ssl_lib.c 139 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107
  1. /*
  2. * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  4. * Copyright 2005 Nokia. All rights reserved.
  5. *
  6. * Licensed under the OpenSSL license (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include <stdio.h>
  12. #include "ssl_locl.h"
  13. #include <openssl/objects.h>
  14. #include <openssl/lhash.h>
  15. #include <openssl/x509v3.h>
  16. #include <openssl/rand.h>
  17. #include <openssl/ocsp.h>
  18. #include <openssl/dh.h>
  19. #include <openssl/engine.h>
  20. #include <openssl/async.h>
  21. #include <openssl/ct.h>
  22. #include "internal/cryptlib.h"
  23. #include "internal/rand.h"
  24. const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
  25. SSL3_ENC_METHOD ssl3_undef_enc_method = {
  26. /*
  27. * evil casts, but these functions are only called if there's a library
  28. * bug
  29. */
  30. (int (*)(SSL *, SSL3_RECORD *, size_t, int))ssl_undefined_function,
  31. (int (*)(SSL *, SSL3_RECORD *, unsigned char *, int))ssl_undefined_function,
  32. ssl_undefined_function,
  33. (int (*)(SSL *, unsigned char *, unsigned char *, size_t, size_t *))
  34. ssl_undefined_function,
  35. (int (*)(SSL *, int))ssl_undefined_function,
  36. (size_t (*)(SSL *, const char *, size_t, unsigned char *))
  37. ssl_undefined_function,
  38. NULL, /* client_finished_label */
  39. 0, /* client_finished_label_len */
  40. NULL, /* server_finished_label */
  41. 0, /* server_finished_label_len */
  42. (int (*)(int))ssl_undefined_function,
  43. (int (*)(SSL *, unsigned char *, size_t, const char *,
  44. size_t, const unsigned char *, size_t,
  45. int use_context))ssl_undefined_function,
  46. };
  47. struct ssl_async_args {
  48. SSL *s;
  49. void *buf;
  50. size_t num;
  51. enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
  52. union {
  53. int (*func_read) (SSL *, void *, size_t, size_t *);
  54. int (*func_write) (SSL *, const void *, size_t, size_t *);
  55. int (*func_other) (SSL *);
  56. } f;
  57. };
  58. static const struct {
  59. uint8_t mtype;
  60. uint8_t ord;
  61. int nid;
  62. } dane_mds[] = {
  63. {
  64. DANETLS_MATCHING_FULL, 0, NID_undef
  65. },
  66. {
  67. DANETLS_MATCHING_2256, 1, NID_sha256
  68. },
  69. {
  70. DANETLS_MATCHING_2512, 2, NID_sha512
  71. },
  72. };
  73. static int dane_ctx_enable(struct dane_ctx_st *dctx)
  74. {
  75. const EVP_MD **mdevp;
  76. uint8_t *mdord;
  77. uint8_t mdmax = DANETLS_MATCHING_LAST;
  78. int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */
  79. size_t i;
  80. if (dctx->mdevp != NULL)
  81. return 1;
  82. mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
  83. mdord = OPENSSL_zalloc(n * sizeof(*mdord));
  84. if (mdord == NULL || mdevp == NULL) {
  85. OPENSSL_free(mdord);
  86. OPENSSL_free(mdevp);
  87. SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
  88. return 0;
  89. }
  90. /* Install default entries */
  91. for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
  92. const EVP_MD *md;
  93. if (dane_mds[i].nid == NID_undef ||
  94. (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
  95. continue;
  96. mdevp[dane_mds[i].mtype] = md;
  97. mdord[dane_mds[i].mtype] = dane_mds[i].ord;
  98. }
  99. dctx->mdevp = mdevp;
  100. dctx->mdord = mdord;
  101. dctx->mdmax = mdmax;
  102. return 1;
  103. }
  104. static void dane_ctx_final(struct dane_ctx_st *dctx)
  105. {
  106. OPENSSL_free(dctx->mdevp);
  107. dctx->mdevp = NULL;
  108. OPENSSL_free(dctx->mdord);
  109. dctx->mdord = NULL;
  110. dctx->mdmax = 0;
  111. }
  112. static void tlsa_free(danetls_record *t)
  113. {
  114. if (t == NULL)
  115. return;
  116. OPENSSL_free(t->data);
  117. EVP_PKEY_free(t->spki);
  118. OPENSSL_free(t);
  119. }
  120. static void dane_final(SSL_DANE *dane)
  121. {
  122. sk_danetls_record_pop_free(dane->trecs, tlsa_free);
  123. dane->trecs = NULL;
  124. sk_X509_pop_free(dane->certs, X509_free);
  125. dane->certs = NULL;
  126. X509_free(dane->mcert);
  127. dane->mcert = NULL;
  128. dane->mtlsa = NULL;
  129. dane->mdpth = -1;
  130. dane->pdpth = -1;
  131. }
  132. /*
  133. * dane_copy - Copy dane configuration, sans verification state.
  134. */
  135. static int ssl_dane_dup(SSL *to, SSL *from)
  136. {
  137. int num;
  138. int i;
  139. if (!DANETLS_ENABLED(&from->dane))
  140. return 1;
  141. dane_final(&to->dane);
  142. to->dane.flags = from->dane.flags;
  143. to->dane.dctx = &to->ctx->dane;
  144. to->dane.trecs = sk_danetls_record_new_null();
  145. if (to->dane.trecs == NULL) {
  146. SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
  147. return 0;
  148. }
  149. num = sk_danetls_record_num(from->dane.trecs);
  150. for (i = 0; i < num; ++i) {
  151. danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
  152. if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
  153. t->data, t->dlen) <= 0)
  154. return 0;
  155. }
  156. return 1;
  157. }
  158. static int dane_mtype_set(struct dane_ctx_st *dctx,
  159. const EVP_MD *md, uint8_t mtype, uint8_t ord)
  160. {
  161. int i;
  162. if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
  163. SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
  164. return 0;
  165. }
  166. if (mtype > dctx->mdmax) {
  167. const EVP_MD **mdevp;
  168. uint8_t *mdord;
  169. int n = ((int)mtype) + 1;
  170. mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
  171. if (mdevp == NULL) {
  172. SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
  173. return -1;
  174. }
  175. dctx->mdevp = mdevp;
  176. mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
  177. if (mdord == NULL) {
  178. SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
  179. return -1;
  180. }
  181. dctx->mdord = mdord;
  182. /* Zero-fill any gaps */
  183. for (i = dctx->mdmax + 1; i < mtype; ++i) {
  184. mdevp[i] = NULL;
  185. mdord[i] = 0;
  186. }
  187. dctx->mdmax = mtype;
  188. }
  189. dctx->mdevp[mtype] = md;
  190. /* Coerce ordinal of disabled matching types to 0 */
  191. dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
  192. return 1;
  193. }
  194. static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
  195. {
  196. if (mtype > dane->dctx->mdmax)
  197. return NULL;
  198. return dane->dctx->mdevp[mtype];
  199. }
  200. static int dane_tlsa_add(SSL_DANE *dane,
  201. uint8_t usage,
  202. uint8_t selector,
  203. uint8_t mtype, unsigned char *data, size_t dlen)
  204. {
  205. danetls_record *t;
  206. const EVP_MD *md = NULL;
  207. int ilen = (int)dlen;
  208. int i;
  209. int num;
  210. if (dane->trecs == NULL) {
  211. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
  212. return -1;
  213. }
  214. if (ilen < 0 || dlen != (size_t)ilen) {
  215. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
  216. return 0;
  217. }
  218. if (usage > DANETLS_USAGE_LAST) {
  219. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
  220. return 0;
  221. }
  222. if (selector > DANETLS_SELECTOR_LAST) {
  223. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);
  224. return 0;
  225. }
  226. if (mtype != DANETLS_MATCHING_FULL) {
  227. md = tlsa_md_get(dane, mtype);
  228. if (md == NULL) {
  229. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
  230. return 0;
  231. }
  232. }
  233. if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
  234. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
  235. return 0;
  236. }
  237. if (!data) {
  238. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);
  239. return 0;
  240. }
  241. if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
  242. SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
  243. return -1;
  244. }
  245. t->usage = usage;
  246. t->selector = selector;
  247. t->mtype = mtype;
  248. t->data = OPENSSL_malloc(dlen);
  249. if (t->data == NULL) {
  250. tlsa_free(t);
  251. SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
  252. return -1;
  253. }
  254. memcpy(t->data, data, dlen);
  255. t->dlen = dlen;
  256. /* Validate and cache full certificate or public key */
  257. if (mtype == DANETLS_MATCHING_FULL) {
  258. const unsigned char *p = data;
  259. X509 *cert = NULL;
  260. EVP_PKEY *pkey = NULL;
  261. switch (selector) {
  262. case DANETLS_SELECTOR_CERT:
  263. if (!d2i_X509(&cert, &p, ilen) || p < data ||
  264. dlen != (size_t)(p - data)) {
  265. tlsa_free(t);
  266. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  267. return 0;
  268. }
  269. if (X509_get0_pubkey(cert) == NULL) {
  270. tlsa_free(t);
  271. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  272. return 0;
  273. }
  274. if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
  275. X509_free(cert);
  276. break;
  277. }
  278. /*
  279. * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
  280. * records that contain full certificates of trust-anchors that are
  281. * not present in the wire chain. For usage PKIX-TA(0), we augment
  282. * the chain with untrusted Full(0) certificates from DNS, in case
  283. * they are missing from the chain.
  284. */
  285. if ((dane->certs == NULL &&
  286. (dane->certs = sk_X509_new_null()) == NULL) ||
  287. !sk_X509_push(dane->certs, cert)) {
  288. SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
  289. X509_free(cert);
  290. tlsa_free(t);
  291. return -1;
  292. }
  293. break;
  294. case DANETLS_SELECTOR_SPKI:
  295. if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
  296. dlen != (size_t)(p - data)) {
  297. tlsa_free(t);
  298. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
  299. return 0;
  300. }
  301. /*
  302. * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
  303. * records that contain full bare keys of trust-anchors that are
  304. * not present in the wire chain.
  305. */
  306. if (usage == DANETLS_USAGE_DANE_TA)
  307. t->spki = pkey;
  308. else
  309. EVP_PKEY_free(pkey);
  310. break;
  311. }
  312. }
  313. /*-
  314. * Find the right insertion point for the new record.
  315. *
  316. * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that
  317. * they can be processed first, as they require no chain building, and no
  318. * expiration or hostname checks. Because DANE-EE(3) is numerically
  319. * largest, this is accomplished via descending sort by "usage".
  320. *
  321. * We also sort in descending order by matching ordinal to simplify
  322. * the implementation of digest agility in the verification code.
  323. *
  324. * The choice of order for the selector is not significant, so we
  325. * use the same descending order for consistency.
  326. */
  327. num = sk_danetls_record_num(dane->trecs);
  328. for (i = 0; i < num; ++i) {
  329. danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
  330. if (rec->usage > usage)
  331. continue;
  332. if (rec->usage < usage)
  333. break;
  334. if (rec->selector > selector)
  335. continue;
  336. if (rec->selector < selector)
  337. break;
  338. if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
  339. continue;
  340. break;
  341. }
  342. if (!sk_danetls_record_insert(dane->trecs, t, i)) {
  343. tlsa_free(t);
  344. SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
  345. return -1;
  346. }
  347. dane->umask |= DANETLS_USAGE_BIT(usage);
  348. return 1;
  349. }
  350. /*
  351. * Return 0 if there is only one version configured and it was disabled
  352. * at configure time. Return 1 otherwise.
  353. */
  354. static int ssl_check_allowed_versions(int min_version, int max_version)
  355. {
  356. int minisdtls = 0, maxisdtls = 0;
  357. /* Figure out if we're doing DTLS versions or TLS versions */
  358. if (min_version == DTLS1_BAD_VER
  359. || min_version >> 8 == DTLS1_VERSION_MAJOR)
  360. minisdtls = 1;
  361. if (max_version == DTLS1_BAD_VER
  362. || max_version >> 8 == DTLS1_VERSION_MAJOR)
  363. maxisdtls = 1;
  364. /* A wildcard version of 0 could be DTLS or TLS. */
  365. if ((minisdtls && !maxisdtls && max_version != 0)
  366. || (maxisdtls && !minisdtls && min_version != 0)) {
  367. /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
  368. return 0;
  369. }
  370. if (minisdtls || maxisdtls) {
  371. /* Do DTLS version checks. */
  372. if (min_version == 0)
  373. /* Ignore DTLS1_BAD_VER */
  374. min_version = DTLS1_VERSION;
  375. if (max_version == 0)
  376. max_version = DTLS1_2_VERSION;
  377. #ifdef OPENSSL_NO_DTLS1_2
  378. if (max_version == DTLS1_2_VERSION)
  379. max_version = DTLS1_VERSION;
  380. #endif
  381. #ifdef OPENSSL_NO_DTLS1
  382. if (min_version == DTLS1_VERSION)
  383. min_version = DTLS1_2_VERSION;
  384. #endif
  385. /* Done massaging versions; do the check. */
  386. if (0
  387. #ifdef OPENSSL_NO_DTLS1
  388. || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
  389. && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
  390. #endif
  391. #ifdef OPENSSL_NO_DTLS1_2
  392. || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
  393. && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
  394. #endif
  395. )
  396. return 0;
  397. } else {
  398. /* Regular TLS version checks. */
  399. if (min_version == 0)
  400. min_version = SSL3_VERSION;
  401. if (max_version == 0)
  402. max_version = TLS1_3_VERSION;
  403. #ifdef OPENSSL_NO_TLS1_3
  404. if (max_version == TLS1_3_VERSION)
  405. max_version = TLS1_2_VERSION;
  406. #endif
  407. #ifdef OPENSSL_NO_TLS1_2
  408. if (max_version == TLS1_2_VERSION)
  409. max_version = TLS1_1_VERSION;
  410. #endif
  411. #ifdef OPENSSL_NO_TLS1_1
  412. if (max_version == TLS1_1_VERSION)
  413. max_version = TLS1_VERSION;
  414. #endif
  415. #ifdef OPENSSL_NO_TLS1
  416. if (max_version == TLS1_VERSION)
  417. max_version = SSL3_VERSION;
  418. #endif
  419. #ifdef OPENSSL_NO_SSL3
  420. if (min_version == SSL3_VERSION)
  421. min_version = TLS1_VERSION;
  422. #endif
  423. #ifdef OPENSSL_NO_TLS1
  424. if (min_version == TLS1_VERSION)
  425. min_version = TLS1_1_VERSION;
  426. #endif
  427. #ifdef OPENSSL_NO_TLS1_1
  428. if (min_version == TLS1_1_VERSION)
  429. min_version = TLS1_2_VERSION;
  430. #endif
  431. #ifdef OPENSSL_NO_TLS1_2
  432. if (min_version == TLS1_2_VERSION)
  433. min_version = TLS1_3_VERSION;
  434. #endif
  435. /* Done massaging versions; do the check. */
  436. if (0
  437. #ifdef OPENSSL_NO_SSL3
  438. || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
  439. #endif
  440. #ifdef OPENSSL_NO_TLS1
  441. || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
  442. #endif
  443. #ifdef OPENSSL_NO_TLS1_1
  444. || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
  445. #endif
  446. #ifdef OPENSSL_NO_TLS1_2
  447. || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
  448. #endif
  449. #ifdef OPENSSL_NO_TLS1_3
  450. || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
  451. #endif
  452. )
  453. return 0;
  454. }
  455. return 1;
  456. }
  457. static void clear_ciphers(SSL *s)
  458. {
  459. /* clear the current cipher */
  460. ssl_clear_cipher_ctx(s);
  461. ssl_clear_hash_ctx(&s->read_hash);
  462. ssl_clear_hash_ctx(&s->write_hash);
  463. }
  464. int SSL_clear(SSL *s)
  465. {
  466. if (s->method == NULL) {
  467. SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
  468. return 0;
  469. }
  470. if (ssl_clear_bad_session(s)) {
  471. SSL_SESSION_free(s->session);
  472. s->session = NULL;
  473. }
  474. SSL_SESSION_free(s->psksession);
  475. s->psksession = NULL;
  476. s->error = 0;
  477. s->hit = 0;
  478. s->shutdown = 0;
  479. if (s->renegotiate) {
  480. SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
  481. return 0;
  482. }
  483. ossl_statem_clear(s);
  484. s->version = s->method->version;
  485. s->client_version = s->version;
  486. s->rwstate = SSL_NOTHING;
  487. BUF_MEM_free(s->init_buf);
  488. s->init_buf = NULL;
  489. clear_ciphers(s);
  490. s->first_packet = 0;
  491. s->key_update = SSL_KEY_UPDATE_NONE;
  492. /* Reset DANE verification result state */
  493. s->dane.mdpth = -1;
  494. s->dane.pdpth = -1;
  495. X509_free(s->dane.mcert);
  496. s->dane.mcert = NULL;
  497. s->dane.mtlsa = NULL;
  498. /* Clear the verification result peername */
  499. X509_VERIFY_PARAM_move_peername(s->param, NULL);
  500. /*
  501. * Check to see if we were changed into a different method, if so, revert
  502. * back.
  503. */
  504. if (s->method != s->ctx->method) {
  505. s->method->ssl_free(s);
  506. s->method = s->ctx->method;
  507. if (!s->method->ssl_new(s))
  508. return 0;
  509. } else {
  510. if (!s->method->ssl_clear(s))
  511. return 0;
  512. }
  513. RECORD_LAYER_clear(&s->rlayer);
  514. return 1;
  515. }
  516. /** Used to change an SSL_CTXs default SSL method type */
  517. int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
  518. {
  519. STACK_OF(SSL_CIPHER) *sk;
  520. ctx->method = meth;
  521. sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
  522. &(ctx->cipher_list_by_id),
  523. SSL_DEFAULT_CIPHER_LIST, ctx->cert);
  524. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
  525. SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
  526. return (0);
  527. }
  528. return (1);
  529. }
  530. SSL *SSL_new(SSL_CTX *ctx)
  531. {
  532. SSL *s;
  533. if (ctx == NULL) {
  534. SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
  535. return (NULL);
  536. }
  537. if (ctx->method == NULL) {
  538. SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
  539. return (NULL);
  540. }
  541. s = OPENSSL_zalloc(sizeof(*s));
  542. if (s == NULL)
  543. goto err;
  544. s->lock = CRYPTO_THREAD_lock_new();
  545. if (s->lock == NULL)
  546. goto err;
  547. /*
  548. * If not using the standard RAND (say for fuzzing), then don't use a
  549. * chained DRBG.
  550. */
  551. if (RAND_get_rand_method() == RAND_OpenSSL()) {
  552. s->drbg = RAND_DRBG_new(NID_aes_128_ctr, RAND_DRBG_FLAG_CTR_USE_DF,
  553. RAND_DRBG_get0_global());
  554. if (s->drbg == NULL) {
  555. CRYPTO_THREAD_lock_free(s->lock);
  556. goto err;
  557. }
  558. }
  559. RECORD_LAYER_init(&s->rlayer, s);
  560. s->options = ctx->options;
  561. s->dane.flags = ctx->dane.flags;
  562. s->min_proto_version = ctx->min_proto_version;
  563. s->max_proto_version = ctx->max_proto_version;
  564. s->mode = ctx->mode;
  565. s->max_cert_list = ctx->max_cert_list;
  566. s->references = 1;
  567. s->max_early_data = ctx->max_early_data;
  568. /*
  569. * Earlier library versions used to copy the pointer to the CERT, not
  570. * its contents; only when setting new parameters for the per-SSL
  571. * copy, ssl_cert_new would be called (and the direct reference to
  572. * the per-SSL_CTX settings would be lost, but those still were
  573. * indirectly accessed for various purposes, and for that reason they
  574. * used to be known as s->ctx->default_cert). Now we don't look at the
  575. * SSL_CTX's CERT after having duplicated it once.
  576. */
  577. s->cert = ssl_cert_dup(ctx->cert);
  578. if (s->cert == NULL)
  579. goto err;
  580. RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
  581. s->msg_callback = ctx->msg_callback;
  582. s->msg_callback_arg = ctx->msg_callback_arg;
  583. s->verify_mode = ctx->verify_mode;
  584. s->not_resumable_session_cb = ctx->not_resumable_session_cb;
  585. s->record_padding_cb = ctx->record_padding_cb;
  586. s->record_padding_arg = ctx->record_padding_arg;
  587. s->block_padding = ctx->block_padding;
  588. s->sid_ctx_length = ctx->sid_ctx_length;
  589. if (!ossl_assert(s->sid_ctx_length <= sizeof s->sid_ctx))
  590. goto err;
  591. memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
  592. s->verify_callback = ctx->default_verify_callback;
  593. s->generate_session_id = ctx->generate_session_id;
  594. s->param = X509_VERIFY_PARAM_new();
  595. if (s->param == NULL)
  596. goto err;
  597. X509_VERIFY_PARAM_inherit(s->param, ctx->param);
  598. s->quiet_shutdown = ctx->quiet_shutdown;
  599. s->max_send_fragment = ctx->max_send_fragment;
  600. s->split_send_fragment = ctx->split_send_fragment;
  601. s->max_pipelines = ctx->max_pipelines;
  602. if (s->max_pipelines > 1)
  603. RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
  604. if (ctx->default_read_buf_len > 0)
  605. SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
  606. SSL_CTX_up_ref(ctx);
  607. s->ctx = ctx;
  608. s->ext.debug_cb = 0;
  609. s->ext.debug_arg = NULL;
  610. s->ext.ticket_expected = 0;
  611. s->ext.status_type = ctx->ext.status_type;
  612. s->ext.status_expected = 0;
  613. s->ext.ocsp.ids = NULL;
  614. s->ext.ocsp.exts = NULL;
  615. s->ext.ocsp.resp = NULL;
  616. s->ext.ocsp.resp_len = 0;
  617. SSL_CTX_up_ref(ctx);
  618. s->session_ctx = ctx;
  619. #ifndef OPENSSL_NO_EC
  620. if (ctx->ext.ecpointformats) {
  621. s->ext.ecpointformats =
  622. OPENSSL_memdup(ctx->ext.ecpointformats,
  623. ctx->ext.ecpointformats_len);
  624. if (!s->ext.ecpointformats)
  625. goto err;
  626. s->ext.ecpointformats_len =
  627. ctx->ext.ecpointformats_len;
  628. }
  629. if (ctx->ext.supportedgroups) {
  630. s->ext.supportedgroups =
  631. OPENSSL_memdup(ctx->ext.supportedgroups,
  632. ctx->ext.supportedgroups_len);
  633. if (!s->ext.supportedgroups)
  634. goto err;
  635. s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
  636. }
  637. #endif
  638. #ifndef OPENSSL_NO_NEXTPROTONEG
  639. s->ext.npn = NULL;
  640. #endif
  641. if (s->ctx->ext.alpn) {
  642. s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
  643. if (s->ext.alpn == NULL)
  644. goto err;
  645. memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
  646. s->ext.alpn_len = s->ctx->ext.alpn_len;
  647. }
  648. s->verified_chain = NULL;
  649. s->verify_result = X509_V_OK;
  650. s->default_passwd_callback = ctx->default_passwd_callback;
  651. s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
  652. s->method = ctx->method;
  653. s->key_update = SSL_KEY_UPDATE_NONE;
  654. if (!s->method->ssl_new(s))
  655. goto err;
  656. s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
  657. if (!SSL_clear(s))
  658. goto err;
  659. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
  660. goto err;
  661. #ifndef OPENSSL_NO_PSK
  662. s->psk_client_callback = ctx->psk_client_callback;
  663. s->psk_server_callback = ctx->psk_server_callback;
  664. #endif
  665. s->psk_find_session_cb = ctx->psk_find_session_cb;
  666. s->psk_use_session_cb = ctx->psk_use_session_cb;
  667. s->job = NULL;
  668. #ifndef OPENSSL_NO_CT
  669. if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
  670. ctx->ct_validation_callback_arg))
  671. goto err;
  672. #endif
  673. return s;
  674. err:
  675. SSL_free(s);
  676. SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
  677. return NULL;
  678. }
  679. int SSL_is_dtls(const SSL *s)
  680. {
  681. return SSL_IS_DTLS(s) ? 1 : 0;
  682. }
  683. int SSL_up_ref(SSL *s)
  684. {
  685. int i;
  686. if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)
  687. return 0;
  688. REF_PRINT_COUNT("SSL", s);
  689. REF_ASSERT_ISNT(i < 2);
  690. return ((i > 1) ? 1 : 0);
  691. }
  692. int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
  693. unsigned int sid_ctx_len)
  694. {
  695. if (sid_ctx_len > sizeof ctx->sid_ctx) {
  696. SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
  697. SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  698. return 0;
  699. }
  700. ctx->sid_ctx_length = sid_ctx_len;
  701. memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
  702. return 1;
  703. }
  704. int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
  705. unsigned int sid_ctx_len)
  706. {
  707. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  708. SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
  709. SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  710. return 0;
  711. }
  712. ssl->sid_ctx_length = sid_ctx_len;
  713. memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
  714. return 1;
  715. }
  716. int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
  717. {
  718. CRYPTO_THREAD_write_lock(ctx->lock);
  719. ctx->generate_session_id = cb;
  720. CRYPTO_THREAD_unlock(ctx->lock);
  721. return 1;
  722. }
  723. int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
  724. {
  725. CRYPTO_THREAD_write_lock(ssl->lock);
  726. ssl->generate_session_id = cb;
  727. CRYPTO_THREAD_unlock(ssl->lock);
  728. return 1;
  729. }
  730. int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
  731. unsigned int id_len)
  732. {
  733. /*
  734. * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
  735. * we can "construct" a session to give us the desired check - i.e. to
  736. * find if there's a session in the hash table that would conflict with
  737. * any new session built out of this id/id_len and the ssl_version in use
  738. * by this SSL.
  739. */
  740. SSL_SESSION r, *p;
  741. if (id_len > sizeof r.session_id)
  742. return 0;
  743. r.ssl_version = ssl->version;
  744. r.session_id_length = id_len;
  745. memcpy(r.session_id, id, id_len);
  746. CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
  747. p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
  748. CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
  749. return (p != NULL);
  750. }
  751. int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
  752. {
  753. return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
  754. }
  755. int SSL_set_purpose(SSL *s, int purpose)
  756. {
  757. return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
  758. }
  759. int SSL_CTX_set_trust(SSL_CTX *s, int trust)
  760. {
  761. return X509_VERIFY_PARAM_set_trust(s->param, trust);
  762. }
  763. int SSL_set_trust(SSL *s, int trust)
  764. {
  765. return X509_VERIFY_PARAM_set_trust(s->param, trust);
  766. }
  767. int SSL_set1_host(SSL *s, const char *hostname)
  768. {
  769. return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
  770. }
  771. int SSL_add1_host(SSL *s, const char *hostname)
  772. {
  773. return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
  774. }
  775. void SSL_set_hostflags(SSL *s, unsigned int flags)
  776. {
  777. X509_VERIFY_PARAM_set_hostflags(s->param, flags);
  778. }
  779. const char *SSL_get0_peername(SSL *s)
  780. {
  781. return X509_VERIFY_PARAM_get0_peername(s->param);
  782. }
  783. int SSL_CTX_dane_enable(SSL_CTX *ctx)
  784. {
  785. return dane_ctx_enable(&ctx->dane);
  786. }
  787. unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
  788. {
  789. unsigned long orig = ctx->dane.flags;
  790. ctx->dane.flags |= flags;
  791. return orig;
  792. }
  793. unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
  794. {
  795. unsigned long orig = ctx->dane.flags;
  796. ctx->dane.flags &= ~flags;
  797. return orig;
  798. }
  799. int SSL_dane_enable(SSL *s, const char *basedomain)
  800. {
  801. SSL_DANE *dane = &s->dane;
  802. if (s->ctx->dane.mdmax == 0) {
  803. SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
  804. return 0;
  805. }
  806. if (dane->trecs != NULL) {
  807. SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);
  808. return 0;
  809. }
  810. /*
  811. * Default SNI name. This rejects empty names, while set1_host below
  812. * accepts them and disables host name checks. To avoid side-effects with
  813. * invalid input, set the SNI name first.
  814. */
  815. if (s->ext.hostname == NULL) {
  816. if (!SSL_set_tlsext_host_name(s, basedomain)) {
  817. SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  818. return -1;
  819. }
  820. }
  821. /* Primary RFC6125 reference identifier */
  822. if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
  823. SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  824. return -1;
  825. }
  826. dane->mdpth = -1;
  827. dane->pdpth = -1;
  828. dane->dctx = &s->ctx->dane;
  829. dane->trecs = sk_danetls_record_new_null();
  830. if (dane->trecs == NULL) {
  831. SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);
  832. return -1;
  833. }
  834. return 1;
  835. }
  836. unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
  837. {
  838. unsigned long orig = ssl->dane.flags;
  839. ssl->dane.flags |= flags;
  840. return orig;
  841. }
  842. unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
  843. {
  844. unsigned long orig = ssl->dane.flags;
  845. ssl->dane.flags &= ~flags;
  846. return orig;
  847. }
  848. int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
  849. {
  850. SSL_DANE *dane = &s->dane;
  851. if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
  852. return -1;
  853. if (dane->mtlsa) {
  854. if (mcert)
  855. *mcert = dane->mcert;
  856. if (mspki)
  857. *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
  858. }
  859. return dane->mdpth;
  860. }
  861. int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
  862. uint8_t *mtype, unsigned const char **data, size_t *dlen)
  863. {
  864. SSL_DANE *dane = &s->dane;
  865. if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
  866. return -1;
  867. if (dane->mtlsa) {
  868. if (usage)
  869. *usage = dane->mtlsa->usage;
  870. if (selector)
  871. *selector = dane->mtlsa->selector;
  872. if (mtype)
  873. *mtype = dane->mtlsa->mtype;
  874. if (data)
  875. *data = dane->mtlsa->data;
  876. if (dlen)
  877. *dlen = dane->mtlsa->dlen;
  878. }
  879. return dane->mdpth;
  880. }
  881. SSL_DANE *SSL_get0_dane(SSL *s)
  882. {
  883. return &s->dane;
  884. }
  885. int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
  886. uint8_t mtype, unsigned char *data, size_t dlen)
  887. {
  888. return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
  889. }
  890. int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
  891. uint8_t ord)
  892. {
  893. return dane_mtype_set(&ctx->dane, md, mtype, ord);
  894. }
  895. int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
  896. {
  897. return X509_VERIFY_PARAM_set1(ctx->param, vpm);
  898. }
  899. int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
  900. {
  901. return X509_VERIFY_PARAM_set1(ssl->param, vpm);
  902. }
  903. X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
  904. {
  905. return ctx->param;
  906. }
  907. X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
  908. {
  909. return ssl->param;
  910. }
  911. void SSL_certs_clear(SSL *s)
  912. {
  913. ssl_cert_clear_certs(s->cert);
  914. }
  915. void SSL_free(SSL *s)
  916. {
  917. int i;
  918. if (s == NULL)
  919. return;
  920. CRYPTO_DOWN_REF(&s->references, &i, s->lock);
  921. REF_PRINT_COUNT("SSL", s);
  922. if (i > 0)
  923. return;
  924. REF_ASSERT_ISNT(i < 0);
  925. X509_VERIFY_PARAM_free(s->param);
  926. dane_final(&s->dane);
  927. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
  928. /* Ignore return value */
  929. ssl_free_wbio_buffer(s);
  930. BIO_free_all(s->wbio);
  931. BIO_free_all(s->rbio);
  932. BUF_MEM_free(s->init_buf);
  933. /* add extra stuff */
  934. sk_SSL_CIPHER_free(s->cipher_list);
  935. sk_SSL_CIPHER_free(s->cipher_list_by_id);
  936. /* Make the next call work :-) */
  937. if (s->session != NULL) {
  938. ssl_clear_bad_session(s);
  939. SSL_SESSION_free(s->session);
  940. }
  941. SSL_SESSION_free(s->psksession);
  942. clear_ciphers(s);
  943. ssl_cert_free(s->cert);
  944. /* Free up if allocated */
  945. OPENSSL_free(s->ext.hostname);
  946. SSL_CTX_free(s->session_ctx);
  947. #ifndef OPENSSL_NO_EC
  948. OPENSSL_free(s->ext.ecpointformats);
  949. OPENSSL_free(s->ext.supportedgroups);
  950. #endif /* OPENSSL_NO_EC */
  951. sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
  952. #ifndef OPENSSL_NO_OCSP
  953. sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
  954. #endif
  955. #ifndef OPENSSL_NO_CT
  956. SCT_LIST_free(s->scts);
  957. OPENSSL_free(s->ext.scts);
  958. #endif
  959. OPENSSL_free(s->ext.ocsp.resp);
  960. OPENSSL_free(s->ext.alpn);
  961. OPENSSL_free(s->ext.tls13_cookie);
  962. OPENSSL_free(s->clienthello);
  963. sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
  964. sk_X509_pop_free(s->verified_chain, X509_free);
  965. if (s->method != NULL)
  966. s->method->ssl_free(s);
  967. RECORD_LAYER_release(&s->rlayer);
  968. SSL_CTX_free(s->ctx);
  969. ASYNC_WAIT_CTX_free(s->waitctx);
  970. #if !defined(OPENSSL_NO_NEXTPROTONEG)
  971. OPENSSL_free(s->ext.npn);
  972. #endif
  973. #ifndef OPENSSL_NO_SRTP
  974. sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
  975. #endif
  976. RAND_DRBG_free(s->drbg);
  977. CRYPTO_THREAD_lock_free(s->lock);
  978. OPENSSL_free(s);
  979. }
  980. void SSL_set0_rbio(SSL *s, BIO *rbio)
  981. {
  982. BIO_free_all(s->rbio);
  983. s->rbio = rbio;
  984. }
  985. void SSL_set0_wbio(SSL *s, BIO *wbio)
  986. {
  987. /*
  988. * If the output buffering BIO is still in place, remove it
  989. */
  990. if (s->bbio != NULL)
  991. s->wbio = BIO_pop(s->wbio);
  992. BIO_free_all(s->wbio);
  993. s->wbio = wbio;
  994. /* Re-attach |bbio| to the new |wbio|. */
  995. if (s->bbio != NULL)
  996. s->wbio = BIO_push(s->bbio, s->wbio);
  997. }
  998. void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
  999. {
  1000. /*
  1001. * For historical reasons, this function has many different cases in
  1002. * ownership handling.
  1003. */
  1004. /* If nothing has changed, do nothing */
  1005. if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
  1006. return;
  1007. /*
  1008. * If the two arguments are equal then one fewer reference is granted by the
  1009. * caller than we want to take
  1010. */
  1011. if (rbio != NULL && rbio == wbio)
  1012. BIO_up_ref(rbio);
  1013. /*
  1014. * If only the wbio is changed only adopt one reference.
  1015. */
  1016. if (rbio == SSL_get_rbio(s)) {
  1017. SSL_set0_wbio(s, wbio);
  1018. return;
  1019. }
  1020. /*
  1021. * There is an asymmetry here for historical reasons. If only the rbio is
  1022. * changed AND the rbio and wbio were originally different, then we only
  1023. * adopt one reference.
  1024. */
  1025. if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
  1026. SSL_set0_rbio(s, rbio);
  1027. return;
  1028. }
  1029. /* Otherwise, adopt both references. */
  1030. SSL_set0_rbio(s, rbio);
  1031. SSL_set0_wbio(s, wbio);
  1032. }
  1033. BIO *SSL_get_rbio(const SSL *s)
  1034. {
  1035. return s->rbio;
  1036. }
  1037. BIO *SSL_get_wbio(const SSL *s)
  1038. {
  1039. if (s->bbio != NULL) {
  1040. /*
  1041. * If |bbio| is active, the true caller-configured BIO is its
  1042. * |next_bio|.
  1043. */
  1044. return BIO_next(s->bbio);
  1045. }
  1046. return s->wbio;
  1047. }
  1048. int SSL_get_fd(const SSL *s)
  1049. {
  1050. return SSL_get_rfd(s);
  1051. }
  1052. int SSL_get_rfd(const SSL *s)
  1053. {
  1054. int ret = -1;
  1055. BIO *b, *r;
  1056. b = SSL_get_rbio(s);
  1057. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1058. if (r != NULL)
  1059. BIO_get_fd(r, &ret);
  1060. return (ret);
  1061. }
  1062. int SSL_get_wfd(const SSL *s)
  1063. {
  1064. int ret = -1;
  1065. BIO *b, *r;
  1066. b = SSL_get_wbio(s);
  1067. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1068. if (r != NULL)
  1069. BIO_get_fd(r, &ret);
  1070. return (ret);
  1071. }
  1072. #ifndef OPENSSL_NO_SOCK
  1073. int SSL_set_fd(SSL *s, int fd)
  1074. {
  1075. int ret = 0;
  1076. BIO *bio = NULL;
  1077. bio = BIO_new(BIO_s_socket());
  1078. if (bio == NULL) {
  1079. SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
  1080. goto err;
  1081. }
  1082. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1083. SSL_set_bio(s, bio, bio);
  1084. ret = 1;
  1085. err:
  1086. return (ret);
  1087. }
  1088. int SSL_set_wfd(SSL *s, int fd)
  1089. {
  1090. BIO *rbio = SSL_get_rbio(s);
  1091. if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
  1092. || (int)BIO_get_fd(rbio, NULL) != fd) {
  1093. BIO *bio = BIO_new(BIO_s_socket());
  1094. if (bio == NULL) {
  1095. SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
  1096. return 0;
  1097. }
  1098. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1099. SSL_set0_wbio(s, bio);
  1100. } else {
  1101. BIO_up_ref(rbio);
  1102. SSL_set0_wbio(s, rbio);
  1103. }
  1104. return 1;
  1105. }
  1106. int SSL_set_rfd(SSL *s, int fd)
  1107. {
  1108. BIO *wbio = SSL_get_wbio(s);
  1109. if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
  1110. || ((int)BIO_get_fd(wbio, NULL) != fd)) {
  1111. BIO *bio = BIO_new(BIO_s_socket());
  1112. if (bio == NULL) {
  1113. SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
  1114. return 0;
  1115. }
  1116. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1117. SSL_set0_rbio(s, bio);
  1118. } else {
  1119. BIO_up_ref(wbio);
  1120. SSL_set0_rbio(s, wbio);
  1121. }
  1122. return 1;
  1123. }
  1124. #endif
  1125. /* return length of latest Finished message we sent, copy to 'buf' */
  1126. size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
  1127. {
  1128. size_t ret = 0;
  1129. if (s->s3 != NULL) {
  1130. ret = s->s3->tmp.finish_md_len;
  1131. if (count > ret)
  1132. count = ret;
  1133. memcpy(buf, s->s3->tmp.finish_md, count);
  1134. }
  1135. return ret;
  1136. }
  1137. /* return length of latest Finished message we expected, copy to 'buf' */
  1138. size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
  1139. {
  1140. size_t ret = 0;
  1141. if (s->s3 != NULL) {
  1142. ret = s->s3->tmp.peer_finish_md_len;
  1143. if (count > ret)
  1144. count = ret;
  1145. memcpy(buf, s->s3->tmp.peer_finish_md, count);
  1146. }
  1147. return ret;
  1148. }
  1149. int SSL_get_verify_mode(const SSL *s)
  1150. {
  1151. return (s->verify_mode);
  1152. }
  1153. int SSL_get_verify_depth(const SSL *s)
  1154. {
  1155. return X509_VERIFY_PARAM_get_depth(s->param);
  1156. }
  1157. int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
  1158. return (s->verify_callback);
  1159. }
  1160. int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
  1161. {
  1162. return (ctx->verify_mode);
  1163. }
  1164. int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
  1165. {
  1166. return X509_VERIFY_PARAM_get_depth(ctx->param);
  1167. }
  1168. int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
  1169. return (ctx->default_verify_callback);
  1170. }
  1171. void SSL_set_verify(SSL *s, int mode,
  1172. int (*callback) (int ok, X509_STORE_CTX *ctx))
  1173. {
  1174. s->verify_mode = mode;
  1175. if (callback != NULL)
  1176. s->verify_callback = callback;
  1177. }
  1178. void SSL_set_verify_depth(SSL *s, int depth)
  1179. {
  1180. X509_VERIFY_PARAM_set_depth(s->param, depth);
  1181. }
  1182. void SSL_set_read_ahead(SSL *s, int yes)
  1183. {
  1184. RECORD_LAYER_set_read_ahead(&s->rlayer, yes);
  1185. }
  1186. int SSL_get_read_ahead(const SSL *s)
  1187. {
  1188. return RECORD_LAYER_get_read_ahead(&s->rlayer);
  1189. }
  1190. int SSL_pending(const SSL *s)
  1191. {
  1192. size_t pending = s->method->ssl_pending(s);
  1193. /*
  1194. * SSL_pending cannot work properly if read-ahead is enabled
  1195. * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
  1196. * impossible to fix since SSL_pending cannot report errors that may be
  1197. * observed while scanning the new data. (Note that SSL_pending() is
  1198. * often used as a boolean value, so we'd better not return -1.)
  1199. *
  1200. * SSL_pending also cannot work properly if the value >INT_MAX. In that case
  1201. * we just return INT_MAX.
  1202. */
  1203. return pending < INT_MAX ? (int)pending : INT_MAX;
  1204. }
  1205. int SSL_has_pending(const SSL *s)
  1206. {
  1207. /*
  1208. * Similar to SSL_pending() but returns a 1 to indicate that we have
  1209. * unprocessed data available or 0 otherwise (as opposed to the number of
  1210. * bytes available). Unlike SSL_pending() this will take into account
  1211. * read_ahead data. A 1 return simply indicates that we have unprocessed
  1212. * data. That data may not result in any application data, or we may fail
  1213. * to parse the records for some reason.
  1214. */
  1215. if (RECORD_LAYER_processed_read_pending(&s->rlayer))
  1216. return 1;
  1217. return RECORD_LAYER_read_pending(&s->rlayer);
  1218. }
  1219. X509 *SSL_get_peer_certificate(const SSL *s)
  1220. {
  1221. X509 *r;
  1222. if ((s == NULL) || (s->session == NULL))
  1223. r = NULL;
  1224. else
  1225. r = s->session->peer;
  1226. if (r == NULL)
  1227. return (r);
  1228. X509_up_ref(r);
  1229. return (r);
  1230. }
  1231. STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
  1232. {
  1233. STACK_OF(X509) *r;
  1234. if ((s == NULL) || (s->session == NULL))
  1235. r = NULL;
  1236. else
  1237. r = s->session->peer_chain;
  1238. /*
  1239. * If we are a client, cert_chain includes the peer's own certificate; if
  1240. * we are a server, it does not.
  1241. */
  1242. return (r);
  1243. }
  1244. /*
  1245. * Now in theory, since the calling process own 't' it should be safe to
  1246. * modify. We need to be able to read f without being hassled
  1247. */
  1248. int SSL_copy_session_id(SSL *t, const SSL *f)
  1249. {
  1250. int i;
  1251. /* Do we need to to SSL locking? */
  1252. if (!SSL_set_session(t, SSL_get_session(f))) {
  1253. return 0;
  1254. }
  1255. /*
  1256. * what if we are setup for one protocol version but want to talk another
  1257. */
  1258. if (t->method != f->method) {
  1259. t->method->ssl_free(t);
  1260. t->method = f->method;
  1261. if (t->method->ssl_new(t) == 0)
  1262. return 0;
  1263. }
  1264. CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock);
  1265. ssl_cert_free(t->cert);
  1266. t->cert = f->cert;
  1267. if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) {
  1268. return 0;
  1269. }
  1270. return 1;
  1271. }
  1272. /* Fix this so it checks all the valid key/cert options */
  1273. int SSL_CTX_check_private_key(const SSL_CTX *ctx)
  1274. {
  1275. if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
  1276. SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1277. return (0);
  1278. }
  1279. if (ctx->cert->key->privatekey == NULL) {
  1280. SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1281. return (0);
  1282. }
  1283. return (X509_check_private_key
  1284. (ctx->cert->key->x509, ctx->cert->key->privatekey));
  1285. }
  1286. /* Fix this function so that it takes an optional type parameter */
  1287. int SSL_check_private_key(const SSL *ssl)
  1288. {
  1289. if (ssl == NULL) {
  1290. SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
  1291. return (0);
  1292. }
  1293. if (ssl->cert->key->x509 == NULL) {
  1294. SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1295. return (0);
  1296. }
  1297. if (ssl->cert->key->privatekey == NULL) {
  1298. SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1299. return (0);
  1300. }
  1301. return (X509_check_private_key(ssl->cert->key->x509,
  1302. ssl->cert->key->privatekey));
  1303. }
  1304. int SSL_waiting_for_async(SSL *s)
  1305. {
  1306. if (s->job)
  1307. return 1;
  1308. return 0;
  1309. }
  1310. int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
  1311. {
  1312. ASYNC_WAIT_CTX *ctx = s->waitctx;
  1313. if (ctx == NULL)
  1314. return 0;
  1315. return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
  1316. }
  1317. int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
  1318. OSSL_ASYNC_FD *delfd, size_t *numdelfds)
  1319. {
  1320. ASYNC_WAIT_CTX *ctx = s->waitctx;
  1321. if (ctx == NULL)
  1322. return 0;
  1323. return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
  1324. numdelfds);
  1325. }
  1326. int SSL_accept(SSL *s)
  1327. {
  1328. if (s->handshake_func == NULL) {
  1329. /* Not properly initialized yet */
  1330. SSL_set_accept_state(s);
  1331. }
  1332. return SSL_do_handshake(s);
  1333. }
  1334. int SSL_connect(SSL *s)
  1335. {
  1336. if (s->handshake_func == NULL) {
  1337. /* Not properly initialized yet */
  1338. SSL_set_connect_state(s);
  1339. }
  1340. return SSL_do_handshake(s);
  1341. }
  1342. long SSL_get_default_timeout(const SSL *s)
  1343. {
  1344. return (s->method->get_timeout());
  1345. }
  1346. static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
  1347. int (*func) (void *))
  1348. {
  1349. int ret;
  1350. if (s->waitctx == NULL) {
  1351. s->waitctx = ASYNC_WAIT_CTX_new();
  1352. if (s->waitctx == NULL)
  1353. return -1;
  1354. }
  1355. switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
  1356. sizeof(struct ssl_async_args))) {
  1357. case ASYNC_ERR:
  1358. s->rwstate = SSL_NOTHING;
  1359. SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
  1360. return -1;
  1361. case ASYNC_PAUSE:
  1362. s->rwstate = SSL_ASYNC_PAUSED;
  1363. return -1;
  1364. case ASYNC_NO_JOBS:
  1365. s->rwstate = SSL_ASYNC_NO_JOBS;
  1366. return -1;
  1367. case ASYNC_FINISH:
  1368. s->job = NULL;
  1369. return ret;
  1370. default:
  1371. s->rwstate = SSL_NOTHING;
  1372. SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
  1373. /* Shouldn't happen */
  1374. return -1;
  1375. }
  1376. }
  1377. static int ssl_io_intern(void *vargs)
  1378. {
  1379. struct ssl_async_args *args;
  1380. SSL *s;
  1381. void *buf;
  1382. size_t num;
  1383. args = (struct ssl_async_args *)vargs;
  1384. s = args->s;
  1385. buf = args->buf;
  1386. num = args->num;
  1387. switch (args->type) {
  1388. case READFUNC:
  1389. return args->f.func_read(s, buf, num, &s->asyncrw);
  1390. case WRITEFUNC:
  1391. return args->f.func_write(s, buf, num, &s->asyncrw);
  1392. case OTHERFUNC:
  1393. return args->f.func_other(s);
  1394. }
  1395. return -1;
  1396. }
  1397. int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  1398. {
  1399. if (s->handshake_func == NULL) {
  1400. SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED);
  1401. return -1;
  1402. }
  1403. if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
  1404. s->rwstate = SSL_NOTHING;
  1405. return 0;
  1406. }
  1407. if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  1408. || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
  1409. SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1410. return 0;
  1411. }
  1412. /*
  1413. * If we are a client and haven't received the ServerHello etc then we
  1414. * better do that
  1415. */
  1416. ossl_statem_check_finish_init(s, 0);
  1417. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1418. struct ssl_async_args args;
  1419. int ret;
  1420. args.s = s;
  1421. args.buf = buf;
  1422. args.num = num;
  1423. args.type = READFUNC;
  1424. args.f.func_read = s->method->ssl_read;
  1425. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1426. *readbytes = s->asyncrw;
  1427. return ret;
  1428. } else {
  1429. return s->method->ssl_read(s, buf, num, readbytes);
  1430. }
  1431. }
  1432. int SSL_read(SSL *s, void *buf, int num)
  1433. {
  1434. int ret;
  1435. size_t readbytes;
  1436. if (num < 0) {
  1437. SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
  1438. return -1;
  1439. }
  1440. ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
  1441. /*
  1442. * The cast is safe here because ret should be <= INT_MAX because num is
  1443. * <= INT_MAX
  1444. */
  1445. if (ret > 0)
  1446. ret = (int)readbytes;
  1447. return ret;
  1448. }
  1449. int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  1450. {
  1451. int ret = ssl_read_internal(s, buf, num, readbytes);
  1452. if (ret < 0)
  1453. ret = 0;
  1454. return ret;
  1455. }
  1456. int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
  1457. {
  1458. int ret;
  1459. if (!s->server) {
  1460. SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1461. return SSL_READ_EARLY_DATA_ERROR;
  1462. }
  1463. switch (s->early_data_state) {
  1464. case SSL_EARLY_DATA_NONE:
  1465. if (!SSL_in_before(s)) {
  1466. SSLerr(SSL_F_SSL_READ_EARLY_DATA,
  1467. ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1468. return SSL_READ_EARLY_DATA_ERROR;
  1469. }
  1470. /* fall through */
  1471. case SSL_EARLY_DATA_ACCEPT_RETRY:
  1472. s->early_data_state = SSL_EARLY_DATA_ACCEPTING;
  1473. ret = SSL_accept(s);
  1474. if (ret <= 0) {
  1475. /* NBIO or error */
  1476. s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
  1477. return SSL_READ_EARLY_DATA_ERROR;
  1478. }
  1479. /* fall through */
  1480. case SSL_EARLY_DATA_READ_RETRY:
  1481. if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
  1482. s->early_data_state = SSL_EARLY_DATA_READING;
  1483. ret = SSL_read_ex(s, buf, num, readbytes);
  1484. /*
  1485. * State machine will update early_data_state to
  1486. * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
  1487. * message
  1488. */
  1489. if (ret > 0 || (ret <= 0 && s->early_data_state
  1490. != SSL_EARLY_DATA_FINISHED_READING)) {
  1491. s->early_data_state = SSL_EARLY_DATA_READ_RETRY;
  1492. return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
  1493. : SSL_READ_EARLY_DATA_ERROR;
  1494. }
  1495. } else {
  1496. s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
  1497. }
  1498. *readbytes = 0;
  1499. return SSL_READ_EARLY_DATA_FINISH;
  1500. default:
  1501. SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1502. return SSL_READ_EARLY_DATA_ERROR;
  1503. }
  1504. }
  1505. int SSL_get_early_data_status(const SSL *s)
  1506. {
  1507. return s->ext.early_data;
  1508. }
  1509. static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  1510. {
  1511. if (s->handshake_func == NULL) {
  1512. SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED);
  1513. return -1;
  1514. }
  1515. if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
  1516. return 0;
  1517. }
  1518. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1519. struct ssl_async_args args;
  1520. int ret;
  1521. args.s = s;
  1522. args.buf = buf;
  1523. args.num = num;
  1524. args.type = READFUNC;
  1525. args.f.func_read = s->method->ssl_peek;
  1526. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1527. *readbytes = s->asyncrw;
  1528. return ret;
  1529. } else {
  1530. return s->method->ssl_peek(s, buf, num, readbytes);
  1531. }
  1532. }
  1533. int SSL_peek(SSL *s, void *buf, int num)
  1534. {
  1535. int ret;
  1536. size_t readbytes;
  1537. if (num < 0) {
  1538. SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
  1539. return -1;
  1540. }
  1541. ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
  1542. /*
  1543. * The cast is safe here because ret should be <= INT_MAX because num is
  1544. * <= INT_MAX
  1545. */
  1546. if (ret > 0)
  1547. ret = (int)readbytes;
  1548. return ret;
  1549. }
  1550. int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  1551. {
  1552. int ret = ssl_peek_internal(s, buf, num, readbytes);
  1553. if (ret < 0)
  1554. ret = 0;
  1555. return ret;
  1556. }
  1557. int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
  1558. {
  1559. if (s->handshake_func == NULL) {
  1560. SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED);
  1561. return -1;
  1562. }
  1563. if (s->shutdown & SSL_SENT_SHUTDOWN) {
  1564. s->rwstate = SSL_NOTHING;
  1565. SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN);
  1566. return -1;
  1567. }
  1568. if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  1569. || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
  1570. || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
  1571. SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1572. return 0;
  1573. }
  1574. /* If we are a client and haven't sent the Finished we better do that */
  1575. ossl_statem_check_finish_init(s, 1);
  1576. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1577. int ret;
  1578. struct ssl_async_args args;
  1579. args.s = s;
  1580. args.buf = (void *)buf;
  1581. args.num = num;
  1582. args.type = WRITEFUNC;
  1583. args.f.func_write = s->method->ssl_write;
  1584. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1585. *written = s->asyncrw;
  1586. return ret;
  1587. } else {
  1588. return s->method->ssl_write(s, buf, num, written);
  1589. }
  1590. }
  1591. int SSL_write(SSL *s, const void *buf, int num)
  1592. {
  1593. int ret;
  1594. size_t written;
  1595. if (num < 0) {
  1596. SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH);
  1597. return -1;
  1598. }
  1599. ret = ssl_write_internal(s, buf, (size_t)num, &written);
  1600. /*
  1601. * The cast is safe here because ret should be <= INT_MAX because num is
  1602. * <= INT_MAX
  1603. */
  1604. if (ret > 0)
  1605. ret = (int)written;
  1606. return ret;
  1607. }
  1608. int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
  1609. {
  1610. int ret = ssl_write_internal(s, buf, num, written);
  1611. if (ret < 0)
  1612. ret = 0;
  1613. return ret;
  1614. }
  1615. int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
  1616. {
  1617. int ret, early_data_state;
  1618. switch (s->early_data_state) {
  1619. case SSL_EARLY_DATA_NONE:
  1620. if (s->server
  1621. || !SSL_in_before(s)
  1622. || s->session == NULL
  1623. || s->session->ext.max_early_data == 0) {
  1624. SSLerr(SSL_F_SSL_WRITE_EARLY_DATA,
  1625. ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1626. return 0;
  1627. }
  1628. /* fall through */
  1629. case SSL_EARLY_DATA_CONNECT_RETRY:
  1630. s->early_data_state = SSL_EARLY_DATA_CONNECTING;
  1631. ret = SSL_connect(s);
  1632. if (ret <= 0) {
  1633. /* NBIO or error */
  1634. s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
  1635. return 0;
  1636. }
  1637. /* fall through */
  1638. case SSL_EARLY_DATA_WRITE_RETRY:
  1639. s->early_data_state = SSL_EARLY_DATA_WRITING;
  1640. ret = SSL_write_ex(s, buf, num, written);
  1641. s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
  1642. return ret;
  1643. case SSL_EARLY_DATA_FINISHED_READING:
  1644. case SSL_EARLY_DATA_READ_RETRY:
  1645. early_data_state = s->early_data_state;
  1646. /* We are a server writing to an unauthenticated client */
  1647. s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
  1648. ret = SSL_write_ex(s, buf, num, written);
  1649. s->early_data_state = early_data_state;
  1650. return ret;
  1651. default:
  1652. SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1653. return 0;
  1654. }
  1655. }
  1656. int SSL_shutdown(SSL *s)
  1657. {
  1658. /*
  1659. * Note that this function behaves differently from what one might
  1660. * expect. Return values are 0 for no success (yet), 1 for success; but
  1661. * calling it once is usually not enough, even if blocking I/O is used
  1662. * (see ssl3_shutdown).
  1663. */
  1664. if (s->handshake_func == NULL) {
  1665. SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
  1666. return -1;
  1667. }
  1668. if (!SSL_in_init(s)) {
  1669. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1670. struct ssl_async_args args;
  1671. args.s = s;
  1672. args.type = OTHERFUNC;
  1673. args.f.func_other = s->method->ssl_shutdown;
  1674. return ssl_start_async_job(s, &args, ssl_io_intern);
  1675. } else {
  1676. return s->method->ssl_shutdown(s);
  1677. }
  1678. } else {
  1679. SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
  1680. return -1;
  1681. }
  1682. }
  1683. int SSL_key_update(SSL *s, int updatetype)
  1684. {
  1685. /*
  1686. * TODO(TLS1.3): How will applications know whether TLSv1.3 has been
  1687. * negotiated, and that it is appropriate to call SSL_key_update() instead
  1688. * of SSL_renegotiate().
  1689. */
  1690. if (!SSL_IS_TLS13(s)) {
  1691. SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION);
  1692. return 0;
  1693. }
  1694. if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
  1695. && updatetype != SSL_KEY_UPDATE_REQUESTED) {
  1696. SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE);
  1697. return 0;
  1698. }
  1699. if (!SSL_is_init_finished(s)) {
  1700. SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT);
  1701. return 0;
  1702. }
  1703. ossl_statem_set_in_init(s, 1);
  1704. s->key_update = updatetype;
  1705. return 1;
  1706. }
  1707. int SSL_get_key_update_type(SSL *s)
  1708. {
  1709. return s->key_update;
  1710. }
  1711. int SSL_renegotiate(SSL *s)
  1712. {
  1713. if (SSL_IS_TLS13(s)) {
  1714. SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION);
  1715. return 0;
  1716. }
  1717. if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
  1718. SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION);
  1719. return 0;
  1720. }
  1721. s->renegotiate = 1;
  1722. s->new_session = 1;
  1723. return (s->method->ssl_renegotiate(s));
  1724. }
  1725. int SSL_renegotiate_abbreviated(SSL *s)
  1726. {
  1727. if (SSL_IS_TLS13(s)) {
  1728. SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION);
  1729. return 0;
  1730. }
  1731. if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
  1732. SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION);
  1733. return 0;
  1734. }
  1735. s->renegotiate = 1;
  1736. s->new_session = 0;
  1737. return (s->method->ssl_renegotiate(s));
  1738. }
  1739. int SSL_renegotiate_pending(SSL *s)
  1740. {
  1741. /*
  1742. * becomes true when negotiation is requested; false again once a
  1743. * handshake has finished
  1744. */
  1745. return (s->renegotiate != 0);
  1746. }
  1747. long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
  1748. {
  1749. long l;
  1750. switch (cmd) {
  1751. case SSL_CTRL_GET_READ_AHEAD:
  1752. return (RECORD_LAYER_get_read_ahead(&s->rlayer));
  1753. case SSL_CTRL_SET_READ_AHEAD:
  1754. l = RECORD_LAYER_get_read_ahead(&s->rlayer);
  1755. RECORD_LAYER_set_read_ahead(&s->rlayer, larg);
  1756. return (l);
  1757. case SSL_CTRL_SET_MSG_CALLBACK_ARG:
  1758. s->msg_callback_arg = parg;
  1759. return 1;
  1760. case SSL_CTRL_MODE:
  1761. return (s->mode |= larg);
  1762. case SSL_CTRL_CLEAR_MODE:
  1763. return (s->mode &= ~larg);
  1764. case SSL_CTRL_GET_MAX_CERT_LIST:
  1765. return (long)(s->max_cert_list);
  1766. case SSL_CTRL_SET_MAX_CERT_LIST:
  1767. if (larg < 0)
  1768. return 0;
  1769. l = (long)s->max_cert_list;
  1770. s->max_cert_list = (size_t)larg;
  1771. return l;
  1772. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  1773. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  1774. return 0;
  1775. s->max_send_fragment = larg;
  1776. if (s->max_send_fragment < s->split_send_fragment)
  1777. s->split_send_fragment = s->max_send_fragment;
  1778. return 1;
  1779. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  1780. if ((size_t)larg > s->max_send_fragment || larg == 0)
  1781. return 0;
  1782. s->split_send_fragment = larg;
  1783. return 1;
  1784. case SSL_CTRL_SET_MAX_PIPELINES:
  1785. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  1786. return 0;
  1787. s->max_pipelines = larg;
  1788. if (larg > 1)
  1789. RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
  1790. return 1;
  1791. case SSL_CTRL_GET_RI_SUPPORT:
  1792. if (s->s3)
  1793. return s->s3->send_connection_binding;
  1794. else
  1795. return 0;
  1796. case SSL_CTRL_CERT_FLAGS:
  1797. return (s->cert->cert_flags |= larg);
  1798. case SSL_CTRL_CLEAR_CERT_FLAGS:
  1799. return (s->cert->cert_flags &= ~larg);
  1800. case SSL_CTRL_GET_RAW_CIPHERLIST:
  1801. if (parg) {
  1802. if (s->s3->tmp.ciphers_raw == NULL)
  1803. return 0;
  1804. *(unsigned char **)parg = s->s3->tmp.ciphers_raw;
  1805. return (int)s->s3->tmp.ciphers_rawlen;
  1806. } else {
  1807. return TLS_CIPHER_LEN;
  1808. }
  1809. case SSL_CTRL_GET_EXTMS_SUPPORT:
  1810. if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
  1811. return -1;
  1812. if (s->session->flags & SSL_SESS_FLAG_EXTMS)
  1813. return 1;
  1814. else
  1815. return 0;
  1816. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  1817. return ssl_check_allowed_versions(larg, s->max_proto_version)
  1818. && ssl_set_version_bound(s->ctx->method->version, (int)larg,
  1819. &s->min_proto_version);
  1820. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  1821. return ssl_check_allowed_versions(s->min_proto_version, larg)
  1822. && ssl_set_version_bound(s->ctx->method->version, (int)larg,
  1823. &s->max_proto_version);
  1824. default:
  1825. return (s->method->ssl_ctrl(s, cmd, larg, parg));
  1826. }
  1827. }
  1828. long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
  1829. {
  1830. switch (cmd) {
  1831. case SSL_CTRL_SET_MSG_CALLBACK:
  1832. s->msg_callback = (void (*)
  1833. (int write_p, int version, int content_type,
  1834. const void *buf, size_t len, SSL *ssl,
  1835. void *arg))(fp);
  1836. return 1;
  1837. default:
  1838. return (s->method->ssl_callback_ctrl(s, cmd, fp));
  1839. }
  1840. }
  1841. LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
  1842. {
  1843. return ctx->sessions;
  1844. }
  1845. long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
  1846. {
  1847. long l;
  1848. /* For some cases with ctx == NULL perform syntax checks */
  1849. if (ctx == NULL) {
  1850. switch (cmd) {
  1851. #ifndef OPENSSL_NO_EC
  1852. case SSL_CTRL_SET_GROUPS_LIST:
  1853. return tls1_set_groups_list(NULL, NULL, parg);
  1854. #endif
  1855. case SSL_CTRL_SET_SIGALGS_LIST:
  1856. case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
  1857. return tls1_set_sigalgs_list(NULL, parg, 0);
  1858. default:
  1859. return 0;
  1860. }
  1861. }
  1862. switch (cmd) {
  1863. case SSL_CTRL_GET_READ_AHEAD:
  1864. return (ctx->read_ahead);
  1865. case SSL_CTRL_SET_READ_AHEAD:
  1866. l = ctx->read_ahead;
  1867. ctx->read_ahead = larg;
  1868. return (l);
  1869. case SSL_CTRL_SET_MSG_CALLBACK_ARG:
  1870. ctx->msg_callback_arg = parg;
  1871. return 1;
  1872. case SSL_CTRL_GET_MAX_CERT_LIST:
  1873. return (long)(ctx->max_cert_list);
  1874. case SSL_CTRL_SET_MAX_CERT_LIST:
  1875. if (larg < 0)
  1876. return 0;
  1877. l = (long)ctx->max_cert_list;
  1878. ctx->max_cert_list = (size_t)larg;
  1879. return l;
  1880. case SSL_CTRL_SET_SESS_CACHE_SIZE:
  1881. if (larg < 0)
  1882. return 0;
  1883. l = (long)ctx->session_cache_size;
  1884. ctx->session_cache_size = (size_t)larg;
  1885. return l;
  1886. case SSL_CTRL_GET_SESS_CACHE_SIZE:
  1887. return (long)(ctx->session_cache_size);
  1888. case SSL_CTRL_SET_SESS_CACHE_MODE:
  1889. l = ctx->session_cache_mode;
  1890. ctx->session_cache_mode = larg;
  1891. return (l);
  1892. case SSL_CTRL_GET_SESS_CACHE_MODE:
  1893. return (ctx->session_cache_mode);
  1894. case SSL_CTRL_SESS_NUMBER:
  1895. return (lh_SSL_SESSION_num_items(ctx->sessions));
  1896. case SSL_CTRL_SESS_CONNECT:
  1897. return (ctx->stats.sess_connect);
  1898. case SSL_CTRL_SESS_CONNECT_GOOD:
  1899. return (ctx->stats.sess_connect_good);
  1900. case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
  1901. return (ctx->stats.sess_connect_renegotiate);
  1902. case SSL_CTRL_SESS_ACCEPT:
  1903. return (ctx->stats.sess_accept);
  1904. case SSL_CTRL_SESS_ACCEPT_GOOD:
  1905. return (ctx->stats.sess_accept_good);
  1906. case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
  1907. return (ctx->stats.sess_accept_renegotiate);
  1908. case SSL_CTRL_SESS_HIT:
  1909. return (ctx->stats.sess_hit);
  1910. case SSL_CTRL_SESS_CB_HIT:
  1911. return (ctx->stats.sess_cb_hit);
  1912. case SSL_CTRL_SESS_MISSES:
  1913. return (ctx->stats.sess_miss);
  1914. case SSL_CTRL_SESS_TIMEOUTS:
  1915. return (ctx->stats.sess_timeout);
  1916. case SSL_CTRL_SESS_CACHE_FULL:
  1917. return (ctx->stats.sess_cache_full);
  1918. case SSL_CTRL_MODE:
  1919. return (ctx->mode |= larg);
  1920. case SSL_CTRL_CLEAR_MODE:
  1921. return (ctx->mode &= ~larg);
  1922. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  1923. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  1924. return 0;
  1925. ctx->max_send_fragment = larg;
  1926. if (ctx->max_send_fragment < ctx->split_send_fragment)
  1927. ctx->split_send_fragment = ctx->max_send_fragment;
  1928. return 1;
  1929. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  1930. if ((size_t)larg > ctx->max_send_fragment || larg == 0)
  1931. return 0;
  1932. ctx->split_send_fragment = larg;
  1933. return 1;
  1934. case SSL_CTRL_SET_MAX_PIPELINES:
  1935. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  1936. return 0;
  1937. ctx->max_pipelines = larg;
  1938. return 1;
  1939. case SSL_CTRL_CERT_FLAGS:
  1940. return (ctx->cert->cert_flags |= larg);
  1941. case SSL_CTRL_CLEAR_CERT_FLAGS:
  1942. return (ctx->cert->cert_flags &= ~larg);
  1943. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  1944. return ssl_check_allowed_versions(larg, ctx->max_proto_version)
  1945. && ssl_set_version_bound(ctx->method->version, (int)larg,
  1946. &ctx->min_proto_version);
  1947. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  1948. return ssl_check_allowed_versions(ctx->min_proto_version, larg)
  1949. && ssl_set_version_bound(ctx->method->version, (int)larg,
  1950. &ctx->max_proto_version);
  1951. default:
  1952. return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
  1953. }
  1954. }
  1955. long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
  1956. {
  1957. switch (cmd) {
  1958. case SSL_CTRL_SET_MSG_CALLBACK:
  1959. ctx->msg_callback = (void (*)
  1960. (int write_p, int version, int content_type,
  1961. const void *buf, size_t len, SSL *ssl,
  1962. void *arg))(fp);
  1963. return 1;
  1964. default:
  1965. return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
  1966. }
  1967. }
  1968. int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
  1969. {
  1970. if (a->id > b->id)
  1971. return 1;
  1972. if (a->id < b->id)
  1973. return -1;
  1974. return 0;
  1975. }
  1976. int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
  1977. const SSL_CIPHER *const *bp)
  1978. {
  1979. if ((*ap)->id > (*bp)->id)
  1980. return 1;
  1981. if ((*ap)->id < (*bp)->id)
  1982. return -1;
  1983. return 0;
  1984. }
  1985. /** return a STACK of the ciphers available for the SSL and in order of
  1986. * preference */
  1987. STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
  1988. {
  1989. if (s != NULL) {
  1990. if (s->cipher_list != NULL) {
  1991. return (s->cipher_list);
  1992. } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
  1993. return (s->ctx->cipher_list);
  1994. }
  1995. }
  1996. return (NULL);
  1997. }
  1998. STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
  1999. {
  2000. if ((s == NULL) || (s->session == NULL) || !s->server)
  2001. return NULL;
  2002. return s->session->ciphers;
  2003. }
  2004. STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
  2005. {
  2006. STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
  2007. int i;
  2008. ciphers = SSL_get_ciphers(s);
  2009. if (!ciphers)
  2010. return NULL;
  2011. ssl_set_client_disabled(s);
  2012. for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
  2013. const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
  2014. if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
  2015. if (!sk)
  2016. sk = sk_SSL_CIPHER_new_null();
  2017. if (!sk)
  2018. return NULL;
  2019. if (!sk_SSL_CIPHER_push(sk, c)) {
  2020. sk_SSL_CIPHER_free(sk);
  2021. return NULL;
  2022. }
  2023. }
  2024. }
  2025. return sk;
  2026. }
  2027. /** return a STACK of the ciphers available for the SSL and in order of
  2028. * algorithm id */
  2029. STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
  2030. {
  2031. if (s != NULL) {
  2032. if (s->cipher_list_by_id != NULL) {
  2033. return (s->cipher_list_by_id);
  2034. } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
  2035. return (s->ctx->cipher_list_by_id);
  2036. }
  2037. }
  2038. return (NULL);
  2039. }
  2040. /** The old interface to get the same thing as SSL_get_ciphers() */
  2041. const char *SSL_get_cipher_list(const SSL *s, int n)
  2042. {
  2043. const SSL_CIPHER *c;
  2044. STACK_OF(SSL_CIPHER) *sk;
  2045. if (s == NULL)
  2046. return (NULL);
  2047. sk = SSL_get_ciphers(s);
  2048. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
  2049. return (NULL);
  2050. c = sk_SSL_CIPHER_value(sk, n);
  2051. if (c == NULL)
  2052. return (NULL);
  2053. return (c->name);
  2054. }
  2055. /** return a STACK of the ciphers available for the SSL_CTX and in order of
  2056. * preference */
  2057. STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
  2058. {
  2059. if (ctx != NULL)
  2060. return ctx->cipher_list;
  2061. return NULL;
  2062. }
  2063. /** specify the ciphers to be used by default by the SSL_CTX */
  2064. int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
  2065. {
  2066. STACK_OF(SSL_CIPHER) *sk;
  2067. sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
  2068. &ctx->cipher_list_by_id, str, ctx->cert);
  2069. /*
  2070. * ssl_create_cipher_list may return an empty stack if it was unable to
  2071. * find a cipher matching the given rule string (for example if the rule
  2072. * string specifies a cipher which has been disabled). This is not an
  2073. * error as far as ssl_create_cipher_list is concerned, and hence
  2074. * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
  2075. */
  2076. if (sk == NULL)
  2077. return 0;
  2078. else if (sk_SSL_CIPHER_num(sk) == 0) {
  2079. SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
  2080. return 0;
  2081. }
  2082. return 1;
  2083. }
  2084. /** specify the ciphers to be used by the SSL */
  2085. int SSL_set_cipher_list(SSL *s, const char *str)
  2086. {
  2087. STACK_OF(SSL_CIPHER) *sk;
  2088. sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
  2089. &s->cipher_list_by_id, str, s->cert);
  2090. /* see comment in SSL_CTX_set_cipher_list */
  2091. if (sk == NULL)
  2092. return 0;
  2093. else if (sk_SSL_CIPHER_num(sk) == 0) {
  2094. SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
  2095. return 0;
  2096. }
  2097. return 1;
  2098. }
  2099. char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
  2100. {
  2101. char *p;
  2102. STACK_OF(SSL_CIPHER) *sk;
  2103. const SSL_CIPHER *c;
  2104. int i;
  2105. if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2))
  2106. return (NULL);
  2107. p = buf;
  2108. sk = s->session->ciphers;
  2109. if (sk_SSL_CIPHER_num(sk) == 0)
  2110. return NULL;
  2111. for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
  2112. int n;
  2113. c = sk_SSL_CIPHER_value(sk, i);
  2114. n = strlen(c->name);
  2115. if (n + 1 > len) {
  2116. if (p != buf)
  2117. --p;
  2118. *p = '\0';
  2119. return buf;
  2120. }
  2121. memcpy(p, c->name, n + 1);
  2122. p += n;
  2123. *(p++) = ':';
  2124. len -= n + 1;
  2125. }
  2126. p[-1] = '\0';
  2127. return (buf);
  2128. }
  2129. /** return a servername extension value if provided in Client Hello, or NULL.
  2130. * So far, only host_name types are defined (RFC 3546).
  2131. */
  2132. const char *SSL_get_servername(const SSL *s, const int type)
  2133. {
  2134. if (type != TLSEXT_NAMETYPE_host_name)
  2135. return NULL;
  2136. return s->session && !s->ext.hostname ?
  2137. s->session->ext.hostname : s->ext.hostname;
  2138. }
  2139. int SSL_get_servername_type(const SSL *s)
  2140. {
  2141. if (s->session
  2142. && (!s->ext.hostname ? s->session->
  2143. ext.hostname : s->ext.hostname))
  2144. return TLSEXT_NAMETYPE_host_name;
  2145. return -1;
  2146. }
  2147. /*
  2148. * SSL_select_next_proto implements the standard protocol selection. It is
  2149. * expected that this function is called from the callback set by
  2150. * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
  2151. * vector of 8-bit, length prefixed byte strings. The length byte itself is
  2152. * not included in the length. A byte string of length 0 is invalid. No byte
  2153. * string may be truncated. The current, but experimental algorithm for
  2154. * selecting the protocol is: 1) If the server doesn't support NPN then this
  2155. * is indicated to the callback. In this case, the client application has to
  2156. * abort the connection or have a default application level protocol. 2) If
  2157. * the server supports NPN, but advertises an empty list then the client
  2158. * selects the first protocol in its list, but indicates via the API that this
  2159. * fallback case was enacted. 3) Otherwise, the client finds the first
  2160. * protocol in the server's list that it supports and selects this protocol.
  2161. * This is because it's assumed that the server has better information about
  2162. * which protocol a client should use. 4) If the client doesn't support any
  2163. * of the server's advertised protocols, then this is treated the same as
  2164. * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
  2165. * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
  2166. */
  2167. int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
  2168. const unsigned char *server,
  2169. unsigned int server_len,
  2170. const unsigned char *client, unsigned int client_len)
  2171. {
  2172. unsigned int i, j;
  2173. const unsigned char *result;
  2174. int status = OPENSSL_NPN_UNSUPPORTED;
  2175. /*
  2176. * For each protocol in server preference order, see if we support it.
  2177. */
  2178. for (i = 0; i < server_len;) {
  2179. for (j = 0; j < client_len;) {
  2180. if (server[i] == client[j] &&
  2181. memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
  2182. /* We found a match */
  2183. result = &server[i];
  2184. status = OPENSSL_NPN_NEGOTIATED;
  2185. goto found;
  2186. }
  2187. j += client[j];
  2188. j++;
  2189. }
  2190. i += server[i];
  2191. i++;
  2192. }
  2193. /* There's no overlap between our protocols and the server's list. */
  2194. result = client;
  2195. status = OPENSSL_NPN_NO_OVERLAP;
  2196. found:
  2197. *out = (unsigned char *)result + 1;
  2198. *outlen = result[0];
  2199. return status;
  2200. }
  2201. #ifndef OPENSSL_NO_NEXTPROTONEG
  2202. /*
  2203. * SSL_get0_next_proto_negotiated sets *data and *len to point to the
  2204. * client's requested protocol for this connection and returns 0. If the
  2205. * client didn't request any protocol, then *data is set to NULL. Note that
  2206. * the client can request any protocol it chooses. The value returned from
  2207. * this function need not be a member of the list of supported protocols
  2208. * provided by the callback.
  2209. */
  2210. void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
  2211. unsigned *len)
  2212. {
  2213. *data = s->ext.npn;
  2214. if (!*data) {
  2215. *len = 0;
  2216. } else {
  2217. *len = (unsigned int)s->ext.npn_len;
  2218. }
  2219. }
  2220. /*
  2221. * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
  2222. * a TLS server needs a list of supported protocols for Next Protocol
  2223. * Negotiation. The returned list must be in wire format. The list is
  2224. * returned by setting |out| to point to it and |outlen| to its length. This
  2225. * memory will not be modified, but one should assume that the SSL* keeps a
  2226. * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
  2227. * wishes to advertise. Otherwise, no such extension will be included in the
  2228. * ServerHello.
  2229. */
  2230. void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
  2231. SSL_CTX_npn_advertised_cb_func cb,
  2232. void *arg)
  2233. {
  2234. ctx->ext.npn_advertised_cb = cb;
  2235. ctx->ext.npn_advertised_cb_arg = arg;
  2236. }
  2237. /*
  2238. * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
  2239. * client needs to select a protocol from the server's provided list. |out|
  2240. * must be set to point to the selected protocol (which may be within |in|).
  2241. * The length of the protocol name must be written into |outlen|. The
  2242. * server's advertised protocols are provided in |in| and |inlen|. The
  2243. * callback can assume that |in| is syntactically valid. The client must
  2244. * select a protocol. It is fatal to the connection if this callback returns
  2245. * a value other than SSL_TLSEXT_ERR_OK.
  2246. */
  2247. void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
  2248. SSL_CTX_npn_select_cb_func cb,
  2249. void *arg)
  2250. {
  2251. ctx->ext.npn_select_cb = cb;
  2252. ctx->ext.npn_select_cb_arg = arg;
  2253. }
  2254. #endif
  2255. /*
  2256. * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
  2257. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  2258. * length-prefixed strings). Returns 0 on success.
  2259. */
  2260. int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
  2261. unsigned int protos_len)
  2262. {
  2263. OPENSSL_free(ctx->ext.alpn);
  2264. ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
  2265. if (ctx->ext.alpn == NULL) {
  2266. SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
  2267. return 1;
  2268. }
  2269. ctx->ext.alpn_len = protos_len;
  2270. return 0;
  2271. }
  2272. /*
  2273. * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
  2274. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  2275. * length-prefixed strings). Returns 0 on success.
  2276. */
  2277. int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
  2278. unsigned int protos_len)
  2279. {
  2280. OPENSSL_free(ssl->ext.alpn);
  2281. ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
  2282. if (ssl->ext.alpn == NULL) {
  2283. SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
  2284. return 1;
  2285. }
  2286. ssl->ext.alpn_len = protos_len;
  2287. return 0;
  2288. }
  2289. /*
  2290. * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
  2291. * called during ClientHello processing in order to select an ALPN protocol
  2292. * from the client's list of offered protocols.
  2293. */
  2294. void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
  2295. SSL_CTX_alpn_select_cb_func cb,
  2296. void *arg)
  2297. {
  2298. ctx->ext.alpn_select_cb = cb;
  2299. ctx->ext.alpn_select_cb_arg = arg;
  2300. }
  2301. /*
  2302. * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
  2303. * On return it sets |*data| to point to |*len| bytes of protocol name
  2304. * (not including the leading length-prefix byte). If the server didn't
  2305. * respond with a negotiated protocol then |*len| will be zero.
  2306. */
  2307. void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
  2308. unsigned int *len)
  2309. {
  2310. *data = NULL;
  2311. if (ssl->s3)
  2312. *data = ssl->s3->alpn_selected;
  2313. if (*data == NULL)
  2314. *len = 0;
  2315. else
  2316. *len = (unsigned int)ssl->s3->alpn_selected_len;
  2317. }
  2318. int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
  2319. const char *label, size_t llen,
  2320. const unsigned char *context, size_t contextlen,
  2321. int use_context)
  2322. {
  2323. if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
  2324. return -1;
  2325. return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
  2326. llen, context,
  2327. contextlen, use_context);
  2328. }
  2329. static unsigned long ssl_session_hash(const SSL_SESSION *a)
  2330. {
  2331. const unsigned char *session_id = a->session_id;
  2332. unsigned long l;
  2333. unsigned char tmp_storage[4];
  2334. if (a->session_id_length < sizeof(tmp_storage)) {
  2335. memset(tmp_storage, 0, sizeof(tmp_storage));
  2336. memcpy(tmp_storage, a->session_id, a->session_id_length);
  2337. session_id = tmp_storage;
  2338. }
  2339. l = (unsigned long)
  2340. ((unsigned long)session_id[0]) |
  2341. ((unsigned long)session_id[1] << 8L) |
  2342. ((unsigned long)session_id[2] << 16L) |
  2343. ((unsigned long)session_id[3] << 24L);
  2344. return (l);
  2345. }
  2346. /*
  2347. * NB: If this function (or indeed the hash function which uses a sort of
  2348. * coarser function than this one) is changed, ensure
  2349. * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
  2350. * being able to construct an SSL_SESSION that will collide with any existing
  2351. * session with a matching session ID.
  2352. */
  2353. static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
  2354. {
  2355. if (a->ssl_version != b->ssl_version)
  2356. return (1);
  2357. if (a->session_id_length != b->session_id_length)
  2358. return (1);
  2359. return (memcmp(a->session_id, b->session_id, a->session_id_length));
  2360. }
  2361. /*
  2362. * These wrapper functions should remain rather than redeclaring
  2363. * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
  2364. * variable. The reason is that the functions aren't static, they're exposed
  2365. * via ssl.h.
  2366. */
  2367. SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
  2368. {
  2369. SSL_CTX *ret = NULL;
  2370. if (meth == NULL) {
  2371. SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
  2372. return (NULL);
  2373. }
  2374. if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
  2375. return NULL;
  2376. if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
  2377. SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
  2378. goto err;
  2379. }
  2380. ret = OPENSSL_zalloc(sizeof(*ret));
  2381. if (ret == NULL)
  2382. goto err;
  2383. ret->method = meth;
  2384. ret->min_proto_version = 0;
  2385. ret->max_proto_version = 0;
  2386. ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
  2387. ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
  2388. /* We take the system default. */
  2389. ret->session_timeout = meth->get_timeout();
  2390. ret->references = 1;
  2391. ret->lock = CRYPTO_THREAD_lock_new();
  2392. if (ret->lock == NULL) {
  2393. SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
  2394. OPENSSL_free(ret);
  2395. return NULL;
  2396. }
  2397. ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
  2398. ret->verify_mode = SSL_VERIFY_NONE;
  2399. if ((ret->cert = ssl_cert_new()) == NULL)
  2400. goto err;
  2401. ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
  2402. if (ret->sessions == NULL)
  2403. goto err;
  2404. ret->cert_store = X509_STORE_new();
  2405. if (ret->cert_store == NULL)
  2406. goto err;
  2407. #ifndef OPENSSL_NO_CT
  2408. ret->ctlog_store = CTLOG_STORE_new();
  2409. if (ret->ctlog_store == NULL)
  2410. goto err;
  2411. #endif
  2412. if (!ssl_create_cipher_list(ret->method,
  2413. &ret->cipher_list, &ret->cipher_list_by_id,
  2414. SSL_DEFAULT_CIPHER_LIST, ret->cert)
  2415. || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
  2416. SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
  2417. goto err2;
  2418. }
  2419. ret->param = X509_VERIFY_PARAM_new();
  2420. if (ret->param == NULL)
  2421. goto err;
  2422. if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
  2423. SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
  2424. goto err2;
  2425. }
  2426. if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
  2427. SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
  2428. goto err2;
  2429. }
  2430. if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
  2431. goto err;
  2432. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
  2433. goto err;
  2434. /* No compression for DTLS */
  2435. if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
  2436. ret->comp_methods = SSL_COMP_get_compression_methods();
  2437. ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  2438. ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  2439. /* Setup RFC5077 ticket keys */
  2440. if ((RAND_bytes(ret->ext.tick_key_name,
  2441. sizeof(ret->ext.tick_key_name)) <= 0)
  2442. || (RAND_bytes(ret->ext.tick_hmac_key,
  2443. sizeof(ret->ext.tick_hmac_key)) <= 0)
  2444. || (RAND_bytes(ret->ext.tick_aes_key,
  2445. sizeof(ret->ext.tick_aes_key)) <= 0))
  2446. ret->options |= SSL_OP_NO_TICKET;
  2447. #ifndef OPENSSL_NO_SRP
  2448. if (!SSL_CTX_SRP_CTX_init(ret))
  2449. goto err;
  2450. #endif
  2451. #ifndef OPENSSL_NO_ENGINE
  2452. # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
  2453. # define eng_strx(x) #x
  2454. # define eng_str(x) eng_strx(x)
  2455. /* Use specific client engine automatically... ignore errors */
  2456. {
  2457. ENGINE *eng;
  2458. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  2459. if (!eng) {
  2460. ERR_clear_error();
  2461. ENGINE_load_builtin_engines();
  2462. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  2463. }
  2464. if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
  2465. ERR_clear_error();
  2466. }
  2467. # endif
  2468. #endif
  2469. /*
  2470. * Default is to connect to non-RI servers. When RI is more widely
  2471. * deployed might change this.
  2472. */
  2473. ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
  2474. /*
  2475. * Disable compression by default to prevent CRIME. Applications can
  2476. * re-enable compression by configuring
  2477. * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
  2478. * or by using the SSL_CONF library.
  2479. */
  2480. ret->options |= SSL_OP_NO_COMPRESSION;
  2481. ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
  2482. /*
  2483. * Default max early data is a fully loaded single record. Could be split
  2484. * across multiple records in practice
  2485. */
  2486. ret->max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
  2487. return ret;
  2488. err:
  2489. SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
  2490. err2:
  2491. SSL_CTX_free(ret);
  2492. return NULL;
  2493. }
  2494. int SSL_CTX_up_ref(SSL_CTX *ctx)
  2495. {
  2496. int i;
  2497. if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
  2498. return 0;
  2499. REF_PRINT_COUNT("SSL_CTX", ctx);
  2500. REF_ASSERT_ISNT(i < 2);
  2501. return ((i > 1) ? 1 : 0);
  2502. }
  2503. void SSL_CTX_free(SSL_CTX *a)
  2504. {
  2505. int i;
  2506. if (a == NULL)
  2507. return;
  2508. CRYPTO_DOWN_REF(&a->references, &i, a->lock);
  2509. REF_PRINT_COUNT("SSL_CTX", a);
  2510. if (i > 0)
  2511. return;
  2512. REF_ASSERT_ISNT(i < 0);
  2513. X509_VERIFY_PARAM_free(a->param);
  2514. dane_ctx_final(&a->dane);
  2515. /*
  2516. * Free internal session cache. However: the remove_cb() may reference
  2517. * the ex_data of SSL_CTX, thus the ex_data store can only be removed
  2518. * after the sessions were flushed.
  2519. * As the ex_data handling routines might also touch the session cache,
  2520. * the most secure solution seems to be: empty (flush) the cache, then
  2521. * free ex_data, then finally free the cache.
  2522. * (See ticket [openssl.org #212].)
  2523. */
  2524. if (a->sessions != NULL)
  2525. SSL_CTX_flush_sessions(a, 0);
  2526. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
  2527. lh_SSL_SESSION_free(a->sessions);
  2528. X509_STORE_free(a->cert_store);
  2529. #ifndef OPENSSL_NO_CT
  2530. CTLOG_STORE_free(a->ctlog_store);
  2531. #endif
  2532. sk_SSL_CIPHER_free(a->cipher_list);
  2533. sk_SSL_CIPHER_free(a->cipher_list_by_id);
  2534. ssl_cert_free(a->cert);
  2535. sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
  2536. sk_X509_pop_free(a->extra_certs, X509_free);
  2537. a->comp_methods = NULL;
  2538. #ifndef OPENSSL_NO_SRTP
  2539. sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
  2540. #endif
  2541. #ifndef OPENSSL_NO_SRP
  2542. SSL_CTX_SRP_CTX_free(a);
  2543. #endif
  2544. #ifndef OPENSSL_NO_ENGINE
  2545. ENGINE_finish(a->client_cert_engine);
  2546. #endif
  2547. #ifndef OPENSSL_NO_EC
  2548. OPENSSL_free(a->ext.ecpointformats);
  2549. OPENSSL_free(a->ext.supportedgroups);
  2550. #endif
  2551. OPENSSL_free(a->ext.alpn);
  2552. CRYPTO_THREAD_lock_free(a->lock);
  2553. OPENSSL_free(a);
  2554. }
  2555. void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
  2556. {
  2557. ctx->default_passwd_callback = cb;
  2558. }
  2559. void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
  2560. {
  2561. ctx->default_passwd_callback_userdata = u;
  2562. }
  2563. pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
  2564. {
  2565. return ctx->default_passwd_callback;
  2566. }
  2567. void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
  2568. {
  2569. return ctx->default_passwd_callback_userdata;
  2570. }
  2571. void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
  2572. {
  2573. s->default_passwd_callback = cb;
  2574. }
  2575. void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
  2576. {
  2577. s->default_passwd_callback_userdata = u;
  2578. }
  2579. pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
  2580. {
  2581. return s->default_passwd_callback;
  2582. }
  2583. void *SSL_get_default_passwd_cb_userdata(SSL *s)
  2584. {
  2585. return s->default_passwd_callback_userdata;
  2586. }
  2587. void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
  2588. int (*cb) (X509_STORE_CTX *, void *),
  2589. void *arg)
  2590. {
  2591. ctx->app_verify_callback = cb;
  2592. ctx->app_verify_arg = arg;
  2593. }
  2594. void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
  2595. int (*cb) (int, X509_STORE_CTX *))
  2596. {
  2597. ctx->verify_mode = mode;
  2598. ctx->default_verify_callback = cb;
  2599. }
  2600. void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
  2601. {
  2602. X509_VERIFY_PARAM_set_depth(ctx->param, depth);
  2603. }
  2604. void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
  2605. {
  2606. ssl_cert_set_cert_cb(c->cert, cb, arg);
  2607. }
  2608. void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
  2609. {
  2610. ssl_cert_set_cert_cb(s->cert, cb, arg);
  2611. }
  2612. void ssl_set_masks(SSL *s)
  2613. {
  2614. CERT *c = s->cert;
  2615. uint32_t *pvalid = s->s3->tmp.valid_flags;
  2616. int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
  2617. unsigned long mask_k, mask_a;
  2618. #ifndef OPENSSL_NO_EC
  2619. int have_ecc_cert, ecdsa_ok;
  2620. #endif
  2621. if (c == NULL)
  2622. return;
  2623. #ifndef OPENSSL_NO_DH
  2624. dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
  2625. #else
  2626. dh_tmp = 0;
  2627. #endif
  2628. rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  2629. rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  2630. dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
  2631. #ifndef OPENSSL_NO_EC
  2632. have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
  2633. #endif
  2634. mask_k = 0;
  2635. mask_a = 0;
  2636. #ifdef CIPHER_DEBUG
  2637. fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",
  2638. dh_tmp, rsa_enc, rsa_sign, dsa_sign);
  2639. #endif
  2640. #ifndef OPENSSL_NO_GOST
  2641. if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
  2642. mask_k |= SSL_kGOST;
  2643. mask_a |= SSL_aGOST12;
  2644. }
  2645. if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
  2646. mask_k |= SSL_kGOST;
  2647. mask_a |= SSL_aGOST12;
  2648. }
  2649. if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
  2650. mask_k |= SSL_kGOST;
  2651. mask_a |= SSL_aGOST01;
  2652. }
  2653. #endif
  2654. if (rsa_enc)
  2655. mask_k |= SSL_kRSA;
  2656. if (dh_tmp)
  2657. mask_k |= SSL_kDHE;
  2658. if (rsa_enc || rsa_sign) {
  2659. mask_a |= SSL_aRSA;
  2660. }
  2661. if (dsa_sign) {
  2662. mask_a |= SSL_aDSS;
  2663. }
  2664. mask_a |= SSL_aNULL;
  2665. /*
  2666. * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
  2667. * depending on the key usage extension.
  2668. */
  2669. #ifndef OPENSSL_NO_EC
  2670. if (have_ecc_cert) {
  2671. uint32_t ex_kusage;
  2672. ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
  2673. ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
  2674. if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
  2675. ecdsa_ok = 0;
  2676. if (ecdsa_ok)
  2677. mask_a |= SSL_aECDSA;
  2678. }
  2679. /* Allow Ed25519 for TLS 1.2 if peer supports it */
  2680. if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
  2681. && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
  2682. && TLS1_get_version(s) == TLS1_2_VERSION)
  2683. mask_a |= SSL_aECDSA;
  2684. #endif
  2685. #ifndef OPENSSL_NO_EC
  2686. mask_k |= SSL_kECDHE;
  2687. #endif
  2688. #ifndef OPENSSL_NO_PSK
  2689. mask_k |= SSL_kPSK;
  2690. mask_a |= SSL_aPSK;
  2691. if (mask_k & SSL_kRSA)
  2692. mask_k |= SSL_kRSAPSK;
  2693. if (mask_k & SSL_kDHE)
  2694. mask_k |= SSL_kDHEPSK;
  2695. if (mask_k & SSL_kECDHE)
  2696. mask_k |= SSL_kECDHEPSK;
  2697. #endif
  2698. s->s3->tmp.mask_k = mask_k;
  2699. s->s3->tmp.mask_a = mask_a;
  2700. }
  2701. #ifndef OPENSSL_NO_EC
  2702. int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
  2703. {
  2704. if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
  2705. /* key usage, if present, must allow signing */
  2706. if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
  2707. SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
  2708. SSL_R_ECC_CERT_NOT_FOR_SIGNING);
  2709. return 0;
  2710. }
  2711. }
  2712. return 1; /* all checks are ok */
  2713. }
  2714. #endif
  2715. int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
  2716. size_t *serverinfo_length)
  2717. {
  2718. CERT_PKEY *cpk = s->s3->tmp.cert;
  2719. *serverinfo_length = 0;
  2720. if (cpk == NULL || cpk->serverinfo == NULL)
  2721. return 0;
  2722. *serverinfo = cpk->serverinfo;
  2723. *serverinfo_length = cpk->serverinfo_length;
  2724. return 1;
  2725. }
  2726. void ssl_update_cache(SSL *s, int mode)
  2727. {
  2728. int i;
  2729. /*
  2730. * If the session_id_length is 0, we are not supposed to cache it, and it
  2731. * would be rather hard to do anyway :-)
  2732. */
  2733. if (s->session->session_id_length == 0)
  2734. return;
  2735. i = s->session_ctx->session_cache_mode;
  2736. if ((i & mode) != 0
  2737. && (!s->hit || SSL_IS_TLS13(s))
  2738. && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0
  2739. || SSL_CTX_add_session(s->session_ctx, s->session))
  2740. && s->session_ctx->new_session_cb != NULL) {
  2741. SSL_SESSION_up_ref(s->session);
  2742. if (!s->session_ctx->new_session_cb(s, s->session))
  2743. SSL_SESSION_free(s->session);
  2744. }
  2745. /* auto flush every 255 connections */
  2746. if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
  2747. if ((((mode & SSL_SESS_CACHE_CLIENT)
  2748. ? s->session_ctx->stats.sess_connect_good
  2749. : s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
  2750. SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
  2751. }
  2752. }
  2753. }
  2754. const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
  2755. {
  2756. return ctx->method;
  2757. }
  2758. const SSL_METHOD *SSL_get_ssl_method(SSL *s)
  2759. {
  2760. return (s->method);
  2761. }
  2762. int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
  2763. {
  2764. int ret = 1;
  2765. if (s->method != meth) {
  2766. const SSL_METHOD *sm = s->method;
  2767. int (*hf) (SSL *) = s->handshake_func;
  2768. if (sm->version == meth->version)
  2769. s->method = meth;
  2770. else {
  2771. sm->ssl_free(s);
  2772. s->method = meth;
  2773. ret = s->method->ssl_new(s);
  2774. }
  2775. if (hf == sm->ssl_connect)
  2776. s->handshake_func = meth->ssl_connect;
  2777. else if (hf == sm->ssl_accept)
  2778. s->handshake_func = meth->ssl_accept;
  2779. }
  2780. return (ret);
  2781. }
  2782. int SSL_get_error(const SSL *s, int i)
  2783. {
  2784. int reason;
  2785. unsigned long l;
  2786. BIO *bio;
  2787. if (i > 0)
  2788. return (SSL_ERROR_NONE);
  2789. /*
  2790. * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
  2791. * where we do encode the error
  2792. */
  2793. if ((l = ERR_peek_error()) != 0) {
  2794. if (ERR_GET_LIB(l) == ERR_LIB_SYS)
  2795. return (SSL_ERROR_SYSCALL);
  2796. else
  2797. return (SSL_ERROR_SSL);
  2798. }
  2799. if (SSL_want_read(s)) {
  2800. bio = SSL_get_rbio(s);
  2801. if (BIO_should_read(bio))
  2802. return (SSL_ERROR_WANT_READ);
  2803. else if (BIO_should_write(bio))
  2804. /*
  2805. * This one doesn't make too much sense ... We never try to write
  2806. * to the rbio, and an application program where rbio and wbio
  2807. * are separate couldn't even know what it should wait for.
  2808. * However if we ever set s->rwstate incorrectly (so that we have
  2809. * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
  2810. * wbio *are* the same, this test works around that bug; so it
  2811. * might be safer to keep it.
  2812. */
  2813. return (SSL_ERROR_WANT_WRITE);
  2814. else if (BIO_should_io_special(bio)) {
  2815. reason = BIO_get_retry_reason(bio);
  2816. if (reason == BIO_RR_CONNECT)
  2817. return (SSL_ERROR_WANT_CONNECT);
  2818. else if (reason == BIO_RR_ACCEPT)
  2819. return (SSL_ERROR_WANT_ACCEPT);
  2820. else
  2821. return (SSL_ERROR_SYSCALL); /* unknown */
  2822. }
  2823. }
  2824. if (SSL_want_write(s)) {
  2825. /* Access wbio directly - in order to use the buffered bio if present */
  2826. bio = s->wbio;
  2827. if (BIO_should_write(bio))
  2828. return (SSL_ERROR_WANT_WRITE);
  2829. else if (BIO_should_read(bio))
  2830. /*
  2831. * See above (SSL_want_read(s) with BIO_should_write(bio))
  2832. */
  2833. return (SSL_ERROR_WANT_READ);
  2834. else if (BIO_should_io_special(bio)) {
  2835. reason = BIO_get_retry_reason(bio);
  2836. if (reason == BIO_RR_CONNECT)
  2837. return (SSL_ERROR_WANT_CONNECT);
  2838. else if (reason == BIO_RR_ACCEPT)
  2839. return (SSL_ERROR_WANT_ACCEPT);
  2840. else
  2841. return (SSL_ERROR_SYSCALL);
  2842. }
  2843. }
  2844. if (SSL_want_x509_lookup(s))
  2845. return (SSL_ERROR_WANT_X509_LOOKUP);
  2846. if (SSL_want_async(s))
  2847. return SSL_ERROR_WANT_ASYNC;
  2848. if (SSL_want_async_job(s))
  2849. return SSL_ERROR_WANT_ASYNC_JOB;
  2850. if (SSL_want_early(s))
  2851. return SSL_ERROR_WANT_EARLY;
  2852. if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
  2853. (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
  2854. return (SSL_ERROR_ZERO_RETURN);
  2855. return (SSL_ERROR_SYSCALL);
  2856. }
  2857. static int ssl_do_handshake_intern(void *vargs)
  2858. {
  2859. struct ssl_async_args *args;
  2860. SSL *s;
  2861. args = (struct ssl_async_args *)vargs;
  2862. s = args->s;
  2863. return s->handshake_func(s);
  2864. }
  2865. int SSL_do_handshake(SSL *s)
  2866. {
  2867. int ret = 1;
  2868. if (s->handshake_func == NULL) {
  2869. SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
  2870. return -1;
  2871. }
  2872. ossl_statem_check_finish_init(s, -1);
  2873. s->method->ssl_renegotiate_check(s, 0);
  2874. if (SSL_is_server(s)) {
  2875. /* clear SNI settings at server-side */
  2876. OPENSSL_free(s->ext.hostname);
  2877. s->ext.hostname = NULL;
  2878. }
  2879. if (SSL_in_init(s) || SSL_in_before(s)) {
  2880. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  2881. struct ssl_async_args args;
  2882. args.s = s;
  2883. ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
  2884. } else {
  2885. ret = s->handshake_func(s);
  2886. }
  2887. }
  2888. return ret;
  2889. }
  2890. void SSL_set_accept_state(SSL *s)
  2891. {
  2892. s->server = 1;
  2893. s->shutdown = 0;
  2894. ossl_statem_clear(s);
  2895. s->handshake_func = s->method->ssl_accept;
  2896. clear_ciphers(s);
  2897. }
  2898. void SSL_set_connect_state(SSL *s)
  2899. {
  2900. s->server = 0;
  2901. s->shutdown = 0;
  2902. ossl_statem_clear(s);
  2903. s->handshake_func = s->method->ssl_connect;
  2904. clear_ciphers(s);
  2905. }
  2906. int ssl_undefined_function(SSL *s)
  2907. {
  2908. SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2909. return (0);
  2910. }
  2911. int ssl_undefined_void_function(void)
  2912. {
  2913. SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
  2914. ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2915. return (0);
  2916. }
  2917. int ssl_undefined_const_function(const SSL *s)
  2918. {
  2919. return (0);
  2920. }
  2921. const SSL_METHOD *ssl_bad_method(int ver)
  2922. {
  2923. SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2924. return (NULL);
  2925. }
  2926. const char *ssl_protocol_to_string(int version)
  2927. {
  2928. switch(version)
  2929. {
  2930. case TLS1_3_VERSION:
  2931. return "TLSv1.3";
  2932. case TLS1_2_VERSION:
  2933. return "TLSv1.2";
  2934. case TLS1_1_VERSION:
  2935. return "TLSv1.1";
  2936. case TLS1_VERSION:
  2937. return "TLSv1";
  2938. case SSL3_VERSION:
  2939. return "SSLv3";
  2940. case DTLS1_BAD_VER:
  2941. return "DTLSv0.9";
  2942. case DTLS1_VERSION:
  2943. return "DTLSv1";
  2944. case DTLS1_2_VERSION:
  2945. return "DTLSv1.2";
  2946. default:
  2947. return "unknown";
  2948. }
  2949. }
  2950. const char *SSL_get_version(const SSL *s)
  2951. {
  2952. return ssl_protocol_to_string(s->version);
  2953. }
  2954. SSL *SSL_dup(SSL *s)
  2955. {
  2956. STACK_OF(X509_NAME) *sk;
  2957. X509_NAME *xn;
  2958. SSL *ret;
  2959. int i;
  2960. /* If we're not quiescent, just up_ref! */
  2961. if (!SSL_in_init(s) || !SSL_in_before(s)) {
  2962. CRYPTO_UP_REF(&s->references, &i, s->lock);
  2963. return s;
  2964. }
  2965. /*
  2966. * Otherwise, copy configuration state, and session if set.
  2967. */
  2968. if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
  2969. return (NULL);
  2970. if (s->session != NULL) {
  2971. /*
  2972. * Arranges to share the same session via up_ref. This "copies"
  2973. * session-id, SSL_METHOD, sid_ctx, and 'cert'
  2974. */
  2975. if (!SSL_copy_session_id(ret, s))
  2976. goto err;
  2977. } else {
  2978. /*
  2979. * No session has been established yet, so we have to expect that
  2980. * s->cert or ret->cert will be changed later -- they should not both
  2981. * point to the same object, and thus we can't use
  2982. * SSL_copy_session_id.
  2983. */
  2984. if (!SSL_set_ssl_method(ret, s->method))
  2985. goto err;
  2986. if (s->cert != NULL) {
  2987. ssl_cert_free(ret->cert);
  2988. ret->cert = ssl_cert_dup(s->cert);
  2989. if (ret->cert == NULL)
  2990. goto err;
  2991. }
  2992. if (!SSL_set_session_id_context(ret, s->sid_ctx,
  2993. (int)s->sid_ctx_length))
  2994. goto err;
  2995. }
  2996. if (!ssl_dane_dup(ret, s))
  2997. goto err;
  2998. ret->version = s->version;
  2999. ret->options = s->options;
  3000. ret->mode = s->mode;
  3001. SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
  3002. SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
  3003. ret->msg_callback = s->msg_callback;
  3004. ret->msg_callback_arg = s->msg_callback_arg;
  3005. SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
  3006. SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
  3007. ret->generate_session_id = s->generate_session_id;
  3008. SSL_set_info_callback(ret, SSL_get_info_callback(s));
  3009. /* copy app data, a little dangerous perhaps */
  3010. if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
  3011. goto err;
  3012. /* setup rbio, and wbio */
  3013. if (s->rbio != NULL) {
  3014. if (!BIO_dup_state(s->rbio, (char *)&ret->rbio))
  3015. goto err;
  3016. }
  3017. if (s->wbio != NULL) {
  3018. if (s->wbio != s->rbio) {
  3019. if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))
  3020. goto err;
  3021. } else {
  3022. BIO_up_ref(ret->rbio);
  3023. ret->wbio = ret->rbio;
  3024. }
  3025. }
  3026. ret->server = s->server;
  3027. if (s->handshake_func) {
  3028. if (s->server)
  3029. SSL_set_accept_state(ret);
  3030. else
  3031. SSL_set_connect_state(ret);
  3032. }
  3033. ret->shutdown = s->shutdown;
  3034. ret->hit = s->hit;
  3035. ret->default_passwd_callback = s->default_passwd_callback;
  3036. ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata;
  3037. X509_VERIFY_PARAM_inherit(ret->param, s->param);
  3038. /* dup the cipher_list and cipher_list_by_id stacks */
  3039. if (s->cipher_list != NULL) {
  3040. if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
  3041. goto err;
  3042. }
  3043. if (s->cipher_list_by_id != NULL)
  3044. if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
  3045. == NULL)
  3046. goto err;
  3047. /* Dup the client_CA list */
  3048. if (s->ca_names != NULL) {
  3049. if ((sk = sk_X509_NAME_dup(s->ca_names)) == NULL)
  3050. goto err;
  3051. ret->ca_names = sk;
  3052. for (i = 0; i < sk_X509_NAME_num(sk); i++) {
  3053. xn = sk_X509_NAME_value(sk, i);
  3054. if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
  3055. X509_NAME_free(xn);
  3056. goto err;
  3057. }
  3058. }
  3059. }
  3060. return ret;
  3061. err:
  3062. SSL_free(ret);
  3063. return NULL;
  3064. }
  3065. void ssl_clear_cipher_ctx(SSL *s)
  3066. {
  3067. if (s->enc_read_ctx != NULL) {
  3068. EVP_CIPHER_CTX_free(s->enc_read_ctx);
  3069. s->enc_read_ctx = NULL;
  3070. }
  3071. if (s->enc_write_ctx != NULL) {
  3072. EVP_CIPHER_CTX_free(s->enc_write_ctx);
  3073. s->enc_write_ctx = NULL;
  3074. }
  3075. #ifndef OPENSSL_NO_COMP
  3076. COMP_CTX_free(s->expand);
  3077. s->expand = NULL;
  3078. COMP_CTX_free(s->compress);
  3079. s->compress = NULL;
  3080. #endif
  3081. }
  3082. X509 *SSL_get_certificate(const SSL *s)
  3083. {
  3084. if (s->cert != NULL)
  3085. return (s->cert->key->x509);
  3086. else
  3087. return (NULL);
  3088. }
  3089. EVP_PKEY *SSL_get_privatekey(const SSL *s)
  3090. {
  3091. if (s->cert != NULL)
  3092. return (s->cert->key->privatekey);
  3093. else
  3094. return (NULL);
  3095. }
  3096. X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
  3097. {
  3098. if (ctx->cert != NULL)
  3099. return ctx->cert->key->x509;
  3100. else
  3101. return NULL;
  3102. }
  3103. EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
  3104. {
  3105. if (ctx->cert != NULL)
  3106. return ctx->cert->key->privatekey;
  3107. else
  3108. return NULL;
  3109. }
  3110. const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
  3111. {
  3112. if ((s->session != NULL) && (s->session->cipher != NULL))
  3113. return (s->session->cipher);
  3114. return (NULL);
  3115. }
  3116. const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
  3117. {
  3118. return s->s3->tmp.new_cipher;
  3119. }
  3120. const COMP_METHOD *SSL_get_current_compression(SSL *s)
  3121. {
  3122. #ifndef OPENSSL_NO_COMP
  3123. return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
  3124. #else
  3125. return NULL;
  3126. #endif
  3127. }
  3128. const COMP_METHOD *SSL_get_current_expansion(SSL *s)
  3129. {
  3130. #ifndef OPENSSL_NO_COMP
  3131. return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
  3132. #else
  3133. return NULL;
  3134. #endif
  3135. }
  3136. int ssl_init_wbio_buffer(SSL *s)
  3137. {
  3138. BIO *bbio;
  3139. if (s->bbio != NULL) {
  3140. /* Already buffered. */
  3141. return 1;
  3142. }
  3143. bbio = BIO_new(BIO_f_buffer());
  3144. if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
  3145. BIO_free(bbio);
  3146. SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
  3147. return 0;
  3148. }
  3149. s->bbio = bbio;
  3150. s->wbio = BIO_push(bbio, s->wbio);
  3151. return 1;
  3152. }
  3153. int ssl_free_wbio_buffer(SSL *s)
  3154. {
  3155. /* callers ensure s is never null */
  3156. if (s->bbio == NULL)
  3157. return 1;
  3158. s->wbio = BIO_pop(s->wbio);
  3159. if (!ossl_assert(s->wbio != NULL))
  3160. return 0;
  3161. BIO_free(s->bbio);
  3162. s->bbio = NULL;
  3163. return 1;
  3164. }
  3165. void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
  3166. {
  3167. ctx->quiet_shutdown = mode;
  3168. }
  3169. int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
  3170. {
  3171. return (ctx->quiet_shutdown);
  3172. }
  3173. void SSL_set_quiet_shutdown(SSL *s, int mode)
  3174. {
  3175. s->quiet_shutdown = mode;
  3176. }
  3177. int SSL_get_quiet_shutdown(const SSL *s)
  3178. {
  3179. return (s->quiet_shutdown);
  3180. }
  3181. void SSL_set_shutdown(SSL *s, int mode)
  3182. {
  3183. s->shutdown = mode;
  3184. }
  3185. int SSL_get_shutdown(const SSL *s)
  3186. {
  3187. return s->shutdown;
  3188. }
  3189. int SSL_version(const SSL *s)
  3190. {
  3191. return s->version;
  3192. }
  3193. int SSL_client_version(const SSL *s)
  3194. {
  3195. return s->client_version;
  3196. }
  3197. SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
  3198. {
  3199. return ssl->ctx;
  3200. }
  3201. SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
  3202. {
  3203. CERT *new_cert;
  3204. if (ssl->ctx == ctx)
  3205. return ssl->ctx;
  3206. if (ctx == NULL)
  3207. ctx = ssl->session_ctx;
  3208. new_cert = ssl_cert_dup(ctx->cert);
  3209. if (new_cert == NULL) {
  3210. return NULL;
  3211. }
  3212. if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) {
  3213. ssl_cert_free(new_cert);
  3214. return NULL;
  3215. }
  3216. ssl_cert_free(ssl->cert);
  3217. ssl->cert = new_cert;
  3218. /*
  3219. * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
  3220. * so setter APIs must prevent invalid lengths from entering the system.
  3221. */
  3222. if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)))
  3223. return NULL;
  3224. /*
  3225. * If the session ID context matches that of the parent SSL_CTX,
  3226. * inherit it from the new SSL_CTX as well. If however the context does
  3227. * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
  3228. * leave it unchanged.
  3229. */
  3230. if ((ssl->ctx != NULL) &&
  3231. (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
  3232. (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
  3233. ssl->sid_ctx_length = ctx->sid_ctx_length;
  3234. memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
  3235. }
  3236. SSL_CTX_up_ref(ctx);
  3237. SSL_CTX_free(ssl->ctx); /* decrement reference count */
  3238. ssl->ctx = ctx;
  3239. return ssl->ctx;
  3240. }
  3241. int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
  3242. {
  3243. return (X509_STORE_set_default_paths(ctx->cert_store));
  3244. }
  3245. int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
  3246. {
  3247. X509_LOOKUP *lookup;
  3248. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
  3249. if (lookup == NULL)
  3250. return 0;
  3251. X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
  3252. /* Clear any errors if the default directory does not exist */
  3253. ERR_clear_error();
  3254. return 1;
  3255. }
  3256. int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
  3257. {
  3258. X509_LOOKUP *lookup;
  3259. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
  3260. if (lookup == NULL)
  3261. return 0;
  3262. X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
  3263. /* Clear any errors if the default file does not exist */
  3264. ERR_clear_error();
  3265. return 1;
  3266. }
  3267. int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
  3268. const char *CApath)
  3269. {
  3270. return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
  3271. }
  3272. void SSL_set_info_callback(SSL *ssl,
  3273. void (*cb) (const SSL *ssl, int type, int val))
  3274. {
  3275. ssl->info_callback = cb;
  3276. }
  3277. /*
  3278. * One compiler (Diab DCC) doesn't like argument names in returned function
  3279. * pointer.
  3280. */
  3281. void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
  3282. int /* type */ ,
  3283. int /* val */ ) {
  3284. return ssl->info_callback;
  3285. }
  3286. void SSL_set_verify_result(SSL *ssl, long arg)
  3287. {
  3288. ssl->verify_result = arg;
  3289. }
  3290. long SSL_get_verify_result(const SSL *ssl)
  3291. {
  3292. return (ssl->verify_result);
  3293. }
  3294. size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
  3295. {
  3296. if (outlen == 0)
  3297. return sizeof(ssl->s3->client_random);
  3298. if (outlen > sizeof(ssl->s3->client_random))
  3299. outlen = sizeof(ssl->s3->client_random);
  3300. memcpy(out, ssl->s3->client_random, outlen);
  3301. return outlen;
  3302. }
  3303. size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
  3304. {
  3305. if (outlen == 0)
  3306. return sizeof(ssl->s3->server_random);
  3307. if (outlen > sizeof(ssl->s3->server_random))
  3308. outlen = sizeof(ssl->s3->server_random);
  3309. memcpy(out, ssl->s3->server_random, outlen);
  3310. return outlen;
  3311. }
  3312. size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
  3313. unsigned char *out, size_t outlen)
  3314. {
  3315. if (outlen == 0)
  3316. return session->master_key_length;
  3317. if (outlen > session->master_key_length)
  3318. outlen = session->master_key_length;
  3319. memcpy(out, session->master_key, outlen);
  3320. return outlen;
  3321. }
  3322. int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
  3323. size_t len)
  3324. {
  3325. if (len > sizeof(sess->master_key))
  3326. return 0;
  3327. memcpy(sess->master_key, in, len);
  3328. sess->master_key_length = len;
  3329. return 1;
  3330. }
  3331. int SSL_set_ex_data(SSL *s, int idx, void *arg)
  3332. {
  3333. return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
  3334. }
  3335. void *SSL_get_ex_data(const SSL *s, int idx)
  3336. {
  3337. return (CRYPTO_get_ex_data(&s->ex_data, idx));
  3338. }
  3339. int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
  3340. {
  3341. return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
  3342. }
  3343. void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
  3344. {
  3345. return (CRYPTO_get_ex_data(&s->ex_data, idx));
  3346. }
  3347. X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
  3348. {
  3349. return (ctx->cert_store);
  3350. }
  3351. void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
  3352. {
  3353. X509_STORE_free(ctx->cert_store);
  3354. ctx->cert_store = store;
  3355. }
  3356. void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
  3357. {
  3358. if (store != NULL)
  3359. X509_STORE_up_ref(store);
  3360. SSL_CTX_set_cert_store(ctx, store);
  3361. }
  3362. int SSL_want(const SSL *s)
  3363. {
  3364. return (s->rwstate);
  3365. }
  3366. /**
  3367. * \brief Set the callback for generating temporary DH keys.
  3368. * \param ctx the SSL context.
  3369. * \param dh the callback
  3370. */
  3371. #ifndef OPENSSL_NO_DH
  3372. void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
  3373. DH *(*dh) (SSL *ssl, int is_export,
  3374. int keylength))
  3375. {
  3376. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
  3377. }
  3378. void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
  3379. int keylength))
  3380. {
  3381. SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
  3382. }
  3383. #endif
  3384. #ifndef OPENSSL_NO_PSK
  3385. int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
  3386. {
  3387. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  3388. SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
  3389. return 0;
  3390. }
  3391. OPENSSL_free(ctx->cert->psk_identity_hint);
  3392. if (identity_hint != NULL) {
  3393. ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  3394. if (ctx->cert->psk_identity_hint == NULL)
  3395. return 0;
  3396. } else
  3397. ctx->cert->psk_identity_hint = NULL;
  3398. return 1;
  3399. }
  3400. int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
  3401. {
  3402. if (s == NULL)
  3403. return 0;
  3404. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  3405. SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
  3406. return 0;
  3407. }
  3408. OPENSSL_free(s->cert->psk_identity_hint);
  3409. if (identity_hint != NULL) {
  3410. s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  3411. if (s->cert->psk_identity_hint == NULL)
  3412. return 0;
  3413. } else
  3414. s->cert->psk_identity_hint = NULL;
  3415. return 1;
  3416. }
  3417. const char *SSL_get_psk_identity_hint(const SSL *s)
  3418. {
  3419. if (s == NULL || s->session == NULL)
  3420. return NULL;
  3421. return (s->session->psk_identity_hint);
  3422. }
  3423. const char *SSL_get_psk_identity(const SSL *s)
  3424. {
  3425. if (s == NULL || s->session == NULL)
  3426. return NULL;
  3427. return (s->session->psk_identity);
  3428. }
  3429. void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
  3430. {
  3431. s->psk_client_callback = cb;
  3432. }
  3433. void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
  3434. {
  3435. ctx->psk_client_callback = cb;
  3436. }
  3437. void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
  3438. {
  3439. s->psk_server_callback = cb;
  3440. }
  3441. void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
  3442. {
  3443. ctx->psk_server_callback = cb;
  3444. }
  3445. #endif
  3446. void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
  3447. {
  3448. s->psk_find_session_cb = cb;
  3449. }
  3450. void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
  3451. SSL_psk_find_session_cb_func cb)
  3452. {
  3453. ctx->psk_find_session_cb = cb;
  3454. }
  3455. void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
  3456. {
  3457. s->psk_use_session_cb = cb;
  3458. }
  3459. void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
  3460. SSL_psk_use_session_cb_func cb)
  3461. {
  3462. ctx->psk_use_session_cb = cb;
  3463. }
  3464. void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
  3465. void (*cb) (int write_p, int version,
  3466. int content_type, const void *buf,
  3467. size_t len, SSL *ssl, void *arg))
  3468. {
  3469. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  3470. }
  3471. void SSL_set_msg_callback(SSL *ssl,
  3472. void (*cb) (int write_p, int version,
  3473. int content_type, const void *buf,
  3474. size_t len, SSL *ssl, void *arg))
  3475. {
  3476. SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  3477. }
  3478. void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
  3479. int (*cb) (SSL *ssl,
  3480. int
  3481. is_forward_secure))
  3482. {
  3483. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  3484. (void (*)(void))cb);
  3485. }
  3486. void SSL_set_not_resumable_session_callback(SSL *ssl,
  3487. int (*cb) (SSL *ssl,
  3488. int is_forward_secure))
  3489. {
  3490. SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  3491. (void (*)(void))cb);
  3492. }
  3493. void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
  3494. size_t (*cb) (SSL *ssl, int type,
  3495. size_t len, void *arg))
  3496. {
  3497. ctx->record_padding_cb = cb;
  3498. }
  3499. void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
  3500. {
  3501. ctx->record_padding_arg = arg;
  3502. }
  3503. void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx)
  3504. {
  3505. return ctx->record_padding_arg;
  3506. }
  3507. int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
  3508. {
  3509. /* block size of 0 or 1 is basically no padding */
  3510. if (block_size == 1)
  3511. ctx->block_padding = 0;
  3512. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  3513. ctx->block_padding = block_size;
  3514. else
  3515. return 0;
  3516. return 1;
  3517. }
  3518. void SSL_set_record_padding_callback(SSL *ssl,
  3519. size_t (*cb) (SSL *ssl, int type,
  3520. size_t len, void *arg))
  3521. {
  3522. ssl->record_padding_cb = cb;
  3523. }
  3524. void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
  3525. {
  3526. ssl->record_padding_arg = arg;
  3527. }
  3528. void *SSL_get_record_padding_callback_arg(SSL *ssl)
  3529. {
  3530. return ssl->record_padding_arg;
  3531. }
  3532. int SSL_set_block_padding(SSL *ssl, size_t block_size)
  3533. {
  3534. /* block size of 0 or 1 is basically no padding */
  3535. if (block_size == 1)
  3536. ssl->block_padding = 0;
  3537. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  3538. ssl->block_padding = block_size;
  3539. else
  3540. return 0;
  3541. return 1;
  3542. }
  3543. /*
  3544. * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
  3545. * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
  3546. * If EVP_MD pointer is passed, initializes ctx with this |md|.
  3547. * Returns the newly allocated ctx;
  3548. */
  3549. EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
  3550. {
  3551. ssl_clear_hash_ctx(hash);
  3552. *hash = EVP_MD_CTX_new();
  3553. if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
  3554. EVP_MD_CTX_free(*hash);
  3555. *hash = NULL;
  3556. return NULL;
  3557. }
  3558. return *hash;
  3559. }
  3560. void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
  3561. {
  3562. EVP_MD_CTX_free(*hash);
  3563. *hash = NULL;
  3564. }
  3565. /* Retrieve handshake hashes */
  3566. int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
  3567. size_t *hashlen)
  3568. {
  3569. EVP_MD_CTX *ctx = NULL;
  3570. EVP_MD_CTX *hdgst = s->s3->handshake_dgst;
  3571. int hashleni = EVP_MD_CTX_size(hdgst);
  3572. int ret = 0;
  3573. if (hashleni < 0 || (size_t)hashleni > outlen)
  3574. goto err;
  3575. ctx = EVP_MD_CTX_new();
  3576. if (ctx == NULL)
  3577. goto err;
  3578. if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
  3579. || EVP_DigestFinal_ex(ctx, out, NULL) <= 0)
  3580. goto err;
  3581. *hashlen = hashleni;
  3582. ret = 1;
  3583. err:
  3584. EVP_MD_CTX_free(ctx);
  3585. return ret;
  3586. }
  3587. int SSL_session_reused(SSL *s)
  3588. {
  3589. return s->hit;
  3590. }
  3591. int SSL_is_server(const SSL *s)
  3592. {
  3593. return s->server;
  3594. }
  3595. #if OPENSSL_API_COMPAT < 0x10100000L
  3596. void SSL_set_debug(SSL *s, int debug)
  3597. {
  3598. /* Old function was do-nothing anyway... */
  3599. (void)s;
  3600. (void)debug;
  3601. }
  3602. #endif
  3603. void SSL_set_security_level(SSL *s, int level)
  3604. {
  3605. s->cert->sec_level = level;
  3606. }
  3607. int SSL_get_security_level(const SSL *s)
  3608. {
  3609. return s->cert->sec_level;
  3610. }
  3611. void SSL_set_security_callback(SSL *s,
  3612. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  3613. int op, int bits, int nid,
  3614. void *other, void *ex))
  3615. {
  3616. s->cert->sec_cb = cb;
  3617. }
  3618. int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
  3619. const SSL_CTX *ctx, int op,
  3620. int bits, int nid, void *other,
  3621. void *ex) {
  3622. return s->cert->sec_cb;
  3623. }
  3624. void SSL_set0_security_ex_data(SSL *s, void *ex)
  3625. {
  3626. s->cert->sec_ex = ex;
  3627. }
  3628. void *SSL_get0_security_ex_data(const SSL *s)
  3629. {
  3630. return s->cert->sec_ex;
  3631. }
  3632. void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
  3633. {
  3634. ctx->cert->sec_level = level;
  3635. }
  3636. int SSL_CTX_get_security_level(const SSL_CTX *ctx)
  3637. {
  3638. return ctx->cert->sec_level;
  3639. }
  3640. void SSL_CTX_set_security_callback(SSL_CTX *ctx,
  3641. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  3642. int op, int bits, int nid,
  3643. void *other, void *ex))
  3644. {
  3645. ctx->cert->sec_cb = cb;
  3646. }
  3647. int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
  3648. const SSL_CTX *ctx,
  3649. int op, int bits,
  3650. int nid,
  3651. void *other,
  3652. void *ex) {
  3653. return ctx->cert->sec_cb;
  3654. }
  3655. void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
  3656. {
  3657. ctx->cert->sec_ex = ex;
  3658. }
  3659. void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
  3660. {
  3661. return ctx->cert->sec_ex;
  3662. }
  3663. /*
  3664. * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
  3665. * can return unsigned long, instead of the generic long return value from the
  3666. * control interface.
  3667. */
  3668. unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
  3669. {
  3670. return ctx->options;
  3671. }
  3672. unsigned long SSL_get_options(const SSL *s)
  3673. {
  3674. return s->options;
  3675. }
  3676. unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
  3677. {
  3678. return ctx->options |= op;
  3679. }
  3680. unsigned long SSL_set_options(SSL *s, unsigned long op)
  3681. {
  3682. return s->options |= op;
  3683. }
  3684. unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
  3685. {
  3686. return ctx->options &= ~op;
  3687. }
  3688. unsigned long SSL_clear_options(SSL *s, unsigned long op)
  3689. {
  3690. return s->options &= ~op;
  3691. }
  3692. STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
  3693. {
  3694. return s->verified_chain;
  3695. }
  3696. IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
  3697. #ifndef OPENSSL_NO_CT
  3698. /*
  3699. * Moves SCTs from the |src| stack to the |dst| stack.
  3700. * The source of each SCT will be set to |origin|.
  3701. * If |dst| points to a NULL pointer, a new stack will be created and owned by
  3702. * the caller.
  3703. * Returns the number of SCTs moved, or a negative integer if an error occurs.
  3704. */
  3705. static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
  3706. sct_source_t origin)
  3707. {
  3708. int scts_moved = 0;
  3709. SCT *sct = NULL;
  3710. if (*dst == NULL) {
  3711. *dst = sk_SCT_new_null();
  3712. if (*dst == NULL) {
  3713. SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE);
  3714. goto err;
  3715. }
  3716. }
  3717. while ((sct = sk_SCT_pop(src)) != NULL) {
  3718. if (SCT_set_source(sct, origin) != 1)
  3719. goto err;
  3720. if (sk_SCT_push(*dst, sct) <= 0)
  3721. goto err;
  3722. scts_moved += 1;
  3723. }
  3724. return scts_moved;
  3725. err:
  3726. if (sct != NULL)
  3727. sk_SCT_push(src, sct); /* Put the SCT back */
  3728. return -1;
  3729. }
  3730. /*
  3731. * Look for data collected during ServerHello and parse if found.
  3732. * Returns the number of SCTs extracted.
  3733. */
  3734. static int ct_extract_tls_extension_scts(SSL *s)
  3735. {
  3736. int scts_extracted = 0;
  3737. if (s->ext.scts != NULL) {
  3738. const unsigned char *p = s->ext.scts;
  3739. STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
  3740. scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
  3741. SCT_LIST_free(scts);
  3742. }
  3743. return scts_extracted;
  3744. }
  3745. /*
  3746. * Checks for an OCSP response and then attempts to extract any SCTs found if it
  3747. * contains an SCT X509 extension. They will be stored in |s->scts|.
  3748. * Returns:
  3749. * - The number of SCTs extracted, assuming an OCSP response exists.
  3750. * - 0 if no OCSP response exists or it contains no SCTs.
  3751. * - A negative integer if an error occurs.
  3752. */
  3753. static int ct_extract_ocsp_response_scts(SSL *s)
  3754. {
  3755. # ifndef OPENSSL_NO_OCSP
  3756. int scts_extracted = 0;
  3757. const unsigned char *p;
  3758. OCSP_BASICRESP *br = NULL;
  3759. OCSP_RESPONSE *rsp = NULL;
  3760. STACK_OF(SCT) *scts = NULL;
  3761. int i;
  3762. if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
  3763. goto err;
  3764. p = s->ext.ocsp.resp;
  3765. rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
  3766. if (rsp == NULL)
  3767. goto err;
  3768. br = OCSP_response_get1_basic(rsp);
  3769. if (br == NULL)
  3770. goto err;
  3771. for (i = 0; i < OCSP_resp_count(br); ++i) {
  3772. OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
  3773. if (single == NULL)
  3774. continue;
  3775. scts =
  3776. OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
  3777. scts_extracted =
  3778. ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
  3779. if (scts_extracted < 0)
  3780. goto err;
  3781. }
  3782. err:
  3783. SCT_LIST_free(scts);
  3784. OCSP_BASICRESP_free(br);
  3785. OCSP_RESPONSE_free(rsp);
  3786. return scts_extracted;
  3787. # else
  3788. /* Behave as if no OCSP response exists */
  3789. return 0;
  3790. # endif
  3791. }
  3792. /*
  3793. * Attempts to extract SCTs from the peer certificate.
  3794. * Return the number of SCTs extracted, or a negative integer if an error
  3795. * occurs.
  3796. */
  3797. static int ct_extract_x509v3_extension_scts(SSL *s)
  3798. {
  3799. int scts_extracted = 0;
  3800. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  3801. if (cert != NULL) {
  3802. STACK_OF(SCT) *scts =
  3803. X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
  3804. scts_extracted =
  3805. ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
  3806. SCT_LIST_free(scts);
  3807. }
  3808. return scts_extracted;
  3809. }
  3810. /*
  3811. * Attempts to find all received SCTs by checking TLS extensions, the OCSP
  3812. * response (if it exists) and X509v3 extensions in the certificate.
  3813. * Returns NULL if an error occurs.
  3814. */
  3815. const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
  3816. {
  3817. if (!s->scts_parsed) {
  3818. if (ct_extract_tls_extension_scts(s) < 0 ||
  3819. ct_extract_ocsp_response_scts(s) < 0 ||
  3820. ct_extract_x509v3_extension_scts(s) < 0)
  3821. goto err;
  3822. s->scts_parsed = 1;
  3823. }
  3824. return s->scts;
  3825. err:
  3826. return NULL;
  3827. }
  3828. static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
  3829. const STACK_OF(SCT) *scts, void *unused_arg)
  3830. {
  3831. return 1;
  3832. }
  3833. static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
  3834. const STACK_OF(SCT) *scts, void *unused_arg)
  3835. {
  3836. int count = scts != NULL ? sk_SCT_num(scts) : 0;
  3837. int i;
  3838. for (i = 0; i < count; ++i) {
  3839. SCT *sct = sk_SCT_value(scts, i);
  3840. int status = SCT_get_validation_status(sct);
  3841. if (status == SCT_VALIDATION_STATUS_VALID)
  3842. return 1;
  3843. }
  3844. SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS);
  3845. return 0;
  3846. }
  3847. int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
  3848. void *arg)
  3849. {
  3850. /*
  3851. * Since code exists that uses the custom extension handler for CT, look
  3852. * for this and throw an error if they have already registered to use CT.
  3853. */
  3854. if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
  3855. TLSEXT_TYPE_signed_certificate_timestamp))
  3856. {
  3857. SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
  3858. SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  3859. return 0;
  3860. }
  3861. if (callback != NULL) {
  3862. /*
  3863. * If we are validating CT, then we MUST accept SCTs served via OCSP
  3864. */
  3865. if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
  3866. return 0;
  3867. }
  3868. s->ct_validation_callback = callback;
  3869. s->ct_validation_callback_arg = arg;
  3870. return 1;
  3871. }
  3872. int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
  3873. ssl_ct_validation_cb callback, void *arg)
  3874. {
  3875. /*
  3876. * Since code exists that uses the custom extension handler for CT, look for
  3877. * this and throw an error if they have already registered to use CT.
  3878. */
  3879. if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
  3880. TLSEXT_TYPE_signed_certificate_timestamp))
  3881. {
  3882. SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
  3883. SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  3884. return 0;
  3885. }
  3886. ctx->ct_validation_callback = callback;
  3887. ctx->ct_validation_callback_arg = arg;
  3888. return 1;
  3889. }
  3890. int SSL_ct_is_enabled(const SSL *s)
  3891. {
  3892. return s->ct_validation_callback != NULL;
  3893. }
  3894. int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
  3895. {
  3896. return ctx->ct_validation_callback != NULL;
  3897. }
  3898. int ssl_validate_ct(SSL *s)
  3899. {
  3900. int ret = 0;
  3901. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  3902. X509 *issuer;
  3903. SSL_DANE *dane = &s->dane;
  3904. CT_POLICY_EVAL_CTX *ctx = NULL;
  3905. const STACK_OF(SCT) *scts;
  3906. /*
  3907. * If no callback is set, the peer is anonymous, or its chain is invalid,
  3908. * skip SCT validation - just return success. Applications that continue
  3909. * handshakes without certificates, with unverified chains, or pinned leaf
  3910. * certificates are outside the scope of the WebPKI and CT.
  3911. *
  3912. * The above exclusions notwithstanding the vast majority of peers will
  3913. * have rather ordinary certificate chains validated by typical
  3914. * applications that perform certificate verification and therefore will
  3915. * process SCTs when enabled.
  3916. */
  3917. if (s->ct_validation_callback == NULL || cert == NULL ||
  3918. s->verify_result != X509_V_OK ||
  3919. s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
  3920. return 1;
  3921. /*
  3922. * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
  3923. * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2
  3924. */
  3925. if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
  3926. switch (dane->mtlsa->usage) {
  3927. case DANETLS_USAGE_DANE_TA:
  3928. case DANETLS_USAGE_DANE_EE:
  3929. return 1;
  3930. }
  3931. }
  3932. ctx = CT_POLICY_EVAL_CTX_new();
  3933. if (ctx == NULL) {
  3934. SSLerr(SSL_F_SSL_VALIDATE_CT, ERR_R_MALLOC_FAILURE);
  3935. goto end;
  3936. }
  3937. issuer = sk_X509_value(s->verified_chain, 1);
  3938. CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
  3939. CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
  3940. CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
  3941. CT_POLICY_EVAL_CTX_set_time(
  3942. ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
  3943. scts = SSL_get0_peer_scts(s);
  3944. /*
  3945. * This function returns success (> 0) only when all the SCTs are valid, 0
  3946. * when some are invalid, and < 0 on various internal errors (out of
  3947. * memory, etc.). Having some, or even all, invalid SCTs is not sufficient
  3948. * reason to abort the handshake, that decision is up to the callback.
  3949. * Therefore, we error out only in the unexpected case that the return
  3950. * value is negative.
  3951. *
  3952. * XXX: One might well argue that the return value of this function is an
  3953. * unfortunate design choice. Its job is only to determine the validation
  3954. * status of each of the provided SCTs. So long as it correctly separates
  3955. * the wheat from the chaff it should return success. Failure in this case
  3956. * ought to correspond to an inability to carry out its duties.
  3957. */
  3958. if (SCT_LIST_validate(scts, ctx) < 0) {
  3959. SSLerr(SSL_F_SSL_VALIDATE_CT, SSL_R_SCT_VERIFICATION_FAILED);
  3960. goto end;
  3961. }
  3962. ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
  3963. if (ret < 0)
  3964. ret = 0; /* This function returns 0 on failure */
  3965. end:
  3966. CT_POLICY_EVAL_CTX_free(ctx);
  3967. /*
  3968. * With SSL_VERIFY_NONE the session may be cached and re-used despite a
  3969. * failure return code here. Also the application may wish the complete
  3970. * the handshake, and then disconnect cleanly at a higher layer, after
  3971. * checking the verification status of the completed connection.
  3972. *
  3973. * We therefore force a certificate verification failure which will be
  3974. * visible via SSL_get_verify_result() and cached as part of any resumed
  3975. * session.
  3976. *
  3977. * Note: the permissive callback is for information gathering only, always
  3978. * returns success, and does not affect verification status. Only the
  3979. * strict callback or a custom application-specified callback can trigger
  3980. * connection failure or record a verification error.
  3981. */
  3982. if (ret <= 0)
  3983. s->verify_result = X509_V_ERR_NO_VALID_SCTS;
  3984. return ret;
  3985. }
  3986. int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
  3987. {
  3988. switch (validation_mode) {
  3989. default:
  3990. SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
  3991. return 0;
  3992. case SSL_CT_VALIDATION_PERMISSIVE:
  3993. return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
  3994. case SSL_CT_VALIDATION_STRICT:
  3995. return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
  3996. }
  3997. }
  3998. int SSL_enable_ct(SSL *s, int validation_mode)
  3999. {
  4000. switch (validation_mode) {
  4001. default:
  4002. SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
  4003. return 0;
  4004. case SSL_CT_VALIDATION_PERMISSIVE:
  4005. return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
  4006. case SSL_CT_VALIDATION_STRICT:
  4007. return SSL_set_ct_validation_callback(s, ct_strict, NULL);
  4008. }
  4009. }
  4010. int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
  4011. {
  4012. return CTLOG_STORE_load_default_file(ctx->ctlog_store);
  4013. }
  4014. int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
  4015. {
  4016. return CTLOG_STORE_load_file(ctx->ctlog_store, path);
  4017. }
  4018. void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
  4019. {
  4020. CTLOG_STORE_free(ctx->ctlog_store);
  4021. ctx->ctlog_store = logs;
  4022. }
  4023. const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
  4024. {
  4025. return ctx->ctlog_store;
  4026. }
  4027. #endif /* OPENSSL_NO_CT */
  4028. void SSL_CTX_set_early_cb(SSL_CTX *c, SSL_early_cb_fn cb, void *arg)
  4029. {
  4030. c->early_cb = cb;
  4031. c->early_cb_arg = arg;
  4032. }
  4033. int SSL_early_isv2(SSL *s)
  4034. {
  4035. if (s->clienthello == NULL)
  4036. return 0;
  4037. return s->clienthello->isv2;
  4038. }
  4039. unsigned int SSL_early_get0_legacy_version(SSL *s)
  4040. {
  4041. if (s->clienthello == NULL)
  4042. return 0;
  4043. return s->clienthello->legacy_version;
  4044. }
  4045. size_t SSL_early_get0_random(SSL *s, const unsigned char **out)
  4046. {
  4047. if (s->clienthello == NULL)
  4048. return 0;
  4049. if (out != NULL)
  4050. *out = s->clienthello->random;
  4051. return SSL3_RANDOM_SIZE;
  4052. }
  4053. size_t SSL_early_get0_session_id(SSL *s, const unsigned char **out)
  4054. {
  4055. if (s->clienthello == NULL)
  4056. return 0;
  4057. if (out != NULL)
  4058. *out = s->clienthello->session_id;
  4059. return s->clienthello->session_id_len;
  4060. }
  4061. size_t SSL_early_get0_ciphers(SSL *s, const unsigned char **out)
  4062. {
  4063. if (s->clienthello == NULL)
  4064. return 0;
  4065. if (out != NULL)
  4066. *out = PACKET_data(&s->clienthello->ciphersuites);
  4067. return PACKET_remaining(&s->clienthello->ciphersuites);
  4068. }
  4069. size_t SSL_early_get0_compression_methods(SSL *s, const unsigned char **out)
  4070. {
  4071. if (s->clienthello == NULL)
  4072. return 0;
  4073. if (out != NULL)
  4074. *out = s->clienthello->compressions;
  4075. return s->clienthello->compressions_len;
  4076. }
  4077. int SSL_early_get1_extensions_present(SSL *s, int **out, size_t *outlen)
  4078. {
  4079. RAW_EXTENSION *ext;
  4080. int *present;
  4081. size_t num = 0, i;
  4082. if (s->clienthello == NULL || out == NULL || outlen == NULL)
  4083. return 0;
  4084. for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
  4085. ext = s->clienthello->pre_proc_exts + i;
  4086. if (ext->present)
  4087. num++;
  4088. }
  4089. present = OPENSSL_malloc(sizeof(*present) * num);
  4090. if (present == NULL)
  4091. return 0;
  4092. for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
  4093. ext = s->clienthello->pre_proc_exts + i;
  4094. if (ext->present) {
  4095. if (ext->received_order >= num)
  4096. goto err;
  4097. present[ext->received_order] = ext->type;
  4098. }
  4099. }
  4100. *out = present;
  4101. *outlen = num;
  4102. return 1;
  4103. err:
  4104. OPENSSL_free(present);
  4105. return 0;
  4106. }
  4107. int SSL_early_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
  4108. size_t *outlen)
  4109. {
  4110. size_t i;
  4111. RAW_EXTENSION *r;
  4112. if (s->clienthello == NULL)
  4113. return 0;
  4114. for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) {
  4115. r = s->clienthello->pre_proc_exts + i;
  4116. if (r->present && r->type == type) {
  4117. if (out != NULL)
  4118. *out = PACKET_data(&r->data);
  4119. if (outlen != NULL)
  4120. *outlen = PACKET_remaining(&r->data);
  4121. return 1;
  4122. }
  4123. }
  4124. return 0;
  4125. }
  4126. int SSL_free_buffers(SSL *ssl)
  4127. {
  4128. RECORD_LAYER *rl = &ssl->rlayer;
  4129. if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
  4130. return 0;
  4131. RECORD_LAYER_release(rl);
  4132. return 1;
  4133. }
  4134. int SSL_alloc_buffers(SSL *ssl)
  4135. {
  4136. return ssl3_setup_buffers(ssl);
  4137. }
  4138. void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
  4139. {
  4140. ctx->keylog_callback = cb;
  4141. }
  4142. SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
  4143. {
  4144. return ctx->keylog_callback;
  4145. }
  4146. static int nss_keylog_int(const char *prefix,
  4147. SSL *ssl,
  4148. const uint8_t *parameter_1,
  4149. size_t parameter_1_len,
  4150. const uint8_t *parameter_2,
  4151. size_t parameter_2_len)
  4152. {
  4153. char *out = NULL;
  4154. char *cursor = NULL;
  4155. size_t out_len = 0;
  4156. size_t i;
  4157. size_t prefix_len;
  4158. if (ssl->ctx->keylog_callback == NULL) return 1;
  4159. /*
  4160. * Our output buffer will contain the following strings, rendered with
  4161. * space characters in between, terminated by a NULL character: first the
  4162. * prefix, then the first parameter, then the second parameter. The
  4163. * meaning of each parameter depends on the specific key material being
  4164. * logged. Note that the first and second parameters are encoded in
  4165. * hexadecimal, so we need a buffer that is twice their lengths.
  4166. */
  4167. prefix_len = strlen(prefix);
  4168. out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3;
  4169. if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
  4170. SSLerr(SSL_F_NSS_KEYLOG_INT, ERR_R_MALLOC_FAILURE);
  4171. return 0;
  4172. }
  4173. strcpy(cursor, prefix);
  4174. cursor += prefix_len;
  4175. *cursor++ = ' ';
  4176. for (i = 0; i < parameter_1_len; i++) {
  4177. sprintf(cursor, "%02x", parameter_1[i]);
  4178. cursor += 2;
  4179. }
  4180. *cursor++ = ' ';
  4181. for (i = 0; i < parameter_2_len; i++) {
  4182. sprintf(cursor, "%02x", parameter_2[i]);
  4183. cursor += 2;
  4184. }
  4185. *cursor = '\0';
  4186. ssl->ctx->keylog_callback(ssl, (const char *)out);
  4187. OPENSSL_free(out);
  4188. return 1;
  4189. }
  4190. int ssl_log_rsa_client_key_exchange(SSL *ssl,
  4191. const uint8_t *encrypted_premaster,
  4192. size_t encrypted_premaster_len,
  4193. const uint8_t *premaster,
  4194. size_t premaster_len)
  4195. {
  4196. if (encrypted_premaster_len < 8) {
  4197. SSLerr(SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
  4198. return 0;
  4199. }
  4200. /* We only want the first 8 bytes of the encrypted premaster as a tag. */
  4201. return nss_keylog_int("RSA",
  4202. ssl,
  4203. encrypted_premaster,
  4204. 8,
  4205. premaster,
  4206. premaster_len);
  4207. }
  4208. int ssl_log_secret(SSL *ssl,
  4209. const char *label,
  4210. const uint8_t *secret,
  4211. size_t secret_len)
  4212. {
  4213. return nss_keylog_int(label,
  4214. ssl,
  4215. ssl->s3->client_random,
  4216. SSL3_RANDOM_SIZE,
  4217. secret,
  4218. secret_len);
  4219. }
  4220. #define SSLV2_CIPHER_LEN 3
  4221. int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format,
  4222. int *al)
  4223. {
  4224. int n;
  4225. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  4226. if (PACKET_remaining(cipher_suites) == 0) {
  4227. SSLerr(SSL_F_SSL_CACHE_CIPHERLIST, SSL_R_NO_CIPHERS_SPECIFIED);
  4228. *al = SSL_AD_ILLEGAL_PARAMETER;
  4229. return 0;
  4230. }
  4231. if (PACKET_remaining(cipher_suites) % n != 0) {
  4232. SSLerr(SSL_F_SSL_CACHE_CIPHERLIST,
  4233. SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  4234. *al = SSL_AD_DECODE_ERROR;
  4235. return 0;
  4236. }
  4237. OPENSSL_free(s->s3->tmp.ciphers_raw);
  4238. s->s3->tmp.ciphers_raw = NULL;
  4239. s->s3->tmp.ciphers_rawlen = 0;
  4240. if (sslv2format) {
  4241. size_t numciphers = PACKET_remaining(cipher_suites) / n;
  4242. PACKET sslv2ciphers = *cipher_suites;
  4243. unsigned int leadbyte;
  4244. unsigned char *raw;
  4245. /*
  4246. * We store the raw ciphers list in SSLv3+ format so we need to do some
  4247. * preprocessing to convert the list first. If there are any SSLv2 only
  4248. * ciphersuites with a non-zero leading byte then we are going to
  4249. * slightly over allocate because we won't store those. But that isn't a
  4250. * problem.
  4251. */
  4252. raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
  4253. s->s3->tmp.ciphers_raw = raw;
  4254. if (raw == NULL) {
  4255. *al = SSL_AD_INTERNAL_ERROR;
  4256. goto err;
  4257. }
  4258. for (s->s3->tmp.ciphers_rawlen = 0;
  4259. PACKET_remaining(&sslv2ciphers) > 0;
  4260. raw += TLS_CIPHER_LEN) {
  4261. if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
  4262. || (leadbyte == 0
  4263. && !PACKET_copy_bytes(&sslv2ciphers, raw,
  4264. TLS_CIPHER_LEN))
  4265. || (leadbyte != 0
  4266. && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
  4267. *al = SSL_AD_DECODE_ERROR;
  4268. OPENSSL_free(s->s3->tmp.ciphers_raw);
  4269. s->s3->tmp.ciphers_raw = NULL;
  4270. s->s3->tmp.ciphers_rawlen = 0;
  4271. goto err;
  4272. }
  4273. if (leadbyte == 0)
  4274. s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN;
  4275. }
  4276. } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw,
  4277. &s->s3->tmp.ciphers_rawlen)) {
  4278. *al = SSL_AD_INTERNAL_ERROR;
  4279. goto err;
  4280. }
  4281. return 1;
  4282. err:
  4283. return 0;
  4284. }
  4285. int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
  4286. int isv2format, STACK_OF(SSL_CIPHER) **sk,
  4287. STACK_OF(SSL_CIPHER) **scsvs)
  4288. {
  4289. int alert;
  4290. PACKET pkt;
  4291. if (!PACKET_buf_init(&pkt, bytes, len))
  4292. return 0;
  4293. return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, &alert);
  4294. }
  4295. int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
  4296. STACK_OF(SSL_CIPHER) **skp,
  4297. STACK_OF(SSL_CIPHER) **scsvs_out,
  4298. int sslv2format, int *al)
  4299. {
  4300. const SSL_CIPHER *c;
  4301. STACK_OF(SSL_CIPHER) *sk = NULL;
  4302. STACK_OF(SSL_CIPHER) *scsvs = NULL;
  4303. int n;
  4304. /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
  4305. unsigned char cipher[SSLV2_CIPHER_LEN];
  4306. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  4307. if (PACKET_remaining(cipher_suites) == 0) {
  4308. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
  4309. *al = SSL_AD_ILLEGAL_PARAMETER;
  4310. return 0;
  4311. }
  4312. if (PACKET_remaining(cipher_suites) % n != 0) {
  4313. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,
  4314. SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  4315. *al = SSL_AD_DECODE_ERROR;
  4316. return 0;
  4317. }
  4318. sk = sk_SSL_CIPHER_new_null();
  4319. scsvs = sk_SSL_CIPHER_new_null();
  4320. if (sk == NULL || scsvs == NULL) {
  4321. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
  4322. *al = SSL_AD_INTERNAL_ERROR;
  4323. goto err;
  4324. }
  4325. while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
  4326. /*
  4327. * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
  4328. * first byte set to zero, while true SSLv2 ciphers have a non-zero
  4329. * first byte. We don't support any true SSLv2 ciphers, so skip them.
  4330. */
  4331. if (sslv2format && cipher[0] != '\0')
  4332. continue;
  4333. /* For SSLv2-compat, ignore leading 0-byte. */
  4334. c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
  4335. if (c != NULL) {
  4336. if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
  4337. (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
  4338. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
  4339. *al = SSL_AD_INTERNAL_ERROR;
  4340. goto err;
  4341. }
  4342. }
  4343. }
  4344. if (PACKET_remaining(cipher_suites) > 0) {
  4345. *al = SSL_AD_DECODE_ERROR;
  4346. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);
  4347. goto err;
  4348. }
  4349. if (skp != NULL)
  4350. *skp = sk;
  4351. else
  4352. sk_SSL_CIPHER_free(sk);
  4353. if (scsvs_out != NULL)
  4354. *scsvs_out = scsvs;
  4355. else
  4356. sk_SSL_CIPHER_free(scsvs);
  4357. return 1;
  4358. err:
  4359. sk_SSL_CIPHER_free(sk);
  4360. sk_SSL_CIPHER_free(scsvs);
  4361. return 0;
  4362. }
  4363. int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
  4364. {
  4365. ctx->max_early_data = max_early_data;
  4366. return 1;
  4367. }
  4368. uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
  4369. {
  4370. return ctx->max_early_data;
  4371. }
  4372. int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
  4373. {
  4374. s->max_early_data = max_early_data;
  4375. return 1;
  4376. }
  4377. uint32_t SSL_get_max_early_data(const SSL *s)
  4378. {
  4379. return s->max_early_data;
  4380. }
  4381. int ssl_randbytes(SSL *s, unsigned char *rnd, size_t size)
  4382. {
  4383. if (s->drbg != NULL)
  4384. return RAND_DRBG_generate(s->drbg, rnd, size, 0, NULL, 0);
  4385. return RAND_bytes(rnd, (int)size);
  4386. }