2
0

ssl_lib.c 151 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  4. * Copyright 2005 Nokia. All rights reserved.
  5. *
  6. * Licensed under the OpenSSL license (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include <stdio.h>
  12. #include "ssl_locl.h"
  13. #include <openssl/objects.h>
  14. #include <openssl/x509v3.h>
  15. #include <openssl/rand.h>
  16. #include <openssl/rand_drbg.h>
  17. #include <openssl/ocsp.h>
  18. #include <openssl/dh.h>
  19. #include <openssl/engine.h>
  20. #include <openssl/async.h>
  21. #include <openssl/ct.h>
  22. #include "internal/cryptlib.h"
  23. #include "internal/refcount.h"
  24. const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
  25. static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t)
  26. {
  27. (void)r;
  28. (void)s;
  29. (void)t;
  30. return ssl_undefined_function(ssl);
  31. }
  32. static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s,
  33. int t)
  34. {
  35. (void)r;
  36. (void)s;
  37. (void)t;
  38. return ssl_undefined_function(ssl);
  39. }
  40. static int ssl_undefined_function_3(SSL *ssl, unsigned char *r,
  41. unsigned char *s, size_t t, size_t *u)
  42. {
  43. (void)r;
  44. (void)s;
  45. (void)t;
  46. (void)u;
  47. return ssl_undefined_function(ssl);
  48. }
  49. static int ssl_undefined_function_4(SSL *ssl, int r)
  50. {
  51. (void)r;
  52. return ssl_undefined_function(ssl);
  53. }
  54. static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s,
  55. unsigned char *t)
  56. {
  57. (void)r;
  58. (void)s;
  59. (void)t;
  60. return ssl_undefined_function(ssl);
  61. }
  62. static int ssl_undefined_function_6(int r)
  63. {
  64. (void)r;
  65. return ssl_undefined_function(NULL);
  66. }
  67. static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s,
  68. const char *t, size_t u,
  69. const unsigned char *v, size_t w, int x)
  70. {
  71. (void)r;
  72. (void)s;
  73. (void)t;
  74. (void)u;
  75. (void)v;
  76. (void)w;
  77. (void)x;
  78. return ssl_undefined_function(ssl);
  79. }
  80. SSL3_ENC_METHOD ssl3_undef_enc_method = {
  81. ssl_undefined_function_1,
  82. ssl_undefined_function_2,
  83. ssl_undefined_function,
  84. ssl_undefined_function_3,
  85. ssl_undefined_function_4,
  86. ssl_undefined_function_5,
  87. NULL, /* client_finished_label */
  88. 0, /* client_finished_label_len */
  89. NULL, /* server_finished_label */
  90. 0, /* server_finished_label_len */
  91. ssl_undefined_function_6,
  92. ssl_undefined_function_7,
  93. };
  94. struct ssl_async_args {
  95. SSL *s;
  96. void *buf;
  97. size_t num;
  98. enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
  99. union {
  100. int (*func_read) (SSL *, void *, size_t, size_t *);
  101. int (*func_write) (SSL *, const void *, size_t, size_t *);
  102. int (*func_other) (SSL *);
  103. } f;
  104. };
  105. static const struct {
  106. uint8_t mtype;
  107. uint8_t ord;
  108. int nid;
  109. } dane_mds[] = {
  110. {
  111. DANETLS_MATCHING_FULL, 0, NID_undef
  112. },
  113. {
  114. DANETLS_MATCHING_2256, 1, NID_sha256
  115. },
  116. {
  117. DANETLS_MATCHING_2512, 2, NID_sha512
  118. },
  119. };
  120. static int dane_ctx_enable(struct dane_ctx_st *dctx)
  121. {
  122. const EVP_MD **mdevp;
  123. uint8_t *mdord;
  124. uint8_t mdmax = DANETLS_MATCHING_LAST;
  125. int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */
  126. size_t i;
  127. if (dctx->mdevp != NULL)
  128. return 1;
  129. mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
  130. mdord = OPENSSL_zalloc(n * sizeof(*mdord));
  131. if (mdord == NULL || mdevp == NULL) {
  132. OPENSSL_free(mdord);
  133. OPENSSL_free(mdevp);
  134. SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
  135. return 0;
  136. }
  137. /* Install default entries */
  138. for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
  139. const EVP_MD *md;
  140. if (dane_mds[i].nid == NID_undef ||
  141. (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
  142. continue;
  143. mdevp[dane_mds[i].mtype] = md;
  144. mdord[dane_mds[i].mtype] = dane_mds[i].ord;
  145. }
  146. dctx->mdevp = mdevp;
  147. dctx->mdord = mdord;
  148. dctx->mdmax = mdmax;
  149. return 1;
  150. }
  151. static void dane_ctx_final(struct dane_ctx_st *dctx)
  152. {
  153. OPENSSL_free(dctx->mdevp);
  154. dctx->mdevp = NULL;
  155. OPENSSL_free(dctx->mdord);
  156. dctx->mdord = NULL;
  157. dctx->mdmax = 0;
  158. }
  159. static void tlsa_free(danetls_record *t)
  160. {
  161. if (t == NULL)
  162. return;
  163. OPENSSL_free(t->data);
  164. EVP_PKEY_free(t->spki);
  165. OPENSSL_free(t);
  166. }
  167. static void dane_final(SSL_DANE *dane)
  168. {
  169. sk_danetls_record_pop_free(dane->trecs, tlsa_free);
  170. dane->trecs = NULL;
  171. sk_X509_pop_free(dane->certs, X509_free);
  172. dane->certs = NULL;
  173. X509_free(dane->mcert);
  174. dane->mcert = NULL;
  175. dane->mtlsa = NULL;
  176. dane->mdpth = -1;
  177. dane->pdpth = -1;
  178. }
  179. /*
  180. * dane_copy - Copy dane configuration, sans verification state.
  181. */
  182. static int ssl_dane_dup(SSL *to, SSL *from)
  183. {
  184. int num;
  185. int i;
  186. if (!DANETLS_ENABLED(&from->dane))
  187. return 1;
  188. num = sk_danetls_record_num(from->dane.trecs);
  189. dane_final(&to->dane);
  190. to->dane.flags = from->dane.flags;
  191. to->dane.dctx = &to->ctx->dane;
  192. to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
  193. if (to->dane.trecs == NULL) {
  194. SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
  195. return 0;
  196. }
  197. for (i = 0; i < num; ++i) {
  198. danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
  199. if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
  200. t->data, t->dlen) <= 0)
  201. return 0;
  202. }
  203. return 1;
  204. }
  205. static int dane_mtype_set(struct dane_ctx_st *dctx,
  206. const EVP_MD *md, uint8_t mtype, uint8_t ord)
  207. {
  208. int i;
  209. if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
  210. SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
  211. return 0;
  212. }
  213. if (mtype > dctx->mdmax) {
  214. const EVP_MD **mdevp;
  215. uint8_t *mdord;
  216. int n = ((int)mtype) + 1;
  217. mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
  218. if (mdevp == NULL) {
  219. SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
  220. return -1;
  221. }
  222. dctx->mdevp = mdevp;
  223. mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
  224. if (mdord == NULL) {
  225. SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
  226. return -1;
  227. }
  228. dctx->mdord = mdord;
  229. /* Zero-fill any gaps */
  230. for (i = dctx->mdmax + 1; i < mtype; ++i) {
  231. mdevp[i] = NULL;
  232. mdord[i] = 0;
  233. }
  234. dctx->mdmax = mtype;
  235. }
  236. dctx->mdevp[mtype] = md;
  237. /* Coerce ordinal of disabled matching types to 0 */
  238. dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
  239. return 1;
  240. }
  241. static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
  242. {
  243. if (mtype > dane->dctx->mdmax)
  244. return NULL;
  245. return dane->dctx->mdevp[mtype];
  246. }
  247. static int dane_tlsa_add(SSL_DANE *dane,
  248. uint8_t usage,
  249. uint8_t selector,
  250. uint8_t mtype, unsigned const char *data, size_t dlen)
  251. {
  252. danetls_record *t;
  253. const EVP_MD *md = NULL;
  254. int ilen = (int)dlen;
  255. int i;
  256. int num;
  257. if (dane->trecs == NULL) {
  258. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
  259. return -1;
  260. }
  261. if (ilen < 0 || dlen != (size_t)ilen) {
  262. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
  263. return 0;
  264. }
  265. if (usage > DANETLS_USAGE_LAST) {
  266. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
  267. return 0;
  268. }
  269. if (selector > DANETLS_SELECTOR_LAST) {
  270. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);
  271. return 0;
  272. }
  273. if (mtype != DANETLS_MATCHING_FULL) {
  274. md = tlsa_md_get(dane, mtype);
  275. if (md == NULL) {
  276. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
  277. return 0;
  278. }
  279. }
  280. if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
  281. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
  282. return 0;
  283. }
  284. if (!data) {
  285. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);
  286. return 0;
  287. }
  288. if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
  289. SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
  290. return -1;
  291. }
  292. t->usage = usage;
  293. t->selector = selector;
  294. t->mtype = mtype;
  295. t->data = OPENSSL_malloc(dlen);
  296. if (t->data == NULL) {
  297. tlsa_free(t);
  298. SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
  299. return -1;
  300. }
  301. memcpy(t->data, data, dlen);
  302. t->dlen = dlen;
  303. /* Validate and cache full certificate or public key */
  304. if (mtype == DANETLS_MATCHING_FULL) {
  305. const unsigned char *p = data;
  306. X509 *cert = NULL;
  307. EVP_PKEY *pkey = NULL;
  308. switch (selector) {
  309. case DANETLS_SELECTOR_CERT:
  310. if (!d2i_X509(&cert, &p, ilen) || p < data ||
  311. dlen != (size_t)(p - data)) {
  312. tlsa_free(t);
  313. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  314. return 0;
  315. }
  316. if (X509_get0_pubkey(cert) == NULL) {
  317. tlsa_free(t);
  318. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  319. return 0;
  320. }
  321. if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
  322. X509_free(cert);
  323. break;
  324. }
  325. /*
  326. * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
  327. * records that contain full certificates of trust-anchors that are
  328. * not present in the wire chain. For usage PKIX-TA(0), we augment
  329. * the chain with untrusted Full(0) certificates from DNS, in case
  330. * they are missing from the chain.
  331. */
  332. if ((dane->certs == NULL &&
  333. (dane->certs = sk_X509_new_null()) == NULL) ||
  334. !sk_X509_push(dane->certs, cert)) {
  335. SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
  336. X509_free(cert);
  337. tlsa_free(t);
  338. return -1;
  339. }
  340. break;
  341. case DANETLS_SELECTOR_SPKI:
  342. if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
  343. dlen != (size_t)(p - data)) {
  344. tlsa_free(t);
  345. SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
  346. return 0;
  347. }
  348. /*
  349. * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
  350. * records that contain full bare keys of trust-anchors that are
  351. * not present in the wire chain.
  352. */
  353. if (usage == DANETLS_USAGE_DANE_TA)
  354. t->spki = pkey;
  355. else
  356. EVP_PKEY_free(pkey);
  357. break;
  358. }
  359. }
  360. /*-
  361. * Find the right insertion point for the new record.
  362. *
  363. * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that
  364. * they can be processed first, as they require no chain building, and no
  365. * expiration or hostname checks. Because DANE-EE(3) is numerically
  366. * largest, this is accomplished via descending sort by "usage".
  367. *
  368. * We also sort in descending order by matching ordinal to simplify
  369. * the implementation of digest agility in the verification code.
  370. *
  371. * The choice of order for the selector is not significant, so we
  372. * use the same descending order for consistency.
  373. */
  374. num = sk_danetls_record_num(dane->trecs);
  375. for (i = 0; i < num; ++i) {
  376. danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
  377. if (rec->usage > usage)
  378. continue;
  379. if (rec->usage < usage)
  380. break;
  381. if (rec->selector > selector)
  382. continue;
  383. if (rec->selector < selector)
  384. break;
  385. if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
  386. continue;
  387. break;
  388. }
  389. if (!sk_danetls_record_insert(dane->trecs, t, i)) {
  390. tlsa_free(t);
  391. SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
  392. return -1;
  393. }
  394. dane->umask |= DANETLS_USAGE_BIT(usage);
  395. return 1;
  396. }
  397. /*
  398. * Return 0 if there is only one version configured and it was disabled
  399. * at configure time. Return 1 otherwise.
  400. */
  401. static int ssl_check_allowed_versions(int min_version, int max_version)
  402. {
  403. int minisdtls = 0, maxisdtls = 0;
  404. /* Figure out if we're doing DTLS versions or TLS versions */
  405. if (min_version == DTLS1_BAD_VER
  406. || min_version >> 8 == DTLS1_VERSION_MAJOR)
  407. minisdtls = 1;
  408. if (max_version == DTLS1_BAD_VER
  409. || max_version >> 8 == DTLS1_VERSION_MAJOR)
  410. maxisdtls = 1;
  411. /* A wildcard version of 0 could be DTLS or TLS. */
  412. if ((minisdtls && !maxisdtls && max_version != 0)
  413. || (maxisdtls && !minisdtls && min_version != 0)) {
  414. /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
  415. return 0;
  416. }
  417. if (minisdtls || maxisdtls) {
  418. /* Do DTLS version checks. */
  419. if (min_version == 0)
  420. /* Ignore DTLS1_BAD_VER */
  421. min_version = DTLS1_VERSION;
  422. if (max_version == 0)
  423. max_version = DTLS1_2_VERSION;
  424. #ifdef OPENSSL_NO_DTLS1_2
  425. if (max_version == DTLS1_2_VERSION)
  426. max_version = DTLS1_VERSION;
  427. #endif
  428. #ifdef OPENSSL_NO_DTLS1
  429. if (min_version == DTLS1_VERSION)
  430. min_version = DTLS1_2_VERSION;
  431. #endif
  432. /* Done massaging versions; do the check. */
  433. if (0
  434. #ifdef OPENSSL_NO_DTLS1
  435. || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
  436. && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
  437. #endif
  438. #ifdef OPENSSL_NO_DTLS1_2
  439. || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
  440. && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
  441. #endif
  442. )
  443. return 0;
  444. } else {
  445. /* Regular TLS version checks. */
  446. if (min_version == 0)
  447. min_version = SSL3_VERSION;
  448. if (max_version == 0)
  449. max_version = TLS1_3_VERSION;
  450. #ifdef OPENSSL_NO_TLS1_3
  451. if (max_version == TLS1_3_VERSION)
  452. max_version = TLS1_2_VERSION;
  453. #endif
  454. #ifdef OPENSSL_NO_TLS1_2
  455. if (max_version == TLS1_2_VERSION)
  456. max_version = TLS1_1_VERSION;
  457. #endif
  458. #ifdef OPENSSL_NO_TLS1_1
  459. if (max_version == TLS1_1_VERSION)
  460. max_version = TLS1_VERSION;
  461. #endif
  462. #ifdef OPENSSL_NO_TLS1
  463. if (max_version == TLS1_VERSION)
  464. max_version = SSL3_VERSION;
  465. #endif
  466. #ifdef OPENSSL_NO_SSL3
  467. if (min_version == SSL3_VERSION)
  468. min_version = TLS1_VERSION;
  469. #endif
  470. #ifdef OPENSSL_NO_TLS1
  471. if (min_version == TLS1_VERSION)
  472. min_version = TLS1_1_VERSION;
  473. #endif
  474. #ifdef OPENSSL_NO_TLS1_1
  475. if (min_version == TLS1_1_VERSION)
  476. min_version = TLS1_2_VERSION;
  477. #endif
  478. #ifdef OPENSSL_NO_TLS1_2
  479. if (min_version == TLS1_2_VERSION)
  480. min_version = TLS1_3_VERSION;
  481. #endif
  482. /* Done massaging versions; do the check. */
  483. if (0
  484. #ifdef OPENSSL_NO_SSL3
  485. || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
  486. #endif
  487. #ifdef OPENSSL_NO_TLS1
  488. || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
  489. #endif
  490. #ifdef OPENSSL_NO_TLS1_1
  491. || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
  492. #endif
  493. #ifdef OPENSSL_NO_TLS1_2
  494. || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
  495. #endif
  496. #ifdef OPENSSL_NO_TLS1_3
  497. || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
  498. #endif
  499. )
  500. return 0;
  501. }
  502. return 1;
  503. }
  504. static void clear_ciphers(SSL *s)
  505. {
  506. /* clear the current cipher */
  507. ssl_clear_cipher_ctx(s);
  508. ssl_clear_hash_ctx(&s->read_hash);
  509. ssl_clear_hash_ctx(&s->write_hash);
  510. }
  511. int SSL_clear(SSL *s)
  512. {
  513. if (s->method == NULL) {
  514. SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
  515. return 0;
  516. }
  517. if (ssl_clear_bad_session(s)) {
  518. SSL_SESSION_free(s->session);
  519. s->session = NULL;
  520. }
  521. SSL_SESSION_free(s->psksession);
  522. s->psksession = NULL;
  523. OPENSSL_free(s->psksession_id);
  524. s->psksession_id = NULL;
  525. s->psksession_id_len = 0;
  526. s->hello_retry_request = 0;
  527. s->sent_tickets = 0;
  528. s->error = 0;
  529. s->hit = 0;
  530. s->shutdown = 0;
  531. if (s->renegotiate) {
  532. SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
  533. return 0;
  534. }
  535. ossl_statem_clear(s);
  536. s->version = s->method->version;
  537. s->client_version = s->version;
  538. s->rwstate = SSL_NOTHING;
  539. BUF_MEM_free(s->init_buf);
  540. s->init_buf = NULL;
  541. clear_ciphers(s);
  542. s->first_packet = 0;
  543. s->key_update = SSL_KEY_UPDATE_NONE;
  544. EVP_MD_CTX_free(s->pha_dgst);
  545. s->pha_dgst = NULL;
  546. /* Reset DANE verification result state */
  547. s->dane.mdpth = -1;
  548. s->dane.pdpth = -1;
  549. X509_free(s->dane.mcert);
  550. s->dane.mcert = NULL;
  551. s->dane.mtlsa = NULL;
  552. /* Clear the verification result peername */
  553. X509_VERIFY_PARAM_move_peername(s->param, NULL);
  554. /*
  555. * Check to see if we were changed into a different method, if so, revert
  556. * back.
  557. */
  558. if (s->method != s->ctx->method) {
  559. s->method->ssl_free(s);
  560. s->method = s->ctx->method;
  561. if (!s->method->ssl_new(s))
  562. return 0;
  563. } else {
  564. if (!s->method->ssl_clear(s))
  565. return 0;
  566. }
  567. RECORD_LAYER_clear(&s->rlayer);
  568. return 1;
  569. }
  570. /** Used to change an SSL_CTXs default SSL method type */
  571. int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
  572. {
  573. STACK_OF(SSL_CIPHER) *sk;
  574. ctx->method = meth;
  575. sk = ssl_create_cipher_list(ctx->method,
  576. ctx->tls13_ciphersuites,
  577. &(ctx->cipher_list),
  578. &(ctx->cipher_list_by_id),
  579. SSL_DEFAULT_CIPHER_LIST, ctx->cert);
  580. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
  581. SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
  582. return 0;
  583. }
  584. return 1;
  585. }
  586. SSL *SSL_new(SSL_CTX *ctx)
  587. {
  588. SSL *s;
  589. if (ctx == NULL) {
  590. SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
  591. return NULL;
  592. }
  593. if (ctx->method == NULL) {
  594. SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
  595. return NULL;
  596. }
  597. s = OPENSSL_zalloc(sizeof(*s));
  598. if (s == NULL)
  599. goto err;
  600. s->references = 1;
  601. s->lock = CRYPTO_THREAD_lock_new();
  602. if (s->lock == NULL) {
  603. OPENSSL_free(s);
  604. s = NULL;
  605. goto err;
  606. }
  607. RECORD_LAYER_init(&s->rlayer, s);
  608. s->options = ctx->options;
  609. s->dane.flags = ctx->dane.flags;
  610. s->min_proto_version = ctx->min_proto_version;
  611. s->max_proto_version = ctx->max_proto_version;
  612. s->mode = ctx->mode;
  613. s->max_cert_list = ctx->max_cert_list;
  614. s->max_early_data = ctx->max_early_data;
  615. s->num_tickets = ctx->num_tickets;
  616. /* Shallow copy of the ciphersuites stack */
  617. s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
  618. if (s->tls13_ciphersuites == NULL)
  619. goto err;
  620. /*
  621. * Earlier library versions used to copy the pointer to the CERT, not
  622. * its contents; only when setting new parameters for the per-SSL
  623. * copy, ssl_cert_new would be called (and the direct reference to
  624. * the per-SSL_CTX settings would be lost, but those still were
  625. * indirectly accessed for various purposes, and for that reason they
  626. * used to be known as s->ctx->default_cert). Now we don't look at the
  627. * SSL_CTX's CERT after having duplicated it once.
  628. */
  629. s->cert = ssl_cert_dup(ctx->cert);
  630. if (s->cert == NULL)
  631. goto err;
  632. RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
  633. s->msg_callback = ctx->msg_callback;
  634. s->msg_callback_arg = ctx->msg_callback_arg;
  635. s->verify_mode = ctx->verify_mode;
  636. s->not_resumable_session_cb = ctx->not_resumable_session_cb;
  637. s->record_padding_cb = ctx->record_padding_cb;
  638. s->record_padding_arg = ctx->record_padding_arg;
  639. s->block_padding = ctx->block_padding;
  640. s->sid_ctx_length = ctx->sid_ctx_length;
  641. if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
  642. goto err;
  643. memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
  644. s->verify_callback = ctx->default_verify_callback;
  645. s->generate_session_id = ctx->generate_session_id;
  646. s->param = X509_VERIFY_PARAM_new();
  647. if (s->param == NULL)
  648. goto err;
  649. X509_VERIFY_PARAM_inherit(s->param, ctx->param);
  650. s->quiet_shutdown = ctx->quiet_shutdown;
  651. s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
  652. s->max_send_fragment = ctx->max_send_fragment;
  653. s->split_send_fragment = ctx->split_send_fragment;
  654. s->max_pipelines = ctx->max_pipelines;
  655. if (s->max_pipelines > 1)
  656. RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
  657. if (ctx->default_read_buf_len > 0)
  658. SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
  659. SSL_CTX_up_ref(ctx);
  660. s->ctx = ctx;
  661. s->ext.debug_cb = 0;
  662. s->ext.debug_arg = NULL;
  663. s->ext.ticket_expected = 0;
  664. s->ext.status_type = ctx->ext.status_type;
  665. s->ext.status_expected = 0;
  666. s->ext.ocsp.ids = NULL;
  667. s->ext.ocsp.exts = NULL;
  668. s->ext.ocsp.resp = NULL;
  669. s->ext.ocsp.resp_len = 0;
  670. SSL_CTX_up_ref(ctx);
  671. s->session_ctx = ctx;
  672. #ifndef OPENSSL_NO_EC
  673. if (ctx->ext.ecpointformats) {
  674. s->ext.ecpointformats =
  675. OPENSSL_memdup(ctx->ext.ecpointformats,
  676. ctx->ext.ecpointformats_len);
  677. if (!s->ext.ecpointformats)
  678. goto err;
  679. s->ext.ecpointformats_len =
  680. ctx->ext.ecpointformats_len;
  681. }
  682. if (ctx->ext.supportedgroups) {
  683. s->ext.supportedgroups =
  684. OPENSSL_memdup(ctx->ext.supportedgroups,
  685. ctx->ext.supportedgroups_len
  686. * sizeof(*ctx->ext.supportedgroups));
  687. if (!s->ext.supportedgroups)
  688. goto err;
  689. s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
  690. }
  691. #endif
  692. #ifndef OPENSSL_NO_NEXTPROTONEG
  693. s->ext.npn = NULL;
  694. #endif
  695. if (s->ctx->ext.alpn) {
  696. s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
  697. if (s->ext.alpn == NULL)
  698. goto err;
  699. memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
  700. s->ext.alpn_len = s->ctx->ext.alpn_len;
  701. }
  702. s->verified_chain = NULL;
  703. s->verify_result = X509_V_OK;
  704. s->default_passwd_callback = ctx->default_passwd_callback;
  705. s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
  706. s->method = ctx->method;
  707. s->key_update = SSL_KEY_UPDATE_NONE;
  708. if (!s->method->ssl_new(s))
  709. goto err;
  710. s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
  711. if (!SSL_clear(s))
  712. goto err;
  713. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
  714. goto err;
  715. #ifndef OPENSSL_NO_PSK
  716. s->psk_client_callback = ctx->psk_client_callback;
  717. s->psk_server_callback = ctx->psk_server_callback;
  718. #endif
  719. s->psk_find_session_cb = ctx->psk_find_session_cb;
  720. s->psk_use_session_cb = ctx->psk_use_session_cb;
  721. s->job = NULL;
  722. #ifndef OPENSSL_NO_CT
  723. if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
  724. ctx->ct_validation_callback_arg))
  725. goto err;
  726. #endif
  727. return s;
  728. err:
  729. SSL_free(s);
  730. SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
  731. return NULL;
  732. }
  733. int SSL_is_dtls(const SSL *s)
  734. {
  735. return SSL_IS_DTLS(s) ? 1 : 0;
  736. }
  737. int SSL_up_ref(SSL *s)
  738. {
  739. int i;
  740. if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)
  741. return 0;
  742. REF_PRINT_COUNT("SSL", s);
  743. REF_ASSERT_ISNT(i < 2);
  744. return ((i > 1) ? 1 : 0);
  745. }
  746. int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
  747. unsigned int sid_ctx_len)
  748. {
  749. if (sid_ctx_len > sizeof(ctx->sid_ctx)) {
  750. SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
  751. SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  752. return 0;
  753. }
  754. ctx->sid_ctx_length = sid_ctx_len;
  755. memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
  756. return 1;
  757. }
  758. int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
  759. unsigned int sid_ctx_len)
  760. {
  761. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  762. SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
  763. SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  764. return 0;
  765. }
  766. ssl->sid_ctx_length = sid_ctx_len;
  767. memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
  768. return 1;
  769. }
  770. int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
  771. {
  772. CRYPTO_THREAD_write_lock(ctx->lock);
  773. ctx->generate_session_id = cb;
  774. CRYPTO_THREAD_unlock(ctx->lock);
  775. return 1;
  776. }
  777. int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
  778. {
  779. CRYPTO_THREAD_write_lock(ssl->lock);
  780. ssl->generate_session_id = cb;
  781. CRYPTO_THREAD_unlock(ssl->lock);
  782. return 1;
  783. }
  784. int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
  785. unsigned int id_len)
  786. {
  787. /*
  788. * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
  789. * we can "construct" a session to give us the desired check - i.e. to
  790. * find if there's a session in the hash table that would conflict with
  791. * any new session built out of this id/id_len and the ssl_version in use
  792. * by this SSL.
  793. */
  794. SSL_SESSION r, *p;
  795. if (id_len > sizeof(r.session_id))
  796. return 0;
  797. r.ssl_version = ssl->version;
  798. r.session_id_length = id_len;
  799. memcpy(r.session_id, id, id_len);
  800. CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
  801. p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
  802. CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
  803. return (p != NULL);
  804. }
  805. int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
  806. {
  807. return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
  808. }
  809. int SSL_set_purpose(SSL *s, int purpose)
  810. {
  811. return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
  812. }
  813. int SSL_CTX_set_trust(SSL_CTX *s, int trust)
  814. {
  815. return X509_VERIFY_PARAM_set_trust(s->param, trust);
  816. }
  817. int SSL_set_trust(SSL *s, int trust)
  818. {
  819. return X509_VERIFY_PARAM_set_trust(s->param, trust);
  820. }
  821. int SSL_set1_host(SSL *s, const char *hostname)
  822. {
  823. return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
  824. }
  825. int SSL_add1_host(SSL *s, const char *hostname)
  826. {
  827. return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
  828. }
  829. void SSL_set_hostflags(SSL *s, unsigned int flags)
  830. {
  831. X509_VERIFY_PARAM_set_hostflags(s->param, flags);
  832. }
  833. const char *SSL_get0_peername(SSL *s)
  834. {
  835. return X509_VERIFY_PARAM_get0_peername(s->param);
  836. }
  837. int SSL_CTX_dane_enable(SSL_CTX *ctx)
  838. {
  839. return dane_ctx_enable(&ctx->dane);
  840. }
  841. unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
  842. {
  843. unsigned long orig = ctx->dane.flags;
  844. ctx->dane.flags |= flags;
  845. return orig;
  846. }
  847. unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
  848. {
  849. unsigned long orig = ctx->dane.flags;
  850. ctx->dane.flags &= ~flags;
  851. return orig;
  852. }
  853. int SSL_dane_enable(SSL *s, const char *basedomain)
  854. {
  855. SSL_DANE *dane = &s->dane;
  856. if (s->ctx->dane.mdmax == 0) {
  857. SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
  858. return 0;
  859. }
  860. if (dane->trecs != NULL) {
  861. SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);
  862. return 0;
  863. }
  864. /*
  865. * Default SNI name. This rejects empty names, while set1_host below
  866. * accepts them and disables host name checks. To avoid side-effects with
  867. * invalid input, set the SNI name first.
  868. */
  869. if (s->ext.hostname == NULL) {
  870. if (!SSL_set_tlsext_host_name(s, basedomain)) {
  871. SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  872. return -1;
  873. }
  874. }
  875. /* Primary RFC6125 reference identifier */
  876. if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
  877. SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  878. return -1;
  879. }
  880. dane->mdpth = -1;
  881. dane->pdpth = -1;
  882. dane->dctx = &s->ctx->dane;
  883. dane->trecs = sk_danetls_record_new_null();
  884. if (dane->trecs == NULL) {
  885. SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);
  886. return -1;
  887. }
  888. return 1;
  889. }
  890. unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
  891. {
  892. unsigned long orig = ssl->dane.flags;
  893. ssl->dane.flags |= flags;
  894. return orig;
  895. }
  896. unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
  897. {
  898. unsigned long orig = ssl->dane.flags;
  899. ssl->dane.flags &= ~flags;
  900. return orig;
  901. }
  902. int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
  903. {
  904. SSL_DANE *dane = &s->dane;
  905. if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
  906. return -1;
  907. if (dane->mtlsa) {
  908. if (mcert)
  909. *mcert = dane->mcert;
  910. if (mspki)
  911. *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
  912. }
  913. return dane->mdpth;
  914. }
  915. int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
  916. uint8_t *mtype, unsigned const char **data, size_t *dlen)
  917. {
  918. SSL_DANE *dane = &s->dane;
  919. if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
  920. return -1;
  921. if (dane->mtlsa) {
  922. if (usage)
  923. *usage = dane->mtlsa->usage;
  924. if (selector)
  925. *selector = dane->mtlsa->selector;
  926. if (mtype)
  927. *mtype = dane->mtlsa->mtype;
  928. if (data)
  929. *data = dane->mtlsa->data;
  930. if (dlen)
  931. *dlen = dane->mtlsa->dlen;
  932. }
  933. return dane->mdpth;
  934. }
  935. SSL_DANE *SSL_get0_dane(SSL *s)
  936. {
  937. return &s->dane;
  938. }
  939. int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
  940. uint8_t mtype, unsigned const char *data, size_t dlen)
  941. {
  942. return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
  943. }
  944. int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
  945. uint8_t ord)
  946. {
  947. return dane_mtype_set(&ctx->dane, md, mtype, ord);
  948. }
  949. int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
  950. {
  951. return X509_VERIFY_PARAM_set1(ctx->param, vpm);
  952. }
  953. int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
  954. {
  955. return X509_VERIFY_PARAM_set1(ssl->param, vpm);
  956. }
  957. X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
  958. {
  959. return ctx->param;
  960. }
  961. X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
  962. {
  963. return ssl->param;
  964. }
  965. void SSL_certs_clear(SSL *s)
  966. {
  967. ssl_cert_clear_certs(s->cert);
  968. }
  969. void SSL_free(SSL *s)
  970. {
  971. int i;
  972. if (s == NULL)
  973. return;
  974. CRYPTO_DOWN_REF(&s->references, &i, s->lock);
  975. REF_PRINT_COUNT("SSL", s);
  976. if (i > 0)
  977. return;
  978. REF_ASSERT_ISNT(i < 0);
  979. X509_VERIFY_PARAM_free(s->param);
  980. dane_final(&s->dane);
  981. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
  982. /* Ignore return value */
  983. ssl_free_wbio_buffer(s);
  984. BIO_free_all(s->wbio);
  985. BIO_free_all(s->rbio);
  986. BUF_MEM_free(s->init_buf);
  987. /* add extra stuff */
  988. sk_SSL_CIPHER_free(s->cipher_list);
  989. sk_SSL_CIPHER_free(s->cipher_list_by_id);
  990. sk_SSL_CIPHER_free(s->tls13_ciphersuites);
  991. /* Make the next call work :-) */
  992. if (s->session != NULL) {
  993. ssl_clear_bad_session(s);
  994. SSL_SESSION_free(s->session);
  995. }
  996. SSL_SESSION_free(s->psksession);
  997. OPENSSL_free(s->psksession_id);
  998. clear_ciphers(s);
  999. ssl_cert_free(s->cert);
  1000. /* Free up if allocated */
  1001. OPENSSL_free(s->ext.hostname);
  1002. SSL_CTX_free(s->session_ctx);
  1003. #ifndef OPENSSL_NO_EC
  1004. OPENSSL_free(s->ext.ecpointformats);
  1005. OPENSSL_free(s->ext.supportedgroups);
  1006. #endif /* OPENSSL_NO_EC */
  1007. sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
  1008. #ifndef OPENSSL_NO_OCSP
  1009. sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
  1010. #endif
  1011. #ifndef OPENSSL_NO_CT
  1012. SCT_LIST_free(s->scts);
  1013. OPENSSL_free(s->ext.scts);
  1014. #endif
  1015. OPENSSL_free(s->ext.ocsp.resp);
  1016. OPENSSL_free(s->ext.alpn);
  1017. OPENSSL_free(s->ext.tls13_cookie);
  1018. OPENSSL_free(s->clienthello);
  1019. OPENSSL_free(s->pha_context);
  1020. EVP_MD_CTX_free(s->pha_dgst);
  1021. sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
  1022. sk_X509_pop_free(s->verified_chain, X509_free);
  1023. if (s->method != NULL)
  1024. s->method->ssl_free(s);
  1025. RECORD_LAYER_release(&s->rlayer);
  1026. SSL_CTX_free(s->ctx);
  1027. ASYNC_WAIT_CTX_free(s->waitctx);
  1028. #if !defined(OPENSSL_NO_NEXTPROTONEG)
  1029. OPENSSL_free(s->ext.npn);
  1030. #endif
  1031. #ifndef OPENSSL_NO_SRTP
  1032. sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
  1033. #endif
  1034. CRYPTO_THREAD_lock_free(s->lock);
  1035. OPENSSL_free(s);
  1036. }
  1037. void SSL_set0_rbio(SSL *s, BIO *rbio)
  1038. {
  1039. BIO_free_all(s->rbio);
  1040. s->rbio = rbio;
  1041. }
  1042. void SSL_set0_wbio(SSL *s, BIO *wbio)
  1043. {
  1044. /*
  1045. * If the output buffering BIO is still in place, remove it
  1046. */
  1047. if (s->bbio != NULL)
  1048. s->wbio = BIO_pop(s->wbio);
  1049. BIO_free_all(s->wbio);
  1050. s->wbio = wbio;
  1051. /* Re-attach |bbio| to the new |wbio|. */
  1052. if (s->bbio != NULL)
  1053. s->wbio = BIO_push(s->bbio, s->wbio);
  1054. }
  1055. void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
  1056. {
  1057. /*
  1058. * For historical reasons, this function has many different cases in
  1059. * ownership handling.
  1060. */
  1061. /* If nothing has changed, do nothing */
  1062. if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
  1063. return;
  1064. /*
  1065. * If the two arguments are equal then one fewer reference is granted by the
  1066. * caller than we want to take
  1067. */
  1068. if (rbio != NULL && rbio == wbio)
  1069. BIO_up_ref(rbio);
  1070. /*
  1071. * If only the wbio is changed only adopt one reference.
  1072. */
  1073. if (rbio == SSL_get_rbio(s)) {
  1074. SSL_set0_wbio(s, wbio);
  1075. return;
  1076. }
  1077. /*
  1078. * There is an asymmetry here for historical reasons. If only the rbio is
  1079. * changed AND the rbio and wbio were originally different, then we only
  1080. * adopt one reference.
  1081. */
  1082. if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
  1083. SSL_set0_rbio(s, rbio);
  1084. return;
  1085. }
  1086. /* Otherwise, adopt both references. */
  1087. SSL_set0_rbio(s, rbio);
  1088. SSL_set0_wbio(s, wbio);
  1089. }
  1090. BIO *SSL_get_rbio(const SSL *s)
  1091. {
  1092. return s->rbio;
  1093. }
  1094. BIO *SSL_get_wbio(const SSL *s)
  1095. {
  1096. if (s->bbio != NULL) {
  1097. /*
  1098. * If |bbio| is active, the true caller-configured BIO is its
  1099. * |next_bio|.
  1100. */
  1101. return BIO_next(s->bbio);
  1102. }
  1103. return s->wbio;
  1104. }
  1105. int SSL_get_fd(const SSL *s)
  1106. {
  1107. return SSL_get_rfd(s);
  1108. }
  1109. int SSL_get_rfd(const SSL *s)
  1110. {
  1111. int ret = -1;
  1112. BIO *b, *r;
  1113. b = SSL_get_rbio(s);
  1114. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1115. if (r != NULL)
  1116. BIO_get_fd(r, &ret);
  1117. return ret;
  1118. }
  1119. int SSL_get_wfd(const SSL *s)
  1120. {
  1121. int ret = -1;
  1122. BIO *b, *r;
  1123. b = SSL_get_wbio(s);
  1124. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1125. if (r != NULL)
  1126. BIO_get_fd(r, &ret);
  1127. return ret;
  1128. }
  1129. #ifndef OPENSSL_NO_SOCK
  1130. int SSL_set_fd(SSL *s, int fd)
  1131. {
  1132. int ret = 0;
  1133. BIO *bio = NULL;
  1134. bio = BIO_new(BIO_s_socket());
  1135. if (bio == NULL) {
  1136. SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
  1137. goto err;
  1138. }
  1139. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1140. SSL_set_bio(s, bio, bio);
  1141. ret = 1;
  1142. err:
  1143. return ret;
  1144. }
  1145. int SSL_set_wfd(SSL *s, int fd)
  1146. {
  1147. BIO *rbio = SSL_get_rbio(s);
  1148. if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
  1149. || (int)BIO_get_fd(rbio, NULL) != fd) {
  1150. BIO *bio = BIO_new(BIO_s_socket());
  1151. if (bio == NULL) {
  1152. SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
  1153. return 0;
  1154. }
  1155. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1156. SSL_set0_wbio(s, bio);
  1157. } else {
  1158. BIO_up_ref(rbio);
  1159. SSL_set0_wbio(s, rbio);
  1160. }
  1161. return 1;
  1162. }
  1163. int SSL_set_rfd(SSL *s, int fd)
  1164. {
  1165. BIO *wbio = SSL_get_wbio(s);
  1166. if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
  1167. || ((int)BIO_get_fd(wbio, NULL) != fd)) {
  1168. BIO *bio = BIO_new(BIO_s_socket());
  1169. if (bio == NULL) {
  1170. SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
  1171. return 0;
  1172. }
  1173. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1174. SSL_set0_rbio(s, bio);
  1175. } else {
  1176. BIO_up_ref(wbio);
  1177. SSL_set0_rbio(s, wbio);
  1178. }
  1179. return 1;
  1180. }
  1181. #endif
  1182. /* return length of latest Finished message we sent, copy to 'buf' */
  1183. size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
  1184. {
  1185. size_t ret = 0;
  1186. if (s->s3 != NULL) {
  1187. ret = s->s3->tmp.finish_md_len;
  1188. if (count > ret)
  1189. count = ret;
  1190. memcpy(buf, s->s3->tmp.finish_md, count);
  1191. }
  1192. return ret;
  1193. }
  1194. /* return length of latest Finished message we expected, copy to 'buf' */
  1195. size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
  1196. {
  1197. size_t ret = 0;
  1198. if (s->s3 != NULL) {
  1199. ret = s->s3->tmp.peer_finish_md_len;
  1200. if (count > ret)
  1201. count = ret;
  1202. memcpy(buf, s->s3->tmp.peer_finish_md, count);
  1203. }
  1204. return ret;
  1205. }
  1206. int SSL_get_verify_mode(const SSL *s)
  1207. {
  1208. return s->verify_mode;
  1209. }
  1210. int SSL_get_verify_depth(const SSL *s)
  1211. {
  1212. return X509_VERIFY_PARAM_get_depth(s->param);
  1213. }
  1214. int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
  1215. return s->verify_callback;
  1216. }
  1217. int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
  1218. {
  1219. return ctx->verify_mode;
  1220. }
  1221. int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
  1222. {
  1223. return X509_VERIFY_PARAM_get_depth(ctx->param);
  1224. }
  1225. int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
  1226. return ctx->default_verify_callback;
  1227. }
  1228. void SSL_set_verify(SSL *s, int mode,
  1229. int (*callback) (int ok, X509_STORE_CTX *ctx))
  1230. {
  1231. s->verify_mode = mode;
  1232. if (callback != NULL)
  1233. s->verify_callback = callback;
  1234. }
  1235. void SSL_set_verify_depth(SSL *s, int depth)
  1236. {
  1237. X509_VERIFY_PARAM_set_depth(s->param, depth);
  1238. }
  1239. void SSL_set_read_ahead(SSL *s, int yes)
  1240. {
  1241. RECORD_LAYER_set_read_ahead(&s->rlayer, yes);
  1242. }
  1243. int SSL_get_read_ahead(const SSL *s)
  1244. {
  1245. return RECORD_LAYER_get_read_ahead(&s->rlayer);
  1246. }
  1247. int SSL_pending(const SSL *s)
  1248. {
  1249. size_t pending = s->method->ssl_pending(s);
  1250. /*
  1251. * SSL_pending cannot work properly if read-ahead is enabled
  1252. * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
  1253. * impossible to fix since SSL_pending cannot report errors that may be
  1254. * observed while scanning the new data. (Note that SSL_pending() is
  1255. * often used as a boolean value, so we'd better not return -1.)
  1256. *
  1257. * SSL_pending also cannot work properly if the value >INT_MAX. In that case
  1258. * we just return INT_MAX.
  1259. */
  1260. return pending < INT_MAX ? (int)pending : INT_MAX;
  1261. }
  1262. int SSL_has_pending(const SSL *s)
  1263. {
  1264. /*
  1265. * Similar to SSL_pending() but returns a 1 to indicate that we have
  1266. * unprocessed data available or 0 otherwise (as opposed to the number of
  1267. * bytes available). Unlike SSL_pending() this will take into account
  1268. * read_ahead data. A 1 return simply indicates that we have unprocessed
  1269. * data. That data may not result in any application data, or we may fail
  1270. * to parse the records for some reason.
  1271. */
  1272. if (RECORD_LAYER_processed_read_pending(&s->rlayer))
  1273. return 1;
  1274. return RECORD_LAYER_read_pending(&s->rlayer);
  1275. }
  1276. X509 *SSL_get_peer_certificate(const SSL *s)
  1277. {
  1278. X509 *r;
  1279. if ((s == NULL) || (s->session == NULL))
  1280. r = NULL;
  1281. else
  1282. r = s->session->peer;
  1283. if (r == NULL)
  1284. return r;
  1285. X509_up_ref(r);
  1286. return r;
  1287. }
  1288. STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
  1289. {
  1290. STACK_OF(X509) *r;
  1291. if ((s == NULL) || (s->session == NULL))
  1292. r = NULL;
  1293. else
  1294. r = s->session->peer_chain;
  1295. /*
  1296. * If we are a client, cert_chain includes the peer's own certificate; if
  1297. * we are a server, it does not.
  1298. */
  1299. return r;
  1300. }
  1301. /*
  1302. * Now in theory, since the calling process own 't' it should be safe to
  1303. * modify. We need to be able to read f without being hassled
  1304. */
  1305. int SSL_copy_session_id(SSL *t, const SSL *f)
  1306. {
  1307. int i;
  1308. /* Do we need to to SSL locking? */
  1309. if (!SSL_set_session(t, SSL_get_session(f))) {
  1310. return 0;
  1311. }
  1312. /*
  1313. * what if we are setup for one protocol version but want to talk another
  1314. */
  1315. if (t->method != f->method) {
  1316. t->method->ssl_free(t);
  1317. t->method = f->method;
  1318. if (t->method->ssl_new(t) == 0)
  1319. return 0;
  1320. }
  1321. CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock);
  1322. ssl_cert_free(t->cert);
  1323. t->cert = f->cert;
  1324. if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) {
  1325. return 0;
  1326. }
  1327. return 1;
  1328. }
  1329. /* Fix this so it checks all the valid key/cert options */
  1330. int SSL_CTX_check_private_key(const SSL_CTX *ctx)
  1331. {
  1332. if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
  1333. SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1334. return 0;
  1335. }
  1336. if (ctx->cert->key->privatekey == NULL) {
  1337. SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1338. return 0;
  1339. }
  1340. return X509_check_private_key
  1341. (ctx->cert->key->x509, ctx->cert->key->privatekey);
  1342. }
  1343. /* Fix this function so that it takes an optional type parameter */
  1344. int SSL_check_private_key(const SSL *ssl)
  1345. {
  1346. if (ssl == NULL) {
  1347. SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
  1348. return 0;
  1349. }
  1350. if (ssl->cert->key->x509 == NULL) {
  1351. SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1352. return 0;
  1353. }
  1354. if (ssl->cert->key->privatekey == NULL) {
  1355. SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1356. return 0;
  1357. }
  1358. return X509_check_private_key(ssl->cert->key->x509,
  1359. ssl->cert->key->privatekey);
  1360. }
  1361. int SSL_waiting_for_async(SSL *s)
  1362. {
  1363. if (s->job)
  1364. return 1;
  1365. return 0;
  1366. }
  1367. int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
  1368. {
  1369. ASYNC_WAIT_CTX *ctx = s->waitctx;
  1370. if (ctx == NULL)
  1371. return 0;
  1372. return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
  1373. }
  1374. int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
  1375. OSSL_ASYNC_FD *delfd, size_t *numdelfds)
  1376. {
  1377. ASYNC_WAIT_CTX *ctx = s->waitctx;
  1378. if (ctx == NULL)
  1379. return 0;
  1380. return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
  1381. numdelfds);
  1382. }
  1383. int SSL_accept(SSL *s)
  1384. {
  1385. if (s->handshake_func == NULL) {
  1386. /* Not properly initialized yet */
  1387. SSL_set_accept_state(s);
  1388. }
  1389. return SSL_do_handshake(s);
  1390. }
  1391. int SSL_connect(SSL *s)
  1392. {
  1393. if (s->handshake_func == NULL) {
  1394. /* Not properly initialized yet */
  1395. SSL_set_connect_state(s);
  1396. }
  1397. return SSL_do_handshake(s);
  1398. }
  1399. long SSL_get_default_timeout(const SSL *s)
  1400. {
  1401. return s->method->get_timeout();
  1402. }
  1403. static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
  1404. int (*func) (void *))
  1405. {
  1406. int ret;
  1407. if (s->waitctx == NULL) {
  1408. s->waitctx = ASYNC_WAIT_CTX_new();
  1409. if (s->waitctx == NULL)
  1410. return -1;
  1411. }
  1412. switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
  1413. sizeof(struct ssl_async_args))) {
  1414. case ASYNC_ERR:
  1415. s->rwstate = SSL_NOTHING;
  1416. SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
  1417. return -1;
  1418. case ASYNC_PAUSE:
  1419. s->rwstate = SSL_ASYNC_PAUSED;
  1420. return -1;
  1421. case ASYNC_NO_JOBS:
  1422. s->rwstate = SSL_ASYNC_NO_JOBS;
  1423. return -1;
  1424. case ASYNC_FINISH:
  1425. s->job = NULL;
  1426. return ret;
  1427. default:
  1428. s->rwstate = SSL_NOTHING;
  1429. SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
  1430. /* Shouldn't happen */
  1431. return -1;
  1432. }
  1433. }
  1434. static int ssl_io_intern(void *vargs)
  1435. {
  1436. struct ssl_async_args *args;
  1437. SSL *s;
  1438. void *buf;
  1439. size_t num;
  1440. args = (struct ssl_async_args *)vargs;
  1441. s = args->s;
  1442. buf = args->buf;
  1443. num = args->num;
  1444. switch (args->type) {
  1445. case READFUNC:
  1446. return args->f.func_read(s, buf, num, &s->asyncrw);
  1447. case WRITEFUNC:
  1448. return args->f.func_write(s, buf, num, &s->asyncrw);
  1449. case OTHERFUNC:
  1450. return args->f.func_other(s);
  1451. }
  1452. return -1;
  1453. }
  1454. int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  1455. {
  1456. if (s->handshake_func == NULL) {
  1457. SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED);
  1458. return -1;
  1459. }
  1460. if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
  1461. s->rwstate = SSL_NOTHING;
  1462. return 0;
  1463. }
  1464. if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  1465. || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
  1466. SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1467. return 0;
  1468. }
  1469. /*
  1470. * If we are a client and haven't received the ServerHello etc then we
  1471. * better do that
  1472. */
  1473. ossl_statem_check_finish_init(s, 0);
  1474. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1475. struct ssl_async_args args;
  1476. int ret;
  1477. args.s = s;
  1478. args.buf = buf;
  1479. args.num = num;
  1480. args.type = READFUNC;
  1481. args.f.func_read = s->method->ssl_read;
  1482. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1483. *readbytes = s->asyncrw;
  1484. return ret;
  1485. } else {
  1486. return s->method->ssl_read(s, buf, num, readbytes);
  1487. }
  1488. }
  1489. int SSL_read(SSL *s, void *buf, int num)
  1490. {
  1491. int ret;
  1492. size_t readbytes;
  1493. if (num < 0) {
  1494. SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
  1495. return -1;
  1496. }
  1497. ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
  1498. /*
  1499. * The cast is safe here because ret should be <= INT_MAX because num is
  1500. * <= INT_MAX
  1501. */
  1502. if (ret > 0)
  1503. ret = (int)readbytes;
  1504. return ret;
  1505. }
  1506. int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  1507. {
  1508. int ret = ssl_read_internal(s, buf, num, readbytes);
  1509. if (ret < 0)
  1510. ret = 0;
  1511. return ret;
  1512. }
  1513. int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
  1514. {
  1515. int ret;
  1516. if (!s->server) {
  1517. SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1518. return SSL_READ_EARLY_DATA_ERROR;
  1519. }
  1520. switch (s->early_data_state) {
  1521. case SSL_EARLY_DATA_NONE:
  1522. if (!SSL_in_before(s)) {
  1523. SSLerr(SSL_F_SSL_READ_EARLY_DATA,
  1524. ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1525. return SSL_READ_EARLY_DATA_ERROR;
  1526. }
  1527. /* fall through */
  1528. case SSL_EARLY_DATA_ACCEPT_RETRY:
  1529. s->early_data_state = SSL_EARLY_DATA_ACCEPTING;
  1530. ret = SSL_accept(s);
  1531. if (ret <= 0) {
  1532. /* NBIO or error */
  1533. s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
  1534. return SSL_READ_EARLY_DATA_ERROR;
  1535. }
  1536. /* fall through */
  1537. case SSL_EARLY_DATA_READ_RETRY:
  1538. if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
  1539. s->early_data_state = SSL_EARLY_DATA_READING;
  1540. ret = SSL_read_ex(s, buf, num, readbytes);
  1541. /*
  1542. * State machine will update early_data_state to
  1543. * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
  1544. * message
  1545. */
  1546. if (ret > 0 || (ret <= 0 && s->early_data_state
  1547. != SSL_EARLY_DATA_FINISHED_READING)) {
  1548. s->early_data_state = SSL_EARLY_DATA_READ_RETRY;
  1549. return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
  1550. : SSL_READ_EARLY_DATA_ERROR;
  1551. }
  1552. } else {
  1553. s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
  1554. }
  1555. *readbytes = 0;
  1556. return SSL_READ_EARLY_DATA_FINISH;
  1557. default:
  1558. SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1559. return SSL_READ_EARLY_DATA_ERROR;
  1560. }
  1561. }
  1562. int SSL_get_early_data_status(const SSL *s)
  1563. {
  1564. return s->ext.early_data;
  1565. }
  1566. static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  1567. {
  1568. if (s->handshake_func == NULL) {
  1569. SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED);
  1570. return -1;
  1571. }
  1572. if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
  1573. return 0;
  1574. }
  1575. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1576. struct ssl_async_args args;
  1577. int ret;
  1578. args.s = s;
  1579. args.buf = buf;
  1580. args.num = num;
  1581. args.type = READFUNC;
  1582. args.f.func_read = s->method->ssl_peek;
  1583. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1584. *readbytes = s->asyncrw;
  1585. return ret;
  1586. } else {
  1587. return s->method->ssl_peek(s, buf, num, readbytes);
  1588. }
  1589. }
  1590. int SSL_peek(SSL *s, void *buf, int num)
  1591. {
  1592. int ret;
  1593. size_t readbytes;
  1594. if (num < 0) {
  1595. SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
  1596. return -1;
  1597. }
  1598. ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
  1599. /*
  1600. * The cast is safe here because ret should be <= INT_MAX because num is
  1601. * <= INT_MAX
  1602. */
  1603. if (ret > 0)
  1604. ret = (int)readbytes;
  1605. return ret;
  1606. }
  1607. int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  1608. {
  1609. int ret = ssl_peek_internal(s, buf, num, readbytes);
  1610. if (ret < 0)
  1611. ret = 0;
  1612. return ret;
  1613. }
  1614. int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
  1615. {
  1616. if (s->handshake_func == NULL) {
  1617. SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED);
  1618. return -1;
  1619. }
  1620. if (s->shutdown & SSL_SENT_SHUTDOWN) {
  1621. s->rwstate = SSL_NOTHING;
  1622. SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN);
  1623. return -1;
  1624. }
  1625. if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  1626. || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
  1627. || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
  1628. SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1629. return 0;
  1630. }
  1631. /* If we are a client and haven't sent the Finished we better do that */
  1632. ossl_statem_check_finish_init(s, 1);
  1633. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1634. int ret;
  1635. struct ssl_async_args args;
  1636. args.s = s;
  1637. args.buf = (void *)buf;
  1638. args.num = num;
  1639. args.type = WRITEFUNC;
  1640. args.f.func_write = s->method->ssl_write;
  1641. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1642. *written = s->asyncrw;
  1643. return ret;
  1644. } else {
  1645. return s->method->ssl_write(s, buf, num, written);
  1646. }
  1647. }
  1648. int SSL_write(SSL *s, const void *buf, int num)
  1649. {
  1650. int ret;
  1651. size_t written;
  1652. if (num < 0) {
  1653. SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH);
  1654. return -1;
  1655. }
  1656. ret = ssl_write_internal(s, buf, (size_t)num, &written);
  1657. /*
  1658. * The cast is safe here because ret should be <= INT_MAX because num is
  1659. * <= INT_MAX
  1660. */
  1661. if (ret > 0)
  1662. ret = (int)written;
  1663. return ret;
  1664. }
  1665. int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
  1666. {
  1667. int ret = ssl_write_internal(s, buf, num, written);
  1668. if (ret < 0)
  1669. ret = 0;
  1670. return ret;
  1671. }
  1672. int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
  1673. {
  1674. int ret, early_data_state;
  1675. size_t writtmp;
  1676. uint32_t partialwrite;
  1677. switch (s->early_data_state) {
  1678. case SSL_EARLY_DATA_NONE:
  1679. if (s->server
  1680. || !SSL_in_before(s)
  1681. || ((s->session == NULL || s->session->ext.max_early_data == 0)
  1682. && (s->psk_use_session_cb == NULL))) {
  1683. SSLerr(SSL_F_SSL_WRITE_EARLY_DATA,
  1684. ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1685. return 0;
  1686. }
  1687. /* fall through */
  1688. case SSL_EARLY_DATA_CONNECT_RETRY:
  1689. s->early_data_state = SSL_EARLY_DATA_CONNECTING;
  1690. ret = SSL_connect(s);
  1691. if (ret <= 0) {
  1692. /* NBIO or error */
  1693. s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
  1694. return 0;
  1695. }
  1696. /* fall through */
  1697. case SSL_EARLY_DATA_WRITE_RETRY:
  1698. s->early_data_state = SSL_EARLY_DATA_WRITING;
  1699. /*
  1700. * We disable partial write for early data because we don't keep track
  1701. * of how many bytes we've written between the SSL_write_ex() call and
  1702. * the flush if the flush needs to be retried)
  1703. */
  1704. partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
  1705. s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
  1706. ret = SSL_write_ex(s, buf, num, &writtmp);
  1707. s->mode |= partialwrite;
  1708. if (!ret) {
  1709. s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
  1710. return ret;
  1711. }
  1712. s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
  1713. /* fall through */
  1714. case SSL_EARLY_DATA_WRITE_FLUSH:
  1715. /* The buffering BIO is still in place so we need to flush it */
  1716. if (statem_flush(s) != 1)
  1717. return 0;
  1718. *written = num;
  1719. s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
  1720. return 1;
  1721. case SSL_EARLY_DATA_FINISHED_READING:
  1722. case SSL_EARLY_DATA_READ_RETRY:
  1723. early_data_state = s->early_data_state;
  1724. /* We are a server writing to an unauthenticated client */
  1725. s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
  1726. ret = SSL_write_ex(s, buf, num, written);
  1727. /* The buffering BIO is still in place */
  1728. if (ret)
  1729. (void)BIO_flush(s->wbio);
  1730. s->early_data_state = early_data_state;
  1731. return ret;
  1732. default:
  1733. SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1734. return 0;
  1735. }
  1736. }
  1737. int SSL_shutdown(SSL *s)
  1738. {
  1739. /*
  1740. * Note that this function behaves differently from what one might
  1741. * expect. Return values are 0 for no success (yet), 1 for success; but
  1742. * calling it once is usually not enough, even if blocking I/O is used
  1743. * (see ssl3_shutdown).
  1744. */
  1745. if (s->handshake_func == NULL) {
  1746. SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
  1747. return -1;
  1748. }
  1749. if (!SSL_in_init(s)) {
  1750. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1751. struct ssl_async_args args;
  1752. args.s = s;
  1753. args.type = OTHERFUNC;
  1754. args.f.func_other = s->method->ssl_shutdown;
  1755. return ssl_start_async_job(s, &args, ssl_io_intern);
  1756. } else {
  1757. return s->method->ssl_shutdown(s);
  1758. }
  1759. } else {
  1760. SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
  1761. return -1;
  1762. }
  1763. }
  1764. int SSL_key_update(SSL *s, int updatetype)
  1765. {
  1766. /*
  1767. * TODO(TLS1.3): How will applications know whether TLSv1.3 has been
  1768. * negotiated, and that it is appropriate to call SSL_key_update() instead
  1769. * of SSL_renegotiate().
  1770. */
  1771. if (!SSL_IS_TLS13(s)) {
  1772. SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION);
  1773. return 0;
  1774. }
  1775. if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
  1776. && updatetype != SSL_KEY_UPDATE_REQUESTED) {
  1777. SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE);
  1778. return 0;
  1779. }
  1780. if (!SSL_is_init_finished(s)) {
  1781. SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT);
  1782. return 0;
  1783. }
  1784. ossl_statem_set_in_init(s, 1);
  1785. s->key_update = updatetype;
  1786. return 1;
  1787. }
  1788. int SSL_get_key_update_type(SSL *s)
  1789. {
  1790. return s->key_update;
  1791. }
  1792. int SSL_renegotiate(SSL *s)
  1793. {
  1794. if (SSL_IS_TLS13(s)) {
  1795. SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION);
  1796. return 0;
  1797. }
  1798. if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
  1799. SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION);
  1800. return 0;
  1801. }
  1802. s->renegotiate = 1;
  1803. s->new_session = 1;
  1804. return s->method->ssl_renegotiate(s);
  1805. }
  1806. int SSL_renegotiate_abbreviated(SSL *s)
  1807. {
  1808. if (SSL_IS_TLS13(s)) {
  1809. SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION);
  1810. return 0;
  1811. }
  1812. if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
  1813. SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION);
  1814. return 0;
  1815. }
  1816. s->renegotiate = 1;
  1817. s->new_session = 0;
  1818. return s->method->ssl_renegotiate(s);
  1819. }
  1820. int SSL_renegotiate_pending(SSL *s)
  1821. {
  1822. /*
  1823. * becomes true when negotiation is requested; false again once a
  1824. * handshake has finished
  1825. */
  1826. return (s->renegotiate != 0);
  1827. }
  1828. long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
  1829. {
  1830. long l;
  1831. switch (cmd) {
  1832. case SSL_CTRL_GET_READ_AHEAD:
  1833. return RECORD_LAYER_get_read_ahead(&s->rlayer);
  1834. case SSL_CTRL_SET_READ_AHEAD:
  1835. l = RECORD_LAYER_get_read_ahead(&s->rlayer);
  1836. RECORD_LAYER_set_read_ahead(&s->rlayer, larg);
  1837. return l;
  1838. case SSL_CTRL_SET_MSG_CALLBACK_ARG:
  1839. s->msg_callback_arg = parg;
  1840. return 1;
  1841. case SSL_CTRL_MODE:
  1842. return (s->mode |= larg);
  1843. case SSL_CTRL_CLEAR_MODE:
  1844. return (s->mode &= ~larg);
  1845. case SSL_CTRL_GET_MAX_CERT_LIST:
  1846. return (long)s->max_cert_list;
  1847. case SSL_CTRL_SET_MAX_CERT_LIST:
  1848. if (larg < 0)
  1849. return 0;
  1850. l = (long)s->max_cert_list;
  1851. s->max_cert_list = (size_t)larg;
  1852. return l;
  1853. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  1854. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  1855. return 0;
  1856. s->max_send_fragment = larg;
  1857. if (s->max_send_fragment < s->split_send_fragment)
  1858. s->split_send_fragment = s->max_send_fragment;
  1859. return 1;
  1860. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  1861. if ((size_t)larg > s->max_send_fragment || larg == 0)
  1862. return 0;
  1863. s->split_send_fragment = larg;
  1864. return 1;
  1865. case SSL_CTRL_SET_MAX_PIPELINES:
  1866. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  1867. return 0;
  1868. s->max_pipelines = larg;
  1869. if (larg > 1)
  1870. RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
  1871. return 1;
  1872. case SSL_CTRL_GET_RI_SUPPORT:
  1873. if (s->s3)
  1874. return s->s3->send_connection_binding;
  1875. else
  1876. return 0;
  1877. case SSL_CTRL_CERT_FLAGS:
  1878. return (s->cert->cert_flags |= larg);
  1879. case SSL_CTRL_CLEAR_CERT_FLAGS:
  1880. return (s->cert->cert_flags &= ~larg);
  1881. case SSL_CTRL_GET_RAW_CIPHERLIST:
  1882. if (parg) {
  1883. if (s->s3->tmp.ciphers_raw == NULL)
  1884. return 0;
  1885. *(unsigned char **)parg = s->s3->tmp.ciphers_raw;
  1886. return (int)s->s3->tmp.ciphers_rawlen;
  1887. } else {
  1888. return TLS_CIPHER_LEN;
  1889. }
  1890. case SSL_CTRL_GET_EXTMS_SUPPORT:
  1891. if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
  1892. return -1;
  1893. if (s->session->flags & SSL_SESS_FLAG_EXTMS)
  1894. return 1;
  1895. else
  1896. return 0;
  1897. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  1898. return ssl_check_allowed_versions(larg, s->max_proto_version)
  1899. && ssl_set_version_bound(s->ctx->method->version, (int)larg,
  1900. &s->min_proto_version);
  1901. case SSL_CTRL_GET_MIN_PROTO_VERSION:
  1902. return s->min_proto_version;
  1903. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  1904. return ssl_check_allowed_versions(s->min_proto_version, larg)
  1905. && ssl_set_version_bound(s->ctx->method->version, (int)larg,
  1906. &s->max_proto_version);
  1907. case SSL_CTRL_GET_MAX_PROTO_VERSION:
  1908. return s->max_proto_version;
  1909. default:
  1910. return s->method->ssl_ctrl(s, cmd, larg, parg);
  1911. }
  1912. }
  1913. long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
  1914. {
  1915. switch (cmd) {
  1916. case SSL_CTRL_SET_MSG_CALLBACK:
  1917. s->msg_callback = (void (*)
  1918. (int write_p, int version, int content_type,
  1919. const void *buf, size_t len, SSL *ssl,
  1920. void *arg))(fp);
  1921. return 1;
  1922. default:
  1923. return s->method->ssl_callback_ctrl(s, cmd, fp);
  1924. }
  1925. }
  1926. LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
  1927. {
  1928. return ctx->sessions;
  1929. }
  1930. long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
  1931. {
  1932. long l;
  1933. int i;
  1934. /* For some cases with ctx == NULL perform syntax checks */
  1935. if (ctx == NULL) {
  1936. switch (cmd) {
  1937. #ifndef OPENSSL_NO_EC
  1938. case SSL_CTRL_SET_GROUPS_LIST:
  1939. return tls1_set_groups_list(NULL, NULL, parg);
  1940. #endif
  1941. case SSL_CTRL_SET_SIGALGS_LIST:
  1942. case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
  1943. return tls1_set_sigalgs_list(NULL, parg, 0);
  1944. default:
  1945. return 0;
  1946. }
  1947. }
  1948. switch (cmd) {
  1949. case SSL_CTRL_GET_READ_AHEAD:
  1950. return ctx->read_ahead;
  1951. case SSL_CTRL_SET_READ_AHEAD:
  1952. l = ctx->read_ahead;
  1953. ctx->read_ahead = larg;
  1954. return l;
  1955. case SSL_CTRL_SET_MSG_CALLBACK_ARG:
  1956. ctx->msg_callback_arg = parg;
  1957. return 1;
  1958. case SSL_CTRL_GET_MAX_CERT_LIST:
  1959. return (long)ctx->max_cert_list;
  1960. case SSL_CTRL_SET_MAX_CERT_LIST:
  1961. if (larg < 0)
  1962. return 0;
  1963. l = (long)ctx->max_cert_list;
  1964. ctx->max_cert_list = (size_t)larg;
  1965. return l;
  1966. case SSL_CTRL_SET_SESS_CACHE_SIZE:
  1967. if (larg < 0)
  1968. return 0;
  1969. l = (long)ctx->session_cache_size;
  1970. ctx->session_cache_size = (size_t)larg;
  1971. return l;
  1972. case SSL_CTRL_GET_SESS_CACHE_SIZE:
  1973. return (long)ctx->session_cache_size;
  1974. case SSL_CTRL_SET_SESS_CACHE_MODE:
  1975. l = ctx->session_cache_mode;
  1976. ctx->session_cache_mode = larg;
  1977. return l;
  1978. case SSL_CTRL_GET_SESS_CACHE_MODE:
  1979. return ctx->session_cache_mode;
  1980. case SSL_CTRL_SESS_NUMBER:
  1981. return lh_SSL_SESSION_num_items(ctx->sessions);
  1982. case SSL_CTRL_SESS_CONNECT:
  1983. return CRYPTO_atomic_read(&ctx->stats.sess_connect, &i, ctx->lock)
  1984. ? i : 0;
  1985. case SSL_CTRL_SESS_CONNECT_GOOD:
  1986. return CRYPTO_atomic_read(&ctx->stats.sess_connect_good, &i, ctx->lock)
  1987. ? i : 0;
  1988. case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
  1989. return CRYPTO_atomic_read(&ctx->stats.sess_connect_renegotiate, &i,
  1990. ctx->lock)
  1991. ? i : 0;
  1992. case SSL_CTRL_SESS_ACCEPT:
  1993. return CRYPTO_atomic_read(&ctx->stats.sess_accept, &i, ctx->lock)
  1994. ? i : 0;
  1995. case SSL_CTRL_SESS_ACCEPT_GOOD:
  1996. return CRYPTO_atomic_read(&ctx->stats.sess_accept_good, &i, ctx->lock)
  1997. ? i : 0;
  1998. case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
  1999. return CRYPTO_atomic_read(&ctx->stats.sess_accept_renegotiate, &i,
  2000. ctx->lock)
  2001. ? i : 0;
  2002. case SSL_CTRL_SESS_HIT:
  2003. return CRYPTO_atomic_read(&ctx->stats.sess_hit, &i, ctx->lock)
  2004. ? i : 0;
  2005. case SSL_CTRL_SESS_CB_HIT:
  2006. return CRYPTO_atomic_read(&ctx->stats.sess_cb_hit, &i, ctx->lock)
  2007. ? i : 0;
  2008. case SSL_CTRL_SESS_MISSES:
  2009. return CRYPTO_atomic_read(&ctx->stats.sess_miss, &i, ctx->lock)
  2010. ? i : 0;
  2011. case SSL_CTRL_SESS_TIMEOUTS:
  2012. return CRYPTO_atomic_read(&ctx->stats.sess_timeout, &i, ctx->lock)
  2013. ? i : 0;
  2014. case SSL_CTRL_SESS_CACHE_FULL:
  2015. return CRYPTO_atomic_read(&ctx->stats.sess_cache_full, &i, ctx->lock)
  2016. ? i : 0;
  2017. case SSL_CTRL_MODE:
  2018. return (ctx->mode |= larg);
  2019. case SSL_CTRL_CLEAR_MODE:
  2020. return (ctx->mode &= ~larg);
  2021. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  2022. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  2023. return 0;
  2024. ctx->max_send_fragment = larg;
  2025. if (ctx->max_send_fragment < ctx->split_send_fragment)
  2026. ctx->split_send_fragment = ctx->max_send_fragment;
  2027. return 1;
  2028. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  2029. if ((size_t)larg > ctx->max_send_fragment || larg == 0)
  2030. return 0;
  2031. ctx->split_send_fragment = larg;
  2032. return 1;
  2033. case SSL_CTRL_SET_MAX_PIPELINES:
  2034. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  2035. return 0;
  2036. ctx->max_pipelines = larg;
  2037. return 1;
  2038. case SSL_CTRL_CERT_FLAGS:
  2039. return (ctx->cert->cert_flags |= larg);
  2040. case SSL_CTRL_CLEAR_CERT_FLAGS:
  2041. return (ctx->cert->cert_flags &= ~larg);
  2042. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  2043. return ssl_check_allowed_versions(larg, ctx->max_proto_version)
  2044. && ssl_set_version_bound(ctx->method->version, (int)larg,
  2045. &ctx->min_proto_version);
  2046. case SSL_CTRL_GET_MIN_PROTO_VERSION:
  2047. return ctx->min_proto_version;
  2048. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  2049. return ssl_check_allowed_versions(ctx->min_proto_version, larg)
  2050. && ssl_set_version_bound(ctx->method->version, (int)larg,
  2051. &ctx->max_proto_version);
  2052. case SSL_CTRL_GET_MAX_PROTO_VERSION:
  2053. return ctx->max_proto_version;
  2054. default:
  2055. return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
  2056. }
  2057. }
  2058. long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
  2059. {
  2060. switch (cmd) {
  2061. case SSL_CTRL_SET_MSG_CALLBACK:
  2062. ctx->msg_callback = (void (*)
  2063. (int write_p, int version, int content_type,
  2064. const void *buf, size_t len, SSL *ssl,
  2065. void *arg))(fp);
  2066. return 1;
  2067. default:
  2068. return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
  2069. }
  2070. }
  2071. int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
  2072. {
  2073. if (a->id > b->id)
  2074. return 1;
  2075. if (a->id < b->id)
  2076. return -1;
  2077. return 0;
  2078. }
  2079. int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
  2080. const SSL_CIPHER *const *bp)
  2081. {
  2082. if ((*ap)->id > (*bp)->id)
  2083. return 1;
  2084. if ((*ap)->id < (*bp)->id)
  2085. return -1;
  2086. return 0;
  2087. }
  2088. /** return a STACK of the ciphers available for the SSL and in order of
  2089. * preference */
  2090. STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
  2091. {
  2092. if (s != NULL) {
  2093. if (s->cipher_list != NULL) {
  2094. return s->cipher_list;
  2095. } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
  2096. return s->ctx->cipher_list;
  2097. }
  2098. }
  2099. return NULL;
  2100. }
  2101. STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
  2102. {
  2103. if ((s == NULL) || (s->session == NULL) || !s->server)
  2104. return NULL;
  2105. return s->session->ciphers;
  2106. }
  2107. STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
  2108. {
  2109. STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
  2110. int i;
  2111. ciphers = SSL_get_ciphers(s);
  2112. if (!ciphers)
  2113. return NULL;
  2114. if (!ssl_set_client_disabled(s))
  2115. return NULL;
  2116. for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
  2117. const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
  2118. if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
  2119. if (!sk)
  2120. sk = sk_SSL_CIPHER_new_null();
  2121. if (!sk)
  2122. return NULL;
  2123. if (!sk_SSL_CIPHER_push(sk, c)) {
  2124. sk_SSL_CIPHER_free(sk);
  2125. return NULL;
  2126. }
  2127. }
  2128. }
  2129. return sk;
  2130. }
  2131. /** return a STACK of the ciphers available for the SSL and in order of
  2132. * algorithm id */
  2133. STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
  2134. {
  2135. if (s != NULL) {
  2136. if (s->cipher_list_by_id != NULL) {
  2137. return s->cipher_list_by_id;
  2138. } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
  2139. return s->ctx->cipher_list_by_id;
  2140. }
  2141. }
  2142. return NULL;
  2143. }
  2144. /** The old interface to get the same thing as SSL_get_ciphers() */
  2145. const char *SSL_get_cipher_list(const SSL *s, int n)
  2146. {
  2147. const SSL_CIPHER *c;
  2148. STACK_OF(SSL_CIPHER) *sk;
  2149. if (s == NULL)
  2150. return NULL;
  2151. sk = SSL_get_ciphers(s);
  2152. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
  2153. return NULL;
  2154. c = sk_SSL_CIPHER_value(sk, n);
  2155. if (c == NULL)
  2156. return NULL;
  2157. return c->name;
  2158. }
  2159. /** return a STACK of the ciphers available for the SSL_CTX and in order of
  2160. * preference */
  2161. STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
  2162. {
  2163. if (ctx != NULL)
  2164. return ctx->cipher_list;
  2165. return NULL;
  2166. }
  2167. /** specify the ciphers to be used by default by the SSL_CTX */
  2168. int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
  2169. {
  2170. STACK_OF(SSL_CIPHER) *sk;
  2171. sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites,
  2172. &ctx->cipher_list, &ctx->cipher_list_by_id, str,
  2173. ctx->cert);
  2174. /*
  2175. * ssl_create_cipher_list may return an empty stack if it was unable to
  2176. * find a cipher matching the given rule string (for example if the rule
  2177. * string specifies a cipher which has been disabled). This is not an
  2178. * error as far as ssl_create_cipher_list is concerned, and hence
  2179. * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
  2180. */
  2181. if (sk == NULL)
  2182. return 0;
  2183. else if (sk_SSL_CIPHER_num(sk) == 0) {
  2184. SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
  2185. return 0;
  2186. }
  2187. return 1;
  2188. }
  2189. /** specify the ciphers to be used by the SSL */
  2190. int SSL_set_cipher_list(SSL *s, const char *str)
  2191. {
  2192. STACK_OF(SSL_CIPHER) *sk;
  2193. sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites,
  2194. &s->cipher_list, &s->cipher_list_by_id, str,
  2195. s->cert);
  2196. /* see comment in SSL_CTX_set_cipher_list */
  2197. if (sk == NULL)
  2198. return 0;
  2199. else if (sk_SSL_CIPHER_num(sk) == 0) {
  2200. SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
  2201. return 0;
  2202. }
  2203. return 1;
  2204. }
  2205. char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
  2206. {
  2207. char *p;
  2208. STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
  2209. const SSL_CIPHER *c;
  2210. int i;
  2211. if (!s->server
  2212. || s->session == NULL
  2213. || s->session->ciphers == NULL
  2214. || size < 2)
  2215. return NULL;
  2216. p = buf;
  2217. clntsk = s->session->ciphers;
  2218. srvrsk = SSL_get_ciphers(s);
  2219. if (clntsk == NULL || srvrsk == NULL)
  2220. return NULL;
  2221. if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
  2222. return NULL;
  2223. for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
  2224. int n;
  2225. c = sk_SSL_CIPHER_value(clntsk, i);
  2226. if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
  2227. continue;
  2228. n = strlen(c->name);
  2229. if (n + 1 > size) {
  2230. if (p != buf)
  2231. --p;
  2232. *p = '\0';
  2233. return buf;
  2234. }
  2235. strcpy(p, c->name);
  2236. p += n;
  2237. *(p++) = ':';
  2238. size -= n + 1;
  2239. }
  2240. p[-1] = '\0';
  2241. return buf;
  2242. }
  2243. /** return a servername extension value if provided in Client Hello, or NULL.
  2244. * So far, only host_name types are defined (RFC 3546).
  2245. */
  2246. const char *SSL_get_servername(const SSL *s, const int type)
  2247. {
  2248. if (type != TLSEXT_NAMETYPE_host_name)
  2249. return NULL;
  2250. return s->session && !s->ext.hostname ?
  2251. s->session->ext.hostname : s->ext.hostname;
  2252. }
  2253. int SSL_get_servername_type(const SSL *s)
  2254. {
  2255. if (s->session
  2256. && (!s->ext.hostname ? s->session->
  2257. ext.hostname : s->ext.hostname))
  2258. return TLSEXT_NAMETYPE_host_name;
  2259. return -1;
  2260. }
  2261. /*
  2262. * SSL_select_next_proto implements the standard protocol selection. It is
  2263. * expected that this function is called from the callback set by
  2264. * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
  2265. * vector of 8-bit, length prefixed byte strings. The length byte itself is
  2266. * not included in the length. A byte string of length 0 is invalid. No byte
  2267. * string may be truncated. The current, but experimental algorithm for
  2268. * selecting the protocol is: 1) If the server doesn't support NPN then this
  2269. * is indicated to the callback. In this case, the client application has to
  2270. * abort the connection or have a default application level protocol. 2) If
  2271. * the server supports NPN, but advertises an empty list then the client
  2272. * selects the first protocol in its list, but indicates via the API that this
  2273. * fallback case was enacted. 3) Otherwise, the client finds the first
  2274. * protocol in the server's list that it supports and selects this protocol.
  2275. * This is because it's assumed that the server has better information about
  2276. * which protocol a client should use. 4) If the client doesn't support any
  2277. * of the server's advertised protocols, then this is treated the same as
  2278. * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
  2279. * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
  2280. */
  2281. int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
  2282. const unsigned char *server,
  2283. unsigned int server_len,
  2284. const unsigned char *client, unsigned int client_len)
  2285. {
  2286. unsigned int i, j;
  2287. const unsigned char *result;
  2288. int status = OPENSSL_NPN_UNSUPPORTED;
  2289. /*
  2290. * For each protocol in server preference order, see if we support it.
  2291. */
  2292. for (i = 0; i < server_len;) {
  2293. for (j = 0; j < client_len;) {
  2294. if (server[i] == client[j] &&
  2295. memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
  2296. /* We found a match */
  2297. result = &server[i];
  2298. status = OPENSSL_NPN_NEGOTIATED;
  2299. goto found;
  2300. }
  2301. j += client[j];
  2302. j++;
  2303. }
  2304. i += server[i];
  2305. i++;
  2306. }
  2307. /* There's no overlap between our protocols and the server's list. */
  2308. result = client;
  2309. status = OPENSSL_NPN_NO_OVERLAP;
  2310. found:
  2311. *out = (unsigned char *)result + 1;
  2312. *outlen = result[0];
  2313. return status;
  2314. }
  2315. #ifndef OPENSSL_NO_NEXTPROTONEG
  2316. /*
  2317. * SSL_get0_next_proto_negotiated sets *data and *len to point to the
  2318. * client's requested protocol for this connection and returns 0. If the
  2319. * client didn't request any protocol, then *data is set to NULL. Note that
  2320. * the client can request any protocol it chooses. The value returned from
  2321. * this function need not be a member of the list of supported protocols
  2322. * provided by the callback.
  2323. */
  2324. void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
  2325. unsigned *len)
  2326. {
  2327. *data = s->ext.npn;
  2328. if (!*data) {
  2329. *len = 0;
  2330. } else {
  2331. *len = (unsigned int)s->ext.npn_len;
  2332. }
  2333. }
  2334. /*
  2335. * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
  2336. * a TLS server needs a list of supported protocols for Next Protocol
  2337. * Negotiation. The returned list must be in wire format. The list is
  2338. * returned by setting |out| to point to it and |outlen| to its length. This
  2339. * memory will not be modified, but one should assume that the SSL* keeps a
  2340. * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
  2341. * wishes to advertise. Otherwise, no such extension will be included in the
  2342. * ServerHello.
  2343. */
  2344. void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
  2345. SSL_CTX_npn_advertised_cb_func cb,
  2346. void *arg)
  2347. {
  2348. ctx->ext.npn_advertised_cb = cb;
  2349. ctx->ext.npn_advertised_cb_arg = arg;
  2350. }
  2351. /*
  2352. * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
  2353. * client needs to select a protocol from the server's provided list. |out|
  2354. * must be set to point to the selected protocol (which may be within |in|).
  2355. * The length of the protocol name must be written into |outlen|. The
  2356. * server's advertised protocols are provided in |in| and |inlen|. The
  2357. * callback can assume that |in| is syntactically valid. The client must
  2358. * select a protocol. It is fatal to the connection if this callback returns
  2359. * a value other than SSL_TLSEXT_ERR_OK.
  2360. */
  2361. void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
  2362. SSL_CTX_npn_select_cb_func cb,
  2363. void *arg)
  2364. {
  2365. ctx->ext.npn_select_cb = cb;
  2366. ctx->ext.npn_select_cb_arg = arg;
  2367. }
  2368. #endif
  2369. /*
  2370. * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
  2371. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  2372. * length-prefixed strings). Returns 0 on success.
  2373. */
  2374. int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
  2375. unsigned int protos_len)
  2376. {
  2377. OPENSSL_free(ctx->ext.alpn);
  2378. ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
  2379. if (ctx->ext.alpn == NULL) {
  2380. SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
  2381. return 1;
  2382. }
  2383. ctx->ext.alpn_len = protos_len;
  2384. return 0;
  2385. }
  2386. /*
  2387. * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
  2388. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  2389. * length-prefixed strings). Returns 0 on success.
  2390. */
  2391. int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
  2392. unsigned int protos_len)
  2393. {
  2394. OPENSSL_free(ssl->ext.alpn);
  2395. ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
  2396. if (ssl->ext.alpn == NULL) {
  2397. SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
  2398. return 1;
  2399. }
  2400. ssl->ext.alpn_len = protos_len;
  2401. return 0;
  2402. }
  2403. /*
  2404. * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
  2405. * called during ClientHello processing in order to select an ALPN protocol
  2406. * from the client's list of offered protocols.
  2407. */
  2408. void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
  2409. SSL_CTX_alpn_select_cb_func cb,
  2410. void *arg)
  2411. {
  2412. ctx->ext.alpn_select_cb = cb;
  2413. ctx->ext.alpn_select_cb_arg = arg;
  2414. }
  2415. /*
  2416. * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
  2417. * On return it sets |*data| to point to |*len| bytes of protocol name
  2418. * (not including the leading length-prefix byte). If the server didn't
  2419. * respond with a negotiated protocol then |*len| will be zero.
  2420. */
  2421. void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
  2422. unsigned int *len)
  2423. {
  2424. *data = NULL;
  2425. if (ssl->s3)
  2426. *data = ssl->s3->alpn_selected;
  2427. if (*data == NULL)
  2428. *len = 0;
  2429. else
  2430. *len = (unsigned int)ssl->s3->alpn_selected_len;
  2431. }
  2432. int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
  2433. const char *label, size_t llen,
  2434. const unsigned char *context, size_t contextlen,
  2435. int use_context)
  2436. {
  2437. if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
  2438. return -1;
  2439. return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
  2440. llen, context,
  2441. contextlen, use_context);
  2442. }
  2443. int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
  2444. const char *label, size_t llen,
  2445. const unsigned char *context,
  2446. size_t contextlen)
  2447. {
  2448. if (s->version != TLS1_3_VERSION)
  2449. return 0;
  2450. return tls13_export_keying_material_early(s, out, olen, label, llen,
  2451. context, contextlen);
  2452. }
  2453. static unsigned long ssl_session_hash(const SSL_SESSION *a)
  2454. {
  2455. const unsigned char *session_id = a->session_id;
  2456. unsigned long l;
  2457. unsigned char tmp_storage[4];
  2458. if (a->session_id_length < sizeof(tmp_storage)) {
  2459. memset(tmp_storage, 0, sizeof(tmp_storage));
  2460. memcpy(tmp_storage, a->session_id, a->session_id_length);
  2461. session_id = tmp_storage;
  2462. }
  2463. l = (unsigned long)
  2464. ((unsigned long)session_id[0]) |
  2465. ((unsigned long)session_id[1] << 8L) |
  2466. ((unsigned long)session_id[2] << 16L) |
  2467. ((unsigned long)session_id[3] << 24L);
  2468. return l;
  2469. }
  2470. /*
  2471. * NB: If this function (or indeed the hash function which uses a sort of
  2472. * coarser function than this one) is changed, ensure
  2473. * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
  2474. * being able to construct an SSL_SESSION that will collide with any existing
  2475. * session with a matching session ID.
  2476. */
  2477. static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
  2478. {
  2479. if (a->ssl_version != b->ssl_version)
  2480. return 1;
  2481. if (a->session_id_length != b->session_id_length)
  2482. return 1;
  2483. return memcmp(a->session_id, b->session_id, a->session_id_length);
  2484. }
  2485. /*
  2486. * These wrapper functions should remain rather than redeclaring
  2487. * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
  2488. * variable. The reason is that the functions aren't static, they're exposed
  2489. * via ssl.h.
  2490. */
  2491. SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
  2492. {
  2493. SSL_CTX *ret = NULL;
  2494. if (meth == NULL) {
  2495. SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
  2496. return NULL;
  2497. }
  2498. if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
  2499. return NULL;
  2500. if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
  2501. SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
  2502. goto err;
  2503. }
  2504. ret = OPENSSL_zalloc(sizeof(*ret));
  2505. if (ret == NULL)
  2506. goto err;
  2507. ret->method = meth;
  2508. ret->min_proto_version = 0;
  2509. ret->max_proto_version = 0;
  2510. ret->mode = SSL_MODE_AUTO_RETRY;
  2511. ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
  2512. ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
  2513. /* We take the system default. */
  2514. ret->session_timeout = meth->get_timeout();
  2515. ret->references = 1;
  2516. ret->lock = CRYPTO_THREAD_lock_new();
  2517. if (ret->lock == NULL) {
  2518. SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
  2519. OPENSSL_free(ret);
  2520. return NULL;
  2521. }
  2522. ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
  2523. ret->verify_mode = SSL_VERIFY_NONE;
  2524. if ((ret->cert = ssl_cert_new()) == NULL)
  2525. goto err;
  2526. ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
  2527. if (ret->sessions == NULL)
  2528. goto err;
  2529. ret->cert_store = X509_STORE_new();
  2530. if (ret->cert_store == NULL)
  2531. goto err;
  2532. #ifndef OPENSSL_NO_CT
  2533. ret->ctlog_store = CTLOG_STORE_new();
  2534. if (ret->ctlog_store == NULL)
  2535. goto err;
  2536. #endif
  2537. if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES))
  2538. goto err;
  2539. if (!ssl_create_cipher_list(ret->method,
  2540. ret->tls13_ciphersuites,
  2541. &ret->cipher_list, &ret->cipher_list_by_id,
  2542. SSL_DEFAULT_CIPHER_LIST, ret->cert)
  2543. || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
  2544. SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
  2545. goto err2;
  2546. }
  2547. ret->param = X509_VERIFY_PARAM_new();
  2548. if (ret->param == NULL)
  2549. goto err;
  2550. if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
  2551. SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
  2552. goto err2;
  2553. }
  2554. if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
  2555. SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
  2556. goto err2;
  2557. }
  2558. if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
  2559. goto err;
  2560. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
  2561. goto err;
  2562. if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
  2563. goto err;
  2564. /* No compression for DTLS */
  2565. if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
  2566. ret->comp_methods = SSL_COMP_get_compression_methods();
  2567. ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  2568. ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  2569. /* Setup RFC5077 ticket keys */
  2570. if ((RAND_bytes(ret->ext.tick_key_name,
  2571. sizeof(ret->ext.tick_key_name)) <= 0)
  2572. || (RAND_priv_bytes(ret->ext.secure->tick_hmac_key,
  2573. sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
  2574. || (RAND_priv_bytes(ret->ext.secure->tick_aes_key,
  2575. sizeof(ret->ext.secure->tick_aes_key)) <= 0))
  2576. ret->options |= SSL_OP_NO_TICKET;
  2577. if (RAND_priv_bytes(ret->ext.cookie_hmac_key,
  2578. sizeof(ret->ext.cookie_hmac_key)) <= 0)
  2579. goto err;
  2580. #ifndef OPENSSL_NO_SRP
  2581. if (!SSL_CTX_SRP_CTX_init(ret))
  2582. goto err;
  2583. #endif
  2584. #ifndef OPENSSL_NO_ENGINE
  2585. # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
  2586. # define eng_strx(x) #x
  2587. # define eng_str(x) eng_strx(x)
  2588. /* Use specific client engine automatically... ignore errors */
  2589. {
  2590. ENGINE *eng;
  2591. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  2592. if (!eng) {
  2593. ERR_clear_error();
  2594. ENGINE_load_builtin_engines();
  2595. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  2596. }
  2597. if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
  2598. ERR_clear_error();
  2599. }
  2600. # endif
  2601. #endif
  2602. /*
  2603. * Default is to connect to non-RI servers. When RI is more widely
  2604. * deployed might change this.
  2605. */
  2606. ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
  2607. /*
  2608. * Disable compression by default to prevent CRIME. Applications can
  2609. * re-enable compression by configuring
  2610. * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
  2611. * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
  2612. * middlebox compatibility by default. This may be disabled by default in
  2613. * a later OpenSSL version.
  2614. */
  2615. ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
  2616. ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
  2617. /*
  2618. * We cannot usefully set a default max_early_data here (which gets
  2619. * propagated in SSL_new(), for the following reason: setting the
  2620. * SSL field causes tls_construct_stoc_early_data() to tell the
  2621. * client that early data will be accepted when constructing a TLS 1.3
  2622. * session ticket, and the client will accordingly send us early data
  2623. * when using that ticket (if the client has early data to send).
  2624. * However, in order for the early data to actually be consumed by
  2625. * the application, the application must also have calls to
  2626. * SSL_read_early_data(); otherwise we'll just skip past the early data
  2627. * and ignore it. So, since the application must add calls to
  2628. * SSL_read_early_data(), we also require them to add
  2629. * calls to SSL_CTX_set_max_early_data() in order to use early data,
  2630. * eliminating the bandwidth-wasting early data in the case described
  2631. * above.
  2632. */
  2633. ret->max_early_data = 0;
  2634. /* By default we send two session tickets automatically in TLSv1.3 */
  2635. ret->num_tickets = 2;
  2636. ssl_ctx_system_config(ret);
  2637. return ret;
  2638. err:
  2639. SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
  2640. err2:
  2641. SSL_CTX_free(ret);
  2642. return NULL;
  2643. }
  2644. int SSL_CTX_up_ref(SSL_CTX *ctx)
  2645. {
  2646. int i;
  2647. if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
  2648. return 0;
  2649. REF_PRINT_COUNT("SSL_CTX", ctx);
  2650. REF_ASSERT_ISNT(i < 2);
  2651. return ((i > 1) ? 1 : 0);
  2652. }
  2653. void SSL_CTX_free(SSL_CTX *a)
  2654. {
  2655. int i;
  2656. if (a == NULL)
  2657. return;
  2658. CRYPTO_DOWN_REF(&a->references, &i, a->lock);
  2659. REF_PRINT_COUNT("SSL_CTX", a);
  2660. if (i > 0)
  2661. return;
  2662. REF_ASSERT_ISNT(i < 0);
  2663. X509_VERIFY_PARAM_free(a->param);
  2664. dane_ctx_final(&a->dane);
  2665. /*
  2666. * Free internal session cache. However: the remove_cb() may reference
  2667. * the ex_data of SSL_CTX, thus the ex_data store can only be removed
  2668. * after the sessions were flushed.
  2669. * As the ex_data handling routines might also touch the session cache,
  2670. * the most secure solution seems to be: empty (flush) the cache, then
  2671. * free ex_data, then finally free the cache.
  2672. * (See ticket [openssl.org #212].)
  2673. */
  2674. if (a->sessions != NULL)
  2675. SSL_CTX_flush_sessions(a, 0);
  2676. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
  2677. lh_SSL_SESSION_free(a->sessions);
  2678. X509_STORE_free(a->cert_store);
  2679. #ifndef OPENSSL_NO_CT
  2680. CTLOG_STORE_free(a->ctlog_store);
  2681. #endif
  2682. sk_SSL_CIPHER_free(a->cipher_list);
  2683. sk_SSL_CIPHER_free(a->cipher_list_by_id);
  2684. sk_SSL_CIPHER_free(a->tls13_ciphersuites);
  2685. ssl_cert_free(a->cert);
  2686. sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
  2687. sk_X509_pop_free(a->extra_certs, X509_free);
  2688. a->comp_methods = NULL;
  2689. #ifndef OPENSSL_NO_SRTP
  2690. sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
  2691. #endif
  2692. #ifndef OPENSSL_NO_SRP
  2693. SSL_CTX_SRP_CTX_free(a);
  2694. #endif
  2695. #ifndef OPENSSL_NO_ENGINE
  2696. ENGINE_finish(a->client_cert_engine);
  2697. #endif
  2698. #ifndef OPENSSL_NO_EC
  2699. OPENSSL_free(a->ext.ecpointformats);
  2700. OPENSSL_free(a->ext.supportedgroups);
  2701. #endif
  2702. OPENSSL_free(a->ext.alpn);
  2703. OPENSSL_secure_free(a->ext.secure);
  2704. CRYPTO_THREAD_lock_free(a->lock);
  2705. OPENSSL_free(a);
  2706. }
  2707. void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
  2708. {
  2709. ctx->default_passwd_callback = cb;
  2710. }
  2711. void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
  2712. {
  2713. ctx->default_passwd_callback_userdata = u;
  2714. }
  2715. pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
  2716. {
  2717. return ctx->default_passwd_callback;
  2718. }
  2719. void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
  2720. {
  2721. return ctx->default_passwd_callback_userdata;
  2722. }
  2723. void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
  2724. {
  2725. s->default_passwd_callback = cb;
  2726. }
  2727. void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
  2728. {
  2729. s->default_passwd_callback_userdata = u;
  2730. }
  2731. pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
  2732. {
  2733. return s->default_passwd_callback;
  2734. }
  2735. void *SSL_get_default_passwd_cb_userdata(SSL *s)
  2736. {
  2737. return s->default_passwd_callback_userdata;
  2738. }
  2739. void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
  2740. int (*cb) (X509_STORE_CTX *, void *),
  2741. void *arg)
  2742. {
  2743. ctx->app_verify_callback = cb;
  2744. ctx->app_verify_arg = arg;
  2745. }
  2746. void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
  2747. int (*cb) (int, X509_STORE_CTX *))
  2748. {
  2749. ctx->verify_mode = mode;
  2750. ctx->default_verify_callback = cb;
  2751. }
  2752. void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
  2753. {
  2754. X509_VERIFY_PARAM_set_depth(ctx->param, depth);
  2755. }
  2756. void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
  2757. {
  2758. ssl_cert_set_cert_cb(c->cert, cb, arg);
  2759. }
  2760. void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
  2761. {
  2762. ssl_cert_set_cert_cb(s->cert, cb, arg);
  2763. }
  2764. void ssl_set_masks(SSL *s)
  2765. {
  2766. CERT *c = s->cert;
  2767. uint32_t *pvalid = s->s3->tmp.valid_flags;
  2768. int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
  2769. unsigned long mask_k, mask_a;
  2770. #ifndef OPENSSL_NO_EC
  2771. int have_ecc_cert, ecdsa_ok;
  2772. #endif
  2773. if (c == NULL)
  2774. return;
  2775. #ifndef OPENSSL_NO_DH
  2776. dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
  2777. #else
  2778. dh_tmp = 0;
  2779. #endif
  2780. rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  2781. rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  2782. dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
  2783. #ifndef OPENSSL_NO_EC
  2784. have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
  2785. #endif
  2786. mask_k = 0;
  2787. mask_a = 0;
  2788. #ifdef CIPHER_DEBUG
  2789. fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",
  2790. dh_tmp, rsa_enc, rsa_sign, dsa_sign);
  2791. #endif
  2792. #ifndef OPENSSL_NO_GOST
  2793. if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
  2794. mask_k |= SSL_kGOST;
  2795. mask_a |= SSL_aGOST12;
  2796. }
  2797. if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
  2798. mask_k |= SSL_kGOST;
  2799. mask_a |= SSL_aGOST12;
  2800. }
  2801. if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
  2802. mask_k |= SSL_kGOST;
  2803. mask_a |= SSL_aGOST01;
  2804. }
  2805. #endif
  2806. if (rsa_enc)
  2807. mask_k |= SSL_kRSA;
  2808. if (dh_tmp)
  2809. mask_k |= SSL_kDHE;
  2810. /*
  2811. * If we only have an RSA-PSS certificate allow RSA authentication
  2812. * if TLS 1.2 and peer supports it.
  2813. */
  2814. if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
  2815. && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
  2816. && TLS1_get_version(s) == TLS1_2_VERSION))
  2817. mask_a |= SSL_aRSA;
  2818. if (dsa_sign) {
  2819. mask_a |= SSL_aDSS;
  2820. }
  2821. mask_a |= SSL_aNULL;
  2822. /*
  2823. * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
  2824. * depending on the key usage extension.
  2825. */
  2826. #ifndef OPENSSL_NO_EC
  2827. if (have_ecc_cert) {
  2828. uint32_t ex_kusage;
  2829. ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
  2830. ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
  2831. if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
  2832. ecdsa_ok = 0;
  2833. if (ecdsa_ok)
  2834. mask_a |= SSL_aECDSA;
  2835. }
  2836. /* Allow Ed25519 for TLS 1.2 if peer supports it */
  2837. if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
  2838. && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
  2839. && TLS1_get_version(s) == TLS1_2_VERSION)
  2840. mask_a |= SSL_aECDSA;
  2841. /* Allow Ed448 for TLS 1.2 if peer supports it */
  2842. if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
  2843. && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
  2844. && TLS1_get_version(s) == TLS1_2_VERSION)
  2845. mask_a |= SSL_aECDSA;
  2846. #endif
  2847. #ifndef OPENSSL_NO_EC
  2848. mask_k |= SSL_kECDHE;
  2849. #endif
  2850. #ifndef OPENSSL_NO_PSK
  2851. mask_k |= SSL_kPSK;
  2852. mask_a |= SSL_aPSK;
  2853. if (mask_k & SSL_kRSA)
  2854. mask_k |= SSL_kRSAPSK;
  2855. if (mask_k & SSL_kDHE)
  2856. mask_k |= SSL_kDHEPSK;
  2857. if (mask_k & SSL_kECDHE)
  2858. mask_k |= SSL_kECDHEPSK;
  2859. #endif
  2860. s->s3->tmp.mask_k = mask_k;
  2861. s->s3->tmp.mask_a = mask_a;
  2862. }
  2863. #ifndef OPENSSL_NO_EC
  2864. int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
  2865. {
  2866. if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
  2867. /* key usage, if present, must allow signing */
  2868. if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
  2869. SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
  2870. SSL_R_ECC_CERT_NOT_FOR_SIGNING);
  2871. return 0;
  2872. }
  2873. }
  2874. return 1; /* all checks are ok */
  2875. }
  2876. #endif
  2877. int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
  2878. size_t *serverinfo_length)
  2879. {
  2880. CERT_PKEY *cpk = s->s3->tmp.cert;
  2881. *serverinfo_length = 0;
  2882. if (cpk == NULL || cpk->serverinfo == NULL)
  2883. return 0;
  2884. *serverinfo = cpk->serverinfo;
  2885. *serverinfo_length = cpk->serverinfo_length;
  2886. return 1;
  2887. }
  2888. void ssl_update_cache(SSL *s, int mode)
  2889. {
  2890. int i;
  2891. /*
  2892. * If the session_id_length is 0, we are not supposed to cache it, and it
  2893. * would be rather hard to do anyway :-)
  2894. */
  2895. if (s->session->session_id_length == 0)
  2896. return;
  2897. /*
  2898. * If sid_ctx_length is 0 there is no specific application context
  2899. * associated with this session, so when we try to resume it and
  2900. * SSL_VERIFY_PEER is requested to verify the client identity, we have no
  2901. * indication that this is actually a session for the proper application
  2902. * context, and the *handshake* will fail, not just the resumption attempt.
  2903. * Do not cache (on the server) these sessions that are not resumable
  2904. * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
  2905. */
  2906. if (s->server && s->session->sid_ctx_length == 0
  2907. && (s->verify_mode & SSL_VERIFY_PEER) != 0)
  2908. return;
  2909. i = s->session_ctx->session_cache_mode;
  2910. if ((i & mode) != 0
  2911. && (!s->hit || SSL_IS_TLS13(s))) {
  2912. /*
  2913. * Add the session to the internal cache. In server side TLSv1.3 we
  2914. * normally don't do this because its a full stateless ticket with only
  2915. * a dummy session id so there is no reason to cache it, unless:
  2916. * - we are doing early_data, in which case we cache so that we can
  2917. * detect replays
  2918. * - the application has set a remove_session_cb so needs to know about
  2919. * session timeout events
  2920. */
  2921. if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
  2922. && (!SSL_IS_TLS13(s)
  2923. || !s->server
  2924. || s->max_early_data > 0
  2925. || s->session_ctx->remove_session_cb != NULL))
  2926. SSL_CTX_add_session(s->session_ctx, s->session);
  2927. /*
  2928. * Add the session to the external cache. We do this even in server side
  2929. * TLSv1.3 without early data because some applications just want to
  2930. * know about the creation of a session and aren't doing a full cache.
  2931. */
  2932. if (s->session_ctx->new_session_cb != NULL) {
  2933. SSL_SESSION_up_ref(s->session);
  2934. if (!s->session_ctx->new_session_cb(s, s->session))
  2935. SSL_SESSION_free(s->session);
  2936. }
  2937. }
  2938. /* auto flush every 255 connections */
  2939. if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
  2940. int *stat, val;
  2941. if (mode & SSL_SESS_CACHE_CLIENT)
  2942. stat = &s->session_ctx->stats.sess_connect_good;
  2943. else
  2944. stat = &s->session_ctx->stats.sess_accept_good;
  2945. if (CRYPTO_atomic_read(stat, &val, s->session_ctx->lock)
  2946. && (val & 0xff) == 0xff)
  2947. SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
  2948. }
  2949. }
  2950. const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
  2951. {
  2952. return ctx->method;
  2953. }
  2954. const SSL_METHOD *SSL_get_ssl_method(SSL *s)
  2955. {
  2956. return s->method;
  2957. }
  2958. int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
  2959. {
  2960. int ret = 1;
  2961. if (s->method != meth) {
  2962. const SSL_METHOD *sm = s->method;
  2963. int (*hf) (SSL *) = s->handshake_func;
  2964. if (sm->version == meth->version)
  2965. s->method = meth;
  2966. else {
  2967. sm->ssl_free(s);
  2968. s->method = meth;
  2969. ret = s->method->ssl_new(s);
  2970. }
  2971. if (hf == sm->ssl_connect)
  2972. s->handshake_func = meth->ssl_connect;
  2973. else if (hf == sm->ssl_accept)
  2974. s->handshake_func = meth->ssl_accept;
  2975. }
  2976. return ret;
  2977. }
  2978. int SSL_get_error(const SSL *s, int i)
  2979. {
  2980. int reason;
  2981. unsigned long l;
  2982. BIO *bio;
  2983. if (i > 0)
  2984. return SSL_ERROR_NONE;
  2985. /*
  2986. * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
  2987. * where we do encode the error
  2988. */
  2989. if ((l = ERR_peek_error()) != 0) {
  2990. if (ERR_GET_LIB(l) == ERR_LIB_SYS)
  2991. return SSL_ERROR_SYSCALL;
  2992. else
  2993. return SSL_ERROR_SSL;
  2994. }
  2995. if (SSL_want_read(s)) {
  2996. bio = SSL_get_rbio(s);
  2997. if (BIO_should_read(bio))
  2998. return SSL_ERROR_WANT_READ;
  2999. else if (BIO_should_write(bio))
  3000. /*
  3001. * This one doesn't make too much sense ... We never try to write
  3002. * to the rbio, and an application program where rbio and wbio
  3003. * are separate couldn't even know what it should wait for.
  3004. * However if we ever set s->rwstate incorrectly (so that we have
  3005. * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
  3006. * wbio *are* the same, this test works around that bug; so it
  3007. * might be safer to keep it.
  3008. */
  3009. return SSL_ERROR_WANT_WRITE;
  3010. else if (BIO_should_io_special(bio)) {
  3011. reason = BIO_get_retry_reason(bio);
  3012. if (reason == BIO_RR_CONNECT)
  3013. return SSL_ERROR_WANT_CONNECT;
  3014. else if (reason == BIO_RR_ACCEPT)
  3015. return SSL_ERROR_WANT_ACCEPT;
  3016. else
  3017. return SSL_ERROR_SYSCALL; /* unknown */
  3018. }
  3019. }
  3020. if (SSL_want_write(s)) {
  3021. /* Access wbio directly - in order to use the buffered bio if present */
  3022. bio = s->wbio;
  3023. if (BIO_should_write(bio))
  3024. return SSL_ERROR_WANT_WRITE;
  3025. else if (BIO_should_read(bio))
  3026. /*
  3027. * See above (SSL_want_read(s) with BIO_should_write(bio))
  3028. */
  3029. return SSL_ERROR_WANT_READ;
  3030. else if (BIO_should_io_special(bio)) {
  3031. reason = BIO_get_retry_reason(bio);
  3032. if (reason == BIO_RR_CONNECT)
  3033. return SSL_ERROR_WANT_CONNECT;
  3034. else if (reason == BIO_RR_ACCEPT)
  3035. return SSL_ERROR_WANT_ACCEPT;
  3036. else
  3037. return SSL_ERROR_SYSCALL;
  3038. }
  3039. }
  3040. if (SSL_want_x509_lookup(s))
  3041. return SSL_ERROR_WANT_X509_LOOKUP;
  3042. if (SSL_want_async(s))
  3043. return SSL_ERROR_WANT_ASYNC;
  3044. if (SSL_want_async_job(s))
  3045. return SSL_ERROR_WANT_ASYNC_JOB;
  3046. if (SSL_want_client_hello_cb(s))
  3047. return SSL_ERROR_WANT_CLIENT_HELLO_CB;
  3048. if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
  3049. (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
  3050. return SSL_ERROR_ZERO_RETURN;
  3051. return SSL_ERROR_SYSCALL;
  3052. }
  3053. static int ssl_do_handshake_intern(void *vargs)
  3054. {
  3055. struct ssl_async_args *args;
  3056. SSL *s;
  3057. args = (struct ssl_async_args *)vargs;
  3058. s = args->s;
  3059. return s->handshake_func(s);
  3060. }
  3061. int SSL_do_handshake(SSL *s)
  3062. {
  3063. int ret = 1;
  3064. if (s->handshake_func == NULL) {
  3065. SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
  3066. return -1;
  3067. }
  3068. ossl_statem_check_finish_init(s, -1);
  3069. s->method->ssl_renegotiate_check(s, 0);
  3070. if (SSL_is_server(s)) {
  3071. /* clear SNI settings at server-side */
  3072. OPENSSL_free(s->ext.hostname);
  3073. s->ext.hostname = NULL;
  3074. }
  3075. if (SSL_in_init(s) || SSL_in_before(s)) {
  3076. if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  3077. struct ssl_async_args args;
  3078. args.s = s;
  3079. ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
  3080. } else {
  3081. ret = s->handshake_func(s);
  3082. }
  3083. }
  3084. return ret;
  3085. }
  3086. void SSL_set_accept_state(SSL *s)
  3087. {
  3088. s->server = 1;
  3089. s->shutdown = 0;
  3090. ossl_statem_clear(s);
  3091. s->handshake_func = s->method->ssl_accept;
  3092. clear_ciphers(s);
  3093. }
  3094. void SSL_set_connect_state(SSL *s)
  3095. {
  3096. s->server = 0;
  3097. s->shutdown = 0;
  3098. ossl_statem_clear(s);
  3099. s->handshake_func = s->method->ssl_connect;
  3100. clear_ciphers(s);
  3101. }
  3102. int ssl_undefined_function(SSL *s)
  3103. {
  3104. SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  3105. return 0;
  3106. }
  3107. int ssl_undefined_void_function(void)
  3108. {
  3109. SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
  3110. ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  3111. return 0;
  3112. }
  3113. int ssl_undefined_const_function(const SSL *s)
  3114. {
  3115. return 0;
  3116. }
  3117. const SSL_METHOD *ssl_bad_method(int ver)
  3118. {
  3119. SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  3120. return NULL;
  3121. }
  3122. const char *ssl_protocol_to_string(int version)
  3123. {
  3124. switch(version)
  3125. {
  3126. case TLS1_3_VERSION:
  3127. return "TLSv1.3";
  3128. case TLS1_2_VERSION:
  3129. return "TLSv1.2";
  3130. case TLS1_1_VERSION:
  3131. return "TLSv1.1";
  3132. case TLS1_VERSION:
  3133. return "TLSv1";
  3134. case SSL3_VERSION:
  3135. return "SSLv3";
  3136. case DTLS1_BAD_VER:
  3137. return "DTLSv0.9";
  3138. case DTLS1_VERSION:
  3139. return "DTLSv1";
  3140. case DTLS1_2_VERSION:
  3141. return "DTLSv1.2";
  3142. default:
  3143. return "unknown";
  3144. }
  3145. }
  3146. const char *SSL_get_version(const SSL *s)
  3147. {
  3148. return ssl_protocol_to_string(s->version);
  3149. }
  3150. SSL *SSL_dup(SSL *s)
  3151. {
  3152. STACK_OF(X509_NAME) *sk;
  3153. X509_NAME *xn;
  3154. SSL *ret;
  3155. int i;
  3156. /* If we're not quiescent, just up_ref! */
  3157. if (!SSL_in_init(s) || !SSL_in_before(s)) {
  3158. CRYPTO_UP_REF(&s->references, &i, s->lock);
  3159. return s;
  3160. }
  3161. /*
  3162. * Otherwise, copy configuration state, and session if set.
  3163. */
  3164. if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
  3165. return NULL;
  3166. if (s->session != NULL) {
  3167. /*
  3168. * Arranges to share the same session via up_ref. This "copies"
  3169. * session-id, SSL_METHOD, sid_ctx, and 'cert'
  3170. */
  3171. if (!SSL_copy_session_id(ret, s))
  3172. goto err;
  3173. } else {
  3174. /*
  3175. * No session has been established yet, so we have to expect that
  3176. * s->cert or ret->cert will be changed later -- they should not both
  3177. * point to the same object, and thus we can't use
  3178. * SSL_copy_session_id.
  3179. */
  3180. if (!SSL_set_ssl_method(ret, s->method))
  3181. goto err;
  3182. if (s->cert != NULL) {
  3183. ssl_cert_free(ret->cert);
  3184. ret->cert = ssl_cert_dup(s->cert);
  3185. if (ret->cert == NULL)
  3186. goto err;
  3187. }
  3188. if (!SSL_set_session_id_context(ret, s->sid_ctx,
  3189. (int)s->sid_ctx_length))
  3190. goto err;
  3191. }
  3192. if (!ssl_dane_dup(ret, s))
  3193. goto err;
  3194. ret->version = s->version;
  3195. ret->options = s->options;
  3196. ret->mode = s->mode;
  3197. SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
  3198. SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
  3199. ret->msg_callback = s->msg_callback;
  3200. ret->msg_callback_arg = s->msg_callback_arg;
  3201. SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
  3202. SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
  3203. ret->generate_session_id = s->generate_session_id;
  3204. SSL_set_info_callback(ret, SSL_get_info_callback(s));
  3205. /* copy app data, a little dangerous perhaps */
  3206. if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
  3207. goto err;
  3208. /* setup rbio, and wbio */
  3209. if (s->rbio != NULL) {
  3210. if (!BIO_dup_state(s->rbio, (char *)&ret->rbio))
  3211. goto err;
  3212. }
  3213. if (s->wbio != NULL) {
  3214. if (s->wbio != s->rbio) {
  3215. if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))
  3216. goto err;
  3217. } else {
  3218. BIO_up_ref(ret->rbio);
  3219. ret->wbio = ret->rbio;
  3220. }
  3221. }
  3222. ret->server = s->server;
  3223. if (s->handshake_func) {
  3224. if (s->server)
  3225. SSL_set_accept_state(ret);
  3226. else
  3227. SSL_set_connect_state(ret);
  3228. }
  3229. ret->shutdown = s->shutdown;
  3230. ret->hit = s->hit;
  3231. ret->default_passwd_callback = s->default_passwd_callback;
  3232. ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata;
  3233. X509_VERIFY_PARAM_inherit(ret->param, s->param);
  3234. /* dup the cipher_list and cipher_list_by_id stacks */
  3235. if (s->cipher_list != NULL) {
  3236. if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
  3237. goto err;
  3238. }
  3239. if (s->cipher_list_by_id != NULL)
  3240. if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
  3241. == NULL)
  3242. goto err;
  3243. /* Dup the client_CA list */
  3244. if (s->ca_names != NULL) {
  3245. if ((sk = sk_X509_NAME_dup(s->ca_names)) == NULL)
  3246. goto err;
  3247. ret->ca_names = sk;
  3248. for (i = 0; i < sk_X509_NAME_num(sk); i++) {
  3249. xn = sk_X509_NAME_value(sk, i);
  3250. if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
  3251. X509_NAME_free(xn);
  3252. goto err;
  3253. }
  3254. }
  3255. }
  3256. return ret;
  3257. err:
  3258. SSL_free(ret);
  3259. return NULL;
  3260. }
  3261. void ssl_clear_cipher_ctx(SSL *s)
  3262. {
  3263. if (s->enc_read_ctx != NULL) {
  3264. EVP_CIPHER_CTX_free(s->enc_read_ctx);
  3265. s->enc_read_ctx = NULL;
  3266. }
  3267. if (s->enc_write_ctx != NULL) {
  3268. EVP_CIPHER_CTX_free(s->enc_write_ctx);
  3269. s->enc_write_ctx = NULL;
  3270. }
  3271. #ifndef OPENSSL_NO_COMP
  3272. COMP_CTX_free(s->expand);
  3273. s->expand = NULL;
  3274. COMP_CTX_free(s->compress);
  3275. s->compress = NULL;
  3276. #endif
  3277. }
  3278. X509 *SSL_get_certificate(const SSL *s)
  3279. {
  3280. if (s->cert != NULL)
  3281. return s->cert->key->x509;
  3282. else
  3283. return NULL;
  3284. }
  3285. EVP_PKEY *SSL_get_privatekey(const SSL *s)
  3286. {
  3287. if (s->cert != NULL)
  3288. return s->cert->key->privatekey;
  3289. else
  3290. return NULL;
  3291. }
  3292. X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
  3293. {
  3294. if (ctx->cert != NULL)
  3295. return ctx->cert->key->x509;
  3296. else
  3297. return NULL;
  3298. }
  3299. EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
  3300. {
  3301. if (ctx->cert != NULL)
  3302. return ctx->cert->key->privatekey;
  3303. else
  3304. return NULL;
  3305. }
  3306. const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
  3307. {
  3308. if ((s->session != NULL) && (s->session->cipher != NULL))
  3309. return s->session->cipher;
  3310. return NULL;
  3311. }
  3312. const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
  3313. {
  3314. return s->s3->tmp.new_cipher;
  3315. }
  3316. const COMP_METHOD *SSL_get_current_compression(SSL *s)
  3317. {
  3318. #ifndef OPENSSL_NO_COMP
  3319. return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
  3320. #else
  3321. return NULL;
  3322. #endif
  3323. }
  3324. const COMP_METHOD *SSL_get_current_expansion(SSL *s)
  3325. {
  3326. #ifndef OPENSSL_NO_COMP
  3327. return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
  3328. #else
  3329. return NULL;
  3330. #endif
  3331. }
  3332. int ssl_init_wbio_buffer(SSL *s)
  3333. {
  3334. BIO *bbio;
  3335. if (s->bbio != NULL) {
  3336. /* Already buffered. */
  3337. return 1;
  3338. }
  3339. bbio = BIO_new(BIO_f_buffer());
  3340. if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
  3341. BIO_free(bbio);
  3342. SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
  3343. return 0;
  3344. }
  3345. s->bbio = bbio;
  3346. s->wbio = BIO_push(bbio, s->wbio);
  3347. return 1;
  3348. }
  3349. int ssl_free_wbio_buffer(SSL *s)
  3350. {
  3351. /* callers ensure s is never null */
  3352. if (s->bbio == NULL)
  3353. return 1;
  3354. s->wbio = BIO_pop(s->wbio);
  3355. BIO_free(s->bbio);
  3356. s->bbio = NULL;
  3357. return 1;
  3358. }
  3359. void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
  3360. {
  3361. ctx->quiet_shutdown = mode;
  3362. }
  3363. int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
  3364. {
  3365. return ctx->quiet_shutdown;
  3366. }
  3367. void SSL_set_quiet_shutdown(SSL *s, int mode)
  3368. {
  3369. s->quiet_shutdown = mode;
  3370. }
  3371. int SSL_get_quiet_shutdown(const SSL *s)
  3372. {
  3373. return s->quiet_shutdown;
  3374. }
  3375. void SSL_set_shutdown(SSL *s, int mode)
  3376. {
  3377. s->shutdown = mode;
  3378. }
  3379. int SSL_get_shutdown(const SSL *s)
  3380. {
  3381. return s->shutdown;
  3382. }
  3383. int SSL_version(const SSL *s)
  3384. {
  3385. return s->version;
  3386. }
  3387. int SSL_client_version(const SSL *s)
  3388. {
  3389. return s->client_version;
  3390. }
  3391. SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
  3392. {
  3393. return ssl->ctx;
  3394. }
  3395. SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
  3396. {
  3397. CERT *new_cert;
  3398. if (ssl->ctx == ctx)
  3399. return ssl->ctx;
  3400. if (ctx == NULL)
  3401. ctx = ssl->session_ctx;
  3402. new_cert = ssl_cert_dup(ctx->cert);
  3403. if (new_cert == NULL) {
  3404. return NULL;
  3405. }
  3406. if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) {
  3407. ssl_cert_free(new_cert);
  3408. return NULL;
  3409. }
  3410. ssl_cert_free(ssl->cert);
  3411. ssl->cert = new_cert;
  3412. /*
  3413. * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
  3414. * so setter APIs must prevent invalid lengths from entering the system.
  3415. */
  3416. if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)))
  3417. return NULL;
  3418. /*
  3419. * If the session ID context matches that of the parent SSL_CTX,
  3420. * inherit it from the new SSL_CTX as well. If however the context does
  3421. * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
  3422. * leave it unchanged.
  3423. */
  3424. if ((ssl->ctx != NULL) &&
  3425. (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
  3426. (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
  3427. ssl->sid_ctx_length = ctx->sid_ctx_length;
  3428. memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
  3429. }
  3430. SSL_CTX_up_ref(ctx);
  3431. SSL_CTX_free(ssl->ctx); /* decrement reference count */
  3432. ssl->ctx = ctx;
  3433. return ssl->ctx;
  3434. }
  3435. int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
  3436. {
  3437. return X509_STORE_set_default_paths(ctx->cert_store);
  3438. }
  3439. int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
  3440. {
  3441. X509_LOOKUP *lookup;
  3442. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
  3443. if (lookup == NULL)
  3444. return 0;
  3445. X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
  3446. /* Clear any errors if the default directory does not exist */
  3447. ERR_clear_error();
  3448. return 1;
  3449. }
  3450. int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
  3451. {
  3452. X509_LOOKUP *lookup;
  3453. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
  3454. if (lookup == NULL)
  3455. return 0;
  3456. X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
  3457. /* Clear any errors if the default file does not exist */
  3458. ERR_clear_error();
  3459. return 1;
  3460. }
  3461. int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
  3462. const char *CApath)
  3463. {
  3464. return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);
  3465. }
  3466. void SSL_set_info_callback(SSL *ssl,
  3467. void (*cb) (const SSL *ssl, int type, int val))
  3468. {
  3469. ssl->info_callback = cb;
  3470. }
  3471. /*
  3472. * One compiler (Diab DCC) doesn't like argument names in returned function
  3473. * pointer.
  3474. */
  3475. void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
  3476. int /* type */ ,
  3477. int /* val */ ) {
  3478. return ssl->info_callback;
  3479. }
  3480. void SSL_set_verify_result(SSL *ssl, long arg)
  3481. {
  3482. ssl->verify_result = arg;
  3483. }
  3484. long SSL_get_verify_result(const SSL *ssl)
  3485. {
  3486. return ssl->verify_result;
  3487. }
  3488. size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
  3489. {
  3490. if (outlen == 0)
  3491. return sizeof(ssl->s3->client_random);
  3492. if (outlen > sizeof(ssl->s3->client_random))
  3493. outlen = sizeof(ssl->s3->client_random);
  3494. memcpy(out, ssl->s3->client_random, outlen);
  3495. return outlen;
  3496. }
  3497. size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
  3498. {
  3499. if (outlen == 0)
  3500. return sizeof(ssl->s3->server_random);
  3501. if (outlen > sizeof(ssl->s3->server_random))
  3502. outlen = sizeof(ssl->s3->server_random);
  3503. memcpy(out, ssl->s3->server_random, outlen);
  3504. return outlen;
  3505. }
  3506. size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
  3507. unsigned char *out, size_t outlen)
  3508. {
  3509. if (outlen == 0)
  3510. return session->master_key_length;
  3511. if (outlen > session->master_key_length)
  3512. outlen = session->master_key_length;
  3513. memcpy(out, session->master_key, outlen);
  3514. return outlen;
  3515. }
  3516. int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
  3517. size_t len)
  3518. {
  3519. if (len > sizeof(sess->master_key))
  3520. return 0;
  3521. memcpy(sess->master_key, in, len);
  3522. sess->master_key_length = len;
  3523. return 1;
  3524. }
  3525. int SSL_set_ex_data(SSL *s, int idx, void *arg)
  3526. {
  3527. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  3528. }
  3529. void *SSL_get_ex_data(const SSL *s, int idx)
  3530. {
  3531. return CRYPTO_get_ex_data(&s->ex_data, idx);
  3532. }
  3533. int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
  3534. {
  3535. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  3536. }
  3537. void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
  3538. {
  3539. return CRYPTO_get_ex_data(&s->ex_data, idx);
  3540. }
  3541. X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
  3542. {
  3543. return ctx->cert_store;
  3544. }
  3545. void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
  3546. {
  3547. X509_STORE_free(ctx->cert_store);
  3548. ctx->cert_store = store;
  3549. }
  3550. void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
  3551. {
  3552. if (store != NULL)
  3553. X509_STORE_up_ref(store);
  3554. SSL_CTX_set_cert_store(ctx, store);
  3555. }
  3556. int SSL_want(const SSL *s)
  3557. {
  3558. return s->rwstate;
  3559. }
  3560. /**
  3561. * \brief Set the callback for generating temporary DH keys.
  3562. * \param ctx the SSL context.
  3563. * \param dh the callback
  3564. */
  3565. #ifndef OPENSSL_NO_DH
  3566. void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
  3567. DH *(*dh) (SSL *ssl, int is_export,
  3568. int keylength))
  3569. {
  3570. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
  3571. }
  3572. void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
  3573. int keylength))
  3574. {
  3575. SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
  3576. }
  3577. #endif
  3578. #ifndef OPENSSL_NO_PSK
  3579. int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
  3580. {
  3581. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  3582. SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
  3583. return 0;
  3584. }
  3585. OPENSSL_free(ctx->cert->psk_identity_hint);
  3586. if (identity_hint != NULL) {
  3587. ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  3588. if (ctx->cert->psk_identity_hint == NULL)
  3589. return 0;
  3590. } else
  3591. ctx->cert->psk_identity_hint = NULL;
  3592. return 1;
  3593. }
  3594. int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
  3595. {
  3596. if (s == NULL)
  3597. return 0;
  3598. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  3599. SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
  3600. return 0;
  3601. }
  3602. OPENSSL_free(s->cert->psk_identity_hint);
  3603. if (identity_hint != NULL) {
  3604. s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  3605. if (s->cert->psk_identity_hint == NULL)
  3606. return 0;
  3607. } else
  3608. s->cert->psk_identity_hint = NULL;
  3609. return 1;
  3610. }
  3611. const char *SSL_get_psk_identity_hint(const SSL *s)
  3612. {
  3613. if (s == NULL || s->session == NULL)
  3614. return NULL;
  3615. return s->session->psk_identity_hint;
  3616. }
  3617. const char *SSL_get_psk_identity(const SSL *s)
  3618. {
  3619. if (s == NULL || s->session == NULL)
  3620. return NULL;
  3621. return s->session->psk_identity;
  3622. }
  3623. void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
  3624. {
  3625. s->psk_client_callback = cb;
  3626. }
  3627. void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
  3628. {
  3629. ctx->psk_client_callback = cb;
  3630. }
  3631. void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
  3632. {
  3633. s->psk_server_callback = cb;
  3634. }
  3635. void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
  3636. {
  3637. ctx->psk_server_callback = cb;
  3638. }
  3639. #endif
  3640. void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
  3641. {
  3642. s->psk_find_session_cb = cb;
  3643. }
  3644. void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
  3645. SSL_psk_find_session_cb_func cb)
  3646. {
  3647. ctx->psk_find_session_cb = cb;
  3648. }
  3649. void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
  3650. {
  3651. s->psk_use_session_cb = cb;
  3652. }
  3653. void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
  3654. SSL_psk_use_session_cb_func cb)
  3655. {
  3656. ctx->psk_use_session_cb = cb;
  3657. }
  3658. void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
  3659. void (*cb) (int write_p, int version,
  3660. int content_type, const void *buf,
  3661. size_t len, SSL *ssl, void *arg))
  3662. {
  3663. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  3664. }
  3665. void SSL_set_msg_callback(SSL *ssl,
  3666. void (*cb) (int write_p, int version,
  3667. int content_type, const void *buf,
  3668. size_t len, SSL *ssl, void *arg))
  3669. {
  3670. SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  3671. }
  3672. void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
  3673. int (*cb) (SSL *ssl,
  3674. int
  3675. is_forward_secure))
  3676. {
  3677. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  3678. (void (*)(void))cb);
  3679. }
  3680. void SSL_set_not_resumable_session_callback(SSL *ssl,
  3681. int (*cb) (SSL *ssl,
  3682. int is_forward_secure))
  3683. {
  3684. SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  3685. (void (*)(void))cb);
  3686. }
  3687. void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
  3688. size_t (*cb) (SSL *ssl, int type,
  3689. size_t len, void *arg))
  3690. {
  3691. ctx->record_padding_cb = cb;
  3692. }
  3693. void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
  3694. {
  3695. ctx->record_padding_arg = arg;
  3696. }
  3697. void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx)
  3698. {
  3699. return ctx->record_padding_arg;
  3700. }
  3701. int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
  3702. {
  3703. /* block size of 0 or 1 is basically no padding */
  3704. if (block_size == 1)
  3705. ctx->block_padding = 0;
  3706. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  3707. ctx->block_padding = block_size;
  3708. else
  3709. return 0;
  3710. return 1;
  3711. }
  3712. void SSL_set_record_padding_callback(SSL *ssl,
  3713. size_t (*cb) (SSL *ssl, int type,
  3714. size_t len, void *arg))
  3715. {
  3716. ssl->record_padding_cb = cb;
  3717. }
  3718. void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
  3719. {
  3720. ssl->record_padding_arg = arg;
  3721. }
  3722. void *SSL_get_record_padding_callback_arg(SSL *ssl)
  3723. {
  3724. return ssl->record_padding_arg;
  3725. }
  3726. int SSL_set_block_padding(SSL *ssl, size_t block_size)
  3727. {
  3728. /* block size of 0 or 1 is basically no padding */
  3729. if (block_size == 1)
  3730. ssl->block_padding = 0;
  3731. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  3732. ssl->block_padding = block_size;
  3733. else
  3734. return 0;
  3735. return 1;
  3736. }
  3737. int SSL_set_num_tickets(SSL *s, size_t num_tickets)
  3738. {
  3739. s->num_tickets = num_tickets;
  3740. return 1;
  3741. }
  3742. size_t SSL_get_num_tickets(SSL *s)
  3743. {
  3744. return s->num_tickets;
  3745. }
  3746. int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
  3747. {
  3748. ctx->num_tickets = num_tickets;
  3749. return 1;
  3750. }
  3751. size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx)
  3752. {
  3753. return ctx->num_tickets;
  3754. }
  3755. /*
  3756. * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
  3757. * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
  3758. * If EVP_MD pointer is passed, initializes ctx with this |md|.
  3759. * Returns the newly allocated ctx;
  3760. */
  3761. EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
  3762. {
  3763. ssl_clear_hash_ctx(hash);
  3764. *hash = EVP_MD_CTX_new();
  3765. if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
  3766. EVP_MD_CTX_free(*hash);
  3767. *hash = NULL;
  3768. return NULL;
  3769. }
  3770. return *hash;
  3771. }
  3772. void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
  3773. {
  3774. EVP_MD_CTX_free(*hash);
  3775. *hash = NULL;
  3776. }
  3777. /* Retrieve handshake hashes */
  3778. int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
  3779. size_t *hashlen)
  3780. {
  3781. EVP_MD_CTX *ctx = NULL;
  3782. EVP_MD_CTX *hdgst = s->s3->handshake_dgst;
  3783. int hashleni = EVP_MD_CTX_size(hdgst);
  3784. int ret = 0;
  3785. if (hashleni < 0 || (size_t)hashleni > outlen) {
  3786. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
  3787. ERR_R_INTERNAL_ERROR);
  3788. goto err;
  3789. }
  3790. ctx = EVP_MD_CTX_new();
  3791. if (ctx == NULL)
  3792. goto err;
  3793. if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
  3794. || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
  3795. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
  3796. ERR_R_INTERNAL_ERROR);
  3797. goto err;
  3798. }
  3799. *hashlen = hashleni;
  3800. ret = 1;
  3801. err:
  3802. EVP_MD_CTX_free(ctx);
  3803. return ret;
  3804. }
  3805. int SSL_session_reused(SSL *s)
  3806. {
  3807. return s->hit;
  3808. }
  3809. int SSL_is_server(const SSL *s)
  3810. {
  3811. return s->server;
  3812. }
  3813. #if OPENSSL_API_COMPAT < 0x10100000L
  3814. void SSL_set_debug(SSL *s, int debug)
  3815. {
  3816. /* Old function was do-nothing anyway... */
  3817. (void)s;
  3818. (void)debug;
  3819. }
  3820. #endif
  3821. void SSL_set_security_level(SSL *s, int level)
  3822. {
  3823. s->cert->sec_level = level;
  3824. }
  3825. int SSL_get_security_level(const SSL *s)
  3826. {
  3827. return s->cert->sec_level;
  3828. }
  3829. void SSL_set_security_callback(SSL *s,
  3830. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  3831. int op, int bits, int nid,
  3832. void *other, void *ex))
  3833. {
  3834. s->cert->sec_cb = cb;
  3835. }
  3836. int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
  3837. const SSL_CTX *ctx, int op,
  3838. int bits, int nid, void *other,
  3839. void *ex) {
  3840. return s->cert->sec_cb;
  3841. }
  3842. void SSL_set0_security_ex_data(SSL *s, void *ex)
  3843. {
  3844. s->cert->sec_ex = ex;
  3845. }
  3846. void *SSL_get0_security_ex_data(const SSL *s)
  3847. {
  3848. return s->cert->sec_ex;
  3849. }
  3850. void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
  3851. {
  3852. ctx->cert->sec_level = level;
  3853. }
  3854. int SSL_CTX_get_security_level(const SSL_CTX *ctx)
  3855. {
  3856. return ctx->cert->sec_level;
  3857. }
  3858. void SSL_CTX_set_security_callback(SSL_CTX *ctx,
  3859. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  3860. int op, int bits, int nid,
  3861. void *other, void *ex))
  3862. {
  3863. ctx->cert->sec_cb = cb;
  3864. }
  3865. int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
  3866. const SSL_CTX *ctx,
  3867. int op, int bits,
  3868. int nid,
  3869. void *other,
  3870. void *ex) {
  3871. return ctx->cert->sec_cb;
  3872. }
  3873. void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
  3874. {
  3875. ctx->cert->sec_ex = ex;
  3876. }
  3877. void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
  3878. {
  3879. return ctx->cert->sec_ex;
  3880. }
  3881. /*
  3882. * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
  3883. * can return unsigned long, instead of the generic long return value from the
  3884. * control interface.
  3885. */
  3886. unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
  3887. {
  3888. return ctx->options;
  3889. }
  3890. unsigned long SSL_get_options(const SSL *s)
  3891. {
  3892. return s->options;
  3893. }
  3894. unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
  3895. {
  3896. return ctx->options |= op;
  3897. }
  3898. unsigned long SSL_set_options(SSL *s, unsigned long op)
  3899. {
  3900. return s->options |= op;
  3901. }
  3902. unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
  3903. {
  3904. return ctx->options &= ~op;
  3905. }
  3906. unsigned long SSL_clear_options(SSL *s, unsigned long op)
  3907. {
  3908. return s->options &= ~op;
  3909. }
  3910. STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
  3911. {
  3912. return s->verified_chain;
  3913. }
  3914. IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
  3915. #ifndef OPENSSL_NO_CT
  3916. /*
  3917. * Moves SCTs from the |src| stack to the |dst| stack.
  3918. * The source of each SCT will be set to |origin|.
  3919. * If |dst| points to a NULL pointer, a new stack will be created and owned by
  3920. * the caller.
  3921. * Returns the number of SCTs moved, or a negative integer if an error occurs.
  3922. */
  3923. static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
  3924. sct_source_t origin)
  3925. {
  3926. int scts_moved = 0;
  3927. SCT *sct = NULL;
  3928. if (*dst == NULL) {
  3929. *dst = sk_SCT_new_null();
  3930. if (*dst == NULL) {
  3931. SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE);
  3932. goto err;
  3933. }
  3934. }
  3935. while ((sct = sk_SCT_pop(src)) != NULL) {
  3936. if (SCT_set_source(sct, origin) != 1)
  3937. goto err;
  3938. if (sk_SCT_push(*dst, sct) <= 0)
  3939. goto err;
  3940. scts_moved += 1;
  3941. }
  3942. return scts_moved;
  3943. err:
  3944. if (sct != NULL)
  3945. sk_SCT_push(src, sct); /* Put the SCT back */
  3946. return -1;
  3947. }
  3948. /*
  3949. * Look for data collected during ServerHello and parse if found.
  3950. * Returns the number of SCTs extracted.
  3951. */
  3952. static int ct_extract_tls_extension_scts(SSL *s)
  3953. {
  3954. int scts_extracted = 0;
  3955. if (s->ext.scts != NULL) {
  3956. const unsigned char *p = s->ext.scts;
  3957. STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
  3958. scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
  3959. SCT_LIST_free(scts);
  3960. }
  3961. return scts_extracted;
  3962. }
  3963. /*
  3964. * Checks for an OCSP response and then attempts to extract any SCTs found if it
  3965. * contains an SCT X509 extension. They will be stored in |s->scts|.
  3966. * Returns:
  3967. * - The number of SCTs extracted, assuming an OCSP response exists.
  3968. * - 0 if no OCSP response exists or it contains no SCTs.
  3969. * - A negative integer if an error occurs.
  3970. */
  3971. static int ct_extract_ocsp_response_scts(SSL *s)
  3972. {
  3973. # ifndef OPENSSL_NO_OCSP
  3974. int scts_extracted = 0;
  3975. const unsigned char *p;
  3976. OCSP_BASICRESP *br = NULL;
  3977. OCSP_RESPONSE *rsp = NULL;
  3978. STACK_OF(SCT) *scts = NULL;
  3979. int i;
  3980. if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
  3981. goto err;
  3982. p = s->ext.ocsp.resp;
  3983. rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
  3984. if (rsp == NULL)
  3985. goto err;
  3986. br = OCSP_response_get1_basic(rsp);
  3987. if (br == NULL)
  3988. goto err;
  3989. for (i = 0; i < OCSP_resp_count(br); ++i) {
  3990. OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
  3991. if (single == NULL)
  3992. continue;
  3993. scts =
  3994. OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
  3995. scts_extracted =
  3996. ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
  3997. if (scts_extracted < 0)
  3998. goto err;
  3999. }
  4000. err:
  4001. SCT_LIST_free(scts);
  4002. OCSP_BASICRESP_free(br);
  4003. OCSP_RESPONSE_free(rsp);
  4004. return scts_extracted;
  4005. # else
  4006. /* Behave as if no OCSP response exists */
  4007. return 0;
  4008. # endif
  4009. }
  4010. /*
  4011. * Attempts to extract SCTs from the peer certificate.
  4012. * Return the number of SCTs extracted, or a negative integer if an error
  4013. * occurs.
  4014. */
  4015. static int ct_extract_x509v3_extension_scts(SSL *s)
  4016. {
  4017. int scts_extracted = 0;
  4018. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  4019. if (cert != NULL) {
  4020. STACK_OF(SCT) *scts =
  4021. X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
  4022. scts_extracted =
  4023. ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
  4024. SCT_LIST_free(scts);
  4025. }
  4026. return scts_extracted;
  4027. }
  4028. /*
  4029. * Attempts to find all received SCTs by checking TLS extensions, the OCSP
  4030. * response (if it exists) and X509v3 extensions in the certificate.
  4031. * Returns NULL if an error occurs.
  4032. */
  4033. const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
  4034. {
  4035. if (!s->scts_parsed) {
  4036. if (ct_extract_tls_extension_scts(s) < 0 ||
  4037. ct_extract_ocsp_response_scts(s) < 0 ||
  4038. ct_extract_x509v3_extension_scts(s) < 0)
  4039. goto err;
  4040. s->scts_parsed = 1;
  4041. }
  4042. return s->scts;
  4043. err:
  4044. return NULL;
  4045. }
  4046. static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
  4047. const STACK_OF(SCT) *scts, void *unused_arg)
  4048. {
  4049. return 1;
  4050. }
  4051. static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
  4052. const STACK_OF(SCT) *scts, void *unused_arg)
  4053. {
  4054. int count = scts != NULL ? sk_SCT_num(scts) : 0;
  4055. int i;
  4056. for (i = 0; i < count; ++i) {
  4057. SCT *sct = sk_SCT_value(scts, i);
  4058. int status = SCT_get_validation_status(sct);
  4059. if (status == SCT_VALIDATION_STATUS_VALID)
  4060. return 1;
  4061. }
  4062. SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS);
  4063. return 0;
  4064. }
  4065. int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
  4066. void *arg)
  4067. {
  4068. /*
  4069. * Since code exists that uses the custom extension handler for CT, look
  4070. * for this and throw an error if they have already registered to use CT.
  4071. */
  4072. if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
  4073. TLSEXT_TYPE_signed_certificate_timestamp))
  4074. {
  4075. SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
  4076. SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  4077. return 0;
  4078. }
  4079. if (callback != NULL) {
  4080. /*
  4081. * If we are validating CT, then we MUST accept SCTs served via OCSP
  4082. */
  4083. if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
  4084. return 0;
  4085. }
  4086. s->ct_validation_callback = callback;
  4087. s->ct_validation_callback_arg = arg;
  4088. return 1;
  4089. }
  4090. int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
  4091. ssl_ct_validation_cb callback, void *arg)
  4092. {
  4093. /*
  4094. * Since code exists that uses the custom extension handler for CT, look for
  4095. * this and throw an error if they have already registered to use CT.
  4096. */
  4097. if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
  4098. TLSEXT_TYPE_signed_certificate_timestamp))
  4099. {
  4100. SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
  4101. SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  4102. return 0;
  4103. }
  4104. ctx->ct_validation_callback = callback;
  4105. ctx->ct_validation_callback_arg = arg;
  4106. return 1;
  4107. }
  4108. int SSL_ct_is_enabled(const SSL *s)
  4109. {
  4110. return s->ct_validation_callback != NULL;
  4111. }
  4112. int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
  4113. {
  4114. return ctx->ct_validation_callback != NULL;
  4115. }
  4116. int ssl_validate_ct(SSL *s)
  4117. {
  4118. int ret = 0;
  4119. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  4120. X509 *issuer;
  4121. SSL_DANE *dane = &s->dane;
  4122. CT_POLICY_EVAL_CTX *ctx = NULL;
  4123. const STACK_OF(SCT) *scts;
  4124. /*
  4125. * If no callback is set, the peer is anonymous, or its chain is invalid,
  4126. * skip SCT validation - just return success. Applications that continue
  4127. * handshakes without certificates, with unverified chains, or pinned leaf
  4128. * certificates are outside the scope of the WebPKI and CT.
  4129. *
  4130. * The above exclusions notwithstanding the vast majority of peers will
  4131. * have rather ordinary certificate chains validated by typical
  4132. * applications that perform certificate verification and therefore will
  4133. * process SCTs when enabled.
  4134. */
  4135. if (s->ct_validation_callback == NULL || cert == NULL ||
  4136. s->verify_result != X509_V_OK ||
  4137. s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
  4138. return 1;
  4139. /*
  4140. * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
  4141. * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2
  4142. */
  4143. if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
  4144. switch (dane->mtlsa->usage) {
  4145. case DANETLS_USAGE_DANE_TA:
  4146. case DANETLS_USAGE_DANE_EE:
  4147. return 1;
  4148. }
  4149. }
  4150. ctx = CT_POLICY_EVAL_CTX_new();
  4151. if (ctx == NULL) {
  4152. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT,
  4153. ERR_R_MALLOC_FAILURE);
  4154. goto end;
  4155. }
  4156. issuer = sk_X509_value(s->verified_chain, 1);
  4157. CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
  4158. CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
  4159. CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
  4160. CT_POLICY_EVAL_CTX_set_time(
  4161. ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
  4162. scts = SSL_get0_peer_scts(s);
  4163. /*
  4164. * This function returns success (> 0) only when all the SCTs are valid, 0
  4165. * when some are invalid, and < 0 on various internal errors (out of
  4166. * memory, etc.). Having some, or even all, invalid SCTs is not sufficient
  4167. * reason to abort the handshake, that decision is up to the callback.
  4168. * Therefore, we error out only in the unexpected case that the return
  4169. * value is negative.
  4170. *
  4171. * XXX: One might well argue that the return value of this function is an
  4172. * unfortunate design choice. Its job is only to determine the validation
  4173. * status of each of the provided SCTs. So long as it correctly separates
  4174. * the wheat from the chaff it should return success. Failure in this case
  4175. * ought to correspond to an inability to carry out its duties.
  4176. */
  4177. if (SCT_LIST_validate(scts, ctx) < 0) {
  4178. SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
  4179. SSL_R_SCT_VERIFICATION_FAILED);
  4180. goto end;
  4181. }
  4182. ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
  4183. if (ret < 0)
  4184. ret = 0; /* This function returns 0 on failure */
  4185. if (!ret)
  4186. SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
  4187. SSL_R_CALLBACK_FAILED);
  4188. end:
  4189. CT_POLICY_EVAL_CTX_free(ctx);
  4190. /*
  4191. * With SSL_VERIFY_NONE the session may be cached and re-used despite a
  4192. * failure return code here. Also the application may wish the complete
  4193. * the handshake, and then disconnect cleanly at a higher layer, after
  4194. * checking the verification status of the completed connection.
  4195. *
  4196. * We therefore force a certificate verification failure which will be
  4197. * visible via SSL_get_verify_result() and cached as part of any resumed
  4198. * session.
  4199. *
  4200. * Note: the permissive callback is for information gathering only, always
  4201. * returns success, and does not affect verification status. Only the
  4202. * strict callback or a custom application-specified callback can trigger
  4203. * connection failure or record a verification error.
  4204. */
  4205. if (ret <= 0)
  4206. s->verify_result = X509_V_ERR_NO_VALID_SCTS;
  4207. return ret;
  4208. }
  4209. int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
  4210. {
  4211. switch (validation_mode) {
  4212. default:
  4213. SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
  4214. return 0;
  4215. case SSL_CT_VALIDATION_PERMISSIVE:
  4216. return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
  4217. case SSL_CT_VALIDATION_STRICT:
  4218. return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
  4219. }
  4220. }
  4221. int SSL_enable_ct(SSL *s, int validation_mode)
  4222. {
  4223. switch (validation_mode) {
  4224. default:
  4225. SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
  4226. return 0;
  4227. case SSL_CT_VALIDATION_PERMISSIVE:
  4228. return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
  4229. case SSL_CT_VALIDATION_STRICT:
  4230. return SSL_set_ct_validation_callback(s, ct_strict, NULL);
  4231. }
  4232. }
  4233. int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
  4234. {
  4235. return CTLOG_STORE_load_default_file(ctx->ctlog_store);
  4236. }
  4237. int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
  4238. {
  4239. return CTLOG_STORE_load_file(ctx->ctlog_store, path);
  4240. }
  4241. void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
  4242. {
  4243. CTLOG_STORE_free(ctx->ctlog_store);
  4244. ctx->ctlog_store = logs;
  4245. }
  4246. const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
  4247. {
  4248. return ctx->ctlog_store;
  4249. }
  4250. #endif /* OPENSSL_NO_CT */
  4251. void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
  4252. void *arg)
  4253. {
  4254. c->client_hello_cb = cb;
  4255. c->client_hello_cb_arg = arg;
  4256. }
  4257. int SSL_client_hello_isv2(SSL *s)
  4258. {
  4259. if (s->clienthello == NULL)
  4260. return 0;
  4261. return s->clienthello->isv2;
  4262. }
  4263. unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
  4264. {
  4265. if (s->clienthello == NULL)
  4266. return 0;
  4267. return s->clienthello->legacy_version;
  4268. }
  4269. size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
  4270. {
  4271. if (s->clienthello == NULL)
  4272. return 0;
  4273. if (out != NULL)
  4274. *out = s->clienthello->random;
  4275. return SSL3_RANDOM_SIZE;
  4276. }
  4277. size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
  4278. {
  4279. if (s->clienthello == NULL)
  4280. return 0;
  4281. if (out != NULL)
  4282. *out = s->clienthello->session_id;
  4283. return s->clienthello->session_id_len;
  4284. }
  4285. size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
  4286. {
  4287. if (s->clienthello == NULL)
  4288. return 0;
  4289. if (out != NULL)
  4290. *out = PACKET_data(&s->clienthello->ciphersuites);
  4291. return PACKET_remaining(&s->clienthello->ciphersuites);
  4292. }
  4293. size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
  4294. {
  4295. if (s->clienthello == NULL)
  4296. return 0;
  4297. if (out != NULL)
  4298. *out = s->clienthello->compressions;
  4299. return s->clienthello->compressions_len;
  4300. }
  4301. int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
  4302. {
  4303. RAW_EXTENSION *ext;
  4304. int *present;
  4305. size_t num = 0, i;
  4306. if (s->clienthello == NULL || out == NULL || outlen == NULL)
  4307. return 0;
  4308. for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
  4309. ext = s->clienthello->pre_proc_exts + i;
  4310. if (ext->present)
  4311. num++;
  4312. }
  4313. if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) {
  4314. SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT,
  4315. ERR_R_MALLOC_FAILURE);
  4316. return 0;
  4317. }
  4318. for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
  4319. ext = s->clienthello->pre_proc_exts + i;
  4320. if (ext->present) {
  4321. if (ext->received_order >= num)
  4322. goto err;
  4323. present[ext->received_order] = ext->type;
  4324. }
  4325. }
  4326. *out = present;
  4327. *outlen = num;
  4328. return 1;
  4329. err:
  4330. OPENSSL_free(present);
  4331. return 0;
  4332. }
  4333. int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
  4334. size_t *outlen)
  4335. {
  4336. size_t i;
  4337. RAW_EXTENSION *r;
  4338. if (s->clienthello == NULL)
  4339. return 0;
  4340. for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) {
  4341. r = s->clienthello->pre_proc_exts + i;
  4342. if (r->present && r->type == type) {
  4343. if (out != NULL)
  4344. *out = PACKET_data(&r->data);
  4345. if (outlen != NULL)
  4346. *outlen = PACKET_remaining(&r->data);
  4347. return 1;
  4348. }
  4349. }
  4350. return 0;
  4351. }
  4352. int SSL_free_buffers(SSL *ssl)
  4353. {
  4354. RECORD_LAYER *rl = &ssl->rlayer;
  4355. if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
  4356. return 0;
  4357. RECORD_LAYER_release(rl);
  4358. return 1;
  4359. }
  4360. int SSL_alloc_buffers(SSL *ssl)
  4361. {
  4362. return ssl3_setup_buffers(ssl);
  4363. }
  4364. void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
  4365. {
  4366. ctx->keylog_callback = cb;
  4367. }
  4368. SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
  4369. {
  4370. return ctx->keylog_callback;
  4371. }
  4372. static int nss_keylog_int(const char *prefix,
  4373. SSL *ssl,
  4374. const uint8_t *parameter_1,
  4375. size_t parameter_1_len,
  4376. const uint8_t *parameter_2,
  4377. size_t parameter_2_len)
  4378. {
  4379. char *out = NULL;
  4380. char *cursor = NULL;
  4381. size_t out_len = 0;
  4382. size_t i;
  4383. size_t prefix_len;
  4384. if (ssl->ctx->keylog_callback == NULL) return 1;
  4385. /*
  4386. * Our output buffer will contain the following strings, rendered with
  4387. * space characters in between, terminated by a NULL character: first the
  4388. * prefix, then the first parameter, then the second parameter. The
  4389. * meaning of each parameter depends on the specific key material being
  4390. * logged. Note that the first and second parameters are encoded in
  4391. * hexadecimal, so we need a buffer that is twice their lengths.
  4392. */
  4393. prefix_len = strlen(prefix);
  4394. out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3;
  4395. if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
  4396. SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
  4397. ERR_R_MALLOC_FAILURE);
  4398. return 0;
  4399. }
  4400. strcpy(cursor, prefix);
  4401. cursor += prefix_len;
  4402. *cursor++ = ' ';
  4403. for (i = 0; i < parameter_1_len; i++) {
  4404. sprintf(cursor, "%02x", parameter_1[i]);
  4405. cursor += 2;
  4406. }
  4407. *cursor++ = ' ';
  4408. for (i = 0; i < parameter_2_len; i++) {
  4409. sprintf(cursor, "%02x", parameter_2[i]);
  4410. cursor += 2;
  4411. }
  4412. *cursor = '\0';
  4413. ssl->ctx->keylog_callback(ssl, (const char *)out);
  4414. OPENSSL_free(out);
  4415. return 1;
  4416. }
  4417. int ssl_log_rsa_client_key_exchange(SSL *ssl,
  4418. const uint8_t *encrypted_premaster,
  4419. size_t encrypted_premaster_len,
  4420. const uint8_t *premaster,
  4421. size_t premaster_len)
  4422. {
  4423. if (encrypted_premaster_len < 8) {
  4424. SSLfatal(ssl, SSL_AD_INTERNAL_ERROR,
  4425. SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
  4426. return 0;
  4427. }
  4428. /* We only want the first 8 bytes of the encrypted premaster as a tag. */
  4429. return nss_keylog_int("RSA",
  4430. ssl,
  4431. encrypted_premaster,
  4432. 8,
  4433. premaster,
  4434. premaster_len);
  4435. }
  4436. int ssl_log_secret(SSL *ssl,
  4437. const char *label,
  4438. const uint8_t *secret,
  4439. size_t secret_len)
  4440. {
  4441. return nss_keylog_int(label,
  4442. ssl,
  4443. ssl->s3->client_random,
  4444. SSL3_RANDOM_SIZE,
  4445. secret,
  4446. secret_len);
  4447. }
  4448. #define SSLV2_CIPHER_LEN 3
  4449. int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
  4450. {
  4451. int n;
  4452. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  4453. if (PACKET_remaining(cipher_suites) == 0) {
  4454. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST,
  4455. SSL_R_NO_CIPHERS_SPECIFIED);
  4456. return 0;
  4457. }
  4458. if (PACKET_remaining(cipher_suites) % n != 0) {
  4459. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
  4460. SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  4461. return 0;
  4462. }
  4463. OPENSSL_free(s->s3->tmp.ciphers_raw);
  4464. s->s3->tmp.ciphers_raw = NULL;
  4465. s->s3->tmp.ciphers_rawlen = 0;
  4466. if (sslv2format) {
  4467. size_t numciphers = PACKET_remaining(cipher_suites) / n;
  4468. PACKET sslv2ciphers = *cipher_suites;
  4469. unsigned int leadbyte;
  4470. unsigned char *raw;
  4471. /*
  4472. * We store the raw ciphers list in SSLv3+ format so we need to do some
  4473. * preprocessing to convert the list first. If there are any SSLv2 only
  4474. * ciphersuites with a non-zero leading byte then we are going to
  4475. * slightly over allocate because we won't store those. But that isn't a
  4476. * problem.
  4477. */
  4478. raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
  4479. s->s3->tmp.ciphers_raw = raw;
  4480. if (raw == NULL) {
  4481. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
  4482. ERR_R_MALLOC_FAILURE);
  4483. return 0;
  4484. }
  4485. for (s->s3->tmp.ciphers_rawlen = 0;
  4486. PACKET_remaining(&sslv2ciphers) > 0;
  4487. raw += TLS_CIPHER_LEN) {
  4488. if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
  4489. || (leadbyte == 0
  4490. && !PACKET_copy_bytes(&sslv2ciphers, raw,
  4491. TLS_CIPHER_LEN))
  4492. || (leadbyte != 0
  4493. && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
  4494. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
  4495. SSL_R_BAD_PACKET);
  4496. OPENSSL_free(s->s3->tmp.ciphers_raw);
  4497. s->s3->tmp.ciphers_raw = NULL;
  4498. s->s3->tmp.ciphers_rawlen = 0;
  4499. return 0;
  4500. }
  4501. if (leadbyte == 0)
  4502. s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN;
  4503. }
  4504. } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw,
  4505. &s->s3->tmp.ciphers_rawlen)) {
  4506. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
  4507. ERR_R_INTERNAL_ERROR);
  4508. return 0;
  4509. }
  4510. return 1;
  4511. }
  4512. int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
  4513. int isv2format, STACK_OF(SSL_CIPHER) **sk,
  4514. STACK_OF(SSL_CIPHER) **scsvs)
  4515. {
  4516. PACKET pkt;
  4517. if (!PACKET_buf_init(&pkt, bytes, len))
  4518. return 0;
  4519. return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0);
  4520. }
  4521. int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
  4522. STACK_OF(SSL_CIPHER) **skp,
  4523. STACK_OF(SSL_CIPHER) **scsvs_out,
  4524. int sslv2format, int fatal)
  4525. {
  4526. const SSL_CIPHER *c;
  4527. STACK_OF(SSL_CIPHER) *sk = NULL;
  4528. STACK_OF(SSL_CIPHER) *scsvs = NULL;
  4529. int n;
  4530. /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
  4531. unsigned char cipher[SSLV2_CIPHER_LEN];
  4532. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  4533. if (PACKET_remaining(cipher_suites) == 0) {
  4534. if (fatal)
  4535. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST,
  4536. SSL_R_NO_CIPHERS_SPECIFIED);
  4537. else
  4538. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
  4539. return 0;
  4540. }
  4541. if (PACKET_remaining(cipher_suites) % n != 0) {
  4542. if (fatal)
  4543. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
  4544. SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  4545. else
  4546. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,
  4547. SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  4548. return 0;
  4549. }
  4550. sk = sk_SSL_CIPHER_new_null();
  4551. scsvs = sk_SSL_CIPHER_new_null();
  4552. if (sk == NULL || scsvs == NULL) {
  4553. if (fatal)
  4554. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
  4555. ERR_R_MALLOC_FAILURE);
  4556. else
  4557. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
  4558. goto err;
  4559. }
  4560. while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
  4561. /*
  4562. * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
  4563. * first byte set to zero, while true SSLv2 ciphers have a non-zero
  4564. * first byte. We don't support any true SSLv2 ciphers, so skip them.
  4565. */
  4566. if (sslv2format && cipher[0] != '\0')
  4567. continue;
  4568. /* For SSLv2-compat, ignore leading 0-byte. */
  4569. c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
  4570. if (c != NULL) {
  4571. if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
  4572. (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
  4573. if (fatal)
  4574. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  4575. SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
  4576. else
  4577. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
  4578. goto err;
  4579. }
  4580. }
  4581. }
  4582. if (PACKET_remaining(cipher_suites) > 0) {
  4583. if (fatal)
  4584. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
  4585. SSL_R_BAD_LENGTH);
  4586. else
  4587. SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);
  4588. goto err;
  4589. }
  4590. if (skp != NULL)
  4591. *skp = sk;
  4592. else
  4593. sk_SSL_CIPHER_free(sk);
  4594. if (scsvs_out != NULL)
  4595. *scsvs_out = scsvs;
  4596. else
  4597. sk_SSL_CIPHER_free(scsvs);
  4598. return 1;
  4599. err:
  4600. sk_SSL_CIPHER_free(sk);
  4601. sk_SSL_CIPHER_free(scsvs);
  4602. return 0;
  4603. }
  4604. int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
  4605. {
  4606. ctx->max_early_data = max_early_data;
  4607. return 1;
  4608. }
  4609. uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
  4610. {
  4611. return ctx->max_early_data;
  4612. }
  4613. int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
  4614. {
  4615. s->max_early_data = max_early_data;
  4616. return 1;
  4617. }
  4618. uint32_t SSL_get_max_early_data(const SSL *s)
  4619. {
  4620. return s->max_early_data;
  4621. }
  4622. __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl)
  4623. {
  4624. /* Return any active Max Fragment Len extension */
  4625. if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session))
  4626. return GET_MAX_FRAGMENT_LENGTH(ssl->session);
  4627. /* return current SSL connection setting */
  4628. return ssl->max_send_fragment;
  4629. }
  4630. __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl)
  4631. {
  4632. /* Return a value regarding an active Max Fragment Len extension */
  4633. if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)
  4634. && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session))
  4635. return GET_MAX_FRAGMENT_LENGTH(ssl->session);
  4636. /* else limit |split_send_fragment| to current |max_send_fragment| */
  4637. if (ssl->split_send_fragment > ssl->max_send_fragment)
  4638. return ssl->max_send_fragment;
  4639. /* return current SSL connection setting */
  4640. return ssl->split_send_fragment;
  4641. }
  4642. int SSL_stateless(SSL *s)
  4643. {
  4644. int ret;
  4645. /* Ensure there is no state left over from a previous invocation */
  4646. if (!SSL_clear(s))
  4647. return 0;
  4648. ERR_clear_error();
  4649. s->s3->flags |= TLS1_FLAGS_STATELESS;
  4650. ret = SSL_accept(s);
  4651. s->s3->flags &= ~TLS1_FLAGS_STATELESS;
  4652. if (ret > 0 && s->ext.cookieok)
  4653. return 1;
  4654. if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s))
  4655. return 0;
  4656. return -1;
  4657. }
  4658. void SSL_force_post_handshake_auth(SSL *ssl)
  4659. {
  4660. ssl->pha_forced = 1;
  4661. }
  4662. int SSL_verify_client_post_handshake(SSL *ssl)
  4663. {
  4664. if (!SSL_IS_TLS13(ssl)) {
  4665. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION);
  4666. return 0;
  4667. }
  4668. if (!ssl->server) {
  4669. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER);
  4670. return 0;
  4671. }
  4672. if (!SSL_is_init_finished(ssl)) {
  4673. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT);
  4674. return 0;
  4675. }
  4676. switch (ssl->post_handshake_auth) {
  4677. case SSL_PHA_NONE:
  4678. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED);
  4679. return 0;
  4680. default:
  4681. case SSL_PHA_EXT_SENT:
  4682. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR);
  4683. return 0;
  4684. case SSL_PHA_EXT_RECEIVED:
  4685. break;
  4686. case SSL_PHA_REQUEST_PENDING:
  4687. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING);
  4688. return 0;
  4689. case SSL_PHA_REQUESTED:
  4690. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT);
  4691. return 0;
  4692. }
  4693. ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
  4694. /* checks verify_mode and algorithm_auth */
  4695. if (!send_certificate_request(ssl)) {
  4696. ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
  4697. SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG);
  4698. return 0;
  4699. }
  4700. ossl_statem_set_in_init(ssl, 1);
  4701. return 1;
  4702. }
  4703. int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
  4704. SSL_CTX_generate_session_ticket_fn gen_cb,
  4705. SSL_CTX_decrypt_session_ticket_fn dec_cb,
  4706. void *arg)
  4707. {
  4708. ctx->generate_ticket_cb = gen_cb;
  4709. ctx->decrypt_ticket_cb = dec_cb;
  4710. ctx->ticket_cb_data = arg;
  4711. return 1;
  4712. }