2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
64 char *SSL_version_str
="SSLeay 0.9.0b 29-Jun-1998";
66 static STACK
*ssl_meth
=NULL
;
67 static STACK
*ssl_ctx_meth
=NULL
;
68 static int ssl_meth_num
=0;
69 static int ssl_ctx_meth_num
=0;
71 SSL3_ENC_METHOD ssl3_undef_enc_method
={
72 ssl_undefined_function
,
73 ssl_undefined_function
,
74 ssl_undefined_function
,
75 ssl_undefined_function
,
76 ssl_undefined_function
,
77 ssl_undefined_function
,
85 if (s
->method
== NULL
) return;
90 /* This is set if we are doing dynamic renegotiation so keep
91 * the old cipher. It is sort of a SSL_clear_lite :-) */
92 if (s
->new_session
) return;
94 state
=s
->state
; /* Keep to check if we throw away the session-id */
97 s
->version
=s
->method
->version
;
98 s
->rwstate
=SSL_NOTHING
;
99 s
->state
=SSL_ST_BEFORE
;
100 s
->rstate
=SSL_ST_READ_HEADER
;
101 s
->read_ahead
=s
->ctx
->default_read_ahead
;
103 /* s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); */
105 if (s
->init_buf
!= NULL
)
107 BUF_MEM_free(s
->init_buf
);
111 ssl_clear_cipher_ctx(s
);
113 if (ssl_clear_bad_session(s
))
115 SSL_SESSION_free(s
->session
);
119 s
->shutdown
=(SSL_SENT_SHUTDOWN
|SSL_RECEIVED_SHUTDOWN
);
122 s
->method
->ssl_clear(s
);
125 /* Used to change an SSL_CTXs default SSL method type */
126 int SSL_CTX_set_ssl_version(ctx
,meth
)
134 sk
=ssl_create_cipher_list(ctx
->method
,&(ctx
->cipher_list
),
135 &(ctx
->cipher_list_by_id
),SSL_DEFAULT_CIPHER_LIST
);
136 if ((sk
== NULL
) || (sk_num(sk
) <= 0))
138 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION
,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS
);
151 SSLerr(SSL_F_SSL_NEW
,SSL_R_NULL_SSL_CTX
);
154 if (ctx
->method
== NULL
)
156 SSLerr(SSL_F_SSL_NEW
,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION
);
160 s
=(SSL
*)Malloc(sizeof(SSL
));
161 if (s
== NULL
) goto err
;
162 memset(s
,0,sizeof(SSL
));
164 if (ctx
->default_cert
!= NULL
)
166 CRYPTO_add(&ctx
->default_cert
->references
,1,
167 CRYPTO_LOCK_SSL_CERT
);
168 s
->cert
=ctx
->default_cert
;
172 s
->verify_mode
=ctx
->default_verify_mode
;
173 s
->verify_callback
=ctx
->default_verify_callback
;
174 CRYPTO_add(&ctx
->references
,1,CRYPTO_LOCK_SSL_CTX
);
177 s
->verify_result
=X509_V_OK
;
179 s
->method
=ctx
->method
;
181 if (!s
->method
->ssl_new(s
))
188 s
->quiet_shutdown
=ctx
->quiet_shutdown
;
190 s
->options
=ctx
->options
;
193 CRYPTO_new_ex_data(ssl_meth
,(char *)s
,&s
->ex_data
);
197 SSLerr(SSL_F_SSL_NEW
,ERR_R_MALLOC_FAILURE
);
206 i
=CRYPTO_add(&s
->references
,-1,CRYPTO_LOCK_SSL
);
214 fprintf(stderr
,"SSL_free, bad reference count\n");
219 CRYPTO_free_ex_data(ssl_meth
,(char *)s
,&s
->ex_data
);
223 /* If the buffering BIO is in place, pop it off */
224 if (s
->bbio
== s
->wbio
)
226 s
->wbio
=BIO_pop(s
->wbio
);
232 BIO_free_all(s
->rbio
);
233 if ((s
->wbio
!= NULL
) && (s
->wbio
!= s
->rbio
))
234 BIO_free_all(s
->wbio
);
236 if (s
->init_buf
!= NULL
) BUF_MEM_free(s
->init_buf
);
238 /* add extra stuff */
239 if (s
->cipher_list
!= NULL
) sk_free(s
->cipher_list
);
240 if (s
->cipher_list_by_id
!= NULL
) sk_free(s
->cipher_list_by_id
);
242 /* Make the next call work :-) */
243 if (s
->session
!= NULL
)
245 ssl_clear_bad_session(s
);
246 SSL_SESSION_free(s
->session
);
249 ssl_clear_cipher_ctx(s
);
251 if (s
->cert
!= NULL
) ssl_cert_free(s
->cert
);
252 /* Free up if allocated */
254 if (s
->ctx
) SSL_CTX_free(s
->ctx
);
256 if (s
->client_CA
!= NULL
)
257 sk_pop_free(s
->client_CA
,X509_NAME_free
);
259 if (s
->method
!= NULL
) s
->method
->ssl_free(s
);
264 void SSL_set_bio(s
, rbio
,wbio
)
269 /* If the output buffering BIO is still in place, remove it
273 if (s
->wbio
== s
->bbio
)
275 s
->wbio
=s
->wbio
->next_bio
;
276 s
->bbio
->next_bio
=NULL
;
279 if ((s
->rbio
!= NULL
) && (s
->rbio
!= rbio
))
280 BIO_free_all(s
->rbio
);
281 if ((s
->wbio
!= NULL
) && (s
->wbio
!= wbio
) && (s
->rbio
!= s
->wbio
))
282 BIO_free_all(s
->wbio
);
302 r
=BIO_find_type(b
,BIO_TYPE_DESCRIPTOR
);
309 int SSL_set_fd(s
, fd
)
316 bio
=BIO_new(BIO_s_socket());
320 SSLerr(SSL_F_SSL_SET_FD
,ERR_R_BUF_LIB
);
323 BIO_set_fd(bio
,fd
,BIO_NOCLOSE
);
324 SSL_set_bio(s
,bio
,bio
);
330 int SSL_set_wfd(s
, fd
)
337 if ((s
->rbio
== NULL
) || (BIO_method_type(s
->rbio
) != BIO_TYPE_SOCKET
)
338 || ((int)BIO_get_fd(s
->rbio
,NULL
) != fd
))
340 bio
=BIO_new(BIO_s_socket());
343 { SSLerr(SSL_F_SSL_SET_WFD
,ERR_R_BUF_LIB
); goto err
; }
344 BIO_set_fd(bio
,fd
,BIO_NOCLOSE
);
345 SSL_set_bio(s
,SSL_get_rbio(s
),bio
);
348 SSL_set_bio(s
,SSL_get_rbio(s
),SSL_get_rbio(s
));
354 int SSL_set_rfd(s
, fd
)
361 if ((s
->wbio
== NULL
) || (BIO_method_type(s
->wbio
) != BIO_TYPE_SOCKET
)
362 || ((int)BIO_get_fd(s
->wbio
,NULL
) != fd
))
364 bio
=BIO_new(BIO_s_socket());
368 SSLerr(SSL_F_SSL_SET_RFD
,ERR_R_BUF_LIB
);
371 BIO_set_fd(bio
,fd
,BIO_NOCLOSE
);
372 SSL_set_bio(s
,bio
,SSL_get_wbio(s
));
375 SSL_set_bio(s
,SSL_get_wbio(s
),SSL_get_wbio(s
));
382 int SSL_get_verify_mode(s
)
385 return(s
->verify_mode
);
388 int (*SSL_get_verify_callback(s
))()
391 return(s
->verify_callback
);
394 int SSL_CTX_get_verify_mode(ctx
)
397 return(ctx
->default_verify_mode
);
400 int (*SSL_CTX_get_verify_callback(ctx
))()
403 return(ctx
->default_verify_callback
);
406 void SSL_set_verify(s
, mode
, callback
)
412 if (callback
!= NULL
)
413 s
->verify_callback
=callback
;
416 void SSL_set_read_ahead(s
, yes
)
423 int SSL_get_read_ahead(s
)
426 return(s
->read_ahead
);
432 return(s
->method
->ssl_pending(s
));
435 X509
*SSL_get_peer_certificate(s
)
440 if ((s
== NULL
) || (s
->session
== NULL
))
445 if (r
== NULL
) return(r
);
447 CRYPTO_add(&r
->references
,1,CRYPTO_LOCK_X509
);
452 STACK
*SSL_get_peer_cert_chain(s
)
457 if ((s
== NULL
) || (s
->session
== NULL
) || (s
->session
->cert
== NULL
))
460 r
=s
->session
->cert
->cert_chain
;
465 /* Now in theory, since the calling process own 't' it should be safe to
466 * modify. We need to be able to read f without being hassled */
467 void SSL_copy_session_id(t
,f
)
472 /* Do we need to to SSL locking? */
473 SSL_set_session(t
,SSL_get_session(f
));
475 /* what if we are setup as SSLv2 but want to talk SSLv3 or
477 if (t
->method
!= f
->method
)
479 t
->method
->ssl_free(t
); /* cleanup current */
480 t
->method
=f
->method
; /* change method */
481 t
->method
->ssl_new(t
); /* setup new */
487 CRYPTO_add(&f
->cert
->references
,1,CRYPTO_LOCK_SSL_CERT
);
492 if (tmp
!= NULL
) ssl_cert_free(tmp
);
495 /* Fix this so it checks all the valid key/cert options */
496 int SSL_CTX_check_private_key(ctx
)
499 if ( (ctx
== NULL
) ||
500 (ctx
->default_cert
== NULL
) ||
501 (ctx
->default_cert
->key
->x509
== NULL
))
503 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY
,SSL_R_NO_CERTIFICATE_ASSIGNED
);
506 if (ctx
->default_cert
->key
->privatekey
== NULL
)
508 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY
,SSL_R_NO_PRIVATE_KEY_ASSIGNED
);
511 return(X509_check_private_key(ctx
->default_cert
->key
->x509
, ctx
->default_cert
->key
->privatekey
));
514 /* Fix this function so that it takes an optional type parameter */
515 int SSL_check_private_key(ssl
)
520 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY
,ERR_R_PASSED_NULL_PARAMETER
);
523 if (ssl
->cert
== NULL
)
524 return(SSL_CTX_check_private_key(ssl
->ctx
));
525 if (ssl
->cert
->key
->x509
== NULL
)
527 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY
,SSL_R_NO_CERTIFICATE_ASSIGNED
);
530 if (ssl
->cert
->key
->privatekey
== NULL
)
532 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY
,SSL_R_NO_PRIVATE_KEY_ASSIGNED
);
535 return(X509_check_private_key(ssl
->cert
->key
->x509
,
536 ssl
->cert
->key
->privatekey
));
542 return(s
->method
->ssl_accept(s
));
548 return(s
->method
->ssl_connect(s
));
551 long SSL_get_default_timeout(s
)
554 return(s
->method
->get_timeout());
557 int SSL_read(s
,buf
,num
)
562 if (s
->shutdown
& SSL_RECEIVED_SHUTDOWN
)
564 s
->rwstate
=SSL_NOTHING
;
567 return(s
->method
->ssl_read(s
,buf
,num
));
570 int SSL_peek(s
,buf
,num
)
575 if (s
->shutdown
& SSL_RECEIVED_SHUTDOWN
)
579 return(s
->method
->ssl_peek(s
,buf
,num
));
582 int SSL_write(s
,buf
,num
)
587 if (s
->shutdown
& SSL_SENT_SHUTDOWN
)
589 s
->rwstate
=SSL_NOTHING
;
590 SSLerr(SSL_F_SSL_WRITE
,SSL_R_PROTOCOL_IS_SHUTDOWN
);
593 return(s
->method
->ssl_write(s
,buf
,num
));
599 if ((s
!= NULL
) && !SSL_in_init(s
))
600 return(s
->method
->ssl_shutdown(s
));
605 int SSL_renegotiate(s
)
609 return(s
->method
->ssl_renegotiate(s
));
612 long SSL_ctrl(s
,cmd
,larg
,parg
)
618 return(s
->method
->ssl_ctrl(s
,cmd
,larg
,parg
));
621 long SSL_CTX_ctrl(ctx
,cmd
,larg
,parg
)
627 return(ctx
->method
->ssl_ctx_ctrl(ctx
,cmd
,larg
,parg
));
630 int ssl_cipher_id_cmp(a
,b
)
639 return((l
> 0)?1:-1);
642 int ssl_cipher_ptr_id_cmp(ap
,bp
)
643 SSL_CIPHER
**ap
,**bp
;
647 l
=(*ap
)->id
-(*bp
)->id
;
651 return((l
> 0)?1:-1);
654 /* return a STACK of the ciphers available for the SSL and in order of
656 STACK
*SSL_get_ciphers(s
)
659 if ((s
!= NULL
) && (s
->cipher_list
!= NULL
))
661 return(s
->cipher_list
);
663 else if ((s
->ctx
!= NULL
) &&
664 (s
->ctx
->cipher_list
!= NULL
))
666 return(s
->ctx
->cipher_list
);
671 /* return a STACK of the ciphers available for the SSL and in order of
673 STACK
*ssl_get_ciphers_by_id(s
)
676 if ((s
!= NULL
) && (s
->cipher_list_by_id
!= NULL
))
678 return(s
->cipher_list_by_id
);
680 else if ((s
!= NULL
) && (s
->ctx
!= NULL
) &&
681 (s
->ctx
->cipher_list_by_id
!= NULL
))
683 return(s
->ctx
->cipher_list_by_id
);
688 /* The old interface to get the same thing as SSL_get_ciphers() */
689 char *SSL_get_cipher_list(s
,n
)
696 if (s
== NULL
) return(NULL
);
697 sk
=SSL_get_ciphers(s
);
698 if ((sk
== NULL
) || (sk_num(sk
) <= n
))
700 c
=(SSL_CIPHER
*)sk_value(sk
,n
);
701 if (c
== NULL
) return(NULL
);
705 /* specify the ciphers to be used by defaut by the SSL_CTX */
706 int SSL_CTX_set_cipher_list(ctx
,str
)
712 sk
=ssl_create_cipher_list(ctx
->method
,&ctx
->cipher_list
,
713 &ctx
->cipher_list_by_id
,str
);
715 return((sk
== NULL
)?0:1);
718 /* specify the ciphers to be used by the SSL */
719 int SSL_set_cipher_list(s
, str
)
725 sk
=ssl_create_cipher_list(s
->ctx
->method
,&s
->cipher_list
,
726 &s
->cipher_list_by_id
,str
);
728 return((sk
== NULL
)?0:1);
731 /* works well for SSLv2, not so good for SSLv3 */
732 char *SSL_get_shared_ciphers(s
,buf
,len
)
742 if ((s
->session
== NULL
) || (s
->session
->ciphers
== NULL
) ||
747 sk
=s
->session
->ciphers
;
748 for (i
=0; i
<sk_num(sk
); i
++)
750 /* Decrement for either the ':' or a '\0' */
752 c
=(SSL_CIPHER
*)sk_value(sk
,i
);
753 for (cp
=c
->name
; *cp
; )
769 int ssl_cipher_list_to_bytes(s
,sk
,p
)
778 if (sk
== NULL
) return(0);
781 for (i
=0; i
<sk_num(sk
); i
++)
783 c
=(SSL_CIPHER
*)sk_value(sk
,i
);
784 j
=ssl_put_cipher_by_char(s
,c
,p
);
790 STACK
*ssl_bytes_to_cipher_list(s
,p
,num
,skp
)
800 n
=ssl_put_cipher_by_char(s
,NULL
,NULL
);
803 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST
,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST
);
806 if ((skp
== NULL
) || (*skp
== NULL
))
807 sk
=sk_new(NULL
); /* change perhaps later */
814 for (i
=0; i
<num
; i
+=n
)
816 c
=ssl_get_cipher_by_char(s
,p
);
820 if (!sk_push(sk
,(char *)c
))
822 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST
,ERR_R_MALLOC_FAILURE
);
832 if ((skp
== NULL
) || (*skp
== NULL
))
837 unsigned long SSL_SESSION_hash(a
)
842 l
= (a
->session_id
[0] )|(a
->session_id
[1]<< 8L)|
843 (a
->session_id
[2]<<16L)|(a
->session_id
[3]<<24L);
847 int SSL_SESSION_cmp(a
, b
)
851 if (a
->ssl_version
!= b
->ssl_version
)
853 if (a
->session_id_length
!= b
->session_id_length
)
855 return(memcmp(a
->session_id
,b
->session_id
,a
->session_id_length
));
858 SSL_CTX
*SSL_CTX_new(meth
)
865 SSLerr(SSL_F_SSL_CTX_NEW
,SSL_R_NULL_SSL_METHOD_PASSED
);
868 ret
=(SSL_CTX
*)Malloc(sizeof(SSL_CTX
));
872 memset(ret
,0,sizeof(SSL_CTX
));
876 ret
->cert_store
=NULL
;
877 ret
->session_cache_mode
=SSL_SESS_CACHE_SERVER
;
878 ret
->session_cache_size
=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT
;
879 ret
->session_cache_head
=NULL
;
880 ret
->session_cache_tail
=NULL
;
882 /* We take the system default */
883 ret
->session_timeout
=meth
->get_timeout();
885 ret
->new_session_cb
=NULL
;
886 ret
->remove_session_cb
=NULL
;
887 ret
->get_session_cb
=NULL
;
890 ret
->sess_connect_good
=0;
892 ret
->sess_accept_renegotiate
=0;
893 ret
->sess_connect_renegotiate
=0;
894 ret
->sess_accept_good
=0;
897 ret
->sess_cache_full
=0;
902 ret
->quiet_shutdown
=0;
904 /* ret->cipher=NULL;*/
905 /* ret->s2->challenge=NULL;
906 ret->master_key=NULL;
908 ret->s2->conn_id=NULL; */
910 ret
->info_callback
=NULL
;
912 ret
->app_verify_callback
=NULL
;
913 ret
->app_verify_arg
=NULL
;
915 ret
->default_read_ahead
=0;
916 ret
->default_verify_mode
=SSL_VERIFY_NONE
;
917 ret
->default_verify_callback
=NULL
;
918 if ((ret
->default_cert
=ssl_cert_new()) == NULL
)
921 ret
->default_passwd_callback
=NULL
;
922 ret
->client_cert_cb
=NULL
;
924 ret
->sessions
=lh_new(SSL_SESSION_hash
,SSL_SESSION_cmp
);
925 if (ret
->sessions
== NULL
) goto err
;
926 ret
->cert_store
=X509_STORE_new();
927 if (ret
->cert_store
== NULL
) goto err
;
929 ssl_create_cipher_list(ret
->method
,
930 &ret
->cipher_list
,&ret
->cipher_list_by_id
,
931 SSL_DEFAULT_CIPHER_LIST
);
932 if ((ret
->cipher_list
== NULL
) || (sk_num(ret
->cipher_list
) <= 0))
934 SSLerr(SSL_F_SSL_CTX_NEW
,SSL_R_LIBRARY_HAS_NO_CIPHERS
);
938 if ((ret
->rsa_md5
=EVP_get_digestbyname("ssl2-md5")) == NULL
)
940 SSLerr(SSL_F_SSL_CTX_NEW
,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES
);
943 if ((ret
->md5
=EVP_get_digestbyname("ssl3-md5")) == NULL
)
945 SSLerr(SSL_F_SSL_CTX_NEW
,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES
);
948 if ((ret
->sha1
=EVP_get_digestbyname("ssl3-sha1")) == NULL
)
950 SSLerr(SSL_F_SSL_CTX_NEW
,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES
);
954 if ((ret
->client_CA
=sk_new_null()) == NULL
)
957 CRYPTO_new_ex_data(ssl_ctx_meth
,(char *)ret
,&ret
->ex_data
);
961 SSLerr(SSL_F_SSL_CTX_NEW
,ERR_R_MALLOC_FAILURE
);
963 if (ret
!= NULL
) SSL_CTX_free(ret
);
972 if (a
== NULL
) return;
974 i
=CRYPTO_add(&a
->references
,-1,CRYPTO_LOCK_SSL_CTX
);
976 REF_PRINT("SSL_CTX",a
);
982 fprintf(stderr
,"SSL_CTX_free, bad reference count\n");
986 CRYPTO_free_ex_data(ssl_ctx_meth
,(char *)a
,&a
->ex_data
);
988 if (a
->sessions
!= NULL
)
990 SSL_CTX_flush_sessions(a
,0);
991 lh_free(a
->sessions
);
993 if (a
->cert_store
!= NULL
)
994 X509_STORE_free(a
->cert_store
);
995 if (a
->cipher_list
!= NULL
)
996 sk_free(a
->cipher_list
);
997 if (a
->cipher_list_by_id
!= NULL
)
998 sk_free(a
->cipher_list_by_id
);
999 if (a
->default_cert
!= NULL
)
1000 ssl_cert_free(a
->default_cert
);
1001 if (a
->client_CA
!= NULL
)
1002 sk_pop_free(a
->client_CA
,X509_NAME_free
);
1006 void SSL_CTX_set_default_passwd_cb(ctx
,cb
)
1010 ctx
->default_passwd_callback
=cb
;
1013 void SSL_CTX_set_cert_verify_cb(ctx
,cb
,arg
)
1018 ctx
->app_verify_callback
=cb
;
1019 ctx
->app_verify_arg
=arg
;
1022 void SSL_CTX_set_verify(ctx
,mode
,cb
)
1027 ctx
->default_verify_mode
=mode
;
1028 ctx
->default_verify_callback
=cb
;
1029 /* This needs cleaning up EAY EAY EAY */
1030 X509_STORE_set_verify_cb_func(ctx
->cert_store
,cb
);
1033 void ssl_set_cert_masks(c
)
1037 int rsa_enc
,rsa_tmp
,rsa_sign
,dh_tmp
,dh_rsa
,dh_dsa
,dsa_sign
;
1038 int rsa_enc_export
,dh_rsa_export
,dh_dsa_export
;
1039 int rsa_tmp_export
,dh_tmp_export
;
1040 unsigned long mask
,emask
;
1042 if ((c
== NULL
) || (c
->valid
)) return;
1045 rsa_tmp
=((c
->rsa_tmp
!= NULL
) || (c
->rsa_tmp_cb
!= NULL
))?1:0;
1046 rsa_tmp_export
=((c
->rsa_tmp_cb
!= NULL
) ||
1047 (rsa_tmp
&& (RSA_size(c
->rsa_tmp
)*8 <= 512)))?1:0;
1049 rsa_tmp
=rsa_tmp_export
=0;
1052 dh_tmp
=((c
->dh_tmp
!= NULL
) || (c
->dh_tmp_cb
!= NULL
))?1:0;
1053 dh_tmp_export
=((c
->dh_tmp_cb
!= NULL
) ||
1054 (dh_tmp
&& (DH_size(c
->dh_tmp
)*8 <= 512)))?1:0;
1056 dh_tmp
=dh_tmp_export
=0;
1059 cpk
= &(c
->pkeys
[SSL_PKEY_RSA_ENC
]);
1060 rsa_enc
= ((cpk
->x509
!= NULL
) && (cpk
->privatekey
!= NULL
))?1:0;
1061 rsa_enc_export
=(rsa_enc
&& (EVP_PKEY_size(cpk
->privatekey
)*8 <= 512))?1:0;
1062 cpk
= &(c
->pkeys
[SSL_PKEY_RSA_SIGN
]);
1063 rsa_sign
=((cpk
->x509
!= NULL
) && (cpk
->privatekey
!= NULL
))?1:0;
1064 cpk
= &(c
->pkeys
[SSL_PKEY_DSA_SIGN
]);
1065 dsa_sign
=((cpk
->x509
!= NULL
) && (cpk
->privatekey
!= NULL
))?1:0;
1066 cpk
= &(c
->pkeys
[SSL_PKEY_DH_RSA
]);
1067 dh_rsa
= ((cpk
->x509
!= NULL
) && (cpk
->privatekey
!= NULL
))?1:0;
1068 dh_rsa_export
=(dh_rsa
&& (EVP_PKEY_size(cpk
->privatekey
)*8 <= 512))?1:0;
1069 cpk
= &(c
->pkeys
[SSL_PKEY_DH_DSA
]);
1070 /* FIX THIS EAY EAY EAY */
1071 dh_dsa
= ((cpk
->x509
!= NULL
) && (cpk
->privatekey
!= NULL
))?1:0;
1072 dh_dsa_export
=(dh_dsa
&& (EVP_PKEY_size(cpk
->privatekey
)*8 <= 512))?1:0;
1078 printf("rt=%d dht=%d re=%d rs=%d ds=%d dhr=%d dhd=%d\n",
1080 rsa_enc
,rsa_sign
,dsa_sign
,dh_rsa
,dh_dsa
);
1083 if (rsa_enc
|| (rsa_tmp
&& rsa_sign
))
1085 if (rsa_enc_export
|| (rsa_tmp_export
&& rsa_sign
))
1089 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
1090 if ( (dh_tmp
|| dh_rsa
|| dh_dsa
) &&
1091 (rsa_enc
|| rsa_sign
|| dsa_sign
))
1093 if ((dh_tmp_export
|| dh_rsa_export
|| dh_dsa_export
) &&
1094 (rsa_enc
|| rsa_sign
|| dsa_sign
))
1104 if (dh_rsa
) mask
|=SSL_kDHr
;
1105 if (dh_rsa_export
) emask
|=SSL_kDHr
;
1107 if (dh_dsa
) mask
|=SSL_kDHd
;
1108 if (dh_dsa_export
) emask
|=SSL_kDHd
;
1110 if (rsa_enc
|| rsa_sign
)
1122 #ifdef SSL_ALLOW_ADH
1128 c
->export_mask
=emask
;
1132 /* THIS NEEDS CLEANING UP */
1133 X509
*ssl_get_server_send_cert(s
)
1136 unsigned long alg
,mask
,kalg
;
1141 ssl_set_cert_masks(c
);
1142 alg
=s
->s3
->tmp
.new_cipher
->algorithms
;
1143 export
=(alg
& SSL_EXPORT
)?1:0;
1144 mask
=(export
)?c
->export_mask
:c
->mask
;
1145 kalg
=alg
&(SSL_MKEY_MASK
|SSL_AUTH_MASK
);
1147 if (kalg
& SSL_kDHr
)
1149 else if (kalg
& SSL_kDHd
)
1151 else if (kalg
& SSL_aDSS
)
1152 i
=SSL_PKEY_DSA_SIGN
;
1153 else if (kalg
& SSL_aRSA
)
1155 if (c
->pkeys
[SSL_PKEY_RSA_ENC
].x509
== NULL
)
1156 i
=SSL_PKEY_RSA_SIGN
;
1160 else /* if (kalg & SSL_aNULL) */
1162 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT
,SSL_R_INTERNAL_ERROR
);
1165 if (c
->pkeys
[i
].x509
== NULL
) return(NULL
);
1166 return(c
->pkeys
[i
].x509
);
1169 EVP_PKEY
*ssl_get_sign_pkey(s
,cipher
)
1176 alg
=cipher
->algorithms
;
1179 if ((alg
& SSL_aDSS
) &&
1180 (c
->pkeys
[SSL_PKEY_DSA_SIGN
].privatekey
!= NULL
))
1181 return(c
->pkeys
[SSL_PKEY_DSA_SIGN
].privatekey
);
1182 else if (alg
& SSL_aRSA
)
1184 if (c
->pkeys
[SSL_PKEY_RSA_SIGN
].privatekey
!= NULL
)
1185 return(c
->pkeys
[SSL_PKEY_RSA_SIGN
].privatekey
);
1186 else if (c
->pkeys
[SSL_PKEY_RSA_ENC
].privatekey
!= NULL
)
1187 return(c
->pkeys
[SSL_PKEY_RSA_ENC
].privatekey
);
1191 else /* if (alg & SSL_aNULL) */
1193 SSLerr(SSL_F_SSL_GET_SIGN_PKEY
,SSL_R_INTERNAL_ERROR
);
1198 void ssl_update_cache(s
,mode
)
1204 /* If the session_id_length is 0, we are not supposed to cache it,
1205 * and it would be rather hard to do anyway :-) */
1206 if (s
->session
->session_id_length
== 0) return;
1208 if ((s
->ctx
->session_cache_mode
& mode
)
1210 && SSL_CTX_add_session(s
->ctx
,s
->session
)
1211 && (s
->ctx
->new_session_cb
!= NULL
))
1213 CRYPTO_add(&s
->session
->references
,1,CRYPTO_LOCK_SSL_SESSION
);
1214 if (!s
->ctx
->new_session_cb(s
,s
->session
))
1215 SSL_SESSION_free(s
->session
);
1218 /* auto flush every 255 connections */
1219 i
=s
->ctx
->session_cache_mode
;
1220 if ((!(i
& SSL_SESS_CACHE_NO_AUTO_CLEAR
)) &&
1221 ((i
& mode
) == mode
))
1223 if ( (((mode
& SSL_SESS_CACHE_CLIENT
)
1224 ?s
->ctx
->sess_connect_good
1225 :s
->ctx
->sess_accept_good
) & 0xff) == 0xff)
1227 SSL_CTX_flush_sessions(s
->ctx
,time(NULL
));
1232 SSL_METHOD
*SSL_get_ssl_method(s
)
1238 int SSL_set_ssl_method(s
,meth
)
1245 if (s
->method
!= meth
)
1247 if (s
->handshake_func
!= NULL
)
1248 conn
=(s
->handshake_func
== s
->method
->ssl_connect
);
1250 if (s
->method
->version
== meth
->version
)
1254 s
->method
->ssl_free(s
);
1256 ret
=s
->method
->ssl_new(s
);
1260 s
->handshake_func
=meth
->ssl_connect
;
1262 s
->handshake_func
=meth
->ssl_accept
;
1267 int SSL_get_error(s
,i
)
1274 if (i
> 0) return(SSL_ERROR_NONE
);
1276 if (ERR_peek_error() != 0)
1277 return(SSL_ERROR_SSL
);
1279 if ((i
< 0) && SSL_want_read(s
))
1281 bio
=SSL_get_rbio(s
);
1282 if (BIO_should_read(bio
))
1283 return(SSL_ERROR_WANT_READ
);
1284 else if (BIO_should_write(bio
))
1285 return(SSL_ERROR_WANT_WRITE
);
1286 else if (BIO_should_io_special(bio
))
1288 reason
=BIO_get_retry_reason(bio
);
1289 if (reason
== BIO_RR_CONNECT
)
1290 return(SSL_ERROR_WANT_CONNECT
);
1292 return(SSL_ERROR_SYSCALL
); /* unknown */
1296 if ((i
< 0) && SSL_want_write(s
))
1298 bio
=SSL_get_wbio(s
);
1299 if (BIO_should_write(bio
))
1300 return(SSL_ERROR_WANT_WRITE
);
1301 else if (BIO_should_read(bio
))
1302 return(SSL_ERROR_WANT_READ
);
1303 else if (BIO_should_io_special(bio
))
1305 reason
=BIO_get_retry_reason(bio
);
1306 if (reason
== BIO_RR_CONNECT
)
1307 return(SSL_ERROR_WANT_CONNECT
);
1309 return(SSL_ERROR_SYSCALL
);
1312 if ((i
< 0) && SSL_want_x509_lookup(s
))
1314 return(SSL_ERROR_WANT_X509_LOOKUP
);
1319 if (s
->version
== SSL2_VERSION
)
1321 /* assume it is the socket being closed */
1322 return(SSL_ERROR_ZERO_RETURN
);
1326 if ((s
->shutdown
& SSL_RECEIVED_SHUTDOWN
) &&
1327 (s
->s3
->warn_alert
== SSL_AD_CLOSE_NOTIFY
))
1328 return(SSL_ERROR_ZERO_RETURN
);
1331 return(SSL_ERROR_SYSCALL
);
1334 int SSL_do_handshake(s
)
1339 if (s
->handshake_func
== NULL
)
1341 SSLerr(SSL_F_SSL_DO_HANDSHAKE
,SSL_R_CONNECTION_TYPE_NOT_SET
);
1344 if (s
->s3
->renegotiate
) ssl3_renegotiate_check(s
);
1345 if (SSL_in_init(s
) || SSL_in_before(s
))
1347 ret
=s
->handshake_func(s
);
1352 /* For the next 2 functions, SSL_clear() sets shutdown and so
1353 * one of these calls will reset it */
1354 void SSL_set_accept_state(s
)
1358 s
->state
=SSL_ST_ACCEPT
|SSL_ST_BEFORE
;
1359 s
->handshake_func
=s
->method
->ssl_accept
;
1360 /* clear the current cipher */
1361 ssl_clear_cipher_ctx(s
);
1364 void SSL_set_connect_state(s
)
1368 s
->state
=SSL_ST_CONNECT
|SSL_ST_BEFORE
;
1369 s
->handshake_func
=s
->method
->ssl_connect
;
1370 /* clear the current cipher */
1371 ssl_clear_cipher_ctx(s
);
1374 int ssl_undefined_function(s
)
1377 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION
,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
1381 SSL_METHOD
*ssl_bad_method(ver
)
1384 SSLerr(SSL_F_SSL_BAD_METHOD
,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
1388 char *SSL_get_version(s
)
1391 if (s
->version
== TLS1_VERSION
)
1393 else if (s
->version
== SSL3_VERSION
)
1395 else if (s
->version
== SSL2_VERSION
)
1409 if ((ret
=SSL_new(SSL_get_SSL_CTX(s
))) == NULL
) return(NULL
);
1411 /* This copies version, session-id, SSL_METHOD and 'cert' */
1412 SSL_copy_session_id(ret
,s
);
1414 SSL_set_read_ahead(ret
,SSL_get_read_ahead(s
));
1415 SSL_set_verify(ret
,SSL_get_verify_mode(s
),
1416 SSL_get_verify_callback(s
));
1418 SSL_set_info_callback(ret
,SSL_get_info_callback(s
));
1420 ret
->debug
=s
->debug
;
1421 ret
->options
=s
->options
;
1423 /* copy app data, a little dangerous perhaps */
1424 if (!CRYPTO_dup_ex_data(ssl_meth
,&ret
->ex_data
,&s
->ex_data
))
1427 /* setup rbio, and wbio */
1428 if (s
->rbio
!= NULL
)
1430 if (!BIO_dup_state(s
->rbio
,(char *)&ret
->rbio
))
1433 if (s
->wbio
!= NULL
)
1435 if (s
->wbio
!= s
->rbio
)
1437 if (!BIO_dup_state(s
->wbio
,(char *)&ret
->wbio
))
1441 ret
->wbio
=ret
->rbio
;
1444 /* dup the cipher_list and cipher_list_by_id stacks */
1445 if (s
->cipher_list
!= NULL
)
1447 if ((ret
->cipher_list
=sk_dup(s
->cipher_list
)) == NULL
)
1450 if (s
->cipher_list_by_id
!= NULL
)
1451 if ((ret
->cipher_list_by_id
=sk_dup(s
->cipher_list_by_id
))
1455 /* Dup the client_CA list */
1456 if (s
->client_CA
!= NULL
)
1458 if ((sk
=sk_dup(s
->client_CA
)) == NULL
) goto err
;
1460 for (i
=0; i
<sk_num(sk
); i
++)
1462 xn
=(X509_NAME
*)sk_value(sk
,i
);
1463 if ((sk_value(sk
,i
)=(char *)X509_NAME_dup(xn
)) == NULL
)
1471 ret
->shutdown
=s
->shutdown
;
1472 ret
->state
=s
->state
;
1473 ret
->handshake_func
=s
->handshake_func
;
1478 if (ret
!= NULL
) SSL_free(ret
);
1484 void ssl_clear_cipher_ctx(s
)
1487 if (s
->enc_read_ctx
!= NULL
)
1489 EVP_CIPHER_CTX_cleanup(s
->enc_read_ctx
);
1490 Free(s
->enc_read_ctx
);
1491 s
->enc_read_ctx
=NULL
;
1493 if (s
->enc_write_ctx
!= NULL
)
1495 EVP_CIPHER_CTX_cleanup(s
->enc_write_ctx
);
1496 Free(s
->enc_write_ctx
);
1497 s
->enc_write_ctx
=NULL
;
1501 /* Fix this function so that it takes an optional type parameter */
1502 X509
*SSL_get_certificate(s
)
1505 if (s
->cert
!= NULL
)
1506 return(s
->cert
->key
->x509
);
1511 /* Fix this function so that it takes an optional type parameter */
1512 EVP_PKEY
*SSL_get_privatekey(s
)
1515 if (s
->cert
!= NULL
)
1516 return(s
->cert
->key
->privatekey
);
1521 SSL_CIPHER
*SSL_get_current_cipher(s
)
1524 if ((s
->session
!= NULL
) && (s
->session
->cipher
!= NULL
))
1525 return(s
->session
->cipher
);
1529 int ssl_init_wbio_buffer(s
,push
)
1535 if (s
->bbio
== NULL
)
1537 bbio
=BIO_new(BIO_f_buffer());
1538 if (bbio
== NULL
) return(0);
1544 if (s
->bbio
== s
->wbio
)
1545 s
->wbio
=BIO_pop(s
->wbio
);
1548 /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
1549 if (!BIO_set_read_buffer_size(bbio
,1))
1551 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER
,ERR_R_BUF_LIB
);
1556 if (s
->wbio
!= bbio
)
1557 s
->wbio
=BIO_push(bbio
,s
->wbio
);
1561 if (s
->wbio
== bbio
)
1562 s
->wbio
=BIO_pop(bbio
);
1567 void SSL_CTX_set_quiet_shutdown(ctx
,mode
)
1571 ctx
->quiet_shutdown
=mode
;
1574 int SSL_CTX_get_quiet_shutdown(ctx
)
1577 return(ctx
->quiet_shutdown
);
1580 void SSL_set_quiet_shutdown(s
,mode
)
1584 s
->quiet_shutdown
=mode
;
1587 int SSL_get_quiet_shutdown(s
)
1590 return(s
->quiet_shutdown
);
1593 void SSL_set_shutdown(s
,mode
)
1600 int SSL_get_shutdown(s
)
1603 return(s
->shutdown
);
1612 SSL_CTX
*SSL_get_SSL_CTX(ssl
)
1618 int SSL_CTX_set_default_verify_paths(ctx
)
1621 return(X509_STORE_set_default_paths(ctx
->cert_store
));
1624 int SSL_CTX_load_verify_locations(ctx
,CAfile
,CApath
)
1629 return(X509_STORE_load_locations(ctx
->cert_store
,CAfile
,CApath
));
1632 void SSL_set_info_callback(ssl
,cb
)
1636 ssl
->info_callback
=cb
;
1639 void (*SSL_get_info_callback(ssl
))()
1642 return(ssl
->info_callback
);
1651 void SSL_set_verify_result(ssl
,arg
)
1655 ssl
->verify_result
=arg
;
1658 long SSL_get_verify_result(ssl
)
1661 return(ssl
->verify_result
);
1664 int SSL_get_ex_new_index(argl
,argp
,new_func
,dup_func
,free_func
)
1669 void (*free_func
)();
1672 return(CRYPTO_get_ex_new_index(ssl_meth_num
-1,
1673 &ssl_meth
,argl
,argp
,new_func
,dup_func
,free_func
));
1676 int SSL_set_ex_data(s
,idx
,arg
)
1681 return(CRYPTO_set_ex_data(&s
->ex_data
,idx
,arg
));
1684 char *SSL_get_ex_data(s
,idx
)
1688 return(CRYPTO_get_ex_data(&s
->ex_data
,idx
));
1691 int SSL_CTX_get_ex_new_index(argl
,argp
,new_func
,dup_func
,free_func
)
1696 void (*free_func
)();
1699 return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num
-1,
1700 &ssl_ctx_meth
,argl
,argp
,new_func
,dup_func
,free_func
));
1703 int SSL_CTX_set_ex_data(s
,idx
,arg
)
1708 return(CRYPTO_set_ex_data(&s
->ex_data
,idx
,arg
));
1711 char *SSL_CTX_get_ex_data(s
,idx
)
1715 return(CRYPTO_get_ex_data(&s
->ex_data
,idx
));
1718 #if defined(_WINDLL) && defined(WIN16)
1719 #include "../crypto/bio/bss_file.c"