1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay (at) cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay (at) cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] 56 */ 57 /* ==================================================================== 58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 59 * 60 * Redistribution and use in source and binary forms, with or without 61 * modification, are permitted provided that the following conditions 62 * are met: 63 * 64 * 1. Redistributions of source code must retain the above copyright 65 * notice, this list of conditions and the following disclaimer. 66 * 67 * 2. Redistributions in binary form must reproduce the above copyright 68 * notice, this list of conditions and the following disclaimer in 69 * the documentation and/or other materials provided with the 70 * distribution. 71 * 72 * 3. All advertising materials mentioning features or use of this 73 * software must display the following acknowledgment: 74 * "This product includes software developed by the OpenSSL Project 75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 76 * 77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 78 * endorse or promote products derived from this software without 79 * prior written permission. For written permission, please contact 80 * openssl-core (at) openssl.org. 81 * 82 * 5. Products derived from this software may not be called "OpenSSL" 83 * nor may "OpenSSL" appear in their names without prior written 84 * permission of the OpenSSL Project. 85 * 86 * 6. Redistributions of any form whatsoever must retain the following 87 * acknowledgment: 88 * "This product includes software developed by the OpenSSL Project 89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 90 * 91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 102 * OF THE POSSIBILITY OF SUCH DAMAGE. 103 * ==================================================================== 104 * 105 * This product includes cryptographic software written by Eric Young 106 * (eay (at) cryptsoft.com). This product includes software written by Tim 107 * Hudson (tjh (at) cryptsoft.com). 108 * 109 */ 110 /* ==================================================================== 111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 112 * ECC cipher suite support in OpenSSL originally developed by 113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 114 */ 115 /* ==================================================================== 116 * Copyright 2005 Nokia. All rights reserved. 117 * 118 * The portions of the attached software ("Contribution") is developed by 119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 120 * license. 121 * 122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 124 * support (see RFC 4279) to OpenSSL. 125 * 126 * No patent licenses or other rights except those expressly stated in 127 * the OpenSSL open source license shall be deemed granted or received 128 * expressly, by implication, estoppel, or otherwise. 129 * 130 * No assurances are provided by Nokia that the Contribution does not 131 * infringe the patent or other intellectual property rights of any third 132 * party or that the license provides you with all the necessary rights 133 * to make use of the Contribution. 134 * 135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 139 * OTHERWISE. */ 140 141 #include <openssl/ssl.h> 142 143 #include <assert.h> 144 #include <stdio.h> 145 #include <string.h> 146 147 #include <openssl/bytestring.h> 148 #include <openssl/crypto.h> 149 #include <openssl/dh.h> 150 #include <openssl/err.h> 151 #include <openssl/lhash.h> 152 #include <openssl/mem.h> 153 #include <openssl/obj.h> 154 #include <openssl/rand.h> 155 #include <openssl/x509v3.h> 156 157 #include "internal.h" 158 #include "../crypto/internal.h" 159 160 161 /* |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it 162 * to avoid downstream churn. */ 163 OPENSSL_DECLARE_ERROR_REASON(SSL, UNKNOWN_PROTOCOL) 164 165 /* Some error codes are special. Ensure the make_errors.go script never 166 * regresses this. */ 167 OPENSSL_COMPILE_ASSERT(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION == 168 SSL_AD_NO_RENEGOTIATION + SSL_AD_REASON_OFFSET, 169 ssl_alert_reason_code_mismatch); 170 171 /* kMaxHandshakeSize is the maximum size, in bytes, of a handshake message. */ 172 static const size_t kMaxHandshakeSize = (1u << 24) - 1; 173 174 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl = 175 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA; 176 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl_ctx = 177 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA; 178 179 int SSL_library_init(void) { 180 CRYPTO_library_init(); 181 return 1; 182 } 183 184 static uint32_t ssl_session_hash(const SSL_SESSION *a) { 185 uint32_t hash = 186 ((uint32_t)a->session_id[0]) | 187 ((uint32_t)a->session_id[1] << 8) | 188 ((uint32_t)a->session_id[2] << 16) | 189 ((uint32_t)a->session_id[3] << 24); 190 191 return hash; 192 } 193 194 /* NB: If this function (or indeed the hash function which uses a sort of 195 * coarser function than this one) is changed, ensure 196 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being 197 * able to construct an SSL_SESSION that will collide with any existing session 198 * with a matching session ID. */ 199 static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { 200 if (a->ssl_version != b->ssl_version) { 201 return 1; 202 } 203 204 if (a->session_id_length != b->session_id_length) { 205 return 1; 206 } 207 208 return memcmp(a->session_id, b->session_id, a->session_id_length); 209 } 210 211 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) { 212 SSL_CTX *ret = NULL; 213 214 if (method == NULL) { 215 OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_METHOD_PASSED); 216 return NULL; 217 } 218 219 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 220 OPENSSL_PUT_ERROR(SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 221 goto err; 222 } 223 224 ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); 225 if (ret == NULL) { 226 goto err; 227 } 228 229 memset(ret, 0, sizeof(SSL_CTX)); 230 231 ret->method = method->method; 232 233 CRYPTO_MUTEX_init(&ret->lock); 234 235 ret->session_cache_mode = SSL_SESS_CACHE_SERVER; 236 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 237 238 /* We take the system default */ 239 ret->session_timeout = SSL_DEFAULT_SESSION_TIMEOUT; 240 241 ret->references = 1; 242 243 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; 244 ret->verify_mode = SSL_VERIFY_NONE; 245 ret->cert = ssl_cert_new(); 246 if (ret->cert == NULL) { 247 goto err; 248 } 249 250 ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp); 251 if (ret->sessions == NULL) { 252 goto err; 253 } 254 ret->cert_store = X509_STORE_new(); 255 if (ret->cert_store == NULL) { 256 goto err; 257 } 258 259 ssl_create_cipher_list(ret->method, &ret->cipher_list, 260 &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); 261 if (ret->cipher_list == NULL || 262 sk_SSL_CIPHER_num(ret->cipher_list->ciphers) <= 0) { 263 OPENSSL_PUT_ERROR(SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); 264 goto err2; 265 } 266 267 ret->param = X509_VERIFY_PARAM_new(); 268 if (!ret->param) { 269 goto err; 270 } 271 272 ret->client_CA = sk_X509_NAME_new_null(); 273 if (ret->client_CA == NULL) { 274 goto err; 275 } 276 277 CRYPTO_new_ex_data(&ret->ex_data); 278 279 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 280 281 /* Setup RFC4507 ticket keys */ 282 if (!RAND_bytes(ret->tlsext_tick_key_name, 16) || 283 !RAND_bytes(ret->tlsext_tick_hmac_key, 16) || 284 !RAND_bytes(ret->tlsext_tick_aes_key, 16)) { 285 ret->options |= SSL_OP_NO_TICKET; 286 } 287 288 /* Lock the SSL_CTX to the specified version, for compatibility with legacy 289 * uses of SSL_METHOD. */ 290 if (method->version != 0) { 291 SSL_CTX_set_max_version(ret, method->version); 292 SSL_CTX_set_min_version(ret, method->version); 293 } 294 295 return ret; 296 297 err: 298 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); 299 err2: 300 SSL_CTX_free(ret); 301 return NULL; 302 } 303 304 void SSL_CTX_free(SSL_CTX *ctx) { 305 if (ctx == NULL || 306 !CRYPTO_refcount_dec_and_test_zero(&ctx->references)) { 307 return; 308 } 309 310 X509_VERIFY_PARAM_free(ctx->param); 311 312 /* Free internal session cache. However: the remove_cb() may reference the 313 * ex_data of SSL_CTX, thus the ex_data store can only be removed after the 314 * sessions were flushed. As the ex_data handling routines might also touch 315 * the session cache, the most secure solution seems to be: empty (flush) the 316 * cache, then free ex_data, then finally free the cache. (See ticket 317 * [openssl.org #212].) */ 318 SSL_CTX_flush_sessions(ctx, 0); 319 320 CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data); 321 322 CRYPTO_MUTEX_cleanup(&ctx->lock); 323 lh_SSL_SESSION_free(ctx->sessions); 324 X509_STORE_free(ctx->cert_store); 325 ssl_cipher_preference_list_free(ctx->cipher_list); 326 sk_SSL_CIPHER_free(ctx->cipher_list_by_id); 327 ssl_cipher_preference_list_free(ctx->cipher_list_tls10); 328 ssl_cipher_preference_list_free(ctx->cipher_list_tls11); 329 ssl_cert_free(ctx->cert); 330 sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->client_custom_extensions, 331 SSL_CUSTOM_EXTENSION_free); 332 sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->server_custom_extensions, 333 SSL_CUSTOM_EXTENSION_free); 334 sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free); 335 sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles); 336 OPENSSL_free(ctx->psk_identity_hint); 337 OPENSSL_free(ctx->tlsext_ellipticcurvelist); 338 OPENSSL_free(ctx->alpn_client_proto_list); 339 OPENSSL_free(ctx->ocsp_response); 340 OPENSSL_free(ctx->signed_cert_timestamp_list); 341 EVP_PKEY_free(ctx->tlsext_channel_id_private); 342 343 OPENSSL_free(ctx); 344 } 345 346 SSL *SSL_new(SSL_CTX *ctx) { 347 if (ctx == NULL) { 348 OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_CTX); 349 return NULL; 350 } 351 if (ctx->method == NULL) { 352 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 353 return NULL; 354 } 355 356 SSL *ssl = (SSL *)OPENSSL_malloc(sizeof(SSL)); 357 if (ssl == NULL) { 358 goto err; 359 } 360 memset(ssl, 0, sizeof(SSL)); 361 362 ssl->min_version = ctx->min_version; 363 ssl->max_version = ctx->max_version; 364 365 ssl->options = ctx->options; 366 ssl->mode = ctx->mode; 367 ssl->max_cert_list = ctx->max_cert_list; 368 369 ssl->cert = ssl_cert_dup(ctx->cert); 370 if (ssl->cert == NULL) { 371 goto err; 372 } 373 374 ssl->msg_callback = ctx->msg_callback; 375 ssl->msg_callback_arg = ctx->msg_callback_arg; 376 ssl->verify_mode = ctx->verify_mode; 377 ssl->sid_ctx_length = ctx->sid_ctx_length; 378 assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx); 379 memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); 380 ssl->verify_callback = ctx->default_verify_callback; 381 382 ssl->param = X509_VERIFY_PARAM_new(); 383 if (!ssl->param) { 384 goto err; 385 } 386 X509_VERIFY_PARAM_inherit(ssl->param, ctx->param); 387 ssl->quiet_shutdown = ctx->quiet_shutdown; 388 ssl->max_send_fragment = ctx->max_send_fragment; 389 390 CRYPTO_refcount_inc(&ctx->references); 391 ssl->ctx = ctx; 392 CRYPTO_refcount_inc(&ctx->references); 393 ssl->initial_ctx = ctx; 394 395 if (ctx->tlsext_ellipticcurvelist) { 396 ssl->tlsext_ellipticcurvelist = 397 BUF_memdup(ctx->tlsext_ellipticcurvelist, 398 ctx->tlsext_ellipticcurvelist_length * 2); 399 if (!ssl->tlsext_ellipticcurvelist) { 400 goto err; 401 } 402 ssl->tlsext_ellipticcurvelist_length = ctx->tlsext_ellipticcurvelist_length; 403 } 404 405 if (ssl->ctx->alpn_client_proto_list) { 406 ssl->alpn_client_proto_list = BUF_memdup( 407 ssl->ctx->alpn_client_proto_list, ssl->ctx->alpn_client_proto_list_len); 408 if (ssl->alpn_client_proto_list == NULL) { 409 goto err; 410 } 411 ssl->alpn_client_proto_list_len = ssl->ctx->alpn_client_proto_list_len; 412 } 413 414 ssl->verify_result = X509_V_OK; 415 ssl->method = ctx->method; 416 417 if (!ssl->method->ssl_new(ssl)) { 418 goto err; 419 } 420 ssl->enc_method = ssl3_get_enc_method(ssl->version); 421 assert(ssl->enc_method != NULL); 422 423 ssl->rwstate = SSL_NOTHING; 424 425 CRYPTO_new_ex_data(&ssl->ex_data); 426 427 ssl->psk_identity_hint = NULL; 428 if (ctx->psk_identity_hint) { 429 ssl->psk_identity_hint = BUF_strdup(ctx->psk_identity_hint); 430 if (ssl->psk_identity_hint == NULL) { 431 goto err; 432 } 433 } 434 ssl->psk_client_callback = ctx->psk_client_callback; 435 ssl->psk_server_callback = ctx->psk_server_callback; 436 437 ssl->tlsext_channel_id_enabled = ctx->tlsext_channel_id_enabled; 438 if (ctx->tlsext_channel_id_private) { 439 ssl->tlsext_channel_id_private = 440 EVP_PKEY_up_ref(ctx->tlsext_channel_id_private); 441 } 442 443 ssl->signed_cert_timestamps_enabled = 444 ssl->ctx->signed_cert_timestamps_enabled; 445 ssl->ocsp_stapling_enabled = ssl->ctx->ocsp_stapling_enabled; 446 447 return ssl; 448 449 err: 450 SSL_free(ssl); 451 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); 452 453 return NULL; 454 } 455 456 void SSL_free(SSL *ssl) { 457 if (ssl == NULL) { 458 return; 459 } 460 461 X509_VERIFY_PARAM_free(ssl->param); 462 463 CRYPTO_free_ex_data(&g_ex_data_class_ssl, ssl, &ssl->ex_data); 464 465 if (ssl->bbio != NULL) { 466 /* If the buffering BIO is in place, pop it off */ 467 if (ssl->bbio == ssl->wbio) { 468 ssl->wbio = BIO_pop(ssl->wbio); 469 } 470 BIO_free(ssl->bbio); 471 ssl->bbio = NULL; 472 } 473 474 int free_wbio = ssl->wbio != ssl->rbio; 475 BIO_free_all(ssl->rbio); 476 if (free_wbio) { 477 BIO_free_all(ssl->wbio); 478 } 479 480 BUF_MEM_free(ssl->init_buf); 481 482 /* add extra stuff */ 483 ssl_cipher_preference_list_free(ssl->cipher_list); 484 sk_SSL_CIPHER_free(ssl->cipher_list_by_id); 485 486 ssl_clear_bad_session(ssl); 487 SSL_SESSION_free(ssl->session); 488 489 ssl_clear_cipher_ctx(ssl); 490 491 ssl_cert_free(ssl->cert); 492 493 OPENSSL_free(ssl->tlsext_hostname); 494 SSL_CTX_free(ssl->initial_ctx); 495 OPENSSL_free(ssl->tlsext_ellipticcurvelist); 496 OPENSSL_free(ssl->alpn_client_proto_list); 497 EVP_PKEY_free(ssl->tlsext_channel_id_private); 498 OPENSSL_free(ssl->psk_identity_hint); 499 sk_X509_NAME_pop_free(ssl->client_CA, X509_NAME_free); 500 OPENSSL_free(ssl->next_proto_negotiated); 501 sk_SRTP_PROTECTION_PROFILE_free(ssl->srtp_profiles); 502 503 if (ssl->method != NULL) { 504 ssl->method->ssl_free(ssl); 505 } 506 SSL_CTX_free(ssl->ctx); 507 508 OPENSSL_free(ssl); 509 } 510 511 void SSL_set_connect_state(SSL *ssl) { 512 ssl->server = 0; 513 ssl->shutdown = 0; 514 ssl->state = SSL_ST_CONNECT; 515 ssl->handshake_func = ssl->method->ssl_connect; 516 /* clear the current cipher */ 517 ssl_clear_cipher_ctx(ssl); 518 } 519 520 void SSL_set_accept_state(SSL *ssl) { 521 ssl->server = 1; 522 ssl->shutdown = 0; 523 ssl->state = SSL_ST_ACCEPT; 524 ssl->handshake_func = ssl->method->ssl_accept; 525 /* clear the current cipher */ 526 ssl_clear_cipher_ctx(ssl); 527 } 528 529 void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) { 530 /* If the output buffering BIO is still in place, remove it. */ 531 if (ssl->bbio != NULL) { 532 if (ssl->wbio == ssl->bbio) { 533 ssl->wbio = ssl->wbio->next_bio; 534 ssl->bbio->next_bio = NULL; 535 } 536 } 537 538 if (ssl->rbio != rbio) { 539 BIO_free_all(ssl->rbio); 540 } 541 if (ssl->wbio != wbio && ssl->rbio != ssl->wbio) { 542 BIO_free_all(ssl->wbio); 543 } 544 ssl->rbio = rbio; 545 ssl->wbio = wbio; 546 } 547 548 BIO *SSL_get_rbio(const SSL *ssl) { return ssl->rbio; } 549 550 BIO *SSL_get_wbio(const SSL *ssl) { return ssl->wbio; } 551 552 int SSL_do_handshake(SSL *ssl) { 553 if (ssl->handshake_func == NULL) { 554 OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_TYPE_NOT_SET); 555 return -1; 556 } 557 558 if (!SSL_in_init(ssl)) { 559 return 1; 560 } 561 562 return ssl->handshake_func(ssl); 563 } 564 565 int SSL_connect(SSL *ssl) { 566 if (ssl->handshake_func == 0) { 567 /* Not properly initialized yet */ 568 SSL_set_connect_state(ssl); 569 } 570 571 if (ssl->handshake_func != ssl->method->ssl_connect) { 572 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 573 return -1; 574 } 575 576 return ssl->handshake_func(ssl); 577 } 578 579 int SSL_accept(SSL *ssl) { 580 if (ssl->handshake_func == 0) { 581 /* Not properly initialized yet */ 582 SSL_set_accept_state(ssl); 583 } 584 585 if (ssl->handshake_func != ssl->method->ssl_accept) { 586 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 587 return -1; 588 } 589 590 return ssl->handshake_func(ssl); 591 } 592 593 int SSL_read(SSL *ssl, void *buf, int num) { 594 if (ssl->handshake_func == 0) { 595 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED); 596 return -1; 597 } 598 599 if (ssl->shutdown & SSL_RECEIVED_SHUTDOWN) { 600 ssl->rwstate = SSL_NOTHING; 601 return 0; 602 } 603 604 ERR_clear_system_error(); 605 return ssl->method->ssl_read_app_data(ssl, buf, num, 0); 606 } 607 608 int SSL_peek(SSL *ssl, void *buf, int num) { 609 if (ssl->handshake_func == 0) { 610 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED); 611 return -1; 612 } 613 614 if (ssl->shutdown & SSL_RECEIVED_SHUTDOWN) { 615 return 0; 616 } 617 618 ERR_clear_system_error(); 619 return ssl->method->ssl_read_app_data(ssl, buf, num, 1); 620 } 621 622 int SSL_write(SSL *ssl, const void *buf, int num) { 623 if (ssl->handshake_func == 0) { 624 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED); 625 return -1; 626 } 627 628 if (ssl->shutdown & SSL_SENT_SHUTDOWN) { 629 ssl->rwstate = SSL_NOTHING; 630 OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN); 631 return -1; 632 } 633 634 ERR_clear_system_error(); 635 return ssl->method->ssl_write_app_data(ssl, buf, num); 636 } 637 638 int SSL_shutdown(SSL *ssl) { 639 /* Note that this function behaves differently from what one might expect. 640 * Return values are 0 for no success (yet), 1 for success; but calling it 641 * once is usually not enough, even if blocking I/O is used (see 642 * ssl3_shutdown). */ 643 644 if (ssl->handshake_func == 0) { 645 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED); 646 return -1; 647 } 648 649 if (SSL_in_init(ssl)) { 650 return 1; 651 } 652 653 /* Do nothing if configured not to send a close_notify. */ 654 if (ssl->quiet_shutdown) { 655 ssl->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN; 656 return 1; 657 } 658 659 if (!(ssl->shutdown & SSL_SENT_SHUTDOWN)) { 660 ssl->shutdown |= SSL_SENT_SHUTDOWN; 661 ssl3_send_alert(ssl, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 662 663 /* our shutdown alert has been sent now, and if it still needs to be 664 * written, ssl->s3->alert_dispatch will be true */ 665 if (ssl->s3->alert_dispatch) { 666 return -1; /* return WANT_WRITE */ 667 } 668 } else if (ssl->s3->alert_dispatch) { 669 /* resend it if not sent */ 670 int ret = ssl->method->ssl_dispatch_alert(ssl); 671 if (ret == -1) { 672 /* we only get to return -1 here the 2nd/Nth invocation, we must have 673 * already signalled return 0 upon a previous invoation, return 674 * WANT_WRITE */ 675 return ret; 676 } 677 } else if (!(ssl->shutdown & SSL_RECEIVED_SHUTDOWN)) { 678 /* If we are waiting for a close from our peer, we are closed */ 679 ssl->method->ssl_read_close_notify(ssl); 680 if (!(ssl->shutdown & SSL_RECEIVED_SHUTDOWN)) { 681 return -1; /* return WANT_READ */ 682 } 683 } 684 685 if (ssl->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN) && 686 !ssl->s3->alert_dispatch) { 687 return 1; 688 } else { 689 return 0; 690 } 691 } 692 693 int SSL_get_error(const SSL *ssl, int ret_code) { 694 int reason; 695 uint32_t err; 696 BIO *bio; 697 698 if (ret_code > 0) { 699 return SSL_ERROR_NONE; 700 } 701 702 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc, 703 * where we do encode the error */ 704 err = ERR_peek_error(); 705 if (err != 0) { 706 if (ERR_GET_LIB(err) == ERR_LIB_SYS) { 707 return SSL_ERROR_SYSCALL; 708 } 709 return SSL_ERROR_SSL; 710 } 711 712 if (ret_code == 0) { 713 if ((ssl->shutdown & SSL_RECEIVED_SHUTDOWN) && 714 (ssl->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) { 715 /* The socket was cleanly shut down with a close_notify. */ 716 return SSL_ERROR_ZERO_RETURN; 717 } 718 /* An EOF was observed which violates the protocol, and the underlying 719 * transport does not participate in the error queue. Bubble up to the 720 * caller. */ 721 return SSL_ERROR_SYSCALL; 722 } 723 724 if (SSL_want_session(ssl)) { 725 return SSL_ERROR_PENDING_SESSION; 726 } 727 728 if (SSL_want_certificate(ssl)) { 729 return SSL_ERROR_PENDING_CERTIFICATE; 730 } 731 732 if (SSL_want_read(ssl)) { 733 bio = SSL_get_rbio(ssl); 734 if (BIO_should_read(bio)) { 735 return SSL_ERROR_WANT_READ; 736 } 737 738 if (BIO_should_write(bio)) { 739 /* This one doesn't make too much sense ... We never try to write to the 740 * rbio, and an application program where rbio and wbio are separate 741 * couldn't even know what it should wait for. However if we ever set 742 * ssl->rwstate incorrectly (so that we have SSL_want_read(ssl) instead of 743 * SSL_want_write(ssl)) and rbio and wbio *are* the same, this test works 744 * around that bug; so it might be safer to keep it. */ 745 return SSL_ERROR_WANT_WRITE; 746 } 747 748 if (BIO_should_io_special(bio)) { 749 reason = BIO_get_retry_reason(bio); 750 if (reason == BIO_RR_CONNECT) { 751 return SSL_ERROR_WANT_CONNECT; 752 } 753 754 if (reason == BIO_RR_ACCEPT) { 755 return SSL_ERROR_WANT_ACCEPT; 756 } 757 758 return SSL_ERROR_SYSCALL; /* unknown */ 759 } 760 } 761 762 if (SSL_want_write(ssl)) { 763 bio = SSL_get_wbio(ssl); 764 if (BIO_should_write(bio)) { 765 return SSL_ERROR_WANT_WRITE; 766 } 767 768 if (BIO_should_read(bio)) { 769 /* See above (SSL_want_read(ssl) with BIO_should_write(bio)) */ 770 return SSL_ERROR_WANT_READ; 771 } 772 773 if (BIO_should_io_special(bio)) { 774 reason = BIO_get_retry_reason(bio); 775 if (reason == BIO_RR_CONNECT) { 776 return SSL_ERROR_WANT_CONNECT; 777 } 778 779 if (reason == BIO_RR_ACCEPT) { 780 return SSL_ERROR_WANT_ACCEPT; 781 } 782 783 return SSL_ERROR_SYSCALL; 784 } 785 } 786 787 if (SSL_want_x509_lookup(ssl)) { 788 return SSL_ERROR_WANT_X509_LOOKUP; 789 } 790 791 if (SSL_want_channel_id_lookup(ssl)) { 792 return SSL_ERROR_WANT_CHANNEL_ID_LOOKUP; 793 } 794 795 if (SSL_want_private_key_operation(ssl)) { 796 return SSL_ERROR_WANT_PRIVATE_KEY_OPERATION; 797 } 798 799 return SSL_ERROR_SYSCALL; 800 } 801 802 void SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version) { 803 ctx->min_version = version; 804 } 805 806 void SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version) { 807 ctx->max_version = version; 808 } 809 810 void SSL_set_min_version(SSL *ssl, uint16_t version) { 811 ssl->min_version = version; 812 } 813 814 void SSL_set_max_version(SSL *ssl, uint16_t version) { 815 ssl->max_version = version; 816 } 817 818 uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) { 819 ctx->options |= options; 820 return ctx->options; 821 } 822 823 uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options) { 824 ctx->options &= ~options; 825 return ctx->options; 826 } 827 828 uint32_t SSL_CTX_get_options(const SSL_CTX *ctx) { return ctx->options; } 829 830 uint32_t SSL_set_options(SSL *ssl, uint32_t options) { 831 ssl->options |= options; 832 return ssl->options; 833 } 834 835 uint32_t SSL_clear_options(SSL *ssl, uint32_t options) { 836 ssl->options &= ~options; 837 return ssl->options; 838 } 839 840 uint32_t SSL_get_options(const SSL *ssl) { return ssl->options; } 841 842 uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode) { 843 ctx->mode |= mode; 844 return ctx->mode; 845 } 846 847 uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode) { 848 ctx->mode &= ~mode; 849 return ctx->mode; 850 } 851 852 uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx) { return ctx->mode; } 853 854 uint32_t SSL_set_mode(SSL *ssl, uint32_t mode) { 855 ssl->mode |= mode; 856 return ssl->mode; 857 } 858 859 uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode) { 860 ssl->mode &= ~mode; 861 return ssl->mode; 862 } 863 864 uint32_t SSL_get_mode(const SSL *ssl) { return ssl->mode; } 865 866 X509 *SSL_get_peer_certificate(const SSL *ssl) { 867 if (ssl == NULL || ssl->session == NULL || ssl->session->peer == NULL) { 868 return NULL; 869 } 870 return X509_up_ref(ssl->session->peer); 871 } 872 873 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl) { 874 if (ssl == NULL || ssl->session == NULL) { 875 return NULL; 876 } 877 return ssl->session->cert_chain; 878 } 879 880 int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len, 881 size_t max_out) { 882 /* The tls-unique value is the first Finished message in the handshake, which 883 * is the client's in a full handshake and the server's for a resumption. See 884 * https://tools.ietf.org/html/rfc5929#section-3.1. */ 885 const uint8_t *finished = ssl->s3->previous_client_finished; 886 size_t finished_len = ssl->s3->previous_client_finished_len; 887 if (ssl->hit) { 888 /* tls-unique is broken for resumed sessions unless EMS is used. */ 889 if (!ssl->session->extended_master_secret) { 890 goto err; 891 } 892 finished = ssl->s3->previous_server_finished; 893 finished_len = ssl->s3->previous_server_finished_len; 894 } 895 896 if (!ssl->s3->initial_handshake_complete || 897 ssl->version < TLS1_VERSION) { 898 goto err; 899 } 900 901 *out_len = finished_len; 902 if (finished_len > max_out) { 903 *out_len = max_out; 904 } 905 906 memcpy(out, finished, *out_len); 907 return 1; 908 909 err: 910 *out_len = 0; 911 memset(out, 0, max_out); 912 return 0; 913 } 914 915 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const uint8_t *sid_ctx, 916 unsigned sid_ctx_len) { 917 if (sid_ctx_len > sizeof(ctx->sid_ctx)) { 918 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 919 return 0; 920 } 921 ctx->sid_ctx_length = sid_ctx_len; 922 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); 923 924 return 1; 925 } 926 927 int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx, 928 unsigned sid_ctx_len) { 929 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 930 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 931 return 0; 932 } 933 ssl->sid_ctx_length = sid_ctx_len; 934 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); 935 936 return 1; 937 } 938 939 int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose) { 940 return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); 941 } 942 943 int SSL_set_purpose(SSL *ssl, int purpose) { 944 return X509_VERIFY_PARAM_set_purpose(ssl->param, purpose); 945 } 946 947 int SSL_CTX_set_trust(SSL_CTX *ctx, int trust) { 948 return X509_VERIFY_PARAM_set_trust(ctx->param, trust); 949 } 950 951 int SSL_set_trust(SSL *ssl, int trust) { 952 return X509_VERIFY_PARAM_set_trust(ssl->param, trust); 953 } 954 955 int SSL_CTX_set1_param(SSL_CTX *ctx, const X509_VERIFY_PARAM *param) { 956 return X509_VERIFY_PARAM_set1(ctx->param, param); 957 } 958 959 int SSL_set1_param(SSL *ssl, const X509_VERIFY_PARAM *param) { 960 return X509_VERIFY_PARAM_set1(ssl->param, param); 961 } 962 963 void ssl_cipher_preference_list_free( 964 struct ssl_cipher_preference_list_st *cipher_list) { 965 if (cipher_list == NULL) { 966 return; 967 } 968 sk_SSL_CIPHER_free(cipher_list->ciphers); 969 OPENSSL_free(cipher_list->in_group_flags); 970 OPENSSL_free(cipher_list); 971 } 972 973 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) { return ctx->param; } 974 975 X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) { return ssl->param; } 976 977 void SSL_certs_clear(SSL *ssl) { ssl_cert_clear_certs(ssl->cert); } 978 979 int SSL_get_fd(const SSL *ssl) { return SSL_get_rfd(ssl); } 980 981 int SSL_get_rfd(const SSL *ssl) { 982 int ret = -1; 983 BIO *b = BIO_find_type(SSL_get_rbio(ssl), BIO_TYPE_DESCRIPTOR); 984 if (b != NULL) { 985 BIO_get_fd(b, &ret); 986 } 987 return ret; 988 } 989 990 int SSL_get_wfd(const SSL *ssl) { 991 int ret = -1; 992 BIO *b = BIO_find_type(SSL_get_wbio(ssl), BIO_TYPE_DESCRIPTOR); 993 if (b != NULL) { 994 BIO_get_fd(b, &ret); 995 } 996 return ret; 997 } 998 999 int SSL_set_fd(SSL *ssl, int fd) { 1000 BIO *bio = BIO_new(BIO_s_fd()); 1001 if (bio == NULL) { 1002 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); 1003 return 0; 1004 } 1005 BIO_set_fd(bio, fd, BIO_NOCLOSE); 1006 SSL_set_bio(ssl, bio, bio); 1007 return 1; 1008 } 1009 1010 int SSL_set_wfd(SSL *ssl, int fd) { 1011 if (ssl->rbio == NULL || 1012 BIO_method_type(ssl->rbio) != BIO_TYPE_FD || 1013 BIO_get_fd(ssl->rbio, NULL) != fd) { 1014 BIO *bio = BIO_new(BIO_s_fd()); 1015 if (bio == NULL) { 1016 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); 1017 return 0; 1018 } 1019 BIO_set_fd(bio, fd, BIO_NOCLOSE); 1020 SSL_set_bio(ssl, SSL_get_rbio(ssl), bio); 1021 } else { 1022 SSL_set_bio(ssl, SSL_get_rbio(ssl), SSL_get_rbio(ssl)); 1023 } 1024 1025 return 1; 1026 } 1027 1028 int SSL_set_rfd(SSL *ssl, int fd) { 1029 if (ssl->wbio == NULL || BIO_method_type(ssl->wbio) != BIO_TYPE_FD || 1030 BIO_get_fd(ssl->wbio, NULL) != fd) { 1031 BIO *bio = BIO_new(BIO_s_fd()); 1032 if (bio == NULL) { 1033 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); 1034 return 0; 1035 } 1036 BIO_set_fd(bio, fd, BIO_NOCLOSE); 1037 SSL_set_bio(ssl, bio, SSL_get_wbio(ssl)); 1038 } else { 1039 SSL_set_bio(ssl, SSL_get_wbio(ssl), SSL_get_wbio(ssl)); 1040 } 1041 return 1; 1042 } 1043 1044 size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) { 1045 size_t ret = 0; 1046 1047 if (ssl->s3 != NULL) { 1048 ret = ssl->s3->tmp.finish_md_len; 1049 if (count > ret) { 1050 count = ret; 1051 } 1052 memcpy(buf, ssl->s3->tmp.finish_md, count); 1053 } 1054 1055 return ret; 1056 } 1057 1058 size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) { 1059 size_t ret = 0; 1060 1061 if (ssl->s3 != NULL) { 1062 ret = ssl->s3->tmp.peer_finish_md_len; 1063 if (count > ret) { 1064 count = ret; 1065 } 1066 memcpy(buf, ssl->s3->tmp.peer_finish_md, count); 1067 } 1068 1069 return ret; 1070 } 1071 1072 int SSL_get_verify_mode(const SSL *ssl) { return ssl->verify_mode; } 1073 1074 int SSL_get_verify_depth(const SSL *ssl) { 1075 return X509_VERIFY_PARAM_get_depth(ssl->param); 1076 } 1077 1078 int SSL_get_extms_support(const SSL *ssl) { 1079 return ssl->s3->tmp.extended_master_secret == 1; 1080 } 1081 1082 int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *) { 1083 return ssl->verify_callback; 1084 } 1085 1086 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) { return ctx->verify_mode; } 1087 1088 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) { 1089 return X509_VERIFY_PARAM_get_depth(ctx->param); 1090 } 1091 1092 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))( 1093 int ok, X509_STORE_CTX *store_ctx) { 1094 return ctx->default_verify_callback; 1095 } 1096 1097 void SSL_set_verify(SSL *ssl, int mode, 1098 int (*callback)(int ok, X509_STORE_CTX *store_ctx)) { 1099 ssl->verify_mode = mode; 1100 if (callback != NULL) { 1101 ssl->verify_callback = callback; 1102 } 1103 } 1104 1105 void SSL_set_verify_depth(SSL *ssl, int depth) { 1106 X509_VERIFY_PARAM_set_depth(ssl->param, depth); 1107 } 1108 1109 int SSL_CTX_get_read_ahead(const SSL_CTX *ctx) { return 0; } 1110 1111 int SSL_get_read_ahead(const SSL *ssl) { return 0; } 1112 1113 void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { } 1114 1115 void SSL_set_read_ahead(SSL *ssl, int yes) { } 1116 1117 int SSL_pending(const SSL *ssl) { 1118 if (ssl->s3->rrec.type != SSL3_RT_APPLICATION_DATA) { 1119 return 0; 1120 } 1121 return ssl->s3->rrec.length; 1122 } 1123 1124 /* Fix this so it checks all the valid key/cert options */ 1125 int SSL_CTX_check_private_key(const SSL_CTX *ctx) { 1126 if (ctx->cert->x509 == NULL) { 1127 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED); 1128 return 0; 1129 } 1130 1131 if (ctx->cert->privatekey == NULL) { 1132 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 1133 return 0; 1134 } 1135 1136 return X509_check_private_key(ctx->cert->x509, ctx->cert->privatekey); 1137 } 1138 1139 /* Fix this function so that it takes an optional type parameter */ 1140 int SSL_check_private_key(const SSL *ssl) { 1141 if (ssl->cert->x509 == NULL) { 1142 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED); 1143 return 0; 1144 } 1145 1146 if (ssl->cert->privatekey == NULL) { 1147 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 1148 return 0; 1149 } 1150 1151 return X509_check_private_key(ssl->cert->x509, ssl->cert->privatekey); 1152 } 1153 1154 long SSL_get_default_timeout(const SSL *ssl) { 1155 return SSL_DEFAULT_SESSION_TIMEOUT; 1156 } 1157 1158 int SSL_renegotiate(SSL *ssl) { 1159 /* Caller-initiated renegotiation is not supported. */ 1160 OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1161 return 0; 1162 } 1163 1164 int SSL_renegotiate_pending(SSL *ssl) { 1165 return SSL_in_init(ssl) && ssl->s3->initial_handshake_complete; 1166 } 1167 1168 size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx) { 1169 return ctx->max_cert_list; 1170 } 1171 1172 void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, size_t max_cert_list) { 1173 if (max_cert_list > kMaxHandshakeSize) { 1174 max_cert_list = kMaxHandshakeSize; 1175 } 1176 ctx->max_cert_list = (uint32_t)max_cert_list; 1177 } 1178 1179 size_t SSL_get_max_cert_list(const SSL *ssl) { 1180 return ssl->max_cert_list; 1181 } 1182 1183 void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) { 1184 if (max_cert_list > kMaxHandshakeSize) { 1185 max_cert_list = kMaxHandshakeSize; 1186 } 1187 ssl->max_cert_list = (uint32_t)max_cert_list; 1188 } 1189 1190 void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) { 1191 if (max_send_fragment < 512) { 1192 max_send_fragment = 512; 1193 } 1194 if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { 1195 max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1196 } 1197 ctx->max_send_fragment = (uint16_t)max_send_fragment; 1198 } 1199 1200 void SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) { 1201 if (max_send_fragment < 512) { 1202 max_send_fragment = 512; 1203 } 1204 if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { 1205 max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1206 } 1207 ssl->max_send_fragment = (uint16_t)max_send_fragment; 1208 } 1209 1210 int SSL_set_mtu(SSL *ssl, unsigned mtu) { 1211 if (!SSL_IS_DTLS(ssl) || mtu < dtls1_min_mtu()) { 1212 return 0; 1213 } 1214 ssl->d1->mtu = mtu; 1215 return 1; 1216 } 1217 1218 int SSL_get_secure_renegotiation_support(const SSL *ssl) { 1219 return ssl->s3->send_connection_binding; 1220 } 1221 1222 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; } 1223 1224 size_t SSL_CTX_sess_number(const SSL_CTX *ctx) { 1225 return lh_SSL_SESSION_num_items(ctx->sessions); 1226 } 1227 1228 unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, unsigned long size) { 1229 unsigned long ret = ctx->session_cache_size; 1230 ctx->session_cache_size = size; 1231 return ret; 1232 } 1233 1234 unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx) { 1235 return ctx->session_cache_size; 1236 } 1237 1238 int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode) { 1239 int ret = ctx->session_cache_mode; 1240 ctx->session_cache_mode = mode; 1241 return ret; 1242 } 1243 1244 int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx) { 1245 return ctx->session_cache_mode; 1246 } 1247 1248 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) { 1249 if (ssl == NULL) { 1250 return NULL; 1251 } 1252 1253 if (ssl->cipher_list != NULL) { 1254 return ssl->cipher_list->ciphers; 1255 } 1256 1257 if (ssl->version >= TLS1_1_VERSION && ssl->ctx != NULL && 1258 ssl->ctx->cipher_list_tls11 != NULL) { 1259 return ssl->ctx->cipher_list_tls11->ciphers; 1260 } 1261 1262 if (ssl->version >= TLS1_VERSION && ssl->ctx != NULL && 1263 ssl->ctx->cipher_list_tls10 != NULL) { 1264 return ssl->ctx->cipher_list_tls10->ciphers; 1265 } 1266 1267 if (ssl->ctx != NULL && ssl->ctx->cipher_list != NULL) { 1268 return ssl->ctx->cipher_list->ciphers; 1269 } 1270 1271 return NULL; 1272 } 1273 1274 /* return a STACK of the ciphers available for the SSL and in order of 1275 * algorithm id */ 1276 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *ssl) { 1277 if (ssl == NULL) { 1278 return NULL; 1279 } 1280 1281 if (ssl->cipher_list_by_id != NULL) { 1282 return ssl->cipher_list_by_id; 1283 } 1284 1285 if (ssl->ctx != NULL && ssl->ctx->cipher_list_by_id != NULL) { 1286 return ssl->ctx->cipher_list_by_id; 1287 } 1288 1289 return NULL; 1290 } 1291 1292 const char *SSL_get_cipher_list(const SSL *ssl, int n) { 1293 const SSL_CIPHER *c; 1294 STACK_OF(SSL_CIPHER) *sk; 1295 1296 if (ssl == NULL) { 1297 return NULL; 1298 } 1299 1300 sk = SSL_get_ciphers(ssl); 1301 if (sk == NULL || n < 0 || (size_t)n >= sk_SSL_CIPHER_num(sk)) { 1302 return NULL; 1303 } 1304 1305 c = sk_SSL_CIPHER_value(sk, n); 1306 if (c == NULL) { 1307 return NULL; 1308 } 1309 1310 return c->name; 1311 } 1312 1313 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { 1314 STACK_OF(SSL_CIPHER) *cipher_list = ssl_create_cipher_list( 1315 ctx->method, &ctx->cipher_list, &ctx->cipher_list_by_id, str); 1316 if (cipher_list == NULL) { 1317 return 0; 1318 } 1319 1320 /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */ 1321 if (sk_SSL_CIPHER_num(cipher_list) == 0) { 1322 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH); 1323 return 0; 1324 } 1325 1326 return 1; 1327 } 1328 1329 int SSL_CTX_set_cipher_list_tls10(SSL_CTX *ctx, const char *str) { 1330 STACK_OF(SSL_CIPHER) *cipher_list = ssl_create_cipher_list( 1331 ctx->method, &ctx->cipher_list_tls10, NULL, str); 1332 if (cipher_list == NULL) { 1333 return 0; 1334 } 1335 1336 /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */ 1337 if (sk_SSL_CIPHER_num(cipher_list) == 0) { 1338 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH); 1339 return 0; 1340 } 1341 1342 return 1; 1343 } 1344 1345 int SSL_CTX_set_cipher_list_tls11(SSL_CTX *ctx, const char *str) { 1346 STACK_OF(SSL_CIPHER) *cipher_list = ssl_create_cipher_list( 1347 ctx->method, &ctx->cipher_list_tls11, NULL, str); 1348 if (cipher_list == NULL) { 1349 return 0; 1350 } 1351 1352 /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */ 1353 if (sk_SSL_CIPHER_num(cipher_list) == 0) { 1354 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH); 1355 return 0; 1356 } 1357 1358 return 1; 1359 } 1360 1361 int SSL_set_cipher_list(SSL *ssl, const char *str) { 1362 STACK_OF(SSL_CIPHER) *cipher_list = ssl_create_cipher_list( 1363 ssl->ctx->method, &ssl->cipher_list, &ssl->cipher_list_by_id, str); 1364 if (cipher_list == NULL) { 1365 return 0; 1366 } 1367 1368 /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */ 1369 if (sk_SSL_CIPHER_num(cipher_list) == 0) { 1370 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH); 1371 return 0; 1372 } 1373 1374 return 1; 1375 } 1376 1377 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *ssl, const CBS *cbs) { 1378 CBS cipher_suites = *cbs; 1379 const SSL_CIPHER *c; 1380 STACK_OF(SSL_CIPHER) *sk; 1381 1382 if (ssl->s3) { 1383 ssl->s3->send_connection_binding = 0; 1384 } 1385 1386 if (CBS_len(&cipher_suites) % 2 != 0) { 1387 OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 1388 return NULL; 1389 } 1390 1391 sk = sk_SSL_CIPHER_new_null(); 1392 if (sk == NULL) { 1393 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); 1394 goto err; 1395 } 1396 1397 while (CBS_len(&cipher_suites) > 0) { 1398 uint16_t cipher_suite; 1399 1400 if (!CBS_get_u16(&cipher_suites, &cipher_suite)) { 1401 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 1402 goto err; 1403 } 1404 1405 /* Check for SCSV. */ 1406 if (ssl->s3 && cipher_suite == (SSL3_CK_SCSV & 0xffff)) { 1407 /* SCSV is fatal if renegotiating. */ 1408 if (ssl->s3->initial_handshake_complete) { 1409 OPENSSL_PUT_ERROR(SSL, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); 1410 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1411 goto err; 1412 } 1413 ssl->s3->send_connection_binding = 1; 1414 continue; 1415 } 1416 1417 /* Check for FALLBACK_SCSV. */ 1418 if (ssl->s3 && cipher_suite == (SSL3_CK_FALLBACK_SCSV & 0xffff)) { 1419 uint16_t max_version = ssl3_get_max_server_version(ssl); 1420 if (SSL_IS_DTLS(ssl) ? (uint16_t)ssl->version > max_version 1421 : (uint16_t)ssl->version < max_version) { 1422 OPENSSL_PUT_ERROR(SSL, SSL_R_INAPPROPRIATE_FALLBACK); 1423 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL3_AD_INAPPROPRIATE_FALLBACK); 1424 goto err; 1425 } 1426 continue; 1427 } 1428 1429 c = SSL_get_cipher_by_value(cipher_suite); 1430 if (c != NULL && !sk_SSL_CIPHER_push(sk, c)) { 1431 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); 1432 goto err; 1433 } 1434 } 1435 1436 return sk; 1437 1438 err: 1439 sk_SSL_CIPHER_free(sk); 1440 return NULL; 1441 } 1442 1443 const char *SSL_get_servername(const SSL *ssl, const int type) { 1444 if (type != TLSEXT_NAMETYPE_host_name) { 1445 return NULL; 1446 } 1447 1448 /* Historically, |SSL_get_servername| was also the configuration getter 1449 * corresponding to |SSL_set_tlsext_host_name|. */ 1450 if (ssl->tlsext_hostname != NULL) { 1451 return ssl->tlsext_hostname; 1452 } 1453 1454 if (ssl->session == NULL) { 1455 return NULL; 1456 } 1457 return ssl->session->tlsext_hostname; 1458 } 1459 1460 int SSL_get_servername_type(const SSL *ssl) { 1461 if (ssl->session != NULL && ssl->session->tlsext_hostname != NULL) { 1462 return TLSEXT_NAMETYPE_host_name; 1463 } 1464 1465 return -1; 1466 } 1467 1468 void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx) { 1469 ctx->signed_cert_timestamps_enabled = 1; 1470 } 1471 1472 int SSL_enable_signed_cert_timestamps(SSL *ssl) { 1473 ssl->signed_cert_timestamps_enabled = 1; 1474 return 1; 1475 } 1476 1477 void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) { 1478 ctx->ocsp_stapling_enabled = 1; 1479 } 1480 1481 int SSL_enable_ocsp_stapling(SSL *ssl) { 1482 ssl->ocsp_stapling_enabled = 1; 1483 return 1; 1484 } 1485 1486 void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out, 1487 size_t *out_len) { 1488 SSL_SESSION *session = ssl->session; 1489 1490 *out_len = 0; 1491 *out = NULL; 1492 if (ssl->server || !session || !session->tlsext_signed_cert_timestamp_list) { 1493 return; 1494 } 1495 1496 *out = session->tlsext_signed_cert_timestamp_list; 1497 *out_len = session->tlsext_signed_cert_timestamp_list_length; 1498 } 1499 1500 void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out, 1501 size_t *out_len) { 1502 SSL_SESSION *session = ssl->session; 1503 1504 *out_len = 0; 1505 *out = NULL; 1506 if (ssl->server || !session || !session->ocsp_response) { 1507 return; 1508 } 1509 *out = session->ocsp_response; 1510 *out_len = session->ocsp_response_length; 1511 } 1512 1513 int SSL_CTX_set_signed_cert_timestamp_list(SSL_CTX *ctx, const uint8_t *list, 1514 size_t list_len) { 1515 OPENSSL_free(ctx->signed_cert_timestamp_list); 1516 ctx->signed_cert_timestamp_list_length = 0; 1517 1518 ctx->signed_cert_timestamp_list = BUF_memdup(list, list_len); 1519 if (ctx->signed_cert_timestamp_list == NULL) { 1520 return 0; 1521 } 1522 ctx->signed_cert_timestamp_list_length = list_len; 1523 1524 return 1; 1525 } 1526 1527 int SSL_CTX_set_ocsp_response(SSL_CTX *ctx, const uint8_t *response, 1528 size_t response_len) { 1529 OPENSSL_free(ctx->ocsp_response); 1530 ctx->ocsp_response_length = 0; 1531 1532 ctx->ocsp_response = BUF_memdup(response, response_len); 1533 if (ctx->ocsp_response == NULL) { 1534 return 0; 1535 } 1536 ctx->ocsp_response_length = response_len; 1537 1538 return 1; 1539 } 1540 1541 int SSL_select_next_proto(uint8_t **out, uint8_t *out_len, 1542 const uint8_t *server, unsigned server_len, 1543 const uint8_t *client, unsigned client_len) { 1544 unsigned int i, j; 1545 const uint8_t *result; 1546 int status = OPENSSL_NPN_UNSUPPORTED; 1547 1548 /* For each protocol in server preference order, see if we support it. */ 1549 for (i = 0; i < server_len;) { 1550 for (j = 0; j < client_len;) { 1551 if (server[i] == client[j] && 1552 memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { 1553 /* We found a match */ 1554 result = &server[i]; 1555 status = OPENSSL_NPN_NEGOTIATED; 1556 goto found; 1557 } 1558 j += client[j]; 1559 j++; 1560 } 1561 i += server[i]; 1562 i++; 1563 } 1564 1565 /* There's no overlap between our protocols and the server's list. */ 1566 result = client; 1567 status = OPENSSL_NPN_NO_OVERLAP; 1568 1569 found: 1570 *out = (uint8_t *)result + 1; 1571 *out_len = result[0]; 1572 return status; 1573 } 1574 1575 void SSL_get0_next_proto_negotiated(const SSL *ssl, const uint8_t **out_data, 1576 unsigned *out_len) { 1577 *out_data = ssl->next_proto_negotiated; 1578 if (*out_data == NULL) { 1579 *out_len = 0; 1580 } else { 1581 *out_len = ssl->next_proto_negotiated_len; 1582 } 1583 } 1584 1585 void SSL_CTX_set_next_protos_advertised_cb( 1586 SSL_CTX *ctx, 1587 int (*cb)(SSL *ssl, const uint8_t **out, unsigned *out_len, void *arg), 1588 void *arg) { 1589 ctx->next_protos_advertised_cb = cb; 1590 ctx->next_protos_advertised_cb_arg = arg; 1591 } 1592 1593 void SSL_CTX_set_next_proto_select_cb( 1594 SSL_CTX *ctx, int (*cb)(SSL *ssl, uint8_t **out, uint8_t *out_len, 1595 const uint8_t *in, unsigned in_len, void *arg), 1596 void *arg) { 1597 ctx->next_proto_select_cb = cb; 1598 ctx->next_proto_select_cb_arg = arg; 1599 } 1600 1601 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos, 1602 unsigned protos_len) { 1603 OPENSSL_free(ctx->alpn_client_proto_list); 1604 ctx->alpn_client_proto_list = BUF_memdup(protos, protos_len); 1605 if (!ctx->alpn_client_proto_list) { 1606 return 1; 1607 } 1608 ctx->alpn_client_proto_list_len = protos_len; 1609 1610 return 0; 1611 } 1612 1613 int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) { 1614 OPENSSL_free(ssl->alpn_client_proto_list); 1615 ssl->alpn_client_proto_list = BUF_memdup(protos, protos_len); 1616 if (!ssl->alpn_client_proto_list) { 1617 return 1; 1618 } 1619 ssl->alpn_client_proto_list_len = protos_len; 1620 1621 return 0; 1622 } 1623 1624 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, 1625 int (*cb)(SSL *ssl, const uint8_t **out, 1626 uint8_t *out_len, const uint8_t *in, 1627 unsigned in_len, void *arg), 1628 void *arg) { 1629 ctx->alpn_select_cb = cb; 1630 ctx->alpn_select_cb_arg = arg; 1631 } 1632 1633 void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **out_data, 1634 unsigned *out_len) { 1635 *out_data = NULL; 1636 if (ssl->s3) { 1637 *out_data = ssl->s3->alpn_selected; 1638 } 1639 if (*out_data == NULL) { 1640 *out_len = 0; 1641 } else { 1642 *out_len = ssl->s3->alpn_selected_len; 1643 } 1644 } 1645 1646 int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len, 1647 const char *label, size_t label_len, 1648 const uint8_t *context, size_t context_len, 1649 int use_context) { 1650 if (ssl->version < TLS1_VERSION) { 1651 return 0; 1652 } 1653 1654 return ssl->enc_method->export_keying_material( 1655 ssl, out, out_len, label, label_len, context, context_len, use_context); 1656 } 1657 1658 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 1659 int (*cb)(X509_STORE_CTX *store_ctx, 1660 void *arg), 1661 void *arg) { 1662 ctx->app_verify_callback = cb; 1663 ctx->app_verify_arg = arg; 1664 } 1665 1666 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, 1667 int (*cb)(int, X509_STORE_CTX *)) { 1668 ctx->verify_mode = mode; 1669 ctx->default_verify_callback = cb; 1670 } 1671 1672 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) { 1673 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 1674 } 1675 1676 void SSL_CTX_set_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, void *arg), 1677 void *arg) { 1678 ssl_cert_set_cert_cb(ctx->cert, cb, arg); 1679 } 1680 1681 void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), void *arg) { 1682 ssl_cert_set_cert_cb(ssl->cert, cb, arg); 1683 } 1684 1685 void ssl_get_compatible_server_ciphers(SSL *ssl, uint32_t *out_mask_k, 1686 uint32_t *out_mask_a) { 1687 CERT *c = ssl->cert; 1688 int have_rsa_cert = 0, dh_tmp; 1689 uint32_t mask_k, mask_a; 1690 int have_ecc_cert = 0, ecdsa_ok; 1691 X509 *x; 1692 1693 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); 1694 1695 if (ssl->cert->x509 != NULL && ssl_has_private_key(ssl)) { 1696 if (ssl_private_key_type(ssl) == EVP_PKEY_RSA) { 1697 have_rsa_cert = 1; 1698 } else if (ssl_private_key_type(ssl) == EVP_PKEY_EC) { 1699 have_ecc_cert = 1; 1700 } 1701 } 1702 1703 mask_k = 0; 1704 mask_a = 0; 1705 1706 if (dh_tmp) { 1707 mask_k |= SSL_kDHE; 1708 } 1709 if (have_rsa_cert) { 1710 mask_k |= SSL_kRSA; 1711 mask_a |= SSL_aRSA; 1712 } 1713 1714 /* An ECC certificate may be usable for ECDSA cipher suites depending on the 1715 * key usage extension and on the client's curve preferences. */ 1716 if (have_ecc_cert) { 1717 x = c->x509; 1718 /* This call populates extension flags (ex_flags). */ 1719 X509_check_purpose(x, -1, 0); 1720 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) 1721 ? (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) 1722 : 1; 1723 if (!tls1_check_ec_cert(ssl, x)) { 1724 ecdsa_ok = 0; 1725 } 1726 if (ecdsa_ok) { 1727 mask_a |= SSL_aECDSA; 1728 } 1729 } 1730 1731 /* If we are considering an ECC cipher suite that uses an ephemeral EC 1732 * key, check for a shared curve. */ 1733 uint16_t unused; 1734 if (tls1_get_shared_curve(ssl, &unused)) { 1735 mask_k |= SSL_kECDHE; 1736 } 1737 1738 /* PSK requires a server callback. */ 1739 if (ssl->psk_server_callback != NULL) { 1740 mask_k |= SSL_kPSK; 1741 mask_a |= SSL_aPSK; 1742 } 1743 1744 *out_mask_k = mask_k; 1745 *out_mask_a = mask_a; 1746 } 1747 1748 void ssl_update_cache(SSL *ssl, int mode) { 1749 SSL_CTX *ctx = ssl->initial_ctx; 1750 /* Never cache sessions with empty session IDs. */ 1751 if (ssl->session->session_id_length == 0 || 1752 (ctx->session_cache_mode & mode) != mode) { 1753 return; 1754 } 1755 1756 /* Clients never use the internal session cache. */ 1757 int use_internal_cache = ssl->server && !(ctx->session_cache_mode & 1758 SSL_SESS_CACHE_NO_INTERNAL_STORE); 1759 1760 /* A client may see new sessions on abbreviated handshakes if the server 1761 * decides to renew the ticket. Once the handshake is completed, it should be 1762 * inserted into the cache. */ 1763 if (!ssl->hit || (!ssl->server && ssl->tlsext_ticket_expected)) { 1764 if (use_internal_cache) { 1765 SSL_CTX_add_session(ctx, ssl->session); 1766 } 1767 if (ctx->new_session_cb != NULL && 1768 !ctx->new_session_cb(ssl, SSL_SESSION_up_ref(ssl->session))) { 1769 /* |new_session_cb|'s return value signals whether it took ownership. */ 1770 SSL_SESSION_free(ssl->session); 1771 } 1772 } 1773 1774 if (use_internal_cache && 1775 !(ctx->session_cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR)) { 1776 /* Automatically flush the internal session cache every 255 connections. */ 1777 int flush_cache = 0; 1778 CRYPTO_MUTEX_lock_write(&ctx->lock); 1779 ctx->handshakes_since_cache_flush++; 1780 if (ctx->handshakes_since_cache_flush >= 255) { 1781 flush_cache = 1; 1782 ctx->handshakes_since_cache_flush = 0; 1783 } 1784 CRYPTO_MUTEX_unlock(&ctx->lock); 1785 1786 if (flush_cache) { 1787 SSL_CTX_flush_sessions(ctx, (unsigned long)time(NULL)); 1788 } 1789 } 1790 } 1791 1792 static const char *ssl_get_version(int version) { 1793 switch (version) { 1794 case TLS1_2_VERSION: 1795 return "TLSv1.2"; 1796 1797 case TLS1_1_VERSION: 1798 return "TLSv1.1"; 1799 1800 case TLS1_VERSION: 1801 return "TLSv1"; 1802 1803 case SSL3_VERSION: 1804 return "SSLv3"; 1805 1806 case DTLS1_VERSION: 1807 return "DTLSv1"; 1808 1809 case DTLS1_2_VERSION: 1810 return "DTLSv1.2"; 1811 1812 default: 1813 return "unknown"; 1814 } 1815 } 1816 1817 const char *SSL_get_version(const SSL *ssl) { 1818 return ssl_get_version(ssl->version); 1819 } 1820 1821 const char *SSL_SESSION_get_version(const SSL_SESSION *session) { 1822 return ssl_get_version(session->ssl_version); 1823 } 1824 1825 void ssl_clear_cipher_ctx(SSL *ssl) { 1826 SSL_AEAD_CTX_free(ssl->aead_read_ctx); 1827 ssl->aead_read_ctx = NULL; 1828 SSL_AEAD_CTX_free(ssl->aead_write_ctx); 1829 ssl->aead_write_ctx = NULL; 1830 } 1831 1832 X509 *SSL_get_certificate(const SSL *ssl) { 1833 if (ssl->cert != NULL) { 1834 return ssl->cert->x509; 1835 } 1836 1837 return NULL; 1838 } 1839 1840 EVP_PKEY *SSL_get_privatekey(const SSL *ssl) { 1841 if (ssl->cert != NULL) { 1842 return ssl->cert->privatekey; 1843 } 1844 1845 return NULL; 1846 } 1847 1848 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) { 1849 if (ctx->cert != NULL) { 1850 return ctx->cert->x509; 1851 } 1852 1853 return NULL; 1854 } 1855 1856 EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) { 1857 if (ctx->cert != NULL) { 1858 return ctx->cert->privatekey; 1859 } 1860 1861 return NULL; 1862 } 1863 1864 const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl) { 1865 if (ssl->aead_write_ctx == NULL) { 1866 return NULL; 1867 } 1868 return ssl->aead_write_ctx->cipher; 1869 } 1870 1871 const COMP_METHOD *SSL_get_current_compression(SSL *ssl) { return NULL; } 1872 1873 const COMP_METHOD *SSL_get_current_expansion(SSL *ssl) { return NULL; } 1874 1875 int ssl_init_wbio_buffer(SSL *ssl, int push) { 1876 BIO *bbio; 1877 1878 if (ssl->bbio == NULL) { 1879 bbio = BIO_new(BIO_f_buffer()); 1880 if (bbio == NULL) { 1881 return 0; 1882 } 1883 ssl->bbio = bbio; 1884 } else { 1885 bbio = ssl->bbio; 1886 if (ssl->bbio == ssl->wbio) { 1887 ssl->wbio = BIO_pop(ssl->wbio); 1888 } 1889 } 1890 1891 BIO_reset(bbio); 1892 if (!BIO_set_read_buffer_size(bbio, 1)) { 1893 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); 1894 return 0; 1895 } 1896 1897 if (push) { 1898 if (ssl->wbio != bbio) { 1899 ssl->wbio = BIO_push(bbio, ssl->wbio); 1900 } 1901 } else { 1902 if (ssl->wbio == bbio) { 1903 ssl->wbio = BIO_pop(bbio); 1904 } 1905 } 1906 1907 return 1; 1908 } 1909 1910 void ssl_free_wbio_buffer(SSL *ssl) { 1911 if (ssl->bbio == NULL) { 1912 return; 1913 } 1914 1915 if (ssl->bbio == ssl->wbio) { 1916 /* remove buffering */ 1917 ssl->wbio = BIO_pop(ssl->wbio); 1918 } 1919 1920 BIO_free(ssl->bbio); 1921 ssl->bbio = NULL; 1922 } 1923 1924 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) { 1925 ctx->quiet_shutdown = (mode != 0); 1926 } 1927 1928 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) { 1929 return ctx->quiet_shutdown; 1930 } 1931 1932 void SSL_set_quiet_shutdown(SSL *ssl, int mode) { 1933 ssl->quiet_shutdown = (mode != 0); 1934 } 1935 1936 int SSL_get_quiet_shutdown(const SSL *ssl) { return ssl->quiet_shutdown; } 1937 1938 void SSL_set_shutdown(SSL *ssl, int mode) { 1939 /* It is an error to clear any bits that have already been set. (We can't try 1940 * to get a second close_notify or send two.) */ 1941 assert((ssl->shutdown & mode) == ssl->shutdown); 1942 1943 ssl->shutdown |= mode; 1944 } 1945 1946 int SSL_get_shutdown(const SSL *ssl) { return ssl->shutdown; } 1947 1948 int SSL_version(const SSL *ssl) { return ssl->version; } 1949 1950 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx; } 1951 1952 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) { 1953 if (ssl->ctx == ctx) { 1954 return ssl->ctx; 1955 } 1956 1957 if (ctx == NULL) { 1958 ctx = ssl->initial_ctx; 1959 } 1960 1961 ssl_cert_free(ssl->cert); 1962 ssl->cert = ssl_cert_dup(ctx->cert); 1963 1964 CRYPTO_refcount_inc(&ctx->references); 1965 SSL_CTX_free(ssl->ctx); /* decrement reference count */ 1966 ssl->ctx = ctx; 1967 1968 ssl->sid_ctx_length = ctx->sid_ctx_length; 1969 assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)); 1970 memcpy(ssl->sid_ctx, ctx->sid_ctx, sizeof(ssl->sid_ctx)); 1971 1972 return ssl->ctx; 1973 } 1974 1975 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) { 1976 return X509_STORE_set_default_paths(ctx->cert_store); 1977 } 1978 1979 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *ca_file, 1980 const char *ca_dir) { 1981 return X509_STORE_load_locations(ctx->cert_store, ca_file, ca_dir); 1982 } 1983 1984 void SSL_set_info_callback(SSL *ssl, 1985 void (*cb)(const SSL *ssl, int type, int value)) { 1986 ssl->info_callback = cb; 1987 } 1988 1989 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, 1990 int value) { 1991 return ssl->info_callback; 1992 } 1993 1994 int SSL_state(const SSL *ssl) { return ssl->state; } 1995 1996 void SSL_set_state(SSL *ssl, int state) { } 1997 1998 void SSL_set_verify_result(SSL *ssl, long result) { 1999 ssl->verify_result = result; 2000 } 2001 2002 long SSL_get_verify_result(const SSL *ssl) { return ssl->verify_result; } 2003 2004 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, 2005 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { 2006 int index; 2007 if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl, &index, argl, argp, 2008 dup_func, free_func)) { 2009 return -1; 2010 } 2011 return index; 2012 } 2013 2014 int SSL_set_ex_data(SSL *ssl, int idx, void *arg) { 2015 return CRYPTO_set_ex_data(&ssl->ex_data, idx, arg); 2016 } 2017 2018 void *SSL_get_ex_data(const SSL *ssl, int idx) { 2019 return CRYPTO_get_ex_data(&ssl->ex_data, idx); 2020 } 2021 2022 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, 2023 CRYPTO_EX_dup *dup_func, 2024 CRYPTO_EX_free *free_func) { 2025 int index; 2026 if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl_ctx, &index, argl, argp, 2027 dup_func, free_func)) { 2028 return -1; 2029 } 2030 return index; 2031 } 2032 2033 int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg) { 2034 return CRYPTO_set_ex_data(&ctx->ex_data, idx, arg); 2035 } 2036 2037 void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx) { 2038 return CRYPTO_get_ex_data(&ctx->ex_data, idx); 2039 } 2040 2041 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) { 2042 return ctx->cert_store; 2043 } 2044 2045 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) { 2046 X509_STORE_free(ctx->cert_store); 2047 ctx->cert_store = store; 2048 } 2049 2050 int SSL_want(const SSL *ssl) { return ssl->rwstate; } 2051 2052 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, 2053 RSA *(*cb)(SSL *ssl, int is_export, 2054 int keylength)) { 2055 } 2056 2057 void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, 2058 int keylength)) { 2059 } 2060 2061 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 2062 DH *(*callback)(SSL *ssl, int is_export, 2063 int keylength)) { 2064 ctx->cert->dh_tmp_cb = callback; 2065 } 2066 2067 void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*callback)(SSL *ssl, int is_export, 2068 int keylength)) { 2069 ssl->cert->dh_tmp_cb = callback; 2070 } 2071 2072 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) { 2073 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 2074 OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG); 2075 return 0; 2076 } 2077 2078 OPENSSL_free(ctx->psk_identity_hint); 2079 2080 if (identity_hint != NULL) { 2081 ctx->psk_identity_hint = BUF_strdup(identity_hint); 2082 if (ctx->psk_identity_hint == NULL) { 2083 return 0; 2084 } 2085 } else { 2086 ctx->psk_identity_hint = NULL; 2087 } 2088 2089 return 1; 2090 } 2091 2092 int SSL_use_psk_identity_hint(SSL *ssl, const char *identity_hint) { 2093 if (ssl == NULL) { 2094 return 0; 2095 } 2096 2097 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 2098 OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG); 2099 return 0; 2100 } 2101 2102 /* Clear currently configured hint, if any. */ 2103 OPENSSL_free(ssl->psk_identity_hint); 2104 ssl->psk_identity_hint = NULL; 2105 2106 if (identity_hint != NULL) { 2107 ssl->psk_identity_hint = BUF_strdup(identity_hint); 2108 if (ssl->psk_identity_hint == NULL) { 2109 return 0; 2110 } 2111 } 2112 2113 return 1; 2114 } 2115 2116 const char *SSL_get_psk_identity_hint(const SSL *ssl) { 2117 if (ssl == NULL) { 2118 return NULL; 2119 } 2120 return ssl->psk_identity_hint; 2121 } 2122 2123 const char *SSL_get_psk_identity(const SSL *ssl) { 2124 if (ssl == NULL || ssl->session == NULL) { 2125 return NULL; 2126 } 2127 2128 return ssl->session->psk_identity; 2129 } 2130 2131 void SSL_set_psk_client_callback( 2132 SSL *ssl, unsigned (*cb)(SSL *ssl, const char *hint, char *identity, 2133 unsigned max_identity_len, uint8_t *psk, 2134 unsigned max_psk_len)) { 2135 ssl->psk_client_callback = cb; 2136 } 2137 2138 void SSL_CTX_set_psk_client_callback( 2139 SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *hint, char *identity, 2140 unsigned max_identity_len, uint8_t *psk, 2141 unsigned max_psk_len)) { 2142 ctx->psk_client_callback = cb; 2143 } 2144 2145 void SSL_set_psk_server_callback( 2146 SSL *ssl, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk, 2147 unsigned max_psk_len)) { 2148 ssl->psk_server_callback = cb; 2149 } 2150 2151 void SSL_CTX_set_psk_server_callback( 2152 SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity, 2153 uint8_t *psk, unsigned max_psk_len)) { 2154 ctx->psk_server_callback = cb; 2155 } 2156 2157 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, 2158 void (*cb)(int write_p, int version, 2159 int content_type, const void *buf, 2160 size_t len, SSL *ssl, void *arg)) { 2161 ctx->msg_callback = cb; 2162 } 2163 2164 void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg) { 2165 ctx->msg_callback_arg = arg; 2166 } 2167 2168 void SSL_set_msg_callback(SSL *ssl, 2169 void (*cb)(int write_p, int version, int content_type, 2170 const void *buf, size_t len, SSL *ssl, 2171 void *arg)) { 2172 ssl->msg_callback = cb; 2173 } 2174 2175 void SSL_set_msg_callback_arg(SSL *ssl, void *arg) { 2176 ssl->msg_callback_arg = arg; 2177 } 2178 2179 void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, 2180 void (*cb)(const SSL *ssl, const char *line)) { 2181 ctx->keylog_callback = cb; 2182 } 2183 2184 static int cbb_add_hex(CBB *cbb, const uint8_t *in, size_t in_len) { 2185 static const char hextable[] = "0123456789abcdef"; 2186 uint8_t *out; 2187 size_t i; 2188 2189 if (!CBB_add_space(cbb, &out, in_len * 2)) { 2190 return 0; 2191 } 2192 2193 for (i = 0; i < in_len; i++) { 2194 *(out++) = (uint8_t)hextable[in[i] >> 4]; 2195 *(out++) = (uint8_t)hextable[in[i] & 0xf]; 2196 } 2197 2198 return 1; 2199 } 2200 2201 int ssl_log_rsa_client_key_exchange(const SSL *ssl, 2202 const uint8_t *encrypted_premaster, 2203 size_t encrypted_premaster_len, 2204 const uint8_t *premaster, 2205 size_t premaster_len) { 2206 if (ssl->ctx->keylog_callback == NULL) { 2207 return 1; 2208 } 2209 2210 if (encrypted_premaster_len < 8) { 2211 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 2212 return 0; 2213 } 2214 2215 CBB cbb; 2216 uint8_t *out; 2217 size_t out_len; 2218 if (!CBB_init(&cbb, 4 + 16 + 1 + premaster_len * 2 + 1) || 2219 !CBB_add_bytes(&cbb, (const uint8_t *)"RSA ", 4) || 2220 /* Only the first 8 bytes of the encrypted premaster secret are 2221 * logged. */ 2222 !cbb_add_hex(&cbb, encrypted_premaster, 8) || 2223 !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) || 2224 !cbb_add_hex(&cbb, premaster, premaster_len) || 2225 !CBB_add_u8(&cbb, 0 /* NUL */) || 2226 !CBB_finish(&cbb, &out, &out_len)) { 2227 CBB_cleanup(&cbb); 2228 return 0; 2229 } 2230 2231 ssl->ctx->keylog_callback(ssl, (const char *)out); 2232 OPENSSL_free(out); 2233 return 1; 2234 } 2235 2236 int ssl_log_master_secret(const SSL *ssl, const uint8_t *client_random, 2237 size_t client_random_len, const uint8_t *master, 2238 size_t master_len) { 2239 if (ssl->ctx->keylog_callback == NULL) { 2240 return 1; 2241 } 2242 2243 if (client_random_len != 32) { 2244 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 2245 return 0; 2246 } 2247 2248 CBB cbb; 2249 uint8_t *out; 2250 size_t out_len; 2251 if (!CBB_init(&cbb, 14 + 64 + 1 + master_len * 2 + 1) || 2252 !CBB_add_bytes(&cbb, (const uint8_t *)"CLIENT_RANDOM ", 14) || 2253 !cbb_add_hex(&cbb, client_random, 32) || 2254 !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) || 2255 !cbb_add_hex(&cbb, master, master_len) || 2256 !CBB_add_u8(&cbb, 0 /* NUL */) || 2257 !CBB_finish(&cbb, &out, &out_len)) { 2258 CBB_cleanup(&cbb); 2259 return 0; 2260 } 2261 2262 ssl->ctx->keylog_callback(ssl, (const char *)out); 2263 OPENSSL_free(out); 2264 return 1; 2265 } 2266 2267 int SSL_is_init_finished(const SSL *ssl) { 2268 return ssl->state == SSL_ST_OK; 2269 } 2270 2271 int SSL_in_init(const SSL *ssl) { 2272 return (ssl->state & SSL_ST_INIT) != 0; 2273 } 2274 2275 int SSL_in_false_start(const SSL *ssl) { 2276 return ssl->s3->tmp.in_false_start; 2277 } 2278 2279 int SSL_cutthrough_complete(const SSL *ssl) { 2280 return SSL_in_false_start(ssl); 2281 } 2282 2283 void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size, 2284 size_t *ssl_session_size) { 2285 *ssl_size = sizeof(SSL); 2286 *ssl_ctx_size = sizeof(SSL_CTX); 2287 *ssl_session_size = sizeof(SSL_SESSION); 2288 } 2289 2290 int ssl3_can_false_start(const SSL *ssl) { 2291 const SSL_CIPHER *const cipher = SSL_get_current_cipher(ssl); 2292 2293 /* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */ 2294 return !SSL_IS_DTLS(ssl) && 2295 SSL_version(ssl) >= TLS1_2_VERSION && 2296 (ssl->s3->alpn_selected || ssl->s3->next_proto_neg_seen) && 2297 cipher != NULL && 2298 cipher->algorithm_mkey == SSL_kECDHE && 2299 cipher->algorithm_mac == SSL_AEAD; 2300 } 2301 2302 const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version) { 2303 switch (version) { 2304 case SSL3_VERSION: 2305 return &SSLv3_enc_data; 2306 2307 case TLS1_VERSION: 2308 return &TLSv1_enc_data; 2309 2310 case DTLS1_VERSION: 2311 case TLS1_1_VERSION: 2312 return &TLSv1_1_enc_data; 2313 2314 case DTLS1_2_VERSION: 2315 case TLS1_2_VERSION: 2316 return &TLSv1_2_enc_data; 2317 2318 default: 2319 return NULL; 2320 } 2321 } 2322 2323 uint16_t ssl3_get_max_server_version(const SSL *ssl) { 2324 uint16_t max_version; 2325 2326 if (SSL_IS_DTLS(ssl)) { 2327 max_version = (ssl->max_version != 0) ? ssl->max_version : DTLS1_2_VERSION; 2328 if (!(ssl->options & SSL_OP_NO_DTLSv1_2) && 2329 DTLS1_2_VERSION >= max_version) { 2330 return DTLS1_2_VERSION; 2331 } 2332 if (!(ssl->options & SSL_OP_NO_DTLSv1) && DTLS1_VERSION >= max_version) { 2333 return DTLS1_VERSION; 2334 } 2335 return 0; 2336 } 2337 2338 max_version = (ssl->max_version != 0) ? ssl->max_version : TLS1_2_VERSION; 2339 if (!(ssl->options & SSL_OP_NO_TLSv1_2) && TLS1_2_VERSION <= max_version) { 2340 return TLS1_2_VERSION; 2341 } 2342 if (!(ssl->options & SSL_OP_NO_TLSv1_1) && TLS1_1_VERSION <= max_version) { 2343 return TLS1_1_VERSION; 2344 } 2345 if (!(ssl->options & SSL_OP_NO_TLSv1) && TLS1_VERSION <= max_version) { 2346 return TLS1_VERSION; 2347 } 2348 if (!(ssl->options & SSL_OP_NO_SSLv3) && SSL3_VERSION <= max_version) { 2349 return SSL3_VERSION; 2350 } 2351 return 0; 2352 } 2353 2354 uint16_t ssl3_get_mutual_version(SSL *ssl, uint16_t client_version) { 2355 uint16_t version = 0; 2356 2357 if (SSL_IS_DTLS(ssl)) { 2358 /* Clamp client_version to max_version. */ 2359 if (ssl->max_version != 0 && client_version < ssl->max_version) { 2360 client_version = ssl->max_version; 2361 } 2362 2363 if (client_version <= DTLS1_2_VERSION && 2364 !(ssl->options & SSL_OP_NO_DTLSv1_2)) { 2365 version = DTLS1_2_VERSION; 2366 } else if (client_version <= DTLS1_VERSION && 2367 !(ssl->options & SSL_OP_NO_DTLSv1)) { 2368 version = DTLS1_VERSION; 2369 } 2370 2371 /* Check against min_version. */ 2372 if (version != 0 && ssl->min_version != 0 && version > ssl->min_version) { 2373 return 0; 2374 } 2375 return version; 2376 } else { 2377 /* Clamp client_version to max_version. */ 2378 if (ssl->max_version != 0 && client_version > ssl->max_version) { 2379 client_version = ssl->max_version; 2380 } 2381 2382 if (client_version >= TLS1_2_VERSION && 2383 !(ssl->options & SSL_OP_NO_TLSv1_2)) { 2384 version = TLS1_2_VERSION; 2385 } else if (client_version >= TLS1_1_VERSION && 2386 !(ssl->options & SSL_OP_NO_TLSv1_1)) { 2387 version = TLS1_1_VERSION; 2388 } else if (client_version >= TLS1_VERSION && 2389 !(ssl->options & SSL_OP_NO_TLSv1)) { 2390 version = TLS1_VERSION; 2391 } else if (client_version >= SSL3_VERSION && 2392 !(ssl->options & SSL_OP_NO_SSLv3)) { 2393 version = SSL3_VERSION; 2394 } 2395 2396 /* Check against min_version. */ 2397 if (version != 0 && ssl->min_version != 0 && version < ssl->min_version) { 2398 return 0; 2399 } 2400 return version; 2401 } 2402 } 2403 2404 uint16_t ssl3_get_max_client_version(SSL *ssl) { 2405 uint32_t options = ssl->options; 2406 uint16_t version = 0; 2407 2408 /* OpenSSL's API for controlling versions entails blacklisting individual 2409 * protocols. This has two problems. First, on the client, the protocol can 2410 * only express a contiguous range of versions. Second, a library consumer 2411 * trying to set a maximum version cannot disable protocol versions that get 2412 * added in a future version of the library. 2413 * 2414 * To account for both of these, OpenSSL interprets the client-side bitmask 2415 * as a min/max range by picking the lowest contiguous non-empty range of 2416 * enabled protocols. Note that this means it is impossible to set a maximum 2417 * version of TLS 1.2 in a future-proof way. 2418 * 2419 * By this scheme, the maximum version is the lowest version V such that V is 2420 * enabled and V+1 is disabled or unimplemented. */ 2421 if (SSL_IS_DTLS(ssl)) { 2422 if (!(options & SSL_OP_NO_DTLSv1_2)) { 2423 version = DTLS1_2_VERSION; 2424 } 2425 if (!(options & SSL_OP_NO_DTLSv1) && (options & SSL_OP_NO_DTLSv1_2)) { 2426 version = DTLS1_VERSION; 2427 } 2428 if (ssl->max_version != 0 && version < ssl->max_version) { 2429 version = ssl->max_version; 2430 } 2431 } else { 2432 if (!(options & SSL_OP_NO_TLSv1_2)) { 2433 version = TLS1_2_VERSION; 2434 } 2435 if (!(options & SSL_OP_NO_TLSv1_1) && (options & SSL_OP_NO_TLSv1_2)) { 2436 version = TLS1_1_VERSION; 2437 } 2438 if (!(options & SSL_OP_NO_TLSv1) && (options & SSL_OP_NO_TLSv1_1)) { 2439 version = TLS1_VERSION; 2440 } 2441 if (!(options & SSL_OP_NO_SSLv3) && (options & SSL_OP_NO_TLSv1)) { 2442 version = SSL3_VERSION; 2443 } 2444 if (ssl->max_version != 0 && version > ssl->max_version) { 2445 version = ssl->max_version; 2446 } 2447 } 2448 2449 return version; 2450 } 2451 2452 int ssl3_is_version_enabled(SSL *ssl, uint16_t version) { 2453 if (SSL_IS_DTLS(ssl)) { 2454 if (ssl->max_version != 0 && version < ssl->max_version) { 2455 return 0; 2456 } 2457 if (ssl->min_version != 0 && version > ssl->min_version) { 2458 return 0; 2459 } 2460 2461 switch (version) { 2462 case DTLS1_VERSION: 2463 return !(ssl->options & SSL_OP_NO_DTLSv1); 2464 2465 case DTLS1_2_VERSION: 2466 return !(ssl->options & SSL_OP_NO_DTLSv1_2); 2467 2468 default: 2469 return 0; 2470 } 2471 } else { 2472 if (ssl->max_version != 0 && version > ssl->max_version) { 2473 return 0; 2474 } 2475 if (ssl->min_version != 0 && version < ssl->min_version) { 2476 return 0; 2477 } 2478 2479 switch (version) { 2480 case SSL3_VERSION: 2481 return !(ssl->options & SSL_OP_NO_SSLv3); 2482 2483 case TLS1_VERSION: 2484 return !(ssl->options & SSL_OP_NO_TLSv1); 2485 2486 case TLS1_1_VERSION: 2487 return !(ssl->options & SSL_OP_NO_TLSv1_1); 2488 2489 case TLS1_2_VERSION: 2490 return !(ssl->options & SSL_OP_NO_TLSv1_2); 2491 2492 default: 2493 return 0; 2494 } 2495 } 2496 } 2497 2498 uint16_t ssl3_version_from_wire(SSL *ssl, uint16_t wire_version) { 2499 if (!SSL_IS_DTLS(ssl)) { 2500 return wire_version; 2501 } 2502 2503 uint16_t tls_version = ~wire_version; 2504 uint16_t version = tls_version + 0x0201; 2505 /* If either component overflowed, clamp it so comparisons still work. */ 2506 if ((version >> 8) < (tls_version >> 8)) { 2507 version = 0xff00 | (version & 0xff); 2508 } 2509 if ((version & 0xff) < (tls_version & 0xff)) { 2510 version = (version & 0xff00) | 0xff; 2511 } 2512 /* DTLS 1.0 maps to TLS 1.1, not TLS 1.0. */ 2513 if (version == TLS1_VERSION) { 2514 version = TLS1_1_VERSION; 2515 } 2516 return version; 2517 } 2518 2519 int SSL_cache_hit(SSL *ssl) { return SSL_session_reused(ssl); } 2520 2521 int SSL_is_server(SSL *ssl) { return ssl->server; } 2522 2523 void SSL_CTX_set_select_certificate_cb( 2524 SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)) { 2525 ctx->select_certificate_cb = cb; 2526 } 2527 2528 void SSL_CTX_set_dos_protection_cb( 2529 SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)) { 2530 ctx->dos_protection_cb = cb; 2531 } 2532 2533 void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) { 2534 ssl->renegotiate_mode = mode; 2535 } 2536 2537 void SSL_set_reject_peer_renegotiations(SSL *ssl, int reject) { 2538 SSL_set_renegotiate_mode( 2539 ssl, reject ? ssl_renegotiate_never : ssl_renegotiate_freely); 2540 } 2541 2542 int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key, 2543 const RC4_KEY **write_key) { 2544 if (ssl->aead_read_ctx == NULL || ssl->aead_write_ctx == NULL) { 2545 return 0; 2546 } 2547 2548 return EVP_AEAD_CTX_get_rc4_state(&ssl->aead_read_ctx->ctx, read_key) && 2549 EVP_AEAD_CTX_get_rc4_state(&ssl->aead_write_ctx->ctx, write_key); 2550 } 2551 2552 int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv, 2553 const uint8_t **out_write_iv, size_t *out_iv_len) { 2554 if (ssl->aead_read_ctx == NULL || ssl->aead_write_ctx == NULL) { 2555 return 0; 2556 } 2557 2558 size_t write_iv_len; 2559 if (!EVP_AEAD_CTX_get_iv(&ssl->aead_read_ctx->ctx, out_read_iv, out_iv_len) || 2560 !EVP_AEAD_CTX_get_iv(&ssl->aead_write_ctx->ctx, out_write_iv, 2561 &write_iv_len) || 2562 *out_iv_len != write_iv_len) { 2563 return 0; 2564 } 2565 2566 return 1; 2567 } 2568 2569 uint8_t SSL_get_server_key_exchange_hash(const SSL *ssl) { 2570 return ssl->s3->tmp.server_key_exchange_hash; 2571 } 2572 2573 int SSL_clear(SSL *ssl) { 2574 if (ssl->method == NULL) { 2575 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_METHOD_SPECIFIED); 2576 return 0; 2577 } 2578 2579 if (ssl_clear_bad_session(ssl)) { 2580 SSL_SESSION_free(ssl->session); 2581 ssl->session = NULL; 2582 } 2583 2584 ssl->hit = 0; 2585 ssl->shutdown = 0; 2586 2587 /* SSL_clear may be called before or after the |ssl| is initialized in either 2588 * accept or connect state. In the latter case, SSL_clear should preserve the 2589 * half and reset |ssl->state| accordingly. */ 2590 if (ssl->handshake_func != NULL) { 2591 if (ssl->server) { 2592 SSL_set_accept_state(ssl); 2593 } else { 2594 SSL_set_connect_state(ssl); 2595 } 2596 } else { 2597 assert(ssl->state == 0); 2598 } 2599 2600 /* TODO(davidben): Some state on |ssl| is reset both in |SSL_new| and 2601 * |SSL_clear| because it is per-connection state rather than configuration 2602 * state. Per-connection state should be on |ssl->s3| and |ssl->d1| so it is 2603 * naturally reset at the right points between |SSL_new|, |SSL_clear|, and 2604 * |ssl3_new|. */ 2605 2606 ssl->rwstate = SSL_NOTHING; 2607 2608 BUF_MEM_free(ssl->init_buf); 2609 ssl->init_buf = NULL; 2610 2611 ssl_clear_cipher_ctx(ssl); 2612 2613 OPENSSL_free(ssl->next_proto_negotiated); 2614 ssl->next_proto_negotiated = NULL; 2615 ssl->next_proto_negotiated_len = 0; 2616 2617 /* The ssl->d1->mtu is simultaneously configuration (preserved across 2618 * clear) and connection-specific state (gets reset). 2619 * 2620 * TODO(davidben): Avoid this. */ 2621 unsigned mtu = 0; 2622 if (ssl->d1 != NULL) { 2623 mtu = ssl->d1->mtu; 2624 } 2625 2626 ssl->method->ssl_free(ssl); 2627 if (!ssl->method->ssl_new(ssl)) { 2628 return 0; 2629 } 2630 ssl->enc_method = ssl3_get_enc_method(ssl->version); 2631 assert(ssl->enc_method != NULL); 2632 2633 if (SSL_IS_DTLS(ssl) && (SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) { 2634 ssl->d1->mtu = mtu; 2635 } 2636 2637 ssl->client_version = ssl->version; 2638 2639 return 1; 2640 } 2641 2642 int SSL_CTX_sess_connect(const SSL_CTX *ctx) { return 0; } 2643 int SSL_CTX_sess_connect_good(const SSL_CTX *ctx) { return 0; } 2644 int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx) { return 0; } 2645 int SSL_CTX_sess_accept(const SSL_CTX *ctx) { return 0; } 2646 int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx) { return 0; } 2647 int SSL_CTX_sess_accept_good(const SSL_CTX *ctx) { return 0; } 2648 int SSL_CTX_sess_hits(const SSL_CTX *ctx) { return 0; } 2649 int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx) { return 0; } 2650 int SSL_CTX_sess_misses(const SSL_CTX *ctx) { return 0; } 2651 int SSL_CTX_sess_timeouts(const SSL_CTX *ctx) { return 0; } 2652 int SSL_CTX_sess_cache_full(const SSL_CTX *ctx) { return 0; } 2653 void ERR_load_SSL_strings(void) {} 2654 void SSL_load_error_strings(void) {} 2655
