ssl_lib.c 209 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481548254835484548554865487548854895490549154925493549454955496549754985499550055015502550355045505550655075508550955105511551255135514551555165517551855195520552155225523552455255526552755285529553055315532553355345535553655375538553955405541554255435544554555465547554855495550555155525553555455555556555755585559556055615562556355645565556655675568556955705571557255735574557555765577557855795580558155825583558455855586558755885589559055915592559355945595559655975598559956005601560256035604560556065607560856095610561156125613561456155616561756185619562056215622562356245625562656275628562956305631563256335634563556365637563856395640564156425643564456455646564756485649565056515652565356545655565656575658565956605661566256635664566556665667566856695670567156725673567456755676567756785679568056815682568356845685568656875688568956905691569256935694569556965697569856995700570157025703570457055706570757085709571057115712571357145715571657175718571957205721572257235724572557265727572857295730573157325733573457355736573757385739574057415742574357445745574657475748574957505751575257535754575557565757575857595760576157625763576457655766576757685769577057715772577357745775577657775778577957805781578257835784578557865787578857895790579157925793579457955796579757985799580058015802580358045805580658075808580958105811581258135814581558165817581858195820582158225823582458255826582758285829583058315832583358345835583658375838583958405841584258435844584558465847584858495850585158525853585458555856585758585859586058615862586358645865586658675868586958705871587258735874587558765877587858795880588158825883588458855886588758885889589058915892589358945895589658975898589959005901590259035904590559065907590859095910591159125913591459155916591759185919592059215922592359245925592659275928592959305931593259335934593559365937593859395940594159425943594459455946594759485949595059515952595359545955595659575958595959605961596259635964596559665967596859695970597159725973597459755976597759785979598059815982598359845985598659875988598959905991599259935994599559965997599859996000600160026003600460056006600760086009601060116012601360146015601660176018601960206021602260236024602560266027602860296030603160326033603460356036603760386039604060416042604360446045604660476048604960506051605260536054605560566057605860596060606160626063606460656066606760686069607060716072607360746075607660776078607960806081608260836084608560866087608860896090609160926093609460956096609760986099610061016102610361046105610661076108610961106111611261136114611561166117611861196120612161226123612461256126612761286129613061316132613361346135613661376138613961406141614261436144614561466147614861496150615161526153615461556156615761586159616061616162616361646165616661676168616961706171617261736174617561766177617861796180618161826183618461856186618761886189619061916192619361946195619661976198619962006201620262036204620562066207620862096210621162126213621462156216621762186219622062216222622362246225622662276228622962306231623262336234623562366237623862396240624162426243624462456246624762486249625062516252625362546255625662576258625962606261626262636264626562666267626862696270627162726273627462756276627762786279628062816282628362846285628662876288628962906291629262936294629562966297629862996300630163026303630463056306630763086309631063116312631363146315631663176318631963206321632263236324632563266327632863296330633163326333633463356336633763386339634063416342634363446345634663476348634963506351635263536354635563566357635863596360636163626363636463656366636763686369637063716372637363746375637663776378637963806381638263836384638563866387638863896390639163926393639463956396639763986399640064016402640364046405640664076408640964106411641264136414641564166417641864196420642164226423642464256426642764286429643064316432643364346435643664376438643964406441644264436444644564466447644864496450645164526453645464556456645764586459646064616462646364646465646664676468646964706471647264736474647564766477647864796480648164826483648464856486648764886489649064916492649364946495649664976498649965006501650265036504650565066507650865096510651165126513651465156516651765186519652065216522652365246525652665276528652965306531653265336534653565366537653865396540654165426543654465456546654765486549655065516552655365546555655665576558655965606561656265636564656565666567656865696570657165726573657465756576657765786579658065816582658365846585658665876588658965906591659265936594659565966597659865996600660166026603660466056606660766086609661066116612661366146615661666176618661966206621662266236624662566266627662866296630663166326633663466356636663766386639664066416642664366446645664666476648664966506651665266536654665566566657665866596660666166626663666466656666666766686669667066716672667366746675667666776678667966806681668266836684668566866687668866896690669166926693669466956696669766986699670067016702670367046705670667076708670967106711671267136714671567166717671867196720672167226723672467256726672767286729673067316732673367346735673667376738673967406741674267436744674567466747674867496750675167526753675467556756675767586759676067616762676367646765676667676768676967706771677267736774677567766777677867796780678167826783678467856786678767886789679067916792679367946795679667976798679968006801680268036804680568066807680868096810681168126813681468156816681768186819682068216822682368246825682668276828682968306831683268336834683568366837683868396840684168426843684468456846684768486849685068516852685368546855685668576858685968606861686268636864686568666867686868696870687168726873687468756876687768786879688068816882688368846885688668876888688968906891689268936894689568966897689868996900690169026903690469056906690769086909691069116912691369146915691669176918691969206921692269236924692569266927692869296930693169326933693469356936693769386939694069416942694369446945694669476948694969506951695269536954695569566957695869596960696169626963696469656966696769686969697069716972697369746975697669776978697969806981698269836984698569866987698869896990699169926993699469956996699769986999700070017002700370047005700670077008700970107011701270137014701570167017701870197020702170227023702470257026702770287029703070317032703370347035703670377038703970407041704270437044704570467047704870497050705170527053705470557056705770587059706070617062706370647065706670677068706970707071707270737074707570767077707870797080708170827083708470857086708770887089709070917092709370947095709670977098709971007101710271037104710571067107710871097110711171127113711471157116711771187119712071217122712371247125712671277128712971307131713271337134713571367137713871397140714171427143714471457146714771487149715071517152715371547155715671577158715971607161716271637164716571667167716871697170717171727173717471757176717771787179718071817182718371847185718671877188718971907191719271937194719571967197719871997200720172027203720472057206720772087209721072117212721372147215721672177218721972207221722272237224722572267227722872297230723172327233723472357236723772387239724072417242724372447245724672477248724972507251725272537254725572567257725872597260726172627263726472657266726772687269727072717272727372747275727672777278727972807281728272837284728572867287728872897290729172927293729472957296729772987299730073017302730373047305730673077308730973107311731273137314731573167317731873197320732173227323732473257326732773287329733073317332733373347335733673377338733973407341734273437344734573467347734873497350735173527353735473557356735773587359736073617362736373647365736673677368736973707371737273737374737573767377737873797380738173827383738473857386738773887389739073917392739373947395739673977398739974007401740274037404740574067407740874097410741174127413741474157416741774187419742074217422742374247425742674277428742974307431743274337434743574367437743874397440744174427443744474457446744774487449745074517452745374547455745674577458745974607461746274637464746574667467746874697470747174727473747474757476747774787479748074817482748374847485748674877488748974907491749274937494749574967497749874997500750175027503750475057506750775087509751075117512751375147515751675177518751975207521752275237524752575267527752875297530753175327533753475357536753775387539754075417542754375447545754675477548754975507551755275537554755575567557755875597560756175627563756475657566756775687569757075717572757375747575757675777578757975807581758275837584758575867587758875897590759175927593759475957596759775987599760076017602760376047605760676077608760976107611761276137614761576167617761876197620762176227623762476257626762776287629763076317632763376347635763676377638763976407641764276437644764576467647764876497650765176527653765476557656765776587659766076617662766376647665766676677668766976707671767276737674767576767677767876797680768176827683768476857686768776887689769076917692769376947695769676977698769977007701770277037704770577067707770877097710771177127713771477157716771777187719772077217722772377247725772677277728772977307731773277337734773577367737773877397740774177427743774477457746774777487749775077517752775377547755775677577758775977607761776277637764776577667767776877697770777177727773777477757776777777787779778077817782778377847785778677877788778977907791779277937794779577967797779877997800780178027803780478057806780778087809781078117812781378147815781678177818781978207821782278237824782578267827782878297830783178327833783478357836783778387839784078417842784378447845784678477848
  1. /*
  2. * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  4. * Copyright 2005 Nokia. All rights reserved.
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include <stdio.h>
  12. #include "ssl_local.h"
  13. #include "internal/e_os.h"
  14. #include <openssl/objects.h>
  15. #include <openssl/x509v3.h>
  16. #include <openssl/rand.h>
  17. #include <openssl/ocsp.h>
  18. #include <openssl/dh.h>
  19. #include <openssl/engine.h>
  20. #include <openssl/async.h>
  21. #include <openssl/ct.h>
  22. #include <openssl/trace.h>
  23. #include <openssl/core_names.h>
  24. #include "internal/cryptlib.h"
  25. #include "internal/nelem.h"
  26. #include "internal/refcount.h"
  27. #include "internal/ktls.h"
  28. #include "quic/quic_local.h"
  29. static int ssl_undefined_function_3(SSL_CONNECTION *sc, unsigned char *r,
  30. unsigned char *s, size_t t, size_t *u)
  31. {
  32. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  33. }
  34. static int ssl_undefined_function_4(SSL_CONNECTION *sc, int r)
  35. {
  36. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  37. }
  38. static size_t ssl_undefined_function_5(SSL_CONNECTION *sc, const char *r,
  39. size_t s, unsigned char *t)
  40. {
  41. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  42. }
  43. static int ssl_undefined_function_6(int r)
  44. {
  45. return ssl_undefined_function(NULL);
  46. }
  47. static int ssl_undefined_function_7(SSL_CONNECTION *sc, unsigned char *r,
  48. size_t s, const char *t, size_t u,
  49. const unsigned char *v, size_t w, int x)
  50. {
  51. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  52. }
  53. static int ssl_undefined_function_8(SSL_CONNECTION *sc)
  54. {
  55. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  56. }
  57. const SSL3_ENC_METHOD ssl3_undef_enc_method = {
  58. ssl_undefined_function_8,
  59. ssl_undefined_function_3,
  60. ssl_undefined_function_4,
  61. ssl_undefined_function_5,
  62. NULL, /* client_finished_label */
  63. 0, /* client_finished_label_len */
  64. NULL, /* server_finished_label */
  65. 0, /* server_finished_label_len */
  66. ssl_undefined_function_6,
  67. ssl_undefined_function_7,
  68. };
  69. struct ssl_async_args {
  70. SSL *s;
  71. void *buf;
  72. size_t num;
  73. enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
  74. union {
  75. int (*func_read) (SSL *, void *, size_t, size_t *);
  76. int (*func_write) (SSL *, const void *, size_t, size_t *);
  77. int (*func_other) (SSL *);
  78. } f;
  79. };
  80. static const struct {
  81. uint8_t mtype;
  82. uint8_t ord;
  83. int nid;
  84. } dane_mds[] = {
  85. {
  86. DANETLS_MATCHING_FULL, 0, NID_undef
  87. },
  88. {
  89. DANETLS_MATCHING_2256, 1, NID_sha256
  90. },
  91. {
  92. DANETLS_MATCHING_2512, 2, NID_sha512
  93. },
  94. };
  95. static int dane_ctx_enable(struct dane_ctx_st *dctx)
  96. {
  97. const EVP_MD **mdevp;
  98. uint8_t *mdord;
  99. uint8_t mdmax = DANETLS_MATCHING_LAST;
  100. int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */
  101. size_t i;
  102. if (dctx->mdevp != NULL)
  103. return 1;
  104. mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
  105. mdord = OPENSSL_zalloc(n * sizeof(*mdord));
  106. if (mdord == NULL || mdevp == NULL) {
  107. OPENSSL_free(mdord);
  108. OPENSSL_free(mdevp);
  109. return 0;
  110. }
  111. /* Install default entries */
  112. for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
  113. const EVP_MD *md;
  114. if (dane_mds[i].nid == NID_undef ||
  115. (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
  116. continue;
  117. mdevp[dane_mds[i].mtype] = md;
  118. mdord[dane_mds[i].mtype] = dane_mds[i].ord;
  119. }
  120. dctx->mdevp = mdevp;
  121. dctx->mdord = mdord;
  122. dctx->mdmax = mdmax;
  123. return 1;
  124. }
  125. static void dane_ctx_final(struct dane_ctx_st *dctx)
  126. {
  127. OPENSSL_free(dctx->mdevp);
  128. dctx->mdevp = NULL;
  129. OPENSSL_free(dctx->mdord);
  130. dctx->mdord = NULL;
  131. dctx->mdmax = 0;
  132. }
  133. static void tlsa_free(danetls_record *t)
  134. {
  135. if (t == NULL)
  136. return;
  137. OPENSSL_free(t->data);
  138. EVP_PKEY_free(t->spki);
  139. OPENSSL_free(t);
  140. }
  141. static void dane_final(SSL_DANE *dane)
  142. {
  143. sk_danetls_record_pop_free(dane->trecs, tlsa_free);
  144. dane->trecs = NULL;
  145. OSSL_STACK_OF_X509_free(dane->certs);
  146. dane->certs = NULL;
  147. X509_free(dane->mcert);
  148. dane->mcert = NULL;
  149. dane->mtlsa = NULL;
  150. dane->mdpth = -1;
  151. dane->pdpth = -1;
  152. }
  153. /*
  154. * dane_copy - Copy dane configuration, sans verification state.
  155. */
  156. static int ssl_dane_dup(SSL_CONNECTION *to, SSL_CONNECTION *from)
  157. {
  158. int num;
  159. int i;
  160. if (!DANETLS_ENABLED(&from->dane))
  161. return 1;
  162. num = sk_danetls_record_num(from->dane.trecs);
  163. dane_final(&to->dane);
  164. to->dane.flags = from->dane.flags;
  165. to->dane.dctx = &SSL_CONNECTION_GET_CTX(to)->dane;
  166. to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
  167. if (to->dane.trecs == NULL) {
  168. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  169. return 0;
  170. }
  171. for (i = 0; i < num; ++i) {
  172. danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
  173. if (SSL_dane_tlsa_add(SSL_CONNECTION_GET_SSL(to), t->usage,
  174. t->selector, t->mtype, t->data, t->dlen) <= 0)
  175. return 0;
  176. }
  177. return 1;
  178. }
  179. static int dane_mtype_set(struct dane_ctx_st *dctx,
  180. const EVP_MD *md, uint8_t mtype, uint8_t ord)
  181. {
  182. int i;
  183. if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
  184. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
  185. return 0;
  186. }
  187. if (mtype > dctx->mdmax) {
  188. const EVP_MD **mdevp;
  189. uint8_t *mdord;
  190. int n = ((int)mtype) + 1;
  191. mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
  192. if (mdevp == NULL)
  193. return -1;
  194. dctx->mdevp = mdevp;
  195. mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
  196. if (mdord == NULL)
  197. return -1;
  198. dctx->mdord = mdord;
  199. /* Zero-fill any gaps */
  200. for (i = dctx->mdmax + 1; i < mtype; ++i) {
  201. mdevp[i] = NULL;
  202. mdord[i] = 0;
  203. }
  204. dctx->mdmax = mtype;
  205. }
  206. dctx->mdevp[mtype] = md;
  207. /* Coerce ordinal of disabled matching types to 0 */
  208. dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
  209. return 1;
  210. }
  211. static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
  212. {
  213. if (mtype > dane->dctx->mdmax)
  214. return NULL;
  215. return dane->dctx->mdevp[mtype];
  216. }
  217. static int dane_tlsa_add(SSL_DANE *dane,
  218. uint8_t usage,
  219. uint8_t selector,
  220. uint8_t mtype, const unsigned char *data, size_t dlen)
  221. {
  222. danetls_record *t;
  223. const EVP_MD *md = NULL;
  224. int ilen = (int)dlen;
  225. int i;
  226. int num;
  227. int mdsize;
  228. if (dane->trecs == NULL) {
  229. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_NOT_ENABLED);
  230. return -1;
  231. }
  232. if (ilen < 0 || dlen != (size_t)ilen) {
  233. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
  234. return 0;
  235. }
  236. if (usage > DANETLS_USAGE_LAST) {
  237. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
  238. return 0;
  239. }
  240. if (selector > DANETLS_SELECTOR_LAST) {
  241. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_SELECTOR);
  242. return 0;
  243. }
  244. if (mtype != DANETLS_MATCHING_FULL) {
  245. md = tlsa_md_get(dane, mtype);
  246. if (md == NULL) {
  247. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
  248. return 0;
  249. }
  250. }
  251. if (md != NULL) {
  252. mdsize = EVP_MD_get_size(md);
  253. if (mdsize <= 0 || dlen != (size_t)mdsize) {
  254. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
  255. return 0;
  256. }
  257. }
  258. if (!data) {
  259. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_NULL_DATA);
  260. return 0;
  261. }
  262. if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL)
  263. return -1;
  264. t->usage = usage;
  265. t->selector = selector;
  266. t->mtype = mtype;
  267. t->data = OPENSSL_malloc(dlen);
  268. if (t->data == NULL) {
  269. tlsa_free(t);
  270. return -1;
  271. }
  272. memcpy(t->data, data, dlen);
  273. t->dlen = dlen;
  274. /* Validate and cache full certificate or public key */
  275. if (mtype == DANETLS_MATCHING_FULL) {
  276. const unsigned char *p = data;
  277. X509 *cert = NULL;
  278. EVP_PKEY *pkey = NULL;
  279. switch (selector) {
  280. case DANETLS_SELECTOR_CERT:
  281. if (!d2i_X509(&cert, &p, ilen) || p < data ||
  282. dlen != (size_t)(p - data)) {
  283. X509_free(cert);
  284. tlsa_free(t);
  285. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  286. return 0;
  287. }
  288. if (X509_get0_pubkey(cert) == NULL) {
  289. X509_free(cert);
  290. tlsa_free(t);
  291. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  292. return 0;
  293. }
  294. if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
  295. /*
  296. * The Full(0) certificate decodes to a seemingly valid X.509
  297. * object with a plausible key, so the TLSA record is well
  298. * formed. However, we don't actually need the certificate for
  299. * usages PKIX-EE(1) or DANE-EE(3), because at least the EE
  300. * certificate is always presented by the peer. We discard the
  301. * certificate, and just use the TLSA data as an opaque blob
  302. * for matching the raw presented DER octets.
  303. *
  304. * DO NOT FREE `t` here, it will be added to the TLSA record
  305. * list below!
  306. */
  307. X509_free(cert);
  308. break;
  309. }
  310. /*
  311. * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
  312. * records that contain full certificates of trust-anchors that are
  313. * not present in the wire chain. For usage PKIX-TA(0), we augment
  314. * the chain with untrusted Full(0) certificates from DNS, in case
  315. * they are missing from the chain.
  316. */
  317. if ((dane->certs == NULL &&
  318. (dane->certs = sk_X509_new_null()) == NULL) ||
  319. !sk_X509_push(dane->certs, cert)) {
  320. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  321. X509_free(cert);
  322. tlsa_free(t);
  323. return -1;
  324. }
  325. break;
  326. case DANETLS_SELECTOR_SPKI:
  327. if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
  328. dlen != (size_t)(p - data)) {
  329. EVP_PKEY_free(pkey);
  330. tlsa_free(t);
  331. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
  332. return 0;
  333. }
  334. /*
  335. * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
  336. * records that contain full bare keys of trust-anchors that are
  337. * not present in the wire chain.
  338. */
  339. if (usage == DANETLS_USAGE_DANE_TA)
  340. t->spki = pkey;
  341. else
  342. EVP_PKEY_free(pkey);
  343. break;
  344. }
  345. }
  346. /*-
  347. * Find the right insertion point for the new record.
  348. *
  349. * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that
  350. * they can be processed first, as they require no chain building, and no
  351. * expiration or hostname checks. Because DANE-EE(3) is numerically
  352. * largest, this is accomplished via descending sort by "usage".
  353. *
  354. * We also sort in descending order by matching ordinal to simplify
  355. * the implementation of digest agility in the verification code.
  356. *
  357. * The choice of order for the selector is not significant, so we
  358. * use the same descending order for consistency.
  359. */
  360. num = sk_danetls_record_num(dane->trecs);
  361. for (i = 0; i < num; ++i) {
  362. danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
  363. if (rec->usage > usage)
  364. continue;
  365. if (rec->usage < usage)
  366. break;
  367. if (rec->selector > selector)
  368. continue;
  369. if (rec->selector < selector)
  370. break;
  371. if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
  372. continue;
  373. break;
  374. }
  375. if (!sk_danetls_record_insert(dane->trecs, t, i)) {
  376. tlsa_free(t);
  377. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  378. return -1;
  379. }
  380. dane->umask |= DANETLS_USAGE_BIT(usage);
  381. return 1;
  382. }
  383. /*
  384. * Return 0 if there is only one version configured and it was disabled
  385. * at configure time. Return 1 otherwise.
  386. */
  387. static int ssl_check_allowed_versions(int min_version, int max_version)
  388. {
  389. int minisdtls = 0, maxisdtls = 0;
  390. /* Figure out if we're doing DTLS versions or TLS versions */
  391. if (min_version == DTLS1_BAD_VER
  392. || min_version >> 8 == DTLS1_VERSION_MAJOR)
  393. minisdtls = 1;
  394. if (max_version == DTLS1_BAD_VER
  395. || max_version >> 8 == DTLS1_VERSION_MAJOR)
  396. maxisdtls = 1;
  397. /* A wildcard version of 0 could be DTLS or TLS. */
  398. if ((minisdtls && !maxisdtls && max_version != 0)
  399. || (maxisdtls && !minisdtls && min_version != 0)) {
  400. /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
  401. return 0;
  402. }
  403. if (minisdtls || maxisdtls) {
  404. /* Do DTLS version checks. */
  405. if (min_version == 0)
  406. /* Ignore DTLS1_BAD_VER */
  407. min_version = DTLS1_VERSION;
  408. if (max_version == 0)
  409. max_version = DTLS1_3_VERSION;
  410. #ifdef OPENSSL_NO_DTLS1_2
  411. if (max_version == DTLS1_2_VERSION)
  412. max_version = DTLS1_VERSION;
  413. #endif
  414. #ifdef OPENSSL_NO_DTLS1
  415. if (min_version == DTLS1_VERSION)
  416. min_version = DTLS1_2_VERSION;
  417. #endif
  418. /* Done massaging versions; do the check. */
  419. if (0
  420. #ifdef OPENSSL_NO_DTLS1
  421. || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
  422. && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
  423. #endif
  424. #ifdef OPENSSL_NO_DTLS1_2
  425. || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
  426. && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
  427. #endif
  428. )
  429. return 0;
  430. } else {
  431. /* Regular TLS version checks. */
  432. if (min_version == 0)
  433. min_version = SSL3_VERSION;
  434. if (max_version == 0)
  435. max_version = TLS1_3_VERSION;
  436. #ifdef OPENSSL_NO_TLS1_3
  437. if (max_version == TLS1_3_VERSION)
  438. max_version = TLS1_2_VERSION;
  439. #endif
  440. #ifdef OPENSSL_NO_TLS1_2
  441. if (max_version == TLS1_2_VERSION)
  442. max_version = TLS1_1_VERSION;
  443. #endif
  444. #ifdef OPENSSL_NO_TLS1_1
  445. if (max_version == TLS1_1_VERSION)
  446. max_version = TLS1_VERSION;
  447. #endif
  448. #ifdef OPENSSL_NO_TLS1
  449. if (max_version == TLS1_VERSION)
  450. max_version = SSL3_VERSION;
  451. #endif
  452. #ifdef OPENSSL_NO_SSL3
  453. if (min_version == SSL3_VERSION)
  454. min_version = TLS1_VERSION;
  455. #endif
  456. #ifdef OPENSSL_NO_TLS1
  457. if (min_version == TLS1_VERSION)
  458. min_version = TLS1_1_VERSION;
  459. #endif
  460. #ifdef OPENSSL_NO_TLS1_1
  461. if (min_version == TLS1_1_VERSION)
  462. min_version = TLS1_2_VERSION;
  463. #endif
  464. #ifdef OPENSSL_NO_TLS1_2
  465. if (min_version == TLS1_2_VERSION)
  466. min_version = TLS1_3_VERSION;
  467. #endif
  468. /* Done massaging versions; do the check. */
  469. if (0
  470. #ifdef OPENSSL_NO_SSL3
  471. || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
  472. #endif
  473. #ifdef OPENSSL_NO_TLS1
  474. || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
  475. #endif
  476. #ifdef OPENSSL_NO_TLS1_1
  477. || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
  478. #endif
  479. #ifdef OPENSSL_NO_TLS1_2
  480. || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
  481. #endif
  482. #ifdef OPENSSL_NO_TLS1_3
  483. || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
  484. #endif
  485. )
  486. return 0;
  487. }
  488. return 1;
  489. }
  490. #if defined(__TANDEM) && defined(OPENSSL_VPROC)
  491. /*
  492. * Define a VPROC function for HP NonStop build ssl library.
  493. * This is used by platform version identification tools.
  494. * Do not inline this procedure or make it static.
  495. */
  496. # define OPENSSL_VPROC_STRING_(x) x##_SSL
  497. # define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x)
  498. # define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC)
  499. void OPENSSL_VPROC_FUNC(void) {}
  500. #endif
  501. int SSL_clear(SSL *s)
  502. {
  503. if (s->method == NULL) {
  504. ERR_raise(ERR_LIB_SSL, SSL_R_NO_METHOD_SPECIFIED);
  505. return 0;
  506. }
  507. return s->method->ssl_reset(s);
  508. }
  509. int ossl_ssl_connection_reset(SSL *s)
  510. {
  511. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  512. if (sc == NULL)
  513. return 0;
  514. if (ssl_clear_bad_session(sc)) {
  515. SSL_SESSION_free(sc->session);
  516. sc->session = NULL;
  517. }
  518. SSL_SESSION_free(sc->psksession);
  519. sc->psksession = NULL;
  520. OPENSSL_free(sc->psksession_id);
  521. sc->psksession_id = NULL;
  522. sc->psksession_id_len = 0;
  523. sc->hello_retry_request = SSL_HRR_NONE;
  524. sc->sent_tickets = 0;
  525. sc->error = 0;
  526. sc->hit = 0;
  527. sc->shutdown = 0;
  528. if (sc->renegotiate) {
  529. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  530. return 0;
  531. }
  532. ossl_statem_clear(sc);
  533. sc->version = s->method->version;
  534. sc->client_version = sc->version;
  535. sc->rwstate = SSL_NOTHING;
  536. BUF_MEM_free(sc->init_buf);
  537. sc->init_buf = NULL;
  538. sc->first_packet = 0;
  539. sc->key_update = SSL_KEY_UPDATE_NONE;
  540. memset(sc->ext.compress_certificate_from_peer, 0,
  541. sizeof(sc->ext.compress_certificate_from_peer));
  542. sc->ext.compress_certificate_sent = 0;
  543. EVP_MD_CTX_free(sc->pha_dgst);
  544. sc->pha_dgst = NULL;
  545. /* Reset DANE verification result state */
  546. sc->dane.mdpth = -1;
  547. sc->dane.pdpth = -1;
  548. X509_free(sc->dane.mcert);
  549. sc->dane.mcert = NULL;
  550. sc->dane.mtlsa = NULL;
  551. /* Clear the verification result peername */
  552. X509_VERIFY_PARAM_move_peername(sc->param, NULL);
  553. /* Clear any shared connection state */
  554. OPENSSL_free(sc->shared_sigalgs);
  555. sc->shared_sigalgs = NULL;
  556. sc->shared_sigalgslen = 0;
  557. /*
  558. * Check to see if we were changed into a different method, if so, revert
  559. * back.
  560. */
  561. if (s->method != s->defltmeth) {
  562. s->method->ssl_deinit(s);
  563. s->method = s->defltmeth;
  564. if (!s->method->ssl_init(s))
  565. return 0;
  566. } else {
  567. if (!s->method->ssl_clear(s))
  568. return 0;
  569. }
  570. if (!RECORD_LAYER_reset(&sc->rlayer))
  571. return 0;
  572. return 1;
  573. }
  574. #ifndef OPENSSL_NO_DEPRECATED_3_0
  575. /** Used to change an SSL_CTXs default SSL method type */
  576. int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
  577. {
  578. STACK_OF(SSL_CIPHER) *sk;
  579. if (IS_QUIC_CTX(ctx)) {
  580. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  581. return 0;
  582. }
  583. ctx->method = meth;
  584. if (!SSL_CTX_set_ciphersuites(ctx, OSSL_default_ciphersuites())) {
  585. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
  586. return 0;
  587. }
  588. sk = ssl_create_cipher_list(ctx,
  589. ctx->tls13_ciphersuites,
  590. &(ctx->cipher_list),
  591. &(ctx->cipher_list_by_id),
  592. OSSL_default_cipher_list(), ctx->cert);
  593. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
  594. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
  595. return 0;
  596. }
  597. return 1;
  598. }
  599. #endif
  600. SSL *SSL_new(SSL_CTX *ctx)
  601. {
  602. if (ctx == NULL) {
  603. ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_CTX);
  604. return NULL;
  605. }
  606. if (ctx->method == NULL) {
  607. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
  608. return NULL;
  609. }
  610. return ctx->method->ssl_new(ctx);
  611. }
  612. int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, const SSL_METHOD *method, int type)
  613. {
  614. ssl->type = type;
  615. ssl->lock = CRYPTO_THREAD_lock_new();
  616. if (ssl->lock == NULL)
  617. return 0;
  618. if (!CRYPTO_NEW_REF(&ssl->references, 1)) {
  619. CRYPTO_THREAD_lock_free(ssl->lock);
  620. return 0;
  621. }
  622. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data)) {
  623. CRYPTO_THREAD_lock_free(ssl->lock);
  624. CRYPTO_FREE_REF(&ssl->references);
  625. ssl->lock = NULL;
  626. return 0;
  627. }
  628. SSL_CTX_up_ref(ctx);
  629. ssl->ctx = ctx;
  630. ssl->defltmeth = ssl->method = method;
  631. return 1;
  632. }
  633. SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method)
  634. {
  635. SSL_CONNECTION *s;
  636. SSL *ssl;
  637. s = OPENSSL_zalloc(sizeof(*s));
  638. if (s == NULL)
  639. return NULL;
  640. ssl = &s->ssl;
  641. if (!ossl_ssl_init(ssl, ctx, method, SSL_TYPE_SSL_CONNECTION)) {
  642. OPENSSL_free(s);
  643. s = NULL;
  644. ssl = NULL;
  645. goto sslerr;
  646. }
  647. RECORD_LAYER_init(&s->rlayer, s);
  648. s->options = ctx->options;
  649. s->dane.flags = ctx->dane.flags;
  650. if (method->version == ctx->method->version) {
  651. s->min_proto_version = ctx->min_proto_version;
  652. s->max_proto_version = ctx->max_proto_version;
  653. }
  654. s->mode = ctx->mode;
  655. s->max_cert_list = ctx->max_cert_list;
  656. s->max_early_data = ctx->max_early_data;
  657. s->recv_max_early_data = ctx->recv_max_early_data;
  658. s->num_tickets = ctx->num_tickets;
  659. s->pha_enabled = ctx->pha_enabled;
  660. /* Shallow copy of the ciphersuites stack */
  661. s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
  662. if (s->tls13_ciphersuites == NULL)
  663. goto cerr;
  664. /*
  665. * Earlier library versions used to copy the pointer to the CERT, not
  666. * its contents; only when setting new parameters for the per-SSL
  667. * copy, ssl_cert_new would be called (and the direct reference to
  668. * the per-SSL_CTX settings would be lost, but those still were
  669. * indirectly accessed for various purposes, and for that reason they
  670. * used to be known as s->ctx->default_cert). Now we don't look at the
  671. * SSL_CTX's CERT after having duplicated it once.
  672. */
  673. s->cert = ssl_cert_dup(ctx->cert);
  674. if (s->cert == NULL)
  675. goto sslerr;
  676. RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
  677. s->msg_callback = ctx->msg_callback;
  678. s->msg_callback_arg = ctx->msg_callback_arg;
  679. s->verify_mode = ctx->verify_mode;
  680. s->not_resumable_session_cb = ctx->not_resumable_session_cb;
  681. s->rlayer.record_padding_cb = ctx->record_padding_cb;
  682. s->rlayer.record_padding_arg = ctx->record_padding_arg;
  683. s->rlayer.block_padding = ctx->block_padding;
  684. s->sid_ctx_length = ctx->sid_ctx_length;
  685. if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
  686. goto err;
  687. memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
  688. s->verify_callback = ctx->default_verify_callback;
  689. s->generate_session_id = ctx->generate_session_id;
  690. s->param = X509_VERIFY_PARAM_new();
  691. if (s->param == NULL)
  692. goto asn1err;
  693. X509_VERIFY_PARAM_inherit(s->param, ctx->param);
  694. s->quiet_shutdown = IS_QUIC_CTX(ctx) ? 0 : ctx->quiet_shutdown;
  695. if (!IS_QUIC_CTX(ctx))
  696. s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
  697. s->max_send_fragment = ctx->max_send_fragment;
  698. s->split_send_fragment = ctx->split_send_fragment;
  699. s->max_pipelines = ctx->max_pipelines;
  700. s->rlayer.default_read_buf_len = ctx->default_read_buf_len;
  701. s->ext.debug_cb = 0;
  702. s->ext.debug_arg = NULL;
  703. s->ext.ticket_expected = 0;
  704. s->ext.status_type = ctx->ext.status_type;
  705. s->ext.status_expected = 0;
  706. s->ext.ocsp.ids = NULL;
  707. s->ext.ocsp.exts = NULL;
  708. s->ext.ocsp.resp = NULL;
  709. s->ext.ocsp.resp_len = 0;
  710. SSL_CTX_up_ref(ctx);
  711. s->session_ctx = ctx;
  712. if (ctx->ext.ecpointformats) {
  713. s->ext.ecpointformats =
  714. OPENSSL_memdup(ctx->ext.ecpointformats,
  715. ctx->ext.ecpointformats_len);
  716. if (!s->ext.ecpointformats) {
  717. s->ext.ecpointformats_len = 0;
  718. goto err;
  719. }
  720. s->ext.ecpointformats_len =
  721. ctx->ext.ecpointformats_len;
  722. }
  723. if (ctx->ext.supportedgroups) {
  724. s->ext.supportedgroups =
  725. OPENSSL_memdup(ctx->ext.supportedgroups,
  726. ctx->ext.supportedgroups_len
  727. * sizeof(*ctx->ext.supportedgroups));
  728. if (!s->ext.supportedgroups) {
  729. s->ext.supportedgroups_len = 0;
  730. goto err;
  731. }
  732. s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
  733. }
  734. #ifndef OPENSSL_NO_NEXTPROTONEG
  735. s->ext.npn = NULL;
  736. #endif
  737. if (ctx->ext.alpn != NULL) {
  738. s->ext.alpn = OPENSSL_malloc(ctx->ext.alpn_len);
  739. if (s->ext.alpn == NULL) {
  740. s->ext.alpn_len = 0;
  741. goto err;
  742. }
  743. memcpy(s->ext.alpn, ctx->ext.alpn, ctx->ext.alpn_len);
  744. s->ext.alpn_len = ctx->ext.alpn_len;
  745. }
  746. s->verified_chain = NULL;
  747. s->verify_result = X509_V_OK;
  748. s->default_passwd_callback = ctx->default_passwd_callback;
  749. s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
  750. s->key_update = SSL_KEY_UPDATE_NONE;
  751. if (!IS_QUIC_CTX(ctx)) {
  752. s->allow_early_data_cb = ctx->allow_early_data_cb;
  753. s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
  754. }
  755. if (!method->ssl_init(ssl))
  756. goto sslerr;
  757. s->server = (method->ssl_accept == ssl_undefined_function) ? 0 : 1;
  758. if (!method->ssl_reset(ssl))
  759. goto sslerr;
  760. #ifndef OPENSSL_NO_PSK
  761. s->psk_client_callback = ctx->psk_client_callback;
  762. s->psk_server_callback = ctx->psk_server_callback;
  763. #endif
  764. s->psk_find_session_cb = ctx->psk_find_session_cb;
  765. s->psk_use_session_cb = ctx->psk_use_session_cb;
  766. s->async_cb = ctx->async_cb;
  767. s->async_cb_arg = ctx->async_cb_arg;
  768. s->job = NULL;
  769. #ifndef OPENSSL_NO_COMP_ALG
  770. memcpy(s->cert_comp_prefs, ctx->cert_comp_prefs, sizeof(s->cert_comp_prefs));
  771. #endif
  772. if (ctx->client_cert_type != NULL) {
  773. s->client_cert_type = OPENSSL_memdup(ctx->client_cert_type,
  774. ctx->client_cert_type_len);
  775. if (s->client_cert_type == NULL)
  776. goto sslerr;
  777. s->client_cert_type_len = ctx->client_cert_type_len;
  778. }
  779. if (ctx->server_cert_type != NULL) {
  780. s->server_cert_type = OPENSSL_memdup(ctx->server_cert_type,
  781. ctx->server_cert_type_len);
  782. if (s->server_cert_type == NULL)
  783. goto sslerr;
  784. s->server_cert_type_len = ctx->server_cert_type_len;
  785. }
  786. #ifndef OPENSSL_NO_CT
  787. if (!SSL_set_ct_validation_callback(ssl, ctx->ct_validation_callback,
  788. ctx->ct_validation_callback_arg))
  789. goto sslerr;
  790. #endif
  791. s->ssl_pkey_num = SSL_PKEY_NUM + ctx->sigalg_list_len;
  792. return ssl;
  793. cerr:
  794. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  795. goto err;
  796. asn1err:
  797. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  798. goto err;
  799. sslerr:
  800. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  801. err:
  802. SSL_free(ssl);
  803. return NULL;
  804. }
  805. SSL *ossl_ssl_connection_new(SSL_CTX *ctx)
  806. {
  807. return ossl_ssl_connection_new_int(ctx, ctx->method);
  808. }
  809. int SSL_is_dtls(const SSL *s)
  810. {
  811. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  812. #ifndef OPENSSL_NO_QUIC
  813. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  814. return 0;
  815. #endif
  816. if (sc == NULL)
  817. return 0;
  818. return SSL_CONNECTION_IS_DTLS(sc) ? 1 : 0;
  819. }
  820. int SSL_is_tls(const SSL *s)
  821. {
  822. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  823. #ifndef OPENSSL_NO_QUIC
  824. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  825. return 0;
  826. #endif
  827. if (sc == NULL)
  828. return 0;
  829. return SSL_CONNECTION_IS_DTLS(sc) ? 0 : 1;
  830. }
  831. int SSL_is_quic(const SSL *s)
  832. {
  833. #ifndef OPENSSL_NO_QUIC
  834. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  835. return 1;
  836. #endif
  837. return 0;
  838. }
  839. int SSL_up_ref(SSL *s)
  840. {
  841. int i;
  842. if (CRYPTO_UP_REF(&s->references, &i) <= 0)
  843. return 0;
  844. REF_PRINT_COUNT("SSL", s);
  845. REF_ASSERT_ISNT(i < 2);
  846. return ((i > 1) ? 1 : 0);
  847. }
  848. int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
  849. unsigned int sid_ctx_len)
  850. {
  851. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  852. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  853. return 0;
  854. }
  855. ctx->sid_ctx_length = sid_ctx_len;
  856. memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
  857. return 1;
  858. }
  859. int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
  860. unsigned int sid_ctx_len)
  861. {
  862. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  863. if (sc == NULL)
  864. return 0;
  865. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  866. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  867. return 0;
  868. }
  869. sc->sid_ctx_length = sid_ctx_len;
  870. memcpy(sc->sid_ctx, sid_ctx, sid_ctx_len);
  871. return 1;
  872. }
  873. int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
  874. {
  875. if (!CRYPTO_THREAD_write_lock(ctx->lock))
  876. return 0;
  877. ctx->generate_session_id = cb;
  878. CRYPTO_THREAD_unlock(ctx->lock);
  879. return 1;
  880. }
  881. int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
  882. {
  883. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  884. if (sc == NULL || !CRYPTO_THREAD_write_lock(ssl->lock))
  885. return 0;
  886. sc->generate_session_id = cb;
  887. CRYPTO_THREAD_unlock(ssl->lock);
  888. return 1;
  889. }
  890. int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
  891. unsigned int id_len)
  892. {
  893. /*
  894. * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
  895. * we can "construct" a session to give us the desired check - i.e. to
  896. * find if there's a session in the hash table that would conflict with
  897. * any new session built out of this id/id_len and the ssl_version in use
  898. * by this SSL.
  899. */
  900. SSL_SESSION r, *p;
  901. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  902. if (sc == NULL || id_len > sizeof(r.session_id))
  903. return 0;
  904. r.ssl_version = sc->version;
  905. r.session_id_length = id_len;
  906. memcpy(r.session_id, id, id_len);
  907. if (!CRYPTO_THREAD_read_lock(sc->session_ctx->lock))
  908. return 0;
  909. p = lh_SSL_SESSION_retrieve(sc->session_ctx->sessions, &r);
  910. CRYPTO_THREAD_unlock(sc->session_ctx->lock);
  911. return (p != NULL);
  912. }
  913. int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
  914. {
  915. return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
  916. }
  917. int SSL_set_purpose(SSL *s, int purpose)
  918. {
  919. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  920. if (sc == NULL)
  921. return 0;
  922. return X509_VERIFY_PARAM_set_purpose(sc->param, purpose);
  923. }
  924. int SSL_CTX_set_trust(SSL_CTX *s, int trust)
  925. {
  926. return X509_VERIFY_PARAM_set_trust(s->param, trust);
  927. }
  928. int SSL_set_trust(SSL *s, int trust)
  929. {
  930. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  931. if (sc == NULL)
  932. return 0;
  933. return X509_VERIFY_PARAM_set_trust(sc->param, trust);
  934. }
  935. int SSL_set1_host(SSL *s, const char *hostname)
  936. {
  937. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  938. if (sc == NULL)
  939. return 0;
  940. /* If a hostname is provided and parses as an IP address,
  941. * treat it as such. */
  942. if (hostname != NULL
  943. && X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname) == 1)
  944. return 1;
  945. return X509_VERIFY_PARAM_set1_host(sc->param, hostname, 0);
  946. }
  947. int SSL_add1_host(SSL *s, const char *hostname)
  948. {
  949. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  950. if (sc == NULL)
  951. return 0;
  952. /* If a hostname is provided and parses as an IP address,
  953. * treat it as such. */
  954. if (hostname)
  955. {
  956. ASN1_OCTET_STRING *ip;
  957. char *old_ip;
  958. ip = a2i_IPADDRESS(hostname);
  959. if (ip) {
  960. /* We didn't want it; only to check if it *is* an IP address */
  961. ASN1_OCTET_STRING_free(ip);
  962. old_ip = X509_VERIFY_PARAM_get1_ip_asc(sc->param);
  963. if (old_ip)
  964. {
  965. OPENSSL_free(old_ip);
  966. /* There can be only one IP address */
  967. return 0;
  968. }
  969. return X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname);
  970. }
  971. }
  972. return X509_VERIFY_PARAM_add1_host(sc->param, hostname, 0);
  973. }
  974. void SSL_set_hostflags(SSL *s, unsigned int flags)
  975. {
  976. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  977. if (sc == NULL)
  978. return;
  979. X509_VERIFY_PARAM_set_hostflags(sc->param, flags);
  980. }
  981. const char *SSL_get0_peername(SSL *s)
  982. {
  983. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  984. if (sc == NULL)
  985. return NULL;
  986. return X509_VERIFY_PARAM_get0_peername(sc->param);
  987. }
  988. int SSL_CTX_dane_enable(SSL_CTX *ctx)
  989. {
  990. return dane_ctx_enable(&ctx->dane);
  991. }
  992. unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
  993. {
  994. unsigned long orig = ctx->dane.flags;
  995. ctx->dane.flags |= flags;
  996. return orig;
  997. }
  998. unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
  999. {
  1000. unsigned long orig = ctx->dane.flags;
  1001. ctx->dane.flags &= ~flags;
  1002. return orig;
  1003. }
  1004. int SSL_dane_enable(SSL *s, const char *basedomain)
  1005. {
  1006. SSL_DANE *dane;
  1007. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1008. if (sc == NULL)
  1009. return 0;
  1010. dane = &sc->dane;
  1011. if (s->ctx->dane.mdmax == 0) {
  1012. ERR_raise(ERR_LIB_SSL, SSL_R_CONTEXT_NOT_DANE_ENABLED);
  1013. return 0;
  1014. }
  1015. if (dane->trecs != NULL) {
  1016. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_ALREADY_ENABLED);
  1017. return 0;
  1018. }
  1019. /*
  1020. * Default SNI name. This rejects empty names, while set1_host below
  1021. * accepts them and disables hostname checks. To avoid side-effects with
  1022. * invalid input, set the SNI name first.
  1023. */
  1024. if (sc->ext.hostname == NULL) {
  1025. if (!SSL_set_tlsext_host_name(s, basedomain)) {
  1026. ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  1027. return -1;
  1028. }
  1029. }
  1030. /* Primary RFC6125 reference identifier */
  1031. if (!X509_VERIFY_PARAM_set1_host(sc->param, basedomain, 0)) {
  1032. ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  1033. return -1;
  1034. }
  1035. dane->mdpth = -1;
  1036. dane->pdpth = -1;
  1037. dane->dctx = &s->ctx->dane;
  1038. dane->trecs = sk_danetls_record_new_null();
  1039. if (dane->trecs == NULL) {
  1040. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  1041. return -1;
  1042. }
  1043. return 1;
  1044. }
  1045. unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
  1046. {
  1047. unsigned long orig;
  1048. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1049. if (sc == NULL)
  1050. return 0;
  1051. orig = sc->dane.flags;
  1052. sc->dane.flags |= flags;
  1053. return orig;
  1054. }
  1055. unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
  1056. {
  1057. unsigned long orig;
  1058. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1059. if (sc == NULL)
  1060. return 0;
  1061. orig = sc->dane.flags;
  1062. sc->dane.flags &= ~flags;
  1063. return orig;
  1064. }
  1065. int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
  1066. {
  1067. SSL_DANE *dane;
  1068. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1069. if (sc == NULL)
  1070. return -1;
  1071. dane = &sc->dane;
  1072. if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK)
  1073. return -1;
  1074. if (dane->mtlsa) {
  1075. if (mcert)
  1076. *mcert = dane->mcert;
  1077. if (mspki)
  1078. *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
  1079. }
  1080. return dane->mdpth;
  1081. }
  1082. int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
  1083. uint8_t *mtype, const unsigned char **data, size_t *dlen)
  1084. {
  1085. SSL_DANE *dane;
  1086. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1087. if (sc == NULL)
  1088. return -1;
  1089. dane = &sc->dane;
  1090. if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK)
  1091. return -1;
  1092. if (dane->mtlsa) {
  1093. if (usage)
  1094. *usage = dane->mtlsa->usage;
  1095. if (selector)
  1096. *selector = dane->mtlsa->selector;
  1097. if (mtype)
  1098. *mtype = dane->mtlsa->mtype;
  1099. if (data)
  1100. *data = dane->mtlsa->data;
  1101. if (dlen)
  1102. *dlen = dane->mtlsa->dlen;
  1103. }
  1104. return dane->mdpth;
  1105. }
  1106. SSL_DANE *SSL_get0_dane(SSL *s)
  1107. {
  1108. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1109. if (sc == NULL)
  1110. return NULL;
  1111. return &sc->dane;
  1112. }
  1113. int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
  1114. uint8_t mtype, const unsigned char *data, size_t dlen)
  1115. {
  1116. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1117. if (sc == NULL)
  1118. return 0;
  1119. return dane_tlsa_add(&sc->dane, usage, selector, mtype, data, dlen);
  1120. }
  1121. int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
  1122. uint8_t ord)
  1123. {
  1124. return dane_mtype_set(&ctx->dane, md, mtype, ord);
  1125. }
  1126. int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
  1127. {
  1128. return X509_VERIFY_PARAM_set1(ctx->param, vpm);
  1129. }
  1130. int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
  1131. {
  1132. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1133. if (sc == NULL)
  1134. return 0;
  1135. return X509_VERIFY_PARAM_set1(sc->param, vpm);
  1136. }
  1137. X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
  1138. {
  1139. return ctx->param;
  1140. }
  1141. X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
  1142. {
  1143. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1144. if (sc == NULL)
  1145. return NULL;
  1146. return sc->param;
  1147. }
  1148. void SSL_certs_clear(SSL *s)
  1149. {
  1150. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1151. if (sc == NULL)
  1152. return;
  1153. ssl_cert_clear_certs(sc->cert);
  1154. }
  1155. void SSL_free(SSL *s)
  1156. {
  1157. int i;
  1158. if (s == NULL)
  1159. return;
  1160. CRYPTO_DOWN_REF(&s->references, &i);
  1161. REF_PRINT_COUNT("SSL", s);
  1162. if (i > 0)
  1163. return;
  1164. REF_ASSERT_ISNT(i < 0);
  1165. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
  1166. if (s->method != NULL)
  1167. s->method->ssl_free(s);
  1168. SSL_CTX_free(s->ctx);
  1169. CRYPTO_THREAD_lock_free(s->lock);
  1170. CRYPTO_FREE_REF(&s->references);
  1171. OPENSSL_free(s);
  1172. }
  1173. void ossl_ssl_connection_free(SSL *ssl)
  1174. {
  1175. SSL_CONNECTION *s;
  1176. s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  1177. if (s == NULL)
  1178. return;
  1179. X509_VERIFY_PARAM_free(s->param);
  1180. dane_final(&s->dane);
  1181. /* Ignore return value */
  1182. ssl_free_wbio_buffer(s);
  1183. /* Ignore return value */
  1184. RECORD_LAYER_clear(&s->rlayer);
  1185. BUF_MEM_free(s->init_buf);
  1186. /* add extra stuff */
  1187. sk_SSL_CIPHER_free(s->cipher_list);
  1188. sk_SSL_CIPHER_free(s->cipher_list_by_id);
  1189. sk_SSL_CIPHER_free(s->tls13_ciphersuites);
  1190. sk_SSL_CIPHER_free(s->peer_ciphers);
  1191. /* Make the next call work :-) */
  1192. if (s->session != NULL) {
  1193. ssl_clear_bad_session(s);
  1194. SSL_SESSION_free(s->session);
  1195. }
  1196. SSL_SESSION_free(s->psksession);
  1197. OPENSSL_free(s->psksession_id);
  1198. ssl_cert_free(s->cert);
  1199. OPENSSL_free(s->shared_sigalgs);
  1200. /* Free up if allocated */
  1201. OPENSSL_free(s->ext.hostname);
  1202. SSL_CTX_free(s->session_ctx);
  1203. OPENSSL_free(s->ext.ecpointformats);
  1204. OPENSSL_free(s->ext.peer_ecpointformats);
  1205. OPENSSL_free(s->ext.supportedgroups);
  1206. OPENSSL_free(s->ext.peer_supportedgroups);
  1207. sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
  1208. #ifndef OPENSSL_NO_OCSP
  1209. sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
  1210. #endif
  1211. #ifndef OPENSSL_NO_CT
  1212. SCT_LIST_free(s->scts);
  1213. OPENSSL_free(s->ext.scts);
  1214. #endif
  1215. OPENSSL_free(s->ext.ocsp.resp);
  1216. OPENSSL_free(s->ext.alpn);
  1217. OPENSSL_free(s->ext.tls13_cookie);
  1218. if (s->clienthello != NULL)
  1219. OPENSSL_free(s->clienthello->pre_proc_exts);
  1220. OPENSSL_free(s->clienthello);
  1221. OPENSSL_free(s->pha_context);
  1222. EVP_MD_CTX_free(s->pha_dgst);
  1223. sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
  1224. sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
  1225. OPENSSL_free(s->client_cert_type);
  1226. OPENSSL_free(s->server_cert_type);
  1227. OSSL_STACK_OF_X509_free(s->verified_chain);
  1228. if (ssl->method != NULL)
  1229. ssl->method->ssl_deinit(ssl);
  1230. ASYNC_WAIT_CTX_free(s->waitctx);
  1231. #if !defined(OPENSSL_NO_NEXTPROTONEG)
  1232. OPENSSL_free(s->ext.npn);
  1233. #endif
  1234. #ifndef OPENSSL_NO_SRTP
  1235. sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
  1236. #endif
  1237. /*
  1238. * We do this late. We want to ensure that any other references we held to
  1239. * these BIOs are freed first *before* we call BIO_free_all(), because
  1240. * BIO_free_all() will only free each BIO in the chain if the number of
  1241. * references to the first BIO have dropped to 0
  1242. */
  1243. BIO_free_all(s->wbio);
  1244. s->wbio = NULL;
  1245. BIO_free_all(s->rbio);
  1246. s->rbio = NULL;
  1247. OPENSSL_free(s->s3.tmp.valid_flags);
  1248. }
  1249. void SSL_set0_rbio(SSL *s, BIO *rbio)
  1250. {
  1251. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1252. #ifndef OPENSSL_NO_QUIC
  1253. if (IS_QUIC(s)) {
  1254. ossl_quic_conn_set0_net_rbio(s, rbio);
  1255. return;
  1256. }
  1257. #endif
  1258. if (sc == NULL)
  1259. return;
  1260. BIO_free_all(sc->rbio);
  1261. sc->rbio = rbio;
  1262. sc->rlayer.rrlmethod->set1_bio(sc->rlayer.rrl, sc->rbio);
  1263. }
  1264. void SSL_set0_wbio(SSL *s, BIO *wbio)
  1265. {
  1266. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1267. #ifndef OPENSSL_NO_QUIC
  1268. if (IS_QUIC(s)) {
  1269. ossl_quic_conn_set0_net_wbio(s, wbio);
  1270. return;
  1271. }
  1272. #endif
  1273. if (sc == NULL)
  1274. return;
  1275. /*
  1276. * If the output buffering BIO is still in place, remove it
  1277. */
  1278. if (sc->bbio != NULL)
  1279. sc->wbio = BIO_pop(sc->wbio);
  1280. BIO_free_all(sc->wbio);
  1281. sc->wbio = wbio;
  1282. /* Re-attach |bbio| to the new |wbio|. */
  1283. if (sc->bbio != NULL)
  1284. sc->wbio = BIO_push(sc->bbio, sc->wbio);
  1285. sc->rlayer.wrlmethod->set1_bio(sc->rlayer.wrl, sc->wbio);
  1286. }
  1287. void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
  1288. {
  1289. /*
  1290. * For historical reasons, this function has many different cases in
  1291. * ownership handling.
  1292. */
  1293. /* If nothing has changed, do nothing */
  1294. if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
  1295. return;
  1296. /*
  1297. * If the two arguments are equal then one fewer reference is granted by the
  1298. * caller than we want to take
  1299. */
  1300. if (rbio != NULL && rbio == wbio)
  1301. BIO_up_ref(rbio);
  1302. /*
  1303. * If only the wbio is changed only adopt one reference.
  1304. */
  1305. if (rbio == SSL_get_rbio(s)) {
  1306. SSL_set0_wbio(s, wbio);
  1307. return;
  1308. }
  1309. /*
  1310. * There is an asymmetry here for historical reasons. If only the rbio is
  1311. * changed AND the rbio and wbio were originally different, then we only
  1312. * adopt one reference.
  1313. */
  1314. if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
  1315. SSL_set0_rbio(s, rbio);
  1316. return;
  1317. }
  1318. /* Otherwise, adopt both references. */
  1319. SSL_set0_rbio(s, rbio);
  1320. SSL_set0_wbio(s, wbio);
  1321. }
  1322. BIO *SSL_get_rbio(const SSL *s)
  1323. {
  1324. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1325. #ifndef OPENSSL_NO_QUIC
  1326. if (IS_QUIC(s))
  1327. return ossl_quic_conn_get_net_rbio(s);
  1328. #endif
  1329. if (sc == NULL)
  1330. return NULL;
  1331. return sc->rbio;
  1332. }
  1333. BIO *SSL_get_wbio(const SSL *s)
  1334. {
  1335. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1336. #ifndef OPENSSL_NO_QUIC
  1337. if (IS_QUIC(s))
  1338. return ossl_quic_conn_get_net_wbio(s);
  1339. #endif
  1340. if (sc == NULL)
  1341. return NULL;
  1342. if (sc->bbio != NULL) {
  1343. /*
  1344. * If |bbio| is active, the true caller-configured BIO is its
  1345. * |next_bio|.
  1346. */
  1347. return BIO_next(sc->bbio);
  1348. }
  1349. return sc->wbio;
  1350. }
  1351. int SSL_get_fd(const SSL *s)
  1352. {
  1353. return SSL_get_rfd(s);
  1354. }
  1355. int SSL_get_rfd(const SSL *s)
  1356. {
  1357. int ret = -1;
  1358. BIO *b, *r;
  1359. b = SSL_get_rbio(s);
  1360. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1361. if (r != NULL)
  1362. BIO_get_fd(r, &ret);
  1363. return ret;
  1364. }
  1365. int SSL_get_wfd(const SSL *s)
  1366. {
  1367. int ret = -1;
  1368. BIO *b, *r;
  1369. b = SSL_get_wbio(s);
  1370. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1371. if (r != NULL)
  1372. BIO_get_fd(r, &ret);
  1373. return ret;
  1374. }
  1375. #ifndef OPENSSL_NO_SOCK
  1376. static const BIO_METHOD *fd_method(SSL *s)
  1377. {
  1378. #ifndef OPENSSL_NO_DGRAM
  1379. if (IS_QUIC(s))
  1380. return BIO_s_datagram();
  1381. #endif
  1382. return BIO_s_socket();
  1383. }
  1384. int SSL_set_fd(SSL *s, int fd)
  1385. {
  1386. int ret = 0;
  1387. BIO *bio = NULL;
  1388. if (s->type == SSL_TYPE_QUIC_XSO) {
  1389. ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
  1390. goto err;
  1391. }
  1392. bio = BIO_new(fd_method(s));
  1393. if (bio == NULL) {
  1394. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  1395. goto err;
  1396. }
  1397. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1398. SSL_set_bio(s, bio, bio);
  1399. #ifndef OPENSSL_NO_KTLS
  1400. /*
  1401. * The new socket is created successfully regardless of ktls_enable.
  1402. * ktls_enable doesn't change any functionality of the socket, except
  1403. * changing the setsockopt to enable the processing of ktls_start.
  1404. * Thus, it is not a problem to call it for non-TLS sockets.
  1405. */
  1406. ktls_enable(fd);
  1407. #endif /* OPENSSL_NO_KTLS */
  1408. ret = 1;
  1409. err:
  1410. return ret;
  1411. }
  1412. int SSL_set_wfd(SSL *s, int fd)
  1413. {
  1414. BIO *rbio = SSL_get_rbio(s);
  1415. int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
  1416. if (s->type == SSL_TYPE_QUIC_XSO) {
  1417. ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
  1418. return 0;
  1419. }
  1420. if (rbio == NULL || BIO_method_type(rbio) != desired_type
  1421. || (int)BIO_get_fd(rbio, NULL) != fd) {
  1422. BIO *bio = BIO_new(fd_method(s));
  1423. if (bio == NULL) {
  1424. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  1425. return 0;
  1426. }
  1427. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1428. SSL_set0_wbio(s, bio);
  1429. #ifndef OPENSSL_NO_KTLS
  1430. /*
  1431. * The new socket is created successfully regardless of ktls_enable.
  1432. * ktls_enable doesn't change any functionality of the socket, except
  1433. * changing the setsockopt to enable the processing of ktls_start.
  1434. * Thus, it is not a problem to call it for non-TLS sockets.
  1435. */
  1436. ktls_enable(fd);
  1437. #endif /* OPENSSL_NO_KTLS */
  1438. } else {
  1439. BIO_up_ref(rbio);
  1440. SSL_set0_wbio(s, rbio);
  1441. }
  1442. return 1;
  1443. }
  1444. int SSL_set_rfd(SSL *s, int fd)
  1445. {
  1446. BIO *wbio = SSL_get_wbio(s);
  1447. int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
  1448. if (s->type == SSL_TYPE_QUIC_XSO) {
  1449. ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
  1450. return 0;
  1451. }
  1452. if (wbio == NULL || BIO_method_type(wbio) != desired_type
  1453. || ((int)BIO_get_fd(wbio, NULL) != fd)) {
  1454. BIO *bio = BIO_new(fd_method(s));
  1455. if (bio == NULL) {
  1456. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  1457. return 0;
  1458. }
  1459. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1460. SSL_set0_rbio(s, bio);
  1461. } else {
  1462. BIO_up_ref(wbio);
  1463. SSL_set0_rbio(s, wbio);
  1464. }
  1465. return 1;
  1466. }
  1467. #endif
  1468. /* return length of latest Finished message we sent, copy to 'buf' */
  1469. size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
  1470. {
  1471. size_t ret = 0;
  1472. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1473. if (sc == NULL)
  1474. return 0;
  1475. ret = sc->s3.tmp.finish_md_len;
  1476. if (count > ret)
  1477. count = ret;
  1478. memcpy(buf, sc->s3.tmp.finish_md, count);
  1479. return ret;
  1480. }
  1481. /* return length of latest Finished message we expected, copy to 'buf' */
  1482. size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
  1483. {
  1484. size_t ret = 0;
  1485. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1486. if (sc == NULL)
  1487. return 0;
  1488. ret = sc->s3.tmp.peer_finish_md_len;
  1489. if (count > ret)
  1490. count = ret;
  1491. memcpy(buf, sc->s3.tmp.peer_finish_md, count);
  1492. return ret;
  1493. }
  1494. int SSL_get_verify_mode(const SSL *s)
  1495. {
  1496. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1497. if (sc == NULL)
  1498. return 0;
  1499. return sc->verify_mode;
  1500. }
  1501. int SSL_get_verify_depth(const SSL *s)
  1502. {
  1503. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1504. if (sc == NULL)
  1505. return 0;
  1506. return X509_VERIFY_PARAM_get_depth(sc->param);
  1507. }
  1508. int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
  1509. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1510. if (sc == NULL)
  1511. return NULL;
  1512. return sc->verify_callback;
  1513. }
  1514. int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
  1515. {
  1516. return ctx->verify_mode;
  1517. }
  1518. int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
  1519. {
  1520. return X509_VERIFY_PARAM_get_depth(ctx->param);
  1521. }
  1522. int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
  1523. return ctx->default_verify_callback;
  1524. }
  1525. void SSL_set_verify(SSL *s, int mode,
  1526. int (*callback) (int ok, X509_STORE_CTX *ctx))
  1527. {
  1528. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1529. if (sc == NULL)
  1530. return;
  1531. sc->verify_mode = mode;
  1532. if (callback != NULL)
  1533. sc->verify_callback = callback;
  1534. }
  1535. void SSL_set_verify_depth(SSL *s, int depth)
  1536. {
  1537. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1538. if (sc == NULL)
  1539. return;
  1540. X509_VERIFY_PARAM_set_depth(sc->param, depth);
  1541. }
  1542. void SSL_set_read_ahead(SSL *s, int yes)
  1543. {
  1544. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  1545. OSSL_PARAM options[2], *opts = options;
  1546. if (sc == NULL)
  1547. return;
  1548. RECORD_LAYER_set_read_ahead(&sc->rlayer, yes);
  1549. *opts++ = OSSL_PARAM_construct_int(OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD,
  1550. &sc->rlayer.read_ahead);
  1551. *opts = OSSL_PARAM_construct_end();
  1552. /* Ignore return value */
  1553. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  1554. }
  1555. int SSL_get_read_ahead(const SSL *s)
  1556. {
  1557. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  1558. if (sc == NULL)
  1559. return 0;
  1560. return RECORD_LAYER_get_read_ahead(&sc->rlayer);
  1561. }
  1562. int SSL_pending(const SSL *s)
  1563. {
  1564. size_t pending = s->method->ssl_pending(s);
  1565. /*
  1566. * SSL_pending cannot work properly if read-ahead is enabled
  1567. * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
  1568. * impossible to fix since SSL_pending cannot report errors that may be
  1569. * observed while scanning the new data. (Note that SSL_pending() is
  1570. * often used as a boolean value, so we'd better not return -1.)
  1571. *
  1572. * SSL_pending also cannot work properly if the value >INT_MAX. In that case
  1573. * we just return INT_MAX.
  1574. */
  1575. return pending < INT_MAX ? (int)pending : INT_MAX;
  1576. }
  1577. int SSL_has_pending(const SSL *s)
  1578. {
  1579. /*
  1580. * Similar to SSL_pending() but returns a 1 to indicate that we have
  1581. * processed or unprocessed data available or 0 otherwise (as opposed to the
  1582. * number of bytes available). Unlike SSL_pending() this will take into
  1583. * account read_ahead data. A 1 return simply indicates that we have data.
  1584. * That data may not result in any application data, or we may fail to parse
  1585. * the records for some reason.
  1586. */
  1587. const SSL_CONNECTION *sc;
  1588. #ifndef OPENSSL_NO_QUIC
  1589. if (IS_QUIC(s))
  1590. return ossl_quic_has_pending(s);
  1591. #endif
  1592. sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1593. /* Check buffered app data if any first */
  1594. if (SSL_CONNECTION_IS_DTLS(sc)) {
  1595. TLS_RECORD *rdata;
  1596. pitem *item, *iter;
  1597. iter = pqueue_iterator(sc->rlayer.d->buffered_app_data);
  1598. while ((item = pqueue_next(&iter)) != NULL) {
  1599. rdata = item->data;
  1600. if (rdata->length > 0)
  1601. return 1;
  1602. }
  1603. }
  1604. if (RECORD_LAYER_processed_read_pending(&sc->rlayer))
  1605. return 1;
  1606. return RECORD_LAYER_read_pending(&sc->rlayer);
  1607. }
  1608. X509 *SSL_get1_peer_certificate(const SSL *s)
  1609. {
  1610. X509 *r = SSL_get0_peer_certificate(s);
  1611. if (r != NULL)
  1612. X509_up_ref(r);
  1613. return r;
  1614. }
  1615. X509 *SSL_get0_peer_certificate(const SSL *s)
  1616. {
  1617. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1618. if (sc == NULL)
  1619. return NULL;
  1620. if (sc->session == NULL)
  1621. return NULL;
  1622. else
  1623. return sc->session->peer;
  1624. }
  1625. STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
  1626. {
  1627. STACK_OF(X509) *r;
  1628. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1629. if (sc == NULL)
  1630. return NULL;
  1631. if (sc->session == NULL)
  1632. r = NULL;
  1633. else
  1634. r = sc->session->peer_chain;
  1635. /*
  1636. * If we are a client, cert_chain includes the peer's own certificate; if
  1637. * we are a server, it does not.
  1638. */
  1639. return r;
  1640. }
  1641. /*
  1642. * Now in theory, since the calling process own 't' it should be safe to
  1643. * modify. We need to be able to read f without being hassled
  1644. */
  1645. int SSL_copy_session_id(SSL *t, const SSL *f)
  1646. {
  1647. int i;
  1648. /* TODO(QUIC FUTURE): Not allowed for QUIC currently. */
  1649. SSL_CONNECTION *tsc = SSL_CONNECTION_FROM_SSL_ONLY(t);
  1650. const SSL_CONNECTION *fsc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(f);
  1651. if (tsc == NULL || fsc == NULL)
  1652. return 0;
  1653. /* Do we need to do SSL locking? */
  1654. if (!SSL_set_session(t, SSL_get_session(f))) {
  1655. return 0;
  1656. }
  1657. /*
  1658. * what if we are setup for one protocol version but want to talk another
  1659. */
  1660. if (t->method != f->method) {
  1661. t->method->ssl_deinit(t);
  1662. t->method = f->method;
  1663. if (t->method->ssl_init(t) == 0)
  1664. return 0;
  1665. }
  1666. CRYPTO_UP_REF(&fsc->cert->references, &i);
  1667. ssl_cert_free(tsc->cert);
  1668. tsc->cert = fsc->cert;
  1669. if (!SSL_set_session_id_context(t, fsc->sid_ctx, (int)fsc->sid_ctx_length)) {
  1670. return 0;
  1671. }
  1672. return 1;
  1673. }
  1674. /* Fix this so it checks all the valid key/cert options */
  1675. int SSL_CTX_check_private_key(const SSL_CTX *ctx)
  1676. {
  1677. if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
  1678. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1679. return 0;
  1680. }
  1681. if (ctx->cert->key->privatekey == NULL) {
  1682. ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1683. return 0;
  1684. }
  1685. return X509_check_private_key
  1686. (ctx->cert->key->x509, ctx->cert->key->privatekey);
  1687. }
  1688. /* Fix this function so that it takes an optional type parameter */
  1689. int SSL_check_private_key(const SSL *ssl)
  1690. {
  1691. const SSL_CONNECTION *sc;
  1692. if ((sc = SSL_CONNECTION_FROM_CONST_SSL(ssl)) == NULL) {
  1693. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  1694. return 0;
  1695. }
  1696. if (sc->cert->key->x509 == NULL) {
  1697. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1698. return 0;
  1699. }
  1700. if (sc->cert->key->privatekey == NULL) {
  1701. ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1702. return 0;
  1703. }
  1704. return X509_check_private_key(sc->cert->key->x509,
  1705. sc->cert->key->privatekey);
  1706. }
  1707. int SSL_waiting_for_async(SSL *s)
  1708. {
  1709. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1710. if (sc == NULL)
  1711. return 0;
  1712. if (sc->job)
  1713. return 1;
  1714. return 0;
  1715. }
  1716. int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
  1717. {
  1718. ASYNC_WAIT_CTX *ctx;
  1719. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1720. if (sc == NULL)
  1721. return 0;
  1722. if ((ctx = sc->waitctx) == NULL)
  1723. return 0;
  1724. return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
  1725. }
  1726. int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
  1727. OSSL_ASYNC_FD *delfd, size_t *numdelfds)
  1728. {
  1729. ASYNC_WAIT_CTX *ctx;
  1730. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1731. if (sc == NULL)
  1732. return 0;
  1733. if ((ctx = sc->waitctx) == NULL)
  1734. return 0;
  1735. return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
  1736. numdelfds);
  1737. }
  1738. int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback)
  1739. {
  1740. ctx->async_cb = callback;
  1741. return 1;
  1742. }
  1743. int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg)
  1744. {
  1745. ctx->async_cb_arg = arg;
  1746. return 1;
  1747. }
  1748. int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback)
  1749. {
  1750. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1751. if (sc == NULL)
  1752. return 0;
  1753. sc->async_cb = callback;
  1754. return 1;
  1755. }
  1756. int SSL_set_async_callback_arg(SSL *s, void *arg)
  1757. {
  1758. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1759. if (sc == NULL)
  1760. return 0;
  1761. sc->async_cb_arg = arg;
  1762. return 1;
  1763. }
  1764. int SSL_get_async_status(SSL *s, int *status)
  1765. {
  1766. ASYNC_WAIT_CTX *ctx;
  1767. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1768. if (sc == NULL)
  1769. return 0;
  1770. if ((ctx = sc->waitctx) == NULL)
  1771. return 0;
  1772. *status = ASYNC_WAIT_CTX_get_status(ctx);
  1773. return 1;
  1774. }
  1775. int SSL_accept(SSL *s)
  1776. {
  1777. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1778. #ifndef OPENSSL_NO_QUIC
  1779. if (IS_QUIC(s))
  1780. return s->method->ssl_accept(s);
  1781. #endif
  1782. if (sc == NULL)
  1783. return 0;
  1784. if (sc->handshake_func == NULL) {
  1785. /* Not properly initialized yet */
  1786. SSL_set_accept_state(s);
  1787. }
  1788. return SSL_do_handshake(s);
  1789. }
  1790. int SSL_connect(SSL *s)
  1791. {
  1792. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1793. #ifndef OPENSSL_NO_QUIC
  1794. if (IS_QUIC(s))
  1795. return s->method->ssl_connect(s);
  1796. #endif
  1797. if (sc == NULL)
  1798. return 0;
  1799. if (sc->handshake_func == NULL) {
  1800. /* Not properly initialized yet */
  1801. SSL_set_connect_state(s);
  1802. }
  1803. return SSL_do_handshake(s);
  1804. }
  1805. long SSL_get_default_timeout(const SSL *s)
  1806. {
  1807. return (long int)ossl_time2seconds(s->method->get_timeout());
  1808. }
  1809. static int ssl_async_wait_ctx_cb(void *arg)
  1810. {
  1811. SSL *s = (SSL *)arg;
  1812. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1813. if (sc == NULL)
  1814. return 0;
  1815. return sc->async_cb(s, sc->async_cb_arg);
  1816. }
  1817. static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
  1818. int (*func) (void *))
  1819. {
  1820. int ret;
  1821. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1822. if (sc == NULL)
  1823. return 0;
  1824. if (sc->waitctx == NULL) {
  1825. sc->waitctx = ASYNC_WAIT_CTX_new();
  1826. if (sc->waitctx == NULL)
  1827. return -1;
  1828. if (sc->async_cb != NULL
  1829. && !ASYNC_WAIT_CTX_set_callback
  1830. (sc->waitctx, ssl_async_wait_ctx_cb, s))
  1831. return -1;
  1832. }
  1833. sc->rwstate = SSL_NOTHING;
  1834. switch (ASYNC_start_job(&sc->job, sc->waitctx, &ret, func, args,
  1835. sizeof(struct ssl_async_args))) {
  1836. case ASYNC_ERR:
  1837. sc->rwstate = SSL_NOTHING;
  1838. ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_INIT_ASYNC);
  1839. return -1;
  1840. case ASYNC_PAUSE:
  1841. sc->rwstate = SSL_ASYNC_PAUSED;
  1842. return -1;
  1843. case ASYNC_NO_JOBS:
  1844. sc->rwstate = SSL_ASYNC_NO_JOBS;
  1845. return -1;
  1846. case ASYNC_FINISH:
  1847. sc->job = NULL;
  1848. return ret;
  1849. default:
  1850. sc->rwstate = SSL_NOTHING;
  1851. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  1852. /* Shouldn't happen */
  1853. return -1;
  1854. }
  1855. }
  1856. static int ssl_io_intern(void *vargs)
  1857. {
  1858. struct ssl_async_args *args;
  1859. SSL *s;
  1860. void *buf;
  1861. size_t num;
  1862. SSL_CONNECTION *sc;
  1863. args = (struct ssl_async_args *)vargs;
  1864. s = args->s;
  1865. buf = args->buf;
  1866. num = args->num;
  1867. if ((sc = SSL_CONNECTION_FROM_SSL(s)) == NULL)
  1868. return -1;
  1869. switch (args->type) {
  1870. case READFUNC:
  1871. return args->f.func_read(s, buf, num, &sc->asyncrw);
  1872. case WRITEFUNC:
  1873. return args->f.func_write(s, buf, num, &sc->asyncrw);
  1874. case OTHERFUNC:
  1875. return args->f.func_other(s);
  1876. }
  1877. return -1;
  1878. }
  1879. int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  1880. {
  1881. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1882. #ifndef OPENSSL_NO_QUIC
  1883. if (IS_QUIC(s))
  1884. return s->method->ssl_read(s, buf, num, readbytes);
  1885. #endif
  1886. if (sc == NULL)
  1887. return -1;
  1888. if (sc->handshake_func == NULL) {
  1889. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  1890. return -1;
  1891. }
  1892. if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
  1893. sc->rwstate = SSL_NOTHING;
  1894. return 0;
  1895. }
  1896. if (sc->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  1897. || sc->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
  1898. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1899. return 0;
  1900. }
  1901. /*
  1902. * If we are a client and haven't received the ServerHello etc then we
  1903. * better do that
  1904. */
  1905. ossl_statem_check_finish_init(sc, 0);
  1906. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1907. struct ssl_async_args args;
  1908. int ret;
  1909. args.s = s;
  1910. args.buf = buf;
  1911. args.num = num;
  1912. args.type = READFUNC;
  1913. args.f.func_read = s->method->ssl_read;
  1914. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1915. *readbytes = sc->asyncrw;
  1916. return ret;
  1917. } else {
  1918. return s->method->ssl_read(s, buf, num, readbytes);
  1919. }
  1920. }
  1921. int SSL_read(SSL *s, void *buf, int num)
  1922. {
  1923. int ret;
  1924. size_t readbytes;
  1925. if (num < 0) {
  1926. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  1927. return -1;
  1928. }
  1929. ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
  1930. /*
  1931. * The cast is safe here because ret should be <= INT_MAX because num is
  1932. * <= INT_MAX
  1933. */
  1934. if (ret > 0)
  1935. ret = (int)readbytes;
  1936. return ret;
  1937. }
  1938. int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  1939. {
  1940. int ret = ssl_read_internal(s, buf, num, readbytes);
  1941. if (ret < 0)
  1942. ret = 0;
  1943. return ret;
  1944. }
  1945. int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
  1946. {
  1947. int ret;
  1948. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  1949. /* TODO(QUIC 0RTT): 0-RTT support */
  1950. if (sc == NULL || !sc->server) {
  1951. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1952. return SSL_READ_EARLY_DATA_ERROR;
  1953. }
  1954. switch (sc->early_data_state) {
  1955. case SSL_EARLY_DATA_NONE:
  1956. if (!SSL_in_before(s)) {
  1957. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1958. return SSL_READ_EARLY_DATA_ERROR;
  1959. }
  1960. /* fall through */
  1961. case SSL_EARLY_DATA_ACCEPT_RETRY:
  1962. sc->early_data_state = SSL_EARLY_DATA_ACCEPTING;
  1963. ret = SSL_accept(s);
  1964. if (ret <= 0) {
  1965. /* NBIO or error */
  1966. sc->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
  1967. return SSL_READ_EARLY_DATA_ERROR;
  1968. }
  1969. /* fall through */
  1970. case SSL_EARLY_DATA_READ_RETRY:
  1971. if (sc->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
  1972. sc->early_data_state = SSL_EARLY_DATA_READING;
  1973. ret = SSL_read_ex(s, buf, num, readbytes);
  1974. /*
  1975. * State machine will update early_data_state to
  1976. * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
  1977. * message
  1978. */
  1979. if (ret > 0 || (ret <= 0 && sc->early_data_state
  1980. != SSL_EARLY_DATA_FINISHED_READING)) {
  1981. sc->early_data_state = SSL_EARLY_DATA_READ_RETRY;
  1982. return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
  1983. : SSL_READ_EARLY_DATA_ERROR;
  1984. }
  1985. } else {
  1986. sc->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
  1987. }
  1988. *readbytes = 0;
  1989. return SSL_READ_EARLY_DATA_FINISH;
  1990. default:
  1991. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1992. return SSL_READ_EARLY_DATA_ERROR;
  1993. }
  1994. }
  1995. int SSL_get_early_data_status(const SSL *s)
  1996. {
  1997. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  1998. /* TODO(QUIC 0RTT): 0-RTT support */
  1999. if (sc == NULL)
  2000. return 0;
  2001. return sc->ext.early_data;
  2002. }
  2003. static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  2004. {
  2005. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2006. #ifndef OPENSSL_NO_QUIC
  2007. if (IS_QUIC(s))
  2008. return s->method->ssl_peek(s, buf, num, readbytes);
  2009. #endif
  2010. if (sc == NULL)
  2011. return 0;
  2012. if (sc->handshake_func == NULL) {
  2013. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2014. return -1;
  2015. }
  2016. if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
  2017. return 0;
  2018. }
  2019. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  2020. struct ssl_async_args args;
  2021. int ret;
  2022. args.s = s;
  2023. args.buf = buf;
  2024. args.num = num;
  2025. args.type = READFUNC;
  2026. args.f.func_read = s->method->ssl_peek;
  2027. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  2028. *readbytes = sc->asyncrw;
  2029. return ret;
  2030. } else {
  2031. return s->method->ssl_peek(s, buf, num, readbytes);
  2032. }
  2033. }
  2034. int SSL_peek(SSL *s, void *buf, int num)
  2035. {
  2036. int ret;
  2037. size_t readbytes;
  2038. if (num < 0) {
  2039. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  2040. return -1;
  2041. }
  2042. ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
  2043. /*
  2044. * The cast is safe here because ret should be <= INT_MAX because num is
  2045. * <= INT_MAX
  2046. */
  2047. if (ret > 0)
  2048. ret = (int)readbytes;
  2049. return ret;
  2050. }
  2051. int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  2052. {
  2053. int ret = ssl_peek_internal(s, buf, num, readbytes);
  2054. if (ret < 0)
  2055. ret = 0;
  2056. return ret;
  2057. }
  2058. int ssl_write_internal(SSL *s, const void *buf, size_t num,
  2059. uint64_t flags, size_t *written)
  2060. {
  2061. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2062. #ifndef OPENSSL_NO_QUIC
  2063. if (IS_QUIC(s))
  2064. return ossl_quic_write_flags(s, buf, num, flags, written);
  2065. #endif
  2066. if (sc == NULL)
  2067. return 0;
  2068. if (sc->handshake_func == NULL) {
  2069. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2070. return -1;
  2071. }
  2072. if (sc->shutdown & SSL_SENT_SHUTDOWN) {
  2073. sc->rwstate = SSL_NOTHING;
  2074. ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
  2075. return -1;
  2076. }
  2077. if (flags != 0) {
  2078. ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_WRITE_FLAG);
  2079. return -1;
  2080. }
  2081. if (sc->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  2082. || sc->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
  2083. || sc->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
  2084. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2085. return 0;
  2086. }
  2087. /* If we are a client and haven't sent the Finished we better do that */
  2088. ossl_statem_check_finish_init(sc, 1);
  2089. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  2090. int ret;
  2091. struct ssl_async_args args;
  2092. args.s = s;
  2093. args.buf = (void *)buf;
  2094. args.num = num;
  2095. args.type = WRITEFUNC;
  2096. args.f.func_write = s->method->ssl_write;
  2097. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  2098. *written = sc->asyncrw;
  2099. return ret;
  2100. } else {
  2101. return s->method->ssl_write(s, buf, num, written);
  2102. }
  2103. }
  2104. ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags)
  2105. {
  2106. ossl_ssize_t ret;
  2107. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2108. if (sc == NULL)
  2109. return 0;
  2110. if (sc->handshake_func == NULL) {
  2111. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2112. return -1;
  2113. }
  2114. if (sc->shutdown & SSL_SENT_SHUTDOWN) {
  2115. sc->rwstate = SSL_NOTHING;
  2116. ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
  2117. return -1;
  2118. }
  2119. if (!BIO_get_ktls_send(sc->wbio)) {
  2120. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2121. return -1;
  2122. }
  2123. /* If we have an alert to send, lets send it */
  2124. if (sc->s3.alert_dispatch > 0) {
  2125. ret = (ossl_ssize_t)s->method->ssl_dispatch_alert(s);
  2126. if (ret <= 0) {
  2127. /* SSLfatal() already called if appropriate */
  2128. return ret;
  2129. }
  2130. /* if it went, fall through and send more stuff */
  2131. }
  2132. sc->rwstate = SSL_WRITING;
  2133. if (BIO_flush(sc->wbio) <= 0) {
  2134. if (!BIO_should_retry(sc->wbio)) {
  2135. sc->rwstate = SSL_NOTHING;
  2136. } else {
  2137. #ifdef EAGAIN
  2138. set_sys_error(EAGAIN);
  2139. #endif
  2140. }
  2141. return -1;
  2142. }
  2143. #ifdef OPENSSL_NO_KTLS
  2144. ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR,
  2145. "can't call ktls_sendfile(), ktls disabled");
  2146. return -1;
  2147. #else
  2148. ret = ktls_sendfile(SSL_get_wfd(s), fd, offset, size, flags);
  2149. if (ret < 0) {
  2150. #if defined(EAGAIN) && defined(EINTR) && defined(EBUSY)
  2151. if ((get_last_sys_error() == EAGAIN) ||
  2152. (get_last_sys_error() == EINTR) ||
  2153. (get_last_sys_error() == EBUSY))
  2154. BIO_set_retry_write(sc->wbio);
  2155. else
  2156. #endif
  2157. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2158. return ret;
  2159. }
  2160. sc->rwstate = SSL_NOTHING;
  2161. return ret;
  2162. #endif
  2163. }
  2164. int SSL_write(SSL *s, const void *buf, int num)
  2165. {
  2166. int ret;
  2167. size_t written;
  2168. if (num < 0) {
  2169. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  2170. return -1;
  2171. }
  2172. ret = ssl_write_internal(s, buf, (size_t)num, 0, &written);
  2173. /*
  2174. * The cast is safe here because ret should be <= INT_MAX because num is
  2175. * <= INT_MAX
  2176. */
  2177. if (ret > 0)
  2178. ret = (int)written;
  2179. return ret;
  2180. }
  2181. int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
  2182. {
  2183. return SSL_write_ex2(s, buf, num, 0, written);
  2184. }
  2185. int SSL_write_ex2(SSL *s, const void *buf, size_t num, uint64_t flags,
  2186. size_t *written)
  2187. {
  2188. int ret = ssl_write_internal(s, buf, num, flags, written);
  2189. if (ret < 0)
  2190. ret = 0;
  2191. return ret;
  2192. }
  2193. int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
  2194. {
  2195. int ret, early_data_state;
  2196. size_t writtmp;
  2197. uint32_t partialwrite;
  2198. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2199. /* TODO(QUIC 0RTT): This will need special handling for QUIC */
  2200. if (sc == NULL)
  2201. return 0;
  2202. switch (sc->early_data_state) {
  2203. case SSL_EARLY_DATA_NONE:
  2204. if (sc->server
  2205. || !SSL_in_before(s)
  2206. || ((sc->session == NULL || sc->session->ext.max_early_data == 0)
  2207. && (sc->psk_use_session_cb == NULL))) {
  2208. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2209. return 0;
  2210. }
  2211. /* fall through */
  2212. case SSL_EARLY_DATA_CONNECT_RETRY:
  2213. sc->early_data_state = SSL_EARLY_DATA_CONNECTING;
  2214. ret = SSL_connect(s);
  2215. if (ret <= 0) {
  2216. /* NBIO or error */
  2217. sc->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
  2218. return 0;
  2219. }
  2220. /* fall through */
  2221. case SSL_EARLY_DATA_WRITE_RETRY:
  2222. sc->early_data_state = SSL_EARLY_DATA_WRITING;
  2223. /*
  2224. * We disable partial write for early data because we don't keep track
  2225. * of how many bytes we've written between the SSL_write_ex() call and
  2226. * the flush if the flush needs to be retried)
  2227. */
  2228. partialwrite = sc->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
  2229. sc->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
  2230. ret = SSL_write_ex(s, buf, num, &writtmp);
  2231. sc->mode |= partialwrite;
  2232. if (!ret) {
  2233. sc->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
  2234. return ret;
  2235. }
  2236. sc->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
  2237. /* fall through */
  2238. case SSL_EARLY_DATA_WRITE_FLUSH:
  2239. /* The buffering BIO is still in place so we need to flush it */
  2240. if (statem_flush(sc) != 1)
  2241. return 0;
  2242. *written = num;
  2243. sc->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
  2244. return 1;
  2245. case SSL_EARLY_DATA_FINISHED_READING:
  2246. case SSL_EARLY_DATA_READ_RETRY:
  2247. early_data_state = sc->early_data_state;
  2248. /* We are a server writing to an unauthenticated client */
  2249. sc->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
  2250. ret = SSL_write_ex(s, buf, num, written);
  2251. /* The buffering BIO is still in place */
  2252. if (ret)
  2253. (void)BIO_flush(sc->wbio);
  2254. sc->early_data_state = early_data_state;
  2255. return ret;
  2256. default:
  2257. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2258. return 0;
  2259. }
  2260. }
  2261. int SSL_shutdown(SSL *s)
  2262. {
  2263. /*
  2264. * Note that this function behaves differently from what one might
  2265. * expect. Return values are 0 for no success (yet), 1 for success; but
  2266. * calling it once is usually not enough, even if blocking I/O is used
  2267. * (see ssl3_shutdown).
  2268. */
  2269. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2270. #ifndef OPENSSL_NO_QUIC
  2271. if (IS_QUIC(s))
  2272. return ossl_quic_conn_shutdown(s, 0, NULL, 0);
  2273. #endif
  2274. if (sc == NULL)
  2275. return -1;
  2276. if (sc->handshake_func == NULL) {
  2277. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2278. return -1;
  2279. }
  2280. if (!SSL_in_init(s)) {
  2281. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  2282. struct ssl_async_args args;
  2283. memset(&args, 0, sizeof(args));
  2284. args.s = s;
  2285. args.type = OTHERFUNC;
  2286. args.f.func_other = s->method->ssl_shutdown;
  2287. return ssl_start_async_job(s, &args, ssl_io_intern);
  2288. } else {
  2289. return s->method->ssl_shutdown(s);
  2290. }
  2291. } else {
  2292. ERR_raise(ERR_LIB_SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT);
  2293. return -1;
  2294. }
  2295. }
  2296. int SSL_key_update(SSL *s, int updatetype)
  2297. {
  2298. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2299. #ifndef OPENSSL_NO_QUIC
  2300. if (IS_QUIC(s))
  2301. return ossl_quic_key_update(s, updatetype);
  2302. #endif
  2303. if (sc == NULL)
  2304. return 0;
  2305. if (!SSL_CONNECTION_IS_VERSION13(sc)) {
  2306. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  2307. return 0;
  2308. }
  2309. if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
  2310. && updatetype != SSL_KEY_UPDATE_REQUESTED) {
  2311. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_KEY_UPDATE_TYPE);
  2312. return 0;
  2313. }
  2314. if (!SSL_is_init_finished(s)) {
  2315. ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT);
  2316. return 0;
  2317. }
  2318. if (RECORD_LAYER_write_pending(&sc->rlayer)) {
  2319. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY);
  2320. return 0;
  2321. }
  2322. ossl_statem_set_in_init(sc, 1);
  2323. sc->key_update = updatetype;
  2324. return 1;
  2325. }
  2326. int SSL_get_key_update_type(const SSL *s)
  2327. {
  2328. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2329. #ifndef OPENSSL_NO_QUIC
  2330. if (IS_QUIC(s))
  2331. return ossl_quic_get_key_update_type(s);
  2332. #endif
  2333. if (sc == NULL)
  2334. return 0;
  2335. return sc->key_update;
  2336. }
  2337. /*
  2338. * Can we accept a renegotiation request? If yes, set the flag and
  2339. * return 1 if yes. If not, raise error and return 0.
  2340. */
  2341. static int can_renegotiate(const SSL_CONNECTION *sc)
  2342. {
  2343. if (SSL_CONNECTION_IS_VERSION13(sc)) {
  2344. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  2345. return 0;
  2346. }
  2347. if ((sc->options & SSL_OP_NO_RENEGOTIATION) != 0) {
  2348. ERR_raise(ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION);
  2349. return 0;
  2350. }
  2351. return 1;
  2352. }
  2353. int SSL_renegotiate(SSL *s)
  2354. {
  2355. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2356. if (sc == NULL)
  2357. return 0;
  2358. if (!can_renegotiate(sc))
  2359. return 0;
  2360. sc->renegotiate = 1;
  2361. sc->new_session = 1;
  2362. return s->method->ssl_renegotiate(s);
  2363. }
  2364. int SSL_renegotiate_abbreviated(SSL *s)
  2365. {
  2366. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2367. if (sc == NULL)
  2368. return 0;
  2369. if (!can_renegotiate(sc))
  2370. return 0;
  2371. sc->renegotiate = 1;
  2372. sc->new_session = 0;
  2373. return s->method->ssl_renegotiate(s);
  2374. }
  2375. int SSL_renegotiate_pending(const SSL *s)
  2376. {
  2377. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2378. if (sc == NULL)
  2379. return 0;
  2380. /*
  2381. * becomes true when negotiation is requested; false again once a
  2382. * handshake has finished
  2383. */
  2384. return (sc->renegotiate != 0);
  2385. }
  2386. int SSL_new_session_ticket(SSL *s)
  2387. {
  2388. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2389. if (sc == NULL)
  2390. return 0;
  2391. /* If we are in init because we're sending tickets, okay to send more. */
  2392. if ((SSL_in_init(s) && sc->ext.extra_tickets_expected == 0)
  2393. || SSL_IS_FIRST_HANDSHAKE(sc) || !sc->server
  2394. || !SSL_CONNECTION_IS_VERSION13(sc))
  2395. return 0;
  2396. sc->ext.extra_tickets_expected++;
  2397. if (!RECORD_LAYER_write_pending(&sc->rlayer) && !SSL_in_init(s))
  2398. ossl_statem_set_in_init(sc, 1);
  2399. return 1;
  2400. }
  2401. long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
  2402. {
  2403. return ossl_ctrl_internal(s, cmd, larg, parg, /*no_quic=*/0);
  2404. }
  2405. long ossl_ctrl_internal(SSL *s, int cmd, long larg, void *parg, int no_quic)
  2406. {
  2407. long l;
  2408. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2409. /*
  2410. * Routing of ctrl calls for QUIC is a little counterintuitive:
  2411. *
  2412. * - Firstly (no_quic=0), we pass the ctrl directly to our QUIC
  2413. * implementation in case it wants to handle the ctrl specially.
  2414. *
  2415. * - If our QUIC implementation does not care about the ctrl, it
  2416. * will reenter this function with no_quic=1 and we will try to handle
  2417. * it directly using the QCSO SSL object stub (not the handshake layer
  2418. * SSL object). This is important for e.g. the version configuration
  2419. * ctrls below, which must use s->defltmeth (and not sc->defltmeth).
  2420. *
  2421. * - If we don't handle a ctrl here specially, then processing is
  2422. * redirected to the handshake layer SSL object.
  2423. */
  2424. if (!no_quic && IS_QUIC(s))
  2425. return s->method->ssl_ctrl(s, cmd, larg, parg);
  2426. if (sc == NULL)
  2427. return 0;
  2428. switch (cmd) {
  2429. case SSL_CTRL_GET_READ_AHEAD:
  2430. return RECORD_LAYER_get_read_ahead(&sc->rlayer);
  2431. case SSL_CTRL_SET_READ_AHEAD:
  2432. l = RECORD_LAYER_get_read_ahead(&sc->rlayer);
  2433. RECORD_LAYER_set_read_ahead(&sc->rlayer, larg);
  2434. return l;
  2435. case SSL_CTRL_MODE:
  2436. {
  2437. OSSL_PARAM options[2], *opts = options;
  2438. sc->mode |= larg;
  2439. *opts++ = OSSL_PARAM_construct_uint32(OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE,
  2440. &sc->mode);
  2441. *opts = OSSL_PARAM_construct_end();
  2442. /* Ignore return value */
  2443. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  2444. return sc->mode;
  2445. }
  2446. case SSL_CTRL_CLEAR_MODE:
  2447. return (sc->mode &= ~larg);
  2448. case SSL_CTRL_GET_MAX_CERT_LIST:
  2449. return (long)sc->max_cert_list;
  2450. case SSL_CTRL_SET_MAX_CERT_LIST:
  2451. if (larg < 0)
  2452. return 0;
  2453. l = (long)sc->max_cert_list;
  2454. sc->max_cert_list = (size_t)larg;
  2455. return l;
  2456. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  2457. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  2458. return 0;
  2459. #ifndef OPENSSL_NO_KTLS
  2460. if (sc->wbio != NULL && BIO_get_ktls_send(sc->wbio))
  2461. return 0;
  2462. #endif /* OPENSSL_NO_KTLS */
  2463. sc->max_send_fragment = larg;
  2464. if (sc->max_send_fragment < sc->split_send_fragment)
  2465. sc->split_send_fragment = sc->max_send_fragment;
  2466. sc->rlayer.wrlmethod->set_max_frag_len(sc->rlayer.wrl, larg);
  2467. return 1;
  2468. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  2469. if ((size_t)larg > sc->max_send_fragment || larg == 0)
  2470. return 0;
  2471. sc->split_send_fragment = larg;
  2472. return 1;
  2473. case SSL_CTRL_SET_MAX_PIPELINES:
  2474. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  2475. return 0;
  2476. sc->max_pipelines = larg;
  2477. if (sc->rlayer.rrlmethod->set_max_pipelines != NULL)
  2478. sc->rlayer.rrlmethod->set_max_pipelines(sc->rlayer.rrl, (size_t)larg);
  2479. return 1;
  2480. case SSL_CTRL_GET_RI_SUPPORT:
  2481. return sc->s3.send_connection_binding;
  2482. case SSL_CTRL_SET_RETRY_VERIFY:
  2483. sc->rwstate = SSL_RETRY_VERIFY;
  2484. return 1;
  2485. case SSL_CTRL_CERT_FLAGS:
  2486. return (sc->cert->cert_flags |= larg);
  2487. case SSL_CTRL_CLEAR_CERT_FLAGS:
  2488. return (sc->cert->cert_flags &= ~larg);
  2489. case SSL_CTRL_GET_RAW_CIPHERLIST:
  2490. if (parg) {
  2491. if (sc->s3.tmp.ciphers_raw == NULL)
  2492. return 0;
  2493. *(unsigned char **)parg = sc->s3.tmp.ciphers_raw;
  2494. return (int)sc->s3.tmp.ciphers_rawlen;
  2495. } else {
  2496. return TLS_CIPHER_LEN;
  2497. }
  2498. case SSL_CTRL_GET_EXTMS_SUPPORT:
  2499. if (!sc->session || SSL_in_init(s) || ossl_statem_get_in_handshake(sc))
  2500. return -1;
  2501. if (sc->session->flags & SSL_SESS_FLAG_EXTMS)
  2502. return 1;
  2503. else
  2504. return 0;
  2505. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  2506. return ssl_check_allowed_versions(larg, sc->max_proto_version)
  2507. && ssl_set_version_bound(s->defltmeth->version, (int)larg,
  2508. &sc->min_proto_version);
  2509. case SSL_CTRL_GET_MIN_PROTO_VERSION:
  2510. return sc->min_proto_version;
  2511. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  2512. return ssl_check_allowed_versions(sc->min_proto_version, larg)
  2513. && ssl_set_version_bound(s->defltmeth->version, (int)larg,
  2514. &sc->max_proto_version);
  2515. case SSL_CTRL_GET_MAX_PROTO_VERSION:
  2516. return sc->max_proto_version;
  2517. default:
  2518. if (IS_QUIC(s))
  2519. return SSL_ctrl((SSL *)sc, cmd, larg, parg);
  2520. else
  2521. return s->method->ssl_ctrl(s, cmd, larg, parg);
  2522. }
  2523. }
  2524. long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
  2525. {
  2526. return s->method->ssl_callback_ctrl(s, cmd, fp);
  2527. }
  2528. LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
  2529. {
  2530. return ctx->sessions;
  2531. }
  2532. static int ssl_tsan_load(SSL_CTX *ctx, TSAN_QUALIFIER int *stat)
  2533. {
  2534. int res = 0;
  2535. if (ssl_tsan_lock(ctx)) {
  2536. res = tsan_load(stat);
  2537. ssl_tsan_unlock(ctx);
  2538. }
  2539. return res;
  2540. }
  2541. long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
  2542. {
  2543. long l;
  2544. /* For some cases with ctx == NULL perform syntax checks */
  2545. if (ctx == NULL) {
  2546. switch (cmd) {
  2547. case SSL_CTRL_SET_GROUPS_LIST:
  2548. return tls1_set_groups_list(ctx, NULL, NULL, parg);
  2549. case SSL_CTRL_SET_SIGALGS_LIST:
  2550. case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
  2551. return tls1_set_sigalgs_list(ctx, NULL, parg, 0);
  2552. default:
  2553. return 0;
  2554. }
  2555. }
  2556. switch (cmd) {
  2557. case SSL_CTRL_GET_READ_AHEAD:
  2558. return ctx->read_ahead;
  2559. case SSL_CTRL_SET_READ_AHEAD:
  2560. l = ctx->read_ahead;
  2561. ctx->read_ahead = larg;
  2562. return l;
  2563. case SSL_CTRL_SET_MSG_CALLBACK_ARG:
  2564. ctx->msg_callback_arg = parg;
  2565. return 1;
  2566. case SSL_CTRL_GET_MAX_CERT_LIST:
  2567. return (long)ctx->max_cert_list;
  2568. case SSL_CTRL_SET_MAX_CERT_LIST:
  2569. if (larg < 0)
  2570. return 0;
  2571. l = (long)ctx->max_cert_list;
  2572. ctx->max_cert_list = (size_t)larg;
  2573. return l;
  2574. case SSL_CTRL_SET_SESS_CACHE_SIZE:
  2575. if (larg < 0)
  2576. return 0;
  2577. l = (long)ctx->session_cache_size;
  2578. ctx->session_cache_size = (size_t)larg;
  2579. return l;
  2580. case SSL_CTRL_GET_SESS_CACHE_SIZE:
  2581. return (long)ctx->session_cache_size;
  2582. case SSL_CTRL_SET_SESS_CACHE_MODE:
  2583. l = ctx->session_cache_mode;
  2584. ctx->session_cache_mode = larg;
  2585. return l;
  2586. case SSL_CTRL_GET_SESS_CACHE_MODE:
  2587. return ctx->session_cache_mode;
  2588. case SSL_CTRL_SESS_NUMBER:
  2589. return lh_SSL_SESSION_num_items(ctx->sessions);
  2590. case SSL_CTRL_SESS_CONNECT:
  2591. return ssl_tsan_load(ctx, &ctx->stats.sess_connect);
  2592. case SSL_CTRL_SESS_CONNECT_GOOD:
  2593. return ssl_tsan_load(ctx, &ctx->stats.sess_connect_good);
  2594. case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
  2595. return ssl_tsan_load(ctx, &ctx->stats.sess_connect_renegotiate);
  2596. case SSL_CTRL_SESS_ACCEPT:
  2597. return ssl_tsan_load(ctx, &ctx->stats.sess_accept);
  2598. case SSL_CTRL_SESS_ACCEPT_GOOD:
  2599. return ssl_tsan_load(ctx, &ctx->stats.sess_accept_good);
  2600. case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
  2601. return ssl_tsan_load(ctx, &ctx->stats.sess_accept_renegotiate);
  2602. case SSL_CTRL_SESS_HIT:
  2603. return ssl_tsan_load(ctx, &ctx->stats.sess_hit);
  2604. case SSL_CTRL_SESS_CB_HIT:
  2605. return ssl_tsan_load(ctx, &ctx->stats.sess_cb_hit);
  2606. case SSL_CTRL_SESS_MISSES:
  2607. return ssl_tsan_load(ctx, &ctx->stats.sess_miss);
  2608. case SSL_CTRL_SESS_TIMEOUTS:
  2609. return ssl_tsan_load(ctx, &ctx->stats.sess_timeout);
  2610. case SSL_CTRL_SESS_CACHE_FULL:
  2611. return ssl_tsan_load(ctx, &ctx->stats.sess_cache_full);
  2612. case SSL_CTRL_MODE:
  2613. return (ctx->mode |= larg);
  2614. case SSL_CTRL_CLEAR_MODE:
  2615. return (ctx->mode &= ~larg);
  2616. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  2617. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  2618. return 0;
  2619. ctx->max_send_fragment = larg;
  2620. if (ctx->max_send_fragment < ctx->split_send_fragment)
  2621. ctx->split_send_fragment = ctx->max_send_fragment;
  2622. return 1;
  2623. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  2624. if ((size_t)larg > ctx->max_send_fragment || larg == 0)
  2625. return 0;
  2626. ctx->split_send_fragment = larg;
  2627. return 1;
  2628. case SSL_CTRL_SET_MAX_PIPELINES:
  2629. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  2630. return 0;
  2631. ctx->max_pipelines = larg;
  2632. return 1;
  2633. case SSL_CTRL_CERT_FLAGS:
  2634. return (ctx->cert->cert_flags |= larg);
  2635. case SSL_CTRL_CLEAR_CERT_FLAGS:
  2636. return (ctx->cert->cert_flags &= ~larg);
  2637. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  2638. return ssl_check_allowed_versions(larg, ctx->max_proto_version)
  2639. && ssl_set_version_bound(ctx->method->version, (int)larg,
  2640. &ctx->min_proto_version);
  2641. case SSL_CTRL_GET_MIN_PROTO_VERSION:
  2642. return ctx->min_proto_version;
  2643. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  2644. return ssl_check_allowed_versions(ctx->min_proto_version, larg)
  2645. && ssl_set_version_bound(ctx->method->version, (int)larg,
  2646. &ctx->max_proto_version);
  2647. case SSL_CTRL_GET_MAX_PROTO_VERSION:
  2648. return ctx->max_proto_version;
  2649. default:
  2650. return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
  2651. }
  2652. }
  2653. long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
  2654. {
  2655. switch (cmd) {
  2656. case SSL_CTRL_SET_MSG_CALLBACK:
  2657. ctx->msg_callback = (void (*)
  2658. (int write_p, int version, int content_type,
  2659. const void *buf, size_t len, SSL *ssl,
  2660. void *arg))(fp);
  2661. return 1;
  2662. default:
  2663. return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
  2664. }
  2665. }
  2666. int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
  2667. {
  2668. if (a->id > b->id)
  2669. return 1;
  2670. if (a->id < b->id)
  2671. return -1;
  2672. return 0;
  2673. }
  2674. int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
  2675. const SSL_CIPHER *const *bp)
  2676. {
  2677. if ((*ap)->id > (*bp)->id)
  2678. return 1;
  2679. if ((*ap)->id < (*bp)->id)
  2680. return -1;
  2681. return 0;
  2682. }
  2683. /*
  2684. * return a STACK of the ciphers available for the SSL and in order of
  2685. * preference
  2686. */
  2687. STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
  2688. {
  2689. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2690. if (sc != NULL) {
  2691. if (sc->cipher_list != NULL) {
  2692. return sc->cipher_list;
  2693. } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
  2694. return s->ctx->cipher_list;
  2695. }
  2696. }
  2697. return NULL;
  2698. }
  2699. STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
  2700. {
  2701. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2702. if (sc == NULL || !sc->server)
  2703. return NULL;
  2704. return sc->peer_ciphers;
  2705. }
  2706. STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
  2707. {
  2708. STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
  2709. int i;
  2710. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2711. if (sc == NULL)
  2712. return NULL;
  2713. ciphers = SSL_get_ciphers(s);
  2714. if (!ciphers)
  2715. return NULL;
  2716. if (!ssl_set_client_disabled(sc))
  2717. return NULL;
  2718. for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
  2719. const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
  2720. if (!ssl_cipher_disabled(sc, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
  2721. if (!sk)
  2722. sk = sk_SSL_CIPHER_new_null();
  2723. if (!sk)
  2724. return NULL;
  2725. if (!sk_SSL_CIPHER_push(sk, c)) {
  2726. sk_SSL_CIPHER_free(sk);
  2727. return NULL;
  2728. }
  2729. }
  2730. }
  2731. return sk;
  2732. }
  2733. /** return a STACK of the ciphers available for the SSL and in order of
  2734. * algorithm id */
  2735. STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL_CONNECTION *s)
  2736. {
  2737. if (s != NULL) {
  2738. if (s->cipher_list_by_id != NULL)
  2739. return s->cipher_list_by_id;
  2740. else if (s->ssl.ctx != NULL
  2741. && s->ssl.ctx->cipher_list_by_id != NULL)
  2742. return s->ssl.ctx->cipher_list_by_id;
  2743. }
  2744. return NULL;
  2745. }
  2746. /** The old interface to get the same thing as SSL_get_ciphers() */
  2747. const char *SSL_get_cipher_list(const SSL *s, int n)
  2748. {
  2749. const SSL_CIPHER *c;
  2750. STACK_OF(SSL_CIPHER) *sk;
  2751. if (s == NULL)
  2752. return NULL;
  2753. sk = SSL_get_ciphers(s);
  2754. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
  2755. return NULL;
  2756. c = sk_SSL_CIPHER_value(sk, n);
  2757. if (c == NULL)
  2758. return NULL;
  2759. return c->name;
  2760. }
  2761. /** return a STACK of the ciphers available for the SSL_CTX and in order of
  2762. * preference */
  2763. STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
  2764. {
  2765. if (ctx != NULL)
  2766. return ctx->cipher_list;
  2767. return NULL;
  2768. }
  2769. /*
  2770. * Distinguish between ciphers controlled by set_ciphersuite() and
  2771. * set_cipher_list() when counting.
  2772. */
  2773. static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
  2774. {
  2775. int i, num = 0;
  2776. const SSL_CIPHER *c;
  2777. if (sk == NULL)
  2778. return 0;
  2779. for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
  2780. c = sk_SSL_CIPHER_value(sk, i);
  2781. if (c->min_tls >= TLS1_3_VERSION)
  2782. continue;
  2783. num++;
  2784. }
  2785. return num;
  2786. }
  2787. /** specify the ciphers to be used by default by the SSL_CTX */
  2788. int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
  2789. {
  2790. STACK_OF(SSL_CIPHER) *sk;
  2791. sk = ssl_create_cipher_list(ctx, ctx->tls13_ciphersuites,
  2792. &ctx->cipher_list, &ctx->cipher_list_by_id, str,
  2793. ctx->cert);
  2794. /*
  2795. * ssl_create_cipher_list may return an empty stack if it was unable to
  2796. * find a cipher matching the given rule string (for example if the rule
  2797. * string specifies a cipher which has been disabled). This is not an
  2798. * error as far as ssl_create_cipher_list is concerned, and hence
  2799. * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
  2800. */
  2801. if (sk == NULL)
  2802. return 0;
  2803. else if (cipher_list_tls12_num(sk) == 0) {
  2804. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
  2805. return 0;
  2806. }
  2807. return 1;
  2808. }
  2809. /** specify the ciphers to be used by the SSL */
  2810. int SSL_set_cipher_list(SSL *s, const char *str)
  2811. {
  2812. STACK_OF(SSL_CIPHER) *sk;
  2813. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2814. if (sc == NULL)
  2815. return 0;
  2816. sk = ssl_create_cipher_list(s->ctx, sc->tls13_ciphersuites,
  2817. &sc->cipher_list, &sc->cipher_list_by_id, str,
  2818. sc->cert);
  2819. /* see comment in SSL_CTX_set_cipher_list */
  2820. if (sk == NULL)
  2821. return 0;
  2822. else if (cipher_list_tls12_num(sk) == 0) {
  2823. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
  2824. return 0;
  2825. }
  2826. return 1;
  2827. }
  2828. char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
  2829. {
  2830. char *p;
  2831. STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
  2832. const SSL_CIPHER *c;
  2833. int i;
  2834. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2835. if (sc == NULL)
  2836. return NULL;
  2837. if (!sc->server
  2838. || sc->peer_ciphers == NULL
  2839. || size < 2)
  2840. return NULL;
  2841. p = buf;
  2842. clntsk = sc->peer_ciphers;
  2843. srvrsk = SSL_get_ciphers(s);
  2844. if (clntsk == NULL || srvrsk == NULL)
  2845. return NULL;
  2846. if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
  2847. return NULL;
  2848. for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
  2849. int n;
  2850. c = sk_SSL_CIPHER_value(clntsk, i);
  2851. if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
  2852. continue;
  2853. n = OPENSSL_strnlen(c->name, size);
  2854. if (n >= size) {
  2855. if (p != buf)
  2856. --p;
  2857. *p = '\0';
  2858. return buf;
  2859. }
  2860. memcpy(p, c->name, n);
  2861. p += n;
  2862. *(p++) = ':';
  2863. size -= n + 1;
  2864. }
  2865. p[-1] = '\0';
  2866. return buf;
  2867. }
  2868. /**
  2869. * Return the requested servername (SNI) value. Note that the behaviour varies
  2870. * depending on:
  2871. * - whether this is called by the client or the server,
  2872. * - if we are before or during/after the handshake,
  2873. * - if a resumption or normal handshake is being attempted/has occurred
  2874. * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3
  2875. *
  2876. * Note that only the host_name type is defined (RFC 3546).
  2877. */
  2878. const char *SSL_get_servername(const SSL *s, const int type)
  2879. {
  2880. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2881. int server;
  2882. if (sc == NULL)
  2883. return NULL;
  2884. /*
  2885. * If we don't know if we are the client or the server yet then we assume
  2886. * client.
  2887. */
  2888. server = sc->handshake_func == NULL ? 0 : sc->server;
  2889. if (type != TLSEXT_NAMETYPE_host_name)
  2890. return NULL;
  2891. if (server) {
  2892. /**
  2893. * Server side
  2894. * In (D)TLSv1.3 on the server SNI is not associated with the session
  2895. * but in (D)TLSv1.2 or below it is.
  2896. *
  2897. * Before the handshake:
  2898. * - return NULL
  2899. *
  2900. * During/after the handshake ((D)TLSv1.2 or below resumption occurred):
  2901. * - If a servername was accepted by the server in the original
  2902. * handshake then it will return that servername, or NULL otherwise.
  2903. *
  2904. * During/after the handshake ((D)TLSv1.2 or below resumption did not occur):
  2905. * - The function will return the servername requested by the client in
  2906. * this handshake or NULL if none was requested.
  2907. */
  2908. if (sc->hit && !SSL_CONNECTION_IS_VERSION13(sc))
  2909. return sc->session->ext.hostname;
  2910. } else {
  2911. /**
  2912. * Client side
  2913. *
  2914. * Before the handshake:
  2915. * - If a servername has been set via a call to
  2916. * SSL_set_tlsext_host_name() then it will return that servername
  2917. * - If one has not been set, but a (D)TLSv1.2 resumption is being
  2918. * attempted and the session from the original handshake had a
  2919. * servername accepted by the server then it will return that
  2920. * servername
  2921. * - Otherwise it returns NULL
  2922. *
  2923. * During/after the handshake ((D)TLSv1.2 or below resumption occurred):
  2924. * - If the session from the original handshake had a servername accepted
  2925. * by the server then it will return that servername.
  2926. * - Otherwise it returns the servername set via
  2927. * SSL_set_tlsext_host_name() (or NULL if it was not called).
  2928. *
  2929. * During/after the handshake ((D)TLSv1.2 or below resumption did not occur):
  2930. * - It will return the servername set via SSL_set_tlsext_host_name()
  2931. * (or NULL if it was not called).
  2932. */
  2933. if (SSL_in_before(s)) {
  2934. const int version1_3 = SSL_CONNECTION_IS_DTLS(sc) ? DTLS1_3_VERSION
  2935. : TLS1_3_VERSION;
  2936. if (sc->ext.hostname == NULL
  2937. && sc->session != NULL
  2938. && sc->session->ssl_version != version1_3)
  2939. return sc->session->ext.hostname;
  2940. } else {
  2941. if (!SSL_CONNECTION_IS_VERSION13(sc) && sc->hit
  2942. && sc->session->ext.hostname != NULL)
  2943. return sc->session->ext.hostname;
  2944. }
  2945. }
  2946. return sc->ext.hostname;
  2947. }
  2948. int SSL_get_servername_type(const SSL *s)
  2949. {
  2950. if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL)
  2951. return TLSEXT_NAMETYPE_host_name;
  2952. return -1;
  2953. }
  2954. /*
  2955. * SSL_select_next_proto implements the standard protocol selection. It is
  2956. * expected that this function is called from the callback set by
  2957. * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
  2958. * vector of 8-bit, length prefixed byte strings. The length byte itself is
  2959. * not included in the length. A byte string of length 0 is invalid. No byte
  2960. * string may be truncated. The current, but experimental algorithm for
  2961. * selecting the protocol is: 1) If the server doesn't support NPN then this
  2962. * is indicated to the callback. In this case, the client application has to
  2963. * abort the connection or have a default application level protocol. 2) If
  2964. * the server supports NPN, but advertises an empty list then the client
  2965. * selects the first protocol in its list, but indicates via the API that this
  2966. * fallback case was enacted. 3) Otherwise, the client finds the first
  2967. * protocol in the server's list that it supports and selects this protocol.
  2968. * This is because it's assumed that the server has better information about
  2969. * which protocol a client should use. 4) If the client doesn't support any
  2970. * of the server's advertised protocols, then this is treated the same as
  2971. * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
  2972. * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
  2973. */
  2974. int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
  2975. const unsigned char *server,
  2976. unsigned int server_len,
  2977. const unsigned char *client, unsigned int client_len)
  2978. {
  2979. unsigned int i, j;
  2980. const unsigned char *result;
  2981. int status = OPENSSL_NPN_UNSUPPORTED;
  2982. /*
  2983. * For each protocol in server preference order, see if we support it.
  2984. */
  2985. for (i = 0; i < server_len;) {
  2986. for (j = 0; j < client_len;) {
  2987. if (server[i] == client[j] &&
  2988. memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
  2989. /* We found a match */
  2990. result = &server[i];
  2991. status = OPENSSL_NPN_NEGOTIATED;
  2992. goto found;
  2993. }
  2994. j += client[j];
  2995. j++;
  2996. }
  2997. i += server[i];
  2998. i++;
  2999. }
  3000. /* There's no overlap between our protocols and the server's list. */
  3001. result = client;
  3002. status = OPENSSL_NPN_NO_OVERLAP;
  3003. found:
  3004. *out = (unsigned char *)result + 1;
  3005. *outlen = result[0];
  3006. return status;
  3007. }
  3008. #ifndef OPENSSL_NO_NEXTPROTONEG
  3009. /*
  3010. * SSL_get0_next_proto_negotiated sets *data and *len to point to the
  3011. * client's requested protocol for this connection and returns 0. If the
  3012. * client didn't request any protocol, then *data is set to NULL. Note that
  3013. * the client can request any protocol it chooses. The value returned from
  3014. * this function need not be a member of the list of supported protocols
  3015. * provided by the callback.
  3016. */
  3017. void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
  3018. unsigned *len)
  3019. {
  3020. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  3021. if (sc == NULL) {
  3022. /* We have no other way to indicate error */
  3023. *data = NULL;
  3024. *len = 0;
  3025. return;
  3026. }
  3027. *data = sc->ext.npn;
  3028. if (*data == NULL) {
  3029. *len = 0;
  3030. } else {
  3031. *len = (unsigned int)sc->ext.npn_len;
  3032. }
  3033. }
  3034. /*
  3035. * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
  3036. * a TLS server needs a list of supported protocols for Next Protocol
  3037. * Negotiation. The returned list must be in wire format. The list is
  3038. * returned by setting |out| to point to it and |outlen| to its length. This
  3039. * memory will not be modified, but one should assume that the SSL* keeps a
  3040. * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
  3041. * wishes to advertise. Otherwise, no such extension will be included in the
  3042. * ServerHello.
  3043. */
  3044. void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
  3045. SSL_CTX_npn_advertised_cb_func cb,
  3046. void *arg)
  3047. {
  3048. if (IS_QUIC_CTX(ctx))
  3049. /* NPN not allowed for QUIC */
  3050. return;
  3051. ctx->ext.npn_advertised_cb = cb;
  3052. ctx->ext.npn_advertised_cb_arg = arg;
  3053. }
  3054. /*
  3055. * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
  3056. * client needs to select a protocol from the server's provided list. |out|
  3057. * must be set to point to the selected protocol (which may be within |in|).
  3058. * The length of the protocol name must be written into |outlen|. The
  3059. * server's advertised protocols are provided in |in| and |inlen|. The
  3060. * callback can assume that |in| is syntactically valid. The client must
  3061. * select a protocol. It is fatal to the connection if this callback returns
  3062. * a value other than SSL_TLSEXT_ERR_OK.
  3063. */
  3064. void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
  3065. SSL_CTX_npn_select_cb_func cb,
  3066. void *arg)
  3067. {
  3068. if (IS_QUIC_CTX(ctx))
  3069. /* NPN not allowed for QUIC */
  3070. return;
  3071. ctx->ext.npn_select_cb = cb;
  3072. ctx->ext.npn_select_cb_arg = arg;
  3073. }
  3074. #endif
  3075. static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len)
  3076. {
  3077. unsigned int idx;
  3078. if (protos_len < 2 || protos == NULL)
  3079. return 0;
  3080. for (idx = 0; idx < protos_len; idx += protos[idx] + 1) {
  3081. if (protos[idx] == 0)
  3082. return 0;
  3083. }
  3084. return idx == protos_len;
  3085. }
  3086. /*
  3087. * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
  3088. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  3089. * length-prefixed strings). Returns 0 on success.
  3090. */
  3091. int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
  3092. unsigned int protos_len)
  3093. {
  3094. unsigned char *alpn;
  3095. if (protos_len == 0 || protos == NULL) {
  3096. OPENSSL_free(ctx->ext.alpn);
  3097. ctx->ext.alpn = NULL;
  3098. ctx->ext.alpn_len = 0;
  3099. return 0;
  3100. }
  3101. /* Not valid per RFC */
  3102. if (!alpn_value_ok(protos, protos_len))
  3103. return 1;
  3104. alpn = OPENSSL_memdup(protos, protos_len);
  3105. if (alpn == NULL)
  3106. return 1;
  3107. OPENSSL_free(ctx->ext.alpn);
  3108. ctx->ext.alpn = alpn;
  3109. ctx->ext.alpn_len = protos_len;
  3110. return 0;
  3111. }
  3112. /*
  3113. * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
  3114. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  3115. * length-prefixed strings). Returns 0 on success.
  3116. */
  3117. int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
  3118. unsigned int protos_len)
  3119. {
  3120. unsigned char *alpn;
  3121. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  3122. if (sc == NULL)
  3123. return 1;
  3124. if (protos_len == 0 || protos == NULL) {
  3125. OPENSSL_free(sc->ext.alpn);
  3126. sc->ext.alpn = NULL;
  3127. sc->ext.alpn_len = 0;
  3128. return 0;
  3129. }
  3130. /* Not valid per RFC */
  3131. if (!alpn_value_ok(protos, protos_len))
  3132. return 1;
  3133. alpn = OPENSSL_memdup(protos, protos_len);
  3134. if (alpn == NULL)
  3135. return 1;
  3136. OPENSSL_free(sc->ext.alpn);
  3137. sc->ext.alpn = alpn;
  3138. sc->ext.alpn_len = protos_len;
  3139. return 0;
  3140. }
  3141. /*
  3142. * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
  3143. * called during ClientHello processing in order to select an ALPN protocol
  3144. * from the client's list of offered protocols.
  3145. */
  3146. void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
  3147. SSL_CTX_alpn_select_cb_func cb,
  3148. void *arg)
  3149. {
  3150. ctx->ext.alpn_select_cb = cb;
  3151. ctx->ext.alpn_select_cb_arg = arg;
  3152. }
  3153. /*
  3154. * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
  3155. * On return it sets |*data| to point to |*len| bytes of protocol name
  3156. * (not including the leading length-prefix byte). If the server didn't
  3157. * respond with a negotiated protocol then |*len| will be zero.
  3158. */
  3159. void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
  3160. unsigned int *len)
  3161. {
  3162. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  3163. if (sc == NULL) {
  3164. /* We have no other way to indicate error */
  3165. *data = NULL;
  3166. *len = 0;
  3167. return;
  3168. }
  3169. *data = sc->s3.alpn_selected;
  3170. if (*data == NULL)
  3171. *len = 0;
  3172. else
  3173. *len = (unsigned int)sc->s3.alpn_selected_len;
  3174. }
  3175. int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
  3176. const char *label, size_t llen,
  3177. const unsigned char *context, size_t contextlen,
  3178. int use_context)
  3179. {
  3180. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3181. if (sc == NULL)
  3182. return -1;
  3183. if (sc->session == NULL
  3184. || (sc->version < TLS1_VERSION && sc->version != DTLS1_BAD_VER))
  3185. return -1;
  3186. return sc->ssl.method->ssl3_enc->export_keying_material(sc, out, olen, label,
  3187. llen, context,
  3188. contextlen,
  3189. use_context);
  3190. }
  3191. int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
  3192. const char *label, size_t llen,
  3193. const unsigned char *context,
  3194. size_t contextlen)
  3195. {
  3196. int version1_3;
  3197. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3198. if (sc == NULL)
  3199. return -1;
  3200. version1_3 = SSL_CONNECTION_IS_DTLS(sc) ? DTLS1_3_VERSION : TLS1_3_VERSION;
  3201. if (sc->version != version1_3)
  3202. return 0;
  3203. return tls13_export_keying_material_early(sc, out, olen, label, llen,
  3204. context, contextlen);
  3205. }
  3206. static unsigned long ssl_session_hash(const SSL_SESSION *a)
  3207. {
  3208. const unsigned char *session_id = a->session_id;
  3209. unsigned long l;
  3210. unsigned char tmp_storage[4];
  3211. if (a->session_id_length < sizeof(tmp_storage)) {
  3212. memset(tmp_storage, 0, sizeof(tmp_storage));
  3213. memcpy(tmp_storage, a->session_id, a->session_id_length);
  3214. session_id = tmp_storage;
  3215. }
  3216. l = (unsigned long)
  3217. ((unsigned long)session_id[0]) |
  3218. ((unsigned long)session_id[1] << 8L) |
  3219. ((unsigned long)session_id[2] << 16L) |
  3220. ((unsigned long)session_id[3] << 24L);
  3221. return l;
  3222. }
  3223. /*
  3224. * NB: If this function (or indeed the hash function which uses a sort of
  3225. * coarser function than this one) is changed, ensure
  3226. * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
  3227. * being able to construct an SSL_SESSION that will collide with any existing
  3228. * session with a matching session ID.
  3229. */
  3230. static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
  3231. {
  3232. if (a->ssl_version != b->ssl_version)
  3233. return 1;
  3234. if (a->session_id_length != b->session_id_length)
  3235. return 1;
  3236. return memcmp(a->session_id, b->session_id, a->session_id_length);
  3237. }
  3238. /*
  3239. * These wrapper functions should remain rather than redeclaring
  3240. * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
  3241. * variable. The reason is that the functions aren't static, they're exposed
  3242. * via ssl.h.
  3243. */
  3244. SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
  3245. const SSL_METHOD *meth)
  3246. {
  3247. SSL_CTX *ret = NULL;
  3248. #ifndef OPENSSL_NO_COMP_ALG
  3249. int i;
  3250. #endif
  3251. if (meth == NULL) {
  3252. ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_METHOD_PASSED);
  3253. return NULL;
  3254. }
  3255. if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
  3256. return NULL;
  3257. /* Doing this for the run once effect */
  3258. if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
  3259. ERR_raise(ERR_LIB_SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
  3260. goto err;
  3261. }
  3262. ret = OPENSSL_zalloc(sizeof(*ret));
  3263. if (ret == NULL)
  3264. return NULL;
  3265. /* Init the reference counting before any call to SSL_CTX_free */
  3266. if (!CRYPTO_NEW_REF(&ret->references, 1)) {
  3267. OPENSSL_free(ret);
  3268. return NULL;
  3269. }
  3270. ret->lock = CRYPTO_THREAD_lock_new();
  3271. if (ret->lock == NULL) {
  3272. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3273. goto err;
  3274. }
  3275. #ifdef TSAN_REQUIRES_LOCKING
  3276. ret->tsan_lock = CRYPTO_THREAD_lock_new();
  3277. if (ret->tsan_lock == NULL) {
  3278. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3279. goto err;
  3280. }
  3281. #endif
  3282. ret->libctx = libctx;
  3283. if (propq != NULL) {
  3284. ret->propq = OPENSSL_strdup(propq);
  3285. if (ret->propq == NULL)
  3286. goto err;
  3287. }
  3288. ret->method = meth;
  3289. ret->min_proto_version = 0;
  3290. ret->max_proto_version = 0;
  3291. ret->mode = SSL_MODE_AUTO_RETRY;
  3292. ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
  3293. ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
  3294. /* We take the system default. */
  3295. ret->session_timeout = meth->get_timeout();
  3296. ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
  3297. ret->verify_mode = SSL_VERIFY_NONE;
  3298. ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
  3299. if (ret->sessions == NULL) {
  3300. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3301. goto err;
  3302. }
  3303. ret->cert_store = X509_STORE_new();
  3304. if (ret->cert_store == NULL) {
  3305. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  3306. goto err;
  3307. }
  3308. #ifndef OPENSSL_NO_CT
  3309. ret->ctlog_store = CTLOG_STORE_new_ex(libctx, propq);
  3310. if (ret->ctlog_store == NULL) {
  3311. ERR_raise(ERR_LIB_SSL, ERR_R_CT_LIB);
  3312. goto err;
  3313. }
  3314. #endif
  3315. /* initialize cipher/digest methods table */
  3316. if (!ssl_load_ciphers(ret)) {
  3317. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3318. goto err;
  3319. }
  3320. if (!ssl_load_groups(ret)) {
  3321. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3322. goto err;
  3323. }
  3324. /* load provider sigalgs */
  3325. if (!ssl_load_sigalgs(ret)) {
  3326. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3327. goto err;
  3328. }
  3329. /* initialise sig algs */
  3330. if (!ssl_setup_sigalgs(ret)) {
  3331. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3332. goto err;
  3333. }
  3334. if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) {
  3335. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3336. goto err;
  3337. }
  3338. if ((ret->cert = ssl_cert_new(SSL_PKEY_NUM + ret->sigalg_list_len)) == NULL) {
  3339. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3340. goto err;
  3341. }
  3342. if (!ssl_create_cipher_list(ret,
  3343. ret->tls13_ciphersuites,
  3344. &ret->cipher_list, &ret->cipher_list_by_id,
  3345. OSSL_default_cipher_list(), ret->cert)
  3346. || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
  3347. ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
  3348. goto err;
  3349. }
  3350. ret->param = X509_VERIFY_PARAM_new();
  3351. if (ret->param == NULL) {
  3352. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  3353. goto err;
  3354. }
  3355. /*
  3356. * If these aren't available from the provider we'll get NULL returns.
  3357. * That's fine but will cause errors later if SSLv3 is negotiated
  3358. */
  3359. ret->md5 = ssl_evp_md_fetch(libctx, NID_md5, propq);
  3360. ret->sha1 = ssl_evp_md_fetch(libctx, NID_sha1, propq);
  3361. if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) {
  3362. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3363. goto err;
  3364. }
  3365. if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL) {
  3366. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3367. goto err;
  3368. }
  3369. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data)) {
  3370. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3371. goto err;
  3372. }
  3373. if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
  3374. goto err;
  3375. /* No compression for DTLS */
  3376. if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
  3377. ret->comp_methods = SSL_COMP_get_compression_methods();
  3378. ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  3379. ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  3380. /* Setup RFC5077 ticket keys */
  3381. if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name,
  3382. sizeof(ret->ext.tick_key_name), 0) <= 0)
  3383. || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key,
  3384. sizeof(ret->ext.secure->tick_hmac_key), 0) <= 0)
  3385. || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key,
  3386. sizeof(ret->ext.secure->tick_aes_key), 0) <= 0))
  3387. ret->options |= SSL_OP_NO_TICKET;
  3388. if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key,
  3389. sizeof(ret->ext.cookie_hmac_key), 0) <= 0) {
  3390. ERR_raise(ERR_LIB_SSL, ERR_R_RAND_LIB);
  3391. goto err;
  3392. }
  3393. #ifndef OPENSSL_NO_SRP
  3394. if (!ssl_ctx_srp_ctx_init_intern(ret)) {
  3395. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3396. goto err;
  3397. }
  3398. #endif
  3399. #ifndef OPENSSL_NO_ENGINE
  3400. # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
  3401. # define eng_strx(x) #x
  3402. # define eng_str(x) eng_strx(x)
  3403. /* Use specific client engine automatically... ignore errors */
  3404. {
  3405. ENGINE *eng;
  3406. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  3407. if (!eng) {
  3408. ERR_clear_error();
  3409. ENGINE_load_builtin_engines();
  3410. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  3411. }
  3412. if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
  3413. ERR_clear_error();
  3414. }
  3415. # endif
  3416. #endif
  3417. #ifndef OPENSSL_NO_COMP_ALG
  3418. /*
  3419. * Set the default order: brotli, zlib, zstd
  3420. * Including only those enabled algorithms
  3421. */
  3422. memset(ret->cert_comp_prefs, 0, sizeof(ret->cert_comp_prefs));
  3423. i = 0;
  3424. if (ossl_comp_has_alg(TLSEXT_comp_cert_brotli))
  3425. ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_brotli;
  3426. if (ossl_comp_has_alg(TLSEXT_comp_cert_zlib))
  3427. ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_zlib;
  3428. if (ossl_comp_has_alg(TLSEXT_comp_cert_zstd))
  3429. ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_zstd;
  3430. #endif
  3431. /*
  3432. * Disable compression by default to prevent CRIME. Applications can
  3433. * re-enable compression by configuring
  3434. * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
  3435. * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
  3436. * middlebox compatibility by default. This may be disabled by default in
  3437. * a later OpenSSL version.
  3438. */
  3439. ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
  3440. ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
  3441. /*
  3442. * We cannot usefully set a default max_early_data here (which gets
  3443. * propagated in SSL_new(), for the following reason: setting the
  3444. * SSL field causes tls_construct_stoc_early_data() to tell the
  3445. * client that early data will be accepted when constructing a TLS 1.3
  3446. * session ticket, and the client will accordingly send us early data
  3447. * when using that ticket (if the client has early data to send).
  3448. * However, in order for the early data to actually be consumed by
  3449. * the application, the application must also have calls to
  3450. * SSL_read_early_data(); otherwise we'll just skip past the early data
  3451. * and ignore it. So, since the application must add calls to
  3452. * SSL_read_early_data(), we also require them to add
  3453. * calls to SSL_CTX_set_max_early_data() in order to use early data,
  3454. * eliminating the bandwidth-wasting early data in the case described
  3455. * above.
  3456. */
  3457. ret->max_early_data = 0;
  3458. /*
  3459. * Default recv_max_early_data is a fully loaded single record. Could be
  3460. * split across multiple records in practice. We set this differently to
  3461. * max_early_data so that, in the default case, we do not advertise any
  3462. * support for early_data, but if a client were to send us some (e.g.
  3463. * because of an old, stale ticket) then we will tolerate it and skip over
  3464. * it.
  3465. */
  3466. ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
  3467. /* By default we send two session tickets automatically in TLSv1.3 */
  3468. ret->num_tickets = 2;
  3469. ssl_ctx_system_config(ret);
  3470. return ret;
  3471. err:
  3472. SSL_CTX_free(ret);
  3473. return NULL;
  3474. }
  3475. SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
  3476. {
  3477. return SSL_CTX_new_ex(NULL, NULL, meth);
  3478. }
  3479. int SSL_CTX_up_ref(SSL_CTX *ctx)
  3480. {
  3481. int i;
  3482. if (CRYPTO_UP_REF(&ctx->references, &i) <= 0)
  3483. return 0;
  3484. REF_PRINT_COUNT("SSL_CTX", ctx);
  3485. REF_ASSERT_ISNT(i < 2);
  3486. return ((i > 1) ? 1 : 0);
  3487. }
  3488. void SSL_CTX_free(SSL_CTX *a)
  3489. {
  3490. int i;
  3491. size_t j;
  3492. if (a == NULL)
  3493. return;
  3494. CRYPTO_DOWN_REF(&a->references, &i);
  3495. REF_PRINT_COUNT("SSL_CTX", a);
  3496. if (i > 0)
  3497. return;
  3498. REF_ASSERT_ISNT(i < 0);
  3499. X509_VERIFY_PARAM_free(a->param);
  3500. dane_ctx_final(&a->dane);
  3501. /*
  3502. * Free internal session cache. However: the remove_cb() may reference
  3503. * the ex_data of SSL_CTX, thus the ex_data store can only be removed
  3504. * after the sessions were flushed.
  3505. * As the ex_data handling routines might also touch the session cache,
  3506. * the most secure solution seems to be: empty (flush) the cache, then
  3507. * free ex_data, then finally free the cache.
  3508. * (See ticket [openssl.org #212].)
  3509. */
  3510. if (a->sessions != NULL)
  3511. SSL_CTX_flush_sessions(a, 0);
  3512. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
  3513. lh_SSL_SESSION_free(a->sessions);
  3514. X509_STORE_free(a->cert_store);
  3515. #ifndef OPENSSL_NO_CT
  3516. CTLOG_STORE_free(a->ctlog_store);
  3517. #endif
  3518. sk_SSL_CIPHER_free(a->cipher_list);
  3519. sk_SSL_CIPHER_free(a->cipher_list_by_id);
  3520. sk_SSL_CIPHER_free(a->tls13_ciphersuites);
  3521. ssl_cert_free(a->cert);
  3522. sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
  3523. sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
  3524. OSSL_STACK_OF_X509_free(a->extra_certs);
  3525. a->comp_methods = NULL;
  3526. #ifndef OPENSSL_NO_SRTP
  3527. sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
  3528. #endif
  3529. #ifndef OPENSSL_NO_SRP
  3530. ssl_ctx_srp_ctx_free_intern(a);
  3531. #endif
  3532. #ifndef OPENSSL_NO_ENGINE
  3533. tls_engine_finish(a->client_cert_engine);
  3534. #endif
  3535. OPENSSL_free(a->ext.ecpointformats);
  3536. OPENSSL_free(a->ext.supportedgroups);
  3537. OPENSSL_free(a->ext.supported_groups_default);
  3538. OPENSSL_free(a->ext.alpn);
  3539. OPENSSL_secure_free(a->ext.secure);
  3540. ssl_evp_md_free(a->md5);
  3541. ssl_evp_md_free(a->sha1);
  3542. for (j = 0; j < SSL_ENC_NUM_IDX; j++)
  3543. ssl_evp_cipher_free(a->ssl_cipher_methods[j]);
  3544. for (j = 0; j < SSL_MD_NUM_IDX; j++)
  3545. ssl_evp_md_free(a->ssl_digest_methods[j]);
  3546. for (j = 0; j < a->group_list_len; j++) {
  3547. OPENSSL_free(a->group_list[j].tlsname);
  3548. OPENSSL_free(a->group_list[j].realname);
  3549. OPENSSL_free(a->group_list[j].algorithm);
  3550. }
  3551. OPENSSL_free(a->group_list);
  3552. for (j = 0; j < a->sigalg_list_len; j++) {
  3553. OPENSSL_free(a->sigalg_list[j].name);
  3554. OPENSSL_free(a->sigalg_list[j].sigalg_name);
  3555. OPENSSL_free(a->sigalg_list[j].sigalg_oid);
  3556. OPENSSL_free(a->sigalg_list[j].sig_name);
  3557. OPENSSL_free(a->sigalg_list[j].sig_oid);
  3558. OPENSSL_free(a->sigalg_list[j].hash_name);
  3559. OPENSSL_free(a->sigalg_list[j].hash_oid);
  3560. OPENSSL_free(a->sigalg_list[j].keytype);
  3561. OPENSSL_free(a->sigalg_list[j].keytype_oid);
  3562. }
  3563. OPENSSL_free(a->sigalg_list);
  3564. OPENSSL_free(a->ssl_cert_info);
  3565. OPENSSL_free(a->sigalg_lookup_cache);
  3566. OPENSSL_free(a->tls12_sigalgs);
  3567. OPENSSL_free(a->client_cert_type);
  3568. OPENSSL_free(a->server_cert_type);
  3569. CRYPTO_THREAD_lock_free(a->lock);
  3570. CRYPTO_FREE_REF(&a->references);
  3571. #ifdef TSAN_REQUIRES_LOCKING
  3572. CRYPTO_THREAD_lock_free(a->tsan_lock);
  3573. #endif
  3574. OPENSSL_free(a->propq);
  3575. #ifndef OPENSSL_NO_QLOG
  3576. OPENSSL_free(a->qlog_title);
  3577. #endif
  3578. OPENSSL_free(a);
  3579. }
  3580. void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
  3581. {
  3582. ctx->default_passwd_callback = cb;
  3583. }
  3584. void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
  3585. {
  3586. ctx->default_passwd_callback_userdata = u;
  3587. }
  3588. pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
  3589. {
  3590. return ctx->default_passwd_callback;
  3591. }
  3592. void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
  3593. {
  3594. return ctx->default_passwd_callback_userdata;
  3595. }
  3596. void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
  3597. {
  3598. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3599. if (sc == NULL)
  3600. return;
  3601. sc->default_passwd_callback = cb;
  3602. }
  3603. void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
  3604. {
  3605. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3606. if (sc == NULL)
  3607. return;
  3608. sc->default_passwd_callback_userdata = u;
  3609. }
  3610. pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
  3611. {
  3612. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3613. if (sc == NULL)
  3614. return NULL;
  3615. return sc->default_passwd_callback;
  3616. }
  3617. void *SSL_get_default_passwd_cb_userdata(SSL *s)
  3618. {
  3619. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3620. if (sc == NULL)
  3621. return NULL;
  3622. return sc->default_passwd_callback_userdata;
  3623. }
  3624. void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
  3625. int (*cb) (X509_STORE_CTX *, void *),
  3626. void *arg)
  3627. {
  3628. ctx->app_verify_callback = cb;
  3629. ctx->app_verify_arg = arg;
  3630. }
  3631. void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
  3632. int (*cb) (int, X509_STORE_CTX *))
  3633. {
  3634. ctx->verify_mode = mode;
  3635. ctx->default_verify_callback = cb;
  3636. }
  3637. void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
  3638. {
  3639. X509_VERIFY_PARAM_set_depth(ctx->param, depth);
  3640. }
  3641. void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
  3642. {
  3643. ssl_cert_set_cert_cb(c->cert, cb, arg);
  3644. }
  3645. void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
  3646. {
  3647. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3648. if (sc == NULL)
  3649. return;
  3650. ssl_cert_set_cert_cb(sc->cert, cb, arg);
  3651. }
  3652. void ssl_set_masks(SSL_CONNECTION *s)
  3653. {
  3654. CERT *c = s->cert;
  3655. uint32_t *pvalid = s->s3.tmp.valid_flags;
  3656. int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
  3657. unsigned long mask_k, mask_a;
  3658. int have_ecc_cert, ecdsa_ok;
  3659. if (c == NULL)
  3660. return;
  3661. dh_tmp = (c->dh_tmp != NULL
  3662. || c->dh_tmp_cb != NULL
  3663. || c->dh_tmp_auto);
  3664. rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  3665. rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  3666. dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
  3667. have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
  3668. mask_k = 0;
  3669. mask_a = 0;
  3670. OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n",
  3671. dh_tmp, rsa_enc, rsa_sign, dsa_sign);
  3672. #ifndef OPENSSL_NO_GOST
  3673. if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
  3674. mask_k |= SSL_kGOST | SSL_kGOST18;
  3675. mask_a |= SSL_aGOST12;
  3676. }
  3677. if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
  3678. mask_k |= SSL_kGOST | SSL_kGOST18;
  3679. mask_a |= SSL_aGOST12;
  3680. }
  3681. if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
  3682. mask_k |= SSL_kGOST;
  3683. mask_a |= SSL_aGOST01;
  3684. }
  3685. #endif
  3686. if (rsa_enc)
  3687. mask_k |= SSL_kRSA;
  3688. if (dh_tmp)
  3689. mask_k |= SSL_kDHE;
  3690. /*
  3691. * If we only have an RSA-PSS certificate allow RSA authentication
  3692. * if TLS 1.2 and peer supports it.
  3693. */
  3694. if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
  3695. && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
  3696. && TLS1_get_version(&s->ssl) == TLS1_2_VERSION))
  3697. mask_a |= SSL_aRSA;
  3698. if (dsa_sign) {
  3699. mask_a |= SSL_aDSS;
  3700. }
  3701. mask_a |= SSL_aNULL;
  3702. /*
  3703. * You can do anything with an RPK key, since there's no cert to restrict it
  3704. * But we need to check for private keys
  3705. */
  3706. if (pvalid[SSL_PKEY_RSA] & CERT_PKEY_RPK) {
  3707. mask_a |= SSL_aRSA;
  3708. mask_k |= SSL_kRSA;
  3709. }
  3710. if (pvalid[SSL_PKEY_ECC] & CERT_PKEY_RPK)
  3711. mask_a |= SSL_aECDSA;
  3712. if (TLS1_get_version(&s->ssl) == TLS1_2_VERSION) {
  3713. if (pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_RPK)
  3714. mask_a |= SSL_aRSA;
  3715. if (pvalid[SSL_PKEY_ED25519] & CERT_PKEY_RPK
  3716. || pvalid[SSL_PKEY_ED448] & CERT_PKEY_RPK)
  3717. mask_a |= SSL_aECDSA;
  3718. }
  3719. /*
  3720. * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
  3721. * depending on the key usage extension.
  3722. */
  3723. if (have_ecc_cert) {
  3724. uint32_t ex_kusage;
  3725. ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
  3726. ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
  3727. if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
  3728. ecdsa_ok = 0;
  3729. if (ecdsa_ok)
  3730. mask_a |= SSL_aECDSA;
  3731. }
  3732. /* Allow Ed25519 for TLS 1.2 if peer supports it */
  3733. if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
  3734. && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
  3735. && TLS1_get_version(&s->ssl) == TLS1_2_VERSION)
  3736. mask_a |= SSL_aECDSA;
  3737. /* Allow Ed448 for TLS 1.2 if peer supports it */
  3738. if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
  3739. && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
  3740. && TLS1_get_version(&s->ssl) == TLS1_2_VERSION)
  3741. mask_a |= SSL_aECDSA;
  3742. mask_k |= SSL_kECDHE;
  3743. #ifndef OPENSSL_NO_PSK
  3744. mask_k |= SSL_kPSK;
  3745. mask_a |= SSL_aPSK;
  3746. if (mask_k & SSL_kRSA)
  3747. mask_k |= SSL_kRSAPSK;
  3748. if (mask_k & SSL_kDHE)
  3749. mask_k |= SSL_kDHEPSK;
  3750. if (mask_k & SSL_kECDHE)
  3751. mask_k |= SSL_kECDHEPSK;
  3752. #endif
  3753. s->s3.tmp.mask_k = mask_k;
  3754. s->s3.tmp.mask_a = mask_a;
  3755. }
  3756. int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CONNECTION *s)
  3757. {
  3758. if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
  3759. /* key usage, if present, must allow signing */
  3760. if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
  3761. ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
  3762. return 0;
  3763. }
  3764. }
  3765. return 1; /* all checks are ok */
  3766. }
  3767. int ssl_get_server_cert_serverinfo(SSL_CONNECTION *s,
  3768. const unsigned char **serverinfo,
  3769. size_t *serverinfo_length)
  3770. {
  3771. CERT_PKEY *cpk = s->s3.tmp.cert;
  3772. *serverinfo_length = 0;
  3773. if (cpk == NULL || cpk->serverinfo == NULL)
  3774. return 0;
  3775. *serverinfo = cpk->serverinfo;
  3776. *serverinfo_length = cpk->serverinfo_length;
  3777. return 1;
  3778. }
  3779. void ssl_update_cache(SSL_CONNECTION *s, int mode)
  3780. {
  3781. int i;
  3782. /*
  3783. * If the session_id_length is 0, we are not supposed to cache it, and it
  3784. * would be rather hard to do anyway :-). Also if the session has already
  3785. * been marked as not_resumable we should not cache it for later reuse.
  3786. */
  3787. if (s->session->session_id_length == 0 || s->session->not_resumable)
  3788. return;
  3789. /*
  3790. * If sid_ctx_length is 0 there is no specific application context
  3791. * associated with this session, so when we try to resume it and
  3792. * SSL_VERIFY_PEER is requested to verify the client identity, we have no
  3793. * indication that this is actually a session for the proper application
  3794. * context, and the *handshake* will fail, not just the resumption attempt.
  3795. * Do not cache (on the server) these sessions that are not resumable
  3796. * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
  3797. */
  3798. if (s->server && s->session->sid_ctx_length == 0
  3799. && (s->verify_mode & SSL_VERIFY_PEER) != 0)
  3800. return;
  3801. i = s->session_ctx->session_cache_mode;
  3802. if ((i & mode) != 0
  3803. && (!s->hit || SSL_CONNECTION_IS_VERSION13(s))) {
  3804. /*
  3805. * Add the session to the internal cache. In server side TLSv1.3 we
  3806. * normally don't do this because by default it's a full stateless ticket
  3807. * with only a dummy session id so there is no reason to cache it,
  3808. * unless:
  3809. * - we are doing early_data, in which case we cache so that we can
  3810. * detect replays
  3811. * - the application has set a remove_session_cb so needs to know about
  3812. * session timeout events
  3813. * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
  3814. */
  3815. if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
  3816. && (!SSL_CONNECTION_IS_VERSION13(s)
  3817. || !s->server
  3818. || (s->max_early_data > 0
  3819. && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
  3820. || s->session_ctx->remove_session_cb != NULL
  3821. || (s->options & SSL_OP_NO_TICKET) != 0))
  3822. SSL_CTX_add_session(s->session_ctx, s->session);
  3823. /*
  3824. * Add the session to the external cache. We do this even in server side
  3825. * TLSv1.3 without early data because some applications just want to
  3826. * know about the creation of a session and aren't doing a full cache.
  3827. */
  3828. if (s->session_ctx->new_session_cb != NULL) {
  3829. SSL_SESSION_up_ref(s->session);
  3830. if (!s->session_ctx->new_session_cb(SSL_CONNECTION_GET_SSL(s),
  3831. s->session))
  3832. SSL_SESSION_free(s->session);
  3833. }
  3834. }
  3835. /* auto flush every 255 connections */
  3836. if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
  3837. TSAN_QUALIFIER int *stat;
  3838. if (mode & SSL_SESS_CACHE_CLIENT)
  3839. stat = &s->session_ctx->stats.sess_connect_good;
  3840. else
  3841. stat = &s->session_ctx->stats.sess_accept_good;
  3842. if ((ssl_tsan_load(s->session_ctx, stat) & 0xff) == 0xff)
  3843. SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
  3844. }
  3845. }
  3846. const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
  3847. {
  3848. return ctx->method;
  3849. }
  3850. const SSL_METHOD *SSL_get_ssl_method(const SSL *s)
  3851. {
  3852. return s->method;
  3853. }
  3854. int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
  3855. {
  3856. int ret = 1;
  3857. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3858. /* Not allowed for QUIC */
  3859. if (sc == NULL
  3860. || (s->type != SSL_TYPE_SSL_CONNECTION && s->method != meth)
  3861. || (s->type == SSL_TYPE_SSL_CONNECTION && IS_QUIC_METHOD(meth)))
  3862. return 0;
  3863. if (s->method != meth) {
  3864. const SSL_METHOD *sm = s->method;
  3865. int (*hf) (SSL *) = sc->handshake_func;
  3866. if (sm->version == meth->version)
  3867. s->method = meth;
  3868. else {
  3869. sm->ssl_deinit(s);
  3870. s->method = meth;
  3871. ret = s->method->ssl_init(s);
  3872. }
  3873. if (hf == sm->ssl_connect)
  3874. sc->handshake_func = meth->ssl_connect;
  3875. else if (hf == sm->ssl_accept)
  3876. sc->handshake_func = meth->ssl_accept;
  3877. }
  3878. return ret;
  3879. }
  3880. int SSL_get_error(const SSL *s, int i)
  3881. {
  3882. return ossl_ssl_get_error(s, i, /*check_err=*/1);
  3883. }
  3884. int ossl_ssl_get_error(const SSL *s, int i, int check_err)
  3885. {
  3886. int reason;
  3887. unsigned long l;
  3888. BIO *bio;
  3889. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  3890. if (i > 0)
  3891. return SSL_ERROR_NONE;
  3892. #ifndef OPENSSL_NO_QUIC
  3893. if (IS_QUIC(s)) {
  3894. reason = ossl_quic_get_error(s, i);
  3895. if (reason != SSL_ERROR_NONE)
  3896. return reason;
  3897. }
  3898. #endif
  3899. if (sc == NULL)
  3900. return SSL_ERROR_SSL;
  3901. /*
  3902. * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
  3903. * where we do encode the error
  3904. */
  3905. if (check_err && (l = ERR_peek_error()) != 0) {
  3906. if (ERR_GET_LIB(l) == ERR_LIB_SYS)
  3907. return SSL_ERROR_SYSCALL;
  3908. else
  3909. return SSL_ERROR_SSL;
  3910. }
  3911. #ifndef OPENSSL_NO_QUIC
  3912. if (!IS_QUIC(s))
  3913. #endif
  3914. {
  3915. if (SSL_want_read(s)) {
  3916. bio = SSL_get_rbio(s);
  3917. if (BIO_should_read(bio))
  3918. return SSL_ERROR_WANT_READ;
  3919. else if (BIO_should_write(bio))
  3920. /*
  3921. * This one doesn't make too much sense ... We never try to
  3922. * write to the rbio, and an application program where rbio and
  3923. * wbio are separate couldn't even know what it should wait for.
  3924. * However if we ever set s->rwstate incorrectly (so that we
  3925. * have SSL_want_read(s) instead of SSL_want_write(s)) and rbio
  3926. * and wbio *are* the same, this test works around that bug; so
  3927. * it might be safer to keep it.
  3928. */
  3929. return SSL_ERROR_WANT_WRITE;
  3930. else if (BIO_should_io_special(bio)) {
  3931. reason = BIO_get_retry_reason(bio);
  3932. if (reason == BIO_RR_CONNECT)
  3933. return SSL_ERROR_WANT_CONNECT;
  3934. else if (reason == BIO_RR_ACCEPT)
  3935. return SSL_ERROR_WANT_ACCEPT;
  3936. else
  3937. return SSL_ERROR_SYSCALL; /* unknown */
  3938. }
  3939. }
  3940. if (SSL_want_write(s)) {
  3941. /*
  3942. * Access wbio directly - in order to use the buffered bio if
  3943. * present
  3944. */
  3945. bio = sc->wbio;
  3946. if (BIO_should_write(bio))
  3947. return SSL_ERROR_WANT_WRITE;
  3948. else if (BIO_should_read(bio))
  3949. /*
  3950. * See above (SSL_want_read(s) with BIO_should_write(bio))
  3951. */
  3952. return SSL_ERROR_WANT_READ;
  3953. else if (BIO_should_io_special(bio)) {
  3954. reason = BIO_get_retry_reason(bio);
  3955. if (reason == BIO_RR_CONNECT)
  3956. return SSL_ERROR_WANT_CONNECT;
  3957. else if (reason == BIO_RR_ACCEPT)
  3958. return SSL_ERROR_WANT_ACCEPT;
  3959. else
  3960. return SSL_ERROR_SYSCALL;
  3961. }
  3962. }
  3963. }
  3964. if (SSL_want_x509_lookup(s))
  3965. return SSL_ERROR_WANT_X509_LOOKUP;
  3966. if (SSL_want_retry_verify(s))
  3967. return SSL_ERROR_WANT_RETRY_VERIFY;
  3968. if (SSL_want_async(s))
  3969. return SSL_ERROR_WANT_ASYNC;
  3970. if (SSL_want_async_job(s))
  3971. return SSL_ERROR_WANT_ASYNC_JOB;
  3972. if (SSL_want_client_hello_cb(s))
  3973. return SSL_ERROR_WANT_CLIENT_HELLO_CB;
  3974. if ((sc->shutdown & SSL_RECEIVED_SHUTDOWN) &&
  3975. (sc->s3.warn_alert == SSL_AD_CLOSE_NOTIFY))
  3976. return SSL_ERROR_ZERO_RETURN;
  3977. return SSL_ERROR_SYSCALL;
  3978. }
  3979. static int ssl_do_handshake_intern(void *vargs)
  3980. {
  3981. struct ssl_async_args *args = (struct ssl_async_args *)vargs;
  3982. SSL *s = args->s;
  3983. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3984. if (sc == NULL)
  3985. return -1;
  3986. return sc->handshake_func(s);
  3987. }
  3988. int SSL_do_handshake(SSL *s)
  3989. {
  3990. int ret = 1;
  3991. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3992. #ifndef OPENSSL_NO_QUIC
  3993. if (IS_QUIC(s))
  3994. return ossl_quic_do_handshake(s);
  3995. #endif
  3996. if (sc->handshake_func == NULL) {
  3997. ERR_raise(ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
  3998. return -1;
  3999. }
  4000. ossl_statem_check_finish_init(sc, -1);
  4001. s->method->ssl_renegotiate_check(s, 0);
  4002. if (SSL_in_init(s) || SSL_in_before(s)) {
  4003. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  4004. struct ssl_async_args args;
  4005. memset(&args, 0, sizeof(args));
  4006. args.s = s;
  4007. ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
  4008. } else {
  4009. ret = sc->handshake_func(s);
  4010. }
  4011. }
  4012. return ret;
  4013. }
  4014. void SSL_set_accept_state(SSL *s)
  4015. {
  4016. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4017. #ifndef OPENSSL_NO_QUIC
  4018. if (IS_QUIC(s)) {
  4019. ossl_quic_set_accept_state(s);
  4020. return;
  4021. }
  4022. #endif
  4023. sc->server = 1;
  4024. sc->shutdown = 0;
  4025. ossl_statem_clear(sc);
  4026. sc->handshake_func = s->method->ssl_accept;
  4027. /* Ignore return value. Its a void public API function */
  4028. RECORD_LAYER_reset(&sc->rlayer);
  4029. }
  4030. void SSL_set_connect_state(SSL *s)
  4031. {
  4032. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4033. #ifndef OPENSSL_NO_QUIC
  4034. if (IS_QUIC(s)) {
  4035. ossl_quic_set_connect_state(s);
  4036. return;
  4037. }
  4038. #endif
  4039. sc->server = 0;
  4040. sc->shutdown = 0;
  4041. ossl_statem_clear(sc);
  4042. sc->handshake_func = s->method->ssl_connect;
  4043. /* Ignore return value. Its a void public API function */
  4044. RECORD_LAYER_reset(&sc->rlayer);
  4045. }
  4046. int ssl_undefined_function(SSL *s)
  4047. {
  4048. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  4049. return 0;
  4050. }
  4051. int ssl_undefined_void_function(void)
  4052. {
  4053. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  4054. return 0;
  4055. }
  4056. int ssl_undefined_const_function(const SSL *s)
  4057. {
  4058. return 0;
  4059. }
  4060. const char *ssl_protocol_to_string(int version)
  4061. {
  4062. switch (version)
  4063. {
  4064. case TLS1_3_VERSION:
  4065. return "TLSv1.3";
  4066. case TLS1_2_VERSION:
  4067. return "TLSv1.2";
  4068. case TLS1_1_VERSION:
  4069. return "TLSv1.1";
  4070. case TLS1_VERSION:
  4071. return "TLSv1";
  4072. case SSL3_VERSION:
  4073. return "SSLv3";
  4074. case DTLS1_BAD_VER:
  4075. return "DTLSv0.9";
  4076. case DTLS1_VERSION:
  4077. return "DTLSv1";
  4078. case DTLS1_2_VERSION:
  4079. return "DTLSv1.2";
  4080. case DTLS1_3_VERSION:
  4081. return "DTLSv1.3";
  4082. default:
  4083. return "unknown";
  4084. }
  4085. }
  4086. const char *SSL_get_version(const SSL *s)
  4087. {
  4088. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4089. #ifndef OPENSSL_NO_QUIC
  4090. /* We only support QUICv1 - so if its QUIC its QUICv1 */
  4091. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  4092. return "QUICv1";
  4093. #endif
  4094. if (sc == NULL)
  4095. return NULL;
  4096. return ssl_protocol_to_string(sc->version);
  4097. }
  4098. __owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt)
  4099. {
  4100. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4101. if (sc == NULL)
  4102. return -1;
  4103. if (sc->ts_msg_write.t <= 0 || sc->ts_msg_read.t <= 0)
  4104. return 0; /* data not (yet) available */
  4105. if (sc->ts_msg_read.t < sc->ts_msg_write.t)
  4106. return -1;
  4107. *rtt = ossl_time2us(ossl_time_subtract(sc->ts_msg_read, sc->ts_msg_write));
  4108. return 1;
  4109. }
  4110. static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
  4111. {
  4112. STACK_OF(X509_NAME) *sk;
  4113. X509_NAME *xn;
  4114. int i;
  4115. if (src == NULL) {
  4116. *dst = NULL;
  4117. return 1;
  4118. }
  4119. if ((sk = sk_X509_NAME_new_null()) == NULL)
  4120. return 0;
  4121. for (i = 0; i < sk_X509_NAME_num(src); i++) {
  4122. xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
  4123. if (xn == NULL) {
  4124. sk_X509_NAME_pop_free(sk, X509_NAME_free);
  4125. return 0;
  4126. }
  4127. if (sk_X509_NAME_insert(sk, xn, i) == 0) {
  4128. X509_NAME_free(xn);
  4129. sk_X509_NAME_pop_free(sk, X509_NAME_free);
  4130. return 0;
  4131. }
  4132. }
  4133. *dst = sk;
  4134. return 1;
  4135. }
  4136. SSL *SSL_dup(SSL *s)
  4137. {
  4138. SSL *ret;
  4139. int i;
  4140. /* TODO(QUIC FUTURE): Add a SSL_METHOD function for duplication */
  4141. SSL_CONNECTION *retsc;
  4142. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4143. if (sc == NULL)
  4144. return NULL;
  4145. /* If we're not quiescent, just up_ref! */
  4146. if (!SSL_in_init(s) || !SSL_in_before(s)) {
  4147. CRYPTO_UP_REF(&s->references, &i);
  4148. return s;
  4149. }
  4150. /*
  4151. * Otherwise, copy configuration state, and session if set.
  4152. */
  4153. if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
  4154. return NULL;
  4155. if ((retsc = SSL_CONNECTION_FROM_SSL_ONLY(ret)) == NULL)
  4156. goto err;
  4157. if (sc->session != NULL) {
  4158. /*
  4159. * Arranges to share the same session via up_ref. This "copies"
  4160. * session-id, SSL_METHOD, sid_ctx, and 'cert'
  4161. */
  4162. if (!SSL_copy_session_id(ret, s))
  4163. goto err;
  4164. } else {
  4165. /*
  4166. * No session has been established yet, so we have to expect that
  4167. * s->cert or ret->cert will be changed later -- they should not both
  4168. * point to the same object, and thus we can't use
  4169. * SSL_copy_session_id.
  4170. */
  4171. if (!SSL_set_ssl_method(ret, s->method))
  4172. goto err;
  4173. if (sc->cert != NULL) {
  4174. ssl_cert_free(retsc->cert);
  4175. retsc->cert = ssl_cert_dup(sc->cert);
  4176. if (retsc->cert == NULL)
  4177. goto err;
  4178. }
  4179. if (!SSL_set_session_id_context(ret, sc->sid_ctx,
  4180. (int)sc->sid_ctx_length))
  4181. goto err;
  4182. }
  4183. if (!ssl_dane_dup(retsc, sc))
  4184. goto err;
  4185. retsc->version = sc->version;
  4186. retsc->options = sc->options;
  4187. retsc->min_proto_version = sc->min_proto_version;
  4188. retsc->max_proto_version = sc->max_proto_version;
  4189. retsc->mode = sc->mode;
  4190. SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
  4191. SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
  4192. retsc->msg_callback = sc->msg_callback;
  4193. retsc->msg_callback_arg = sc->msg_callback_arg;
  4194. SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
  4195. SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
  4196. retsc->generate_session_id = sc->generate_session_id;
  4197. SSL_set_info_callback(ret, SSL_get_info_callback(s));
  4198. /* copy app data, a little dangerous perhaps */
  4199. if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
  4200. goto err;
  4201. retsc->server = sc->server;
  4202. if (sc->handshake_func) {
  4203. if (sc->server)
  4204. SSL_set_accept_state(ret);
  4205. else
  4206. SSL_set_connect_state(ret);
  4207. }
  4208. retsc->shutdown = sc->shutdown;
  4209. retsc->hit = sc->hit;
  4210. retsc->default_passwd_callback = sc->default_passwd_callback;
  4211. retsc->default_passwd_callback_userdata = sc->default_passwd_callback_userdata;
  4212. X509_VERIFY_PARAM_inherit(retsc->param, sc->param);
  4213. /* dup the cipher_list and cipher_list_by_id stacks */
  4214. if (sc->cipher_list != NULL) {
  4215. if ((retsc->cipher_list = sk_SSL_CIPHER_dup(sc->cipher_list)) == NULL)
  4216. goto err;
  4217. }
  4218. if (sc->cipher_list_by_id != NULL)
  4219. if ((retsc->cipher_list_by_id = sk_SSL_CIPHER_dup(sc->cipher_list_by_id))
  4220. == NULL)
  4221. goto err;
  4222. /* Dup the client_CA list */
  4223. if (!dup_ca_names(&retsc->ca_names, sc->ca_names)
  4224. || !dup_ca_names(&retsc->client_ca_names, sc->client_ca_names))
  4225. goto err;
  4226. return ret;
  4227. err:
  4228. SSL_free(ret);
  4229. return NULL;
  4230. }
  4231. X509 *SSL_get_certificate(const SSL *s)
  4232. {
  4233. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4234. if (sc == NULL)
  4235. return NULL;
  4236. if (sc->cert != NULL)
  4237. return sc->cert->key->x509;
  4238. else
  4239. return NULL;
  4240. }
  4241. EVP_PKEY *SSL_get_privatekey(const SSL *s)
  4242. {
  4243. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4244. if (sc == NULL)
  4245. return NULL;
  4246. if (sc->cert != NULL)
  4247. return sc->cert->key->privatekey;
  4248. else
  4249. return NULL;
  4250. }
  4251. X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
  4252. {
  4253. if (ctx->cert != NULL)
  4254. return ctx->cert->key->x509;
  4255. else
  4256. return NULL;
  4257. }
  4258. EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
  4259. {
  4260. if (ctx->cert != NULL)
  4261. return ctx->cert->key->privatekey;
  4262. else
  4263. return NULL;
  4264. }
  4265. const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
  4266. {
  4267. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4268. if (sc == NULL)
  4269. return NULL;
  4270. if ((sc->session != NULL) && (sc->session->cipher != NULL))
  4271. return sc->session->cipher;
  4272. return NULL;
  4273. }
  4274. const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
  4275. {
  4276. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4277. if (sc == NULL)
  4278. return NULL;
  4279. return sc->s3.tmp.new_cipher;
  4280. }
  4281. const COMP_METHOD *SSL_get_current_compression(const SSL *s)
  4282. {
  4283. #ifndef OPENSSL_NO_COMP
  4284. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4285. if (sc == NULL)
  4286. return NULL;
  4287. return sc->rlayer.wrlmethod->get_compression(sc->rlayer.wrl);
  4288. #else
  4289. return NULL;
  4290. #endif
  4291. }
  4292. const COMP_METHOD *SSL_get_current_expansion(const SSL *s)
  4293. {
  4294. #ifndef OPENSSL_NO_COMP
  4295. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4296. if (sc == NULL)
  4297. return NULL;
  4298. return sc->rlayer.rrlmethod->get_compression(sc->rlayer.rrl);
  4299. #else
  4300. return NULL;
  4301. #endif
  4302. }
  4303. int ssl_init_wbio_buffer(SSL_CONNECTION *s)
  4304. {
  4305. BIO *bbio;
  4306. if (s->bbio != NULL) {
  4307. /* Already buffered. */
  4308. return 1;
  4309. }
  4310. bbio = BIO_new(BIO_f_buffer());
  4311. if (bbio == NULL || BIO_set_read_buffer_size(bbio, 1) <= 0) {
  4312. BIO_free(bbio);
  4313. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  4314. return 0;
  4315. }
  4316. s->bbio = bbio;
  4317. s->wbio = BIO_push(bbio, s->wbio);
  4318. s->rlayer.wrlmethod->set1_bio(s->rlayer.wrl, s->wbio);
  4319. return 1;
  4320. }
  4321. int ssl_free_wbio_buffer(SSL_CONNECTION *s)
  4322. {
  4323. /* callers ensure s is never null */
  4324. if (s->bbio == NULL)
  4325. return 1;
  4326. s->wbio = BIO_pop(s->wbio);
  4327. s->rlayer.wrlmethod->set1_bio(s->rlayer.wrl, s->wbio);
  4328. BIO_free(s->bbio);
  4329. s->bbio = NULL;
  4330. return 1;
  4331. }
  4332. void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
  4333. {
  4334. ctx->quiet_shutdown = mode;
  4335. }
  4336. int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
  4337. {
  4338. return ctx->quiet_shutdown;
  4339. }
  4340. void SSL_set_quiet_shutdown(SSL *s, int mode)
  4341. {
  4342. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4343. /* Not supported with QUIC */
  4344. if (sc == NULL)
  4345. return;
  4346. sc->quiet_shutdown = mode;
  4347. }
  4348. int SSL_get_quiet_shutdown(const SSL *s)
  4349. {
  4350. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4351. /* Not supported with QUIC */
  4352. if (sc == NULL)
  4353. return 0;
  4354. return sc->quiet_shutdown;
  4355. }
  4356. void SSL_set_shutdown(SSL *s, int mode)
  4357. {
  4358. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4359. /* Not supported with QUIC */
  4360. if (sc == NULL)
  4361. return;
  4362. sc->shutdown = mode;
  4363. }
  4364. int SSL_get_shutdown(const SSL *s)
  4365. {
  4366. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4367. #ifndef OPENSSL_NO_QUIC
  4368. /* QUIC: Just indicate whether the connection was shutdown cleanly. */
  4369. if (IS_QUIC(s))
  4370. return ossl_quic_get_shutdown(s);
  4371. #endif
  4372. if (sc == NULL)
  4373. return 0;
  4374. return sc->shutdown;
  4375. }
  4376. int SSL_version(const SSL *s)
  4377. {
  4378. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4379. #ifndef OPENSSL_NO_QUIC
  4380. /* We only support QUICv1 - so if its QUIC its QUICv1 */
  4381. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  4382. return OSSL_QUIC1_VERSION;
  4383. #endif
  4384. if (sc == NULL)
  4385. return 0;
  4386. return sc->version;
  4387. }
  4388. int SSL_client_version(const SSL *s)
  4389. {
  4390. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4391. #ifndef OPENSSL_NO_QUIC
  4392. /* We only support QUICv1 - so if its QUIC its QUICv1 */
  4393. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  4394. return OSSL_QUIC1_VERSION;
  4395. #endif
  4396. if (sc == NULL)
  4397. return 0;
  4398. return sc->client_version;
  4399. }
  4400. SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
  4401. {
  4402. return ssl->ctx;
  4403. }
  4404. SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
  4405. {
  4406. CERT *new_cert;
  4407. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  4408. /* TODO(QUIC FUTURE): Add support for QUIC */
  4409. if (sc == NULL)
  4410. return NULL;
  4411. if (ssl->ctx == ctx)
  4412. return ssl->ctx;
  4413. if (ctx == NULL)
  4414. ctx = sc->session_ctx;
  4415. new_cert = ssl_cert_dup(ctx->cert);
  4416. if (new_cert == NULL) {
  4417. return NULL;
  4418. }
  4419. if (!custom_exts_copy_flags(&new_cert->custext, &sc->cert->custext)) {
  4420. ssl_cert_free(new_cert);
  4421. return NULL;
  4422. }
  4423. ssl_cert_free(sc->cert);
  4424. sc->cert = new_cert;
  4425. /*
  4426. * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
  4427. * so setter APIs must prevent invalid lengths from entering the system.
  4428. */
  4429. if (!ossl_assert(sc->sid_ctx_length <= sizeof(sc->sid_ctx)))
  4430. return NULL;
  4431. /*
  4432. * If the session ID context matches that of the parent SSL_CTX,
  4433. * inherit it from the new SSL_CTX as well. If however the context does
  4434. * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
  4435. * leave it unchanged.
  4436. */
  4437. if ((ssl->ctx != NULL) &&
  4438. (sc->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
  4439. (memcmp(sc->sid_ctx, ssl->ctx->sid_ctx, sc->sid_ctx_length) == 0)) {
  4440. sc->sid_ctx_length = ctx->sid_ctx_length;
  4441. memcpy(&sc->sid_ctx, &ctx->sid_ctx, sizeof(sc->sid_ctx));
  4442. }
  4443. SSL_CTX_up_ref(ctx);
  4444. SSL_CTX_free(ssl->ctx); /* decrement reference count */
  4445. ssl->ctx = ctx;
  4446. return ssl->ctx;
  4447. }
  4448. int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
  4449. {
  4450. return X509_STORE_set_default_paths_ex(ctx->cert_store, ctx->libctx,
  4451. ctx->propq);
  4452. }
  4453. int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
  4454. {
  4455. X509_LOOKUP *lookup;
  4456. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
  4457. if (lookup == NULL)
  4458. return 0;
  4459. /* We ignore errors, in case the directory doesn't exist */
  4460. ERR_set_mark();
  4461. X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
  4462. ERR_pop_to_mark();
  4463. return 1;
  4464. }
  4465. int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
  4466. {
  4467. X509_LOOKUP *lookup;
  4468. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
  4469. if (lookup == NULL)
  4470. return 0;
  4471. /* We ignore errors, in case the file doesn't exist */
  4472. ERR_set_mark();
  4473. X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, ctx->libctx,
  4474. ctx->propq);
  4475. ERR_pop_to_mark();
  4476. return 1;
  4477. }
  4478. int SSL_CTX_set_default_verify_store(SSL_CTX *ctx)
  4479. {
  4480. X509_LOOKUP *lookup;
  4481. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_store());
  4482. if (lookup == NULL)
  4483. return 0;
  4484. /* We ignore errors, in case the directory doesn't exist */
  4485. ERR_set_mark();
  4486. X509_LOOKUP_add_store_ex(lookup, NULL, ctx->libctx, ctx->propq);
  4487. ERR_pop_to_mark();
  4488. return 1;
  4489. }
  4490. int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile)
  4491. {
  4492. return X509_STORE_load_file_ex(ctx->cert_store, CAfile, ctx->libctx,
  4493. ctx->propq);
  4494. }
  4495. int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath)
  4496. {
  4497. return X509_STORE_load_path(ctx->cert_store, CApath);
  4498. }
  4499. int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
  4500. {
  4501. return X509_STORE_load_store_ex(ctx->cert_store, CAstore, ctx->libctx,
  4502. ctx->propq);
  4503. }
  4504. int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
  4505. const char *CApath)
  4506. {
  4507. if (CAfile == NULL && CApath == NULL)
  4508. return 0;
  4509. if (CAfile != NULL && !SSL_CTX_load_verify_file(ctx, CAfile))
  4510. return 0;
  4511. if (CApath != NULL && !SSL_CTX_load_verify_dir(ctx, CApath))
  4512. return 0;
  4513. return 1;
  4514. }
  4515. void SSL_set_info_callback(SSL *ssl,
  4516. void (*cb) (const SSL *ssl, int type, int val))
  4517. {
  4518. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4519. if (sc == NULL)
  4520. return;
  4521. sc->info_callback = cb;
  4522. }
  4523. /*
  4524. * One compiler (Diab DCC) doesn't like argument names in returned function
  4525. * pointer.
  4526. */
  4527. void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
  4528. int /* type */ ,
  4529. int /* val */ ) {
  4530. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4531. if (sc == NULL)
  4532. return NULL;
  4533. return sc->info_callback;
  4534. }
  4535. void SSL_set_verify_result(SSL *ssl, long arg)
  4536. {
  4537. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4538. if (sc == NULL)
  4539. return;
  4540. sc->verify_result = arg;
  4541. }
  4542. long SSL_get_verify_result(const SSL *ssl)
  4543. {
  4544. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4545. if (sc == NULL)
  4546. return 0;
  4547. return sc->verify_result;
  4548. }
  4549. size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
  4550. {
  4551. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4552. if (sc == NULL)
  4553. return 0;
  4554. if (outlen == 0)
  4555. return sizeof(sc->s3.client_random);
  4556. if (outlen > sizeof(sc->s3.client_random))
  4557. outlen = sizeof(sc->s3.client_random);
  4558. memcpy(out, sc->s3.client_random, outlen);
  4559. return outlen;
  4560. }
  4561. size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
  4562. {
  4563. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4564. if (sc == NULL)
  4565. return 0;
  4566. if (outlen == 0)
  4567. return sizeof(sc->s3.server_random);
  4568. if (outlen > sizeof(sc->s3.server_random))
  4569. outlen = sizeof(sc->s3.server_random);
  4570. memcpy(out, sc->s3.server_random, outlen);
  4571. return outlen;
  4572. }
  4573. size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
  4574. unsigned char *out, size_t outlen)
  4575. {
  4576. if (outlen == 0)
  4577. return session->master_key_length;
  4578. if (outlen > session->master_key_length)
  4579. outlen = session->master_key_length;
  4580. memcpy(out, session->master_key, outlen);
  4581. return outlen;
  4582. }
  4583. int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
  4584. size_t len)
  4585. {
  4586. if (len > sizeof(sess->master_key))
  4587. return 0;
  4588. memcpy(sess->master_key, in, len);
  4589. sess->master_key_length = len;
  4590. return 1;
  4591. }
  4592. int SSL_set_ex_data(SSL *s, int idx, void *arg)
  4593. {
  4594. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  4595. }
  4596. void *SSL_get_ex_data(const SSL *s, int idx)
  4597. {
  4598. return CRYPTO_get_ex_data(&s->ex_data, idx);
  4599. }
  4600. int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
  4601. {
  4602. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  4603. }
  4604. void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
  4605. {
  4606. return CRYPTO_get_ex_data(&s->ex_data, idx);
  4607. }
  4608. X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
  4609. {
  4610. return ctx->cert_store;
  4611. }
  4612. void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
  4613. {
  4614. X509_STORE_free(ctx->cert_store);
  4615. ctx->cert_store = store;
  4616. }
  4617. void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
  4618. {
  4619. if (store != NULL)
  4620. X509_STORE_up_ref(store);
  4621. SSL_CTX_set_cert_store(ctx, store);
  4622. }
  4623. int SSL_want(const SSL *s)
  4624. {
  4625. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4626. #ifndef OPENSSL_NO_QUIC
  4627. if (IS_QUIC(s))
  4628. return ossl_quic_want(s);
  4629. #endif
  4630. if (sc == NULL)
  4631. return SSL_NOTHING;
  4632. return sc->rwstate;
  4633. }
  4634. #ifndef OPENSSL_NO_PSK
  4635. int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
  4636. {
  4637. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  4638. ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG);
  4639. return 0;
  4640. }
  4641. OPENSSL_free(ctx->cert->psk_identity_hint);
  4642. if (identity_hint != NULL) {
  4643. ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  4644. if (ctx->cert->psk_identity_hint == NULL)
  4645. return 0;
  4646. } else
  4647. ctx->cert->psk_identity_hint = NULL;
  4648. return 1;
  4649. }
  4650. int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
  4651. {
  4652. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4653. if (sc == NULL)
  4654. return 0;
  4655. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  4656. ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG);
  4657. return 0;
  4658. }
  4659. OPENSSL_free(sc->cert->psk_identity_hint);
  4660. if (identity_hint != NULL) {
  4661. sc->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  4662. if (sc->cert->psk_identity_hint == NULL)
  4663. return 0;
  4664. } else
  4665. sc->cert->psk_identity_hint = NULL;
  4666. return 1;
  4667. }
  4668. const char *SSL_get_psk_identity_hint(const SSL *s)
  4669. {
  4670. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4671. if (sc == NULL || sc->session == NULL)
  4672. return NULL;
  4673. return sc->session->psk_identity_hint;
  4674. }
  4675. const char *SSL_get_psk_identity(const SSL *s)
  4676. {
  4677. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4678. if (sc == NULL || sc->session == NULL)
  4679. return NULL;
  4680. return sc->session->psk_identity;
  4681. }
  4682. void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
  4683. {
  4684. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4685. if (sc == NULL)
  4686. return;
  4687. sc->psk_client_callback = cb;
  4688. }
  4689. void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
  4690. {
  4691. ctx->psk_client_callback = cb;
  4692. }
  4693. void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
  4694. {
  4695. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4696. if (sc == NULL)
  4697. return;
  4698. sc->psk_server_callback = cb;
  4699. }
  4700. void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
  4701. {
  4702. ctx->psk_server_callback = cb;
  4703. }
  4704. #endif
  4705. void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
  4706. {
  4707. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4708. if (sc == NULL)
  4709. return;
  4710. sc->psk_find_session_cb = cb;
  4711. }
  4712. void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
  4713. SSL_psk_find_session_cb_func cb)
  4714. {
  4715. ctx->psk_find_session_cb = cb;
  4716. }
  4717. void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
  4718. {
  4719. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4720. if (sc == NULL)
  4721. return;
  4722. sc->psk_use_session_cb = cb;
  4723. }
  4724. void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
  4725. SSL_psk_use_session_cb_func cb)
  4726. {
  4727. ctx->psk_use_session_cb = cb;
  4728. }
  4729. void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
  4730. void (*cb) (int write_p, int version,
  4731. int content_type, const void *buf,
  4732. size_t len, SSL *ssl, void *arg))
  4733. {
  4734. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  4735. }
  4736. void SSL_set_msg_callback(SSL *ssl,
  4737. void (*cb) (int write_p, int version,
  4738. int content_type, const void *buf,
  4739. size_t len, SSL *ssl, void *arg))
  4740. {
  4741. SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  4742. }
  4743. void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
  4744. int (*cb) (SSL *ssl,
  4745. int
  4746. is_forward_secure))
  4747. {
  4748. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  4749. (void (*)(void))cb);
  4750. }
  4751. void SSL_set_not_resumable_session_callback(SSL *ssl,
  4752. int (*cb) (SSL *ssl,
  4753. int is_forward_secure))
  4754. {
  4755. SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  4756. (void (*)(void))cb);
  4757. }
  4758. void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
  4759. size_t (*cb) (SSL *ssl, int type,
  4760. size_t len, void *arg))
  4761. {
  4762. ctx->record_padding_cb = cb;
  4763. }
  4764. void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
  4765. {
  4766. ctx->record_padding_arg = arg;
  4767. }
  4768. void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx)
  4769. {
  4770. return ctx->record_padding_arg;
  4771. }
  4772. int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
  4773. {
  4774. if (IS_QUIC_CTX(ctx) && block_size > 1)
  4775. return 0;
  4776. /* block size of 0 or 1 is basically no padding */
  4777. if (block_size == 1)
  4778. ctx->block_padding = 0;
  4779. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  4780. ctx->block_padding = block_size;
  4781. else
  4782. return 0;
  4783. return 1;
  4784. }
  4785. int SSL_set_record_padding_callback(SSL *ssl,
  4786. size_t (*cb) (SSL *ssl, int type,
  4787. size_t len, void *arg))
  4788. {
  4789. BIO *b;
  4790. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  4791. if (sc == NULL)
  4792. return 0;
  4793. b = SSL_get_wbio(ssl);
  4794. if (b == NULL || !BIO_get_ktls_send(b)) {
  4795. sc->rlayer.record_padding_cb = cb;
  4796. return 1;
  4797. }
  4798. return 0;
  4799. }
  4800. void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
  4801. {
  4802. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4803. if (sc == NULL)
  4804. return;
  4805. sc->rlayer.record_padding_arg = arg;
  4806. }
  4807. void *SSL_get_record_padding_callback_arg(const SSL *ssl)
  4808. {
  4809. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4810. if (sc == NULL)
  4811. return NULL;
  4812. return sc->rlayer.record_padding_arg;
  4813. }
  4814. int SSL_set_block_padding(SSL *ssl, size_t block_size)
  4815. {
  4816. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4817. if (sc == NULL || (IS_QUIC(ssl) && block_size > 1))
  4818. return 0;
  4819. /* block size of 0 or 1 is basically no padding */
  4820. if (block_size == 1)
  4821. sc->rlayer.block_padding = 0;
  4822. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  4823. sc->rlayer.block_padding = block_size;
  4824. else
  4825. return 0;
  4826. return 1;
  4827. }
  4828. int SSL_set_num_tickets(SSL *s, size_t num_tickets)
  4829. {
  4830. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4831. if (sc == NULL)
  4832. return 0;
  4833. sc->num_tickets = num_tickets;
  4834. return 1;
  4835. }
  4836. size_t SSL_get_num_tickets(const SSL *s)
  4837. {
  4838. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4839. if (sc == NULL)
  4840. return 0;
  4841. return sc->num_tickets;
  4842. }
  4843. int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
  4844. {
  4845. ctx->num_tickets = num_tickets;
  4846. return 1;
  4847. }
  4848. size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
  4849. {
  4850. return ctx->num_tickets;
  4851. }
  4852. /* Retrieve handshake hashes */
  4853. int ssl_handshake_hash(SSL_CONNECTION *s,
  4854. unsigned char *out, size_t outlen,
  4855. size_t *hashlen)
  4856. {
  4857. EVP_MD_CTX *ctx = NULL;
  4858. EVP_MD_CTX *hdgst = s->s3.handshake_dgst;
  4859. int hashleni = EVP_MD_CTX_get_size(hdgst);
  4860. int ret = 0;
  4861. if (hashleni < 0 || (size_t)hashleni > outlen) {
  4862. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  4863. goto err;
  4864. }
  4865. ctx = EVP_MD_CTX_new();
  4866. if (ctx == NULL) {
  4867. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  4868. goto err;
  4869. }
  4870. if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
  4871. || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
  4872. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  4873. goto err;
  4874. }
  4875. *hashlen = hashleni;
  4876. ret = 1;
  4877. err:
  4878. EVP_MD_CTX_free(ctx);
  4879. return ret;
  4880. }
  4881. int SSL_session_reused(const SSL *s)
  4882. {
  4883. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4884. if (sc == NULL)
  4885. return 0;
  4886. return sc->hit;
  4887. }
  4888. int SSL_is_server(const SSL *s)
  4889. {
  4890. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4891. if (sc == NULL)
  4892. return 0;
  4893. return sc->server;
  4894. }
  4895. #ifndef OPENSSL_NO_DEPRECATED_1_1_0
  4896. void SSL_set_debug(SSL *s, int debug)
  4897. {
  4898. /* Old function was do-nothing anyway... */
  4899. (void)s;
  4900. (void)debug;
  4901. }
  4902. #endif
  4903. void SSL_set_security_level(SSL *s, int level)
  4904. {
  4905. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4906. if (sc == NULL)
  4907. return;
  4908. sc->cert->sec_level = level;
  4909. }
  4910. int SSL_get_security_level(const SSL *s)
  4911. {
  4912. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4913. if (sc == NULL)
  4914. return 0;
  4915. return sc->cert->sec_level;
  4916. }
  4917. void SSL_set_security_callback(SSL *s,
  4918. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  4919. int op, int bits, int nid,
  4920. void *other, void *ex))
  4921. {
  4922. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4923. if (sc == NULL)
  4924. return;
  4925. sc->cert->sec_cb = cb;
  4926. }
  4927. int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
  4928. const SSL_CTX *ctx, int op,
  4929. int bits, int nid, void *other,
  4930. void *ex) {
  4931. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4932. if (sc == NULL)
  4933. return NULL;
  4934. return sc->cert->sec_cb;
  4935. }
  4936. void SSL_set0_security_ex_data(SSL *s, void *ex)
  4937. {
  4938. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4939. if (sc == NULL)
  4940. return;
  4941. sc->cert->sec_ex = ex;
  4942. }
  4943. void *SSL_get0_security_ex_data(const SSL *s)
  4944. {
  4945. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4946. if (sc == NULL)
  4947. return NULL;
  4948. return sc->cert->sec_ex;
  4949. }
  4950. void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
  4951. {
  4952. ctx->cert->sec_level = level;
  4953. }
  4954. int SSL_CTX_get_security_level(const SSL_CTX *ctx)
  4955. {
  4956. return ctx->cert->sec_level;
  4957. }
  4958. void SSL_CTX_set_security_callback(SSL_CTX *ctx,
  4959. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  4960. int op, int bits, int nid,
  4961. void *other, void *ex))
  4962. {
  4963. ctx->cert->sec_cb = cb;
  4964. }
  4965. int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
  4966. const SSL_CTX *ctx,
  4967. int op, int bits,
  4968. int nid,
  4969. void *other,
  4970. void *ex) {
  4971. return ctx->cert->sec_cb;
  4972. }
  4973. void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
  4974. {
  4975. ctx->cert->sec_ex = ex;
  4976. }
  4977. void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
  4978. {
  4979. return ctx->cert->sec_ex;
  4980. }
  4981. uint64_t SSL_CTX_get_options(const SSL_CTX *ctx)
  4982. {
  4983. return ctx->options;
  4984. }
  4985. uint64_t SSL_get_options(const SSL *s)
  4986. {
  4987. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4988. #ifndef OPENSSL_NO_QUIC
  4989. if (IS_QUIC(s))
  4990. return ossl_quic_get_options(s);
  4991. #endif
  4992. if (sc == NULL)
  4993. return 0;
  4994. return sc->options;
  4995. }
  4996. uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op)
  4997. {
  4998. return ctx->options |= op;
  4999. }
  5000. uint64_t SSL_set_options(SSL *s, uint64_t op)
  5001. {
  5002. SSL_CONNECTION *sc;
  5003. OSSL_PARAM options[2], *opts = options;
  5004. #ifndef OPENSSL_NO_QUIC
  5005. if (IS_QUIC(s))
  5006. return ossl_quic_set_options(s, op);
  5007. #endif
  5008. sc = SSL_CONNECTION_FROM_SSL(s);
  5009. if (sc == NULL)
  5010. return 0;
  5011. sc->options |= op;
  5012. *opts++ = OSSL_PARAM_construct_uint64(OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS,
  5013. &sc->options);
  5014. *opts = OSSL_PARAM_construct_end();
  5015. /* Ignore return value */
  5016. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  5017. sc->rlayer.wrlmethod->set_options(sc->rlayer.wrl, options);
  5018. return sc->options;
  5019. }
  5020. uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op)
  5021. {
  5022. return ctx->options &= ~op;
  5023. }
  5024. uint64_t SSL_clear_options(SSL *s, uint64_t op)
  5025. {
  5026. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5027. OSSL_PARAM options[2], *opts = options;
  5028. #ifndef OPENSSL_NO_QUIC
  5029. if (IS_QUIC(s))
  5030. return ossl_quic_clear_options(s, op);
  5031. #endif
  5032. if (sc == NULL)
  5033. return 0;
  5034. sc->options &= ~op;
  5035. *opts++ = OSSL_PARAM_construct_uint64(OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS,
  5036. &sc->options);
  5037. *opts = OSSL_PARAM_construct_end();
  5038. /* Ignore return value */
  5039. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  5040. sc->rlayer.wrlmethod->set_options(sc->rlayer.wrl, options);
  5041. return sc->options;
  5042. }
  5043. STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
  5044. {
  5045. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5046. if (sc == NULL)
  5047. return NULL;
  5048. return sc->verified_chain;
  5049. }
  5050. IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
  5051. #ifndef OPENSSL_NO_CT
  5052. /*
  5053. * Moves SCTs from the |src| stack to the |dst| stack.
  5054. * The source of each SCT will be set to |origin|.
  5055. * If |dst| points to a NULL pointer, a new stack will be created and owned by
  5056. * the caller.
  5057. * Returns the number of SCTs moved, or a negative integer if an error occurs.
  5058. * The |dst| stack is created and possibly partially populated even in case
  5059. * of error, likewise the |src| stack may be left in an intermediate state.
  5060. */
  5061. static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
  5062. sct_source_t origin)
  5063. {
  5064. int scts_moved = 0;
  5065. SCT *sct = NULL;
  5066. if (*dst == NULL) {
  5067. *dst = sk_SCT_new_null();
  5068. if (*dst == NULL) {
  5069. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  5070. goto err;
  5071. }
  5072. }
  5073. while ((sct = sk_SCT_pop(src)) != NULL) {
  5074. if (SCT_set_source(sct, origin) != 1)
  5075. goto err;
  5076. if (!sk_SCT_push(*dst, sct))
  5077. goto err;
  5078. scts_moved += 1;
  5079. }
  5080. return scts_moved;
  5081. err:
  5082. SCT_free(sct);
  5083. return -1;
  5084. }
  5085. /*
  5086. * Look for data collected during ServerHello and parse if found.
  5087. * Returns the number of SCTs extracted.
  5088. */
  5089. static int ct_extract_tls_extension_scts(SSL_CONNECTION *s)
  5090. {
  5091. int scts_extracted = 0;
  5092. if (s->ext.scts != NULL) {
  5093. const unsigned char *p = s->ext.scts;
  5094. STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
  5095. scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
  5096. SCT_LIST_free(scts);
  5097. }
  5098. return scts_extracted;
  5099. }
  5100. /*
  5101. * Checks for an OCSP response and then attempts to extract any SCTs found if it
  5102. * contains an SCT X509 extension. They will be stored in |s->scts|.
  5103. * Returns:
  5104. * - The number of SCTs extracted, assuming an OCSP response exists.
  5105. * - 0 if no OCSP response exists or it contains no SCTs.
  5106. * - A negative integer if an error occurs.
  5107. */
  5108. static int ct_extract_ocsp_response_scts(SSL_CONNECTION *s)
  5109. {
  5110. # ifndef OPENSSL_NO_OCSP
  5111. int scts_extracted = 0;
  5112. const unsigned char *p;
  5113. OCSP_BASICRESP *br = NULL;
  5114. OCSP_RESPONSE *rsp = NULL;
  5115. STACK_OF(SCT) *scts = NULL;
  5116. int i;
  5117. if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
  5118. goto err;
  5119. p = s->ext.ocsp.resp;
  5120. rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
  5121. if (rsp == NULL)
  5122. goto err;
  5123. br = OCSP_response_get1_basic(rsp);
  5124. if (br == NULL)
  5125. goto err;
  5126. for (i = 0; i < OCSP_resp_count(br); ++i) {
  5127. OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
  5128. if (single == NULL)
  5129. continue;
  5130. scts =
  5131. OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
  5132. scts_extracted =
  5133. ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
  5134. if (scts_extracted < 0)
  5135. goto err;
  5136. }
  5137. err:
  5138. SCT_LIST_free(scts);
  5139. OCSP_BASICRESP_free(br);
  5140. OCSP_RESPONSE_free(rsp);
  5141. return scts_extracted;
  5142. # else
  5143. /* Behave as if no OCSP response exists */
  5144. return 0;
  5145. # endif
  5146. }
  5147. /*
  5148. * Attempts to extract SCTs from the peer certificate.
  5149. * Return the number of SCTs extracted, or a negative integer if an error
  5150. * occurs.
  5151. */
  5152. static int ct_extract_x509v3_extension_scts(SSL_CONNECTION *s)
  5153. {
  5154. int scts_extracted = 0;
  5155. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  5156. if (cert != NULL) {
  5157. STACK_OF(SCT) *scts =
  5158. X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
  5159. scts_extracted =
  5160. ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
  5161. SCT_LIST_free(scts);
  5162. }
  5163. return scts_extracted;
  5164. }
  5165. /*
  5166. * Attempts to find all received SCTs by checking TLS extensions, the OCSP
  5167. * response (if it exists) and X509v3 extensions in the certificate.
  5168. * Returns NULL if an error occurs.
  5169. */
  5170. const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
  5171. {
  5172. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5173. if (sc == NULL)
  5174. return NULL;
  5175. if (!sc->scts_parsed) {
  5176. if (ct_extract_tls_extension_scts(sc) < 0 ||
  5177. ct_extract_ocsp_response_scts(sc) < 0 ||
  5178. ct_extract_x509v3_extension_scts(sc) < 0)
  5179. goto err;
  5180. sc->scts_parsed = 1;
  5181. }
  5182. return sc->scts;
  5183. err:
  5184. return NULL;
  5185. }
  5186. static int ct_permissive(const CT_POLICY_EVAL_CTX *ctx,
  5187. const STACK_OF(SCT) *scts, void *unused_arg)
  5188. {
  5189. return 1;
  5190. }
  5191. static int ct_strict(const CT_POLICY_EVAL_CTX *ctx,
  5192. const STACK_OF(SCT) *scts, void *unused_arg)
  5193. {
  5194. int count = scts != NULL ? sk_SCT_num(scts) : 0;
  5195. int i;
  5196. for (i = 0; i < count; ++i) {
  5197. SCT *sct = sk_SCT_value(scts, i);
  5198. int status = SCT_get_validation_status(sct);
  5199. if (status == SCT_VALIDATION_STATUS_VALID)
  5200. return 1;
  5201. }
  5202. ERR_raise(ERR_LIB_SSL, SSL_R_NO_VALID_SCTS);
  5203. return 0;
  5204. }
  5205. int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
  5206. void *arg)
  5207. {
  5208. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5209. if (sc == NULL)
  5210. return 0;
  5211. /*
  5212. * Since code exists that uses the custom extension handler for CT, look
  5213. * for this and throw an error if they have already registered to use CT.
  5214. */
  5215. if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
  5216. TLSEXT_TYPE_signed_certificate_timestamp))
  5217. {
  5218. ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  5219. return 0;
  5220. }
  5221. if (callback != NULL) {
  5222. /*
  5223. * If we are validating CT, then we MUST accept SCTs served via OCSP
  5224. */
  5225. if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
  5226. return 0;
  5227. }
  5228. sc->ct_validation_callback = callback;
  5229. sc->ct_validation_callback_arg = arg;
  5230. return 1;
  5231. }
  5232. int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
  5233. ssl_ct_validation_cb callback, void *arg)
  5234. {
  5235. /*
  5236. * Since code exists that uses the custom extension handler for CT, look for
  5237. * this and throw an error if they have already registered to use CT.
  5238. */
  5239. if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
  5240. TLSEXT_TYPE_signed_certificate_timestamp))
  5241. {
  5242. ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  5243. return 0;
  5244. }
  5245. ctx->ct_validation_callback = callback;
  5246. ctx->ct_validation_callback_arg = arg;
  5247. return 1;
  5248. }
  5249. int SSL_ct_is_enabled(const SSL *s)
  5250. {
  5251. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5252. if (sc == NULL)
  5253. return 0;
  5254. return sc->ct_validation_callback != NULL;
  5255. }
  5256. int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
  5257. {
  5258. return ctx->ct_validation_callback != NULL;
  5259. }
  5260. int ssl_validate_ct(SSL_CONNECTION *s)
  5261. {
  5262. int ret = 0;
  5263. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  5264. X509 *issuer;
  5265. SSL_DANE *dane = &s->dane;
  5266. CT_POLICY_EVAL_CTX *ctx = NULL;
  5267. const STACK_OF(SCT) *scts;
  5268. /*
  5269. * If no callback is set, the peer is anonymous, or its chain is invalid,
  5270. * skip SCT validation - just return success. Applications that continue
  5271. * handshakes without certificates, with unverified chains, or pinned leaf
  5272. * certificates are outside the scope of the WebPKI and CT.
  5273. *
  5274. * The above exclusions notwithstanding the vast majority of peers will
  5275. * have rather ordinary certificate chains validated by typical
  5276. * applications that perform certificate verification and therefore will
  5277. * process SCTs when enabled.
  5278. */
  5279. if (s->ct_validation_callback == NULL || cert == NULL ||
  5280. s->verify_result != X509_V_OK ||
  5281. s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
  5282. return 1;
  5283. /*
  5284. * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
  5285. * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2
  5286. */
  5287. if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
  5288. switch (dane->mtlsa->usage) {
  5289. case DANETLS_USAGE_DANE_TA:
  5290. case DANETLS_USAGE_DANE_EE:
  5291. return 1;
  5292. }
  5293. }
  5294. ctx = CT_POLICY_EVAL_CTX_new_ex(SSL_CONNECTION_GET_CTX(s)->libctx,
  5295. SSL_CONNECTION_GET_CTX(s)->propq);
  5296. if (ctx == NULL) {
  5297. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CT_LIB);
  5298. goto end;
  5299. }
  5300. issuer = sk_X509_value(s->verified_chain, 1);
  5301. CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
  5302. CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
  5303. CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx,
  5304. SSL_CONNECTION_GET_CTX(s)->ctlog_store);
  5305. CT_POLICY_EVAL_CTX_set_time(
  5306. ctx, (uint64_t)SSL_SESSION_get_time(s->session) * 1000);
  5307. scts = SSL_get0_peer_scts(SSL_CONNECTION_GET_SSL(s));
  5308. /*
  5309. * This function returns success (> 0) only when all the SCTs are valid, 0
  5310. * when some are invalid, and < 0 on various internal errors (out of
  5311. * memory, etc.). Having some, or even all, invalid SCTs is not sufficient
  5312. * reason to abort the handshake, that decision is up to the callback.
  5313. * Therefore, we error out only in the unexpected case that the return
  5314. * value is negative.
  5315. *
  5316. * XXX: One might well argue that the return value of this function is an
  5317. * unfortunate design choice. Its job is only to determine the validation
  5318. * status of each of the provided SCTs. So long as it correctly separates
  5319. * the wheat from the chaff it should return success. Failure in this case
  5320. * ought to correspond to an inability to carry out its duties.
  5321. */
  5322. if (SCT_LIST_validate(scts, ctx) < 0) {
  5323. SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_SCT_VERIFICATION_FAILED);
  5324. goto end;
  5325. }
  5326. ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
  5327. if (ret < 0)
  5328. ret = 0; /* This function returns 0 on failure */
  5329. if (!ret)
  5330. SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_CALLBACK_FAILED);
  5331. end:
  5332. CT_POLICY_EVAL_CTX_free(ctx);
  5333. /*
  5334. * With SSL_VERIFY_NONE the session may be cached and re-used despite a
  5335. * failure return code here. Also the application may wish the complete
  5336. * the handshake, and then disconnect cleanly at a higher layer, after
  5337. * checking the verification status of the completed connection.
  5338. *
  5339. * We therefore force a certificate verification failure which will be
  5340. * visible via SSL_get_verify_result() and cached as part of any resumed
  5341. * session.
  5342. *
  5343. * Note: the permissive callback is for information gathering only, always
  5344. * returns success, and does not affect verification status. Only the
  5345. * strict callback or a custom application-specified callback can trigger
  5346. * connection failure or record a verification error.
  5347. */
  5348. if (ret <= 0)
  5349. s->verify_result = X509_V_ERR_NO_VALID_SCTS;
  5350. return ret;
  5351. }
  5352. int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
  5353. {
  5354. switch (validation_mode) {
  5355. default:
  5356. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE);
  5357. return 0;
  5358. case SSL_CT_VALIDATION_PERMISSIVE:
  5359. return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
  5360. case SSL_CT_VALIDATION_STRICT:
  5361. return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
  5362. }
  5363. }
  5364. int SSL_enable_ct(SSL *s, int validation_mode)
  5365. {
  5366. switch (validation_mode) {
  5367. default:
  5368. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE);
  5369. return 0;
  5370. case SSL_CT_VALIDATION_PERMISSIVE:
  5371. return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
  5372. case SSL_CT_VALIDATION_STRICT:
  5373. return SSL_set_ct_validation_callback(s, ct_strict, NULL);
  5374. }
  5375. }
  5376. int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
  5377. {
  5378. return CTLOG_STORE_load_default_file(ctx->ctlog_store);
  5379. }
  5380. int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
  5381. {
  5382. return CTLOG_STORE_load_file(ctx->ctlog_store, path);
  5383. }
  5384. void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs)
  5385. {
  5386. CTLOG_STORE_free(ctx->ctlog_store);
  5387. ctx->ctlog_store = logs;
  5388. }
  5389. const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
  5390. {
  5391. return ctx->ctlog_store;
  5392. }
  5393. #endif /* OPENSSL_NO_CT */
  5394. void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
  5395. void *arg)
  5396. {
  5397. c->client_hello_cb = cb;
  5398. c->client_hello_cb_arg = arg;
  5399. }
  5400. int SSL_client_hello_isv2(SSL *s)
  5401. {
  5402. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5403. if (sc == NULL)
  5404. return 0;
  5405. if (sc->clienthello == NULL)
  5406. return 0;
  5407. return sc->clienthello->isv2;
  5408. }
  5409. unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
  5410. {
  5411. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5412. if (sc == NULL)
  5413. return 0;
  5414. if (sc->clienthello == NULL)
  5415. return 0;
  5416. return sc->clienthello->legacy_version;
  5417. }
  5418. size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
  5419. {
  5420. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5421. if (sc == NULL)
  5422. return 0;
  5423. if (sc->clienthello == NULL)
  5424. return 0;
  5425. if (out != NULL)
  5426. *out = sc->clienthello->random;
  5427. return SSL3_RANDOM_SIZE;
  5428. }
  5429. size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
  5430. {
  5431. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5432. if (sc == NULL)
  5433. return 0;
  5434. if (sc->clienthello == NULL)
  5435. return 0;
  5436. if (out != NULL)
  5437. *out = sc->clienthello->session_id;
  5438. return sc->clienthello->session_id_len;
  5439. }
  5440. size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
  5441. {
  5442. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5443. if (sc == NULL)
  5444. return 0;
  5445. if (sc->clienthello == NULL)
  5446. return 0;
  5447. if (out != NULL)
  5448. *out = PACKET_data(&sc->clienthello->ciphersuites);
  5449. return PACKET_remaining(&sc->clienthello->ciphersuites);
  5450. }
  5451. size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
  5452. {
  5453. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5454. if (sc == NULL)
  5455. return 0;
  5456. if (sc->clienthello == NULL)
  5457. return 0;
  5458. if (out != NULL)
  5459. *out = sc->clienthello->compressions;
  5460. return sc->clienthello->compressions_len;
  5461. }
  5462. int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
  5463. {
  5464. RAW_EXTENSION *ext;
  5465. int *present;
  5466. size_t num = 0, i;
  5467. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5468. if (sc == NULL)
  5469. return 0;
  5470. if (sc->clienthello == NULL || out == NULL || outlen == NULL)
  5471. return 0;
  5472. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5473. ext = sc->clienthello->pre_proc_exts + i;
  5474. if (ext->present)
  5475. num++;
  5476. }
  5477. if (num == 0) {
  5478. *out = NULL;
  5479. *outlen = 0;
  5480. return 1;
  5481. }
  5482. if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL)
  5483. return 0;
  5484. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5485. ext = sc->clienthello->pre_proc_exts + i;
  5486. if (ext->present) {
  5487. if (ext->received_order >= num)
  5488. goto err;
  5489. present[ext->received_order] = ext->type;
  5490. }
  5491. }
  5492. *out = present;
  5493. *outlen = num;
  5494. return 1;
  5495. err:
  5496. OPENSSL_free(present);
  5497. return 0;
  5498. }
  5499. int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, size_t *num_exts)
  5500. {
  5501. RAW_EXTENSION *ext;
  5502. size_t num = 0, i;
  5503. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5504. if (sc == NULL)
  5505. return 0;
  5506. if (sc->clienthello == NULL || num_exts == NULL)
  5507. return 0;
  5508. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5509. ext = sc->clienthello->pre_proc_exts + i;
  5510. if (ext->present)
  5511. num++;
  5512. }
  5513. if (num == 0) {
  5514. *num_exts = 0;
  5515. return 1;
  5516. }
  5517. if (exts == NULL) {
  5518. *num_exts = num;
  5519. return 1;
  5520. }
  5521. if (*num_exts < num)
  5522. return 0;
  5523. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5524. ext = sc->clienthello->pre_proc_exts + i;
  5525. if (ext->present) {
  5526. if (ext->received_order >= num)
  5527. return 0;
  5528. exts[ext->received_order] = ext->type;
  5529. }
  5530. }
  5531. *num_exts = num;
  5532. return 1;
  5533. }
  5534. int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
  5535. size_t *outlen)
  5536. {
  5537. size_t i;
  5538. RAW_EXTENSION *r;
  5539. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5540. if (sc == NULL)
  5541. return 0;
  5542. if (sc->clienthello == NULL)
  5543. return 0;
  5544. for (i = 0; i < sc->clienthello->pre_proc_exts_len; ++i) {
  5545. r = sc->clienthello->pre_proc_exts + i;
  5546. if (r->present && r->type == type) {
  5547. if (out != NULL)
  5548. *out = PACKET_data(&r->data);
  5549. if (outlen != NULL)
  5550. *outlen = PACKET_remaining(&r->data);
  5551. return 1;
  5552. }
  5553. }
  5554. return 0;
  5555. }
  5556. int SSL_free_buffers(SSL *ssl)
  5557. {
  5558. RECORD_LAYER *rl;
  5559. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  5560. if (sc == NULL)
  5561. return 0;
  5562. rl = &sc->rlayer;
  5563. return rl->rrlmethod->free_buffers(rl->rrl)
  5564. && rl->wrlmethod->free_buffers(rl->wrl);
  5565. }
  5566. int SSL_alloc_buffers(SSL *ssl)
  5567. {
  5568. RECORD_LAYER *rl;
  5569. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  5570. if (sc == NULL)
  5571. return 0;
  5572. /* QUIC always has buffers allocated. */
  5573. if (IS_QUIC(ssl))
  5574. return 1;
  5575. rl = &sc->rlayer;
  5576. return rl->rrlmethod->alloc_buffers(rl->rrl)
  5577. && rl->wrlmethod->alloc_buffers(rl->wrl);
  5578. }
  5579. void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
  5580. {
  5581. ctx->keylog_callback = cb;
  5582. }
  5583. SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
  5584. {
  5585. return ctx->keylog_callback;
  5586. }
  5587. static int nss_keylog_int(const char *prefix,
  5588. SSL_CONNECTION *sc,
  5589. const uint8_t *parameter_1,
  5590. size_t parameter_1_len,
  5591. const uint8_t *parameter_2,
  5592. size_t parameter_2_len)
  5593. {
  5594. char *out = NULL;
  5595. char *cursor = NULL;
  5596. size_t out_len = 0;
  5597. size_t i;
  5598. size_t prefix_len;
  5599. SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(sc);
  5600. if (sctx->keylog_callback == NULL)
  5601. return 1;
  5602. /*
  5603. * Our output buffer will contain the following strings, rendered with
  5604. * space characters in between, terminated by a NULL character: first the
  5605. * prefix, then the first parameter, then the second parameter. The
  5606. * meaning of each parameter depends on the specific key material being
  5607. * logged. Note that the first and second parameters are encoded in
  5608. * hexadecimal, so we need a buffer that is twice their lengths.
  5609. */
  5610. prefix_len = strlen(prefix);
  5611. out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
  5612. if ((out = cursor = OPENSSL_malloc(out_len)) == NULL)
  5613. return 0;
  5614. strcpy(cursor, prefix);
  5615. cursor += prefix_len;
  5616. *cursor++ = ' ';
  5617. for (i = 0; i < parameter_1_len; i++) {
  5618. sprintf(cursor, "%02x", parameter_1[i]);
  5619. cursor += 2;
  5620. }
  5621. *cursor++ = ' ';
  5622. for (i = 0; i < parameter_2_len; i++) {
  5623. sprintf(cursor, "%02x", parameter_2[i]);
  5624. cursor += 2;
  5625. }
  5626. *cursor = '\0';
  5627. sctx->keylog_callback(SSL_CONNECTION_GET_SSL(sc), (const char *)out);
  5628. OPENSSL_clear_free(out, out_len);
  5629. return 1;
  5630. }
  5631. int ssl_log_rsa_client_key_exchange(SSL_CONNECTION *sc,
  5632. const uint8_t *encrypted_premaster,
  5633. size_t encrypted_premaster_len,
  5634. const uint8_t *premaster,
  5635. size_t premaster_len)
  5636. {
  5637. if (encrypted_premaster_len < 8) {
  5638. SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  5639. return 0;
  5640. }
  5641. /* We only want the first 8 bytes of the encrypted premaster as a tag. */
  5642. return nss_keylog_int("RSA",
  5643. sc,
  5644. encrypted_premaster,
  5645. 8,
  5646. premaster,
  5647. premaster_len);
  5648. }
  5649. int ssl_log_secret(SSL_CONNECTION *sc,
  5650. const char *label,
  5651. const uint8_t *secret,
  5652. size_t secret_len)
  5653. {
  5654. return nss_keylog_int(label,
  5655. sc,
  5656. sc->s3.client_random,
  5657. SSL3_RANDOM_SIZE,
  5658. secret,
  5659. secret_len);
  5660. }
  5661. #define SSLV2_CIPHER_LEN 3
  5662. int ssl_cache_cipherlist(SSL_CONNECTION *s, PACKET *cipher_suites, int sslv2format)
  5663. {
  5664. int n;
  5665. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  5666. if (PACKET_remaining(cipher_suites) == 0) {
  5667. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED);
  5668. return 0;
  5669. }
  5670. if (PACKET_remaining(cipher_suites) % n != 0) {
  5671. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  5672. return 0;
  5673. }
  5674. OPENSSL_free(s->s3.tmp.ciphers_raw);
  5675. s->s3.tmp.ciphers_raw = NULL;
  5676. s->s3.tmp.ciphers_rawlen = 0;
  5677. if (sslv2format) {
  5678. size_t numciphers = PACKET_remaining(cipher_suites) / n;
  5679. PACKET sslv2ciphers = *cipher_suites;
  5680. unsigned int leadbyte;
  5681. unsigned char *raw;
  5682. /*
  5683. * We store the raw ciphers list in SSLv3+ format so we need to do some
  5684. * preprocessing to convert the list first. If there are any SSLv2 only
  5685. * ciphersuites with a non-zero leading byte then we are going to
  5686. * slightly over allocate because we won't store those. But that isn't a
  5687. * problem.
  5688. */
  5689. raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
  5690. s->s3.tmp.ciphers_raw = raw;
  5691. if (raw == NULL) {
  5692. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
  5693. return 0;
  5694. }
  5695. for (s->s3.tmp.ciphers_rawlen = 0;
  5696. PACKET_remaining(&sslv2ciphers) > 0;
  5697. raw += TLS_CIPHER_LEN) {
  5698. if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
  5699. || (leadbyte == 0
  5700. && !PACKET_copy_bytes(&sslv2ciphers, raw,
  5701. TLS_CIPHER_LEN))
  5702. || (leadbyte != 0
  5703. && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
  5704. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_PACKET);
  5705. OPENSSL_free(s->s3.tmp.ciphers_raw);
  5706. s->s3.tmp.ciphers_raw = NULL;
  5707. s->s3.tmp.ciphers_rawlen = 0;
  5708. return 0;
  5709. }
  5710. if (leadbyte == 0)
  5711. s->s3.tmp.ciphers_rawlen += TLS_CIPHER_LEN;
  5712. }
  5713. } else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw,
  5714. &s->s3.tmp.ciphers_rawlen)) {
  5715. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  5716. return 0;
  5717. }
  5718. return 1;
  5719. }
  5720. int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
  5721. int isv2format, STACK_OF(SSL_CIPHER) **sk,
  5722. STACK_OF(SSL_CIPHER) **scsvs)
  5723. {
  5724. PACKET pkt;
  5725. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5726. if (sc == NULL)
  5727. return 0;
  5728. if (!PACKET_buf_init(&pkt, bytes, len))
  5729. return 0;
  5730. return ossl_bytes_to_cipher_list(sc, &pkt, sk, scsvs, isv2format, 0);
  5731. }
  5732. int ossl_bytes_to_cipher_list(SSL_CONNECTION *s, PACKET *cipher_suites,
  5733. STACK_OF(SSL_CIPHER) **skp,
  5734. STACK_OF(SSL_CIPHER) **scsvs_out,
  5735. int sslv2format, int fatal)
  5736. {
  5737. const SSL_CIPHER *c;
  5738. STACK_OF(SSL_CIPHER) *sk = NULL;
  5739. STACK_OF(SSL_CIPHER) *scsvs = NULL;
  5740. int n;
  5741. /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
  5742. unsigned char cipher[SSLV2_CIPHER_LEN];
  5743. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  5744. if (PACKET_remaining(cipher_suites) == 0) {
  5745. if (fatal)
  5746. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED);
  5747. else
  5748. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHERS_SPECIFIED);
  5749. return 0;
  5750. }
  5751. if (PACKET_remaining(cipher_suites) % n != 0) {
  5752. if (fatal)
  5753. SSLfatal(s, SSL_AD_DECODE_ERROR,
  5754. SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  5755. else
  5756. ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  5757. return 0;
  5758. }
  5759. sk = sk_SSL_CIPHER_new_null();
  5760. scsvs = sk_SSL_CIPHER_new_null();
  5761. if (sk == NULL || scsvs == NULL) {
  5762. if (fatal)
  5763. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
  5764. else
  5765. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  5766. goto err;
  5767. }
  5768. while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
  5769. /*
  5770. * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
  5771. * first byte set to zero, while true SSLv2 ciphers have a non-zero
  5772. * first byte. We don't support any true SSLv2 ciphers, so skip them.
  5773. */
  5774. if (sslv2format && cipher[0] != '\0')
  5775. continue;
  5776. /* For SSLv2-compat, ignore leading 0-byte. */
  5777. c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
  5778. if (c != NULL) {
  5779. if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
  5780. (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
  5781. if (fatal)
  5782. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
  5783. else
  5784. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  5785. goto err;
  5786. }
  5787. }
  5788. }
  5789. if (PACKET_remaining(cipher_suites) > 0) {
  5790. if (fatal)
  5791. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_LENGTH);
  5792. else
  5793. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  5794. goto err;
  5795. }
  5796. if (skp != NULL)
  5797. *skp = sk;
  5798. else
  5799. sk_SSL_CIPHER_free(sk);
  5800. if (scsvs_out != NULL)
  5801. *scsvs_out = scsvs;
  5802. else
  5803. sk_SSL_CIPHER_free(scsvs);
  5804. return 1;
  5805. err:
  5806. sk_SSL_CIPHER_free(sk);
  5807. sk_SSL_CIPHER_free(scsvs);
  5808. return 0;
  5809. }
  5810. int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
  5811. {
  5812. ctx->max_early_data = max_early_data;
  5813. return 1;
  5814. }
  5815. uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
  5816. {
  5817. return ctx->max_early_data;
  5818. }
  5819. int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
  5820. {
  5821. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  5822. if (sc == NULL)
  5823. return 0;
  5824. sc->max_early_data = max_early_data;
  5825. return 1;
  5826. }
  5827. uint32_t SSL_get_max_early_data(const SSL *s)
  5828. {
  5829. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5830. if (sc == NULL)
  5831. return 0;
  5832. return sc->max_early_data;
  5833. }
  5834. int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
  5835. {
  5836. ctx->recv_max_early_data = recv_max_early_data;
  5837. return 1;
  5838. }
  5839. uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
  5840. {
  5841. return ctx->recv_max_early_data;
  5842. }
  5843. int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)
  5844. {
  5845. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  5846. if (sc == NULL)
  5847. return 0;
  5848. sc->recv_max_early_data = recv_max_early_data;
  5849. return 1;
  5850. }
  5851. uint32_t SSL_get_recv_max_early_data(const SSL *s)
  5852. {
  5853. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5854. if (sc == NULL)
  5855. return 0;
  5856. return sc->recv_max_early_data;
  5857. }
  5858. __owur unsigned int ssl_get_max_send_fragment(const SSL_CONNECTION *sc)
  5859. {
  5860. /* Return any active Max Fragment Len extension */
  5861. if (sc->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(sc->session))
  5862. return GET_MAX_FRAGMENT_LENGTH(sc->session);
  5863. /* return current SSL connection setting */
  5864. return sc->max_send_fragment;
  5865. }
  5866. __owur unsigned int ssl_get_split_send_fragment(const SSL_CONNECTION *sc)
  5867. {
  5868. /* Return a value regarding an active Max Fragment Len extension */
  5869. if (sc->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(sc->session)
  5870. && sc->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(sc->session))
  5871. return GET_MAX_FRAGMENT_LENGTH(sc->session);
  5872. /* else limit |split_send_fragment| to current |max_send_fragment| */
  5873. if (sc->split_send_fragment > sc->max_send_fragment)
  5874. return sc->max_send_fragment;
  5875. /* return current SSL connection setting */
  5876. return sc->split_send_fragment;
  5877. }
  5878. int SSL_stateless(SSL *s)
  5879. {
  5880. int ret;
  5881. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  5882. if (sc == NULL)
  5883. return 0;
  5884. /* Ensure there is no state left over from a previous invocation */
  5885. if (!SSL_clear(s))
  5886. return 0;
  5887. ERR_clear_error();
  5888. sc->s3.flags |= TLS1_FLAGS_STATELESS;
  5889. ret = SSL_accept(s);
  5890. sc->s3.flags &= ~TLS1_FLAGS_STATELESS;
  5891. if (ret > 0 && sc->ext.cookieok)
  5892. return 1;
  5893. if (sc->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(sc))
  5894. return 0;
  5895. return -1;
  5896. }
  5897. void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
  5898. {
  5899. ctx->pha_enabled = val;
  5900. }
  5901. void SSL_set_post_handshake_auth(SSL *ssl, int val)
  5902. {
  5903. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  5904. if (sc == NULL)
  5905. return;
  5906. sc->pha_enabled = val;
  5907. }
  5908. int SSL_verify_client_post_handshake(SSL *ssl)
  5909. {
  5910. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  5911. #ifndef OPENSSL_NO_QUIC
  5912. if (IS_QUIC(ssl)) {
  5913. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  5914. return 0;
  5915. }
  5916. #endif
  5917. if (sc == NULL)
  5918. return 0;
  5919. if (!SSL_CONNECTION_IS_VERSION13(sc)) {
  5920. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  5921. return 0;
  5922. }
  5923. if (!sc->server) {
  5924. ERR_raise(ERR_LIB_SSL, SSL_R_NOT_SERVER);
  5925. return 0;
  5926. }
  5927. if (!SSL_is_init_finished(ssl)) {
  5928. ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT);
  5929. return 0;
  5930. }
  5931. switch (sc->post_handshake_auth) {
  5932. case SSL_PHA_NONE:
  5933. ERR_raise(ERR_LIB_SSL, SSL_R_EXTENSION_NOT_RECEIVED);
  5934. return 0;
  5935. default:
  5936. case SSL_PHA_EXT_SENT:
  5937. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  5938. return 0;
  5939. case SSL_PHA_EXT_RECEIVED:
  5940. break;
  5941. case SSL_PHA_REQUEST_PENDING:
  5942. ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_PENDING);
  5943. return 0;
  5944. case SSL_PHA_REQUESTED:
  5945. ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_SENT);
  5946. return 0;
  5947. }
  5948. sc->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
  5949. /* checks verify_mode and algorithm_auth */
  5950. if (!send_certificate_request(sc)) {
  5951. sc->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
  5952. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CONFIG);
  5953. return 0;
  5954. }
  5955. ossl_statem_set_in_init(sc, 1);
  5956. return 1;
  5957. }
  5958. int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
  5959. SSL_CTX_generate_session_ticket_fn gen_cb,
  5960. SSL_CTX_decrypt_session_ticket_fn dec_cb,
  5961. void *arg)
  5962. {
  5963. ctx->generate_ticket_cb = gen_cb;
  5964. ctx->decrypt_ticket_cb = dec_cb;
  5965. ctx->ticket_cb_data = arg;
  5966. return 1;
  5967. }
  5968. void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
  5969. SSL_allow_early_data_cb_fn cb,
  5970. void *arg)
  5971. {
  5972. ctx->allow_early_data_cb = cb;
  5973. ctx->allow_early_data_cb_data = arg;
  5974. }
  5975. void SSL_set_allow_early_data_cb(SSL *s,
  5976. SSL_allow_early_data_cb_fn cb,
  5977. void *arg)
  5978. {
  5979. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  5980. if (sc == NULL)
  5981. return;
  5982. sc->allow_early_data_cb = cb;
  5983. sc->allow_early_data_cb_data = arg;
  5984. }
  5985. const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx,
  5986. int nid,
  5987. const char *properties)
  5988. {
  5989. const EVP_CIPHER *ciph;
  5990. ciph = tls_get_cipher_from_engine(nid);
  5991. if (ciph != NULL)
  5992. return ciph;
  5993. /*
  5994. * If there is no engine cipher then we do an explicit fetch. This may fail
  5995. * and that could be ok
  5996. */
  5997. ERR_set_mark();
  5998. ciph = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties);
  5999. ERR_pop_to_mark();
  6000. return ciph;
  6001. }
  6002. int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher)
  6003. {
  6004. /* Don't up-ref an implicit EVP_CIPHER */
  6005. if (EVP_CIPHER_get0_provider(cipher) == NULL)
  6006. return 1;
  6007. /*
  6008. * The cipher was explicitly fetched and therefore it is safe to cast
  6009. * away the const
  6010. */
  6011. return EVP_CIPHER_up_ref((EVP_CIPHER *)cipher);
  6012. }
  6013. void ssl_evp_cipher_free(const EVP_CIPHER *cipher)
  6014. {
  6015. if (cipher == NULL)
  6016. return;
  6017. if (EVP_CIPHER_get0_provider(cipher) != NULL) {
  6018. /*
  6019. * The cipher was explicitly fetched and therefore it is safe to cast
  6020. * away the const
  6021. */
  6022. EVP_CIPHER_free((EVP_CIPHER *)cipher);
  6023. }
  6024. }
  6025. const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx,
  6026. int nid,
  6027. const char *properties)
  6028. {
  6029. const EVP_MD *md;
  6030. md = tls_get_digest_from_engine(nid);
  6031. if (md != NULL)
  6032. return md;
  6033. /* Otherwise we do an explicit fetch */
  6034. ERR_set_mark();
  6035. md = EVP_MD_fetch(libctx, OBJ_nid2sn(nid), properties);
  6036. ERR_pop_to_mark();
  6037. return md;
  6038. }
  6039. int ssl_evp_md_up_ref(const EVP_MD *md)
  6040. {
  6041. /* Don't up-ref an implicit EVP_MD */
  6042. if (EVP_MD_get0_provider(md) == NULL)
  6043. return 1;
  6044. /*
  6045. * The digest was explicitly fetched and therefore it is safe to cast
  6046. * away the const
  6047. */
  6048. return EVP_MD_up_ref((EVP_MD *)md);
  6049. }
  6050. void ssl_evp_md_free(const EVP_MD *md)
  6051. {
  6052. if (md == NULL)
  6053. return;
  6054. if (EVP_MD_get0_provider(md) != NULL) {
  6055. /*
  6056. * The digest was explicitly fetched and therefore it is safe to cast
  6057. * away the const
  6058. */
  6059. EVP_MD_free((EVP_MD *)md);
  6060. }
  6061. }
  6062. int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey)
  6063. {
  6064. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6065. if (sc == NULL)
  6066. return 0;
  6067. if (!ssl_security(sc, SSL_SECOP_TMP_DH,
  6068. EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
  6069. ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
  6070. return 0;
  6071. }
  6072. EVP_PKEY_free(sc->cert->dh_tmp);
  6073. sc->cert->dh_tmp = dhpkey;
  6074. return 1;
  6075. }
  6076. int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey)
  6077. {
  6078. if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
  6079. EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
  6080. ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
  6081. return 0;
  6082. }
  6083. EVP_PKEY_free(ctx->cert->dh_tmp);
  6084. ctx->cert->dh_tmp = dhpkey;
  6085. return 1;
  6086. }
  6087. /* QUIC-specific methods which are supported on QUIC connections only. */
  6088. int SSL_handle_events(SSL *s)
  6089. {
  6090. SSL_CONNECTION *sc;
  6091. #ifndef OPENSSL_NO_QUIC
  6092. if (IS_QUIC(s))
  6093. return ossl_quic_handle_events(s);
  6094. #endif
  6095. sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  6096. if (sc != NULL && SSL_CONNECTION_IS_DTLS(sc))
  6097. /*
  6098. * DTLSv1_handle_timeout returns 0 if the timer wasn't expired yet,
  6099. * which we consider a success case. Theoretically DTLSv1_handle_timeout
  6100. * can also return 0 if s is NULL or not a DTLS object, but we've
  6101. * already ruled out those possibilities above, so this is not possible
  6102. * here. Thus the only failure cases are where DTLSv1_handle_timeout
  6103. * returns -1.
  6104. */
  6105. return DTLSv1_handle_timeout(s) >= 0;
  6106. return 1;
  6107. }
  6108. int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
  6109. {
  6110. SSL_CONNECTION *sc;
  6111. #ifndef OPENSSL_NO_QUIC
  6112. if (IS_QUIC(s))
  6113. return ossl_quic_get_event_timeout(s, tv, is_infinite);
  6114. #endif
  6115. sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  6116. if (sc != NULL && SSL_CONNECTION_IS_DTLS(sc)
  6117. && DTLSv1_get_timeout(s, tv)) {
  6118. *is_infinite = 0;
  6119. return 1;
  6120. }
  6121. tv->tv_sec = 1000000;
  6122. tv->tv_usec = 0;
  6123. *is_infinite = 1;
  6124. return 1;
  6125. }
  6126. int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
  6127. {
  6128. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6129. #ifndef OPENSSL_NO_QUIC
  6130. if (IS_QUIC(s))
  6131. return ossl_quic_get_rpoll_descriptor(s, desc);
  6132. #endif
  6133. if (sc == NULL || sc->rbio == NULL)
  6134. return 0;
  6135. return BIO_get_rpoll_descriptor(sc->rbio, desc);
  6136. }
  6137. int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
  6138. {
  6139. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6140. #ifndef OPENSSL_NO_QUIC
  6141. if (IS_QUIC(s))
  6142. return ossl_quic_get_wpoll_descriptor(s, desc);
  6143. #endif
  6144. if (sc == NULL || sc->wbio == NULL)
  6145. return 0;
  6146. return BIO_get_wpoll_descriptor(sc->wbio, desc);
  6147. }
  6148. int SSL_net_read_desired(SSL *s)
  6149. {
  6150. #ifndef OPENSSL_NO_QUIC
  6151. if (!IS_QUIC(s))
  6152. return SSL_want_read(s);
  6153. return ossl_quic_get_net_read_desired(s);
  6154. #else
  6155. return SSL_want_read(s);
  6156. #endif
  6157. }
  6158. int SSL_net_write_desired(SSL *s)
  6159. {
  6160. #ifndef OPENSSL_NO_QUIC
  6161. if (!IS_QUIC(s))
  6162. return SSL_want_write(s);
  6163. return ossl_quic_get_net_write_desired(s);
  6164. #else
  6165. return SSL_want_write(s);
  6166. #endif
  6167. }
  6168. int SSL_set_blocking_mode(SSL *s, int blocking)
  6169. {
  6170. #ifndef OPENSSL_NO_QUIC
  6171. if (!IS_QUIC(s))
  6172. return 0;
  6173. return ossl_quic_conn_set_blocking_mode(s, blocking);
  6174. #else
  6175. return 0;
  6176. #endif
  6177. }
  6178. int SSL_get_blocking_mode(SSL *s)
  6179. {
  6180. #ifndef OPENSSL_NO_QUIC
  6181. if (!IS_QUIC(s))
  6182. return -1;
  6183. return ossl_quic_conn_get_blocking_mode(s);
  6184. #else
  6185. return -1;
  6186. #endif
  6187. }
  6188. int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr)
  6189. {
  6190. #ifndef OPENSSL_NO_QUIC
  6191. if (!IS_QUIC(s))
  6192. return 0;
  6193. return ossl_quic_conn_set_initial_peer_addr(s, peer_addr);
  6194. #else
  6195. return 0;
  6196. #endif
  6197. }
  6198. int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
  6199. const SSL_SHUTDOWN_EX_ARGS *args,
  6200. size_t args_len)
  6201. {
  6202. #ifndef OPENSSL_NO_QUIC
  6203. if (!IS_QUIC(ssl))
  6204. return SSL_shutdown(ssl);
  6205. return ossl_quic_conn_shutdown(ssl, flags, args, args_len);
  6206. #else
  6207. return SSL_shutdown(ssl);
  6208. #endif
  6209. }
  6210. int SSL_stream_conclude(SSL *ssl, uint64_t flags)
  6211. {
  6212. #ifndef OPENSSL_NO_QUIC
  6213. if (!IS_QUIC(ssl))
  6214. return 0;
  6215. return ossl_quic_conn_stream_conclude(ssl);
  6216. #else
  6217. return 0;
  6218. #endif
  6219. }
  6220. SSL *SSL_new_stream(SSL *s, uint64_t flags)
  6221. {
  6222. #ifndef OPENSSL_NO_QUIC
  6223. if (!IS_QUIC(s))
  6224. return NULL;
  6225. return ossl_quic_conn_stream_new(s, flags);
  6226. #else
  6227. return NULL;
  6228. #endif
  6229. }
  6230. SSL *SSL_get0_connection(SSL *s)
  6231. {
  6232. #ifndef OPENSSL_NO_QUIC
  6233. if (!IS_QUIC(s))
  6234. return s;
  6235. return ossl_quic_get0_connection(s);
  6236. #else
  6237. return s;
  6238. #endif
  6239. }
  6240. int SSL_is_connection(SSL *s)
  6241. {
  6242. return SSL_get0_connection(s) == s;
  6243. }
  6244. int SSL_get_stream_type(SSL *s)
  6245. {
  6246. #ifndef OPENSSL_NO_QUIC
  6247. if (!IS_QUIC(s))
  6248. return SSL_STREAM_TYPE_BIDI;
  6249. return ossl_quic_get_stream_type(s);
  6250. #else
  6251. return SSL_STREAM_TYPE_BIDI;
  6252. #endif
  6253. }
  6254. uint64_t SSL_get_stream_id(SSL *s)
  6255. {
  6256. #ifndef OPENSSL_NO_QUIC
  6257. if (!IS_QUIC(s))
  6258. return UINT64_MAX;
  6259. return ossl_quic_get_stream_id(s);
  6260. #else
  6261. return UINT64_MAX;
  6262. #endif
  6263. }
  6264. int SSL_is_stream_local(SSL *s)
  6265. {
  6266. #ifndef OPENSSL_NO_QUIC
  6267. if (!IS_QUIC(s))
  6268. return -1;
  6269. return ossl_quic_is_stream_local(s);
  6270. #else
  6271. return -1;
  6272. #endif
  6273. }
  6274. int SSL_set_default_stream_mode(SSL *s, uint32_t mode)
  6275. {
  6276. #ifndef OPENSSL_NO_QUIC
  6277. if (!IS_QUIC(s))
  6278. return 0;
  6279. return ossl_quic_set_default_stream_mode(s, mode);
  6280. #else
  6281. return 0;
  6282. #endif
  6283. }
  6284. int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec)
  6285. {
  6286. #ifndef OPENSSL_NO_QUIC
  6287. if (!IS_QUIC(s))
  6288. return 0;
  6289. return ossl_quic_set_incoming_stream_policy(s, policy, aec);
  6290. #else
  6291. return 0;
  6292. #endif
  6293. }
  6294. SSL *SSL_accept_stream(SSL *s, uint64_t flags)
  6295. {
  6296. #ifndef OPENSSL_NO_QUIC
  6297. if (!IS_QUIC(s))
  6298. return NULL;
  6299. return ossl_quic_accept_stream(s, flags);
  6300. #else
  6301. return NULL;
  6302. #endif
  6303. }
  6304. size_t SSL_get_accept_stream_queue_len(SSL *s)
  6305. {
  6306. #ifndef OPENSSL_NO_QUIC
  6307. if (!IS_QUIC(s))
  6308. return 0;
  6309. return ossl_quic_get_accept_stream_queue_len(s);
  6310. #else
  6311. return 0;
  6312. #endif
  6313. }
  6314. int SSL_stream_reset(SSL *s,
  6315. const SSL_STREAM_RESET_ARGS *args,
  6316. size_t args_len)
  6317. {
  6318. #ifndef OPENSSL_NO_QUIC
  6319. if (!IS_QUIC(s))
  6320. return 0;
  6321. return ossl_quic_stream_reset(s, args, args_len);
  6322. #else
  6323. return 0;
  6324. #endif
  6325. }
  6326. int SSL_get_stream_read_state(SSL *s)
  6327. {
  6328. #ifndef OPENSSL_NO_QUIC
  6329. if (!IS_QUIC(s))
  6330. return SSL_STREAM_STATE_NONE;
  6331. return ossl_quic_get_stream_read_state(s);
  6332. #else
  6333. return SSL_STREAM_STATE_NONE;
  6334. #endif
  6335. }
  6336. int SSL_get_stream_write_state(SSL *s)
  6337. {
  6338. #ifndef OPENSSL_NO_QUIC
  6339. if (!IS_QUIC(s))
  6340. return SSL_STREAM_STATE_NONE;
  6341. return ossl_quic_get_stream_write_state(s);
  6342. #else
  6343. return SSL_STREAM_STATE_NONE;
  6344. #endif
  6345. }
  6346. int SSL_get_stream_read_error_code(SSL *s, uint64_t *app_error_code)
  6347. {
  6348. #ifndef OPENSSL_NO_QUIC
  6349. if (!IS_QUIC(s))
  6350. return -1;
  6351. return ossl_quic_get_stream_read_error_code(s, app_error_code);
  6352. #else
  6353. return -1;
  6354. #endif
  6355. }
  6356. int SSL_get_stream_write_error_code(SSL *s, uint64_t *app_error_code)
  6357. {
  6358. #ifndef OPENSSL_NO_QUIC
  6359. if (!IS_QUIC(s))
  6360. return -1;
  6361. return ossl_quic_get_stream_write_error_code(s, app_error_code);
  6362. #else
  6363. return -1;
  6364. #endif
  6365. }
  6366. int SSL_get_conn_close_info(SSL *s, SSL_CONN_CLOSE_INFO *info,
  6367. size_t info_len)
  6368. {
  6369. #ifndef OPENSSL_NO_QUIC
  6370. if (!IS_QUIC(s))
  6371. return -1;
  6372. return ossl_quic_get_conn_close_info(s, info, info_len);
  6373. #else
  6374. return -1;
  6375. #endif
  6376. }
  6377. int SSL_get_value_uint(SSL *s, uint32_t class_, uint32_t id,
  6378. uint64_t *value)
  6379. {
  6380. #ifndef OPENSSL_NO_QUIC
  6381. if (IS_QUIC(s))
  6382. return ossl_quic_get_value_uint(s, class_, id, value);
  6383. #endif
  6384. ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_PROTOCOL);
  6385. return 0;
  6386. }
  6387. int SSL_set_value_uint(SSL *s, uint32_t class_, uint32_t id,
  6388. uint64_t value)
  6389. {
  6390. #ifndef OPENSSL_NO_QUIC
  6391. if (IS_QUIC(s))
  6392. return ossl_quic_set_value_uint(s, class_, id, value);
  6393. #endif
  6394. ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_PROTOCOL);
  6395. return 0;
  6396. }
  6397. int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk)
  6398. {
  6399. unsigned char *data = NULL;
  6400. SSL_DANE *dane = SSL_get0_dane(s);
  6401. int ret;
  6402. if (dane == NULL || dane->dctx == NULL)
  6403. return 0;
  6404. if ((ret = i2d_PUBKEY(rpk, &data)) <= 0)
  6405. return 0;
  6406. ret = SSL_dane_tlsa_add(s, DANETLS_USAGE_DANE_EE,
  6407. DANETLS_SELECTOR_SPKI,
  6408. DANETLS_MATCHING_FULL,
  6409. data, (size_t)ret) > 0;
  6410. OPENSSL_free(data);
  6411. return ret;
  6412. }
  6413. EVP_PKEY *SSL_get0_peer_rpk(const SSL *s)
  6414. {
  6415. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6416. if (sc == NULL || sc->session == NULL)
  6417. return NULL;
  6418. return sc->session->peer_rpk;
  6419. }
  6420. int SSL_get_negotiated_client_cert_type(const SSL *s)
  6421. {
  6422. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6423. if (sc == NULL)
  6424. return 0;
  6425. return sc->ext.client_cert_type;
  6426. }
  6427. int SSL_get_negotiated_server_cert_type(const SSL *s)
  6428. {
  6429. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6430. if (sc == NULL)
  6431. return 0;
  6432. return sc->ext.server_cert_type;
  6433. }
  6434. static int validate_cert_type(const unsigned char *val, size_t len)
  6435. {
  6436. size_t i;
  6437. int saw_rpk = 0;
  6438. int saw_x509 = 0;
  6439. if (val == NULL && len == 0)
  6440. return 1;
  6441. if (val == NULL || len == 0)
  6442. return 0;
  6443. for (i = 0; i < len; i++) {
  6444. switch (val[i]) {
  6445. case TLSEXT_cert_type_rpk:
  6446. if (saw_rpk)
  6447. return 0;
  6448. saw_rpk = 1;
  6449. break;
  6450. case TLSEXT_cert_type_x509:
  6451. if (saw_x509)
  6452. return 0;
  6453. saw_x509 = 1;
  6454. break;
  6455. case TLSEXT_cert_type_pgp:
  6456. case TLSEXT_cert_type_1609dot2:
  6457. default:
  6458. return 0;
  6459. }
  6460. }
  6461. return 1;
  6462. }
  6463. static int set_cert_type(unsigned char **cert_type,
  6464. size_t *cert_type_len,
  6465. const unsigned char *val,
  6466. size_t len)
  6467. {
  6468. unsigned char *tmp = NULL;
  6469. if (!validate_cert_type(val, len))
  6470. return 0;
  6471. if (val != NULL && (tmp = OPENSSL_memdup(val, len)) == NULL)
  6472. return 0;
  6473. OPENSSL_free(*cert_type);
  6474. *cert_type = tmp;
  6475. *cert_type_len = len;
  6476. return 1;
  6477. }
  6478. int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len)
  6479. {
  6480. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6481. return set_cert_type(&sc->client_cert_type, &sc->client_cert_type_len,
  6482. val, len);
  6483. }
  6484. int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len)
  6485. {
  6486. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6487. return set_cert_type(&sc->server_cert_type, &sc->server_cert_type_len,
  6488. val, len);
  6489. }
  6490. int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len)
  6491. {
  6492. return set_cert_type(&ctx->client_cert_type, &ctx->client_cert_type_len,
  6493. val, len);
  6494. }
  6495. int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len)
  6496. {
  6497. return set_cert_type(&ctx->server_cert_type, &ctx->server_cert_type_len,
  6498. val, len);
  6499. }
  6500. int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len)
  6501. {
  6502. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  6503. if (t == NULL || len == NULL)
  6504. return 0;
  6505. *t = sc->client_cert_type;
  6506. *len = sc->client_cert_type_len;
  6507. return 1;
  6508. }
  6509. int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len)
  6510. {
  6511. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  6512. if (t == NULL || len == NULL)
  6513. return 0;
  6514. *t = sc->server_cert_type;
  6515. *len = sc->server_cert_type_len;
  6516. return 1;
  6517. }
  6518. int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len)
  6519. {
  6520. if (t == NULL || len == NULL)
  6521. return 0;
  6522. *t = ctx->client_cert_type;
  6523. *len = ctx->client_cert_type_len;
  6524. return 1;
  6525. }
  6526. int SSL_CTX_get0_server_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len)
  6527. {
  6528. if (t == NULL || len == NULL)
  6529. return 0;
  6530. *t = ctx->server_cert_type;
  6531. *len = ctx->server_cert_type_len;
  6532. return 1;
  6533. }