1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay (at) cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay (at) cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] 56 */ 57 /* ==================================================================== 58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 59 * 60 * Redistribution and use in source and binary forms, with or without 61 * modification, are permitted provided that the following conditions 62 * are met: 63 * 64 * 1. Redistributions of source code must retain the above copyright 65 * notice, this list of conditions and the following disclaimer. 66 * 67 * 2. Redistributions in binary form must reproduce the above copyright 68 * notice, this list of conditions and the following disclaimer in 69 * the documentation and/or other materials provided with the 70 * distribution. 71 * 72 * 3. All advertising materials mentioning features or use of this 73 * software must display the following acknowledgment: 74 * "This product includes software developed by the OpenSSL Project 75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 76 * 77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 78 * endorse or promote products derived from this software without 79 * prior written permission. For written permission, please contact 80 * openssl-core (at) openssl.org. 81 * 82 * 5. Products derived from this software may not be called "OpenSSL" 83 * nor may "OpenSSL" appear in their names without prior written 84 * permission of the OpenSSL Project. 85 * 86 * 6. Redistributions of any form whatsoever must retain the following 87 * acknowledgment: 88 * "This product includes software developed by the OpenSSL Project 89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 90 * 91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 102 * OF THE POSSIBILITY OF SUCH DAMAGE. 103 * ==================================================================== 104 * 105 * This product includes cryptographic software written by Eric Young 106 * (eay (at) cryptsoft.com). This product includes software written by Tim 107 * Hudson (tjh (at) cryptsoft.com). 108 * 109 */ 110 /* ==================================================================== 111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 112 * ECC cipher suite support in OpenSSL originally developed by 113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 114 */ 115 /* ==================================================================== 116 * Copyright 2005 Nokia. All rights reserved. 117 * 118 * The portions of the attached software ("Contribution") is developed by 119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 120 * license. 121 * 122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 124 * support (see RFC 4279) to OpenSSL. 125 * 126 * No patent licenses or other rights except those expressly stated in 127 * the OpenSSL open source license shall be deemed granted or received 128 * expressly, by implication, estoppel, or otherwise. 129 * 130 * No assurances are provided by Nokia that the Contribution does not 131 * infringe the patent or other intellectual property rights of any third 132 * party or that the license provides you with all the necessary rights 133 * to make use of the Contribution. 134 * 135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 139 * OTHERWISE. */ 140 141 #include <openssl/ssl.h> 142 143 #include <assert.h> 144 #include <stdlib.h> 145 #include <string.h> 146 147 #include <openssl/bytestring.h> 148 #include <openssl/crypto.h> 149 #include <openssl/err.h> 150 #include <openssl/lhash.h> 151 #include <openssl/mem.h> 152 #include <openssl/rand.h> 153 154 #include "internal.h" 155 #include "../crypto/internal.h" 156 157 #if defined(OPENSSL_WINDOWS) 158 #include <sys/timeb.h> 159 #else 160 #include <sys/socket.h> 161 #include <sys/time.h> 162 #endif 163 164 165 /* |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it 166 * to avoid downstream churn. */ 167 OPENSSL_DECLARE_ERROR_REASON(SSL, UNKNOWN_PROTOCOL) 168 169 /* The following errors are no longer emitted, but are used in nginx without 170 * #ifdefs. */ 171 OPENSSL_DECLARE_ERROR_REASON(SSL, BLOCK_CIPHER_PAD_IS_WRONG) 172 OPENSSL_DECLARE_ERROR_REASON(SSL, NO_CIPHERS_SPECIFIED) 173 174 /* Some error codes are special. Ensure the make_errors.go script never 175 * regresses this. */ 176 static_assert(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION == 177 SSL_AD_NO_RENEGOTIATION + SSL_AD_REASON_OFFSET, 178 "alert reason code mismatch"); 179 180 /* kMaxHandshakeSize is the maximum size, in bytes, of a handshake message. */ 181 static const size_t kMaxHandshakeSize = (1u << 24) - 1; 182 183 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl = 184 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA; 185 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl_ctx = 186 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA; 187 188 int SSL_library_init(void) { 189 CRYPTO_library_init(); 190 return 1; 191 } 192 193 static uint32_t ssl_session_hash(const SSL_SESSION *sess) { 194 const uint8_t *session_id = sess->session_id; 195 196 uint8_t tmp_storage[sizeof(uint32_t)]; 197 if (sess->session_id_length < sizeof(tmp_storage)) { 198 OPENSSL_memset(tmp_storage, 0, sizeof(tmp_storage)); 199 OPENSSL_memcpy(tmp_storage, sess->session_id, sess->session_id_length); 200 session_id = tmp_storage; 201 } 202 203 uint32_t hash = 204 ((uint32_t)session_id[0]) | 205 ((uint32_t)session_id[1] << 8) | 206 ((uint32_t)session_id[2] << 16) | 207 ((uint32_t)session_id[3] << 24); 208 209 return hash; 210 } 211 212 /* NB: If this function (or indeed the hash function which uses a sort of 213 * coarser function than this one) is changed, ensure 214 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being 215 * able to construct an SSL_SESSION that will collide with any existing session 216 * with a matching session ID. */ 217 static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { 218 if (a->ssl_version != b->ssl_version) { 219 return 1; 220 } 221 222 if (a->session_id_length != b->session_id_length) { 223 return 1; 224 } 225 226 return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length); 227 } 228 229 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) { 230 SSL_CTX *ret = NULL; 231 232 if (method == NULL) { 233 OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_METHOD_PASSED); 234 return NULL; 235 } 236 237 ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); 238 if (ret == NULL) { 239 goto err; 240 } 241 242 OPENSSL_memset(ret, 0, sizeof(SSL_CTX)); 243 244 ret->method = method->method; 245 ret->x509_method = method->x509_method; 246 247 CRYPTO_MUTEX_init(&ret->lock); 248 249 ret->session_cache_mode = SSL_SESS_CACHE_SERVER; 250 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 251 252 ret->session_timeout = SSL_DEFAULT_SESSION_TIMEOUT; 253 ret->session_psk_dhe_timeout = SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT; 254 255 ret->references = 1; 256 257 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; 258 ret->verify_mode = SSL_VERIFY_NONE; 259 ret->cert = ssl_cert_new(method->x509_method); 260 if (ret->cert == NULL) { 261 goto err; 262 } 263 264 ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp); 265 if (ret->sessions == NULL) { 266 goto err; 267 } 268 269 if (!ret->x509_method->ssl_ctx_new(ret)) { 270 goto err; 271 } 272 273 if (!SSL_CTX_set_strict_cipher_list(ret, SSL_DEFAULT_CIPHER_LIST)) { 274 goto err2; 275 } 276 277 ret->client_CA = sk_CRYPTO_BUFFER_new_null(); 278 if (ret->client_CA == NULL) { 279 goto err; 280 } 281 282 CRYPTO_new_ex_data(&ret->ex_data); 283 284 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 285 286 /* Setup RFC4507 ticket keys */ 287 if (!RAND_bytes(ret->tlsext_tick_key_name, 16) || 288 !RAND_bytes(ret->tlsext_tick_hmac_key, 16) || 289 !RAND_bytes(ret->tlsext_tick_aes_key, 16)) { 290 ret->options |= SSL_OP_NO_TICKET; 291 } 292 293 /* Disable the auto-chaining feature by default. Once this has stuck without 294 * problems, the feature will be removed entirely. */ 295 ret->mode = SSL_MODE_NO_AUTO_CHAIN; 296 297 /* Lock the SSL_CTX to the specified version, for compatibility with legacy 298 * uses of SSL_METHOD, but we do not set the minimum version for 299 * |SSLv3_method|. */ 300 if (!SSL_CTX_set_max_proto_version(ret, method->version) || 301 !SSL_CTX_set_min_proto_version(ret, method->version == SSL3_VERSION 302 ? 0 /* default */ 303 : method->version)) { 304 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 305 goto err2; 306 } 307 308 return ret; 309 310 err: 311 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); 312 err2: 313 SSL_CTX_free(ret); 314 return NULL; 315 } 316 317 int SSL_CTX_up_ref(SSL_CTX *ctx) { 318 CRYPTO_refcount_inc(&ctx->references); 319 return 1; 320 } 321 322 void SSL_CTX_free(SSL_CTX *ctx) { 323 if (ctx == NULL || 324 !CRYPTO_refcount_dec_and_test_zero(&ctx->references)) { 325 return; 326 } 327 328 /* Free internal session cache. However: the remove_cb() may reference the 329 * ex_data of SSL_CTX, thus the ex_data store can only be removed after the 330 * sessions were flushed. As the ex_data handling routines might also touch 331 * the session cache, the most secure solution seems to be: empty (flush) the 332 * cache, then free ex_data, then finally free the cache. (See ticket 333 * [openssl.org #212].) */ 334 SSL_CTX_flush_sessions(ctx, 0); 335 336 CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data); 337 338 CRYPTO_MUTEX_cleanup(&ctx->lock); 339 lh_SSL_SESSION_free(ctx->sessions); 340 ssl_cipher_preference_list_free(ctx->cipher_list); 341 ssl_cert_free(ctx->cert); 342 sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->client_custom_extensions, 343 SSL_CUSTOM_EXTENSION_free); 344 sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->server_custom_extensions, 345 SSL_CUSTOM_EXTENSION_free); 346 sk_CRYPTO_BUFFER_pop_free(ctx->client_CA, CRYPTO_BUFFER_free); 347 ctx->x509_method->ssl_ctx_free(ctx); 348 sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles); 349 OPENSSL_free(ctx->psk_identity_hint); 350 OPENSSL_free(ctx->supported_group_list); 351 OPENSSL_free(ctx->alpn_client_proto_list); 352 EVP_PKEY_free(ctx->tlsext_channel_id_private); 353 OPENSSL_free(ctx->verify_sigalgs); 354 355 OPENSSL_free(ctx); 356 } 357 358 SSL *SSL_new(SSL_CTX *ctx) { 359 if (ctx == NULL) { 360 OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_CTX); 361 return NULL; 362 } 363 if (ctx->method == NULL) { 364 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 365 return NULL; 366 } 367 368 SSL *ssl = (SSL *)OPENSSL_malloc(sizeof(SSL)); 369 if (ssl == NULL) { 370 goto err; 371 } 372 OPENSSL_memset(ssl, 0, sizeof(SSL)); 373 374 ssl->conf_min_version = ctx->conf_min_version; 375 ssl->conf_max_version = ctx->conf_max_version; 376 ssl->tls13_variant = ctx->tls13_variant; 377 378 /* RFC 6347 states that implementations SHOULD use an initial timer value of 379 * 1 second. */ 380 ssl->initial_timeout_duration_ms = 1000; 381 382 ssl->options = ctx->options; 383 ssl->mode = ctx->mode; 384 ssl->max_cert_list = ctx->max_cert_list; 385 386 ssl->cert = ssl_cert_dup(ctx->cert); 387 if (ssl->cert == NULL) { 388 goto err; 389 } 390 391 ssl->msg_callback = ctx->msg_callback; 392 ssl->msg_callback_arg = ctx->msg_callback_arg; 393 ssl->verify_mode = ctx->verify_mode; 394 ssl->verify_callback = ctx->default_verify_callback; 395 ssl->retain_only_sha256_of_client_certs = 396 ctx->retain_only_sha256_of_client_certs; 397 398 ssl->quiet_shutdown = ctx->quiet_shutdown; 399 ssl->max_send_fragment = ctx->max_send_fragment; 400 401 SSL_CTX_up_ref(ctx); 402 ssl->ctx = ctx; 403 SSL_CTX_up_ref(ctx); 404 ssl->session_ctx = ctx; 405 406 if (!ssl->ctx->x509_method->ssl_new(ssl)) { 407 goto err; 408 } 409 410 if (ctx->supported_group_list) { 411 ssl->supported_group_list = (uint16_t *)BUF_memdup( 412 ctx->supported_group_list, ctx->supported_group_list_len * 2); 413 if (!ssl->supported_group_list) { 414 goto err; 415 } 416 ssl->supported_group_list_len = ctx->supported_group_list_len; 417 } 418 419 if (ctx->alpn_client_proto_list) { 420 ssl->alpn_client_proto_list = (uint8_t *)BUF_memdup( 421 ctx->alpn_client_proto_list, ctx->alpn_client_proto_list_len); 422 if (ssl->alpn_client_proto_list == NULL) { 423 goto err; 424 } 425 ssl->alpn_client_proto_list_len = ctx->alpn_client_proto_list_len; 426 } 427 428 ssl->method = ctx->method; 429 430 if (!ssl->method->ssl_new(ssl)) { 431 goto err; 432 } 433 434 ssl->rwstate = SSL_NOTHING; 435 436 CRYPTO_new_ex_data(&ssl->ex_data); 437 438 ssl->psk_identity_hint = NULL; 439 if (ctx->psk_identity_hint) { 440 ssl->psk_identity_hint = BUF_strdup(ctx->psk_identity_hint); 441 if (ssl->psk_identity_hint == NULL) { 442 goto err; 443 } 444 } 445 ssl->psk_client_callback = ctx->psk_client_callback; 446 ssl->psk_server_callback = ctx->psk_server_callback; 447 448 ssl->tlsext_channel_id_enabled = ctx->tlsext_channel_id_enabled; 449 if (ctx->tlsext_channel_id_private) { 450 EVP_PKEY_up_ref(ctx->tlsext_channel_id_private); 451 ssl->tlsext_channel_id_private = ctx->tlsext_channel_id_private; 452 } 453 454 ssl->signed_cert_timestamps_enabled = ctx->signed_cert_timestamps_enabled; 455 ssl->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled; 456 457 return ssl; 458 459 err: 460 SSL_free(ssl); 461 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); 462 463 return NULL; 464 } 465 466 void SSL_free(SSL *ssl) { 467 if (ssl == NULL) { 468 return; 469 } 470 471 if (ssl->ctx != NULL) { 472 ssl->ctx->x509_method->ssl_free(ssl); 473 } 474 475 CRYPTO_free_ex_data(&g_ex_data_class_ssl, ssl, &ssl->ex_data); 476 477 BIO_free_all(ssl->rbio); 478 BIO_free_all(ssl->wbio); 479 480 BUF_MEM_free(ssl->init_buf); 481 482 /* add extra stuff */ 483 ssl_cipher_preference_list_free(ssl->cipher_list); 484 485 SSL_SESSION_free(ssl->session); 486 487 ssl_cert_free(ssl->cert); 488 489 OPENSSL_free(ssl->tlsext_hostname); 490 SSL_CTX_free(ssl->session_ctx); 491 OPENSSL_free(ssl->supported_group_list); 492 OPENSSL_free(ssl->alpn_client_proto_list); 493 EVP_PKEY_free(ssl->tlsext_channel_id_private); 494 OPENSSL_free(ssl->psk_identity_hint); 495 sk_CRYPTO_BUFFER_pop_free(ssl->client_CA, CRYPTO_BUFFER_free); 496 sk_SRTP_PROTECTION_PROFILE_free(ssl->srtp_profiles); 497 498 if (ssl->method != NULL) { 499 ssl->method->ssl_free(ssl); 500 } 501 SSL_CTX_free(ssl->ctx); 502 503 OPENSSL_free(ssl); 504 } 505 506 void SSL_set_connect_state(SSL *ssl) { 507 ssl->server = 0; 508 ssl->handshake_func = ssl3_connect; 509 } 510 511 void SSL_set_accept_state(SSL *ssl) { 512 ssl->server = 1; 513 ssl->handshake_func = ssl3_accept; 514 } 515 516 void SSL_set0_rbio(SSL *ssl, BIO *rbio) { 517 BIO_free_all(ssl->rbio); 518 ssl->rbio = rbio; 519 } 520 521 void SSL_set0_wbio(SSL *ssl, BIO *wbio) { 522 BIO_free_all(ssl->wbio); 523 ssl->wbio = wbio; 524 } 525 526 void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) { 527 /* For historical reasons, this function has many different cases in ownership 528 * handling. */ 529 530 /* If nothing has changed, do nothing */ 531 if (rbio == SSL_get_rbio(ssl) && wbio == SSL_get_wbio(ssl)) { 532 return; 533 } 534 535 /* If the two arguments are equal, one fewer reference is granted than 536 * taken. */ 537 if (rbio != NULL && rbio == wbio) { 538 BIO_up_ref(rbio); 539 } 540 541 /* If only the wbio is changed, adopt only one reference. */ 542 if (rbio == SSL_get_rbio(ssl)) { 543 SSL_set0_wbio(ssl, wbio); 544 return; 545 } 546 547 /* There is an asymmetry here for historical reasons. If only the rbio is 548 * changed AND the rbio and wbio were originally different, then we only adopt 549 * one reference. */ 550 if (wbio == SSL_get_wbio(ssl) && SSL_get_rbio(ssl) != SSL_get_wbio(ssl)) { 551 SSL_set0_rbio(ssl, rbio); 552 return; 553 } 554 555 /* Otherwise, adopt both references. */ 556 SSL_set0_rbio(ssl, rbio); 557 SSL_set0_wbio(ssl, wbio); 558 } 559 560 BIO *SSL_get_rbio(const SSL *ssl) { return ssl->rbio; } 561 562 BIO *SSL_get_wbio(const SSL *ssl) { return ssl->wbio; } 563 564 void ssl_reset_error_state(SSL *ssl) { 565 /* Functions which use |SSL_get_error| must reset I/O and error state on 566 * entry. */ 567 ssl->rwstate = SSL_NOTHING; 568 ERR_clear_error(); 569 ERR_clear_system_error(); 570 } 571 572 int SSL_do_handshake(SSL *ssl) { 573 ssl_reset_error_state(ssl); 574 575 if (ssl->handshake_func == NULL) { 576 OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_TYPE_NOT_SET); 577 return -1; 578 } 579 580 if (!SSL_in_init(ssl)) { 581 return 1; 582 } 583 584 if (ssl->s3->hs == NULL) { 585 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 586 return -1; 587 } 588 589 /* Run the handshake. */ 590 assert(ssl->s3->hs != NULL); 591 int ret = ssl->handshake_func(ssl->s3->hs); 592 if (ret <= 0) { 593 return ret; 594 } 595 596 /* Destroy the handshake object if the handshake has completely finished. */ 597 if (!SSL_in_init(ssl)) { 598 ssl_handshake_free(ssl->s3->hs); 599 ssl->s3->hs = NULL; 600 } 601 602 return 1; 603 } 604 605 int SSL_connect(SSL *ssl) { 606 if (ssl->handshake_func == NULL) { 607 /* Not properly initialized yet */ 608 SSL_set_connect_state(ssl); 609 } 610 611 return SSL_do_handshake(ssl); 612 } 613 614 int SSL_accept(SSL *ssl) { 615 if (ssl->handshake_func == NULL) { 616 /* Not properly initialized yet */ 617 SSL_set_accept_state(ssl); 618 } 619 620 return SSL_do_handshake(ssl); 621 } 622 623 int ssl_can_write(const SSL *ssl) { 624 return !SSL_in_init(ssl) || ssl->s3->hs->can_early_write; 625 } 626 627 int ssl_can_read(const SSL *ssl) { 628 return !SSL_in_init(ssl) || ssl->s3->hs->can_early_read; 629 } 630 631 static int ssl_do_renegotiate(SSL *ssl) { 632 /* We do not accept renegotiations as a server or SSL 3.0. SSL 3.0 will be 633 * removed entirely in the future and requires retaining more data for 634 * renegotiation_info. */ 635 if (ssl->server || ssl->version == SSL3_VERSION) { 636 goto no_renegotiation; 637 } 638 639 if (ssl->s3->tmp.message_type != SSL3_MT_HELLO_REQUEST || 640 ssl->init_num != 0) { 641 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 642 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HELLO_REQUEST); 643 return 0; 644 } 645 646 switch (ssl->renegotiate_mode) { 647 case ssl_renegotiate_ignore: 648 /* Ignore the HelloRequest. */ 649 return 1; 650 651 case ssl_renegotiate_once: 652 if (ssl->s3->total_renegotiations != 0) { 653 goto no_renegotiation; 654 } 655 break; 656 657 case ssl_renegotiate_never: 658 goto no_renegotiation; 659 660 case ssl_renegotiate_freely: 661 break; 662 } 663 664 /* Renegotiation is only supported at quiescent points in the application 665 * protocol, namely in HTTPS, just before reading the HTTP response. Require 666 * the record-layer be idle and avoid complexities of sending a handshake 667 * record while an application_data record is being written. */ 668 if (ssl_write_buffer_is_pending(ssl)) { 669 goto no_renegotiation; 670 } 671 672 /* Begin a new handshake. */ 673 if (ssl->s3->hs != NULL) { 674 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 675 return 0; 676 } 677 ssl->s3->hs = ssl_handshake_new(ssl); 678 if (ssl->s3->hs == NULL) { 679 return 0; 680 } 681 682 ssl->s3->total_renegotiations++; 683 return 1; 684 685 no_renegotiation: 686 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_NO_RENEGOTIATION); 687 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION); 688 return 0; 689 } 690 691 static int ssl_do_post_handshake(SSL *ssl) { 692 if (ssl3_protocol_version(ssl) < TLS1_3_VERSION) { 693 return ssl_do_renegotiate(ssl); 694 } 695 696 return tls13_post_handshake(ssl); 697 } 698 699 static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) { 700 ssl_reset_error_state(ssl); 701 702 if (ssl->handshake_func == NULL) { 703 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED); 704 return -1; 705 } 706 707 for (;;) { 708 /* Complete the current handshake, if any. False Start will cause 709 * |SSL_do_handshake| to return mid-handshake, so this may require multiple 710 * iterations. */ 711 while (!ssl_can_read(ssl)) { 712 int ret = SSL_do_handshake(ssl); 713 if (ret < 0) { 714 return ret; 715 } 716 if (ret == 0) { 717 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_HANDSHAKE_FAILURE); 718 return -1; 719 } 720 } 721 722 int got_handshake; 723 int ret = ssl->method->read_app_data(ssl, &got_handshake, (uint8_t *)buf, 724 num, peek); 725 if (ret > 0 || !got_handshake) { 726 ssl->s3->key_update_count = 0; 727 return ret; 728 } 729 730 /* If we received an interrupt in early read (the end_of_early_data alert), 731 * loop again for the handshake to process it. */ 732 if (SSL_in_init(ssl)) { 733 continue; 734 } 735 736 /* Handle the post-handshake message and try again. */ 737 if (!ssl_do_post_handshake(ssl)) { 738 return -1; 739 } 740 ssl->method->release_current_message(ssl, 1 /* free buffer */); 741 } 742 } 743 744 int SSL_read(SSL *ssl, void *buf, int num) { 745 return ssl_read_impl(ssl, buf, num, 0 /* consume bytes */); 746 } 747 748 int SSL_peek(SSL *ssl, void *buf, int num) { 749 return ssl_read_impl(ssl, buf, num, 1 /* peek */); 750 } 751 752 int SSL_write(SSL *ssl, const void *buf, int num) { 753 ssl_reset_error_state(ssl); 754 755 if (ssl->handshake_func == NULL) { 756 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED); 757 return -1; 758 } 759 760 if (ssl->s3->send_shutdown != ssl_shutdown_none) { 761 OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN); 762 return -1; 763 } 764 765 int ret = 0, needs_handshake = 0; 766 do { 767 /* If necessary, complete the handshake implicitly. */ 768 if (!ssl_can_write(ssl)) { 769 ret = SSL_do_handshake(ssl); 770 if (ret < 0) { 771 return ret; 772 } 773 if (ret == 0) { 774 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_HANDSHAKE_FAILURE); 775 return -1; 776 } 777 } 778 779 ret = ssl->method->write_app_data(ssl, &needs_handshake, 780 (const uint8_t *)buf, num); 781 } while (needs_handshake); 782 return ret; 783 } 784 785 int SSL_shutdown(SSL *ssl) { 786 ssl_reset_error_state(ssl); 787 788 if (ssl->handshake_func == NULL) { 789 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED); 790 return -1; 791 } 792 793 /* If we are in the middle of a handshake, silently succeed. Consumers often 794 * call this function before |SSL_free|, whether the handshake succeeded or 795 * not. We assume the caller has already handled failed handshakes. */ 796 if (SSL_in_init(ssl)) { 797 return 1; 798 } 799 800 if (ssl->quiet_shutdown) { 801 /* Do nothing if configured not to send a close_notify. */ 802 ssl->s3->send_shutdown = ssl_shutdown_close_notify; 803 ssl->s3->recv_shutdown = ssl_shutdown_close_notify; 804 return 1; 805 } 806 807 /* This function completes in two stages. It sends a close_notify and then it 808 * waits for a close_notify to come in. Perform exactly one action and return 809 * whether or not it succeeds. */ 810 811 if (ssl->s3->send_shutdown != ssl_shutdown_close_notify) { 812 /* Send a close_notify. */ 813 if (ssl3_send_alert(ssl, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY) <= 0) { 814 return -1; 815 } 816 } else if (ssl->s3->alert_dispatch) { 817 /* Finish sending the close_notify. */ 818 if (ssl->method->dispatch_alert(ssl) <= 0) { 819 return -1; 820 } 821 } else if (ssl->s3->recv_shutdown != ssl_shutdown_close_notify) { 822 /* Wait for the peer's close_notify. */ 823 ssl->method->read_close_notify(ssl); 824 if (ssl->s3->recv_shutdown != ssl_shutdown_close_notify) { 825 return -1; 826 } 827 } 828 829 /* Return 0 for unidirectional shutdown and 1 for bidirectional shutdown. */ 830 return ssl->s3->recv_shutdown == ssl_shutdown_close_notify; 831 } 832 833 int SSL_send_fatal_alert(SSL *ssl, uint8_t alert) { 834 if (ssl->s3->alert_dispatch) { 835 if (ssl->s3->send_alert[0] != SSL3_AL_FATAL || 836 ssl->s3->send_alert[1] != alert) { 837 /* We are already attempting to write a different alert. */ 838 OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN); 839 return -1; 840 } 841 return ssl->method->dispatch_alert(ssl); 842 } 843 844 return ssl3_send_alert(ssl, SSL3_AL_FATAL, alert); 845 } 846 847 void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) { 848 ctx->cert->enable_early_data = !!enabled; 849 } 850 851 void SSL_CTX_set_tls13_variant(SSL_CTX *ctx, enum tls13_variant_t variant) { 852 ctx->tls13_variant = variant; 853 } 854 855 void SSL_set_tls13_variant(SSL *ssl, enum tls13_variant_t variant) { 856 ssl->tls13_variant = variant; 857 } 858 859 void SSL_set_early_data_enabled(SSL *ssl, int enabled) { 860 ssl->cert->enable_early_data = !!enabled; 861 } 862 863 int SSL_in_early_data(const SSL *ssl) { 864 if (ssl->s3->hs == NULL) { 865 return 0; 866 } 867 return ssl->s3->hs->in_early_data; 868 } 869 870 int SSL_early_data_accepted(const SSL *ssl) { 871 return ssl->early_data_accepted; 872 } 873 874 void SSL_reset_early_data_reject(SSL *ssl) { 875 SSL_HANDSHAKE *hs = ssl->s3->hs; 876 if (hs == NULL || 877 hs->wait != ssl_hs_early_data_rejected) { 878 abort(); 879 } 880 881 hs->wait = ssl_hs_ok; 882 hs->in_early_data = 0; 883 SSL_SESSION_free(hs->early_session); 884 hs->early_session = NULL; 885 886 /* Discard any unfinished writes from the perspective of |SSL_write|'s 887 * retry. The handshake will transparently flush out the pending record 888 * (discarded by the server) to keep the framing correct. */ 889 ssl->s3->wpend_pending = 0; 890 } 891 892 static int bio_retry_reason_to_error(int reason) { 893 switch (reason) { 894 case BIO_RR_CONNECT: 895 return SSL_ERROR_WANT_CONNECT; 896 case BIO_RR_ACCEPT: 897 return SSL_ERROR_WANT_ACCEPT; 898 default: 899 return SSL_ERROR_SYSCALL; 900 } 901 } 902 903 int SSL_get_error(const SSL *ssl, int ret_code) { 904 if (ret_code > 0) { 905 return SSL_ERROR_NONE; 906 } 907 908 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc, 909 * where we do encode the error */ 910 uint32_t err = ERR_peek_error(); 911 if (err != 0) { 912 if (ERR_GET_LIB(err) == ERR_LIB_SYS) { 913 return SSL_ERROR_SYSCALL; 914 } 915 return SSL_ERROR_SSL; 916 } 917 918 if (ret_code == 0) { 919 if (ssl->s3->recv_shutdown == ssl_shutdown_close_notify) { 920 return SSL_ERROR_ZERO_RETURN; 921 } 922 /* An EOF was observed which violates the protocol, and the underlying 923 * transport does not participate in the error queue. Bubble up to the 924 * caller. */ 925 return SSL_ERROR_SYSCALL; 926 } 927 928 switch (ssl->rwstate) { 929 case SSL_PENDING_SESSION: 930 return SSL_ERROR_PENDING_SESSION; 931 932 case SSL_CERTIFICATE_SELECTION_PENDING: 933 return SSL_ERROR_PENDING_CERTIFICATE; 934 935 case SSL_READING: { 936 BIO *bio = SSL_get_rbio(ssl); 937 if (BIO_should_read(bio)) { 938 return SSL_ERROR_WANT_READ; 939 } 940 941 if (BIO_should_write(bio)) { 942 /* TODO(davidben): OpenSSL historically checked for writes on the read 943 * BIO. Can this be removed? */ 944 return SSL_ERROR_WANT_WRITE; 945 } 946 947 if (BIO_should_io_special(bio)) { 948 return bio_retry_reason_to_error(BIO_get_retry_reason(bio)); 949 } 950 951 break; 952 } 953 954 case SSL_WRITING: { 955 BIO *bio = SSL_get_wbio(ssl); 956 if (BIO_should_write(bio)) { 957 return SSL_ERROR_WANT_WRITE; 958 } 959 960 if (BIO_should_read(bio)) { 961 /* TODO(davidben): OpenSSL historically checked for reads on the write 962 * BIO. Can this be removed? */ 963 return SSL_ERROR_WANT_READ; 964 } 965 966 if (BIO_should_io_special(bio)) { 967 return bio_retry_reason_to_error(BIO_get_retry_reason(bio)); 968 } 969 970 break; 971 } 972 973 case SSL_X509_LOOKUP: 974 return SSL_ERROR_WANT_X509_LOOKUP; 975 976 case SSL_CHANNEL_ID_LOOKUP: 977 return SSL_ERROR_WANT_CHANNEL_ID_LOOKUP; 978 979 case SSL_PRIVATE_KEY_OPERATION: 980 return SSL_ERROR_WANT_PRIVATE_KEY_OPERATION; 981 982 case SSL_PENDING_TICKET: 983 return SSL_ERROR_PENDING_TICKET; 984 985 case SSL_EARLY_DATA_REJECTED: 986 return SSL_ERROR_EARLY_DATA_REJECTED; 987 } 988 989 return SSL_ERROR_SYSCALL; 990 } 991 992 uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) { 993 ctx->options |= options; 994 return ctx->options; 995 } 996 997 uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options) { 998 ctx->options &= ~options; 999 return ctx->options; 1000 } 1001 1002 uint32_t SSL_CTX_get_options(const SSL_CTX *ctx) { return ctx->options; } 1003 1004 uint32_t SSL_set_options(SSL *ssl, uint32_t options) { 1005 ssl->options |= options; 1006 return ssl->options; 1007 } 1008 1009 uint32_t SSL_clear_options(SSL *ssl, uint32_t options) { 1010 ssl->options &= ~options; 1011 return ssl->options; 1012 } 1013 1014 uint32_t SSL_get_options(const SSL *ssl) { return ssl->options; } 1015 1016 uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode) { 1017 ctx->mode |= mode; 1018 return ctx->mode; 1019 } 1020 1021 uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode) { 1022 ctx->mode &= ~mode; 1023 return ctx->mode; 1024 } 1025 1026 uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx) { return ctx->mode; } 1027 1028 uint32_t SSL_set_mode(SSL *ssl, uint32_t mode) { 1029 ssl->mode |= mode; 1030 return ssl->mode; 1031 } 1032 1033 uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode) { 1034 ssl->mode &= ~mode; 1035 return ssl->mode; 1036 } 1037 1038 uint32_t SSL_get_mode(const SSL *ssl) { return ssl->mode; } 1039 1040 void SSL_CTX_set0_buffer_pool(SSL_CTX *ctx, CRYPTO_BUFFER_POOL *pool) { 1041 ctx->pool = pool; 1042 } 1043 1044 int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len, 1045 size_t max_out) { 1046 *out_len = 0; 1047 OPENSSL_memset(out, 0, max_out); 1048 1049 /* tls-unique is not defined for SSL 3.0 or TLS 1.3. */ 1050 if (!ssl->s3->initial_handshake_complete || 1051 ssl3_protocol_version(ssl) < TLS1_VERSION || 1052 ssl3_protocol_version(ssl) >= TLS1_3_VERSION) { 1053 return 0; 1054 } 1055 1056 /* The tls-unique value is the first Finished message in the handshake, which 1057 * is the client's in a full handshake and the server's for a resumption. See 1058 * https://tools.ietf.org/html/rfc5929#section-3.1. */ 1059 const uint8_t *finished = ssl->s3->previous_client_finished; 1060 size_t finished_len = ssl->s3->previous_client_finished_len; 1061 if (ssl->session != NULL) { 1062 /* tls-unique is broken for resumed sessions unless EMS is used. */ 1063 if (!ssl->session->extended_master_secret) { 1064 return 0; 1065 } 1066 finished = ssl->s3->previous_server_finished; 1067 finished_len = ssl->s3->previous_server_finished_len; 1068 } 1069 1070 *out_len = finished_len; 1071 if (finished_len > max_out) { 1072 *out_len = max_out; 1073 } 1074 1075 OPENSSL_memcpy(out, finished, *out_len); 1076 return 1; 1077 } 1078 1079 static int set_session_id_context(CERT *cert, const uint8_t *sid_ctx, 1080 size_t sid_ctx_len) { 1081 if (sid_ctx_len > sizeof(cert->sid_ctx)) { 1082 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 1083 return 0; 1084 } 1085 1086 static_assert(sizeof(cert->sid_ctx) < 256, "sid_ctx too large"); 1087 cert->sid_ctx_length = (uint8_t)sid_ctx_len; 1088 OPENSSL_memcpy(cert->sid_ctx, sid_ctx, sid_ctx_len); 1089 return 1; 1090 } 1091 1092 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const uint8_t *sid_ctx, 1093 size_t sid_ctx_len) { 1094 return set_session_id_context(ctx->cert, sid_ctx, sid_ctx_len); 1095 } 1096 1097 int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx, 1098 size_t sid_ctx_len) { 1099 return set_session_id_context(ssl->cert, sid_ctx, sid_ctx_len); 1100 } 1101 1102 const uint8_t *SSL_get0_session_id_context(const SSL *ssl, size_t *out_len) { 1103 *out_len = ssl->cert->sid_ctx_length; 1104 return ssl->cert->sid_ctx; 1105 } 1106 1107 void ssl_cipher_preference_list_free( 1108 struct ssl_cipher_preference_list_st *cipher_list) { 1109 if (cipher_list == NULL) { 1110 return; 1111 } 1112 sk_SSL_CIPHER_free(cipher_list->ciphers); 1113 OPENSSL_free(cipher_list->in_group_flags); 1114 OPENSSL_free(cipher_list); 1115 } 1116 1117 void SSL_certs_clear(SSL *ssl) { ssl_cert_clear_certs(ssl->cert); } 1118 1119 int SSL_get_fd(const SSL *ssl) { return SSL_get_rfd(ssl); } 1120 1121 int SSL_get_rfd(const SSL *ssl) { 1122 int ret = -1; 1123 BIO *b = BIO_find_type(SSL_get_rbio(ssl), BIO_TYPE_DESCRIPTOR); 1124 if (b != NULL) { 1125 BIO_get_fd(b, &ret); 1126 } 1127 return ret; 1128 } 1129 1130 int SSL_get_wfd(const SSL *ssl) { 1131 int ret = -1; 1132 BIO *b = BIO_find_type(SSL_get_wbio(ssl), BIO_TYPE_DESCRIPTOR); 1133 if (b != NULL) { 1134 BIO_get_fd(b, &ret); 1135 } 1136 return ret; 1137 } 1138 1139 int SSL_set_fd(SSL *ssl, int fd) { 1140 BIO *bio = BIO_new(BIO_s_socket()); 1141 if (bio == NULL) { 1142 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); 1143 return 0; 1144 } 1145 BIO_set_fd(bio, fd, BIO_NOCLOSE); 1146 SSL_set_bio(ssl, bio, bio); 1147 return 1; 1148 } 1149 1150 int SSL_set_wfd(SSL *ssl, int fd) { 1151 BIO *rbio = SSL_get_rbio(ssl); 1152 if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET || 1153 BIO_get_fd(rbio, NULL) != fd) { 1154 BIO *bio = BIO_new(BIO_s_socket()); 1155 if (bio == NULL) { 1156 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); 1157 return 0; 1158 } 1159 BIO_set_fd(bio, fd, BIO_NOCLOSE); 1160 SSL_set0_wbio(ssl, bio); 1161 } else { 1162 /* Copy the rbio over to the wbio. */ 1163 BIO_up_ref(rbio); 1164 SSL_set0_wbio(ssl, rbio); 1165 } 1166 1167 return 1; 1168 } 1169 1170 int SSL_set_rfd(SSL *ssl, int fd) { 1171 BIO *wbio = SSL_get_wbio(ssl); 1172 if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET || 1173 BIO_get_fd(wbio, NULL) != fd) { 1174 BIO *bio = BIO_new(BIO_s_socket()); 1175 if (bio == NULL) { 1176 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); 1177 return 0; 1178 } 1179 BIO_set_fd(bio, fd, BIO_NOCLOSE); 1180 SSL_set0_rbio(ssl, bio); 1181 } else { 1182 /* Copy the wbio over to the rbio. */ 1183 BIO_up_ref(wbio); 1184 SSL_set0_rbio(ssl, wbio); 1185 } 1186 return 1; 1187 } 1188 1189 static size_t copy_finished(void *out, size_t out_len, const uint8_t *in, 1190 size_t in_len) { 1191 if (out_len > in_len) { 1192 out_len = in_len; 1193 } 1194 OPENSSL_memcpy(out, in, out_len); 1195 return in_len; 1196 } 1197 1198 size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) { 1199 if (!ssl->s3->initial_handshake_complete || 1200 ssl3_protocol_version(ssl) < TLS1_VERSION || 1201 ssl3_protocol_version(ssl) >= TLS1_3_VERSION) { 1202 return 0; 1203 } 1204 1205 if (ssl->server) { 1206 return copy_finished(buf, count, ssl->s3->previous_server_finished, 1207 ssl->s3->previous_server_finished_len); 1208 } 1209 1210 return copy_finished(buf, count, ssl->s3->previous_client_finished, 1211 ssl->s3->previous_client_finished_len); 1212 } 1213 1214 size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) { 1215 if (!ssl->s3->initial_handshake_complete || 1216 ssl3_protocol_version(ssl) < TLS1_VERSION || 1217 ssl3_protocol_version(ssl) >= TLS1_3_VERSION) { 1218 return 0; 1219 } 1220 1221 if (ssl->server) { 1222 return copy_finished(buf, count, ssl->s3->previous_client_finished, 1223 ssl->s3->previous_client_finished_len); 1224 } 1225 1226 return copy_finished(buf, count, ssl->s3->previous_server_finished, 1227 ssl->s3->previous_server_finished_len); 1228 } 1229 1230 int SSL_get_verify_mode(const SSL *ssl) { return ssl->verify_mode; } 1231 1232 int SSL_get_extms_support(const SSL *ssl) { 1233 /* TLS 1.3 does not require extended master secret and always reports as 1234 * supporting it. */ 1235 if (!ssl->s3->have_version) { 1236 return 0; 1237 } 1238 if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) { 1239 return 1; 1240 } 1241 1242 /* If the initial handshake completed, query the established session. */ 1243 if (ssl->s3->established_session != NULL) { 1244 return ssl->s3->established_session->extended_master_secret; 1245 } 1246 1247 /* Otherwise, query the in-progress handshake. */ 1248 if (ssl->s3->hs != NULL) { 1249 return ssl->s3->hs->extended_master_secret; 1250 } 1251 assert(0); 1252 return 0; 1253 } 1254 1255 int SSL_CTX_get_read_ahead(const SSL_CTX *ctx) { return 0; } 1256 1257 int SSL_get_read_ahead(const SSL *ssl) { return 0; } 1258 1259 void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { } 1260 1261 void SSL_set_read_ahead(SSL *ssl, int yes) { } 1262 1263 int SSL_pending(const SSL *ssl) { 1264 if (ssl->s3->rrec.type != SSL3_RT_APPLICATION_DATA) { 1265 return 0; 1266 } 1267 return ssl->s3->rrec.length; 1268 } 1269 1270 /* Fix this so it checks all the valid key/cert options */ 1271 int SSL_CTX_check_private_key(const SSL_CTX *ctx) { 1272 return ssl_cert_check_private_key(ctx->cert, ctx->cert->privatekey); 1273 } 1274 1275 /* Fix this function so that it takes an optional type parameter */ 1276 int SSL_check_private_key(const SSL *ssl) { 1277 return ssl_cert_check_private_key(ssl->cert, ssl->cert->privatekey); 1278 } 1279 1280 long SSL_get_default_timeout(const SSL *ssl) { 1281 return SSL_DEFAULT_SESSION_TIMEOUT; 1282 } 1283 1284 int SSL_renegotiate(SSL *ssl) { 1285 /* Caller-initiated renegotiation is not supported. */ 1286 OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1287 return 0; 1288 } 1289 1290 int SSL_renegotiate_pending(SSL *ssl) { 1291 return SSL_in_init(ssl) && ssl->s3->initial_handshake_complete; 1292 } 1293 1294 int SSL_total_renegotiations(const SSL *ssl) { 1295 return ssl->s3->total_renegotiations; 1296 } 1297 1298 size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx) { 1299 return ctx->max_cert_list; 1300 } 1301 1302 void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, size_t max_cert_list) { 1303 if (max_cert_list > kMaxHandshakeSize) { 1304 max_cert_list = kMaxHandshakeSize; 1305 } 1306 ctx->max_cert_list = (uint32_t)max_cert_list; 1307 } 1308 1309 size_t SSL_get_max_cert_list(const SSL *ssl) { 1310 return ssl->max_cert_list; 1311 } 1312 1313 void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) { 1314 if (max_cert_list > kMaxHandshakeSize) { 1315 max_cert_list = kMaxHandshakeSize; 1316 } 1317 ssl->max_cert_list = (uint32_t)max_cert_list; 1318 } 1319 1320 int SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) { 1321 if (max_send_fragment < 512) { 1322 max_send_fragment = 512; 1323 } 1324 if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { 1325 max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1326 } 1327 ctx->max_send_fragment = (uint16_t)max_send_fragment; 1328 1329 return 1; 1330 } 1331 1332 int SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) { 1333 if (max_send_fragment < 512) { 1334 max_send_fragment = 512; 1335 } 1336 if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { 1337 max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1338 } 1339 ssl->max_send_fragment = (uint16_t)max_send_fragment; 1340 1341 return 1; 1342 } 1343 1344 int SSL_set_mtu(SSL *ssl, unsigned mtu) { 1345 if (!SSL_is_dtls(ssl) || mtu < dtls1_min_mtu()) { 1346 return 0; 1347 } 1348 ssl->d1->mtu = mtu; 1349 return 1; 1350 } 1351 1352 int SSL_get_secure_renegotiation_support(const SSL *ssl) { 1353 if (!ssl->s3->have_version) { 1354 return 0; 1355 } 1356 return ssl3_protocol_version(ssl) >= TLS1_3_VERSION || 1357 ssl->s3->send_connection_binding; 1358 } 1359 1360 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; } 1361 1362 size_t SSL_CTX_sess_number(const SSL_CTX *ctx) { 1363 return lh_SSL_SESSION_num_items(ctx->sessions); 1364 } 1365 1366 unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, unsigned long size) { 1367 unsigned long ret = ctx->session_cache_size; 1368 ctx->session_cache_size = size; 1369 return ret; 1370 } 1371 1372 unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx) { 1373 return ctx->session_cache_size; 1374 } 1375 1376 int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode) { 1377 int ret = ctx->session_cache_mode; 1378 ctx->session_cache_mode = mode; 1379 return ret; 1380 } 1381 1382 int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx) { 1383 return ctx->session_cache_mode; 1384 } 1385 1386 1387 int SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, void *out, size_t len) { 1388 if (out == NULL) { 1389 return 48; 1390 } 1391 if (len != 48) { 1392 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH); 1393 return 0; 1394 } 1395 uint8_t *out_bytes = reinterpret_cast<uint8_t *>(out); 1396 OPENSSL_memcpy(out_bytes, ctx->tlsext_tick_key_name, 16); 1397 OPENSSL_memcpy(out_bytes + 16, ctx->tlsext_tick_hmac_key, 16); 1398 OPENSSL_memcpy(out_bytes + 32, ctx->tlsext_tick_aes_key, 16); 1399 return 1; 1400 } 1401 1402 int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, size_t len) { 1403 if (in == NULL) { 1404 return 48; 1405 } 1406 if (len != 48) { 1407 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH); 1408 return 0; 1409 } 1410 const uint8_t *in_bytes = reinterpret_cast<const uint8_t *>(in); 1411 OPENSSL_memcpy(ctx->tlsext_tick_key_name, in_bytes, 16); 1412 OPENSSL_memcpy(ctx->tlsext_tick_hmac_key, in_bytes + 16, 16); 1413 OPENSSL_memcpy(ctx->tlsext_tick_aes_key, in_bytes + 32, 16); 1414 return 1; 1415 } 1416 1417 int SSL_CTX_set_tlsext_ticket_key_cb( 1418 SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv, 1419 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, 1420 int encrypt)) { 1421 ctx->tlsext_ticket_key_cb = callback; 1422 return 1; 1423 } 1424 1425 int SSL_CTX_set1_curves(SSL_CTX *ctx, const int *curves, size_t curves_len) { 1426 return tls1_set_curves(&ctx->supported_group_list, 1427 &ctx->supported_group_list_len, curves, 1428 curves_len); 1429 } 1430 1431 int SSL_set1_curves(SSL *ssl, const int *curves, size_t curves_len) { 1432 return tls1_set_curves(&ssl->supported_group_list, 1433 &ssl->supported_group_list_len, curves, 1434 curves_len); 1435 } 1436 1437 int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves) { 1438 return tls1_set_curves_list(&ctx->supported_group_list, 1439 &ctx->supported_group_list_len, curves); 1440 } 1441 1442 int SSL_set1_curves_list(SSL *ssl, const char *curves) { 1443 return tls1_set_curves_list(&ssl->supported_group_list, 1444 &ssl->supported_group_list_len, curves); 1445 } 1446 1447 uint16_t SSL_get_curve_id(const SSL *ssl) { 1448 /* TODO(davidben): This checks the wrong session if there is a renegotiation in 1449 * progress. */ 1450 SSL_SESSION *session = SSL_get_session(ssl); 1451 if (session == NULL) { 1452 return 0; 1453 } 1454 1455 return session->group_id; 1456 } 1457 1458 int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) { 1459 return 1; 1460 } 1461 1462 int SSL_set_tmp_dh(SSL *ssl, const DH *dh) { 1463 return 1; 1464 } 1465 1466 OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { 1467 return ctx->cipher_list->ciphers; 1468 } 1469 1470 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) { 1471 if (ssl == NULL) { 1472 return NULL; 1473 } 1474 1475 const struct ssl_cipher_preference_list_st *prefs = 1476 ssl_get_cipher_preferences(ssl); 1477 if (prefs == NULL) { 1478 return NULL; 1479 } 1480 1481 return prefs->ciphers; 1482 } 1483 1484 const char *SSL_get_cipher_list(const SSL *ssl, int n) { 1485 if (ssl == NULL) { 1486 return NULL; 1487 } 1488 1489 STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); 1490 if (sk == NULL || n < 0 || (size_t)n >= sk_SSL_CIPHER_num(sk)) { 1491 return NULL; 1492 } 1493 1494 const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, n); 1495 if (c == NULL) { 1496 return NULL; 1497 } 1498 1499 return c->name; 1500 } 1501 1502 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { 1503 return ssl_create_cipher_list(ctx->method, &ctx->cipher_list, str, 1504 0 /* not strict */); 1505 } 1506 1507 int SSL_CTX_set_strict_cipher_list(SSL_CTX *ctx, const char *str) { 1508 return ssl_create_cipher_list(ctx->method, &ctx->cipher_list, str, 1509 1 /* strict */); 1510 } 1511 1512 int SSL_set_cipher_list(SSL *ssl, const char *str) { 1513 return ssl_create_cipher_list(ssl->ctx->method, &ssl->cipher_list, str, 1514 0 /* not strict */); 1515 } 1516 1517 int SSL_set_strict_cipher_list(SSL *ssl, const char *str) { 1518 return ssl_create_cipher_list(ssl->ctx->method, &ssl->cipher_list, str, 1519 1 /* strict */); 1520 } 1521 1522 const char *SSL_get_servername(const SSL *ssl, const int type) { 1523 if (type != TLSEXT_NAMETYPE_host_name) { 1524 return NULL; 1525 } 1526 1527 /* Historically, |SSL_get_servername| was also the configuration getter 1528 * corresponding to |SSL_set_tlsext_host_name|. */ 1529 if (ssl->tlsext_hostname != NULL) { 1530 return ssl->tlsext_hostname; 1531 } 1532 1533 /* During the handshake, report the handshake value. */ 1534 if (ssl->s3->hs != NULL) { 1535 return ssl->s3->hs->hostname; 1536 } 1537 1538 /* SSL_get_servername may also be called after the handshake to look up the 1539 * SNI value. 1540 * 1541 * TODO(davidben): This is almost unused. Can we remove it? */ 1542 SSL_SESSION *session = SSL_get_session(ssl); 1543 if (session == NULL) { 1544 return NULL; 1545 } 1546 return session->tlsext_hostname; 1547 } 1548 1549 int SSL_get_servername_type(const SSL *ssl) { 1550 SSL_SESSION *session = SSL_get_session(ssl); 1551 if (session == NULL || session->tlsext_hostname == NULL) { 1552 return -1; 1553 } 1554 return TLSEXT_NAMETYPE_host_name; 1555 } 1556 1557 void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx) { 1558 ctx->signed_cert_timestamps_enabled = 1; 1559 } 1560 1561 void SSL_CTX_i_promise_to_verify_certs_after_the_handshake(SSL_CTX *ctx) { 1562 ctx->i_promise_to_verify_certs_after_the_handshake = 1; 1563 } 1564 1565 void SSL_enable_signed_cert_timestamps(SSL *ssl) { 1566 ssl->signed_cert_timestamps_enabled = 1; 1567 } 1568 1569 void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) { 1570 ctx->ocsp_stapling_enabled = 1; 1571 } 1572 1573 void SSL_enable_ocsp_stapling(SSL *ssl) { 1574 ssl->ocsp_stapling_enabled = 1; 1575 } 1576 1577 void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out, 1578 size_t *out_len) { 1579 SSL_SESSION *session = SSL_get_session(ssl); 1580 1581 *out_len = 0; 1582 *out = NULL; 1583 if (ssl->server || !session || !session->tlsext_signed_cert_timestamp_list) { 1584 return; 1585 } 1586 1587 *out = session->tlsext_signed_cert_timestamp_list; 1588 *out_len = session->tlsext_signed_cert_timestamp_list_length; 1589 } 1590 1591 void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out, 1592 size_t *out_len) { 1593 SSL_SESSION *session = SSL_get_session(ssl); 1594 1595 *out_len = 0; 1596 *out = NULL; 1597 if (ssl->server || !session || !session->ocsp_response) { 1598 return; 1599 } 1600 *out = session->ocsp_response; 1601 *out_len = session->ocsp_response_length; 1602 } 1603 1604 int SSL_set_tlsext_host_name(SSL *ssl, const char *name) { 1605 OPENSSL_free(ssl->tlsext_hostname); 1606 ssl->tlsext_hostname = NULL; 1607 1608 if (name == NULL) { 1609 return 1; 1610 } 1611 1612 size_t len = strlen(name); 1613 if (len == 0 || len > TLSEXT_MAXLEN_host_name) { 1614 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); 1615 return 0; 1616 } 1617 ssl->tlsext_hostname = BUF_strdup(name); 1618 if (ssl->tlsext_hostname == NULL) { 1619 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); 1620 return 0; 1621 } 1622 return 1; 1623 } 1624 1625 int SSL_CTX_set_tlsext_servername_callback( 1626 SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)) { 1627 ctx->tlsext_servername_callback = callback; 1628 return 1; 1629 } 1630 1631 int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) { 1632 ctx->tlsext_servername_arg = arg; 1633 return 1; 1634 } 1635 1636 int SSL_select_next_proto(uint8_t **out, uint8_t *out_len, const uint8_t *peer, 1637 unsigned peer_len, const uint8_t *supported, 1638 unsigned supported_len) { 1639 const uint8_t *result; 1640 int status; 1641 1642 /* For each protocol in peer preference order, see if we support it. */ 1643 for (unsigned i = 0; i < peer_len;) { 1644 for (unsigned j = 0; j < supported_len;) { 1645 if (peer[i] == supported[j] && 1646 OPENSSL_memcmp(&peer[i + 1], &supported[j + 1], peer[i]) == 0) { 1647 /* We found a match */ 1648 result = &peer[i]; 1649 status = OPENSSL_NPN_NEGOTIATED; 1650 goto found; 1651 } 1652 j += supported[j]; 1653 j++; 1654 } 1655 i += peer[i]; 1656 i++; 1657 } 1658 1659 /* There's no overlap between our protocols and the peer's list. */ 1660 result = supported; 1661 status = OPENSSL_NPN_NO_OVERLAP; 1662 1663 found: 1664 *out = (uint8_t *)result + 1; 1665 *out_len = result[0]; 1666 return status; 1667 } 1668 1669 void SSL_get0_next_proto_negotiated(const SSL *ssl, const uint8_t **out_data, 1670 unsigned *out_len) { 1671 *out_data = ssl->s3->next_proto_negotiated; 1672 *out_len = ssl->s3->next_proto_negotiated_len; 1673 } 1674 1675 void SSL_CTX_set_next_protos_advertised_cb( 1676 SSL_CTX *ctx, 1677 int (*cb)(SSL *ssl, const uint8_t **out, unsigned *out_len, void *arg), 1678 void *arg) { 1679 ctx->next_protos_advertised_cb = cb; 1680 ctx->next_protos_advertised_cb_arg = arg; 1681 } 1682 1683 void SSL_CTX_set_next_proto_select_cb( 1684 SSL_CTX *ctx, int (*cb)(SSL *ssl, uint8_t **out, uint8_t *out_len, 1685 const uint8_t *in, unsigned in_len, void *arg), 1686 void *arg) { 1687 ctx->next_proto_select_cb = cb; 1688 ctx->next_proto_select_cb_arg = arg; 1689 } 1690 1691 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos, 1692 unsigned protos_len) { 1693 OPENSSL_free(ctx->alpn_client_proto_list); 1694 ctx->alpn_client_proto_list = (uint8_t *)BUF_memdup(protos, protos_len); 1695 if (!ctx->alpn_client_proto_list) { 1696 return 1; 1697 } 1698 ctx->alpn_client_proto_list_len = protos_len; 1699 1700 return 0; 1701 } 1702 1703 int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) { 1704 OPENSSL_free(ssl->alpn_client_proto_list); 1705 ssl->alpn_client_proto_list = (uint8_t *)BUF_memdup(protos, protos_len); 1706 if (!ssl->alpn_client_proto_list) { 1707 return 1; 1708 } 1709 ssl->alpn_client_proto_list_len = protos_len; 1710 1711 return 0; 1712 } 1713 1714 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, 1715 int (*cb)(SSL *ssl, const uint8_t **out, 1716 uint8_t *out_len, const uint8_t *in, 1717 unsigned in_len, void *arg), 1718 void *arg) { 1719 ctx->alpn_select_cb = cb; 1720 ctx->alpn_select_cb_arg = arg; 1721 } 1722 1723 void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **out_data, 1724 unsigned *out_len) { 1725 if (SSL_in_early_data(ssl) && !ssl->server) { 1726 *out_data = ssl->s3->hs->early_session->early_alpn; 1727 *out_len = ssl->s3->hs->early_session->early_alpn_len; 1728 } else { 1729 *out_data = ssl->s3->alpn_selected; 1730 *out_len = ssl->s3->alpn_selected_len; 1731 } 1732 } 1733 1734 void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx, int enabled) { 1735 ctx->allow_unknown_alpn_protos = !!enabled; 1736 } 1737 1738 void SSL_CTX_set_tls_channel_id_enabled(SSL_CTX *ctx, int enabled) { 1739 ctx->tlsext_channel_id_enabled = !!enabled; 1740 } 1741 1742 int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx) { 1743 SSL_CTX_set_tls_channel_id_enabled(ctx, 1); 1744 return 1; 1745 } 1746 1747 void SSL_set_tls_channel_id_enabled(SSL *ssl, int enabled) { 1748 ssl->tlsext_channel_id_enabled = !!enabled; 1749 } 1750 1751 int SSL_enable_tls_channel_id(SSL *ssl) { 1752 SSL_set_tls_channel_id_enabled(ssl, 1); 1753 return 1; 1754 } 1755 1756 static int is_p256_key(EVP_PKEY *private_key) { 1757 const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(private_key); 1758 return ec_key != NULL && 1759 EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) == 1760 NID_X9_62_prime256v1; 1761 } 1762 1763 int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) { 1764 if (!is_p256_key(private_key)) { 1765 OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_NOT_P256); 1766 return 0; 1767 } 1768 1769 EVP_PKEY_free(ctx->tlsext_channel_id_private); 1770 EVP_PKEY_up_ref(private_key); 1771 ctx->tlsext_channel_id_private = private_key; 1772 ctx->tlsext_channel_id_enabled = 1; 1773 1774 return 1; 1775 } 1776 1777 int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key) { 1778 if (!is_p256_key(private_key)) { 1779 OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_NOT_P256); 1780 return 0; 1781 } 1782 1783 EVP_PKEY_free(ssl->tlsext_channel_id_private); 1784 EVP_PKEY_up_ref(private_key); 1785 ssl->tlsext_channel_id_private = private_key; 1786 ssl->tlsext_channel_id_enabled = 1; 1787 1788 return 1; 1789 } 1790 1791 size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) { 1792 if (!ssl->s3->tlsext_channel_id_valid) { 1793 return 0; 1794 } 1795 OPENSSL_memcpy(out, ssl->s3->tlsext_channel_id, 1796 (max_out < 64) ? max_out : 64); 1797 return 64; 1798 } 1799 1800 size_t SSL_get0_certificate_types(SSL *ssl, const uint8_t **out_types) { 1801 if (ssl->server || ssl->s3->hs == NULL) { 1802 *out_types = NULL; 1803 return 0; 1804 } 1805 *out_types = ssl->s3->hs->certificate_types; 1806 return ssl->s3->hs->num_certificate_types; 1807 } 1808 1809 void ssl_update_cache(SSL_HANDSHAKE *hs, int mode) { 1810 SSL *const ssl = hs->ssl; 1811 SSL_CTX *ctx = ssl->session_ctx; 1812 /* Never cache sessions with empty session IDs. */ 1813 if (ssl->s3->established_session->session_id_length == 0 || 1814 ssl->s3->established_session->not_resumable || 1815 (ctx->session_cache_mode & mode) != mode) { 1816 return; 1817 } 1818 1819 /* Clients never use the internal session cache. */ 1820 int use_internal_cache = ssl->server && !(ctx->session_cache_mode & 1821 SSL_SESS_CACHE_NO_INTERNAL_STORE); 1822 1823 /* A client may see new sessions on abbreviated handshakes if the server 1824 * decides to renew the ticket. Once the handshake is completed, it should be 1825 * inserted into the cache. */ 1826 if (ssl->s3->established_session != ssl->session || 1827 (!ssl->server && hs->ticket_expected)) { 1828 if (use_internal_cache) { 1829 SSL_CTX_add_session(ctx, ssl->s3->established_session); 1830 } 1831 if (ctx->new_session_cb != NULL) { 1832 SSL_SESSION_up_ref(ssl->s3->established_session); 1833 if (!ctx->new_session_cb(ssl, ssl->s3->established_session)) { 1834 /* |new_session_cb|'s return value signals whether it took ownership. */ 1835 SSL_SESSION_free(ssl->s3->established_session); 1836 } 1837 } 1838 } 1839 1840 if (use_internal_cache && 1841 !(ctx->session_cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR)) { 1842 /* Automatically flush the internal session cache every 255 connections. */ 1843 int flush_cache = 0; 1844 CRYPTO_MUTEX_lock_write(&ctx->lock); 1845 ctx->handshakes_since_cache_flush++; 1846 if (ctx->handshakes_since_cache_flush >= 255) { 1847 flush_cache = 1; 1848 ctx->handshakes_since_cache_flush = 0; 1849 } 1850 CRYPTO_MUTEX_unlock_write(&ctx->lock); 1851 1852 if (flush_cache) { 1853 struct OPENSSL_timeval now; 1854 ssl_get_current_time(ssl, &now); 1855 SSL_CTX_flush_sessions(ctx, now.tv_sec); 1856 } 1857 } 1858 } 1859 1860 EVP_PKEY *SSL_get_privatekey(const SSL *ssl) { 1861 if (ssl->cert != NULL) { 1862 return ssl->cert->privatekey; 1863 } 1864 1865 return NULL; 1866 } 1867 1868 EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) { 1869 if (ctx->cert != NULL) { 1870 return ctx->cert->privatekey; 1871 } 1872 1873 return NULL; 1874 } 1875 1876 const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl) { 1877 if (ssl->s3->aead_write_ctx == NULL) { 1878 return NULL; 1879 } 1880 return ssl->s3->aead_write_ctx->cipher; 1881 } 1882 1883 int SSL_session_reused(const SSL *ssl) { 1884 return ssl->s3->session_reused || SSL_in_early_data(ssl); 1885 } 1886 1887 const COMP_METHOD *SSL_get_current_compression(SSL *ssl) { return NULL; } 1888 1889 const COMP_METHOD *SSL_get_current_expansion(SSL *ssl) { return NULL; } 1890 1891 int *SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **out_key) { return 0; } 1892 1893 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) { 1894 ctx->quiet_shutdown = (mode != 0); 1895 } 1896 1897 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) { 1898 return ctx->quiet_shutdown; 1899 } 1900 1901 void SSL_set_quiet_shutdown(SSL *ssl, int mode) { 1902 ssl->quiet_shutdown = (mode != 0); 1903 } 1904 1905 int SSL_get_quiet_shutdown(const SSL *ssl) { return ssl->quiet_shutdown; } 1906 1907 void SSL_set_shutdown(SSL *ssl, int mode) { 1908 /* It is an error to clear any bits that have already been set. (We can't try 1909 * to get a second close_notify or send two.) */ 1910 assert((SSL_get_shutdown(ssl) & mode) == SSL_get_shutdown(ssl)); 1911 1912 if (mode & SSL_RECEIVED_SHUTDOWN && 1913 ssl->s3->recv_shutdown == ssl_shutdown_none) { 1914 ssl->s3->recv_shutdown = ssl_shutdown_close_notify; 1915 } 1916 1917 if (mode & SSL_SENT_SHUTDOWN && 1918 ssl->s3->send_shutdown == ssl_shutdown_none) { 1919 ssl->s3->send_shutdown = ssl_shutdown_close_notify; 1920 } 1921 } 1922 1923 int SSL_get_shutdown(const SSL *ssl) { 1924 int ret = 0; 1925 if (ssl->s3->recv_shutdown != ssl_shutdown_none) { 1926 /* Historically, OpenSSL set |SSL_RECEIVED_SHUTDOWN| on both close_notify 1927 * and fatal alert. */ 1928 ret |= SSL_RECEIVED_SHUTDOWN; 1929 } 1930 if (ssl->s3->send_shutdown == ssl_shutdown_close_notify) { 1931 /* Historically, OpenSSL set |SSL_SENT_SHUTDOWN| on only close_notify. */ 1932 ret |= SSL_SENT_SHUTDOWN; 1933 } 1934 return ret; 1935 } 1936 1937 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx; } 1938 1939 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) { 1940 if (ssl->ctx == ctx) { 1941 return ssl->ctx; 1942 } 1943 1944 /* One cannot change the X.509 callbacks during a connection. */ 1945 if (ssl->ctx->x509_method != ctx->x509_method) { 1946 assert(0); 1947 return NULL; 1948 } 1949 1950 if (ctx == NULL) { 1951 ctx = ssl->session_ctx; 1952 } 1953 1954 ssl_cert_free(ssl->cert); 1955 ssl->cert = ssl_cert_dup(ctx->cert); 1956 1957 SSL_CTX_up_ref(ctx); 1958 SSL_CTX_free(ssl->ctx); 1959 ssl->ctx = ctx; 1960 1961 return ssl->ctx; 1962 } 1963 1964 void SSL_set_info_callback(SSL *ssl, 1965 void (*cb)(const SSL *ssl, int type, int value)) { 1966 ssl->info_callback = cb; 1967 } 1968 1969 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, 1970 int value) { 1971 return ssl->info_callback; 1972 } 1973 1974 int SSL_state(const SSL *ssl) { 1975 return SSL_in_init(ssl) ? SSL_ST_INIT : SSL_ST_OK; 1976 } 1977 1978 void SSL_set_state(SSL *ssl, int state) { } 1979 1980 char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len) { 1981 if (len <= 0) { 1982 return NULL; 1983 } 1984 buf[0] = '\0'; 1985 return buf; 1986 } 1987 1988 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, 1989 CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) { 1990 int index; 1991 if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl, &index, argl, argp, 1992 free_func)) { 1993 return -1; 1994 } 1995 return index; 1996 } 1997 1998 int SSL_set_ex_data(SSL *ssl, int idx, void *arg) { 1999 return CRYPTO_set_ex_data(&ssl->ex_data, idx, arg); 2000 } 2001 2002 void *SSL_get_ex_data(const SSL *ssl, int idx) { 2003 return CRYPTO_get_ex_data(&ssl->ex_data, idx); 2004 } 2005 2006 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, 2007 CRYPTO_EX_dup *dup_unused, 2008 CRYPTO_EX_free *free_func) { 2009 int index; 2010 if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl_ctx, &index, argl, argp, 2011 free_func)) { 2012 return -1; 2013 } 2014 return index; 2015 } 2016 2017 int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg) { 2018 return CRYPTO_set_ex_data(&ctx->ex_data, idx, arg); 2019 } 2020 2021 void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx) { 2022 return CRYPTO_get_ex_data(&ctx->ex_data, idx); 2023 } 2024 2025 int SSL_want(const SSL *ssl) { return ssl->rwstate; } 2026 2027 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, 2028 RSA *(*cb)(SSL *ssl, int is_export, 2029 int keylength)) { 2030 } 2031 2032 void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, 2033 int keylength)) { 2034 } 2035 2036 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 2037 DH *(*callback)(SSL *ssl, int is_export, 2038 int keylength)) { 2039 } 2040 2041 void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*callback)(SSL *ssl, int is_export, 2042 int keylength)) { 2043 } 2044 2045 static int use_psk_identity_hint(char **out, const char *identity_hint) { 2046 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 2047 OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG); 2048 return 0; 2049 } 2050 2051 /* Clear currently configured hint, if any. */ 2052 OPENSSL_free(*out); 2053 *out = NULL; 2054 2055 /* Treat the empty hint as not supplying one. Plain PSK makes it possible to 2056 * send either no hint (omit ServerKeyExchange) or an empty hint, while 2057 * ECDHE_PSK can only spell empty hint. Having different capabilities is odd, 2058 * so we interpret empty and missing as identical. */ 2059 if (identity_hint != NULL && identity_hint[0] != '\0') { 2060 *out = BUF_strdup(identity_hint); 2061 if (*out == NULL) { 2062 return 0; 2063 } 2064 } 2065 2066 return 1; 2067 } 2068 2069 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) { 2070 return use_psk_identity_hint(&ctx->psk_identity_hint, identity_hint); 2071 } 2072 2073 int SSL_use_psk_identity_hint(SSL *ssl, const char *identity_hint) { 2074 return use_psk_identity_hint(&ssl->psk_identity_hint, identity_hint); 2075 } 2076 2077 const char *SSL_get_psk_identity_hint(const SSL *ssl) { 2078 if (ssl == NULL) { 2079 return NULL; 2080 } 2081 return ssl->psk_identity_hint; 2082 } 2083 2084 const char *SSL_get_psk_identity(const SSL *ssl) { 2085 if (ssl == NULL) { 2086 return NULL; 2087 } 2088 SSL_SESSION *session = SSL_get_session(ssl); 2089 if (session == NULL) { 2090 return NULL; 2091 } 2092 return session->psk_identity; 2093 } 2094 2095 void SSL_set_psk_client_callback( 2096 SSL *ssl, unsigned (*cb)(SSL *ssl, const char *hint, char *identity, 2097 unsigned max_identity_len, uint8_t *psk, 2098 unsigned max_psk_len)) { 2099 ssl->psk_client_callback = cb; 2100 } 2101 2102 void SSL_CTX_set_psk_client_callback( 2103 SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *hint, char *identity, 2104 unsigned max_identity_len, uint8_t *psk, 2105 unsigned max_psk_len)) { 2106 ctx->psk_client_callback = cb; 2107 } 2108 2109 void SSL_set_psk_server_callback( 2110 SSL *ssl, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk, 2111 unsigned max_psk_len)) { 2112 ssl->psk_server_callback = cb; 2113 } 2114 2115 void SSL_CTX_set_psk_server_callback( 2116 SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity, 2117 uint8_t *psk, unsigned max_psk_len)) { 2118 ctx->psk_server_callback = cb; 2119 } 2120 2121 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, 2122 void (*cb)(int write_p, int version, 2123 int content_type, const void *buf, 2124 size_t len, SSL *ssl, void *arg)) { 2125 ctx->msg_callback = cb; 2126 } 2127 2128 void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg) { 2129 ctx->msg_callback_arg = arg; 2130 } 2131 2132 void SSL_set_msg_callback(SSL *ssl, 2133 void (*cb)(int write_p, int version, int content_type, 2134 const void *buf, size_t len, SSL *ssl, 2135 void *arg)) { 2136 ssl->msg_callback = cb; 2137 } 2138 2139 void SSL_set_msg_callback_arg(SSL *ssl, void *arg) { 2140 ssl->msg_callback_arg = arg; 2141 } 2142 2143 void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, 2144 void (*cb)(const SSL *ssl, const char *line)) { 2145 ctx->keylog_callback = cb; 2146 } 2147 2148 void (*SSL_CTX_get_keylog_callback(const SSL_CTX *ctx))(const SSL *ssl, 2149 const char *line) { 2150 return ctx->keylog_callback; 2151 } 2152 2153 void SSL_CTX_set_current_time_cb(SSL_CTX *ctx, 2154 void (*cb)(const SSL *ssl, 2155 struct timeval *out_clock)) { 2156 ctx->current_time_cb = cb; 2157 } 2158 2159 static int cbb_add_hex(CBB *cbb, const uint8_t *in, size_t in_len) { 2160 static const char hextable[] = "0123456789abcdef"; 2161 uint8_t *out; 2162 2163 if (!CBB_add_space(cbb, &out, in_len * 2)) { 2164 return 0; 2165 } 2166 2167 for (size_t i = 0; i < in_len; i++) { 2168 *(out++) = (uint8_t)hextable[in[i] >> 4]; 2169 *(out++) = (uint8_t)hextable[in[i] & 0xf]; 2170 } 2171 2172 return 1; 2173 } 2174 2175 int ssl_log_secret(const SSL *ssl, const char *label, const uint8_t *secret, 2176 size_t secret_len) { 2177 if (ssl->ctx->keylog_callback == NULL) { 2178 return 1; 2179 } 2180 2181 CBB cbb; 2182 uint8_t *out; 2183 size_t out_len; 2184 if (!CBB_init(&cbb, strlen(label) + 1 + SSL3_RANDOM_SIZE * 2 + 1 + 2185 secret_len * 2 + 1) || 2186 !CBB_add_bytes(&cbb, (const uint8_t *)label, strlen(label)) || 2187 !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) || 2188 !cbb_add_hex(&cbb, ssl->s3->client_random, SSL3_RANDOM_SIZE) || 2189 !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) || 2190 !cbb_add_hex(&cbb, secret, secret_len) || 2191 !CBB_add_u8(&cbb, 0 /* NUL */) || 2192 !CBB_finish(&cbb, &out, &out_len)) { 2193 CBB_cleanup(&cbb); 2194 return 0; 2195 } 2196 2197 ssl->ctx->keylog_callback(ssl, (const char *)out); 2198 OPENSSL_free(out); 2199 return 1; 2200 } 2201 2202 int SSL_is_init_finished(const SSL *ssl) { 2203 return !SSL_in_init(ssl); 2204 } 2205 2206 int SSL_in_init(const SSL *ssl) { 2207 SSL_HANDSHAKE *hs = ssl->s3->hs; 2208 return hs != NULL && hs->state != SSL_ST_OK; 2209 } 2210 2211 int SSL_in_false_start(const SSL *ssl) { 2212 if (ssl->s3->hs == NULL) { 2213 return 0; 2214 } 2215 return ssl->s3->hs->in_false_start; 2216 } 2217 2218 int SSL_cutthrough_complete(const SSL *ssl) { 2219 return SSL_in_false_start(ssl); 2220 } 2221 2222 void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size, 2223 size_t *ssl_session_size) { 2224 *ssl_size = sizeof(SSL); 2225 *ssl_ctx_size = sizeof(SSL_CTX); 2226 *ssl_session_size = sizeof(SSL_SESSION); 2227 } 2228 2229 int ssl3_can_false_start(const SSL *ssl) { 2230 const SSL_CIPHER *const cipher = SSL_get_current_cipher(ssl); 2231 2232 /* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */ 2233 return !SSL_is_dtls(ssl) && 2234 SSL_version(ssl) == TLS1_2_VERSION && 2235 (ssl->s3->alpn_selected != NULL || 2236 ssl->s3->next_proto_negotiated != NULL) && 2237 cipher != NULL && 2238 cipher->algorithm_mkey == SSL_kECDHE && 2239 cipher->algorithm_mac == SSL_AEAD; 2240 } 2241 2242 int SSL_is_server(const SSL *ssl) { return ssl->server; } 2243 2244 int SSL_is_dtls(const SSL *ssl) { return ssl->method->is_dtls; } 2245 2246 void SSL_CTX_set_select_certificate_cb( 2247 SSL_CTX *ctx, 2248 enum ssl_select_cert_result_t (*cb)(const SSL_CLIENT_HELLO *)) { 2249 ctx->select_certificate_cb = cb; 2250 } 2251 2252 void SSL_CTX_set_dos_protection_cb(SSL_CTX *ctx, 2253 int (*cb)(const SSL_CLIENT_HELLO *)) { 2254 ctx->dos_protection_cb = cb; 2255 } 2256 2257 void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) { 2258 ssl->renegotiate_mode = mode; 2259 } 2260 2261 int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv, 2262 const uint8_t **out_write_iv, size_t *out_iv_len) { 2263 if (ssl->s3->aead_read_ctx == NULL || ssl->s3->aead_write_ctx == NULL) { 2264 return 0; 2265 } 2266 2267 size_t write_iv_len; 2268 if (!EVP_AEAD_CTX_get_iv(&ssl->s3->aead_read_ctx->ctx, out_read_iv, 2269 out_iv_len) || 2270 !EVP_AEAD_CTX_get_iv(&ssl->s3->aead_write_ctx->ctx, out_write_iv, 2271 &write_iv_len) || 2272 *out_iv_len != write_iv_len) { 2273 return 0; 2274 } 2275 2276 return 1; 2277 } 2278 2279 static uint64_t be_to_u64(const uint8_t in[8]) { 2280 return (((uint64_t)in[0]) << 56) | (((uint64_t)in[1]) << 48) | 2281 (((uint64_t)in[2]) << 40) | (((uint64_t)in[3]) << 32) | 2282 (((uint64_t)in[4]) << 24) | (((uint64_t)in[5]) << 16) | 2283 (((uint64_t)in[6]) << 8) | ((uint64_t)in[7]); 2284 } 2285 2286 uint64_t SSL_get_read_sequence(const SSL *ssl) { 2287 /* TODO(davidben): Internally represent sequence numbers as uint64_t. */ 2288 if (SSL_is_dtls(ssl)) { 2289 /* max_seq_num already includes the epoch. */ 2290 assert(ssl->d1->r_epoch == (ssl->d1->bitmap.max_seq_num >> 48)); 2291 return ssl->d1->bitmap.max_seq_num; 2292 } 2293 return be_to_u64(ssl->s3->read_sequence); 2294 } 2295 2296 uint64_t SSL_get_write_sequence(const SSL *ssl) { 2297 uint64_t ret = be_to_u64(ssl->s3->write_sequence); 2298 if (SSL_is_dtls(ssl)) { 2299 assert((ret >> 48) == 0); 2300 ret |= ((uint64_t)ssl->d1->w_epoch) << 48; 2301 } 2302 return ret; 2303 } 2304 2305 uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl) { 2306 /* TODO(davidben): This checks the wrong session if there is a renegotiation 2307 * in progress. */ 2308 SSL_SESSION *session = SSL_get_session(ssl); 2309 if (session == NULL) { 2310 return 0; 2311 } 2312 2313 return session->peer_signature_algorithm; 2314 } 2315 2316 size_t SSL_get_client_random(const SSL *ssl, uint8_t *out, size_t max_out) { 2317 if (max_out == 0) { 2318 return sizeof(ssl->s3->client_random); 2319 } 2320 if (max_out > sizeof(ssl->s3->client_random)) { 2321 max_out = sizeof(ssl->s3->client_random); 2322 } 2323 OPENSSL_memcpy(out, ssl->s3->client_random, max_out); 2324 return max_out; 2325 } 2326 2327 size_t SSL_get_server_random(const SSL *ssl, uint8_t *out, size_t max_out) { 2328 if (max_out == 0) { 2329 return sizeof(ssl->s3->server_random); 2330 } 2331 if (max_out > sizeof(ssl->s3->server_random)) { 2332 max_out = sizeof(ssl->s3->server_random); 2333 } 2334 OPENSSL_memcpy(out, ssl->s3->server_random, max_out); 2335 return max_out; 2336 } 2337 2338 const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl) { 2339 SSL_HANDSHAKE *hs = ssl->s3->hs; 2340 if (hs == NULL) { 2341 return NULL; 2342 } 2343 return hs->new_cipher; 2344 } 2345 2346 void SSL_set_retain_only_sha256_of_client_certs(SSL *ssl, int enabled) { 2347 ssl->retain_only_sha256_of_client_certs = !!enabled; 2348 } 2349 2350 void SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX *ctx, int enabled) { 2351 ctx->retain_only_sha256_of_client_certs = !!enabled; 2352 } 2353 2354 void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled) { 2355 ctx->grease_enabled = !!enabled; 2356 } 2357 2358 int32_t SSL_get_ticket_age_skew(const SSL *ssl) { 2359 return ssl->s3->ticket_age_skew; 2360 } 2361 2362 int SSL_clear(SSL *ssl) { 2363 /* In OpenSSL, reusing a client |SSL| with |SSL_clear| causes the previously 2364 * established session to be offered the next time around. wpa_supplicant 2365 * depends on this behavior, so emulate it. */ 2366 SSL_SESSION *session = NULL; 2367 if (!ssl->server && ssl->s3->established_session != NULL) { 2368 session = ssl->s3->established_session; 2369 SSL_SESSION_up_ref(session); 2370 } 2371 2372 /* TODO(davidben): Some state on |ssl| is reset both in |SSL_new| and 2373 * |SSL_clear| because it is per-connection state rather than configuration 2374 * state. Per-connection state should be on |ssl->s3| and |ssl->d1| so it is 2375 * naturally reset at the right points between |SSL_new|, |SSL_clear|, and 2376 * |ssl3_new|. */ 2377 2378 ssl->rwstate = SSL_NOTHING; 2379 2380 BUF_MEM_free(ssl->init_buf); 2381 ssl->init_buf = NULL; 2382 ssl->init_msg = NULL; 2383 ssl->init_num = 0; 2384 2385 /* The ssl->d1->mtu is simultaneously configuration (preserved across 2386 * clear) and connection-specific state (gets reset). 2387 * 2388 * TODO(davidben): Avoid this. */ 2389 unsigned mtu = 0; 2390 if (ssl->d1 != NULL) { 2391 mtu = ssl->d1->mtu; 2392 } 2393 2394 ssl->method->ssl_free(ssl); 2395 if (!ssl->method->ssl_new(ssl)) { 2396 SSL_SESSION_free(session); 2397 return 0; 2398 } 2399 2400 if (SSL_is_dtls(ssl) && (SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) { 2401 ssl->d1->mtu = mtu; 2402 } 2403 2404 if (session != NULL) { 2405 SSL_set_session(ssl, session); 2406 SSL_SESSION_free(session); 2407 } 2408 2409 return 1; 2410 } 2411 2412 void ssl_do_info_callback(const SSL *ssl, int type, int value) { 2413 void (*cb)(const SSL *ssl, int type, int value) = NULL; 2414 if (ssl->info_callback != NULL) { 2415 cb = ssl->info_callback; 2416 } else if (ssl->ctx->info_callback != NULL) { 2417 cb = ssl->ctx->info_callback; 2418 } 2419 2420 if (cb != NULL) { 2421 cb(ssl, type, value); 2422 } 2423 } 2424 2425 void ssl_do_msg_callback(SSL *ssl, int is_write, int content_type, 2426 const void *buf, size_t len) { 2427 if (ssl->msg_callback == NULL) { 2428 return; 2429 } 2430 2431 /* |version| is zero when calling for |SSL3_RT_HEADER| and |SSL2_VERSION| for 2432 * a V2ClientHello. */ 2433 int version; 2434 switch (content_type) { 2435 case 0: 2436 /* V2ClientHello */ 2437 version = SSL2_VERSION; 2438 break; 2439 case SSL3_RT_HEADER: 2440 version = 0; 2441 break; 2442 default: 2443 version = SSL_version(ssl); 2444 } 2445 2446 ssl->msg_callback(is_write, version, content_type, buf, len, ssl, 2447 ssl->msg_callback_arg); 2448 } 2449 2450 int SSL_CTX_sess_connect(const SSL_CTX *ctx) { return 0; } 2451 int SSL_CTX_sess_connect_good(const SSL_CTX *ctx) { return 0; } 2452 int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx) { return 0; } 2453 int SSL_CTX_sess_accept(const SSL_CTX *ctx) { return 0; } 2454 int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx) { return 0; } 2455 int SSL_CTX_sess_accept_good(const SSL_CTX *ctx) { return 0; } 2456 int SSL_CTX_sess_hits(const SSL_CTX *ctx) { return 0; } 2457 int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx) { return 0; } 2458 int SSL_CTX_sess_misses(const SSL_CTX *ctx) { return 0; } 2459 int SSL_CTX_sess_timeouts(const SSL_CTX *ctx) { return 0; } 2460 int SSL_CTX_sess_cache_full(const SSL_CTX *ctx) { return 0; } 2461 2462 int SSL_num_renegotiations(const SSL *ssl) { 2463 return SSL_total_renegotiations(ssl); 2464 } 2465 2466 int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx) { return 0; } 2467 int SSL_need_tmp_RSA(const SSL *ssl) { return 0; } 2468 int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa) { return 1; } 2469 int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa) { return 1; } 2470 void ERR_load_SSL_strings(void) {} 2471 void SSL_load_error_strings(void) {} 2472 int SSL_cache_hit(SSL *ssl) { return SSL_session_reused(ssl); } 2473 2474 int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key) { 2475 if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) { 2476 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER); 2477 return 0; 2478 } 2479 int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)); 2480 return SSL_CTX_set1_curves(ctx, &nid, 1); 2481 } 2482 2483 int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) { 2484 if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) { 2485 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER); 2486 return 0; 2487 } 2488 int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)); 2489 return SSL_set1_curves(ssl, &nid, 1); 2490 } 2491 2492 void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock) { 2493 if (ssl->ctx->current_time_cb != NULL) { 2494 /* TODO(davidben): Update current_time_cb to use OPENSSL_timeval. See 2495 * https://crbug.com/boringssl/155. */ 2496 struct timeval clock; 2497 ssl->ctx->current_time_cb(ssl, &clock); 2498 if (clock.tv_sec < 0) { 2499 assert(0); 2500 out_clock->tv_sec = 0; 2501 out_clock->tv_usec = 0; 2502 } else { 2503 out_clock->tv_sec = (uint64_t)clock.tv_sec; 2504 out_clock->tv_usec = (uint32_t)clock.tv_usec; 2505 } 2506 return; 2507 } 2508 2509 #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) 2510 out_clock->tv_sec = 1234; 2511 out_clock->tv_usec = 1234; 2512 #elif defined(OPENSSL_WINDOWS) 2513 struct _timeb time; 2514 _ftime(&time); 2515 if (time.time < 0) { 2516 assert(0); 2517 out_clock->tv_sec = 0; 2518 out_clock->tv_usec = 0; 2519 } else { 2520 out_clock->tv_sec = time.time; 2521 out_clock->tv_usec = time.millitm * 1000; 2522 } 2523 #else 2524 struct timeval clock; 2525 gettimeofday(&clock, NULL); 2526 if (clock.tv_sec < 0) { 2527 assert(0); 2528 out_clock->tv_sec = 0; 2529 out_clock->tv_usec = 0; 2530 } else { 2531 out_clock->tv_sec = (uint64_t)clock.tv_sec; 2532 out_clock->tv_usec = (uint32_t)clock.tv_usec; 2533 } 2534 #endif 2535 } 2536 2537 void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx, 2538 const SSL_TICKET_AEAD_METHOD *aead_method) { 2539 ctx->ticket_aead_method = aead_method; 2540 } 2541