Home | History | Annotate | Download | only in ssl
      1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      2  * All rights reserved.
      3  *
      4  * This package is an SSL implementation written
      5  * by Eric Young (eay (at) cryptsoft.com).
      6  * The implementation was written so as to conform with Netscapes SSL.
      7  *
      8  * This library is free for commercial and non-commercial use as long as
      9  * the following conditions are aheared to.  The following conditions
     10  * apply to all code found in this distribution, be it the RC4, RSA,
     11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     12  * included with this distribution is covered by the same copyright terms
     13  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     14  *
     15  * Copyright remains Eric Young's, and as such any Copyright notices in
     16  * the code are not to be removed.
     17  * If this package is used in a product, Eric Young should be given attribution
     18  * as the author of the parts of the library used.
     19  * This can be in the form of a textual message at program startup or
     20  * in documentation (online or textual) provided with the package.
     21  *
     22  * Redistribution and use in source and binary forms, with or without
     23  * modification, are permitted provided that the following conditions
     24  * are met:
     25  * 1. Redistributions of source code must retain the copyright
     26  *    notice, this list of conditions and the following disclaimer.
     27  * 2. Redistributions in binary form must reproduce the above copyright
     28  *    notice, this list of conditions and the following disclaimer in the
     29  *    documentation and/or other materials provided with the distribution.
     30  * 3. All advertising materials mentioning features or use of this software
     31  *    must display the following acknowledgement:
     32  *    "This product includes cryptographic software written by
     33  *     Eric Young (eay (at) cryptsoft.com)"
     34  *    The word 'cryptographic' can be left out if the rouines from the library
     35  *    being used are not cryptographic related :-).
     36  * 4. If you include any Windows specific code (or a derivative thereof) from
     37  *    the apps directory (application code) you must include an acknowledgement:
     38  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     39  *
     40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     50  * SUCH DAMAGE.
     51  *
     52  * The licence and distribution terms for any publically available version or
     53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     54  * copied and put under another distribution licence
     55  * [including the GNU Public Licence.]
     56  */
     57 /* ====================================================================
     58  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
     59  *
     60  * Redistribution and use in source and binary forms, with or without
     61  * modification, are permitted provided that the following conditions
     62  * are met:
     63  *
     64  * 1. Redistributions of source code must retain the above copyright
     65  *    notice, this list of conditions and the following disclaimer.
     66  *
     67  * 2. Redistributions in binary form must reproduce the above copyright
     68  *    notice, this list of conditions and the following disclaimer in
     69  *    the documentation and/or other materials provided with the
     70  *    distribution.
     71  *
     72  * 3. All advertising materials mentioning features or use of this
     73  *    software must display the following acknowledgment:
     74  *    "This product includes software developed by the OpenSSL Project
     75  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     76  *
     77  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     78  *    endorse or promote products derived from this software without
     79  *    prior written permission. For written permission, please contact
     80  *    openssl-core (at) openssl.org.
     81  *
     82  * 5. Products derived from this software may not be called "OpenSSL"
     83  *    nor may "OpenSSL" appear in their names without prior written
     84  *    permission of the OpenSSL Project.
     85  *
     86  * 6. Redistributions of any form whatsoever must retain the following
     87  *    acknowledgment:
     88  *    "This product includes software developed by the OpenSSL Project
     89  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     90  *
     91  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     92  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     93  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     94  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     95  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     96  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     97  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     98  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     99  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    100  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    101  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    102  * OF THE POSSIBILITY OF SUCH DAMAGE.
    103  * ====================================================================
    104  *
    105  * This product includes cryptographic software written by Eric Young
    106  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    107  * Hudson (tjh (at) cryptsoft.com).
    108  *
    109  */
    110 /* ====================================================================
    111  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
    112  * ECC cipher suite support in OpenSSL originally developed by
    113  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
    114  */
    115 /* ====================================================================
    116  * Copyright 2005 Nokia. All rights reserved.
    117  *
    118  * The portions of the attached software ("Contribution") is developed by
    119  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
    120  * license.
    121  *
    122  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
    123  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
    124  * support (see RFC 4279) to OpenSSL.
    125  *
    126  * No patent licenses or other rights except those expressly stated in
    127  * the OpenSSL open source license shall be deemed granted or received
    128  * expressly, by implication, estoppel, or otherwise.
    129  *
    130  * No assurances are provided by Nokia that the Contribution does not
    131  * infringe the patent or other intellectual property rights of any third
    132  * party or that the license provides you with all the necessary rights
    133  * to make use of the Contribution.
    134  *
    135  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
    136  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
    137  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
    138  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
    139  * OTHERWISE. */
    140 
    141 #include <openssl/ssl.h>
    142 
    143 #include <assert.h>
    144 #include <stdio.h>
    145 #include <string.h>
    146 
    147 #include <openssl/bytestring.h>
    148 #include <openssl/crypto.h>
    149 #include <openssl/dh.h>
    150 #include <openssl/err.h>
    151 #include <openssl/lhash.h>
    152 #include <openssl/mem.h>
    153 #include <openssl/obj.h>
    154 #include <openssl/rand.h>
    155 #include <openssl/x509v3.h>
    156 
    157 #include "internal.h"
    158 #include "../crypto/internal.h"
    159 
    160 
    161 /* |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it
    162  * to avoid downstream churn. */
    163 OPENSSL_DECLARE_ERROR_REASON(SSL, UNKNOWN_PROTOCOL)
    164 
    165 /* Some error codes are special. Ensure the make_errors.go script never
    166  * regresses this. */
    167 OPENSSL_COMPILE_ASSERT(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ==
    168                            SSL_AD_NO_RENEGOTIATION + SSL_AD_REASON_OFFSET,
    169                        ssl_alert_reason_code_mismatch);
    170 
    171 /* kMaxHandshakeSize is the maximum size, in bytes, of a handshake message. */
    172 static const size_t kMaxHandshakeSize = (1u << 24) - 1;
    173 
    174 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl =
    175     CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
    176 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl_ctx =
    177     CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
    178 
    179 int SSL_library_init(void) {
    180   CRYPTO_library_init();
    181   return 1;
    182 }
    183 
    184 static uint32_t ssl_session_hash(const SSL_SESSION *a) {
    185   uint32_t hash =
    186       ((uint32_t)a->session_id[0]) |
    187       ((uint32_t)a->session_id[1] << 8) |
    188       ((uint32_t)a->session_id[2] << 16) |
    189       ((uint32_t)a->session_id[3] << 24);
    190 
    191   return hash;
    192 }
    193 
    194 /* NB: If this function (or indeed the hash function which uses a sort of
    195  * coarser function than this one) is changed, ensure
    196  * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
    197  * able to construct an SSL_SESSION that will collide with any existing session
    198  * with a matching session ID. */
    199 static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
    200   if (a->ssl_version != b->ssl_version) {
    201     return 1;
    202   }
    203 
    204   if (a->session_id_length != b->session_id_length) {
    205     return 1;
    206   }
    207 
    208   return memcmp(a->session_id, b->session_id, a->session_id_length);
    209 }
    210 
    211 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
    212   SSL_CTX *ret = NULL;
    213 
    214   if (method == NULL) {
    215     OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_METHOD_PASSED);
    216     return NULL;
    217   }
    218 
    219   if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
    220     OPENSSL_PUT_ERROR(SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
    221     goto err;
    222   }
    223 
    224   ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
    225   if (ret == NULL) {
    226     goto err;
    227   }
    228 
    229   memset(ret, 0, sizeof(SSL_CTX));
    230 
    231   ret->method = method->method;
    232 
    233   CRYPTO_MUTEX_init(&ret->lock);
    234 
    235   ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
    236   ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
    237 
    238   /* We take the system default */
    239   ret->session_timeout = SSL_DEFAULT_SESSION_TIMEOUT;
    240 
    241   ret->references = 1;
    242 
    243   ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
    244   ret->verify_mode = SSL_VERIFY_NONE;
    245   ret->cert = ssl_cert_new();
    246   if (ret->cert == NULL) {
    247     goto err;
    248   }
    249 
    250   ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
    251   if (ret->sessions == NULL) {
    252     goto err;
    253   }
    254   ret->cert_store = X509_STORE_new();
    255   if (ret->cert_store == NULL) {
    256     goto err;
    257   }
    258 
    259   ssl_create_cipher_list(ret->method, &ret->cipher_list,
    260                          &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
    261   if (ret->cipher_list == NULL ||
    262       sk_SSL_CIPHER_num(ret->cipher_list->ciphers) <= 0) {
    263     OPENSSL_PUT_ERROR(SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
    264     goto err2;
    265   }
    266 
    267   ret->param = X509_VERIFY_PARAM_new();
    268   if (!ret->param) {
    269     goto err;
    270   }
    271 
    272   ret->client_CA = sk_X509_NAME_new_null();
    273   if (ret->client_CA == NULL) {
    274     goto err;
    275   }
    276 
    277   CRYPTO_new_ex_data(&ret->ex_data);
    278 
    279   ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
    280 
    281   /* Setup RFC4507 ticket keys */
    282   if (!RAND_bytes(ret->tlsext_tick_key_name, 16) ||
    283       !RAND_bytes(ret->tlsext_tick_hmac_key, 16) ||
    284       !RAND_bytes(ret->tlsext_tick_aes_key, 16)) {
    285     ret->options |= SSL_OP_NO_TICKET;
    286   }
    287 
    288   /* Lock the SSL_CTX to the specified version, for compatibility with legacy
    289    * uses of SSL_METHOD. */
    290   if (method->version != 0) {
    291     SSL_CTX_set_max_version(ret, method->version);
    292     SSL_CTX_set_min_version(ret, method->version);
    293   }
    294 
    295   return ret;
    296 
    297 err:
    298   OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
    299 err2:
    300   SSL_CTX_free(ret);
    301   return NULL;
    302 }
    303 
    304 void SSL_CTX_free(SSL_CTX *ctx) {
    305   if (ctx == NULL ||
    306       !CRYPTO_refcount_dec_and_test_zero(&ctx->references)) {
    307     return;
    308   }
    309 
    310   X509_VERIFY_PARAM_free(ctx->param);
    311 
    312   /* Free internal session cache. However: the remove_cb() may reference the
    313    * ex_data of SSL_CTX, thus the ex_data store can only be removed after the
    314    * sessions were flushed. As the ex_data handling routines might also touch
    315    * the session cache, the most secure solution seems to be: empty (flush) the
    316    * cache, then free ex_data, then finally free the cache. (See ticket
    317    * [openssl.org #212].) */
    318   SSL_CTX_flush_sessions(ctx, 0);
    319 
    320   CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data);
    321 
    322   CRYPTO_MUTEX_cleanup(&ctx->lock);
    323   lh_SSL_SESSION_free(ctx->sessions);
    324   X509_STORE_free(ctx->cert_store);
    325   ssl_cipher_preference_list_free(ctx->cipher_list);
    326   sk_SSL_CIPHER_free(ctx->cipher_list_by_id);
    327   ssl_cipher_preference_list_free(ctx->cipher_list_tls10);
    328   ssl_cipher_preference_list_free(ctx->cipher_list_tls11);
    329   ssl_cert_free(ctx->cert);
    330   sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->client_custom_extensions,
    331                                    SSL_CUSTOM_EXTENSION_free);
    332   sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->server_custom_extensions,
    333                                    SSL_CUSTOM_EXTENSION_free);
    334   sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free);
    335   sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
    336   OPENSSL_free(ctx->psk_identity_hint);
    337   OPENSSL_free(ctx->tlsext_ellipticcurvelist);
    338   OPENSSL_free(ctx->alpn_client_proto_list);
    339   OPENSSL_free(ctx->ocsp_response);
    340   OPENSSL_free(ctx->signed_cert_timestamp_list);
    341   EVP_PKEY_free(ctx->tlsext_channel_id_private);
    342 
    343   OPENSSL_free(ctx);
    344 }
    345 
    346 SSL *SSL_new(SSL_CTX *ctx) {
    347   if (ctx == NULL) {
    348     OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_CTX);
    349     return NULL;
    350   }
    351   if (ctx->method == NULL) {
    352     OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
    353     return NULL;
    354   }
    355 
    356   SSL *ssl = (SSL *)OPENSSL_malloc(sizeof(SSL));
    357   if (ssl == NULL) {
    358     goto err;
    359   }
    360   memset(ssl, 0, sizeof(SSL));
    361 
    362   ssl->min_version = ctx->min_version;
    363   ssl->max_version = ctx->max_version;
    364 
    365   ssl->options = ctx->options;
    366   ssl->mode = ctx->mode;
    367   ssl->max_cert_list = ctx->max_cert_list;
    368 
    369   ssl->cert = ssl_cert_dup(ctx->cert);
    370   if (ssl->cert == NULL) {
    371     goto err;
    372   }
    373 
    374   ssl->msg_callback = ctx->msg_callback;
    375   ssl->msg_callback_arg = ctx->msg_callback_arg;
    376   ssl->verify_mode = ctx->verify_mode;
    377   ssl->sid_ctx_length = ctx->sid_ctx_length;
    378   assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx);
    379   memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
    380   ssl->verify_callback = ctx->default_verify_callback;
    381 
    382   ssl->param = X509_VERIFY_PARAM_new();
    383   if (!ssl->param) {
    384     goto err;
    385   }
    386   X509_VERIFY_PARAM_inherit(ssl->param, ctx->param);
    387   ssl->quiet_shutdown = ctx->quiet_shutdown;
    388   ssl->max_send_fragment = ctx->max_send_fragment;
    389 
    390   CRYPTO_refcount_inc(&ctx->references);
    391   ssl->ctx = ctx;
    392   CRYPTO_refcount_inc(&ctx->references);
    393   ssl->initial_ctx = ctx;
    394 
    395   if (ctx->tlsext_ellipticcurvelist) {
    396     ssl->tlsext_ellipticcurvelist =
    397         BUF_memdup(ctx->tlsext_ellipticcurvelist,
    398                    ctx->tlsext_ellipticcurvelist_length * 2);
    399     if (!ssl->tlsext_ellipticcurvelist) {
    400       goto err;
    401     }
    402     ssl->tlsext_ellipticcurvelist_length = ctx->tlsext_ellipticcurvelist_length;
    403   }
    404 
    405   if (ssl->ctx->alpn_client_proto_list) {
    406     ssl->alpn_client_proto_list = BUF_memdup(
    407         ssl->ctx->alpn_client_proto_list, ssl->ctx->alpn_client_proto_list_len);
    408     if (ssl->alpn_client_proto_list == NULL) {
    409       goto err;
    410     }
    411     ssl->alpn_client_proto_list_len = ssl->ctx->alpn_client_proto_list_len;
    412   }
    413 
    414   ssl->verify_result = X509_V_OK;
    415   ssl->method = ctx->method;
    416 
    417   if (!ssl->method->ssl_new(ssl)) {
    418     goto err;
    419   }
    420   ssl->enc_method = ssl3_get_enc_method(ssl->version);
    421   assert(ssl->enc_method != NULL);
    422 
    423   ssl->rwstate = SSL_NOTHING;
    424 
    425   CRYPTO_new_ex_data(&ssl->ex_data);
    426 
    427   ssl->psk_identity_hint = NULL;
    428   if (ctx->psk_identity_hint) {
    429     ssl->psk_identity_hint = BUF_strdup(ctx->psk_identity_hint);
    430     if (ssl->psk_identity_hint == NULL) {
    431       goto err;
    432     }
    433   }
    434   ssl->psk_client_callback = ctx->psk_client_callback;
    435   ssl->psk_server_callback = ctx->psk_server_callback;
    436 
    437   ssl->tlsext_channel_id_enabled = ctx->tlsext_channel_id_enabled;
    438   if (ctx->tlsext_channel_id_private) {
    439     ssl->tlsext_channel_id_private =
    440         EVP_PKEY_up_ref(ctx->tlsext_channel_id_private);
    441   }
    442 
    443   ssl->signed_cert_timestamps_enabled =
    444       ssl->ctx->signed_cert_timestamps_enabled;
    445   ssl->ocsp_stapling_enabled = ssl->ctx->ocsp_stapling_enabled;
    446 
    447   return ssl;
    448 
    449 err:
    450   SSL_free(ssl);
    451   OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
    452 
    453   return NULL;
    454 }
    455 
    456 void SSL_free(SSL *ssl) {
    457   if (ssl == NULL) {
    458     return;
    459   }
    460 
    461   X509_VERIFY_PARAM_free(ssl->param);
    462 
    463   CRYPTO_free_ex_data(&g_ex_data_class_ssl, ssl, &ssl->ex_data);
    464 
    465   if (ssl->bbio != NULL) {
    466     /* If the buffering BIO is in place, pop it off */
    467     if (ssl->bbio == ssl->wbio) {
    468       ssl->wbio = BIO_pop(ssl->wbio);
    469     }
    470     BIO_free(ssl->bbio);
    471     ssl->bbio = NULL;
    472   }
    473 
    474   int free_wbio = ssl->wbio != ssl->rbio;
    475   BIO_free_all(ssl->rbio);
    476   if (free_wbio) {
    477     BIO_free_all(ssl->wbio);
    478   }
    479 
    480   BUF_MEM_free(ssl->init_buf);
    481 
    482   /* add extra stuff */
    483   ssl_cipher_preference_list_free(ssl->cipher_list);
    484   sk_SSL_CIPHER_free(ssl->cipher_list_by_id);
    485 
    486   ssl_clear_bad_session(ssl);
    487   SSL_SESSION_free(ssl->session);
    488 
    489   ssl_clear_cipher_ctx(ssl);
    490 
    491   ssl_cert_free(ssl->cert);
    492 
    493   OPENSSL_free(ssl->tlsext_hostname);
    494   SSL_CTX_free(ssl->initial_ctx);
    495   OPENSSL_free(ssl->tlsext_ellipticcurvelist);
    496   OPENSSL_free(ssl->alpn_client_proto_list);
    497   EVP_PKEY_free(ssl->tlsext_channel_id_private);
    498   OPENSSL_free(ssl->psk_identity_hint);
    499   sk_X509_NAME_pop_free(ssl->client_CA, X509_NAME_free);
    500   OPENSSL_free(ssl->next_proto_negotiated);
    501   sk_SRTP_PROTECTION_PROFILE_free(ssl->srtp_profiles);
    502 
    503   if (ssl->method != NULL) {
    504     ssl->method->ssl_free(ssl);
    505   }
    506   SSL_CTX_free(ssl->ctx);
    507 
    508   OPENSSL_free(ssl);
    509 }
    510 
    511 void SSL_set_connect_state(SSL *ssl) {
    512   ssl->server = 0;
    513   ssl->shutdown = 0;
    514   ssl->state = SSL_ST_CONNECT;
    515   ssl->handshake_func = ssl->method->ssl_connect;
    516   /* clear the current cipher */
    517   ssl_clear_cipher_ctx(ssl);
    518 }
    519 
    520 void SSL_set_accept_state(SSL *ssl) {
    521   ssl->server = 1;
    522   ssl->shutdown = 0;
    523   ssl->state = SSL_ST_ACCEPT;
    524   ssl->handshake_func = ssl->method->ssl_accept;
    525   /* clear the current cipher */
    526   ssl_clear_cipher_ctx(ssl);
    527 }
    528 
    529 void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) {
    530   /* If the output buffering BIO is still in place, remove it. */
    531   if (ssl->bbio != NULL) {
    532     if (ssl->wbio == ssl->bbio) {
    533       ssl->wbio = ssl->wbio->next_bio;
    534       ssl->bbio->next_bio = NULL;
    535     }
    536   }
    537 
    538   if (ssl->rbio != rbio) {
    539     BIO_free_all(ssl->rbio);
    540   }
    541   if (ssl->wbio != wbio && ssl->rbio != ssl->wbio) {
    542     BIO_free_all(ssl->wbio);
    543   }
    544   ssl->rbio = rbio;
    545   ssl->wbio = wbio;
    546 }
    547 
    548 BIO *SSL_get_rbio(const SSL *ssl) { return ssl->rbio; }
    549 
    550 BIO *SSL_get_wbio(const SSL *ssl) { return ssl->wbio; }
    551 
    552 int SSL_do_handshake(SSL *ssl) {
    553   if (ssl->handshake_func == NULL) {
    554     OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
    555     return -1;
    556   }
    557 
    558   if (!SSL_in_init(ssl)) {
    559     return 1;
    560   }
    561 
    562   return ssl->handshake_func(ssl);
    563 }
    564 
    565 int SSL_connect(SSL *ssl) {
    566   if (ssl->handshake_func == 0) {
    567     /* Not properly initialized yet */
    568     SSL_set_connect_state(ssl);
    569   }
    570 
    571   if (ssl->handshake_func != ssl->method->ssl_connect) {
    572     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
    573     return -1;
    574   }
    575 
    576   return ssl->handshake_func(ssl);
    577 }
    578 
    579 int SSL_accept(SSL *ssl) {
    580   if (ssl->handshake_func == 0) {
    581     /* Not properly initialized yet */
    582     SSL_set_accept_state(ssl);
    583   }
    584 
    585   if (ssl->handshake_func != ssl->method->ssl_accept) {
    586     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
    587     return -1;
    588   }
    589 
    590   return ssl->handshake_func(ssl);
    591 }
    592 
    593 int SSL_read(SSL *ssl, void *buf, int num) {
    594   if (ssl->handshake_func == 0) {
    595     OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
    596     return -1;
    597   }
    598 
    599   if (ssl->shutdown & SSL_RECEIVED_SHUTDOWN) {
    600     ssl->rwstate = SSL_NOTHING;
    601     return 0;
    602   }
    603 
    604   ERR_clear_system_error();
    605   return ssl->method->ssl_read_app_data(ssl, buf, num, 0);
    606 }
    607 
    608 int SSL_peek(SSL *ssl, void *buf, int num) {
    609   if (ssl->handshake_func == 0) {
    610     OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
    611     return -1;
    612   }
    613 
    614   if (ssl->shutdown & SSL_RECEIVED_SHUTDOWN) {
    615     return 0;
    616   }
    617 
    618   ERR_clear_system_error();
    619   return ssl->method->ssl_read_app_data(ssl, buf, num, 1);
    620 }
    621 
    622 int SSL_write(SSL *ssl, const void *buf, int num) {
    623   if (ssl->handshake_func == 0) {
    624     OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
    625     return -1;
    626   }
    627 
    628   if (ssl->shutdown & SSL_SENT_SHUTDOWN) {
    629     ssl->rwstate = SSL_NOTHING;
    630     OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
    631     return -1;
    632   }
    633 
    634   ERR_clear_system_error();
    635   return ssl->method->ssl_write_app_data(ssl, buf, num);
    636 }
    637 
    638 int SSL_shutdown(SSL *ssl) {
    639   /* Note that this function behaves differently from what one might expect.
    640    * Return values are 0 for no success (yet), 1 for success; but calling it
    641    * once is usually not enough, even if blocking I/O is used (see
    642    * ssl3_shutdown). */
    643 
    644   if (ssl->handshake_func == 0) {
    645     OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
    646     return -1;
    647   }
    648 
    649   if (SSL_in_init(ssl)) {
    650     return 1;
    651   }
    652 
    653   /* Do nothing if configured not to send a close_notify. */
    654   if (ssl->quiet_shutdown) {
    655     ssl->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;
    656     return 1;
    657   }
    658 
    659   if (!(ssl->shutdown & SSL_SENT_SHUTDOWN)) {
    660     ssl->shutdown |= SSL_SENT_SHUTDOWN;
    661     ssl3_send_alert(ssl, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
    662 
    663     /* our shutdown alert has been sent now, and if it still needs to be
    664      * written, ssl->s3->alert_dispatch will be true */
    665     if (ssl->s3->alert_dispatch) {
    666       return -1; /* return WANT_WRITE */
    667     }
    668   } else if (ssl->s3->alert_dispatch) {
    669     /* resend it if not sent */
    670     int ret = ssl->method->ssl_dispatch_alert(ssl);
    671     if (ret == -1) {
    672       /* we only get to return -1 here the 2nd/Nth invocation, we must  have
    673        * already signalled return 0 upon a previous invoation, return
    674        * WANT_WRITE */
    675       return ret;
    676     }
    677   } else if (!(ssl->shutdown & SSL_RECEIVED_SHUTDOWN)) {
    678     /* If we are waiting for a close from our peer, we are closed */
    679     ssl->method->ssl_read_close_notify(ssl);
    680     if (!(ssl->shutdown & SSL_RECEIVED_SHUTDOWN)) {
    681       return -1; /* return WANT_READ */
    682     }
    683   }
    684 
    685   if (ssl->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN) &&
    686       !ssl->s3->alert_dispatch) {
    687     return 1;
    688   } else {
    689     return 0;
    690   }
    691 }
    692 
    693 int SSL_get_error(const SSL *ssl, int ret_code) {
    694   int reason;
    695   uint32_t err;
    696   BIO *bio;
    697 
    698   if (ret_code > 0) {
    699     return SSL_ERROR_NONE;
    700   }
    701 
    702   /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
    703    * where we do encode the error */
    704   err = ERR_peek_error();
    705   if (err != 0) {
    706     if (ERR_GET_LIB(err) == ERR_LIB_SYS) {
    707       return SSL_ERROR_SYSCALL;
    708     }
    709     return SSL_ERROR_SSL;
    710   }
    711 
    712   if (ret_code == 0) {
    713     if ((ssl->shutdown & SSL_RECEIVED_SHUTDOWN) &&
    714         (ssl->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) {
    715       /* The socket was cleanly shut down with a close_notify. */
    716       return SSL_ERROR_ZERO_RETURN;
    717     }
    718     /* An EOF was observed which violates the protocol, and the underlying
    719      * transport does not participate in the error queue. Bubble up to the
    720      * caller. */
    721     return SSL_ERROR_SYSCALL;
    722   }
    723 
    724   if (SSL_want_session(ssl)) {
    725     return SSL_ERROR_PENDING_SESSION;
    726   }
    727 
    728   if (SSL_want_certificate(ssl)) {
    729     return SSL_ERROR_PENDING_CERTIFICATE;
    730   }
    731 
    732   if (SSL_want_read(ssl)) {
    733     bio = SSL_get_rbio(ssl);
    734     if (BIO_should_read(bio)) {
    735       return SSL_ERROR_WANT_READ;
    736     }
    737 
    738     if (BIO_should_write(bio)) {
    739       /* This one doesn't make too much sense ... We never try to write to the
    740        * rbio, and an application program where rbio and wbio are separate
    741        * couldn't even know what it should wait for. However if we ever set
    742        * ssl->rwstate incorrectly (so that we have SSL_want_read(ssl) instead of
    743        * SSL_want_write(ssl)) and rbio and wbio *are* the same, this test works
    744        * around that bug; so it might be safer to keep it. */
    745       return SSL_ERROR_WANT_WRITE;
    746     }
    747 
    748     if (BIO_should_io_special(bio)) {
    749       reason = BIO_get_retry_reason(bio);
    750       if (reason == BIO_RR_CONNECT) {
    751         return SSL_ERROR_WANT_CONNECT;
    752       }
    753 
    754       if (reason == BIO_RR_ACCEPT) {
    755         return SSL_ERROR_WANT_ACCEPT;
    756       }
    757 
    758       return SSL_ERROR_SYSCALL; /* unknown */
    759     }
    760   }
    761 
    762   if (SSL_want_write(ssl)) {
    763     bio = SSL_get_wbio(ssl);
    764     if (BIO_should_write(bio)) {
    765       return SSL_ERROR_WANT_WRITE;
    766     }
    767 
    768     if (BIO_should_read(bio)) {
    769       /* See above (SSL_want_read(ssl) with BIO_should_write(bio)) */
    770       return SSL_ERROR_WANT_READ;
    771     }
    772 
    773     if (BIO_should_io_special(bio)) {
    774       reason = BIO_get_retry_reason(bio);
    775       if (reason == BIO_RR_CONNECT) {
    776         return SSL_ERROR_WANT_CONNECT;
    777       }
    778 
    779       if (reason == BIO_RR_ACCEPT) {
    780         return SSL_ERROR_WANT_ACCEPT;
    781       }
    782 
    783       return SSL_ERROR_SYSCALL;
    784     }
    785   }
    786 
    787   if (SSL_want_x509_lookup(ssl)) {
    788     return SSL_ERROR_WANT_X509_LOOKUP;
    789   }
    790 
    791   if (SSL_want_channel_id_lookup(ssl)) {
    792     return SSL_ERROR_WANT_CHANNEL_ID_LOOKUP;
    793   }
    794 
    795   if (SSL_want_private_key_operation(ssl)) {
    796     return SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
    797   }
    798 
    799   return SSL_ERROR_SYSCALL;
    800 }
    801 
    802 void SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version) {
    803   ctx->min_version = version;
    804 }
    805 
    806 void SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version) {
    807   ctx->max_version = version;
    808 }
    809 
    810 void SSL_set_min_version(SSL *ssl, uint16_t version) {
    811   ssl->min_version = version;
    812 }
    813 
    814 void SSL_set_max_version(SSL *ssl, uint16_t version) {
    815   ssl->max_version = version;
    816 }
    817 
    818 uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) {
    819   ctx->options |= options;
    820   return ctx->options;
    821 }
    822 
    823 uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options) {
    824   ctx->options &= ~options;
    825   return ctx->options;
    826 }
    827 
    828 uint32_t SSL_CTX_get_options(const SSL_CTX *ctx) { return ctx->options; }
    829 
    830 uint32_t SSL_set_options(SSL *ssl, uint32_t options) {
    831   ssl->options |= options;
    832   return ssl->options;
    833 }
    834 
    835 uint32_t SSL_clear_options(SSL *ssl, uint32_t options) {
    836   ssl->options &= ~options;
    837   return ssl->options;
    838 }
    839 
    840 uint32_t SSL_get_options(const SSL *ssl) { return ssl->options; }
    841 
    842 uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode) {
    843   ctx->mode |= mode;
    844   return ctx->mode;
    845 }
    846 
    847 uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode) {
    848   ctx->mode &= ~mode;
    849   return ctx->mode;
    850 }
    851 
    852 uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx) { return ctx->mode; }
    853 
    854 uint32_t SSL_set_mode(SSL *ssl, uint32_t mode) {
    855   ssl->mode |= mode;
    856   return ssl->mode;
    857 }
    858 
    859 uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode) {
    860   ssl->mode &= ~mode;
    861   return ssl->mode;
    862 }
    863 
    864 uint32_t SSL_get_mode(const SSL *ssl) { return ssl->mode; }
    865 
    866 X509 *SSL_get_peer_certificate(const SSL *ssl) {
    867   if (ssl == NULL || ssl->session == NULL || ssl->session->peer == NULL) {
    868     return NULL;
    869   }
    870   return X509_up_ref(ssl->session->peer);
    871 }
    872 
    873 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl) {
    874   if (ssl == NULL || ssl->session == NULL) {
    875     return NULL;
    876   }
    877   return ssl->session->cert_chain;
    878 }
    879 
    880 int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len,
    881                        size_t max_out) {
    882   /* The tls-unique value is the first Finished message in the handshake, which
    883    * is the client's in a full handshake and the server's for a resumption. See
    884    * https://tools.ietf.org/html/rfc5929#section-3.1. */
    885   const uint8_t *finished = ssl->s3->previous_client_finished;
    886   size_t finished_len = ssl->s3->previous_client_finished_len;
    887   if (ssl->hit) {
    888     /* tls-unique is broken for resumed sessions unless EMS is used. */
    889     if (!ssl->session->extended_master_secret) {
    890       goto err;
    891     }
    892     finished = ssl->s3->previous_server_finished;
    893     finished_len = ssl->s3->previous_server_finished_len;
    894   }
    895 
    896   if (!ssl->s3->initial_handshake_complete ||
    897       ssl->version < TLS1_VERSION) {
    898     goto err;
    899   }
    900 
    901   *out_len = finished_len;
    902   if (finished_len > max_out) {
    903     *out_len = max_out;
    904   }
    905 
    906   memcpy(out, finished, *out_len);
    907   return 1;
    908 
    909 err:
    910   *out_len = 0;
    911   memset(out, 0, max_out);
    912   return 0;
    913 }
    914 
    915 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const uint8_t *sid_ctx,
    916                                    unsigned sid_ctx_len) {
    917   if (sid_ctx_len > sizeof(ctx->sid_ctx)) {
    918     OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
    919     return 0;
    920   }
    921   ctx->sid_ctx_length = sid_ctx_len;
    922   memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
    923 
    924   return 1;
    925 }
    926 
    927 int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx,
    928                                unsigned sid_ctx_len) {
    929   if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
    930     OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
    931     return 0;
    932   }
    933   ssl->sid_ctx_length = sid_ctx_len;
    934   memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
    935 
    936   return 1;
    937 }
    938 
    939 int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose) {
    940   return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
    941 }
    942 
    943 int SSL_set_purpose(SSL *ssl, int purpose) {
    944   return X509_VERIFY_PARAM_set_purpose(ssl->param, purpose);
    945 }
    946 
    947 int SSL_CTX_set_trust(SSL_CTX *ctx, int trust) {
    948   return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
    949 }
    950 
    951 int SSL_set_trust(SSL *ssl, int trust) {
    952   return X509_VERIFY_PARAM_set_trust(ssl->param, trust);
    953 }
    954 
    955 int SSL_CTX_set1_param(SSL_CTX *ctx, const X509_VERIFY_PARAM *param) {
    956   return X509_VERIFY_PARAM_set1(ctx->param, param);
    957 }
    958 
    959 int SSL_set1_param(SSL *ssl, const X509_VERIFY_PARAM *param) {
    960   return X509_VERIFY_PARAM_set1(ssl->param, param);
    961 }
    962 
    963 void ssl_cipher_preference_list_free(
    964     struct ssl_cipher_preference_list_st *cipher_list) {
    965   if (cipher_list == NULL) {
    966     return;
    967   }
    968   sk_SSL_CIPHER_free(cipher_list->ciphers);
    969   OPENSSL_free(cipher_list->in_group_flags);
    970   OPENSSL_free(cipher_list);
    971 }
    972 
    973 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) { return ctx->param; }
    974 
    975 X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) { return ssl->param; }
    976 
    977 void SSL_certs_clear(SSL *ssl) { ssl_cert_clear_certs(ssl->cert); }
    978 
    979 int SSL_get_fd(const SSL *ssl) { return SSL_get_rfd(ssl); }
    980 
    981 int SSL_get_rfd(const SSL *ssl) {
    982   int ret = -1;
    983   BIO *b = BIO_find_type(SSL_get_rbio(ssl), BIO_TYPE_DESCRIPTOR);
    984   if (b != NULL) {
    985     BIO_get_fd(b, &ret);
    986   }
    987   return ret;
    988 }
    989 
    990 int SSL_get_wfd(const SSL *ssl) {
    991   int ret = -1;
    992   BIO *b = BIO_find_type(SSL_get_wbio(ssl), BIO_TYPE_DESCRIPTOR);
    993   if (b != NULL) {
    994     BIO_get_fd(b, &ret);
    995   }
    996   return ret;
    997 }
    998 
    999 int SSL_set_fd(SSL *ssl, int fd) {
   1000   BIO *bio = BIO_new(BIO_s_fd());
   1001   if (bio == NULL) {
   1002     OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
   1003     return 0;
   1004   }
   1005   BIO_set_fd(bio, fd, BIO_NOCLOSE);
   1006   SSL_set_bio(ssl, bio, bio);
   1007   return 1;
   1008 }
   1009 
   1010 int SSL_set_wfd(SSL *ssl, int fd) {
   1011   if (ssl->rbio == NULL ||
   1012       BIO_method_type(ssl->rbio) != BIO_TYPE_FD ||
   1013       BIO_get_fd(ssl->rbio, NULL) != fd) {
   1014     BIO *bio = BIO_new(BIO_s_fd());
   1015     if (bio == NULL) {
   1016       OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
   1017       return 0;
   1018     }
   1019     BIO_set_fd(bio, fd, BIO_NOCLOSE);
   1020     SSL_set_bio(ssl, SSL_get_rbio(ssl), bio);
   1021   } else {
   1022     SSL_set_bio(ssl, SSL_get_rbio(ssl), SSL_get_rbio(ssl));
   1023   }
   1024 
   1025   return 1;
   1026 }
   1027 
   1028 int SSL_set_rfd(SSL *ssl, int fd) {
   1029   if (ssl->wbio == NULL || BIO_method_type(ssl->wbio) != BIO_TYPE_FD ||
   1030       BIO_get_fd(ssl->wbio, NULL) != fd) {
   1031     BIO *bio = BIO_new(BIO_s_fd());
   1032     if (bio == NULL) {
   1033       OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
   1034       return 0;
   1035     }
   1036     BIO_set_fd(bio, fd, BIO_NOCLOSE);
   1037     SSL_set_bio(ssl, bio, SSL_get_wbio(ssl));
   1038   } else {
   1039     SSL_set_bio(ssl, SSL_get_wbio(ssl), SSL_get_wbio(ssl));
   1040   }
   1041   return 1;
   1042 }
   1043 
   1044 size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
   1045   size_t ret = 0;
   1046 
   1047   if (ssl->s3 != NULL) {
   1048     ret = ssl->s3->tmp.finish_md_len;
   1049     if (count > ret) {
   1050       count = ret;
   1051     }
   1052     memcpy(buf, ssl->s3->tmp.finish_md, count);
   1053   }
   1054 
   1055   return ret;
   1056 }
   1057 
   1058 size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
   1059   size_t ret = 0;
   1060 
   1061   if (ssl->s3 != NULL) {
   1062     ret = ssl->s3->tmp.peer_finish_md_len;
   1063     if (count > ret) {
   1064       count = ret;
   1065     }
   1066     memcpy(buf, ssl->s3->tmp.peer_finish_md, count);
   1067   }
   1068 
   1069   return ret;
   1070 }
   1071 
   1072 int SSL_get_verify_mode(const SSL *ssl) { return ssl->verify_mode; }
   1073 
   1074 int SSL_get_verify_depth(const SSL *ssl) {
   1075   return X509_VERIFY_PARAM_get_depth(ssl->param);
   1076 }
   1077 
   1078 int SSL_get_extms_support(const SSL *ssl) {
   1079   return ssl->s3->tmp.extended_master_secret == 1;
   1080 }
   1081 
   1082 int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *) {
   1083   return ssl->verify_callback;
   1084 }
   1085 
   1086 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) { return ctx->verify_mode; }
   1087 
   1088 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) {
   1089   return X509_VERIFY_PARAM_get_depth(ctx->param);
   1090 }
   1091 
   1092 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(
   1093     int ok, X509_STORE_CTX *store_ctx) {
   1094   return ctx->default_verify_callback;
   1095 }
   1096 
   1097 void SSL_set_verify(SSL *ssl, int mode,
   1098                     int (*callback)(int ok, X509_STORE_CTX *store_ctx)) {
   1099   ssl->verify_mode = mode;
   1100   if (callback != NULL) {
   1101     ssl->verify_callback = callback;
   1102   }
   1103 }
   1104 
   1105 void SSL_set_verify_depth(SSL *ssl, int depth) {
   1106   X509_VERIFY_PARAM_set_depth(ssl->param, depth);
   1107 }
   1108 
   1109 int SSL_CTX_get_read_ahead(const SSL_CTX *ctx) { return 0; }
   1110 
   1111 int SSL_get_read_ahead(const SSL *ssl) { return 0; }
   1112 
   1113 void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { }
   1114 
   1115 void SSL_set_read_ahead(SSL *ssl, int yes) { }
   1116 
   1117 int SSL_pending(const SSL *ssl) {
   1118   if (ssl->s3->rrec.type != SSL3_RT_APPLICATION_DATA) {
   1119     return 0;
   1120   }
   1121   return ssl->s3->rrec.length;
   1122 }
   1123 
   1124 /* Fix this so it checks all the valid key/cert options */
   1125 int SSL_CTX_check_private_key(const SSL_CTX *ctx) {
   1126   if (ctx->cert->x509 == NULL) {
   1127     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
   1128     return 0;
   1129   }
   1130 
   1131   if (ctx->cert->privatekey == NULL) {
   1132     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
   1133     return 0;
   1134   }
   1135 
   1136   return X509_check_private_key(ctx->cert->x509, ctx->cert->privatekey);
   1137 }
   1138 
   1139 /* Fix this function so that it takes an optional type parameter */
   1140 int SSL_check_private_key(const SSL *ssl) {
   1141   if (ssl->cert->x509 == NULL) {
   1142     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
   1143     return 0;
   1144   }
   1145 
   1146   if (ssl->cert->privatekey == NULL) {
   1147     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
   1148     return 0;
   1149   }
   1150 
   1151   return X509_check_private_key(ssl->cert->x509, ssl->cert->privatekey);
   1152 }
   1153 
   1154 long SSL_get_default_timeout(const SSL *ssl) {
   1155   return SSL_DEFAULT_SESSION_TIMEOUT;
   1156 }
   1157 
   1158 int SSL_renegotiate(SSL *ssl) {
   1159   /* Caller-initiated renegotiation is not supported. */
   1160   OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
   1161   return 0;
   1162 }
   1163 
   1164 int SSL_renegotiate_pending(SSL *ssl) {
   1165   return SSL_in_init(ssl) && ssl->s3->initial_handshake_complete;
   1166 }
   1167 
   1168 size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx) {
   1169   return ctx->max_cert_list;
   1170 }
   1171 
   1172 void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, size_t max_cert_list) {
   1173   if (max_cert_list > kMaxHandshakeSize) {
   1174     max_cert_list = kMaxHandshakeSize;
   1175   }
   1176   ctx->max_cert_list = (uint32_t)max_cert_list;
   1177 }
   1178 
   1179 size_t SSL_get_max_cert_list(const SSL *ssl) {
   1180   return ssl->max_cert_list;
   1181 }
   1182 
   1183 void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) {
   1184   if (max_cert_list > kMaxHandshakeSize) {
   1185     max_cert_list = kMaxHandshakeSize;
   1186   }
   1187   ssl->max_cert_list = (uint32_t)max_cert_list;
   1188 }
   1189 
   1190 void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) {
   1191   if (max_send_fragment < 512) {
   1192     max_send_fragment = 512;
   1193   }
   1194   if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
   1195     max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
   1196   }
   1197   ctx->max_send_fragment = (uint16_t)max_send_fragment;
   1198 }
   1199 
   1200 void SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) {
   1201   if (max_send_fragment < 512) {
   1202     max_send_fragment = 512;
   1203   }
   1204   if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
   1205     max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
   1206   }
   1207   ssl->max_send_fragment = (uint16_t)max_send_fragment;
   1208 }
   1209 
   1210 int SSL_set_mtu(SSL *ssl, unsigned mtu) {
   1211   if (!SSL_IS_DTLS(ssl) || mtu < dtls1_min_mtu()) {
   1212     return 0;
   1213   }
   1214   ssl->d1->mtu = mtu;
   1215   return 1;
   1216 }
   1217 
   1218 int SSL_get_secure_renegotiation_support(const SSL *ssl) {
   1219   return ssl->s3->send_connection_binding;
   1220 }
   1221 
   1222 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; }
   1223 
   1224 size_t SSL_CTX_sess_number(const SSL_CTX *ctx) {
   1225   return lh_SSL_SESSION_num_items(ctx->sessions);
   1226 }
   1227 
   1228 unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, unsigned long size) {
   1229   unsigned long ret = ctx->session_cache_size;
   1230   ctx->session_cache_size = size;
   1231   return ret;
   1232 }
   1233 
   1234 unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx) {
   1235   return ctx->session_cache_size;
   1236 }
   1237 
   1238 int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode) {
   1239   int ret = ctx->session_cache_mode;
   1240   ctx->session_cache_mode = mode;
   1241   return ret;
   1242 }
   1243 
   1244 int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx) {
   1245   return ctx->session_cache_mode;
   1246 }
   1247 
   1248 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) {
   1249   if (ssl == NULL) {
   1250     return NULL;
   1251   }
   1252 
   1253   if (ssl->cipher_list != NULL) {
   1254     return ssl->cipher_list->ciphers;
   1255   }
   1256 
   1257   if (ssl->version >= TLS1_1_VERSION && ssl->ctx != NULL &&
   1258       ssl->ctx->cipher_list_tls11 != NULL) {
   1259     return ssl->ctx->cipher_list_tls11->ciphers;
   1260   }
   1261 
   1262   if (ssl->version >= TLS1_VERSION && ssl->ctx != NULL &&
   1263       ssl->ctx->cipher_list_tls10 != NULL) {
   1264     return ssl->ctx->cipher_list_tls10->ciphers;
   1265   }
   1266 
   1267   if (ssl->ctx != NULL && ssl->ctx->cipher_list != NULL) {
   1268     return ssl->ctx->cipher_list->ciphers;
   1269   }
   1270 
   1271   return NULL;
   1272 }
   1273 
   1274 /* return a STACK of the ciphers available for the SSL and in order of
   1275  * algorithm id */
   1276 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *ssl) {
   1277   if (ssl == NULL) {
   1278     return NULL;
   1279   }
   1280 
   1281   if (ssl->cipher_list_by_id != NULL) {
   1282     return ssl->cipher_list_by_id;
   1283   }
   1284 
   1285   if (ssl->ctx != NULL && ssl->ctx->cipher_list_by_id != NULL) {
   1286     return ssl->ctx->cipher_list_by_id;
   1287   }
   1288 
   1289   return NULL;
   1290 }
   1291 
   1292 const char *SSL_get_cipher_list(const SSL *ssl, int n) {
   1293   const SSL_CIPHER *c;
   1294   STACK_OF(SSL_CIPHER) *sk;
   1295 
   1296   if (ssl == NULL) {
   1297     return NULL;
   1298   }
   1299 
   1300   sk = SSL_get_ciphers(ssl);
   1301   if (sk == NULL || n < 0 || (size_t)n >= sk_SSL_CIPHER_num(sk)) {
   1302     return NULL;
   1303   }
   1304 
   1305   c = sk_SSL_CIPHER_value(sk, n);
   1306   if (c == NULL) {
   1307     return NULL;
   1308   }
   1309 
   1310   return c->name;
   1311 }
   1312 
   1313 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) {
   1314   STACK_OF(SSL_CIPHER) *cipher_list = ssl_create_cipher_list(
   1315       ctx->method, &ctx->cipher_list, &ctx->cipher_list_by_id, str);
   1316   if (cipher_list == NULL) {
   1317     return 0;
   1318   }
   1319 
   1320   /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */
   1321   if (sk_SSL_CIPHER_num(cipher_list) == 0) {
   1322     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH);
   1323     return 0;
   1324   }
   1325 
   1326   return 1;
   1327 }
   1328 
   1329 int SSL_CTX_set_cipher_list_tls10(SSL_CTX *ctx, const char *str) {
   1330   STACK_OF(SSL_CIPHER) *cipher_list = ssl_create_cipher_list(
   1331       ctx->method, &ctx->cipher_list_tls10, NULL, str);
   1332   if (cipher_list == NULL) {
   1333     return 0;
   1334   }
   1335 
   1336   /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */
   1337   if (sk_SSL_CIPHER_num(cipher_list) == 0) {
   1338     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH);
   1339     return 0;
   1340   }
   1341 
   1342   return 1;
   1343 }
   1344 
   1345 int SSL_CTX_set_cipher_list_tls11(SSL_CTX *ctx, const char *str) {
   1346   STACK_OF(SSL_CIPHER) *cipher_list = ssl_create_cipher_list(
   1347       ctx->method, &ctx->cipher_list_tls11, NULL, str);
   1348   if (cipher_list == NULL) {
   1349     return 0;
   1350   }
   1351 
   1352   /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */
   1353   if (sk_SSL_CIPHER_num(cipher_list) == 0) {
   1354     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH);
   1355     return 0;
   1356   }
   1357 
   1358   return 1;
   1359 }
   1360 
   1361 int SSL_set_cipher_list(SSL *ssl, const char *str) {
   1362   STACK_OF(SSL_CIPHER) *cipher_list = ssl_create_cipher_list(
   1363       ssl->ctx->method, &ssl->cipher_list, &ssl->cipher_list_by_id, str);
   1364   if (cipher_list == NULL) {
   1365     return 0;
   1366   }
   1367 
   1368   /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */
   1369   if (sk_SSL_CIPHER_num(cipher_list) == 0) {
   1370     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH);
   1371     return 0;
   1372   }
   1373 
   1374   return 1;
   1375 }
   1376 
   1377 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *ssl, const CBS *cbs) {
   1378   CBS cipher_suites = *cbs;
   1379   const SSL_CIPHER *c;
   1380   STACK_OF(SSL_CIPHER) *sk;
   1381 
   1382   if (ssl->s3) {
   1383     ssl->s3->send_connection_binding = 0;
   1384   }
   1385 
   1386   if (CBS_len(&cipher_suites) % 2 != 0) {
   1387     OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
   1388     return NULL;
   1389   }
   1390 
   1391   sk = sk_SSL_CIPHER_new_null();
   1392   if (sk == NULL) {
   1393     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
   1394     goto err;
   1395   }
   1396 
   1397   while (CBS_len(&cipher_suites) > 0) {
   1398     uint16_t cipher_suite;
   1399 
   1400     if (!CBS_get_u16(&cipher_suites, &cipher_suite)) {
   1401       OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
   1402       goto err;
   1403     }
   1404 
   1405     /* Check for SCSV. */
   1406     if (ssl->s3 && cipher_suite == (SSL3_CK_SCSV & 0xffff)) {
   1407       /* SCSV is fatal if renegotiating. */
   1408       if (ssl->s3->initial_handshake_complete) {
   1409         OPENSSL_PUT_ERROR(SSL, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
   1410         ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
   1411         goto err;
   1412       }
   1413       ssl->s3->send_connection_binding = 1;
   1414       continue;
   1415     }
   1416 
   1417     /* Check for FALLBACK_SCSV. */
   1418     if (ssl->s3 && cipher_suite == (SSL3_CK_FALLBACK_SCSV & 0xffff)) {
   1419       uint16_t max_version = ssl3_get_max_server_version(ssl);
   1420       if (SSL_IS_DTLS(ssl) ? (uint16_t)ssl->version > max_version
   1421                          : (uint16_t)ssl->version < max_version) {
   1422         OPENSSL_PUT_ERROR(SSL, SSL_R_INAPPROPRIATE_FALLBACK);
   1423         ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL3_AD_INAPPROPRIATE_FALLBACK);
   1424         goto err;
   1425       }
   1426       continue;
   1427     }
   1428 
   1429     c = SSL_get_cipher_by_value(cipher_suite);
   1430     if (c != NULL && !sk_SSL_CIPHER_push(sk, c)) {
   1431       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
   1432       goto err;
   1433     }
   1434   }
   1435 
   1436   return sk;
   1437 
   1438 err:
   1439   sk_SSL_CIPHER_free(sk);
   1440   return NULL;
   1441 }
   1442 
   1443 const char *SSL_get_servername(const SSL *ssl, const int type) {
   1444   if (type != TLSEXT_NAMETYPE_host_name) {
   1445     return NULL;
   1446   }
   1447 
   1448   /* Historically, |SSL_get_servername| was also the configuration getter
   1449    * corresponding to |SSL_set_tlsext_host_name|. */
   1450   if (ssl->tlsext_hostname != NULL) {
   1451     return ssl->tlsext_hostname;
   1452   }
   1453 
   1454   if (ssl->session == NULL) {
   1455     return NULL;
   1456   }
   1457   return ssl->session->tlsext_hostname;
   1458 }
   1459 
   1460 int SSL_get_servername_type(const SSL *ssl) {
   1461   if (ssl->session != NULL && ssl->session->tlsext_hostname != NULL) {
   1462     return TLSEXT_NAMETYPE_host_name;
   1463   }
   1464 
   1465   return -1;
   1466 }
   1467 
   1468 void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx) {
   1469   ctx->signed_cert_timestamps_enabled = 1;
   1470 }
   1471 
   1472 int SSL_enable_signed_cert_timestamps(SSL *ssl) {
   1473   ssl->signed_cert_timestamps_enabled = 1;
   1474   return 1;
   1475 }
   1476 
   1477 void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) {
   1478   ctx->ocsp_stapling_enabled = 1;
   1479 }
   1480 
   1481 int SSL_enable_ocsp_stapling(SSL *ssl) {
   1482   ssl->ocsp_stapling_enabled = 1;
   1483   return 1;
   1484 }
   1485 
   1486 void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out,
   1487                                          size_t *out_len) {
   1488   SSL_SESSION *session = ssl->session;
   1489 
   1490   *out_len = 0;
   1491   *out = NULL;
   1492   if (ssl->server || !session || !session->tlsext_signed_cert_timestamp_list) {
   1493     return;
   1494   }
   1495 
   1496   *out = session->tlsext_signed_cert_timestamp_list;
   1497   *out_len = session->tlsext_signed_cert_timestamp_list_length;
   1498 }
   1499 
   1500 void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out,
   1501                             size_t *out_len) {
   1502   SSL_SESSION *session = ssl->session;
   1503 
   1504   *out_len = 0;
   1505   *out = NULL;
   1506   if (ssl->server || !session || !session->ocsp_response) {
   1507     return;
   1508   }
   1509   *out = session->ocsp_response;
   1510   *out_len = session->ocsp_response_length;
   1511 }
   1512 
   1513 int SSL_CTX_set_signed_cert_timestamp_list(SSL_CTX *ctx, const uint8_t *list,
   1514                                            size_t list_len) {
   1515   OPENSSL_free(ctx->signed_cert_timestamp_list);
   1516   ctx->signed_cert_timestamp_list_length = 0;
   1517 
   1518   ctx->signed_cert_timestamp_list = BUF_memdup(list, list_len);
   1519   if (ctx->signed_cert_timestamp_list == NULL) {
   1520     return 0;
   1521   }
   1522   ctx->signed_cert_timestamp_list_length = list_len;
   1523 
   1524   return 1;
   1525 }
   1526 
   1527 int SSL_CTX_set_ocsp_response(SSL_CTX *ctx, const uint8_t *response,
   1528                               size_t response_len) {
   1529   OPENSSL_free(ctx->ocsp_response);
   1530   ctx->ocsp_response_length = 0;
   1531 
   1532   ctx->ocsp_response = BUF_memdup(response, response_len);
   1533   if (ctx->ocsp_response == NULL) {
   1534     return 0;
   1535   }
   1536   ctx->ocsp_response_length = response_len;
   1537 
   1538   return 1;
   1539 }
   1540 
   1541 int SSL_select_next_proto(uint8_t **out, uint8_t *out_len,
   1542                           const uint8_t *server, unsigned server_len,
   1543                           const uint8_t *client, unsigned client_len) {
   1544   unsigned int i, j;
   1545   const uint8_t *result;
   1546   int status = OPENSSL_NPN_UNSUPPORTED;
   1547 
   1548   /* For each protocol in server preference order, see if we support it. */
   1549   for (i = 0; i < server_len;) {
   1550     for (j = 0; j < client_len;) {
   1551       if (server[i] == client[j] &&
   1552           memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
   1553         /* We found a match */
   1554         result = &server[i];
   1555         status = OPENSSL_NPN_NEGOTIATED;
   1556         goto found;
   1557       }
   1558       j += client[j];
   1559       j++;
   1560     }
   1561     i += server[i];
   1562     i++;
   1563   }
   1564 
   1565   /* There's no overlap between our protocols and the server's list. */
   1566   result = client;
   1567   status = OPENSSL_NPN_NO_OVERLAP;
   1568 
   1569 found:
   1570   *out = (uint8_t *)result + 1;
   1571   *out_len = result[0];
   1572   return status;
   1573 }
   1574 
   1575 void SSL_get0_next_proto_negotiated(const SSL *ssl, const uint8_t **out_data,
   1576                                     unsigned *out_len) {
   1577   *out_data = ssl->next_proto_negotiated;
   1578   if (*out_data == NULL) {
   1579     *out_len = 0;
   1580   } else {
   1581     *out_len = ssl->next_proto_negotiated_len;
   1582   }
   1583 }
   1584 
   1585 void SSL_CTX_set_next_protos_advertised_cb(
   1586     SSL_CTX *ctx,
   1587     int (*cb)(SSL *ssl, const uint8_t **out, unsigned *out_len, void *arg),
   1588     void *arg) {
   1589   ctx->next_protos_advertised_cb = cb;
   1590   ctx->next_protos_advertised_cb_arg = arg;
   1591 }
   1592 
   1593 void SSL_CTX_set_next_proto_select_cb(
   1594     SSL_CTX *ctx, int (*cb)(SSL *ssl, uint8_t **out, uint8_t *out_len,
   1595                             const uint8_t *in, unsigned in_len, void *arg),
   1596     void *arg) {
   1597   ctx->next_proto_select_cb = cb;
   1598   ctx->next_proto_select_cb_arg = arg;
   1599 }
   1600 
   1601 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
   1602                             unsigned protos_len) {
   1603   OPENSSL_free(ctx->alpn_client_proto_list);
   1604   ctx->alpn_client_proto_list = BUF_memdup(protos, protos_len);
   1605   if (!ctx->alpn_client_proto_list) {
   1606     return 1;
   1607   }
   1608   ctx->alpn_client_proto_list_len = protos_len;
   1609 
   1610   return 0;
   1611 }
   1612 
   1613 int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) {
   1614   OPENSSL_free(ssl->alpn_client_proto_list);
   1615   ssl->alpn_client_proto_list = BUF_memdup(protos, protos_len);
   1616   if (!ssl->alpn_client_proto_list) {
   1617     return 1;
   1618   }
   1619   ssl->alpn_client_proto_list_len = protos_len;
   1620 
   1621   return 0;
   1622 }
   1623 
   1624 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
   1625                                 int (*cb)(SSL *ssl, const uint8_t **out,
   1626                                           uint8_t *out_len, const uint8_t *in,
   1627                                           unsigned in_len, void *arg),
   1628                                 void *arg) {
   1629   ctx->alpn_select_cb = cb;
   1630   ctx->alpn_select_cb_arg = arg;
   1631 }
   1632 
   1633 void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **out_data,
   1634                             unsigned *out_len) {
   1635   *out_data = NULL;
   1636   if (ssl->s3) {
   1637     *out_data = ssl->s3->alpn_selected;
   1638   }
   1639   if (*out_data == NULL) {
   1640     *out_len = 0;
   1641   } else {
   1642     *out_len = ssl->s3->alpn_selected_len;
   1643   }
   1644 }
   1645 
   1646 int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len,
   1647                                const char *label, size_t label_len,
   1648                                const uint8_t *context, size_t context_len,
   1649                                int use_context) {
   1650   if (ssl->version < TLS1_VERSION) {
   1651     return 0;
   1652   }
   1653 
   1654   return ssl->enc_method->export_keying_material(
   1655       ssl, out, out_len, label, label_len, context, context_len, use_context);
   1656 }
   1657 
   1658 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
   1659                                       int (*cb)(X509_STORE_CTX *store_ctx,
   1660                                                 void *arg),
   1661                                       void *arg) {
   1662   ctx->app_verify_callback = cb;
   1663   ctx->app_verify_arg = arg;
   1664 }
   1665 
   1666 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
   1667                         int (*cb)(int, X509_STORE_CTX *)) {
   1668   ctx->verify_mode = mode;
   1669   ctx->default_verify_callback = cb;
   1670 }
   1671 
   1672 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) {
   1673   X509_VERIFY_PARAM_set_depth(ctx->param, depth);
   1674 }
   1675 
   1676 void SSL_CTX_set_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, void *arg),
   1677                          void *arg) {
   1678   ssl_cert_set_cert_cb(ctx->cert, cb, arg);
   1679 }
   1680 
   1681 void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), void *arg) {
   1682   ssl_cert_set_cert_cb(ssl->cert, cb, arg);
   1683 }
   1684 
   1685 void ssl_get_compatible_server_ciphers(SSL *ssl, uint32_t *out_mask_k,
   1686                                        uint32_t *out_mask_a) {
   1687   CERT *c = ssl->cert;
   1688   int have_rsa_cert = 0, dh_tmp;
   1689   uint32_t mask_k, mask_a;
   1690   int have_ecc_cert = 0, ecdsa_ok;
   1691   X509 *x;
   1692 
   1693   dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
   1694 
   1695   if (ssl->cert->x509 != NULL && ssl_has_private_key(ssl)) {
   1696     if (ssl_private_key_type(ssl) == EVP_PKEY_RSA) {
   1697       have_rsa_cert = 1;
   1698     } else if (ssl_private_key_type(ssl) == EVP_PKEY_EC) {
   1699       have_ecc_cert = 1;
   1700     }
   1701   }
   1702 
   1703   mask_k = 0;
   1704   mask_a = 0;
   1705 
   1706   if (dh_tmp) {
   1707     mask_k |= SSL_kDHE;
   1708   }
   1709   if (have_rsa_cert) {
   1710     mask_k |= SSL_kRSA;
   1711     mask_a |= SSL_aRSA;
   1712   }
   1713 
   1714   /* An ECC certificate may be usable for ECDSA cipher suites depending on the
   1715    * key usage extension and on the client's curve preferences. */
   1716   if (have_ecc_cert) {
   1717     x = c->x509;
   1718     /* This call populates extension flags (ex_flags). */
   1719     X509_check_purpose(x, -1, 0);
   1720     ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE)
   1721                    ? (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE)
   1722                    : 1;
   1723     if (!tls1_check_ec_cert(ssl, x)) {
   1724       ecdsa_ok = 0;
   1725     }
   1726     if (ecdsa_ok) {
   1727       mask_a |= SSL_aECDSA;
   1728     }
   1729   }
   1730 
   1731   /* If we are considering an ECC cipher suite that uses an ephemeral EC
   1732    * key, check for a shared curve. */
   1733   uint16_t unused;
   1734   if (tls1_get_shared_curve(ssl, &unused)) {
   1735     mask_k |= SSL_kECDHE;
   1736   }
   1737 
   1738   /* PSK requires a server callback. */
   1739   if (ssl->psk_server_callback != NULL) {
   1740     mask_k |= SSL_kPSK;
   1741     mask_a |= SSL_aPSK;
   1742   }
   1743 
   1744   *out_mask_k = mask_k;
   1745   *out_mask_a = mask_a;
   1746 }
   1747 
   1748 void ssl_update_cache(SSL *ssl, int mode) {
   1749   SSL_CTX *ctx = ssl->initial_ctx;
   1750   /* Never cache sessions with empty session IDs. */
   1751   if (ssl->session->session_id_length == 0 ||
   1752       (ctx->session_cache_mode & mode) != mode) {
   1753     return;
   1754   }
   1755 
   1756   /* Clients never use the internal session cache. */
   1757   int use_internal_cache = ssl->server && !(ctx->session_cache_mode &
   1758                                             SSL_SESS_CACHE_NO_INTERNAL_STORE);
   1759 
   1760   /* A client may see new sessions on abbreviated handshakes if the server
   1761    * decides to renew the ticket. Once the handshake is completed, it should be
   1762    * inserted into the cache. */
   1763   if (!ssl->hit || (!ssl->server && ssl->tlsext_ticket_expected)) {
   1764     if (use_internal_cache) {
   1765       SSL_CTX_add_session(ctx, ssl->session);
   1766     }
   1767     if (ctx->new_session_cb != NULL &&
   1768         !ctx->new_session_cb(ssl, SSL_SESSION_up_ref(ssl->session))) {
   1769       /* |new_session_cb|'s return value signals whether it took ownership. */
   1770       SSL_SESSION_free(ssl->session);
   1771     }
   1772   }
   1773 
   1774   if (use_internal_cache &&
   1775       !(ctx->session_cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR)) {
   1776     /* Automatically flush the internal session cache every 255 connections. */
   1777     int flush_cache = 0;
   1778     CRYPTO_MUTEX_lock_write(&ctx->lock);
   1779     ctx->handshakes_since_cache_flush++;
   1780     if (ctx->handshakes_since_cache_flush >= 255) {
   1781       flush_cache = 1;
   1782       ctx->handshakes_since_cache_flush = 0;
   1783     }
   1784     CRYPTO_MUTEX_unlock(&ctx->lock);
   1785 
   1786     if (flush_cache) {
   1787       SSL_CTX_flush_sessions(ctx, (unsigned long)time(NULL));
   1788     }
   1789   }
   1790 }
   1791 
   1792 static const char *ssl_get_version(int version) {
   1793   switch (version) {
   1794     case TLS1_2_VERSION:
   1795       return "TLSv1.2";
   1796 
   1797     case TLS1_1_VERSION:
   1798       return "TLSv1.1";
   1799 
   1800     case TLS1_VERSION:
   1801       return "TLSv1";
   1802 
   1803     case SSL3_VERSION:
   1804       return "SSLv3";
   1805 
   1806     case DTLS1_VERSION:
   1807       return "DTLSv1";
   1808 
   1809     case DTLS1_2_VERSION:
   1810       return "DTLSv1.2";
   1811 
   1812     default:
   1813       return "unknown";
   1814   }
   1815 }
   1816 
   1817 const char *SSL_get_version(const SSL *ssl) {
   1818   return ssl_get_version(ssl->version);
   1819 }
   1820 
   1821 const char *SSL_SESSION_get_version(const SSL_SESSION *session) {
   1822   return ssl_get_version(session->ssl_version);
   1823 }
   1824 
   1825 void ssl_clear_cipher_ctx(SSL *ssl) {
   1826   SSL_AEAD_CTX_free(ssl->aead_read_ctx);
   1827   ssl->aead_read_ctx = NULL;
   1828   SSL_AEAD_CTX_free(ssl->aead_write_ctx);
   1829   ssl->aead_write_ctx = NULL;
   1830 }
   1831 
   1832 X509 *SSL_get_certificate(const SSL *ssl) {
   1833   if (ssl->cert != NULL) {
   1834     return ssl->cert->x509;
   1835   }
   1836 
   1837   return NULL;
   1838 }
   1839 
   1840 EVP_PKEY *SSL_get_privatekey(const SSL *ssl) {
   1841   if (ssl->cert != NULL) {
   1842     return ssl->cert->privatekey;
   1843   }
   1844 
   1845   return NULL;
   1846 }
   1847 
   1848 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) {
   1849   if (ctx->cert != NULL) {
   1850     return ctx->cert->x509;
   1851   }
   1852 
   1853   return NULL;
   1854 }
   1855 
   1856 EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) {
   1857   if (ctx->cert != NULL) {
   1858     return ctx->cert->privatekey;
   1859   }
   1860 
   1861   return NULL;
   1862 }
   1863 
   1864 const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl) {
   1865   if (ssl->aead_write_ctx == NULL) {
   1866     return NULL;
   1867   }
   1868   return ssl->aead_write_ctx->cipher;
   1869 }
   1870 
   1871 const COMP_METHOD *SSL_get_current_compression(SSL *ssl) { return NULL; }
   1872 
   1873 const COMP_METHOD *SSL_get_current_expansion(SSL *ssl) { return NULL; }
   1874 
   1875 int ssl_init_wbio_buffer(SSL *ssl, int push) {
   1876   BIO *bbio;
   1877 
   1878   if (ssl->bbio == NULL) {
   1879     bbio = BIO_new(BIO_f_buffer());
   1880     if (bbio == NULL) {
   1881       return 0;
   1882     }
   1883     ssl->bbio = bbio;
   1884   } else {
   1885     bbio = ssl->bbio;
   1886     if (ssl->bbio == ssl->wbio) {
   1887       ssl->wbio = BIO_pop(ssl->wbio);
   1888     }
   1889   }
   1890 
   1891   BIO_reset(bbio);
   1892   if (!BIO_set_read_buffer_size(bbio, 1)) {
   1893     OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
   1894     return 0;
   1895   }
   1896 
   1897   if (push) {
   1898     if (ssl->wbio != bbio) {
   1899       ssl->wbio = BIO_push(bbio, ssl->wbio);
   1900     }
   1901   } else {
   1902     if (ssl->wbio == bbio) {
   1903       ssl->wbio = BIO_pop(bbio);
   1904     }
   1905   }
   1906 
   1907   return 1;
   1908 }
   1909 
   1910 void ssl_free_wbio_buffer(SSL *ssl) {
   1911   if (ssl->bbio == NULL) {
   1912     return;
   1913   }
   1914 
   1915   if (ssl->bbio == ssl->wbio) {
   1916     /* remove buffering */
   1917     ssl->wbio = BIO_pop(ssl->wbio);
   1918   }
   1919 
   1920   BIO_free(ssl->bbio);
   1921   ssl->bbio = NULL;
   1922 }
   1923 
   1924 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) {
   1925   ctx->quiet_shutdown = (mode != 0);
   1926 }
   1927 
   1928 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) {
   1929   return ctx->quiet_shutdown;
   1930 }
   1931 
   1932 void SSL_set_quiet_shutdown(SSL *ssl, int mode) {
   1933   ssl->quiet_shutdown = (mode != 0);
   1934 }
   1935 
   1936 int SSL_get_quiet_shutdown(const SSL *ssl) { return ssl->quiet_shutdown; }
   1937 
   1938 void SSL_set_shutdown(SSL *ssl, int mode) {
   1939   /* It is an error to clear any bits that have already been set. (We can't try
   1940    * to get a second close_notify or send two.) */
   1941   assert((ssl->shutdown & mode) == ssl->shutdown);
   1942 
   1943   ssl->shutdown |= mode;
   1944 }
   1945 
   1946 int SSL_get_shutdown(const SSL *ssl) { return ssl->shutdown; }
   1947 
   1948 int SSL_version(const SSL *ssl) { return ssl->version; }
   1949 
   1950 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx; }
   1951 
   1952 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) {
   1953   if (ssl->ctx == ctx) {
   1954     return ssl->ctx;
   1955   }
   1956 
   1957   if (ctx == NULL) {
   1958     ctx = ssl->initial_ctx;
   1959   }
   1960 
   1961   ssl_cert_free(ssl->cert);
   1962   ssl->cert = ssl_cert_dup(ctx->cert);
   1963 
   1964   CRYPTO_refcount_inc(&ctx->references);
   1965   SSL_CTX_free(ssl->ctx); /* decrement reference count */
   1966   ssl->ctx = ctx;
   1967 
   1968   ssl->sid_ctx_length = ctx->sid_ctx_length;
   1969   assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
   1970   memcpy(ssl->sid_ctx, ctx->sid_ctx, sizeof(ssl->sid_ctx));
   1971 
   1972   return ssl->ctx;
   1973 }
   1974 
   1975 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) {
   1976   return X509_STORE_set_default_paths(ctx->cert_store);
   1977 }
   1978 
   1979 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *ca_file,
   1980                                   const char *ca_dir) {
   1981   return X509_STORE_load_locations(ctx->cert_store, ca_file, ca_dir);
   1982 }
   1983 
   1984 void SSL_set_info_callback(SSL *ssl,
   1985                            void (*cb)(const SSL *ssl, int type, int value)) {
   1986   ssl->info_callback = cb;
   1987 }
   1988 
   1989 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type,
   1990                                               int value) {
   1991   return ssl->info_callback;
   1992 }
   1993 
   1994 int SSL_state(const SSL *ssl) { return ssl->state; }
   1995 
   1996 void SSL_set_state(SSL *ssl, int state) { }
   1997 
   1998 void SSL_set_verify_result(SSL *ssl, long result) {
   1999   ssl->verify_result = result;
   2000 }
   2001 
   2002 long SSL_get_verify_result(const SSL *ssl) { return ssl->verify_result; }
   2003 
   2004 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
   2005                          CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) {
   2006   int index;
   2007   if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl, &index, argl, argp,
   2008                                dup_func, free_func)) {
   2009     return -1;
   2010   }
   2011   return index;
   2012 }
   2013 
   2014 int SSL_set_ex_data(SSL *ssl, int idx, void *arg) {
   2015   return CRYPTO_set_ex_data(&ssl->ex_data, idx, arg);
   2016 }
   2017 
   2018 void *SSL_get_ex_data(const SSL *ssl, int idx) {
   2019   return CRYPTO_get_ex_data(&ssl->ex_data, idx);
   2020 }
   2021 
   2022 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
   2023                              CRYPTO_EX_dup *dup_func,
   2024                              CRYPTO_EX_free *free_func) {
   2025   int index;
   2026   if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl_ctx, &index, argl, argp,
   2027                                dup_func, free_func)) {
   2028     return -1;
   2029   }
   2030   return index;
   2031 }
   2032 
   2033 int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg) {
   2034   return CRYPTO_set_ex_data(&ctx->ex_data, idx, arg);
   2035 }
   2036 
   2037 void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx) {
   2038   return CRYPTO_get_ex_data(&ctx->ex_data, idx);
   2039 }
   2040 
   2041 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
   2042   return ctx->cert_store;
   2043 }
   2044 
   2045 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) {
   2046   X509_STORE_free(ctx->cert_store);
   2047   ctx->cert_store = store;
   2048 }
   2049 
   2050 int SSL_want(const SSL *ssl) { return ssl->rwstate; }
   2051 
   2052 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
   2053                                   RSA *(*cb)(SSL *ssl, int is_export,
   2054                                              int keylength)) {
   2055 }
   2056 
   2057 void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
   2058                                                    int keylength)) {
   2059 }
   2060 
   2061 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
   2062                                  DH *(*callback)(SSL *ssl, int is_export,
   2063                                                  int keylength)) {
   2064   ctx->cert->dh_tmp_cb = callback;
   2065 }
   2066 
   2067 void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*callback)(SSL *ssl, int is_export,
   2068                                                        int keylength)) {
   2069   ssl->cert->dh_tmp_cb = callback;
   2070 }
   2071 
   2072 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) {
   2073   if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
   2074     OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
   2075     return 0;
   2076   }
   2077 
   2078   OPENSSL_free(ctx->psk_identity_hint);
   2079 
   2080   if (identity_hint != NULL) {
   2081     ctx->psk_identity_hint = BUF_strdup(identity_hint);
   2082     if (ctx->psk_identity_hint == NULL) {
   2083       return 0;
   2084     }
   2085   } else {
   2086     ctx->psk_identity_hint = NULL;
   2087   }
   2088 
   2089   return 1;
   2090 }
   2091 
   2092 int SSL_use_psk_identity_hint(SSL *ssl, const char *identity_hint) {
   2093   if (ssl == NULL) {
   2094     return 0;
   2095   }
   2096 
   2097   if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
   2098     OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
   2099     return 0;
   2100   }
   2101 
   2102   /* Clear currently configured hint, if any. */
   2103   OPENSSL_free(ssl->psk_identity_hint);
   2104   ssl->psk_identity_hint = NULL;
   2105 
   2106   if (identity_hint != NULL) {
   2107     ssl->psk_identity_hint = BUF_strdup(identity_hint);
   2108     if (ssl->psk_identity_hint == NULL) {
   2109       return 0;
   2110     }
   2111   }
   2112 
   2113   return 1;
   2114 }
   2115 
   2116 const char *SSL_get_psk_identity_hint(const SSL *ssl) {
   2117   if (ssl == NULL) {
   2118     return NULL;
   2119   }
   2120   return ssl->psk_identity_hint;
   2121 }
   2122 
   2123 const char *SSL_get_psk_identity(const SSL *ssl) {
   2124   if (ssl == NULL || ssl->session == NULL) {
   2125     return NULL;
   2126   }
   2127 
   2128   return ssl->session->psk_identity;
   2129 }
   2130 
   2131 void SSL_set_psk_client_callback(
   2132     SSL *ssl, unsigned (*cb)(SSL *ssl, const char *hint, char *identity,
   2133                              unsigned max_identity_len, uint8_t *psk,
   2134                              unsigned max_psk_len)) {
   2135   ssl->psk_client_callback = cb;
   2136 }
   2137 
   2138 void SSL_CTX_set_psk_client_callback(
   2139     SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *hint, char *identity,
   2140                                  unsigned max_identity_len, uint8_t *psk,
   2141                                  unsigned max_psk_len)) {
   2142   ctx->psk_client_callback = cb;
   2143 }
   2144 
   2145 void SSL_set_psk_server_callback(
   2146     SSL *ssl, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk,
   2147                              unsigned max_psk_len)) {
   2148   ssl->psk_server_callback = cb;
   2149 }
   2150 
   2151 void SSL_CTX_set_psk_server_callback(
   2152     SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity,
   2153                                  uint8_t *psk, unsigned max_psk_len)) {
   2154   ctx->psk_server_callback = cb;
   2155 }
   2156 
   2157 void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
   2158                               void (*cb)(int write_p, int version,
   2159                                          int content_type, const void *buf,
   2160                                          size_t len, SSL *ssl, void *arg)) {
   2161   ctx->msg_callback = cb;
   2162 }
   2163 
   2164 void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg) {
   2165   ctx->msg_callback_arg = arg;
   2166 }
   2167 
   2168 void SSL_set_msg_callback(SSL *ssl,
   2169                           void (*cb)(int write_p, int version, int content_type,
   2170                                      const void *buf, size_t len, SSL *ssl,
   2171                                      void *arg)) {
   2172   ssl->msg_callback = cb;
   2173 }
   2174 
   2175 void SSL_set_msg_callback_arg(SSL *ssl, void *arg) {
   2176   ssl->msg_callback_arg = arg;
   2177 }
   2178 
   2179 void SSL_CTX_set_keylog_callback(SSL_CTX *ctx,
   2180                                  void (*cb)(const SSL *ssl, const char *line)) {
   2181   ctx->keylog_callback = cb;
   2182 }
   2183 
   2184 static int cbb_add_hex(CBB *cbb, const uint8_t *in, size_t in_len) {
   2185   static const char hextable[] = "0123456789abcdef";
   2186   uint8_t *out;
   2187   size_t i;
   2188 
   2189   if (!CBB_add_space(cbb, &out, in_len * 2)) {
   2190     return 0;
   2191   }
   2192 
   2193   for (i = 0; i < in_len; i++) {
   2194     *(out++) = (uint8_t)hextable[in[i] >> 4];
   2195     *(out++) = (uint8_t)hextable[in[i] & 0xf];
   2196   }
   2197 
   2198   return 1;
   2199 }
   2200 
   2201 int ssl_log_rsa_client_key_exchange(const SSL *ssl,
   2202                                     const uint8_t *encrypted_premaster,
   2203                                     size_t encrypted_premaster_len,
   2204                                     const uint8_t *premaster,
   2205                                     size_t premaster_len) {
   2206   if (ssl->ctx->keylog_callback == NULL) {
   2207     return 1;
   2208   }
   2209 
   2210   if (encrypted_premaster_len < 8) {
   2211     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
   2212     return 0;
   2213   }
   2214 
   2215   CBB cbb;
   2216   uint8_t *out;
   2217   size_t out_len;
   2218   if (!CBB_init(&cbb, 4 + 16 + 1 + premaster_len * 2 + 1) ||
   2219       !CBB_add_bytes(&cbb, (const uint8_t *)"RSA ", 4) ||
   2220       /* Only the first 8 bytes of the encrypted premaster secret are
   2221        * logged. */
   2222       !cbb_add_hex(&cbb, encrypted_premaster, 8) ||
   2223       !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) ||
   2224       !cbb_add_hex(&cbb, premaster, premaster_len) ||
   2225       !CBB_add_u8(&cbb, 0 /* NUL */) ||
   2226       !CBB_finish(&cbb, &out, &out_len)) {
   2227     CBB_cleanup(&cbb);
   2228     return 0;
   2229   }
   2230 
   2231   ssl->ctx->keylog_callback(ssl, (const char *)out);
   2232   OPENSSL_free(out);
   2233   return 1;
   2234 }
   2235 
   2236 int ssl_log_master_secret(const SSL *ssl, const uint8_t *client_random,
   2237                           size_t client_random_len, const uint8_t *master,
   2238                           size_t master_len) {
   2239   if (ssl->ctx->keylog_callback == NULL) {
   2240     return 1;
   2241   }
   2242 
   2243   if (client_random_len != 32) {
   2244     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
   2245     return 0;
   2246   }
   2247 
   2248   CBB cbb;
   2249   uint8_t *out;
   2250   size_t out_len;
   2251   if (!CBB_init(&cbb, 14 + 64 + 1 + master_len * 2 + 1) ||
   2252       !CBB_add_bytes(&cbb, (const uint8_t *)"CLIENT_RANDOM ", 14) ||
   2253       !cbb_add_hex(&cbb, client_random, 32) ||
   2254       !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) ||
   2255       !cbb_add_hex(&cbb, master, master_len) ||
   2256       !CBB_add_u8(&cbb, 0 /* NUL */) ||
   2257       !CBB_finish(&cbb, &out, &out_len)) {
   2258     CBB_cleanup(&cbb);
   2259     return 0;
   2260   }
   2261 
   2262   ssl->ctx->keylog_callback(ssl, (const char *)out);
   2263   OPENSSL_free(out);
   2264   return 1;
   2265 }
   2266 
   2267 int SSL_is_init_finished(const SSL *ssl) {
   2268   return ssl->state == SSL_ST_OK;
   2269 }
   2270 
   2271 int SSL_in_init(const SSL *ssl) {
   2272   return (ssl->state & SSL_ST_INIT) != 0;
   2273 }
   2274 
   2275 int SSL_in_false_start(const SSL *ssl) {
   2276   return ssl->s3->tmp.in_false_start;
   2277 }
   2278 
   2279 int SSL_cutthrough_complete(const SSL *ssl) {
   2280   return SSL_in_false_start(ssl);
   2281 }
   2282 
   2283 void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size,
   2284                              size_t *ssl_session_size) {
   2285   *ssl_size = sizeof(SSL);
   2286   *ssl_ctx_size = sizeof(SSL_CTX);
   2287   *ssl_session_size = sizeof(SSL_SESSION);
   2288 }
   2289 
   2290 int ssl3_can_false_start(const SSL *ssl) {
   2291   const SSL_CIPHER *const cipher = SSL_get_current_cipher(ssl);
   2292 
   2293   /* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */
   2294   return !SSL_IS_DTLS(ssl) &&
   2295       SSL_version(ssl) >= TLS1_2_VERSION &&
   2296       (ssl->s3->alpn_selected || ssl->s3->next_proto_neg_seen) &&
   2297       cipher != NULL &&
   2298       cipher->algorithm_mkey == SSL_kECDHE &&
   2299       cipher->algorithm_mac == SSL_AEAD;
   2300 }
   2301 
   2302 const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version) {
   2303   switch (version) {
   2304     case SSL3_VERSION:
   2305       return &SSLv3_enc_data;
   2306 
   2307     case TLS1_VERSION:
   2308       return &TLSv1_enc_data;
   2309 
   2310     case DTLS1_VERSION:
   2311     case TLS1_1_VERSION:
   2312       return &TLSv1_1_enc_data;
   2313 
   2314     case DTLS1_2_VERSION:
   2315     case TLS1_2_VERSION:
   2316       return &TLSv1_2_enc_data;
   2317 
   2318     default:
   2319       return NULL;
   2320   }
   2321 }
   2322 
   2323 uint16_t ssl3_get_max_server_version(const SSL *ssl) {
   2324   uint16_t max_version;
   2325 
   2326   if (SSL_IS_DTLS(ssl)) {
   2327     max_version = (ssl->max_version != 0) ? ssl->max_version : DTLS1_2_VERSION;
   2328     if (!(ssl->options & SSL_OP_NO_DTLSv1_2) &&
   2329         DTLS1_2_VERSION >= max_version) {
   2330       return DTLS1_2_VERSION;
   2331     }
   2332     if (!(ssl->options & SSL_OP_NO_DTLSv1) && DTLS1_VERSION >= max_version) {
   2333       return DTLS1_VERSION;
   2334     }
   2335     return 0;
   2336   }
   2337 
   2338   max_version = (ssl->max_version != 0) ? ssl->max_version : TLS1_2_VERSION;
   2339   if (!(ssl->options & SSL_OP_NO_TLSv1_2) && TLS1_2_VERSION <= max_version) {
   2340     return TLS1_2_VERSION;
   2341   }
   2342   if (!(ssl->options & SSL_OP_NO_TLSv1_1) && TLS1_1_VERSION <= max_version) {
   2343     return TLS1_1_VERSION;
   2344   }
   2345   if (!(ssl->options & SSL_OP_NO_TLSv1) && TLS1_VERSION <= max_version) {
   2346     return TLS1_VERSION;
   2347   }
   2348   if (!(ssl->options & SSL_OP_NO_SSLv3) && SSL3_VERSION <= max_version) {
   2349     return SSL3_VERSION;
   2350   }
   2351   return 0;
   2352 }
   2353 
   2354 uint16_t ssl3_get_mutual_version(SSL *ssl, uint16_t client_version) {
   2355   uint16_t version = 0;
   2356 
   2357   if (SSL_IS_DTLS(ssl)) {
   2358     /* Clamp client_version to max_version. */
   2359     if (ssl->max_version != 0 && client_version < ssl->max_version) {
   2360       client_version = ssl->max_version;
   2361     }
   2362 
   2363     if (client_version <= DTLS1_2_VERSION &&
   2364         !(ssl->options & SSL_OP_NO_DTLSv1_2)) {
   2365       version = DTLS1_2_VERSION;
   2366     } else if (client_version <= DTLS1_VERSION &&
   2367                !(ssl->options & SSL_OP_NO_DTLSv1)) {
   2368       version = DTLS1_VERSION;
   2369     }
   2370 
   2371     /* Check against min_version. */
   2372     if (version != 0 && ssl->min_version != 0 && version > ssl->min_version) {
   2373       return 0;
   2374     }
   2375     return version;
   2376   } else {
   2377     /* Clamp client_version to max_version. */
   2378     if (ssl->max_version != 0 && client_version > ssl->max_version) {
   2379       client_version = ssl->max_version;
   2380     }
   2381 
   2382     if (client_version >= TLS1_2_VERSION &&
   2383         !(ssl->options & SSL_OP_NO_TLSv1_2)) {
   2384       version = TLS1_2_VERSION;
   2385     } else if (client_version >= TLS1_1_VERSION &&
   2386                !(ssl->options & SSL_OP_NO_TLSv1_1)) {
   2387       version = TLS1_1_VERSION;
   2388     } else if (client_version >= TLS1_VERSION &&
   2389                !(ssl->options & SSL_OP_NO_TLSv1)) {
   2390       version = TLS1_VERSION;
   2391     } else if (client_version >= SSL3_VERSION &&
   2392                !(ssl->options & SSL_OP_NO_SSLv3)) {
   2393       version = SSL3_VERSION;
   2394     }
   2395 
   2396     /* Check against min_version. */
   2397     if (version != 0 && ssl->min_version != 0 && version < ssl->min_version) {
   2398       return 0;
   2399     }
   2400     return version;
   2401   }
   2402 }
   2403 
   2404 uint16_t ssl3_get_max_client_version(SSL *ssl) {
   2405   uint32_t options = ssl->options;
   2406   uint16_t version = 0;
   2407 
   2408   /* OpenSSL's API for controlling versions entails blacklisting individual
   2409    * protocols. This has two problems. First, on the client, the protocol can
   2410    * only express a contiguous range of versions. Second, a library consumer
   2411    * trying to set a maximum version cannot disable protocol versions that get
   2412    * added in a future version of the library.
   2413    *
   2414    * To account for both of these, OpenSSL interprets the client-side bitmask
   2415    * as a min/max range by picking the lowest contiguous non-empty range of
   2416    * enabled protocols. Note that this means it is impossible to set a maximum
   2417    * version of TLS 1.2 in a future-proof way.
   2418    *
   2419    * By this scheme, the maximum version is the lowest version V such that V is
   2420    * enabled and V+1 is disabled or unimplemented. */
   2421   if (SSL_IS_DTLS(ssl)) {
   2422     if (!(options & SSL_OP_NO_DTLSv1_2)) {
   2423       version = DTLS1_2_VERSION;
   2424     }
   2425     if (!(options & SSL_OP_NO_DTLSv1) && (options & SSL_OP_NO_DTLSv1_2)) {
   2426       version = DTLS1_VERSION;
   2427     }
   2428     if (ssl->max_version != 0 && version < ssl->max_version) {
   2429       version = ssl->max_version;
   2430     }
   2431   } else {
   2432     if (!(options & SSL_OP_NO_TLSv1_2)) {
   2433       version = TLS1_2_VERSION;
   2434     }
   2435     if (!(options & SSL_OP_NO_TLSv1_1) && (options & SSL_OP_NO_TLSv1_2)) {
   2436       version = TLS1_1_VERSION;
   2437     }
   2438     if (!(options & SSL_OP_NO_TLSv1) && (options & SSL_OP_NO_TLSv1_1)) {
   2439       version = TLS1_VERSION;
   2440     }
   2441     if (!(options & SSL_OP_NO_SSLv3) && (options & SSL_OP_NO_TLSv1)) {
   2442       version = SSL3_VERSION;
   2443     }
   2444     if (ssl->max_version != 0 && version > ssl->max_version) {
   2445       version = ssl->max_version;
   2446     }
   2447   }
   2448 
   2449   return version;
   2450 }
   2451 
   2452 int ssl3_is_version_enabled(SSL *ssl, uint16_t version) {
   2453   if (SSL_IS_DTLS(ssl)) {
   2454     if (ssl->max_version != 0 && version < ssl->max_version) {
   2455       return 0;
   2456     }
   2457     if (ssl->min_version != 0 && version > ssl->min_version) {
   2458       return 0;
   2459     }
   2460 
   2461     switch (version) {
   2462       case DTLS1_VERSION:
   2463         return !(ssl->options & SSL_OP_NO_DTLSv1);
   2464 
   2465       case DTLS1_2_VERSION:
   2466         return !(ssl->options & SSL_OP_NO_DTLSv1_2);
   2467 
   2468       default:
   2469         return 0;
   2470     }
   2471   } else {
   2472     if (ssl->max_version != 0 && version > ssl->max_version) {
   2473       return 0;
   2474     }
   2475     if (ssl->min_version != 0 && version < ssl->min_version) {
   2476       return 0;
   2477     }
   2478 
   2479     switch (version) {
   2480       case SSL3_VERSION:
   2481         return !(ssl->options & SSL_OP_NO_SSLv3);
   2482 
   2483       case TLS1_VERSION:
   2484         return !(ssl->options & SSL_OP_NO_TLSv1);
   2485 
   2486       case TLS1_1_VERSION:
   2487         return !(ssl->options & SSL_OP_NO_TLSv1_1);
   2488 
   2489       case TLS1_2_VERSION:
   2490         return !(ssl->options & SSL_OP_NO_TLSv1_2);
   2491 
   2492       default:
   2493         return 0;
   2494     }
   2495   }
   2496 }
   2497 
   2498 uint16_t ssl3_version_from_wire(SSL *ssl, uint16_t wire_version) {
   2499   if (!SSL_IS_DTLS(ssl)) {
   2500     return wire_version;
   2501   }
   2502 
   2503   uint16_t tls_version = ~wire_version;
   2504   uint16_t version = tls_version + 0x0201;
   2505   /* If either component overflowed, clamp it so comparisons still work. */
   2506   if ((version >> 8) < (tls_version >> 8)) {
   2507     version = 0xff00 | (version & 0xff);
   2508   }
   2509   if ((version & 0xff) < (tls_version & 0xff)) {
   2510     version = (version & 0xff00) | 0xff;
   2511   }
   2512   /* DTLS 1.0 maps to TLS 1.1, not TLS 1.0. */
   2513   if (version == TLS1_VERSION) {
   2514     version = TLS1_1_VERSION;
   2515   }
   2516   return version;
   2517 }
   2518 
   2519 int SSL_cache_hit(SSL *ssl) { return SSL_session_reused(ssl); }
   2520 
   2521 int SSL_is_server(SSL *ssl) { return ssl->server; }
   2522 
   2523 void SSL_CTX_set_select_certificate_cb(
   2524     SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)) {
   2525   ctx->select_certificate_cb = cb;
   2526 }
   2527 
   2528 void SSL_CTX_set_dos_protection_cb(
   2529     SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)) {
   2530   ctx->dos_protection_cb = cb;
   2531 }
   2532 
   2533 void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) {
   2534   ssl->renegotiate_mode = mode;
   2535 }
   2536 
   2537 void SSL_set_reject_peer_renegotiations(SSL *ssl, int reject) {
   2538   SSL_set_renegotiate_mode(
   2539       ssl, reject ? ssl_renegotiate_never : ssl_renegotiate_freely);
   2540 }
   2541 
   2542 int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key,
   2543                       const RC4_KEY **write_key) {
   2544   if (ssl->aead_read_ctx == NULL || ssl->aead_write_ctx == NULL) {
   2545     return 0;
   2546   }
   2547 
   2548   return EVP_AEAD_CTX_get_rc4_state(&ssl->aead_read_ctx->ctx, read_key) &&
   2549          EVP_AEAD_CTX_get_rc4_state(&ssl->aead_write_ctx->ctx, write_key);
   2550 }
   2551 
   2552 int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
   2553                 const uint8_t **out_write_iv, size_t *out_iv_len) {
   2554   if (ssl->aead_read_ctx == NULL || ssl->aead_write_ctx == NULL) {
   2555     return 0;
   2556   }
   2557 
   2558   size_t write_iv_len;
   2559   if (!EVP_AEAD_CTX_get_iv(&ssl->aead_read_ctx->ctx, out_read_iv, out_iv_len) ||
   2560       !EVP_AEAD_CTX_get_iv(&ssl->aead_write_ctx->ctx, out_write_iv,
   2561                            &write_iv_len) ||
   2562       *out_iv_len != write_iv_len) {
   2563     return 0;
   2564   }
   2565 
   2566   return 1;
   2567 }
   2568 
   2569 uint8_t SSL_get_server_key_exchange_hash(const SSL *ssl) {
   2570   return ssl->s3->tmp.server_key_exchange_hash;
   2571 }
   2572 
   2573 int SSL_clear(SSL *ssl) {
   2574   if (ssl->method == NULL) {
   2575     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_METHOD_SPECIFIED);
   2576     return 0;
   2577   }
   2578 
   2579   if (ssl_clear_bad_session(ssl)) {
   2580     SSL_SESSION_free(ssl->session);
   2581     ssl->session = NULL;
   2582   }
   2583 
   2584   ssl->hit = 0;
   2585   ssl->shutdown = 0;
   2586 
   2587   /* SSL_clear may be called before or after the |ssl| is initialized in either
   2588    * accept or connect state. In the latter case, SSL_clear should preserve the
   2589    * half and reset |ssl->state| accordingly. */
   2590   if (ssl->handshake_func != NULL) {
   2591     if (ssl->server) {
   2592       SSL_set_accept_state(ssl);
   2593     } else {
   2594       SSL_set_connect_state(ssl);
   2595     }
   2596   } else {
   2597     assert(ssl->state == 0);
   2598   }
   2599 
   2600   /* TODO(davidben): Some state on |ssl| is reset both in |SSL_new| and
   2601    * |SSL_clear| because it is per-connection state rather than configuration
   2602    * state. Per-connection state should be on |ssl->s3| and |ssl->d1| so it is
   2603    * naturally reset at the right points between |SSL_new|, |SSL_clear|, and
   2604    * |ssl3_new|. */
   2605 
   2606   ssl->rwstate = SSL_NOTHING;
   2607 
   2608   BUF_MEM_free(ssl->init_buf);
   2609   ssl->init_buf = NULL;
   2610 
   2611   ssl_clear_cipher_ctx(ssl);
   2612 
   2613   OPENSSL_free(ssl->next_proto_negotiated);
   2614   ssl->next_proto_negotiated = NULL;
   2615   ssl->next_proto_negotiated_len = 0;
   2616 
   2617   /* The ssl->d1->mtu is simultaneously configuration (preserved across
   2618    * clear) and connection-specific state (gets reset).
   2619    *
   2620    * TODO(davidben): Avoid this. */
   2621   unsigned mtu = 0;
   2622   if (ssl->d1 != NULL) {
   2623     mtu = ssl->d1->mtu;
   2624   }
   2625 
   2626   ssl->method->ssl_free(ssl);
   2627   if (!ssl->method->ssl_new(ssl)) {
   2628     return 0;
   2629   }
   2630   ssl->enc_method = ssl3_get_enc_method(ssl->version);
   2631   assert(ssl->enc_method != NULL);
   2632 
   2633   if (SSL_IS_DTLS(ssl) && (SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
   2634     ssl->d1->mtu = mtu;
   2635   }
   2636 
   2637   ssl->client_version = ssl->version;
   2638 
   2639   return 1;
   2640 }
   2641 
   2642 int SSL_CTX_sess_connect(const SSL_CTX *ctx) { return 0; }
   2643 int SSL_CTX_sess_connect_good(const SSL_CTX *ctx) { return 0; }
   2644 int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx) { return 0; }
   2645 int SSL_CTX_sess_accept(const SSL_CTX *ctx) { return 0; }
   2646 int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx) { return 0; }
   2647 int SSL_CTX_sess_accept_good(const SSL_CTX *ctx) { return 0; }
   2648 int SSL_CTX_sess_hits(const SSL_CTX *ctx) { return 0; }
   2649 int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx) { return 0; }
   2650 int SSL_CTX_sess_misses(const SSL_CTX *ctx) { return 0; }
   2651 int SSL_CTX_sess_timeouts(const SSL_CTX *ctx) { return 0; }
   2652 int SSL_CTX_sess_cache_full(const SSL_CTX *ctx) { return 0; }
   2653 void ERR_load_SSL_strings(void) {}
   2654 void SSL_load_error_strings(void) {}
   2655