspz } 423431b855a0Sspz 423531b855a0Sspz EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) 423631b855a0Sspz { 423731b855a0Sspz if (ctx->cert != NULL) 423831b855a0Sspz return ctx->cert->key->privatekey; 423931b855a0Sspz else 424031b855a0Sspz return NULL; 424131b855a0Sspz } 424231b855a0Sspz 4243a89c9211Schristos const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) 4244a89c9211Schristos { 4245a89c9211Schristos if ((s->session != NULL) && (s->session->cipher != NULL)) 4246e0ea3921Schristos return s->session->cipher; 4247e0ea3921Schristos return NULL; 4248e0ea3921Schristos } 4249e0ea3921Schristos 4250e0ea3921Schristos const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s) 4251e0ea3921Schristos { 42528fbed61eSchristos return s->s3.tmp.new_cipher; 4253a89c9211Schristos } 42549cef71b6Sspz 425565b9e620Schristos const COMP_METHOD *SSL_get_current_compression(const SSL *s) 4256a89c9211Schristos { 42575af53050Schristos #ifndef OPENSSL_NO_COMP 42585af53050Schristos return s->compress ? COMP_CTX_get_method(s->compress) : NULL; 4259a89c9211Schristos #else 42605af53050Schristos return NULL; 42615af53050Schristos #endif 4262a89c9211Schristos } 4263a89c9211Schristos 426465b9e620Schristos const COMP_METHOD *SSL_get_current_expansion(const SSL *s) 4265a89c9211Schristos { 42665af53050Schristos #ifndef OPENSSL_NO_COMP 42675af53050Schristos return s->expand ? COMP_CTX_get_method(s->expand) : NULL; 42685af53050Schristos #else 42695af53050Schristos return NULL; 4270a89c9211Schristos #endif 42715af53050Schristos } 4272a89c9211Schristos 42735af53050Schristos int ssl_init_wbio_buffer(SSL *s) 4274a89c9211Schristos { 4275a89c9211Schristos BIO *bbio; 4276a89c9211Schristos 42775af53050Schristos if (s->bbio != NULL) { 42785af53050Schristos /* Already buffered. */ 42795af53050Schristos return 1; 42805af53050Schristos } 42815af53050Schristos 4282a89c9211Schristos bbio = BIO_new(BIO_f_buffer()); 42838fbed61eSchristos if (bbio == NULL || BIO_set_read_buffer_size(bbio, 1) <= 0) { 42845af53050Schristos BIO_free(bbio); 42858fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 42865af53050Schristos return 0; 4287a89c9211Schristos } 42885af53050Schristos s->bbio = bbio; 4289a89c9211Schristos s->wbio = BIO_push(bbio, s->wbio); 42905af53050Schristos 42915af53050Schristos return 1; 4292a89c9211Schristos } 4293a89c9211Schristos 4294e0ea3921Schristos int ssl_free_wbio_buffer(SSL *s) 4295a89c9211Schristos { 42965af53050Schristos /* callers ensure s is never null */ 42979cef71b6Sspz if (s->bbio == NULL) 4298e0ea3921Schristos return 1; 4299a89c9211Schristos 4300a89c9211Schristos s->wbio = BIO_pop(s->wbio); 4301a89c9211Schristos BIO_free(s->bbio); 4302a89c9211Schristos s->bbio = NULL; 4303e0ea3921Schristos 4304e0ea3921Schristos return 1; 4305a89c9211Schristos } 4306a89c9211Schristos 4307a89c9211Schristos void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) 4308a89c9211Schristos { 4309a89c9211Schristos ctx->quiet_shutdown = mode; 4310a89c9211Schristos } 4311a89c9211Schristos 4312a89c9211Schristos int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) 4313a89c9211Schristos { 4314e0ea3921Schristos return ctx->quiet_shutdown; 4315a89c9211Schristos } 4316a89c9211Schristos 4317a89c9211Schristos void SSL_set_quiet_shutdown(SSL *s, int mode) 4318a89c9211Schristos { 4319a89c9211Schristos s->quiet_shutdown = mode; 4320a89c9211Schristos } 4321a89c9211Schristos 4322a89c9211Schristos int SSL_get_quiet_shutdown(const SSL *s) 4323a89c9211Schristos { 4324e0ea3921Schristos return s->quiet_shutdown; 4325a89c9211Schristos } 4326a89c9211Schristos 4327a89c9211Schristos void SSL_set_shutdown(SSL *s, int mode) 4328a89c9211Schristos { 4329a89c9211Schristos s->shutdown = mode; 4330a89c9211Schristos } 4331a89c9211Schristos 4332a89c9211Schristos int SSL_get_shutdown(const SSL *s) 4333a89c9211Schristos { 43345af53050Schristos return s->shutdown; 4335a89c9211Schristos } 4336a89c9211Schristos 4337a89c9211Schristos int SSL_version(const SSL *s) 4338a89c9211Schristos { 43395af53050Schristos return s->version; 43405af53050Schristos } 43415af53050Schristos 43425af53050Schristos int SSL_client_version(const SSL *s) 43435af53050Schristos { 43445af53050Schristos return s->client_version; 4345a89c9211Schristos } 4346a89c9211Schristos 4347a89c9211Schristos SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) 4348a89c9211Schristos { 43495af53050Schristos return ssl->ctx; 4350a89c9211Schristos } 4351a89c9211Schristos 4352a89c9211Schristos SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) 4353a89c9211Schristos { 43545af53050Schristos CERT *new_cert; 4355a89c9211Schristos if (ssl->ctx == ctx) 4356a89c9211Schristos return ssl->ctx; 4357a89c9211Schristos if (ctx == NULL) 43585af53050Schristos ctx = ssl->session_ctx; 43595af53050Schristos new_cert = ssl_cert_dup(ctx->cert); 43605af53050Schristos if (new_cert == NULL) { 43615af53050Schristos return NULL; 4362e289ce59Sspz } 43635af53050Schristos 4364e0ea3921Schristos if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) { 43655af53050Schristos ssl_cert_free(new_cert); 43665af53050Schristos return NULL; 4367e289ce59Sspz } 4368805debc4Sspz 43695af53050Schristos ssl_cert_free(ssl->cert); 43705af53050Schristos ssl->cert = new_cert; 43715af53050Schristos 4372805debc4Sspz /* 4373805debc4Sspz * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), 4374805debc4Sspz * so setter APIs must prevent invalid lengths from entering the system. 4375805debc4Sspz */ 4376e0ea3921Schristos if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx))) 4377e0ea3921Schristos return NULL; 4378805debc4Sspz 4379805debc4Sspz /* 4380805debc4Sspz * If the session ID context matches that of the parent SSL_CTX, 4381805debc4Sspz * inherit it from the new SSL_CTX as well. If however the context does 4382805debc4Sspz * not match (i.e., it was set per-ssl with SSL_set_session_id_context), 4383805debc4Sspz * leave it unchanged. 4384805debc4Sspz */ 4385805debc4Sspz if ((ssl->ctx != NULL) && 4386805debc4Sspz (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && 43879cef71b6Sspz (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) { 4388805debc4Sspz ssl->sid_ctx_length = ctx->sid_ctx_length; 4389805debc4Sspz memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); 4390805debc4Sspz } 4391805debc4Sspz 43925af53050Schristos SSL_CTX_up_ref(ctx); 4393a89c9211Schristos SSL_CTX_free(ssl->ctx); /* decrement reference count */ 4394a89c9211Schristos ssl->ctx = ctx; 4395805debc4Sspz 43965af53050Schristos return ssl->ctx; 4397a89c9211Schristos } 4398a89c9211Schristos 4399a89c9211Schristos int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 4400a89c9211Schristos { 44018fbed61eSchristos return X509_STORE_set_default_paths_ex(ctx->cert_store, ctx->libctx, 44028fbed61eSchristos ctx->propq); 4403a89c9211Schristos } 4404a89c9211Schristos 44055af53050Schristos int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx) 44065af53050Schristos { 44075af53050Schristos X509_LOOKUP *lookup; 44085af53050Schristos 44095af53050Schristos lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir()); 44105af53050Schristos if (lookup == NULL) 44115af53050Schristos return 0; 44128fbed61eSchristos 44138fbed61eSchristos /* We ignore errors, in case the directory doesn't exist */ 44148fbed61eSchristos ERR_set_mark(); 44158fbed61eSchristos 44165af53050Schristos X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); 44175af53050Schristos 44188fbed61eSchristos ERR_pop_to_mark(); 44195af53050Schristos 44205af53050Schristos return 1; 44215af53050Schristos } 44225af53050Schristos 44235af53050Schristos int SSL_CTX_set_default_verify_file(SSL_CTX *ctx) 44245af53050Schristos { 44255af53050Schristos X509_LOOKUP *lookup; 44265af53050Schristos 44275af53050Schristos lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file()); 44285af53050Schristos if (lookup == NULL) 44295af53050Schristos return 0; 44305af53050Schristos 44318fbed61eSchristos /* We ignore errors, in case the file doesn't exist */ 44328fbed61eSchristos ERR_set_mark(); 44335af53050Schristos 44348fbed61eSchristos X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, ctx->libctx, 44358fbed61eSchristos ctx->propq); 44368fbed61eSchristos 44378fbed61eSchristos ERR_pop_to_mark(); 44385af53050Schristos 44395af53050Schristos return 1; 44405af53050Schristos } 44415af53050Schristos 44428fbed61eSchristos int SSL_CTX_set_default_verify_store(SSL_CTX *ctx) 44438fbed61eSchristos { 44448fbed61eSchristos X509_LOOKUP *lookup; 44458fbed61eSchristos 44468fbed61eSchristos lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_store()); 44478fbed61eSchristos if (lookup == NULL) 44488fbed61eSchristos return 0; 44498fbed61eSchristos 44508fbed61eSchristos /* We ignore errors, in case the directory doesn't exist */ 44518fbed61eSchristos ERR_set_mark(); 44528fbed61eSchristos 44538fbed61eSchristos X509_LOOKUP_add_store_ex(lookup, NULL, ctx->libctx, ctx->propq); 44548fbed61eSchristos 44558fbed61eSchristos ERR_pop_to_mark(); 44568fbed61eSchristos 44578fbed61eSchristos return 1; 44588fbed61eSchristos } 44598fbed61eSchristos 44608fbed61eSchristos int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile) 44618fbed61eSchristos { 44628fbed61eSchristos return X509_STORE_load_file_ex(ctx->cert_store, CAfile, ctx->libctx, 44638fbed61eSchristos ctx->propq); 44648fbed61eSchristos } 44658fbed61eSchristos 44668fbed61eSchristos int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath) 44678fbed61eSchristos { 44688fbed61eSchristos return X509_STORE_load_path(ctx->cert_store, CApath); 44698fbed61eSchristos } 44708fbed61eSchristos 44718fbed61eSchristos int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore) 44728fbed61eSchristos { 44738fbed61eSchristos return X509_STORE_load_store_ex(ctx->cert_store, CAstore, ctx->libctx, 44748fbed61eSchristos ctx->propq); 44758fbed61eSchristos } 44768fbed61eSchristos 4477a89c9211Schristos int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 4478a89c9211Schristos const char *CApath) 4479a89c9211Schristos { 44808fbed61eSchristos if (CAfile == NULL && CApath == NULL) 44818fbed61eSchristos return 0; 44828fbed61eSchristos if (CAfile != NULL && !SSL_CTX_load_verify_file(ctx, CAfile)) 44838fbed61eSchristos return 0; 44848fbed61eSchristos if (CApath != NULL && !SSL_CTX_load_verify_dir(ctx, CApath)) 44858fbed61eSchristos return 0; 44868fbed61eSchristos return 1; 4487a89c9211Schristos } 4488a89c9211Schristos 4489a89c9211Schristos void SSL_set_info_callback(SSL *ssl, 4490a89c9211Schristos void (*cb) (const SSL *ssl, int type, int val)) 4491a89c9211Schristos { 4492a89c9211Schristos ssl->info_callback = cb; 4493a89c9211Schristos } 4494a89c9211Schristos 44959cef71b6Sspz /* 44969cef71b6Sspz * One compiler (Diab DCC) doesn't like argument names in returned function 44979cef71b6Sspz * pointer. 44989cef71b6Sspz */ 44999cef71b6Sspz void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ , 45009cef71b6Sspz int /* type */ , 45019cef71b6Sspz int /* val */ ) { 4502a89c9211Schristos return ssl->info_callback; 4503a89c9211Schristos } 4504a89c9211Schristos 4505a89c9211Schristos void SSL_set_verify_result(SSL *ssl, long arg) 4506a89c9211Schristos { 4507a89c9211Schristos ssl->verify_result = arg; 4508a89c9211Schristos } 4509a89c9211Schristos 4510a89c9211Schristos long SSL_get_verify_result(const SSL *ssl) 4511a89c9211Schristos { 4512e0ea3921Schristos return ssl->verify_result; 4513a89c9211Schristos } 4514a89c9211Schristos 45155af53050Schristos size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) 4516a89c9211Schristos { 45175af53050Schristos if (outlen == 0) 45188fbed61eSchristos return sizeof(ssl->s3.client_random); 45198fbed61eSchristos if (outlen > sizeof(ssl->s3.client_random)) 45208fbed61eSchristos outlen = sizeof(ssl->s3.client_random); 45218fbed61eSchristos memcpy(out, ssl->s3.client_random, outlen); 45225af53050Schristos return outlen; 45235af53050Schristos } 45245af53050Schristos 45255af53050Schristos size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) 45265af53050Schristos { 45275af53050Schristos if (outlen == 0) 45288fbed61eSchristos return sizeof(ssl->s3.server_random); 45298fbed61eSchristos if (outlen > sizeof(ssl->s3.server_random)) 45308fbed61eSchristos outlen = sizeof(ssl->s3.server_random); 45318fbed61eSchristos memcpy(out, ssl->s3.server_random, outlen); 45325af53050Schristos return outlen; 45335af53050Schristos } 45345af53050Schristos 45355af53050Schristos size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, 45365af53050Schristos unsigned char *out, size_t outlen) 45375af53050Schristos { 45385af53050Schristos if (outlen == 0) 45395af53050Schristos return session->master_key_length; 4540e0ea3921Schristos if (outlen > session->master_key_length) 45415af53050Schristos outlen = session->master_key_length; 45425af53050Schristos memcpy(out, session->master_key, outlen); 45435af53050Schristos return outlen; 4544a89c9211Schristos } 4545a89c9211Schristos 4546e0ea3921Schristos int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, 4547e0ea3921Schristos size_t len) 4548e0ea3921Schristos { 4549e0ea3921Schristos if (len > sizeof(sess->master_key)) 4550e0ea3921Schristos return 0; 4551e0ea3921Schristos 4552e0ea3921Schristos memcpy(sess->master_key, in, len); 4553e0ea3921Schristos sess->master_key_length = len; 4554e0ea3921Schristos return 1; 4555e0ea3921Schristos } 4556e0ea3921Schristos 4557e0ea3921Schristos 4558a89c9211Schristos int SSL_set_ex_data(SSL *s, int idx, void *arg) 4559a89c9211Schristos { 4560e0ea3921Schristos return CRYPTO_set_ex_data(&s->ex_data, idx, arg); 4561a89c9211Schristos } 4562a89c9211Schristos 4563a89c9211Schristos void *SSL_get_ex_data(const SSL *s, int idx) 4564a89c9211Schristos { 4565e0ea3921Schristos return CRYPTO_get_ex_data(&s->ex_data, idx); 4566a89c9211Schristos } 4567a89c9211Schristos 4568a89c9211Schristos int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) 4569a89c9211Schristos { 4570e0ea3921Schristos return CRYPTO_set_ex_data(&s->ex_data, idx, arg); 4571a89c9211Schristos } 4572a89c9211Schristos 4573a89c9211Schristos void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) 4574a89c9211Schristos { 4575e0ea3921Schristos return CRYPTO_get_ex_data(&s->ex_data, idx); 4576a89c9211Schristos } 4577a89c9211Schristos 4578a89c9211Schristos X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) 4579a89c9211Schristos { 4580e0ea3921Schristos return ctx->cert_store; 4581a89c9211Schristos } 4582a89c9211Schristos 4583a89c9211Schristos void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) 4584a89c9211Schristos { 4585a89c9211Schristos X509_STORE_free(ctx->cert_store); 4586a89c9211Schristos ctx->cert_store = store; 4587a89c9211Schristos } 4588a89c9211Schristos 4589e0ea3921Schristos void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) 4590e0ea3921Schristos { 4591e0ea3921Schristos if (store != NULL) 4592e0ea3921Schristos X509_STORE_up_ref(store); 4593e0ea3921Schristos SSL_CTX_set_cert_store(ctx, store); 4594e0ea3921Schristos } 4595e0ea3921Schristos 4596a89c9211Schristos int SSL_want(const SSL *s) 4597a89c9211Schristos { 4598e0ea3921Schristos return s->rwstate; 4599a89c9211Schristos } 4600a89c9211Schristos 4601a89c9211Schristos #ifndef OPENSSL_NO_PSK 4602a89c9211Schristos int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) 4603a89c9211Schristos { 46049cef71b6Sspz if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 46058fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG); 4606a89c9211Schristos return 0; 4607a89c9211Schristos } 46085af53050Schristos OPENSSL_free(ctx->cert->psk_identity_hint); 46099cef71b6Sspz if (identity_hint != NULL) { 46105af53050Schristos ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint); 46115af53050Schristos if (ctx->cert->psk_identity_hint == NULL) 4612a89c9211Schristos return 0; 46139cef71b6Sspz } else 46145af53050Schristos ctx->cert->psk_identity_hint = NULL; 4615a89c9211Schristos return 1; 4616a89c9211Schristos } 4617a89c9211Schristos 4618a89c9211Schristos int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) 4619a89c9211Schristos { 4620a89c9211Schristos if (s == NULL) 4621a89c9211Schristos return 0; 4622a89c9211Schristos 46239cef71b6Sspz if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 46248fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG); 4625a89c9211Schristos return 0; 4626a89c9211Schristos } 46275af53050Schristos OPENSSL_free(s->cert->psk_identity_hint); 46289cef71b6Sspz if (identity_hint != NULL) { 46295af53050Schristos s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint); 46305af53050Schristos if (s->cert->psk_identity_hint == NULL) 4631a89c9211Schristos return 0; 46329cef71b6Sspz } else 46335af53050Schristos s->cert->psk_identity_hint = NULL; 4634a89c9211Schristos return 1; 4635a89c9211Schristos } 4636a89c9211Schristos 4637a89c9211Schristos const char *SSL_get_psk_identity_hint(const SSL *s) 4638a89c9211Schristos { 4639a89c9211Schristos if (s == NULL || s->session == NULL) 4640a89c9211Schristos return NULL; 4641e0ea3921Schristos return s->session->psk_identity_hint; 4642a89c9211Schristos } 4643a89c9211Schristos 4644a89c9211Schristos const char *SSL_get_psk_identity(const SSL *s) 4645a89c9211Schristos { 4646a89c9211Schristos if (s == NULL || s->session == NULL) 4647a89c9211Schristos return NULL; 4648e0ea3921Schristos return s->session->psk_identity; 4649a89c9211Schristos } 4650a89c9211Schristos 4651e0ea3921Schristos void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb) 4652a89c9211Schristos { 4653a89c9211Schristos s->psk_client_callback = cb; 4654a89c9211Schristos } 4655a89c9211Schristos 4656e0ea3921Schristos void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb) 4657a89c9211Schristos { 4658a89c9211Schristos ctx->psk_client_callback = cb; 4659a89c9211Schristos } 4660a89c9211Schristos 4661e0ea3921Schristos void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb) 4662a89c9211Schristos { 4663a89c9211Schristos s->psk_server_callback = cb; 4664a89c9211Schristos } 4665a89c9211Schristos 4666e0ea3921Schristos void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb) 4667a89c9211Schristos { 4668a89c9211Schristos ctx->psk_server_callback = cb; 4669a89c9211Schristos } 4670a89c9211Schristos #endif 4671a89c9211Schristos 4672e0ea3921Schristos void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb) 4673e0ea3921Schristos { 4674e0ea3921Schristos s->psk_find_session_cb = cb; 4675e0ea3921Schristos } 4676e0ea3921Schristos 4677e0ea3921Schristos void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, 4678e0ea3921Schristos SSL_psk_find_session_cb_func cb) 4679e0ea3921Schristos { 4680e0ea3921Schristos ctx->psk_find_session_cb = cb; 4681e0ea3921Schristos } 4682e0ea3921Schristos 4683e0ea3921Schristos void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb) 4684e0ea3921Schristos { 4685e0ea3921Schristos s->psk_use_session_cb = cb; 4686e0ea3921Schristos } 4687e0ea3921Schristos 4688e0ea3921Schristos void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, 4689e0ea3921Schristos SSL_psk_use_session_cb_func cb) 4690e0ea3921Schristos { 4691e0ea3921Schristos ctx->psk_use_session_cb = cb; 4692e0ea3921Schristos } 4693e0ea3921Schristos 46949cef71b6Sspz void SSL_CTX_set_msg_callback(SSL_CTX *ctx, 46959cef71b6Sspz void (*cb) (int write_p, int version, 46969cef71b6Sspz int content_type, const void *buf, 46979cef71b6Sspz size_t len, SSL *ssl, void *arg)) 4698a89c9211Schristos { 4699a89c9211Schristos SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 4700a89c9211Schristos } 47019cef71b6Sspz 47029cef71b6Sspz void SSL_set_msg_callback(SSL *ssl, 47039cef71b6Sspz void (*cb) (int write_p, int version, 47049cef71b6Sspz int content_type, const void *buf, 47059cef71b6Sspz size_t len, SSL *ssl, void *arg)) 4706a89c9211Schristos { 4707a89c9211Schristos SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 4708a89c9211Schristos } 4709a89c9211Schristos 47105af53050Schristos void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, 47115af53050Schristos int (*cb) (SSL *ssl, 47125af53050Schristos int 47135af53050Schristos is_forward_secure)) 47145af53050Schristos { 47155af53050Schristos SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB, 47165af53050Schristos (void (*)(void))cb); 47175af53050Schristos } 47185af53050Schristos 47195af53050Schristos void SSL_set_not_resumable_session_callback(SSL *ssl, 47205af53050Schristos int (*cb) (SSL *ssl, 47215af53050Schristos int is_forward_secure)) 47225af53050Schristos { 47235af53050Schristos SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB, 47245af53050Schristos (void (*)(void))cb); 47255af53050Schristos } 47265af53050Schristos 4727e0ea3921Schristos void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, 4728e0ea3921Schristos size_t (*cb) (SSL *ssl, int type, 4729e0ea3921Schristos size_t len, void *arg)) 4730e0ea3921Schristos { 4731e0ea3921Schristos ctx->record_padding_cb = cb; 4732e0ea3921Schristos } 4733e0ea3921Schristos 4734e0ea3921Schristos void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg) 4735e0ea3921Schristos { 4736e0ea3921Schristos ctx->record_padding_arg = arg; 4737e0ea3921Schristos } 4738e0ea3921Schristos 473965b9e620Schristos void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx) 4740e0ea3921Schristos { 4741e0ea3921Schristos return ctx->record_padding_arg; 4742e0ea3921Schristos } 4743e0ea3921Schristos 4744e0ea3921Schristos int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size) 4745e0ea3921Schristos { 4746e0ea3921Schristos /* block size of 0 or 1 is basically no padding */ 4747e0ea3921Schristos if (block_size == 1) 4748e0ea3921Schristos ctx->block_padding = 0; 4749e0ea3921Schristos else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH) 4750e0ea3921Schristos ctx->block_padding = block_size; 4751e0ea3921Schristos else 4752e0ea3921Schristos return 0; 4753e0ea3921Schristos return 1; 4754e0ea3921Schristos } 4755e0ea3921Schristos 47568fbed61eSchristos int SSL_set_record_padding_callback(SSL *ssl, 4757e0ea3921Schristos size_t (*cb) (SSL *ssl, int type, 4758e0ea3921Schristos size_t len, void *arg)) 4759e0ea3921Schristos { 47608fbed61eSchristos BIO *b; 47618fbed61eSchristos 47628fbed61eSchristos b = SSL_get_wbio(ssl); 47638fbed61eSchristos if (b == NULL || !BIO_get_ktls_send(b)) { 4764e0ea3921Schristos ssl->record_padding_cb = cb; 47658fbed61eSchristos return 1; 47668fbed61eSchristos } 47678fbed61eSchristos return 0; 4768e0ea3921Schristos } 4769e0ea3921Schristos 4770e0ea3921Schristos void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg) 4771e0ea3921Schristos { 4772e0ea3921Schristos ssl->record_padding_arg = arg; 4773e0ea3921Schristos } 4774e0ea3921Schristos 477565b9e620Schristos void *SSL_get_record_padding_callback_arg(const SSL *ssl) 4776e0ea3921Schristos { 4777e0ea3921Schristos return ssl->record_padding_arg; 4778e0ea3921Schristos } 4779e0ea3921Schristos 4780e0ea3921Schristos int SSL_set_block_padding(SSL *ssl, size_t block_size) 4781e0ea3921Schristos { 4782e0ea3921Schristos /* block size of 0 or 1 is basically no padding */ 4783e0ea3921Schristos if (block_size == 1) 4784e0ea3921Schristos ssl->block_padding = 0; 4785e0ea3921Schristos else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH) 4786e0ea3921Schristos ssl->block_padding = block_size; 4787e0ea3921Schristos else 4788e0ea3921Schristos return 0; 4789e0ea3921Schristos return 1; 4790e0ea3921Schristos } 4791e0ea3921Schristos 4792e0ea3921Schristos int SSL_set_num_tickets(SSL *s, size_t num_tickets) 4793e0ea3921Schristos { 4794e0ea3921Schristos s->num_tickets = num_tickets; 4795e0ea3921Schristos 4796e0ea3921Schristos return 1; 4797e0ea3921Schristos } 4798e0ea3921Schristos 479965b9e620Schristos size_t SSL_get_num_tickets(const SSL *s) 4800e0ea3921Schristos { 4801e0ea3921Schristos return s->num_tickets; 4802e0ea3921Schristos } 4803e0ea3921Schristos 4804e0ea3921Schristos int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) 4805e0ea3921Schristos { 4806e0ea3921Schristos ctx->num_tickets = num_tickets; 4807e0ea3921Schristos 4808e0ea3921Schristos return 1; 4809e0ea3921Schristos } 4810e0ea3921Schristos 481165b9e620Schristos size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx) 4812e0ea3921Schristos { 4813e0ea3921Schristos return ctx->num_tickets; 4814e0ea3921Schristos } 4815e0ea3921Schristos 48169cef71b6Sspz /* 48179cef71b6Sspz * Allocates new EVP_MD_CTX and sets pointer to it into given pointer 48185af53050Schristos * variable, freeing EVP_MD_CTX previously stored in that variable, if any. 48195af53050Schristos * If EVP_MD pointer is passed, initializes ctx with this |md|. 48205af53050Schristos * Returns the newly allocated ctx; 4821a89c9211Schristos */ 4822a89c9211Schristos 4823a89c9211Schristos EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) 4824a89c9211Schristos { 4825a89c9211Schristos ssl_clear_hash_ctx(hash); 48265af53050Schristos *hash = EVP_MD_CTX_new(); 4827261bb388Schristos if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) { 48285af53050Schristos EVP_MD_CTX_free(*hash); 4829261bb388Schristos *hash = NULL; 4830261bb388Schristos return NULL; 4831261bb388Schristos } 4832a89c9211Schristos return *hash; 4833a89c9211Schristos } 48349cef71b6Sspz 4835a89c9211Schristos void ssl_clear_hash_ctx(EVP_MD_CTX **hash) 4836a89c9211Schristos { 4837a89c9211Schristos 48385af53050Schristos EVP_MD_CTX_free(*hash); 4839a89c9211Schristos *hash = NULL; 4840a89c9211Schristos } 4841a89c9211Schristos 48425af53050Schristos /* Retrieve handshake hashes */ 4843e0ea3921Schristos int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, 4844e0ea3921Schristos size_t *hashlen) 48454e3dcb23Sspz { 48465af53050Schristos EVP_MD_CTX *ctx = NULL; 48478fbed61eSchristos EVP_MD_CTX *hdgst = s->s3.handshake_dgst; 48488fbed61eSchristos int hashleni = EVP_MD_CTX_get_size(hdgst); 4849e0ea3921Schristos int ret = 0; 4850e0ea3921Schristos 4851e0ea3921Schristos if (hashleni < 0 || (size_t)hashleni > outlen) { 48528fbed61eSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 48535af53050Schristos goto err; 48545af53050Schristos } 4855e0ea3921Schristos 48565af53050Schristos ctx = EVP_MD_CTX_new(); 4857fb48e4b2Schristos if (ctx == NULL) { 48588fbed61eSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4859e0ea3921Schristos goto err; 4860fb48e4b2Schristos } 4861e0ea3921Schristos 4862e0ea3921Schristos if (!EVP_MD_CTX_copy_ex(ctx, hdgst) 4863e0ea3921Schristos || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) { 48648fbed61eSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 48655af53050Schristos goto err; 48665af53050Schristos } 4867e0ea3921Schristos 4868e0ea3921Schristos *hashlen = hashleni; 4869e0ea3921Schristos 4870e0ea3921Schristos ret = 1; 48715af53050Schristos err: 48725af53050Schristos EVP_MD_CTX_free(ctx); 48735af53050Schristos return ret; 48744e3dcb23Sspz } 48754e3dcb23Sspz 48764261787cSchristos int SSL_session_reused(const SSL *s) 48774e3dcb23Sspz { 48784e3dcb23Sspz return s->hit; 48794e3dcb23Sspz } 48804e3dcb23Sspz 48815af53050Schristos int SSL_is_server(const SSL *s) 488231b855a0Sspz { 488331b855a0Sspz return s->server; 488431b855a0Sspz } 488531b855a0Sspz 48868fbed61eSchristos #ifndef OPENSSL_NO_DEPRECATED_1_1_0 48875af53050Schristos void SSL_set_debug(SSL *s, int debug) 48885af53050Schristos { 48895af53050Schristos /* Old function was do-nothing anyway... */ 48905af53050Schristos (void)s; 48915af53050Schristos (void)debug; 48925af53050Schristos } 4893a89c9211Schristos #endif 4894a89c9211Schristos 48955af53050Schristos void SSL_set_security_level(SSL *s, int level) 48965af53050Schristos { 48975af53050Schristos s->cert->sec_level = level; 48985af53050Schristos } 48995af53050Schristos 49005af53050Schristos int SSL_get_security_level(const SSL *s) 49015af53050Schristos { 49025af53050Schristos return s->cert->sec_level; 49035af53050Schristos } 49045af53050Schristos 49055af53050Schristos void SSL_set_security_callback(SSL *s, 49065af53050Schristos int (*cb) (const SSL *s, const SSL_CTX *ctx, 49075af53050Schristos int op, int bits, int nid, 49085af53050Schristos void *other, void *ex)) 49095af53050Schristos { 49105af53050Schristos s->cert->sec_cb = cb; 49115af53050Schristos } 49125af53050Schristos 49135af53050Schristos int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, 49145af53050Schristos const SSL_CTX *ctx, int op, 49155af53050Schristos int bits, int nid, void *other, 49165af53050Schristos void *ex) { 49175af53050Schristos return s->cert->sec_cb; 49185af53050Schristos } 49195af53050Schristos 49205af53050Schristos void SSL_set0_security_ex_data(SSL *s, void *ex) 49215af53050Schristos { 49225af53050Schristos s->cert->sec_ex = ex; 49235af53050Schristos } 49245af53050Schristos 49255af53050Schristos void *SSL_get0_security_ex_data(const SSL *s) 49265af53050Schristos { 49275af53050Schristos return s->cert->sec_ex; 49285af53050Schristos } 49295af53050Schristos 49305af53050Schristos void SSL_CTX_set_security_level(SSL_CTX *ctx, int level) 49315af53050Schristos { 49325af53050Schristos ctx->cert->sec_level = level; 49335af53050Schristos } 49345af53050Schristos 49355af53050Schristos int SSL_CTX_get_security_level(const SSL_CTX *ctx) 49365af53050Schristos { 49375af53050Schristos return ctx->cert->sec_level; 49385af53050Schristos } 49395af53050Schristos 49405af53050Schristos void SSL_CTX_set_security_callback(SSL_CTX *ctx, 49415af53050Schristos int (*cb) (const SSL *s, const SSL_CTX *ctx, 49425af53050Schristos int op, int bits, int nid, 49435af53050Schristos void *other, void *ex)) 49445af53050Schristos { 49455af53050Schristos ctx->cert->sec_cb = cb; 49465af53050Schristos } 49475af53050Schristos 49485af53050Schristos int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, 49495af53050Schristos const SSL_CTX *ctx, 49505af53050Schristos int op, int bits, 49515af53050Schristos int nid, 49525af53050Schristos void *other, 49535af53050Schristos void *ex) { 49545af53050Schristos return ctx->cert->sec_cb; 49555af53050Schristos } 49565af53050Schristos 49575af53050Schristos void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex) 49585af53050Schristos { 49595af53050Schristos ctx->cert->sec_ex = ex; 49605af53050Schristos } 49615af53050Schristos 49625af53050Schristos void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx) 49635af53050Schristos { 49645af53050Schristos return ctx->cert->sec_ex; 49655af53050Schristos } 49665af53050Schristos 49678fbed61eSchristos uint64_t SSL_CTX_get_options(const SSL_CTX *ctx) 49685af53050Schristos { 49695af53050Schristos return ctx->options; 49705af53050Schristos } 49715af53050Schristos 49728fbed61eSchristos uint64_t SSL_get_options(const SSL *s) 49735af53050Schristos { 49745af53050Schristos return s->options; 49755af53050Schristos } 49765af53050Schristos 49778fbed61eSchristos uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op) 49785af53050Schristos { 49795af53050Schristos return ctx->options |= op; 49805af53050Schristos } 49815af53050Schristos 49828fbed61eSchristos uint64_t SSL_set_options(SSL *s, uint64_t op) 49835af53050Schristos { 49845af53050Schristos return s->options |= op; 49855af53050Schristos } 49865af53050Schristos 49878fbed61eSchristos uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op) 49885af53050Schristos { 49895af53050Schristos return ctx->options &= ~op; 49905af53050Schristos } 49915af53050Schristos 49928fbed61eSchristos uint64_t SSL_clear_options(SSL *s, uint64_t op) 49935af53050Schristos { 49945af53050Schristos return s->options &= ~op; 49955af53050Schristos } 49965af53050Schristos 49975af53050Schristos STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s) 49985af53050Schristos { 49995af53050Schristos return s->verified_chain; 50005af53050Schristos } 50015af53050Schristos 50029cef71b6Sspz IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); 50035af53050Schristos 50045af53050Schristos #ifndef OPENSSL_NO_CT 50055af53050Schristos 50065af53050Schristos /* 50075af53050Schristos * Moves SCTs from the |src| stack to the |dst| stack. 50085af53050Schristos * The source of each SCT will be set to |origin|. 50095af53050Schristos * If |dst| points to a NULL pointer, a new stack will be created and owned by 50105af53050Schristos * the caller. 50115af53050Schristos * Returns the number of SCTs moved, or a negative integer if an error occurs. 5012b46c97feSchristos * The |dst| stack is created and possibly partially populated even in case 5013b46c97feSchristos * of error, likewise the |src| stack may be left in an intermediate state. 50145af53050Schristos */ 50155af53050Schristos static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, 50165af53050Schristos sct_source_t origin) 50175af53050Schristos { 50185af53050Schristos int scts_moved = 0; 50195af53050Schristos SCT *sct = NULL; 50205af53050Schristos 50215af53050Schristos if (*dst == NULL) { 50225af53050Schristos *dst = sk_SCT_new_null(); 50235af53050Schristos if (*dst == NULL) { 50248fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 50255af53050Schristos goto err; 50265af53050Schristos } 50275af53050Schristos } 50285af53050Schristos 50295af53050Schristos while ((sct = sk_SCT_pop(src)) != NULL) { 50305af53050Schristos if (SCT_set_source(sct, origin) != 1) 50315af53050Schristos goto err; 50325af53050Schristos 5033b46c97feSchristos if (!sk_SCT_push(*dst, sct)) 50345af53050Schristos goto err; 50355af53050Schristos scts_moved += 1; 50365af53050Schristos } 50375af53050Schristos 50385af53050Schristos return scts_moved; 50395af53050Schristos err: 5040b46c97feSchristos SCT_free(sct); 50415af53050Schristos return -1; 50425af53050Schristos } 50435af53050Schristos 50445af53050Schristos /* 50455af53050Schristos * Look for data collected during ServerHello and parse if found. 50465af53050Schristos * Returns the number of SCTs extracted. 50475af53050Schristos */ 50485af53050Schristos static int ct_extract_tls_extension_scts(SSL *s) 50495af53050Schristos { 50505af53050Schristos int scts_extracted = 0; 50515af53050Schristos 5052e0ea3921Schristos if (s->ext.scts != NULL) { 5053e0ea3921Schristos const unsigned char *p = s->ext.scts; 5054e0ea3921Schristos STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len); 50555af53050Schristos 50565af53050Schristos scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION); 50575af53050Schristos 50585af53050Schristos SCT_LIST_free(scts); 50595af53050Schristos } 50605af53050Schristos 50615af53050Schristos return scts_extracted; 50625af53050Schristos } 50635af53050Schristos 50645af53050Schristos /* 50655af53050Schristos * Checks for an OCSP response and then attempts to extract any SCTs found if it 50665af53050Schristos * contains an SCT X509 extension. They will be stored in |s->scts|. 50675af53050Schristos * Returns: 50685af53050Schristos * - The number of SCTs extracted, assuming an OCSP response exists. 50695af53050Schristos * - 0 if no OCSP response exists or it contains no SCTs. 50705af53050Schristos * - A negative integer if an error occurs. 50715af53050Schristos */ 50725af53050Schristos static int ct_extract_ocsp_response_scts(SSL *s) 50735af53050Schristos { 50745af53050Schristos # ifndef OPENSSL_NO_OCSP 50755af53050Schristos int scts_extracted = 0; 50765af53050Schristos const unsigned char *p; 50775af53050Schristos OCSP_BASICRESP *br = NULL; 50785af53050Schristos OCSP_RESPONSE *rsp = NULL; 50795af53050Schristos STACK_OF(SCT) *scts = NULL; 50805af53050Schristos int i; 50815af53050Schristos 5082e0ea3921Schristos if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0) 50835af53050Schristos goto err; 50845af53050Schristos 5085e0ea3921Schristos p = s->ext.ocsp.resp; 5086e0ea3921Schristos rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len); 50875af53050Schristos if (rsp == NULL) 50885af53050Schristos goto err; 50895af53050Schristos 50905af53050Schristos br = OCSP_response_get1_basic(rsp); 50915af53050Schristos if (br == NULL) 50925af53050Schristos goto err; 50935af53050Schristos 50945af53050Schristos for (i = 0; i < OCSP_resp_count(br); ++i) { 50955af53050Schristos OCSP_SINGLERESP *single = OCSP_resp_get0(br, i); 50965af53050Schristos 50975af53050Schristos if (single == NULL) 50985af53050Schristos continue; 50995af53050Schristos 51005af53050Schristos scts = 51015af53050Schristos OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL); 51025af53050Schristos scts_extracted = 51035af53050Schristos ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE); 51045af53050Schristos if (scts_extracted < 0) 51055af53050Schristos goto err; 51065af53050Schristos } 51075af53050Schristos err: 51085af53050Schristos SCT_LIST_free(scts); 51095af53050Schristos OCSP_BASICRESP_free(br); 51105af53050Schristos OCSP_RESPONSE_free(rsp); 51115af53050Schristos return scts_extracted; 51125af53050Schristos # else 51135af53050Schristos /* Behave as if no OCSP response exists */ 51145af53050Schristos return 0; 51155af53050Schristos # endif 51165af53050Schristos } 51175af53050Schristos 51185af53050Schristos /* 51195af53050Schristos * Attempts to extract SCTs from the peer certificate. 51205af53050Schristos * Return the number of SCTs extracted, or a negative integer if an error 51215af53050Schristos * occurs. 51225af53050Schristos */ 51235af53050Schristos static int ct_extract_x509v3_extension_scts(SSL *s) 51245af53050Schristos { 51255af53050Schristos int scts_extracted = 0; 51265af53050Schristos X509 *cert = s->session != NULL ? s->session->peer : NULL; 51275af53050Schristos 51285af53050Schristos if (cert != NULL) { 51295af53050Schristos STACK_OF(SCT) *scts = 51305af53050Schristos X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL); 51315af53050Schristos 51325af53050Schristos scts_extracted = 51335af53050Schristos ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION); 51345af53050Schristos 51355af53050Schristos SCT_LIST_free(scts); 51365af53050Schristos } 51375af53050Schristos 51385af53050Schristos return scts_extracted; 51395af53050Schristos } 51405af53050Schristos 51415af53050Schristos /* 51425af53050Schristos * Attempts to find all received SCTs by checking TLS extensions, the OCSP 51435af53050Schristos * response (if it exists) and X509v3 extensions in the certificate. 51445af53050Schristos * Returns NULL if an error occurs. 51455af53050Schristos */ 51465af53050Schristos const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s) 51475af53050Schristos { 51485af53050Schristos if (!s->scts_parsed) { 51495af53050Schristos if (ct_extract_tls_extension_scts(s) < 0 || 51505af53050Schristos ct_extract_ocsp_response_scts(s) < 0 || 51515af53050Schristos ct_extract_x509v3_extension_scts(s) < 0) 51525af53050Schristos goto err; 51535af53050Schristos 51545af53050Schristos s->scts_parsed = 1; 51555af53050Schristos } 51565af53050Schristos return s->scts; 51575af53050Schristos err: 51585af53050Schristos return NULL; 51595af53050Schristos } 51605af53050Schristos 51615af53050Schristos static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx, 51625af53050Schristos const STACK_OF(SCT) *scts, void *unused_arg) 51635af53050Schristos { 51645af53050Schristos return 1; 51655af53050Schristos } 51665af53050Schristos 51675af53050Schristos static int ct_strict(const CT_POLICY_EVAL_CTX * ctx, 51685af53050Schristos const STACK_OF(SCT) *scts, void *unused_arg) 51695af53050Schristos { 51705af53050Schristos int count = scts != NULL ? sk_SCT_num(scts) : 0; 51715af53050Schristos int i; 51725af53050Schristos 51735af53050Schristos for (i = 0; i < count; ++i) { 51745af53050Schristos SCT *sct = sk_SCT_value(scts, i); 51755af53050Schristos int status = SCT_get_validation_status(sct); 51765af53050Schristos 51775af53050Schristos if (status == SCT_VALIDATION_STATUS_VALID) 51785af53050Schristos return 1; 51795af53050Schristos } 51808fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_NO_VALID_SCTS); 51815af53050Schristos return 0; 51825af53050Schristos } 51835af53050Schristos 51845af53050Schristos int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, 51855af53050Schristos void *arg) 51865af53050Schristos { 51875af53050Schristos /* 51885af53050Schristos * Since code exists that uses the custom extension handler for CT, look 51895af53050Schristos * for this and throw an error if they have already registered to use CT. 51905af53050Schristos */ 51915af53050Schristos if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx, 51925af53050Schristos TLSEXT_TYPE_signed_certificate_timestamp)) 51935af53050Schristos { 51948fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); 51955af53050Schristos return 0; 51965af53050Schristos } 51975af53050Schristos 51985af53050Schristos if (callback != NULL) { 51995af53050Schristos /* 52005af53050Schristos * If we are validating CT, then we MUST accept SCTs served via OCSP 52015af53050Schristos */ 52025af53050Schristos if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp)) 52035af53050Schristos return 0; 52045af53050Schristos } 52055af53050Schristos 52065af53050Schristos s->ct_validation_callback = callback; 52075af53050Schristos s->ct_validation_callback_arg = arg; 52085af53050Schristos 52095af53050Schristos return 1; 52105af53050Schristos } 52115af53050Schristos 52125af53050Schristos int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, 52135af53050Schristos ssl_ct_validation_cb callback, void *arg) 52145af53050Schristos { 52155af53050Schristos /* 52165af53050Schristos * Since code exists that uses the custom extension handler for CT, look for 52175af53050Schristos * this and throw an error if they have already registered to use CT. 52185af53050Schristos */ 52195af53050Schristos if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx, 52205af53050Schristos TLSEXT_TYPE_signed_certificate_timestamp)) 52215af53050Schristos { 52228fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); 52235af53050Schristos return 0; 52245af53050Schristos } 52255af53050Schristos 52265af53050Schristos ctx->ct_validation_callback = callback; 52275af53050Schristos ctx->ct_validation_callback_arg = arg; 52285af53050Schristos return 1; 52295af53050Schristos } 52305af53050Schristos 52315af53050Schristos int SSL_ct_is_enabled(const SSL *s) 52325af53050Schristos { 52335af53050Schristos return s->ct_validation_callback != NULL; 52345af53050Schristos } 52355af53050Schristos 52365af53050Schristos int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx) 52375af53050Schristos { 52385af53050Schristos return ctx->ct_validation_callback != NULL; 52395af53050Schristos } 52405af53050Schristos 52415af53050Schristos int ssl_validate_ct(SSL *s) 52425af53050Schristos { 52435af53050Schristos int ret = 0; 52445af53050Schristos X509 *cert = s->session != NULL ? s->session->peer : NULL; 52455af53050Schristos X509 *issuer; 52465af53050Schristos SSL_DANE *dane = &s->dane; 52475af53050Schristos CT_POLICY_EVAL_CTX *ctx = NULL; 52485af53050Schristos const STACK_OF(SCT) *scts; 52495af53050Schristos 52505af53050Schristos /* 52515af53050Schristos * If no callback is set, the peer is anonymous, or its chain is invalid, 52525af53050Schristos * skip SCT validation - just return success. Applications that continue 52535af53050Schristos * handshakes without certificates, with unverified chains, or pinned leaf 52545af53050Schristos * certificates are outside the scope of the WebPKI and CT. 52555af53050Schristos * 52565af53050Schristos * The above exclusions notwithstanding the vast majority of peers will 52575af53050Schristos * have rather ordinary certificate chains validated by typical 52585af53050Schristos * applications that perform certificate verification and therefore will 52595af53050Schristos * process SCTs when enabled. 52605af53050Schristos */ 52615af53050Schristos if (s->ct_validation_callback == NULL || cert == NULL || 52625af53050Schristos s->verify_result != X509_V_OK || 52635af53050Schristos s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1) 52645af53050Schristos return 1; 52655af53050Schristos 52665af53050Schristos /* 52675af53050Schristos * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3) 52685af53050Schristos * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2 52695af53050Schristos */ 52705af53050Schristos if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) { 52715af53050Schristos switch (dane->mtlsa->usage) { 52725af53050Schristos case DANETLS_USAGE_DANE_TA: 52735af53050Schristos case DANETLS_USAGE_DANE_EE: 52745af53050Schristos return 1; 52755af53050Schristos } 52765af53050Schristos } 52775af53050Schristos 52788fbed61eSchristos ctx = CT_POLICY_EVAL_CTX_new_ex(s->ctx->libctx, s->ctx->propq); 52795af53050Schristos if (ctx == NULL) { 52808fbed61eSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 52815af53050Schristos goto end; 52825af53050Schristos } 52835af53050Schristos 52845af53050Schristos issuer = sk_X509_value(s->verified_chain, 1); 52855af53050Schristos CT_POLICY_EVAL_CTX_set1_cert(ctx, cert); 52865af53050Schristos CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer); 52875af53050Schristos CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store); 52885af53050Schristos CT_POLICY_EVAL_CTX_set_time( 52895af53050Schristos ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000); 52905af53050Schristos 52915af53050Schristos scts = SSL_get0_peer_scts(s); 52925af53050Schristos 52935af53050Schristos /* 52945af53050Schristos * This function returns success (> 0) only when all the SCTs are valid, 0 52955af53050Schristos * when some are invalid, and < 0 on various internal errors (out of 52965af53050Schristos * memory, etc.). Having some, or even all, invalid SCTs is not sufficient 52975af53050Schristos * reason to abort the handshake, that decision is up to the callback. 52985af53050Schristos * Therefore, we error out only in the unexpected case that the return 52995af53050Schristos * value is negative. 53005af53050Schristos * 53015af53050Schristos * XXX: One might well argue that the return value of this function is an 53025af53050Schristos * unfortunate design choice. Its job is only to determine the validation 53035af53050Schristos * status of each of the provided SCTs. So long as it correctly separates 53045af53050Schristos * the wheat from the chaff it should return success. Failure in this case 53055af53050Schristos * ought to correspond to an inability to carry out its duties. 53065af53050Schristos */ 53075af53050Schristos if (SCT_LIST_validate(scts, ctx) < 0) { 53088fbed61eSchristos SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_SCT_VERIFICATION_FAILED); 53095af53050Schristos goto end; 53105af53050Schristos } 53115af53050Schristos 53125af53050Schristos ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg); 53135af53050Schristos if (ret < 0) 53145af53050Schristos ret = 0; /* This function returns 0 on failure */ 5315e0ea3921Schristos if (!ret) 53168fbed61eSchristos SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_CALLBACK_FAILED); 53175af53050Schristos 53185af53050Schristos end: 53195af53050Schristos CT_POLICY_EVAL_CTX_free(ctx); 53205af53050Schristos /* 53215af53050Schristos * With SSL_VERIFY_NONE the session may be cached and re-used despite a 53225af53050Schristos * failure return code here. Also the application may wish the complete 53235af53050Schristos * the handshake, and then disconnect cleanly at a higher layer, after 53245af53050Schristos * checking the verification status of the completed connection. 53255af53050Schristos * 53265af53050Schristos * We therefore force a certificate verification failure which will be 53275af53050Schristos * visible via SSL_get_verify_result() and cached as part of any resumed 53285af53050Schristos * session. 53295af53050Schristos * 53305af53050Schristos * Note: the permissive callback is for information gathering only, always 53315af53050Schristos * returns success, and does not affect verification status. Only the 53325af53050Schristos * strict callback or a custom application-specified callback can trigger 53335af53050Schristos * connection failure or record a verification error. 53345af53050Schristos */ 53355af53050Schristos if (ret <= 0) 53365af53050Schristos s->verify_result = X509_V_ERR_NO_VALID_SCTS; 53375af53050Schristos return ret; 53385af53050Schristos } 53395af53050Schristos 53405af53050Schristos int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode) 53415af53050Schristos { 53425af53050Schristos switch (validation_mode) { 53435af53050Schristos default: 53448fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE); 53455af53050Schristos return 0; 53465af53050Schristos case SSL_CT_VALIDATION_PERMISSIVE: 53475af53050Schristos return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL); 53485af53050Schristos case SSL_CT_VALIDATION_STRICT: 53495af53050Schristos return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL); 53505af53050Schristos } 53515af53050Schristos } 53525af53050Schristos 53535af53050Schristos int SSL_enable_ct(SSL *s, int validation_mode) 53545af53050Schristos { 53555af53050Schristos switch (validation_mode) { 53565af53050Schristos default: 53578fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE); 53585af53050Schristos return 0; 53595af53050Schristos case SSL_CT_VALIDATION_PERMISSIVE: 53605af53050Schristos return SSL_set_ct_validation_callback(s, ct_permissive, NULL); 53615af53050Schristos case SSL_CT_VALIDATION_STRICT: 53625af53050Schristos return SSL_set_ct_validation_callback(s, ct_strict, NULL); 53635af53050Schristos } 53645af53050Schristos } 53655af53050Schristos 53665af53050Schristos int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx) 53675af53050Schristos { 53685af53050Schristos return CTLOG_STORE_load_default_file(ctx->ctlog_store); 53695af53050Schristos } 53705af53050Schristos 53715af53050Schristos int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path) 53725af53050Schristos { 53735af53050Schristos return CTLOG_STORE_load_file(ctx->ctlog_store, path); 53745af53050Schristos } 53755af53050Schristos 53765af53050Schristos void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs) 53775af53050Schristos { 53785af53050Schristos CTLOG_STORE_free(ctx->ctlog_store); 53795af53050Schristos ctx->ctlog_store = logs; 53805af53050Schristos } 53815af53050Schristos 53825af53050Schristos const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx) 53835af53050Schristos { 53845af53050Schristos return ctx->ctlog_store; 53855af53050Schristos } 53865af53050Schristos 5387e0ea3921Schristos #endif /* OPENSSL_NO_CT */ 5388e0ea3921Schristos 5389e0ea3921Schristos void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, 5390e0ea3921Schristos void *arg) 5391e0ea3921Schristos { 5392e0ea3921Schristos c->client_hello_cb = cb; 5393e0ea3921Schristos c->client_hello_cb_arg = arg; 5394e0ea3921Schristos } 5395e0ea3921Schristos 5396e0ea3921Schristos int SSL_client_hello_isv2(SSL *s) 5397e0ea3921Schristos { 5398e0ea3921Schristos if (s->clienthello == NULL) 5399e0ea3921Schristos return 0; 5400e0ea3921Schristos return s->clienthello->isv2; 5401e0ea3921Schristos } 5402e0ea3921Schristos 5403e0ea3921Schristos unsigned int SSL_client_hello_get0_legacy_version(SSL *s) 5404e0ea3921Schristos { 5405e0ea3921Schristos if (s->clienthello == NULL) 5406e0ea3921Schristos return 0; 5407e0ea3921Schristos return s->clienthello->legacy_version; 5408e0ea3921Schristos } 5409e0ea3921Schristos 5410e0ea3921Schristos size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out) 5411e0ea3921Schristos { 5412e0ea3921Schristos if (s->clienthello == NULL) 5413e0ea3921Schristos return 0; 5414e0ea3921Schristos if (out != NULL) 5415e0ea3921Schristos *out = s->clienthello->random; 5416e0ea3921Schristos return SSL3_RANDOM_SIZE; 5417e0ea3921Schristos } 5418e0ea3921Schristos 5419e0ea3921Schristos size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out) 5420e0ea3921Schristos { 5421e0ea3921Schristos if (s->clienthello == NULL) 5422e0ea3921Schristos return 0; 5423e0ea3921Schristos if (out != NULL) 5424e0ea3921Schristos *out = s->clienthello->session_id; 5425e0ea3921Schristos return s->clienthello->session_id_len; 5426e0ea3921Schristos } 5427e0ea3921Schristos 5428e0ea3921Schristos size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out) 5429e0ea3921Schristos { 5430e0ea3921Schristos if (s->clienthello == NULL) 5431e0ea3921Schristos return 0; 5432e0ea3921Schristos if (out != NULL) 5433e0ea3921Schristos *out = PACKET_data(&s->clienthello->ciphersuites); 5434e0ea3921Schristos return PACKET_remaining(&s->clienthello->ciphersuites); 5435e0ea3921Schristos } 5436e0ea3921Schristos 5437e0ea3921Schristos size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out) 5438e0ea3921Schristos { 5439e0ea3921Schristos if (s->clienthello == NULL) 5440e0ea3921Schristos return 0; 5441e0ea3921Schristos if (out != NULL) 5442e0ea3921Schristos *out = s->clienthello->compressions; 5443e0ea3921Schristos return s->clienthello->compressions_len; 5444e0ea3921Schristos } 5445e0ea3921Schristos 5446e0ea3921Schristos int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) 5447e0ea3921Schristos { 5448e0ea3921Schristos RAW_EXTENSION *ext; 5449e0ea3921Schristos int *present; 5450e0ea3921Schristos size_t num = 0, i; 5451e0ea3921Schristos 5452e0ea3921Schristos if (s->clienthello == NULL || out == NULL || outlen == NULL) 5453e0ea3921Schristos return 0; 5454e0ea3921Schristos for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { 5455e0ea3921Schristos ext = s->clienthello->pre_proc_exts + i; 5456e0ea3921Schristos if (ext->present) 5457e0ea3921Schristos num++; 5458e0ea3921Schristos } 54594261787cSchristos if (num == 0) { 54604261787cSchristos *out = NULL; 54614261787cSchristos *outlen = 0; 54624261787cSchristos return 1; 54634261787cSchristos } 5464e0ea3921Schristos if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) { 54658fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 5466e0ea3921Schristos return 0; 5467e0ea3921Schristos } 5468e0ea3921Schristos for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { 5469e0ea3921Schristos ext = s->clienthello->pre_proc_exts + i; 5470e0ea3921Schristos if (ext->present) { 5471e0ea3921Schristos if (ext->received_order >= num) 5472e0ea3921Schristos goto err; 5473e0ea3921Schristos present[ext->received_order] = ext->type; 5474e0ea3921Schristos } 5475e0ea3921Schristos } 5476e0ea3921Schristos *out = present; 5477e0ea3921Schristos *outlen = num; 5478e0ea3921Schristos return 1; 5479e0ea3921Schristos err: 5480e0ea3921Schristos OPENSSL_free(present); 5481e0ea3921Schristos return 0; 5482e0ea3921Schristos } 5483e0ea3921Schristos 5484e0ea3921Schristos int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, 5485e0ea3921Schristos size_t *outlen) 5486e0ea3921Schristos { 5487e0ea3921Schristos size_t i; 5488e0ea3921Schristos RAW_EXTENSION *r; 5489e0ea3921Schristos 5490e0ea3921Schristos if (s->clienthello == NULL) 5491e0ea3921Schristos return 0; 5492e0ea3921Schristos for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) { 5493e0ea3921Schristos r = s->clienthello->pre_proc_exts + i; 5494e0ea3921Schristos if (r->present && r->type == type) { 5495e0ea3921Schristos if (out != NULL) 5496e0ea3921Schristos *out = PACKET_data(&r->data); 5497e0ea3921Schristos if (outlen != NULL) 5498e0ea3921Schristos *outlen = PACKET_remaining(&r->data); 5499e0ea3921Schristos return 1; 5500e0ea3921Schristos } 5501e0ea3921Schristos } 5502e0ea3921Schristos return 0; 5503e0ea3921Schristos } 5504e0ea3921Schristos 5505e0ea3921Schristos int SSL_free_buffers(SSL *ssl) 5506e0ea3921Schristos { 5507e0ea3921Schristos RECORD_LAYER *rl = &ssl->rlayer; 5508e0ea3921Schristos 5509e0ea3921Schristos if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl)) 5510e0ea3921Schristos return 0; 5511e0ea3921Schristos 5512b46c97feSchristos if (RECORD_LAYER_data_present(rl)) 5513b46c97feSchristos return 0; 5514b46c97feSchristos 5515e0ea3921Schristos RECORD_LAYER_release(rl); 5516e0ea3921Schristos return 1; 5517e0ea3921Schristos } 5518e0ea3921Schristos 5519e0ea3921Schristos int SSL_alloc_buffers(SSL *ssl) 5520e0ea3921Schristos { 5521e0ea3921Schristos return ssl3_setup_buffers(ssl); 5522e0ea3921Schristos } 5523e0ea3921Schristos 5524e0ea3921Schristos void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) 5525e0ea3921Schristos { 5526e0ea3921Schristos ctx->keylog_callback = cb; 5527e0ea3921Schristos } 5528e0ea3921Schristos 5529e0ea3921Schristos SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) 5530e0ea3921Schristos { 5531e0ea3921Schristos return ctx->keylog_callback; 5532e0ea3921Schristos } 5533e0ea3921Schristos 5534e0ea3921Schristos static int nss_keylog_int(const char *prefix, 5535e0ea3921Schristos SSL *ssl, 5536e0ea3921Schristos const uint8_t *parameter_1, 5537e0ea3921Schristos size_t parameter_1_len, 5538e0ea3921Schristos const uint8_t *parameter_2, 5539e0ea3921Schristos size_t parameter_2_len) 5540e0ea3921Schristos { 5541e0ea3921Schristos char *out = NULL; 5542e0ea3921Schristos char *cursor = NULL; 5543e0ea3921Schristos size_t out_len = 0; 5544e0ea3921Schristos size_t i; 5545e0ea3921Schristos size_t prefix_len; 5546e0ea3921Schristos 5547bf8eace1Schristos if (ssl->ctx->keylog_callback == NULL) 5548bf8eace1Schristos return 1; 5549e0ea3921Schristos 5550e0ea3921Schristos /* 5551e0ea3921Schristos * Our output buffer will contain the following strings, rendered with 5552e0ea3921Schristos * space characters in between, terminated by a NULL character: first the 5553e0ea3921Schristos * prefix, then the first parameter, then the second parameter. The 5554e0ea3921Schristos * meaning of each parameter depends on the specific key material being 5555e0ea3921Schristos * logged. Note that the first and second parameters are encoded in 5556e0ea3921Schristos * hexadecimal, so we need a buffer that is twice their lengths. 5557e0ea3921Schristos */ 5558e0ea3921Schristos prefix_len = strlen(prefix); 5559e0ea3921Schristos out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3; 5560e0ea3921Schristos if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) { 55618fbed61eSchristos SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 5562e0ea3921Schristos return 0; 5563e0ea3921Schristos } 5564e0ea3921Schristos 5565e0ea3921Schristos strcpy(cursor, prefix); 5566e0ea3921Schristos cursor += prefix_len; 5567e0ea3921Schristos *cursor++ = ' '; 5568e0ea3921Schristos 5569e0ea3921Schristos for (i = 0; i < parameter_1_len; i++) { 5570e0ea3921Schristos sprintf(cursor, "%02x", parameter_1[i]); 5571e0ea3921Schristos cursor += 2; 5572e0ea3921Schristos } 5573e0ea3921Schristos *cursor++ = ' '; 5574e0ea3921Schristos 5575e0ea3921Schristos for (i = 0; i < parameter_2_len; i++) { 5576e0ea3921Schristos sprintf(cursor, "%02x", parameter_2[i]); 5577e0ea3921Schristos cursor += 2; 5578e0ea3921Schristos } 5579e0ea3921Schristos *cursor = '\0'; 5580e0ea3921Schristos 5581e0ea3921Schristos ssl->ctx->keylog_callback(ssl, (const char *)out); 5582bf8eace1Schristos OPENSSL_clear_free(out, out_len); 5583e0ea3921Schristos return 1; 5584e0ea3921Schristos 5585e0ea3921Schristos } 5586e0ea3921Schristos 5587e0ea3921Schristos int ssl_log_rsa_client_key_exchange(SSL *ssl, 5588e0ea3921Schristos const uint8_t *encrypted_premaster, 5589e0ea3921Schristos size_t encrypted_premaster_len, 5590e0ea3921Schristos const uint8_t *premaster, 5591e0ea3921Schristos size_t premaster_len) 5592e0ea3921Schristos { 5593e0ea3921Schristos if (encrypted_premaster_len < 8) { 55948fbed61eSchristos SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 5595e0ea3921Schristos return 0; 5596e0ea3921Schristos } 5597e0ea3921Schristos 5598e0ea3921Schristos /* We only want the first 8 bytes of the encrypted premaster as a tag. */ 5599e0ea3921Schristos return nss_keylog_int("RSA", 5600e0ea3921Schristos ssl, 5601e0ea3921Schristos encrypted_premaster, 5602e0ea3921Schristos 8, 5603e0ea3921Schristos premaster, 5604e0ea3921Schristos premaster_len); 5605e0ea3921Schristos } 5606e0ea3921Schristos 5607e0ea3921Schristos int ssl_log_secret(SSL *ssl, 5608e0ea3921Schristos const char *label, 5609e0ea3921Schristos const uint8_t *secret, 5610e0ea3921Schristos size_t secret_len) 5611e0ea3921Schristos { 5612e0ea3921Schristos return nss_keylog_int(label, 5613e0ea3921Schristos ssl, 56148fbed61eSchristos ssl->s3.client_random, 5615e0ea3921Schristos SSL3_RANDOM_SIZE, 5616e0ea3921Schristos secret, 5617e0ea3921Schristos secret_len); 5618e0ea3921Schristos } 5619e0ea3921Schristos 5620e0ea3921Schristos #define SSLV2_CIPHER_LEN 3 5621e0ea3921Schristos 5622e0ea3921Schristos int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) 5623e0ea3921Schristos { 5624e0ea3921Schristos int n; 5625e0ea3921Schristos 5626e0ea3921Schristos n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN; 5627e0ea3921Schristos 5628e0ea3921Schristos if (PACKET_remaining(cipher_suites) == 0) { 56298fbed61eSchristos SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED); 5630e0ea3921Schristos return 0; 5631e0ea3921Schristos } 5632e0ea3921Schristos 5633e0ea3921Schristos if (PACKET_remaining(cipher_suites) % n != 0) { 56348fbed61eSchristos SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 5635e0ea3921Schristos return 0; 5636e0ea3921Schristos } 5637e0ea3921Schristos 56388fbed61eSchristos OPENSSL_free(s->s3.tmp.ciphers_raw); 56398fbed61eSchristos s->s3.tmp.ciphers_raw = NULL; 56408fbed61eSchristos s->s3.tmp.ciphers_rawlen = 0; 5641e0ea3921Schristos 5642e0ea3921Schristos if (sslv2format) { 5643e0ea3921Schristos size_t numciphers = PACKET_remaining(cipher_suites) / n; 5644e0ea3921Schristos PACKET sslv2ciphers = *cipher_suites; 5645e0ea3921Schristos unsigned int leadbyte; 5646e0ea3921Schristos unsigned char *raw; 5647e0ea3921Schristos 5648e0ea3921Schristos /* 5649e0ea3921Schristos * We store the raw ciphers list in SSLv3+ format so we need to do some 5650e0ea3921Schristos * preprocessing to convert the list first. If there are any SSLv2 only 5651e0ea3921Schristos * ciphersuites with a non-zero leading byte then we are going to 5652e0ea3921Schristos * slightly over allocate because we won't store those. But that isn't a 5653e0ea3921Schristos * problem. 5654e0ea3921Schristos */ 5655e0ea3921Schristos raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN); 56568fbed61eSchristos s->s3.tmp.ciphers_raw = raw; 5657e0ea3921Schristos if (raw == NULL) { 56588fbed61eSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 5659e0ea3921Schristos return 0; 5660e0ea3921Schristos } 56618fbed61eSchristos for (s->s3.tmp.ciphers_rawlen = 0; 5662e0ea3921Schristos PACKET_remaining(&sslv2ciphers) > 0; 5663e0ea3921Schristos raw += TLS_CIPHER_LEN) { 5664e0ea3921Schristos if (!PACKET_get_1(&sslv2ciphers, &leadbyte) 5665e0ea3921Schristos || (leadbyte == 0 5666e0ea3921Schristos && !PACKET_copy_bytes(&sslv2ciphers, raw, 5667e0ea3921Schristos TLS_CIPHER_LEN)) 5668e0ea3921Schristos || (leadbyte != 0 5669e0ea3921Schristos && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) { 56708fbed61eSchristos SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_PACKET); 56718fbed61eSchristos OPENSSL_free(s->s3.tmp.ciphers_raw); 56728fbed61eSchristos s->s3.tmp.ciphers_raw = NULL; 56738fbed61eSchristos s->s3.tmp.ciphers_rawlen = 0; 5674e0ea3921Schristos return 0; 5675e0ea3921Schristos } 5676e0ea3921Schristos if (leadbyte == 0) 56778fbed61eSchristos s->s3.tmp.ciphers_rawlen += TLS_CIPHER_LEN; 5678e0ea3921Schristos } 56798fbed61eSchristos } else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw, 56808fbed61eSchristos &s->s3.tmp.ciphers_rawlen)) { 56818fbed61eSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 5682e0ea3921Schristos return 0; 5683e0ea3921Schristos } 5684e0ea3921Schristos return 1; 5685e0ea3921Schristos } 5686e0ea3921Schristos 5687e0ea3921Schristos int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, 5688e0ea3921Schristos int isv2format, STACK_OF(SSL_CIPHER) **sk, 5689e0ea3921Schristos STACK_OF(SSL_CIPHER) **scsvs) 5690e0ea3921Schristos { 5691e0ea3921Schristos PACKET pkt; 5692e0ea3921Schristos 5693e0ea3921Schristos if (!PACKET_buf_init(&pkt, bytes, len)) 5694e0ea3921Schristos return 0; 5695e0ea3921Schristos return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0); 5696e0ea3921Schristos } 5697e0ea3921Schristos 5698e0ea3921Schristos int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, 5699e0ea3921Schristos STACK_OF(SSL_CIPHER) **skp, 5700e0ea3921Schristos STACK_OF(SSL_CIPHER) **scsvs_out, 5701e0ea3921Schristos int sslv2format, int fatal) 5702e0ea3921Schristos { 5703e0ea3921Schristos const SSL_CIPHER *c; 5704e0ea3921Schristos STACK_OF(SSL_CIPHER) *sk = NULL; 5705e0ea3921Schristos STACK_OF(SSL_CIPHER) *scsvs = NULL; 5706e0ea3921Schristos int n; 5707e0ea3921Schristos /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */ 5708e0ea3921Schristos unsigned char cipher[SSLV2_CIPHER_LEN]; 5709e0ea3921Schristos 5710e0ea3921Schristos n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN; 5711e0ea3921Schristos 5712e0ea3921Schristos if (PACKET_remaining(cipher_suites) == 0) { 5713e0ea3921Schristos if (fatal) 57148fbed61eSchristos SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED); 5715e0ea3921Schristos else 57168fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHERS_SPECIFIED); 5717e0ea3921Schristos return 0; 5718e0ea3921Schristos } 5719e0ea3921Schristos 5720e0ea3921Schristos if (PACKET_remaining(cipher_suites) % n != 0) { 5721e0ea3921Schristos if (fatal) 57228fbed61eSchristos SSLfatal(s, SSL_AD_DECODE_ERROR, 5723e0ea3921Schristos SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 5724e0ea3921Schristos else 57258fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 5726e0ea3921Schristos return 0; 5727e0ea3921Schristos } 5728e0ea3921Schristos 5729e0ea3921Schristos sk = sk_SSL_CIPHER_new_null(); 5730e0ea3921Schristos scsvs = sk_SSL_CIPHER_new_null(); 5731e0ea3921Schristos if (sk == NULL || scsvs == NULL) { 5732e0ea3921Schristos if (fatal) 57338fbed61eSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 5734e0ea3921Schristos else 57358fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 5736e0ea3921Schristos goto err; 5737e0ea3921Schristos } 5738e0ea3921Schristos 5739e0ea3921Schristos while (PACKET_copy_bytes(cipher_suites, cipher, n)) { 5740e0ea3921Schristos /* 5741e0ea3921Schristos * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the 5742e0ea3921Schristos * first byte set to zero, while true SSLv2 ciphers have a non-zero 5743e0ea3921Schristos * first byte. We don't support any true SSLv2 ciphers, so skip them. 5744e0ea3921Schristos */ 5745e0ea3921Schristos if (sslv2format && cipher[0] != '\0') 5746e0ea3921Schristos continue; 5747e0ea3921Schristos 5748e0ea3921Schristos /* For SSLv2-compat, ignore leading 0-byte. */ 5749e0ea3921Schristos c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1); 5750e0ea3921Schristos if (c != NULL) { 5751e0ea3921Schristos if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) || 5752e0ea3921Schristos (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) { 5753e0ea3921Schristos if (fatal) 57548fbed61eSchristos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 5755e0ea3921Schristos else 57568fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 5757e0ea3921Schristos goto err; 5758e0ea3921Schristos } 5759e0ea3921Schristos } 5760e0ea3921Schristos } 5761e0ea3921Schristos if (PACKET_remaining(cipher_suites) > 0) { 5762e0ea3921Schristos if (fatal) 57638fbed61eSchristos SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_LENGTH); 5764e0ea3921Schristos else 57658fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH); 5766e0ea3921Schristos goto err; 5767e0ea3921Schristos } 5768e0ea3921Schristos 5769e0ea3921Schristos if (skp != NULL) 5770e0ea3921Schristos *skp = sk; 5771e0ea3921Schristos else 5772e0ea3921Schristos sk_SSL_CIPHER_free(sk); 5773e0ea3921Schristos if (scsvs_out != NULL) 5774e0ea3921Schristos *scsvs_out = scsvs; 5775e0ea3921Schristos else 5776e0ea3921Schristos sk_SSL_CIPHER_free(scsvs); 5777e0ea3921Schristos return 1; 5778e0ea3921Schristos err: 5779e0ea3921Schristos sk_SSL_CIPHER_free(sk); 5780e0ea3921Schristos sk_SSL_CIPHER_free(scsvs); 5781e0ea3921Schristos return 0; 5782e0ea3921Schristos } 5783e0ea3921Schristos 5784e0ea3921Schristos int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data) 5785e0ea3921Schristos { 5786e0ea3921Schristos ctx->max_early_data = max_early_data; 5787e0ea3921Schristos 5788e0ea3921Schristos return 1; 5789e0ea3921Schristos } 5790e0ea3921Schristos 5791e0ea3921Schristos uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx) 5792e0ea3921Schristos { 5793e0ea3921Schristos return ctx->max_early_data; 5794e0ea3921Schristos } 5795e0ea3921Schristos 5796e0ea3921Schristos int SSL_set_max_early_data(SSL *s, uint32_t max_early_data) 5797e0ea3921Schristos { 5798e0ea3921Schristos s->max_early_data = max_early_data; 5799e0ea3921Schristos 5800e0ea3921Schristos return 1; 5801e0ea3921Schristos } 5802e0ea3921Schristos 5803e0ea3921Schristos uint32_t SSL_get_max_early_data(const SSL *s) 5804e0ea3921Schristos { 5805e0ea3921Schristos return s->max_early_data; 5806e0ea3921Schristos } 5807e0ea3921Schristos 5808e0ea3921Schristos int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data) 5809e0ea3921Schristos { 5810e0ea3921Schristos ctx->recv_max_early_data = recv_max_early_data; 5811e0ea3921Schristos 5812e0ea3921Schristos return 1; 5813e0ea3921Schristos } 5814e0ea3921Schristos 5815e0ea3921Schristos uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx) 5816e0ea3921Schristos { 5817e0ea3921Schristos return ctx->recv_max_early_data; 5818e0ea3921Schristos } 5819e0ea3921Schristos 5820e0ea3921Schristos int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data) 5821e0ea3921Schristos { 5822e0ea3921Schristos s->recv_max_early_data = recv_max_early_data; 5823e0ea3921Schristos 5824e0ea3921Schristos return 1; 5825e0ea3921Schristos } 5826e0ea3921Schristos 5827e0ea3921Schristos uint32_t SSL_get_recv_max_early_data(const SSL *s) 5828e0ea3921Schristos { 5829e0ea3921Schristos return s->recv_max_early_data; 5830e0ea3921Schristos } 5831e0ea3921Schristos 5832e0ea3921Schristos __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl) 5833e0ea3921Schristos { 5834e0ea3921Schristos /* Return any active Max Fragment Len extension */ 5835e0ea3921Schristos if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)) 5836e0ea3921Schristos return GET_MAX_FRAGMENT_LENGTH(ssl->session); 5837e0ea3921Schristos 5838e0ea3921Schristos /* return current SSL connection setting */ 5839e0ea3921Schristos return ssl->max_send_fragment; 5840e0ea3921Schristos } 5841e0ea3921Schristos 5842e0ea3921Schristos __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl) 5843e0ea3921Schristos { 5844e0ea3921Schristos /* Return a value regarding an active Max Fragment Len extension */ 5845e0ea3921Schristos if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session) 5846e0ea3921Schristos && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session)) 5847e0ea3921Schristos return GET_MAX_FRAGMENT_LENGTH(ssl->session); 5848e0ea3921Schristos 5849e0ea3921Schristos /* else limit |split_send_fragment| to current |max_send_fragment| */ 5850e0ea3921Schristos if (ssl->split_send_fragment > ssl->max_send_fragment) 5851e0ea3921Schristos return ssl->max_send_fragment; 5852e0ea3921Schristos 5853e0ea3921Schristos /* return current SSL connection setting */ 5854e0ea3921Schristos return ssl->split_send_fragment; 5855e0ea3921Schristos } 5856e0ea3921Schristos 5857e0ea3921Schristos int SSL_stateless(SSL *s) 5858e0ea3921Schristos { 5859e0ea3921Schristos int ret; 5860e0ea3921Schristos 5861e0ea3921Schristos /* Ensure there is no state left over from a previous invocation */ 5862e0ea3921Schristos if (!SSL_clear(s)) 5863e0ea3921Schristos return 0; 5864e0ea3921Schristos 5865e0ea3921Schristos ERR_clear_error(); 5866e0ea3921Schristos 58678fbed61eSchristos s->s3.flags |= TLS1_FLAGS_STATELESS; 5868e0ea3921Schristos ret = SSL_accept(s); 58698fbed61eSchristos s->s3.flags &= ~TLS1_FLAGS_STATELESS; 5870e0ea3921Schristos 5871e0ea3921Schristos if (ret > 0 && s->ext.cookieok) 5872e0ea3921Schristos return 1; 5873e0ea3921Schristos 5874e0ea3921Schristos if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s)) 5875e0ea3921Schristos return 0; 5876e0ea3921Schristos 5877e0ea3921Schristos return -1; 5878e0ea3921Schristos } 5879e0ea3921Schristos 5880e0ea3921Schristos void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val) 5881e0ea3921Schristos { 5882e0ea3921Schristos ctx->pha_enabled = val; 5883e0ea3921Schristos } 5884e0ea3921Schristos 5885e0ea3921Schristos void SSL_set_post_handshake_auth(SSL *ssl, int val) 5886e0ea3921Schristos { 5887e0ea3921Schristos ssl->pha_enabled = val; 5888e0ea3921Schristos } 5889e0ea3921Schristos 5890e0ea3921Schristos int SSL_verify_client_post_handshake(SSL *ssl) 5891e0ea3921Schristos { 5892e0ea3921Schristos if (!SSL_IS_TLS13(ssl)) { 58938fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION); 5894e0ea3921Schristos return 0; 5895e0ea3921Schristos } 5896e0ea3921Schristos if (!ssl->server) { 58978fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_NOT_SERVER); 5898e0ea3921Schristos return 0; 5899e0ea3921Schristos } 5900e0ea3921Schristos 5901e0ea3921Schristos if (!SSL_is_init_finished(ssl)) { 59028fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT); 5903e0ea3921Schristos return 0; 5904e0ea3921Schristos } 5905e0ea3921Schristos 5906e0ea3921Schristos switch (ssl->post_handshake_auth) { 5907e0ea3921Schristos case SSL_PHA_NONE: 59088fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_EXTENSION_NOT_RECEIVED); 5909e0ea3921Schristos return 0; 5910e0ea3921Schristos default: 5911e0ea3921Schristos case SSL_PHA_EXT_SENT: 59128fbed61eSchristos ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); 5913e0ea3921Schristos return 0; 5914e0ea3921Schristos case SSL_PHA_EXT_RECEIVED: 5915e0ea3921Schristos break; 5916e0ea3921Schristos case SSL_PHA_REQUEST_PENDING: 59178fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_PENDING); 5918e0ea3921Schristos return 0; 5919e0ea3921Schristos case SSL_PHA_REQUESTED: 59208fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_SENT); 5921e0ea3921Schristos return 0; 5922e0ea3921Schristos } 5923e0ea3921Schristos 5924e0ea3921Schristos ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING; 5925e0ea3921Schristos 5926e0ea3921Schristos /* checks verify_mode and algorithm_auth */ 5927e0ea3921Schristos if (!send_certificate_request(ssl)) { 5928e0ea3921Schristos ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */ 59298fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CONFIG); 5930e0ea3921Schristos return 0; 5931e0ea3921Schristos } 5932e0ea3921Schristos 5933e0ea3921Schristos ossl_statem_set_in_init(ssl, 1); 5934e0ea3921Schristos return 1; 5935e0ea3921Schristos } 5936e0ea3921Schristos 5937e0ea3921Schristos int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, 5938e0ea3921Schristos SSL_CTX_generate_session_ticket_fn gen_cb, 5939e0ea3921Schristos SSL_CTX_decrypt_session_ticket_fn dec_cb, 5940e0ea3921Schristos void *arg) 5941e0ea3921Schristos { 5942e0ea3921Schristos ctx->generate_ticket_cb = gen_cb; 5943e0ea3921Schristos ctx->decrypt_ticket_cb = dec_cb; 5944e0ea3921Schristos ctx->ticket_cb_data = arg; 5945e0ea3921Schristos return 1; 5946e0ea3921Schristos } 5947e0ea3921Schristos 5948e0ea3921Schristos void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, 5949e0ea3921Schristos SSL_allow_early_data_cb_fn cb, 5950e0ea3921Schristos void *arg) 5951e0ea3921Schristos { 5952e0ea3921Schristos ctx->allow_early_data_cb = cb; 5953e0ea3921Schristos ctx->allow_early_data_cb_data = arg; 5954e0ea3921Schristos } 5955e0ea3921Schristos 5956e0ea3921Schristos void SSL_set_allow_early_data_cb(SSL *s, 5957e0ea3921Schristos SSL_allow_early_data_cb_fn cb, 5958e0ea3921Schristos void *arg) 5959e0ea3921Schristos { 5960e0ea3921Schristos s->allow_early_data_cb = cb; 5961e0ea3921Schristos s->allow_early_data_cb_data = arg; 5962e0ea3921Schristos } 59638fbed61eSchristos 59648fbed61eSchristos const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx, 59658fbed61eSchristos int nid, 59668fbed61eSchristos const char *properties) 59678fbed61eSchristos { 59688fbed61eSchristos const EVP_CIPHER *ciph; 59698fbed61eSchristos 59708fbed61eSchristos ciph = tls_get_cipher_from_engine(nid); 59718fbed61eSchristos if (ciph != NULL) 59728fbed61eSchristos return ciph; 59738fbed61eSchristos 59748fbed61eSchristos /* 59758fbed61eSchristos * If there is no engine cipher then we do an explicit fetch. This may fail 59768fbed61eSchristos * and that could be ok 59778fbed61eSchristos */ 59788fbed61eSchristos ERR_set_mark(); 59798fbed61eSchristos ciph = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties); 59808fbed61eSchristos ERR_pop_to_mark(); 59818fbed61eSchristos return ciph; 59828fbed61eSchristos } 59838fbed61eSchristos 59848fbed61eSchristos 59858fbed61eSchristos int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher) 59868fbed61eSchristos { 59878fbed61eSchristos /* Don't up-ref an implicit EVP_CIPHER */ 59888fbed61eSchristos if (EVP_CIPHER_get0_provider(cipher) == NULL) 59898fbed61eSchristos return 1; 59908fbed61eSchristos 59918fbed61eSchristos /* 59928fbed61eSchristos * The cipher was explicitly fetched and therefore it is safe to cast 59938fbed61eSchristos * away the const 59948fbed61eSchristos */ 59958fbed61eSchristos return EVP_CIPHER_up_ref((EVP_CIPHER *)cipher); 59968fbed61eSchristos } 59978fbed61eSchristos 59988fbed61eSchristos void ssl_evp_cipher_free(const EVP_CIPHER *cipher) 59998fbed61eSchristos { 60008fbed61eSchristos if (cipher == NULL) 60018fbed61eSchristos return; 60028fbed61eSchristos 60038fbed61eSchristos if (EVP_CIPHER_get0_provider(cipher) != NULL) { 60048fbed61eSchristos /* 60058fbed61eSchristos * The cipher was explicitly fetched and therefore it is safe to cast 60068fbed61eSchristos * away the const 60078fbed61eSchristos */ 60088fbed61eSchristos EVP_CIPHER_free((EVP_CIPHER *)cipher); 60098fbed61eSchristos } 60108fbed61eSchristos } 60118fbed61eSchristos 60128fbed61eSchristos const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx, 60138fbed61eSchristos int nid, 60148fbed61eSchristos const char *properties) 60158fbed61eSchristos { 60168fbed61eSchristos const EVP_MD *md; 60178fbed61eSchristos 60188fbed61eSchristos md = tls_get_digest_from_engine(nid); 60198fbed61eSchristos if (md != NULL) 60208fbed61eSchristos return md; 60218fbed61eSchristos 60228fbed61eSchristos /* Otherwise we do an explicit fetch */ 60238fbed61eSchristos ERR_set_mark(); 60248fbed61eSchristos md = EVP_MD_fetch(libctx, OBJ_nid2sn(nid), properties); 60258fbed61eSchristos ERR_pop_to_mark(); 60268fbed61eSchristos return md; 60278fbed61eSchristos } 60288fbed61eSchristos 60298fbed61eSchristos int ssl_evp_md_up_ref(const EVP_MD *md) 60308fbed61eSchristos { 60318fbed61eSchristos /* Don't up-ref an implicit EVP_MD */ 60328fbed61eSchristos if (EVP_MD_get0_provider(md) == NULL) 60338fbed61eSchristos return 1; 60348fbed61eSchristos 60358fbed61eSchristos /* 60368fbed61eSchristos * The digest was explicitly fetched and therefore it is safe to cast 60378fbed61eSchristos * away the const 60388fbed61eSchristos */ 60398fbed61eSchristos return EVP_MD_up_ref((EVP_MD *)md); 60408fbed61eSchristos } 60418fbed61eSchristos 60428fbed61eSchristos void ssl_evp_md_free(const EVP_MD *md) 60438fbed61eSchristos { 60448fbed61eSchristos if (md == NULL) 60458fbed61eSchristos return; 60468fbed61eSchristos 60478fbed61eSchristos if (EVP_MD_get0_provider(md) != NULL) { 60488fbed61eSchristos /* 60498fbed61eSchristos * The digest was explicitly fetched and therefore it is safe to cast 60508fbed61eSchristos * away the const 60518fbed61eSchristos */ 60528fbed61eSchristos EVP_MD_free((EVP_MD *)md); 60538fbed61eSchristos } 60548fbed61eSchristos } 60558fbed61eSchristos 60568fbed61eSchristos int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey) 60578fbed61eSchristos { 60588fbed61eSchristos if (!ssl_security(s, SSL_SECOP_TMP_DH, 60598fbed61eSchristos EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { 60608fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); 60618fbed61eSchristos return 0; 60628fbed61eSchristos } 60638fbed61eSchristos EVP_PKEY_free(s->cert->dh_tmp); 60648fbed61eSchristos s->cert->dh_tmp = dhpkey; 60658fbed61eSchristos return 1; 60668fbed61eSchristos } 60678fbed61eSchristos 60688fbed61eSchristos int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey) 60698fbed61eSchristos { 60708fbed61eSchristos if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, 60718fbed61eSchristos EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { 60728fbed61eSchristos ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); 60738fbed61eSchristos return 0; 60748fbed61eSchristos } 60758fbed61eSchristos EVP_PKEY_free(ctx->cert->dh_tmp); 60768fbed61eSchristos ctx->cert->dh_tmp = dhpkey; 60778fbed61eSchristos return 1; 60788fbed61eSchristos } 6079