]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/ssl_lib.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
segmentation fault with 'openssl s_client -prexit -keymatexport'
[thirdparty/openssl.git] / ssl / ssl_lib.c
CommitLineData
0f113f3e 1/*
846e33c7 2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
bf21446a 3 *
846e33c7
RS		 4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
bf21446a 8 */
846e33c7 9
ea262260
BM		 10/* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
0f113f3e 12 * ECC cipher suite support in OpenSSL originally developed by
ea262260
BM		 13 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
14 */
ddac1974
NL		 15/* ====================================================================
16 * Copyright 2005 Nokia. All rights reserved.
17 *
18 * The portions of the attached software ("Contribution") is developed by
19 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
20 * license.
21 *
22 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
23 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
24 * support (see RFC 4279) to OpenSSL.
25 *
26 * No patent licenses or other rights except those expressly stated in
27 * the OpenSSL open source license shall be deemed granted or received
28 * expressly, by implication, estoppel, or otherwise.
29 *
30 * No assurances are provided by Nokia that the Contribution does not
31 * infringe the patent or other intellectual property rights of any third
32 * party or that the license provides you with all the necessary rights
33 * to make use of the Contribution.
34 *
35 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
36 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
37 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
38 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
39 * OTHERWISE.
40 */
bbb8de09 41
463a7b8c 42#include <assert.h>
d02b48c6 43#include <stdio.h>
7b63c0fa 44#include "ssl_locl.h"
ec577822
BM		 45#include <openssl/objects.h>
46#include <openssl/lhash.h>
bb7cd4e3 47#include <openssl/x509v3.h>
6434abbf 48#include <openssl/rand.h>
67c8e7f4 49#include <openssl/ocsp.h>
3c27208f
RS		 50#include <openssl/dh.h>
51#include <openssl/engine.h>
07bbc92c 52#include <openssl/async.h>
3c27208f 53#include <openssl/ct.h>
0f113f3e 54
df2ee0e2 55const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
0f113f3e
MC		 56
57SSL3_ENC_METHOD ssl3_undef_enc_method = {
58 /*
59 * evil casts, but these functions are only called if there's a library
60 * bug
61 */
d102d9df
MC		 62 (int (*)(SSL *, SSL3_RECORD *, unsigned int, int))ssl_undefined_function,
63 (int (*)(SSL *, SSL3_RECORD *, unsigned char *, int))ssl_undefined_function,
0f113f3e
MC		 64 ssl_undefined_function,
65 (int (*)(SSL *, unsigned char *, unsigned char *, int))
66 ssl_undefined_function,
67 (int (*)(SSL *, int))ssl_undefined_function,
68 (int (*)(SSL *, const char *, int, unsigned char *))
69 ssl_undefined_function,
70 0, /* finish_mac_length */
0f113f3e
MC		 71 NULL, /* client_finished_label */
72 0, /* client_finished_label_len */
73 NULL, /* server_finished_label */
74 0, /* server_finished_label_len */
75 (int (*)(int))ssl_undefined_function,
76 (int (*)(SSL *, unsigned char *, size_t, const char *,
77 size_t, const unsigned char *, size_t,
78 int use_context))ssl_undefined_function,
79};
d02b48c6 80
07bbc92c
MC		 81struct ssl_async_args {
82 SSL *s;
83 void *buf;
84 int num;
ec447924 85 enum { READFUNC, WRITEFUNC, OTHERFUNC} type;
add2f5ca 86 union {
ec447924
MC		 87 int (*func_read)(SSL *, void *, int);
88 int (*func_write)(SSL *, const void *, int);
89 int (*func_other)(SSL *);
add2f5ca 90 } f;
07bbc92c
MC		 91};
92
919ba009
VD		 93static const struct {
94 uint8_t mtype;
95 uint8_t ord;
96 int nid;
97} dane_mds[] = {
98 { DANETLS_MATCHING_FULL, 0, NID_undef },
99 { DANETLS_MATCHING_2256, 1, NID_sha256 },
100 { DANETLS_MATCHING_2512, 2, NID_sha512 },
101};
102
103static int dane_ctx_enable(struct dane_ctx_st *dctx)
104{
105 const EVP_MD **mdevp;
106 uint8_t *mdord;
107 uint8_t mdmax = DANETLS_MATCHING_LAST;
108 int n = ((int) mdmax) + 1; /* int to handle PrivMatch(255) */
109 size_t i;
110
111 mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
112 mdord = OPENSSL_zalloc(n * sizeof(*mdord));
113
114 if (mdord == NULL || mdevp == NULL) {
b3bd3d5a 115 OPENSSL_free(mdord);
919ba009
VD		 116 OPENSSL_free(mdevp);
117 SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
118 return 0;
119 }
120
121 /* Install default entries */
122 for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
123 const EVP_MD *md;
124
125 if (dane_mds[i].nid == NID_undef ||
126 (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
127 continue;
128 mdevp[dane_mds[i].mtype] = md;
129 mdord[dane_mds[i].mtype] = dane_mds[i].ord;
130 }
131
132 dctx->mdevp = mdevp;
133 dctx->mdord = mdord;
134 dctx->mdmax = mdmax;
135
136 return 1;
137}
138
139static void dane_ctx_final(struct dane_ctx_st *dctx)
140{
141 OPENSSL_free(dctx->mdevp);
142 dctx->mdevp = NULL;
143
144 OPENSSL_free(dctx->mdord);
145 dctx->mdord = NULL;
146 dctx->mdmax = 0;
147}
148
149static void tlsa_free(danetls_record *t)
150{
151 if (t == NULL)
152 return;
153 OPENSSL_free(t->data);
154 EVP_PKEY_free(t->spki);
155 OPENSSL_free(t);
156}
157
b9aec69a 158static void dane_final(SSL_DANE *dane)
919ba009
VD		 159{
160 sk_danetls_record_pop_free(dane->trecs, tlsa_free);
161 dane->trecs = NULL;
162
163 sk_X509_pop_free(dane->certs, X509_free);
164 dane->certs = NULL;
165
166 X509_free(dane->mcert);
167 dane->mcert = NULL;
168 dane->mtlsa = NULL;
169 dane->mdpth = -1;
170 dane->pdpth = -1;
171}
172
173/*
174 * dane_copy - Copy dane configuration, sans verification state.
175 */
176static int ssl_dane_dup(SSL *to, SSL *from)
177{
178 int num;
179 int i;
180
181 if (!DANETLS_ENABLED(&from->dane))
182 return 1;
183
184 dane_final(&to->dane);
9f6b22b8
VD		 185 to->dane.dctx = &to->ctx->dane;
186 to->dane.trecs = sk_danetls_record_new_null();
187
188 if (to->dane.trecs == NULL) {
189 SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
190 return 0;
191 }
919ba009
VD		 192
193 num = sk_danetls_record_num(from->dane.trecs);
194 for (i = 0; i < num; ++i) {
195 danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
9f6b22b8 196
919ba009
VD		 197 if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
198 t->data, t->dlen) <= 0)
199 return 0;
200 }
201 return 1;
202}
203
204static int dane_mtype_set(
205 struct dane_ctx_st *dctx,
206 const EVP_MD *md,
207 uint8_t mtype,
208 uint8_t ord)
209{
210 int i;
211
212 if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
213 SSLerr(SSL_F_DANE_MTYPE_SET,
214 SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
215 return 0;
216 }
217
218 if (mtype > dctx->mdmax) {
219 const EVP_MD **mdevp;
220 uint8_t *mdord;
221 int n = ((int) mtype) + 1;
222
223 mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
224 if (mdevp == NULL) {
225 SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
226 return -1;
227 }
228 dctx->mdevp = mdevp;
229
230 mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
231 if (mdord == NULL) {
232 SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
233 return -1;
234 }
235 dctx->mdord = mdord;
236
237 /* Zero-fill any gaps */
238 for (i = dctx->mdmax+1; i < mtype; ++i) {
239 mdevp[i] = NULL;
240 mdord[i] = 0;
241 }
242
243 dctx->mdmax = mtype;
244 }
245
246 dctx->mdevp[mtype] = md;
247 /* Coerce ordinal of disabled matching types to 0 */
248 dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
249
250 return 1;
251}
252
b9aec69a 253static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
919ba009
VD		 254{
255 if (mtype > dane->dctx->mdmax)
256 return NULL;
257 return dane->dctx->mdevp[mtype];
258}
259
260static int dane_tlsa_add(
b9aec69a 261 SSL_DANE *dane,
919ba009
VD		 262 uint8_t usage,
263 uint8_t selector,
264 uint8_t mtype,
265 unsigned char *data,
266 size_t dlen)
267{
268 danetls_record *t;
269 const EVP_MD *md = NULL;
270 int ilen = (int)dlen;
271 int i;
9f6b22b8 272 int num;
919ba009
VD		 273
274 if (dane->trecs == NULL) {
275 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
276 return -1;
277 }
278
279 if (ilen < 0 || dlen != (size_t)ilen) {
280 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
281 return 0;
282 }
283
284 if (usage > DANETLS_USAGE_LAST) {
285 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
286 return 0;
287 }
288
289 if (selector > DANETLS_SELECTOR_LAST) {
290 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);
291 return 0;
292 }
293
294 if (mtype != DANETLS_MATCHING_FULL) {
295 md = tlsa_md_get(dane, mtype);
296 if (md == NULL) {
297 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
298 return 0;
299 }
300 }
301
302 if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
303 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
304 return 0;
305 }
306 if (!data) {
307 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);
308 return 0;
309 }
310
311 if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
312 SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
313 return -1;
314 }
315
316 t->usage = usage;
317 t->selector = selector;
318 t->mtype = mtype;
319 t->data = OPENSSL_malloc(ilen);
320 if (t->data == NULL) {
321 tlsa_free(t);
322 SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
323 return -1;
324 }
325 memcpy(t->data, data, ilen);
326 t->dlen = ilen;
327
328 /* Validate and cache full certificate or public key */
329 if (mtype == DANETLS_MATCHING_FULL) {
330 const unsigned char *p = data;
331 X509 *cert = NULL;
332 EVP_PKEY *pkey = NULL;
333
334 switch (selector) {
335 case DANETLS_SELECTOR_CERT:
336 if (!d2i_X509(&cert, &p, dlen) || p < data ||
337 dlen != (size_t)(p - data)) {
338 tlsa_free(t);
339 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
340 return 0;
341 }
342 if (X509_get0_pubkey(cert) == NULL) {
343 tlsa_free(t);
344 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
345 return 0;
346 }
347
348 if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
349 X509_free(cert);
350 break;
351 }
352
353 /*
354 * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
355 * records that contain full certificates of trust-anchors that are
356 * not present in the wire chain. For usage PKIX-TA(0), we augment
357 * the chain with untrusted Full(0) certificates from DNS, in case
358 * they are missing from the chain.
359 */
360 if ((dane->certs == NULL &&
361 (dane->certs = sk_X509_new_null()) == NULL) ||
362 !sk_X509_push(dane->certs, cert)) {
363 SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
364 X509_free(cert);
365 tlsa_free(t);
366 return -1;
367 }
368 break;
369
370 case DANETLS_SELECTOR_SPKI:
371 if (!d2i_PUBKEY(&pkey, &p, dlen) || p < data ||
372 dlen != (size_t)(p - data)) {
373 tlsa_free(t);
374 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
375 return 0;
376 }
377
378 /*
379 * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
380 * records that contain full bare keys of trust-anchors that are
381 * not present in the wire chain.
382 */
383 if (usage == DANETLS_USAGE_DANE_TA)
384 t->spki = pkey;
385 else
386 EVP_PKEY_free(pkey);
387 break;
388 }
389 }
390
391 /*-
392 * Find the right insertion point for the new record.
393 *
394 * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that
395 * they can be processed first, as they require no chain building, and no
396 * expiration or hostname checks. Because DANE-EE(3) is numerically
397 * largest, this is accomplished via descending sort by "usage".
398 *
399 * We also sort in descending order by matching ordinal to simplify
400 * the implementation of digest agility in the verification code.
401 *
402 * The choice of order for the selector is not significant, so we
403 * use the same descending order for consistency.
404 */
9f6b22b8
VD		 405 num = sk_danetls_record_num(dane->trecs);
406 for (i = 0; i < num; ++i) {
919ba009 407 danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
9f6b22b8 408
919ba009
VD		 409 if (rec->usage > usage)
410 continue;
411 if (rec->usage < usage)
412 break;
413 if (rec->selector > selector)
414 continue;
415 if (rec->selector < selector)
416 break;
417 if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
418 continue;
419 break;
420 }
421
422 if (!sk_danetls_record_insert(dane->trecs, t, i)) {
423 tlsa_free(t);
424 SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
425 return -1;
426 }
427 dane->umask |= DANETLS_USAGE_BIT(usage);
428
429 return 1;
430}
431
d31fb0b5
RS		 432static void clear_ciphers(SSL *s)
433{
434 /* clear the current cipher */
435 ssl_clear_cipher_ctx(s);
436 ssl_clear_hash_ctx(&s->read_hash);
437 ssl_clear_hash_ctx(&s->write_hash);
438}
439
4f43d0e7 440int SSL_clear(SSL *s)
0f113f3e 441{
0f113f3e
MC		 442 if (s->method == NULL) {
443 SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
444 return (0);
445 }
d02b48c6 446
0f113f3e
MC		 447 if (ssl_clear_bad_session(s)) {
448 SSL_SESSION_free(s->session);
449 s->session = NULL;
450 }
d62bfb39 451
0f113f3e
MC		 452 s->error = 0;
453 s->hit = 0;
454 s->shutdown = 0;
d02b48c6 455
0f113f3e
MC		 456 if (s->renegotiate) {
457 SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
458 return 0;
459 }
d02b48c6 460
fe3a3291 461 ossl_statem_clear(s);
413c4f45 462
0f113f3e
MC		 463 s->version = s->method->version;
464 s->client_version = s->version;
465 s->rwstate = SSL_NOTHING;
d02b48c6 466
25aaa98a
RS		 467 BUF_MEM_free(s->init_buf);
468 s->init_buf = NULL;
d31fb0b5 469 clear_ciphers(s);
0f113f3e 470 s->first_packet = 0;
d02b48c6 471
919ba009
VD		 472 /* Reset DANE verification result state */
473 s->dane.mdpth = -1;
474 s->dane.pdpth = -1;
475 X509_free(s->dane.mcert);
476 s->dane.mcert = NULL;
477 s->dane.mtlsa = NULL;
478
479 /* Clear the verification result peername */
480 X509_VERIFY_PARAM_move_peername(s->param, NULL);
481
0f113f3e
MC		 482 /*
483 * Check to see if we were changed into a different method, if so, revert
484 * back if we are not doing session-id reuse.
485 */
024f543c 486 if (!ossl_statem_get_in_handshake(s) && (s->session == NULL)
0f113f3e
MC		 487 && (s->method != s->ctx->method)) {
488 s->method->ssl_free(s);
489 s->method = s->ctx->method;
490 if (!s->method->ssl_new(s))
491 return (0);
492 } else
0f113f3e 493 s->method->ssl_clear(s);
33d23b87 494
af9752e5 495 RECORD_LAYER_clear(&s->rlayer);
33d23b87 496
0f113f3e
MC		 497 return (1);
498}
d02b48c6 499
4f43d0e7 500/** Used to change an SSL_CTXs default SSL method type */
0f113f3e
MC		 501int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
502{
503 STACK_OF(SSL_CIPHER) *sk;
504
505 ctx->method = meth;
506
507 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
508 &(ctx->cipher_list_by_id),
509 SSL_DEFAULT_CIPHER_LIST, ctx->cert);
510 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
511 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
512 SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
513 return (0);
514 }
515 return (1);
516}
d02b48c6 517
4f43d0e7 518SSL *SSL_new(SSL_CTX *ctx)
0f113f3e
MC		 519{
520 SSL *s;
521
522 if (ctx == NULL) {
523 SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
524 return (NULL);
525 }
526 if (ctx->method == NULL) {
527 SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
528 return (NULL);
529 }
530
b51bce94 531 s = OPENSSL_zalloc(sizeof(*s));
0f113f3e
MC		 532 if (s == NULL)
533 goto err;
0f113f3e 534
16203f7b
AG		 535 s->lock = CRYPTO_THREAD_lock_new();
536 if (s->lock == NULL) {
537 SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
538 OPENSSL_free(s);
539 return NULL;
540 }
541
c036e210 542 RECORD_LAYER_init(&s->rlayer, s);
28d59af8 543
0f113f3e 544 s->options = ctx->options;
7946ab33
KR		 545 s->min_proto_version = ctx->min_proto_version;
546 s->max_proto_version = ctx->max_proto_version;
0f113f3e
MC		 547 s->mode = ctx->mode;
548 s->max_cert_list = ctx->max_cert_list;
0e04674e 549 s->references = 1;
0f113f3e 550
2c382349
KR		 551 /*
552 * Earlier library versions used to copy the pointer to the CERT, not
553 * its contents; only when setting new parameters for the per-SSL
554 * copy, ssl_cert_new would be called (and the direct reference to
555 * the per-SSL_CTX settings would be lost, but those still were
556 * indirectly accessed for various purposes, and for that reason they
557 * used to be known as s->ctx->default_cert). Now we don't look at the
558 * SSL_CTX's CERT after having duplicated it once.
559 */
560 s->cert = ssl_cert_dup(ctx->cert);
561 if (s->cert == NULL)
562 goto err;
0f113f3e 563
52e1d7b1 564 RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
0f113f3e
MC		 565 s->msg_callback = ctx->msg_callback;
566 s->msg_callback_arg = ctx->msg_callback_arg;
567 s->verify_mode = ctx->verify_mode;
568 s->not_resumable_session_cb = ctx->not_resumable_session_cb;
0f113f3e
MC		 569 s->sid_ctx_length = ctx->sid_ctx_length;
570 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
571 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
572 s->verify_callback = ctx->default_verify_callback;
573 s->generate_session_id = ctx->generate_session_id;
574
575 s->param = X509_VERIFY_PARAM_new();
a71edf3b 576 if (s->param == NULL)
0f113f3e
MC		 577 goto err;
578 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
0f113f3e
MC		 579 s->quiet_shutdown = ctx->quiet_shutdown;
580 s->max_send_fragment = ctx->max_send_fragment;
d102d9df
MC		 581 s->split_send_fragment = ctx->split_send_fragment;
582 s->max_pipelines = ctx->max_pipelines;
94777c9c
MC		 583 if (s->max_pipelines > 1)
584 RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
dad78fb1
MC		 585 if (ctx->default_read_buf_len > 0)
586 SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
bf21446a 587
16203f7b 588 SSL_CTX_up_ref(ctx);
0f113f3e 589 s->ctx = ctx;
0f113f3e
MC		 590 s->tlsext_debug_cb = 0;
591 s->tlsext_debug_arg = NULL;
592 s->tlsext_ticket_expected = 0;
ba261f71 593 s->tlsext_status_type = ctx->tlsext_status_type;
0f113f3e
MC		 594 s->tlsext_status_expected = 0;
595 s->tlsext_ocsp_ids = NULL;
596 s->tlsext_ocsp_exts = NULL;
597 s->tlsext_ocsp_resp = NULL;
598 s->tlsext_ocsp_resplen = -1;
16203f7b 599 SSL_CTX_up_ref(ctx);
0f113f3e
MC		 600 s->initial_ctx = ctx;
601# ifndef OPENSSL_NO_EC
602 if (ctx->tlsext_ecpointformatlist) {
603 s->tlsext_ecpointformatlist =
7644a9ae
RS		 604 OPENSSL_memdup(ctx->tlsext_ecpointformatlist,
605 ctx->tlsext_ecpointformatlist_length);
0f113f3e
MC		 606 if (!s->tlsext_ecpointformatlist)
607 goto err;
608 s->tlsext_ecpointformatlist_length =
609 ctx->tlsext_ecpointformatlist_length;
610 }
611 if (ctx->tlsext_ellipticcurvelist) {
612 s->tlsext_ellipticcurvelist =
7644a9ae
RS		 613 OPENSSL_memdup(ctx->tlsext_ellipticcurvelist,
614 ctx->tlsext_ellipticcurvelist_length);
0f113f3e
MC		 615 if (!s->tlsext_ellipticcurvelist)
616 goto err;
617 s->tlsext_ellipticcurvelist_length =
618 ctx->tlsext_ellipticcurvelist_length;
619 }
620# endif
bf48836c 621# ifndef OPENSSL_NO_NEXTPROTONEG
0f113f3e 622 s->next_proto_negotiated = NULL;
ee2ffc27 623# endif
6f017a8f 624
0f113f3e
MC		 625 if (s->ctx->alpn_client_proto_list) {
626 s->alpn_client_proto_list =
627 OPENSSL_malloc(s->ctx->alpn_client_proto_list_len);
628 if (s->alpn_client_proto_list == NULL)
629 goto err;
630 memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list,
631 s->ctx->alpn_client_proto_list_len);
632 s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
633 }
d02b48c6 634
696178ed 635 s->verified_chain = NULL;
0f113f3e 636 s->verify_result = X509_V_OK;
d02b48c6 637
a974e64a
MC		 638 s->default_passwd_callback = ctx->default_passwd_callback;
639 s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
640
0f113f3e 641 s->method = ctx->method;
d02b48c6 642
0f113f3e
MC		 643 if (!s->method->ssl_new(s))
644 goto err;
d02b48c6 645
0f113f3e 646 s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
bf21446a 647
61986d32 648 if (!SSL_clear(s))
69f68237 649 goto err;
58964a49 650
25a807bc
F		 651 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
652 goto err;
58964a49 653
ddac1974 654#ifndef OPENSSL_NO_PSK
0f113f3e
MC		 655 s->psk_client_callback = ctx->psk_client_callback;
656 s->psk_server_callback = ctx->psk_server_callback;
ddac1974
NL		 657#endif
658
07bbc92c
MC		 659 s->job = NULL;
660
ed29e82a
RP		 661#ifndef OPENSSL_NO_CT
662 if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
663 ctx->ct_validation_callback_arg))
664 goto err;
665#endif
666
16203f7b 667 return s;
0f113f3e 668 err:
62adbcee 669 SSL_free(s);
0f113f3e 670 SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
16203f7b 671 return NULL;
0f113f3e 672}
d02b48c6 673
e417070c
RS		 674int SSL_is_dtls(const SSL *s)
675{
676 return SSL_IS_DTLS(s) ? 1 : 0;
677}
678
c5ebfcab 679int SSL_up_ref(SSL *s)
a18a31e4 680{
16203f7b 681 int i;
c5ebfcab
F		 682
683 if (CRYPTO_atomic_add(&s->references, 1, &i, s->lock) <= 0)
684 return 0;
685
686 REF_PRINT_COUNT("SSL", s);
687 REF_ASSERT_ISNT(i < 2);
688 return ((i > 1) ? 1 : 0);
a18a31e4
MC		 689}
690
0f113f3e
MC		 691int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
692 unsigned int sid_ctx_len)
693{
694 if (sid_ctx_len > sizeof ctx->sid_ctx) {
695 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
696 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
697 return 0;
698 }
699 ctx->sid_ctx_length = sid_ctx_len;
700 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
4eb77b26
BM		 701
702 return 1;
0f113f3e 703}
4eb77b26 704
0f113f3e
MC		 705int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
706 unsigned int sid_ctx_len)
707{
708 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
709 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
710 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
711 return 0;
712 }
713 ssl->sid_ctx_length = sid_ctx_len;
714 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
b4cadc6e
BL		 715
716 return 1;
0f113f3e 717}
b4cadc6e 718
dc644fe2 719int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
0f113f3e 720{
16203f7b 721 CRYPTO_THREAD_write_lock(ctx->lock);
0f113f3e 722 ctx->generate_session_id = cb;
16203f7b 723 CRYPTO_THREAD_unlock(ctx->lock);
0f113f3e
MC		 724 return 1;
725}
dc644fe2
GT		 726
727int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
0f113f3e 728{
16203f7b 729 CRYPTO_THREAD_write_lock(ssl->lock);
0f113f3e 730 ssl->generate_session_id = cb;
16203f7b 731 CRYPTO_THREAD_unlock(ssl->lock);
0f113f3e
MC		 732 return 1;
733}
dc644fe2 734
f85c9904 735int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
0f113f3e
MC		 736 unsigned int id_len)
737{
738 /*
739 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
740 * we can "construct" a session to give us the desired check - ie. to
741 * find if there's a session in the hash table that would conflict with
742 * any new session built out of this id/id_len and the ssl_version in use
743 * by this SSL.
744 */
745 SSL_SESSION r, *p;
746
747 if (id_len > sizeof r.session_id)
748 return 0;
749
750 r.ssl_version = ssl->version;
751 r.session_id_length = id_len;
752 memcpy(r.session_id, id, id_len);
753
e2bb9b9b
TS		 754 CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
755 p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
756 CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
0f113f3e
MC		 757 return (p != NULL);
758}
dc644fe2 759
bb7cd4e3 760int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
0f113f3e
MC		 761{
762 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
763}
bb7cd4e3
DSH		 764
765int SSL_set_purpose(SSL *s, int purpose)
0f113f3e
MC		 766{
767 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
768}
926a56bf 769
bb7cd4e3 770int SSL_CTX_set_trust(SSL_CTX *s, int trust)
0f113f3e
MC		 771{
772 return X509_VERIFY_PARAM_set_trust(s->param, trust);
773}
bb7cd4e3
DSH		 774
775int SSL_set_trust(SSL *s, int trust)
0f113f3e
MC		 776{
777 return X509_VERIFY_PARAM_set_trust(s->param, trust);
778}
bb7cd4e3 779
919ba009
VD		 780int SSL_set1_host(SSL *s, const char *hostname)
781{
782 return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
783}
784
785int SSL_add1_host(SSL *s, const char *hostname)
786{
787 return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
788}
789
790void SSL_set_hostflags(SSL *s, unsigned int flags)
791{
792 X509_VERIFY_PARAM_set_hostflags(s->param, flags);
793}
794
795const char *SSL_get0_peername(SSL *s)
796{
797 return X509_VERIFY_PARAM_get0_peername(s->param);
798}
799
800int SSL_CTX_dane_enable(SSL_CTX *ctx)
801{
802 return dane_ctx_enable(&ctx->dane);
803}
804
805int SSL_dane_enable(SSL *s, const char *basedomain)
806{
b9aec69a 807 SSL_DANE *dane = &s->dane;
919ba009
VD		 808
809 if (s->ctx->dane.mdmax == 0) {
810 SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
811 return 0;
812 }
813 if (dane->trecs != NULL) {
814 SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);
815 return 0;
816 }
817
8d887efa
VD		 818 /*
819 * Default SNI name. This rejects empty names, while set1_host below
820 * accepts them and disables host name checks. To avoid side-effects with
821 * invalid input, set the SNI name first.
822 */
823 if (s->tlsext_hostname == NULL) {
dccd20d1 824 if (!SSL_set_tlsext_host_name(s, basedomain)) {
8d887efa 825 SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
dccd20d1 826 return -1;
8d887efa
VD		 827 }
828 }
829
919ba009
VD		 830 /* Primary RFC6125 reference identifier */
831 if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
832 SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
833 return -1;
834 }
835
919ba009
VD		 836 dane->mdpth = -1;
837 dane->pdpth = -1;
838 dane->dctx = &s->ctx->dane;
839 dane->trecs = sk_danetls_record_new_null();
840
841 if (dane->trecs == NULL) {
842 SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);
843 return -1;
844 }
845 return 1;
846}
847
848int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
849{
b9aec69a 850 SSL_DANE *dane = &s->dane;
919ba009 851
c0a445a9 852 if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
919ba009
VD		 853 return -1;
854 if (dane->mtlsa) {
855 if (mcert)
856 *mcert = dane->mcert;
857 if (mspki)
858 *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
859 }
860 return dane->mdpth;
861}
862
863int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
864 uint8_t *mtype, unsigned const char **data, size_t *dlen)
865{
b9aec69a 866 SSL_DANE *dane = &s->dane;
919ba009 867
c0a445a9 868 if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
919ba009
VD		 869 return -1;
870 if (dane->mtlsa) {
871 if (usage)
872 *usage = dane->mtlsa->usage;
873 if (selector)
874 *selector = dane->mtlsa->selector;
875 if (mtype)
876 *mtype = dane->mtlsa->mtype;
877 if (data)
878 *data = dane->mtlsa->data;
879 if (dlen)
880 *dlen = dane->mtlsa->dlen;
881 }
882 return dane->mdpth;
883}
884
b9aec69a 885SSL_DANE *SSL_get0_dane(SSL *s)
919ba009
VD		 886{
887 return &s->dane;
888}
889
890int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
891 uint8_t mtype, unsigned char *data, size_t dlen)
892{
893 return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
894}
895
896int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, uint8_t ord)
897{
898 return dane_mtype_set(&ctx->dane, md, mtype, ord);
899}
900
ccf11751 901int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
0f113f3e
MC		 902{
903 return X509_VERIFY_PARAM_set1(ctx->param, vpm);
904}
ccf11751
DSH		 905
906int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
0f113f3e
MC		 907{
908 return X509_VERIFY_PARAM_set1(ssl->param, vpm);
909}
ccf11751 910
7af31968 911X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
0f113f3e
MC		 912{
913 return ctx->param;
914}
7af31968
DSH		 915
916X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
0f113f3e
MC		 917{
918 return ssl->param;
919}
7af31968 920
a5ee80b9 921void SSL_certs_clear(SSL *s)
0f113f3e
MC		 922{
923 ssl_cert_clear_certs(s->cert);
924}
a5ee80b9 925
4f43d0e7 926void SSL_free(SSL *s)
0f113f3e
MC		 927{
928 int i;
58964a49 929
0f113f3e
MC		 930 if (s == NULL)
931 return;
e03ddfae 932
16203f7b 933 CRYPTO_atomic_add(&s->references, -1, &i, s->lock);
f3f1cf84 934 REF_PRINT_COUNT("SSL", s);
0f113f3e
MC		 935 if (i > 0)
936 return;
f3f1cf84 937 REF_ASSERT_ISNT(i < 0);
d02b48c6 938
222561fe 939 X509_VERIFY_PARAM_free(s->param);
919ba009 940 dane_final(&s->dane);
0f113f3e
MC		 941 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
942
943 if (s->bbio != NULL) {
944 /* If the buffering BIO is in place, pop it off */
945 if (s->bbio == s->wbio) {
946 s->wbio = BIO_pop(s->wbio);
947 }
948 BIO_free(s->bbio);
949 s->bbio = NULL;
950 }
ca3a82c3 951 if (s->wbio != s->rbio)
0f113f3e 952 BIO_free_all(s->wbio);
325cfa85 953 BIO_free_all(s->rbio);
0f113f3e 954
25aaa98a 955 BUF_MEM_free(s->init_buf);
0f113f3e
MC		 956
957 /* add extra stuff */
25aaa98a
RS		 958 sk_SSL_CIPHER_free(s->cipher_list);
959 sk_SSL_CIPHER_free(s->cipher_list_by_id);
0f113f3e
MC		 960
961 /* Make the next call work :-) */
962 if (s->session != NULL) {
963 ssl_clear_bad_session(s);
964 SSL_SESSION_free(s->session);
965 }
966
d31fb0b5 967 clear_ciphers(s);
d02b48c6 968
e0e920b1 969 ssl_cert_free(s->cert);
0f113f3e 970 /* Free up if allocated */
d02b48c6 971
b548a1f1 972 OPENSSL_free(s->tlsext_hostname);
e0e920b1 973 SSL_CTX_free(s->initial_ctx);
e481f9b9 974#ifndef OPENSSL_NO_EC
b548a1f1
RS		 975 OPENSSL_free(s->tlsext_ecpointformatlist);
976 OPENSSL_free(s->tlsext_ellipticcurvelist);
e481f9b9 977#endif /* OPENSSL_NO_EC */
222561fe 978 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
3e41ac35 979#ifndef OPENSSL_NO_OCSP
25aaa98a 980 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
3e41ac35 981#endif
ed29e82a
RP		 982#ifndef OPENSSL_NO_CT
983 SCT_LIST_free(s->scts);
984 OPENSSL_free(s->tlsext_scts);
985#endif
b548a1f1
RS		 986 OPENSSL_free(s->tlsext_ocsp_resp);
987 OPENSSL_free(s->alpn_client_proto_list);
0f113f3e 988
222561fe 989 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
0f113f3e 990
696178ed
DSH		 991 sk_X509_pop_free(s->verified_chain, X509_free);
992
0f113f3e
MC		 993 if (s->method != NULL)
994 s->method->ssl_free(s);
995
f161995e 996 RECORD_LAYER_release(&s->rlayer);
33d23b87 997
e0e920b1 998 SSL_CTX_free(s->ctx);
7c3908dd 999
ff75a257
MC		 1000 ASYNC_WAIT_CTX_free(s->waitctx);
1001
e481f9b9 1002#if !defined(OPENSSL_NO_NEXTPROTONEG)
b548a1f1 1003 OPENSSL_free(s->next_proto_negotiated);
ee2ffc27
BL		 1004#endif
1005
e783bae2 1006#ifndef OPENSSL_NO_SRTP
25aaa98a 1007 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
0f113f3e
MC		 1008#endif
1009
16203f7b
AG		 1010 CRYPTO_THREAD_lock_free(s->lock);
1011
0f113f3e
MC		 1012 OPENSSL_free(s);
1013}
1014
3ffbe008
MC		 1015void SSL_set_rbio(SSL *s, BIO *rbio)
1016{
ca3a82c3 1017 if (s->rbio != rbio)
3ffbe008
MC		 1018 BIO_free_all(s->rbio);
1019 s->rbio = rbio;
1020}
1021
1022void SSL_set_wbio(SSL *s, BIO *wbio)
0f113f3e
MC		 1023{
1024 /*
1025 * If the output buffering BIO is still in place, remove it
1026 */
1027 if (s->bbio != NULL) {
1028 if (s->wbio == s->bbio) {
a146ae55
MC		 1029 s->wbio = BIO_next(s->wbio);
1030 BIO_set_next(s->bbio, NULL);
0f113f3e
MC		 1031 }
1032 }
ca3a82c3 1033 if (s->wbio != wbio && s->rbio != s->wbio)
0f113f3e 1034 BIO_free_all(s->wbio);
0f113f3e
MC		 1035 s->wbio = wbio;
1036}
d02b48c6 1037
3ffbe008
MC		 1038void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
1039{
1040 SSL_set_wbio(s, wbio);
1041 SSL_set_rbio(s, rbio);
1042}
1043
0821bcd4 1044BIO *SSL_get_rbio(const SSL *s)
0f113f3e
MC		 1045{
1046 return (s->rbio);
1047}
d02b48c6 1048
0821bcd4 1049BIO *SSL_get_wbio(const SSL *s)
0f113f3e
MC		 1050{
1051 return (s->wbio);
1052}
d02b48c6 1053
0821bcd4 1054int SSL_get_fd(const SSL *s)
0f113f3e
MC		 1055{
1056 return (SSL_get_rfd(s));
1057}
24cbf3ef 1058
0821bcd4 1059int SSL_get_rfd(const SSL *s)
0f113f3e
MC		 1060{
1061 int ret = -1;
1062 BIO *b, *r;
1063
1064 b = SSL_get_rbio(s);
1065 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
1066 if (r != NULL)
1067 BIO_get_fd(r, &ret);
1068 return (ret);
1069}
d02b48c6 1070
0821bcd4 1071int SSL_get_wfd(const SSL *s)
0f113f3e
MC		 1072{
1073 int ret = -1;
1074 BIO *b, *r;
1075
1076 b = SSL_get_wbio(s);
1077 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
1078 if (r != NULL)
1079 BIO_get_fd(r, &ret);
1080 return (ret);
1081}
24cbf3ef 1082
bc36ee62 1083#ifndef OPENSSL_NO_SOCK
0f113f3e
MC		 1084int SSL_set_fd(SSL *s, int fd)
1085{
1086 int ret = 0;
1087 BIO *bio = NULL;
1088
1089 bio = BIO_new(BIO_s_socket());
1090
1091 if (bio == NULL) {
1092 SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
1093 goto err;
1094 }
1095 BIO_set_fd(bio, fd, BIO_NOCLOSE);
1096 SSL_set_bio(s, bio, bio);
1097 ret = 1;
1098 err:
1099 return (ret);
1100}
d02b48c6 1101
0f113f3e
MC		 1102int SSL_set_wfd(SSL *s, int fd)
1103{
1104 int ret = 0;
1105 BIO *bio = NULL;
1106
1107 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
1108 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
1109 bio = BIO_new(BIO_s_socket());
1110
1111 if (bio == NULL) {
1112 SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
1113 goto err;
1114 }
1115 BIO_set_fd(bio, fd, BIO_NOCLOSE);
1116 SSL_set_bio(s, SSL_get_rbio(s), bio);
1117 } else
1118 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
1119 ret = 1;
1120 err:
1121 return (ret);
1122}
1123
1124int SSL_set_rfd(SSL *s, int fd)
1125{
1126 int ret = 0;
1127 BIO *bio = NULL;
1128
1129 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
1130 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
1131 bio = BIO_new(BIO_s_socket());
1132
1133 if (bio == NULL) {
1134 SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
1135 goto err;
1136 }
1137 BIO_set_fd(bio, fd, BIO_NOCLOSE);
1138 SSL_set_bio(s, bio, SSL_get_wbio(s));
1139 } else
1140 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
1141 ret = 1;
1142 err:
1143 return (ret);
1144}
1145#endif
ca03109c
BM		 1146
1147/* return length of latest Finished message we sent, copy to 'buf' */
0821bcd4 1148size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
0f113f3e
MC		 1149{
1150 size_t ret = 0;
1151
1152 if (s->s3 != NULL) {
1153 ret = s->s3->tmp.finish_md_len;
1154 if (count > ret)
1155 count = ret;
1156 memcpy(buf, s->s3->tmp.finish_md, count);
1157 }
1158 return ret;
1159}
ca03109c
BM		 1160
1161/* return length of latest Finished message we expected, copy to 'buf' */
0821bcd4 1162size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
0f113f3e
MC		 1163{
1164 size_t ret = 0;
ca03109c 1165
0f113f3e
MC		 1166 if (s->s3 != NULL) {
1167 ret = s->s3->tmp.peer_finish_md_len;
1168 if (count > ret)
1169 count = ret;
1170 memcpy(buf, s->s3->tmp.peer_finish_md, count);
1171 }
1172 return ret;
1173}
ca03109c 1174
0821bcd4 1175int SSL_get_verify_mode(const SSL *s)
0f113f3e
MC		 1176{
1177 return (s->verify_mode);
1178}
d02b48c6 1179
0821bcd4 1180int SSL_get_verify_depth(const SSL *s)
0f113f3e
MC		 1181{
1182 return X509_VERIFY_PARAM_get_depth(s->param);
1183}
7f89714e 1184
0f113f3e
MC		 1185int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
1186 return (s->verify_callback);
1187}
d02b48c6 1188
0821bcd4 1189int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
0f113f3e
MC		 1190{
1191 return (ctx->verify_mode);
1192}
d02b48c6 1193
0821bcd4 1194int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
0f113f3e
MC		 1195{
1196 return X509_VERIFY_PARAM_get_depth(ctx->param);
1197}
1198
1199int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
1200 return (ctx->default_verify_callback);
1201}
1202
1203void SSL_set_verify(SSL *s, int mode,
1204 int (*callback) (int ok, X509_STORE_CTX *ctx))
1205{
1206 s->verify_mode = mode;
1207 if (callback != NULL)
1208 s->verify_callback = callback;
1209}
1210
1211void SSL_set_verify_depth(SSL *s, int depth)
1212{
1213 X509_VERIFY_PARAM_set_depth(s->param, depth);
1214}
1215
1216void SSL_set_read_ahead(SSL *s, int yes)
1217{
52e1d7b1 1218 RECORD_LAYER_set_read_ahead(&s->rlayer, yes);
0f113f3e 1219}
d02b48c6 1220
0821bcd4 1221int SSL_get_read_ahead(const SSL *s)
0f113f3e 1222{
52e1d7b1 1223 return RECORD_LAYER_get_read_ahead(&s->rlayer);
0f113f3e 1224}
d02b48c6 1225
0821bcd4 1226int SSL_pending(const SSL *s)
0f113f3e
MC		 1227{
1228 /*
1229 * SSL_pending cannot work properly if read-ahead is enabled
1230 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
1231 * impossible to fix since SSL_pending cannot report errors that may be
1232 * observed while scanning the new data. (Note that SSL_pending() is
1233 * often used as a boolean value, so we'd better not return -1.)
1234 */
1235 return (s->method->ssl_pending(s));
1236}
d02b48c6 1237
49580f25
MC		 1238int SSL_has_pending(const SSL *s)
1239{
1240 /*
1241 * Similar to SSL_pending() but returns a 1 to indicate that we have
1242 * unprocessed data available or 0 otherwise (as opposed to the number of
1243 * bytes available). Unlike SSL_pending() this will take into account
1244 * read_ahead data. A 1 return simply indicates that we have unprocessed
1245 * data. That data may not result in any application data, or we may fail
1246 * to parse the records for some reason.
1247 */
1248 if (SSL_pending(s))
1249 return 1;
1250
1251 return RECORD_LAYER_read_pending(&s->rlayer);
1252}
1253
0821bcd4 1254X509 *SSL_get_peer_certificate(const SSL *s)
0f113f3e
MC		 1255{
1256 X509 *r;
d02b48c6 1257
0f113f3e
MC		 1258 if ((s == NULL) || (s->session == NULL))
1259 r = NULL;
1260 else
1261 r = s->session->peer;
d02b48c6 1262
0f113f3e
MC		 1263 if (r == NULL)
1264 return (r);
d02b48c6 1265
05f0fb9f 1266 X509_up_ref(r);
0f113f3e
MC		 1267
1268 return (r);
1269}
d02b48c6 1270
0821bcd4 1271STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
0f113f3e
MC		 1272{
1273 STACK_OF(X509) *r;
1274
c34b0f99 1275 if ((s == NULL) || (s->session == NULL))
0f113f3e
MC		 1276 r = NULL;
1277 else
c34b0f99 1278 r = s->session->peer_chain;
0f113f3e
MC		 1279
1280 /*
1281 * If we are a client, cert_chain includes the peer's own certificate; if
1282 * we are a server, it does not.
1283 */
1284
1285 return (r);
1286}
1287
1288/*
1289 * Now in theory, since the calling process own 't' it should be safe to
1290 * modify. We need to be able to read f without being hassled
1291 */
17dd65e6 1292int SSL_copy_session_id(SSL *t, const SSL *f)
0f113f3e 1293{
16203f7b 1294 int i;
0f113f3e 1295 /* Do we need to to SSL locking? */
61986d32 1296 if (!SSL_set_session(t, SSL_get_session(f))) {
17dd65e6 1297 return 0;
69f68237 1298 }
0f113f3e
MC		 1299
1300 /*
87d9cafa 1301 * what if we are setup for one protocol version but want to talk another
0f113f3e
MC		 1302 */
1303 if (t->method != f->method) {
919ba009
VD		 1304 t->method->ssl_free(t);
1305 t->method = f->method;
1306 if (t->method->ssl_new(t) == 0)
1307 return 0;
0f113f3e
MC		 1308 }
1309
16203f7b 1310 CRYPTO_atomic_add(&f->cert->references, 1, &i, f->cert->lock);
24a0d393
KR		 1311 ssl_cert_free(t->cert);
1312 t->cert = f->cert;
61986d32 1313 if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) {
17dd65e6 1314 return 0;
69f68237 1315 }
17dd65e6
MC		 1316
1317 return 1;
0f113f3e 1318}
d02b48c6 1319
58964a49 1320/* Fix this so it checks all the valid key/cert options */
0821bcd4 1321int SSL_CTX_check_private_key(const SSL_CTX *ctx)
0f113f3e
MC		 1322{
1323 if ((ctx == NULL) ||
24a0d393 1324 (ctx->cert->key->x509 == NULL)) {
0f113f3e
MC		 1325 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
1326 SSL_R_NO_CERTIFICATE_ASSIGNED);
1327 return (0);
1328 }
1329 if (ctx->cert->key->privatekey == NULL) {
1330 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
1331 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
1332 return (0);
1333 }
1334 return (X509_check_private_key
1335 (ctx->cert->key->x509, ctx->cert->key->privatekey));
1336}
d02b48c6 1337
58964a49 1338/* Fix this function so that it takes an optional type parameter */
0821bcd4 1339int SSL_check_private_key(const SSL *ssl)
0f113f3e
MC		 1340{
1341 if (ssl == NULL) {
1342 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
1343 return (0);
1344 }
0f113f3e
MC		 1345 if (ssl->cert->key->x509 == NULL) {
1346 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
1347 return (0);
1348 }
1349 if (ssl->cert->key->privatekey == NULL) {
1350 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
1351 return (0);
1352 }
1353 return (X509_check_private_key(ssl->cert->key->x509,
1354 ssl->cert->key->privatekey));
1355}
d02b48c6 1356
07bbc92c
MC		 1357int SSL_waiting_for_async(SSL *s)
1358{
82676094
MC		 1359 if(s->job)
1360 return 1;
1361
07bbc92c
MC		 1362 return 0;
1363}
1364
ff75a257 1365int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
f4da39d2 1366{
ff75a257
MC		 1367 ASYNC_WAIT_CTX *ctx = s->waitctx;
1368
1369 if (ctx == NULL)
1370 return 0;
1371 return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
1372}
f4da39d2 1373
ff75a257
MC		 1374int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
1375 OSSL_ASYNC_FD *delfd, size_t *numdelfds)
1376{
1377 ASYNC_WAIT_CTX *ctx = s->waitctx;
1378
1379 if (ctx == NULL)
1380 return 0;
1381 return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
1382 numdelfds);
f4da39d2
MC		 1383}
1384
4f43d0e7 1385int SSL_accept(SSL *s)
0f113f3e 1386{
c4c32155 1387 if (s->handshake_func == NULL) {
0f113f3e
MC		 1388 /* Not properly initialized yet */
1389 SSL_set_accept_state(s);
07bbc92c 1390 }
add2f5ca
MC		 1391
1392 return SSL_do_handshake(s);
0f113f3e 1393}
d02b48c6 1394
4f43d0e7 1395int SSL_connect(SSL *s)
0f113f3e 1396{
c4c32155 1397 if (s->handshake_func == NULL) {
0f113f3e
MC		 1398 /* Not properly initialized yet */
1399 SSL_set_connect_state(s);
add2f5ca 1400 }
b31b04d9 1401
add2f5ca 1402 return SSL_do_handshake(s);
0f113f3e 1403}
d02b48c6 1404
0821bcd4 1405long SSL_get_default_timeout(const SSL *s)
0f113f3e
MC		 1406{
1407 return (s->method->get_timeout());
1408}
1409
7fecbf6f 1410static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
add2f5ca
MC		 1411 int (*func)(void *)) {
1412 int ret;
ff75a257
MC		 1413 if (s->waitctx == NULL) {
1414 s->waitctx = ASYNC_WAIT_CTX_new();
1415 if (s->waitctx == NULL)
1416 return -1;
1417 }
1418 switch(ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
add2f5ca
MC		 1419 sizeof(struct ssl_async_args))) {
1420 case ASYNC_ERR:
1421 s->rwstate = SSL_NOTHING;
7fecbf6f 1422 SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
add2f5ca
MC		 1423 return -1;
1424 case ASYNC_PAUSE:
1425 s->rwstate = SSL_ASYNC_PAUSED;
1426 return -1;
fc7f190c
MC		 1427 case ASYNC_NO_JOBS:
1428 s->rwstate = SSL_ASYNC_NO_JOBS;
1429 return -1;
add2f5ca
MC		 1430 case ASYNC_FINISH:
1431 s->job = NULL;
1432 return ret;
1433 default:
1434 s->rwstate = SSL_NOTHING;
7fecbf6f 1435 SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
add2f5ca
MC		 1436 /* Shouldn't happen */
1437 return -1;
1438 }
1439}
07bbc92c 1440
add2f5ca 1441static int ssl_io_intern(void *vargs)
07bbc92c
MC		 1442{
1443 struct ssl_async_args *args;
1444 SSL *s;
1445 void *buf;
1446 int num;
1447
1448 args = (struct ssl_async_args *)vargs;
1449 s = args->s;
1450 buf = args->buf;
1451 num = args->num;
ec447924
MC		 1452 switch (args->type) {
1453 case READFUNC:
1454 return args->f.func_read(s, buf, num);
1455 case WRITEFUNC:
1456 return args->f.func_write(s, buf, num);
1457 case OTHERFUNC:
1458 return args->f.func_other(s);
1459 }
1460 return -1;
07bbc92c
MC		 1461}
1462
0f113f3e
MC		 1463int SSL_read(SSL *s, void *buf, int num)
1464{
c4c32155 1465 if (s->handshake_func == NULL) {
0f113f3e
MC		 1466 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
1467 return -1;
1468 }
1469
1470 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1471 s->rwstate = SSL_NOTHING;
1472 return (0);
1473 }
07bbc92c 1474
44a27ac2 1475 if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
add2f5ca
MC		 1476 struct ssl_async_args args;
1477
1478 args.s = s;
1479 args.buf = buf;
1480 args.num = num;
ec447924
MC		 1481 args.type = READFUNC;
1482 args.f.func_read = s->method->ssl_read;
add2f5ca 1483
7fecbf6f 1484 return ssl_start_async_job(s, &args, ssl_io_intern);
07bbc92c
MC		 1485 } else {
1486 return s->method->ssl_read(s, buf, num);
1487 }
0f113f3e
MC		 1488}
1489
1490int SSL_peek(SSL *s, void *buf, int num)
1491{
c4c32155 1492 if (s->handshake_func == NULL) {
0f113f3e
MC		 1493 SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
1494 return -1;
1495 }
1496
1497 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1498 return (0);
1499 }
add2f5ca
MC		 1500 if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
1501 struct ssl_async_args args;
0f113f3e 1502
add2f5ca
MC		 1503 args.s = s;
1504 args.buf = buf;
1505 args.num = num;
ec447924
MC		 1506 args.type = READFUNC;
1507 args.f.func_read = s->method->ssl_peek;
07bbc92c 1508
7fecbf6f 1509 return ssl_start_async_job(s, &args, ssl_io_intern);
add2f5ca
MC		 1510 } else {
1511 return s->method->ssl_peek(s, buf, num);
1512 }
07bbc92c
MC		 1513}
1514
0f113f3e
MC		 1515int SSL_write(SSL *s, const void *buf, int num)
1516{
c4c32155 1517 if (s->handshake_func == NULL) {
0f113f3e
MC		 1518 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
1519 return -1;
1520 }
1521
1522 if (s->shutdown & SSL_SENT_SHUTDOWN) {
1523 s->rwstate = SSL_NOTHING;
1524 SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
1525 return (-1);
1526 }
07bbc92c 1527
44a27ac2 1528 if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
add2f5ca
MC		 1529 struct ssl_async_args args;
1530
1531 args.s = s;
1532 args.buf = (void *)buf;
1533 args.num = num;
ec447924
MC		 1534 args.type = WRITEFUNC;
1535 args.f.func_write = s->method->ssl_write;
add2f5ca 1536
7fecbf6f 1537 return ssl_start_async_job(s, &args, ssl_io_intern);
07bbc92c
MC		 1538 } else {
1539 return s->method->ssl_write(s, buf, num);
1540 }
0f113f3e 1541}
d02b48c6 1542
4f43d0e7 1543int SSL_shutdown(SSL *s)
0f113f3e
MC		 1544{
1545 /*
1546 * Note that this function behaves differently from what one might
1547 * expect. Return values are 0 for no success (yet), 1 for success; but
1548 * calling it once is usually not enough, even if blocking I/O is used
1549 * (see ssl3_shutdown).
1550 */
1551
c4c32155 1552 if (s->handshake_func == NULL) {
0f113f3e
MC		 1553 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
1554 return -1;
1555 }
1556
64f9f406
MC		 1557 if (!SSL_in_init(s)) {
1558 if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
1559 struct ssl_async_args args;
ec447924 1560
64f9f406
MC		 1561 args.s = s;
1562 args.type = OTHERFUNC;
1563 args.f.func_other = s->method->ssl_shutdown;
ec447924 1564
64f9f406
MC		 1565 return ssl_start_async_job(s, &args, ssl_io_intern);
1566 } else {
1567 return s->method->ssl_shutdown(s);
1568 }
ec447924 1569 } else {
64f9f406
MC		 1570 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
1571 return -1;
ec447924 1572 }
0f113f3e 1573}
d02b48c6 1574
4f43d0e7 1575int SSL_renegotiate(SSL *s)
0f113f3e
MC		 1576{
1577 if (s->renegotiate == 0)
1578 s->renegotiate = 1;
44959ee4 1579
0f113f3e 1580 s->new_session = 1;
44959ee4 1581
0f113f3e
MC		 1582 return (s->method->ssl_renegotiate(s));
1583}
d02b48c6 1584
44959ee4 1585int SSL_renegotiate_abbreviated(SSL *s)
0f113f3e
MC		 1586{
1587 if (s->renegotiate == 0)
1588 s->renegotiate = 1;
c519e89f 1589
0f113f3e 1590 s->new_session = 0;
c519e89f 1591
0f113f3e
MC		 1592 return (s->method->ssl_renegotiate(s));
1593}
44959ee4 1594
6b0e9fac 1595int SSL_renegotiate_pending(SSL *s)
0f113f3e
MC		 1596{
1597 /*
1598 * becomes true when negotiation is requested; false again once a
1599 * handshake has finished
1600 */
1601 return (s->renegotiate != 0);
1602}
1603
1604long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1605{
1606 long l;
1607
1608 switch (cmd) {
1609 case SSL_CTRL_GET_READ_AHEAD:
52e1d7b1 1610 return (RECORD_LAYER_get_read_ahead(&s->rlayer));
0f113f3e 1611 case SSL_CTRL_SET_READ_AHEAD:
52e1d7b1
MC		 1612 l = RECORD_LAYER_get_read_ahead(&s->rlayer);
1613 RECORD_LAYER_set_read_ahead(&s->rlayer, larg);
0f113f3e
MC		 1614 return (l);
1615
1616 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1617 s->msg_callback_arg = parg;
1618 return 1;
1619
0f113f3e
MC		 1620 case SSL_CTRL_MODE:
1621 return (s->mode |= larg);
1622 case SSL_CTRL_CLEAR_MODE:
1623 return (s->mode &= ~larg);
1624 case SSL_CTRL_GET_MAX_CERT_LIST:
1625 return (s->max_cert_list);
1626 case SSL_CTRL_SET_MAX_CERT_LIST:
1627 l = s->max_cert_list;
1628 s->max_cert_list = larg;
1629 return (l);
1630 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1631 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1632 return 0;
1633 s->max_send_fragment = larg;
d102d9df
MC		 1634 if (s->max_send_fragment < s->split_send_fragment)
1635 s->split_send_fragment = s->max_send_fragment;
1636 return 1;
1637 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
6b99e875 1638 if ((unsigned int)larg > s->max_send_fragment || larg == 0)
d102d9df
MC		 1639 return 0;
1640 s->split_send_fragment = larg;
0f113f3e 1641 return 1;
d102d9df
MC		 1642 case SSL_CTRL_SET_MAX_PIPELINES:
1643 if (larg < 1 || larg > SSL_MAX_PIPELINES)
1644 return 0;
1645 s->max_pipelines = larg;
94777c9c
MC		 1646 if (larg > 1)
1647 RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
07077415 1648 return 1;
0f113f3e
MC		 1649 case SSL_CTRL_GET_RI_SUPPORT:
1650 if (s->s3)
1651 return s->s3->send_connection_binding;
1652 else
1653 return 0;
1654 case SSL_CTRL_CERT_FLAGS:
1655 return (s->cert->cert_flags |= larg);
1656 case SSL_CTRL_CLEAR_CERT_FLAGS:
1657 return (s->cert->cert_flags &= ~larg);
1658
1659 case SSL_CTRL_GET_RAW_CIPHERLIST:
1660 if (parg) {
76106e60 1661 if (s->s3->tmp.ciphers_raw == NULL)
0f113f3e 1662 return 0;
76106e60
DSH		 1663 *(unsigned char **)parg = s->s3->tmp.ciphers_raw;
1664 return (int)s->s3->tmp.ciphers_rawlen;
e9fa092e
EK		 1665 } else {
1666 return TLS_CIPHER_LEN;
1667 }
c5364614 1668 case SSL_CTRL_GET_EXTMS_SUPPORT:
024f543c 1669 if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
dccd20d1
F		 1670 return -1;
1671 if (s->session->flags & SSL_SESS_FLAG_EXTMS)
c5364614
DSH		 1672 return 1;
1673 else
1674 return 0;
7946ab33 1675 case SSL_CTRL_SET_MIN_PROTO_VERSION:
4fa52141
VD		 1676 return ssl_set_version_bound(s->ctx->method->version, (int)larg,
1677 &s->min_proto_version);
7946ab33 1678 case SSL_CTRL_SET_MAX_PROTO_VERSION:
4fa52141
VD		 1679 return ssl_set_version_bound(s->ctx->method->version, (int)larg,
1680 &s->max_proto_version);
0f113f3e
MC		 1681 default:
1682 return (s->method->ssl_ctrl(s, cmd, larg, parg));
1683 }
1684}
1685
1686long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
1687{
1688 switch (cmd) {
1689 case SSL_CTRL_SET_MSG_CALLBACK:
1690 s->msg_callback = (void (*)
1691 (int write_p, int version, int content_type,
1692 const void *buf, size_t len, SSL *ssl,
1693 void *arg))(fp);
1694 return 1;
1695
1696 default:
1697 return (s->method->ssl_callback_ctrl(s, cmd, fp));
1698 }
1699}
d3442bc7 1700
3c1d6bbc 1701LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
0f113f3e
MC		 1702{
1703 return ctx->sessions;
1704}
1705
1706long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1707{
1708 long l;
1709 /* For some cases with ctx == NULL perform syntax checks */
1710 if (ctx == NULL) {
1711 switch (cmd) {
14536c8c 1712#ifndef OPENSSL_NO_EC
0f113f3e
MC		 1713 case SSL_CTRL_SET_CURVES_LIST:
1714 return tls1_set_curves_list(NULL, NULL, parg);
1715#endif
1716 case SSL_CTRL_SET_SIGALGS_LIST:
1717 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
1718 return tls1_set_sigalgs_list(NULL, parg, 0);
1719 default:
1720 return 0;
1721 }
1722 }
1723
1724 switch (cmd) {
1725 case SSL_CTRL_GET_READ_AHEAD:
1726 return (ctx->read_ahead);
1727 case SSL_CTRL_SET_READ_AHEAD:
1728 l = ctx->read_ahead;
1729 ctx->read_ahead = larg;
1730 return (l);
1731
1732 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1733 ctx->msg_callback_arg = parg;
1734 return 1;
1735
1736 case SSL_CTRL_GET_MAX_CERT_LIST:
1737 return (ctx->max_cert_list);
1738 case SSL_CTRL_SET_MAX_CERT_LIST:
1739 l = ctx->max_cert_list;
1740 ctx->max_cert_list = larg;
1741 return (l);
1742
1743 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1744 l = ctx->session_cache_size;
1745 ctx->session_cache_size = larg;
1746 return (l);
1747 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1748 return (ctx->session_cache_size);
1749 case SSL_CTRL_SET_SESS_CACHE_MODE:
1750 l = ctx->session_cache_mode;
1751 ctx->session_cache_mode = larg;
1752 return (l);
1753 case SSL_CTRL_GET_SESS_CACHE_MODE:
1754 return (ctx->session_cache_mode);
1755
1756 case SSL_CTRL_SESS_NUMBER:
1757 return (lh_SSL_SESSION_num_items(ctx->sessions));
1758 case SSL_CTRL_SESS_CONNECT:
1759 return (ctx->stats.sess_connect);
1760 case SSL_CTRL_SESS_CONNECT_GOOD:
1761 return (ctx->stats.sess_connect_good);
1762 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1763 return (ctx->stats.sess_connect_renegotiate);
1764 case SSL_CTRL_SESS_ACCEPT:
1765 return (ctx->stats.sess_accept);
1766 case SSL_CTRL_SESS_ACCEPT_GOOD:
1767 return (ctx->stats.sess_accept_good);
1768 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1769 return (ctx->stats.sess_accept_renegotiate);
1770 case SSL_CTRL_SESS_HIT:
1771 return (ctx->stats.sess_hit);
1772 case SSL_CTRL_SESS_CB_HIT:
1773 return (ctx->stats.sess_cb_hit);
1774 case SSL_CTRL_SESS_MISSES:
1775 return (ctx->stats.sess_miss);
1776 case SSL_CTRL_SESS_TIMEOUTS:
1777 return (ctx->stats.sess_timeout);
1778 case SSL_CTRL_SESS_CACHE_FULL:
1779 return (ctx->stats.sess_cache_full);
0f113f3e
MC		 1780 case SSL_CTRL_MODE:
1781 return (ctx->mode |= larg);
1782 case SSL_CTRL_CLEAR_MODE:
1783 return (ctx->mode &= ~larg);
1784 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1785 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1786 return 0;
1787 ctx->max_send_fragment = larg;
d102d9df 1788 if (ctx->max_send_fragment < ctx->split_send_fragment)
bfb155c1 1789 ctx->split_send_fragment = ctx->max_send_fragment;
0f113f3e 1790 return 1;
d102d9df 1791 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
6b99e875 1792 if ((unsigned int)larg > ctx->max_send_fragment || larg == 0)
d102d9df
MC		 1793 return 0;
1794 ctx->split_send_fragment = larg;
1795 return 1;
1796 case SSL_CTRL_SET_MAX_PIPELINES:
1797 if (larg < 1 || larg > SSL_MAX_PIPELINES)
1798 return 0;
1799 ctx->max_pipelines = larg;
07077415 1800 return 1;
0f113f3e
MC		 1801 case SSL_CTRL_CERT_FLAGS:
1802 return (ctx->cert->cert_flags |= larg);
1803 case SSL_CTRL_CLEAR_CERT_FLAGS:
1804 return (ctx->cert->cert_flags &= ~larg);
7946ab33 1805 case SSL_CTRL_SET_MIN_PROTO_VERSION:
4fa52141
VD		 1806 return ssl_set_version_bound(ctx->method->version, (int)larg,
1807 &ctx->min_proto_version);
7946ab33 1808 case SSL_CTRL_SET_MAX_PROTO_VERSION:
4fa52141
VD		 1809 return ssl_set_version_bound(ctx->method->version, (int)larg,
1810 &ctx->max_proto_version);
0f113f3e
MC		 1811 default:
1812 return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
1813 }
1814}
1815
1816long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
1817{
1818 switch (cmd) {
1819 case SSL_CTRL_SET_MSG_CALLBACK:
1820 ctx->msg_callback = (void (*)
1821 (int write_p, int version, int content_type,
1822 const void *buf, size_t len, SSL *ssl,
1823 void *arg))(fp);
1824 return 1;
1825
1826 default:
1827 return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
1828 }
1829}
d3442bc7 1830
ccd86b68 1831int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
0f113f3e 1832{
90d9e49a
DSH		 1833 if (a->id > b->id)
1834 return 1;
1835 if (a->id < b->id)
1836 return -1;
1837 return 0;
0f113f3e
MC		 1838}
1839
1840int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
1841 const SSL_CIPHER *const *bp)
1842{
90d9e49a
DSH		 1843 if ((*ap)->id > (*bp)->id)
1844 return 1;
1845 if ((*ap)->id < (*bp)->id)
1846 return -1;
1847 return 0;
0f113f3e 1848}
d02b48c6 1849
4f43d0e7 1850/** return a STACK of the ciphers available for the SSL and in order of
d02b48c6 1851 * preference */
0821bcd4 1852STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
0f113f3e
MC		 1853{
1854 if (s != NULL) {
1855 if (s->cipher_list != NULL) {
1856 return (s->cipher_list);
1857 } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
1858 return (s->ctx->cipher_list);
1859 }
1860 }
1861 return (NULL);
1862}
1863
831eef2c
NM		 1864STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
1865{
1866 if ((s == NULL) || (s->session == NULL) || !s->server)
1867 return NULL;
1868 return s->session->ciphers;
1869}
1870
8b8e5bed 1871STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
0f113f3e
MC		 1872{
1873 STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
1874 int i;
1875 ciphers = SSL_get_ciphers(s);
1876 if (!ciphers)
1877 return NULL;
1878 ssl_set_client_disabled(s);
1879 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1880 const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
1881 if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED)) {
1882 if (!sk)
1883 sk = sk_SSL_CIPHER_new_null();
1884 if (!sk)
1885 return NULL;
1886 if (!sk_SSL_CIPHER_push(sk, c)) {
1887 sk_SSL_CIPHER_free(sk);
1888 return NULL;
1889 }
1890 }
1891 }
1892 return sk;
1893}
8b8e5bed 1894
4f43d0e7 1895/** return a STACK of the ciphers available for the SSL and in order of
d02b48c6 1896 * algorithm id */
f73e07cf 1897STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
0f113f3e
MC		 1898{
1899 if (s != NULL) {
1900 if (s->cipher_list_by_id != NULL) {
1901 return (s->cipher_list_by_id);
1902 } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
1903 return (s->ctx->cipher_list_by_id);
1904 }
1905 }
1906 return (NULL);
1907}
d02b48c6 1908
4f43d0e7 1909/** The old interface to get the same thing as SSL_get_ciphers() */
0f113f3e
MC		 1910const char *SSL_get_cipher_list(const SSL *s, int n)
1911{
4a640fb6 1912 const SSL_CIPHER *c;
0f113f3e
MC		 1913 STACK_OF(SSL_CIPHER) *sk;
1914
1915 if (s == NULL)
1916 return (NULL);
1917 sk = SSL_get_ciphers(s);
1918 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1919 return (NULL);
1920 c = sk_SSL_CIPHER_value(sk, n);
1921 if (c == NULL)
1922 return (NULL);
1923 return (c->name);
1924}
d02b48c6 1925
9d5ac953
KY		 1926/** return a STACK of the ciphers available for the SSL_CTX and in order of
1927 * preference */
1928STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
1929{
1930 if (ctx != NULL)
1931 return ctx->cipher_list;
1932 return NULL;
1933}
1934
25f923dd 1935/** specify the ciphers to be used by default by the SSL_CTX */
018e57c7 1936int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
0f113f3e
MC		 1937{
1938 STACK_OF(SSL_CIPHER) *sk;
1939
1940 sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1941 &ctx->cipher_list_by_id, str, ctx->cert);
1942 /*
1943 * ssl_create_cipher_list may return an empty stack if it was unable to
1944 * find a cipher matching the given rule string (for example if the rule
1945 * string specifies a cipher which has been disabled). This is not an
1946 * error as far as ssl_create_cipher_list is concerned, and hence
1947 * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
1948 */
1949 if (sk == NULL)
1950 return 0;
1951 else if (sk_SSL_CIPHER_num(sk) == 0) {
1952 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1953 return 0;
1954 }
1955 return 1;
1956}
d02b48c6 1957
4f43d0e7 1958/** specify the ciphers to be used by the SSL */
0f113f3e
MC		 1959int SSL_set_cipher_list(SSL *s, const char *str)
1960{
1961 STACK_OF(SSL_CIPHER) *sk;
1962
1963 sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1964 &s->cipher_list_by_id, str, s->cert);
1965 /* see comment in SSL_CTX_set_cipher_list */
1966 if (sk == NULL)
1967 return 0;
1968 else if (sk_SSL_CIPHER_num(sk) == 0) {
1969 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1970 return 0;
1971 }
1972 return 1;
1973}
d02b48c6 1974
0f113f3e
MC		 1975char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1976{
1977 char *p;
1978 STACK_OF(SSL_CIPHER) *sk;
4a640fb6 1979 const SSL_CIPHER *c;
0f113f3e
MC		 1980 int i;
1981
1982 if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2))
1983 return (NULL);
1984
1985 p = buf;
1986 sk = s->session->ciphers;
1987
1988 if (sk_SSL_CIPHER_num(sk) == 0)
1989 return NULL;
1990
1991 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1992 int n;
1993
1994 c = sk_SSL_CIPHER_value(sk, i);
1995 n = strlen(c->name);
1996 if (n + 1 > len) {
1997 if (p != buf)
1998 --p;
1999 *p = '\0';
2000 return buf;
2001 }
a89c9a0d 2002 memcpy(p, c->name, n + 1);
0f113f3e
MC		 2003 p += n;
2004 *(p++) = ':';
2005 len -= n + 1;
2006 }
2007 p[-1] = '\0';
2008 return (buf);
2009}
2010
52b8dad8 2011/** return a servername extension value if provided in Client Hello, or NULL.
f1fd4544 2012 * So far, only host_name types are defined (RFC 3546).
ed3883d2
BM		 2013 */
2014
f1fd4544 2015const char *SSL_get_servername(const SSL *s, const int type)
0f113f3e
MC		 2016{
2017 if (type != TLSEXT_NAMETYPE_host_name)
2018 return NULL;
a13c20f6 2019
0f113f3e
MC		 2020 return s->session && !s->tlsext_hostname ?
2021 s->session->tlsext_hostname : s->tlsext_hostname;
2022}
ed3883d2 2023
f1fd4544 2024int SSL_get_servername_type(const SSL *s)
0f113f3e
MC		 2025{
2026 if (s->session
2027 && (!s->tlsext_hostname ? s->session->
2028 tlsext_hostname : s->tlsext_hostname))
2029 return TLSEXT_NAMETYPE_host_name;
2030 return -1;
2031}
ee2ffc27 2032
0f113f3e
MC		 2033/*
2034 * SSL_select_next_proto implements the standard protocol selection. It is
ee2ffc27 2035 * expected that this function is called from the callback set by
0f113f3e
MC		 2036 * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
2037 * vector of 8-bit, length prefixed byte strings. The length byte itself is
2038 * not included in the length. A byte string of length 0 is invalid. No byte
2039 * string may be truncated. The current, but experimental algorithm for
2040 * selecting the protocol is: 1) If the server doesn't support NPN then this
2041 * is indicated to the callback. In this case, the client application has to
2042 * abort the connection or have a default application level protocol. 2) If
2043 * the server supports NPN, but advertises an empty list then the client
2044 * selects the first protcol in its list, but indicates via the API that this
2045 * fallback case was enacted. 3) Otherwise, the client finds the first
2046 * protocol in the server's list that it supports and selects this protocol.
2047 * This is because it's assumed that the server has better information about
2048 * which protocol a client should use. 4) If the client doesn't support any
2049 * of the server's advertised protocols, then this is treated the same as
2050 * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
2051 * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
ee2ffc27 2052 */
0f113f3e
MC		 2053int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
2054 const unsigned char *server,
2055 unsigned int server_len,
2056 const unsigned char *client,
2057 unsigned int client_len)
2058{
2059 unsigned int i, j;
2060 const unsigned char *result;
2061 int status = OPENSSL_NPN_UNSUPPORTED;
2062
2063 /*
2064 * For each protocol in server preference order, see if we support it.
2065 */
2066 for (i = 0; i < server_len;) {
2067 for (j = 0; j < client_len;) {
2068 if (server[i] == client[j] &&
2069 memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
2070 /* We found a match */
2071 result = &server[i];
2072 status = OPENSSL_NPN_NEGOTIATED;
2073 goto found;
2074 }
2075 j += client[j];
2076 j++;
2077 }
2078 i += server[i];
2079 i++;
2080 }
2081
2082 /* There's no overlap between our protocols and the server's list. */
2083 result = client;
2084 status = OPENSSL_NPN_NO_OVERLAP;
2085
2086 found:
2087 *out = (unsigned char *)result + 1;
2088 *outlen = result[0];
2089 return status;
2090}
ee2ffc27 2091
e481f9b9 2092#ifndef OPENSSL_NO_NEXTPROTONEG
0f113f3e
MC		 2093/*
2094 * SSL_get0_next_proto_negotiated sets *data and *len to point to the
2095 * client's requested protocol for this connection and returns 0. If the
2096 * client didn't request any protocol, then *data is set to NULL. Note that
2097 * the client can request any protocol it chooses. The value returned from
2098 * this function need not be a member of the list of supported protocols
ee2ffc27
BL		 2099 * provided by the callback.
2100 */
0f113f3e
MC		 2101void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
2102 unsigned *len)
2103{
2104 *data = s->next_proto_negotiated;
2105 if (!*data) {
2106 *len = 0;
2107 } else {
2108 *len = s->next_proto_negotiated_len;
2109 }
2110}
2111
2112/*
2113 * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when
2114 * a TLS server needs a list of supported protocols for Next Protocol
2115 * Negotiation. The returned list must be in wire format. The list is
2116 * returned by setting |out| to point to it and |outlen| to its length. This
2117 * memory will not be modified, but one should assume that the SSL* keeps a
2118 * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
2119 * wishes to advertise. Otherwise, no such extension will be included in the
2120 * ServerHello.
2121 */
2122void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
2123 int (*cb) (SSL *ssl,
2124 const unsigned char
2125 **out,
2126 unsigned int *outlen,
2127 void *arg), void *arg)
2128{
2129 ctx->next_protos_advertised_cb = cb;
2130 ctx->next_protos_advertised_cb_arg = arg;
2131}
2132
2133/*
2134 * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
ee2ffc27
BL		 2135 * client needs to select a protocol from the server's provided list. |out|
2136 * must be set to point to the selected protocol (which may be within |in|).
0f113f3e
MC		 2137 * The length of the protocol name must be written into |outlen|. The
2138 * server's advertised protocols are provided in |in| and |inlen|. The
2139 * callback can assume that |in| is syntactically valid. The client must
2140 * select a protocol. It is fatal to the connection if this callback returns
2141 * a value other than SSL_TLSEXT_ERR_OK.
ee2ffc27 2142 */
0f113f3e
MC		 2143void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
2144 int (*cb) (SSL *s, unsigned char **out,
2145 unsigned char *outlen,
2146 const unsigned char *in,
2147 unsigned int inlen,
2148 void *arg), void *arg)
2149{
2150 ctx->next_proto_select_cb = cb;
2151 ctx->next_proto_select_cb_arg = arg;
2152}
e481f9b9 2153#endif
a398f821 2154
0f113f3e
MC		 2155/*
2156 * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
6f017a8f 2157 * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
0f113f3e
MC		 2158 * length-prefixed strings). Returns 0 on success.
2159 */
2160int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
817cd0d5 2161 unsigned int protos_len)
0f113f3e 2162{
25aaa98a 2163 OPENSSL_free(ctx->alpn_client_proto_list);
817cd0d5 2164 ctx->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len);
72e9be3d
RS		 2165 if (ctx->alpn_client_proto_list == NULL) {
2166 SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
0f113f3e 2167 return 1;
72e9be3d 2168 }
0f113f3e
MC		 2169 ctx->alpn_client_proto_list_len = protos_len;
2170
2171 return 0;
2172}
2173
2174/*
2175 * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
6f017a8f 2176 * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
0f113f3e
MC		 2177 * length-prefixed strings). Returns 0 on success.
2178 */
2179int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
817cd0d5 2180 unsigned int protos_len)
0f113f3e 2181{
25aaa98a 2182 OPENSSL_free(ssl->alpn_client_proto_list);
817cd0d5 2183 ssl->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len);
72e9be3d
RS		 2184 if (ssl->alpn_client_proto_list == NULL) {
2185 SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
0f113f3e 2186 return 1;
72e9be3d 2187 }
0f113f3e
MC		 2188 ssl->alpn_client_proto_list_len = protos_len;
2189
2190 return 0;
2191}
2192
2193/*
2194 * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
2195 * called during ClientHello processing in order to select an ALPN protocol
2196 * from the client's list of offered protocols.
2197 */
2198void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
2199 int (*cb) (SSL *ssl,
2200 const unsigned char **out,
2201 unsigned char *outlen,
2202 const unsigned char *in,
2203 unsigned int inlen,
2204 void *arg), void *arg)
2205{
2206 ctx->alpn_select_cb = cb;
2207 ctx->alpn_select_cb_arg = arg;
2208}
2209
2210/*
2211 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from
2212 * |ssl|. On return it sets |*data| to point to |*len| bytes of protocol name
2213 * (not including the leading length-prefix byte). If the server didn't
2214 * respond with a negotiated protocol then |*len| will be zero.
2215 */
6f017a8f 2216void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
817cd0d5 2217 unsigned int *len)
0f113f3e
MC		 2218{
2219 *data = NULL;
2220 if (ssl->s3)
2221 *data = ssl->s3->alpn_selected;
2222 if (*data == NULL)
2223 *len = 0;
2224 else
2225 *len = ssl->s3->alpn_selected_len;
2226}
2227
f1fd4544 2228
74b4b494 2229int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
0f113f3e
MC		 2230 const char *label, size_t llen,
2231 const unsigned char *p, size_t plen,
2232 int use_context)
2233{
2234 if (s->version < TLS1_VERSION)
2235 return -1;
e0af0405 2236
0f113f3e
MC		 2237 return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
2238 llen, p, plen,
2239 use_context);
2240}
e0af0405 2241
3c1d6bbc 2242static unsigned long ssl_session_hash(const SSL_SESSION *a)
0f113f3e
MC		 2243{
2244 unsigned long l;
2245
2246 l = (unsigned long)
2247 ((unsigned int)a->session_id[0]) |
2248 ((unsigned int)a->session_id[1] << 8L) |
2249 ((unsigned long)a->session_id[2] << 16L) |
2250 ((unsigned long)a->session_id[3] << 24L);
2251 return (l);
2252}
2253
2254/*
2255 * NB: If this function (or indeed the hash function which uses a sort of
dc644fe2 2256 * coarser function than this one) is changed, ensure
0f113f3e
MC		 2257 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
2258 * being able to construct an SSL_SESSION that will collide with any existing
2259 * session with a matching session ID.
2260 */
2261static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
2262{
2263 if (a->ssl_version != b->ssl_version)
2264 return (1);
2265 if (a->session_id_length != b->session_id_length)
2266 return (1);
2267 return (memcmp(a->session_id, b->session_id, a->session_id_length));
2268}
2269
2270/*
2271 * These wrapper functions should remain rather than redeclaring
d0fa136c 2272 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
0f113f3e
MC		 2273 * variable. The reason is that the functions aren't static, they're exposed
2274 * via ssl.h.
2275 */
97b17195 2276
4ebb342f 2277SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
0f113f3e
MC		 2278{
2279 SSL_CTX *ret = NULL;
2280
2281 if (meth == NULL) {
2282 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
2283 return (NULL);
2284 }
2285
0fc32b07
MC		 2286 if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
2287 return NULL;
7fa792d1 2288
0f113f3e 2289 if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
4fa52141 2290 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE);
0f113f3e
MC		 2291 return NULL;
2292 }
2293
2294 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
2295 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
2296 goto err;
2297 }
b51bce94 2298 ret = OPENSSL_zalloc(sizeof(*ret));
0f113f3e
MC		 2299 if (ret == NULL)
2300 goto err;
2301
0f113f3e 2302 ret->method = meth;
7946ab33
KR		 2303 ret->min_proto_version = 0;
2304 ret->max_proto_version = 0;
0f113f3e
MC		 2305 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
2306 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
64b25758 2307 /* We take the system default. */
0f113f3e 2308 ret->session_timeout = meth->get_timeout();
0f113f3e 2309 ret->references = 1;
16203f7b
AG		 2310 ret->lock = CRYPTO_THREAD_lock_new();
2311 if (ret->lock == NULL) {
2312 SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
2313 OPENSSL_free(ret);
2314 return NULL;
2315 }
0f113f3e 2316 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
0f113f3e 2317 ret->verify_mode = SSL_VERIFY_NONE;
0f113f3e
MC		 2318 if ((ret->cert = ssl_cert_new()) == NULL)
2319 goto err;
2320
62d0577e 2321 ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
0f113f3e
MC		 2322 if (ret->sessions == NULL)
2323 goto err;
2324 ret->cert_store = X509_STORE_new();
2325 if (ret->cert_store == NULL)
2326 goto err;
ed29e82a
RP		 2327#ifndef OPENSSL_NO_CT
2328 ret->ctlog_store = CTLOG_STORE_new();
2329 if (ret->ctlog_store == NULL)
2330 goto err;
2331#endif
61986d32 2332 if (!ssl_create_cipher_list(ret->method,
0f113f3e 2333 &ret->cipher_list, &ret->cipher_list_by_id,
69f68237
MC		 2334 SSL_DEFAULT_CIPHER_LIST, ret->cert)
2335 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
0f113f3e
MC		 2336 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
2337 goto err2;
2338 }
2339
2340 ret->param = X509_VERIFY_PARAM_new();
a71edf3b 2341 if (ret->param == NULL)
0f113f3e
MC		 2342 goto err;
2343
2344 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
2345 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
2346 goto err2;
2347 }
2348 if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
2349 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
2350 goto err2;
2351 }
2352
2353 if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
2354 goto err;
2355
25a807bc
F		 2356 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
2357 goto err;
0f113f3e 2358
0f113f3e
MC		 2359 /* No compression for DTLS */
2360 if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
2361 ret->comp_methods = SSL_COMP_get_compression_methods();
2362
2363 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
d102d9df 2364 ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
566dda07 2365
4e2e1ec9
TS		 2366 /* Setup RFC5077 ticket keys */
2367 if ((RAND_bytes(ret->tlsext_tick_key_name, sizeof(ret->tlsext_tick_key_name)) <= 0)
2368 || (RAND_bytes(ret->tlsext_tick_hmac_key, sizeof(ret->tlsext_tick_hmac_key)) <= 0)
2369 || (RAND_bytes(ret->tlsext_tick_aes_key, sizeof(ret->tlsext_tick_aes_key)) <= 0))
0f113f3e 2370 ret->options |= SSL_OP_NO_TICKET;
6434abbf 2371
edc032b5 2372#ifndef OPENSSL_NO_SRP
61986d32 2373 if (!SSL_CTX_SRP_CTX_init(ret))
69f68237 2374 goto err;
edc032b5 2375#endif
4db9677b 2376#ifndef OPENSSL_NO_ENGINE
0f113f3e
MC		 2377# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
2378# define eng_strx(x) #x
2379# define eng_str(x) eng_strx(x)
2380 /* Use specific client engine automatically... ignore errors */
2381 {
2382 ENGINE *eng;
2383 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
2384 if (!eng) {
2385 ERR_clear_error();
2386 ENGINE_load_builtin_engines();
2387 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
2388 }
2389 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
2390 ERR_clear_error();
2391 }
2392# endif
2393#endif
2394 /*
2395 * Default is to connect to non-RI servers. When RI is more widely
2396 * deployed might change this.
2397 */
2398 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
dc5744cb
EK		 2399 /*
2400 * Disable compression by default to prevent CRIME. Applications can
2401 * re-enable compression by configuring
2402 * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
2403 * or by using the SSL_CONF library.
2404 */
2405 ret->options |= SSL_OP_NO_COMPRESSION;
0f113f3e 2406
ba261f71 2407 ret->tlsext_status_type = -1;
2408
16203f7b 2409 return ret;
0f113f3e
MC		 2410 err:
2411 SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
2412 err2:
e0e920b1 2413 SSL_CTX_free(ret);
16203f7b 2414 return NULL;
0f113f3e 2415}
d02b48c6 2416
c5ebfcab 2417int SSL_CTX_up_ref(SSL_CTX *ctx)
a18a31e4 2418{
16203f7b 2419 int i;
c5ebfcab
F		 2420
2421 if (CRYPTO_atomic_add(&ctx->references, 1, &i, ctx->lock) <= 0)
2422 return 0;
2423
2424 REF_PRINT_COUNT("SSL_CTX", ctx);
2425 REF_ASSERT_ISNT(i < 2);
2426 return ((i > 1) ? 1 : 0);
a18a31e4
MC		 2427}
2428
4f43d0e7 2429void SSL_CTX_free(SSL_CTX *a)
0f113f3e
MC		 2430{
2431 int i;
d02b48c6 2432
0f113f3e
MC		 2433 if (a == NULL)
2434 return;
d02b48c6 2435
16203f7b 2436 CRYPTO_atomic_add(&a->references, -1, &i, a->lock);
f3f1cf84 2437 REF_PRINT_COUNT("SSL_CTX", a);
0f113f3e
MC		 2438 if (i > 0)
2439 return;
f3f1cf84 2440 REF_ASSERT_ISNT(i < 0);
0f113f3e 2441
222561fe 2442 X509_VERIFY_PARAM_free(a->param);
919ba009 2443 dane_ctx_final(&a->dane);
0f113f3e
MC		 2444
2445 /*
2446 * Free internal session cache. However: the remove_cb() may reference
2447 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
2448 * after the sessions were flushed.
2449 * As the ex_data handling routines might also touch the session cache,
2450 * the most secure solution seems to be: empty (flush) the cache, then
2451 * free ex_data, then finally free the cache.
2452 * (See ticket [openssl.org #212].)
2453 */
2454 if (a->sessions != NULL)
2455 SSL_CTX_flush_sessions(a, 0);
2456
2457 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
25aaa98a 2458 lh_SSL_SESSION_free(a->sessions);
222561fe 2459 X509_STORE_free(a->cert_store);
ed29e82a
RP		 2460#ifndef OPENSSL_NO_CT
2461 CTLOG_STORE_free(a->ctlog_store);
2462#endif
25aaa98a
RS		 2463 sk_SSL_CIPHER_free(a->cipher_list);
2464 sk_SSL_CIPHER_free(a->cipher_list_by_id);
e0e920b1 2465 ssl_cert_free(a->cert);
222561fe
RS		 2466 sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
2467 sk_X509_pop_free(a->extra_certs, X509_free);
0f113f3e 2468 a->comp_methods = NULL;
e783bae2 2469#ifndef OPENSSL_NO_SRTP
25aaa98a 2470 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
e783bae2 2471#endif
edc032b5 2472#ifndef OPENSSL_NO_SRP
0f113f3e 2473 SSL_CTX_SRP_CTX_free(a);
edc032b5 2474#endif
bdfe932d 2475#ifndef OPENSSL_NO_ENGINE
7c96dbcd 2476 ENGINE_finish(a->client_cert_engine);
ddac1974 2477#endif
8671b898 2478
e481f9b9 2479#ifndef OPENSSL_NO_EC
25aaa98a
RS		 2480 OPENSSL_free(a->tlsext_ecpointformatlist);
2481 OPENSSL_free(a->tlsext_ellipticcurvelist);
8671b898 2482#endif
e481f9b9 2483 OPENSSL_free(a->alpn_client_proto_list);
8671b898 2484
16203f7b
AG		 2485 CRYPTO_THREAD_lock_free(a->lock);
2486
0f113f3e
MC		 2487 OPENSSL_free(a);
2488}
d02b48c6 2489
3ae76679 2490void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
0f113f3e
MC		 2491{
2492 ctx->default_passwd_callback = cb;
2493}
2494
2495void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
2496{
2497 ctx->default_passwd_callback_userdata = u;
2498}
2499
0c452abc
CH		 2500pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
2501{
2502 return ctx->default_passwd_callback;
2503}
2504
2505void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
2506{
2507 return ctx->default_passwd_callback_userdata;
2508}
2509
a974e64a
MC		 2510void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
2511{
2512 s->default_passwd_callback = cb;
2513}
2514
2515void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
2516{
2517 s->default_passwd_callback_userdata = u;
2518}
2519
0c452abc
CH		 2520pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
2521{
2522 return s->default_passwd_callback;
2523}
2524
2525void *SSL_get_default_passwd_cb_userdata(SSL *s)
2526{
2527 return s->default_passwd_callback_userdata;
2528}
2529
0f113f3e
MC		 2530void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
2531 int (*cb) (X509_STORE_CTX *, void *),
2532 void *arg)
2533{
2534 ctx->app_verify_callback = cb;
2535 ctx->app_verify_arg = arg;
2536}
2537
2538void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
2539 int (*cb) (int, X509_STORE_CTX *))
2540{
2541 ctx->verify_mode = mode;
2542 ctx->default_verify_callback = cb;
2543}
2544
2545void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
2546{
2547 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2548}
2549
2550void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
2551 void *arg)
2552{
2553 ssl_cert_set_cert_cb(c->cert, cb, arg);
2554}
2555
2556void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
2557{
2558 ssl_cert_set_cert_cb(s->cert, cb, arg);
2559}
18d71588 2560
2cf28d61 2561void ssl_set_masks(SSL *s)
0f113f3e 2562{
60f43e9e 2563#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_GOST)
0f113f3e 2564 CERT_PKEY *cpk;
60f43e9e 2565#endif
6383d316 2566 CERT *c = s->cert;
f7d53487 2567 uint32_t *pvalid = s->s3->tmp.valid_flags;
bc71f910 2568 int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
361a1191 2569 unsigned long mask_k, mask_a;
10bf4fc2 2570#ifndef OPENSSL_NO_EC
361a1191 2571 int have_ecc_cert, ecdsa_ok;
0f113f3e 2572 X509 *x = NULL;
14536c8c 2573#endif
0f113f3e
MC		 2574 if (c == NULL)
2575 return;
d02b48c6 2576
bc36ee62 2577#ifndef OPENSSL_NO_DH
0f113f3e 2578 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
d02b48c6 2579#else
361a1191 2580 dh_tmp = 0;
d02b48c6
RE		 2581#endif
2582
6383d316 2583 rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID;
6383d316 2584 rsa_sign = pvalid[SSL_PKEY_RSA_SIGN] & CERT_PKEY_SIGN;
6383d316 2585 dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN;
14536c8c 2586#ifndef OPENSSL_NO_EC
6383d316 2587 have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
14536c8c 2588#endif
0f113f3e
MC		 2589 mask_k = 0;
2590 mask_a = 0;
0e1dba93 2591
d02b48c6 2592#ifdef CIPHER_DEBUG
b7557ccf
AG		 2593 fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",
2594 dh_tmp, rsa_enc, rsa_sign, dsa_sign);
0f113f3e
MC		 2595#endif
2596
2a9b9654 2597#ifndef OPENSSL_NO_GOST
e44380a9
DB		 2598 cpk = &(c->pkeys[SSL_PKEY_GOST12_512]);
2599 if (cpk->x509 != NULL && cpk->privatekey != NULL) {
2600 mask_k |= SSL_kGOST;
2601 mask_a |= SSL_aGOST12;
2602 }
2603 cpk = &(c->pkeys[SSL_PKEY_GOST12_256]);
2604 if (cpk->x509 != NULL && cpk->privatekey != NULL) {
2605 mask_k |= SSL_kGOST;
2606 mask_a |= SSL_aGOST12;
2607 }
0f113f3e
MC		 2608 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2609 if (cpk->x509 != NULL && cpk->privatekey != NULL) {
2610 mask_k |= SSL_kGOST;
2611 mask_a |= SSL_aGOST01;
2612 }
2a9b9654 2613#endif
0f113f3e 2614
361a1191 2615 if (rsa_enc)
0f113f3e 2616 mask_k |= SSL_kRSA;
d02b48c6 2617
0f113f3e
MC		 2618 if (dh_tmp)
2619 mask_k |= SSL_kDHE;
d02b48c6 2620
0f113f3e
MC		 2621 if (rsa_enc || rsa_sign) {
2622 mask_a |= SSL_aRSA;
0f113f3e 2623 }
d02b48c6 2624
0f113f3e
MC		 2625 if (dsa_sign) {
2626 mask_a |= SSL_aDSS;
0f113f3e 2627 }
d02b48c6 2628
0f113f3e 2629 mask_a |= SSL_aNULL;
d02b48c6 2630
0f113f3e
MC		 2631 /*
2632 * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
2633 * depending on the key usage extension.
2634 */
14536c8c 2635#ifndef OPENSSL_NO_EC
0f113f3e 2636 if (have_ecc_cert) {
a8d8e06b 2637 uint32_t ex_kusage;
0f113f3e
MC		 2638 cpk = &c->pkeys[SSL_PKEY_ECC];
2639 x = cpk->x509;
a8d8e06b 2640 ex_kusage = X509_get_key_usage(x);
a8d8e06b 2641 ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
6383d316 2642 if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
0f113f3e 2643 ecdsa_ok = 0;
c7c46256 2644 if (ecdsa_ok)
0f113f3e 2645 mask_a |= SSL_aECDSA;
0f113f3e 2646 }
14536c8c 2647#endif
ea262260 2648
10bf4fc2 2649#ifndef OPENSSL_NO_EC
fe6ef247 2650 mask_k |= SSL_kECDHE;
ea262260 2651#endif
ddac1974
NL		 2652
2653#ifndef OPENSSL_NO_PSK
0f113f3e
MC		 2654 mask_k |= SSL_kPSK;
2655 mask_a |= SSL_aPSK;
526f94ad
DSH		 2656 if (mask_k & SSL_kRSA)
2657 mask_k |= SSL_kRSAPSK;
2658 if (mask_k & SSL_kDHE)
2659 mask_k |= SSL_kDHEPSK;
2660 if (mask_k & SSL_kECDHE)
2661 mask_k |= SSL_kECDHEPSK;
ddac1974
NL		 2662#endif
2663
4d69f9e6
DSH		 2664 s->s3->tmp.mask_k = mask_k;
2665 s->s3->tmp.mask_a = mask_a;
0f113f3e 2666}
d02b48c6 2667
ef236ec3
DSH		 2668#ifndef OPENSSL_NO_EC
2669
a2f9200f 2670int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
0f113f3e 2671{
ce0c1f2b 2672 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
0f113f3e 2673 /* key usage, if present, must allow signing */
ce0c1f2b 2674 if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
0f113f3e
MC		 2675 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2676 SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2677 return 0;
2678 }
2679 }
0f113f3e
MC		 2680 return 1; /* all checks are ok */
2681}
ea262260 2682
ef236ec3
DSH		 2683#endif
2684
2daceb03 2685static int ssl_get_server_cert_index(const SSL *s)
0f113f3e
MC		 2686{
2687 int idx;
2688 idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
2689 if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509)
2690 idx = SSL_PKEY_RSA_SIGN;
e44380a9
DB		 2691 if (idx == SSL_PKEY_GOST_EC) {
2692 if (s->cert->pkeys[SSL_PKEY_GOST12_512].x509)
2693 idx = SSL_PKEY_GOST12_512;
2694 else if (s->cert->pkeys[SSL_PKEY_GOST12_256].x509)
2695 idx = SSL_PKEY_GOST12_256;
2696 else if (s->cert->pkeys[SSL_PKEY_GOST01].x509)
2697 idx = SSL_PKEY_GOST01;
2698 else
2699 idx = -1;
2700 }
0f113f3e
MC		 2701 if (idx == -1)
2702 SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX, ERR_R_INTERNAL_ERROR);
2703 return idx;
2704}
a9e1c50b 2705
6383d316 2706CERT_PKEY *ssl_get_server_send_pkey(SSL *s)
0f113f3e
MC		 2707{
2708 CERT *c;
2709 int i;
ea262260 2710
0f113f3e
MC		 2711 c = s->cert;
2712 if (!s->s3 || !s->s3->tmp.new_cipher)
2713 return NULL;
2cf28d61 2714 ssl_set_masks(s);
a9e1c50b 2715
0f113f3e 2716 i = ssl_get_server_cert_index(s);
a9e1c50b 2717
0f113f3e
MC		 2718 /* This may or may not be an error. */
2719 if (i < 0)
2720 return NULL;
a9e1c50b 2721
0f113f3e
MC		 2722 /* May be NULL. */
2723 return &c->pkeys[i];
2724}
d02b48c6 2725
0f113f3e
MC		 2726EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
2727 const EVP_MD **pmd)
2728{
2729 unsigned long alg_a;
2730 CERT *c;
2731 int idx = -1;
d02b48c6 2732
0f113f3e
MC		 2733 alg_a = cipher->algorithm_auth;
2734 c = s->cert;
d02b48c6 2735
0f113f3e
MC		 2736 if ((alg_a & SSL_aDSS) &&
2737 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2738 idx = SSL_PKEY_DSA_SIGN;
2739 else if (alg_a & SSL_aRSA) {
2740 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2741 idx = SSL_PKEY_RSA_SIGN;
2742 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2743 idx = SSL_PKEY_RSA_ENC;
2744 } else if ((alg_a & SSL_aECDSA) &&
2745 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2746 idx = SSL_PKEY_ECC;
2747 if (idx == -1) {
2748 SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
2749 return (NULL);
2750 }
2751 if (pmd)
d376e57d 2752 *pmd = s->s3->tmp.md[idx];
0f113f3e
MC		 2753 return c->pkeys[idx].privatekey;
2754}
d02b48c6 2755
a398f821 2756int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
0f113f3e
MC		 2757 size_t *serverinfo_length)
2758{
2759 CERT *c = NULL;
2760 int i = 0;
2761 *serverinfo_length = 0;
2762
2763 c = s->cert;
2764 i = ssl_get_server_cert_index(s);
2765
2766 if (i == -1)
2767 return 0;
2768 if (c->pkeys[i].serverinfo == NULL)
2769 return 0;
2770
2771 *serverinfo = c->pkeys[i].serverinfo;
2772 *serverinfo_length = c->pkeys[i].serverinfo_length;
2773 return 1;
2774}
0f113f3e
MC		 2775
2776void ssl_update_cache(SSL *s, int mode)
2777{
2778 int i;
2779
2780 /*
2781 * If the session_id_length is 0, we are not supposed to cache it, and it
2782 * would be rather hard to do anyway :-)
2783 */
2784 if (s->session->session_id_length == 0)
2785 return;
2786
2787 i = s->session_ctx->session_cache_mode;
2788 if ((i & mode) && (!s->hit)
2789 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2790 || SSL_CTX_add_session(s->session_ctx, s->session))
2791 && (s->session_ctx->new_session_cb != NULL)) {
16203f7b 2792 SSL_SESSION_up_ref(s->session);
0f113f3e
MC		 2793 if (!s->session_ctx->new_session_cb(s, s->session))
2794 SSL_SESSION_free(s->session);
2795 }
2796
2797 /* auto flush every 255 connections */
2798 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
2799 if ((((mode & SSL_SESS_CACHE_CLIENT)
2800 ? s->session_ctx->stats.sess_connect_good
2801 : s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
2802 SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
2803 }
2804 }
2805}
d02b48c6 2806
ba168244 2807const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
0f113f3e
MC		 2808{
2809 return ctx->method;
2810}
ba168244 2811
4ebb342f 2812const SSL_METHOD *SSL_get_ssl_method(SSL *s)
0f113f3e
MC		 2813{
2814 return (s->method);
2815}
d02b48c6 2816
4ebb342f 2817int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
0f113f3e 2818{
0f113f3e
MC		 2819 int ret = 1;
2820
2821 if (s->method != meth) {
919ba009
VD		 2822 const SSL_METHOD *sm = s->method;
2823 int (*hf)(SSL *) = s->handshake_func;
0f113f3e 2824
919ba009 2825 if (sm->version == meth->version)
0f113f3e
MC		 2826 s->method = meth;
2827 else {
919ba009 2828 sm->ssl_free(s);
0f113f3e
MC		 2829 s->method = meth;
2830 ret = s->method->ssl_new(s);
2831 }
2832
919ba009 2833 if (hf == sm->ssl_connect)
0f113f3e 2834 s->handshake_func = meth->ssl_connect;
919ba009 2835 else if (hf == sm->ssl_accept)
0f113f3e
MC		 2836 s->handshake_func = meth->ssl_accept;
2837 }
2838 return (ret);
2839}
2840
2841int SSL_get_error(const SSL *s, int i)
2842{
2843 int reason;
2844 unsigned long l;
2845 BIO *bio;
2846
2847 if (i > 0)
2848 return (SSL_ERROR_NONE);
2849
2850 /*
2851 * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
2852 * where we do encode the error
2853 */
2854 if ((l = ERR_peek_error()) != 0) {
2855 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2856 return (SSL_ERROR_SYSCALL);
2857 else
2858 return (SSL_ERROR_SSL);
2859 }
2860
fc7f190c
MC		 2861 if (i < 0) {
2862 if (SSL_want_read(s)) {
2863 bio = SSL_get_rbio(s);
2864 if (BIO_should_read(bio))
2865 return (SSL_ERROR_WANT_READ);
2866 else if (BIO_should_write(bio))
2867 /*
2868 * This one doesn't make too much sense ... We never try to write
2869 * to the rbio, and an application program where rbio and wbio
2870 * are separate couldn't even know what it should wait for.
2871 * However if we ever set s->rwstate incorrectly (so that we have
2872 * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
2873 * wbio *are* the same, this test works around that bug; so it
2874 * might be safer to keep it.
2875 */
2876 return (SSL_ERROR_WANT_WRITE);
2877 else if (BIO_should_io_special(bio)) {
2878 reason = BIO_get_retry_reason(bio);
2879 if (reason == BIO_RR_CONNECT)
2880 return (SSL_ERROR_WANT_CONNECT);
2881 else if (reason == BIO_RR_ACCEPT)
2882 return (SSL_ERROR_WANT_ACCEPT);
2883 else
2884 return (SSL_ERROR_SYSCALL); /* unknown */
2885 }
0f113f3e 2886 }
0f113f3e 2887
fc7f190c
MC		 2888 if (SSL_want_write(s)) {
2889 bio = SSL_get_wbio(s);
2890 if (BIO_should_write(bio))
2891 return (SSL_ERROR_WANT_WRITE);
2892 else if (BIO_should_read(bio))
2893 /*
2894 * See above (SSL_want_read(s) with BIO_should_write(bio))
2895 */
2896 return (SSL_ERROR_WANT_READ);
2897 else if (BIO_should_io_special(bio)) {
2898 reason = BIO_get_retry_reason(bio);
2899 if (reason == BIO_RR_CONNECT)
2900 return (SSL_ERROR_WANT_CONNECT);
2901 else if (reason == BIO_RR_ACCEPT)
2902 return (SSL_ERROR_WANT_ACCEPT);
2903 else
2904 return (SSL_ERROR_SYSCALL);
2905 }
2906 }
2907 if (SSL_want_x509_lookup(s)) {
2908 return (SSL_ERROR_WANT_X509_LOOKUP);
2909 }
2910 if (SSL_want_async(s)) {
2911 return SSL_ERROR_WANT_ASYNC;
2912 }
2913 if (SSL_want_async_job(s)) {
2914 return SSL_ERROR_WANT_ASYNC_JOB;
0f113f3e 2915 }
07bbc92c 2916 }
0f113f3e
MC		 2917
2918 if (i == 0) {
2919 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2920 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2921 return (SSL_ERROR_ZERO_RETURN);
2922 }
2923 return (SSL_ERROR_SYSCALL);
2924}
d02b48c6 2925
add2f5ca
MC		 2926static int ssl_do_handshake_intern(void *vargs)
2927{
2928 struct ssl_async_args *args;
2929 SSL *s;
2930
2931 args = (struct ssl_async_args *)vargs;
2932 s = args->s;
2933
2934 return s->handshake_func(s);
2935}
2936
4f43d0e7 2937int SSL_do_handshake(SSL *s)
0f113f3e
MC		 2938{
2939 int ret = 1;
2940
2941 if (s->handshake_func == NULL) {
2942 SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
add2f5ca 2943 return -1;
0f113f3e
MC		 2944 }
2945
2946 s->method->ssl_renegotiate_check(s);
2947
2948 if (SSL_in_init(s) || SSL_in_before(s)) {
add2f5ca
MC		 2949 if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
2950 struct ssl_async_args args;
2951
2952 args.s = s;
2953
7fecbf6f 2954 ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
add2f5ca
MC		 2955 } else {
2956 ret = s->handshake_func(s);
2957 }
0f113f3e 2958 }
add2f5ca 2959 return ret;
0f113f3e
MC		 2960}
2961
4f43d0e7 2962void SSL_set_accept_state(SSL *s)
0f113f3e
MC		 2963{
2964 s->server = 1;
2965 s->shutdown = 0;
fe3a3291 2966 ossl_statem_clear(s);
0f113f3e 2967 s->handshake_func = s->method->ssl_accept;
d31fb0b5 2968 clear_ciphers(s);
0f113f3e 2969}
d02b48c6 2970
4f43d0e7 2971void SSL_set_connect_state(SSL *s)
0f113f3e
MC		 2972{
2973 s->server = 0;
2974 s->shutdown = 0;
fe3a3291 2975 ossl_statem_clear(s);
0f113f3e 2976 s->handshake_func = s->method->ssl_connect;
d31fb0b5 2977 clear_ciphers(s);
0f113f3e 2978}
d02b48c6 2979
4f43d0e7 2980int ssl_undefined_function(SSL *s)
0f113f3e
MC		 2981{
2982 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2983 return (0);
2984}
d02b48c6 2985
41a15c4f 2986int ssl_undefined_void_function(void)
0f113f3e
MC		 2987{
2988 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
2989 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2990 return (0);
2991}
41a15c4f 2992
0821bcd4 2993int ssl_undefined_const_function(const SSL *s)
0f113f3e 2994{
0f113f3e
MC		 2995 return (0);
2996}
0821bcd4 2997
2b8fa1d5 2998const SSL_METHOD *ssl_bad_method(int ver)
0f113f3e
MC		 2999{
3000 SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3001 return (NULL);
3002}
d02b48c6 3003
3eb2aff4 3004const char *ssl_protocol_to_string(int version)
7d650072
KR		 3005{
3006 if (version == TLS1_2_VERSION)
3007 return "TLSv1.2";
3008 else if (version == TLS1_1_VERSION)
3009 return "TLSv1.1";
3010 else if (version == TLS1_VERSION)
ee3a6c64 3011 return "TLSv1";
7d650072
KR		 3012 else if (version == SSL3_VERSION)
3013 return "SSLv3";
3014 else if (version == DTLS1_BAD_VER)
3015 return "DTLSv0.9";
3016 else if (version == DTLS1_VERSION)
3017 return "DTLSv1";
3018 else if (version == DTLS1_2_VERSION)
3019 return "DTLSv1.2";
0f113f3e
MC		 3020 else
3021 return ("unknown");
3022}
d02b48c6 3023
7d650072
KR		 3024const char *SSL_get_version(const SSL *s)
3025{
3eb2aff4 3026 return ssl_protocol_to_string(s->version);
7d650072
KR		 3027}
3028
4f43d0e7 3029SSL *SSL_dup(SSL *s)
0f113f3e
MC		 3030{
3031 STACK_OF(X509_NAME) *sk;
3032 X509_NAME *xn;
3033 SSL *ret;
3034 int i;
3035
919ba009
VD		 3036 /* If we're not quiescent, just up_ref! */
3037 if (!SSL_in_init(s) || !SSL_in_before(s)) {
16203f7b 3038 CRYPTO_atomic_add(&s->references, 1, &i, s->lock);
919ba009
VD		 3039 return s;
3040 }
3041
3042 /*
3043 * Otherwise, copy configuration state, and session if set.
3044 */
0f113f3e
MC		 3045 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
3046 return (NULL);
3047
0f113f3e 3048 if (s->session != NULL) {
919ba009
VD		 3049 /*
3050 * Arranges to share the same session via up_ref. This "copies"
3051 * session-id, SSL_METHOD, sid_ctx, and 'cert'
3052 */
61986d32 3053 if (!SSL_copy_session_id(ret, s))
17dd65e6 3054 goto err;
0f113f3e
MC		 3055 } else {
3056 /*
3057 * No session has been established yet, so we have to expect that
3058 * s->cert or ret->cert will be changed later -- they should not both
3059 * point to the same object, and thus we can't use
3060 * SSL_copy_session_id.
3061 */
919ba009
VD		 3062 if (!SSL_set_ssl_method(ret, s->method))
3063 goto err;
0f113f3e
MC		 3064
3065 if (s->cert != NULL) {
e0e920b1 3066 ssl_cert_free(ret->cert);
0f113f3e
MC		 3067 ret->cert = ssl_cert_dup(s->cert);
3068 if (ret->cert == NULL)
3069 goto err;
3070 }
3071
61986d32 3072 if (!SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length))
69f68237 3073 goto err;
0f113f3e
MC		 3074 }
3075
9f6b22b8
VD		 3076 if (!ssl_dane_dup(ret, s))
3077 goto err;
919ba009 3078 ret->version = s->version;
0f113f3e
MC		 3079 ret->options = s->options;
3080 ret->mode = s->mode;
3081 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
3082 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
3083 ret->msg_callback = s->msg_callback;
3084 ret->msg_callback_arg = s->msg_callback_arg;
3085 SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
3086 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
3087 ret->generate_session_id = s->generate_session_id;
3088
3089 SSL_set_info_callback(ret, SSL_get_info_callback(s));
3090
0f113f3e
MC		 3091 /* copy app data, a little dangerous perhaps */
3092 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
3093 goto err;
3094
3095 /* setup rbio, and wbio */
3096 if (s->rbio != NULL) {
3097 if (!BIO_dup_state(s->rbio, (char *)&ret->rbio))
3098 goto err;
3099 }
3100 if (s->wbio != NULL) {
3101 if (s->wbio != s->rbio) {
3102 if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))
3103 goto err;
3104 } else
3105 ret->wbio = ret->rbio;
3106 }
919ba009 3107
0f113f3e 3108 ret->server = s->server;
919ba009
VD		 3109 if (s->handshake_func) {
3110 if (s->server)
3111 SSL_set_accept_state(ret);
3112 else
3113 SSL_set_connect_state(ret);
3114 }
0f113f3e 3115 ret->shutdown = s->shutdown;
0f113f3e
MC		 3116 ret->hit = s->hit;
3117
a974e64a
MC		 3118 ret->default_passwd_callback = s->default_passwd_callback;
3119 ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata;
3120
0f113f3e
MC		 3121 X509_VERIFY_PARAM_inherit(ret->param, s->param);
3122
3123 /* dup the cipher_list and cipher_list_by_id stacks */
3124 if (s->cipher_list != NULL) {
3125 if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
3126 goto err;
3127 }
3128 if (s->cipher_list_by_id != NULL)
3129 if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
3130 == NULL)
3131 goto err;
3132
3133 /* Dup the client_CA list */
3134 if (s->client_CA != NULL) {
3135 if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL)
3136 goto err;
3137 ret->client_CA = sk;
3138 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
3139 xn = sk_X509_NAME_value(sk, i);
3140 if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
3141 X509_NAME_free(xn);
3142 goto err;
3143 }
3144 }
3145 }
66696478 3146 return ret;
0f113f3e 3147
0f113f3e 3148 err:
66696478
RS		 3149 SSL_free(ret);
3150 return NULL;
0f113f3e 3151}
d02b48c6 3152
4f43d0e7 3153void ssl_clear_cipher_ctx(SSL *s)
0f113f3e
MC		 3154{
3155 if (s->enc_read_ctx != NULL) {
846ec07d 3156 EVP_CIPHER_CTX_free(s->enc_read_ctx);
0f113f3e
MC		 3157 s->enc_read_ctx = NULL;
3158 }
3159 if (s->enc_write_ctx != NULL) {
846ec07d 3160 EVP_CIPHER_CTX_free(s->enc_write_ctx);
0f113f3e
MC		 3161 s->enc_write_ctx = NULL;
3162 }
09b6c2ef 3163#ifndef OPENSSL_NO_COMP
efa7dd64
RS		 3164 COMP_CTX_free(s->expand);
3165 s->expand = NULL;
3166 COMP_CTX_free(s->compress);
3167 s->compress = NULL;
0f113f3e
MC		 3168#endif
3169}
d02b48c6 3170
0821bcd4 3171X509 *SSL_get_certificate(const SSL *s)
0f113f3e
MC		 3172{
3173 if (s->cert != NULL)
3174 return (s->cert->key->x509);
3175 else
3176 return (NULL);
3177}
d02b48c6 3178
a25f9adc 3179EVP_PKEY *SSL_get_privatekey(const SSL *s)
0f113f3e
MC		 3180{
3181 if (s->cert != NULL)
3182 return (s->cert->key->privatekey);
3183 else
3184 return (NULL);
3185}
d02b48c6 3186
a25f9adc 3187X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
0f113f3e
MC		 3188{
3189 if (ctx->cert != NULL)
3190 return ctx->cert->key->x509;
3191 else
3192 return NULL;
3193}
a25f9adc
DSH		 3194
3195EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
0f113f3e
MC		 3196{
3197 if (ctx->cert != NULL)
3198 return ctx->cert->key->privatekey;
3199 else
3200 return NULL;
3201}
a25f9adc 3202
babb3798 3203const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
0f113f3e
MC		 3204{
3205 if ((s->session != NULL) && (s->session->cipher != NULL))
3206 return (s->session->cipher);
3207 return (NULL);
3208}
3209
377dcdba 3210const COMP_METHOD *SSL_get_current_compression(SSL *s)
0f113f3e 3211{
9a555706
RS		 3212#ifndef OPENSSL_NO_COMP
3213 return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
3214#else
3215 return NULL;
3216#endif
0f113f3e 3217}
377dcdba
RL		 3218
3219const COMP_METHOD *SSL_get_current_expansion(SSL *s)
0f113f3e 3220{
9a555706
RS		 3221#ifndef OPENSSL_NO_COMP
3222 return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
3223#else
3224 return NULL;
0f113f3e 3225#endif
9a555706 3226}
0f113f3e 3227
46417569 3228int ssl_init_wbio_buffer(SSL *s)
0f113f3e
MC		 3229{
3230 BIO *bbio;
3231
3232 if (s->bbio == NULL) {
3233 bbio = BIO_new(BIO_f_buffer());
3234 if (bbio == NULL)
46417569 3235 return 0;
0f113f3e 3236 s->bbio = bbio;
46417569 3237 s->wbio = BIO_push(bbio, s->wbio);
0f113f3e
MC		 3238 } else {
3239 bbio = s->bbio;
46417569 3240 (void)BIO_reset(bbio);
0f113f3e 3241 }
46417569 3242
0f113f3e
MC		 3243 if (!BIO_set_read_buffer_size(bbio, 1)) {
3244 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
46417569 3245 return 0;
0f113f3e 3246 }
46417569
MC		 3247
3248 return 1;
0f113f3e 3249}
413c4f45 3250
4f43d0e7 3251void ssl_free_wbio_buffer(SSL *s)
0f113f3e 3252{
62adbcee 3253 /* callers ensure s is never null */
0f113f3e
MC		 3254 if (s->bbio == NULL)
3255 return;
3256
3257 if (s->bbio == s->wbio) {
3258 /* remove buffering */
3259 s->wbio = BIO_pop(s->wbio);
0f113f3e 3260 assert(s->wbio != NULL);
0f113f3e
MC		 3261 }
3262 BIO_free(s->bbio);
3263 s->bbio = NULL;
3264}
3265
3266void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
3267{
3268 ctx->quiet_shutdown = mode;
3269}
58964a49 3270
0821bcd4 3271int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
0f113f3e
MC		 3272{
3273 return (ctx->quiet_shutdown);
3274}
58964a49 3275
0f113f3e
MC		 3276void SSL_set_quiet_shutdown(SSL *s, int mode)
3277{
3278 s->quiet_shutdown = mode;
3279}
58964a49 3280
0821bcd4 3281int SSL_get_quiet_shutdown(const SSL *s)
0f113f3e
MC		 3282{
3283 return (s->quiet_shutdown);
3284}
58964a49 3285
0f113f3e
MC		 3286void SSL_set_shutdown(SSL *s, int mode)
3287{
3288 s->shutdown = mode;
3289}
58964a49 3290
0821bcd4 3291int SSL_get_shutdown(const SSL *s)
0f113f3e 3292{
6546e9b2 3293 return s->shutdown;
0f113f3e 3294}
58964a49 3295
0821bcd4 3296int SSL_version(const SSL *s)
0f113f3e 3297{
6546e9b2
AG		 3298 return s->version;
3299}
3300
3301int SSL_client_version(const SSL *s)
3302{
3303 return s->client_version;
0f113f3e 3304}
58964a49 3305
0821bcd4 3306SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
0f113f3e 3307{
6546e9b2 3308 return ssl->ctx;
0f113f3e
MC		 3309}
3310
3311SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
3312{
24a0d393 3313 CERT *new_cert;
0f113f3e
MC		 3314 if (ssl->ctx == ctx)
3315 return ssl->ctx;
0f113f3e
MC		 3316 if (ctx == NULL)
3317 ctx = ssl->initial_ctx;
24a0d393
KR		 3318 new_cert = ssl_cert_dup(ctx->cert);
3319 if (new_cert == NULL) {
3320 return NULL;
0f113f3e 3321 }
24a0d393
KR		 3322 ssl_cert_free(ssl->cert);
3323 ssl->cert = new_cert;
0f113f3e
MC		 3324
3325 /*
3326 * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
3327 * so setter APIs must prevent invalid lengths from entering the system.
3328 */
3329 OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
3330
3331 /*
3332 * If the session ID context matches that of the parent SSL_CTX,
3333 * inherit it from the new SSL_CTX as well. If however the context does
3334 * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
3335 * leave it unchanged.
3336 */
3337 if ((ssl->ctx != NULL) &&
3338 (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
3339 (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
3340 ssl->sid_ctx_length = ctx->sid_ctx_length;
3341 memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
3342 }
3343
16203f7b 3344 SSL_CTX_up_ref(ctx);
e0e920b1 3345 SSL_CTX_free(ssl->ctx); /* decrement reference count */
0f113f3e
MC		 3346 ssl->ctx = ctx;
3347
16203f7b 3348 return ssl->ctx;
0f113f3e 3349}
ed3883d2 3350
4f43d0e7 3351int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
0f113f3e
MC		 3352{
3353 return (X509_STORE_set_default_paths(ctx->cert_store));
3354}
58964a49 3355
d84a7b20
MC		 3356int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
3357{
3358 X509_LOOKUP *lookup;
3359
3360 lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
3361 if (lookup == NULL)
3362 return 0;
3363 X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
3364
3365 /* Clear any errors if the default directory does not exist */
3366 ERR_clear_error();
3367
3368 return 1;
3369}
3370
3371int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
3372{
3373 X509_LOOKUP *lookup;
3374
3375 lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
3376 if (lookup == NULL)
3377 return 0;
3378
3379 X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
3380
3381 /* Clear any errors if the default file does not exist */
3382 ERR_clear_error();
3383
3384 return 1;
3385}
3386
303c0028 3387int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
0f113f3e
MC		 3388 const char *CApath)
3389{
3390 return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
3391}
58964a49 3392
45d87a1f 3393void SSL_set_info_callback(SSL *ssl,
0f113f3e
MC		 3394 void (*cb) (const SSL *ssl, int type, int val))
3395{
3396 ssl->info_callback = cb;
3397}
3398
3399/*
3400 * One compiler (Diab DCC) doesn't like argument names in returned function
3401 * pointer.
3402 */
3403void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
3404 int /* type */ ,
3405 int /* val */ ) {
3406 return ssl->info_callback;
3407}
58964a49 3408
0f113f3e
MC		 3409void SSL_set_verify_result(SSL *ssl, long arg)
3410{
3411 ssl->verify_result = arg;
3412}
58964a49 3413
0821bcd4 3414long SSL_get_verify_result(const SSL *ssl)
0f113f3e
MC		 3415{
3416 return (ssl->verify_result);
3417}
3418
d9f1c639 3419size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
858618e7 3420{
6b8f5d0d 3421 if (outlen == 0)
858618e7
NM		 3422 return sizeof(ssl->s3->client_random);
3423 if (outlen > sizeof(ssl->s3->client_random))
3424 outlen = sizeof(ssl->s3->client_random);
3425 memcpy(out, ssl->s3->client_random, outlen);
d9f1c639 3426 return outlen;
858618e7
NM		 3427}
3428
d9f1c639 3429size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
858618e7 3430{
6b8f5d0d 3431 if (outlen == 0)
858618e7
NM		 3432 return sizeof(ssl->s3->server_random);
3433 if (outlen > sizeof(ssl->s3->server_random))
3434 outlen = sizeof(ssl->s3->server_random);
3435 memcpy(out, ssl->s3->server_random, outlen);
d9f1c639 3436 return outlen;
858618e7
NM		 3437}
3438
d9f1c639 3439size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
6b8f5d0d 3440 unsigned char *out, size_t outlen)
858618e7 3441{
6b8f5d0d
MC		 3442 if (session->master_key_length < 0) {
3443 /* Should never happen */
3444 return 0;
3445 }
d9f1c639
MC		 3446 if (outlen == 0)
3447 return session->master_key_length;
6b8f5d0d 3448 if (outlen > (size_t)session->master_key_length)
858618e7
NM		 3449 outlen = session->master_key_length;
3450 memcpy(out, session->master_key, outlen);
d9f1c639 3451 return outlen;
858618e7
NM		 3452}
3453
0f113f3e
MC		 3454int SSL_set_ex_data(SSL *s, int idx, void *arg)
3455{
3456 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3457}
3458
3459void *SSL_get_ex_data(const SSL *s, int idx)
3460{
3461 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3462}
3463
0f113f3e
MC		 3464int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
3465{
3466 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3467}
3468
3469void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
3470{
3471 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3472}
58964a49 3473
4f43d0e7 3474int ssl_ok(SSL *s)
0f113f3e
MC		 3475{
3476 return (1);
3477}
dfeab068 3478
0821bcd4 3479X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
0f113f3e
MC		 3480{
3481 return (ctx->cert_store);
3482}
413c4f45 3483
0f113f3e
MC		 3484void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
3485{
222561fe 3486 X509_STORE_free(ctx->cert_store);
0f113f3e
MC		 3487 ctx->cert_store = store;
3488}
413c4f45 3489
0821bcd4 3490int SSL_want(const SSL *s)
0f113f3e
MC		 3491{
3492 return (s->rwstate);
3493}
413c4f45 3494
0f113f3e 3495/**
4f43d0e7
BL		 3496 * \brief Set the callback for generating temporary DH keys.
3497 * \param ctx the SSL context.
3498 * \param dh the callback
3499 */
3500
bc36ee62 3501#ifndef OPENSSL_NO_DH
0f113f3e
MC		 3502void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
3503 DH *(*dh) (SSL *ssl, int is_export,
3504 int keylength))
3505{
3506 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
3507}
f8c3c05d 3508
0f113f3e
MC		 3509void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
3510 int keylength))
3511{
3512 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
3513}
79df9d62 3514#endif
15d21c2d 3515
ddac1974
NL		 3516#ifndef OPENSSL_NO_PSK
3517int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
0f113f3e
MC		 3518{
3519 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
3520 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT,
3521 SSL_R_DATA_LENGTH_TOO_LONG);
3522 return 0;
3523 }
df6da24b 3524 OPENSSL_free(ctx->cert->psk_identity_hint);
0f113f3e 3525 if (identity_hint != NULL) {
7644a9ae 3526 ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
df6da24b 3527 if (ctx->cert->psk_identity_hint == NULL)
0f113f3e
MC		 3528 return 0;
3529 } else
df6da24b 3530 ctx->cert->psk_identity_hint = NULL;
0f113f3e
MC		 3531 return 1;
3532}
ddac1974
NL		 3533
3534int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
0f113f3e
MC		 3535{
3536 if (s == NULL)
3537 return 0;
3538
0f113f3e
MC		 3539 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
3540 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
3541 return 0;
3542 }
df6da24b 3543 OPENSSL_free(s->cert->psk_identity_hint);
0f113f3e 3544 if (identity_hint != NULL) {
7644a9ae 3545 s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
df6da24b 3546 if (s->cert->psk_identity_hint == NULL)
0f113f3e
MC		 3547 return 0;
3548 } else
df6da24b 3549 s->cert->psk_identity_hint = NULL;
0f113f3e
MC		 3550 return 1;
3551}
ddac1974
NL		 3552
3553const char *SSL_get_psk_identity_hint(const SSL *s)
0f113f3e
MC		 3554{
3555 if (s == NULL || s->session == NULL)
3556 return NULL;
3557 return (s->session->psk_identity_hint);
3558}
ddac1974
NL		 3559
3560const char *SSL_get_psk_identity(const SSL *s)
0f113f3e
MC		 3561{
3562 if (s == NULL || s->session == NULL)
3563 return NULL;
3564 return (s->session->psk_identity);
3565}
7806f3dd 3566
52b8dad8 3567void SSL_set_psk_client_callback(SSL *s,
0f113f3e
MC		 3568 unsigned int (*cb) (SSL *ssl,
3569 const char *hint,
3570 char *identity,
3571 unsigned int
3572 max_identity_len,
3573 unsigned char *psk,
3574 unsigned int
3575 max_psk_len))
3576{
3577 s->psk_client_callback = cb;
3578}
7806f3dd
NL		 3579
3580void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
0f113f3e
MC		 3581 unsigned int (*cb) (SSL *ssl,
3582 const char *hint,
3583 char *identity,
3584 unsigned int
3585 max_identity_len,
3586 unsigned char *psk,
3587 unsigned int
3588 max_psk_len))
3589{
3590 ctx->psk_client_callback = cb;
3591}
7806f3dd 3592
52b8dad8 3593void SSL_set_psk_server_callback(SSL *s,
0f113f3e
MC		 3594 unsigned int (*cb) (SSL *ssl,
3595 const char *identity,
3596 unsigned char *psk,
3597 unsigned int
3598 max_psk_len))
3599{
3600 s->psk_server_callback = cb;
3601}
7806f3dd
NL		 3602
3603void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
0f113f3e
MC		 3604 unsigned int (*cb) (SSL *ssl,
3605 const char *identity,
3606 unsigned char *psk,
3607 unsigned int
3608 max_psk_len))
3609{
3610 ctx->psk_server_callback = cb;
3611}
3612#endif
3613
3614void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
3615 void (*cb) (int write_p, int version,
3616 int content_type, const void *buf,
3617 size_t len, SSL *ssl, void *arg))
3618{
3619 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3620}
3621
3622void SSL_set_msg_callback(SSL *ssl,
3623 void (*cb) (int write_p, int version,
3624 int content_type, const void *buf,
3625 size_t len, SSL *ssl, void *arg))
3626{
3627 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3628}
a661b653 3629
7c2d4fee 3630void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
0f113f3e
MC		 3631 int (*cb) (SSL *ssl,
3632 int
3633 is_forward_secure))
3634{
3635 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
3636 (void (*)(void))cb);
3637}
3638
7c2d4fee 3639void SSL_set_not_resumable_session_callback(SSL *ssl,
0f113f3e
MC		 3640 int (*cb) (SSL *ssl,
3641 int is_forward_secure))
3642{
3643 SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
3644 (void (*)(void))cb);
3645}
3646
3647/*
3648 * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
8483a003 3649 * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
0f113f3e
MC		 3650 * If EVP_MD pointer is passed, initializes ctx with this md Returns newly
3651 * allocated ctx;
8671b898 3652 */
b948e2c5 3653
0f113f3e 3654EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
b948e2c5 3655{
0f113f3e 3656 ssl_clear_hash_ctx(hash);
bfb0641f 3657 *hash = EVP_MD_CTX_new();
5f3d93e4 3658 if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
bfb0641f 3659 EVP_MD_CTX_free(*hash);
5f3d93e4
MC		 3660 *hash = NULL;
3661 return NULL;
3662 }
0f113f3e 3663 return *hash;
b948e2c5 3664}
0f113f3e
MC		 3665
3666void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
b948e2c5
DSH		 3667{
3668
0f113f3e 3669 if (*hash)
bfb0641f 3670 EVP_MD_CTX_free(*hash);
0f113f3e 3671 *hash = NULL;
b948e2c5 3672}
a661b653 3673
48fbcbac
DSH		 3674/* Retrieve handshake hashes */
3675int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen)
3676{
6e59a892 3677 EVP_MD_CTX *ctx = NULL;
28ba2541
DSH		 3678 EVP_MD_CTX *hdgst = s->s3->handshake_dgst;
3679 int ret = EVP_MD_CTX_size(hdgst);
28ba2541
DSH		 3680 if (ret < 0 || ret > outlen) {
3681 ret = 0;
3682 goto err;
48fbcbac 3683 }
bfb0641f 3684 ctx = EVP_MD_CTX_new();
6e59a892
RL		 3685 if (ctx == NULL) {
3686 ret = 0;
3687 goto err;
3688 }
3689 if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
3690 || EVP_DigestFinal_ex(ctx, out, NULL) <= 0)
28ba2541 3691 ret = 0;
48fbcbac 3692 err:
bfb0641f 3693 EVP_MD_CTX_free(ctx);
48fbcbac
DSH		 3694 return ret;
3695}
3696
b577fd0b 3697int SSL_session_reused(SSL *s)
0f113f3e
MC		 3698{
3699 return s->hit;
3700}
08557cf2 3701
87adf1fa 3702int SSL_is_server(SSL *s)
0f113f3e
MC		 3703{
3704 return s->server;
3705}
87adf1fa 3706
47153c72
RS		 3707#if OPENSSL_API_COMPAT < 0x10100000L
3708void SSL_set_debug(SSL *s, int debug)
3709{
3710 /* Old function was do-nothing anyway... */
3711 (void)s;
3712 (void)debug;
3713}
3714#endif
3715
3716
b362ccab 3717void SSL_set_security_level(SSL *s, int level)
0f113f3e
MC		 3718{
3719 s->cert->sec_level = level;
3720}
b362ccab
DSH		 3721
3722int SSL_get_security_level(const SSL *s)
0f113f3e
MC		 3723{
3724 return s->cert->sec_level;
3725}
b362ccab 3726
0f113f3e 3727void SSL_set_security_callback(SSL *s,
e4646a89 3728 int (*cb) (const SSL *s, const SSL_CTX *ctx, int op,
0f113f3e
MC		 3729 int bits, int nid, void *other,
3730 void *ex))
3731{
3732 s->cert->sec_cb = cb;
3733}
b362ccab 3734
e4646a89 3735int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op,
0f113f3e
MC		 3736 int bits, int nid,
3737 void *other, void *ex) {
3738 return s->cert->sec_cb;
3739}
b362ccab
DSH		 3740
3741void SSL_set0_security_ex_data(SSL *s, void *ex)
0f113f3e
MC		 3742{
3743 s->cert->sec_ex = ex;
3744}
b362ccab
DSH		 3745
3746void *SSL_get0_security_ex_data(const SSL *s)
0f113f3e
MC		 3747{
3748 return s->cert->sec_ex;
3749}
b362ccab
DSH		 3750
3751void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
0f113f3e
MC		 3752{
3753 ctx->cert->sec_level = level;
3754}
b362ccab
DSH		 3755
3756int SSL_CTX_get_security_level(const SSL_CTX *ctx)
0f113f3e
MC		 3757{
3758 return ctx->cert->sec_level;
3759}
b362ccab 3760
0f113f3e 3761void SSL_CTX_set_security_callback(SSL_CTX *ctx,
e4646a89 3762 int (*cb) (const SSL *s, const SSL_CTX *ctx, int op,
0f113f3e
MC		 3763 int bits, int nid, void *other,
3764 void *ex))
3765{
3766 ctx->cert->sec_cb = cb;
3767}
b362ccab 3768
e4646a89
KR		 3769int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
3770 const SSL_CTX *ctx,
0f113f3e
MC		 3771 int op, int bits,
3772 int nid,
3773 void *other,
3774 void *ex) {
3775 return ctx->cert->sec_cb;
3776}
b362ccab
DSH		 3777
3778void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
0f113f3e
MC		 3779{
3780 ctx->cert->sec_ex = ex;
3781}
b362ccab
DSH		 3782
3783void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
0f113f3e
MC		 3784{
3785 return ctx->cert->sec_ex;
3786}
b362ccab 3787
8106cb8b
VD		 3788
3789/*
3790 * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
3791 * can return unsigned long, instead of the generic long return value from the
3792 * control interface.
3793 */
3794unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
3795{
3796 return ctx->options;
3797}
3798unsigned long SSL_get_options(const SSL* s)
3799{
3800 return s->options;
3801}
3802unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
3803{
3804 return ctx->options |= op;
3805}
3806unsigned long SSL_set_options(SSL *s, unsigned long op)
3807{
3808 return s->options |= op;
3809}
3810unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
3811{
3812 return ctx->options &= ~op;
3813}
3814unsigned long SSL_clear_options(SSL *s, unsigned long op)
3815{
3816 return s->options &= ~op;
3817}
3818
696178ed
DSH		 3819STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
3820{
3821 return s->verified_chain;
3822}
3823
0f113f3e 3824IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
ed29e82a
RP		 3825
3826#ifndef OPENSSL_NO_CT
3827
3828/*
3829 * Moves SCTs from the |src| stack to the |dst| stack.
3830 * The source of each SCT will be set to |origin|.
3831 * If |dst| points to a NULL pointer, a new stack will be created and owned by
3832 * the caller.
3833 * Returns the number of SCTs moved, or a negative integer if an error occurs.
3834 */
3835static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, sct_source_t origin)
3836{
3837 int scts_moved = 0;
3838 SCT *sct = NULL;
3839
3840 if (*dst == NULL) {
3841 *dst = sk_SCT_new_null();
3842 if (*dst == NULL) {
3843 SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE);
3844 goto err;
3845 }
3846 }
3847
3848 while ((sct = sk_SCT_pop(src)) != NULL) {
3849 if (SCT_set_source(sct, origin) != 1)
3850 goto err;
3851
3852 if (sk_SCT_push(*dst, sct) <= 0)
3853 goto err;
3854 scts_moved += 1;
3855 }
3856
3857 return scts_moved;
3858err:
3859 if (sct != NULL)
3860 sk_SCT_push(src, sct); /* Put the SCT back */
cc7113e8 3861 return -1;
ed29e82a
RP		 3862}
3863
3864/*
3865* Look for data collected during ServerHello and parse if found.
3866* Return 1 on success, 0 on failure.
3867*/
3868static int ct_extract_tls_extension_scts(SSL *s)
3869{
3870 int scts_extracted = 0;
3871
3872 if (s->tlsext_scts != NULL) {
3873 const unsigned char *p = s->tlsext_scts;
3874 STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->tlsext_scts_len);
3875
3876 scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
3877
3878 SCT_LIST_free(scts);
3879 }
3880
3881 return scts_extracted;
3882}
3883
3884/*
3885 * Checks for an OCSP response and then attempts to extract any SCTs found if it
3886 * contains an SCT X509 extension. They will be stored in |s->scts|.
3887 * Returns:
3888 * - The number of SCTs extracted, assuming an OCSP response exists.
3889 * - 0 if no OCSP response exists or it contains no SCTs.
3890 * - A negative integer if an error occurs.
3891 */
3892static int ct_extract_ocsp_response_scts(SSL *s)
3893{
3e41ac35 3894#ifndef OPENSSL_NO_OCSP
ed29e82a
RP		 3895 int scts_extracted = 0;
3896 const unsigned char *p;
3897 OCSP_BASICRESP *br = NULL;
3898 OCSP_RESPONSE *rsp = NULL;
3899 STACK_OF(SCT) *scts = NULL;
3900 int i;
3901
3902 if (s->tlsext_ocsp_resp == NULL || s->tlsext_ocsp_resplen == 0)
3903 goto err;
3904
3905 p = s->tlsext_ocsp_resp;
3906 rsp = d2i_OCSP_RESPONSE(NULL, &p, s->tlsext_ocsp_resplen);
3907 if (rsp == NULL)
3908 goto err;
3909
3910 br = OCSP_response_get1_basic(rsp);
3911 if (br == NULL)
3912 goto err;
3913
3914 for (i = 0; i < OCSP_resp_count(br); ++i) {
3915 OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
3916
3917 if (single == NULL)
3918 continue;
3919
3920 scts = OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
3921 scts_extracted = ct_move_scts(&s->scts, scts,
3922 SCT_SOURCE_OCSP_STAPLED_RESPONSE);
3923 if (scts_extracted < 0)
3924 goto err;
3925 }
3926err:
3927 SCT_LIST_free(scts);
3928 OCSP_BASICRESP_free(br);
3929 OCSP_RESPONSE_free(rsp);
3930 return scts_extracted;
3e41ac35
MC		 3931#else
3932 /* Behave as if no OCSP response exists */
3933 return 0;
3934#endif
ed29e82a
RP		 3935}
3936
3937/*
3938 * Attempts to extract SCTs from the peer certificate.
3939 * Return the number of SCTs extracted, or a negative integer if an error
3940 * occurs.
3941 */
3942static int ct_extract_x509v3_extension_scts(SSL *s)
3943{
3944 int scts_extracted = 0;
3f3c7d26 3945 X509 *cert = s->session != NULL ? s->session->peer : NULL;
ed29e82a
RP		 3946
3947 if (cert != NULL) {
3948 STACK_OF(SCT) *scts =
3949 X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
3950
3951 scts_extracted =
3952 ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
3953
3954 SCT_LIST_free(scts);
3955 }
3956
3957 return scts_extracted;
3958}
3959
3960/*
3961 * Attempts to find all received SCTs by checking TLS extensions, the OCSP
3962 * response (if it exists) and X509v3 extensions in the certificate.
3963 * Returns NULL if an error occurs.
3964 */
3965const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
3966{
3967 if (!s->scts_parsed) {
3968 if (ct_extract_tls_extension_scts(s) < 0 ||
3969 ct_extract_ocsp_response_scts(s) < 0 ||
3970 ct_extract_x509v3_extension_scts(s) < 0)
3971 goto err;
3972
3973 s->scts_parsed = 1;
3974 }
3975 return s->scts;
3976err:
3977 return NULL;
3978}
3979
43341433
VD		 3980static int ct_permissive(const CT_POLICY_EVAL_CTX *ctx,
3981 const STACK_OF(SCT) *scts, void *unused_arg)
ed29e82a 3982{
43341433
VD		 3983 return 1;
3984}
3985
3986static int ct_strict(const CT_POLICY_EVAL_CTX *ctx,
3987 const STACK_OF(SCT) *scts, void *unused_arg)
3988{
3989 int count = scts != NULL ? sk_SCT_num(scts) : 0;
3990 int i;
ed29e82a 3991
43341433
VD		 3992 for (i = 0; i < count; ++i) {
3993 SCT *sct = sk_SCT_value(scts, i);
3994 int status = SCT_get_validation_status(sct);
3995
3996 if (status == SCT_VALIDATION_STATUS_VALID)
3997 return 1;
3998 }
3999 SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS);
4000 return 0;
4001}
4002
4003int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
4004 void *arg)
4005{
ed29e82a
RP		 4006 /*
4007 * Since code exists that uses the custom extension handler for CT, look
4008 * for this and throw an error if they have already registered to use CT.
4009 */
4010 if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
4011 TLSEXT_TYPE_signed_certificate_timestamp)) {
4012 SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
4013 SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
43341433 4014 return 0;
ed29e82a
RP		 4015 }
4016
ed29e82a
RP		 4017 if (callback != NULL) {
4018 /* If we are validating CT, then we MUST accept SCTs served via OCSP */
4019 if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
43341433 4020 return 0;
ed29e82a
RP		 4021 }
4022
43341433
VD		 4023 s->ct_validation_callback = callback;
4024 s->ct_validation_callback_arg = arg;
4025
4026 return 1;
ed29e82a
RP		 4027}
4028
43341433
VD		 4029int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
4030 ssl_ct_validation_cb callback,
ed29e82a
RP		 4031 void *arg)
4032{
ed29e82a
RP		 4033 /*
4034 * Since code exists that uses the custom extension handler for CT, look for
4035 * this and throw an error if they have already registered to use CT.
4036 */
4037 if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
4038 TLSEXT_TYPE_signed_certificate_timestamp)) {
4039 SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
4040 SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
43341433 4041 return 0;
ed29e82a
RP		 4042 }
4043
4044 ctx->ct_validation_callback = callback;
4045 ctx->ct_validation_callback_arg = arg;
43341433 4046 return 1;
ed29e82a
RP		 4047}
4048
43341433 4049int SSL_ct_is_enabled(const SSL *s)
ed29e82a 4050{
43341433 4051 return s->ct_validation_callback != NULL;
ed29e82a
RP		 4052}
4053
43341433 4054int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
ed29e82a 4055{
43341433 4056 return ctx->ct_validation_callback != NULL;
ed29e82a
RP		 4057}
4058
4d482ee2 4059int ssl_validate_ct(SSL *s)
ed29e82a
RP		 4060{
4061 int ret = 0;
3f3c7d26 4062 X509 *cert = s->session != NULL ? s->session->peer : NULL;
43341433 4063 X509 *issuer;
b9aec69a 4064 SSL_DANE *dane = &s->dane;
ed29e82a
RP		 4065 CT_POLICY_EVAL_CTX *ctx = NULL;
4066 const STACK_OF(SCT) *scts;
4067
43341433
VD		 4068 /*
4069 * If no callback is set, the peer is anonymous, or its chain is invalid,
4070 * skip SCT validation - just return success. Applications that continue
4071 * handshakes without certificates, with unverified chains, or pinned leaf
4072 * certificates are outside the scope of the WebPKI and CT.
4073 *
4074 * The above exclusions notwithstanding the vast majority of peers will
4075 * have rather ordinary certificate chains validated by typical
4076 * applications that perform certificate verification and therefore will
4077 * process SCTs when enabled.
4078 */
4079 if (s->ct_validation_callback == NULL || cert == NULL ||
4080 s->verify_result != X509_V_OK ||
4081 s->verified_chain == NULL ||
4082 sk_X509_num(s->verified_chain) <= 1)
ed29e82a
RP		 4083 return 1;
4084
43341433
VD		 4085 /*
4086 * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
4087 * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2
4088 */
4089 if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
4090 switch (dane->mtlsa->usage) {
4091 case DANETLS_USAGE_DANE_TA:
4092 case DANETLS_USAGE_DANE_EE:
4093 return 1;
4094 }
ed29e82a
RP		 4095 }
4096
ed29e82a
RP		 4097 ctx = CT_POLICY_EVAL_CTX_new();
4098 if (ctx == NULL) {
4099 SSLerr(SSL_F_SSL_VALIDATE_CT, ERR_R_MALLOC_FAILURE);
4100 goto end;
4101 }
4102
43341433 4103 issuer = sk_X509_value(s->verified_chain, 1);
ed29e82a
RP		 4104 CT_POLICY_EVAL_CTX_set0_cert(ctx, cert);
4105 CT_POLICY_EVAL_CTX_set0_issuer(ctx, issuer);
4106 CT_POLICY_EVAL_CTX_set0_log_store(ctx, s->ctx->ctlog_store);
4107
4108 scts = SSL_get0_peer_scts(s);
4109
43341433
VD		 4110 /*
4111 * This function returns success (> 0) only when all the SCTs are valid, 0
4112 * when some are invalid, and < 0 on various internal errors (out of
4113 * memory, etc.). Having some, or even all, invalid SCTs is not sufficient
4114 * reason to abort the handshake, that decision is up to the callback.
4115 * Therefore, we error out only in the unexpected case that the return
4116 * value is negative.
4117 *
4118 * XXX: One might well argue that the return value of this function is an
4119 * unforunate design choice. Its job is only to determine the validation
4120 * status of each of the provided SCTs. So long as it correctly separates
4121 * the wheat from the chaff it should return success. Failure in this case
4122 * ought to correspond to an inability to carry out its duties.
4123 */
4124 if (SCT_LIST_validate(scts, ctx) < 0) {
ed29e82a
RP		 4125 SSLerr(SSL_F_SSL_VALIDATE_CT, SSL_R_SCT_VERIFICATION_FAILED);
4126 goto end;
4127 }
4128
4129 ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
4130 if (ret < 0)
4131 ret = 0; /* This function returns 0 on failure */
4132
4133end:
4134 CT_POLICY_EVAL_CTX_free(ctx);
f75b34c8
VD		 4135 /*
4136 * With SSL_VERIFY_NONE the session may be cached and re-used despite a
4137 * failure return code here. Also the application may wish the complete
4138 * the handshake, and then disconnect cleanly at a higher layer, after
4139 * checking the verification status of the completed connection.
4140 *
4141 * We therefore force a certificate verification failure which will be
4142 * visible via SSL_get_verify_result() and cached as part of any resumed
4143 * session.
4144 *
4145 * Note: the permissive callback is for information gathering only, always
4146 * returns success, and does not affect verification status. Only the
4147 * strict callback or a custom application-specified callback can trigger
4148 * connection failure or record a verification error.
4149 */
4150 if (ret <= 0)
4151 s->verify_result = X509_V_ERR_NO_VALID_SCTS;
ed29e82a
RP		 4152 return ret;
4153}
4154
43341433
VD		 4155int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
4156{
4157 switch (validation_mode) {
4158 default:
4159 SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
4160 return 0;
4161 case SSL_CT_VALIDATION_PERMISSIVE:
4162 return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
4163 case SSL_CT_VALIDATION_STRICT:
4164 return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
4165 }
4166}
4167
4168int SSL_enable_ct(SSL *s, int validation_mode)
4169{
4170 switch (validation_mode) {
4171 default:
4172 SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
4173 return 0;
4174 case SSL_CT_VALIDATION_PERMISSIVE:
4175 return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
4176 case SSL_CT_VALIDATION_STRICT:
4177 return SSL_set_ct_validation_callback(s, ct_strict, NULL);
4178 }
4179}
4180
ed29e82a
RP		 4181int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
4182{
328f36c5 4183 return CTLOG_STORE_load_default_file(ctx->ctlog_store);
ed29e82a
RP		 4184}
4185
4186int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
4187{
4188 return CTLOG_STORE_load_file(ctx->ctlog_store, path);
4189}
4190
8359b57f
RP		 4191void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs)
4192{
4193 CTLOG_STORE_free(ctx->ctlog_store);
4194 ctx->ctlog_store = logs;
4195}
4196
4197const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
4198{
4199 return ctx->ctlog_store;
4200}
4201
ed29e82a 4202#endif
A mirror of the official openssl repository