Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
Apq
/
winscp
-ын хуулбар https://github.com/winscp/winscp.git
1
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Мод: 2cede12eb7
Салаанууд Тагууд
winscp
/
libs
/
openssl
/
ssl
/
ssl_lib.c

ssl_lib.c 157 KB
Түүх Анхны өгөгдөл

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638 
  1. /*
    2. 

  2.  * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
    4. 

  4.  * Copyright 2005 Nokia. All rights reserved.
    5. 

  5.  *
    6. 

  6.  * Licensed under the OpenSSL license (the "License").  You may not use
    7. 

  7.  * this file except in compliance with the License.  You can obtain a copy
    8. 

  8.  * in the file LICENSE in the source distribution or at
    9. 

  9.  * https://www.openssl.org/source/license.html
    10. 

  10.  */
    11. 

  11. 

  12. #include <stdio.h>
    13. 

  13. #include "ssl_local.h"
    14. 

  14. #include <openssl/objects.h>
    15. 

  15. #include <openssl/x509v3.h>
    16. 

  16. #include <openssl/rand.h>
    17. 

  17. #include <openssl/rand_drbg.h>
    18. 

  18. #include <openssl/ocsp.h>
    19. 

  19. #include <openssl/dh.h>
    20. 

  20. #include <openssl/engine.h>
    21. 

  21. #include <openssl/async.h>
    22. 

  22. #include <openssl/ct.h>
    23. 

  23. #include "internal/cryptlib.h"
    24. 

  24. #include "internal/refcount.h"
    25. 

  25. 

  26. const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
    27. 

  27. 

  28. static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t)
    29. 

  29. {
    30. 

  30.     (void)r;
    31. 

  31.     (void)s;
    32. 

  32.     (void)t;
    33. 

  33.     return ssl_undefined_function(ssl);
    34. 

  34. }
    35. 

  35. 

  36. static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s,
    37. 

  37.                                     int t)
    38. 

  38. {
    39. 

  39.     (void)r;
    40. 

  40.     (void)s;
    41. 

  41.     (void)t;
    42. 

  42.     return ssl_undefined_function(ssl);
    43. 

  43. }
    44. 

  44. 

  45. static int ssl_undefined_function_3(SSL *ssl, unsigned char *r,
    46. 

  46.                                     unsigned char *s, size_t t, size_t *u)
    47. 

  47. {
    48. 

  48.     (void)r;
    49. 

  49.     (void)s;
    50. 

  50.     (void)t;
    51. 

  51.     (void)u;
    52. 

  52.     return ssl_undefined_function(ssl);
    53. 

  53. }
    54. 

  54. 

  55. static int ssl_undefined_function_4(SSL *ssl, int r)
    56. 

  56. {
    57. 

  57.     (void)r;
    58. 

  58.     return ssl_undefined_function(ssl);
    59. 

  59. }
    60. 

  60. 

  61. static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s,
    62. 

  62.                                        unsigned char *t)
    63. 

  63. {
    64. 

  64.     (void)r;
    65. 

  65.     (void)s;
    66. 

  66.     (void)t;
    67. 

  67.     return ssl_undefined_function(ssl);
    68. 

  68. }
    69. 

  69. 

  70. static int ssl_undefined_function_6(int r)
    71. 

  71. {
    72. 

  72.     (void)r;
    73. 

  73.     return ssl_undefined_function(NULL);
    74. 

  74. }
    75. 

  75. 

  76. static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s,
    77. 

  77.                                     const char *t, size_t u,
    78. 

  78.                                     const unsigned char *v, size_t w, int x)
    79. 

  79. {
    80. 

  80.     (void)r;
    81. 

  81.     (void)s;
    82. 

  82.     (void)t;
    83. 

  83.     (void)u;
    84. 

  84.     (void)v;
    85. 

  85.     (void)w;
    86. 

  86.     (void)x;
    87. 

  87.     return ssl_undefined_function(ssl);
    88. 

  88. }
    89. 

  89. 

  90. SSL3_ENC_METHOD ssl3_undef_enc_method = {
    91. 

  91.     ssl_undefined_function_1,
    92. 

  92.     ssl_undefined_function_2,
    93. 

  93.     ssl_undefined_function,
    94. 

  94.     ssl_undefined_function_3,
    95. 

  95.     ssl_undefined_function_4,
    96. 

  96.     ssl_undefined_function_5,
    97. 

  97.     NULL,                       /* client_finished_label */
    98. 

  98.     0,                          /* client_finished_label_len */
    99. 

  99.     NULL,                       /* server_finished_label */
    100. 

  100.     0,                          /* server_finished_label_len */
    101. 

  101.     ssl_undefined_function_6,
    102. 

  102.     ssl_undefined_function_7,
    103. 

  103. };
    104. 

  104. 

  105. struct ssl_async_args {
    106. 

  106.     SSL *s;
    107. 

  107.     void *buf;
    108. 

  108.     size_t num;
    109. 

  109.     enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
    110. 

  110.     union {
    111. 

  111.         int (*func_read) (SSL *, void *, size_t, size_t *);
    112. 

  112.         int (*func_write) (SSL *, const void *, size_t, size_t *);
    113. 

  113.         int (*func_other) (SSL *);
    114. 

  114.     } f;
    115. 

  115. };
    116. 

  116. 

  117. static const struct {
    118. 

  118.     uint8_t mtype;
    119. 

  119.     uint8_t ord;
    120. 

  120.     int nid;
    121. 

  121. } dane_mds[] = {
    122. 

  122.     {
    123. 

  123.         DANETLS_MATCHING_FULL, 0, NID_undef
    124. 

  124.     },
    125. 

  125.     {
    126. 

  126.         DANETLS_MATCHING_2256, 1, NID_sha256
    127. 

  127.     },
    128. 

  128.     {
    129. 

  129.         DANETLS_MATCHING_2512, 2, NID_sha512
    130. 

  130.     },
    131. 

  131. };
    132. 

  132. 

  133. static int dane_ctx_enable(struct dane_ctx_st *dctx)
    134. 

  134. {
    135. 

  135.     const EVP_MD **mdevp;
    136. 

  136.     uint8_t *mdord;
    137. 

  137.     uint8_t mdmax = DANETLS_MATCHING_LAST;
    138. 

  138.     int n = ((int)mdmax) + 1;   /* int to handle PrivMatch(255) */
    139. 

  139.     size_t i;
    140. 

  140. 

  141.     if (dctx->mdevp != NULL)
    142. 

  142.         return 1;
    143. 

  143. 

  144.     mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
    145. 

  145.     mdord = OPENSSL_zalloc(n * sizeof(*mdord));
    146. 

  146. 

  147.     if (mdord == NULL || mdevp == NULL) {
    148. 

  148.         OPENSSL_free(mdord);
    149. 

  149.         OPENSSL_free(mdevp);
    150. 

  150.         SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
    151. 

  151.         return 0;
    152. 

  152.     }
    153. 

  153. 

  154.     /* Install default entries */
    155. 

  155.     for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
    156. 

  156.         const EVP_MD *md;
    157. 

  157. 

  158.         if (dane_mds[i].nid == NID_undef ||
    159. 

  159.             (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
    160. 

  160.             continue;
    161. 

  161.         mdevp[dane_mds[i].mtype] = md;
    162. 

  162.         mdord[dane_mds[i].mtype] = dane_mds[i].ord;
    163. 

  163.     }
    164. 

  164. 

  165.     dctx->mdevp = mdevp;
    166. 

  166.     dctx->mdord = mdord;
    167. 

  167.     dctx->mdmax = mdmax;
    168. 

  168. 

  169.     return 1;
    170. 

  170. }
    171. 

  171. 

  172. static void dane_ctx_final(struct dane_ctx_st *dctx)
    173. 

  173. {
    174. 

  174.     OPENSSL_free(dctx->mdevp);
    175. 

  175.     dctx->mdevp = NULL;
    176. 

  176. 

  177.     OPENSSL_free(dctx->mdord);
    178. 

  178.     dctx->mdord = NULL;
    179. 

  179.     dctx->mdmax = 0;
    180. 

  180. }
    181. 

  181. 

  182. static void tlsa_free(danetls_record *t)
    183. 

  183. {
    184. 

  184.     if (t == NULL)
    185. 

  185.         return;
    186. 

  186.     OPENSSL_free(t->data);
    187. 

  187.     EVP_PKEY_free(t->spki);
    188. 

  188.     OPENSSL_free(t);
    189. 

  189. }
    190. 

  190. 

  191. static void dane_final(SSL_DANE *dane)
    192. 

  192. {
    193. 

  193.     sk_danetls_record_pop_free(dane->trecs, tlsa_free);
    194. 

  194.     dane->trecs = NULL;
    195. 

  195. 

  196.     sk_X509_pop_free(dane->certs, X509_free);
    197. 

  197.     dane->certs = NULL;
    198. 

  198. 

  199.     X509_free(dane->mcert);
    200. 

  200.     dane->mcert = NULL;
    201. 

  201.     dane->mtlsa = NULL;
    202. 

  202.     dane->mdpth = -1;
    203. 

  203.     dane->pdpth = -1;
    204. 

  204. }
    205. 

  205. 

  206. /*
    207. 

  207.  * dane_copy - Copy dane configuration, sans verification state.
    208. 

  208.  */
    209. 

  209. static int ssl_dane_dup(SSL *to, SSL *from)
    210. 

  210. {
    211. 

  211.     int num;
    212. 

  212.     int i;
    213. 

  213. 

  214.     if (!DANETLS_ENABLED(&from->dane))
    215. 

  215.         return 1;
    216. 

  216. 

  217.     num = sk_danetls_record_num(from->dane.trecs);
    218. 

  218.     dane_final(&to->dane);
    219. 

  219.     to->dane.flags = from->dane.flags;
    220. 

  220.     to->dane.dctx = &to->ctx->dane;
    221. 

  221.     to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
    222. 

  222. 

  223.     if (to->dane.trecs == NULL) {
    224. 

  224.         SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
    225. 

  225.         return 0;
    226. 

  226.     }
    227. 

  227. 

  228.     for (i = 0; i < num; ++i) {
    229. 

  229.         danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
    230. 

  230. 

  231.         if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
    232. 

  232.                               t->data, t->dlen) <= 0)
    233. 

  233.             return 0;
    234. 

  234.     }
    235. 

  235.     return 1;
    236. 

  236. }
    237. 

  237. 

  238. static int dane_mtype_set(struct dane_ctx_st *dctx,
    239. 

  239.                           const EVP_MD *md, uint8_t mtype, uint8_t ord)
    240. 

  240. {
    241. 

  241.     int i;
    242. 

  242. 

  243.     if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
    244. 

  244.         SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
    245. 

  245.         return 0;
    246. 

  246.     }
    247. 

  247. 

  248.     if (mtype > dctx->mdmax) {
    249. 

  249.         const EVP_MD **mdevp;
    250. 

  250.         uint8_t *mdord;
    251. 

  251.         int n = ((int)mtype) + 1;
    252. 

  252. 

  253.         mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
    254. 

  254.         if (mdevp == NULL) {
    255. 

  255.             SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
    256. 

  256.             return -1;
    257. 

  257.         }
    258. 

  258.         dctx->mdevp = mdevp;
    259. 

  259. 

  260.         mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
    261. 

  261.         if (mdord == NULL) {
    262. 

  262.             SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
    263. 

  263.             return -1;
    264. 

  264.         }
    265. 

  265.         dctx->mdord = mdord;
    266. 

  266. 

  267.         /* Zero-fill any gaps */
    268. 

  268.         for (i = dctx->mdmax + 1; i < mtype; ++i) {
    269. 

  269.             mdevp[i] = NULL;
    270. 

  270.             mdord[i] = 0;
    271. 

  271.         }
    272. 

  272. 

  273.         dctx->mdmax = mtype;
    274. 

  274.     }
    275. 

  275. 

  276.     dctx->mdevp[mtype] = md;
    277. 

  277.     /* Coerce ordinal of disabled matching types to 0 */
    278. 

  278.     dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
    279. 

  279. 

  280.     return 1;
    281. 

  281. }
    282. 

  282. 

  283. static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
    284. 

  284. {
    285. 

  285.     if (mtype > dane->dctx->mdmax)
    286. 

  286.         return NULL;
    287. 

  287.     return dane->dctx->mdevp[mtype];
    288. 

  288. }
    289. 

  289. 

  290. static int dane_tlsa_add(SSL_DANE *dane,
    291. 

  291.                          uint8_t usage,
    292. 

  292.                          uint8_t selector,
    293. 

  293.                          uint8_t mtype, unsigned const char *data, size_t dlen)
    294. 

  294. {
    295. 

  295.     danetls_record *t;
    296. 

  296.     const EVP_MD *md = NULL;
    297. 

  297.     int ilen = (int)dlen;
    298. 

  298.     int i;
    299. 

  299.     int num;
    300. 

  300. 

  301.     if (dane->trecs == NULL) {
    302. 

  302.         SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
    303. 

  303.         return -1;
    304. 

  304.     }
    305. 

  305. 

  306.     if (ilen < 0 || dlen != (size_t)ilen) {
    307. 

  307.         SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
    308. 

  308.         return 0;
    309. 

  309.     }
    310. 

  310. 

  311.     if (usage > DANETLS_USAGE_LAST) {
    312. 

  312.         SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
    313. 

  313.         return 0;
    314. 

  314.     }
    315. 

  315. 

  316.     if (selector > DANETLS_SELECTOR_LAST) {
    317. 

  317.         SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);
    318. 

  318.         return 0;
    319. 

  319.     }
    320. 

  320. 

  321.     if (mtype != DANETLS_MATCHING_FULL) {
    322. 

  322.         md = tlsa_md_get(dane, mtype);
    323. 

  323.         if (md == NULL) {
    324. 

  324.             SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
    325. 

  325.             return 0;
    326. 

  326.         }
    327. 

  327.     }
    328. 

  328. 

  329.     if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
    330. 

  330.         SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
    331. 

  331.         return 0;
    332. 

  332.     }
    333. 

  333.     if (!data) {
    334. 

  334.         SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);
    335. 

  335.         return 0;
    336. 

  336.     }
    337. 

  337. 

  338.     if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
    339. 

  339.         SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
    340. 

  340.         return -1;
    341. 

  341.     }
    342. 

  342. 

  343.     t->usage = usage;
    344. 

  344.     t->selector = selector;
    345. 

  345.     t->mtype = mtype;
    346. 

  346.     t->data = OPENSSL_malloc(dlen);
    347. 

  347.     if (t->data == NULL) {
    348. 

  348.         tlsa_free(t);
    349. 

  349.         SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
    350. 

  350.         return -1;
    351. 

  351.     }
    352. 

  352.     memcpy(t->data, data, dlen);
    353. 

  353.     t->dlen = dlen;
    354. 

  354. 

  355.     /* Validate and cache full certificate or public key */
    356. 

  356.     if (mtype == DANETLS_MATCHING_FULL) {
    357. 

  357.         const unsigned char *p = data;
    358. 

  358.         X509 *cert = NULL;
    359. 

  359.         EVP_PKEY *pkey = NULL;
    360. 

  360. 

  361.         switch (selector) {
    362. 

  362.         case DANETLS_SELECTOR_CERT:
    363. 

  363.             if (!d2i_X509(&cert, &p, ilen) || p < data ||
    364. 

  364.                 dlen != (size_t)(p - data)) {
    365. 

  365.                 tlsa_free(t);
    366. 

  366.                 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
    367. 

  367.                 return 0;
    368. 

  368.             }
    369. 

  369.             if (X509_get0_pubkey(cert) == NULL) {
    370. 

  370.                 tlsa_free(t);
    371. 

  371.                 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
    372. 

  372.                 return 0;
    373. 

  373.             }
    374. 

  374. 

  375.             if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
    376. 

  376.                 X509_free(cert);
    377. 

  377.                 break;
    378. 

  378.             }
    379. 

  379. 

  380.             /*
    381. 

  381.              * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
    382. 

  382.              * records that contain full certificates of trust-anchors that are
    383. 

  383.              * not present in the wire chain.  For usage PKIX-TA(0), we augment
    384. 

  384.              * the chain with untrusted Full(0) certificates from DNS, in case
    385. 

  385.              * they are missing from the chain.
    386. 

  386.              */
    387. 

  387.             if ((dane->certs == NULL &&
    388. 

  388.                  (dane->certs = sk_X509_new_null()) == NULL) ||
    389. 

  389.                 !sk_X509_push(dane->certs, cert)) {
    390. 

  390.                 SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
    391. 

  391.                 X509_free(cert);
    392. 

  392.                 tlsa_free(t);
    393. 

  393.                 return -1;
    394. 

  394.             }
    395. 

  395.             break;
    396. 

  396. 

  397.         case DANETLS_SELECTOR_SPKI:
    398. 

  398.             if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
    399. 

  399.                 dlen != (size_t)(p - data)) {
    400. 

  400.                 tlsa_free(t);
    401. 

  401.                 SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
    402. 

  402.                 return 0;
    403. 

  403.             }
    404. 

  404. 

  405.             /*
    406. 

  406.              * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
    407. 

  407.              * records that contain full bare keys of trust-anchors that are
    408. 

  408.              * not present in the wire chain.
    409. 

  409.              */
    410. 

  410.             if (usage == DANETLS_USAGE_DANE_TA)
    411. 

  411.                 t->spki = pkey;
    412. 

  412.             else
    413. 

  413.                 EVP_PKEY_free(pkey);
    414. 

  414.             break;
    415. 

  415.         }
    416. 

  416.     }
    417. 

  417. 

  418.     /*-
    419. 

  419.      * Find the right insertion point for the new record.
    420. 

  420.      *
    421. 

  421.      * See crypto/x509/x509_vfy.c.  We sort DANE-EE(3) records first, so that
    422. 

  422.      * they can be processed first, as they require no chain building, and no
    423. 

  423.      * expiration or hostname checks.  Because DANE-EE(3) is numerically
    424. 

  424.      * largest, this is accomplished via descending sort by "usage".
    425. 

  425.      *
    426. 

  426.      * We also sort in descending order by matching ordinal to simplify
    427. 

  427.      * the implementation of digest agility in the verification code.
    428. 

  428.      *
    429. 

  429.      * The choice of order for the selector is not significant, so we
    430. 

  430.      * use the same descending order for consistency.
    431. 

  431.      */
    432. 

  432.     num = sk_danetls_record_num(dane->trecs);
    433. 

  433.     for (i = 0; i < num; ++i) {
    434. 

  434.         danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
    435. 

  435. 

  436.         if (rec->usage > usage)
    437. 

  437.             continue;
    438. 

  438.         if (rec->usage < usage)
    439. 

  439.             break;
    440. 

  440.         if (rec->selector > selector)
    441. 

  441.             continue;
    442. 

  442.         if (rec->selector < selector)
    443. 

  443.             break;
    444. 

  444.         if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
    445. 

  445.             continue;
    446. 

  446.         break;
    447. 

  447.     }
    448. 

  448. 

  449.     if (!sk_danetls_record_insert(dane->trecs, t, i)) {
    450. 

  450.         tlsa_free(t);
    451. 

  451.         SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
    452. 

  452.         return -1;
    453. 

  453.     }
    454. 

  454.     dane->umask |= DANETLS_USAGE_BIT(usage);
    455. 

  455. 

  456.     return 1;
    457. 

  457. }
    458. 

  458. 

  459. /*
    460. 

  460.  * Return 0 if there is only one version configured and it was disabled
    461. 

  461.  * at configure time.  Return 1 otherwise.
    462. 

  462.  */
    463. 

  463. static int ssl_check_allowed_versions(int min_version, int max_version)
    464. 

  464. {
    465. 

  465.     int minisdtls = 0, maxisdtls = 0;
    466. 

  466. 

  467.     /* Figure out if we're doing DTLS versions or TLS versions */
    468. 

  468.     if (min_version == DTLS1_BAD_VER
    469. 

  469.         || min_version >> 8 == DTLS1_VERSION_MAJOR)
    470. 

  470.         minisdtls = 1;
    471. 

  471.     if (max_version == DTLS1_BAD_VER
    472. 

  472.         || max_version >> 8 == DTLS1_VERSION_MAJOR)
    473. 

  473.         maxisdtls = 1;
    474. 

  474.     /* A wildcard version of 0 could be DTLS or TLS. */
    475. 

  475.     if ((minisdtls && !maxisdtls && max_version != 0)
    476. 

  476.         || (maxisdtls && !minisdtls && min_version != 0)) {
    477. 

  477.         /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
    478. 

  478.         return 0;
    479. 

  479.     }
    480. 

  480. 

  481.     if (minisdtls || maxisdtls) {
    482. 

  482.         /* Do DTLS version checks. */
    483. 

  483.         if (min_version == 0)
    484. 

  484.             /* Ignore DTLS1_BAD_VER */
    485. 

  485.             min_version = DTLS1_VERSION;
    486. 

  486.         if (max_version == 0)
    487. 

  487.             max_version = DTLS1_2_VERSION;
    488. 

  488. #ifdef OPENSSL_NO_DTLS1_2
    489. 

  489.         if (max_version == DTLS1_2_VERSION)
    490. 

  490.             max_version = DTLS1_VERSION;
    491. 

  491. #endif
    492. 

  492. #ifdef OPENSSL_NO_DTLS1
    493. 

  493.         if (min_version == DTLS1_VERSION)
    494. 

  494.             min_version = DTLS1_2_VERSION;
    495. 

  495. #endif
    496. 

  496.         /* Done massaging versions; do the check. */
    497. 

  497.         if (0
    498. 

  498. #ifdef OPENSSL_NO_DTLS1
    499. 

  499.             || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
    500. 

  500.                 && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
    501. 

  501. #endif
    502. 

  502. #ifdef OPENSSL_NO_DTLS1_2
    503. 

  503.             || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
    504. 

  504.                 && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
    505. 

  505. #endif
    506. 

  506.             )
    507. 

  507.             return 0;
    508. 

  508.     } else {
    509. 

  509.         /* Regular TLS version checks. */
    510. 

  510.         if (min_version == 0)
    511. 

  511.             min_version = SSL3_VERSION;
    512. 

  512.         if (max_version == 0)
    513. 

  513.             max_version = TLS1_3_VERSION;
    514. 

  514. #ifdef OPENSSL_NO_TLS1_3
    515. 

  515.         if (max_version == TLS1_3_VERSION)
    516. 

  516.             max_version = TLS1_2_VERSION;
    517. 

  517. #endif
    518. 

  518. #ifdef OPENSSL_NO_TLS1_2
    519. 

  519.         if (max_version == TLS1_2_VERSION)
    520. 

  520.             max_version = TLS1_1_VERSION;
    521. 

  521. #endif
    522. 

  522. #ifdef OPENSSL_NO_TLS1_1
    523. 

  523.         if (max_version == TLS1_1_VERSION)
    524. 

  524.             max_version = TLS1_VERSION;
    525. 

  525. #endif
    526. 

  526. #ifdef OPENSSL_NO_TLS1
    527. 

  527.         if (max_version == TLS1_VERSION)
    528. 

  528.             max_version = SSL3_VERSION;
    529. 

  529. #endif
    530. 

  530. #ifdef OPENSSL_NO_SSL3
    531. 

  531.         if (min_version == SSL3_VERSION)
    532. 

  532.             min_version = TLS1_VERSION;
    533. 

  533. #endif
    534. 

  534. #ifdef OPENSSL_NO_TLS1
    535. 

  535.         if (min_version == TLS1_VERSION)
    536. 

  536.             min_version = TLS1_1_VERSION;
    537. 

  537. #endif
    538. 

  538. #ifdef OPENSSL_NO_TLS1_1
    539. 

  539.         if (min_version == TLS1_1_VERSION)
    540. 

  540.             min_version = TLS1_2_VERSION;
    541. 

  541. #endif
    542. 

  542. #ifdef OPENSSL_NO_TLS1_2
    543. 

  543.         if (min_version == TLS1_2_VERSION)
    544. 

  544.             min_version = TLS1_3_VERSION;
    545. 

  545. #endif
    546. 

  546.         /* Done massaging versions; do the check. */
    547. 

  547.         if (0
    548. 

  548. #ifdef OPENSSL_NO_SSL3
    549. 

  549.             || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
    550. 

  550. #endif
    551. 

  551. #ifdef OPENSSL_NO_TLS1
    552. 

  552.             || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
    553. 

  553. #endif
    554. 

  554. #ifdef OPENSSL_NO_TLS1_1
    555. 

  555.             || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
    556. 

  556. #endif
    557. 

  557. #ifdef OPENSSL_NO_TLS1_2
    558. 

  558.             || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
    559. 

  559. #endif
    560. 

  560. #ifdef OPENSSL_NO_TLS1_3
    561. 

  561.             || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
    562. 

  562. #endif
    563. 

  563.             )
    564. 

  564.             return 0;
    565. 

  565.     }
    566. 

  566.     return 1;
    567. 

  567. }
    568. 

  568. 

  569. static void clear_ciphers(SSL *s)
    570. 

  570. {
    571. 

  571.     /* clear the current cipher */
    572. 

  572.     ssl_clear_cipher_ctx(s);
    573. 

  573.     ssl_clear_hash_ctx(&s->read_hash);
    574. 

  574.     ssl_clear_hash_ctx(&s->write_hash);
    575. 

  575. }
    576. 

  576. 

  577. int SSL_clear(SSL *s)
    578. 

  578. {
    579. 

  579.     if (s->method == NULL) {
    580. 

  580.         SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
    581. 

  581.         return 0;
    582. 

  582.     }
    583. 

  583. 

  584.     if (ssl_clear_bad_session(s)) {
    585. 

  585.         SSL_SESSION_free(s->session);
    586. 

  586.         s->session = NULL;
    587. 

  587.     }
    588. 

  588.     SSL_SESSION_free(s->psksession);
    589. 

  589.     s->psksession = NULL;
    590. 

  590.     OPENSSL_free(s->psksession_id);
    591. 

  591.     s->psksession_id = NULL;
    592. 

  592.     s->psksession_id_len = 0;
    593. 

  593.     s->hello_retry_request = 0;
    594. 

  594.     s->sent_tickets = 0;
    595. 

  595. 

  596.     s->error = 0;
    597. 

  597.     s->hit = 0;
    598. 

  598.     s->shutdown = 0;
    599. 

  599. 

  600.     if (s->renegotiate) {
    601. 

  601.         SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
    602. 

  602.         return 0;
    603. 

  603.     }
    604. 

  604. 

  605.     ossl_statem_clear(s);
    606. 

  606. 

  607.     s->version = s->method->version;
    608. 

  608.     s->client_version = s->version;
    609. 

  609.     s->rwstate = SSL_NOTHING;
    610. 

  610. 

  611.     BUF_MEM_free(s->init_buf);
    612. 

  612.     s->init_buf = NULL;
    613. 

  613.     clear_ciphers(s);
    614. 

  614.     s->first_packet = 0;
    615. 

  615. 

  616.     s->key_update = SSL_KEY_UPDATE_NONE;
    617. 

  617. 

  618.     EVP_MD_CTX_free(s->pha_dgst);
    619. 

  619.     s->pha_dgst = NULL;
    620. 

  620. 

  621.     /* Reset DANE verification result state */
    622. 

  622.     s->dane.mdpth = -1;
    623. 

  623.     s->dane.pdpth = -1;
    624. 

  624.     X509_free(s->dane.mcert);
    625. 

  625.     s->dane.mcert = NULL;
    626. 

  626.     s->dane.mtlsa = NULL;
    627. 

  627. 

  628.     /* Clear the verification result peername */
    629. 

  629.     X509_VERIFY_PARAM_move_peername(s->param, NULL);
    630. 

  630. 

  631.     /* Clear any shared connection state */
    632. 

  632.     OPENSSL_free(s->shared_sigalgs);
    633. 

  633.     s->shared_sigalgs = NULL;
    634. 

  634.     s->shared_sigalgslen = 0;
    635. 

  635. 

  636.     /*
    637. 

  637.      * Check to see if we were changed into a different method, if so, revert
    638. 

  638.      * back.
    639. 

  639.      */
    640. 

  640.     if (s->method != s->ctx->method) {
    641. 

  641.         s->method->ssl_free(s);
    642. 

  642.         s->method = s->ctx->method;
    643. 

  643.         if (!s->method->ssl_new(s))
    644. 

  644.             return 0;
    645. 

  645.     } else {
    646. 

  646.         if (!s->method->ssl_clear(s))
    647. 

  647.             return 0;
    648. 

  648.     }
    649. 

  649. 

  650.     RECORD_LAYER_clear(&s->rlayer);
    651. 

  651. 

  652.     return 1;
    653. 

  653. }
    654. 

  654. 

  655. /** Used to change an SSL_CTXs default SSL method type */
    656. 

  656. int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
    657. 

  657. {
    658. 

  658.     STACK_OF(SSL_CIPHER) *sk;
    659. 

  659. 

  660.     ctx->method = meth;
    661. 

  661. 

  662.     if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) {
    663. 

  663.         SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
    664. 

  664.         return 0;
    665. 

  665.     }
    666. 

  666.     sk = ssl_create_cipher_list(ctx->method,
    667. 

  667.                                 ctx->tls13_ciphersuites,
    668. 

  668.                                 &(ctx->cipher_list),
    669. 

  669.                                 &(ctx->cipher_list_by_id),
    670. 

  670.                                 SSL_DEFAULT_CIPHER_LIST, ctx->cert);
    671. 

  671.     if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
    672. 

  672.         SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
    673. 

  673.         return 0;
    674. 

  674.     }
    675. 

  675.     return 1;
    676. 

  676. }
    677. 

  677. 

  678. SSL *SSL_new(SSL_CTX *ctx)
    679. 

  679. {
    680. 

  680.     SSL *s;
    681. 

  681. 

  682.     if (ctx == NULL) {
    683. 

  683.         SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
    684. 

  684.         return NULL;
    685. 

  685.     }
    686. 

  686.     if (ctx->method == NULL) {
    687. 

  687.         SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
    688. 

  688.         return NULL;
    689. 

  689.     }
    690. 

  690. 

  691.     s = OPENSSL_zalloc(sizeof(*s));
    692. 

  692.     if (s == NULL)
    693. 

  693.         goto err;
    694. 

  694. 

  695.     s->references = 1;
    696. 

  696.     s->lock = CRYPTO_THREAD_lock_new();
    697. 

  697.     if (s->lock == NULL) {
    698. 

  698.         OPENSSL_free(s);
    699. 

  699.         s = NULL;
    700. 

  700.         goto err;
    701. 

  701.     }
    702. 

  702. 

  703.     RECORD_LAYER_init(&s->rlayer, s);
    704. 

  704. 

  705.     s->options = ctx->options;
    706. 

  706.     s->dane.flags = ctx->dane.flags;
    707. 

  707.     s->min_proto_version = ctx->min_proto_version;
    708. 

  708.     s->max_proto_version = ctx->max_proto_version;
    709. 

  709.     s->mode = ctx->mode;
    710. 

  710.     s->max_cert_list = ctx->max_cert_list;
    711. 

  711.     s->max_early_data = ctx->max_early_data;
    712. 

  712.     s->recv_max_early_data = ctx->recv_max_early_data;
    713. 

  713.     s->num_tickets = ctx->num_tickets;
    714. 

  714.     s->pha_enabled = ctx->pha_enabled;
    715. 

  715. 

  716.     /* Shallow copy of the ciphersuites stack */
    717. 

  717.     s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
    718. 

  718.     if (s->tls13_ciphersuites == NULL)
    719. 

  719.         goto err;
    720. 

  720. 

  721.     /*
    722. 

  722.      * Earlier library versions used to copy the pointer to the CERT, not
    723. 

  723.      * its contents; only when setting new parameters for the per-SSL
    724. 

  724.      * copy, ssl_cert_new would be called (and the direct reference to
    725. 

  725.      * the per-SSL_CTX settings would be lost, but those still were
    726. 

  726.      * indirectly accessed for various purposes, and for that reason they
    727. 

  727.      * used to be known as s->ctx->default_cert). Now we don't look at the
    728. 

  728.      * SSL_CTX's CERT after having duplicated it once.
    729. 

  729.      */
    730. 

  730.     s->cert = ssl_cert_dup(ctx->cert);
    731. 

  731.     if (s->cert == NULL)
    732. 

  732.         goto err;
    733. 

  733. 

  734.     RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
    735. 

  735.     s->msg_callback = ctx->msg_callback;
    736. 

  736.     s->msg_callback_arg = ctx->msg_callback_arg;
    737. 

  737.     s->verify_mode = ctx->verify_mode;
    738. 

  738.     s->not_resumable_session_cb = ctx->not_resumable_session_cb;
    739. 

  739.     s->record_padding_cb = ctx->record_padding_cb;
    740. 

  740.     s->record_padding_arg = ctx->record_padding_arg;
    741. 

  741.     s->block_padding = ctx->block_padding;
    742. 

  742.     s->sid_ctx_length = ctx->sid_ctx_length;
    743. 

  743.     if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
    744. 

  744.         goto err;
    745. 

  745.     memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
    746. 

  746.     s->verify_callback = ctx->default_verify_callback;
    747. 

  747.     s->generate_session_id = ctx->generate_session_id;
    748. 

  748. 

  749.     s->param = X509_VERIFY_PARAM_new();
    750. 

  750.     if (s->param == NULL)
    751. 

  751.         goto err;
    752. 

  752.     X509_VERIFY_PARAM_inherit(s->param, ctx->param);
    753. 

  753.     s->quiet_shutdown = ctx->quiet_shutdown;
    754. 

  754. 

  755.     s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
    756. 

  756.     s->max_send_fragment = ctx->max_send_fragment;
    757. 

  757.     s->split_send_fragment = ctx->split_send_fragment;
    758. 

  758.     s->max_pipelines = ctx->max_pipelines;
    759. 

  759.     if (s->max_pipelines > 1)
    760. 

  760.         RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
    761. 

  761.     if (ctx->default_read_buf_len > 0)
    762. 

  762.         SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
    763. 

  763. 

  764.     SSL_CTX_up_ref(ctx);
    765. 

  765.     s->ctx = ctx;
    766. 

  766.     s->ext.debug_cb = 0;
    767. 

  767.     s->ext.debug_arg = NULL;
    768. 

  768.     s->ext.ticket_expected = 0;
    769. 

  769.     s->ext.status_type = ctx->ext.status_type;
    770. 

  770.     s->ext.status_expected = 0;
    771. 

  771.     s->ext.ocsp.ids = NULL;
    772. 

  772.     s->ext.ocsp.exts = NULL;
    773. 

  773.     s->ext.ocsp.resp = NULL;
    774. 

  774.     s->ext.ocsp.resp_len = 0;
    775. 

  775.     SSL_CTX_up_ref(ctx);
    776. 

  776.     s->session_ctx = ctx;
    777. 

  777. #ifndef OPENSSL_NO_EC
    778. 

  778.     if (ctx->ext.ecpointformats) {
    779. 

  779.         s->ext.ecpointformats =
    780. 

  780.             OPENSSL_memdup(ctx->ext.ecpointformats,
    781. 

  781.                            ctx->ext.ecpointformats_len);
    782. 

  782.         if (!s->ext.ecpointformats)
    783. 

  783.             goto err;
    784. 

  784.         s->ext.ecpointformats_len =
    785. 

  785.             ctx->ext.ecpointformats_len;
    786. 

  786.     }
    787. 

  787.     if (ctx->ext.supportedgroups) {
    788. 

  788.         s->ext.supportedgroups =
    789. 

  789.             OPENSSL_memdup(ctx->ext.supportedgroups,
    790. 

  790.                            ctx->ext.supportedgroups_len
    791. 

  791.                                 * sizeof(*ctx->ext.supportedgroups));
    792. 

  792.         if (!s->ext.supportedgroups)
    793. 

  793.             goto err;
    794. 

  794.         s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
    795. 

  795.     }
    796. 

  796. #endif
    797. 

  797. #ifndef OPENSSL_NO_NEXTPROTONEG
    798. 

  798.     s->ext.npn = NULL;
    799. 

  799. #endif
    800. 

  800. 

  801.     if (s->ctx->ext.alpn) {
    802. 

  802.         s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
    803. 

  803.         if (s->ext.alpn == NULL)
    804. 

  804.             goto err;
    805. 

  805.         memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
    806. 

  806.         s->ext.alpn_len = s->ctx->ext.alpn_len;
    807. 

  807.     }
    808. 

  808. 

  809.     s->verified_chain = NULL;
    810. 

  810.     s->verify_result = X509_V_OK;
    811. 

  811. 

  812.     s->default_passwd_callback = ctx->default_passwd_callback;
    813. 

  813.     s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
    814. 

  814. 

  815.     s->method = ctx->method;
    816. 

  816. 

  817.     s->key_update = SSL_KEY_UPDATE_NONE;
    818. 

  818. 

  819.     s->allow_early_data_cb = ctx->allow_early_data_cb;
    820. 

  820.     s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
    821. 

  821. 

  822.     if (!s->method->ssl_new(s))
    823. 

  823.         goto err;
    824. 

  824. 

  825.     s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
    826. 

  826. 

  827.     if (!SSL_clear(s))
    828. 

  828.         goto err;
    829. 

  829. 

  830.     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
    831. 

  831.         goto err;
    832. 

  832. 

  833. #ifndef OPENSSL_NO_PSK
    834. 

  834.     s->psk_client_callback = ctx->psk_client_callback;
    835. 

  835.     s->psk_server_callback = ctx->psk_server_callback;
    836. 

  836. #endif
    837. 

  837.     s->psk_find_session_cb = ctx->psk_find_session_cb;
    838. 

  838.     s->psk_use_session_cb = ctx->psk_use_session_cb;
    839. 

  839. 

  840.     s->job = NULL;
    841. 

  841. 

  842. #ifndef OPENSSL_NO_CT
    843. 

  843.     if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
    844. 

  844.                                         ctx->ct_validation_callback_arg))
    845. 

  845.         goto err;
    846. 

  846. #endif
    847. 

  847. 

  848.     return s;
    849. 

  849.  err:
    850. 

  850.     SSL_free(s);
    851. 

  851.     SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
    852. 

  852.     return NULL;
    853. 

  853. }
    854. 

  854. 

  855. int SSL_is_dtls(const SSL *s)
    856. 

  856. {
    857. 

  857.     return SSL_IS_DTLS(s) ? 1 : 0;
    858. 

  858. }
    859. 

  859. 

  860. int SSL_up_ref(SSL *s)
    861. 

  861. {
    862. 

  862.     int i;
    863. 

  863. 

  864.     if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)
    865. 

  865.         return 0;
    866. 

  866. 

  867.     REF_PRINT_COUNT("SSL", s);
    868. 

  868.     REF_ASSERT_ISNT(i < 2);
    869. 

  869.     return ((i > 1) ? 1 : 0);
    870. 

  870. }
    871. 

  871. 

  872. int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
    873. 

  873.                                    unsigned int sid_ctx_len)
    874. 

  874. {
    875. 

  875.     if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
    876. 

  876.         SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
    877. 

  877.                SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
    878. 

  878.         return 0;
    879. 

  879.     }
    880. 

  880.     ctx->sid_ctx_length = sid_ctx_len;
    881. 

  881.     memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
    882. 

  882. 

  883.     return 1;
    884. 

  884. }
    885. 

  885. 

  886. int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
    887. 

  887.                                unsigned int sid_ctx_len)
    888. 

  888. {
    889. 

  889.     if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
    890. 

  890.         SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
    891. 

  891.                SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
    892. 

  892.         return 0;
    893. 

  893.     }
    894. 

  894.     ssl->sid_ctx_length = sid_ctx_len;
    895. 

  895.     memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
    896. 

  896. 

  897.     return 1;
    898. 

  898. }
    899. 

  899. 

  900. int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
    901. 

  901. {
    902. 

  902.     CRYPTO_THREAD_write_lock(ctx->lock);
    903. 

  903.     ctx->generate_session_id = cb;
    904. 

  904.     CRYPTO_THREAD_unlock(ctx->lock);
    905. 

  905.     return 1;
    906. 

  906. }
    907. 

  907. 

  908. int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
    909. 

  909. {
    910. 

  910.     CRYPTO_THREAD_write_lock(ssl->lock);
    911. 

  911.     ssl->generate_session_id = cb;
    912. 

  912.     CRYPTO_THREAD_unlock(ssl->lock);
    913. 

  913.     return 1;
    914. 

  914. }
    915. 

  915. 

  916. int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
    917. 

  917.                                 unsigned int id_len)
    918. 

  918. {
    919. 

  919.     /*
    920. 

  920.      * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
    921. 

  921.      * we can "construct" a session to give us the desired check - i.e. to
    922. 

  922.      * find if there's a session in the hash table that would conflict with
    923. 

  923.      * any new session built out of this id/id_len and the ssl_version in use
    924. 

  924.      * by this SSL.
    925. 

  925.      */
    926. 

  926.     SSL_SESSION r, *p;
    927. 

  927. 

  928.     if (id_len > sizeof(r.session_id))
    929. 

  929.         return 0;
    930. 

  930. 

  931.     r.ssl_version = ssl->version;
    932. 

  932.     r.session_id_length = id_len;
    933. 

  933.     memcpy(r.session_id, id, id_len);
    934. 

  934. 

  935.     CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
    936. 

  936.     p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
    937. 

  937.     CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
    938. 

  938.     return (p != NULL);
    939. 

  939. }
    940. 

  940. 

  941. int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
    942. 

  942. {
    943. 

  943.     return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
    944. 

  944. }
    945. 

  945. 

  946. int SSL_set_purpose(SSL *s, int purpose)
    947. 

  947. {
    948. 

  948.     return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
    949. 

  949. }
    950. 

  950. 

  951. int SSL_CTX_set_trust(SSL_CTX *s, int trust)
    952. 

  952. {
    953. 

  953.     return X509_VERIFY_PARAM_set_trust(s->param, trust);
    954. 

  954. }
    955. 

  955. 

  956. int SSL_set_trust(SSL *s, int trust)
    957. 

  957. {
    958. 

  958.     return X509_VERIFY_PARAM_set_trust(s->param, trust);
    959. 

  959. }
    960. 

  960. 

  961. int SSL_set1_host(SSL *s, const char *hostname)
    962. 

  962. {
    963. 

  963.     return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
    964. 

  964. }
    965. 

  965. 

  966. int SSL_add1_host(SSL *s, const char *hostname)
    967. 

  967. {
    968. 

  968.     return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
    969. 

  969. }
    970. 

  970. 

  971. void SSL_set_hostflags(SSL *s, unsigned int flags)
    972. 

  972. {
    973. 

  973.     X509_VERIFY_PARAM_set_hostflags(s->param, flags);
    974. 

  974. }
    975. 

  975. 

  976. const char *SSL_get0_peername(SSL *s)
    977. 

  977. {
    978. 

  978.     return X509_VERIFY_PARAM_get0_peername(s->param);
    979. 

  979. }
    980. 

  980. 

  981. int SSL_CTX_dane_enable(SSL_CTX *ctx)
    982. 

  982. {
    983. 

  983.     return dane_ctx_enable(&ctx->dane);
    984. 

  984. }
    985. 

  985. 

  986. unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
    987. 

  987. {
    988. 

  988.     unsigned long orig = ctx->dane.flags;
    989. 

  989. 

  990.     ctx->dane.flags |= flags;
    991. 

  991.     return orig;
    992. 

  992. }
    993. 

  993. 

  994. unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
    995. 

  995. {
    996. 

  996.     unsigned long orig = ctx->dane.flags;
    997. 

  997. 

  998.     ctx->dane.flags &= ~flags;
    999. 

  999.     return orig;
    1000. 

  1000. }
    1001. 

  1001. 

  1002. int SSL_dane_enable(SSL *s, const char *basedomain)
    1003. 

  1003. {
    1004. 

  1004.     SSL_DANE *dane = &s->dane;
    1005. 

  1005. 

  1006.     if (s->ctx->dane.mdmax == 0) {
    1007. 

  1007.         SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
    1008. 

  1008.         return 0;
    1009. 

  1009.     }
    1010. 

  1010.     if (dane->trecs != NULL) {
    1011. 

  1011.         SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);
    1012. 

  1012.         return 0;
    1013. 

  1013.     }
    1014. 

  1014. 

  1015.     /*
    1016. 

  1016.      * Default SNI name.  This rejects empty names, while set1_host below
    1017. 

  1017.      * accepts them and disables host name checks.  To avoid side-effects with
    1018. 

  1018.      * invalid input, set the SNI name first.
    1019. 

  1019.      */
    1020. 

  1020.     if (s->ext.hostname == NULL) {
    1021. 

  1021.         if (!SSL_set_tlsext_host_name(s, basedomain)) {
    1022. 

  1022.             SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
    1023. 

  1023.             return -1;
    1024. 

  1024.         }
    1025. 

  1025.     }
    1026. 

  1026. 

  1027.     /* Primary RFC6125 reference identifier */
    1028. 

  1028.     if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
    1029. 

  1029.         SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
    1030. 

  1030.         return -1;
    1031. 

  1031.     }
    1032. 

  1032. 

  1033.     dane->mdpth = -1;
    1034. 

  1034.     dane->pdpth = -1;
    1035. 

  1035.     dane->dctx = &s->ctx->dane;
    1036. 

  1036.     dane->trecs = sk_danetls_record_new_null();
    1037. 

  1037. 

  1038.     if (dane->trecs == NULL) {
    1039. 

  1039.         SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);
    1040. 

  1040.         return -1;
    1041. 

  1041.     }
    1042. 

  1042.     return 1;
    1043. 

  1043. }
    1044. 

  1044. 

  1045. unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
    1046. 

  1046. {
    1047. 

  1047.     unsigned long orig = ssl->dane.flags;
    1048. 

  1048. 

  1049.     ssl->dane.flags |= flags;
    1050. 

  1050.     return orig;
    1051. 

  1051. }
    1052. 

  1052. 

  1053. unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
    1054. 

  1054. {
    1055. 

  1055.     unsigned long orig = ssl->dane.flags;
    1056. 

  1056. 

  1057.     ssl->dane.flags &= ~flags;
    1058. 

  1058.     return orig;
    1059. 

  1059. }
    1060. 

  1060. 

  1061. int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
    1062. 

  1062. {
    1063. 

  1063.     SSL_DANE *dane = &s->dane;
    1064. 

  1064. 

  1065.     if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
    1066. 

  1066.         return -1;
    1067. 

  1067.     if (dane->mtlsa) {
    1068. 

  1068.         if (mcert)
    1069. 

  1069.             *mcert = dane->mcert;
    1070. 

  1070.         if (mspki)
    1071. 

  1071.             *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
    1072. 

  1072.     }
    1073. 

  1073.     return dane->mdpth;
    1074. 

  1074. }
    1075. 

  1075. 

  1076. int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
    1077. 

  1077.                        uint8_t *mtype, unsigned const char **data, size_t *dlen)
    1078. 

  1078. {
    1079. 

  1079.     SSL_DANE *dane = &s->dane;
    1080. 

  1080. 

  1081.     if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
    1082. 

  1082.         return -1;
    1083. 

  1083.     if (dane->mtlsa) {
    1084. 

  1084.         if (usage)
    1085. 

  1085.             *usage = dane->mtlsa->usage;
    1086. 

  1086.         if (selector)
    1087. 

  1087.             *selector = dane->mtlsa->selector;
    1088. 

  1088.         if (mtype)
    1089. 

  1089.             *mtype = dane->mtlsa->mtype;
    1090. 

  1090.         if (data)
    1091. 

  1091.             *data = dane->mtlsa->data;
    1092. 

  1092.         if (dlen)
    1093. 

  1093.             *dlen = dane->mtlsa->dlen;
    1094. 

  1094.     }
    1095. 

  1095.     return dane->mdpth;
    1096. 

  1096. }
    1097. 

  1097. 

  1098. SSL_DANE *SSL_get0_dane(SSL *s)
    1099. 

  1099. {
    1100. 

  1100.     return &s->dane;
    1101. 

  1101. }
    1102. 

  1102. 

  1103. int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
    1104. 

  1104.                       uint8_t mtype, unsigned const char *data, size_t dlen)
    1105. 

  1105. {
    1106. 

  1106.     return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
    1107. 

  1107. }
    1108. 

  1108. 

  1109. int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
    1110. 

  1110.                            uint8_t ord)
    1111. 

  1111. {
    1112. 

  1112.     return dane_mtype_set(&ctx->dane, md, mtype, ord);
    1113. 

  1113. }
    1114. 

  1114. 

  1115. int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
    1116. 

  1116. {
    1117. 

  1117.     return X509_VERIFY_PARAM_set1(ctx->param, vpm);
    1118. 

  1118. }
    1119. 

  1119. 

  1120. int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
    1121. 

  1121. {
    1122. 

  1122.     return X509_VERIFY_PARAM_set1(ssl->param, vpm);
    1123. 

  1123. }
    1124. 

  1124. 

  1125. X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
    1126. 

  1126. {
    1127. 

  1127.     return ctx->param;
    1128. 

  1128. }
    1129. 

  1129. 

  1130. X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
    1131. 

  1131. {
    1132. 

  1132.     return ssl->param;
    1133. 

  1133. }
    1134. 

  1134. 

  1135. void SSL_certs_clear(SSL *s)
    1136. 

  1136. {
    1137. 

  1137.     ssl_cert_clear_certs(s->cert);
    1138. 

  1138. }
    1139. 

  1139. 

  1140. void SSL_free(SSL *s)
    1141. 

  1141. {
    1142. 

  1142.     int i;
    1143. 

  1143. 

  1144.     if (s == NULL)
    1145. 

  1145.         return;
    1146. 

  1146.     CRYPTO_DOWN_REF(&s->references, &i, s->lock);
    1147. 

  1147.     REF_PRINT_COUNT("SSL", s);
    1148. 

  1148.     if (i > 0)
    1149. 

  1149.         return;
    1150. 

  1150.     REF_ASSERT_ISNT(i < 0);
    1151. 

  1151. 

  1152.     X509_VERIFY_PARAM_free(s->param);
    1153. 

  1153.     dane_final(&s->dane);
    1154. 

  1154.     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
    1155. 

  1155. 

  1156.     /* Ignore return value */
    1157. 

  1157.     ssl_free_wbio_buffer(s);
    1158. 

  1158. 

  1159.     BIO_free_all(s->wbio);
    1160. 

  1160.     BIO_free_all(s->rbio);
    1161. 

  1161. 

  1162.     BUF_MEM_free(s->init_buf);
    1163. 

  1163. 

  1164.     /* add extra stuff */
    1165. 

  1165.     sk_SSL_CIPHER_free(s->cipher_list);
    1166. 

  1166.     sk_SSL_CIPHER_free(s->cipher_list_by_id);
    1167. 

  1167.     sk_SSL_CIPHER_free(s->tls13_ciphersuites);
    1168. 

  1168.     sk_SSL_CIPHER_free(s->peer_ciphers);
    1169. 

  1169. 

  1170.     /* Make the next call work :-) */
    1171. 

  1171.     if (s->session != NULL) {
    1172. 

  1172.         ssl_clear_bad_session(s);
    1173. 

  1173.         SSL_SESSION_free(s->session);
    1174. 

  1174.     }
    1175. 

  1175.     SSL_SESSION_free(s->psksession);
    1176. 

  1176.     OPENSSL_free(s->psksession_id);
    1177. 

  1177. 

  1178.     clear_ciphers(s);
    1179. 

  1179. 

  1180.     ssl_cert_free(s->cert);
    1181. 

  1181.     OPENSSL_free(s->shared_sigalgs);
    1182. 

  1182.     /* Free up if allocated */
    1183. 

  1183. 

  1184.     OPENSSL_free(s->ext.hostname);
    1185. 

  1185.     SSL_CTX_free(s->session_ctx);
    1186. 

  1186. #ifndef OPENSSL_NO_EC
    1187. 

  1187.     OPENSSL_free(s->ext.ecpointformats);
    1188. 

  1188.     OPENSSL_free(s->ext.peer_ecpointformats);
    1189. 

  1189.     OPENSSL_free(s->ext.supportedgroups);
    1190. 

  1190.     OPENSSL_free(s->ext.peer_supportedgroups);
    1191. 

  1191. #endif                          /* OPENSSL_NO_EC */
    1192. 

  1192.     sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
    1193. 

  1193. #ifndef OPENSSL_NO_OCSP
    1194. 

  1194.     sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
    1195. 

  1195. #endif
    1196. 

  1196. #ifndef OPENSSL_NO_CT
    1197. 

  1197.     SCT_LIST_free(s->scts);
    1198. 

  1198.     OPENSSL_free(s->ext.scts);
    1199. 

  1199. #endif
    1200. 

  1200.     OPENSSL_free(s->ext.ocsp.resp);
    1201. 

  1201.     OPENSSL_free(s->ext.alpn);
    1202. 

  1202.     OPENSSL_free(s->ext.tls13_cookie);
    1203. 

  1203.     if (s->clienthello != NULL)
    1204. 

  1204.         OPENSSL_free(s->clienthello->pre_proc_exts);
    1205. 

  1205.     OPENSSL_free(s->clienthello);
    1206. 

  1206.     OPENSSL_free(s->pha_context);
    1207. 

  1207.     EVP_MD_CTX_free(s->pha_dgst);
    1208. 

  1208. 

  1209.     sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
    1210. 

  1210.     sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
    1211. 

  1211. 

  1212.     sk_X509_pop_free(s->verified_chain, X509_free);
    1213. 

  1213. 

  1214.     if (s->method != NULL)
    1215. 

  1215.         s->method->ssl_free(s);
    1216. 

  1216. 

  1217.     RECORD_LAYER_release(&s->rlayer);
    1218. 

  1218. 

  1219.     SSL_CTX_free(s->ctx);
    1220. 

  1220. 

  1221.     ASYNC_WAIT_CTX_free(s->waitctx);
    1222. 

  1222. 

  1223. #if !defined(OPENSSL_NO_NEXTPROTONEG)
    1224. 

  1224.     OPENSSL_free(s->ext.npn);
    1225. 

  1225. #endif
    1226. 

  1226. 

  1227. #ifndef OPENSSL_NO_SRTP
    1228. 

  1228.     sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
    1229. 

  1229. #endif
    1230. 

  1230. 

  1231.     CRYPTO_THREAD_lock_free(s->lock);
    1232. 

  1232. 

  1233.     OPENSSL_free(s);
    1234. 

  1234. }
    1235. 

  1235. 

  1236. void SSL_set0_rbio(SSL *s, BIO *rbio)
    1237. 

  1237. {
    1238. 

  1238.     BIO_free_all(s->rbio);
    1239. 

  1239.     s->rbio = rbio;
    1240. 

  1240. }
    1241. 

  1241. 

  1242. void SSL_set0_wbio(SSL *s, BIO *wbio)
    1243. 

  1243. {
    1244. 

  1244.     /*
    1245. 

  1245.      * If the output buffering BIO is still in place, remove it
    1246. 

  1246.      */
    1247. 

  1247.     if (s->bbio != NULL)
    1248. 

  1248.         s->wbio = BIO_pop(s->wbio);
    1249. 

  1249. 

  1250.     BIO_free_all(s->wbio);
    1251. 

  1251.     s->wbio = wbio;
    1252. 

  1252. 

  1253.     /* Re-attach |bbio| to the new |wbio|. */
    1254. 

  1254.     if (s->bbio != NULL)
    1255. 

  1255.         s->wbio = BIO_push(s->bbio, s->wbio);
    1256. 

  1256. }
    1257. 

  1257. 

  1258. void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
    1259. 

  1259. {
    1260. 

  1260.     /*
    1261. 

  1261.      * For historical reasons, this function has many different cases in
    1262. 

  1262.      * ownership handling.
    1263. 

  1263.      */
    1264. 

  1264. 

  1265.     /* If nothing has changed, do nothing */
    1266. 

  1266.     if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
    1267. 

  1267.         return;
    1268. 

  1268. 

  1269.     /*
    1270. 

  1270.      * If the two arguments are equal then one fewer reference is granted by the
    1271. 

  1271.      * caller than we want to take
    1272. 

  1272.      */
    1273. 

  1273.     if (rbio != NULL && rbio == wbio)
    1274. 

  1274.         BIO_up_ref(rbio);
    1275. 

  1275. 

  1276.     /*
    1277. 

  1277.      * If only the wbio is changed only adopt one reference.
    1278. 

  1278.      */
    1279. 

  1279.     if (rbio == SSL_get_rbio(s)) {
    1280. 

  1280.         SSL_set0_wbio(s, wbio);
    1281. 

  1281.         return;
    1282. 

  1282.     }
    1283. 

  1283.     /*
    1284. 

  1284.      * There is an asymmetry here for historical reasons. If only the rbio is
    1285. 

  1285.      * changed AND the rbio and wbio were originally different, then we only
    1286. 

  1286.      * adopt one reference.
    1287. 

  1287.      */
    1288. 

  1288.     if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
    1289. 

  1289.         SSL_set0_rbio(s, rbio);
    1290. 

  1290.         return;
    1291. 

  1291.     }
    1292. 

  1292. 

  1293.     /* Otherwise, adopt both references. */
    1294. 

  1294.     SSL_set0_rbio(s, rbio);
    1295. 

  1295.     SSL_set0_wbio(s, wbio);
    1296. 

  1296. }
    1297. 

  1297. 

  1298. BIO *SSL_get_rbio(const SSL *s)
    1299. 

  1299. {
    1300. 

  1300.     return s->rbio;
    1301. 

  1301. }
    1302. 

  1302. 

  1303. BIO *SSL_get_wbio(const SSL *s)
    1304. 

  1304. {
    1305. 

  1305.     if (s->bbio != NULL) {
    1306. 

  1306.         /*
    1307. 

  1307.          * If |bbio| is active, the true caller-configured BIO is its
    1308. 

  1308.          * |next_bio|.
    1309. 

  1309.          */
    1310. 

  1310.         return BIO_next(s->bbio);
    1311. 

  1311.     }
    1312. 

  1312.     return s->wbio;
    1313. 

  1313. }
    1314. 

  1314. 

  1315. int SSL_get_fd(const SSL *s)
    1316. 

  1316. {
    1317. 

  1317.     return SSL_get_rfd(s);
    1318. 

  1318. }
    1319. 

  1319. 

  1320. int SSL_get_rfd(const SSL *s)
    1321. 

  1321. {
    1322. 

  1322.     int ret = -1;
    1323. 

  1323.     BIO *b, *r;
    1324. 

  1324. 

  1325.     b = SSL_get_rbio(s);
    1326. 

  1326.     r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
    1327. 

  1327.     if (r != NULL)
    1328. 

  1328.         BIO_get_fd(r, &ret);
    1329. 

  1329.     return ret;
    1330. 

  1330. }
    1331. 

  1331. 

  1332. int SSL_get_wfd(const SSL *s)
    1333. 

  1333. {
    1334. 

  1334.     int ret = -1;
    1335. 

  1335.     BIO *b, *r;
    1336. 

  1336. 

  1337.     b = SSL_get_wbio(s);
    1338. 

  1338.     r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
    1339. 

  1339.     if (r != NULL)
    1340. 

  1340.         BIO_get_fd(r, &ret);
    1341. 

  1341.     return ret;
    1342. 

  1342. }
    1343. 

  1343. 

  1344. #ifndef OPENSSL_NO_SOCK
    1345. 

  1345. int SSL_set_fd(SSL *s, int fd)
    1346. 

  1346. {
    1347. 

  1347.     int ret = 0;
    1348. 

  1348.     BIO *bio = NULL;
    1349. 

  1349. 

  1350.     bio = BIO_new(BIO_s_socket());
    1351. 

  1351. 

  1352.     if (bio == NULL) {
    1353. 

  1353.         SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
    1354. 

  1354.         goto err;
    1355. 

  1355.     }
    1356. 

  1356.     BIO_set_fd(bio, fd, BIO_NOCLOSE);
    1357. 

  1357.     SSL_set_bio(s, bio, bio);
    1358. 

  1358.     ret = 1;
    1359. 

  1359.  err:
    1360. 

  1360.     return ret;
    1361. 

  1361. }
    1362. 

  1362. 

  1363. int SSL_set_wfd(SSL *s, int fd)
    1364. 

  1364. {
    1365. 

  1365.     BIO *rbio = SSL_get_rbio(s);
    1366. 

  1366. 

  1367.     if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
    1368. 

  1368.         || (int)BIO_get_fd(rbio, NULL) != fd) {
    1369. 

  1369.         BIO *bio = BIO_new(BIO_s_socket());
    1370. 

  1370. 

  1371.         if (bio == NULL) {
    1372. 

  1372.             SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
    1373. 

  1373.             return 0;
    1374. 

  1374.         }
    1375. 

  1375.         BIO_set_fd(bio, fd, BIO_NOCLOSE);
    1376. 

  1376.         SSL_set0_wbio(s, bio);
    1377. 

  1377.     } else {
    1378. 

  1378.         BIO_up_ref(rbio);
    1379. 

  1379.         SSL_set0_wbio(s, rbio);
    1380. 

  1380.     }
    1381. 

  1381.     return 1;
    1382. 

  1382. }
    1383. 

  1383. 

  1384. int SSL_set_rfd(SSL *s, int fd)
    1385. 

  1385. {
    1386. 

  1386.     BIO *wbio = SSL_get_wbio(s);
    1387. 

  1387. 

  1388.     if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
    1389. 

  1389.         || ((int)BIO_get_fd(wbio, NULL) != fd)) {
    1390. 

  1390.         BIO *bio = BIO_new(BIO_s_socket());
    1391. 

  1391. 

  1392.         if (bio == NULL) {
    1393. 

  1393.             SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
    1394. 

  1394.             return 0;
    1395. 

  1395.         }
    1396. 

  1396.         BIO_set_fd(bio, fd, BIO_NOCLOSE);
    1397. 

  1397.         SSL_set0_rbio(s, bio);
    1398. 

  1398.     } else {
    1399. 

  1399.         BIO_up_ref(wbio);
    1400. 

  1400.         SSL_set0_rbio(s, wbio);
    1401. 

  1401.     }
    1402. 

  1402. 

  1403.     return 1;
    1404. 

  1404. }
    1405. 

  1405. #endif
    1406. 

  1406. 

  1407. /* return length of latest Finished message we sent, copy to 'buf' */
    1408. 

  1408. size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
    1409. 

  1409. {
    1410. 

  1410.     size_t ret = 0;
    1411. 

  1411. 

  1412.     if (s->s3 != NULL) {
    1413. 

  1413.         ret = s->s3->tmp.finish_md_len;
    1414. 

  1414.         if (count > ret)
    1415. 

  1415.             count = ret;
    1416. 

  1416.         memcpy(buf, s->s3->tmp.finish_md, count);
    1417. 

  1417.     }
    1418. 

  1418.     return ret;
    1419. 

  1419. }
    1420. 

  1420. 

  1421. /* return length of latest Finished message we expected, copy to 'buf' */
    1422. 

  1422. size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
    1423. 

  1423. {
    1424. 

  1424.     size_t ret = 0;
    1425. 

  1425. 

  1426.     if (s->s3 != NULL) {
    1427. 

  1427.         ret = s->s3->tmp.peer_finish_md_len;
    1428. 

  1428.         if (count > ret)
    1429. 

  1429.             count = ret;
    1430. 

  1430.         memcpy(buf, s->s3->tmp.peer_finish_md, count);
    1431. 

  1431.     }
    1432. 

  1432.     return ret;
    1433. 

  1433. }
    1434. 

  1434. 

  1435. int SSL_get_verify_mode(const SSL *s)
    1436. 

  1436. {
    1437. 

  1437.     return s->verify_mode;
    1438. 

  1438. }
    1439. 

  1439. 

  1440. int SSL_get_verify_depth(const SSL *s)
    1441. 

  1441. {
    1442. 

  1442.     return X509_VERIFY_PARAM_get_depth(s->param);
    1443. 

  1443. }
    1444. 

  1444. 

  1445. int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
    1446. 

  1446.     return s->verify_callback;
    1447. 

  1447. }
    1448. 

  1448. 

  1449. int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
    1450. 

  1450. {
    1451. 

  1451.     return ctx->verify_mode;
    1452. 

  1452. }
    1453. 

  1453. 

  1454. int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
    1455. 

  1455. {
    1456. 

  1456.     return X509_VERIFY_PARAM_get_depth(ctx->param);
    1457. 

  1457. }
    1458. 

  1458. 

  1459. int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
    1460. 

  1460.     return ctx->default_verify_callback;
    1461. 

  1461. }
    1462. 

  1462. 

  1463. void SSL_set_verify(SSL *s, int mode,
    1464. 

  1464.                     int (*callback) (int ok, X509_STORE_CTX *ctx))
    1465. 

  1465. {
    1466. 

  1466.     s->verify_mode = mode;
    1467. 

  1467.     if (callback != NULL)
    1468. 

  1468.         s->verify_callback = callback;
    1469. 

  1469. }
    1470. 

  1470. 

  1471. void SSL_set_verify_depth(SSL *s, int depth)
    1472. 

  1472. {
    1473. 

  1473.     X509_VERIFY_PARAM_set_depth(s->param, depth);
    1474. 

  1474. }
    1475. 

  1475. 

  1476. void SSL_set_read_ahead(SSL *s, int yes)
    1477. 

  1477. {
    1478. 

  1478.     RECORD_LAYER_set_read_ahead(&s->rlayer, yes);
    1479. 

  1479. }
    1480. 

  1480. 

  1481. int SSL_get_read_ahead(const SSL *s)
    1482. 

  1482. {
    1483. 

  1483.     return RECORD_LAYER_get_read_ahead(&s->rlayer);
    1484. 

  1484. }
    1485. 

  1485. 

  1486. int SSL_pending(const SSL *s)
    1487. 

  1487. {
    1488. 

  1488.     size_t pending = s->method->ssl_pending(s);
    1489. 

  1489. 

  1490.     /*
    1491. 

  1491.      * SSL_pending cannot work properly if read-ahead is enabled
    1492. 

  1492.      * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
    1493. 

  1493.      * impossible to fix since SSL_pending cannot report errors that may be
    1494. 

  1494.      * observed while scanning the new data. (Note that SSL_pending() is
    1495. 

  1495.      * often used as a boolean value, so we'd better not return -1.)
    1496. 

  1496.      *
    1497. 

  1497.      * SSL_pending also cannot work properly if the value >INT_MAX. In that case
    1498. 

  1498.      * we just return INT_MAX.
    1499. 

  1499.      */
    1500. 

  1500.     return pending < INT_MAX ? (int)pending : INT_MAX;
    1501. 

  1501. }
    1502. 

  1502. 

  1503. int SSL_has_pending(const SSL *s)
    1504. 

  1504. {
    1505. 

  1505.     /*
    1506. 

  1506.      * Similar to SSL_pending() but returns a 1 to indicate that we have
    1507. 

  1507.      * unprocessed data available or 0 otherwise (as opposed to the number of
    1508. 

  1508.      * bytes available). Unlike SSL_pending() this will take into account
    1509. 

  1509.      * read_ahead data. A 1 return simply indicates that we have unprocessed
    1510. 

  1510.      * data. That data may not result in any application data, or we may fail
    1511. 

  1511.      * to parse the records for some reason.
    1512. 

  1512.      */
    1513. 

  1513.     if (RECORD_LAYER_processed_read_pending(&s->rlayer))
    1514. 

  1514.         return 1;
    1515. 

  1515. 

  1516.     return RECORD_LAYER_read_pending(&s->rlayer);
    1517. 

  1517. }
    1518. 

  1518. 

  1519. X509 *SSL_get_peer_certificate(const SSL *s)
    1520. 

  1520. {
    1521. 

  1521.     X509 *r;
    1522. 

  1522. 

  1523.     if ((s == NULL) || (s->session == NULL))
    1524. 

  1524.         r = NULL;
    1525. 

  1525.     else
    1526. 

  1526.         r = s->session->peer;
    1527. 

  1527. 

  1528.     if (r == NULL)
    1529. 

  1529.         return r;
    1530. 

  1530. 

  1531.     X509_up_ref(r);
    1532. 

  1532. 

  1533.     return r;
    1534. 

  1534. }
    1535. 

  1535. 

  1536. STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
    1537. 

  1537. {
    1538. 

  1538.     STACK_OF(X509) *r;
    1539. 

  1539. 

  1540.     if ((s == NULL) || (s->session == NULL))
    1541. 

  1541.         r = NULL;
    1542. 

  1542.     else
    1543. 

  1543.         r = s->session->peer_chain;
    1544. 

  1544. 

  1545.     /*
    1546. 

  1546.      * If we are a client, cert_chain includes the peer's own certificate; if
    1547. 

  1547.      * we are a server, it does not.
    1548. 

  1548.      */
    1549. 

  1549. 

  1550.     return r;
    1551. 

  1551. }
    1552. 

  1552. 

  1553. /*
    1554. 

  1554.  * Now in theory, since the calling process own 't' it should be safe to
    1555. 

  1555.  * modify.  We need to be able to read f without being hassled
    1556. 

  1556.  */
    1557. 

  1557. int SSL_copy_session_id(SSL *t, const SSL *f)
    1558. 

  1558. {
    1559. 

  1559.     int i;
    1560. 

  1560.     /* Do we need to to SSL locking? */
    1561. 

  1561.     if (!SSL_set_session(t, SSL_get_session(f))) {
    1562. 

  1562.         return 0;
    1563. 

  1563.     }
    1564. 

  1564. 

  1565.     /*
    1566. 

  1566.      * what if we are setup for one protocol version but want to talk another
    1567. 

  1567.      */
    1568. 

  1568.     if (t->method != f->method) {
    1569. 

  1569.         t->method->ssl_free(t);
    1570. 

  1570.         t->method = f->method;
    1571. 

  1571.         if (t->method->ssl_new(t) == 0)
    1572. 

  1572.             return 0;
    1573. 

  1573.     }
    1574. 

  1574. 

  1575.     CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock);
    1576. 

  1576.     ssl_cert_free(t->cert);
    1577. 

  1577.     t->cert = f->cert;
    1578. 

  1578.     if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) {
    1579. 

  1579.         return 0;
    1580. 

  1580.     }
    1581. 

  1581. 

  1582.     return 1;
    1583. 

  1583. }
    1584. 

  1584. 

  1585. /* Fix this so it checks all the valid key/cert options */
    1586. 

  1586. int SSL_CTX_check_private_key(const SSL_CTX *ctx)
    1587. 

  1587. {
    1588. 

  1588.     if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
    1589. 

  1589.         SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
    1590. 

  1590.         return 0;
    1591. 

  1591.     }
    1592. 

  1592.     if (ctx->cert->key->privatekey == NULL) {
    1593. 

  1593.         SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
    1594. 

  1594.         return 0;
    1595. 

  1595.     }
    1596. 

  1596.     return X509_check_private_key
    1597. 

  1597.             (ctx->cert->key->x509, ctx->cert->key->privatekey);
    1598. 

  1598. }
    1599. 

  1599. 

  1600. /* Fix this function so that it takes an optional type parameter */
    1601. 

  1601. int SSL_check_private_key(const SSL *ssl)
    1602. 

  1602. {
    1603. 

  1603.     if (ssl == NULL) {
    1604. 

  1604.         SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
    1605. 

  1605.         return 0;
    1606. 

  1606.     }
    1607. 

  1607.     if (ssl->cert->key->x509 == NULL) {
    1608. 

  1608.         SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
    1609. 

  1609.         return 0;
    1610. 

  1610.     }
    1611. 

  1611.     if (ssl->cert->key->privatekey == NULL) {
    1612. 

  1612.         SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
    1613. 

  1613.         return 0;
    1614. 

  1614.     }
    1615. 

  1615.     return X509_check_private_key(ssl->cert->key->x509,
    1616. 

  1616.                                    ssl->cert->key->privatekey);
    1617. 

  1617. }
    1618. 

  1618. 

  1619. int SSL_waiting_for_async(SSL *s)
    1620. 

  1620. {
    1621. 

  1621.     if (s->job)
    1622. 

  1622.         return 1;
    1623. 

  1623. 

  1624.     return 0;
    1625. 

  1625. }
    1626. 

  1626. 

  1627. int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
    1628. 

  1628. {
    1629. 

  1629.     ASYNC_WAIT_CTX *ctx = s->waitctx;
    1630. 

  1630. 

  1631.     if (ctx == NULL)
    1632. 

  1632.         return 0;
    1633. 

  1633.     return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
    1634. 

  1634. }
    1635. 

  1635. 

  1636. int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
    1637. 

  1637.                               OSSL_ASYNC_FD *delfd, size_t *numdelfds)
    1638. 

  1638. {
    1639. 

  1639.     ASYNC_WAIT_CTX *ctx = s->waitctx;
    1640. 

  1640. 

  1641.     if (ctx == NULL)
    1642. 

  1642.         return 0;
    1643. 

  1643.     return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
    1644. 

  1644.                                           numdelfds);
    1645. 

  1645. }
    1646. 

  1646. 

  1647. int SSL_accept(SSL *s)
    1648. 

  1648. {
    1649. 

  1649.     if (s->handshake_func == NULL) {
    1650. 

  1650.         /* Not properly initialized yet */
    1651. 

  1651.         SSL_set_accept_state(s);
    1652. 

  1652.     }
    1653. 

  1653. 

  1654.     return SSL_do_handshake(s);
    1655. 

  1655. }
    1656. 

  1656. 

  1657. int SSL_connect(SSL *s)
    1658. 

  1658. {
    1659. 

  1659.     if (s->handshake_func == NULL) {
    1660. 

  1660.         /* Not properly initialized yet */
    1661. 

  1661.         SSL_set_connect_state(s);
    1662. 

  1662.     }
    1663. 

  1663. 

  1664.     return SSL_do_handshake(s);
    1665. 

  1665. }
    1666. 

  1666. 

  1667. long SSL_get_default_timeout(const SSL *s)
    1668. 

  1668. {
    1669. 

  1669.     return s->method->get_timeout();
    1670. 

  1670. }
    1671. 

  1671. 

  1672. static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
    1673. 

  1673.                                int (*func) (void *))
    1674. 

  1674. {
    1675. 

  1675.     int ret;
    1676. 

  1676.     if (s->waitctx == NULL) {
    1677. 

  1677.         s->waitctx = ASYNC_WAIT_CTX_new();
    1678. 

  1678.         if (s->waitctx == NULL)
    1679. 

  1679.             return -1;
    1680. 

  1680.     }
    1681. 

  1681.     switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
    1682. 

  1682.                             sizeof(struct ssl_async_args))) {
    1683. 

  1683.     case ASYNC_ERR:
    1684. 

  1684.         s->rwstate = SSL_NOTHING;
    1685. 

  1685.         SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
    1686. 

  1686.         return -1;
    1687. 

  1687.     case ASYNC_PAUSE:
    1688. 

  1688.         s->rwstate = SSL_ASYNC_PAUSED;
    1689. 

  1689.         return -1;
    1690. 

  1690.     case ASYNC_NO_JOBS:
    1691. 

  1691.         s->rwstate = SSL_ASYNC_NO_JOBS;
    1692. 

  1692.         return -1;
    1693. 

  1693.     case ASYNC_FINISH:
    1694. 

  1694.         s->job = NULL;
    1695. 

  1695.         return ret;
    1696. 

  1696.     default:
    1697. 

  1697.         s->rwstate = SSL_NOTHING;
    1698. 

  1698.         SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
    1699. 

  1699.         /* Shouldn't happen */
    1700. 

  1700.         return -1;
    1701. 

  1701.     }
    1702. 

  1702. }
    1703. 

  1703. 

  1704. static int ssl_io_intern(void *vargs)
    1705. 

  1705. {
    1706. 

  1706.     struct ssl_async_args *args;
    1707. 

  1707.     SSL *s;
    1708. 

  1708.     void *buf;
    1709. 

  1709.     size_t num;
    1710. 

  1710. 

  1711.     args = (struct ssl_async_args *)vargs;
    1712. 

  1712.     s = args->s;
    1713. 

  1713.     buf = args->buf;
    1714. 

  1714.     num = args->num;
    1715. 

  1715.     switch (args->type) {
    1716. 

  1716.     case READFUNC:
    1717. 

  1717.         return args->f.func_read(s, buf, num, &s->asyncrw);
    1718. 

  1718.     case WRITEFUNC:
    1719. 

  1719.         return args->f.func_write(s, buf, num, &s->asyncrw);
    1720. 

  1720.     case OTHERFUNC:
    1721. 

  1721.         return args->f.func_other(s);
    1722. 

  1722.     }
    1723. 

  1723.     return -1;
    1724. 

  1724. }
    1725. 

  1725. 

  1726. int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
    1727. 

  1727. {
    1728. 

  1728.     if (s->handshake_func == NULL) {
    1729. 

  1729.         SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED);
    1730. 

  1730.         return -1;
    1731. 

  1731.     }
    1732. 

  1732. 

  1733.     if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
    1734. 

  1734.         s->rwstate = SSL_NOTHING;
    1735. 

  1735.         return 0;
    1736. 

  1736.     }
    1737. 

  1737. 

  1738.     if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
    1739. 

  1739.                 || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
    1740. 

  1740.         SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    1741. 

  1741.         return 0;
    1742. 

  1742.     }
    1743. 

  1743.     /*
    1744. 

  1744.      * If we are a client and haven't received the ServerHello etc then we
    1745. 

  1745.      * better do that
    1746. 

  1746.      */
    1747. 

  1747.     ossl_statem_check_finish_init(s, 0);
    1748. 

  1748. 

  1749.     if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
    1750. 

  1750.         struct ssl_async_args args;
    1751. 

  1751.         int ret;
    1752. 

  1752. 

  1753.         args.s = s;
    1754. 

  1754.         args.buf = buf;
    1755. 

  1755.         args.num = num;
    1756. 

  1756.         args.type = READFUNC;
    1757. 

  1757.         args.f.func_read = s->method->ssl_read;
    1758. 

  1758. 

  1759.         ret = ssl_start_async_job(s, &args, ssl_io_intern);
    1760. 

  1760.         *readbytes = s->asyncrw;
    1761. 

  1761.         return ret;
    1762. 

  1762.     } else {
    1763. 

  1763.         return s->method->ssl_read(s, buf, num, readbytes);
    1764. 

  1764.     }
    1765. 

  1765. }
    1766. 

  1766. 

  1767. int SSL_read(SSL *s, void *buf, int num)
    1768. 

  1768. {
    1769. 

  1769.     int ret;
    1770. 

  1770.     size_t readbytes;
    1771. 

  1771. 

  1772.     if (num < 0) {
    1773. 

  1773.         SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
    1774. 

  1774.         return -1;
    1775. 

  1775.     }
    1776. 

  1776. 

  1777.     ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
    1778. 

  1778. 

  1779.     /*
    1780. 

  1780.      * The cast is safe here because ret should be <= INT_MAX because num is
    1781. 

  1781.      * <= INT_MAX
    1782. 

  1782.      */
    1783. 

  1783.     if (ret > 0)
    1784. 

  1784.         ret = (int)readbytes;
    1785. 

  1785. 

  1786.     return ret;
    1787. 

  1787. }
    1788. 

  1788. 

  1789. int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
    1790. 

  1790. {
    1791. 

  1791.     int ret = ssl_read_internal(s, buf, num, readbytes);
    1792. 

  1792. 

  1793.     if (ret < 0)
    1794. 

  1794.         ret = 0;
    1795. 

  1795.     return ret;
    1796. 

  1796. }
    1797. 

  1797. 

  1798. int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
    1799. 

  1799. {
    1800. 

  1800.     int ret;
    1801. 

  1801. 

  1802.     if (!s->server) {
    1803. 

  1803.         SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    1804. 

  1804.         return SSL_READ_EARLY_DATA_ERROR;
    1805. 

  1805.     }
    1806. 

  1806. 

  1807.     switch (s->early_data_state) {
    1808. 

  1808.     case SSL_EARLY_DATA_NONE:
    1809. 

  1809.         if (!SSL_in_before(s)) {
    1810. 

  1810.             SSLerr(SSL_F_SSL_READ_EARLY_DATA,
    1811. 

  1811.                    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    1812. 

  1812.             return SSL_READ_EARLY_DATA_ERROR;
    1813. 

  1813.         }
    1814. 

  1814.         /* fall through */
    1815. 

  1815. 

  1816.     case SSL_EARLY_DATA_ACCEPT_RETRY:
    1817. 

  1817.         s->early_data_state = SSL_EARLY_DATA_ACCEPTING;
    1818. 

  1818.         ret = SSL_accept(s);
    1819. 

  1819.         if (ret <= 0) {
    1820. 

  1820.             /* NBIO or error */
    1821. 

  1821.             s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
    1822. 

  1822.             return SSL_READ_EARLY_DATA_ERROR;
    1823. 

  1823.         }
    1824. 

  1824.         /* fall through */
    1825. 

  1825. 

  1826.     case SSL_EARLY_DATA_READ_RETRY:
    1827. 

  1827.         if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
    1828. 

  1828.             s->early_data_state = SSL_EARLY_DATA_READING;
    1829. 

  1829.             ret = SSL_read_ex(s, buf, num, readbytes);
    1830. 

  1830.             /*
    1831. 

  1831.              * State machine will update early_data_state to
    1832. 

  1832.              * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
    1833. 

  1833.              * message
    1834. 

  1834.              */
    1835. 

  1835.             if (ret > 0 || (ret <= 0 && s->early_data_state
    1836. 

  1836.                                         != SSL_EARLY_DATA_FINISHED_READING)) {
    1837. 

  1837.                 s->early_data_state = SSL_EARLY_DATA_READ_RETRY;
    1838. 

  1838.                 return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
    1839. 

  1839.                                : SSL_READ_EARLY_DATA_ERROR;
    1840. 

  1840.             }
    1841. 

  1841.         } else {
    1842. 

  1842.             s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
    1843. 

  1843.         }
    1844. 

  1844.         *readbytes = 0;
    1845. 

  1845.         return SSL_READ_EARLY_DATA_FINISH;
    1846. 

  1846. 

  1847.     default:
    1848. 

  1848.         SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    1849. 

  1849.         return SSL_READ_EARLY_DATA_ERROR;
    1850. 

  1850.     }
    1851. 

  1851. }
    1852. 

  1852. 

  1853. int SSL_get_early_data_status(const SSL *s)
    1854. 

  1854. {
    1855. 

  1855.     return s->ext.early_data;
    1856. 

  1856. }
    1857. 

  1857. 

  1858. static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
    1859. 

  1859. {
    1860. 

  1860.     if (s->handshake_func == NULL) {
    1861. 

  1861.         SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED);
    1862. 

  1862.         return -1;
    1863. 

  1863.     }
    1864. 

  1864. 

  1865.     if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
    1866. 

  1866.         return 0;
    1867. 

  1867.     }
    1868. 

  1868.     if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
    1869. 

  1869.         struct ssl_async_args args;
    1870. 

  1870.         int ret;
    1871. 

  1871. 

  1872.         args.s = s;
    1873. 

  1873.         args.buf = buf;
    1874. 

  1874.         args.num = num;
    1875. 

  1875.         args.type = READFUNC;
    1876. 

  1876.         args.f.func_read = s->method->ssl_peek;
    1877. 

  1877. 

  1878.         ret = ssl_start_async_job(s, &args, ssl_io_intern);
    1879. 

  1879.         *readbytes = s->asyncrw;
    1880. 

  1880.         return ret;
    1881. 

  1881.     } else {
    1882. 

  1882.         return s->method->ssl_peek(s, buf, num, readbytes);
    1883. 

  1883.     }
    1884. 

  1884. }
    1885. 

  1885. 

  1886. int SSL_peek(SSL *s, void *buf, int num)
    1887. 

  1887. {
    1888. 

  1888.     int ret;
    1889. 

  1889.     size_t readbytes;
    1890. 

  1890. 

  1891.     if (num < 0) {
    1892. 

  1892.         SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
    1893. 

  1893.         return -1;
    1894. 

  1894.     }
    1895. 

  1895. 

  1896.     ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
    1897. 

  1897. 

  1898.     /*
    1899. 

  1899.      * The cast is safe here because ret should be <= INT_MAX because num is
    1900. 

  1900.      * <= INT_MAX
    1901. 

  1901.      */
    1902. 

  1902.     if (ret > 0)
    1903. 

  1903.         ret = (int)readbytes;
    1904. 

  1904. 

  1905.     return ret;
    1906. 

  1906. }
    1907. 

  1907. 

  1908. 

  1909. int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
    1910. 

  1910. {
    1911. 

  1911.     int ret = ssl_peek_internal(s, buf, num, readbytes);
    1912. 

  1912. 

  1913.     if (ret < 0)
    1914. 

  1914.         ret = 0;
    1915. 

  1915.     return ret;
    1916. 

  1916. }
    1917. 

  1917. 

  1918. int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
    1919. 

  1919. {
    1920. 

  1920.     if (s->handshake_func == NULL) {
    1921. 

  1921.         SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED);
    1922. 

  1922.         return -1;
    1923. 

  1923.     }
    1924. 

  1924. 

  1925.     if (s->shutdown & SSL_SENT_SHUTDOWN) {
    1926. 

  1926.         s->rwstate = SSL_NOTHING;
    1927. 

  1927.         SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN);
    1928. 

  1928.         return -1;
    1929. 

  1929.     }
    1930. 

  1930. 

  1931.     if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
    1932. 

  1932.                 || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
    1933. 

  1933.                 || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
    1934. 

  1934.         SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    1935. 

  1935.         return 0;
    1936. 

  1936.     }
    1937. 

  1937.     /* If we are a client and haven't sent the Finished we better do that */
    1938. 

  1938.     ossl_statem_check_finish_init(s, 1);
    1939. 

  1939. 

  1940.     if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
    1941. 

  1941.         int ret;
    1942. 

  1942.         struct ssl_async_args args;
    1943. 

  1943. 

  1944.         args.s = s;
    1945. 

  1945.         args.buf = (void *)buf;
    1946. 

  1946.         args.num = num;
    1947. 

  1947.         args.type = WRITEFUNC;
    1948. 

  1948.         args.f.func_write = s->method->ssl_write;
    1949. 

  1949. 

  1950.         ret = ssl_start_async_job(s, &args, ssl_io_intern);
    1951. 

  1951.         *written = s->asyncrw;
    1952. 

  1952.         return ret;
    1953. 

  1953.     } else {
    1954. 

  1954.         return s->method->ssl_write(s, buf, num, written);
    1955. 

  1955.     }
    1956. 

  1956. }
    1957. 

  1957. 

  1958. int SSL_write(SSL *s, const void *buf, int num)
    1959. 

  1959. {
    1960. 

  1960.     int ret;
    1961. 

  1961.     size_t written;
    1962. 

  1962. 

  1963.     if (num < 0) {
    1964. 

  1964.         SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH);
    1965. 

  1965.         return -1;
    1966. 

  1966.     }
    1967. 

  1967. 

  1968.     ret = ssl_write_internal(s, buf, (size_t)num, &written);
    1969. 

  1969. 

  1970.     /*
    1971. 

  1971.      * The cast is safe here because ret should be <= INT_MAX because num is
    1972. 

  1972.      * <= INT_MAX
    1973. 

  1973.      */
    1974. 

  1974.     if (ret > 0)
    1975. 

  1975.         ret = (int)written;
    1976. 

  1976. 

  1977.     return ret;
    1978. 

  1978. }
    1979. 

  1979. 

  1980. int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
    1981. 

  1981. {
    1982. 

  1982.     int ret = ssl_write_internal(s, buf, num, written);
    1983. 

  1983. 

  1984.     if (ret < 0)
    1985. 

  1985.         ret = 0;
    1986. 

  1986.     return ret;
    1987. 

  1987. }
    1988. 

  1988. 

  1989. int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
    1990. 

  1990. {
    1991. 

  1991.     int ret, early_data_state;
    1992. 

  1992.     size_t writtmp;
    1993. 

  1993.     uint32_t partialwrite;
    1994. 

  1994. 

  1995.     switch (s->early_data_state) {
    1996. 

  1996.     case SSL_EARLY_DATA_NONE:
    1997. 

  1997.         if (s->server
    1998. 

  1998.                 || !SSL_in_before(s)
    1999. 

  1999.                 || ((s->session == NULL || s->session->ext.max_early_data == 0)
    2000. 

  2000.                      && (s->psk_use_session_cb == NULL))) {
    2001. 

  2001.             SSLerr(SSL_F_SSL_WRITE_EARLY_DATA,
    2002. 

  2002.                    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    2003. 

  2003.             return 0;
    2004. 

  2004.         }
    2005. 

  2005.         /* fall through */
    2006. 

  2006. 

  2007.     case SSL_EARLY_DATA_CONNECT_RETRY:
    2008. 

  2008.         s->early_data_state = SSL_EARLY_DATA_CONNECTING;
    2009. 

  2009.         ret = SSL_connect(s);
    2010. 

  2010.         if (ret <= 0) {
    2011. 

  2011.             /* NBIO or error */
    2012. 

  2012.             s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
    2013. 

  2013.             return 0;
    2014. 

  2014.         }
    2015. 

  2015.         /* fall through */
    2016. 

  2016. 

  2017.     case SSL_EARLY_DATA_WRITE_RETRY:
    2018. 

  2018.         s->early_data_state = SSL_EARLY_DATA_WRITING;
    2019. 

  2019.         /*
    2020. 

  2020.          * We disable partial write for early data because we don't keep track
    2021. 

  2021.          * of how many bytes we've written between the SSL_write_ex() call and
    2022. 

  2022.          * the flush if the flush needs to be retried)
    2023. 

  2023.          */
    2024. 

  2024.         partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
    2025. 

  2025.         s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
    2026. 

  2026.         ret = SSL_write_ex(s, buf, num, &writtmp);
    2027. 

  2027.         s->mode |= partialwrite;
    2028. 

  2028.         if (!ret) {
    2029. 

  2029.             s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
    2030. 

  2030.             return ret;
    2031. 

  2031.         }
    2032. 

  2032.         s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
    2033. 

  2033.         /* fall through */
    2034. 

  2034. 

  2035.     case SSL_EARLY_DATA_WRITE_FLUSH:
    2036. 

  2036.         /* The buffering BIO is still in place so we need to flush it */
    2037. 

  2037.         if (statem_flush(s) != 1)
    2038. 

  2038.             return 0;
    2039. 

  2039.         *written = num;
    2040. 

  2040.         s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
    2041. 

  2041.         return 1;
    2042. 

  2042. 

  2043.     case SSL_EARLY_DATA_FINISHED_READING:
    2044. 

  2044.     case SSL_EARLY_DATA_READ_RETRY:
    2045. 

  2045.         early_data_state = s->early_data_state;
    2046. 

  2046.         /* We are a server writing to an unauthenticated client */
    2047. 

  2047.         s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
    2048. 

  2048.         ret = SSL_write_ex(s, buf, num, written);
    2049. 

  2049.         /* The buffering BIO is still in place */
    2050. 

  2050.         if (ret)
    2051. 

  2051.             (void)BIO_flush(s->wbio);
    2052. 

  2052.         s->early_data_state = early_data_state;
    2053. 

  2053.         return ret;
    2054. 

  2054. 

  2055.     default:
    2056. 

  2056.         SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    2057. 

  2057.         return 0;
    2058. 

  2058.     }
    2059. 

  2059. }
    2060. 

  2060. 

  2061. int SSL_shutdown(SSL *s)
    2062. 

  2062. {
    2063. 

  2063.     /*
    2064. 

  2064.      * Note that this function behaves differently from what one might
    2065. 

  2065.      * expect.  Return values are 0 for no success (yet), 1 for success; but
    2066. 

  2066.      * calling it once is usually not enough, even if blocking I/O is used
    2067. 

  2067.      * (see ssl3_shutdown).
    2068. 

  2068.      */
    2069. 

  2069. 

  2070.     if (s->handshake_func == NULL) {
    2071. 

  2071.         SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
    2072. 

  2072.         return -1;
    2073. 

  2073.     }
    2074. 

  2074. 

  2075.     if (!SSL_in_init(s)) {
    2076. 

  2076.         if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
    2077. 

  2077.             struct ssl_async_args args;
    2078. 

  2078. 

  2079.             args.s = s;
    2080. 

  2080.             args.type = OTHERFUNC;
    2081. 

  2081.             args.f.func_other = s->method->ssl_shutdown;
    2082. 

  2082. 

  2083.             return ssl_start_async_job(s, &args, ssl_io_intern);
    2084. 

  2084.         } else {
    2085. 

  2085.             return s->method->ssl_shutdown(s);
    2086. 

  2086.         }
    2087. 

  2087.     } else {
    2088. 

  2088.         SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
    2089. 

  2089.         return -1;
    2090. 

  2090.     }
    2091. 

  2091. }
    2092. 

  2092. 

  2093. int SSL_key_update(SSL *s, int updatetype)
    2094. 

  2094. {
    2095. 

  2095.     /*
    2096. 

  2096.      * TODO(TLS1.3): How will applications know whether TLSv1.3 has been
    2097. 

  2097.      * negotiated, and that it is appropriate to call SSL_key_update() instead
    2098. 

  2098.      * of SSL_renegotiate().
    2099. 

  2099.      */
    2100. 

  2100.     if (!SSL_IS_TLS13(s)) {
    2101. 

  2101.         SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION);
    2102. 

  2102.         return 0;
    2103. 

  2103.     }
    2104. 

  2104. 

  2105.     if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
    2106. 

  2106.             && updatetype != SSL_KEY_UPDATE_REQUESTED) {
    2107. 

  2107.         SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE);
    2108. 

  2108.         return 0;
    2109. 

  2109.     }
    2110. 

  2110. 

  2111.     if (!SSL_is_init_finished(s)) {
    2112. 

  2112.         SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT);
    2113. 

  2113.         return 0;
    2114. 

  2114.     }
    2115. 

  2115. 

  2116.     ossl_statem_set_in_init(s, 1);
    2117. 

  2117.     s->key_update = updatetype;
    2118. 

  2118.     return 1;
    2119. 

  2119. }
    2120. 

  2120. 

  2121. int SSL_get_key_update_type(const SSL *s)
    2122. 

  2122. {
    2123. 

  2123.     return s->key_update;
    2124. 

  2124. }
    2125. 

  2125. 

  2126. int SSL_renegotiate(SSL *s)
    2127. 

  2127. {
    2128. 

  2128.     if (SSL_IS_TLS13(s)) {
    2129. 

  2129.         SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION);
    2130. 

  2130.         return 0;
    2131. 

  2131.     }
    2132. 

  2132. 

  2133.     if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
    2134. 

  2134.         SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION);
    2135. 

  2135.         return 0;
    2136. 

  2136.     }
    2137. 

  2137. 

  2138.     s->renegotiate = 1;
    2139. 

  2139.     s->new_session = 1;
    2140. 

  2140. 

  2141.     return s->method->ssl_renegotiate(s);
    2142. 

  2142. }
    2143. 

  2143. 

  2144. int SSL_renegotiate_abbreviated(SSL *s)
    2145. 

  2145. {
    2146. 

  2146.     if (SSL_IS_TLS13(s)) {
    2147. 

  2147.         SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION);
    2148. 

  2148.         return 0;
    2149. 

  2149.     }
    2150. 

  2150. 

  2151.     if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
    2152. 

  2152.         SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION);
    2153. 

  2153.         return 0;
    2154. 

  2154.     }
    2155. 

  2155. 

  2156.     s->renegotiate = 1;
    2157. 

  2157.     s->new_session = 0;
    2158. 

  2158. 

  2159.     return s->method->ssl_renegotiate(s);
    2160. 

  2160. }
    2161. 

  2161. 

  2162. int SSL_renegotiate_pending(const SSL *s)
    2163. 

  2163. {
    2164. 

  2164.     /*
    2165. 

  2165.      * becomes true when negotiation is requested; false again once a
    2166. 

  2166.      * handshake has finished
    2167. 

  2167.      */
    2168. 

  2168.     return (s->renegotiate != 0);
    2169. 

  2169. }
    2170. 

  2170. 

  2171. long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
    2172. 

  2172. {
    2173. 

  2173.     long l;
    2174. 

  2174. 

  2175.     switch (cmd) {
    2176. 

  2176.     case SSL_CTRL_GET_READ_AHEAD:
    2177. 

  2177.         return RECORD_LAYER_get_read_ahead(&s->rlayer);
    2178. 

  2178.     case SSL_CTRL_SET_READ_AHEAD:
    2179. 

  2179.         l = RECORD_LAYER_get_read_ahead(&s->rlayer);
    2180. 

  2180.         RECORD_LAYER_set_read_ahead(&s->rlayer, larg);
    2181. 

  2181.         return l;
    2182. 

  2182. 

  2183.     case SSL_CTRL_SET_MSG_CALLBACK_ARG:
    2184. 

  2184.         s->msg_callback_arg = parg;
    2185. 

  2185.         return 1;
    2186. 

  2186. 

  2187.     case SSL_CTRL_MODE:
    2188. 

  2188.         return (s->mode |= larg);
    2189. 

  2189.     case SSL_CTRL_CLEAR_MODE:
    2190. 

  2190.         return (s->mode &= ~larg);
    2191. 

  2191.     case SSL_CTRL_GET_MAX_CERT_LIST:
    2192. 

  2192.         return (long)s->max_cert_list;
    2193. 

  2193.     case SSL_CTRL_SET_MAX_CERT_LIST:
    2194. 

  2194.         if (larg < 0)
    2195. 

  2195.             return 0;
    2196. 

  2196.         l = (long)s->max_cert_list;
    2197. 

  2197.         s->max_cert_list = (size_t)larg;
    2198. 

  2198.         return l;
    2199. 

  2199.     case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
    2200. 

  2200.         if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
    2201. 

  2201.             return 0;
    2202. 

  2202.         s->max_send_fragment = larg;
    2203. 

  2203.         if (s->max_send_fragment < s->split_send_fragment)
    2204. 

  2204.             s->split_send_fragment = s->max_send_fragment;
    2205. 

  2205.         return 1;
    2206. 

  2206.     case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
    2207. 

  2207.         if ((size_t)larg > s->max_send_fragment || larg == 0)
    2208. 

  2208.             return 0;
    2209. 

  2209.         s->split_send_fragment = larg;
    2210. 

  2210.         return 1;
    2211. 

  2211.     case SSL_CTRL_SET_MAX_PIPELINES:
    2212. 

  2212.         if (larg < 1 || larg > SSL_MAX_PIPELINES)
    2213. 

  2213.             return 0;
    2214. 

  2214.         s->max_pipelines = larg;
    2215. 

  2215.         if (larg > 1)
    2216. 

  2216.             RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
    2217. 

  2217.         return 1;
    2218. 

  2218.     case SSL_CTRL_GET_RI_SUPPORT:
    2219. 

  2219.         if (s->s3)
    2220. 

  2220.             return s->s3->send_connection_binding;
    2221. 

  2221.         else
    2222. 

  2222.             return 0;
    2223. 

  2223.     case SSL_CTRL_CERT_FLAGS:
    2224. 

  2224.         return (s->cert->cert_flags |= larg);
    2225. 

  2225.     case SSL_CTRL_CLEAR_CERT_FLAGS:
    2226. 

  2226.         return (s->cert->cert_flags &= ~larg);
    2227. 

  2227. 

  2228.     case SSL_CTRL_GET_RAW_CIPHERLIST:
    2229. 

  2229.         if (parg) {
    2230. 

  2230.             if (s->s3->tmp.ciphers_raw == NULL)
    2231. 

  2231.                 return 0;
    2232. 

  2232.             *(unsigned char **)parg = s->s3->tmp.ciphers_raw;
    2233. 

  2233.             return (int)s->s3->tmp.ciphers_rawlen;
    2234. 

  2234.         } else {
    2235. 

  2235.             return TLS_CIPHER_LEN;
    2236. 

  2236.         }
    2237. 

  2237.     case SSL_CTRL_GET_EXTMS_SUPPORT:
    2238. 

  2238.         if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
    2239. 

  2239.             return -1;
    2240. 

  2240.         if (s->session->flags & SSL_SESS_FLAG_EXTMS)
    2241. 

  2241.             return 1;
    2242. 

  2242.         else
    2243. 

  2243.             return 0;
    2244. 

  2244.     case SSL_CTRL_SET_MIN_PROTO_VERSION:
    2245. 

  2245.         return ssl_check_allowed_versions(larg, s->max_proto_version)
    2246. 

  2246.                && ssl_set_version_bound(s->ctx->method->version, (int)larg,
    2247. 

  2247.                                         &s->min_proto_version);
    2248. 

  2248.     case SSL_CTRL_GET_MIN_PROTO_VERSION:
    2249. 

  2249.         return s->min_proto_version;
    2250. 

  2250.     case SSL_CTRL_SET_MAX_PROTO_VERSION:
    2251. 

  2251.         return ssl_check_allowed_versions(s->min_proto_version, larg)
    2252. 

  2252.                && ssl_set_version_bound(s->ctx->method->version, (int)larg,
    2253. 

  2253.                                         &s->max_proto_version);
    2254. 

  2254.     case SSL_CTRL_GET_MAX_PROTO_VERSION:
    2255. 

  2255.         return s->max_proto_version;
    2256. 

  2256.     default:
    2257. 

  2257.         return s->method->ssl_ctrl(s, cmd, larg, parg);
    2258. 

  2258.     }
    2259. 

  2259. }
    2260. 

  2260. 

  2261. long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
    2262. 

  2262. {
    2263. 

  2263.     switch (cmd) {
    2264. 

  2264.     case SSL_CTRL_SET_MSG_CALLBACK:
    2265. 

  2265.         s->msg_callback = (void (*)
    2266. 

  2266.                            (int write_p, int version, int content_type,
    2267. 

  2267.                             const void *buf, size_t len, SSL *ssl,
    2268. 

  2268.                             void *arg))(fp);
    2269. 

  2269.         return 1;
    2270. 

  2270. 

  2271.     default:
    2272. 

  2272.         return s->method->ssl_callback_ctrl(s, cmd, fp);
    2273. 

  2273.     }
    2274. 

  2274. }
    2275. 

  2275. 

  2276. LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
    2277. 

  2277. {
    2278. 

  2278.     return ctx->sessions;
    2279. 

  2279. }
    2280. 

  2280. 

  2281. long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
    2282. 

  2282. {
    2283. 

  2283.     long l;
    2284. 

  2284.     /* For some cases with ctx == NULL perform syntax checks */
    2285. 

  2285.     if (ctx == NULL) {
    2286. 

  2286.         switch (cmd) {
    2287. 

  2287. #ifndef OPENSSL_NO_EC
    2288. 

  2288.         case SSL_CTRL_SET_GROUPS_LIST:
    2289. 

  2289.             return tls1_set_groups_list(NULL, NULL, parg);
    2290. 

  2290. #endif
    2291. 

  2291.         case SSL_CTRL_SET_SIGALGS_LIST:
    2292. 

  2292.         case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
    2293. 

  2293.             return tls1_set_sigalgs_list(NULL, parg, 0);
    2294. 

  2294.         default:
    2295. 

  2295.             return 0;
    2296. 

  2296.         }
    2297. 

  2297.     }
    2298. 

  2298. 

  2299.     switch (cmd) {
    2300. 

  2300.     case SSL_CTRL_GET_READ_AHEAD:
    2301. 

  2301.         return ctx->read_ahead;
    2302. 

  2302.     case SSL_CTRL_SET_READ_AHEAD:
    2303. 

  2303.         l = ctx->read_ahead;
    2304. 

  2304.         ctx->read_ahead = larg;
    2305. 

  2305.         return l;
    2306. 

  2306. 

  2307.     case SSL_CTRL_SET_MSG_CALLBACK_ARG:
    2308. 

  2308.         ctx->msg_callback_arg = parg;
    2309. 

  2309.         return 1;
    2310. 

  2310. 

  2311.     case SSL_CTRL_GET_MAX_CERT_LIST:
    2312. 

  2312.         return (long)ctx->max_cert_list;
    2313. 

  2313.     case SSL_CTRL_SET_MAX_CERT_LIST:
    2314. 

  2314.         if (larg < 0)
    2315. 

  2315.             return 0;
    2316. 

  2316.         l = (long)ctx->max_cert_list;
    2317. 

  2317.         ctx->max_cert_list = (size_t)larg;
    2318. 

  2318.         return l;
    2319. 

  2319. 

  2320.     case SSL_CTRL_SET_SESS_CACHE_SIZE:
    2321. 

  2321.         if (larg < 0)
    2322. 

  2322.             return 0;
    2323. 

  2323.         l = (long)ctx->session_cache_size;
    2324. 

  2324.         ctx->session_cache_size = (size_t)larg;
    2325. 

  2325.         return l;
    2326. 

  2326.     case SSL_CTRL_GET_SESS_CACHE_SIZE:
    2327. 

  2327.         return (long)ctx->session_cache_size;
    2328. 

  2328.     case SSL_CTRL_SET_SESS_CACHE_MODE:
    2329. 

  2329.         l = ctx->session_cache_mode;
    2330. 

  2330.         ctx->session_cache_mode = larg;
    2331. 

  2331.         return l;
    2332. 

  2332.     case SSL_CTRL_GET_SESS_CACHE_MODE:
    2333. 

  2333.         return ctx->session_cache_mode;
    2334. 

  2334. 

  2335.     case SSL_CTRL_SESS_NUMBER:
    2336. 

  2336.         return lh_SSL_SESSION_num_items(ctx->sessions);
    2337. 

  2337.     case SSL_CTRL_SESS_CONNECT:
    2338. 

  2338.         return tsan_load(&ctx->stats.sess_connect);
    2339. 

  2339.     case SSL_CTRL_SESS_CONNECT_GOOD:
    2340. 

  2340.         return tsan_load(&ctx->stats.sess_connect_good);
    2341. 

  2341.     case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
    2342. 

  2342.         return tsan_load(&ctx->stats.sess_connect_renegotiate);
    2343. 

  2343.     case SSL_CTRL_SESS_ACCEPT:
    2344. 

  2344.         return tsan_load(&ctx->stats.sess_accept);
    2345. 

  2345.     case SSL_CTRL_SESS_ACCEPT_GOOD:
    2346. 

  2346.         return tsan_load(&ctx->stats.sess_accept_good);
    2347. 

  2347.     case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
    2348. 

  2348.         return tsan_load(&ctx->stats.sess_accept_renegotiate);
    2349. 

  2349.     case SSL_CTRL_SESS_HIT:
    2350. 

  2350.         return tsan_load(&ctx->stats.sess_hit);
    2351. 

  2351.     case SSL_CTRL_SESS_CB_HIT:
    2352. 

  2352.         return tsan_load(&ctx->stats.sess_cb_hit);
    2353. 

  2353.     case SSL_CTRL_SESS_MISSES:
    2354. 

  2354.         return tsan_load(&ctx->stats.sess_miss);
    2355. 

  2355.     case SSL_CTRL_SESS_TIMEOUTS:
    2356. 

  2356.         return tsan_load(&ctx->stats.sess_timeout);
    2357. 

  2357.     case SSL_CTRL_SESS_CACHE_FULL:
    2358. 

  2358.         return tsan_load(&ctx->stats.sess_cache_full);
    2359. 

  2359.     case SSL_CTRL_MODE:
    2360. 

  2360.         return (ctx->mode |= larg);
    2361. 

  2361.     case SSL_CTRL_CLEAR_MODE:
    2362. 

  2362.         return (ctx->mode &= ~larg);
    2363. 

  2363.     case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
    2364. 

  2364.         if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
    2365. 

  2365.             return 0;
    2366. 

  2366.         ctx->max_send_fragment = larg;
    2367. 

  2367.         if (ctx->max_send_fragment < ctx->split_send_fragment)
    2368. 

  2368.             ctx->split_send_fragment = ctx->max_send_fragment;
    2369. 

  2369.         return 1;
    2370. 

  2370.     case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
    2371. 

  2371.         if ((size_t)larg > ctx->max_send_fragment || larg == 0)
    2372. 

  2372.             return 0;
    2373. 

  2373.         ctx->split_send_fragment = larg;
    2374. 

  2374.         return 1;
    2375. 

  2375.     case SSL_CTRL_SET_MAX_PIPELINES:
    2376. 

  2376.         if (larg < 1 || larg > SSL_MAX_PIPELINES)
    2377. 

  2377.             return 0;
    2378. 

  2378.         ctx->max_pipelines = larg;
    2379. 

  2379.         return 1;
    2380. 

  2380.     case SSL_CTRL_CERT_FLAGS:
    2381. 

  2381.         return (ctx->cert->cert_flags |= larg);
    2382. 

  2382.     case SSL_CTRL_CLEAR_CERT_FLAGS:
    2383. 

  2383.         return (ctx->cert->cert_flags &= ~larg);
    2384. 

  2384.     case SSL_CTRL_SET_MIN_PROTO_VERSION:
    2385. 

  2385.         return ssl_check_allowed_versions(larg, ctx->max_proto_version)
    2386. 

  2386.                && ssl_set_version_bound(ctx->method->version, (int)larg,
    2387. 

  2387.                                         &ctx->min_proto_version);
    2388. 

  2388.     case SSL_CTRL_GET_MIN_PROTO_VERSION:
    2389. 

  2389.         return ctx->min_proto_version;
    2390. 

  2390.     case SSL_CTRL_SET_MAX_PROTO_VERSION:
    2391. 

  2391.         return ssl_check_allowed_versions(ctx->min_proto_version, larg)
    2392. 

  2392.                && ssl_set_version_bound(ctx->method->version, (int)larg,
    2393. 

  2393.                                         &ctx->max_proto_version);
    2394. 

  2394.     case SSL_CTRL_GET_MAX_PROTO_VERSION:
    2395. 

  2395.         return ctx->max_proto_version;
    2396. 

  2396.     default:
    2397. 

  2397.         return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
    2398. 

  2398.     }
    2399. 

  2399. }
    2400. 

  2400. 

  2401. long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
    2402. 

  2402. {
    2403. 

  2403.     switch (cmd) {
    2404. 

  2404.     case SSL_CTRL_SET_MSG_CALLBACK:
    2405. 

  2405.         ctx->msg_callback = (void (*)
    2406. 

  2406.                              (int write_p, int version, int content_type,
    2407. 

  2407.                               const void *buf, size_t len, SSL *ssl,
    2408. 

  2408.                               void *arg))(fp);
    2409. 

  2409.         return 1;
    2410. 

  2410. 

  2411.     default:
    2412. 

  2412.         return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
    2413. 

  2413.     }
    2414. 

  2414. }
    2415. 

  2415. 

  2416. int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
    2417. 

  2417. {
    2418. 

  2418.     if (a->id > b->id)
    2419. 

  2419.         return 1;
    2420. 

  2420.     if (a->id < b->id)
    2421. 

  2421.         return -1;
    2422. 

  2422.     return 0;
    2423. 

  2423. }
    2424. 

  2424. 

  2425. int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
    2426. 

  2426.                           const SSL_CIPHER *const *bp)
    2427. 

  2427. {
    2428. 

  2428.     if ((*ap)->id > (*bp)->id)
    2429. 

  2429.         return 1;
    2430. 

  2430.     if ((*ap)->id < (*bp)->id)
    2431. 

  2431.         return -1;
    2432. 

  2432.     return 0;
    2433. 

  2433. }
    2434. 

  2434. 

  2435. /** return a STACK of the ciphers available for the SSL and in order of
    2436. 

  2436.  * preference */
    2437. 

  2437. STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
    2438. 

  2438. {
    2439. 

  2439.     if (s != NULL) {
    2440. 

  2440.         if (s->cipher_list != NULL) {
    2441. 

  2441.             return s->cipher_list;
    2442. 

  2442.         } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
    2443. 

  2443.             return s->ctx->cipher_list;
    2444. 

  2444.         }
    2445. 

  2445.     }
    2446. 

  2446.     return NULL;
    2447. 

  2447. }
    2448. 

  2448. 

  2449. STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
    2450. 

  2450. {
    2451. 

  2451.     if ((s == NULL) || !s->server)
    2452. 

  2452.         return NULL;
    2453. 

  2453.     return s->peer_ciphers;
    2454. 

  2454. }
    2455. 

  2455. 

  2456. STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
    2457. 

  2457. {
    2458. 

  2458.     STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
    2459. 

  2459.     int i;
    2460. 

  2460. 

  2461.     ciphers = SSL_get_ciphers(s);
    2462. 

  2462.     if (!ciphers)
    2463. 

  2463.         return NULL;
    2464. 

  2464.     if (!ssl_set_client_disabled(s))
    2465. 

  2465.         return NULL;
    2466. 

  2466.     for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
    2467. 

  2467.         const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
    2468. 

  2468.         if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
    2469. 

  2469.             if (!sk)
    2470. 

  2470.                 sk = sk_SSL_CIPHER_new_null();
    2471. 

  2471.             if (!sk)
    2472. 

  2472.                 return NULL;
    2473. 

  2473.             if (!sk_SSL_CIPHER_push(sk, c)) {
    2474. 

  2474.                 sk_SSL_CIPHER_free(sk);
    2475. 

  2475.                 return NULL;
    2476. 

  2476.             }
    2477. 

  2477.         }
    2478. 

  2478.     }
    2479. 

  2479.     return sk;
    2480. 

  2480. }
    2481. 

  2481. 

  2482. /** return a STACK of the ciphers available for the SSL and in order of
    2483. 

  2483.  * algorithm id */
    2484. 

  2484. STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
    2485. 

  2485. {
    2486. 

  2486.     if (s != NULL) {
    2487. 

  2487.         if (s->cipher_list_by_id != NULL) {
    2488. 

  2488.             return s->cipher_list_by_id;
    2489. 

  2489.         } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
    2490. 

  2490.             return s->ctx->cipher_list_by_id;
    2491. 

  2491.         }
    2492. 

  2492.     }
    2493. 

  2493.     return NULL;
    2494. 

  2494. }
    2495. 

  2495. 

  2496. /** The old interface to get the same thing as SSL_get_ciphers() */
    2497. 

  2497. const char *SSL_get_cipher_list(const SSL *s, int n)
    2498. 

  2498. {
    2499. 

  2499.     const SSL_CIPHER *c;
    2500. 

  2500.     STACK_OF(SSL_CIPHER) *sk;
    2501. 

  2501. 

  2502.     if (s == NULL)
    2503. 

  2503.         return NULL;
    2504. 

  2504.     sk = SSL_get_ciphers(s);
    2505. 

  2505.     if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
    2506. 

  2506.         return NULL;
    2507. 

  2507.     c = sk_SSL_CIPHER_value(sk, n);
    2508. 

  2508.     if (c == NULL)
    2509. 

  2509.         return NULL;
    2510. 

  2510.     return c->name;
    2511. 

  2511. }
    2512. 

  2512. 

  2513. /** return a STACK of the ciphers available for the SSL_CTX and in order of
    2514. 

  2514.  * preference */
    2515. 

  2515. STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
    2516. 

  2516. {
    2517. 

  2517.     if (ctx != NULL)
    2518. 

  2518.         return ctx->cipher_list;
    2519. 

  2519.     return NULL;
    2520. 

  2520. }
    2521. 

  2521. 

  2522. /*
    2523. 

  2523.  * Distinguish between ciphers controlled by set_ciphersuite() and
    2524. 

  2524.  * set_cipher_list() when counting.
    2525. 

  2525.  */
    2526. 

  2526. static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
    2527. 

  2527. {
    2528. 

  2528.     int i, num = 0;
    2529. 

  2529.     const SSL_CIPHER *c;
    2530. 

  2530. 

  2531.     if (sk == NULL)
    2532. 

  2532.         return 0;
    2533. 

  2533.     for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
    2534. 

  2534.         c = sk_SSL_CIPHER_value(sk, i);
    2535. 

  2535.         if (c->min_tls >= TLS1_3_VERSION)
    2536. 

  2536.             continue;
    2537. 

  2537.         num++;
    2538. 

  2538.     }
    2539. 

  2539.     return num;
    2540. 

  2540. }
    2541. 

  2541. 

  2542. /** specify the ciphers to be used by default by the SSL_CTX */
    2543. 

  2543. int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
    2544. 

  2544. {
    2545. 

  2545.     STACK_OF(SSL_CIPHER) *sk;
    2546. 

  2546. 

  2547.     sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites,
    2548. 

  2548.                                 &ctx->cipher_list, &ctx->cipher_list_by_id, str,
    2549. 

  2549.                                 ctx->cert);
    2550. 

  2550.     /*
    2551. 

  2551.      * ssl_create_cipher_list may return an empty stack if it was unable to
    2552. 

  2552.      * find a cipher matching the given rule string (for example if the rule
    2553. 

  2553.      * string specifies a cipher which has been disabled). This is not an
    2554. 

  2554.      * error as far as ssl_create_cipher_list is concerned, and hence
    2555. 

  2555.      * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
    2556. 

  2556.      */
    2557. 

  2557.     if (sk == NULL)
    2558. 

  2558.         return 0;
    2559. 

  2559.     else if (cipher_list_tls12_num(sk) == 0) {
    2560. 

  2560.         SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
    2561. 

  2561.         return 0;
    2562. 

  2562.     }
    2563. 

  2563.     return 1;
    2564. 

  2564. }
    2565. 

  2565. 

  2566. /** specify the ciphers to be used by the SSL */
    2567. 

  2567. int SSL_set_cipher_list(SSL *s, const char *str)
    2568. 

  2568. {
    2569. 

  2569.     STACK_OF(SSL_CIPHER) *sk;
    2570. 

  2570. 

  2571.     sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites,
    2572. 

  2572.                                 &s->cipher_list, &s->cipher_list_by_id, str,
    2573. 

  2573.                                 s->cert);
    2574. 

  2574.     /* see comment in SSL_CTX_set_cipher_list */
    2575. 

  2575.     if (sk == NULL)
    2576. 

  2576.         return 0;
    2577. 

  2577.     else if (cipher_list_tls12_num(sk) == 0) {
    2578. 

  2578.         SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
    2579. 

  2579.         return 0;
    2580. 

  2580.     }
    2581. 

  2581.     return 1;
    2582. 

  2582. }
    2583. 

  2583. 

  2584. char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
    2585. 

  2585. {
    2586. 

  2586.     char *p;
    2587. 

  2587.     STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
    2588. 

  2588.     const SSL_CIPHER *c;
    2589. 

  2589.     int i;
    2590. 

  2590. 

  2591.     if (!s->server
    2592. 

  2592.             || s->peer_ciphers == NULL
    2593. 

  2593.             || size < 2)
    2594. 

  2594.         return NULL;
    2595. 

  2595. 

  2596.     p = buf;
    2597. 

  2597.     clntsk = s->peer_ciphers;
    2598. 

  2598.     srvrsk = SSL_get_ciphers(s);
    2599. 

  2599.     if (clntsk == NULL || srvrsk == NULL)
    2600. 

  2600.         return NULL;
    2601. 

  2601. 

  2602.     if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
    2603. 

  2603.         return NULL;
    2604. 

  2604. 

  2605.     for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
    2606. 

  2606.         int n;
    2607. 

  2607. 

  2608.         c = sk_SSL_CIPHER_value(clntsk, i);
    2609. 

  2609.         if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
    2610. 

  2610.             continue;
    2611. 

  2611. 

  2612.         n = strlen(c->name);
    2613. 

  2613.         if (n + 1 > size) {
    2614. 

  2614.             if (p != buf)
    2615. 

  2615.                 --p;
    2616. 

  2616.             *p = '\0';
    2617. 

  2617.             return buf;
    2618. 

  2618.         }
    2619. 

  2619.         strcpy(p, c->name);
    2620. 

  2620.         p += n;
    2621. 

  2621.         *(p++) = ':';
    2622. 

  2622.         size -= n + 1;
    2623. 

  2623.     }
    2624. 

  2624.     p[-1] = '\0';
    2625. 

  2625.     return buf;
    2626. 

  2626. }
    2627. 

  2627. 

  2628. /**
    2629. 

  2629.  * Return the requested servername (SNI) value. Note that the behaviour varies
    2630. 

  2630.  * depending on:
    2631. 

  2631.  * - whether this is called by the client or the server,
    2632. 

  2632.  * - if we are before or during/after the handshake,
    2633. 

  2633.  * - if a resumption or normal handshake is being attempted/has occurred
    2634. 

  2634.  * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3
    2635. 

  2635.  * 
    2636. 

  2636.  * Note that only the host_name type is defined (RFC 3546).
    2637. 

  2637.  */
    2638. 

  2638. const char *SSL_get_servername(const SSL *s, const int type)
    2639. 

  2639. {
    2640. 

  2640.     /*
    2641. 

  2641.      * If we don't know if we are the client or the server yet then we assume
    2642. 

  2642.      * client.
    2643. 

  2643.      */
    2644. 

  2644.     int server = s->handshake_func == NULL ? 0 : s->server;
    2645. 

  2645.     if (type != TLSEXT_NAMETYPE_host_name)
    2646. 

  2646.         return NULL;
    2647. 

  2647. 

  2648.     if (server) {
    2649. 

  2649.         /**
    2650. 

  2650.          * Server side
    2651. 

  2651.          * In TLSv1.3 on the server SNI is not associated with the session
    2652. 

  2652.          * but in TLSv1.2 or below it is.
    2653. 

  2653.          *
    2654. 

  2654.          * Before the handshake:
    2655. 

  2655.          *  - return NULL
    2656. 

  2656.          *
    2657. 

  2657.          * During/after the handshake (TLSv1.2 or below resumption occurred):
    2658. 

  2658.          * - If a servername was accepted by the server in the original
    2659. 

  2659.          *   handshake then it will return that servername, or NULL otherwise.
    2660. 

  2660.          *
    2661. 

  2661.          * During/after the handshake (TLSv1.2 or below resumption did not occur):
    2662. 

  2662.          * - The function will return the servername requested by the client in
    2663. 

  2663.          *   this handshake or NULL if none was requested.
    2664. 

  2664.          */
    2665. 

  2665.          if (s->hit && !SSL_IS_TLS13(s))
    2666. 

  2666.             return s->session->ext.hostname;
    2667. 

  2667.     } else {
    2668. 

  2668.         /**
    2669. 

  2669.          * Client side
    2670. 

  2670.          *
    2671. 

  2671.          * Before the handshake:
    2672. 

  2672.          *  - If a servername has been set via a call to
    2673. 

  2673.          *    SSL_set_tlsext_host_name() then it will return that servername
    2674. 

  2674.          *  - If one has not been set, but a TLSv1.2 resumption is being
    2675. 

  2675.          *    attempted and the session from the original handshake had a
    2676. 

  2676.          *    servername accepted by the server then it will return that
    2677. 

  2677.          *    servername
    2678. 

  2678.          *  - Otherwise it returns NULL
    2679. 

  2679.          *
    2680. 

  2680.          * During/after the handshake (TLSv1.2 or below resumption occurred):
    2681. 

  2681.          * - If the session from the original handshake had a servername accepted
    2682. 

  2682.          *   by the server then it will return that servername.
    2683. 

  2683.          * - Otherwise it returns the servername set via
    2684. 

  2684.          *   SSL_set_tlsext_host_name() (or NULL if it was not called).
    2685. 

  2685.          *
    2686. 

  2686.          * During/after the handshake (TLSv1.2 or below resumption did not occur):
    2687. 

  2687.          * - It will return the servername set via SSL_set_tlsext_host_name()
    2688. 

  2688.          *   (or NULL if it was not called).
    2689. 

  2689.          */
    2690. 

  2690.         if (SSL_in_before(s)) {
    2691. 

  2691.             if (s->ext.hostname == NULL
    2692. 

  2692.                     && s->session != NULL
    2693. 

  2693.                     && s->session->ssl_version != TLS1_3_VERSION)
    2694. 

  2694.                 return s->session->ext.hostname;
    2695. 

  2695.         } else {
    2696. 

  2696.             if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL)
    2697. 

  2697.                 return s->session->ext.hostname;
    2698. 

  2698.         }
    2699. 

  2699.     }
    2700. 

  2700. 

  2701.     return s->ext.hostname;
    2702. 

  2702. }
    2703. 

  2703. 

  2704. int SSL_get_servername_type(const SSL *s)
    2705. 

  2705. {
    2706. 

  2706.     if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL)
    2707. 

  2707.         return TLSEXT_NAMETYPE_host_name;
    2708. 

  2708.     return -1;
    2709. 

  2709. }
    2710. 

  2710. 

  2711. /*
    2712. 

  2712.  * SSL_select_next_proto implements the standard protocol selection. It is
    2713. 

  2713.  * expected that this function is called from the callback set by
    2714. 

  2714.  * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
    2715. 

  2715.  * vector of 8-bit, length prefixed byte strings. The length byte itself is
    2716. 

  2716.  * not included in the length. A byte string of length 0 is invalid. No byte
    2717. 

  2717.  * string may be truncated. The current, but experimental algorithm for
    2718. 

  2718.  * selecting the protocol is: 1) If the server doesn't support NPN then this
    2719. 

  2719.  * is indicated to the callback. In this case, the client application has to
    2720. 

  2720.  * abort the connection or have a default application level protocol. 2) If
    2721. 

  2721.  * the server supports NPN, but advertises an empty list then the client
    2722. 

  2722.  * selects the first protocol in its list, but indicates via the API that this
    2723. 

  2723.  * fallback case was enacted. 3) Otherwise, the client finds the first
    2724. 

  2724.  * protocol in the server's list that it supports and selects this protocol.
    2725. 

  2725.  * This is because it's assumed that the server has better information about
    2726. 

  2726.  * which protocol a client should use. 4) If the client doesn't support any
    2727. 

  2727.  * of the server's advertised protocols, then this is treated the same as
    2728. 

  2728.  * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
    2729. 

  2729.  * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
    2730. 

  2730.  */
    2731. 

  2731. int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
    2732. 

  2732.                           const unsigned char *server,
    2733. 

  2733.                           unsigned int server_len,
    2734. 

  2734.                           const unsigned char *client, unsigned int client_len)
    2735. 

  2735. {
    2736. 

  2736.     unsigned int i, j;
    2737. 

  2737.     const unsigned char *result;
    2738. 

  2738.     int status = OPENSSL_NPN_UNSUPPORTED;
    2739. 

  2739. 

  2740.     /*
    2741. 

  2741.      * For each protocol in server preference order, see if we support it.
    2742. 

  2742.      */
    2743. 

  2743.     for (i = 0; i < server_len;) {
    2744. 

  2744.         for (j = 0; j < client_len;) {
    2745. 

  2745.             if (server[i] == client[j] &&
    2746. 

  2746.                 memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
    2747. 

  2747.                 /* We found a match */
    2748. 

  2748.                 result = &server[i];
    2749. 

  2749.                 status = OPENSSL_NPN_NEGOTIATED;
    2750. 

  2750.                 goto found;
    2751. 

  2751.             }
    2752. 

  2752.             j += client[j];
    2753. 

  2753.             j++;
    2754. 

  2754.         }
    2755. 

  2755.         i += server[i];
    2756. 

  2756.         i++;
    2757. 

  2757.     }
    2758. 

  2758. 

  2759.     /* There's no overlap between our protocols and the server's list. */
    2760. 

  2760.     result = client;
    2761. 

  2761.     status = OPENSSL_NPN_NO_OVERLAP;
    2762. 

  2762. 

  2763.  found:
    2764. 

  2764.     *out = (unsigned char *)result + 1;
    2765. 

  2765.     *outlen = result[0];
    2766. 

  2766.     return status;
    2767. 

  2767. }
    2768. 

  2768. 

  2769. #ifndef OPENSSL_NO_NEXTPROTONEG
    2770. 

  2770. /*
    2771. 

  2771.  * SSL_get0_next_proto_negotiated sets *data and *len to point to the
    2772. 

  2772.  * client's requested protocol for this connection and returns 0. If the
    2773. 

  2773.  * client didn't request any protocol, then *data is set to NULL. Note that
    2774. 

  2774.  * the client can request any protocol it chooses. The value returned from
    2775. 

  2775.  * this function need not be a member of the list of supported protocols
    2776. 

  2776.  * provided by the callback.
    2777. 

  2777.  */
    2778. 

  2778. void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
    2779. 

  2779.                                     unsigned *len)
    2780. 

  2780. {
    2781. 

  2781.     *data = s->ext.npn;
    2782. 

  2782.     if (!*data) {
    2783. 

  2783.         *len = 0;
    2784. 

  2784.     } else {
    2785. 

  2785.         *len = (unsigned int)s->ext.npn_len;
    2786. 

  2786.     }
    2787. 

  2787. }
    2788. 

  2788. 

  2789. /*
    2790. 

  2790.  * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
    2791. 

  2791.  * a TLS server needs a list of supported protocols for Next Protocol
    2792. 

  2792.  * Negotiation. The returned list must be in wire format.  The list is
    2793. 

  2793.  * returned by setting |out| to point to it and |outlen| to its length. This
    2794. 

  2794.  * memory will not be modified, but one should assume that the SSL* keeps a
    2795. 

  2795.  * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
    2796. 

  2796.  * wishes to advertise. Otherwise, no such extension will be included in the
    2797. 

  2797.  * ServerHello.
    2798. 

  2798.  */
    2799. 

  2799. void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
    2800. 

  2800.                                    SSL_CTX_npn_advertised_cb_func cb,
    2801. 

  2801.                                    void *arg)
    2802. 

  2802. {
    2803. 

  2803.     ctx->ext.npn_advertised_cb = cb;
    2804. 

  2804.     ctx->ext.npn_advertised_cb_arg = arg;
    2805. 

  2805. }
    2806. 

  2806. 

  2807. /*
    2808. 

  2808.  * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
    2809. 

  2809.  * client needs to select a protocol from the server's provided list. |out|
    2810. 

  2810.  * must be set to point to the selected protocol (which may be within |in|).
    2811. 

  2811.  * The length of the protocol name must be written into |outlen|. The
    2812. 

  2812.  * server's advertised protocols are provided in |in| and |inlen|. The
    2813. 

  2813.  * callback can assume that |in| is syntactically valid. The client must
    2814. 

  2814.  * select a protocol. It is fatal to the connection if this callback returns
    2815. 

  2815.  * a value other than SSL_TLSEXT_ERR_OK.
    2816. 

  2816.  */
    2817. 

  2817. void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
    2818. 

  2818.                                SSL_CTX_npn_select_cb_func cb,
    2819. 

  2819.                                void *arg)
    2820. 

  2820. {
    2821. 

  2821.     ctx->ext.npn_select_cb = cb;
    2822. 

  2822.     ctx->ext.npn_select_cb_arg = arg;
    2823. 

  2823. }
    2824. 

  2824. #endif
    2825. 

  2825. 

  2826. /*
    2827. 

  2827.  * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
    2828. 

  2828.  * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
    2829. 

  2829.  * length-prefixed strings). Returns 0 on success.
    2830. 

  2830.  */
    2831. 

  2831. int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
    2832. 

  2832.                             unsigned int protos_len)
    2833. 

  2833. {
    2834. 

  2834.     OPENSSL_free(ctx->ext.alpn);
    2835. 

  2835.     ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
    2836. 

  2836.     if (ctx->ext.alpn == NULL) {
    2837. 

  2837.         SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
    2838. 

  2838.         return 1;
    2839. 

  2839.     }
    2840. 

  2840.     ctx->ext.alpn_len = protos_len;
    2841. 

  2841. 

  2842.     return 0;
    2843. 

  2843. }
    2844. 

  2844. 

  2845. /*
    2846. 

  2846.  * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
    2847. 

  2847.  * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
    2848. 

  2848.  * length-prefixed strings). Returns 0 on success.
    2849. 

  2849.  */
    2850. 

  2850. int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
    2851. 

  2851.                         unsigned int protos_len)
    2852. 

  2852. {
    2853. 

  2853.     OPENSSL_free(ssl->ext.alpn);
    2854. 

  2854.     ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
    2855. 

  2855.     if (ssl->ext.alpn == NULL) {
    2856. 

  2856.         SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
    2857. 

  2857.         return 1;
    2858. 

  2858.     }
    2859. 

  2859.     ssl->ext.alpn_len = protos_len;
    2860. 

  2860. 

  2861.     return 0;
    2862. 

  2862. }
    2863. 

  2863. 

  2864. /*
    2865. 

  2865.  * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
    2866. 

  2866.  * called during ClientHello processing in order to select an ALPN protocol
    2867. 

  2867.  * from the client's list of offered protocols.
    2868. 

  2868.  */
    2869. 

  2869. void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
    2870. 

  2870.                                 SSL_CTX_alpn_select_cb_func cb,
    2871. 

  2871.                                 void *arg)
    2872. 

  2872. {
    2873. 

  2873.     ctx->ext.alpn_select_cb = cb;
    2874. 

  2874.     ctx->ext.alpn_select_cb_arg = arg;
    2875. 

  2875. }
    2876. 

  2876. 

  2877. /*
    2878. 

  2878.  * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
    2879. 

  2879.  * On return it sets |*data| to point to |*len| bytes of protocol name
    2880. 

  2880.  * (not including the leading length-prefix byte). If the server didn't
    2881. 

  2881.  * respond with a negotiated protocol then |*len| will be zero.
    2882. 

  2882.  */
    2883. 

  2883. void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
    2884. 

  2884.                             unsigned int *len)
    2885. 

  2885. {
    2886. 

  2886.     *data = NULL;
    2887. 

  2887.     if (ssl->s3)
    2888. 

  2888.         *data = ssl->s3->alpn_selected;
    2889. 

  2889.     if (*data == NULL)
    2890. 

  2890.         *len = 0;
    2891. 

  2891.     else
    2892. 

  2892.         *len = (unsigned int)ssl->s3->alpn_selected_len;
    2893. 

  2893. }
    2894. 

  2894. 

  2895. int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
    2896. 

  2896.                                const char *label, size_t llen,
    2897. 

  2897.                                const unsigned char *context, size_t contextlen,
    2898. 

  2898.                                int use_context)
    2899. 

  2899. {
    2900. 

  2900.     if (s->session == NULL
    2901. 

  2901.         || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER))
    2902. 

  2902.         return -1;
    2903. 

  2903. 

  2904.     return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
    2905. 

  2905.                                                        llen, context,
    2906. 

  2906.                                                        contextlen, use_context);
    2907. 

  2907. }
    2908. 

  2908. 

  2909. int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
    2910. 

  2910.                                      const char *label, size_t llen,
    2911. 

  2911.                                      const unsigned char *context,
    2912. 

  2912.                                      size_t contextlen)
    2913. 

  2913. {
    2914. 

  2914.     if (s->version != TLS1_3_VERSION)
    2915. 

  2915.         return 0;
    2916. 

  2916. 

  2917.     return tls13_export_keying_material_early(s, out, olen, label, llen,
    2918. 

  2918.                                               context, contextlen);
    2919. 

  2919. }
    2920. 

  2920. 

  2921. static unsigned long ssl_session_hash(const SSL_SESSION *a)
    2922. 

  2922. {
    2923. 

  2923.     const unsigned char *session_id = a->session_id;
    2924. 

  2924.     unsigned long l;
    2925. 

  2925.     unsigned char tmp_storage[4];
    2926. 

  2926. 

  2927.     if (a->session_id_length < sizeof(tmp_storage)) {
    2928. 

  2928.         memset(tmp_storage, 0, sizeof(tmp_storage));
    2929. 

  2929.         memcpy(tmp_storage, a->session_id, a->session_id_length);
    2930. 

  2930.         session_id = tmp_storage;
    2931. 

  2931.     }
    2932. 

  2932. 

  2933.     l = (unsigned long)
    2934. 

  2934.         ((unsigned long)session_id[0]) |
    2935. 

  2935.         ((unsigned long)session_id[1] << 8L) |
    2936. 

  2936.         ((unsigned long)session_id[2] << 16L) |
    2937. 

  2937.         ((unsigned long)session_id[3] << 24L);
    2938. 

  2938.     return l;
    2939. 

  2939. }
    2940. 

  2940. 

  2941. /*
    2942. 

  2942.  * NB: If this function (or indeed the hash function which uses a sort of
    2943. 

  2943.  * coarser function than this one) is changed, ensure
    2944. 

  2944.  * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
    2945. 

  2945.  * being able to construct an SSL_SESSION that will collide with any existing
    2946. 

  2946.  * session with a matching session ID.
    2947. 

  2947.  */
    2948. 

  2948. static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
    2949. 

  2949. {
    2950. 

  2950.     if (a->ssl_version != b->ssl_version)
    2951. 

  2951.         return 1;
    2952. 

  2952.     if (a->session_id_length != b->session_id_length)
    2953. 

  2953.         return 1;
    2954. 

  2954.     return memcmp(a->session_id, b->session_id, a->session_id_length);
    2955. 

  2955. }
    2956. 

  2956. 

  2957. /*
    2958. 

  2958.  * These wrapper functions should remain rather than redeclaring
    2959. 

  2959.  * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
    2960. 

  2960.  * variable. The reason is that the functions aren't static, they're exposed
    2961. 

  2961.  * via ssl.h.
    2962. 

  2962.  */
    2963. 

  2963. 

  2964. SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
    2965. 

  2965. {
    2966. 

  2966.     SSL_CTX *ret = NULL;
    2967. 

  2967. 

  2968.     if (meth == NULL) {
    2969. 

  2969.         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
    2970. 

  2970.         return NULL;
    2971. 

  2971.     }
    2972. 

  2972. 

  2973.     if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
    2974. 

  2974.         return NULL;
    2975. 

  2975. 

  2976.     if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
    2977. 

  2977.         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
    2978. 

  2978.         goto err;
    2979. 

  2979.     }
    2980. 

  2980.     ret = OPENSSL_zalloc(sizeof(*ret));
    2981. 

  2981.     if (ret == NULL)
    2982. 

  2982.         goto err;
    2983. 

  2983. 

  2984.     ret->method = meth;
    2985. 

  2985.     ret->min_proto_version = 0;
    2986. 

  2986.     ret->max_proto_version = 0;
    2987. 

  2987.     ret->mode = SSL_MODE_AUTO_RETRY;
    2988. 

  2988.     ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
    2989. 

  2989.     ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
    2990. 

  2990.     /* We take the system default. */
    2991. 

  2991.     ret->session_timeout = meth->get_timeout();
    2992. 

  2992.     ret->references = 1;
    2993. 

  2993.     ret->lock = CRYPTO_THREAD_lock_new();
    2994. 

  2994.     if (ret->lock == NULL) {
    2995. 

  2995.         SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
    2996. 

  2996.         OPENSSL_free(ret);
    2997. 

  2997.         return NULL;
    2998. 

  2998.     }
    2999. 

  2999.     ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
    3000. 

  3000.     ret->verify_mode = SSL_VERIFY_NONE;
    3001. 

  3001.     if ((ret->cert = ssl_cert_new()) == NULL)
    3002. 

  3002.         goto err;
    3003. 

  3003. 

  3004.     ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
    3005. 

  3005.     if (ret->sessions == NULL)
    3006. 

  3006.         goto err;
    3007. 

  3007.     ret->cert_store = X509_STORE_new();
    3008. 

  3008.     if (ret->cert_store == NULL)
    3009. 

  3009.         goto err;
    3010. 

  3010. #ifndef OPENSSL_NO_CT
    3011. 

  3011.     ret->ctlog_store = CTLOG_STORE_new();
    3012. 

  3012.     if (ret->ctlog_store == NULL)
    3013. 

  3013.         goto err;
    3014. 

  3014. #endif
    3015. 

  3015. 

  3016.     if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES))
    3017. 

  3017.         goto err;
    3018. 

  3018. 

  3019.     if (!ssl_create_cipher_list(ret->method,
    3020. 

  3020.                                 ret->tls13_ciphersuites,
    3021. 

  3021.                                 &ret->cipher_list, &ret->cipher_list_by_id,
    3022. 

  3022.                                 SSL_DEFAULT_CIPHER_LIST, ret->cert)
    3023. 

  3023.         || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
    3024. 

  3024.         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
    3025. 

  3025.         goto err2;
    3026. 

  3026.     }
    3027. 

  3027. 

  3028.     ret->param = X509_VERIFY_PARAM_new();
    3029. 

  3029.     if (ret->param == NULL)
    3030. 

  3030.         goto err;
    3031. 

  3031. 

  3032.     if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
    3033. 

  3033.         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
    3034. 

  3034.         goto err2;
    3035. 

  3035.     }
    3036. 

  3036.     if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
    3037. 

  3037.         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
    3038. 

  3038.         goto err2;
    3039. 

  3039.     }
    3040. 

  3040. 

  3041.     if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
    3042. 

  3042.         goto err;
    3043. 

  3043. 

  3044.     if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL)
    3045. 

  3045.         goto err;
    3046. 

  3046. 

  3047.     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
    3048. 

  3048.         goto err;
    3049. 

  3049. 

  3050.     if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
    3051. 

  3051.         goto err;
    3052. 

  3052. 

  3053.     /* No compression for DTLS */
    3054. 

  3054.     if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
    3055. 

  3055.         ret->comp_methods = SSL_COMP_get_compression_methods();
    3056. 

  3056. 

  3057.     ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
    3058. 

  3058.     ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
    3059. 

  3059. 

  3060.     /* Setup RFC5077 ticket keys */
    3061. 

  3061.     if ((RAND_bytes(ret->ext.tick_key_name,
    3062. 

  3062.                     sizeof(ret->ext.tick_key_name)) <= 0)
    3063. 

  3063.         || (RAND_priv_bytes(ret->ext.secure->tick_hmac_key,
    3064. 

  3064.                        sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
    3065. 

  3065.         || (RAND_priv_bytes(ret->ext.secure->tick_aes_key,
    3066. 

  3066.                        sizeof(ret->ext.secure->tick_aes_key)) <= 0))
    3067. 

  3067.         ret->options |= SSL_OP_NO_TICKET;
    3068. 

  3068. 

  3069.     if (RAND_priv_bytes(ret->ext.cookie_hmac_key,
    3070. 

  3070.                    sizeof(ret->ext.cookie_hmac_key)) <= 0)
    3071. 

  3071.         goto err;
    3072. 

  3072. 

  3073. #ifndef OPENSSL_NO_SRP
    3074. 

  3074.     if (!SSL_CTX_SRP_CTX_init(ret))
    3075. 

  3075.         goto err;
    3076. 

  3076. #endif
    3077. 

  3077. #ifndef OPENSSL_NO_ENGINE
    3078. 

  3078. # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
    3079. 

  3079. #  define eng_strx(x)     #x
    3080. 

  3080. #  define eng_str(x)      eng_strx(x)
    3081. 

  3081.     /* Use specific client engine automatically... ignore errors */
    3082. 

  3082.     {
    3083. 

  3083.         ENGINE *eng;
    3084. 

  3084.         eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
    3085. 

  3085.         if (!eng) {
    3086. 

  3086.             ERR_clear_error();
    3087. 

  3087.             ENGINE_load_builtin_engines();
    3088. 

  3088.             eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
    3089. 

  3089.         }
    3090. 

  3090.         if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
    3091. 

  3091.             ERR_clear_error();
    3092. 

  3092.     }
    3093. 

  3093. # endif
    3094. 

  3094. #endif
    3095. 

  3095.     /*
    3096. 

  3096.      * Default is to connect to non-RI servers. When RI is more widely
    3097. 

  3097.      * deployed might change this.
    3098. 

  3098.      */
    3099. 

  3099.     ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
    3100. 

  3100.     /*
    3101. 

  3101.      * Disable compression by default to prevent CRIME. Applications can
    3102. 

  3102.      * re-enable compression by configuring
    3103. 

  3103.      * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
    3104. 

  3104.      * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
    3105. 

  3105.      * middlebox compatibility by default. This may be disabled by default in
    3106. 

  3106.      * a later OpenSSL version.
    3107. 

  3107.      */
    3108. 

  3108.     ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
    3109. 

  3109. 

  3110.     ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
    3111. 

  3111. 

  3112.     /*
    3113. 

  3113.      * We cannot usefully set a default max_early_data here (which gets
    3114. 

  3114.      * propagated in SSL_new(), for the following reason: setting the
    3115. 

  3115.      * SSL field causes tls_construct_stoc_early_data() to tell the
    3116. 

  3116.      * client that early data will be accepted when constructing a TLS 1.3
    3117. 

  3117.      * session ticket, and the client will accordingly send us early data
    3118. 

  3118.      * when using that ticket (if the client has early data to send).
    3119. 

  3119.      * However, in order for the early data to actually be consumed by
    3120. 

  3120.      * the application, the application must also have calls to
    3121. 

  3121.      * SSL_read_early_data(); otherwise we'll just skip past the early data
    3122. 

  3122.      * and ignore it.  So, since the application must add calls to
    3123. 

  3123.      * SSL_read_early_data(), we also require them to add
    3124. 

  3124.      * calls to SSL_CTX_set_max_early_data() in order to use early data,
    3125. 

  3125.      * eliminating the bandwidth-wasting early data in the case described
    3126. 

  3126.      * above.
    3127. 

  3127.      */
    3128. 

  3128.     ret->max_early_data = 0;
    3129. 

  3129. 

  3130.     /*
    3131. 

  3131.      * Default recv_max_early_data is a fully loaded single record. Could be
    3132. 

  3132.      * split across multiple records in practice. We set this differently to
    3133. 

  3133.      * max_early_data so that, in the default case, we do not advertise any
    3134. 

  3134.      * support for early_data, but if a client were to send us some (e.g.
    3135. 

  3135.      * because of an old, stale ticket) then we will tolerate it and skip over
    3136. 

  3136.      * it.
    3137. 

  3137.      */
    3138. 

  3138.     ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
    3139. 

  3139. 

  3140.     /* By default we send two session tickets automatically in TLSv1.3 */
    3141. 

  3141.     ret->num_tickets = 2;
    3142. 

  3142. 

  3143.     ssl_ctx_system_config(ret);
    3144. 

  3144. 

  3145.     return ret;
    3146. 

  3146.  err:
    3147. 

  3147.     SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
    3148. 

  3148.  err2:
    3149. 

  3149.     SSL_CTX_free(ret);
    3150. 

  3150.     return NULL;
    3151. 

  3151. }
    3152. 

  3152. 

  3153. int SSL_CTX_up_ref(SSL_CTX *ctx)
    3154. 

  3154. {
    3155. 

  3155.     int i;
    3156. 

  3156. 

  3157.     if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
    3158. 

  3158.         return 0;
    3159. 

  3159. 

  3160.     REF_PRINT_COUNT("SSL_CTX", ctx);
    3161. 

  3161.     REF_ASSERT_ISNT(i < 2);
    3162. 

  3162.     return ((i > 1) ? 1 : 0);
    3163. 

  3163. }
    3164. 

  3164. 

  3165. void SSL_CTX_free(SSL_CTX *a)
    3166. 

  3166. {
    3167. 

  3167.     int i;
    3168. 

  3168. 

  3169.     if (a == NULL)
    3170. 

  3170.         return;
    3171. 

  3171. 

  3172.     CRYPTO_DOWN_REF(&a->references, &i, a->lock);
    3173. 

  3173.     REF_PRINT_COUNT("SSL_CTX", a);
    3174. 

  3174.     if (i > 0)
    3175. 

  3175.         return;
    3176. 

  3176.     REF_ASSERT_ISNT(i < 0);
    3177. 

  3177. 

  3178.     X509_VERIFY_PARAM_free(a->param);
    3179. 

  3179.     dane_ctx_final(&a->dane);
    3180. 

  3180. 

  3181.     /*
    3182. 

  3182.      * Free internal session cache. However: the remove_cb() may reference
    3183. 

  3183.      * the ex_data of SSL_CTX, thus the ex_data store can only be removed
    3184. 

  3184.      * after the sessions were flushed.
    3185. 

  3185.      * As the ex_data handling routines might also touch the session cache,
    3186. 

  3186.      * the most secure solution seems to be: empty (flush) the cache, then
    3187. 

  3187.      * free ex_data, then finally free the cache.
    3188. 

  3188.      * (See ticket [openssl.org #212].)
    3189. 

  3189.      */
    3190. 

  3190.     if (a->sessions != NULL)
    3191. 

  3191.         SSL_CTX_flush_sessions(a, 0);
    3192. 

  3192. 

  3193.     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
    3194. 

  3194.     lh_SSL_SESSION_free(a->sessions);
    3195. 

  3195.     X509_STORE_free(a->cert_store);
    3196. 

  3196. #ifndef OPENSSL_NO_CT
    3197. 

  3197.     CTLOG_STORE_free(a->ctlog_store);
    3198. 

  3198. #endif
    3199. 

  3199.     sk_SSL_CIPHER_free(a->cipher_list);
    3200. 

  3200.     sk_SSL_CIPHER_free(a->cipher_list_by_id);
    3201. 

  3201.     sk_SSL_CIPHER_free(a->tls13_ciphersuites);
    3202. 

  3202.     ssl_cert_free(a->cert);
    3203. 

  3203.     sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
    3204. 

  3204.     sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
    3205. 

  3205.     sk_X509_pop_free(a->extra_certs, X509_free);
    3206. 

  3206.     a->comp_methods = NULL;
    3207. 

  3207. #ifndef OPENSSL_NO_SRTP
    3208. 

  3208.     sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
    3209. 

  3209. #endif
    3210. 

  3210. #ifndef OPENSSL_NO_SRP
    3211. 

  3211.     SSL_CTX_SRP_CTX_free(a);
    3212. 

  3212. #endif
    3213. 

  3213. #ifndef OPENSSL_NO_ENGINE
    3214. 

  3214.     ENGINE_finish(a->client_cert_engine);
    3215. 

  3215. #endif
    3216. 

  3216. 

  3217. #ifndef OPENSSL_NO_EC
    3218. 

  3218.     OPENSSL_free(a->ext.ecpointformats);
    3219. 

  3219.     OPENSSL_free(a->ext.supportedgroups);
    3220. 

  3220. #endif
    3221. 

  3221.     OPENSSL_free(a->ext.alpn);
    3222. 

  3222.     OPENSSL_secure_free(a->ext.secure);
    3223. 

  3223. 

  3224.     CRYPTO_THREAD_lock_free(a->lock);
    3225. 

  3225. 

  3226.     OPENSSL_free(a);
    3227. 

  3227. }
    3228. 

  3228. 

  3229. void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
    3230. 

  3230. {
    3231. 

  3231.     ctx->default_passwd_callback = cb;
    3232. 

  3232. }
    3233. 

  3233. 

  3234. void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
    3235. 

  3235. {
    3236. 

  3236.     ctx->default_passwd_callback_userdata = u;
    3237. 

  3237. }
    3238. 

  3238. 

  3239. pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
    3240. 

  3240. {
    3241. 

  3241.     return ctx->default_passwd_callback;
    3242. 

  3242. }
    3243. 

  3243. 

  3244. void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
    3245. 

  3245. {
    3246. 

  3246.     return ctx->default_passwd_callback_userdata;
    3247. 

  3247. }
    3248. 

  3248. 

  3249. void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
    3250. 

  3250. {
    3251. 

  3251.     s->default_passwd_callback = cb;
    3252. 

  3252. }
    3253. 

  3253. 

  3254. void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
    3255. 

  3255. {
    3256. 

  3256.     s->default_passwd_callback_userdata = u;
    3257. 

  3257. }
    3258. 

  3258. 

  3259. pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
    3260. 

  3260. {
    3261. 

  3261.     return s->default_passwd_callback;
    3262. 

  3262. }
    3263. 

  3263. 

  3264. void *SSL_get_default_passwd_cb_userdata(SSL *s)
    3265. 

  3265. {
    3266. 

  3266.     return s->default_passwd_callback_userdata;
    3267. 

  3267. }
    3268. 

  3268. 

  3269. void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
    3270. 

  3270.                                       int (*cb) (X509_STORE_CTX *, void *),
    3271. 

  3271.                                       void *arg)
    3272. 

  3272. {
    3273. 

  3273.     ctx->app_verify_callback = cb;
    3274. 

  3274.     ctx->app_verify_arg = arg;
    3275. 

  3275. }
    3276. 

  3276. 

  3277. void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
    3278. 

  3278.                         int (*cb) (int, X509_STORE_CTX *))
    3279. 

  3279. {
    3280. 

  3280.     ctx->verify_mode = mode;
    3281. 

  3281.     ctx->default_verify_callback = cb;
    3282. 

  3282. }
    3283. 

  3283. 

  3284. void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
    3285. 

  3285. {
    3286. 

  3286.     X509_VERIFY_PARAM_set_depth(ctx->param, depth);
    3287. 

  3287. }
    3288. 

  3288. 

  3289. void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
    3290. 

  3290. {
    3291. 

  3291.     ssl_cert_set_cert_cb(c->cert, cb, arg);
    3292. 

  3292. }
    3293. 

  3293. 

  3294. void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
    3295. 

  3295. {
    3296. 

  3296.     ssl_cert_set_cert_cb(s->cert, cb, arg);
    3297. 

  3297. }
    3298. 

  3298. 

  3299. void ssl_set_masks(SSL *s)
    3300. 

  3300. {
    3301. 

  3301.     CERT *c = s->cert;
    3302. 

  3302.     uint32_t *pvalid = s->s3->tmp.valid_flags;
    3303. 

  3303.     int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
    3304. 

  3304.     unsigned long mask_k, mask_a;
    3305. 

  3305. #ifndef OPENSSL_NO_EC
    3306. 

  3306.     int have_ecc_cert, ecdsa_ok;
    3307. 

  3307. #endif
    3308. 

  3308.     if (c == NULL)
    3309. 

  3309.         return;
    3310. 

  3310. 

  3311. #ifndef OPENSSL_NO_DH
    3312. 

  3312.     dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
    3313. 

  3313. #else
    3314. 

  3314.     dh_tmp = 0;
    3315. 

  3315. #endif
    3316. 

  3316. 

  3317.     rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
    3318. 

  3318.     rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
    3319. 

  3319.     dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
    3320. 

  3320. #ifndef OPENSSL_NO_EC
    3321. 

  3321.     have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
    3322. 

  3322. #endif
    3323. 

  3323.     mask_k = 0;
    3324. 

  3324.     mask_a = 0;
    3325. 

  3325. 

  3326. #ifdef CIPHER_DEBUG
    3327. 

  3327.     fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",
    3328. 

  3328.             dh_tmp, rsa_enc, rsa_sign, dsa_sign);
    3329. 

  3329. #endif
    3330. 

  3330. 

  3331. #ifndef OPENSSL_NO_GOST
    3332. 

  3332.     if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
    3333. 

  3333.         mask_k |= SSL_kGOST;
    3334. 

  3334.         mask_a |= SSL_aGOST12;
    3335. 

  3335.     }
    3336. 

  3336.     if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
    3337. 

  3337.         mask_k |= SSL_kGOST;
    3338. 

  3338.         mask_a |= SSL_aGOST12;
    3339. 

  3339.     }
    3340. 

  3340.     if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
    3341. 

  3341.         mask_k |= SSL_kGOST;
    3342. 

  3342.         mask_a |= SSL_aGOST01;
    3343. 

  3343.     }
    3344. 

  3344. #endif
    3345. 

  3345. 

  3346.     if (rsa_enc)
    3347. 

  3347.         mask_k |= SSL_kRSA;
    3348. 

  3348. 

  3349.     if (dh_tmp)
    3350. 

  3350.         mask_k |= SSL_kDHE;
    3351. 

  3351. 

  3352.     /*
    3353. 

  3353.      * If we only have an RSA-PSS certificate allow RSA authentication
    3354. 

  3354.      * if TLS 1.2 and peer supports it.
    3355. 

  3355.      */
    3356. 

  3356. 

  3357.     if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
    3358. 

  3358.                 && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
    3359. 

  3359.                 && TLS1_get_version(s) == TLS1_2_VERSION))
    3360. 

  3360.         mask_a |= SSL_aRSA;
    3361. 

  3361. 

  3362.     if (dsa_sign) {
    3363. 

  3363.         mask_a |= SSL_aDSS;
    3364. 

  3364.     }
    3365. 

  3365. 

  3366.     mask_a |= SSL_aNULL;
    3367. 

  3367. 

  3368.     /*
    3369. 

  3369.      * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
    3370. 

  3370.      * depending on the key usage extension.
    3371. 

  3371.      */
    3372. 

  3372. #ifndef OPENSSL_NO_EC
    3373. 

  3373.     if (have_ecc_cert) {
    3374. 

  3374.         uint32_t ex_kusage;
    3375. 

  3375.         ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
    3376. 

  3376.         ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
    3377. 

  3377.         if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
    3378. 

  3378.             ecdsa_ok = 0;
    3379. 

  3379.         if (ecdsa_ok)
    3380. 

  3380.             mask_a |= SSL_aECDSA;
    3381. 

  3381.     }
    3382. 

  3382.     /* Allow Ed25519 for TLS 1.2 if peer supports it */
    3383. 

  3383.     if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
    3384. 

  3384.             && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
    3385. 

  3385.             && TLS1_get_version(s) == TLS1_2_VERSION)
    3386. 

  3386.             mask_a |= SSL_aECDSA;
    3387. 

  3387. 

  3388.     /* Allow Ed448 for TLS 1.2 if peer supports it */
    3389. 

  3389.     if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
    3390. 

  3390.             && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
    3391. 

  3391.             && TLS1_get_version(s) == TLS1_2_VERSION)
    3392. 

  3392.             mask_a |= SSL_aECDSA;
    3393. 

  3393. #endif
    3394. 

  3394. 

  3395. #ifndef OPENSSL_NO_EC
    3396. 

  3396.     mask_k |= SSL_kECDHE;
    3397. 

  3397. #endif
    3398. 

  3398. 

  3399. #ifndef OPENSSL_NO_PSK
    3400. 

  3400.     mask_k |= SSL_kPSK;
    3401. 

  3401.     mask_a |= SSL_aPSK;
    3402. 

  3402.     if (mask_k & SSL_kRSA)
    3403. 

  3403.         mask_k |= SSL_kRSAPSK;
    3404. 

  3404.     if (mask_k & SSL_kDHE)
    3405. 

  3405.         mask_k |= SSL_kDHEPSK;
    3406. 

  3406.     if (mask_k & SSL_kECDHE)
    3407. 

  3407.         mask_k |= SSL_kECDHEPSK;
    3408. 

  3408. #endif
    3409. 

  3409. 

  3410.     s->s3->tmp.mask_k = mask_k;
    3411. 

  3411.     s->s3->tmp.mask_a = mask_a;
    3412. 

  3412. }
    3413. 

  3413. 

  3414. #ifndef OPENSSL_NO_EC
    3415. 

  3415. 

  3416. int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
    3417. 

  3417. {
    3418. 

  3418.     if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
    3419. 

  3419.         /* key usage, if present, must allow signing */
    3420. 

  3420.         if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
    3421. 

  3421.             SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
    3422. 

  3422.                    SSL_R_ECC_CERT_NOT_FOR_SIGNING);
    3423. 

  3423.             return 0;
    3424. 

  3424.         }
    3425. 

  3425.     }
    3426. 

  3426.     return 1;                   /* all checks are ok */
    3427. 

  3427. }
    3428. 

  3428. 

  3429. #endif
    3430. 

  3430. 

  3431. int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
    3432. 

  3432.                                    size_t *serverinfo_length)
    3433. 

  3433. {
    3434. 

  3434.     CERT_PKEY *cpk = s->s3->tmp.cert;
    3435. 

  3435.     *serverinfo_length = 0;
    3436. 

  3436. 

  3437.     if (cpk == NULL || cpk->serverinfo == NULL)
    3438. 

  3438.         return 0;
    3439. 

  3439. 

  3440.     *serverinfo = cpk->serverinfo;
    3441. 

  3441.     *serverinfo_length = cpk->serverinfo_length;
    3442. 

  3442.     return 1;
    3443. 

  3443. }
    3444. 

  3444. 

  3445. void ssl_update_cache(SSL *s, int mode)
    3446. 

  3446. {
    3447. 

  3447.     int i;
    3448. 

  3448. 

  3449.     /*
    3450. 

  3450.      * If the session_id_length is 0, we are not supposed to cache it, and it
    3451. 

  3451.      * would be rather hard to do anyway :-)
    3452. 

  3452.      */
    3453. 

  3453.     if (s->session->session_id_length == 0)
    3454. 

  3454.         return;
    3455. 

  3455. 

  3456.     /*
    3457. 

  3457.      * If sid_ctx_length is 0 there is no specific application context
    3458. 

  3458.      * associated with this session, so when we try to resume it and
    3459. 

  3459.      * SSL_VERIFY_PEER is requested to verify the client identity, we have no
    3460. 

  3460.      * indication that this is actually a session for the proper application
    3461. 

  3461.      * context, and the *handshake* will fail, not just the resumption attempt.
    3462. 

  3462.      * Do not cache (on the server) these sessions that are not resumable
    3463. 

  3463.      * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
    3464. 

  3464.      */
    3465. 

  3465.     if (s->server && s->session->sid_ctx_length == 0
    3466. 

  3466.             && (s->verify_mode & SSL_VERIFY_PEER) != 0)
    3467. 

  3467.         return;
    3468. 

  3468. 

  3469.     i = s->session_ctx->session_cache_mode;
    3470. 

  3470.     if ((i & mode) != 0
    3471. 

  3471.         && (!s->hit || SSL_IS_TLS13(s))) {
    3472. 

  3472.         /*
    3473. 

  3473.          * Add the session to the internal cache. In server side TLSv1.3 we
    3474. 

  3474.          * normally don't do this because by default it's a full stateless ticket
    3475. 

  3475.          * with only a dummy session id so there is no reason to cache it,
    3476. 

  3476.          * unless:
    3477. 

  3477.          * - we are doing early_data, in which case we cache so that we can
    3478. 

  3478.          *   detect replays
    3479. 

  3479.          * - the application has set a remove_session_cb so needs to know about
    3480. 

  3480.          *   session timeout events
    3481. 

  3481.          * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
    3482. 

  3482.          */
    3483. 

  3483.         if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
    3484. 

  3484.                 && (!SSL_IS_TLS13(s)
    3485. 

  3485.                     || !s->server
    3486. 

  3486.                     || (s->max_early_data > 0
    3487. 

  3487.                         && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
    3488. 

  3488.                     || s->session_ctx->remove_session_cb != NULL
    3489. 

  3489.                     || (s->options & SSL_OP_NO_TICKET) != 0))
    3490. 

  3490.             SSL_CTX_add_session(s->session_ctx, s->session);
    3491. 

  3491. 

  3492.         /*
    3493. 

  3493.          * Add the session to the external cache. We do this even in server side
    3494. 

  3494.          * TLSv1.3 without early data because some applications just want to
    3495. 

  3495.          * know about the creation of a session and aren't doing a full cache.
    3496. 

  3496.          */
    3497. 

  3497.         if (s->session_ctx->new_session_cb != NULL) {
    3498. 

  3498.             SSL_SESSION_up_ref(s->session);
    3499. 

  3499.             if (!s->session_ctx->new_session_cb(s, s->session))
    3500. 

  3500.                 SSL_SESSION_free(s->session);
    3501. 

  3501.         }
    3502. 

  3502.     }
    3503. 

  3503. 

  3504.     /* auto flush every 255 connections */
    3505. 

  3505.     if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
    3506. 

  3506.         TSAN_QUALIFIER int *stat;
    3507. 

  3507.         if (mode & SSL_SESS_CACHE_CLIENT)
    3508. 

  3508.             stat = &s->session_ctx->stats.sess_connect_good;
    3509. 

  3509.         else
    3510. 

  3510.             stat = &s->session_ctx->stats.sess_accept_good;
    3511. 

  3511.         if ((tsan_load(stat) & 0xff) == 0xff)
    3512. 

  3512.             SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
    3513. 

  3513.     }
    3514. 

  3514. }
    3515. 

  3515. 

  3516. const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
    3517. 

  3517. {
    3518. 

  3518.     return ctx->method;
    3519. 

  3519. }
    3520. 

  3520. 

  3521. const SSL_METHOD *SSL_get_ssl_method(const SSL *s)
    3522. 

  3522. {
    3523. 

  3523.     return s->method;
    3524. 

  3524. }
    3525. 

  3525. 

  3526. int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
    3527. 

  3527. {
    3528. 

  3528.     int ret = 1;
    3529. 

  3529. 

  3530.     if (s->method != meth) {
    3531. 

  3531.         const SSL_METHOD *sm = s->method;
    3532. 

  3532.         int (*hf) (SSL *) = s->handshake_func;
    3533. 

  3533. 

  3534.         if (sm->version == meth->version)
    3535. 

  3535.             s->method = meth;
    3536. 

  3536.         else {
    3537. 

  3537.             sm->ssl_free(s);
    3538. 

  3538.             s->method = meth;
    3539. 

  3539.             ret = s->method->ssl_new(s);
    3540. 

  3540.         }
    3541. 

  3541. 

  3542.         if (hf == sm->ssl_connect)
    3543. 

  3543.             s->handshake_func = meth->ssl_connect;
    3544. 

  3544.         else if (hf == sm->ssl_accept)
    3545. 

  3545.             s->handshake_func = meth->ssl_accept;
    3546. 

  3546.     }
    3547. 

  3547.     return ret;
    3548. 

  3548. }
    3549. 

  3549. 

  3550. int SSL_get_error(const SSL *s, int i)
    3551. 

  3551. {
    3552. 

  3552.     int reason;
    3553. 

  3553.     unsigned long l;
    3554. 

  3554.     BIO *bio;
    3555. 

  3555. 

  3556.     if (i > 0)
    3557. 

  3557.         return SSL_ERROR_NONE;
    3558. 

  3558. 

  3559.     /*
    3560. 

  3560.      * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
    3561. 

  3561.      * where we do encode the error
    3562. 

  3562.      */
    3563. 

  3563.     if ((l = ERR_peek_error()) != 0) {
    3564. 

  3564.         if (ERR_GET_LIB(l) == ERR_LIB_SYS)
    3565. 

  3565.             return SSL_ERROR_SYSCALL;
    3566. 

  3566.         else
    3567. 

  3567.             return SSL_ERROR_SSL;
    3568. 

  3568.     }
    3569. 

  3569. 

  3570.     if (SSL_want_read(s)) {
    3571. 

  3571.         bio = SSL_get_rbio(s);
    3572. 

  3572.         if (BIO_should_read(bio))
    3573. 

  3573.             return SSL_ERROR_WANT_READ;
    3574. 

  3574.         else if (BIO_should_write(bio))
    3575. 

  3575.             /*
    3576. 

  3576.              * This one doesn't make too much sense ... We never try to write
    3577. 

  3577.              * to the rbio, and an application program where rbio and wbio
    3578. 

  3578.              * are separate couldn't even know what it should wait for.
    3579. 

  3579.              * However if we ever set s->rwstate incorrectly (so that we have
    3580. 

  3580.              * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
    3581. 

  3581.              * wbio *are* the same, this test works around that bug; so it
    3582. 

  3582.              * might be safer to keep it.
    3583. 

  3583.              */
    3584. 

  3584.             return SSL_ERROR_WANT_WRITE;
    3585. 

  3585.         else if (BIO_should_io_special(bio)) {
    3586. 

  3586.             reason = BIO_get_retry_reason(bio);
    3587. 

  3587.             if (reason == BIO_RR_CONNECT)
    3588. 

  3588.                 return SSL_ERROR_WANT_CONNECT;
    3589. 

  3589.             else if (reason == BIO_RR_ACCEPT)
    3590. 

  3590.                 return SSL_ERROR_WANT_ACCEPT;
    3591. 

  3591.             else
    3592. 

  3592.                 return SSL_ERROR_SYSCALL; /* unknown */
    3593. 

  3593.         }
    3594. 

  3594.     }
    3595. 

  3595. 

  3596.     if (SSL_want_write(s)) {
    3597. 

  3597.         /* Access wbio directly - in order to use the buffered bio if present */
    3598. 

  3598.         bio = s->wbio;
    3599. 

  3599.         if (BIO_should_write(bio))
    3600. 

  3600.             return SSL_ERROR_WANT_WRITE;
    3601. 

  3601.         else if (BIO_should_read(bio))
    3602. 

  3602.             /*
    3603. 

  3603.              * See above (SSL_want_read(s) with BIO_should_write(bio))
    3604. 

  3604.              */
    3605. 

  3605.             return SSL_ERROR_WANT_READ;
    3606. 

  3606.         else if (BIO_should_io_special(bio)) {
    3607. 

  3607.             reason = BIO_get_retry_reason(bio);
    3608. 

  3608.             if (reason == BIO_RR_CONNECT)
    3609. 

  3609.                 return SSL_ERROR_WANT_CONNECT;
    3610. 

  3610.             else if (reason == BIO_RR_ACCEPT)
    3611. 

  3611.                 return SSL_ERROR_WANT_ACCEPT;
    3612. 

  3612.             else
    3613. 

  3613.                 return SSL_ERROR_SYSCALL;
    3614. 

  3614.         }
    3615. 

  3615.     }
    3616. 

  3616.     if (SSL_want_x509_lookup(s))
    3617. 

  3617.         return SSL_ERROR_WANT_X509_LOOKUP;
    3618. 

  3618.     if (SSL_want_async(s))
    3619. 

  3619.         return SSL_ERROR_WANT_ASYNC;
    3620. 

  3620.     if (SSL_want_async_job(s))
    3621. 

  3621.         return SSL_ERROR_WANT_ASYNC_JOB;
    3622. 

  3622.     if (SSL_want_client_hello_cb(s))
    3623. 

  3623.         return SSL_ERROR_WANT_CLIENT_HELLO_CB;
    3624. 

  3624. 

  3625.     if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
    3626. 

  3626.         (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
    3627. 

  3627.         return SSL_ERROR_ZERO_RETURN;
    3628. 

  3628. 

  3629.     return SSL_ERROR_SYSCALL;
    3630. 

  3630. }
    3631. 

  3631. 

  3632. static int ssl_do_handshake_intern(void *vargs)
    3633. 

  3633. {
    3634. 

  3634.     struct ssl_async_args *args;
    3635. 

  3635.     SSL *s;
    3636. 

  3636. 

  3637.     args = (struct ssl_async_args *)vargs;
    3638. 

  3638.     s = args->s;
    3639. 

  3639. 

  3640.     return s->handshake_func(s);
    3641. 

  3641. }
    3642. 

  3642. 

  3643. int SSL_do_handshake(SSL *s)
    3644. 

  3644. {
    3645. 

  3645.     int ret = 1;
    3646. 

  3646. 

  3647.     if (s->handshake_func == NULL) {
    3648. 

  3648.         SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
    3649. 

  3649.         return -1;
    3650. 

  3650.     }
    3651. 

  3651. 

  3652.     ossl_statem_check_finish_init(s, -1);
    3653. 

  3653. 

  3654.     s->method->ssl_renegotiate_check(s, 0);
    3655. 

  3655. 

  3656.     if (SSL_in_init(s) || SSL_in_before(s)) {
    3657. 

  3657.         if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
    3658. 

  3658.             struct ssl_async_args args;
    3659. 

  3659. 

  3660.             args.s = s;
    3661. 

  3661. 

  3662.             ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
    3663. 

  3663.         } else {
    3664. 

  3664.             ret = s->handshake_func(s);
    3665. 

  3665.         }
    3666. 

  3666.     }
    3667. 

  3667.     return ret;
    3668. 

  3668. }
    3669. 

  3669. 

  3670. void SSL_set_accept_state(SSL *s)
    3671. 

  3671. {
    3672. 

  3672.     s->server = 1;
    3673. 

  3673.     s->shutdown = 0;
    3674. 

  3674.     ossl_statem_clear(s);
    3675. 

  3675.     s->handshake_func = s->method->ssl_accept;
    3676. 

  3676.     clear_ciphers(s);
    3677. 

  3677. }
    3678. 

  3678. 

  3679. void SSL_set_connect_state(SSL *s)
    3680. 

  3680. {
    3681. 

  3681.     s->server = 0;
    3682. 

  3682.     s->shutdown = 0;
    3683. 

  3683.     ossl_statem_clear(s);
    3684. 

  3684.     s->handshake_func = s->method->ssl_connect;
    3685. 

  3685.     clear_ciphers(s);
    3686. 

  3686. }
    3687. 

  3687. 

  3688. int ssl_undefined_function(SSL *s)
    3689. 

  3689. {
    3690. 

  3690.     SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    3691. 

  3691.     return 0;
    3692. 

  3692. }
    3693. 

  3693. 

  3694. int ssl_undefined_void_function(void)
    3695. 

  3695. {
    3696. 

  3696.     SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
    3697. 

  3697.            ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    3698. 

  3698.     return 0;
    3699. 

  3699. }
    3700. 

  3700. 

  3701. int ssl_undefined_const_function(const SSL *s)
    3702. 

  3702. {
    3703. 

  3703.     return 0;
    3704. 

  3704. }
    3705. 

  3705. 

  3706. const SSL_METHOD *ssl_bad_method(int ver)
    3707. 

  3707. {
    3708. 

  3708.     SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    3709. 

  3709.     return NULL;
    3710. 

  3710. }
    3711. 

  3711. 

  3712. const char *ssl_protocol_to_string(int version)
    3713. 

  3713. {
    3714. 

  3714.     switch(version)
    3715. 

  3715.     {
    3716. 

  3716.     case TLS1_3_VERSION:
    3717. 

  3717.         return "TLSv1.3";
    3718. 

  3718. 

  3719.     case TLS1_2_VERSION:
    3720. 

  3720.         return "TLSv1.2";
    3721. 

  3721. 

  3722.     case TLS1_1_VERSION:
    3723. 

  3723.         return "TLSv1.1";
    3724. 

  3724. 

  3725.     case TLS1_VERSION:
    3726. 

  3726.         return "TLSv1";
    3727. 

  3727. 

  3728.     case SSL3_VERSION:
    3729. 

  3729.         return "SSLv3";
    3730. 

  3730. 

  3731.     case DTLS1_BAD_VER:
    3732. 

  3732.         return "DTLSv0.9";
    3733. 

  3733. 

  3734.     case DTLS1_VERSION:
    3735. 

  3735.         return "DTLSv1";
    3736. 

  3736. 

  3737.     case DTLS1_2_VERSION:
    3738. 

  3738.         return "DTLSv1.2";
    3739. 

  3739. 

  3740.     default:
    3741. 

  3741.         return "unknown";
    3742. 

  3742.     }
    3743. 

  3743. }
    3744. 

  3744. 

  3745. const char *SSL_get_version(const SSL *s)
    3746. 

  3746. {
    3747. 

  3747.     return ssl_protocol_to_string(s->version);
    3748. 

  3748. }
    3749. 

  3749. 

  3750. static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
    3751. 

  3751. {
    3752. 

  3752.     STACK_OF(X509_NAME) *sk;
    3753. 

  3753.     X509_NAME *xn;
    3754. 

  3754.     int i;
    3755. 

  3755. 

  3756.     if (src == NULL) {
    3757. 

  3757.         *dst = NULL;
    3758. 

  3758.         return 1;
    3759. 

  3759.     }
    3760. 

  3760. 

  3761.     if ((sk = sk_X509_NAME_new_null()) == NULL)
    3762. 

  3762.         return 0;
    3763. 

  3763.     for (i = 0; i < sk_X509_NAME_num(src); i++) {
    3764. 

  3764.         xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
    3765. 

  3765.         if (xn == NULL) {
    3766. 

  3766.             sk_X509_NAME_pop_free(sk, X509_NAME_free);
    3767. 

  3767.             return 0;
    3768. 

  3768.         }
    3769. 

  3769.         if (sk_X509_NAME_insert(sk, xn, i) == 0) {
    3770. 

  3770.             X509_NAME_free(xn);
    3771. 

  3771.             sk_X509_NAME_pop_free(sk, X509_NAME_free);
    3772. 

  3772.             return 0;
    3773. 

  3773.         }
    3774. 

  3774.     }
    3775. 

  3775.     *dst = sk;
    3776. 

  3776. 

  3777.     return 1;
    3778. 

  3778. }
    3779. 

  3779. 

  3780. SSL *SSL_dup(SSL *s)
    3781. 

  3781. {
    3782. 

  3782.     SSL *ret;
    3783. 

  3783.     int i;
    3784. 

  3784. 

  3785.     /* If we're not quiescent, just up_ref! */
    3786. 

  3786.     if (!SSL_in_init(s) || !SSL_in_before(s)) {
    3787. 

  3787.         CRYPTO_UP_REF(&s->references, &i, s->lock);
    3788. 

  3788.         return s;
    3789. 

  3789.     }
    3790. 

  3790. 

  3791.     /*
    3792. 

  3792.      * Otherwise, copy configuration state, and session if set.
    3793. 

  3793.      */
    3794. 

  3794.     if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
    3795. 

  3795.         return NULL;
    3796. 

  3796. 

  3797.     if (s->session != NULL) {
    3798. 

  3798.         /*
    3799. 

  3799.          * Arranges to share the same session via up_ref.  This "copies"
    3800. 

  3800.          * session-id, SSL_METHOD, sid_ctx, and 'cert'
    3801. 

  3801.          */
    3802. 

  3802.         if (!SSL_copy_session_id(ret, s))
    3803. 

  3803.             goto err;
    3804. 

  3804.     } else {
    3805. 

  3805.         /*
    3806. 

  3806.          * No session has been established yet, so we have to expect that
    3807. 

  3807.          * s->cert or ret->cert will be changed later -- they should not both
    3808. 

  3808.          * point to the same object, and thus we can't use
    3809. 

  3809.          * SSL_copy_session_id.
    3810. 

  3810.          */
    3811. 

  3811.         if (!SSL_set_ssl_method(ret, s->method))
    3812. 

  3812.             goto err;
    3813. 

  3813. 

  3814.         if (s->cert != NULL) {
    3815. 

  3815.             ssl_cert_free(ret->cert);
    3816. 

  3816.             ret->cert = ssl_cert_dup(s->cert);
    3817. 

  3817.             if (ret->cert == NULL)
    3818. 

  3818.                 goto err;
    3819. 

  3819.         }
    3820. 

  3820. 

  3821.         if (!SSL_set_session_id_context(ret, s->sid_ctx,
    3822. 

  3822.                                         (int)s->sid_ctx_length))
    3823. 

  3823.             goto err;
    3824. 

  3824.     }
    3825. 

  3825. 

  3826.     if (!ssl_dane_dup(ret, s))
    3827. 

  3827.         goto err;
    3828. 

  3828.     ret->version = s->version;
    3829. 

  3829.     ret->options = s->options;
    3830. 

  3830.     ret->min_proto_version = s->min_proto_version;
    3831. 

  3831.     ret->max_proto_version = s->max_proto_version;
    3832. 

  3832.     ret->mode = s->mode;
    3833. 

  3833.     SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
    3834. 

  3834.     SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
    3835. 

  3835.     ret->msg_callback = s->msg_callback;
    3836. 

  3836.     ret->msg_callback_arg = s->msg_callback_arg;
    3837. 

  3837.     SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
    3838. 

  3838.     SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
    3839. 

  3839.     ret->generate_session_id = s->generate_session_id;
    3840. 

  3840. 

  3841.     SSL_set_info_callback(ret, SSL_get_info_callback(s));
    3842. 

  3842. 

  3843.     /* copy app data, a little dangerous perhaps */
    3844. 

  3844.     if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
    3845. 

  3845.         goto err;
    3846. 

  3846. 

  3847.     ret->server = s->server;
    3848. 

  3848.     if (s->handshake_func) {
    3849. 

  3849.         if (s->server)
    3850. 

  3850.             SSL_set_accept_state(ret);
    3851. 

  3851.         else
    3852. 

  3852.             SSL_set_connect_state(ret);
    3853. 

  3853.     }
    3854. 

  3854.     ret->shutdown = s->shutdown;
    3855. 

  3855.     ret->hit = s->hit;
    3856. 

  3856. 

  3857.     ret->default_passwd_callback = s->default_passwd_callback;
    3858. 

  3858.     ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata;
    3859. 

  3859. 

  3860.     X509_VERIFY_PARAM_inherit(ret->param, s->param);
    3861. 

  3861. 

  3862.     /* dup the cipher_list and cipher_list_by_id stacks */
    3863. 

  3863.     if (s->cipher_list != NULL) {
    3864. 

  3864.         if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
    3865. 

  3865.             goto err;
    3866. 

  3866.     }
    3867. 

  3867.     if (s->cipher_list_by_id != NULL)
    3868. 

  3868.         if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
    3869. 

  3869.             == NULL)
    3870. 

  3870.             goto err;
    3871. 

  3871. 

  3872.     /* Dup the client_CA list */
    3873. 

  3873.     if (!dup_ca_names(&ret->ca_names, s->ca_names)
    3874. 

  3874.             || !dup_ca_names(&ret->client_ca_names, s->client_ca_names))
    3875. 

  3875.         goto err;
    3876. 

  3876. 

  3877.     return ret;
    3878. 

  3878. 

  3879.  err:
    3880. 

  3880.     SSL_free(ret);
    3881. 

  3881.     return NULL;
    3882. 

  3882. }
    3883. 

  3883. 

  3884. void ssl_clear_cipher_ctx(SSL *s)
    3885. 

  3885. {
    3886. 

  3886.     if (s->enc_read_ctx != NULL) {
    3887. 

  3887.         EVP_CIPHER_CTX_free(s->enc_read_ctx);
    3888. 

  3888.         s->enc_read_ctx = NULL;
    3889. 

  3889.     }
    3890. 

  3890.     if (s->enc_write_ctx != NULL) {
    3891. 

  3891.         EVP_CIPHER_CTX_free(s->enc_write_ctx);
    3892. 

  3892.         s->enc_write_ctx = NULL;
    3893. 

  3893.     }
    3894. 

  3894. #ifndef OPENSSL_NO_COMP
    3895. 

  3895.     COMP_CTX_free(s->expand);
    3896. 

  3896.     s->expand = NULL;
    3897. 

  3897.     COMP_CTX_free(s->compress);
    3898. 

  3898.     s->compress = NULL;
    3899. 

  3899. #endif
    3900. 

  3900. }
    3901. 

  3901. 

  3902. X509 *SSL_get_certificate(const SSL *s)
    3903. 

  3903. {
    3904. 

  3904.     if (s->cert != NULL)
    3905. 

  3905.         return s->cert->key->x509;
    3906. 

  3906.     else
    3907. 

  3907.         return NULL;
    3908. 

  3908. }
    3909. 

  3909. 

  3910. EVP_PKEY *SSL_get_privatekey(const SSL *s)
    3911. 

  3911. {
    3912. 

  3912.     if (s->cert != NULL)
    3913. 

  3913.         return s->cert->key->privatekey;
    3914. 

  3914.     else
    3915. 

  3915.         return NULL;
    3916. 

  3916. }
    3917. 

  3917. 

  3918. X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
    3919. 

  3919. {
    3920. 

  3920.     if (ctx->cert != NULL)
    3921. 

  3921.         return ctx->cert->key->x509;
    3922. 

  3922.     else
    3923. 

  3923.         return NULL;
    3924. 

  3924. }
    3925. 

  3925. 

  3926. EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
    3927. 

  3927. {
    3928. 

  3928.     if (ctx->cert != NULL)
    3929. 

  3929.         return ctx->cert->key->privatekey;
    3930. 

  3930.     else
    3931. 

  3931.         return NULL;
    3932. 

  3932. }
    3933. 

  3933. 

  3934. const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
    3935. 

  3935. {
    3936. 

  3936.     if ((s->session != NULL) && (s->session->cipher != NULL))
    3937. 

  3937.         return s->session->cipher;
    3938. 

  3938.     return NULL;
    3939. 

  3939. }
    3940. 

  3940. 

  3941. const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
    3942. 

  3942. {
    3943. 

  3943.     return s->s3->tmp.new_cipher;
    3944. 

  3944. }
    3945. 

  3945. 

  3946. const COMP_METHOD *SSL_get_current_compression(const SSL *s)
    3947. 

  3947. {
    3948. 

  3948. #ifndef OPENSSL_NO_COMP
    3949. 

  3949.     return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
    3950. 

  3950. #else
    3951. 

  3951.     return NULL;
    3952. 

  3952. #endif
    3953. 

  3953. }
    3954. 

  3954. 

  3955. const COMP_METHOD *SSL_get_current_expansion(const SSL *s)
    3956. 

  3956. {
    3957. 

  3957. #ifndef OPENSSL_NO_COMP
    3958. 

  3958.     return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
    3959. 

  3959. #else
    3960. 

  3960.     return NULL;
    3961. 

  3961. #endif
    3962. 

  3962. }
    3963. 

  3963. 

  3964. int ssl_init_wbio_buffer(SSL *s)
    3965. 

  3965. {
    3966. 

  3966.     BIO *bbio;
    3967. 

  3967. 

  3968.     if (s->bbio != NULL) {
    3969. 

  3969.         /* Already buffered. */
    3970. 

  3970.         return 1;
    3971. 

  3971.     }
    3972. 

  3972. 

  3973.     bbio = BIO_new(BIO_f_buffer());
    3974. 

  3974.     if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
    3975. 

  3975.         BIO_free(bbio);
    3976. 

  3976.         SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
    3977. 

  3977.         return 0;
    3978. 

  3978.     }
    3979. 

  3979.     s->bbio = bbio;
    3980. 

  3980.     s->wbio = BIO_push(bbio, s->wbio);
    3981. 

  3981. 

  3982.     return 1;
    3983. 

  3983. }
    3984. 

  3984. 

  3985. int ssl_free_wbio_buffer(SSL *s)
    3986. 

  3986. {
    3987. 

  3987.     /* callers ensure s is never null */
    3988. 

  3988.     if (s->bbio == NULL)
    3989. 

  3989.         return 1;
    3990. 

  3990. 

  3991.     s->wbio = BIO_pop(s->wbio);
    3992. 

  3992.     BIO_free(s->bbio);
    3993. 

  3993.     s->bbio = NULL;
    3994. 

  3994. 

  3995.     return 1;
    3996. 

  3996. }
    3997. 

  3997. 

  3998. void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
    3999. 

  3999. {
    4000. 

  4000.     ctx->quiet_shutdown = mode;
    4001. 

  4001. }
    4002. 

  4002. 

  4003. int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
    4004. 

  4004. {
    4005. 

  4005.     return ctx->quiet_shutdown;
    4006. 

  4006. }
    4007. 

  4007. 

  4008. void SSL_set_quiet_shutdown(SSL *s, int mode)
    4009. 

  4009. {
    4010. 

  4010.     s->quiet_shutdown = mode;
    4011. 

  4011. }
    4012. 

  4012. 

  4013. int SSL_get_quiet_shutdown(const SSL *s)
    4014. 

  4014. {
    4015. 

  4015.     return s->quiet_shutdown;
    4016. 

  4016. }
    4017. 

  4017. 

  4018. void SSL_set_shutdown(SSL *s, int mode)
    4019. 

  4019. {
    4020. 

  4020.     s->shutdown = mode;
    4021. 

  4021. }
    4022. 

  4022. 

  4023. int SSL_get_shutdown(const SSL *s)
    4024. 

  4024. {
    4025. 

  4025.     return s->shutdown;
    4026. 

  4026. }
    4027. 

  4027. 

  4028. int SSL_version(const SSL *s)
    4029. 

  4029. {
    4030. 

  4030.     return s->version;
    4031. 

  4031. }
    4032. 

  4032. 

  4033. int SSL_client_version(const SSL *s)
    4034. 

  4034. {
    4035. 

  4035.     return s->client_version;
    4036. 

  4036. }
    4037. 

  4037. 

  4038. SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
    4039. 

  4039. {
    4040. 

  4040.     return ssl->ctx;
    4041. 

  4041. }
    4042. 

  4042. 

  4043. SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
    4044. 

  4044. {
    4045. 

  4045.     CERT *new_cert;
    4046. 

  4046.     if (ssl->ctx == ctx)
    4047. 

  4047.         return ssl->ctx;
    4048. 

  4048.     if (ctx == NULL)
    4049. 

  4049.         ctx = ssl->session_ctx;
    4050. 

  4050.     new_cert = ssl_cert_dup(ctx->cert);
    4051. 

  4051.     if (new_cert == NULL) {
    4052. 

  4052.         return NULL;
    4053. 

  4053.     }
    4054. 

  4054. 

  4055.     if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) {
    4056. 

  4056.         ssl_cert_free(new_cert);
    4057. 

  4057.         return NULL;
    4058. 

  4058.     }
    4059. 

  4059. 

  4060.     ssl_cert_free(ssl->cert);
    4061. 

  4061.     ssl->cert = new_cert;
    4062. 

  4062. 

  4063.     /*
    4064. 

  4064.      * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
    4065. 

  4065.      * so setter APIs must prevent invalid lengths from entering the system.
    4066. 

  4066.      */
    4067. 

  4067.     if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)))
    4068. 

  4068.         return NULL;
    4069. 

  4069. 

  4070.     /*
    4071. 

  4071.      * If the session ID context matches that of the parent SSL_CTX,
    4072. 

  4072.      * inherit it from the new SSL_CTX as well. If however the context does
    4073. 

  4073.      * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
    4074. 

  4074.      * leave it unchanged.
    4075. 

  4075.      */
    4076. 

  4076.     if ((ssl->ctx != NULL) &&
    4077. 

  4077.         (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
    4078. 

  4078.         (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
    4079. 

  4079.         ssl->sid_ctx_length = ctx->sid_ctx_length;
    4080. 

  4080.         memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
    4081. 

  4081.     }
    4082. 

  4082. 

  4083.     SSL_CTX_up_ref(ctx);
    4084. 

  4084.     SSL_CTX_free(ssl->ctx);     /* decrement reference count */
    4085. 

  4085.     ssl->ctx = ctx;
    4086. 

  4086. 

  4087.     return ssl->ctx;
    4088. 

  4088. }
    4089. 

  4089. 

  4090. int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
    4091. 

  4091. {
    4092. 

  4092.     return X509_STORE_set_default_paths(ctx->cert_store);
    4093. 

  4093. }
    4094. 

  4094. 

  4095. int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
    4096. 

  4096. {
    4097. 

  4097.     X509_LOOKUP *lookup;
    4098. 

  4098. 

  4099.     lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
    4100. 

  4100.     if (lookup == NULL)
    4101. 

  4101.         return 0;
    4102. 

  4102.     X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
    4103. 

  4103. 

  4104.     /* Clear any errors if the default directory does not exist */
    4105. 

  4105.     ERR_clear_error();
    4106. 

  4106. 

  4107.     return 1;
    4108. 

  4108. }
    4109. 

  4109. 

  4110. int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
    4111. 

  4111. {
    4112. 

  4112.     X509_LOOKUP *lookup;
    4113. 

  4113. 

  4114.     lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
    4115. 

  4115.     if (lookup == NULL)
    4116. 

  4116.         return 0;
    4117. 

  4117. 

  4118.     X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
    4119. 

  4119. 

  4120.     /* Clear any errors if the default file does not exist */
    4121. 

  4121.     ERR_clear_error();
    4122. 

  4122. 

  4123.     return 1;
    4124. 

  4124. }
    4125. 

  4125. 

  4126. int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
    4127. 

  4127.                                   const char *CApath)
    4128. 

  4128. {
    4129. 

  4129.     return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);
    4130. 

  4130. }
    4131. 

  4131. 

  4132. void SSL_set_info_callback(SSL *ssl,
    4133. 

  4133.                            void (*cb) (const SSL *ssl, int type, int val))
    4134. 

  4134. {
    4135. 

  4135.     ssl->info_callback = cb;
    4136. 

  4136. }
    4137. 

  4137. 

  4138. /*
    4139. 

  4139.  * One compiler (Diab DCC) doesn't like argument names in returned function
    4140. 

  4140.  * pointer.
    4141. 

  4141.  */
    4142. 

  4142. void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
    4143. 

  4143.                                                int /* type */ ,
    4144. 

  4144.                                                int /* val */ ) {
    4145. 

  4145.     return ssl->info_callback;
    4146. 

  4146. }
    4147. 

  4147. 

  4148. void SSL_set_verify_result(SSL *ssl, long arg)
    4149. 

  4149. {
    4150. 

  4150.     ssl->verify_result = arg;
    4151. 

  4151. }
    4152. 

  4152. 

  4153. long SSL_get_verify_result(const SSL *ssl)
    4154. 

  4154. {
    4155. 

  4155.     return ssl->verify_result;
    4156. 

  4156. }
    4157. 

  4157. 

  4158. size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
    4159. 

  4159. {
    4160. 

  4160.     if (outlen == 0)
    4161. 

  4161.         return sizeof(ssl->s3->client_random);
    4162. 

  4162.     if (outlen > sizeof(ssl->s3->client_random))
    4163. 

  4163.         outlen = sizeof(ssl->s3->client_random);
    4164. 

  4164.     memcpy(out, ssl->s3->client_random, outlen);
    4165. 

  4165.     return outlen;
    4166. 

  4166. }
    4167. 

  4167. 

  4168. size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
    4169. 

  4169. {
    4170. 

  4170.     if (outlen == 0)
    4171. 

  4171.         return sizeof(ssl->s3->server_random);
    4172. 

  4172.     if (outlen > sizeof(ssl->s3->server_random))
    4173. 

  4173.         outlen = sizeof(ssl->s3->server_random);
    4174. 

  4174.     memcpy(out, ssl->s3->server_random, outlen);
    4175. 

  4175.     return outlen;
    4176. 

  4176. }
    4177. 

  4177. 

  4178. size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
    4179. 

  4179.                                   unsigned char *out, size_t outlen)
    4180. 

  4180. {
    4181. 

  4181.     if (outlen == 0)
    4182. 

  4182.         return session->master_key_length;
    4183. 

  4183.     if (outlen > session->master_key_length)
    4184. 

  4184.         outlen = session->master_key_length;
    4185. 

  4185.     memcpy(out, session->master_key, outlen);
    4186. 

  4186.     return outlen;
    4187. 

  4187. }
    4188. 

  4188. 

  4189. int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
    4190. 

  4190.                                 size_t len)
    4191. 

  4191. {
    4192. 

  4192.     if (len > sizeof(sess->master_key))
    4193. 

  4193.         return 0;
    4194. 

  4194. 

  4195.     memcpy(sess->master_key, in, len);
    4196. 

  4196.     sess->master_key_length = len;
    4197. 

  4197.     return 1;
    4198. 

  4198. }
    4199. 

  4199. 

  4200. 

  4201. int SSL_set_ex_data(SSL *s, int idx, void *arg)
    4202. 

  4202. {
    4203. 

  4203.     return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
    4204. 

  4204. }
    4205. 

  4205. 

  4206. void *SSL_get_ex_data(const SSL *s, int idx)
    4207. 

  4207. {
    4208. 

  4208.     return CRYPTO_get_ex_data(&s->ex_data, idx);
    4209. 

  4209. }
    4210. 

  4210. 

  4211. int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
    4212. 

  4212. {
    4213. 

  4213.     return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
    4214. 

  4214. }
    4215. 

  4215. 

  4216. void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
    4217. 

  4217. {
    4218. 

  4218.     return CRYPTO_get_ex_data(&s->ex_data, idx);
    4219. 

  4219. }
    4220. 

  4220. 

  4221. X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
    4222. 

  4222. {
    4223. 

  4223.     return ctx->cert_store;
    4224. 

  4224. }
    4225. 

  4225. 

  4226. void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
    4227. 

  4227. {
    4228. 

  4228.     X509_STORE_free(ctx->cert_store);
    4229. 

  4229.     ctx->cert_store = store;
    4230. 

  4230. }
    4231. 

  4231. 

  4232. void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
    4233. 

  4233. {
    4234. 

  4234.     if (store != NULL)
    4235. 

  4235.         X509_STORE_up_ref(store);
    4236. 

  4236.     SSL_CTX_set_cert_store(ctx, store);
    4237. 

  4237. }
    4238. 

  4238. 

  4239. int SSL_want(const SSL *s)
    4240. 

  4240. {
    4241. 

  4241.     return s->rwstate;
    4242. 

  4242. }
    4243. 

  4243. 

  4244. /**
    4245. 

  4245.  * \brief Set the callback for generating temporary DH keys.
    4246. 

  4246.  * \param ctx the SSL context.
    4247. 

  4247.  * \param dh the callback
    4248. 

  4248.  */
    4249. 

  4249. 

  4250. #ifndef OPENSSL_NO_DH
    4251. 

  4251. void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
    4252. 

  4252.                                  DH *(*dh) (SSL *ssl, int is_export,
    4253. 

  4253.                                             int keylength))
    4254. 

  4254. {
    4255. 

  4255.     SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
    4256. 

  4256. }
    4257. 

  4257. 

  4258. void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
    4259. 

  4259.                                                   int keylength))
    4260. 

  4260. {
    4261. 

  4261.     SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
    4262. 

  4262. }
    4263. 

  4263. #endif
    4264. 

  4264. 

  4265. #ifndef OPENSSL_NO_PSK
    4266. 

  4266. int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
    4267. 

  4267. {
    4268. 

  4268.     if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
    4269. 

  4269.         SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
    4270. 

  4270.         return 0;
    4271. 

  4271.     }
    4272. 

  4272.     OPENSSL_free(ctx->cert->psk_identity_hint);
    4273. 

  4273.     if (identity_hint != NULL) {
    4274. 

  4274.         ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
    4275. 

  4275.         if (ctx->cert->psk_identity_hint == NULL)
    4276. 

  4276.             return 0;
    4277. 

  4277.     } else
    4278. 

  4278.         ctx->cert->psk_identity_hint = NULL;
    4279. 

  4279.     return 1;
    4280. 

  4280. }
    4281. 

  4281. 

  4282. int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
    4283. 

  4283. {
    4284. 

  4284.     if (s == NULL)
    4285. 

  4285.         return 0;
    4286. 

  4286. 

  4287.     if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
    4288. 

  4288.         SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
    4289. 

  4289.         return 0;
    4290. 

  4290.     }
    4291. 

  4291.     OPENSSL_free(s->cert->psk_identity_hint);
    4292. 

  4292.     if (identity_hint != NULL) {
    4293. 

  4293.         s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
    4294. 

  4294.         if (s->cert->psk_identity_hint == NULL)
    4295. 

  4295.             return 0;
    4296. 

  4296.     } else
    4297. 

  4297.         s->cert->psk_identity_hint = NULL;
    4298. 

  4298.     return 1;
    4299. 

  4299. }
    4300. 

  4300. 

  4301. const char *SSL_get_psk_identity_hint(const SSL *s)
    4302. 

  4302. {
    4303. 

  4303.     if (s == NULL || s->session == NULL)
    4304. 

  4304.         return NULL;
    4305. 

  4305.     return s->session->psk_identity_hint;
    4306. 

  4306. }
    4307. 

  4307. 

  4308. const char *SSL_get_psk_identity(const SSL *s)
    4309. 

  4309. {
    4310. 

  4310.     if (s == NULL || s->session == NULL)
    4311. 

  4311.         return NULL;
    4312. 

  4312.     return s->session->psk_identity;
    4313. 

  4313. }
    4314. 

  4314. 

  4315. void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
    4316. 

  4316. {
    4317. 

  4317.     s->psk_client_callback = cb;
    4318. 

  4318. }
    4319. 

  4319. 

  4320. void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
    4321. 

  4321. {
    4322. 

  4322.     ctx->psk_client_callback = cb;
    4323. 

  4323. }
    4324. 

  4324. 

  4325. void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
    4326. 

  4326. {
    4327. 

  4327.     s->psk_server_callback = cb;
    4328. 

  4328. }
    4329. 

  4329. 

  4330. void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
    4331. 

  4331. {
    4332. 

  4332.     ctx->psk_server_callback = cb;
    4333. 

  4333. }
    4334. 

  4334. #endif
    4335. 

  4335. 

  4336. void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
    4337. 

  4337. {
    4338. 

  4338.     s->psk_find_session_cb = cb;
    4339. 

  4339. }
    4340. 

  4340. 

  4341. void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
    4342. 

  4342.                                            SSL_psk_find_session_cb_func cb)
    4343. 

  4343. {
    4344. 

  4344.     ctx->psk_find_session_cb = cb;
    4345. 

  4345. }
    4346. 

  4346. 

  4347. void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
    4348. 

  4348. {
    4349. 

  4349.     s->psk_use_session_cb = cb;
    4350. 

  4350. }
    4351. 

  4351. 

  4352. void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
    4353. 

  4353.                                            SSL_psk_use_session_cb_func cb)
    4354. 

  4354. {
    4355. 

  4355.     ctx->psk_use_session_cb = cb;
    4356. 

  4356. }
    4357. 

  4357. 

  4358. void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
    4359. 

  4359.                               void (*cb) (int write_p, int version,
    4360. 

  4360.                                           int content_type, const void *buf,
    4361. 

  4361.                                           size_t len, SSL *ssl, void *arg))
    4362. 

  4362. {
    4363. 

  4363.     SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
    4364. 

  4364. }
    4365. 

  4365. 

  4366. void SSL_set_msg_callback(SSL *ssl,
    4367. 

  4367.                           void (*cb) (int write_p, int version,
    4368. 

  4368.                                       int content_type, const void *buf,
    4369. 

  4369.                                       size_t len, SSL *ssl, void *arg))
    4370. 

  4370. {
    4371. 

  4371.     SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
    4372. 

  4372. }
    4373. 

  4373. 

  4374. void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
    4375. 

  4375.                                                 int (*cb) (SSL *ssl,
    4376. 

  4376.                                                            int
    4377. 

  4377.                                                            is_forward_secure))
    4378. 

  4378. {
    4379. 

  4379.     SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
    4380. 

  4380.                           (void (*)(void))cb);
    4381. 

  4381. }
    4382. 

  4382. 

  4383. void SSL_set_not_resumable_session_callback(SSL *ssl,
    4384. 

  4384.                                             int (*cb) (SSL *ssl,
    4385. 

  4385.                                                        int is_forward_secure))
    4386. 

  4386. {
    4387. 

  4387.     SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
    4388. 

  4388.                       (void (*)(void))cb);
    4389. 

  4389. }
    4390. 

  4390. 

  4391. void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
    4392. 

  4392.                                          size_t (*cb) (SSL *ssl, int type,
    4393. 

  4393.                                                        size_t len, void *arg))
    4394. 

  4394. {
    4395. 

  4395.     ctx->record_padding_cb = cb;
    4396. 

  4396. }
    4397. 

  4397. 

  4398. void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
    4399. 

  4399. {
    4400. 

  4400.     ctx->record_padding_arg = arg;
    4401. 

  4401. }
    4402. 

  4402. 

  4403. void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx)
    4404. 

  4404. {
    4405. 

  4405.     return ctx->record_padding_arg;
    4406. 

  4406. }
    4407. 

  4407. 

  4408. int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
    4409. 

  4409. {
    4410. 

  4410.     /* block size of 0 or 1 is basically no padding */
    4411. 

  4411.     if (block_size == 1)
    4412. 

  4412.         ctx->block_padding = 0;
    4413. 

  4413.     else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
    4414. 

  4414.         ctx->block_padding = block_size;
    4415. 

  4415.     else
    4416. 

  4416.         return 0;
    4417. 

  4417.     return 1;
    4418. 

  4418. }
    4419. 

  4419. 

  4420. void SSL_set_record_padding_callback(SSL *ssl,
    4421. 

  4421.                                      size_t (*cb) (SSL *ssl, int type,
    4422. 

  4422.                                                    size_t len, void *arg))
    4423. 

  4423. {
    4424. 

  4424.     ssl->record_padding_cb = cb;
    4425. 

  4425. }
    4426. 

  4426. 

  4427. void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
    4428. 

  4428. {
    4429. 

  4429.     ssl->record_padding_arg = arg;
    4430. 

  4430. }
    4431. 

  4431. 

  4432. void *SSL_get_record_padding_callback_arg(const SSL *ssl)
    4433. 

  4433. {
    4434. 

  4434.     return ssl->record_padding_arg;
    4435. 

  4435. }
    4436. 

  4436. 

  4437. int SSL_set_block_padding(SSL *ssl, size_t block_size)
    4438. 

  4438. {
    4439. 

  4439.     /* block size of 0 or 1 is basically no padding */
    4440. 

  4440.     if (block_size == 1)
    4441. 

  4441.         ssl->block_padding = 0;
    4442. 

  4442.     else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
    4443. 

  4443.         ssl->block_padding = block_size;
    4444. 

  4444.     else
    4445. 

  4445.         return 0;
    4446. 

  4446.     return 1;
    4447. 

  4447. }
    4448. 

  4448. 

  4449. int SSL_set_num_tickets(SSL *s, size_t num_tickets)
    4450. 

  4450. {
    4451. 

  4451.     s->num_tickets = num_tickets;
    4452. 

  4452. 

  4453.     return 1;
    4454. 

  4454. }
    4455. 

  4455. 

  4456. size_t SSL_get_num_tickets(const SSL *s)
    4457. 

  4457. {
    4458. 

  4458.     return s->num_tickets;
    4459. 

  4459. }
    4460. 

  4460. 

  4461. int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
    4462. 

  4462. {
    4463. 

  4463.     ctx->num_tickets = num_tickets;
    4464. 

  4464. 

  4465.     return 1;
    4466. 

  4466. }
    4467. 

  4467. 

  4468. size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
    4469. 

  4469. {
    4470. 

  4470.     return ctx->num_tickets;
    4471. 

  4471. }
    4472. 

  4472. 

  4473. /*
    4474. 

  4474.  * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
    4475. 

  4475.  * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
    4476. 

  4476.  * If EVP_MD pointer is passed, initializes ctx with this |md|.
    4477. 

  4477.  * Returns the newly allocated ctx;
    4478. 

  4478.  */
    4479. 

  4479. 

  4480. EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
    4481. 

  4481. {
    4482. 

  4482.     ssl_clear_hash_ctx(hash);
    4483. 

  4483.     *hash = EVP_MD_CTX_new();
    4484. 

  4484.     if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
    4485. 

  4485.         EVP_MD_CTX_free(*hash);
    4486. 

  4486.         *hash = NULL;
    4487. 

  4487.         return NULL;
    4488. 

  4488.     }
    4489. 

  4489.     return *hash;
    4490. 

  4490. }
    4491. 

  4491. 

  4492. void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
    4493. 

  4493. {
    4494. 

  4494. 

  4495.     EVP_MD_CTX_free(*hash);
    4496. 

  4496.     *hash = NULL;
    4497. 

  4497. }
    4498. 

  4498. 

  4499. /* Retrieve handshake hashes */
    4500. 

  4500. int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
    4501. 

  4501.                        size_t *hashlen)
    4502. 

  4502. {
    4503. 

  4503.     EVP_MD_CTX *ctx = NULL;
    4504. 

  4504.     EVP_MD_CTX *hdgst = s->s3->handshake_dgst;
    4505. 

  4505.     int hashleni = EVP_MD_CTX_size(hdgst);
    4506. 

  4506.     int ret = 0;
    4507. 

  4507. 

  4508.     if (hashleni < 0 || (size_t)hashleni > outlen) {
    4509. 

  4509.         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
    4510. 

  4510.                  ERR_R_INTERNAL_ERROR);
    4511. 

  4511.         goto err;
    4512. 

  4512.     }
    4513. 

  4513. 

  4514.     ctx = EVP_MD_CTX_new();
    4515. 

  4515.     if (ctx == NULL)
    4516. 

  4516.         goto err;
    4517. 

  4517. 

  4518.     if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
    4519. 

  4519.         || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
    4520. 

  4520.         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
    4521. 

  4521.                  ERR_R_INTERNAL_ERROR);
    4522. 

  4522.         goto err;
    4523. 

  4523.     }
    4524. 

  4524. 

  4525.     *hashlen = hashleni;
    4526. 

  4526. 

  4527.     ret = 1;
    4528. 

  4528.  err:
    4529. 

  4529.     EVP_MD_CTX_free(ctx);
    4530. 

  4530.     return ret;
    4531. 

  4531. }
    4532. 

  4532. 

  4533. int SSL_session_reused(const SSL *s)
    4534. 

  4534. {
    4535. 

  4535.     return s->hit;
    4536. 

  4536. }
    4537. 

  4537. 

  4538. int SSL_is_server(const SSL *s)
    4539. 

  4539. {
    4540. 

  4540.     return s->server;
    4541. 

  4541. }
    4542. 

  4542. 

  4543. #if OPENSSL_API_COMPAT < 0x10100000L
    4544. 

  4544. void SSL_set_debug(SSL *s, int debug)
    4545. 

  4545. {
    4546. 

  4546.     /* Old function was do-nothing anyway... */
    4547. 

  4547.     (void)s;
    4548. 

  4548.     (void)debug;
    4549. 

  4549. }
    4550. 

  4550. #endif
    4551. 

  4551. 

  4552. void SSL_set_security_level(SSL *s, int level)
    4553. 

  4553. {
    4554. 

  4554.     s->cert->sec_level = level;
    4555. 

  4555. }
    4556. 

  4556. 

  4557. int SSL_get_security_level(const SSL *s)
    4558. 

  4558. {
    4559. 

  4559.     return s->cert->sec_level;
    4560. 

  4560. }
    4561. 

  4561. 

  4562. void SSL_set_security_callback(SSL *s,
    4563. 

  4563.                                int (*cb) (const SSL *s, const SSL_CTX *ctx,
    4564. 

  4564.                                           int op, int bits, int nid,
    4565. 

  4565.                                           void *other, void *ex))
    4566. 

  4566. {
    4567. 

  4567.     s->cert->sec_cb = cb;
    4568. 

  4568. }
    4569. 

  4569. 

  4570. int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
    4571. 

  4571.                                                 const SSL_CTX *ctx, int op,
    4572. 

  4572.                                                 int bits, int nid, void *other,
    4573. 

  4573.                                                 void *ex) {
    4574. 

  4574.     return s->cert->sec_cb;
    4575. 

  4575. }
    4576. 

  4576. 

  4577. void SSL_set0_security_ex_data(SSL *s, void *ex)
    4578. 

  4578. {
    4579. 

  4579.     s->cert->sec_ex = ex;
    4580. 

  4580. }
    4581. 

  4581. 

  4582. void *SSL_get0_security_ex_data(const SSL *s)
    4583. 

  4583. {
    4584. 

  4584.     return s->cert->sec_ex;
    4585. 

  4585. }
    4586. 

  4586. 

  4587. void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
    4588. 

  4588. {
    4589. 

  4589.     ctx->cert->sec_level = level;
    4590. 

  4590. }
    4591. 

  4591. 

  4592. int SSL_CTX_get_security_level(const SSL_CTX *ctx)
    4593. 

  4593. {
    4594. 

  4594.     return ctx->cert->sec_level;
    4595. 

  4595. }
    4596. 

  4596. 

  4597. void SSL_CTX_set_security_callback(SSL_CTX *ctx,
    4598. 

  4598.                                    int (*cb) (const SSL *s, const SSL_CTX *ctx,
    4599. 

  4599.                                               int op, int bits, int nid,
    4600. 

  4600.                                               void *other, void *ex))
    4601. 

  4601. {
    4602. 

  4602.     ctx->cert->sec_cb = cb;
    4603. 

  4603. }
    4604. 

  4604. 

  4605. int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
    4606. 

  4606.                                                           const SSL_CTX *ctx,
    4607. 

  4607.                                                           int op, int bits,
    4608. 

  4608.                                                           int nid,
    4609. 

  4609.                                                           void *other,
    4610. 

  4610.                                                           void *ex) {
    4611. 

  4611.     return ctx->cert->sec_cb;
    4612. 

  4612. }
    4613. 

  4613. 

  4614. void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
    4615. 

  4615. {
    4616. 

  4616.     ctx->cert->sec_ex = ex;
    4617. 

  4617. }
    4618. 

  4618. 

  4619. void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
    4620. 

  4620. {
    4621. 

  4621.     return ctx->cert->sec_ex;
    4622. 

  4622. }
    4623. 

  4623. 

  4624. /*
    4625. 

  4625.  * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
    4626. 

  4626.  * can return unsigned long, instead of the generic long return value from the
    4627. 

  4627.  * control interface.
    4628. 

  4628.  */
    4629. 

  4629. unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
    4630. 

  4630. {
    4631. 

  4631.     return ctx->options;
    4632. 

  4632. }
    4633. 

  4633. 

  4634. unsigned long SSL_get_options(const SSL *s)
    4635. 

  4635. {
    4636. 

  4636.     return s->options;
    4637. 

  4637. }
    4638. 

  4638. 

  4639. unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
    4640. 

  4640. {
    4641. 

  4641.     return ctx->options |= op;
    4642. 

  4642. }
    4643. 

  4643. 

  4644. unsigned long SSL_set_options(SSL *s, unsigned long op)
    4645. 

  4645. {
    4646. 

  4646.     return s->options |= op;
    4647. 

  4647. }
    4648. 

  4648. 

  4649. unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
    4650. 

  4650. {
    4651. 

  4651.     return ctx->options &= ~op;
    4652. 

  4652. }
    4653. 

  4653. 

  4654. unsigned long SSL_clear_options(SSL *s, unsigned long op)
    4655. 

  4655. {
    4656. 

  4656.     return s->options &= ~op;
    4657. 

  4657. }
    4658. 

  4658. 

  4659. STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
    4660. 

  4660. {
    4661. 

  4661.     return s->verified_chain;
    4662. 

  4662. }
    4663. 

  4663. 

  4664. IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
    4665. 

  4665. 

  4666. #ifndef OPENSSL_NO_CT
    4667. 

  4667. 

  4668. /*
    4669. 

  4669.  * Moves SCTs from the |src| stack to the |dst| stack.
    4670. 

  4670.  * The source of each SCT will be set to |origin|.
    4671. 

  4671.  * If |dst| points to a NULL pointer, a new stack will be created and owned by
    4672. 

  4672.  * the caller.
    4673. 

  4673.  * Returns the number of SCTs moved, or a negative integer if an error occurs.
    4674. 

  4674.  */
    4675. 

  4675. static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
    4676. 

  4676.                         sct_source_t origin)
    4677. 

  4677. {
    4678. 

  4678.     int scts_moved = 0;
    4679. 

  4679.     SCT *sct = NULL;
    4680. 

  4680. 

  4681.     if (*dst == NULL) {
    4682. 

  4682.         *dst = sk_SCT_new_null();
    4683. 

  4683.         if (*dst == NULL) {
    4684. 

  4684.             SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE);
    4685. 

  4685.             goto err;
    4686. 

  4686.         }
    4687. 

  4687.     }
    4688. 

  4688. 

  4689.     while ((sct = sk_SCT_pop(src)) != NULL) {
    4690. 

  4690.         if (SCT_set_source(sct, origin) != 1)
    4691. 

  4691.             goto err;
    4692. 

  4692. 

  4693.         if (sk_SCT_push(*dst, sct) <= 0)
    4694. 

  4694.             goto err;
    4695. 

  4695.         scts_moved += 1;
    4696. 

  4696.     }
    4697. 

  4697. 

  4698.     return scts_moved;
    4699. 

  4699.  err:
    4700. 

  4700.     if (sct != NULL)
    4701. 

  4701.         sk_SCT_push(src, sct);  /* Put the SCT back */
    4702. 

  4702.     return -1;
    4703. 

  4703. }
    4704. 

  4704. 

  4705. /*
    4706. 

  4706.  * Look for data collected during ServerHello and parse if found.
    4707. 

  4707.  * Returns the number of SCTs extracted.
    4708. 

  4708.  */
    4709. 

  4709. static int ct_extract_tls_extension_scts(SSL *s)
    4710. 

  4710. {
    4711. 

  4711.     int scts_extracted = 0;
    4712. 

  4712. 

  4713.     if (s->ext.scts != NULL) {
    4714. 

  4714.         const unsigned char *p = s->ext.scts;
    4715. 

  4715.         STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
    4716. 

  4716. 

  4717.         scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
    4718. 

  4718. 

  4719.         SCT_LIST_free(scts);
    4720. 

  4720.     }
    4721. 

  4721. 

  4722.     return scts_extracted;
    4723. 

  4723. }
    4724. 

  4724. 

  4725. /*
    4726. 

  4726.  * Checks for an OCSP response and then attempts to extract any SCTs found if it
    4727. 

  4727.  * contains an SCT X509 extension. They will be stored in |s->scts|.
    4728. 

  4728.  * Returns:
    4729. 

  4729.  * - The number of SCTs extracted, assuming an OCSP response exists.
    4730. 

  4730.  * - 0 if no OCSP response exists or it contains no SCTs.
    4731. 

  4731.  * - A negative integer if an error occurs.
    4732. 

  4732.  */
    4733. 

  4733. static int ct_extract_ocsp_response_scts(SSL *s)
    4734. 

  4734. {
    4735. 

  4735. # ifndef OPENSSL_NO_OCSP
    4736. 

  4736.     int scts_extracted = 0;
    4737. 

  4737.     const unsigned char *p;
    4738. 

  4738.     OCSP_BASICRESP *br = NULL;
    4739. 

  4739.     OCSP_RESPONSE *rsp = NULL;
    4740. 

  4740.     STACK_OF(SCT) *scts = NULL;
    4741. 

  4741.     int i;
    4742. 

  4742. 

  4743.     if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
    4744. 

  4744.         goto err;
    4745. 

  4745. 

  4746.     p = s->ext.ocsp.resp;
    4747. 

  4747.     rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
    4748. 

  4748.     if (rsp == NULL)
    4749. 

  4749.         goto err;
    4750. 

  4750. 

  4751.     br = OCSP_response_get1_basic(rsp);
    4752. 

  4752.     if (br == NULL)
    4753. 

  4753.         goto err;
    4754. 

  4754. 

  4755.     for (i = 0; i < OCSP_resp_count(br); ++i) {
    4756. 

  4756.         OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
    4757. 

  4757. 

  4758.         if (single == NULL)
    4759. 

  4759.             continue;
    4760. 

  4760. 

  4761.         scts =
    4762. 

  4762.             OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
    4763. 

  4763.         scts_extracted =
    4764. 

  4764.             ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
    4765. 

  4765.         if (scts_extracted < 0)
    4766. 

  4766.             goto err;
    4767. 

  4767.     }
    4768. 

  4768.  err:
    4769. 

  4769.     SCT_LIST_free(scts);
    4770. 

  4770.     OCSP_BASICRESP_free(br);
    4771. 

  4771.     OCSP_RESPONSE_free(rsp);
    4772. 

  4772.     return scts_extracted;
    4773. 

  4773. # else
    4774. 

  4774.     /* Behave as if no OCSP response exists */
    4775. 

  4775.     return 0;
    4776. 

  4776. # endif
    4777. 

  4777. }
    4778. 

  4778. 

  4779. /*
    4780. 

  4780.  * Attempts to extract SCTs from the peer certificate.
    4781. 

  4781.  * Return the number of SCTs extracted, or a negative integer if an error
    4782. 

  4782.  * occurs.
    4783. 

  4783.  */
    4784. 

  4784. static int ct_extract_x509v3_extension_scts(SSL *s)
    4785. 

  4785. {
    4786. 

  4786.     int scts_extracted = 0;
    4787. 

  4787.     X509 *cert = s->session != NULL ? s->session->peer : NULL;
    4788. 

  4788. 

  4789.     if (cert != NULL) {
    4790. 

  4790.         STACK_OF(SCT) *scts =
    4791. 

  4791.             X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
    4792. 

  4792. 

  4793.         scts_extracted =
    4794. 

  4794.             ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
    4795. 

  4795. 

  4796.         SCT_LIST_free(scts);
    4797. 

  4797.     }
    4798. 

  4798. 

  4799.     return scts_extracted;
    4800. 

  4800. }
    4801. 

  4801. 

  4802. /*
    4803. 

  4803.  * Attempts to find all received SCTs by checking TLS extensions, the OCSP
    4804. 

  4804.  * response (if it exists) and X509v3 extensions in the certificate.
    4805. 

  4805.  * Returns NULL if an error occurs.
    4806. 

  4806.  */
    4807. 

  4807. const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
    4808. 

  4808. {
    4809. 

  4809.     if (!s->scts_parsed) {
    4810. 

  4810.         if (ct_extract_tls_extension_scts(s) < 0 ||
    4811. 

  4811.             ct_extract_ocsp_response_scts(s) < 0 ||
    4812. 

  4812.             ct_extract_x509v3_extension_scts(s) < 0)
    4813. 

  4813.             goto err;
    4814. 

  4814. 

  4815.         s->scts_parsed = 1;
    4816. 

  4816.     }
    4817. 

  4817.     return s->scts;
    4818. 

  4818.  err:
    4819. 

  4819.     return NULL;
    4820. 

  4820. }
    4821. 

  4821. 

  4822. static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
    4823. 

  4823.                          const STACK_OF(SCT) *scts, void *unused_arg)
    4824. 

  4824. {
    4825. 

  4825.     return 1;
    4826. 

  4826. }
    4827. 

  4827. 

  4828. static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
    4829. 

  4829.                      const STACK_OF(SCT) *scts, void *unused_arg)
    4830. 

  4830. {
    4831. 

  4831.     int count = scts != NULL ? sk_SCT_num(scts) : 0;
    4832. 

  4832.     int i;
    4833. 

  4833. 

  4834.     for (i = 0; i < count; ++i) {
    4835. 

  4835.         SCT *sct = sk_SCT_value(scts, i);
    4836. 

  4836.         int status = SCT_get_validation_status(sct);
    4837. 

  4837. 

  4838.         if (status == SCT_VALIDATION_STATUS_VALID)
    4839. 

  4839.             return 1;
    4840. 

  4840.     }
    4841. 

  4841.     SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS);
    4842. 

  4842.     return 0;
    4843. 

  4843. }
    4844. 

  4844. 

  4845. int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
    4846. 

  4846.                                    void *arg)
    4847. 

  4847. {
    4848. 

  4848.     /*
    4849. 

  4849.      * Since code exists that uses the custom extension handler for CT, look
    4850. 

  4850.      * for this and throw an error if they have already registered to use CT.
    4851. 

  4851.      */
    4852. 

  4852.     if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
    4853. 

  4853.                                                           TLSEXT_TYPE_signed_certificate_timestamp))
    4854. 

  4854.     {
    4855. 

  4855.         SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
    4856. 

  4856.                SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
    4857. 

  4857.         return 0;
    4858. 

  4858.     }
    4859. 

  4859. 

  4860.     if (callback != NULL) {
    4861. 

  4861.         /*
    4862. 

  4862.          * If we are validating CT, then we MUST accept SCTs served via OCSP
    4863. 

  4863.          */
    4864. 

  4864.         if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
    4865. 

  4865.             return 0;
    4866. 

  4866.     }
    4867. 

  4867. 

  4868.     s->ct_validation_callback = callback;
    4869. 

  4869.     s->ct_validation_callback_arg = arg;
    4870. 

  4870. 

  4871.     return 1;
    4872. 

  4872. }
    4873. 

  4873. 

  4874. int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
    4875. 

  4875.                                        ssl_ct_validation_cb callback, void *arg)
    4876. 

  4876. {
    4877. 

  4877.     /*
    4878. 

  4878.      * Since code exists that uses the custom extension handler for CT, look for
    4879. 

  4879.      * this and throw an error if they have already registered to use CT.
    4880. 

  4880.      */
    4881. 

  4881.     if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
    4882. 

  4882.                                                           TLSEXT_TYPE_signed_certificate_timestamp))
    4883. 

  4883.     {
    4884. 

  4884.         SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
    4885. 

  4885.                SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
    4886. 

  4886.         return 0;
    4887. 

  4887.     }
    4888. 

  4888. 

  4889.     ctx->ct_validation_callback = callback;
    4890. 

  4890.     ctx->ct_validation_callback_arg = arg;
    4891. 

  4891.     return 1;
    4892. 

  4892. }
    4893. 

  4893. 

  4894. int SSL_ct_is_enabled(const SSL *s)
    4895. 

  4895. {
    4896. 

  4896.     return s->ct_validation_callback != NULL;
    4897. 

  4897. }
    4898. 

  4898. 

  4899. int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
    4900. 

  4900. {
    4901. 

  4901.     return ctx->ct_validation_callback != NULL;
    4902. 

  4902. }
    4903. 

  4903. 

  4904. int ssl_validate_ct(SSL *s)
    4905. 

  4905. {
    4906. 

  4906.     int ret = 0;
    4907. 

  4907.     X509 *cert = s->session != NULL ? s->session->peer : NULL;
    4908. 

  4908.     X509 *issuer;
    4909. 

  4909.     SSL_DANE *dane = &s->dane;
    4910. 

  4910.     CT_POLICY_EVAL_CTX *ctx = NULL;
    4911. 

  4911.     const STACK_OF(SCT) *scts;
    4912. 

  4912. 

  4913.     /*
    4914. 

  4914.      * If no callback is set, the peer is anonymous, or its chain is invalid,
    4915. 

  4915.      * skip SCT validation - just return success.  Applications that continue
    4916. 

  4916.      * handshakes without certificates, with unverified chains, or pinned leaf
    4917. 

  4917.      * certificates are outside the scope of the WebPKI and CT.
    4918. 

  4918.      *
    4919. 

  4919.      * The above exclusions notwithstanding the vast majority of peers will
    4920. 

  4920.      * have rather ordinary certificate chains validated by typical
    4921. 

  4921.      * applications that perform certificate verification and therefore will
    4922. 

  4922.      * process SCTs when enabled.
    4923. 

  4923.      */
    4924. 

  4924.     if (s->ct_validation_callback == NULL || cert == NULL ||
    4925. 

  4925.         s->verify_result != X509_V_OK ||
    4926. 

  4926.         s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
    4927. 

  4927.         return 1;
    4928. 

  4928. 

  4929.     /*
    4930. 

  4930.      * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
    4931. 

  4931.      * trust-anchors.  See https://tools.ietf.org/html/rfc7671#section-4.2
    4932. 

  4932.      */
    4933. 

  4933.     if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
    4934. 

  4934.         switch (dane->mtlsa->usage) {
    4935. 

  4935.         case DANETLS_USAGE_DANE_TA:
    4936. 

  4936.         case DANETLS_USAGE_DANE_EE:
    4937. 

  4937.             return 1;
    4938. 

  4938.         }
    4939. 

  4939.     }
    4940. 

  4940. 

  4941.     ctx = CT_POLICY_EVAL_CTX_new();
    4942. 

  4942.     if (ctx == NULL) {
    4943. 

  4943.         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT,
    4944. 

  4944.                  ERR_R_MALLOC_FAILURE);
    4945. 

  4945.         goto end;
    4946. 

  4946.     }
    4947. 

  4947. 

  4948.     issuer = sk_X509_value(s->verified_chain, 1);
    4949. 

  4949.     CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
    4950. 

  4950.     CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
    4951. 

  4951.     CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
    4952. 

  4952.     CT_POLICY_EVAL_CTX_set_time(
    4953. 

  4953.             ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
    4954. 

  4954. 

  4955.     scts = SSL_get0_peer_scts(s);
    4956. 

  4956. 

  4957.     /*
    4958. 

  4958.      * This function returns success (> 0) only when all the SCTs are valid, 0
    4959. 

  4959.      * when some are invalid, and < 0 on various internal errors (out of
    4960. 

  4960.      * memory, etc.).  Having some, or even all, invalid SCTs is not sufficient
    4961. 

  4961.      * reason to abort the handshake, that decision is up to the callback.
    4962. 

  4962.      * Therefore, we error out only in the unexpected case that the return
    4963. 

  4963.      * value is negative.
    4964. 

  4964.      *
    4965. 

  4965.      * XXX: One might well argue that the return value of this function is an
    4966. 

  4966.      * unfortunate design choice.  Its job is only to determine the validation
    4967. 

  4967.      * status of each of the provided SCTs.  So long as it correctly separates
    4968. 

  4968.      * the wheat from the chaff it should return success.  Failure in this case
    4969. 

  4969.      * ought to correspond to an inability to carry out its duties.
    4970. 

  4970.      */
    4971. 

  4971.     if (SCT_LIST_validate(scts, ctx) < 0) {
    4972. 

  4972.         SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
    4973. 

  4973.                  SSL_R_SCT_VERIFICATION_FAILED);
    4974. 

  4974.         goto end;
    4975. 

  4975.     }
    4976. 

  4976. 

  4977.     ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
    4978. 

  4978.     if (ret < 0)
    4979. 

  4979.         ret = 0;                /* This function returns 0 on failure */
    4980. 

  4980.     if (!ret)
    4981. 

  4981.         SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
    4982. 

  4982.                  SSL_R_CALLBACK_FAILED);
    4983. 

  4983. 

  4984.  end:
    4985. 

  4985.     CT_POLICY_EVAL_CTX_free(ctx);
    4986. 

  4986.     /*
    4987. 

  4987.      * With SSL_VERIFY_NONE the session may be cached and re-used despite a
    4988. 

  4988.      * failure return code here.  Also the application may wish the complete
    4989. 

  4989.      * the handshake, and then disconnect cleanly at a higher layer, after
    4990. 

  4990.      * checking the verification status of the completed connection.
    4991. 

  4991.      *
    4992. 

  4992.      * We therefore force a certificate verification failure which will be
    4993. 

  4993.      * visible via SSL_get_verify_result() and cached as part of any resumed
    4994. 

  4994.      * session.
    4995. 

  4995.      *
    4996. 

  4996.      * Note: the permissive callback is for information gathering only, always
    4997. 

  4997.      * returns success, and does not affect verification status.  Only the
    4998. 

  4998.      * strict callback or a custom application-specified callback can trigger
    4999. 

  4999.      * connection failure or record a verification error.
    5000. 

  5000.      */
    5001. 

  5001.     if (ret <= 0)
    5002. 

  5002.         s->verify_result = X509_V_ERR_NO_VALID_SCTS;
    5003. 

  5003.     return ret;
    5004. 

  5004. }
    5005. 

  5005. 

  5006. int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
    5007. 

  5007. {
    5008. 

  5008.     switch (validation_mode) {
    5009. 

  5009.     default:
    5010. 

  5010.         SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
    5011. 

  5011.         return 0;
    5012. 

  5012.     case SSL_CT_VALIDATION_PERMISSIVE:
    5013. 

  5013.         return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
    5014. 

  5014.     case SSL_CT_VALIDATION_STRICT:
    5015. 

  5015.         return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
    5016. 

  5016.     }
    5017. 

  5017. }
    5018. 

  5018. 

  5019. int SSL_enable_ct(SSL *s, int validation_mode)
    5020. 

  5020. {
    5021. 

  5021.     switch (validation_mode) {
    5022. 

  5022.     default:
    5023. 

  5023.         SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
    5024. 

  5024.         return 0;
    5025. 

  5025.     case SSL_CT_VALIDATION_PERMISSIVE:
    5026. 

  5026.         return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
    5027. 

  5027.     case SSL_CT_VALIDATION_STRICT:
    5028. 

  5028.         return SSL_set_ct_validation_callback(s, ct_strict, NULL);
    5029. 

  5029.     }
    5030. 

  5030. }
    5031. 

  5031. 

  5032. int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
    5033. 

  5033. {
    5034. 

  5034.     return CTLOG_STORE_load_default_file(ctx->ctlog_store);
    5035. 

  5035. }
    5036. 

  5036. 

  5037. int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
    5038. 

  5038. {
    5039. 

  5039.     return CTLOG_STORE_load_file(ctx->ctlog_store, path);
    5040. 

  5040. }
    5041. 

  5041. 

  5042. void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
    5043. 

  5043. {
    5044. 

  5044.     CTLOG_STORE_free(ctx->ctlog_store);
    5045. 

  5045.     ctx->ctlog_store = logs;
    5046. 

  5046. }
    5047. 

  5047. 

  5048. const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
    5049. 

  5049. {
    5050. 

  5050.     return ctx->ctlog_store;
    5051. 

  5051. }
    5052. 

  5052. 

  5053. #endif  /* OPENSSL_NO_CT */
    5054. 

  5054. 

  5055. void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
    5056. 

  5056.                                  void *arg)
    5057. 

  5057. {
    5058. 

  5058.     c->client_hello_cb = cb;
    5059. 

  5059.     c->client_hello_cb_arg = arg;
    5060. 

  5060. }
    5061. 

  5061. 

  5062. int SSL_client_hello_isv2(SSL *s)
    5063. 

  5063. {
    5064. 

  5064.     if (s->clienthello == NULL)
    5065. 

  5065.         return 0;
    5066. 

  5066.     return s->clienthello->isv2;
    5067. 

  5067. }
    5068. 

  5068. 

  5069. unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
    5070. 

  5070. {
    5071. 

  5071.     if (s->clienthello == NULL)
    5072. 

  5072.         return 0;
    5073. 

  5073.     return s->clienthello->legacy_version;
    5074. 

  5074. }
    5075. 

  5075. 

  5076. size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
    5077. 

  5077. {
    5078. 

  5078.     if (s->clienthello == NULL)
    5079. 

  5079.         return 0;
    5080. 

  5080.     if (out != NULL)
    5081. 

  5081.         *out = s->clienthello->random;
    5082. 

  5082.     return SSL3_RANDOM_SIZE;
    5083. 

  5083. }
    5084. 

  5084. 

  5085. size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
    5086. 

  5086. {
    5087. 

  5087.     if (s->clienthello == NULL)
    5088. 

  5088.         return 0;
    5089. 

  5089.     if (out != NULL)
    5090. 

  5090.         *out = s->clienthello->session_id;
    5091. 

  5091.     return s->clienthello->session_id_len;
    5092. 

  5092. }
    5093. 

  5093. 

  5094. size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
    5095. 

  5095. {
    5096. 

  5096.     if (s->clienthello == NULL)
    5097. 

  5097.         return 0;
    5098. 

  5098.     if (out != NULL)
    5099. 

  5099.         *out = PACKET_data(&s->clienthello->ciphersuites);
    5100. 

  5100.     return PACKET_remaining(&s->clienthello->ciphersuites);
    5101. 

  5101. }
    5102. 

  5102. 

  5103. size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
    5104. 

  5104. {
    5105. 

  5105.     if (s->clienthello == NULL)
    5106. 

  5106.         return 0;
    5107. 

  5107.     if (out != NULL)
    5108. 

  5108.         *out = s->clienthello->compressions;
    5109. 

  5109.     return s->clienthello->compressions_len;
    5110. 

  5110. }
    5111. 

  5111. 

  5112. int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
    5113. 

  5113. {
    5114. 

  5114.     RAW_EXTENSION *ext;
    5115. 

  5115.     int *present;
    5116. 

  5116.     size_t num = 0, i;
    5117. 

  5117. 

  5118.     if (s->clienthello == NULL || out == NULL || outlen == NULL)
    5119. 

  5119.         return 0;
    5120. 

  5120.     for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
    5121. 

  5121.         ext = s->clienthello->pre_proc_exts + i;
    5122. 

  5122.         if (ext->present)
    5123. 

  5123.             num++;
    5124. 

  5124.     }
    5125. 

  5125.     if (num == 0) {
    5126. 

  5126.         *out = NULL;
    5127. 

  5127.         *outlen = 0;
    5128. 

  5128.         return 1;
    5129. 

  5129.     }
    5130. 

  5130.     if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) {
    5131. 

  5131.         SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT,
    5132. 

  5132.                ERR_R_MALLOC_FAILURE);
    5133. 

  5133.         return 0;
    5134. 

  5134.     }
    5135. 

  5135.     for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
    5136. 

  5136.         ext = s->clienthello->pre_proc_exts + i;
    5137. 

  5137.         if (ext->present) {
    5138. 

  5138.             if (ext->received_order >= num)
    5139. 

  5139.                 goto err;
    5140. 

  5140.             present[ext->received_order] = ext->type;
    5141. 

  5141.         }
    5142. 

  5142.     }
    5143. 

  5143.     *out = present;
    5144. 

  5144.     *outlen = num;
    5145. 

  5145.     return 1;
    5146. 

  5146.  err:
    5147. 

  5147.     OPENSSL_free(present);
    5148. 

  5148.     return 0;
    5149. 

  5149. }
    5150. 

  5150. 

  5151. int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
    5152. 

  5152.                        size_t *outlen)
    5153. 

  5153. {
    5154. 

  5154.     size_t i;
    5155. 

  5155.     RAW_EXTENSION *r;
    5156. 

  5156. 

  5157.     if (s->clienthello == NULL)
    5158. 

  5158.         return 0;
    5159. 

  5159.     for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) {
    5160. 

  5160.         r = s->clienthello->pre_proc_exts + i;
    5161. 

  5161.         if (r->present && r->type == type) {
    5162. 

  5162.             if (out != NULL)
    5163. 

  5163.                 *out = PACKET_data(&r->data);
    5164. 

  5164.             if (outlen != NULL)
    5165. 

  5165.                 *outlen = PACKET_remaining(&r->data);
    5166. 

  5166.             return 1;
    5167. 

  5167.         }
    5168. 

  5168.     }
    5169. 

  5169.     return 0;
    5170. 

  5170. }
    5171. 

  5171. 

  5172. int SSL_free_buffers(SSL *ssl)
    5173. 

  5173. {
    5174. 

  5174.     RECORD_LAYER *rl = &ssl->rlayer;
    5175. 

  5175. 

  5176.     if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
    5177. 

  5177.         return 0;
    5178. 

  5178. 

  5179.     RECORD_LAYER_release(rl);
    5180. 

  5180.     return 1;
    5181. 

  5181. }
    5182. 

  5182. 

  5183. int SSL_alloc_buffers(SSL *ssl)
    5184. 

  5184. {
    5185. 

  5185.     return ssl3_setup_buffers(ssl);
    5186. 

  5186. }
    5187. 

  5187. 

  5188. void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
    5189. 

  5189. {
    5190. 

  5190.     ctx->keylog_callback = cb;
    5191. 

  5191. }
    5192. 

  5192. 

  5193. SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
    5194. 

  5194. {
    5195. 

  5195.     return ctx->keylog_callback;
    5196. 

  5196. }
    5197. 

  5197. 

  5198. static int nss_keylog_int(const char *prefix,
    5199. 

  5199.                           SSL *ssl,
    5200. 

  5200.                           const uint8_t *parameter_1,
    5201. 

  5201.                           size_t parameter_1_len,
    5202. 

  5202.                           const uint8_t *parameter_2,
    5203. 

  5203.                           size_t parameter_2_len)
    5204. 

  5204. {
    5205. 

  5205.     char *out = NULL;
    5206. 

  5206.     char *cursor = NULL;
    5207. 

  5207.     size_t out_len = 0;
    5208. 

  5208.     size_t i;
    5209. 

  5209.     size_t prefix_len;
    5210. 

  5210. 

  5211.     if (ssl->ctx->keylog_callback == NULL)
    5212. 

  5212.         return 1;
    5213. 

  5213. 

  5214.     /*
    5215. 

  5215.      * Our output buffer will contain the following strings, rendered with
    5216. 

  5216.      * space characters in between, terminated by a NULL character: first the
    5217. 

  5217.      * prefix, then the first parameter, then the second parameter. The
    5218. 

  5218.      * meaning of each parameter depends on the specific key material being
    5219. 

  5219.      * logged. Note that the first and second parameters are encoded in
    5220. 

  5220.      * hexadecimal, so we need a buffer that is twice their lengths.
    5221. 

  5221.      */
    5222. 

  5222.     prefix_len = strlen(prefix);
    5223. 

  5223.     out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
    5224. 

  5224.     if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
    5225. 

  5225.         SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
    5226. 

  5226.                  ERR_R_MALLOC_FAILURE);
    5227. 

  5227.         return 0;
    5228. 

  5228.     }
    5229. 

  5229. 

  5230.     strcpy(cursor, prefix);
    5231. 

  5231.     cursor += prefix_len;
    5232. 

  5232.     *cursor++ = ' ';
    5233. 

  5233. 

  5234.     for (i = 0; i < parameter_1_len; i++) {
    5235. 

  5235.         sprintf(cursor, "%02x", parameter_1[i]);
    5236. 

  5236.         cursor += 2;
    5237. 

  5237.     }
    5238. 

  5238.     *cursor++ = ' ';
    5239. 

  5239. 

  5240.     for (i = 0; i < parameter_2_len; i++) {
    5241. 

  5241.         sprintf(cursor, "%02x", parameter_2[i]);
    5242. 

  5242.         cursor += 2;
    5243. 

  5243.     }
    5244. 

  5244.     *cursor = '\0';
    5245. 

  5245. 

  5246.     ssl->ctx->keylog_callback(ssl, (const char *)out);
    5247. 

  5247.     OPENSSL_clear_free(out, out_len);
    5248. 

  5248.     return 1;
    5249. 

  5249. 

  5250. }
    5251. 

  5251. 

  5252. int ssl_log_rsa_client_key_exchange(SSL *ssl,
    5253. 

  5253.                                     const uint8_t *encrypted_premaster,
    5254. 

  5254.                                     size_t encrypted_premaster_len,
    5255. 

  5255.                                     const uint8_t *premaster,
    5256. 

  5256.                                     size_t premaster_len)
    5257. 

  5257. {
    5258. 

  5258.     if (encrypted_premaster_len < 8) {
    5259. 

  5259.         SSLfatal(ssl, SSL_AD_INTERNAL_ERROR,
    5260. 

  5260.                  SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
    5261. 

  5261.         return 0;
    5262. 

  5262.     }
    5263. 

  5263. 

  5264.     /* We only want the first 8 bytes of the encrypted premaster as a tag. */
    5265. 

  5265.     return nss_keylog_int("RSA",
    5266. 

  5266.                           ssl,
    5267. 

  5267.                           encrypted_premaster,
    5268. 

  5268.                           8,
    5269. 

  5269.                           premaster,
    5270. 

  5270.                           premaster_len);
    5271. 

  5271. }
    5272. 

  5272. 

  5273. int ssl_log_secret(SSL *ssl,
    5274. 

  5274.                    const char *label,
    5275. 

  5275.                    const uint8_t *secret,
    5276. 

  5276.                    size_t secret_len)
    5277. 

  5277. {
    5278. 

  5278.     return nss_keylog_int(label,
    5279. 

  5279.                           ssl,
    5280. 

  5280.                           ssl->s3->client_random,
    5281. 

  5281.                           SSL3_RANDOM_SIZE,
    5282. 

  5282.                           secret,
    5283. 

  5283.                           secret_len);
    5284. 

  5284. }
    5285. 

  5285. 

  5286. #define SSLV2_CIPHER_LEN    3
    5287. 

  5287. 

  5288. int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
    5289. 

  5289. {
    5290. 

  5290.     int n;
    5291. 

  5291. 

  5292.     n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
    5293. 

  5293. 

  5294.     if (PACKET_remaining(cipher_suites) == 0) {
    5295. 

  5295.         SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST,
    5296. 

  5296.                  SSL_R_NO_CIPHERS_SPECIFIED);
    5297. 

  5297.         return 0;
    5298. 

  5298.     }
    5299. 

  5299. 

  5300.     if (PACKET_remaining(cipher_suites) % n != 0) {
    5301. 

  5301.         SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
    5302. 

  5302.                  SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
    5303. 

  5303.         return 0;
    5304. 

  5304.     }
    5305. 

  5305. 

  5306.     OPENSSL_free(s->s3->tmp.ciphers_raw);
    5307. 

  5307.     s->s3->tmp.ciphers_raw = NULL;
    5308. 

  5308.     s->s3->tmp.ciphers_rawlen = 0;
    5309. 

  5309. 

  5310.     if (sslv2format) {
    5311. 

  5311.         size_t numciphers = PACKET_remaining(cipher_suites) / n;
    5312. 

  5312.         PACKET sslv2ciphers = *cipher_suites;
    5313. 

  5313.         unsigned int leadbyte;
    5314. 

  5314.         unsigned char *raw;
    5315. 

  5315. 

  5316.         /*
    5317. 

  5317.          * We store the raw ciphers list in SSLv3+ format so we need to do some
    5318. 

  5318.          * preprocessing to convert the list first. If there are any SSLv2 only
    5319. 

  5319.          * ciphersuites with a non-zero leading byte then we are going to
    5320. 

  5320.          * slightly over allocate because we won't store those. But that isn't a
    5321. 

  5321.          * problem.
    5322. 

  5322.          */
    5323. 

  5323.         raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
    5324. 

  5324.         s->s3->tmp.ciphers_raw = raw;
    5325. 

  5325.         if (raw == NULL) {
    5326. 

  5326.             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
    5327. 

  5327.                      ERR_R_MALLOC_FAILURE);
    5328. 

  5328.             return 0;
    5329. 

  5329.         }
    5330. 

  5330.         for (s->s3->tmp.ciphers_rawlen = 0;
    5331. 

  5331.              PACKET_remaining(&sslv2ciphers) > 0;
    5332. 

  5332.              raw += TLS_CIPHER_LEN) {
    5333. 

  5333.             if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
    5334. 

  5334.                     || (leadbyte == 0
    5335. 

  5335.                         && !PACKET_copy_bytes(&sslv2ciphers, raw,
    5336. 

  5336.                                               TLS_CIPHER_LEN))
    5337. 

  5337.                     || (leadbyte != 0
    5338. 

  5338.                         && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
    5339. 

  5339.                 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
    5340. 

  5340.                          SSL_R_BAD_PACKET);
    5341. 

  5341.                 OPENSSL_free(s->s3->tmp.ciphers_raw);
    5342. 

  5342.                 s->s3->tmp.ciphers_raw = NULL;
    5343. 

  5343.                 s->s3->tmp.ciphers_rawlen = 0;
    5344. 

  5344.                 return 0;
    5345. 

  5345.             }
    5346. 

  5346.             if (leadbyte == 0)
    5347. 

  5347.                 s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN;
    5348. 

  5348.         }
    5349. 

  5349.     } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw,
    5350. 

  5350.                            &s->s3->tmp.ciphers_rawlen)) {
    5351. 

  5351.         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
    5352. 

  5352.                  ERR_R_INTERNAL_ERROR);
    5353. 

  5353.         return 0;
    5354. 

  5354.     }
    5355. 

  5355.     return 1;
    5356. 

  5356. }
    5357. 

  5357. 

  5358. int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
    5359. 

  5359.                              int isv2format, STACK_OF(SSL_CIPHER) **sk,
    5360. 

  5360.                              STACK_OF(SSL_CIPHER) **scsvs)
    5361. 

  5361. {
    5362. 

  5362.     PACKET pkt;
    5363. 

  5363. 

  5364.     if (!PACKET_buf_init(&pkt, bytes, len))
    5365. 

  5365.         return 0;
    5366. 

  5366.     return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0);
    5367. 

  5367. }
    5368. 

  5368. 

  5369. int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
    5370. 

  5370.                          STACK_OF(SSL_CIPHER) **skp,
    5371. 

  5371.                          STACK_OF(SSL_CIPHER) **scsvs_out,
    5372. 

  5372.                          int sslv2format, int fatal)
    5373. 

  5373. {
    5374. 

  5374.     const SSL_CIPHER *c;
    5375. 

  5375.     STACK_OF(SSL_CIPHER) *sk = NULL;
    5376. 

  5376.     STACK_OF(SSL_CIPHER) *scsvs = NULL;
    5377. 

  5377.     int n;
    5378. 

  5378.     /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
    5379. 

  5379.     unsigned char cipher[SSLV2_CIPHER_LEN];
    5380. 

  5380. 

  5381.     n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
    5382. 

  5382. 

  5383.     if (PACKET_remaining(cipher_suites) == 0) {
    5384. 

  5384.         if (fatal)
    5385. 

  5385.             SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST,
    5386. 

  5386.                      SSL_R_NO_CIPHERS_SPECIFIED);
    5387. 

  5387.         else
    5388. 

  5388.             SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
    5389. 

  5389.         return 0;
    5390. 

  5390.     }
    5391. 

  5391. 

  5392.     if (PACKET_remaining(cipher_suites) % n != 0) {
    5393. 

  5393.         if (fatal)
    5394. 

  5394.             SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
    5395. 

  5395.                      SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
    5396. 

  5396.         else
    5397. 

  5397.             SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,
    5398. 

  5398.                    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
    5399. 

  5399.         return 0;
    5400. 

  5400.     }
    5401. 

  5401. 

  5402.     sk = sk_SSL_CIPHER_new_null();
    5403. 

  5403.     scsvs = sk_SSL_CIPHER_new_null();
    5404. 

  5404.     if (sk == NULL || scsvs == NULL) {
    5405. 

  5405.         if (fatal)
    5406. 

  5406.             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
    5407. 

  5407.                      ERR_R_MALLOC_FAILURE);
    5408. 

  5408.         else
    5409. 

  5409.             SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
    5410. 

  5410.         goto err;
    5411. 

  5411.     }
    5412. 

  5412. 

  5413.     while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
    5414. 

  5414.         /*
    5415. 

  5415.          * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
    5416. 

  5416.          * first byte set to zero, while true SSLv2 ciphers have a non-zero
    5417. 

  5417.          * first byte. We don't support any true SSLv2 ciphers, so skip them.
    5418. 

  5418.          */
    5419. 

  5419.         if (sslv2format && cipher[0] != '\0')
    5420. 

  5420.             continue;
    5421. 

  5421. 

  5422.         /* For SSLv2-compat, ignore leading 0-byte. */
    5423. 

  5423.         c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
    5424. 

  5424.         if (c != NULL) {
    5425. 

  5425.             if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
    5426. 

  5426.                 (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
    5427. 

  5427.                 if (fatal)
    5428. 

  5428.                     SSLfatal(s, SSL_AD_INTERNAL_ERROR,
    5429. 

  5429.                              SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
    5430. 

  5430.                 else
    5431. 

  5431.                     SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
    5432. 

  5432.                 goto err;
    5433. 

  5433.             }
    5434. 

  5434.         }
    5435. 

  5435.     }
    5436. 

  5436.     if (PACKET_remaining(cipher_suites) > 0) {
    5437. 

  5437.         if (fatal)
    5438. 

  5438.             SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
    5439. 

  5439.                      SSL_R_BAD_LENGTH);
    5440. 

  5440.         else
    5441. 

  5441.             SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);
    5442. 

  5442.         goto err;
    5443. 

  5443.     }
    5444. 

  5444. 

  5445.     if (skp != NULL)
    5446. 

  5446.         *skp = sk;
    5447. 

  5447.     else
    5448. 

  5448.         sk_SSL_CIPHER_free(sk);
    5449. 

  5449.     if (scsvs_out != NULL)
    5450. 

  5450.         *scsvs_out = scsvs;
    5451. 

  5451.     else
    5452. 

  5452.         sk_SSL_CIPHER_free(scsvs);
    5453. 

  5453.     return 1;
    5454. 

  5454.  err:
    5455. 

  5455.     sk_SSL_CIPHER_free(sk);
    5456. 

  5456.     sk_SSL_CIPHER_free(scsvs);
    5457. 

  5457.     return 0;
    5458. 

  5458. }
    5459. 

  5459. 

  5460. int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
    5461. 

  5461. {
    5462. 

  5462.     ctx->max_early_data = max_early_data;
    5463. 

  5463. 

  5464.     return 1;
    5465. 

  5465. }
    5466. 

  5466. 

  5467. uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
    5468. 

  5468. {
    5469. 

  5469.     return ctx->max_early_data;
    5470. 

  5470. }
    5471. 

  5471. 

  5472. int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
    5473. 

  5473. {
    5474. 

  5474.     s->max_early_data = max_early_data;
    5475. 

  5475. 

  5476.     return 1;
    5477. 

  5477. }
    5478. 

  5478. 

  5479. uint32_t SSL_get_max_early_data(const SSL *s)
    5480. 

  5480. {
    5481. 

  5481.     return s->max_early_data;
    5482. 

  5482. }
    5483. 

  5483. 

  5484. int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
    5485. 

  5485. {
    5486. 

  5486.     ctx->recv_max_early_data = recv_max_early_data;
    5487. 

  5487. 

  5488.     return 1;
    5489. 

  5489. }
    5490. 

  5490. 

  5491. uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
    5492. 

  5492. {
    5493. 

  5493.     return ctx->recv_max_early_data;
    5494. 

  5494. }
    5495. 

  5495. 

  5496. int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)
    5497. 

  5497. {
    5498. 

  5498.     s->recv_max_early_data = recv_max_early_data;
    5499. 

  5499. 

  5500.     return 1;
    5501. 

  5501. }
    5502. 

  5502. 

  5503. uint32_t SSL_get_recv_max_early_data(const SSL *s)
    5504. 

  5504. {
    5505. 

  5505.     return s->recv_max_early_data;
    5506. 

  5506. }
    5507. 

  5507. 

  5508. __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl)
    5509. 

  5509. {
    5510. 

  5510.     /* Return any active Max Fragment Len extension */
    5511. 

  5511.     if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session))
    5512. 

  5512.         return GET_MAX_FRAGMENT_LENGTH(ssl->session);
    5513. 

  5513. 

  5514.     /* return current SSL connection setting */
    5515. 

  5515.     return ssl->max_send_fragment;
    5516. 

  5516. }
    5517. 

  5517. 

  5518. __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl)
    5519. 

  5519. {
    5520. 

  5520.     /* Return a value regarding an active Max Fragment Len extension */
    5521. 

  5521.     if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)
    5522. 

  5522.         && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session))
    5523. 

  5523.         return GET_MAX_FRAGMENT_LENGTH(ssl->session);
    5524. 

  5524. 

  5525.     /* else limit |split_send_fragment| to current |max_send_fragment| */
    5526. 

  5526.     if (ssl->split_send_fragment > ssl->max_send_fragment)
    5527. 

  5527.         return ssl->max_send_fragment;
    5528. 

  5528. 

  5529.     /* return current SSL connection setting */
    5530. 

  5530.     return ssl->split_send_fragment;
    5531. 

  5531. }
    5532. 

  5532. 

  5533. int SSL_stateless(SSL *s)
    5534. 

  5534. {
    5535. 

  5535.     int ret;
    5536. 

  5536. 

  5537.     /* Ensure there is no state left over from a previous invocation */
    5538. 

  5538.     if (!SSL_clear(s))
    5539. 

  5539.         return 0;
    5540. 

  5540. 

  5541.     ERR_clear_error();
    5542. 

  5542. 

  5543.     s->s3->flags |= TLS1_FLAGS_STATELESS;
    5544. 

  5544.     ret = SSL_accept(s);
    5545. 

  5545.     s->s3->flags &= ~TLS1_FLAGS_STATELESS;
    5546. 

  5546. 

  5547.     if (ret > 0 && s->ext.cookieok)
    5548. 

  5548.         return 1;
    5549. 

  5549. 

  5550.     if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s))
    5551. 

  5551.         return 0;
    5552. 

  5552. 

  5553.     return -1;
    5554. 

  5554. }
    5555. 

  5555. 

  5556. void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
    5557. 

  5557. {
    5558. 

  5558.     ctx->pha_enabled = val;
    5559. 

  5559. }
    5560. 

  5560. 

  5561. void SSL_set_post_handshake_auth(SSL *ssl, int val)
    5562. 

  5562. {
    5563. 

  5563.     ssl->pha_enabled = val;
    5564. 

  5564. }
    5565. 

  5565. 

  5566. int SSL_verify_client_post_handshake(SSL *ssl)
    5567. 

  5567. {
    5568. 

  5568.     if (!SSL_IS_TLS13(ssl)) {
    5569. 

  5569.         SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION);
    5570. 

  5570.         return 0;
    5571. 

  5571.     }
    5572. 

  5572.     if (!ssl->server) {
    5573. 

  5573.         SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER);
    5574. 

  5574.         return 0;
    5575. 

  5575.     }
    5576. 

  5576. 

  5577.     if (!SSL_is_init_finished(ssl)) {
    5578. 

  5578.         SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT);
    5579. 

  5579.         return 0;
    5580. 

  5580.     }
    5581. 

  5581. 

  5582.     switch (ssl->post_handshake_auth) {
    5583. 

  5583.     case SSL_PHA_NONE:
    5584. 

  5584.         SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED);
    5585. 

  5585.         return 0;
    5586. 

  5586.     default:
    5587. 

  5587.     case SSL_PHA_EXT_SENT:
    5588. 

  5588.         SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR);
    5589. 

  5589.         return 0;
    5590. 

  5590.     case SSL_PHA_EXT_RECEIVED:
    5591. 

  5591.         break;
    5592. 

  5592.     case SSL_PHA_REQUEST_PENDING:
    5593. 

  5593.         SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING);
    5594. 

  5594.         return 0;
    5595. 

  5595.     case SSL_PHA_REQUESTED:
    5596. 

  5596.         SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT);
    5597. 

  5597.         return 0;
    5598. 

  5598.     }
    5599. 

  5599. 

  5600.     ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
    5601. 

  5601. 

  5602.     /* checks verify_mode and algorithm_auth */
    5603. 

  5603.     if (!send_certificate_request(ssl)) {
    5604. 

  5604.         ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
    5605. 

  5605.         SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG);
    5606. 

  5606.         return 0;
    5607. 

  5607.     }
    5608. 

  5608. 

  5609.     ossl_statem_set_in_init(ssl, 1);
    5610. 

  5610.     return 1;
    5611. 

  5611. }
    5612. 

  5612. 

  5613. int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
    5614. 

  5614.                                   SSL_CTX_generate_session_ticket_fn gen_cb,
    5615. 

  5615.                                   SSL_CTX_decrypt_session_ticket_fn dec_cb,
    5616. 

  5616.                                   void *arg)
    5617. 

  5617. {
    5618. 

  5618.     ctx->generate_ticket_cb = gen_cb;
    5619. 

  5619.     ctx->decrypt_ticket_cb = dec_cb;
    5620. 

  5620.     ctx->ticket_cb_data = arg;
    5621. 

  5621.     return 1;
    5622. 

  5622. }
    5623. 

  5623. 

  5624. void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
    5625. 

  5625.                                      SSL_allow_early_data_cb_fn cb,
    5626. 

  5626.                                      void *arg)
    5627. 

  5627. {
    5628. 

  5628.     ctx->allow_early_data_cb = cb;
    5629. 

  5629.     ctx->allow_early_data_cb_data = arg;
    5630. 

  5630. }
    5631. 

  5631. 

  5632. void SSL_set_allow_early_data_cb(SSL *s,
    5633. 

  5633.                                  SSL_allow_early_data_cb_fn cb,
    5634. 

  5634.                                  void *arg)
    5635. 

  5635. {
    5636. 

  5636.     s->allow_early_data_cb = cb;
    5637. 

  5637.     s->allow_early_data_cb_data = arg;
    5638. 

  5638. }
    5639.