]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/ssl_lib.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Remove remaining refs to enc_(write|read)_ctx/(read|write)_hash
[thirdparty/openssl.git] / ssl / ssl_lib.c
CommitLineData
0f113f3e 1/*
fecb3aae 2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
aa8f3d76 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
c80149d9 4 * Copyright 2005 Nokia. All rights reserved.
bf21446a 5 *
2c18d164 6 * Licensed under the Apache License 2.0 (the "License"). You may not use
846e33c7
RS		 7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
bf21446a 10 */
846e33c7 11
d02b48c6 12#include <stdio.h>
706457b7 13#include "ssl_local.h"
d5f9166b 14#include "internal/e_os.h"
ec577822 15#include <openssl/objects.h>
bb7cd4e3 16#include <openssl/x509v3.h>
6434abbf 17#include <openssl/rand.h>
67c8e7f4 18#include <openssl/ocsp.h>
3c27208f
RS		 19#include <openssl/dh.h>
20#include <openssl/engine.h>
07bbc92c 21#include <openssl/async.h>
3c27208f 22#include <openssl/ct.h>
77359d22 23#include <openssl/trace.h>
4566dae7 24#include <openssl/core_names.h>
67dc995e 25#include "internal/cryptlib.h"
cd420b0b 26#include "internal/refcount.h"
50ec7505 27#include "internal/ktls.h"
0f113f3e 28
38b051a1 29static int ssl_undefined_function_3(SSL_CONNECTION *sc, unsigned char *r,
fce78bd4
BE		 30 unsigned char *s, size_t t, size_t *u)
31{
38b051a1 32 return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
fce78bd4
BE		 33}
34
38b051a1 35static int ssl_undefined_function_4(SSL_CONNECTION *sc, int r)
fce78bd4 36{
38b051a1 37 return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
fce78bd4
BE		 38}
39
38b051a1
TM		 40static size_t ssl_undefined_function_5(SSL_CONNECTION *sc, const char *r,
41 size_t s, unsigned char *t)
fce78bd4 42{
38b051a1 43 return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
fce78bd4
BE		 44}
45
46static int ssl_undefined_function_6(int r)
47{
fce78bd4
BE		 48 return ssl_undefined_function(NULL);
49}
50
38b051a1
TM		 51static int ssl_undefined_function_7(SSL_CONNECTION *sc, unsigned char *r,
52 size_t s, const char *t, size_t u,
fce78bd4
BE		 53 const unsigned char *v, size_t w, int x)
54{
38b051a1
TM		 55 return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
56}
57
58static int ssl_undefined_function_8(SSL_CONNECTION *sc)
59{
60 return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
fce78bd4
BE		 61}
62
0f113f3e 63SSL3_ENC_METHOD ssl3_undef_enc_method = {
38b051a1 64 ssl_undefined_function_8,
fce78bd4
BE		 65 ssl_undefined_function_3,
66 ssl_undefined_function_4,
67 ssl_undefined_function_5,
0f113f3e
MC		 68 NULL, /* client_finished_label */
69 0, /* client_finished_label_len */
70 NULL, /* server_finished_label */
71 0, /* server_finished_label_len */
fce78bd4
BE		 72 ssl_undefined_function_6,
73 ssl_undefined_function_7,
0f113f3e 74};
d02b48c6 75
07bbc92c
MC		 76struct ssl_async_args {
77 SSL *s;
78 void *buf;
348240c6 79 size_t num;
a230b26e 80 enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
add2f5ca 81 union {
eda75751 82 int (*func_read) (SSL *, void *, size_t, size_t *);
7ee8627f 83 int (*func_write) (SSL *, const void *, size_t, size_t *);
a230b26e 84 int (*func_other) (SSL *);
add2f5ca 85 } f;
07bbc92c
MC		 86};
87
919ba009
VD		 88static const struct {
89 uint8_t mtype;
90 uint8_t ord;
a230b26e 91 int nid;
919ba009 92} dane_mds[] = {
a230b26e
EK		 93 {
94 DANETLS_MATCHING_FULL, 0, NID_undef
95 },
96 {
97 DANETLS_MATCHING_2256, 1, NID_sha256
98 },
99 {
100 DANETLS_MATCHING_2512, 2, NID_sha512
101 },
919ba009
VD		 102};
103
104static int dane_ctx_enable(struct dane_ctx_st *dctx)
105{
106 const EVP_MD **mdevp;
107 uint8_t *mdord;
108 uint8_t mdmax = DANETLS_MATCHING_LAST;
a230b26e 109 int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */
919ba009
VD		 110 size_t i;
111
5ae4ceb9
VD		 112 if (dctx->mdevp != NULL)
113 return 1;
114
919ba009
VD		 115 mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
116 mdord = OPENSSL_zalloc(n * sizeof(*mdord));
117
118 if (mdord == NULL || mdevp == NULL) {
b3bd3d5a 119 OPENSSL_free(mdord);
919ba009 120 OPENSSL_free(mdevp);
919ba009
VD		 121 return 0;
122 }
123
124 /* Install default entries */
125 for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
126 const EVP_MD *md;
127
128 if (dane_mds[i].nid == NID_undef ||
129 (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
130 continue;
131 mdevp[dane_mds[i].mtype] = md;
132 mdord[dane_mds[i].mtype] = dane_mds[i].ord;
133 }
134
135 dctx->mdevp = mdevp;
136 dctx->mdord = mdord;
137 dctx->mdmax = mdmax;
138
139 return 1;
140}
141
142static void dane_ctx_final(struct dane_ctx_st *dctx)
143{
144 OPENSSL_free(dctx->mdevp);
145 dctx->mdevp = NULL;
146
147 OPENSSL_free(dctx->mdord);
148 dctx->mdord = NULL;
149 dctx->mdmax = 0;
150}
151
152static void tlsa_free(danetls_record *t)
153{
154 if (t == NULL)
155 return;
156 OPENSSL_free(t->data);
157 EVP_PKEY_free(t->spki);
158 OPENSSL_free(t);
159}
160
b9aec69a 161static void dane_final(SSL_DANE *dane)
919ba009
VD		 162{
163 sk_danetls_record_pop_free(dane->trecs, tlsa_free);
164 dane->trecs = NULL;
165
79b2a2f2 166 OSSL_STACK_OF_X509_free(dane->certs);
919ba009
VD		 167 dane->certs = NULL;
168
169 X509_free(dane->mcert);
170 dane->mcert = NULL;
171 dane->mtlsa = NULL;
172 dane->mdpth = -1;
173 dane->pdpth = -1;
174}
175
176/*
177 * dane_copy - Copy dane configuration, sans verification state.
178 */
38b051a1 179static int ssl_dane_dup(SSL_CONNECTION *to, SSL_CONNECTION *from)
919ba009
VD		 180{
181 int num;
182 int i;
183
184 if (!DANETLS_ENABLED(&from->dane))
185 return 1;
186
e431363f 187 num = sk_danetls_record_num(from->dane.trecs);
919ba009 188 dane_final(&to->dane);
5ae4ceb9 189 to->dane.flags = from->dane.flags;
38b051a1 190 to->dane.dctx = &SSL_CONNECTION_GET_CTX(to)->dane;
7a908204 191 to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
9f6b22b8
VD		 192
193 if (to->dane.trecs == NULL) {
e077455e 194 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
9f6b22b8
VD		 195 return 0;
196 }
919ba009 197
919ba009
VD		 198 for (i = 0; i < num; ++i) {
199 danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
9f6b22b8 200
38b051a1
TM		 201 if (SSL_dane_tlsa_add(SSL_CONNECTION_GET_SSL(to), t->usage,
202 t->selector, t->mtype, t->data, t->dlen) <= 0)
919ba009
VD		 203 return 0;
204 }
205 return 1;
206}
207
a230b26e
EK		 208static int dane_mtype_set(struct dane_ctx_st *dctx,
209 const EVP_MD *md, uint8_t mtype, uint8_t ord)
919ba009
VD		 210{
211 int i;
212
213 if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
6849b73c 214 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
919ba009
VD		 215 return 0;
216 }
217
218 if (mtype > dctx->mdmax) {
219 const EVP_MD **mdevp;
220 uint8_t *mdord;
a230b26e 221 int n = ((int)mtype) + 1;
919ba009
VD		 222
223 mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
e077455e 224 if (mdevp == NULL)
919ba009 225 return -1;
919ba009
VD		 226 dctx->mdevp = mdevp;
227
228 mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
e077455e 229 if (mdord == NULL)
919ba009 230 return -1;
919ba009
VD		 231 dctx->mdord = mdord;
232
233 /* Zero-fill any gaps */
a230b26e 234 for (i = dctx->mdmax + 1; i < mtype; ++i) {
919ba009
VD		 235 mdevp[i] = NULL;
236 mdord[i] = 0;
237 }
238
239 dctx->mdmax = mtype;
240 }
241
242 dctx->mdevp[mtype] = md;
243 /* Coerce ordinal of disabled matching types to 0 */
244 dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
245
246 return 1;
247}
248
b9aec69a 249static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
919ba009
VD		 250{
251 if (mtype > dane->dctx->mdmax)
252 return NULL;
253 return dane->dctx->mdevp[mtype];
254}
255
a230b26e
EK		 256static int dane_tlsa_add(SSL_DANE *dane,
257 uint8_t usage,
258 uint8_t selector,
6d4313f0 259 uint8_t mtype, const unsigned char *data, size_t dlen)
919ba009
VD		 260{
261 danetls_record *t;
262 const EVP_MD *md = NULL;
263 int ilen = (int)dlen;
264 int i;
9f6b22b8 265 int num;
919ba009
VD		 266
267 if (dane->trecs == NULL) {
6849b73c 268 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_NOT_ENABLED);
919ba009
VD		 269 return -1;
270 }
271
272 if (ilen < 0 || dlen != (size_t)ilen) {
6849b73c 273 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
919ba009
VD		 274 return 0;
275 }
276
277 if (usage > DANETLS_USAGE_LAST) {
6849b73c 278 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
919ba009
VD		 279 return 0;
280 }
281
282 if (selector > DANETLS_SELECTOR_LAST) {
6849b73c 283 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_SELECTOR);
919ba009
VD		 284 return 0;
285 }
286
287 if (mtype != DANETLS_MATCHING_FULL) {
288 md = tlsa_md_get(dane, mtype);
289 if (md == NULL) {
6849b73c 290 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
919ba009
VD		 291 return 0;
292 }
293 }
294
ed576acd 295 if (md != NULL && dlen != (size_t)EVP_MD_get_size(md)) {
6849b73c 296 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
919ba009
VD		 297 return 0;
298 }
299 if (!data) {
6849b73c 300 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_NULL_DATA);
919ba009
VD		 301 return 0;
302 }
303
e077455e 304 if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL)
919ba009 305 return -1;
919ba009
VD		 306
307 t->usage = usage;
308 t->selector = selector;
309 t->mtype = mtype;
348240c6 310 t->data = OPENSSL_malloc(dlen);
919ba009
VD		 311 if (t->data == NULL) {
312 tlsa_free(t);
919ba009
VD		 313 return -1;
314 }
348240c6
MC		 315 memcpy(t->data, data, dlen);
316 t->dlen = dlen;
919ba009
VD		 317
318 /* Validate and cache full certificate or public key */
319 if (mtype == DANETLS_MATCHING_FULL) {
320 const unsigned char *p = data;
321 X509 *cert = NULL;
322 EVP_PKEY *pkey = NULL;
323
324 switch (selector) {
325 case DANETLS_SELECTOR_CERT:
348240c6 326 if (!d2i_X509(&cert, &p, ilen) || p < data ||
919ba009
VD		 327 dlen != (size_t)(p - data)) {
328 tlsa_free(t);
6849b73c 329 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
919ba009
VD		 330 return 0;
331 }
332 if (X509_get0_pubkey(cert) == NULL) {
333 tlsa_free(t);
6849b73c 334 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
919ba009
VD		 335 return 0;
336 }
337
338 if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
339 X509_free(cert);
340 break;
341 }
342
343 /*
344 * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
345 * records that contain full certificates of trust-anchors that are
346 * not present in the wire chain. For usage PKIX-TA(0), we augment
347 * the chain with untrusted Full(0) certificates from DNS, in case
348 * they are missing from the chain.
349 */
350 if ((dane->certs == NULL &&
351 (dane->certs = sk_X509_new_null()) == NULL) ||
352 !sk_X509_push(dane->certs, cert)) {
e077455e 353 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
919ba009
VD		 354 X509_free(cert);
355 tlsa_free(t);
356 return -1;
357 }
358 break;
359
360 case DANETLS_SELECTOR_SPKI:
348240c6 361 if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
919ba009
VD		 362 dlen != (size_t)(p - data)) {
363 tlsa_free(t);
6849b73c 364 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
919ba009
VD		 365 return 0;
366 }
367
368 /*
369 * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
370 * records that contain full bare keys of trust-anchors that are
371 * not present in the wire chain.
372 */
373 if (usage == DANETLS_USAGE_DANE_TA)
374 t->spki = pkey;
375 else
376 EVP_PKEY_free(pkey);
377 break;
378 }
379 }
380
381 /*-
382 * Find the right insertion point for the new record.
383 *
384 * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that
385 * they can be processed first, as they require no chain building, and no
386 * expiration or hostname checks. Because DANE-EE(3) is numerically
387 * largest, this is accomplished via descending sort by "usage".
388 *
389 * We also sort in descending order by matching ordinal to simplify
390 * the implementation of digest agility in the verification code.
391 *
392 * The choice of order for the selector is not significant, so we
393 * use the same descending order for consistency.
394 */
9f6b22b8
VD		 395 num = sk_danetls_record_num(dane->trecs);
396 for (i = 0; i < num; ++i) {
919ba009 397 danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
9f6b22b8 398
919ba009
VD		 399 if (rec->usage > usage)
400 continue;
401 if (rec->usage < usage)
402 break;
403 if (rec->selector > selector)
404 continue;
405 if (rec->selector < selector)
406 break;
407 if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
408 continue;
409 break;
410 }
411
412 if (!sk_danetls_record_insert(dane->trecs, t, i)) {
413 tlsa_free(t);
e077455e 414 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
919ba009
VD		 415 return -1;
416 }
417 dane->umask |= DANETLS_USAGE_BIT(usage);
418
419 return 1;
420}
421
c8feba72
BK		 422/*
423 * Return 0 if there is only one version configured and it was disabled
424 * at configure time. Return 1 otherwise.
425 */
426static int ssl_check_allowed_versions(int min_version, int max_version)
427{
428 int minisdtls = 0, maxisdtls = 0;
429
430 /* Figure out if we're doing DTLS versions or TLS versions */
431 if (min_version == DTLS1_BAD_VER
432 || min_version >> 8 == DTLS1_VERSION_MAJOR)
433 minisdtls = 1;
434 if (max_version == DTLS1_BAD_VER
435 || max_version >> 8 == DTLS1_VERSION_MAJOR)
436 maxisdtls = 1;
437 /* A wildcard version of 0 could be DTLS or TLS. */
438 if ((minisdtls && !maxisdtls && max_version != 0)
439 || (maxisdtls && !minisdtls && min_version != 0)) {
440 /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
441 return 0;
442 }
443
444 if (minisdtls || maxisdtls) {
445 /* Do DTLS version checks. */
446 if (min_version == 0)
447 /* Ignore DTLS1_BAD_VER */
448 min_version = DTLS1_VERSION;
449 if (max_version == 0)
450 max_version = DTLS1_2_VERSION;
451#ifdef OPENSSL_NO_DTLS1_2
452 if (max_version == DTLS1_2_VERSION)
453 max_version = DTLS1_VERSION;
454#endif
455#ifdef OPENSSL_NO_DTLS1
456 if (min_version == DTLS1_VERSION)
457 min_version = DTLS1_2_VERSION;
458#endif
79b4444d
DMSP		 459 /* Done massaging versions; do the check. */
460 if (0
c8feba72
BK		 461#ifdef OPENSSL_NO_DTLS1
462 || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
463 && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
464#endif
465#ifdef OPENSSL_NO_DTLS1_2
466 || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
467 && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
468#endif
469 )
470 return 0;
471 } else {
472 /* Regular TLS version checks. */
79b4444d
DMSP		 473 if (min_version == 0)
474 min_version = SSL3_VERSION;
475 if (max_version == 0)
476 max_version = TLS1_3_VERSION;
c8feba72 477#ifdef OPENSSL_NO_TLS1_3
79b4444d
DMSP		 478 if (max_version == TLS1_3_VERSION)
479 max_version = TLS1_2_VERSION;
c8feba72
BK		 480#endif
481#ifdef OPENSSL_NO_TLS1_2
79b4444d
DMSP		 482 if (max_version == TLS1_2_VERSION)
483 max_version = TLS1_1_VERSION;
c8feba72
BK		 484#endif
485#ifdef OPENSSL_NO_TLS1_1
79b4444d
DMSP		 486 if (max_version == TLS1_1_VERSION)
487 max_version = TLS1_VERSION;
c8feba72
BK		 488#endif
489#ifdef OPENSSL_NO_TLS1
79b4444d
DMSP		 490 if (max_version == TLS1_VERSION)
491 max_version = SSL3_VERSION;
c8feba72
BK		 492#endif
493#ifdef OPENSSL_NO_SSL3
79b4444d
DMSP		 494 if (min_version == SSL3_VERSION)
495 min_version = TLS1_VERSION;
c8feba72
BK		 496#endif
497#ifdef OPENSSL_NO_TLS1
79b4444d
DMSP		 498 if (min_version == TLS1_VERSION)
499 min_version = TLS1_1_VERSION;
c8feba72
BK		 500#endif
501#ifdef OPENSSL_NO_TLS1_1
79b4444d
DMSP		 502 if (min_version == TLS1_1_VERSION)
503 min_version = TLS1_2_VERSION;
c8feba72
BK		 504#endif
505#ifdef OPENSSL_NO_TLS1_2
79b4444d
DMSP		 506 if (min_version == TLS1_2_VERSION)
507 min_version = TLS1_3_VERSION;
c8feba72 508#endif
79b4444d
DMSP		 509 /* Done massaging versions; do the check. */
510 if (0
c8feba72
BK		 511#ifdef OPENSSL_NO_SSL3
512 || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
513#endif
514#ifdef OPENSSL_NO_TLS1
515 || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
516#endif
517#ifdef OPENSSL_NO_TLS1_1
518 || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
519#endif
520#ifdef OPENSSL_NO_TLS1_2
521 || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
522#endif
523#ifdef OPENSSL_NO_TLS1_3
524 || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
525#endif
526 )
527 return 0;
528 }
529 return 1;
530}
531
08073700
RB		 532#if defined(__TANDEM) && defined(OPENSSL_VPROC)
533/*
534 * Define a VPROC function for HP NonStop build ssl library.
535 * This is used by platform version identification tools.
536 * Do not inline this procedure or make it static.
537 */
538# define OPENSSL_VPROC_STRING_(x) x##_SSL
539# define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x)
540# define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC)
541void OPENSSL_VPROC_FUNC(void) {}
542#endif
543
544
38b051a1 545static void clear_ciphers(SSL_CONNECTION *s)
d31fb0b5
RS		 546{
547 /* clear the current cipher */
548 ssl_clear_cipher_ctx(s);
d31fb0b5
RS		 549}
550
4f43d0e7 551int SSL_clear(SSL *s)
0f113f3e 552{
0f113f3e 553 if (s->method == NULL) {
6849b73c 554 ERR_raise(ERR_LIB_SSL, SSL_R_NO_METHOD_SPECIFIED);
a89325e4 555 return 0;
0f113f3e 556 }
d02b48c6 557
38b051a1
TM		 558 return s->method->ssl_reset(s);
559}
560
561int ossl_ssl_connection_reset(SSL *s)
562{
563 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
564
565 if (sc == NULL)
566 return 0;
567
568 if (ssl_clear_bad_session(sc)) {
569 SSL_SESSION_free(sc->session);
570 sc->session = NULL;
0f113f3e 571 }
38b051a1
TM		 572 SSL_SESSION_free(sc->psksession);
573 sc->psksession = NULL;
574 OPENSSL_free(sc->psksession_id);
575 sc->psksession_id = NULL;
576 sc->psksession_id_len = 0;
577 sc->hello_retry_request = 0;
578 sc->sent_tickets = 0;
d62bfb39 579
38b051a1
TM		 580 sc->error = 0;
581 sc->hit = 0;
582 sc->shutdown = 0;
d02b48c6 583
38b051a1 584 if (sc->renegotiate) {
6849b73c 585 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
0f113f3e
MC		 586 return 0;
587 }
d02b48c6 588
38b051a1 589 ossl_statem_clear(sc);
413c4f45 590
38b051a1
TM		 591 /* TODO(QUIC): Version handling not yet clear */
592 sc->version = s->method->version;
593 sc->client_version = sc->version;
594 sc->rwstate = SSL_NOTHING;
d02b48c6 595
38b051a1
TM		 596 BUF_MEM_free(sc->init_buf);
597 sc->init_buf = NULL;
598 clear_ciphers(sc);
599 sc->first_packet = 0;
d02b48c6 600
38b051a1 601 sc->key_update = SSL_KEY_UPDATE_NONE;
b67cb09f
TS		 602 memset(sc->ext.compress_certificate_from_peer, 0,
603 sizeof(sc->ext.compress_certificate_from_peer));
604 sc->ext.compress_certificate_sent = 0;
44c04a2e 605
38b051a1
TM		 606 EVP_MD_CTX_free(sc->pha_dgst);
607 sc->pha_dgst = NULL;
88834998 608
919ba009 609 /* Reset DANE verification result state */
38b051a1
TM		 610 sc->dane.mdpth = -1;
611 sc->dane.pdpth = -1;
612 X509_free(sc->dane.mcert);
613 sc->dane.mcert = NULL;
614 sc->dane.mtlsa = NULL;
919ba009
VD		 615
616 /* Clear the verification result peername */
38b051a1 617 X509_VERIFY_PARAM_move_peername(sc->param, NULL);
919ba009 618
29948ac8 619 /* Clear any shared connection state */
38b051a1
TM		 620 OPENSSL_free(sc->shared_sigalgs);
621 sc->shared_sigalgs = NULL;
622 sc->shared_sigalgslen = 0;
29948ac8 623
0f113f3e
MC		 624 /*
625 * Check to see if we were changed into a different method, if so, revert
24252537 626 * back.
0f113f3e 627 */
38b051a1
TM		 628 if (s->method != SSL_CONNECTION_GET_CTX(sc)->method) {
629 s->method->ssl_deinit(s);
630 s->method = SSL_CONNECTION_GET_CTX(sc)->method;
631 if (!s->method->ssl_init(s))
a89325e4 632 return 0;
b77f3ed1
MC		 633 } else {
634 if (!s->method->ssl_clear(s))
635 return 0;
636 }
33d23b87 637
38b051a1 638 RECORD_LAYER_clear(&sc->rlayer);
cffafb5f
MC		 639 BIO_free(sc->rlayer.rrlnext);
640 sc->rlayer.rrlnext = NULL;
33d23b87 641
79eebb08 642 if (!ssl_set_new_record_layer(sc,
222cf410 643 SSL_CONNECTION_IS_DTLS(sc) ? DTLS_ANY_VERSION : TLS_ANY_VERSION,
79eebb08
MC		 644 OSSL_RECORD_DIRECTION_READ,
645 OSSL_RECORD_PROTECTION_LEVEL_NONE,
646 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
647 NID_undef, NULL, NULL)) {
7c293999 648 /* SSLfatal already called */
aedbb71b
MC		 649 return 0;
650 }
2b71b042
MC		 651 if (!ssl_set_new_record_layer(sc,
652 SSL_CONNECTION_IS_DTLS(sc) ? DTLS_ANY_VERSION : TLS_ANY_VERSION,
653 OSSL_RECORD_DIRECTION_WRITE,
654 OSSL_RECORD_PROTECTION_LEVEL_NONE,
655 NULL, 0, NULL, 0, NULL, 0, NULL, 0,
656 NID_undef, NULL, NULL)) {
657 /* SSLfatal already called */
658 return 0;
659 }
aedbb71b 660
a89325e4 661 return 1;
0f113f3e 662}
d02b48c6 663
dd0164e7 664#ifndef OPENSSL_NO_DEPRECATED_3_0
4f43d0e7 665/** Used to change an SSL_CTXs default SSL method type */
0f113f3e
MC		 666int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
667{
668 STACK_OF(SSL_CIPHER) *sk;
669
670 ctx->method = meth;
671
5d120511 672 if (!SSL_CTX_set_ciphersuites(ctx, OSSL_default_ciphersuites())) {
6849b73c 673 ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
2340ed27
BK		 674 return 0;
675 }
a68eee67 676 sk = ssl_create_cipher_list(ctx,
f865b081
MC		 677 ctx->tls13_ciphersuites,
678 &(ctx->cipher_list),
0f113f3e 679 &(ctx->cipher_list_by_id),
5d120511 680 OSSL_default_cipher_list(), ctx->cert);
0f113f3e 681 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
6849b73c 682 ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
26a7d938 683 return 0;
0f113f3e 684 }
208fb891 685 return 1;
0f113f3e 686}
dd0164e7 687#endif
d02b48c6 688
4f43d0e7 689SSL *SSL_new(SSL_CTX *ctx)
0f113f3e 690{
0f113f3e 691 if (ctx == NULL) {
6849b73c 692 ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_CTX);
26a7d938 693 return NULL;
0f113f3e
MC		 694 }
695 if (ctx->method == NULL) {
6849b73c 696 ERR_raise(ERR_LIB_SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
26a7d938 697 return NULL;
0f113f3e 698 }
38b051a1
TM		 699 return ctx->method->ssl_new(ctx);
700}
701
702int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, int type)
703{
704 ssl->type = type;
705
706 ssl->references = 1;
707 ssl->lock = CRYPTO_THREAD_lock_new();
708 if (ssl->lock == NULL)
709 return 0;
710
711 SSL_CTX_up_ref(ctx);
712 ssl->ctx = ctx;
713
714 ssl->method = ctx->method;
715
716 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data))
717 return 0;
718
719 return 1;
720}
721
722SSL *ossl_ssl_connection_new(SSL_CTX *ctx)
723{
724 SSL_CONNECTION *s;
725 SSL *ssl;
0f113f3e 726
b51bce94 727 s = OPENSSL_zalloc(sizeof(*s));
0f113f3e 728 if (s == NULL)
38b051a1 729 return NULL;
0f113f3e 730
38b051a1
TM		 731 ssl = &s->ssl;
732 if (!ossl_ssl_init(ssl, ctx, SSL_TYPE_SSL_CONNECTION)) {
e6b10c34
BE		 733 OPENSSL_free(s);
734 s = NULL;
e077455e 735 goto sslerr;
e6b10c34 736 }
ae3947de 737
38b051a1
TM		 738#ifndef OPENSSL_NO_QUIC
739 /* set the parent (user visible) ssl to self */
740 s->user_ssl = ssl;
741#endif
742
c036e210 743 RECORD_LAYER_init(&s->rlayer, s);
28d59af8 744
0f113f3e 745 s->options = ctx->options;
5ae4ceb9 746 s->dane.flags = ctx->dane.flags;
7946ab33
KR		 747 s->min_proto_version = ctx->min_proto_version;
748 s->max_proto_version = ctx->max_proto_version;
0f113f3e
MC		 749 s->mode = ctx->mode;
750 s->max_cert_list = ctx->max_cert_list;
3fc8d856 751 s->max_early_data = ctx->max_early_data;
4e8548e8 752 s->recv_max_early_data = ctx->recv_max_early_data;
9d0a8bb7 753 s->num_tickets = ctx->num_tickets;
e97be718 754 s->pha_enabled = ctx->pha_enabled;
0f113f3e 755
f865b081
MC		 756 /* Shallow copy of the ciphersuites stack */
757 s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
758 if (s->tls13_ciphersuites == NULL)
e077455e 759 goto cerr;
f865b081 760
2c382349
KR		 761 /*
762 * Earlier library versions used to copy the pointer to the CERT, not
763 * its contents; only when setting new parameters for the per-SSL
764 * copy, ssl_cert_new would be called (and the direct reference to
765 * the per-SSL_CTX settings would be lost, but those still were
766 * indirectly accessed for various purposes, and for that reason they
767 * used to be known as s->ctx->default_cert). Now we don't look at the
768 * SSL_CTX's CERT after having duplicated it once.
769 */
770 s->cert = ssl_cert_dup(ctx->cert);
771 if (s->cert == NULL)
e077455e 772 goto sslerr;
0f113f3e 773
52e1d7b1 774 RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
0f113f3e
MC		 775 s->msg_callback = ctx->msg_callback;
776 s->msg_callback_arg = ctx->msg_callback_arg;
777 s->verify_mode = ctx->verify_mode;
778 s->not_resumable_session_cb = ctx->not_resumable_session_cb;
eb7d6c2a
MC		 779 s->rlayer.record_padding_cb = ctx->record_padding_cb;
780 s->rlayer.record_padding_arg = ctx->record_padding_arg;
781 s->rlayer.block_padding = ctx->block_padding;
0f113f3e 782 s->sid_ctx_length = ctx->sid_ctx_length;
cbe29648 783 if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
380a522f 784 goto err;
0f113f3e
MC		 785 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
786 s->verify_callback = ctx->default_verify_callback;
787 s->generate_session_id = ctx->generate_session_id;
788
789 s->param = X509_VERIFY_PARAM_new();
a71edf3b 790 if (s->param == NULL)
e077455e 791 goto asn1err;
0f113f3e 792 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
0f113f3e 793 s->quiet_shutdown = ctx->quiet_shutdown;
cf72c757
F		 794
795 s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
0f113f3e 796 s->max_send_fragment = ctx->max_send_fragment;
d102d9df
MC		 797 s->split_send_fragment = ctx->split_send_fragment;
798 s->max_pipelines = ctx->max_pipelines;
cffafb5f 799 s->rlayer.default_read_buf_len = ctx->default_read_buf_len;
bf21446a 800
aff8c126
RS		 801 s->ext.debug_cb = 0;
802 s->ext.debug_arg = NULL;
803 s->ext.ticket_expected = 0;
804 s->ext.status_type = ctx->ext.status_type;
805 s->ext.status_expected = 0;
806 s->ext.ocsp.ids = NULL;
807 s->ext.ocsp.exts = NULL;
808 s->ext.ocsp.resp = NULL;
809 s->ext.ocsp.resp_len = 0;
16203f7b 810 SSL_CTX_up_ref(ctx);
222da979 811 s->session_ctx = ctx;
aff8c126
RS		 812 if (ctx->ext.ecpointformats) {
813 s->ext.ecpointformats =
814 OPENSSL_memdup(ctx->ext.ecpointformats,
815 ctx->ext.ecpointformats_len);
39a14059
MC		 816 if (!s->ext.ecpointformats) {
817 s->ext.ecpointformats_len = 0;
0f113f3e 818 goto err;
39a14059 819 }
aff8c126
RS		 820 s->ext.ecpointformats_len =
821 ctx->ext.ecpointformats_len;
822 }
823 if (ctx->ext.supportedgroups) {
824 s->ext.supportedgroups =
825 OPENSSL_memdup(ctx->ext.supportedgroups,
9e84a42d 826 ctx->ext.supportedgroups_len
b92d7b62 827 * sizeof(*ctx->ext.supportedgroups));
39a14059
MC		 828 if (!s->ext.supportedgroups) {
829 s->ext.supportedgroups_len = 0;
0f113f3e 830 goto err;
39a14059 831 }
aff8c126 832 s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
0f113f3e 833 }
dbc6268f 834
a230b26e 835#ifndef OPENSSL_NO_NEXTPROTONEG
aff8c126 836 s->ext.npn = NULL;
a230b26e 837#endif
6f017a8f 838
38b051a1
TM		 839 if (ctx->ext.alpn != NULL) {
840 s->ext.alpn = OPENSSL_malloc(ctx->ext.alpn_len);
39a14059
MC		 841 if (s->ext.alpn == NULL) {
842 s->ext.alpn_len = 0;
0f113f3e 843 goto err;
39a14059 844 }
38b051a1
TM		 845 memcpy(s->ext.alpn, ctx->ext.alpn, ctx->ext.alpn_len);
846 s->ext.alpn_len = ctx->ext.alpn_len;
0f113f3e 847 }
d02b48c6 848
696178ed 849 s->verified_chain = NULL;
0f113f3e 850 s->verify_result = X509_V_OK;
d02b48c6 851
a974e64a
MC		 852 s->default_passwd_callback = ctx->default_passwd_callback;
853 s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
854
44c04a2e
MC		 855 s->key_update = SSL_KEY_UPDATE_NONE;
856
c9598459
MC		 857 s->allow_early_data_cb = ctx->allow_early_data_cb;
858 s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
859
38b051a1 860 if (!ssl->method->ssl_init(ssl))
e077455e 861 goto sslerr;
d02b48c6 862
0f113f3e 863 s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
bf21446a 864
38b051a1 865 if (!SSL_clear(ssl))
e077455e 866 goto sslerr;
58964a49 867
ddac1974 868#ifndef OPENSSL_NO_PSK
0f113f3e
MC		 869 s->psk_client_callback = ctx->psk_client_callback;
870 s->psk_server_callback = ctx->psk_server_callback;
ddac1974 871#endif
f46184bd
MC		 872 s->psk_find_session_cb = ctx->psk_find_session_cb;
873 s->psk_use_session_cb = ctx->psk_use_session_cb;
ddac1974 874
9f5a87fd
PY		 875 s->async_cb = ctx->async_cb;
876 s->async_cb_arg = ctx->async_cb_arg;
877
07bbc92c
MC		 878 s->job = NULL;
879
b67cb09f
TS		 880#ifndef OPENSSL_NO_COMP_ALG
881 memcpy(s->cert_comp_prefs, ctx->cert_comp_prefs, sizeof(s->cert_comp_prefs));
882#endif
883
ed29e82a 884#ifndef OPENSSL_NO_CT
38b051a1 885 if (!SSL_set_ct_validation_callback(ssl, ctx->ct_validation_callback,
a230b26e 886 ctx->ct_validation_callback_arg))
e077455e 887 goto sslerr;
ed29e82a
RP		 888#endif
889
38b051a1 890 return ssl;
e077455e
RL		 891 cerr:
892 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
893 goto err;
894 asn1err:
895 ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
896 goto err;
897 sslerr:
898 ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
0f113f3e 899 err:
38b051a1 900 SSL_free(ssl);
16203f7b 901 return NULL;
0f113f3e 902}
d02b48c6 903
e417070c
RS		 904int SSL_is_dtls(const SSL *s)
905{
38b051a1
TM		 906 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
907
908 if (sc == NULL)
909 return 0;
910
911 return SSL_CONNECTION_IS_DTLS(sc) ? 1 : 0;
e417070c
RS		 912}
913
c5ebfcab 914int SSL_up_ref(SSL *s)
a18a31e4 915{
16203f7b 916 int i;
c5ebfcab 917
2f545ae4 918 if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)
c5ebfcab
F		 919 return 0;
920
921 REF_PRINT_COUNT("SSL", s);
922 REF_ASSERT_ISNT(i < 2);
923 return ((i > 1) ? 1 : 0);
a18a31e4
MC		 924}
925
0f113f3e
MC		 926int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
927 unsigned int sid_ctx_len)
928{
fe9edc9d 929 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
6849b73c 930 ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
0f113f3e
MC		 931 return 0;
932 }
933 ctx->sid_ctx_length = sid_ctx_len;
934 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
4eb77b26
BM		 935
936 return 1;
0f113f3e 937}
4eb77b26 938
0f113f3e
MC		 939int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
940 unsigned int sid_ctx_len)
941{
38b051a1
TM		 942 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
943
944 if (sc == NULL)
945 return 0;
946
0f113f3e 947 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
6849b73c 948 ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
0f113f3e
MC		 949 return 0;
950 }
38b051a1
TM		 951 sc->sid_ctx_length = sid_ctx_len;
952 memcpy(sc->sid_ctx, sid_ctx, sid_ctx_len);
b4cadc6e
BL		 953
954 return 1;
0f113f3e 955}
b4cadc6e 956
dc644fe2 957int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
0f113f3e 958{
cd3f8c1b
RS		 959 if (!CRYPTO_THREAD_write_lock(ctx->lock))
960 return 0;
0f113f3e 961 ctx->generate_session_id = cb;
16203f7b 962 CRYPTO_THREAD_unlock(ctx->lock);
0f113f3e
MC		 963 return 1;
964}
dc644fe2
GT		 965
966int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
0f113f3e 967{
38b051a1
TM		 968 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
969
970 if (sc == NULL || !CRYPTO_THREAD_write_lock(ssl->lock))
cd3f8c1b 971 return 0;
38b051a1 972 sc->generate_session_id = cb;
16203f7b 973 CRYPTO_THREAD_unlock(ssl->lock);
0f113f3e
MC		 974 return 1;
975}
dc644fe2 976
f85c9904 977int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
0f113f3e
MC		 978 unsigned int id_len)
979{
980 /*
981 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
69687aa8 982 * we can "construct" a session to give us the desired check - i.e. to
0f113f3e
MC		 983 * find if there's a session in the hash table that would conflict with
984 * any new session built out of this id/id_len and the ssl_version in use
985 * by this SSL.
986 */
987 SSL_SESSION r, *p;
38b051a1 988 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
0f113f3e 989
38b051a1 990 if (sc == NULL || id_len > sizeof(r.session_id))
0f113f3e
MC		 991 return 0;
992
38b051a1 993 r.ssl_version = sc->version;
0f113f3e
MC		 994 r.session_id_length = id_len;
995 memcpy(r.session_id, id, id_len);
996
38b051a1 997 if (!CRYPTO_THREAD_read_lock(sc->session_ctx->lock))
cd3f8c1b 998 return 0;
38b051a1
TM		 999 p = lh_SSL_SESSION_retrieve(sc->session_ctx->sessions, &r);
1000 CRYPTO_THREAD_unlock(sc->session_ctx->lock);
0f113f3e
MC		 1001 return (p != NULL);
1002}
dc644fe2 1003
bb7cd4e3 1004int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
0f113f3e
MC		 1005{
1006 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
1007}
bb7cd4e3
DSH		 1008
1009int SSL_set_purpose(SSL *s, int purpose)
0f113f3e 1010{
38b051a1
TM		 1011 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1012
1013 if (sc == NULL)
1014 return 0;
1015
1016 return X509_VERIFY_PARAM_set_purpose(sc->param, purpose);
0f113f3e 1017}
926a56bf 1018
bb7cd4e3 1019int SSL_CTX_set_trust(SSL_CTX *s, int trust)
0f113f3e
MC		 1020{
1021 return X509_VERIFY_PARAM_set_trust(s->param, trust);
1022}
bb7cd4e3
DSH		 1023
1024int SSL_set_trust(SSL *s, int trust)
0f113f3e 1025{
38b051a1
TM		 1026 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1027
1028 if (sc == NULL)
1029 return 0;
1030
1031 return X509_VERIFY_PARAM_set_trust(sc->param, trust);
0f113f3e 1032}
bb7cd4e3 1033
919ba009
VD		 1034int SSL_set1_host(SSL *s, const char *hostname)
1035{
38b051a1
TM		 1036 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1037
1038 if (sc == NULL)
1039 return 0;
1040
c832840e
DW		 1041 /* If a hostname is provided and parses as an IP address,
1042 * treat it as such. */
38b051a1
TM		 1043 if (hostname != NULL
1044 && X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname) == 1)
c832840e
DW		 1045 return 1;
1046
38b051a1 1047 return X509_VERIFY_PARAM_set1_host(sc->param, hostname, 0);
919ba009
VD		 1048}
1049
1050int SSL_add1_host(SSL *s, const char *hostname)
1051{
38b051a1
TM		 1052 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1053
1054 if (sc == NULL)
1055 return 0;
1056
c832840e
DW		 1057 /* If a hostname is provided and parses as an IP address,
1058 * treat it as such. */
892a9e4c
DW		 1059 if (hostname)
1060 {
1061 ASN1_OCTET_STRING *ip;
1062 char *old_ip;
1063
1064 ip = a2i_IPADDRESS(hostname);
1065 if (ip) {
1066 /* We didn't want it; only to check if it *is* an IP address */
1067 ASN1_OCTET_STRING_free(ip);
1068
38b051a1 1069 old_ip = X509_VERIFY_PARAM_get1_ip_asc(sc->param);
892a9e4c
DW		 1070 if (old_ip)
1071 {
f2bfc53b 1072 OPENSSL_free(old_ip);
892a9e4c
DW		 1073 /* There can be only one IP address */
1074 return 0;
1075 }
1076
38b051a1 1077 return X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname);
892a9e4c
DW		 1078 }
1079 }
c832840e 1080
38b051a1 1081 return X509_VERIFY_PARAM_add1_host(sc->param, hostname, 0);
919ba009
VD		 1082}
1083
1084void SSL_set_hostflags(SSL *s, unsigned int flags)
1085{
38b051a1
TM		 1086 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1087
1088 if (sc == NULL)
1089 return;
1090
1091 X509_VERIFY_PARAM_set_hostflags(sc->param, flags);
919ba009
VD		 1092}
1093
4588cb44 1094const char *SSL_get0_peername(SSL *s)
919ba009 1095{
38b051a1
TM		 1096 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1097
1098 if (sc == NULL)
1099 return NULL;
1100
1101 return X509_VERIFY_PARAM_get0_peername(sc->param);
919ba009
VD		 1102}
1103
1104int SSL_CTX_dane_enable(SSL_CTX *ctx)
1105{
1106 return dane_ctx_enable(&ctx->dane);
1107}
1108
5ae4ceb9
VD		 1109unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
1110{
1111 unsigned long orig = ctx->dane.flags;
1112
1113 ctx->dane.flags |= flags;
1114 return orig;
1115}
1116
1117unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
1118{
1119 unsigned long orig = ctx->dane.flags;
1120
1121 ctx->dane.flags &= ~flags;
1122 return orig;
1123}
1124
919ba009
VD		 1125int SSL_dane_enable(SSL *s, const char *basedomain)
1126{
38b051a1
TM		 1127 SSL_DANE *dane;
1128 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
919ba009 1129
38b051a1
TM		 1130 if (sc == NULL)
1131 return 0;
1132
1133 dane = &sc->dane;
919ba009 1134 if (s->ctx->dane.mdmax == 0) {
6849b73c 1135 ERR_raise(ERR_LIB_SSL, SSL_R_CONTEXT_NOT_DANE_ENABLED);
919ba009
VD		 1136 return 0;
1137 }
1138 if (dane->trecs != NULL) {
6849b73c 1139 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_ALREADY_ENABLED);
919ba009
VD		 1140 return 0;
1141 }
1142
8d887efa
VD		 1143 /*
1144 * Default SNI name. This rejects empty names, while set1_host below
9929c817 1145 * accepts them and disables hostname checks. To avoid side-effects with
8d887efa
VD		 1146 * invalid input, set the SNI name first.
1147 */
38b051a1 1148 if (sc->ext.hostname == NULL) {
dccd20d1 1149 if (!SSL_set_tlsext_host_name(s, basedomain)) {
6849b73c 1150 ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
dccd20d1 1151 return -1;
8d887efa
VD		 1152 }
1153 }
1154
919ba009 1155 /* Primary RFC6125 reference identifier */
38b051a1 1156 if (!X509_VERIFY_PARAM_set1_host(sc->param, basedomain, 0)) {
6849b73c 1157 ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
919ba009
VD		 1158 return -1;
1159 }
1160
919ba009
VD		 1161 dane->mdpth = -1;
1162 dane->pdpth = -1;
1163 dane->dctx = &s->ctx->dane;
1164 dane->trecs = sk_danetls_record_new_null();
1165
1166 if (dane->trecs == NULL) {
e077455e 1167 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
919ba009
VD		 1168 return -1;
1169 }
1170 return 1;
1171}
1172
5ae4ceb9
VD		 1173unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
1174{
38b051a1
TM		 1175 unsigned long orig;
1176 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
1177
1178 if (sc == NULL)
1179 return 0;
1180
1181 orig = sc->dane.flags;
5ae4ceb9 1182
38b051a1 1183 sc->dane.flags |= flags;
5ae4ceb9
VD		 1184 return orig;
1185}
1186
1187unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
1188{
38b051a1
TM		 1189 unsigned long orig;
1190 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
5ae4ceb9 1191
38b051a1
TM		 1192 if (sc == NULL)
1193 return 0;
1194
1195 orig = sc->dane.flags;
1196
1197 sc->dane.flags &= ~flags;
5ae4ceb9
VD		 1198 return orig;
1199}
1200
919ba009
VD		 1201int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
1202{
38b051a1
TM		 1203 SSL_DANE *dane;
1204 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
919ba009 1205
38b051a1
TM		 1206 if (sc == NULL)
1207 return -1;
1208
1209 dane = &sc->dane;
1210
1211 if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK)
919ba009
VD		 1212 return -1;
1213 if (dane->mtlsa) {
1214 if (mcert)
1215 *mcert = dane->mcert;
1216 if (mspki)
1217 *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
1218 }
1219 return dane->mdpth;
1220}
1221
1222int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
6d4313f0 1223 uint8_t *mtype, const unsigned char **data, size_t *dlen)
919ba009 1224{
38b051a1
TM		 1225 SSL_DANE *dane;
1226 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
919ba009 1227
38b051a1
TM		 1228 if (sc == NULL)
1229 return -1;
1230
1231 dane = &sc->dane;
1232
1233 if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK)
919ba009
VD		 1234 return -1;
1235 if (dane->mtlsa) {
1236 if (usage)
1237 *usage = dane->mtlsa->usage;
1238 if (selector)
1239 *selector = dane->mtlsa->selector;
1240 if (mtype)
1241 *mtype = dane->mtlsa->mtype;
1242 if (data)
1243 *data = dane->mtlsa->data;
1244 if (dlen)
1245 *dlen = dane->mtlsa->dlen;
1246 }
1247 return dane->mdpth;
1248}
1249
b9aec69a 1250SSL_DANE *SSL_get0_dane(SSL *s)
919ba009 1251{
38b051a1
TM		 1252 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1253
1254 if (sc == NULL)
1255 return NULL;
1256
1257 return &sc->dane;
919ba009
VD		 1258}
1259
1260int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
6d4313f0 1261 uint8_t mtype, const unsigned char *data, size_t dlen)
919ba009 1262{
38b051a1
TM		 1263 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1264
1265 if (sc == NULL)
1266 return 0;
1267
1268 return dane_tlsa_add(&sc->dane, usage, selector, mtype, data, dlen);
919ba009
VD		 1269}
1270
a230b26e
EK		 1271int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
1272 uint8_t ord)
919ba009
VD		 1273{
1274 return dane_mtype_set(&ctx->dane, md, mtype, ord);
1275}
1276
ccf11751 1277int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
0f113f3e
MC		 1278{
1279 return X509_VERIFY_PARAM_set1(ctx->param, vpm);
1280}
ccf11751
DSH		 1281
1282int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
0f113f3e 1283{
38b051a1
TM		 1284 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
1285
1286 if (sc == NULL)
1287 return 0;
1288
1289 return X509_VERIFY_PARAM_set1(sc->param, vpm);
0f113f3e 1290}
ccf11751 1291
7af31968 1292X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
0f113f3e
MC		 1293{
1294 return ctx->param;
1295}
7af31968
DSH		 1296
1297X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
0f113f3e 1298{
38b051a1
TM		 1299 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
1300
1301 if (sc == NULL)
1302 return NULL;
1303
1304 return sc->param;
0f113f3e 1305}
7af31968 1306
a5ee80b9 1307void SSL_certs_clear(SSL *s)
0f113f3e 1308{
38b051a1
TM		 1309 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1310
1311 if (sc == NULL)
1312 return;
1313
1314 ssl_cert_clear_certs(sc->cert);
0f113f3e 1315}
a5ee80b9 1316
4f43d0e7 1317void SSL_free(SSL *s)
0f113f3e
MC		 1318{
1319 int i;
58964a49 1320
e6e9170d
RS		 1321 if (s == NULL)
1322 return;
2f545ae4 1323 CRYPTO_DOWN_REF(&s->references, &i, s->lock);
f3f1cf84 1324 REF_PRINT_COUNT("SSL", s);
0f113f3e
MC		 1325 if (i > 0)
1326 return;
f3f1cf84 1327 REF_ASSERT_ISNT(i < 0);
d02b48c6 1328
38b051a1
TM		 1329 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
1330
1331 if (s->method != NULL)
1332 s->method->ssl_free(s);
1333
1334 SSL_CTX_free(s->ctx);
1335 CRYPTO_THREAD_lock_free(s->lock);
1336
1337 OPENSSL_free(s);
1338}
1339
1340void ossl_ssl_connection_free(SSL *ssl)
1341{
1342 SSL_CONNECTION *s;
1343
1344 s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
1345 if (s == NULL)
1346 return;
1347
222561fe 1348 X509_VERIFY_PARAM_free(s->param);
919ba009 1349 dane_final(&s->dane);
0f113f3e 1350
b77f3ed1 1351 /* Ignore return value */
2e7dc7cd
MC		 1352 ssl_free_wbio_buffer(s);
1353
9ff51954
MC		 1354 RECORD_LAYER_clear(&s->rlayer);
1355
25aaa98a 1356 BUF_MEM_free(s->init_buf);
0f113f3e
MC		 1357
1358 /* add extra stuff */
25aaa98a
RS		 1359 sk_SSL_CIPHER_free(s->cipher_list);
1360 sk_SSL_CIPHER_free(s->cipher_list_by_id);
f865b081 1361 sk_SSL_CIPHER_free(s->tls13_ciphersuites);
eee2a6a7 1362 sk_SSL_CIPHER_free(s->peer_ciphers);
0f113f3e
MC		 1363
1364 /* Make the next call work :-) */
1365 if (s->session != NULL) {
1366 ssl_clear_bad_session(s);
1367 SSL_SESSION_free(s->session);
1368 }
9368f865 1369 SSL_SESSION_free(s->psksession);
add8d0e9 1370 OPENSSL_free(s->psksession_id);
0f113f3e 1371
d31fb0b5 1372 clear_ciphers(s);
d02b48c6 1373
e0e920b1 1374 ssl_cert_free(s->cert);
29948ac8 1375 OPENSSL_free(s->shared_sigalgs);
0f113f3e 1376 /* Free up if allocated */
d02b48c6 1377
aff8c126 1378 OPENSSL_free(s->ext.hostname);
222da979 1379 SSL_CTX_free(s->session_ctx);
aff8c126 1380 OPENSSL_free(s->ext.ecpointformats);
cd0fb43c 1381 OPENSSL_free(s->ext.peer_ecpointformats);
aff8c126 1382 OPENSSL_free(s->ext.supportedgroups);
45436e61 1383 OPENSSL_free(s->ext.peer_supportedgroups);
aff8c126 1384 sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
3e41ac35 1385#ifndef OPENSSL_NO_OCSP
aff8c126 1386 sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
3e41ac35 1387#endif
ed29e82a
RP		 1388#ifndef OPENSSL_NO_CT
1389 SCT_LIST_free(s->scts);
aff8c126 1390 OPENSSL_free(s->ext.scts);
ed29e82a 1391#endif
aff8c126
RS		 1392 OPENSSL_free(s->ext.ocsp.resp);
1393 OPENSSL_free(s->ext.alpn);
cfef5027 1394 OPENSSL_free(s->ext.tls13_cookie);
94941cad
MK		 1395 if (s->clienthello != NULL)
1396 OPENSSL_free(s->clienthello->pre_proc_exts);
6b1bb98f 1397 OPENSSL_free(s->clienthello);
9d75dce3
TS		 1398 OPENSSL_free(s->pha_context);
1399 EVP_MD_CTX_free(s->pha_dgst);
0f113f3e 1400
fa7c2637 1401 sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
98732979 1402 sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
0f113f3e 1403
79b2a2f2 1404 OSSL_STACK_OF_X509_free(s->verified_chain);
696178ed 1405
38b051a1
TM		 1406 if (ssl->method != NULL)
1407 ssl->method->ssl_deinit(ssl);
7c3908dd 1408
ff75a257
MC		 1409 ASYNC_WAIT_CTX_free(s->waitctx);
1410
e481f9b9 1411#if !defined(OPENSSL_NO_NEXTPROTONEG)
aff8c126 1412 OPENSSL_free(s->ext.npn);
ee2ffc27
BL		 1413#endif
1414
e783bae2 1415#ifndef OPENSSL_NO_SRTP
25aaa98a 1416 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
0f113f3e 1417#endif
cd6e89b6
MC		 1418
1419 /*
1420 * We do this late. We want to ensure that any other references we held to
1421 * these BIOs are freed first *before* we call BIO_free_all(), because
1422 * BIO_free_all() will only free each BIO in the chain if the number of
1423 * references to the first BIO have dropped to 0
1424 */
1425 BIO_free_all(s->wbio);
1426 s->wbio = NULL;
1427 BIO_free_all(s->rbio);
1428 s->rbio = NULL;
0f113f3e
MC		 1429}
1430
65e2d672 1431void SSL_set0_rbio(SSL *s, BIO *rbio)
3ffbe008 1432{
38b051a1
TM		 1433 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1434
1435 if (sc == NULL)
1436 return;
1437
1438 BIO_free_all(sc->rbio);
1439 sc->rbio = rbio;
cffafb5f 1440 sc->rlayer.rrlmethod->set1_bio(sc->rlayer.rrl, sc->rbio);
3ffbe008
MC		 1441}
1442
65e2d672 1443void SSL_set0_wbio(SSL *s, BIO *wbio)
0f113f3e 1444{
38b051a1
TM		 1445 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1446
1447 if (sc == NULL)
1448 return;
1449
0f113f3e
MC		 1450 /*
1451 * If the output buffering BIO is still in place, remove it
1452 */
38b051a1
TM		 1453 if (sc->bbio != NULL)
1454 sc->wbio = BIO_pop(sc->wbio);
2e7dc7cd 1455
38b051a1
TM		 1456 BIO_free_all(sc->wbio);
1457 sc->wbio = wbio;
2e7dc7cd
MC		 1458
1459 /* Re-attach |bbio| to the new |wbio|. */
38b051a1
TM		 1460 if (sc->bbio != NULL)
1461 sc->wbio = BIO_push(sc->bbio, sc->wbio);
b5cf81f7
MC		 1462
1463 sc->rlayer.wrlmethod->set1_bio(sc->rlayer.wrl, sc->wbio);
0f113f3e 1464}
d02b48c6 1465
3ffbe008
MC		 1466void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
1467{
65e2d672
MC		 1468 /*
1469 * For historical reasons, this function has many different cases in
1470 * ownership handling.
1471 */
1472
1473 /* If nothing has changed, do nothing */
1474 if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
1475 return;
1476
1477 /*
1478 * If the two arguments are equal then one fewer reference is granted by the
1479 * caller than we want to take
1480 */
1481 if (rbio != NULL && rbio == wbio)
1482 BIO_up_ref(rbio);
1483
1484 /*
1485 * If only the wbio is changed only adopt one reference.
1486 */
1487 if (rbio == SSL_get_rbio(s)) {
1488 SSL_set0_wbio(s, wbio);
1489 return;
1490 }
1491 /*
1492 * There is an asymmetry here for historical reasons. If only the rbio is
1493 * changed AND the rbio and wbio were originally different, then we only
1494 * adopt one reference.
1495 */
1496 if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
1497 SSL_set0_rbio(s, rbio);
1498 return;
1499 }
1500
1501 /* Otherwise, adopt both references. */
1502 SSL_set0_rbio(s, rbio);
1503 SSL_set0_wbio(s, wbio);
3ffbe008
MC		 1504}
1505
0821bcd4 1506BIO *SSL_get_rbio(const SSL *s)
0f113f3e 1507{
38b051a1
TM		 1508 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
1509
1510 if (sc == NULL)
1511 return NULL;
1512
1513 return sc->rbio;
0f113f3e 1514}
d02b48c6 1515
0821bcd4 1516BIO *SSL_get_wbio(const SSL *s)
0f113f3e 1517{
38b051a1
TM		 1518 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
1519
1520 if (sc == NULL)
1521 return NULL;
1522
1523 if (sc->bbio != NULL) {
2e7dc7cd
MC		 1524 /*
1525 * If |bbio| is active, the true caller-configured BIO is its
1526 * |next_bio|.
1527 */
38b051a1 1528 return BIO_next(sc->bbio);
2e7dc7cd 1529 }
38b051a1 1530 return sc->wbio;
0f113f3e 1531}
d02b48c6 1532
0821bcd4 1533int SSL_get_fd(const SSL *s)
0f113f3e 1534{
2e7dc7cd 1535 return SSL_get_rfd(s);
0f113f3e 1536}
24cbf3ef 1537
0821bcd4 1538int SSL_get_rfd(const SSL *s)
0f113f3e
MC		 1539{
1540 int ret = -1;
1541 BIO *b, *r;
1542
1543 b = SSL_get_rbio(s);
1544 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
1545 if (r != NULL)
1546 BIO_get_fd(r, &ret);
26a7d938 1547 return ret;
0f113f3e 1548}
d02b48c6 1549
0821bcd4 1550int SSL_get_wfd(const SSL *s)
0f113f3e
MC		 1551{
1552 int ret = -1;
1553 BIO *b, *r;
1554
1555 b = SSL_get_wbio(s);
1556 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
1557 if (r != NULL)
1558 BIO_get_fd(r, &ret);
26a7d938 1559 return ret;
0f113f3e 1560}
24cbf3ef 1561
bc36ee62 1562#ifndef OPENSSL_NO_SOCK
0f113f3e
MC		 1563int SSL_set_fd(SSL *s, int fd)
1564{
1565 int ret = 0;
1566 BIO *bio = NULL;
1567
1568 bio = BIO_new(BIO_s_socket());
1569
1570 if (bio == NULL) {
6849b73c 1571 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
0f113f3e
MC		 1572 goto err;
1573 }
1574 BIO_set_fd(bio, fd, BIO_NOCLOSE);
1575 SSL_set_bio(s, bio, bio);
50ec7505
BP		 1576#ifndef OPENSSL_NO_KTLS
1577 /*
1578 * The new socket is created successfully regardless of ktls_enable.
1579 * ktls_enable doesn't change any functionality of the socket, except
1580 * changing the setsockopt to enable the processing of ktls_start.
1581 * Thus, it is not a problem to call it for non-TLS sockets.
1582 */
1583 ktls_enable(fd);
1584#endif /* OPENSSL_NO_KTLS */
0f113f3e
MC		 1585 ret = 1;
1586 err:
26a7d938 1587 return ret;
0f113f3e 1588}
d02b48c6 1589
0f113f3e
MC		 1590int SSL_set_wfd(SSL *s, int fd)
1591{
2e7dc7cd 1592 BIO *rbio = SSL_get_rbio(s);
0f113f3e 1593
2e7dc7cd
MC		 1594 if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
1595 || (int)BIO_get_fd(rbio, NULL) != fd) {
1596 BIO *bio = BIO_new(BIO_s_socket());
0f113f3e
MC		 1597
1598 if (bio == NULL) {
6849b73c 1599 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
2e7dc7cd 1600 return 0;
0f113f3e
MC		 1601 }
1602 BIO_set_fd(bio, fd, BIO_NOCLOSE);
65e2d672 1603 SSL_set0_wbio(s, bio);
50ec7505
BP		 1604#ifndef OPENSSL_NO_KTLS
1605 /*
1606 * The new socket is created successfully regardless of ktls_enable.
1607 * ktls_enable doesn't change any functionality of the socket, except
1608 * changing the setsockopt to enable the processing of ktls_start.
1609 * Thus, it is not a problem to call it for non-TLS sockets.
1610 */
1611 ktls_enable(fd);
1612#endif /* OPENSSL_NO_KTLS */
2e7dc7cd 1613 } else {
65e2d672
MC		 1614 BIO_up_ref(rbio);
1615 SSL_set0_wbio(s, rbio);
2e7dc7cd
MC		 1616 }
1617 return 1;
0f113f3e
MC		 1618}
1619
1620int SSL_set_rfd(SSL *s, int fd)
1621{
2e7dc7cd 1622 BIO *wbio = SSL_get_wbio(s);
0f113f3e 1623
2e7dc7cd
MC		 1624 if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
1625 || ((int)BIO_get_fd(wbio, NULL) != fd)) {
1626 BIO *bio = BIO_new(BIO_s_socket());
0f113f3e
MC		 1627
1628 if (bio == NULL) {
6849b73c 1629 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
2e7dc7cd 1630 return 0;
0f113f3e
MC		 1631 }
1632 BIO_set_fd(bio, fd, BIO_NOCLOSE);
65e2d672 1633 SSL_set0_rbio(s, bio);
2e7dc7cd 1634 } else {
65e2d672
MC		 1635 BIO_up_ref(wbio);
1636 SSL_set0_rbio(s, wbio);
2e7dc7cd
MC		 1637 }
1638
1639 return 1;
0f113f3e
MC		 1640}
1641#endif
ca03109c
BM		 1642
1643/* return length of latest Finished message we sent, copy to 'buf' */
0821bcd4 1644size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
0f113f3e
MC		 1645{
1646 size_t ret = 0;
38b051a1
TM		 1647 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
1648
1649 if (sc == NULL)
1650 return 0;
0f113f3e 1651
38b051a1 1652 ret = sc->s3.tmp.finish_md_len;
555cbb32
TS		 1653 if (count > ret)
1654 count = ret;
38b051a1 1655 memcpy(buf, sc->s3.tmp.finish_md, count);
0f113f3e
MC		 1656 return ret;
1657}
ca03109c
BM		 1658
1659/* return length of latest Finished message we expected, copy to 'buf' */
0821bcd4 1660size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
0f113f3e
MC		 1661{
1662 size_t ret = 0;
38b051a1 1663 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
ca03109c 1664
38b051a1
TM		 1665 if (sc == NULL)
1666 return 0;
1667
1668 ret = sc->s3.tmp.peer_finish_md_len;
555cbb32
TS		 1669 if (count > ret)
1670 count = ret;
38b051a1 1671 memcpy(buf, sc->s3.tmp.peer_finish_md, count);
0f113f3e
MC		 1672 return ret;
1673}
ca03109c 1674
0821bcd4 1675int SSL_get_verify_mode(const SSL *s)
0f113f3e 1676{
38b051a1
TM		 1677 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
1678
1679 if (sc == NULL)
1680 return 0;
1681
1682 return sc->verify_mode;
0f113f3e 1683}
d02b48c6 1684
0821bcd4 1685int SSL_get_verify_depth(const SSL *s)
0f113f3e 1686{
38b051a1
TM		 1687 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
1688
1689 if (sc == NULL)
1690 return 0;
1691
1692 return X509_VERIFY_PARAM_get_depth(sc->param);
0f113f3e 1693}
7f89714e 1694
0f113f3e 1695int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
38b051a1
TM		 1696 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
1697
1698 if (sc == NULL)
1699 return NULL;
1700
1701 return sc->verify_callback;
0f113f3e 1702}
d02b48c6 1703
0821bcd4 1704int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
0f113f3e 1705{
26a7d938 1706 return ctx->verify_mode;
0f113f3e 1707}
d02b48c6 1708
0821bcd4 1709int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
0f113f3e
MC		 1710{
1711 return X509_VERIFY_PARAM_get_depth(ctx->param);
1712}
1713
1714int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
26a7d938 1715 return ctx->default_verify_callback;
0f113f3e
MC		 1716}
1717
1718void SSL_set_verify(SSL *s, int mode,
1719 int (*callback) (int ok, X509_STORE_CTX *ctx))
1720{
38b051a1
TM		 1721 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1722
1723 if (sc == NULL)
1724 return;
1725
1726 sc->verify_mode = mode;
0f113f3e 1727 if (callback != NULL)
38b051a1 1728 sc->verify_callback = callback;
0f113f3e
MC		 1729}
1730
1731void SSL_set_verify_depth(SSL *s, int depth)
1732{
38b051a1
TM		 1733 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1734
1735 if (sc == NULL)
1736 return;
1737
1738 X509_VERIFY_PARAM_set_depth(sc->param, depth);
0f113f3e
MC		 1739}
1740
1741void SSL_set_read_ahead(SSL *s, int yes)
1742{
38b051a1 1743 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4566dae7 1744 OSSL_PARAM options[2], *opts = options;
38b051a1
TM		 1745
1746 if (sc == NULL)
1747 return;
1748
1749 RECORD_LAYER_set_read_ahead(&sc->rlayer, yes);
4566dae7
MC		 1750
1751 *opts++ = OSSL_PARAM_construct_int(OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD,
1752 &sc->rlayer.read_ahead);
1753 *opts = OSSL_PARAM_construct_end();
1754
1755 /* Ignore return value */
1756 sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
0f113f3e 1757}
d02b48c6 1758
0821bcd4 1759int SSL_get_read_ahead(const SSL *s)
0f113f3e 1760{
38b051a1
TM		 1761 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
1762
1763 if (sc == NULL)
1764 return 0;
1765
1766 return RECORD_LAYER_get_read_ahead(&sc->rlayer);
0f113f3e 1767}
d02b48c6 1768
0821bcd4 1769int SSL_pending(const SSL *s)
0f113f3e 1770{
8b0e934a
MC		 1771 size_t pending = s->method->ssl_pending(s);
1772
0f113f3e
MC		 1773 /*
1774 * SSL_pending cannot work properly if read-ahead is enabled
1775 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
1776 * impossible to fix since SSL_pending cannot report errors that may be
1777 * observed while scanning the new data. (Note that SSL_pending() is
1778 * often used as a boolean value, so we'd better not return -1.)
8b0e934a
MC		 1779 *
1780 * SSL_pending also cannot work properly if the value >INT_MAX. In that case
1781 * we just return INT_MAX.
0f113f3e 1782 */
348240c6 1783 return pending < INT_MAX ? (int)pending : INT_MAX;
0f113f3e 1784}
d02b48c6 1785
49580f25
MC		 1786int SSL_has_pending(const SSL *s)
1787{
1788 /*
1789 * Similar to SSL_pending() but returns a 1 to indicate that we have
6d6b295a
MC		 1790 * processed or unprocessed data available or 0 otherwise (as opposed to the
1791 * number of bytes available). Unlike SSL_pending() this will take into
1792 * account read_ahead data. A 1 return simply indicates that we have data.
1793 * That data may not result in any application data, or we may fail to parse
1794 * the records for some reason.
49580f25 1795 */
38b051a1
TM		 1796 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
1797
6d6b295a
MC		 1798 /* Check buffered app data if any first */
1799 if (SSL_CONNECTION_IS_DTLS(sc)) {
eddb067e 1800 TLS_RECORD *rdata;
6d6b295a
MC		 1801 pitem *item, *iter;
1802
1803 iter = pqueue_iterator(sc->rlayer.d->buffered_app_data.q);
1804 while ((item = pqueue_next(&iter)) != NULL) {
1805 rdata = item->data;
eddb067e 1806 if (rdata->length > 0)
6d6b295a
MC		 1807 return 1;
1808 }
1809 }
38b051a1
TM		 1810
1811 if (RECORD_LAYER_processed_read_pending(&sc->rlayer))
49580f25
MC		 1812 return 1;
1813
38b051a1 1814 return RECORD_LAYER_read_pending(&sc->rlayer);
49580f25
MC		 1815}
1816
8c2bfd25 1817X509 *SSL_get1_peer_certificate(const SSL *s)
0f113f3e 1818{
8c2bfd25 1819 X509 *r = SSL_get0_peer_certificate(s);
d02b48c6 1820
8c2bfd25
TS		 1821 if (r != NULL)
1822 X509_up_ref(r);
0f113f3e 1823
26a7d938 1824 return r;
0f113f3e 1825}
d02b48c6 1826
8c2bfd25
TS		 1827X509 *SSL_get0_peer_certificate(const SSL *s)
1828{
38b051a1
TM		 1829 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
1830
1831 if (sc == NULL)
1832 return NULL;
1833
1834 if (sc->session == NULL)
8c2bfd25
TS		 1835 return NULL;
1836 else
38b051a1 1837 return sc->session->peer;
8c2bfd25
TS		 1838}
1839
0821bcd4 1840STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
0f113f3e
MC		 1841{
1842 STACK_OF(X509) *r;
38b051a1 1843 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
0f113f3e 1844
38b051a1
TM		 1845 if (sc == NULL)
1846 return NULL;
1847
1848 if (sc->session == NULL)
0f113f3e
MC		 1849 r = NULL;
1850 else
38b051a1 1851 r = sc->session->peer_chain;
0f113f3e
MC		 1852
1853 /*
1854 * If we are a client, cert_chain includes the peer's own certificate; if
1855 * we are a server, it does not.
1856 */
1857
26a7d938 1858 return r;
0f113f3e
MC		 1859}
1860
1861/*
1862 * Now in theory, since the calling process own 't' it should be safe to
1863 * modify. We need to be able to read f without being hassled
1864 */
17dd65e6 1865int SSL_copy_session_id(SSL *t, const SSL *f)
0f113f3e 1866{
16203f7b 1867 int i;
38b051a1
TM		 1868 /* TODO(QUIC): Do we want to support this for QUIC connections? */
1869 SSL_CONNECTION *tsc = SSL_CONNECTION_FROM_SSL_ONLY(t);
1870 const SSL_CONNECTION *fsc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(f);
1871
1872 if (tsc == NULL || fsc == NULL)
1873 return 0;
1874
3e6a0d57 1875 /* Do we need to do SSL locking? */
61986d32 1876 if (!SSL_set_session(t, SSL_get_session(f))) {
17dd65e6 1877 return 0;
69f68237 1878 }
0f113f3e
MC		 1879
1880 /*
87d9cafa 1881 * what if we are setup for one protocol version but want to talk another
0f113f3e
MC		 1882 */
1883 if (t->method != f->method) {
38b051a1 1884 t->method->ssl_deinit(t);
919ba009 1885 t->method = f->method;
38b051a1 1886 if (t->method->ssl_init(t) == 0)
919ba009 1887 return 0;
0f113f3e
MC		 1888 }
1889
38b051a1
TM		 1890 CRYPTO_UP_REF(&fsc->cert->references, &i, fsc->cert->lock);
1891 ssl_cert_free(tsc->cert);
1892 tsc->cert = fsc->cert;
1893 if (!SSL_set_session_id_context(t, fsc->sid_ctx, (int)fsc->sid_ctx_length)) {
17dd65e6 1894 return 0;
69f68237 1895 }
17dd65e6
MC		 1896
1897 return 1;
0f113f3e 1898}
d02b48c6 1899
58964a49 1900/* Fix this so it checks all the valid key/cert options */
0821bcd4 1901int SSL_CTX_check_private_key(const SSL_CTX *ctx)
0f113f3e 1902{
a230b26e 1903 if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
6849b73c 1904 ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
26a7d938 1905 return 0;
0f113f3e
MC		 1906 }
1907 if (ctx->cert->key->privatekey == NULL) {
6849b73c 1908 ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
26a7d938 1909 return 0;
0f113f3e 1910 }
26a7d938
K		 1911 return X509_check_private_key
1912 (ctx->cert->key->x509, ctx->cert->key->privatekey);
0f113f3e 1913}
d02b48c6 1914
58964a49 1915/* Fix this function so that it takes an optional type parameter */
0821bcd4 1916int SSL_check_private_key(const SSL *ssl)
0f113f3e 1917{
38b051a1
TM		 1918 const SSL_CONNECTION *sc;
1919
1920 if ((sc = SSL_CONNECTION_FROM_CONST_SSL(ssl)) == NULL) {
6849b73c 1921 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
26a7d938 1922 return 0;
0f113f3e 1923 }
38b051a1 1924 if (sc->cert->key->x509 == NULL) {
6849b73c 1925 ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
26a7d938 1926 return 0;
0f113f3e 1927 }
38b051a1 1928 if (sc->cert->key->privatekey == NULL) {
6849b73c 1929 ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
26a7d938 1930 return 0;
0f113f3e 1931 }
38b051a1
TM		 1932 return X509_check_private_key(sc->cert->key->x509,
1933 sc->cert->key->privatekey);
0f113f3e 1934}
d02b48c6 1935
07bbc92c
MC		 1936int SSL_waiting_for_async(SSL *s)
1937{
38b051a1
TM		 1938 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1939
1940 if (sc == NULL)
1941 return 0;
1942
1943 if (sc->job)
82676094
MC		 1944 return 1;
1945
07bbc92c
MC		 1946 return 0;
1947}
1948
ff75a257 1949int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
f4da39d2 1950{
38b051a1
TM		 1951 ASYNC_WAIT_CTX *ctx;
1952 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
ff75a257 1953
38b051a1
TM		 1954 if (sc == NULL)
1955 return 0;
1956
1957 if ((ctx = sc->waitctx) == NULL)
ff75a257
MC		 1958 return 0;
1959 return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
1960}
f4da39d2 1961
ff75a257
MC		 1962int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
1963 OSSL_ASYNC_FD *delfd, size_t *numdelfds)
1964{
38b051a1
TM		 1965 ASYNC_WAIT_CTX *ctx;
1966 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
ff75a257 1967
38b051a1
TM		 1968 if (sc == NULL)
1969 return 0;
1970
1971 if ((ctx = sc->waitctx) == NULL)
ff75a257
MC		 1972 return 0;
1973 return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
1974 numdelfds);
f4da39d2
MC		 1975}
1976
9f5a87fd
PY		 1977int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback)
1978{
1979 ctx->async_cb = callback;
1980 return 1;
1981}
1982
1983int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg)
1984{
1985 ctx->async_cb_arg = arg;
1986 return 1;
1987}
1988
1989int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback)
1990{
38b051a1
TM		 1991 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
1992
1993 if (sc == NULL)
1994 return 0;
1995
1996 sc->async_cb = callback;
9f5a87fd
PY		 1997 return 1;
1998}
1999
2000int SSL_set_async_callback_arg(SSL *s, void *arg)
2001{
38b051a1
TM		 2002 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
2003
2004 if (sc == NULL)
2005 return 0;
2006
2007 sc->async_cb_arg = arg;
9f5a87fd
PY		 2008 return 1;
2009}
2010
2011int SSL_get_async_status(SSL *s, int *status)
2012{
38b051a1
TM		 2013 ASYNC_WAIT_CTX *ctx;
2014 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
9f5a87fd 2015
38b051a1
TM		 2016 if (sc == NULL)
2017 return 0;
2018
2019 if ((ctx = sc->waitctx) == NULL)
9f5a87fd
PY		 2020 return 0;
2021 *status = ASYNC_WAIT_CTX_get_status(ctx);
2022 return 1;
2023}
2024
4f43d0e7 2025int SSL_accept(SSL *s)
0f113f3e 2026{
38b051a1
TM		 2027 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
2028
2029 if (sc == NULL)
2030 return 0;
2031
2032 if (sc->handshake_func == NULL) {
0f113f3e
MC		 2033 /* Not properly initialized yet */
2034 SSL_set_accept_state(s);
07bbc92c 2035 }
add2f5ca
MC		 2036
2037 return SSL_do_handshake(s);
0f113f3e 2038}
d02b48c6 2039
4f43d0e7 2040int SSL_connect(SSL *s)
0f113f3e 2041{
38b051a1
TM		 2042 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
2043
2044 if (sc == NULL)
2045 return 0;
2046
2047 if (sc->handshake_func == NULL) {
0f113f3e
MC		 2048 /* Not properly initialized yet */
2049 SSL_set_connect_state(s);
add2f5ca 2050 }
b31b04d9 2051
add2f5ca 2052 return SSL_do_handshake(s);
0f113f3e 2053}
d02b48c6 2054
0821bcd4 2055long SSL_get_default_timeout(const SSL *s)
0f113f3e 2056{
f0131dc0 2057 return (long int)ossl_time2seconds(s->method->get_timeout());
0f113f3e
MC		 2058}
2059
9f5a87fd
PY		 2060static int ssl_async_wait_ctx_cb(void *arg)
2061{
2062 SSL *s = (SSL *)arg;
38b051a1 2063 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
9f5a87fd 2064
38b051a1
TM		 2065 if (sc == NULL)
2066 return 0;
2067
2068 return sc->async_cb(s, sc->async_cb_arg);
9f5a87fd
PY		 2069}
2070
7fecbf6f 2071static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
a230b26e
EK		 2072 int (*func) (void *))
2073{
add2f5ca 2074 int ret;
38b051a1
TM		 2075 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
2076
2077 if (sc == NULL)
2078 return 0;
2079
2080 if (sc->waitctx == NULL) {
2081 sc->waitctx = ASYNC_WAIT_CTX_new();
2082 if (sc->waitctx == NULL)
ff75a257 2083 return -1;
38b051a1 2084 if (sc->async_cb != NULL
9f5a87fd 2085 && !ASYNC_WAIT_CTX_set_callback
38b051a1 2086 (sc->waitctx, ssl_async_wait_ctx_cb, s))
9f5a87fd 2087 return -1;
ff75a257 2088 }
07f620e3 2089
38b051a1
TM		 2090 sc->rwstate = SSL_NOTHING;
2091 switch (ASYNC_start_job(&sc->job, sc->waitctx, &ret, func, args,
a230b26e 2092 sizeof(struct ssl_async_args))) {
add2f5ca 2093 case ASYNC_ERR:
38b051a1 2094 sc->rwstate = SSL_NOTHING;
6849b73c 2095 ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_INIT_ASYNC);
add2f5ca
MC		 2096 return -1;
2097 case ASYNC_PAUSE:
38b051a1 2098 sc->rwstate = SSL_ASYNC_PAUSED;
add2f5ca 2099 return -1;
fc7f190c 2100 case ASYNC_NO_JOBS:
38b051a1 2101 sc->rwstate = SSL_ASYNC_NO_JOBS;
fc7f190c 2102 return -1;
add2f5ca 2103 case ASYNC_FINISH:
38b051a1 2104 sc->job = NULL;
add2f5ca
MC		 2105 return ret;
2106 default:
38b051a1 2107 sc->rwstate = SSL_NOTHING;
6849b73c 2108 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
add2f5ca
MC		 2109 /* Shouldn't happen */
2110 return -1;
2111 }
2112}
07bbc92c 2113
add2f5ca 2114static int ssl_io_intern(void *vargs)
07bbc92c
MC		 2115{
2116 struct ssl_async_args *args;
2117 SSL *s;
2118 void *buf;
348240c6 2119 size_t num;
38b051a1 2120 SSL_CONNECTION *sc;
07bbc92c
MC		 2121
2122 args = (struct ssl_async_args *)vargs;
2123 s = args->s;
2124 buf = args->buf;
2125 num = args->num;
38b051a1
TM		 2126 if ((sc = SSL_CONNECTION_FROM_SSL(s)) == NULL)
2127 return -1;
2128
ec447924
MC		 2129 switch (args->type) {
2130 case READFUNC:
38b051a1 2131 return args->f.func_read(s, buf, num, &sc->asyncrw);
ec447924 2132 case WRITEFUNC:
38b051a1 2133 return args->f.func_write(s, buf, num, &sc->asyncrw);
ec447924
MC		 2134 case OTHERFUNC:
2135 return args->f.func_other(s);
2136 }
2137 return -1;
07bbc92c
MC		 2138}
2139
4ee7d3f9 2140int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
0f113f3e 2141{
38b051a1
TM		 2142 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
2143
2144 if (sc == NULL)
2145 return -1;
2146
2147 if (sc->handshake_func == NULL) {
6849b73c 2148 ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
0f113f3e
MC		 2149 return -1;
2150 }
2151
38b051a1
TM		 2152 if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
2153 sc->rwstate = SSL_NOTHING;
4ee7d3f9 2154 return 0;
0f113f3e 2155 }
07bbc92c 2156
38b051a1
TM		 2157 if (sc->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
2158 || sc->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
6849b73c 2159 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
0a5ece5b
MC		 2160 return 0;
2161 }
564547e4
MC		 2162 /*
2163 * If we are a client and haven't received the ServerHello etc then we
2164 * better do that
2165 */
38b051a1 2166 ossl_statem_check_finish_init(sc, 0);
0a5ece5b 2167
38b051a1 2168 if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
add2f5ca 2169 struct ssl_async_args args;
eda75751 2170 int ret;
add2f5ca
MC		 2171
2172 args.s = s;
2173 args.buf = buf;
2174 args.num = num;
ec447924
MC		 2175 args.type = READFUNC;
2176 args.f.func_read = s->method->ssl_read;
add2f5ca 2177
eda75751 2178 ret = ssl_start_async_job(s, &args, ssl_io_intern);
38b051a1 2179 *readbytes = sc->asyncrw;
eda75751 2180 return ret;
07bbc92c 2181 } else {
54105ddd 2182 return s->method->ssl_read(s, buf, num, readbytes);
07bbc92c 2183 }
0f113f3e
MC		 2184}
2185
4ee7d3f9 2186int SSL_read(SSL *s, void *buf, int num)
eda75751
MC		 2187{
2188 int ret;
54105ddd 2189 size_t readbytes;
eda75751
MC		 2190
2191 if (num < 0) {
6849b73c 2192 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
eda75751
MC		 2193 return -1;
2194 }
2195
4ee7d3f9 2196 ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
eda75751
MC		 2197
2198 /*
2199 * The cast is safe here because ret should be <= INT_MAX because num is
2200 * <= INT_MAX
2201 */
2202 if (ret > 0)
54105ddd 2203 ret = (int)readbytes;
eda75751
MC		 2204
2205 return ret;
2206}
2207
4ee7d3f9
KR		 2208int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
2209{
2210 int ret = ssl_read_internal(s, buf, num, readbytes);
2211
2212 if (ret < 0)
2213 ret = 0;
2214 return ret;
2215}
2216
f533fbd4 2217int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
d781d247
MC		 2218{
2219 int ret;
38b051a1
TM		 2220 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
2221
2222 /* TODO(QUIC): This will need special handling for QUIC */
2223 if (sc == NULL)
2224 return 0;
d781d247 2225
38b051a1 2226 if (!sc->server) {
6849b73c 2227 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
f533fbd4 2228 return SSL_READ_EARLY_DATA_ERROR;
d781d247
MC		 2229 }
2230
38b051a1 2231 switch (sc->early_data_state) {
d781d247
MC		 2232 case SSL_EARLY_DATA_NONE:
2233 if (!SSL_in_before(s)) {
6849b73c 2234 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
f533fbd4 2235 return SSL_READ_EARLY_DATA_ERROR;
d781d247
MC		 2236 }
2237 /* fall through */
2238
2239 case SSL_EARLY_DATA_ACCEPT_RETRY:
38b051a1 2240 sc->early_data_state = SSL_EARLY_DATA_ACCEPTING;
d781d247
MC		 2241 ret = SSL_accept(s);
2242 if (ret <= 0) {
2243 /* NBIO or error */
38b051a1 2244 sc->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
f533fbd4 2245 return SSL_READ_EARLY_DATA_ERROR;
d781d247
MC		 2246 }
2247 /* fall through */
2248
2249 case SSL_EARLY_DATA_READ_RETRY:
38b051a1
TM		 2250 if (sc->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
2251 sc->early_data_state = SSL_EARLY_DATA_READING;
d781d247
MC		 2252 ret = SSL_read_ex(s, buf, num, readbytes);
2253 /*
ef6c191b
MC		 2254 * State machine will update early_data_state to
2255 * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
2256 * message
d781d247 2257 */
38b051a1 2258 if (ret > 0 || (ret <= 0 && sc->early_data_state
d781d247 2259 != SSL_EARLY_DATA_FINISHED_READING)) {
38b051a1 2260 sc->early_data_state = SSL_EARLY_DATA_READ_RETRY;
f533fbd4
MC		 2261 return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
2262 : SSL_READ_EARLY_DATA_ERROR;
d781d247
MC		 2263 }
2264 } else {
38b051a1 2265 sc->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
d781d247
MC		 2266 }
2267 *readbytes = 0;
f533fbd4 2268 return SSL_READ_EARLY_DATA_FINISH;
d781d247
MC		 2269
2270 default:
6849b73c 2271 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
f533fbd4 2272 return SSL_READ_EARLY_DATA_ERROR;
d781d247
MC		 2273 }
2274}
2275
f5b519c4 2276int SSL_get_early_data_status(const SSL *s)
1ea4d09a 2277{
38b051a1
TM		 2278 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
2279
2280 /* TODO(QUIC): This will need special handling for QUIC */
2281 if (sc == NULL)
2282 return 0;
2283
2284 return sc->ext.early_data;
1ea4d09a
MC		 2285}
2286
4ee7d3f9 2287static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
0f113f3e 2288{
38b051a1
TM		 2289 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
2290
2291 if (sc == NULL)
2292 return 0;
2293
2294 if (sc->handshake_func == NULL) {
6849b73c 2295 ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
0f113f3e
MC		 2296 return -1;
2297 }
2298
38b051a1 2299 if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
4ee7d3f9 2300 return 0;
0f113f3e 2301 }
38b051a1 2302 if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
add2f5ca 2303 struct ssl_async_args args;
eda75751 2304 int ret;
0f113f3e 2305
add2f5ca
MC		 2306 args.s = s;
2307 args.buf = buf;
2308 args.num = num;
ec447924
MC		 2309 args.type = READFUNC;
2310 args.f.func_read = s->method->ssl_peek;
07bbc92c 2311
eda75751 2312 ret = ssl_start_async_job(s, &args, ssl_io_intern);
38b051a1 2313 *readbytes = sc->asyncrw;
eda75751 2314 return ret;
add2f5ca 2315 } else {
54105ddd 2316 return s->method->ssl_peek(s, buf, num, readbytes);
add2f5ca 2317 }
07bbc92c
MC		 2318}
2319
4ee7d3f9 2320int SSL_peek(SSL *s, void *buf, int num)
7ee8627f
MC		 2321{
2322 int ret;
4ee7d3f9 2323 size_t readbytes;
7ee8627f
MC		 2324
2325 if (num < 0) {
6849b73c 2326 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
7ee8627f
MC		 2327 return -1;
2328 }
2329
4ee7d3f9 2330 ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
7ee8627f
MC		 2331
2332 /*
2333 * The cast is safe here because ret should be <= INT_MAX because num is
2334 * <= INT_MAX
2335 */
2336 if (ret > 0)
4ee7d3f9 2337 ret = (int)readbytes;
7ee8627f
MC		 2338
2339 return ret;
2340}
2341
4ee7d3f9
KR		 2342
2343int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
2344{
2345 int ret = ssl_peek_internal(s, buf, num, readbytes);
2346
2347 if (ret < 0)
2348 ret = 0;
2349 return ret;
2350}
2351
2352int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
0f113f3e 2353{
38b051a1
TM		 2354 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
2355
2356 if (sc == NULL)
2357 return 0;
2358
2359 if (sc->handshake_func == NULL) {
6849b73c 2360 ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
0f113f3e
MC		 2361 return -1;
2362 }
2363
38b051a1
TM		 2364 if (sc->shutdown & SSL_SENT_SHUTDOWN) {
2365 sc->rwstate = SSL_NOTHING;
6849b73c 2366 ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
4ee7d3f9 2367 return -1;
0f113f3e 2368 }
07bbc92c 2369
38b051a1
TM		 2370 if (sc->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
2371 || sc->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
2372 || sc->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
6849b73c 2373 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
49e7fe12 2374 return 0;
0a5ece5b 2375 }
564547e4 2376 /* If we are a client and haven't sent the Finished we better do that */
38b051a1 2377 ossl_statem_check_finish_init(sc, 1);
49e7fe12 2378
38b051a1 2379 if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
7ee8627f 2380 int ret;
add2f5ca
MC		 2381 struct ssl_async_args args;
2382
2383 args.s = s;
2384 args.buf = (void *)buf;
2385 args.num = num;
ec447924
MC		 2386 args.type = WRITEFUNC;
2387 args.f.func_write = s->method->ssl_write;
add2f5ca 2388
7ee8627f 2389 ret = ssl_start_async_job(s, &args, ssl_io_intern);
38b051a1 2390 *written = sc->asyncrw;
7ee8627f 2391 return ret;
07bbc92c 2392 } else {
7ee8627f 2393 return s->method->ssl_write(s, buf, num, written);
07bbc92c 2394 }
0f113f3e 2395}
d02b48c6 2396
7c3a7561
BP		 2397ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags)
2398{
2399 ossl_ssize_t ret;
38b051a1 2400 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
7c3a7561 2401
38b051a1
TM		 2402 if (sc == NULL)
2403 return 0;
2404
2405 if (sc->handshake_func == NULL) {
6849b73c 2406 ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
7c3a7561
BP		 2407 return -1;
2408 }
2409
38b051a1
TM		 2410 if (sc->shutdown & SSL_SENT_SHUTDOWN) {
2411 sc->rwstate = SSL_NOTHING;
6849b73c 2412 ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
7c3a7561
BP		 2413 return -1;
2414 }
2415
38b051a1 2416 if (!BIO_get_ktls_send(sc->wbio)) {
6849b73c 2417 ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
7c3a7561
BP		 2418 return -1;
2419 }
2420
2421 /* If we have an alert to send, lets send it */
38b051a1 2422 if (sc->s3.alert_dispatch) {
7c3a7561
BP		 2423 ret = (ossl_ssize_t)s->method->ssl_dispatch_alert(s);
2424 if (ret <= 0) {
2425 /* SSLfatal() already called if appropriate */
2426 return ret;
2427 }
2428 /* if it went, fall through and send more stuff */
2429 }
2430
38b051a1
TM		 2431 sc->rwstate = SSL_WRITING;
2432 if (BIO_flush(sc->wbio) <= 0) {
2433 if (!BIO_should_retry(sc->wbio)) {
2434 sc->rwstate = SSL_NOTHING;
7c3a7561
BP		 2435 } else {
2436#ifdef EAGAIN
2437 set_sys_error(EAGAIN);
2438#endif
2439 }
2440 return -1;
2441 }
2442
712c0942 2443#ifdef OPENSSL_NO_KTLS
fa7a8074
RL		 2444 ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR,
2445 "can't call ktls_sendfile(), ktls disabled");
712c0942 2446 return -1;
7c3a7561 2447#else
712c0942 2448 ret = ktls_sendfile(SSL_get_wfd(s), fd, offset, size, flags);
7c3a7561
BP		 2449 if (ret < 0) {
2450#if defined(EAGAIN) && defined(EINTR) && defined(EBUSY)
2451 if ((get_last_sys_error() == EAGAIN) ||
2452 (get_last_sys_error() == EINTR) ||
2453 (get_last_sys_error() == EBUSY))
38b051a1 2454 BIO_set_retry_write(sc->wbio);
7c3a7561
BP		 2455 else
2456#endif
6849b73c 2457 ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
7c3a7561
BP		 2458 return ret;
2459 }
38b051a1 2460 sc->rwstate = SSL_NOTHING;
7c3a7561 2461 return ret;
712c0942 2462#endif
7c3a7561
BP		 2463}
2464
4ee7d3f9
KR		 2465int SSL_write(SSL *s, const void *buf, int num)
2466{
2467 int ret;
2468 size_t written;
2469
2470 if (num < 0) {
6849b73c 2471 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
4ee7d3f9
KR		 2472 return -1;
2473 }
2474
2475 ret = ssl_write_internal(s, buf, (size_t)num, &written);
2476
2477 /*
2478 * The cast is safe here because ret should be <= INT_MAX because num is
2479 * <= INT_MAX
2480 */
2481 if (ret > 0)
2482 ret = (int)written;
2483
2484 return ret;
2485}
2486
2487int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
2488{
2489 int ret = ssl_write_internal(s, buf, num, written);
2490
2491 if (ret < 0)
2492 ret = 0;
2493 return ret;
2494}
2495
0665b4ed 2496int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
49e7fe12 2497{
a0cb628b 2498 int ret, early_data_state;
2a8db717 2499 size_t writtmp;
f7414b08 2500 uint32_t partialwrite;
38b051a1
TM		 2501 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
2502
2503 /* TODO(QUIC): This will need special handling for QUIC */
2504 if (sc == NULL)
2505 return 0;
49e7fe12 2506
38b051a1 2507 switch (sc->early_data_state) {
49e7fe12 2508 case SSL_EARLY_DATA_NONE:
38b051a1 2509 if (sc->server
09f28874 2510 || !SSL_in_before(s)
38b051a1
TM		 2511 || ((sc->session == NULL || sc->session->ext.max_early_data == 0)
2512 && (sc->psk_use_session_cb == NULL))) {
6849b73c 2513 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
49e7fe12
MC		 2514 return 0;
2515 }
2516 /* fall through */
2517
2518 case SSL_EARLY_DATA_CONNECT_RETRY:
38b051a1 2519 sc->early_data_state = SSL_EARLY_DATA_CONNECTING;
49e7fe12
MC		 2520 ret = SSL_connect(s);
2521 if (ret <= 0) {
2522 /* NBIO or error */
38b051a1 2523 sc->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
49e7fe12
MC		 2524 return 0;
2525 }
2526 /* fall through */
2527
2528 case SSL_EARLY_DATA_WRITE_RETRY:
38b051a1 2529 sc->early_data_state = SSL_EARLY_DATA_WRITING;
f7414b08
MC		 2530 /*
2531 * We disable partial write for early data because we don't keep track
2532 * of how many bytes we've written between the SSL_write_ex() call and
2533 * the flush if the flush needs to be retried)
2534 */
38b051a1
TM		 2535 partialwrite = sc->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
2536 sc->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
2a8db717 2537 ret = SSL_write_ex(s, buf, num, &writtmp);
38b051a1 2538 sc->mode |= partialwrite;
2a8db717 2539 if (!ret) {
38b051a1 2540 sc->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
2a8db717
MC		 2541 return ret;
2542 }
38b051a1 2543 sc->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
2a8db717
MC		 2544 /* fall through */
2545
2546 case SSL_EARLY_DATA_WRITE_FLUSH:
2547 /* The buffering BIO is still in place so we need to flush it */
38b051a1 2548 if (statem_flush(sc) != 1)
2a8db717 2549 return 0;
2a8db717 2550 *written = num;
38b051a1 2551 sc->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
2a8db717 2552 return 1;
49e7fe12 2553
116d0da5 2554 case SSL_EARLY_DATA_FINISHED_READING:
a0cb628b 2555 case SSL_EARLY_DATA_READ_RETRY:
38b051a1 2556 early_data_state = sc->early_data_state;
09f28874 2557 /* We are a server writing to an unauthenticated client */
38b051a1 2558 sc->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
09f28874 2559 ret = SSL_write_ex(s, buf, num, written);
5fe37157
MC		 2560 /* The buffering BIO is still in place */
2561 if (ret)
38b051a1
TM		 2562 (void)BIO_flush(sc->wbio);
2563 sc->early_data_state = early_data_state;
09f28874
MC		 2564 return ret;
2565
49e7fe12 2566 default:
6849b73c 2567 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
49e7fe12
MC		 2568 return 0;
2569 }
2570}
2571
4f43d0e7 2572int SSL_shutdown(SSL *s)
0f113f3e
MC		 2573{
2574 /*
2575 * Note that this function behaves differently from what one might
2576 * expect. Return values are 0 for no success (yet), 1 for success; but
2577 * calling it once is usually not enough, even if blocking I/O is used
2578 * (see ssl3_shutdown).
2579 */
38b051a1 2580 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
0f113f3e 2581
38b051a1
TM		 2582 if (sc == NULL)
2583 return -1;
2584
2585 if (sc->handshake_func == NULL) {
6849b73c 2586 ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
0f113f3e
MC		 2587 return -1;
2588 }
2589
64f9f406 2590 if (!SSL_in_init(s)) {
38b051a1 2591 if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
64f9f406 2592 struct ssl_async_args args;
ec447924 2593
09134f18 2594 memset(&args, 0, sizeof(args));
64f9f406
MC		 2595 args.s = s;
2596 args.type = OTHERFUNC;
2597 args.f.func_other = s->method->ssl_shutdown;
ec447924 2598
64f9f406
MC		 2599 return ssl_start_async_job(s, &args, ssl_io_intern);
2600 } else {
2601 return s->method->ssl_shutdown(s);
2602 }
ec447924 2603 } else {
6849b73c 2604 ERR_raise(ERR_LIB_SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT);
64f9f406 2605 return -1;
ec447924 2606 }
0f113f3e 2607}
d02b48c6 2608
4fbfe86a 2609int SSL_key_update(SSL *s, int updatetype)
44c04a2e 2610{
38b051a1
TM		 2611 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
2612
2613 if (sc == NULL)
2614 return 0;
2615
2616 if (!SSL_CONNECTION_IS_TLS13(sc)) {
6849b73c 2617 ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
44c04a2e
MC		 2618 return 0;
2619 }
2620
2621 if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
2622 && updatetype != SSL_KEY_UPDATE_REQUESTED) {
6849b73c 2623 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_KEY_UPDATE_TYPE);
44c04a2e
MC		 2624 return 0;
2625 }
2626
2627 if (!SSL_is_init_finished(s)) {
6849b73c 2628 ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT);
44c04a2e
MC		 2629 return 0;
2630 }
2631
38b051a1 2632 if (RECORD_LAYER_write_pending(&sc->rlayer)) {
3bec4851
MC		 2633 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY);
2634 return 0;
2635 }
2636
38b051a1
TM		 2637 ossl_statem_set_in_init(sc, 1);
2638 sc->key_update = updatetype;
44c04a2e
MC		 2639 return 1;
2640}
2641
3499327b 2642int SSL_get_key_update_type(const SSL *s)
53d1d07d 2643{
38b051a1
TM		 2644 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
2645
2646 if (sc == NULL)
2647 return 0;
2648
2649 return sc->key_update;
53d1d07d
MC		 2650}
2651
55373bfd
RS		 2652/*
2653 * Can we accept a renegotiation request? If yes, set the flag and
2654 * return 1 if yes. If not, raise error and return 0.
2655 */
38b051a1 2656static int can_renegotiate(const SSL_CONNECTION *sc)
0f113f3e 2657{
38b051a1 2658 if (SSL_CONNECTION_IS_TLS13(sc)) {
6849b73c 2659 ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
2c0980d2 2660 return 0;
44c04a2e 2661 }
cda6b998 2662
38b051a1 2663 if ((sc->options & SSL_OP_NO_RENEGOTIATION) != 0) {
6849b73c 2664 ERR_raise(ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION);
db0f35dd
TS		 2665 return 0;
2666 }
44959ee4 2667
55373bfd
RS		 2668 return 1;
2669}
2670
2671int SSL_renegotiate(SSL *s)
2672{
38b051a1
TM		 2673 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
2674
2675 if (sc == NULL)
55373bfd
RS		 2676 return 0;
2677
38b051a1
TM		 2678 if (!can_renegotiate(sc))
2679 return 0;
2680
2681 sc->renegotiate = 1;
2682 sc->new_session = 1;
26a7d938 2683 return s->method->ssl_renegotiate(s);
0f113f3e 2684}
d02b48c6 2685
44959ee4 2686int SSL_renegotiate_abbreviated(SSL *s)
0f113f3e 2687{
38b051a1
TM		 2688 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
2689
2690 if (sc == NULL)
2691 return 0;
2692
2693 if (!can_renegotiate(sc))
2c0980d2 2694 return 0;
c519e89f 2695
38b051a1
TM		 2696 sc->renegotiate = 1;
2697 sc->new_session = 0;
26a7d938 2698 return s->method->ssl_renegotiate(s);
0f113f3e 2699}
44959ee4 2700
3499327b 2701int SSL_renegotiate_pending(const SSL *s)
0f113f3e 2702{
38b051a1
TM		 2703 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
2704
2705 if (sc == NULL)
2706 return 0;
2707
0f113f3e
MC		 2708 /*
2709 * becomes true when negotiation is requested; false again once a
2710 * handshake has finished
2711 */
38b051a1 2712 return (sc->renegotiate != 0);
0f113f3e
MC		 2713}
2714
3bfacb5f
BK		 2715int SSL_new_session_ticket(SSL *s)
2716{
38b051a1
TM		 2717 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
2718
2719 if (sc == NULL)
2720 return 0;
2721
7c73fefe 2722 /* If we are in init because we're sending tickets, okay to send more. */
38b051a1
TM		 2723 if ((SSL_in_init(s) && sc->ext.extra_tickets_expected == 0)
2724 || SSL_IS_FIRST_HANDSHAKE(sc) || !sc->server
2725 || !SSL_CONNECTION_IS_TLS13(sc))
35774d55 2726 return 0;
38b051a1
TM		 2727 sc->ext.extra_tickets_expected++;
2728 if (!RECORD_LAYER_write_pending(&sc->rlayer) && !SSL_in_init(s))
2729 ossl_statem_set_in_init(sc, 1);
35774d55 2730 return 1;
3bfacb5f
BK		 2731}
2732
0f113f3e
MC		 2733long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
2734{
2735 long l;
38b051a1
TM		 2736 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
2737
2738 /* TODO(QUIC): Special handling for some ctrls will be needed */
2739 if (sc == NULL)
2740 return 0;
0f113f3e
MC		 2741
2742 switch (cmd) {
2743 case SSL_CTRL_GET_READ_AHEAD:
38b051a1 2744 return RECORD_LAYER_get_read_ahead(&sc->rlayer);
0f113f3e 2745 case SSL_CTRL_SET_READ_AHEAD:
38b051a1
TM		 2746 l = RECORD_LAYER_get_read_ahead(&sc->rlayer);
2747 RECORD_LAYER_set_read_ahead(&sc->rlayer, larg);
26a7d938 2748 return l;
0f113f3e
MC		 2749
2750 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
38b051a1 2751 sc->msg_callback_arg = parg;
0f113f3e
MC		 2752 return 1;
2753
0f113f3e 2754 case SSL_CTRL_MODE:
4566dae7
MC		 2755 {
2756 OSSL_PARAM options[2], *opts = options;
2757
2758 sc->mode |= larg;
2759
2760 *opts++ = OSSL_PARAM_construct_uint32(OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE,
2761 &sc->mode);
2762 *opts = OSSL_PARAM_construct_end();
2763
2764 /* Ignore return value */
2765 sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
2766
2767 return sc->mode;
2768 }
0f113f3e 2769 case SSL_CTRL_CLEAR_MODE:
38b051a1 2770 return (sc->mode &= ~larg);
0f113f3e 2771 case SSL_CTRL_GET_MAX_CERT_LIST:
38b051a1 2772 return (long)sc->max_cert_list;
0f113f3e 2773 case SSL_CTRL_SET_MAX_CERT_LIST:
348240c6
MC		 2774 if (larg < 0)
2775 return 0;
38b051a1
TM		 2776 l = (long)sc->max_cert_list;
2777 sc->max_cert_list = (size_t)larg;
348240c6 2778 return l;
0f113f3e
MC		 2779 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
2780 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
2781 return 0;
50ec7505 2782#ifndef OPENSSL_NO_KTLS
38b051a1 2783 if (sc->wbio != NULL && BIO_get_ktls_send(sc->wbio))
50ec7505
BP		 2784 return 0;
2785#endif /* OPENSSL_NO_KTLS */
38b051a1
TM		 2786 sc->max_send_fragment = larg;
2787 if (sc->max_send_fragment < sc->split_send_fragment)
2788 sc->split_send_fragment = sc->max_send_fragment;
435d88d7 2789 sc->rlayer.wrlmethod->set_max_frag_len(sc->rlayer.wrl, larg);
d102d9df
MC		 2790 return 1;
2791 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
38b051a1 2792 if ((size_t)larg > sc->max_send_fragment || larg == 0)
d102d9df 2793 return 0;
38b051a1 2794 sc->split_send_fragment = larg;
0f113f3e 2795 return 1;
d102d9df
MC		 2796 case SSL_CTRL_SET_MAX_PIPELINES:
2797 if (larg < 1 || larg > SSL_MAX_PIPELINES)
2798 return 0;
38b051a1 2799 sc->max_pipelines = larg;
cffafb5f
MC		 2800 if (sc->rlayer.rrlmethod->set_max_pipelines != NULL)
2801 sc->rlayer.rrlmethod->set_max_pipelines(sc->rlayer.rrl, (size_t)larg);
07077415 2802 return 1;
0f113f3e 2803 case SSL_CTRL_GET_RI_SUPPORT:
38b051a1 2804 return sc->s3.send_connection_binding;
dfb39f73 2805 case SSL_CTRL_SET_RETRY_VERIFY:
38b051a1 2806 sc->rwstate = SSL_RETRY_VERIFY;
dfb39f73 2807 return 1;
0f113f3e 2808 case SSL_CTRL_CERT_FLAGS:
38b051a1 2809 return (sc->cert->cert_flags |= larg);
0f113f3e 2810 case SSL_CTRL_CLEAR_CERT_FLAGS:
38b051a1 2811 return (sc->cert->cert_flags &= ~larg);
0f113f3e
MC		 2812
2813 case SSL_CTRL_GET_RAW_CIPHERLIST:
2814 if (parg) {
38b051a1 2815 if (sc->s3.tmp.ciphers_raw == NULL)
0f113f3e 2816 return 0;
38b051a1
TM		 2817 *(unsigned char **)parg = sc->s3.tmp.ciphers_raw;
2818 return (int)sc->s3.tmp.ciphers_rawlen;
e9fa092e
EK		 2819 } else {
2820 return TLS_CIPHER_LEN;
2821 }
c5364614 2822 case SSL_CTRL_GET_EXTMS_SUPPORT:
38b051a1 2823 if (!sc->session || SSL_in_init(s) || ossl_statem_get_in_handshake(sc))
a230b26e 2824 return -1;
38b051a1 2825 if (sc->session->flags & SSL_SESS_FLAG_EXTMS)
c5364614
DSH		 2826 return 1;
2827 else
2828 return 0;
7946ab33 2829 case SSL_CTRL_SET_MIN_PROTO_VERSION:
38b051a1 2830 return ssl_check_allowed_versions(larg, sc->max_proto_version)
c8feba72 2831 && ssl_set_version_bound(s->ctx->method->version, (int)larg,
38b051a1 2832 &sc->min_proto_version);
3edabd3c 2833 case SSL_CTRL_GET_MIN_PROTO_VERSION:
38b051a1 2834 return sc->min_proto_version;
7946ab33 2835 case SSL_CTRL_SET_MAX_PROTO_VERSION:
38b051a1 2836 return ssl_check_allowed_versions(sc->min_proto_version, larg)
c8feba72 2837 && ssl_set_version_bound(s->ctx->method->version, (int)larg,
38b051a1 2838 &sc->max_proto_version);
3edabd3c 2839 case SSL_CTRL_GET_MAX_PROTO_VERSION:
38b051a1 2840 return sc->max_proto_version;
0f113f3e 2841 default:
26a7d938 2842 return s->method->ssl_ctrl(s, cmd, larg, parg);
0f113f3e
MC		 2843 }
2844}
2845
2846long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
2847{
38b051a1
TM		 2848 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
2849
2850 if (sc == NULL)
2851 return 0;
2852
0f113f3e
MC		 2853 switch (cmd) {
2854 case SSL_CTRL_SET_MSG_CALLBACK:
38b051a1
TM		 2855 sc->msg_callback = (void (*)
2856 (int write_p, int version, int content_type,
2857 const void *buf, size_t len, SSL *ssl,
2858 void *arg))(fp);
0f113f3e
MC		 2859 return 1;
2860
2861 default:
26a7d938 2862 return s->method->ssl_callback_ctrl(s, cmd, fp);
0f113f3e
MC		 2863 }
2864}
d3442bc7 2865
3c1d6bbc 2866LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
0f113f3e
MC		 2867{
2868 return ctx->sessions;
2869}
2870
acce0557
P		 2871static int ssl_tsan_load(SSL_CTX *ctx, TSAN_QUALIFIER int *stat)
2872{
2873 int res = 0;
2874
2875 if (ssl_tsan_lock(ctx)) {
2876 res = tsan_load(stat);
2877 ssl_tsan_unlock(ctx);
2878 }
2879 return res;
2880}
2881
0f113f3e
MC		 2882long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2883{
2884 long l;
2885 /* For some cases with ctx == NULL perform syntax checks */
2886 if (ctx == NULL) {
2887 switch (cmd) {
de4d764e 2888 case SSL_CTRL_SET_GROUPS_LIST:
260009d8 2889 return tls1_set_groups_list(ctx, NULL, NULL, parg);
0f113f3e
MC		 2890 case SSL_CTRL_SET_SIGALGS_LIST:
2891 case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
2892 return tls1_set_sigalgs_list(NULL, parg, 0);
2893 default:
2894 return 0;
2895 }
2896 }
2897
2898 switch (cmd) {
2899 case SSL_CTRL_GET_READ_AHEAD:
26a7d938 2900 return ctx->read_ahead;
0f113f3e
MC		 2901 case SSL_CTRL_SET_READ_AHEAD:
2902 l = ctx->read_ahead;
2903 ctx->read_ahead = larg;
26a7d938 2904 return l;
0f113f3e
MC		 2905
2906 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
2907 ctx->msg_callback_arg = parg;
2908 return 1;
2909
2910 case SSL_CTRL_GET_MAX_CERT_LIST:
26a7d938 2911 return (long)ctx->max_cert_list;
0f113f3e 2912 case SSL_CTRL_SET_MAX_CERT_LIST:
348240c6
MC		 2913 if (larg < 0)
2914 return 0;
2915 l = (long)ctx->max_cert_list;
2916 ctx->max_cert_list = (size_t)larg;
2917 return l;
0f113f3e
MC		 2918
2919 case SSL_CTRL_SET_SESS_CACHE_SIZE:
348240c6
MC		 2920 if (larg < 0)
2921 return 0;
2922 l = (long)ctx->session_cache_size;
2923 ctx->session_cache_size = (size_t)larg;
2924 return l;
0f113f3e 2925 case SSL_CTRL_GET_SESS_CACHE_SIZE:
26a7d938 2926 return (long)ctx->session_cache_size;
0f113f3e
MC		 2927 case SSL_CTRL_SET_SESS_CACHE_MODE:
2928 l = ctx->session_cache_mode;
2929 ctx->session_cache_mode = larg;
26a7d938 2930 return l;
0f113f3e 2931 case SSL_CTRL_GET_SESS_CACHE_MODE:
26a7d938 2932 return ctx->session_cache_mode;
0f113f3e
MC		 2933
2934 case SSL_CTRL_SESS_NUMBER:
26a7d938 2935 return lh_SSL_SESSION_num_items(ctx->sessions);
0f113f3e 2936 case SSL_CTRL_SESS_CONNECT:
acce0557 2937 return ssl_tsan_load(ctx, &ctx->stats.sess_connect);
0f113f3e 2938 case SSL_CTRL_SESS_CONNECT_GOOD:
acce0557 2939 return ssl_tsan_load(ctx, &ctx->stats.sess_connect_good);
0f113f3e 2940 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
acce0557 2941 return ssl_tsan_load(ctx, &ctx->stats.sess_connect_renegotiate);
0f113f3e 2942 case SSL_CTRL_SESS_ACCEPT:
acce0557 2943 return ssl_tsan_load(ctx, &ctx->stats.sess_accept);
0f113f3e 2944 case SSL_CTRL_SESS_ACCEPT_GOOD:
acce0557 2945 return ssl_tsan_load(ctx, &ctx->stats.sess_accept_good);
0f113f3e 2946 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
acce0557 2947 return ssl_tsan_load(ctx, &ctx->stats.sess_accept_renegotiate);
0f113f3e 2948 case SSL_CTRL_SESS_HIT:
acce0557 2949 return ssl_tsan_load(ctx, &ctx->stats.sess_hit);
0f113f3e 2950 case SSL_CTRL_SESS_CB_HIT:
acce0557 2951 return ssl_tsan_load(ctx, &ctx->stats.sess_cb_hit);
0f113f3e 2952 case SSL_CTRL_SESS_MISSES:
acce0557 2953 return ssl_tsan_load(ctx, &ctx->stats.sess_miss);
0f113f3e 2954 case SSL_CTRL_SESS_TIMEOUTS:
acce0557 2955 return ssl_tsan_load(ctx, &ctx->stats.sess_timeout);
0f113f3e 2956 case SSL_CTRL_SESS_CACHE_FULL:
acce0557 2957 return ssl_tsan_load(ctx, &ctx->stats.sess_cache_full);
0f113f3e
MC		 2958 case SSL_CTRL_MODE:
2959 return (ctx->mode |= larg);
2960 case SSL_CTRL_CLEAR_MODE:
2961 return (ctx->mode &= ~larg);
2962 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
2963 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
2964 return 0;
2965 ctx->max_send_fragment = larg;
d102d9df 2966 if (ctx->max_send_fragment < ctx->split_send_fragment)
bfb155c1 2967 ctx->split_send_fragment = ctx->max_send_fragment;
0f113f3e 2968 return 1;
d102d9df 2969 case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
7ee8627f 2970 if ((size_t)larg > ctx->max_send_fragment || larg == 0)
d102d9df
MC		 2971 return 0;
2972 ctx->split_send_fragment = larg;
2973 return 1;
2974 case SSL_CTRL_SET_MAX_PIPELINES:
2975 if (larg < 1 || larg > SSL_MAX_PIPELINES)
2976 return 0;
2977 ctx->max_pipelines = larg;
07077415 2978 return 1;
0f113f3e
MC		 2979 case SSL_CTRL_CERT_FLAGS:
2980 return (ctx->cert->cert_flags |= larg);
2981 case SSL_CTRL_CLEAR_CERT_FLAGS:
2982 return (ctx->cert->cert_flags &= ~larg);
7946ab33 2983 case SSL_CTRL_SET_MIN_PROTO_VERSION:
c8feba72
BK		 2984 return ssl_check_allowed_versions(larg, ctx->max_proto_version)
2985 && ssl_set_version_bound(ctx->method->version, (int)larg,
2986 &ctx->min_proto_version);
3edabd3c
CH		 2987 case SSL_CTRL_GET_MIN_PROTO_VERSION:
2988 return ctx->min_proto_version;
7946ab33 2989 case SSL_CTRL_SET_MAX_PROTO_VERSION:
c8feba72
BK		 2990 return ssl_check_allowed_versions(ctx->min_proto_version, larg)
2991 && ssl_set_version_bound(ctx->method->version, (int)larg,
2992 &ctx->max_proto_version);
3edabd3c
CH		 2993 case SSL_CTRL_GET_MAX_PROTO_VERSION:
2994 return ctx->max_proto_version;
0f113f3e 2995 default:
26a7d938 2996 return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
0f113f3e
MC		 2997 }
2998}
2999
3000long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3001{
3002 switch (cmd) {
3003 case SSL_CTRL_SET_MSG_CALLBACK:
3004 ctx->msg_callback = (void (*)
3005 (int write_p, int version, int content_type,
3006 const void *buf, size_t len, SSL *ssl,
3007 void *arg))(fp);
3008 return 1;
3009
3010 default:
26a7d938 3011 return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
0f113f3e
MC		 3012 }
3013}
d3442bc7 3014
ccd86b68 3015int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
0f113f3e 3016{
90d9e49a
DSH		 3017 if (a->id > b->id)
3018 return 1;
3019 if (a->id < b->id)
3020 return -1;
3021 return 0;
0f113f3e
MC		 3022}
3023
3024int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
3025 const SSL_CIPHER *const *bp)
3026{
90d9e49a
DSH		 3027 if ((*ap)->id > (*bp)->id)
3028 return 1;
3029 if ((*ap)->id < (*bp)->id)
3030 return -1;
3031 return 0;
0f113f3e 3032}
d02b48c6 3033
38b051a1
TM		 3034/*
3035 * return a STACK of the ciphers available for the SSL and in order of
3036 * preference
3037 */
0821bcd4 3038STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
0f113f3e 3039{
38b051a1
TM		 3040 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
3041
3042 if (sc != NULL) {
3043 if (sc->cipher_list != NULL) {
3044 return sc->cipher_list;
0f113f3e 3045 } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
26a7d938 3046 return s->ctx->cipher_list;
0f113f3e
MC		 3047 }
3048 }
26a7d938 3049 return NULL;
0f113f3e
MC		 3050}
3051
831eef2c
NM		 3052STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
3053{
38b051a1
TM		 3054 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
3055
3056 if (sc == NULL || !sc->server)
831eef2c 3057 return NULL;
38b051a1 3058 return sc->peer_ciphers;
831eef2c
NM		 3059}
3060
8b8e5bed 3061STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
0f113f3e
MC		 3062{
3063 STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
3064 int i;
38b051a1
TM		 3065 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3066
3067 if (sc == NULL)
3068 return NULL;
1d0c08b4 3069
0f113f3e
MC		 3070 ciphers = SSL_get_ciphers(s);
3071 if (!ciphers)
3072 return NULL;
38b051a1 3073 if (!ssl_set_client_disabled(sc))
1d0c08b4 3074 return NULL;
0f113f3e
MC		 3075 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
3076 const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
38b051a1 3077 if (!ssl_cipher_disabled(sc, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
0f113f3e
MC		 3078 if (!sk)
3079 sk = sk_SSL_CIPHER_new_null();
3080 if (!sk)
3081 return NULL;
3082 if (!sk_SSL_CIPHER_push(sk, c)) {
3083 sk_SSL_CIPHER_free(sk);
3084 return NULL;
3085 }
3086 }
3087 }
3088 return sk;
3089}
8b8e5bed 3090
4f43d0e7 3091/** return a STACK of the ciphers available for the SSL and in order of
d02b48c6 3092 * algorithm id */
38b051a1 3093STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL_CONNECTION *s)
0f113f3e
MC		 3094{
3095 if (s != NULL) {
38b051a1 3096 if (s->cipher_list_by_id != NULL)
26a7d938 3097 return s->cipher_list_by_id;
38b051a1
TM		 3098 else if (s->ssl.ctx != NULL
3099 && s->ssl.ctx->cipher_list_by_id != NULL)
3100 return s->ssl.ctx->cipher_list_by_id;
0f113f3e 3101 }
26a7d938 3102 return NULL;
0f113f3e 3103}
d02b48c6 3104
4f43d0e7 3105/** The old interface to get the same thing as SSL_get_ciphers() */
0f113f3e
MC		 3106const char *SSL_get_cipher_list(const SSL *s, int n)
3107{
4a640fb6 3108 const SSL_CIPHER *c;
0f113f3e
MC		 3109 STACK_OF(SSL_CIPHER) *sk;
3110
3111 if (s == NULL)
26a7d938 3112 return NULL;
0f113f3e
MC		 3113 sk = SSL_get_ciphers(s);
3114 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
26a7d938 3115 return NULL;
0f113f3e
MC		 3116 c = sk_SSL_CIPHER_value(sk, n);
3117 if (c == NULL)
26a7d938
K		 3118 return NULL;
3119 return c->name;
0f113f3e 3120}
d02b48c6 3121
9d5ac953
KY		 3122/** return a STACK of the ciphers available for the SSL_CTX and in order of
3123 * preference */
3124STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
3125{
3126 if (ctx != NULL)
3127 return ctx->cipher_list;
3128 return NULL;
3129}
3130
3c83c5ba
SR		 3131/*
3132 * Distinguish between ciphers controlled by set_ciphersuite() and
3133 * set_cipher_list() when counting.
3134 */
3135static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
3136{
3137 int i, num = 0;
3138 const SSL_CIPHER *c;
3139
3140 if (sk == NULL)
3141 return 0;
3142 for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
3143 c = sk_SSL_CIPHER_value(sk, i);
3144 if (c->min_tls >= TLS1_3_VERSION)
3145 continue;
3146 num++;
3147 }
3148 return num;
3149}
3150
25f923dd 3151/** specify the ciphers to be used by default by the SSL_CTX */
018e57c7 3152int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
0f113f3e
MC		 3153{
3154 STACK_OF(SSL_CIPHER) *sk;
3155
a68eee67 3156 sk = ssl_create_cipher_list(ctx, ctx->tls13_ciphersuites,
f865b081
MC		 3157 &ctx->cipher_list, &ctx->cipher_list_by_id, str,
3158 ctx->cert);
0f113f3e
MC		 3159 /*
3160 * ssl_create_cipher_list may return an empty stack if it was unable to
3161 * find a cipher matching the given rule string (for example if the rule
3162 * string specifies a cipher which has been disabled). This is not an
3163 * error as far as ssl_create_cipher_list is concerned, and hence
3164 * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
3165 */
3166 if (sk == NULL)
3167 return 0;
3c83c5ba 3168 else if (cipher_list_tls12_num(sk) == 0) {
6849b73c 3169 ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
0f113f3e
MC		 3170 return 0;
3171 }
3172 return 1;
3173}
d02b48c6 3174
4f43d0e7 3175/** specify the ciphers to be used by the SSL */
0f113f3e
MC		 3176int SSL_set_cipher_list(SSL *s, const char *str)
3177{
3178 STACK_OF(SSL_CIPHER) *sk;
38b051a1 3179 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
0f113f3e 3180
38b051a1
TM		 3181 if (sc == NULL)
3182 return 0;
3183
3184 sk = ssl_create_cipher_list(s->ctx, sc->tls13_ciphersuites,
3185 &sc->cipher_list, &sc->cipher_list_by_id, str,
3186 sc->cert);
0f113f3e
MC		 3187 /* see comment in SSL_CTX_set_cipher_list */
3188 if (sk == NULL)
3189 return 0;
3c83c5ba 3190 else if (cipher_list_tls12_num(sk) == 0) {
6849b73c 3191 ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
0f113f3e
MC		 3192 return 0;
3193 }
3194 return 1;
3195}
d02b48c6 3196
a216df59 3197char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
0f113f3e
MC		 3198{
3199 char *p;
a216df59 3200 STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
4a640fb6 3201 const SSL_CIPHER *c;
0f113f3e 3202 int i;
38b051a1
TM		 3203 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
3204
3205 if (sc == NULL)
3206 return NULL;
0f113f3e 3207
38b051a1
TM		 3208 if (!sc->server
3209 || sc->peer_ciphers == NULL
a216df59 3210 || size < 2)
26a7d938 3211 return NULL;
0f113f3e
MC		 3212
3213 p = buf;
38b051a1 3214 clntsk = sc->peer_ciphers;
a216df59
MC		 3215 srvrsk = SSL_get_ciphers(s);
3216 if (clntsk == NULL || srvrsk == NULL)
3217 return NULL;
0f113f3e 3218
a216df59 3219 if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
0f113f3e
MC		 3220 return NULL;
3221
a216df59 3222 for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
0f113f3e
MC		 3223 int n;
3224
a216df59
MC		 3225 c = sk_SSL_CIPHER_value(clntsk, i);
3226 if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
3227 continue;
3228
0f113f3e 3229 n = strlen(c->name);
a216df59 3230 if (n + 1 > size) {
0f113f3e
MC		 3231 if (p != buf)
3232 --p;
3233 *p = '\0';
3234 return buf;
3235 }
4cacc9d5 3236 strcpy(p, c->name);
0f113f3e
MC		 3237 p += n;
3238 *(p++) = ':';
a216df59 3239 size -= n + 1;
0f113f3e
MC		 3240 }
3241 p[-1] = '\0';
26a7d938 3242 return buf;
0f113f3e
MC		 3243}
3244
7955c1f1
MC		 3245/**
3246 * Return the requested servername (SNI) value. Note that the behaviour varies
3247 * depending on:
3248 * - whether this is called by the client or the server,
3249 * - if we are before or during/after the handshake,
3250 * - if a resumption or normal handshake is being attempted/has occurred
3251 * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3
38b051a1 3252 *
7955c1f1 3253 * Note that only the host_name type is defined (RFC 3546).
ed3883d2 3254 */
f1fd4544 3255const char *SSL_get_servername(const SSL *s, const int type)
0f113f3e 3256{
38b051a1
TM		 3257 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
3258 int server;
3259
3260 if (sc == NULL)
3261 return NULL;
3262
7955c1f1
MC		 3263 /*
3264 * If we don't know if we are the client or the server yet then we assume
3265 * client.
3266 */
38b051a1
TM		 3267 server = sc->handshake_func == NULL ? 0 : sc->server;
3268
0f113f3e
MC		 3269 if (type != TLSEXT_NAMETYPE_host_name)
3270 return NULL;
a13c20f6 3271
7955c1f1
MC		 3272 if (server) {
3273 /**
3274 * Server side
3275 * In TLSv1.3 on the server SNI is not associated with the session
3276 * but in TLSv1.2 or below it is.
3277 *
3278 * Before the handshake:
3279 * - return NULL
3280 *
3281 * During/after the handshake (TLSv1.2 or below resumption occurred):
3282 * - If a servername was accepted by the server in the original
3283 * handshake then it will return that servername, or NULL otherwise.
3284 *
3285 * During/after the handshake (TLSv1.2 or below resumption did not occur):
3286 * - The function will return the servername requested by the client in
3287 * this handshake or NULL if none was requested.
3288 */
38b051a1
TM		 3289 if (sc->hit && !SSL_CONNECTION_IS_TLS13(sc))
3290 return sc->session->ext.hostname;
7955c1f1
MC		 3291 } else {
3292 /**
3293 * Client side
3294 *
3295 * Before the handshake:
3296 * - If a servername has been set via a call to
3297 * SSL_set_tlsext_host_name() then it will return that servername
3298 * - If one has not been set, but a TLSv1.2 resumption is being
3299 * attempted and the session from the original handshake had a
3300 * servername accepted by the server then it will return that
3301 * servername
3302 * - Otherwise it returns NULL
3303 *
3304 * During/after the handshake (TLSv1.2 or below resumption occurred):
9f7505ab 3305 * - If the session from the original handshake had a servername accepted
7955c1f1
MC		 3306 * by the server then it will return that servername.
3307 * - Otherwise it returns the servername set via
3308 * SSL_set_tlsext_host_name() (or NULL if it was not called).
3309 *
3310 * During/after the handshake (TLSv1.2 or below resumption did not occur):
3311 * - It will return the servername set via SSL_set_tlsext_host_name()
3312 * (or NULL if it was not called).
3313 */
3314 if (SSL_in_before(s)) {
38b051a1
TM		 3315 if (sc->ext.hostname == NULL
3316 && sc->session != NULL
3317 && sc->session->ssl_version != TLS1_3_VERSION)
3318 return sc->session->ext.hostname;
7955c1f1 3319 } else {
38b051a1
TM		 3320 if (!SSL_CONNECTION_IS_TLS13(sc) && sc->hit
3321 && sc->session->ext.hostname != NULL)
3322 return sc->session->ext.hostname;
7955c1f1
MC		 3323 }
3324 }
3325
38b051a1 3326 return sc->ext.hostname;
0f113f3e 3327}
ed3883d2 3328
f1fd4544 3329int SSL_get_servername_type(const SSL *s)
0f113f3e 3330{
7955c1f1 3331 if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL)
0f113f3e
MC		 3332 return TLSEXT_NAMETYPE_host_name;
3333 return -1;
3334}
ee2ffc27 3335
0f113f3e
MC		 3336/*
3337 * SSL_select_next_proto implements the standard protocol selection. It is
ee2ffc27 3338 * expected that this function is called from the callback set by
0f113f3e
MC		 3339 * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
3340 * vector of 8-bit, length prefixed byte strings. The length byte itself is
3341 * not included in the length. A byte string of length 0 is invalid. No byte
3342 * string may be truncated. The current, but experimental algorithm for
3343 * selecting the protocol is: 1) If the server doesn't support NPN then this
3344 * is indicated to the callback. In this case, the client application has to
3345 * abort the connection or have a default application level protocol. 2) If
3346 * the server supports NPN, but advertises an empty list then the client
f430ba31 3347 * selects the first protocol in its list, but indicates via the API that this
0f113f3e
MC		 3348 * fallback case was enacted. 3) Otherwise, the client finds the first
3349 * protocol in the server's list that it supports and selects this protocol.
3350 * This is because it's assumed that the server has better information about
3351 * which protocol a client should use. 4) If the client doesn't support any
3352 * of the server's advertised protocols, then this is treated the same as
3353 * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
3354 * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
ee2ffc27 3355 */
0f113f3e
MC		 3356int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
3357 const unsigned char *server,
3358 unsigned int server_len,
a230b26e 3359 const unsigned char *client, unsigned int client_len)
0f113f3e
MC		 3360{
3361 unsigned int i, j;
3362 const unsigned char *result;
3363 int status = OPENSSL_NPN_UNSUPPORTED;
3364
3365 /*
3366 * For each protocol in server preference order, see if we support it.
3367 */
3368 for (i = 0; i < server_len;) {
3369 for (j = 0; j < client_len;) {
3370 if (server[i] == client[j] &&
3371 memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
3372 /* We found a match */
3373 result = &server[i];
3374 status = OPENSSL_NPN_NEGOTIATED;
3375 goto found;
3376 }
3377 j += client[j];
3378 j++;
3379 }
3380 i += server[i];
3381 i++;
3382 }
3383
3384 /* There's no overlap between our protocols and the server's list. */
3385 result = client;
3386 status = OPENSSL_NPN_NO_OVERLAP;
3387
3388 found:
3389 *out = (unsigned char *)result + 1;
3390 *outlen = result[0];
3391 return status;
3392}
ee2ffc27 3393
e481f9b9 3394#ifndef OPENSSL_NO_NEXTPROTONEG
0f113f3e
MC		 3395/*
3396 * SSL_get0_next_proto_negotiated sets *data and *len to point to the
3397 * client's requested protocol for this connection and returns 0. If the
3398 * client didn't request any protocol, then *data is set to NULL. Note that
3399 * the client can request any protocol it chooses. The value returned from
3400 * this function need not be a member of the list of supported protocols
ee2ffc27
BL		 3401 * provided by the callback.
3402 */
0f113f3e
MC		 3403void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
3404 unsigned *len)
3405{
38b051a1
TM		 3406 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
3407
3408 if (sc == NULL) {
3409 /* We have no other way to indicate error */
3410 *data = NULL;
3411 *len = 0;
3412 return;
3413 }
3414
3415 *data = sc->ext.npn;
12a765a5 3416 if (*data == NULL) {
0f113f3e
MC		 3417 *len = 0;
3418 } else {
38b051a1 3419 *len = (unsigned int)sc->ext.npn_len;
0f113f3e
MC		 3420 }
3421}
3422
3423/*
aff8c126 3424 * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
0f113f3e
MC		 3425 * a TLS server needs a list of supported protocols for Next Protocol
3426 * Negotiation. The returned list must be in wire format. The list is
3427 * returned by setting |out| to point to it and |outlen| to its length. This
3428 * memory will not be modified, but one should assume that the SSL* keeps a
3429 * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
3430 * wishes to advertise. Otherwise, no such extension will be included in the
3431 * ServerHello.
3432 */
aff8c126 3433void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
8cbfcc70 3434 SSL_CTX_npn_advertised_cb_func cb,
aff8c126 3435 void *arg)
0f113f3e 3436{
aff8c126
RS		 3437 ctx->ext.npn_advertised_cb = cb;
3438 ctx->ext.npn_advertised_cb_arg = arg;
0f113f3e
MC		 3439}
3440
3441/*
3442 * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
ee2ffc27
BL		 3443 * client needs to select a protocol from the server's provided list. |out|
3444 * must be set to point to the selected protocol (which may be within |in|).
0f113f3e
MC		 3445 * The length of the protocol name must be written into |outlen|. The
3446 * server's advertised protocols are provided in |in| and |inlen|. The
3447 * callback can assume that |in| is syntactically valid. The client must
3448 * select a protocol. It is fatal to the connection if this callback returns
3449 * a value other than SSL_TLSEXT_ERR_OK.
ee2ffc27 3450 */
aff8c126 3451void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
8cbfcc70 3452 SSL_CTX_npn_select_cb_func cb,
aff8c126 3453 void *arg)
0f113f3e 3454{
aff8c126
RS		 3455 ctx->ext.npn_select_cb = cb;
3456 ctx->ext.npn_select_cb_arg = arg;
0f113f3e 3457}
e481f9b9 3458#endif
a398f821 3459
feba11cf
TS		 3460static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len)
3461{
3462 unsigned int idx;
3463
3464 if (protos_len < 2 || protos == NULL)
3465 return 0;
3466
3467 for (idx = 0; idx < protos_len; idx += protos[idx] + 1) {
3468 if (protos[idx] == 0)
3469 return 0;
3470 }
3471 return idx == protos_len;
3472}
0f113f3e
MC		 3473/*
3474 * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
6f017a8f 3475 * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
0f113f3e
MC		 3476 * length-prefixed strings). Returns 0 on success.
3477 */
3478int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
817cd0d5 3479 unsigned int protos_len)
0f113f3e 3480{
feba11cf
TS		 3481 unsigned char *alpn;
3482
3483 if (protos_len == 0 || protos == NULL) {
3484 OPENSSL_free(ctx->ext.alpn);
3485 ctx->ext.alpn = NULL;
39a14059 3486 ctx->ext.alpn_len = 0;
feba11cf
TS		 3487 return 0;
3488 }
3489 /* Not valid per RFC */
3490 if (!alpn_value_ok(protos, protos_len))
3491 return 1;
3492
3493 alpn = OPENSSL_memdup(protos, protos_len);
e077455e 3494 if (alpn == NULL)
0f113f3e 3495 return 1;
feba11cf
TS		 3496 OPENSSL_free(ctx->ext.alpn);
3497 ctx->ext.alpn = alpn;
aff8c126 3498 ctx->ext.alpn_len = protos_len;
0f113f3e
MC		 3499
3500 return 0;
3501}
3502
3503/*
3504 * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
6f017a8f 3505 * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
0f113f3e
MC		 3506 * length-prefixed strings). Returns 0 on success.
3507 */
3508int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
817cd0d5 3509 unsigned int protos_len)
0f113f3e 3510{
feba11cf 3511 unsigned char *alpn;
38b051a1
TM		 3512 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
3513
3514 if (sc == NULL)
3515 return 1;
feba11cf
TS		 3516
3517 if (protos_len == 0 || protos == NULL) {
38b051a1
TM		 3518 OPENSSL_free(sc->ext.alpn);
3519 sc->ext.alpn = NULL;
3520 sc->ext.alpn_len = 0;
feba11cf
TS		 3521 return 0;
3522 }
3523 /* Not valid per RFC */
3524 if (!alpn_value_ok(protos, protos_len))
3525 return 1;
3526
3527 alpn = OPENSSL_memdup(protos, protos_len);
e077455e 3528 if (alpn == NULL)
0f113f3e 3529 return 1;
38b051a1
TM		 3530 OPENSSL_free(sc->ext.alpn);
3531 sc->ext.alpn = alpn;
3532 sc->ext.alpn_len = protos_len;
0f113f3e
MC		 3533
3534 return 0;
3535}
3536
3537/*
3538 * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
3539 * called during ClientHello processing in order to select an ALPN protocol
3540 * from the client's list of offered protocols.
3541 */
3542void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
8cbfcc70
RS		 3543 SSL_CTX_alpn_select_cb_func cb,
3544 void *arg)
0f113f3e 3545{
aff8c126
RS		 3546 ctx->ext.alpn_select_cb = cb;
3547 ctx->ext.alpn_select_cb_arg = arg;
0f113f3e
MC		 3548}
3549
3550/*
69687aa8
F		 3551 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
3552 * On return it sets |*data| to point to |*len| bytes of protocol name
0f113f3e
MC		 3553 * (not including the leading length-prefix byte). If the server didn't
3554 * respond with a negotiated protocol then |*len| will be zero.
3555 */
6f017a8f 3556void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
817cd0d5 3557 unsigned int *len)
0f113f3e 3558{
38b051a1
TM		 3559 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
3560
3561 if (sc == NULL) {
3562 /* We have no other way to indicate error */
3563 *data = NULL;
3564 *len = 0;
3565 return;
3566 }
3567
3568 *data = sc->s3.alpn_selected;
0f113f3e
MC		 3569 if (*data == NULL)
3570 *len = 0;
3571 else
38b051a1 3572 *len = (unsigned int)sc->s3.alpn_selected_len;
0f113f3e
MC		 3573}
3574
74b4b494 3575int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
0f113f3e 3576 const char *label, size_t llen,
23cec1f4 3577 const unsigned char *context, size_t contextlen,
0f113f3e
MC		 3578 int use_context)
3579{
38b051a1
TM		 3580 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3581
3582 if (sc == NULL)
3583 return -1;
3584
3585 if (sc->session == NULL
3586 || (sc->version < TLS1_VERSION && sc->version != DTLS1_BAD_VER))
0f113f3e 3587 return -1;
e0af0405 3588
38b051a1 3589 return s->method->ssl3_enc->export_keying_material(sc, out, olen, label,
23cec1f4
MC		 3590 llen, context,
3591 contextlen, use_context);
0f113f3e 3592}
e0af0405 3593
b38ede80
TT		 3594int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
3595 const char *label, size_t llen,
3596 const unsigned char *context,
3597 size_t contextlen)
3598{
38b051a1
TM		 3599 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
3600
3601 if (sc == NULL)
3602 return -1;
3603
3604 if (sc->version != TLS1_3_VERSION)
b38ede80
TT		 3605 return 0;
3606
38b051a1 3607 return tls13_export_keying_material_early(sc, out, olen, label, llen,
b38ede80
TT		 3608 context, contextlen);
3609}
3610
3c1d6bbc 3611static unsigned long ssl_session_hash(const SSL_SESSION *a)
0f113f3e 3612{
bd5d27c1 3613 const unsigned char *session_id = a->session_id;
0f113f3e 3614 unsigned long l;
bd5d27c1
DB		 3615 unsigned char tmp_storage[4];
3616
3617 if (a->session_id_length < sizeof(tmp_storage)) {
3618 memset(tmp_storage, 0, sizeof(tmp_storage));
3619 memcpy(tmp_storage, a->session_id, a->session_id_length);
3620 session_id = tmp_storage;
3621 }
0f113f3e
MC		 3622
3623 l = (unsigned long)
bd5d27c1
DB		 3624 ((unsigned long)session_id[0]) |
3625 ((unsigned long)session_id[1] << 8L) |
3626 ((unsigned long)session_id[2] << 16L) |
3627 ((unsigned long)session_id[3] << 24L);
26a7d938 3628 return l;
0f113f3e
MC		 3629}
3630
3631/*
3632 * NB: If this function (or indeed the hash function which uses a sort of
dc644fe2 3633 * coarser function than this one) is changed, ensure
0f113f3e
MC		 3634 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
3635 * being able to construct an SSL_SESSION that will collide with any existing
3636 * session with a matching session ID.
3637 */
3638static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
3639{
3640 if (a->ssl_version != b->ssl_version)
208fb891 3641 return 1;
0f113f3e 3642 if (a->session_id_length != b->session_id_length)
208fb891 3643 return 1;
26a7d938 3644 return memcmp(a->session_id, b->session_id, a->session_id_length);
0f113f3e
MC		 3645}
3646
3647/*
3648 * These wrapper functions should remain rather than redeclaring
d0fa136c 3649 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
0f113f3e
MC		 3650 * variable. The reason is that the functions aren't static, they're exposed
3651 * via ssl.h.
3652 */
97b17195 3653
b4250010 3654SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
d8652be0 3655 const SSL_METHOD *meth)
0f113f3e
MC		 3656{
3657 SSL_CTX *ret = NULL;
b67cb09f
TS		 3658#ifndef OPENSSL_NO_COMP_ALG
3659 int i;
3660#endif
0f113f3e
MC		 3661
3662 if (meth == NULL) {
6849b73c 3663 ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_METHOD_PASSED);
26a7d938 3664 return NULL;
0f113f3e
MC		 3665 }
3666
0fc32b07
MC		 3667 if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
3668 return NULL;
7fa792d1 3669
0f113f3e 3670 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
6849b73c 3671 ERR_raise(ERR_LIB_SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
0f113f3e
MC		 3672 goto err;
3673 }
b51bce94 3674 ret = OPENSSL_zalloc(sizeof(*ret));
0f113f3e
MC		 3675 if (ret == NULL)
3676 goto err;
3677
045a8930
F		 3678 /* Init the reference counting before any call to SSL_CTX_free */
3679 ret->references = 1;
3680 ret->lock = CRYPTO_THREAD_lock_new();
3681 if (ret->lock == NULL) {
e077455e
RL		 3682 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
3683 goto err;
045a8930
F		 3684 }
3685
acce0557
P		 3686#ifdef TSAN_REQUIRES_LOCKING
3687 ret->tsan_lock = CRYPTO_THREAD_lock_new();
3688 if (ret->tsan_lock == NULL) {
e077455e 3689 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
acce0557
P		 3690 goto err;
3691 }
3692#endif
3693
ba18627e
MC		 3694 ret->libctx = libctx;
3695 if (propq != NULL) {
3696 ret->propq = OPENSSL_strdup(propq);
3697 if (ret->propq == NULL)
3698 goto err;
3699 }
3700
0f113f3e 3701 ret->method = meth;
7946ab33
KR		 3702 ret->min_proto_version = 0;
3703 ret->max_proto_version = 0;
693cf80c 3704 ret->mode = SSL_MODE_AUTO_RETRY;
0f113f3e
MC		 3705 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
3706 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
64b25758 3707 /* We take the system default. */
0f113f3e 3708 ret->session_timeout = meth->get_timeout();
0f113f3e 3709 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
0f113f3e 3710 ret->verify_mode = SSL_VERIFY_NONE;
e077455e
RL		 3711 if ((ret->cert = ssl_cert_new()) == NULL) {
3712 ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
0f113f3e 3713 goto err;
e077455e 3714 }
0f113f3e 3715
62d0577e 3716 ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
e077455e
RL		 3717 if (ret->sessions == NULL) {
3718 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
0f113f3e 3719 goto err;
e077455e 3720 }
0f113f3e 3721 ret->cert_store = X509_STORE_new();
e077455e
RL		 3722 if (ret->cert_store == NULL) {
3723 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
0f113f3e 3724 goto err;
e077455e 3725 }
ed29e82a 3726#ifndef OPENSSL_NO_CT
d8652be0 3727 ret->ctlog_store = CTLOG_STORE_new_ex(libctx, propq);
e077455e
RL		 3728 if (ret->ctlog_store == NULL) {
3729 ERR_raise(ERR_LIB_SSL, ERR_R_CT_LIB);
ed29e82a 3730 goto err;
e077455e 3731 }
ed29e82a 3732#endif
f865b081 3733
c8f6c28a
MC		 3734 /* initialize cipher/digest methods table */
3735 if (!ssl_load_ciphers(ret))
e077455e 3736 goto err;
263ff2c9
MC		 3737 /* initialise sig algs */
3738 if (!ssl_setup_sig_algs(ret))
e077455e 3739 goto err;
c8f6c28a 3740
9d2d857f 3741 if (!ssl_load_groups(ret))
e077455e 3742 goto err;
9d2d857f 3743
e077455e
RL		 3744 if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) {
3745 ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
f865b081 3746 goto err;
e077455e 3747 }
f865b081 3748
a68eee67 3749 if (!ssl_create_cipher_list(ret,
f865b081 3750 ret->tls13_ciphersuites,
a230b26e 3751 &ret->cipher_list, &ret->cipher_list_by_id,
5d120511 3752 OSSL_default_cipher_list(), ret->cert)
a230b26e 3753 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
6849b73c 3754 ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
e077455e 3755 goto err;
0f113f3e
MC		 3756 }
3757
3758 ret->param = X509_VERIFY_PARAM_new();
e077455e
RL		 3759 if (ret->param == NULL) {
3760 ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
0f113f3e 3761 goto err;
e077455e 3762 }
0f113f3e 3763
c8f6c28a
MC		 3764 /*
3765 * If these aren't available from the provider we'll get NULL returns.
3766 * That's fine but will cause errors later if SSLv3 is negotiated
3767 */
3768 ret->md5 = ssl_evp_md_fetch(libctx, NID_md5, propq);
3769 ret->sha1 = ssl_evp_md_fetch(libctx, NID_sha1, propq);
0f113f3e 3770
e077455e
RL		 3771 if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) {
3772 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
0f113f3e 3773 goto err;
e077455e 3774 }
0f113f3e 3775
e077455e
RL		 3776 if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL) {
3777 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
98732979 3778 goto err;
e077455e 3779 }
98732979 3780
e077455e
RL		 3781 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data)) {
3782 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
25a807bc 3783 goto err;
e077455e 3784 }
0f113f3e 3785
4bfb96f2
TS		 3786 if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
3787 goto err;
3788
0f113f3e
MC		 3789 /* No compression for DTLS */
3790 if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
3791 ret->comp_methods = SSL_COMP_get_compression_methods();
3792
3793 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
d102d9df 3794 ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
566dda07 3795
4e2e1ec9 3796 /* Setup RFC5077 ticket keys */
8f21260b 3797 if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name,
0f8815aa 3798 sizeof(ret->ext.tick_key_name), 0) <= 0)
8f21260b 3799 || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key,
0f8815aa 3800 sizeof(ret->ext.secure->tick_hmac_key), 0) <= 0)
8f21260b 3801 || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key,
0f8815aa 3802 sizeof(ret->ext.secure->tick_aes_key), 0) <= 0))
0f113f3e 3803 ret->options |= SSL_OP_NO_TICKET;
6434abbf 3804
8f21260b 3805 if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key,
e077455e
RL		 3806 sizeof(ret->ext.cookie_hmac_key), 0) <= 0) {
3807 ERR_raise(ERR_LIB_SSL, ERR_R_RAND_LIB);
43054d3d 3808 goto err;
e077455e 3809 }
43054d3d 3810
edc032b5 3811#ifndef OPENSSL_NO_SRP
e077455e
RL		 3812 if (!ssl_ctx_srp_ctx_init_intern(ret)) {
3813 ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
69f68237 3814 goto err;
e077455e 3815 }
edc032b5 3816#endif
4db9677b 3817#ifndef OPENSSL_NO_ENGINE
0f113f3e
MC		 3818# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
3819# define eng_strx(x) #x
3820# define eng_str(x) eng_strx(x)
3821 /* Use specific client engine automatically... ignore errors */
3822 {
3823 ENGINE *eng;
3824 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
3825 if (!eng) {
3826 ERR_clear_error();
3827 ENGINE_load_builtin_engines();
3828 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
3829 }
3830 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
3831 ERR_clear_error();
3832 }
3833# endif
b67cb09f
TS		 3834#endif
3835
3836#ifndef OPENSSL_NO_COMP_ALG
3837 /*
3838 * Set the default order: brotli, zlib, zstd
3839 * Including only those enabled algorithms
3840 */
3841 memset(ret->cert_comp_prefs, 0, sizeof(ret->cert_comp_prefs));
3842 i = 0;
3843 if (ossl_comp_has_alg(TLSEXT_comp_cert_brotli))
3844 ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_brotli;
3845 if (ossl_comp_has_alg(TLSEXT_comp_cert_zlib))
3846 ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_zlib;
3847 if (ossl_comp_has_alg(TLSEXT_comp_cert_zstd))
3848 ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_zstd;
0f113f3e 3849#endif
dc5744cb
EK		 3850 /*
3851 * Disable compression by default to prevent CRIME. Applications can
3852 * re-enable compression by configuring
3853 * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
a5816a5a
MC		 3854 * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
3855 * middlebox compatibility by default. This may be disabled by default in
3856 * a later OpenSSL version.
dc5744cb 3857 */
a5816a5a 3858 ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
0f113f3e 3859
aff8c126 3860 ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
ba261f71 3861
bfa9a9af 3862 /*
c39e4048
BK		 3863 * We cannot usefully set a default max_early_data here (which gets
3864 * propagated in SSL_new(), for the following reason: setting the
3865 * SSL field causes tls_construct_stoc_early_data() to tell the
3866 * client that early data will be accepted when constructing a TLS 1.3
3867 * session ticket, and the client will accordingly send us early data
3868 * when using that ticket (if the client has early data to send).
3869 * However, in order for the early data to actually be consumed by
3870 * the application, the application must also have calls to
3871 * SSL_read_early_data(); otherwise we'll just skip past the early data
3872 * and ignore it. So, since the application must add calls to
3873 * SSL_read_early_data(), we also require them to add
3874 * calls to SSL_CTX_set_max_early_data() in order to use early data,
3875 * eliminating the bandwidth-wasting early data in the case described
3876 * above.
bfa9a9af 3877 */
c39e4048 3878 ret->max_early_data = 0;
bfa9a9af 3879
4e8548e8
MC		 3880 /*
3881 * Default recv_max_early_data is a fully loaded single record. Could be
3882 * split across multiple records in practice. We set this differently to
3883 * max_early_data so that, in the default case, we do not advertise any
3884 * support for early_data, but if a client were to send us some (e.g.
3885 * because of an old, stale ticket) then we will tolerate it and skip over
3886 * it.
3887 */
3888 ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
3889
36ff232c
MC		 3890 /* By default we send two session tickets automatically in TLSv1.3 */
3891 ret->num_tickets = 2;
9d0a8bb7 3892
8a5ed9dc
TM		 3893 ssl_ctx_system_config(ret);
3894
16203f7b 3895 return ret;
0f113f3e 3896 err:
e0e920b1 3897 SSL_CTX_free(ret);
16203f7b 3898 return NULL;
0f113f3e 3899}
d02b48c6 3900
ba18627e
MC		 3901SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
3902{
d8652be0 3903 return SSL_CTX_new_ex(NULL, NULL, meth);
ba18627e
MC		 3904}
3905
c5ebfcab 3906int SSL_CTX_up_ref(SSL_CTX *ctx)
a18a31e4 3907{
16203f7b 3908 int i;
c5ebfcab 3909
2f545ae4 3910 if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
c5ebfcab
F		 3911 return 0;
3912
3913 REF_PRINT_COUNT("SSL_CTX", ctx);
3914 REF_ASSERT_ISNT(i < 2);
3915 return ((i > 1) ? 1 : 0);
a18a31e4
MC		 3916}
3917
4f43d0e7 3918void SSL_CTX_free(SSL_CTX *a)
0f113f3e
MC		 3919{
3920 int i;
9d2d857f 3921 size_t j;
d02b48c6 3922
0f113f3e
MC		 3923 if (a == NULL)
3924 return;
d02b48c6 3925
2f545ae4 3926 CRYPTO_DOWN_REF(&a->references, &i, a->lock);
f3f1cf84 3927 REF_PRINT_COUNT("SSL_CTX", a);
0f113f3e
MC		 3928 if (i > 0)
3929 return;
f3f1cf84 3930 REF_ASSERT_ISNT(i < 0);
0f113f3e 3931
222561fe 3932 X509_VERIFY_PARAM_free(a->param);
919ba009 3933 dane_ctx_final(&a->dane);
0f113f3e
MC		 3934
3935 /*
3936 * Free internal session cache. However: the remove_cb() may reference
3937 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
3938 * after the sessions were flushed.
3939 * As the ex_data handling routines might also touch the session cache,
3940 * the most secure solution seems to be: empty (flush) the cache, then
3941 * free ex_data, then finally free the cache.
3942 * (See ticket [openssl.org #212].)
3943 */
3944 if (a->sessions != NULL)
3945 SSL_CTX_flush_sessions(a, 0);
3946
3947 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
25aaa98a 3948 lh_SSL_SESSION_free(a->sessions);
222561fe 3949 X509_STORE_free(a->cert_store);
ed29e82a
RP		 3950#ifndef OPENSSL_NO_CT
3951 CTLOG_STORE_free(a->ctlog_store);
3952#endif
25aaa98a
RS		 3953 sk_SSL_CIPHER_free(a->cipher_list);
3954 sk_SSL_CIPHER_free(a->cipher_list_by_id);
f865b081 3955 sk_SSL_CIPHER_free(a->tls13_ciphersuites);
e0e920b1 3956 ssl_cert_free(a->cert);
fa7c2637 3957 sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
98732979 3958 sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
79b2a2f2 3959 OSSL_STACK_OF_X509_free(a->extra_certs);
0f113f3e 3960 a->comp_methods = NULL;
e783bae2 3961#ifndef OPENSSL_NO_SRTP
25aaa98a 3962 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
e783bae2 3963#endif
edc032b5 3964#ifndef OPENSSL_NO_SRP
76cb077f 3965 ssl_ctx_srp_ctx_free_intern(a);
edc032b5 3966#endif
bdfe932d 3967#ifndef OPENSSL_NO_ENGINE
301fcb28 3968 tls_engine_finish(a->client_cert_engine);
ddac1974 3969#endif
8671b898 3970
aff8c126 3971 OPENSSL_free(a->ext.ecpointformats);
187753e0 3972 OPENSSL_free(a->ext.supportedgroups);
ddf8f1ce 3973 OPENSSL_free(a->ext.supported_groups_default);
aff8c126 3974 OPENSSL_free(a->ext.alpn);
4bfb96f2 3975 OPENSSL_secure_free(a->ext.secure);
8671b898 3976
c8f6c28a
MC		 3977 ssl_evp_md_free(a->md5);
3978 ssl_evp_md_free(a->sha1);
3979
9d2d857f
MC		 3980 for (j = 0; j < SSL_ENC_NUM_IDX; j++)
3981 ssl_evp_cipher_free(a->ssl_cipher_methods[j]);
3982 for (j = 0; j < SSL_MD_NUM_IDX; j++)
3983 ssl_evp_md_free(a->ssl_digest_methods[j]);
3984 for (j = 0; j < a->group_list_len; j++) {
3985 OPENSSL_free(a->group_list[j].tlsname);
3986 OPENSSL_free(a->group_list[j].realname);
3987 OPENSSL_free(a->group_list[j].algorithm);
3988 }
3989 OPENSSL_free(a->group_list);
c8f6c28a 3990
263ff2c9
MC		 3991 OPENSSL_free(a->sigalg_lookup_cache);
3992
16203f7b 3993 CRYPTO_THREAD_lock_free(a->lock);
acce0557
P		 3994#ifdef TSAN_REQUIRES_LOCKING
3995 CRYPTO_THREAD_lock_free(a->tsan_lock);
3996#endif
16203f7b 3997
ba18627e
MC		 3998 OPENSSL_free(a->propq);
3999
0f113f3e
MC		 4000 OPENSSL_free(a);
4001}
d02b48c6 4002
3ae76679 4003void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
0f113f3e
MC		 4004{
4005 ctx->default_passwd_callback = cb;
4006}
4007
4008void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
4009{
4010 ctx->default_passwd_callback_userdata = u;
4011}
4012
0c452abc
CH		 4013pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
4014{
4015 return ctx->default_passwd_callback;
4016}
4017
4018void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
4019{
4020 return ctx->default_passwd_callback_userdata;
4021}
4022
a974e64a
MC		 4023void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
4024{
38b051a1
TM		 4025 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4026
4027 if (sc == NULL)
4028 return;
4029
4030 sc->default_passwd_callback = cb;
a974e64a
MC		 4031}
4032
4033void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
4034{
38b051a1
TM		 4035 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4036
4037 if (sc == NULL)
4038 return;
4039
4040 sc->default_passwd_callback_userdata = u;
a974e64a
MC		 4041}
4042
0c452abc
CH		 4043pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
4044{
38b051a1
TM		 4045 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4046
4047 if (sc == NULL)
4048 return NULL;
4049
4050 return sc->default_passwd_callback;
0c452abc
CH		 4051}
4052
4053void *SSL_get_default_passwd_cb_userdata(SSL *s)
4054{
38b051a1
TM		 4055 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4056
4057 if (sc == NULL)
4058 return NULL;
4059
4060 return sc->default_passwd_callback_userdata;
0c452abc
CH		 4061}
4062
0f113f3e
MC		 4063void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
4064 int (*cb) (X509_STORE_CTX *, void *),
4065 void *arg)
4066{
4067 ctx->app_verify_callback = cb;
4068 ctx->app_verify_arg = arg;
4069}
4070
4071void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
4072 int (*cb) (int, X509_STORE_CTX *))
4073{
4074 ctx->verify_mode = mode;
4075 ctx->default_verify_callback = cb;
4076}
4077
4078void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
4079{
4080 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
4081}
4082
a230b26e 4083void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
0f113f3e
MC		 4084{
4085 ssl_cert_set_cert_cb(c->cert, cb, arg);
4086}
4087
4088void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
4089{
38b051a1
TM		 4090 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4091
4092 if (sc == NULL)
4093 return;
4094
4095 ssl_cert_set_cert_cb(sc->cert, cb, arg);
0f113f3e 4096}
18d71588 4097
38b051a1 4098void ssl_set_masks(SSL_CONNECTION *s)
0f113f3e 4099{
6383d316 4100 CERT *c = s->cert;
555cbb32 4101 uint32_t *pvalid = s->s3.tmp.valid_flags;
bc71f910 4102 int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
361a1191 4103 unsigned long mask_k, mask_a;
361a1191 4104 int have_ecc_cert, ecdsa_ok;
462f4f4b 4105
0f113f3e
MC		 4106 if (c == NULL)
4107 return;
d02b48c6 4108
13c45372 4109 dh_tmp = (c->dh_tmp != NULL
13c45372 4110 || c->dh_tmp_cb != NULL
13c45372 4111 || c->dh_tmp_auto);
d02b48c6 4112
d0ff28f8 4113 rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
38e8f3cd
DSH		 4114 rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
4115 dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
6383d316 4116 have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
0f113f3e
MC		 4117 mask_k = 0;
4118 mask_a = 0;
0e1dba93 4119
77359d22
RL		 4120 OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n",
4121 dh_tmp, rsa_enc, rsa_sign, dsa_sign);
0f113f3e 4122
2a9b9654 4123#ifndef OPENSSL_NO_GOST
4020c0b3 4124 if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
5a5530a2 4125 mask_k |= SSL_kGOST | SSL_kGOST18;
e44380a9
DB		 4126 mask_a |= SSL_aGOST12;
4127 }
4020c0b3 4128 if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
5a5530a2 4129 mask_k |= SSL_kGOST | SSL_kGOST18;
e44380a9
DB		 4130 mask_a |= SSL_aGOST12;
4131 }
4020c0b3 4132 if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
0f113f3e
MC		 4133 mask_k |= SSL_kGOST;
4134 mask_a |= SSL_aGOST01;
4135 }
2a9b9654 4136#endif
0f113f3e 4137
361a1191 4138 if (rsa_enc)
0f113f3e 4139 mask_k |= SSL_kRSA;
d02b48c6 4140
0f113f3e
MC		 4141 if (dh_tmp)
4142 mask_k |= SSL_kDHE;
d02b48c6 4143
6aaa29fb
DSH		 4144 /*
4145 * If we only have an RSA-PSS certificate allow RSA authentication
4146 * if TLS 1.2 and peer supports it.
4147 */
4148
4149 if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
4150 && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
38b051a1 4151 && TLS1_get_version(&s->ssl) == TLS1_2_VERSION))
0f113f3e 4152 mask_a |= SSL_aRSA;
d02b48c6 4153
0f113f3e
MC		 4154 if (dsa_sign) {
4155 mask_a |= SSL_aDSS;
0f113f3e 4156 }
d02b48c6 4157
0f113f3e 4158 mask_a |= SSL_aNULL;
d02b48c6 4159
0f113f3e
MC		 4160 /*
4161 * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
4162 * depending on the key usage extension.
4163 */
0f113f3e 4164 if (have_ecc_cert) {
a8d8e06b 4165 uint32_t ex_kusage;
4020c0b3 4166 ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
a8d8e06b 4167 ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
6383d316 4168 if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
0f113f3e 4169 ecdsa_ok = 0;
c7c46256 4170 if (ecdsa_ok)
0f113f3e 4171 mask_a |= SSL_aECDSA;
0f113f3e 4172 }
b2021556
DSH		 4173 /* Allow Ed25519 for TLS 1.2 if peer supports it */
4174 if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
4175 && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
38b051a1 4176 && TLS1_get_version(&s->ssl) == TLS1_2_VERSION)
b2021556 4177 mask_a |= SSL_aECDSA;
0e1d6ecf
MC		 4178
4179 /* Allow Ed448 for TLS 1.2 if peer supports it */
4180 if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
4181 && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
38b051a1 4182 && TLS1_get_version(&s->ssl) == TLS1_2_VERSION)
0e1d6ecf 4183 mask_a |= SSL_aECDSA;
ea262260 4184
fe6ef247 4185 mask_k |= SSL_kECDHE;
ddac1974
NL		 4186
4187#ifndef OPENSSL_NO_PSK
0f113f3e
MC		 4188 mask_k |= SSL_kPSK;
4189 mask_a |= SSL_aPSK;
526f94ad
DSH		 4190 if (mask_k & SSL_kRSA)
4191 mask_k |= SSL_kRSAPSK;
4192 if (mask_k & SSL_kDHE)
4193 mask_k |= SSL_kDHEPSK;
4194 if (mask_k & SSL_kECDHE)
4195 mask_k |= SSL_kECDHEPSK;
ddac1974
NL		 4196#endif
4197
555cbb32
TS		 4198 s->s3.tmp.mask_k = mask_k;
4199 s->s3.tmp.mask_a = mask_a;
0f113f3e 4200}
d02b48c6 4201
38b051a1 4202int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CONNECTION *s)
0f113f3e 4203{
555cbb32 4204 if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
0f113f3e 4205 /* key usage, if present, must allow signing */
ce0c1f2b 4206 if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
6849b73c 4207 ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
0f113f3e
MC		 4208 return 0;
4209 }
4210 }
0f113f3e
MC		 4211 return 1; /* all checks are ok */
4212}
ea262260 4213
38b051a1
TM		 4214int ssl_get_server_cert_serverinfo(SSL_CONNECTION *s,
4215 const unsigned char **serverinfo,
0f113f3e
MC		 4216 size_t *serverinfo_length)
4217{
555cbb32 4218 CERT_PKEY *cpk = s->s3.tmp.cert;
0f113f3e
MC		 4219 *serverinfo_length = 0;
4220
a497cf25 4221 if (cpk == NULL || cpk->serverinfo == NULL)
0f113f3e
MC		 4222 return 0;
4223
a497cf25
DSH		 4224 *serverinfo = cpk->serverinfo;
4225 *serverinfo_length = cpk->serverinfo_length;
0f113f3e
MC		 4226 return 1;
4227}
0f113f3e 4228
38b051a1 4229void ssl_update_cache(SSL_CONNECTION *s, int mode)
0f113f3e
MC		 4230{
4231 int i;
4232
4233 /*
4234 * If the session_id_length is 0, we are not supposed to cache it, and it
4235 * would be rather hard to do anyway :-)
4236 */
4237 if (s->session->session_id_length == 0)
4238 return;
4239
d316cdcf
BK		 4240 /*
4241 * If sid_ctx_length is 0 there is no specific application context
4242 * associated with this session, so when we try to resume it and
c4fa1f7f
BK		 4243 * SSL_VERIFY_PEER is requested to verify the client identity, we have no
4244 * indication that this is actually a session for the proper application
4245 * context, and the *handshake* will fail, not just the resumption attempt.
4246 * Do not cache (on the server) these sessions that are not resumable
4247 * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
d316cdcf 4248 */
c4fa1f7f 4249 if (s->server && s->session->sid_ctx_length == 0
d316cdcf
BK		 4250 && (s->verify_mode & SSL_VERIFY_PEER) != 0)
4251 return;
4252
0f113f3e 4253 i = s->session_ctx->session_cache_mode;
5d61491c 4254 if ((i & mode) != 0
38b051a1 4255 && (!s->hit || SSL_CONNECTION_IS_TLS13(s))) {
ee94ec2e
MC		 4256 /*
4257 * Add the session to the internal cache. In server side TLSv1.3 we
6cc0b3c2
MC		 4258 * normally don't do this because by default it's a full stateless ticket
4259 * with only a dummy session id so there is no reason to cache it,
4260 * unless:
ee94ec2e
MC		 4261 * - we are doing early_data, in which case we cache so that we can
4262 * detect replays
4263 * - the application has set a remove_session_cb so needs to know about
4264 * session timeout events
6cc0b3c2 4265 * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
ee94ec2e
MC		 4266 */
4267 if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
38b051a1 4268 && (!SSL_CONNECTION_IS_TLS13(s)
ee94ec2e 4269 || !s->server
5d263fb7
MC		 4270 || (s->max_early_data > 0
4271 && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
6cc0b3c2
MC		 4272 || s->session_ctx->remove_session_cb != NULL
4273 || (s->options & SSL_OP_NO_TICKET) != 0))
ee94ec2e
MC		 4274 SSL_CTX_add_session(s->session_ctx, s->session);
4275
4276 /*
4277 * Add the session to the external cache. We do this even in server side
4278 * TLSv1.3 without early data because some applications just want to
4279 * know about the creation of a session and aren't doing a full cache.
4280 */
4281 if (s->session_ctx->new_session_cb != NULL) {
4282 SSL_SESSION_up_ref(s->session);
38b051a1
TM		 4283 if (!s->session_ctx->new_session_cb(SSL_CONNECTION_GET_SSL(s),
4284 s->session))
ee94ec2e
MC		 4285 SSL_SESSION_free(s->session);
4286 }
0f113f3e
MC		 4287 }
4288
4289 /* auto flush every 255 connections */
4290 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
9ef9088c 4291 TSAN_QUALIFIER int *stat;
acce0557 4292
1fcb4e4d
BK		 4293 if (mode & SSL_SESS_CACHE_CLIENT)
4294 stat = &s->session_ctx->stats.sess_connect_good;
4295 else
4296 stat = &s->session_ctx->stats.sess_accept_good;
acce0557 4297 if ((ssl_tsan_load(s->session_ctx, stat) & 0xff) == 0xff)
0f113f3e 4298 SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
0f113f3e
MC		 4299 }
4300}
d02b48c6 4301
3499327b 4302const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
0f113f3e
MC		 4303{
4304 return ctx->method;
4305}
ba168244 4306
3499327b 4307const SSL_METHOD *SSL_get_ssl_method(const SSL *s)
0f113f3e 4308{
26a7d938 4309 return s->method;
0f113f3e 4310}
d02b48c6 4311
4ebb342f 4312int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
0f113f3e 4313{
0f113f3e 4314 int ret = 1;
38b051a1
TM		 4315 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4316
4317 /* TODO(QUIC): Do we want this for QUIC? */
4318 if (sc == NULL
4319 || (s->type != SSL_TYPE_SSL_CONNECTION && s->method != meth))
4320 return 0;
0f113f3e
MC		 4321
4322 if (s->method != meth) {
919ba009 4323 const SSL_METHOD *sm = s->method;
38b051a1 4324 int (*hf) (SSL *) = sc->handshake_func;
0f113f3e 4325
919ba009 4326 if (sm->version == meth->version)
0f113f3e
MC		 4327 s->method = meth;
4328 else {
38b051a1 4329 sm->ssl_deinit(s);
0f113f3e 4330 s->method = meth;
38b051a1 4331 ret = s->method->ssl_init(s);
0f113f3e
MC		 4332 }
4333
919ba009 4334 if (hf == sm->ssl_connect)
38b051a1 4335 sc->handshake_func = meth->ssl_connect;
919ba009 4336 else if (hf == sm->ssl_accept)
38b051a1 4337 sc->handshake_func = meth->ssl_accept;
0f113f3e 4338 }
26a7d938 4339 return ret;
0f113f3e
MC		 4340}
4341
4342int SSL_get_error(const SSL *s, int i)
4343{
4344 int reason;
4345 unsigned long l;
4346 BIO *bio;
38b051a1 4347 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
0f113f3e
MC		 4348
4349 if (i > 0)
26a7d938 4350 return SSL_ERROR_NONE;
0f113f3e 4351
38b051a1
TM		 4352 /* TODO(QUIC): This will need more handling for QUIC_CONNECTIONs */
4353 if (sc == NULL)
4354 return SSL_ERROR_SSL;
4355
0f113f3e
MC		 4356 /*
4357 * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
4358 * where we do encode the error
4359 */
4360 if ((l = ERR_peek_error()) != 0) {
4361 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
26a7d938 4362 return SSL_ERROR_SYSCALL;
0f113f3e 4363 else
26a7d938 4364 return SSL_ERROR_SSL;
0f113f3e
MC		 4365 }
4366
8051ab2b
MC		 4367 if (SSL_want_read(s)) {
4368 bio = SSL_get_rbio(s);
4369 if (BIO_should_read(bio))
26a7d938 4370 return SSL_ERROR_WANT_READ;
8051ab2b
MC		 4371 else if (BIO_should_write(bio))
4372 /*
4373 * This one doesn't make too much sense ... We never try to write
4374 * to the rbio, and an application program where rbio and wbio
4375 * are separate couldn't even know what it should wait for.
4376 * However if we ever set s->rwstate incorrectly (so that we have
4377 * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
4378 * wbio *are* the same, this test works around that bug; so it
4379 * might be safer to keep it.
4380 */
26a7d938 4381 return SSL_ERROR_WANT_WRITE;
8051ab2b
MC		 4382 else if (BIO_should_io_special(bio)) {
4383 reason = BIO_get_retry_reason(bio);
4384 if (reason == BIO_RR_CONNECT)
26a7d938 4385 return SSL_ERROR_WANT_CONNECT;
8051ab2b 4386 else if (reason == BIO_RR_ACCEPT)
26a7d938 4387 return SSL_ERROR_WANT_ACCEPT;
8051ab2b 4388 else
26a7d938 4389 return SSL_ERROR_SYSCALL; /* unknown */
0f113f3e 4390 }
8051ab2b 4391 }
0f113f3e 4392
8051ab2b 4393 if (SSL_want_write(s)) {
69687aa8 4394 /* Access wbio directly - in order to use the buffered bio if present */
38b051a1 4395 bio = sc->wbio;
8051ab2b 4396 if (BIO_should_write(bio))
26a7d938 4397 return SSL_ERROR_WANT_WRITE;
8051ab2b 4398 else if (BIO_should_read(bio))
2e7dc7cd 4399 /*
8051ab2b 4400 * See above (SSL_want_read(s) with BIO_should_write(bio))
2e7dc7cd 4401 */
26a7d938 4402 return SSL_ERROR_WANT_READ;
8051ab2b
MC		 4403 else if (BIO_should_io_special(bio)) {
4404 reason = BIO_get_retry_reason(bio);
4405 if (reason == BIO_RR_CONNECT)
26a7d938 4406 return SSL_ERROR_WANT_CONNECT;
8051ab2b 4407 else if (reason == BIO_RR_ACCEPT)
26a7d938 4408 return SSL_ERROR_WANT_ACCEPT;
8051ab2b 4409 else
26a7d938 4410 return SSL_ERROR_SYSCALL;
0f113f3e 4411 }
07bbc92c 4412 }
6b1bb98f 4413 if (SSL_want_x509_lookup(s))
26a7d938 4414 return SSL_ERROR_WANT_X509_LOOKUP;
0c3eb279
DDO		 4415 if (SSL_want_retry_verify(s))
4416 return SSL_ERROR_WANT_RETRY_VERIFY;
6b1bb98f 4417 if (SSL_want_async(s))
8051ab2b 4418 return SSL_ERROR_WANT_ASYNC;
6b1bb98f 4419 if (SSL_want_async_job(s))
8051ab2b 4420 return SSL_ERROR_WANT_ASYNC_JOB;
a9c0d8be
DB		 4421 if (SSL_want_client_hello_cb(s))
4422 return SSL_ERROR_WANT_CLIENT_HELLO_CB;
8051ab2b 4423
38b051a1
TM		 4424 if ((sc->shutdown & SSL_RECEIVED_SHUTDOWN) &&
4425 (sc->s3.warn_alert == SSL_AD_CLOSE_NOTIFY))
26a7d938 4426 return SSL_ERROR_ZERO_RETURN;
8051ab2b 4427
26a7d938 4428 return SSL_ERROR_SYSCALL;
0f113f3e 4429}
d02b48c6 4430
add2f5ca
MC		 4431static int ssl_do_handshake_intern(void *vargs)
4432{
38b051a1
TM		 4433 struct ssl_async_args *args = (struct ssl_async_args *)vargs;
4434 SSL *s = args->s;
4435 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
add2f5ca 4436
38b051a1
TM		 4437 if (sc == NULL)
4438 return -1;
add2f5ca 4439
38b051a1 4440 return sc->handshake_func(s);
add2f5ca
MC		 4441}
4442
4f43d0e7 4443int SSL_do_handshake(SSL *s)
0f113f3e
MC		 4444{
4445 int ret = 1;
38b051a1
TM		 4446 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4447
4448 /* TODO(QUIC): Special handling for QUIC will be needed */
4449 if (sc == NULL)
4450 return -1;
0f113f3e 4451
38b051a1 4452 if (sc->handshake_func == NULL) {
6849b73c 4453 ERR_raise(ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
add2f5ca 4454 return -1;
0f113f3e
MC		 4455 }
4456
38b051a1 4457 ossl_statem_check_finish_init(sc, -1);
49e7fe12 4458
c7f47786 4459 s->method->ssl_renegotiate_check(s, 0);
0f113f3e
MC		 4460
4461 if (SSL_in_init(s) || SSL_in_before(s)) {
38b051a1 4462 if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
add2f5ca
MC		 4463 struct ssl_async_args args;
4464
09134f18 4465 memset(&args, 0, sizeof(args));
add2f5ca
MC		 4466 args.s = s;
4467
7fecbf6f 4468 ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
add2f5ca 4469 } else {
38b051a1 4470 ret = sc->handshake_func(s);
add2f5ca 4471 }
0f113f3e 4472 }
add2f5ca 4473 return ret;
0f113f3e
MC		 4474}
4475
4f43d0e7 4476void SSL_set_accept_state(SSL *s)
0f113f3e 4477{
38b051a1
TM		 4478 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4479
4480 /* TODO(QUIC): Special handling for QUIC will be needed */
4481 if (sc == NULL)
4482 return;
4483
4484 sc->server = 1;
4485 sc->shutdown = 0;
4486 ossl_statem_clear(sc);
4487 sc->handshake_func = s->method->ssl_accept;
4488 clear_ciphers(sc);
0f113f3e 4489}
d02b48c6 4490
4f43d0e7 4491void SSL_set_connect_state(SSL *s)
0f113f3e 4492{
38b051a1
TM		 4493 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4494
4495 /* TODO(QUIC): Special handling for QUIC will be needed */
4496 if (sc == NULL)
4497 return;
4498
4499 sc->server = 0;
4500 sc->shutdown = 0;
4501 ossl_statem_clear(sc);
4502 sc->handshake_func = s->method->ssl_connect;
4503 clear_ciphers(sc);
0f113f3e 4504}
d02b48c6 4505
4f43d0e7 4506int ssl_undefined_function(SSL *s)
0f113f3e 4507{
6849b73c 4508 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
26a7d938 4509 return 0;
0f113f3e 4510}
d02b48c6 4511
41a15c4f 4512int ssl_undefined_void_function(void)
0f113f3e 4513{
6849b73c 4514 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
26a7d938 4515 return 0;
0f113f3e 4516}
41a15c4f 4517
0821bcd4 4518int ssl_undefined_const_function(const SSL *s)
0f113f3e 4519{
26a7d938 4520 return 0;
0f113f3e 4521}
0821bcd4 4522
2b8fa1d5 4523const SSL_METHOD *ssl_bad_method(int ver)
0f113f3e 4524{
6849b73c 4525 ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
26a7d938 4526 return NULL;
0f113f3e 4527}
d02b48c6 4528
3eb2aff4 4529const char *ssl_protocol_to_string(int version)
7d650072 4530{
1287dabd 4531 switch (version)
2abacef1
MC		 4532 {
4533 case TLS1_3_VERSION:
582a17d6 4534 return "TLSv1.3";
2abacef1
MC		 4535
4536 case TLS1_2_VERSION:
7d650072 4537 return "TLSv1.2";
2abacef1
MC		 4538
4539 case TLS1_1_VERSION:
7d650072 4540 return "TLSv1.1";
2abacef1
MC		 4541
4542 case TLS1_VERSION:
ee3a6c64 4543 return "TLSv1";
2abacef1
MC		 4544
4545 case SSL3_VERSION:
7d650072 4546 return "SSLv3";
2abacef1
MC		 4547
4548 case DTLS1_BAD_VER:
7d650072 4549 return "DTLSv0.9";
2abacef1
MC		 4550
4551 case DTLS1_VERSION:
7d650072 4552 return "DTLSv1";
2abacef1
MC		 4553
4554 case DTLS1_2_VERSION:
7d650072 4555 return "DTLSv1.2";
2abacef1
MC		 4556
4557 default:
4558 return "unknown";
4559 }
0f113f3e 4560}
d02b48c6 4561
7d650072
KR		 4562const char *SSL_get_version(const SSL *s)
4563{
38b051a1
TM		 4564 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
4565
4566 /* TODO(QUIC): Should QUIC return QUIC or TLSv1.3? */
4567 if (sc == NULL)
4568 return NULL;
4569
4570 return ssl_protocol_to_string(sc->version);
7d650072
KR		 4571}
4572
98732979 4573static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
0f113f3e
MC		 4574{
4575 STACK_OF(X509_NAME) *sk;
4576 X509_NAME *xn;
98732979
MC		 4577 int i;
4578
4579 if (src == NULL) {
4580 *dst = NULL;
4581 return 1;
4582 }
4583
4584 if ((sk = sk_X509_NAME_new_null()) == NULL)
4585 return 0;
4586 for (i = 0; i < sk_X509_NAME_num(src); i++) {
4587 xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
4588 if (xn == NULL) {
4589 sk_X509_NAME_pop_free(sk, X509_NAME_free);
4590 return 0;
4591 }
4592 if (sk_X509_NAME_insert(sk, xn, i) == 0) {
4593 X509_NAME_free(xn);
4594 sk_X509_NAME_pop_free(sk, X509_NAME_free);
4595 return 0;
4596 }
4597 }
4598 *dst = sk;
4599
4600 return 1;
4601}
4602
4603SSL *SSL_dup(SSL *s)
4604{
0f113f3e
MC		 4605 SSL *ret;
4606 int i;
38b051a1
TM		 4607 /* TODO(QUIC): Add a SSL_METHOD function for duplication */
4608 SSL_CONNECTION *retsc;
4609 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4610
4611 if (sc == NULL)
4612 return NULL;
0f113f3e 4613
919ba009
VD		 4614 /* If we're not quiescent, just up_ref! */
4615 if (!SSL_in_init(s) || !SSL_in_before(s)) {
2f545ae4 4616 CRYPTO_UP_REF(&s->references, &i, s->lock);
919ba009
VD		 4617 return s;
4618 }
4619
4620 /*
4621 * Otherwise, copy configuration state, and session if set.
4622 */
0f113f3e 4623 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
26a7d938 4624 return NULL;
38b051a1
TM		 4625 if ((retsc = SSL_CONNECTION_FROM_SSL_ONLY(ret)) == NULL)
4626 goto err;
0f113f3e 4627
38b051a1 4628 if (sc->session != NULL) {
919ba009
VD		 4629 /*
4630 * Arranges to share the same session via up_ref. This "copies"
4631 * session-id, SSL_METHOD, sid_ctx, and 'cert'
4632 */
61986d32 4633 if (!SSL_copy_session_id(ret, s))
17dd65e6 4634 goto err;
0f113f3e
MC		 4635 } else {
4636 /*
4637 * No session has been established yet, so we have to expect that
4638 * s->cert or ret->cert will be changed later -- they should not both
4639 * point to the same object, and thus we can't use
4640 * SSL_copy_session_id.
4641 */
919ba009
VD		 4642 if (!SSL_set_ssl_method(ret, s->method))
4643 goto err;
0f113f3e 4644
38b051a1
TM		 4645 if (sc->cert != NULL) {
4646 ssl_cert_free(retsc->cert);
4647 retsc->cert = ssl_cert_dup(sc->cert);
4648 if (retsc->cert == NULL)
0f113f3e
MC		 4649 goto err;
4650 }
4651
38b051a1
TM		 4652 if (!SSL_set_session_id_context(ret, sc->sid_ctx,
4653 (int)sc->sid_ctx_length))
69f68237 4654 goto err;
0f113f3e
MC		 4655 }
4656
38b051a1 4657 if (!ssl_dane_dup(retsc, sc))
9f6b22b8 4658 goto err;
38b051a1
TM		 4659 retsc->version = sc->version;
4660 retsc->options = sc->options;
4661 retsc->min_proto_version = sc->min_proto_version;
4662 retsc->max_proto_version = sc->max_proto_version;
4663 retsc->mode = sc->mode;
0f113f3e
MC		 4664 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
4665 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
38b051a1
TM		 4666 retsc->msg_callback = sc->msg_callback;
4667 retsc->msg_callback_arg = sc->msg_callback_arg;
0f113f3e
MC		 4668 SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
4669 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
38b051a1 4670 retsc->generate_session_id = sc->generate_session_id;
0f113f3e
MC		 4671
4672 SSL_set_info_callback(ret, SSL_get_info_callback(s));
4673
0f113f3e
MC		 4674 /* copy app data, a little dangerous perhaps */
4675 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
4676 goto err;
4677
38b051a1
TM		 4678 retsc->server = sc->server;
4679 if (sc->handshake_func) {
4680 if (sc->server)
919ba009
VD		 4681 SSL_set_accept_state(ret);
4682 else
4683 SSL_set_connect_state(ret);
4684 }
38b051a1
TM		 4685 retsc->shutdown = sc->shutdown;
4686 retsc->hit = sc->hit;
0f113f3e 4687
38b051a1
TM		 4688 retsc->default_passwd_callback = sc->default_passwd_callback;
4689 retsc->default_passwd_callback_userdata = sc->default_passwd_callback_userdata;
a974e64a 4690
38b051a1 4691 X509_VERIFY_PARAM_inherit(retsc->param, sc->param);
0f113f3e
MC		 4692
4693 /* dup the cipher_list and cipher_list_by_id stacks */
38b051a1
TM		 4694 if (sc->cipher_list != NULL) {
4695 if ((retsc->cipher_list = sk_SSL_CIPHER_dup(sc->cipher_list)) == NULL)
0f113f3e
MC		 4696 goto err;
4697 }
38b051a1
TM		 4698 if (sc->cipher_list_by_id != NULL)
4699 if ((retsc->cipher_list_by_id = sk_SSL_CIPHER_dup(sc->cipher_list_by_id))
0f113f3e
MC		 4700 == NULL)
4701 goto err;
4702
4703 /* Dup the client_CA list */
38b051a1
TM		 4704 if (!dup_ca_names(&retsc->ca_names, sc->ca_names)
4705 || !dup_ca_names(&retsc->client_ca_names, sc->client_ca_names))
98732979
MC		 4706 goto err;
4707
66696478 4708 return ret;
0f113f3e 4709
0f113f3e 4710 err:
66696478
RS		 4711 SSL_free(ret);
4712 return NULL;
0f113f3e 4713}
d02b48c6 4714
38b051a1 4715void ssl_clear_cipher_ctx(SSL_CONNECTION *s)
0f113f3e 4716{
09b6c2ef 4717#ifndef OPENSSL_NO_COMP
efa7dd64
RS		 4718 COMP_CTX_free(s->expand);
4719 s->expand = NULL;
4720 COMP_CTX_free(s->compress);
4721 s->compress = NULL;
0f113f3e
MC		 4722#endif
4723}
d02b48c6 4724
0821bcd4 4725X509 *SSL_get_certificate(const SSL *s)
0f113f3e 4726{
38b051a1
TM		 4727 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4728
4729 if (sc == NULL)
4730 return NULL;
4731
4732 if (sc->cert != NULL)
4733 return sc->cert->key->x509;
0f113f3e 4734 else
26a7d938 4735 return NULL;
0f113f3e 4736}
d02b48c6 4737
a25f9adc 4738EVP_PKEY *SSL_get_privatekey(const SSL *s)
0f113f3e 4739{
38b051a1
TM		 4740 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
4741
4742 if (sc == NULL)
4743 return NULL;
4744
4745 if (sc->cert != NULL)
4746 return sc->cert->key->privatekey;
0f113f3e 4747 else
26a7d938 4748 return NULL;
0f113f3e 4749}
d02b48c6 4750
a25f9adc 4751X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
0f113f3e
MC		 4752{
4753 if (ctx->cert != NULL)
4754 return ctx->cert->key->x509;
4755 else
4756 return NULL;
4757}
a25f9adc
DSH		 4758
4759EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
0f113f3e
MC		 4760{
4761 if (ctx->cert != NULL)
4762 return ctx->cert->key->privatekey;
4763 else
4764 return NULL;
4765}
a25f9adc 4766
babb3798 4767const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
0f113f3e 4768{
38b051a1
TM		 4769 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
4770
4771 if (sc == NULL)
4772 return NULL;
4773
4774 if ((sc->session != NULL) && (sc->session->cipher != NULL))
4775 return sc->session->cipher;
26a7d938 4776 return NULL;
0f113f3e
MC		 4777}
4778
0aed6e44
BK		 4779const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
4780{
38b051a1
TM		 4781 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
4782
4783 if (sc == NULL)
4784 return NULL;
4785
4786 return sc->s3.tmp.new_cipher;
0aed6e44
BK		 4787}
4788
3499327b 4789const COMP_METHOD *SSL_get_current_compression(const SSL *s)
0f113f3e 4790{
9a555706 4791#ifndef OPENSSL_NO_COMP
38b051a1
TM		 4792 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
4793
4794 if (sc == NULL)
4795 return NULL;
4796
1e76110b 4797 return sc->rlayer.wrlmethod->get_compression(sc->rlayer.wrl);
9a555706
RS		 4798#else
4799 return NULL;
4800#endif
0f113f3e 4801}
377dcdba 4802
3499327b 4803const COMP_METHOD *SSL_get_current_expansion(const SSL *s)
0f113f3e 4804{
9a555706 4805#ifndef OPENSSL_NO_COMP
38b051a1
TM		 4806 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
4807
4808 if (sc == NULL)
4809 return NULL;
4810
1e76110b 4811 return sc->rlayer.rrlmethod->get_compression(sc->rlayer.rrl);
9a555706
RS		 4812#else
4813 return NULL;
0f113f3e 4814#endif
9a555706 4815}
0f113f3e 4816
38b051a1 4817int ssl_init_wbio_buffer(SSL_CONNECTION *s)
0f113f3e
MC		 4818{
4819 BIO *bbio;
4820
2e7dc7cd
MC		 4821 if (s->bbio != NULL) {
4822 /* Already buffered. */
4823 return 1;
0f113f3e 4824 }
46417569 4825
2e7dc7cd
MC		 4826 bbio = BIO_new(BIO_f_buffer());
4827 if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
4828 BIO_free(bbio);
6849b73c 4829 ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
46417569 4830 return 0;
0f113f3e 4831 }
2e7dc7cd
MC		 4832 s->bbio = bbio;
4833 s->wbio = BIO_push(bbio, s->wbio);
46417569 4834
b5cf81f7
MC		 4835 s->rlayer.wrlmethod->set1_bio(s->rlayer.wrl, s->wbio);
4836
46417569 4837 return 1;
0f113f3e 4838}
413c4f45 4839
38b051a1 4840int ssl_free_wbio_buffer(SSL_CONNECTION *s)
0f113f3e 4841{
62adbcee 4842 /* callers ensure s is never null */
0f113f3e 4843 if (s->bbio == NULL)
b77f3ed1 4844 return 1;
0f113f3e 4845
2e7dc7cd 4846 s->wbio = BIO_pop(s->wbio);
b5cf81f7
MC		 4847 s->rlayer.wrlmethod->set1_bio(s->rlayer.wrl, s->wbio);
4848
0f113f3e
MC		 4849 BIO_free(s->bbio);
4850 s->bbio = NULL;
b77f3ed1
MC		 4851
4852 return 1;
0f113f3e
MC		 4853}
4854
4855void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
4856{
4857 ctx->quiet_shutdown = mode;
4858}
58964a49 4859
0821bcd4 4860int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
0f113f3e 4861{
26a7d938 4862 return ctx->quiet_shutdown;
0f113f3e 4863}
58964a49 4864
0f113f3e
MC		 4865void SSL_set_quiet_shutdown(SSL *s, int mode)
4866{
38b051a1
TM		 4867 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4868
4869 /* TODO(QUIC): Do we want this for QUIC? */
4870 if (sc == NULL)
4871 return;
4872
4873 sc->quiet_shutdown = mode;
0f113f3e 4874}
58964a49 4875
0821bcd4 4876int SSL_get_quiet_shutdown(const SSL *s)
0f113f3e 4877{
38b051a1
TM		 4878 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
4879
4880 /* TODO(QUIC): Do we want this for QUIC? */
4881 if (sc == NULL)
4882 return 0;
4883
4884 return sc->quiet_shutdown;
0f113f3e 4885}
58964a49 4886
0f113f3e
MC		 4887void SSL_set_shutdown(SSL *s, int mode)
4888{
38b051a1
TM		 4889 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
4890
4891 /* TODO(QUIC): Do we want this for QUIC? */
4892 if (sc == NULL)
4893 return;
4894
4895 sc->shutdown = mode;
0f113f3e 4896}
58964a49 4897
0821bcd4 4898int SSL_get_shutdown(const SSL *s)
0f113f3e 4899{
38b051a1
TM		 4900 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
4901
4902 /* TODO(QUIC): Do we want this for QUIC? */
4903 if (sc == NULL)
4904 return 0;
4905
4906 return sc->shutdown;
0f113f3e 4907}
58964a49 4908
0821bcd4 4909int SSL_version(const SSL *s)
0f113f3e 4910{
38b051a1
TM		 4911 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
4912
4913 /* TODO(QUIC): Do we want to report QUIC version this way instead? */
4914 if (sc == NULL)
4915 return 0;
4916
4917 return sc->version;
6546e9b2
AG		 4918}
4919
4920int SSL_client_version(const SSL *s)
4921{
38b051a1
TM		 4922 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
4923
4924 /* TODO(QUIC): Do we want to report QUIC version this way instead? */
4925 if (sc == NULL)
4926 return 0;
4927
4928 return sc->client_version;
0f113f3e 4929}
58964a49 4930
0821bcd4 4931SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
0f113f3e 4932{
6546e9b2 4933 return ssl->ctx;
0f113f3e
MC		 4934}
4935
4936SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
4937{
24a0d393 4938 CERT *new_cert;
38b051a1
TM		 4939 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
4940
4941 /* TODO(QUIC): Do we need this for QUIC support? */
4942 if (sc == NULL)
4943 return NULL;
4944
0f113f3e
MC		 4945 if (ssl->ctx == ctx)
4946 return ssl->ctx;
0f113f3e 4947 if (ctx == NULL)
38b051a1 4948 ctx = sc->session_ctx;
24a0d393
KR		 4949 new_cert = ssl_cert_dup(ctx->cert);
4950 if (new_cert == NULL) {
4951 return NULL;
0f113f3e 4952 }
21181889 4953
38b051a1 4954 if (!custom_exts_copy_flags(&new_cert->custext, &sc->cert->custext)) {
21181889
MC		 4955 ssl_cert_free(new_cert);
4956 return NULL;
4957 }
4958
38b051a1
TM		 4959 ssl_cert_free(sc->cert);
4960 sc->cert = new_cert;
0f113f3e
MC		 4961
4962 /*
4963 * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
4964 * so setter APIs must prevent invalid lengths from entering the system.
4965 */
38b051a1 4966 if (!ossl_assert(sc->sid_ctx_length <= sizeof(sc->sid_ctx)))
380a522f 4967 return NULL;
0f113f3e
MC		 4968
4969 /*
4970 * If the session ID context matches that of the parent SSL_CTX,
4971 * inherit it from the new SSL_CTX as well. If however the context does
4972 * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
4973 * leave it unchanged.
4974 */
4975 if ((ssl->ctx != NULL) &&
38b051a1
TM		 4976 (sc->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
4977 (memcmp(sc->sid_ctx, ssl->ctx->sid_ctx, sc->sid_ctx_length) == 0)) {
4978 sc->sid_ctx_length = ctx->sid_ctx_length;
4979 memcpy(&sc->sid_ctx, &ctx->sid_ctx, sizeof(sc->sid_ctx));
0f113f3e
MC		 4980 }
4981
16203f7b 4982 SSL_CTX_up_ref(ctx);
a230b26e 4983 SSL_CTX_free(ssl->ctx); /* decrement reference count */
0f113f3e
MC		 4984 ssl->ctx = ctx;
4985
16203f7b 4986 return ssl->ctx;
0f113f3e 4987}
ed3883d2 4988
4f43d0e7 4989int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
0f113f3e 4990{
d8652be0
MC		 4991 return X509_STORE_set_default_paths_ex(ctx->cert_store, ctx->libctx,
4992 ctx->propq);
0f113f3e 4993}
58964a49 4994
d84a7b20
MC		 4995int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
4996{
4997 X509_LOOKUP *lookup;
4998
4999 lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
5000 if (lookup == NULL)
5001 return 0;
6dcb100f
RL		 5002
5003 /* We ignore errors, in case the directory doesn't exist */
5004 ERR_set_mark();
5005
d84a7b20
MC		 5006 X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
5007
6dcb100f 5008 ERR_pop_to_mark();
d84a7b20
MC		 5009
5010 return 1;
5011}
5012
5013int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
5014{
5015 X509_LOOKUP *lookup;
5016
5017 lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
5018 if (lookup == NULL)
5019 return 0;
5020
492bc359 5021 /* We ignore errors, in case the file doesn't exist */
6dcb100f
RL		 5022 ERR_set_mark();
5023
d8652be0
MC		 5024 X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, ctx->libctx,
5025 ctx->propq);
d84a7b20 5026
6dcb100f
RL		 5027 ERR_pop_to_mark();
5028
5029 return 1;
5030}
5031
5032int SSL_CTX_set_default_verify_store(SSL_CTX *ctx)
5033{
5034 X509_LOOKUP *lookup;
5035
5036 lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_store());
5037 if (lookup == NULL)
5038 return 0;
5039
5040 /* We ignore errors, in case the directory doesn't exist */
5041 ERR_set_mark();
5042
d8652be0 5043 X509_LOOKUP_add_store_ex(lookup, NULL, ctx->libctx, ctx->propq);
6dcb100f
RL		 5044
5045 ERR_pop_to_mark();
d84a7b20
MC		 5046
5047 return 1;
5048}
5049
6dcb100f
RL		 5050int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile)
5051{
d8652be0
MC		 5052 return X509_STORE_load_file_ex(ctx->cert_store, CAfile, ctx->libctx,
5053 ctx->propq);
6dcb100f
RL		 5054}
5055
5056int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath)
5057{
5058 return X509_STORE_load_path(ctx->cert_store, CApath);
5059}
5060
5061int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
5062{
d8652be0
MC		 5063 return X509_STORE_load_store_ex(ctx->cert_store, CAstore, ctx->libctx,
5064 ctx->propq);
6dcb100f
RL		 5065}
5066
303c0028 5067int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
0f113f3e
MC		 5068 const char *CApath)
5069{
6dcb100f
RL		 5070 if (CAfile == NULL && CApath == NULL)
5071 return 0;
5072 if (CAfile != NULL && !SSL_CTX_load_verify_file(ctx, CAfile))
5073 return 0;
5074 if (CApath != NULL && !SSL_CTX_load_verify_dir(ctx, CApath))
5075 return 0;
5076 return 1;
0f113f3e 5077}
58964a49 5078
45d87a1f 5079void SSL_set_info_callback(SSL *ssl,
0f113f3e
MC		 5080 void (*cb) (const SSL *ssl, int type, int val))
5081{
38b051a1
TM		 5082 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
5083
5084 if (sc == NULL)
5085 return;
5086
5087 sc->info_callback = cb;
0f113f3e
MC		 5088}
5089
5090/*
5091 * One compiler (Diab DCC) doesn't like argument names in returned function
5092 * pointer.
5093 */
5094void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
5095 int /* type */ ,
5096 int /* val */ ) {
38b051a1
TM		 5097 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
5098
5099 if (sc == NULL)
5100 return NULL;
5101
5102 return sc->info_callback;
0f113f3e 5103}
58964a49 5104
0f113f3e
MC		 5105void SSL_set_verify_result(SSL *ssl, long arg)
5106{
38b051a1
TM		 5107 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
5108
5109 if (sc == NULL)
5110 return;
5111
5112 sc->verify_result = arg;
0f113f3e 5113}
58964a49 5114
0821bcd4 5115long SSL_get_verify_result(const SSL *ssl)
0f113f3e 5116{
38b051a1
TM		 5117 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
5118
5119 if (sc == NULL)
5120 return 0;
5121
5122 return sc->verify_result;
0f113f3e
MC		 5123}
5124
d9f1c639 5125size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
858618e7 5126{
38b051a1
TM		 5127 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
5128
5129 if (sc == NULL)
5130 return 0;
5131
6b8f5d0d 5132 if (outlen == 0)
38b051a1
TM		 5133 return sizeof(sc->s3.client_random);
5134 if (outlen > sizeof(sc->s3.client_random))
5135 outlen = sizeof(sc->s3.client_random);
5136 memcpy(out, sc->s3.client_random, outlen);
d9f1c639 5137 return outlen;
858618e7
NM		 5138}
5139
d9f1c639 5140size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
858618e7 5141{
38b051a1
TM		 5142 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
5143
5144 if (sc == NULL)
5145 return 0;
5146
6b8f5d0d 5147 if (outlen == 0)
38b051a1
TM		 5148 return sizeof(sc->s3.server_random);
5149 if (outlen > sizeof(sc->s3.server_random))
5150 outlen = sizeof(sc->s3.server_random);
5151 memcpy(out, sc->s3.server_random, outlen);
d9f1c639 5152 return outlen;
858618e7
NM		 5153}
5154
d9f1c639 5155size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
a230b26e 5156 unsigned char *out, size_t outlen)
858618e7 5157{
d9f1c639
MC		 5158 if (outlen == 0)
5159 return session->master_key_length;
8c1a5343 5160 if (outlen > session->master_key_length)
858618e7
NM		 5161 outlen = session->master_key_length;
5162 memcpy(out, session->master_key, outlen);
d9f1c639 5163 return outlen;
858618e7
NM		 5164}
5165
725b0f1e 5166int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
911d63f2
MC		 5167 size_t len)
5168{
5169 if (len > sizeof(sess->master_key))
5170 return 0;
5171
5172 memcpy(sess->master_key, in, len);
5173 sess->master_key_length = len;
911d63f2
MC		 5174 return 1;
5175}
5176
5177
0f113f3e
MC		 5178int SSL_set_ex_data(SSL *s, int idx, void *arg)
5179{
26a7d938 5180 return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
0f113f3e
MC		 5181}
5182
5183void *SSL_get_ex_data(const SSL *s, int idx)
5184{
26a7d938 5185 return CRYPTO_get_ex_data(&s->ex_data, idx);
0f113f3e
MC		 5186}
5187
0f113f3e
MC		 5188int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
5189{
26a7d938 5190 return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
0f113f3e
MC		 5191}
5192
5193void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
5194{
26a7d938 5195 return CRYPTO_get_ex_data(&s->ex_data, idx);
0f113f3e 5196}
58964a49 5197
0821bcd4 5198X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
0f113f3e 5199{
26a7d938 5200 return ctx->cert_store;
0f113f3e 5201}
413c4f45 5202
0f113f3e
MC		 5203void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
5204{
222561fe 5205 X509_STORE_free(ctx->cert_store);
0f113f3e
MC		 5206 ctx->cert_store = store;
5207}
413c4f45 5208
b50052db
TS		 5209void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
5210{
5211 if (store != NULL)
5212 X509_STORE_up_ref(store);
5213 SSL_CTX_set_cert_store(ctx, store);
5214}
5215
0821bcd4 5216int SSL_want(const SSL *s)
0f113f3e 5217{
38b051a1
TM		 5218 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
5219
5220 if (sc == NULL)
5221 return SSL_NOTHING;
5222
5223 return sc->rwstate;
0f113f3e 5224}
413c4f45 5225
ddac1974
NL		 5226#ifndef OPENSSL_NO_PSK
5227int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
0f113f3e
MC		 5228{
5229 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
6849b73c 5230 ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG);
0f113f3e
MC		 5231 return 0;
5232 }
df6da24b 5233 OPENSSL_free(ctx->cert->psk_identity_hint);
0f113f3e 5234 if (identity_hint != NULL) {
7644a9ae 5235 ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
df6da24b 5236 if (ctx->cert->psk_identity_hint == NULL)
0f113f3e
MC		 5237 return 0;
5238 } else
df6da24b 5239 ctx->cert->psk_identity_hint = NULL;
0f113f3e
MC		 5240 return 1;
5241}
ddac1974
NL		 5242
5243int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
0f113f3e 5244{
38b051a1
TM		 5245 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5246
5247 if (sc == NULL)
0f113f3e
MC		 5248 return 0;
5249
0f113f3e 5250 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
6849b73c 5251 ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG);
0f113f3e
MC		 5252 return 0;
5253 }
38b051a1 5254 OPENSSL_free(sc->cert->psk_identity_hint);
0f113f3e 5255 if (identity_hint != NULL) {
38b051a1
TM		 5256 sc->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
5257 if (sc->cert->psk_identity_hint == NULL)
0f113f3e
MC		 5258 return 0;
5259 } else
38b051a1 5260 sc->cert->psk_identity_hint = NULL;
0f113f3e
MC		 5261 return 1;
5262}
ddac1974
NL		 5263
5264const char *SSL_get_psk_identity_hint(const SSL *s)
0f113f3e 5265{
38b051a1
TM		 5266 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
5267
5268 if (sc == NULL || sc->session == NULL)
0f113f3e 5269 return NULL;
38b051a1
TM		 5270
5271 return sc->session->psk_identity_hint;
0f113f3e 5272}
ddac1974
NL		 5273
5274const char *SSL_get_psk_identity(const SSL *s)
0f113f3e 5275{
38b051a1
TM		 5276 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
5277
5278 if (sc == NULL || sc->session == NULL)
0f113f3e 5279 return NULL;
38b051a1
TM		 5280
5281 return sc->session->psk_identity;
0f113f3e 5282}
7806f3dd 5283
8cbfcc70 5284void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
0f113f3e 5285{
38b051a1
TM		 5286 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5287
5288 if (sc == NULL)
5289 return;
5290
5291 sc->psk_client_callback = cb;
0f113f3e 5292}
7806f3dd 5293
8cbfcc70 5294void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
0f113f3e
MC		 5295{
5296 ctx->psk_client_callback = cb;
5297}
7806f3dd 5298
8cbfcc70 5299void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
0f113f3e 5300{
38b051a1
TM		 5301 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5302
5303 if (sc == NULL)
5304 return;
5305
5306 sc->psk_server_callback = cb;
0f113f3e 5307}
7806f3dd 5308
8cbfcc70 5309void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
0f113f3e
MC		 5310{
5311 ctx->psk_server_callback = cb;
5312}
5313#endif
5314
f46184bd
MC		 5315void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
5316{
38b051a1
TM		 5317 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5318
5319 if (sc == NULL)
5320 return;
5321
5322 sc->psk_find_session_cb = cb;
f46184bd
MC		 5323}
5324
5325void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
5326 SSL_psk_find_session_cb_func cb)
5327{
5328 ctx->psk_find_session_cb = cb;
5329}
5330
5331void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
5332{
38b051a1
TM		 5333 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5334
5335 if (sc == NULL)
5336 return;
5337
5338 sc->psk_use_session_cb = cb;
f46184bd
MC		 5339}
5340
5341void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
5342 SSL_psk_use_session_cb_func cb)
5343{
5344 ctx->psk_use_session_cb = cb;
5345}
5346
0f113f3e
MC		 5347void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
5348 void (*cb) (int write_p, int version,
5349 int content_type, const void *buf,
5350 size_t len, SSL *ssl, void *arg))
5351{
5352 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
5353}
5354
5355void SSL_set_msg_callback(SSL *ssl,
5356 void (*cb) (int write_p, int version,
5357 int content_type, const void *buf,
5358 size_t len, SSL *ssl, void *arg))
5359{
5360 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
5361}
a661b653 5362
7c2d4fee 5363void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
0f113f3e
MC		 5364 int (*cb) (SSL *ssl,
5365 int
5366 is_forward_secure))
5367{
5368 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
5369 (void (*)(void))cb);
5370}
5371
7c2d4fee 5372void SSL_set_not_resumable_session_callback(SSL *ssl,
0f113f3e
MC		 5373 int (*cb) (SSL *ssl,
5374 int is_forward_secure))
5375{
5376 SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
5377 (void (*)(void))cb);
5378}
5379
c649d10d
TS		 5380void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
5381 size_t (*cb) (SSL *ssl, int type,
5382 size_t len, void *arg))
5383{
5384 ctx->record_padding_cb = cb;
5385}
5386
5387void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
5388{
5389 ctx->record_padding_arg = arg;
5390}
5391
3499327b 5392void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx)
c649d10d
TS		 5393{
5394 return ctx->record_padding_arg;
5395}
5396
5397int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
5398{
5399 /* block size of 0 or 1 is basically no padding */
5400 if (block_size == 1)
5401 ctx->block_padding = 0;
5402 else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
5403 ctx->block_padding = block_size;
5404 else
5405 return 0;
5406 return 1;
5407}
5408
a6d36303 5409int SSL_set_record_padding_callback(SSL *ssl,
c649d10d
TS		 5410 size_t (*cb) (SSL *ssl, int type,
5411 size_t len, void *arg))
5412{
a6d36303 5413 BIO *b;
38b051a1
TM		 5414 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
5415
5416 if (sc == NULL)
5417 return 0;
a6d36303
VF		 5418
5419 b = SSL_get_wbio(ssl);
5420 if (b == NULL || !BIO_get_ktls_send(b)) {
eb7d6c2a 5421 sc->rlayer.record_padding_cb = cb;
a6d36303
VF		 5422 return 1;
5423 }
5424 return 0;
c649d10d
TS		 5425}
5426
5427void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
5428{
38b051a1
TM		 5429 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
5430
5431 if (sc == NULL)
5432 return;
5433
eb7d6c2a 5434 sc->rlayer.record_padding_arg = arg;
c649d10d
TS		 5435}
5436
3499327b 5437void *SSL_get_record_padding_callback_arg(const SSL *ssl)
c649d10d 5438{
38b051a1
TM		 5439 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
5440
5441 if (sc == NULL)
5442 return NULL;
5443
eb7d6c2a 5444 return sc->rlayer.record_padding_arg;
c649d10d
TS		 5445}
5446
5447int SSL_set_block_padding(SSL *ssl, size_t block_size)
5448{
38b051a1
TM		 5449 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
5450
5451 if (sc == NULL)
5452 return 0;
5453
c649d10d
TS		 5454 /* block size of 0 or 1 is basically no padding */
5455 if (block_size == 1)
eb7d6c2a 5456 sc->rlayer.block_padding = 0;
c649d10d 5457 else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
eb7d6c2a 5458 sc->rlayer.block_padding = block_size;
c649d10d
TS		 5459 else
5460 return 0;
5461 return 1;
5462}
5463
9d0a8bb7
MC		 5464int SSL_set_num_tickets(SSL *s, size_t num_tickets)
5465{
38b051a1
TM		 5466 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5467
5468 if (sc == NULL)
5469 return 0;
5470
5471 sc->num_tickets = num_tickets;
9d0a8bb7
MC		 5472
5473 return 1;
5474}
5475
3499327b 5476size_t SSL_get_num_tickets(const SSL *s)
9d0a8bb7 5477{
38b051a1
TM		 5478 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
5479
5480 if (sc == NULL)
5481 return 0;
5482
5483 return sc->num_tickets;
9d0a8bb7
MC		 5484}
5485
5486int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
5487{
5488 ctx->num_tickets = num_tickets;
5489
5490 return 1;
5491}
5492
3499327b 5493size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
9d0a8bb7
MC		 5494{
5495 return ctx->num_tickets;
5496}
5497
48fbcbac 5498/* Retrieve handshake hashes */
38b051a1
TM		 5499int ssl_handshake_hash(SSL_CONNECTION *s,
5500 unsigned char *out, size_t outlen,
8c1a5343 5501 size_t *hashlen)
48fbcbac 5502{
6e59a892 5503 EVP_MD_CTX *ctx = NULL;
555cbb32 5504 EVP_MD_CTX *hdgst = s->s3.handshake_dgst;
ed576acd 5505 int hashleni = EVP_MD_CTX_get_size(hdgst);
8c1a5343
MC		 5506 int ret = 0;
5507
f63a17d6 5508 if (hashleni < 0 || (size_t)hashleni > outlen) {
c48ffbcc 5509 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
28ba2541 5510 goto err;
f63a17d6 5511 }
8c1a5343 5512
bfb0641f 5513 ctx = EVP_MD_CTX_new();
147ed5f9
TL		 5514 if (ctx == NULL) {
5515 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
6e59a892 5516 goto err;
147ed5f9 5517 }
8c1a5343 5518
6e59a892 5519 if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
f63a17d6 5520 || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
c48ffbcc 5521 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
8c1a5343 5522 goto err;
f63a17d6 5523 }
8c1a5343
MC		 5524
5525 *hashlen = hashleni;
5526
5527 ret = 1;
48fbcbac 5528 err:
bfb0641f 5529 EVP_MD_CTX_free(ctx);
48fbcbac
DSH		 5530 return ret;
5531}
5532
c04b66b1 5533int SSL_session_reused(const SSL *s)
0f113f3e 5534{
38b051a1
TM		 5535 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
5536
5537 if (sc == NULL)
5538 return 0;
5539
5540 return sc->hit;
0f113f3e 5541}
08557cf2 5542
69443116 5543int SSL_is_server(const SSL *s)
0f113f3e 5544{
38b051a1
TM		 5545 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
5546
5547 if (sc == NULL)
5548 return 0;
5549
5550 return sc->server;
0f113f3e 5551}
87adf1fa 5552
00db8c60 5553#ifndef OPENSSL_NO_DEPRECATED_1_1_0
47153c72
RS		 5554void SSL_set_debug(SSL *s, int debug)
5555{
5556 /* Old function was do-nothing anyway... */
5557 (void)s;
5558 (void)debug;
5559}
5560#endif
5561
b362ccab 5562void SSL_set_security_level(SSL *s, int level)
0f113f3e 5563{
38b051a1
TM		 5564 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5565
5566 if (sc == NULL)
5567 return;
5568
5569 sc->cert->sec_level = level;
0f113f3e 5570}
b362ccab
DSH		 5571
5572int SSL_get_security_level(const SSL *s)
0f113f3e 5573{
38b051a1
TM		 5574 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
5575
5576 if (sc == NULL)
5577 return 0;
5578
5579 return sc->cert->sec_level;
0f113f3e 5580}
b362ccab 5581
0f113f3e 5582void SSL_set_security_callback(SSL *s,
a230b26e
EK		 5583 int (*cb) (const SSL *s, const SSL_CTX *ctx,
5584 int op, int bits, int nid,
5585 void *other, void *ex))
0f113f3e 5586{
38b051a1
TM		 5587 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5588
5589 if (sc == NULL)
5590 return;
5591
5592 sc->cert->sec_cb = cb;
0f113f3e 5593}
b362ccab 5594
a230b26e
EK		 5595int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
5596 const SSL_CTX *ctx, int op,
5597 int bits, int nid, void *other,
5598 void *ex) {
38b051a1
TM		 5599 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
5600
5601 if (sc == NULL)
5602 return NULL;
5603
5604 return sc->cert->sec_cb;
0f113f3e 5605}
b362ccab
DSH		 5606
5607void SSL_set0_security_ex_data(SSL *s, void *ex)
0f113f3e 5608{
38b051a1
TM		 5609 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5610
5611 if (sc == NULL)
5612 return;
5613
5614 sc->cert->sec_ex = ex;
0f113f3e 5615}
b362ccab
DSH		 5616
5617void *SSL_get0_security_ex_data(const SSL *s)
0f113f3e 5618{
38b051a1
TM		 5619 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
5620
5621 if (sc == NULL)
5622 return NULL;
5623
5624 return sc->cert->sec_ex;
0f113f3e 5625}
b362ccab
DSH		 5626
5627void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
0f113f3e
MC		 5628{
5629 ctx->cert->sec_level = level;
5630}
b362ccab
DSH		 5631
5632int SSL_CTX_get_security_level(const SSL_CTX *ctx)
0f113f3e
MC		 5633{
5634 return ctx->cert->sec_level;
5635}
b362ccab 5636
0f113f3e 5637void SSL_CTX_set_security_callback(SSL_CTX *ctx,
a230b26e
EK		 5638 int (*cb) (const SSL *s, const SSL_CTX *ctx,
5639 int op, int bits, int nid,
5640 void *other, void *ex))
0f113f3e
MC		 5641{
5642 ctx->cert->sec_cb = cb;
5643}
b362ccab 5644
e4646a89
KR		 5645int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
5646 const SSL_CTX *ctx,
0f113f3e
MC		 5647 int op, int bits,
5648 int nid,
5649 void *other,
5650 void *ex) {
5651 return ctx->cert->sec_cb;
5652}
b362ccab
DSH		 5653
5654void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
0f113f3e
MC		 5655{
5656 ctx->cert->sec_ex = ex;
5657}
b362ccab
DSH		 5658
5659void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
0f113f3e
MC		 5660{
5661 return ctx->cert->sec_ex;
5662}
b362ccab 5663
56bd1783 5664uint64_t SSL_CTX_get_options(const SSL_CTX *ctx)
8106cb8b
VD		 5665{
5666 return ctx->options;
5667}
a230b26e 5668
56bd1783 5669uint64_t SSL_get_options(const SSL *s)
8106cb8b 5670{
38b051a1
TM		 5671 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
5672
5673 if (sc == NULL)
5674 return 0;
5675
5676 return sc->options;
8106cb8b 5677}
a230b26e 5678
56bd1783 5679uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op)
8106cb8b
VD		 5680{
5681 return ctx->options |= op;
5682}
a230b26e 5683
56bd1783 5684uint64_t SSL_set_options(SSL *s, uint64_t op)
8106cb8b 5685{
38b051a1 5686 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
4566dae7 5687 OSSL_PARAM options[2], *opts = options;
38b051a1
TM		 5688
5689 if (sc == NULL)
5690 return 0;
5691
4566dae7
MC		 5692 sc->options |= op;
5693
5694 *opts++ = OSSL_PARAM_construct_uint64(OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS,
5695 &sc->options);
5696 *opts = OSSL_PARAM_construct_end();
5697
5698 /* Ignore return value */
5699 sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
5700
5701 return sc->options;
8106cb8b 5702}
a230b26e 5703
56bd1783 5704uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op)
8106cb8b
VD		 5705{
5706 return ctx->options &= ~op;
5707}
a230b26e 5708
56bd1783 5709uint64_t SSL_clear_options(SSL *s, uint64_t op)
8106cb8b 5710{
38b051a1
TM		 5711 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5712
5713 if (sc == NULL)
5714 return 0;
5715
5716 return sc->options &= ~op;
8106cb8b
VD		 5717}
5718
696178ed
DSH		 5719STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
5720{
38b051a1
TM		 5721 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
5722
5723 if (sc == NULL)
5724 return NULL;
5725
5726 return sc->verified_chain;
696178ed
DSH		 5727}
5728
0f113f3e 5729IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
ed29e82a
RP		 5730
5731#ifndef OPENSSL_NO_CT
5732
5733/*
5734 * Moves SCTs from the |src| stack to the |dst| stack.
5735 * The source of each SCT will be set to |origin|.
5736 * If |dst| points to a NULL pointer, a new stack will be created and owned by
5737 * the caller.
5738 * Returns the number of SCTs moved, or a negative integer if an error occurs.
5739 */
a230b26e
EK		 5740static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
5741 sct_source_t origin)
ed29e82a
RP		 5742{
5743 int scts_moved = 0;
5744 SCT *sct = NULL;
5745
5746 if (*dst == NULL) {
5747 *dst = sk_SCT_new_null();
5748 if (*dst == NULL) {
e077455e 5749 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
ed29e82a
RP		 5750 goto err;
5751 }
5752 }
5753
a8086e6b 5754 while ((sct = sk_SCT_pop(src)) != NULL) {
ed29e82a
RP		 5755 if (SCT_set_source(sct, origin) != 1)
5756 goto err;
5757
5758 if (sk_SCT_push(*dst, sct) <= 0)
5759 goto err;
5760 scts_moved += 1;
5761 }
5762
5763 return scts_moved;
a230b26e 5764 err:
ed29e82a 5765 if (sct != NULL)
a230b26e 5766 sk_SCT_push(src, sct); /* Put the SCT back */
cc7113e8 5767 return -1;
ed29e82a
RP		 5768}
5769
5770/*
a230b26e 5771 * Look for data collected during ServerHello and parse if found.
6b13bd1d 5772 * Returns the number of SCTs extracted.
a230b26e 5773 */
38b051a1 5774static int ct_extract_tls_extension_scts(SSL_CONNECTION *s)
ed29e82a
RP		 5775{
5776 int scts_extracted = 0;
5777
aff8c126
RS		 5778 if (s->ext.scts != NULL) {
5779 const unsigned char *p = s->ext.scts;
5780 STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
ed29e82a
RP		 5781
5782 scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
5783
5784 SCT_LIST_free(scts);
5785 }
5786
5787 return scts_extracted;
5788}
5789
5790/*
5791 * Checks for an OCSP response and then attempts to extract any SCTs found if it
5792 * contains an SCT X509 extension. They will be stored in |s->scts|.
5793 * Returns:
5794 * - The number of SCTs extracted, assuming an OCSP response exists.
5795 * - 0 if no OCSP response exists or it contains no SCTs.
5796 * - A negative integer if an error occurs.
5797 */
38b051a1 5798static int ct_extract_ocsp_response_scts(SSL_CONNECTION *s)
ed29e82a 5799{
a230b26e 5800# ifndef OPENSSL_NO_OCSP
ed29e82a
RP		 5801 int scts_extracted = 0;
5802 const unsigned char *p;
5803 OCSP_BASICRESP *br = NULL;
5804 OCSP_RESPONSE *rsp = NULL;
5805 STACK_OF(SCT) *scts = NULL;
5806 int i;
5807
aff8c126 5808 if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
ed29e82a
RP		 5809 goto err;
5810
aff8c126
RS		 5811 p = s->ext.ocsp.resp;
5812 rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
ed29e82a
RP		 5813 if (rsp == NULL)
5814 goto err;
5815
5816 br = OCSP_response_get1_basic(rsp);
5817 if (br == NULL)
5818 goto err;
5819
5820 for (i = 0; i < OCSP_resp_count(br); ++i) {
5821 OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
5822
5823 if (single == NULL)
5824 continue;
5825
a230b26e
EK		 5826 scts =
5827 OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
5828 scts_extracted =
5829 ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
ed29e82a
RP		 5830 if (scts_extracted < 0)
5831 goto err;
5832 }
a230b26e 5833 err:
ed29e82a
RP		 5834 SCT_LIST_free(scts);
5835 OCSP_BASICRESP_free(br);
5836 OCSP_RESPONSE_free(rsp);
5837 return scts_extracted;
a230b26e 5838# else
3e41ac35
MC		 5839 /* Behave as if no OCSP response exists */
5840 return 0;
a230b26e 5841# endif
ed29e82a
RP		 5842}
5843
5844/*
5845 * Attempts to extract SCTs from the peer certificate.
5846 * Return the number of SCTs extracted, or a negative integer if an error
5847 * occurs.
5848 */
38b051a1 5849static int ct_extract_x509v3_extension_scts(SSL_CONNECTION *s)
ed29e82a
RP		 5850{
5851 int scts_extracted = 0;
3f3c7d26 5852 X509 *cert = s->session != NULL ? s->session->peer : NULL;
ed29e82a
RP		 5853
5854 if (cert != NULL) {
5855 STACK_OF(SCT) *scts =
5856 X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
5857
5858 scts_extracted =
5859 ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
5860
5861 SCT_LIST_free(scts);
5862 }
5863
5864 return scts_extracted;
5865}
5866
5867/*
5868 * Attempts to find all received SCTs by checking TLS extensions, the OCSP
5869 * response (if it exists) and X509v3 extensions in the certificate.
5870 * Returns NULL if an error occurs.
5871 */
5872const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
5873{
38b051a1
TM		 5874 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5875
5876 if (sc == NULL)
5877 return NULL;
5878
5879 if (!sc->scts_parsed) {
5880 if (ct_extract_tls_extension_scts(sc) < 0 ||
5881 ct_extract_ocsp_response_scts(sc) < 0 ||
5882 ct_extract_x509v3_extension_scts(sc) < 0)
ed29e82a
RP		 5883 goto err;
5884
38b051a1 5885 sc->scts_parsed = 1;
ed29e82a 5886 }
38b051a1 5887 return sc->scts;
a230b26e 5888 err:
ed29e82a
RP		 5889 return NULL;
5890}
5891
a230b26e 5892static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
43341433 5893 const STACK_OF(SCT) *scts, void *unused_arg)
ed29e82a 5894{
43341433
VD		 5895 return 1;
5896}
5897
a230b26e 5898static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
43341433
VD		 5899 const STACK_OF(SCT) *scts, void *unused_arg)
5900{
5901 int count = scts != NULL ? sk_SCT_num(scts) : 0;
5902 int i;
ed29e82a 5903
43341433
VD		 5904 for (i = 0; i < count; ++i) {
5905 SCT *sct = sk_SCT_value(scts, i);
5906 int status = SCT_get_validation_status(sct);
5907
5908 if (status == SCT_VALIDATION_STATUS_VALID)
5909 return 1;
5910 }
6849b73c 5911 ERR_raise(ERR_LIB_SSL, SSL_R_NO_VALID_SCTS);
43341433
VD		 5912 return 0;
5913}
5914
5915int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
5916 void *arg)
5917{
38b051a1
TM		 5918 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
5919
5920 if (sc == NULL)
5921 return 0;
5922
ed29e82a
RP		 5923 /*
5924 * Since code exists that uses the custom extension handler for CT, look
5925 * for this and throw an error if they have already registered to use CT.
5926 */
5927 if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
a230b26e
EK		 5928 TLSEXT_TYPE_signed_certificate_timestamp))
5929 {
6849b73c 5930 ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
43341433 5931 return 0;
ed29e82a
RP		 5932 }
5933
ed29e82a 5934 if (callback != NULL) {
a230b26e
EK		 5935 /*
5936 * If we are validating CT, then we MUST accept SCTs served via OCSP
5937 */
ed29e82a 5938 if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
43341433 5939 return 0;
ed29e82a
RP		 5940 }
5941
38b051a1
TM		 5942 sc->ct_validation_callback = callback;
5943 sc->ct_validation_callback_arg = arg;
43341433
VD		 5944
5945 return 1;
ed29e82a
RP		 5946}
5947
43341433 5948int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
a230b26e 5949 ssl_ct_validation_cb callback, void *arg)
ed29e82a 5950{
ed29e82a
RP		 5951 /*
5952 * Since code exists that uses the custom extension handler for CT, look for
5953 * this and throw an error if they have already registered to use CT.
5954 */
5955 if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
a230b26e
EK		 5956 TLSEXT_TYPE_signed_certificate_timestamp))
5957 {
6849b73c 5958 ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
43341433 5959 return 0;
ed29e82a
RP		 5960 }
5961
5962 ctx->ct_validation_callback = callback;
5963 ctx->ct_validation_callback_arg = arg;
43341433 5964 return 1;
ed29e82a
RP		 5965}
5966
43341433 5967int SSL_ct_is_enabled(const SSL *s)
ed29e82a 5968{
38b051a1
TM		 5969 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
5970
5971 if (sc == NULL)
5972 return 0;
5973
5974 return sc->ct_validation_callback != NULL;
ed29e82a
RP		 5975}
5976
43341433 5977int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
ed29e82a 5978{
43341433 5979 return ctx->ct_validation_callback != NULL;
ed29e82a
RP		 5980}
5981
38b051a1 5982int ssl_validate_ct(SSL_CONNECTION *s)
ed29e82a
RP		 5983{
5984 int ret = 0;
3f3c7d26 5985 X509 *cert = s->session != NULL ? s->session->peer : NULL;
43341433 5986 X509 *issuer;
b9aec69a 5987 SSL_DANE *dane = &s->dane;
ed29e82a
RP		 5988 CT_POLICY_EVAL_CTX *ctx = NULL;
5989 const STACK_OF(SCT) *scts;
5990
43341433
VD		 5991 /*
5992 * If no callback is set, the peer is anonymous, or its chain is invalid,
5993 * skip SCT validation - just return success. Applications that continue
5994 * handshakes without certificates, with unverified chains, or pinned leaf
5995 * certificates are outside the scope of the WebPKI and CT.
5996 *
5997 * The above exclusions notwithstanding the vast majority of peers will
5998 * have rather ordinary certificate chains validated by typical
5999 * applications that perform certificate verification and therefore will
6000 * process SCTs when enabled.
6001 */
6002 if (s->ct_validation_callback == NULL || cert == NULL ||
6003 s->verify_result != X509_V_OK ||
a230b26e 6004 s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
ed29e82a
RP		 6005 return 1;
6006
43341433
VD		 6007 /*
6008 * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
6009 * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2
6010 */
6011 if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
6012 switch (dane->mtlsa->usage) {
6013 case DANETLS_USAGE_DANE_TA:
6014 case DANETLS_USAGE_DANE_EE:
6015 return 1;
6016 }
ed29e82a
RP		 6017 }
6018
38b051a1
TM		 6019 ctx = CT_POLICY_EVAL_CTX_new_ex(SSL_CONNECTION_GET_CTX(s)->libctx,
6020 SSL_CONNECTION_GET_CTX(s)->propq);
ed29e82a 6021 if (ctx == NULL) {
e077455e 6022 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CT_LIB);
ed29e82a
RP		 6023 goto end;
6024 }
6025
43341433 6026 issuer = sk_X509_value(s->verified_chain, 1);
a1bb7708
RP		 6027 CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
6028 CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
38b051a1
TM		 6029 CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx,
6030 SSL_CONNECTION_GET_CTX(s)->ctlog_store);
6a71e06d 6031 CT_POLICY_EVAL_CTX_set_time(
38b051a1 6032 ctx, (uint64_t)SSL_SESSION_get_time(s->session) * 1000);
ed29e82a 6033
38b051a1 6034 scts = SSL_get0_peer_scts(SSL_CONNECTION_GET_SSL(s));
ed29e82a 6035
43341433
VD		 6036 /*
6037 * This function returns success (> 0) only when all the SCTs are valid, 0
6038 * when some are invalid, and < 0 on various internal errors (out of
6039 * memory, etc.). Having some, or even all, invalid SCTs is not sufficient
6040 * reason to abort the handshake, that decision is up to the callback.
6041 * Therefore, we error out only in the unexpected case that the return
6042 * value is negative.
6043 *
6044 * XXX: One might well argue that the return value of this function is an
f430ba31 6045 * unfortunate design choice. Its job is only to determine the validation
43341433
VD		 6046 * status of each of the provided SCTs. So long as it correctly separates
6047 * the wheat from the chaff it should return success. Failure in this case
6048 * ought to correspond to an inability to carry out its duties.
6049 */
6050 if (SCT_LIST_validate(scts, ctx) < 0) {
c48ffbcc 6051 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_SCT_VERIFICATION_FAILED);
ed29e82a
RP		 6052 goto end;
6053 }
6054
6055 ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
6056 if (ret < 0)
a230b26e 6057 ret = 0; /* This function returns 0 on failure */
f63a17d6 6058 if (!ret)
c48ffbcc 6059 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_CALLBACK_FAILED);
ed29e82a 6060
a230b26e 6061 end:
ed29e82a 6062 CT_POLICY_EVAL_CTX_free(ctx);
f75b34c8
VD		 6063 /*
6064 * With SSL_VERIFY_NONE the session may be cached and re-used despite a
6065 * failure return code here. Also the application may wish the complete
6066 * the handshake, and then disconnect cleanly at a higher layer, after
6067 * checking the verification status of the completed connection.
6068 *
6069 * We therefore force a certificate verification failure which will be
6070 * visible via SSL_get_verify_result() and cached as part of any resumed
6071 * session.
6072 *
6073 * Note: the permissive callback is for information gathering only, always
6074 * returns success, and does not affect verification status. Only the
6075 * strict callback or a custom application-specified callback can trigger
6076 * connection failure or record a verification error.
6077 */
6078 if (ret <= 0)
6079 s->verify_result = X509_V_ERR_NO_VALID_SCTS;
ed29e82a
RP		 6080 return ret;
6081}
6082
43341433
VD		 6083int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
6084{
6085 switch (validation_mode) {
6086 default:
6849b73c 6087 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE);
43341433
VD		 6088 return 0;
6089 case SSL_CT_VALIDATION_PERMISSIVE:
6090 return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
6091 case SSL_CT_VALIDATION_STRICT:
6092 return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
6093 }
6094}
6095
6096int SSL_enable_ct(SSL *s, int validation_mode)
6097{
6098 switch (validation_mode) {
6099 default:
6849b73c 6100 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE);
43341433
VD		 6101 return 0;
6102 case SSL_CT_VALIDATION_PERMISSIVE:
6103 return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
6104 case SSL_CT_VALIDATION_STRICT:
6105 return SSL_set_ct_validation_callback(s, ct_strict, NULL);
6106 }
6107}
6108
ed29e82a
RP		 6109int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
6110{
328f36c5 6111 return CTLOG_STORE_load_default_file(ctx->ctlog_store);
ed29e82a
RP		 6112}
6113
6114int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
6115{
6116 return CTLOG_STORE_load_file(ctx->ctlog_store, path);
6117}
6118
a230b26e 6119void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
8359b57f
RP		 6120{
6121 CTLOG_STORE_free(ctx->ctlog_store);
6122 ctx->ctlog_store = logs;
6123}
6124
6125const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
6126{
6127 return ctx->ctlog_store;
6128}
6129
6b1bb98f
BK		 6130#endif /* OPENSSL_NO_CT */
6131
a9c0d8be
DB		 6132void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
6133 void *arg)
6b1bb98f 6134{
a9c0d8be
DB		 6135 c->client_hello_cb = cb;
6136 c->client_hello_cb_arg = arg;
6b1bb98f
BK		 6137}
6138
a9c0d8be 6139int SSL_client_hello_isv2(SSL *s)
6b1bb98f 6140{
38b051a1
TM		 6141 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6142
6143 if (sc == NULL)
6144 return 0;
6145
6146 if (sc->clienthello == NULL)
6b1bb98f 6147 return 0;
38b051a1 6148 return sc->clienthello->isv2;
6b1bb98f
BK		 6149}
6150
a9c0d8be 6151unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
6b1bb98f 6152{
38b051a1
TM		 6153 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6154
6155 if (sc == NULL)
6156 return 0;
6157
6158 if (sc->clienthello == NULL)
6b1bb98f 6159 return 0;
38b051a1 6160 return sc->clienthello->legacy_version;
6b1bb98f
BK		 6161}
6162
a9c0d8be 6163size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
6b1bb98f 6164{
38b051a1
TM		 6165 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6166
6167 if (sc == NULL)
6168 return 0;
6169
6170 if (sc->clienthello == NULL)
6b1bb98f
BK		 6171 return 0;
6172 if (out != NULL)
38b051a1 6173 *out = sc->clienthello->random;
6b1bb98f
BK		 6174 return SSL3_RANDOM_SIZE;
6175}
6176
a9c0d8be 6177size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
6b1bb98f 6178{
38b051a1
TM		 6179 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6180
6181 if (sc == NULL)
6182 return 0;
6183
6184 if (sc->clienthello == NULL)
6b1bb98f
BK		 6185 return 0;
6186 if (out != NULL)
38b051a1
TM		 6187 *out = sc->clienthello->session_id;
6188 return sc->clienthello->session_id_len;
6b1bb98f
BK		 6189}
6190
a9c0d8be 6191size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
6b1bb98f 6192{
38b051a1
TM		 6193 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6194
6195 if (sc == NULL)
6196 return 0;
6197
6198 if (sc->clienthello == NULL)
6b1bb98f
BK		 6199 return 0;
6200 if (out != NULL)
38b051a1
TM		 6201 *out = PACKET_data(&sc->clienthello->ciphersuites);
6202 return PACKET_remaining(&sc->clienthello->ciphersuites);
6b1bb98f
BK		 6203}
6204
a9c0d8be 6205size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
6b1bb98f 6206{
38b051a1
TM		 6207 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6208
6209 if (sc == NULL)
6210 return 0;
6211
6212 if (sc->clienthello == NULL)
6b1bb98f
BK		 6213 return 0;
6214 if (out != NULL)
38b051a1
TM		 6215 *out = sc->clienthello->compressions;
6216 return sc->clienthello->compressions_len;
6b1bb98f
BK		 6217}
6218
a9c0d8be 6219int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
193b5d76
BK		 6220{
6221 RAW_EXTENSION *ext;
6222 int *present;
6223 size_t num = 0, i;
38b051a1 6224 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
193b5d76 6225
38b051a1 6226 if (sc == NULL)
193b5d76 6227 return 0;
38b051a1
TM		 6228
6229 if (sc->clienthello == NULL || out == NULL || outlen == NULL)
6230 return 0;
6231 for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
6232 ext = sc->clienthello->pre_proc_exts + i;
193b5d76
BK		 6233 if (ext->present)
6234 num++;
6235 }
6fda11ae 6236 if (num == 0) {
6237 *out = NULL;
6238 *outlen = 0;
6239 return 1;
6240 }
e077455e 6241 if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL)
193b5d76 6242 return 0;
38b051a1
TM		 6243 for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
6244 ext = sc->clienthello->pre_proc_exts + i;
193b5d76
BK		 6245 if (ext->present) {
6246 if (ext->received_order >= num)
6247 goto err;
6248 present[ext->received_order] = ext->type;
6249 }
6250 }
6251 *out = present;
6252 *outlen = num;
6253 return 1;
6254 err:
6255 OPENSSL_free(present);
6256 return 0;
6257}
6258
13a53fbf
PL		 6259int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, size_t *num_exts)
6260{
6261 RAW_EXTENSION *ext;
6262 size_t num = 0, i;
38b051a1
TM		 6263 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6264
6265 if (sc == NULL)
6266 return 0;
13a53fbf 6267
38b051a1 6268 if (sc->clienthello == NULL || num_exts == NULL)
13a53fbf 6269 return 0;
38b051a1
TM		 6270 for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
6271 ext = sc->clienthello->pre_proc_exts + i;
13a53fbf
PL		 6272 if (ext->present)
6273 num++;
6274 }
6275 if (num == 0) {
6276 *num_exts = 0;
6277 return 1;
6278 }
6279 if (exts == NULL) {
6280 *num_exts = num;
6281 return 1;
6282 }
6283 if (*num_exts < num)
6284 return 0;
38b051a1
TM		 6285 for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
6286 ext = sc->clienthello->pre_proc_exts + i;
13a53fbf
PL		 6287 if (ext->present) {
6288 if (ext->received_order >= num)
6289 return 0;
6290 exts[ext->received_order] = ext->type;
6291 }
6292 }
6293 *num_exts = num;
6294 return 1;
6295}
6296
a9c0d8be 6297int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
6b1bb98f
BK		 6298 size_t *outlen)
6299{
6300 size_t i;
6301 RAW_EXTENSION *r;
38b051a1 6302 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6b1bb98f 6303
38b051a1 6304 if (sc == NULL)
6b1bb98f 6305 return 0;
38b051a1
TM		 6306
6307 if (sc->clienthello == NULL)
6308 return 0;
6309 for (i = 0; i < sc->clienthello->pre_proc_exts_len; ++i) {
6310 r = sc->clienthello->pre_proc_exts + i;
6b1bb98f
BK		 6311 if (r->present && r->type == type) {
6312 if (out != NULL)
6313 *out = PACKET_data(&r->data);
6314 if (outlen != NULL)
6315 *outlen = PACKET_remaining(&r->data);
6316 return 1;
6317 }
6318 }
6319 return 0;
6320}
2faa1b48 6321
a58eb06d
TS		 6322int SSL_free_buffers(SSL *ssl)
6323{
38b051a1
TM		 6324 RECORD_LAYER *rl;
6325 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
6326
6327 if (sc == NULL)
6328 return 0;
6329
6330 rl = &sc->rlayer;
a58eb06d 6331
7eb39ecb
MC		 6332 return rl->rrlmethod->free_buffers(rl->rrl)
6333 && rl->wrlmethod->free_buffers(rl->wrl);
a58eb06d
TS		 6334}
6335
6336int SSL_alloc_buffers(SSL *ssl)
6337{
7eb39ecb 6338 RECORD_LAYER *rl;
38b051a1
TM		 6339 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
6340
6341 if (sc == NULL)
6342 return 0;
6343
7eb39ecb
MC		 6344 rl = &sc->rlayer;
6345
6346 return rl->rrlmethod->alloc_buffers(rl->rrl)
6347 && rl->wrlmethod->alloc_buffers(rl->wrl);
a58eb06d
TS		 6348}
6349
2faa1b48
CB		 6350void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
6351{
6352 ctx->keylog_callback = cb;
6353}
6354
6355SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
6356{
6357 return ctx->keylog_callback;
6358}
6359
6360static int nss_keylog_int(const char *prefix,
38b051a1 6361 SSL_CONNECTION *sc,
2faa1b48
CB		 6362 const uint8_t *parameter_1,
6363 size_t parameter_1_len,
6364 const uint8_t *parameter_2,
6365 size_t parameter_2_len)
6366{
6367 char *out = NULL;
6368 char *cursor = NULL;
6369 size_t out_len = 0;
6370 size_t i;
6371 size_t prefix_len;
38b051a1 6372 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(sc);
2faa1b48 6373
38b051a1 6374 if (sctx->keylog_callback == NULL)
20870286 6375 return 1;
2faa1b48
CB		 6376
6377 /*
6378 * Our output buffer will contain the following strings, rendered with
6379 * space characters in between, terminated by a NULL character: first the
6380 * prefix, then the first parameter, then the second parameter. The
6381 * meaning of each parameter depends on the specific key material being
6382 * logged. Note that the first and second parameters are encoded in
6383 * hexadecimal, so we need a buffer that is twice their lengths.
6384 */
6385 prefix_len = strlen(prefix);
e931f370 6386 out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
e077455e 6387 if ((out = cursor = OPENSSL_malloc(out_len)) == NULL)
2faa1b48 6388 return 0;
2faa1b48
CB		 6389
6390 strcpy(cursor, prefix);
6391 cursor += prefix_len;
6392 *cursor++ = ' ';
6393
6394 for (i = 0; i < parameter_1_len; i++) {
6395 sprintf(cursor, "%02x", parameter_1[i]);
6396 cursor += 2;
6397 }
6398 *cursor++ = ' ';
6399
6400 for (i = 0; i < parameter_2_len; i++) {
6401 sprintf(cursor, "%02x", parameter_2[i]);
6402 cursor += 2;
6403 }
6404 *cursor = '\0';
6405
38b051a1 6406 sctx->keylog_callback(SSL_CONNECTION_GET_SSL(sc), (const char *)out);
e931f370 6407 OPENSSL_clear_free(out, out_len);
2faa1b48
CB		 6408 return 1;
6409
6410}
6411
38b051a1 6412int ssl_log_rsa_client_key_exchange(SSL_CONNECTION *sc,
2faa1b48
CB		 6413 const uint8_t *encrypted_premaster,
6414 size_t encrypted_premaster_len,
6415 const uint8_t *premaster,
6416 size_t premaster_len)
6417{
6418 if (encrypted_premaster_len < 8) {
38b051a1 6419 SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
2faa1b48
CB		 6420 return 0;
6421 }
6422
f0deb4d3 6423 /* We only want the first 8 bytes of the encrypted premaster as a tag. */
2faa1b48 6424 return nss_keylog_int("RSA",
38b051a1 6425 sc,
2faa1b48 6426 encrypted_premaster,
f0deb4d3 6427 8,
2faa1b48
CB		 6428 premaster,
6429 premaster_len);
6430}
6431
38b051a1 6432int ssl_log_secret(SSL_CONNECTION *sc,
2c7bd692
CB		 6433 const char *label,
6434 const uint8_t *secret,
6435 size_t secret_len)
2faa1b48 6436{
2c7bd692 6437 return nss_keylog_int(label,
38b051a1
TM		 6438 sc,
6439 sc->s3.client_random,
2c7bd692
CB		 6440 SSL3_RANDOM_SIZE,
6441 secret,
6442 secret_len);
2faa1b48
CB		 6443}
6444
ccb8e6e0
BK		 6445#define SSLV2_CIPHER_LEN 3
6446
38b051a1 6447int ssl_cache_cipherlist(SSL_CONNECTION *s, PACKET *cipher_suites, int sslv2format)
ccb8e6e0 6448{
ccb8e6e0 6449 int n;
ccb8e6e0
BK		 6450
6451 n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
6452
6453 if (PACKET_remaining(cipher_suites) == 0) {
c48ffbcc 6454 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED);
90134d98 6455 return 0;
ccb8e6e0
BK		 6456 }
6457
6458 if (PACKET_remaining(cipher_suites) % n != 0) {
c48ffbcc 6459 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
90134d98 6460 return 0;
ccb8e6e0
BK		 6461 }
6462
555cbb32
TS		 6463 OPENSSL_free(s->s3.tmp.ciphers_raw);
6464 s->s3.tmp.ciphers_raw = NULL;
6465 s->s3.tmp.ciphers_rawlen = 0;
ccb8e6e0
BK		 6466
6467 if (sslv2format) {
6468 size_t numciphers = PACKET_remaining(cipher_suites) / n;
6469 PACKET sslv2ciphers = *cipher_suites;
6470 unsigned int leadbyte;
6471 unsigned char *raw;
6472
6473 /*
6474 * We store the raw ciphers list in SSLv3+ format so we need to do some
6475 * preprocessing to convert the list first. If there are any SSLv2 only
6476 * ciphersuites with a non-zero leading byte then we are going to
6477 * slightly over allocate because we won't store those. But that isn't a
6478 * problem.
6479 */
6480 raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
555cbb32 6481 s->s3.tmp.ciphers_raw = raw;
ccb8e6e0 6482 if (raw == NULL) {
e077455e 6483 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
f63a17d6 6484 return 0;
ccb8e6e0 6485 }
555cbb32 6486 for (s->s3.tmp.ciphers_rawlen = 0;
ccb8e6e0
BK		 6487 PACKET_remaining(&sslv2ciphers) > 0;
6488 raw += TLS_CIPHER_LEN) {
6489 if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
6490 || (leadbyte == 0
6491 && !PACKET_copy_bytes(&sslv2ciphers, raw,
6492 TLS_CIPHER_LEN))
6493 || (leadbyte != 0
6494 && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
c48ffbcc 6495 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_PACKET);
555cbb32
TS		 6496 OPENSSL_free(s->s3.tmp.ciphers_raw);
6497 s->s3.tmp.ciphers_raw = NULL;
6498 s->s3.tmp.ciphers_rawlen = 0;
f63a17d6 6499 return 0;
ccb8e6e0
BK		 6500 }
6501 if (leadbyte == 0)
555cbb32 6502 s->s3.tmp.ciphers_rawlen += TLS_CIPHER_LEN;
ccb8e6e0 6503 }
555cbb32
TS		 6504 } else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw,
6505 &s->s3.tmp.ciphers_rawlen)) {
c48ffbcc 6506 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
f63a17d6 6507 return 0;
ccb8e6e0 6508 }
90134d98 6509 return 1;
90134d98
BK		 6510}
6511
6512int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
6513 int isv2format, STACK_OF(SSL_CIPHER) **sk,
6514 STACK_OF(SSL_CIPHER) **scsvs)
6515{
90134d98 6516 PACKET pkt;
38b051a1
TM		 6517 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6518
6519 if (sc == NULL)
6520 return 0;
90134d98
BK		 6521
6522 if (!PACKET_buf_init(&pkt, bytes, len))
6523 return 0;
38b051a1 6524 return ossl_bytes_to_cipher_list(sc, &pkt, sk, scsvs, isv2format, 0);
90134d98
BK		 6525}
6526
38b051a1
TM		 6527int ossl_bytes_to_cipher_list(SSL_CONNECTION *s, PACKET *cipher_suites,
6528 STACK_OF(SSL_CIPHER) **skp,
6529 STACK_OF(SSL_CIPHER) **scsvs_out,
6530 int sslv2format, int fatal)
90134d98
BK		 6531{
6532 const SSL_CIPHER *c;
6533 STACK_OF(SSL_CIPHER) *sk = NULL;
6534 STACK_OF(SSL_CIPHER) *scsvs = NULL;
6535 int n;
6536 /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
6537 unsigned char cipher[SSLV2_CIPHER_LEN];
6538
6539 n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
6540
6541 if (PACKET_remaining(cipher_suites) == 0) {
f63a17d6 6542 if (fatal)
c48ffbcc 6543 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED);
f63a17d6 6544 else
6849b73c 6545 ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHERS_SPECIFIED);
90134d98
BK		 6546 return 0;
6547 }
6548
6549 if (PACKET_remaining(cipher_suites) % n != 0) {
f63a17d6 6550 if (fatal)
c48ffbcc 6551 SSLfatal(s, SSL_AD_DECODE_ERROR,
f63a17d6
MC		 6552 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
6553 else
6849b73c 6554 ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
90134d98
BK		 6555 return 0;
6556 }
6557
6558 sk = sk_SSL_CIPHER_new_null();
6559 scsvs = sk_SSL_CIPHER_new_null();
6560 if (sk == NULL || scsvs == NULL) {
f63a17d6 6561 if (fatal)
e077455e 6562 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
f63a17d6 6563 else
e077455e 6564 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
90134d98
BK		 6565 goto err;
6566 }
ccb8e6e0
BK		 6567
6568 while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
6569 /*
6570 * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
6571 * first byte set to zero, while true SSLv2 ciphers have a non-zero
6572 * first byte. We don't support any true SSLv2 ciphers, so skip them.
6573 */
6574 if (sslv2format && cipher[0] != '\0')
6575 continue;
6576
ccb8e6e0
BK		 6577 /* For SSLv2-compat, ignore leading 0-byte. */
6578 c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
6579 if (c != NULL) {
90134d98
BK		 6580 if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
6581 (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
f63a17d6 6582 if (fatal)
e077455e 6583 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
f63a17d6 6584 else
e077455e 6585 ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
ccb8e6e0
BK		 6586 goto err;
6587 }
6588 }
6589 }
6590 if (PACKET_remaining(cipher_suites) > 0) {
f63a17d6 6591 if (fatal)
c48ffbcc 6592 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_LENGTH);
f63a17d6 6593 else
6849b73c 6594 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
ccb8e6e0
BK		 6595 goto err;
6596 }
6597
90134d98
BK		 6598 if (skp != NULL)
6599 *skp = sk;
6600 else
6601 sk_SSL_CIPHER_free(sk);
6602 if (scsvs_out != NULL)
6603 *scsvs_out = scsvs;
6604 else
6605 sk_SSL_CIPHER_free(scsvs);
6606 return 1;
ccb8e6e0
BK		 6607 err:
6608 sk_SSL_CIPHER_free(sk);
90134d98
BK		 6609 sk_SSL_CIPHER_free(scsvs);
6610 return 0;
ccb8e6e0 6611}
3fc8d856
MC		 6612
6613int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
6614{
6615 ctx->max_early_data = max_early_data;
6616
6617 return 1;
6618}
6619
46dcb945 6620uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
3fc8d856
MC		 6621{
6622 return ctx->max_early_data;
6623}
6624
6625int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
6626{
38b051a1
TM		 6627 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6628
6629 if (sc == NULL)
6630 return 0;
6631
6632 sc->max_early_data = max_early_data;
3fc8d856
MC		 6633
6634 return 1;
6635}
6636
a8e75d56 6637uint32_t SSL_get_max_early_data(const SSL *s)
3fc8d856 6638{
38b051a1
TM		 6639 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
6640
6641 if (sc == NULL)
6642 return 0;
6643
6644 return sc->max_early_data;
3fc8d856 6645}
ae3947de 6646
4e8548e8
MC		 6647int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
6648{
6649 ctx->recv_max_early_data = recv_max_early_data;
6650
6651 return 1;
6652}
6653
6654uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
6655{
6656 return ctx->recv_max_early_data;
6657}
6658
6659int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)
6660{
38b051a1
TM		 6661 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6662
6663 if (sc == NULL)
6664 return 0;
6665
6666 sc->recv_max_early_data = recv_max_early_data;
4e8548e8
MC		 6667
6668 return 1;
6669}
6670
6671uint32_t SSL_get_recv_max_early_data(const SSL *s)
6672{
38b051a1
TM		 6673 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
6674
6675 if (sc == NULL)
6676 return 0;
6677
6678 return sc->recv_max_early_data;
4e8548e8
MC		 6679}
6680
38b051a1 6681__owur unsigned int ssl_get_max_send_fragment(const SSL_CONNECTION *sc)
cf72c757
F		 6682{
6683 /* Return any active Max Fragment Len extension */
38b051a1
TM		 6684 if (sc->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(sc->session))
6685 return GET_MAX_FRAGMENT_LENGTH(sc->session);
cf72c757
F		 6686
6687 /* return current SSL connection setting */
38b051a1 6688 return sc->max_send_fragment;
cf72c757
F		 6689}
6690
38b051a1 6691__owur unsigned int ssl_get_split_send_fragment(const SSL_CONNECTION *sc)
cf72c757
F		 6692{
6693 /* Return a value regarding an active Max Fragment Len extension */
38b051a1
TM		 6694 if (sc->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(sc->session)
6695 && sc->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(sc->session))
6696 return GET_MAX_FRAGMENT_LENGTH(sc->session);
cf72c757
F		 6697
6698 /* else limit |split_send_fragment| to current |max_send_fragment| */
38b051a1
TM		 6699 if (sc->split_send_fragment > sc->max_send_fragment)
6700 return sc->max_send_fragment;
cf72c757
F		 6701
6702 /* return current SSL connection setting */
38b051a1 6703 return sc->split_send_fragment;
cf72c757 6704}
042c5753
MC		 6705
6706int SSL_stateless(SSL *s)
6707{
6708 int ret;
38b051a1
TM		 6709 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6710
6711 /* TODO(QUIC): This will need further work. */
6712 if (sc == NULL)
6713 return 0;
042c5753
MC		 6714
6715 /* Ensure there is no state left over from a previous invocation */
6716 if (!SSL_clear(s))
d6bb50a5 6717 return 0;
042c5753
MC		 6718
6719 ERR_clear_error();
6720
38b051a1 6721 sc->s3.flags |= TLS1_FLAGS_STATELESS;
042c5753 6722 ret = SSL_accept(s);
38b051a1 6723 sc->s3.flags &= ~TLS1_FLAGS_STATELESS;
042c5753 6724
38b051a1 6725 if (ret > 0 && sc->ext.cookieok)
c36001c3
MC		 6726 return 1;
6727
38b051a1 6728 if (sc->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(sc))
e440f513
MC		 6729 return 0;
6730
6731 return -1;
042c5753 6732}
9d75dce3 6733
e97be718
MC		 6734void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
6735{
6736 ctx->pha_enabled = val;
6737}
6738
32097b33 6739void SSL_set_post_handshake_auth(SSL *ssl, int val)
9d75dce3 6740{
38b051a1
TM		 6741 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
6742
6743 if (sc == NULL)
6744 return;
6745
6746 sc->pha_enabled = val;
9d75dce3
TS		 6747}
6748
6749int SSL_verify_client_post_handshake(SSL *ssl)
6750{
38b051a1
TM		 6751 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
6752
6753 if (sc == NULL)
6754 return 0;
6755
6756 if (!SSL_CONNECTION_IS_TLS13(sc)) {
6849b73c 6757 ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
9d75dce3
TS		 6758 return 0;
6759 }
38b051a1 6760 if (!sc->server) {
6849b73c 6761 ERR_raise(ERR_LIB_SSL, SSL_R_NOT_SERVER);
9d75dce3
TS		 6762 return 0;
6763 }
6764
6765 if (!SSL_is_init_finished(ssl)) {
6849b73c 6766 ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT);
9d75dce3
TS		 6767 return 0;
6768 }
6769
38b051a1 6770 switch (sc->post_handshake_auth) {
9d75dce3 6771 case SSL_PHA_NONE:
6849b73c 6772 ERR_raise(ERR_LIB_SSL, SSL_R_EXTENSION_NOT_RECEIVED);
9d75dce3
TS		 6773 return 0;
6774 default:
6775 case SSL_PHA_EXT_SENT:
6849b73c 6776 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
9d75dce3
TS		 6777 return 0;
6778 case SSL_PHA_EXT_RECEIVED:
6779 break;
6780 case SSL_PHA_REQUEST_PENDING:
6849b73c 6781 ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_PENDING);
9d75dce3
TS		 6782 return 0;
6783 case SSL_PHA_REQUESTED:
6849b73c 6784 ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_SENT);
9d75dce3
TS		 6785 return 0;
6786 }
6787
38b051a1 6788 sc->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
9d75dce3
TS		 6789
6790 /* checks verify_mode and algorithm_auth */
38b051a1
TM		 6791 if (!send_certificate_request(sc)) {
6792 sc->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
6849b73c 6793 ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CONFIG);
9d75dce3
TS		 6794 return 0;
6795 }
6796
38b051a1 6797 ossl_statem_set_in_init(sc, 1);
9d75dce3
TS		 6798 return 1;
6799}
df0fed9a
TS		 6800
6801int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
6802 SSL_CTX_generate_session_ticket_fn gen_cb,
6803 SSL_CTX_decrypt_session_ticket_fn dec_cb,
6804 void *arg)
6805{
6806 ctx->generate_ticket_cb = gen_cb;
6807 ctx->decrypt_ticket_cb = dec_cb;
6808 ctx->ticket_cb_data = arg;
6809 return 1;
6810}
c9598459
MC		 6811
6812void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
6813 SSL_allow_early_data_cb_fn cb,
6814 void *arg)
6815{
6816 ctx->allow_early_data_cb = cb;
6817 ctx->allow_early_data_cb_data = arg;
6818}
6819
6820void SSL_set_allow_early_data_cb(SSL *s,
6821 SSL_allow_early_data_cb_fn cb,
6822 void *arg)
6823{
38b051a1
TM		 6824 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6825
6826 if (sc == NULL)
6827 return;
6828
6829 sc->allow_early_data_cb = cb;
6830 sc->allow_early_data_cb_data = arg;
c9598459 6831}
c8f6c28a 6832
b4250010 6833const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx,
c8f6c28a
MC		 6834 int nid,
6835 const char *properties)
6836{
301fcb28 6837 const EVP_CIPHER *ciph;
5fcb97c6 6838
301fcb28
MC		 6839 ciph = tls_get_cipher_from_engine(nid);
6840 if (ciph != NULL)
6841 return ciph;
0618b62c 6842
c8f6c28a 6843 /*
301fcb28
MC		 6844 * If there is no engine cipher then we do an explicit fetch. This may fail
6845 * and that could be ok
c8f6c28a 6846 */
5fcb97c6
MC		 6847 ERR_set_mark();
6848 ciph = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties);
6849 ERR_pop_to_mark();
6850 return ciph;
c8f6c28a
MC		 6851}
6852
6853
6854int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher)
6855{
6856 /* Don't up-ref an implicit EVP_CIPHER */
ed576acd 6857 if (EVP_CIPHER_get0_provider(cipher) == NULL)
c8f6c28a
MC		 6858 return 1;
6859
6860 /*
6861 * The cipher was explicitly fetched and therefore it is safe to cast
6862 * away the const
6863 */
6864 return EVP_CIPHER_up_ref((EVP_CIPHER *)cipher);
6865}
6866
6867void ssl_evp_cipher_free(const EVP_CIPHER *cipher)
6868{
6869 if (cipher == NULL)
6870 return;
6871
ed576acd 6872 if (EVP_CIPHER_get0_provider(cipher) != NULL) {
c8f6c28a
MC		 6873 /*
6874 * The cipher was explicitly fetched and therefore it is safe to cast
6875 * away the const
6876 */
6877 EVP_CIPHER_free((EVP_CIPHER *)cipher);
6878 }
6879}
6880
b4250010 6881const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx,
c8f6c28a
MC		 6882 int nid,
6883 const char *properties)
6884{
301fcb28 6885 const EVP_MD *md;
5fcb97c6 6886
301fcb28
MC		 6887 md = tls_get_digest_from_engine(nid);
6888 if (md != NULL)
6889 return md;
c8f6c28a
MC		 6890
6891 /* Otherwise we do an explicit fetch */
5fcb97c6
MC		 6892 ERR_set_mark();
6893 md = EVP_MD_fetch(libctx, OBJ_nid2sn(nid), properties);
6894 ERR_pop_to_mark();
6895 return md;
c8f6c28a
MC		 6896}
6897
6898int ssl_evp_md_up_ref(const EVP_MD *md)
6899{
6900 /* Don't up-ref an implicit EVP_MD */
ed576acd 6901 if (EVP_MD_get0_provider(md) == NULL)
c8f6c28a
MC		 6902 return 1;
6903
6904 /*
6905 * The digest was explicitly fetched and therefore it is safe to cast
6906 * away the const
6907 */
6908 return EVP_MD_up_ref((EVP_MD *)md);
6909}
6910
6911void ssl_evp_md_free(const EVP_MD *md)
6912{
6913 if (md == NULL)
6914 return;
6915
ed576acd 6916 if (EVP_MD_get0_provider(md) != NULL) {
c8f6c28a
MC		 6917 /*
6918 * The digest was explicitly fetched and therefore it is safe to cast
6919 * away the const
6920 */
6921 EVP_MD_free((EVP_MD *)md);
6922 }
6923}
163f6dc1
MC		 6924
6925int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey)
6926{
38b051a1
TM		 6927 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
6928
6929 if (sc == NULL)
6930 return 0;
6931
6932 if (!ssl_security(sc, SSL_SECOP_TMP_DH,
ed576acd 6933 EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
276d6c68 6934 ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
163f6dc1
MC		 6935 return 0;
6936 }
38b051a1
TM		 6937 EVP_PKEY_free(sc->cert->dh_tmp);
6938 sc->cert->dh_tmp = dhpkey;
163f6dc1
MC		 6939 return 1;
6940}
6941
6942int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey)
6943{
6944 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
ed576acd 6945 EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
276d6c68 6946 ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
163f6dc1
MC		 6947 return 0;
6948 }
6949 EVP_PKEY_free(ctx->cert->dh_tmp);
6950 ctx->cert->dh_tmp = dhpkey;
6951 return 1;
6952}
A mirror of the official openssl repository