1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2  * All rights reserved.
3  *
4  * This package is an SSL implementation written
5  * by Eric Young (eay@cryptsoft.com).
6  * The implementation was written so as to conform with Netscapes SSL.
7  *
8  * This library is free for commercial and non-commercial use as long as
9  * the following conditions are aheared to.  The following conditions
10  * apply to all code found in this distribution, be it the RC4, RSA,
11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12  * included with this distribution is covered by the same copyright terms
13  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14  *
15  * Copyright remains Eric Young's, and as such any Copyright notices in
16  * the code are not to be removed.
17  * If this package is used in a product, Eric Young should be given attribution
18  * as the author of the parts of the library used.
19  * This can be in the form of a textual message at program startup or
20  * in documentation (online or textual) provided with the package.
21  *
22  * Redistribution and use in source and binary forms, with or without
23  * modification, are permitted provided that the following conditions
24  * are met:
25  * 1. Redistributions of source code must retain the copyright
26  *    notice, this list of conditions and the following disclaimer.
27  * 2. Redistributions in binary form must reproduce the above copyright
28  *    notice, this list of conditions and the following disclaimer in the
29  *    documentation and/or other materials provided with the distribution.
30  * 3. All advertising materials mentioning features or use of this software
31  *    must display the following acknowledgement:
32  *    "This product includes cryptographic software written by
33  *     Eric Young (eay@cryptsoft.com)"
34  *    The word 'cryptographic' can be left out if the rouines from the library
35  *    being used are not cryptographic related :-).
36  * 4. If you include any Windows specific code (or a derivative thereof) from
37  *    the apps directory (application code) you must include an acknowledgement:
38  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  *
52  * The licence and distribution terms for any publically available version or
53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
54  * copied and put under another distribution licence
55  * [including the GNU Public Licence.]
56  */
57 /* ====================================================================
58  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
59  *
60  * Redistribution and use in source and binary forms, with or without
61  * modification, are permitted provided that the following conditions
62  * are met:
63  *
64  * 1. Redistributions of source code must retain the above copyright
65  *    notice, this list of conditions and the following disclaimer.
66  *
67  * 2. Redistributions in binary form must reproduce the above copyright
68  *    notice, this list of conditions and the following disclaimer in
69  *    the documentation and/or other materials provided with the
70  *    distribution.
71  *
72  * 3. All advertising materials mentioning features or use of this
73  *    software must display the following acknowledgment:
74  *    "This product includes software developed by the OpenSSL Project
75  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76  *
77  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78  *    endorse or promote products derived from this software without
79  *    prior written permission. For written permission, please contact
80  *    openssl-core@openssl.org.
81  *
82  * 5. Products derived from this software may not be called "OpenSSL"
83  *    nor may "OpenSSL" appear in their names without prior written
84  *    permission of the OpenSSL Project.
85  *
86  * 6. Redistributions of any form whatsoever must retain the following
87  *    acknowledgment:
88  *    "This product includes software developed by the OpenSSL Project
89  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90  *
91  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
95  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102  * OF THE POSSIBILITY OF SUCH DAMAGE.
103  * ====================================================================
104  *
105  * This product includes cryptographic software written by Eric Young
106  * (eay@cryptsoft.com).  This product includes software written by Tim
107  * Hudson (tjh@cryptsoft.com).
108  *
109  */
110 /* ====================================================================
111  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112  * ECC cipher suite support in OpenSSL originally developed by
113  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114  */
115 /* ====================================================================
116  * Copyright 2005 Nokia. All rights reserved.
117  *
118  * The portions of the attached software ("Contribution") is developed by
119  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120  * license.
121  *
122  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124  * support (see RFC 4279) to OpenSSL.
125  *
126  * No patent licenses or other rights except those expressly stated in
127  * the OpenSSL open source license shall be deemed granted or received
128  * expressly, by implication, estoppel, or otherwise.
129  *
130  * No assurances are provided by Nokia that the Contribution does not
131  * infringe the patent or other intellectual property rights of any third
132  * party or that the license provides you with all the necessary rights
133  * to make use of the Contribution.
134  *
135  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139  * OTHERWISE. */
140 
141 #include <openssl/ssl.h>
142 
143 #include <assert.h>
144 #include <stdio.h>
145 #include <string.h>
146 
147 #include <openssl/bytestring.h>
148 #include <openssl/crypto.h>
149 #include <openssl/dh.h>
150 #include <openssl/err.h>
151 #include <openssl/lhash.h>
152 #include <openssl/mem.h>
153 #include <openssl/obj.h>
154 #include <openssl/rand.h>
155 #include <openssl/x509v3.h>
156 
157 #include "internal.h"
158 #include "../crypto/internal.h"
159 
160 
161 /* |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it
162  * to avoid downstream churn. */
163 OPENSSL_DECLARE_ERROR_REASON(SSL, UNKNOWN_PROTOCOL)
164 
165 /* Some error codes are special. Ensure the make_errors.go script never
166  * regresses this. */
167 OPENSSL_COMPILE_ASSERT(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ==
168                            SSL_AD_NO_RENEGOTIATION + SSL_AD_REASON_OFFSET,
169                        ssl_alert_reason_code_mismatch);
170 
171 /* kMaxHandshakeSize is the maximum size, in bytes, of a handshake message. */
172 static const size_t kMaxHandshakeSize = (1u << 24) - 1;
173 
174 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl =
175     CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
176 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl_ctx =
177     CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
178 
SSL_library_init(void)179 int SSL_library_init(void) {
180   CRYPTO_library_init();
181   return 1;
182 }
183 
ssl_session_hash(const SSL_SESSION * a)184 static uint32_t ssl_session_hash(const SSL_SESSION *a) {
185   uint32_t hash =
186       ((uint32_t)a->session_id[0]) |
187       ((uint32_t)a->session_id[1] << 8) |
188       ((uint32_t)a->session_id[2] << 16) |
189       ((uint32_t)a->session_id[3] << 24);
190 
191   return hash;
192 }
193 
194 /* NB: If this function (or indeed the hash function which uses a sort of
195  * coarser function than this one) is changed, ensure
196  * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
197  * able to construct an SSL_SESSION that will collide with any existing session
198  * with a matching session ID. */
ssl_session_cmp(const SSL_SESSION * a,const SSL_SESSION * b)199 static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
200   if (a->ssl_version != b->ssl_version) {
201     return 1;
202   }
203 
204   if (a->session_id_length != b->session_id_length) {
205     return 1;
206   }
207 
208   return memcmp(a->session_id, b->session_id, a->session_id_length);
209 }
210 
SSL_CTX_new(const SSL_METHOD * method)211 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
212   SSL_CTX *ret = NULL;
213 
214   if (method == NULL) {
215     OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_METHOD_PASSED);
216     return NULL;
217   }
218 
219   if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
220     OPENSSL_PUT_ERROR(SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
221     goto err;
222   }
223 
224   ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
225   if (ret == NULL) {
226     goto err;
227   }
228 
229   memset(ret, 0, sizeof(SSL_CTX));
230 
231   ret->method = method->method;
232 
233   CRYPTO_MUTEX_init(&ret->lock);
234 
235   ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
236   ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
237 
238   /* We take the system default */
239   ret->session_timeout = SSL_DEFAULT_SESSION_TIMEOUT;
240 
241   ret->references = 1;
242 
243   ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
244   ret->verify_mode = SSL_VERIFY_NONE;
245   ret->cert = ssl_cert_new();
246   if (ret->cert == NULL) {
247     goto err;
248   }
249 
250   ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
251   if (ret->sessions == NULL) {
252     goto err;
253   }
254   ret->cert_store = X509_STORE_new();
255   if (ret->cert_store == NULL) {
256     goto err;
257   }
258 
259   ssl_create_cipher_list(ret->method, &ret->cipher_list,
260                          &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
261   if (ret->cipher_list == NULL ||
262       sk_SSL_CIPHER_num(ret->cipher_list->ciphers) <= 0) {
263     OPENSSL_PUT_ERROR(SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
264     goto err2;
265   }
266 
267   ret->param = X509_VERIFY_PARAM_new();
268   if (!ret->param) {
269     goto err;
270   }
271 
272   ret->client_CA = sk_X509_NAME_new_null();
273   if (ret->client_CA == NULL) {
274     goto err;
275   }
276 
277   CRYPTO_new_ex_data(&ret->ex_data);
278 
279   ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
280 
281   /* Setup RFC4507 ticket keys */
282   if (!RAND_bytes(ret->tlsext_tick_key_name, 16) ||
283       !RAND_bytes(ret->tlsext_tick_hmac_key, 16) ||
284       !RAND_bytes(ret->tlsext_tick_aes_key, 16)) {
285     ret->options |= SSL_OP_NO_TICKET;
286   }
287 
288   /* Lock the SSL_CTX to the specified version, for compatibility with legacy
289    * uses of SSL_METHOD. */
290   if (method->version != 0) {
291     SSL_CTX_set_max_version(ret, method->version);
292     SSL_CTX_set_min_version(ret, method->version);
293   }
294 
295   return ret;
296 
297 err:
298   OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
299 err2:
300   SSL_CTX_free(ret);
301   return NULL;
302 }
303 
SSL_CTX_free(SSL_CTX * ctx)304 void SSL_CTX_free(SSL_CTX *ctx) {
305   if (ctx == NULL ||
306       !CRYPTO_refcount_dec_and_test_zero(&ctx->references)) {
307     return;
308   }
309 
310   X509_VERIFY_PARAM_free(ctx->param);
311 
312   /* Free internal session cache. However: the remove_cb() may reference the
313    * ex_data of SSL_CTX, thus the ex_data store can only be removed after the
314    * sessions were flushed. As the ex_data handling routines might also touch
315    * the session cache, the most secure solution seems to be: empty (flush) the
316    * cache, then free ex_data, then finally free the cache. (See ticket
317    * [openssl.org #212].) */
318   SSL_CTX_flush_sessions(ctx, 0);
319 
320   CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data);
321 
322   CRYPTO_MUTEX_cleanup(&ctx->lock);
323   lh_SSL_SESSION_free(ctx->sessions);
324   X509_STORE_free(ctx->cert_store);
325   ssl_cipher_preference_list_free(ctx->cipher_list);
326   sk_SSL_CIPHER_free(ctx->cipher_list_by_id);
327   ssl_cipher_preference_list_free(ctx->cipher_list_tls10);
328   ssl_cipher_preference_list_free(ctx->cipher_list_tls11);
329   ssl_cert_free(ctx->cert);
330   sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->client_custom_extensions,
331                                    SSL_CUSTOM_EXTENSION_free);
332   sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->server_custom_extensions,
333                                    SSL_CUSTOM_EXTENSION_free);
334   sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free);
335   sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
336   OPENSSL_free(ctx->psk_identity_hint);
337   OPENSSL_free(ctx->tlsext_ellipticcurvelist);
338   OPENSSL_free(ctx->alpn_client_proto_list);
339   OPENSSL_free(ctx->ocsp_response);
340   OPENSSL_free(ctx->signed_cert_timestamp_list);
341   EVP_PKEY_free(ctx->tlsext_channel_id_private);
342 
343   OPENSSL_free(ctx);
344 }
345 
SSL_new(SSL_CTX * ctx)346 SSL *SSL_new(SSL_CTX *ctx) {
347   if (ctx == NULL) {
348     OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_CTX);
349     return NULL;
350   }
351   if (ctx->method == NULL) {
352     OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
353     return NULL;
354   }
355 
356   SSL *ssl = (SSL *)OPENSSL_malloc(sizeof(SSL));
357   if (ssl == NULL) {
358     goto err;
359   }
360   memset(ssl, 0, sizeof(SSL));
361 
362   ssl->min_version = ctx->min_version;
363   ssl->max_version = ctx->max_version;
364 
365   ssl->options = ctx->options;
366   ssl->mode = ctx->mode;
367   ssl->max_cert_list = ctx->max_cert_list;
368 
369   ssl->cert = ssl_cert_dup(ctx->cert);
370   if (ssl->cert == NULL) {
371     goto err;
372   }
373 
374   ssl->msg_callback = ctx->msg_callback;
375   ssl->msg_callback_arg = ctx->msg_callback_arg;
376   ssl->verify_mode = ctx->verify_mode;
377   ssl->sid_ctx_length = ctx->sid_ctx_length;
378   assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx);
379   memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
380   ssl->verify_callback = ctx->default_verify_callback;
381 
382   ssl->param = X509_VERIFY_PARAM_new();
383   if (!ssl->param) {
384     goto err;
385   }
386   X509_VERIFY_PARAM_inherit(ssl->param, ctx->param);
387   ssl->quiet_shutdown = ctx->quiet_shutdown;
388   ssl->max_send_fragment = ctx->max_send_fragment;
389 
390   CRYPTO_refcount_inc(&ctx->references);
391   ssl->ctx = ctx;
392   CRYPTO_refcount_inc(&ctx->references);
393   ssl->initial_ctx = ctx;
394 
395   if (ctx->tlsext_ellipticcurvelist) {
396     ssl->tlsext_ellipticcurvelist =
397         BUF_memdup(ctx->tlsext_ellipticcurvelist,
398                    ctx->tlsext_ellipticcurvelist_length * 2);
399     if (!ssl->tlsext_ellipticcurvelist) {
400       goto err;
401     }
402     ssl->tlsext_ellipticcurvelist_length = ctx->tlsext_ellipticcurvelist_length;
403   }
404 
405   if (ssl->ctx->alpn_client_proto_list) {
406     ssl->alpn_client_proto_list = BUF_memdup(
407         ssl->ctx->alpn_client_proto_list, ssl->ctx->alpn_client_proto_list_len);
408     if (ssl->alpn_client_proto_list == NULL) {
409       goto err;
410     }
411     ssl->alpn_client_proto_list_len = ssl->ctx->alpn_client_proto_list_len;
412   }
413 
414   ssl->verify_result = X509_V_OK;
415   ssl->method = ctx->method;
416 
417   if (!ssl->method->ssl_new(ssl)) {
418     goto err;
419   }
420   ssl->enc_method = ssl3_get_enc_method(ssl->version);
421   assert(ssl->enc_method != NULL);
422 
423   ssl->rwstate = SSL_NOTHING;
424 
425   CRYPTO_new_ex_data(&ssl->ex_data);
426 
427   ssl->psk_identity_hint = NULL;
428   if (ctx->psk_identity_hint) {
429     ssl->psk_identity_hint = BUF_strdup(ctx->psk_identity_hint);
430     if (ssl->psk_identity_hint == NULL) {
431       goto err;
432     }
433   }
434   ssl->psk_client_callback = ctx->psk_client_callback;
435   ssl->psk_server_callback = ctx->psk_server_callback;
436 
437   ssl->tlsext_channel_id_enabled = ctx->tlsext_channel_id_enabled;
438   if (ctx->tlsext_channel_id_private) {
439     ssl->tlsext_channel_id_private =
440         EVP_PKEY_up_ref(ctx->tlsext_channel_id_private);
441   }
442 
443   ssl->signed_cert_timestamps_enabled =
444       ssl->ctx->signed_cert_timestamps_enabled;
445   ssl->ocsp_stapling_enabled = ssl->ctx->ocsp_stapling_enabled;
446 
447   return ssl;
448 
449 err:
450   SSL_free(ssl);
451   OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
452 
453   return NULL;
454 }
455 
SSL_free(SSL * ssl)456 void SSL_free(SSL *ssl) {
457   if (ssl == NULL) {
458     return;
459   }
460 
461   X509_VERIFY_PARAM_free(ssl->param);
462 
463   CRYPTO_free_ex_data(&g_ex_data_class_ssl, ssl, &ssl->ex_data);
464 
465   if (ssl->bbio != NULL) {
466     /* If the buffering BIO is in place, pop it off */
467     if (ssl->bbio == ssl->wbio) {
468       ssl->wbio = BIO_pop(ssl->wbio);
469     }
470     BIO_free(ssl->bbio);
471     ssl->bbio = NULL;
472   }
473 
474   int free_wbio = ssl->wbio != ssl->rbio;
475   BIO_free_all(ssl->rbio);
476   if (free_wbio) {
477     BIO_free_all(ssl->wbio);
478   }
479 
480   BUF_MEM_free(ssl->init_buf);
481 
482   /* add extra stuff */
483   ssl_cipher_preference_list_free(ssl->cipher_list);
484   sk_SSL_CIPHER_free(ssl->cipher_list_by_id);
485 
486   ssl_clear_bad_session(ssl);
487   SSL_SESSION_free(ssl->session);
488 
489   ssl_clear_cipher_ctx(ssl);
490 
491   ssl_cert_free(ssl->cert);
492 
493   OPENSSL_free(ssl->tlsext_hostname);
494   SSL_CTX_free(ssl->initial_ctx);
495   OPENSSL_free(ssl->tlsext_ellipticcurvelist);
496   OPENSSL_free(ssl->alpn_client_proto_list);
497   EVP_PKEY_free(ssl->tlsext_channel_id_private);
498   OPENSSL_free(ssl->psk_identity_hint);
499   sk_X509_NAME_pop_free(ssl->client_CA, X509_NAME_free);
500   OPENSSL_free(ssl->next_proto_negotiated);
501   sk_SRTP_PROTECTION_PROFILE_free(ssl->srtp_profiles);
502 
503   if (ssl->method != NULL) {
504     ssl->method->ssl_free(ssl);
505   }
506   SSL_CTX_free(ssl->ctx);
507 
508   OPENSSL_free(ssl);
509 }
510 
SSL_set_connect_state(SSL * ssl)511 void SSL_set_connect_state(SSL *ssl) {
512   ssl->server = 0;
513   ssl->shutdown = 0;
514   ssl->state = SSL_ST_CONNECT;
515   ssl->handshake_func = ssl->method->ssl_connect;
516   /* clear the current cipher */
517   ssl_clear_cipher_ctx(ssl);
518 }
519 
SSL_set_accept_state(SSL * ssl)520 void SSL_set_accept_state(SSL *ssl) {
521   ssl->server = 1;
522   ssl->shutdown = 0;
523   ssl->state = SSL_ST_ACCEPT;
524   ssl->handshake_func = ssl->method->ssl_accept;
525   /* clear the current cipher */
526   ssl_clear_cipher_ctx(ssl);
527 }
528 
SSL_set_bio(SSL * ssl,BIO * rbio,BIO * wbio)529 void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) {
530   /* If the output buffering BIO is still in place, remove it. */
531   if (ssl->bbio != NULL) {
532     if (ssl->wbio == ssl->bbio) {
533       ssl->wbio = ssl->wbio->next_bio;
534       ssl->bbio->next_bio = NULL;
535     }
536   }
537 
538   if (ssl->rbio != rbio) {
539     BIO_free_all(ssl->rbio);
540   }
541   if (ssl->wbio != wbio && ssl->rbio != ssl->wbio) {
542     BIO_free_all(ssl->wbio);
543   }
544   ssl->rbio = rbio;
545   ssl->wbio = wbio;
546 }
547 
SSL_get_rbio(const SSL * ssl)548 BIO *SSL_get_rbio(const SSL *ssl) { return ssl->rbio; }
549 
SSL_get_wbio(const SSL * ssl)550 BIO *SSL_get_wbio(const SSL *ssl) { return ssl->wbio; }
551 
SSL_do_handshake(SSL * ssl)552 int SSL_do_handshake(SSL *ssl) {
553   if (ssl->handshake_func == NULL) {
554     OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
555     return -1;
556   }
557 
558   if (!SSL_in_init(ssl)) {
559     return 1;
560   }
561 
562   return ssl->handshake_func(ssl);
563 }
564 
SSL_connect(SSL * ssl)565 int SSL_connect(SSL *ssl) {
566   if (ssl->handshake_func == 0) {
567     /* Not properly initialized yet */
568     SSL_set_connect_state(ssl);
569   }
570 
571   if (ssl->handshake_func != ssl->method->ssl_connect) {
572     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
573     return -1;
574   }
575 
576   return ssl->handshake_func(ssl);
577 }
578 
SSL_accept(SSL * ssl)579 int SSL_accept(SSL *ssl) {
580   if (ssl->handshake_func == 0) {
581     /* Not properly initialized yet */
582     SSL_set_accept_state(ssl);
583   }
584 
585   if (ssl->handshake_func != ssl->method->ssl_accept) {
586     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
587     return -1;
588   }
589 
590   return ssl->handshake_func(ssl);
591 }
592 
SSL_read(SSL * ssl,void * buf,int num)593 int SSL_read(SSL *ssl, void *buf, int num) {
594   if (ssl->handshake_func == 0) {
595     OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
596     return -1;
597   }
598 
599   if (ssl->shutdown & SSL_RECEIVED_SHUTDOWN) {
600     ssl->rwstate = SSL_NOTHING;
601     return 0;
602   }
603 
604   ERR_clear_system_error();
605   return ssl->method->ssl_read_app_data(ssl, buf, num, 0);
606 }
607 
SSL_peek(SSL * ssl,void * buf,int num)608 int SSL_peek(SSL *ssl, void *buf, int num) {
609   if (ssl->handshake_func == 0) {
610     OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
611     return -1;
612   }
613 
614   if (ssl->shutdown & SSL_RECEIVED_SHUTDOWN) {
615     return 0;
616   }
617 
618   ERR_clear_system_error();
619   return ssl->method->ssl_read_app_data(ssl, buf, num, 1);
620 }
621 
SSL_write(SSL * ssl,const void * buf,int num)622 int SSL_write(SSL *ssl, const void *buf, int num) {
623   if (ssl->handshake_func == 0) {
624     OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
625     return -1;
626   }
627 
628   if (ssl->shutdown & SSL_SENT_SHUTDOWN) {
629     ssl->rwstate = SSL_NOTHING;
630     OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
631     return -1;
632   }
633 
634   ERR_clear_system_error();
635   return ssl->method->ssl_write_app_data(ssl, buf, num);
636 }
637 
SSL_shutdown(SSL * ssl)638 int SSL_shutdown(SSL *ssl) {
639   /* Note that this function behaves differently from what one might expect.
640    * Return values are 0 for no success (yet), 1 for success; but calling it
641    * once is usually not enough, even if blocking I/O is used (see
642    * ssl3_shutdown). */
643 
644   if (ssl->handshake_func == 0) {
645     OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
646     return -1;
647   }
648 
649   if (SSL_in_init(ssl)) {
650     return 1;
651   }
652 
653   /* Do nothing if configured not to send a close_notify. */
654   if (ssl->quiet_shutdown) {
655     ssl->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;
656     return 1;
657   }
658 
659   if (!(ssl->shutdown & SSL_SENT_SHUTDOWN)) {
660     ssl->shutdown |= SSL_SENT_SHUTDOWN;
661     ssl3_send_alert(ssl, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
662 
663     /* our shutdown alert has been sent now, and if it still needs to be
664      * written, ssl->s3->alert_dispatch will be true */
665     if (ssl->s3->alert_dispatch) {
666       return -1; /* return WANT_WRITE */
667     }
668   } else if (ssl->s3->alert_dispatch) {
669     /* resend it if not sent */
670     int ret = ssl->method->ssl_dispatch_alert(ssl);
671     if (ret == -1) {
672       /* we only get to return -1 here the 2nd/Nth invocation, we must  have
673        * already signalled return 0 upon a previous invoation, return
674        * WANT_WRITE */
675       return ret;
676     }
677   } else if (!(ssl->shutdown & SSL_RECEIVED_SHUTDOWN)) {
678     /* If we are waiting for a close from our peer, we are closed */
679     ssl->method->ssl_read_close_notify(ssl);
680     if (!(ssl->shutdown & SSL_RECEIVED_SHUTDOWN)) {
681       return -1; /* return WANT_READ */
682     }
683   }
684 
685   if (ssl->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN) &&
686       !ssl->s3->alert_dispatch) {
687     return 1;
688   } else {
689     return 0;
690   }
691 }
692 
SSL_get_error(const SSL * ssl,int ret_code)693 int SSL_get_error(const SSL *ssl, int ret_code) {
694   int reason;
695   uint32_t err;
696   BIO *bio;
697 
698   if (ret_code > 0) {
699     return SSL_ERROR_NONE;
700   }
701 
702   /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
703    * where we do encode the error */
704   err = ERR_peek_error();
705   if (err != 0) {
706     if (ERR_GET_LIB(err) == ERR_LIB_SYS) {
707       return SSL_ERROR_SYSCALL;
708     }
709     return SSL_ERROR_SSL;
710   }
711 
712   if (ret_code == 0) {
713     if ((ssl->shutdown & SSL_RECEIVED_SHUTDOWN) &&
714         (ssl->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) {
715       /* The socket was cleanly shut down with a close_notify. */
716       return SSL_ERROR_ZERO_RETURN;
717     }
718     /* An EOF was observed which violates the protocol, and the underlying
719      * transport does not participate in the error queue. Bubble up to the
720      * caller. */
721     return SSL_ERROR_SYSCALL;
722   }
723 
724   if (SSL_want_session(ssl)) {
725     return SSL_ERROR_PENDING_SESSION;
726   }
727 
728   if (SSL_want_certificate(ssl)) {
729     return SSL_ERROR_PENDING_CERTIFICATE;
730   }
731 
732   if (SSL_want_read(ssl)) {
733     bio = SSL_get_rbio(ssl);
734     if (BIO_should_read(bio)) {
735       return SSL_ERROR_WANT_READ;
736     }
737 
738     if (BIO_should_write(bio)) {
739       /* This one doesn't make too much sense ... We never try to write to the
740        * rbio, and an application program where rbio and wbio are separate
741        * couldn't even know what it should wait for. However if we ever set
742        * ssl->rwstate incorrectly (so that we have SSL_want_read(ssl) instead of
743        * SSL_want_write(ssl)) and rbio and wbio *are* the same, this test works
744        * around that bug; so it might be safer to keep it. */
745       return SSL_ERROR_WANT_WRITE;
746     }
747 
748     if (BIO_should_io_special(bio)) {
749       reason = BIO_get_retry_reason(bio);
750       if (reason == BIO_RR_CONNECT) {
751         return SSL_ERROR_WANT_CONNECT;
752       }
753 
754       if (reason == BIO_RR_ACCEPT) {
755         return SSL_ERROR_WANT_ACCEPT;
756       }
757 
758       return SSL_ERROR_SYSCALL; /* unknown */
759     }
760   }
761 
762   if (SSL_want_write(ssl)) {
763     bio = SSL_get_wbio(ssl);
764     if (BIO_should_write(bio)) {
765       return SSL_ERROR_WANT_WRITE;
766     }
767 
768     if (BIO_should_read(bio)) {
769       /* See above (SSL_want_read(ssl) with BIO_should_write(bio)) */
770       return SSL_ERROR_WANT_READ;
771     }
772 
773     if (BIO_should_io_special(bio)) {
774       reason = BIO_get_retry_reason(bio);
775       if (reason == BIO_RR_CONNECT) {
776         return SSL_ERROR_WANT_CONNECT;
777       }
778 
779       if (reason == BIO_RR_ACCEPT) {
780         return SSL_ERROR_WANT_ACCEPT;
781       }
782 
783       return SSL_ERROR_SYSCALL;
784     }
785   }
786 
787   if (SSL_want_x509_lookup(ssl)) {
788     return SSL_ERROR_WANT_X509_LOOKUP;
789   }
790 
791   if (SSL_want_channel_id_lookup(ssl)) {
792     return SSL_ERROR_WANT_CHANNEL_ID_LOOKUP;
793   }
794 
795   if (SSL_want_private_key_operation(ssl)) {
796     return SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
797   }
798 
799   return SSL_ERROR_SYSCALL;
800 }
801 
SSL_CTX_set_min_version(SSL_CTX * ctx,uint16_t version)802 void SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version) {
803   ctx->min_version = version;
804 }
805 
SSL_CTX_set_max_version(SSL_CTX * ctx,uint16_t version)806 void SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version) {
807   ctx->max_version = version;
808 }
809 
SSL_set_min_version(SSL * ssl,uint16_t version)810 void SSL_set_min_version(SSL *ssl, uint16_t version) {
811   ssl->min_version = version;
812 }
813 
SSL_set_max_version(SSL * ssl,uint16_t version)814 void SSL_set_max_version(SSL *ssl, uint16_t version) {
815   ssl->max_version = version;
816 }
817 
SSL_CTX_set_options(SSL_CTX * ctx,uint32_t options)818 uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) {
819   ctx->options |= options;
820   return ctx->options;
821 }
822 
SSL_CTX_clear_options(SSL_CTX * ctx,uint32_t options)823 uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options) {
824   ctx->options &= ~options;
825   return ctx->options;
826 }
827 
SSL_CTX_get_options(const SSL_CTX * ctx)828 uint32_t SSL_CTX_get_options(const SSL_CTX *ctx) { return ctx->options; }
829 
SSL_set_options(SSL * ssl,uint32_t options)830 uint32_t SSL_set_options(SSL *ssl, uint32_t options) {
831   ssl->options |= options;
832   return ssl->options;
833 }
834 
SSL_clear_options(SSL * ssl,uint32_t options)835 uint32_t SSL_clear_options(SSL *ssl, uint32_t options) {
836   ssl->options &= ~options;
837   return ssl->options;
838 }
839 
SSL_get_options(const SSL * ssl)840 uint32_t SSL_get_options(const SSL *ssl) { return ssl->options; }
841 
SSL_CTX_set_mode(SSL_CTX * ctx,uint32_t mode)842 uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode) {
843   ctx->mode |= mode;
844   return ctx->mode;
845 }
846 
SSL_CTX_clear_mode(SSL_CTX * ctx,uint32_t mode)847 uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode) {
848   ctx->mode &= ~mode;
849   return ctx->mode;
850 }
851 
SSL_CTX_get_mode(const SSL_CTX * ctx)852 uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx) { return ctx->mode; }
853 
SSL_set_mode(SSL * ssl,uint32_t mode)854 uint32_t SSL_set_mode(SSL *ssl, uint32_t mode) {
855   ssl->mode |= mode;
856   return ssl->mode;
857 }
858 
SSL_clear_mode(SSL * ssl,uint32_t mode)859 uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode) {
860   ssl->mode &= ~mode;
861   return ssl->mode;
862 }
863 
SSL_get_mode(const SSL * ssl)864 uint32_t SSL_get_mode(const SSL *ssl) { return ssl->mode; }
865 
SSL_get_peer_certificate(const SSL * ssl)866 X509 *SSL_get_peer_certificate(const SSL *ssl) {
867   if (ssl == NULL || ssl->session == NULL || ssl->session->peer == NULL) {
868     return NULL;
869   }
870   return X509_up_ref(ssl->session->peer);
871 }
872 
STACK_OF(X509)873 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl) {
874   if (ssl == NULL || ssl->session == NULL) {
875     return NULL;
876   }
877   return ssl->session->cert_chain;
878 }
879 
SSL_get_tls_unique(const SSL * ssl,uint8_t * out,size_t * out_len,size_t max_out)880 int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len,
881                        size_t max_out) {
882   /* The tls-unique value is the first Finished message in the handshake, which
883    * is the client's in a full handshake and the server's for a resumption. See
884    * https://tools.ietf.org/html/rfc5929#section-3.1. */
885   const uint8_t *finished = ssl->s3->previous_client_finished;
886   size_t finished_len = ssl->s3->previous_client_finished_len;
887   if (ssl->hit) {
888     /* tls-unique is broken for resumed sessions unless EMS is used. */
889     if (!ssl->session->extended_master_secret) {
890       goto err;
891     }
892     finished = ssl->s3->previous_server_finished;
893     finished_len = ssl->s3->previous_server_finished_len;
894   }
895 
896   if (!ssl->s3->initial_handshake_complete ||
897       ssl->version < TLS1_VERSION) {
898     goto err;
899   }
900 
901   *out_len = finished_len;
902   if (finished_len > max_out) {
903     *out_len = max_out;
904   }
905 
906   memcpy(out, finished, *out_len);
907   return 1;
908 
909 err:
910   *out_len = 0;
911   memset(out, 0, max_out);
912   return 0;
913 }
914 
SSL_CTX_set_session_id_context(SSL_CTX * ctx,const uint8_t * sid_ctx,unsigned sid_ctx_len)915 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const uint8_t *sid_ctx,
916                                    unsigned sid_ctx_len) {
917   if (sid_ctx_len > sizeof(ctx->sid_ctx)) {
918     OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
919     return 0;
920   }
921   ctx->sid_ctx_length = sid_ctx_len;
922   memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
923 
924   return 1;
925 }
926 
SSL_set_session_id_context(SSL * ssl,const uint8_t * sid_ctx,unsigned sid_ctx_len)927 int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx,
928                                unsigned sid_ctx_len) {
929   if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
930     OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
931     return 0;
932   }
933   ssl->sid_ctx_length = sid_ctx_len;
934   memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
935 
936   return 1;
937 }
938 
SSL_CTX_set_purpose(SSL_CTX * ctx,int purpose)939 int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose) {
940   return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
941 }
942 
SSL_set_purpose(SSL * ssl,int purpose)943 int SSL_set_purpose(SSL *ssl, int purpose) {
944   return X509_VERIFY_PARAM_set_purpose(ssl->param, purpose);
945 }
946 
SSL_CTX_set_trust(SSL_CTX * ctx,int trust)947 int SSL_CTX_set_trust(SSL_CTX *ctx, int trust) {
948   return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
949 }
950 
SSL_set_trust(SSL * ssl,int trust)951 int SSL_set_trust(SSL *ssl, int trust) {
952   return X509_VERIFY_PARAM_set_trust(ssl->param, trust);
953 }
954 
SSL_CTX_set1_param(SSL_CTX * ctx,const X509_VERIFY_PARAM * param)955 int SSL_CTX_set1_param(SSL_CTX *ctx, const X509_VERIFY_PARAM *param) {
956   return X509_VERIFY_PARAM_set1(ctx->param, param);
957 }
958 
SSL_set1_param(SSL * ssl,const X509_VERIFY_PARAM * param)959 int SSL_set1_param(SSL *ssl, const X509_VERIFY_PARAM *param) {
960   return X509_VERIFY_PARAM_set1(ssl->param, param);
961 }
962 
ssl_cipher_preference_list_free(struct ssl_cipher_preference_list_st * cipher_list)963 void ssl_cipher_preference_list_free(
964     struct ssl_cipher_preference_list_st *cipher_list) {
965   if (cipher_list == NULL) {
966     return;
967   }
968   sk_SSL_CIPHER_free(cipher_list->ciphers);
969   OPENSSL_free(cipher_list->in_group_flags);
970   OPENSSL_free(cipher_list);
971 }
972 
SSL_CTX_get0_param(SSL_CTX * ctx)973 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) { return ctx->param; }
974 
SSL_get0_param(SSL * ssl)975 X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) { return ssl->param; }
976 
SSL_certs_clear(SSL * ssl)977 void SSL_certs_clear(SSL *ssl) { ssl_cert_clear_certs(ssl->cert); }
978 
SSL_get_fd(const SSL * ssl)979 int SSL_get_fd(const SSL *ssl) { return SSL_get_rfd(ssl); }
980 
SSL_get_rfd(const SSL * ssl)981 int SSL_get_rfd(const SSL *ssl) {
982   int ret = -1;
983   BIO *b = BIO_find_type(SSL_get_rbio(ssl), BIO_TYPE_DESCRIPTOR);
984   if (b != NULL) {
985     BIO_get_fd(b, &ret);
986   }
987   return ret;
988 }
989 
SSL_get_wfd(const SSL * ssl)990 int SSL_get_wfd(const SSL *ssl) {
991   int ret = -1;
992   BIO *b = BIO_find_type(SSL_get_wbio(ssl), BIO_TYPE_DESCRIPTOR);
993   if (b != NULL) {
994     BIO_get_fd(b, &ret);
995   }
996   return ret;
997 }
998 
SSL_set_fd(SSL * ssl,int fd)999 int SSL_set_fd(SSL *ssl, int fd) {
1000   BIO *bio = BIO_new(BIO_s_fd());
1001   if (bio == NULL) {
1002     OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
1003     return 0;
1004   }
1005   BIO_set_fd(bio, fd, BIO_NOCLOSE);
1006   SSL_set_bio(ssl, bio, bio);
1007   return 1;
1008 }
1009 
SSL_set_wfd(SSL * ssl,int fd)1010 int SSL_set_wfd(SSL *ssl, int fd) {
1011   if (ssl->rbio == NULL ||
1012       BIO_method_type(ssl->rbio) != BIO_TYPE_FD ||
1013       BIO_get_fd(ssl->rbio, NULL) != fd) {
1014     BIO *bio = BIO_new(BIO_s_fd());
1015     if (bio == NULL) {
1016       OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
1017       return 0;
1018     }
1019     BIO_set_fd(bio, fd, BIO_NOCLOSE);
1020     SSL_set_bio(ssl, SSL_get_rbio(ssl), bio);
1021   } else {
1022     SSL_set_bio(ssl, SSL_get_rbio(ssl), SSL_get_rbio(ssl));
1023   }
1024 
1025   return 1;
1026 }
1027 
SSL_set_rfd(SSL * ssl,int fd)1028 int SSL_set_rfd(SSL *ssl, int fd) {
1029   if (ssl->wbio == NULL || BIO_method_type(ssl->wbio) != BIO_TYPE_FD ||
1030       BIO_get_fd(ssl->wbio, NULL) != fd) {
1031     BIO *bio = BIO_new(BIO_s_fd());
1032     if (bio == NULL) {
1033       OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
1034       return 0;
1035     }
1036     BIO_set_fd(bio, fd, BIO_NOCLOSE);
1037     SSL_set_bio(ssl, bio, SSL_get_wbio(ssl));
1038   } else {
1039     SSL_set_bio(ssl, SSL_get_wbio(ssl), SSL_get_wbio(ssl));
1040   }
1041   return 1;
1042 }
1043 
SSL_get_finished(const SSL * ssl,void * buf,size_t count)1044 size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
1045   size_t ret = 0;
1046 
1047   if (ssl->s3 != NULL) {
1048     ret = ssl->s3->tmp.finish_md_len;
1049     if (count > ret) {
1050       count = ret;
1051     }
1052     memcpy(buf, ssl->s3->tmp.finish_md, count);
1053   }
1054 
1055   return ret;
1056 }
1057 
SSL_get_peer_finished(const SSL * ssl,void * buf,size_t count)1058 size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
1059   size_t ret = 0;
1060 
1061   if (ssl->s3 != NULL) {
1062     ret = ssl->s3->tmp.peer_finish_md_len;
1063     if (count > ret) {
1064       count = ret;
1065     }
1066     memcpy(buf, ssl->s3->tmp.peer_finish_md, count);
1067   }
1068 
1069   return ret;
1070 }
1071 
SSL_get_verify_mode(const SSL * ssl)1072 int SSL_get_verify_mode(const SSL *ssl) { return ssl->verify_mode; }
1073 
SSL_get_verify_depth(const SSL * ssl)1074 int SSL_get_verify_depth(const SSL *ssl) {
1075   return X509_VERIFY_PARAM_get_depth(ssl->param);
1076 }
1077 
SSL_get_extms_support(const SSL * ssl)1078 int SSL_get_extms_support(const SSL *ssl) {
1079   return ssl->s3->tmp.extended_master_secret == 1;
1080 }
1081 
SSL_get_verify_callback(const SSL * ssl)1082 int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *) {
1083   return ssl->verify_callback;
1084 }
1085 
SSL_CTX_get_verify_mode(const SSL_CTX * ctx)1086 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) { return ctx->verify_mode; }
1087 
SSL_CTX_get_verify_depth(const SSL_CTX * ctx)1088 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) {
1089   return X509_VERIFY_PARAM_get_depth(ctx->param);
1090 }
1091 
SSL_CTX_get_verify_callback(const SSL_CTX * ctx)1092 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(
1093     int ok, X509_STORE_CTX *store_ctx) {
1094   return ctx->default_verify_callback;
1095 }
1096 
SSL_set_verify(SSL * ssl,int mode,int (* callback)(int ok,X509_STORE_CTX * store_ctx))1097 void SSL_set_verify(SSL *ssl, int mode,
1098                     int (*callback)(int ok, X509_STORE_CTX *store_ctx)) {
1099   ssl->verify_mode = mode;
1100   if (callback != NULL) {
1101     ssl->verify_callback = callback;
1102   }
1103 }
1104 
SSL_set_verify_depth(SSL * ssl,int depth)1105 void SSL_set_verify_depth(SSL *ssl, int depth) {
1106   X509_VERIFY_PARAM_set_depth(ssl->param, depth);
1107 }
1108 
SSL_CTX_get_read_ahead(const SSL_CTX * ctx)1109 int SSL_CTX_get_read_ahead(const SSL_CTX *ctx) { return 0; }
1110 
SSL_get_read_ahead(const SSL * ssl)1111 int SSL_get_read_ahead(const SSL *ssl) { return 0; }
1112 
SSL_CTX_set_read_ahead(SSL_CTX * ctx,int yes)1113 void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { }
1114 
SSL_set_read_ahead(SSL * ssl,int yes)1115 void SSL_set_read_ahead(SSL *ssl, int yes) { }
1116 
SSL_pending(const SSL * ssl)1117 int SSL_pending(const SSL *ssl) {
1118   if (ssl->s3->rrec.type != SSL3_RT_APPLICATION_DATA) {
1119     return 0;
1120   }
1121   return ssl->s3->rrec.length;
1122 }
1123 
1124 /* Fix this so it checks all the valid key/cert options */
SSL_CTX_check_private_key(const SSL_CTX * ctx)1125 int SSL_CTX_check_private_key(const SSL_CTX *ctx) {
1126   if (ctx->cert->x509 == NULL) {
1127     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
1128     return 0;
1129   }
1130 
1131   if (ctx->cert->privatekey == NULL) {
1132     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
1133     return 0;
1134   }
1135 
1136   return X509_check_private_key(ctx->cert->x509, ctx->cert->privatekey);
1137 }
1138 
1139 /* Fix this function so that it takes an optional type parameter */
SSL_check_private_key(const SSL * ssl)1140 int SSL_check_private_key(const SSL *ssl) {
1141   if (ssl->cert->x509 == NULL) {
1142     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
1143     return 0;
1144   }
1145 
1146   if (ssl->cert->privatekey == NULL) {
1147     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
1148     return 0;
1149   }
1150 
1151   return X509_check_private_key(ssl->cert->x509, ssl->cert->privatekey);
1152 }
1153 
SSL_get_default_timeout(const SSL * ssl)1154 long SSL_get_default_timeout(const SSL *ssl) {
1155   return SSL_DEFAULT_SESSION_TIMEOUT;
1156 }
1157 
SSL_renegotiate(SSL * ssl)1158 int SSL_renegotiate(SSL *ssl) {
1159   /* Caller-initiated renegotiation is not supported. */
1160   OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1161   return 0;
1162 }
1163 
SSL_renegotiate_pending(SSL * ssl)1164 int SSL_renegotiate_pending(SSL *ssl) {
1165   return SSL_in_init(ssl) && ssl->s3->initial_handshake_complete;
1166 }
1167 
SSL_CTX_get_max_cert_list(const SSL_CTX * ctx)1168 size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx) {
1169   return ctx->max_cert_list;
1170 }
1171 
SSL_CTX_set_max_cert_list(SSL_CTX * ctx,size_t max_cert_list)1172 void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, size_t max_cert_list) {
1173   if (max_cert_list > kMaxHandshakeSize) {
1174     max_cert_list = kMaxHandshakeSize;
1175   }
1176   ctx->max_cert_list = (uint32_t)max_cert_list;
1177 }
1178 
SSL_get_max_cert_list(const SSL * ssl)1179 size_t SSL_get_max_cert_list(const SSL *ssl) {
1180   return ssl->max_cert_list;
1181 }
1182 
SSL_set_max_cert_list(SSL * ssl,size_t max_cert_list)1183 void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) {
1184   if (max_cert_list > kMaxHandshakeSize) {
1185     max_cert_list = kMaxHandshakeSize;
1186   }
1187   ssl->max_cert_list = (uint32_t)max_cert_list;
1188 }
1189 
SSL_CTX_set_max_send_fragment(SSL_CTX * ctx,size_t max_send_fragment)1190 void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) {
1191   if (max_send_fragment < 512) {
1192     max_send_fragment = 512;
1193   }
1194   if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
1195     max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1196   }
1197   ctx->max_send_fragment = (uint16_t)max_send_fragment;
1198 }
1199 
SSL_set_max_send_fragment(SSL * ssl,size_t max_send_fragment)1200 void SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) {
1201   if (max_send_fragment < 512) {
1202     max_send_fragment = 512;
1203   }
1204   if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
1205     max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1206   }
1207   ssl->max_send_fragment = (uint16_t)max_send_fragment;
1208 }
1209 
SSL_set_mtu(SSL * ssl,unsigned mtu)1210 int SSL_set_mtu(SSL *ssl, unsigned mtu) {
1211   if (!SSL_IS_DTLS(ssl) || mtu < dtls1_min_mtu()) {
1212     return 0;
1213   }
1214   ssl->d1->mtu = mtu;
1215   return 1;
1216 }
1217 
SSL_get_secure_renegotiation_support(const SSL * ssl)1218 int SSL_get_secure_renegotiation_support(const SSL *ssl) {
1219   return ssl->s3->send_connection_binding;
1220 }
1221 
LHASH_OF(SSL_SESSION)1222 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; }
1223 
SSL_CTX_sess_number(const SSL_CTX * ctx)1224 size_t SSL_CTX_sess_number(const SSL_CTX *ctx) {
1225   return lh_SSL_SESSION_num_items(ctx->sessions);
1226 }
1227 
SSL_CTX_sess_set_cache_size(SSL_CTX * ctx,unsigned long size)1228 unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, unsigned long size) {
1229   unsigned long ret = ctx->session_cache_size;
1230   ctx->session_cache_size = size;
1231   return ret;
1232 }
1233 
SSL_CTX_sess_get_cache_size(const SSL_CTX * ctx)1234 unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx) {
1235   return ctx->session_cache_size;
1236 }
1237 
SSL_CTX_set_session_cache_mode(SSL_CTX * ctx,int mode)1238 int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode) {
1239   int ret = ctx->session_cache_mode;
1240   ctx->session_cache_mode = mode;
1241   return ret;
1242 }
1243 
SSL_CTX_get_session_cache_mode(const SSL_CTX * ctx)1244 int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx) {
1245   return ctx->session_cache_mode;
1246 }
1247 
STACK_OF(SSL_CIPHER)1248 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) {
1249   if (ssl == NULL) {
1250     return NULL;
1251   }
1252 
1253   if (ssl->cipher_list != NULL) {
1254     return ssl->cipher_list->ciphers;
1255   }
1256 
1257   if (ssl->version >= TLS1_1_VERSION && ssl->ctx != NULL &&
1258       ssl->ctx->cipher_list_tls11 != NULL) {
1259     return ssl->ctx->cipher_list_tls11->ciphers;
1260   }
1261 
1262   if (ssl->version >= TLS1_VERSION && ssl->ctx != NULL &&
1263       ssl->ctx->cipher_list_tls10 != NULL) {
1264     return ssl->ctx->cipher_list_tls10->ciphers;
1265   }
1266 
1267   if (ssl->ctx != NULL && ssl->ctx->cipher_list != NULL) {
1268     return ssl->ctx->cipher_list->ciphers;
1269   }
1270 
1271   return NULL;
1272 }
1273 
1274 /* return a STACK of the ciphers available for the SSL and in order of
1275  * algorithm id */
STACK_OF(SSL_CIPHER)1276 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *ssl) {
1277   if (ssl == NULL) {
1278     return NULL;
1279   }
1280 
1281   if (ssl->cipher_list_by_id != NULL) {
1282     return ssl->cipher_list_by_id;
1283   }
1284 
1285   if (ssl->ctx != NULL && ssl->ctx->cipher_list_by_id != NULL) {
1286     return ssl->ctx->cipher_list_by_id;
1287   }
1288 
1289   return NULL;
1290 }
1291 
SSL_get_cipher_list(const SSL * ssl,int n)1292 const char *SSL_get_cipher_list(const SSL *ssl, int n) {
1293   const SSL_CIPHER *c;
1294   STACK_OF(SSL_CIPHER) *sk;
1295 
1296   if (ssl == NULL) {
1297     return NULL;
1298   }
1299 
1300   sk = SSL_get_ciphers(ssl);
1301   if (sk == NULL || n < 0 || (size_t)n >= sk_SSL_CIPHER_num(sk)) {
1302     return NULL;
1303   }
1304 
1305   c = sk_SSL_CIPHER_value(sk, n);
1306   if (c == NULL) {
1307     return NULL;
1308   }
1309 
1310   return c->name;
1311 }
1312 
SSL_CTX_set_cipher_list(SSL_CTX * ctx,const char * str)1313 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) {
1314   STACK_OF(SSL_CIPHER) *cipher_list = ssl_create_cipher_list(
1315       ctx->method, &ctx->cipher_list, &ctx->cipher_list_by_id, str);
1316   if (cipher_list == NULL) {
1317     return 0;
1318   }
1319 
1320   /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */
1321   if (sk_SSL_CIPHER_num(cipher_list) == 0) {
1322     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH);
1323     return 0;
1324   }
1325 
1326   return 1;
1327 }
1328 
SSL_CTX_set_cipher_list_tls10(SSL_CTX * ctx,const char * str)1329 int SSL_CTX_set_cipher_list_tls10(SSL_CTX *ctx, const char *str) {
1330   STACK_OF(SSL_CIPHER) *cipher_list = ssl_create_cipher_list(
1331       ctx->method, &ctx->cipher_list_tls10, NULL, str);
1332   if (cipher_list == NULL) {
1333     return 0;
1334   }
1335 
1336   /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */
1337   if (sk_SSL_CIPHER_num(cipher_list) == 0) {
1338     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH);
1339     return 0;
1340   }
1341 
1342   return 1;
1343 }
1344 
SSL_CTX_set_cipher_list_tls11(SSL_CTX * ctx,const char * str)1345 int SSL_CTX_set_cipher_list_tls11(SSL_CTX *ctx, const char *str) {
1346   STACK_OF(SSL_CIPHER) *cipher_list = ssl_create_cipher_list(
1347       ctx->method, &ctx->cipher_list_tls11, NULL, str);
1348   if (cipher_list == NULL) {
1349     return 0;
1350   }
1351 
1352   /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */
1353   if (sk_SSL_CIPHER_num(cipher_list) == 0) {
1354     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH);
1355     return 0;
1356   }
1357 
1358   return 1;
1359 }
1360 
SSL_set_cipher_list(SSL * ssl,const char * str)1361 int SSL_set_cipher_list(SSL *ssl, const char *str) {
1362   STACK_OF(SSL_CIPHER) *cipher_list = ssl_create_cipher_list(
1363       ssl->ctx->method, &ssl->cipher_list, &ssl->cipher_list_by_id, str);
1364   if (cipher_list == NULL) {
1365     return 0;
1366   }
1367 
1368   /* |ssl_create_cipher_list| may succeed but return an empty cipher list. */
1369   if (sk_SSL_CIPHER_num(cipher_list) == 0) {
1370     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH);
1371     return 0;
1372   }
1373 
1374   return 1;
1375 }
1376 
STACK_OF(SSL_CIPHER)1377 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *ssl, const CBS *cbs) {
1378   CBS cipher_suites = *cbs;
1379   const SSL_CIPHER *c;
1380   STACK_OF(SSL_CIPHER) *sk;
1381 
1382   if (ssl->s3) {
1383     ssl->s3->send_connection_binding = 0;
1384   }
1385 
1386   if (CBS_len(&cipher_suites) % 2 != 0) {
1387     OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1388     return NULL;
1389   }
1390 
1391   sk = sk_SSL_CIPHER_new_null();
1392   if (sk == NULL) {
1393     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1394     goto err;
1395   }
1396 
1397   while (CBS_len(&cipher_suites) > 0) {
1398     uint16_t cipher_suite;
1399 
1400     if (!CBS_get_u16(&cipher_suites, &cipher_suite)) {
1401       OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1402       goto err;
1403     }
1404 
1405     /* Check for SCSV. */
1406     if (ssl->s3 && cipher_suite == (SSL3_CK_SCSV & 0xffff)) {
1407       /* SCSV is fatal if renegotiating. */
1408       if (ssl->s3->initial_handshake_complete) {
1409         OPENSSL_PUT_ERROR(SSL, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1410         ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1411         goto err;
1412       }
1413       ssl->s3->send_connection_binding = 1;
1414       continue;
1415     }
1416 
1417     /* Check for FALLBACK_SCSV. */
1418     if (ssl->s3 && cipher_suite == (SSL3_CK_FALLBACK_SCSV & 0xffff)) {
1419       uint16_t max_version = ssl3_get_max_server_version(ssl);
1420       if (SSL_IS_DTLS(ssl) ? (uint16_t)ssl->version > max_version
1421                          : (uint16_t)ssl->version < max_version) {
1422         OPENSSL_PUT_ERROR(SSL, SSL_R_INAPPROPRIATE_FALLBACK);
1423         ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL3_AD_INAPPROPRIATE_FALLBACK);
1424         goto err;
1425       }
1426       continue;
1427     }
1428 
1429     c = SSL_get_cipher_by_value(cipher_suite);
1430     if (c != NULL && !sk_SSL_CIPHER_push(sk, c)) {
1431       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1432       goto err;
1433     }
1434   }
1435 
1436   return sk;
1437 
1438 err:
1439   sk_SSL_CIPHER_free(sk);
1440   return NULL;
1441 }
1442 
SSL_get_servername(const SSL * ssl,const int type)1443 const char *SSL_get_servername(const SSL *ssl, const int type) {
1444   if (type != TLSEXT_NAMETYPE_host_name) {
1445     return NULL;
1446   }
1447 
1448   /* Historically, |SSL_get_servername| was also the configuration getter
1449    * corresponding to |SSL_set_tlsext_host_name|. */
1450   if (ssl->tlsext_hostname != NULL) {
1451     return ssl->tlsext_hostname;
1452   }
1453 
1454   if (ssl->session == NULL) {
1455     return NULL;
1456   }
1457   return ssl->session->tlsext_hostname;
1458 }
1459 
SSL_get_servername_type(const SSL * ssl)1460 int SSL_get_servername_type(const SSL *ssl) {
1461   if (ssl->session != NULL && ssl->session->tlsext_hostname != NULL) {
1462     return TLSEXT_NAMETYPE_host_name;
1463   }
1464 
1465   return -1;
1466 }
1467 
SSL_CTX_enable_signed_cert_timestamps(SSL_CTX * ctx)1468 void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx) {
1469   ctx->signed_cert_timestamps_enabled = 1;
1470 }
1471 
SSL_enable_signed_cert_timestamps(SSL * ssl)1472 int SSL_enable_signed_cert_timestamps(SSL *ssl) {
1473   ssl->signed_cert_timestamps_enabled = 1;
1474   return 1;
1475 }
1476 
SSL_CTX_enable_ocsp_stapling(SSL_CTX * ctx)1477 void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) {
1478   ctx->ocsp_stapling_enabled = 1;
1479 }
1480 
SSL_enable_ocsp_stapling(SSL * ssl)1481 int SSL_enable_ocsp_stapling(SSL *ssl) {
1482   ssl->ocsp_stapling_enabled = 1;
1483   return 1;
1484 }
1485 
SSL_get0_signed_cert_timestamp_list(const SSL * ssl,const uint8_t ** out,size_t * out_len)1486 void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out,
1487                                          size_t *out_len) {
1488   SSL_SESSION *session = ssl->session;
1489 
1490   *out_len = 0;
1491   *out = NULL;
1492   if (ssl->server || !session || !session->tlsext_signed_cert_timestamp_list) {
1493     return;
1494   }
1495 
1496   *out = session->tlsext_signed_cert_timestamp_list;
1497   *out_len = session->tlsext_signed_cert_timestamp_list_length;
1498 }
1499 
SSL_get0_ocsp_response(const SSL * ssl,const uint8_t ** out,size_t * out_len)1500 void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out,
1501                             size_t *out_len) {
1502   SSL_SESSION *session = ssl->session;
1503 
1504   *out_len = 0;
1505   *out = NULL;
1506   if (ssl->server || !session || !session->ocsp_response) {
1507     return;
1508   }
1509   *out = session->ocsp_response;
1510   *out_len = session->ocsp_response_length;
1511 }
1512 
SSL_CTX_set_signed_cert_timestamp_list(SSL_CTX * ctx,const uint8_t * list,size_t list_len)1513 int SSL_CTX_set_signed_cert_timestamp_list(SSL_CTX *ctx, const uint8_t *list,
1514                                            size_t list_len) {
1515   OPENSSL_free(ctx->signed_cert_timestamp_list);
1516   ctx->signed_cert_timestamp_list_length = 0;
1517 
1518   ctx->signed_cert_timestamp_list = BUF_memdup(list, list_len);
1519   if (ctx->signed_cert_timestamp_list == NULL) {
1520     return 0;
1521   }
1522   ctx->signed_cert_timestamp_list_length = list_len;
1523 
1524   return 1;
1525 }
1526 
SSL_CTX_set_ocsp_response(SSL_CTX * ctx,const uint8_t * response,size_t response_len)1527 int SSL_CTX_set_ocsp_response(SSL_CTX *ctx, const uint8_t *response,
1528                               size_t response_len) {
1529   OPENSSL_free(ctx->ocsp_response);
1530   ctx->ocsp_response_length = 0;
1531 
1532   ctx->ocsp_response = BUF_memdup(response, response_len);
1533   if (ctx->ocsp_response == NULL) {
1534     return 0;
1535   }
1536   ctx->ocsp_response_length = response_len;
1537 
1538   return 1;
1539 }
1540 
SSL_select_next_proto(uint8_t ** out,uint8_t * out_len,const uint8_t * server,unsigned server_len,const uint8_t * client,unsigned client_len)1541 int SSL_select_next_proto(uint8_t **out, uint8_t *out_len,
1542                           const uint8_t *server, unsigned server_len,
1543                           const uint8_t *client, unsigned client_len) {
1544   unsigned int i, j;
1545   const uint8_t *result;
1546   int status = OPENSSL_NPN_UNSUPPORTED;
1547 
1548   /* For each protocol in server preference order, see if we support it. */
1549   for (i = 0; i < server_len;) {
1550     for (j = 0; j < client_len;) {
1551       if (server[i] == client[j] &&
1552           memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
1553         /* We found a match */
1554         result = &server[i];
1555         status = OPENSSL_NPN_NEGOTIATED;
1556         goto found;
1557       }
1558       j += client[j];
1559       j++;
1560     }
1561     i += server[i];
1562     i++;
1563   }
1564 
1565   /* There's no overlap between our protocols and the server's list. */
1566   result = client;
1567   status = OPENSSL_NPN_NO_OVERLAP;
1568 
1569 found:
1570   *out = (uint8_t *)result + 1;
1571   *out_len = result[0];
1572   return status;
1573 }
1574 
SSL_get0_next_proto_negotiated(const SSL * ssl,const uint8_t ** out_data,unsigned * out_len)1575 void SSL_get0_next_proto_negotiated(const SSL *ssl, const uint8_t **out_data,
1576                                     unsigned *out_len) {
1577   *out_data = ssl->next_proto_negotiated;
1578   if (*out_data == NULL) {
1579     *out_len = 0;
1580   } else {
1581     *out_len = ssl->next_proto_negotiated_len;
1582   }
1583 }
1584 
SSL_CTX_set_next_protos_advertised_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,const uint8_t ** out,unsigned * out_len,void * arg),void * arg)1585 void SSL_CTX_set_next_protos_advertised_cb(
1586     SSL_CTX *ctx,
1587     int (*cb)(SSL *ssl, const uint8_t **out, unsigned *out_len, void *arg),
1588     void *arg) {
1589   ctx->next_protos_advertised_cb = cb;
1590   ctx->next_protos_advertised_cb_arg = arg;
1591 }
1592 
SSL_CTX_set_next_proto_select_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg),void * arg)1593 void SSL_CTX_set_next_proto_select_cb(
1594     SSL_CTX *ctx, int (*cb)(SSL *ssl, uint8_t **out, uint8_t *out_len,
1595                             const uint8_t *in, unsigned in_len, void *arg),
1596     void *arg) {
1597   ctx->next_proto_select_cb = cb;
1598   ctx->next_proto_select_cb_arg = arg;
1599 }
1600 
SSL_CTX_set_alpn_protos(SSL_CTX * ctx,const uint8_t * protos,unsigned protos_len)1601 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
1602                             unsigned protos_len) {
1603   OPENSSL_free(ctx->alpn_client_proto_list);
1604   ctx->alpn_client_proto_list = BUF_memdup(protos, protos_len);
1605   if (!ctx->alpn_client_proto_list) {
1606     return 1;
1607   }
1608   ctx->alpn_client_proto_list_len = protos_len;
1609 
1610   return 0;
1611 }
1612 
SSL_set_alpn_protos(SSL * ssl,const uint8_t * protos,unsigned protos_len)1613 int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) {
1614   OPENSSL_free(ssl->alpn_client_proto_list);
1615   ssl->alpn_client_proto_list = BUF_memdup(protos, protos_len);
1616   if (!ssl->alpn_client_proto_list) {
1617     return 1;
1618   }
1619   ssl->alpn_client_proto_list_len = protos_len;
1620 
1621   return 0;
1622 }
1623 
SSL_CTX_set_alpn_select_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,const uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg),void * arg)1624 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
1625                                 int (*cb)(SSL *ssl, const uint8_t **out,
1626                                           uint8_t *out_len, const uint8_t *in,
1627                                           unsigned in_len, void *arg),
1628                                 void *arg) {
1629   ctx->alpn_select_cb = cb;
1630   ctx->alpn_select_cb_arg = arg;
1631 }
1632 
SSL_get0_alpn_selected(const SSL * ssl,const uint8_t ** out_data,unsigned * out_len)1633 void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **out_data,
1634                             unsigned *out_len) {
1635   *out_data = NULL;
1636   if (ssl->s3) {
1637     *out_data = ssl->s3->alpn_selected;
1638   }
1639   if (*out_data == NULL) {
1640     *out_len = 0;
1641   } else {
1642     *out_len = ssl->s3->alpn_selected_len;
1643   }
1644 }
1645 
SSL_export_keying_material(SSL * ssl,uint8_t * out,size_t out_len,const char * label,size_t label_len,const uint8_t * context,size_t context_len,int use_context)1646 int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len,
1647                                const char *label, size_t label_len,
1648                                const uint8_t *context, size_t context_len,
1649                                int use_context) {
1650   if (ssl->version < TLS1_VERSION) {
1651     return 0;
1652   }
1653 
1654   return ssl->enc_method->export_keying_material(
1655       ssl, out, out_len, label, label_len, context, context_len, use_context);
1656 }
1657 
SSL_CTX_set_cert_verify_callback(SSL_CTX * ctx,int (* cb)(X509_STORE_CTX * store_ctx,void * arg),void * arg)1658 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
1659                                       int (*cb)(X509_STORE_CTX *store_ctx,
1660                                                 void *arg),
1661                                       void *arg) {
1662   ctx->app_verify_callback = cb;
1663   ctx->app_verify_arg = arg;
1664 }
1665 
SSL_CTX_set_verify(SSL_CTX * ctx,int mode,int (* cb)(int,X509_STORE_CTX *))1666 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
1667                         int (*cb)(int, X509_STORE_CTX *)) {
1668   ctx->verify_mode = mode;
1669   ctx->default_verify_callback = cb;
1670 }
1671 
SSL_CTX_set_verify_depth(SSL_CTX * ctx,int depth)1672 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) {
1673   X509_VERIFY_PARAM_set_depth(ctx->param, depth);
1674 }
1675 
SSL_CTX_set_cert_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,void * arg),void * arg)1676 void SSL_CTX_set_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, void *arg),
1677                          void *arg) {
1678   ssl_cert_set_cert_cb(ctx->cert, cb, arg);
1679 }
1680 
SSL_set_cert_cb(SSL * ssl,int (* cb)(SSL * ssl,void * arg),void * arg)1681 void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), void *arg) {
1682   ssl_cert_set_cert_cb(ssl->cert, cb, arg);
1683 }
1684 
ssl_get_compatible_server_ciphers(SSL * ssl,uint32_t * out_mask_k,uint32_t * out_mask_a)1685 void ssl_get_compatible_server_ciphers(SSL *ssl, uint32_t *out_mask_k,
1686                                        uint32_t *out_mask_a) {
1687   CERT *c = ssl->cert;
1688   int have_rsa_cert = 0, dh_tmp;
1689   uint32_t mask_k, mask_a;
1690   int have_ecc_cert = 0, ecdsa_ok;
1691   X509 *x;
1692 
1693   dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
1694 
1695   if (ssl->cert->x509 != NULL && ssl_has_private_key(ssl)) {
1696     if (ssl_private_key_type(ssl) == EVP_PKEY_RSA) {
1697       have_rsa_cert = 1;
1698     } else if (ssl_private_key_type(ssl) == EVP_PKEY_EC) {
1699       have_ecc_cert = 1;
1700     }
1701   }
1702 
1703   mask_k = 0;
1704   mask_a = 0;
1705 
1706   if (dh_tmp) {
1707     mask_k |= SSL_kDHE;
1708   }
1709   if (have_rsa_cert) {
1710     mask_k |= SSL_kRSA;
1711     mask_a |= SSL_aRSA;
1712   }
1713 
1714   /* An ECC certificate may be usable for ECDSA cipher suites depending on the
1715    * key usage extension and on the client's curve preferences. */
1716   if (have_ecc_cert) {
1717     x = c->x509;
1718     /* This call populates extension flags (ex_flags). */
1719     X509_check_purpose(x, -1, 0);
1720     ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE)
1721                    ? (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE)
1722                    : 1;
1723     if (!tls1_check_ec_cert(ssl, x)) {
1724       ecdsa_ok = 0;
1725     }
1726     if (ecdsa_ok) {
1727       mask_a |= SSL_aECDSA;
1728     }
1729   }
1730 
1731   /* If we are considering an ECC cipher suite that uses an ephemeral EC
1732    * key, check for a shared curve. */
1733   uint16_t unused;
1734   if (tls1_get_shared_curve(ssl, &unused)) {
1735     mask_k |= SSL_kECDHE;
1736   }
1737 
1738   /* PSK requires a server callback. */
1739   if (ssl->psk_server_callback != NULL) {
1740     mask_k |= SSL_kPSK;
1741     mask_a |= SSL_aPSK;
1742   }
1743 
1744   *out_mask_k = mask_k;
1745   *out_mask_a = mask_a;
1746 }
1747 
ssl_update_cache(SSL * ssl,int mode)1748 void ssl_update_cache(SSL *ssl, int mode) {
1749   SSL_CTX *ctx = ssl->initial_ctx;
1750   /* Never cache sessions with empty session IDs. */
1751   if (ssl->session->session_id_length == 0 ||
1752       (ctx->session_cache_mode & mode) != mode) {
1753     return;
1754   }
1755 
1756   /* Clients never use the internal session cache. */
1757   int use_internal_cache = ssl->server && !(ctx->session_cache_mode &
1758                                             SSL_SESS_CACHE_NO_INTERNAL_STORE);
1759 
1760   /* A client may see new sessions on abbreviated handshakes if the server
1761    * decides to renew the ticket. Once the handshake is completed, it should be
1762    * inserted into the cache. */
1763   if (!ssl->hit || (!ssl->server && ssl->tlsext_ticket_expected)) {
1764     if (use_internal_cache) {
1765       SSL_CTX_add_session(ctx, ssl->session);
1766     }
1767     if (ctx->new_session_cb != NULL &&
1768         !ctx->new_session_cb(ssl, SSL_SESSION_up_ref(ssl->session))) {
1769       /* |new_session_cb|'s return value signals whether it took ownership. */
1770       SSL_SESSION_free(ssl->session);
1771     }
1772   }
1773 
1774   if (use_internal_cache &&
1775       !(ctx->session_cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR)) {
1776     /* Automatically flush the internal session cache every 255 connections. */
1777     int flush_cache = 0;
1778     CRYPTO_MUTEX_lock_write(&ctx->lock);
1779     ctx->handshakes_since_cache_flush++;
1780     if (ctx->handshakes_since_cache_flush >= 255) {
1781       flush_cache = 1;
1782       ctx->handshakes_since_cache_flush = 0;
1783     }
1784     CRYPTO_MUTEX_unlock(&ctx->lock);
1785 
1786     if (flush_cache) {
1787       SSL_CTX_flush_sessions(ctx, (unsigned long)time(NULL));
1788     }
1789   }
1790 }
1791 
ssl_get_version(int version)1792 static const char *ssl_get_version(int version) {
1793   switch (version) {
1794     case TLS1_2_VERSION:
1795       return "TLSv1.2";
1796 
1797     case TLS1_1_VERSION:
1798       return "TLSv1.1";
1799 
1800     case TLS1_VERSION:
1801       return "TLSv1";
1802 
1803     case SSL3_VERSION:
1804       return "SSLv3";
1805 
1806     case DTLS1_VERSION:
1807       return "DTLSv1";
1808 
1809     case DTLS1_2_VERSION:
1810       return "DTLSv1.2";
1811 
1812     default:
1813       return "unknown";
1814   }
1815 }
1816 
SSL_get_version(const SSL * ssl)1817 const char *SSL_get_version(const SSL *ssl) {
1818   return ssl_get_version(ssl->version);
1819 }
1820 
SSL_SESSION_get_version(const SSL_SESSION * session)1821 const char *SSL_SESSION_get_version(const SSL_SESSION *session) {
1822   return ssl_get_version(session->ssl_version);
1823 }
1824 
ssl_clear_cipher_ctx(SSL * ssl)1825 void ssl_clear_cipher_ctx(SSL *ssl) {
1826   SSL_AEAD_CTX_free(ssl->aead_read_ctx);
1827   ssl->aead_read_ctx = NULL;
1828   SSL_AEAD_CTX_free(ssl->aead_write_ctx);
1829   ssl->aead_write_ctx = NULL;
1830 }
1831 
SSL_get_certificate(const SSL * ssl)1832 X509 *SSL_get_certificate(const SSL *ssl) {
1833   if (ssl->cert != NULL) {
1834     return ssl->cert->x509;
1835   }
1836 
1837   return NULL;
1838 }
1839 
SSL_get_privatekey(const SSL * ssl)1840 EVP_PKEY *SSL_get_privatekey(const SSL *ssl) {
1841   if (ssl->cert != NULL) {
1842     return ssl->cert->privatekey;
1843   }
1844 
1845   return NULL;
1846 }
1847 
SSL_CTX_get0_certificate(const SSL_CTX * ctx)1848 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) {
1849   if (ctx->cert != NULL) {
1850     return ctx->cert->x509;
1851   }
1852 
1853   return NULL;
1854 }
1855 
SSL_CTX_get0_privatekey(const SSL_CTX * ctx)1856 EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) {
1857   if (ctx->cert != NULL) {
1858     return ctx->cert->privatekey;
1859   }
1860 
1861   return NULL;
1862 }
1863 
SSL_get_current_cipher(const SSL * ssl)1864 const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl) {
1865   if (ssl->aead_write_ctx == NULL) {
1866     return NULL;
1867   }
1868   return ssl->aead_write_ctx->cipher;
1869 }
1870 
SSL_get_current_compression(SSL * ssl)1871 const COMP_METHOD *SSL_get_current_compression(SSL *ssl) { return NULL; }
1872 
SSL_get_current_expansion(SSL * ssl)1873 const COMP_METHOD *SSL_get_current_expansion(SSL *ssl) { return NULL; }
1874 
ssl_init_wbio_buffer(SSL * ssl,int push)1875 int ssl_init_wbio_buffer(SSL *ssl, int push) {
1876   BIO *bbio;
1877 
1878   if (ssl->bbio == NULL) {
1879     bbio = BIO_new(BIO_f_buffer());
1880     if (bbio == NULL) {
1881       return 0;
1882     }
1883     ssl->bbio = bbio;
1884   } else {
1885     bbio = ssl->bbio;
1886     if (ssl->bbio == ssl->wbio) {
1887       ssl->wbio = BIO_pop(ssl->wbio);
1888     }
1889   }
1890 
1891   BIO_reset(bbio);
1892   if (!BIO_set_read_buffer_size(bbio, 1)) {
1893     OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
1894     return 0;
1895   }
1896 
1897   if (push) {
1898     if (ssl->wbio != bbio) {
1899       ssl->wbio = BIO_push(bbio, ssl->wbio);
1900     }
1901   } else {
1902     if (ssl->wbio == bbio) {
1903       ssl->wbio = BIO_pop(bbio);
1904     }
1905   }
1906 
1907   return 1;
1908 }
1909 
ssl_free_wbio_buffer(SSL * ssl)1910 void ssl_free_wbio_buffer(SSL *ssl) {
1911   if (ssl->bbio == NULL) {
1912     return;
1913   }
1914 
1915   if (ssl->bbio == ssl->wbio) {
1916     /* remove buffering */
1917     ssl->wbio = BIO_pop(ssl->wbio);
1918   }
1919 
1920   BIO_free(ssl->bbio);
1921   ssl->bbio = NULL;
1922 }
1923 
SSL_CTX_set_quiet_shutdown(SSL_CTX * ctx,int mode)1924 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) {
1925   ctx->quiet_shutdown = (mode != 0);
1926 }
1927 
SSL_CTX_get_quiet_shutdown(const SSL_CTX * ctx)1928 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) {
1929   return ctx->quiet_shutdown;
1930 }
1931 
SSL_set_quiet_shutdown(SSL * ssl,int mode)1932 void SSL_set_quiet_shutdown(SSL *ssl, int mode) {
1933   ssl->quiet_shutdown = (mode != 0);
1934 }
1935 
SSL_get_quiet_shutdown(const SSL * ssl)1936 int SSL_get_quiet_shutdown(const SSL *ssl) { return ssl->quiet_shutdown; }
1937 
SSL_set_shutdown(SSL * ssl,int mode)1938 void SSL_set_shutdown(SSL *ssl, int mode) {
1939   /* It is an error to clear any bits that have already been set. (We can't try
1940    * to get a second close_notify or send two.) */
1941   assert((ssl->shutdown & mode) == ssl->shutdown);
1942 
1943   ssl->shutdown |= mode;
1944 }
1945 
SSL_get_shutdown(const SSL * ssl)1946 int SSL_get_shutdown(const SSL *ssl) { return ssl->shutdown; }
1947 
SSL_version(const SSL * ssl)1948 int SSL_version(const SSL *ssl) { return ssl->version; }
1949 
SSL_get_SSL_CTX(const SSL * ssl)1950 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx; }
1951 
SSL_set_SSL_CTX(SSL * ssl,SSL_CTX * ctx)1952 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) {
1953   if (ssl->ctx == ctx) {
1954     return ssl->ctx;
1955   }
1956 
1957   if (ctx == NULL) {
1958     ctx = ssl->initial_ctx;
1959   }
1960 
1961   ssl_cert_free(ssl->cert);
1962   ssl->cert = ssl_cert_dup(ctx->cert);
1963 
1964   CRYPTO_refcount_inc(&ctx->references);
1965   SSL_CTX_free(ssl->ctx); /* decrement reference count */
1966   ssl->ctx = ctx;
1967 
1968   ssl->sid_ctx_length = ctx->sid_ctx_length;
1969   assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
1970   memcpy(ssl->sid_ctx, ctx->sid_ctx, sizeof(ssl->sid_ctx));
1971 
1972   return ssl->ctx;
1973 }
1974 
SSL_CTX_set_default_verify_paths(SSL_CTX * ctx)1975 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) {
1976   return X509_STORE_set_default_paths(ctx->cert_store);
1977 }
1978 
SSL_CTX_load_verify_locations(SSL_CTX * ctx,const char * ca_file,const char * ca_dir)1979 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *ca_file,
1980                                   const char *ca_dir) {
1981   return X509_STORE_load_locations(ctx->cert_store, ca_file, ca_dir);
1982 }
1983 
SSL_set_info_callback(SSL * ssl,void (* cb)(const SSL * ssl,int type,int value))1984 void SSL_set_info_callback(SSL *ssl,
1985                            void (*cb)(const SSL *ssl, int type, int value)) {
1986   ssl->info_callback = cb;
1987 }
1988 
SSL_get_info_callback(const SSL * ssl)1989 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type,
1990                                               int value) {
1991   return ssl->info_callback;
1992 }
1993 
SSL_state(const SSL * ssl)1994 int SSL_state(const SSL *ssl) { return ssl->state; }
1995 
SSL_set_state(SSL * ssl,int state)1996 void SSL_set_state(SSL *ssl, int state) { }
1997 
SSL_set_verify_result(SSL * ssl,long result)1998 void SSL_set_verify_result(SSL *ssl, long result) {
1999   ssl->verify_result = result;
2000 }
2001 
SSL_get_verify_result(const SSL * ssl)2002 long SSL_get_verify_result(const SSL *ssl) { return ssl->verify_result; }
2003 
SSL_get_ex_new_index(long argl,void * argp,CRYPTO_EX_unused * unused,CRYPTO_EX_dup * dup_func,CRYPTO_EX_free * free_func)2004 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
2005                          CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) {
2006   int index;
2007   if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl, &index, argl, argp,
2008                                dup_func, free_func)) {
2009     return -1;
2010   }
2011   return index;
2012 }
2013 
SSL_set_ex_data(SSL * ssl,int idx,void * arg)2014 int SSL_set_ex_data(SSL *ssl, int idx, void *arg) {
2015   return CRYPTO_set_ex_data(&ssl->ex_data, idx, arg);
2016 }
2017 
SSL_get_ex_data(const SSL * ssl,int idx)2018 void *SSL_get_ex_data(const SSL *ssl, int idx) {
2019   return CRYPTO_get_ex_data(&ssl->ex_data, idx);
2020 }
2021 
SSL_CTX_get_ex_new_index(long argl,void * argp,CRYPTO_EX_unused * unused,CRYPTO_EX_dup * dup_func,CRYPTO_EX_free * free_func)2022 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
2023                              CRYPTO_EX_dup *dup_func,
2024                              CRYPTO_EX_free *free_func) {
2025   int index;
2026   if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl_ctx, &index, argl, argp,
2027                                dup_func, free_func)) {
2028     return -1;
2029   }
2030   return index;
2031 }
2032 
SSL_CTX_set_ex_data(SSL_CTX * ctx,int idx,void * arg)2033 int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg) {
2034   return CRYPTO_set_ex_data(&ctx->ex_data, idx, arg);
2035 }
2036 
SSL_CTX_get_ex_data(const SSL_CTX * ctx,int idx)2037 void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx) {
2038   return CRYPTO_get_ex_data(&ctx->ex_data, idx);
2039 }
2040 
SSL_CTX_get_cert_store(const SSL_CTX * ctx)2041 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
2042   return ctx->cert_store;
2043 }
2044 
SSL_CTX_set_cert_store(SSL_CTX * ctx,X509_STORE * store)2045 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) {
2046   X509_STORE_free(ctx->cert_store);
2047   ctx->cert_store = store;
2048 }
2049 
SSL_want(const SSL * ssl)2050 int SSL_want(const SSL *ssl) { return ssl->rwstate; }
2051 
SSL_CTX_set_tmp_rsa_callback(SSL_CTX * ctx,RSA * (* cb)(SSL * ssl,int is_export,int keylength))2052 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
2053                                   RSA *(*cb)(SSL *ssl, int is_export,
2054                                              int keylength)) {
2055 }
2056 
SSL_set_tmp_rsa_callback(SSL * ssl,RSA * (* cb)(SSL * ssl,int is_export,int keylength))2057 void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
2058                                                    int keylength)) {
2059 }
2060 
SSL_CTX_set_tmp_dh_callback(SSL_CTX * ctx,DH * (* callback)(SSL * ssl,int is_export,int keylength))2061 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
2062                                  DH *(*callback)(SSL *ssl, int is_export,
2063                                                  int keylength)) {
2064   ctx->cert->dh_tmp_cb = callback;
2065 }
2066 
SSL_set_tmp_dh_callback(SSL * ssl,DH * (* callback)(SSL * ssl,int is_export,int keylength))2067 void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*callback)(SSL *ssl, int is_export,
2068                                                        int keylength)) {
2069   ssl->cert->dh_tmp_cb = callback;
2070 }
2071 
SSL_CTX_use_psk_identity_hint(SSL_CTX * ctx,const char * identity_hint)2072 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) {
2073   if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
2074     OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
2075     return 0;
2076   }
2077 
2078   OPENSSL_free(ctx->psk_identity_hint);
2079 
2080   if (identity_hint != NULL) {
2081     ctx->psk_identity_hint = BUF_strdup(identity_hint);
2082     if (ctx->psk_identity_hint == NULL) {
2083       return 0;
2084     }
2085   } else {
2086     ctx->psk_identity_hint = NULL;
2087   }
2088 
2089   return 1;
2090 }
2091 
SSL_use_psk_identity_hint(SSL * ssl,const char * identity_hint)2092 int SSL_use_psk_identity_hint(SSL *ssl, const char *identity_hint) {
2093   if (ssl == NULL) {
2094     return 0;
2095   }
2096 
2097   if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
2098     OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
2099     return 0;
2100   }
2101 
2102   /* Clear currently configured hint, if any. */
2103   OPENSSL_free(ssl->psk_identity_hint);
2104   ssl->psk_identity_hint = NULL;
2105 
2106   if (identity_hint != NULL) {
2107     ssl->psk_identity_hint = BUF_strdup(identity_hint);
2108     if (ssl->psk_identity_hint == NULL) {
2109       return 0;
2110     }
2111   }
2112 
2113   return 1;
2114 }
2115 
SSL_get_psk_identity_hint(const SSL * ssl)2116 const char *SSL_get_psk_identity_hint(const SSL *ssl) {
2117   if (ssl == NULL) {
2118     return NULL;
2119   }
2120   return ssl->psk_identity_hint;
2121 }
2122 
SSL_get_psk_identity(const SSL * ssl)2123 const char *SSL_get_psk_identity(const SSL *ssl) {
2124   if (ssl == NULL || ssl->session == NULL) {
2125     return NULL;
2126   }
2127 
2128   return ssl->session->psk_identity;
2129 }
2130 
SSL_set_psk_client_callback(SSL * ssl,unsigned (* cb)(SSL * ssl,const char * hint,char * identity,unsigned max_identity_len,uint8_t * psk,unsigned max_psk_len))2131 void SSL_set_psk_client_callback(
2132     SSL *ssl, unsigned (*cb)(SSL *ssl, const char *hint, char *identity,
2133                              unsigned max_identity_len, uint8_t *psk,
2134                              unsigned max_psk_len)) {
2135   ssl->psk_client_callback = cb;
2136 }
2137 
SSL_CTX_set_psk_client_callback(SSL_CTX * ctx,unsigned (* cb)(SSL * ssl,const char * hint,char * identity,unsigned max_identity_len,uint8_t * psk,unsigned max_psk_len))2138 void SSL_CTX_set_psk_client_callback(
2139     SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *hint, char *identity,
2140                                  unsigned max_identity_len, uint8_t *psk,
2141                                  unsigned max_psk_len)) {
2142   ctx->psk_client_callback = cb;
2143 }
2144 
SSL_set_psk_server_callback(SSL * ssl,unsigned (* cb)(SSL * ssl,const char * identity,uint8_t * psk,unsigned max_psk_len))2145 void SSL_set_psk_server_callback(
2146     SSL *ssl, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk,
2147                              unsigned max_psk_len)) {
2148   ssl->psk_server_callback = cb;
2149 }
2150 
SSL_CTX_set_psk_server_callback(SSL_CTX * ctx,unsigned (* cb)(SSL * ssl,const char * identity,uint8_t * psk,unsigned max_psk_len))2151 void SSL_CTX_set_psk_server_callback(
2152     SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity,
2153                                  uint8_t *psk, unsigned max_psk_len)) {
2154   ctx->psk_server_callback = cb;
2155 }
2156 
SSL_CTX_set_msg_callback(SSL_CTX * ctx,void (* cb)(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg))2157 void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
2158                               void (*cb)(int write_p, int version,
2159                                          int content_type, const void *buf,
2160                                          size_t len, SSL *ssl, void *arg)) {
2161   ctx->msg_callback = cb;
2162 }
2163 
SSL_CTX_set_msg_callback_arg(SSL_CTX * ctx,void * arg)2164 void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg) {
2165   ctx->msg_callback_arg = arg;
2166 }
2167 
SSL_set_msg_callback(SSL * ssl,void (* cb)(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg))2168 void SSL_set_msg_callback(SSL *ssl,
2169                           void (*cb)(int write_p, int version, int content_type,
2170                                      const void *buf, size_t len, SSL *ssl,
2171                                      void *arg)) {
2172   ssl->msg_callback = cb;
2173 }
2174 
SSL_set_msg_callback_arg(SSL * ssl,void * arg)2175 void SSL_set_msg_callback_arg(SSL *ssl, void *arg) {
2176   ssl->msg_callback_arg = arg;
2177 }
2178 
SSL_CTX_set_keylog_callback(SSL_CTX * ctx,void (* cb)(const SSL * ssl,const char * line))2179 void SSL_CTX_set_keylog_callback(SSL_CTX *ctx,
2180                                  void (*cb)(const SSL *ssl, const char *line)) {
2181   ctx->keylog_callback = cb;
2182 }
2183 
cbb_add_hex(CBB * cbb,const uint8_t * in,size_t in_len)2184 static int cbb_add_hex(CBB *cbb, const uint8_t *in, size_t in_len) {
2185   static const char hextable[] = "0123456789abcdef";
2186   uint8_t *out;
2187   size_t i;
2188 
2189   if (!CBB_add_space(cbb, &out, in_len * 2)) {
2190     return 0;
2191   }
2192 
2193   for (i = 0; i < in_len; i++) {
2194     *(out++) = (uint8_t)hextable[in[i] >> 4];
2195     *(out++) = (uint8_t)hextable[in[i] & 0xf];
2196   }
2197 
2198   return 1;
2199 }
2200 
ssl_log_rsa_client_key_exchange(const SSL * ssl,const uint8_t * encrypted_premaster,size_t encrypted_premaster_len,const uint8_t * premaster,size_t premaster_len)2201 int ssl_log_rsa_client_key_exchange(const SSL *ssl,
2202                                     const uint8_t *encrypted_premaster,
2203                                     size_t encrypted_premaster_len,
2204                                     const uint8_t *premaster,
2205                                     size_t premaster_len) {
2206   if (ssl->ctx->keylog_callback == NULL) {
2207     return 1;
2208   }
2209 
2210   if (encrypted_premaster_len < 8) {
2211     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
2212     return 0;
2213   }
2214 
2215   CBB cbb;
2216   uint8_t *out;
2217   size_t out_len;
2218   if (!CBB_init(&cbb, 4 + 16 + 1 + premaster_len * 2 + 1) ||
2219       !CBB_add_bytes(&cbb, (const uint8_t *)"RSA ", 4) ||
2220       /* Only the first 8 bytes of the encrypted premaster secret are
2221        * logged. */
2222       !cbb_add_hex(&cbb, encrypted_premaster, 8) ||
2223       !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) ||
2224       !cbb_add_hex(&cbb, premaster, premaster_len) ||
2225       !CBB_add_u8(&cbb, 0 /* NUL */) ||
2226       !CBB_finish(&cbb, &out, &out_len)) {
2227     CBB_cleanup(&cbb);
2228     return 0;
2229   }
2230 
2231   ssl->ctx->keylog_callback(ssl, (const char *)out);
2232   OPENSSL_free(out);
2233   return 1;
2234 }
2235 
ssl_log_master_secret(const SSL * ssl,const uint8_t * client_random,size_t client_random_len,const uint8_t * master,size_t master_len)2236 int ssl_log_master_secret(const SSL *ssl, const uint8_t *client_random,
2237                           size_t client_random_len, const uint8_t *master,
2238                           size_t master_len) {
2239   if (ssl->ctx->keylog_callback == NULL) {
2240     return 1;
2241   }
2242 
2243   if (client_random_len != 32) {
2244     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
2245     return 0;
2246   }
2247 
2248   CBB cbb;
2249   uint8_t *out;
2250   size_t out_len;
2251   if (!CBB_init(&cbb, 14 + 64 + 1 + master_len * 2 + 1) ||
2252       !CBB_add_bytes(&cbb, (const uint8_t *)"CLIENT_RANDOM ", 14) ||
2253       !cbb_add_hex(&cbb, client_random, 32) ||
2254       !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) ||
2255       !cbb_add_hex(&cbb, master, master_len) ||
2256       !CBB_add_u8(&cbb, 0 /* NUL */) ||
2257       !CBB_finish(&cbb, &out, &out_len)) {
2258     CBB_cleanup(&cbb);
2259     return 0;
2260   }
2261 
2262   ssl->ctx->keylog_callback(ssl, (const char *)out);
2263   OPENSSL_free(out);
2264   return 1;
2265 }
2266 
SSL_is_init_finished(const SSL * ssl)2267 int SSL_is_init_finished(const SSL *ssl) {
2268   return ssl->state == SSL_ST_OK;
2269 }
2270 
SSL_in_init(const SSL * ssl)2271 int SSL_in_init(const SSL *ssl) {
2272   return (ssl->state & SSL_ST_INIT) != 0;
2273 }
2274 
SSL_in_false_start(const SSL * ssl)2275 int SSL_in_false_start(const SSL *ssl) {
2276   return ssl->s3->tmp.in_false_start;
2277 }
2278 
SSL_cutthrough_complete(const SSL * ssl)2279 int SSL_cutthrough_complete(const SSL *ssl) {
2280   return SSL_in_false_start(ssl);
2281 }
2282 
SSL_get_structure_sizes(size_t * ssl_size,size_t * ssl_ctx_size,size_t * ssl_session_size)2283 void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size,
2284                              size_t *ssl_session_size) {
2285   *ssl_size = sizeof(SSL);
2286   *ssl_ctx_size = sizeof(SSL_CTX);
2287   *ssl_session_size = sizeof(SSL_SESSION);
2288 }
2289 
ssl3_can_false_start(const SSL * ssl)2290 int ssl3_can_false_start(const SSL *ssl) {
2291   const SSL_CIPHER *const cipher = SSL_get_current_cipher(ssl);
2292 
2293   /* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */
2294   return !SSL_IS_DTLS(ssl) &&
2295       SSL_version(ssl) >= TLS1_2_VERSION &&
2296       (ssl->s3->alpn_selected || ssl->s3->next_proto_neg_seen) &&
2297       cipher != NULL &&
2298       cipher->algorithm_mkey == SSL_kECDHE &&
2299       cipher->algorithm_mac == SSL_AEAD;
2300 }
2301 
ssl3_get_enc_method(uint16_t version)2302 const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version) {
2303   switch (version) {
2304     case SSL3_VERSION:
2305       return &SSLv3_enc_data;
2306 
2307     case TLS1_VERSION:
2308       return &TLSv1_enc_data;
2309 
2310     case DTLS1_VERSION:
2311     case TLS1_1_VERSION:
2312       return &TLSv1_1_enc_data;
2313 
2314     case DTLS1_2_VERSION:
2315     case TLS1_2_VERSION:
2316       return &TLSv1_2_enc_data;
2317 
2318     default:
2319       return NULL;
2320   }
2321 }
2322 
ssl3_get_max_server_version(const SSL * ssl)2323 uint16_t ssl3_get_max_server_version(const SSL *ssl) {
2324   uint16_t max_version;
2325 
2326   if (SSL_IS_DTLS(ssl)) {
2327     max_version = (ssl->max_version != 0) ? ssl->max_version : DTLS1_2_VERSION;
2328     if (!(ssl->options & SSL_OP_NO_DTLSv1_2) &&
2329         DTLS1_2_VERSION >= max_version) {
2330       return DTLS1_2_VERSION;
2331     }
2332     if (!(ssl->options & SSL_OP_NO_DTLSv1) && DTLS1_VERSION >= max_version) {
2333       return DTLS1_VERSION;
2334     }
2335     return 0;
2336   }
2337 
2338   max_version = (ssl->max_version != 0) ? ssl->max_version : TLS1_2_VERSION;
2339   if (!(ssl->options & SSL_OP_NO_TLSv1_2) && TLS1_2_VERSION <= max_version) {
2340     return TLS1_2_VERSION;
2341   }
2342   if (!(ssl->options & SSL_OP_NO_TLSv1_1) && TLS1_1_VERSION <= max_version) {
2343     return TLS1_1_VERSION;
2344   }
2345   if (!(ssl->options & SSL_OP_NO_TLSv1) && TLS1_VERSION <= max_version) {
2346     return TLS1_VERSION;
2347   }
2348   if (!(ssl->options & SSL_OP_NO_SSLv3) && SSL3_VERSION <= max_version) {
2349     return SSL3_VERSION;
2350   }
2351   return 0;
2352 }
2353 
ssl3_get_mutual_version(SSL * ssl,uint16_t client_version)2354 uint16_t ssl3_get_mutual_version(SSL *ssl, uint16_t client_version) {
2355   uint16_t version = 0;
2356 
2357   if (SSL_IS_DTLS(ssl)) {
2358     /* Clamp client_version to max_version. */
2359     if (ssl->max_version != 0 && client_version < ssl->max_version) {
2360       client_version = ssl->max_version;
2361     }
2362 
2363     if (client_version <= DTLS1_2_VERSION &&
2364         !(ssl->options & SSL_OP_NO_DTLSv1_2)) {
2365       version = DTLS1_2_VERSION;
2366     } else if (client_version <= DTLS1_VERSION &&
2367                !(ssl->options & SSL_OP_NO_DTLSv1)) {
2368       version = DTLS1_VERSION;
2369     }
2370 
2371     /* Check against min_version. */
2372     if (version != 0 && ssl->min_version != 0 && version > ssl->min_version) {
2373       return 0;
2374     }
2375     return version;
2376   } else {
2377     /* Clamp client_version to max_version. */
2378     if (ssl->max_version != 0 && client_version > ssl->max_version) {
2379       client_version = ssl->max_version;
2380     }
2381 
2382     if (client_version >= TLS1_2_VERSION &&
2383         !(ssl->options & SSL_OP_NO_TLSv1_2)) {
2384       version = TLS1_2_VERSION;
2385     } else if (client_version >= TLS1_1_VERSION &&
2386                !(ssl->options & SSL_OP_NO_TLSv1_1)) {
2387       version = TLS1_1_VERSION;
2388     } else if (client_version >= TLS1_VERSION &&
2389                !(ssl->options & SSL_OP_NO_TLSv1)) {
2390       version = TLS1_VERSION;
2391     } else if (client_version >= SSL3_VERSION &&
2392                !(ssl->options & SSL_OP_NO_SSLv3)) {
2393       version = SSL3_VERSION;
2394     }
2395 
2396     /* Check against min_version. */
2397     if (version != 0 && ssl->min_version != 0 && version < ssl->min_version) {
2398       return 0;
2399     }
2400     return version;
2401   }
2402 }
2403 
ssl3_get_max_client_version(SSL * ssl)2404 uint16_t ssl3_get_max_client_version(SSL *ssl) {
2405   uint32_t options = ssl->options;
2406   uint16_t version = 0;
2407 
2408   /* OpenSSL's API for controlling versions entails blacklisting individual
2409    * protocols. This has two problems. First, on the client, the protocol can
2410    * only express a contiguous range of versions. Second, a library consumer
2411    * trying to set a maximum version cannot disable protocol versions that get
2412    * added in a future version of the library.
2413    *
2414    * To account for both of these, OpenSSL interprets the client-side bitmask
2415    * as a min/max range by picking the lowest contiguous non-empty range of
2416    * enabled protocols. Note that this means it is impossible to set a maximum
2417    * version of TLS 1.2 in a future-proof way.
2418    *
2419    * By this scheme, the maximum version is the lowest version V such that V is
2420    * enabled and V+1 is disabled or unimplemented. */
2421   if (SSL_IS_DTLS(ssl)) {
2422     if (!(options & SSL_OP_NO_DTLSv1_2)) {
2423       version = DTLS1_2_VERSION;
2424     }
2425     if (!(options & SSL_OP_NO_DTLSv1) && (options & SSL_OP_NO_DTLSv1_2)) {
2426       version = DTLS1_VERSION;
2427     }
2428     if (ssl->max_version != 0 && version < ssl->max_version) {
2429       version = ssl->max_version;
2430     }
2431   } else {
2432     if (!(options & SSL_OP_NO_TLSv1_2)) {
2433       version = TLS1_2_VERSION;
2434     }
2435     if (!(options & SSL_OP_NO_TLSv1_1) && (options & SSL_OP_NO_TLSv1_2)) {
2436       version = TLS1_1_VERSION;
2437     }
2438     if (!(options & SSL_OP_NO_TLSv1) && (options & SSL_OP_NO_TLSv1_1)) {
2439       version = TLS1_VERSION;
2440     }
2441     if (!(options & SSL_OP_NO_SSLv3) && (options & SSL_OP_NO_TLSv1)) {
2442       version = SSL3_VERSION;
2443     }
2444     if (ssl->max_version != 0 && version > ssl->max_version) {
2445       version = ssl->max_version;
2446     }
2447   }
2448 
2449   return version;
2450 }
2451 
ssl3_is_version_enabled(SSL * ssl,uint16_t version)2452 int ssl3_is_version_enabled(SSL *ssl, uint16_t version) {
2453   if (SSL_IS_DTLS(ssl)) {
2454     if (ssl->max_version != 0 && version < ssl->max_version) {
2455       return 0;
2456     }
2457     if (ssl->min_version != 0 && version > ssl->min_version) {
2458       return 0;
2459     }
2460 
2461     switch (version) {
2462       case DTLS1_VERSION:
2463         return !(ssl->options & SSL_OP_NO_DTLSv1);
2464 
2465       case DTLS1_2_VERSION:
2466         return !(ssl->options & SSL_OP_NO_DTLSv1_2);
2467 
2468       default:
2469         return 0;
2470     }
2471   } else {
2472     if (ssl->max_version != 0 && version > ssl->max_version) {
2473       return 0;
2474     }
2475     if (ssl->min_version != 0 && version < ssl->min_version) {
2476       return 0;
2477     }
2478 
2479     switch (version) {
2480       case SSL3_VERSION:
2481         return !(ssl->options & SSL_OP_NO_SSLv3);
2482 
2483       case TLS1_VERSION:
2484         return !(ssl->options & SSL_OP_NO_TLSv1);
2485 
2486       case TLS1_1_VERSION:
2487         return !(ssl->options & SSL_OP_NO_TLSv1_1);
2488 
2489       case TLS1_2_VERSION:
2490         return !(ssl->options & SSL_OP_NO_TLSv1_2);
2491 
2492       default:
2493         return 0;
2494     }
2495   }
2496 }
2497 
ssl3_version_from_wire(SSL * ssl,uint16_t wire_version)2498 uint16_t ssl3_version_from_wire(SSL *ssl, uint16_t wire_version) {
2499   if (!SSL_IS_DTLS(ssl)) {
2500     return wire_version;
2501   }
2502 
2503   uint16_t tls_version = ~wire_version;
2504   uint16_t version = tls_version + 0x0201;
2505   /* If either component overflowed, clamp it so comparisons still work. */
2506   if ((version >> 8) < (tls_version >> 8)) {
2507     version = 0xff00 | (version & 0xff);
2508   }
2509   if ((version & 0xff) < (tls_version & 0xff)) {
2510     version = (version & 0xff00) | 0xff;
2511   }
2512   /* DTLS 1.0 maps to TLS 1.1, not TLS 1.0. */
2513   if (version == TLS1_VERSION) {
2514     version = TLS1_1_VERSION;
2515   }
2516   return version;
2517 }
2518 
SSL_cache_hit(SSL * ssl)2519 int SSL_cache_hit(SSL *ssl) { return SSL_session_reused(ssl); }
2520 
SSL_is_server(SSL * ssl)2521 int SSL_is_server(SSL *ssl) { return ssl->server; }
2522 
SSL_CTX_set_select_certificate_cb(SSL_CTX * ctx,int (* cb)(const struct ssl_early_callback_ctx *))2523 void SSL_CTX_set_select_certificate_cb(
2524     SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)) {
2525   ctx->select_certificate_cb = cb;
2526 }
2527 
SSL_CTX_set_dos_protection_cb(SSL_CTX * ctx,int (* cb)(const struct ssl_early_callback_ctx *))2528 void SSL_CTX_set_dos_protection_cb(
2529     SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)) {
2530   ctx->dos_protection_cb = cb;
2531 }
2532 
SSL_set_renegotiate_mode(SSL * ssl,enum ssl_renegotiate_mode_t mode)2533 void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) {
2534   ssl->renegotiate_mode = mode;
2535 }
2536 
SSL_set_reject_peer_renegotiations(SSL * ssl,int reject)2537 void SSL_set_reject_peer_renegotiations(SSL *ssl, int reject) {
2538   SSL_set_renegotiate_mode(
2539       ssl, reject ? ssl_renegotiate_never : ssl_renegotiate_freely);
2540 }
2541 
SSL_get_rc4_state(const SSL * ssl,const RC4_KEY ** read_key,const RC4_KEY ** write_key)2542 int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key,
2543                       const RC4_KEY **write_key) {
2544   if (ssl->aead_read_ctx == NULL || ssl->aead_write_ctx == NULL) {
2545     return 0;
2546   }
2547 
2548   return EVP_AEAD_CTX_get_rc4_state(&ssl->aead_read_ctx->ctx, read_key) &&
2549          EVP_AEAD_CTX_get_rc4_state(&ssl->aead_write_ctx->ctx, write_key);
2550 }
2551 
SSL_get_ivs(const SSL * ssl,const uint8_t ** out_read_iv,const uint8_t ** out_write_iv,size_t * out_iv_len)2552 int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
2553                 const uint8_t **out_write_iv, size_t *out_iv_len) {
2554   if (ssl->aead_read_ctx == NULL || ssl->aead_write_ctx == NULL) {
2555     return 0;
2556   }
2557 
2558   size_t write_iv_len;
2559   if (!EVP_AEAD_CTX_get_iv(&ssl->aead_read_ctx->ctx, out_read_iv, out_iv_len) ||
2560       !EVP_AEAD_CTX_get_iv(&ssl->aead_write_ctx->ctx, out_write_iv,
2561                            &write_iv_len) ||
2562       *out_iv_len != write_iv_len) {
2563     return 0;
2564   }
2565 
2566   return 1;
2567 }
2568 
SSL_get_server_key_exchange_hash(const SSL * ssl)2569 uint8_t SSL_get_server_key_exchange_hash(const SSL *ssl) {
2570   return ssl->s3->tmp.server_key_exchange_hash;
2571 }
2572 
SSL_clear(SSL * ssl)2573 int SSL_clear(SSL *ssl) {
2574   if (ssl->method == NULL) {
2575     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_METHOD_SPECIFIED);
2576     return 0;
2577   }
2578 
2579   if (ssl_clear_bad_session(ssl)) {
2580     SSL_SESSION_free(ssl->session);
2581     ssl->session = NULL;
2582   }
2583 
2584   ssl->hit = 0;
2585   ssl->shutdown = 0;
2586 
2587   /* SSL_clear may be called before or after the |ssl| is initialized in either
2588    * accept or connect state. In the latter case, SSL_clear should preserve the
2589    * half and reset |ssl->state| accordingly. */
2590   if (ssl->handshake_func != NULL) {
2591     if (ssl->server) {
2592       SSL_set_accept_state(ssl);
2593     } else {
2594       SSL_set_connect_state(ssl);
2595     }
2596   } else {
2597     assert(ssl->state == 0);
2598   }
2599 
2600   /* TODO(davidben): Some state on |ssl| is reset both in |SSL_new| and
2601    * |SSL_clear| because it is per-connection state rather than configuration
2602    * state. Per-connection state should be on |ssl->s3| and |ssl->d1| so it is
2603    * naturally reset at the right points between |SSL_new|, |SSL_clear|, and
2604    * |ssl3_new|. */
2605 
2606   ssl->rwstate = SSL_NOTHING;
2607 
2608   BUF_MEM_free(ssl->init_buf);
2609   ssl->init_buf = NULL;
2610 
2611   ssl_clear_cipher_ctx(ssl);
2612 
2613   OPENSSL_free(ssl->next_proto_negotiated);
2614   ssl->next_proto_negotiated = NULL;
2615   ssl->next_proto_negotiated_len = 0;
2616 
2617   /* The ssl->d1->mtu is simultaneously configuration (preserved across
2618    * clear) and connection-specific state (gets reset).
2619    *
2620    * TODO(davidben): Avoid this. */
2621   unsigned mtu = 0;
2622   if (ssl->d1 != NULL) {
2623     mtu = ssl->d1->mtu;
2624   }
2625 
2626   ssl->method->ssl_free(ssl);
2627   if (!ssl->method->ssl_new(ssl)) {
2628     return 0;
2629   }
2630   ssl->enc_method = ssl3_get_enc_method(ssl->version);
2631   assert(ssl->enc_method != NULL);
2632 
2633   if (SSL_IS_DTLS(ssl) && (SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
2634     ssl->d1->mtu = mtu;
2635   }
2636 
2637   ssl->client_version = ssl->version;
2638 
2639   return 1;
2640 }
2641 
SSL_CTX_sess_connect(const SSL_CTX * ctx)2642 int SSL_CTX_sess_connect(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_connect_good(const SSL_CTX * ctx)2643 int SSL_CTX_sess_connect_good(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_connect_renegotiate(const SSL_CTX * ctx)2644 int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_accept(const SSL_CTX * ctx)2645 int SSL_CTX_sess_accept(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_accept_renegotiate(const SSL_CTX * ctx)2646 int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_accept_good(const SSL_CTX * ctx)2647 int SSL_CTX_sess_accept_good(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_hits(const SSL_CTX * ctx)2648 int SSL_CTX_sess_hits(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_cb_hits(const SSL_CTX * ctx)2649 int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_misses(const SSL_CTX * ctx)2650 int SSL_CTX_sess_misses(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_timeouts(const SSL_CTX * ctx)2651 int SSL_CTX_sess_timeouts(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_cache_full(const SSL_CTX * ctx)2652 int SSL_CTX_sess_cache_full(const SSL_CTX *ctx) { return 0; }
ERR_load_SSL_strings(void)2653 void ERR_load_SSL_strings(void) {}
SSL_load_error_strings(void)2654 void SSL_load_error_strings(void) {}
2655