ssl_lib.c 188 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943
  1. /*
  2. * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  4. * Copyright 2005 Nokia. All rights reserved.
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include <stdio.h>
  12. #include "ssl_local.h"
  13. #include "internal/e_os.h"
  14. #include <openssl/objects.h>
  15. #include <openssl/x509v3.h>
  16. #include <openssl/rand.h>
  17. #include <openssl/ocsp.h>
  18. #include <openssl/dh.h>
  19. #include <openssl/engine.h>
  20. #include <openssl/async.h>
  21. #include <openssl/ct.h>
  22. #include <openssl/trace.h>
  23. #include <openssl/core_names.h>
  24. #include "internal/cryptlib.h"
  25. #include "internal/refcount.h"
  26. #include "internal/ktls.h"
  27. static int ssl_undefined_function_3(SSL_CONNECTION *sc, unsigned char *r,
  28. unsigned char *s, size_t t, size_t *u)
  29. {
  30. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  31. }
  32. static int ssl_undefined_function_4(SSL_CONNECTION *sc, int r)
  33. {
  34. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  35. }
  36. static size_t ssl_undefined_function_5(SSL_CONNECTION *sc, const char *r,
  37. size_t s, unsigned char *t)
  38. {
  39. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  40. }
  41. static int ssl_undefined_function_6(int r)
  42. {
  43. return ssl_undefined_function(NULL);
  44. }
  45. static int ssl_undefined_function_7(SSL_CONNECTION *sc, unsigned char *r,
  46. size_t s, const char *t, size_t u,
  47. const unsigned char *v, size_t w, int x)
  48. {
  49. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  50. }
  51. static int ssl_undefined_function_8(SSL_CONNECTION *sc)
  52. {
  53. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  54. }
  55. SSL3_ENC_METHOD ssl3_undef_enc_method = {
  56. ssl_undefined_function_8,
  57. ssl_undefined_function_3,
  58. ssl_undefined_function_4,
  59. ssl_undefined_function_5,
  60. NULL, /* client_finished_label */
  61. 0, /* client_finished_label_len */
  62. NULL, /* server_finished_label */
  63. 0, /* server_finished_label_len */
  64. ssl_undefined_function_6,
  65. ssl_undefined_function_7,
  66. };
  67. struct ssl_async_args {
  68. SSL *s;
  69. void *buf;
  70. size_t num;
  71. enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
  72. union {
  73. int (*func_read) (SSL *, void *, size_t, size_t *);
  74. int (*func_write) (SSL *, const void *, size_t, size_t *);
  75. int (*func_other) (SSL *);
  76. } f;
  77. };
  78. static const struct {
  79. uint8_t mtype;
  80. uint8_t ord;
  81. int nid;
  82. } dane_mds[] = {
  83. {
  84. DANETLS_MATCHING_FULL, 0, NID_undef
  85. },
  86. {
  87. DANETLS_MATCHING_2256, 1, NID_sha256
  88. },
  89. {
  90. DANETLS_MATCHING_2512, 2, NID_sha512
  91. },
  92. };
  93. static int dane_ctx_enable(struct dane_ctx_st *dctx)
  94. {
  95. const EVP_MD **mdevp;
  96. uint8_t *mdord;
  97. uint8_t mdmax = DANETLS_MATCHING_LAST;
  98. int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */
  99. size_t i;
  100. if (dctx->mdevp != NULL)
  101. return 1;
  102. mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
  103. mdord = OPENSSL_zalloc(n * sizeof(*mdord));
  104. if (mdord == NULL || mdevp == NULL) {
  105. OPENSSL_free(mdord);
  106. OPENSSL_free(mdevp);
  107. return 0;
  108. }
  109. /* Install default entries */
  110. for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
  111. const EVP_MD *md;
  112. if (dane_mds[i].nid == NID_undef ||
  113. (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
  114. continue;
  115. mdevp[dane_mds[i].mtype] = md;
  116. mdord[dane_mds[i].mtype] = dane_mds[i].ord;
  117. }
  118. dctx->mdevp = mdevp;
  119. dctx->mdord = mdord;
  120. dctx->mdmax = mdmax;
  121. return 1;
  122. }
  123. static void dane_ctx_final(struct dane_ctx_st *dctx)
  124. {
  125. OPENSSL_free(dctx->mdevp);
  126. dctx->mdevp = NULL;
  127. OPENSSL_free(dctx->mdord);
  128. dctx->mdord = NULL;
  129. dctx->mdmax = 0;
  130. }
  131. static void tlsa_free(danetls_record *t)
  132. {
  133. if (t == NULL)
  134. return;
  135. OPENSSL_free(t->data);
  136. EVP_PKEY_free(t->spki);
  137. OPENSSL_free(t);
  138. }
  139. static void dane_final(SSL_DANE *dane)
  140. {
  141. sk_danetls_record_pop_free(dane->trecs, tlsa_free);
  142. dane->trecs = NULL;
  143. OSSL_STACK_OF_X509_free(dane->certs);
  144. dane->certs = NULL;
  145. X509_free(dane->mcert);
  146. dane->mcert = NULL;
  147. dane->mtlsa = NULL;
  148. dane->mdpth = -1;
  149. dane->pdpth = -1;
  150. }
  151. /*
  152. * dane_copy - Copy dane configuration, sans verification state.
  153. */
  154. static int ssl_dane_dup(SSL_CONNECTION *to, SSL_CONNECTION *from)
  155. {
  156. int num;
  157. int i;
  158. if (!DANETLS_ENABLED(&from->dane))
  159. return 1;
  160. num = sk_danetls_record_num(from->dane.trecs);
  161. dane_final(&to->dane);
  162. to->dane.flags = from->dane.flags;
  163. to->dane.dctx = &SSL_CONNECTION_GET_CTX(to)->dane;
  164. to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
  165. if (to->dane.trecs == NULL) {
  166. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  167. return 0;
  168. }
  169. for (i = 0; i < num; ++i) {
  170. danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
  171. if (SSL_dane_tlsa_add(SSL_CONNECTION_GET_SSL(to), t->usage,
  172. t->selector, t->mtype, t->data, t->dlen) <= 0)
  173. return 0;
  174. }
  175. return 1;
  176. }
  177. static int dane_mtype_set(struct dane_ctx_st *dctx,
  178. const EVP_MD *md, uint8_t mtype, uint8_t ord)
  179. {
  180. int i;
  181. if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
  182. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
  183. return 0;
  184. }
  185. if (mtype > dctx->mdmax) {
  186. const EVP_MD **mdevp;
  187. uint8_t *mdord;
  188. int n = ((int)mtype) + 1;
  189. mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
  190. if (mdevp == NULL)
  191. return -1;
  192. dctx->mdevp = mdevp;
  193. mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
  194. if (mdord == NULL)
  195. return -1;
  196. dctx->mdord = mdord;
  197. /* Zero-fill any gaps */
  198. for (i = dctx->mdmax + 1; i < mtype; ++i) {
  199. mdevp[i] = NULL;
  200. mdord[i] = 0;
  201. }
  202. dctx->mdmax = mtype;
  203. }
  204. dctx->mdevp[mtype] = md;
  205. /* Coerce ordinal of disabled matching types to 0 */
  206. dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
  207. return 1;
  208. }
  209. static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
  210. {
  211. if (mtype > dane->dctx->mdmax)
  212. return NULL;
  213. return dane->dctx->mdevp[mtype];
  214. }
  215. static int dane_tlsa_add(SSL_DANE *dane,
  216. uint8_t usage,
  217. uint8_t selector,
  218. uint8_t mtype, const unsigned char *data, size_t dlen)
  219. {
  220. danetls_record *t;
  221. const EVP_MD *md = NULL;
  222. int ilen = (int)dlen;
  223. int i;
  224. int num;
  225. if (dane->trecs == NULL) {
  226. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_NOT_ENABLED);
  227. return -1;
  228. }
  229. if (ilen < 0 || dlen != (size_t)ilen) {
  230. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
  231. return 0;
  232. }
  233. if (usage > DANETLS_USAGE_LAST) {
  234. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
  235. return 0;
  236. }
  237. if (selector > DANETLS_SELECTOR_LAST) {
  238. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_SELECTOR);
  239. return 0;
  240. }
  241. if (mtype != DANETLS_MATCHING_FULL) {
  242. md = tlsa_md_get(dane, mtype);
  243. if (md == NULL) {
  244. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
  245. return 0;
  246. }
  247. }
  248. if (md != NULL && dlen != (size_t)EVP_MD_get_size(md)) {
  249. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
  250. return 0;
  251. }
  252. if (!data) {
  253. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_NULL_DATA);
  254. return 0;
  255. }
  256. if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL)
  257. return -1;
  258. t->usage = usage;
  259. t->selector = selector;
  260. t->mtype = mtype;
  261. t->data = OPENSSL_malloc(dlen);
  262. if (t->data == NULL) {
  263. tlsa_free(t);
  264. return -1;
  265. }
  266. memcpy(t->data, data, dlen);
  267. t->dlen = dlen;
  268. /* Validate and cache full certificate or public key */
  269. if (mtype == DANETLS_MATCHING_FULL) {
  270. const unsigned char *p = data;
  271. X509 *cert = NULL;
  272. EVP_PKEY *pkey = NULL;
  273. switch (selector) {
  274. case DANETLS_SELECTOR_CERT:
  275. if (!d2i_X509(&cert, &p, ilen) || p < data ||
  276. dlen != (size_t)(p - data)) {
  277. tlsa_free(t);
  278. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  279. return 0;
  280. }
  281. if (X509_get0_pubkey(cert) == NULL) {
  282. tlsa_free(t);
  283. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  284. return 0;
  285. }
  286. if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
  287. X509_free(cert);
  288. break;
  289. }
  290. /*
  291. * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
  292. * records that contain full certificates of trust-anchors that are
  293. * not present in the wire chain. For usage PKIX-TA(0), we augment
  294. * the chain with untrusted Full(0) certificates from DNS, in case
  295. * they are missing from the chain.
  296. */
  297. if ((dane->certs == NULL &&
  298. (dane->certs = sk_X509_new_null()) == NULL) ||
  299. !sk_X509_push(dane->certs, cert)) {
  300. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  301. X509_free(cert);
  302. tlsa_free(t);
  303. return -1;
  304. }
  305. break;
  306. case DANETLS_SELECTOR_SPKI:
  307. if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
  308. dlen != (size_t)(p - data)) {
  309. tlsa_free(t);
  310. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
  311. return 0;
  312. }
  313. /*
  314. * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
  315. * records that contain full bare keys of trust-anchors that are
  316. * not present in the wire chain.
  317. */
  318. if (usage == DANETLS_USAGE_DANE_TA)
  319. t->spki = pkey;
  320. else
  321. EVP_PKEY_free(pkey);
  322. break;
  323. }
  324. }
  325. /*-
  326. * Find the right insertion point for the new record.
  327. *
  328. * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that
  329. * they can be processed first, as they require no chain building, and no
  330. * expiration or hostname checks. Because DANE-EE(3) is numerically
  331. * largest, this is accomplished via descending sort by "usage".
  332. *
  333. * We also sort in descending order by matching ordinal to simplify
  334. * the implementation of digest agility in the verification code.
  335. *
  336. * The choice of order for the selector is not significant, so we
  337. * use the same descending order for consistency.
  338. */
  339. num = sk_danetls_record_num(dane->trecs);
  340. for (i = 0; i < num; ++i) {
  341. danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
  342. if (rec->usage > usage)
  343. continue;
  344. if (rec->usage < usage)
  345. break;
  346. if (rec->selector > selector)
  347. continue;
  348. if (rec->selector < selector)
  349. break;
  350. if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
  351. continue;
  352. break;
  353. }
  354. if (!sk_danetls_record_insert(dane->trecs, t, i)) {
  355. tlsa_free(t);
  356. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  357. return -1;
  358. }
  359. dane->umask |= DANETLS_USAGE_BIT(usage);
  360. return 1;
  361. }
  362. /*
  363. * Return 0 if there is only one version configured and it was disabled
  364. * at configure time. Return 1 otherwise.
  365. */
  366. static int ssl_check_allowed_versions(int min_version, int max_version)
  367. {
  368. int minisdtls = 0, maxisdtls = 0;
  369. /* Figure out if we're doing DTLS versions or TLS versions */
  370. if (min_version == DTLS1_BAD_VER
  371. || min_version >> 8 == DTLS1_VERSION_MAJOR)
  372. minisdtls = 1;
  373. if (max_version == DTLS1_BAD_VER
  374. || max_version >> 8 == DTLS1_VERSION_MAJOR)
  375. maxisdtls = 1;
  376. /* A wildcard version of 0 could be DTLS or TLS. */
  377. if ((minisdtls && !maxisdtls && max_version != 0)
  378. || (maxisdtls && !minisdtls && min_version != 0)) {
  379. /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
  380. return 0;
  381. }
  382. if (minisdtls || maxisdtls) {
  383. /* Do DTLS version checks. */
  384. if (min_version == 0)
  385. /* Ignore DTLS1_BAD_VER */
  386. min_version = DTLS1_VERSION;
  387. if (max_version == 0)
  388. max_version = DTLS1_2_VERSION;
  389. #ifdef OPENSSL_NO_DTLS1_2
  390. if (max_version == DTLS1_2_VERSION)
  391. max_version = DTLS1_VERSION;
  392. #endif
  393. #ifdef OPENSSL_NO_DTLS1
  394. if (min_version == DTLS1_VERSION)
  395. min_version = DTLS1_2_VERSION;
  396. #endif
  397. /* Done massaging versions; do the check. */
  398. if (0
  399. #ifdef OPENSSL_NO_DTLS1
  400. || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
  401. && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
  402. #endif
  403. #ifdef OPENSSL_NO_DTLS1_2
  404. || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
  405. && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
  406. #endif
  407. )
  408. return 0;
  409. } else {
  410. /* Regular TLS version checks. */
  411. if (min_version == 0)
  412. min_version = SSL3_VERSION;
  413. if (max_version == 0)
  414. max_version = TLS1_3_VERSION;
  415. #ifdef OPENSSL_NO_TLS1_3
  416. if (max_version == TLS1_3_VERSION)
  417. max_version = TLS1_2_VERSION;
  418. #endif
  419. #ifdef OPENSSL_NO_TLS1_2
  420. if (max_version == TLS1_2_VERSION)
  421. max_version = TLS1_1_VERSION;
  422. #endif
  423. #ifdef OPENSSL_NO_TLS1_1
  424. if (max_version == TLS1_1_VERSION)
  425. max_version = TLS1_VERSION;
  426. #endif
  427. #ifdef OPENSSL_NO_TLS1
  428. if (max_version == TLS1_VERSION)
  429. max_version = SSL3_VERSION;
  430. #endif
  431. #ifdef OPENSSL_NO_SSL3
  432. if (min_version == SSL3_VERSION)
  433. min_version = TLS1_VERSION;
  434. #endif
  435. #ifdef OPENSSL_NO_TLS1
  436. if (min_version == TLS1_VERSION)
  437. min_version = TLS1_1_VERSION;
  438. #endif
  439. #ifdef OPENSSL_NO_TLS1_1
  440. if (min_version == TLS1_1_VERSION)
  441. min_version = TLS1_2_VERSION;
  442. #endif
  443. #ifdef OPENSSL_NO_TLS1_2
  444. if (min_version == TLS1_2_VERSION)
  445. min_version = TLS1_3_VERSION;
  446. #endif
  447. /* Done massaging versions; do the check. */
  448. if (0
  449. #ifdef OPENSSL_NO_SSL3
  450. || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
  451. #endif
  452. #ifdef OPENSSL_NO_TLS1
  453. || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
  454. #endif
  455. #ifdef OPENSSL_NO_TLS1_1
  456. || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
  457. #endif
  458. #ifdef OPENSSL_NO_TLS1_2
  459. || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
  460. #endif
  461. #ifdef OPENSSL_NO_TLS1_3
  462. || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
  463. #endif
  464. )
  465. return 0;
  466. }
  467. return 1;
  468. }
  469. #if defined(__TANDEM) && defined(OPENSSL_VPROC)
  470. /*
  471. * Define a VPROC function for HP NonStop build ssl library.
  472. * This is used by platform version identification tools.
  473. * Do not inline this procedure or make it static.
  474. */
  475. # define OPENSSL_VPROC_STRING_(x) x##_SSL
  476. # define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x)
  477. # define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC)
  478. void OPENSSL_VPROC_FUNC(void) {}
  479. #endif
  480. static int clear_record_layer(SSL_CONNECTION *s)
  481. {
  482. int ret;
  483. /* We try and reset both record layers even if one fails */
  484. ret = ssl_set_new_record_layer(s,
  485. SSL_CONNECTION_IS_DTLS(s) ? DTLS_ANY_VERSION
  486. : TLS_ANY_VERSION,
  487. OSSL_RECORD_DIRECTION_READ,
  488. OSSL_RECORD_PROTECTION_LEVEL_NONE,
  489. NULL, 0, NULL, 0, NULL, 0, NULL, 0,
  490. NID_undef, NULL, NULL);
  491. ret &= ssl_set_new_record_layer(s,
  492. SSL_CONNECTION_IS_DTLS(s) ? DTLS_ANY_VERSION
  493. : TLS_ANY_VERSION,
  494. OSSL_RECORD_DIRECTION_WRITE,
  495. OSSL_RECORD_PROTECTION_LEVEL_NONE,
  496. NULL, 0, NULL, 0, NULL, 0, NULL, 0,
  497. NID_undef, NULL, NULL);
  498. /* SSLfatal already called in the event of failure */
  499. return ret;
  500. }
  501. int SSL_clear(SSL *s)
  502. {
  503. if (s->method == NULL) {
  504. ERR_raise(ERR_LIB_SSL, SSL_R_NO_METHOD_SPECIFIED);
  505. return 0;
  506. }
  507. return s->method->ssl_reset(s);
  508. }
  509. int ossl_ssl_connection_reset(SSL *s)
  510. {
  511. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  512. if (sc == NULL)
  513. return 0;
  514. if (ssl_clear_bad_session(sc)) {
  515. SSL_SESSION_free(sc->session);
  516. sc->session = NULL;
  517. }
  518. SSL_SESSION_free(sc->psksession);
  519. sc->psksession = NULL;
  520. OPENSSL_free(sc->psksession_id);
  521. sc->psksession_id = NULL;
  522. sc->psksession_id_len = 0;
  523. sc->hello_retry_request = 0;
  524. sc->sent_tickets = 0;
  525. sc->error = 0;
  526. sc->hit = 0;
  527. sc->shutdown = 0;
  528. if (sc->renegotiate) {
  529. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  530. return 0;
  531. }
  532. ossl_statem_clear(sc);
  533. /* TODO(QUIC): Version handling not yet clear */
  534. sc->version = s->method->version;
  535. sc->client_version = sc->version;
  536. sc->rwstate = SSL_NOTHING;
  537. BUF_MEM_free(sc->init_buf);
  538. sc->init_buf = NULL;
  539. sc->first_packet = 0;
  540. sc->key_update = SSL_KEY_UPDATE_NONE;
  541. memset(sc->ext.compress_certificate_from_peer, 0,
  542. sizeof(sc->ext.compress_certificate_from_peer));
  543. sc->ext.compress_certificate_sent = 0;
  544. EVP_MD_CTX_free(sc->pha_dgst);
  545. sc->pha_dgst = NULL;
  546. /* Reset DANE verification result state */
  547. sc->dane.mdpth = -1;
  548. sc->dane.pdpth = -1;
  549. X509_free(sc->dane.mcert);
  550. sc->dane.mcert = NULL;
  551. sc->dane.mtlsa = NULL;
  552. /* Clear the verification result peername */
  553. X509_VERIFY_PARAM_move_peername(sc->param, NULL);
  554. /* Clear any shared connection state */
  555. OPENSSL_free(sc->shared_sigalgs);
  556. sc->shared_sigalgs = NULL;
  557. sc->shared_sigalgslen = 0;
  558. /*
  559. * Check to see if we were changed into a different method, if so, revert
  560. * back.
  561. */
  562. if (s->method != SSL_CONNECTION_GET_CTX(sc)->method) {
  563. s->method->ssl_deinit(s);
  564. s->method = SSL_CONNECTION_GET_CTX(sc)->method;
  565. if (!s->method->ssl_init(s))
  566. return 0;
  567. } else {
  568. if (!s->method->ssl_clear(s))
  569. return 0;
  570. }
  571. RECORD_LAYER_clear(&sc->rlayer);
  572. BIO_free(sc->rlayer.rrlnext);
  573. sc->rlayer.rrlnext = NULL;
  574. if (!clear_record_layer(sc))
  575. return 0;
  576. return 1;
  577. }
  578. #ifndef OPENSSL_NO_DEPRECATED_3_0
  579. /** Used to change an SSL_CTXs default SSL method type */
  580. int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
  581. {
  582. STACK_OF(SSL_CIPHER) *sk;
  583. ctx->method = meth;
  584. if (!SSL_CTX_set_ciphersuites(ctx, OSSL_default_ciphersuites())) {
  585. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
  586. return 0;
  587. }
  588. sk = ssl_create_cipher_list(ctx,
  589. ctx->tls13_ciphersuites,
  590. &(ctx->cipher_list),
  591. &(ctx->cipher_list_by_id),
  592. OSSL_default_cipher_list(), ctx->cert);
  593. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
  594. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
  595. return 0;
  596. }
  597. return 1;
  598. }
  599. #endif
  600. SSL *SSL_new(SSL_CTX *ctx)
  601. {
  602. if (ctx == NULL) {
  603. ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_CTX);
  604. return NULL;
  605. }
  606. if (ctx->method == NULL) {
  607. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
  608. return NULL;
  609. }
  610. return ctx->method->ssl_new(ctx);
  611. }
  612. int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, int type)
  613. {
  614. ssl->type = type;
  615. ssl->references = 1;
  616. ssl->lock = CRYPTO_THREAD_lock_new();
  617. if (ssl->lock == NULL)
  618. return 0;
  619. SSL_CTX_up_ref(ctx);
  620. ssl->ctx = ctx;
  621. ssl->method = ctx->method;
  622. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data))
  623. return 0;
  624. return 1;
  625. }
  626. SSL *ossl_ssl_connection_new(SSL_CTX *ctx)
  627. {
  628. SSL_CONNECTION *s;
  629. SSL *ssl;
  630. s = OPENSSL_zalloc(sizeof(*s));
  631. if (s == NULL)
  632. return NULL;
  633. ssl = &s->ssl;
  634. if (!ossl_ssl_init(ssl, ctx, SSL_TYPE_SSL_CONNECTION)) {
  635. OPENSSL_free(s);
  636. s = NULL;
  637. goto sslerr;
  638. }
  639. #ifndef OPENSSL_NO_QUIC
  640. /* set the parent (user visible) ssl to self */
  641. s->user_ssl = ssl;
  642. #endif
  643. RECORD_LAYER_init(&s->rlayer, s);
  644. s->options = ctx->options;
  645. s->dane.flags = ctx->dane.flags;
  646. s->min_proto_version = ctx->min_proto_version;
  647. s->max_proto_version = ctx->max_proto_version;
  648. s->mode = ctx->mode;
  649. s->max_cert_list = ctx->max_cert_list;
  650. s->max_early_data = ctx->max_early_data;
  651. s->recv_max_early_data = ctx->recv_max_early_data;
  652. s->num_tickets = ctx->num_tickets;
  653. s->pha_enabled = ctx->pha_enabled;
  654. /* Shallow copy of the ciphersuites stack */
  655. s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
  656. if (s->tls13_ciphersuites == NULL)
  657. goto cerr;
  658. /*
  659. * Earlier library versions used to copy the pointer to the CERT, not
  660. * its contents; only when setting new parameters for the per-SSL
  661. * copy, ssl_cert_new would be called (and the direct reference to
  662. * the per-SSL_CTX settings would be lost, but those still were
  663. * indirectly accessed for various purposes, and for that reason they
  664. * used to be known as s->ctx->default_cert). Now we don't look at the
  665. * SSL_CTX's CERT after having duplicated it once.
  666. */
  667. s->cert = ssl_cert_dup(ctx->cert);
  668. if (s->cert == NULL)
  669. goto sslerr;
  670. RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
  671. s->msg_callback = ctx->msg_callback;
  672. s->msg_callback_arg = ctx->msg_callback_arg;
  673. s->verify_mode = ctx->verify_mode;
  674. s->not_resumable_session_cb = ctx->not_resumable_session_cb;
  675. s->rlayer.record_padding_cb = ctx->record_padding_cb;
  676. s->rlayer.record_padding_arg = ctx->record_padding_arg;
  677. s->rlayer.block_padding = ctx->block_padding;
  678. s->sid_ctx_length = ctx->sid_ctx_length;
  679. if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
  680. goto err;
  681. memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
  682. s->verify_callback = ctx->default_verify_callback;
  683. s->generate_session_id = ctx->generate_session_id;
  684. s->param = X509_VERIFY_PARAM_new();
  685. if (s->param == NULL)
  686. goto asn1err;
  687. X509_VERIFY_PARAM_inherit(s->param, ctx->param);
  688. s->quiet_shutdown = ctx->quiet_shutdown;
  689. s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
  690. s->max_send_fragment = ctx->max_send_fragment;
  691. s->split_send_fragment = ctx->split_send_fragment;
  692. s->max_pipelines = ctx->max_pipelines;
  693. s->rlayer.default_read_buf_len = ctx->default_read_buf_len;
  694. s->ext.debug_cb = 0;
  695. s->ext.debug_arg = NULL;
  696. s->ext.ticket_expected = 0;
  697. s->ext.status_type = ctx->ext.status_type;
  698. s->ext.status_expected = 0;
  699. s->ext.ocsp.ids = NULL;
  700. s->ext.ocsp.exts = NULL;
  701. s->ext.ocsp.resp = NULL;
  702. s->ext.ocsp.resp_len = 0;
  703. SSL_CTX_up_ref(ctx);
  704. s->session_ctx = ctx;
  705. if (ctx->ext.ecpointformats) {
  706. s->ext.ecpointformats =
  707. OPENSSL_memdup(ctx->ext.ecpointformats,
  708. ctx->ext.ecpointformats_len);
  709. if (!s->ext.ecpointformats) {
  710. s->ext.ecpointformats_len = 0;
  711. goto err;
  712. }
  713. s->ext.ecpointformats_len =
  714. ctx->ext.ecpointformats_len;
  715. }
  716. if (ctx->ext.supportedgroups) {
  717. s->ext.supportedgroups =
  718. OPENSSL_memdup(ctx->ext.supportedgroups,
  719. ctx->ext.supportedgroups_len
  720. * sizeof(*ctx->ext.supportedgroups));
  721. if (!s->ext.supportedgroups) {
  722. s->ext.supportedgroups_len = 0;
  723. goto err;
  724. }
  725. s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
  726. }
  727. #ifndef OPENSSL_NO_NEXTPROTONEG
  728. s->ext.npn = NULL;
  729. #endif
  730. if (ctx->ext.alpn != NULL) {
  731. s->ext.alpn = OPENSSL_malloc(ctx->ext.alpn_len);
  732. if (s->ext.alpn == NULL) {
  733. s->ext.alpn_len = 0;
  734. goto err;
  735. }
  736. memcpy(s->ext.alpn, ctx->ext.alpn, ctx->ext.alpn_len);
  737. s->ext.alpn_len = ctx->ext.alpn_len;
  738. }
  739. s->verified_chain = NULL;
  740. s->verify_result = X509_V_OK;
  741. s->default_passwd_callback = ctx->default_passwd_callback;
  742. s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
  743. s->key_update = SSL_KEY_UPDATE_NONE;
  744. s->allow_early_data_cb = ctx->allow_early_data_cb;
  745. s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
  746. if (!ssl->method->ssl_init(ssl))
  747. goto sslerr;
  748. s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
  749. if (!SSL_clear(ssl))
  750. goto sslerr;
  751. #ifndef OPENSSL_NO_PSK
  752. s->psk_client_callback = ctx->psk_client_callback;
  753. s->psk_server_callback = ctx->psk_server_callback;
  754. #endif
  755. s->psk_find_session_cb = ctx->psk_find_session_cb;
  756. s->psk_use_session_cb = ctx->psk_use_session_cb;
  757. s->async_cb = ctx->async_cb;
  758. s->async_cb_arg = ctx->async_cb_arg;
  759. s->job = NULL;
  760. #ifndef OPENSSL_NO_COMP_ALG
  761. memcpy(s->cert_comp_prefs, ctx->cert_comp_prefs, sizeof(s->cert_comp_prefs));
  762. #endif
  763. #ifndef OPENSSL_NO_CT
  764. if (!SSL_set_ct_validation_callback(ssl, ctx->ct_validation_callback,
  765. ctx->ct_validation_callback_arg))
  766. goto sslerr;
  767. #endif
  768. return ssl;
  769. cerr:
  770. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  771. goto err;
  772. asn1err:
  773. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  774. goto err;
  775. sslerr:
  776. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  777. err:
  778. SSL_free(ssl);
  779. return NULL;
  780. }
  781. int SSL_is_dtls(const SSL *s)
  782. {
  783. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  784. if (sc == NULL)
  785. return 0;
  786. return SSL_CONNECTION_IS_DTLS(sc) ? 1 : 0;
  787. }
  788. int SSL_up_ref(SSL *s)
  789. {
  790. int i;
  791. if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)
  792. return 0;
  793. REF_PRINT_COUNT("SSL", s);
  794. REF_ASSERT_ISNT(i < 2);
  795. return ((i > 1) ? 1 : 0);
  796. }
  797. int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
  798. unsigned int sid_ctx_len)
  799. {
  800. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  801. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  802. return 0;
  803. }
  804. ctx->sid_ctx_length = sid_ctx_len;
  805. memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
  806. return 1;
  807. }
  808. int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
  809. unsigned int sid_ctx_len)
  810. {
  811. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  812. if (sc == NULL)
  813. return 0;
  814. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  815. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  816. return 0;
  817. }
  818. sc->sid_ctx_length = sid_ctx_len;
  819. memcpy(sc->sid_ctx, sid_ctx, sid_ctx_len);
  820. return 1;
  821. }
  822. int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
  823. {
  824. if (!CRYPTO_THREAD_write_lock(ctx->lock))
  825. return 0;
  826. ctx->generate_session_id = cb;
  827. CRYPTO_THREAD_unlock(ctx->lock);
  828. return 1;
  829. }
  830. int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
  831. {
  832. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  833. if (sc == NULL || !CRYPTO_THREAD_write_lock(ssl->lock))
  834. return 0;
  835. sc->generate_session_id = cb;
  836. CRYPTO_THREAD_unlock(ssl->lock);
  837. return 1;
  838. }
  839. int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
  840. unsigned int id_len)
  841. {
  842. /*
  843. * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
  844. * we can "construct" a session to give us the desired check - i.e. to
  845. * find if there's a session in the hash table that would conflict with
  846. * any new session built out of this id/id_len and the ssl_version in use
  847. * by this SSL.
  848. */
  849. SSL_SESSION r, *p;
  850. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  851. if (sc == NULL || id_len > sizeof(r.session_id))
  852. return 0;
  853. r.ssl_version = sc->version;
  854. r.session_id_length = id_len;
  855. memcpy(r.session_id, id, id_len);
  856. if (!CRYPTO_THREAD_read_lock(sc->session_ctx->lock))
  857. return 0;
  858. p = lh_SSL_SESSION_retrieve(sc->session_ctx->sessions, &r);
  859. CRYPTO_THREAD_unlock(sc->session_ctx->lock);
  860. return (p != NULL);
  861. }
  862. int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
  863. {
  864. return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
  865. }
  866. int SSL_set_purpose(SSL *s, int purpose)
  867. {
  868. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  869. if (sc == NULL)
  870. return 0;
  871. return X509_VERIFY_PARAM_set_purpose(sc->param, purpose);
  872. }
  873. int SSL_CTX_set_trust(SSL_CTX *s, int trust)
  874. {
  875. return X509_VERIFY_PARAM_set_trust(s->param, trust);
  876. }
  877. int SSL_set_trust(SSL *s, int trust)
  878. {
  879. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  880. if (sc == NULL)
  881. return 0;
  882. return X509_VERIFY_PARAM_set_trust(sc->param, trust);
  883. }
  884. int SSL_set1_host(SSL *s, const char *hostname)
  885. {
  886. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  887. if (sc == NULL)
  888. return 0;
  889. /* If a hostname is provided and parses as an IP address,
  890. * treat it as such. */
  891. if (hostname != NULL
  892. && X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname) == 1)
  893. return 1;
  894. return X509_VERIFY_PARAM_set1_host(sc->param, hostname, 0);
  895. }
  896. int SSL_add1_host(SSL *s, const char *hostname)
  897. {
  898. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  899. if (sc == NULL)
  900. return 0;
  901. /* If a hostname is provided and parses as an IP address,
  902. * treat it as such. */
  903. if (hostname)
  904. {
  905. ASN1_OCTET_STRING *ip;
  906. char *old_ip;
  907. ip = a2i_IPADDRESS(hostname);
  908. if (ip) {
  909. /* We didn't want it; only to check if it *is* an IP address */
  910. ASN1_OCTET_STRING_free(ip);
  911. old_ip = X509_VERIFY_PARAM_get1_ip_asc(sc->param);
  912. if (old_ip)
  913. {
  914. OPENSSL_free(old_ip);
  915. /* There can be only one IP address */
  916. return 0;
  917. }
  918. return X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname);
  919. }
  920. }
  921. return X509_VERIFY_PARAM_add1_host(sc->param, hostname, 0);
  922. }
  923. void SSL_set_hostflags(SSL *s, unsigned int flags)
  924. {
  925. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  926. if (sc == NULL)
  927. return;
  928. X509_VERIFY_PARAM_set_hostflags(sc->param, flags);
  929. }
  930. const char *SSL_get0_peername(SSL *s)
  931. {
  932. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  933. if (sc == NULL)
  934. return NULL;
  935. return X509_VERIFY_PARAM_get0_peername(sc->param);
  936. }
  937. int SSL_CTX_dane_enable(SSL_CTX *ctx)
  938. {
  939. return dane_ctx_enable(&ctx->dane);
  940. }
  941. unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
  942. {
  943. unsigned long orig = ctx->dane.flags;
  944. ctx->dane.flags |= flags;
  945. return orig;
  946. }
  947. unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
  948. {
  949. unsigned long orig = ctx->dane.flags;
  950. ctx->dane.flags &= ~flags;
  951. return orig;
  952. }
  953. int SSL_dane_enable(SSL *s, const char *basedomain)
  954. {
  955. SSL_DANE *dane;
  956. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  957. if (sc == NULL)
  958. return 0;
  959. dane = &sc->dane;
  960. if (s->ctx->dane.mdmax == 0) {
  961. ERR_raise(ERR_LIB_SSL, SSL_R_CONTEXT_NOT_DANE_ENABLED);
  962. return 0;
  963. }
  964. if (dane->trecs != NULL) {
  965. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_ALREADY_ENABLED);
  966. return 0;
  967. }
  968. /*
  969. * Default SNI name. This rejects empty names, while set1_host below
  970. * accepts them and disables hostname checks. To avoid side-effects with
  971. * invalid input, set the SNI name first.
  972. */
  973. if (sc->ext.hostname == NULL) {
  974. if (!SSL_set_tlsext_host_name(s, basedomain)) {
  975. ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  976. return -1;
  977. }
  978. }
  979. /* Primary RFC6125 reference identifier */
  980. if (!X509_VERIFY_PARAM_set1_host(sc->param, basedomain, 0)) {
  981. ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  982. return -1;
  983. }
  984. dane->mdpth = -1;
  985. dane->pdpth = -1;
  986. dane->dctx = &s->ctx->dane;
  987. dane->trecs = sk_danetls_record_new_null();
  988. if (dane->trecs == NULL) {
  989. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  990. return -1;
  991. }
  992. return 1;
  993. }
  994. unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
  995. {
  996. unsigned long orig;
  997. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  998. if (sc == NULL)
  999. return 0;
  1000. orig = sc->dane.flags;
  1001. sc->dane.flags |= flags;
  1002. return orig;
  1003. }
  1004. unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
  1005. {
  1006. unsigned long orig;
  1007. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1008. if (sc == NULL)
  1009. return 0;
  1010. orig = sc->dane.flags;
  1011. sc->dane.flags &= ~flags;
  1012. return orig;
  1013. }
  1014. int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
  1015. {
  1016. SSL_DANE *dane;
  1017. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1018. if (sc == NULL)
  1019. return -1;
  1020. dane = &sc->dane;
  1021. if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK)
  1022. return -1;
  1023. if (dane->mtlsa) {
  1024. if (mcert)
  1025. *mcert = dane->mcert;
  1026. if (mspki)
  1027. *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
  1028. }
  1029. return dane->mdpth;
  1030. }
  1031. int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
  1032. uint8_t *mtype, const unsigned char **data, size_t *dlen)
  1033. {
  1034. SSL_DANE *dane;
  1035. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1036. if (sc == NULL)
  1037. return -1;
  1038. dane = &sc->dane;
  1039. if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK)
  1040. return -1;
  1041. if (dane->mtlsa) {
  1042. if (usage)
  1043. *usage = dane->mtlsa->usage;
  1044. if (selector)
  1045. *selector = dane->mtlsa->selector;
  1046. if (mtype)
  1047. *mtype = dane->mtlsa->mtype;
  1048. if (data)
  1049. *data = dane->mtlsa->data;
  1050. if (dlen)
  1051. *dlen = dane->mtlsa->dlen;
  1052. }
  1053. return dane->mdpth;
  1054. }
  1055. SSL_DANE *SSL_get0_dane(SSL *s)
  1056. {
  1057. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1058. if (sc == NULL)
  1059. return NULL;
  1060. return &sc->dane;
  1061. }
  1062. int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
  1063. uint8_t mtype, const unsigned char *data, size_t dlen)
  1064. {
  1065. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1066. if (sc == NULL)
  1067. return 0;
  1068. return dane_tlsa_add(&sc->dane, usage, selector, mtype, data, dlen);
  1069. }
  1070. int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
  1071. uint8_t ord)
  1072. {
  1073. return dane_mtype_set(&ctx->dane, md, mtype, ord);
  1074. }
  1075. int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
  1076. {
  1077. return X509_VERIFY_PARAM_set1(ctx->param, vpm);
  1078. }
  1079. int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
  1080. {
  1081. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1082. if (sc == NULL)
  1083. return 0;
  1084. return X509_VERIFY_PARAM_set1(sc->param, vpm);
  1085. }
  1086. X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
  1087. {
  1088. return ctx->param;
  1089. }
  1090. X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
  1091. {
  1092. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1093. if (sc == NULL)
  1094. return NULL;
  1095. return sc->param;
  1096. }
  1097. void SSL_certs_clear(SSL *s)
  1098. {
  1099. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1100. if (sc == NULL)
  1101. return;
  1102. ssl_cert_clear_certs(sc->cert);
  1103. }
  1104. void SSL_free(SSL *s)
  1105. {
  1106. int i;
  1107. if (s == NULL)
  1108. return;
  1109. CRYPTO_DOWN_REF(&s->references, &i, s->lock);
  1110. REF_PRINT_COUNT("SSL", s);
  1111. if (i > 0)
  1112. return;
  1113. REF_ASSERT_ISNT(i < 0);
  1114. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
  1115. if (s->method != NULL)
  1116. s->method->ssl_free(s);
  1117. SSL_CTX_free(s->ctx);
  1118. CRYPTO_THREAD_lock_free(s->lock);
  1119. OPENSSL_free(s);
  1120. }
  1121. void ossl_ssl_connection_free(SSL *ssl)
  1122. {
  1123. SSL_CONNECTION *s;
  1124. s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  1125. if (s == NULL)
  1126. return;
  1127. X509_VERIFY_PARAM_free(s->param);
  1128. dane_final(&s->dane);
  1129. /* Ignore return value */
  1130. ssl_free_wbio_buffer(s);
  1131. RECORD_LAYER_clear(&s->rlayer);
  1132. BUF_MEM_free(s->init_buf);
  1133. /* add extra stuff */
  1134. sk_SSL_CIPHER_free(s->cipher_list);
  1135. sk_SSL_CIPHER_free(s->cipher_list_by_id);
  1136. sk_SSL_CIPHER_free(s->tls13_ciphersuites);
  1137. sk_SSL_CIPHER_free(s->peer_ciphers);
  1138. /* Make the next call work :-) */
  1139. if (s->session != NULL) {
  1140. ssl_clear_bad_session(s);
  1141. SSL_SESSION_free(s->session);
  1142. }
  1143. SSL_SESSION_free(s->psksession);
  1144. OPENSSL_free(s->psksession_id);
  1145. ssl_cert_free(s->cert);
  1146. OPENSSL_free(s->shared_sigalgs);
  1147. /* Free up if allocated */
  1148. OPENSSL_free(s->ext.hostname);
  1149. SSL_CTX_free(s->session_ctx);
  1150. OPENSSL_free(s->ext.ecpointformats);
  1151. OPENSSL_free(s->ext.peer_ecpointformats);
  1152. OPENSSL_free(s->ext.supportedgroups);
  1153. OPENSSL_free(s->ext.peer_supportedgroups);
  1154. sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
  1155. #ifndef OPENSSL_NO_OCSP
  1156. sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
  1157. #endif
  1158. #ifndef OPENSSL_NO_CT
  1159. SCT_LIST_free(s->scts);
  1160. OPENSSL_free(s->ext.scts);
  1161. #endif
  1162. OPENSSL_free(s->ext.ocsp.resp);
  1163. OPENSSL_free(s->ext.alpn);
  1164. OPENSSL_free(s->ext.tls13_cookie);
  1165. if (s->clienthello != NULL)
  1166. OPENSSL_free(s->clienthello->pre_proc_exts);
  1167. OPENSSL_free(s->clienthello);
  1168. OPENSSL_free(s->pha_context);
  1169. EVP_MD_CTX_free(s->pha_dgst);
  1170. sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
  1171. sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
  1172. OSSL_STACK_OF_X509_free(s->verified_chain);
  1173. if (ssl->method != NULL)
  1174. ssl->method->ssl_deinit(ssl);
  1175. ASYNC_WAIT_CTX_free(s->waitctx);
  1176. #if !defined(OPENSSL_NO_NEXTPROTONEG)
  1177. OPENSSL_free(s->ext.npn);
  1178. #endif
  1179. #ifndef OPENSSL_NO_SRTP
  1180. sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
  1181. #endif
  1182. /*
  1183. * We do this late. We want to ensure that any other references we held to
  1184. * these BIOs are freed first *before* we call BIO_free_all(), because
  1185. * BIO_free_all() will only free each BIO in the chain if the number of
  1186. * references to the first BIO have dropped to 0
  1187. */
  1188. BIO_free_all(s->wbio);
  1189. s->wbio = NULL;
  1190. BIO_free_all(s->rbio);
  1191. s->rbio = NULL;
  1192. }
  1193. void SSL_set0_rbio(SSL *s, BIO *rbio)
  1194. {
  1195. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1196. if (sc == NULL)
  1197. return;
  1198. BIO_free_all(sc->rbio);
  1199. sc->rbio = rbio;
  1200. sc->rlayer.rrlmethod->set1_bio(sc->rlayer.rrl, sc->rbio);
  1201. }
  1202. void SSL_set0_wbio(SSL *s, BIO *wbio)
  1203. {
  1204. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1205. if (sc == NULL)
  1206. return;
  1207. /*
  1208. * If the output buffering BIO is still in place, remove it
  1209. */
  1210. if (sc->bbio != NULL)
  1211. sc->wbio = BIO_pop(sc->wbio);
  1212. BIO_free_all(sc->wbio);
  1213. sc->wbio = wbio;
  1214. /* Re-attach |bbio| to the new |wbio|. */
  1215. if (sc->bbio != NULL)
  1216. sc->wbio = BIO_push(sc->bbio, sc->wbio);
  1217. sc->rlayer.wrlmethod->set1_bio(sc->rlayer.wrl, sc->wbio);
  1218. }
  1219. void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
  1220. {
  1221. /*
  1222. * For historical reasons, this function has many different cases in
  1223. * ownership handling.
  1224. */
  1225. /* If nothing has changed, do nothing */
  1226. if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
  1227. return;
  1228. /*
  1229. * If the two arguments are equal then one fewer reference is granted by the
  1230. * caller than we want to take
  1231. */
  1232. if (rbio != NULL && rbio == wbio)
  1233. BIO_up_ref(rbio);
  1234. /*
  1235. * If only the wbio is changed only adopt one reference.
  1236. */
  1237. if (rbio == SSL_get_rbio(s)) {
  1238. SSL_set0_wbio(s, wbio);
  1239. return;
  1240. }
  1241. /*
  1242. * There is an asymmetry here for historical reasons. If only the rbio is
  1243. * changed AND the rbio and wbio were originally different, then we only
  1244. * adopt one reference.
  1245. */
  1246. if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
  1247. SSL_set0_rbio(s, rbio);
  1248. return;
  1249. }
  1250. /* Otherwise, adopt both references. */
  1251. SSL_set0_rbio(s, rbio);
  1252. SSL_set0_wbio(s, wbio);
  1253. }
  1254. BIO *SSL_get_rbio(const SSL *s)
  1255. {
  1256. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1257. if (sc == NULL)
  1258. return NULL;
  1259. return sc->rbio;
  1260. }
  1261. BIO *SSL_get_wbio(const SSL *s)
  1262. {
  1263. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1264. if (sc == NULL)
  1265. return NULL;
  1266. if (sc->bbio != NULL) {
  1267. /*
  1268. * If |bbio| is active, the true caller-configured BIO is its
  1269. * |next_bio|.
  1270. */
  1271. return BIO_next(sc->bbio);
  1272. }
  1273. return sc->wbio;
  1274. }
  1275. int SSL_get_fd(const SSL *s)
  1276. {
  1277. return SSL_get_rfd(s);
  1278. }
  1279. int SSL_get_rfd(const SSL *s)
  1280. {
  1281. int ret = -1;
  1282. BIO *b, *r;
  1283. b = SSL_get_rbio(s);
  1284. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1285. if (r != NULL)
  1286. BIO_get_fd(r, &ret);
  1287. return ret;
  1288. }
  1289. int SSL_get_wfd(const SSL *s)
  1290. {
  1291. int ret = -1;
  1292. BIO *b, *r;
  1293. b = SSL_get_wbio(s);
  1294. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1295. if (r != NULL)
  1296. BIO_get_fd(r, &ret);
  1297. return ret;
  1298. }
  1299. #ifndef OPENSSL_NO_SOCK
  1300. int SSL_set_fd(SSL *s, int fd)
  1301. {
  1302. int ret = 0;
  1303. BIO *bio = NULL;
  1304. bio = BIO_new(BIO_s_socket());
  1305. if (bio == NULL) {
  1306. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  1307. goto err;
  1308. }
  1309. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1310. SSL_set_bio(s, bio, bio);
  1311. #ifndef OPENSSL_NO_KTLS
  1312. /*
  1313. * The new socket is created successfully regardless of ktls_enable.
  1314. * ktls_enable doesn't change any functionality of the socket, except
  1315. * changing the setsockopt to enable the processing of ktls_start.
  1316. * Thus, it is not a problem to call it for non-TLS sockets.
  1317. */
  1318. ktls_enable(fd);
  1319. #endif /* OPENSSL_NO_KTLS */
  1320. ret = 1;
  1321. err:
  1322. return ret;
  1323. }
  1324. int SSL_set_wfd(SSL *s, int fd)
  1325. {
  1326. BIO *rbio = SSL_get_rbio(s);
  1327. if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
  1328. || (int)BIO_get_fd(rbio, NULL) != fd) {
  1329. BIO *bio = BIO_new(BIO_s_socket());
  1330. if (bio == NULL) {
  1331. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  1332. return 0;
  1333. }
  1334. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1335. SSL_set0_wbio(s, bio);
  1336. #ifndef OPENSSL_NO_KTLS
  1337. /*
  1338. * The new socket is created successfully regardless of ktls_enable.
  1339. * ktls_enable doesn't change any functionality of the socket, except
  1340. * changing the setsockopt to enable the processing of ktls_start.
  1341. * Thus, it is not a problem to call it for non-TLS sockets.
  1342. */
  1343. ktls_enable(fd);
  1344. #endif /* OPENSSL_NO_KTLS */
  1345. } else {
  1346. BIO_up_ref(rbio);
  1347. SSL_set0_wbio(s, rbio);
  1348. }
  1349. return 1;
  1350. }
  1351. int SSL_set_rfd(SSL *s, int fd)
  1352. {
  1353. BIO *wbio = SSL_get_wbio(s);
  1354. if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
  1355. || ((int)BIO_get_fd(wbio, NULL) != fd)) {
  1356. BIO *bio = BIO_new(BIO_s_socket());
  1357. if (bio == NULL) {
  1358. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  1359. return 0;
  1360. }
  1361. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1362. SSL_set0_rbio(s, bio);
  1363. } else {
  1364. BIO_up_ref(wbio);
  1365. SSL_set0_rbio(s, wbio);
  1366. }
  1367. return 1;
  1368. }
  1369. #endif
  1370. /* return length of latest Finished message we sent, copy to 'buf' */
  1371. size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
  1372. {
  1373. size_t ret = 0;
  1374. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1375. if (sc == NULL)
  1376. return 0;
  1377. ret = sc->s3.tmp.finish_md_len;
  1378. if (count > ret)
  1379. count = ret;
  1380. memcpy(buf, sc->s3.tmp.finish_md, count);
  1381. return ret;
  1382. }
  1383. /* return length of latest Finished message we expected, copy to 'buf' */
  1384. size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
  1385. {
  1386. size_t ret = 0;
  1387. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1388. if (sc == NULL)
  1389. return 0;
  1390. ret = sc->s3.tmp.peer_finish_md_len;
  1391. if (count > ret)
  1392. count = ret;
  1393. memcpy(buf, sc->s3.tmp.peer_finish_md, count);
  1394. return ret;
  1395. }
  1396. int SSL_get_verify_mode(const SSL *s)
  1397. {
  1398. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1399. if (sc == NULL)
  1400. return 0;
  1401. return sc->verify_mode;
  1402. }
  1403. int SSL_get_verify_depth(const SSL *s)
  1404. {
  1405. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1406. if (sc == NULL)
  1407. return 0;
  1408. return X509_VERIFY_PARAM_get_depth(sc->param);
  1409. }
  1410. int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
  1411. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1412. if (sc == NULL)
  1413. return NULL;
  1414. return sc->verify_callback;
  1415. }
  1416. int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
  1417. {
  1418. return ctx->verify_mode;
  1419. }
  1420. int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
  1421. {
  1422. return X509_VERIFY_PARAM_get_depth(ctx->param);
  1423. }
  1424. int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
  1425. return ctx->default_verify_callback;
  1426. }
  1427. void SSL_set_verify(SSL *s, int mode,
  1428. int (*callback) (int ok, X509_STORE_CTX *ctx))
  1429. {
  1430. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1431. if (sc == NULL)
  1432. return;
  1433. sc->verify_mode = mode;
  1434. if (callback != NULL)
  1435. sc->verify_callback = callback;
  1436. }
  1437. void SSL_set_verify_depth(SSL *s, int depth)
  1438. {
  1439. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1440. if (sc == NULL)
  1441. return;
  1442. X509_VERIFY_PARAM_set_depth(sc->param, depth);
  1443. }
  1444. void SSL_set_read_ahead(SSL *s, int yes)
  1445. {
  1446. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1447. OSSL_PARAM options[2], *opts = options;
  1448. if (sc == NULL)
  1449. return;
  1450. RECORD_LAYER_set_read_ahead(&sc->rlayer, yes);
  1451. *opts++ = OSSL_PARAM_construct_int(OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD,
  1452. &sc->rlayer.read_ahead);
  1453. *opts = OSSL_PARAM_construct_end();
  1454. /* Ignore return value */
  1455. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  1456. }
  1457. int SSL_get_read_ahead(const SSL *s)
  1458. {
  1459. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1460. if (sc == NULL)
  1461. return 0;
  1462. return RECORD_LAYER_get_read_ahead(&sc->rlayer);
  1463. }
  1464. int SSL_pending(const SSL *s)
  1465. {
  1466. size_t pending = s->method->ssl_pending(s);
  1467. /*
  1468. * SSL_pending cannot work properly if read-ahead is enabled
  1469. * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
  1470. * impossible to fix since SSL_pending cannot report errors that may be
  1471. * observed while scanning the new data. (Note that SSL_pending() is
  1472. * often used as a boolean value, so we'd better not return -1.)
  1473. *
  1474. * SSL_pending also cannot work properly if the value >INT_MAX. In that case
  1475. * we just return INT_MAX.
  1476. */
  1477. return pending < INT_MAX ? (int)pending : INT_MAX;
  1478. }
  1479. int SSL_has_pending(const SSL *s)
  1480. {
  1481. /*
  1482. * Similar to SSL_pending() but returns a 1 to indicate that we have
  1483. * processed or unprocessed data available or 0 otherwise (as opposed to the
  1484. * number of bytes available). Unlike SSL_pending() this will take into
  1485. * account read_ahead data. A 1 return simply indicates that we have data.
  1486. * That data may not result in any application data, or we may fail to parse
  1487. * the records for some reason.
  1488. */
  1489. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1490. /* Check buffered app data if any first */
  1491. if (SSL_CONNECTION_IS_DTLS(sc)) {
  1492. TLS_RECORD *rdata;
  1493. pitem *item, *iter;
  1494. iter = pqueue_iterator(sc->rlayer.d->buffered_app_data.q);
  1495. while ((item = pqueue_next(&iter)) != NULL) {
  1496. rdata = item->data;
  1497. if (rdata->length > 0)
  1498. return 1;
  1499. }
  1500. }
  1501. if (RECORD_LAYER_processed_read_pending(&sc->rlayer))
  1502. return 1;
  1503. return RECORD_LAYER_read_pending(&sc->rlayer);
  1504. }
  1505. X509 *SSL_get1_peer_certificate(const SSL *s)
  1506. {
  1507. X509 *r = SSL_get0_peer_certificate(s);
  1508. if (r != NULL)
  1509. X509_up_ref(r);
  1510. return r;
  1511. }
  1512. X509 *SSL_get0_peer_certificate(const SSL *s)
  1513. {
  1514. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1515. if (sc == NULL)
  1516. return NULL;
  1517. if (sc->session == NULL)
  1518. return NULL;
  1519. else
  1520. return sc->session->peer;
  1521. }
  1522. STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
  1523. {
  1524. STACK_OF(X509) *r;
  1525. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1526. if (sc == NULL)
  1527. return NULL;
  1528. if (sc->session == NULL)
  1529. r = NULL;
  1530. else
  1531. r = sc->session->peer_chain;
  1532. /*
  1533. * If we are a client, cert_chain includes the peer's own certificate; if
  1534. * we are a server, it does not.
  1535. */
  1536. return r;
  1537. }
  1538. /*
  1539. * Now in theory, since the calling process own 't' it should be safe to
  1540. * modify. We need to be able to read f without being hassled
  1541. */
  1542. int SSL_copy_session_id(SSL *t, const SSL *f)
  1543. {
  1544. int i;
  1545. /* TODO(QUIC): Do we want to support this for QUIC connections? */
  1546. SSL_CONNECTION *tsc = SSL_CONNECTION_FROM_SSL_ONLY(t);
  1547. const SSL_CONNECTION *fsc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(f);
  1548. if (tsc == NULL || fsc == NULL)
  1549. return 0;
  1550. /* Do we need to do SSL locking? */
  1551. if (!SSL_set_session(t, SSL_get_session(f))) {
  1552. return 0;
  1553. }
  1554. /*
  1555. * what if we are setup for one protocol version but want to talk another
  1556. */
  1557. if (t->method != f->method) {
  1558. t->method->ssl_deinit(t);
  1559. t->method = f->method;
  1560. if (t->method->ssl_init(t) == 0)
  1561. return 0;
  1562. }
  1563. CRYPTO_UP_REF(&fsc->cert->references, &i, fsc->cert->lock);
  1564. ssl_cert_free(tsc->cert);
  1565. tsc->cert = fsc->cert;
  1566. if (!SSL_set_session_id_context(t, fsc->sid_ctx, (int)fsc->sid_ctx_length)) {
  1567. return 0;
  1568. }
  1569. return 1;
  1570. }
  1571. /* Fix this so it checks all the valid key/cert options */
  1572. int SSL_CTX_check_private_key(const SSL_CTX *ctx)
  1573. {
  1574. if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
  1575. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1576. return 0;
  1577. }
  1578. if (ctx->cert->key->privatekey == NULL) {
  1579. ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1580. return 0;
  1581. }
  1582. return X509_check_private_key
  1583. (ctx->cert->key->x509, ctx->cert->key->privatekey);
  1584. }
  1585. /* Fix this function so that it takes an optional type parameter */
  1586. int SSL_check_private_key(const SSL *ssl)
  1587. {
  1588. const SSL_CONNECTION *sc;
  1589. if ((sc = SSL_CONNECTION_FROM_CONST_SSL(ssl)) == NULL) {
  1590. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  1591. return 0;
  1592. }
  1593. if (sc->cert->key->x509 == NULL) {
  1594. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1595. return 0;
  1596. }
  1597. if (sc->cert->key->privatekey == NULL) {
  1598. ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1599. return 0;
  1600. }
  1601. return X509_check_private_key(sc->cert->key->x509,
  1602. sc->cert->key->privatekey);
  1603. }
  1604. int SSL_waiting_for_async(SSL *s)
  1605. {
  1606. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1607. if (sc == NULL)
  1608. return 0;
  1609. if (sc->job)
  1610. return 1;
  1611. return 0;
  1612. }
  1613. int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
  1614. {
  1615. ASYNC_WAIT_CTX *ctx;
  1616. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1617. if (sc == NULL)
  1618. return 0;
  1619. if ((ctx = sc->waitctx) == NULL)
  1620. return 0;
  1621. return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
  1622. }
  1623. int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
  1624. OSSL_ASYNC_FD *delfd, size_t *numdelfds)
  1625. {
  1626. ASYNC_WAIT_CTX *ctx;
  1627. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1628. if (sc == NULL)
  1629. return 0;
  1630. if ((ctx = sc->waitctx) == NULL)
  1631. return 0;
  1632. return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
  1633. numdelfds);
  1634. }
  1635. int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback)
  1636. {
  1637. ctx->async_cb = callback;
  1638. return 1;
  1639. }
  1640. int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg)
  1641. {
  1642. ctx->async_cb_arg = arg;
  1643. return 1;
  1644. }
  1645. int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback)
  1646. {
  1647. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1648. if (sc == NULL)
  1649. return 0;
  1650. sc->async_cb = callback;
  1651. return 1;
  1652. }
  1653. int SSL_set_async_callback_arg(SSL *s, void *arg)
  1654. {
  1655. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1656. if (sc == NULL)
  1657. return 0;
  1658. sc->async_cb_arg = arg;
  1659. return 1;
  1660. }
  1661. int SSL_get_async_status(SSL *s, int *status)
  1662. {
  1663. ASYNC_WAIT_CTX *ctx;
  1664. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1665. if (sc == NULL)
  1666. return 0;
  1667. if ((ctx = sc->waitctx) == NULL)
  1668. return 0;
  1669. *status = ASYNC_WAIT_CTX_get_status(ctx);
  1670. return 1;
  1671. }
  1672. int SSL_accept(SSL *s)
  1673. {
  1674. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1675. if (sc == NULL)
  1676. return 0;
  1677. if (sc->handshake_func == NULL) {
  1678. /* Not properly initialized yet */
  1679. SSL_set_accept_state(s);
  1680. }
  1681. return SSL_do_handshake(s);
  1682. }
  1683. int SSL_connect(SSL *s)
  1684. {
  1685. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1686. if (sc == NULL)
  1687. return 0;
  1688. if (sc->handshake_func == NULL) {
  1689. /* Not properly initialized yet */
  1690. SSL_set_connect_state(s);
  1691. }
  1692. return SSL_do_handshake(s);
  1693. }
  1694. long SSL_get_default_timeout(const SSL *s)
  1695. {
  1696. return (long int)ossl_time2seconds(s->method->get_timeout());
  1697. }
  1698. static int ssl_async_wait_ctx_cb(void *arg)
  1699. {
  1700. SSL *s = (SSL *)arg;
  1701. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1702. if (sc == NULL)
  1703. return 0;
  1704. return sc->async_cb(s, sc->async_cb_arg);
  1705. }
  1706. static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
  1707. int (*func) (void *))
  1708. {
  1709. int ret;
  1710. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1711. if (sc == NULL)
  1712. return 0;
  1713. if (sc->waitctx == NULL) {
  1714. sc->waitctx = ASYNC_WAIT_CTX_new();
  1715. if (sc->waitctx == NULL)
  1716. return -1;
  1717. if (sc->async_cb != NULL
  1718. && !ASYNC_WAIT_CTX_set_callback
  1719. (sc->waitctx, ssl_async_wait_ctx_cb, s))
  1720. return -1;
  1721. }
  1722. sc->rwstate = SSL_NOTHING;
  1723. switch (ASYNC_start_job(&sc->job, sc->waitctx, &ret, func, args,
  1724. sizeof(struct ssl_async_args))) {
  1725. case ASYNC_ERR:
  1726. sc->rwstate = SSL_NOTHING;
  1727. ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_INIT_ASYNC);
  1728. return -1;
  1729. case ASYNC_PAUSE:
  1730. sc->rwstate = SSL_ASYNC_PAUSED;
  1731. return -1;
  1732. case ASYNC_NO_JOBS:
  1733. sc->rwstate = SSL_ASYNC_NO_JOBS;
  1734. return -1;
  1735. case ASYNC_FINISH:
  1736. sc->job = NULL;
  1737. return ret;
  1738. default:
  1739. sc->rwstate = SSL_NOTHING;
  1740. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  1741. /* Shouldn't happen */
  1742. return -1;
  1743. }
  1744. }
  1745. static int ssl_io_intern(void *vargs)
  1746. {
  1747. struct ssl_async_args *args;
  1748. SSL *s;
  1749. void *buf;
  1750. size_t num;
  1751. SSL_CONNECTION *sc;
  1752. args = (struct ssl_async_args *)vargs;
  1753. s = args->s;
  1754. buf = args->buf;
  1755. num = args->num;
  1756. if ((sc = SSL_CONNECTION_FROM_SSL(s)) == NULL)
  1757. return -1;
  1758. switch (args->type) {
  1759. case READFUNC:
  1760. return args->f.func_read(s, buf, num, &sc->asyncrw);
  1761. case WRITEFUNC:
  1762. return args->f.func_write(s, buf, num, &sc->asyncrw);
  1763. case OTHERFUNC:
  1764. return args->f.func_other(s);
  1765. }
  1766. return -1;
  1767. }
  1768. int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  1769. {
  1770. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1771. if (sc == NULL)
  1772. return -1;
  1773. if (sc->handshake_func == NULL) {
  1774. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  1775. return -1;
  1776. }
  1777. if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
  1778. sc->rwstate = SSL_NOTHING;
  1779. return 0;
  1780. }
  1781. if (sc->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  1782. || sc->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
  1783. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1784. return 0;
  1785. }
  1786. /*
  1787. * If we are a client and haven't received the ServerHello etc then we
  1788. * better do that
  1789. */
  1790. ossl_statem_check_finish_init(sc, 0);
  1791. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1792. struct ssl_async_args args;
  1793. int ret;
  1794. args.s = s;
  1795. args.buf = buf;
  1796. args.num = num;
  1797. args.type = READFUNC;
  1798. args.f.func_read = s->method->ssl_read;
  1799. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1800. *readbytes = sc->asyncrw;
  1801. return ret;
  1802. } else {
  1803. return s->method->ssl_read(s, buf, num, readbytes);
  1804. }
  1805. }
  1806. int SSL_read(SSL *s, void *buf, int num)
  1807. {
  1808. int ret;
  1809. size_t readbytes;
  1810. if (num < 0) {
  1811. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  1812. return -1;
  1813. }
  1814. ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
  1815. /*
  1816. * The cast is safe here because ret should be <= INT_MAX because num is
  1817. * <= INT_MAX
  1818. */
  1819. if (ret > 0)
  1820. ret = (int)readbytes;
  1821. return ret;
  1822. }
  1823. int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  1824. {
  1825. int ret = ssl_read_internal(s, buf, num, readbytes);
  1826. if (ret < 0)
  1827. ret = 0;
  1828. return ret;
  1829. }
  1830. int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
  1831. {
  1832. int ret;
  1833. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  1834. /* TODO(QUIC): This will need special handling for QUIC */
  1835. if (sc == NULL)
  1836. return 0;
  1837. if (!sc->server) {
  1838. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1839. return SSL_READ_EARLY_DATA_ERROR;
  1840. }
  1841. switch (sc->early_data_state) {
  1842. case SSL_EARLY_DATA_NONE:
  1843. if (!SSL_in_before(s)) {
  1844. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1845. return SSL_READ_EARLY_DATA_ERROR;
  1846. }
  1847. /* fall through */
  1848. case SSL_EARLY_DATA_ACCEPT_RETRY:
  1849. sc->early_data_state = SSL_EARLY_DATA_ACCEPTING;
  1850. ret = SSL_accept(s);
  1851. if (ret <= 0) {
  1852. /* NBIO or error */
  1853. sc->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
  1854. return SSL_READ_EARLY_DATA_ERROR;
  1855. }
  1856. /* fall through */
  1857. case SSL_EARLY_DATA_READ_RETRY:
  1858. if (sc->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
  1859. sc->early_data_state = SSL_EARLY_DATA_READING;
  1860. ret = SSL_read_ex(s, buf, num, readbytes);
  1861. /*
  1862. * State machine will update early_data_state to
  1863. * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
  1864. * message
  1865. */
  1866. if (ret > 0 || (ret <= 0 && sc->early_data_state
  1867. != SSL_EARLY_DATA_FINISHED_READING)) {
  1868. sc->early_data_state = SSL_EARLY_DATA_READ_RETRY;
  1869. return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
  1870. : SSL_READ_EARLY_DATA_ERROR;
  1871. }
  1872. } else {
  1873. sc->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
  1874. }
  1875. *readbytes = 0;
  1876. return SSL_READ_EARLY_DATA_FINISH;
  1877. default:
  1878. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1879. return SSL_READ_EARLY_DATA_ERROR;
  1880. }
  1881. }
  1882. int SSL_get_early_data_status(const SSL *s)
  1883. {
  1884. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  1885. /* TODO(QUIC): This will need special handling for QUIC */
  1886. if (sc == NULL)
  1887. return 0;
  1888. return sc->ext.early_data;
  1889. }
  1890. static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  1891. {
  1892. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1893. if (sc == NULL)
  1894. return 0;
  1895. if (sc->handshake_func == NULL) {
  1896. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  1897. return -1;
  1898. }
  1899. if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
  1900. return 0;
  1901. }
  1902. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1903. struct ssl_async_args args;
  1904. int ret;
  1905. args.s = s;
  1906. args.buf = buf;
  1907. args.num = num;
  1908. args.type = READFUNC;
  1909. args.f.func_read = s->method->ssl_peek;
  1910. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1911. *readbytes = sc->asyncrw;
  1912. return ret;
  1913. } else {
  1914. return s->method->ssl_peek(s, buf, num, readbytes);
  1915. }
  1916. }
  1917. int SSL_peek(SSL *s, void *buf, int num)
  1918. {
  1919. int ret;
  1920. size_t readbytes;
  1921. if (num < 0) {
  1922. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  1923. return -1;
  1924. }
  1925. ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
  1926. /*
  1927. * The cast is safe here because ret should be <= INT_MAX because num is
  1928. * <= INT_MAX
  1929. */
  1930. if (ret > 0)
  1931. ret = (int)readbytes;
  1932. return ret;
  1933. }
  1934. int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  1935. {
  1936. int ret = ssl_peek_internal(s, buf, num, readbytes);
  1937. if (ret < 0)
  1938. ret = 0;
  1939. return ret;
  1940. }
  1941. int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
  1942. {
  1943. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1944. if (sc == NULL)
  1945. return 0;
  1946. if (sc->handshake_func == NULL) {
  1947. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  1948. return -1;
  1949. }
  1950. if (sc->shutdown & SSL_SENT_SHUTDOWN) {
  1951. sc->rwstate = SSL_NOTHING;
  1952. ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
  1953. return -1;
  1954. }
  1955. if (sc->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  1956. || sc->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
  1957. || sc->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
  1958. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1959. return 0;
  1960. }
  1961. /* If we are a client and haven't sent the Finished we better do that */
  1962. ossl_statem_check_finish_init(sc, 1);
  1963. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1964. int ret;
  1965. struct ssl_async_args args;
  1966. args.s = s;
  1967. args.buf = (void *)buf;
  1968. args.num = num;
  1969. args.type = WRITEFUNC;
  1970. args.f.func_write = s->method->ssl_write;
  1971. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1972. *written = sc->asyncrw;
  1973. return ret;
  1974. } else {
  1975. return s->method->ssl_write(s, buf, num, written);
  1976. }
  1977. }
  1978. ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags)
  1979. {
  1980. ossl_ssize_t ret;
  1981. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  1982. if (sc == NULL)
  1983. return 0;
  1984. if (sc->handshake_func == NULL) {
  1985. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  1986. return -1;
  1987. }
  1988. if (sc->shutdown & SSL_SENT_SHUTDOWN) {
  1989. sc->rwstate = SSL_NOTHING;
  1990. ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
  1991. return -1;
  1992. }
  1993. if (!BIO_get_ktls_send(sc->wbio)) {
  1994. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  1995. return -1;
  1996. }
  1997. /* If we have an alert to send, lets send it */
  1998. if (sc->s3.alert_dispatch > 0) {
  1999. ret = (ossl_ssize_t)s->method->ssl_dispatch_alert(s);
  2000. if (ret <= 0) {
  2001. /* SSLfatal() already called if appropriate */
  2002. return ret;
  2003. }
  2004. /* if it went, fall through and send more stuff */
  2005. }
  2006. sc->rwstate = SSL_WRITING;
  2007. if (BIO_flush(sc->wbio) <= 0) {
  2008. if (!BIO_should_retry(sc->wbio)) {
  2009. sc->rwstate = SSL_NOTHING;
  2010. } else {
  2011. #ifdef EAGAIN
  2012. set_sys_error(EAGAIN);
  2013. #endif
  2014. }
  2015. return -1;
  2016. }
  2017. #ifdef OPENSSL_NO_KTLS
  2018. ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR,
  2019. "can't call ktls_sendfile(), ktls disabled");
  2020. return -1;
  2021. #else
  2022. ret = ktls_sendfile(SSL_get_wfd(s), fd, offset, size, flags);
  2023. if (ret < 0) {
  2024. #if defined(EAGAIN) && defined(EINTR) && defined(EBUSY)
  2025. if ((get_last_sys_error() == EAGAIN) ||
  2026. (get_last_sys_error() == EINTR) ||
  2027. (get_last_sys_error() == EBUSY))
  2028. BIO_set_retry_write(sc->wbio);
  2029. else
  2030. #endif
  2031. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2032. return ret;
  2033. }
  2034. sc->rwstate = SSL_NOTHING;
  2035. return ret;
  2036. #endif
  2037. }
  2038. int SSL_write(SSL *s, const void *buf, int num)
  2039. {
  2040. int ret;
  2041. size_t written;
  2042. if (num < 0) {
  2043. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  2044. return -1;
  2045. }
  2046. ret = ssl_write_internal(s, buf, (size_t)num, &written);
  2047. /*
  2048. * The cast is safe here because ret should be <= INT_MAX because num is
  2049. * <= INT_MAX
  2050. */
  2051. if (ret > 0)
  2052. ret = (int)written;
  2053. return ret;
  2054. }
  2055. int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
  2056. {
  2057. int ret = ssl_write_internal(s, buf, num, written);
  2058. if (ret < 0)
  2059. ret = 0;
  2060. return ret;
  2061. }
  2062. int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
  2063. {
  2064. int ret, early_data_state;
  2065. size_t writtmp;
  2066. uint32_t partialwrite;
  2067. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2068. /* TODO(QUIC): This will need special handling for QUIC */
  2069. if (sc == NULL)
  2070. return 0;
  2071. switch (sc->early_data_state) {
  2072. case SSL_EARLY_DATA_NONE:
  2073. if (sc->server
  2074. || !SSL_in_before(s)
  2075. || ((sc->session == NULL || sc->session->ext.max_early_data == 0)
  2076. && (sc->psk_use_session_cb == NULL))) {
  2077. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2078. return 0;
  2079. }
  2080. /* fall through */
  2081. case SSL_EARLY_DATA_CONNECT_RETRY:
  2082. sc->early_data_state = SSL_EARLY_DATA_CONNECTING;
  2083. ret = SSL_connect(s);
  2084. if (ret <= 0) {
  2085. /* NBIO or error */
  2086. sc->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
  2087. return 0;
  2088. }
  2089. /* fall through */
  2090. case SSL_EARLY_DATA_WRITE_RETRY:
  2091. sc->early_data_state = SSL_EARLY_DATA_WRITING;
  2092. /*
  2093. * We disable partial write for early data because we don't keep track
  2094. * of how many bytes we've written between the SSL_write_ex() call and
  2095. * the flush if the flush needs to be retried)
  2096. */
  2097. partialwrite = sc->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
  2098. sc->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
  2099. ret = SSL_write_ex(s, buf, num, &writtmp);
  2100. sc->mode |= partialwrite;
  2101. if (!ret) {
  2102. sc->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
  2103. return ret;
  2104. }
  2105. sc->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
  2106. /* fall through */
  2107. case SSL_EARLY_DATA_WRITE_FLUSH:
  2108. /* The buffering BIO is still in place so we need to flush it */
  2109. if (statem_flush(sc) != 1)
  2110. return 0;
  2111. *written = num;
  2112. sc->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
  2113. return 1;
  2114. case SSL_EARLY_DATA_FINISHED_READING:
  2115. case SSL_EARLY_DATA_READ_RETRY:
  2116. early_data_state = sc->early_data_state;
  2117. /* We are a server writing to an unauthenticated client */
  2118. sc->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
  2119. ret = SSL_write_ex(s, buf, num, written);
  2120. /* The buffering BIO is still in place */
  2121. if (ret)
  2122. (void)BIO_flush(sc->wbio);
  2123. sc->early_data_state = early_data_state;
  2124. return ret;
  2125. default:
  2126. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2127. return 0;
  2128. }
  2129. }
  2130. int SSL_shutdown(SSL *s)
  2131. {
  2132. /*
  2133. * Note that this function behaves differently from what one might
  2134. * expect. Return values are 0 for no success (yet), 1 for success; but
  2135. * calling it once is usually not enough, even if blocking I/O is used
  2136. * (see ssl3_shutdown).
  2137. */
  2138. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2139. if (sc == NULL)
  2140. return -1;
  2141. if (sc->handshake_func == NULL) {
  2142. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2143. return -1;
  2144. }
  2145. if (!SSL_in_init(s)) {
  2146. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  2147. struct ssl_async_args args;
  2148. memset(&args, 0, sizeof(args));
  2149. args.s = s;
  2150. args.type = OTHERFUNC;
  2151. args.f.func_other = s->method->ssl_shutdown;
  2152. return ssl_start_async_job(s, &args, ssl_io_intern);
  2153. } else {
  2154. return s->method->ssl_shutdown(s);
  2155. }
  2156. } else {
  2157. ERR_raise(ERR_LIB_SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT);
  2158. return -1;
  2159. }
  2160. }
  2161. int SSL_key_update(SSL *s, int updatetype)
  2162. {
  2163. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2164. if (sc == NULL)
  2165. return 0;
  2166. if (!SSL_CONNECTION_IS_TLS13(sc)) {
  2167. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  2168. return 0;
  2169. }
  2170. if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
  2171. && updatetype != SSL_KEY_UPDATE_REQUESTED) {
  2172. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_KEY_UPDATE_TYPE);
  2173. return 0;
  2174. }
  2175. if (!SSL_is_init_finished(s)) {
  2176. ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT);
  2177. return 0;
  2178. }
  2179. if (RECORD_LAYER_write_pending(&sc->rlayer)) {
  2180. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY);
  2181. return 0;
  2182. }
  2183. ossl_statem_set_in_init(sc, 1);
  2184. sc->key_update = updatetype;
  2185. return 1;
  2186. }
  2187. int SSL_get_key_update_type(const SSL *s)
  2188. {
  2189. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2190. if (sc == NULL)
  2191. return 0;
  2192. return sc->key_update;
  2193. }
  2194. /*
  2195. * Can we accept a renegotiation request? If yes, set the flag and
  2196. * return 1 if yes. If not, raise error and return 0.
  2197. */
  2198. static int can_renegotiate(const SSL_CONNECTION *sc)
  2199. {
  2200. if (SSL_CONNECTION_IS_TLS13(sc)) {
  2201. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  2202. return 0;
  2203. }
  2204. if ((sc->options & SSL_OP_NO_RENEGOTIATION) != 0) {
  2205. ERR_raise(ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION);
  2206. return 0;
  2207. }
  2208. return 1;
  2209. }
  2210. int SSL_renegotiate(SSL *s)
  2211. {
  2212. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2213. if (sc == NULL)
  2214. return 0;
  2215. if (!can_renegotiate(sc))
  2216. return 0;
  2217. sc->renegotiate = 1;
  2218. sc->new_session = 1;
  2219. return s->method->ssl_renegotiate(s);
  2220. }
  2221. int SSL_renegotiate_abbreviated(SSL *s)
  2222. {
  2223. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2224. if (sc == NULL)
  2225. return 0;
  2226. if (!can_renegotiate(sc))
  2227. return 0;
  2228. sc->renegotiate = 1;
  2229. sc->new_session = 0;
  2230. return s->method->ssl_renegotiate(s);
  2231. }
  2232. int SSL_renegotiate_pending(const SSL *s)
  2233. {
  2234. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2235. if (sc == NULL)
  2236. return 0;
  2237. /*
  2238. * becomes true when negotiation is requested; false again once a
  2239. * handshake has finished
  2240. */
  2241. return (sc->renegotiate != 0);
  2242. }
  2243. int SSL_new_session_ticket(SSL *s)
  2244. {
  2245. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2246. if (sc == NULL)
  2247. return 0;
  2248. /* If we are in init because we're sending tickets, okay to send more. */
  2249. if ((SSL_in_init(s) && sc->ext.extra_tickets_expected == 0)
  2250. || SSL_IS_FIRST_HANDSHAKE(sc) || !sc->server
  2251. || !SSL_CONNECTION_IS_TLS13(sc))
  2252. return 0;
  2253. sc->ext.extra_tickets_expected++;
  2254. if (!RECORD_LAYER_write_pending(&sc->rlayer) && !SSL_in_init(s))
  2255. ossl_statem_set_in_init(sc, 1);
  2256. return 1;
  2257. }
  2258. long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
  2259. {
  2260. long l;
  2261. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2262. /* TODO(QUIC): Special handling for some ctrls will be needed */
  2263. if (sc == NULL)
  2264. return 0;
  2265. switch (cmd) {
  2266. case SSL_CTRL_GET_READ_AHEAD:
  2267. return RECORD_LAYER_get_read_ahead(&sc->rlayer);
  2268. case SSL_CTRL_SET_READ_AHEAD:
  2269. l = RECORD_LAYER_get_read_ahead(&sc->rlayer);
  2270. RECORD_LAYER_set_read_ahead(&sc->rlayer, larg);
  2271. return l;
  2272. case SSL_CTRL_SET_MSG_CALLBACK_ARG:
  2273. sc->msg_callback_arg = parg;
  2274. return 1;
  2275. case SSL_CTRL_MODE:
  2276. {
  2277. OSSL_PARAM options[2], *opts = options;
  2278. sc->mode |= larg;
  2279. *opts++ = OSSL_PARAM_construct_uint32(OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE,
  2280. &sc->mode);
  2281. *opts = OSSL_PARAM_construct_end();
  2282. /* Ignore return value */
  2283. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  2284. return sc->mode;
  2285. }
  2286. case SSL_CTRL_CLEAR_MODE:
  2287. return (sc->mode &= ~larg);
  2288. case SSL_CTRL_GET_MAX_CERT_LIST:
  2289. return (long)sc->max_cert_list;
  2290. case SSL_CTRL_SET_MAX_CERT_LIST:
  2291. if (larg < 0)
  2292. return 0;
  2293. l = (long)sc->max_cert_list;
  2294. sc->max_cert_list = (size_t)larg;
  2295. return l;
  2296. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  2297. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  2298. return 0;
  2299. #ifndef OPENSSL_NO_KTLS
  2300. if (sc->wbio != NULL && BIO_get_ktls_send(sc->wbio))
  2301. return 0;
  2302. #endif /* OPENSSL_NO_KTLS */
  2303. sc->max_send_fragment = larg;
  2304. if (sc->max_send_fragment < sc->split_send_fragment)
  2305. sc->split_send_fragment = sc->max_send_fragment;
  2306. sc->rlayer.wrlmethod->set_max_frag_len(sc->rlayer.wrl, larg);
  2307. return 1;
  2308. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  2309. if ((size_t)larg > sc->max_send_fragment || larg == 0)
  2310. return 0;
  2311. sc->split_send_fragment = larg;
  2312. return 1;
  2313. case SSL_CTRL_SET_MAX_PIPELINES:
  2314. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  2315. return 0;
  2316. sc->max_pipelines = larg;
  2317. if (sc->rlayer.rrlmethod->set_max_pipelines != NULL)
  2318. sc->rlayer.rrlmethod->set_max_pipelines(sc->rlayer.rrl, (size_t)larg);
  2319. return 1;
  2320. case SSL_CTRL_GET_RI_SUPPORT:
  2321. return sc->s3.send_connection_binding;
  2322. case SSL_CTRL_SET_RETRY_VERIFY:
  2323. sc->rwstate = SSL_RETRY_VERIFY;
  2324. return 1;
  2325. case SSL_CTRL_CERT_FLAGS:
  2326. return (sc->cert->cert_flags |= larg);
  2327. case SSL_CTRL_CLEAR_CERT_FLAGS:
  2328. return (sc->cert->cert_flags &= ~larg);
  2329. case SSL_CTRL_GET_RAW_CIPHERLIST:
  2330. if (parg) {
  2331. if (sc->s3.tmp.ciphers_raw == NULL)
  2332. return 0;
  2333. *(unsigned char **)parg = sc->s3.tmp.ciphers_raw;
  2334. return (int)sc->s3.tmp.ciphers_rawlen;
  2335. } else {
  2336. return TLS_CIPHER_LEN;
  2337. }
  2338. case SSL_CTRL_GET_EXTMS_SUPPORT:
  2339. if (!sc->session || SSL_in_init(s) || ossl_statem_get_in_handshake(sc))
  2340. return -1;
  2341. if (sc->session->flags & SSL_SESS_FLAG_EXTMS)
  2342. return 1;
  2343. else
  2344. return 0;
  2345. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  2346. return ssl_check_allowed_versions(larg, sc->max_proto_version)
  2347. && ssl_set_version_bound(s->ctx->method->version, (int)larg,
  2348. &sc->min_proto_version);
  2349. case SSL_CTRL_GET_MIN_PROTO_VERSION:
  2350. return sc->min_proto_version;
  2351. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  2352. return ssl_check_allowed_versions(sc->min_proto_version, larg)
  2353. && ssl_set_version_bound(s->ctx->method->version, (int)larg,
  2354. &sc->max_proto_version);
  2355. case SSL_CTRL_GET_MAX_PROTO_VERSION:
  2356. return sc->max_proto_version;
  2357. default:
  2358. return s->method->ssl_ctrl(s, cmd, larg, parg);
  2359. }
  2360. }
  2361. long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
  2362. {
  2363. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2364. if (sc == NULL)
  2365. return 0;
  2366. switch (cmd) {
  2367. case SSL_CTRL_SET_MSG_CALLBACK:
  2368. sc->msg_callback = (void (*)
  2369. (int write_p, int version, int content_type,
  2370. const void *buf, size_t len, SSL *ssl,
  2371. void *arg))(fp);
  2372. return 1;
  2373. default:
  2374. return s->method->ssl_callback_ctrl(s, cmd, fp);
  2375. }
  2376. }
  2377. LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
  2378. {
  2379. return ctx->sessions;
  2380. }
  2381. static int ssl_tsan_load(SSL_CTX *ctx, TSAN_QUALIFIER int *stat)
  2382. {
  2383. int res = 0;
  2384. if (ssl_tsan_lock(ctx)) {
  2385. res = tsan_load(stat);
  2386. ssl_tsan_unlock(ctx);
  2387. }
  2388. return res;
  2389. }
  2390. long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
  2391. {
  2392. long l;
  2393. /* For some cases with ctx == NULL perform syntax checks */
  2394. if (ctx == NULL) {
  2395. switch (cmd) {
  2396. case SSL_CTRL_SET_GROUPS_LIST:
  2397. return tls1_set_groups_list(ctx, NULL, NULL, parg);
  2398. case SSL_CTRL_SET_SIGALGS_LIST:
  2399. case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
  2400. return tls1_set_sigalgs_list(NULL, parg, 0);
  2401. default:
  2402. return 0;
  2403. }
  2404. }
  2405. switch (cmd) {
  2406. case SSL_CTRL_GET_READ_AHEAD:
  2407. return ctx->read_ahead;
  2408. case SSL_CTRL_SET_READ_AHEAD:
  2409. l = ctx->read_ahead;
  2410. ctx->read_ahead = larg;
  2411. return l;
  2412. case SSL_CTRL_SET_MSG_CALLBACK_ARG:
  2413. ctx->msg_callback_arg = parg;
  2414. return 1;
  2415. case SSL_CTRL_GET_MAX_CERT_LIST:
  2416. return (long)ctx->max_cert_list;
  2417. case SSL_CTRL_SET_MAX_CERT_LIST:
  2418. if (larg < 0)
  2419. return 0;
  2420. l = (long)ctx->max_cert_list;
  2421. ctx->max_cert_list = (size_t)larg;
  2422. return l;
  2423. case SSL_CTRL_SET_SESS_CACHE_SIZE:
  2424. if (larg < 0)
  2425. return 0;
  2426. l = (long)ctx->session_cache_size;
  2427. ctx->session_cache_size = (size_t)larg;
  2428. return l;
  2429. case SSL_CTRL_GET_SESS_CACHE_SIZE:
  2430. return (long)ctx->session_cache_size;
  2431. case SSL_CTRL_SET_SESS_CACHE_MODE:
  2432. l = ctx->session_cache_mode;
  2433. ctx->session_cache_mode = larg;
  2434. return l;
  2435. case SSL_CTRL_GET_SESS_CACHE_MODE:
  2436. return ctx->session_cache_mode;
  2437. case SSL_CTRL_SESS_NUMBER:
  2438. return lh_SSL_SESSION_num_items(ctx->sessions);
  2439. case SSL_CTRL_SESS_CONNECT:
  2440. return ssl_tsan_load(ctx, &ctx->stats.sess_connect);
  2441. case SSL_CTRL_SESS_CONNECT_GOOD:
  2442. return ssl_tsan_load(ctx, &ctx->stats.sess_connect_good);
  2443. case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
  2444. return ssl_tsan_load(ctx, &ctx->stats.sess_connect_renegotiate);
  2445. case SSL_CTRL_SESS_ACCEPT:
  2446. return ssl_tsan_load(ctx, &ctx->stats.sess_accept);
  2447. case SSL_CTRL_SESS_ACCEPT_GOOD:
  2448. return ssl_tsan_load(ctx, &ctx->stats.sess_accept_good);
  2449. case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
  2450. return ssl_tsan_load(ctx, &ctx->stats.sess_accept_renegotiate);
  2451. case SSL_CTRL_SESS_HIT:
  2452. return ssl_tsan_load(ctx, &ctx->stats.sess_hit);
  2453. case SSL_CTRL_SESS_CB_HIT:
  2454. return ssl_tsan_load(ctx, &ctx->stats.sess_cb_hit);
  2455. case SSL_CTRL_SESS_MISSES:
  2456. return ssl_tsan_load(ctx, &ctx->stats.sess_miss);
  2457. case SSL_CTRL_SESS_TIMEOUTS:
  2458. return ssl_tsan_load(ctx, &ctx->stats.sess_timeout);
  2459. case SSL_CTRL_SESS_CACHE_FULL:
  2460. return ssl_tsan_load(ctx, &ctx->stats.sess_cache_full);
  2461. case SSL_CTRL_MODE:
  2462. return (ctx->mode |= larg);
  2463. case SSL_CTRL_CLEAR_MODE:
  2464. return (ctx->mode &= ~larg);
  2465. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  2466. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  2467. return 0;
  2468. ctx->max_send_fragment = larg;
  2469. if (ctx->max_send_fragment < ctx->split_send_fragment)
  2470. ctx->split_send_fragment = ctx->max_send_fragment;
  2471. return 1;
  2472. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  2473. if ((size_t)larg > ctx->max_send_fragment || larg == 0)
  2474. return 0;
  2475. ctx->split_send_fragment = larg;
  2476. return 1;
  2477. case SSL_CTRL_SET_MAX_PIPELINES:
  2478. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  2479. return 0;
  2480. ctx->max_pipelines = larg;
  2481. return 1;
  2482. case SSL_CTRL_CERT_FLAGS:
  2483. return (ctx->cert->cert_flags |= larg);
  2484. case SSL_CTRL_CLEAR_CERT_FLAGS:
  2485. return (ctx->cert->cert_flags &= ~larg);
  2486. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  2487. return ssl_check_allowed_versions(larg, ctx->max_proto_version)
  2488. && ssl_set_version_bound(ctx->method->version, (int)larg,
  2489. &ctx->min_proto_version);
  2490. case SSL_CTRL_GET_MIN_PROTO_VERSION:
  2491. return ctx->min_proto_version;
  2492. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  2493. return ssl_check_allowed_versions(ctx->min_proto_version, larg)
  2494. && ssl_set_version_bound(ctx->method->version, (int)larg,
  2495. &ctx->max_proto_version);
  2496. case SSL_CTRL_GET_MAX_PROTO_VERSION:
  2497. return ctx->max_proto_version;
  2498. default:
  2499. return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
  2500. }
  2501. }
  2502. long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
  2503. {
  2504. switch (cmd) {
  2505. case SSL_CTRL_SET_MSG_CALLBACK:
  2506. ctx->msg_callback = (void (*)
  2507. (int write_p, int version, int content_type,
  2508. const void *buf, size_t len, SSL *ssl,
  2509. void *arg))(fp);
  2510. return 1;
  2511. default:
  2512. return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
  2513. }
  2514. }
  2515. int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
  2516. {
  2517. if (a->id > b->id)
  2518. return 1;
  2519. if (a->id < b->id)
  2520. return -1;
  2521. return 0;
  2522. }
  2523. int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
  2524. const SSL_CIPHER *const *bp)
  2525. {
  2526. if ((*ap)->id > (*bp)->id)
  2527. return 1;
  2528. if ((*ap)->id < (*bp)->id)
  2529. return -1;
  2530. return 0;
  2531. }
  2532. /*
  2533. * return a STACK of the ciphers available for the SSL and in order of
  2534. * preference
  2535. */
  2536. STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
  2537. {
  2538. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2539. if (sc != NULL) {
  2540. if (sc->cipher_list != NULL) {
  2541. return sc->cipher_list;
  2542. } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
  2543. return s->ctx->cipher_list;
  2544. }
  2545. }
  2546. return NULL;
  2547. }
  2548. STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
  2549. {
  2550. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2551. if (sc == NULL || !sc->server)
  2552. return NULL;
  2553. return sc->peer_ciphers;
  2554. }
  2555. STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
  2556. {
  2557. STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
  2558. int i;
  2559. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2560. if (sc == NULL)
  2561. return NULL;
  2562. ciphers = SSL_get_ciphers(s);
  2563. if (!ciphers)
  2564. return NULL;
  2565. if (!ssl_set_client_disabled(sc))
  2566. return NULL;
  2567. for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
  2568. const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
  2569. if (!ssl_cipher_disabled(sc, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
  2570. if (!sk)
  2571. sk = sk_SSL_CIPHER_new_null();
  2572. if (!sk)
  2573. return NULL;
  2574. if (!sk_SSL_CIPHER_push(sk, c)) {
  2575. sk_SSL_CIPHER_free(sk);
  2576. return NULL;
  2577. }
  2578. }
  2579. }
  2580. return sk;
  2581. }
  2582. /** return a STACK of the ciphers available for the SSL and in order of
  2583. * algorithm id */
  2584. STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL_CONNECTION *s)
  2585. {
  2586. if (s != NULL) {
  2587. if (s->cipher_list_by_id != NULL)
  2588. return s->cipher_list_by_id;
  2589. else if (s->ssl.ctx != NULL
  2590. && s->ssl.ctx->cipher_list_by_id != NULL)
  2591. return s->ssl.ctx->cipher_list_by_id;
  2592. }
  2593. return NULL;
  2594. }
  2595. /** The old interface to get the same thing as SSL_get_ciphers() */
  2596. const char *SSL_get_cipher_list(const SSL *s, int n)
  2597. {
  2598. const SSL_CIPHER *c;
  2599. STACK_OF(SSL_CIPHER) *sk;
  2600. if (s == NULL)
  2601. return NULL;
  2602. sk = SSL_get_ciphers(s);
  2603. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
  2604. return NULL;
  2605. c = sk_SSL_CIPHER_value(sk, n);
  2606. if (c == NULL)
  2607. return NULL;
  2608. return c->name;
  2609. }
  2610. /** return a STACK of the ciphers available for the SSL_CTX and in order of
  2611. * preference */
  2612. STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
  2613. {
  2614. if (ctx != NULL)
  2615. return ctx->cipher_list;
  2616. return NULL;
  2617. }
  2618. /*
  2619. * Distinguish between ciphers controlled by set_ciphersuite() and
  2620. * set_cipher_list() when counting.
  2621. */
  2622. static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
  2623. {
  2624. int i, num = 0;
  2625. const SSL_CIPHER *c;
  2626. if (sk == NULL)
  2627. return 0;
  2628. for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
  2629. c = sk_SSL_CIPHER_value(sk, i);
  2630. if (c->min_tls >= TLS1_3_VERSION)
  2631. continue;
  2632. num++;
  2633. }
  2634. return num;
  2635. }
  2636. /** specify the ciphers to be used by default by the SSL_CTX */
  2637. int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
  2638. {
  2639. STACK_OF(SSL_CIPHER) *sk;
  2640. sk = ssl_create_cipher_list(ctx, ctx->tls13_ciphersuites,
  2641. &ctx->cipher_list, &ctx->cipher_list_by_id, str,
  2642. ctx->cert);
  2643. /*
  2644. * ssl_create_cipher_list may return an empty stack if it was unable to
  2645. * find a cipher matching the given rule string (for example if the rule
  2646. * string specifies a cipher which has been disabled). This is not an
  2647. * error as far as ssl_create_cipher_list is concerned, and hence
  2648. * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
  2649. */
  2650. if (sk == NULL)
  2651. return 0;
  2652. else if (cipher_list_tls12_num(sk) == 0) {
  2653. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
  2654. return 0;
  2655. }
  2656. return 1;
  2657. }
  2658. /** specify the ciphers to be used by the SSL */
  2659. int SSL_set_cipher_list(SSL *s, const char *str)
  2660. {
  2661. STACK_OF(SSL_CIPHER) *sk;
  2662. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2663. if (sc == NULL)
  2664. return 0;
  2665. sk = ssl_create_cipher_list(s->ctx, sc->tls13_ciphersuites,
  2666. &sc->cipher_list, &sc->cipher_list_by_id, str,
  2667. sc->cert);
  2668. /* see comment in SSL_CTX_set_cipher_list */
  2669. if (sk == NULL)
  2670. return 0;
  2671. else if (cipher_list_tls12_num(sk) == 0) {
  2672. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
  2673. return 0;
  2674. }
  2675. return 1;
  2676. }
  2677. char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
  2678. {
  2679. char *p;
  2680. STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
  2681. const SSL_CIPHER *c;
  2682. int i;
  2683. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2684. if (sc == NULL)
  2685. return NULL;
  2686. if (!sc->server
  2687. || sc->peer_ciphers == NULL
  2688. || size < 2)
  2689. return NULL;
  2690. p = buf;
  2691. clntsk = sc->peer_ciphers;
  2692. srvrsk = SSL_get_ciphers(s);
  2693. if (clntsk == NULL || srvrsk == NULL)
  2694. return NULL;
  2695. if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
  2696. return NULL;
  2697. for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
  2698. int n;
  2699. c = sk_SSL_CIPHER_value(clntsk, i);
  2700. if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
  2701. continue;
  2702. n = strlen(c->name);
  2703. if (n + 1 > size) {
  2704. if (p != buf)
  2705. --p;
  2706. *p = '\0';
  2707. return buf;
  2708. }
  2709. strcpy(p, c->name);
  2710. p += n;
  2711. *(p++) = ':';
  2712. size -= n + 1;
  2713. }
  2714. p[-1] = '\0';
  2715. return buf;
  2716. }
  2717. /**
  2718. * Return the requested servername (SNI) value. Note that the behaviour varies
  2719. * depending on:
  2720. * - whether this is called by the client or the server,
  2721. * - if we are before or during/after the handshake,
  2722. * - if a resumption or normal handshake is being attempted/has occurred
  2723. * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3
  2724. *
  2725. * Note that only the host_name type is defined (RFC 3546).
  2726. */
  2727. const char *SSL_get_servername(const SSL *s, const int type)
  2728. {
  2729. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2730. int server;
  2731. if (sc == NULL)
  2732. return NULL;
  2733. /*
  2734. * If we don't know if we are the client or the server yet then we assume
  2735. * client.
  2736. */
  2737. server = sc->handshake_func == NULL ? 0 : sc->server;
  2738. if (type != TLSEXT_NAMETYPE_host_name)
  2739. return NULL;
  2740. if (server) {
  2741. /**
  2742. * Server side
  2743. * In TLSv1.3 on the server SNI is not associated with the session
  2744. * but in TLSv1.2 or below it is.
  2745. *
  2746. * Before the handshake:
  2747. * - return NULL
  2748. *
  2749. * During/after the handshake (TLSv1.2 or below resumption occurred):
  2750. * - If a servername was accepted by the server in the original
  2751. * handshake then it will return that servername, or NULL otherwise.
  2752. *
  2753. * During/after the handshake (TLSv1.2 or below resumption did not occur):
  2754. * - The function will return the servername requested by the client in
  2755. * this handshake or NULL if none was requested.
  2756. */
  2757. if (sc->hit && !SSL_CONNECTION_IS_TLS13(sc))
  2758. return sc->session->ext.hostname;
  2759. } else {
  2760. /**
  2761. * Client side
  2762. *
  2763. * Before the handshake:
  2764. * - If a servername has been set via a call to
  2765. * SSL_set_tlsext_host_name() then it will return that servername
  2766. * - If one has not been set, but a TLSv1.2 resumption is being
  2767. * attempted and the session from the original handshake had a
  2768. * servername accepted by the server then it will return that
  2769. * servername
  2770. * - Otherwise it returns NULL
  2771. *
  2772. * During/after the handshake (TLSv1.2 or below resumption occurred):
  2773. * - If the session from the original handshake had a servername accepted
  2774. * by the server then it will return that servername.
  2775. * - Otherwise it returns the servername set via
  2776. * SSL_set_tlsext_host_name() (or NULL if it was not called).
  2777. *
  2778. * During/after the handshake (TLSv1.2 or below resumption did not occur):
  2779. * - It will return the servername set via SSL_set_tlsext_host_name()
  2780. * (or NULL if it was not called).
  2781. */
  2782. if (SSL_in_before(s)) {
  2783. if (sc->ext.hostname == NULL
  2784. && sc->session != NULL
  2785. && sc->session->ssl_version != TLS1_3_VERSION)
  2786. return sc->session->ext.hostname;
  2787. } else {
  2788. if (!SSL_CONNECTION_IS_TLS13(sc) && sc->hit
  2789. && sc->session->ext.hostname != NULL)
  2790. return sc->session->ext.hostname;
  2791. }
  2792. }
  2793. return sc->ext.hostname;
  2794. }
  2795. int SSL_get_servername_type(const SSL *s)
  2796. {
  2797. if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL)
  2798. return TLSEXT_NAMETYPE_host_name;
  2799. return -1;
  2800. }
  2801. /*
  2802. * SSL_select_next_proto implements the standard protocol selection. It is
  2803. * expected that this function is called from the callback set by
  2804. * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
  2805. * vector of 8-bit, length prefixed byte strings. The length byte itself is
  2806. * not included in the length. A byte string of length 0 is invalid. No byte
  2807. * string may be truncated. The current, but experimental algorithm for
  2808. * selecting the protocol is: 1) If the server doesn't support NPN then this
  2809. * is indicated to the callback. In this case, the client application has to
  2810. * abort the connection or have a default application level protocol. 2) If
  2811. * the server supports NPN, but advertises an empty list then the client
  2812. * selects the first protocol in its list, but indicates via the API that this
  2813. * fallback case was enacted. 3) Otherwise, the client finds the first
  2814. * protocol in the server's list that it supports and selects this protocol.
  2815. * This is because it's assumed that the server has better information about
  2816. * which protocol a client should use. 4) If the client doesn't support any
  2817. * of the server's advertised protocols, then this is treated the same as
  2818. * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
  2819. * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
  2820. */
  2821. int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
  2822. const unsigned char *server,
  2823. unsigned int server_len,
  2824. const unsigned char *client, unsigned int client_len)
  2825. {
  2826. unsigned int i, j;
  2827. const unsigned char *result;
  2828. int status = OPENSSL_NPN_UNSUPPORTED;
  2829. /*
  2830. * For each protocol in server preference order, see if we support it.
  2831. */
  2832. for (i = 0; i < server_len;) {
  2833. for (j = 0; j < client_len;) {
  2834. if (server[i] == client[j] &&
  2835. memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
  2836. /* We found a match */
  2837. result = &server[i];
  2838. status = OPENSSL_NPN_NEGOTIATED;
  2839. goto found;
  2840. }
  2841. j += client[j];
  2842. j++;
  2843. }
  2844. i += server[i];
  2845. i++;
  2846. }
  2847. /* There's no overlap between our protocols and the server's list. */
  2848. result = client;
  2849. status = OPENSSL_NPN_NO_OVERLAP;
  2850. found:
  2851. *out = (unsigned char *)result + 1;
  2852. *outlen = result[0];
  2853. return status;
  2854. }
  2855. #ifndef OPENSSL_NO_NEXTPROTONEG
  2856. /*
  2857. * SSL_get0_next_proto_negotiated sets *data and *len to point to the
  2858. * client's requested protocol for this connection and returns 0. If the
  2859. * client didn't request any protocol, then *data is set to NULL. Note that
  2860. * the client can request any protocol it chooses. The value returned from
  2861. * this function need not be a member of the list of supported protocols
  2862. * provided by the callback.
  2863. */
  2864. void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
  2865. unsigned *len)
  2866. {
  2867. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2868. if (sc == NULL) {
  2869. /* We have no other way to indicate error */
  2870. *data = NULL;
  2871. *len = 0;
  2872. return;
  2873. }
  2874. *data = sc->ext.npn;
  2875. if (*data == NULL) {
  2876. *len = 0;
  2877. } else {
  2878. *len = (unsigned int)sc->ext.npn_len;
  2879. }
  2880. }
  2881. /*
  2882. * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
  2883. * a TLS server needs a list of supported protocols for Next Protocol
  2884. * Negotiation. The returned list must be in wire format. The list is
  2885. * returned by setting |out| to point to it and |outlen| to its length. This
  2886. * memory will not be modified, but one should assume that the SSL* keeps a
  2887. * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
  2888. * wishes to advertise. Otherwise, no such extension will be included in the
  2889. * ServerHello.
  2890. */
  2891. void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
  2892. SSL_CTX_npn_advertised_cb_func cb,
  2893. void *arg)
  2894. {
  2895. ctx->ext.npn_advertised_cb = cb;
  2896. ctx->ext.npn_advertised_cb_arg = arg;
  2897. }
  2898. /*
  2899. * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
  2900. * client needs to select a protocol from the server's provided list. |out|
  2901. * must be set to point to the selected protocol (which may be within |in|).
  2902. * The length of the protocol name must be written into |outlen|. The
  2903. * server's advertised protocols are provided in |in| and |inlen|. The
  2904. * callback can assume that |in| is syntactically valid. The client must
  2905. * select a protocol. It is fatal to the connection if this callback returns
  2906. * a value other than SSL_TLSEXT_ERR_OK.
  2907. */
  2908. void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
  2909. SSL_CTX_npn_select_cb_func cb,
  2910. void *arg)
  2911. {
  2912. ctx->ext.npn_select_cb = cb;
  2913. ctx->ext.npn_select_cb_arg = arg;
  2914. }
  2915. #endif
  2916. static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len)
  2917. {
  2918. unsigned int idx;
  2919. if (protos_len < 2 || protos == NULL)
  2920. return 0;
  2921. for (idx = 0; idx < protos_len; idx += protos[idx] + 1) {
  2922. if (protos[idx] == 0)
  2923. return 0;
  2924. }
  2925. return idx == protos_len;
  2926. }
  2927. /*
  2928. * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
  2929. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  2930. * length-prefixed strings). Returns 0 on success.
  2931. */
  2932. int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
  2933. unsigned int protos_len)
  2934. {
  2935. unsigned char *alpn;
  2936. if (protos_len == 0 || protos == NULL) {
  2937. OPENSSL_free(ctx->ext.alpn);
  2938. ctx->ext.alpn = NULL;
  2939. ctx->ext.alpn_len = 0;
  2940. return 0;
  2941. }
  2942. /* Not valid per RFC */
  2943. if (!alpn_value_ok(protos, protos_len))
  2944. return 1;
  2945. alpn = OPENSSL_memdup(protos, protos_len);
  2946. if (alpn == NULL)
  2947. return 1;
  2948. OPENSSL_free(ctx->ext.alpn);
  2949. ctx->ext.alpn = alpn;
  2950. ctx->ext.alpn_len = protos_len;
  2951. return 0;
  2952. }
  2953. /*
  2954. * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
  2955. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  2956. * length-prefixed strings). Returns 0 on success.
  2957. */
  2958. int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
  2959. unsigned int protos_len)
  2960. {
  2961. unsigned char *alpn;
  2962. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  2963. if (sc == NULL)
  2964. return 1;
  2965. if (protos_len == 0 || protos == NULL) {
  2966. OPENSSL_free(sc->ext.alpn);
  2967. sc->ext.alpn = NULL;
  2968. sc->ext.alpn_len = 0;
  2969. return 0;
  2970. }
  2971. /* Not valid per RFC */
  2972. if (!alpn_value_ok(protos, protos_len))
  2973. return 1;
  2974. alpn = OPENSSL_memdup(protos, protos_len);
  2975. if (alpn == NULL)
  2976. return 1;
  2977. OPENSSL_free(sc->ext.alpn);
  2978. sc->ext.alpn = alpn;
  2979. sc->ext.alpn_len = protos_len;
  2980. return 0;
  2981. }
  2982. /*
  2983. * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
  2984. * called during ClientHello processing in order to select an ALPN protocol
  2985. * from the client's list of offered protocols.
  2986. */
  2987. void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
  2988. SSL_CTX_alpn_select_cb_func cb,
  2989. void *arg)
  2990. {
  2991. ctx->ext.alpn_select_cb = cb;
  2992. ctx->ext.alpn_select_cb_arg = arg;
  2993. }
  2994. /*
  2995. * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
  2996. * On return it sets |*data| to point to |*len| bytes of protocol name
  2997. * (not including the leading length-prefix byte). If the server didn't
  2998. * respond with a negotiated protocol then |*len| will be zero.
  2999. */
  3000. void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
  3001. unsigned int *len)
  3002. {
  3003. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  3004. if (sc == NULL) {
  3005. /* We have no other way to indicate error */
  3006. *data = NULL;
  3007. *len = 0;
  3008. return;
  3009. }
  3010. *data = sc->s3.alpn_selected;
  3011. if (*data == NULL)
  3012. *len = 0;
  3013. else
  3014. *len = (unsigned int)sc->s3.alpn_selected_len;
  3015. }
  3016. int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
  3017. const char *label, size_t llen,
  3018. const unsigned char *context, size_t contextlen,
  3019. int use_context)
  3020. {
  3021. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3022. if (sc == NULL)
  3023. return -1;
  3024. if (sc->session == NULL
  3025. || (sc->version < TLS1_VERSION && sc->version != DTLS1_BAD_VER))
  3026. return -1;
  3027. return s->method->ssl3_enc->export_keying_material(sc, out, olen, label,
  3028. llen, context,
  3029. contextlen, use_context);
  3030. }
  3031. int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
  3032. const char *label, size_t llen,
  3033. const unsigned char *context,
  3034. size_t contextlen)
  3035. {
  3036. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3037. if (sc == NULL)
  3038. return -1;
  3039. if (sc->version != TLS1_3_VERSION)
  3040. return 0;
  3041. return tls13_export_keying_material_early(sc, out, olen, label, llen,
  3042. context, contextlen);
  3043. }
  3044. static unsigned long ssl_session_hash(const SSL_SESSION *a)
  3045. {
  3046. const unsigned char *session_id = a->session_id;
  3047. unsigned long l;
  3048. unsigned char tmp_storage[4];
  3049. if (a->session_id_length < sizeof(tmp_storage)) {
  3050. memset(tmp_storage, 0, sizeof(tmp_storage));
  3051. memcpy(tmp_storage, a->session_id, a->session_id_length);
  3052. session_id = tmp_storage;
  3053. }
  3054. l = (unsigned long)
  3055. ((unsigned long)session_id[0]) |
  3056. ((unsigned long)session_id[1] << 8L) |
  3057. ((unsigned long)session_id[2] << 16L) |
  3058. ((unsigned long)session_id[3] << 24L);
  3059. return l;
  3060. }
  3061. /*
  3062. * NB: If this function (or indeed the hash function which uses a sort of
  3063. * coarser function than this one) is changed, ensure
  3064. * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
  3065. * being able to construct an SSL_SESSION that will collide with any existing
  3066. * session with a matching session ID.
  3067. */
  3068. static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
  3069. {
  3070. if (a->ssl_version != b->ssl_version)
  3071. return 1;
  3072. if (a->session_id_length != b->session_id_length)
  3073. return 1;
  3074. return memcmp(a->session_id, b->session_id, a->session_id_length);
  3075. }
  3076. /*
  3077. * These wrapper functions should remain rather than redeclaring
  3078. * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
  3079. * variable. The reason is that the functions aren't static, they're exposed
  3080. * via ssl.h.
  3081. */
  3082. SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
  3083. const SSL_METHOD *meth)
  3084. {
  3085. SSL_CTX *ret = NULL;
  3086. #ifndef OPENSSL_NO_COMP_ALG
  3087. int i;
  3088. #endif
  3089. if (meth == NULL) {
  3090. ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_METHOD_PASSED);
  3091. return NULL;
  3092. }
  3093. if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
  3094. return NULL;
  3095. if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
  3096. ERR_raise(ERR_LIB_SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
  3097. goto err;
  3098. }
  3099. ret = OPENSSL_zalloc(sizeof(*ret));
  3100. if (ret == NULL)
  3101. goto err;
  3102. /* Init the reference counting before any call to SSL_CTX_free */
  3103. ret->references = 1;
  3104. ret->lock = CRYPTO_THREAD_lock_new();
  3105. if (ret->lock == NULL) {
  3106. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3107. goto err;
  3108. }
  3109. #ifdef TSAN_REQUIRES_LOCKING
  3110. ret->tsan_lock = CRYPTO_THREAD_lock_new();
  3111. if (ret->tsan_lock == NULL) {
  3112. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3113. goto err;
  3114. }
  3115. #endif
  3116. ret->libctx = libctx;
  3117. if (propq != NULL) {
  3118. ret->propq = OPENSSL_strdup(propq);
  3119. if (ret->propq == NULL)
  3120. goto err;
  3121. }
  3122. ret->method = meth;
  3123. ret->min_proto_version = 0;
  3124. ret->max_proto_version = 0;
  3125. ret->mode = SSL_MODE_AUTO_RETRY;
  3126. ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
  3127. ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
  3128. /* We take the system default. */
  3129. ret->session_timeout = meth->get_timeout();
  3130. ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
  3131. ret->verify_mode = SSL_VERIFY_NONE;
  3132. if ((ret->cert = ssl_cert_new()) == NULL) {
  3133. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3134. goto err;
  3135. }
  3136. ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
  3137. if (ret->sessions == NULL) {
  3138. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3139. goto err;
  3140. }
  3141. ret->cert_store = X509_STORE_new();
  3142. if (ret->cert_store == NULL) {
  3143. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  3144. goto err;
  3145. }
  3146. #ifndef OPENSSL_NO_CT
  3147. ret->ctlog_store = CTLOG_STORE_new_ex(libctx, propq);
  3148. if (ret->ctlog_store == NULL) {
  3149. ERR_raise(ERR_LIB_SSL, ERR_R_CT_LIB);
  3150. goto err;
  3151. }
  3152. #endif
  3153. /* initialize cipher/digest methods table */
  3154. if (!ssl_load_ciphers(ret))
  3155. goto err;
  3156. /* initialise sig algs */
  3157. if (!ssl_setup_sig_algs(ret))
  3158. goto err;
  3159. if (!ssl_load_groups(ret))
  3160. goto err;
  3161. if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) {
  3162. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3163. goto err;
  3164. }
  3165. if (!ssl_create_cipher_list(ret,
  3166. ret->tls13_ciphersuites,
  3167. &ret->cipher_list, &ret->cipher_list_by_id,
  3168. OSSL_default_cipher_list(), ret->cert)
  3169. || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
  3170. ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
  3171. goto err;
  3172. }
  3173. ret->param = X509_VERIFY_PARAM_new();
  3174. if (ret->param == NULL) {
  3175. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  3176. goto err;
  3177. }
  3178. /*
  3179. * If these aren't available from the provider we'll get NULL returns.
  3180. * That's fine but will cause errors later if SSLv3 is negotiated
  3181. */
  3182. ret->md5 = ssl_evp_md_fetch(libctx, NID_md5, propq);
  3183. ret->sha1 = ssl_evp_md_fetch(libctx, NID_sha1, propq);
  3184. if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) {
  3185. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3186. goto err;
  3187. }
  3188. if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL) {
  3189. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3190. goto err;
  3191. }
  3192. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data)) {
  3193. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3194. goto err;
  3195. }
  3196. if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
  3197. goto err;
  3198. /* No compression for DTLS */
  3199. if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
  3200. ret->comp_methods = SSL_COMP_get_compression_methods();
  3201. ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  3202. ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  3203. /* Setup RFC5077 ticket keys */
  3204. if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name,
  3205. sizeof(ret->ext.tick_key_name), 0) <= 0)
  3206. || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key,
  3207. sizeof(ret->ext.secure->tick_hmac_key), 0) <= 0)
  3208. || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key,
  3209. sizeof(ret->ext.secure->tick_aes_key), 0) <= 0))
  3210. ret->options |= SSL_OP_NO_TICKET;
  3211. if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key,
  3212. sizeof(ret->ext.cookie_hmac_key), 0) <= 0) {
  3213. ERR_raise(ERR_LIB_SSL, ERR_R_RAND_LIB);
  3214. goto err;
  3215. }
  3216. #ifndef OPENSSL_NO_SRP
  3217. if (!ssl_ctx_srp_ctx_init_intern(ret)) {
  3218. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3219. goto err;
  3220. }
  3221. #endif
  3222. #ifndef OPENSSL_NO_ENGINE
  3223. # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
  3224. # define eng_strx(x) #x
  3225. # define eng_str(x) eng_strx(x)
  3226. /* Use specific client engine automatically... ignore errors */
  3227. {
  3228. ENGINE *eng;
  3229. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  3230. if (!eng) {
  3231. ERR_clear_error();
  3232. ENGINE_load_builtin_engines();
  3233. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  3234. }
  3235. if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
  3236. ERR_clear_error();
  3237. }
  3238. # endif
  3239. #endif
  3240. #ifndef OPENSSL_NO_COMP_ALG
  3241. /*
  3242. * Set the default order: brotli, zlib, zstd
  3243. * Including only those enabled algorithms
  3244. */
  3245. memset(ret->cert_comp_prefs, 0, sizeof(ret->cert_comp_prefs));
  3246. i = 0;
  3247. if (ossl_comp_has_alg(TLSEXT_comp_cert_brotli))
  3248. ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_brotli;
  3249. if (ossl_comp_has_alg(TLSEXT_comp_cert_zlib))
  3250. ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_zlib;
  3251. if (ossl_comp_has_alg(TLSEXT_comp_cert_zstd))
  3252. ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_zstd;
  3253. #endif
  3254. /*
  3255. * Disable compression by default to prevent CRIME. Applications can
  3256. * re-enable compression by configuring
  3257. * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
  3258. * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
  3259. * middlebox compatibility by default. This may be disabled by default in
  3260. * a later OpenSSL version.
  3261. */
  3262. ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
  3263. ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
  3264. /*
  3265. * We cannot usefully set a default max_early_data here (which gets
  3266. * propagated in SSL_new(), for the following reason: setting the
  3267. * SSL field causes tls_construct_stoc_early_data() to tell the
  3268. * client that early data will be accepted when constructing a TLS 1.3
  3269. * session ticket, and the client will accordingly send us early data
  3270. * when using that ticket (if the client has early data to send).
  3271. * However, in order for the early data to actually be consumed by
  3272. * the application, the application must also have calls to
  3273. * SSL_read_early_data(); otherwise we'll just skip past the early data
  3274. * and ignore it. So, since the application must add calls to
  3275. * SSL_read_early_data(), we also require them to add
  3276. * calls to SSL_CTX_set_max_early_data() in order to use early data,
  3277. * eliminating the bandwidth-wasting early data in the case described
  3278. * above.
  3279. */
  3280. ret->max_early_data = 0;
  3281. /*
  3282. * Default recv_max_early_data is a fully loaded single record. Could be
  3283. * split across multiple records in practice. We set this differently to
  3284. * max_early_data so that, in the default case, we do not advertise any
  3285. * support for early_data, but if a client were to send us some (e.g.
  3286. * because of an old, stale ticket) then we will tolerate it and skip over
  3287. * it.
  3288. */
  3289. ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
  3290. /* By default we send two session tickets automatically in TLSv1.3 */
  3291. ret->num_tickets = 2;
  3292. ssl_ctx_system_config(ret);
  3293. return ret;
  3294. err:
  3295. SSL_CTX_free(ret);
  3296. return NULL;
  3297. }
  3298. SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
  3299. {
  3300. return SSL_CTX_new_ex(NULL, NULL, meth);
  3301. }
  3302. int SSL_CTX_up_ref(SSL_CTX *ctx)
  3303. {
  3304. int i;
  3305. if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
  3306. return 0;
  3307. REF_PRINT_COUNT("SSL_CTX", ctx);
  3308. REF_ASSERT_ISNT(i < 2);
  3309. return ((i > 1) ? 1 : 0);
  3310. }
  3311. void SSL_CTX_free(SSL_CTX *a)
  3312. {
  3313. int i;
  3314. size_t j;
  3315. if (a == NULL)
  3316. return;
  3317. CRYPTO_DOWN_REF(&a->references, &i, a->lock);
  3318. REF_PRINT_COUNT("SSL_CTX", a);
  3319. if (i > 0)
  3320. return;
  3321. REF_ASSERT_ISNT(i < 0);
  3322. X509_VERIFY_PARAM_free(a->param);
  3323. dane_ctx_final(&a->dane);
  3324. /*
  3325. * Free internal session cache. However: the remove_cb() may reference
  3326. * the ex_data of SSL_CTX, thus the ex_data store can only be removed
  3327. * after the sessions were flushed.
  3328. * As the ex_data handling routines might also touch the session cache,
  3329. * the most secure solution seems to be: empty (flush) the cache, then
  3330. * free ex_data, then finally free the cache.
  3331. * (See ticket [openssl.org #212].)
  3332. */
  3333. if (a->sessions != NULL)
  3334. SSL_CTX_flush_sessions(a, 0);
  3335. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
  3336. lh_SSL_SESSION_free(a->sessions);
  3337. X509_STORE_free(a->cert_store);
  3338. #ifndef OPENSSL_NO_CT
  3339. CTLOG_STORE_free(a->ctlog_store);
  3340. #endif
  3341. sk_SSL_CIPHER_free(a->cipher_list);
  3342. sk_SSL_CIPHER_free(a->cipher_list_by_id);
  3343. sk_SSL_CIPHER_free(a->tls13_ciphersuites);
  3344. ssl_cert_free(a->cert);
  3345. sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
  3346. sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
  3347. OSSL_STACK_OF_X509_free(a->extra_certs);
  3348. a->comp_methods = NULL;
  3349. #ifndef OPENSSL_NO_SRTP
  3350. sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
  3351. #endif
  3352. #ifndef OPENSSL_NO_SRP
  3353. ssl_ctx_srp_ctx_free_intern(a);
  3354. #endif
  3355. #ifndef OPENSSL_NO_ENGINE
  3356. tls_engine_finish(a->client_cert_engine);
  3357. #endif
  3358. OPENSSL_free(a->ext.ecpointformats);
  3359. OPENSSL_free(a->ext.supportedgroups);
  3360. OPENSSL_free(a->ext.supported_groups_default);
  3361. OPENSSL_free(a->ext.alpn);
  3362. OPENSSL_secure_free(a->ext.secure);
  3363. ssl_evp_md_free(a->md5);
  3364. ssl_evp_md_free(a->sha1);
  3365. for (j = 0; j < SSL_ENC_NUM_IDX; j++)
  3366. ssl_evp_cipher_free(a->ssl_cipher_methods[j]);
  3367. for (j = 0; j < SSL_MD_NUM_IDX; j++)
  3368. ssl_evp_md_free(a->ssl_digest_methods[j]);
  3369. for (j = 0; j < a->group_list_len; j++) {
  3370. OPENSSL_free(a->group_list[j].tlsname);
  3371. OPENSSL_free(a->group_list[j].realname);
  3372. OPENSSL_free(a->group_list[j].algorithm);
  3373. }
  3374. OPENSSL_free(a->group_list);
  3375. OPENSSL_free(a->sigalg_lookup_cache);
  3376. CRYPTO_THREAD_lock_free(a->lock);
  3377. #ifdef TSAN_REQUIRES_LOCKING
  3378. CRYPTO_THREAD_lock_free(a->tsan_lock);
  3379. #endif
  3380. OPENSSL_free(a->propq);
  3381. OPENSSL_free(a);
  3382. }
  3383. void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
  3384. {
  3385. ctx->default_passwd_callback = cb;
  3386. }
  3387. void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
  3388. {
  3389. ctx->default_passwd_callback_userdata = u;
  3390. }
  3391. pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
  3392. {
  3393. return ctx->default_passwd_callback;
  3394. }
  3395. void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
  3396. {
  3397. return ctx->default_passwd_callback_userdata;
  3398. }
  3399. void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
  3400. {
  3401. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3402. if (sc == NULL)
  3403. return;
  3404. sc->default_passwd_callback = cb;
  3405. }
  3406. void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
  3407. {
  3408. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3409. if (sc == NULL)
  3410. return;
  3411. sc->default_passwd_callback_userdata = u;
  3412. }
  3413. pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
  3414. {
  3415. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3416. if (sc == NULL)
  3417. return NULL;
  3418. return sc->default_passwd_callback;
  3419. }
  3420. void *SSL_get_default_passwd_cb_userdata(SSL *s)
  3421. {
  3422. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3423. if (sc == NULL)
  3424. return NULL;
  3425. return sc->default_passwd_callback_userdata;
  3426. }
  3427. void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
  3428. int (*cb) (X509_STORE_CTX *, void *),
  3429. void *arg)
  3430. {
  3431. ctx->app_verify_callback = cb;
  3432. ctx->app_verify_arg = arg;
  3433. }
  3434. void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
  3435. int (*cb) (int, X509_STORE_CTX *))
  3436. {
  3437. ctx->verify_mode = mode;
  3438. ctx->default_verify_callback = cb;
  3439. }
  3440. void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
  3441. {
  3442. X509_VERIFY_PARAM_set_depth(ctx->param, depth);
  3443. }
  3444. void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
  3445. {
  3446. ssl_cert_set_cert_cb(c->cert, cb, arg);
  3447. }
  3448. void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
  3449. {
  3450. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3451. if (sc == NULL)
  3452. return;
  3453. ssl_cert_set_cert_cb(sc->cert, cb, arg);
  3454. }
  3455. void ssl_set_masks(SSL_CONNECTION *s)
  3456. {
  3457. CERT *c = s->cert;
  3458. uint32_t *pvalid = s->s3.tmp.valid_flags;
  3459. int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
  3460. unsigned long mask_k, mask_a;
  3461. int have_ecc_cert, ecdsa_ok;
  3462. if (c == NULL)
  3463. return;
  3464. dh_tmp = (c->dh_tmp != NULL
  3465. || c->dh_tmp_cb != NULL
  3466. || c->dh_tmp_auto);
  3467. rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  3468. rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  3469. dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
  3470. have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
  3471. mask_k = 0;
  3472. mask_a = 0;
  3473. OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n",
  3474. dh_tmp, rsa_enc, rsa_sign, dsa_sign);
  3475. #ifndef OPENSSL_NO_GOST
  3476. if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
  3477. mask_k |= SSL_kGOST | SSL_kGOST18;
  3478. mask_a |= SSL_aGOST12;
  3479. }
  3480. if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
  3481. mask_k |= SSL_kGOST | SSL_kGOST18;
  3482. mask_a |= SSL_aGOST12;
  3483. }
  3484. if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
  3485. mask_k |= SSL_kGOST;
  3486. mask_a |= SSL_aGOST01;
  3487. }
  3488. #endif
  3489. if (rsa_enc)
  3490. mask_k |= SSL_kRSA;
  3491. if (dh_tmp)
  3492. mask_k |= SSL_kDHE;
  3493. /*
  3494. * If we only have an RSA-PSS certificate allow RSA authentication
  3495. * if TLS 1.2 and peer supports it.
  3496. */
  3497. if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
  3498. && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
  3499. && TLS1_get_version(&s->ssl) == TLS1_2_VERSION))
  3500. mask_a |= SSL_aRSA;
  3501. if (dsa_sign) {
  3502. mask_a |= SSL_aDSS;
  3503. }
  3504. mask_a |= SSL_aNULL;
  3505. /*
  3506. * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
  3507. * depending on the key usage extension.
  3508. */
  3509. if (have_ecc_cert) {
  3510. uint32_t ex_kusage;
  3511. ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
  3512. ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
  3513. if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
  3514. ecdsa_ok = 0;
  3515. if (ecdsa_ok)
  3516. mask_a |= SSL_aECDSA;
  3517. }
  3518. /* Allow Ed25519 for TLS 1.2 if peer supports it */
  3519. if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
  3520. && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
  3521. && TLS1_get_version(&s->ssl) == TLS1_2_VERSION)
  3522. mask_a |= SSL_aECDSA;
  3523. /* Allow Ed448 for TLS 1.2 if peer supports it */
  3524. if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
  3525. && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
  3526. && TLS1_get_version(&s->ssl) == TLS1_2_VERSION)
  3527. mask_a |= SSL_aECDSA;
  3528. mask_k |= SSL_kECDHE;
  3529. #ifndef OPENSSL_NO_PSK
  3530. mask_k |= SSL_kPSK;
  3531. mask_a |= SSL_aPSK;
  3532. if (mask_k & SSL_kRSA)
  3533. mask_k |= SSL_kRSAPSK;
  3534. if (mask_k & SSL_kDHE)
  3535. mask_k |= SSL_kDHEPSK;
  3536. if (mask_k & SSL_kECDHE)
  3537. mask_k |= SSL_kECDHEPSK;
  3538. #endif
  3539. s->s3.tmp.mask_k = mask_k;
  3540. s->s3.tmp.mask_a = mask_a;
  3541. }
  3542. int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CONNECTION *s)
  3543. {
  3544. if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
  3545. /* key usage, if present, must allow signing */
  3546. if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
  3547. ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
  3548. return 0;
  3549. }
  3550. }
  3551. return 1; /* all checks are ok */
  3552. }
  3553. int ssl_get_server_cert_serverinfo(SSL_CONNECTION *s,
  3554. const unsigned char **serverinfo,
  3555. size_t *serverinfo_length)
  3556. {
  3557. CERT_PKEY *cpk = s->s3.tmp.cert;
  3558. *serverinfo_length = 0;
  3559. if (cpk == NULL || cpk->serverinfo == NULL)
  3560. return 0;
  3561. *serverinfo = cpk->serverinfo;
  3562. *serverinfo_length = cpk->serverinfo_length;
  3563. return 1;
  3564. }
  3565. void ssl_update_cache(SSL_CONNECTION *s, int mode)
  3566. {
  3567. int i;
  3568. /*
  3569. * If the session_id_length is 0, we are not supposed to cache it, and it
  3570. * would be rather hard to do anyway :-)
  3571. */
  3572. if (s->session->session_id_length == 0)
  3573. return;
  3574. /*
  3575. * If sid_ctx_length is 0 there is no specific application context
  3576. * associated with this session, so when we try to resume it and
  3577. * SSL_VERIFY_PEER is requested to verify the client identity, we have no
  3578. * indication that this is actually a session for the proper application
  3579. * context, and the *handshake* will fail, not just the resumption attempt.
  3580. * Do not cache (on the server) these sessions that are not resumable
  3581. * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
  3582. */
  3583. if (s->server && s->session->sid_ctx_length == 0
  3584. && (s->verify_mode & SSL_VERIFY_PEER) != 0)
  3585. return;
  3586. i = s->session_ctx->session_cache_mode;
  3587. if ((i & mode) != 0
  3588. && (!s->hit || SSL_CONNECTION_IS_TLS13(s))) {
  3589. /*
  3590. * Add the session to the internal cache. In server side TLSv1.3 we
  3591. * normally don't do this because by default it's a full stateless ticket
  3592. * with only a dummy session id so there is no reason to cache it,
  3593. * unless:
  3594. * - we are doing early_data, in which case we cache so that we can
  3595. * detect replays
  3596. * - the application has set a remove_session_cb so needs to know about
  3597. * session timeout events
  3598. * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
  3599. */
  3600. if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
  3601. && (!SSL_CONNECTION_IS_TLS13(s)
  3602. || !s->server
  3603. || (s->max_early_data > 0
  3604. && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
  3605. || s->session_ctx->remove_session_cb != NULL
  3606. || (s->options & SSL_OP_NO_TICKET) != 0))
  3607. SSL_CTX_add_session(s->session_ctx, s->session);
  3608. /*
  3609. * Add the session to the external cache. We do this even in server side
  3610. * TLSv1.3 without early data because some applications just want to
  3611. * know about the creation of a session and aren't doing a full cache.
  3612. */
  3613. if (s->session_ctx->new_session_cb != NULL) {
  3614. SSL_SESSION_up_ref(s->session);
  3615. if (!s->session_ctx->new_session_cb(SSL_CONNECTION_GET_SSL(s),
  3616. s->session))
  3617. SSL_SESSION_free(s->session);
  3618. }
  3619. }
  3620. /* auto flush every 255 connections */
  3621. if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
  3622. TSAN_QUALIFIER int *stat;
  3623. if (mode & SSL_SESS_CACHE_CLIENT)
  3624. stat = &s->session_ctx->stats.sess_connect_good;
  3625. else
  3626. stat = &s->session_ctx->stats.sess_accept_good;
  3627. if ((ssl_tsan_load(s->session_ctx, stat) & 0xff) == 0xff)
  3628. SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
  3629. }
  3630. }
  3631. const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
  3632. {
  3633. return ctx->method;
  3634. }
  3635. const SSL_METHOD *SSL_get_ssl_method(const SSL *s)
  3636. {
  3637. return s->method;
  3638. }
  3639. int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
  3640. {
  3641. int ret = 1;
  3642. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3643. /* TODO(QUIC): Do we want this for QUIC? */
  3644. if (sc == NULL
  3645. || (s->type != SSL_TYPE_SSL_CONNECTION && s->method != meth))
  3646. return 0;
  3647. if (s->method != meth) {
  3648. const SSL_METHOD *sm = s->method;
  3649. int (*hf) (SSL *) = sc->handshake_func;
  3650. if (sm->version == meth->version)
  3651. s->method = meth;
  3652. else {
  3653. sm->ssl_deinit(s);
  3654. s->method = meth;
  3655. ret = s->method->ssl_init(s);
  3656. }
  3657. if (hf == sm->ssl_connect)
  3658. sc->handshake_func = meth->ssl_connect;
  3659. else if (hf == sm->ssl_accept)
  3660. sc->handshake_func = meth->ssl_accept;
  3661. }
  3662. return ret;
  3663. }
  3664. int SSL_get_error(const SSL *s, int i)
  3665. {
  3666. int reason;
  3667. unsigned long l;
  3668. BIO *bio;
  3669. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  3670. if (i > 0)
  3671. return SSL_ERROR_NONE;
  3672. /* TODO(QUIC): This will need more handling for QUIC_CONNECTIONs */
  3673. if (sc == NULL)
  3674. return SSL_ERROR_SSL;
  3675. /*
  3676. * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
  3677. * where we do encode the error
  3678. */
  3679. if ((l = ERR_peek_error()) != 0) {
  3680. if (ERR_GET_LIB(l) == ERR_LIB_SYS)
  3681. return SSL_ERROR_SYSCALL;
  3682. else
  3683. return SSL_ERROR_SSL;
  3684. }
  3685. if (SSL_want_read(s)) {
  3686. bio = SSL_get_rbio(s);
  3687. if (BIO_should_read(bio))
  3688. return SSL_ERROR_WANT_READ;
  3689. else if (BIO_should_write(bio))
  3690. /*
  3691. * This one doesn't make too much sense ... We never try to write
  3692. * to the rbio, and an application program where rbio and wbio
  3693. * are separate couldn't even know what it should wait for.
  3694. * However if we ever set s->rwstate incorrectly (so that we have
  3695. * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
  3696. * wbio *are* the same, this test works around that bug; so it
  3697. * might be safer to keep it.
  3698. */
  3699. return SSL_ERROR_WANT_WRITE;
  3700. else if (BIO_should_io_special(bio)) {
  3701. reason = BIO_get_retry_reason(bio);
  3702. if (reason == BIO_RR_CONNECT)
  3703. return SSL_ERROR_WANT_CONNECT;
  3704. else if (reason == BIO_RR_ACCEPT)
  3705. return SSL_ERROR_WANT_ACCEPT;
  3706. else
  3707. return SSL_ERROR_SYSCALL; /* unknown */
  3708. }
  3709. }
  3710. if (SSL_want_write(s)) {
  3711. /* Access wbio directly - in order to use the buffered bio if present */
  3712. bio = sc->wbio;
  3713. if (BIO_should_write(bio))
  3714. return SSL_ERROR_WANT_WRITE;
  3715. else if (BIO_should_read(bio))
  3716. /*
  3717. * See above (SSL_want_read(s) with BIO_should_write(bio))
  3718. */
  3719. return SSL_ERROR_WANT_READ;
  3720. else if (BIO_should_io_special(bio)) {
  3721. reason = BIO_get_retry_reason(bio);
  3722. if (reason == BIO_RR_CONNECT)
  3723. return SSL_ERROR_WANT_CONNECT;
  3724. else if (reason == BIO_RR_ACCEPT)
  3725. return SSL_ERROR_WANT_ACCEPT;
  3726. else
  3727. return SSL_ERROR_SYSCALL;
  3728. }
  3729. }
  3730. if (SSL_want_x509_lookup(s))
  3731. return SSL_ERROR_WANT_X509_LOOKUP;
  3732. if (SSL_want_retry_verify(s))
  3733. return SSL_ERROR_WANT_RETRY_VERIFY;
  3734. if (SSL_want_async(s))
  3735. return SSL_ERROR_WANT_ASYNC;
  3736. if (SSL_want_async_job(s))
  3737. return SSL_ERROR_WANT_ASYNC_JOB;
  3738. if (SSL_want_client_hello_cb(s))
  3739. return SSL_ERROR_WANT_CLIENT_HELLO_CB;
  3740. if ((sc->shutdown & SSL_RECEIVED_SHUTDOWN) &&
  3741. (sc->s3.warn_alert == SSL_AD_CLOSE_NOTIFY))
  3742. return SSL_ERROR_ZERO_RETURN;
  3743. return SSL_ERROR_SYSCALL;
  3744. }
  3745. static int ssl_do_handshake_intern(void *vargs)
  3746. {
  3747. struct ssl_async_args *args = (struct ssl_async_args *)vargs;
  3748. SSL *s = args->s;
  3749. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3750. if (sc == NULL)
  3751. return -1;
  3752. return sc->handshake_func(s);
  3753. }
  3754. int SSL_do_handshake(SSL *s)
  3755. {
  3756. int ret = 1;
  3757. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3758. /* TODO(QUIC): Special handling for QUIC will be needed */
  3759. if (sc == NULL)
  3760. return -1;
  3761. if (sc->handshake_func == NULL) {
  3762. ERR_raise(ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
  3763. return -1;
  3764. }
  3765. ossl_statem_check_finish_init(sc, -1);
  3766. s->method->ssl_renegotiate_check(s, 0);
  3767. if (SSL_in_init(s) || SSL_in_before(s)) {
  3768. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  3769. struct ssl_async_args args;
  3770. memset(&args, 0, sizeof(args));
  3771. args.s = s;
  3772. ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
  3773. } else {
  3774. ret = sc->handshake_func(s);
  3775. }
  3776. }
  3777. return ret;
  3778. }
  3779. void SSL_set_accept_state(SSL *s)
  3780. {
  3781. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3782. /* TODO(QUIC): Special handling for QUIC will be needed */
  3783. if (sc == NULL)
  3784. return;
  3785. sc->server = 1;
  3786. sc->shutdown = 0;
  3787. ossl_statem_clear(sc);
  3788. sc->handshake_func = s->method->ssl_accept;
  3789. /* Ignore return value. Its a void public API function */
  3790. clear_record_layer(sc);
  3791. }
  3792. void SSL_set_connect_state(SSL *s)
  3793. {
  3794. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3795. /* TODO(QUIC): Special handling for QUIC will be needed */
  3796. if (sc == NULL)
  3797. return;
  3798. sc->server = 0;
  3799. sc->shutdown = 0;
  3800. ossl_statem_clear(sc);
  3801. sc->handshake_func = s->method->ssl_connect;
  3802. /* Ignore return value. Its a void public API function */
  3803. clear_record_layer(sc);
  3804. }
  3805. int ssl_undefined_function(SSL *s)
  3806. {
  3807. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  3808. return 0;
  3809. }
  3810. int ssl_undefined_void_function(void)
  3811. {
  3812. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  3813. return 0;
  3814. }
  3815. int ssl_undefined_const_function(const SSL *s)
  3816. {
  3817. return 0;
  3818. }
  3819. const SSL_METHOD *ssl_bad_method(int ver)
  3820. {
  3821. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  3822. return NULL;
  3823. }
  3824. const char *ssl_protocol_to_string(int version)
  3825. {
  3826. switch (version)
  3827. {
  3828. case TLS1_3_VERSION:
  3829. return "TLSv1.3";
  3830. case TLS1_2_VERSION:
  3831. return "TLSv1.2";
  3832. case TLS1_1_VERSION:
  3833. return "TLSv1.1";
  3834. case TLS1_VERSION:
  3835. return "TLSv1";
  3836. case SSL3_VERSION:
  3837. return "SSLv3";
  3838. case DTLS1_BAD_VER:
  3839. return "DTLSv0.9";
  3840. case DTLS1_VERSION:
  3841. return "DTLSv1";
  3842. case DTLS1_2_VERSION:
  3843. return "DTLSv1.2";
  3844. default:
  3845. return "unknown";
  3846. }
  3847. }
  3848. const char *SSL_get_version(const SSL *s)
  3849. {
  3850. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  3851. /* TODO(QUIC): Should QUIC return QUIC or TLSv1.3? */
  3852. if (sc == NULL)
  3853. return NULL;
  3854. return ssl_protocol_to_string(sc->version);
  3855. }
  3856. static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
  3857. {
  3858. STACK_OF(X509_NAME) *sk;
  3859. X509_NAME *xn;
  3860. int i;
  3861. if (src == NULL) {
  3862. *dst = NULL;
  3863. return 1;
  3864. }
  3865. if ((sk = sk_X509_NAME_new_null()) == NULL)
  3866. return 0;
  3867. for (i = 0; i < sk_X509_NAME_num(src); i++) {
  3868. xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
  3869. if (xn == NULL) {
  3870. sk_X509_NAME_pop_free(sk, X509_NAME_free);
  3871. return 0;
  3872. }
  3873. if (sk_X509_NAME_insert(sk, xn, i) == 0) {
  3874. X509_NAME_free(xn);
  3875. sk_X509_NAME_pop_free(sk, X509_NAME_free);
  3876. return 0;
  3877. }
  3878. }
  3879. *dst = sk;
  3880. return 1;
  3881. }
  3882. SSL *SSL_dup(SSL *s)
  3883. {
  3884. SSL *ret;
  3885. int i;
  3886. /* TODO(QUIC): Add a SSL_METHOD function for duplication */
  3887. SSL_CONNECTION *retsc;
  3888. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  3889. if (sc == NULL)
  3890. return NULL;
  3891. /* If we're not quiescent, just up_ref! */
  3892. if (!SSL_in_init(s) || !SSL_in_before(s)) {
  3893. CRYPTO_UP_REF(&s->references, &i, s->lock);
  3894. return s;
  3895. }
  3896. /*
  3897. * Otherwise, copy configuration state, and session if set.
  3898. */
  3899. if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
  3900. return NULL;
  3901. if ((retsc = SSL_CONNECTION_FROM_SSL_ONLY(ret)) == NULL)
  3902. goto err;
  3903. if (sc->session != NULL) {
  3904. /*
  3905. * Arranges to share the same session via up_ref. This "copies"
  3906. * session-id, SSL_METHOD, sid_ctx, and 'cert'
  3907. */
  3908. if (!SSL_copy_session_id(ret, s))
  3909. goto err;
  3910. } else {
  3911. /*
  3912. * No session has been established yet, so we have to expect that
  3913. * s->cert or ret->cert will be changed later -- they should not both
  3914. * point to the same object, and thus we can't use
  3915. * SSL_copy_session_id.
  3916. */
  3917. if (!SSL_set_ssl_method(ret, s->method))
  3918. goto err;
  3919. if (sc->cert != NULL) {
  3920. ssl_cert_free(retsc->cert);
  3921. retsc->cert = ssl_cert_dup(sc->cert);
  3922. if (retsc->cert == NULL)
  3923. goto err;
  3924. }
  3925. if (!SSL_set_session_id_context(ret, sc->sid_ctx,
  3926. (int)sc->sid_ctx_length))
  3927. goto err;
  3928. }
  3929. if (!ssl_dane_dup(retsc, sc))
  3930. goto err;
  3931. retsc->version = sc->version;
  3932. retsc->options = sc->options;
  3933. retsc->min_proto_version = sc->min_proto_version;
  3934. retsc->max_proto_version = sc->max_proto_version;
  3935. retsc->mode = sc->mode;
  3936. SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
  3937. SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
  3938. retsc->msg_callback = sc->msg_callback;
  3939. retsc->msg_callback_arg = sc->msg_callback_arg;
  3940. SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
  3941. SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
  3942. retsc->generate_session_id = sc->generate_session_id;
  3943. SSL_set_info_callback(ret, SSL_get_info_callback(s));
  3944. /* copy app data, a little dangerous perhaps */
  3945. if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
  3946. goto err;
  3947. retsc->server = sc->server;
  3948. if (sc->handshake_func) {
  3949. if (sc->server)
  3950. SSL_set_accept_state(ret);
  3951. else
  3952. SSL_set_connect_state(ret);
  3953. }
  3954. retsc->shutdown = sc->shutdown;
  3955. retsc->hit = sc->hit;
  3956. retsc->default_passwd_callback = sc->default_passwd_callback;
  3957. retsc->default_passwd_callback_userdata = sc->default_passwd_callback_userdata;
  3958. X509_VERIFY_PARAM_inherit(retsc->param, sc->param);
  3959. /* dup the cipher_list and cipher_list_by_id stacks */
  3960. if (sc->cipher_list != NULL) {
  3961. if ((retsc->cipher_list = sk_SSL_CIPHER_dup(sc->cipher_list)) == NULL)
  3962. goto err;
  3963. }
  3964. if (sc->cipher_list_by_id != NULL)
  3965. if ((retsc->cipher_list_by_id = sk_SSL_CIPHER_dup(sc->cipher_list_by_id))
  3966. == NULL)
  3967. goto err;
  3968. /* Dup the client_CA list */
  3969. if (!dup_ca_names(&retsc->ca_names, sc->ca_names)
  3970. || !dup_ca_names(&retsc->client_ca_names, sc->client_ca_names))
  3971. goto err;
  3972. return ret;
  3973. err:
  3974. SSL_free(ret);
  3975. return NULL;
  3976. }
  3977. X509 *SSL_get_certificate(const SSL *s)
  3978. {
  3979. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3980. if (sc == NULL)
  3981. return NULL;
  3982. if (sc->cert != NULL)
  3983. return sc->cert->key->x509;
  3984. else
  3985. return NULL;
  3986. }
  3987. EVP_PKEY *SSL_get_privatekey(const SSL *s)
  3988. {
  3989. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  3990. if (sc == NULL)
  3991. return NULL;
  3992. if (sc->cert != NULL)
  3993. return sc->cert->key->privatekey;
  3994. else
  3995. return NULL;
  3996. }
  3997. X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
  3998. {
  3999. if (ctx->cert != NULL)
  4000. return ctx->cert->key->x509;
  4001. else
  4002. return NULL;
  4003. }
  4004. EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
  4005. {
  4006. if (ctx->cert != NULL)
  4007. return ctx->cert->key->privatekey;
  4008. else
  4009. return NULL;
  4010. }
  4011. const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
  4012. {
  4013. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4014. if (sc == NULL)
  4015. return NULL;
  4016. if ((sc->session != NULL) && (sc->session->cipher != NULL))
  4017. return sc->session->cipher;
  4018. return NULL;
  4019. }
  4020. const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
  4021. {
  4022. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4023. if (sc == NULL)
  4024. return NULL;
  4025. return sc->s3.tmp.new_cipher;
  4026. }
  4027. const COMP_METHOD *SSL_get_current_compression(const SSL *s)
  4028. {
  4029. #ifndef OPENSSL_NO_COMP
  4030. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4031. if (sc == NULL)
  4032. return NULL;
  4033. return sc->rlayer.wrlmethod->get_compression(sc->rlayer.wrl);
  4034. #else
  4035. return NULL;
  4036. #endif
  4037. }
  4038. const COMP_METHOD *SSL_get_current_expansion(const SSL *s)
  4039. {
  4040. #ifndef OPENSSL_NO_COMP
  4041. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4042. if (sc == NULL)
  4043. return NULL;
  4044. return sc->rlayer.rrlmethod->get_compression(sc->rlayer.rrl);
  4045. #else
  4046. return NULL;
  4047. #endif
  4048. }
  4049. int ssl_init_wbio_buffer(SSL_CONNECTION *s)
  4050. {
  4051. BIO *bbio;
  4052. if (s->bbio != NULL) {
  4053. /* Already buffered. */
  4054. return 1;
  4055. }
  4056. bbio = BIO_new(BIO_f_buffer());
  4057. if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
  4058. BIO_free(bbio);
  4059. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  4060. return 0;
  4061. }
  4062. s->bbio = bbio;
  4063. s->wbio = BIO_push(bbio, s->wbio);
  4064. s->rlayer.wrlmethod->set1_bio(s->rlayer.wrl, s->wbio);
  4065. return 1;
  4066. }
  4067. int ssl_free_wbio_buffer(SSL_CONNECTION *s)
  4068. {
  4069. /* callers ensure s is never null */
  4070. if (s->bbio == NULL)
  4071. return 1;
  4072. s->wbio = BIO_pop(s->wbio);
  4073. s->rlayer.wrlmethod->set1_bio(s->rlayer.wrl, s->wbio);
  4074. BIO_free(s->bbio);
  4075. s->bbio = NULL;
  4076. return 1;
  4077. }
  4078. void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
  4079. {
  4080. ctx->quiet_shutdown = mode;
  4081. }
  4082. int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
  4083. {
  4084. return ctx->quiet_shutdown;
  4085. }
  4086. void SSL_set_quiet_shutdown(SSL *s, int mode)
  4087. {
  4088. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4089. /* TODO(QUIC): Do we want this for QUIC? */
  4090. if (sc == NULL)
  4091. return;
  4092. sc->quiet_shutdown = mode;
  4093. }
  4094. int SSL_get_quiet_shutdown(const SSL *s)
  4095. {
  4096. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4097. /* TODO(QUIC): Do we want this for QUIC? */
  4098. if (sc == NULL)
  4099. return 0;
  4100. return sc->quiet_shutdown;
  4101. }
  4102. void SSL_set_shutdown(SSL *s, int mode)
  4103. {
  4104. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4105. /* TODO(QUIC): Do we want this for QUIC? */
  4106. if (sc == NULL)
  4107. return;
  4108. sc->shutdown = mode;
  4109. }
  4110. int SSL_get_shutdown(const SSL *s)
  4111. {
  4112. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4113. /* TODO(QUIC): Do we want this for QUIC? */
  4114. if (sc == NULL)
  4115. return 0;
  4116. return sc->shutdown;
  4117. }
  4118. int SSL_version(const SSL *s)
  4119. {
  4120. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4121. /* TODO(QUIC): Do we want to report QUIC version this way instead? */
  4122. if (sc == NULL)
  4123. return 0;
  4124. return sc->version;
  4125. }
  4126. int SSL_client_version(const SSL *s)
  4127. {
  4128. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4129. /* TODO(QUIC): Do we want to report QUIC version this way instead? */
  4130. if (sc == NULL)
  4131. return 0;
  4132. return sc->client_version;
  4133. }
  4134. SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
  4135. {
  4136. return ssl->ctx;
  4137. }
  4138. SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
  4139. {
  4140. CERT *new_cert;
  4141. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  4142. /* TODO(QUIC): Do we need this for QUIC support? */
  4143. if (sc == NULL)
  4144. return NULL;
  4145. if (ssl->ctx == ctx)
  4146. return ssl->ctx;
  4147. if (ctx == NULL)
  4148. ctx = sc->session_ctx;
  4149. new_cert = ssl_cert_dup(ctx->cert);
  4150. if (new_cert == NULL) {
  4151. return NULL;
  4152. }
  4153. if (!custom_exts_copy_flags(&new_cert->custext, &sc->cert->custext)) {
  4154. ssl_cert_free(new_cert);
  4155. return NULL;
  4156. }
  4157. ssl_cert_free(sc->cert);
  4158. sc->cert = new_cert;
  4159. /*
  4160. * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
  4161. * so setter APIs must prevent invalid lengths from entering the system.
  4162. */
  4163. if (!ossl_assert(sc->sid_ctx_length <= sizeof(sc->sid_ctx)))
  4164. return NULL;
  4165. /*
  4166. * If the session ID context matches that of the parent SSL_CTX,
  4167. * inherit it from the new SSL_CTX as well. If however the context does
  4168. * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
  4169. * leave it unchanged.
  4170. */
  4171. if ((ssl->ctx != NULL) &&
  4172. (sc->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
  4173. (memcmp(sc->sid_ctx, ssl->ctx->sid_ctx, sc->sid_ctx_length) == 0)) {
  4174. sc->sid_ctx_length = ctx->sid_ctx_length;
  4175. memcpy(&sc->sid_ctx, &ctx->sid_ctx, sizeof(sc->sid_ctx));
  4176. }
  4177. SSL_CTX_up_ref(ctx);
  4178. SSL_CTX_free(ssl->ctx); /* decrement reference count */
  4179. ssl->ctx = ctx;
  4180. return ssl->ctx;
  4181. }
  4182. int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
  4183. {
  4184. return X509_STORE_set_default_paths_ex(ctx->cert_store, ctx->libctx,
  4185. ctx->propq);
  4186. }
  4187. int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
  4188. {
  4189. X509_LOOKUP *lookup;
  4190. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
  4191. if (lookup == NULL)
  4192. return 0;
  4193. /* We ignore errors, in case the directory doesn't exist */
  4194. ERR_set_mark();
  4195. X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
  4196. ERR_pop_to_mark();
  4197. return 1;
  4198. }
  4199. int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
  4200. {
  4201. X509_LOOKUP *lookup;
  4202. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
  4203. if (lookup == NULL)
  4204. return 0;
  4205. /* We ignore errors, in case the file doesn't exist */
  4206. ERR_set_mark();
  4207. X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, ctx->libctx,
  4208. ctx->propq);
  4209. ERR_pop_to_mark();
  4210. return 1;
  4211. }
  4212. int SSL_CTX_set_default_verify_store(SSL_CTX *ctx)
  4213. {
  4214. X509_LOOKUP *lookup;
  4215. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_store());
  4216. if (lookup == NULL)
  4217. return 0;
  4218. /* We ignore errors, in case the directory doesn't exist */
  4219. ERR_set_mark();
  4220. X509_LOOKUP_add_store_ex(lookup, NULL, ctx->libctx, ctx->propq);
  4221. ERR_pop_to_mark();
  4222. return 1;
  4223. }
  4224. int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile)
  4225. {
  4226. return X509_STORE_load_file_ex(ctx->cert_store, CAfile, ctx->libctx,
  4227. ctx->propq);
  4228. }
  4229. int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath)
  4230. {
  4231. return X509_STORE_load_path(ctx->cert_store, CApath);
  4232. }
  4233. int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
  4234. {
  4235. return X509_STORE_load_store_ex(ctx->cert_store, CAstore, ctx->libctx,
  4236. ctx->propq);
  4237. }
  4238. int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
  4239. const char *CApath)
  4240. {
  4241. if (CAfile == NULL && CApath == NULL)
  4242. return 0;
  4243. if (CAfile != NULL && !SSL_CTX_load_verify_file(ctx, CAfile))
  4244. return 0;
  4245. if (CApath != NULL && !SSL_CTX_load_verify_dir(ctx, CApath))
  4246. return 0;
  4247. return 1;
  4248. }
  4249. void SSL_set_info_callback(SSL *ssl,
  4250. void (*cb) (const SSL *ssl, int type, int val))
  4251. {
  4252. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4253. if (sc == NULL)
  4254. return;
  4255. sc->info_callback = cb;
  4256. }
  4257. /*
  4258. * One compiler (Diab DCC) doesn't like argument names in returned function
  4259. * pointer.
  4260. */
  4261. void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
  4262. int /* type */ ,
  4263. int /* val */ ) {
  4264. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4265. if (sc == NULL)
  4266. return NULL;
  4267. return sc->info_callback;
  4268. }
  4269. void SSL_set_verify_result(SSL *ssl, long arg)
  4270. {
  4271. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4272. if (sc == NULL)
  4273. return;
  4274. sc->verify_result = arg;
  4275. }
  4276. long SSL_get_verify_result(const SSL *ssl)
  4277. {
  4278. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4279. if (sc == NULL)
  4280. return 0;
  4281. return sc->verify_result;
  4282. }
  4283. size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
  4284. {
  4285. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4286. if (sc == NULL)
  4287. return 0;
  4288. if (outlen == 0)
  4289. return sizeof(sc->s3.client_random);
  4290. if (outlen > sizeof(sc->s3.client_random))
  4291. outlen = sizeof(sc->s3.client_random);
  4292. memcpy(out, sc->s3.client_random, outlen);
  4293. return outlen;
  4294. }
  4295. size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
  4296. {
  4297. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4298. if (sc == NULL)
  4299. return 0;
  4300. if (outlen == 0)
  4301. return sizeof(sc->s3.server_random);
  4302. if (outlen > sizeof(sc->s3.server_random))
  4303. outlen = sizeof(sc->s3.server_random);
  4304. memcpy(out, sc->s3.server_random, outlen);
  4305. return outlen;
  4306. }
  4307. size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
  4308. unsigned char *out, size_t outlen)
  4309. {
  4310. if (outlen == 0)
  4311. return session->master_key_length;
  4312. if (outlen > session->master_key_length)
  4313. outlen = session->master_key_length;
  4314. memcpy(out, session->master_key, outlen);
  4315. return outlen;
  4316. }
  4317. int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
  4318. size_t len)
  4319. {
  4320. if (len > sizeof(sess->master_key))
  4321. return 0;
  4322. memcpy(sess->master_key, in, len);
  4323. sess->master_key_length = len;
  4324. return 1;
  4325. }
  4326. int SSL_set_ex_data(SSL *s, int idx, void *arg)
  4327. {
  4328. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  4329. }
  4330. void *SSL_get_ex_data(const SSL *s, int idx)
  4331. {
  4332. return CRYPTO_get_ex_data(&s->ex_data, idx);
  4333. }
  4334. int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
  4335. {
  4336. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  4337. }
  4338. void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
  4339. {
  4340. return CRYPTO_get_ex_data(&s->ex_data, idx);
  4341. }
  4342. X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
  4343. {
  4344. return ctx->cert_store;
  4345. }
  4346. void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
  4347. {
  4348. X509_STORE_free(ctx->cert_store);
  4349. ctx->cert_store = store;
  4350. }
  4351. void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
  4352. {
  4353. if (store != NULL)
  4354. X509_STORE_up_ref(store);
  4355. SSL_CTX_set_cert_store(ctx, store);
  4356. }
  4357. int SSL_want(const SSL *s)
  4358. {
  4359. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4360. if (sc == NULL)
  4361. return SSL_NOTHING;
  4362. return sc->rwstate;
  4363. }
  4364. #ifndef OPENSSL_NO_PSK
  4365. int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
  4366. {
  4367. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  4368. ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG);
  4369. return 0;
  4370. }
  4371. OPENSSL_free(ctx->cert->psk_identity_hint);
  4372. if (identity_hint != NULL) {
  4373. ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  4374. if (ctx->cert->psk_identity_hint == NULL)
  4375. return 0;
  4376. } else
  4377. ctx->cert->psk_identity_hint = NULL;
  4378. return 1;
  4379. }
  4380. int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
  4381. {
  4382. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4383. if (sc == NULL)
  4384. return 0;
  4385. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  4386. ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG);
  4387. return 0;
  4388. }
  4389. OPENSSL_free(sc->cert->psk_identity_hint);
  4390. if (identity_hint != NULL) {
  4391. sc->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  4392. if (sc->cert->psk_identity_hint == NULL)
  4393. return 0;
  4394. } else
  4395. sc->cert->psk_identity_hint = NULL;
  4396. return 1;
  4397. }
  4398. const char *SSL_get_psk_identity_hint(const SSL *s)
  4399. {
  4400. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4401. if (sc == NULL || sc->session == NULL)
  4402. return NULL;
  4403. return sc->session->psk_identity_hint;
  4404. }
  4405. const char *SSL_get_psk_identity(const SSL *s)
  4406. {
  4407. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4408. if (sc == NULL || sc->session == NULL)
  4409. return NULL;
  4410. return sc->session->psk_identity;
  4411. }
  4412. void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
  4413. {
  4414. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4415. if (sc == NULL)
  4416. return;
  4417. sc->psk_client_callback = cb;
  4418. }
  4419. void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
  4420. {
  4421. ctx->psk_client_callback = cb;
  4422. }
  4423. void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
  4424. {
  4425. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4426. if (sc == NULL)
  4427. return;
  4428. sc->psk_server_callback = cb;
  4429. }
  4430. void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
  4431. {
  4432. ctx->psk_server_callback = cb;
  4433. }
  4434. #endif
  4435. void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
  4436. {
  4437. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4438. if (sc == NULL)
  4439. return;
  4440. sc->psk_find_session_cb = cb;
  4441. }
  4442. void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
  4443. SSL_psk_find_session_cb_func cb)
  4444. {
  4445. ctx->psk_find_session_cb = cb;
  4446. }
  4447. void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
  4448. {
  4449. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4450. if (sc == NULL)
  4451. return;
  4452. sc->psk_use_session_cb = cb;
  4453. }
  4454. void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
  4455. SSL_psk_use_session_cb_func cb)
  4456. {
  4457. ctx->psk_use_session_cb = cb;
  4458. }
  4459. void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
  4460. void (*cb) (int write_p, int version,
  4461. int content_type, const void *buf,
  4462. size_t len, SSL *ssl, void *arg))
  4463. {
  4464. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  4465. }
  4466. void SSL_set_msg_callback(SSL *ssl,
  4467. void (*cb) (int write_p, int version,
  4468. int content_type, const void *buf,
  4469. size_t len, SSL *ssl, void *arg))
  4470. {
  4471. SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  4472. }
  4473. void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
  4474. int (*cb) (SSL *ssl,
  4475. int
  4476. is_forward_secure))
  4477. {
  4478. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  4479. (void (*)(void))cb);
  4480. }
  4481. void SSL_set_not_resumable_session_callback(SSL *ssl,
  4482. int (*cb) (SSL *ssl,
  4483. int is_forward_secure))
  4484. {
  4485. SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  4486. (void (*)(void))cb);
  4487. }
  4488. void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
  4489. size_t (*cb) (SSL *ssl, int type,
  4490. size_t len, void *arg))
  4491. {
  4492. ctx->record_padding_cb = cb;
  4493. }
  4494. void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
  4495. {
  4496. ctx->record_padding_arg = arg;
  4497. }
  4498. void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx)
  4499. {
  4500. return ctx->record_padding_arg;
  4501. }
  4502. int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
  4503. {
  4504. /* block size of 0 or 1 is basically no padding */
  4505. if (block_size == 1)
  4506. ctx->block_padding = 0;
  4507. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  4508. ctx->block_padding = block_size;
  4509. else
  4510. return 0;
  4511. return 1;
  4512. }
  4513. int SSL_set_record_padding_callback(SSL *ssl,
  4514. size_t (*cb) (SSL *ssl, int type,
  4515. size_t len, void *arg))
  4516. {
  4517. BIO *b;
  4518. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4519. if (sc == NULL)
  4520. return 0;
  4521. b = SSL_get_wbio(ssl);
  4522. if (b == NULL || !BIO_get_ktls_send(b)) {
  4523. sc->rlayer.record_padding_cb = cb;
  4524. return 1;
  4525. }
  4526. return 0;
  4527. }
  4528. void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
  4529. {
  4530. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4531. if (sc == NULL)
  4532. return;
  4533. sc->rlayer.record_padding_arg = arg;
  4534. }
  4535. void *SSL_get_record_padding_callback_arg(const SSL *ssl)
  4536. {
  4537. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4538. if (sc == NULL)
  4539. return NULL;
  4540. return sc->rlayer.record_padding_arg;
  4541. }
  4542. int SSL_set_block_padding(SSL *ssl, size_t block_size)
  4543. {
  4544. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4545. if (sc == NULL)
  4546. return 0;
  4547. /* block size of 0 or 1 is basically no padding */
  4548. if (block_size == 1)
  4549. sc->rlayer.block_padding = 0;
  4550. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  4551. sc->rlayer.block_padding = block_size;
  4552. else
  4553. return 0;
  4554. return 1;
  4555. }
  4556. int SSL_set_num_tickets(SSL *s, size_t num_tickets)
  4557. {
  4558. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4559. if (sc == NULL)
  4560. return 0;
  4561. sc->num_tickets = num_tickets;
  4562. return 1;
  4563. }
  4564. size_t SSL_get_num_tickets(const SSL *s)
  4565. {
  4566. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4567. if (sc == NULL)
  4568. return 0;
  4569. return sc->num_tickets;
  4570. }
  4571. int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
  4572. {
  4573. ctx->num_tickets = num_tickets;
  4574. return 1;
  4575. }
  4576. size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
  4577. {
  4578. return ctx->num_tickets;
  4579. }
  4580. /* Retrieve handshake hashes */
  4581. int ssl_handshake_hash(SSL_CONNECTION *s,
  4582. unsigned char *out, size_t outlen,
  4583. size_t *hashlen)
  4584. {
  4585. EVP_MD_CTX *ctx = NULL;
  4586. EVP_MD_CTX *hdgst = s->s3.handshake_dgst;
  4587. int hashleni = EVP_MD_CTX_get_size(hdgst);
  4588. int ret = 0;
  4589. if (hashleni < 0 || (size_t)hashleni > outlen) {
  4590. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  4591. goto err;
  4592. }
  4593. ctx = EVP_MD_CTX_new();
  4594. if (ctx == NULL) {
  4595. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  4596. goto err;
  4597. }
  4598. if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
  4599. || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
  4600. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  4601. goto err;
  4602. }
  4603. *hashlen = hashleni;
  4604. ret = 1;
  4605. err:
  4606. EVP_MD_CTX_free(ctx);
  4607. return ret;
  4608. }
  4609. int SSL_session_reused(const SSL *s)
  4610. {
  4611. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4612. if (sc == NULL)
  4613. return 0;
  4614. return sc->hit;
  4615. }
  4616. int SSL_is_server(const SSL *s)
  4617. {
  4618. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4619. if (sc == NULL)
  4620. return 0;
  4621. return sc->server;
  4622. }
  4623. #ifndef OPENSSL_NO_DEPRECATED_1_1_0
  4624. void SSL_set_debug(SSL *s, int debug)
  4625. {
  4626. /* Old function was do-nothing anyway... */
  4627. (void)s;
  4628. (void)debug;
  4629. }
  4630. #endif
  4631. void SSL_set_security_level(SSL *s, int level)
  4632. {
  4633. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4634. if (sc == NULL)
  4635. return;
  4636. sc->cert->sec_level = level;
  4637. }
  4638. int SSL_get_security_level(const SSL *s)
  4639. {
  4640. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4641. if (sc == NULL)
  4642. return 0;
  4643. return sc->cert->sec_level;
  4644. }
  4645. void SSL_set_security_callback(SSL *s,
  4646. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  4647. int op, int bits, int nid,
  4648. void *other, void *ex))
  4649. {
  4650. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4651. if (sc == NULL)
  4652. return;
  4653. sc->cert->sec_cb = cb;
  4654. }
  4655. int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
  4656. const SSL_CTX *ctx, int op,
  4657. int bits, int nid, void *other,
  4658. void *ex) {
  4659. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4660. if (sc == NULL)
  4661. return NULL;
  4662. return sc->cert->sec_cb;
  4663. }
  4664. void SSL_set0_security_ex_data(SSL *s, void *ex)
  4665. {
  4666. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4667. if (sc == NULL)
  4668. return;
  4669. sc->cert->sec_ex = ex;
  4670. }
  4671. void *SSL_get0_security_ex_data(const SSL *s)
  4672. {
  4673. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4674. if (sc == NULL)
  4675. return NULL;
  4676. return sc->cert->sec_ex;
  4677. }
  4678. void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
  4679. {
  4680. ctx->cert->sec_level = level;
  4681. }
  4682. int SSL_CTX_get_security_level(const SSL_CTX *ctx)
  4683. {
  4684. return ctx->cert->sec_level;
  4685. }
  4686. void SSL_CTX_set_security_callback(SSL_CTX *ctx,
  4687. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  4688. int op, int bits, int nid,
  4689. void *other, void *ex))
  4690. {
  4691. ctx->cert->sec_cb = cb;
  4692. }
  4693. int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
  4694. const SSL_CTX *ctx,
  4695. int op, int bits,
  4696. int nid,
  4697. void *other,
  4698. void *ex) {
  4699. return ctx->cert->sec_cb;
  4700. }
  4701. void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
  4702. {
  4703. ctx->cert->sec_ex = ex;
  4704. }
  4705. void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
  4706. {
  4707. return ctx->cert->sec_ex;
  4708. }
  4709. uint64_t SSL_CTX_get_options(const SSL_CTX *ctx)
  4710. {
  4711. return ctx->options;
  4712. }
  4713. uint64_t SSL_get_options(const SSL *s)
  4714. {
  4715. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4716. if (sc == NULL)
  4717. return 0;
  4718. return sc->options;
  4719. }
  4720. uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op)
  4721. {
  4722. return ctx->options |= op;
  4723. }
  4724. uint64_t SSL_set_options(SSL *s, uint64_t op)
  4725. {
  4726. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4727. OSSL_PARAM options[2], *opts = options;
  4728. if (sc == NULL)
  4729. return 0;
  4730. sc->options |= op;
  4731. *opts++ = OSSL_PARAM_construct_uint64(OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS,
  4732. &sc->options);
  4733. *opts = OSSL_PARAM_construct_end();
  4734. /* Ignore return value */
  4735. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  4736. return sc->options;
  4737. }
  4738. uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op)
  4739. {
  4740. return ctx->options &= ~op;
  4741. }
  4742. uint64_t SSL_clear_options(SSL *s, uint64_t op)
  4743. {
  4744. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4745. if (sc == NULL)
  4746. return 0;
  4747. return sc->options &= ~op;
  4748. }
  4749. STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
  4750. {
  4751. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4752. if (sc == NULL)
  4753. return NULL;
  4754. return sc->verified_chain;
  4755. }
  4756. IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
  4757. #ifndef OPENSSL_NO_CT
  4758. /*
  4759. * Moves SCTs from the |src| stack to the |dst| stack.
  4760. * The source of each SCT will be set to |origin|.
  4761. * If |dst| points to a NULL pointer, a new stack will be created and owned by
  4762. * the caller.
  4763. * Returns the number of SCTs moved, or a negative integer if an error occurs.
  4764. */
  4765. static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
  4766. sct_source_t origin)
  4767. {
  4768. int scts_moved = 0;
  4769. SCT *sct = NULL;
  4770. if (*dst == NULL) {
  4771. *dst = sk_SCT_new_null();
  4772. if (*dst == NULL) {
  4773. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  4774. goto err;
  4775. }
  4776. }
  4777. while ((sct = sk_SCT_pop(src)) != NULL) {
  4778. if (SCT_set_source(sct, origin) != 1)
  4779. goto err;
  4780. if (sk_SCT_push(*dst, sct) <= 0)
  4781. goto err;
  4782. scts_moved += 1;
  4783. }
  4784. return scts_moved;
  4785. err:
  4786. if (sct != NULL)
  4787. sk_SCT_push(src, sct); /* Put the SCT back */
  4788. return -1;
  4789. }
  4790. /*
  4791. * Look for data collected during ServerHello and parse if found.
  4792. * Returns the number of SCTs extracted.
  4793. */
  4794. static int ct_extract_tls_extension_scts(SSL_CONNECTION *s)
  4795. {
  4796. int scts_extracted = 0;
  4797. if (s->ext.scts != NULL) {
  4798. const unsigned char *p = s->ext.scts;
  4799. STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
  4800. scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
  4801. SCT_LIST_free(scts);
  4802. }
  4803. return scts_extracted;
  4804. }
  4805. /*
  4806. * Checks for an OCSP response and then attempts to extract any SCTs found if it
  4807. * contains an SCT X509 extension. They will be stored in |s->scts|.
  4808. * Returns:
  4809. * - The number of SCTs extracted, assuming an OCSP response exists.
  4810. * - 0 if no OCSP response exists or it contains no SCTs.
  4811. * - A negative integer if an error occurs.
  4812. */
  4813. static int ct_extract_ocsp_response_scts(SSL_CONNECTION *s)
  4814. {
  4815. # ifndef OPENSSL_NO_OCSP
  4816. int scts_extracted = 0;
  4817. const unsigned char *p;
  4818. OCSP_BASICRESP *br = NULL;
  4819. OCSP_RESPONSE *rsp = NULL;
  4820. STACK_OF(SCT) *scts = NULL;
  4821. int i;
  4822. if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
  4823. goto err;
  4824. p = s->ext.ocsp.resp;
  4825. rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
  4826. if (rsp == NULL)
  4827. goto err;
  4828. br = OCSP_response_get1_basic(rsp);
  4829. if (br == NULL)
  4830. goto err;
  4831. for (i = 0; i < OCSP_resp_count(br); ++i) {
  4832. OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
  4833. if (single == NULL)
  4834. continue;
  4835. scts =
  4836. OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
  4837. scts_extracted =
  4838. ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
  4839. if (scts_extracted < 0)
  4840. goto err;
  4841. }
  4842. err:
  4843. SCT_LIST_free(scts);
  4844. OCSP_BASICRESP_free(br);
  4845. OCSP_RESPONSE_free(rsp);
  4846. return scts_extracted;
  4847. # else
  4848. /* Behave as if no OCSP response exists */
  4849. return 0;
  4850. # endif
  4851. }
  4852. /*
  4853. * Attempts to extract SCTs from the peer certificate.
  4854. * Return the number of SCTs extracted, or a negative integer if an error
  4855. * occurs.
  4856. */
  4857. static int ct_extract_x509v3_extension_scts(SSL_CONNECTION *s)
  4858. {
  4859. int scts_extracted = 0;
  4860. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  4861. if (cert != NULL) {
  4862. STACK_OF(SCT) *scts =
  4863. X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
  4864. scts_extracted =
  4865. ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
  4866. SCT_LIST_free(scts);
  4867. }
  4868. return scts_extracted;
  4869. }
  4870. /*
  4871. * Attempts to find all received SCTs by checking TLS extensions, the OCSP
  4872. * response (if it exists) and X509v3 extensions in the certificate.
  4873. * Returns NULL if an error occurs.
  4874. */
  4875. const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
  4876. {
  4877. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4878. if (sc == NULL)
  4879. return NULL;
  4880. if (!sc->scts_parsed) {
  4881. if (ct_extract_tls_extension_scts(sc) < 0 ||
  4882. ct_extract_ocsp_response_scts(sc) < 0 ||
  4883. ct_extract_x509v3_extension_scts(sc) < 0)
  4884. goto err;
  4885. sc->scts_parsed = 1;
  4886. }
  4887. return sc->scts;
  4888. err:
  4889. return NULL;
  4890. }
  4891. static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
  4892. const STACK_OF(SCT) *scts, void *unused_arg)
  4893. {
  4894. return 1;
  4895. }
  4896. static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
  4897. const STACK_OF(SCT) *scts, void *unused_arg)
  4898. {
  4899. int count = scts != NULL ? sk_SCT_num(scts) : 0;
  4900. int i;
  4901. for (i = 0; i < count; ++i) {
  4902. SCT *sct = sk_SCT_value(scts, i);
  4903. int status = SCT_get_validation_status(sct);
  4904. if (status == SCT_VALIDATION_STATUS_VALID)
  4905. return 1;
  4906. }
  4907. ERR_raise(ERR_LIB_SSL, SSL_R_NO_VALID_SCTS);
  4908. return 0;
  4909. }
  4910. int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
  4911. void *arg)
  4912. {
  4913. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4914. if (sc == NULL)
  4915. return 0;
  4916. /*
  4917. * Since code exists that uses the custom extension handler for CT, look
  4918. * for this and throw an error if they have already registered to use CT.
  4919. */
  4920. if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
  4921. TLSEXT_TYPE_signed_certificate_timestamp))
  4922. {
  4923. ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  4924. return 0;
  4925. }
  4926. if (callback != NULL) {
  4927. /*
  4928. * If we are validating CT, then we MUST accept SCTs served via OCSP
  4929. */
  4930. if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
  4931. return 0;
  4932. }
  4933. sc->ct_validation_callback = callback;
  4934. sc->ct_validation_callback_arg = arg;
  4935. return 1;
  4936. }
  4937. int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
  4938. ssl_ct_validation_cb callback, void *arg)
  4939. {
  4940. /*
  4941. * Since code exists that uses the custom extension handler for CT, look for
  4942. * this and throw an error if they have already registered to use CT.
  4943. */
  4944. if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
  4945. TLSEXT_TYPE_signed_certificate_timestamp))
  4946. {
  4947. ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  4948. return 0;
  4949. }
  4950. ctx->ct_validation_callback = callback;
  4951. ctx->ct_validation_callback_arg = arg;
  4952. return 1;
  4953. }
  4954. int SSL_ct_is_enabled(const SSL *s)
  4955. {
  4956. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4957. if (sc == NULL)
  4958. return 0;
  4959. return sc->ct_validation_callback != NULL;
  4960. }
  4961. int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
  4962. {
  4963. return ctx->ct_validation_callback != NULL;
  4964. }
  4965. int ssl_validate_ct(SSL_CONNECTION *s)
  4966. {
  4967. int ret = 0;
  4968. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  4969. X509 *issuer;
  4970. SSL_DANE *dane = &s->dane;
  4971. CT_POLICY_EVAL_CTX *ctx = NULL;
  4972. const STACK_OF(SCT) *scts;
  4973. /*
  4974. * If no callback is set, the peer is anonymous, or its chain is invalid,
  4975. * skip SCT validation - just return success. Applications that continue
  4976. * handshakes without certificates, with unverified chains, or pinned leaf
  4977. * certificates are outside the scope of the WebPKI and CT.
  4978. *
  4979. * The above exclusions notwithstanding the vast majority of peers will
  4980. * have rather ordinary certificate chains validated by typical
  4981. * applications that perform certificate verification and therefore will
  4982. * process SCTs when enabled.
  4983. */
  4984. if (s->ct_validation_callback == NULL || cert == NULL ||
  4985. s->verify_result != X509_V_OK ||
  4986. s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
  4987. return 1;
  4988. /*
  4989. * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
  4990. * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2
  4991. */
  4992. if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
  4993. switch (dane->mtlsa->usage) {
  4994. case DANETLS_USAGE_DANE_TA:
  4995. case DANETLS_USAGE_DANE_EE:
  4996. return 1;
  4997. }
  4998. }
  4999. ctx = CT_POLICY_EVAL_CTX_new_ex(SSL_CONNECTION_GET_CTX(s)->libctx,
  5000. SSL_CONNECTION_GET_CTX(s)->propq);
  5001. if (ctx == NULL) {
  5002. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CT_LIB);
  5003. goto end;
  5004. }
  5005. issuer = sk_X509_value(s->verified_chain, 1);
  5006. CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
  5007. CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
  5008. CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx,
  5009. SSL_CONNECTION_GET_CTX(s)->ctlog_store);
  5010. CT_POLICY_EVAL_CTX_set_time(
  5011. ctx, (uint64_t)SSL_SESSION_get_time(s->session) * 1000);
  5012. scts = SSL_get0_peer_scts(SSL_CONNECTION_GET_SSL(s));
  5013. /*
  5014. * This function returns success (> 0) only when all the SCTs are valid, 0
  5015. * when some are invalid, and < 0 on various internal errors (out of
  5016. * memory, etc.). Having some, or even all, invalid SCTs is not sufficient
  5017. * reason to abort the handshake, that decision is up to the callback.
  5018. * Therefore, we error out only in the unexpected case that the return
  5019. * value is negative.
  5020. *
  5021. * XXX: One might well argue that the return value of this function is an
  5022. * unfortunate design choice. Its job is only to determine the validation
  5023. * status of each of the provided SCTs. So long as it correctly separates
  5024. * the wheat from the chaff it should return success. Failure in this case
  5025. * ought to correspond to an inability to carry out its duties.
  5026. */
  5027. if (SCT_LIST_validate(scts, ctx) < 0) {
  5028. SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_SCT_VERIFICATION_FAILED);
  5029. goto end;
  5030. }
  5031. ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
  5032. if (ret < 0)
  5033. ret = 0; /* This function returns 0 on failure */
  5034. if (!ret)
  5035. SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_CALLBACK_FAILED);
  5036. end:
  5037. CT_POLICY_EVAL_CTX_free(ctx);
  5038. /*
  5039. * With SSL_VERIFY_NONE the session may be cached and re-used despite a
  5040. * failure return code here. Also the application may wish the complete
  5041. * the handshake, and then disconnect cleanly at a higher layer, after
  5042. * checking the verification status of the completed connection.
  5043. *
  5044. * We therefore force a certificate verification failure which will be
  5045. * visible via SSL_get_verify_result() and cached as part of any resumed
  5046. * session.
  5047. *
  5048. * Note: the permissive callback is for information gathering only, always
  5049. * returns success, and does not affect verification status. Only the
  5050. * strict callback or a custom application-specified callback can trigger
  5051. * connection failure or record a verification error.
  5052. */
  5053. if (ret <= 0)
  5054. s->verify_result = X509_V_ERR_NO_VALID_SCTS;
  5055. return ret;
  5056. }
  5057. int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
  5058. {
  5059. switch (validation_mode) {
  5060. default:
  5061. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE);
  5062. return 0;
  5063. case SSL_CT_VALIDATION_PERMISSIVE:
  5064. return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
  5065. case SSL_CT_VALIDATION_STRICT:
  5066. return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
  5067. }
  5068. }
  5069. int SSL_enable_ct(SSL *s, int validation_mode)
  5070. {
  5071. switch (validation_mode) {
  5072. default:
  5073. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE);
  5074. return 0;
  5075. case SSL_CT_VALIDATION_PERMISSIVE:
  5076. return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
  5077. case SSL_CT_VALIDATION_STRICT:
  5078. return SSL_set_ct_validation_callback(s, ct_strict, NULL);
  5079. }
  5080. }
  5081. int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
  5082. {
  5083. return CTLOG_STORE_load_default_file(ctx->ctlog_store);
  5084. }
  5085. int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
  5086. {
  5087. return CTLOG_STORE_load_file(ctx->ctlog_store, path);
  5088. }
  5089. void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
  5090. {
  5091. CTLOG_STORE_free(ctx->ctlog_store);
  5092. ctx->ctlog_store = logs;
  5093. }
  5094. const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
  5095. {
  5096. return ctx->ctlog_store;
  5097. }
  5098. #endif /* OPENSSL_NO_CT */
  5099. void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
  5100. void *arg)
  5101. {
  5102. c->client_hello_cb = cb;
  5103. c->client_hello_cb_arg = arg;
  5104. }
  5105. int SSL_client_hello_isv2(SSL *s)
  5106. {
  5107. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5108. if (sc == NULL)
  5109. return 0;
  5110. if (sc->clienthello == NULL)
  5111. return 0;
  5112. return sc->clienthello->isv2;
  5113. }
  5114. unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
  5115. {
  5116. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5117. if (sc == NULL)
  5118. return 0;
  5119. if (sc->clienthello == NULL)
  5120. return 0;
  5121. return sc->clienthello->legacy_version;
  5122. }
  5123. size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
  5124. {
  5125. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5126. if (sc == NULL)
  5127. return 0;
  5128. if (sc->clienthello == NULL)
  5129. return 0;
  5130. if (out != NULL)
  5131. *out = sc->clienthello->random;
  5132. return SSL3_RANDOM_SIZE;
  5133. }
  5134. size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
  5135. {
  5136. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5137. if (sc == NULL)
  5138. return 0;
  5139. if (sc->clienthello == NULL)
  5140. return 0;
  5141. if (out != NULL)
  5142. *out = sc->clienthello->session_id;
  5143. return sc->clienthello->session_id_len;
  5144. }
  5145. size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
  5146. {
  5147. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5148. if (sc == NULL)
  5149. return 0;
  5150. if (sc->clienthello == NULL)
  5151. return 0;
  5152. if (out != NULL)
  5153. *out = PACKET_data(&sc->clienthello->ciphersuites);
  5154. return PACKET_remaining(&sc->clienthello->ciphersuites);
  5155. }
  5156. size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
  5157. {
  5158. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5159. if (sc == NULL)
  5160. return 0;
  5161. if (sc->clienthello == NULL)
  5162. return 0;
  5163. if (out != NULL)
  5164. *out = sc->clienthello->compressions;
  5165. return sc->clienthello->compressions_len;
  5166. }
  5167. int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
  5168. {
  5169. RAW_EXTENSION *ext;
  5170. int *present;
  5171. size_t num = 0, i;
  5172. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5173. if (sc == NULL)
  5174. return 0;
  5175. if (sc->clienthello == NULL || out == NULL || outlen == NULL)
  5176. return 0;
  5177. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5178. ext = sc->clienthello->pre_proc_exts + i;
  5179. if (ext->present)
  5180. num++;
  5181. }
  5182. if (num == 0) {
  5183. *out = NULL;
  5184. *outlen = 0;
  5185. return 1;
  5186. }
  5187. if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL)
  5188. return 0;
  5189. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5190. ext = sc->clienthello->pre_proc_exts + i;
  5191. if (ext->present) {
  5192. if (ext->received_order >= num)
  5193. goto err;
  5194. present[ext->received_order] = ext->type;
  5195. }
  5196. }
  5197. *out = present;
  5198. *outlen = num;
  5199. return 1;
  5200. err:
  5201. OPENSSL_free(present);
  5202. return 0;
  5203. }
  5204. int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, size_t *num_exts)
  5205. {
  5206. RAW_EXTENSION *ext;
  5207. size_t num = 0, i;
  5208. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5209. if (sc == NULL)
  5210. return 0;
  5211. if (sc->clienthello == NULL || num_exts == NULL)
  5212. return 0;
  5213. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5214. ext = sc->clienthello->pre_proc_exts + i;
  5215. if (ext->present)
  5216. num++;
  5217. }
  5218. if (num == 0) {
  5219. *num_exts = 0;
  5220. return 1;
  5221. }
  5222. if (exts == NULL) {
  5223. *num_exts = num;
  5224. return 1;
  5225. }
  5226. if (*num_exts < num)
  5227. return 0;
  5228. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5229. ext = sc->clienthello->pre_proc_exts + i;
  5230. if (ext->present) {
  5231. if (ext->received_order >= num)
  5232. return 0;
  5233. exts[ext->received_order] = ext->type;
  5234. }
  5235. }
  5236. *num_exts = num;
  5237. return 1;
  5238. }
  5239. int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
  5240. size_t *outlen)
  5241. {
  5242. size_t i;
  5243. RAW_EXTENSION *r;
  5244. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5245. if (sc == NULL)
  5246. return 0;
  5247. if (sc->clienthello == NULL)
  5248. return 0;
  5249. for (i = 0; i < sc->clienthello->pre_proc_exts_len; ++i) {
  5250. r = sc->clienthello->pre_proc_exts + i;
  5251. if (r->present && r->type == type) {
  5252. if (out != NULL)
  5253. *out = PACKET_data(&r->data);
  5254. if (outlen != NULL)
  5255. *outlen = PACKET_remaining(&r->data);
  5256. return 1;
  5257. }
  5258. }
  5259. return 0;
  5260. }
  5261. int SSL_free_buffers(SSL *ssl)
  5262. {
  5263. RECORD_LAYER *rl;
  5264. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  5265. if (sc == NULL)
  5266. return 0;
  5267. rl = &sc->rlayer;
  5268. return rl->rrlmethod->free_buffers(rl->rrl)
  5269. && rl->wrlmethod->free_buffers(rl->wrl);
  5270. }
  5271. int SSL_alloc_buffers(SSL *ssl)
  5272. {
  5273. RECORD_LAYER *rl;
  5274. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  5275. if (sc == NULL)
  5276. return 0;
  5277. rl = &sc->rlayer;
  5278. return rl->rrlmethod->alloc_buffers(rl->rrl)
  5279. && rl->wrlmethod->alloc_buffers(rl->wrl);
  5280. }
  5281. void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
  5282. {
  5283. ctx->keylog_callback = cb;
  5284. }
  5285. SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
  5286. {
  5287. return ctx->keylog_callback;
  5288. }
  5289. static int nss_keylog_int(const char *prefix,
  5290. SSL_CONNECTION *sc,
  5291. const uint8_t *parameter_1,
  5292. size_t parameter_1_len,
  5293. const uint8_t *parameter_2,
  5294. size_t parameter_2_len)
  5295. {
  5296. char *out = NULL;
  5297. char *cursor = NULL;
  5298. size_t out_len = 0;
  5299. size_t i;
  5300. size_t prefix_len;
  5301. SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(sc);
  5302. if (sctx->keylog_callback == NULL)
  5303. return 1;
  5304. /*
  5305. * Our output buffer will contain the following strings, rendered with
  5306. * space characters in between, terminated by a NULL character: first the
  5307. * prefix, then the first parameter, then the second parameter. The
  5308. * meaning of each parameter depends on the specific key material being
  5309. * logged. Note that the first and second parameters are encoded in
  5310. * hexadecimal, so we need a buffer that is twice their lengths.
  5311. */
  5312. prefix_len = strlen(prefix);
  5313. out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
  5314. if ((out = cursor = OPENSSL_malloc(out_len)) == NULL)
  5315. return 0;
  5316. strcpy(cursor, prefix);
  5317. cursor += prefix_len;
  5318. *cursor++ = ' ';
  5319. for (i = 0; i < parameter_1_len; i++) {
  5320. sprintf(cursor, "%02x", parameter_1[i]);
  5321. cursor += 2;
  5322. }
  5323. *cursor++ = ' ';
  5324. for (i = 0; i < parameter_2_len; i++) {
  5325. sprintf(cursor, "%02x", parameter_2[i]);
  5326. cursor += 2;
  5327. }
  5328. *cursor = '\0';
  5329. sctx->keylog_callback(SSL_CONNECTION_GET_SSL(sc), (const char *)out);
  5330. OPENSSL_clear_free(out, out_len);
  5331. return 1;
  5332. }
  5333. int ssl_log_rsa_client_key_exchange(SSL_CONNECTION *sc,
  5334. const uint8_t *encrypted_premaster,
  5335. size_t encrypted_premaster_len,
  5336. const uint8_t *premaster,
  5337. size_t premaster_len)
  5338. {
  5339. if (encrypted_premaster_len < 8) {
  5340. SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  5341. return 0;
  5342. }
  5343. /* We only want the first 8 bytes of the encrypted premaster as a tag. */
  5344. return nss_keylog_int("RSA",
  5345. sc,
  5346. encrypted_premaster,
  5347. 8,
  5348. premaster,
  5349. premaster_len);
  5350. }
  5351. int ssl_log_secret(SSL_CONNECTION *sc,
  5352. const char *label,
  5353. const uint8_t *secret,
  5354. size_t secret_len)
  5355. {
  5356. return nss_keylog_int(label,
  5357. sc,
  5358. sc->s3.client_random,
  5359. SSL3_RANDOM_SIZE,
  5360. secret,
  5361. secret_len);
  5362. }
  5363. #define SSLV2_CIPHER_LEN 3
  5364. int ssl_cache_cipherlist(SSL_CONNECTION *s, PACKET *cipher_suites, int sslv2format)
  5365. {
  5366. int n;
  5367. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  5368. if (PACKET_remaining(cipher_suites) == 0) {
  5369. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED);
  5370. return 0;
  5371. }
  5372. if (PACKET_remaining(cipher_suites) % n != 0) {
  5373. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  5374. return 0;
  5375. }
  5376. OPENSSL_free(s->s3.tmp.ciphers_raw);
  5377. s->s3.tmp.ciphers_raw = NULL;
  5378. s->s3.tmp.ciphers_rawlen = 0;
  5379. if (sslv2format) {
  5380. size_t numciphers = PACKET_remaining(cipher_suites) / n;
  5381. PACKET sslv2ciphers = *cipher_suites;
  5382. unsigned int leadbyte;
  5383. unsigned char *raw;
  5384. /*
  5385. * We store the raw ciphers list in SSLv3+ format so we need to do some
  5386. * preprocessing to convert the list first. If there are any SSLv2 only
  5387. * ciphersuites with a non-zero leading byte then we are going to
  5388. * slightly over allocate because we won't store those. But that isn't a
  5389. * problem.
  5390. */
  5391. raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
  5392. s->s3.tmp.ciphers_raw = raw;
  5393. if (raw == NULL) {
  5394. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
  5395. return 0;
  5396. }
  5397. for (s->s3.tmp.ciphers_rawlen = 0;
  5398. PACKET_remaining(&sslv2ciphers) > 0;
  5399. raw += TLS_CIPHER_LEN) {
  5400. if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
  5401. || (leadbyte == 0
  5402. && !PACKET_copy_bytes(&sslv2ciphers, raw,
  5403. TLS_CIPHER_LEN))
  5404. || (leadbyte != 0
  5405. && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
  5406. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_PACKET);
  5407. OPENSSL_free(s->s3.tmp.ciphers_raw);
  5408. s->s3.tmp.ciphers_raw = NULL;
  5409. s->s3.tmp.ciphers_rawlen = 0;
  5410. return 0;
  5411. }
  5412. if (leadbyte == 0)
  5413. s->s3.tmp.ciphers_rawlen += TLS_CIPHER_LEN;
  5414. }
  5415. } else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw,
  5416. &s->s3.tmp.ciphers_rawlen)) {
  5417. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  5418. return 0;
  5419. }
  5420. return 1;
  5421. }
  5422. int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
  5423. int isv2format, STACK_OF(SSL_CIPHER) **sk,
  5424. STACK_OF(SSL_CIPHER) **scsvs)
  5425. {
  5426. PACKET pkt;
  5427. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5428. if (sc == NULL)
  5429. return 0;
  5430. if (!PACKET_buf_init(&pkt, bytes, len))
  5431. return 0;
  5432. return ossl_bytes_to_cipher_list(sc, &pkt, sk, scsvs, isv2format, 0);
  5433. }
  5434. int ossl_bytes_to_cipher_list(SSL_CONNECTION *s, PACKET *cipher_suites,
  5435. STACK_OF(SSL_CIPHER) **skp,
  5436. STACK_OF(SSL_CIPHER) **scsvs_out,
  5437. int sslv2format, int fatal)
  5438. {
  5439. const SSL_CIPHER *c;
  5440. STACK_OF(SSL_CIPHER) *sk = NULL;
  5441. STACK_OF(SSL_CIPHER) *scsvs = NULL;
  5442. int n;
  5443. /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
  5444. unsigned char cipher[SSLV2_CIPHER_LEN];
  5445. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  5446. if (PACKET_remaining(cipher_suites) == 0) {
  5447. if (fatal)
  5448. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED);
  5449. else
  5450. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHERS_SPECIFIED);
  5451. return 0;
  5452. }
  5453. if (PACKET_remaining(cipher_suites) % n != 0) {
  5454. if (fatal)
  5455. SSLfatal(s, SSL_AD_DECODE_ERROR,
  5456. SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  5457. else
  5458. ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  5459. return 0;
  5460. }
  5461. sk = sk_SSL_CIPHER_new_null();
  5462. scsvs = sk_SSL_CIPHER_new_null();
  5463. if (sk == NULL || scsvs == NULL) {
  5464. if (fatal)
  5465. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
  5466. else
  5467. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  5468. goto err;
  5469. }
  5470. while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
  5471. /*
  5472. * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
  5473. * first byte set to zero, while true SSLv2 ciphers have a non-zero
  5474. * first byte. We don't support any true SSLv2 ciphers, so skip them.
  5475. */
  5476. if (sslv2format && cipher[0] != '\0')
  5477. continue;
  5478. /* For SSLv2-compat, ignore leading 0-byte. */
  5479. c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
  5480. if (c != NULL) {
  5481. if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
  5482. (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
  5483. if (fatal)
  5484. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
  5485. else
  5486. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  5487. goto err;
  5488. }
  5489. }
  5490. }
  5491. if (PACKET_remaining(cipher_suites) > 0) {
  5492. if (fatal)
  5493. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_LENGTH);
  5494. else
  5495. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  5496. goto err;
  5497. }
  5498. if (skp != NULL)
  5499. *skp = sk;
  5500. else
  5501. sk_SSL_CIPHER_free(sk);
  5502. if (scsvs_out != NULL)
  5503. *scsvs_out = scsvs;
  5504. else
  5505. sk_SSL_CIPHER_free(scsvs);
  5506. return 1;
  5507. err:
  5508. sk_SSL_CIPHER_free(sk);
  5509. sk_SSL_CIPHER_free(scsvs);
  5510. return 0;
  5511. }
  5512. int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
  5513. {
  5514. ctx->max_early_data = max_early_data;
  5515. return 1;
  5516. }
  5517. uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
  5518. {
  5519. return ctx->max_early_data;
  5520. }
  5521. int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
  5522. {
  5523. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5524. if (sc == NULL)
  5525. return 0;
  5526. sc->max_early_data = max_early_data;
  5527. return 1;
  5528. }
  5529. uint32_t SSL_get_max_early_data(const SSL *s)
  5530. {
  5531. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5532. if (sc == NULL)
  5533. return 0;
  5534. return sc->max_early_data;
  5535. }
  5536. int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
  5537. {
  5538. ctx->recv_max_early_data = recv_max_early_data;
  5539. return 1;
  5540. }
  5541. uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
  5542. {
  5543. return ctx->recv_max_early_data;
  5544. }
  5545. int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)
  5546. {
  5547. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5548. if (sc == NULL)
  5549. return 0;
  5550. sc->recv_max_early_data = recv_max_early_data;
  5551. return 1;
  5552. }
  5553. uint32_t SSL_get_recv_max_early_data(const SSL *s)
  5554. {
  5555. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5556. if (sc == NULL)
  5557. return 0;
  5558. return sc->recv_max_early_data;
  5559. }
  5560. __owur unsigned int ssl_get_max_send_fragment(const SSL_CONNECTION *sc)
  5561. {
  5562. /* Return any active Max Fragment Len extension */
  5563. if (sc->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(sc->session))
  5564. return GET_MAX_FRAGMENT_LENGTH(sc->session);
  5565. /* return current SSL connection setting */
  5566. return sc->max_send_fragment;
  5567. }
  5568. __owur unsigned int ssl_get_split_send_fragment(const SSL_CONNECTION *sc)
  5569. {
  5570. /* Return a value regarding an active Max Fragment Len extension */
  5571. if (sc->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(sc->session)
  5572. && sc->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(sc->session))
  5573. return GET_MAX_FRAGMENT_LENGTH(sc->session);
  5574. /* else limit |split_send_fragment| to current |max_send_fragment| */
  5575. if (sc->split_send_fragment > sc->max_send_fragment)
  5576. return sc->max_send_fragment;
  5577. /* return current SSL connection setting */
  5578. return sc->split_send_fragment;
  5579. }
  5580. int SSL_stateless(SSL *s)
  5581. {
  5582. int ret;
  5583. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5584. /* TODO(QUIC): This will need further work. */
  5585. if (sc == NULL)
  5586. return 0;
  5587. /* Ensure there is no state left over from a previous invocation */
  5588. if (!SSL_clear(s))
  5589. return 0;
  5590. ERR_clear_error();
  5591. sc->s3.flags |= TLS1_FLAGS_STATELESS;
  5592. ret = SSL_accept(s);
  5593. sc->s3.flags &= ~TLS1_FLAGS_STATELESS;
  5594. if (ret > 0 && sc->ext.cookieok)
  5595. return 1;
  5596. if (sc->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(sc))
  5597. return 0;
  5598. return -1;
  5599. }
  5600. void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
  5601. {
  5602. ctx->pha_enabled = val;
  5603. }
  5604. void SSL_set_post_handshake_auth(SSL *ssl, int val)
  5605. {
  5606. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  5607. if (sc == NULL)
  5608. return;
  5609. sc->pha_enabled = val;
  5610. }
  5611. int SSL_verify_client_post_handshake(SSL *ssl)
  5612. {
  5613. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  5614. if (sc == NULL)
  5615. return 0;
  5616. if (!SSL_CONNECTION_IS_TLS13(sc)) {
  5617. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  5618. return 0;
  5619. }
  5620. if (!sc->server) {
  5621. ERR_raise(ERR_LIB_SSL, SSL_R_NOT_SERVER);
  5622. return 0;
  5623. }
  5624. if (!SSL_is_init_finished(ssl)) {
  5625. ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT);
  5626. return 0;
  5627. }
  5628. switch (sc->post_handshake_auth) {
  5629. case SSL_PHA_NONE:
  5630. ERR_raise(ERR_LIB_SSL, SSL_R_EXTENSION_NOT_RECEIVED);
  5631. return 0;
  5632. default:
  5633. case SSL_PHA_EXT_SENT:
  5634. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  5635. return 0;
  5636. case SSL_PHA_EXT_RECEIVED:
  5637. break;
  5638. case SSL_PHA_REQUEST_PENDING:
  5639. ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_PENDING);
  5640. return 0;
  5641. case SSL_PHA_REQUESTED:
  5642. ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_SENT);
  5643. return 0;
  5644. }
  5645. sc->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
  5646. /* checks verify_mode and algorithm_auth */
  5647. if (!send_certificate_request(sc)) {
  5648. sc->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
  5649. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CONFIG);
  5650. return 0;
  5651. }
  5652. ossl_statem_set_in_init(sc, 1);
  5653. return 1;
  5654. }
  5655. int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
  5656. SSL_CTX_generate_session_ticket_fn gen_cb,
  5657. SSL_CTX_decrypt_session_ticket_fn dec_cb,
  5658. void *arg)
  5659. {
  5660. ctx->generate_ticket_cb = gen_cb;
  5661. ctx->decrypt_ticket_cb = dec_cb;
  5662. ctx->ticket_cb_data = arg;
  5663. return 1;
  5664. }
  5665. void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
  5666. SSL_allow_early_data_cb_fn cb,
  5667. void *arg)
  5668. {
  5669. ctx->allow_early_data_cb = cb;
  5670. ctx->allow_early_data_cb_data = arg;
  5671. }
  5672. void SSL_set_allow_early_data_cb(SSL *s,
  5673. SSL_allow_early_data_cb_fn cb,
  5674. void *arg)
  5675. {
  5676. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5677. if (sc == NULL)
  5678. return;
  5679. sc->allow_early_data_cb = cb;
  5680. sc->allow_early_data_cb_data = arg;
  5681. }
  5682. const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx,
  5683. int nid,
  5684. const char *properties)
  5685. {
  5686. const EVP_CIPHER *ciph;
  5687. ciph = tls_get_cipher_from_engine(nid);
  5688. if (ciph != NULL)
  5689. return ciph;
  5690. /*
  5691. * If there is no engine cipher then we do an explicit fetch. This may fail
  5692. * and that could be ok
  5693. */
  5694. ERR_set_mark();
  5695. ciph = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties);
  5696. ERR_pop_to_mark();
  5697. return ciph;
  5698. }
  5699. int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher)
  5700. {
  5701. /* Don't up-ref an implicit EVP_CIPHER */
  5702. if (EVP_CIPHER_get0_provider(cipher) == NULL)
  5703. return 1;
  5704. /*
  5705. * The cipher was explicitly fetched and therefore it is safe to cast
  5706. * away the const
  5707. */
  5708. return EVP_CIPHER_up_ref((EVP_CIPHER *)cipher);
  5709. }
  5710. void ssl_evp_cipher_free(const EVP_CIPHER *cipher)
  5711. {
  5712. if (cipher == NULL)
  5713. return;
  5714. if (EVP_CIPHER_get0_provider(cipher) != NULL) {
  5715. /*
  5716. * The cipher was explicitly fetched and therefore it is safe to cast
  5717. * away the const
  5718. */
  5719. EVP_CIPHER_free((EVP_CIPHER *)cipher);
  5720. }
  5721. }
  5722. const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx,
  5723. int nid,
  5724. const char *properties)
  5725. {
  5726. const EVP_MD *md;
  5727. md = tls_get_digest_from_engine(nid);
  5728. if (md != NULL)
  5729. return md;
  5730. /* Otherwise we do an explicit fetch */
  5731. ERR_set_mark();
  5732. md = EVP_MD_fetch(libctx, OBJ_nid2sn(nid), properties);
  5733. ERR_pop_to_mark();
  5734. return md;
  5735. }
  5736. int ssl_evp_md_up_ref(const EVP_MD *md)
  5737. {
  5738. /* Don't up-ref an implicit EVP_MD */
  5739. if (EVP_MD_get0_provider(md) == NULL)
  5740. return 1;
  5741. /*
  5742. * The digest was explicitly fetched and therefore it is safe to cast
  5743. * away the const
  5744. */
  5745. return EVP_MD_up_ref((EVP_MD *)md);
  5746. }
  5747. void ssl_evp_md_free(const EVP_MD *md)
  5748. {
  5749. if (md == NULL)
  5750. return;
  5751. if (EVP_MD_get0_provider(md) != NULL) {
  5752. /*
  5753. * The digest was explicitly fetched and therefore it is safe to cast
  5754. * away the const
  5755. */
  5756. EVP_MD_free((EVP_MD *)md);
  5757. }
  5758. }
  5759. int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey)
  5760. {
  5761. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5762. if (sc == NULL)
  5763. return 0;
  5764. if (!ssl_security(sc, SSL_SECOP_TMP_DH,
  5765. EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
  5766. ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
  5767. return 0;
  5768. }
  5769. EVP_PKEY_free(sc->cert->dh_tmp);
  5770. sc->cert->dh_tmp = dhpkey;
  5771. return 1;
  5772. }
  5773. int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey)
  5774. {
  5775. if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
  5776. EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
  5777. ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
  5778. return 0;
  5779. }
  5780. EVP_PKEY_free(ctx->cert->dh_tmp);
  5781. ctx->cert->dh_tmp = dhpkey;
  5782. return 1;
  5783. }