xref: /openbsd-src/lib/libssl/ssl_lib.c (revision 46035553bfdd96e63c94e32da0210227ec2e3cf1)
1 /* $OpenBSD: ssl_lib.c,v 1.239 2020/12/01 07:46:01 tb Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  * ECC cipher suite support in OpenSSL originally developed by
114  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115  */
116 /* ====================================================================
117  * Copyright 2005 Nokia. All rights reserved.
118  *
119  * The portions of the attached software ("Contribution") is developed by
120  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121  * license.
122  *
123  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125  * support (see RFC 4279) to OpenSSL.
126  *
127  * No patent licenses or other rights except those expressly stated in
128  * the OpenSSL open source license shall be deemed granted or received
129  * expressly, by implication, estoppel, or otherwise.
130  *
131  * No assurances are provided by Nokia that the Contribution does not
132  * infringe the patent or other intellectual property rights of any third
133  * party or that the license provides you with all the necessary rights
134  * to make use of the Contribution.
135  *
136  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140  * OTHERWISE.
141  */
142 
143 #include <arpa/inet.h>
144 #include <sys/socket.h>
145 #include <netinet/in.h>
146 
147 #include <stdio.h>
148 
149 #include "ssl_locl.h"
150 
151 #include <openssl/bn.h>
152 #include <openssl/dh.h>
153 #include <openssl/lhash.h>
154 #include <openssl/objects.h>
155 #include <openssl/ocsp.h>
156 #include <openssl/x509v3.h>
157 
158 #ifndef OPENSSL_NO_ENGINE
159 #include <openssl/engine.h>
160 #endif
161 
162 #include "bytestring.h"
163 #include "ssl_sigalgs.h"
164 
165 const char *SSL_version_str = OPENSSL_VERSION_TEXT;
166 
167 int
168 SSL_clear(SSL *s)
169 {
170 	if (s->method == NULL) {
171 		SSLerror(s, SSL_R_NO_METHOD_SPECIFIED);
172 		return (0);
173 	}
174 
175 	if (ssl_clear_bad_session(s)) {
176 		SSL_SESSION_free(s->session);
177 		s->session = NULL;
178 	}
179 
180 	s->error = 0;
181 	s->internal->hit = 0;
182 	s->internal->shutdown = 0;
183 
184 	if (s->internal->renegotiate) {
185 		SSLerror(s, ERR_R_INTERNAL_ERROR);
186 		return (0);
187 	}
188 
189 	s->internal->type = 0;
190 
191 	s->version = s->method->internal->version;
192 	s->client_version = s->version;
193 	s->internal->rwstate = SSL_NOTHING;
194 	s->internal->rstate = SSL_ST_READ_HEADER;
195 
196 	tls13_ctx_free(s->internal->tls13);
197 	s->internal->tls13 = NULL;
198 
199 	ssl3_release_init_buffer(s);
200 
201 	ssl_clear_cipher_state(s);
202 
203 	s->internal->first_packet = 0;
204 
205 	/*
206 	 * Check to see if we were changed into a different method, if
207 	 * so, revert back if we are not doing session-id reuse.
208 	 */
209 	if (!s->internal->in_handshake && (s->session == NULL) &&
210 	    (s->method != s->ctx->method)) {
211 		s->method->internal->ssl_free(s);
212 		s->method = s->ctx->method;
213 		if (!s->method->internal->ssl_new(s))
214 			return (0);
215 	} else
216 		s->method->internal->ssl_clear(s);
217 
218 	return (1);
219 }
220 
221 /* Used to change an SSL_CTXs default SSL method type */
222 int
223 SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
224 {
225 	STACK_OF(SSL_CIPHER) *ciphers;
226 
227 	ctx->method = meth;
228 
229 	ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
230 	    ctx->internal->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST);
231 	if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) {
232 		SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
233 		return (0);
234 	}
235 	return (1);
236 }
237 
238 SSL *
239 SSL_new(SSL_CTX *ctx)
240 {
241 	SSL *s;
242 
243 	if (ctx == NULL) {
244 		SSLerrorx(SSL_R_NULL_SSL_CTX);
245 		return (NULL);
246 	}
247 	if (ctx->method == NULL) {
248 		SSLerrorx(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
249 		return (NULL);
250 	}
251 
252 	if ((s = calloc(1, sizeof(*s))) == NULL)
253 		goto err;
254 	if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL)
255 		goto err;
256 
257 	s->internal->min_version = ctx->internal->min_version;
258 	s->internal->max_version = ctx->internal->max_version;
259 
260 	s->internal->options = ctx->internal->options;
261 	s->internal->mode = ctx->internal->mode;
262 	s->internal->max_cert_list = ctx->internal->max_cert_list;
263 
264 	if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL)
265 		goto err;
266 
267 	s->internal->read_ahead = ctx->internal->read_ahead;
268 	s->internal->msg_callback = ctx->internal->msg_callback;
269 	s->internal->msg_callback_arg = ctx->internal->msg_callback_arg;
270 	s->verify_mode = ctx->verify_mode;
271 	s->sid_ctx_length = ctx->sid_ctx_length;
272 	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
273 	memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
274 	s->internal->verify_callback = ctx->internal->default_verify_callback;
275 	s->internal->generate_session_id = ctx->internal->generate_session_id;
276 
277 	s->param = X509_VERIFY_PARAM_new();
278 	if (!s->param)
279 		goto err;
280 	X509_VERIFY_PARAM_inherit(s->param, ctx->param);
281 	s->internal->quiet_shutdown = ctx->internal->quiet_shutdown;
282 	s->max_send_fragment = ctx->internal->max_send_fragment;
283 
284 	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
285 	s->ctx = ctx;
286 	s->internal->tlsext_debug_cb = 0;
287 	s->internal->tlsext_debug_arg = NULL;
288 	s->internal->tlsext_ticket_expected = 0;
289 	s->tlsext_status_type = -1;
290 	s->internal->tlsext_status_expected = 0;
291 	s->internal->tlsext_ocsp_ids = NULL;
292 	s->internal->tlsext_ocsp_exts = NULL;
293 	s->internal->tlsext_ocsp_resp = NULL;
294 	s->internal->tlsext_ocsp_resp_len = 0;
295 	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
296 	s->initial_ctx = ctx;
297 
298 	if (ctx->internal->tlsext_ecpointformatlist != NULL) {
299 		s->internal->tlsext_ecpointformatlist =
300 		    calloc(ctx->internal->tlsext_ecpointformatlist_length,
301 			sizeof(ctx->internal->tlsext_ecpointformatlist[0]));
302 		if (s->internal->tlsext_ecpointformatlist == NULL)
303 			goto err;
304 		memcpy(s->internal->tlsext_ecpointformatlist,
305 		    ctx->internal->tlsext_ecpointformatlist,
306 		    ctx->internal->tlsext_ecpointformatlist_length *
307 		    sizeof(ctx->internal->tlsext_ecpointformatlist[0]));
308 		s->internal->tlsext_ecpointformatlist_length =
309 		    ctx->internal->tlsext_ecpointformatlist_length;
310 	}
311 	if (ctx->internal->tlsext_supportedgroups != NULL) {
312 		s->internal->tlsext_supportedgroups =
313 		    calloc(ctx->internal->tlsext_supportedgroups_length,
314 			sizeof(ctx->internal->tlsext_supportedgroups[0]));
315 		if (s->internal->tlsext_supportedgroups == NULL)
316 			goto err;
317 		memcpy(s->internal->tlsext_supportedgroups,
318 		    ctx->internal->tlsext_supportedgroups,
319 		    ctx->internal->tlsext_supportedgroups_length *
320 		    sizeof(ctx->internal->tlsext_supportedgroups[0]));
321 		s->internal->tlsext_supportedgroups_length =
322 		    ctx->internal->tlsext_supportedgroups_length;
323 	}
324 
325 	if (s->ctx->internal->alpn_client_proto_list != NULL) {
326 		s->internal->alpn_client_proto_list =
327 		    malloc(s->ctx->internal->alpn_client_proto_list_len);
328 		if (s->internal->alpn_client_proto_list == NULL)
329 			goto err;
330 		memcpy(s->internal->alpn_client_proto_list,
331 		    s->ctx->internal->alpn_client_proto_list,
332 		    s->ctx->internal->alpn_client_proto_list_len);
333 		s->internal->alpn_client_proto_list_len =
334 		    s->ctx->internal->alpn_client_proto_list_len;
335 	}
336 
337 	s->verify_result = X509_V_OK;
338 
339 	s->method = ctx->method;
340 
341 	if (!s->method->internal->ssl_new(s))
342 		goto err;
343 
344 	if ((s->internal->rl = tls12_record_layer_new()) == NULL)
345 		goto err;
346 
347 	s->references = 1;
348 	s->server = ctx->method->internal->server;
349 
350 	SSL_clear(s);
351 
352 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data);
353 
354 	return (s);
355 
356  err:
357 	SSL_free(s);
358 	SSLerrorx(ERR_R_MALLOC_FAILURE);
359 	return (NULL);
360 }
361 
362 int
363 SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
364     unsigned int sid_ctx_len)
365 {
366 	if (sid_ctx_len > sizeof ctx->sid_ctx) {
367 		SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
368 		return (0);
369 	}
370 	ctx->sid_ctx_length = sid_ctx_len;
371 	memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
372 
373 	return (1);
374 }
375 
376 int
377 SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
378     unsigned int sid_ctx_len)
379 {
380 	if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
381 		SSLerror(ssl, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
382 		return (0);
383 	}
384 	ssl->sid_ctx_length = sid_ctx_len;
385 	memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
386 
387 	return (1);
388 }
389 
390 int
391 SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
392 {
393 	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
394 	ctx->internal->generate_session_id = cb;
395 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
396 	return (1);
397 }
398 
399 int
400 SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
401 {
402 	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
403 	ssl->internal->generate_session_id = cb;
404 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
405 	return (1);
406 }
407 
408 int
409 SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
410     unsigned int id_len)
411 {
412 	/*
413 	 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
414 	 * shows how we can "construct" a session to give us the desired
415 	 * check - ie. to find if there's a session in the hash table
416 	 * that would conflict with any new session built out of this
417 	 * id/id_len and the ssl_version in use by this SSL.
418 	 */
419 	SSL_SESSION r, *p;
420 
421 	if (id_len > sizeof r.session_id)
422 		return (0);
423 
424 	r.ssl_version = ssl->version;
425 	r.session_id_length = id_len;
426 	memcpy(r.session_id, id, id_len);
427 
428 	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
429 	p = lh_SSL_SESSION_retrieve(ssl->ctx->internal->sessions, &r);
430 	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
431 	return (p != NULL);
432 }
433 
434 int
435 SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
436 {
437 	return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
438 }
439 
440 int
441 SSL_set_purpose(SSL *s, int purpose)
442 {
443 	return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
444 }
445 
446 int
447 SSL_CTX_set_trust(SSL_CTX *s, int trust)
448 {
449 	return (X509_VERIFY_PARAM_set_trust(s->param, trust));
450 }
451 
452 int
453 SSL_set_trust(SSL *s, int trust)
454 {
455 	return (X509_VERIFY_PARAM_set_trust(s->param, trust));
456 }
457 
458 int
459 SSL_set1_host(SSL *s, const char *hostname)
460 {
461 	struct in_addr ina;
462 	struct in6_addr in6a;
463 
464 	if (hostname != NULL && *hostname != '\0' &&
465 	    (inet_pton(AF_INET, hostname, &ina) == 1 ||
466 	    inet_pton(AF_INET6, hostname, &in6a) == 1))
467 		return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname);
468 	else
469 		return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
470 }
471 
472 const char *
473 SSL_get0_peername(SSL *s)
474 {
475 	return X509_VERIFY_PARAM_get0_peername(s->param);
476 }
477 
478 X509_VERIFY_PARAM *
479 SSL_CTX_get0_param(SSL_CTX *ctx)
480 {
481 	return (ctx->param);
482 }
483 
484 int
485 SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
486 {
487 	return (X509_VERIFY_PARAM_set1(ctx->param, vpm));
488 }
489 
490 X509_VERIFY_PARAM *
491 SSL_get0_param(SSL *ssl)
492 {
493 	return (ssl->param);
494 }
495 
496 int
497 SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
498 {
499 	return (X509_VERIFY_PARAM_set1(ssl->param, vpm));
500 }
501 
502 void
503 SSL_free(SSL *s)
504 {
505 	int	i;
506 
507 	if (s == NULL)
508 		return;
509 
510 	i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
511 	if (i > 0)
512 		return;
513 
514 	X509_VERIFY_PARAM_free(s->param);
515 
516 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data);
517 
518 	if (s->bbio != NULL) {
519 		/* If the buffering BIO is in place, pop it off */
520 		if (s->bbio == s->wbio) {
521 			s->wbio = BIO_pop(s->wbio);
522 		}
523 		BIO_free(s->bbio);
524 		s->bbio = NULL;
525 	}
526 
527 	if (s->rbio != s->wbio)
528 		BIO_free_all(s->rbio);
529 	BIO_free_all(s->wbio);
530 
531 	tls13_ctx_free(s->internal->tls13);
532 
533 	ssl3_release_init_buffer(s);
534 
535 	sk_SSL_CIPHER_free(s->cipher_list);
536 	sk_SSL_CIPHER_free(s->internal->cipher_list_tls13);
537 
538 	/* Make the next call work :-) */
539 	if (s->session != NULL) {
540 		ssl_clear_bad_session(s);
541 		SSL_SESSION_free(s->session);
542 	}
543 
544 	ssl_clear_cipher_state(s);
545 
546 	ssl_cert_free(s->cert);
547 
548 	free(s->tlsext_hostname);
549 	SSL_CTX_free(s->initial_ctx);
550 
551 	free(s->internal->tlsext_ecpointformatlist);
552 	free(s->internal->tlsext_supportedgroups);
553 
554 	sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
555 	    X509_EXTENSION_free);
556 	sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free);
557 	free(s->internal->tlsext_ocsp_resp);
558 
559 	sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free);
560 
561 	if (s->method != NULL)
562 		s->method->internal->ssl_free(s);
563 
564 	SSL_CTX_free(s->ctx);
565 
566 	free(s->internal->alpn_client_proto_list);
567 
568 #ifndef OPENSSL_NO_SRTP
569 	sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles);
570 #endif
571 
572 	tls12_record_layer_free(s->internal->rl);
573 
574 	free(s->internal);
575 	free(s);
576 }
577 
578 int
579 SSL_up_ref(SSL *s)
580 {
581 	int refs = CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL);
582 	return (refs > 1) ? 1 : 0;
583 }
584 
585 void
586 SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
587 {
588 	/* If the output buffering BIO is still in place, remove it */
589 	if (s->bbio != NULL) {
590 		if (s->wbio == s->bbio) {
591 			s->wbio = s->wbio->next_bio;
592 			s->bbio->next_bio = NULL;
593 		}
594 	}
595 
596 	if (s->rbio != rbio && s->rbio != s->wbio)
597 		BIO_free_all(s->rbio);
598 	if (s->wbio != wbio)
599 		BIO_free_all(s->wbio);
600 	s->rbio = rbio;
601 	s->wbio = wbio;
602 }
603 
604 BIO *
605 SSL_get_rbio(const SSL *s)
606 {
607 	return (s->rbio);
608 }
609 
610 BIO *
611 SSL_get_wbio(const SSL *s)
612 {
613 	return (s->wbio);
614 }
615 
616 int
617 SSL_get_fd(const SSL *s)
618 {
619 	return (SSL_get_rfd(s));
620 }
621 
622 int
623 SSL_get_rfd(const SSL *s)
624 {
625 	int	 ret = -1;
626 	BIO	*b, *r;
627 
628 	b = SSL_get_rbio(s);
629 	r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
630 	if (r != NULL)
631 		BIO_get_fd(r, &ret);
632 	return (ret);
633 }
634 
635 int
636 SSL_get_wfd(const SSL *s)
637 {
638 	int	 ret = -1;
639 	BIO	*b, *r;
640 
641 	b = SSL_get_wbio(s);
642 	r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
643 	if (r != NULL)
644 		BIO_get_fd(r, &ret);
645 	return (ret);
646 }
647 
648 int
649 SSL_set_fd(SSL *s, int fd)
650 {
651 	int	 ret = 0;
652 	BIO	*bio = NULL;
653 
654 	bio = BIO_new(BIO_s_socket());
655 
656 	if (bio == NULL) {
657 		SSLerror(s, ERR_R_BUF_LIB);
658 		goto err;
659 	}
660 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
661 	SSL_set_bio(s, bio, bio);
662 	ret = 1;
663 err:
664 	return (ret);
665 }
666 
667 int
668 SSL_set_wfd(SSL *s, int fd)
669 {
670 	int	 ret = 0;
671 	BIO	*bio = NULL;
672 
673 	if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
674 	    || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
675 		bio = BIO_new(BIO_s_socket());
676 
677 		if (bio == NULL) {
678 			SSLerror(s, ERR_R_BUF_LIB);
679 			goto err;
680 		}
681 		BIO_set_fd(bio, fd, BIO_NOCLOSE);
682 		SSL_set_bio(s, SSL_get_rbio(s), bio);
683 	} else
684 		SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
685 	ret = 1;
686 err:
687 	return (ret);
688 }
689 
690 int
691 SSL_set_rfd(SSL *s, int fd)
692 {
693 	int	 ret = 0;
694 	BIO	*bio = NULL;
695 
696 	if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
697 	    || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
698 		bio = BIO_new(BIO_s_socket());
699 
700 		if (bio == NULL) {
701 			SSLerror(s, ERR_R_BUF_LIB);
702 			goto err;
703 		}
704 		BIO_set_fd(bio, fd, BIO_NOCLOSE);
705 		SSL_set_bio(s, bio, SSL_get_wbio(s));
706 	} else
707 		SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
708 	ret = 1;
709 err:
710 	return (ret);
711 }
712 
713 
714 /* return length of latest Finished message we sent, copy to 'buf' */
715 size_t
716 SSL_get_finished(const SSL *s, void *buf, size_t count)
717 {
718 	size_t	ret;
719 
720 	ret = S3I(s)->tmp.finish_md_len;
721 	if (count > ret)
722 		count = ret;
723 	memcpy(buf, S3I(s)->tmp.finish_md, count);
724 	return (ret);
725 }
726 
727 /* return length of latest Finished message we expected, copy to 'buf' */
728 size_t
729 SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
730 {
731 	size_t	ret;
732 
733 	ret = S3I(s)->tmp.peer_finish_md_len;
734 	if (count > ret)
735 		count = ret;
736 	memcpy(buf, S3I(s)->tmp.peer_finish_md, count);
737 	return (ret);
738 }
739 
740 
741 int
742 SSL_get_verify_mode(const SSL *s)
743 {
744 	return (s->verify_mode);
745 }
746 
747 int
748 SSL_get_verify_depth(const SSL *s)
749 {
750 	return (X509_VERIFY_PARAM_get_depth(s->param));
751 }
752 
753 int
754 (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
755 {
756 	return (s->internal->verify_callback);
757 }
758 
759 int
760 SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
761 {
762 	return (ctx->verify_mode);
763 }
764 
765 int
766 SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
767 {
768 	return (X509_VERIFY_PARAM_get_depth(ctx->param));
769 }
770 
771 int
772 (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
773 {
774 	return (ctx->internal->default_verify_callback);
775 }
776 
777 void
778 SSL_set_verify(SSL *s, int mode,
779     int (*callback)(int ok, X509_STORE_CTX *ctx))
780 {
781 	s->verify_mode = mode;
782 	if (callback != NULL)
783 		s->internal->verify_callback = callback;
784 }
785 
786 void
787 SSL_set_verify_depth(SSL *s, int depth)
788 {
789 	X509_VERIFY_PARAM_set_depth(s->param, depth);
790 }
791 
792 void
793 SSL_set_read_ahead(SSL *s, int yes)
794 {
795 	s->internal->read_ahead = yes;
796 }
797 
798 int
799 SSL_get_read_ahead(const SSL *s)
800 {
801 	return (s->internal->read_ahead);
802 }
803 
804 int
805 SSL_pending(const SSL *s)
806 {
807 	return (s->method->internal->ssl_pending(s));
808 }
809 
810 X509 *
811 SSL_get_peer_certificate(const SSL *s)
812 {
813 	X509	*r;
814 
815 	if ((s == NULL) || (s->session == NULL))
816 		r = NULL;
817 	else
818 		r = s->session->peer;
819 
820 	if (r == NULL)
821 		return (r);
822 
823 	CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509);
824 
825 	return (r);
826 }
827 
828 STACK_OF(X509) *
829 SSL_get_peer_cert_chain(const SSL *s)
830 {
831 	STACK_OF(X509)	*r;
832 
833 	if ((s == NULL) || (s->session == NULL) ||
834 	    (SSI(s)->sess_cert == NULL))
835 		r = NULL;
836 	else
837 		r = SSI(s)->sess_cert->cert_chain;
838 
839 	/*
840 	 * If we are a client, cert_chain includes the peer's own
841 	 * certificate;
842 	 * if we are a server, it does not.
843 	 */
844 	return (r);
845 }
846 
847 /*
848  * Now in theory, since the calling process own 't' it should be safe to
849  * modify.  We need to be able to read f without being hassled
850  */
851 int
852 SSL_copy_session_id(SSL *t, const SSL *f)
853 {
854 	CERT	*tmp;
855 
856 	/* Do we need to do SSL locking? */
857 	if (!SSL_set_session(t, SSL_get_session(f)))
858 		return 0;
859 
860 	/* What if we are set up for one protocol but want to talk another? */
861 	if (t->method != f->method) {
862 		t->method->internal->ssl_free(t);
863 		t->method = f->method;
864 		if (!t->method->internal->ssl_new(t))
865 			return 0;
866 	}
867 
868 	tmp = t->cert;
869 	if (f->cert != NULL) {
870 		CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
871 		t->cert = f->cert;
872 	} else
873 		t->cert = NULL;
874 	ssl_cert_free(tmp);
875 
876 	if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length))
877 		return 0;
878 
879 	return 1;
880 }
881 
882 /* Fix this so it checks all the valid key/cert options */
883 int
884 SSL_CTX_check_private_key(const SSL_CTX *ctx)
885 {
886 	if ((ctx == NULL) || (ctx->internal->cert == NULL) ||
887 	    (ctx->internal->cert->key->x509 == NULL)) {
888 		SSLerrorx(SSL_R_NO_CERTIFICATE_ASSIGNED);
889 		return (0);
890 	}
891 	if (ctx->internal->cert->key->privatekey == NULL) {
892 		SSLerrorx(SSL_R_NO_PRIVATE_KEY_ASSIGNED);
893 		return (0);
894 	}
895 	return (X509_check_private_key(ctx->internal->cert->key->x509,
896 	    ctx->internal->cert->key->privatekey));
897 }
898 
899 /* Fix this function so that it takes an optional type parameter */
900 int
901 SSL_check_private_key(const SSL *ssl)
902 {
903 	if (ssl == NULL) {
904 		SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
905 		return (0);
906 	}
907 	if (ssl->cert == NULL) {
908 		SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED);
909 		return (0);
910 	}
911 	if (ssl->cert->key->x509 == NULL) {
912 		SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED);
913 		return (0);
914 	}
915 	if (ssl->cert->key->privatekey == NULL) {
916 		SSLerror(ssl, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
917 		return (0);
918 	}
919 	return (X509_check_private_key(ssl->cert->key->x509,
920 	    ssl->cert->key->privatekey));
921 }
922 
923 int
924 SSL_accept(SSL *s)
925 {
926 	if (s->internal->handshake_func == NULL)
927 		SSL_set_accept_state(s); /* Not properly initialized yet */
928 
929 	return (s->method->internal->ssl_accept(s));
930 }
931 
932 int
933 SSL_connect(SSL *s)
934 {
935 	if (s->internal->handshake_func == NULL)
936 		SSL_set_connect_state(s); /* Not properly initialized yet */
937 
938 	return (s->method->internal->ssl_connect(s));
939 }
940 
941 int
942 SSL_is_dtls(const SSL *s)
943 {
944 	return s->method->internal->dtls;
945 }
946 
947 int
948 SSL_is_server(const SSL *s)
949 {
950 	return s->server;
951 }
952 
953 static long
954 ssl_get_default_timeout()
955 {
956 	/*
957 	 * 2 hours, the 24 hours mentioned in the TLSv1 spec
958 	 * is way too long for http, the cache would over fill.
959 	 */
960 	return (2 * 60 * 60);
961 }
962 
963 long
964 SSL_get_default_timeout(const SSL *s)
965 {
966 	return (ssl_get_default_timeout());
967 }
968 
969 int
970 SSL_read(SSL *s, void *buf, int num)
971 {
972 	if (s->internal->handshake_func == NULL) {
973 		SSLerror(s, SSL_R_UNINITIALIZED);
974 		return (-1);
975 	}
976 
977 	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
978 		s->internal->rwstate = SSL_NOTHING;
979 		return (0);
980 	}
981 	return ssl3_read(s, buf, num);
982 }
983 
984 int
985 SSL_peek(SSL *s, void *buf, int num)
986 {
987 	if (s->internal->handshake_func == NULL) {
988 		SSLerror(s, SSL_R_UNINITIALIZED);
989 		return (-1);
990 	}
991 
992 	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
993 		return (0);
994 	}
995 	return ssl3_peek(s, buf, num);
996 }
997 
998 int
999 SSL_write(SSL *s, const void *buf, int num)
1000 {
1001 	if (s->internal->handshake_func == NULL) {
1002 		SSLerror(s, SSL_R_UNINITIALIZED);
1003 		return (-1);
1004 	}
1005 
1006 	if (s->internal->shutdown & SSL_SENT_SHUTDOWN) {
1007 		s->internal->rwstate = SSL_NOTHING;
1008 		SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN);
1009 		return (-1);
1010 	}
1011 	return ssl3_write(s, buf, num);
1012 }
1013 
1014 uint32_t
1015 SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
1016 {
1017 	return 0;
1018 }
1019 
1020 int
1021 SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
1022 {
1023 	return 1;
1024 }
1025 
1026 uint32_t
1027 SSL_get_max_early_data(const SSL *s)
1028 {
1029 	return 0;
1030 }
1031 
1032 int
1033 SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
1034 {
1035 	return 1;
1036 }
1037 
1038 int
1039 SSL_get_early_data_status(const SSL *s)
1040 {
1041 	return SSL_EARLY_DATA_REJECTED;
1042 }
1043 
1044 int
1045 SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
1046 {
1047 	*readbytes = 0;
1048 
1049 	if (!s->server) {
1050 		SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1051 		return SSL_READ_EARLY_DATA_ERROR;
1052 	}
1053 
1054 	return SSL_READ_EARLY_DATA_FINISH;
1055 }
1056 
1057 int
1058 SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
1059 {
1060 	*written = 0;
1061 	SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1062 	return 0;
1063 }
1064 
1065 int
1066 SSL_shutdown(SSL *s)
1067 {
1068 	/*
1069 	 * Note that this function behaves differently from what one might
1070 	 * expect.  Return values are 0 for no success (yet),
1071 	 * 1 for success; but calling it once is usually not enough,
1072 	 * even if blocking I/O is used (see ssl3_shutdown).
1073 	 */
1074 
1075 	if (s->internal->handshake_func == NULL) {
1076 		SSLerror(s, SSL_R_UNINITIALIZED);
1077 		return (-1);
1078 	}
1079 
1080 	if (s != NULL && !SSL_in_init(s))
1081 		return (s->method->internal->ssl_shutdown(s));
1082 
1083 	return (1);
1084 }
1085 
1086 int
1087 SSL_renegotiate(SSL *s)
1088 {
1089 	if (s->internal->renegotiate == 0)
1090 		s->internal->renegotiate = 1;
1091 
1092 	s->internal->new_session = 1;
1093 
1094 	return (s->method->internal->ssl_renegotiate(s));
1095 }
1096 
1097 int
1098 SSL_renegotiate_abbreviated(SSL *s)
1099 {
1100 	if (s->internal->renegotiate == 0)
1101 		s->internal->renegotiate = 1;
1102 
1103 	s->internal->new_session = 0;
1104 
1105 	return (s->method->internal->ssl_renegotiate(s));
1106 }
1107 
1108 int
1109 SSL_renegotiate_pending(SSL *s)
1110 {
1111 	/*
1112 	 * Becomes true when negotiation is requested;
1113 	 * false again once a handshake has finished.
1114 	 */
1115 	return (s->internal->renegotiate != 0);
1116 }
1117 
1118 long
1119 SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1120 {
1121 	long	l;
1122 
1123 	switch (cmd) {
1124 	case SSL_CTRL_GET_READ_AHEAD:
1125 		return (s->internal->read_ahead);
1126 	case SSL_CTRL_SET_READ_AHEAD:
1127 		l = s->internal->read_ahead;
1128 		s->internal->read_ahead = larg;
1129 		return (l);
1130 
1131 	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1132 		s->internal->msg_callback_arg = parg;
1133 		return (1);
1134 
1135 	case SSL_CTRL_OPTIONS:
1136 		return (s->internal->options|=larg);
1137 	case SSL_CTRL_CLEAR_OPTIONS:
1138 		return (s->internal->options&=~larg);
1139 	case SSL_CTRL_MODE:
1140 		return (s->internal->mode|=larg);
1141 	case SSL_CTRL_CLEAR_MODE:
1142 		return (s->internal->mode &=~larg);
1143 	case SSL_CTRL_GET_MAX_CERT_LIST:
1144 		return (s->internal->max_cert_list);
1145 	case SSL_CTRL_SET_MAX_CERT_LIST:
1146 		l = s->internal->max_cert_list;
1147 		s->internal->max_cert_list = larg;
1148 		return (l);
1149 	case SSL_CTRL_SET_MTU:
1150 #ifndef OPENSSL_NO_DTLS1
1151 		if (larg < (long)dtls1_min_mtu())
1152 			return (0);
1153 #endif
1154 		if (SSL_is_dtls(s)) {
1155 			D1I(s)->mtu = larg;
1156 			return (larg);
1157 		}
1158 		return (0);
1159 	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1160 		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1161 			return (0);
1162 		s->max_send_fragment = larg;
1163 		return (1);
1164 	case SSL_CTRL_GET_RI_SUPPORT:
1165 		if (s->s3)
1166 			return (S3I(s)->send_connection_binding);
1167 		else return (0);
1168 	default:
1169 		if (SSL_is_dtls(s))
1170 			return dtls1_ctrl(s, cmd, larg, parg);
1171 		return ssl3_ctrl(s, cmd, larg, parg);
1172 	}
1173 }
1174 
1175 long
1176 SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1177 {
1178 	switch (cmd) {
1179 	case SSL_CTRL_SET_MSG_CALLBACK:
1180 		s->internal->msg_callback = (void (*)(int write_p, int version,
1181 		    int content_type, const void *buf, size_t len,
1182 		    SSL *ssl, void *arg))(fp);
1183 		return (1);
1184 
1185 	default:
1186 		return (ssl3_callback_ctrl(s, cmd, fp));
1187 	}
1188 }
1189 
1190 struct lhash_st_SSL_SESSION *
1191 SSL_CTX_sessions(SSL_CTX *ctx)
1192 {
1193 	return (ctx->internal->sessions);
1194 }
1195 
1196 long
1197 SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1198 {
1199 	long	l;
1200 
1201 	switch (cmd) {
1202 	case SSL_CTRL_GET_READ_AHEAD:
1203 		return (ctx->internal->read_ahead);
1204 	case SSL_CTRL_SET_READ_AHEAD:
1205 		l = ctx->internal->read_ahead;
1206 		ctx->internal->read_ahead = larg;
1207 		return (l);
1208 
1209 	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1210 		ctx->internal->msg_callback_arg = parg;
1211 		return (1);
1212 
1213 	case SSL_CTRL_GET_MAX_CERT_LIST:
1214 		return (ctx->internal->max_cert_list);
1215 	case SSL_CTRL_SET_MAX_CERT_LIST:
1216 		l = ctx->internal->max_cert_list;
1217 		ctx->internal->max_cert_list = larg;
1218 		return (l);
1219 
1220 	case SSL_CTRL_SET_SESS_CACHE_SIZE:
1221 		l = ctx->internal->session_cache_size;
1222 		ctx->internal->session_cache_size = larg;
1223 		return (l);
1224 	case SSL_CTRL_GET_SESS_CACHE_SIZE:
1225 		return (ctx->internal->session_cache_size);
1226 	case SSL_CTRL_SET_SESS_CACHE_MODE:
1227 		l = ctx->internal->session_cache_mode;
1228 		ctx->internal->session_cache_mode = larg;
1229 		return (l);
1230 	case SSL_CTRL_GET_SESS_CACHE_MODE:
1231 		return (ctx->internal->session_cache_mode);
1232 
1233 	case SSL_CTRL_SESS_NUMBER:
1234 		return (lh_SSL_SESSION_num_items(ctx->internal->sessions));
1235 	case SSL_CTRL_SESS_CONNECT:
1236 		return (ctx->internal->stats.sess_connect);
1237 	case SSL_CTRL_SESS_CONNECT_GOOD:
1238 		return (ctx->internal->stats.sess_connect_good);
1239 	case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1240 		return (ctx->internal->stats.sess_connect_renegotiate);
1241 	case SSL_CTRL_SESS_ACCEPT:
1242 		return (ctx->internal->stats.sess_accept);
1243 	case SSL_CTRL_SESS_ACCEPT_GOOD:
1244 		return (ctx->internal->stats.sess_accept_good);
1245 	case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1246 		return (ctx->internal->stats.sess_accept_renegotiate);
1247 	case SSL_CTRL_SESS_HIT:
1248 		return (ctx->internal->stats.sess_hit);
1249 	case SSL_CTRL_SESS_CB_HIT:
1250 		return (ctx->internal->stats.sess_cb_hit);
1251 	case SSL_CTRL_SESS_MISSES:
1252 		return (ctx->internal->stats.sess_miss);
1253 	case SSL_CTRL_SESS_TIMEOUTS:
1254 		return (ctx->internal->stats.sess_timeout);
1255 	case SSL_CTRL_SESS_CACHE_FULL:
1256 		return (ctx->internal->stats.sess_cache_full);
1257 	case SSL_CTRL_OPTIONS:
1258 		return (ctx->internal->options|=larg);
1259 	case SSL_CTRL_CLEAR_OPTIONS:
1260 		return (ctx->internal->options&=~larg);
1261 	case SSL_CTRL_MODE:
1262 		return (ctx->internal->mode|=larg);
1263 	case SSL_CTRL_CLEAR_MODE:
1264 		return (ctx->internal->mode&=~larg);
1265 	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1266 		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1267 			return (0);
1268 		ctx->internal->max_send_fragment = larg;
1269 		return (1);
1270 	default:
1271 		return (ssl3_ctx_ctrl(ctx, cmd, larg, parg));
1272 	}
1273 }
1274 
1275 long
1276 SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1277 {
1278 	switch (cmd) {
1279 	case SSL_CTRL_SET_MSG_CALLBACK:
1280 		ctx->internal->msg_callback = (void (*)(int write_p, int version,
1281 		    int content_type, const void *buf, size_t len, SSL *ssl,
1282 		    void *arg))(fp);
1283 		return (1);
1284 
1285 	default:
1286 		return (ssl3_ctx_callback_ctrl(ctx, cmd, fp));
1287 	}
1288 }
1289 
1290 int
1291 ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1292 {
1293 	long	l;
1294 
1295 	l = a->id - b->id;
1296 	if (l == 0L)
1297 		return (0);
1298 	else
1299 		return ((l > 0) ? 1:-1);
1300 }
1301 
1302 STACK_OF(SSL_CIPHER) *
1303 SSL_get_ciphers(const SSL *s)
1304 {
1305 	if (s == NULL)
1306 		return (NULL);
1307 	if (s->cipher_list != NULL)
1308 		return (s->cipher_list);
1309 
1310 	return (s->ctx->cipher_list);
1311 }
1312 
1313 STACK_OF(SSL_CIPHER) *
1314 SSL_get_client_ciphers(const SSL *s)
1315 {
1316 	if (s == NULL || s->session == NULL || !s->server)
1317 		return NULL;
1318 	return s->session->ciphers;
1319 }
1320 
1321 STACK_OF(SSL_CIPHER) *
1322 SSL_get1_supported_ciphers(SSL *s)
1323 {
1324 	STACK_OF(SSL_CIPHER) *supported_ciphers = NULL, *ciphers;
1325 	const SSL_CIPHER *cipher;
1326 	uint16_t min_vers, max_vers;
1327 	int i;
1328 
1329 	if (s == NULL)
1330 		return NULL;
1331 	if (!ssl_supported_version_range(s, &min_vers, &max_vers))
1332 		return NULL;
1333 	if ((ciphers = SSL_get_ciphers(s)) == NULL)
1334 		return NULL;
1335 	if ((supported_ciphers = sk_SSL_CIPHER_new_null()) == NULL)
1336 		return NULL;
1337 
1338 	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1339 		if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
1340 			goto err;
1341 		if (!ssl_cipher_allowed_in_version_range(cipher, min_vers,
1342 		    max_vers))
1343 			continue;
1344 		if (!sk_SSL_CIPHER_push(supported_ciphers, cipher))
1345 			goto err;
1346 	}
1347 
1348 	if (sk_SSL_CIPHER_num(supported_ciphers) > 0)
1349 		return supported_ciphers;
1350 
1351  err:
1352 	sk_SSL_CIPHER_free(supported_ciphers);
1353 	return NULL;
1354 }
1355 
1356 /* See if we have any ECC cipher suites. */
1357 int
1358 ssl_has_ecc_ciphers(SSL *s)
1359 {
1360 	STACK_OF(SSL_CIPHER) *ciphers;
1361 	unsigned long alg_k, alg_a;
1362 	SSL_CIPHER *cipher;
1363 	int i;
1364 
1365 	if (s->version == DTLS1_VERSION)
1366 		return 0;
1367 	if ((ciphers = SSL_get_ciphers(s)) == NULL)
1368 		return 0;
1369 
1370 	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1371 		cipher = sk_SSL_CIPHER_value(ciphers, i);
1372 
1373 		alg_k = cipher->algorithm_mkey;
1374 		alg_a = cipher->algorithm_auth;
1375 
1376 		if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))
1377 			return 1;
1378 	}
1379 
1380 	return 0;
1381 }
1382 
1383 /* The old interface to get the same thing as SSL_get_ciphers(). */
1384 const char *
1385 SSL_get_cipher_list(const SSL *s, int n)
1386 {
1387 	STACK_OF(SSL_CIPHER) *ciphers;
1388 	const SSL_CIPHER *cipher;
1389 
1390 	if ((ciphers = SSL_get_ciphers(s)) == NULL)
1391 		return (NULL);
1392 	if ((cipher = sk_SSL_CIPHER_value(ciphers, n)) == NULL)
1393 		return (NULL);
1394 
1395 	return (cipher->name);
1396 }
1397 
1398 STACK_OF(SSL_CIPHER) *
1399 SSL_CTX_get_ciphers(const SSL_CTX *ctx)
1400 {
1401 	if (ctx == NULL)
1402 		return NULL;
1403 	return ctx->cipher_list;
1404 }
1405 
1406 /* Specify the ciphers to be used by default by the SSL_CTX. */
1407 int
1408 SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1409 {
1410 	STACK_OF(SSL_CIPHER) *ciphers;
1411 
1412 	/*
1413 	 * ssl_create_cipher_list may return an empty stack if it was unable to
1414 	 * find a cipher matching the given rule string (for example if the
1415 	 * rule string specifies a cipher which has been disabled). This is not
1416 	 * an error as far as ssl_create_cipher_list is concerned, and hence
1417 	 * ctx->cipher_list has been updated.
1418 	 */
1419 	ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1420 	    ctx->internal->cipher_list_tls13, str);
1421 	if (ciphers == NULL) {
1422 		return (0);
1423 	} else if (sk_SSL_CIPHER_num(ciphers) == 0) {
1424 		SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1425 		return (0);
1426 	}
1427 	return (1);
1428 }
1429 
1430 int
1431 SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
1432 {
1433 	if (!ssl_parse_ciphersuites(&ctx->internal->cipher_list_tls13, str)) {
1434 		SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1435 		return 0;
1436 	}
1437 	if (!ssl_merge_cipherlists(ctx->cipher_list,
1438 	    ctx->internal->cipher_list_tls13, &ctx->cipher_list))
1439 		return 0;
1440 
1441 	return 1;
1442 }
1443 
1444 /* Specify the ciphers to be used by the SSL. */
1445 int
1446 SSL_set_cipher_list(SSL *s, const char *str)
1447 {
1448 	STACK_OF(SSL_CIPHER) *ciphers, *ciphers_tls13;
1449 
1450 	if ((ciphers_tls13 = s->internal->cipher_list_tls13) == NULL)
1451 		ciphers_tls13 = s->ctx->internal->cipher_list_tls13;
1452 
1453 	/* See comment in SSL_CTX_set_cipher_list. */
1454 	ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1455 	    ciphers_tls13, str);
1456 	if (ciphers == NULL) {
1457 		return (0);
1458 	} else if (sk_SSL_CIPHER_num(ciphers) == 0) {
1459 		SSLerror(s, SSL_R_NO_CIPHER_MATCH);
1460 		return (0);
1461 	}
1462 	return (1);
1463 }
1464 
1465 int
1466 SSL_set_ciphersuites(SSL *s, const char *str)
1467 {
1468 	STACK_OF(SSL_CIPHER) *ciphers;
1469 
1470 	if ((ciphers = s->cipher_list) == NULL)
1471 		ciphers = s->ctx->cipher_list;
1472 
1473 	if (!ssl_parse_ciphersuites(&s->internal->cipher_list_tls13, str)) {
1474 		SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1475 		return (0);
1476 	}
1477 	if (!ssl_merge_cipherlists(ciphers, s->internal->cipher_list_tls13,
1478 	    &s->cipher_list))
1479 		return 0;
1480 
1481 	return 1;
1482 }
1483 
1484 char *
1485 SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1486 {
1487 	STACK_OF(SSL_CIPHER) *ciphers;
1488 	const SSL_CIPHER *cipher;
1489 	size_t curlen = 0;
1490 	char *end;
1491 	int i;
1492 
1493 	if (s->session == NULL || s->session->ciphers == NULL || len < 2)
1494 		return (NULL);
1495 
1496 	ciphers = s->session->ciphers;
1497 	if (sk_SSL_CIPHER_num(ciphers) == 0)
1498 		return (NULL);
1499 
1500 	buf[0] = '\0';
1501 	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1502 		cipher = sk_SSL_CIPHER_value(ciphers, i);
1503 		end = buf + curlen;
1504 		if (strlcat(buf, cipher->name, len) >= len ||
1505 		    (curlen = strlcat(buf, ":", len)) >= len) {
1506 			/* remove truncated cipher from list */
1507 			*end = '\0';
1508 			break;
1509 		}
1510 	}
1511 	/* remove trailing colon */
1512 	if ((end = strrchr(buf, ':')) != NULL)
1513 		*end = '\0';
1514 	return (buf);
1515 }
1516 
1517 /*
1518  * Return a servername extension value if provided in Client Hello, or NULL.
1519  * So far, only host_name types are defined (RFC 3546).
1520  */
1521 const char *
1522 SSL_get_servername(const SSL *s, const int type)
1523 {
1524 	if (type != TLSEXT_NAMETYPE_host_name)
1525 		return (NULL);
1526 
1527 	return (s->session && !s->tlsext_hostname ?
1528 	    s->session->tlsext_hostname :
1529 	    s->tlsext_hostname);
1530 }
1531 
1532 int
1533 SSL_get_servername_type(const SSL *s)
1534 {
1535 	if (s->session &&
1536 	    (!s->tlsext_hostname ?
1537 	    s->session->tlsext_hostname : s->tlsext_hostname))
1538 		return (TLSEXT_NAMETYPE_host_name);
1539 	return (-1);
1540 }
1541 
1542 /*
1543  * SSL_select_next_proto implements standard protocol selection. It is
1544  * expected that this function is called from the callback set by
1545  * SSL_CTX_set_alpn_select_cb.
1546  *
1547  * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
1548  * strings. The length byte itself is not included in the length. A byte
1549  * string of length 0 is invalid. No byte string may be truncated.
1550  *
1551  * It returns either:
1552  * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1553  * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1554  */
1555 int
1556 SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1557     const unsigned char *server, unsigned int server_len,
1558     const unsigned char *client, unsigned int client_len)
1559 {
1560 	unsigned int		 i, j;
1561 	const unsigned char	*result;
1562 	int			 status = OPENSSL_NPN_UNSUPPORTED;
1563 
1564 	/*
1565 	 * For each protocol in server preference order,
1566 	 * see if we support it.
1567 	 */
1568 	for (i = 0; i < server_len; ) {
1569 		for (j = 0; j < client_len; ) {
1570 			if (server[i] == client[j] &&
1571 			    memcmp(&server[i + 1],
1572 			    &client[j + 1], server[i]) == 0) {
1573 				/* We found a match */
1574 				result = &server[i];
1575 				status = OPENSSL_NPN_NEGOTIATED;
1576 				goto found;
1577 			}
1578 			j += client[j];
1579 			j++;
1580 		}
1581 		i += server[i];
1582 		i++;
1583 	}
1584 
1585 	/* There's no overlap between our protocols and the server's list. */
1586 	result = client;
1587 	status = OPENSSL_NPN_NO_OVERLAP;
1588 
1589 found:
1590 	*out = (unsigned char *) result + 1;
1591 	*outlen = result[0];
1592 	return (status);
1593 }
1594 
1595 /* SSL_get0_next_proto_negotiated is deprecated. */
1596 void
1597 SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
1598     unsigned int *len)
1599 {
1600 	*data = NULL;
1601 	*len = 0;
1602 }
1603 
1604 /* SSL_CTX_set_next_protos_advertised_cb is deprecated. */
1605 void
1606 SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
1607     const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1608 {
1609 }
1610 
1611 /* SSL_CTX_set_next_proto_select_cb is deprecated. */
1612 void
1613 SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1614     unsigned char **out, unsigned char *outlen, const unsigned char *in,
1615     unsigned int inlen, void *arg), void *arg)
1616 {
1617 }
1618 
1619 /*
1620  * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
1621  * protocols, which must be in wire-format (i.e. a series of non-empty,
1622  * 8-bit length-prefixed strings). Returns 0 on success.
1623  */
1624 int
1625 SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
1626     unsigned int protos_len)
1627 {
1628 	int failed = 1;
1629 
1630 	if (protos == NULL || protos_len == 0)
1631 		goto err;
1632 
1633 	free(ctx->internal->alpn_client_proto_list);
1634 	ctx->internal->alpn_client_proto_list = NULL;
1635 	ctx->internal->alpn_client_proto_list_len = 0;
1636 
1637 	if ((ctx->internal->alpn_client_proto_list = malloc(protos_len))
1638 	    == NULL)
1639 		goto err;
1640 	ctx->internal->alpn_client_proto_list_len = protos_len;
1641 
1642 	memcpy(ctx->internal->alpn_client_proto_list, protos, protos_len);
1643 
1644 	failed = 0;
1645 
1646  err:
1647 	/* NOTE: Return values are the reverse of what you expect. */
1648 	return (failed);
1649 }
1650 
1651 /*
1652  * SSL_set_alpn_protos sets the ALPN protocol list to the specified
1653  * protocols, which must be in wire-format (i.e. a series of non-empty,
1654  * 8-bit length-prefixed strings). Returns 0 on success.
1655  */
1656 int
1657 SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
1658     unsigned int protos_len)
1659 {
1660 	int failed = 1;
1661 
1662 	if (protos == NULL || protos_len == 0)
1663 		goto err;
1664 
1665 	free(ssl->internal->alpn_client_proto_list);
1666 	ssl->internal->alpn_client_proto_list = NULL;
1667 	ssl->internal->alpn_client_proto_list_len = 0;
1668 
1669 	if ((ssl->internal->alpn_client_proto_list = malloc(protos_len))
1670 	    == NULL)
1671 		goto err;
1672 	ssl->internal->alpn_client_proto_list_len = protos_len;
1673 
1674 	memcpy(ssl->internal->alpn_client_proto_list, protos, protos_len);
1675 
1676 	failed = 0;
1677 
1678  err:
1679 	/* NOTE: Return values are the reverse of what you expect. */
1680 	return (failed);
1681 }
1682 
1683 /*
1684  * SSL_CTX_set_alpn_select_cb sets a callback function that is called during
1685  * ClientHello processing in order to select an ALPN protocol from the
1686  * client's list of offered protocols.
1687  */
1688 void
1689 SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
1690     int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
1691     const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1692 {
1693 	ctx->internal->alpn_select_cb = cb;
1694 	ctx->internal->alpn_select_cb_arg = arg;
1695 }
1696 
1697 /*
1698  * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
1699  * it sets data to point to len bytes of protocol name (not including the
1700  * leading length-prefix byte). If the server didn't respond with* a negotiated
1701  * protocol then len will be zero.
1702  */
1703 void
1704 SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
1705     unsigned int *len)
1706 {
1707 	*data = NULL;
1708 	*len = 0;
1709 
1710 	*data = ssl->s3->internal->alpn_selected;
1711 	*len = ssl->s3->internal->alpn_selected_len;
1712 }
1713 
1714 int
1715 SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1716     const char *label, size_t llen, const unsigned char *p, size_t plen,
1717     int use_context)
1718 {
1719 	if (s->internal->tls13 != NULL && s->version == TLS1_3_VERSION) {
1720 		if (!use_context) {
1721 			p = NULL;
1722 			plen = 0;
1723 		}
1724 		return tls13_exporter(s->internal->tls13, label, llen, p, plen,
1725 		    out, olen);
1726 	}
1727 
1728 	return (tls1_export_keying_material(s, out, olen, label, llen, p, plen,
1729 	    use_context));
1730 }
1731 
1732 static unsigned long
1733 ssl_session_hash(const SSL_SESSION *a)
1734 {
1735 	unsigned long	l;
1736 
1737 	l = (unsigned long)
1738 	    ((unsigned int) a->session_id[0]     )|
1739 	    ((unsigned int) a->session_id[1]<< 8L)|
1740 	    ((unsigned long)a->session_id[2]<<16L)|
1741 	    ((unsigned long)a->session_id[3]<<24L);
1742 	return (l);
1743 }
1744 
1745 /*
1746  * NB: If this function (or indeed the hash function which uses a sort of
1747  * coarser function than this one) is changed, ensure
1748  * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1749  * able to construct an SSL_SESSION that will collide with any existing session
1750  * with a matching session ID.
1751  */
1752 static int
1753 ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
1754 {
1755 	if (a->ssl_version != b->ssl_version)
1756 		return (1);
1757 	if (a->session_id_length != b->session_id_length)
1758 		return (1);
1759 	if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)
1760 		return (1);
1761 	return (0);
1762 }
1763 
1764 /*
1765  * These wrapper functions should remain rather than redeclaring
1766  * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1767  * variable. The reason is that the functions aren't static, they're exposed via
1768  * ssl.h.
1769  */
1770 static unsigned long
1771 ssl_session_LHASH_HASH(const void *arg)
1772 {
1773 	const SSL_SESSION *a = arg;
1774 
1775 	return ssl_session_hash(a);
1776 }
1777 
1778 static int
1779 ssl_session_LHASH_COMP(const void *arg1, const void *arg2)
1780 {
1781 	const SSL_SESSION *a = arg1;
1782 	const SSL_SESSION *b = arg2;
1783 
1784 	return ssl_session_cmp(a, b);
1785 }
1786 
1787 SSL_CTX *
1788 SSL_CTX_new(const SSL_METHOD *meth)
1789 {
1790 	SSL_CTX	*ret;
1791 
1792 	if (!OPENSSL_init_ssl(0, NULL)) {
1793 		SSLerrorx(SSL_R_LIBRARY_BUG);
1794 		return (NULL);
1795 	}
1796 
1797 	if (meth == NULL) {
1798 		SSLerrorx(SSL_R_NULL_SSL_METHOD_PASSED);
1799 		return (NULL);
1800 	}
1801 
1802 	if ((ret = calloc(1, sizeof(*ret))) == NULL) {
1803 		SSLerrorx(ERR_R_MALLOC_FAILURE);
1804 		return (NULL);
1805 	}
1806 	if ((ret->internal = calloc(1, sizeof(*ret->internal))) == NULL) {
1807 		free(ret);
1808 		SSLerrorx(ERR_R_MALLOC_FAILURE);
1809 		return (NULL);
1810 	}
1811 
1812 	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1813 		SSLerrorx(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1814 		goto err;
1815 	}
1816 
1817 	ret->method = meth;
1818 	ret->internal->min_version = meth->internal->min_version;
1819 	ret->internal->max_version = meth->internal->max_version;
1820 	ret->internal->mode = SSL_MODE_AUTO_RETRY;
1821 
1822 	ret->cert_store = NULL;
1823 	ret->internal->session_cache_mode = SSL_SESS_CACHE_SERVER;
1824 	ret->internal->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1825 	ret->internal->session_cache_head = NULL;
1826 	ret->internal->session_cache_tail = NULL;
1827 
1828 	/* We take the system default */
1829 	ret->session_timeout = ssl_get_default_timeout();
1830 
1831 	ret->internal->new_session_cb = 0;
1832 	ret->internal->remove_session_cb = 0;
1833 	ret->internal->get_session_cb = 0;
1834 	ret->internal->generate_session_id = 0;
1835 
1836 	memset((char *)&ret->internal->stats, 0, sizeof(ret->internal->stats));
1837 
1838 	ret->references = 1;
1839 	ret->internal->quiet_shutdown = 0;
1840 
1841 	ret->internal->info_callback = NULL;
1842 
1843 	ret->internal->app_verify_callback = 0;
1844 	ret->internal->app_verify_arg = NULL;
1845 
1846 	ret->internal->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
1847 	ret->internal->read_ahead = 0;
1848 	ret->internal->msg_callback = 0;
1849 	ret->internal->msg_callback_arg = NULL;
1850 	ret->verify_mode = SSL_VERIFY_NONE;
1851 	ret->sid_ctx_length = 0;
1852 	ret->internal->default_verify_callback = NULL;
1853 
1854 	if ((ret->internal->cert = ssl_cert_new()) == NULL)
1855 		goto err;
1856 
1857 	ret->default_passwd_callback = 0;
1858 	ret->default_passwd_callback_userdata = NULL;
1859 	ret->internal->client_cert_cb = 0;
1860 	ret->internal->app_gen_cookie_cb = 0;
1861 	ret->internal->app_verify_cookie_cb = 0;
1862 
1863 	ret->internal->sessions = lh_SSL_SESSION_new();
1864 	if (ret->internal->sessions == NULL)
1865 		goto err;
1866 	ret->cert_store = X509_STORE_new();
1867 	if (ret->cert_store == NULL)
1868 		goto err;
1869 
1870 	ssl_create_cipher_list(ret->method, &ret->cipher_list,
1871 	    NULL, SSL_DEFAULT_CIPHER_LIST);
1872 	if (ret->cipher_list == NULL ||
1873 	    sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1874 		SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS);
1875 		goto err2;
1876 	}
1877 
1878 	ret->param = X509_VERIFY_PARAM_new();
1879 	if (!ret->param)
1880 		goto err;
1881 
1882 	if ((ret->internal->client_CA = sk_X509_NAME_new_null()) == NULL)
1883 		goto err;
1884 
1885 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->internal->ex_data);
1886 
1887 	ret->extra_certs = NULL;
1888 
1889 	ret->internal->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1890 
1891 	ret->internal->tlsext_servername_callback = 0;
1892 	ret->internal->tlsext_servername_arg = NULL;
1893 
1894 	/* Setup RFC4507 ticket keys */
1895 	arc4random_buf(ret->internal->tlsext_tick_key_name, 16);
1896 	arc4random_buf(ret->internal->tlsext_tick_hmac_key, 16);
1897 	arc4random_buf(ret->internal->tlsext_tick_aes_key, 16);
1898 
1899 	ret->internal->tlsext_status_cb = 0;
1900 	ret->internal->tlsext_status_arg = NULL;
1901 
1902 #ifndef OPENSSL_NO_ENGINE
1903 	ret->internal->client_cert_engine = NULL;
1904 #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
1905 #define eng_strx(x)	#x
1906 #define eng_str(x)	eng_strx(x)
1907 	/* Use specific client engine automatically... ignore errors */
1908 	{
1909 		ENGINE *eng;
1910 		eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1911 		if (!eng) {
1912 			ERR_clear_error();
1913 			ENGINE_load_builtin_engines();
1914 			eng = ENGINE_by_id(eng_str(
1915 			    OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1916 		}
1917 		if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1918 			ERR_clear_error();
1919 	}
1920 #endif
1921 #endif
1922 	/*
1923 	 * Default is to connect to non-RI servers. When RI is more widely
1924 	 * deployed might change this.
1925 	 */
1926 	ret->internal->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1927 
1928 	return (ret);
1929 err:
1930 	SSLerrorx(ERR_R_MALLOC_FAILURE);
1931 err2:
1932 	SSL_CTX_free(ret);
1933 	return (NULL);
1934 }
1935 
1936 void
1937 SSL_CTX_free(SSL_CTX *ctx)
1938 {
1939 	int	i;
1940 
1941 	if (ctx == NULL)
1942 		return;
1943 
1944 	i = CRYPTO_add(&ctx->references, -1, CRYPTO_LOCK_SSL_CTX);
1945 	if (i > 0)
1946 		return;
1947 
1948 	X509_VERIFY_PARAM_free(ctx->param);
1949 
1950 	/*
1951 	 * Free internal session cache. However: the remove_cb() may reference
1952 	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
1953 	 * after the sessions were flushed.
1954 	 * As the ex_data handling routines might also touch the session cache,
1955 	 * the most secure solution seems to be: empty (flush) the cache, then
1956 	 * free ex_data, then finally free the cache.
1957 	 * (See ticket [openssl.org #212].)
1958 	 */
1959 	if (ctx->internal->sessions != NULL)
1960 		SSL_CTX_flush_sessions(ctx, 0);
1961 
1962 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ctx, &ctx->internal->ex_data);
1963 
1964 	lh_SSL_SESSION_free(ctx->internal->sessions);
1965 
1966 	X509_STORE_free(ctx->cert_store);
1967 	sk_SSL_CIPHER_free(ctx->cipher_list);
1968 	sk_SSL_CIPHER_free(ctx->internal->cipher_list_tls13);
1969 	ssl_cert_free(ctx->internal->cert);
1970 	sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free);
1971 	sk_X509_pop_free(ctx->extra_certs, X509_free);
1972 
1973 #ifndef OPENSSL_NO_SRTP
1974 	if (ctx->internal->srtp_profiles)
1975 		sk_SRTP_PROTECTION_PROFILE_free(ctx->internal->srtp_profiles);
1976 #endif
1977 
1978 #ifndef OPENSSL_NO_ENGINE
1979 	ENGINE_finish(ctx->internal->client_cert_engine);
1980 #endif
1981 
1982 	free(ctx->internal->tlsext_ecpointformatlist);
1983 	free(ctx->internal->tlsext_supportedgroups);
1984 
1985 	free(ctx->internal->alpn_client_proto_list);
1986 
1987 	free(ctx->internal);
1988 	free(ctx);
1989 }
1990 
1991 int
1992 SSL_CTX_up_ref(SSL_CTX *ctx)
1993 {
1994 	int refs = CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
1995 	return ((refs > 1) ? 1 : 0);
1996 }
1997 
1998 pem_password_cb *
1999 SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
2000 {
2001 	return (ctx->default_passwd_callback);
2002 }
2003 
2004 void
2005 SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
2006 {
2007 	ctx->default_passwd_callback = cb;
2008 }
2009 
2010 void *
2011 SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
2012 {
2013 	return ctx->default_passwd_callback_userdata;
2014 }
2015 
2016 void
2017 SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
2018 {
2019 	ctx->default_passwd_callback_userdata = u;
2020 }
2021 
2022 void
2023 SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
2024     int (*cb)(X509_STORE_CTX *, void *), void *arg)
2025 {
2026 	ctx->internal->app_verify_callback = cb;
2027 	ctx->internal->app_verify_arg = arg;
2028 }
2029 
2030 void
2031 SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
2032 {
2033 	ctx->verify_mode = mode;
2034 	ctx->internal->default_verify_callback = cb;
2035 }
2036 
2037 void
2038 SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
2039 {
2040 	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2041 }
2042 
2043 static int
2044 ssl_cert_can_sign(X509 *x)
2045 {
2046 	/* This call populates extension flags (ex_flags). */
2047 	X509_check_purpose(x, -1, 0);
2048 
2049 	/* Key usage, if present, must allow signing. */
2050 	return ((x->ex_flags & EXFLAG_KUSAGE) == 0 ||
2051 	    (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE));
2052 }
2053 
2054 void
2055 ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2056 {
2057 	unsigned long mask_a, mask_k;
2058 	CERT_PKEY *cpk;
2059 
2060 	if (c == NULL)
2061 		return;
2062 
2063 	mask_a = SSL_aNULL | SSL_aTLS1_3;
2064 	mask_k = SSL_kECDHE | SSL_kTLS1_3;
2065 
2066 	if (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto != 0)
2067 		mask_k |= SSL_kDHE;
2068 
2069 	cpk = &(c->pkeys[SSL_PKEY_ECC]);
2070 	if (cpk->x509 != NULL && cpk->privatekey != NULL) {
2071 		if (ssl_cert_can_sign(cpk->x509))
2072 			mask_a |= SSL_aECDSA;
2073 	}
2074 
2075 	cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2076 	if (cpk->x509 != NULL && cpk->privatekey != NULL) {
2077 		mask_k |= SSL_kGOST;
2078 		mask_a |= SSL_aGOST01;
2079 	}
2080 
2081 	cpk = &(c->pkeys[SSL_PKEY_RSA]);
2082 	if (cpk->x509 != NULL && cpk->privatekey != NULL) {
2083 		mask_a |= SSL_aRSA;
2084 		mask_k |= SSL_kRSA;
2085 	}
2086 
2087 	c->mask_k = mask_k;
2088 	c->mask_a = mask_a;
2089 	c->valid = 1;
2090 }
2091 
2092 /* See if this handshake is using an ECC cipher suite. */
2093 int
2094 ssl_using_ecc_cipher(SSL *s)
2095 {
2096 	unsigned long alg_a, alg_k;
2097 
2098 	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
2099 	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
2100 
2101 	return SSI(s)->tlsext_ecpointformatlist != NULL &&
2102 	    SSI(s)->tlsext_ecpointformatlist_length > 0 &&
2103 	    ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA));
2104 }
2105 
2106 int
2107 ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2108 {
2109 	const SSL_CIPHER	*cs = S3I(s)->hs.new_cipher;
2110 	unsigned long		 alg_a;
2111 
2112 	alg_a = cs->algorithm_auth;
2113 
2114 	if (alg_a & SSL_aECDSA) {
2115 		/* This call populates extension flags (ex_flags). */
2116 		X509_check_purpose(x, -1, 0);
2117 
2118 		/* Key usage, if present, must allow signing. */
2119 		if ((x->ex_flags & EXFLAG_KUSAGE) &&
2120 		    ((x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) == 0)) {
2121 			SSLerror(s, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2122 			return (0);
2123 		}
2124 	}
2125 
2126 	return (1);
2127 }
2128 
2129 CERT_PKEY *
2130 ssl_get_server_send_pkey(const SSL *s)
2131 {
2132 	unsigned long	 alg_a;
2133 	CERT		*c;
2134 	int		 i;
2135 
2136 	c = s->cert;
2137 	ssl_set_cert_masks(c, S3I(s)->hs.new_cipher);
2138 
2139 	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
2140 
2141 	if (alg_a & SSL_aECDSA) {
2142 		i = SSL_PKEY_ECC;
2143 	} else if (alg_a & SSL_aRSA) {
2144 		i = SSL_PKEY_RSA;
2145 	} else if (alg_a & SSL_aGOST01) {
2146 		i = SSL_PKEY_GOST01;
2147 	} else { /* if (alg_a & SSL_aNULL) */
2148 		SSLerror(s, ERR_R_INTERNAL_ERROR);
2149 		return (NULL);
2150 	}
2151 
2152 	return (c->pkeys + i);
2153 }
2154 
2155 EVP_PKEY *
2156 ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd,
2157     const struct ssl_sigalg **sap)
2158 {
2159 	const struct ssl_sigalg *sigalg = NULL;
2160 	EVP_PKEY *pkey = NULL;
2161 	unsigned long	 alg_a;
2162 	CERT		*c;
2163 	int		 idx = -1;
2164 
2165 	alg_a = cipher->algorithm_auth;
2166 	c = s->cert;
2167 
2168 	if (alg_a & SSL_aRSA) {
2169 		idx = SSL_PKEY_RSA;
2170 	} else if ((alg_a & SSL_aECDSA) &&
2171 	    (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2172 		idx = SSL_PKEY_ECC;
2173 	if (idx == -1) {
2174 		SSLerror(s, ERR_R_INTERNAL_ERROR);
2175 		return (NULL);
2176 	}
2177 
2178 	pkey = c->pkeys[idx].privatekey;
2179 	if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) {
2180 		SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
2181 		return (NULL);
2182 	}
2183 	*pmd = sigalg->md();
2184 	*sap = sigalg;
2185 
2186 	return (pkey);
2187 }
2188 
2189 DH *
2190 ssl_get_auto_dh(SSL *s)
2191 {
2192 	CERT_PKEY *cpk;
2193 	int keylen;
2194 	DH *dhp;
2195 
2196 	if (s->cert->dh_tmp_auto == 2) {
2197 		keylen = 1024;
2198 	} else if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) {
2199 		keylen = 1024;
2200 		if (S3I(s)->hs.new_cipher->strength_bits == 256)
2201 			keylen = 3072;
2202 	} else {
2203 		if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
2204 			return (NULL);
2205 		if (cpk->privatekey == NULL || cpk->privatekey->pkey.dh == NULL)
2206 			return (NULL);
2207 		keylen = EVP_PKEY_bits(cpk->privatekey);
2208 	}
2209 
2210 	if ((dhp = DH_new()) == NULL)
2211 		return (NULL);
2212 
2213 	dhp->g = BN_new();
2214 	if (dhp->g != NULL)
2215 		BN_set_word(dhp->g, 2);
2216 
2217 	if (keylen >= 8192)
2218 		dhp->p = get_rfc3526_prime_8192(NULL);
2219 	else if (keylen >= 4096)
2220 		dhp->p = get_rfc3526_prime_4096(NULL);
2221 	else if (keylen >= 3072)
2222 		dhp->p = get_rfc3526_prime_3072(NULL);
2223 	else if (keylen >= 2048)
2224 		dhp->p = get_rfc3526_prime_2048(NULL);
2225 	else if (keylen >= 1536)
2226 		dhp->p = get_rfc3526_prime_1536(NULL);
2227 	else
2228 		dhp->p = get_rfc2409_prime_1024(NULL);
2229 
2230 	if (dhp->p == NULL || dhp->g == NULL) {
2231 		DH_free(dhp);
2232 		return (NULL);
2233 	}
2234 	return (dhp);
2235 }
2236 
2237 void
2238 ssl_update_cache(SSL *s, int mode)
2239 {
2240 	int	i;
2241 
2242 	/*
2243 	 * If the session_id_length is 0, we are not supposed to cache it,
2244 	 * and it would be rather hard to do anyway :-)
2245 	 */
2246 	if (s->session->session_id_length == 0)
2247 		return;
2248 
2249 	i = s->session_ctx->internal->session_cache_mode;
2250 	if ((i & mode) && (!s->internal->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2251 	    || SSL_CTX_add_session(s->session_ctx, s->session))
2252 	    && (s->session_ctx->internal->new_session_cb != NULL)) {
2253 		CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2254 		if (!s->session_ctx->internal->new_session_cb(s, s->session))
2255 			SSL_SESSION_free(s->session);
2256 	}
2257 
2258 	/* auto flush every 255 connections */
2259 	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2260 	    ((i & mode) == mode)) {
2261 		if ((((mode & SSL_SESS_CACHE_CLIENT) ?
2262 		    s->session_ctx->internal->stats.sess_connect_good :
2263 		    s->session_ctx->internal->stats.sess_accept_good) & 0xff) == 0xff) {
2264 			SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
2265 		}
2266 	}
2267 }
2268 
2269 const SSL_METHOD *
2270 SSL_get_ssl_method(SSL *s)
2271 {
2272 	return (s->method);
2273 }
2274 
2275 int
2276 SSL_set_ssl_method(SSL *s, const SSL_METHOD *method)
2277 {
2278 	int (*handshake_func)(SSL *) = NULL;
2279 	int ret = 1;
2280 
2281 	if (s->method == method)
2282 		return (ret);
2283 
2284 	if (s->internal->handshake_func == s->method->internal->ssl_connect)
2285 		handshake_func = method->internal->ssl_connect;
2286 	else if (s->internal->handshake_func == s->method->internal->ssl_accept)
2287 		handshake_func = method->internal->ssl_accept;
2288 
2289 	if (s->method->internal->version == method->internal->version) {
2290 		s->method = method;
2291 	} else {
2292 		s->method->internal->ssl_free(s);
2293 		s->method = method;
2294 		ret = s->method->internal->ssl_new(s);
2295 	}
2296 	s->internal->handshake_func = handshake_func;
2297 
2298 	return (ret);
2299 }
2300 
2301 int
2302 SSL_get_error(const SSL *s, int i)
2303 {
2304 	int		 reason;
2305 	unsigned long	 l;
2306 	BIO		*bio;
2307 
2308 	if (i > 0)
2309 		return (SSL_ERROR_NONE);
2310 
2311 	/* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2312 	 * etc, where we do encode the error */
2313 	if ((l = ERR_peek_error()) != 0) {
2314 		if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2315 			return (SSL_ERROR_SYSCALL);
2316 		else
2317 			return (SSL_ERROR_SSL);
2318 	}
2319 
2320 	if ((i < 0) && SSL_want_read(s)) {
2321 		bio = SSL_get_rbio(s);
2322 		if (BIO_should_read(bio)) {
2323 			return (SSL_ERROR_WANT_READ);
2324 		} else if (BIO_should_write(bio)) {
2325 			/*
2326 			 * This one doesn't make too much sense...  We never
2327 			 * try to write to the rbio, and an application
2328 			 * program where rbio and wbio are separate couldn't
2329 			 * even know what it should wait for.  However if we
2330 			 * ever set s->internal->rwstate incorrectly (so that we have
2331 			 * SSL_want_read(s) instead of SSL_want_write(s))
2332 			 * and rbio and wbio *are* the same, this test works
2333 			 * around that bug; so it might be safer to keep it.
2334 			 */
2335 			return (SSL_ERROR_WANT_WRITE);
2336 		} else if (BIO_should_io_special(bio)) {
2337 			reason = BIO_get_retry_reason(bio);
2338 			if (reason == BIO_RR_CONNECT)
2339 				return (SSL_ERROR_WANT_CONNECT);
2340 			else if (reason == BIO_RR_ACCEPT)
2341 				return (SSL_ERROR_WANT_ACCEPT);
2342 			else
2343 				return (SSL_ERROR_SYSCALL); /* unknown */
2344 		}
2345 	}
2346 
2347 	if ((i < 0) && SSL_want_write(s)) {
2348 		bio = SSL_get_wbio(s);
2349 		if (BIO_should_write(bio)) {
2350 			return (SSL_ERROR_WANT_WRITE);
2351 		} else if (BIO_should_read(bio)) {
2352 			/*
2353 			 * See above (SSL_want_read(s) with
2354 			 * BIO_should_write(bio))
2355 			 */
2356 			return (SSL_ERROR_WANT_READ);
2357 		} else if (BIO_should_io_special(bio)) {
2358 			reason = BIO_get_retry_reason(bio);
2359 			if (reason == BIO_RR_CONNECT)
2360 				return (SSL_ERROR_WANT_CONNECT);
2361 			else if (reason == BIO_RR_ACCEPT)
2362 				return (SSL_ERROR_WANT_ACCEPT);
2363 			else
2364 				return (SSL_ERROR_SYSCALL);
2365 		}
2366 	}
2367 	if ((i < 0) && SSL_want_x509_lookup(s)) {
2368 		return (SSL_ERROR_WANT_X509_LOOKUP);
2369 	}
2370 
2371 	if (i == 0) {
2372 		if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2373 		    (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY))
2374 		return (SSL_ERROR_ZERO_RETURN);
2375 	}
2376 	return (SSL_ERROR_SYSCALL);
2377 }
2378 
2379 int
2380 SSL_do_handshake(SSL *s)
2381 {
2382 	int	ret = 1;
2383 
2384 	if (s->internal->handshake_func == NULL) {
2385 		SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET);
2386 		return (-1);
2387 	}
2388 
2389 	s->method->internal->ssl_renegotiate_check(s);
2390 
2391 	if (SSL_in_init(s) || SSL_in_before(s)) {
2392 		ret = s->internal->handshake_func(s);
2393 	}
2394 	return (ret);
2395 }
2396 
2397 /*
2398  * For the next 2 functions, SSL_clear() sets shutdown and so
2399  * one of these calls will reset it
2400  */
2401 void
2402 SSL_set_accept_state(SSL *s)
2403 {
2404 	s->server = 1;
2405 	s->internal->shutdown = 0;
2406 	S3I(s)->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2407 	s->internal->handshake_func = s->method->internal->ssl_accept;
2408 	ssl_clear_cipher_state(s);
2409 }
2410 
2411 void
2412 SSL_set_connect_state(SSL *s)
2413 {
2414 	s->server = 0;
2415 	s->internal->shutdown = 0;
2416 	S3I(s)->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2417 	s->internal->handshake_func = s->method->internal->ssl_connect;
2418 	ssl_clear_cipher_state(s);
2419 }
2420 
2421 int
2422 ssl_undefined_function(SSL *s)
2423 {
2424 	SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2425 	return (0);
2426 }
2427 
2428 int
2429 ssl_undefined_void_function(void)
2430 {
2431 	SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2432 	return (0);
2433 }
2434 
2435 int
2436 ssl_undefined_const_function(const SSL *s)
2437 {
2438 	SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2439 	return (0);
2440 }
2441 
2442 const char *
2443 ssl_version_string(int ver)
2444 {
2445 	switch (ver) {
2446 	case DTLS1_VERSION:
2447 		return (SSL_TXT_DTLS1);
2448 	case TLS1_VERSION:
2449 		return (SSL_TXT_TLSV1);
2450 	case TLS1_1_VERSION:
2451 		return (SSL_TXT_TLSV1_1);
2452 	case TLS1_2_VERSION:
2453 		return (SSL_TXT_TLSV1_2);
2454 	case TLS1_3_VERSION:
2455 		return (SSL_TXT_TLSV1_3);
2456 	default:
2457 		return ("unknown");
2458 	}
2459 }
2460 
2461 const char *
2462 SSL_get_version(const SSL *s)
2463 {
2464 	return ssl_version_string(s->version);
2465 }
2466 
2467 SSL *
2468 SSL_dup(SSL *s)
2469 {
2470 	STACK_OF(X509_NAME) *sk;
2471 	X509_NAME *xn;
2472 	SSL *ret;
2473 	int i;
2474 
2475 	if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2476 		goto err;
2477 
2478 	ret->version = s->version;
2479 	ret->internal->type = s->internal->type;
2480 	ret->method = s->method;
2481 
2482 	if (s->session != NULL) {
2483 		if (!SSL_copy_session_id(ret, s))
2484 			goto err;
2485 	} else {
2486 		/*
2487 		 * No session has been established yet, so we have to expect
2488 		 * that s->cert or ret->cert will be changed later --
2489 		 * they should not both point to the same object,
2490 		 * and thus we can't use SSL_copy_session_id.
2491 		 */
2492 
2493 		ret->method->internal->ssl_free(ret);
2494 		ret->method = s->method;
2495 		ret->method->internal->ssl_new(ret);
2496 
2497 		ssl_cert_free(ret->cert);
2498 		if ((ret->cert = ssl_cert_dup(s->cert)) == NULL)
2499 			goto err;
2500 
2501 		if (!SSL_set_session_id_context(ret, s->sid_ctx,
2502 		    s->sid_ctx_length))
2503 			goto err;
2504 	}
2505 
2506 	ret->internal->options = s->internal->options;
2507 	ret->internal->mode = s->internal->mode;
2508 	SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
2509 	SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
2510 	ret->internal->msg_callback = s->internal->msg_callback;
2511 	ret->internal->msg_callback_arg = s->internal->msg_callback_arg;
2512 	SSL_set_verify(ret, SSL_get_verify_mode(s),
2513 	SSL_get_verify_callback(s));
2514 	SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
2515 	ret->internal->generate_session_id = s->internal->generate_session_id;
2516 
2517 	SSL_set_info_callback(ret, SSL_get_info_callback(s));
2518 
2519 	ret->internal->debug = s->internal->debug;
2520 
2521 	/* copy app data, a little dangerous perhaps */
2522 	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
2523 	    &ret->internal->ex_data, &s->internal->ex_data))
2524 		goto err;
2525 
2526 	/* setup rbio, and wbio */
2527 	if (s->rbio != NULL) {
2528 		if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2529 			goto err;
2530 	}
2531 	if (s->wbio != NULL) {
2532 		if (s->wbio != s->rbio) {
2533 			if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2534 				goto err;
2535 		} else
2536 			ret->wbio = ret->rbio;
2537 	}
2538 	ret->internal->rwstate = s->internal->rwstate;
2539 	ret->internal->in_handshake = s->internal->in_handshake;
2540 	ret->internal->handshake_func = s->internal->handshake_func;
2541 	ret->server = s->server;
2542 	ret->internal->renegotiate = s->internal->renegotiate;
2543 	ret->internal->new_session = s->internal->new_session;
2544 	ret->internal->quiet_shutdown = s->internal->quiet_shutdown;
2545 	ret->internal->shutdown = s->internal->shutdown;
2546 	/* SSL_dup does not really work at any state, though */
2547 	S3I(ret)->hs.state = S3I(s)->hs.state;
2548 	ret->internal->rstate = s->internal->rstate;
2549 
2550 	/*
2551 	 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
2552 	 * ret->init_off
2553 	 */
2554 	ret->internal->init_num = 0;
2555 
2556 	ret->internal->hit = s->internal->hit;
2557 
2558 	X509_VERIFY_PARAM_inherit(ret->param, s->param);
2559 
2560 	if (s->cipher_list != NULL) {
2561 		if ((ret->cipher_list =
2562 		    sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2563 			goto err;
2564 	}
2565 	if (s->internal->cipher_list_tls13 != NULL) {
2566 		if ((ret->internal->cipher_list_tls13 =
2567 		    sk_SSL_CIPHER_dup(s->internal->cipher_list_tls13)) == NULL)
2568 			goto err;
2569 	}
2570 
2571 	/* Dup the client_CA list */
2572 	if (s->internal->client_CA != NULL) {
2573 		if ((sk = sk_X509_NAME_dup(s->internal->client_CA)) == NULL) goto err;
2574 			ret->internal->client_CA = sk;
2575 		for (i = 0; i < sk_X509_NAME_num(sk); i++) {
2576 			xn = sk_X509_NAME_value(sk, i);
2577 			if (sk_X509_NAME_set(sk, i,
2578 			    X509_NAME_dup(xn)) == NULL) {
2579 				X509_NAME_free(xn);
2580 				goto err;
2581 			}
2582 		}
2583 	}
2584 
2585 	return ret;
2586  err:
2587 	SSL_free(ret);
2588 	return NULL;
2589 }
2590 
2591 void
2592 ssl_clear_cipher_state(SSL *s)
2593 {
2594 	ssl_clear_cipher_read_state(s);
2595 	ssl_clear_cipher_write_state(s);
2596 }
2597 
2598 void
2599 ssl_clear_cipher_read_state(SSL *s)
2600 {
2601 	EVP_CIPHER_CTX_free(s->enc_read_ctx);
2602 	s->enc_read_ctx = NULL;
2603 	EVP_MD_CTX_free(s->read_hash);
2604 	s->read_hash = NULL;
2605 
2606 	tls12_record_layer_clear_read_state(s->internal->rl);
2607 	tls12_record_layer_set_read_seq_num(s->internal->rl,
2608 	    S3I(s)->read_sequence);
2609 
2610 	if (s->internal->aead_read_ctx != NULL) {
2611 		EVP_AEAD_CTX_cleanup(&s->internal->aead_read_ctx->ctx);
2612 		free(s->internal->aead_read_ctx);
2613 		s->internal->aead_read_ctx = NULL;
2614 	}
2615 }
2616 
2617 void
2618 ssl_clear_cipher_write_state(SSL *s)
2619 {
2620 	EVP_CIPHER_CTX_free(s->internal->enc_write_ctx);
2621 	s->internal->enc_write_ctx = NULL;
2622 	EVP_MD_CTX_free(s->internal->write_hash);
2623 	s->internal->write_hash = NULL;
2624 
2625 	tls12_record_layer_clear_write_state(s->internal->rl);
2626 	tls12_record_layer_set_write_seq_num(s->internal->rl,
2627 	    S3I(s)->write_sequence);
2628 
2629 	if (s->internal->aead_write_ctx != NULL) {
2630 		EVP_AEAD_CTX_cleanup(&s->internal->aead_write_ctx->ctx);
2631 		free(s->internal->aead_write_ctx);
2632 		s->internal->aead_write_ctx = NULL;
2633 	}
2634 }
2635 
2636 /* Fix this function so that it takes an optional type parameter */
2637 X509 *
2638 SSL_get_certificate(const SSL *s)
2639 {
2640 	return (s->cert->key->x509);
2641 }
2642 
2643 /* Fix this function so that it takes an optional type parameter */
2644 EVP_PKEY *
2645 SSL_get_privatekey(const SSL *s)
2646 {
2647 	return (s->cert->key->privatekey);
2648 }
2649 
2650 const SSL_CIPHER *
2651 SSL_get_current_cipher(const SSL *s)
2652 {
2653 	if ((s->session != NULL) && (s->session->cipher != NULL))
2654 		return (s->session->cipher);
2655 	return (NULL);
2656 }
2657 const void *
2658 SSL_get_current_compression(SSL *s)
2659 {
2660 	return (NULL);
2661 }
2662 
2663 const void *
2664 SSL_get_current_expansion(SSL *s)
2665 {
2666 	return (NULL);
2667 }
2668 
2669 size_t
2670 SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out)
2671 {
2672 	size_t len = sizeof(s->s3->client_random);
2673 
2674 	if (out == NULL)
2675 		return len;
2676 
2677 	if (len > max_out)
2678 		len = max_out;
2679 
2680 	memcpy(out, s->s3->client_random, len);
2681 
2682 	return len;
2683 }
2684 
2685 size_t
2686 SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out)
2687 {
2688 	size_t len = sizeof(s->s3->server_random);
2689 
2690 	if (out == NULL)
2691 		return len;
2692 
2693 	if (len > max_out)
2694 		len = max_out;
2695 
2696 	memcpy(out, s->s3->server_random, len);
2697 
2698 	return len;
2699 }
2700 
2701 int
2702 ssl_init_wbio_buffer(SSL *s, int push)
2703 {
2704 	BIO	*bbio;
2705 
2706 	if (s->bbio == NULL) {
2707 		bbio = BIO_new(BIO_f_buffer());
2708 		if (bbio == NULL)
2709 			return (0);
2710 		s->bbio = bbio;
2711 	} else {
2712 		bbio = s->bbio;
2713 		if (s->bbio == s->wbio)
2714 			s->wbio = BIO_pop(s->wbio);
2715 	}
2716 	(void)BIO_reset(bbio);
2717 /*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2718 	if (!BIO_set_read_buffer_size(bbio, 1)) {
2719 		SSLerror(s, ERR_R_BUF_LIB);
2720 		return (0);
2721 	}
2722 	if (push) {
2723 		if (s->wbio != bbio)
2724 			s->wbio = BIO_push(bbio, s->wbio);
2725 	} else {
2726 		if (s->wbio == bbio)
2727 			s->wbio = BIO_pop(bbio);
2728 	}
2729 	return (1);
2730 }
2731 
2732 void
2733 ssl_free_wbio_buffer(SSL *s)
2734 {
2735 	if (s == NULL)
2736 		return;
2737 
2738 	if (s->bbio == NULL)
2739 		return;
2740 
2741 	if (s->bbio == s->wbio) {
2742 		/* remove buffering */
2743 		s->wbio = BIO_pop(s->wbio);
2744 	}
2745 	BIO_free(s->bbio);
2746 	s->bbio = NULL;
2747 }
2748 
2749 void
2750 SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
2751 {
2752 	ctx->internal->quiet_shutdown = mode;
2753 }
2754 
2755 int
2756 SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2757 {
2758 	return (ctx->internal->quiet_shutdown);
2759 }
2760 
2761 void
2762 SSL_set_quiet_shutdown(SSL *s, int mode)
2763 {
2764 	s->internal->quiet_shutdown = mode;
2765 }
2766 
2767 int
2768 SSL_get_quiet_shutdown(const SSL *s)
2769 {
2770 	return (s->internal->quiet_shutdown);
2771 }
2772 
2773 void
2774 SSL_set_shutdown(SSL *s, int mode)
2775 {
2776 	s->internal->shutdown = mode;
2777 }
2778 
2779 int
2780 SSL_get_shutdown(const SSL *s)
2781 {
2782 	return (s->internal->shutdown);
2783 }
2784 
2785 int
2786 SSL_version(const SSL *s)
2787 {
2788 	return (s->version);
2789 }
2790 
2791 SSL_CTX *
2792 SSL_get_SSL_CTX(const SSL *ssl)
2793 {
2794 	return (ssl->ctx);
2795 }
2796 
2797 SSL_CTX *
2798 SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2799 {
2800 	CERT *new_cert;
2801 
2802 	if (ctx == NULL)
2803 		ctx = ssl->initial_ctx;
2804 	if (ssl->ctx == ctx)
2805 		return (ssl->ctx);
2806 
2807 	if ((new_cert = ssl_cert_dup(ctx->internal->cert)) == NULL)
2808 		return NULL;
2809 	ssl_cert_free(ssl->cert);
2810 	ssl->cert = new_cert;
2811 
2812 	SSL_CTX_up_ref(ctx);
2813 	SSL_CTX_free(ssl->ctx); /* decrement reference count */
2814 	ssl->ctx = ctx;
2815 
2816 	return (ssl->ctx);
2817 }
2818 
2819 int
2820 SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
2821 {
2822 	return (X509_STORE_set_default_paths(ctx->cert_store));
2823 }
2824 
2825 int
2826 SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
2827     const char *CApath)
2828 {
2829 	return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
2830 }
2831 
2832 int
2833 SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len)
2834 {
2835 	return (X509_STORE_load_mem(ctx->cert_store, buf, len));
2836 }
2837 
2838 void
2839 SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
2840 {
2841 	ssl->internal->info_callback = cb;
2842 }
2843 
2844 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
2845 {
2846 	return (ssl->internal->info_callback);
2847 }
2848 
2849 int
2850 SSL_state(const SSL *ssl)
2851 {
2852 	return (S3I(ssl)->hs.state);
2853 }
2854 
2855 void
2856 SSL_set_state(SSL *ssl, int state)
2857 {
2858 	S3I(ssl)->hs.state = state;
2859 }
2860 
2861 void
2862 SSL_set_verify_result(SSL *ssl, long arg)
2863 {
2864 	ssl->verify_result = arg;
2865 }
2866 
2867 long
2868 SSL_get_verify_result(const SSL *ssl)
2869 {
2870 	return (ssl->verify_result);
2871 }
2872 
2873 int
2874 SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2875     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2876 {
2877 	return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
2878 	    new_func, dup_func, free_func));
2879 }
2880 
2881 int
2882 SSL_set_ex_data(SSL *s, int idx, void *arg)
2883 {
2884 	return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg));
2885 }
2886 
2887 void *
2888 SSL_get_ex_data(const SSL *s, int idx)
2889 {
2890 	return (CRYPTO_get_ex_data(&s->internal->ex_data, idx));
2891 }
2892 
2893 int
2894 SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2895     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2896 {
2897 	return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
2898 	    new_func, dup_func, free_func));
2899 }
2900 
2901 int
2902 SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
2903 {
2904 	return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg));
2905 }
2906 
2907 void *
2908 SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
2909 {
2910 	return (CRYPTO_get_ex_data(&s->internal->ex_data, idx));
2911 }
2912 
2913 int
2914 ssl_ok(SSL *s)
2915 {
2916 	return (1);
2917 }
2918 
2919 X509_STORE *
2920 SSL_CTX_get_cert_store(const SSL_CTX *ctx)
2921 {
2922 	return (ctx->cert_store);
2923 }
2924 
2925 void
2926 SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
2927 {
2928 	X509_STORE_free(ctx->cert_store);
2929 	ctx->cert_store = store;
2930 }
2931 
2932 X509 *
2933 SSL_CTX_get0_certificate(const SSL_CTX *ctx)
2934 {
2935 	if (ctx->internal->cert == NULL)
2936 		return NULL;
2937 
2938 	return ctx->internal->cert->key->x509;
2939 }
2940 
2941 int
2942 SSL_want(const SSL *s)
2943 {
2944 	return (s->internal->rwstate);
2945 }
2946 
2947 void
2948 SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export,
2949     int keylength))
2950 {
2951 	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
2952 }
2953 
2954 void
2955 SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
2956     int keylength))
2957 {
2958 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
2959 }
2960 
2961 void
2962 SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export,
2963     int keylength))
2964 {
2965 	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
2966 }
2967 
2968 void
2969 SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
2970     int keylength))
2971 {
2972 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
2973 }
2974 
2975 void
2976 SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,
2977     int is_export, int keylength))
2978 {
2979 	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
2980 	    (void (*)(void))ecdh);
2981 }
2982 
2983 void
2984 SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
2985     int keylength))
2986 {
2987 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
2988 }
2989 
2990 
2991 void
2992 SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version,
2993     int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
2994 {
2995 	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK,
2996 	    (void (*)(void))cb);
2997 }
2998 
2999 void
3000 SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
3001     int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3002 {
3003 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3004 }
3005 
3006 void
3007 SSL_set_debug(SSL *s, int debug)
3008 {
3009 	s->internal->debug = debug;
3010 }
3011 
3012 int
3013 SSL_cache_hit(SSL *s)
3014 {
3015 	return (s->internal->hit);
3016 }
3017 
3018 int
3019 SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
3020 {
3021 	return ctx->internal->min_version;
3022 }
3023 
3024 int
3025 SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version)
3026 {
3027 	return ssl_version_set_min(ctx->method, version,
3028 	    ctx->internal->max_version, &ctx->internal->min_version);
3029 }
3030 
3031 int
3032 SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
3033 {
3034 	return ctx->internal->max_version;
3035 }
3036 
3037 int
3038 SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version)
3039 {
3040 	return ssl_version_set_max(ctx->method, version,
3041 	    ctx->internal->min_version, &ctx->internal->max_version);
3042 }
3043 
3044 int
3045 SSL_get_min_proto_version(SSL *ssl)
3046 {
3047 	return ssl->internal->min_version;
3048 }
3049 
3050 int
3051 SSL_set_min_proto_version(SSL *ssl, uint16_t version)
3052 {
3053 	return ssl_version_set_min(ssl->method, version,
3054 	    ssl->internal->max_version, &ssl->internal->min_version);
3055 }
3056 int
3057 SSL_get_max_proto_version(SSL *ssl)
3058 {
3059 	return ssl->internal->max_version;
3060 }
3061 
3062 int
3063 SSL_set_max_proto_version(SSL *ssl, uint16_t version)
3064 {
3065 	return ssl_version_set_max(ssl->method, version,
3066 	    ssl->internal->min_version, &ssl->internal->max_version);
3067 }
3068 
3069 static int
3070 ssl_cipher_id_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
3071 {
3072 	SSL_CIPHER const *a = a_;
3073 	SSL_CIPHER const *b = b_;
3074 	return ssl_cipher_id_cmp(a, b);
3075 }
3076 
3077 SSL_CIPHER *
3078 OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num)
3079 {
3080 	return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER),
3081 	    ssl_cipher_id_cmp_BSEARCH_CMP_FN);
3082 }
3083