1 1.4 spz /* 2 1.25 christos * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 1.13 christos * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 1.13 christos * Copyright 2005 Nokia. All rights reserved. 5 1.1 christos * 6 1.23 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 7 1.10 christos * this file except in compliance with the License. You can obtain a copy 8 1.10 christos * in the file LICENSE in the source distribution or at 9 1.10 christos * https://www.openssl.org/source/license.html 10 1.1 christos */ 11 1.10 christos 12 1.1 christos #include <stdio.h> 13 1.18 christos #include "ssl_local.h" 14 1.23 christos #include "e_os.h" 15 1.1 christos #include <openssl/objects.h> 16 1.1 christos #include <openssl/x509v3.h> 17 1.1 christos #include <openssl/rand.h> 18 1.1 christos #include <openssl/ocsp.h> 19 1.10 christos #include <openssl/dh.h> 20 1.10 christos #include <openssl/engine.h> 21 1.10 christos #include <openssl/async.h> 22 1.10 christos #include <openssl/ct.h> 23 1.23 christos #include <openssl/trace.h> 24 1.13 christos #include "internal/cryptlib.h" 25 1.13 christos #include "internal/refcount.h" 26 1.23 christos #include "internal/ktls.h" 27 1.1 christos 28 1.23 christos static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t, 29 1.23 christos SSL_MAC_BUF *mac, size_t macsize) 30 1.11 christos { 31 1.11 christos return ssl_undefined_function(ssl); 32 1.11 christos } 33 1.11 christos 34 1.11 christos static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s, 35 1.11 christos int t) 36 1.11 christos { 37 1.11 christos return ssl_undefined_function(ssl); 38 1.11 christos } 39 1.11 christos 40 1.11 christos static int ssl_undefined_function_3(SSL *ssl, unsigned char *r, 41 1.13 christos unsigned char *s, size_t t, size_t *u) 42 1.11 christos { 43 1.11 christos return ssl_undefined_function(ssl); 44 1.11 christos } 45 1.11 christos 46 1.11 christos static int ssl_undefined_function_4(SSL *ssl, int r) 47 1.11 christos { 48 1.11 christos return ssl_undefined_function(ssl); 49 1.11 christos } 50 1.11 christos 51 1.13 christos static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s, 52 1.13 christos unsigned char *t) 53 1.11 christos { 54 1.11 christos return ssl_undefined_function(ssl); 55 1.11 christos } 56 1.11 christos 57 1.11 christos static int ssl_undefined_function_6(int r) 58 1.11 christos { 59 1.11 christos return ssl_undefined_function(NULL); 60 1.11 christos } 61 1.11 christos 62 1.11 christos static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s, 63 1.11 christos const char *t, size_t u, 64 1.11 christos const unsigned char *v, size_t w, int x) 65 1.11 christos { 66 1.11 christos return ssl_undefined_function(ssl); 67 1.11 christos } 68 1.11 christos 69 1.4 spz SSL3_ENC_METHOD ssl3_undef_enc_method = { 70 1.11 christos ssl_undefined_function_1, 71 1.11 christos ssl_undefined_function_2, 72 1.4 spz ssl_undefined_function, 73 1.11 christos ssl_undefined_function_3, 74 1.11 christos ssl_undefined_function_4, 75 1.11 christos ssl_undefined_function_5, 76 1.4 spz NULL, /* client_finished_label */ 77 1.4 spz 0, /* client_finished_label_len */ 78 1.4 spz NULL, /* server_finished_label */ 79 1.4 spz 0, /* server_finished_label_len */ 80 1.11 christos ssl_undefined_function_6, 81 1.11 christos ssl_undefined_function_7, 82 1.4 spz }; 83 1.1 christos 84 1.10 christos struct ssl_async_args { 85 1.10 christos SSL *s; 86 1.10 christos void *buf; 87 1.13 christos size_t num; 88 1.10 christos enum { READFUNC, WRITEFUNC, OTHERFUNC } type; 89 1.10 christos union { 90 1.13 christos int (*func_read) (SSL *, void *, size_t, size_t *); 91 1.13 christos int (*func_write) (SSL *, const void *, size_t, size_t *); 92 1.10 christos int (*func_other) (SSL *); 93 1.10 christos } f; 94 1.10 christos }; 95 1.10 christos 96 1.10 christos static const struct { 97 1.10 christos uint8_t mtype; 98 1.10 christos uint8_t ord; 99 1.10 christos int nid; 100 1.10 christos } dane_mds[] = { 101 1.10 christos { 102 1.10 christos DANETLS_MATCHING_FULL, 0, NID_undef 103 1.10 christos }, 104 1.10 christos { 105 1.10 christos DANETLS_MATCHING_2256, 1, NID_sha256 106 1.10 christos }, 107 1.10 christos { 108 1.10 christos DANETLS_MATCHING_2512, 2, NID_sha512 109 1.10 christos }, 110 1.10 christos }; 111 1.10 christos 112 1.10 christos static int dane_ctx_enable(struct dane_ctx_st *dctx) 113 1.10 christos { 114 1.10 christos const EVP_MD **mdevp; 115 1.10 christos uint8_t *mdord; 116 1.10 christos uint8_t mdmax = DANETLS_MATCHING_LAST; 117 1.10 christos int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */ 118 1.10 christos size_t i; 119 1.10 christos 120 1.10 christos if (dctx->mdevp != NULL) 121 1.10 christos return 1; 122 1.10 christos 123 1.10 christos mdevp = OPENSSL_zalloc(n * sizeof(*mdevp)); 124 1.10 christos mdord = OPENSSL_zalloc(n * sizeof(*mdord)); 125 1.10 christos 126 1.10 christos if (mdord == NULL || mdevp == NULL) { 127 1.10 christos OPENSSL_free(mdord); 128 1.10 christos OPENSSL_free(mdevp); 129 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 130 1.10 christos return 0; 131 1.10 christos } 132 1.10 christos 133 1.10 christos /* Install default entries */ 134 1.10 christos for (i = 0; i < OSSL_NELEM(dane_mds); ++i) { 135 1.10 christos const EVP_MD *md; 136 1.10 christos 137 1.10 christos if (dane_mds[i].nid == NID_undef || 138 1.10 christos (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL) 139 1.10 christos continue; 140 1.10 christos mdevp[dane_mds[i].mtype] = md; 141 1.10 christos mdord[dane_mds[i].mtype] = dane_mds[i].ord; 142 1.10 christos } 143 1.10 christos 144 1.10 christos dctx->mdevp = mdevp; 145 1.10 christos dctx->mdord = mdord; 146 1.10 christos dctx->mdmax = mdmax; 147 1.10 christos 148 1.10 christos return 1; 149 1.10 christos } 150 1.10 christos 151 1.10 christos static void dane_ctx_final(struct dane_ctx_st *dctx) 152 1.10 christos { 153 1.10 christos OPENSSL_free(dctx->mdevp); 154 1.10 christos dctx->mdevp = NULL; 155 1.10 christos 156 1.10 christos OPENSSL_free(dctx->mdord); 157 1.10 christos dctx->mdord = NULL; 158 1.10 christos dctx->mdmax = 0; 159 1.10 christos } 160 1.10 christos 161 1.10 christos static void tlsa_free(danetls_record *t) 162 1.10 christos { 163 1.10 christos if (t == NULL) 164 1.10 christos return; 165 1.10 christos OPENSSL_free(t->data); 166 1.10 christos EVP_PKEY_free(t->spki); 167 1.10 christos OPENSSL_free(t); 168 1.10 christos } 169 1.10 christos 170 1.10 christos static void dane_final(SSL_DANE *dane) 171 1.10 christos { 172 1.10 christos sk_danetls_record_pop_free(dane->trecs, tlsa_free); 173 1.10 christos dane->trecs = NULL; 174 1.10 christos 175 1.10 christos sk_X509_pop_free(dane->certs, X509_free); 176 1.10 christos dane->certs = NULL; 177 1.10 christos 178 1.10 christos X509_free(dane->mcert); 179 1.10 christos dane->mcert = NULL; 180 1.10 christos dane->mtlsa = NULL; 181 1.10 christos dane->mdpth = -1; 182 1.10 christos dane->pdpth = -1; 183 1.10 christos } 184 1.10 christos 185 1.10 christos /* 186 1.10 christos * dane_copy - Copy dane configuration, sans verification state. 187 1.10 christos */ 188 1.10 christos static int ssl_dane_dup(SSL *to, SSL *from) 189 1.10 christos { 190 1.10 christos int num; 191 1.10 christos int i; 192 1.10 christos 193 1.10 christos if (!DANETLS_ENABLED(&from->dane)) 194 1.10 christos return 1; 195 1.10 christos 196 1.13 christos num = sk_danetls_record_num(from->dane.trecs); 197 1.10 christos dane_final(&to->dane); 198 1.10 christos to->dane.flags = from->dane.flags; 199 1.10 christos to->dane.dctx = &to->ctx->dane; 200 1.13 christos to->dane.trecs = sk_danetls_record_new_reserve(NULL, num); 201 1.10 christos 202 1.10 christos if (to->dane.trecs == NULL) { 203 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 204 1.10 christos return 0; 205 1.10 christos } 206 1.10 christos 207 1.10 christos for (i = 0; i < num; ++i) { 208 1.10 christos danetls_record *t = sk_danetls_record_value(from->dane.trecs, i); 209 1.10 christos 210 1.10 christos if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype, 211 1.10 christos t->data, t->dlen) <= 0) 212 1.10 christos return 0; 213 1.10 christos } 214 1.10 christos return 1; 215 1.10 christos } 216 1.10 christos 217 1.10 christos static int dane_mtype_set(struct dane_ctx_st *dctx, 218 1.10 christos const EVP_MD *md, uint8_t mtype, uint8_t ord) 219 1.10 christos { 220 1.10 christos int i; 221 1.10 christos 222 1.10 christos if (mtype == DANETLS_MATCHING_FULL && md != NULL) { 223 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL); 224 1.10 christos return 0; 225 1.10 christos } 226 1.10 christos 227 1.10 christos if (mtype > dctx->mdmax) { 228 1.10 christos const EVP_MD **mdevp; 229 1.10 christos uint8_t *mdord; 230 1.10 christos int n = ((int)mtype) + 1; 231 1.10 christos 232 1.10 christos mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp)); 233 1.10 christos if (mdevp == NULL) { 234 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 235 1.10 christos return -1; 236 1.10 christos } 237 1.10 christos dctx->mdevp = mdevp; 238 1.10 christos 239 1.10 christos mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord)); 240 1.10 christos if (mdord == NULL) { 241 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 242 1.10 christos return -1; 243 1.10 christos } 244 1.10 christos dctx->mdord = mdord; 245 1.10 christos 246 1.10 christos /* Zero-fill any gaps */ 247 1.10 christos for (i = dctx->mdmax + 1; i < mtype; ++i) { 248 1.10 christos mdevp[i] = NULL; 249 1.10 christos mdord[i] = 0; 250 1.10 christos } 251 1.10 christos 252 1.10 christos dctx->mdmax = mtype; 253 1.10 christos } 254 1.10 christos 255 1.10 christos dctx->mdevp[mtype] = md; 256 1.10 christos /* Coerce ordinal of disabled matching types to 0 */ 257 1.10 christos dctx->mdord[mtype] = (md == NULL) ? 0 : ord; 258 1.10 christos 259 1.10 christos return 1; 260 1.10 christos } 261 1.10 christos 262 1.10 christos static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype) 263 1.10 christos { 264 1.10 christos if (mtype > dane->dctx->mdmax) 265 1.10 christos return NULL; 266 1.10 christos return dane->dctx->mdevp[mtype]; 267 1.10 christos } 268 1.10 christos 269 1.10 christos static int dane_tlsa_add(SSL_DANE *dane, 270 1.10 christos uint8_t usage, 271 1.10 christos uint8_t selector, 272 1.23 christos uint8_t mtype, const unsigned char *data, size_t dlen) 273 1.10 christos { 274 1.10 christos danetls_record *t; 275 1.10 christos const EVP_MD *md = NULL; 276 1.10 christos int ilen = (int)dlen; 277 1.10 christos int i; 278 1.10 christos int num; 279 1.10 christos 280 1.10 christos if (dane->trecs == NULL) { 281 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_NOT_ENABLED); 282 1.10 christos return -1; 283 1.10 christos } 284 1.10 christos 285 1.10 christos if (ilen < 0 || dlen != (size_t)ilen) { 286 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DATA_LENGTH); 287 1.10 christos return 0; 288 1.10 christos } 289 1.10 christos 290 1.10 christos if (usage > DANETLS_USAGE_LAST) { 291 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE); 292 1.10 christos return 0; 293 1.10 christos } 294 1.10 christos 295 1.10 christos if (selector > DANETLS_SELECTOR_LAST) { 296 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_SELECTOR); 297 1.10 christos return 0; 298 1.10 christos } 299 1.10 christos 300 1.10 christos if (mtype != DANETLS_MATCHING_FULL) { 301 1.10 christos md = tlsa_md_get(dane, mtype); 302 1.10 christos if (md == NULL) { 303 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE); 304 1.10 christos return 0; 305 1.10 christos } 306 1.10 christos } 307 1.10 christos 308 1.23 christos if (md != NULL && dlen != (size_t)EVP_MD_get_size(md)) { 309 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH); 310 1.10 christos return 0; 311 1.10 christos } 312 1.10 christos if (!data) { 313 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_NULL_DATA); 314 1.10 christos return 0; 315 1.10 christos } 316 1.10 christos 317 1.10 christos if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) { 318 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 319 1.10 christos return -1; 320 1.10 christos } 321 1.10 christos 322 1.10 christos t->usage = usage; 323 1.10 christos t->selector = selector; 324 1.10 christos t->mtype = mtype; 325 1.13 christos t->data = OPENSSL_malloc(dlen); 326 1.10 christos if (t->data == NULL) { 327 1.10 christos tlsa_free(t); 328 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 329 1.10 christos return -1; 330 1.10 christos } 331 1.13 christos memcpy(t->data, data, dlen); 332 1.13 christos t->dlen = dlen; 333 1.10 christos 334 1.10 christos /* Validate and cache full certificate or public key */ 335 1.10 christos if (mtype == DANETLS_MATCHING_FULL) { 336 1.10 christos const unsigned char *p = data; 337 1.10 christos X509 *cert = NULL; 338 1.10 christos EVP_PKEY *pkey = NULL; 339 1.10 christos 340 1.10 christos switch (selector) { 341 1.10 christos case DANETLS_SELECTOR_CERT: 342 1.13 christos if (!d2i_X509(&cert, &p, ilen) || p < data || 343 1.10 christos dlen != (size_t)(p - data)) { 344 1.25 christos X509_free(cert); 345 1.10 christos tlsa_free(t); 346 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE); 347 1.10 christos return 0; 348 1.10 christos } 349 1.10 christos if (X509_get0_pubkey(cert) == NULL) { 350 1.25 christos X509_free(cert); 351 1.10 christos tlsa_free(t); 352 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE); 353 1.10 christos return 0; 354 1.10 christos } 355 1.10 christos 356 1.10 christos if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) { 357 1.25 christos /* 358 1.25 christos * The Full(0) certificate decodes to a seemingly valid X.509 359 1.25 christos * object with a plausible key, so the TLSA record is well 360 1.25 christos * formed. However, we don't actually need the certifiate for 361 1.25 christos * usages PKIX-EE(1) or DANE-EE(3), because at least the EE 362 1.25 christos * certificate is always presented by the peer. We discard the 363 1.25 christos * certificate, and just use the TLSA data as an opaque blob 364 1.25 christos * for matching the raw presented DER octets. 365 1.25 christos * 366 1.25 christos * DO NOT FREE `t` here, it will be added to the TLSA record 367 1.25 christos * list below! 368 1.25 christos */ 369 1.10 christos X509_free(cert); 370 1.10 christos break; 371 1.10 christos } 372 1.10 christos 373 1.10 christos /* 374 1.10 christos * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA 375 1.10 christos * records that contain full certificates of trust-anchors that are 376 1.10 christos * not present in the wire chain. For usage PKIX-TA(0), we augment 377 1.10 christos * the chain with untrusted Full(0) certificates from DNS, in case 378 1.10 christos * they are missing from the chain. 379 1.10 christos */ 380 1.10 christos if ((dane->certs == NULL && 381 1.10 christos (dane->certs = sk_X509_new_null()) == NULL) || 382 1.10 christos !sk_X509_push(dane->certs, cert)) { 383 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 384 1.10 christos X509_free(cert); 385 1.10 christos tlsa_free(t); 386 1.10 christos return -1; 387 1.10 christos } 388 1.10 christos break; 389 1.10 christos 390 1.10 christos case DANETLS_SELECTOR_SPKI: 391 1.13 christos if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data || 392 1.10 christos dlen != (size_t)(p - data)) { 393 1.25 christos EVP_PKEY_free(pkey); 394 1.10 christos tlsa_free(t); 395 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY); 396 1.10 christos return 0; 397 1.10 christos } 398 1.10 christos 399 1.10 christos /* 400 1.10 christos * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA 401 1.10 christos * records that contain full bare keys of trust-anchors that are 402 1.10 christos * not present in the wire chain. 403 1.10 christos */ 404 1.10 christos if (usage == DANETLS_USAGE_DANE_TA) 405 1.10 christos t->spki = pkey; 406 1.10 christos else 407 1.10 christos EVP_PKEY_free(pkey); 408 1.10 christos break; 409 1.10 christos } 410 1.10 christos } 411 1.10 christos 412 1.10 christos /*- 413 1.10 christos * Find the right insertion point for the new record. 414 1.10 christos * 415 1.10 christos * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that 416 1.10 christos * they can be processed first, as they require no chain building, and no 417 1.10 christos * expiration or hostname checks. Because DANE-EE(3) is numerically 418 1.10 christos * largest, this is accomplished via descending sort by "usage". 419 1.10 christos * 420 1.10 christos * We also sort in descending order by matching ordinal to simplify 421 1.10 christos * the implementation of digest agility in the verification code. 422 1.10 christos * 423 1.10 christos * The choice of order for the selector is not significant, so we 424 1.10 christos * use the same descending order for consistency. 425 1.10 christos */ 426 1.10 christos num = sk_danetls_record_num(dane->trecs); 427 1.10 christos for (i = 0; i < num; ++i) { 428 1.10 christos danetls_record *rec = sk_danetls_record_value(dane->trecs, i); 429 1.10 christos 430 1.10 christos if (rec->usage > usage) 431 1.10 christos continue; 432 1.10 christos if (rec->usage < usage) 433 1.10 christos break; 434 1.10 christos if (rec->selector > selector) 435 1.10 christos continue; 436 1.10 christos if (rec->selector < selector) 437 1.10 christos break; 438 1.10 christos if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype]) 439 1.10 christos continue; 440 1.10 christos break; 441 1.10 christos } 442 1.10 christos 443 1.10 christos if (!sk_danetls_record_insert(dane->trecs, t, i)) { 444 1.10 christos tlsa_free(t); 445 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 446 1.10 christos return -1; 447 1.10 christos } 448 1.10 christos dane->umask |= DANETLS_USAGE_BIT(usage); 449 1.10 christos 450 1.10 christos return 1; 451 1.10 christos } 452 1.10 christos 453 1.10 christos /* 454 1.10 christos * Return 0 if there is only one version configured and it was disabled 455 1.10 christos * at configure time. Return 1 otherwise. 456 1.10 christos */ 457 1.10 christos static int ssl_check_allowed_versions(int min_version, int max_version) 458 1.10 christos { 459 1.10 christos int minisdtls = 0, maxisdtls = 0; 460 1.10 christos 461 1.10 christos /* Figure out if we're doing DTLS versions or TLS versions */ 462 1.10 christos if (min_version == DTLS1_BAD_VER 463 1.10 christos || min_version >> 8 == DTLS1_VERSION_MAJOR) 464 1.10 christos minisdtls = 1; 465 1.10 christos if (max_version == DTLS1_BAD_VER 466 1.10 christos || max_version >> 8 == DTLS1_VERSION_MAJOR) 467 1.10 christos maxisdtls = 1; 468 1.10 christos /* A wildcard version of 0 could be DTLS or TLS. */ 469 1.10 christos if ((minisdtls && !maxisdtls && max_version != 0) 470 1.10 christos || (maxisdtls && !minisdtls && min_version != 0)) { 471 1.10 christos /* Mixing DTLS and TLS versions will lead to sadness; deny it. */ 472 1.10 christos return 0; 473 1.10 christos } 474 1.10 christos 475 1.10 christos if (minisdtls || maxisdtls) { 476 1.10 christos /* Do DTLS version checks. */ 477 1.10 christos if (min_version == 0) 478 1.10 christos /* Ignore DTLS1_BAD_VER */ 479 1.10 christos min_version = DTLS1_VERSION; 480 1.10 christos if (max_version == 0) 481 1.10 christos max_version = DTLS1_2_VERSION; 482 1.10 christos #ifdef OPENSSL_NO_DTLS1_2 483 1.10 christos if (max_version == DTLS1_2_VERSION) 484 1.10 christos max_version = DTLS1_VERSION; 485 1.10 christos #endif 486 1.10 christos #ifdef OPENSSL_NO_DTLS1 487 1.10 christos if (min_version == DTLS1_VERSION) 488 1.10 christos min_version = DTLS1_2_VERSION; 489 1.10 christos #endif 490 1.13 christos /* Done massaging versions; do the check. */ 491 1.13 christos if (0 492 1.10 christos #ifdef OPENSSL_NO_DTLS1 493 1.10 christos || (DTLS_VERSION_GE(min_version, DTLS1_VERSION) 494 1.10 christos && DTLS_VERSION_GE(DTLS1_VERSION, max_version)) 495 1.10 christos #endif 496 1.10 christos #ifdef OPENSSL_NO_DTLS1_2 497 1.10 christos || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION) 498 1.10 christos && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version)) 499 1.10 christos #endif 500 1.10 christos ) 501 1.10 christos return 0; 502 1.10 christos } else { 503 1.10 christos /* Regular TLS version checks. */ 504 1.13 christos if (min_version == 0) 505 1.13 christos min_version = SSL3_VERSION; 506 1.13 christos if (max_version == 0) 507 1.13 christos max_version = TLS1_3_VERSION; 508 1.13 christos #ifdef OPENSSL_NO_TLS1_3 509 1.13 christos if (max_version == TLS1_3_VERSION) 510 1.13 christos max_version = TLS1_2_VERSION; 511 1.13 christos #endif 512 1.10 christos #ifdef OPENSSL_NO_TLS1_2 513 1.13 christos if (max_version == TLS1_2_VERSION) 514 1.13 christos max_version = TLS1_1_VERSION; 515 1.10 christos #endif 516 1.10 christos #ifdef OPENSSL_NO_TLS1_1 517 1.13 christos if (max_version == TLS1_1_VERSION) 518 1.13 christos max_version = TLS1_VERSION; 519 1.10 christos #endif 520 1.10 christos #ifdef OPENSSL_NO_TLS1 521 1.13 christos if (max_version == TLS1_VERSION) 522 1.13 christos max_version = SSL3_VERSION; 523 1.10 christos #endif 524 1.10 christos #ifdef OPENSSL_NO_SSL3 525 1.13 christos if (min_version == SSL3_VERSION) 526 1.13 christos min_version = TLS1_VERSION; 527 1.10 christos #endif 528 1.10 christos #ifdef OPENSSL_NO_TLS1 529 1.13 christos if (min_version == TLS1_VERSION) 530 1.13 christos min_version = TLS1_1_VERSION; 531 1.10 christos #endif 532 1.10 christos #ifdef OPENSSL_NO_TLS1_1 533 1.13 christos if (min_version == TLS1_1_VERSION) 534 1.13 christos min_version = TLS1_2_VERSION; 535 1.13 christos #endif 536 1.13 christos #ifdef OPENSSL_NO_TLS1_2 537 1.13 christos if (min_version == TLS1_2_VERSION) 538 1.13 christos min_version = TLS1_3_VERSION; 539 1.10 christos #endif 540 1.13 christos /* Done massaging versions; do the check. */ 541 1.13 christos if (0 542 1.10 christos #ifdef OPENSSL_NO_SSL3 543 1.10 christos || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version) 544 1.10 christos #endif 545 1.10 christos #ifdef OPENSSL_NO_TLS1 546 1.10 christos || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version) 547 1.10 christos #endif 548 1.10 christos #ifdef OPENSSL_NO_TLS1_1 549 1.10 christos || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version) 550 1.10 christos #endif 551 1.10 christos #ifdef OPENSSL_NO_TLS1_2 552 1.10 christos || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version) 553 1.10 christos #endif 554 1.13 christos #ifdef OPENSSL_NO_TLS1_3 555 1.13 christos || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version) 556 1.13 christos #endif 557 1.10 christos ) 558 1.10 christos return 0; 559 1.10 christos } 560 1.10 christos return 1; 561 1.10 christos } 562 1.10 christos 563 1.23 christos #if defined(__TANDEM) && defined(OPENSSL_VPROC) 564 1.23 christos /* 565 1.23 christos * Define a VPROC function for HP NonStop build ssl library. 566 1.23 christos * This is used by platform version identification tools. 567 1.23 christos * Do not inline this procedure or make it static. 568 1.23 christos */ 569 1.23 christos # define OPENSSL_VPROC_STRING_(x) x##_SSL 570 1.23 christos # define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x) 571 1.23 christos # define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC) 572 1.23 christos void OPENSSL_VPROC_FUNC(void) {} 573 1.23 christos #endif 574 1.23 christos 575 1.23 christos 576 1.10 christos static void clear_ciphers(SSL *s) 577 1.10 christos { 578 1.10 christos /* clear the current cipher */ 579 1.10 christos ssl_clear_cipher_ctx(s); 580 1.10 christos ssl_clear_hash_ctx(&s->read_hash); 581 1.10 christos ssl_clear_hash_ctx(&s->write_hash); 582 1.10 christos } 583 1.10 christos 584 1.1 christos int SSL_clear(SSL *s) 585 1.4 spz { 586 1.4 spz if (s->method == NULL) { 587 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_NO_METHOD_SPECIFIED); 588 1.13 christos return 0; 589 1.4 spz } 590 1.4 spz 591 1.4 spz if (ssl_clear_bad_session(s)) { 592 1.4 spz SSL_SESSION_free(s->session); 593 1.4 spz s->session = NULL; 594 1.4 spz } 595 1.13 christos SSL_SESSION_free(s->psksession); 596 1.13 christos s->psksession = NULL; 597 1.13 christos OPENSSL_free(s->psksession_id); 598 1.13 christos s->psksession_id = NULL; 599 1.13 christos s->psksession_id_len = 0; 600 1.24 christos s->hello_retry_request = SSL_HRR_NONE; 601 1.13 christos s->sent_tickets = 0; 602 1.4 spz 603 1.4 spz s->error = 0; 604 1.4 spz s->hit = 0; 605 1.4 spz s->shutdown = 0; 606 1.1 christos 607 1.4 spz if (s->renegotiate) { 608 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); 609 1.4 spz return 0; 610 1.4 spz } 611 1.1 christos 612 1.10 christos ossl_statem_clear(s); 613 1.1 christos 614 1.4 spz s->version = s->method->version; 615 1.4 spz s->client_version = s->version; 616 1.4 spz s->rwstate = SSL_NOTHING; 617 1.1 christos 618 1.10 christos BUF_MEM_free(s->init_buf); 619 1.10 christos s->init_buf = NULL; 620 1.10 christos clear_ciphers(s); 621 1.10 christos s->first_packet = 0; 622 1.10 christos 623 1.13 christos s->key_update = SSL_KEY_UPDATE_NONE; 624 1.13 christos 625 1.13 christos EVP_MD_CTX_free(s->pha_dgst); 626 1.13 christos s->pha_dgst = NULL; 627 1.13 christos 628 1.10 christos /* Reset DANE verification result state */ 629 1.10 christos s->dane.mdpth = -1; 630 1.10 christos s->dane.pdpth = -1; 631 1.10 christos X509_free(s->dane.mcert); 632 1.10 christos s->dane.mcert = NULL; 633 1.10 christos s->dane.mtlsa = NULL; 634 1.1 christos 635 1.10 christos /* Clear the verification result peername */ 636 1.10 christos X509_VERIFY_PARAM_move_peername(s->param, NULL); 637 1.1 christos 638 1.17 christos /* Clear any shared connection state */ 639 1.17 christos OPENSSL_free(s->shared_sigalgs); 640 1.17 christos s->shared_sigalgs = NULL; 641 1.17 christos s->shared_sigalgslen = 0; 642 1.17 christos 643 1.4 spz /* 644 1.4 spz * Check to see if we were changed into a different method, if so, revert 645 1.13 christos * back. 646 1.4 spz */ 647 1.13 christos if (s->method != s->ctx->method) { 648 1.4 spz s->method->ssl_free(s); 649 1.4 spz s->method = s->ctx->method; 650 1.4 spz if (!s->method->ssl_new(s)) 651 1.13 christos return 0; 652 1.13 christos } else { 653 1.13 christos if (!s->method->ssl_clear(s)) 654 1.13 christos return 0; 655 1.13 christos } 656 1.10 christos 657 1.10 christos RECORD_LAYER_clear(&s->rlayer); 658 1.10 christos 659 1.13 christos return 1; 660 1.4 spz } 661 1.1 christos 662 1.23 christos #ifndef OPENSSL_NO_DEPRECATED_3_0 663 1.1 christos /** Used to change an SSL_CTXs default SSL method type */ 664 1.4 spz int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) 665 1.4 spz { 666 1.4 spz STACK_OF(SSL_CIPHER) *sk; 667 1.4 spz 668 1.4 spz ctx->method = meth; 669 1.4 spz 670 1.23 christos if (!SSL_CTX_set_ciphersuites(ctx, OSSL_default_ciphersuites())) { 671 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 672 1.14 christos return 0; 673 1.14 christos } 674 1.23 christos sk = ssl_create_cipher_list(ctx, 675 1.13 christos ctx->tls13_ciphersuites, 676 1.13 christos &(ctx->cipher_list), 677 1.4 spz &(ctx->cipher_list_by_id), 678 1.23 christos OSSL_default_cipher_list(), ctx->cert); 679 1.4 spz if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { 680 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 681 1.13 christos return 0; 682 1.4 spz } 683 1.13 christos return 1; 684 1.4 spz } 685 1.23 christos #endif 686 1.1 christos 687 1.1 christos SSL *SSL_new(SSL_CTX *ctx) 688 1.4 spz { 689 1.4 spz SSL *s; 690 1.4 spz 691 1.4 spz if (ctx == NULL) { 692 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_CTX); 693 1.13 christos return NULL; 694 1.4 spz } 695 1.4 spz if (ctx->method == NULL) { 696 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 697 1.13 christos return NULL; 698 1.4 spz } 699 1.4 spz 700 1.10 christos s = OPENSSL_zalloc(sizeof(*s)); 701 1.4 spz if (s == NULL) 702 1.4 spz goto err; 703 1.4 spz 704 1.13 christos s->references = 1; 705 1.10 christos s->lock = CRYPTO_THREAD_lock_new(); 706 1.10 christos if (s->lock == NULL) { 707 1.10 christos OPENSSL_free(s); 708 1.13 christos s = NULL; 709 1.13 christos goto err; 710 1.10 christos } 711 1.10 christos 712 1.10 christos RECORD_LAYER_init(&s->rlayer, s); 713 1.1 christos 714 1.4 spz s->options = ctx->options; 715 1.10 christos s->dane.flags = ctx->dane.flags; 716 1.10 christos s->min_proto_version = ctx->min_proto_version; 717 1.10 christos s->max_proto_version = ctx->max_proto_version; 718 1.4 spz s->mode = ctx->mode; 719 1.4 spz s->max_cert_list = ctx->max_cert_list; 720 1.13 christos s->max_early_data = ctx->max_early_data; 721 1.13 christos s->recv_max_early_data = ctx->recv_max_early_data; 722 1.13 christos s->num_tickets = ctx->num_tickets; 723 1.13 christos s->pha_enabled = ctx->pha_enabled; 724 1.13 christos 725 1.13 christos /* Shallow copy of the ciphersuites stack */ 726 1.13 christos s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites); 727 1.13 christos if (s->tls13_ciphersuites == NULL) 728 1.13 christos goto err; 729 1.4 spz 730 1.10 christos /* 731 1.10 christos * Earlier library versions used to copy the pointer to the CERT, not 732 1.10 christos * its contents; only when setting new parameters for the per-SSL 733 1.10 christos * copy, ssl_cert_new would be called (and the direct reference to 734 1.10 christos * the per-SSL_CTX settings would be lost, but those still were 735 1.10 christos * indirectly accessed for various purposes, and for that reason they 736 1.10 christos * used to be known as s->ctx->default_cert). Now we don't look at the 737 1.10 christos * SSL_CTX's CERT after having duplicated it once. 738 1.10 christos */ 739 1.10 christos s->cert = ssl_cert_dup(ctx->cert); 740 1.10 christos if (s->cert == NULL) 741 1.10 christos goto err; 742 1.4 spz 743 1.10 christos RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead); 744 1.4 spz s->msg_callback = ctx->msg_callback; 745 1.4 spz s->msg_callback_arg = ctx->msg_callback_arg; 746 1.4 spz s->verify_mode = ctx->verify_mode; 747 1.10 christos s->not_resumable_session_cb = ctx->not_resumable_session_cb; 748 1.13 christos s->record_padding_cb = ctx->record_padding_cb; 749 1.13 christos s->record_padding_arg = ctx->record_padding_arg; 750 1.13 christos s->block_padding = ctx->block_padding; 751 1.4 spz s->sid_ctx_length = ctx->sid_ctx_length; 752 1.13 christos if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx))) 753 1.13 christos goto err; 754 1.4 spz memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); 755 1.4 spz s->verify_callback = ctx->default_verify_callback; 756 1.4 spz s->generate_session_id = ctx->generate_session_id; 757 1.4 spz 758 1.4 spz s->param = X509_VERIFY_PARAM_new(); 759 1.10 christos if (s->param == NULL) 760 1.4 spz goto err; 761 1.4 spz X509_VERIFY_PARAM_inherit(s->param, ctx->param); 762 1.4 spz s->quiet_shutdown = ctx->quiet_shutdown; 763 1.13 christos 764 1.13 christos s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode; 765 1.4 spz s->max_send_fragment = ctx->max_send_fragment; 766 1.10 christos s->split_send_fragment = ctx->split_send_fragment; 767 1.10 christos s->max_pipelines = ctx->max_pipelines; 768 1.10 christos if (s->max_pipelines > 1) 769 1.10 christos RECORD_LAYER_set_read_ahead(&s->rlayer, 1); 770 1.10 christos if (ctx->default_read_buf_len > 0) 771 1.10 christos SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len); 772 1.1 christos 773 1.10 christos SSL_CTX_up_ref(ctx); 774 1.4 spz s->ctx = ctx; 775 1.13 christos s->ext.debug_cb = 0; 776 1.13 christos s->ext.debug_arg = NULL; 777 1.13 christos s->ext.ticket_expected = 0; 778 1.13 christos s->ext.status_type = ctx->ext.status_type; 779 1.13 christos s->ext.status_expected = 0; 780 1.13 christos s->ext.ocsp.ids = NULL; 781 1.13 christos s->ext.ocsp.exts = NULL; 782 1.13 christos s->ext.ocsp.resp = NULL; 783 1.13 christos s->ext.ocsp.resp_len = 0; 784 1.10 christos SSL_CTX_up_ref(ctx); 785 1.10 christos s->session_ctx = ctx; 786 1.13 christos if (ctx->ext.ecpointformats) { 787 1.13 christos s->ext.ecpointformats = 788 1.13 christos OPENSSL_memdup(ctx->ext.ecpointformats, 789 1.13 christos ctx->ext.ecpointformats_len); 790 1.20 christos if (!s->ext.ecpointformats) { 791 1.20 christos s->ext.ecpointformats_len = 0; 792 1.8 spz goto err; 793 1.20 christos } 794 1.13 christos s->ext.ecpointformats_len = 795 1.13 christos ctx->ext.ecpointformats_len; 796 1.8 spz } 797 1.13 christos if (ctx->ext.supportedgroups) { 798 1.13 christos s->ext.supportedgroups = 799 1.13 christos OPENSSL_memdup(ctx->ext.supportedgroups, 800 1.13 christos ctx->ext.supportedgroups_len 801 1.13 christos * sizeof(*ctx->ext.supportedgroups)); 802 1.20 christos if (!s->ext.supportedgroups) { 803 1.20 christos s->ext.supportedgroups_len = 0; 804 1.8 spz goto err; 805 1.20 christos } 806 1.13 christos s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; 807 1.8 spz } 808 1.23 christos 809 1.10 christos #ifndef OPENSSL_NO_NEXTPROTONEG 810 1.13 christos s->ext.npn = NULL; 811 1.10 christos #endif 812 1.8 spz 813 1.13 christos if (s->ctx->ext.alpn) { 814 1.13 christos s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len); 815 1.20 christos if (s->ext.alpn == NULL) { 816 1.20 christos s->ext.alpn_len = 0; 817 1.8 spz goto err; 818 1.20 christos } 819 1.13 christos memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len); 820 1.13 christos s->ext.alpn_len = s->ctx->ext.alpn_len; 821 1.8 spz } 822 1.1 christos 823 1.10 christos s->verified_chain = NULL; 824 1.4 spz s->verify_result = X509_V_OK; 825 1.1 christos 826 1.10 christos s->default_passwd_callback = ctx->default_passwd_callback; 827 1.10 christos s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata; 828 1.10 christos 829 1.4 spz s->method = ctx->method; 830 1.1 christos 831 1.13 christos s->key_update = SSL_KEY_UPDATE_NONE; 832 1.13 christos 833 1.13 christos s->allow_early_data_cb = ctx->allow_early_data_cb; 834 1.13 christos s->allow_early_data_cb_data = ctx->allow_early_data_cb_data; 835 1.13 christos 836 1.4 spz if (!s->method->ssl_new(s)) 837 1.4 spz goto err; 838 1.1 christos 839 1.4 spz s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; 840 1.1 christos 841 1.10 christos if (!SSL_clear(s)) 842 1.10 christos goto err; 843 1.1 christos 844 1.10 christos if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data)) 845 1.10 christos goto err; 846 1.1 christos 847 1.1 christos #ifndef OPENSSL_NO_PSK 848 1.4 spz s->psk_client_callback = ctx->psk_client_callback; 849 1.4 spz s->psk_server_callback = ctx->psk_server_callback; 850 1.1 christos #endif 851 1.13 christos s->psk_find_session_cb = ctx->psk_find_session_cb; 852 1.13 christos s->psk_use_session_cb = ctx->psk_use_session_cb; 853 1.1 christos 854 1.23 christos s->async_cb = ctx->async_cb; 855 1.23 christos s->async_cb_arg = ctx->async_cb_arg; 856 1.23 christos 857 1.10 christos s->job = NULL; 858 1.10 christos 859 1.10 christos #ifndef OPENSSL_NO_CT 860 1.10 christos if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback, 861 1.10 christos ctx->ct_validation_callback_arg)) 862 1.10 christos goto err; 863 1.10 christos #endif 864 1.10 christos 865 1.10 christos return s; 866 1.4 spz err: 867 1.10 christos SSL_free(s); 868 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 869 1.10 christos return NULL; 870 1.10 christos } 871 1.10 christos 872 1.10 christos int SSL_is_dtls(const SSL *s) 873 1.10 christos { 874 1.10 christos return SSL_IS_DTLS(s) ? 1 : 0; 875 1.10 christos } 876 1.10 christos 877 1.10 christos int SSL_up_ref(SSL *s) 878 1.10 christos { 879 1.10 christos int i; 880 1.10 christos 881 1.13 christos if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0) 882 1.10 christos return 0; 883 1.10 christos 884 1.10 christos REF_PRINT_COUNT("SSL", s); 885 1.10 christos REF_ASSERT_ISNT(i < 2); 886 1.10 christos return ((i > 1) ? 1 : 0); 887 1.4 spz } 888 1.1 christos 889 1.4 spz int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, 890 1.4 spz unsigned int sid_ctx_len) 891 1.4 spz { 892 1.17 christos if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 893 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 894 1.4 spz return 0; 895 1.4 spz } 896 1.4 spz ctx->sid_ctx_length = sid_ctx_len; 897 1.4 spz memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); 898 1.1 christos 899 1.1 christos return 1; 900 1.4 spz } 901 1.4 spz 902 1.4 spz int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, 903 1.4 spz unsigned int sid_ctx_len) 904 1.4 spz { 905 1.4 spz if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 906 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 907 1.4 spz return 0; 908 1.1 christos } 909 1.4 spz ssl->sid_ctx_length = sid_ctx_len; 910 1.4 spz memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); 911 1.1 christos 912 1.1 christos return 1; 913 1.4 spz } 914 1.1 christos 915 1.1 christos int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) 916 1.4 spz { 917 1.23 christos if (!CRYPTO_THREAD_write_lock(ctx->lock)) 918 1.23 christos return 0; 919 1.4 spz ctx->generate_session_id = cb; 920 1.10 christos CRYPTO_THREAD_unlock(ctx->lock); 921 1.4 spz return 1; 922 1.4 spz } 923 1.1 christos 924 1.1 christos int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) 925 1.4 spz { 926 1.23 christos if (!CRYPTO_THREAD_write_lock(ssl->lock)) 927 1.23 christos return 0; 928 1.4 spz ssl->generate_session_id = cb; 929 1.10 christos CRYPTO_THREAD_unlock(ssl->lock); 930 1.4 spz return 1; 931 1.4 spz } 932 1.1 christos 933 1.1 christos int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 934 1.4 spz unsigned int id_len) 935 1.4 spz { 936 1.4 spz /* 937 1.4 spz * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how 938 1.10 christos * we can "construct" a session to give us the desired check - i.e. to 939 1.4 spz * find if there's a session in the hash table that would conflict with 940 1.4 spz * any new session built out of this id/id_len and the ssl_version in use 941 1.4 spz * by this SSL. 942 1.4 spz */ 943 1.4 spz SSL_SESSION r, *p; 944 1.4 spz 945 1.11 christos if (id_len > sizeof(r.session_id)) 946 1.4 spz return 0; 947 1.4 spz 948 1.4 spz r.ssl_version = ssl->version; 949 1.4 spz r.session_id_length = id_len; 950 1.4 spz memcpy(r.session_id, id, id_len); 951 1.4 spz 952 1.23 christos if (!CRYPTO_THREAD_read_lock(ssl->session_ctx->lock)) 953 1.23 christos return 0; 954 1.10 christos p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r); 955 1.10 christos CRYPTO_THREAD_unlock(ssl->session_ctx->lock); 956 1.4 spz return (p != NULL); 957 1.4 spz } 958 1.1 christos 959 1.1 christos int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) 960 1.4 spz { 961 1.4 spz return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 962 1.4 spz } 963 1.1 christos 964 1.1 christos int SSL_set_purpose(SSL *s, int purpose) 965 1.4 spz { 966 1.4 spz return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 967 1.4 spz } 968 1.1 christos 969 1.1 christos int SSL_CTX_set_trust(SSL_CTX *s, int trust) 970 1.4 spz { 971 1.4 spz return X509_VERIFY_PARAM_set_trust(s->param, trust); 972 1.4 spz } 973 1.1 christos 974 1.1 christos int SSL_set_trust(SSL *s, int trust) 975 1.4 spz { 976 1.4 spz return X509_VERIFY_PARAM_set_trust(s->param, trust); 977 1.4 spz } 978 1.1 christos 979 1.10 christos int SSL_set1_host(SSL *s, const char *hostname) 980 1.4 spz { 981 1.23 christos /* If a hostname is provided and parses as an IP address, 982 1.23 christos * treat it as such. */ 983 1.23 christos if (hostname && X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname) == 1) 984 1.23 christos return 1; 985 1.23 christos 986 1.10 christos return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); 987 1.4 spz } 988 1.1 christos 989 1.10 christos int SSL_add1_host(SSL *s, const char *hostname) 990 1.4 spz { 991 1.23 christos /* If a hostname is provided and parses as an IP address, 992 1.23 christos * treat it as such. */ 993 1.23 christos if (hostname) 994 1.23 christos { 995 1.23 christos ASN1_OCTET_STRING *ip; 996 1.23 christos char *old_ip; 997 1.23 christos 998 1.23 christos ip = a2i_IPADDRESS(hostname); 999 1.23 christos if (ip) { 1000 1.23 christos /* We didn't want it; only to check if it *is* an IP address */ 1001 1.23 christos ASN1_OCTET_STRING_free(ip); 1002 1.23 christos 1003 1.23 christos old_ip = X509_VERIFY_PARAM_get1_ip_asc(s->param); 1004 1.23 christos if (old_ip) 1005 1.23 christos { 1006 1.23 christos OPENSSL_free(old_ip); 1007 1.23 christos /* There can be only one IP address */ 1008 1.23 christos return 0; 1009 1.23 christos } 1010 1.23 christos 1011 1.23 christos return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname); 1012 1.23 christos } 1013 1.23 christos } 1014 1.23 christos 1015 1.10 christos return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0); 1016 1.10 christos } 1017 1.10 christos 1018 1.10 christos void SSL_set_hostflags(SSL *s, unsigned int flags) 1019 1.10 christos { 1020 1.10 christos X509_VERIFY_PARAM_set_hostflags(s->param, flags); 1021 1.10 christos } 1022 1.10 christos 1023 1.10 christos const char *SSL_get0_peername(SSL *s) 1024 1.10 christos { 1025 1.10 christos return X509_VERIFY_PARAM_get0_peername(s->param); 1026 1.10 christos } 1027 1.10 christos 1028 1.10 christos int SSL_CTX_dane_enable(SSL_CTX *ctx) 1029 1.10 christos { 1030 1.10 christos return dane_ctx_enable(&ctx->dane); 1031 1.10 christos } 1032 1.10 christos 1033 1.10 christos unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags) 1034 1.10 christos { 1035 1.10 christos unsigned long orig = ctx->dane.flags; 1036 1.10 christos 1037 1.10 christos ctx->dane.flags |= flags; 1038 1.10 christos return orig; 1039 1.10 christos } 1040 1.10 christos 1041 1.10 christos unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags) 1042 1.10 christos { 1043 1.10 christos unsigned long orig = ctx->dane.flags; 1044 1.10 christos 1045 1.10 christos ctx->dane.flags &= ~flags; 1046 1.10 christos return orig; 1047 1.10 christos } 1048 1.10 christos 1049 1.10 christos int SSL_dane_enable(SSL *s, const char *basedomain) 1050 1.10 christos { 1051 1.10 christos SSL_DANE *dane = &s->dane; 1052 1.10 christos 1053 1.10 christos if (s->ctx->dane.mdmax == 0) { 1054 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_CONTEXT_NOT_DANE_ENABLED); 1055 1.10 christos return 0; 1056 1.10 christos } 1057 1.10 christos if (dane->trecs != NULL) { 1058 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DANE_ALREADY_ENABLED); 1059 1.10 christos return 0; 1060 1.10 christos } 1061 1.10 christos 1062 1.10 christos /* 1063 1.10 christos * Default SNI name. This rejects empty names, while set1_host below 1064 1.10 christos * accepts them and disables host name checks. To avoid side-effects with 1065 1.10 christos * invalid input, set the SNI name first. 1066 1.10 christos */ 1067 1.13 christos if (s->ext.hostname == NULL) { 1068 1.10 christos if (!SSL_set_tlsext_host_name(s, basedomain)) { 1069 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); 1070 1.10 christos return -1; 1071 1.10 christos } 1072 1.10 christos } 1073 1.10 christos 1074 1.10 christos /* Primary RFC6125 reference identifier */ 1075 1.10 christos if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) { 1076 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); 1077 1.10 christos return -1; 1078 1.10 christos } 1079 1.10 christos 1080 1.10 christos dane->mdpth = -1; 1081 1.10 christos dane->pdpth = -1; 1082 1.10 christos dane->dctx = &s->ctx->dane; 1083 1.10 christos dane->trecs = sk_danetls_record_new_null(); 1084 1.10 christos 1085 1.10 christos if (dane->trecs == NULL) { 1086 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 1087 1.10 christos return -1; 1088 1.10 christos } 1089 1.10 christos return 1; 1090 1.10 christos } 1091 1.10 christos 1092 1.10 christos unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags) 1093 1.10 christos { 1094 1.10 christos unsigned long orig = ssl->dane.flags; 1095 1.10 christos 1096 1.10 christos ssl->dane.flags |= flags; 1097 1.10 christos return orig; 1098 1.10 christos } 1099 1.10 christos 1100 1.10 christos unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags) 1101 1.10 christos { 1102 1.10 christos unsigned long orig = ssl->dane.flags; 1103 1.10 christos 1104 1.10 christos ssl->dane.flags &= ~flags; 1105 1.10 christos return orig; 1106 1.10 christos } 1107 1.10 christos 1108 1.10 christos int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki) 1109 1.10 christos { 1110 1.10 christos SSL_DANE *dane = &s->dane; 1111 1.10 christos 1112 1.10 christos if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK) 1113 1.10 christos return -1; 1114 1.10 christos if (dane->mtlsa) { 1115 1.10 christos if (mcert) 1116 1.10 christos *mcert = dane->mcert; 1117 1.10 christos if (mspki) 1118 1.10 christos *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL; 1119 1.10 christos } 1120 1.10 christos return dane->mdpth; 1121 1.10 christos } 1122 1.10 christos 1123 1.10 christos int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, 1124 1.23 christos uint8_t *mtype, const unsigned char **data, size_t *dlen) 1125 1.10 christos { 1126 1.10 christos SSL_DANE *dane = &s->dane; 1127 1.10 christos 1128 1.10 christos if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK) 1129 1.10 christos return -1; 1130 1.10 christos if (dane->mtlsa) { 1131 1.10 christos if (usage) 1132 1.10 christos *usage = dane->mtlsa->usage; 1133 1.10 christos if (selector) 1134 1.10 christos *selector = dane->mtlsa->selector; 1135 1.10 christos if (mtype) 1136 1.10 christos *mtype = dane->mtlsa->mtype; 1137 1.10 christos if (data) 1138 1.10 christos *data = dane->mtlsa->data; 1139 1.10 christos if (dlen) 1140 1.10 christos *dlen = dane->mtlsa->dlen; 1141 1.10 christos } 1142 1.10 christos return dane->mdpth; 1143 1.10 christos } 1144 1.10 christos 1145 1.10 christos SSL_DANE *SSL_get0_dane(SSL *s) 1146 1.10 christos { 1147 1.10 christos return &s->dane; 1148 1.10 christos } 1149 1.10 christos 1150 1.10 christos int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, 1151 1.23 christos uint8_t mtype, const unsigned char *data, size_t dlen) 1152 1.10 christos { 1153 1.10 christos return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen); 1154 1.10 christos } 1155 1.10 christos 1156 1.10 christos int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, 1157 1.10 christos uint8_t ord) 1158 1.10 christos { 1159 1.10 christos return dane_mtype_set(&ctx->dane, md, mtype, ord); 1160 1.10 christos } 1161 1.10 christos 1162 1.10 christos int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) 1163 1.10 christos { 1164 1.10 christos return X509_VERIFY_PARAM_set1(ctx->param, vpm); 1165 1.10 christos } 1166 1.10 christos 1167 1.10 christos int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) 1168 1.10 christos { 1169 1.10 christos return X509_VERIFY_PARAM_set1(ssl->param, vpm); 1170 1.4 spz } 1171 1.1 christos 1172 1.8 spz X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) 1173 1.8 spz { 1174 1.8 spz return ctx->param; 1175 1.8 spz } 1176 1.8 spz 1177 1.8 spz X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) 1178 1.8 spz { 1179 1.8 spz return ssl->param; 1180 1.8 spz } 1181 1.8 spz 1182 1.8 spz void SSL_certs_clear(SSL *s) 1183 1.8 spz { 1184 1.8 spz ssl_cert_clear_certs(s->cert); 1185 1.8 spz } 1186 1.8 spz 1187 1.1 christos void SSL_free(SSL *s) 1188 1.4 spz { 1189 1.4 spz int i; 1190 1.1 christos 1191 1.4 spz if (s == NULL) 1192 1.4 spz return; 1193 1.13 christos CRYPTO_DOWN_REF(&s->references, &i, s->lock); 1194 1.10 christos REF_PRINT_COUNT("SSL", s); 1195 1.4 spz if (i > 0) 1196 1.4 spz return; 1197 1.10 christos REF_ASSERT_ISNT(i < 0); 1198 1.4 spz 1199 1.10 christos X509_VERIFY_PARAM_free(s->param); 1200 1.10 christos dane_final(&s->dane); 1201 1.10 christos CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 1202 1.4 spz 1203 1.23 christos RECORD_LAYER_release(&s->rlayer); 1204 1.23 christos 1205 1.13 christos /* Ignore return value */ 1206 1.10 christos ssl_free_wbio_buffer(s); 1207 1.4 spz 1208 1.10 christos BIO_free_all(s->wbio); 1209 1.23 christos s->wbio = NULL; 1210 1.10 christos BIO_free_all(s->rbio); 1211 1.23 christos s->rbio = NULL; 1212 1.4 spz 1213 1.10 christos BUF_MEM_free(s->init_buf); 1214 1.4 spz 1215 1.4 spz /* add extra stuff */ 1216 1.10 christos sk_SSL_CIPHER_free(s->cipher_list); 1217 1.10 christos sk_SSL_CIPHER_free(s->cipher_list_by_id); 1218 1.13 christos sk_SSL_CIPHER_free(s->tls13_ciphersuites); 1219 1.17 christos sk_SSL_CIPHER_free(s->peer_ciphers); 1220 1.4 spz 1221 1.4 spz /* Make the next call work :-) */ 1222 1.4 spz if (s->session != NULL) { 1223 1.4 spz ssl_clear_bad_session(s); 1224 1.4 spz SSL_SESSION_free(s->session); 1225 1.4 spz } 1226 1.13 christos SSL_SESSION_free(s->psksession); 1227 1.13 christos OPENSSL_free(s->psksession_id); 1228 1.1 christos 1229 1.10 christos ssl_cert_free(s->cert); 1230 1.17 christos OPENSSL_free(s->shared_sigalgs); 1231 1.4 spz /* Free up if allocated */ 1232 1.1 christos 1233 1.13 christos OPENSSL_free(s->ext.hostname); 1234 1.10 christos SSL_CTX_free(s->session_ctx); 1235 1.13 christos OPENSSL_free(s->ext.ecpointformats); 1236 1.17 christos OPENSSL_free(s->ext.peer_ecpointformats); 1237 1.13 christos OPENSSL_free(s->ext.supportedgroups); 1238 1.17 christos OPENSSL_free(s->ext.peer_supportedgroups); 1239 1.13 christos sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free); 1240 1.10 christos #ifndef OPENSSL_NO_OCSP 1241 1.13 christos sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free); 1242 1.10 christos #endif 1243 1.10 christos #ifndef OPENSSL_NO_CT 1244 1.10 christos SCT_LIST_free(s->scts); 1245 1.13 christos OPENSSL_free(s->ext.scts); 1246 1.4 spz #endif 1247 1.13 christos OPENSSL_free(s->ext.ocsp.resp); 1248 1.13 christos OPENSSL_free(s->ext.alpn); 1249 1.13 christos OPENSSL_free(s->ext.tls13_cookie); 1250 1.19 christos if (s->clienthello != NULL) 1251 1.19 christos OPENSSL_free(s->clienthello->pre_proc_exts); 1252 1.13 christos OPENSSL_free(s->clienthello); 1253 1.13 christos OPENSSL_free(s->pha_context); 1254 1.13 christos EVP_MD_CTX_free(s->pha_dgst); 1255 1.4 spz 1256 1.13 christos sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free); 1257 1.14 christos sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free); 1258 1.10 christos 1259 1.10 christos sk_X509_pop_free(s->verified_chain, X509_free); 1260 1.4 spz 1261 1.4 spz if (s->method != NULL) 1262 1.4 spz s->method->ssl_free(s); 1263 1.4 spz 1264 1.25 christos /* 1265 1.25 christos * Must occur after s->method->ssl_free(). The DTLS sent_messages queue 1266 1.25 christos * may reference the EVP_CIPHER_CTX/EVP_MD_CTX that are freed here. 1267 1.25 christos */ 1268 1.25 christos clear_ciphers(s); 1269 1.25 christos 1270 1.10 christos SSL_CTX_free(s->ctx); 1271 1.4 spz 1272 1.10 christos ASYNC_WAIT_CTX_free(s->waitctx); 1273 1.10 christos 1274 1.10 christos #if !defined(OPENSSL_NO_NEXTPROTONEG) 1275 1.13 christos OPENSSL_free(s->ext.npn); 1276 1.2 spz #endif 1277 1.2 spz 1278 1.2 spz #ifndef OPENSSL_NO_SRTP 1279 1.10 christos sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); 1280 1.2 spz #endif 1281 1.2 spz 1282 1.10 christos CRYPTO_THREAD_lock_free(s->lock); 1283 1.10 christos 1284 1.4 spz OPENSSL_free(s); 1285 1.4 spz } 1286 1.1 christos 1287 1.10 christos void SSL_set0_rbio(SSL *s, BIO *rbio) 1288 1.10 christos { 1289 1.10 christos BIO_free_all(s->rbio); 1290 1.10 christos s->rbio = rbio; 1291 1.10 christos } 1292 1.10 christos 1293 1.10 christos void SSL_set0_wbio(SSL *s, BIO *wbio) 1294 1.10 christos { 1295 1.10 christos /* 1296 1.10 christos * If the output buffering BIO is still in place, remove it 1297 1.10 christos */ 1298 1.10 christos if (s->bbio != NULL) 1299 1.10 christos s->wbio = BIO_pop(s->wbio); 1300 1.10 christos 1301 1.10 christos BIO_free_all(s->wbio); 1302 1.10 christos s->wbio = wbio; 1303 1.10 christos 1304 1.10 christos /* Re-attach |bbio| to the new |wbio|. */ 1305 1.10 christos if (s->bbio != NULL) 1306 1.10 christos s->wbio = BIO_push(s->bbio, s->wbio); 1307 1.10 christos } 1308 1.10 christos 1309 1.4 spz void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) 1310 1.4 spz { 1311 1.4 spz /* 1312 1.10 christos * For historical reasons, this function has many different cases in 1313 1.10 christos * ownership handling. 1314 1.10 christos */ 1315 1.10 christos 1316 1.10 christos /* If nothing has changed, do nothing */ 1317 1.10 christos if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s)) 1318 1.10 christos return; 1319 1.10 christos 1320 1.10 christos /* 1321 1.10 christos * If the two arguments are equal then one fewer reference is granted by the 1322 1.10 christos * caller than we want to take 1323 1.10 christos */ 1324 1.10 christos if (rbio != NULL && rbio == wbio) 1325 1.10 christos BIO_up_ref(rbio); 1326 1.10 christos 1327 1.10 christos /* 1328 1.10 christos * If only the wbio is changed only adopt one reference. 1329 1.10 christos */ 1330 1.10 christos if (rbio == SSL_get_rbio(s)) { 1331 1.10 christos SSL_set0_wbio(s, wbio); 1332 1.10 christos return; 1333 1.10 christos } 1334 1.10 christos /* 1335 1.10 christos * There is an asymmetry here for historical reasons. If only the rbio is 1336 1.10 christos * changed AND the rbio and wbio were originally different, then we only 1337 1.10 christos * adopt one reference. 1338 1.4 spz */ 1339 1.10 christos if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) { 1340 1.10 christos SSL_set0_rbio(s, rbio); 1341 1.10 christos return; 1342 1.4 spz } 1343 1.10 christos 1344 1.10 christos /* Otherwise, adopt both references. */ 1345 1.10 christos SSL_set0_rbio(s, rbio); 1346 1.10 christos SSL_set0_wbio(s, wbio); 1347 1.4 spz } 1348 1.1 christos 1349 1.1 christos BIO *SSL_get_rbio(const SSL *s) 1350 1.4 spz { 1351 1.10 christos return s->rbio; 1352 1.4 spz } 1353 1.1 christos 1354 1.1 christos BIO *SSL_get_wbio(const SSL *s) 1355 1.4 spz { 1356 1.10 christos if (s->bbio != NULL) { 1357 1.10 christos /* 1358 1.10 christos * If |bbio| is active, the true caller-configured BIO is its 1359 1.10 christos * |next_bio|. 1360 1.10 christos */ 1361 1.10 christos return BIO_next(s->bbio); 1362 1.10 christos } 1363 1.10 christos return s->wbio; 1364 1.4 spz } 1365 1.1 christos 1366 1.1 christos int SSL_get_fd(const SSL *s) 1367 1.4 spz { 1368 1.10 christos return SSL_get_rfd(s); 1369 1.4 spz } 1370 1.1 christos 1371 1.1 christos int SSL_get_rfd(const SSL *s) 1372 1.4 spz { 1373 1.4 spz int ret = -1; 1374 1.4 spz BIO *b, *r; 1375 1.4 spz 1376 1.4 spz b = SSL_get_rbio(s); 1377 1.4 spz r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 1378 1.4 spz if (r != NULL) 1379 1.4 spz BIO_get_fd(r, &ret); 1380 1.13 christos return ret; 1381 1.4 spz } 1382 1.1 christos 1383 1.1 christos int SSL_get_wfd(const SSL *s) 1384 1.4 spz { 1385 1.4 spz int ret = -1; 1386 1.4 spz BIO *b, *r; 1387 1.4 spz 1388 1.4 spz b = SSL_get_wbio(s); 1389 1.4 spz r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 1390 1.4 spz if (r != NULL) 1391 1.4 spz BIO_get_fd(r, &ret); 1392 1.13 christos return ret; 1393 1.4 spz } 1394 1.1 christos 1395 1.1 christos #ifndef OPENSSL_NO_SOCK 1396 1.4 spz int SSL_set_fd(SSL *s, int fd) 1397 1.4 spz { 1398 1.4 spz int ret = 0; 1399 1.4 spz BIO *bio = NULL; 1400 1.4 spz 1401 1.4 spz bio = BIO_new(BIO_s_socket()); 1402 1.4 spz 1403 1.4 spz if (bio == NULL) { 1404 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 1405 1.4 spz goto err; 1406 1.4 spz } 1407 1.4 spz BIO_set_fd(bio, fd, BIO_NOCLOSE); 1408 1.4 spz SSL_set_bio(s, bio, bio); 1409 1.23 christos #ifndef OPENSSL_NO_KTLS 1410 1.23 christos /* 1411 1.23 christos * The new socket is created successfully regardless of ktls_enable. 1412 1.23 christos * ktls_enable doesn't change any functionality of the socket, except 1413 1.23 christos * changing the setsockopt to enable the processing of ktls_start. 1414 1.23 christos * Thus, it is not a problem to call it for non-TLS sockets. 1415 1.23 christos */ 1416 1.23 christos ktls_enable(fd); 1417 1.23 christos #endif /* OPENSSL_NO_KTLS */ 1418 1.4 spz ret = 1; 1419 1.4 spz err: 1420 1.13 christos return ret; 1421 1.4 spz } 1422 1.4 spz 1423 1.4 spz int SSL_set_wfd(SSL *s, int fd) 1424 1.4 spz { 1425 1.10 christos BIO *rbio = SSL_get_rbio(s); 1426 1.4 spz 1427 1.10 christos if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET 1428 1.10 christos || (int)BIO_get_fd(rbio, NULL) != fd) { 1429 1.10 christos BIO *bio = BIO_new(BIO_s_socket()); 1430 1.4 spz 1431 1.4 spz if (bio == NULL) { 1432 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 1433 1.10 christos return 0; 1434 1.4 spz } 1435 1.4 spz BIO_set_fd(bio, fd, BIO_NOCLOSE); 1436 1.10 christos SSL_set0_wbio(s, bio); 1437 1.23 christos #ifndef OPENSSL_NO_KTLS 1438 1.23 christos /* 1439 1.23 christos * The new socket is created successfully regardless of ktls_enable. 1440 1.23 christos * ktls_enable doesn't change any functionality of the socket, except 1441 1.23 christos * changing the setsockopt to enable the processing of ktls_start. 1442 1.23 christos * Thus, it is not a problem to call it for non-TLS sockets. 1443 1.23 christos */ 1444 1.23 christos ktls_enable(fd); 1445 1.23 christos #endif /* OPENSSL_NO_KTLS */ 1446 1.10 christos } else { 1447 1.10 christos BIO_up_ref(rbio); 1448 1.10 christos SSL_set0_wbio(s, rbio); 1449 1.10 christos } 1450 1.10 christos return 1; 1451 1.4 spz } 1452 1.4 spz 1453 1.4 spz int SSL_set_rfd(SSL *s, int fd) 1454 1.4 spz { 1455 1.10 christos BIO *wbio = SSL_get_wbio(s); 1456 1.4 spz 1457 1.10 christos if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET 1458 1.10 christos || ((int)BIO_get_fd(wbio, NULL) != fd)) { 1459 1.10 christos BIO *bio = BIO_new(BIO_s_socket()); 1460 1.4 spz 1461 1.4 spz if (bio == NULL) { 1462 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 1463 1.10 christos return 0; 1464 1.4 spz } 1465 1.4 spz BIO_set_fd(bio, fd, BIO_NOCLOSE); 1466 1.10 christos SSL_set0_rbio(s, bio); 1467 1.10 christos } else { 1468 1.10 christos BIO_up_ref(wbio); 1469 1.10 christos SSL_set0_rbio(s, wbio); 1470 1.10 christos } 1471 1.10 christos 1472 1.10 christos return 1; 1473 1.4 spz } 1474 1.1 christos #endif 1475 1.1 christos 1476 1.1 christos /* return length of latest Finished message we sent, copy to 'buf' */ 1477 1.1 christos size_t SSL_get_finished(const SSL *s, void *buf, size_t count) 1478 1.4 spz { 1479 1.4 spz size_t ret = 0; 1480 1.4 spz 1481 1.23 christos ret = s->s3.tmp.finish_md_len; 1482 1.23 christos if (count > ret) 1483 1.23 christos count = ret; 1484 1.23 christos memcpy(buf, s->s3.tmp.finish_md, count); 1485 1.4 spz return ret; 1486 1.4 spz } 1487 1.1 christos 1488 1.1 christos /* return length of latest Finished message we expected, copy to 'buf' */ 1489 1.1 christos size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) 1490 1.4 spz { 1491 1.4 spz size_t ret = 0; 1492 1.1 christos 1493 1.23 christos ret = s->s3.tmp.peer_finish_md_len; 1494 1.23 christos if (count > ret) 1495 1.23 christos count = ret; 1496 1.23 christos memcpy(buf, s->s3.tmp.peer_finish_md, count); 1497 1.4 spz return ret; 1498 1.4 spz } 1499 1.1 christos 1500 1.1 christos int SSL_get_verify_mode(const SSL *s) 1501 1.4 spz { 1502 1.13 christos return s->verify_mode; 1503 1.4 spz } 1504 1.1 christos 1505 1.1 christos int SSL_get_verify_depth(const SSL *s) 1506 1.4 spz { 1507 1.4 spz return X509_VERIFY_PARAM_get_depth(s->param); 1508 1.4 spz } 1509 1.4 spz 1510 1.4 spz int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) { 1511 1.13 christos return s->verify_callback; 1512 1.4 spz } 1513 1.1 christos 1514 1.1 christos int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) 1515 1.4 spz { 1516 1.13 christos return ctx->verify_mode; 1517 1.4 spz } 1518 1.1 christos 1519 1.1 christos int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) 1520 1.4 spz { 1521 1.4 spz return X509_VERIFY_PARAM_get_depth(ctx->param); 1522 1.4 spz } 1523 1.4 spz 1524 1.4 spz int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) { 1525 1.13 christos return ctx->default_verify_callback; 1526 1.4 spz } 1527 1.4 spz 1528 1.4 spz void SSL_set_verify(SSL *s, int mode, 1529 1.4 spz int (*callback) (int ok, X509_STORE_CTX *ctx)) 1530 1.4 spz { 1531 1.4 spz s->verify_mode = mode; 1532 1.4 spz if (callback != NULL) 1533 1.4 spz s->verify_callback = callback; 1534 1.4 spz } 1535 1.4 spz 1536 1.4 spz void SSL_set_verify_depth(SSL *s, int depth) 1537 1.4 spz { 1538 1.4 spz X509_VERIFY_PARAM_set_depth(s->param, depth); 1539 1.4 spz } 1540 1.4 spz 1541 1.4 spz void SSL_set_read_ahead(SSL *s, int yes) 1542 1.4 spz { 1543 1.10 christos RECORD_LAYER_set_read_ahead(&s->rlayer, yes); 1544 1.4 spz } 1545 1.1 christos 1546 1.1 christos int SSL_get_read_ahead(const SSL *s) 1547 1.4 spz { 1548 1.10 christos return RECORD_LAYER_get_read_ahead(&s->rlayer); 1549 1.4 spz } 1550 1.1 christos 1551 1.1 christos int SSL_pending(const SSL *s) 1552 1.4 spz { 1553 1.13 christos size_t pending = s->method->ssl_pending(s); 1554 1.13 christos 1555 1.4 spz /* 1556 1.4 spz * SSL_pending cannot work properly if read-ahead is enabled 1557 1.4 spz * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is 1558 1.4 spz * impossible to fix since SSL_pending cannot report errors that may be 1559 1.4 spz * observed while scanning the new data. (Note that SSL_pending() is 1560 1.4 spz * often used as a boolean value, so we'd better not return -1.) 1561 1.13 christos * 1562 1.13 christos * SSL_pending also cannot work properly if the value >INT_MAX. In that case 1563 1.13 christos * we just return INT_MAX. 1564 1.4 spz */ 1565 1.13 christos return pending < INT_MAX ? (int)pending : INT_MAX; 1566 1.4 spz } 1567 1.1 christos 1568 1.10 christos int SSL_has_pending(const SSL *s) 1569 1.10 christos { 1570 1.10 christos /* 1571 1.10 christos * Similar to SSL_pending() but returns a 1 to indicate that we have 1572 1.22 christos * processed or unprocessed data available or 0 otherwise (as opposed to the 1573 1.22 christos * number of bytes available). Unlike SSL_pending() this will take into 1574 1.22 christos * account read_ahead data. A 1 return simply indicates that we have data. 1575 1.22 christos * That data may not result in any application data, or we may fail to parse 1576 1.22 christos * the records for some reason. 1577 1.22 christos */ 1578 1.22 christos 1579 1.22 christos /* Check buffered app data if any first */ 1580 1.22 christos if (SSL_IS_DTLS(s)) { 1581 1.22 christos DTLS1_RECORD_DATA *rdata; 1582 1.22 christos pitem *item, *iter; 1583 1.22 christos 1584 1.22 christos iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q); 1585 1.22 christos while ((item = pqueue_next(&iter)) != NULL) { 1586 1.22 christos rdata = item->data; 1587 1.22 christos if (rdata->rrec.length > 0) 1588 1.22 christos return 1; 1589 1.22 christos } 1590 1.22 christos } 1591 1.22 christos 1592 1.10 christos if (RECORD_LAYER_processed_read_pending(&s->rlayer)) 1593 1.10 christos return 1; 1594 1.10 christos 1595 1.10 christos return RECORD_LAYER_read_pending(&s->rlayer); 1596 1.10 christos } 1597 1.10 christos 1598 1.23 christos X509 *SSL_get1_peer_certificate(const SSL *s) 1599 1.4 spz { 1600 1.23 christos X509 *r = SSL_get0_peer_certificate(s); 1601 1.23 christos 1602 1.23 christos if (r != NULL) 1603 1.23 christos X509_up_ref(r); 1604 1.1 christos 1605 1.23 christos return r; 1606 1.23 christos } 1607 1.23 christos 1608 1.23 christos X509 *SSL_get0_peer_certificate(const SSL *s) 1609 1.23 christos { 1610 1.4 spz if ((s == NULL) || (s->session == NULL)) 1611 1.23 christos return NULL; 1612 1.4 spz else 1613 1.23 christos return s->session->peer; 1614 1.4 spz } 1615 1.1 christos 1616 1.1 christos STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) 1617 1.4 spz { 1618 1.4 spz STACK_OF(X509) *r; 1619 1.4 spz 1620 1.10 christos if ((s == NULL) || (s->session == NULL)) 1621 1.4 spz r = NULL; 1622 1.4 spz else 1623 1.10 christos r = s->session->peer_chain; 1624 1.4 spz 1625 1.4 spz /* 1626 1.4 spz * If we are a client, cert_chain includes the peer's own certificate; if 1627 1.4 spz * we are a server, it does not. 1628 1.4 spz */ 1629 1.4 spz 1630 1.13 christos return r; 1631 1.4 spz } 1632 1.4 spz 1633 1.4 spz /* 1634 1.4 spz * Now in theory, since the calling process own 't' it should be safe to 1635 1.4 spz * modify. We need to be able to read f without being hassled 1636 1.4 spz */ 1637 1.10 christos int SSL_copy_session_id(SSL *t, const SSL *f) 1638 1.4 spz { 1639 1.10 christos int i; 1640 1.23 christos /* Do we need to do SSL locking? */ 1641 1.10 christos if (!SSL_set_session(t, SSL_get_session(f))) { 1642 1.10 christos return 0; 1643 1.10 christos } 1644 1.4 spz 1645 1.4 spz /* 1646 1.10 christos * what if we are setup for one protocol version but want to talk another 1647 1.4 spz */ 1648 1.4 spz if (t->method != f->method) { 1649 1.10 christos t->method->ssl_free(t); 1650 1.10 christos t->method = f->method; 1651 1.10 christos if (t->method->ssl_new(t) == 0) 1652 1.10 christos return 0; 1653 1.10 christos } 1654 1.10 christos 1655 1.13 christos CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock); 1656 1.10 christos ssl_cert_free(t->cert); 1657 1.10 christos t->cert = f->cert; 1658 1.13 christos if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) { 1659 1.10 christos return 0; 1660 1.4 spz } 1661 1.4 spz 1662 1.10 christos return 1; 1663 1.4 spz } 1664 1.1 christos 1665 1.1 christos /* Fix this so it checks all the valid key/cert options */ 1666 1.1 christos int SSL_CTX_check_private_key(const SSL_CTX *ctx) 1667 1.4 spz { 1668 1.10 christos if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) { 1669 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED); 1670 1.13 christos return 0; 1671 1.4 spz } 1672 1.4 spz if (ctx->cert->key->privatekey == NULL) { 1673 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 1674 1.13 christos return 0; 1675 1.4 spz } 1676 1.13 christos return X509_check_private_key 1677 1.13 christos (ctx->cert->key->x509, ctx->cert->key->privatekey); 1678 1.4 spz } 1679 1.1 christos 1680 1.1 christos /* Fix this function so that it takes an optional type parameter */ 1681 1.1 christos int SSL_check_private_key(const SSL *ssl) 1682 1.4 spz { 1683 1.4 spz if (ssl == NULL) { 1684 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 1685 1.13 christos return 0; 1686 1.4 spz } 1687 1.4 spz if (ssl->cert->key->x509 == NULL) { 1688 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED); 1689 1.13 christos return 0; 1690 1.4 spz } 1691 1.4 spz if (ssl->cert->key->privatekey == NULL) { 1692 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 1693 1.13 christos return 0; 1694 1.4 spz } 1695 1.13 christos return X509_check_private_key(ssl->cert->key->x509, 1696 1.13 christos ssl->cert->key->privatekey); 1697 1.4 spz } 1698 1.1 christos 1699 1.10 christos int SSL_waiting_for_async(SSL *s) 1700 1.10 christos { 1701 1.10 christos if (s->job) 1702 1.10 christos return 1; 1703 1.10 christos 1704 1.10 christos return 0; 1705 1.10 christos } 1706 1.10 christos 1707 1.10 christos int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds) 1708 1.10 christos { 1709 1.10 christos ASYNC_WAIT_CTX *ctx = s->waitctx; 1710 1.10 christos 1711 1.10 christos if (ctx == NULL) 1712 1.10 christos return 0; 1713 1.10 christos return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds); 1714 1.10 christos } 1715 1.10 christos 1716 1.10 christos int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, 1717 1.10 christos OSSL_ASYNC_FD *delfd, size_t *numdelfds) 1718 1.10 christos { 1719 1.10 christos ASYNC_WAIT_CTX *ctx = s->waitctx; 1720 1.10 christos 1721 1.10 christos if (ctx == NULL) 1722 1.10 christos return 0; 1723 1.10 christos return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd, 1724 1.10 christos numdelfds); 1725 1.10 christos } 1726 1.10 christos 1727 1.23 christos int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback) 1728 1.23 christos { 1729 1.23 christos ctx->async_cb = callback; 1730 1.23 christos return 1; 1731 1.23 christos } 1732 1.23 christos 1733 1.23 christos int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg) 1734 1.23 christos { 1735 1.23 christos ctx->async_cb_arg = arg; 1736 1.23 christos return 1; 1737 1.23 christos } 1738 1.23 christos 1739 1.23 christos int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback) 1740 1.23 christos { 1741 1.23 christos s->async_cb = callback; 1742 1.23 christos return 1; 1743 1.23 christos } 1744 1.23 christos 1745 1.23 christos int SSL_set_async_callback_arg(SSL *s, void *arg) 1746 1.23 christos { 1747 1.23 christos s->async_cb_arg = arg; 1748 1.23 christos return 1; 1749 1.23 christos } 1750 1.23 christos 1751 1.23 christos int SSL_get_async_status(SSL *s, int *status) 1752 1.23 christos { 1753 1.23 christos ASYNC_WAIT_CTX *ctx = s->waitctx; 1754 1.23 christos 1755 1.23 christos if (ctx == NULL) 1756 1.23 christos return 0; 1757 1.23 christos *status = ASYNC_WAIT_CTX_get_status(ctx); 1758 1.23 christos return 1; 1759 1.23 christos } 1760 1.23 christos 1761 1.1 christos int SSL_accept(SSL *s) 1762 1.4 spz { 1763 1.10 christos if (s->handshake_func == NULL) { 1764 1.4 spz /* Not properly initialized yet */ 1765 1.4 spz SSL_set_accept_state(s); 1766 1.10 christos } 1767 1.1 christos 1768 1.10 christos return SSL_do_handshake(s); 1769 1.4 spz } 1770 1.1 christos 1771 1.1 christos int SSL_connect(SSL *s) 1772 1.4 spz { 1773 1.10 christos if (s->handshake_func == NULL) { 1774 1.4 spz /* Not properly initialized yet */ 1775 1.4 spz SSL_set_connect_state(s); 1776 1.10 christos } 1777 1.1 christos 1778 1.10 christos return SSL_do_handshake(s); 1779 1.4 spz } 1780 1.1 christos 1781 1.1 christos long SSL_get_default_timeout(const SSL *s) 1782 1.4 spz { 1783 1.13 christos return s->method->get_timeout(); 1784 1.4 spz } 1785 1.4 spz 1786 1.23 christos static int ssl_async_wait_ctx_cb(void *arg) 1787 1.23 christos { 1788 1.23 christos SSL *s = (SSL *)arg; 1789 1.23 christos 1790 1.23 christos return s->async_cb(s, s->async_cb_arg); 1791 1.23 christos } 1792 1.23 christos 1793 1.10 christos static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, 1794 1.10 christos int (*func) (void *)) 1795 1.10 christos { 1796 1.10 christos int ret; 1797 1.10 christos if (s->waitctx == NULL) { 1798 1.10 christos s->waitctx = ASYNC_WAIT_CTX_new(); 1799 1.10 christos if (s->waitctx == NULL) 1800 1.10 christos return -1; 1801 1.23 christos if (s->async_cb != NULL 1802 1.23 christos && !ASYNC_WAIT_CTX_set_callback 1803 1.23 christos (s->waitctx, ssl_async_wait_ctx_cb, s)) 1804 1.23 christos return -1; 1805 1.10 christos } 1806 1.21 christos 1807 1.21 christos s->rwstate = SSL_NOTHING; 1808 1.10 christos switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args, 1809 1.10 christos sizeof(struct ssl_async_args))) { 1810 1.10 christos case ASYNC_ERR: 1811 1.10 christos s->rwstate = SSL_NOTHING; 1812 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_INIT_ASYNC); 1813 1.10 christos return -1; 1814 1.10 christos case ASYNC_PAUSE: 1815 1.10 christos s->rwstate = SSL_ASYNC_PAUSED; 1816 1.10 christos return -1; 1817 1.10 christos case ASYNC_NO_JOBS: 1818 1.10 christos s->rwstate = SSL_ASYNC_NO_JOBS; 1819 1.10 christos return -1; 1820 1.10 christos case ASYNC_FINISH: 1821 1.10 christos s->job = NULL; 1822 1.10 christos return ret; 1823 1.10 christos default: 1824 1.10 christos s->rwstate = SSL_NOTHING; 1825 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); 1826 1.10 christos /* Shouldn't happen */ 1827 1.10 christos return -1; 1828 1.10 christos } 1829 1.10 christos } 1830 1.10 christos 1831 1.10 christos static int ssl_io_intern(void *vargs) 1832 1.10 christos { 1833 1.10 christos struct ssl_async_args *args; 1834 1.10 christos SSL *s; 1835 1.10 christos void *buf; 1836 1.13 christos size_t num; 1837 1.10 christos 1838 1.10 christos args = (struct ssl_async_args *)vargs; 1839 1.10 christos s = args->s; 1840 1.10 christos buf = args->buf; 1841 1.10 christos num = args->num; 1842 1.10 christos switch (args->type) { 1843 1.10 christos case READFUNC: 1844 1.13 christos return args->f.func_read(s, buf, num, &s->asyncrw); 1845 1.10 christos case WRITEFUNC: 1846 1.13 christos return args->f.func_write(s, buf, num, &s->asyncrw); 1847 1.10 christos case OTHERFUNC: 1848 1.10 christos return args->f.func_other(s); 1849 1.10 christos } 1850 1.10 christos return -1; 1851 1.10 christos } 1852 1.10 christos 1853 1.13 christos int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes) 1854 1.4 spz { 1855 1.10 christos if (s->handshake_func == NULL) { 1856 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 1857 1.4 spz return -1; 1858 1.4 spz } 1859 1.4 spz 1860 1.4 spz if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1861 1.4 spz s->rwstate = SSL_NOTHING; 1862 1.13 christos return 0; 1863 1.13 christos } 1864 1.13 christos 1865 1.13 christos if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY 1866 1.13 christos || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) { 1867 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1868 1.13 christos return 0; 1869 1.4 spz } 1870 1.13 christos /* 1871 1.13 christos * If we are a client and haven't received the ServerHello etc then we 1872 1.13 christos * better do that 1873 1.13 christos */ 1874 1.13 christos ossl_statem_check_finish_init(s, 0); 1875 1.10 christos 1876 1.10 christos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { 1877 1.10 christos struct ssl_async_args args; 1878 1.13 christos int ret; 1879 1.10 christos 1880 1.10 christos args.s = s; 1881 1.10 christos args.buf = buf; 1882 1.10 christos args.num = num; 1883 1.10 christos args.type = READFUNC; 1884 1.10 christos args.f.func_read = s->method->ssl_read; 1885 1.10 christos 1886 1.13 christos ret = ssl_start_async_job(s, &args, ssl_io_intern); 1887 1.13 christos *readbytes = s->asyncrw; 1888 1.13 christos return ret; 1889 1.10 christos } else { 1890 1.13 christos return s->method->ssl_read(s, buf, num, readbytes); 1891 1.13 christos } 1892 1.13 christos } 1893 1.13 christos 1894 1.13 christos int SSL_read(SSL *s, void *buf, int num) 1895 1.13 christos { 1896 1.13 christos int ret; 1897 1.13 christos size_t readbytes; 1898 1.13 christos 1899 1.13 christos if (num < 0) { 1900 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH); 1901 1.13 christos return -1; 1902 1.13 christos } 1903 1.13 christos 1904 1.13 christos ret = ssl_read_internal(s, buf, (size_t)num, &readbytes); 1905 1.13 christos 1906 1.13 christos /* 1907 1.13 christos * The cast is safe here because ret should be <= INT_MAX because num is 1908 1.13 christos * <= INT_MAX 1909 1.13 christos */ 1910 1.13 christos if (ret > 0) 1911 1.13 christos ret = (int)readbytes; 1912 1.13 christos 1913 1.13 christos return ret; 1914 1.13 christos } 1915 1.13 christos 1916 1.13 christos int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes) 1917 1.13 christos { 1918 1.13 christos int ret = ssl_read_internal(s, buf, num, readbytes); 1919 1.13 christos 1920 1.13 christos if (ret < 0) 1921 1.13 christos ret = 0; 1922 1.13 christos return ret; 1923 1.13 christos } 1924 1.13 christos 1925 1.13 christos int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) 1926 1.13 christos { 1927 1.13 christos int ret; 1928 1.13 christos 1929 1.13 christos if (!s->server) { 1930 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1931 1.13 christos return SSL_READ_EARLY_DATA_ERROR; 1932 1.13 christos } 1933 1.13 christos 1934 1.13 christos switch (s->early_data_state) { 1935 1.13 christos case SSL_EARLY_DATA_NONE: 1936 1.13 christos if (!SSL_in_before(s)) { 1937 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1938 1.13 christos return SSL_READ_EARLY_DATA_ERROR; 1939 1.13 christos } 1940 1.13 christos /* fall through */ 1941 1.13 christos 1942 1.13 christos case SSL_EARLY_DATA_ACCEPT_RETRY: 1943 1.13 christos s->early_data_state = SSL_EARLY_DATA_ACCEPTING; 1944 1.13 christos ret = SSL_accept(s); 1945 1.13 christos if (ret <= 0) { 1946 1.13 christos /* NBIO or error */ 1947 1.13 christos s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY; 1948 1.13 christos return SSL_READ_EARLY_DATA_ERROR; 1949 1.13 christos } 1950 1.13 christos /* fall through */ 1951 1.13 christos 1952 1.13 christos case SSL_EARLY_DATA_READ_RETRY: 1953 1.13 christos if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) { 1954 1.13 christos s->early_data_state = SSL_EARLY_DATA_READING; 1955 1.13 christos ret = SSL_read_ex(s, buf, num, readbytes); 1956 1.13 christos /* 1957 1.13 christos * State machine will update early_data_state to 1958 1.13 christos * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData 1959 1.13 christos * message 1960 1.13 christos */ 1961 1.13 christos if (ret > 0 || (ret <= 0 && s->early_data_state 1962 1.13 christos != SSL_EARLY_DATA_FINISHED_READING)) { 1963 1.13 christos s->early_data_state = SSL_EARLY_DATA_READ_RETRY; 1964 1.13 christos return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS 1965 1.13 christos : SSL_READ_EARLY_DATA_ERROR; 1966 1.13 christos } 1967 1.13 christos } else { 1968 1.13 christos s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; 1969 1.13 christos } 1970 1.13 christos *readbytes = 0; 1971 1.13 christos return SSL_READ_EARLY_DATA_FINISH; 1972 1.13 christos 1973 1.13 christos default: 1974 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1975 1.13 christos return SSL_READ_EARLY_DATA_ERROR; 1976 1.10 christos } 1977 1.4 spz } 1978 1.4 spz 1979 1.13 christos int SSL_get_early_data_status(const SSL *s) 1980 1.13 christos { 1981 1.13 christos return s->ext.early_data; 1982 1.13 christos } 1983 1.13 christos 1984 1.13 christos static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes) 1985 1.4 spz { 1986 1.10 christos if (s->handshake_func == NULL) { 1987 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 1988 1.4 spz return -1; 1989 1.4 spz } 1990 1.4 spz 1991 1.4 spz if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { 1992 1.13 christos return 0; 1993 1.4 spz } 1994 1.10 christos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { 1995 1.10 christos struct ssl_async_args args; 1996 1.13 christos int ret; 1997 1.10 christos 1998 1.10 christos args.s = s; 1999 1.10 christos args.buf = buf; 2000 1.10 christos args.num = num; 2001 1.10 christos args.type = READFUNC; 2002 1.10 christos args.f.func_read = s->method->ssl_peek; 2003 1.10 christos 2004 1.13 christos ret = ssl_start_async_job(s, &args, ssl_io_intern); 2005 1.13 christos *readbytes = s->asyncrw; 2006 1.13 christos return ret; 2007 1.10 christos } else { 2008 1.13 christos return s->method->ssl_peek(s, buf, num, readbytes); 2009 1.13 christos } 2010 1.13 christos } 2011 1.13 christos 2012 1.13 christos int SSL_peek(SSL *s, void *buf, int num) 2013 1.13 christos { 2014 1.13 christos int ret; 2015 1.13 christos size_t readbytes; 2016 1.13 christos 2017 1.13 christos if (num < 0) { 2018 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH); 2019 1.13 christos return -1; 2020 1.10 christos } 2021 1.13 christos 2022 1.13 christos ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes); 2023 1.13 christos 2024 1.13 christos /* 2025 1.13 christos * The cast is safe here because ret should be <= INT_MAX because num is 2026 1.13 christos * <= INT_MAX 2027 1.13 christos */ 2028 1.13 christos if (ret > 0) 2029 1.13 christos ret = (int)readbytes; 2030 1.13 christos 2031 1.13 christos return ret; 2032 1.13 christos } 2033 1.13 christos 2034 1.13 christos 2035 1.13 christos int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes) 2036 1.13 christos { 2037 1.13 christos int ret = ssl_peek_internal(s, buf, num, readbytes); 2038 1.13 christos 2039 1.13 christos if (ret < 0) 2040 1.13 christos ret = 0; 2041 1.13 christos return ret; 2042 1.4 spz } 2043 1.4 spz 2044 1.13 christos int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) 2045 1.4 spz { 2046 1.10 christos if (s->handshake_func == NULL) { 2047 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 2048 1.4 spz return -1; 2049 1.4 spz } 2050 1.4 spz 2051 1.4 spz if (s->shutdown & SSL_SENT_SHUTDOWN) { 2052 1.4 spz s->rwstate = SSL_NOTHING; 2053 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN); 2054 1.13 christos return -1; 2055 1.13 christos } 2056 1.13 christos 2057 1.13 christos if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY 2058 1.13 christos || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY 2059 1.13 christos || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) { 2060 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2061 1.13 christos return 0; 2062 1.4 spz } 2063 1.13 christos /* If we are a client and haven't sent the Finished we better do that */ 2064 1.13 christos ossl_statem_check_finish_init(s, 1); 2065 1.10 christos 2066 1.10 christos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { 2067 1.13 christos int ret; 2068 1.10 christos struct ssl_async_args args; 2069 1.10 christos 2070 1.10 christos args.s = s; 2071 1.10 christos args.buf = (void *)buf; 2072 1.10 christos args.num = num; 2073 1.10 christos args.type = WRITEFUNC; 2074 1.10 christos args.f.func_write = s->method->ssl_write; 2075 1.10 christos 2076 1.13 christos ret = ssl_start_async_job(s, &args, ssl_io_intern); 2077 1.13 christos *written = s->asyncrw; 2078 1.13 christos return ret; 2079 1.10 christos } else { 2080 1.13 christos return s->method->ssl_write(s, buf, num, written); 2081 1.13 christos } 2082 1.13 christos } 2083 1.13 christos 2084 1.23 christos ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags) 2085 1.23 christos { 2086 1.23 christos ossl_ssize_t ret; 2087 1.23 christos 2088 1.23 christos if (s->handshake_func == NULL) { 2089 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 2090 1.23 christos return -1; 2091 1.23 christos } 2092 1.23 christos 2093 1.23 christos if (s->shutdown & SSL_SENT_SHUTDOWN) { 2094 1.23 christos s->rwstate = SSL_NOTHING; 2095 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN); 2096 1.23 christos return -1; 2097 1.23 christos } 2098 1.23 christos 2099 1.23 christos if (!BIO_get_ktls_send(s->wbio)) { 2100 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 2101 1.23 christos return -1; 2102 1.23 christos } 2103 1.23 christos 2104 1.23 christos /* If we have an alert to send, lets send it */ 2105 1.23 christos if (s->s3.alert_dispatch) { 2106 1.23 christos ret = (ossl_ssize_t)s->method->ssl_dispatch_alert(s); 2107 1.23 christos if (ret <= 0) { 2108 1.23 christos /* SSLfatal() already called if appropriate */ 2109 1.23 christos return ret; 2110 1.23 christos } 2111 1.23 christos /* if it went, fall through and send more stuff */ 2112 1.23 christos } 2113 1.23 christos 2114 1.23 christos s->rwstate = SSL_WRITING; 2115 1.23 christos if (BIO_flush(s->wbio) <= 0) { 2116 1.23 christos if (!BIO_should_retry(s->wbio)) { 2117 1.23 christos s->rwstate = SSL_NOTHING; 2118 1.23 christos } else { 2119 1.23 christos #ifdef EAGAIN 2120 1.23 christos set_sys_error(EAGAIN); 2121 1.23 christos #endif 2122 1.23 christos } 2123 1.23 christos return -1; 2124 1.23 christos } 2125 1.23 christos 2126 1.23 christos #ifdef OPENSSL_NO_KTLS 2127 1.23 christos ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR, 2128 1.23 christos "can't call ktls_sendfile(), ktls disabled"); 2129 1.23 christos return -1; 2130 1.23 christos #else 2131 1.23 christos ret = ktls_sendfile(SSL_get_wfd(s), fd, offset, size, flags); 2132 1.23 christos if (ret < 0) { 2133 1.23 christos #if defined(EAGAIN) && defined(EINTR) && defined(EBUSY) 2134 1.23 christos if ((get_last_sys_error() == EAGAIN) || 2135 1.23 christos (get_last_sys_error() == EINTR) || 2136 1.23 christos (get_last_sys_error() == EBUSY)) 2137 1.23 christos BIO_set_retry_write(s->wbio); 2138 1.23 christos else 2139 1.23 christos #endif 2140 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 2141 1.23 christos return ret; 2142 1.23 christos } 2143 1.23 christos s->rwstate = SSL_NOTHING; 2144 1.23 christos return ret; 2145 1.23 christos #endif 2146 1.23 christos } 2147 1.23 christos 2148 1.13 christos int SSL_write(SSL *s, const void *buf, int num) 2149 1.13 christos { 2150 1.13 christos int ret; 2151 1.13 christos size_t written; 2152 1.13 christos 2153 1.13 christos if (num < 0) { 2154 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH); 2155 1.13 christos return -1; 2156 1.13 christos } 2157 1.13 christos 2158 1.13 christos ret = ssl_write_internal(s, buf, (size_t)num, &written); 2159 1.13 christos 2160 1.13 christos /* 2161 1.13 christos * The cast is safe here because ret should be <= INT_MAX because num is 2162 1.13 christos * <= INT_MAX 2163 1.13 christos */ 2164 1.13 christos if (ret > 0) 2165 1.13 christos ret = (int)written; 2166 1.13 christos 2167 1.13 christos return ret; 2168 1.13 christos } 2169 1.13 christos 2170 1.13 christos int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written) 2171 1.13 christos { 2172 1.13 christos int ret = ssl_write_internal(s, buf, num, written); 2173 1.13 christos 2174 1.13 christos if (ret < 0) 2175 1.13 christos ret = 0; 2176 1.13 christos return ret; 2177 1.13 christos } 2178 1.13 christos 2179 1.13 christos int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) 2180 1.13 christos { 2181 1.13 christos int ret, early_data_state; 2182 1.13 christos size_t writtmp; 2183 1.13 christos uint32_t partialwrite; 2184 1.13 christos 2185 1.13 christos switch (s->early_data_state) { 2186 1.13 christos case SSL_EARLY_DATA_NONE: 2187 1.13 christos if (s->server 2188 1.13 christos || !SSL_in_before(s) 2189 1.13 christos || ((s->session == NULL || s->session->ext.max_early_data == 0) 2190 1.13 christos && (s->psk_use_session_cb == NULL))) { 2191 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2192 1.13 christos return 0; 2193 1.13 christos } 2194 1.13 christos /* fall through */ 2195 1.13 christos 2196 1.13 christos case SSL_EARLY_DATA_CONNECT_RETRY: 2197 1.13 christos s->early_data_state = SSL_EARLY_DATA_CONNECTING; 2198 1.13 christos ret = SSL_connect(s); 2199 1.13 christos if (ret <= 0) { 2200 1.13 christos /* NBIO or error */ 2201 1.13 christos s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY; 2202 1.13 christos return 0; 2203 1.13 christos } 2204 1.13 christos /* fall through */ 2205 1.13 christos 2206 1.13 christos case SSL_EARLY_DATA_WRITE_RETRY: 2207 1.13 christos s->early_data_state = SSL_EARLY_DATA_WRITING; 2208 1.13 christos /* 2209 1.13 christos * We disable partial write for early data because we don't keep track 2210 1.13 christos * of how many bytes we've written between the SSL_write_ex() call and 2211 1.13 christos * the flush if the flush needs to be retried) 2212 1.13 christos */ 2213 1.13 christos partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE; 2214 1.13 christos s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE; 2215 1.13 christos ret = SSL_write_ex(s, buf, num, &writtmp); 2216 1.13 christos s->mode |= partialwrite; 2217 1.13 christos if (!ret) { 2218 1.13 christos s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; 2219 1.13 christos return ret; 2220 1.13 christos } 2221 1.13 christos s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH; 2222 1.13 christos /* fall through */ 2223 1.13 christos 2224 1.13 christos case SSL_EARLY_DATA_WRITE_FLUSH: 2225 1.13 christos /* The buffering BIO is still in place so we need to flush it */ 2226 1.13 christos if (statem_flush(s) != 1) 2227 1.13 christos return 0; 2228 1.13 christos *written = num; 2229 1.13 christos s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; 2230 1.13 christos return 1; 2231 1.13 christos 2232 1.13 christos case SSL_EARLY_DATA_FINISHED_READING: 2233 1.13 christos case SSL_EARLY_DATA_READ_RETRY: 2234 1.13 christos early_data_state = s->early_data_state; 2235 1.13 christos /* We are a server writing to an unauthenticated client */ 2236 1.13 christos s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING; 2237 1.13 christos ret = SSL_write_ex(s, buf, num, written); 2238 1.13 christos /* The buffering BIO is still in place */ 2239 1.13 christos if (ret) 2240 1.13 christos (void)BIO_flush(s->wbio); 2241 1.13 christos s->early_data_state = early_data_state; 2242 1.13 christos return ret; 2243 1.13 christos 2244 1.13 christos default: 2245 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2246 1.13 christos return 0; 2247 1.10 christos } 2248 1.4 spz } 2249 1.1 christos 2250 1.1 christos int SSL_shutdown(SSL *s) 2251 1.4 spz { 2252 1.4 spz /* 2253 1.4 spz * Note that this function behaves differently from what one might 2254 1.4 spz * expect. Return values are 0 for no success (yet), 1 for success; but 2255 1.4 spz * calling it once is usually not enough, even if blocking I/O is used 2256 1.4 spz * (see ssl3_shutdown). 2257 1.4 spz */ 2258 1.4 spz 2259 1.10 christos if (s->handshake_func == NULL) { 2260 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); 2261 1.4 spz return -1; 2262 1.4 spz } 2263 1.4 spz 2264 1.8 spz if (!SSL_in_init(s)) { 2265 1.10 christos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { 2266 1.10 christos struct ssl_async_args args; 2267 1.10 christos 2268 1.22 christos memset(&args, 0, sizeof(args)); 2269 1.10 christos args.s = s; 2270 1.10 christos args.type = OTHERFUNC; 2271 1.10 christos args.f.func_other = s->method->ssl_shutdown; 2272 1.10 christos 2273 1.10 christos return ssl_start_async_job(s, &args, ssl_io_intern); 2274 1.10 christos } else { 2275 1.10 christos return s->method->ssl_shutdown(s); 2276 1.10 christos } 2277 1.8 spz } else { 2278 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT); 2279 1.8 spz return -1; 2280 1.8 spz } 2281 1.4 spz } 2282 1.1 christos 2283 1.13 christos int SSL_key_update(SSL *s, int updatetype) 2284 1.13 christos { 2285 1.13 christos if (!SSL_IS_TLS13(s)) { 2286 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION); 2287 1.13 christos return 0; 2288 1.13 christos } 2289 1.13 christos 2290 1.13 christos if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED 2291 1.13 christos && updatetype != SSL_KEY_UPDATE_REQUESTED) { 2292 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_KEY_UPDATE_TYPE); 2293 1.13 christos return 0; 2294 1.13 christos } 2295 1.13 christos 2296 1.13 christos if (!SSL_is_init_finished(s)) { 2297 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT); 2298 1.13 christos return 0; 2299 1.13 christos } 2300 1.13 christos 2301 1.21 christos if (RECORD_LAYER_write_pending(&s->rlayer)) { 2302 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY); 2303 1.21 christos return 0; 2304 1.21 christos } 2305 1.21 christos 2306 1.13 christos ossl_statem_set_in_init(s, 1); 2307 1.13 christos s->key_update = updatetype; 2308 1.13 christos return 1; 2309 1.13 christos } 2310 1.13 christos 2311 1.15 christos int SSL_get_key_update_type(const SSL *s) 2312 1.13 christos { 2313 1.13 christos return s->key_update; 2314 1.13 christos } 2315 1.13 christos 2316 1.23 christos /* 2317 1.23 christos * Can we accept a renegotiation request? If yes, set the flag and 2318 1.23 christos * return 1 if yes. If not, raise error and return 0. 2319 1.23 christos */ 2320 1.23 christos static int can_renegotiate(const SSL *s) 2321 1.4 spz { 2322 1.13 christos if (SSL_IS_TLS13(s)) { 2323 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION); 2324 1.13 christos return 0; 2325 1.13 christos } 2326 1.13 christos 2327 1.23 christos if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) { 2328 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION); 2329 1.11 christos return 0; 2330 1.11 christos } 2331 1.11 christos 2332 1.23 christos return 1; 2333 1.23 christos } 2334 1.23 christos 2335 1.23 christos int SSL_renegotiate(SSL *s) 2336 1.23 christos { 2337 1.23 christos if (!can_renegotiate(s)) 2338 1.23 christos return 0; 2339 1.23 christos 2340 1.13 christos s->renegotiate = 1; 2341 1.4 spz s->new_session = 1; 2342 1.13 christos return s->method->ssl_renegotiate(s); 2343 1.4 spz } 2344 1.2 spz 2345 1.2 spz int SSL_renegotiate_abbreviated(SSL *s) 2346 1.4 spz { 2347 1.23 christos if (!can_renegotiate(s)) 2348 1.13 christos return 0; 2349 1.11 christos 2350 1.13 christos s->renegotiate = 1; 2351 1.4 spz s->new_session = 0; 2352 1.13 christos return s->method->ssl_renegotiate(s); 2353 1.4 spz } 2354 1.1 christos 2355 1.15 christos int SSL_renegotiate_pending(const SSL *s) 2356 1.4 spz { 2357 1.4 spz /* 2358 1.4 spz * becomes true when negotiation is requested; false again once a 2359 1.4 spz * handshake has finished 2360 1.4 spz */ 2361 1.4 spz return (s->renegotiate != 0); 2362 1.4 spz } 2363 1.4 spz 2364 1.23 christos int SSL_new_session_ticket(SSL *s) 2365 1.23 christos { 2366 1.23 christos /* If we are in init because we're sending tickets, okay to send more. */ 2367 1.23 christos if ((SSL_in_init(s) && s->ext.extra_tickets_expected == 0) 2368 1.23 christos || SSL_IS_FIRST_HANDSHAKE(s) || !s->server 2369 1.23 christos || !SSL_IS_TLS13(s)) 2370 1.23 christos return 0; 2371 1.23 christos s->ext.extra_tickets_expected++; 2372 1.23 christos if (!RECORD_LAYER_write_pending(&s->rlayer) && !SSL_in_init(s)) 2373 1.23 christos ossl_statem_set_in_init(s, 1); 2374 1.23 christos return 1; 2375 1.23 christos } 2376 1.23 christos 2377 1.4 spz long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) 2378 1.4 spz { 2379 1.4 spz long l; 2380 1.4 spz 2381 1.4 spz switch (cmd) { 2382 1.4 spz case SSL_CTRL_GET_READ_AHEAD: 2383 1.13 christos return RECORD_LAYER_get_read_ahead(&s->rlayer); 2384 1.4 spz case SSL_CTRL_SET_READ_AHEAD: 2385 1.10 christos l = RECORD_LAYER_get_read_ahead(&s->rlayer); 2386 1.10 christos RECORD_LAYER_set_read_ahead(&s->rlayer, larg); 2387 1.13 christos return l; 2388 1.4 spz 2389 1.4 spz case SSL_CTRL_SET_MSG_CALLBACK_ARG: 2390 1.4 spz s->msg_callback_arg = parg; 2391 1.4 spz return 1; 2392 1.4 spz 2393 1.4 spz case SSL_CTRL_MODE: 2394 1.4 spz return (s->mode |= larg); 2395 1.4 spz case SSL_CTRL_CLEAR_MODE: 2396 1.4 spz return (s->mode &= ~larg); 2397 1.4 spz case SSL_CTRL_GET_MAX_CERT_LIST: 2398 1.13 christos return (long)s->max_cert_list; 2399 1.4 spz case SSL_CTRL_SET_MAX_CERT_LIST: 2400 1.13 christos if (larg < 0) 2401 1.13 christos return 0; 2402 1.13 christos l = (long)s->max_cert_list; 2403 1.13 christos s->max_cert_list = (size_t)larg; 2404 1.13 christos return l; 2405 1.4 spz case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 2406 1.4 spz if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 2407 1.4 spz return 0; 2408 1.23 christos #ifndef OPENSSL_NO_KTLS 2409 1.23 christos if (s->wbio != NULL && BIO_get_ktls_send(s->wbio)) 2410 1.23 christos return 0; 2411 1.23 christos #endif /* OPENSSL_NO_KTLS */ 2412 1.4 spz s->max_send_fragment = larg; 2413 1.10 christos if (s->max_send_fragment < s->split_send_fragment) 2414 1.10 christos s->split_send_fragment = s->max_send_fragment; 2415 1.10 christos return 1; 2416 1.10 christos case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: 2417 1.13 christos if ((size_t)larg > s->max_send_fragment || larg == 0) 2418 1.10 christos return 0; 2419 1.10 christos s->split_send_fragment = larg; 2420 1.10 christos return 1; 2421 1.10 christos case SSL_CTRL_SET_MAX_PIPELINES: 2422 1.10 christos if (larg < 1 || larg > SSL_MAX_PIPELINES) 2423 1.10 christos return 0; 2424 1.10 christos s->max_pipelines = larg; 2425 1.10 christos if (larg > 1) 2426 1.10 christos RECORD_LAYER_set_read_ahead(&s->rlayer, 1); 2427 1.4 spz return 1; 2428 1.4 spz case SSL_CTRL_GET_RI_SUPPORT: 2429 1.23 christos return s->s3.send_connection_binding; 2430 1.23 christos case SSL_CTRL_SET_RETRY_VERIFY: 2431 1.23 christos s->rwstate = SSL_RETRY_VERIFY; 2432 1.23 christos return 1; 2433 1.8 spz case SSL_CTRL_CERT_FLAGS: 2434 1.8 spz return (s->cert->cert_flags |= larg); 2435 1.8 spz case SSL_CTRL_CLEAR_CERT_FLAGS: 2436 1.8 spz return (s->cert->cert_flags &= ~larg); 2437 1.8 spz 2438 1.8 spz case SSL_CTRL_GET_RAW_CIPHERLIST: 2439 1.8 spz if (parg) { 2440 1.23 christos if (s->s3.tmp.ciphers_raw == NULL) 2441 1.8 spz return 0; 2442 1.23 christos *(unsigned char **)parg = s->s3.tmp.ciphers_raw; 2443 1.23 christos return (int)s->s3.tmp.ciphers_rawlen; 2444 1.10 christos } else { 2445 1.10 christos return TLS_CIPHER_LEN; 2446 1.10 christos } 2447 1.10 christos case SSL_CTRL_GET_EXTMS_SUPPORT: 2448 1.10 christos if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s)) 2449 1.10 christos return -1; 2450 1.10 christos if (s->session->flags & SSL_SESS_FLAG_EXTMS) 2451 1.10 christos return 1; 2452 1.10 christos else 2453 1.10 christos return 0; 2454 1.10 christos case SSL_CTRL_SET_MIN_PROTO_VERSION: 2455 1.10 christos return ssl_check_allowed_versions(larg, s->max_proto_version) 2456 1.10 christos && ssl_set_version_bound(s->ctx->method->version, (int)larg, 2457 1.10 christos &s->min_proto_version); 2458 1.10 christos case SSL_CTRL_GET_MIN_PROTO_VERSION: 2459 1.10 christos return s->min_proto_version; 2460 1.10 christos case SSL_CTRL_SET_MAX_PROTO_VERSION: 2461 1.10 christos return ssl_check_allowed_versions(s->min_proto_version, larg) 2462 1.10 christos && ssl_set_version_bound(s->ctx->method->version, (int)larg, 2463 1.10 christos &s->max_proto_version); 2464 1.10 christos case SSL_CTRL_GET_MAX_PROTO_VERSION: 2465 1.10 christos return s->max_proto_version; 2466 1.4 spz default: 2467 1.13 christos return s->method->ssl_ctrl(s, cmd, larg, parg); 2468 1.4 spz } 2469 1.4 spz } 2470 1.4 spz 2471 1.4 spz long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) 2472 1.4 spz { 2473 1.4 spz switch (cmd) { 2474 1.4 spz case SSL_CTRL_SET_MSG_CALLBACK: 2475 1.4 spz s->msg_callback = (void (*) 2476 1.4 spz (int write_p, int version, int content_type, 2477 1.4 spz const void *buf, size_t len, SSL *ssl, 2478 1.4 spz void *arg))(fp); 2479 1.4 spz return 1; 2480 1.4 spz 2481 1.4 spz default: 2482 1.13 christos return s->method->ssl_callback_ctrl(s, cmd, fp); 2483 1.4 spz } 2484 1.4 spz } 2485 1.1 christos 2486 1.1 christos LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) 2487 1.4 spz { 2488 1.4 spz return ctx->sessions; 2489 1.4 spz } 2490 1.4 spz 2491 1.23 christos static int ssl_tsan_load(SSL_CTX *ctx, TSAN_QUALIFIER int *stat) 2492 1.23 christos { 2493 1.23 christos int res = 0; 2494 1.23 christos 2495 1.23 christos if (ssl_tsan_lock(ctx)) { 2496 1.23 christos res = tsan_load(stat); 2497 1.23 christos ssl_tsan_unlock(ctx); 2498 1.23 christos } 2499 1.23 christos return res; 2500 1.23 christos } 2501 1.23 christos 2502 1.4 spz long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 2503 1.4 spz { 2504 1.4 spz long l; 2505 1.8 spz /* For some cases with ctx == NULL perform syntax checks */ 2506 1.8 spz if (ctx == NULL) { 2507 1.8 spz switch (cmd) { 2508 1.13 christos case SSL_CTRL_SET_GROUPS_LIST: 2509 1.23 christos return tls1_set_groups_list(ctx, NULL, NULL, parg); 2510 1.8 spz case SSL_CTRL_SET_SIGALGS_LIST: 2511 1.8 spz case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: 2512 1.8 spz return tls1_set_sigalgs_list(NULL, parg, 0); 2513 1.8 spz default: 2514 1.8 spz return 0; 2515 1.8 spz } 2516 1.8 spz } 2517 1.4 spz 2518 1.4 spz switch (cmd) { 2519 1.4 spz case SSL_CTRL_GET_READ_AHEAD: 2520 1.13 christos return ctx->read_ahead; 2521 1.4 spz case SSL_CTRL_SET_READ_AHEAD: 2522 1.4 spz l = ctx->read_ahead; 2523 1.4 spz ctx->read_ahead = larg; 2524 1.13 christos return l; 2525 1.4 spz 2526 1.4 spz case SSL_CTRL_SET_MSG_CALLBACK_ARG: 2527 1.4 spz ctx->msg_callback_arg = parg; 2528 1.4 spz return 1; 2529 1.4 spz 2530 1.4 spz case SSL_CTRL_GET_MAX_CERT_LIST: 2531 1.13 christos return (long)ctx->max_cert_list; 2532 1.4 spz case SSL_CTRL_SET_MAX_CERT_LIST: 2533 1.13 christos if (larg < 0) 2534 1.13 christos return 0; 2535 1.13 christos l = (long)ctx->max_cert_list; 2536 1.13 christos ctx->max_cert_list = (size_t)larg; 2537 1.13 christos return l; 2538 1.4 spz 2539 1.4 spz case SSL_CTRL_SET_SESS_CACHE_SIZE: 2540 1.13 christos if (larg < 0) 2541 1.13 christos return 0; 2542 1.13 christos l = (long)ctx->session_cache_size; 2543 1.13 christos ctx->session_cache_size = (size_t)larg; 2544 1.13 christos return l; 2545 1.4 spz case SSL_CTRL_GET_SESS_CACHE_SIZE: 2546 1.13 christos return (long)ctx->session_cache_size; 2547 1.4 spz case SSL_CTRL_SET_SESS_CACHE_MODE: 2548 1.4 spz l = ctx->session_cache_mode; 2549 1.4 spz ctx->session_cache_mode = larg; 2550 1.13 christos return l; 2551 1.4 spz case SSL_CTRL_GET_SESS_CACHE_MODE: 2552 1.13 christos return ctx->session_cache_mode; 2553 1.4 spz 2554 1.4 spz case SSL_CTRL_SESS_NUMBER: 2555 1.13 christos return lh_SSL_SESSION_num_items(ctx->sessions); 2556 1.4 spz case SSL_CTRL_SESS_CONNECT: 2557 1.23 christos return ssl_tsan_load(ctx, &ctx->stats.sess_connect); 2558 1.4 spz case SSL_CTRL_SESS_CONNECT_GOOD: 2559 1.23 christos return ssl_tsan_load(ctx, &ctx->stats.sess_connect_good); 2560 1.4 spz case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: 2561 1.23 christos return ssl_tsan_load(ctx, &ctx->stats.sess_connect_renegotiate); 2562 1.4 spz case SSL_CTRL_SESS_ACCEPT: 2563 1.23 christos return ssl_tsan_load(ctx, &ctx->stats.sess_accept); 2564 1.4 spz case SSL_CTRL_SESS_ACCEPT_GOOD: 2565 1.23 christos return ssl_tsan_load(ctx, &ctx->stats.sess_accept_good); 2566 1.4 spz case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: 2567 1.23 christos return ssl_tsan_load(ctx, &ctx->stats.sess_accept_renegotiate); 2568 1.4 spz case SSL_CTRL_SESS_HIT: 2569 1.23 christos return ssl_tsan_load(ctx, &ctx->stats.sess_hit); 2570 1.4 spz case SSL_CTRL_SESS_CB_HIT: 2571 1.23 christos return ssl_tsan_load(ctx, &ctx->stats.sess_cb_hit); 2572 1.4 spz case SSL_CTRL_SESS_MISSES: 2573 1.23 christos return ssl_tsan_load(ctx, &ctx->stats.sess_miss); 2574 1.4 spz case SSL_CTRL_SESS_TIMEOUTS: 2575 1.23 christos return ssl_tsan_load(ctx, &ctx->stats.sess_timeout); 2576 1.4 spz case SSL_CTRL_SESS_CACHE_FULL: 2577 1.23 christos return ssl_tsan_load(ctx, &ctx->stats.sess_cache_full); 2578 1.4 spz case SSL_CTRL_MODE: 2579 1.4 spz return (ctx->mode |= larg); 2580 1.4 spz case SSL_CTRL_CLEAR_MODE: 2581 1.4 spz return (ctx->mode &= ~larg); 2582 1.4 spz case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 2583 1.4 spz if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 2584 1.4 spz return 0; 2585 1.4 spz ctx->max_send_fragment = larg; 2586 1.10 christos if (ctx->max_send_fragment < ctx->split_send_fragment) 2587 1.10 christos ctx->split_send_fragment = ctx->max_send_fragment; 2588 1.10 christos return 1; 2589 1.10 christos case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: 2590 1.13 christos if ((size_t)larg > ctx->max_send_fragment || larg == 0) 2591 1.10 christos return 0; 2592 1.10 christos ctx->split_send_fragment = larg; 2593 1.10 christos return 1; 2594 1.10 christos case SSL_CTRL_SET_MAX_PIPELINES: 2595 1.10 christos if (larg < 1 || larg > SSL_MAX_PIPELINES) 2596 1.10 christos return 0; 2597 1.10 christos ctx->max_pipelines = larg; 2598 1.4 spz return 1; 2599 1.8 spz case SSL_CTRL_CERT_FLAGS: 2600 1.8 spz return (ctx->cert->cert_flags |= larg); 2601 1.8 spz case SSL_CTRL_CLEAR_CERT_FLAGS: 2602 1.8 spz return (ctx->cert->cert_flags &= ~larg); 2603 1.10 christos case SSL_CTRL_SET_MIN_PROTO_VERSION: 2604 1.10 christos return ssl_check_allowed_versions(larg, ctx->max_proto_version) 2605 1.10 christos && ssl_set_version_bound(ctx->method->version, (int)larg, 2606 1.10 christos &ctx->min_proto_version); 2607 1.10 christos case SSL_CTRL_GET_MIN_PROTO_VERSION: 2608 1.10 christos return ctx->min_proto_version; 2609 1.10 christos case SSL_CTRL_SET_MAX_PROTO_VERSION: 2610 1.10 christos return ssl_check_allowed_versions(ctx->min_proto_version, larg) 2611 1.10 christos && ssl_set_version_bound(ctx->method->version, (int)larg, 2612 1.10 christos &ctx->max_proto_version); 2613 1.10 christos case SSL_CTRL_GET_MAX_PROTO_VERSION: 2614 1.10 christos return ctx->max_proto_version; 2615 1.4 spz default: 2616 1.13 christos return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg); 2617 1.4 spz } 2618 1.4 spz } 2619 1.4 spz 2620 1.4 spz long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) 2621 1.4 spz { 2622 1.4 spz switch (cmd) { 2623 1.4 spz case SSL_CTRL_SET_MSG_CALLBACK: 2624 1.4 spz ctx->msg_callback = (void (*) 2625 1.4 spz (int write_p, int version, int content_type, 2626 1.4 spz const void *buf, size_t len, SSL *ssl, 2627 1.4 spz void *arg))(fp); 2628 1.4 spz return 1; 2629 1.4 spz 2630 1.4 spz default: 2631 1.13 christos return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp); 2632 1.4 spz } 2633 1.4 spz } 2634 1.1 christos 2635 1.1 christos int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) 2636 1.4 spz { 2637 1.10 christos if (a->id > b->id) 2638 1.10 christos return 1; 2639 1.10 christos if (a->id < b->id) 2640 1.10 christos return -1; 2641 1.10 christos return 0; 2642 1.4 spz } 2643 1.4 spz 2644 1.4 spz int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, 2645 1.4 spz const SSL_CIPHER *const *bp) 2646 1.4 spz { 2647 1.10 christos if ((*ap)->id > (*bp)->id) 2648 1.10 christos return 1; 2649 1.10 christos if ((*ap)->id < (*bp)->id) 2650 1.10 christos return -1; 2651 1.10 christos return 0; 2652 1.4 spz } 2653 1.1 christos 2654 1.1 christos /** return a STACK of the ciphers available for the SSL and in order of 2655 1.1 christos * preference */ 2656 1.1 christos STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) 2657 1.4 spz { 2658 1.4 spz if (s != NULL) { 2659 1.4 spz if (s->cipher_list != NULL) { 2660 1.13 christos return s->cipher_list; 2661 1.4 spz } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) { 2662 1.13 christos return s->ctx->cipher_list; 2663 1.4 spz } 2664 1.4 spz } 2665 1.13 christos return NULL; 2666 1.4 spz } 2667 1.1 christos 2668 1.10 christos STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s) 2669 1.10 christos { 2670 1.17 christos if ((s == NULL) || !s->server) 2671 1.10 christos return NULL; 2672 1.17 christos return s->peer_ciphers; 2673 1.10 christos } 2674 1.10 christos 2675 1.10 christos STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) 2676 1.10 christos { 2677 1.10 christos STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers; 2678 1.10 christos int i; 2679 1.13 christos 2680 1.10 christos ciphers = SSL_get_ciphers(s); 2681 1.10 christos if (!ciphers) 2682 1.10 christos return NULL; 2683 1.13 christos if (!ssl_set_client_disabled(s)) 2684 1.13 christos return NULL; 2685 1.10 christos for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 2686 1.10 christos const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); 2687 1.10 christos if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) { 2688 1.10 christos if (!sk) 2689 1.10 christos sk = sk_SSL_CIPHER_new_null(); 2690 1.10 christos if (!sk) 2691 1.10 christos return NULL; 2692 1.10 christos if (!sk_SSL_CIPHER_push(sk, c)) { 2693 1.10 christos sk_SSL_CIPHER_free(sk); 2694 1.10 christos return NULL; 2695 1.10 christos } 2696 1.10 christos } 2697 1.10 christos } 2698 1.10 christos return sk; 2699 1.10 christos } 2700 1.10 christos 2701 1.1 christos /** return a STACK of the ciphers available for the SSL and in order of 2702 1.1 christos * algorithm id */ 2703 1.1 christos STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) 2704 1.4 spz { 2705 1.4 spz if (s != NULL) { 2706 1.4 spz if (s->cipher_list_by_id != NULL) { 2707 1.13 christos return s->cipher_list_by_id; 2708 1.4 spz } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) { 2709 1.13 christos return s->ctx->cipher_list_by_id; 2710 1.4 spz } 2711 1.4 spz } 2712 1.13 christos return NULL; 2713 1.4 spz } 2714 1.1 christos 2715 1.1 christos /** The old interface to get the same thing as SSL_get_ciphers() */ 2716 1.4 spz const char *SSL_get_cipher_list(const SSL *s, int n) 2717 1.4 spz { 2718 1.10 christos const SSL_CIPHER *c; 2719 1.4 spz STACK_OF(SSL_CIPHER) *sk; 2720 1.4 spz 2721 1.4 spz if (s == NULL) 2722 1.13 christos return NULL; 2723 1.4 spz sk = SSL_get_ciphers(s); 2724 1.4 spz if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) 2725 1.13 christos return NULL; 2726 1.4 spz c = sk_SSL_CIPHER_value(sk, n); 2727 1.4 spz if (c == NULL) 2728 1.13 christos return NULL; 2729 1.13 christos return c->name; 2730 1.4 spz } 2731 1.1 christos 2732 1.10 christos /** return a STACK of the ciphers available for the SSL_CTX and in order of 2733 1.10 christos * preference */ 2734 1.10 christos STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) 2735 1.10 christos { 2736 1.10 christos if (ctx != NULL) 2737 1.10 christos return ctx->cipher_list; 2738 1.10 christos return NULL; 2739 1.10 christos } 2740 1.10 christos 2741 1.15 christos /* 2742 1.15 christos * Distinguish between ciphers controlled by set_ciphersuite() and 2743 1.15 christos * set_cipher_list() when counting. 2744 1.15 christos */ 2745 1.15 christos static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk) 2746 1.15 christos { 2747 1.15 christos int i, num = 0; 2748 1.15 christos const SSL_CIPHER *c; 2749 1.15 christos 2750 1.15 christos if (sk == NULL) 2751 1.15 christos return 0; 2752 1.15 christos for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { 2753 1.15 christos c = sk_SSL_CIPHER_value(sk, i); 2754 1.15 christos if (c->min_tls >= TLS1_3_VERSION) 2755 1.15 christos continue; 2756 1.15 christos num++; 2757 1.15 christos } 2758 1.15 christos return num; 2759 1.15 christos } 2760 1.15 christos 2761 1.1 christos /** specify the ciphers to be used by default by the SSL_CTX */ 2762 1.1 christos int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) 2763 1.4 spz { 2764 1.4 spz STACK_OF(SSL_CIPHER) *sk; 2765 1.4 spz 2766 1.23 christos sk = ssl_create_cipher_list(ctx, ctx->tls13_ciphersuites, 2767 1.13 christos &ctx->cipher_list, &ctx->cipher_list_by_id, str, 2768 1.13 christos ctx->cert); 2769 1.4 spz /* 2770 1.4 spz * ssl_create_cipher_list may return an empty stack if it was unable to 2771 1.4 spz * find a cipher matching the given rule string (for example if the rule 2772 1.4 spz * string specifies a cipher which has been disabled). This is not an 2773 1.4 spz * error as far as ssl_create_cipher_list is concerned, and hence 2774 1.4 spz * ctx->cipher_list and ctx->cipher_list_by_id has been updated. 2775 1.4 spz */ 2776 1.4 spz if (sk == NULL) 2777 1.4 spz return 0; 2778 1.15 christos else if (cipher_list_tls12_num(sk) == 0) { 2779 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH); 2780 1.4 spz return 0; 2781 1.4 spz } 2782 1.4 spz return 1; 2783 1.4 spz } 2784 1.1 christos 2785 1.1 christos /** specify the ciphers to be used by the SSL */ 2786 1.4 spz int SSL_set_cipher_list(SSL *s, const char *str) 2787 1.4 spz { 2788 1.4 spz STACK_OF(SSL_CIPHER) *sk; 2789 1.4 spz 2790 1.23 christos sk = ssl_create_cipher_list(s->ctx, s->tls13_ciphersuites, 2791 1.13 christos &s->cipher_list, &s->cipher_list_by_id, str, 2792 1.13 christos s->cert); 2793 1.4 spz /* see comment in SSL_CTX_set_cipher_list */ 2794 1.4 spz if (sk == NULL) 2795 1.4 spz return 0; 2796 1.15 christos else if (cipher_list_tls12_num(sk) == 0) { 2797 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH); 2798 1.4 spz return 0; 2799 1.4 spz } 2800 1.4 spz return 1; 2801 1.4 spz } 2802 1.1 christos 2803 1.12 christos char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) 2804 1.4 spz { 2805 1.4 spz char *p; 2806 1.12 christos STACK_OF(SSL_CIPHER) *clntsk, *srvrsk; 2807 1.10 christos const SSL_CIPHER *c; 2808 1.4 spz int i; 2809 1.4 spz 2810 1.12 christos if (!s->server 2811 1.17 christos || s->peer_ciphers == NULL 2812 1.12 christos || size < 2) 2813 1.12 christos return NULL; 2814 1.4 spz 2815 1.4 spz p = buf; 2816 1.17 christos clntsk = s->peer_ciphers; 2817 1.12 christos srvrsk = SSL_get_ciphers(s); 2818 1.12 christos if (clntsk == NULL || srvrsk == NULL) 2819 1.12 christos return NULL; 2820 1.4 spz 2821 1.12 christos if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0) 2822 1.4 spz return NULL; 2823 1.4 spz 2824 1.12 christos for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) { 2825 1.4 spz int n; 2826 1.4 spz 2827 1.12 christos c = sk_SSL_CIPHER_value(clntsk, i); 2828 1.12 christos if (sk_SSL_CIPHER_find(srvrsk, c) < 0) 2829 1.12 christos continue; 2830 1.12 christos 2831 1.24 christos n = OPENSSL_strnlen(c->name, size); 2832 1.24 christos if (n >= size) { 2833 1.4 spz if (p != buf) 2834 1.4 spz --p; 2835 1.4 spz *p = '\0'; 2836 1.4 spz return buf; 2837 1.4 spz } 2838 1.24 christos memcpy(p, c->name, n); 2839 1.4 spz p += n; 2840 1.4 spz *(p++) = ':'; 2841 1.12 christos size -= n + 1; 2842 1.4 spz } 2843 1.4 spz p[-1] = '\0'; 2844 1.13 christos return buf; 2845 1.4 spz } 2846 1.4 spz 2847 1.18 christos /** 2848 1.18 christos * Return the requested servername (SNI) value. Note that the behaviour varies 2849 1.18 christos * depending on: 2850 1.18 christos * - whether this is called by the client or the server, 2851 1.18 christos * - if we are before or during/after the handshake, 2852 1.18 christos * - if a resumption or normal handshake is being attempted/has occurred 2853 1.18 christos * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3 2854 1.18 christos * 2855 1.18 christos * Note that only the host_name type is defined (RFC 3546). 2856 1.1 christos */ 2857 1.1 christos const char *SSL_get_servername(const SSL *s, const int type) 2858 1.4 spz { 2859 1.18 christos /* 2860 1.18 christos * If we don't know if we are the client or the server yet then we assume 2861 1.18 christos * client. 2862 1.18 christos */ 2863 1.18 christos int server = s->handshake_func == NULL ? 0 : s->server; 2864 1.4 spz if (type != TLSEXT_NAMETYPE_host_name) 2865 1.4 spz return NULL; 2866 1.4 spz 2867 1.18 christos if (server) { 2868 1.18 christos /** 2869 1.18 christos * Server side 2870 1.18 christos * In TLSv1.3 on the server SNI is not associated with the session 2871 1.18 christos * but in TLSv1.2 or below it is. 2872 1.18 christos * 2873 1.18 christos * Before the handshake: 2874 1.18 christos * - return NULL 2875 1.18 christos * 2876 1.18 christos * During/after the handshake (TLSv1.2 or below resumption occurred): 2877 1.18 christos * - If a servername was accepted by the server in the original 2878 1.18 christos * handshake then it will return that servername, or NULL otherwise. 2879 1.18 christos * 2880 1.18 christos * During/after the handshake (TLSv1.2 or below resumption did not occur): 2881 1.18 christos * - The function will return the servername requested by the client in 2882 1.18 christos * this handshake or NULL if none was requested. 2883 1.18 christos */ 2884 1.18 christos if (s->hit && !SSL_IS_TLS13(s)) 2885 1.18 christos return s->session->ext.hostname; 2886 1.18 christos } else { 2887 1.18 christos /** 2888 1.18 christos * Client side 2889 1.18 christos * 2890 1.18 christos * Before the handshake: 2891 1.18 christos * - If a servername has been set via a call to 2892 1.18 christos * SSL_set_tlsext_host_name() then it will return that servername 2893 1.18 christos * - If one has not been set, but a TLSv1.2 resumption is being 2894 1.18 christos * attempted and the session from the original handshake had a 2895 1.18 christos * servername accepted by the server then it will return that 2896 1.18 christos * servername 2897 1.18 christos * - Otherwise it returns NULL 2898 1.18 christos * 2899 1.18 christos * During/after the handshake (TLSv1.2 or below resumption occurred): 2900 1.19 christos * - If the session from the original handshake had a servername accepted 2901 1.18 christos * by the server then it will return that servername. 2902 1.18 christos * - Otherwise it returns the servername set via 2903 1.18 christos * SSL_set_tlsext_host_name() (or NULL if it was not called). 2904 1.18 christos * 2905 1.18 christos * During/after the handshake (TLSv1.2 or below resumption did not occur): 2906 1.18 christos * - It will return the servername set via SSL_set_tlsext_host_name() 2907 1.18 christos * (or NULL if it was not called). 2908 1.18 christos */ 2909 1.18 christos if (SSL_in_before(s)) { 2910 1.18 christos if (s->ext.hostname == NULL 2911 1.18 christos && s->session != NULL 2912 1.18 christos && s->session->ssl_version != TLS1_3_VERSION) 2913 1.18 christos return s->session->ext.hostname; 2914 1.18 christos } else { 2915 1.18 christos if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL) 2916 1.18 christos return s->session->ext.hostname; 2917 1.18 christos } 2918 1.18 christos } 2919 1.18 christos 2920 1.13 christos return s->ext.hostname; 2921 1.4 spz } 2922 1.1 christos 2923 1.1 christos int SSL_get_servername_type(const SSL *s) 2924 1.4 spz { 2925 1.18 christos if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL) 2926 1.4 spz return TLSEXT_NAMETYPE_host_name; 2927 1.4 spz return -1; 2928 1.4 spz } 2929 1.2 spz 2930 1.4 spz /* 2931 1.4 spz * SSL_select_next_proto implements the standard protocol selection. It is 2932 1.2 spz * expected that this function is called from the callback set by 2933 1.4 spz * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a 2934 1.4 spz * vector of 8-bit, length prefixed byte strings. The length byte itself is 2935 1.4 spz * not included in the length. A byte string of length 0 is invalid. No byte 2936 1.4 spz * string may be truncated. The current, but experimental algorithm for 2937 1.4 spz * selecting the protocol is: 1) If the server doesn't support NPN then this 2938 1.4 spz * is indicated to the callback. In this case, the client application has to 2939 1.4 spz * abort the connection or have a default application level protocol. 2) If 2940 1.4 spz * the server supports NPN, but advertises an empty list then the client 2941 1.10 christos * selects the first protocol in its list, but indicates via the API that this 2942 1.4 spz * fallback case was enacted. 3) Otherwise, the client finds the first 2943 1.4 spz * protocol in the server's list that it supports and selects this protocol. 2944 1.4 spz * This is because it's assumed that the server has better information about 2945 1.4 spz * which protocol a client should use. 4) If the client doesn't support any 2946 1.4 spz * of the server's advertised protocols, then this is treated the same as 2947 1.4 spz * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was 2948 1.4 spz * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. 2949 1.2 spz */ 2950 1.4 spz int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 2951 1.4 spz const unsigned char *server, 2952 1.4 spz unsigned int server_len, 2953 1.10 christos const unsigned char *client, unsigned int client_len) 2954 1.4 spz { 2955 1.26 christos PACKET cpkt, csubpkt, spkt, ssubpkt; 2956 1.26 christos 2957 1.26 christos if (!PACKET_buf_init(&cpkt, client, client_len) 2958 1.26 christos || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) 2959 1.26 christos || PACKET_remaining(&csubpkt) == 0) { 2960 1.26 christos *out = NULL; 2961 1.26 christos *outlen = 0; 2962 1.26 christos return OPENSSL_NPN_NO_OVERLAP; 2963 1.26 christos } 2964 1.26 christos 2965 1.26 christos /* 2966 1.26 christos * Set the default opportunistic protocol. Will be overwritten if we find 2967 1.26 christos * a match. 2968 1.26 christos */ 2969 1.26 christos *out = (unsigned char *)PACKET_data(&csubpkt); 2970 1.26 christos *outlen = (unsigned char)PACKET_remaining(&csubpkt); 2971 1.4 spz 2972 1.4 spz /* 2973 1.4 spz * For each protocol in server preference order, see if we support it. 2974 1.4 spz */ 2975 1.26 christos if (PACKET_buf_init(&spkt, server, server_len)) { 2976 1.26 christos while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) { 2977 1.26 christos if (PACKET_remaining(&ssubpkt) == 0) 2978 1.26 christos continue; /* Invalid - ignore it */ 2979 1.26 christos if (PACKET_buf_init(&cpkt, client, client_len)) { 2980 1.26 christos while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) { 2981 1.26 christos if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt), 2982 1.26 christos PACKET_remaining(&ssubpkt))) { 2983 1.26 christos /* We found a match */ 2984 1.26 christos *out = (unsigned char *)PACKET_data(&ssubpkt); 2985 1.26 christos *outlen = (unsigned char)PACKET_remaining(&ssubpkt); 2986 1.26 christos return OPENSSL_NPN_NEGOTIATED; 2987 1.26 christos } 2988 1.26 christos } 2989 1.26 christos /* Ignore spurious trailing bytes in the client list */ 2990 1.26 christos } else { 2991 1.26 christos /* This should never happen */ 2992 1.26 christos return OPENSSL_NPN_NO_OVERLAP; 2993 1.4 spz } 2994 1.4 spz } 2995 1.26 christos /* Ignore spurious trailing bytes in the server list */ 2996 1.4 spz } 2997 1.4 spz 2998 1.26 christos /* 2999 1.26 christos * There's no overlap between our protocols and the server's list. We use 3000 1.26 christos * the default opportunistic protocol selected earlier 3001 1.26 christos */ 3002 1.26 christos return OPENSSL_NPN_NO_OVERLAP; 3003 1.4 spz } 3004 1.4 spz 3005 1.10 christos #ifndef OPENSSL_NO_NEXTPROTONEG 3006 1.4 spz /* 3007 1.4 spz * SSL_get0_next_proto_negotiated sets *data and *len to point to the 3008 1.4 spz * client's requested protocol for this connection and returns 0. If the 3009 1.4 spz * client didn't request any protocol, then *data is set to NULL. Note that 3010 1.4 spz * the client can request any protocol it chooses. The value returned from 3011 1.4 spz * this function need not be a member of the list of supported protocols 3012 1.2 spz * provided by the callback. 3013 1.2 spz */ 3014 1.4 spz void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, 3015 1.4 spz unsigned *len) 3016 1.4 spz { 3017 1.13 christos *data = s->ext.npn; 3018 1.23 christos if (*data == NULL) { 3019 1.4 spz *len = 0; 3020 1.4 spz } else { 3021 1.13 christos *len = (unsigned int)s->ext.npn_len; 3022 1.4 spz } 3023 1.4 spz } 3024 1.4 spz 3025 1.4 spz /* 3026 1.13 christos * SSL_CTX_set_npn_advertised_cb sets a callback that is called when 3027 1.4 spz * a TLS server needs a list of supported protocols for Next Protocol 3028 1.4 spz * Negotiation. The returned list must be in wire format. The list is 3029 1.4 spz * returned by setting |out| to point to it and |outlen| to its length. This 3030 1.4 spz * memory will not be modified, but one should assume that the SSL* keeps a 3031 1.4 spz * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it 3032 1.4 spz * wishes to advertise. Otherwise, no such extension will be included in the 3033 1.4 spz * ServerHello. 3034 1.4 spz */ 3035 1.13 christos void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx, 3036 1.13 christos SSL_CTX_npn_advertised_cb_func cb, 3037 1.13 christos void *arg) 3038 1.4 spz { 3039 1.13 christos ctx->ext.npn_advertised_cb = cb; 3040 1.13 christos ctx->ext.npn_advertised_cb_arg = arg; 3041 1.4 spz } 3042 1.2 spz 3043 1.4 spz /* 3044 1.4 spz * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a 3045 1.2 spz * client needs to select a protocol from the server's provided list. |out| 3046 1.2 spz * must be set to point to the selected protocol (which may be within |in|). 3047 1.4 spz * The length of the protocol name must be written into |outlen|. The 3048 1.4 spz * server's advertised protocols are provided in |in| and |inlen|. The 3049 1.4 spz * callback can assume that |in| is syntactically valid. The client must 3050 1.4 spz * select a protocol. It is fatal to the connection if this callback returns 3051 1.4 spz * a value other than SSL_TLSEXT_ERR_OK. 3052 1.2 spz */ 3053 1.13 christos void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx, 3054 1.13 christos SSL_CTX_npn_select_cb_func cb, 3055 1.13 christos void *arg) 3056 1.4 spz { 3057 1.13 christos ctx->ext.npn_select_cb = cb; 3058 1.13 christos ctx->ext.npn_select_cb_arg = arg; 3059 1.4 spz } 3060 1.10 christos #endif 3061 1.8 spz 3062 1.21 christos static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len) 3063 1.21 christos { 3064 1.21 christos unsigned int idx; 3065 1.21 christos 3066 1.21 christos if (protos_len < 2 || protos == NULL) 3067 1.21 christos return 0; 3068 1.21 christos 3069 1.21 christos for (idx = 0; idx < protos_len; idx += protos[idx] + 1) { 3070 1.21 christos if (protos[idx] == 0) 3071 1.21 christos return 0; 3072 1.21 christos } 3073 1.21 christos return idx == protos_len; 3074 1.21 christos } 3075 1.8 spz /* 3076 1.8 spz * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. 3077 1.8 spz * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit 3078 1.8 spz * length-prefixed strings). Returns 0 on success. 3079 1.8 spz */ 3080 1.8 spz int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, 3081 1.10 christos unsigned int protos_len) 3082 1.8 spz { 3083 1.21 christos unsigned char *alpn; 3084 1.21 christos 3085 1.21 christos if (protos_len == 0 || protos == NULL) { 3086 1.21 christos OPENSSL_free(ctx->ext.alpn); 3087 1.21 christos ctx->ext.alpn = NULL; 3088 1.20 christos ctx->ext.alpn_len = 0; 3089 1.21 christos return 0; 3090 1.21 christos } 3091 1.21 christos /* Not valid per RFC */ 3092 1.21 christos if (!alpn_value_ok(protos, protos_len)) 3093 1.21 christos return 1; 3094 1.21 christos 3095 1.21 christos alpn = OPENSSL_memdup(protos, protos_len); 3096 1.21 christos if (alpn == NULL) { 3097 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 3098 1.8 spz return 1; 3099 1.10 christos } 3100 1.21 christos OPENSSL_free(ctx->ext.alpn); 3101 1.21 christos ctx->ext.alpn = alpn; 3102 1.13 christos ctx->ext.alpn_len = protos_len; 3103 1.8 spz 3104 1.8 spz return 0; 3105 1.8 spz } 3106 1.8 spz 3107 1.8 spz /* 3108 1.8 spz * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|. 3109 1.8 spz * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit 3110 1.8 spz * length-prefixed strings). Returns 0 on success. 3111 1.8 spz */ 3112 1.8 spz int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, 3113 1.10 christos unsigned int protos_len) 3114 1.8 spz { 3115 1.21 christos unsigned char *alpn; 3116 1.21 christos 3117 1.21 christos if (protos_len == 0 || protos == NULL) { 3118 1.21 christos OPENSSL_free(ssl->ext.alpn); 3119 1.21 christos ssl->ext.alpn = NULL; 3120 1.20 christos ssl->ext.alpn_len = 0; 3121 1.21 christos return 0; 3122 1.21 christos } 3123 1.21 christos /* Not valid per RFC */ 3124 1.21 christos if (!alpn_value_ok(protos, protos_len)) 3125 1.21 christos return 1; 3126 1.21 christos 3127 1.21 christos alpn = OPENSSL_memdup(protos, protos_len); 3128 1.21 christos if (alpn == NULL) { 3129 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 3130 1.8 spz return 1; 3131 1.10 christos } 3132 1.21 christos OPENSSL_free(ssl->ext.alpn); 3133 1.21 christos ssl->ext.alpn = alpn; 3134 1.13 christos ssl->ext.alpn_len = protos_len; 3135 1.8 spz 3136 1.8 spz return 0; 3137 1.8 spz } 3138 1.8 spz 3139 1.8 spz /* 3140 1.8 spz * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is 3141 1.8 spz * called during ClientHello processing in order to select an ALPN protocol 3142 1.8 spz * from the client's list of offered protocols. 3143 1.8 spz */ 3144 1.8 spz void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, 3145 1.13 christos SSL_CTX_alpn_select_cb_func cb, 3146 1.13 christos void *arg) 3147 1.8 spz { 3148 1.13 christos ctx->ext.alpn_select_cb = cb; 3149 1.13 christos ctx->ext.alpn_select_cb_arg = arg; 3150 1.8 spz } 3151 1.8 spz 3152 1.8 spz /* 3153 1.10 christos * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|. 3154 1.10 christos * On return it sets |*data| to point to |*len| bytes of protocol name 3155 1.8 spz * (not including the leading length-prefix byte). If the server didn't 3156 1.8 spz * respond with a negotiated protocol then |*len| will be zero. 3157 1.8 spz */ 3158 1.8 spz void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, 3159 1.10 christos unsigned int *len) 3160 1.8 spz { 3161 1.23 christos *data = ssl->s3.alpn_selected; 3162 1.8 spz if (*data == NULL) 3163 1.8 spz *len = 0; 3164 1.8 spz else 3165 1.23 christos *len = (unsigned int)ssl->s3.alpn_selected_len; 3166 1.8 spz } 3167 1.8 spz 3168 1.2 spz int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 3169 1.4 spz const char *label, size_t llen, 3170 1.10 christos const unsigned char *context, size_t contextlen, 3171 1.4 spz int use_context) 3172 1.4 spz { 3173 1.19 christos if (s->session == NULL 3174 1.19 christos || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)) 3175 1.4 spz return -1; 3176 1.4 spz 3177 1.4 spz return s->method->ssl3_enc->export_keying_material(s, out, olen, label, 3178 1.10 christos llen, context, 3179 1.10 christos contextlen, use_context); 3180 1.4 spz } 3181 1.2 spz 3182 1.13 christos int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, 3183 1.13 christos const char *label, size_t llen, 3184 1.13 christos const unsigned char *context, 3185 1.13 christos size_t contextlen) 3186 1.13 christos { 3187 1.13 christos if (s->version != TLS1_3_VERSION) 3188 1.13 christos return 0; 3189 1.13 christos 3190 1.13 christos return tls13_export_keying_material_early(s, out, olen, label, llen, 3191 1.13 christos context, contextlen); 3192 1.13 christos } 3193 1.13 christos 3194 1.1 christos static unsigned long ssl_session_hash(const SSL_SESSION *a) 3195 1.4 spz { 3196 1.10 christos const unsigned char *session_id = a->session_id; 3197 1.4 spz unsigned long l; 3198 1.10 christos unsigned char tmp_storage[4]; 3199 1.10 christos 3200 1.10 christos if (a->session_id_length < sizeof(tmp_storage)) { 3201 1.10 christos memset(tmp_storage, 0, sizeof(tmp_storage)); 3202 1.10 christos memcpy(tmp_storage, a->session_id, a->session_id_length); 3203 1.10 christos session_id = tmp_storage; 3204 1.10 christos } 3205 1.1 christos 3206 1.4 spz l = (unsigned long) 3207 1.10 christos ((unsigned long)session_id[0]) | 3208 1.10 christos ((unsigned long)session_id[1] << 8L) | 3209 1.10 christos ((unsigned long)session_id[2] << 16L) | 3210 1.10 christos ((unsigned long)session_id[3] << 24L); 3211 1.13 christos return l; 3212 1.4 spz } 3213 1.1 christos 3214 1.4 spz /* 3215 1.4 spz * NB: If this function (or indeed the hash function which uses a sort of 3216 1.1 christos * coarser function than this one) is changed, ensure 3217 1.4 spz * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on 3218 1.4 spz * being able to construct an SSL_SESSION that will collide with any existing 3219 1.4 spz * session with a matching session ID. 3220 1.4 spz */ 3221 1.4 spz static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) 3222 1.4 spz { 3223 1.4 spz if (a->ssl_version != b->ssl_version) 3224 1.13 christos return 1; 3225 1.4 spz if (a->session_id_length != b->session_id_length) 3226 1.13 christos return 1; 3227 1.13 christos return memcmp(a->session_id, b->session_id, a->session_id_length); 3228 1.4 spz } 3229 1.1 christos 3230 1.4 spz /* 3231 1.4 spz * These wrapper functions should remain rather than redeclaring 3232 1.1 christos * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each 3233 1.4 spz * variable. The reason is that the functions aren't static, they're exposed 3234 1.4 spz * via ssl.h. 3235 1.4 spz */ 3236 1.1 christos 3237 1.23 christos SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, 3238 1.23 christos const SSL_METHOD *meth) 3239 1.4 spz { 3240 1.4 spz SSL_CTX *ret = NULL; 3241 1.1 christos 3242 1.4 spz if (meth == NULL) { 3243 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_METHOD_PASSED); 3244 1.13 christos return NULL; 3245 1.4 spz } 3246 1.10 christos 3247 1.10 christos if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) 3248 1.10 christos return NULL; 3249 1.10 christos 3250 1.4 spz if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 3251 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 3252 1.4 spz goto err; 3253 1.4 spz } 3254 1.10 christos ret = OPENSSL_zalloc(sizeof(*ret)); 3255 1.4 spz if (ret == NULL) 3256 1.4 spz goto err; 3257 1.4 spz 3258 1.23 christos /* Init the reference counting before any call to SSL_CTX_free */ 3259 1.23 christos ret->references = 1; 3260 1.23 christos ret->lock = CRYPTO_THREAD_lock_new(); 3261 1.23 christos if (ret->lock == NULL) { 3262 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 3263 1.23 christos OPENSSL_free(ret); 3264 1.23 christos return NULL; 3265 1.23 christos } 3266 1.23 christos 3267 1.23 christos #ifdef TSAN_REQUIRES_LOCKING 3268 1.23 christos ret->tsan_lock = CRYPTO_THREAD_lock_new(); 3269 1.23 christos if (ret->tsan_lock == NULL) { 3270 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 3271 1.23 christos goto err; 3272 1.23 christos } 3273 1.23 christos #endif 3274 1.23 christos 3275 1.23 christos ret->libctx = libctx; 3276 1.23 christos if (propq != NULL) { 3277 1.23 christos ret->propq = OPENSSL_strdup(propq); 3278 1.23 christos if (ret->propq == NULL) 3279 1.23 christos goto err; 3280 1.23 christos } 3281 1.23 christos 3282 1.4 spz ret->method = meth; 3283 1.10 christos ret->min_proto_version = 0; 3284 1.10 christos ret->max_proto_version = 0; 3285 1.13 christos ret->mode = SSL_MODE_AUTO_RETRY; 3286 1.4 spz ret->session_cache_mode = SSL_SESS_CACHE_SERVER; 3287 1.4 spz ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 3288 1.10 christos /* We take the system default. */ 3289 1.4 spz ret->session_timeout = meth->get_timeout(); 3290 1.4 spz ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; 3291 1.4 spz ret->verify_mode = SSL_VERIFY_NONE; 3292 1.4 spz if ((ret->cert = ssl_cert_new()) == NULL) 3293 1.4 spz goto err; 3294 1.4 spz 3295 1.10 christos ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp); 3296 1.4 spz if (ret->sessions == NULL) 3297 1.4 spz goto err; 3298 1.4 spz ret->cert_store = X509_STORE_new(); 3299 1.4 spz if (ret->cert_store == NULL) 3300 1.4 spz goto err; 3301 1.10 christos #ifndef OPENSSL_NO_CT 3302 1.23 christos ret->ctlog_store = CTLOG_STORE_new_ex(libctx, propq); 3303 1.10 christos if (ret->ctlog_store == NULL) 3304 1.10 christos goto err; 3305 1.10 christos #endif 3306 1.13 christos 3307 1.23 christos /* initialize cipher/digest methods table */ 3308 1.23 christos if (!ssl_load_ciphers(ret)) 3309 1.23 christos goto err2; 3310 1.23 christos /* initialise sig algs */ 3311 1.23 christos if (!ssl_setup_sig_algs(ret)) 3312 1.23 christos goto err2; 3313 1.23 christos 3314 1.23 christos 3315 1.23 christos if (!ssl_load_groups(ret)) 3316 1.23 christos goto err2; 3317 1.23 christos 3318 1.23 christos if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) 3319 1.13 christos goto err; 3320 1.13 christos 3321 1.23 christos if (!ssl_create_cipher_list(ret, 3322 1.13 christos ret->tls13_ciphersuites, 3323 1.10 christos &ret->cipher_list, &ret->cipher_list_by_id, 3324 1.23 christos OSSL_default_cipher_list(), ret->cert) 3325 1.10 christos || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { 3326 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); 3327 1.4 spz goto err2; 3328 1.4 spz } 3329 1.4 spz 3330 1.4 spz ret->param = X509_VERIFY_PARAM_new(); 3331 1.10 christos if (ret->param == NULL) 3332 1.4 spz goto err; 3333 1.4 spz 3334 1.23 christos /* 3335 1.23 christos * If these aren't available from the provider we'll get NULL returns. 3336 1.23 christos * That's fine but will cause errors later if SSLv3 is negotiated 3337 1.23 christos */ 3338 1.23 christos ret->md5 = ssl_evp_md_fetch(libctx, NID_md5, propq); 3339 1.23 christos ret->sha1 = ssl_evp_md_fetch(libctx, NID_sha1, propq); 3340 1.4 spz 3341 1.13 christos if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) 3342 1.4 spz goto err; 3343 1.4 spz 3344 1.14 christos if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL) 3345 1.14 christos goto err; 3346 1.14 christos 3347 1.10 christos if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data)) 3348 1.10 christos goto err; 3349 1.4 spz 3350 1.13 christos if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL) 3351 1.13 christos goto err; 3352 1.13 christos 3353 1.4 spz /* No compression for DTLS */ 3354 1.8 spz if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)) 3355 1.4 spz ret->comp_methods = SSL_COMP_get_compression_methods(); 3356 1.1 christos 3357 1.4 spz ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 3358 1.10 christos ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 3359 1.1 christos 3360 1.10 christos /* Setup RFC5077 ticket keys */ 3361 1.23 christos if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name, 3362 1.23 christos sizeof(ret->ext.tick_key_name), 0) <= 0) 3363 1.23 christos || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key, 3364 1.23 christos sizeof(ret->ext.secure->tick_hmac_key), 0) <= 0) 3365 1.23 christos || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key, 3366 1.23 christos sizeof(ret->ext.secure->tick_aes_key), 0) <= 0)) 3367 1.4 spz ret->options |= SSL_OP_NO_TICKET; 3368 1.1 christos 3369 1.23 christos if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key, 3370 1.23 christos sizeof(ret->ext.cookie_hmac_key), 0) <= 0) 3371 1.13 christos goto err; 3372 1.13 christos 3373 1.2 spz #ifndef OPENSSL_NO_SRP 3374 1.23 christos if (!ssl_ctx_srp_ctx_init_intern(ret)) 3375 1.10 christos goto err; 3376 1.1 christos #endif 3377 1.1 christos #ifndef OPENSSL_NO_ENGINE 3378 1.4 spz # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO 3379 1.4 spz # define eng_strx(x) #x 3380 1.4 spz # define eng_str(x) eng_strx(x) 3381 1.4 spz /* Use specific client engine automatically... ignore errors */ 3382 1.4 spz { 3383 1.4 spz ENGINE *eng; 3384 1.4 spz eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 3385 1.4 spz if (!eng) { 3386 1.4 spz ERR_clear_error(); 3387 1.4 spz ENGINE_load_builtin_engines(); 3388 1.4 spz eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 3389 1.4 spz } 3390 1.4 spz if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) 3391 1.4 spz ERR_clear_error(); 3392 1.4 spz } 3393 1.4 spz # endif 3394 1.4 spz #endif 3395 1.4 spz /* 3396 1.10 christos * Disable compression by default to prevent CRIME. Applications can 3397 1.10 christos * re-enable compression by configuring 3398 1.10 christos * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION); 3399 1.13 christos * or by using the SSL_CONF library. Similarly we also enable TLSv1.3 3400 1.13 christos * middlebox compatibility by default. This may be disabled by default in 3401 1.13 christos * a later OpenSSL version. 3402 1.13 christos */ 3403 1.13 christos ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT; 3404 1.13 christos 3405 1.13 christos ret->ext.status_type = TLSEXT_STATUSTYPE_nothing; 3406 1.13 christos 3407 1.13 christos /* 3408 1.13 christos * We cannot usefully set a default max_early_data here (which gets 3409 1.13 christos * propagated in SSL_new(), for the following reason: setting the 3410 1.13 christos * SSL field causes tls_construct_stoc_early_data() to tell the 3411 1.13 christos * client that early data will be accepted when constructing a TLS 1.3 3412 1.13 christos * session ticket, and the client will accordingly send us early data 3413 1.13 christos * when using that ticket (if the client has early data to send). 3414 1.13 christos * However, in order for the early data to actually be consumed by 3415 1.13 christos * the application, the application must also have calls to 3416 1.13 christos * SSL_read_early_data(); otherwise we'll just skip past the early data 3417 1.13 christos * and ignore it. So, since the application must add calls to 3418 1.13 christos * SSL_read_early_data(), we also require them to add 3419 1.13 christos * calls to SSL_CTX_set_max_early_data() in order to use early data, 3420 1.13 christos * eliminating the bandwidth-wasting early data in the case described 3421 1.13 christos * above. 3422 1.7 christos */ 3423 1.13 christos ret->max_early_data = 0; 3424 1.10 christos 3425 1.13 christos /* 3426 1.13 christos * Default recv_max_early_data is a fully loaded single record. Could be 3427 1.13 christos * split across multiple records in practice. We set this differently to 3428 1.13 christos * max_early_data so that, in the default case, we do not advertise any 3429 1.13 christos * support for early_data, but if a client were to send us some (e.g. 3430 1.13 christos * because of an old, stale ticket) then we will tolerate it and skip over 3431 1.13 christos * it. 3432 1.13 christos */ 3433 1.13 christos ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH; 3434 1.13 christos 3435 1.13 christos /* By default we send two session tickets automatically in TLSv1.3 */ 3436 1.13 christos ret->num_tickets = 2; 3437 1.13 christos 3438 1.13 christos ssl_ctx_system_config(ret); 3439 1.7 christos 3440 1.10 christos return ret; 3441 1.4 spz err: 3442 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 3443 1.4 spz err2: 3444 1.10 christos SSL_CTX_free(ret); 3445 1.10 christos return NULL; 3446 1.4 spz } 3447 1.1 christos 3448 1.23 christos SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) 3449 1.23 christos { 3450 1.23 christos return SSL_CTX_new_ex(NULL, NULL, meth); 3451 1.23 christos } 3452 1.23 christos 3453 1.10 christos int SSL_CTX_up_ref(SSL_CTX *ctx) 3454 1.4 spz { 3455 1.10 christos int i; 3456 1.10 christos 3457 1.13 christos if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0) 3458 1.10 christos return 0; 3459 1.1 christos 3460 1.10 christos REF_PRINT_COUNT("SSL_CTX", ctx); 3461 1.10 christos REF_ASSERT_ISNT(i < 2); 3462 1.10 christos return ((i > 1) ? 1 : 0); 3463 1.4 spz } 3464 1.1 christos 3465 1.1 christos void SSL_CTX_free(SSL_CTX *a) 3466 1.4 spz { 3467 1.4 spz int i; 3468 1.23 christos size_t j; 3469 1.1 christos 3470 1.4 spz if (a == NULL) 3471 1.4 spz return; 3472 1.1 christos 3473 1.13 christos CRYPTO_DOWN_REF(&a->references, &i, a->lock); 3474 1.10 christos REF_PRINT_COUNT("SSL_CTX", a); 3475 1.4 spz if (i > 0) 3476 1.4 spz return; 3477 1.10 christos REF_ASSERT_ISNT(i < 0); 3478 1.4 spz 3479 1.10 christos X509_VERIFY_PARAM_free(a->param); 3480 1.10 christos dane_ctx_final(&a->dane); 3481 1.4 spz 3482 1.4 spz /* 3483 1.4 spz * Free internal session cache. However: the remove_cb() may reference 3484 1.4 spz * the ex_data of SSL_CTX, thus the ex_data store can only be removed 3485 1.4 spz * after the sessions were flushed. 3486 1.4 spz * As the ex_data handling routines might also touch the session cache, 3487 1.4 spz * the most secure solution seems to be: empty (flush) the cache, then 3488 1.4 spz * free ex_data, then finally free the cache. 3489 1.4 spz * (See ticket [openssl.org #212].) 3490 1.4 spz */ 3491 1.4 spz if (a->sessions != NULL) 3492 1.4 spz SSL_CTX_flush_sessions(a, 0); 3493 1.4 spz 3494 1.4 spz CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); 3495 1.10 christos lh_SSL_SESSION_free(a->sessions); 3496 1.10 christos X509_STORE_free(a->cert_store); 3497 1.10 christos #ifndef OPENSSL_NO_CT 3498 1.10 christos CTLOG_STORE_free(a->ctlog_store); 3499 1.10 christos #endif 3500 1.10 christos sk_SSL_CIPHER_free(a->cipher_list); 3501 1.10 christos sk_SSL_CIPHER_free(a->cipher_list_by_id); 3502 1.13 christos sk_SSL_CIPHER_free(a->tls13_ciphersuites); 3503 1.10 christos ssl_cert_free(a->cert); 3504 1.13 christos sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free); 3505 1.14 christos sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free); 3506 1.10 christos sk_X509_pop_free(a->extra_certs, X509_free); 3507 1.4 spz a->comp_methods = NULL; 3508 1.2 spz #ifndef OPENSSL_NO_SRTP 3509 1.10 christos sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); 3510 1.1 christos #endif 3511 1.2 spz #ifndef OPENSSL_NO_SRP 3512 1.23 christos ssl_ctx_srp_ctx_free_intern(a); 3513 1.2 spz #endif 3514 1.1 christos #ifndef OPENSSL_NO_ENGINE 3515 1.23 christos tls_engine_finish(a->client_cert_engine); 3516 1.1 christos #endif 3517 1.1 christos 3518 1.13 christos OPENSSL_free(a->ext.ecpointformats); 3519 1.13 christos OPENSSL_free(a->ext.supportedgroups); 3520 1.23 christos OPENSSL_free(a->ext.supported_groups_default); 3521 1.13 christos OPENSSL_free(a->ext.alpn); 3522 1.13 christos OPENSSL_secure_free(a->ext.secure); 3523 1.10 christos 3524 1.23 christos ssl_evp_md_free(a->md5); 3525 1.23 christos ssl_evp_md_free(a->sha1); 3526 1.23 christos 3527 1.23 christos for (j = 0; j < SSL_ENC_NUM_IDX; j++) 3528 1.23 christos ssl_evp_cipher_free(a->ssl_cipher_methods[j]); 3529 1.23 christos for (j = 0; j < SSL_MD_NUM_IDX; j++) 3530 1.23 christos ssl_evp_md_free(a->ssl_digest_methods[j]); 3531 1.23 christos for (j = 0; j < a->group_list_len; j++) { 3532 1.23 christos OPENSSL_free(a->group_list[j].tlsname); 3533 1.23 christos OPENSSL_free(a->group_list[j].realname); 3534 1.23 christos OPENSSL_free(a->group_list[j].algorithm); 3535 1.23 christos } 3536 1.23 christos OPENSSL_free(a->group_list); 3537 1.23 christos 3538 1.23 christos OPENSSL_free(a->sigalg_lookup_cache); 3539 1.23 christos 3540 1.10 christos CRYPTO_THREAD_lock_free(a->lock); 3541 1.23 christos #ifdef TSAN_REQUIRES_LOCKING 3542 1.23 christos CRYPTO_THREAD_lock_free(a->tsan_lock); 3543 1.23 christos #endif 3544 1.23 christos 3545 1.23 christos OPENSSL_free(a->propq); 3546 1.1 christos 3547 1.4 spz OPENSSL_free(a); 3548 1.4 spz } 3549 1.1 christos 3550 1.1 christos void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) 3551 1.4 spz { 3552 1.4 spz ctx->default_passwd_callback = cb; 3553 1.4 spz } 3554 1.4 spz 3555 1.4 spz void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 3556 1.4 spz { 3557 1.4 spz ctx->default_passwd_callback_userdata = u; 3558 1.4 spz } 3559 1.4 spz 3560 1.10 christos pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) 3561 1.10 christos { 3562 1.10 christos return ctx->default_passwd_callback; 3563 1.10 christos } 3564 1.10 christos 3565 1.10 christos void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) 3566 1.10 christos { 3567 1.10 christos return ctx->default_passwd_callback_userdata; 3568 1.10 christos } 3569 1.10 christos 3570 1.10 christos void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb) 3571 1.10 christos { 3572 1.10 christos s->default_passwd_callback = cb; 3573 1.10 christos } 3574 1.10 christos 3575 1.10 christos void SSL_set_default_passwd_cb_userdata(SSL *s, void *u) 3576 1.10 christos { 3577 1.10 christos s->default_passwd_callback_userdata = u; 3578 1.10 christos } 3579 1.10 christos 3580 1.10 christos pem_password_cb *SSL_get_default_passwd_cb(SSL *s) 3581 1.10 christos { 3582 1.10 christos return s->default_passwd_callback; 3583 1.10 christos } 3584 1.10 christos 3585 1.10 christos void *SSL_get_default_passwd_cb_userdata(SSL *s) 3586 1.10 christos { 3587 1.10 christos return s->default_passwd_callback_userdata; 3588 1.10 christos } 3589 1.10 christos 3590 1.4 spz void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 3591 1.4 spz int (*cb) (X509_STORE_CTX *, void *), 3592 1.4 spz void *arg) 3593 1.4 spz { 3594 1.4 spz ctx->app_verify_callback = cb; 3595 1.4 spz ctx->app_verify_arg = arg; 3596 1.4 spz } 3597 1.4 spz 3598 1.4 spz void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, 3599 1.4 spz int (*cb) (int, X509_STORE_CTX *)) 3600 1.4 spz { 3601 1.4 spz ctx->verify_mode = mode; 3602 1.4 spz ctx->default_verify_callback = cb; 3603 1.4 spz } 3604 1.4 spz 3605 1.4 spz void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) 3606 1.4 spz { 3607 1.4 spz X509_VERIFY_PARAM_set_depth(ctx->param, depth); 3608 1.4 spz } 3609 1.1 christos 3610 1.10 christos void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg) 3611 1.8 spz { 3612 1.8 spz ssl_cert_set_cert_cb(c->cert, cb, arg); 3613 1.8 spz } 3614 1.8 spz 3615 1.8 spz void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) 3616 1.8 spz { 3617 1.8 spz ssl_cert_set_cert_cb(s->cert, cb, arg); 3618 1.8 spz } 3619 1.8 spz 3620 1.10 christos void ssl_set_masks(SSL *s) 3621 1.4 spz { 3622 1.10 christos CERT *c = s->cert; 3623 1.23 christos uint32_t *pvalid = s->s3.tmp.valid_flags; 3624 1.10 christos int rsa_enc, rsa_sign, dh_tmp, dsa_sign; 3625 1.10 christos unsigned long mask_k, mask_a; 3626 1.10 christos int have_ecc_cert, ecdsa_ok; 3627 1.23 christos 3628 1.4 spz if (c == NULL) 3629 1.4 spz return; 3630 1.1 christos 3631 1.23 christos dh_tmp = (c->dh_tmp != NULL 3632 1.23 christos || c->dh_tmp_cb != NULL 3633 1.23 christos || c->dh_tmp_auto); 3634 1.1 christos 3635 1.13 christos rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; 3636 1.13 christos rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; 3637 1.13 christos dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID; 3638 1.10 christos have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; 3639 1.4 spz mask_k = 0; 3640 1.4 spz mask_a = 0; 3641 1.4 spz 3642 1.23 christos OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n", 3643 1.23 christos dh_tmp, rsa_enc, rsa_sign, dsa_sign); 3644 1.1 christos 3645 1.10 christos #ifndef OPENSSL_NO_GOST 3646 1.13 christos if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) { 3647 1.23 christos mask_k |= SSL_kGOST | SSL_kGOST18; 3648 1.10 christos mask_a |= SSL_aGOST12; 3649 1.10 christos } 3650 1.13 christos if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) { 3651 1.23 christos mask_k |= SSL_kGOST | SSL_kGOST18; 3652 1.10 christos mask_a |= SSL_aGOST12; 3653 1.4 spz } 3654 1.13 christos if (ssl_has_cert(s, SSL_PKEY_GOST01)) { 3655 1.4 spz mask_k |= SSL_kGOST; 3656 1.10 christos mask_a |= SSL_aGOST01; 3657 1.4 spz } 3658 1.10 christos #endif 3659 1.1 christos 3660 1.10 christos if (rsa_enc) 3661 1.4 spz mask_k |= SSL_kRSA; 3662 1.4 spz 3663 1.4 spz if (dh_tmp) 3664 1.10 christos mask_k |= SSL_kDHE; 3665 1.8 spz 3666 1.13 christos /* 3667 1.13 christos * If we only have an RSA-PSS certificate allow RSA authentication 3668 1.13 christos * if TLS 1.2 and peer supports it. 3669 1.13 christos */ 3670 1.13 christos 3671 1.13 christos if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN) 3672 1.13 christos && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN 3673 1.13 christos && TLS1_get_version(s) == TLS1_2_VERSION)) 3674 1.4 spz mask_a |= SSL_aRSA; 3675 1.1 christos 3676 1.4 spz if (dsa_sign) { 3677 1.4 spz mask_a |= SSL_aDSS; 3678 1.4 spz } 3679 1.4 spz 3680 1.4 spz mask_a |= SSL_aNULL; 3681 1.4 spz 3682 1.4 spz /* 3683 1.4 spz * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites 3684 1.4 spz * depending on the key usage extension. 3685 1.4 spz */ 3686 1.4 spz if (have_ecc_cert) { 3687 1.10 christos uint32_t ex_kusage; 3688 1.13 christos ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509); 3689 1.10 christos ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE; 3690 1.10 christos if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN)) 3691 1.8 spz ecdsa_ok = 0; 3692 1.10 christos if (ecdsa_ok) 3693 1.4 spz mask_a |= SSL_aECDSA; 3694 1.4 spz } 3695 1.13 christos /* Allow Ed25519 for TLS 1.2 if peer supports it */ 3696 1.13 christos if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519) 3697 1.13 christos && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN 3698 1.13 christos && TLS1_get_version(s) == TLS1_2_VERSION) 3699 1.13 christos mask_a |= SSL_aECDSA; 3700 1.13 christos 3701 1.13 christos /* Allow Ed448 for TLS 1.2 if peer supports it */ 3702 1.13 christos if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448) 3703 1.13 christos && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN 3704 1.13 christos && TLS1_get_version(s) == TLS1_2_VERSION) 3705 1.13 christos mask_a |= SSL_aECDSA; 3706 1.8 spz 3707 1.10 christos mask_k |= SSL_kECDHE; 3708 1.1 christos 3709 1.1 christos #ifndef OPENSSL_NO_PSK 3710 1.4 spz mask_k |= SSL_kPSK; 3711 1.4 spz mask_a |= SSL_aPSK; 3712 1.10 christos if (mask_k & SSL_kRSA) 3713 1.10 christos mask_k |= SSL_kRSAPSK; 3714 1.10 christos if (mask_k & SSL_kDHE) 3715 1.10 christos mask_k |= SSL_kDHEPSK; 3716 1.10 christos if (mask_k & SSL_kECDHE) 3717 1.10 christos mask_k |= SSL_kECDHEPSK; 3718 1.1 christos #endif 3719 1.1 christos 3720 1.23 christos s->s3.tmp.mask_k = mask_k; 3721 1.23 christos s->s3.tmp.mask_a = mask_a; 3722 1.4 spz } 3723 1.1 christos 3724 1.2 spz int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 3725 1.4 spz { 3726 1.23 christos if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) { 3727 1.4 spz /* key usage, if present, must allow signing */ 3728 1.10 christos if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) { 3729 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING); 3730 1.4 spz return 0; 3731 1.4 spz } 3732 1.4 spz } 3733 1.4 spz return 1; /* all checks are ok */ 3734 1.4 spz } 3735 1.1 christos 3736 1.13 christos int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, 3737 1.13 christos size_t *serverinfo_length) 3738 1.8 spz { 3739 1.23 christos CERT_PKEY *cpk = s->s3.tmp.cert; 3740 1.13 christos *serverinfo_length = 0; 3741 1.13 christos 3742 1.13 christos if (cpk == NULL || cpk->serverinfo == NULL) 3743 1.8 spz return 0; 3744 1.8 spz 3745 1.13 christos *serverinfo = cpk->serverinfo; 3746 1.13 christos *serverinfo_length = cpk->serverinfo_length; 3747 1.8 spz return 1; 3748 1.8 spz } 3749 1.8 spz 3750 1.4 spz void ssl_update_cache(SSL *s, int mode) 3751 1.4 spz { 3752 1.4 spz int i; 3753 1.4 spz 3754 1.4 spz /* 3755 1.4 spz * If the session_id_length is 0, we are not supposed to cache it, and it 3756 1.25 christos * would be rather hard to do anyway :-). Also if the session has already 3757 1.25 christos * been marked as not_resumable we should not cache it for later reuse. 3758 1.4 spz */ 3759 1.25 christos if (s->session->session_id_length == 0 || s->session->not_resumable) 3760 1.4 spz return; 3761 1.4 spz 3762 1.11 christos /* 3763 1.11 christos * If sid_ctx_length is 0 there is no specific application context 3764 1.11 christos * associated with this session, so when we try to resume it and 3765 1.12 christos * SSL_VERIFY_PEER is requested to verify the client identity, we have no 3766 1.12 christos * indication that this is actually a session for the proper application 3767 1.12 christos * context, and the *handshake* will fail, not just the resumption attempt. 3768 1.12 christos * Do not cache (on the server) these sessions that are not resumable 3769 1.12 christos * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set). 3770 1.11 christos */ 3771 1.12 christos if (s->server && s->session->sid_ctx_length == 0 3772 1.11 christos && (s->verify_mode & SSL_VERIFY_PEER) != 0) 3773 1.11 christos return; 3774 1.11 christos 3775 1.4 spz i = s->session_ctx->session_cache_mode; 3776 1.13 christos if ((i & mode) != 0 3777 1.13 christos && (!s->hit || SSL_IS_TLS13(s))) { 3778 1.13 christos /* 3779 1.13 christos * Add the session to the internal cache. In server side TLSv1.3 we 3780 1.13 christos * normally don't do this because by default it's a full stateless ticket 3781 1.13 christos * with only a dummy session id so there is no reason to cache it, 3782 1.13 christos * unless: 3783 1.13 christos * - we are doing early_data, in which case we cache so that we can 3784 1.13 christos * detect replays 3785 1.13 christos * - the application has set a remove_session_cb so needs to know about 3786 1.13 christos * session timeout events 3787 1.13 christos * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket 3788 1.13 christos */ 3789 1.13 christos if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0 3790 1.13 christos && (!SSL_IS_TLS13(s) 3791 1.13 christos || !s->server 3792 1.13 christos || (s->max_early_data > 0 3793 1.13 christos && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0) 3794 1.13 christos || s->session_ctx->remove_session_cb != NULL 3795 1.13 christos || (s->options & SSL_OP_NO_TICKET) != 0)) 3796 1.13 christos SSL_CTX_add_session(s->session_ctx, s->session); 3797 1.13 christos 3798 1.13 christos /* 3799 1.13 christos * Add the session to the external cache. We do this even in server side 3800 1.13 christos * TLSv1.3 without early data because some applications just want to 3801 1.13 christos * know about the creation of a session and aren't doing a full cache. 3802 1.13 christos */ 3803 1.13 christos if (s->session_ctx->new_session_cb != NULL) { 3804 1.13 christos SSL_SESSION_up_ref(s->session); 3805 1.13 christos if (!s->session_ctx->new_session_cb(s, s->session)) 3806 1.13 christos SSL_SESSION_free(s->session); 3807 1.13 christos } 3808 1.4 spz } 3809 1.4 spz 3810 1.4 spz /* auto flush every 255 connections */ 3811 1.4 spz if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { 3812 1.13 christos TSAN_QUALIFIER int *stat; 3813 1.23 christos 3814 1.13 christos if (mode & SSL_SESS_CACHE_CLIENT) 3815 1.13 christos stat = &s->session_ctx->stats.sess_connect_good; 3816 1.13 christos else 3817 1.13 christos stat = &s->session_ctx->stats.sess_accept_good; 3818 1.23 christos if ((ssl_tsan_load(s->session_ctx, stat) & 0xff) == 0xff) 3819 1.4 spz SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL)); 3820 1.4 spz } 3821 1.4 spz } 3822 1.1 christos 3823 1.15 christos const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx) 3824 1.8 spz { 3825 1.8 spz return ctx->method; 3826 1.8 spz } 3827 1.8 spz 3828 1.15 christos const SSL_METHOD *SSL_get_ssl_method(const SSL *s) 3829 1.4 spz { 3830 1.13 christos return s->method; 3831 1.4 spz } 3832 1.1 christos 3833 1.1 christos int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) 3834 1.4 spz { 3835 1.4 spz int ret = 1; 3836 1.4 spz 3837 1.4 spz if (s->method != meth) { 3838 1.10 christos const SSL_METHOD *sm = s->method; 3839 1.10 christos int (*hf) (SSL *) = s->handshake_func; 3840 1.4 spz 3841 1.10 christos if (sm->version == meth->version) 3842 1.4 spz s->method = meth; 3843 1.4 spz else { 3844 1.10 christos sm->ssl_free(s); 3845 1.4 spz s->method = meth; 3846 1.4 spz ret = s->method->ssl_new(s); 3847 1.4 spz } 3848 1.4 spz 3849 1.10 christos if (hf == sm->ssl_connect) 3850 1.4 spz s->handshake_func = meth->ssl_connect; 3851 1.10 christos else if (hf == sm->ssl_accept) 3852 1.4 spz s->handshake_func = meth->ssl_accept; 3853 1.4 spz } 3854 1.13 christos return ret; 3855 1.4 spz } 3856 1.4 spz 3857 1.4 spz int SSL_get_error(const SSL *s, int i) 3858 1.4 spz { 3859 1.4 spz int reason; 3860 1.4 spz unsigned long l; 3861 1.4 spz BIO *bio; 3862 1.4 spz 3863 1.4 spz if (i > 0) 3864 1.13 christos return SSL_ERROR_NONE; 3865 1.4 spz 3866 1.4 spz /* 3867 1.4 spz * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc, 3868 1.4 spz * where we do encode the error 3869 1.4 spz */ 3870 1.4 spz if ((l = ERR_peek_error()) != 0) { 3871 1.4 spz if (ERR_GET_LIB(l) == ERR_LIB_SYS) 3872 1.13 christos return SSL_ERROR_SYSCALL; 3873 1.4 spz else 3874 1.13 christos return SSL_ERROR_SSL; 3875 1.4 spz } 3876 1.4 spz 3877 1.13 christos if (SSL_want_read(s)) { 3878 1.13 christos bio = SSL_get_rbio(s); 3879 1.13 christos if (BIO_should_read(bio)) 3880 1.13 christos return SSL_ERROR_WANT_READ; 3881 1.13 christos else if (BIO_should_write(bio)) 3882 1.13 christos /* 3883 1.13 christos * This one doesn't make too much sense ... We never try to write 3884 1.13 christos * to the rbio, and an application program where rbio and wbio 3885 1.13 christos * are separate couldn't even know what it should wait for. 3886 1.13 christos * However if we ever set s->rwstate incorrectly (so that we have 3887 1.13 christos * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and 3888 1.13 christos * wbio *are* the same, this test works around that bug; so it 3889 1.13 christos * might be safer to keep it. 3890 1.13 christos */ 3891 1.13 christos return SSL_ERROR_WANT_WRITE; 3892 1.13 christos else if (BIO_should_io_special(bio)) { 3893 1.13 christos reason = BIO_get_retry_reason(bio); 3894 1.13 christos if (reason == BIO_RR_CONNECT) 3895 1.13 christos return SSL_ERROR_WANT_CONNECT; 3896 1.13 christos else if (reason == BIO_RR_ACCEPT) 3897 1.13 christos return SSL_ERROR_WANT_ACCEPT; 3898 1.13 christos else 3899 1.13 christos return SSL_ERROR_SYSCALL; /* unknown */ 3900 1.4 spz } 3901 1.13 christos } 3902 1.4 spz 3903 1.13 christos if (SSL_want_write(s)) { 3904 1.13 christos /* Access wbio directly - in order to use the buffered bio if present */ 3905 1.13 christos bio = s->wbio; 3906 1.13 christos if (BIO_should_write(bio)) 3907 1.13 christos return SSL_ERROR_WANT_WRITE; 3908 1.13 christos else if (BIO_should_read(bio)) 3909 1.4 spz /* 3910 1.13 christos * See above (SSL_want_read(s) with BIO_should_write(bio)) 3911 1.4 spz */ 3912 1.13 christos return SSL_ERROR_WANT_READ; 3913 1.13 christos else if (BIO_should_io_special(bio)) { 3914 1.13 christos reason = BIO_get_retry_reason(bio); 3915 1.13 christos if (reason == BIO_RR_CONNECT) 3916 1.13 christos return SSL_ERROR_WANT_CONNECT; 3917 1.13 christos else if (reason == BIO_RR_ACCEPT) 3918 1.13 christos return SSL_ERROR_WANT_ACCEPT; 3919 1.13 christos else 3920 1.13 christos return SSL_ERROR_SYSCALL; 3921 1.4 spz } 3922 1.4 spz } 3923 1.13 christos if (SSL_want_x509_lookup(s)) 3924 1.13 christos return SSL_ERROR_WANT_X509_LOOKUP; 3925 1.23 christos if (SSL_want_retry_verify(s)) 3926 1.23 christos return SSL_ERROR_WANT_RETRY_VERIFY; 3927 1.13 christos if (SSL_want_async(s)) 3928 1.13 christos return SSL_ERROR_WANT_ASYNC; 3929 1.13 christos if (SSL_want_async_job(s)) 3930 1.13 christos return SSL_ERROR_WANT_ASYNC_JOB; 3931 1.13 christos if (SSL_want_client_hello_cb(s)) 3932 1.13 christos return SSL_ERROR_WANT_CLIENT_HELLO_CB; 3933 1.13 christos 3934 1.13 christos if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && 3935 1.23 christos (s->s3.warn_alert == SSL_AD_CLOSE_NOTIFY)) 3936 1.13 christos return SSL_ERROR_ZERO_RETURN; 3937 1.4 spz 3938 1.13 christos return SSL_ERROR_SYSCALL; 3939 1.4 spz } 3940 1.1 christos 3941 1.10 christos static int ssl_do_handshake_intern(void *vargs) 3942 1.10 christos { 3943 1.10 christos struct ssl_async_args *args; 3944 1.10 christos SSL *s; 3945 1.10 christos 3946 1.10 christos args = (struct ssl_async_args *)vargs; 3947 1.10 christos s = args->s; 3948 1.10 christos 3949 1.10 christos return s->handshake_func(s); 3950 1.10 christos } 3951 1.10 christos 3952 1.1 christos int SSL_do_handshake(SSL *s) 3953 1.4 spz { 3954 1.4 spz int ret = 1; 3955 1.1 christos 3956 1.4 spz if (s->handshake_func == NULL) { 3957 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET); 3958 1.10 christos return -1; 3959 1.4 spz } 3960 1.1 christos 3961 1.13 christos ossl_statem_check_finish_init(s, -1); 3962 1.13 christos 3963 1.13 christos s->method->ssl_renegotiate_check(s, 0); 3964 1.4 spz 3965 1.4 spz if (SSL_in_init(s) || SSL_in_before(s)) { 3966 1.10 christos if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { 3967 1.10 christos struct ssl_async_args args; 3968 1.10 christos 3969 1.22 christos memset(&args, 0, sizeof(args)); 3970 1.10 christos args.s = s; 3971 1.10 christos 3972 1.10 christos ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern); 3973 1.10 christos } else { 3974 1.10 christos ret = s->handshake_func(s); 3975 1.10 christos } 3976 1.4 spz } 3977 1.10 christos return ret; 3978 1.4 spz } 3979 1.4 spz 3980 1.1 christos void SSL_set_accept_state(SSL *s) 3981 1.4 spz { 3982 1.4 spz s->server = 1; 3983 1.4 spz s->shutdown = 0; 3984 1.10 christos ossl_statem_clear(s); 3985 1.4 spz s->handshake_func = s->method->ssl_accept; 3986 1.10 christos clear_ciphers(s); 3987 1.4 spz } 3988 1.1 christos 3989 1.1 christos void SSL_set_connect_state(SSL *s) 3990 1.4 spz { 3991 1.4 spz s->server = 0; 3992 1.4 spz s->shutdown = 0; 3993 1.10 christos ossl_statem_clear(s); 3994 1.4 spz s->handshake_func = s->method->ssl_connect; 3995 1.10 christos clear_ciphers(s); 3996 1.4 spz } 3997 1.1 christos 3998 1.1 christos int ssl_undefined_function(SSL *s) 3999 1.4 spz { 4000 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 4001 1.13 christos return 0; 4002 1.4 spz } 4003 1.1 christos 4004 1.1 christos int ssl_undefined_void_function(void) 4005 1.4 spz { 4006 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 4007 1.13 christos return 0; 4008 1.4 spz } 4009 1.1 christos 4010 1.1 christos int ssl_undefined_const_function(const SSL *s) 4011 1.4 spz { 4012 1.13 christos return 0; 4013 1.4 spz } 4014 1.1 christos 4015 1.10 christos const SSL_METHOD *ssl_bad_method(int ver) 4016 1.4 spz { 4017 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 4018 1.13 christos return NULL; 4019 1.4 spz } 4020 1.1 christos 4021 1.10 christos const char *ssl_protocol_to_string(int version) 4022 1.4 spz { 4023 1.13 christos switch(version) 4024 1.13 christos { 4025 1.13 christos case TLS1_3_VERSION: 4026 1.13 christos return "TLSv1.3"; 4027 1.13 christos 4028 1.13 christos case TLS1_2_VERSION: 4029 1.10 christos return "TLSv1.2"; 4030 1.13 christos 4031 1.13 christos case TLS1_1_VERSION: 4032 1.10 christos return "TLSv1.1"; 4033 1.13 christos 4034 1.13 christos case TLS1_VERSION: 4035 1.10 christos return "TLSv1"; 4036 1.13 christos 4037 1.13 christos case SSL3_VERSION: 4038 1.10 christos return "SSLv3"; 4039 1.13 christos 4040 1.13 christos case DTLS1_BAD_VER: 4041 1.10 christos return "DTLSv0.9"; 4042 1.13 christos 4043 1.13 christos case DTLS1_VERSION: 4044 1.10 christos return "DTLSv1"; 4045 1.13 christos 4046 1.13 christos case DTLS1_2_VERSION: 4047 1.10 christos return "DTLSv1.2"; 4048 1.13 christos 4049 1.13 christos default: 4050 1.13 christos return "unknown"; 4051 1.13 christos } 4052 1.4 spz } 4053 1.1 christos 4054 1.10 christos const char *SSL_get_version(const SSL *s) 4055 1.10 christos { 4056 1.10 christos return ssl_protocol_to_string(s->version); 4057 1.10 christos } 4058 1.10 christos 4059 1.14 christos static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src) 4060 1.4 spz { 4061 1.4 spz STACK_OF(X509_NAME) *sk; 4062 1.4 spz X509_NAME *xn; 4063 1.14 christos int i; 4064 1.14 christos 4065 1.14 christos if (src == NULL) { 4066 1.14 christos *dst = NULL; 4067 1.14 christos return 1; 4068 1.14 christos } 4069 1.14 christos 4070 1.14 christos if ((sk = sk_X509_NAME_new_null()) == NULL) 4071 1.14 christos return 0; 4072 1.14 christos for (i = 0; i < sk_X509_NAME_num(src); i++) { 4073 1.14 christos xn = X509_NAME_dup(sk_X509_NAME_value(src, i)); 4074 1.14 christos if (xn == NULL) { 4075 1.14 christos sk_X509_NAME_pop_free(sk, X509_NAME_free); 4076 1.14 christos return 0; 4077 1.14 christos } 4078 1.14 christos if (sk_X509_NAME_insert(sk, xn, i) == 0) { 4079 1.14 christos X509_NAME_free(xn); 4080 1.14 christos sk_X509_NAME_pop_free(sk, X509_NAME_free); 4081 1.14 christos return 0; 4082 1.14 christos } 4083 1.14 christos } 4084 1.14 christos *dst = sk; 4085 1.14 christos 4086 1.14 christos return 1; 4087 1.14 christos } 4088 1.14 christos 4089 1.14 christos SSL *SSL_dup(SSL *s) 4090 1.14 christos { 4091 1.4 spz SSL *ret; 4092 1.4 spz int i; 4093 1.4 spz 4094 1.10 christos /* If we're not quiescent, just up_ref! */ 4095 1.10 christos if (!SSL_in_init(s) || !SSL_in_before(s)) { 4096 1.13 christos CRYPTO_UP_REF(&s->references, &i, s->lock); 4097 1.10 christos return s; 4098 1.10 christos } 4099 1.10 christos 4100 1.10 christos /* 4101 1.10 christos * Otherwise, copy configuration state, and session if set. 4102 1.10 christos */ 4103 1.4 spz if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) 4104 1.13 christos return NULL; 4105 1.4 spz 4106 1.4 spz if (s->session != NULL) { 4107 1.10 christos /* 4108 1.10 christos * Arranges to share the same session via up_ref. This "copies" 4109 1.10 christos * session-id, SSL_METHOD, sid_ctx, and 'cert' 4110 1.10 christos */ 4111 1.10 christos if (!SSL_copy_session_id(ret, s)) 4112 1.10 christos goto err; 4113 1.4 spz } else { 4114 1.4 spz /* 4115 1.4 spz * No session has been established yet, so we have to expect that 4116 1.4 spz * s->cert or ret->cert will be changed later -- they should not both 4117 1.4 spz * point to the same object, and thus we can't use 4118 1.4 spz * SSL_copy_session_id. 4119 1.4 spz */ 4120 1.10 christos if (!SSL_set_ssl_method(ret, s->method)) 4121 1.10 christos goto err; 4122 1.4 spz 4123 1.4 spz if (s->cert != NULL) { 4124 1.10 christos ssl_cert_free(ret->cert); 4125 1.4 spz ret->cert = ssl_cert_dup(s->cert); 4126 1.4 spz if (ret->cert == NULL) 4127 1.4 spz goto err; 4128 1.4 spz } 4129 1.4 spz 4130 1.13 christos if (!SSL_set_session_id_context(ret, s->sid_ctx, 4131 1.13 christos (int)s->sid_ctx_length)) 4132 1.10 christos goto err; 4133 1.4 spz } 4134 1.4 spz 4135 1.10 christos if (!ssl_dane_dup(ret, s)) 4136 1.10 christos goto err; 4137 1.10 christos ret->version = s->version; 4138 1.4 spz ret->options = s->options; 4139 1.19 christos ret->min_proto_version = s->min_proto_version; 4140 1.19 christos ret->max_proto_version = s->max_proto_version; 4141 1.4 spz ret->mode = s->mode; 4142 1.4 spz SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); 4143 1.4 spz SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); 4144 1.4 spz ret->msg_callback = s->msg_callback; 4145 1.4 spz ret->msg_callback_arg = s->msg_callback_arg; 4146 1.4 spz SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s)); 4147 1.4 spz SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); 4148 1.4 spz ret->generate_session_id = s->generate_session_id; 4149 1.4 spz 4150 1.4 spz SSL_set_info_callback(ret, SSL_get_info_callback(s)); 4151 1.4 spz 4152 1.4 spz /* copy app data, a little dangerous perhaps */ 4153 1.4 spz if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) 4154 1.4 spz goto err; 4155 1.4 spz 4156 1.4 spz ret->server = s->server; 4157 1.10 christos if (s->handshake_func) { 4158 1.10 christos if (s->server) 4159 1.10 christos SSL_set_accept_state(ret); 4160 1.10 christos else 4161 1.10 christos SSL_set_connect_state(ret); 4162 1.10 christos } 4163 1.4 spz ret->shutdown = s->shutdown; 4164 1.4 spz ret->hit = s->hit; 4165 1.4 spz 4166 1.10 christos ret->default_passwd_callback = s->default_passwd_callback; 4167 1.10 christos ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata; 4168 1.10 christos 4169 1.4 spz X509_VERIFY_PARAM_inherit(ret->param, s->param); 4170 1.4 spz 4171 1.4 spz /* dup the cipher_list and cipher_list_by_id stacks */ 4172 1.4 spz if (s->cipher_list != NULL) { 4173 1.4 spz if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) 4174 1.4 spz goto err; 4175 1.4 spz } 4176 1.4 spz if (s->cipher_list_by_id != NULL) 4177 1.4 spz if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) 4178 1.4 spz == NULL) 4179 1.4 spz goto err; 4180 1.4 spz 4181 1.4 spz /* Dup the client_CA list */ 4182 1.14 christos if (!dup_ca_names(&ret->ca_names, s->ca_names) 4183 1.14 christos || !dup_ca_names(&ret->client_ca_names, s->client_ca_names)) 4184 1.14 christos goto err; 4185 1.14 christos 4186 1.10 christos return ret; 4187 1.4 spz 4188 1.4 spz err: 4189 1.10 christos SSL_free(ret); 4190 1.10 christos return NULL; 4191 1.4 spz } 4192 1.1 christos 4193 1.1 christos void ssl_clear_cipher_ctx(SSL *s) 4194 1.4 spz { 4195 1.4 spz if (s->enc_read_ctx != NULL) { 4196 1.10 christos EVP_CIPHER_CTX_free(s->enc_read_ctx); 4197 1.4 spz s->enc_read_ctx = NULL; 4198 1.4 spz } 4199 1.4 spz if (s->enc_write_ctx != NULL) { 4200 1.10 christos EVP_CIPHER_CTX_free(s->enc_write_ctx); 4201 1.4 spz s->enc_write_ctx = NULL; 4202 1.4 spz } 4203 1.1 christos #ifndef OPENSSL_NO_COMP 4204 1.10 christos COMP_CTX_free(s->expand); 4205 1.10 christos s->expand = NULL; 4206 1.10 christos COMP_CTX_free(s->compress); 4207 1.10 christos s->compress = NULL; 4208 1.1 christos #endif 4209 1.4 spz } 4210 1.1 christos 4211 1.1 christos X509 *SSL_get_certificate(const SSL *s) 4212 1.4 spz { 4213 1.4 spz if (s->cert != NULL) 4214 1.13 christos return s->cert->key->x509; 4215 1.4 spz else 4216 1.13 christos return NULL; 4217 1.4 spz } 4218 1.1 christos 4219 1.8 spz EVP_PKEY *SSL_get_privatekey(const SSL *s) 4220 1.4 spz { 4221 1.4 spz if (s->cert != NULL) 4222 1.13 christos return s->cert->key->privatekey; 4223 1.4 spz else 4224 1.13 christos return NULL; 4225 1.4 spz } 4226 1.1 christos 4227 1.8 spz X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) 4228 1.8 spz { 4229 1.8 spz if (ctx->cert != NULL) 4230 1.8 spz return ctx->cert->key->x509; 4231 1.8 spz else 4232 1.8 spz return NULL; 4233 1.8 spz } 4234 1.8 spz 4235 1.8 spz EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) 4236 1.8 spz { 4237 1.8 spz if (ctx->cert != NULL) 4238 1.8 spz return ctx->cert->key->privatekey; 4239 1.8 spz else 4240 1.8 spz return NULL; 4241 1.8 spz } 4242 1.8 spz 4243 1.1 christos const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) 4244 1.4 spz { 4245 1.4 spz if ((s->session != NULL) && (s->session->cipher != NULL)) 4246 1.13 christos return s->session->cipher; 4247 1.13 christos return NULL; 4248 1.13 christos } 4249 1.13 christos 4250 1.13 christos const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s) 4251 1.13 christos { 4252 1.23 christos return s->s3.tmp.new_cipher; 4253 1.4 spz } 4254 1.4 spz 4255 1.15 christos const COMP_METHOD *SSL_get_current_compression(const SSL *s) 4256 1.4 spz { 4257 1.10 christos #ifndef OPENSSL_NO_COMP 4258 1.10 christos return s->compress ? COMP_CTX_get_method(s->compress) : NULL; 4259 1.10 christos #else 4260 1.4 spz return NULL; 4261 1.10 christos #endif 4262 1.4 spz } 4263 1.4 spz 4264 1.15 christos const COMP_METHOD *SSL_get_current_expansion(const SSL *s) 4265 1.4 spz { 4266 1.10 christos #ifndef OPENSSL_NO_COMP 4267 1.10 christos return s->expand ? COMP_CTX_get_method(s->expand) : NULL; 4268 1.10 christos #else 4269 1.4 spz return NULL; 4270 1.10 christos #endif 4271 1.4 spz } 4272 1.1 christos 4273 1.10 christos int ssl_init_wbio_buffer(SSL *s) 4274 1.4 spz { 4275 1.10 christos BIO *bbio; 4276 1.1 christos 4277 1.10 christos if (s->bbio != NULL) { 4278 1.10 christos /* Already buffered. */ 4279 1.10 christos return 1; 4280 1.10 christos } 4281 1.4 spz 4282 1.10 christos bbio = BIO_new(BIO_f_buffer()); 4283 1.23 christos if (bbio == NULL || BIO_set_read_buffer_size(bbio, 1) <= 0) { 4284 1.10 christos BIO_free(bbio); 4285 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); 4286 1.10 christos return 0; 4287 1.4 spz } 4288 1.10 christos s->bbio = bbio; 4289 1.10 christos s->wbio = BIO_push(bbio, s->wbio); 4290 1.10 christos 4291 1.10 christos return 1; 4292 1.4 spz } 4293 1.1 christos 4294 1.13 christos int ssl_free_wbio_buffer(SSL *s) 4295 1.4 spz { 4296 1.10 christos /* callers ensure s is never null */ 4297 1.4 spz if (s->bbio == NULL) 4298 1.13 christos return 1; 4299 1.1 christos 4300 1.10 christos s->wbio = BIO_pop(s->wbio); 4301 1.4 spz BIO_free(s->bbio); 4302 1.4 spz s->bbio = NULL; 4303 1.13 christos 4304 1.13 christos return 1; 4305 1.4 spz } 4306 1.4 spz 4307 1.4 spz void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) 4308 1.4 spz { 4309 1.4 spz ctx->quiet_shutdown = mode; 4310 1.4 spz } 4311 1.1 christos 4312 1.1 christos int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) 4313 1.4 spz { 4314 1.13 christos return ctx->quiet_shutdown; 4315 1.4 spz } 4316 1.4 spz 4317 1.4 spz void SSL_set_quiet_shutdown(SSL *s, int mode) 4318 1.4 spz { 4319 1.4 spz s->quiet_shutdown = mode; 4320 1.4 spz } 4321 1.1 christos 4322 1.1 christos int SSL_get_quiet_shutdown(const SSL *s) 4323 1.4 spz { 4324 1.13 christos return s->quiet_shutdown; 4325 1.4 spz } 4326 1.4 spz 4327 1.4 spz void SSL_set_shutdown(SSL *s, int mode) 4328 1.4 spz { 4329 1.4 spz s->shutdown = mode; 4330 1.4 spz } 4331 1.1 christos 4332 1.1 christos int SSL_get_shutdown(const SSL *s) 4333 1.4 spz { 4334 1.10 christos return s->shutdown; 4335 1.4 spz } 4336 1.1 christos 4337 1.1 christos int SSL_version(const SSL *s) 4338 1.4 spz { 4339 1.10 christos return s->version; 4340 1.10 christos } 4341 1.10 christos 4342 1.10 christos int SSL_client_version(const SSL *s) 4343 1.10 christos { 4344 1.10 christos return s->client_version; 4345 1.4 spz } 4346 1.1 christos 4347 1.1 christos SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) 4348 1.4 spz { 4349 1.10 christos return ssl->ctx; 4350 1.4 spz } 4351 1.4 spz 4352 1.4 spz SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) 4353 1.4 spz { 4354 1.10 christos CERT *new_cert; 4355 1.4 spz if (ssl->ctx == ctx) 4356 1.4 spz return ssl->ctx; 4357 1.4 spz if (ctx == NULL) 4358 1.10 christos ctx = ssl->session_ctx; 4359 1.10 christos new_cert = ssl_cert_dup(ctx->cert); 4360 1.10 christos if (new_cert == NULL) { 4361 1.10 christos return NULL; 4362 1.10 christos } 4363 1.10 christos 4364 1.13 christos if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) { 4365 1.10 christos ssl_cert_free(new_cert); 4366 1.10 christos return NULL; 4367 1.4 spz } 4368 1.4 spz 4369 1.10 christos ssl_cert_free(ssl->cert); 4370 1.10 christos ssl->cert = new_cert; 4371 1.10 christos 4372 1.4 spz /* 4373 1.4 spz * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), 4374 1.4 spz * so setter APIs must prevent invalid lengths from entering the system. 4375 1.4 spz */ 4376 1.13 christos if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx))) 4377 1.13 christos return NULL; 4378 1.4 spz 4379 1.4 spz /* 4380 1.4 spz * If the session ID context matches that of the parent SSL_CTX, 4381 1.4 spz * inherit it from the new SSL_CTX as well. If however the context does 4382 1.4 spz * not match (i.e., it was set per-ssl with SSL_set_session_id_context), 4383 1.4 spz * leave it unchanged. 4384 1.4 spz */ 4385 1.4 spz if ((ssl->ctx != NULL) && 4386 1.4 spz (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && 4387 1.4 spz (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) { 4388 1.4 spz ssl->sid_ctx_length = ctx->sid_ctx_length; 4389 1.4 spz memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); 4390 1.4 spz } 4391 1.3 spz 4392 1.10 christos SSL_CTX_up_ref(ctx); 4393 1.10 christos SSL_CTX_free(ssl->ctx); /* decrement reference count */ 4394 1.4 spz ssl->ctx = ctx; 4395 1.4 spz 4396 1.10 christos return ssl->ctx; 4397 1.4 spz } 4398 1.1 christos 4399 1.1 christos int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 4400 1.4 spz { 4401 1.23 christos return X509_STORE_set_default_paths_ex(ctx->cert_store, ctx->libctx, 4402 1.23 christos ctx->propq); 4403 1.4 spz } 4404 1.1 christos 4405 1.10 christos int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx) 4406 1.10 christos { 4407 1.10 christos X509_LOOKUP *lookup; 4408 1.10 christos 4409 1.10 christos lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir()); 4410 1.10 christos if (lookup == NULL) 4411 1.10 christos return 0; 4412 1.23 christos 4413 1.23 christos /* We ignore errors, in case the directory doesn't exist */ 4414 1.23 christos ERR_set_mark(); 4415 1.23 christos 4416 1.10 christos X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); 4417 1.10 christos 4418 1.23 christos ERR_pop_to_mark(); 4419 1.10 christos 4420 1.10 christos return 1; 4421 1.10 christos } 4422 1.10 christos 4423 1.10 christos int SSL_CTX_set_default_verify_file(SSL_CTX *ctx) 4424 1.10 christos { 4425 1.10 christos X509_LOOKUP *lookup; 4426 1.10 christos 4427 1.10 christos lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file()); 4428 1.10 christos if (lookup == NULL) 4429 1.10 christos return 0; 4430 1.10 christos 4431 1.23 christos /* We ignore errors, in case the file doesn't exist */ 4432 1.23 christos ERR_set_mark(); 4433 1.23 christos 4434 1.23 christos X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, ctx->libctx, 4435 1.23 christos ctx->propq); 4436 1.23 christos 4437 1.23 christos ERR_pop_to_mark(); 4438 1.23 christos 4439 1.23 christos return 1; 4440 1.23 christos } 4441 1.23 christos 4442 1.23 christos int SSL_CTX_set_default_verify_store(SSL_CTX *ctx) 4443 1.23 christos { 4444 1.23 christos X509_LOOKUP *lookup; 4445 1.23 christos 4446 1.23 christos lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_store()); 4447 1.23 christos if (lookup == NULL) 4448 1.23 christos return 0; 4449 1.23 christos 4450 1.23 christos /* We ignore errors, in case the directory doesn't exist */ 4451 1.23 christos ERR_set_mark(); 4452 1.10 christos 4453 1.23 christos X509_LOOKUP_add_store_ex(lookup, NULL, ctx->libctx, ctx->propq); 4454 1.23 christos 4455 1.23 christos ERR_pop_to_mark(); 4456 1.10 christos 4457 1.10 christos return 1; 4458 1.10 christos } 4459 1.10 christos 4460 1.23 christos int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile) 4461 1.23 christos { 4462 1.23 christos return X509_STORE_load_file_ex(ctx->cert_store, CAfile, ctx->libctx, 4463 1.23 christos ctx->propq); 4464 1.23 christos } 4465 1.23 christos 4466 1.23 christos int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath) 4467 1.23 christos { 4468 1.23 christos return X509_STORE_load_path(ctx->cert_store, CApath); 4469 1.23 christos } 4470 1.23 christos 4471 1.23 christos int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore) 4472 1.23 christos { 4473 1.23 christos return X509_STORE_load_store_ex(ctx->cert_store, CAstore, ctx->libctx, 4474 1.23 christos ctx->propq); 4475 1.23 christos } 4476 1.23 christos 4477 1.1 christos int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 4478 1.4 spz const char *CApath) 4479 1.4 spz { 4480 1.23 christos if (CAfile == NULL && CApath == NULL) 4481 1.23 christos return 0; 4482 1.23 christos if (CAfile != NULL && !SSL_CTX_load_verify_file(ctx, CAfile)) 4483 1.23 christos return 0; 4484 1.23 christos if (CApath != NULL && !SSL_CTX_load_verify_dir(ctx, CApath)) 4485 1.23 christos return 0; 4486 1.23 christos return 1; 4487 1.4 spz } 4488 1.1 christos 4489 1.1 christos void SSL_set_info_callback(SSL *ssl, 4490 1.4 spz void (*cb) (const SSL *ssl, int type, int val)) 4491 1.4 spz { 4492 1.4 spz ssl->info_callback = cb; 4493 1.4 spz } 4494 1.4 spz 4495 1.4 spz /* 4496 1.4 spz * One compiler (Diab DCC) doesn't like argument names in returned function 4497 1.4 spz * pointer. 4498 1.4 spz */ 4499 1.4 spz void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ , 4500 1.4 spz int /* type */ , 4501 1.4 spz int /* val */ ) { 4502 1.4 spz return ssl->info_callback; 4503 1.4 spz } 4504 1.1 christos 4505 1.10 christos void SSL_set_verify_result(SSL *ssl, long arg) 4506 1.4 spz { 4507 1.10 christos ssl->verify_result = arg; 4508 1.4 spz } 4509 1.1 christos 4510 1.10 christos long SSL_get_verify_result(const SSL *ssl) 4511 1.4 spz { 4512 1.13 christos return ssl->verify_result; 4513 1.4 spz } 4514 1.4 spz 4515 1.10 christos size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) 4516 1.4 spz { 4517 1.10 christos if (outlen == 0) 4518 1.23 christos return sizeof(ssl->s3.client_random); 4519 1.23 christos if (outlen > sizeof(ssl->s3.client_random)) 4520 1.23 christos outlen = sizeof(ssl->s3.client_random); 4521 1.23 christos memcpy(out, ssl->s3.client_random, outlen); 4522 1.10 christos return outlen; 4523 1.4 spz } 4524 1.1 christos 4525 1.10 christos size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) 4526 1.4 spz { 4527 1.10 christos if (outlen == 0) 4528 1.23 christos return sizeof(ssl->s3.server_random); 4529 1.23 christos if (outlen > sizeof(ssl->s3.server_random)) 4530 1.23 christos outlen = sizeof(ssl->s3.server_random); 4531 1.23 christos memcpy(out, ssl->s3.server_random, outlen); 4532 1.10 christos return outlen; 4533 1.4 spz } 4534 1.4 spz 4535 1.10 christos size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, 4536 1.10 christos unsigned char *out, size_t outlen) 4537 1.4 spz { 4538 1.10 christos if (outlen == 0) 4539 1.10 christos return session->master_key_length; 4540 1.13 christos if (outlen > session->master_key_length) 4541 1.10 christos outlen = session->master_key_length; 4542 1.10 christos memcpy(out, session->master_key, outlen); 4543 1.10 christos return outlen; 4544 1.4 spz } 4545 1.4 spz 4546 1.13 christos int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, 4547 1.13 christos size_t len) 4548 1.13 christos { 4549 1.13 christos if (len > sizeof(sess->master_key)) 4550 1.13 christos return 0; 4551 1.13 christos 4552 1.13 christos memcpy(sess->master_key, in, len); 4553 1.13 christos sess->master_key_length = len; 4554 1.13 christos return 1; 4555 1.13 christos } 4556 1.13 christos 4557 1.13 christos 4558 1.4 spz int SSL_set_ex_data(SSL *s, int idx, void *arg) 4559 1.4 spz { 4560 1.13 christos return CRYPTO_set_ex_data(&s->ex_data, idx, arg); 4561 1.4 spz } 4562 1.4 spz 4563 1.4 spz void *SSL_get_ex_data(const SSL *s, int idx) 4564 1.4 spz { 4565 1.13 christos return CRYPTO_get_ex_data(&s->ex_data, idx); 4566 1.4 spz } 4567 1.4 spz 4568 1.4 spz int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) 4569 1.4 spz { 4570 1.13 christos return CRYPTO_set_ex_data(&s->ex_data, idx, arg); 4571 1.4 spz } 4572 1.4 spz 4573 1.4 spz void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) 4574 1.4 spz { 4575 1.13 christos return CRYPTO_get_ex_data(&s->ex_data, idx); 4576 1.4 spz } 4577 1.1 christos 4578 1.1 christos X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) 4579 1.4 spz { 4580 1.13 christos return ctx->cert_store; 4581 1.4 spz } 4582 1.4 spz 4583 1.4 spz void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) 4584 1.4 spz { 4585 1.10 christos X509_STORE_free(ctx->cert_store); 4586 1.4 spz ctx->cert_store = store; 4587 1.4 spz } 4588 1.1 christos 4589 1.13 christos void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) 4590 1.13 christos { 4591 1.13 christos if (store != NULL) 4592 1.13 christos X509_STORE_up_ref(store); 4593 1.13 christos SSL_CTX_set_cert_store(ctx, store); 4594 1.13 christos } 4595 1.13 christos 4596 1.1 christos int SSL_want(const SSL *s) 4597 1.4 spz { 4598 1.13 christos return s->rwstate; 4599 1.4 spz } 4600 1.1 christos 4601 1.1 christos #ifndef OPENSSL_NO_PSK 4602 1.1 christos int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) 4603 1.4 spz { 4604 1.4 spz if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 4605 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG); 4606 1.4 spz return 0; 4607 1.4 spz } 4608 1.10 christos OPENSSL_free(ctx->cert->psk_identity_hint); 4609 1.4 spz if (identity_hint != NULL) { 4610 1.10 christos ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint); 4611 1.10 christos if (ctx->cert->psk_identity_hint == NULL) 4612 1.4 spz return 0; 4613 1.4 spz } else 4614 1.10 christos ctx->cert->psk_identity_hint = NULL; 4615 1.4 spz return 1; 4616 1.4 spz } 4617 1.1 christos 4618 1.1 christos int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) 4619 1.4 spz { 4620 1.4 spz if (s == NULL) 4621 1.4 spz return 0; 4622 1.4 spz 4623 1.4 spz if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 4624 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG); 4625 1.4 spz return 0; 4626 1.4 spz } 4627 1.10 christos OPENSSL_free(s->cert->psk_identity_hint); 4628 1.4 spz if (identity_hint != NULL) { 4629 1.10 christos s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint); 4630 1.10 christos if (s->cert->psk_identity_hint == NULL) 4631 1.4 spz return 0; 4632 1.4 spz } else 4633 1.10 christos s->cert->psk_identity_hint = NULL; 4634 1.4 spz return 1; 4635 1.4 spz } 4636 1.1 christos 4637 1.1 christos const char *SSL_get_psk_identity_hint(const SSL *s) 4638 1.4 spz { 4639 1.4 spz if (s == NULL || s->session == NULL) 4640 1.4 spz return NULL; 4641 1.13 christos return s->session->psk_identity_hint; 4642 1.4 spz } 4643 1.1 christos 4644 1.1 christos const char *SSL_get_psk_identity(const SSL *s) 4645 1.4 spz { 4646 1.4 spz if (s == NULL || s->session == NULL) 4647 1.4 spz return NULL; 4648 1.13 christos return s->session->psk_identity; 4649 1.4 spz } 4650 1.1 christos 4651 1.13 christos void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb) 4652 1.4 spz { 4653 1.4 spz s->psk_client_callback = cb; 4654 1.4 spz } 4655 1.1 christos 4656 1.13 christos void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb) 4657 1.4 spz { 4658 1.4 spz ctx->psk_client_callback = cb; 4659 1.4 spz } 4660 1.1 christos 4661 1.13 christos void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb) 4662 1.4 spz { 4663 1.4 spz s->psk_server_callback = cb; 4664 1.4 spz } 4665 1.1 christos 4666 1.13 christos void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb) 4667 1.4 spz { 4668 1.4 spz ctx->psk_server_callback = cb; 4669 1.4 spz } 4670 1.4 spz #endif 4671 1.4 spz 4672 1.13 christos void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb) 4673 1.13 christos { 4674 1.13 christos s->psk_find_session_cb = cb; 4675 1.13 christos } 4676 1.13 christos 4677 1.13 christos void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, 4678 1.13 christos SSL_psk_find_session_cb_func cb) 4679 1.13 christos { 4680 1.13 christos ctx->psk_find_session_cb = cb; 4681 1.13 christos } 4682 1.13 christos 4683 1.13 christos void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb) 4684 1.13 christos { 4685 1.13 christos s->psk_use_session_cb = cb; 4686 1.13 christos } 4687 1.13 christos 4688 1.13 christos void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, 4689 1.13 christos SSL_psk_use_session_cb_func cb) 4690 1.13 christos { 4691 1.13 christos ctx->psk_use_session_cb = cb; 4692 1.13 christos } 4693 1.13 christos 4694 1.4 spz void SSL_CTX_set_msg_callback(SSL_CTX *ctx, 4695 1.4 spz void (*cb) (int write_p, int version, 4696 1.4 spz int content_type, const void *buf, 4697 1.4 spz size_t len, SSL *ssl, void *arg)) 4698 1.4 spz { 4699 1.4 spz SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 4700 1.4 spz } 4701 1.4 spz 4702 1.4 spz void SSL_set_msg_callback(SSL *ssl, 4703 1.4 spz void (*cb) (int write_p, int version, 4704 1.4 spz int content_type, const void *buf, 4705 1.4 spz size_t len, SSL *ssl, void *arg)) 4706 1.4 spz { 4707 1.4 spz SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 4708 1.4 spz } 4709 1.4 spz 4710 1.10 christos void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, 4711 1.10 christos int (*cb) (SSL *ssl, 4712 1.10 christos int 4713 1.10 christos is_forward_secure)) 4714 1.10 christos { 4715 1.10 christos SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB, 4716 1.10 christos (void (*)(void))cb); 4717 1.10 christos } 4718 1.10 christos 4719 1.10 christos void SSL_set_not_resumable_session_callback(SSL *ssl, 4720 1.10 christos int (*cb) (SSL *ssl, 4721 1.10 christos int is_forward_secure)) 4722 1.10 christos { 4723 1.10 christos SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB, 4724 1.10 christos (void (*)(void))cb); 4725 1.10 christos } 4726 1.10 christos 4727 1.13 christos void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, 4728 1.13 christos size_t (*cb) (SSL *ssl, int type, 4729 1.13 christos size_t len, void *arg)) 4730 1.13 christos { 4731 1.13 christos ctx->record_padding_cb = cb; 4732 1.13 christos } 4733 1.13 christos 4734 1.13 christos void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg) 4735 1.13 christos { 4736 1.13 christos ctx->record_padding_arg = arg; 4737 1.13 christos } 4738 1.13 christos 4739 1.15 christos void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx) 4740 1.13 christos { 4741 1.13 christos return ctx->record_padding_arg; 4742 1.13 christos } 4743 1.13 christos 4744 1.13 christos int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size) 4745 1.13 christos { 4746 1.13 christos /* block size of 0 or 1 is basically no padding */ 4747 1.13 christos if (block_size == 1) 4748 1.13 christos ctx->block_padding = 0; 4749 1.13 christos else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH) 4750 1.13 christos ctx->block_padding = block_size; 4751 1.13 christos else 4752 1.13 christos return 0; 4753 1.13 christos return 1; 4754 1.13 christos } 4755 1.13 christos 4756 1.23 christos int SSL_set_record_padding_callback(SSL *ssl, 4757 1.13 christos size_t (*cb) (SSL *ssl, int type, 4758 1.13 christos size_t len, void *arg)) 4759 1.13 christos { 4760 1.23 christos BIO *b; 4761 1.23 christos 4762 1.23 christos b = SSL_get_wbio(ssl); 4763 1.23 christos if (b == NULL || !BIO_get_ktls_send(b)) { 4764 1.23 christos ssl->record_padding_cb = cb; 4765 1.23 christos return 1; 4766 1.23 christos } 4767 1.23 christos return 0; 4768 1.13 christos } 4769 1.13 christos 4770 1.13 christos void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg) 4771 1.13 christos { 4772 1.13 christos ssl->record_padding_arg = arg; 4773 1.13 christos } 4774 1.13 christos 4775 1.15 christos void *SSL_get_record_padding_callback_arg(const SSL *ssl) 4776 1.13 christos { 4777 1.13 christos return ssl->record_padding_arg; 4778 1.13 christos } 4779 1.13 christos 4780 1.13 christos int SSL_set_block_padding(SSL *ssl, size_t block_size) 4781 1.13 christos { 4782 1.13 christos /* block size of 0 or 1 is basically no padding */ 4783 1.13 christos if (block_size == 1) 4784 1.13 christos ssl->block_padding = 0; 4785 1.13 christos else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH) 4786 1.13 christos ssl->block_padding = block_size; 4787 1.13 christos else 4788 1.13 christos return 0; 4789 1.13 christos return 1; 4790 1.13 christos } 4791 1.13 christos 4792 1.13 christos int SSL_set_num_tickets(SSL *s, size_t num_tickets) 4793 1.13 christos { 4794 1.13 christos s->num_tickets = num_tickets; 4795 1.13 christos 4796 1.13 christos return 1; 4797 1.13 christos } 4798 1.13 christos 4799 1.15 christos size_t SSL_get_num_tickets(const SSL *s) 4800 1.13 christos { 4801 1.13 christos return s->num_tickets; 4802 1.13 christos } 4803 1.13 christos 4804 1.13 christos int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) 4805 1.13 christos { 4806 1.13 christos ctx->num_tickets = num_tickets; 4807 1.13 christos 4808 1.13 christos return 1; 4809 1.13 christos } 4810 1.13 christos 4811 1.15 christos size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx) 4812 1.13 christos { 4813 1.13 christos return ctx->num_tickets; 4814 1.13 christos } 4815 1.13 christos 4816 1.4 spz /* 4817 1.4 spz * Allocates new EVP_MD_CTX and sets pointer to it into given pointer 4818 1.10 christos * variable, freeing EVP_MD_CTX previously stored in that variable, if any. 4819 1.10 christos * If EVP_MD pointer is passed, initializes ctx with this |md|. 4820 1.10 christos * Returns the newly allocated ctx; 4821 1.1 christos */ 4822 1.1 christos 4823 1.4 spz EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) 4824 1.1 christos { 4825 1.4 spz ssl_clear_hash_ctx(hash); 4826 1.10 christos *hash = EVP_MD_CTX_new(); 4827 1.6 christos if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) { 4828 1.10 christos EVP_MD_CTX_free(*hash); 4829 1.6 christos *hash = NULL; 4830 1.6 christos return NULL; 4831 1.6 christos } 4832 1.4 spz return *hash; 4833 1.1 christos } 4834 1.4 spz 4835 1.4 spz void ssl_clear_hash_ctx(EVP_MD_CTX **hash) 4836 1.1 christos { 4837 1.1 christos 4838 1.13 christos EVP_MD_CTX_free(*hash); 4839 1.4 spz *hash = NULL; 4840 1.1 christos } 4841 1.1 christos 4842 1.10 christos /* Retrieve handshake hashes */ 4843 1.13 christos int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, 4844 1.13 christos size_t *hashlen) 4845 1.4 spz { 4846 1.10 christos EVP_MD_CTX *ctx = NULL; 4847 1.23 christos EVP_MD_CTX *hdgst = s->s3.handshake_dgst; 4848 1.23 christos int hashleni = EVP_MD_CTX_get_size(hdgst); 4849 1.13 christos int ret = 0; 4850 1.13 christos 4851 1.13 christos if (hashleni < 0 || (size_t)hashleni > outlen) { 4852 1.23 christos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4853 1.10 christos goto err; 4854 1.10 christos } 4855 1.13 christos 4856 1.10 christos ctx = EVP_MD_CTX_new(); 4857 1.21 christos if (ctx == NULL) { 4858 1.23 christos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4859 1.13 christos goto err; 4860 1.21 christos } 4861 1.13 christos 4862 1.13 christos if (!EVP_MD_CTX_copy_ex(ctx, hdgst) 4863 1.13 christos || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) { 4864 1.23 christos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 4865 1.10 christos goto err; 4866 1.10 christos } 4867 1.13 christos 4868 1.13 christos *hashlen = hashleni; 4869 1.13 christos 4870 1.13 christos ret = 1; 4871 1.10 christos err: 4872 1.10 christos EVP_MD_CTX_free(ctx); 4873 1.10 christos return ret; 4874 1.4 spz } 4875 1.2 spz 4876 1.16 christos int SSL_session_reused(const SSL *s) 4877 1.4 spz { 4878 1.4 spz return s->hit; 4879 1.4 spz } 4880 1.2 spz 4881 1.10 christos int SSL_is_server(const SSL *s) 4882 1.8 spz { 4883 1.8 spz return s->server; 4884 1.8 spz } 4885 1.8 spz 4886 1.23 christos #ifndef OPENSSL_NO_DEPRECATED_1_1_0 4887 1.10 christos void SSL_set_debug(SSL *s, int debug) 4888 1.10 christos { 4889 1.10 christos /* Old function was do-nothing anyway... */ 4890 1.10 christos (void)s; 4891 1.10 christos (void)debug; 4892 1.10 christos } 4893 1.1 christos #endif 4894 1.1 christos 4895 1.10 christos void SSL_set_security_level(SSL *s, int level) 4896 1.10 christos { 4897 1.10 christos s->cert->sec_level = level; 4898 1.10 christos } 4899 1.10 christos 4900 1.10 christos int SSL_get_security_level(const SSL *s) 4901 1.10 christos { 4902 1.10 christos return s->cert->sec_level; 4903 1.10 christos } 4904 1.10 christos 4905 1.10 christos void SSL_set_security_callback(SSL *s, 4906 1.10 christos int (*cb) (const SSL *s, const SSL_CTX *ctx, 4907 1.10 christos int op, int bits, int nid, 4908 1.10 christos void *other, void *ex)) 4909 1.10 christos { 4910 1.10 christos s->cert->sec_cb = cb; 4911 1.10 christos } 4912 1.10 christos 4913 1.10 christos int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, 4914 1.10 christos const SSL_CTX *ctx, int op, 4915 1.10 christos int bits, int nid, void *other, 4916 1.10 christos void *ex) { 4917 1.10 christos return s->cert->sec_cb; 4918 1.10 christos } 4919 1.10 christos 4920 1.10 christos void SSL_set0_security_ex_data(SSL *s, void *ex) 4921 1.10 christos { 4922 1.10 christos s->cert->sec_ex = ex; 4923 1.10 christos } 4924 1.10 christos 4925 1.10 christos void *SSL_get0_security_ex_data(const SSL *s) 4926 1.10 christos { 4927 1.10 christos return s->cert->sec_ex; 4928 1.10 christos } 4929 1.10 christos 4930 1.10 christos void SSL_CTX_set_security_level(SSL_CTX *ctx, int level) 4931 1.10 christos { 4932 1.10 christos ctx->cert->sec_level = level; 4933 1.10 christos } 4934 1.10 christos 4935 1.10 christos int SSL_CTX_get_security_level(const SSL_CTX *ctx) 4936 1.10 christos { 4937 1.10 christos return ctx->cert->sec_level; 4938 1.10 christos } 4939 1.10 christos 4940 1.10 christos void SSL_CTX_set_security_callback(SSL_CTX *ctx, 4941 1.10 christos int (*cb) (const SSL *s, const SSL_CTX *ctx, 4942 1.10 christos int op, int bits, int nid, 4943 1.10 christos void *other, void *ex)) 4944 1.10 christos { 4945 1.10 christos ctx->cert->sec_cb = cb; 4946 1.10 christos } 4947 1.10 christos 4948 1.10 christos int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, 4949 1.10 christos const SSL_CTX *ctx, 4950 1.10 christos int op, int bits, 4951 1.10 christos int nid, 4952 1.10 christos void *other, 4953 1.10 christos void *ex) { 4954 1.10 christos return ctx->cert->sec_cb; 4955 1.10 christos } 4956 1.10 christos 4957 1.10 christos void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex) 4958 1.10 christos { 4959 1.10 christos ctx->cert->sec_ex = ex; 4960 1.10 christos } 4961 1.10 christos 4962 1.10 christos void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx) 4963 1.10 christos { 4964 1.10 christos return ctx->cert->sec_ex; 4965 1.10 christos } 4966 1.10 christos 4967 1.23 christos uint64_t SSL_CTX_get_options(const SSL_CTX *ctx) 4968 1.10 christos { 4969 1.10 christos return ctx->options; 4970 1.10 christos } 4971 1.10 christos 4972 1.23 christos uint64_t SSL_get_options(const SSL *s) 4973 1.10 christos { 4974 1.10 christos return s->options; 4975 1.10 christos } 4976 1.10 christos 4977 1.23 christos uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op) 4978 1.10 christos { 4979 1.10 christos return ctx->options |= op; 4980 1.10 christos } 4981 1.10 christos 4982 1.23 christos uint64_t SSL_set_options(SSL *s, uint64_t op) 4983 1.10 christos { 4984 1.10 christos return s->options |= op; 4985 1.10 christos } 4986 1.10 christos 4987 1.23 christos uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op) 4988 1.10 christos { 4989 1.10 christos return ctx->options &= ~op; 4990 1.10 christos } 4991 1.10 christos 4992 1.23 christos uint64_t SSL_clear_options(SSL *s, uint64_t op) 4993 1.10 christos { 4994 1.10 christos return s->options &= ~op; 4995 1.10 christos } 4996 1.10 christos 4997 1.10 christos STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s) 4998 1.10 christos { 4999 1.10 christos return s->verified_chain; 5000 1.10 christos } 5001 1.10 christos 5002 1.4 spz IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); 5003 1.10 christos 5004 1.10 christos #ifndef OPENSSL_NO_CT 5005 1.10 christos 5006 1.10 christos /* 5007 1.10 christos * Moves SCTs from the |src| stack to the |dst| stack. 5008 1.10 christos * The source of each SCT will be set to |origin|. 5009 1.10 christos * If |dst| points to a NULL pointer, a new stack will be created and owned by 5010 1.10 christos * the caller. 5011 1.10 christos * Returns the number of SCTs moved, or a negative integer if an error occurs. 5012 1.25 christos * The |dst| stack is created and possibly partially populated even in case 5013 1.25 christos * of error, likewise the |src| stack may be left in an intermediate state. 5014 1.10 christos */ 5015 1.10 christos static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, 5016 1.10 christos sct_source_t origin) 5017 1.10 christos { 5018 1.10 christos int scts_moved = 0; 5019 1.10 christos SCT *sct = NULL; 5020 1.10 christos 5021 1.10 christos if (*dst == NULL) { 5022 1.10 christos *dst = sk_SCT_new_null(); 5023 1.10 christos if (*dst == NULL) { 5024 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 5025 1.10 christos goto err; 5026 1.10 christos } 5027 1.10 christos } 5028 1.10 christos 5029 1.10 christos while ((sct = sk_SCT_pop(src)) != NULL) { 5030 1.10 christos if (SCT_set_source(sct, origin) != 1) 5031 1.10 christos goto err; 5032 1.10 christos 5033 1.25 christos if (!sk_SCT_push(*dst, sct)) 5034 1.10 christos goto err; 5035 1.10 christos scts_moved += 1; 5036 1.10 christos } 5037 1.10 christos 5038 1.10 christos return scts_moved; 5039 1.10 christos err: 5040 1.25 christos SCT_free(sct); 5041 1.10 christos return -1; 5042 1.10 christos } 5043 1.10 christos 5044 1.10 christos /* 5045 1.10 christos * Look for data collected during ServerHello and parse if found. 5046 1.10 christos * Returns the number of SCTs extracted. 5047 1.10 christos */ 5048 1.10 christos static int ct_extract_tls_extension_scts(SSL *s) 5049 1.10 christos { 5050 1.10 christos int scts_extracted = 0; 5051 1.10 christos 5052 1.13 christos if (s->ext.scts != NULL) { 5053 1.13 christos const unsigned char *p = s->ext.scts; 5054 1.13 christos STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len); 5055 1.10 christos 5056 1.10 christos scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION); 5057 1.10 christos 5058 1.10 christos SCT_LIST_free(scts); 5059 1.10 christos } 5060 1.10 christos 5061 1.10 christos return scts_extracted; 5062 1.10 christos } 5063 1.10 christos 5064 1.10 christos /* 5065 1.10 christos * Checks for an OCSP response and then attempts to extract any SCTs found if it 5066 1.10 christos * contains an SCT X509 extension. They will be stored in |s->scts|. 5067 1.10 christos * Returns: 5068 1.10 christos * - The number of SCTs extracted, assuming an OCSP response exists. 5069 1.10 christos * - 0 if no OCSP response exists or it contains no SCTs. 5070 1.10 christos * - A negative integer if an error occurs. 5071 1.10 christos */ 5072 1.10 christos static int ct_extract_ocsp_response_scts(SSL *s) 5073 1.10 christos { 5074 1.10 christos # ifndef OPENSSL_NO_OCSP 5075 1.10 christos int scts_extracted = 0; 5076 1.10 christos const unsigned char *p; 5077 1.10 christos OCSP_BASICRESP *br = NULL; 5078 1.10 christos OCSP_RESPONSE *rsp = NULL; 5079 1.10 christos STACK_OF(SCT) *scts = NULL; 5080 1.10 christos int i; 5081 1.10 christos 5082 1.13 christos if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0) 5083 1.10 christos goto err; 5084 1.10 christos 5085 1.13 christos p = s->ext.ocsp.resp; 5086 1.13 christos rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len); 5087 1.10 christos if (rsp == NULL) 5088 1.10 christos goto err; 5089 1.10 christos 5090 1.10 christos br = OCSP_response_get1_basic(rsp); 5091 1.10 christos if (br == NULL) 5092 1.10 christos goto err; 5093 1.10 christos 5094 1.10 christos for (i = 0; i < OCSP_resp_count(br); ++i) { 5095 1.10 christos OCSP_SINGLERESP *single = OCSP_resp_get0(br, i); 5096 1.10 christos 5097 1.10 christos if (single == NULL) 5098 1.10 christos continue; 5099 1.10 christos 5100 1.10 christos scts = 5101 1.10 christos OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL); 5102 1.10 christos scts_extracted = 5103 1.10 christos ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE); 5104 1.10 christos if (scts_extracted < 0) 5105 1.10 christos goto err; 5106 1.10 christos } 5107 1.10 christos err: 5108 1.10 christos SCT_LIST_free(scts); 5109 1.10 christos OCSP_BASICRESP_free(br); 5110 1.10 christos OCSP_RESPONSE_free(rsp); 5111 1.10 christos return scts_extracted; 5112 1.10 christos # else 5113 1.10 christos /* Behave as if no OCSP response exists */ 5114 1.10 christos return 0; 5115 1.10 christos # endif 5116 1.10 christos } 5117 1.10 christos 5118 1.10 christos /* 5119 1.10 christos * Attempts to extract SCTs from the peer certificate. 5120 1.10 christos * Return the number of SCTs extracted, or a negative integer if an error 5121 1.10 christos * occurs. 5122 1.10 christos */ 5123 1.10 christos static int ct_extract_x509v3_extension_scts(SSL *s) 5124 1.10 christos { 5125 1.10 christos int scts_extracted = 0; 5126 1.10 christos X509 *cert = s->session != NULL ? s->session->peer : NULL; 5127 1.10 christos 5128 1.10 christos if (cert != NULL) { 5129 1.10 christos STACK_OF(SCT) *scts = 5130 1.10 christos X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL); 5131 1.10 christos 5132 1.10 christos scts_extracted = 5133 1.10 christos ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION); 5134 1.10 christos 5135 1.10 christos SCT_LIST_free(scts); 5136 1.10 christos } 5137 1.10 christos 5138 1.10 christos return scts_extracted; 5139 1.10 christos } 5140 1.10 christos 5141 1.10 christos /* 5142 1.10 christos * Attempts to find all received SCTs by checking TLS extensions, the OCSP 5143 1.10 christos * response (if it exists) and X509v3 extensions in the certificate. 5144 1.10 christos * Returns NULL if an error occurs. 5145 1.10 christos */ 5146 1.10 christos const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s) 5147 1.10 christos { 5148 1.10 christos if (!s->scts_parsed) { 5149 1.10 christos if (ct_extract_tls_extension_scts(s) < 0 || 5150 1.10 christos ct_extract_ocsp_response_scts(s) < 0 || 5151 1.10 christos ct_extract_x509v3_extension_scts(s) < 0) 5152 1.10 christos goto err; 5153 1.10 christos 5154 1.10 christos s->scts_parsed = 1; 5155 1.10 christos } 5156 1.10 christos return s->scts; 5157 1.10 christos err: 5158 1.10 christos return NULL; 5159 1.10 christos } 5160 1.10 christos 5161 1.10 christos static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx, 5162 1.10 christos const STACK_OF(SCT) *scts, void *unused_arg) 5163 1.10 christos { 5164 1.10 christos return 1; 5165 1.10 christos } 5166 1.10 christos 5167 1.10 christos static int ct_strict(const CT_POLICY_EVAL_CTX * ctx, 5168 1.10 christos const STACK_OF(SCT) *scts, void *unused_arg) 5169 1.10 christos { 5170 1.10 christos int count = scts != NULL ? sk_SCT_num(scts) : 0; 5171 1.10 christos int i; 5172 1.10 christos 5173 1.10 christos for (i = 0; i < count; ++i) { 5174 1.10 christos SCT *sct = sk_SCT_value(scts, i); 5175 1.10 christos int status = SCT_get_validation_status(sct); 5176 1.10 christos 5177 1.10 christos if (status == SCT_VALIDATION_STATUS_VALID) 5178 1.10 christos return 1; 5179 1.10 christos } 5180 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_NO_VALID_SCTS); 5181 1.10 christos return 0; 5182 1.10 christos } 5183 1.10 christos 5184 1.10 christos int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, 5185 1.10 christos void *arg) 5186 1.10 christos { 5187 1.10 christos /* 5188 1.10 christos * Since code exists that uses the custom extension handler for CT, look 5189 1.10 christos * for this and throw an error if they have already registered to use CT. 5190 1.10 christos */ 5191 1.10 christos if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx, 5192 1.10 christos TLSEXT_TYPE_signed_certificate_timestamp)) 5193 1.10 christos { 5194 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); 5195 1.10 christos return 0; 5196 1.10 christos } 5197 1.10 christos 5198 1.10 christos if (callback != NULL) { 5199 1.10 christos /* 5200 1.10 christos * If we are validating CT, then we MUST accept SCTs served via OCSP 5201 1.10 christos */ 5202 1.10 christos if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp)) 5203 1.10 christos return 0; 5204 1.10 christos } 5205 1.10 christos 5206 1.10 christos s->ct_validation_callback = callback; 5207 1.10 christos s->ct_validation_callback_arg = arg; 5208 1.10 christos 5209 1.10 christos return 1; 5210 1.10 christos } 5211 1.10 christos 5212 1.10 christos int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, 5213 1.10 christos ssl_ct_validation_cb callback, void *arg) 5214 1.10 christos { 5215 1.10 christos /* 5216 1.10 christos * Since code exists that uses the custom extension handler for CT, look for 5217 1.10 christos * this and throw an error if they have already registered to use CT. 5218 1.10 christos */ 5219 1.10 christos if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx, 5220 1.10 christos TLSEXT_TYPE_signed_certificate_timestamp)) 5221 1.10 christos { 5222 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); 5223 1.10 christos return 0; 5224 1.10 christos } 5225 1.10 christos 5226 1.10 christos ctx->ct_validation_callback = callback; 5227 1.10 christos ctx->ct_validation_callback_arg = arg; 5228 1.10 christos return 1; 5229 1.10 christos } 5230 1.10 christos 5231 1.10 christos int SSL_ct_is_enabled(const SSL *s) 5232 1.10 christos { 5233 1.10 christos return s->ct_validation_callback != NULL; 5234 1.10 christos } 5235 1.10 christos 5236 1.10 christos int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx) 5237 1.10 christos { 5238 1.10 christos return ctx->ct_validation_callback != NULL; 5239 1.10 christos } 5240 1.10 christos 5241 1.10 christos int ssl_validate_ct(SSL *s) 5242 1.10 christos { 5243 1.10 christos int ret = 0; 5244 1.10 christos X509 *cert = s->session != NULL ? s->session->peer : NULL; 5245 1.10 christos X509 *issuer; 5246 1.10 christos SSL_DANE *dane = &s->dane; 5247 1.10 christos CT_POLICY_EVAL_CTX *ctx = NULL; 5248 1.10 christos const STACK_OF(SCT) *scts; 5249 1.10 christos 5250 1.10 christos /* 5251 1.10 christos * If no callback is set, the peer is anonymous, or its chain is invalid, 5252 1.10 christos * skip SCT validation - just return success. Applications that continue 5253 1.10 christos * handshakes without certificates, with unverified chains, or pinned leaf 5254 1.10 christos * certificates are outside the scope of the WebPKI and CT. 5255 1.10 christos * 5256 1.10 christos * The above exclusions notwithstanding the vast majority of peers will 5257 1.10 christos * have rather ordinary certificate chains validated by typical 5258 1.10 christos * applications that perform certificate verification and therefore will 5259 1.10 christos * process SCTs when enabled. 5260 1.10 christos */ 5261 1.10 christos if (s->ct_validation_callback == NULL || cert == NULL || 5262 1.10 christos s->verify_result != X509_V_OK || 5263 1.10 christos s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1) 5264 1.10 christos return 1; 5265 1.10 christos 5266 1.10 christos /* 5267 1.10 christos * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3) 5268 1.10 christos * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2 5269 1.10 christos */ 5270 1.10 christos if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) { 5271 1.10 christos switch (dane->mtlsa->usage) { 5272 1.10 christos case DANETLS_USAGE_DANE_TA: 5273 1.10 christos case DANETLS_USAGE_DANE_EE: 5274 1.10 christos return 1; 5275 1.10 christos } 5276 1.10 christos } 5277 1.10 christos 5278 1.23 christos ctx = CT_POLICY_EVAL_CTX_new_ex(s->ctx->libctx, s->ctx->propq); 5279 1.10 christos if (ctx == NULL) { 5280 1.23 christos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 5281 1.10 christos goto end; 5282 1.10 christos } 5283 1.10 christos 5284 1.10 christos issuer = sk_X509_value(s->verified_chain, 1); 5285 1.10 christos CT_POLICY_EVAL_CTX_set1_cert(ctx, cert); 5286 1.10 christos CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer); 5287 1.10 christos CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store); 5288 1.10 christos CT_POLICY_EVAL_CTX_set_time( 5289 1.10 christos ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000); 5290 1.10 christos 5291 1.10 christos scts = SSL_get0_peer_scts(s); 5292 1.10 christos 5293 1.10 christos /* 5294 1.10 christos * This function returns success (> 0) only when all the SCTs are valid, 0 5295 1.10 christos * when some are invalid, and < 0 on various internal errors (out of 5296 1.10 christos * memory, etc.). Having some, or even all, invalid SCTs is not sufficient 5297 1.10 christos * reason to abort the handshake, that decision is up to the callback. 5298 1.10 christos * Therefore, we error out only in the unexpected case that the return 5299 1.10 christos * value is negative. 5300 1.10 christos * 5301 1.10 christos * XXX: One might well argue that the return value of this function is an 5302 1.10 christos * unfortunate design choice. Its job is only to determine the validation 5303 1.10 christos * status of each of the provided SCTs. So long as it correctly separates 5304 1.10 christos * the wheat from the chaff it should return success. Failure in this case 5305 1.10 christos * ought to correspond to an inability to carry out its duties. 5306 1.10 christos */ 5307 1.10 christos if (SCT_LIST_validate(scts, ctx) < 0) { 5308 1.23 christos SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_SCT_VERIFICATION_FAILED); 5309 1.10 christos goto end; 5310 1.10 christos } 5311 1.10 christos 5312 1.10 christos ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg); 5313 1.10 christos if (ret < 0) 5314 1.10 christos ret = 0; /* This function returns 0 on failure */ 5315 1.13 christos if (!ret) 5316 1.23 christos SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_CALLBACK_FAILED); 5317 1.10 christos 5318 1.10 christos end: 5319 1.10 christos CT_POLICY_EVAL_CTX_free(ctx); 5320 1.10 christos /* 5321 1.10 christos * With SSL_VERIFY_NONE the session may be cached and re-used despite a 5322 1.10 christos * failure return code here. Also the application may wish the complete 5323 1.10 christos * the handshake, and then disconnect cleanly at a higher layer, after 5324 1.10 christos * checking the verification status of the completed connection. 5325 1.10 christos * 5326 1.10 christos * We therefore force a certificate verification failure which will be 5327 1.10 christos * visible via SSL_get_verify_result() and cached as part of any resumed 5328 1.10 christos * session. 5329 1.10 christos * 5330 1.10 christos * Note: the permissive callback is for information gathering only, always 5331 1.10 christos * returns success, and does not affect verification status. Only the 5332 1.10 christos * strict callback or a custom application-specified callback can trigger 5333 1.10 christos * connection failure or record a verification error. 5334 1.10 christos */ 5335 1.10 christos if (ret <= 0) 5336 1.10 christos s->verify_result = X509_V_ERR_NO_VALID_SCTS; 5337 1.10 christos return ret; 5338 1.10 christos } 5339 1.10 christos 5340 1.10 christos int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode) 5341 1.10 christos { 5342 1.10 christos switch (validation_mode) { 5343 1.10 christos default: 5344 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE); 5345 1.10 christos return 0; 5346 1.10 christos case SSL_CT_VALIDATION_PERMISSIVE: 5347 1.10 christos return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL); 5348 1.10 christos case SSL_CT_VALIDATION_STRICT: 5349 1.10 christos return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL); 5350 1.10 christos } 5351 1.10 christos } 5352 1.10 christos 5353 1.10 christos int SSL_enable_ct(SSL *s, int validation_mode) 5354 1.10 christos { 5355 1.10 christos switch (validation_mode) { 5356 1.10 christos default: 5357 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE); 5358 1.10 christos return 0; 5359 1.10 christos case SSL_CT_VALIDATION_PERMISSIVE: 5360 1.10 christos return SSL_set_ct_validation_callback(s, ct_permissive, NULL); 5361 1.10 christos case SSL_CT_VALIDATION_STRICT: 5362 1.10 christos return SSL_set_ct_validation_callback(s, ct_strict, NULL); 5363 1.10 christos } 5364 1.10 christos } 5365 1.10 christos 5366 1.10 christos int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx) 5367 1.10 christos { 5368 1.10 christos return CTLOG_STORE_load_default_file(ctx->ctlog_store); 5369 1.10 christos } 5370 1.10 christos 5371 1.10 christos int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path) 5372 1.10 christos { 5373 1.10 christos return CTLOG_STORE_load_file(ctx->ctlog_store, path); 5374 1.10 christos } 5375 1.10 christos 5376 1.10 christos void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs) 5377 1.10 christos { 5378 1.10 christos CTLOG_STORE_free(ctx->ctlog_store); 5379 1.10 christos ctx->ctlog_store = logs; 5380 1.10 christos } 5381 1.10 christos 5382 1.10 christos const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx) 5383 1.10 christos { 5384 1.10 christos return ctx->ctlog_store; 5385 1.10 christos } 5386 1.10 christos 5387 1.13 christos #endif /* OPENSSL_NO_CT */ 5388 1.13 christos 5389 1.13 christos void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, 5390 1.13 christos void *arg) 5391 1.13 christos { 5392 1.13 christos c->client_hello_cb = cb; 5393 1.13 christos c->client_hello_cb_arg = arg; 5394 1.13 christos } 5395 1.13 christos 5396 1.13 christos int SSL_client_hello_isv2(SSL *s) 5397 1.13 christos { 5398 1.13 christos if (s->clienthello == NULL) 5399 1.13 christos return 0; 5400 1.13 christos return s->clienthello->isv2; 5401 1.13 christos } 5402 1.13 christos 5403 1.13 christos unsigned int SSL_client_hello_get0_legacy_version(SSL *s) 5404 1.13 christos { 5405 1.13 christos if (s->clienthello == NULL) 5406 1.13 christos return 0; 5407 1.13 christos return s->clienthello->legacy_version; 5408 1.13 christos } 5409 1.13 christos 5410 1.13 christos size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out) 5411 1.13 christos { 5412 1.13 christos if (s->clienthello == NULL) 5413 1.13 christos return 0; 5414 1.13 christos if (out != NULL) 5415 1.13 christos *out = s->clienthello->random; 5416 1.13 christos return SSL3_RANDOM_SIZE; 5417 1.13 christos } 5418 1.13 christos 5419 1.13 christos size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out) 5420 1.13 christos { 5421 1.13 christos if (s->clienthello == NULL) 5422 1.13 christos return 0; 5423 1.13 christos if (out != NULL) 5424 1.13 christos *out = s->clienthello->session_id; 5425 1.13 christos return s->clienthello->session_id_len; 5426 1.13 christos } 5427 1.13 christos 5428 1.13 christos size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out) 5429 1.13 christos { 5430 1.13 christos if (s->clienthello == NULL) 5431 1.13 christos return 0; 5432 1.13 christos if (out != NULL) 5433 1.13 christos *out = PACKET_data(&s->clienthello->ciphersuites); 5434 1.13 christos return PACKET_remaining(&s->clienthello->ciphersuites); 5435 1.13 christos } 5436 1.13 christos 5437 1.13 christos size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out) 5438 1.13 christos { 5439 1.13 christos if (s->clienthello == NULL) 5440 1.13 christos return 0; 5441 1.13 christos if (out != NULL) 5442 1.13 christos *out = s->clienthello->compressions; 5443 1.13 christos return s->clienthello->compressions_len; 5444 1.13 christos } 5445 1.13 christos 5446 1.13 christos int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) 5447 1.13 christos { 5448 1.13 christos RAW_EXTENSION *ext; 5449 1.13 christos int *present; 5450 1.13 christos size_t num = 0, i; 5451 1.13 christos 5452 1.13 christos if (s->clienthello == NULL || out == NULL || outlen == NULL) 5453 1.13 christos return 0; 5454 1.13 christos for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { 5455 1.13 christos ext = s->clienthello->pre_proc_exts + i; 5456 1.13 christos if (ext->present) 5457 1.13 christos num++; 5458 1.13 christos } 5459 1.16 christos if (num == 0) { 5460 1.16 christos *out = NULL; 5461 1.16 christos *outlen = 0; 5462 1.16 christos return 1; 5463 1.16 christos } 5464 1.13 christos if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) { 5465 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 5466 1.13 christos return 0; 5467 1.13 christos } 5468 1.13 christos for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { 5469 1.13 christos ext = s->clienthello->pre_proc_exts + i; 5470 1.13 christos if (ext->present) { 5471 1.13 christos if (ext->received_order >= num) 5472 1.13 christos goto err; 5473 1.13 christos present[ext->received_order] = ext->type; 5474 1.13 christos } 5475 1.13 christos } 5476 1.13 christos *out = present; 5477 1.13 christos *outlen = num; 5478 1.13 christos return 1; 5479 1.13 christos err: 5480 1.13 christos OPENSSL_free(present); 5481 1.13 christos return 0; 5482 1.13 christos } 5483 1.13 christos 5484 1.13 christos int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, 5485 1.13 christos size_t *outlen) 5486 1.13 christos { 5487 1.13 christos size_t i; 5488 1.13 christos RAW_EXTENSION *r; 5489 1.13 christos 5490 1.13 christos if (s->clienthello == NULL) 5491 1.13 christos return 0; 5492 1.13 christos for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) { 5493 1.13 christos r = s->clienthello->pre_proc_exts + i; 5494 1.13 christos if (r->present && r->type == type) { 5495 1.13 christos if (out != NULL) 5496 1.13 christos *out = PACKET_data(&r->data); 5497 1.13 christos if (outlen != NULL) 5498 1.13 christos *outlen = PACKET_remaining(&r->data); 5499 1.13 christos return 1; 5500 1.13 christos } 5501 1.13 christos } 5502 1.13 christos return 0; 5503 1.13 christos } 5504 1.13 christos 5505 1.13 christos int SSL_free_buffers(SSL *ssl) 5506 1.13 christos { 5507 1.13 christos RECORD_LAYER *rl = &ssl->rlayer; 5508 1.13 christos 5509 1.13 christos if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl)) 5510 1.13 christos return 0; 5511 1.13 christos 5512 1.25 christos if (RECORD_LAYER_data_present(rl)) 5513 1.25 christos return 0; 5514 1.25 christos 5515 1.13 christos RECORD_LAYER_release(rl); 5516 1.13 christos return 1; 5517 1.13 christos } 5518 1.13 christos 5519 1.13 christos int SSL_alloc_buffers(SSL *ssl) 5520 1.13 christos { 5521 1.13 christos return ssl3_setup_buffers(ssl); 5522 1.13 christos } 5523 1.13 christos 5524 1.13 christos void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) 5525 1.13 christos { 5526 1.13 christos ctx->keylog_callback = cb; 5527 1.13 christos } 5528 1.13 christos 5529 1.13 christos SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) 5530 1.13 christos { 5531 1.13 christos return ctx->keylog_callback; 5532 1.13 christos } 5533 1.13 christos 5534 1.13 christos static int nss_keylog_int(const char *prefix, 5535 1.13 christos SSL *ssl, 5536 1.13 christos const uint8_t *parameter_1, 5537 1.13 christos size_t parameter_1_len, 5538 1.13 christos const uint8_t *parameter_2, 5539 1.13 christos size_t parameter_2_len) 5540 1.13 christos { 5541 1.13 christos char *out = NULL; 5542 1.13 christos char *cursor = NULL; 5543 1.13 christos size_t out_len = 0; 5544 1.13 christos size_t i; 5545 1.13 christos size_t prefix_len; 5546 1.13 christos 5547 1.14 christos if (ssl->ctx->keylog_callback == NULL) 5548 1.14 christos return 1; 5549 1.13 christos 5550 1.13 christos /* 5551 1.13 christos * Our output buffer will contain the following strings, rendered with 5552 1.13 christos * space characters in between, terminated by a NULL character: first the 5553 1.13 christos * prefix, then the first parameter, then the second parameter. The 5554 1.13 christos * meaning of each parameter depends on the specific key material being 5555 1.13 christos * logged. Note that the first and second parameters are encoded in 5556 1.13 christos * hexadecimal, so we need a buffer that is twice their lengths. 5557 1.13 christos */ 5558 1.13 christos prefix_len = strlen(prefix); 5559 1.14 christos out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3; 5560 1.13 christos if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) { 5561 1.23 christos SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 5562 1.13 christos return 0; 5563 1.13 christos } 5564 1.13 christos 5565 1.13 christos strcpy(cursor, prefix); 5566 1.13 christos cursor += prefix_len; 5567 1.13 christos *cursor++ = ' '; 5568 1.13 christos 5569 1.13 christos for (i = 0; i < parameter_1_len; i++) { 5570 1.13 christos sprintf(cursor, "%02x", parameter_1[i]); 5571 1.13 christos cursor += 2; 5572 1.13 christos } 5573 1.13 christos *cursor++ = ' '; 5574 1.13 christos 5575 1.13 christos for (i = 0; i < parameter_2_len; i++) { 5576 1.13 christos sprintf(cursor, "%02x", parameter_2[i]); 5577 1.13 christos cursor += 2; 5578 1.13 christos } 5579 1.13 christos *cursor = '\0'; 5580 1.13 christos 5581 1.13 christos ssl->ctx->keylog_callback(ssl, (const char *)out); 5582 1.14 christos OPENSSL_clear_free(out, out_len); 5583 1.13 christos return 1; 5584 1.13 christos 5585 1.13 christos } 5586 1.13 christos 5587 1.13 christos int ssl_log_rsa_client_key_exchange(SSL *ssl, 5588 1.13 christos const uint8_t *encrypted_premaster, 5589 1.13 christos size_t encrypted_premaster_len, 5590 1.13 christos const uint8_t *premaster, 5591 1.13 christos size_t premaster_len) 5592 1.13 christos { 5593 1.13 christos if (encrypted_premaster_len < 8) { 5594 1.23 christos SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 5595 1.13 christos return 0; 5596 1.13 christos } 5597 1.13 christos 5598 1.13 christos /* We only want the first 8 bytes of the encrypted premaster as a tag. */ 5599 1.13 christos return nss_keylog_int("RSA", 5600 1.13 christos ssl, 5601 1.13 christos encrypted_premaster, 5602 1.13 christos 8, 5603 1.13 christos premaster, 5604 1.13 christos premaster_len); 5605 1.13 christos } 5606 1.13 christos 5607 1.13 christos int ssl_log_secret(SSL *ssl, 5608 1.13 christos const char *label, 5609 1.13 christos const uint8_t *secret, 5610 1.13 christos size_t secret_len) 5611 1.13 christos { 5612 1.13 christos return nss_keylog_int(label, 5613 1.13 christos ssl, 5614 1.23 christos ssl->s3.client_random, 5615 1.13 christos SSL3_RANDOM_SIZE, 5616 1.13 christos secret, 5617 1.13 christos secret_len); 5618 1.13 christos } 5619 1.13 christos 5620 1.13 christos #define SSLV2_CIPHER_LEN 3 5621 1.13 christos 5622 1.13 christos int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) 5623 1.13 christos { 5624 1.13 christos int n; 5625 1.13 christos 5626 1.13 christos n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN; 5627 1.13 christos 5628 1.13 christos if (PACKET_remaining(cipher_suites) == 0) { 5629 1.23 christos SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED); 5630 1.13 christos return 0; 5631 1.13 christos } 5632 1.13 christos 5633 1.13 christos if (PACKET_remaining(cipher_suites) % n != 0) { 5634 1.23 christos SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 5635 1.13 christos return 0; 5636 1.13 christos } 5637 1.13 christos 5638 1.23 christos OPENSSL_free(s->s3.tmp.ciphers_raw); 5639 1.23 christos s->s3.tmp.ciphers_raw = NULL; 5640 1.23 christos s->s3.tmp.ciphers_rawlen = 0; 5641 1.13 christos 5642 1.13 christos if (sslv2format) { 5643 1.13 christos size_t numciphers = PACKET_remaining(cipher_suites) / n; 5644 1.13 christos PACKET sslv2ciphers = *cipher_suites; 5645 1.13 christos unsigned int leadbyte; 5646 1.13 christos unsigned char *raw; 5647 1.13 christos 5648 1.13 christos /* 5649 1.13 christos * We store the raw ciphers list in SSLv3+ format so we need to do some 5650 1.13 christos * preprocessing to convert the list first. If there are any SSLv2 only 5651 1.13 christos * ciphersuites with a non-zero leading byte then we are going to 5652 1.13 christos * slightly over allocate because we won't store those. But that isn't a 5653 1.13 christos * problem. 5654 1.13 christos */ 5655 1.13 christos raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN); 5656 1.23 christos s->s3.tmp.ciphers_raw = raw; 5657 1.13 christos if (raw == NULL) { 5658 1.23 christos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 5659 1.13 christos return 0; 5660 1.13 christos } 5661 1.23 christos for (s->s3.tmp.ciphers_rawlen = 0; 5662 1.13 christos PACKET_remaining(&sslv2ciphers) > 0; 5663 1.13 christos raw += TLS_CIPHER_LEN) { 5664 1.13 christos if (!PACKET_get_1(&sslv2ciphers, &leadbyte) 5665 1.13 christos || (leadbyte == 0 5666 1.13 christos && !PACKET_copy_bytes(&sslv2ciphers, raw, 5667 1.13 christos TLS_CIPHER_LEN)) 5668 1.13 christos || (leadbyte != 0 5669 1.13 christos && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) { 5670 1.23 christos SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_PACKET); 5671 1.23 christos OPENSSL_free(s->s3.tmp.ciphers_raw); 5672 1.23 christos s->s3.tmp.ciphers_raw = NULL; 5673 1.23 christos s->s3.tmp.ciphers_rawlen = 0; 5674 1.13 christos return 0; 5675 1.13 christos } 5676 1.13 christos if (leadbyte == 0) 5677 1.23 christos s->s3.tmp.ciphers_rawlen += TLS_CIPHER_LEN; 5678 1.13 christos } 5679 1.23 christos } else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw, 5680 1.23 christos &s->s3.tmp.ciphers_rawlen)) { 5681 1.23 christos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 5682 1.13 christos return 0; 5683 1.13 christos } 5684 1.13 christos return 1; 5685 1.13 christos } 5686 1.13 christos 5687 1.13 christos int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, 5688 1.13 christos int isv2format, STACK_OF(SSL_CIPHER) **sk, 5689 1.13 christos STACK_OF(SSL_CIPHER) **scsvs) 5690 1.13 christos { 5691 1.13 christos PACKET pkt; 5692 1.13 christos 5693 1.13 christos if (!PACKET_buf_init(&pkt, bytes, len)) 5694 1.13 christos return 0; 5695 1.13 christos return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0); 5696 1.13 christos } 5697 1.13 christos 5698 1.13 christos int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, 5699 1.13 christos STACK_OF(SSL_CIPHER) **skp, 5700 1.13 christos STACK_OF(SSL_CIPHER) **scsvs_out, 5701 1.13 christos int sslv2format, int fatal) 5702 1.13 christos { 5703 1.13 christos const SSL_CIPHER *c; 5704 1.13 christos STACK_OF(SSL_CIPHER) *sk = NULL; 5705 1.13 christos STACK_OF(SSL_CIPHER) *scsvs = NULL; 5706 1.13 christos int n; 5707 1.13 christos /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */ 5708 1.13 christos unsigned char cipher[SSLV2_CIPHER_LEN]; 5709 1.13 christos 5710 1.13 christos n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN; 5711 1.13 christos 5712 1.13 christos if (PACKET_remaining(cipher_suites) == 0) { 5713 1.13 christos if (fatal) 5714 1.23 christos SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED); 5715 1.13 christos else 5716 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHERS_SPECIFIED); 5717 1.13 christos return 0; 5718 1.13 christos } 5719 1.13 christos 5720 1.13 christos if (PACKET_remaining(cipher_suites) % n != 0) { 5721 1.13 christos if (fatal) 5722 1.23 christos SSLfatal(s, SSL_AD_DECODE_ERROR, 5723 1.13 christos SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 5724 1.13 christos else 5725 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 5726 1.13 christos return 0; 5727 1.13 christos } 5728 1.13 christos 5729 1.13 christos sk = sk_SSL_CIPHER_new_null(); 5730 1.13 christos scsvs = sk_SSL_CIPHER_new_null(); 5731 1.13 christos if (sk == NULL || scsvs == NULL) { 5732 1.13 christos if (fatal) 5733 1.23 christos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 5734 1.13 christos else 5735 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 5736 1.13 christos goto err; 5737 1.13 christos } 5738 1.13 christos 5739 1.13 christos while (PACKET_copy_bytes(cipher_suites, cipher, n)) { 5740 1.13 christos /* 5741 1.13 christos * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the 5742 1.13 christos * first byte set to zero, while true SSLv2 ciphers have a non-zero 5743 1.13 christos * first byte. We don't support any true SSLv2 ciphers, so skip them. 5744 1.13 christos */ 5745 1.13 christos if (sslv2format && cipher[0] != '\0') 5746 1.13 christos continue; 5747 1.13 christos 5748 1.13 christos /* For SSLv2-compat, ignore leading 0-byte. */ 5749 1.13 christos c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1); 5750 1.13 christos if (c != NULL) { 5751 1.13 christos if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) || 5752 1.13 christos (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) { 5753 1.13 christos if (fatal) 5754 1.23 christos SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); 5755 1.13 christos else 5756 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); 5757 1.13 christos goto err; 5758 1.13 christos } 5759 1.13 christos } 5760 1.13 christos } 5761 1.13 christos if (PACKET_remaining(cipher_suites) > 0) { 5762 1.13 christos if (fatal) 5763 1.23 christos SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_LENGTH); 5764 1.13 christos else 5765 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH); 5766 1.13 christos goto err; 5767 1.13 christos } 5768 1.13 christos 5769 1.13 christos if (skp != NULL) 5770 1.13 christos *skp = sk; 5771 1.13 christos else 5772 1.13 christos sk_SSL_CIPHER_free(sk); 5773 1.13 christos if (scsvs_out != NULL) 5774 1.13 christos *scsvs_out = scsvs; 5775 1.13 christos else 5776 1.13 christos sk_SSL_CIPHER_free(scsvs); 5777 1.13 christos return 1; 5778 1.13 christos err: 5779 1.13 christos sk_SSL_CIPHER_free(sk); 5780 1.13 christos sk_SSL_CIPHER_free(scsvs); 5781 1.13 christos return 0; 5782 1.13 christos } 5783 1.13 christos 5784 1.13 christos int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data) 5785 1.13 christos { 5786 1.13 christos ctx->max_early_data = max_early_data; 5787 1.13 christos 5788 1.13 christos return 1; 5789 1.13 christos } 5790 1.13 christos 5791 1.13 christos uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx) 5792 1.13 christos { 5793 1.13 christos return ctx->max_early_data; 5794 1.13 christos } 5795 1.13 christos 5796 1.13 christos int SSL_set_max_early_data(SSL *s, uint32_t max_early_data) 5797 1.13 christos { 5798 1.13 christos s->max_early_data = max_early_data; 5799 1.13 christos 5800 1.13 christos return 1; 5801 1.13 christos } 5802 1.13 christos 5803 1.13 christos uint32_t SSL_get_max_early_data(const SSL *s) 5804 1.13 christos { 5805 1.13 christos return s->max_early_data; 5806 1.13 christos } 5807 1.13 christos 5808 1.13 christos int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data) 5809 1.13 christos { 5810 1.13 christos ctx->recv_max_early_data = recv_max_early_data; 5811 1.13 christos 5812 1.13 christos return 1; 5813 1.13 christos } 5814 1.13 christos 5815 1.13 christos uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx) 5816 1.13 christos { 5817 1.13 christos return ctx->recv_max_early_data; 5818 1.13 christos } 5819 1.13 christos 5820 1.13 christos int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data) 5821 1.13 christos { 5822 1.13 christos s->recv_max_early_data = recv_max_early_data; 5823 1.13 christos 5824 1.13 christos return 1; 5825 1.13 christos } 5826 1.13 christos 5827 1.13 christos uint32_t SSL_get_recv_max_early_data(const SSL *s) 5828 1.13 christos { 5829 1.13 christos return s->recv_max_early_data; 5830 1.13 christos } 5831 1.13 christos 5832 1.13 christos __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl) 5833 1.13 christos { 5834 1.13 christos /* Return any active Max Fragment Len extension */ 5835 1.13 christos if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)) 5836 1.13 christos return GET_MAX_FRAGMENT_LENGTH(ssl->session); 5837 1.13 christos 5838 1.13 christos /* return current SSL connection setting */ 5839 1.13 christos return ssl->max_send_fragment; 5840 1.13 christos } 5841 1.13 christos 5842 1.13 christos __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl) 5843 1.13 christos { 5844 1.13 christos /* Return a value regarding an active Max Fragment Len extension */ 5845 1.13 christos if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session) 5846 1.13 christos && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session)) 5847 1.13 christos return GET_MAX_FRAGMENT_LENGTH(ssl->session); 5848 1.13 christos 5849 1.13 christos /* else limit |split_send_fragment| to current |max_send_fragment| */ 5850 1.13 christos if (ssl->split_send_fragment > ssl->max_send_fragment) 5851 1.13 christos return ssl->max_send_fragment; 5852 1.13 christos 5853 1.13 christos /* return current SSL connection setting */ 5854 1.13 christos return ssl->split_send_fragment; 5855 1.13 christos } 5856 1.13 christos 5857 1.13 christos int SSL_stateless(SSL *s) 5858 1.13 christos { 5859 1.13 christos int ret; 5860 1.13 christos 5861 1.13 christos /* Ensure there is no state left over from a previous invocation */ 5862 1.13 christos if (!SSL_clear(s)) 5863 1.13 christos return 0; 5864 1.13 christos 5865 1.13 christos ERR_clear_error(); 5866 1.13 christos 5867 1.23 christos s->s3.flags |= TLS1_FLAGS_STATELESS; 5868 1.13 christos ret = SSL_accept(s); 5869 1.23 christos s->s3.flags &= ~TLS1_FLAGS_STATELESS; 5870 1.13 christos 5871 1.13 christos if (ret > 0 && s->ext.cookieok) 5872 1.13 christos return 1; 5873 1.13 christos 5874 1.13 christos if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s)) 5875 1.13 christos return 0; 5876 1.13 christos 5877 1.13 christos return -1; 5878 1.13 christos } 5879 1.13 christos 5880 1.13 christos void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val) 5881 1.13 christos { 5882 1.13 christos ctx->pha_enabled = val; 5883 1.13 christos } 5884 1.13 christos 5885 1.13 christos void SSL_set_post_handshake_auth(SSL *ssl, int val) 5886 1.13 christos { 5887 1.13 christos ssl->pha_enabled = val; 5888 1.13 christos } 5889 1.13 christos 5890 1.13 christos int SSL_verify_client_post_handshake(SSL *ssl) 5891 1.13 christos { 5892 1.13 christos if (!SSL_IS_TLS13(ssl)) { 5893 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION); 5894 1.13 christos return 0; 5895 1.13 christos } 5896 1.13 christos if (!ssl->server) { 5897 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_NOT_SERVER); 5898 1.13 christos return 0; 5899 1.13 christos } 5900 1.13 christos 5901 1.13 christos if (!SSL_is_init_finished(ssl)) { 5902 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT); 5903 1.13 christos return 0; 5904 1.13 christos } 5905 1.13 christos 5906 1.13 christos switch (ssl->post_handshake_auth) { 5907 1.13 christos case SSL_PHA_NONE: 5908 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_EXTENSION_NOT_RECEIVED); 5909 1.13 christos return 0; 5910 1.13 christos default: 5911 1.13 christos case SSL_PHA_EXT_SENT: 5912 1.23 christos ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); 5913 1.13 christos return 0; 5914 1.13 christos case SSL_PHA_EXT_RECEIVED: 5915 1.13 christos break; 5916 1.13 christos case SSL_PHA_REQUEST_PENDING: 5917 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_PENDING); 5918 1.13 christos return 0; 5919 1.13 christos case SSL_PHA_REQUESTED: 5920 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_SENT); 5921 1.13 christos return 0; 5922 1.13 christos } 5923 1.13 christos 5924 1.13 christos ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING; 5925 1.13 christos 5926 1.13 christos /* checks verify_mode and algorithm_auth */ 5927 1.13 christos if (!send_certificate_request(ssl)) { 5928 1.13 christos ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */ 5929 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CONFIG); 5930 1.13 christos return 0; 5931 1.13 christos } 5932 1.13 christos 5933 1.13 christos ossl_statem_set_in_init(ssl, 1); 5934 1.13 christos return 1; 5935 1.13 christos } 5936 1.13 christos 5937 1.13 christos int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, 5938 1.13 christos SSL_CTX_generate_session_ticket_fn gen_cb, 5939 1.13 christos SSL_CTX_decrypt_session_ticket_fn dec_cb, 5940 1.13 christos void *arg) 5941 1.13 christos { 5942 1.13 christos ctx->generate_ticket_cb = gen_cb; 5943 1.13 christos ctx->decrypt_ticket_cb = dec_cb; 5944 1.13 christos ctx->ticket_cb_data = arg; 5945 1.13 christos return 1; 5946 1.13 christos } 5947 1.13 christos 5948 1.13 christos void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, 5949 1.13 christos SSL_allow_early_data_cb_fn cb, 5950 1.13 christos void *arg) 5951 1.13 christos { 5952 1.13 christos ctx->allow_early_data_cb = cb; 5953 1.13 christos ctx->allow_early_data_cb_data = arg; 5954 1.13 christos } 5955 1.13 christos 5956 1.13 christos void SSL_set_allow_early_data_cb(SSL *s, 5957 1.13 christos SSL_allow_early_data_cb_fn cb, 5958 1.13 christos void *arg) 5959 1.13 christos { 5960 1.13 christos s->allow_early_data_cb = cb; 5961 1.13 christos s->allow_early_data_cb_data = arg; 5962 1.13 christos } 5963 1.23 christos 5964 1.23 christos const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx, 5965 1.23 christos int nid, 5966 1.23 christos const char *properties) 5967 1.23 christos { 5968 1.23 christos const EVP_CIPHER *ciph; 5969 1.23 christos 5970 1.23 christos ciph = tls_get_cipher_from_engine(nid); 5971 1.23 christos if (ciph != NULL) 5972 1.23 christos return ciph; 5973 1.23 christos 5974 1.23 christos /* 5975 1.23 christos * If there is no engine cipher then we do an explicit fetch. This may fail 5976 1.23 christos * and that could be ok 5977 1.23 christos */ 5978 1.23 christos ERR_set_mark(); 5979 1.23 christos ciph = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties); 5980 1.23 christos ERR_pop_to_mark(); 5981 1.23 christos return ciph; 5982 1.23 christos } 5983 1.23 christos 5984 1.23 christos 5985 1.23 christos int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher) 5986 1.23 christos { 5987 1.23 christos /* Don't up-ref an implicit EVP_CIPHER */ 5988 1.23 christos if (EVP_CIPHER_get0_provider(cipher) == NULL) 5989 1.23 christos return 1; 5990 1.23 christos 5991 1.23 christos /* 5992 1.23 christos * The cipher was explicitly fetched and therefore it is safe to cast 5993 1.23 christos * away the const 5994 1.23 christos */ 5995 1.23 christos return EVP_CIPHER_up_ref((EVP_CIPHER *)cipher); 5996 1.23 christos } 5997 1.23 christos 5998 1.23 christos void ssl_evp_cipher_free(const EVP_CIPHER *cipher) 5999 1.23 christos { 6000 1.23 christos if (cipher == NULL) 6001 1.23 christos return; 6002 1.23 christos 6003 1.23 christos if (EVP_CIPHER_get0_provider(cipher) != NULL) { 6004 1.23 christos /* 6005 1.23 christos * The cipher was explicitly fetched and therefore it is safe to cast 6006 1.23 christos * away the const 6007 1.23 christos */ 6008 1.23 christos EVP_CIPHER_free((EVP_CIPHER *)cipher); 6009 1.23 christos } 6010 1.23 christos } 6011 1.23 christos 6012 1.23 christos const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx, 6013 1.23 christos int nid, 6014 1.23 christos const char *properties) 6015 1.23 christos { 6016 1.23 christos const EVP_MD *md; 6017 1.23 christos 6018 1.23 christos md = tls_get_digest_from_engine(nid); 6019 1.23 christos if (md != NULL) 6020 1.23 christos return md; 6021 1.23 christos 6022 1.23 christos /* Otherwise we do an explicit fetch */ 6023 1.23 christos ERR_set_mark(); 6024 1.23 christos md = EVP_MD_fetch(libctx, OBJ_nid2sn(nid), properties); 6025 1.23 christos ERR_pop_to_mark(); 6026 1.23 christos return md; 6027 1.23 christos } 6028 1.23 christos 6029 1.23 christos int ssl_evp_md_up_ref(const EVP_MD *md) 6030 1.23 christos { 6031 1.23 christos /* Don't up-ref an implicit EVP_MD */ 6032 1.23 christos if (EVP_MD_get0_provider(md) == NULL) 6033 1.23 christos return 1; 6034 1.23 christos 6035 1.23 christos /* 6036 1.23 christos * The digest was explicitly fetched and therefore it is safe to cast 6037 1.23 christos * away the const 6038 1.23 christos */ 6039 1.23 christos return EVP_MD_up_ref((EVP_MD *)md); 6040 1.23 christos } 6041 1.23 christos 6042 1.23 christos void ssl_evp_md_free(const EVP_MD *md) 6043 1.23 christos { 6044 1.23 christos if (md == NULL) 6045 1.23 christos return; 6046 1.23 christos 6047 1.23 christos if (EVP_MD_get0_provider(md) != NULL) { 6048 1.23 christos /* 6049 1.23 christos * The digest was explicitly fetched and therefore it is safe to cast 6050 1.23 christos * away the const 6051 1.23 christos */ 6052 1.23 christos EVP_MD_free((EVP_MD *)md); 6053 1.23 christos } 6054 1.23 christos } 6055 1.23 christos 6056 1.23 christos int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey) 6057 1.23 christos { 6058 1.23 christos if (!ssl_security(s, SSL_SECOP_TMP_DH, 6059 1.23 christos EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { 6060 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); 6061 1.23 christos return 0; 6062 1.23 christos } 6063 1.23 christos EVP_PKEY_free(s->cert->dh_tmp); 6064 1.23 christos s->cert->dh_tmp = dhpkey; 6065 1.23 christos return 1; 6066 1.23 christos } 6067 1.23 christos 6068 1.23 christos int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey) 6069 1.23 christos { 6070 1.23 christos if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, 6071 1.23 christos EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { 6072 1.23 christos ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); 6073 1.23 christos return 0; 6074 1.23 christos } 6075 1.23 christos EVP_PKEY_free(ctx->cert->dh_tmp); 6076 1.23 christos ctx->cert->dh_tmp = dhpkey; 6077 1.23 christos return 1; 6078 1.23 christos } 6079
Indexes created Sun Mar 01 05:31:48 UTC 2026