ssl_lib.c 165 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579558055815582558355845585558655875588558955905591559255935594559555965597559855995600560156025603560456055606560756085609561056115612561356145615561656175618561956205621562256235624562556265627562856295630563156325633563456355636563756385639564056415642564356445645564656475648564956505651565256535654565556565657565856595660566156625663566456655666566756685669567056715672567356745675567656775678567956805681568256835684568556865687568856895690569156925693569456955696569756985699570057015702570357045705570657075708570957105711571257135714571557165717571857195720572157225723572457255726572757285729573057315732573357345735573657375738573957405741574257435744574557465747574857495750575157525753575457555756575757585759576057615762576357645765576657675768576957705771577257735774577557765777577857795780578157825783578457855786578757885789579057915792579357945795579657975798579958005801580258035804580558065807580858095810581158125813581458155816581758185819582058215822582358245825582658275828582958305831583258335834583558365837583858395840584158425843584458455846584758485849585058515852585358545855585658575858585958605861586258635864586558665867586858695870587158725873587458755876587758785879588058815882588358845885588658875888588958905891589258935894589558965897589858995900590159025903590459055906590759085909591059115912591359145915591659175918591959205921592259235924592559265927592859295930593159325933593459355936593759385939594059415942594359445945594659475948594959505951595259535954595559565957595859595960596159625963
  1. /*
  2. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  4. * Copyright 2005 Nokia. All rights reserved.
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. /* We need to use some engine deprecated APIs */
  12. #define OPENSSL_SUPPRESS_DEPRECATED
  13. #include <stdio.h>
  14. #include "ssl_local.h"
  15. #include "e_os.h"
  16. #include <openssl/objects.h>
  17. #include <openssl/x509v3.h>
  18. #include <openssl/rand.h>
  19. #include <openssl/rand_drbg.h>
  20. #include <openssl/ocsp.h>
  21. #include <openssl/dh.h>
  22. #include <openssl/engine.h>
  23. #include <openssl/async.h>
  24. #include <openssl/ct.h>
  25. #include <openssl/trace.h>
  26. #include "internal/cryptlib.h"
  27. #include "internal/refcount.h"
  28. #include "internal/ktls.h"
  29. DEFINE_STACK_OF(X509)
  30. DEFINE_STACK_OF(X509_NAME)
  31. DEFINE_STACK_OF_CONST(SSL_CIPHER)
  32. DEFINE_STACK_OF(X509_EXTENSION)
  33. DEFINE_STACK_OF(OCSP_RESPID)
  34. DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
  35. DEFINE_STACK_OF(SCT)
  36. static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t,
  37. SSL_MAC_BUF *mac, size_t macsize)
  38. {
  39. return ssl_undefined_function(ssl);
  40. }
  41. static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s,
  42. int t)
  43. {
  44. return ssl_undefined_function(ssl);
  45. }
  46. static int ssl_undefined_function_3(SSL *ssl, unsigned char *r,
  47. unsigned char *s, size_t t, size_t *u)
  48. {
  49. return ssl_undefined_function(ssl);
  50. }
  51. static int ssl_undefined_function_4(SSL *ssl, int r)
  52. {
  53. return ssl_undefined_function(ssl);
  54. }
  55. static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s,
  56. unsigned char *t)
  57. {
  58. return ssl_undefined_function(ssl);
  59. }
  60. static int ssl_undefined_function_6(int r)
  61. {
  62. return ssl_undefined_function(NULL);
  63. }
  64. static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s,
  65. const char *t, size_t u,
  66. const unsigned char *v, size_t w, int x)
  67. {
  68. return ssl_undefined_function(ssl);
  69. }
  70. SSL3_ENC_METHOD ssl3_undef_enc_method = {
  71. ssl_undefined_function_1,
  72. ssl_undefined_function_2,
  73. ssl_undefined_function,
  74. ssl_undefined_function_3,
  75. ssl_undefined_function_4,
  76. ssl_undefined_function_5,
  77. NULL, /* client_finished_label */
  78. 0, /* client_finished_label_len */
  79. NULL, /* server_finished_label */
  80. 0, /* server_finished_label_len */
  81. ssl_undefined_function_6,
  82. ssl_undefined_function_7,
  83. };
  84. struct ssl_async_args {
  85. SSL *s;
  86. void *buf;
  87. size_t num;
  88. enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
  89. union {
  90. int (*func_read) (SSL *, void *, size_t, size_t *);
  91. int (*func_write) (SSL *, const void *, size_t, size_t *);
  92. int (*func_other) (SSL *);
  93. } f;
  94. };
  95. static const struct {
  96. uint8_t mtype;
  97. uint8_t ord;
  98. int nid;
  99. } dane_mds[] = {
  100. {
  101. DANETLS_MATCHING_FULL, 0, NID_undef
  102. },
  103. {
  104. DANETLS_MATCHING_2256, 1, NID_sha256
  105. },
  106. {
  107. DANETLS_MATCHING_2512, 2, NID_sha512
  108. },
  109. };
  110. static int dane_ctx_enable(struct dane_ctx_st *dctx)
  111. {
  112. const EVP_MD **mdevp;
  113. uint8_t *mdord;
  114. uint8_t mdmax = DANETLS_MATCHING_LAST;
  115. int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */
  116. size_t i;
  117. if (dctx->mdevp != NULL)
  118. return 1;
  119. mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
  120. mdord = OPENSSL_zalloc(n * sizeof(*mdord));
  121. if (mdord == NULL || mdevp == NULL) {
  122. OPENSSL_free(mdord);
  123. OPENSSL_free(mdevp);
  124. SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
  125. return 0;
  126. }
  127. /* Install default entries */
  128. for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
  129. const EVP_MD *md;
  130. if (dane_mds[i].nid == NID_undef ||
  131. (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
  132. continue;
  133. mdevp[dane_mds[i].mtype] = md;
  134. mdord[dane_mds[i].mtype] = dane_mds[i].ord;
  135. }
  136. dctx->mdevp = mdevp;
  137. dctx->mdord = mdord;
  138. dctx->mdmax = mdmax;
  139. return 1;
  140. }
  141. static void dane_ctx_final(struct dane_ctx_st *dctx)
  142. {
  143. OPENSSL_free(dctx->mdevp);
  144. dctx->mdevp = NULL;
  145. OPENSSL_free(dctx->mdord);
  146. dctx->mdord = NULL;
  147. dctx->mdmax = 0;
  148. }
  149. static void tlsa_free(danetls_record *t)
  150. {
  151. if (t == NULL)
  152. return;
  153. OPENSSL_free(t->data);
  154. EVP_PKEY_free(t->spki);
  155. OPENSSL_free(t);
  156. }
  157. static void dane_final(SSL_DANE *dane)
  158. {
  159. sk_danetls_record_pop_free(dane->trecs, tlsa_free);
  160. dane->trecs = NULL;
  161. sk_X509_pop_free(dane->certs, X509_free);
  162. dane->certs = NULL;
  163. X509_free(dane->mcert);
  164. dane->mcert = NULL;
  165. dane->mtlsa = NULL;
  166. dane->mdpth = -1;
  167. dane->pdpth = -1;
  168. }
  169. /*
  170. * dane_copy - Copy dane configuration, sans verification state.
  171. */
  172. static int ssl_dane_dup(SSL *to, SSL *from)
  173. {
  174. int num;
  175. int i;
  176. if (!DANETLS_ENABLED(&from->dane))
  177. return 1;
  178. num = sk_danetls_record_num(from->dane.trecs);
  179. dane_final(&to->dane);
  180. to->dane.flags = from->dane.flags;
  181. to->dane.dctx = &to->ctx->dane;
  182. to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
  183. if (to->dane.trecs == NULL) {
  184. SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
  185. return 0;
  186. }
  187. for (i = 0; i < num; ++i) {
  188. danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
  189. if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
  190. t->data, t->dlen) <= 0)
  191. return 0;
  192. }
  193. return 1;
  194. }
  195. static int dane_mtype_set(struct dane_ctx_st *dctx,
  196. const EVP_MD *md, uint8_t mtype, uint8_t ord)
  197. {
  198. int i;
  199. if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
  200. SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
  201. return 0;
  202. }
  203. if (mtype > dctx->mdmax) {
  204. const EVP_MD **mdevp;
  205. uint8_t *mdord;
  206. int n = ((int)mtype) + 1;
  207. mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
  208. if (mdevp == NULL) {
  209. SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
  210. return -1;
  211. }
  212. dctx->mdevp = mdevp;
  213. mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
  214. if (mdord == NULL) {
  215. SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
  216. return -1;
  217. }
  218. dctx->mdord = mdord;
  219. /* Zero-fill any gaps */
  220. for (i = dctx->mdmax + 1; i < mtype; ++i) {
  221. mdevp[i] = NULL;
  222. mdord[i] = 0;
  223. }
  224. dctx->mdmax = mtype;
  225. }
  226. dctx->mdevp[mtype] = md;
  227. /* Coerce ordinal of disabled matching types to 0 */
  228. dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
  229. return 1;
  230. }
  231. static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
  232. {
  233. if (mtype > dane->dctx->mdmax)
  234. return NULL;
  235. return dane->dctx->mdevp[mtype];
  236. }
  237. static int dane_tlsa_add(SSL_DANE *dane,
  238. uint8_t usage,
  239. uint8_t selector,
  240. uint8_t mtype, unsigned const char *data, size_t dlen)
  241. {
  242. danetls_record *t;
  243. const EVP_MD *md = NULL;
  244. int ilen = (int)dlen;
  245. int i;
  246. int num;
  247. if (dane->trecs == NULL) {
  248. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
  249. return -1;
  250. }
  251. if (ilen < 0 || dlen != (size_t)ilen) {
  252. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
  253. return 0;
  254. }
  255. if (usage > DANETLS_USAGE_LAST) {
  256. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
  257. return 0;
  258. }
  259. if (selector > DANETLS_SELECTOR_LAST) {
  260. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);
  261. return 0;
  262. }
  263. if (mtype != DANETLS_MATCHING_FULL) {
  264. md = tlsa_md_get(dane, mtype);
  265. if (md == NULL) {
  266. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
  267. return 0;
  268. }
  269. }
  270. if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
  271. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
  272. return 0;
  273. }
  274. if (!data) {
  275. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);
  276. return 0;
  277. }
  278. if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
  279. SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
  280. return -1;
  281. }
  282. t->usage = usage;
  283. t->selector = selector;
  284. t->mtype = mtype;
  285. t->data = OPENSSL_malloc(dlen);
  286. if (t->data == NULL) {
  287. tlsa_free(t);
  288. SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
  289. return -1;
  290. }
  291. memcpy(t->data, data, dlen);
  292. t->dlen = dlen;
  293. /* Validate and cache full certificate or public key */
  294. if (mtype == DANETLS_MATCHING_FULL) {
  295. const unsigned char *p = data;
  296. X509 *cert = NULL;
  297. EVP_PKEY *pkey = NULL;
  298. switch (selector) {
  299. case DANETLS_SELECTOR_CERT:
  300. if (!d2i_X509(&cert, &p, ilen) || p < data ||
  301. dlen != (size_t)(p - data)) {
  302. tlsa_free(t);
  303. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  304. return 0;
  305. }
  306. if (X509_get0_pubkey(cert) == NULL) {
  307. tlsa_free(t);
  308. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  309. return 0;
  310. }
  311. if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
  312. X509_free(cert);
  313. break;
  314. }
  315. /*
  316. * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
  317. * records that contain full certificates of trust-anchors that are
  318. * not present in the wire chain. For usage PKIX-TA(0), we augment
  319. * the chain with untrusted Full(0) certificates from DNS, in case
  320. * they are missing from the chain.
  321. */
  322. if ((dane->certs == NULL &&
  323. (dane->certs = sk_X509_new_null()) == NULL) ||
  324. !sk_X509_push(dane->certs, cert)) {
  325. SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
  326. X509_free(cert);
  327. tlsa_free(t);
  328. return -1;
  329. }
  330. break;
  331. case DANETLS_SELECTOR_SPKI:
  332. if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
  333. dlen != (size_t)(p - data)) {
  334. tlsa_free(t);
  335. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
  336. return 0;
  337. }
  338. /*
  339. * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
  340. * records that contain full bare keys of trust-anchors that are
  341. * not present in the wire chain.
  342. */
  343. if (usage == DANETLS_USAGE_DANE_TA)
  344. t->spki = pkey;
  345. else
  346. EVP_PKEY_free(pkey);
  347. break;
  348. }
  349. }
  350. /*-
  351. * Find the right insertion point for the new record.
  352. *
  353. * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that
  354. * they can be processed first, as they require no chain building, and no
  355. * expiration or hostname checks. Because DANE-EE(3) is numerically
  356. * largest, this is accomplished via descending sort by "usage".
  357. *
  358. * We also sort in descending order by matching ordinal to simplify
  359. * the implementation of digest agility in the verification code.
  360. *
  361. * The choice of order for the selector is not significant, so we
  362. * use the same descending order for consistency.
  363. */
  364. num = sk_danetls_record_num(dane->trecs);
  365. for (i = 0; i < num; ++i) {
  366. danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
  367. if (rec->usage > usage)
  368. continue;
  369. if (rec->usage < usage)
  370. break;
  371. if (rec->selector > selector)
  372. continue;
  373. if (rec->selector < selector)
  374. break;
  375. if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
  376. continue;
  377. break;
  378. }
  379. if (!sk_danetls_record_insert(dane->trecs, t, i)) {
  380. tlsa_free(t);
  381. SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
  382. return -1;
  383. }
  384. dane->umask |= DANETLS_USAGE_BIT(usage);
  385. return 1;
  386. }
  387. /*
  388. * Return 0 if there is only one version configured and it was disabled
  389. * at configure time. Return 1 otherwise.
  390. */
  391. static int ssl_check_allowed_versions(int min_version, int max_version)
  392. {
  393. int minisdtls = 0, maxisdtls = 0;
  394. /* Figure out if we're doing DTLS versions or TLS versions */
  395. if (min_version == DTLS1_BAD_VER
  396. || min_version >> 8 == DTLS1_VERSION_MAJOR)
  397. minisdtls = 1;
  398. if (max_version == DTLS1_BAD_VER
  399. || max_version >> 8 == DTLS1_VERSION_MAJOR)
  400. maxisdtls = 1;
  401. /* A wildcard version of 0 could be DTLS or TLS. */
  402. if ((minisdtls && !maxisdtls && max_version != 0)
  403. || (maxisdtls && !minisdtls && min_version != 0)) {
  404. /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
  405. return 0;
  406. }
  407. if (minisdtls || maxisdtls) {
  408. /* Do DTLS version checks. */
  409. if (min_version == 0)
  410. /* Ignore DTLS1_BAD_VER */
  411. min_version = DTLS1_VERSION;
  412. if (max_version == 0)
  413. max_version = DTLS1_2_VERSION;
  414. #ifdef OPENSSL_NO_DTLS1_2
  415. if (max_version == DTLS1_2_VERSION)
  416. max_version = DTLS1_VERSION;
  417. #endif
  418. #ifdef OPENSSL_NO_DTLS1
  419. if (min_version == DTLS1_VERSION)
  420. min_version = DTLS1_2_VERSION;
  421. #endif
  422. /* Done massaging versions; do the check. */
  423. if (0
  424. #ifdef OPENSSL_NO_DTLS1
  425. || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
  426. && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
  427. #endif
  428. #ifdef OPENSSL_NO_DTLS1_2
  429. || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
  430. && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
  431. #endif
  432. )
  433. return 0;
  434. } else {
  435. /* Regular TLS version checks. */
  436. if (min_version == 0)
  437. min_version = SSL3_VERSION;
  438. if (max_version == 0)
  439. max_version = TLS1_3_VERSION;
  440. #ifdef OPENSSL_NO_TLS1_3
  441. if (max_version == TLS1_3_VERSION)
  442. max_version = TLS1_2_VERSION;
  443. #endif
  444. #ifdef OPENSSL_NO_TLS1_2
  445. if (max_version == TLS1_2_VERSION)
  446. max_version = TLS1_1_VERSION;
  447. #endif
  448. #ifdef OPENSSL_NO_TLS1_1
  449. if (max_version == TLS1_1_VERSION)
  450. max_version = TLS1_VERSION;
  451. #endif
  452. #ifdef OPENSSL_NO_TLS1
  453. if (max_version == TLS1_VERSION)
  454. max_version = SSL3_VERSION;
  455. #endif
  456. #ifdef OPENSSL_NO_SSL3
  457. if (min_version == SSL3_VERSION)
  458. min_version = TLS1_VERSION;
  459. #endif
  460. #ifdef OPENSSL_NO_TLS1
  461. if (min_version == TLS1_VERSION)
  462. min_version = TLS1_1_VERSION;
  463. #endif
  464. #ifdef OPENSSL_NO_TLS1_1
  465. if (min_version == TLS1_1_VERSION)
  466. min_version = TLS1_2_VERSION;
  467. #endif
  468. #ifdef OPENSSL_NO_TLS1_2
  469. if (min_version == TLS1_2_VERSION)
  470. min_version = TLS1_3_VERSION;
  471. #endif
  472. /* Done massaging versions; do the check. */
  473. if (0
  474. #ifdef OPENSSL_NO_SSL3
  475. || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
  476. #endif
  477. #ifdef OPENSSL_NO_TLS1
  478. || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
  479. #endif
  480. #ifdef OPENSSL_NO_TLS1_1
  481. || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
  482. #endif
  483. #ifdef OPENSSL_NO_TLS1_2
  484. || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
  485. #endif
  486. #ifdef OPENSSL_NO_TLS1_3
  487. || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
  488. #endif
  489. )
  490. return 0;
  491. }
  492. return 1;
  493. }
  494. static void clear_ciphers(SSL *s)
  495. {
  496. /* clear the current cipher */
  497. ssl_clear_cipher_ctx(s);
  498. ssl_clear_hash_ctx(&s->read_hash);
  499. ssl_clear_hash_ctx(&s->write_hash);
  500. }
  501. int SSL_clear(SSL *s)
  502. {
  503. if (s->method == NULL) {
  504. SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
  505. return 0;
  506. }
  507. if (ssl_clear_bad_session(s)) {
  508. SSL_SESSION_free(s->session);
  509. s->session = NULL;
  510. }
  511. SSL_SESSION_free(s->psksession);
  512. s->psksession = NULL;
  513. OPENSSL_free(s->psksession_id);
  514. s->psksession_id = NULL;
  515. s->psksession_id_len = 0;
  516. s->hello_retry_request = 0;
  517. s->sent_tickets = 0;
  518. s->error = 0;
  519. s->hit = 0;
  520. s->shutdown = 0;
  521. if (s->renegotiate) {
  522. SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
  523. return 0;
  524. }
  525. ossl_statem_clear(s);
  526. s->version = s->method->version;
  527. s->client_version = s->version;
  528. s->rwstate = SSL_NOTHING;
  529. BUF_MEM_free(s->init_buf);
  530. s->init_buf = NULL;
  531. clear_ciphers(s);
  532. s->first_packet = 0;
  533. s->key_update = SSL_KEY_UPDATE_NONE;
  534. EVP_MD_CTX_free(s->pha_dgst);
  535. s->pha_dgst = NULL;
  536. /* Reset DANE verification result state */
  537. s->dane.mdpth = -1;
  538. s->dane.pdpth = -1;
  539. X509_free(s->dane.mcert);
  540. s->dane.mcert = NULL;
  541. s->dane.mtlsa = NULL;
  542. /* Clear the verification result peername */
  543. X509_VERIFY_PARAM_move_peername(s->param, NULL);
  544. /* Clear any shared connection state */
  545. OPENSSL_free(s->shared_sigalgs);
  546. s->shared_sigalgs = NULL;
  547. s->shared_sigalgslen = 0;
  548. /*
  549. * Check to see if we were changed into a different method, if so, revert
  550. * back.
  551. */
  552. if (s->method != s->ctx->method) {
  553. s->method->ssl_free(s);
  554. s->method = s->ctx->method;
  555. if (!s->method->ssl_new(s))
  556. return 0;
  557. } else {
  558. if (!s->method->ssl_clear(s))
  559. return 0;
  560. }
  561. RECORD_LAYER_clear(&s->rlayer);
  562. return 1;
  563. }
  564. /** Used to change an SSL_CTXs default SSL method type */
  565. int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
  566. {
  567. STACK_OF(SSL_CIPHER) *sk;
  568. ctx->method = meth;
  569. if (!SSL_CTX_set_ciphersuites(ctx, OSSL_default_ciphersuites())) {
  570. SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
  571. return 0;
  572. }
  573. sk = ssl_create_cipher_list(ctx->method,
  574. ctx->tls13_ciphersuites,
  575. &(ctx->cipher_list),
  576. &(ctx->cipher_list_by_id),
  577. OSSL_default_cipher_list(), ctx->cert);
  578. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
  579. SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
  580. return 0;
  581. }
  582. return 1;
  583. }
  584. SSL *SSL_new(SSL_CTX *ctx)
  585. {
  586. SSL *s;
  587. if (ctx == NULL) {
  588. SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
  589. return NULL;
  590. }
  591. if (ctx->method == NULL) {
  592. SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
  593. return NULL;
  594. }
  595. s = OPENSSL_zalloc(sizeof(*s));
  596. if (s == NULL)
  597. goto err;
  598. s->references = 1;
  599. s->lock = CRYPTO_THREAD_lock_new();
  600. if (s->lock == NULL) {
  601. OPENSSL_free(s);
  602. s = NULL;
  603. goto err;
  604. }
  605. RECORD_LAYER_init(&s->rlayer, s);
  606. s->options = ctx->options;
  607. s->dane.flags = ctx->dane.flags;
  608. s->min_proto_version = ctx->min_proto_version;
  609. s->max_proto_version = ctx->max_proto_version;
  610. s->mode = ctx->mode;
  611. s->max_cert_list = ctx->max_cert_list;
  612. s->max_early_data = ctx->max_early_data;
  613. s->recv_max_early_data = ctx->recv_max_early_data;
  614. s->num_tickets = ctx->num_tickets;
  615. s->pha_enabled = ctx->pha_enabled;
  616. /* Shallow copy of the ciphersuites stack */
  617. s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
  618. if (s->tls13_ciphersuites == NULL)
  619. goto err;
  620. /*
  621. * Earlier library versions used to copy the pointer to the CERT, not
  622. * its contents; only when setting new parameters for the per-SSL
  623. * copy, ssl_cert_new would be called (and the direct reference to
  624. * the per-SSL_CTX settings would be lost, but those still were
  625. * indirectly accessed for various purposes, and for that reason they
  626. * used to be known as s->ctx->default_cert). Now we don't look at the
  627. * SSL_CTX's CERT after having duplicated it once.
  628. */
  629. s->cert = ssl_cert_dup(ctx->cert);
  630. if (s->cert == NULL)
  631. goto err;
  632. RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
  633. s->msg_callback = ctx->msg_callback;
  634. s->msg_callback_arg = ctx->msg_callback_arg;
  635. s->verify_mode = ctx->verify_mode;
  636. s->not_resumable_session_cb = ctx->not_resumable_session_cb;
  637. s->record_padding_cb = ctx->record_padding_cb;
  638. s->record_padding_arg = ctx->record_padding_arg;
  639. s->block_padding = ctx->block_padding;
  640. s->sid_ctx_length = ctx->sid_ctx_length;
  641. if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
  642. goto err;
  643. memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
  644. s->verify_callback = ctx->default_verify_callback;
  645. s->generate_session_id = ctx->generate_session_id;
  646. s->param = X509_VERIFY_PARAM_new();
  647. if (s->param == NULL)
  648. goto err;
  649. X509_VERIFY_PARAM_inherit(s->param, ctx->param);
  650. s->quiet_shutdown = ctx->quiet_shutdown;
  651. s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
  652. s->max_send_fragment = ctx->max_send_fragment;
  653. s->split_send_fragment = ctx->split_send_fragment;
  654. s->max_pipelines = ctx->max_pipelines;
  655. if (s->max_pipelines > 1)
  656. RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
  657. if (ctx->default_read_buf_len > 0)
  658. SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
  659. SSL_CTX_up_ref(ctx);
  660. s->ctx = ctx;
  661. s->ext.debug_cb = 0;
  662. s->ext.debug_arg = NULL;
  663. s->ext.ticket_expected = 0;
  664. s->ext.status_type = ctx->ext.status_type;
  665. s->ext.status_expected = 0;
  666. s->ext.ocsp.ids = NULL;
  667. s->ext.ocsp.exts = NULL;
  668. s->ext.ocsp.resp = NULL;
  669. s->ext.ocsp.resp_len = 0;
  670. SSL_CTX_up_ref(ctx);
  671. s->session_ctx = ctx;
  672. #ifndef OPENSSL_NO_EC
  673. if (ctx->ext.ecpointformats) {
  674. s->ext.ecpointformats =
  675. OPENSSL_memdup(ctx->ext.ecpointformats,
  676. ctx->ext.ecpointformats_len);
  677. if (!s->ext.ecpointformats)
  678. goto err;
  679. s->ext.ecpointformats_len =
  680. ctx->ext.ecpointformats_len;
  681. }
  682. #endif
  683. if (ctx->ext.supportedgroups) {
  684. s->ext.supportedgroups =
  685. OPENSSL_memdup(ctx->ext.supportedgroups,
  686. ctx->ext.supportedgroups_len
  687. * sizeof(*ctx->ext.supportedgroups));
  688. if (!s->ext.supportedgroups)
  689. goto err;
  690. s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
  691. }
  692. #ifndef OPENSSL_NO_NEXTPROTONEG
  693. s->ext.npn = NULL;
  694. #endif
  695. if (s->ctx->ext.alpn) {
  696. s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
  697. if (s->ext.alpn == NULL)
  698. goto err;
  699. memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
  700. s->ext.alpn_len = s->ctx->ext.alpn_len;
  701. }
  702. s->verified_chain = NULL;
  703. s->verify_result = X509_V_OK;
  704. s->default_passwd_callback = ctx->default_passwd_callback;
  705. s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
  706. s->method = ctx->method;
  707. s->key_update = SSL_KEY_UPDATE_NONE;
  708. s->allow_early_data_cb = ctx->allow_early_data_cb;
  709. s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
  710. if (!s->method->ssl_new(s))
  711. goto err;
  712. s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
  713. if (!SSL_clear(s))
  714. goto err;
  715. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
  716. goto err;
  717. #ifndef OPENSSL_NO_PSK
  718. s->psk_client_callback = ctx->psk_client_callback;
  719. s->psk_server_callback = ctx->psk_server_callback;
  720. #endif
  721. s->psk_find_session_cb = ctx->psk_find_session_cb;
  722. s->psk_use_session_cb = ctx->psk_use_session_cb;
  723. s->async_cb = ctx->async_cb;
  724. s->async_cb_arg = ctx->async_cb_arg;
  725. s->job = NULL;
  726. #ifndef OPENSSL_NO_CT
  727. if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
  728. ctx->ct_validation_callback_arg))
  729. goto err;
  730. #endif
  731. return s;
  732. err:
  733. SSL_free(s);
  734. SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
  735. return NULL;
  736. }
  737. int SSL_is_dtls(const SSL *s)
  738. {
  739. return SSL_IS_DTLS(s) ? 1 : 0;
  740. }
  741. int SSL_up_ref(SSL *s)
  742. {
  743. int i;
  744. if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)
  745. return 0;
  746. REF_PRINT_COUNT("SSL", s);
  747. REF_ASSERT_ISNT(i < 2);
  748. return ((i > 1) ? 1 : 0);
  749. }
  750. int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
  751. unsigned int sid_ctx_len)
  752. {
  753. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  754. SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
  755. SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  756. return 0;
  757. }
  758. ctx->sid_ctx_length = sid_ctx_len;
  759. memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
  760. return 1;
  761. }
  762. int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
  763. unsigned int sid_ctx_len)
  764. {
  765. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  766. SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
  767. SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  768. return 0;
  769. }
  770. ssl->sid_ctx_length = sid_ctx_len;
  771. memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
  772. return 1;
  773. }
  774. int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
  775. {
  776. CRYPTO_THREAD_write_lock(ctx->lock);
  777. ctx->generate_session_id = cb;
  778. CRYPTO_THREAD_unlock(ctx->lock);
  779. return 1;
  780. }
  781. int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
  782. {
  783. CRYPTO_THREAD_write_lock(ssl->lock);
  784. ssl->generate_session_id = cb;
  785. CRYPTO_THREAD_unlock(ssl->lock);
  786. return 1;
  787. }
  788. int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
  789. unsigned int id_len)
  790. {
  791. /*
  792. * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
  793. * we can "construct" a session to give us the desired check - i.e. to
  794. * find if there's a session in the hash table that would conflict with
  795. * any new session built out of this id/id_len and the ssl_version in use
  796. * by this SSL.
  797. */
  798. SSL_SESSION r, *p;
  799. if (id_len > sizeof(r.session_id))
  800. return 0;
  801. r.ssl_version = ssl->version;
  802. r.session_id_length = id_len;
  803. memcpy(r.session_id, id, id_len);
  804. CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
  805. p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
  806. CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
  807. return (p != NULL);
  808. }
  809. int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
  810. {
  811. return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
  812. }
  813. int SSL_set_purpose(SSL *s, int purpose)
  814. {
  815. return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
  816. }
  817. int SSL_CTX_set_trust(SSL_CTX *s, int trust)
  818. {
  819. return X509_VERIFY_PARAM_set_trust(s->param, trust);
  820. }
  821. int SSL_set_trust(SSL *s, int trust)
  822. {
  823. return X509_VERIFY_PARAM_set_trust(s->param, trust);
  824. }
  825. int SSL_set1_host(SSL *s, const char *hostname)
  826. {
  827. return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
  828. }
  829. int SSL_add1_host(SSL *s, const char *hostname)
  830. {
  831. return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
  832. }
  833. void SSL_set_hostflags(SSL *s, unsigned int flags)
  834. {
  835. X509_VERIFY_PARAM_set_hostflags(s->param, flags);
  836. }
  837. const char *SSL_get0_peername(SSL *s)
  838. {
  839. return X509_VERIFY_PARAM_get0_peername(s->param);
  840. }
  841. int SSL_CTX_dane_enable(SSL_CTX *ctx)
  842. {
  843. return dane_ctx_enable(&ctx->dane);
  844. }
  845. unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
  846. {
  847. unsigned long orig = ctx->dane.flags;
  848. ctx->dane.flags |= flags;
  849. return orig;
  850. }
  851. unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
  852. {
  853. unsigned long orig = ctx->dane.flags;
  854. ctx->dane.flags &= ~flags;
  855. return orig;
  856. }
  857. int SSL_dane_enable(SSL *s, const char *basedomain)
  858. {
  859. SSL_DANE *dane = &s->dane;
  860. if (s->ctx->dane.mdmax == 0) {
  861. SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
  862. return 0;
  863. }
  864. if (dane->trecs != NULL) {
  865. SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);
  866. return 0;
  867. }
  868. /*
  869. * Default SNI name. This rejects empty names, while set1_host below
  870. * accepts them and disables host name checks. To avoid side-effects with
  871. * invalid input, set the SNI name first.
  872. */
  873. if (s->ext.hostname == NULL) {
  874. if (!SSL_set_tlsext_host_name(s, basedomain)) {
  875. SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  876. return -1;
  877. }
  878. }
  879. /* Primary RFC6125 reference identifier */
  880. if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
  881. SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  882. return -1;
  883. }
  884. dane->mdpth = -1;
  885. dane->pdpth = -1;
  886. dane->dctx = &s->ctx->dane;
  887. dane->trecs = sk_danetls_record_new_null();
  888. if (dane->trecs == NULL) {
  889. SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);
  890. return -1;
  891. }
  892. return 1;
  893. }
  894. unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
  895. {
  896. unsigned long orig = ssl->dane.flags;
  897. ssl->dane.flags |= flags;
  898. return orig;
  899. }
  900. unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
  901. {
  902. unsigned long orig = ssl->dane.flags;
  903. ssl->dane.flags &= ~flags;
  904. return orig;
  905. }
  906. int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
  907. {
  908. SSL_DANE *dane = &s->dane;
  909. if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
  910. return -1;
  911. if (dane->mtlsa) {
  912. if (mcert)
  913. *mcert = dane->mcert;
  914. if (mspki)
  915. *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
  916. }
  917. return dane->mdpth;
  918. }
  919. int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
  920. uint8_t *mtype, unsigned const char **data, size_t *dlen)
  921. {
  922. SSL_DANE *dane = &s->dane;
  923. if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
  924. return -1;
  925. if (dane->mtlsa) {
  926. if (usage)
  927. *usage = dane->mtlsa->usage;
  928. if (selector)
  929. *selector = dane->mtlsa->selector;
  930. if (mtype)
  931. *mtype = dane->mtlsa->mtype;
  932. if (data)
  933. *data = dane->mtlsa->data;
  934. if (dlen)
  935. *dlen = dane->mtlsa->dlen;
  936. }
  937. return dane->mdpth;
  938. }
  939. SSL_DANE *SSL_get0_dane(SSL *s)
  940. {
  941. return &s->dane;
  942. }
  943. int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
  944. uint8_t mtype, unsigned const char *data, size_t dlen)
  945. {
  946. return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
  947. }
  948. int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
  949. uint8_t ord)
  950. {
  951. return dane_mtype_set(&ctx->dane, md, mtype, ord);
  952. }
  953. int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
  954. {
  955. return X509_VERIFY_PARAM_set1(ctx->param, vpm);
  956. }
  957. int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
  958. {
  959. return X509_VERIFY_PARAM_set1(ssl->param, vpm);
  960. }
  961. X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
  962. {
  963. return ctx->param;
  964. }
  965. X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
  966. {
  967. return ssl->param;
  968. }
  969. void SSL_certs_clear(SSL *s)
  970. {
  971. ssl_cert_clear_certs(s->cert);
  972. }
  973. void SSL_free(SSL *s)
  974. {
  975. int i;
  976. if (s == NULL)
  977. return;
  978. CRYPTO_DOWN_REF(&s->references, &i, s->lock);
  979. REF_PRINT_COUNT("SSL", s);
  980. if (i > 0)
  981. return;
  982. REF_ASSERT_ISNT(i < 0);
  983. X509_VERIFY_PARAM_free(s->param);
  984. dane_final(&s->dane);
  985. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
  986. RECORD_LAYER_release(&s->rlayer);
  987. /* Ignore return value */
  988. ssl_free_wbio_buffer(s);
  989. BIO_free_all(s->wbio);
  990. s->wbio = NULL;
  991. BIO_free_all(s->rbio);
  992. s->rbio = NULL;
  993. BUF_MEM_free(s->init_buf);
  994. /* add extra stuff */
  995. sk_SSL_CIPHER_free(s->cipher_list);
  996. sk_SSL_CIPHER_free(s->cipher_list_by_id);
  997. sk_SSL_CIPHER_free(s->tls13_ciphersuites);
  998. sk_SSL_CIPHER_free(s->peer_ciphers);
  999. /* Make the next call work :-) */
  1000. if (s->session != NULL) {
  1001. ssl_clear_bad_session(s);
  1002. SSL_SESSION_free(s->session);
  1003. }
  1004. SSL_SESSION_free(s->psksession);
  1005. OPENSSL_free(s->psksession_id);
  1006. clear_ciphers(s);
  1007. ssl_cert_free(s->cert);
  1008. OPENSSL_free(s->shared_sigalgs);
  1009. /* Free up if allocated */
  1010. OPENSSL_free(s->ext.hostname);
  1011. SSL_CTX_free(s->session_ctx);
  1012. #ifndef OPENSSL_NO_EC
  1013. OPENSSL_free(s->ext.ecpointformats);
  1014. OPENSSL_free(s->ext.peer_ecpointformats);
  1015. #endif /* OPENSSL_NO_EC */
  1016. OPENSSL_free(s->ext.supportedgroups);
  1017. OPENSSL_free(s->ext.peer_supportedgroups);
  1018. sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
  1019. #ifndef OPENSSL_NO_OCSP
  1020. sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
  1021. #endif
  1022. #ifndef OPENSSL_NO_CT
  1023. SCT_LIST_free(s->scts);
  1024. OPENSSL_free(s->ext.scts);
  1025. #endif
  1026. OPENSSL_free(s->ext.ocsp.resp);
  1027. OPENSSL_free(s->ext.alpn);
  1028. OPENSSL_free(s->ext.tls13_cookie);
  1029. if (s->clienthello != NULL)
  1030. OPENSSL_free(s->clienthello->pre_proc_exts);
  1031. OPENSSL_free(s->clienthello);
  1032. OPENSSL_free(s->pha_context);
  1033. EVP_MD_CTX_free(s->pha_dgst);
  1034. sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
  1035. sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
  1036. sk_X509_pop_free(s->verified_chain, X509_free);
  1037. if (s->method != NULL)
  1038. s->method->ssl_free(s);
  1039. SSL_CTX_free(s->ctx);
  1040. ASYNC_WAIT_CTX_free(s->waitctx);
  1041. #if !defined(OPENSSL_NO_NEXTPROTONEG)
  1042. OPENSSL_free(s->ext.npn);
  1043. #endif
  1044. #ifndef OPENSSL_NO_SRTP
  1045. sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
  1046. #endif
  1047. CRYPTO_THREAD_lock_free(s->lock);
  1048. OPENSSL_free(s);
  1049. }
  1050. void SSL_set0_rbio(SSL *s, BIO *rbio)
  1051. {
  1052. BIO_free_all(s->rbio);
  1053. s->rbio = rbio;
  1054. }
  1055. void SSL_set0_wbio(SSL *s, BIO *wbio)
  1056. {
  1057. /*
  1058. * If the output buffering BIO is still in place, remove it
  1059. */
  1060. if (s->bbio != NULL)
  1061. s->wbio = BIO_pop(s->wbio);
  1062. BIO_free_all(s->wbio);
  1063. s->wbio = wbio;
  1064. /* Re-attach |bbio| to the new |wbio|. */
  1065. if (s->bbio != NULL)
  1066. s->wbio = BIO_push(s->bbio, s->wbio);
  1067. }
  1068. void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
  1069. {
  1070. /*
  1071. * For historical reasons, this function has many different cases in
  1072. * ownership handling.
  1073. */
  1074. /* If nothing has changed, do nothing */
  1075. if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
  1076. return;
  1077. /*
  1078. * If the two arguments are equal then one fewer reference is granted by the
  1079. * caller than we want to take
  1080. */
  1081. if (rbio != NULL && rbio == wbio)
  1082. BIO_up_ref(rbio);
  1083. /*
  1084. * If only the wbio is changed only adopt one reference.
  1085. */
  1086. if (rbio == SSL_get_rbio(s)) {
  1087. SSL_set0_wbio(s, wbio);
  1088. return;
  1089. }
  1090. /*
  1091. * There is an asymmetry here for historical reasons. If only the rbio is
  1092. * changed AND the rbio and wbio were originally different, then we only
  1093. * adopt one reference.
  1094. */
  1095. if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
  1096. SSL_set0_rbio(s, rbio);
  1097. return;
  1098. }
  1099. /* Otherwise, adopt both references. */
  1100. SSL_set0_rbio(s, rbio);
  1101. SSL_set0_wbio(s, wbio);
  1102. }
  1103. BIO *SSL_get_rbio(const SSL *s)
  1104. {
  1105. return s->rbio;
  1106. }
  1107. BIO *SSL_get_wbio(const SSL *s)
  1108. {
  1109. if (s->bbio != NULL) {
  1110. /*
  1111. * If |bbio| is active, the true caller-configured BIO is its
  1112. * |next_bio|.
  1113. */
  1114. return BIO_next(s->bbio);
  1115. }
  1116. return s->wbio;
  1117. }
  1118. int SSL_get_fd(const SSL *s)
  1119. {
  1120. return SSL_get_rfd(s);
  1121. }
  1122. int SSL_get_rfd(const SSL *s)
  1123. {
  1124. int ret = -1;
  1125. BIO *b, *r;
  1126. b = SSL_get_rbio(s);
  1127. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1128. if (r != NULL)
  1129. BIO_get_fd(r, &ret);
  1130. return ret;
  1131. }
  1132. int SSL_get_wfd(const SSL *s)
  1133. {
  1134. int ret = -1;
  1135. BIO *b, *r;
  1136. b = SSL_get_wbio(s);
  1137. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1138. if (r != NULL)
  1139. BIO_get_fd(r, &ret);
  1140. return ret;
  1141. }
  1142. #ifndef OPENSSL_NO_SOCK
  1143. int SSL_set_fd(SSL *s, int fd)
  1144. {
  1145. int ret = 0;
  1146. BIO *bio = NULL;
  1147. bio = BIO_new(BIO_s_socket());
  1148. if (bio == NULL) {
  1149. SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
  1150. goto err;
  1151. }
  1152. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1153. SSL_set_bio(s, bio, bio);
  1154. #ifndef OPENSSL_NO_KTLS
  1155. /*
  1156. * The new socket is created successfully regardless of ktls_enable.
  1157. * ktls_enable doesn't change any functionality of the socket, except
  1158. * changing the setsockopt to enable the processing of ktls_start.
  1159. * Thus, it is not a problem to call it for non-TLS sockets.
  1160. */
  1161. ktls_enable(fd);
  1162. #endif /* OPENSSL_NO_KTLS */
  1163. ret = 1;
  1164. err:
  1165. return ret;
  1166. }
  1167. int SSL_set_wfd(SSL *s, int fd)
  1168. {
  1169. BIO *rbio = SSL_get_rbio(s);
  1170. if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
  1171. || (int)BIO_get_fd(rbio, NULL) != fd) {
  1172. BIO *bio = BIO_new(BIO_s_socket());
  1173. if (bio == NULL) {
  1174. SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
  1175. return 0;
  1176. }
  1177. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1178. SSL_set0_wbio(s, bio);
  1179. #ifndef OPENSSL_NO_KTLS
  1180. /*
  1181. * The new socket is created successfully regardless of ktls_enable.
  1182. * ktls_enable doesn't change any functionality of the socket, except
  1183. * changing the setsockopt to enable the processing of ktls_start.
  1184. * Thus, it is not a problem to call it for non-TLS sockets.
  1185. */
  1186. ktls_enable(fd);
  1187. #endif /* OPENSSL_NO_KTLS */
  1188. } else {
  1189. BIO_up_ref(rbio);
  1190. SSL_set0_wbio(s, rbio);
  1191. }
  1192. return 1;
  1193. }
  1194. int SSL_set_rfd(SSL *s, int fd)
  1195. {
  1196. BIO *wbio = SSL_get_wbio(s);
  1197. if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
  1198. || ((int)BIO_get_fd(wbio, NULL) != fd)) {
  1199. BIO *bio = BIO_new(BIO_s_socket());
  1200. if (bio == NULL) {
  1201. SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
  1202. return 0;
  1203. }
  1204. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1205. SSL_set0_rbio(s, bio);
  1206. } else {
  1207. BIO_up_ref(wbio);
  1208. SSL_set0_rbio(s, wbio);
  1209. }
  1210. return 1;
  1211. }
  1212. #endif
  1213. /* return length of latest Finished message we sent, copy to 'buf' */
  1214. size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
  1215. {
  1216. size_t ret = 0;
  1217. ret = s->s3.tmp.finish_md_len;
  1218. if (count > ret)
  1219. count = ret;
  1220. memcpy(buf, s->s3.tmp.finish_md, count);
  1221. return ret;
  1222. }
  1223. /* return length of latest Finished message we expected, copy to 'buf' */
  1224. size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
  1225. {
  1226. size_t ret = 0;
  1227. ret = s->s3.tmp.peer_finish_md_len;
  1228. if (count > ret)
  1229. count = ret;
  1230. memcpy(buf, s->s3.tmp.peer_finish_md, count);
  1231. return ret;
  1232. }
  1233. int SSL_get_verify_mode(const SSL *s)
  1234. {
  1235. return s->verify_mode;
  1236. }
  1237. int SSL_get_verify_depth(const SSL *s)
  1238. {
  1239. return X509_VERIFY_PARAM_get_depth(s->param);
  1240. }
  1241. int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
  1242. return s->verify_callback;
  1243. }
  1244. int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
  1245. {
  1246. return ctx->verify_mode;
  1247. }
  1248. int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
  1249. {
  1250. return X509_VERIFY_PARAM_get_depth(ctx->param);
  1251. }
  1252. int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
  1253. return ctx->default_verify_callback;
  1254. }
  1255. void SSL_set_verify(SSL *s, int mode,
  1256. int (*callback) (int ok, X509_STORE_CTX *ctx))
  1257. {
  1258. s->verify_mode = mode;
  1259. if (callback != NULL)
  1260. s->verify_callback = callback;
  1261. }
  1262. void SSL_set_verify_depth(SSL *s, int depth)
  1263. {
  1264. X509_VERIFY_PARAM_set_depth(s->param, depth);
  1265. }
  1266. void SSL_set_read_ahead(SSL *s, int yes)
  1267. {
  1268. RECORD_LAYER_set_read_ahead(&s->rlayer, yes);
  1269. }
  1270. int SSL_get_read_ahead(const SSL *s)
  1271. {
  1272. return RECORD_LAYER_get_read_ahead(&s->rlayer);
  1273. }
  1274. int SSL_pending(const SSL *s)
  1275. {
  1276. size_t pending = s->method->ssl_pending(s);
  1277. /*
  1278. * SSL_pending cannot work properly if read-ahead is enabled
  1279. * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
  1280. * impossible to fix since SSL_pending cannot report errors that may be
  1281. * observed while scanning the new data. (Note that SSL_pending() is
  1282. * often used as a boolean value, so we'd better not return -1.)
  1283. *
  1284. * SSL_pending also cannot work properly if the value >INT_MAX. In that case
  1285. * we just return INT_MAX.
  1286. */
  1287. return pending < INT_MAX ? (int)pending : INT_MAX;
  1288. }
  1289. int SSL_has_pending(const SSL *s)
  1290. {
  1291. /*
  1292. * Similar to SSL_pending() but returns a 1 to indicate that we have
  1293. * unprocessed data available or 0 otherwise (as opposed to the number of
  1294. * bytes available). Unlike SSL_pending() this will take into account
  1295. * read_ahead data. A 1 return simply indicates that we have unprocessed
  1296. * data. That data may not result in any application data, or we may fail
  1297. * to parse the records for some reason.
  1298. */
  1299. if (RECORD_LAYER_processed_read_pending(&s->rlayer))
  1300. return 1;
  1301. return RECORD_LAYER_read_pending(&s->rlayer);
  1302. }
  1303. X509 *SSL_get1_peer_certificate(const SSL *s)
  1304. {
  1305. X509 *r = SSL_get0_peer_certificate(s);
  1306. if (r != NULL)
  1307. X509_up_ref(r);
  1308. return r;
  1309. }
  1310. X509 *SSL_get0_peer_certificate(const SSL *s)
  1311. {
  1312. if ((s == NULL) || (s->session == NULL))
  1313. return NULL;
  1314. else
  1315. return s->session->peer;
  1316. }
  1317. STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
  1318. {
  1319. STACK_OF(X509) *r;
  1320. if ((s == NULL) || (s->session == NULL))
  1321. r = NULL;
  1322. else
  1323. r = s->session->peer_chain;
  1324. /*
  1325. * If we are a client, cert_chain includes the peer's own certificate; if
  1326. * we are a server, it does not.
  1327. */
  1328. return r;
  1329. }
  1330. /*
  1331. * Now in theory, since the calling process own 't' it should be safe to
  1332. * modify. We need to be able to read f without being hassled
  1333. */
  1334. int SSL_copy_session_id(SSL *t, const SSL *f)
  1335. {
  1336. int i;
  1337. /* Do we need to to SSL locking? */
  1338. if (!SSL_set_session(t, SSL_get_session(f))) {
  1339. return 0;
  1340. }
  1341. /*
  1342. * what if we are setup for one protocol version but want to talk another
  1343. */
  1344. if (t->method != f->method) {
  1345. t->method->ssl_free(t);
  1346. t->method = f->method;
  1347. if (t->method->ssl_new(t) == 0)
  1348. return 0;
  1349. }
  1350. CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock);
  1351. ssl_cert_free(t->cert);
  1352. t->cert = f->cert;
  1353. if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) {
  1354. return 0;
  1355. }
  1356. return 1;
  1357. }
  1358. /* Fix this so it checks all the valid key/cert options */
  1359. int SSL_CTX_check_private_key(const SSL_CTX *ctx)
  1360. {
  1361. if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
  1362. SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1363. return 0;
  1364. }
  1365. if (ctx->cert->key->privatekey == NULL) {
  1366. SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1367. return 0;
  1368. }
  1369. return X509_check_private_key
  1370. (ctx->cert->key->x509, ctx->cert->key->privatekey);
  1371. }
  1372. /* Fix this function so that it takes an optional type parameter */
  1373. int SSL_check_private_key(const SSL *ssl)
  1374. {
  1375. if (ssl == NULL) {
  1376. SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
  1377. return 0;
  1378. }
  1379. if (ssl->cert->key->x509 == NULL) {
  1380. SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1381. return 0;
  1382. }
  1383. if (ssl->cert->key->privatekey == NULL) {
  1384. SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1385. return 0;
  1386. }
  1387. return X509_check_private_key(ssl->cert->key->x509,
  1388. ssl->cert->key->privatekey);
  1389. }
  1390. int SSL_waiting_for_async(SSL *s)
  1391. {
  1392. if (s->job)
  1393. return 1;
  1394. return 0;
  1395. }
  1396. int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
  1397. {
  1398. ASYNC_WAIT_CTX *ctx = s->waitctx;
  1399. if (ctx == NULL)
  1400. return 0;
  1401. return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
  1402. }
  1403. int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
  1404. OSSL_ASYNC_FD *delfd, size_t *numdelfds)
  1405. {
  1406. ASYNC_WAIT_CTX *ctx = s->waitctx;
  1407. if (ctx == NULL)
  1408. return 0;
  1409. return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
  1410. numdelfds);
  1411. }
  1412. int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback)
  1413. {
  1414. ctx->async_cb = callback;
  1415. return 1;
  1416. }
  1417. int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg)
  1418. {
  1419. ctx->async_cb_arg = arg;
  1420. return 1;
  1421. }
  1422. int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback)
  1423. {
  1424. s->async_cb = callback;
  1425. return 1;
  1426. }
  1427. int SSL_set_async_callback_arg(SSL *s, void *arg)
  1428. {
  1429. s->async_cb_arg = arg;
  1430. return 1;
  1431. }
  1432. int SSL_get_async_status(SSL *s, int *status)
  1433. {
  1434. ASYNC_WAIT_CTX *ctx = s->waitctx;
  1435. if (ctx == NULL)
  1436. return 0;
  1437. *status = ASYNC_WAIT_CTX_get_status(ctx);
  1438. return 1;
  1439. }
  1440. int SSL_accept(SSL *s)
  1441. {
  1442. if (s->handshake_func == NULL) {
  1443. /* Not properly initialized yet */
  1444. SSL_set_accept_state(s);
  1445. }
  1446. return SSL_do_handshake(s);
  1447. }
  1448. int SSL_connect(SSL *s)
  1449. {
  1450. if (s->handshake_func == NULL) {
  1451. /* Not properly initialized yet */
  1452. SSL_set_connect_state(s);
  1453. }
  1454. return SSL_do_handshake(s);
  1455. }
  1456. long SSL_get_default_timeout(const SSL *s)
  1457. {
  1458. return s->method->get_timeout();
  1459. }
  1460. static int ssl_async_wait_ctx_cb(void *arg)
  1461. {
  1462. SSL *s = (SSL *)arg;
  1463. return s->async_cb(s, s->async_cb_arg);
  1464. }
  1465. static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
  1466. int (*func) (void *))
  1467. {
  1468. int ret;
  1469. if (s->waitctx == NULL) {
  1470. s->waitctx = ASYNC_WAIT_CTX_new();
  1471. if (s->waitctx == NULL)
  1472. return -1;
  1473. if (s->async_cb != NULL
  1474. && !ASYNC_WAIT_CTX_set_callback
  1475. (s->waitctx, ssl_async_wait_ctx_cb, s))
  1476. return -1;
  1477. }
  1478. switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
  1479. sizeof(struct ssl_async_args))) {
  1480. case ASYNC_ERR:
  1481. s->rwstate = SSL_NOTHING;
  1482. SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
  1483. return -1;
  1484. case ASYNC_PAUSE:
  1485. s->rwstate = SSL_ASYNC_PAUSED;
  1486. return -1;
  1487. case ASYNC_NO_JOBS:
  1488. s->rwstate = SSL_ASYNC_NO_JOBS;
  1489. return -1;
  1490. case ASYNC_FINISH:
  1491. s->job = NULL;
  1492. return ret;
  1493. default:
  1494. s->rwstate = SSL_NOTHING;
  1495. SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
  1496. /* Shouldn't happen */
  1497. return -1;
  1498. }
  1499. }
  1500. static int ssl_io_intern(void *vargs)
  1501. {
  1502. struct ssl_async_args *args;
  1503. SSL *s;
  1504. void *buf;
  1505. size_t num;
  1506. args = (struct ssl_async_args *)vargs;
  1507. s = args->s;
  1508. buf = args->buf;
  1509. num = args->num;
  1510. switch (args->type) {
  1511. case READFUNC:
  1512. return args->f.func_read(s, buf, num, &s->asyncrw);
  1513. case WRITEFUNC:
  1514. return args->f.func_write(s, buf, num, &s->asyncrw);
  1515. case OTHERFUNC:
  1516. return args->f.func_other(s);
  1517. }
  1518. return -1;
  1519. }
  1520. int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  1521. {
  1522. if (s->handshake_func == NULL) {
  1523. SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED);
  1524. return -1;
  1525. }
  1526. if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
  1527. s->rwstate = SSL_NOTHING;
  1528. return 0;
  1529. }
  1530. if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  1531. || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
  1532. SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1533. return 0;
  1534. }
  1535. /*
  1536. * If we are a client and haven't received the ServerHello etc then we
  1537. * better do that
  1538. */
  1539. ossl_statem_check_finish_init(s, 0);
  1540. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1541. struct ssl_async_args args;
  1542. int ret;
  1543. args.s = s;
  1544. args.buf = buf;
  1545. args.num = num;
  1546. args.type = READFUNC;
  1547. args.f.func_read = s->method->ssl_read;
  1548. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1549. *readbytes = s->asyncrw;
  1550. return ret;
  1551. } else {
  1552. return s->method->ssl_read(s, buf, num, readbytes);
  1553. }
  1554. }
  1555. int SSL_read(SSL *s, void *buf, int num)
  1556. {
  1557. int ret;
  1558. size_t readbytes;
  1559. if (num < 0) {
  1560. SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
  1561. return -1;
  1562. }
  1563. ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
  1564. /*
  1565. * The cast is safe here because ret should be <= INT_MAX because num is
  1566. * <= INT_MAX
  1567. */
  1568. if (ret > 0)
  1569. ret = (int)readbytes;
  1570. return ret;
  1571. }
  1572. int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  1573. {
  1574. int ret = ssl_read_internal(s, buf, num, readbytes);
  1575. if (ret < 0)
  1576. ret = 0;
  1577. return ret;
  1578. }
  1579. int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
  1580. {
  1581. int ret;
  1582. if (!s->server) {
  1583. SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1584. return SSL_READ_EARLY_DATA_ERROR;
  1585. }
  1586. switch (s->early_data_state) {
  1587. case SSL_EARLY_DATA_NONE:
  1588. if (!SSL_in_before(s)) {
  1589. SSLerr(SSL_F_SSL_READ_EARLY_DATA,
  1590. ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1591. return SSL_READ_EARLY_DATA_ERROR;
  1592. }
  1593. /* fall through */
  1594. case SSL_EARLY_DATA_ACCEPT_RETRY:
  1595. s->early_data_state = SSL_EARLY_DATA_ACCEPTING;
  1596. ret = SSL_accept(s);
  1597. if (ret <= 0) {
  1598. /* NBIO or error */
  1599. s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
  1600. return SSL_READ_EARLY_DATA_ERROR;
  1601. }
  1602. /* fall through */
  1603. case SSL_EARLY_DATA_READ_RETRY:
  1604. if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
  1605. s->early_data_state = SSL_EARLY_DATA_READING;
  1606. ret = SSL_read_ex(s, buf, num, readbytes);
  1607. /*
  1608. * State machine will update early_data_state to
  1609. * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
  1610. * message
  1611. */
  1612. if (ret > 0 || (ret <= 0 && s->early_data_state
  1613. != SSL_EARLY_DATA_FINISHED_READING)) {
  1614. s->early_data_state = SSL_EARLY_DATA_READ_RETRY;
  1615. return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
  1616. : SSL_READ_EARLY_DATA_ERROR;
  1617. }
  1618. } else {
  1619. s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
  1620. }
  1621. *readbytes = 0;
  1622. return SSL_READ_EARLY_DATA_FINISH;
  1623. default:
  1624. SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1625. return SSL_READ_EARLY_DATA_ERROR;
  1626. }
  1627. }
  1628. int SSL_get_early_data_status(const SSL *s)
  1629. {
  1630. return s->ext.early_data;
  1631. }
  1632. static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  1633. {
  1634. if (s->handshake_func == NULL) {
  1635. SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED);
  1636. return -1;
  1637. }
  1638. if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
  1639. return 0;
  1640. }
  1641. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1642. struct ssl_async_args args;
  1643. int ret;
  1644. args.s = s;
  1645. args.buf = buf;
  1646. args.num = num;
  1647. args.type = READFUNC;
  1648. args.f.func_read = s->method->ssl_peek;
  1649. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1650. *readbytes = s->asyncrw;
  1651. return ret;
  1652. } else {
  1653. return s->method->ssl_peek(s, buf, num, readbytes);
  1654. }
  1655. }
  1656. int SSL_peek(SSL *s, void *buf, int num)
  1657. {
  1658. int ret;
  1659. size_t readbytes;
  1660. if (num < 0) {
  1661. SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
  1662. return -1;
  1663. }
  1664. ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
  1665. /*
  1666. * The cast is safe here because ret should be <= INT_MAX because num is
  1667. * <= INT_MAX
  1668. */
  1669. if (ret > 0)
  1670. ret = (int)readbytes;
  1671. return ret;
  1672. }
  1673. int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  1674. {
  1675. int ret = ssl_peek_internal(s, buf, num, readbytes);
  1676. if (ret < 0)
  1677. ret = 0;
  1678. return ret;
  1679. }
  1680. int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
  1681. {
  1682. if (s->handshake_func == NULL) {
  1683. SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED);
  1684. return -1;
  1685. }
  1686. if (s->shutdown & SSL_SENT_SHUTDOWN) {
  1687. s->rwstate = SSL_NOTHING;
  1688. SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN);
  1689. return -1;
  1690. }
  1691. if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  1692. || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
  1693. || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
  1694. SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1695. return 0;
  1696. }
  1697. /* If we are a client and haven't sent the Finished we better do that */
  1698. ossl_statem_check_finish_init(s, 1);
  1699. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1700. int ret;
  1701. struct ssl_async_args args;
  1702. args.s = s;
  1703. args.buf = (void *)buf;
  1704. args.num = num;
  1705. args.type = WRITEFUNC;
  1706. args.f.func_write = s->method->ssl_write;
  1707. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1708. *written = s->asyncrw;
  1709. return ret;
  1710. } else {
  1711. return s->method->ssl_write(s, buf, num, written);
  1712. }
  1713. }
  1714. ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags)
  1715. {
  1716. ossl_ssize_t ret;
  1717. if (s->handshake_func == NULL) {
  1718. SSLerr(SSL_F_SSL_SENDFILE, SSL_R_UNINITIALIZED);
  1719. return -1;
  1720. }
  1721. if (s->shutdown & SSL_SENT_SHUTDOWN) {
  1722. s->rwstate = SSL_NOTHING;
  1723. SSLerr(SSL_F_SSL_SENDFILE, SSL_R_PROTOCOL_IS_SHUTDOWN);
  1724. return -1;
  1725. }
  1726. if (!BIO_get_ktls_send(s->wbio)) {
  1727. SSLerr(SSL_F_SSL_SENDFILE, SSL_R_UNINITIALIZED);
  1728. return -1;
  1729. }
  1730. /* If we have an alert to send, lets send it */
  1731. if (s->s3.alert_dispatch) {
  1732. ret = (ossl_ssize_t)s->method->ssl_dispatch_alert(s);
  1733. if (ret <= 0) {
  1734. /* SSLfatal() already called if appropriate */
  1735. return ret;
  1736. }
  1737. /* if it went, fall through and send more stuff */
  1738. }
  1739. s->rwstate = SSL_WRITING;
  1740. if (BIO_flush(s->wbio) <= 0) {
  1741. if (!BIO_should_retry(s->wbio)) {
  1742. s->rwstate = SSL_NOTHING;
  1743. } else {
  1744. #ifdef EAGAIN
  1745. set_sys_error(EAGAIN);
  1746. #endif
  1747. }
  1748. return -1;
  1749. }
  1750. #ifdef OPENSSL_NO_KTLS
  1751. ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR,
  1752. "can't call ktls_sendfile(), ktls disabled");
  1753. return -1;
  1754. #else
  1755. ret = ktls_sendfile(SSL_get_wfd(s), fd, offset, size, flags);
  1756. if (ret < 0) {
  1757. #if defined(EAGAIN) && defined(EINTR) && defined(EBUSY)
  1758. if ((get_last_sys_error() == EAGAIN) ||
  1759. (get_last_sys_error() == EINTR) ||
  1760. (get_last_sys_error() == EBUSY))
  1761. BIO_set_retry_write(s->wbio);
  1762. else
  1763. #endif
  1764. SSLerr(SSL_F_SSL_SENDFILE, SSL_R_UNINITIALIZED);
  1765. return ret;
  1766. }
  1767. s->rwstate = SSL_NOTHING;
  1768. return ret;
  1769. #endif
  1770. }
  1771. int SSL_write(SSL *s, const void *buf, int num)
  1772. {
  1773. int ret;
  1774. size_t written;
  1775. if (num < 0) {
  1776. SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH);
  1777. return -1;
  1778. }
  1779. ret = ssl_write_internal(s, buf, (size_t)num, &written);
  1780. /*
  1781. * The cast is safe here because ret should be <= INT_MAX because num is
  1782. * <= INT_MAX
  1783. */
  1784. if (ret > 0)
  1785. ret = (int)written;
  1786. return ret;
  1787. }
  1788. int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
  1789. {
  1790. int ret = ssl_write_internal(s, buf, num, written);
  1791. if (ret < 0)
  1792. ret = 0;
  1793. return ret;
  1794. }
  1795. int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
  1796. {
  1797. int ret, early_data_state;
  1798. size_t writtmp;
  1799. uint32_t partialwrite;
  1800. switch (s->early_data_state) {
  1801. case SSL_EARLY_DATA_NONE:
  1802. if (s->server
  1803. || !SSL_in_before(s)
  1804. || ((s->session == NULL || s->session->ext.max_early_data == 0)
  1805. && (s->psk_use_session_cb == NULL))) {
  1806. SSLerr(SSL_F_SSL_WRITE_EARLY_DATA,
  1807. ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1808. return 0;
  1809. }
  1810. /* fall through */
  1811. case SSL_EARLY_DATA_CONNECT_RETRY:
  1812. s->early_data_state = SSL_EARLY_DATA_CONNECTING;
  1813. ret = SSL_connect(s);
  1814. if (ret <= 0) {
  1815. /* NBIO or error */
  1816. s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
  1817. return 0;
  1818. }
  1819. /* fall through */
  1820. case SSL_EARLY_DATA_WRITE_RETRY:
  1821. s->early_data_state = SSL_EARLY_DATA_WRITING;
  1822. /*
  1823. * We disable partial write for early data because we don't keep track
  1824. * of how many bytes we've written between the SSL_write_ex() call and
  1825. * the flush if the flush needs to be retried)
  1826. */
  1827. partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
  1828. s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
  1829. ret = SSL_write_ex(s, buf, num, &writtmp);
  1830. s->mode |= partialwrite;
  1831. if (!ret) {
  1832. s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
  1833. return ret;
  1834. }
  1835. s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
  1836. /* fall through */
  1837. case SSL_EARLY_DATA_WRITE_FLUSH:
  1838. /* The buffering BIO is still in place so we need to flush it */
  1839. if (statem_flush(s) != 1)
  1840. return 0;
  1841. *written = num;
  1842. s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
  1843. return 1;
  1844. case SSL_EARLY_DATA_FINISHED_READING:
  1845. case SSL_EARLY_DATA_READ_RETRY:
  1846. early_data_state = s->early_data_state;
  1847. /* We are a server writing to an unauthenticated client */
  1848. s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
  1849. ret = SSL_write_ex(s, buf, num, written);
  1850. /* The buffering BIO is still in place */
  1851. if (ret)
  1852. (void)BIO_flush(s->wbio);
  1853. s->early_data_state = early_data_state;
  1854. return ret;
  1855. default:
  1856. SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1857. return 0;
  1858. }
  1859. }
  1860. int SSL_shutdown(SSL *s)
  1861. {
  1862. /*
  1863. * Note that this function behaves differently from what one might
  1864. * expect. Return values are 0 for no success (yet), 1 for success; but
  1865. * calling it once is usually not enough, even if blocking I/O is used
  1866. * (see ssl3_shutdown).
  1867. */
  1868. if (s->handshake_func == NULL) {
  1869. SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
  1870. return -1;
  1871. }
  1872. if (!SSL_in_init(s)) {
  1873. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1874. struct ssl_async_args args;
  1875. args.s = s;
  1876. args.type = OTHERFUNC;
  1877. args.f.func_other = s->method->ssl_shutdown;
  1878. return ssl_start_async_job(s, &args, ssl_io_intern);
  1879. } else {
  1880. return s->method->ssl_shutdown(s);
  1881. }
  1882. } else {
  1883. SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
  1884. return -1;
  1885. }
  1886. }
  1887. int SSL_key_update(SSL *s, int updatetype)
  1888. {
  1889. /*
  1890. * TODO(TLS1.3): How will applications know whether TLSv1.3 has been
  1891. * negotiated, and that it is appropriate to call SSL_key_update() instead
  1892. * of SSL_renegotiate().
  1893. */
  1894. if (!SSL_IS_TLS13(s)) {
  1895. SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION);
  1896. return 0;
  1897. }
  1898. if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
  1899. && updatetype != SSL_KEY_UPDATE_REQUESTED) {
  1900. SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE);
  1901. return 0;
  1902. }
  1903. if (!SSL_is_init_finished(s)) {
  1904. SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT);
  1905. return 0;
  1906. }
  1907. ossl_statem_set_in_init(s, 1);
  1908. s->key_update = updatetype;
  1909. return 1;
  1910. }
  1911. int SSL_get_key_update_type(const SSL *s)
  1912. {
  1913. return s->key_update;
  1914. }
  1915. int SSL_renegotiate(SSL *s)
  1916. {
  1917. if (SSL_IS_TLS13(s)) {
  1918. SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION);
  1919. return 0;
  1920. }
  1921. if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
  1922. SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION);
  1923. return 0;
  1924. }
  1925. s->renegotiate = 1;
  1926. s->new_session = 1;
  1927. return s->method->ssl_renegotiate(s);
  1928. }
  1929. int SSL_renegotiate_abbreviated(SSL *s)
  1930. {
  1931. if (SSL_IS_TLS13(s)) {
  1932. SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION);
  1933. return 0;
  1934. }
  1935. if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
  1936. SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION);
  1937. return 0;
  1938. }
  1939. s->renegotiate = 1;
  1940. s->new_session = 0;
  1941. return s->method->ssl_renegotiate(s);
  1942. }
  1943. int SSL_renegotiate_pending(const SSL *s)
  1944. {
  1945. /*
  1946. * becomes true when negotiation is requested; false again once a
  1947. * handshake has finished
  1948. */
  1949. return (s->renegotiate != 0);
  1950. }
  1951. int SSL_new_session_ticket(SSL *s)
  1952. {
  1953. if (SSL_in_init(s) || SSL_IS_FIRST_HANDSHAKE(s) || !s->server
  1954. || !SSL_IS_TLS13(s))
  1955. return 0;
  1956. s->ext.extra_tickets_expected++;
  1957. return 1;
  1958. }
  1959. long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
  1960. {
  1961. long l;
  1962. switch (cmd) {
  1963. case SSL_CTRL_GET_READ_AHEAD:
  1964. return RECORD_LAYER_get_read_ahead(&s->rlayer);
  1965. case SSL_CTRL_SET_READ_AHEAD:
  1966. l = RECORD_LAYER_get_read_ahead(&s->rlayer);
  1967. RECORD_LAYER_set_read_ahead(&s->rlayer, larg);
  1968. return l;
  1969. case SSL_CTRL_SET_MSG_CALLBACK_ARG:
  1970. s->msg_callback_arg = parg;
  1971. return 1;
  1972. case SSL_CTRL_MODE:
  1973. return (s->mode |= larg);
  1974. case SSL_CTRL_CLEAR_MODE:
  1975. return (s->mode &= ~larg);
  1976. case SSL_CTRL_GET_MAX_CERT_LIST:
  1977. return (long)s->max_cert_list;
  1978. case SSL_CTRL_SET_MAX_CERT_LIST:
  1979. if (larg < 0)
  1980. return 0;
  1981. l = (long)s->max_cert_list;
  1982. s->max_cert_list = (size_t)larg;
  1983. return l;
  1984. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  1985. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  1986. return 0;
  1987. #ifndef OPENSSL_NO_KTLS
  1988. if (s->wbio != NULL && BIO_get_ktls_send(s->wbio))
  1989. return 0;
  1990. #endif /* OPENSSL_NO_KTLS */
  1991. s->max_send_fragment = larg;
  1992. if (s->max_send_fragment < s->split_send_fragment)
  1993. s->split_send_fragment = s->max_send_fragment;
  1994. return 1;
  1995. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  1996. if ((size_t)larg > s->max_send_fragment || larg == 0)
  1997. return 0;
  1998. s->split_send_fragment = larg;
  1999. return 1;
  2000. case SSL_CTRL_SET_MAX_PIPELINES:
  2001. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  2002. return 0;
  2003. s->max_pipelines = larg;
  2004. if (larg > 1)
  2005. RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
  2006. return 1;
  2007. case SSL_CTRL_GET_RI_SUPPORT:
  2008. return s->s3.send_connection_binding;
  2009. case SSL_CTRL_CERT_FLAGS:
  2010. return (s->cert->cert_flags |= larg);
  2011. case SSL_CTRL_CLEAR_CERT_FLAGS:
  2012. return (s->cert->cert_flags &= ~larg);
  2013. case SSL_CTRL_GET_RAW_CIPHERLIST:
  2014. if (parg) {
  2015. if (s->s3.tmp.ciphers_raw == NULL)
  2016. return 0;
  2017. *(unsigned char **)parg = s->s3.tmp.ciphers_raw;
  2018. return (int)s->s3.tmp.ciphers_rawlen;
  2019. } else {
  2020. return TLS_CIPHER_LEN;
  2021. }
  2022. case SSL_CTRL_GET_EXTMS_SUPPORT:
  2023. if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
  2024. return -1;
  2025. if (s->session->flags & SSL_SESS_FLAG_EXTMS)
  2026. return 1;
  2027. else
  2028. return 0;
  2029. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  2030. return ssl_check_allowed_versions(larg, s->max_proto_version)
  2031. && ssl_set_version_bound(s->ctx->method->version, (int)larg,
  2032. &s->min_proto_version);
  2033. case SSL_CTRL_GET_MIN_PROTO_VERSION:
  2034. return s->min_proto_version;
  2035. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  2036. return ssl_check_allowed_versions(s->min_proto_version, larg)
  2037. && ssl_set_version_bound(s->ctx->method->version, (int)larg,
  2038. &s->max_proto_version);
  2039. case SSL_CTRL_GET_MAX_PROTO_VERSION:
  2040. return s->max_proto_version;
  2041. default:
  2042. return s->method->ssl_ctrl(s, cmd, larg, parg);
  2043. }
  2044. }
  2045. long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
  2046. {
  2047. switch (cmd) {
  2048. case SSL_CTRL_SET_MSG_CALLBACK:
  2049. s->msg_callback = (void (*)
  2050. (int write_p, int version, int content_type,
  2051. const void *buf, size_t len, SSL *ssl,
  2052. void *arg))(fp);
  2053. return 1;
  2054. default:
  2055. return s->method->ssl_callback_ctrl(s, cmd, fp);
  2056. }
  2057. }
  2058. LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
  2059. {
  2060. return ctx->sessions;
  2061. }
  2062. long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
  2063. {
  2064. long l;
  2065. /* For some cases with ctx == NULL perform syntax checks */
  2066. if (ctx == NULL) {
  2067. switch (cmd) {
  2068. case SSL_CTRL_SET_GROUPS_LIST:
  2069. return tls1_set_groups_list(ctx, NULL, NULL, parg);
  2070. case SSL_CTRL_SET_SIGALGS_LIST:
  2071. case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
  2072. return tls1_set_sigalgs_list(NULL, parg, 0);
  2073. default:
  2074. return 0;
  2075. }
  2076. }
  2077. switch (cmd) {
  2078. case SSL_CTRL_GET_READ_AHEAD:
  2079. return ctx->read_ahead;
  2080. case SSL_CTRL_SET_READ_AHEAD:
  2081. l = ctx->read_ahead;
  2082. ctx->read_ahead = larg;
  2083. return l;
  2084. case SSL_CTRL_SET_MSG_CALLBACK_ARG:
  2085. ctx->msg_callback_arg = parg;
  2086. return 1;
  2087. case SSL_CTRL_GET_MAX_CERT_LIST:
  2088. return (long)ctx->max_cert_list;
  2089. case SSL_CTRL_SET_MAX_CERT_LIST:
  2090. if (larg < 0)
  2091. return 0;
  2092. l = (long)ctx->max_cert_list;
  2093. ctx->max_cert_list = (size_t)larg;
  2094. return l;
  2095. case SSL_CTRL_SET_SESS_CACHE_SIZE:
  2096. if (larg < 0)
  2097. return 0;
  2098. l = (long)ctx->session_cache_size;
  2099. ctx->session_cache_size = (size_t)larg;
  2100. return l;
  2101. case SSL_CTRL_GET_SESS_CACHE_SIZE:
  2102. return (long)ctx->session_cache_size;
  2103. case SSL_CTRL_SET_SESS_CACHE_MODE:
  2104. l = ctx->session_cache_mode;
  2105. ctx->session_cache_mode = larg;
  2106. return l;
  2107. case SSL_CTRL_GET_SESS_CACHE_MODE:
  2108. return ctx->session_cache_mode;
  2109. case SSL_CTRL_SESS_NUMBER:
  2110. return lh_SSL_SESSION_num_items(ctx->sessions);
  2111. case SSL_CTRL_SESS_CONNECT:
  2112. return tsan_load(&ctx->stats.sess_connect);
  2113. case SSL_CTRL_SESS_CONNECT_GOOD:
  2114. return tsan_load(&ctx->stats.sess_connect_good);
  2115. case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
  2116. return tsan_load(&ctx->stats.sess_connect_renegotiate);
  2117. case SSL_CTRL_SESS_ACCEPT:
  2118. return tsan_load(&ctx->stats.sess_accept);
  2119. case SSL_CTRL_SESS_ACCEPT_GOOD:
  2120. return tsan_load(&ctx->stats.sess_accept_good);
  2121. case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
  2122. return tsan_load(&ctx->stats.sess_accept_renegotiate);
  2123. case SSL_CTRL_SESS_HIT:
  2124. return tsan_load(&ctx->stats.sess_hit);
  2125. case SSL_CTRL_SESS_CB_HIT:
  2126. return tsan_load(&ctx->stats.sess_cb_hit);
  2127. case SSL_CTRL_SESS_MISSES:
  2128. return tsan_load(&ctx->stats.sess_miss);
  2129. case SSL_CTRL_SESS_TIMEOUTS:
  2130. return tsan_load(&ctx->stats.sess_timeout);
  2131. case SSL_CTRL_SESS_CACHE_FULL:
  2132. return tsan_load(&ctx->stats.sess_cache_full);
  2133. case SSL_CTRL_MODE:
  2134. return (ctx->mode |= larg);
  2135. case SSL_CTRL_CLEAR_MODE:
  2136. return (ctx->mode &= ~larg);
  2137. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  2138. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  2139. return 0;
  2140. ctx->max_send_fragment = larg;
  2141. if (ctx->max_send_fragment < ctx->split_send_fragment)
  2142. ctx->split_send_fragment = ctx->max_send_fragment;
  2143. return 1;
  2144. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  2145. if ((size_t)larg > ctx->max_send_fragment || larg == 0)
  2146. return 0;
  2147. ctx->split_send_fragment = larg;
  2148. return 1;
  2149. case SSL_CTRL_SET_MAX_PIPELINES:
  2150. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  2151. return 0;
  2152. ctx->max_pipelines = larg;
  2153. return 1;
  2154. case SSL_CTRL_CERT_FLAGS:
  2155. return (ctx->cert->cert_flags |= larg);
  2156. case SSL_CTRL_CLEAR_CERT_FLAGS:
  2157. return (ctx->cert->cert_flags &= ~larg);
  2158. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  2159. return ssl_check_allowed_versions(larg, ctx->max_proto_version)
  2160. && ssl_set_version_bound(ctx->method->version, (int)larg,
  2161. &ctx->min_proto_version);
  2162. case SSL_CTRL_GET_MIN_PROTO_VERSION:
  2163. return ctx->min_proto_version;
  2164. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  2165. return ssl_check_allowed_versions(ctx->min_proto_version, larg)
  2166. && ssl_set_version_bound(ctx->method->version, (int)larg,
  2167. &ctx->max_proto_version);
  2168. case SSL_CTRL_GET_MAX_PROTO_VERSION:
  2169. return ctx->max_proto_version;
  2170. default:
  2171. return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
  2172. }
  2173. }
  2174. long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
  2175. {
  2176. switch (cmd) {
  2177. case SSL_CTRL_SET_MSG_CALLBACK:
  2178. ctx->msg_callback = (void (*)
  2179. (int write_p, int version, int content_type,
  2180. const void *buf, size_t len, SSL *ssl,
  2181. void *arg))(fp);
  2182. return 1;
  2183. default:
  2184. return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
  2185. }
  2186. }
  2187. int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
  2188. {
  2189. if (a->id > b->id)
  2190. return 1;
  2191. if (a->id < b->id)
  2192. return -1;
  2193. return 0;
  2194. }
  2195. int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
  2196. const SSL_CIPHER *const *bp)
  2197. {
  2198. if ((*ap)->id > (*bp)->id)
  2199. return 1;
  2200. if ((*ap)->id < (*bp)->id)
  2201. return -1;
  2202. return 0;
  2203. }
  2204. /** return a STACK of the ciphers available for the SSL and in order of
  2205. * preference */
  2206. STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
  2207. {
  2208. if (s != NULL) {
  2209. if (s->cipher_list != NULL) {
  2210. return s->cipher_list;
  2211. } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
  2212. return s->ctx->cipher_list;
  2213. }
  2214. }
  2215. return NULL;
  2216. }
  2217. STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
  2218. {
  2219. if ((s == NULL) || !s->server)
  2220. return NULL;
  2221. return s->peer_ciphers;
  2222. }
  2223. STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
  2224. {
  2225. STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
  2226. int i;
  2227. ciphers = SSL_get_ciphers(s);
  2228. if (!ciphers)
  2229. return NULL;
  2230. if (!ssl_set_client_disabled(s))
  2231. return NULL;
  2232. for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
  2233. const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
  2234. if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
  2235. if (!sk)
  2236. sk = sk_SSL_CIPHER_new_null();
  2237. if (!sk)
  2238. return NULL;
  2239. if (!sk_SSL_CIPHER_push(sk, c)) {
  2240. sk_SSL_CIPHER_free(sk);
  2241. return NULL;
  2242. }
  2243. }
  2244. }
  2245. return sk;
  2246. }
  2247. /** return a STACK of the ciphers available for the SSL and in order of
  2248. * algorithm id */
  2249. STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
  2250. {
  2251. if (s != NULL) {
  2252. if (s->cipher_list_by_id != NULL) {
  2253. return s->cipher_list_by_id;
  2254. } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
  2255. return s->ctx->cipher_list_by_id;
  2256. }
  2257. }
  2258. return NULL;
  2259. }
  2260. /** The old interface to get the same thing as SSL_get_ciphers() */
  2261. const char *SSL_get_cipher_list(const SSL *s, int n)
  2262. {
  2263. const SSL_CIPHER *c;
  2264. STACK_OF(SSL_CIPHER) *sk;
  2265. if (s == NULL)
  2266. return NULL;
  2267. sk = SSL_get_ciphers(s);
  2268. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
  2269. return NULL;
  2270. c = sk_SSL_CIPHER_value(sk, n);
  2271. if (c == NULL)
  2272. return NULL;
  2273. return c->name;
  2274. }
  2275. /** return a STACK of the ciphers available for the SSL_CTX and in order of
  2276. * preference */
  2277. STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
  2278. {
  2279. if (ctx != NULL)
  2280. return ctx->cipher_list;
  2281. return NULL;
  2282. }
  2283. /*
  2284. * Distinguish between ciphers controlled by set_ciphersuite() and
  2285. * set_cipher_list() when counting.
  2286. */
  2287. static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
  2288. {
  2289. int i, num = 0;
  2290. const SSL_CIPHER *c;
  2291. if (sk == NULL)
  2292. return 0;
  2293. for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
  2294. c = sk_SSL_CIPHER_value(sk, i);
  2295. if (c->min_tls >= TLS1_3_VERSION)
  2296. continue;
  2297. num++;
  2298. }
  2299. return num;
  2300. }
  2301. /** specify the ciphers to be used by default by the SSL_CTX */
  2302. int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
  2303. {
  2304. STACK_OF(SSL_CIPHER) *sk;
  2305. sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites,
  2306. &ctx->cipher_list, &ctx->cipher_list_by_id, str,
  2307. ctx->cert);
  2308. /*
  2309. * ssl_create_cipher_list may return an empty stack if it was unable to
  2310. * find a cipher matching the given rule string (for example if the rule
  2311. * string specifies a cipher which has been disabled). This is not an
  2312. * error as far as ssl_create_cipher_list is concerned, and hence
  2313. * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
  2314. */
  2315. if (sk == NULL)
  2316. return 0;
  2317. else if (cipher_list_tls12_num(sk) == 0) {
  2318. SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
  2319. return 0;
  2320. }
  2321. return 1;
  2322. }
  2323. /** specify the ciphers to be used by the SSL */
  2324. int SSL_set_cipher_list(SSL *s, const char *str)
  2325. {
  2326. STACK_OF(SSL_CIPHER) *sk;
  2327. sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites,
  2328. &s->cipher_list, &s->cipher_list_by_id, str,
  2329. s->cert);
  2330. /* see comment in SSL_CTX_set_cipher_list */
  2331. if (sk == NULL)
  2332. return 0;
  2333. else if (cipher_list_tls12_num(sk) == 0) {
  2334. SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
  2335. return 0;
  2336. }
  2337. return 1;
  2338. }
  2339. char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
  2340. {
  2341. char *p;
  2342. STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
  2343. const SSL_CIPHER *c;
  2344. int i;
  2345. if (!s->server
  2346. || s->peer_ciphers == NULL
  2347. || size < 2)
  2348. return NULL;
  2349. p = buf;
  2350. clntsk = s->peer_ciphers;
  2351. srvrsk = SSL_get_ciphers(s);
  2352. if (clntsk == NULL || srvrsk == NULL)
  2353. return NULL;
  2354. if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
  2355. return NULL;
  2356. for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
  2357. int n;
  2358. c = sk_SSL_CIPHER_value(clntsk, i);
  2359. if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
  2360. continue;
  2361. n = strlen(c->name);
  2362. if (n + 1 > size) {
  2363. if (p != buf)
  2364. --p;
  2365. *p = '\0';
  2366. return buf;
  2367. }
  2368. strcpy(p, c->name);
  2369. p += n;
  2370. *(p++) = ':';
  2371. size -= n + 1;
  2372. }
  2373. p[-1] = '\0';
  2374. return buf;
  2375. }
  2376. /**
  2377. * Return the requested servername (SNI) value. Note that the behaviour varies
  2378. * depending on:
  2379. * - whether this is called by the client or the server,
  2380. * - if we are before or during/after the handshake,
  2381. * - if a resumption or normal handshake is being attempted/has occurred
  2382. * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3
  2383. *
  2384. * Note that only the host_name type is defined (RFC 3546).
  2385. */
  2386. const char *SSL_get_servername(const SSL *s, const int type)
  2387. {
  2388. /*
  2389. * If we don't know if we are the client or the server yet then we assume
  2390. * client.
  2391. */
  2392. int server = s->handshake_func == NULL ? 0 : s->server;
  2393. if (type != TLSEXT_NAMETYPE_host_name)
  2394. return NULL;
  2395. if (server) {
  2396. /**
  2397. * Server side
  2398. * In TLSv1.3 on the server SNI is not associated with the session
  2399. * but in TLSv1.2 or below it is.
  2400. *
  2401. * Before the handshake:
  2402. * - return NULL
  2403. *
  2404. * During/after the handshake (TLSv1.2 or below resumption occurred):
  2405. * - If a servername was accepted by the server in the original
  2406. * handshake then it will return that servername, or NULL otherwise.
  2407. *
  2408. * During/after the handshake (TLSv1.2 or below resumption did not occur):
  2409. * - The function will return the servername requested by the client in
  2410. * this handshake or NULL if none was requested.
  2411. */
  2412. if (s->hit && !SSL_IS_TLS13(s))
  2413. return s->session->ext.hostname;
  2414. } else {
  2415. /**
  2416. * Client side
  2417. *
  2418. * Before the handshake:
  2419. * - If a servername has been set via a call to
  2420. * SSL_set_tlsext_host_name() then it will return that servername
  2421. * - If one has not been set, but a TLSv1.2 resumption is being
  2422. * attempted and the session from the original handshake had a
  2423. * servername accepted by the server then it will return that
  2424. * servername
  2425. * - Otherwise it returns NULL
  2426. *
  2427. * During/after the handshake (TLSv1.2 or below resumption occurred):
  2428. * - If the session from the orignal handshake had a servername accepted
  2429. * by the server then it will return that servername.
  2430. * - Otherwise it returns the servername set via
  2431. * SSL_set_tlsext_host_name() (or NULL if it was not called).
  2432. *
  2433. * During/after the handshake (TLSv1.2 or below resumption did not occur):
  2434. * - It will return the servername set via SSL_set_tlsext_host_name()
  2435. * (or NULL if it was not called).
  2436. */
  2437. if (SSL_in_before(s)) {
  2438. if (s->ext.hostname == NULL
  2439. && s->session != NULL
  2440. && s->session->ssl_version != TLS1_3_VERSION)
  2441. return s->session->ext.hostname;
  2442. } else {
  2443. if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL)
  2444. return s->session->ext.hostname;
  2445. }
  2446. }
  2447. return s->ext.hostname;
  2448. }
  2449. int SSL_get_servername_type(const SSL *s)
  2450. {
  2451. if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL)
  2452. return TLSEXT_NAMETYPE_host_name;
  2453. return -1;
  2454. }
  2455. /*
  2456. * SSL_select_next_proto implements the standard protocol selection. It is
  2457. * expected that this function is called from the callback set by
  2458. * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
  2459. * vector of 8-bit, length prefixed byte strings. The length byte itself is
  2460. * not included in the length. A byte string of length 0 is invalid. No byte
  2461. * string may be truncated. The current, but experimental algorithm for
  2462. * selecting the protocol is: 1) If the server doesn't support NPN then this
  2463. * is indicated to the callback. In this case, the client application has to
  2464. * abort the connection or have a default application level protocol. 2) If
  2465. * the server supports NPN, but advertises an empty list then the client
  2466. * selects the first protocol in its list, but indicates via the API that this
  2467. * fallback case was enacted. 3) Otherwise, the client finds the first
  2468. * protocol in the server's list that it supports and selects this protocol.
  2469. * This is because it's assumed that the server has better information about
  2470. * which protocol a client should use. 4) If the client doesn't support any
  2471. * of the server's advertised protocols, then this is treated the same as
  2472. * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
  2473. * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
  2474. */
  2475. int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
  2476. const unsigned char *server,
  2477. unsigned int server_len,
  2478. const unsigned char *client, unsigned int client_len)
  2479. {
  2480. unsigned int i, j;
  2481. const unsigned char *result;
  2482. int status = OPENSSL_NPN_UNSUPPORTED;
  2483. /*
  2484. * For each protocol in server preference order, see if we support it.
  2485. */
  2486. for (i = 0; i < server_len;) {
  2487. for (j = 0; j < client_len;) {
  2488. if (server[i] == client[j] &&
  2489. memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
  2490. /* We found a match */
  2491. result = &server[i];
  2492. status = OPENSSL_NPN_NEGOTIATED;
  2493. goto found;
  2494. }
  2495. j += client[j];
  2496. j++;
  2497. }
  2498. i += server[i];
  2499. i++;
  2500. }
  2501. /* There's no overlap between our protocols and the server's list. */
  2502. result = client;
  2503. status = OPENSSL_NPN_NO_OVERLAP;
  2504. found:
  2505. *out = (unsigned char *)result + 1;
  2506. *outlen = result[0];
  2507. return status;
  2508. }
  2509. #ifndef OPENSSL_NO_NEXTPROTONEG
  2510. /*
  2511. * SSL_get0_next_proto_negotiated sets *data and *len to point to the
  2512. * client's requested protocol for this connection and returns 0. If the
  2513. * client didn't request any protocol, then *data is set to NULL. Note that
  2514. * the client can request any protocol it chooses. The value returned from
  2515. * this function need not be a member of the list of supported protocols
  2516. * provided by the callback.
  2517. */
  2518. void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
  2519. unsigned *len)
  2520. {
  2521. *data = s->ext.npn;
  2522. if (*data == NULL) {
  2523. *len = 0;
  2524. } else {
  2525. *len = (unsigned int)s->ext.npn_len;
  2526. }
  2527. }
  2528. /*
  2529. * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
  2530. * a TLS server needs a list of supported protocols for Next Protocol
  2531. * Negotiation. The returned list must be in wire format. The list is
  2532. * returned by setting |out| to point to it and |outlen| to its length. This
  2533. * memory will not be modified, but one should assume that the SSL* keeps a
  2534. * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
  2535. * wishes to advertise. Otherwise, no such extension will be included in the
  2536. * ServerHello.
  2537. */
  2538. void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
  2539. SSL_CTX_npn_advertised_cb_func cb,
  2540. void *arg)
  2541. {
  2542. ctx->ext.npn_advertised_cb = cb;
  2543. ctx->ext.npn_advertised_cb_arg = arg;
  2544. }
  2545. /*
  2546. * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
  2547. * client needs to select a protocol from the server's provided list. |out|
  2548. * must be set to point to the selected protocol (which may be within |in|).
  2549. * The length of the protocol name must be written into |outlen|. The
  2550. * server's advertised protocols are provided in |in| and |inlen|. The
  2551. * callback can assume that |in| is syntactically valid. The client must
  2552. * select a protocol. It is fatal to the connection if this callback returns
  2553. * a value other than SSL_TLSEXT_ERR_OK.
  2554. */
  2555. void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
  2556. SSL_CTX_npn_select_cb_func cb,
  2557. void *arg)
  2558. {
  2559. ctx->ext.npn_select_cb = cb;
  2560. ctx->ext.npn_select_cb_arg = arg;
  2561. }
  2562. #endif
  2563. /*
  2564. * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
  2565. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  2566. * length-prefixed strings). Returns 0 on success.
  2567. */
  2568. int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
  2569. unsigned int protos_len)
  2570. {
  2571. OPENSSL_free(ctx->ext.alpn);
  2572. ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
  2573. if (ctx->ext.alpn == NULL) {
  2574. SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
  2575. return 1;
  2576. }
  2577. ctx->ext.alpn_len = protos_len;
  2578. return 0;
  2579. }
  2580. /*
  2581. * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
  2582. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  2583. * length-prefixed strings). Returns 0 on success.
  2584. */
  2585. int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
  2586. unsigned int protos_len)
  2587. {
  2588. OPENSSL_free(ssl->ext.alpn);
  2589. ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
  2590. if (ssl->ext.alpn == NULL) {
  2591. SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
  2592. return 1;
  2593. }
  2594. ssl->ext.alpn_len = protos_len;
  2595. return 0;
  2596. }
  2597. /*
  2598. * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
  2599. * called during ClientHello processing in order to select an ALPN protocol
  2600. * from the client's list of offered protocols.
  2601. */
  2602. void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
  2603. SSL_CTX_alpn_select_cb_func cb,
  2604. void *arg)
  2605. {
  2606. ctx->ext.alpn_select_cb = cb;
  2607. ctx->ext.alpn_select_cb_arg = arg;
  2608. }
  2609. /*
  2610. * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
  2611. * On return it sets |*data| to point to |*len| bytes of protocol name
  2612. * (not including the leading length-prefix byte). If the server didn't
  2613. * respond with a negotiated protocol then |*len| will be zero.
  2614. */
  2615. void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
  2616. unsigned int *len)
  2617. {
  2618. *data = ssl->s3.alpn_selected;
  2619. if (*data == NULL)
  2620. *len = 0;
  2621. else
  2622. *len = (unsigned int)ssl->s3.alpn_selected_len;
  2623. }
  2624. int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
  2625. const char *label, size_t llen,
  2626. const unsigned char *context, size_t contextlen,
  2627. int use_context)
  2628. {
  2629. if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
  2630. return -1;
  2631. return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
  2632. llen, context,
  2633. contextlen, use_context);
  2634. }
  2635. int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
  2636. const char *label, size_t llen,
  2637. const unsigned char *context,
  2638. size_t contextlen)
  2639. {
  2640. if (s->version != TLS1_3_VERSION)
  2641. return 0;
  2642. return tls13_export_keying_material_early(s, out, olen, label, llen,
  2643. context, contextlen);
  2644. }
  2645. static unsigned long ssl_session_hash(const SSL_SESSION *a)
  2646. {
  2647. const unsigned char *session_id = a->session_id;
  2648. unsigned long l;
  2649. unsigned char tmp_storage[4];
  2650. if (a->session_id_length < sizeof(tmp_storage)) {
  2651. memset(tmp_storage, 0, sizeof(tmp_storage));
  2652. memcpy(tmp_storage, a->session_id, a->session_id_length);
  2653. session_id = tmp_storage;
  2654. }
  2655. l = (unsigned long)
  2656. ((unsigned long)session_id[0]) |
  2657. ((unsigned long)session_id[1] << 8L) |
  2658. ((unsigned long)session_id[2] << 16L) |
  2659. ((unsigned long)session_id[3] << 24L);
  2660. return l;
  2661. }
  2662. /*
  2663. * NB: If this function (or indeed the hash function which uses a sort of
  2664. * coarser function than this one) is changed, ensure
  2665. * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
  2666. * being able to construct an SSL_SESSION that will collide with any existing
  2667. * session with a matching session ID.
  2668. */
  2669. static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
  2670. {
  2671. if (a->ssl_version != b->ssl_version)
  2672. return 1;
  2673. if (a->session_id_length != b->session_id_length)
  2674. return 1;
  2675. return memcmp(a->session_id, b->session_id, a->session_id_length);
  2676. }
  2677. /*
  2678. * These wrapper functions should remain rather than redeclaring
  2679. * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
  2680. * variable. The reason is that the functions aren't static, they're exposed
  2681. * via ssl.h.
  2682. */
  2683. SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
  2684. const SSL_METHOD *meth)
  2685. {
  2686. SSL_CTX *ret = NULL;
  2687. if (meth == NULL) {
  2688. SSLerr(0, SSL_R_NULL_SSL_METHOD_PASSED);
  2689. return NULL;
  2690. }
  2691. if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
  2692. return NULL;
  2693. if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
  2694. SSLerr(0, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
  2695. goto err;
  2696. }
  2697. ret = OPENSSL_zalloc(sizeof(*ret));
  2698. if (ret == NULL)
  2699. goto err;
  2700. ret->libctx = libctx;
  2701. if (propq != NULL) {
  2702. ret->propq = OPENSSL_strdup(propq);
  2703. if (ret->propq == NULL)
  2704. goto err;
  2705. }
  2706. ret->method = meth;
  2707. ret->min_proto_version = 0;
  2708. ret->max_proto_version = 0;
  2709. ret->mode = SSL_MODE_AUTO_RETRY;
  2710. ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
  2711. ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
  2712. /* We take the system default. */
  2713. ret->session_timeout = meth->get_timeout();
  2714. ret->references = 1;
  2715. ret->lock = CRYPTO_THREAD_lock_new();
  2716. if (ret->lock == NULL) {
  2717. SSLerr(0, ERR_R_MALLOC_FAILURE);
  2718. OPENSSL_free(ret);
  2719. return NULL;
  2720. }
  2721. ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
  2722. ret->verify_mode = SSL_VERIFY_NONE;
  2723. if ((ret->cert = ssl_cert_new()) == NULL)
  2724. goto err;
  2725. ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
  2726. if (ret->sessions == NULL)
  2727. goto err;
  2728. ret->cert_store = X509_STORE_new();
  2729. if (ret->cert_store == NULL)
  2730. goto err;
  2731. #ifndef OPENSSL_NO_CT
  2732. ret->ctlog_store = CTLOG_STORE_new_with_libctx(libctx, propq);
  2733. if (ret->ctlog_store == NULL)
  2734. goto err;
  2735. #endif
  2736. /* initialize cipher/digest methods table */
  2737. if (!ssl_load_ciphers(ret))
  2738. goto err2;
  2739. /* initialise sig algs */
  2740. if (!ssl_setup_sig_algs(ret))
  2741. goto err2;
  2742. if (!ssl_load_groups(ret))
  2743. goto err2;
  2744. if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites()))
  2745. goto err;
  2746. if (!ssl_create_cipher_list(ret->method,
  2747. ret->tls13_ciphersuites,
  2748. &ret->cipher_list, &ret->cipher_list_by_id,
  2749. OSSL_default_cipher_list(), ret->cert)
  2750. || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
  2751. SSLerr(0, SSL_R_LIBRARY_HAS_NO_CIPHERS);
  2752. goto err2;
  2753. }
  2754. ret->param = X509_VERIFY_PARAM_new();
  2755. if (ret->param == NULL)
  2756. goto err;
  2757. /*
  2758. * If these aren't available from the provider we'll get NULL returns.
  2759. * That's fine but will cause errors later if SSLv3 is negotiated
  2760. */
  2761. ret->md5 = ssl_evp_md_fetch(libctx, NID_md5, propq);
  2762. ret->sha1 = ssl_evp_md_fetch(libctx, NID_sha1, propq);
  2763. if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
  2764. goto err;
  2765. if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL)
  2766. goto err;
  2767. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
  2768. goto err;
  2769. if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
  2770. goto err;
  2771. /* No compression for DTLS */
  2772. if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
  2773. ret->comp_methods = SSL_COMP_get_compression_methods();
  2774. ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  2775. ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  2776. /* Setup RFC5077 ticket keys */
  2777. if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name,
  2778. sizeof(ret->ext.tick_key_name)) <= 0)
  2779. || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key,
  2780. sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
  2781. || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key,
  2782. sizeof(ret->ext.secure->tick_aes_key)) <= 0))
  2783. ret->options |= SSL_OP_NO_TICKET;
  2784. if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key,
  2785. sizeof(ret->ext.cookie_hmac_key)) <= 0)
  2786. goto err;
  2787. #ifndef OPENSSL_NO_SRP
  2788. if (!SSL_CTX_SRP_CTX_init(ret))
  2789. goto err;
  2790. #endif
  2791. #ifndef OPENSSL_NO_ENGINE
  2792. # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
  2793. # define eng_strx(x) #x
  2794. # define eng_str(x) eng_strx(x)
  2795. /* Use specific client engine automatically... ignore errors */
  2796. {
  2797. ENGINE *eng;
  2798. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  2799. if (!eng) {
  2800. ERR_clear_error();
  2801. ENGINE_load_builtin_engines();
  2802. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  2803. }
  2804. if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
  2805. ERR_clear_error();
  2806. }
  2807. # endif
  2808. #endif
  2809. /*
  2810. * Default is to connect to non-RI servers. When RI is more widely
  2811. * deployed might change this.
  2812. */
  2813. ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
  2814. /*
  2815. * Disable compression by default to prevent CRIME. Applications can
  2816. * re-enable compression by configuring
  2817. * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
  2818. * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
  2819. * middlebox compatibility by default. This may be disabled by default in
  2820. * a later OpenSSL version.
  2821. */
  2822. ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
  2823. ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
  2824. /*
  2825. * We cannot usefully set a default max_early_data here (which gets
  2826. * propagated in SSL_new(), for the following reason: setting the
  2827. * SSL field causes tls_construct_stoc_early_data() to tell the
  2828. * client that early data will be accepted when constructing a TLS 1.3
  2829. * session ticket, and the client will accordingly send us early data
  2830. * when using that ticket (if the client has early data to send).
  2831. * However, in order for the early data to actually be consumed by
  2832. * the application, the application must also have calls to
  2833. * SSL_read_early_data(); otherwise we'll just skip past the early data
  2834. * and ignore it. So, since the application must add calls to
  2835. * SSL_read_early_data(), we also require them to add
  2836. * calls to SSL_CTX_set_max_early_data() in order to use early data,
  2837. * eliminating the bandwidth-wasting early data in the case described
  2838. * above.
  2839. */
  2840. ret->max_early_data = 0;
  2841. /*
  2842. * Default recv_max_early_data is a fully loaded single record. Could be
  2843. * split across multiple records in practice. We set this differently to
  2844. * max_early_data so that, in the default case, we do not advertise any
  2845. * support for early_data, but if a client were to send us some (e.g.
  2846. * because of an old, stale ticket) then we will tolerate it and skip over
  2847. * it.
  2848. */
  2849. ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
  2850. /* By default we send two session tickets automatically in TLSv1.3 */
  2851. ret->num_tickets = 2;
  2852. ssl_ctx_system_config(ret);
  2853. return ret;
  2854. err:
  2855. SSLerr(0, ERR_R_MALLOC_FAILURE);
  2856. err2:
  2857. SSL_CTX_free(ret);
  2858. return NULL;
  2859. }
  2860. SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
  2861. {
  2862. return SSL_CTX_new_with_libctx(NULL, NULL, meth);
  2863. }
  2864. int SSL_CTX_up_ref(SSL_CTX *ctx)
  2865. {
  2866. int i;
  2867. if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
  2868. return 0;
  2869. REF_PRINT_COUNT("SSL_CTX", ctx);
  2870. REF_ASSERT_ISNT(i < 2);
  2871. return ((i > 1) ? 1 : 0);
  2872. }
  2873. void SSL_CTX_free(SSL_CTX *a)
  2874. {
  2875. int i;
  2876. size_t j;
  2877. if (a == NULL)
  2878. return;
  2879. CRYPTO_DOWN_REF(&a->references, &i, a->lock);
  2880. REF_PRINT_COUNT("SSL_CTX", a);
  2881. if (i > 0)
  2882. return;
  2883. REF_ASSERT_ISNT(i < 0);
  2884. X509_VERIFY_PARAM_free(a->param);
  2885. dane_ctx_final(&a->dane);
  2886. /*
  2887. * Free internal session cache. However: the remove_cb() may reference
  2888. * the ex_data of SSL_CTX, thus the ex_data store can only be removed
  2889. * after the sessions were flushed.
  2890. * As the ex_data handling routines might also touch the session cache,
  2891. * the most secure solution seems to be: empty (flush) the cache, then
  2892. * free ex_data, then finally free the cache.
  2893. * (See ticket [openssl.org #212].)
  2894. */
  2895. if (a->sessions != NULL)
  2896. SSL_CTX_flush_sessions(a, 0);
  2897. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
  2898. lh_SSL_SESSION_free(a->sessions);
  2899. X509_STORE_free(a->cert_store);
  2900. #ifndef OPENSSL_NO_CT
  2901. CTLOG_STORE_free(a->ctlog_store);
  2902. #endif
  2903. sk_SSL_CIPHER_free(a->cipher_list);
  2904. sk_SSL_CIPHER_free(a->cipher_list_by_id);
  2905. sk_SSL_CIPHER_free(a->tls13_ciphersuites);
  2906. ssl_cert_free(a->cert);
  2907. sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
  2908. sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
  2909. sk_X509_pop_free(a->extra_certs, X509_free);
  2910. a->comp_methods = NULL;
  2911. #ifndef OPENSSL_NO_SRTP
  2912. sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
  2913. #endif
  2914. #ifndef OPENSSL_NO_SRP
  2915. SSL_CTX_SRP_CTX_free(a);
  2916. #endif
  2917. #ifndef OPENSSL_NO_ENGINE
  2918. ENGINE_finish(a->client_cert_engine);
  2919. #endif
  2920. #ifndef OPENSSL_NO_EC
  2921. OPENSSL_free(a->ext.ecpointformats);
  2922. #endif
  2923. OPENSSL_free(a->ext.supportedgroups);
  2924. OPENSSL_free(a->ext.alpn);
  2925. OPENSSL_secure_free(a->ext.secure);
  2926. ssl_evp_md_free(a->md5);
  2927. ssl_evp_md_free(a->sha1);
  2928. for (j = 0; j < SSL_ENC_NUM_IDX; j++)
  2929. ssl_evp_cipher_free(a->ssl_cipher_methods[j]);
  2930. for (j = 0; j < SSL_MD_NUM_IDX; j++)
  2931. ssl_evp_md_free(a->ssl_digest_methods[j]);
  2932. for (j = 0; j < a->group_list_len; j++) {
  2933. OPENSSL_free(a->group_list[j].tlsname);
  2934. OPENSSL_free(a->group_list[j].realname);
  2935. OPENSSL_free(a->group_list[j].algorithm);
  2936. }
  2937. OPENSSL_free(a->group_list);
  2938. OPENSSL_free(a->sigalg_lookup_cache);
  2939. CRYPTO_THREAD_lock_free(a->lock);
  2940. OPENSSL_free(a->propq);
  2941. OPENSSL_free(a);
  2942. }
  2943. void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
  2944. {
  2945. ctx->default_passwd_callback = cb;
  2946. }
  2947. void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
  2948. {
  2949. ctx->default_passwd_callback_userdata = u;
  2950. }
  2951. pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
  2952. {
  2953. return ctx->default_passwd_callback;
  2954. }
  2955. void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
  2956. {
  2957. return ctx->default_passwd_callback_userdata;
  2958. }
  2959. void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
  2960. {
  2961. s->default_passwd_callback = cb;
  2962. }
  2963. void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
  2964. {
  2965. s->default_passwd_callback_userdata = u;
  2966. }
  2967. pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
  2968. {
  2969. return s->default_passwd_callback;
  2970. }
  2971. void *SSL_get_default_passwd_cb_userdata(SSL *s)
  2972. {
  2973. return s->default_passwd_callback_userdata;
  2974. }
  2975. void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
  2976. int (*cb) (X509_STORE_CTX *, void *),
  2977. void *arg)
  2978. {
  2979. ctx->app_verify_callback = cb;
  2980. ctx->app_verify_arg = arg;
  2981. }
  2982. void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
  2983. int (*cb) (int, X509_STORE_CTX *))
  2984. {
  2985. ctx->verify_mode = mode;
  2986. ctx->default_verify_callback = cb;
  2987. }
  2988. void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
  2989. {
  2990. X509_VERIFY_PARAM_set_depth(ctx->param, depth);
  2991. }
  2992. void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
  2993. {
  2994. ssl_cert_set_cert_cb(c->cert, cb, arg);
  2995. }
  2996. void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
  2997. {
  2998. ssl_cert_set_cert_cb(s->cert, cb, arg);
  2999. }
  3000. void ssl_set_masks(SSL *s)
  3001. {
  3002. CERT *c = s->cert;
  3003. uint32_t *pvalid = s->s3.tmp.valid_flags;
  3004. int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
  3005. unsigned long mask_k, mask_a;
  3006. #ifndef OPENSSL_NO_EC
  3007. int have_ecc_cert, ecdsa_ok;
  3008. #endif
  3009. if (c == NULL)
  3010. return;
  3011. #ifndef OPENSSL_NO_DH
  3012. dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
  3013. #else
  3014. dh_tmp = 0;
  3015. #endif
  3016. rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  3017. rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  3018. dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
  3019. #ifndef OPENSSL_NO_EC
  3020. have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
  3021. #endif
  3022. mask_k = 0;
  3023. mask_a = 0;
  3024. OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n",
  3025. dh_tmp, rsa_enc, rsa_sign, dsa_sign);
  3026. #ifndef OPENSSL_NO_GOST
  3027. if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
  3028. mask_k |= SSL_kGOST | SSL_kGOST18;
  3029. mask_a |= SSL_aGOST12;
  3030. }
  3031. if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
  3032. mask_k |= SSL_kGOST | SSL_kGOST18;
  3033. mask_a |= SSL_aGOST12;
  3034. }
  3035. if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
  3036. mask_k |= SSL_kGOST;
  3037. mask_a |= SSL_aGOST01;
  3038. }
  3039. #endif
  3040. if (rsa_enc)
  3041. mask_k |= SSL_kRSA;
  3042. if (dh_tmp)
  3043. mask_k |= SSL_kDHE;
  3044. /*
  3045. * If we only have an RSA-PSS certificate allow RSA authentication
  3046. * if TLS 1.2 and peer supports it.
  3047. */
  3048. if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
  3049. && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
  3050. && TLS1_get_version(s) == TLS1_2_VERSION))
  3051. mask_a |= SSL_aRSA;
  3052. if (dsa_sign) {
  3053. mask_a |= SSL_aDSS;
  3054. }
  3055. mask_a |= SSL_aNULL;
  3056. /*
  3057. * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
  3058. * depending on the key usage extension.
  3059. */
  3060. #ifndef OPENSSL_NO_EC
  3061. if (have_ecc_cert) {
  3062. uint32_t ex_kusage;
  3063. ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
  3064. ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
  3065. if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
  3066. ecdsa_ok = 0;
  3067. if (ecdsa_ok)
  3068. mask_a |= SSL_aECDSA;
  3069. }
  3070. /* Allow Ed25519 for TLS 1.2 if peer supports it */
  3071. if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
  3072. && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
  3073. && TLS1_get_version(s) == TLS1_2_VERSION)
  3074. mask_a |= SSL_aECDSA;
  3075. /* Allow Ed448 for TLS 1.2 if peer supports it */
  3076. if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
  3077. && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
  3078. && TLS1_get_version(s) == TLS1_2_VERSION)
  3079. mask_a |= SSL_aECDSA;
  3080. #endif
  3081. #ifndef OPENSSL_NO_EC
  3082. mask_k |= SSL_kECDHE;
  3083. #endif
  3084. #ifndef OPENSSL_NO_PSK
  3085. mask_k |= SSL_kPSK;
  3086. mask_a |= SSL_aPSK;
  3087. if (mask_k & SSL_kRSA)
  3088. mask_k |= SSL_kRSAPSK;
  3089. if (mask_k & SSL_kDHE)
  3090. mask_k |= SSL_kDHEPSK;
  3091. if (mask_k & SSL_kECDHE)
  3092. mask_k |= SSL_kECDHEPSK;
  3093. #endif
  3094. s->s3.tmp.mask_k = mask_k;
  3095. s->s3.tmp.mask_a = mask_a;
  3096. }
  3097. #ifndef OPENSSL_NO_EC
  3098. int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
  3099. {
  3100. if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
  3101. /* key usage, if present, must allow signing */
  3102. if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
  3103. SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
  3104. SSL_R_ECC_CERT_NOT_FOR_SIGNING);
  3105. return 0;
  3106. }
  3107. }
  3108. return 1; /* all checks are ok */
  3109. }
  3110. #endif
  3111. int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
  3112. size_t *serverinfo_length)
  3113. {
  3114. CERT_PKEY *cpk = s->s3.tmp.cert;
  3115. *serverinfo_length = 0;
  3116. if (cpk == NULL || cpk->serverinfo == NULL)
  3117. return 0;
  3118. *serverinfo = cpk->serverinfo;
  3119. *serverinfo_length = cpk->serverinfo_length;
  3120. return 1;
  3121. }
  3122. void ssl_update_cache(SSL *s, int mode)
  3123. {
  3124. int i;
  3125. /*
  3126. * If the session_id_length is 0, we are not supposed to cache it, and it
  3127. * would be rather hard to do anyway :-)
  3128. */
  3129. if (s->session->session_id_length == 0)
  3130. return;
  3131. /*
  3132. * If sid_ctx_length is 0 there is no specific application context
  3133. * associated with this session, so when we try to resume it and
  3134. * SSL_VERIFY_PEER is requested to verify the client identity, we have no
  3135. * indication that this is actually a session for the proper application
  3136. * context, and the *handshake* will fail, not just the resumption attempt.
  3137. * Do not cache (on the server) these sessions that are not resumable
  3138. * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
  3139. */
  3140. if (s->server && s->session->sid_ctx_length == 0
  3141. && (s->verify_mode & SSL_VERIFY_PEER) != 0)
  3142. return;
  3143. i = s->session_ctx->session_cache_mode;
  3144. if ((i & mode) != 0
  3145. && (!s->hit || SSL_IS_TLS13(s))) {
  3146. /*
  3147. * Add the session to the internal cache. In server side TLSv1.3 we
  3148. * normally don't do this because by default it's a full stateless ticket
  3149. * with only a dummy session id so there is no reason to cache it,
  3150. * unless:
  3151. * - we are doing early_data, in which case we cache so that we can
  3152. * detect replays
  3153. * - the application has set a remove_session_cb so needs to know about
  3154. * session timeout events
  3155. * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
  3156. */
  3157. if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
  3158. && (!SSL_IS_TLS13(s)
  3159. || !s->server
  3160. || (s->max_early_data > 0
  3161. && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
  3162. || s->session_ctx->remove_session_cb != NULL
  3163. || (s->options & SSL_OP_NO_TICKET) != 0))
  3164. SSL_CTX_add_session(s->session_ctx, s->session);
  3165. /*
  3166. * Add the session to the external cache. We do this even in server side
  3167. * TLSv1.3 without early data because some applications just want to
  3168. * know about the creation of a session and aren't doing a full cache.
  3169. */
  3170. if (s->session_ctx->new_session_cb != NULL) {
  3171. SSL_SESSION_up_ref(s->session);
  3172. if (!s->session_ctx->new_session_cb(s, s->session))
  3173. SSL_SESSION_free(s->session);
  3174. }
  3175. }
  3176. /* auto flush every 255 connections */
  3177. if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
  3178. TSAN_QUALIFIER int *stat;
  3179. if (mode & SSL_SESS_CACHE_CLIENT)
  3180. stat = &s->session_ctx->stats.sess_connect_good;
  3181. else
  3182. stat = &s->session_ctx->stats.sess_accept_good;
  3183. if ((tsan_load(stat) & 0xff) == 0xff)
  3184. SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
  3185. }
  3186. }
  3187. const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
  3188. {
  3189. return ctx->method;
  3190. }
  3191. const SSL_METHOD *SSL_get_ssl_method(const SSL *s)
  3192. {
  3193. return s->method;
  3194. }
  3195. int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
  3196. {
  3197. int ret = 1;
  3198. if (s->method != meth) {
  3199. const SSL_METHOD *sm = s->method;
  3200. int (*hf) (SSL *) = s->handshake_func;
  3201. if (sm->version == meth->version)
  3202. s->method = meth;
  3203. else {
  3204. sm->ssl_free(s);
  3205. s->method = meth;
  3206. ret = s->method->ssl_new(s);
  3207. }
  3208. if (hf == sm->ssl_connect)
  3209. s->handshake_func = meth->ssl_connect;
  3210. else if (hf == sm->ssl_accept)
  3211. s->handshake_func = meth->ssl_accept;
  3212. }
  3213. return ret;
  3214. }
  3215. int SSL_get_error(const SSL *s, int i)
  3216. {
  3217. int reason;
  3218. unsigned long l;
  3219. BIO *bio;
  3220. if (i > 0)
  3221. return SSL_ERROR_NONE;
  3222. /*
  3223. * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
  3224. * where we do encode the error
  3225. */
  3226. if ((l = ERR_peek_error()) != 0) {
  3227. if (ERR_GET_LIB(l) == ERR_LIB_SYS)
  3228. return SSL_ERROR_SYSCALL;
  3229. else
  3230. return SSL_ERROR_SSL;
  3231. }
  3232. if (SSL_want_read(s)) {
  3233. bio = SSL_get_rbio(s);
  3234. if (BIO_should_read(bio))
  3235. return SSL_ERROR_WANT_READ;
  3236. else if (BIO_should_write(bio))
  3237. /*
  3238. * This one doesn't make too much sense ... We never try to write
  3239. * to the rbio, and an application program where rbio and wbio
  3240. * are separate couldn't even know what it should wait for.
  3241. * However if we ever set s->rwstate incorrectly (so that we have
  3242. * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
  3243. * wbio *are* the same, this test works around that bug; so it
  3244. * might be safer to keep it.
  3245. */
  3246. return SSL_ERROR_WANT_WRITE;
  3247. else if (BIO_should_io_special(bio)) {
  3248. reason = BIO_get_retry_reason(bio);
  3249. if (reason == BIO_RR_CONNECT)
  3250. return SSL_ERROR_WANT_CONNECT;
  3251. else if (reason == BIO_RR_ACCEPT)
  3252. return SSL_ERROR_WANT_ACCEPT;
  3253. else
  3254. return SSL_ERROR_SYSCALL; /* unknown */
  3255. }
  3256. }
  3257. if (SSL_want_write(s)) {
  3258. /* Access wbio directly - in order to use the buffered bio if present */
  3259. bio = s->wbio;
  3260. if (BIO_should_write(bio))
  3261. return SSL_ERROR_WANT_WRITE;
  3262. else if (BIO_should_read(bio))
  3263. /*
  3264. * See above (SSL_want_read(s) with BIO_should_write(bio))
  3265. */
  3266. return SSL_ERROR_WANT_READ;
  3267. else if (BIO_should_io_special(bio)) {
  3268. reason = BIO_get_retry_reason(bio);
  3269. if (reason == BIO_RR_CONNECT)
  3270. return SSL_ERROR_WANT_CONNECT;
  3271. else if (reason == BIO_RR_ACCEPT)
  3272. return SSL_ERROR_WANT_ACCEPT;
  3273. else
  3274. return SSL_ERROR_SYSCALL;
  3275. }
  3276. }
  3277. if (SSL_want_x509_lookup(s))
  3278. return SSL_ERROR_WANT_X509_LOOKUP;
  3279. if (SSL_want_async(s))
  3280. return SSL_ERROR_WANT_ASYNC;
  3281. if (SSL_want_async_job(s))
  3282. return SSL_ERROR_WANT_ASYNC_JOB;
  3283. if (SSL_want_client_hello_cb(s))
  3284. return SSL_ERROR_WANT_CLIENT_HELLO_CB;
  3285. if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
  3286. (s->s3.warn_alert == SSL_AD_CLOSE_NOTIFY))
  3287. return SSL_ERROR_ZERO_RETURN;
  3288. return SSL_ERROR_SYSCALL;
  3289. }
  3290. static int ssl_do_handshake_intern(void *vargs)
  3291. {
  3292. struct ssl_async_args *args;
  3293. SSL *s;
  3294. args = (struct ssl_async_args *)vargs;
  3295. s = args->s;
  3296. return s->handshake_func(s);
  3297. }
  3298. int SSL_do_handshake(SSL *s)
  3299. {
  3300. int ret = 1;
  3301. if (s->handshake_func == NULL) {
  3302. SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
  3303. return -1;
  3304. }
  3305. ossl_statem_check_finish_init(s, -1);
  3306. s->method->ssl_renegotiate_check(s, 0);
  3307. if (SSL_in_init(s) || SSL_in_before(s)) {
  3308. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  3309. struct ssl_async_args args;
  3310. args.s = s;
  3311. ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
  3312. } else {
  3313. ret = s->handshake_func(s);
  3314. }
  3315. }
  3316. return ret;
  3317. }
  3318. void SSL_set_accept_state(SSL *s)
  3319. {
  3320. s->server = 1;
  3321. s->shutdown = 0;
  3322. ossl_statem_clear(s);
  3323. s->handshake_func = s->method->ssl_accept;
  3324. clear_ciphers(s);
  3325. }
  3326. void SSL_set_connect_state(SSL *s)
  3327. {
  3328. s->server = 0;
  3329. s->shutdown = 0;
  3330. ossl_statem_clear(s);
  3331. s->handshake_func = s->method->ssl_connect;
  3332. clear_ciphers(s);
  3333. }
  3334. int ssl_undefined_function(SSL *s)
  3335. {
  3336. SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  3337. return 0;
  3338. }
  3339. int ssl_undefined_void_function(void)
  3340. {
  3341. SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
  3342. ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  3343. return 0;
  3344. }
  3345. int ssl_undefined_const_function(const SSL *s)
  3346. {
  3347. return 0;
  3348. }
  3349. const SSL_METHOD *ssl_bad_method(int ver)
  3350. {
  3351. SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  3352. return NULL;
  3353. }
  3354. const char *ssl_protocol_to_string(int version)
  3355. {
  3356. switch(version)
  3357. {
  3358. case TLS1_3_VERSION:
  3359. return "TLSv1.3";
  3360. case TLS1_2_VERSION:
  3361. return "TLSv1.2";
  3362. case TLS1_1_VERSION:
  3363. return "TLSv1.1";
  3364. case TLS1_VERSION:
  3365. return "TLSv1";
  3366. case SSL3_VERSION:
  3367. return "SSLv3";
  3368. case DTLS1_BAD_VER:
  3369. return "DTLSv0.9";
  3370. case DTLS1_VERSION:
  3371. return "DTLSv1";
  3372. case DTLS1_2_VERSION:
  3373. return "DTLSv1.2";
  3374. default:
  3375. return "unknown";
  3376. }
  3377. }
  3378. const char *SSL_get_version(const SSL *s)
  3379. {
  3380. return ssl_protocol_to_string(s->version);
  3381. }
  3382. static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
  3383. {
  3384. STACK_OF(X509_NAME) *sk;
  3385. X509_NAME *xn;
  3386. int i;
  3387. if (src == NULL) {
  3388. *dst = NULL;
  3389. return 1;
  3390. }
  3391. if ((sk = sk_X509_NAME_new_null()) == NULL)
  3392. return 0;
  3393. for (i = 0; i < sk_X509_NAME_num(src); i++) {
  3394. xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
  3395. if (xn == NULL) {
  3396. sk_X509_NAME_pop_free(sk, X509_NAME_free);
  3397. return 0;
  3398. }
  3399. if (sk_X509_NAME_insert(sk, xn, i) == 0) {
  3400. X509_NAME_free(xn);
  3401. sk_X509_NAME_pop_free(sk, X509_NAME_free);
  3402. return 0;
  3403. }
  3404. }
  3405. *dst = sk;
  3406. return 1;
  3407. }
  3408. SSL *SSL_dup(SSL *s)
  3409. {
  3410. SSL *ret;
  3411. int i;
  3412. /* If we're not quiescent, just up_ref! */
  3413. if (!SSL_in_init(s) || !SSL_in_before(s)) {
  3414. CRYPTO_UP_REF(&s->references, &i, s->lock);
  3415. return s;
  3416. }
  3417. /*
  3418. * Otherwise, copy configuration state, and session if set.
  3419. */
  3420. if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
  3421. return NULL;
  3422. if (s->session != NULL) {
  3423. /*
  3424. * Arranges to share the same session via up_ref. This "copies"
  3425. * session-id, SSL_METHOD, sid_ctx, and 'cert'
  3426. */
  3427. if (!SSL_copy_session_id(ret, s))
  3428. goto err;
  3429. } else {
  3430. /*
  3431. * No session has been established yet, so we have to expect that
  3432. * s->cert or ret->cert will be changed later -- they should not both
  3433. * point to the same object, and thus we can't use
  3434. * SSL_copy_session_id.
  3435. */
  3436. if (!SSL_set_ssl_method(ret, s->method))
  3437. goto err;
  3438. if (s->cert != NULL) {
  3439. ssl_cert_free(ret->cert);
  3440. ret->cert = ssl_cert_dup(s->cert);
  3441. if (ret->cert == NULL)
  3442. goto err;
  3443. }
  3444. if (!SSL_set_session_id_context(ret, s->sid_ctx,
  3445. (int)s->sid_ctx_length))
  3446. goto err;
  3447. }
  3448. if (!ssl_dane_dup(ret, s))
  3449. goto err;
  3450. ret->version = s->version;
  3451. ret->options = s->options;
  3452. ret->min_proto_version = s->min_proto_version;
  3453. ret->max_proto_version = s->max_proto_version;
  3454. ret->mode = s->mode;
  3455. SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
  3456. SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
  3457. ret->msg_callback = s->msg_callback;
  3458. ret->msg_callback_arg = s->msg_callback_arg;
  3459. SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
  3460. SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
  3461. ret->generate_session_id = s->generate_session_id;
  3462. SSL_set_info_callback(ret, SSL_get_info_callback(s));
  3463. /* copy app data, a little dangerous perhaps */
  3464. if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
  3465. goto err;
  3466. ret->server = s->server;
  3467. if (s->handshake_func) {
  3468. if (s->server)
  3469. SSL_set_accept_state(ret);
  3470. else
  3471. SSL_set_connect_state(ret);
  3472. }
  3473. ret->shutdown = s->shutdown;
  3474. ret->hit = s->hit;
  3475. ret->default_passwd_callback = s->default_passwd_callback;
  3476. ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata;
  3477. X509_VERIFY_PARAM_inherit(ret->param, s->param);
  3478. /* dup the cipher_list and cipher_list_by_id stacks */
  3479. if (s->cipher_list != NULL) {
  3480. if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
  3481. goto err;
  3482. }
  3483. if (s->cipher_list_by_id != NULL)
  3484. if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
  3485. == NULL)
  3486. goto err;
  3487. /* Dup the client_CA list */
  3488. if (!dup_ca_names(&ret->ca_names, s->ca_names)
  3489. || !dup_ca_names(&ret->client_ca_names, s->client_ca_names))
  3490. goto err;
  3491. return ret;
  3492. err:
  3493. SSL_free(ret);
  3494. return NULL;
  3495. }
  3496. void ssl_clear_cipher_ctx(SSL *s)
  3497. {
  3498. if (s->enc_read_ctx != NULL) {
  3499. EVP_CIPHER_CTX_free(s->enc_read_ctx);
  3500. s->enc_read_ctx = NULL;
  3501. }
  3502. if (s->enc_write_ctx != NULL) {
  3503. EVP_CIPHER_CTX_free(s->enc_write_ctx);
  3504. s->enc_write_ctx = NULL;
  3505. }
  3506. #ifndef OPENSSL_NO_COMP
  3507. COMP_CTX_free(s->expand);
  3508. s->expand = NULL;
  3509. COMP_CTX_free(s->compress);
  3510. s->compress = NULL;
  3511. #endif
  3512. }
  3513. X509 *SSL_get_certificate(const SSL *s)
  3514. {
  3515. if (s->cert != NULL)
  3516. return s->cert->key->x509;
  3517. else
  3518. return NULL;
  3519. }
  3520. EVP_PKEY *SSL_get_privatekey(const SSL *s)
  3521. {
  3522. if (s->cert != NULL)
  3523. return s->cert->key->privatekey;
  3524. else
  3525. return NULL;
  3526. }
  3527. X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
  3528. {
  3529. if (ctx->cert != NULL)
  3530. return ctx->cert->key->x509;
  3531. else
  3532. return NULL;
  3533. }
  3534. EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
  3535. {
  3536. if (ctx->cert != NULL)
  3537. return ctx->cert->key->privatekey;
  3538. else
  3539. return NULL;
  3540. }
  3541. const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
  3542. {
  3543. if ((s->session != NULL) && (s->session->cipher != NULL))
  3544. return s->session->cipher;
  3545. return NULL;
  3546. }
  3547. const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
  3548. {
  3549. return s->s3.tmp.new_cipher;
  3550. }
  3551. const COMP_METHOD *SSL_get_current_compression(const SSL *s)
  3552. {
  3553. #ifndef OPENSSL_NO_COMP
  3554. return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
  3555. #else
  3556. return NULL;
  3557. #endif
  3558. }
  3559. const COMP_METHOD *SSL_get_current_expansion(const SSL *s)
  3560. {
  3561. #ifndef OPENSSL_NO_COMP
  3562. return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
  3563. #else
  3564. return NULL;
  3565. #endif
  3566. }
  3567. int ssl_init_wbio_buffer(SSL *s)
  3568. {
  3569. BIO *bbio;
  3570. if (s->bbio != NULL) {
  3571. /* Already buffered. */
  3572. return 1;
  3573. }
  3574. bbio = BIO_new(BIO_f_buffer());
  3575. if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
  3576. BIO_free(bbio);
  3577. SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
  3578. return 0;
  3579. }
  3580. s->bbio = bbio;
  3581. s->wbio = BIO_push(bbio, s->wbio);
  3582. return 1;
  3583. }
  3584. int ssl_free_wbio_buffer(SSL *s)
  3585. {
  3586. /* callers ensure s is never null */
  3587. if (s->bbio == NULL)
  3588. return 1;
  3589. s->wbio = BIO_pop(s->wbio);
  3590. BIO_free(s->bbio);
  3591. s->bbio = NULL;
  3592. return 1;
  3593. }
  3594. void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
  3595. {
  3596. ctx->quiet_shutdown = mode;
  3597. }
  3598. int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
  3599. {
  3600. return ctx->quiet_shutdown;
  3601. }
  3602. void SSL_set_quiet_shutdown(SSL *s, int mode)
  3603. {
  3604. s->quiet_shutdown = mode;
  3605. }
  3606. int SSL_get_quiet_shutdown(const SSL *s)
  3607. {
  3608. return s->quiet_shutdown;
  3609. }
  3610. void SSL_set_shutdown(SSL *s, int mode)
  3611. {
  3612. s->shutdown = mode;
  3613. }
  3614. int SSL_get_shutdown(const SSL *s)
  3615. {
  3616. return s->shutdown;
  3617. }
  3618. int SSL_version(const SSL *s)
  3619. {
  3620. return s->version;
  3621. }
  3622. int SSL_client_version(const SSL *s)
  3623. {
  3624. return s->client_version;
  3625. }
  3626. SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
  3627. {
  3628. return ssl->ctx;
  3629. }
  3630. SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
  3631. {
  3632. CERT *new_cert;
  3633. if (ssl->ctx == ctx)
  3634. return ssl->ctx;
  3635. if (ctx == NULL)
  3636. ctx = ssl->session_ctx;
  3637. new_cert = ssl_cert_dup(ctx->cert);
  3638. if (new_cert == NULL) {
  3639. return NULL;
  3640. }
  3641. if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) {
  3642. ssl_cert_free(new_cert);
  3643. return NULL;
  3644. }
  3645. ssl_cert_free(ssl->cert);
  3646. ssl->cert = new_cert;
  3647. /*
  3648. * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
  3649. * so setter APIs must prevent invalid lengths from entering the system.
  3650. */
  3651. if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)))
  3652. return NULL;
  3653. /*
  3654. * If the session ID context matches that of the parent SSL_CTX,
  3655. * inherit it from the new SSL_CTX as well. If however the context does
  3656. * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
  3657. * leave it unchanged.
  3658. */
  3659. if ((ssl->ctx != NULL) &&
  3660. (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
  3661. (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
  3662. ssl->sid_ctx_length = ctx->sid_ctx_length;
  3663. memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
  3664. }
  3665. SSL_CTX_up_ref(ctx);
  3666. SSL_CTX_free(ssl->ctx); /* decrement reference count */
  3667. ssl->ctx = ctx;
  3668. return ssl->ctx;
  3669. }
  3670. int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
  3671. {
  3672. return X509_STORE_set_default_paths(ctx->cert_store);
  3673. }
  3674. int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
  3675. {
  3676. X509_LOOKUP *lookup;
  3677. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
  3678. if (lookup == NULL)
  3679. return 0;
  3680. /* We ignore errors, in case the directory doesn't exist */
  3681. ERR_set_mark();
  3682. X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
  3683. ERR_pop_to_mark();
  3684. return 1;
  3685. }
  3686. int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
  3687. {
  3688. X509_LOOKUP *lookup;
  3689. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
  3690. if (lookup == NULL)
  3691. return 0;
  3692. /* We ignore errors, in case the directory doesn't exist */
  3693. ERR_set_mark();
  3694. X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
  3695. ERR_pop_to_mark();
  3696. return 1;
  3697. }
  3698. int SSL_CTX_set_default_verify_store(SSL_CTX *ctx)
  3699. {
  3700. X509_LOOKUP *lookup;
  3701. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_store());
  3702. if (lookup == NULL)
  3703. return 0;
  3704. /* We ignore errors, in case the directory doesn't exist */
  3705. ERR_set_mark();
  3706. X509_LOOKUP_add_store(lookup, NULL);
  3707. ERR_pop_to_mark();
  3708. return 1;
  3709. }
  3710. int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile)
  3711. {
  3712. return X509_STORE_load_file(ctx->cert_store, CAfile);
  3713. }
  3714. int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath)
  3715. {
  3716. return X509_STORE_load_path(ctx->cert_store, CApath);
  3717. }
  3718. int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
  3719. {
  3720. return X509_STORE_load_store(ctx->cert_store, CAstore);
  3721. }
  3722. int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
  3723. const char *CApath)
  3724. {
  3725. if (CAfile == NULL && CApath == NULL)
  3726. return 0;
  3727. if (CAfile != NULL && !SSL_CTX_load_verify_file(ctx, CAfile))
  3728. return 0;
  3729. if (CApath != NULL && !SSL_CTX_load_verify_dir(ctx, CApath))
  3730. return 0;
  3731. return 1;
  3732. }
  3733. void SSL_set_info_callback(SSL *ssl,
  3734. void (*cb) (const SSL *ssl, int type, int val))
  3735. {
  3736. ssl->info_callback = cb;
  3737. }
  3738. /*
  3739. * One compiler (Diab DCC) doesn't like argument names in returned function
  3740. * pointer.
  3741. */
  3742. void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
  3743. int /* type */ ,
  3744. int /* val */ ) {
  3745. return ssl->info_callback;
  3746. }
  3747. void SSL_set_verify_result(SSL *ssl, long arg)
  3748. {
  3749. ssl->verify_result = arg;
  3750. }
  3751. long SSL_get_verify_result(const SSL *ssl)
  3752. {
  3753. return ssl->verify_result;
  3754. }
  3755. size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
  3756. {
  3757. if (outlen == 0)
  3758. return sizeof(ssl->s3.client_random);
  3759. if (outlen > sizeof(ssl->s3.client_random))
  3760. outlen = sizeof(ssl->s3.client_random);
  3761. memcpy(out, ssl->s3.client_random, outlen);
  3762. return outlen;
  3763. }
  3764. size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
  3765. {
  3766. if (outlen == 0)
  3767. return sizeof(ssl->s3.server_random);
  3768. if (outlen > sizeof(ssl->s3.server_random))
  3769. outlen = sizeof(ssl->s3.server_random);
  3770. memcpy(out, ssl->s3.server_random, outlen);
  3771. return outlen;
  3772. }
  3773. size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
  3774. unsigned char *out, size_t outlen)
  3775. {
  3776. if (outlen == 0)
  3777. return session->master_key_length;
  3778. if (outlen > session->master_key_length)
  3779. outlen = session->master_key_length;
  3780. memcpy(out, session->master_key, outlen);
  3781. return outlen;
  3782. }
  3783. int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
  3784. size_t len)
  3785. {
  3786. if (len > sizeof(sess->master_key))
  3787. return 0;
  3788. memcpy(sess->master_key, in, len);
  3789. sess->master_key_length = len;
  3790. return 1;
  3791. }
  3792. int SSL_set_ex_data(SSL *s, int idx, void *arg)
  3793. {
  3794. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  3795. }
  3796. void *SSL_get_ex_data(const SSL *s, int idx)
  3797. {
  3798. return CRYPTO_get_ex_data(&s->ex_data, idx);
  3799. }
  3800. int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
  3801. {
  3802. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  3803. }
  3804. void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
  3805. {
  3806. return CRYPTO_get_ex_data(&s->ex_data, idx);
  3807. }
  3808. X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
  3809. {
  3810. return ctx->cert_store;
  3811. }
  3812. void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
  3813. {
  3814. X509_STORE_free(ctx->cert_store);
  3815. ctx->cert_store = store;
  3816. }
  3817. void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
  3818. {
  3819. if (store != NULL)
  3820. X509_STORE_up_ref(store);
  3821. SSL_CTX_set_cert_store(ctx, store);
  3822. }
  3823. int SSL_want(const SSL *s)
  3824. {
  3825. return s->rwstate;
  3826. }
  3827. /**
  3828. * \brief Set the callback for generating temporary DH keys.
  3829. * \param ctx the SSL context.
  3830. * \param dh the callback
  3831. */
  3832. #ifndef OPENSSL_NO_DH
  3833. void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
  3834. DH *(*dh) (SSL *ssl, int is_export,
  3835. int keylength))
  3836. {
  3837. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
  3838. }
  3839. void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
  3840. int keylength))
  3841. {
  3842. SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
  3843. }
  3844. #endif
  3845. #ifndef OPENSSL_NO_PSK
  3846. int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
  3847. {
  3848. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  3849. SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
  3850. return 0;
  3851. }
  3852. OPENSSL_free(ctx->cert->psk_identity_hint);
  3853. if (identity_hint != NULL) {
  3854. ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  3855. if (ctx->cert->psk_identity_hint == NULL)
  3856. return 0;
  3857. } else
  3858. ctx->cert->psk_identity_hint = NULL;
  3859. return 1;
  3860. }
  3861. int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
  3862. {
  3863. if (s == NULL)
  3864. return 0;
  3865. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  3866. SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
  3867. return 0;
  3868. }
  3869. OPENSSL_free(s->cert->psk_identity_hint);
  3870. if (identity_hint != NULL) {
  3871. s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  3872. if (s->cert->psk_identity_hint == NULL)
  3873. return 0;
  3874. } else
  3875. s->cert->psk_identity_hint = NULL;
  3876. return 1;
  3877. }
  3878. const char *SSL_get_psk_identity_hint(const SSL *s)
  3879. {
  3880. if (s == NULL || s->session == NULL)
  3881. return NULL;
  3882. return s->session->psk_identity_hint;
  3883. }
  3884. const char *SSL_get_psk_identity(const SSL *s)
  3885. {
  3886. if (s == NULL || s->session == NULL)
  3887. return NULL;
  3888. return s->session->psk_identity;
  3889. }
  3890. void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
  3891. {
  3892. s->psk_client_callback = cb;
  3893. }
  3894. void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
  3895. {
  3896. ctx->psk_client_callback = cb;
  3897. }
  3898. void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
  3899. {
  3900. s->psk_server_callback = cb;
  3901. }
  3902. void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
  3903. {
  3904. ctx->psk_server_callback = cb;
  3905. }
  3906. #endif
  3907. void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
  3908. {
  3909. s->psk_find_session_cb = cb;
  3910. }
  3911. void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
  3912. SSL_psk_find_session_cb_func cb)
  3913. {
  3914. ctx->psk_find_session_cb = cb;
  3915. }
  3916. void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
  3917. {
  3918. s->psk_use_session_cb = cb;
  3919. }
  3920. void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
  3921. SSL_psk_use_session_cb_func cb)
  3922. {
  3923. ctx->psk_use_session_cb = cb;
  3924. }
  3925. void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
  3926. void (*cb) (int write_p, int version,
  3927. int content_type, const void *buf,
  3928. size_t len, SSL *ssl, void *arg))
  3929. {
  3930. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  3931. }
  3932. void SSL_set_msg_callback(SSL *ssl,
  3933. void (*cb) (int write_p, int version,
  3934. int content_type, const void *buf,
  3935. size_t len, SSL *ssl, void *arg))
  3936. {
  3937. SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  3938. }
  3939. void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
  3940. int (*cb) (SSL *ssl,
  3941. int
  3942. is_forward_secure))
  3943. {
  3944. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  3945. (void (*)(void))cb);
  3946. }
  3947. void SSL_set_not_resumable_session_callback(SSL *ssl,
  3948. int (*cb) (SSL *ssl,
  3949. int is_forward_secure))
  3950. {
  3951. SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  3952. (void (*)(void))cb);
  3953. }
  3954. void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
  3955. size_t (*cb) (SSL *ssl, int type,
  3956. size_t len, void *arg))
  3957. {
  3958. ctx->record_padding_cb = cb;
  3959. }
  3960. void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
  3961. {
  3962. ctx->record_padding_arg = arg;
  3963. }
  3964. void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx)
  3965. {
  3966. return ctx->record_padding_arg;
  3967. }
  3968. int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
  3969. {
  3970. /* block size of 0 or 1 is basically no padding */
  3971. if (block_size == 1)
  3972. ctx->block_padding = 0;
  3973. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  3974. ctx->block_padding = block_size;
  3975. else
  3976. return 0;
  3977. return 1;
  3978. }
  3979. int SSL_set_record_padding_callback(SSL *ssl,
  3980. size_t (*cb) (SSL *ssl, int type,
  3981. size_t len, void *arg))
  3982. {
  3983. BIO *b;
  3984. b = SSL_get_wbio(ssl);
  3985. if (b == NULL || !BIO_get_ktls_send(b)) {
  3986. ssl->record_padding_cb = cb;
  3987. return 1;
  3988. }
  3989. return 0;
  3990. }
  3991. void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
  3992. {
  3993. ssl->record_padding_arg = arg;
  3994. }
  3995. void *SSL_get_record_padding_callback_arg(const SSL *ssl)
  3996. {
  3997. return ssl->record_padding_arg;
  3998. }
  3999. int SSL_set_block_padding(SSL *ssl, size_t block_size)
  4000. {
  4001. /* block size of 0 or 1 is basically no padding */
  4002. if (block_size == 1)
  4003. ssl->block_padding = 0;
  4004. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  4005. ssl->block_padding = block_size;
  4006. else
  4007. return 0;
  4008. return 1;
  4009. }
  4010. int SSL_set_num_tickets(SSL *s, size_t num_tickets)
  4011. {
  4012. s->num_tickets = num_tickets;
  4013. return 1;
  4014. }
  4015. size_t SSL_get_num_tickets(const SSL *s)
  4016. {
  4017. return s->num_tickets;
  4018. }
  4019. int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
  4020. {
  4021. ctx->num_tickets = num_tickets;
  4022. return 1;
  4023. }
  4024. size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
  4025. {
  4026. return ctx->num_tickets;
  4027. }
  4028. /*
  4029. * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
  4030. * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
  4031. * If EVP_MD pointer is passed, initializes ctx with this |md|.
  4032. * Returns the newly allocated ctx;
  4033. */
  4034. EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
  4035. {
  4036. ssl_clear_hash_ctx(hash);
  4037. *hash = EVP_MD_CTX_new();
  4038. if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
  4039. EVP_MD_CTX_free(*hash);
  4040. *hash = NULL;
  4041. return NULL;
  4042. }
  4043. return *hash;
  4044. }
  4045. void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
  4046. {
  4047. EVP_MD_CTX_free(*hash);
  4048. *hash = NULL;
  4049. }
  4050. /* Retrieve handshake hashes */
  4051. int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
  4052. size_t *hashlen)
  4053. {
  4054. EVP_MD_CTX *ctx = NULL;
  4055. EVP_MD_CTX *hdgst = s->s3.handshake_dgst;
  4056. int hashleni = EVP_MD_CTX_size(hdgst);
  4057. int ret = 0;
  4058. if (hashleni < 0 || (size_t)hashleni > outlen) {
  4059. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
  4060. ERR_R_INTERNAL_ERROR);
  4061. goto err;
  4062. }
  4063. ctx = EVP_MD_CTX_new();
  4064. if (ctx == NULL)
  4065. goto err;
  4066. if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
  4067. || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
  4068. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
  4069. ERR_R_INTERNAL_ERROR);
  4070. goto err;
  4071. }
  4072. *hashlen = hashleni;
  4073. ret = 1;
  4074. err:
  4075. EVP_MD_CTX_free(ctx);
  4076. return ret;
  4077. }
  4078. int SSL_session_reused(const SSL *s)
  4079. {
  4080. return s->hit;
  4081. }
  4082. int SSL_is_server(const SSL *s)
  4083. {
  4084. return s->server;
  4085. }
  4086. #ifndef OPENSSL_NO_DEPRECATED_1_1_0
  4087. void SSL_set_debug(SSL *s, int debug)
  4088. {
  4089. /* Old function was do-nothing anyway... */
  4090. (void)s;
  4091. (void)debug;
  4092. }
  4093. #endif
  4094. void SSL_set_security_level(SSL *s, int level)
  4095. {
  4096. s->cert->sec_level = level;
  4097. }
  4098. int SSL_get_security_level(const SSL *s)
  4099. {
  4100. return s->cert->sec_level;
  4101. }
  4102. void SSL_set_security_callback(SSL *s,
  4103. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  4104. int op, int bits, int nid,
  4105. void *other, void *ex))
  4106. {
  4107. s->cert->sec_cb = cb;
  4108. }
  4109. int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
  4110. const SSL_CTX *ctx, int op,
  4111. int bits, int nid, void *other,
  4112. void *ex) {
  4113. return s->cert->sec_cb;
  4114. }
  4115. void SSL_set0_security_ex_data(SSL *s, void *ex)
  4116. {
  4117. s->cert->sec_ex = ex;
  4118. }
  4119. void *SSL_get0_security_ex_data(const SSL *s)
  4120. {
  4121. return s->cert->sec_ex;
  4122. }
  4123. void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
  4124. {
  4125. ctx->cert->sec_level = level;
  4126. }
  4127. int SSL_CTX_get_security_level(const SSL_CTX *ctx)
  4128. {
  4129. return ctx->cert->sec_level;
  4130. }
  4131. void SSL_CTX_set_security_callback(SSL_CTX *ctx,
  4132. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  4133. int op, int bits, int nid,
  4134. void *other, void *ex))
  4135. {
  4136. ctx->cert->sec_cb = cb;
  4137. }
  4138. int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
  4139. const SSL_CTX *ctx,
  4140. int op, int bits,
  4141. int nid,
  4142. void *other,
  4143. void *ex) {
  4144. return ctx->cert->sec_cb;
  4145. }
  4146. void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
  4147. {
  4148. ctx->cert->sec_ex = ex;
  4149. }
  4150. void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
  4151. {
  4152. return ctx->cert->sec_ex;
  4153. }
  4154. /*
  4155. * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
  4156. * can return unsigned long, instead of the generic long return value from the
  4157. * control interface.
  4158. */
  4159. unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
  4160. {
  4161. return ctx->options;
  4162. }
  4163. unsigned long SSL_get_options(const SSL *s)
  4164. {
  4165. return s->options;
  4166. }
  4167. unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
  4168. {
  4169. return ctx->options |= op;
  4170. }
  4171. unsigned long SSL_set_options(SSL *s, unsigned long op)
  4172. {
  4173. return s->options |= op;
  4174. }
  4175. unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
  4176. {
  4177. return ctx->options &= ~op;
  4178. }
  4179. unsigned long SSL_clear_options(SSL *s, unsigned long op)
  4180. {
  4181. return s->options &= ~op;
  4182. }
  4183. STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
  4184. {
  4185. return s->verified_chain;
  4186. }
  4187. IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
  4188. #ifndef OPENSSL_NO_CT
  4189. /*
  4190. * Moves SCTs from the |src| stack to the |dst| stack.
  4191. * The source of each SCT will be set to |origin|.
  4192. * If |dst| points to a NULL pointer, a new stack will be created and owned by
  4193. * the caller.
  4194. * Returns the number of SCTs moved, or a negative integer if an error occurs.
  4195. */
  4196. static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
  4197. sct_source_t origin)
  4198. {
  4199. int scts_moved = 0;
  4200. SCT *sct = NULL;
  4201. if (*dst == NULL) {
  4202. *dst = sk_SCT_new_null();
  4203. if (*dst == NULL) {
  4204. SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE);
  4205. goto err;
  4206. }
  4207. }
  4208. while ((sct = sk_SCT_pop(src)) != NULL) {
  4209. if (SCT_set_source(sct, origin) != 1)
  4210. goto err;
  4211. if (sk_SCT_push(*dst, sct) <= 0)
  4212. goto err;
  4213. scts_moved += 1;
  4214. }
  4215. return scts_moved;
  4216. err:
  4217. if (sct != NULL)
  4218. sk_SCT_push(src, sct); /* Put the SCT back */
  4219. return -1;
  4220. }
  4221. /*
  4222. * Look for data collected during ServerHello and parse if found.
  4223. * Returns the number of SCTs extracted.
  4224. */
  4225. static int ct_extract_tls_extension_scts(SSL *s)
  4226. {
  4227. int scts_extracted = 0;
  4228. if (s->ext.scts != NULL) {
  4229. const unsigned char *p = s->ext.scts;
  4230. STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
  4231. scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
  4232. SCT_LIST_free(scts);
  4233. }
  4234. return scts_extracted;
  4235. }
  4236. /*
  4237. * Checks for an OCSP response and then attempts to extract any SCTs found if it
  4238. * contains an SCT X509 extension. They will be stored in |s->scts|.
  4239. * Returns:
  4240. * - The number of SCTs extracted, assuming an OCSP response exists.
  4241. * - 0 if no OCSP response exists or it contains no SCTs.
  4242. * - A negative integer if an error occurs.
  4243. */
  4244. static int ct_extract_ocsp_response_scts(SSL *s)
  4245. {
  4246. # ifndef OPENSSL_NO_OCSP
  4247. int scts_extracted = 0;
  4248. const unsigned char *p;
  4249. OCSP_BASICRESP *br = NULL;
  4250. OCSP_RESPONSE *rsp = NULL;
  4251. STACK_OF(SCT) *scts = NULL;
  4252. int i;
  4253. if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
  4254. goto err;
  4255. p = s->ext.ocsp.resp;
  4256. rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
  4257. if (rsp == NULL)
  4258. goto err;
  4259. br = OCSP_response_get1_basic(rsp);
  4260. if (br == NULL)
  4261. goto err;
  4262. for (i = 0; i < OCSP_resp_count(br); ++i) {
  4263. OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
  4264. if (single == NULL)
  4265. continue;
  4266. scts =
  4267. OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
  4268. scts_extracted =
  4269. ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
  4270. if (scts_extracted < 0)
  4271. goto err;
  4272. }
  4273. err:
  4274. SCT_LIST_free(scts);
  4275. OCSP_BASICRESP_free(br);
  4276. OCSP_RESPONSE_free(rsp);
  4277. return scts_extracted;
  4278. # else
  4279. /* Behave as if no OCSP response exists */
  4280. return 0;
  4281. # endif
  4282. }
  4283. /*
  4284. * Attempts to extract SCTs from the peer certificate.
  4285. * Return the number of SCTs extracted, or a negative integer if an error
  4286. * occurs.
  4287. */
  4288. static int ct_extract_x509v3_extension_scts(SSL *s)
  4289. {
  4290. int scts_extracted = 0;
  4291. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  4292. if (cert != NULL) {
  4293. STACK_OF(SCT) *scts =
  4294. X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
  4295. scts_extracted =
  4296. ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
  4297. SCT_LIST_free(scts);
  4298. }
  4299. return scts_extracted;
  4300. }
  4301. /*
  4302. * Attempts to find all received SCTs by checking TLS extensions, the OCSP
  4303. * response (if it exists) and X509v3 extensions in the certificate.
  4304. * Returns NULL if an error occurs.
  4305. */
  4306. const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
  4307. {
  4308. if (!s->scts_parsed) {
  4309. if (ct_extract_tls_extension_scts(s) < 0 ||
  4310. ct_extract_ocsp_response_scts(s) < 0 ||
  4311. ct_extract_x509v3_extension_scts(s) < 0)
  4312. goto err;
  4313. s->scts_parsed = 1;
  4314. }
  4315. return s->scts;
  4316. err:
  4317. return NULL;
  4318. }
  4319. static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
  4320. const STACK_OF(SCT) *scts, void *unused_arg)
  4321. {
  4322. return 1;
  4323. }
  4324. static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
  4325. const STACK_OF(SCT) *scts, void *unused_arg)
  4326. {
  4327. int count = scts != NULL ? sk_SCT_num(scts) : 0;
  4328. int i;
  4329. for (i = 0; i < count; ++i) {
  4330. SCT *sct = sk_SCT_value(scts, i);
  4331. int status = SCT_get_validation_status(sct);
  4332. if (status == SCT_VALIDATION_STATUS_VALID)
  4333. return 1;
  4334. }
  4335. SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS);
  4336. return 0;
  4337. }
  4338. int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
  4339. void *arg)
  4340. {
  4341. /*
  4342. * Since code exists that uses the custom extension handler for CT, look
  4343. * for this and throw an error if they have already registered to use CT.
  4344. */
  4345. if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
  4346. TLSEXT_TYPE_signed_certificate_timestamp))
  4347. {
  4348. SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
  4349. SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  4350. return 0;
  4351. }
  4352. if (callback != NULL) {
  4353. /*
  4354. * If we are validating CT, then we MUST accept SCTs served via OCSP
  4355. */
  4356. if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
  4357. return 0;
  4358. }
  4359. s->ct_validation_callback = callback;
  4360. s->ct_validation_callback_arg = arg;
  4361. return 1;
  4362. }
  4363. int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
  4364. ssl_ct_validation_cb callback, void *arg)
  4365. {
  4366. /*
  4367. * Since code exists that uses the custom extension handler for CT, look for
  4368. * this and throw an error if they have already registered to use CT.
  4369. */
  4370. if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
  4371. TLSEXT_TYPE_signed_certificate_timestamp))
  4372. {
  4373. SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
  4374. SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  4375. return 0;
  4376. }
  4377. ctx->ct_validation_callback = callback;
  4378. ctx->ct_validation_callback_arg = arg;
  4379. return 1;
  4380. }
  4381. int SSL_ct_is_enabled(const SSL *s)
  4382. {
  4383. return s->ct_validation_callback != NULL;
  4384. }
  4385. int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
  4386. {
  4387. return ctx->ct_validation_callback != NULL;
  4388. }
  4389. int ssl_validate_ct(SSL *s)
  4390. {
  4391. int ret = 0;
  4392. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  4393. X509 *issuer;
  4394. SSL_DANE *dane = &s->dane;
  4395. CT_POLICY_EVAL_CTX *ctx = NULL;
  4396. const STACK_OF(SCT) *scts;
  4397. /*
  4398. * If no callback is set, the peer is anonymous, or its chain is invalid,
  4399. * skip SCT validation - just return success. Applications that continue
  4400. * handshakes without certificates, with unverified chains, or pinned leaf
  4401. * certificates are outside the scope of the WebPKI and CT.
  4402. *
  4403. * The above exclusions notwithstanding the vast majority of peers will
  4404. * have rather ordinary certificate chains validated by typical
  4405. * applications that perform certificate verification and therefore will
  4406. * process SCTs when enabled.
  4407. */
  4408. if (s->ct_validation_callback == NULL || cert == NULL ||
  4409. s->verify_result != X509_V_OK ||
  4410. s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
  4411. return 1;
  4412. /*
  4413. * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
  4414. * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2
  4415. */
  4416. if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
  4417. switch (dane->mtlsa->usage) {
  4418. case DANETLS_USAGE_DANE_TA:
  4419. case DANETLS_USAGE_DANE_EE:
  4420. return 1;
  4421. }
  4422. }
  4423. ctx = CT_POLICY_EVAL_CTX_new_with_libctx(s->ctx->libctx, s->ctx->propq);
  4424. if (ctx == NULL) {
  4425. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT,
  4426. ERR_R_MALLOC_FAILURE);
  4427. goto end;
  4428. }
  4429. issuer = sk_X509_value(s->verified_chain, 1);
  4430. CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
  4431. CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
  4432. CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
  4433. CT_POLICY_EVAL_CTX_set_time(
  4434. ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
  4435. scts = SSL_get0_peer_scts(s);
  4436. /*
  4437. * This function returns success (> 0) only when all the SCTs are valid, 0
  4438. * when some are invalid, and < 0 on various internal errors (out of
  4439. * memory, etc.). Having some, or even all, invalid SCTs is not sufficient
  4440. * reason to abort the handshake, that decision is up to the callback.
  4441. * Therefore, we error out only in the unexpected case that the return
  4442. * value is negative.
  4443. *
  4444. * XXX: One might well argue that the return value of this function is an
  4445. * unfortunate design choice. Its job is only to determine the validation
  4446. * status of each of the provided SCTs. So long as it correctly separates
  4447. * the wheat from the chaff it should return success. Failure in this case
  4448. * ought to correspond to an inability to carry out its duties.
  4449. */
  4450. if (SCT_LIST_validate(scts, ctx) < 0) {
  4451. SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
  4452. SSL_R_SCT_VERIFICATION_FAILED);
  4453. goto end;
  4454. }
  4455. ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
  4456. if (ret < 0)
  4457. ret = 0; /* This function returns 0 on failure */
  4458. if (!ret)
  4459. SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
  4460. SSL_R_CALLBACK_FAILED);
  4461. end:
  4462. CT_POLICY_EVAL_CTX_free(ctx);
  4463. /*
  4464. * With SSL_VERIFY_NONE the session may be cached and re-used despite a
  4465. * failure return code here. Also the application may wish the complete
  4466. * the handshake, and then disconnect cleanly at a higher layer, after
  4467. * checking the verification status of the completed connection.
  4468. *
  4469. * We therefore force a certificate verification failure which will be
  4470. * visible via SSL_get_verify_result() and cached as part of any resumed
  4471. * session.
  4472. *
  4473. * Note: the permissive callback is for information gathering only, always
  4474. * returns success, and does not affect verification status. Only the
  4475. * strict callback or a custom application-specified callback can trigger
  4476. * connection failure or record a verification error.
  4477. */
  4478. if (ret <= 0)
  4479. s->verify_result = X509_V_ERR_NO_VALID_SCTS;
  4480. return ret;
  4481. }
  4482. int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
  4483. {
  4484. switch (validation_mode) {
  4485. default:
  4486. SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
  4487. return 0;
  4488. case SSL_CT_VALIDATION_PERMISSIVE:
  4489. return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
  4490. case SSL_CT_VALIDATION_STRICT:
  4491. return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
  4492. }
  4493. }
  4494. int SSL_enable_ct(SSL *s, int validation_mode)
  4495. {
  4496. switch (validation_mode) {
  4497. default:
  4498. SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
  4499. return 0;
  4500. case SSL_CT_VALIDATION_PERMISSIVE:
  4501. return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
  4502. case SSL_CT_VALIDATION_STRICT:
  4503. return SSL_set_ct_validation_callback(s, ct_strict, NULL);
  4504. }
  4505. }
  4506. int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
  4507. {
  4508. return CTLOG_STORE_load_default_file(ctx->ctlog_store);
  4509. }
  4510. int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
  4511. {
  4512. return CTLOG_STORE_load_file(ctx->ctlog_store, path);
  4513. }
  4514. void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
  4515. {
  4516. CTLOG_STORE_free(ctx->ctlog_store);
  4517. ctx->ctlog_store = logs;
  4518. }
  4519. const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
  4520. {
  4521. return ctx->ctlog_store;
  4522. }
  4523. #endif /* OPENSSL_NO_CT */
  4524. void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
  4525. void *arg)
  4526. {
  4527. c->client_hello_cb = cb;
  4528. c->client_hello_cb_arg = arg;
  4529. }
  4530. int SSL_client_hello_isv2(SSL *s)
  4531. {
  4532. if (s->clienthello == NULL)
  4533. return 0;
  4534. return s->clienthello->isv2;
  4535. }
  4536. unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
  4537. {
  4538. if (s->clienthello == NULL)
  4539. return 0;
  4540. return s->clienthello->legacy_version;
  4541. }
  4542. size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
  4543. {
  4544. if (s->clienthello == NULL)
  4545. return 0;
  4546. if (out != NULL)
  4547. *out = s->clienthello->random;
  4548. return SSL3_RANDOM_SIZE;
  4549. }
  4550. size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
  4551. {
  4552. if (s->clienthello == NULL)
  4553. return 0;
  4554. if (out != NULL)
  4555. *out = s->clienthello->session_id;
  4556. return s->clienthello->session_id_len;
  4557. }
  4558. size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
  4559. {
  4560. if (s->clienthello == NULL)
  4561. return 0;
  4562. if (out != NULL)
  4563. *out = PACKET_data(&s->clienthello->ciphersuites);
  4564. return PACKET_remaining(&s->clienthello->ciphersuites);
  4565. }
  4566. size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
  4567. {
  4568. if (s->clienthello == NULL)
  4569. return 0;
  4570. if (out != NULL)
  4571. *out = s->clienthello->compressions;
  4572. return s->clienthello->compressions_len;
  4573. }
  4574. int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
  4575. {
  4576. RAW_EXTENSION *ext;
  4577. int *present;
  4578. size_t num = 0, i;
  4579. if (s->clienthello == NULL || out == NULL || outlen == NULL)
  4580. return 0;
  4581. for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
  4582. ext = s->clienthello->pre_proc_exts + i;
  4583. if (ext->present)
  4584. num++;
  4585. }
  4586. if (num == 0) {
  4587. *out = NULL;
  4588. *outlen = 0;
  4589. return 1;
  4590. }
  4591. if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) {
  4592. SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT,
  4593. ERR_R_MALLOC_FAILURE);
  4594. return 0;
  4595. }
  4596. for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
  4597. ext = s->clienthello->pre_proc_exts + i;
  4598. if (ext->present) {
  4599. if (ext->received_order >= num)
  4600. goto err;
  4601. present[ext->received_order] = ext->type;
  4602. }
  4603. }
  4604. *out = present;
  4605. *outlen = num;
  4606. return 1;
  4607. err:
  4608. OPENSSL_free(present);
  4609. return 0;
  4610. }
  4611. int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
  4612. size_t *outlen)
  4613. {
  4614. size_t i;
  4615. RAW_EXTENSION *r;
  4616. if (s->clienthello == NULL)
  4617. return 0;
  4618. for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) {
  4619. r = s->clienthello->pre_proc_exts + i;
  4620. if (r->present && r->type == type) {
  4621. if (out != NULL)
  4622. *out = PACKET_data(&r->data);
  4623. if (outlen != NULL)
  4624. *outlen = PACKET_remaining(&r->data);
  4625. return 1;
  4626. }
  4627. }
  4628. return 0;
  4629. }
  4630. int SSL_free_buffers(SSL *ssl)
  4631. {
  4632. RECORD_LAYER *rl = &ssl->rlayer;
  4633. if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
  4634. return 0;
  4635. RECORD_LAYER_release(rl);
  4636. return 1;
  4637. }
  4638. int SSL_alloc_buffers(SSL *ssl)
  4639. {
  4640. return ssl3_setup_buffers(ssl);
  4641. }
  4642. void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
  4643. {
  4644. ctx->keylog_callback = cb;
  4645. }
  4646. SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
  4647. {
  4648. return ctx->keylog_callback;
  4649. }
  4650. static int nss_keylog_int(const char *prefix,
  4651. SSL *ssl,
  4652. const uint8_t *parameter_1,
  4653. size_t parameter_1_len,
  4654. const uint8_t *parameter_2,
  4655. size_t parameter_2_len)
  4656. {
  4657. char *out = NULL;
  4658. char *cursor = NULL;
  4659. size_t out_len = 0;
  4660. size_t i;
  4661. size_t prefix_len;
  4662. if (ssl->ctx->keylog_callback == NULL)
  4663. return 1;
  4664. /*
  4665. * Our output buffer will contain the following strings, rendered with
  4666. * space characters in between, terminated by a NULL character: first the
  4667. * prefix, then the first parameter, then the second parameter. The
  4668. * meaning of each parameter depends on the specific key material being
  4669. * logged. Note that the first and second parameters are encoded in
  4670. * hexadecimal, so we need a buffer that is twice their lengths.
  4671. */
  4672. prefix_len = strlen(prefix);
  4673. out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
  4674. if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
  4675. SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
  4676. ERR_R_MALLOC_FAILURE);
  4677. return 0;
  4678. }
  4679. strcpy(cursor, prefix);
  4680. cursor += prefix_len;
  4681. *cursor++ = ' ';
  4682. for (i = 0; i < parameter_1_len; i++) {
  4683. sprintf(cursor, "%02x", parameter_1[i]);
  4684. cursor += 2;
  4685. }
  4686. *cursor++ = ' ';
  4687. for (i = 0; i < parameter_2_len; i++) {
  4688. sprintf(cursor, "%02x", parameter_2[i]);
  4689. cursor += 2;
  4690. }
  4691. *cursor = '\0';
  4692. ssl->ctx->keylog_callback(ssl, (const char *)out);
  4693. OPENSSL_clear_free(out, out_len);
  4694. return 1;
  4695. }
  4696. int ssl_log_rsa_client_key_exchange(SSL *ssl,
  4697. const uint8_t *encrypted_premaster,
  4698. size_t encrypted_premaster_len,
  4699. const uint8_t *premaster,
  4700. size_t premaster_len)
  4701. {
  4702. if (encrypted_premaster_len < 8) {
  4703. SSLfatal(ssl, SSL_AD_INTERNAL_ERROR,
  4704. SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
  4705. return 0;
  4706. }
  4707. /* We only want the first 8 bytes of the encrypted premaster as a tag. */
  4708. return nss_keylog_int("RSA",
  4709. ssl,
  4710. encrypted_premaster,
  4711. 8,
  4712. premaster,
  4713. premaster_len);
  4714. }
  4715. int ssl_log_secret(SSL *ssl,
  4716. const char *label,
  4717. const uint8_t *secret,
  4718. size_t secret_len)
  4719. {
  4720. return nss_keylog_int(label,
  4721. ssl,
  4722. ssl->s3.client_random,
  4723. SSL3_RANDOM_SIZE,
  4724. secret,
  4725. secret_len);
  4726. }
  4727. #define SSLV2_CIPHER_LEN 3
  4728. int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
  4729. {
  4730. int n;
  4731. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  4732. if (PACKET_remaining(cipher_suites) == 0) {
  4733. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST,
  4734. SSL_R_NO_CIPHERS_SPECIFIED);
  4735. return 0;
  4736. }
  4737. if (PACKET_remaining(cipher_suites) % n != 0) {
  4738. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
  4739. SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  4740. return 0;
  4741. }
  4742. OPENSSL_free(s->s3.tmp.ciphers_raw);
  4743. s->s3.tmp.ciphers_raw = NULL;
  4744. s->s3.tmp.ciphers_rawlen = 0;
  4745. if (sslv2format) {
  4746. size_t numciphers = PACKET_remaining(cipher_suites) / n;
  4747. PACKET sslv2ciphers = *cipher_suites;
  4748. unsigned int leadbyte;
  4749. unsigned char *raw;
  4750. /*
  4751. * We store the raw ciphers list in SSLv3+ format so we need to do some
  4752. * preprocessing to convert the list first. If there are any SSLv2 only
  4753. * ciphersuites with a non-zero leading byte then we are going to
  4754. * slightly over allocate because we won't store those. But that isn't a
  4755. * problem.
  4756. */
  4757. raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
  4758. s->s3.tmp.ciphers_raw = raw;
  4759. if (raw == NULL) {
  4760. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
  4761. ERR_R_MALLOC_FAILURE);
  4762. return 0;
  4763. }
  4764. for (s->s3.tmp.ciphers_rawlen = 0;
  4765. PACKET_remaining(&sslv2ciphers) > 0;
  4766. raw += TLS_CIPHER_LEN) {
  4767. if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
  4768. || (leadbyte == 0
  4769. && !PACKET_copy_bytes(&sslv2ciphers, raw,
  4770. TLS_CIPHER_LEN))
  4771. || (leadbyte != 0
  4772. && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
  4773. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
  4774. SSL_R_BAD_PACKET);
  4775. OPENSSL_free(s->s3.tmp.ciphers_raw);
  4776. s->s3.tmp.ciphers_raw = NULL;
  4777. s->s3.tmp.ciphers_rawlen = 0;
  4778. return 0;
  4779. }
  4780. if (leadbyte == 0)
  4781. s->s3.tmp.ciphers_rawlen += TLS_CIPHER_LEN;
  4782. }
  4783. } else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw,
  4784. &s->s3.tmp.ciphers_rawlen)) {
  4785. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
  4786. ERR_R_INTERNAL_ERROR);
  4787. return 0;
  4788. }
  4789. return 1;
  4790. }
  4791. int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
  4792. int isv2format, STACK_OF(SSL_CIPHER) **sk,
  4793. STACK_OF(SSL_CIPHER) **scsvs)
  4794. {
  4795. PACKET pkt;
  4796. if (!PACKET_buf_init(&pkt, bytes, len))
  4797. return 0;
  4798. return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0);
  4799. }
  4800. int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
  4801. STACK_OF(SSL_CIPHER) **skp,
  4802. STACK_OF(SSL_CIPHER) **scsvs_out,
  4803. int sslv2format, int fatal)
  4804. {
  4805. const SSL_CIPHER *c;
  4806. STACK_OF(SSL_CIPHER) *sk = NULL;
  4807. STACK_OF(SSL_CIPHER) *scsvs = NULL;
  4808. int n;
  4809. /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
  4810. unsigned char cipher[SSLV2_CIPHER_LEN];
  4811. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  4812. if (PACKET_remaining(cipher_suites) == 0) {
  4813. if (fatal)
  4814. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST,
  4815. SSL_R_NO_CIPHERS_SPECIFIED);
  4816. else
  4817. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
  4818. return 0;
  4819. }
  4820. if (PACKET_remaining(cipher_suites) % n != 0) {
  4821. if (fatal)
  4822. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
  4823. SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  4824. else
  4825. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,
  4826. SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  4827. return 0;
  4828. }
  4829. sk = sk_SSL_CIPHER_new_null();
  4830. scsvs = sk_SSL_CIPHER_new_null();
  4831. if (sk == NULL || scsvs == NULL) {
  4832. if (fatal)
  4833. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
  4834. ERR_R_MALLOC_FAILURE);
  4835. else
  4836. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
  4837. goto err;
  4838. }
  4839. while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
  4840. /*
  4841. * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
  4842. * first byte set to zero, while true SSLv2 ciphers have a non-zero
  4843. * first byte. We don't support any true SSLv2 ciphers, so skip them.
  4844. */
  4845. if (sslv2format && cipher[0] != '\0')
  4846. continue;
  4847. /* For SSLv2-compat, ignore leading 0-byte. */
  4848. c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
  4849. if (c != NULL) {
  4850. if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
  4851. (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
  4852. if (fatal)
  4853. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  4854. SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
  4855. else
  4856. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
  4857. goto err;
  4858. }
  4859. }
  4860. }
  4861. if (PACKET_remaining(cipher_suites) > 0) {
  4862. if (fatal)
  4863. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
  4864. SSL_R_BAD_LENGTH);
  4865. else
  4866. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);
  4867. goto err;
  4868. }
  4869. if (skp != NULL)
  4870. *skp = sk;
  4871. else
  4872. sk_SSL_CIPHER_free(sk);
  4873. if (scsvs_out != NULL)
  4874. *scsvs_out = scsvs;
  4875. else
  4876. sk_SSL_CIPHER_free(scsvs);
  4877. return 1;
  4878. err:
  4879. sk_SSL_CIPHER_free(sk);
  4880. sk_SSL_CIPHER_free(scsvs);
  4881. return 0;
  4882. }
  4883. int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
  4884. {
  4885. ctx->max_early_data = max_early_data;
  4886. return 1;
  4887. }
  4888. uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
  4889. {
  4890. return ctx->max_early_data;
  4891. }
  4892. int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
  4893. {
  4894. s->max_early_data = max_early_data;
  4895. return 1;
  4896. }
  4897. uint32_t SSL_get_max_early_data(const SSL *s)
  4898. {
  4899. return s->max_early_data;
  4900. }
  4901. int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
  4902. {
  4903. ctx->recv_max_early_data = recv_max_early_data;
  4904. return 1;
  4905. }
  4906. uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
  4907. {
  4908. return ctx->recv_max_early_data;
  4909. }
  4910. int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)
  4911. {
  4912. s->recv_max_early_data = recv_max_early_data;
  4913. return 1;
  4914. }
  4915. uint32_t SSL_get_recv_max_early_data(const SSL *s)
  4916. {
  4917. return s->recv_max_early_data;
  4918. }
  4919. __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl)
  4920. {
  4921. /* Return any active Max Fragment Len extension */
  4922. if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session))
  4923. return GET_MAX_FRAGMENT_LENGTH(ssl->session);
  4924. /* return current SSL connection setting */
  4925. return ssl->max_send_fragment;
  4926. }
  4927. __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl)
  4928. {
  4929. /* Return a value regarding an active Max Fragment Len extension */
  4930. if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)
  4931. && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session))
  4932. return GET_MAX_FRAGMENT_LENGTH(ssl->session);
  4933. /* else limit |split_send_fragment| to current |max_send_fragment| */
  4934. if (ssl->split_send_fragment > ssl->max_send_fragment)
  4935. return ssl->max_send_fragment;
  4936. /* return current SSL connection setting */
  4937. return ssl->split_send_fragment;
  4938. }
  4939. int SSL_stateless(SSL *s)
  4940. {
  4941. int ret;
  4942. /* Ensure there is no state left over from a previous invocation */
  4943. if (!SSL_clear(s))
  4944. return 0;
  4945. ERR_clear_error();
  4946. s->s3.flags |= TLS1_FLAGS_STATELESS;
  4947. ret = SSL_accept(s);
  4948. s->s3.flags &= ~TLS1_FLAGS_STATELESS;
  4949. if (ret > 0 && s->ext.cookieok)
  4950. return 1;
  4951. if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s))
  4952. return 0;
  4953. return -1;
  4954. }
  4955. void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
  4956. {
  4957. ctx->pha_enabled = val;
  4958. }
  4959. void SSL_set_post_handshake_auth(SSL *ssl, int val)
  4960. {
  4961. ssl->pha_enabled = val;
  4962. }
  4963. int SSL_verify_client_post_handshake(SSL *ssl)
  4964. {
  4965. if (!SSL_IS_TLS13(ssl)) {
  4966. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION);
  4967. return 0;
  4968. }
  4969. if (!ssl->server) {
  4970. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER);
  4971. return 0;
  4972. }
  4973. if (!SSL_is_init_finished(ssl)) {
  4974. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT);
  4975. return 0;
  4976. }
  4977. switch (ssl->post_handshake_auth) {
  4978. case SSL_PHA_NONE:
  4979. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED);
  4980. return 0;
  4981. default:
  4982. case SSL_PHA_EXT_SENT:
  4983. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR);
  4984. return 0;
  4985. case SSL_PHA_EXT_RECEIVED:
  4986. break;
  4987. case SSL_PHA_REQUEST_PENDING:
  4988. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING);
  4989. return 0;
  4990. case SSL_PHA_REQUESTED:
  4991. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT);
  4992. return 0;
  4993. }
  4994. ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
  4995. /* checks verify_mode and algorithm_auth */
  4996. if (!send_certificate_request(ssl)) {
  4997. ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
  4998. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG);
  4999. return 0;
  5000. }
  5001. ossl_statem_set_in_init(ssl, 1);
  5002. return 1;
  5003. }
  5004. int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
  5005. SSL_CTX_generate_session_ticket_fn gen_cb,
  5006. SSL_CTX_decrypt_session_ticket_fn dec_cb,
  5007. void *arg)
  5008. {
  5009. ctx->generate_ticket_cb = gen_cb;
  5010. ctx->decrypt_ticket_cb = dec_cb;
  5011. ctx->ticket_cb_data = arg;
  5012. return 1;
  5013. }
  5014. void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
  5015. SSL_allow_early_data_cb_fn cb,
  5016. void *arg)
  5017. {
  5018. ctx->allow_early_data_cb = cb;
  5019. ctx->allow_early_data_cb_data = arg;
  5020. }
  5021. void SSL_set_allow_early_data_cb(SSL *s,
  5022. SSL_allow_early_data_cb_fn cb,
  5023. void *arg)
  5024. {
  5025. s->allow_early_data_cb = cb;
  5026. s->allow_early_data_cb_data = arg;
  5027. }
  5028. const EVP_CIPHER *ssl_evp_cipher_fetch(OPENSSL_CTX *libctx,
  5029. int nid,
  5030. const char *properties)
  5031. {
  5032. EVP_CIPHER *ciph;
  5033. #ifndef OPENSSL_NO_ENGINE
  5034. ENGINE *eng;
  5035. /*
  5036. * If there is an Engine available for this cipher we use the "implicit"
  5037. * form to ensure we use that engine later.
  5038. */
  5039. eng = ENGINE_get_cipher_engine(nid);
  5040. if (eng != NULL) {
  5041. ENGINE_finish(eng);
  5042. return EVP_get_cipherbynid(nid);
  5043. }
  5044. #endif
  5045. /* Otherwise we do an explicit fetch. This may fail and that could be ok */
  5046. ERR_set_mark();
  5047. ciph = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties);
  5048. ERR_pop_to_mark();
  5049. return ciph;
  5050. }
  5051. int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher)
  5052. {
  5053. /* Don't up-ref an implicit EVP_CIPHER */
  5054. if (EVP_CIPHER_provider(cipher) == NULL)
  5055. return 1;
  5056. /*
  5057. * The cipher was explicitly fetched and therefore it is safe to cast
  5058. * away the const
  5059. */
  5060. return EVP_CIPHER_up_ref((EVP_CIPHER *)cipher);
  5061. }
  5062. void ssl_evp_cipher_free(const EVP_CIPHER *cipher)
  5063. {
  5064. if (cipher == NULL)
  5065. return;
  5066. if (EVP_CIPHER_provider(cipher) != NULL) {
  5067. /*
  5068. * The cipher was explicitly fetched and therefore it is safe to cast
  5069. * away the const
  5070. */
  5071. EVP_CIPHER_free((EVP_CIPHER *)cipher);
  5072. }
  5073. }
  5074. const EVP_MD *ssl_evp_md_fetch(OPENSSL_CTX *libctx,
  5075. int nid,
  5076. const char *properties)
  5077. {
  5078. EVP_MD *md;
  5079. #ifndef OPENSSL_NO_ENGINE
  5080. ENGINE *eng;
  5081. /*
  5082. * If there is an Engine available for this digest we use the "implicit"
  5083. * form to ensure we use that engine later.
  5084. */
  5085. eng = ENGINE_get_digest_engine(nid);
  5086. if (eng != NULL) {
  5087. ENGINE_finish(eng);
  5088. return EVP_get_digestbynid(nid);
  5089. }
  5090. #endif
  5091. /* Otherwise we do an explicit fetch */
  5092. ERR_set_mark();
  5093. md = EVP_MD_fetch(libctx, OBJ_nid2sn(nid), properties);
  5094. ERR_pop_to_mark();
  5095. return md;
  5096. }
  5097. int ssl_evp_md_up_ref(const EVP_MD *md)
  5098. {
  5099. /* Don't up-ref an implicit EVP_MD */
  5100. if (EVP_MD_provider(md) == NULL)
  5101. return 1;
  5102. /*
  5103. * The digest was explicitly fetched and therefore it is safe to cast
  5104. * away the const
  5105. */
  5106. return EVP_MD_up_ref((EVP_MD *)md);
  5107. }
  5108. void ssl_evp_md_free(const EVP_MD *md)
  5109. {
  5110. if (md == NULL)
  5111. return;
  5112. if (EVP_MD_provider(md) != NULL) {
  5113. /*
  5114. * The digest was explicitly fetched and therefore it is safe to cast
  5115. * away the const
  5116. */
  5117. EVP_MD_free((EVP_MD *)md);
  5118. }
  5119. }