1 /* $OpenBSD: ssl_lib.c,v 1.306 2022/10/02 16:36:41 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * ECC cipher suite support in OpenSSL originally developed by 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115 */ 116 /* ==================================================================== 117 * Copyright 2005 Nokia. All rights reserved. 118 * 119 * The portions of the attached software ("Contribution") is developed by 120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 121 * license. 122 * 123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 125 * support (see RFC 4279) to OpenSSL. 126 * 127 * No patent licenses or other rights except those expressly stated in 128 * the OpenSSL open source license shall be deemed granted or received 129 * expressly, by implication, estoppel, or otherwise. 130 * 131 * No assurances are provided by Nokia that the Contribution does not 132 * infringe the patent or other intellectual property rights of any third 133 * party or that the license provides you with all the necessary rights 134 * to make use of the Contribution. 135 * 136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 140 * OTHERWISE. 141 */ 142 143 #include <arpa/inet.h> 144 #include <sys/socket.h> 145 #include <netinet/in.h> 146 147 #include <limits.h> 148 #include <stdio.h> 149 150 #include <openssl/dh.h> 151 #include <openssl/lhash.h> 152 #include <openssl/objects.h> 153 #include <openssl/ocsp.h> 154 #include <openssl/opensslconf.h> 155 #include <openssl/x509v3.h> 156 157 #ifndef OPENSSL_NO_ENGINE 158 #include <openssl/engine.h> 159 #endif 160 161 #include "bytestring.h" 162 #include "dtls_locl.h" 163 #include "ssl_locl.h" 164 #include "ssl_sigalgs.h" 165 #include "ssl_tlsext.h" 166 167 const char *SSL_version_str = OPENSSL_VERSION_TEXT; 168 169 int 170 SSL_clear(SSL *s) 171 { 172 if (s->method == NULL) { 173 SSLerror(s, SSL_R_NO_METHOD_SPECIFIED); 174 return (0); 175 } 176 177 if (ssl_clear_bad_session(s)) { 178 SSL_SESSION_free(s->session); 179 s->session = NULL; 180 } 181 182 s->error = 0; 183 s->hit = 0; 184 s->shutdown = 0; 185 186 if (s->renegotiate) { 187 SSLerror(s, ERR_R_INTERNAL_ERROR); 188 return (0); 189 } 190 191 s->version = s->method->version; 192 s->client_version = s->version; 193 s->rwstate = SSL_NOTHING; 194 s->rstate = SSL_ST_READ_HEADER; 195 196 tls13_ctx_free(s->tls13); 197 s->tls13 = NULL; 198 199 ssl3_release_init_buffer(s); 200 201 ssl_clear_cipher_state(s); 202 203 s->first_packet = 0; 204 205 /* 206 * Check to see if we were changed into a different method, if 207 * so, revert back if we are not doing session-id reuse. 208 */ 209 if (!s->in_handshake && (s->session == NULL) && 210 (s->method != s->ctx->method)) { 211 s->method->ssl_free(s); 212 s->method = s->ctx->method; 213 if (!s->method->ssl_new(s)) 214 return (0); 215 } else 216 s->method->ssl_clear(s); 217 218 return (1); 219 } 220 221 /* Used to change an SSL_CTXs default SSL method type */ 222 int 223 SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) 224 { 225 STACK_OF(SSL_CIPHER) *ciphers; 226 227 ctx->method = meth; 228 229 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 230 ctx->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST, 231 ctx->cert); 232 if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) { 233 SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 234 return (0); 235 } 236 return (1); 237 } 238 239 SSL * 240 SSL_new(SSL_CTX *ctx) 241 { 242 SSL *s; 243 CBS cbs; 244 245 if (ctx == NULL) { 246 SSLerrorx(SSL_R_NULL_SSL_CTX); 247 return (NULL); 248 } 249 if (ctx->method == NULL) { 250 SSLerrorx(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 251 return (NULL); 252 } 253 254 if ((s = calloc(1, sizeof(*s))) == NULL) 255 goto err; 256 257 if ((s->rl = tls12_record_layer_new()) == NULL) 258 goto err; 259 260 s->min_tls_version = ctx->min_tls_version; 261 s->max_tls_version = ctx->max_tls_version; 262 s->min_proto_version = ctx->min_proto_version; 263 s->max_proto_version = ctx->max_proto_version; 264 265 s->options = ctx->options; 266 s->mode = ctx->mode; 267 s->max_cert_list = ctx->max_cert_list; 268 s->num_tickets = ctx->num_tickets; 269 270 if ((s->cert = ssl_cert_dup(ctx->cert)) == NULL) 271 goto err; 272 273 s->read_ahead = ctx->read_ahead; 274 s->msg_callback = ctx->msg_callback; 275 s->msg_callback_arg = ctx->msg_callback_arg; 276 s->verify_mode = ctx->verify_mode; 277 s->sid_ctx_length = ctx->sid_ctx_length; 278 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); 279 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); 280 s->verify_callback = ctx->default_verify_callback; 281 s->generate_session_id = ctx->generate_session_id; 282 283 s->param = X509_VERIFY_PARAM_new(); 284 if (!s->param) 285 goto err; 286 X509_VERIFY_PARAM_inherit(s->param, ctx->param); 287 s->quiet_shutdown = ctx->quiet_shutdown; 288 s->max_send_fragment = ctx->max_send_fragment; 289 290 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 291 s->ctx = ctx; 292 s->tlsext_debug_cb = 0; 293 s->tlsext_debug_arg = NULL; 294 s->tlsext_ticket_expected = 0; 295 s->tlsext_status_type = -1; 296 s->tlsext_status_expected = 0; 297 s->tlsext_ocsp_ids = NULL; 298 s->tlsext_ocsp_exts = NULL; 299 s->tlsext_ocsp_resp = NULL; 300 s->tlsext_ocsp_resp_len = 0; 301 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 302 s->initial_ctx = ctx; 303 304 if (ctx->tlsext_ecpointformatlist != NULL) { 305 s->tlsext_ecpointformatlist = 306 calloc(ctx->tlsext_ecpointformatlist_length, 307 sizeof(ctx->tlsext_ecpointformatlist[0])); 308 if (s->tlsext_ecpointformatlist == NULL) 309 goto err; 310 memcpy(s->tlsext_ecpointformatlist, 311 ctx->tlsext_ecpointformatlist, 312 ctx->tlsext_ecpointformatlist_length * 313 sizeof(ctx->tlsext_ecpointformatlist[0])); 314 s->tlsext_ecpointformatlist_length = 315 ctx->tlsext_ecpointformatlist_length; 316 } 317 if (ctx->tlsext_supportedgroups != NULL) { 318 s->tlsext_supportedgroups = 319 calloc(ctx->tlsext_supportedgroups_length, 320 sizeof(ctx->tlsext_supportedgroups[0])); 321 if (s->tlsext_supportedgroups == NULL) 322 goto err; 323 memcpy(s->tlsext_supportedgroups, 324 ctx->tlsext_supportedgroups, 325 ctx->tlsext_supportedgroups_length * 326 sizeof(ctx->tlsext_supportedgroups[0])); 327 s->tlsext_supportedgroups_length = 328 ctx->tlsext_supportedgroups_length; 329 } 330 331 CBS_init(&cbs, ctx->alpn_client_proto_list, 332 ctx->alpn_client_proto_list_len); 333 if (!CBS_stow(&cbs, &s->alpn_client_proto_list, 334 &s->alpn_client_proto_list_len)) 335 goto err; 336 337 s->verify_result = X509_V_OK; 338 339 s->method = ctx->method; 340 s->quic_method = ctx->quic_method; 341 342 if (!s->method->ssl_new(s)) 343 goto err; 344 345 s->references = 1; 346 s->server = ctx->method->server; 347 348 SSL_clear(s); 349 350 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 351 352 return (s); 353 354 err: 355 SSL_free(s); 356 SSLerrorx(ERR_R_MALLOC_FAILURE); 357 return (NULL); 358 } 359 360 int 361 SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, 362 unsigned int sid_ctx_len) 363 { 364 if (sid_ctx_len > sizeof ctx->sid_ctx) { 365 SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 366 return (0); 367 } 368 ctx->sid_ctx_length = sid_ctx_len; 369 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); 370 371 return (1); 372 } 373 374 int 375 SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, 376 unsigned int sid_ctx_len) 377 { 378 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 379 SSLerror(ssl, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 380 return (0); 381 } 382 ssl->sid_ctx_length = sid_ctx_len; 383 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); 384 385 return (1); 386 } 387 388 int 389 SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) 390 { 391 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 392 ctx->generate_session_id = cb; 393 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 394 return (1); 395 } 396 397 int 398 SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) 399 { 400 CRYPTO_w_lock(CRYPTO_LOCK_SSL); 401 ssl->generate_session_id = cb; 402 CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 403 return (1); 404 } 405 406 int 407 SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 408 unsigned int id_len) 409 { 410 /* 411 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp 412 * shows how we can "construct" a session to give us the desired 413 * check - ie. to find if there's a session in the hash table 414 * that would conflict with any new session built out of this 415 * id/id_len and the ssl_version in use by this SSL. 416 */ 417 SSL_SESSION r, *p; 418 419 if (id_len > sizeof r.session_id) 420 return (0); 421 422 r.ssl_version = ssl->version; 423 r.session_id_length = id_len; 424 memcpy(r.session_id, id, id_len); 425 426 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 427 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); 428 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 429 return (p != NULL); 430 } 431 432 int 433 SSL_CTX_set_purpose(SSL_CTX *s, int purpose) 434 { 435 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); 436 } 437 438 int 439 SSL_set_purpose(SSL *s, int purpose) 440 { 441 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); 442 } 443 444 int 445 SSL_CTX_set_trust(SSL_CTX *s, int trust) 446 { 447 return (X509_VERIFY_PARAM_set_trust(s->param, trust)); 448 } 449 450 int 451 SSL_set_trust(SSL *s, int trust) 452 { 453 return (X509_VERIFY_PARAM_set_trust(s->param, trust)); 454 } 455 456 int 457 SSL_set1_host(SSL *s, const char *hostname) 458 { 459 struct in_addr ina; 460 struct in6_addr in6a; 461 462 if (hostname != NULL && *hostname != '\0' && 463 (inet_pton(AF_INET, hostname, &ina) == 1 || 464 inet_pton(AF_INET6, hostname, &in6a) == 1)) 465 return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname); 466 else 467 return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); 468 } 469 470 void 471 SSL_set_hostflags(SSL *s, unsigned int flags) 472 { 473 X509_VERIFY_PARAM_set_hostflags(s->param, flags); 474 } 475 476 const char * 477 SSL_get0_peername(SSL *s) 478 { 479 return X509_VERIFY_PARAM_get0_peername(s->param); 480 } 481 482 X509_VERIFY_PARAM * 483 SSL_CTX_get0_param(SSL_CTX *ctx) 484 { 485 return (ctx->param); 486 } 487 488 int 489 SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) 490 { 491 return (X509_VERIFY_PARAM_set1(ctx->param, vpm)); 492 } 493 494 X509_VERIFY_PARAM * 495 SSL_get0_param(SSL *ssl) 496 { 497 return (ssl->param); 498 } 499 500 int 501 SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) 502 { 503 return (X509_VERIFY_PARAM_set1(ssl->param, vpm)); 504 } 505 506 void 507 SSL_free(SSL *s) 508 { 509 int i; 510 511 if (s == NULL) 512 return; 513 514 i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); 515 if (i > 0) 516 return; 517 518 X509_VERIFY_PARAM_free(s->param); 519 520 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 521 522 if (s->bbio != NULL) { 523 /* If the buffering BIO is in place, pop it off */ 524 if (s->bbio == s->wbio) { 525 s->wbio = BIO_pop(s->wbio); 526 } 527 BIO_free(s->bbio); 528 s->bbio = NULL; 529 } 530 531 if (s->rbio != s->wbio) 532 BIO_free_all(s->rbio); 533 BIO_free_all(s->wbio); 534 535 tls13_ctx_free(s->tls13); 536 537 ssl3_release_init_buffer(s); 538 539 sk_SSL_CIPHER_free(s->cipher_list); 540 sk_SSL_CIPHER_free(s->cipher_list_tls13); 541 542 /* Make the next call work :-) */ 543 if (s->session != NULL) { 544 ssl_clear_bad_session(s); 545 SSL_SESSION_free(s->session); 546 } 547 548 ssl_clear_cipher_state(s); 549 550 ssl_cert_free(s->cert); 551 552 free(s->tlsext_hostname); 553 SSL_CTX_free(s->initial_ctx); 554 555 free(s->tlsext_ecpointformatlist); 556 free(s->tlsext_supportedgroups); 557 558 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 559 X509_EXTENSION_free); 560 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 561 free(s->tlsext_ocsp_resp); 562 563 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); 564 565 if (s->method != NULL) 566 s->method->ssl_free(s); 567 568 SSL_CTX_free(s->ctx); 569 570 free(s->alpn_client_proto_list); 571 572 free(s->quic_transport_params); 573 574 #ifndef OPENSSL_NO_SRTP 575 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); 576 #endif 577 578 tls12_record_layer_free(s->rl); 579 580 free(s); 581 } 582 583 int 584 SSL_up_ref(SSL *s) 585 { 586 int refs = CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL); 587 return (refs > 1) ? 1 : 0; 588 } 589 590 void 591 SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) 592 { 593 /* If the output buffering BIO is still in place, remove it */ 594 if (s->bbio != NULL) { 595 if (s->wbio == s->bbio) { 596 s->wbio = BIO_next(s->wbio); 597 BIO_set_next(s->bbio, NULL); 598 } 599 } 600 601 if (s->rbio != rbio && s->rbio != s->wbio) 602 BIO_free_all(s->rbio); 603 if (s->wbio != wbio) 604 BIO_free_all(s->wbio); 605 s->rbio = rbio; 606 s->wbio = wbio; 607 } 608 609 BIO * 610 SSL_get_rbio(const SSL *s) 611 { 612 return (s->rbio); 613 } 614 615 void 616 SSL_set0_rbio(SSL *s, BIO *rbio) 617 { 618 BIO_free_all(s->rbio); 619 s->rbio = rbio; 620 } 621 622 BIO * 623 SSL_get_wbio(const SSL *s) 624 { 625 return (s->wbio); 626 } 627 628 int 629 SSL_get_fd(const SSL *s) 630 { 631 return (SSL_get_rfd(s)); 632 } 633 634 int 635 SSL_get_rfd(const SSL *s) 636 { 637 int ret = -1; 638 BIO *b, *r; 639 640 b = SSL_get_rbio(s); 641 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 642 if (r != NULL) 643 BIO_get_fd(r, &ret); 644 return (ret); 645 } 646 647 int 648 SSL_get_wfd(const SSL *s) 649 { 650 int ret = -1; 651 BIO *b, *r; 652 653 b = SSL_get_wbio(s); 654 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 655 if (r != NULL) 656 BIO_get_fd(r, &ret); 657 return (ret); 658 } 659 660 int 661 SSL_set_fd(SSL *s, int fd) 662 { 663 int ret = 0; 664 BIO *bio = NULL; 665 666 bio = BIO_new(BIO_s_socket()); 667 668 if (bio == NULL) { 669 SSLerror(s, ERR_R_BUF_LIB); 670 goto err; 671 } 672 BIO_set_fd(bio, fd, BIO_NOCLOSE); 673 SSL_set_bio(s, bio, bio); 674 ret = 1; 675 err: 676 return (ret); 677 } 678 679 int 680 SSL_set_wfd(SSL *s, int fd) 681 { 682 int ret = 0; 683 BIO *bio = NULL; 684 685 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) 686 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { 687 bio = BIO_new(BIO_s_socket()); 688 689 if (bio == NULL) { 690 SSLerror(s, ERR_R_BUF_LIB); 691 goto err; 692 } 693 BIO_set_fd(bio, fd, BIO_NOCLOSE); 694 SSL_set_bio(s, SSL_get_rbio(s), bio); 695 } else 696 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); 697 ret = 1; 698 err: 699 return (ret); 700 } 701 702 int 703 SSL_set_rfd(SSL *s, int fd) 704 { 705 int ret = 0; 706 BIO *bio = NULL; 707 708 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) 709 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { 710 bio = BIO_new(BIO_s_socket()); 711 712 if (bio == NULL) { 713 SSLerror(s, ERR_R_BUF_LIB); 714 goto err; 715 } 716 BIO_set_fd(bio, fd, BIO_NOCLOSE); 717 SSL_set_bio(s, bio, SSL_get_wbio(s)); 718 } else 719 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); 720 ret = 1; 721 err: 722 return (ret); 723 } 724 725 726 /* return length of latest Finished message we sent, copy to 'buf' */ 727 size_t 728 SSL_get_finished(const SSL *s, void *buf, size_t count) 729 { 730 size_t ret; 731 732 ret = s->s3->hs.finished_len; 733 if (count > ret) 734 count = ret; 735 memcpy(buf, s->s3->hs.finished, count); 736 return (ret); 737 } 738 739 /* return length of latest Finished message we expected, copy to 'buf' */ 740 size_t 741 SSL_get_peer_finished(const SSL *s, void *buf, size_t count) 742 { 743 size_t ret; 744 745 ret = s->s3->hs.peer_finished_len; 746 if (count > ret) 747 count = ret; 748 memcpy(buf, s->s3->hs.peer_finished, count); 749 return (ret); 750 } 751 752 753 int 754 SSL_get_verify_mode(const SSL *s) 755 { 756 return (s->verify_mode); 757 } 758 759 int 760 SSL_get_verify_depth(const SSL *s) 761 { 762 return (X509_VERIFY_PARAM_get_depth(s->param)); 763 } 764 765 int 766 (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) 767 { 768 return (s->verify_callback); 769 } 770 771 void 772 SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) 773 { 774 ctx->keylog_callback = cb; 775 } 776 777 SSL_CTX_keylog_cb_func 778 SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) 779 { 780 return (ctx->keylog_callback); 781 } 782 783 int 784 SSL_set_num_tickets(SSL *s, size_t num_tickets) 785 { 786 s->num_tickets = num_tickets; 787 788 return 1; 789 } 790 791 size_t 792 SSL_get_num_tickets(const SSL *s) 793 { 794 return s->num_tickets; 795 } 796 797 int 798 SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) 799 { 800 ctx->num_tickets = num_tickets; 801 802 return 1; 803 } 804 805 size_t 806 SSL_CTX_get_num_tickets(const SSL_CTX *ctx) 807 { 808 return ctx->num_tickets; 809 } 810 811 int 812 SSL_CTX_get_verify_mode(const SSL_CTX *ctx) 813 { 814 return (ctx->verify_mode); 815 } 816 817 int 818 SSL_CTX_get_verify_depth(const SSL_CTX *ctx) 819 { 820 return (X509_VERIFY_PARAM_get_depth(ctx->param)); 821 } 822 823 int 824 (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) 825 { 826 return (ctx->default_verify_callback); 827 } 828 829 void 830 SSL_set_verify(SSL *s, int mode, 831 int (*callback)(int ok, X509_STORE_CTX *ctx)) 832 { 833 s->verify_mode = mode; 834 if (callback != NULL) 835 s->verify_callback = callback; 836 } 837 838 void 839 SSL_set_verify_depth(SSL *s, int depth) 840 { 841 X509_VERIFY_PARAM_set_depth(s->param, depth); 842 } 843 844 void 845 SSL_set_read_ahead(SSL *s, int yes) 846 { 847 s->read_ahead = yes; 848 } 849 850 int 851 SSL_get_read_ahead(const SSL *s) 852 { 853 return (s->read_ahead); 854 } 855 856 int 857 SSL_pending(const SSL *s) 858 { 859 return (s->method->ssl_pending(s)); 860 } 861 862 X509 * 863 SSL_get_peer_certificate(const SSL *s) 864 { 865 X509 *cert; 866 867 if (s == NULL || s->session == NULL) 868 return NULL; 869 870 if ((cert = s->session->peer_cert) == NULL) 871 return NULL; 872 873 X509_up_ref(cert); 874 875 return cert; 876 } 877 878 STACK_OF(X509) * 879 SSL_get_peer_cert_chain(const SSL *s) 880 { 881 if (s == NULL) 882 return NULL; 883 884 /* 885 * Achtung! Due to API inconsistency, a client includes the peer's leaf 886 * certificate in the peer certificate chain, while a server does not. 887 */ 888 if (!s->server) 889 return s->s3->hs.peer_certs; 890 891 return s->s3->hs.peer_certs_no_leaf; 892 } 893 894 STACK_OF(X509) * 895 SSL_get0_verified_chain(const SSL *s) 896 { 897 return s->verified_chain; 898 } 899 900 /* 901 * Now in theory, since the calling process own 't' it should be safe to 902 * modify. We need to be able to read f without being hassled 903 */ 904 int 905 SSL_copy_session_id(SSL *t, const SSL *f) 906 { 907 SSL_CERT *tmp; 908 909 /* Do we need to do SSL locking? */ 910 if (!SSL_set_session(t, SSL_get_session(f))) 911 return 0; 912 913 /* What if we are set up for one protocol but want to talk another? */ 914 if (t->method != f->method) { 915 t->method->ssl_free(t); 916 t->method = f->method; 917 if (!t->method->ssl_new(t)) 918 return 0; 919 } 920 921 tmp = t->cert; 922 if (f->cert != NULL) { 923 CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); 924 t->cert = f->cert; 925 } else 926 t->cert = NULL; 927 ssl_cert_free(tmp); 928 929 if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) 930 return 0; 931 932 return 1; 933 } 934 935 /* Fix this so it checks all the valid key/cert options */ 936 int 937 SSL_CTX_check_private_key(const SSL_CTX *ctx) 938 { 939 if ((ctx == NULL) || (ctx->cert == NULL) || 940 (ctx->cert->key->x509 == NULL)) { 941 SSLerrorx(SSL_R_NO_CERTIFICATE_ASSIGNED); 942 return (0); 943 } 944 if (ctx->cert->key->privatekey == NULL) { 945 SSLerrorx(SSL_R_NO_PRIVATE_KEY_ASSIGNED); 946 return (0); 947 } 948 return (X509_check_private_key(ctx->cert->key->x509, 949 ctx->cert->key->privatekey)); 950 } 951 952 /* Fix this function so that it takes an optional type parameter */ 953 int 954 SSL_check_private_key(const SSL *ssl) 955 { 956 if (ssl == NULL) { 957 SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); 958 return (0); 959 } 960 if (ssl->cert == NULL) { 961 SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED); 962 return (0); 963 } 964 if (ssl->cert->key->x509 == NULL) { 965 SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED); 966 return (0); 967 } 968 if (ssl->cert->key->privatekey == NULL) { 969 SSLerror(ssl, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 970 return (0); 971 } 972 return (X509_check_private_key(ssl->cert->key->x509, 973 ssl->cert->key->privatekey)); 974 } 975 976 int 977 SSL_accept(SSL *s) 978 { 979 if (s->handshake_func == NULL) 980 SSL_set_accept_state(s); /* Not properly initialized yet */ 981 982 return (s->method->ssl_accept(s)); 983 } 984 985 int 986 SSL_connect(SSL *s) 987 { 988 if (s->handshake_func == NULL) 989 SSL_set_connect_state(s); /* Not properly initialized yet */ 990 991 return (s->method->ssl_connect(s)); 992 } 993 994 int 995 SSL_is_dtls(const SSL *s) 996 { 997 return s->method->dtls; 998 } 999 1000 int 1001 SSL_is_server(const SSL *s) 1002 { 1003 return s->server; 1004 } 1005 1006 static long 1007 ssl_get_default_timeout() 1008 { 1009 /* 1010 * 2 hours, the 24 hours mentioned in the TLSv1 spec 1011 * is way too long for http, the cache would over fill. 1012 */ 1013 return (2 * 60 * 60); 1014 } 1015 1016 long 1017 SSL_get_default_timeout(const SSL *s) 1018 { 1019 return (ssl_get_default_timeout()); 1020 } 1021 1022 int 1023 SSL_read(SSL *s, void *buf, int num) 1024 { 1025 if (num < 0) { 1026 SSLerror(s, SSL_R_BAD_LENGTH); 1027 return -1; 1028 } 1029 1030 if (SSL_is_quic(s)) { 1031 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1032 return (-1); 1033 } 1034 1035 if (s->handshake_func == NULL) { 1036 SSLerror(s, SSL_R_UNINITIALIZED); 1037 return (-1); 1038 } 1039 1040 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1041 s->rwstate = SSL_NOTHING; 1042 return (0); 1043 } 1044 return ssl3_read(s, buf, num); 1045 } 1046 1047 int 1048 SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read) 1049 { 1050 int ret; 1051 1052 /* We simply don't bother supporting enormous reads */ 1053 if (num > INT_MAX) { 1054 SSLerror(s, SSL_R_BAD_LENGTH); 1055 return 0; 1056 } 1057 1058 ret = SSL_read(s, buf, (int)num); 1059 if (ret < 0) 1060 ret = 0; 1061 *bytes_read = ret; 1062 1063 return ret > 0; 1064 } 1065 1066 int 1067 SSL_peek(SSL *s, void *buf, int num) 1068 { 1069 if (num < 0) { 1070 SSLerror(s, SSL_R_BAD_LENGTH); 1071 return -1; 1072 } 1073 1074 if (SSL_is_quic(s)) { 1075 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1076 return (-1); 1077 } 1078 1079 if (s->handshake_func == NULL) { 1080 SSLerror(s, SSL_R_UNINITIALIZED); 1081 return (-1); 1082 } 1083 1084 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1085 return (0); 1086 } 1087 return ssl3_peek(s, buf, num); 1088 } 1089 1090 int 1091 SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked) 1092 { 1093 int ret; 1094 1095 /* We simply don't bother supporting enormous peeks */ 1096 if (num > INT_MAX) { 1097 SSLerror(s, SSL_R_BAD_LENGTH); 1098 return 0; 1099 } 1100 1101 ret = SSL_peek(s, buf, (int)num); 1102 if (ret < 0) 1103 ret = 0; 1104 *bytes_peeked = ret; 1105 1106 return ret > 0; 1107 } 1108 1109 int 1110 SSL_write(SSL *s, const void *buf, int num) 1111 { 1112 if (num < 0) { 1113 SSLerror(s, SSL_R_BAD_LENGTH); 1114 return -1; 1115 } 1116 1117 if (SSL_is_quic(s)) { 1118 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1119 return (-1); 1120 } 1121 1122 if (s->handshake_func == NULL) { 1123 SSLerror(s, SSL_R_UNINITIALIZED); 1124 return (-1); 1125 } 1126 1127 if (s->shutdown & SSL_SENT_SHUTDOWN) { 1128 s->rwstate = SSL_NOTHING; 1129 SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN); 1130 return (-1); 1131 } 1132 return ssl3_write(s, buf, num); 1133 } 1134 1135 int 1136 SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written) 1137 { 1138 int ret; 1139 1140 /* We simply don't bother supporting enormous writes */ 1141 if (num > INT_MAX) { 1142 SSLerror(s, SSL_R_BAD_LENGTH); 1143 return 0; 1144 } 1145 1146 if (num == 0) { 1147 /* This API is special */ 1148 bytes_written = 0; 1149 return 1; 1150 } 1151 1152 ret = SSL_write(s, buf, (int)num); 1153 if (ret < 0) 1154 ret = 0; 1155 *bytes_written = ret; 1156 1157 return ret > 0; 1158 } 1159 1160 uint32_t 1161 SSL_CTX_get_max_early_data(const SSL_CTX *ctx) 1162 { 1163 return 0; 1164 } 1165 1166 int 1167 SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data) 1168 { 1169 return 1; 1170 } 1171 1172 uint32_t 1173 SSL_get_max_early_data(const SSL *s) 1174 { 1175 return 0; 1176 } 1177 1178 int 1179 SSL_set_max_early_data(SSL *s, uint32_t max_early_data) 1180 { 1181 return 1; 1182 } 1183 1184 int 1185 SSL_get_early_data_status(const SSL *s) 1186 { 1187 return SSL_EARLY_DATA_REJECTED; 1188 } 1189 1190 int 1191 SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) 1192 { 1193 *readbytes = 0; 1194 1195 if (!s->server) { 1196 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1197 return SSL_READ_EARLY_DATA_ERROR; 1198 } 1199 1200 return SSL_READ_EARLY_DATA_FINISH; 1201 } 1202 1203 int 1204 SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) 1205 { 1206 *written = 0; 1207 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1208 return 0; 1209 } 1210 1211 int 1212 SSL_shutdown(SSL *s) 1213 { 1214 /* 1215 * Note that this function behaves differently from what one might 1216 * expect. Return values are 0 for no success (yet), 1217 * 1 for success; but calling it once is usually not enough, 1218 * even if blocking I/O is used (see ssl3_shutdown). 1219 */ 1220 1221 if (s->handshake_func == NULL) { 1222 SSLerror(s, SSL_R_UNINITIALIZED); 1223 return (-1); 1224 } 1225 1226 if (s != NULL && !SSL_in_init(s)) 1227 return (s->method->ssl_shutdown(s)); 1228 1229 return (1); 1230 } 1231 1232 int 1233 SSL_renegotiate(SSL *s) 1234 { 1235 if (s->renegotiate == 0) 1236 s->renegotiate = 1; 1237 1238 s->new_session = 1; 1239 1240 return (s->method->ssl_renegotiate(s)); 1241 } 1242 1243 int 1244 SSL_renegotiate_abbreviated(SSL *s) 1245 { 1246 if (s->renegotiate == 0) 1247 s->renegotiate = 1; 1248 1249 s->new_session = 0; 1250 1251 return (s->method->ssl_renegotiate(s)); 1252 } 1253 1254 int 1255 SSL_renegotiate_pending(SSL *s) 1256 { 1257 /* 1258 * Becomes true when negotiation is requested; 1259 * false again once a handshake has finished. 1260 */ 1261 return (s->renegotiate != 0); 1262 } 1263 1264 long 1265 SSL_ctrl(SSL *s, int cmd, long larg, void *parg) 1266 { 1267 long l; 1268 1269 switch (cmd) { 1270 case SSL_CTRL_GET_READ_AHEAD: 1271 return (s->read_ahead); 1272 case SSL_CTRL_SET_READ_AHEAD: 1273 l = s->read_ahead; 1274 s->read_ahead = larg; 1275 return (l); 1276 1277 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1278 s->msg_callback_arg = parg; 1279 return (1); 1280 1281 case SSL_CTRL_OPTIONS: 1282 return (s->options|=larg); 1283 case SSL_CTRL_CLEAR_OPTIONS: 1284 return (s->options&=~larg); 1285 case SSL_CTRL_MODE: 1286 return (s->mode|=larg); 1287 case SSL_CTRL_CLEAR_MODE: 1288 return (s->mode &=~larg); 1289 case SSL_CTRL_GET_MAX_CERT_LIST: 1290 return (s->max_cert_list); 1291 case SSL_CTRL_SET_MAX_CERT_LIST: 1292 l = s->max_cert_list; 1293 s->max_cert_list = larg; 1294 return (l); 1295 case SSL_CTRL_SET_MTU: 1296 #ifndef OPENSSL_NO_DTLS1 1297 if (larg < (long)dtls1_min_mtu()) 1298 return (0); 1299 #endif 1300 if (SSL_is_dtls(s)) { 1301 s->d1->mtu = larg; 1302 return (larg); 1303 } 1304 return (0); 1305 case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1306 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1307 return (0); 1308 s->max_send_fragment = larg; 1309 return (1); 1310 case SSL_CTRL_GET_RI_SUPPORT: 1311 if (s->s3) 1312 return (s->s3->send_connection_binding); 1313 else return (0); 1314 default: 1315 if (SSL_is_dtls(s)) 1316 return dtls1_ctrl(s, cmd, larg, parg); 1317 return ssl3_ctrl(s, cmd, larg, parg); 1318 } 1319 } 1320 1321 long 1322 SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 1323 { 1324 switch (cmd) { 1325 case SSL_CTRL_SET_MSG_CALLBACK: 1326 s->msg_callback = (ssl_msg_callback_fn *)(fp); 1327 return (1); 1328 1329 default: 1330 return (ssl3_callback_ctrl(s, cmd, fp)); 1331 } 1332 } 1333 1334 struct lhash_st_SSL_SESSION * 1335 SSL_CTX_sessions(SSL_CTX *ctx) 1336 { 1337 return (ctx->sessions); 1338 } 1339 1340 long 1341 SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 1342 { 1343 long l; 1344 1345 switch (cmd) { 1346 case SSL_CTRL_GET_READ_AHEAD: 1347 return (ctx->read_ahead); 1348 case SSL_CTRL_SET_READ_AHEAD: 1349 l = ctx->read_ahead; 1350 ctx->read_ahead = larg; 1351 return (l); 1352 1353 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1354 ctx->msg_callback_arg = parg; 1355 return (1); 1356 1357 case SSL_CTRL_GET_MAX_CERT_LIST: 1358 return (ctx->max_cert_list); 1359 case SSL_CTRL_SET_MAX_CERT_LIST: 1360 l = ctx->max_cert_list; 1361 ctx->max_cert_list = larg; 1362 return (l); 1363 1364 case SSL_CTRL_SET_SESS_CACHE_SIZE: 1365 l = ctx->session_cache_size; 1366 ctx->session_cache_size = larg; 1367 return (l); 1368 case SSL_CTRL_GET_SESS_CACHE_SIZE: 1369 return (ctx->session_cache_size); 1370 case SSL_CTRL_SET_SESS_CACHE_MODE: 1371 l = ctx->session_cache_mode; 1372 ctx->session_cache_mode = larg; 1373 return (l); 1374 case SSL_CTRL_GET_SESS_CACHE_MODE: 1375 return (ctx->session_cache_mode); 1376 1377 case SSL_CTRL_SESS_NUMBER: 1378 return (lh_SSL_SESSION_num_items(ctx->sessions)); 1379 case SSL_CTRL_SESS_CONNECT: 1380 return (ctx->stats.sess_connect); 1381 case SSL_CTRL_SESS_CONNECT_GOOD: 1382 return (ctx->stats.sess_connect_good); 1383 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: 1384 return (ctx->stats.sess_connect_renegotiate); 1385 case SSL_CTRL_SESS_ACCEPT: 1386 return (ctx->stats.sess_accept); 1387 case SSL_CTRL_SESS_ACCEPT_GOOD: 1388 return (ctx->stats.sess_accept_good); 1389 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: 1390 return (ctx->stats.sess_accept_renegotiate); 1391 case SSL_CTRL_SESS_HIT: 1392 return (ctx->stats.sess_hit); 1393 case SSL_CTRL_SESS_CB_HIT: 1394 return (ctx->stats.sess_cb_hit); 1395 case SSL_CTRL_SESS_MISSES: 1396 return (ctx->stats.sess_miss); 1397 case SSL_CTRL_SESS_TIMEOUTS: 1398 return (ctx->stats.sess_timeout); 1399 case SSL_CTRL_SESS_CACHE_FULL: 1400 return (ctx->stats.sess_cache_full); 1401 case SSL_CTRL_OPTIONS: 1402 return (ctx->options|=larg); 1403 case SSL_CTRL_CLEAR_OPTIONS: 1404 return (ctx->options&=~larg); 1405 case SSL_CTRL_MODE: 1406 return (ctx->mode|=larg); 1407 case SSL_CTRL_CLEAR_MODE: 1408 return (ctx->mode&=~larg); 1409 case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1410 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1411 return (0); 1412 ctx->max_send_fragment = larg; 1413 return (1); 1414 default: 1415 return (ssl3_ctx_ctrl(ctx, cmd, larg, parg)); 1416 } 1417 } 1418 1419 long 1420 SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 1421 { 1422 switch (cmd) { 1423 case SSL_CTRL_SET_MSG_CALLBACK: 1424 ctx->msg_callback = (ssl_msg_callback_fn *)fp; 1425 return (1); 1426 1427 default: 1428 return (ssl3_ctx_callback_ctrl(ctx, cmd, fp)); 1429 } 1430 } 1431 1432 int 1433 ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) 1434 { 1435 long l; 1436 1437 l = a->id - b->id; 1438 if (l == 0L) 1439 return (0); 1440 else 1441 return ((l > 0) ? 1:-1); 1442 } 1443 1444 STACK_OF(SSL_CIPHER) * 1445 SSL_get_ciphers(const SSL *s) 1446 { 1447 if (s == NULL) 1448 return (NULL); 1449 if (s->cipher_list != NULL) 1450 return (s->cipher_list); 1451 1452 return (s->ctx->cipher_list); 1453 } 1454 1455 STACK_OF(SSL_CIPHER) * 1456 SSL_get_client_ciphers(const SSL *s) 1457 { 1458 if (s == NULL || s->session == NULL || !s->server) 1459 return NULL; 1460 return s->session->ciphers; 1461 } 1462 1463 STACK_OF(SSL_CIPHER) * 1464 SSL_get1_supported_ciphers(SSL *s) 1465 { 1466 STACK_OF(SSL_CIPHER) *supported_ciphers = NULL, *ciphers; 1467 SSL_CIPHER *cipher; 1468 uint16_t min_vers, max_vers; 1469 int i; 1470 1471 if (s == NULL) 1472 return NULL; 1473 if (!ssl_supported_tls_version_range(s, &min_vers, &max_vers)) 1474 return NULL; 1475 if ((ciphers = SSL_get_ciphers(s)) == NULL) 1476 return NULL; 1477 if ((supported_ciphers = sk_SSL_CIPHER_new_null()) == NULL) 1478 return NULL; 1479 1480 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 1481 if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) 1482 goto err; 1483 if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers, 1484 max_vers)) 1485 continue; 1486 if (!ssl_security_supported_cipher(s, cipher)) 1487 continue; 1488 if (!sk_SSL_CIPHER_push(supported_ciphers, cipher)) 1489 goto err; 1490 } 1491 1492 if (sk_SSL_CIPHER_num(supported_ciphers) > 0) 1493 return supported_ciphers; 1494 1495 err: 1496 sk_SSL_CIPHER_free(supported_ciphers); 1497 return NULL; 1498 } 1499 1500 /* See if we have any ECC cipher suites. */ 1501 int 1502 ssl_has_ecc_ciphers(SSL *s) 1503 { 1504 STACK_OF(SSL_CIPHER) *ciphers; 1505 unsigned long alg_k, alg_a; 1506 SSL_CIPHER *cipher; 1507 int i; 1508 1509 if ((ciphers = SSL_get_ciphers(s)) == NULL) 1510 return 0; 1511 1512 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 1513 cipher = sk_SSL_CIPHER_value(ciphers, i); 1514 1515 alg_k = cipher->algorithm_mkey; 1516 alg_a = cipher->algorithm_auth; 1517 1518 if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) 1519 return 1; 1520 } 1521 1522 return 0; 1523 } 1524 1525 /* The old interface to get the same thing as SSL_get_ciphers(). */ 1526 const char * 1527 SSL_get_cipher_list(const SSL *s, int n) 1528 { 1529 STACK_OF(SSL_CIPHER) *ciphers; 1530 const SSL_CIPHER *cipher; 1531 1532 if ((ciphers = SSL_get_ciphers(s)) == NULL) 1533 return (NULL); 1534 if ((cipher = sk_SSL_CIPHER_value(ciphers, n)) == NULL) 1535 return (NULL); 1536 1537 return (cipher->name); 1538 } 1539 1540 STACK_OF(SSL_CIPHER) * 1541 SSL_CTX_get_ciphers(const SSL_CTX *ctx) 1542 { 1543 if (ctx == NULL) 1544 return NULL; 1545 return ctx->cipher_list; 1546 } 1547 1548 /* Specify the ciphers to be used by default by the SSL_CTX. */ 1549 int 1550 SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) 1551 { 1552 STACK_OF(SSL_CIPHER) *ciphers; 1553 1554 /* 1555 * ssl_create_cipher_list may return an empty stack if it was unable to 1556 * find a cipher matching the given rule string (for example if the 1557 * rule string specifies a cipher which has been disabled). This is not 1558 * an error as far as ssl_create_cipher_list is concerned, and hence 1559 * ctx->cipher_list has been updated. 1560 */ 1561 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 1562 ctx->cipher_list_tls13, str, ctx->cert); 1563 if (ciphers == NULL) { 1564 return (0); 1565 } else if (sk_SSL_CIPHER_num(ciphers) == 0) { 1566 SSLerrorx(SSL_R_NO_CIPHER_MATCH); 1567 return (0); 1568 } 1569 return (1); 1570 } 1571 1572 int 1573 SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) 1574 { 1575 if (!ssl_parse_ciphersuites(&ctx->cipher_list_tls13, str)) { 1576 SSLerrorx(SSL_R_NO_CIPHER_MATCH); 1577 return 0; 1578 } 1579 if (!ssl_merge_cipherlists(ctx->cipher_list, 1580 ctx->cipher_list_tls13, &ctx->cipher_list)) 1581 return 0; 1582 1583 return 1; 1584 } 1585 1586 /* Specify the ciphers to be used by the SSL. */ 1587 int 1588 SSL_set_cipher_list(SSL *s, const char *str) 1589 { 1590 STACK_OF(SSL_CIPHER) *ciphers, *ciphers_tls13; 1591 1592 if ((ciphers_tls13 = s->cipher_list_tls13) == NULL) 1593 ciphers_tls13 = s->ctx->cipher_list_tls13; 1594 1595 /* See comment in SSL_CTX_set_cipher_list. */ 1596 ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, 1597 ciphers_tls13, str, s->cert); 1598 if (ciphers == NULL) { 1599 return (0); 1600 } else if (sk_SSL_CIPHER_num(ciphers) == 0) { 1601 SSLerror(s, SSL_R_NO_CIPHER_MATCH); 1602 return (0); 1603 } 1604 return (1); 1605 } 1606 1607 int 1608 SSL_set_ciphersuites(SSL *s, const char *str) 1609 { 1610 STACK_OF(SSL_CIPHER) *ciphers; 1611 1612 if ((ciphers = s->cipher_list) == NULL) 1613 ciphers = s->ctx->cipher_list; 1614 1615 if (!ssl_parse_ciphersuites(&s->cipher_list_tls13, str)) { 1616 SSLerrorx(SSL_R_NO_CIPHER_MATCH); 1617 return (0); 1618 } 1619 if (!ssl_merge_cipherlists(ciphers, s->cipher_list_tls13, 1620 &s->cipher_list)) 1621 return 0; 1622 1623 return 1; 1624 } 1625 1626 char * 1627 SSL_get_shared_ciphers(const SSL *s, char *buf, int len) 1628 { 1629 STACK_OF(SSL_CIPHER) *client_ciphers, *server_ciphers; 1630 const SSL_CIPHER *cipher; 1631 size_t curlen = 0; 1632 char *end; 1633 int i; 1634 1635 if (!s->server || s->session == NULL || len < 2) 1636 return NULL; 1637 1638 if ((client_ciphers = s->session->ciphers) == NULL) 1639 return NULL; 1640 if ((server_ciphers = SSL_get_ciphers(s)) == NULL) 1641 return NULL; 1642 if (sk_SSL_CIPHER_num(client_ciphers) == 0 || 1643 sk_SSL_CIPHER_num(server_ciphers) == 0) 1644 return NULL; 1645 1646 buf[0] = '\0'; 1647 for (i = 0; i < sk_SSL_CIPHER_num(client_ciphers); i++) { 1648 cipher = sk_SSL_CIPHER_value(client_ciphers, i); 1649 1650 if (sk_SSL_CIPHER_find(server_ciphers, cipher) < 0) 1651 continue; 1652 1653 end = buf + curlen; 1654 if (strlcat(buf, cipher->name, len) >= len || 1655 (curlen = strlcat(buf, ":", len)) >= len) { 1656 /* remove truncated cipher from list */ 1657 *end = '\0'; 1658 break; 1659 } 1660 } 1661 /* remove trailing colon */ 1662 if ((end = strrchr(buf, ':')) != NULL) 1663 *end = '\0'; 1664 return buf; 1665 } 1666 1667 /* 1668 * Return a servername extension value if provided in Client Hello, or NULL. 1669 * So far, only host_name types are defined (RFC 3546). 1670 */ 1671 const char * 1672 SSL_get_servername(const SSL *s, const int type) 1673 { 1674 if (type != TLSEXT_NAMETYPE_host_name) 1675 return (NULL); 1676 1677 return (s->session && !s->tlsext_hostname ? 1678 s->session->tlsext_hostname : 1679 s->tlsext_hostname); 1680 } 1681 1682 int 1683 SSL_get_servername_type(const SSL *s) 1684 { 1685 if (s->session && 1686 (!s->tlsext_hostname ? 1687 s->session->tlsext_hostname : s->tlsext_hostname)) 1688 return (TLSEXT_NAMETYPE_host_name); 1689 return (-1); 1690 } 1691 1692 /* 1693 * SSL_select_next_proto implements standard protocol selection. It is 1694 * expected that this function is called from the callback set by 1695 * SSL_CTX_set_alpn_select_cb. 1696 * 1697 * The protocol data is assumed to be a vector of 8-bit, length prefixed byte 1698 * strings. The length byte itself is not included in the length. A byte 1699 * string of length 0 is invalid. No byte string may be truncated. 1700 * 1701 * It returns either: 1702 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or 1703 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. 1704 */ 1705 int 1706 SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 1707 const unsigned char *server, unsigned int server_len, 1708 const unsigned char *client, unsigned int client_len) 1709 { 1710 unsigned int i, j; 1711 const unsigned char *result; 1712 int status = OPENSSL_NPN_UNSUPPORTED; 1713 1714 /* 1715 * For each protocol in server preference order, 1716 * see if we support it. 1717 */ 1718 for (i = 0; i < server_len; ) { 1719 for (j = 0; j < client_len; ) { 1720 if (server[i] == client[j] && 1721 memcmp(&server[i + 1], 1722 &client[j + 1], server[i]) == 0) { 1723 /* We found a match */ 1724 result = &server[i]; 1725 status = OPENSSL_NPN_NEGOTIATED; 1726 goto found; 1727 } 1728 j += client[j]; 1729 j++; 1730 } 1731 i += server[i]; 1732 i++; 1733 } 1734 1735 /* There's no overlap between our protocols and the server's list. */ 1736 result = client; 1737 status = OPENSSL_NPN_NO_OVERLAP; 1738 1739 found: 1740 *out = (unsigned char *) result + 1; 1741 *outlen = result[0]; 1742 return (status); 1743 } 1744 1745 /* SSL_get0_next_proto_negotiated is deprecated. */ 1746 void 1747 SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, 1748 unsigned int *len) 1749 { 1750 *data = NULL; 1751 *len = 0; 1752 } 1753 1754 /* SSL_CTX_set_next_protos_advertised_cb is deprecated. */ 1755 void 1756 SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, 1757 const unsigned char **out, unsigned int *outlen, void *arg), void *arg) 1758 { 1759 } 1760 1761 /* SSL_CTX_set_next_proto_select_cb is deprecated. */ 1762 void 1763 SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, 1764 unsigned char **out, unsigned char *outlen, const unsigned char *in, 1765 unsigned int inlen, void *arg), void *arg) 1766 { 1767 } 1768 1769 /* 1770 * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified 1771 * protocols, which must be in wire-format (i.e. a series of non-empty, 1772 * 8-bit length-prefixed strings). Returns 0 on success. 1773 */ 1774 int 1775 SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, 1776 unsigned int protos_len) 1777 { 1778 CBS cbs; 1779 int failed = 1; 1780 1781 if (protos == NULL) 1782 protos_len = 0; 1783 1784 CBS_init(&cbs, protos, protos_len); 1785 1786 if (protos_len > 0) { 1787 if (!tlsext_alpn_check_format(&cbs)) 1788 goto err; 1789 } 1790 1791 if (!CBS_stow(&cbs, &ctx->alpn_client_proto_list, 1792 &ctx->alpn_client_proto_list_len)) 1793 goto err; 1794 1795 failed = 0; 1796 1797 err: 1798 /* NOTE: Return values are the reverse of what you expect. */ 1799 return failed; 1800 } 1801 1802 /* 1803 * SSL_set_alpn_protos sets the ALPN protocol list to the specified 1804 * protocols, which must be in wire-format (i.e. a series of non-empty, 1805 * 8-bit length-prefixed strings). Returns 0 on success. 1806 */ 1807 int 1808 SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, 1809 unsigned int protos_len) 1810 { 1811 CBS cbs; 1812 int failed = 1; 1813 1814 if (protos == NULL) 1815 protos_len = 0; 1816 1817 CBS_init(&cbs, protos, protos_len); 1818 1819 if (protos_len > 0) { 1820 if (!tlsext_alpn_check_format(&cbs)) 1821 goto err; 1822 } 1823 1824 if (!CBS_stow(&cbs, &ssl->alpn_client_proto_list, 1825 &ssl->alpn_client_proto_list_len)) 1826 goto err; 1827 1828 failed = 0; 1829 1830 err: 1831 /* NOTE: Return values are the reverse of what you expect. */ 1832 return failed; 1833 } 1834 1835 /* 1836 * SSL_CTX_set_alpn_select_cb sets a callback function that is called during 1837 * ClientHello processing in order to select an ALPN protocol from the 1838 * client's list of offered protocols. 1839 */ 1840 void 1841 SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx, 1842 int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen, 1843 const unsigned char *in, unsigned int inlen, void *arg), void *arg) 1844 { 1845 ctx->alpn_select_cb = cb; 1846 ctx->alpn_select_cb_arg = arg; 1847 } 1848 1849 /* 1850 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return 1851 * it sets data to point to len bytes of protocol name (not including the 1852 * leading length-prefix byte). If the server didn't respond with* a negotiated 1853 * protocol then len will be zero. 1854 */ 1855 void 1856 SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, 1857 unsigned int *len) 1858 { 1859 *data = ssl->s3->alpn_selected; 1860 *len = ssl->s3->alpn_selected_len; 1861 } 1862 1863 void 1864 SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb) 1865 { 1866 return; 1867 } 1868 1869 int 1870 SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1871 const char *label, size_t llen, const unsigned char *p, size_t plen, 1872 int use_context) 1873 { 1874 if (s->tls13 != NULL && s->version == TLS1_3_VERSION) { 1875 if (!use_context) { 1876 p = NULL; 1877 plen = 0; 1878 } 1879 return tls13_exporter(s->tls13, label, llen, p, plen, 1880 out, olen); 1881 } 1882 1883 return (tls1_export_keying_material(s, out, olen, label, llen, p, plen, 1884 use_context)); 1885 } 1886 1887 static unsigned long 1888 ssl_session_hash(const SSL_SESSION *a) 1889 { 1890 unsigned long l; 1891 1892 l = (unsigned long) 1893 ((unsigned int) a->session_id[0] )| 1894 ((unsigned int) a->session_id[1]<< 8L)| 1895 ((unsigned long)a->session_id[2]<<16L)| 1896 ((unsigned long)a->session_id[3]<<24L); 1897 return (l); 1898 } 1899 1900 /* 1901 * NB: If this function (or indeed the hash function which uses a sort of 1902 * coarser function than this one) is changed, ensure 1903 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being 1904 * able to construct an SSL_SESSION that will collide with any existing session 1905 * with a matching session ID. 1906 */ 1907 static int 1908 ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) 1909 { 1910 if (a->ssl_version != b->ssl_version) 1911 return (1); 1912 if (a->session_id_length != b->session_id_length) 1913 return (1); 1914 if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0) 1915 return (1); 1916 return (0); 1917 } 1918 1919 /* 1920 * These wrapper functions should remain rather than redeclaring 1921 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each 1922 * variable. The reason is that the functions aren't static, they're exposed via 1923 * ssl.h. 1924 */ 1925 static unsigned long 1926 ssl_session_LHASH_HASH(const void *arg) 1927 { 1928 const SSL_SESSION *a = arg; 1929 1930 return ssl_session_hash(a); 1931 } 1932 1933 static int 1934 ssl_session_LHASH_COMP(const void *arg1, const void *arg2) 1935 { 1936 const SSL_SESSION *a = arg1; 1937 const SSL_SESSION *b = arg2; 1938 1939 return ssl_session_cmp(a, b); 1940 } 1941 1942 SSL_CTX * 1943 SSL_CTX_new(const SSL_METHOD *meth) 1944 { 1945 SSL_CTX *ret; 1946 1947 if (!OPENSSL_init_ssl(0, NULL)) { 1948 SSLerrorx(SSL_R_LIBRARY_BUG); 1949 return (NULL); 1950 } 1951 1952 if (meth == NULL) { 1953 SSLerrorx(SSL_R_NULL_SSL_METHOD_PASSED); 1954 return (NULL); 1955 } 1956 1957 if ((ret = calloc(1, sizeof(*ret))) == NULL) { 1958 SSLerrorx(ERR_R_MALLOC_FAILURE); 1959 return (NULL); 1960 } 1961 1962 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 1963 SSLerrorx(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 1964 goto err; 1965 } 1966 1967 ret->method = meth; 1968 ret->min_tls_version = meth->min_tls_version; 1969 ret->max_tls_version = meth->max_tls_version; 1970 ret->min_proto_version = 0; 1971 ret->max_proto_version = 0; 1972 ret->mode = SSL_MODE_AUTO_RETRY; 1973 1974 ret->cert_store = NULL; 1975 ret->session_cache_mode = SSL_SESS_CACHE_SERVER; 1976 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 1977 ret->session_cache_head = NULL; 1978 ret->session_cache_tail = NULL; 1979 1980 /* We take the system default */ 1981 ret->session_timeout = ssl_get_default_timeout(); 1982 1983 ret->new_session_cb = 0; 1984 ret->remove_session_cb = 0; 1985 ret->get_session_cb = 0; 1986 ret->generate_session_id = 0; 1987 1988 memset((char *)&ret->stats, 0, sizeof(ret->stats)); 1989 1990 ret->references = 1; 1991 ret->quiet_shutdown = 0; 1992 1993 ret->info_callback = NULL; 1994 1995 ret->app_verify_callback = 0; 1996 ret->app_verify_arg = NULL; 1997 1998 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; 1999 ret->read_ahead = 0; 2000 ret->msg_callback = 0; 2001 ret->msg_callback_arg = NULL; 2002 ret->verify_mode = SSL_VERIFY_NONE; 2003 ret->sid_ctx_length = 0; 2004 ret->default_verify_callback = NULL; 2005 2006 if ((ret->cert = ssl_cert_new()) == NULL) 2007 goto err; 2008 2009 ret->default_passwd_callback = 0; 2010 ret->default_passwd_callback_userdata = NULL; 2011 ret->client_cert_cb = 0; 2012 ret->app_gen_cookie_cb = 0; 2013 ret->app_verify_cookie_cb = 0; 2014 2015 ret->sessions = lh_SSL_SESSION_new(); 2016 if (ret->sessions == NULL) 2017 goto err; 2018 ret->cert_store = X509_STORE_new(); 2019 if (ret->cert_store == NULL) 2020 goto err; 2021 2022 ssl_create_cipher_list(ret->method, &ret->cipher_list, 2023 NULL, SSL_DEFAULT_CIPHER_LIST, ret->cert); 2024 if (ret->cipher_list == NULL || 2025 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { 2026 SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS); 2027 goto err2; 2028 } 2029 2030 ret->param = X509_VERIFY_PARAM_new(); 2031 if (!ret->param) 2032 goto err; 2033 2034 if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) 2035 goto err; 2036 2037 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); 2038 2039 ret->extra_certs = NULL; 2040 2041 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 2042 2043 ret->tlsext_servername_callback = 0; 2044 ret->tlsext_servername_arg = NULL; 2045 2046 /* Setup RFC4507 ticket keys */ 2047 arc4random_buf(ret->tlsext_tick_key_name, 16); 2048 arc4random_buf(ret->tlsext_tick_hmac_key, 16); 2049 arc4random_buf(ret->tlsext_tick_aes_key, 16); 2050 2051 ret->tlsext_status_cb = 0; 2052 ret->tlsext_status_arg = NULL; 2053 2054 #ifndef OPENSSL_NO_ENGINE 2055 ret->client_cert_engine = NULL; 2056 #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO 2057 #define eng_strx(x) #x 2058 #define eng_str(x) eng_strx(x) 2059 /* Use specific client engine automatically... ignore errors */ 2060 { 2061 ENGINE *eng; 2062 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 2063 if (!eng) { 2064 ERR_clear_error(); 2065 ENGINE_load_builtin_engines(); 2066 eng = ENGINE_by_id(eng_str( 2067 OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 2068 } 2069 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) 2070 ERR_clear_error(); 2071 } 2072 #endif 2073 #endif 2074 /* 2075 * Default is to connect to non-RI servers. When RI is more widely 2076 * deployed might change this. 2077 */ 2078 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; 2079 2080 return (ret); 2081 err: 2082 SSLerrorx(ERR_R_MALLOC_FAILURE); 2083 err2: 2084 SSL_CTX_free(ret); 2085 return (NULL); 2086 } 2087 2088 void 2089 SSL_CTX_free(SSL_CTX *ctx) 2090 { 2091 int i; 2092 2093 if (ctx == NULL) 2094 return; 2095 2096 i = CRYPTO_add(&ctx->references, -1, CRYPTO_LOCK_SSL_CTX); 2097 if (i > 0) 2098 return; 2099 2100 X509_VERIFY_PARAM_free(ctx->param); 2101 2102 /* 2103 * Free internal session cache. However: the remove_cb() may reference 2104 * the ex_data of SSL_CTX, thus the ex_data store can only be removed 2105 * after the sessions were flushed. 2106 * As the ex_data handling routines might also touch the session cache, 2107 * the most secure solution seems to be: empty (flush) the cache, then 2108 * free ex_data, then finally free the cache. 2109 * (See ticket [openssl.org #212].) 2110 */ 2111 if (ctx->sessions != NULL) 2112 SSL_CTX_flush_sessions(ctx, 0); 2113 2114 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ctx, &ctx->ex_data); 2115 2116 lh_SSL_SESSION_free(ctx->sessions); 2117 2118 X509_STORE_free(ctx->cert_store); 2119 sk_SSL_CIPHER_free(ctx->cipher_list); 2120 sk_SSL_CIPHER_free(ctx->cipher_list_tls13); 2121 ssl_cert_free(ctx->cert); 2122 sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free); 2123 sk_X509_pop_free(ctx->extra_certs, X509_free); 2124 2125 #ifndef OPENSSL_NO_SRTP 2126 if (ctx->srtp_profiles) 2127 sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles); 2128 #endif 2129 2130 #ifndef OPENSSL_NO_ENGINE 2131 ENGINE_finish(ctx->client_cert_engine); 2132 #endif 2133 2134 free(ctx->tlsext_ecpointformatlist); 2135 free(ctx->tlsext_supportedgroups); 2136 2137 free(ctx->alpn_client_proto_list); 2138 2139 free(ctx); 2140 } 2141 2142 int 2143 SSL_CTX_up_ref(SSL_CTX *ctx) 2144 { 2145 int refs = CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 2146 return ((refs > 1) ? 1 : 0); 2147 } 2148 2149 pem_password_cb * 2150 SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) 2151 { 2152 return (ctx->default_passwd_callback); 2153 } 2154 2155 void 2156 SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) 2157 { 2158 ctx->default_passwd_callback = cb; 2159 } 2160 2161 void * 2162 SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) 2163 { 2164 return ctx->default_passwd_callback_userdata; 2165 } 2166 2167 void 2168 SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 2169 { 2170 ctx->default_passwd_callback_userdata = u; 2171 } 2172 2173 void 2174 SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 2175 int (*cb)(X509_STORE_CTX *, void *), void *arg) 2176 { 2177 ctx->app_verify_callback = cb; 2178 ctx->app_verify_arg = arg; 2179 } 2180 2181 void 2182 SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) 2183 { 2184 ctx->verify_mode = mode; 2185 ctx->default_verify_callback = cb; 2186 } 2187 2188 void 2189 SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) 2190 { 2191 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2192 } 2193 2194 void 2195 ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher) 2196 { 2197 unsigned long mask_a, mask_k; 2198 SSL_CERT_PKEY *cpk; 2199 2200 if (c == NULL) 2201 return; 2202 2203 mask_a = SSL_aNULL | SSL_aTLS1_3; 2204 mask_k = SSL_kECDHE | SSL_kTLS1_3; 2205 2206 if (c->dhe_params != NULL || c->dhe_params_cb != NULL || 2207 c->dhe_params_auto != 0) 2208 mask_k |= SSL_kDHE; 2209 2210 cpk = &(c->pkeys[SSL_PKEY_ECC]); 2211 if (cpk->x509 != NULL && cpk->privatekey != NULL) { 2212 /* Key usage, if present, must allow signing. */ 2213 if (X509_get_key_usage(cpk->x509) & X509v3_KU_DIGITAL_SIGNATURE) 2214 mask_a |= SSL_aECDSA; 2215 } 2216 2217 cpk = &(c->pkeys[SSL_PKEY_GOST01]); 2218 if (cpk->x509 != NULL && cpk->privatekey != NULL) { 2219 mask_k |= SSL_kGOST; 2220 mask_a |= SSL_aGOST01; 2221 } 2222 2223 cpk = &(c->pkeys[SSL_PKEY_RSA]); 2224 if (cpk->x509 != NULL && cpk->privatekey != NULL) { 2225 mask_a |= SSL_aRSA; 2226 mask_k |= SSL_kRSA; 2227 } 2228 2229 c->mask_k = mask_k; 2230 c->mask_a = mask_a; 2231 c->valid = 1; 2232 } 2233 2234 /* See if this handshake is using an ECC cipher suite. */ 2235 int 2236 ssl_using_ecc_cipher(SSL *s) 2237 { 2238 unsigned long alg_a, alg_k; 2239 2240 alg_a = s->s3->hs.cipher->algorithm_auth; 2241 alg_k = s->s3->hs.cipher->algorithm_mkey; 2242 2243 return s->session->tlsext_ecpointformatlist != NULL && 2244 s->session->tlsext_ecpointformatlist_length > 0 && 2245 ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)); 2246 } 2247 2248 int 2249 ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x) 2250 { 2251 const SSL_CIPHER *cs = s->s3->hs.cipher; 2252 unsigned long alg_a; 2253 2254 alg_a = cs->algorithm_auth; 2255 2256 if (alg_a & SSL_aECDSA) { 2257 /* Key usage, if present, must allow signing. */ 2258 if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) { 2259 SSLerror(s, SSL_R_ECC_CERT_NOT_FOR_SIGNING); 2260 return (0); 2261 } 2262 } 2263 2264 return (1); 2265 } 2266 2267 SSL_CERT_PKEY * 2268 ssl_get_server_send_pkey(const SSL *s) 2269 { 2270 unsigned long alg_a; 2271 SSL_CERT *c; 2272 int i; 2273 2274 c = s->cert; 2275 ssl_set_cert_masks(c, s->s3->hs.cipher); 2276 2277 alg_a = s->s3->hs.cipher->algorithm_auth; 2278 2279 if (alg_a & SSL_aECDSA) { 2280 i = SSL_PKEY_ECC; 2281 } else if (alg_a & SSL_aRSA) { 2282 i = SSL_PKEY_RSA; 2283 } else if (alg_a & SSL_aGOST01) { 2284 i = SSL_PKEY_GOST01; 2285 } else { /* if (alg_a & SSL_aNULL) */ 2286 SSLerror(s, ERR_R_INTERNAL_ERROR); 2287 return (NULL); 2288 } 2289 2290 return (c->pkeys + i); 2291 } 2292 2293 EVP_PKEY * 2294 ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd, 2295 const struct ssl_sigalg **sap) 2296 { 2297 const struct ssl_sigalg *sigalg = NULL; 2298 EVP_PKEY *pkey = NULL; 2299 unsigned long alg_a; 2300 SSL_CERT *c; 2301 int idx = -1; 2302 2303 alg_a = cipher->algorithm_auth; 2304 c = s->cert; 2305 2306 if (alg_a & SSL_aRSA) { 2307 idx = SSL_PKEY_RSA; 2308 } else if ((alg_a & SSL_aECDSA) && 2309 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) 2310 idx = SSL_PKEY_ECC; 2311 if (idx == -1) { 2312 SSLerror(s, ERR_R_INTERNAL_ERROR); 2313 return (NULL); 2314 } 2315 2316 pkey = c->pkeys[idx].privatekey; 2317 if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { 2318 SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); 2319 return (NULL); 2320 } 2321 *pmd = sigalg->md(); 2322 *sap = sigalg; 2323 2324 return (pkey); 2325 } 2326 2327 size_t 2328 ssl_dhe_params_auto_key_bits(SSL *s) 2329 { 2330 SSL_CERT_PKEY *cpk; 2331 int key_bits; 2332 2333 if (s->cert->dhe_params_auto == 2) { 2334 key_bits = 1024; 2335 } else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) { 2336 key_bits = 1024; 2337 if (s->s3->hs.cipher->strength_bits == 256) 2338 key_bits = 3072; 2339 } else { 2340 if ((cpk = ssl_get_server_send_pkey(s)) == NULL) 2341 return 0; 2342 if (cpk->privatekey == NULL || 2343 EVP_PKEY_get0_RSA(cpk->privatekey) == NULL) 2344 return 0; 2345 if ((key_bits = EVP_PKEY_bits(cpk->privatekey)) <= 0) 2346 return 0; 2347 } 2348 2349 return key_bits; 2350 } 2351 2352 static int 2353 ssl_should_update_external_cache(SSL *s, int mode) 2354 { 2355 int cache_mode; 2356 2357 cache_mode = s->session_ctx->session_cache_mode; 2358 2359 /* Don't cache if mode says not to */ 2360 if ((cache_mode & mode) == 0) 2361 return 0; 2362 2363 /* if it is not already cached, cache it */ 2364 if (!s->hit) 2365 return 1; 2366 2367 /* If it's TLS 1.3, do it to match OpenSSL */ 2368 if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) 2369 return 1; 2370 2371 return 0; 2372 } 2373 2374 static int 2375 ssl_should_update_internal_cache(SSL *s, int mode) 2376 { 2377 int cache_mode; 2378 2379 cache_mode = s->session_ctx->session_cache_mode; 2380 2381 /* Don't cache if mode says not to */ 2382 if ((cache_mode & mode) == 0) 2383 return 0; 2384 2385 /* If it is already cached, don't cache it again */ 2386 if (s->hit) 2387 return 0; 2388 2389 if ((cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0) 2390 return 0; 2391 2392 /* If we are lesser than TLS 1.3, Cache it. */ 2393 if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) 2394 return 1; 2395 2396 /* Below this we consider TLS 1.3 or later */ 2397 2398 /* If it's not a server, add it? OpenSSL does this. */ 2399 if (!s->server) 2400 return 1; 2401 2402 /* XXX if we support early data / PSK need to add */ 2403 2404 /* 2405 * If we have the remove session callback, we will want 2406 * to know about this even if it's a stateless ticket 2407 * from 1.3 so we can know when it is removed. 2408 */ 2409 if (s->session_ctx->remove_session_cb != NULL) 2410 return 1; 2411 2412 /* If we have set OP_NO_TICKET, cache it. */ 2413 if ((s->options & SSL_OP_NO_TICKET) != 0) 2414 return 1; 2415 2416 /* Otherwise do not cache */ 2417 return 0; 2418 } 2419 2420 void 2421 ssl_update_cache(SSL *s, int mode) 2422 { 2423 int cache_mode, do_callback; 2424 2425 if (s->session->session_id_length == 0) 2426 return; 2427 2428 cache_mode = s->session_ctx->session_cache_mode; 2429 do_callback = ssl_should_update_external_cache(s, mode); 2430 2431 if (ssl_should_update_internal_cache(s, mode)) { 2432 /* 2433 * XXX should we fail if the add to the internal cache 2434 * fails? OpenSSL doesn't care.. 2435 */ 2436 (void) SSL_CTX_add_session(s->session_ctx, s->session); 2437 } 2438 2439 /* 2440 * Update the "external cache" by calling the new session 2441 * callback if present, even with TLS 1.3 without early data 2442 * "because some application just want to know about the 2443 * creation of a session and aren't doing a full cache". 2444 * Apparently, if they are doing a full cache, they'll have 2445 * some fun, but we endeavour to give application writers the 2446 * same glorious experience they expect from OpenSSL which 2447 * does it this way. 2448 */ 2449 if (do_callback && s->session_ctx->new_session_cb != NULL) { 2450 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); 2451 if (!s->session_ctx->new_session_cb(s, s->session)) 2452 SSL_SESSION_free(s->session); 2453 } 2454 2455 /* Auto flush every 255 connections. */ 2456 if (!(cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR) && 2457 (cache_mode & mode) != 0) { 2458 int connections; 2459 if (mode & SSL_SESS_CACHE_CLIENT) 2460 connections = s->session_ctx->stats.sess_connect_good; 2461 else 2462 connections = s->session_ctx->stats.sess_accept_good; 2463 if ((connections & 0xff) == 0xff) 2464 SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); 2465 } 2466 } 2467 2468 const SSL_METHOD * 2469 SSL_get_ssl_method(SSL *s) 2470 { 2471 return (s->method); 2472 } 2473 2474 int 2475 SSL_set_ssl_method(SSL *s, const SSL_METHOD *method) 2476 { 2477 int (*handshake_func)(SSL *) = NULL; 2478 int ret = 1; 2479 2480 if (s->method == method) 2481 return (ret); 2482 2483 if (s->handshake_func == s->method->ssl_connect) 2484 handshake_func = method->ssl_connect; 2485 else if (s->handshake_func == s->method->ssl_accept) 2486 handshake_func = method->ssl_accept; 2487 2488 if (s->method->version == method->version) { 2489 s->method = method; 2490 } else { 2491 s->method->ssl_free(s); 2492 s->method = method; 2493 ret = s->method->ssl_new(s); 2494 } 2495 s->handshake_func = handshake_func; 2496 2497 return (ret); 2498 } 2499 2500 int 2501 SSL_get_error(const SSL *s, int i) 2502 { 2503 unsigned long l; 2504 int reason; 2505 BIO *bio; 2506 2507 if (i > 0) 2508 return (SSL_ERROR_NONE); 2509 2510 /* 2511 * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake 2512 * etc, where we do encode the error. 2513 */ 2514 if ((l = ERR_peek_error()) != 0) { 2515 if (ERR_GET_LIB(l) == ERR_LIB_SYS) 2516 return (SSL_ERROR_SYSCALL); 2517 else 2518 return (SSL_ERROR_SSL); 2519 } 2520 2521 if (SSL_want_read(s)) { 2522 bio = SSL_get_rbio(s); 2523 if (BIO_should_read(bio)) { 2524 return (SSL_ERROR_WANT_READ); 2525 } else if (BIO_should_write(bio)) { 2526 /* 2527 * This one doesn't make too much sense... We never 2528 * try to write to the rbio, and an application 2529 * program where rbio and wbio are separate couldn't 2530 * even know what it should wait for. However if we 2531 * ever set s->rwstate incorrectly (so that we have 2532 * SSL_want_read(s) instead of SSL_want_write(s)) 2533 * and rbio and wbio *are* the same, this test works 2534 * around that bug; so it might be safer to keep it. 2535 */ 2536 return (SSL_ERROR_WANT_WRITE); 2537 } else if (BIO_should_io_special(bio)) { 2538 reason = BIO_get_retry_reason(bio); 2539 if (reason == BIO_RR_CONNECT) 2540 return (SSL_ERROR_WANT_CONNECT); 2541 else if (reason == BIO_RR_ACCEPT) 2542 return (SSL_ERROR_WANT_ACCEPT); 2543 else 2544 return (SSL_ERROR_SYSCALL); /* unknown */ 2545 } 2546 } 2547 2548 if (SSL_want_write(s)) { 2549 bio = SSL_get_wbio(s); 2550 if (BIO_should_write(bio)) { 2551 return (SSL_ERROR_WANT_WRITE); 2552 } else if (BIO_should_read(bio)) { 2553 /* 2554 * See above (SSL_want_read(s) with 2555 * BIO_should_write(bio)) 2556 */ 2557 return (SSL_ERROR_WANT_READ); 2558 } else if (BIO_should_io_special(bio)) { 2559 reason = BIO_get_retry_reason(bio); 2560 if (reason == BIO_RR_CONNECT) 2561 return (SSL_ERROR_WANT_CONNECT); 2562 else if (reason == BIO_RR_ACCEPT) 2563 return (SSL_ERROR_WANT_ACCEPT); 2564 else 2565 return (SSL_ERROR_SYSCALL); 2566 } 2567 } 2568 2569 if (SSL_want_x509_lookup(s)) 2570 return (SSL_ERROR_WANT_X509_LOOKUP); 2571 2572 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && 2573 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) 2574 return (SSL_ERROR_ZERO_RETURN); 2575 2576 return (SSL_ERROR_SYSCALL); 2577 } 2578 2579 int 2580 SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method) 2581 { 2582 if (ctx->method->dtls) 2583 return 0; 2584 2585 ctx->quic_method = quic_method; 2586 2587 return 1; 2588 } 2589 2590 int 2591 SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) 2592 { 2593 if (ssl->method->dtls) 2594 return 0; 2595 2596 ssl->quic_method = quic_method; 2597 2598 return 1; 2599 } 2600 2601 size_t 2602 SSL_quic_max_handshake_flight_len(const SSL *ssl, 2603 enum ssl_encryption_level_t level) 2604 { 2605 size_t flight_len; 2606 2607 /* Limit flights to 16K when there are no large certificate messages. */ 2608 flight_len = 16384; 2609 2610 switch (level) { 2611 case ssl_encryption_initial: 2612 return flight_len; 2613 2614 case ssl_encryption_early_data: 2615 /* QUIC does not send EndOfEarlyData. */ 2616 return 0; 2617 2618 case ssl_encryption_handshake: 2619 if (ssl->server) { 2620 /* 2621 * Servers may receive Certificate message if configured 2622 * to request client certificates. 2623 */ 2624 if ((SSL_get_verify_mode(ssl) & SSL_VERIFY_PEER) != 0 && 2625 ssl->max_cert_list > flight_len) 2626 flight_len = ssl->max_cert_list; 2627 } else { 2628 /* 2629 * Clients may receive both Certificate message and a 2630 * CertificateRequest message. 2631 */ 2632 if (ssl->max_cert_list * 2 > flight_len) 2633 flight_len = ssl->max_cert_list * 2; 2634 } 2635 return flight_len; 2636 case ssl_encryption_application: 2637 /* 2638 * Note there is not actually a bound on the number of 2639 * NewSessionTickets one may send in a row. This level may need 2640 * more involved flow control. 2641 */ 2642 return flight_len; 2643 } 2644 2645 return 0; 2646 } 2647 2648 enum ssl_encryption_level_t 2649 SSL_quic_read_level(const SSL *ssl) 2650 { 2651 return ssl->s3->hs.tls13.quic_read_level; 2652 } 2653 2654 enum ssl_encryption_level_t 2655 SSL_quic_write_level(const SSL *ssl) 2656 { 2657 return ssl->s3->hs.tls13.quic_write_level; 2658 } 2659 2660 int 2661 SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, 2662 const uint8_t *data, size_t len) 2663 { 2664 if (!SSL_is_quic(ssl)) { 2665 SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2666 return 0; 2667 } 2668 2669 if (level != SSL_quic_read_level(ssl)) { 2670 SSLerror(ssl, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); 2671 return 0; 2672 } 2673 2674 if (ssl->s3->hs.tls13.quic_read_buffer == NULL) { 2675 ssl->s3->hs.tls13.quic_read_buffer = tls_buffer_new(0); 2676 if (ssl->s3->hs.tls13.quic_read_buffer == NULL) { 2677 SSLerror(ssl, ERR_R_MALLOC_FAILURE); 2678 return 0; 2679 } 2680 } 2681 2682 /* XXX - note that this does not currently downsize. */ 2683 tls_buffer_set_capacity_limit(ssl->s3->hs.tls13.quic_read_buffer, 2684 SSL_quic_max_handshake_flight_len(ssl, level)); 2685 2686 /* 2687 * XXX - an append that fails due to exceeding capacity should set 2688 * SSL_R_EXCESSIVE_MESSAGE_SIZE. 2689 */ 2690 return tls_buffer_append(ssl->s3->hs.tls13.quic_read_buffer, data, len); 2691 } 2692 2693 int 2694 SSL_process_quic_post_handshake(SSL *ssl) 2695 { 2696 /* XXX - this needs to run PHH received. */ 2697 return 1; 2698 } 2699 2700 int 2701 SSL_do_handshake(SSL *s) 2702 { 2703 if (s->handshake_func == NULL) { 2704 SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET); 2705 return (-1); 2706 } 2707 2708 s->method->ssl_renegotiate_check(s); 2709 2710 if (!SSL_in_init(s) && !SSL_in_before(s)) 2711 return 1; 2712 2713 return s->handshake_func(s); 2714 } 2715 2716 /* 2717 * For the next 2 functions, SSL_clear() sets shutdown and so 2718 * one of these calls will reset it 2719 */ 2720 void 2721 SSL_set_accept_state(SSL *s) 2722 { 2723 s->server = 1; 2724 s->shutdown = 0; 2725 s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE; 2726 s->handshake_func = s->method->ssl_accept; 2727 ssl_clear_cipher_state(s); 2728 } 2729 2730 void 2731 SSL_set_connect_state(SSL *s) 2732 { 2733 s->server = 0; 2734 s->shutdown = 0; 2735 s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE; 2736 s->handshake_func = s->method->ssl_connect; 2737 ssl_clear_cipher_state(s); 2738 } 2739 2740 int 2741 ssl_undefined_function(SSL *s) 2742 { 2743 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2744 return (0); 2745 } 2746 2747 int 2748 ssl_undefined_void_function(void) 2749 { 2750 SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2751 return (0); 2752 } 2753 2754 int 2755 ssl_undefined_const_function(const SSL *s) 2756 { 2757 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2758 return (0); 2759 } 2760 2761 const char * 2762 ssl_version_string(int ver) 2763 { 2764 switch (ver) { 2765 case TLS1_VERSION: 2766 return (SSL_TXT_TLSV1); 2767 case TLS1_1_VERSION: 2768 return (SSL_TXT_TLSV1_1); 2769 case TLS1_2_VERSION: 2770 return (SSL_TXT_TLSV1_2); 2771 case TLS1_3_VERSION: 2772 return (SSL_TXT_TLSV1_3); 2773 case DTLS1_VERSION: 2774 return (SSL_TXT_DTLS1); 2775 case DTLS1_2_VERSION: 2776 return (SSL_TXT_DTLS1_2); 2777 default: 2778 return ("unknown"); 2779 } 2780 } 2781 2782 const char * 2783 SSL_get_version(const SSL *s) 2784 { 2785 return ssl_version_string(s->version); 2786 } 2787 2788 SSL * 2789 SSL_dup(SSL *s) 2790 { 2791 STACK_OF(X509_NAME) *sk; 2792 X509_NAME *xn; 2793 SSL *ret; 2794 int i; 2795 2796 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) 2797 goto err; 2798 2799 ret->version = s->version; 2800 ret->method = s->method; 2801 2802 if (s->session != NULL) { 2803 if (!SSL_copy_session_id(ret, s)) 2804 goto err; 2805 } else { 2806 /* 2807 * No session has been established yet, so we have to expect 2808 * that s->cert or ret->cert will be changed later -- 2809 * they should not both point to the same object, 2810 * and thus we can't use SSL_copy_session_id. 2811 */ 2812 2813 ret->method->ssl_free(ret); 2814 ret->method = s->method; 2815 ret->method->ssl_new(ret); 2816 2817 ssl_cert_free(ret->cert); 2818 if ((ret->cert = ssl_cert_dup(s->cert)) == NULL) 2819 goto err; 2820 2821 if (!SSL_set_session_id_context(ret, s->sid_ctx, 2822 s->sid_ctx_length)) 2823 goto err; 2824 } 2825 2826 ret->options = s->options; 2827 ret->mode = s->mode; 2828 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); 2829 SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); 2830 ret->msg_callback = s->msg_callback; 2831 ret->msg_callback_arg = s->msg_callback_arg; 2832 SSL_set_verify(ret, SSL_get_verify_mode(s), 2833 SSL_get_verify_callback(s)); 2834 SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); 2835 ret->generate_session_id = s->generate_session_id; 2836 2837 SSL_set_info_callback(ret, SSL_get_info_callback(s)); 2838 2839 ret->debug = s->debug; 2840 2841 /* copy app data, a little dangerous perhaps */ 2842 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, 2843 &ret->ex_data, &s->ex_data)) 2844 goto err; 2845 2846 /* setup rbio, and wbio */ 2847 if (s->rbio != NULL) { 2848 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) 2849 goto err; 2850 } 2851 if (s->wbio != NULL) { 2852 if (s->wbio != s->rbio) { 2853 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) 2854 goto err; 2855 } else 2856 ret->wbio = ret->rbio; 2857 } 2858 ret->rwstate = s->rwstate; 2859 ret->in_handshake = s->in_handshake; 2860 ret->handshake_func = s->handshake_func; 2861 ret->server = s->server; 2862 ret->renegotiate = s->renegotiate; 2863 ret->new_session = s->new_session; 2864 ret->quiet_shutdown = s->quiet_shutdown; 2865 ret->shutdown = s->shutdown; 2866 /* SSL_dup does not really work at any state, though */ 2867 ret->s3->hs.state = s->s3->hs.state; 2868 ret->rstate = s->rstate; 2869 2870 /* 2871 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, 2872 * ret->init_off 2873 */ 2874 ret->init_num = 0; 2875 2876 ret->hit = s->hit; 2877 2878 X509_VERIFY_PARAM_inherit(ret->param, s->param); 2879 2880 if (s->cipher_list != NULL) { 2881 if ((ret->cipher_list = 2882 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) 2883 goto err; 2884 } 2885 if (s->cipher_list_tls13 != NULL) { 2886 if ((ret->cipher_list_tls13 = 2887 sk_SSL_CIPHER_dup(s->cipher_list_tls13)) == NULL) 2888 goto err; 2889 } 2890 2891 /* Dup the client_CA list */ 2892 if (s->client_CA != NULL) { 2893 if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; 2894 ret->client_CA = sk; 2895 for (i = 0; i < sk_X509_NAME_num(sk); i++) { 2896 xn = sk_X509_NAME_value(sk, i); 2897 if (sk_X509_NAME_set(sk, i, 2898 X509_NAME_dup(xn)) == NULL) { 2899 X509_NAME_free(xn); 2900 goto err; 2901 } 2902 } 2903 } 2904 2905 return ret; 2906 err: 2907 SSL_free(ret); 2908 return NULL; 2909 } 2910 2911 void 2912 ssl_clear_cipher_state(SSL *s) 2913 { 2914 tls12_record_layer_clear_read_state(s->rl); 2915 tls12_record_layer_clear_write_state(s->rl); 2916 } 2917 2918 void 2919 ssl_info_callback(const SSL *s, int type, int value) 2920 { 2921 ssl_info_callback_fn *cb; 2922 2923 if ((cb = s->info_callback) == NULL) 2924 cb = s->ctx->info_callback; 2925 if (cb != NULL) 2926 cb(s, type, value); 2927 } 2928 2929 void 2930 ssl_msg_callback(SSL *s, int is_write, int content_type, 2931 const void *msg_buf, size_t msg_len) 2932 { 2933 if (s->msg_callback == NULL) 2934 return; 2935 2936 s->msg_callback(is_write, s->version, content_type, 2937 msg_buf, msg_len, s, s->msg_callback_arg); 2938 } 2939 2940 void 2941 ssl_msg_callback_cbs(SSL *s, int is_write, int content_type, CBS *cbs) 2942 { 2943 ssl_msg_callback(s, is_write, content_type, CBS_data(cbs), CBS_len(cbs)); 2944 } 2945 2946 /* Fix this function so that it takes an optional type parameter */ 2947 X509 * 2948 SSL_get_certificate(const SSL *s) 2949 { 2950 return (s->cert->key->x509); 2951 } 2952 2953 /* Fix this function so that it takes an optional type parameter */ 2954 EVP_PKEY * 2955 SSL_get_privatekey(const SSL *s) 2956 { 2957 return (s->cert->key->privatekey); 2958 } 2959 2960 const SSL_CIPHER * 2961 SSL_get_current_cipher(const SSL *s) 2962 { 2963 if ((s->session != NULL) && (s->session->cipher != NULL)) 2964 return (s->session->cipher); 2965 return (NULL); 2966 } 2967 const void * 2968 SSL_get_current_compression(SSL *s) 2969 { 2970 return (NULL); 2971 } 2972 2973 const void * 2974 SSL_get_current_expansion(SSL *s) 2975 { 2976 return (NULL); 2977 } 2978 2979 size_t 2980 SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out) 2981 { 2982 size_t len = sizeof(s->s3->client_random); 2983 2984 if (out == NULL) 2985 return len; 2986 2987 if (len > max_out) 2988 len = max_out; 2989 2990 memcpy(out, s->s3->client_random, len); 2991 2992 return len; 2993 } 2994 2995 size_t 2996 SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out) 2997 { 2998 size_t len = sizeof(s->s3->server_random); 2999 3000 if (out == NULL) 3001 return len; 3002 3003 if (len > max_out) 3004 len = max_out; 3005 3006 memcpy(out, s->s3->server_random, len); 3007 3008 return len; 3009 } 3010 3011 int 3012 ssl_init_wbio_buffer(SSL *s, int push) 3013 { 3014 BIO *bbio; 3015 3016 if (s->bbio == NULL) { 3017 bbio = BIO_new(BIO_f_buffer()); 3018 if (bbio == NULL) 3019 return (0); 3020 s->bbio = bbio; 3021 } else { 3022 bbio = s->bbio; 3023 if (s->bbio == s->wbio) 3024 s->wbio = BIO_pop(s->wbio); 3025 } 3026 (void)BIO_reset(bbio); 3027 /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ 3028 if (!BIO_set_read_buffer_size(bbio, 1)) { 3029 SSLerror(s, ERR_R_BUF_LIB); 3030 return (0); 3031 } 3032 if (push) { 3033 if (s->wbio != bbio) 3034 s->wbio = BIO_push(bbio, s->wbio); 3035 } else { 3036 if (s->wbio == bbio) 3037 s->wbio = BIO_pop(bbio); 3038 } 3039 return (1); 3040 } 3041 3042 void 3043 ssl_free_wbio_buffer(SSL *s) 3044 { 3045 if (s == NULL) 3046 return; 3047 3048 if (s->bbio == NULL) 3049 return; 3050 3051 if (s->bbio == s->wbio) { 3052 /* remove buffering */ 3053 s->wbio = BIO_pop(s->wbio); 3054 } 3055 BIO_free(s->bbio); 3056 s->bbio = NULL; 3057 } 3058 3059 void 3060 SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) 3061 { 3062 ctx->quiet_shutdown = mode; 3063 } 3064 3065 int 3066 SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) 3067 { 3068 return (ctx->quiet_shutdown); 3069 } 3070 3071 void 3072 SSL_set_quiet_shutdown(SSL *s, int mode) 3073 { 3074 s->quiet_shutdown = mode; 3075 } 3076 3077 int 3078 SSL_get_quiet_shutdown(const SSL *s) 3079 { 3080 return (s->quiet_shutdown); 3081 } 3082 3083 void 3084 SSL_set_shutdown(SSL *s, int mode) 3085 { 3086 s->shutdown = mode; 3087 } 3088 3089 int 3090 SSL_get_shutdown(const SSL *s) 3091 { 3092 return (s->shutdown); 3093 } 3094 3095 int 3096 SSL_version(const SSL *s) 3097 { 3098 return (s->version); 3099 } 3100 3101 SSL_CTX * 3102 SSL_get_SSL_CTX(const SSL *ssl) 3103 { 3104 return (ssl->ctx); 3105 } 3106 3107 SSL_CTX * 3108 SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) 3109 { 3110 SSL_CERT *new_cert; 3111 3112 if (ctx == NULL) 3113 ctx = ssl->initial_ctx; 3114 if (ssl->ctx == ctx) 3115 return (ssl->ctx); 3116 3117 if ((new_cert = ssl_cert_dup(ctx->cert)) == NULL) 3118 return NULL; 3119 ssl_cert_free(ssl->cert); 3120 ssl->cert = new_cert; 3121 3122 SSL_CTX_up_ref(ctx); 3123 SSL_CTX_free(ssl->ctx); /* decrement reference count */ 3124 ssl->ctx = ctx; 3125 3126 return (ssl->ctx); 3127 } 3128 3129 int 3130 SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 3131 { 3132 return (X509_STORE_set_default_paths(ctx->cert_store)); 3133 } 3134 3135 int 3136 SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 3137 const char *CApath) 3138 { 3139 return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); 3140 } 3141 3142 int 3143 SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len) 3144 { 3145 return (X509_STORE_load_mem(ctx->cert_store, buf, len)); 3146 } 3147 3148 void 3149 SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val)) 3150 { 3151 ssl->info_callback = cb; 3152 } 3153 3154 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val) 3155 { 3156 return (ssl->info_callback); 3157 } 3158 3159 int 3160 SSL_state(const SSL *ssl) 3161 { 3162 return (ssl->s3->hs.state); 3163 } 3164 3165 void 3166 SSL_set_state(SSL *ssl, int state) 3167 { 3168 ssl->s3->hs.state = state; 3169 } 3170 3171 void 3172 SSL_set_verify_result(SSL *ssl, long arg) 3173 { 3174 ssl->verify_result = arg; 3175 } 3176 3177 long 3178 SSL_get_verify_result(const SSL *ssl) 3179 { 3180 return (ssl->verify_result); 3181 } 3182 3183 int 3184 SSL_verify_client_post_handshake(SSL *ssl) 3185 { 3186 return 0; 3187 } 3188 3189 void 3190 SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val) 3191 { 3192 return; 3193 } 3194 3195 void 3196 SSL_set_post_handshake_auth(SSL *ssl, int val) 3197 { 3198 return; 3199 } 3200 3201 int 3202 SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 3203 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 3204 { 3205 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, 3206 new_func, dup_func, free_func)); 3207 } 3208 3209 int 3210 SSL_set_ex_data(SSL *s, int idx, void *arg) 3211 { 3212 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); 3213 } 3214 3215 void * 3216 SSL_get_ex_data(const SSL *s, int idx) 3217 { 3218 return (CRYPTO_get_ex_data(&s->ex_data, idx)); 3219 } 3220 3221 int 3222 SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 3223 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 3224 { 3225 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, 3226 new_func, dup_func, free_func)); 3227 } 3228 3229 int 3230 SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) 3231 { 3232 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); 3233 } 3234 3235 void * 3236 SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) 3237 { 3238 return (CRYPTO_get_ex_data(&s->ex_data, idx)); 3239 } 3240 3241 int 3242 ssl_ok(SSL *s) 3243 { 3244 return (1); 3245 } 3246 3247 X509_STORE * 3248 SSL_CTX_get_cert_store(const SSL_CTX *ctx) 3249 { 3250 return (ctx->cert_store); 3251 } 3252 3253 void 3254 SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) 3255 { 3256 X509_STORE_free(ctx->cert_store); 3257 ctx->cert_store = store; 3258 } 3259 3260 X509 * 3261 SSL_CTX_get0_certificate(const SSL_CTX *ctx) 3262 { 3263 if (ctx->cert == NULL) 3264 return NULL; 3265 3266 return ctx->cert->key->x509; 3267 } 3268 3269 EVP_PKEY * 3270 SSL_CTX_get0_privatekey(const SSL_CTX *ctx) 3271 { 3272 if (ctx->cert == NULL) 3273 return NULL; 3274 3275 return ctx->cert->key->privatekey; 3276 } 3277 3278 int 3279 SSL_want(const SSL *s) 3280 { 3281 return (s->rwstate); 3282 } 3283 3284 void 3285 SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, 3286 int keylength)) 3287 { 3288 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); 3289 } 3290 3291 void 3292 SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, 3293 int keylength)) 3294 { 3295 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); 3296 } 3297 3298 void 3299 SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, 3300 int keylength)) 3301 { 3302 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); 3303 } 3304 3305 void 3306 SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, 3307 int keylength)) 3308 { 3309 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); 3310 } 3311 3312 void 3313 SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, 3314 int is_export, int keylength)) 3315 { 3316 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, 3317 (void (*)(void))ecdh); 3318 } 3319 3320 void 3321 SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, 3322 int keylength)) 3323 { 3324 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); 3325 } 3326 3327 3328 void 3329 SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, 3330 int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3331 { 3332 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, 3333 (void (*)(void))cb); 3334 } 3335 3336 void 3337 SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, 3338 int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3339 { 3340 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3341 } 3342 3343 void 3344 SSL_set_debug(SSL *s, int debug) 3345 { 3346 s->debug = debug; 3347 } 3348 3349 int 3350 SSL_cache_hit(SSL *s) 3351 { 3352 return (s->hit); 3353 } 3354 3355 int 3356 SSL_CTX_get_min_proto_version(SSL_CTX *ctx) 3357 { 3358 return ctx->min_proto_version; 3359 } 3360 3361 int 3362 SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) 3363 { 3364 return ssl_version_set_min(ctx->method, version, 3365 ctx->max_tls_version, &ctx->min_tls_version, 3366 &ctx->min_proto_version); 3367 } 3368 3369 int 3370 SSL_CTX_get_max_proto_version(SSL_CTX *ctx) 3371 { 3372 return ctx->max_proto_version; 3373 } 3374 3375 int 3376 SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) 3377 { 3378 return ssl_version_set_max(ctx->method, version, 3379 ctx->min_tls_version, &ctx->max_tls_version, 3380 &ctx->max_proto_version); 3381 } 3382 3383 int 3384 SSL_get_min_proto_version(SSL *ssl) 3385 { 3386 return ssl->min_proto_version; 3387 } 3388 3389 int 3390 SSL_set_min_proto_version(SSL *ssl, uint16_t version) 3391 { 3392 return ssl_version_set_min(ssl->method, version, 3393 ssl->max_tls_version, &ssl->min_tls_version, 3394 &ssl->min_proto_version); 3395 } 3396 int 3397 SSL_get_max_proto_version(SSL *ssl) 3398 { 3399 return ssl->max_proto_version; 3400 } 3401 3402 int 3403 SSL_set_max_proto_version(SSL *ssl, uint16_t version) 3404 { 3405 return ssl_version_set_max(ssl->method, version, 3406 ssl->min_tls_version, &ssl->max_tls_version, 3407 &ssl->max_proto_version); 3408 } 3409 3410 const SSL_METHOD * 3411 SSL_CTX_get_ssl_method(const SSL_CTX *ctx) 3412 { 3413 return ctx->method; 3414 } 3415 3416 int 3417 SSL_CTX_get_security_level(const SSL_CTX *ctx) 3418 { 3419 return ctx->cert->security_level; 3420 } 3421 3422 void 3423 SSL_CTX_set_security_level(SSL_CTX *ctx, int level) 3424 { 3425 ctx->cert->security_level = level; 3426 } 3427 3428 int 3429 SSL_get_security_level(const SSL *ssl) 3430 { 3431 return ssl->cert->security_level; 3432 } 3433 3434 void 3435 SSL_set_security_level(SSL *ssl, int level) 3436 { 3437 ssl->cert->security_level = level; 3438 } 3439 3440 int 3441 SSL_is_quic(const SSL *ssl) 3442 { 3443 return ssl->quic_method != NULL; 3444 } 3445 3446 int 3447 SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, 3448 size_t params_len) 3449 { 3450 freezero(ssl->quic_transport_params, 3451 ssl->quic_transport_params_len); 3452 ssl->quic_transport_params = NULL; 3453 ssl->quic_transport_params_len = 0; 3454 3455 if ((ssl->quic_transport_params = malloc(params_len)) == NULL) 3456 return 0; 3457 3458 memcpy(ssl->quic_transport_params, params, params_len); 3459 ssl->quic_transport_params_len = params_len; 3460 3461 return 1; 3462 } 3463 3464 void 3465 SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params, 3466 size_t *out_params_len) 3467 { 3468 *out_params = ssl->s3->peer_quic_transport_params; 3469 *out_params_len = ssl->s3->peer_quic_transport_params_len; 3470 } 3471 3472 void 3473 SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy) 3474 { 3475 /* Not supported. */ 3476 } 3477 3478 static int 3479 ssl_cipher_id_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) 3480 { 3481 SSL_CIPHER const *a = a_; 3482 SSL_CIPHER const *b = b_; 3483 return ssl_cipher_id_cmp(a, b); 3484 } 3485 3486 SSL_CIPHER * 3487 OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num) 3488 { 3489 return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER), 3490 ssl_cipher_id_cmp_BSEARCH_CMP_FN); 3491 } 3492