2
0

ssl_lib.c 209 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982698369846985698669876988698969906991699269936994699569966997699869997000700170027003700470057006700770087009701070117012701370147015701670177018701970207021702270237024702570267027702870297030703170327033703470357036703770387039704070417042704370447045704670477048704970507051705270537054705570567057705870597060706170627063706470657066706770687069707070717072707370747075707670777078707970807081708270837084708570867087708870897090709170927093709470957096709770987099710071017102710371047105710671077108710971107111711271137114711571167117711871197120712171227123712471257126712771287129713071317132713371347135713671377138713971407141714271437144714571467147714871497150715171527153715471557156715771587159716071617162716371647165716671677168716971707171717271737174717571767177717871797180718171827183718471857186718771887189719071917192719371947195719671977198719972007201720272037204720572067207720872097210721172127213721472157216721772187219722072217222722372247225722672277228722972307231723272337234723572367237723872397240724172427243724472457246724772487249725072517252725372547255725672577258725972607261726272637264726572667267726872697270727172727273727472757276727772787279728072817282728372847285728672877288728972907291729272937294729572967297729872997300730173027303730473057306730773087309731073117312731373147315731673177318731973207321732273237324732573267327732873297330733173327333733473357336733773387339734073417342734373447345734673477348734973507351735273537354735573567357735873597360736173627363736473657366736773687369737073717372737373747375737673777378737973807381738273837384738573867387738873897390739173927393739473957396739773987399740074017402740374047405740674077408740974107411741274137414741574167417741874197420742174227423742474257426742774287429743074317432743374347435743674377438743974407441744274437444744574467447744874497450745174527453745474557456745774587459746074617462746374647465746674677468746974707471747274737474747574767477747874797480748174827483748474857486748774887489749074917492749374947495749674977498749975007501750275037504750575067507750875097510751175127513751475157516751775187519752075217522752375247525752675277528752975307531753275337534753575367537753875397540754175427543754475457546754775487549755075517552755375547555755675577558755975607561756275637564756575667567756875697570757175727573757475757576757775787579758075817582758375847585758675877588758975907591759275937594759575967597759875997600760176027603760476057606760776087609761076117612761376147615761676177618761976207621762276237624762576267627762876297630763176327633763476357636763776387639764076417642764376447645764676477648764976507651765276537654765576567657765876597660766176627663766476657666766776687669767076717672767376747675767676777678767976807681768276837684768576867687768876897690769176927693769476957696769776987699770077017702770377047705770677077708770977107711771277137714771577167717771877197720772177227723772477257726772777287729773077317732773377347735773677377738773977407741774277437744774577467747774877497750775177527753775477557756775777587759776077617762776377647765776677677768776977707771777277737774777577767777777877797780778177827783778477857786778777887789779077917792779377947795779677977798779978007801780278037804780578067807780878097810781178127813781478157816781778187819782078217822782378247825782678277828782978307831783278337834783578367837783878397840784178427843
  1. /*
  2. * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  4. * Copyright 2005 Nokia. All rights reserved.
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include <stdio.h>
  12. #include "ssl_local.h"
  13. #include "internal/e_os.h"
  14. #include <openssl/objects.h>
  15. #include <openssl/x509v3.h>
  16. #include <openssl/rand.h>
  17. #include <openssl/ocsp.h>
  18. #include <openssl/dh.h>
  19. #include <openssl/engine.h>
  20. #include <openssl/async.h>
  21. #include <openssl/ct.h>
  22. #include <openssl/trace.h>
  23. #include <openssl/core_names.h>
  24. #include "internal/cryptlib.h"
  25. #include "internal/nelem.h"
  26. #include "internal/refcount.h"
  27. #include "internal/ktls.h"
  28. #include "quic/quic_local.h"
  29. static int ssl_undefined_function_3(SSL_CONNECTION *sc, unsigned char *r,
  30. unsigned char *s, size_t t, size_t *u)
  31. {
  32. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  33. }
  34. static int ssl_undefined_function_4(SSL_CONNECTION *sc, int r)
  35. {
  36. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  37. }
  38. static size_t ssl_undefined_function_5(SSL_CONNECTION *sc, const char *r,
  39. size_t s, unsigned char *t)
  40. {
  41. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  42. }
  43. static int ssl_undefined_function_6(int r)
  44. {
  45. return ssl_undefined_function(NULL);
  46. }
  47. static int ssl_undefined_function_7(SSL_CONNECTION *sc, unsigned char *r,
  48. size_t s, const char *t, size_t u,
  49. const unsigned char *v, size_t w, int x)
  50. {
  51. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  52. }
  53. static int ssl_undefined_function_8(SSL_CONNECTION *sc)
  54. {
  55. return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  56. }
  57. const SSL3_ENC_METHOD ssl3_undef_enc_method = {
  58. ssl_undefined_function_8,
  59. ssl_undefined_function_3,
  60. ssl_undefined_function_4,
  61. ssl_undefined_function_5,
  62. NULL, /* client_finished_label */
  63. 0, /* client_finished_label_len */
  64. NULL, /* server_finished_label */
  65. 0, /* server_finished_label_len */
  66. ssl_undefined_function_6,
  67. ssl_undefined_function_7,
  68. };
  69. struct ssl_async_args {
  70. SSL *s;
  71. void *buf;
  72. size_t num;
  73. enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
  74. union {
  75. int (*func_read) (SSL *, void *, size_t, size_t *);
  76. int (*func_write) (SSL *, const void *, size_t, size_t *);
  77. int (*func_other) (SSL *);
  78. } f;
  79. };
  80. static const struct {
  81. uint8_t mtype;
  82. uint8_t ord;
  83. int nid;
  84. } dane_mds[] = {
  85. {
  86. DANETLS_MATCHING_FULL, 0, NID_undef
  87. },
  88. {
  89. DANETLS_MATCHING_2256, 1, NID_sha256
  90. },
  91. {
  92. DANETLS_MATCHING_2512, 2, NID_sha512
  93. },
  94. };
  95. static int dane_ctx_enable(struct dane_ctx_st *dctx)
  96. {
  97. const EVP_MD **mdevp;
  98. uint8_t *mdord;
  99. uint8_t mdmax = DANETLS_MATCHING_LAST;
  100. int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */
  101. size_t i;
  102. if (dctx->mdevp != NULL)
  103. return 1;
  104. mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
  105. mdord = OPENSSL_zalloc(n * sizeof(*mdord));
  106. if (mdord == NULL || mdevp == NULL) {
  107. OPENSSL_free(mdord);
  108. OPENSSL_free(mdevp);
  109. return 0;
  110. }
  111. /* Install default entries */
  112. for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
  113. const EVP_MD *md;
  114. if (dane_mds[i].nid == NID_undef ||
  115. (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
  116. continue;
  117. mdevp[dane_mds[i].mtype] = md;
  118. mdord[dane_mds[i].mtype] = dane_mds[i].ord;
  119. }
  120. dctx->mdevp = mdevp;
  121. dctx->mdord = mdord;
  122. dctx->mdmax = mdmax;
  123. return 1;
  124. }
  125. static void dane_ctx_final(struct dane_ctx_st *dctx)
  126. {
  127. OPENSSL_free(dctx->mdevp);
  128. dctx->mdevp = NULL;
  129. OPENSSL_free(dctx->mdord);
  130. dctx->mdord = NULL;
  131. dctx->mdmax = 0;
  132. }
  133. static void tlsa_free(danetls_record *t)
  134. {
  135. if (t == NULL)
  136. return;
  137. OPENSSL_free(t->data);
  138. EVP_PKEY_free(t->spki);
  139. OPENSSL_free(t);
  140. }
  141. static void dane_final(SSL_DANE *dane)
  142. {
  143. sk_danetls_record_pop_free(dane->trecs, tlsa_free);
  144. dane->trecs = NULL;
  145. OSSL_STACK_OF_X509_free(dane->certs);
  146. dane->certs = NULL;
  147. X509_free(dane->mcert);
  148. dane->mcert = NULL;
  149. dane->mtlsa = NULL;
  150. dane->mdpth = -1;
  151. dane->pdpth = -1;
  152. }
  153. /*
  154. * dane_copy - Copy dane configuration, sans verification state.
  155. */
  156. static int ssl_dane_dup(SSL_CONNECTION *to, SSL_CONNECTION *from)
  157. {
  158. int num;
  159. int i;
  160. if (!DANETLS_ENABLED(&from->dane))
  161. return 1;
  162. num = sk_danetls_record_num(from->dane.trecs);
  163. dane_final(&to->dane);
  164. to->dane.flags = from->dane.flags;
  165. to->dane.dctx = &SSL_CONNECTION_GET_CTX(to)->dane;
  166. to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
  167. if (to->dane.trecs == NULL) {
  168. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  169. return 0;
  170. }
  171. for (i = 0; i < num; ++i) {
  172. danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
  173. if (SSL_dane_tlsa_add(SSL_CONNECTION_GET_SSL(to), t->usage,
  174. t->selector, t->mtype, t->data, t->dlen) <= 0)
  175. return 0;
  176. }
  177. return 1;
  178. }
  179. static int dane_mtype_set(struct dane_ctx_st *dctx,
  180. const EVP_MD *md, uint8_t mtype, uint8_t ord)
  181. {
  182. int i;
  183. if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
  184. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
  185. return 0;
  186. }
  187. if (mtype > dctx->mdmax) {
  188. const EVP_MD **mdevp;
  189. uint8_t *mdord;
  190. int n = ((int)mtype) + 1;
  191. mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
  192. if (mdevp == NULL)
  193. return -1;
  194. dctx->mdevp = mdevp;
  195. mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
  196. if (mdord == NULL)
  197. return -1;
  198. dctx->mdord = mdord;
  199. /* Zero-fill any gaps */
  200. for (i = dctx->mdmax + 1; i < mtype; ++i) {
  201. mdevp[i] = NULL;
  202. mdord[i] = 0;
  203. }
  204. dctx->mdmax = mtype;
  205. }
  206. dctx->mdevp[mtype] = md;
  207. /* Coerce ordinal of disabled matching types to 0 */
  208. dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
  209. return 1;
  210. }
  211. static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
  212. {
  213. if (mtype > dane->dctx->mdmax)
  214. return NULL;
  215. return dane->dctx->mdevp[mtype];
  216. }
  217. static int dane_tlsa_add(SSL_DANE *dane,
  218. uint8_t usage,
  219. uint8_t selector,
  220. uint8_t mtype, const unsigned char *data, size_t dlen)
  221. {
  222. danetls_record *t;
  223. const EVP_MD *md = NULL;
  224. int ilen = (int)dlen;
  225. int i;
  226. int num;
  227. int mdsize;
  228. if (dane->trecs == NULL) {
  229. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_NOT_ENABLED);
  230. return -1;
  231. }
  232. if (ilen < 0 || dlen != (size_t)ilen) {
  233. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
  234. return 0;
  235. }
  236. if (usage > DANETLS_USAGE_LAST) {
  237. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
  238. return 0;
  239. }
  240. if (selector > DANETLS_SELECTOR_LAST) {
  241. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_SELECTOR);
  242. return 0;
  243. }
  244. if (mtype != DANETLS_MATCHING_FULL) {
  245. md = tlsa_md_get(dane, mtype);
  246. if (md == NULL) {
  247. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
  248. return 0;
  249. }
  250. }
  251. if (md != NULL) {
  252. mdsize = EVP_MD_get_size(md);
  253. if (mdsize <= 0 || dlen != (size_t)mdsize) {
  254. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
  255. return 0;
  256. }
  257. }
  258. if (!data) {
  259. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_NULL_DATA);
  260. return 0;
  261. }
  262. if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL)
  263. return -1;
  264. t->usage = usage;
  265. t->selector = selector;
  266. t->mtype = mtype;
  267. t->data = OPENSSL_malloc(dlen);
  268. if (t->data == NULL) {
  269. tlsa_free(t);
  270. return -1;
  271. }
  272. memcpy(t->data, data, dlen);
  273. t->dlen = dlen;
  274. /* Validate and cache full certificate or public key */
  275. if (mtype == DANETLS_MATCHING_FULL) {
  276. const unsigned char *p = data;
  277. X509 *cert = NULL;
  278. EVP_PKEY *pkey = NULL;
  279. switch (selector) {
  280. case DANETLS_SELECTOR_CERT:
  281. if (!d2i_X509(&cert, &p, ilen) || p < data ||
  282. dlen != (size_t)(p - data)) {
  283. X509_free(cert);
  284. tlsa_free(t);
  285. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  286. return 0;
  287. }
  288. if (X509_get0_pubkey(cert) == NULL) {
  289. X509_free(cert);
  290. tlsa_free(t);
  291. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
  292. return 0;
  293. }
  294. if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
  295. /*
  296. * The Full(0) certificate decodes to a seemingly valid X.509
  297. * object with a plausible key, so the TLSA record is well
  298. * formed. However, we don't actually need the certificate for
  299. * usages PKIX-EE(1) or DANE-EE(3), because at least the EE
  300. * certificate is always presented by the peer. We discard the
  301. * certificate, and just use the TLSA data as an opaque blob
  302. * for matching the raw presented DER octets.
  303. *
  304. * DO NOT FREE `t` here, it will be added to the TLSA record
  305. * list below!
  306. */
  307. X509_free(cert);
  308. break;
  309. }
  310. /*
  311. * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
  312. * records that contain full certificates of trust-anchors that are
  313. * not present in the wire chain. For usage PKIX-TA(0), we augment
  314. * the chain with untrusted Full(0) certificates from DNS, in case
  315. * they are missing from the chain.
  316. */
  317. if ((dane->certs == NULL &&
  318. (dane->certs = sk_X509_new_null()) == NULL) ||
  319. !sk_X509_push(dane->certs, cert)) {
  320. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  321. X509_free(cert);
  322. tlsa_free(t);
  323. return -1;
  324. }
  325. break;
  326. case DANETLS_SELECTOR_SPKI:
  327. if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
  328. dlen != (size_t)(p - data)) {
  329. EVP_PKEY_free(pkey);
  330. tlsa_free(t);
  331. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
  332. return 0;
  333. }
  334. /*
  335. * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
  336. * records that contain full bare keys of trust-anchors that are
  337. * not present in the wire chain.
  338. */
  339. if (usage == DANETLS_USAGE_DANE_TA)
  340. t->spki = pkey;
  341. else
  342. EVP_PKEY_free(pkey);
  343. break;
  344. }
  345. }
  346. /*-
  347. * Find the right insertion point for the new record.
  348. *
  349. * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that
  350. * they can be processed first, as they require no chain building, and no
  351. * expiration or hostname checks. Because DANE-EE(3) is numerically
  352. * largest, this is accomplished via descending sort by "usage".
  353. *
  354. * We also sort in descending order by matching ordinal to simplify
  355. * the implementation of digest agility in the verification code.
  356. *
  357. * The choice of order for the selector is not significant, so we
  358. * use the same descending order for consistency.
  359. */
  360. num = sk_danetls_record_num(dane->trecs);
  361. for (i = 0; i < num; ++i) {
  362. danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
  363. if (rec->usage > usage)
  364. continue;
  365. if (rec->usage < usage)
  366. break;
  367. if (rec->selector > selector)
  368. continue;
  369. if (rec->selector < selector)
  370. break;
  371. if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
  372. continue;
  373. break;
  374. }
  375. if (!sk_danetls_record_insert(dane->trecs, t, i)) {
  376. tlsa_free(t);
  377. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  378. return -1;
  379. }
  380. dane->umask |= DANETLS_USAGE_BIT(usage);
  381. return 1;
  382. }
  383. /*
  384. * Return 0 if there is only one version configured and it was disabled
  385. * at configure time. Return 1 otherwise.
  386. */
  387. static int ssl_check_allowed_versions(int min_version, int max_version)
  388. {
  389. int minisdtls = 0, maxisdtls = 0;
  390. /* Figure out if we're doing DTLS versions or TLS versions */
  391. if (min_version == DTLS1_BAD_VER
  392. || min_version >> 8 == DTLS1_VERSION_MAJOR)
  393. minisdtls = 1;
  394. if (max_version == DTLS1_BAD_VER
  395. || max_version >> 8 == DTLS1_VERSION_MAJOR)
  396. maxisdtls = 1;
  397. /* A wildcard version of 0 could be DTLS or TLS. */
  398. if ((minisdtls && !maxisdtls && max_version != 0)
  399. || (maxisdtls && !minisdtls && min_version != 0)) {
  400. /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
  401. return 0;
  402. }
  403. if (minisdtls || maxisdtls) {
  404. /* Do DTLS version checks. */
  405. if (min_version == 0)
  406. /* Ignore DTLS1_BAD_VER */
  407. min_version = DTLS1_VERSION;
  408. if (max_version == 0)
  409. max_version = DTLS1_2_VERSION;
  410. #ifdef OPENSSL_NO_DTLS1_2
  411. if (max_version == DTLS1_2_VERSION)
  412. max_version = DTLS1_VERSION;
  413. #endif
  414. #ifdef OPENSSL_NO_DTLS1
  415. if (min_version == DTLS1_VERSION)
  416. min_version = DTLS1_2_VERSION;
  417. #endif
  418. /* Done massaging versions; do the check. */
  419. if (0
  420. #ifdef OPENSSL_NO_DTLS1
  421. || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
  422. && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
  423. #endif
  424. #ifdef OPENSSL_NO_DTLS1_2
  425. || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
  426. && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
  427. #endif
  428. )
  429. return 0;
  430. } else {
  431. /* Regular TLS version checks. */
  432. if (min_version == 0)
  433. min_version = SSL3_VERSION;
  434. if (max_version == 0)
  435. max_version = TLS1_3_VERSION;
  436. #ifdef OPENSSL_NO_TLS1_3
  437. if (max_version == TLS1_3_VERSION)
  438. max_version = TLS1_2_VERSION;
  439. #endif
  440. #ifdef OPENSSL_NO_TLS1_2
  441. if (max_version == TLS1_2_VERSION)
  442. max_version = TLS1_1_VERSION;
  443. #endif
  444. #ifdef OPENSSL_NO_TLS1_1
  445. if (max_version == TLS1_1_VERSION)
  446. max_version = TLS1_VERSION;
  447. #endif
  448. #ifdef OPENSSL_NO_TLS1
  449. if (max_version == TLS1_VERSION)
  450. max_version = SSL3_VERSION;
  451. #endif
  452. #ifdef OPENSSL_NO_SSL3
  453. if (min_version == SSL3_VERSION)
  454. min_version = TLS1_VERSION;
  455. #endif
  456. #ifdef OPENSSL_NO_TLS1
  457. if (min_version == TLS1_VERSION)
  458. min_version = TLS1_1_VERSION;
  459. #endif
  460. #ifdef OPENSSL_NO_TLS1_1
  461. if (min_version == TLS1_1_VERSION)
  462. min_version = TLS1_2_VERSION;
  463. #endif
  464. #ifdef OPENSSL_NO_TLS1_2
  465. if (min_version == TLS1_2_VERSION)
  466. min_version = TLS1_3_VERSION;
  467. #endif
  468. /* Done massaging versions; do the check. */
  469. if (0
  470. #ifdef OPENSSL_NO_SSL3
  471. || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
  472. #endif
  473. #ifdef OPENSSL_NO_TLS1
  474. || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
  475. #endif
  476. #ifdef OPENSSL_NO_TLS1_1
  477. || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
  478. #endif
  479. #ifdef OPENSSL_NO_TLS1_2
  480. || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
  481. #endif
  482. #ifdef OPENSSL_NO_TLS1_3
  483. || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
  484. #endif
  485. )
  486. return 0;
  487. }
  488. return 1;
  489. }
  490. #if defined(__TANDEM) && defined(OPENSSL_VPROC)
  491. /*
  492. * Define a VPROC function for HP NonStop build ssl library.
  493. * This is used by platform version identification tools.
  494. * Do not inline this procedure or make it static.
  495. */
  496. # define OPENSSL_VPROC_STRING_(x) x##_SSL
  497. # define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x)
  498. # define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC)
  499. void OPENSSL_VPROC_FUNC(void) {}
  500. #endif
  501. int SSL_clear(SSL *s)
  502. {
  503. if (s->method == NULL) {
  504. ERR_raise(ERR_LIB_SSL, SSL_R_NO_METHOD_SPECIFIED);
  505. return 0;
  506. }
  507. return s->method->ssl_reset(s);
  508. }
  509. int ossl_ssl_connection_reset(SSL *s)
  510. {
  511. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  512. if (sc == NULL)
  513. return 0;
  514. if (ssl_clear_bad_session(sc)) {
  515. SSL_SESSION_free(sc->session);
  516. sc->session = NULL;
  517. }
  518. SSL_SESSION_free(sc->psksession);
  519. sc->psksession = NULL;
  520. OPENSSL_free(sc->psksession_id);
  521. sc->psksession_id = NULL;
  522. sc->psksession_id_len = 0;
  523. sc->hello_retry_request = SSL_HRR_NONE;
  524. sc->sent_tickets = 0;
  525. sc->error = 0;
  526. sc->hit = 0;
  527. sc->shutdown = 0;
  528. if (sc->renegotiate) {
  529. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  530. return 0;
  531. }
  532. ossl_statem_clear(sc);
  533. sc->version = s->method->version;
  534. sc->client_version = sc->version;
  535. sc->rwstate = SSL_NOTHING;
  536. BUF_MEM_free(sc->init_buf);
  537. sc->init_buf = NULL;
  538. sc->first_packet = 0;
  539. sc->key_update = SSL_KEY_UPDATE_NONE;
  540. memset(sc->ext.compress_certificate_from_peer, 0,
  541. sizeof(sc->ext.compress_certificate_from_peer));
  542. sc->ext.compress_certificate_sent = 0;
  543. EVP_MD_CTX_free(sc->pha_dgst);
  544. sc->pha_dgst = NULL;
  545. /* Reset DANE verification result state */
  546. sc->dane.mdpth = -1;
  547. sc->dane.pdpth = -1;
  548. X509_free(sc->dane.mcert);
  549. sc->dane.mcert = NULL;
  550. sc->dane.mtlsa = NULL;
  551. /* Clear the verification result peername */
  552. X509_VERIFY_PARAM_move_peername(sc->param, NULL);
  553. /* Clear any shared connection state */
  554. OPENSSL_free(sc->shared_sigalgs);
  555. sc->shared_sigalgs = NULL;
  556. sc->shared_sigalgslen = 0;
  557. /*
  558. * Check to see if we were changed into a different method, if so, revert
  559. * back.
  560. */
  561. if (s->method != s->defltmeth) {
  562. s->method->ssl_deinit(s);
  563. s->method = s->defltmeth;
  564. if (!s->method->ssl_init(s))
  565. return 0;
  566. } else {
  567. if (!s->method->ssl_clear(s))
  568. return 0;
  569. }
  570. if (!RECORD_LAYER_reset(&sc->rlayer))
  571. return 0;
  572. return 1;
  573. }
  574. #ifndef OPENSSL_NO_DEPRECATED_3_0
  575. /** Used to change an SSL_CTXs default SSL method type */
  576. int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
  577. {
  578. STACK_OF(SSL_CIPHER) *sk;
  579. if (IS_QUIC_CTX(ctx)) {
  580. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  581. return 0;
  582. }
  583. ctx->method = meth;
  584. if (!SSL_CTX_set_ciphersuites(ctx, OSSL_default_ciphersuites())) {
  585. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
  586. return 0;
  587. }
  588. sk = ssl_create_cipher_list(ctx,
  589. ctx->tls13_ciphersuites,
  590. &(ctx->cipher_list),
  591. &(ctx->cipher_list_by_id),
  592. OSSL_default_cipher_list(), ctx->cert);
  593. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
  594. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
  595. return 0;
  596. }
  597. return 1;
  598. }
  599. #endif
  600. SSL *SSL_new(SSL_CTX *ctx)
  601. {
  602. if (ctx == NULL) {
  603. ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_CTX);
  604. return NULL;
  605. }
  606. if (ctx->method == NULL) {
  607. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
  608. return NULL;
  609. }
  610. return ctx->method->ssl_new(ctx);
  611. }
  612. int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, const SSL_METHOD *method, int type)
  613. {
  614. ssl->type = type;
  615. ssl->lock = CRYPTO_THREAD_lock_new();
  616. if (ssl->lock == NULL)
  617. return 0;
  618. if (!CRYPTO_NEW_REF(&ssl->references, 1)) {
  619. CRYPTO_THREAD_lock_free(ssl->lock);
  620. return 0;
  621. }
  622. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data)) {
  623. CRYPTO_THREAD_lock_free(ssl->lock);
  624. CRYPTO_FREE_REF(&ssl->references);
  625. ssl->lock = NULL;
  626. return 0;
  627. }
  628. SSL_CTX_up_ref(ctx);
  629. ssl->ctx = ctx;
  630. ssl->defltmeth = ssl->method = method;
  631. return 1;
  632. }
  633. SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method)
  634. {
  635. SSL_CONNECTION *s;
  636. SSL *ssl;
  637. s = OPENSSL_zalloc(sizeof(*s));
  638. if (s == NULL)
  639. return NULL;
  640. ssl = &s->ssl;
  641. if (!ossl_ssl_init(ssl, ctx, method, SSL_TYPE_SSL_CONNECTION)) {
  642. OPENSSL_free(s);
  643. s = NULL;
  644. ssl = NULL;
  645. goto sslerr;
  646. }
  647. RECORD_LAYER_init(&s->rlayer, s);
  648. s->options = ctx->options;
  649. s->dane.flags = ctx->dane.flags;
  650. if (method->version == ctx->method->version) {
  651. s->min_proto_version = ctx->min_proto_version;
  652. s->max_proto_version = ctx->max_proto_version;
  653. }
  654. s->mode = ctx->mode;
  655. s->max_cert_list = ctx->max_cert_list;
  656. s->max_early_data = ctx->max_early_data;
  657. s->recv_max_early_data = ctx->recv_max_early_data;
  658. s->num_tickets = ctx->num_tickets;
  659. s->pha_enabled = ctx->pha_enabled;
  660. /* Shallow copy of the ciphersuites stack */
  661. s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
  662. if (s->tls13_ciphersuites == NULL)
  663. goto cerr;
  664. /*
  665. * Earlier library versions used to copy the pointer to the CERT, not
  666. * its contents; only when setting new parameters for the per-SSL
  667. * copy, ssl_cert_new would be called (and the direct reference to
  668. * the per-SSL_CTX settings would be lost, but those still were
  669. * indirectly accessed for various purposes, and for that reason they
  670. * used to be known as s->ctx->default_cert). Now we don't look at the
  671. * SSL_CTX's CERT after having duplicated it once.
  672. */
  673. s->cert = ssl_cert_dup(ctx->cert);
  674. if (s->cert == NULL)
  675. goto sslerr;
  676. RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
  677. s->msg_callback = ctx->msg_callback;
  678. s->msg_callback_arg = ctx->msg_callback_arg;
  679. s->verify_mode = ctx->verify_mode;
  680. s->not_resumable_session_cb = ctx->not_resumable_session_cb;
  681. s->rlayer.record_padding_cb = ctx->record_padding_cb;
  682. s->rlayer.record_padding_arg = ctx->record_padding_arg;
  683. s->rlayer.block_padding = ctx->block_padding;
  684. s->sid_ctx_length = ctx->sid_ctx_length;
  685. if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
  686. goto err;
  687. memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
  688. s->verify_callback = ctx->default_verify_callback;
  689. s->generate_session_id = ctx->generate_session_id;
  690. s->param = X509_VERIFY_PARAM_new();
  691. if (s->param == NULL)
  692. goto asn1err;
  693. X509_VERIFY_PARAM_inherit(s->param, ctx->param);
  694. s->quiet_shutdown = IS_QUIC_CTX(ctx) ? 0 : ctx->quiet_shutdown;
  695. if (!IS_QUIC_CTX(ctx))
  696. s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
  697. s->max_send_fragment = ctx->max_send_fragment;
  698. s->split_send_fragment = ctx->split_send_fragment;
  699. s->max_pipelines = ctx->max_pipelines;
  700. s->rlayer.default_read_buf_len = ctx->default_read_buf_len;
  701. s->ext.debug_cb = 0;
  702. s->ext.debug_arg = NULL;
  703. s->ext.ticket_expected = 0;
  704. s->ext.status_type = ctx->ext.status_type;
  705. s->ext.status_expected = 0;
  706. s->ext.ocsp.ids = NULL;
  707. s->ext.ocsp.exts = NULL;
  708. s->ext.ocsp.resp = NULL;
  709. s->ext.ocsp.resp_len = 0;
  710. SSL_CTX_up_ref(ctx);
  711. s->session_ctx = ctx;
  712. if (ctx->ext.ecpointformats) {
  713. s->ext.ecpointformats =
  714. OPENSSL_memdup(ctx->ext.ecpointformats,
  715. ctx->ext.ecpointformats_len);
  716. if (!s->ext.ecpointformats) {
  717. s->ext.ecpointformats_len = 0;
  718. goto err;
  719. }
  720. s->ext.ecpointformats_len =
  721. ctx->ext.ecpointformats_len;
  722. }
  723. if (ctx->ext.supportedgroups) {
  724. s->ext.supportedgroups =
  725. OPENSSL_memdup(ctx->ext.supportedgroups,
  726. ctx->ext.supportedgroups_len
  727. * sizeof(*ctx->ext.supportedgroups));
  728. if (!s->ext.supportedgroups) {
  729. s->ext.supportedgroups_len = 0;
  730. goto err;
  731. }
  732. s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
  733. }
  734. #ifndef OPENSSL_NO_NEXTPROTONEG
  735. s->ext.npn = NULL;
  736. #endif
  737. if (ctx->ext.alpn != NULL) {
  738. s->ext.alpn = OPENSSL_malloc(ctx->ext.alpn_len);
  739. if (s->ext.alpn == NULL) {
  740. s->ext.alpn_len = 0;
  741. goto err;
  742. }
  743. memcpy(s->ext.alpn, ctx->ext.alpn, ctx->ext.alpn_len);
  744. s->ext.alpn_len = ctx->ext.alpn_len;
  745. }
  746. s->verified_chain = NULL;
  747. s->verify_result = X509_V_OK;
  748. s->default_passwd_callback = ctx->default_passwd_callback;
  749. s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
  750. s->key_update = SSL_KEY_UPDATE_NONE;
  751. if (!IS_QUIC_CTX(ctx)) {
  752. s->allow_early_data_cb = ctx->allow_early_data_cb;
  753. s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
  754. }
  755. if (!method->ssl_init(ssl))
  756. goto sslerr;
  757. s->server = (method->ssl_accept == ssl_undefined_function) ? 0 : 1;
  758. if (!method->ssl_reset(ssl))
  759. goto sslerr;
  760. #ifndef OPENSSL_NO_PSK
  761. s->psk_client_callback = ctx->psk_client_callback;
  762. s->psk_server_callback = ctx->psk_server_callback;
  763. #endif
  764. s->psk_find_session_cb = ctx->psk_find_session_cb;
  765. s->psk_use_session_cb = ctx->psk_use_session_cb;
  766. s->async_cb = ctx->async_cb;
  767. s->async_cb_arg = ctx->async_cb_arg;
  768. s->job = NULL;
  769. #ifndef OPENSSL_NO_COMP_ALG
  770. memcpy(s->cert_comp_prefs, ctx->cert_comp_prefs, sizeof(s->cert_comp_prefs));
  771. #endif
  772. if (ctx->client_cert_type != NULL) {
  773. s->client_cert_type = OPENSSL_memdup(ctx->client_cert_type,
  774. ctx->client_cert_type_len);
  775. if (s->client_cert_type == NULL)
  776. goto sslerr;
  777. s->client_cert_type_len = ctx->client_cert_type_len;
  778. }
  779. if (ctx->server_cert_type != NULL) {
  780. s->server_cert_type = OPENSSL_memdup(ctx->server_cert_type,
  781. ctx->server_cert_type_len);
  782. if (s->server_cert_type == NULL)
  783. goto sslerr;
  784. s->server_cert_type_len = ctx->server_cert_type_len;
  785. }
  786. #ifndef OPENSSL_NO_CT
  787. if (!SSL_set_ct_validation_callback(ssl, ctx->ct_validation_callback,
  788. ctx->ct_validation_callback_arg))
  789. goto sslerr;
  790. #endif
  791. s->ssl_pkey_num = SSL_PKEY_NUM + ctx->sigalg_list_len;
  792. return ssl;
  793. cerr:
  794. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  795. goto err;
  796. asn1err:
  797. ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
  798. goto err;
  799. sslerr:
  800. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  801. err:
  802. SSL_free(ssl);
  803. return NULL;
  804. }
  805. SSL *ossl_ssl_connection_new(SSL_CTX *ctx)
  806. {
  807. return ossl_ssl_connection_new_int(ctx, ctx->method);
  808. }
  809. int SSL_is_dtls(const SSL *s)
  810. {
  811. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  812. #ifndef OPENSSL_NO_QUIC
  813. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  814. return 0;
  815. #endif
  816. if (sc == NULL)
  817. return 0;
  818. return SSL_CONNECTION_IS_DTLS(sc) ? 1 : 0;
  819. }
  820. int SSL_is_tls(const SSL *s)
  821. {
  822. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  823. #ifndef OPENSSL_NO_QUIC
  824. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  825. return 0;
  826. #endif
  827. if (sc == NULL)
  828. return 0;
  829. return SSL_CONNECTION_IS_DTLS(sc) ? 0 : 1;
  830. }
  831. int SSL_is_quic(const SSL *s)
  832. {
  833. #ifndef OPENSSL_NO_QUIC
  834. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  835. return 1;
  836. #endif
  837. return 0;
  838. }
  839. int SSL_up_ref(SSL *s)
  840. {
  841. int i;
  842. if (CRYPTO_UP_REF(&s->references, &i) <= 0)
  843. return 0;
  844. REF_PRINT_COUNT("SSL", s);
  845. REF_ASSERT_ISNT(i < 2);
  846. return ((i > 1) ? 1 : 0);
  847. }
  848. int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
  849. unsigned int sid_ctx_len)
  850. {
  851. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  852. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  853. return 0;
  854. }
  855. ctx->sid_ctx_length = sid_ctx_len;
  856. memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
  857. return 1;
  858. }
  859. int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
  860. unsigned int sid_ctx_len)
  861. {
  862. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  863. if (sc == NULL)
  864. return 0;
  865. if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
  866. ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  867. return 0;
  868. }
  869. sc->sid_ctx_length = sid_ctx_len;
  870. memcpy(sc->sid_ctx, sid_ctx, sid_ctx_len);
  871. return 1;
  872. }
  873. int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
  874. {
  875. if (!CRYPTO_THREAD_write_lock(ctx->lock))
  876. return 0;
  877. ctx->generate_session_id = cb;
  878. CRYPTO_THREAD_unlock(ctx->lock);
  879. return 1;
  880. }
  881. int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
  882. {
  883. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  884. if (sc == NULL || !CRYPTO_THREAD_write_lock(ssl->lock))
  885. return 0;
  886. sc->generate_session_id = cb;
  887. CRYPTO_THREAD_unlock(ssl->lock);
  888. return 1;
  889. }
  890. int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
  891. unsigned int id_len)
  892. {
  893. /*
  894. * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
  895. * we can "construct" a session to give us the desired check - i.e. to
  896. * find if there's a session in the hash table that would conflict with
  897. * any new session built out of this id/id_len and the ssl_version in use
  898. * by this SSL.
  899. */
  900. SSL_SESSION r, *p;
  901. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  902. if (sc == NULL || id_len > sizeof(r.session_id))
  903. return 0;
  904. r.ssl_version = sc->version;
  905. r.session_id_length = id_len;
  906. memcpy(r.session_id, id, id_len);
  907. if (!CRYPTO_THREAD_read_lock(sc->session_ctx->lock))
  908. return 0;
  909. p = lh_SSL_SESSION_retrieve(sc->session_ctx->sessions, &r);
  910. CRYPTO_THREAD_unlock(sc->session_ctx->lock);
  911. return (p != NULL);
  912. }
  913. int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
  914. {
  915. return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
  916. }
  917. int SSL_set_purpose(SSL *s, int purpose)
  918. {
  919. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  920. if (sc == NULL)
  921. return 0;
  922. return X509_VERIFY_PARAM_set_purpose(sc->param, purpose);
  923. }
  924. int SSL_CTX_set_trust(SSL_CTX *s, int trust)
  925. {
  926. return X509_VERIFY_PARAM_set_trust(s->param, trust);
  927. }
  928. int SSL_set_trust(SSL *s, int trust)
  929. {
  930. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  931. if (sc == NULL)
  932. return 0;
  933. return X509_VERIFY_PARAM_set_trust(sc->param, trust);
  934. }
  935. int SSL_set1_host(SSL *s, const char *hostname)
  936. {
  937. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  938. if (sc == NULL)
  939. return 0;
  940. /* If a hostname is provided and parses as an IP address,
  941. * treat it as such. */
  942. if (hostname != NULL
  943. && X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname) == 1)
  944. return 1;
  945. return X509_VERIFY_PARAM_set1_host(sc->param, hostname, 0);
  946. }
  947. int SSL_add1_host(SSL *s, const char *hostname)
  948. {
  949. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  950. if (sc == NULL)
  951. return 0;
  952. /* If a hostname is provided and parses as an IP address,
  953. * treat it as such. */
  954. if (hostname)
  955. {
  956. ASN1_OCTET_STRING *ip;
  957. char *old_ip;
  958. ip = a2i_IPADDRESS(hostname);
  959. if (ip) {
  960. /* We didn't want it; only to check if it *is* an IP address */
  961. ASN1_OCTET_STRING_free(ip);
  962. old_ip = X509_VERIFY_PARAM_get1_ip_asc(sc->param);
  963. if (old_ip)
  964. {
  965. OPENSSL_free(old_ip);
  966. /* There can be only one IP address */
  967. return 0;
  968. }
  969. return X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname);
  970. }
  971. }
  972. return X509_VERIFY_PARAM_add1_host(sc->param, hostname, 0);
  973. }
  974. void SSL_set_hostflags(SSL *s, unsigned int flags)
  975. {
  976. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  977. if (sc == NULL)
  978. return;
  979. X509_VERIFY_PARAM_set_hostflags(sc->param, flags);
  980. }
  981. const char *SSL_get0_peername(SSL *s)
  982. {
  983. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  984. if (sc == NULL)
  985. return NULL;
  986. return X509_VERIFY_PARAM_get0_peername(sc->param);
  987. }
  988. int SSL_CTX_dane_enable(SSL_CTX *ctx)
  989. {
  990. return dane_ctx_enable(&ctx->dane);
  991. }
  992. unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
  993. {
  994. unsigned long orig = ctx->dane.flags;
  995. ctx->dane.flags |= flags;
  996. return orig;
  997. }
  998. unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
  999. {
  1000. unsigned long orig = ctx->dane.flags;
  1001. ctx->dane.flags &= ~flags;
  1002. return orig;
  1003. }
  1004. int SSL_dane_enable(SSL *s, const char *basedomain)
  1005. {
  1006. SSL_DANE *dane;
  1007. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1008. if (sc == NULL)
  1009. return 0;
  1010. dane = &sc->dane;
  1011. if (s->ctx->dane.mdmax == 0) {
  1012. ERR_raise(ERR_LIB_SSL, SSL_R_CONTEXT_NOT_DANE_ENABLED);
  1013. return 0;
  1014. }
  1015. if (dane->trecs != NULL) {
  1016. ERR_raise(ERR_LIB_SSL, SSL_R_DANE_ALREADY_ENABLED);
  1017. return 0;
  1018. }
  1019. /*
  1020. * Default SNI name. This rejects empty names, while set1_host below
  1021. * accepts them and disables hostname checks. To avoid side-effects with
  1022. * invalid input, set the SNI name first.
  1023. */
  1024. if (sc->ext.hostname == NULL) {
  1025. if (!SSL_set_tlsext_host_name(s, basedomain)) {
  1026. ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  1027. return -1;
  1028. }
  1029. }
  1030. /* Primary RFC6125 reference identifier */
  1031. if (!X509_VERIFY_PARAM_set1_host(sc->param, basedomain, 0)) {
  1032. ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
  1033. return -1;
  1034. }
  1035. dane->mdpth = -1;
  1036. dane->pdpth = -1;
  1037. dane->dctx = &s->ctx->dane;
  1038. dane->trecs = sk_danetls_record_new_null();
  1039. if (dane->trecs == NULL) {
  1040. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  1041. return -1;
  1042. }
  1043. return 1;
  1044. }
  1045. unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
  1046. {
  1047. unsigned long orig;
  1048. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1049. if (sc == NULL)
  1050. return 0;
  1051. orig = sc->dane.flags;
  1052. sc->dane.flags |= flags;
  1053. return orig;
  1054. }
  1055. unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
  1056. {
  1057. unsigned long orig;
  1058. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1059. if (sc == NULL)
  1060. return 0;
  1061. orig = sc->dane.flags;
  1062. sc->dane.flags &= ~flags;
  1063. return orig;
  1064. }
  1065. int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
  1066. {
  1067. SSL_DANE *dane;
  1068. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1069. if (sc == NULL)
  1070. return -1;
  1071. dane = &sc->dane;
  1072. if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK)
  1073. return -1;
  1074. if (dane->mtlsa) {
  1075. if (mcert)
  1076. *mcert = dane->mcert;
  1077. if (mspki)
  1078. *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
  1079. }
  1080. return dane->mdpth;
  1081. }
  1082. int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
  1083. uint8_t *mtype, const unsigned char **data, size_t *dlen)
  1084. {
  1085. SSL_DANE *dane;
  1086. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1087. if (sc == NULL)
  1088. return -1;
  1089. dane = &sc->dane;
  1090. if (!DANETLS_ENABLED(dane) || sc->verify_result != X509_V_OK)
  1091. return -1;
  1092. if (dane->mtlsa) {
  1093. if (usage)
  1094. *usage = dane->mtlsa->usage;
  1095. if (selector)
  1096. *selector = dane->mtlsa->selector;
  1097. if (mtype)
  1098. *mtype = dane->mtlsa->mtype;
  1099. if (data)
  1100. *data = dane->mtlsa->data;
  1101. if (dlen)
  1102. *dlen = dane->mtlsa->dlen;
  1103. }
  1104. return dane->mdpth;
  1105. }
  1106. SSL_DANE *SSL_get0_dane(SSL *s)
  1107. {
  1108. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1109. if (sc == NULL)
  1110. return NULL;
  1111. return &sc->dane;
  1112. }
  1113. int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
  1114. uint8_t mtype, const unsigned char *data, size_t dlen)
  1115. {
  1116. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1117. if (sc == NULL)
  1118. return 0;
  1119. return dane_tlsa_add(&sc->dane, usage, selector, mtype, data, dlen);
  1120. }
  1121. int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
  1122. uint8_t ord)
  1123. {
  1124. return dane_mtype_set(&ctx->dane, md, mtype, ord);
  1125. }
  1126. int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
  1127. {
  1128. return X509_VERIFY_PARAM_set1(ctx->param, vpm);
  1129. }
  1130. int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
  1131. {
  1132. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1133. if (sc == NULL)
  1134. return 0;
  1135. return X509_VERIFY_PARAM_set1(sc->param, vpm);
  1136. }
  1137. X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
  1138. {
  1139. return ctx->param;
  1140. }
  1141. X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
  1142. {
  1143. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  1144. if (sc == NULL)
  1145. return NULL;
  1146. return sc->param;
  1147. }
  1148. void SSL_certs_clear(SSL *s)
  1149. {
  1150. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1151. if (sc == NULL)
  1152. return;
  1153. ssl_cert_clear_certs(sc->cert);
  1154. }
  1155. void SSL_free(SSL *s)
  1156. {
  1157. int i;
  1158. if (s == NULL)
  1159. return;
  1160. CRYPTO_DOWN_REF(&s->references, &i);
  1161. REF_PRINT_COUNT("SSL", s);
  1162. if (i > 0)
  1163. return;
  1164. REF_ASSERT_ISNT(i < 0);
  1165. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
  1166. if (s->method != NULL)
  1167. s->method->ssl_free(s);
  1168. SSL_CTX_free(s->ctx);
  1169. CRYPTO_THREAD_lock_free(s->lock);
  1170. CRYPTO_FREE_REF(&s->references);
  1171. OPENSSL_free(s);
  1172. }
  1173. void ossl_ssl_connection_free(SSL *ssl)
  1174. {
  1175. SSL_CONNECTION *s;
  1176. s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  1177. if (s == NULL)
  1178. return;
  1179. X509_VERIFY_PARAM_free(s->param);
  1180. dane_final(&s->dane);
  1181. /* Ignore return value */
  1182. ssl_free_wbio_buffer(s);
  1183. /* Ignore return value */
  1184. RECORD_LAYER_clear(&s->rlayer);
  1185. BUF_MEM_free(s->init_buf);
  1186. /* add extra stuff */
  1187. sk_SSL_CIPHER_free(s->cipher_list);
  1188. sk_SSL_CIPHER_free(s->cipher_list_by_id);
  1189. sk_SSL_CIPHER_free(s->tls13_ciphersuites);
  1190. sk_SSL_CIPHER_free(s->peer_ciphers);
  1191. /* Make the next call work :-) */
  1192. if (s->session != NULL) {
  1193. ssl_clear_bad_session(s);
  1194. SSL_SESSION_free(s->session);
  1195. }
  1196. SSL_SESSION_free(s->psksession);
  1197. OPENSSL_free(s->psksession_id);
  1198. ssl_cert_free(s->cert);
  1199. OPENSSL_free(s->shared_sigalgs);
  1200. /* Free up if allocated */
  1201. OPENSSL_free(s->ext.hostname);
  1202. SSL_CTX_free(s->session_ctx);
  1203. OPENSSL_free(s->ext.ecpointformats);
  1204. OPENSSL_free(s->ext.peer_ecpointformats);
  1205. OPENSSL_free(s->ext.supportedgroups);
  1206. OPENSSL_free(s->ext.peer_supportedgroups);
  1207. sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
  1208. #ifndef OPENSSL_NO_OCSP
  1209. sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
  1210. #endif
  1211. #ifndef OPENSSL_NO_CT
  1212. SCT_LIST_free(s->scts);
  1213. OPENSSL_free(s->ext.scts);
  1214. #endif
  1215. OPENSSL_free(s->ext.ocsp.resp);
  1216. OPENSSL_free(s->ext.alpn);
  1217. OPENSSL_free(s->ext.tls13_cookie);
  1218. if (s->clienthello != NULL)
  1219. OPENSSL_free(s->clienthello->pre_proc_exts);
  1220. OPENSSL_free(s->clienthello);
  1221. OPENSSL_free(s->pha_context);
  1222. EVP_MD_CTX_free(s->pha_dgst);
  1223. sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
  1224. sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
  1225. OPENSSL_free(s->client_cert_type);
  1226. OPENSSL_free(s->server_cert_type);
  1227. OSSL_STACK_OF_X509_free(s->verified_chain);
  1228. if (ssl->method != NULL)
  1229. ssl->method->ssl_deinit(ssl);
  1230. ASYNC_WAIT_CTX_free(s->waitctx);
  1231. #if !defined(OPENSSL_NO_NEXTPROTONEG)
  1232. OPENSSL_free(s->ext.npn);
  1233. #endif
  1234. #ifndef OPENSSL_NO_SRTP
  1235. sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
  1236. #endif
  1237. /*
  1238. * We do this late. We want to ensure that any other references we held to
  1239. * these BIOs are freed first *before* we call BIO_free_all(), because
  1240. * BIO_free_all() will only free each BIO in the chain if the number of
  1241. * references to the first BIO have dropped to 0
  1242. */
  1243. BIO_free_all(s->wbio);
  1244. s->wbio = NULL;
  1245. BIO_free_all(s->rbio);
  1246. s->rbio = NULL;
  1247. OPENSSL_free(s->s3.tmp.valid_flags);
  1248. }
  1249. void SSL_set0_rbio(SSL *s, BIO *rbio)
  1250. {
  1251. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1252. #ifndef OPENSSL_NO_QUIC
  1253. if (IS_QUIC(s)) {
  1254. ossl_quic_conn_set0_net_rbio(s, rbio);
  1255. return;
  1256. }
  1257. #endif
  1258. if (sc == NULL)
  1259. return;
  1260. BIO_free_all(sc->rbio);
  1261. sc->rbio = rbio;
  1262. sc->rlayer.rrlmethod->set1_bio(sc->rlayer.rrl, sc->rbio);
  1263. }
  1264. void SSL_set0_wbio(SSL *s, BIO *wbio)
  1265. {
  1266. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1267. #ifndef OPENSSL_NO_QUIC
  1268. if (IS_QUIC(s)) {
  1269. ossl_quic_conn_set0_net_wbio(s, wbio);
  1270. return;
  1271. }
  1272. #endif
  1273. if (sc == NULL)
  1274. return;
  1275. /*
  1276. * If the output buffering BIO is still in place, remove it
  1277. */
  1278. if (sc->bbio != NULL)
  1279. sc->wbio = BIO_pop(sc->wbio);
  1280. BIO_free_all(sc->wbio);
  1281. sc->wbio = wbio;
  1282. /* Re-attach |bbio| to the new |wbio|. */
  1283. if (sc->bbio != NULL)
  1284. sc->wbio = BIO_push(sc->bbio, sc->wbio);
  1285. sc->rlayer.wrlmethod->set1_bio(sc->rlayer.wrl, sc->wbio);
  1286. }
  1287. void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
  1288. {
  1289. /*
  1290. * For historical reasons, this function has many different cases in
  1291. * ownership handling.
  1292. */
  1293. /* If nothing has changed, do nothing */
  1294. if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
  1295. return;
  1296. /*
  1297. * If the two arguments are equal then one fewer reference is granted by the
  1298. * caller than we want to take
  1299. */
  1300. if (rbio != NULL && rbio == wbio)
  1301. BIO_up_ref(rbio);
  1302. /*
  1303. * If only the wbio is changed only adopt one reference.
  1304. */
  1305. if (rbio == SSL_get_rbio(s)) {
  1306. SSL_set0_wbio(s, wbio);
  1307. return;
  1308. }
  1309. /*
  1310. * There is an asymmetry here for historical reasons. If only the rbio is
  1311. * changed AND the rbio and wbio were originally different, then we only
  1312. * adopt one reference.
  1313. */
  1314. if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
  1315. SSL_set0_rbio(s, rbio);
  1316. return;
  1317. }
  1318. /* Otherwise, adopt both references. */
  1319. SSL_set0_rbio(s, rbio);
  1320. SSL_set0_wbio(s, wbio);
  1321. }
  1322. BIO *SSL_get_rbio(const SSL *s)
  1323. {
  1324. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1325. #ifndef OPENSSL_NO_QUIC
  1326. if (IS_QUIC(s))
  1327. return ossl_quic_conn_get_net_rbio(s);
  1328. #endif
  1329. if (sc == NULL)
  1330. return NULL;
  1331. return sc->rbio;
  1332. }
  1333. BIO *SSL_get_wbio(const SSL *s)
  1334. {
  1335. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1336. #ifndef OPENSSL_NO_QUIC
  1337. if (IS_QUIC(s))
  1338. return ossl_quic_conn_get_net_wbio(s);
  1339. #endif
  1340. if (sc == NULL)
  1341. return NULL;
  1342. if (sc->bbio != NULL) {
  1343. /*
  1344. * If |bbio| is active, the true caller-configured BIO is its
  1345. * |next_bio|.
  1346. */
  1347. return BIO_next(sc->bbio);
  1348. }
  1349. return sc->wbio;
  1350. }
  1351. int SSL_get_fd(const SSL *s)
  1352. {
  1353. return SSL_get_rfd(s);
  1354. }
  1355. int SSL_get_rfd(const SSL *s)
  1356. {
  1357. int ret = -1;
  1358. BIO *b, *r;
  1359. b = SSL_get_rbio(s);
  1360. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1361. if (r != NULL)
  1362. BIO_get_fd(r, &ret);
  1363. return ret;
  1364. }
  1365. int SSL_get_wfd(const SSL *s)
  1366. {
  1367. int ret = -1;
  1368. BIO *b, *r;
  1369. b = SSL_get_wbio(s);
  1370. r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
  1371. if (r != NULL)
  1372. BIO_get_fd(r, &ret);
  1373. return ret;
  1374. }
  1375. #ifndef OPENSSL_NO_SOCK
  1376. static const BIO_METHOD *fd_method(SSL *s)
  1377. {
  1378. #ifndef OPENSSL_NO_DGRAM
  1379. if (IS_QUIC(s))
  1380. return BIO_s_datagram();
  1381. #endif
  1382. return BIO_s_socket();
  1383. }
  1384. int SSL_set_fd(SSL *s, int fd)
  1385. {
  1386. int ret = 0;
  1387. BIO *bio = NULL;
  1388. if (s->type == SSL_TYPE_QUIC_XSO) {
  1389. ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
  1390. goto err;
  1391. }
  1392. bio = BIO_new(fd_method(s));
  1393. if (bio == NULL) {
  1394. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  1395. goto err;
  1396. }
  1397. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1398. SSL_set_bio(s, bio, bio);
  1399. #ifndef OPENSSL_NO_KTLS
  1400. /*
  1401. * The new socket is created successfully regardless of ktls_enable.
  1402. * ktls_enable doesn't change any functionality of the socket, except
  1403. * changing the setsockopt to enable the processing of ktls_start.
  1404. * Thus, it is not a problem to call it for non-TLS sockets.
  1405. */
  1406. ktls_enable(fd);
  1407. #endif /* OPENSSL_NO_KTLS */
  1408. ret = 1;
  1409. err:
  1410. return ret;
  1411. }
  1412. int SSL_set_wfd(SSL *s, int fd)
  1413. {
  1414. BIO *rbio = SSL_get_rbio(s);
  1415. int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
  1416. if (s->type == SSL_TYPE_QUIC_XSO) {
  1417. ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
  1418. return 0;
  1419. }
  1420. if (rbio == NULL || BIO_method_type(rbio) != desired_type
  1421. || (int)BIO_get_fd(rbio, NULL) != fd) {
  1422. BIO *bio = BIO_new(fd_method(s));
  1423. if (bio == NULL) {
  1424. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  1425. return 0;
  1426. }
  1427. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1428. SSL_set0_wbio(s, bio);
  1429. #ifndef OPENSSL_NO_KTLS
  1430. /*
  1431. * The new socket is created successfully regardless of ktls_enable.
  1432. * ktls_enable doesn't change any functionality of the socket, except
  1433. * changing the setsockopt to enable the processing of ktls_start.
  1434. * Thus, it is not a problem to call it for non-TLS sockets.
  1435. */
  1436. ktls_enable(fd);
  1437. #endif /* OPENSSL_NO_KTLS */
  1438. } else {
  1439. BIO_up_ref(rbio);
  1440. SSL_set0_wbio(s, rbio);
  1441. }
  1442. return 1;
  1443. }
  1444. int SSL_set_rfd(SSL *s, int fd)
  1445. {
  1446. BIO *wbio = SSL_get_wbio(s);
  1447. int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
  1448. if (s->type == SSL_TYPE_QUIC_XSO) {
  1449. ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
  1450. return 0;
  1451. }
  1452. if (wbio == NULL || BIO_method_type(wbio) != desired_type
  1453. || ((int)BIO_get_fd(wbio, NULL) != fd)) {
  1454. BIO *bio = BIO_new(fd_method(s));
  1455. if (bio == NULL) {
  1456. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  1457. return 0;
  1458. }
  1459. BIO_set_fd(bio, fd, BIO_NOCLOSE);
  1460. SSL_set0_rbio(s, bio);
  1461. } else {
  1462. BIO_up_ref(wbio);
  1463. SSL_set0_rbio(s, wbio);
  1464. }
  1465. return 1;
  1466. }
  1467. #endif
  1468. /* return length of latest Finished message we sent, copy to 'buf' */
  1469. size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
  1470. {
  1471. size_t ret = 0;
  1472. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1473. if (sc == NULL)
  1474. return 0;
  1475. ret = sc->s3.tmp.finish_md_len;
  1476. if (count > ret)
  1477. count = ret;
  1478. memcpy(buf, sc->s3.tmp.finish_md, count);
  1479. return ret;
  1480. }
  1481. /* return length of latest Finished message we expected, copy to 'buf' */
  1482. size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
  1483. {
  1484. size_t ret = 0;
  1485. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1486. if (sc == NULL)
  1487. return 0;
  1488. ret = sc->s3.tmp.peer_finish_md_len;
  1489. if (count > ret)
  1490. count = ret;
  1491. memcpy(buf, sc->s3.tmp.peer_finish_md, count);
  1492. return ret;
  1493. }
  1494. int SSL_get_verify_mode(const SSL *s)
  1495. {
  1496. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1497. if (sc == NULL)
  1498. return 0;
  1499. return sc->verify_mode;
  1500. }
  1501. int SSL_get_verify_depth(const SSL *s)
  1502. {
  1503. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1504. if (sc == NULL)
  1505. return 0;
  1506. return X509_VERIFY_PARAM_get_depth(sc->param);
  1507. }
  1508. int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
  1509. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1510. if (sc == NULL)
  1511. return NULL;
  1512. return sc->verify_callback;
  1513. }
  1514. int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
  1515. {
  1516. return ctx->verify_mode;
  1517. }
  1518. int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
  1519. {
  1520. return X509_VERIFY_PARAM_get_depth(ctx->param);
  1521. }
  1522. int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
  1523. return ctx->default_verify_callback;
  1524. }
  1525. void SSL_set_verify(SSL *s, int mode,
  1526. int (*callback) (int ok, X509_STORE_CTX *ctx))
  1527. {
  1528. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1529. if (sc == NULL)
  1530. return;
  1531. sc->verify_mode = mode;
  1532. if (callback != NULL)
  1533. sc->verify_callback = callback;
  1534. }
  1535. void SSL_set_verify_depth(SSL *s, int depth)
  1536. {
  1537. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1538. if (sc == NULL)
  1539. return;
  1540. X509_VERIFY_PARAM_set_depth(sc->param, depth);
  1541. }
  1542. void SSL_set_read_ahead(SSL *s, int yes)
  1543. {
  1544. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  1545. OSSL_PARAM options[2], *opts = options;
  1546. if (sc == NULL)
  1547. return;
  1548. RECORD_LAYER_set_read_ahead(&sc->rlayer, yes);
  1549. *opts++ = OSSL_PARAM_construct_int(OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD,
  1550. &sc->rlayer.read_ahead);
  1551. *opts = OSSL_PARAM_construct_end();
  1552. /* Ignore return value */
  1553. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  1554. }
  1555. int SSL_get_read_ahead(const SSL *s)
  1556. {
  1557. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  1558. if (sc == NULL)
  1559. return 0;
  1560. return RECORD_LAYER_get_read_ahead(&sc->rlayer);
  1561. }
  1562. int SSL_pending(const SSL *s)
  1563. {
  1564. size_t pending = s->method->ssl_pending(s);
  1565. /*
  1566. * SSL_pending cannot work properly if read-ahead is enabled
  1567. * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
  1568. * impossible to fix since SSL_pending cannot report errors that may be
  1569. * observed while scanning the new data. (Note that SSL_pending() is
  1570. * often used as a boolean value, so we'd better not return -1.)
  1571. *
  1572. * SSL_pending also cannot work properly if the value >INT_MAX. In that case
  1573. * we just return INT_MAX.
  1574. */
  1575. return pending < INT_MAX ? (int)pending : INT_MAX;
  1576. }
  1577. int SSL_has_pending(const SSL *s)
  1578. {
  1579. /*
  1580. * Similar to SSL_pending() but returns a 1 to indicate that we have
  1581. * processed or unprocessed data available or 0 otherwise (as opposed to the
  1582. * number of bytes available). Unlike SSL_pending() this will take into
  1583. * account read_ahead data. A 1 return simply indicates that we have data.
  1584. * That data may not result in any application data, or we may fail to parse
  1585. * the records for some reason.
  1586. */
  1587. const SSL_CONNECTION *sc;
  1588. #ifndef OPENSSL_NO_QUIC
  1589. if (IS_QUIC(s))
  1590. return ossl_quic_has_pending(s);
  1591. #endif
  1592. sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1593. /* Check buffered app data if any first */
  1594. if (SSL_CONNECTION_IS_DTLS(sc)) {
  1595. TLS_RECORD *rdata;
  1596. pitem *item, *iter;
  1597. iter = pqueue_iterator(sc->rlayer.d->buffered_app_data);
  1598. while ((item = pqueue_next(&iter)) != NULL) {
  1599. rdata = item->data;
  1600. if (rdata->length > 0)
  1601. return 1;
  1602. }
  1603. }
  1604. if (RECORD_LAYER_processed_read_pending(&sc->rlayer))
  1605. return 1;
  1606. return RECORD_LAYER_read_pending(&sc->rlayer);
  1607. }
  1608. X509 *SSL_get1_peer_certificate(const SSL *s)
  1609. {
  1610. X509 *r = SSL_get0_peer_certificate(s);
  1611. if (r != NULL)
  1612. X509_up_ref(r);
  1613. return r;
  1614. }
  1615. X509 *SSL_get0_peer_certificate(const SSL *s)
  1616. {
  1617. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1618. if (sc == NULL)
  1619. return NULL;
  1620. if (sc->session == NULL)
  1621. return NULL;
  1622. else
  1623. return sc->session->peer;
  1624. }
  1625. STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
  1626. {
  1627. STACK_OF(X509) *r;
  1628. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  1629. if (sc == NULL)
  1630. return NULL;
  1631. if (sc->session == NULL)
  1632. r = NULL;
  1633. else
  1634. r = sc->session->peer_chain;
  1635. /*
  1636. * If we are a client, cert_chain includes the peer's own certificate; if
  1637. * we are a server, it does not.
  1638. */
  1639. return r;
  1640. }
  1641. /*
  1642. * Now in theory, since the calling process own 't' it should be safe to
  1643. * modify. We need to be able to read f without being hassled
  1644. */
  1645. int SSL_copy_session_id(SSL *t, const SSL *f)
  1646. {
  1647. int i;
  1648. /* TODO(QUIC FUTURE): Not allowed for QUIC currently. */
  1649. SSL_CONNECTION *tsc = SSL_CONNECTION_FROM_SSL_ONLY(t);
  1650. const SSL_CONNECTION *fsc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(f);
  1651. if (tsc == NULL || fsc == NULL)
  1652. return 0;
  1653. /* Do we need to do SSL locking? */
  1654. if (!SSL_set_session(t, SSL_get_session(f))) {
  1655. return 0;
  1656. }
  1657. /*
  1658. * what if we are setup for one protocol version but want to talk another
  1659. */
  1660. if (t->method != f->method) {
  1661. t->method->ssl_deinit(t);
  1662. t->method = f->method;
  1663. if (t->method->ssl_init(t) == 0)
  1664. return 0;
  1665. }
  1666. CRYPTO_UP_REF(&fsc->cert->references, &i);
  1667. ssl_cert_free(tsc->cert);
  1668. tsc->cert = fsc->cert;
  1669. if (!SSL_set_session_id_context(t, fsc->sid_ctx, (int)fsc->sid_ctx_length)) {
  1670. return 0;
  1671. }
  1672. return 1;
  1673. }
  1674. /* Fix this so it checks all the valid key/cert options */
  1675. int SSL_CTX_check_private_key(const SSL_CTX *ctx)
  1676. {
  1677. if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
  1678. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1679. return 0;
  1680. }
  1681. if (ctx->cert->key->privatekey == NULL) {
  1682. ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1683. return 0;
  1684. }
  1685. return X509_check_private_key
  1686. (ctx->cert->key->x509, ctx->cert->key->privatekey);
  1687. }
  1688. /* Fix this function so that it takes an optional type parameter */
  1689. int SSL_check_private_key(const SSL *ssl)
  1690. {
  1691. const SSL_CONNECTION *sc;
  1692. if ((sc = SSL_CONNECTION_FROM_CONST_SSL(ssl)) == NULL) {
  1693. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  1694. return 0;
  1695. }
  1696. if (sc->cert->key->x509 == NULL) {
  1697. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
  1698. return 0;
  1699. }
  1700. if (sc->cert->key->privatekey == NULL) {
  1701. ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
  1702. return 0;
  1703. }
  1704. return X509_check_private_key(sc->cert->key->x509,
  1705. sc->cert->key->privatekey);
  1706. }
  1707. int SSL_waiting_for_async(SSL *s)
  1708. {
  1709. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1710. if (sc == NULL)
  1711. return 0;
  1712. if (sc->job)
  1713. return 1;
  1714. return 0;
  1715. }
  1716. int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
  1717. {
  1718. ASYNC_WAIT_CTX *ctx;
  1719. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1720. if (sc == NULL)
  1721. return 0;
  1722. if ((ctx = sc->waitctx) == NULL)
  1723. return 0;
  1724. return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
  1725. }
  1726. int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
  1727. OSSL_ASYNC_FD *delfd, size_t *numdelfds)
  1728. {
  1729. ASYNC_WAIT_CTX *ctx;
  1730. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1731. if (sc == NULL)
  1732. return 0;
  1733. if ((ctx = sc->waitctx) == NULL)
  1734. return 0;
  1735. return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
  1736. numdelfds);
  1737. }
  1738. int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback)
  1739. {
  1740. ctx->async_cb = callback;
  1741. return 1;
  1742. }
  1743. int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg)
  1744. {
  1745. ctx->async_cb_arg = arg;
  1746. return 1;
  1747. }
  1748. int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback)
  1749. {
  1750. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1751. if (sc == NULL)
  1752. return 0;
  1753. sc->async_cb = callback;
  1754. return 1;
  1755. }
  1756. int SSL_set_async_callback_arg(SSL *s, void *arg)
  1757. {
  1758. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1759. if (sc == NULL)
  1760. return 0;
  1761. sc->async_cb_arg = arg;
  1762. return 1;
  1763. }
  1764. int SSL_get_async_status(SSL *s, int *status)
  1765. {
  1766. ASYNC_WAIT_CTX *ctx;
  1767. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1768. if (sc == NULL)
  1769. return 0;
  1770. if ((ctx = sc->waitctx) == NULL)
  1771. return 0;
  1772. *status = ASYNC_WAIT_CTX_get_status(ctx);
  1773. return 1;
  1774. }
  1775. int SSL_accept(SSL *s)
  1776. {
  1777. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1778. #ifndef OPENSSL_NO_QUIC
  1779. if (IS_QUIC(s))
  1780. return s->method->ssl_accept(s);
  1781. #endif
  1782. if (sc == NULL)
  1783. return 0;
  1784. if (sc->handshake_func == NULL) {
  1785. /* Not properly initialized yet */
  1786. SSL_set_accept_state(s);
  1787. }
  1788. return SSL_do_handshake(s);
  1789. }
  1790. int SSL_connect(SSL *s)
  1791. {
  1792. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1793. #ifndef OPENSSL_NO_QUIC
  1794. if (IS_QUIC(s))
  1795. return s->method->ssl_connect(s);
  1796. #endif
  1797. if (sc == NULL)
  1798. return 0;
  1799. if (sc->handshake_func == NULL) {
  1800. /* Not properly initialized yet */
  1801. SSL_set_connect_state(s);
  1802. }
  1803. return SSL_do_handshake(s);
  1804. }
  1805. long SSL_get_default_timeout(const SSL *s)
  1806. {
  1807. return (long int)ossl_time2seconds(s->method->get_timeout());
  1808. }
  1809. static int ssl_async_wait_ctx_cb(void *arg)
  1810. {
  1811. SSL *s = (SSL *)arg;
  1812. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1813. if (sc == NULL)
  1814. return 0;
  1815. return sc->async_cb(s, sc->async_cb_arg);
  1816. }
  1817. static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
  1818. int (*func) (void *))
  1819. {
  1820. int ret;
  1821. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1822. if (sc == NULL)
  1823. return 0;
  1824. if (sc->waitctx == NULL) {
  1825. sc->waitctx = ASYNC_WAIT_CTX_new();
  1826. if (sc->waitctx == NULL)
  1827. return -1;
  1828. if (sc->async_cb != NULL
  1829. && !ASYNC_WAIT_CTX_set_callback
  1830. (sc->waitctx, ssl_async_wait_ctx_cb, s))
  1831. return -1;
  1832. }
  1833. sc->rwstate = SSL_NOTHING;
  1834. switch (ASYNC_start_job(&sc->job, sc->waitctx, &ret, func, args,
  1835. sizeof(struct ssl_async_args))) {
  1836. case ASYNC_ERR:
  1837. sc->rwstate = SSL_NOTHING;
  1838. ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_INIT_ASYNC);
  1839. return -1;
  1840. case ASYNC_PAUSE:
  1841. sc->rwstate = SSL_ASYNC_PAUSED;
  1842. return -1;
  1843. case ASYNC_NO_JOBS:
  1844. sc->rwstate = SSL_ASYNC_NO_JOBS;
  1845. return -1;
  1846. case ASYNC_FINISH:
  1847. sc->job = NULL;
  1848. return ret;
  1849. default:
  1850. sc->rwstate = SSL_NOTHING;
  1851. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  1852. /* Shouldn't happen */
  1853. return -1;
  1854. }
  1855. }
  1856. static int ssl_io_intern(void *vargs)
  1857. {
  1858. struct ssl_async_args *args;
  1859. SSL *s;
  1860. void *buf;
  1861. size_t num;
  1862. SSL_CONNECTION *sc;
  1863. args = (struct ssl_async_args *)vargs;
  1864. s = args->s;
  1865. buf = args->buf;
  1866. num = args->num;
  1867. if ((sc = SSL_CONNECTION_FROM_SSL(s)) == NULL)
  1868. return -1;
  1869. switch (args->type) {
  1870. case READFUNC:
  1871. return args->f.func_read(s, buf, num, &sc->asyncrw);
  1872. case WRITEFUNC:
  1873. return args->f.func_write(s, buf, num, &sc->asyncrw);
  1874. case OTHERFUNC:
  1875. return args->f.func_other(s);
  1876. }
  1877. return -1;
  1878. }
  1879. int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  1880. {
  1881. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  1882. #ifndef OPENSSL_NO_QUIC
  1883. if (IS_QUIC(s))
  1884. return s->method->ssl_read(s, buf, num, readbytes);
  1885. #endif
  1886. if (sc == NULL)
  1887. return -1;
  1888. if (sc->handshake_func == NULL) {
  1889. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  1890. return -1;
  1891. }
  1892. if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
  1893. sc->rwstate = SSL_NOTHING;
  1894. return 0;
  1895. }
  1896. if (sc->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  1897. || sc->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
  1898. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1899. return 0;
  1900. }
  1901. /*
  1902. * If we are a client and haven't received the ServerHello etc then we
  1903. * better do that
  1904. */
  1905. ossl_statem_check_finish_init(sc, 0);
  1906. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  1907. struct ssl_async_args args;
  1908. int ret;
  1909. args.s = s;
  1910. args.buf = buf;
  1911. args.num = num;
  1912. args.type = READFUNC;
  1913. args.f.func_read = s->method->ssl_read;
  1914. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  1915. *readbytes = sc->asyncrw;
  1916. return ret;
  1917. } else {
  1918. return s->method->ssl_read(s, buf, num, readbytes);
  1919. }
  1920. }
  1921. int SSL_read(SSL *s, void *buf, int num)
  1922. {
  1923. int ret;
  1924. size_t readbytes;
  1925. if (num < 0) {
  1926. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  1927. return -1;
  1928. }
  1929. ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
  1930. /*
  1931. * The cast is safe here because ret should be <= INT_MAX because num is
  1932. * <= INT_MAX
  1933. */
  1934. if (ret > 0)
  1935. ret = (int)readbytes;
  1936. return ret;
  1937. }
  1938. int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  1939. {
  1940. int ret = ssl_read_internal(s, buf, num, readbytes);
  1941. if (ret < 0)
  1942. ret = 0;
  1943. return ret;
  1944. }
  1945. int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
  1946. {
  1947. int ret;
  1948. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  1949. /* TODO(QUIC 0RTT): 0-RTT support */
  1950. if (sc == NULL || !sc->server) {
  1951. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1952. return SSL_READ_EARLY_DATA_ERROR;
  1953. }
  1954. switch (sc->early_data_state) {
  1955. case SSL_EARLY_DATA_NONE:
  1956. if (!SSL_in_before(s)) {
  1957. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1958. return SSL_READ_EARLY_DATA_ERROR;
  1959. }
  1960. /* fall through */
  1961. case SSL_EARLY_DATA_ACCEPT_RETRY:
  1962. sc->early_data_state = SSL_EARLY_DATA_ACCEPTING;
  1963. ret = SSL_accept(s);
  1964. if (ret <= 0) {
  1965. /* NBIO or error */
  1966. sc->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
  1967. return SSL_READ_EARLY_DATA_ERROR;
  1968. }
  1969. /* fall through */
  1970. case SSL_EARLY_DATA_READ_RETRY:
  1971. if (sc->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
  1972. sc->early_data_state = SSL_EARLY_DATA_READING;
  1973. ret = SSL_read_ex(s, buf, num, readbytes);
  1974. /*
  1975. * State machine will update early_data_state to
  1976. * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
  1977. * message
  1978. */
  1979. if (ret > 0 || (ret <= 0 && sc->early_data_state
  1980. != SSL_EARLY_DATA_FINISHED_READING)) {
  1981. sc->early_data_state = SSL_EARLY_DATA_READ_RETRY;
  1982. return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
  1983. : SSL_READ_EARLY_DATA_ERROR;
  1984. }
  1985. } else {
  1986. sc->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
  1987. }
  1988. *readbytes = 0;
  1989. return SSL_READ_EARLY_DATA_FINISH;
  1990. default:
  1991. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  1992. return SSL_READ_EARLY_DATA_ERROR;
  1993. }
  1994. }
  1995. int SSL_get_early_data_status(const SSL *s)
  1996. {
  1997. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  1998. /* TODO(QUIC 0RTT): 0-RTT support */
  1999. if (sc == NULL)
  2000. return 0;
  2001. return sc->ext.early_data;
  2002. }
  2003. static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
  2004. {
  2005. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2006. #ifndef OPENSSL_NO_QUIC
  2007. if (IS_QUIC(s))
  2008. return s->method->ssl_peek(s, buf, num, readbytes);
  2009. #endif
  2010. if (sc == NULL)
  2011. return 0;
  2012. if (sc->handshake_func == NULL) {
  2013. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2014. return -1;
  2015. }
  2016. if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
  2017. return 0;
  2018. }
  2019. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  2020. struct ssl_async_args args;
  2021. int ret;
  2022. args.s = s;
  2023. args.buf = buf;
  2024. args.num = num;
  2025. args.type = READFUNC;
  2026. args.f.func_read = s->method->ssl_peek;
  2027. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  2028. *readbytes = sc->asyncrw;
  2029. return ret;
  2030. } else {
  2031. return s->method->ssl_peek(s, buf, num, readbytes);
  2032. }
  2033. }
  2034. int SSL_peek(SSL *s, void *buf, int num)
  2035. {
  2036. int ret;
  2037. size_t readbytes;
  2038. if (num < 0) {
  2039. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  2040. return -1;
  2041. }
  2042. ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
  2043. /*
  2044. * The cast is safe here because ret should be <= INT_MAX because num is
  2045. * <= INT_MAX
  2046. */
  2047. if (ret > 0)
  2048. ret = (int)readbytes;
  2049. return ret;
  2050. }
  2051. int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
  2052. {
  2053. int ret = ssl_peek_internal(s, buf, num, readbytes);
  2054. if (ret < 0)
  2055. ret = 0;
  2056. return ret;
  2057. }
  2058. int ssl_write_internal(SSL *s, const void *buf, size_t num,
  2059. uint64_t flags, size_t *written)
  2060. {
  2061. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2062. #ifndef OPENSSL_NO_QUIC
  2063. if (IS_QUIC(s))
  2064. return ossl_quic_write_flags(s, buf, num, flags, written);
  2065. #endif
  2066. if (sc == NULL)
  2067. return 0;
  2068. if (sc->handshake_func == NULL) {
  2069. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2070. return -1;
  2071. }
  2072. if (sc->shutdown & SSL_SENT_SHUTDOWN) {
  2073. sc->rwstate = SSL_NOTHING;
  2074. ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
  2075. return -1;
  2076. }
  2077. if (flags != 0) {
  2078. ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_WRITE_FLAG);
  2079. return -1;
  2080. }
  2081. if (sc->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
  2082. || sc->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
  2083. || sc->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
  2084. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2085. return 0;
  2086. }
  2087. /* If we are a client and haven't sent the Finished we better do that */
  2088. ossl_statem_check_finish_init(sc, 1);
  2089. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  2090. int ret;
  2091. struct ssl_async_args args;
  2092. args.s = s;
  2093. args.buf = (void *)buf;
  2094. args.num = num;
  2095. args.type = WRITEFUNC;
  2096. args.f.func_write = s->method->ssl_write;
  2097. ret = ssl_start_async_job(s, &args, ssl_io_intern);
  2098. *written = sc->asyncrw;
  2099. return ret;
  2100. } else {
  2101. return s->method->ssl_write(s, buf, num, written);
  2102. }
  2103. }
  2104. ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags)
  2105. {
  2106. ossl_ssize_t ret;
  2107. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2108. if (sc == NULL)
  2109. return 0;
  2110. if (sc->handshake_func == NULL) {
  2111. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2112. return -1;
  2113. }
  2114. if (sc->shutdown & SSL_SENT_SHUTDOWN) {
  2115. sc->rwstate = SSL_NOTHING;
  2116. ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
  2117. return -1;
  2118. }
  2119. if (!BIO_get_ktls_send(sc->wbio)) {
  2120. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2121. return -1;
  2122. }
  2123. /* If we have an alert to send, lets send it */
  2124. if (sc->s3.alert_dispatch > 0) {
  2125. ret = (ossl_ssize_t)s->method->ssl_dispatch_alert(s);
  2126. if (ret <= 0) {
  2127. /* SSLfatal() already called if appropriate */
  2128. return ret;
  2129. }
  2130. /* if it went, fall through and send more stuff */
  2131. }
  2132. sc->rwstate = SSL_WRITING;
  2133. if (BIO_flush(sc->wbio) <= 0) {
  2134. if (!BIO_should_retry(sc->wbio)) {
  2135. sc->rwstate = SSL_NOTHING;
  2136. } else {
  2137. #ifdef EAGAIN
  2138. set_sys_error(EAGAIN);
  2139. #endif
  2140. }
  2141. return -1;
  2142. }
  2143. #ifdef OPENSSL_NO_KTLS
  2144. ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR,
  2145. "can't call ktls_sendfile(), ktls disabled");
  2146. return -1;
  2147. #else
  2148. ret = ktls_sendfile(SSL_get_wfd(s), fd, offset, size, flags);
  2149. if (ret < 0) {
  2150. #if defined(EAGAIN) && defined(EINTR) && defined(EBUSY)
  2151. if ((get_last_sys_error() == EAGAIN) ||
  2152. (get_last_sys_error() == EINTR) ||
  2153. (get_last_sys_error() == EBUSY))
  2154. BIO_set_retry_write(sc->wbio);
  2155. else
  2156. #endif
  2157. ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
  2158. "ktls_sendfile failure");
  2159. return ret;
  2160. }
  2161. sc->rwstate = SSL_NOTHING;
  2162. return ret;
  2163. #endif
  2164. }
  2165. int SSL_write(SSL *s, const void *buf, int num)
  2166. {
  2167. int ret;
  2168. size_t written;
  2169. if (num < 0) {
  2170. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  2171. return -1;
  2172. }
  2173. ret = ssl_write_internal(s, buf, (size_t)num, 0, &written);
  2174. /*
  2175. * The cast is safe here because ret should be <= INT_MAX because num is
  2176. * <= INT_MAX
  2177. */
  2178. if (ret > 0)
  2179. ret = (int)written;
  2180. return ret;
  2181. }
  2182. int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
  2183. {
  2184. return SSL_write_ex2(s, buf, num, 0, written);
  2185. }
  2186. int SSL_write_ex2(SSL *s, const void *buf, size_t num, uint64_t flags,
  2187. size_t *written)
  2188. {
  2189. int ret = ssl_write_internal(s, buf, num, flags, written);
  2190. if (ret < 0)
  2191. ret = 0;
  2192. return ret;
  2193. }
  2194. int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
  2195. {
  2196. int ret, early_data_state;
  2197. size_t writtmp;
  2198. uint32_t partialwrite;
  2199. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2200. /* TODO(QUIC 0RTT): This will need special handling for QUIC */
  2201. if (sc == NULL)
  2202. return 0;
  2203. switch (sc->early_data_state) {
  2204. case SSL_EARLY_DATA_NONE:
  2205. if (sc->server
  2206. || !SSL_in_before(s)
  2207. || ((sc->session == NULL || sc->session->ext.max_early_data == 0)
  2208. && (sc->psk_use_session_cb == NULL))) {
  2209. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2210. return 0;
  2211. }
  2212. /* fall through */
  2213. case SSL_EARLY_DATA_CONNECT_RETRY:
  2214. sc->early_data_state = SSL_EARLY_DATA_CONNECTING;
  2215. ret = SSL_connect(s);
  2216. if (ret <= 0) {
  2217. /* NBIO or error */
  2218. sc->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
  2219. return 0;
  2220. }
  2221. /* fall through */
  2222. case SSL_EARLY_DATA_WRITE_RETRY:
  2223. sc->early_data_state = SSL_EARLY_DATA_WRITING;
  2224. /*
  2225. * We disable partial write for early data because we don't keep track
  2226. * of how many bytes we've written between the SSL_write_ex() call and
  2227. * the flush if the flush needs to be retried)
  2228. */
  2229. partialwrite = sc->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
  2230. sc->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
  2231. ret = SSL_write_ex(s, buf, num, &writtmp);
  2232. sc->mode |= partialwrite;
  2233. if (!ret) {
  2234. sc->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
  2235. return ret;
  2236. }
  2237. sc->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
  2238. /* fall through */
  2239. case SSL_EARLY_DATA_WRITE_FLUSH:
  2240. /* The buffering BIO is still in place so we need to flush it */
  2241. if (statem_flush(sc) != 1)
  2242. return 0;
  2243. *written = num;
  2244. sc->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
  2245. return 1;
  2246. case SSL_EARLY_DATA_FINISHED_READING:
  2247. case SSL_EARLY_DATA_READ_RETRY:
  2248. early_data_state = sc->early_data_state;
  2249. /* We are a server writing to an unauthenticated client */
  2250. sc->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
  2251. ret = SSL_write_ex(s, buf, num, written);
  2252. /* The buffering BIO is still in place */
  2253. if (ret)
  2254. (void)BIO_flush(sc->wbio);
  2255. sc->early_data_state = early_data_state;
  2256. return ret;
  2257. default:
  2258. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  2259. return 0;
  2260. }
  2261. }
  2262. int SSL_shutdown(SSL *s)
  2263. {
  2264. /*
  2265. * Note that this function behaves differently from what one might
  2266. * expect. Return values are 0 for no success (yet), 1 for success; but
  2267. * calling it once is usually not enough, even if blocking I/O is used
  2268. * (see ssl3_shutdown).
  2269. */
  2270. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2271. #ifndef OPENSSL_NO_QUIC
  2272. if (IS_QUIC(s))
  2273. return ossl_quic_conn_shutdown(s, 0, NULL, 0);
  2274. #endif
  2275. if (sc == NULL)
  2276. return -1;
  2277. if (sc->handshake_func == NULL) {
  2278. ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
  2279. return -1;
  2280. }
  2281. if (!SSL_in_init(s)) {
  2282. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  2283. struct ssl_async_args args;
  2284. memset(&args, 0, sizeof(args));
  2285. args.s = s;
  2286. args.type = OTHERFUNC;
  2287. args.f.func_other = s->method->ssl_shutdown;
  2288. return ssl_start_async_job(s, &args, ssl_io_intern);
  2289. } else {
  2290. return s->method->ssl_shutdown(s);
  2291. }
  2292. } else {
  2293. ERR_raise(ERR_LIB_SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT);
  2294. return -1;
  2295. }
  2296. }
  2297. int SSL_key_update(SSL *s, int updatetype)
  2298. {
  2299. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2300. #ifndef OPENSSL_NO_QUIC
  2301. if (IS_QUIC(s))
  2302. return ossl_quic_key_update(s, updatetype);
  2303. #endif
  2304. if (sc == NULL)
  2305. return 0;
  2306. if (!SSL_CONNECTION_IS_TLS13(sc)) {
  2307. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  2308. return 0;
  2309. }
  2310. if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
  2311. && updatetype != SSL_KEY_UPDATE_REQUESTED) {
  2312. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_KEY_UPDATE_TYPE);
  2313. return 0;
  2314. }
  2315. if (!SSL_is_init_finished(s)) {
  2316. ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT);
  2317. return 0;
  2318. }
  2319. if (RECORD_LAYER_write_pending(&sc->rlayer)) {
  2320. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY);
  2321. return 0;
  2322. }
  2323. ossl_statem_set_in_init(sc, 1);
  2324. sc->key_update = updatetype;
  2325. return 1;
  2326. }
  2327. int SSL_get_key_update_type(const SSL *s)
  2328. {
  2329. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2330. #ifndef OPENSSL_NO_QUIC
  2331. if (IS_QUIC(s))
  2332. return ossl_quic_get_key_update_type(s);
  2333. #endif
  2334. if (sc == NULL)
  2335. return 0;
  2336. return sc->key_update;
  2337. }
  2338. /*
  2339. * Can we accept a renegotiation request? If yes, set the flag and
  2340. * return 1 if yes. If not, raise error and return 0.
  2341. */
  2342. static int can_renegotiate(const SSL_CONNECTION *sc)
  2343. {
  2344. if (SSL_CONNECTION_IS_TLS13(sc)) {
  2345. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  2346. return 0;
  2347. }
  2348. if ((sc->options & SSL_OP_NO_RENEGOTIATION) != 0) {
  2349. ERR_raise(ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION);
  2350. return 0;
  2351. }
  2352. return 1;
  2353. }
  2354. int SSL_renegotiate(SSL *s)
  2355. {
  2356. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2357. if (sc == NULL)
  2358. return 0;
  2359. if (!can_renegotiate(sc))
  2360. return 0;
  2361. sc->renegotiate = 1;
  2362. sc->new_session = 1;
  2363. return s->method->ssl_renegotiate(s);
  2364. }
  2365. int SSL_renegotiate_abbreviated(SSL *s)
  2366. {
  2367. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2368. if (sc == NULL)
  2369. return 0;
  2370. if (!can_renegotiate(sc))
  2371. return 0;
  2372. sc->renegotiate = 1;
  2373. sc->new_session = 0;
  2374. return s->method->ssl_renegotiate(s);
  2375. }
  2376. int SSL_renegotiate_pending(const SSL *s)
  2377. {
  2378. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  2379. if (sc == NULL)
  2380. return 0;
  2381. /*
  2382. * becomes true when negotiation is requested; false again once a
  2383. * handshake has finished
  2384. */
  2385. return (sc->renegotiate != 0);
  2386. }
  2387. int SSL_new_session_ticket(SSL *s)
  2388. {
  2389. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2390. if (sc == NULL)
  2391. return 0;
  2392. /* If we are in init because we're sending tickets, okay to send more. */
  2393. if ((SSL_in_init(s) && sc->ext.extra_tickets_expected == 0)
  2394. || SSL_IS_FIRST_HANDSHAKE(sc) || !sc->server
  2395. || !SSL_CONNECTION_IS_TLS13(sc))
  2396. return 0;
  2397. sc->ext.extra_tickets_expected++;
  2398. if (!RECORD_LAYER_write_pending(&sc->rlayer) && !SSL_in_init(s))
  2399. ossl_statem_set_in_init(sc, 1);
  2400. return 1;
  2401. }
  2402. long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
  2403. {
  2404. return ossl_ctrl_internal(s, cmd, larg, parg, /*no_quic=*/0);
  2405. }
  2406. long ossl_ctrl_internal(SSL *s, int cmd, long larg, void *parg, int no_quic)
  2407. {
  2408. long l;
  2409. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2410. /*
  2411. * Routing of ctrl calls for QUIC is a little counterintuitive:
  2412. *
  2413. * - Firstly (no_quic=0), we pass the ctrl directly to our QUIC
  2414. * implementation in case it wants to handle the ctrl specially.
  2415. *
  2416. * - If our QUIC implementation does not care about the ctrl, it
  2417. * will reenter this function with no_quic=1 and we will try to handle
  2418. * it directly using the QCSO SSL object stub (not the handshake layer
  2419. * SSL object). This is important for e.g. the version configuration
  2420. * ctrls below, which must use s->defltmeth (and not sc->defltmeth).
  2421. *
  2422. * - If we don't handle a ctrl here specially, then processing is
  2423. * redirected to the handshake layer SSL object.
  2424. */
  2425. if (!no_quic && IS_QUIC(s))
  2426. return s->method->ssl_ctrl(s, cmd, larg, parg);
  2427. if (sc == NULL)
  2428. return 0;
  2429. switch (cmd) {
  2430. case SSL_CTRL_GET_READ_AHEAD:
  2431. return RECORD_LAYER_get_read_ahead(&sc->rlayer);
  2432. case SSL_CTRL_SET_READ_AHEAD:
  2433. l = RECORD_LAYER_get_read_ahead(&sc->rlayer);
  2434. RECORD_LAYER_set_read_ahead(&sc->rlayer, larg);
  2435. return l;
  2436. case SSL_CTRL_MODE:
  2437. {
  2438. OSSL_PARAM options[2], *opts = options;
  2439. sc->mode |= larg;
  2440. *opts++ = OSSL_PARAM_construct_uint32(OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE,
  2441. &sc->mode);
  2442. *opts = OSSL_PARAM_construct_end();
  2443. /* Ignore return value */
  2444. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  2445. return sc->mode;
  2446. }
  2447. case SSL_CTRL_CLEAR_MODE:
  2448. return (sc->mode &= ~larg);
  2449. case SSL_CTRL_GET_MAX_CERT_LIST:
  2450. return (long)sc->max_cert_list;
  2451. case SSL_CTRL_SET_MAX_CERT_LIST:
  2452. if (larg < 0)
  2453. return 0;
  2454. l = (long)sc->max_cert_list;
  2455. sc->max_cert_list = (size_t)larg;
  2456. return l;
  2457. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  2458. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  2459. return 0;
  2460. #ifndef OPENSSL_NO_KTLS
  2461. if (sc->wbio != NULL && BIO_get_ktls_send(sc->wbio))
  2462. return 0;
  2463. #endif /* OPENSSL_NO_KTLS */
  2464. sc->max_send_fragment = larg;
  2465. if (sc->max_send_fragment < sc->split_send_fragment)
  2466. sc->split_send_fragment = sc->max_send_fragment;
  2467. sc->rlayer.wrlmethod->set_max_frag_len(sc->rlayer.wrl, larg);
  2468. return 1;
  2469. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  2470. if ((size_t)larg > sc->max_send_fragment || larg == 0)
  2471. return 0;
  2472. sc->split_send_fragment = larg;
  2473. return 1;
  2474. case SSL_CTRL_SET_MAX_PIPELINES:
  2475. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  2476. return 0;
  2477. sc->max_pipelines = larg;
  2478. if (sc->rlayer.rrlmethod->set_max_pipelines != NULL)
  2479. sc->rlayer.rrlmethod->set_max_pipelines(sc->rlayer.rrl, (size_t)larg);
  2480. return 1;
  2481. case SSL_CTRL_GET_RI_SUPPORT:
  2482. return sc->s3.send_connection_binding;
  2483. case SSL_CTRL_SET_RETRY_VERIFY:
  2484. sc->rwstate = SSL_RETRY_VERIFY;
  2485. return 1;
  2486. case SSL_CTRL_CERT_FLAGS:
  2487. return (sc->cert->cert_flags |= larg);
  2488. case SSL_CTRL_CLEAR_CERT_FLAGS:
  2489. return (sc->cert->cert_flags &= ~larg);
  2490. case SSL_CTRL_GET_RAW_CIPHERLIST:
  2491. if (parg) {
  2492. if (sc->s3.tmp.ciphers_raw == NULL)
  2493. return 0;
  2494. *(unsigned char **)parg = sc->s3.tmp.ciphers_raw;
  2495. return (int)sc->s3.tmp.ciphers_rawlen;
  2496. } else {
  2497. return TLS_CIPHER_LEN;
  2498. }
  2499. case SSL_CTRL_GET_EXTMS_SUPPORT:
  2500. if (!sc->session || SSL_in_init(s) || ossl_statem_get_in_handshake(sc))
  2501. return -1;
  2502. if (sc->session->flags & SSL_SESS_FLAG_EXTMS)
  2503. return 1;
  2504. else
  2505. return 0;
  2506. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  2507. return ssl_check_allowed_versions(larg, sc->max_proto_version)
  2508. && ssl_set_version_bound(s->defltmeth->version, (int)larg,
  2509. &sc->min_proto_version);
  2510. case SSL_CTRL_GET_MIN_PROTO_VERSION:
  2511. return sc->min_proto_version;
  2512. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  2513. return ssl_check_allowed_versions(sc->min_proto_version, larg)
  2514. && ssl_set_version_bound(s->defltmeth->version, (int)larg,
  2515. &sc->max_proto_version);
  2516. case SSL_CTRL_GET_MAX_PROTO_VERSION:
  2517. return sc->max_proto_version;
  2518. default:
  2519. if (IS_QUIC(s))
  2520. return SSL_ctrl((SSL *)sc, cmd, larg, parg);
  2521. else
  2522. return s->method->ssl_ctrl(s, cmd, larg, parg);
  2523. }
  2524. }
  2525. long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
  2526. {
  2527. return s->method->ssl_callback_ctrl(s, cmd, fp);
  2528. }
  2529. LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
  2530. {
  2531. return ctx->sessions;
  2532. }
  2533. static int ssl_tsan_load(SSL_CTX *ctx, TSAN_QUALIFIER int *stat)
  2534. {
  2535. int res = 0;
  2536. if (ssl_tsan_lock(ctx)) {
  2537. res = tsan_load(stat);
  2538. ssl_tsan_unlock(ctx);
  2539. }
  2540. return res;
  2541. }
  2542. long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
  2543. {
  2544. long l;
  2545. /* For some cases with ctx == NULL perform syntax checks */
  2546. if (ctx == NULL) {
  2547. switch (cmd) {
  2548. case SSL_CTRL_SET_GROUPS_LIST:
  2549. return tls1_set_groups_list(ctx, NULL, NULL, parg);
  2550. case SSL_CTRL_SET_SIGALGS_LIST:
  2551. case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
  2552. return tls1_set_sigalgs_list(ctx, NULL, parg, 0);
  2553. default:
  2554. return 0;
  2555. }
  2556. }
  2557. switch (cmd) {
  2558. case SSL_CTRL_GET_READ_AHEAD:
  2559. return ctx->read_ahead;
  2560. case SSL_CTRL_SET_READ_AHEAD:
  2561. l = ctx->read_ahead;
  2562. ctx->read_ahead = larg;
  2563. return l;
  2564. case SSL_CTRL_SET_MSG_CALLBACK_ARG:
  2565. ctx->msg_callback_arg = parg;
  2566. return 1;
  2567. case SSL_CTRL_GET_MAX_CERT_LIST:
  2568. return (long)ctx->max_cert_list;
  2569. case SSL_CTRL_SET_MAX_CERT_LIST:
  2570. if (larg < 0)
  2571. return 0;
  2572. l = (long)ctx->max_cert_list;
  2573. ctx->max_cert_list = (size_t)larg;
  2574. return l;
  2575. case SSL_CTRL_SET_SESS_CACHE_SIZE:
  2576. if (larg < 0)
  2577. return 0;
  2578. l = (long)ctx->session_cache_size;
  2579. ctx->session_cache_size = (size_t)larg;
  2580. return l;
  2581. case SSL_CTRL_GET_SESS_CACHE_SIZE:
  2582. return (long)ctx->session_cache_size;
  2583. case SSL_CTRL_SET_SESS_CACHE_MODE:
  2584. l = ctx->session_cache_mode;
  2585. ctx->session_cache_mode = larg;
  2586. return l;
  2587. case SSL_CTRL_GET_SESS_CACHE_MODE:
  2588. return ctx->session_cache_mode;
  2589. case SSL_CTRL_SESS_NUMBER:
  2590. return lh_SSL_SESSION_num_items(ctx->sessions);
  2591. case SSL_CTRL_SESS_CONNECT:
  2592. return ssl_tsan_load(ctx, &ctx->stats.sess_connect);
  2593. case SSL_CTRL_SESS_CONNECT_GOOD:
  2594. return ssl_tsan_load(ctx, &ctx->stats.sess_connect_good);
  2595. case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
  2596. return ssl_tsan_load(ctx, &ctx->stats.sess_connect_renegotiate);
  2597. case SSL_CTRL_SESS_ACCEPT:
  2598. return ssl_tsan_load(ctx, &ctx->stats.sess_accept);
  2599. case SSL_CTRL_SESS_ACCEPT_GOOD:
  2600. return ssl_tsan_load(ctx, &ctx->stats.sess_accept_good);
  2601. case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
  2602. return ssl_tsan_load(ctx, &ctx->stats.sess_accept_renegotiate);
  2603. case SSL_CTRL_SESS_HIT:
  2604. return ssl_tsan_load(ctx, &ctx->stats.sess_hit);
  2605. case SSL_CTRL_SESS_CB_HIT:
  2606. return ssl_tsan_load(ctx, &ctx->stats.sess_cb_hit);
  2607. case SSL_CTRL_SESS_MISSES:
  2608. return ssl_tsan_load(ctx, &ctx->stats.sess_miss);
  2609. case SSL_CTRL_SESS_TIMEOUTS:
  2610. return ssl_tsan_load(ctx, &ctx->stats.sess_timeout);
  2611. case SSL_CTRL_SESS_CACHE_FULL:
  2612. return ssl_tsan_load(ctx, &ctx->stats.sess_cache_full);
  2613. case SSL_CTRL_MODE:
  2614. return (ctx->mode |= larg);
  2615. case SSL_CTRL_CLEAR_MODE:
  2616. return (ctx->mode &= ~larg);
  2617. case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
  2618. if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
  2619. return 0;
  2620. ctx->max_send_fragment = larg;
  2621. if (ctx->max_send_fragment < ctx->split_send_fragment)
  2622. ctx->split_send_fragment = ctx->max_send_fragment;
  2623. return 1;
  2624. case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
  2625. if ((size_t)larg > ctx->max_send_fragment || larg == 0)
  2626. return 0;
  2627. ctx->split_send_fragment = larg;
  2628. return 1;
  2629. case SSL_CTRL_SET_MAX_PIPELINES:
  2630. if (larg < 1 || larg > SSL_MAX_PIPELINES)
  2631. return 0;
  2632. ctx->max_pipelines = larg;
  2633. return 1;
  2634. case SSL_CTRL_CERT_FLAGS:
  2635. return (ctx->cert->cert_flags |= larg);
  2636. case SSL_CTRL_CLEAR_CERT_FLAGS:
  2637. return (ctx->cert->cert_flags &= ~larg);
  2638. case SSL_CTRL_SET_MIN_PROTO_VERSION:
  2639. return ssl_check_allowed_versions(larg, ctx->max_proto_version)
  2640. && ssl_set_version_bound(ctx->method->version, (int)larg,
  2641. &ctx->min_proto_version);
  2642. case SSL_CTRL_GET_MIN_PROTO_VERSION:
  2643. return ctx->min_proto_version;
  2644. case SSL_CTRL_SET_MAX_PROTO_VERSION:
  2645. return ssl_check_allowed_versions(ctx->min_proto_version, larg)
  2646. && ssl_set_version_bound(ctx->method->version, (int)larg,
  2647. &ctx->max_proto_version);
  2648. case SSL_CTRL_GET_MAX_PROTO_VERSION:
  2649. return ctx->max_proto_version;
  2650. default:
  2651. return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
  2652. }
  2653. }
  2654. long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
  2655. {
  2656. switch (cmd) {
  2657. case SSL_CTRL_SET_MSG_CALLBACK:
  2658. ctx->msg_callback = (void (*)
  2659. (int write_p, int version, int content_type,
  2660. const void *buf, size_t len, SSL *ssl,
  2661. void *arg))(fp);
  2662. return 1;
  2663. default:
  2664. return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
  2665. }
  2666. }
  2667. int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
  2668. {
  2669. if (a->id > b->id)
  2670. return 1;
  2671. if (a->id < b->id)
  2672. return -1;
  2673. return 0;
  2674. }
  2675. int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
  2676. const SSL_CIPHER *const *bp)
  2677. {
  2678. if ((*ap)->id > (*bp)->id)
  2679. return 1;
  2680. if ((*ap)->id < (*bp)->id)
  2681. return -1;
  2682. return 0;
  2683. }
  2684. /*
  2685. * return a STACK of the ciphers available for the SSL and in order of
  2686. * preference
  2687. */
  2688. STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
  2689. {
  2690. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2691. if (sc != NULL) {
  2692. if (sc->cipher_list != NULL) {
  2693. return sc->cipher_list;
  2694. } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
  2695. return s->ctx->cipher_list;
  2696. }
  2697. }
  2698. return NULL;
  2699. }
  2700. STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
  2701. {
  2702. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2703. if (sc == NULL || !sc->server)
  2704. return NULL;
  2705. return sc->peer_ciphers;
  2706. }
  2707. STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
  2708. {
  2709. STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
  2710. int i;
  2711. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2712. if (sc == NULL)
  2713. return NULL;
  2714. ciphers = SSL_get_ciphers(s);
  2715. if (!ciphers)
  2716. return NULL;
  2717. if (!ssl_set_client_disabled(sc))
  2718. return NULL;
  2719. for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
  2720. const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
  2721. if (!ssl_cipher_disabled(sc, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
  2722. if (!sk)
  2723. sk = sk_SSL_CIPHER_new_null();
  2724. if (!sk)
  2725. return NULL;
  2726. if (!sk_SSL_CIPHER_push(sk, c)) {
  2727. sk_SSL_CIPHER_free(sk);
  2728. return NULL;
  2729. }
  2730. }
  2731. }
  2732. return sk;
  2733. }
  2734. /** return a STACK of the ciphers available for the SSL and in order of
  2735. * algorithm id */
  2736. STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL_CONNECTION *s)
  2737. {
  2738. if (s != NULL) {
  2739. if (s->cipher_list_by_id != NULL)
  2740. return s->cipher_list_by_id;
  2741. else if (s->ssl.ctx != NULL
  2742. && s->ssl.ctx->cipher_list_by_id != NULL)
  2743. return s->ssl.ctx->cipher_list_by_id;
  2744. }
  2745. return NULL;
  2746. }
  2747. /** The old interface to get the same thing as SSL_get_ciphers() */
  2748. const char *SSL_get_cipher_list(const SSL *s, int n)
  2749. {
  2750. const SSL_CIPHER *c;
  2751. STACK_OF(SSL_CIPHER) *sk;
  2752. if (s == NULL)
  2753. return NULL;
  2754. sk = SSL_get_ciphers(s);
  2755. if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
  2756. return NULL;
  2757. c = sk_SSL_CIPHER_value(sk, n);
  2758. if (c == NULL)
  2759. return NULL;
  2760. return c->name;
  2761. }
  2762. /** return a STACK of the ciphers available for the SSL_CTX and in order of
  2763. * preference */
  2764. STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
  2765. {
  2766. if (ctx != NULL)
  2767. return ctx->cipher_list;
  2768. return NULL;
  2769. }
  2770. /*
  2771. * Distinguish between ciphers controlled by set_ciphersuite() and
  2772. * set_cipher_list() when counting.
  2773. */
  2774. static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
  2775. {
  2776. int i, num = 0;
  2777. const SSL_CIPHER *c;
  2778. if (sk == NULL)
  2779. return 0;
  2780. for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
  2781. c = sk_SSL_CIPHER_value(sk, i);
  2782. if (c->min_tls >= TLS1_3_VERSION)
  2783. continue;
  2784. num++;
  2785. }
  2786. return num;
  2787. }
  2788. /** specify the ciphers to be used by default by the SSL_CTX */
  2789. int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
  2790. {
  2791. STACK_OF(SSL_CIPHER) *sk;
  2792. sk = ssl_create_cipher_list(ctx, ctx->tls13_ciphersuites,
  2793. &ctx->cipher_list, &ctx->cipher_list_by_id, str,
  2794. ctx->cert);
  2795. /*
  2796. * ssl_create_cipher_list may return an empty stack if it was unable to
  2797. * find a cipher matching the given rule string (for example if the rule
  2798. * string specifies a cipher which has been disabled). This is not an
  2799. * error as far as ssl_create_cipher_list is concerned, and hence
  2800. * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
  2801. */
  2802. if (sk == NULL)
  2803. return 0;
  2804. else if (cipher_list_tls12_num(sk) == 0) {
  2805. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
  2806. return 0;
  2807. }
  2808. return 1;
  2809. }
  2810. /** specify the ciphers to be used by the SSL */
  2811. int SSL_set_cipher_list(SSL *s, const char *str)
  2812. {
  2813. STACK_OF(SSL_CIPHER) *sk;
  2814. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  2815. if (sc == NULL)
  2816. return 0;
  2817. sk = ssl_create_cipher_list(s->ctx, sc->tls13_ciphersuites,
  2818. &sc->cipher_list, &sc->cipher_list_by_id, str,
  2819. sc->cert);
  2820. /* see comment in SSL_CTX_set_cipher_list */
  2821. if (sk == NULL)
  2822. return 0;
  2823. else if (cipher_list_tls12_num(sk) == 0) {
  2824. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
  2825. return 0;
  2826. }
  2827. return 1;
  2828. }
  2829. char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
  2830. {
  2831. char *p;
  2832. STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
  2833. const SSL_CIPHER *c;
  2834. int i;
  2835. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2836. if (sc == NULL)
  2837. return NULL;
  2838. if (!sc->server
  2839. || sc->peer_ciphers == NULL
  2840. || size < 2)
  2841. return NULL;
  2842. p = buf;
  2843. clntsk = sc->peer_ciphers;
  2844. srvrsk = SSL_get_ciphers(s);
  2845. if (clntsk == NULL || srvrsk == NULL)
  2846. return NULL;
  2847. if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
  2848. return NULL;
  2849. for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
  2850. int n;
  2851. c = sk_SSL_CIPHER_value(clntsk, i);
  2852. if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
  2853. continue;
  2854. n = OPENSSL_strnlen(c->name, size);
  2855. if (n >= size) {
  2856. if (p != buf)
  2857. --p;
  2858. *p = '\0';
  2859. return buf;
  2860. }
  2861. memcpy(p, c->name, n);
  2862. p += n;
  2863. *(p++) = ':';
  2864. size -= n + 1;
  2865. }
  2866. p[-1] = '\0';
  2867. return buf;
  2868. }
  2869. /**
  2870. * Return the requested servername (SNI) value. Note that the behaviour varies
  2871. * depending on:
  2872. * - whether this is called by the client or the server,
  2873. * - if we are before or during/after the handshake,
  2874. * - if a resumption or normal handshake is being attempted/has occurred
  2875. * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3
  2876. *
  2877. * Note that only the host_name type is defined (RFC 3546).
  2878. */
  2879. const char *SSL_get_servername(const SSL *s, const int type)
  2880. {
  2881. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  2882. int server;
  2883. if (sc == NULL)
  2884. return NULL;
  2885. /*
  2886. * If we don't know if we are the client or the server yet then we assume
  2887. * client.
  2888. */
  2889. server = sc->handshake_func == NULL ? 0 : sc->server;
  2890. if (type != TLSEXT_NAMETYPE_host_name)
  2891. return NULL;
  2892. if (server) {
  2893. /**
  2894. * Server side
  2895. * In TLSv1.3 on the server SNI is not associated with the session
  2896. * but in TLSv1.2 or below it is.
  2897. *
  2898. * Before the handshake:
  2899. * - return NULL
  2900. *
  2901. * During/after the handshake (TLSv1.2 or below resumption occurred):
  2902. * - If a servername was accepted by the server in the original
  2903. * handshake then it will return that servername, or NULL otherwise.
  2904. *
  2905. * During/after the handshake (TLSv1.2 or below resumption did not occur):
  2906. * - The function will return the servername requested by the client in
  2907. * this handshake or NULL if none was requested.
  2908. */
  2909. if (sc->hit && !SSL_CONNECTION_IS_TLS13(sc))
  2910. return sc->session->ext.hostname;
  2911. } else {
  2912. /**
  2913. * Client side
  2914. *
  2915. * Before the handshake:
  2916. * - If a servername has been set via a call to
  2917. * SSL_set_tlsext_host_name() then it will return that servername
  2918. * - If one has not been set, but a TLSv1.2 resumption is being
  2919. * attempted and the session from the original handshake had a
  2920. * servername accepted by the server then it will return that
  2921. * servername
  2922. * - Otherwise it returns NULL
  2923. *
  2924. * During/after the handshake (TLSv1.2 or below resumption occurred):
  2925. * - If the session from the original handshake had a servername accepted
  2926. * by the server then it will return that servername.
  2927. * - Otherwise it returns the servername set via
  2928. * SSL_set_tlsext_host_name() (or NULL if it was not called).
  2929. *
  2930. * During/after the handshake (TLSv1.2 or below resumption did not occur):
  2931. * - It will return the servername set via SSL_set_tlsext_host_name()
  2932. * (or NULL if it was not called).
  2933. */
  2934. if (SSL_in_before(s)) {
  2935. if (sc->ext.hostname == NULL
  2936. && sc->session != NULL
  2937. && sc->session->ssl_version != TLS1_3_VERSION)
  2938. return sc->session->ext.hostname;
  2939. } else {
  2940. if (!SSL_CONNECTION_IS_TLS13(sc) && sc->hit
  2941. && sc->session->ext.hostname != NULL)
  2942. return sc->session->ext.hostname;
  2943. }
  2944. }
  2945. return sc->ext.hostname;
  2946. }
  2947. int SSL_get_servername_type(const SSL *s)
  2948. {
  2949. if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL)
  2950. return TLSEXT_NAMETYPE_host_name;
  2951. return -1;
  2952. }
  2953. /*
  2954. * SSL_select_next_proto implements the standard protocol selection. It is
  2955. * expected that this function is called from the callback set by
  2956. * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
  2957. * vector of 8-bit, length prefixed byte strings. The length byte itself is
  2958. * not included in the length. A byte string of length 0 is invalid. No byte
  2959. * string may be truncated. The current, but experimental algorithm for
  2960. * selecting the protocol is: 1) If the server doesn't support NPN then this
  2961. * is indicated to the callback. In this case, the client application has to
  2962. * abort the connection or have a default application level protocol. 2) If
  2963. * the server supports NPN, but advertises an empty list then the client
  2964. * selects the first protocol in its list, but indicates via the API that this
  2965. * fallback case was enacted. 3) Otherwise, the client finds the first
  2966. * protocol in the server's list that it supports and selects this protocol.
  2967. * This is because it's assumed that the server has better information about
  2968. * which protocol a client should use. 4) If the client doesn't support any
  2969. * of the server's advertised protocols, then this is treated the same as
  2970. * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
  2971. * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
  2972. */
  2973. int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
  2974. const unsigned char *server,
  2975. unsigned int server_len,
  2976. const unsigned char *client, unsigned int client_len)
  2977. {
  2978. unsigned int i, j;
  2979. const unsigned char *result;
  2980. int status = OPENSSL_NPN_UNSUPPORTED;
  2981. /*
  2982. * For each protocol in server preference order, see if we support it.
  2983. */
  2984. for (i = 0; i < server_len;) {
  2985. for (j = 0; j < client_len;) {
  2986. if (server[i] == client[j] &&
  2987. memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
  2988. /* We found a match */
  2989. result = &server[i];
  2990. status = OPENSSL_NPN_NEGOTIATED;
  2991. goto found;
  2992. }
  2993. j += client[j];
  2994. j++;
  2995. }
  2996. i += server[i];
  2997. i++;
  2998. }
  2999. /* There's no overlap between our protocols and the server's list. */
  3000. result = client;
  3001. status = OPENSSL_NPN_NO_OVERLAP;
  3002. found:
  3003. *out = (unsigned char *)result + 1;
  3004. *outlen = result[0];
  3005. return status;
  3006. }
  3007. #ifndef OPENSSL_NO_NEXTPROTONEG
  3008. /*
  3009. * SSL_get0_next_proto_negotiated sets *data and *len to point to the
  3010. * client's requested protocol for this connection and returns 0. If the
  3011. * client didn't request any protocol, then *data is set to NULL. Note that
  3012. * the client can request any protocol it chooses. The value returned from
  3013. * this function need not be a member of the list of supported protocols
  3014. * provided by the callback.
  3015. */
  3016. void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
  3017. unsigned *len)
  3018. {
  3019. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  3020. if (sc == NULL) {
  3021. /* We have no other way to indicate error */
  3022. *data = NULL;
  3023. *len = 0;
  3024. return;
  3025. }
  3026. *data = sc->ext.npn;
  3027. if (*data == NULL) {
  3028. *len = 0;
  3029. } else {
  3030. *len = (unsigned int)sc->ext.npn_len;
  3031. }
  3032. }
  3033. /*
  3034. * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
  3035. * a TLS server needs a list of supported protocols for Next Protocol
  3036. * Negotiation. The returned list must be in wire format. The list is
  3037. * returned by setting |out| to point to it and |outlen| to its length. This
  3038. * memory will not be modified, but one should assume that the SSL* keeps a
  3039. * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
  3040. * wishes to advertise. Otherwise, no such extension will be included in the
  3041. * ServerHello.
  3042. */
  3043. void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
  3044. SSL_CTX_npn_advertised_cb_func cb,
  3045. void *arg)
  3046. {
  3047. if (IS_QUIC_CTX(ctx))
  3048. /* NPN not allowed for QUIC */
  3049. return;
  3050. ctx->ext.npn_advertised_cb = cb;
  3051. ctx->ext.npn_advertised_cb_arg = arg;
  3052. }
  3053. /*
  3054. * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
  3055. * client needs to select a protocol from the server's provided list. |out|
  3056. * must be set to point to the selected protocol (which may be within |in|).
  3057. * The length of the protocol name must be written into |outlen|. The
  3058. * server's advertised protocols are provided in |in| and |inlen|. The
  3059. * callback can assume that |in| is syntactically valid. The client must
  3060. * select a protocol. It is fatal to the connection if this callback returns
  3061. * a value other than SSL_TLSEXT_ERR_OK.
  3062. */
  3063. void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
  3064. SSL_CTX_npn_select_cb_func cb,
  3065. void *arg)
  3066. {
  3067. if (IS_QUIC_CTX(ctx))
  3068. /* NPN not allowed for QUIC */
  3069. return;
  3070. ctx->ext.npn_select_cb = cb;
  3071. ctx->ext.npn_select_cb_arg = arg;
  3072. }
  3073. #endif
  3074. static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len)
  3075. {
  3076. unsigned int idx;
  3077. if (protos_len < 2 || protos == NULL)
  3078. return 0;
  3079. for (idx = 0; idx < protos_len; idx += protos[idx] + 1) {
  3080. if (protos[idx] == 0)
  3081. return 0;
  3082. }
  3083. return idx == protos_len;
  3084. }
  3085. /*
  3086. * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
  3087. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  3088. * length-prefixed strings). Returns 0 on success.
  3089. */
  3090. int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
  3091. unsigned int protos_len)
  3092. {
  3093. unsigned char *alpn;
  3094. if (protos_len == 0 || protos == NULL) {
  3095. OPENSSL_free(ctx->ext.alpn);
  3096. ctx->ext.alpn = NULL;
  3097. ctx->ext.alpn_len = 0;
  3098. return 0;
  3099. }
  3100. /* Not valid per RFC */
  3101. if (!alpn_value_ok(protos, protos_len))
  3102. return 1;
  3103. alpn = OPENSSL_memdup(protos, protos_len);
  3104. if (alpn == NULL)
  3105. return 1;
  3106. OPENSSL_free(ctx->ext.alpn);
  3107. ctx->ext.alpn = alpn;
  3108. ctx->ext.alpn_len = protos_len;
  3109. return 0;
  3110. }
  3111. /*
  3112. * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
  3113. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
  3114. * length-prefixed strings). Returns 0 on success.
  3115. */
  3116. int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
  3117. unsigned int protos_len)
  3118. {
  3119. unsigned char *alpn;
  3120. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  3121. if (sc == NULL)
  3122. return 1;
  3123. if (protos_len == 0 || protos == NULL) {
  3124. OPENSSL_free(sc->ext.alpn);
  3125. sc->ext.alpn = NULL;
  3126. sc->ext.alpn_len = 0;
  3127. return 0;
  3128. }
  3129. /* Not valid per RFC */
  3130. if (!alpn_value_ok(protos, protos_len))
  3131. return 1;
  3132. alpn = OPENSSL_memdup(protos, protos_len);
  3133. if (alpn == NULL)
  3134. return 1;
  3135. OPENSSL_free(sc->ext.alpn);
  3136. sc->ext.alpn = alpn;
  3137. sc->ext.alpn_len = protos_len;
  3138. return 0;
  3139. }
  3140. /*
  3141. * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
  3142. * called during ClientHello processing in order to select an ALPN protocol
  3143. * from the client's list of offered protocols.
  3144. */
  3145. void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
  3146. SSL_CTX_alpn_select_cb_func cb,
  3147. void *arg)
  3148. {
  3149. ctx->ext.alpn_select_cb = cb;
  3150. ctx->ext.alpn_select_cb_arg = arg;
  3151. }
  3152. /*
  3153. * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
  3154. * On return it sets |*data| to point to |*len| bytes of protocol name
  3155. * (not including the leading length-prefix byte). If the server didn't
  3156. * respond with a negotiated protocol then |*len| will be zero.
  3157. */
  3158. void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
  3159. unsigned int *len)
  3160. {
  3161. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  3162. if (sc == NULL) {
  3163. /* We have no other way to indicate error */
  3164. *data = NULL;
  3165. *len = 0;
  3166. return;
  3167. }
  3168. *data = sc->s3.alpn_selected;
  3169. if (*data == NULL)
  3170. *len = 0;
  3171. else
  3172. *len = (unsigned int)sc->s3.alpn_selected_len;
  3173. }
  3174. int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
  3175. const char *label, size_t llen,
  3176. const unsigned char *context, size_t contextlen,
  3177. int use_context)
  3178. {
  3179. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3180. if (sc == NULL)
  3181. return -1;
  3182. if (sc->session == NULL
  3183. || (sc->version < TLS1_VERSION && sc->version != DTLS1_BAD_VER))
  3184. return -1;
  3185. return sc->ssl.method->ssl3_enc->export_keying_material(sc, out, olen, label,
  3186. llen, context,
  3187. contextlen,
  3188. use_context);
  3189. }
  3190. int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
  3191. const char *label, size_t llen,
  3192. const unsigned char *context,
  3193. size_t contextlen)
  3194. {
  3195. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3196. if (sc == NULL)
  3197. return -1;
  3198. if (sc->version != TLS1_3_VERSION)
  3199. return 0;
  3200. return tls13_export_keying_material_early(sc, out, olen, label, llen,
  3201. context, contextlen);
  3202. }
  3203. static unsigned long ssl_session_hash(const SSL_SESSION *a)
  3204. {
  3205. const unsigned char *session_id = a->session_id;
  3206. unsigned long l;
  3207. unsigned char tmp_storage[4];
  3208. if (a->session_id_length < sizeof(tmp_storage)) {
  3209. memset(tmp_storage, 0, sizeof(tmp_storage));
  3210. memcpy(tmp_storage, a->session_id, a->session_id_length);
  3211. session_id = tmp_storage;
  3212. }
  3213. l = (unsigned long)
  3214. ((unsigned long)session_id[0]) |
  3215. ((unsigned long)session_id[1] << 8L) |
  3216. ((unsigned long)session_id[2] << 16L) |
  3217. ((unsigned long)session_id[3] << 24L);
  3218. return l;
  3219. }
  3220. /*
  3221. * NB: If this function (or indeed the hash function which uses a sort of
  3222. * coarser function than this one) is changed, ensure
  3223. * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
  3224. * being able to construct an SSL_SESSION that will collide with any existing
  3225. * session with a matching session ID.
  3226. */
  3227. static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
  3228. {
  3229. if (a->ssl_version != b->ssl_version)
  3230. return 1;
  3231. if (a->session_id_length != b->session_id_length)
  3232. return 1;
  3233. return memcmp(a->session_id, b->session_id, a->session_id_length);
  3234. }
  3235. /*
  3236. * These wrapper functions should remain rather than redeclaring
  3237. * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
  3238. * variable. The reason is that the functions aren't static, they're exposed
  3239. * via ssl.h.
  3240. */
  3241. SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
  3242. const SSL_METHOD *meth)
  3243. {
  3244. SSL_CTX *ret = NULL;
  3245. #ifndef OPENSSL_NO_COMP_ALG
  3246. int i;
  3247. #endif
  3248. if (meth == NULL) {
  3249. ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_METHOD_PASSED);
  3250. return NULL;
  3251. }
  3252. if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
  3253. return NULL;
  3254. /* Doing this for the run once effect */
  3255. if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
  3256. ERR_raise(ERR_LIB_SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
  3257. goto err;
  3258. }
  3259. ret = OPENSSL_zalloc(sizeof(*ret));
  3260. if (ret == NULL)
  3261. return NULL;
  3262. /* Init the reference counting before any call to SSL_CTX_free */
  3263. if (!CRYPTO_NEW_REF(&ret->references, 1)) {
  3264. OPENSSL_free(ret);
  3265. return NULL;
  3266. }
  3267. ret->lock = CRYPTO_THREAD_lock_new();
  3268. if (ret->lock == NULL) {
  3269. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3270. goto err;
  3271. }
  3272. #ifdef TSAN_REQUIRES_LOCKING
  3273. ret->tsan_lock = CRYPTO_THREAD_lock_new();
  3274. if (ret->tsan_lock == NULL) {
  3275. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3276. goto err;
  3277. }
  3278. #endif
  3279. ret->libctx = libctx;
  3280. if (propq != NULL) {
  3281. ret->propq = OPENSSL_strdup(propq);
  3282. if (ret->propq == NULL)
  3283. goto err;
  3284. }
  3285. ret->method = meth;
  3286. ret->min_proto_version = 0;
  3287. ret->max_proto_version = 0;
  3288. ret->mode = SSL_MODE_AUTO_RETRY;
  3289. ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
  3290. ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
  3291. /* We take the system default. */
  3292. ret->session_timeout = meth->get_timeout();
  3293. ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
  3294. ret->verify_mode = SSL_VERIFY_NONE;
  3295. ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
  3296. if (ret->sessions == NULL) {
  3297. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3298. goto err;
  3299. }
  3300. ret->cert_store = X509_STORE_new();
  3301. if (ret->cert_store == NULL) {
  3302. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  3303. goto err;
  3304. }
  3305. #ifndef OPENSSL_NO_CT
  3306. ret->ctlog_store = CTLOG_STORE_new_ex(libctx, propq);
  3307. if (ret->ctlog_store == NULL) {
  3308. ERR_raise(ERR_LIB_SSL, ERR_R_CT_LIB);
  3309. goto err;
  3310. }
  3311. #endif
  3312. /* initialize cipher/digest methods table */
  3313. if (!ssl_load_ciphers(ret)) {
  3314. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3315. goto err;
  3316. }
  3317. if (!ssl_load_groups(ret)) {
  3318. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3319. goto err;
  3320. }
  3321. /* load provider sigalgs */
  3322. if (!ssl_load_sigalgs(ret)) {
  3323. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3324. goto err;
  3325. }
  3326. /* initialise sig algs */
  3327. if (!ssl_setup_sigalgs(ret)) {
  3328. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3329. goto err;
  3330. }
  3331. if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) {
  3332. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3333. goto err;
  3334. }
  3335. if ((ret->cert = ssl_cert_new(SSL_PKEY_NUM + ret->sigalg_list_len)) == NULL) {
  3336. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3337. goto err;
  3338. }
  3339. if (!ssl_create_cipher_list(ret,
  3340. ret->tls13_ciphersuites,
  3341. &ret->cipher_list, &ret->cipher_list_by_id,
  3342. OSSL_default_cipher_list(), ret->cert)
  3343. || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
  3344. ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
  3345. goto err;
  3346. }
  3347. ret->param = X509_VERIFY_PARAM_new();
  3348. if (ret->param == NULL) {
  3349. ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
  3350. goto err;
  3351. }
  3352. /*
  3353. * If these aren't available from the provider we'll get NULL returns.
  3354. * That's fine but will cause errors later if SSLv3 is negotiated
  3355. */
  3356. ret->md5 = ssl_evp_md_fetch(libctx, NID_md5, propq);
  3357. ret->sha1 = ssl_evp_md_fetch(libctx, NID_sha1, propq);
  3358. if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) {
  3359. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3360. goto err;
  3361. }
  3362. if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL) {
  3363. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3364. goto err;
  3365. }
  3366. if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data)) {
  3367. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  3368. goto err;
  3369. }
  3370. if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
  3371. goto err;
  3372. /* No compression for DTLS */
  3373. if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
  3374. ret->comp_methods = SSL_COMP_get_compression_methods();
  3375. ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  3376. ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
  3377. /* Setup RFC5077 ticket keys */
  3378. if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name,
  3379. sizeof(ret->ext.tick_key_name), 0) <= 0)
  3380. || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key,
  3381. sizeof(ret->ext.secure->tick_hmac_key), 0) <= 0)
  3382. || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key,
  3383. sizeof(ret->ext.secure->tick_aes_key), 0) <= 0))
  3384. ret->options |= SSL_OP_NO_TICKET;
  3385. if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key,
  3386. sizeof(ret->ext.cookie_hmac_key), 0) <= 0) {
  3387. ERR_raise(ERR_LIB_SSL, ERR_R_RAND_LIB);
  3388. goto err;
  3389. }
  3390. #ifndef OPENSSL_NO_SRP
  3391. if (!ssl_ctx_srp_ctx_init_intern(ret)) {
  3392. ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
  3393. goto err;
  3394. }
  3395. #endif
  3396. #ifndef OPENSSL_NO_ENGINE
  3397. # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
  3398. # define eng_strx(x) #x
  3399. # define eng_str(x) eng_strx(x)
  3400. /* Use specific client engine automatically... ignore errors */
  3401. {
  3402. ENGINE *eng;
  3403. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  3404. if (!eng) {
  3405. ERR_clear_error();
  3406. ENGINE_load_builtin_engines();
  3407. eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
  3408. }
  3409. if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
  3410. ERR_clear_error();
  3411. }
  3412. # endif
  3413. #endif
  3414. #ifndef OPENSSL_NO_COMP_ALG
  3415. /*
  3416. * Set the default order: brotli, zlib, zstd
  3417. * Including only those enabled algorithms
  3418. */
  3419. memset(ret->cert_comp_prefs, 0, sizeof(ret->cert_comp_prefs));
  3420. i = 0;
  3421. if (ossl_comp_has_alg(TLSEXT_comp_cert_brotli))
  3422. ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_brotli;
  3423. if (ossl_comp_has_alg(TLSEXT_comp_cert_zlib))
  3424. ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_zlib;
  3425. if (ossl_comp_has_alg(TLSEXT_comp_cert_zstd))
  3426. ret->cert_comp_prefs[i++] = TLSEXT_comp_cert_zstd;
  3427. #endif
  3428. /*
  3429. * Disable compression by default to prevent CRIME. Applications can
  3430. * re-enable compression by configuring
  3431. * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
  3432. * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
  3433. * middlebox compatibility by default. This may be disabled by default in
  3434. * a later OpenSSL version.
  3435. */
  3436. ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
  3437. ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
  3438. /*
  3439. * We cannot usefully set a default max_early_data here (which gets
  3440. * propagated in SSL_new(), for the following reason: setting the
  3441. * SSL field causes tls_construct_stoc_early_data() to tell the
  3442. * client that early data will be accepted when constructing a TLS 1.3
  3443. * session ticket, and the client will accordingly send us early data
  3444. * when using that ticket (if the client has early data to send).
  3445. * However, in order for the early data to actually be consumed by
  3446. * the application, the application must also have calls to
  3447. * SSL_read_early_data(); otherwise we'll just skip past the early data
  3448. * and ignore it. So, since the application must add calls to
  3449. * SSL_read_early_data(), we also require them to add
  3450. * calls to SSL_CTX_set_max_early_data() in order to use early data,
  3451. * eliminating the bandwidth-wasting early data in the case described
  3452. * above.
  3453. */
  3454. ret->max_early_data = 0;
  3455. /*
  3456. * Default recv_max_early_data is a fully loaded single record. Could be
  3457. * split across multiple records in practice. We set this differently to
  3458. * max_early_data so that, in the default case, we do not advertise any
  3459. * support for early_data, but if a client were to send us some (e.g.
  3460. * because of an old, stale ticket) then we will tolerate it and skip over
  3461. * it.
  3462. */
  3463. ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
  3464. /* By default we send two session tickets automatically in TLSv1.3 */
  3465. ret->num_tickets = 2;
  3466. if (!ssl_ctx_system_config(ret)) {
  3467. ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_IN_SYSTEM_DEFAULT_CONFIG);
  3468. goto err;
  3469. }
  3470. return ret;
  3471. err:
  3472. SSL_CTX_free(ret);
  3473. return NULL;
  3474. }
  3475. SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
  3476. {
  3477. return SSL_CTX_new_ex(NULL, NULL, meth);
  3478. }
  3479. int SSL_CTX_up_ref(SSL_CTX *ctx)
  3480. {
  3481. int i;
  3482. if (CRYPTO_UP_REF(&ctx->references, &i) <= 0)
  3483. return 0;
  3484. REF_PRINT_COUNT("SSL_CTX", ctx);
  3485. REF_ASSERT_ISNT(i < 2);
  3486. return ((i > 1) ? 1 : 0);
  3487. }
  3488. void SSL_CTX_free(SSL_CTX *a)
  3489. {
  3490. int i;
  3491. size_t j;
  3492. if (a == NULL)
  3493. return;
  3494. CRYPTO_DOWN_REF(&a->references, &i);
  3495. REF_PRINT_COUNT("SSL_CTX", a);
  3496. if (i > 0)
  3497. return;
  3498. REF_ASSERT_ISNT(i < 0);
  3499. X509_VERIFY_PARAM_free(a->param);
  3500. dane_ctx_final(&a->dane);
  3501. /*
  3502. * Free internal session cache. However: the remove_cb() may reference
  3503. * the ex_data of SSL_CTX, thus the ex_data store can only be removed
  3504. * after the sessions were flushed.
  3505. * As the ex_data handling routines might also touch the session cache,
  3506. * the most secure solution seems to be: empty (flush) the cache, then
  3507. * free ex_data, then finally free the cache.
  3508. * (See ticket [openssl.org #212].)
  3509. */
  3510. if (a->sessions != NULL)
  3511. SSL_CTX_flush_sessions(a, 0);
  3512. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
  3513. lh_SSL_SESSION_free(a->sessions);
  3514. X509_STORE_free(a->cert_store);
  3515. #ifndef OPENSSL_NO_CT
  3516. CTLOG_STORE_free(a->ctlog_store);
  3517. #endif
  3518. sk_SSL_CIPHER_free(a->cipher_list);
  3519. sk_SSL_CIPHER_free(a->cipher_list_by_id);
  3520. sk_SSL_CIPHER_free(a->tls13_ciphersuites);
  3521. ssl_cert_free(a->cert);
  3522. sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
  3523. sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
  3524. OSSL_STACK_OF_X509_free(a->extra_certs);
  3525. a->comp_methods = NULL;
  3526. #ifndef OPENSSL_NO_SRTP
  3527. sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
  3528. #endif
  3529. #ifndef OPENSSL_NO_SRP
  3530. ssl_ctx_srp_ctx_free_intern(a);
  3531. #endif
  3532. #ifndef OPENSSL_NO_ENGINE
  3533. tls_engine_finish(a->client_cert_engine);
  3534. #endif
  3535. OPENSSL_free(a->ext.ecpointformats);
  3536. OPENSSL_free(a->ext.supportedgroups);
  3537. OPENSSL_free(a->ext.supported_groups_default);
  3538. OPENSSL_free(a->ext.alpn);
  3539. OPENSSL_secure_free(a->ext.secure);
  3540. ssl_evp_md_free(a->md5);
  3541. ssl_evp_md_free(a->sha1);
  3542. for (j = 0; j < SSL_ENC_NUM_IDX; j++)
  3543. ssl_evp_cipher_free(a->ssl_cipher_methods[j]);
  3544. for (j = 0; j < SSL_MD_NUM_IDX; j++)
  3545. ssl_evp_md_free(a->ssl_digest_methods[j]);
  3546. for (j = 0; j < a->group_list_len; j++) {
  3547. OPENSSL_free(a->group_list[j].tlsname);
  3548. OPENSSL_free(a->group_list[j].realname);
  3549. OPENSSL_free(a->group_list[j].algorithm);
  3550. }
  3551. OPENSSL_free(a->group_list);
  3552. for (j = 0; j < a->sigalg_list_len; j++) {
  3553. OPENSSL_free(a->sigalg_list[j].name);
  3554. OPENSSL_free(a->sigalg_list[j].sigalg_name);
  3555. OPENSSL_free(a->sigalg_list[j].sigalg_oid);
  3556. OPENSSL_free(a->sigalg_list[j].sig_name);
  3557. OPENSSL_free(a->sigalg_list[j].sig_oid);
  3558. OPENSSL_free(a->sigalg_list[j].hash_name);
  3559. OPENSSL_free(a->sigalg_list[j].hash_oid);
  3560. OPENSSL_free(a->sigalg_list[j].keytype);
  3561. OPENSSL_free(a->sigalg_list[j].keytype_oid);
  3562. }
  3563. OPENSSL_free(a->sigalg_list);
  3564. OPENSSL_free(a->ssl_cert_info);
  3565. OPENSSL_free(a->sigalg_lookup_cache);
  3566. OPENSSL_free(a->tls12_sigalgs);
  3567. OPENSSL_free(a->client_cert_type);
  3568. OPENSSL_free(a->server_cert_type);
  3569. CRYPTO_THREAD_lock_free(a->lock);
  3570. CRYPTO_FREE_REF(&a->references);
  3571. #ifdef TSAN_REQUIRES_LOCKING
  3572. CRYPTO_THREAD_lock_free(a->tsan_lock);
  3573. #endif
  3574. OPENSSL_free(a->propq);
  3575. #ifndef OPENSSL_NO_QLOG
  3576. OPENSSL_free(a->qlog_title);
  3577. #endif
  3578. OPENSSL_free(a);
  3579. }
  3580. void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
  3581. {
  3582. ctx->default_passwd_callback = cb;
  3583. }
  3584. void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
  3585. {
  3586. ctx->default_passwd_callback_userdata = u;
  3587. }
  3588. pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
  3589. {
  3590. return ctx->default_passwd_callback;
  3591. }
  3592. void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
  3593. {
  3594. return ctx->default_passwd_callback_userdata;
  3595. }
  3596. void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
  3597. {
  3598. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3599. if (sc == NULL)
  3600. return;
  3601. sc->default_passwd_callback = cb;
  3602. }
  3603. void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
  3604. {
  3605. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3606. if (sc == NULL)
  3607. return;
  3608. sc->default_passwd_callback_userdata = u;
  3609. }
  3610. pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
  3611. {
  3612. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3613. if (sc == NULL)
  3614. return NULL;
  3615. return sc->default_passwd_callback;
  3616. }
  3617. void *SSL_get_default_passwd_cb_userdata(SSL *s)
  3618. {
  3619. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3620. if (sc == NULL)
  3621. return NULL;
  3622. return sc->default_passwd_callback_userdata;
  3623. }
  3624. void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
  3625. int (*cb) (X509_STORE_CTX *, void *),
  3626. void *arg)
  3627. {
  3628. ctx->app_verify_callback = cb;
  3629. ctx->app_verify_arg = arg;
  3630. }
  3631. void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
  3632. int (*cb) (int, X509_STORE_CTX *))
  3633. {
  3634. ctx->verify_mode = mode;
  3635. ctx->default_verify_callback = cb;
  3636. }
  3637. void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
  3638. {
  3639. X509_VERIFY_PARAM_set_depth(ctx->param, depth);
  3640. }
  3641. void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
  3642. {
  3643. ssl_cert_set_cert_cb(c->cert, cb, arg);
  3644. }
  3645. void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
  3646. {
  3647. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3648. if (sc == NULL)
  3649. return;
  3650. ssl_cert_set_cert_cb(sc->cert, cb, arg);
  3651. }
  3652. void ssl_set_masks(SSL_CONNECTION *s)
  3653. {
  3654. CERT *c = s->cert;
  3655. uint32_t *pvalid = s->s3.tmp.valid_flags;
  3656. int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
  3657. unsigned long mask_k, mask_a;
  3658. int have_ecc_cert, ecdsa_ok;
  3659. if (c == NULL)
  3660. return;
  3661. dh_tmp = (c->dh_tmp != NULL
  3662. || c->dh_tmp_cb != NULL
  3663. || c->dh_tmp_auto);
  3664. rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  3665. rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
  3666. dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
  3667. have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
  3668. mask_k = 0;
  3669. mask_a = 0;
  3670. OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n",
  3671. dh_tmp, rsa_enc, rsa_sign, dsa_sign);
  3672. #ifndef OPENSSL_NO_GOST
  3673. if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
  3674. mask_k |= SSL_kGOST | SSL_kGOST18;
  3675. mask_a |= SSL_aGOST12;
  3676. }
  3677. if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
  3678. mask_k |= SSL_kGOST | SSL_kGOST18;
  3679. mask_a |= SSL_aGOST12;
  3680. }
  3681. if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
  3682. mask_k |= SSL_kGOST;
  3683. mask_a |= SSL_aGOST01;
  3684. }
  3685. #endif
  3686. if (rsa_enc)
  3687. mask_k |= SSL_kRSA;
  3688. if (dh_tmp)
  3689. mask_k |= SSL_kDHE;
  3690. /*
  3691. * If we only have an RSA-PSS certificate allow RSA authentication
  3692. * if TLS 1.2 and peer supports it.
  3693. */
  3694. if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
  3695. && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
  3696. && TLS1_get_version(&s->ssl) == TLS1_2_VERSION))
  3697. mask_a |= SSL_aRSA;
  3698. if (dsa_sign) {
  3699. mask_a |= SSL_aDSS;
  3700. }
  3701. mask_a |= SSL_aNULL;
  3702. /*
  3703. * You can do anything with an RPK key, since there's no cert to restrict it
  3704. * But we need to check for private keys
  3705. */
  3706. if (pvalid[SSL_PKEY_RSA] & CERT_PKEY_RPK) {
  3707. mask_a |= SSL_aRSA;
  3708. mask_k |= SSL_kRSA;
  3709. }
  3710. if (pvalid[SSL_PKEY_ECC] & CERT_PKEY_RPK)
  3711. mask_a |= SSL_aECDSA;
  3712. if (TLS1_get_version(&s->ssl) == TLS1_2_VERSION) {
  3713. if (pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_RPK)
  3714. mask_a |= SSL_aRSA;
  3715. if (pvalid[SSL_PKEY_ED25519] & CERT_PKEY_RPK
  3716. || pvalid[SSL_PKEY_ED448] & CERT_PKEY_RPK)
  3717. mask_a |= SSL_aECDSA;
  3718. }
  3719. /*
  3720. * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
  3721. * depending on the key usage extension.
  3722. */
  3723. if (have_ecc_cert) {
  3724. uint32_t ex_kusage;
  3725. ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
  3726. ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
  3727. if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
  3728. ecdsa_ok = 0;
  3729. if (ecdsa_ok)
  3730. mask_a |= SSL_aECDSA;
  3731. }
  3732. /* Allow Ed25519 for TLS 1.2 if peer supports it */
  3733. if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
  3734. && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
  3735. && TLS1_get_version(&s->ssl) == TLS1_2_VERSION)
  3736. mask_a |= SSL_aECDSA;
  3737. /* Allow Ed448 for TLS 1.2 if peer supports it */
  3738. if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
  3739. && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
  3740. && TLS1_get_version(&s->ssl) == TLS1_2_VERSION)
  3741. mask_a |= SSL_aECDSA;
  3742. mask_k |= SSL_kECDHE;
  3743. #ifndef OPENSSL_NO_PSK
  3744. mask_k |= SSL_kPSK;
  3745. mask_a |= SSL_aPSK;
  3746. if (mask_k & SSL_kRSA)
  3747. mask_k |= SSL_kRSAPSK;
  3748. if (mask_k & SSL_kDHE)
  3749. mask_k |= SSL_kDHEPSK;
  3750. if (mask_k & SSL_kECDHE)
  3751. mask_k |= SSL_kECDHEPSK;
  3752. #endif
  3753. s->s3.tmp.mask_k = mask_k;
  3754. s->s3.tmp.mask_a = mask_a;
  3755. }
  3756. int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CONNECTION *s)
  3757. {
  3758. if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
  3759. /* key usage, if present, must allow signing */
  3760. if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
  3761. ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
  3762. return 0;
  3763. }
  3764. }
  3765. return 1; /* all checks are ok */
  3766. }
  3767. int ssl_get_server_cert_serverinfo(SSL_CONNECTION *s,
  3768. const unsigned char **serverinfo,
  3769. size_t *serverinfo_length)
  3770. {
  3771. CERT_PKEY *cpk = s->s3.tmp.cert;
  3772. *serverinfo_length = 0;
  3773. if (cpk == NULL || cpk->serverinfo == NULL)
  3774. return 0;
  3775. *serverinfo = cpk->serverinfo;
  3776. *serverinfo_length = cpk->serverinfo_length;
  3777. return 1;
  3778. }
  3779. void ssl_update_cache(SSL_CONNECTION *s, int mode)
  3780. {
  3781. int i;
  3782. /*
  3783. * If the session_id_length is 0, we are not supposed to cache it, and it
  3784. * would be rather hard to do anyway :-). Also if the session has already
  3785. * been marked as not_resumable we should not cache it for later reuse.
  3786. */
  3787. if (s->session->session_id_length == 0 || s->session->not_resumable)
  3788. return;
  3789. /*
  3790. * If sid_ctx_length is 0 there is no specific application context
  3791. * associated with this session, so when we try to resume it and
  3792. * SSL_VERIFY_PEER is requested to verify the client identity, we have no
  3793. * indication that this is actually a session for the proper application
  3794. * context, and the *handshake* will fail, not just the resumption attempt.
  3795. * Do not cache (on the server) these sessions that are not resumable
  3796. * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
  3797. */
  3798. if (s->server && s->session->sid_ctx_length == 0
  3799. && (s->verify_mode & SSL_VERIFY_PEER) != 0)
  3800. return;
  3801. i = s->session_ctx->session_cache_mode;
  3802. if ((i & mode) != 0
  3803. && (!s->hit || SSL_CONNECTION_IS_TLS13(s))) {
  3804. /*
  3805. * Add the session to the internal cache. In server side TLSv1.3 we
  3806. * normally don't do this because by default it's a full stateless ticket
  3807. * with only a dummy session id so there is no reason to cache it,
  3808. * unless:
  3809. * - we are doing early_data, in which case we cache so that we can
  3810. * detect replays
  3811. * - the application has set a remove_session_cb so needs to know about
  3812. * session timeout events
  3813. * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
  3814. */
  3815. if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
  3816. && (!SSL_CONNECTION_IS_TLS13(s)
  3817. || !s->server
  3818. || (s->max_early_data > 0
  3819. && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
  3820. || s->session_ctx->remove_session_cb != NULL
  3821. || (s->options & SSL_OP_NO_TICKET) != 0))
  3822. SSL_CTX_add_session(s->session_ctx, s->session);
  3823. /*
  3824. * Add the session to the external cache. We do this even in server side
  3825. * TLSv1.3 without early data because some applications just want to
  3826. * know about the creation of a session and aren't doing a full cache.
  3827. */
  3828. if (s->session_ctx->new_session_cb != NULL) {
  3829. SSL_SESSION_up_ref(s->session);
  3830. if (!s->session_ctx->new_session_cb(SSL_CONNECTION_GET_SSL(s),
  3831. s->session))
  3832. SSL_SESSION_free(s->session);
  3833. }
  3834. }
  3835. /* auto flush every 255 connections */
  3836. if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
  3837. TSAN_QUALIFIER int *stat;
  3838. if (mode & SSL_SESS_CACHE_CLIENT)
  3839. stat = &s->session_ctx->stats.sess_connect_good;
  3840. else
  3841. stat = &s->session_ctx->stats.sess_accept_good;
  3842. if ((ssl_tsan_load(s->session_ctx, stat) & 0xff) == 0xff)
  3843. SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
  3844. }
  3845. }
  3846. const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
  3847. {
  3848. return ctx->method;
  3849. }
  3850. const SSL_METHOD *SSL_get_ssl_method(const SSL *s)
  3851. {
  3852. return s->method;
  3853. }
  3854. int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
  3855. {
  3856. int ret = 1;
  3857. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3858. /* Not allowed for QUIC */
  3859. if (sc == NULL
  3860. || (s->type != SSL_TYPE_SSL_CONNECTION && s->method != meth)
  3861. || (s->type == SSL_TYPE_SSL_CONNECTION && IS_QUIC_METHOD(meth)))
  3862. return 0;
  3863. if (s->method != meth) {
  3864. const SSL_METHOD *sm = s->method;
  3865. int (*hf) (SSL *) = sc->handshake_func;
  3866. if (sm->version == meth->version)
  3867. s->method = meth;
  3868. else {
  3869. sm->ssl_deinit(s);
  3870. s->method = meth;
  3871. ret = s->method->ssl_init(s);
  3872. }
  3873. if (hf == sm->ssl_connect)
  3874. sc->handshake_func = meth->ssl_connect;
  3875. else if (hf == sm->ssl_accept)
  3876. sc->handshake_func = meth->ssl_accept;
  3877. }
  3878. return ret;
  3879. }
  3880. int SSL_get_error(const SSL *s, int i)
  3881. {
  3882. return ossl_ssl_get_error(s, i, /*check_err=*/1);
  3883. }
  3884. int ossl_ssl_get_error(const SSL *s, int i, int check_err)
  3885. {
  3886. int reason;
  3887. unsigned long l;
  3888. BIO *bio;
  3889. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  3890. if (i > 0)
  3891. return SSL_ERROR_NONE;
  3892. #ifndef OPENSSL_NO_QUIC
  3893. if (IS_QUIC(s)) {
  3894. reason = ossl_quic_get_error(s, i);
  3895. if (reason != SSL_ERROR_NONE)
  3896. return reason;
  3897. }
  3898. #endif
  3899. if (sc == NULL)
  3900. return SSL_ERROR_SSL;
  3901. /*
  3902. * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
  3903. * where we do encode the error
  3904. */
  3905. if (check_err && (l = ERR_peek_error()) != 0) {
  3906. if (ERR_GET_LIB(l) == ERR_LIB_SYS)
  3907. return SSL_ERROR_SYSCALL;
  3908. else
  3909. return SSL_ERROR_SSL;
  3910. }
  3911. #ifndef OPENSSL_NO_QUIC
  3912. if (!IS_QUIC(s))
  3913. #endif
  3914. {
  3915. if (SSL_want_read(s)) {
  3916. bio = SSL_get_rbio(s);
  3917. if (BIO_should_read(bio))
  3918. return SSL_ERROR_WANT_READ;
  3919. else if (BIO_should_write(bio))
  3920. /*
  3921. * This one doesn't make too much sense ... We never try to
  3922. * write to the rbio, and an application program where rbio and
  3923. * wbio are separate couldn't even know what it should wait for.
  3924. * However if we ever set s->rwstate incorrectly (so that we
  3925. * have SSL_want_read(s) instead of SSL_want_write(s)) and rbio
  3926. * and wbio *are* the same, this test works around that bug; so
  3927. * it might be safer to keep it.
  3928. */
  3929. return SSL_ERROR_WANT_WRITE;
  3930. else if (BIO_should_io_special(bio)) {
  3931. reason = BIO_get_retry_reason(bio);
  3932. if (reason == BIO_RR_CONNECT)
  3933. return SSL_ERROR_WANT_CONNECT;
  3934. else if (reason == BIO_RR_ACCEPT)
  3935. return SSL_ERROR_WANT_ACCEPT;
  3936. else
  3937. return SSL_ERROR_SYSCALL; /* unknown */
  3938. }
  3939. }
  3940. if (SSL_want_write(s)) {
  3941. /*
  3942. * Access wbio directly - in order to use the buffered bio if
  3943. * present
  3944. */
  3945. bio = sc->wbio;
  3946. if (BIO_should_write(bio))
  3947. return SSL_ERROR_WANT_WRITE;
  3948. else if (BIO_should_read(bio))
  3949. /*
  3950. * See above (SSL_want_read(s) with BIO_should_write(bio))
  3951. */
  3952. return SSL_ERROR_WANT_READ;
  3953. else if (BIO_should_io_special(bio)) {
  3954. reason = BIO_get_retry_reason(bio);
  3955. if (reason == BIO_RR_CONNECT)
  3956. return SSL_ERROR_WANT_CONNECT;
  3957. else if (reason == BIO_RR_ACCEPT)
  3958. return SSL_ERROR_WANT_ACCEPT;
  3959. else
  3960. return SSL_ERROR_SYSCALL;
  3961. }
  3962. }
  3963. }
  3964. if (SSL_want_x509_lookup(s))
  3965. return SSL_ERROR_WANT_X509_LOOKUP;
  3966. if (SSL_want_retry_verify(s))
  3967. return SSL_ERROR_WANT_RETRY_VERIFY;
  3968. if (SSL_want_async(s))
  3969. return SSL_ERROR_WANT_ASYNC;
  3970. if (SSL_want_async_job(s))
  3971. return SSL_ERROR_WANT_ASYNC_JOB;
  3972. if (SSL_want_client_hello_cb(s))
  3973. return SSL_ERROR_WANT_CLIENT_HELLO_CB;
  3974. if ((sc->shutdown & SSL_RECEIVED_SHUTDOWN) &&
  3975. (sc->s3.warn_alert == SSL_AD_CLOSE_NOTIFY))
  3976. return SSL_ERROR_ZERO_RETURN;
  3977. return SSL_ERROR_SYSCALL;
  3978. }
  3979. static int ssl_do_handshake_intern(void *vargs)
  3980. {
  3981. struct ssl_async_args *args = (struct ssl_async_args *)vargs;
  3982. SSL *s = args->s;
  3983. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3984. if (sc == NULL)
  3985. return -1;
  3986. return sc->handshake_func(s);
  3987. }
  3988. int SSL_do_handshake(SSL *s)
  3989. {
  3990. int ret = 1;
  3991. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  3992. #ifndef OPENSSL_NO_QUIC
  3993. if (IS_QUIC(s))
  3994. return ossl_quic_do_handshake(s);
  3995. #endif
  3996. if (sc->handshake_func == NULL) {
  3997. ERR_raise(ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
  3998. return -1;
  3999. }
  4000. ossl_statem_check_finish_init(sc, -1);
  4001. s->method->ssl_renegotiate_check(s, 0);
  4002. if (SSL_in_init(s) || SSL_in_before(s)) {
  4003. if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
  4004. struct ssl_async_args args;
  4005. memset(&args, 0, sizeof(args));
  4006. args.s = s;
  4007. ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
  4008. } else {
  4009. ret = sc->handshake_func(s);
  4010. }
  4011. }
  4012. return ret;
  4013. }
  4014. void SSL_set_accept_state(SSL *s)
  4015. {
  4016. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4017. #ifndef OPENSSL_NO_QUIC
  4018. if (IS_QUIC(s)) {
  4019. ossl_quic_set_accept_state(s);
  4020. return;
  4021. }
  4022. #endif
  4023. sc->server = 1;
  4024. sc->shutdown = 0;
  4025. ossl_statem_clear(sc);
  4026. sc->handshake_func = s->method->ssl_accept;
  4027. /* Ignore return value. Its a void public API function */
  4028. RECORD_LAYER_reset(&sc->rlayer);
  4029. }
  4030. void SSL_set_connect_state(SSL *s)
  4031. {
  4032. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4033. #ifndef OPENSSL_NO_QUIC
  4034. if (IS_QUIC(s)) {
  4035. ossl_quic_set_connect_state(s);
  4036. return;
  4037. }
  4038. #endif
  4039. sc->server = 0;
  4040. sc->shutdown = 0;
  4041. ossl_statem_clear(sc);
  4042. sc->handshake_func = s->method->ssl_connect;
  4043. /* Ignore return value. Its a void public API function */
  4044. RECORD_LAYER_reset(&sc->rlayer);
  4045. }
  4046. int ssl_undefined_function(SSL *s)
  4047. {
  4048. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  4049. return 0;
  4050. }
  4051. int ssl_undefined_void_function(void)
  4052. {
  4053. ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  4054. return 0;
  4055. }
  4056. int ssl_undefined_const_function(const SSL *s)
  4057. {
  4058. return 0;
  4059. }
  4060. const char *ssl_protocol_to_string(int version)
  4061. {
  4062. switch (version)
  4063. {
  4064. case TLS1_3_VERSION:
  4065. return "TLSv1.3";
  4066. case TLS1_2_VERSION:
  4067. return "TLSv1.2";
  4068. case TLS1_1_VERSION:
  4069. return "TLSv1.1";
  4070. case TLS1_VERSION:
  4071. return "TLSv1";
  4072. case SSL3_VERSION:
  4073. return "SSLv3";
  4074. case DTLS1_BAD_VER:
  4075. return "DTLSv0.9";
  4076. case DTLS1_VERSION:
  4077. return "DTLSv1";
  4078. case DTLS1_2_VERSION:
  4079. return "DTLSv1.2";
  4080. default:
  4081. return "unknown";
  4082. }
  4083. }
  4084. const char *SSL_get_version(const SSL *s)
  4085. {
  4086. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4087. #ifndef OPENSSL_NO_QUIC
  4088. /* We only support QUICv1 - so if its QUIC its QUICv1 */
  4089. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  4090. return "QUICv1";
  4091. #endif
  4092. if (sc == NULL)
  4093. return NULL;
  4094. return ssl_protocol_to_string(sc->version);
  4095. }
  4096. __owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt)
  4097. {
  4098. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4099. if (sc == NULL)
  4100. return -1;
  4101. if (sc->ts_msg_write.t <= 0 || sc->ts_msg_read.t <= 0)
  4102. return 0; /* data not (yet) available */
  4103. if (sc->ts_msg_read.t < sc->ts_msg_write.t)
  4104. return -1;
  4105. *rtt = ossl_time2us(ossl_time_subtract(sc->ts_msg_read, sc->ts_msg_write));
  4106. return 1;
  4107. }
  4108. static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
  4109. {
  4110. STACK_OF(X509_NAME) *sk;
  4111. X509_NAME *xn;
  4112. int i;
  4113. if (src == NULL) {
  4114. *dst = NULL;
  4115. return 1;
  4116. }
  4117. if ((sk = sk_X509_NAME_new_null()) == NULL)
  4118. return 0;
  4119. for (i = 0; i < sk_X509_NAME_num(src); i++) {
  4120. xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
  4121. if (xn == NULL) {
  4122. sk_X509_NAME_pop_free(sk, X509_NAME_free);
  4123. return 0;
  4124. }
  4125. if (sk_X509_NAME_insert(sk, xn, i) == 0) {
  4126. X509_NAME_free(xn);
  4127. sk_X509_NAME_pop_free(sk, X509_NAME_free);
  4128. return 0;
  4129. }
  4130. }
  4131. *dst = sk;
  4132. return 1;
  4133. }
  4134. SSL *SSL_dup(SSL *s)
  4135. {
  4136. SSL *ret;
  4137. int i;
  4138. /* TODO(QUIC FUTURE): Add a SSL_METHOD function for duplication */
  4139. SSL_CONNECTION *retsc;
  4140. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4141. if (sc == NULL)
  4142. return NULL;
  4143. /* If we're not quiescent, just up_ref! */
  4144. if (!SSL_in_init(s) || !SSL_in_before(s)) {
  4145. CRYPTO_UP_REF(&s->references, &i);
  4146. return s;
  4147. }
  4148. /*
  4149. * Otherwise, copy configuration state, and session if set.
  4150. */
  4151. if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
  4152. return NULL;
  4153. if ((retsc = SSL_CONNECTION_FROM_SSL_ONLY(ret)) == NULL)
  4154. goto err;
  4155. if (sc->session != NULL) {
  4156. /*
  4157. * Arranges to share the same session via up_ref. This "copies"
  4158. * session-id, SSL_METHOD, sid_ctx, and 'cert'
  4159. */
  4160. if (!SSL_copy_session_id(ret, s))
  4161. goto err;
  4162. } else {
  4163. /*
  4164. * No session has been established yet, so we have to expect that
  4165. * s->cert or ret->cert will be changed later -- they should not both
  4166. * point to the same object, and thus we can't use
  4167. * SSL_copy_session_id.
  4168. */
  4169. if (!SSL_set_ssl_method(ret, s->method))
  4170. goto err;
  4171. if (sc->cert != NULL) {
  4172. ssl_cert_free(retsc->cert);
  4173. retsc->cert = ssl_cert_dup(sc->cert);
  4174. if (retsc->cert == NULL)
  4175. goto err;
  4176. }
  4177. if (!SSL_set_session_id_context(ret, sc->sid_ctx,
  4178. (int)sc->sid_ctx_length))
  4179. goto err;
  4180. }
  4181. if (!ssl_dane_dup(retsc, sc))
  4182. goto err;
  4183. retsc->version = sc->version;
  4184. retsc->options = sc->options;
  4185. retsc->min_proto_version = sc->min_proto_version;
  4186. retsc->max_proto_version = sc->max_proto_version;
  4187. retsc->mode = sc->mode;
  4188. SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
  4189. SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
  4190. retsc->msg_callback = sc->msg_callback;
  4191. retsc->msg_callback_arg = sc->msg_callback_arg;
  4192. SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
  4193. SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
  4194. retsc->generate_session_id = sc->generate_session_id;
  4195. SSL_set_info_callback(ret, SSL_get_info_callback(s));
  4196. /* copy app data, a little dangerous perhaps */
  4197. if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
  4198. goto err;
  4199. retsc->server = sc->server;
  4200. if (sc->handshake_func) {
  4201. if (sc->server)
  4202. SSL_set_accept_state(ret);
  4203. else
  4204. SSL_set_connect_state(ret);
  4205. }
  4206. retsc->shutdown = sc->shutdown;
  4207. retsc->hit = sc->hit;
  4208. retsc->default_passwd_callback = sc->default_passwd_callback;
  4209. retsc->default_passwd_callback_userdata = sc->default_passwd_callback_userdata;
  4210. X509_VERIFY_PARAM_inherit(retsc->param, sc->param);
  4211. /* dup the cipher_list and cipher_list_by_id stacks */
  4212. if (sc->cipher_list != NULL) {
  4213. if ((retsc->cipher_list = sk_SSL_CIPHER_dup(sc->cipher_list)) == NULL)
  4214. goto err;
  4215. }
  4216. if (sc->cipher_list_by_id != NULL)
  4217. if ((retsc->cipher_list_by_id = sk_SSL_CIPHER_dup(sc->cipher_list_by_id))
  4218. == NULL)
  4219. goto err;
  4220. /* Dup the client_CA list */
  4221. if (!dup_ca_names(&retsc->ca_names, sc->ca_names)
  4222. || !dup_ca_names(&retsc->client_ca_names, sc->client_ca_names))
  4223. goto err;
  4224. return ret;
  4225. err:
  4226. SSL_free(ret);
  4227. return NULL;
  4228. }
  4229. X509 *SSL_get_certificate(const SSL *s)
  4230. {
  4231. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4232. if (sc == NULL)
  4233. return NULL;
  4234. if (sc->cert != NULL)
  4235. return sc->cert->key->x509;
  4236. else
  4237. return NULL;
  4238. }
  4239. EVP_PKEY *SSL_get_privatekey(const SSL *s)
  4240. {
  4241. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4242. if (sc == NULL)
  4243. return NULL;
  4244. if (sc->cert != NULL)
  4245. return sc->cert->key->privatekey;
  4246. else
  4247. return NULL;
  4248. }
  4249. X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
  4250. {
  4251. if (ctx->cert != NULL)
  4252. return ctx->cert->key->x509;
  4253. else
  4254. return NULL;
  4255. }
  4256. EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
  4257. {
  4258. if (ctx->cert != NULL)
  4259. return ctx->cert->key->privatekey;
  4260. else
  4261. return NULL;
  4262. }
  4263. const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
  4264. {
  4265. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4266. if (sc == NULL)
  4267. return NULL;
  4268. if ((sc->session != NULL) && (sc->session->cipher != NULL))
  4269. return sc->session->cipher;
  4270. return NULL;
  4271. }
  4272. const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
  4273. {
  4274. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4275. if (sc == NULL)
  4276. return NULL;
  4277. return sc->s3.tmp.new_cipher;
  4278. }
  4279. const COMP_METHOD *SSL_get_current_compression(const SSL *s)
  4280. {
  4281. #ifndef OPENSSL_NO_COMP
  4282. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4283. if (sc == NULL)
  4284. return NULL;
  4285. return sc->rlayer.wrlmethod->get_compression(sc->rlayer.wrl);
  4286. #else
  4287. return NULL;
  4288. #endif
  4289. }
  4290. const COMP_METHOD *SSL_get_current_expansion(const SSL *s)
  4291. {
  4292. #ifndef OPENSSL_NO_COMP
  4293. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4294. if (sc == NULL)
  4295. return NULL;
  4296. return sc->rlayer.rrlmethod->get_compression(sc->rlayer.rrl);
  4297. #else
  4298. return NULL;
  4299. #endif
  4300. }
  4301. int ssl_init_wbio_buffer(SSL_CONNECTION *s)
  4302. {
  4303. BIO *bbio;
  4304. if (s->bbio != NULL) {
  4305. /* Already buffered. */
  4306. return 1;
  4307. }
  4308. bbio = BIO_new(BIO_f_buffer());
  4309. if (bbio == NULL || BIO_set_read_buffer_size(bbio, 1) <= 0) {
  4310. BIO_free(bbio);
  4311. ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
  4312. return 0;
  4313. }
  4314. s->bbio = bbio;
  4315. s->wbio = BIO_push(bbio, s->wbio);
  4316. s->rlayer.wrlmethod->set1_bio(s->rlayer.wrl, s->wbio);
  4317. return 1;
  4318. }
  4319. int ssl_free_wbio_buffer(SSL_CONNECTION *s)
  4320. {
  4321. /* callers ensure s is never null */
  4322. if (s->bbio == NULL)
  4323. return 1;
  4324. s->wbio = BIO_pop(s->wbio);
  4325. s->rlayer.wrlmethod->set1_bio(s->rlayer.wrl, s->wbio);
  4326. BIO_free(s->bbio);
  4327. s->bbio = NULL;
  4328. return 1;
  4329. }
  4330. void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
  4331. {
  4332. ctx->quiet_shutdown = mode;
  4333. }
  4334. int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
  4335. {
  4336. return ctx->quiet_shutdown;
  4337. }
  4338. void SSL_set_quiet_shutdown(SSL *s, int mode)
  4339. {
  4340. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4341. /* Not supported with QUIC */
  4342. if (sc == NULL)
  4343. return;
  4344. sc->quiet_shutdown = mode;
  4345. }
  4346. int SSL_get_quiet_shutdown(const SSL *s)
  4347. {
  4348. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4349. /* Not supported with QUIC */
  4350. if (sc == NULL)
  4351. return 0;
  4352. return sc->quiet_shutdown;
  4353. }
  4354. void SSL_set_shutdown(SSL *s, int mode)
  4355. {
  4356. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  4357. /* Not supported with QUIC */
  4358. if (sc == NULL)
  4359. return;
  4360. sc->shutdown = mode;
  4361. }
  4362. int SSL_get_shutdown(const SSL *s)
  4363. {
  4364. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(s);
  4365. #ifndef OPENSSL_NO_QUIC
  4366. /* QUIC: Just indicate whether the connection was shutdown cleanly. */
  4367. if (IS_QUIC(s))
  4368. return ossl_quic_get_shutdown(s);
  4369. #endif
  4370. if (sc == NULL)
  4371. return 0;
  4372. return sc->shutdown;
  4373. }
  4374. int SSL_version(const SSL *s)
  4375. {
  4376. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4377. #ifndef OPENSSL_NO_QUIC
  4378. /* We only support QUICv1 - so if its QUIC its QUICv1 */
  4379. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  4380. return OSSL_QUIC1_VERSION;
  4381. #endif
  4382. if (sc == NULL)
  4383. return 0;
  4384. return sc->version;
  4385. }
  4386. int SSL_client_version(const SSL *s)
  4387. {
  4388. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4389. #ifndef OPENSSL_NO_QUIC
  4390. /* We only support QUICv1 - so if its QUIC its QUICv1 */
  4391. if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
  4392. return OSSL_QUIC1_VERSION;
  4393. #endif
  4394. if (sc == NULL)
  4395. return 0;
  4396. return sc->client_version;
  4397. }
  4398. SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
  4399. {
  4400. return ssl->ctx;
  4401. }
  4402. SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
  4403. {
  4404. CERT *new_cert;
  4405. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  4406. /* TODO(QUIC FUTURE): Add support for QUIC */
  4407. if (sc == NULL)
  4408. return NULL;
  4409. if (ssl->ctx == ctx)
  4410. return ssl->ctx;
  4411. if (ctx == NULL)
  4412. ctx = sc->session_ctx;
  4413. new_cert = ssl_cert_dup(ctx->cert);
  4414. if (new_cert == NULL) {
  4415. return NULL;
  4416. }
  4417. if (!custom_exts_copy_flags(&new_cert->custext, &sc->cert->custext)) {
  4418. ssl_cert_free(new_cert);
  4419. return NULL;
  4420. }
  4421. ssl_cert_free(sc->cert);
  4422. sc->cert = new_cert;
  4423. /*
  4424. * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
  4425. * so setter APIs must prevent invalid lengths from entering the system.
  4426. */
  4427. if (!ossl_assert(sc->sid_ctx_length <= sizeof(sc->sid_ctx)))
  4428. return NULL;
  4429. /*
  4430. * If the session ID context matches that of the parent SSL_CTX,
  4431. * inherit it from the new SSL_CTX as well. If however the context does
  4432. * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
  4433. * leave it unchanged.
  4434. */
  4435. if ((ssl->ctx != NULL) &&
  4436. (sc->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
  4437. (memcmp(sc->sid_ctx, ssl->ctx->sid_ctx, sc->sid_ctx_length) == 0)) {
  4438. sc->sid_ctx_length = ctx->sid_ctx_length;
  4439. memcpy(&sc->sid_ctx, &ctx->sid_ctx, sizeof(sc->sid_ctx));
  4440. }
  4441. SSL_CTX_up_ref(ctx);
  4442. SSL_CTX_free(ssl->ctx); /* decrement reference count */
  4443. ssl->ctx = ctx;
  4444. return ssl->ctx;
  4445. }
  4446. int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
  4447. {
  4448. return X509_STORE_set_default_paths_ex(ctx->cert_store, ctx->libctx,
  4449. ctx->propq);
  4450. }
  4451. int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
  4452. {
  4453. X509_LOOKUP *lookup;
  4454. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
  4455. if (lookup == NULL)
  4456. return 0;
  4457. /* We ignore errors, in case the directory doesn't exist */
  4458. ERR_set_mark();
  4459. X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
  4460. ERR_pop_to_mark();
  4461. return 1;
  4462. }
  4463. int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
  4464. {
  4465. X509_LOOKUP *lookup;
  4466. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
  4467. if (lookup == NULL)
  4468. return 0;
  4469. /* We ignore errors, in case the file doesn't exist */
  4470. ERR_set_mark();
  4471. X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, ctx->libctx,
  4472. ctx->propq);
  4473. ERR_pop_to_mark();
  4474. return 1;
  4475. }
  4476. int SSL_CTX_set_default_verify_store(SSL_CTX *ctx)
  4477. {
  4478. X509_LOOKUP *lookup;
  4479. lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_store());
  4480. if (lookup == NULL)
  4481. return 0;
  4482. /* We ignore errors, in case the directory doesn't exist */
  4483. ERR_set_mark();
  4484. X509_LOOKUP_add_store_ex(lookup, NULL, ctx->libctx, ctx->propq);
  4485. ERR_pop_to_mark();
  4486. return 1;
  4487. }
  4488. int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile)
  4489. {
  4490. return X509_STORE_load_file_ex(ctx->cert_store, CAfile, ctx->libctx,
  4491. ctx->propq);
  4492. }
  4493. int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath)
  4494. {
  4495. return X509_STORE_load_path(ctx->cert_store, CApath);
  4496. }
  4497. int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
  4498. {
  4499. return X509_STORE_load_store_ex(ctx->cert_store, CAstore, ctx->libctx,
  4500. ctx->propq);
  4501. }
  4502. int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
  4503. const char *CApath)
  4504. {
  4505. if (CAfile == NULL && CApath == NULL)
  4506. return 0;
  4507. if (CAfile != NULL && !SSL_CTX_load_verify_file(ctx, CAfile))
  4508. return 0;
  4509. if (CApath != NULL && !SSL_CTX_load_verify_dir(ctx, CApath))
  4510. return 0;
  4511. return 1;
  4512. }
  4513. void SSL_set_info_callback(SSL *ssl,
  4514. void (*cb) (const SSL *ssl, int type, int val))
  4515. {
  4516. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4517. if (sc == NULL)
  4518. return;
  4519. sc->info_callback = cb;
  4520. }
  4521. /*
  4522. * One compiler (Diab DCC) doesn't like argument names in returned function
  4523. * pointer.
  4524. */
  4525. void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
  4526. int /* type */ ,
  4527. int /* val */ ) {
  4528. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4529. if (sc == NULL)
  4530. return NULL;
  4531. return sc->info_callback;
  4532. }
  4533. void SSL_set_verify_result(SSL *ssl, long arg)
  4534. {
  4535. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4536. if (sc == NULL)
  4537. return;
  4538. sc->verify_result = arg;
  4539. }
  4540. long SSL_get_verify_result(const SSL *ssl)
  4541. {
  4542. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4543. if (sc == NULL)
  4544. return 0;
  4545. return sc->verify_result;
  4546. }
  4547. size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
  4548. {
  4549. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4550. if (sc == NULL)
  4551. return 0;
  4552. if (outlen == 0)
  4553. return sizeof(sc->s3.client_random);
  4554. if (outlen > sizeof(sc->s3.client_random))
  4555. outlen = sizeof(sc->s3.client_random);
  4556. memcpy(out, sc->s3.client_random, outlen);
  4557. return outlen;
  4558. }
  4559. size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
  4560. {
  4561. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4562. if (sc == NULL)
  4563. return 0;
  4564. if (outlen == 0)
  4565. return sizeof(sc->s3.server_random);
  4566. if (outlen > sizeof(sc->s3.server_random))
  4567. outlen = sizeof(sc->s3.server_random);
  4568. memcpy(out, sc->s3.server_random, outlen);
  4569. return outlen;
  4570. }
  4571. size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
  4572. unsigned char *out, size_t outlen)
  4573. {
  4574. if (outlen == 0)
  4575. return session->master_key_length;
  4576. if (outlen > session->master_key_length)
  4577. outlen = session->master_key_length;
  4578. memcpy(out, session->master_key, outlen);
  4579. return outlen;
  4580. }
  4581. int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
  4582. size_t len)
  4583. {
  4584. if (len > sizeof(sess->master_key))
  4585. return 0;
  4586. memcpy(sess->master_key, in, len);
  4587. sess->master_key_length = len;
  4588. return 1;
  4589. }
  4590. int SSL_set_ex_data(SSL *s, int idx, void *arg)
  4591. {
  4592. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  4593. }
  4594. void *SSL_get_ex_data(const SSL *s, int idx)
  4595. {
  4596. return CRYPTO_get_ex_data(&s->ex_data, idx);
  4597. }
  4598. int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
  4599. {
  4600. return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
  4601. }
  4602. void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
  4603. {
  4604. return CRYPTO_get_ex_data(&s->ex_data, idx);
  4605. }
  4606. X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
  4607. {
  4608. return ctx->cert_store;
  4609. }
  4610. void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
  4611. {
  4612. X509_STORE_free(ctx->cert_store);
  4613. ctx->cert_store = store;
  4614. }
  4615. void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
  4616. {
  4617. if (store != NULL)
  4618. X509_STORE_up_ref(store);
  4619. SSL_CTX_set_cert_store(ctx, store);
  4620. }
  4621. int SSL_want(const SSL *s)
  4622. {
  4623. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4624. #ifndef OPENSSL_NO_QUIC
  4625. if (IS_QUIC(s))
  4626. return ossl_quic_want(s);
  4627. #endif
  4628. if (sc == NULL)
  4629. return SSL_NOTHING;
  4630. return sc->rwstate;
  4631. }
  4632. #ifndef OPENSSL_NO_PSK
  4633. int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
  4634. {
  4635. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  4636. ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG);
  4637. return 0;
  4638. }
  4639. OPENSSL_free(ctx->cert->psk_identity_hint);
  4640. if (identity_hint != NULL) {
  4641. ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  4642. if (ctx->cert->psk_identity_hint == NULL)
  4643. return 0;
  4644. } else
  4645. ctx->cert->psk_identity_hint = NULL;
  4646. return 1;
  4647. }
  4648. int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
  4649. {
  4650. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4651. if (sc == NULL)
  4652. return 0;
  4653. if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
  4654. ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG);
  4655. return 0;
  4656. }
  4657. OPENSSL_free(sc->cert->psk_identity_hint);
  4658. if (identity_hint != NULL) {
  4659. sc->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
  4660. if (sc->cert->psk_identity_hint == NULL)
  4661. return 0;
  4662. } else
  4663. sc->cert->psk_identity_hint = NULL;
  4664. return 1;
  4665. }
  4666. const char *SSL_get_psk_identity_hint(const SSL *s)
  4667. {
  4668. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4669. if (sc == NULL || sc->session == NULL)
  4670. return NULL;
  4671. return sc->session->psk_identity_hint;
  4672. }
  4673. const char *SSL_get_psk_identity(const SSL *s)
  4674. {
  4675. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4676. if (sc == NULL || sc->session == NULL)
  4677. return NULL;
  4678. return sc->session->psk_identity;
  4679. }
  4680. void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
  4681. {
  4682. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4683. if (sc == NULL)
  4684. return;
  4685. sc->psk_client_callback = cb;
  4686. }
  4687. void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
  4688. {
  4689. ctx->psk_client_callback = cb;
  4690. }
  4691. void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
  4692. {
  4693. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4694. if (sc == NULL)
  4695. return;
  4696. sc->psk_server_callback = cb;
  4697. }
  4698. void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
  4699. {
  4700. ctx->psk_server_callback = cb;
  4701. }
  4702. #endif
  4703. void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
  4704. {
  4705. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4706. if (sc == NULL)
  4707. return;
  4708. sc->psk_find_session_cb = cb;
  4709. }
  4710. void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
  4711. SSL_psk_find_session_cb_func cb)
  4712. {
  4713. ctx->psk_find_session_cb = cb;
  4714. }
  4715. void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
  4716. {
  4717. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4718. if (sc == NULL)
  4719. return;
  4720. sc->psk_use_session_cb = cb;
  4721. }
  4722. void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
  4723. SSL_psk_use_session_cb_func cb)
  4724. {
  4725. ctx->psk_use_session_cb = cb;
  4726. }
  4727. void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
  4728. void (*cb) (int write_p, int version,
  4729. int content_type, const void *buf,
  4730. size_t len, SSL *ssl, void *arg))
  4731. {
  4732. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  4733. }
  4734. void SSL_set_msg_callback(SSL *ssl,
  4735. void (*cb) (int write_p, int version,
  4736. int content_type, const void *buf,
  4737. size_t len, SSL *ssl, void *arg))
  4738. {
  4739. SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
  4740. }
  4741. void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
  4742. int (*cb) (SSL *ssl,
  4743. int
  4744. is_forward_secure))
  4745. {
  4746. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  4747. (void (*)(void))cb);
  4748. }
  4749. void SSL_set_not_resumable_session_callback(SSL *ssl,
  4750. int (*cb) (SSL *ssl,
  4751. int is_forward_secure))
  4752. {
  4753. SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
  4754. (void (*)(void))cb);
  4755. }
  4756. void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
  4757. size_t (*cb) (SSL *ssl, int type,
  4758. size_t len, void *arg))
  4759. {
  4760. ctx->record_padding_cb = cb;
  4761. }
  4762. void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
  4763. {
  4764. ctx->record_padding_arg = arg;
  4765. }
  4766. void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx)
  4767. {
  4768. return ctx->record_padding_arg;
  4769. }
  4770. int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
  4771. {
  4772. if (IS_QUIC_CTX(ctx) && block_size > 1)
  4773. return 0;
  4774. /* block size of 0 or 1 is basically no padding */
  4775. if (block_size == 1)
  4776. ctx->block_padding = 0;
  4777. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  4778. ctx->block_padding = block_size;
  4779. else
  4780. return 0;
  4781. return 1;
  4782. }
  4783. int SSL_set_record_padding_callback(SSL *ssl,
  4784. size_t (*cb) (SSL *ssl, int type,
  4785. size_t len, void *arg))
  4786. {
  4787. BIO *b;
  4788. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  4789. if (sc == NULL)
  4790. return 0;
  4791. b = SSL_get_wbio(ssl);
  4792. if (b == NULL || !BIO_get_ktls_send(b)) {
  4793. sc->rlayer.record_padding_cb = cb;
  4794. return 1;
  4795. }
  4796. return 0;
  4797. }
  4798. void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
  4799. {
  4800. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4801. if (sc == NULL)
  4802. return;
  4803. sc->rlayer.record_padding_arg = arg;
  4804. }
  4805. void *SSL_get_record_padding_callback_arg(const SSL *ssl)
  4806. {
  4807. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
  4808. if (sc == NULL)
  4809. return NULL;
  4810. return sc->rlayer.record_padding_arg;
  4811. }
  4812. int SSL_set_block_padding(SSL *ssl, size_t block_size)
  4813. {
  4814. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  4815. if (sc == NULL || (IS_QUIC(ssl) && block_size > 1))
  4816. return 0;
  4817. /* block size of 0 or 1 is basically no padding */
  4818. if (block_size == 1)
  4819. sc->rlayer.block_padding = 0;
  4820. else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
  4821. sc->rlayer.block_padding = block_size;
  4822. else
  4823. return 0;
  4824. return 1;
  4825. }
  4826. int SSL_set_num_tickets(SSL *s, size_t num_tickets)
  4827. {
  4828. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4829. if (sc == NULL)
  4830. return 0;
  4831. sc->num_tickets = num_tickets;
  4832. return 1;
  4833. }
  4834. size_t SSL_get_num_tickets(const SSL *s)
  4835. {
  4836. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4837. if (sc == NULL)
  4838. return 0;
  4839. return sc->num_tickets;
  4840. }
  4841. int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
  4842. {
  4843. ctx->num_tickets = num_tickets;
  4844. return 1;
  4845. }
  4846. size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
  4847. {
  4848. return ctx->num_tickets;
  4849. }
  4850. /* Retrieve handshake hashes */
  4851. int ssl_handshake_hash(SSL_CONNECTION *s,
  4852. unsigned char *out, size_t outlen,
  4853. size_t *hashlen)
  4854. {
  4855. EVP_MD_CTX *ctx = NULL;
  4856. EVP_MD_CTX *hdgst = s->s3.handshake_dgst;
  4857. int hashleni = EVP_MD_CTX_get_size(hdgst);
  4858. int ret = 0;
  4859. if (hashleni < 0 || (size_t)hashleni > outlen) {
  4860. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  4861. goto err;
  4862. }
  4863. ctx = EVP_MD_CTX_new();
  4864. if (ctx == NULL) {
  4865. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  4866. goto err;
  4867. }
  4868. if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
  4869. || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
  4870. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  4871. goto err;
  4872. }
  4873. *hashlen = hashleni;
  4874. ret = 1;
  4875. err:
  4876. EVP_MD_CTX_free(ctx);
  4877. return ret;
  4878. }
  4879. int SSL_session_reused(const SSL *s)
  4880. {
  4881. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4882. if (sc == NULL)
  4883. return 0;
  4884. return sc->hit;
  4885. }
  4886. int SSL_is_server(const SSL *s)
  4887. {
  4888. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4889. if (sc == NULL)
  4890. return 0;
  4891. return sc->server;
  4892. }
  4893. #ifndef OPENSSL_NO_DEPRECATED_1_1_0
  4894. void SSL_set_debug(SSL *s, int debug)
  4895. {
  4896. /* Old function was do-nothing anyway... */
  4897. (void)s;
  4898. (void)debug;
  4899. }
  4900. #endif
  4901. void SSL_set_security_level(SSL *s, int level)
  4902. {
  4903. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4904. if (sc == NULL)
  4905. return;
  4906. sc->cert->sec_level = level;
  4907. }
  4908. int SSL_get_security_level(const SSL *s)
  4909. {
  4910. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4911. if (sc == NULL)
  4912. return 0;
  4913. return sc->cert->sec_level;
  4914. }
  4915. void SSL_set_security_callback(SSL *s,
  4916. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  4917. int op, int bits, int nid,
  4918. void *other, void *ex))
  4919. {
  4920. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4921. if (sc == NULL)
  4922. return;
  4923. sc->cert->sec_cb = cb;
  4924. }
  4925. int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
  4926. const SSL_CTX *ctx, int op,
  4927. int bits, int nid, void *other,
  4928. void *ex) {
  4929. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4930. if (sc == NULL)
  4931. return NULL;
  4932. return sc->cert->sec_cb;
  4933. }
  4934. void SSL_set0_security_ex_data(SSL *s, void *ex)
  4935. {
  4936. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  4937. if (sc == NULL)
  4938. return;
  4939. sc->cert->sec_ex = ex;
  4940. }
  4941. void *SSL_get0_security_ex_data(const SSL *s)
  4942. {
  4943. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4944. if (sc == NULL)
  4945. return NULL;
  4946. return sc->cert->sec_ex;
  4947. }
  4948. void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
  4949. {
  4950. ctx->cert->sec_level = level;
  4951. }
  4952. int SSL_CTX_get_security_level(const SSL_CTX *ctx)
  4953. {
  4954. return ctx->cert->sec_level;
  4955. }
  4956. void SSL_CTX_set_security_callback(SSL_CTX *ctx,
  4957. int (*cb) (const SSL *s, const SSL_CTX *ctx,
  4958. int op, int bits, int nid,
  4959. void *other, void *ex))
  4960. {
  4961. ctx->cert->sec_cb = cb;
  4962. }
  4963. int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
  4964. const SSL_CTX *ctx,
  4965. int op, int bits,
  4966. int nid,
  4967. void *other,
  4968. void *ex) {
  4969. return ctx->cert->sec_cb;
  4970. }
  4971. void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
  4972. {
  4973. ctx->cert->sec_ex = ex;
  4974. }
  4975. void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
  4976. {
  4977. return ctx->cert->sec_ex;
  4978. }
  4979. uint64_t SSL_CTX_get_options(const SSL_CTX *ctx)
  4980. {
  4981. return ctx->options;
  4982. }
  4983. uint64_t SSL_get_options(const SSL *s)
  4984. {
  4985. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  4986. #ifndef OPENSSL_NO_QUIC
  4987. if (IS_QUIC(s))
  4988. return ossl_quic_get_options(s);
  4989. #endif
  4990. if (sc == NULL)
  4991. return 0;
  4992. return sc->options;
  4993. }
  4994. uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op)
  4995. {
  4996. return ctx->options |= op;
  4997. }
  4998. uint64_t SSL_set_options(SSL *s, uint64_t op)
  4999. {
  5000. SSL_CONNECTION *sc;
  5001. OSSL_PARAM options[2], *opts = options;
  5002. #ifndef OPENSSL_NO_QUIC
  5003. if (IS_QUIC(s))
  5004. return ossl_quic_set_options(s, op);
  5005. #endif
  5006. sc = SSL_CONNECTION_FROM_SSL(s);
  5007. if (sc == NULL)
  5008. return 0;
  5009. sc->options |= op;
  5010. *opts++ = OSSL_PARAM_construct_uint64(OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS,
  5011. &sc->options);
  5012. *opts = OSSL_PARAM_construct_end();
  5013. /* Ignore return value */
  5014. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  5015. sc->rlayer.wrlmethod->set_options(sc->rlayer.wrl, options);
  5016. return sc->options;
  5017. }
  5018. uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op)
  5019. {
  5020. return ctx->options &= ~op;
  5021. }
  5022. uint64_t SSL_clear_options(SSL *s, uint64_t op)
  5023. {
  5024. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5025. OSSL_PARAM options[2], *opts = options;
  5026. #ifndef OPENSSL_NO_QUIC
  5027. if (IS_QUIC(s))
  5028. return ossl_quic_clear_options(s, op);
  5029. #endif
  5030. if (sc == NULL)
  5031. return 0;
  5032. sc->options &= ~op;
  5033. *opts++ = OSSL_PARAM_construct_uint64(OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS,
  5034. &sc->options);
  5035. *opts = OSSL_PARAM_construct_end();
  5036. /* Ignore return value */
  5037. sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
  5038. sc->rlayer.wrlmethod->set_options(sc->rlayer.wrl, options);
  5039. return sc->options;
  5040. }
  5041. STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
  5042. {
  5043. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5044. if (sc == NULL)
  5045. return NULL;
  5046. return sc->verified_chain;
  5047. }
  5048. IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
  5049. #ifndef OPENSSL_NO_CT
  5050. /*
  5051. * Moves SCTs from the |src| stack to the |dst| stack.
  5052. * The source of each SCT will be set to |origin|.
  5053. * If |dst| points to a NULL pointer, a new stack will be created and owned by
  5054. * the caller.
  5055. * Returns the number of SCTs moved, or a negative integer if an error occurs.
  5056. * The |dst| stack is created and possibly partially populated even in case
  5057. * of error, likewise the |src| stack may be left in an intermediate state.
  5058. */
  5059. static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
  5060. sct_source_t origin)
  5061. {
  5062. int scts_moved = 0;
  5063. SCT *sct = NULL;
  5064. if (*dst == NULL) {
  5065. *dst = sk_SCT_new_null();
  5066. if (*dst == NULL) {
  5067. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  5068. goto err;
  5069. }
  5070. }
  5071. while ((sct = sk_SCT_pop(src)) != NULL) {
  5072. if (SCT_set_source(sct, origin) != 1)
  5073. goto err;
  5074. if (!sk_SCT_push(*dst, sct))
  5075. goto err;
  5076. scts_moved += 1;
  5077. }
  5078. return scts_moved;
  5079. err:
  5080. SCT_free(sct);
  5081. return -1;
  5082. }
  5083. /*
  5084. * Look for data collected during ServerHello and parse if found.
  5085. * Returns the number of SCTs extracted.
  5086. */
  5087. static int ct_extract_tls_extension_scts(SSL_CONNECTION *s)
  5088. {
  5089. int scts_extracted = 0;
  5090. if (s->ext.scts != NULL) {
  5091. const unsigned char *p = s->ext.scts;
  5092. STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
  5093. scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
  5094. SCT_LIST_free(scts);
  5095. }
  5096. return scts_extracted;
  5097. }
  5098. /*
  5099. * Checks for an OCSP response and then attempts to extract any SCTs found if it
  5100. * contains an SCT X509 extension. They will be stored in |s->scts|.
  5101. * Returns:
  5102. * - The number of SCTs extracted, assuming an OCSP response exists.
  5103. * - 0 if no OCSP response exists or it contains no SCTs.
  5104. * - A negative integer if an error occurs.
  5105. */
  5106. static int ct_extract_ocsp_response_scts(SSL_CONNECTION *s)
  5107. {
  5108. # ifndef OPENSSL_NO_OCSP
  5109. int scts_extracted = 0;
  5110. const unsigned char *p;
  5111. OCSP_BASICRESP *br = NULL;
  5112. OCSP_RESPONSE *rsp = NULL;
  5113. STACK_OF(SCT) *scts = NULL;
  5114. int i;
  5115. if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
  5116. goto err;
  5117. p = s->ext.ocsp.resp;
  5118. rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
  5119. if (rsp == NULL)
  5120. goto err;
  5121. br = OCSP_response_get1_basic(rsp);
  5122. if (br == NULL)
  5123. goto err;
  5124. for (i = 0; i < OCSP_resp_count(br); ++i) {
  5125. OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
  5126. if (single == NULL)
  5127. continue;
  5128. scts =
  5129. OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
  5130. scts_extracted =
  5131. ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
  5132. if (scts_extracted < 0)
  5133. goto err;
  5134. }
  5135. err:
  5136. SCT_LIST_free(scts);
  5137. OCSP_BASICRESP_free(br);
  5138. OCSP_RESPONSE_free(rsp);
  5139. return scts_extracted;
  5140. # else
  5141. /* Behave as if no OCSP response exists */
  5142. return 0;
  5143. # endif
  5144. }
  5145. /*
  5146. * Attempts to extract SCTs from the peer certificate.
  5147. * Return the number of SCTs extracted, or a negative integer if an error
  5148. * occurs.
  5149. */
  5150. static int ct_extract_x509v3_extension_scts(SSL_CONNECTION *s)
  5151. {
  5152. int scts_extracted = 0;
  5153. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  5154. if (cert != NULL) {
  5155. STACK_OF(SCT) *scts =
  5156. X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
  5157. scts_extracted =
  5158. ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
  5159. SCT_LIST_free(scts);
  5160. }
  5161. return scts_extracted;
  5162. }
  5163. /*
  5164. * Attempts to find all received SCTs by checking TLS extensions, the OCSP
  5165. * response (if it exists) and X509v3 extensions in the certificate.
  5166. * Returns NULL if an error occurs.
  5167. */
  5168. const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
  5169. {
  5170. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5171. if (sc == NULL)
  5172. return NULL;
  5173. if (!sc->scts_parsed) {
  5174. if (ct_extract_tls_extension_scts(sc) < 0 ||
  5175. ct_extract_ocsp_response_scts(sc) < 0 ||
  5176. ct_extract_x509v3_extension_scts(sc) < 0)
  5177. goto err;
  5178. sc->scts_parsed = 1;
  5179. }
  5180. return sc->scts;
  5181. err:
  5182. return NULL;
  5183. }
  5184. static int ct_permissive(const CT_POLICY_EVAL_CTX *ctx,
  5185. const STACK_OF(SCT) *scts, void *unused_arg)
  5186. {
  5187. return 1;
  5188. }
  5189. static int ct_strict(const CT_POLICY_EVAL_CTX *ctx,
  5190. const STACK_OF(SCT) *scts, void *unused_arg)
  5191. {
  5192. int count = scts != NULL ? sk_SCT_num(scts) : 0;
  5193. int i;
  5194. for (i = 0; i < count; ++i) {
  5195. SCT *sct = sk_SCT_value(scts, i);
  5196. int status = SCT_get_validation_status(sct);
  5197. if (status == SCT_VALIDATION_STATUS_VALID)
  5198. return 1;
  5199. }
  5200. ERR_raise(ERR_LIB_SSL, SSL_R_NO_VALID_SCTS);
  5201. return 0;
  5202. }
  5203. int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
  5204. void *arg)
  5205. {
  5206. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5207. if (sc == NULL)
  5208. return 0;
  5209. /*
  5210. * Since code exists that uses the custom extension handler for CT, look
  5211. * for this and throw an error if they have already registered to use CT.
  5212. */
  5213. if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
  5214. TLSEXT_TYPE_signed_certificate_timestamp))
  5215. {
  5216. ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  5217. return 0;
  5218. }
  5219. if (callback != NULL) {
  5220. /*
  5221. * If we are validating CT, then we MUST accept SCTs served via OCSP
  5222. */
  5223. if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
  5224. return 0;
  5225. }
  5226. sc->ct_validation_callback = callback;
  5227. sc->ct_validation_callback_arg = arg;
  5228. return 1;
  5229. }
  5230. int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
  5231. ssl_ct_validation_cb callback, void *arg)
  5232. {
  5233. /*
  5234. * Since code exists that uses the custom extension handler for CT, look for
  5235. * this and throw an error if they have already registered to use CT.
  5236. */
  5237. if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
  5238. TLSEXT_TYPE_signed_certificate_timestamp))
  5239. {
  5240. ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
  5241. return 0;
  5242. }
  5243. ctx->ct_validation_callback = callback;
  5244. ctx->ct_validation_callback_arg = arg;
  5245. return 1;
  5246. }
  5247. int SSL_ct_is_enabled(const SSL *s)
  5248. {
  5249. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5250. if (sc == NULL)
  5251. return 0;
  5252. return sc->ct_validation_callback != NULL;
  5253. }
  5254. int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
  5255. {
  5256. return ctx->ct_validation_callback != NULL;
  5257. }
  5258. int ssl_validate_ct(SSL_CONNECTION *s)
  5259. {
  5260. int ret = 0;
  5261. X509 *cert = s->session != NULL ? s->session->peer : NULL;
  5262. X509 *issuer;
  5263. SSL_DANE *dane = &s->dane;
  5264. CT_POLICY_EVAL_CTX *ctx = NULL;
  5265. const STACK_OF(SCT) *scts;
  5266. /*
  5267. * If no callback is set, the peer is anonymous, or its chain is invalid,
  5268. * skip SCT validation - just return success. Applications that continue
  5269. * handshakes without certificates, with unverified chains, or pinned leaf
  5270. * certificates are outside the scope of the WebPKI and CT.
  5271. *
  5272. * The above exclusions notwithstanding the vast majority of peers will
  5273. * have rather ordinary certificate chains validated by typical
  5274. * applications that perform certificate verification and therefore will
  5275. * process SCTs when enabled.
  5276. */
  5277. if (s->ct_validation_callback == NULL || cert == NULL ||
  5278. s->verify_result != X509_V_OK ||
  5279. s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
  5280. return 1;
  5281. /*
  5282. * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
  5283. * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2
  5284. */
  5285. if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
  5286. switch (dane->mtlsa->usage) {
  5287. case DANETLS_USAGE_DANE_TA:
  5288. case DANETLS_USAGE_DANE_EE:
  5289. return 1;
  5290. }
  5291. }
  5292. ctx = CT_POLICY_EVAL_CTX_new_ex(SSL_CONNECTION_GET_CTX(s)->libctx,
  5293. SSL_CONNECTION_GET_CTX(s)->propq);
  5294. if (ctx == NULL) {
  5295. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CT_LIB);
  5296. goto end;
  5297. }
  5298. issuer = sk_X509_value(s->verified_chain, 1);
  5299. CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
  5300. CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
  5301. CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx,
  5302. SSL_CONNECTION_GET_CTX(s)->ctlog_store);
  5303. CT_POLICY_EVAL_CTX_set_time(
  5304. ctx, (uint64_t)SSL_SESSION_get_time(s->session) * 1000);
  5305. scts = SSL_get0_peer_scts(SSL_CONNECTION_GET_SSL(s));
  5306. /*
  5307. * This function returns success (> 0) only when all the SCTs are valid, 0
  5308. * when some are invalid, and < 0 on various internal errors (out of
  5309. * memory, etc.). Having some, or even all, invalid SCTs is not sufficient
  5310. * reason to abort the handshake, that decision is up to the callback.
  5311. * Therefore, we error out only in the unexpected case that the return
  5312. * value is negative.
  5313. *
  5314. * XXX: One might well argue that the return value of this function is an
  5315. * unfortunate design choice. Its job is only to determine the validation
  5316. * status of each of the provided SCTs. So long as it correctly separates
  5317. * the wheat from the chaff it should return success. Failure in this case
  5318. * ought to correspond to an inability to carry out its duties.
  5319. */
  5320. if (SCT_LIST_validate(scts, ctx) < 0) {
  5321. SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_SCT_VERIFICATION_FAILED);
  5322. goto end;
  5323. }
  5324. ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
  5325. if (ret < 0)
  5326. ret = 0; /* This function returns 0 on failure */
  5327. if (!ret)
  5328. SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_CALLBACK_FAILED);
  5329. end:
  5330. CT_POLICY_EVAL_CTX_free(ctx);
  5331. /*
  5332. * With SSL_VERIFY_NONE the session may be cached and re-used despite a
  5333. * failure return code here. Also the application may wish the complete
  5334. * the handshake, and then disconnect cleanly at a higher layer, after
  5335. * checking the verification status of the completed connection.
  5336. *
  5337. * We therefore force a certificate verification failure which will be
  5338. * visible via SSL_get_verify_result() and cached as part of any resumed
  5339. * session.
  5340. *
  5341. * Note: the permissive callback is for information gathering only, always
  5342. * returns success, and does not affect verification status. Only the
  5343. * strict callback or a custom application-specified callback can trigger
  5344. * connection failure or record a verification error.
  5345. */
  5346. if (ret <= 0)
  5347. s->verify_result = X509_V_ERR_NO_VALID_SCTS;
  5348. return ret;
  5349. }
  5350. int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
  5351. {
  5352. switch (validation_mode) {
  5353. default:
  5354. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE);
  5355. return 0;
  5356. case SSL_CT_VALIDATION_PERMISSIVE:
  5357. return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
  5358. case SSL_CT_VALIDATION_STRICT:
  5359. return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
  5360. }
  5361. }
  5362. int SSL_enable_ct(SSL *s, int validation_mode)
  5363. {
  5364. switch (validation_mode) {
  5365. default:
  5366. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE);
  5367. return 0;
  5368. case SSL_CT_VALIDATION_PERMISSIVE:
  5369. return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
  5370. case SSL_CT_VALIDATION_STRICT:
  5371. return SSL_set_ct_validation_callback(s, ct_strict, NULL);
  5372. }
  5373. }
  5374. int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
  5375. {
  5376. return CTLOG_STORE_load_default_file(ctx->ctlog_store);
  5377. }
  5378. int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
  5379. {
  5380. return CTLOG_STORE_load_file(ctx->ctlog_store, path);
  5381. }
  5382. void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs)
  5383. {
  5384. CTLOG_STORE_free(ctx->ctlog_store);
  5385. ctx->ctlog_store = logs;
  5386. }
  5387. const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
  5388. {
  5389. return ctx->ctlog_store;
  5390. }
  5391. #endif /* OPENSSL_NO_CT */
  5392. void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
  5393. void *arg)
  5394. {
  5395. c->client_hello_cb = cb;
  5396. c->client_hello_cb_arg = arg;
  5397. }
  5398. int SSL_client_hello_isv2(SSL *s)
  5399. {
  5400. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5401. if (sc == NULL)
  5402. return 0;
  5403. if (sc->clienthello == NULL)
  5404. return 0;
  5405. return sc->clienthello->isv2;
  5406. }
  5407. unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
  5408. {
  5409. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5410. if (sc == NULL)
  5411. return 0;
  5412. if (sc->clienthello == NULL)
  5413. return 0;
  5414. return sc->clienthello->legacy_version;
  5415. }
  5416. size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
  5417. {
  5418. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5419. if (sc == NULL)
  5420. return 0;
  5421. if (sc->clienthello == NULL)
  5422. return 0;
  5423. if (out != NULL)
  5424. *out = sc->clienthello->random;
  5425. return SSL3_RANDOM_SIZE;
  5426. }
  5427. size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
  5428. {
  5429. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5430. if (sc == NULL)
  5431. return 0;
  5432. if (sc->clienthello == NULL)
  5433. return 0;
  5434. if (out != NULL)
  5435. *out = sc->clienthello->session_id;
  5436. return sc->clienthello->session_id_len;
  5437. }
  5438. size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
  5439. {
  5440. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5441. if (sc == NULL)
  5442. return 0;
  5443. if (sc->clienthello == NULL)
  5444. return 0;
  5445. if (out != NULL)
  5446. *out = PACKET_data(&sc->clienthello->ciphersuites);
  5447. return PACKET_remaining(&sc->clienthello->ciphersuites);
  5448. }
  5449. size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
  5450. {
  5451. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5452. if (sc == NULL)
  5453. return 0;
  5454. if (sc->clienthello == NULL)
  5455. return 0;
  5456. if (out != NULL)
  5457. *out = sc->clienthello->compressions;
  5458. return sc->clienthello->compressions_len;
  5459. }
  5460. int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
  5461. {
  5462. RAW_EXTENSION *ext;
  5463. int *present;
  5464. size_t num = 0, i;
  5465. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5466. if (sc == NULL)
  5467. return 0;
  5468. if (sc->clienthello == NULL || out == NULL || outlen == NULL)
  5469. return 0;
  5470. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5471. ext = sc->clienthello->pre_proc_exts + i;
  5472. if (ext->present)
  5473. num++;
  5474. }
  5475. if (num == 0) {
  5476. *out = NULL;
  5477. *outlen = 0;
  5478. return 1;
  5479. }
  5480. if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL)
  5481. return 0;
  5482. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5483. ext = sc->clienthello->pre_proc_exts + i;
  5484. if (ext->present) {
  5485. if (ext->received_order >= num)
  5486. goto err;
  5487. present[ext->received_order] = ext->type;
  5488. }
  5489. }
  5490. *out = present;
  5491. *outlen = num;
  5492. return 1;
  5493. err:
  5494. OPENSSL_free(present);
  5495. return 0;
  5496. }
  5497. int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, size_t *num_exts)
  5498. {
  5499. RAW_EXTENSION *ext;
  5500. size_t num = 0, i;
  5501. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5502. if (sc == NULL)
  5503. return 0;
  5504. if (sc->clienthello == NULL || num_exts == NULL)
  5505. return 0;
  5506. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5507. ext = sc->clienthello->pre_proc_exts + i;
  5508. if (ext->present)
  5509. num++;
  5510. }
  5511. if (num == 0) {
  5512. *num_exts = 0;
  5513. return 1;
  5514. }
  5515. if (exts == NULL) {
  5516. *num_exts = num;
  5517. return 1;
  5518. }
  5519. if (*num_exts < num)
  5520. return 0;
  5521. for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
  5522. ext = sc->clienthello->pre_proc_exts + i;
  5523. if (ext->present) {
  5524. if (ext->received_order >= num)
  5525. return 0;
  5526. exts[ext->received_order] = ext->type;
  5527. }
  5528. }
  5529. *num_exts = num;
  5530. return 1;
  5531. }
  5532. int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
  5533. size_t *outlen)
  5534. {
  5535. size_t i;
  5536. RAW_EXTENSION *r;
  5537. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5538. if (sc == NULL)
  5539. return 0;
  5540. if (sc->clienthello == NULL)
  5541. return 0;
  5542. for (i = 0; i < sc->clienthello->pre_proc_exts_len; ++i) {
  5543. r = sc->clienthello->pre_proc_exts + i;
  5544. if (r->present && r->type == type) {
  5545. if (out != NULL)
  5546. *out = PACKET_data(&r->data);
  5547. if (outlen != NULL)
  5548. *outlen = PACKET_remaining(&r->data);
  5549. return 1;
  5550. }
  5551. }
  5552. return 0;
  5553. }
  5554. int SSL_free_buffers(SSL *ssl)
  5555. {
  5556. RECORD_LAYER *rl;
  5557. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  5558. if (sc == NULL)
  5559. return 0;
  5560. rl = &sc->rlayer;
  5561. return rl->rrlmethod->free_buffers(rl->rrl)
  5562. && rl->wrlmethod->free_buffers(rl->wrl);
  5563. }
  5564. int SSL_alloc_buffers(SSL *ssl)
  5565. {
  5566. RECORD_LAYER *rl;
  5567. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  5568. if (sc == NULL)
  5569. return 0;
  5570. /* QUIC always has buffers allocated. */
  5571. if (IS_QUIC(ssl))
  5572. return 1;
  5573. rl = &sc->rlayer;
  5574. return rl->rrlmethod->alloc_buffers(rl->rrl)
  5575. && rl->wrlmethod->alloc_buffers(rl->wrl);
  5576. }
  5577. void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
  5578. {
  5579. ctx->keylog_callback = cb;
  5580. }
  5581. SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
  5582. {
  5583. return ctx->keylog_callback;
  5584. }
  5585. static int nss_keylog_int(const char *prefix,
  5586. SSL_CONNECTION *sc,
  5587. const uint8_t *parameter_1,
  5588. size_t parameter_1_len,
  5589. const uint8_t *parameter_2,
  5590. size_t parameter_2_len)
  5591. {
  5592. char *out = NULL;
  5593. char *cursor = NULL;
  5594. size_t out_len = 0;
  5595. size_t i;
  5596. size_t prefix_len;
  5597. SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(sc);
  5598. if (sctx->keylog_callback == NULL)
  5599. return 1;
  5600. /*
  5601. * Our output buffer will contain the following strings, rendered with
  5602. * space characters in between, terminated by a NULL character: first the
  5603. * prefix, then the first parameter, then the second parameter. The
  5604. * meaning of each parameter depends on the specific key material being
  5605. * logged. Note that the first and second parameters are encoded in
  5606. * hexadecimal, so we need a buffer that is twice their lengths.
  5607. */
  5608. prefix_len = strlen(prefix);
  5609. out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
  5610. if ((out = cursor = OPENSSL_malloc(out_len)) == NULL)
  5611. return 0;
  5612. strcpy(cursor, prefix);
  5613. cursor += prefix_len;
  5614. *cursor++ = ' ';
  5615. for (i = 0; i < parameter_1_len; i++) {
  5616. sprintf(cursor, "%02x", parameter_1[i]);
  5617. cursor += 2;
  5618. }
  5619. *cursor++ = ' ';
  5620. for (i = 0; i < parameter_2_len; i++) {
  5621. sprintf(cursor, "%02x", parameter_2[i]);
  5622. cursor += 2;
  5623. }
  5624. *cursor = '\0';
  5625. sctx->keylog_callback(SSL_CONNECTION_GET_SSL(sc), (const char *)out);
  5626. OPENSSL_clear_free(out, out_len);
  5627. return 1;
  5628. }
  5629. int ssl_log_rsa_client_key_exchange(SSL_CONNECTION *sc,
  5630. const uint8_t *encrypted_premaster,
  5631. size_t encrypted_premaster_len,
  5632. const uint8_t *premaster,
  5633. size_t premaster_len)
  5634. {
  5635. if (encrypted_premaster_len < 8) {
  5636. SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  5637. return 0;
  5638. }
  5639. /* We only want the first 8 bytes of the encrypted premaster as a tag. */
  5640. return nss_keylog_int("RSA",
  5641. sc,
  5642. encrypted_premaster,
  5643. 8,
  5644. premaster,
  5645. premaster_len);
  5646. }
  5647. int ssl_log_secret(SSL_CONNECTION *sc,
  5648. const char *label,
  5649. const uint8_t *secret,
  5650. size_t secret_len)
  5651. {
  5652. return nss_keylog_int(label,
  5653. sc,
  5654. sc->s3.client_random,
  5655. SSL3_RANDOM_SIZE,
  5656. secret,
  5657. secret_len);
  5658. }
  5659. #define SSLV2_CIPHER_LEN 3
  5660. int ssl_cache_cipherlist(SSL_CONNECTION *s, PACKET *cipher_suites, int sslv2format)
  5661. {
  5662. int n;
  5663. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  5664. if (PACKET_remaining(cipher_suites) == 0) {
  5665. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED);
  5666. return 0;
  5667. }
  5668. if (PACKET_remaining(cipher_suites) % n != 0) {
  5669. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  5670. return 0;
  5671. }
  5672. OPENSSL_free(s->s3.tmp.ciphers_raw);
  5673. s->s3.tmp.ciphers_raw = NULL;
  5674. s->s3.tmp.ciphers_rawlen = 0;
  5675. if (sslv2format) {
  5676. size_t numciphers = PACKET_remaining(cipher_suites) / n;
  5677. PACKET sslv2ciphers = *cipher_suites;
  5678. unsigned int leadbyte;
  5679. unsigned char *raw;
  5680. /*
  5681. * We store the raw ciphers list in SSLv3+ format so we need to do some
  5682. * preprocessing to convert the list first. If there are any SSLv2 only
  5683. * ciphersuites with a non-zero leading byte then we are going to
  5684. * slightly over allocate because we won't store those. But that isn't a
  5685. * problem.
  5686. */
  5687. raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
  5688. s->s3.tmp.ciphers_raw = raw;
  5689. if (raw == NULL) {
  5690. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
  5691. return 0;
  5692. }
  5693. for (s->s3.tmp.ciphers_rawlen = 0;
  5694. PACKET_remaining(&sslv2ciphers) > 0;
  5695. raw += TLS_CIPHER_LEN) {
  5696. if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
  5697. || (leadbyte == 0
  5698. && !PACKET_copy_bytes(&sslv2ciphers, raw,
  5699. TLS_CIPHER_LEN))
  5700. || (leadbyte != 0
  5701. && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
  5702. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_PACKET);
  5703. OPENSSL_free(s->s3.tmp.ciphers_raw);
  5704. s->s3.tmp.ciphers_raw = NULL;
  5705. s->s3.tmp.ciphers_rawlen = 0;
  5706. return 0;
  5707. }
  5708. if (leadbyte == 0)
  5709. s->s3.tmp.ciphers_rawlen += TLS_CIPHER_LEN;
  5710. }
  5711. } else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw,
  5712. &s->s3.tmp.ciphers_rawlen)) {
  5713. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  5714. return 0;
  5715. }
  5716. return 1;
  5717. }
  5718. int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
  5719. int isv2format, STACK_OF(SSL_CIPHER) **sk,
  5720. STACK_OF(SSL_CIPHER) **scsvs)
  5721. {
  5722. PACKET pkt;
  5723. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  5724. if (sc == NULL)
  5725. return 0;
  5726. if (!PACKET_buf_init(&pkt, bytes, len))
  5727. return 0;
  5728. return ossl_bytes_to_cipher_list(sc, &pkt, sk, scsvs, isv2format, 0);
  5729. }
  5730. int ossl_bytes_to_cipher_list(SSL_CONNECTION *s, PACKET *cipher_suites,
  5731. STACK_OF(SSL_CIPHER) **skp,
  5732. STACK_OF(SSL_CIPHER) **scsvs_out,
  5733. int sslv2format, int fatal)
  5734. {
  5735. const SSL_CIPHER *c;
  5736. STACK_OF(SSL_CIPHER) *sk = NULL;
  5737. STACK_OF(SSL_CIPHER) *scsvs = NULL;
  5738. int n;
  5739. /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
  5740. unsigned char cipher[SSLV2_CIPHER_LEN];
  5741. n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
  5742. if (PACKET_remaining(cipher_suites) == 0) {
  5743. if (fatal)
  5744. SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED);
  5745. else
  5746. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHERS_SPECIFIED);
  5747. return 0;
  5748. }
  5749. if (PACKET_remaining(cipher_suites) % n != 0) {
  5750. if (fatal)
  5751. SSLfatal(s, SSL_AD_DECODE_ERROR,
  5752. SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  5753. else
  5754. ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
  5755. return 0;
  5756. }
  5757. sk = sk_SSL_CIPHER_new_null();
  5758. scsvs = sk_SSL_CIPHER_new_null();
  5759. if (sk == NULL || scsvs == NULL) {
  5760. if (fatal)
  5761. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
  5762. else
  5763. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  5764. goto err;
  5765. }
  5766. while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
  5767. /*
  5768. * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
  5769. * first byte set to zero, while true SSLv2 ciphers have a non-zero
  5770. * first byte. We don't support any true SSLv2 ciphers, so skip them.
  5771. */
  5772. if (sslv2format && cipher[0] != '\0')
  5773. continue;
  5774. /* For SSLv2-compat, ignore leading 0-byte. */
  5775. c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
  5776. if (c != NULL) {
  5777. if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
  5778. (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
  5779. if (fatal)
  5780. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
  5781. else
  5782. ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
  5783. goto err;
  5784. }
  5785. }
  5786. }
  5787. if (PACKET_remaining(cipher_suites) > 0) {
  5788. if (fatal)
  5789. SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_LENGTH);
  5790. else
  5791. ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
  5792. goto err;
  5793. }
  5794. if (skp != NULL)
  5795. *skp = sk;
  5796. else
  5797. sk_SSL_CIPHER_free(sk);
  5798. if (scsvs_out != NULL)
  5799. *scsvs_out = scsvs;
  5800. else
  5801. sk_SSL_CIPHER_free(scsvs);
  5802. return 1;
  5803. err:
  5804. sk_SSL_CIPHER_free(sk);
  5805. sk_SSL_CIPHER_free(scsvs);
  5806. return 0;
  5807. }
  5808. int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
  5809. {
  5810. ctx->max_early_data = max_early_data;
  5811. return 1;
  5812. }
  5813. uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
  5814. {
  5815. return ctx->max_early_data;
  5816. }
  5817. int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
  5818. {
  5819. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  5820. if (sc == NULL)
  5821. return 0;
  5822. sc->max_early_data = max_early_data;
  5823. return 1;
  5824. }
  5825. uint32_t SSL_get_max_early_data(const SSL *s)
  5826. {
  5827. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5828. if (sc == NULL)
  5829. return 0;
  5830. return sc->max_early_data;
  5831. }
  5832. int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
  5833. {
  5834. ctx->recv_max_early_data = recv_max_early_data;
  5835. return 1;
  5836. }
  5837. uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
  5838. {
  5839. return ctx->recv_max_early_data;
  5840. }
  5841. int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)
  5842. {
  5843. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  5844. if (sc == NULL)
  5845. return 0;
  5846. sc->recv_max_early_data = recv_max_early_data;
  5847. return 1;
  5848. }
  5849. uint32_t SSL_get_recv_max_early_data(const SSL *s)
  5850. {
  5851. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  5852. if (sc == NULL)
  5853. return 0;
  5854. return sc->recv_max_early_data;
  5855. }
  5856. __owur unsigned int ssl_get_max_send_fragment(const SSL_CONNECTION *sc)
  5857. {
  5858. /* Return any active Max Fragment Len extension */
  5859. if (sc->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(sc->session))
  5860. return GET_MAX_FRAGMENT_LENGTH(sc->session);
  5861. /* return current SSL connection setting */
  5862. return sc->max_send_fragment;
  5863. }
  5864. __owur unsigned int ssl_get_split_send_fragment(const SSL_CONNECTION *sc)
  5865. {
  5866. /* Return a value regarding an active Max Fragment Len extension */
  5867. if (sc->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(sc->session)
  5868. && sc->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(sc->session))
  5869. return GET_MAX_FRAGMENT_LENGTH(sc->session);
  5870. /* else limit |split_send_fragment| to current |max_send_fragment| */
  5871. if (sc->split_send_fragment > sc->max_send_fragment)
  5872. return sc->max_send_fragment;
  5873. /* return current SSL connection setting */
  5874. return sc->split_send_fragment;
  5875. }
  5876. int SSL_stateless(SSL *s)
  5877. {
  5878. int ret;
  5879. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  5880. if (sc == NULL)
  5881. return 0;
  5882. /* Ensure there is no state left over from a previous invocation */
  5883. if (!SSL_clear(s))
  5884. return 0;
  5885. ERR_clear_error();
  5886. sc->s3.flags |= TLS1_FLAGS_STATELESS;
  5887. ret = SSL_accept(s);
  5888. sc->s3.flags &= ~TLS1_FLAGS_STATELESS;
  5889. if (ret > 0 && sc->ext.cookieok)
  5890. return 1;
  5891. if (sc->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(sc))
  5892. return 0;
  5893. return -1;
  5894. }
  5895. void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
  5896. {
  5897. ctx->pha_enabled = val;
  5898. }
  5899. void SSL_set_post_handshake_auth(SSL *ssl, int val)
  5900. {
  5901. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
  5902. if (sc == NULL)
  5903. return;
  5904. sc->pha_enabled = val;
  5905. }
  5906. int SSL_verify_client_post_handshake(SSL *ssl)
  5907. {
  5908. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
  5909. #ifndef OPENSSL_NO_QUIC
  5910. if (IS_QUIC(ssl)) {
  5911. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  5912. return 0;
  5913. }
  5914. #endif
  5915. if (sc == NULL)
  5916. return 0;
  5917. if (!SSL_CONNECTION_IS_TLS13(sc)) {
  5918. ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
  5919. return 0;
  5920. }
  5921. if (!sc->server) {
  5922. ERR_raise(ERR_LIB_SSL, SSL_R_NOT_SERVER);
  5923. return 0;
  5924. }
  5925. if (!SSL_is_init_finished(ssl)) {
  5926. ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT);
  5927. return 0;
  5928. }
  5929. switch (sc->post_handshake_auth) {
  5930. case SSL_PHA_NONE:
  5931. ERR_raise(ERR_LIB_SSL, SSL_R_EXTENSION_NOT_RECEIVED);
  5932. return 0;
  5933. default:
  5934. case SSL_PHA_EXT_SENT:
  5935. ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  5936. return 0;
  5937. case SSL_PHA_EXT_RECEIVED:
  5938. break;
  5939. case SSL_PHA_REQUEST_PENDING:
  5940. ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_PENDING);
  5941. return 0;
  5942. case SSL_PHA_REQUESTED:
  5943. ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_SENT);
  5944. return 0;
  5945. }
  5946. sc->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
  5947. /* checks verify_mode and algorithm_auth */
  5948. if (!send_certificate_request(sc)) {
  5949. sc->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
  5950. ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CONFIG);
  5951. return 0;
  5952. }
  5953. ossl_statem_set_in_init(sc, 1);
  5954. return 1;
  5955. }
  5956. int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
  5957. SSL_CTX_generate_session_ticket_fn gen_cb,
  5958. SSL_CTX_decrypt_session_ticket_fn dec_cb,
  5959. void *arg)
  5960. {
  5961. ctx->generate_ticket_cb = gen_cb;
  5962. ctx->decrypt_ticket_cb = dec_cb;
  5963. ctx->ticket_cb_data = arg;
  5964. return 1;
  5965. }
  5966. void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
  5967. SSL_allow_early_data_cb_fn cb,
  5968. void *arg)
  5969. {
  5970. ctx->allow_early_data_cb = cb;
  5971. ctx->allow_early_data_cb_data = arg;
  5972. }
  5973. void SSL_set_allow_early_data_cb(SSL *s,
  5974. SSL_allow_early_data_cb_fn cb,
  5975. void *arg)
  5976. {
  5977. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  5978. if (sc == NULL)
  5979. return;
  5980. sc->allow_early_data_cb = cb;
  5981. sc->allow_early_data_cb_data = arg;
  5982. }
  5983. const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx,
  5984. int nid,
  5985. const char *properties)
  5986. {
  5987. const EVP_CIPHER *ciph;
  5988. ciph = tls_get_cipher_from_engine(nid);
  5989. if (ciph != NULL)
  5990. return ciph;
  5991. /*
  5992. * If there is no engine cipher then we do an explicit fetch. This may fail
  5993. * and that could be ok
  5994. */
  5995. ERR_set_mark();
  5996. ciph = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties);
  5997. ERR_pop_to_mark();
  5998. return ciph;
  5999. }
  6000. int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher)
  6001. {
  6002. /* Don't up-ref an implicit EVP_CIPHER */
  6003. if (EVP_CIPHER_get0_provider(cipher) == NULL)
  6004. return 1;
  6005. /*
  6006. * The cipher was explicitly fetched and therefore it is safe to cast
  6007. * away the const
  6008. */
  6009. return EVP_CIPHER_up_ref((EVP_CIPHER *)cipher);
  6010. }
  6011. void ssl_evp_cipher_free(const EVP_CIPHER *cipher)
  6012. {
  6013. if (cipher == NULL)
  6014. return;
  6015. if (EVP_CIPHER_get0_provider(cipher) != NULL) {
  6016. /*
  6017. * The cipher was explicitly fetched and therefore it is safe to cast
  6018. * away the const
  6019. */
  6020. EVP_CIPHER_free((EVP_CIPHER *)cipher);
  6021. }
  6022. }
  6023. const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx,
  6024. int nid,
  6025. const char *properties)
  6026. {
  6027. const EVP_MD *md;
  6028. md = tls_get_digest_from_engine(nid);
  6029. if (md != NULL)
  6030. return md;
  6031. /* Otherwise we do an explicit fetch */
  6032. ERR_set_mark();
  6033. md = EVP_MD_fetch(libctx, OBJ_nid2sn(nid), properties);
  6034. ERR_pop_to_mark();
  6035. return md;
  6036. }
  6037. int ssl_evp_md_up_ref(const EVP_MD *md)
  6038. {
  6039. /* Don't up-ref an implicit EVP_MD */
  6040. if (EVP_MD_get0_provider(md) == NULL)
  6041. return 1;
  6042. /*
  6043. * The digest was explicitly fetched and therefore it is safe to cast
  6044. * away the const
  6045. */
  6046. return EVP_MD_up_ref((EVP_MD *)md);
  6047. }
  6048. void ssl_evp_md_free(const EVP_MD *md)
  6049. {
  6050. if (md == NULL)
  6051. return;
  6052. if (EVP_MD_get0_provider(md) != NULL) {
  6053. /*
  6054. * The digest was explicitly fetched and therefore it is safe to cast
  6055. * away the const
  6056. */
  6057. EVP_MD_free((EVP_MD *)md);
  6058. }
  6059. }
  6060. int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey)
  6061. {
  6062. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6063. if (sc == NULL)
  6064. return 0;
  6065. if (!ssl_security(sc, SSL_SECOP_TMP_DH,
  6066. EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
  6067. ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
  6068. return 0;
  6069. }
  6070. EVP_PKEY_free(sc->cert->dh_tmp);
  6071. sc->cert->dh_tmp = dhpkey;
  6072. return 1;
  6073. }
  6074. int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey)
  6075. {
  6076. if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
  6077. EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
  6078. ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
  6079. return 0;
  6080. }
  6081. EVP_PKEY_free(ctx->cert->dh_tmp);
  6082. ctx->cert->dh_tmp = dhpkey;
  6083. return 1;
  6084. }
  6085. /* QUIC-specific methods which are supported on QUIC connections only. */
  6086. int SSL_handle_events(SSL *s)
  6087. {
  6088. SSL_CONNECTION *sc;
  6089. #ifndef OPENSSL_NO_QUIC
  6090. if (IS_QUIC(s))
  6091. return ossl_quic_handle_events(s);
  6092. #endif
  6093. sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  6094. if (sc != NULL && SSL_CONNECTION_IS_DTLS(sc))
  6095. /*
  6096. * DTLSv1_handle_timeout returns 0 if the timer wasn't expired yet,
  6097. * which we consider a success case. Theoretically DTLSv1_handle_timeout
  6098. * can also return 0 if s is NULL or not a DTLS object, but we've
  6099. * already ruled out those possibilities above, so this is not possible
  6100. * here. Thus the only failure cases are where DTLSv1_handle_timeout
  6101. * returns -1.
  6102. */
  6103. return DTLSv1_handle_timeout(s) >= 0;
  6104. return 1;
  6105. }
  6106. int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite)
  6107. {
  6108. SSL_CONNECTION *sc;
  6109. #ifndef OPENSSL_NO_QUIC
  6110. if (IS_QUIC(s))
  6111. return ossl_quic_get_event_timeout(s, tv, is_infinite);
  6112. #endif
  6113. sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
  6114. if (sc != NULL && SSL_CONNECTION_IS_DTLS(sc)
  6115. && DTLSv1_get_timeout(s, tv)) {
  6116. *is_infinite = 0;
  6117. return 1;
  6118. }
  6119. tv->tv_sec = 1000000;
  6120. tv->tv_usec = 0;
  6121. *is_infinite = 1;
  6122. return 1;
  6123. }
  6124. int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
  6125. {
  6126. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6127. #ifndef OPENSSL_NO_QUIC
  6128. if (IS_QUIC(s))
  6129. return ossl_quic_get_rpoll_descriptor(s, desc);
  6130. #endif
  6131. if (sc == NULL || sc->rbio == NULL)
  6132. return 0;
  6133. return BIO_get_rpoll_descriptor(sc->rbio, desc);
  6134. }
  6135. int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc)
  6136. {
  6137. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6138. #ifndef OPENSSL_NO_QUIC
  6139. if (IS_QUIC(s))
  6140. return ossl_quic_get_wpoll_descriptor(s, desc);
  6141. #endif
  6142. if (sc == NULL || sc->wbio == NULL)
  6143. return 0;
  6144. return BIO_get_wpoll_descriptor(sc->wbio, desc);
  6145. }
  6146. int SSL_net_read_desired(SSL *s)
  6147. {
  6148. #ifndef OPENSSL_NO_QUIC
  6149. if (!IS_QUIC(s))
  6150. return SSL_want_read(s);
  6151. return ossl_quic_get_net_read_desired(s);
  6152. #else
  6153. return SSL_want_read(s);
  6154. #endif
  6155. }
  6156. int SSL_net_write_desired(SSL *s)
  6157. {
  6158. #ifndef OPENSSL_NO_QUIC
  6159. if (!IS_QUIC(s))
  6160. return SSL_want_write(s);
  6161. return ossl_quic_get_net_write_desired(s);
  6162. #else
  6163. return SSL_want_write(s);
  6164. #endif
  6165. }
  6166. int SSL_set_blocking_mode(SSL *s, int blocking)
  6167. {
  6168. #ifndef OPENSSL_NO_QUIC
  6169. if (!IS_QUIC(s))
  6170. return 0;
  6171. return ossl_quic_conn_set_blocking_mode(s, blocking);
  6172. #else
  6173. return 0;
  6174. #endif
  6175. }
  6176. int SSL_get_blocking_mode(SSL *s)
  6177. {
  6178. #ifndef OPENSSL_NO_QUIC
  6179. if (!IS_QUIC(s))
  6180. return -1;
  6181. return ossl_quic_conn_get_blocking_mode(s);
  6182. #else
  6183. return -1;
  6184. #endif
  6185. }
  6186. int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr)
  6187. {
  6188. #ifndef OPENSSL_NO_QUIC
  6189. if (!IS_QUIC(s))
  6190. return 0;
  6191. return ossl_quic_conn_set_initial_peer_addr(s, peer_addr);
  6192. #else
  6193. return 0;
  6194. #endif
  6195. }
  6196. int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
  6197. const SSL_SHUTDOWN_EX_ARGS *args,
  6198. size_t args_len)
  6199. {
  6200. #ifndef OPENSSL_NO_QUIC
  6201. if (!IS_QUIC(ssl))
  6202. return SSL_shutdown(ssl);
  6203. return ossl_quic_conn_shutdown(ssl, flags, args, args_len);
  6204. #else
  6205. return SSL_shutdown(ssl);
  6206. #endif
  6207. }
  6208. int SSL_stream_conclude(SSL *ssl, uint64_t flags)
  6209. {
  6210. #ifndef OPENSSL_NO_QUIC
  6211. if (!IS_QUIC(ssl))
  6212. return 0;
  6213. return ossl_quic_conn_stream_conclude(ssl);
  6214. #else
  6215. return 0;
  6216. #endif
  6217. }
  6218. SSL *SSL_new_stream(SSL *s, uint64_t flags)
  6219. {
  6220. #ifndef OPENSSL_NO_QUIC
  6221. if (!IS_QUIC(s))
  6222. return NULL;
  6223. return ossl_quic_conn_stream_new(s, flags);
  6224. #else
  6225. return NULL;
  6226. #endif
  6227. }
  6228. SSL *SSL_get0_connection(SSL *s)
  6229. {
  6230. #ifndef OPENSSL_NO_QUIC
  6231. if (!IS_QUIC(s))
  6232. return s;
  6233. return ossl_quic_get0_connection(s);
  6234. #else
  6235. return s;
  6236. #endif
  6237. }
  6238. int SSL_is_connection(SSL *s)
  6239. {
  6240. return SSL_get0_connection(s) == s;
  6241. }
  6242. int SSL_get_stream_type(SSL *s)
  6243. {
  6244. #ifndef OPENSSL_NO_QUIC
  6245. if (!IS_QUIC(s))
  6246. return SSL_STREAM_TYPE_BIDI;
  6247. return ossl_quic_get_stream_type(s);
  6248. #else
  6249. return SSL_STREAM_TYPE_BIDI;
  6250. #endif
  6251. }
  6252. uint64_t SSL_get_stream_id(SSL *s)
  6253. {
  6254. #ifndef OPENSSL_NO_QUIC
  6255. if (!IS_QUIC(s))
  6256. return UINT64_MAX;
  6257. return ossl_quic_get_stream_id(s);
  6258. #else
  6259. return UINT64_MAX;
  6260. #endif
  6261. }
  6262. int SSL_is_stream_local(SSL *s)
  6263. {
  6264. #ifndef OPENSSL_NO_QUIC
  6265. if (!IS_QUIC(s))
  6266. return -1;
  6267. return ossl_quic_is_stream_local(s);
  6268. #else
  6269. return -1;
  6270. #endif
  6271. }
  6272. int SSL_set_default_stream_mode(SSL *s, uint32_t mode)
  6273. {
  6274. #ifndef OPENSSL_NO_QUIC
  6275. if (!IS_QUIC(s))
  6276. return 0;
  6277. return ossl_quic_set_default_stream_mode(s, mode);
  6278. #else
  6279. return 0;
  6280. #endif
  6281. }
  6282. int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec)
  6283. {
  6284. #ifndef OPENSSL_NO_QUIC
  6285. if (!IS_QUIC(s))
  6286. return 0;
  6287. return ossl_quic_set_incoming_stream_policy(s, policy, aec);
  6288. #else
  6289. return 0;
  6290. #endif
  6291. }
  6292. SSL *SSL_accept_stream(SSL *s, uint64_t flags)
  6293. {
  6294. #ifndef OPENSSL_NO_QUIC
  6295. if (!IS_QUIC(s))
  6296. return NULL;
  6297. return ossl_quic_accept_stream(s, flags);
  6298. #else
  6299. return NULL;
  6300. #endif
  6301. }
  6302. size_t SSL_get_accept_stream_queue_len(SSL *s)
  6303. {
  6304. #ifndef OPENSSL_NO_QUIC
  6305. if (!IS_QUIC(s))
  6306. return 0;
  6307. return ossl_quic_get_accept_stream_queue_len(s);
  6308. #else
  6309. return 0;
  6310. #endif
  6311. }
  6312. int SSL_stream_reset(SSL *s,
  6313. const SSL_STREAM_RESET_ARGS *args,
  6314. size_t args_len)
  6315. {
  6316. #ifndef OPENSSL_NO_QUIC
  6317. if (!IS_QUIC(s))
  6318. return 0;
  6319. return ossl_quic_stream_reset(s, args, args_len);
  6320. #else
  6321. return 0;
  6322. #endif
  6323. }
  6324. int SSL_get_stream_read_state(SSL *s)
  6325. {
  6326. #ifndef OPENSSL_NO_QUIC
  6327. if (!IS_QUIC(s))
  6328. return SSL_STREAM_STATE_NONE;
  6329. return ossl_quic_get_stream_read_state(s);
  6330. #else
  6331. return SSL_STREAM_STATE_NONE;
  6332. #endif
  6333. }
  6334. int SSL_get_stream_write_state(SSL *s)
  6335. {
  6336. #ifndef OPENSSL_NO_QUIC
  6337. if (!IS_QUIC(s))
  6338. return SSL_STREAM_STATE_NONE;
  6339. return ossl_quic_get_stream_write_state(s);
  6340. #else
  6341. return SSL_STREAM_STATE_NONE;
  6342. #endif
  6343. }
  6344. int SSL_get_stream_read_error_code(SSL *s, uint64_t *app_error_code)
  6345. {
  6346. #ifndef OPENSSL_NO_QUIC
  6347. if (!IS_QUIC(s))
  6348. return -1;
  6349. return ossl_quic_get_stream_read_error_code(s, app_error_code);
  6350. #else
  6351. return -1;
  6352. #endif
  6353. }
  6354. int SSL_get_stream_write_error_code(SSL *s, uint64_t *app_error_code)
  6355. {
  6356. #ifndef OPENSSL_NO_QUIC
  6357. if (!IS_QUIC(s))
  6358. return -1;
  6359. return ossl_quic_get_stream_write_error_code(s, app_error_code);
  6360. #else
  6361. return -1;
  6362. #endif
  6363. }
  6364. int SSL_get_conn_close_info(SSL *s, SSL_CONN_CLOSE_INFO *info,
  6365. size_t info_len)
  6366. {
  6367. #ifndef OPENSSL_NO_QUIC
  6368. if (!IS_QUIC(s))
  6369. return -1;
  6370. return ossl_quic_get_conn_close_info(s, info, info_len);
  6371. #else
  6372. return -1;
  6373. #endif
  6374. }
  6375. int SSL_get_value_uint(SSL *s, uint32_t class_, uint32_t id,
  6376. uint64_t *value)
  6377. {
  6378. #ifndef OPENSSL_NO_QUIC
  6379. if (IS_QUIC(s))
  6380. return ossl_quic_get_value_uint(s, class_, id, value);
  6381. #endif
  6382. ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_PROTOCOL);
  6383. return 0;
  6384. }
  6385. int SSL_set_value_uint(SSL *s, uint32_t class_, uint32_t id,
  6386. uint64_t value)
  6387. {
  6388. #ifndef OPENSSL_NO_QUIC
  6389. if (IS_QUIC(s))
  6390. return ossl_quic_set_value_uint(s, class_, id, value);
  6391. #endif
  6392. ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_PROTOCOL);
  6393. return 0;
  6394. }
  6395. int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk)
  6396. {
  6397. unsigned char *data = NULL;
  6398. SSL_DANE *dane = SSL_get0_dane(s);
  6399. int ret;
  6400. if (dane == NULL || dane->dctx == NULL)
  6401. return 0;
  6402. if ((ret = i2d_PUBKEY(rpk, &data)) <= 0)
  6403. return 0;
  6404. ret = SSL_dane_tlsa_add(s, DANETLS_USAGE_DANE_EE,
  6405. DANETLS_SELECTOR_SPKI,
  6406. DANETLS_MATCHING_FULL,
  6407. data, (size_t)ret) > 0;
  6408. OPENSSL_free(data);
  6409. return ret;
  6410. }
  6411. EVP_PKEY *SSL_get0_peer_rpk(const SSL *s)
  6412. {
  6413. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6414. if (sc == NULL || sc->session == NULL)
  6415. return NULL;
  6416. return sc->session->peer_rpk;
  6417. }
  6418. int SSL_get_negotiated_client_cert_type(const SSL *s)
  6419. {
  6420. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6421. if (sc == NULL)
  6422. return 0;
  6423. return sc->ext.client_cert_type;
  6424. }
  6425. int SSL_get_negotiated_server_cert_type(const SSL *s)
  6426. {
  6427. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6428. if (sc == NULL)
  6429. return 0;
  6430. return sc->ext.server_cert_type;
  6431. }
  6432. static int validate_cert_type(const unsigned char *val, size_t len)
  6433. {
  6434. size_t i;
  6435. int saw_rpk = 0;
  6436. int saw_x509 = 0;
  6437. if (val == NULL && len == 0)
  6438. return 1;
  6439. if (val == NULL || len == 0)
  6440. return 0;
  6441. for (i = 0; i < len; i++) {
  6442. switch (val[i]) {
  6443. case TLSEXT_cert_type_rpk:
  6444. if (saw_rpk)
  6445. return 0;
  6446. saw_rpk = 1;
  6447. break;
  6448. case TLSEXT_cert_type_x509:
  6449. if (saw_x509)
  6450. return 0;
  6451. saw_x509 = 1;
  6452. break;
  6453. case TLSEXT_cert_type_pgp:
  6454. case TLSEXT_cert_type_1609dot2:
  6455. default:
  6456. return 0;
  6457. }
  6458. }
  6459. return 1;
  6460. }
  6461. static int set_cert_type(unsigned char **cert_type,
  6462. size_t *cert_type_len,
  6463. const unsigned char *val,
  6464. size_t len)
  6465. {
  6466. unsigned char *tmp = NULL;
  6467. if (!validate_cert_type(val, len))
  6468. return 0;
  6469. if (val != NULL && (tmp = OPENSSL_memdup(val, len)) == NULL)
  6470. return 0;
  6471. OPENSSL_free(*cert_type);
  6472. *cert_type = tmp;
  6473. *cert_type_len = len;
  6474. return 1;
  6475. }
  6476. int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len)
  6477. {
  6478. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6479. return set_cert_type(&sc->client_cert_type, &sc->client_cert_type_len,
  6480. val, len);
  6481. }
  6482. int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len)
  6483. {
  6484. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  6485. return set_cert_type(&sc->server_cert_type, &sc->server_cert_type_len,
  6486. val, len);
  6487. }
  6488. int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len)
  6489. {
  6490. return set_cert_type(&ctx->client_cert_type, &ctx->client_cert_type_len,
  6491. val, len);
  6492. }
  6493. int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len)
  6494. {
  6495. return set_cert_type(&ctx->server_cert_type, &ctx->server_cert_type_len,
  6496. val, len);
  6497. }
  6498. int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len)
  6499. {
  6500. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  6501. if (t == NULL || len == NULL)
  6502. return 0;
  6503. *t = sc->client_cert_type;
  6504. *len = sc->client_cert_type_len;
  6505. return 1;
  6506. }
  6507. int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len)
  6508. {
  6509. const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
  6510. if (t == NULL || len == NULL)
  6511. return 0;
  6512. *t = sc->server_cert_type;
  6513. *len = sc->server_cert_type_len;
  6514. return 1;
  6515. }
  6516. int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len)
  6517. {
  6518. if (t == NULL || len == NULL)
  6519. return 0;
  6520. *t = ctx->client_cert_type;
  6521. *len = ctx->client_cert_type_len;
  6522. return 1;
  6523. }
  6524. int SSL_CTX_get0_server_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len)
  6525. {
  6526. if (t == NULL || len == NULL)
  6527. return 0;
  6528. *t = ctx->server_cert_type;
  6529. *len = ctx->server_cert_type_len;
  6530. return 1;
  6531. }