1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57 /* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110 /* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114 */
115 /* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
117 *
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120 * license.
121 *
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
125 *
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
129 *
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
134 *
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139 * OTHERWISE. */
140
141 #include <openssl/ssl.h>
142
143 #include <assert.h>
144 #include <stdlib.h>
145 #include <string.h>
146
147 #include <openssl/bytestring.h>
148 #include <openssl/crypto.h>
149 #include <openssl/dh.h>
150 #include <openssl/err.h>
151 #include <openssl/lhash.h>
152 #include <openssl/mem.h>
153 #include <openssl/rand.h>
154
155 #include "internal.h"
156 #include "../crypto/internal.h"
157
158 #if defined(OPENSSL_WINDOWS)
159 #include <sys/timeb.h>
160 #else
161 #include <sys/socket.h>
162 #include <sys/time.h>
163 #endif
164
165
166 /* |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it
167 * to avoid downstream churn. */
168 OPENSSL_DECLARE_ERROR_REASON(SSL, UNKNOWN_PROTOCOL)
169
170 /* The following errors are no longer emitted, but are used in nginx without
171 * #ifdefs. */
172 OPENSSL_DECLARE_ERROR_REASON(SSL, BLOCK_CIPHER_PAD_IS_WRONG)
173 OPENSSL_DECLARE_ERROR_REASON(SSL, NO_CIPHERS_SPECIFIED)
174
175 /* Some error codes are special. Ensure the make_errors.go script never
176 * regresses this. */
177 OPENSSL_COMPILE_ASSERT(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ==
178 SSL_AD_NO_RENEGOTIATION + SSL_AD_REASON_OFFSET,
179 ssl_alert_reason_code_mismatch);
180
181 /* kMaxHandshakeSize is the maximum size, in bytes, of a handshake message. */
182 static const size_t kMaxHandshakeSize = (1u << 24) - 1;
183
184 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl =
185 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
186 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl_ctx =
187 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
188
SSL_library_init(void)189 int SSL_library_init(void) {
190 CRYPTO_library_init();
191 return 1;
192 }
193
ssl_session_hash(const SSL_SESSION * sess)194 static uint32_t ssl_session_hash(const SSL_SESSION *sess) {
195 const uint8_t *session_id = sess->session_id;
196
197 uint8_t tmp_storage[sizeof(uint32_t)];
198 if (sess->session_id_length < sizeof(tmp_storage)) {
199 OPENSSL_memset(tmp_storage, 0, sizeof(tmp_storage));
200 OPENSSL_memcpy(tmp_storage, sess->session_id, sess->session_id_length);
201 session_id = tmp_storage;
202 }
203
204 uint32_t hash =
205 ((uint32_t)session_id[0]) |
206 ((uint32_t)session_id[1] << 8) |
207 ((uint32_t)session_id[2] << 16) |
208 ((uint32_t)session_id[3] << 24);
209
210 return hash;
211 }
212
213 /* NB: If this function (or indeed the hash function which uses a sort of
214 * coarser function than this one) is changed, ensure
215 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
216 * able to construct an SSL_SESSION that will collide with any existing session
217 * with a matching session ID. */
ssl_session_cmp(const SSL_SESSION * a,const SSL_SESSION * b)218 static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
219 if (a->ssl_version != b->ssl_version) {
220 return 1;
221 }
222
223 if (a->session_id_length != b->session_id_length) {
224 return 1;
225 }
226
227 return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length);
228 }
229
SSL_CTX_new(const SSL_METHOD * method)230 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
231 SSL_CTX *ret = NULL;
232
233 if (method == NULL) {
234 OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_METHOD_PASSED);
235 return NULL;
236 }
237
238 ret = OPENSSL_malloc(sizeof(SSL_CTX));
239 if (ret == NULL) {
240 goto err;
241 }
242
243 OPENSSL_memset(ret, 0, sizeof(SSL_CTX));
244
245 ret->method = method->method;
246 ret->x509_method = method->x509_method;
247
248 CRYPTO_MUTEX_init(&ret->lock);
249
250 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
251 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
252
253 ret->session_timeout = SSL_DEFAULT_SESSION_TIMEOUT;
254 ret->session_psk_dhe_timeout = SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT;
255
256 ret->references = 1;
257
258 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
259 ret->verify_mode = SSL_VERIFY_NONE;
260 ret->cert = ssl_cert_new(method->x509_method);
261 if (ret->cert == NULL) {
262 goto err;
263 }
264
265 ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
266 if (ret->sessions == NULL) {
267 goto err;
268 }
269
270 if (!ret->x509_method->ssl_ctx_new(ret)) {
271 goto err;
272 }
273
274 if (!SSL_CTX_set_strict_cipher_list(ret, SSL_DEFAULT_CIPHER_LIST)) {
275 goto err2;
276 }
277
278 ret->client_CA = sk_CRYPTO_BUFFER_new_null();
279 if (ret->client_CA == NULL) {
280 goto err;
281 }
282
283 CRYPTO_new_ex_data(&ret->ex_data);
284
285 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
286
287 /* Setup RFC4507 ticket keys */
288 if (!RAND_bytes(ret->tlsext_tick_key_name, 16) ||
289 !RAND_bytes(ret->tlsext_tick_hmac_key, 16) ||
290 !RAND_bytes(ret->tlsext_tick_aes_key, 16)) {
291 ret->options |= SSL_OP_NO_TICKET;
292 }
293
294 /* Disable the auto-chaining feature by default. Once this has stuck without
295 * problems, the feature will be removed entirely. */
296 ret->mode = SSL_MODE_NO_AUTO_CHAIN;
297
298 /* Lock the SSL_CTX to the specified version, for compatibility with legacy
299 * uses of SSL_METHOD. */
300 if (!SSL_CTX_set_max_proto_version(ret, method->version) ||
301 !SSL_CTX_set_min_proto_version(ret, method->version)) {
302 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
303 goto err2;
304 }
305
306 return ret;
307
308 err:
309 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
310 err2:
311 SSL_CTX_free(ret);
312 return NULL;
313 }
314
SSL_CTX_up_ref(SSL_CTX * ctx)315 int SSL_CTX_up_ref(SSL_CTX *ctx) {
316 CRYPTO_refcount_inc(&ctx->references);
317 return 1;
318 }
319
SSL_CTX_free(SSL_CTX * ctx)320 void SSL_CTX_free(SSL_CTX *ctx) {
321 if (ctx == NULL ||
322 !CRYPTO_refcount_dec_and_test_zero(&ctx->references)) {
323 return;
324 }
325
326 /* Free internal session cache. However: the remove_cb() may reference the
327 * ex_data of SSL_CTX, thus the ex_data store can only be removed after the
328 * sessions were flushed. As the ex_data handling routines might also touch
329 * the session cache, the most secure solution seems to be: empty (flush) the
330 * cache, then free ex_data, then finally free the cache. (See ticket
331 * [openssl.org #212].) */
332 SSL_CTX_flush_sessions(ctx, 0);
333
334 CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data);
335
336 CRYPTO_MUTEX_cleanup(&ctx->lock);
337 lh_SSL_SESSION_free(ctx->sessions);
338 ssl_cipher_preference_list_free(ctx->cipher_list);
339 ssl_cert_free(ctx->cert);
340 sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->client_custom_extensions,
341 SSL_CUSTOM_EXTENSION_free);
342 sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->server_custom_extensions,
343 SSL_CUSTOM_EXTENSION_free);
344 sk_CRYPTO_BUFFER_pop_free(ctx->client_CA, CRYPTO_BUFFER_free);
345 ctx->x509_method->ssl_ctx_free(ctx);
346 sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
347 OPENSSL_free(ctx->psk_identity_hint);
348 OPENSSL_free(ctx->supported_group_list);
349 OPENSSL_free(ctx->alpn_client_proto_list);
350 EVP_PKEY_free(ctx->tlsext_channel_id_private);
351
352 OPENSSL_free(ctx);
353 }
354
SSL_new(SSL_CTX * ctx)355 SSL *SSL_new(SSL_CTX *ctx) {
356 if (ctx == NULL) {
357 OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_CTX);
358 return NULL;
359 }
360 if (ctx->method == NULL) {
361 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
362 return NULL;
363 }
364
365 SSL *ssl = OPENSSL_malloc(sizeof(SSL));
366 if (ssl == NULL) {
367 goto err;
368 }
369 OPENSSL_memset(ssl, 0, sizeof(SSL));
370
371 ssl->min_version = ctx->min_version;
372 ssl->max_version = ctx->max_version;
373
374 /* RFC 6347 states that implementations SHOULD use an initial timer value of
375 * 1 second. */
376 ssl->initial_timeout_duration_ms = 1000;
377
378 ssl->options = ctx->options;
379 ssl->mode = ctx->mode;
380 ssl->max_cert_list = ctx->max_cert_list;
381
382 ssl->cert = ssl_cert_dup(ctx->cert);
383 if (ssl->cert == NULL) {
384 goto err;
385 }
386
387 ssl->msg_callback = ctx->msg_callback;
388 ssl->msg_callback_arg = ctx->msg_callback_arg;
389 ssl->verify_mode = ctx->verify_mode;
390 ssl->verify_callback = ctx->default_verify_callback;
391 ssl->retain_only_sha256_of_client_certs =
392 ctx->retain_only_sha256_of_client_certs;
393
394 ssl->quiet_shutdown = ctx->quiet_shutdown;
395 ssl->max_send_fragment = ctx->max_send_fragment;
396
397 SSL_CTX_up_ref(ctx);
398 ssl->ctx = ctx;
399 SSL_CTX_up_ref(ctx);
400 ssl->session_ctx = ctx;
401
402 if (!ssl->ctx->x509_method->ssl_new(ssl)) {
403 goto err;
404 }
405
406 if (ctx->supported_group_list) {
407 ssl->supported_group_list = BUF_memdup(ctx->supported_group_list,
408 ctx->supported_group_list_len * 2);
409 if (!ssl->supported_group_list) {
410 goto err;
411 }
412 ssl->supported_group_list_len = ctx->supported_group_list_len;
413 }
414
415 if (ctx->alpn_client_proto_list) {
416 ssl->alpn_client_proto_list = BUF_memdup(ctx->alpn_client_proto_list,
417 ctx->alpn_client_proto_list_len);
418 if (ssl->alpn_client_proto_list == NULL) {
419 goto err;
420 }
421 ssl->alpn_client_proto_list_len = ctx->alpn_client_proto_list_len;
422 }
423
424 ssl->method = ctx->method;
425
426 if (!ssl->method->ssl_new(ssl)) {
427 goto err;
428 }
429
430 ssl->rwstate = SSL_NOTHING;
431
432 CRYPTO_new_ex_data(&ssl->ex_data);
433
434 ssl->psk_identity_hint = NULL;
435 if (ctx->psk_identity_hint) {
436 ssl->psk_identity_hint = BUF_strdup(ctx->psk_identity_hint);
437 if (ssl->psk_identity_hint == NULL) {
438 goto err;
439 }
440 }
441 ssl->psk_client_callback = ctx->psk_client_callback;
442 ssl->psk_server_callback = ctx->psk_server_callback;
443
444 ssl->tlsext_channel_id_enabled = ctx->tlsext_channel_id_enabled;
445 if (ctx->tlsext_channel_id_private) {
446 EVP_PKEY_up_ref(ctx->tlsext_channel_id_private);
447 ssl->tlsext_channel_id_private = ctx->tlsext_channel_id_private;
448 }
449
450 ssl->signed_cert_timestamps_enabled = ctx->signed_cert_timestamps_enabled;
451 ssl->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled;
452
453 return ssl;
454
455 err:
456 SSL_free(ssl);
457 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
458
459 return NULL;
460 }
461
SSL_free(SSL * ssl)462 void SSL_free(SSL *ssl) {
463 if (ssl == NULL) {
464 return;
465 }
466
467 ssl->ctx->x509_method->ssl_free(ssl);
468 CRYPTO_free_ex_data(&g_ex_data_class_ssl, ssl, &ssl->ex_data);
469
470 BIO_free_all(ssl->rbio);
471 BIO_free_all(ssl->wbio);
472
473 BUF_MEM_free(ssl->init_buf);
474
475 /* add extra stuff */
476 ssl_cipher_preference_list_free(ssl->cipher_list);
477
478 SSL_SESSION_free(ssl->session);
479
480 ssl_cert_free(ssl->cert);
481
482 OPENSSL_free(ssl->tlsext_hostname);
483 SSL_CTX_free(ssl->session_ctx);
484 OPENSSL_free(ssl->supported_group_list);
485 OPENSSL_free(ssl->alpn_client_proto_list);
486 EVP_PKEY_free(ssl->tlsext_channel_id_private);
487 OPENSSL_free(ssl->psk_identity_hint);
488 sk_CRYPTO_BUFFER_pop_free(ssl->client_CA, CRYPTO_BUFFER_free);
489 sk_SRTP_PROTECTION_PROFILE_free(ssl->srtp_profiles);
490
491 if (ssl->method != NULL) {
492 ssl->method->ssl_free(ssl);
493 }
494 SSL_CTX_free(ssl->ctx);
495
496 OPENSSL_free(ssl);
497 }
498
SSL_set_connect_state(SSL * ssl)499 void SSL_set_connect_state(SSL *ssl) {
500 ssl->server = 0;
501 ssl->handshake_func = ssl3_connect;
502 }
503
SSL_set_accept_state(SSL * ssl)504 void SSL_set_accept_state(SSL *ssl) {
505 ssl->server = 1;
506 ssl->handshake_func = ssl3_accept;
507 }
508
SSL_set0_rbio(SSL * ssl,BIO * rbio)509 void SSL_set0_rbio(SSL *ssl, BIO *rbio) {
510 BIO_free_all(ssl->rbio);
511 ssl->rbio = rbio;
512 }
513
SSL_set0_wbio(SSL * ssl,BIO * wbio)514 void SSL_set0_wbio(SSL *ssl, BIO *wbio) {
515 BIO_free_all(ssl->wbio);
516 ssl->wbio = wbio;
517 }
518
SSL_set_bio(SSL * ssl,BIO * rbio,BIO * wbio)519 void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) {
520 /* For historical reasons, this function has many different cases in ownership
521 * handling. */
522
523 /* If nothing has changed, do nothing */
524 if (rbio == SSL_get_rbio(ssl) && wbio == SSL_get_wbio(ssl)) {
525 return;
526 }
527
528 /* If the two arguments are equal, one fewer reference is granted than
529 * taken. */
530 if (rbio != NULL && rbio == wbio) {
531 BIO_up_ref(rbio);
532 }
533
534 /* If only the wbio is changed, adopt only one reference. */
535 if (rbio == SSL_get_rbio(ssl)) {
536 SSL_set0_wbio(ssl, wbio);
537 return;
538 }
539
540 /* There is an asymmetry here for historical reasons. If only the rbio is
541 * changed AND the rbio and wbio were originally different, then we only adopt
542 * one reference. */
543 if (wbio == SSL_get_wbio(ssl) && SSL_get_rbio(ssl) != SSL_get_wbio(ssl)) {
544 SSL_set0_rbio(ssl, rbio);
545 return;
546 }
547
548 /* Otherwise, adopt both references. */
549 SSL_set0_rbio(ssl, rbio);
550 SSL_set0_wbio(ssl, wbio);
551 }
552
SSL_get_rbio(const SSL * ssl)553 BIO *SSL_get_rbio(const SSL *ssl) { return ssl->rbio; }
554
SSL_get_wbio(const SSL * ssl)555 BIO *SSL_get_wbio(const SSL *ssl) { return ssl->wbio; }
556
ssl_reset_error_state(SSL * ssl)557 void ssl_reset_error_state(SSL *ssl) {
558 /* Functions which use |SSL_get_error| must reset I/O and error state on
559 * entry. */
560 ssl->rwstate = SSL_NOTHING;
561 ERR_clear_error();
562 ERR_clear_system_error();
563 }
564
SSL_do_handshake(SSL * ssl)565 int SSL_do_handshake(SSL *ssl) {
566 ssl_reset_error_state(ssl);
567
568 if (ssl->handshake_func == NULL) {
569 OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
570 return -1;
571 }
572
573 if (!SSL_in_init(ssl)) {
574 return 1;
575 }
576
577 if (ssl->s3->hs == NULL) {
578 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
579 return -1;
580 }
581
582 /* Run the handshake. */
583 assert(ssl->s3->hs != NULL);
584 int ret = ssl->handshake_func(ssl->s3->hs);
585 if (ret <= 0) {
586 return ret;
587 }
588
589 /* Destroy the handshake object if the handshake has completely finished. */
590 if (!SSL_in_init(ssl)) {
591 ssl_handshake_free(ssl->s3->hs);
592 ssl->s3->hs = NULL;
593 }
594
595 return 1;
596 }
597
SSL_connect(SSL * ssl)598 int SSL_connect(SSL *ssl) {
599 if (ssl->handshake_func == NULL) {
600 /* Not properly initialized yet */
601 SSL_set_connect_state(ssl);
602 }
603
604 return SSL_do_handshake(ssl);
605 }
606
SSL_accept(SSL * ssl)607 int SSL_accept(SSL *ssl) {
608 if (ssl->handshake_func == NULL) {
609 /* Not properly initialized yet */
610 SSL_set_accept_state(ssl);
611 }
612
613 return SSL_do_handshake(ssl);
614 }
615
ssl_can_write(const SSL * ssl)616 int ssl_can_write(const SSL *ssl) {
617 return !SSL_in_init(ssl) || ssl->s3->hs->can_early_write;
618 }
619
ssl_can_read(const SSL * ssl)620 int ssl_can_read(const SSL *ssl) {
621 return !SSL_in_init(ssl) || ssl->s3->hs->can_early_read;
622 }
623
ssl_do_renegotiate(SSL * ssl)624 static int ssl_do_renegotiate(SSL *ssl) {
625 /* We do not accept renegotiations as a server or SSL 3.0. SSL 3.0 will be
626 * removed entirely in the future and requires retaining more data for
627 * renegotiation_info. */
628 if (ssl->server || ssl->version == SSL3_VERSION) {
629 goto no_renegotiation;
630 }
631
632 if (ssl->s3->tmp.message_type != SSL3_MT_HELLO_REQUEST ||
633 ssl->init_num != 0) {
634 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
635 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HELLO_REQUEST);
636 return 0;
637 }
638
639 switch (ssl->renegotiate_mode) {
640 case ssl_renegotiate_ignore:
641 /* Ignore the HelloRequest. */
642 return 1;
643
644 case ssl_renegotiate_once:
645 if (ssl->s3->total_renegotiations != 0) {
646 goto no_renegotiation;
647 }
648 break;
649
650 case ssl_renegotiate_never:
651 goto no_renegotiation;
652
653 case ssl_renegotiate_freely:
654 break;
655 }
656
657 /* Renegotiation is only supported at quiescent points in the application
658 * protocol, namely in HTTPS, just before reading the HTTP response. Require
659 * the record-layer be idle and avoid complexities of sending a handshake
660 * record while an application_data record is being written. */
661 if (ssl_write_buffer_is_pending(ssl)) {
662 goto no_renegotiation;
663 }
664
665 /* Begin a new handshake. */
666 if (ssl->s3->hs != NULL) {
667 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
668 return 0;
669 }
670 ssl->s3->hs = ssl_handshake_new(ssl);
671 if (ssl->s3->hs == NULL) {
672 return 0;
673 }
674
675 ssl->s3->total_renegotiations++;
676 return 1;
677
678 no_renegotiation:
679 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_NO_RENEGOTIATION);
680 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION);
681 return 0;
682 }
683
ssl_do_post_handshake(SSL * ssl)684 static int ssl_do_post_handshake(SSL *ssl) {
685 if (ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
686 return ssl_do_renegotiate(ssl);
687 }
688
689 return tls13_post_handshake(ssl);
690 }
691
ssl_read_impl(SSL * ssl,void * buf,int num,int peek)692 static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) {
693 ssl_reset_error_state(ssl);
694
695 if (ssl->handshake_func == NULL) {
696 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
697 return -1;
698 }
699
700 for (;;) {
701 /* Complete the current handshake, if any. False Start will cause
702 * |SSL_do_handshake| to return mid-handshake, so this may require multiple
703 * iterations. */
704 while (!ssl_can_read(ssl)) {
705 int ret = SSL_do_handshake(ssl);
706 if (ret < 0) {
707 return ret;
708 }
709 if (ret == 0) {
710 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_HANDSHAKE_FAILURE);
711 return -1;
712 }
713 }
714
715 int got_handshake;
716 int ret = ssl->method->read_app_data(ssl, &got_handshake, buf, num, peek);
717 if (ret > 0 || !got_handshake) {
718 ssl->s3->key_update_count = 0;
719 return ret;
720 }
721
722 /* If we received an interrupt in early read (the end_of_early_data alert),
723 * loop again for the handshake to process it. */
724 if (SSL_in_init(ssl)) {
725 continue;
726 }
727
728 /* Handle the post-handshake message and try again. */
729 if (!ssl_do_post_handshake(ssl)) {
730 return -1;
731 }
732 ssl->method->release_current_message(ssl, 1 /* free buffer */);
733 }
734 }
735
SSL_read(SSL * ssl,void * buf,int num)736 int SSL_read(SSL *ssl, void *buf, int num) {
737 return ssl_read_impl(ssl, buf, num, 0 /* consume bytes */);
738 }
739
SSL_peek(SSL * ssl,void * buf,int num)740 int SSL_peek(SSL *ssl, void *buf, int num) {
741 return ssl_read_impl(ssl, buf, num, 1 /* peek */);
742 }
743
SSL_write(SSL * ssl,const void * buf,int num)744 int SSL_write(SSL *ssl, const void *buf, int num) {
745 ssl_reset_error_state(ssl);
746
747 if (ssl->handshake_func == NULL) {
748 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
749 return -1;
750 }
751
752 if (ssl->s3->send_shutdown != ssl_shutdown_none) {
753 OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
754 return -1;
755 }
756
757 /* If necessary, complete the handshake implicitly. */
758 if (!ssl_can_write(ssl)) {
759 int ret = SSL_do_handshake(ssl);
760 if (ret < 0) {
761 return ret;
762 }
763 if (ret == 0) {
764 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_HANDSHAKE_FAILURE);
765 return -1;
766 }
767 }
768
769 return ssl->method->write_app_data(ssl, buf, num);
770 }
771
SSL_shutdown(SSL * ssl)772 int SSL_shutdown(SSL *ssl) {
773 ssl_reset_error_state(ssl);
774
775 if (ssl->handshake_func == NULL) {
776 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
777 return -1;
778 }
779
780 /* If we are in the middle of a handshake, silently succeed. Consumers often
781 * call this function before |SSL_free|, whether the handshake succeeded or
782 * not. We assume the caller has already handled failed handshakes. */
783 if (SSL_in_init(ssl)) {
784 return 1;
785 }
786
787 if (ssl->quiet_shutdown) {
788 /* Do nothing if configured not to send a close_notify. */
789 ssl->s3->send_shutdown = ssl_shutdown_close_notify;
790 ssl->s3->recv_shutdown = ssl_shutdown_close_notify;
791 return 1;
792 }
793
794 /* This function completes in two stages. It sends a close_notify and then it
795 * waits for a close_notify to come in. Perform exactly one action and return
796 * whether or not it succeeds. */
797
798 if (ssl->s3->send_shutdown != ssl_shutdown_close_notify) {
799 /* Send a close_notify. */
800 if (ssl3_send_alert(ssl, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY) <= 0) {
801 return -1;
802 }
803 } else if (ssl->s3->alert_dispatch) {
804 /* Finish sending the close_notify. */
805 if (ssl->method->dispatch_alert(ssl) <= 0) {
806 return -1;
807 }
808 } else if (ssl->s3->recv_shutdown != ssl_shutdown_close_notify) {
809 /* Wait for the peer's close_notify. */
810 ssl->method->read_close_notify(ssl);
811 if (ssl->s3->recv_shutdown != ssl_shutdown_close_notify) {
812 return -1;
813 }
814 }
815
816 /* Return 0 for unidirectional shutdown and 1 for bidirectional shutdown. */
817 return ssl->s3->recv_shutdown == ssl_shutdown_close_notify;
818 }
819
SSL_send_fatal_alert(SSL * ssl,uint8_t alert)820 int SSL_send_fatal_alert(SSL *ssl, uint8_t alert) {
821 if (ssl->s3->alert_dispatch) {
822 if (ssl->s3->send_alert[0] != SSL3_AL_FATAL ||
823 ssl->s3->send_alert[1] != alert) {
824 /* We are already attempting to write a different alert. */
825 OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
826 return -1;
827 }
828 return ssl->method->dispatch_alert(ssl);
829 }
830
831 return ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
832 }
833
SSL_CTX_set_early_data_enabled(SSL_CTX * ctx,int enabled)834 void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) {
835 ctx->enable_early_data = !!enabled;
836 }
837
SSL_early_data_accepted(const SSL * ssl)838 int SSL_early_data_accepted(const SSL *ssl) {
839 return ssl->early_data_accepted;
840 }
841
bio_retry_reason_to_error(int reason)842 static int bio_retry_reason_to_error(int reason) {
843 switch (reason) {
844 case BIO_RR_CONNECT:
845 return SSL_ERROR_WANT_CONNECT;
846 case BIO_RR_ACCEPT:
847 return SSL_ERROR_WANT_ACCEPT;
848 default:
849 return SSL_ERROR_SYSCALL;
850 }
851 }
852
SSL_get_error(const SSL * ssl,int ret_code)853 int SSL_get_error(const SSL *ssl, int ret_code) {
854 if (ret_code > 0) {
855 return SSL_ERROR_NONE;
856 }
857
858 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
859 * where we do encode the error */
860 uint32_t err = ERR_peek_error();
861 if (err != 0) {
862 if (ERR_GET_LIB(err) == ERR_LIB_SYS) {
863 return SSL_ERROR_SYSCALL;
864 }
865 return SSL_ERROR_SSL;
866 }
867
868 if (ret_code == 0) {
869 if (ssl->s3->recv_shutdown == ssl_shutdown_close_notify) {
870 return SSL_ERROR_ZERO_RETURN;
871 }
872 /* An EOF was observed which violates the protocol, and the underlying
873 * transport does not participate in the error queue. Bubble up to the
874 * caller. */
875 return SSL_ERROR_SYSCALL;
876 }
877
878 switch (ssl->rwstate) {
879 case SSL_PENDING_SESSION:
880 return SSL_ERROR_PENDING_SESSION;
881
882 case SSL_CERTIFICATE_SELECTION_PENDING:
883 return SSL_ERROR_PENDING_CERTIFICATE;
884
885 case SSL_READING: {
886 BIO *bio = SSL_get_rbio(ssl);
887 if (BIO_should_read(bio)) {
888 return SSL_ERROR_WANT_READ;
889 }
890
891 if (BIO_should_write(bio)) {
892 /* TODO(davidben): OpenSSL historically checked for writes on the read
893 * BIO. Can this be removed? */
894 return SSL_ERROR_WANT_WRITE;
895 }
896
897 if (BIO_should_io_special(bio)) {
898 return bio_retry_reason_to_error(BIO_get_retry_reason(bio));
899 }
900
901 break;
902 }
903
904 case SSL_WRITING: {
905 BIO *bio = SSL_get_wbio(ssl);
906 if (BIO_should_write(bio)) {
907 return SSL_ERROR_WANT_WRITE;
908 }
909
910 if (BIO_should_read(bio)) {
911 /* TODO(davidben): OpenSSL historically checked for reads on the write
912 * BIO. Can this be removed? */
913 return SSL_ERROR_WANT_READ;
914 }
915
916 if (BIO_should_io_special(bio)) {
917 return bio_retry_reason_to_error(BIO_get_retry_reason(bio));
918 }
919
920 break;
921 }
922
923 case SSL_X509_LOOKUP:
924 return SSL_ERROR_WANT_X509_LOOKUP;
925
926 case SSL_CHANNEL_ID_LOOKUP:
927 return SSL_ERROR_WANT_CHANNEL_ID_LOOKUP;
928
929 case SSL_PRIVATE_KEY_OPERATION:
930 return SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
931
932 case SSL_PENDING_TICKET:
933 return SSL_ERROR_PENDING_TICKET;
934 }
935
936 return SSL_ERROR_SYSCALL;
937 }
938
set_min_version(const SSL_PROTOCOL_METHOD * method,uint16_t * out,uint16_t version)939 static int set_min_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
940 uint16_t version) {
941 /* Zero is interpreted as the default minimum version. */
942 if (version == 0) {
943 *out = method->min_version;
944 return 1;
945 }
946
947 if (version == TLS1_3_VERSION) {
948 version = TLS1_3_DRAFT_VERSION;
949 }
950
951 return method->version_from_wire(out, version);
952 }
953
set_max_version(const SSL_PROTOCOL_METHOD * method,uint16_t * out,uint16_t version)954 static int set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
955 uint16_t version) {
956 /* Zero is interpreted as the default maximum version. */
957 if (version == 0) {
958 *out = method->max_version;
959 /* TODO(svaldez): Enable TLS 1.3 by default once fully implemented. */
960 if (*out > TLS1_2_VERSION) {
961 *out = TLS1_2_VERSION;
962 }
963 return 1;
964 }
965
966 if (version == TLS1_3_VERSION) {
967 version = TLS1_3_DRAFT_VERSION;
968 }
969
970 return method->version_from_wire(out, version);
971 }
972
SSL_CTX_set_min_proto_version(SSL_CTX * ctx,uint16_t version)973 int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) {
974 return set_min_version(ctx->method, &ctx->min_version, version);
975 }
976
SSL_CTX_set_max_proto_version(SSL_CTX * ctx,uint16_t version)977 int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) {
978 return set_max_version(ctx->method, &ctx->max_version, version);
979 }
980
SSL_set_min_proto_version(SSL * ssl,uint16_t version)981 int SSL_set_min_proto_version(SSL *ssl, uint16_t version) {
982 return set_min_version(ssl->method, &ssl->min_version, version);
983 }
984
SSL_set_max_proto_version(SSL * ssl,uint16_t version)985 int SSL_set_max_proto_version(SSL *ssl, uint16_t version) {
986 return set_max_version(ssl->method, &ssl->max_version, version);
987 }
988
SSL_CTX_set_options(SSL_CTX * ctx,uint32_t options)989 uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) {
990 ctx->options |= options;
991 return ctx->options;
992 }
993
SSL_CTX_clear_options(SSL_CTX * ctx,uint32_t options)994 uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options) {
995 ctx->options &= ~options;
996 return ctx->options;
997 }
998
SSL_CTX_get_options(const SSL_CTX * ctx)999 uint32_t SSL_CTX_get_options(const SSL_CTX *ctx) { return ctx->options; }
1000
SSL_set_options(SSL * ssl,uint32_t options)1001 uint32_t SSL_set_options(SSL *ssl, uint32_t options) {
1002 ssl->options |= options;
1003 return ssl->options;
1004 }
1005
SSL_clear_options(SSL * ssl,uint32_t options)1006 uint32_t SSL_clear_options(SSL *ssl, uint32_t options) {
1007 ssl->options &= ~options;
1008 return ssl->options;
1009 }
1010
SSL_get_options(const SSL * ssl)1011 uint32_t SSL_get_options(const SSL *ssl) { return ssl->options; }
1012
SSL_CTX_set_mode(SSL_CTX * ctx,uint32_t mode)1013 uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode) {
1014 ctx->mode |= mode;
1015 return ctx->mode;
1016 }
1017
SSL_CTX_clear_mode(SSL_CTX * ctx,uint32_t mode)1018 uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode) {
1019 ctx->mode &= ~mode;
1020 return ctx->mode;
1021 }
1022
SSL_CTX_get_mode(const SSL_CTX * ctx)1023 uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx) { return ctx->mode; }
1024
SSL_set_mode(SSL * ssl,uint32_t mode)1025 uint32_t SSL_set_mode(SSL *ssl, uint32_t mode) {
1026 ssl->mode |= mode;
1027 return ssl->mode;
1028 }
1029
SSL_clear_mode(SSL * ssl,uint32_t mode)1030 uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode) {
1031 ssl->mode &= ~mode;
1032 return ssl->mode;
1033 }
1034
SSL_get_mode(const SSL * ssl)1035 uint32_t SSL_get_mode(const SSL *ssl) { return ssl->mode; }
1036
SSL_CTX_set0_buffer_pool(SSL_CTX * ctx,CRYPTO_BUFFER_POOL * pool)1037 void SSL_CTX_set0_buffer_pool(SSL_CTX *ctx, CRYPTO_BUFFER_POOL *pool) {
1038 ctx->pool = pool;
1039 }
1040
SSL_get_tls_unique(const SSL * ssl,uint8_t * out,size_t * out_len,size_t max_out)1041 int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len,
1042 size_t max_out) {
1043 /* tls-unique is not defined for SSL 3.0 or TLS 1.3. */
1044 if (!ssl->s3->initial_handshake_complete ||
1045 ssl3_protocol_version(ssl) < TLS1_VERSION ||
1046 ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
1047 goto err;
1048 }
1049
1050 /* The tls-unique value is the first Finished message in the handshake, which
1051 * is the client's in a full handshake and the server's for a resumption. See
1052 * https://tools.ietf.org/html/rfc5929#section-3.1. */
1053 const uint8_t *finished = ssl->s3->previous_client_finished;
1054 size_t finished_len = ssl->s3->previous_client_finished_len;
1055 if (ssl->session != NULL) {
1056 /* tls-unique is broken for resumed sessions unless EMS is used. */
1057 if (!ssl->session->extended_master_secret) {
1058 goto err;
1059 }
1060 finished = ssl->s3->previous_server_finished;
1061 finished_len = ssl->s3->previous_server_finished_len;
1062 }
1063
1064 *out_len = finished_len;
1065 if (finished_len > max_out) {
1066 *out_len = max_out;
1067 }
1068
1069 OPENSSL_memcpy(out, finished, *out_len);
1070 return 1;
1071
1072 err:
1073 *out_len = 0;
1074 OPENSSL_memset(out, 0, max_out);
1075 return 0;
1076 }
1077
set_session_id_context(CERT * cert,const uint8_t * sid_ctx,size_t sid_ctx_len)1078 static int set_session_id_context(CERT *cert, const uint8_t *sid_ctx,
1079 size_t sid_ctx_len) {
1080 if (sid_ctx_len > sizeof(cert->sid_ctx)) {
1081 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
1082 return 0;
1083 }
1084
1085 OPENSSL_COMPILE_ASSERT(sizeof(cert->sid_ctx) < 256, sid_ctx_too_large);
1086 cert->sid_ctx_length = (uint8_t)sid_ctx_len;
1087 OPENSSL_memcpy(cert->sid_ctx, sid_ctx, sid_ctx_len);
1088 return 1;
1089 }
1090
SSL_CTX_set_session_id_context(SSL_CTX * ctx,const uint8_t * sid_ctx,size_t sid_ctx_len)1091 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const uint8_t *sid_ctx,
1092 size_t sid_ctx_len) {
1093 return set_session_id_context(ctx->cert, sid_ctx, sid_ctx_len);
1094 }
1095
SSL_set_session_id_context(SSL * ssl,const uint8_t * sid_ctx,size_t sid_ctx_len)1096 int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx,
1097 size_t sid_ctx_len) {
1098 return set_session_id_context(ssl->cert, sid_ctx, sid_ctx_len);
1099 }
1100
SSL_get0_session_id_context(const SSL * ssl,size_t * out_len)1101 const uint8_t *SSL_get0_session_id_context(const SSL *ssl, size_t *out_len) {
1102 *out_len = ssl->cert->sid_ctx_length;
1103 return ssl->cert->sid_ctx;
1104 }
1105
ssl_cipher_preference_list_free(struct ssl_cipher_preference_list_st * cipher_list)1106 void ssl_cipher_preference_list_free(
1107 struct ssl_cipher_preference_list_st *cipher_list) {
1108 if (cipher_list == NULL) {
1109 return;
1110 }
1111 sk_SSL_CIPHER_free(cipher_list->ciphers);
1112 OPENSSL_free(cipher_list->in_group_flags);
1113 OPENSSL_free(cipher_list);
1114 }
1115
SSL_certs_clear(SSL * ssl)1116 void SSL_certs_clear(SSL *ssl) { ssl_cert_clear_certs(ssl->cert); }
1117
SSL_get_fd(const SSL * ssl)1118 int SSL_get_fd(const SSL *ssl) { return SSL_get_rfd(ssl); }
1119
SSL_get_rfd(const SSL * ssl)1120 int SSL_get_rfd(const SSL *ssl) {
1121 int ret = -1;
1122 BIO *b = BIO_find_type(SSL_get_rbio(ssl), BIO_TYPE_DESCRIPTOR);
1123 if (b != NULL) {
1124 BIO_get_fd(b, &ret);
1125 }
1126 return ret;
1127 }
1128
SSL_get_wfd(const SSL * ssl)1129 int SSL_get_wfd(const SSL *ssl) {
1130 int ret = -1;
1131 BIO *b = BIO_find_type(SSL_get_wbio(ssl), BIO_TYPE_DESCRIPTOR);
1132 if (b != NULL) {
1133 BIO_get_fd(b, &ret);
1134 }
1135 return ret;
1136 }
1137
SSL_set_fd(SSL * ssl,int fd)1138 int SSL_set_fd(SSL *ssl, int fd) {
1139 BIO *bio = BIO_new(BIO_s_socket());
1140 if (bio == NULL) {
1141 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
1142 return 0;
1143 }
1144 BIO_set_fd(bio, fd, BIO_NOCLOSE);
1145 SSL_set_bio(ssl, bio, bio);
1146 return 1;
1147 }
1148
SSL_set_wfd(SSL * ssl,int fd)1149 int SSL_set_wfd(SSL *ssl, int fd) {
1150 BIO *rbio = SSL_get_rbio(ssl);
1151 if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET ||
1152 BIO_get_fd(rbio, NULL) != fd) {
1153 BIO *bio = BIO_new(BIO_s_socket());
1154 if (bio == NULL) {
1155 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
1156 return 0;
1157 }
1158 BIO_set_fd(bio, fd, BIO_NOCLOSE);
1159 SSL_set0_wbio(ssl, bio);
1160 } else {
1161 /* Copy the rbio over to the wbio. */
1162 BIO_up_ref(rbio);
1163 SSL_set0_wbio(ssl, rbio);
1164 }
1165
1166 return 1;
1167 }
1168
SSL_set_rfd(SSL * ssl,int fd)1169 int SSL_set_rfd(SSL *ssl, int fd) {
1170 BIO *wbio = SSL_get_wbio(ssl);
1171 if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET ||
1172 BIO_get_fd(wbio, NULL) != fd) {
1173 BIO *bio = BIO_new(BIO_s_socket());
1174 if (bio == NULL) {
1175 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
1176 return 0;
1177 }
1178 BIO_set_fd(bio, fd, BIO_NOCLOSE);
1179 SSL_set0_rbio(ssl, bio);
1180 } else {
1181 /* Copy the wbio over to the rbio. */
1182 BIO_up_ref(wbio);
1183 SSL_set0_rbio(ssl, wbio);
1184 }
1185 return 1;
1186 }
1187
copy_finished(void * out,size_t out_len,const uint8_t * in,size_t in_len)1188 static size_t copy_finished(void *out, size_t out_len, const uint8_t *in,
1189 size_t in_len) {
1190 if (out_len > in_len) {
1191 out_len = in_len;
1192 }
1193 OPENSSL_memcpy(out, in, out_len);
1194 return in_len;
1195 }
1196
SSL_get_finished(const SSL * ssl,void * buf,size_t count)1197 size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
1198 if (!ssl->s3->initial_handshake_complete ||
1199 ssl3_protocol_version(ssl) < TLS1_VERSION ||
1200 ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
1201 return 0;
1202 }
1203
1204 if (ssl->server) {
1205 return copy_finished(buf, count, ssl->s3->previous_server_finished,
1206 ssl->s3->previous_server_finished_len);
1207 }
1208
1209 return copy_finished(buf, count, ssl->s3->previous_client_finished,
1210 ssl->s3->previous_client_finished_len);
1211 }
1212
SSL_get_peer_finished(const SSL * ssl,void * buf,size_t count)1213 size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
1214 if (!ssl->s3->initial_handshake_complete ||
1215 ssl3_protocol_version(ssl) < TLS1_VERSION ||
1216 ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
1217 return 0;
1218 }
1219
1220 if (ssl->server) {
1221 return copy_finished(buf, count, ssl->s3->previous_client_finished,
1222 ssl->s3->previous_client_finished_len);
1223 }
1224
1225 return copy_finished(buf, count, ssl->s3->previous_server_finished,
1226 ssl->s3->previous_server_finished_len);
1227 }
1228
SSL_get_verify_mode(const SSL * ssl)1229 int SSL_get_verify_mode(const SSL *ssl) { return ssl->verify_mode; }
1230
SSL_get_extms_support(const SSL * ssl)1231 int SSL_get_extms_support(const SSL *ssl) {
1232 /* TLS 1.3 does not require extended master secret and always reports as
1233 * supporting it. */
1234 if (!ssl->s3->have_version) {
1235 return 0;
1236 }
1237 if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
1238 return 1;
1239 }
1240
1241 /* If the initial handshake completed, query the established session. */
1242 if (ssl->s3->established_session != NULL) {
1243 return ssl->s3->established_session->extended_master_secret;
1244 }
1245
1246 /* Otherwise, query the in-progress handshake. */
1247 if (ssl->s3->hs != NULL) {
1248 return ssl->s3->hs->extended_master_secret;
1249 }
1250 assert(0);
1251 return 0;
1252 }
1253
SSL_CTX_get_read_ahead(const SSL_CTX * ctx)1254 int SSL_CTX_get_read_ahead(const SSL_CTX *ctx) { return 0; }
1255
SSL_get_read_ahead(const SSL * ssl)1256 int SSL_get_read_ahead(const SSL *ssl) { return 0; }
1257
SSL_CTX_set_read_ahead(SSL_CTX * ctx,int yes)1258 void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { }
1259
SSL_set_read_ahead(SSL * ssl,int yes)1260 void SSL_set_read_ahead(SSL *ssl, int yes) { }
1261
SSL_pending(const SSL * ssl)1262 int SSL_pending(const SSL *ssl) {
1263 if (ssl->s3->rrec.type != SSL3_RT_APPLICATION_DATA) {
1264 return 0;
1265 }
1266 return ssl->s3->rrec.length;
1267 }
1268
1269 /* Fix this so it checks all the valid key/cert options */
SSL_CTX_check_private_key(const SSL_CTX * ctx)1270 int SSL_CTX_check_private_key(const SSL_CTX *ctx) {
1271 return ssl_cert_check_private_key(ctx->cert, ctx->cert->privatekey);
1272 }
1273
1274 /* Fix this function so that it takes an optional type parameter */
SSL_check_private_key(const SSL * ssl)1275 int SSL_check_private_key(const SSL *ssl) {
1276 return ssl_cert_check_private_key(ssl->cert, ssl->cert->privatekey);
1277 }
1278
SSL_get_default_timeout(const SSL * ssl)1279 long SSL_get_default_timeout(const SSL *ssl) {
1280 return SSL_DEFAULT_SESSION_TIMEOUT;
1281 }
1282
SSL_renegotiate(SSL * ssl)1283 int SSL_renegotiate(SSL *ssl) {
1284 /* Caller-initiated renegotiation is not supported. */
1285 OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1286 return 0;
1287 }
1288
SSL_renegotiate_pending(SSL * ssl)1289 int SSL_renegotiate_pending(SSL *ssl) {
1290 return SSL_in_init(ssl) && ssl->s3->initial_handshake_complete;
1291 }
1292
SSL_total_renegotiations(const SSL * ssl)1293 int SSL_total_renegotiations(const SSL *ssl) {
1294 return ssl->s3->total_renegotiations;
1295 }
1296
SSL_CTX_get_max_cert_list(const SSL_CTX * ctx)1297 size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx) {
1298 return ctx->max_cert_list;
1299 }
1300
SSL_CTX_set_max_cert_list(SSL_CTX * ctx,size_t max_cert_list)1301 void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, size_t max_cert_list) {
1302 if (max_cert_list > kMaxHandshakeSize) {
1303 max_cert_list = kMaxHandshakeSize;
1304 }
1305 ctx->max_cert_list = (uint32_t)max_cert_list;
1306 }
1307
SSL_get_max_cert_list(const SSL * ssl)1308 size_t SSL_get_max_cert_list(const SSL *ssl) {
1309 return ssl->max_cert_list;
1310 }
1311
SSL_set_max_cert_list(SSL * ssl,size_t max_cert_list)1312 void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) {
1313 if (max_cert_list > kMaxHandshakeSize) {
1314 max_cert_list = kMaxHandshakeSize;
1315 }
1316 ssl->max_cert_list = (uint32_t)max_cert_list;
1317 }
1318
SSL_CTX_set_max_send_fragment(SSL_CTX * ctx,size_t max_send_fragment)1319 int SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) {
1320 if (max_send_fragment < 512) {
1321 max_send_fragment = 512;
1322 }
1323 if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
1324 max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1325 }
1326 ctx->max_send_fragment = (uint16_t)max_send_fragment;
1327
1328 return 1;
1329 }
1330
SSL_set_max_send_fragment(SSL * ssl,size_t max_send_fragment)1331 int SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) {
1332 if (max_send_fragment < 512) {
1333 max_send_fragment = 512;
1334 }
1335 if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
1336 max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1337 }
1338 ssl->max_send_fragment = (uint16_t)max_send_fragment;
1339
1340 return 1;
1341 }
1342
SSL_set_mtu(SSL * ssl,unsigned mtu)1343 int SSL_set_mtu(SSL *ssl, unsigned mtu) {
1344 if (!SSL_is_dtls(ssl) || mtu < dtls1_min_mtu()) {
1345 return 0;
1346 }
1347 ssl->d1->mtu = mtu;
1348 return 1;
1349 }
1350
SSL_get_secure_renegotiation_support(const SSL * ssl)1351 int SSL_get_secure_renegotiation_support(const SSL *ssl) {
1352 if (!ssl->s3->have_version) {
1353 return 0;
1354 }
1355 return ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
1356 ssl->s3->send_connection_binding;
1357 }
1358
LHASH_OF(SSL_SESSION)1359 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; }
1360
SSL_CTX_sess_number(const SSL_CTX * ctx)1361 size_t SSL_CTX_sess_number(const SSL_CTX *ctx) {
1362 return lh_SSL_SESSION_num_items(ctx->sessions);
1363 }
1364
SSL_CTX_sess_set_cache_size(SSL_CTX * ctx,unsigned long size)1365 unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, unsigned long size) {
1366 unsigned long ret = ctx->session_cache_size;
1367 ctx->session_cache_size = size;
1368 return ret;
1369 }
1370
SSL_CTX_sess_get_cache_size(const SSL_CTX * ctx)1371 unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx) {
1372 return ctx->session_cache_size;
1373 }
1374
SSL_CTX_set_session_cache_mode(SSL_CTX * ctx,int mode)1375 int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode) {
1376 int ret = ctx->session_cache_mode;
1377 ctx->session_cache_mode = mode;
1378 return ret;
1379 }
1380
SSL_CTX_get_session_cache_mode(const SSL_CTX * ctx)1381 int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx) {
1382 return ctx->session_cache_mode;
1383 }
1384
1385
SSL_CTX_get_tlsext_ticket_keys(SSL_CTX * ctx,void * out,size_t len)1386 int SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, void *out, size_t len) {
1387 if (out == NULL) {
1388 return 48;
1389 }
1390 if (len != 48) {
1391 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
1392 return 0;
1393 }
1394 uint8_t *out_bytes = out;
1395 OPENSSL_memcpy(out_bytes, ctx->tlsext_tick_key_name, 16);
1396 OPENSSL_memcpy(out_bytes + 16, ctx->tlsext_tick_hmac_key, 16);
1397 OPENSSL_memcpy(out_bytes + 32, ctx->tlsext_tick_aes_key, 16);
1398 return 1;
1399 }
1400
SSL_CTX_set_tlsext_ticket_keys(SSL_CTX * ctx,const void * in,size_t len)1401 int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, size_t len) {
1402 if (in == NULL) {
1403 return 48;
1404 }
1405 if (len != 48) {
1406 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
1407 return 0;
1408 }
1409 const uint8_t *in_bytes = in;
1410 OPENSSL_memcpy(ctx->tlsext_tick_key_name, in_bytes, 16);
1411 OPENSSL_memcpy(ctx->tlsext_tick_hmac_key, in_bytes + 16, 16);
1412 OPENSSL_memcpy(ctx->tlsext_tick_aes_key, in_bytes + 32, 16);
1413 return 1;
1414 }
1415
SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX * ctx,int (* callback)(SSL * ssl,uint8_t * key_name,uint8_t * iv,EVP_CIPHER_CTX * ctx,HMAC_CTX * hmac_ctx,int encrypt))1416 int SSL_CTX_set_tlsext_ticket_key_cb(
1417 SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
1418 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
1419 int encrypt)) {
1420 ctx->tlsext_ticket_key_cb = callback;
1421 return 1;
1422 }
1423
SSL_CTX_set1_curves(SSL_CTX * ctx,const int * curves,size_t curves_len)1424 int SSL_CTX_set1_curves(SSL_CTX *ctx, const int *curves, size_t curves_len) {
1425 return tls1_set_curves(&ctx->supported_group_list,
1426 &ctx->supported_group_list_len, curves,
1427 curves_len);
1428 }
1429
SSL_set1_curves(SSL * ssl,const int * curves,size_t curves_len)1430 int SSL_set1_curves(SSL *ssl, const int *curves, size_t curves_len) {
1431 return tls1_set_curves(&ssl->supported_group_list,
1432 &ssl->supported_group_list_len, curves,
1433 curves_len);
1434 }
1435
SSL_CTX_set1_curves_list(SSL_CTX * ctx,const char * curves)1436 int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves) {
1437 return tls1_set_curves_list(&ctx->supported_group_list,
1438 &ctx->supported_group_list_len, curves);
1439 }
1440
SSL_set1_curves_list(SSL * ssl,const char * curves)1441 int SSL_set1_curves_list(SSL *ssl, const char *curves) {
1442 return tls1_set_curves_list(&ssl->supported_group_list,
1443 &ssl->supported_group_list_len, curves);
1444 }
1445
SSL_get_curve_id(const SSL * ssl)1446 uint16_t SSL_get_curve_id(const SSL *ssl) {
1447 /* TODO(davidben): This checks the wrong session if there is a renegotiation in
1448 * progress. */
1449 SSL_SESSION *session = SSL_get_session(ssl);
1450 if (session == NULL) {
1451 return 0;
1452 }
1453
1454 return session->group_id;
1455 }
1456
SSL_CTX_set_tmp_dh(SSL_CTX * ctx,const DH * dh)1457 int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) {
1458 DH_free(ctx->cert->dh_tmp);
1459 ctx->cert->dh_tmp = DHparams_dup(dh);
1460 if (ctx->cert->dh_tmp == NULL) {
1461 OPENSSL_PUT_ERROR(SSL, ERR_R_DH_LIB);
1462 return 0;
1463 }
1464 return 1;
1465 }
1466
SSL_set_tmp_dh(SSL * ssl,const DH * dh)1467 int SSL_set_tmp_dh(SSL *ssl, const DH *dh) {
1468 DH_free(ssl->cert->dh_tmp);
1469 ssl->cert->dh_tmp = DHparams_dup(dh);
1470 if (ssl->cert->dh_tmp == NULL) {
1471 OPENSSL_PUT_ERROR(SSL, ERR_R_DH_LIB);
1472 return 0;
1473 }
1474 return 1;
1475 }
1476
STACK_OF(SSL_CIPHER)1477 OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
1478 return ctx->cipher_list->ciphers;
1479 }
1480
STACK_OF(SSL_CIPHER)1481 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) {
1482 if (ssl == NULL) {
1483 return NULL;
1484 }
1485
1486 const struct ssl_cipher_preference_list_st *prefs =
1487 ssl_get_cipher_preferences(ssl);
1488 if (prefs == NULL) {
1489 return NULL;
1490 }
1491
1492 return prefs->ciphers;
1493 }
1494
SSL_get_cipher_list(const SSL * ssl,int n)1495 const char *SSL_get_cipher_list(const SSL *ssl, int n) {
1496 if (ssl == NULL) {
1497 return NULL;
1498 }
1499
1500 STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
1501 if (sk == NULL || n < 0 || (size_t)n >= sk_SSL_CIPHER_num(sk)) {
1502 return NULL;
1503 }
1504
1505 const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, n);
1506 if (c == NULL) {
1507 return NULL;
1508 }
1509
1510 return c->name;
1511 }
1512
SSL_CTX_set_cipher_list(SSL_CTX * ctx,const char * str)1513 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) {
1514 return ssl_create_cipher_list(ctx->method, &ctx->cipher_list, str,
1515 0 /* not strict */);
1516 }
1517
SSL_CTX_set_strict_cipher_list(SSL_CTX * ctx,const char * str)1518 int SSL_CTX_set_strict_cipher_list(SSL_CTX *ctx, const char *str) {
1519 return ssl_create_cipher_list(ctx->method, &ctx->cipher_list, str,
1520 1 /* strict */);
1521 }
1522
SSL_set_cipher_list(SSL * ssl,const char * str)1523 int SSL_set_cipher_list(SSL *ssl, const char *str) {
1524 return ssl_create_cipher_list(ssl->ctx->method, &ssl->cipher_list, str,
1525 0 /* not strict */);
1526 }
1527
SSL_set_strict_cipher_list(SSL * ssl,const char * str)1528 int SSL_set_strict_cipher_list(SSL *ssl, const char *str) {
1529 return ssl_create_cipher_list(ssl->ctx->method, &ssl->cipher_list, str,
1530 1 /* strict */);
1531 }
1532
SSL_get_servername(const SSL * ssl,const int type)1533 const char *SSL_get_servername(const SSL *ssl, const int type) {
1534 if (type != TLSEXT_NAMETYPE_host_name) {
1535 return NULL;
1536 }
1537
1538 /* Historically, |SSL_get_servername| was also the configuration getter
1539 * corresponding to |SSL_set_tlsext_host_name|. */
1540 if (ssl->tlsext_hostname != NULL) {
1541 return ssl->tlsext_hostname;
1542 }
1543
1544 /* During the handshake, report the handshake value. */
1545 if (ssl->s3->hs != NULL) {
1546 return ssl->s3->hs->hostname;
1547 }
1548
1549 /* SSL_get_servername may also be called after the handshake to look up the
1550 * SNI value.
1551 *
1552 * TODO(davidben): This is almost unused. Can we remove it? */
1553 SSL_SESSION *session = SSL_get_session(ssl);
1554 if (session == NULL) {
1555 return NULL;
1556 }
1557 return session->tlsext_hostname;
1558 }
1559
SSL_get_servername_type(const SSL * ssl)1560 int SSL_get_servername_type(const SSL *ssl) {
1561 SSL_SESSION *session = SSL_get_session(ssl);
1562 if (session == NULL || session->tlsext_hostname == NULL) {
1563 return -1;
1564 }
1565 return TLSEXT_NAMETYPE_host_name;
1566 }
1567
SSL_CTX_enable_signed_cert_timestamps(SSL_CTX * ctx)1568 void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx) {
1569 ctx->signed_cert_timestamps_enabled = 1;
1570 }
1571
SSL_CTX_i_promise_to_verify_certs_after_the_handshake(SSL_CTX * ctx)1572 void SSL_CTX_i_promise_to_verify_certs_after_the_handshake(SSL_CTX *ctx) {
1573 ctx->i_promise_to_verify_certs_after_the_handshake = 1;
1574 }
1575
SSL_enable_signed_cert_timestamps(SSL * ssl)1576 void SSL_enable_signed_cert_timestamps(SSL *ssl) {
1577 ssl->signed_cert_timestamps_enabled = 1;
1578 }
1579
SSL_CTX_enable_ocsp_stapling(SSL_CTX * ctx)1580 void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) {
1581 ctx->ocsp_stapling_enabled = 1;
1582 }
1583
SSL_enable_ocsp_stapling(SSL * ssl)1584 void SSL_enable_ocsp_stapling(SSL *ssl) {
1585 ssl->ocsp_stapling_enabled = 1;
1586 }
1587
SSL_get0_signed_cert_timestamp_list(const SSL * ssl,const uint8_t ** out,size_t * out_len)1588 void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out,
1589 size_t *out_len) {
1590 SSL_SESSION *session = SSL_get_session(ssl);
1591
1592 *out_len = 0;
1593 *out = NULL;
1594 if (ssl->server || !session || !session->tlsext_signed_cert_timestamp_list) {
1595 return;
1596 }
1597
1598 *out = session->tlsext_signed_cert_timestamp_list;
1599 *out_len = session->tlsext_signed_cert_timestamp_list_length;
1600 }
1601
SSL_get0_ocsp_response(const SSL * ssl,const uint8_t ** out,size_t * out_len)1602 void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out,
1603 size_t *out_len) {
1604 SSL_SESSION *session = SSL_get_session(ssl);
1605
1606 *out_len = 0;
1607 *out = NULL;
1608 if (ssl->server || !session || !session->ocsp_response) {
1609 return;
1610 }
1611 *out = session->ocsp_response;
1612 *out_len = session->ocsp_response_length;
1613 }
1614
SSL_set_tlsext_host_name(SSL * ssl,const char * name)1615 int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {
1616 OPENSSL_free(ssl->tlsext_hostname);
1617 ssl->tlsext_hostname = NULL;
1618
1619 if (name == NULL) {
1620 return 1;
1621 }
1622
1623 size_t len = strlen(name);
1624 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
1625 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
1626 return 0;
1627 }
1628 ssl->tlsext_hostname = BUF_strdup(name);
1629 if (ssl->tlsext_hostname == NULL) {
1630 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1631 return 0;
1632 }
1633 return 1;
1634 }
1635
SSL_CTX_set_tlsext_servername_callback(SSL_CTX * ctx,int (* callback)(SSL * ssl,int * out_alert,void * arg))1636 int SSL_CTX_set_tlsext_servername_callback(
1637 SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)) {
1638 ctx->tlsext_servername_callback = callback;
1639 return 1;
1640 }
1641
SSL_CTX_set_tlsext_servername_arg(SSL_CTX * ctx,void * arg)1642 int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) {
1643 ctx->tlsext_servername_arg = arg;
1644 return 1;
1645 }
1646
SSL_select_next_proto(uint8_t ** out,uint8_t * out_len,const uint8_t * server,unsigned server_len,const uint8_t * client,unsigned client_len)1647 int SSL_select_next_proto(uint8_t **out, uint8_t *out_len,
1648 const uint8_t *server, unsigned server_len,
1649 const uint8_t *client, unsigned client_len) {
1650 unsigned int i, j;
1651 const uint8_t *result;
1652 int status = OPENSSL_NPN_UNSUPPORTED;
1653
1654 /* For each protocol in server preference order, see if we support it. */
1655 for (i = 0; i < server_len;) {
1656 for (j = 0; j < client_len;) {
1657 if (server[i] == client[j] &&
1658 OPENSSL_memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
1659 /* We found a match */
1660 result = &server[i];
1661 status = OPENSSL_NPN_NEGOTIATED;
1662 goto found;
1663 }
1664 j += client[j];
1665 j++;
1666 }
1667 i += server[i];
1668 i++;
1669 }
1670
1671 /* There's no overlap between our protocols and the server's list. */
1672 result = client;
1673 status = OPENSSL_NPN_NO_OVERLAP;
1674
1675 found:
1676 *out = (uint8_t *)result + 1;
1677 *out_len = result[0];
1678 return status;
1679 }
1680
SSL_get0_next_proto_negotiated(const SSL * ssl,const uint8_t ** out_data,unsigned * out_len)1681 void SSL_get0_next_proto_negotiated(const SSL *ssl, const uint8_t **out_data,
1682 unsigned *out_len) {
1683 *out_data = ssl->s3->next_proto_negotiated;
1684 if (*out_data == NULL) {
1685 *out_len = 0;
1686 } else {
1687 *out_len = ssl->s3->next_proto_negotiated_len;
1688 }
1689 }
1690
SSL_CTX_set_next_protos_advertised_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,const uint8_t ** out,unsigned * out_len,void * arg),void * arg)1691 void SSL_CTX_set_next_protos_advertised_cb(
1692 SSL_CTX *ctx,
1693 int (*cb)(SSL *ssl, const uint8_t **out, unsigned *out_len, void *arg),
1694 void *arg) {
1695 ctx->next_protos_advertised_cb = cb;
1696 ctx->next_protos_advertised_cb_arg = arg;
1697 }
1698
SSL_CTX_set_next_proto_select_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg),void * arg)1699 void SSL_CTX_set_next_proto_select_cb(
1700 SSL_CTX *ctx, int (*cb)(SSL *ssl, uint8_t **out, uint8_t *out_len,
1701 const uint8_t *in, unsigned in_len, void *arg),
1702 void *arg) {
1703 ctx->next_proto_select_cb = cb;
1704 ctx->next_proto_select_cb_arg = arg;
1705 }
1706
SSL_CTX_set_alpn_protos(SSL_CTX * ctx,const uint8_t * protos,unsigned protos_len)1707 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
1708 unsigned protos_len) {
1709 OPENSSL_free(ctx->alpn_client_proto_list);
1710 ctx->alpn_client_proto_list = BUF_memdup(protos, protos_len);
1711 if (!ctx->alpn_client_proto_list) {
1712 return 1;
1713 }
1714 ctx->alpn_client_proto_list_len = protos_len;
1715
1716 return 0;
1717 }
1718
SSL_set_alpn_protos(SSL * ssl,const uint8_t * protos,unsigned protos_len)1719 int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) {
1720 OPENSSL_free(ssl->alpn_client_proto_list);
1721 ssl->alpn_client_proto_list = BUF_memdup(protos, protos_len);
1722 if (!ssl->alpn_client_proto_list) {
1723 return 1;
1724 }
1725 ssl->alpn_client_proto_list_len = protos_len;
1726
1727 return 0;
1728 }
1729
SSL_CTX_set_alpn_select_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,const uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg),void * arg)1730 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
1731 int (*cb)(SSL *ssl, const uint8_t **out,
1732 uint8_t *out_len, const uint8_t *in,
1733 unsigned in_len, void *arg),
1734 void *arg) {
1735 ctx->alpn_select_cb = cb;
1736 ctx->alpn_select_cb_arg = arg;
1737 }
1738
SSL_get0_alpn_selected(const SSL * ssl,const uint8_t ** out_data,unsigned * out_len)1739 void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **out_data,
1740 unsigned *out_len) {
1741 *out_data = NULL;
1742 if (ssl->s3) {
1743 *out_data = ssl->s3->alpn_selected;
1744 }
1745 if (*out_data == NULL) {
1746 *out_len = 0;
1747 } else {
1748 *out_len = ssl->s3->alpn_selected_len;
1749 }
1750 }
1751
1752
SSL_CTX_set_tls_channel_id_enabled(SSL_CTX * ctx,int enabled)1753 void SSL_CTX_set_tls_channel_id_enabled(SSL_CTX *ctx, int enabled) {
1754 ctx->tlsext_channel_id_enabled = !!enabled;
1755 }
1756
SSL_CTX_enable_tls_channel_id(SSL_CTX * ctx)1757 int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx) {
1758 SSL_CTX_set_tls_channel_id_enabled(ctx, 1);
1759 return 1;
1760 }
1761
SSL_set_tls_channel_id_enabled(SSL * ssl,int enabled)1762 void SSL_set_tls_channel_id_enabled(SSL *ssl, int enabled) {
1763 ssl->tlsext_channel_id_enabled = !!enabled;
1764 }
1765
SSL_enable_tls_channel_id(SSL * ssl)1766 int SSL_enable_tls_channel_id(SSL *ssl) {
1767 SSL_set_tls_channel_id_enabled(ssl, 1);
1768 return 1;
1769 }
1770
is_p256_key(EVP_PKEY * private_key)1771 static int is_p256_key(EVP_PKEY *private_key) {
1772 const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(private_key);
1773 return ec_key != NULL &&
1774 EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) ==
1775 NID_X9_62_prime256v1;
1776 }
1777
SSL_CTX_set1_tls_channel_id(SSL_CTX * ctx,EVP_PKEY * private_key)1778 int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) {
1779 if (!is_p256_key(private_key)) {
1780 OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_NOT_P256);
1781 return 0;
1782 }
1783
1784 EVP_PKEY_free(ctx->tlsext_channel_id_private);
1785 EVP_PKEY_up_ref(private_key);
1786 ctx->tlsext_channel_id_private = private_key;
1787 ctx->tlsext_channel_id_enabled = 1;
1788
1789 return 1;
1790 }
1791
SSL_set1_tls_channel_id(SSL * ssl,EVP_PKEY * private_key)1792 int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key) {
1793 if (!is_p256_key(private_key)) {
1794 OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_NOT_P256);
1795 return 0;
1796 }
1797
1798 EVP_PKEY_free(ssl->tlsext_channel_id_private);
1799 EVP_PKEY_up_ref(private_key);
1800 ssl->tlsext_channel_id_private = private_key;
1801 ssl->tlsext_channel_id_enabled = 1;
1802
1803 return 1;
1804 }
1805
SSL_get_tls_channel_id(SSL * ssl,uint8_t * out,size_t max_out)1806 size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) {
1807 if (!ssl->s3->tlsext_channel_id_valid) {
1808 return 0;
1809 }
1810 OPENSSL_memcpy(out, ssl->s3->tlsext_channel_id,
1811 (max_out < 64) ? max_out : 64);
1812 return 64;
1813 }
1814
SSL_get0_certificate_types(SSL * ssl,const uint8_t ** out_types)1815 size_t SSL_get0_certificate_types(SSL *ssl, const uint8_t **out_types) {
1816 if (ssl->server || ssl->s3->hs == NULL) {
1817 *out_types = NULL;
1818 return 0;
1819 }
1820 *out_types = ssl->s3->hs->certificate_types;
1821 return ssl->s3->hs->num_certificate_types;
1822 }
1823
ssl_update_cache(SSL_HANDSHAKE * hs,int mode)1824 void ssl_update_cache(SSL_HANDSHAKE *hs, int mode) {
1825 SSL *const ssl = hs->ssl;
1826 SSL_CTX *ctx = ssl->session_ctx;
1827 /* Never cache sessions with empty session IDs. */
1828 if (ssl->s3->established_session->session_id_length == 0 ||
1829 (ctx->session_cache_mode & mode) != mode) {
1830 return;
1831 }
1832
1833 /* Clients never use the internal session cache. */
1834 int use_internal_cache = ssl->server && !(ctx->session_cache_mode &
1835 SSL_SESS_CACHE_NO_INTERNAL_STORE);
1836
1837 /* A client may see new sessions on abbreviated handshakes if the server
1838 * decides to renew the ticket. Once the handshake is completed, it should be
1839 * inserted into the cache. */
1840 if (ssl->s3->established_session != ssl->session ||
1841 (!ssl->server && hs->ticket_expected)) {
1842 if (use_internal_cache) {
1843 SSL_CTX_add_session(ctx, ssl->s3->established_session);
1844 }
1845 if (ctx->new_session_cb != NULL) {
1846 SSL_SESSION_up_ref(ssl->s3->established_session);
1847 if (!ctx->new_session_cb(ssl, ssl->s3->established_session)) {
1848 /* |new_session_cb|'s return value signals whether it took ownership. */
1849 SSL_SESSION_free(ssl->s3->established_session);
1850 }
1851 }
1852 }
1853
1854 if (use_internal_cache &&
1855 !(ctx->session_cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR)) {
1856 /* Automatically flush the internal session cache every 255 connections. */
1857 int flush_cache = 0;
1858 CRYPTO_MUTEX_lock_write(&ctx->lock);
1859 ctx->handshakes_since_cache_flush++;
1860 if (ctx->handshakes_since_cache_flush >= 255) {
1861 flush_cache = 1;
1862 ctx->handshakes_since_cache_flush = 0;
1863 }
1864 CRYPTO_MUTEX_unlock_write(&ctx->lock);
1865
1866 if (flush_cache) {
1867 struct OPENSSL_timeval now;
1868 ssl_get_current_time(ssl, &now);
1869 SSL_CTX_flush_sessions(ctx, now.tv_sec);
1870 }
1871 }
1872 }
1873
ssl_get_version(int version)1874 static const char *ssl_get_version(int version) {
1875 switch (version) {
1876 /* Report TLS 1.3 draft version as TLS 1.3 in the public API. */
1877 case TLS1_3_DRAFT_VERSION:
1878 return "TLSv1.3";
1879
1880 case TLS1_2_VERSION:
1881 return "TLSv1.2";
1882
1883 case TLS1_1_VERSION:
1884 return "TLSv1.1";
1885
1886 case TLS1_VERSION:
1887 return "TLSv1";
1888
1889 case SSL3_VERSION:
1890 return "SSLv3";
1891
1892 case DTLS1_VERSION:
1893 return "DTLSv1";
1894
1895 case DTLS1_2_VERSION:
1896 return "DTLSv1.2";
1897
1898 default:
1899 return "unknown";
1900 }
1901 }
1902
SSL_get_version(const SSL * ssl)1903 const char *SSL_get_version(const SSL *ssl) {
1904 return ssl_get_version(ssl->version);
1905 }
1906
SSL_SESSION_get_version(const SSL_SESSION * session)1907 const char *SSL_SESSION_get_version(const SSL_SESSION *session) {
1908 return ssl_get_version(session->ssl_version);
1909 }
1910
SSL_get_privatekey(const SSL * ssl)1911 EVP_PKEY *SSL_get_privatekey(const SSL *ssl) {
1912 if (ssl->cert != NULL) {
1913 return ssl->cert->privatekey;
1914 }
1915
1916 return NULL;
1917 }
1918
SSL_CTX_get0_privatekey(const SSL_CTX * ctx)1919 EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) {
1920 if (ctx->cert != NULL) {
1921 return ctx->cert->privatekey;
1922 }
1923
1924 return NULL;
1925 }
1926
SSL_get_current_cipher(const SSL * ssl)1927 const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl) {
1928 if (ssl->s3->aead_write_ctx == NULL) {
1929 return NULL;
1930 }
1931 return ssl->s3->aead_write_ctx->cipher;
1932 }
1933
SSL_session_reused(const SSL * ssl)1934 int SSL_session_reused(const SSL *ssl) {
1935 return ssl->s3->session_reused;
1936 }
1937
SSL_get_current_compression(SSL * ssl)1938 const COMP_METHOD *SSL_get_current_compression(SSL *ssl) { return NULL; }
1939
SSL_get_current_expansion(SSL * ssl)1940 const COMP_METHOD *SSL_get_current_expansion(SSL *ssl) { return NULL; }
1941
SSL_get_server_tmp_key(SSL * ssl,EVP_PKEY ** out_key)1942 int *SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **out_key) { return 0; }
1943
SSL_CTX_set_quiet_shutdown(SSL_CTX * ctx,int mode)1944 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) {
1945 ctx->quiet_shutdown = (mode != 0);
1946 }
1947
SSL_CTX_get_quiet_shutdown(const SSL_CTX * ctx)1948 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) {
1949 return ctx->quiet_shutdown;
1950 }
1951
SSL_set_quiet_shutdown(SSL * ssl,int mode)1952 void SSL_set_quiet_shutdown(SSL *ssl, int mode) {
1953 ssl->quiet_shutdown = (mode != 0);
1954 }
1955
SSL_get_quiet_shutdown(const SSL * ssl)1956 int SSL_get_quiet_shutdown(const SSL *ssl) { return ssl->quiet_shutdown; }
1957
SSL_set_shutdown(SSL * ssl,int mode)1958 void SSL_set_shutdown(SSL *ssl, int mode) {
1959 /* It is an error to clear any bits that have already been set. (We can't try
1960 * to get a second close_notify or send two.) */
1961 assert((SSL_get_shutdown(ssl) & mode) == SSL_get_shutdown(ssl));
1962
1963 if (mode & SSL_RECEIVED_SHUTDOWN &&
1964 ssl->s3->recv_shutdown == ssl_shutdown_none) {
1965 ssl->s3->recv_shutdown = ssl_shutdown_close_notify;
1966 }
1967
1968 if (mode & SSL_SENT_SHUTDOWN &&
1969 ssl->s3->send_shutdown == ssl_shutdown_none) {
1970 ssl->s3->send_shutdown = ssl_shutdown_close_notify;
1971 }
1972 }
1973
SSL_get_shutdown(const SSL * ssl)1974 int SSL_get_shutdown(const SSL *ssl) {
1975 int ret = 0;
1976 if (ssl->s3->recv_shutdown != ssl_shutdown_none) {
1977 /* Historically, OpenSSL set |SSL_RECEIVED_SHUTDOWN| on both close_notify
1978 * and fatal alert. */
1979 ret |= SSL_RECEIVED_SHUTDOWN;
1980 }
1981 if (ssl->s3->send_shutdown == ssl_shutdown_close_notify) {
1982 /* Historically, OpenSSL set |SSL_SENT_SHUTDOWN| on only close_notify. */
1983 ret |= SSL_SENT_SHUTDOWN;
1984 }
1985 return ret;
1986 }
1987
SSL_version(const SSL * ssl)1988 int SSL_version(const SSL *ssl) {
1989 /* Report TLS 1.3 draft version as TLS 1.3 in the public API. */
1990 if (ssl->version == TLS1_3_DRAFT_VERSION) {
1991 return TLS1_3_VERSION;
1992 }
1993
1994 return ssl->version;
1995 }
1996
SSL_get_SSL_CTX(const SSL * ssl)1997 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx; }
1998
SSL_set_SSL_CTX(SSL * ssl,SSL_CTX * ctx)1999 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) {
2000 if (ssl->ctx == ctx) {
2001 return ssl->ctx;
2002 }
2003
2004 /* One cannot change the X.509 callbacks during a connection. */
2005 if (ssl->ctx->x509_method != ctx->x509_method) {
2006 assert(0);
2007 return NULL;
2008 }
2009
2010 if (ctx == NULL) {
2011 ctx = ssl->session_ctx;
2012 }
2013
2014 ssl_cert_free(ssl->cert);
2015 ssl->cert = ssl_cert_dup(ctx->cert);
2016
2017 SSL_CTX_up_ref(ctx);
2018 SSL_CTX_free(ssl->ctx);
2019 ssl->ctx = ctx;
2020
2021 return ssl->ctx;
2022 }
2023
SSL_set_info_callback(SSL * ssl,void (* cb)(const SSL * ssl,int type,int value))2024 void SSL_set_info_callback(SSL *ssl,
2025 void (*cb)(const SSL *ssl, int type, int value)) {
2026 ssl->info_callback = cb;
2027 }
2028
SSL_get_info_callback(const SSL * ssl)2029 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type,
2030 int value) {
2031 return ssl->info_callback;
2032 }
2033
SSL_state(const SSL * ssl)2034 int SSL_state(const SSL *ssl) {
2035 return SSL_in_init(ssl) ? SSL_ST_INIT : SSL_ST_OK;
2036 }
2037
SSL_set_state(SSL * ssl,int state)2038 void SSL_set_state(SSL *ssl, int state) { }
2039
SSL_get_shared_ciphers(const SSL * ssl,char * buf,int len)2040 char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len) {
2041 if (len <= 0) {
2042 return NULL;
2043 }
2044 buf[0] = '\0';
2045 return buf;
2046 }
2047
SSL_get_ex_new_index(long argl,void * argp,CRYPTO_EX_unused * unused,CRYPTO_EX_dup * dup_func,CRYPTO_EX_free * free_func)2048 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
2049 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) {
2050 int index;
2051 if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl, &index, argl, argp,
2052 dup_func, free_func)) {
2053 return -1;
2054 }
2055 return index;
2056 }
2057
SSL_set_ex_data(SSL * ssl,int idx,void * arg)2058 int SSL_set_ex_data(SSL *ssl, int idx, void *arg) {
2059 return CRYPTO_set_ex_data(&ssl->ex_data, idx, arg);
2060 }
2061
SSL_get_ex_data(const SSL * ssl,int idx)2062 void *SSL_get_ex_data(const SSL *ssl, int idx) {
2063 return CRYPTO_get_ex_data(&ssl->ex_data, idx);
2064 }
2065
SSL_CTX_get_ex_new_index(long argl,void * argp,CRYPTO_EX_unused * unused,CRYPTO_EX_dup * dup_func,CRYPTO_EX_free * free_func)2066 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
2067 CRYPTO_EX_dup *dup_func,
2068 CRYPTO_EX_free *free_func) {
2069 int index;
2070 if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl_ctx, &index, argl, argp,
2071 dup_func, free_func)) {
2072 return -1;
2073 }
2074 return index;
2075 }
2076
SSL_CTX_set_ex_data(SSL_CTX * ctx,int idx,void * arg)2077 int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg) {
2078 return CRYPTO_set_ex_data(&ctx->ex_data, idx, arg);
2079 }
2080
SSL_CTX_get_ex_data(const SSL_CTX * ctx,int idx)2081 void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx) {
2082 return CRYPTO_get_ex_data(&ctx->ex_data, idx);
2083 }
2084
SSL_want(const SSL * ssl)2085 int SSL_want(const SSL *ssl) { return ssl->rwstate; }
2086
SSL_CTX_set_tmp_rsa_callback(SSL_CTX * ctx,RSA * (* cb)(SSL * ssl,int is_export,int keylength))2087 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
2088 RSA *(*cb)(SSL *ssl, int is_export,
2089 int keylength)) {
2090 }
2091
SSL_set_tmp_rsa_callback(SSL * ssl,RSA * (* cb)(SSL * ssl,int is_export,int keylength))2092 void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
2093 int keylength)) {
2094 }
2095
SSL_CTX_set_tmp_dh_callback(SSL_CTX * ctx,DH * (* callback)(SSL * ssl,int is_export,int keylength))2096 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
2097 DH *(*callback)(SSL *ssl, int is_export,
2098 int keylength)) {
2099 ctx->cert->dh_tmp_cb = callback;
2100 }
2101
SSL_set_tmp_dh_callback(SSL * ssl,DH * (* callback)(SSL * ssl,int is_export,int keylength))2102 void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*callback)(SSL *ssl, int is_export,
2103 int keylength)) {
2104 ssl->cert->dh_tmp_cb = callback;
2105 }
2106
SSL_CTX_use_psk_identity_hint(SSL_CTX * ctx,const char * identity_hint)2107 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) {
2108 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
2109 OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
2110 return 0;
2111 }
2112
2113 OPENSSL_free(ctx->psk_identity_hint);
2114
2115 if (identity_hint != NULL) {
2116 ctx->psk_identity_hint = BUF_strdup(identity_hint);
2117 if (ctx->psk_identity_hint == NULL) {
2118 return 0;
2119 }
2120 } else {
2121 ctx->psk_identity_hint = NULL;
2122 }
2123
2124 return 1;
2125 }
2126
SSL_use_psk_identity_hint(SSL * ssl,const char * identity_hint)2127 int SSL_use_psk_identity_hint(SSL *ssl, const char *identity_hint) {
2128 if (ssl == NULL) {
2129 return 0;
2130 }
2131
2132 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
2133 OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
2134 return 0;
2135 }
2136
2137 /* Clear currently configured hint, if any. */
2138 OPENSSL_free(ssl->psk_identity_hint);
2139 ssl->psk_identity_hint = NULL;
2140
2141 /* Treat the empty hint as not supplying one. Plain PSK makes it possible to
2142 * send either no hint (omit ServerKeyExchange) or an empty hint, while
2143 * ECDHE_PSK can only spell empty hint. Having different capabilities is odd,
2144 * so we interpret empty and missing as identical. */
2145 if (identity_hint != NULL && identity_hint[0] != '\0') {
2146 ssl->psk_identity_hint = BUF_strdup(identity_hint);
2147 if (ssl->psk_identity_hint == NULL) {
2148 return 0;
2149 }
2150 }
2151
2152 return 1;
2153 }
2154
SSL_get_psk_identity_hint(const SSL * ssl)2155 const char *SSL_get_psk_identity_hint(const SSL *ssl) {
2156 if (ssl == NULL) {
2157 return NULL;
2158 }
2159 return ssl->psk_identity_hint;
2160 }
2161
SSL_get_psk_identity(const SSL * ssl)2162 const char *SSL_get_psk_identity(const SSL *ssl) {
2163 if (ssl == NULL) {
2164 return NULL;
2165 }
2166 SSL_SESSION *session = SSL_get_session(ssl);
2167 if (session == NULL) {
2168 return NULL;
2169 }
2170 return session->psk_identity;
2171 }
2172
SSL_set_psk_client_callback(SSL * ssl,unsigned (* cb)(SSL * ssl,const char * hint,char * identity,unsigned max_identity_len,uint8_t * psk,unsigned max_psk_len))2173 void SSL_set_psk_client_callback(
2174 SSL *ssl, unsigned (*cb)(SSL *ssl, const char *hint, char *identity,
2175 unsigned max_identity_len, uint8_t *psk,
2176 unsigned max_psk_len)) {
2177 ssl->psk_client_callback = cb;
2178 }
2179
SSL_CTX_set_psk_client_callback(SSL_CTX * ctx,unsigned (* cb)(SSL * ssl,const char * hint,char * identity,unsigned max_identity_len,uint8_t * psk,unsigned max_psk_len))2180 void SSL_CTX_set_psk_client_callback(
2181 SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *hint, char *identity,
2182 unsigned max_identity_len, uint8_t *psk,
2183 unsigned max_psk_len)) {
2184 ctx->psk_client_callback = cb;
2185 }
2186
SSL_set_psk_server_callback(SSL * ssl,unsigned (* cb)(SSL * ssl,const char * identity,uint8_t * psk,unsigned max_psk_len))2187 void SSL_set_psk_server_callback(
2188 SSL *ssl, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk,
2189 unsigned max_psk_len)) {
2190 ssl->psk_server_callback = cb;
2191 }
2192
SSL_CTX_set_psk_server_callback(SSL_CTX * ctx,unsigned (* cb)(SSL * ssl,const char * identity,uint8_t * psk,unsigned max_psk_len))2193 void SSL_CTX_set_psk_server_callback(
2194 SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity,
2195 uint8_t *psk, unsigned max_psk_len)) {
2196 ctx->psk_server_callback = cb;
2197 }
2198
SSL_CTX_set_msg_callback(SSL_CTX * ctx,void (* cb)(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg))2199 void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
2200 void (*cb)(int write_p, int version,
2201 int content_type, const void *buf,
2202 size_t len, SSL *ssl, void *arg)) {
2203 ctx->msg_callback = cb;
2204 }
2205
SSL_CTX_set_msg_callback_arg(SSL_CTX * ctx,void * arg)2206 void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg) {
2207 ctx->msg_callback_arg = arg;
2208 }
2209
SSL_set_msg_callback(SSL * ssl,void (* cb)(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg))2210 void SSL_set_msg_callback(SSL *ssl,
2211 void (*cb)(int write_p, int version, int content_type,
2212 const void *buf, size_t len, SSL *ssl,
2213 void *arg)) {
2214 ssl->msg_callback = cb;
2215 }
2216
SSL_set_msg_callback_arg(SSL * ssl,void * arg)2217 void SSL_set_msg_callback_arg(SSL *ssl, void *arg) {
2218 ssl->msg_callback_arg = arg;
2219 }
2220
SSL_CTX_set_keylog_callback(SSL_CTX * ctx,void (* cb)(const SSL * ssl,const char * line))2221 void SSL_CTX_set_keylog_callback(SSL_CTX *ctx,
2222 void (*cb)(const SSL *ssl, const char *line)) {
2223 ctx->keylog_callback = cb;
2224 }
2225
SSL_CTX_get_keylog_callback(const SSL_CTX * ctx)2226 void (*SSL_CTX_get_keylog_callback(const SSL_CTX *ctx))(const SSL *ssl,
2227 const char *line) {
2228 return ctx->keylog_callback;
2229 }
2230
SSL_CTX_set_current_time_cb(SSL_CTX * ctx,void (* cb)(const SSL * ssl,struct timeval * out_clock))2231 void SSL_CTX_set_current_time_cb(SSL_CTX *ctx,
2232 void (*cb)(const SSL *ssl,
2233 struct timeval *out_clock)) {
2234 ctx->current_time_cb = cb;
2235 }
2236
cbb_add_hex(CBB * cbb,const uint8_t * in,size_t in_len)2237 static int cbb_add_hex(CBB *cbb, const uint8_t *in, size_t in_len) {
2238 static const char hextable[] = "0123456789abcdef";
2239 uint8_t *out;
2240
2241 if (!CBB_add_space(cbb, &out, in_len * 2)) {
2242 return 0;
2243 }
2244
2245 for (size_t i = 0; i < in_len; i++) {
2246 *(out++) = (uint8_t)hextable[in[i] >> 4];
2247 *(out++) = (uint8_t)hextable[in[i] & 0xf];
2248 }
2249
2250 return 1;
2251 }
2252
ssl_log_secret(const SSL * ssl,const char * label,const uint8_t * secret,size_t secret_len)2253 int ssl_log_secret(const SSL *ssl, const char *label, const uint8_t *secret,
2254 size_t secret_len) {
2255 if (ssl->ctx->keylog_callback == NULL) {
2256 return 1;
2257 }
2258
2259 CBB cbb;
2260 uint8_t *out;
2261 size_t out_len;
2262 if (!CBB_init(&cbb, strlen(label) + 1 + SSL3_RANDOM_SIZE * 2 + 1 +
2263 secret_len * 2 + 1) ||
2264 !CBB_add_bytes(&cbb, (const uint8_t *)label, strlen(label)) ||
2265 !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) ||
2266 !cbb_add_hex(&cbb, ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
2267 !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) ||
2268 !cbb_add_hex(&cbb, secret, secret_len) ||
2269 !CBB_add_u8(&cbb, 0 /* NUL */) ||
2270 !CBB_finish(&cbb, &out, &out_len)) {
2271 CBB_cleanup(&cbb);
2272 return 0;
2273 }
2274
2275 ssl->ctx->keylog_callback(ssl, (const char *)out);
2276 OPENSSL_free(out);
2277 return 1;
2278 }
2279
SSL_is_init_finished(const SSL * ssl)2280 int SSL_is_init_finished(const SSL *ssl) {
2281 return !SSL_in_init(ssl);
2282 }
2283
SSL_in_init(const SSL * ssl)2284 int SSL_in_init(const SSL *ssl) {
2285 SSL_HANDSHAKE *hs = ssl->s3->hs;
2286 return hs != NULL && hs->state != SSL_ST_OK;
2287 }
2288
SSL_in_false_start(const SSL * ssl)2289 int SSL_in_false_start(const SSL *ssl) {
2290 if (ssl->s3->hs == NULL) {
2291 return 0;
2292 }
2293 return ssl->s3->hs->in_false_start;
2294 }
2295
SSL_cutthrough_complete(const SSL * ssl)2296 int SSL_cutthrough_complete(const SSL *ssl) {
2297 return SSL_in_false_start(ssl);
2298 }
2299
SSL_get_structure_sizes(size_t * ssl_size,size_t * ssl_ctx_size,size_t * ssl_session_size)2300 void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size,
2301 size_t *ssl_session_size) {
2302 *ssl_size = sizeof(SSL);
2303 *ssl_ctx_size = sizeof(SSL_CTX);
2304 *ssl_session_size = sizeof(SSL_SESSION);
2305 }
2306
ssl3_can_false_start(const SSL * ssl)2307 int ssl3_can_false_start(const SSL *ssl) {
2308 const SSL_CIPHER *const cipher = SSL_get_current_cipher(ssl);
2309
2310 /* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */
2311 return !SSL_is_dtls(ssl) &&
2312 SSL_version(ssl) == TLS1_2_VERSION &&
2313 (ssl->s3->alpn_selected != NULL ||
2314 ssl->s3->next_proto_negotiated != NULL) &&
2315 cipher != NULL &&
2316 cipher->algorithm_mkey == SSL_kECDHE &&
2317 cipher->algorithm_mac == SSL_AEAD;
2318 }
2319
2320 const struct {
2321 uint16_t version;
2322 uint32_t flag;
2323 } kVersions[] = {
2324 {SSL3_VERSION, SSL_OP_NO_SSLv3},
2325 {TLS1_VERSION, SSL_OP_NO_TLSv1},
2326 {TLS1_1_VERSION, SSL_OP_NO_TLSv1_1},
2327 {TLS1_2_VERSION, SSL_OP_NO_TLSv1_2},
2328 {TLS1_3_VERSION, SSL_OP_NO_TLSv1_3},
2329 };
2330
2331 static const size_t kVersionsLen = OPENSSL_ARRAY_SIZE(kVersions);
2332
ssl_get_version_range(const SSL * ssl,uint16_t * out_min_version,uint16_t * out_max_version)2333 int ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version,
2334 uint16_t *out_max_version) {
2335 /* For historical reasons, |SSL_OP_NO_DTLSv1| aliases |SSL_OP_NO_TLSv1|, but
2336 * DTLS 1.0 should be mapped to TLS 1.1. */
2337 uint32_t options = ssl->options;
2338 if (SSL_is_dtls(ssl)) {
2339 options &= ~SSL_OP_NO_TLSv1_1;
2340 if (options & SSL_OP_NO_DTLSv1) {
2341 options |= SSL_OP_NO_TLSv1_1;
2342 }
2343 }
2344
2345 uint16_t min_version = ssl->min_version;
2346 uint16_t max_version = ssl->max_version;
2347
2348 /* Bound the range to only those implemented in this protocol. */
2349 if (min_version < ssl->method->min_version) {
2350 min_version = ssl->method->min_version;
2351 }
2352 if (max_version > ssl->method->max_version) {
2353 max_version = ssl->method->max_version;
2354 }
2355
2356 /* OpenSSL's API for controlling versions entails blacklisting individual
2357 * protocols. This has two problems. First, on the client, the protocol can
2358 * only express a contiguous range of versions. Second, a library consumer
2359 * trying to set a maximum version cannot disable protocol versions that get
2360 * added in a future version of the library.
2361 *
2362 * To account for both of these, OpenSSL interprets the client-side bitmask
2363 * as a min/max range by picking the lowest contiguous non-empty range of
2364 * enabled protocols. Note that this means it is impossible to set a maximum
2365 * version of the higest supported TLS version in a future-proof way. */
2366 int any_enabled = 0;
2367 for (size_t i = 0; i < kVersionsLen; i++) {
2368 /* Only look at the versions already enabled. */
2369 if (min_version > kVersions[i].version) {
2370 continue;
2371 }
2372 if (max_version < kVersions[i].version) {
2373 break;
2374 }
2375
2376 if (!(options & kVersions[i].flag)) {
2377 /* The minimum version is the first enabled version. */
2378 if (!any_enabled) {
2379 any_enabled = 1;
2380 min_version = kVersions[i].version;
2381 }
2382 continue;
2383 }
2384
2385 /* If there is a disabled version after the first enabled one, all versions
2386 * after it are implicitly disabled. */
2387 if (any_enabled) {
2388 max_version = kVersions[i-1].version;
2389 break;
2390 }
2391 }
2392
2393 if (!any_enabled) {
2394 OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION);
2395 return 0;
2396 }
2397
2398 *out_min_version = min_version;
2399 *out_max_version = max_version;
2400 return 1;
2401 }
2402
ssl3_protocol_version(const SSL * ssl)2403 uint16_t ssl3_protocol_version(const SSL *ssl) {
2404 assert(ssl->s3->have_version);
2405 uint16_t version;
2406 if (!ssl->method->version_from_wire(&version, ssl->version)) {
2407 /* TODO(davidben): Use the internal version representation for ssl->version
2408 * and map to the public API representation at API boundaries. */
2409 assert(0);
2410 return 0;
2411 }
2412
2413 return version;
2414 }
2415
SSL_is_server(const SSL * ssl)2416 int SSL_is_server(const SSL *ssl) { return ssl->server; }
2417
SSL_is_dtls(const SSL * ssl)2418 int SSL_is_dtls(const SSL *ssl) { return ssl->method->is_dtls; }
2419
SSL_CTX_set_select_certificate_cb(SSL_CTX * ctx,enum ssl_select_cert_result_t (* cb)(const SSL_CLIENT_HELLO *))2420 void SSL_CTX_set_select_certificate_cb(
2421 SSL_CTX *ctx,
2422 enum ssl_select_cert_result_t (*cb)(const SSL_CLIENT_HELLO *)) {
2423 ctx->select_certificate_cb = cb;
2424 }
2425
SSL_CTX_set_dos_protection_cb(SSL_CTX * ctx,int (* cb)(const SSL_CLIENT_HELLO *))2426 void SSL_CTX_set_dos_protection_cb(SSL_CTX *ctx,
2427 int (*cb)(const SSL_CLIENT_HELLO *)) {
2428 ctx->dos_protection_cb = cb;
2429 }
2430
SSL_set_renegotiate_mode(SSL * ssl,enum ssl_renegotiate_mode_t mode)2431 void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) {
2432 ssl->renegotiate_mode = mode;
2433 }
2434
SSL_get_ivs(const SSL * ssl,const uint8_t ** out_read_iv,const uint8_t ** out_write_iv,size_t * out_iv_len)2435 int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
2436 const uint8_t **out_write_iv, size_t *out_iv_len) {
2437 if (ssl->s3->aead_read_ctx == NULL || ssl->s3->aead_write_ctx == NULL) {
2438 return 0;
2439 }
2440
2441 size_t write_iv_len;
2442 if (!EVP_AEAD_CTX_get_iv(&ssl->s3->aead_read_ctx->ctx, out_read_iv,
2443 out_iv_len) ||
2444 !EVP_AEAD_CTX_get_iv(&ssl->s3->aead_write_ctx->ctx, out_write_iv,
2445 &write_iv_len) ||
2446 *out_iv_len != write_iv_len) {
2447 return 0;
2448 }
2449
2450 return 1;
2451 }
2452
be_to_u64(const uint8_t in[8])2453 static uint64_t be_to_u64(const uint8_t in[8]) {
2454 return (((uint64_t)in[0]) << 56) | (((uint64_t)in[1]) << 48) |
2455 (((uint64_t)in[2]) << 40) | (((uint64_t)in[3]) << 32) |
2456 (((uint64_t)in[4]) << 24) | (((uint64_t)in[5]) << 16) |
2457 (((uint64_t)in[6]) << 8) | ((uint64_t)in[7]);
2458 }
2459
SSL_get_read_sequence(const SSL * ssl)2460 uint64_t SSL_get_read_sequence(const SSL *ssl) {
2461 /* TODO(davidben): Internally represent sequence numbers as uint64_t. */
2462 if (SSL_is_dtls(ssl)) {
2463 /* max_seq_num already includes the epoch. */
2464 assert(ssl->d1->r_epoch == (ssl->d1->bitmap.max_seq_num >> 48));
2465 return ssl->d1->bitmap.max_seq_num;
2466 }
2467 return be_to_u64(ssl->s3->read_sequence);
2468 }
2469
SSL_get_write_sequence(const SSL * ssl)2470 uint64_t SSL_get_write_sequence(const SSL *ssl) {
2471 uint64_t ret = be_to_u64(ssl->s3->write_sequence);
2472 if (SSL_is_dtls(ssl)) {
2473 assert((ret >> 48) == 0);
2474 ret |= ((uint64_t)ssl->d1->w_epoch) << 48;
2475 }
2476 return ret;
2477 }
2478
SSL_get_peer_signature_algorithm(const SSL * ssl)2479 uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl) {
2480 /* TODO(davidben): This checks the wrong session if there is a renegotiation
2481 * in progress. */
2482 SSL_SESSION *session = SSL_get_session(ssl);
2483 if (session == NULL) {
2484 return 0;
2485 }
2486
2487 return session->peer_signature_algorithm;
2488 }
2489
SSL_get_client_random(const SSL * ssl,uint8_t * out,size_t max_out)2490 size_t SSL_get_client_random(const SSL *ssl, uint8_t *out, size_t max_out) {
2491 if (max_out == 0) {
2492 return sizeof(ssl->s3->client_random);
2493 }
2494 if (max_out > sizeof(ssl->s3->client_random)) {
2495 max_out = sizeof(ssl->s3->client_random);
2496 }
2497 OPENSSL_memcpy(out, ssl->s3->client_random, max_out);
2498 return max_out;
2499 }
2500
SSL_get_server_random(const SSL * ssl,uint8_t * out,size_t max_out)2501 size_t SSL_get_server_random(const SSL *ssl, uint8_t *out, size_t max_out) {
2502 if (max_out == 0) {
2503 return sizeof(ssl->s3->server_random);
2504 }
2505 if (max_out > sizeof(ssl->s3->server_random)) {
2506 max_out = sizeof(ssl->s3->server_random);
2507 }
2508 OPENSSL_memcpy(out, ssl->s3->server_random, max_out);
2509 return max_out;
2510 }
2511
SSL_get_pending_cipher(const SSL * ssl)2512 const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl) {
2513 SSL_HANDSHAKE *hs = ssl->s3->hs;
2514 if (hs == NULL) {
2515 return NULL;
2516 }
2517 return hs->new_cipher;
2518 }
2519
SSL_set_retain_only_sha256_of_client_certs(SSL * ssl,int enabled)2520 void SSL_set_retain_only_sha256_of_client_certs(SSL *ssl, int enabled) {
2521 ssl->retain_only_sha256_of_client_certs = !!enabled;
2522 }
2523
SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX * ctx,int enabled)2524 void SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX *ctx, int enabled) {
2525 ctx->retain_only_sha256_of_client_certs = !!enabled;
2526 }
2527
SSL_CTX_set_grease_enabled(SSL_CTX * ctx,int enabled)2528 void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled) {
2529 ctx->grease_enabled = !!enabled;
2530 }
2531
SSL_get_ticket_age_skew(const SSL * ssl)2532 int32_t SSL_get_ticket_age_skew(const SSL *ssl) {
2533 return ssl->s3->ticket_age_skew;
2534 }
2535
SSL_clear(SSL * ssl)2536 int SSL_clear(SSL *ssl) {
2537 /* In OpenSSL, reusing a client |SSL| with |SSL_clear| causes the previously
2538 * established session to be offered the next time around. wpa_supplicant
2539 * depends on this behavior, so emulate it. */
2540 SSL_SESSION *session = NULL;
2541 if (!ssl->server && ssl->s3->established_session != NULL) {
2542 session = ssl->s3->established_session;
2543 SSL_SESSION_up_ref(session);
2544 }
2545
2546 /* TODO(davidben): Some state on |ssl| is reset both in |SSL_new| and
2547 * |SSL_clear| because it is per-connection state rather than configuration
2548 * state. Per-connection state should be on |ssl->s3| and |ssl->d1| so it is
2549 * naturally reset at the right points between |SSL_new|, |SSL_clear|, and
2550 * |ssl3_new|. */
2551
2552 ssl->rwstate = SSL_NOTHING;
2553
2554 BUF_MEM_free(ssl->init_buf);
2555 ssl->init_buf = NULL;
2556 ssl->init_msg = NULL;
2557 ssl->init_num = 0;
2558
2559 /* The ssl->d1->mtu is simultaneously configuration (preserved across
2560 * clear) and connection-specific state (gets reset).
2561 *
2562 * TODO(davidben): Avoid this. */
2563 unsigned mtu = 0;
2564 if (ssl->d1 != NULL) {
2565 mtu = ssl->d1->mtu;
2566 }
2567
2568 ssl->method->ssl_free(ssl);
2569 if (!ssl->method->ssl_new(ssl)) {
2570 SSL_SESSION_free(session);
2571 return 0;
2572 }
2573
2574 if (SSL_is_dtls(ssl) && (SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
2575 ssl->d1->mtu = mtu;
2576 }
2577
2578 if (session != NULL) {
2579 SSL_set_session(ssl, session);
2580 SSL_SESSION_free(session);
2581 }
2582
2583 return 1;
2584 }
2585
ssl_do_info_callback(const SSL * ssl,int type,int value)2586 void ssl_do_info_callback(const SSL *ssl, int type, int value) {
2587 void (*cb)(const SSL *ssl, int type, int value) = NULL;
2588 if (ssl->info_callback != NULL) {
2589 cb = ssl->info_callback;
2590 } else if (ssl->ctx->info_callback != NULL) {
2591 cb = ssl->ctx->info_callback;
2592 }
2593
2594 if (cb != NULL) {
2595 cb(ssl, type, value);
2596 }
2597 }
2598
ssl_do_msg_callback(SSL * ssl,int is_write,int content_type,const void * buf,size_t len)2599 void ssl_do_msg_callback(SSL *ssl, int is_write, int content_type,
2600 const void *buf, size_t len) {
2601 if (ssl->msg_callback == NULL) {
2602 return;
2603 }
2604
2605 /* |version| is zero when calling for |SSL3_RT_HEADER| and |SSL2_VERSION| for
2606 * a V2ClientHello. */
2607 int version;
2608 switch (content_type) {
2609 case 0:
2610 /* V2ClientHello */
2611 version = SSL2_VERSION;
2612 break;
2613 case SSL3_RT_HEADER:
2614 version = 0;
2615 break;
2616 default:
2617 version = SSL_version(ssl);
2618 }
2619
2620 ssl->msg_callback(is_write, version, content_type, buf, len, ssl,
2621 ssl->msg_callback_arg);
2622 }
2623
SSL_CTX_sess_connect(const SSL_CTX * ctx)2624 int SSL_CTX_sess_connect(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_connect_good(const SSL_CTX * ctx)2625 int SSL_CTX_sess_connect_good(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_connect_renegotiate(const SSL_CTX * ctx)2626 int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_accept(const SSL_CTX * ctx)2627 int SSL_CTX_sess_accept(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_accept_renegotiate(const SSL_CTX * ctx)2628 int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_accept_good(const SSL_CTX * ctx)2629 int SSL_CTX_sess_accept_good(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_hits(const SSL_CTX * ctx)2630 int SSL_CTX_sess_hits(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_cb_hits(const SSL_CTX * ctx)2631 int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_misses(const SSL_CTX * ctx)2632 int SSL_CTX_sess_misses(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_timeouts(const SSL_CTX * ctx)2633 int SSL_CTX_sess_timeouts(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_cache_full(const SSL_CTX * ctx)2634 int SSL_CTX_sess_cache_full(const SSL_CTX *ctx) { return 0; }
2635
SSL_num_renegotiations(const SSL * ssl)2636 int SSL_num_renegotiations(const SSL *ssl) {
2637 return SSL_total_renegotiations(ssl);
2638 }
2639
SSL_CTX_need_tmp_RSA(const SSL_CTX * ctx)2640 int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx) { return 0; }
SSL_need_tmp_RSA(const SSL * ssl)2641 int SSL_need_tmp_RSA(const SSL *ssl) { return 0; }
SSL_CTX_set_tmp_rsa(SSL_CTX * ctx,const RSA * rsa)2642 int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa) { return 1; }
SSL_set_tmp_rsa(SSL * ssl,const RSA * rsa)2643 int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa) { return 1; }
ERR_load_SSL_strings(void)2644 void ERR_load_SSL_strings(void) {}
SSL_load_error_strings(void)2645 void SSL_load_error_strings(void) {}
SSL_cache_hit(SSL * ssl)2646 int SSL_cache_hit(SSL *ssl) { return SSL_session_reused(ssl); }
2647
SSL_CTX_set_tmp_ecdh(SSL_CTX * ctx,const EC_KEY * ec_key)2648 int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key) {
2649 if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
2650 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
2651 return 0;
2652 }
2653 int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
2654 return SSL_CTX_set1_curves(ctx, &nid, 1);
2655 }
2656
SSL_set_tmp_ecdh(SSL * ssl,const EC_KEY * ec_key)2657 int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) {
2658 if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
2659 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
2660 return 0;
2661 }
2662 int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
2663 return SSL_set1_curves(ssl, &nid, 1);
2664 }
2665
ssl_get_current_time(const SSL * ssl,struct OPENSSL_timeval * out_clock)2666 void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock) {
2667 if (ssl->ctx->current_time_cb != NULL) {
2668 /* TODO(davidben): Update current_time_cb to use OPENSSL_timeval. See
2669 * https://crbug.com/boringssl/155. */
2670 struct timeval clock;
2671 ssl->ctx->current_time_cb(ssl, &clock);
2672 if (clock.tv_sec < 0) {
2673 assert(0);
2674 out_clock->tv_sec = 0;
2675 out_clock->tv_usec = 0;
2676 } else {
2677 out_clock->tv_sec = (uint64_t)clock.tv_sec;
2678 out_clock->tv_usec = (uint32_t)clock.tv_usec;
2679 }
2680 return;
2681 }
2682
2683 #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
2684 out_clock->tv_sec = 1234;
2685 out_clock->tv_usec = 1234;
2686 #elif defined(OPENSSL_WINDOWS)
2687 struct _timeb time;
2688 _ftime(&time);
2689 if (time.time < 0) {
2690 assert(0);
2691 out_clock->tv_sec = 0;
2692 out_clock->tv_usec = 0;
2693 } else {
2694 out_clock->tv_sec = time.time;
2695 out_clock->tv_usec = time.millitm * 1000;
2696 }
2697 #else
2698 struct timeval clock;
2699 gettimeofday(&clock, NULL);
2700 if (clock.tv_sec < 0) {
2701 assert(0);
2702 out_clock->tv_sec = 0;
2703 out_clock->tv_usec = 0;
2704 } else {
2705 out_clock->tv_sec = (uint64_t)clock.tv_sec;
2706 out_clock->tv_usec = (uint32_t)clock.tv_usec;
2707 }
2708 #endif
2709 }
2710
SSL_CTX_set_min_version(SSL_CTX * ctx,uint16_t version)2711 int SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version) {
2712 return SSL_CTX_set_min_proto_version(ctx, version);
2713 }
2714
SSL_CTX_set_max_version(SSL_CTX * ctx,uint16_t version)2715 int SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version) {
2716 return SSL_CTX_set_max_proto_version(ctx, version);
2717 }
2718
SSL_set_min_version(SSL * ssl,uint16_t version)2719 int SSL_set_min_version(SSL *ssl, uint16_t version) {
2720 return SSL_set_min_proto_version(ssl, version);
2721 }
2722
SSL_set_max_version(SSL * ssl,uint16_t version)2723 int SSL_set_max_version(SSL *ssl, uint16_t version) {
2724 return SSL_set_max_proto_version(ssl, version);
2725 }
2726
SSL_CTX_set_ticket_aead_method(SSL_CTX * ctx,const SSL_TICKET_AEAD_METHOD * aead_method)2727 void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx,
2728 const SSL_TICKET_AEAD_METHOD *aead_method) {
2729 ctx->ticket_aead_method = aead_method;
2730 }
2731